Enable all services to use Keystone 'insecurely'
This patch introduces an insecure flag for the Keystone internal and admin endpoints: * keystone_service_adminuri_insecure * keystone_service_internaluri_insecure Both values default to false. If you have setup SSL endpoints for Keystone using an untrusted certificate then you should set the appropriate flag to true in your user_variables. This patch is used to enable testing and development with Keystone SSL endpoints without having to make use of SSL certificates signed by a trusted, public CA. The patch introduces a new optional argument (insecure) to the keystone, glance and neutron Ansible libraries. This is a boolean value which, when true, enables these libraries to access Keystone endpoints 'insecurely'. When these libraries are used in plays, the appropriate value is set automatically as per the above conditions. Implements: blueprint keystone-federation Change-Id: Ia07e7e201f901042dd06a86efe5c6f6725e9ce13
This commit is contained in:
Jesse Pretorius
parent
c1c7ffc1c7
commit
4341b79b3a
|
|
@ -144,6 +144,8 @@ keystone_service_adminurl_v3: "{{ keystone_service_adminuri_v3 }}/v3"
|
|||
keystone_cache_backend_argument: "url:{% for host in groups['memcached'] %}{{ hostvars[host]['container_address'] }}{% if not loop.last %},{% endif %}{% endfor %}:{{ memcached_port }}"
|
||||
keystone_memcached_servers: "{% for host in groups['keystone_all'] %}{{ hostvars[host]['container_address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}"
|
||||
keystone_service_region: "{{ service_region }}"
|
||||
keystone_service_adminuri_insecure: false
|
||||
keystone_service_internaluri_insecure: false
|
||||
|
||||
|
||||
## Horizon
|
||||
|
|
|
|||
|
|
@ -53,8 +53,16 @@ options:
|
|||
description:
|
||||
- which version of the glance api to use
|
||||
choices:
|
||||
- 1 (default)
|
||||
- 1
|
||||
- 2
|
||||
default: 1
|
||||
insecure:
|
||||
description:
|
||||
- Explicitly allow client to perform "insecure" TLS
|
||||
choices:
|
||||
- false
|
||||
- true
|
||||
default: false
|
||||
author: Hugh Saunders
|
||||
"""
|
||||
|
||||
|
|
@ -114,7 +122,9 @@ class ManageGlance(object):
|
|||
def _keystone_authenticate(self):
|
||||
"""Authenticate with Keystone."""
|
||||
openrc = self._parse_openrc()
|
||||
self.keystone = ksclient.Client(username=openrc['OS_USERNAME'],
|
||||
insecure = self.module.params['insecure']
|
||||
self.keystone = ksclient.Client(insecure=insecure,
|
||||
username=openrc['OS_USERNAME'],
|
||||
password=openrc['OS_PASSWORD'],
|
||||
tenant_name=openrc['OS_TENANT_NAME'],
|
||||
auth_url=openrc['OS_AUTH_URL'])
|
||||
|
|
@ -209,7 +219,9 @@ def main():
|
|||
image_container_format=dict(required=False),
|
||||
image_disk_format=dict(required=False),
|
||||
image_is_public=dict(required=False, choices=BOOLEANS),
|
||||
api_version=dict(default='1', required=False, choices=['1', '2'])
|
||||
api_version=dict(default='1', required=False, choices=['1', '2']),
|
||||
insecure=dict(default=False, required=False,
|
||||
choices=BOOLEANS + ['True', 'False'])
|
||||
),
|
||||
supports_check_mode=False
|
||||
)
|
||||
|
|
|
|||
|
|
@ -121,6 +121,13 @@ options:
|
|||
'ensure_endpoint', 'ensure_role', 'ensure_user',
|
||||
'ensure_user_role', 'ensure_tenant']
|
||||
required: true
|
||||
insecure:
|
||||
description:
|
||||
- Explicitly allow client to perform "insecure" TLS
|
||||
choices:
|
||||
- false
|
||||
- true
|
||||
default: false
|
||||
requirements: [ python-keystoneclient ]
|
||||
author: Kevin Carter
|
||||
"""
|
||||
|
|
@ -357,7 +364,8 @@ class ManageKeystone(object):
|
|||
'login_user',
|
||||
'login_password',
|
||||
'login_tenant_name',
|
||||
'token'
|
||||
'token',
|
||||
'insecure'
|
||||
]
|
||||
variables_dict = self._get_vars(variables, required=required_vars)
|
||||
|
||||
|
|
@ -366,6 +374,7 @@ class ManageKeystone(object):
|
|||
login_password = variables_dict.pop('login_password')
|
||||
login_tenant_name = variables_dict.pop('login_tenant_name')
|
||||
token = variables_dict.pop('token')
|
||||
insecure = variables_dict.pop('insecure')
|
||||
|
||||
if token is None:
|
||||
if login_tenant_name is None:
|
||||
|
|
@ -386,9 +395,14 @@ class ManageKeystone(object):
|
|||
)
|
||||
|
||||
if token:
|
||||
self.keystone = client.Client(endpoint=endpoint, token=token)
|
||||
self.keystone = client.Client(
|
||||
insecure=insecure,
|
||||
endpoint=endpoint,
|
||||
token=token
|
||||
)
|
||||
else:
|
||||
self.keystone = client.Client(
|
||||
insecure=insecure,
|
||||
auth_url=endpoint,
|
||||
username=login_user,
|
||||
password=login_password,
|
||||
|
|
@ -797,6 +811,11 @@ def main():
|
|||
required=True,
|
||||
choices=COMMAND_MAP.keys()
|
||||
),
|
||||
insecure=dict(
|
||||
default=False,
|
||||
required=False,
|
||||
choices=BOOLEANS + ['True', 'False']
|
||||
),
|
||||
return_code=dict(
|
||||
type='str',
|
||||
default='0'
|
||||
|
|
|
|||
|
|
@ -58,9 +58,16 @@ options:
|
|||
router_external:
|
||||
description:
|
||||
- Specify router:external' when creating network
|
||||
external_gateway_info
|
||||
external_gateway_info:
|
||||
description:
|
||||
- Specify external_gateway_info when creating router
|
||||
insecure:
|
||||
description:
|
||||
- Explicitly allow client to perform "insecure" TLS
|
||||
choices:
|
||||
- false
|
||||
- true
|
||||
default: false
|
||||
author: Hugh Saunders
|
||||
"""
|
||||
|
||||
|
|
@ -247,7 +254,9 @@ class ManageNeutron(object):
|
|||
def _keystone_authenticate(self):
|
||||
"""Authenticate with Keystone."""
|
||||
openrc = self._parse_openrc()
|
||||
self.keystone = ksclient.Client(username=openrc['OS_USERNAME'],
|
||||
insecure = self.module.params['insecure']
|
||||
self.keystone = ksclient.Client(insecure=insecure,
|
||||
username=openrc['OS_USERNAME'],
|
||||
password=openrc['OS_PASSWORD'],
|
||||
tenant_name=openrc['OS_TENANT_NAME'],
|
||||
auth_url=openrc['OS_AUTH_URL'])
|
||||
|
|
@ -396,7 +405,9 @@ def main():
|
|||
router_external=dict(required=False),
|
||||
router_name=dict(required=False),
|
||||
external_gateway_info=dict(required=False),
|
||||
tenant_id=dict(required=False)
|
||||
tenant_id=dict(required=False),
|
||||
insecure=dict(default=False, required=False,
|
||||
choices=BOOLEANS + ['True', 'False'])
|
||||
),
|
||||
supports_check_mode=False
|
||||
)
|
||||
|
|
|
|||
|
|
@ -23,6 +23,9 @@ openrc_os_username: admin
|
|||
openrc_os_tenant_name: admin
|
||||
openrc_os_auth_url: "http://127.0.0.1:5000"
|
||||
|
||||
## Deliberately allow access to SSL endpoints with bad certificates
|
||||
openrc_insecure: "{{ (keystone_service_adminuri_insecure | bool or keystone_service_internaluri_insecure | bool) | default(false) }}"
|
||||
|
||||
## Create file
|
||||
openrc_file_dest: "{{ ansible_env.HOME }}/openrc"
|
||||
openrc_file_owner: "{{ ansible_user_id }}"
|
||||
|
|
|
|||
|
|
@ -13,3 +13,15 @@ export OS_PASSWORD={{ openrc_os_password }}
|
|||
export OS_TENANT_NAME={{ openrc_os_tenant_name }}
|
||||
export OS_AUTH_URL={{ openrc_os_auth_url }}
|
||||
export OS_NO_CACHE=1
|
||||
|
||||
{% if openrc_insecure | bool %}
|
||||
# Convenience Aliases for Self-Signed Certs
|
||||
alias cinder='cinder --insecure'
|
||||
alias glance='glance --insecure'
|
||||
alias heat='heat --insecure'
|
||||
alias keystone='keystone --insecure'
|
||||
alias neutron='neutron --insecure'
|
||||
alias nova='nova --insecure'
|
||||
alias openstack='openstack --insecure'
|
||||
alias swift='swift --insecure'
|
||||
{% endif %}
|
||||
|
|
|
|||
|
|
@ -22,6 +22,7 @@
|
|||
service_name: "{{ service_name }}"
|
||||
service_type: "{{ service_type }}"
|
||||
description: "{{ service_description }}"
|
||||
insecure: "{{ keystone_service_adminuri_insecure }}"
|
||||
register: add_service
|
||||
until: add_service|success
|
||||
retries: 5
|
||||
|
|
@ -40,6 +41,7 @@
|
|||
user_name: "{{ service_user_name }}"
|
||||
tenant_name: "{{ service_tenant_name }}"
|
||||
password: "{{ service_password }}"
|
||||
insecure: "{{ keystone_service_adminuri_insecure }}"
|
||||
register: add_service
|
||||
until: add_service|success
|
||||
retries: 5
|
||||
|
|
@ -58,6 +60,7 @@
|
|||
user_name: "{{ service_user_name }}"
|
||||
tenant_name: "{{ service_tenant_name }}"
|
||||
role_name: "{{ role_name }}"
|
||||
insecure: "{{ keystone_service_adminuri_insecure }}"
|
||||
register: add_service
|
||||
until: add_service|success
|
||||
retries: 5
|
||||
|
|
@ -79,6 +82,7 @@
|
|||
publicurl: "{{ service_publicurl }}"
|
||||
adminurl: "{{ service_internalurl }}"
|
||||
internalurl: "{{ service_adminurl }}"
|
||||
insecure: "{{ keystone_service_adminuri_insecure }}"
|
||||
register: add_service
|
||||
until: add_service|success
|
||||
retries: 5
|
||||
|
|
|
|||
|
|
@ -111,6 +111,7 @@ profiler_enabled = {{ cinder_profiler_enabled }}
|
|||
trace_sqlalchemy = {{ cinder_profiler_trace_sqlalchemy }}
|
||||
|
||||
[keystone_authtoken]
|
||||
insecure = {{ keystone_service_internaluri_insecure | bool }}
|
||||
auth_plugin = {{ cinder_keystone_auth_plugin }}
|
||||
signing_dir = /var/cache/cinder
|
||||
auth_url = {{ keystone_service_adminuri }}
|
||||
|
|
|
|||
|
|
@ -22,6 +22,7 @@
|
|||
service_name: "{{ glance_service_name }}"
|
||||
service_type: "{{ glance_service_type }}"
|
||||
description: "{{ glance_service_description }}"
|
||||
insecure: "{{ keystone_service_adminuri_insecure }}"
|
||||
register: add_service
|
||||
until: add_service|success
|
||||
retries: 5
|
||||
|
|
@ -40,6 +41,7 @@
|
|||
user_name: "{{ glance_service_user_name }}"
|
||||
tenant_name: "{{ glance_service_project_name }}"
|
||||
password: "{{ glance_service_password }}"
|
||||
insecure: "{{ keystone_service_adminuri_insecure }}"
|
||||
register: add_service
|
||||
until: add_service|success
|
||||
retries: 5
|
||||
|
|
@ -58,6 +60,7 @@
|
|||
user_name: "{{ glance_service_user_name }}"
|
||||
tenant_name: "{{ glance_service_project_name }}"
|
||||
role_name: "{{ glance_role_name }}"
|
||||
insecure: "{{ keystone_service_adminuri_insecure }}"
|
||||
register: add_service
|
||||
until: add_service|success
|
||||
retries: 5
|
||||
|
|
@ -79,6 +82,7 @@
|
|||
publicurl: "{{ glance_service_publicurl }}"
|
||||
adminurl: "{{ glance_service_internalurl }}"
|
||||
internalurl: "{{ glance_service_adminurl }}"
|
||||
insecure: "{{ keystone_service_adminuri_insecure }}"
|
||||
register: add_service
|
||||
until: add_service|success
|
||||
retries: 5
|
||||
|
|
|
|||
|
|
@ -51,6 +51,7 @@ task_executor = {{ glance_task_executor }}
|
|||
connection = mysql://{{ glance_galera_user }}:{{ glance_container_mysql_password }}@{{ glance_galera_address }}/{{ glance_galera_database }}?charset=utf8
|
||||
|
||||
[keystone_authtoken]
|
||||
insecure = {{ keystone_service_internaluri_insecure | bool }}
|
||||
auth_plugin = {{ glance_keystone_auth_plugin }}
|
||||
signing_dir = {{ glance_system_user_home }}/cache/api
|
||||
auth_url = {{ keystone_service_adminuri }}
|
||||
|
|
|
|||
|
|
@ -21,6 +21,7 @@ limit_param_default = 25
|
|||
connection = mysql://{{ glance_galera_user }}:{{ glance_container_mysql_password }}@{{ glance_galera_address }}/{{ glance_galera_database }}?charset=utf8
|
||||
|
||||
[keystone_authtoken]
|
||||
insecure = {{ keystone_service_internaluri_insecure | bool }}
|
||||
auth_plugin = {{ glance_keystone_auth_plugin }}
|
||||
signing_dir = {{ glance_system_user_home }}/cache/registry/
|
||||
auth_url = {{ keystone_service_adminuri }}
|
||||
|
|
|
|||
|
|
@ -22,6 +22,7 @@
|
|||
service_name: "{{ service_name }}"
|
||||
service_type: "{{ service_type }}"
|
||||
description: "{{ service_description }}"
|
||||
insecure: "{{ keystone_service_adminuri_insecure }}"
|
||||
register: add_service
|
||||
until: add_service|success
|
||||
retries: 5
|
||||
|
|
@ -40,6 +41,7 @@
|
|||
user_name: "{{ service_user_name }}"
|
||||
tenant_name: "{{ service_tenant_name }}"
|
||||
password: "{{ service_password }}"
|
||||
insecure: "{{ keystone_service_adminuri_insecure }}"
|
||||
register: add_service
|
||||
until: add_service|success
|
||||
retries: 5
|
||||
|
|
@ -58,6 +60,7 @@
|
|||
user_name: "{{ service_user_name }}"
|
||||
tenant_name: "{{ service_tenant_name }}"
|
||||
role_name: "{{ role_name }}"
|
||||
insecure: "{{ keystone_service_adminuri_insecure }}"
|
||||
register: add_service
|
||||
until: add_service|success
|
||||
retries: 5
|
||||
|
|
@ -79,6 +82,7 @@
|
|||
publicurl: "{{ service_publicurl }}"
|
||||
internalurl: "{{ service_internalurl }}"
|
||||
adminurl: "{{ service_adminurl }}"
|
||||
insecure: "{{ keystone_service_adminuri_insecure }}"
|
||||
register: add_service
|
||||
until: add_service|success
|
||||
retries: 5
|
||||
|
|
|
|||
|
|
@ -63,6 +63,7 @@ trace_sqlalchemy = {{ heat_profiler_trace_sqlalchemy }}
|
|||
|
||||
|
||||
[keystone_authtoken]
|
||||
insecure = {{ keystone_service_internaluri_insecure | bool }}
|
||||
signing_dir = /var/cache/heat
|
||||
identity_uri = {{ keystone_service_adminuri }}
|
||||
auth_uri = {{ keystone_service_internalurl }}
|
||||
|
|
|
|||
|
|
@ -197,11 +197,7 @@ OPENSTACK_KEYSTONE_DEFAULT_ROLE = "_member_"
|
|||
# ("saml2", _("Security Assertion Markup Language")))
|
||||
|
||||
# Disable SSL certificate checks (useful for self-signed certificates):
|
||||
{% if horizon_self_signed == true %}
|
||||
OPENSTACK_SSL_NO_VERIFY = True
|
||||
{% else %}
|
||||
OPENSTACK_SSL_NO_VERIFY = False
|
||||
{% endif %}
|
||||
OPENSTACK_SSL_NO_VERIFY = {{ keystone_service_internaluri_insecure | bool }}
|
||||
|
||||
{% if horizon_cacert_pem is defined %}
|
||||
# The CA certificate to use to verify SSL connections
|
||||
|
|
|
|||
|
|
@ -50,6 +50,7 @@
|
|||
endpoint: "{{ keystone_service_adminurl }}"
|
||||
tenant_name: "{{ keystone_service_tenant_name }}"
|
||||
description: "{{ keystone_service_description }}"
|
||||
insecure: "{{ keystone_service_adminuri_insecure }}"
|
||||
register: add_service
|
||||
until: add_service|success
|
||||
retries: 5
|
||||
|
|
@ -66,6 +67,7 @@
|
|||
endpoint: "{{ keystone_service_adminurl }}"
|
||||
tenant_name: "{{ keystone_admin_tenant_name }}"
|
||||
description: "{{ keystone_admin_description }}"
|
||||
insecure: "{{ keystone_service_adminuri_insecure }}"
|
||||
register: add_service
|
||||
until: add_service|success
|
||||
retries: 5
|
||||
|
|
@ -83,6 +85,7 @@
|
|||
user_name: "{{ keystone_admin_user_name }}"
|
||||
tenant_name: "{{ keystone_admin_tenant_name }}"
|
||||
password: "{{ keystone_auth_admin_password }}"
|
||||
insecure: "{{ keystone_service_adminuri_insecure }}"
|
||||
register: add_service
|
||||
until: add_service|success
|
||||
retries: 5
|
||||
|
|
@ -98,6 +101,7 @@
|
|||
token: "{{ keystone_auth_admin_token }}"
|
||||
endpoint: "{{ keystone_service_adminurl }}"
|
||||
role_name: "{{ keystone_role_name }}"
|
||||
insecure: "{{ keystone_service_adminuri_insecure }}"
|
||||
register: add_service
|
||||
until: add_service|success
|
||||
retries: 5
|
||||
|
|
@ -115,6 +119,7 @@
|
|||
user_name: "{{ keystone_admin_user_name }}"
|
||||
tenant_name: "{{ keystone_admin_tenant_name }}"
|
||||
role_name: "{{ keystone_role_name }}"
|
||||
insecure: "{{ keystone_service_adminuri_insecure }}"
|
||||
register: add_service
|
||||
until: add_service|success
|
||||
retries: 5
|
||||
|
|
@ -132,6 +137,7 @@
|
|||
service_name: "{{ keystone_service_name }}"
|
||||
service_type: "{{ keystone_service_type }}"
|
||||
description: "{{ keystone_service_description }}"
|
||||
insecure: "{{ keystone_service_adminuri_insecure }}"
|
||||
register: add_service
|
||||
until: add_service|success
|
||||
retries: 5
|
||||
|
|
@ -150,6 +156,7 @@
|
|||
user_name: "{{ keystone_service_user_name }}"
|
||||
tenant_name: "{{ keystone_service_tenant_name }}"
|
||||
password: "{{ keystone_service_password }}"
|
||||
insecure: "{{ keystone_service_adminuri_insecure }}"
|
||||
register: add_service
|
||||
until: add_service|success
|
||||
retries: 5
|
||||
|
|
@ -168,6 +175,7 @@
|
|||
user_name: "{{ keystone_service_user_name }}"
|
||||
tenant_name: "{{ keystone_service_tenant_name }}"
|
||||
role_name: "{{ keystone_role_name }}"
|
||||
insecure: "{{ keystone_service_adminuri_insecure }}"
|
||||
register: add_service
|
||||
until: add_service|success
|
||||
retries: 5
|
||||
|
|
@ -189,6 +197,7 @@
|
|||
publicurl: "{{ keystone_service_publicurl }}"
|
||||
adminurl: "{{ keystone_service_adminurl }}"
|
||||
internalurl: "{{ keystone_service_internalurl }}"
|
||||
insecure: "{{ keystone_service_adminuri_insecure }}"
|
||||
register: add_service
|
||||
until: add_service|success
|
||||
retries: 5
|
||||
|
|
|
|||
|
|
@ -36,7 +36,7 @@
|
|||
# These are used in the Neutron HA Cron job script, and processed in the template.
|
||||
- name: Creating Job Facts
|
||||
set_fact:
|
||||
do_job: ". /root/openrc && /opt/neutron-ha-tool.py --l3-agent-migrate"
|
||||
do_job: ". /root/openrc && /opt/neutron-ha-tool.py {% if keystone_service_internaluri_insecure | bool %}--insecure {% endif %}--l3-agent-migrate"
|
||||
sleep_time: "{{ hashed_name.int_value }}"
|
||||
tags:
|
||||
- neutron-ha-tool
|
||||
|
|
|
|||
|
|
@ -22,6 +22,7 @@
|
|||
service_name: "{{ service_name }}"
|
||||
service_type: "{{ service_type }}"
|
||||
description: "{{ service_description }}"
|
||||
insecure: "{{ keystone_service_adminuri_insecure }}"
|
||||
register: add_service
|
||||
until: add_service|success
|
||||
retries: 5
|
||||
|
|
@ -40,6 +41,7 @@
|
|||
user_name: "{{ service_user_name }}"
|
||||
tenant_name: "{{ service_tenant_name }}"
|
||||
password: "{{ service_password }}"
|
||||
insecure: "{{ keystone_service_adminuri_insecure }}"
|
||||
register: add_service
|
||||
until: add_service|success
|
||||
retries: 5
|
||||
|
|
@ -58,6 +60,7 @@
|
|||
user_name: "{{ service_user_name }}"
|
||||
tenant_name: "{{ service_tenant_name }}"
|
||||
role_name: "{{ role_name }}"
|
||||
insecure: "{{ keystone_service_adminuri_insecure }}"
|
||||
register: add_service
|
||||
until: add_service|success
|
||||
retries: 5
|
||||
|
|
@ -79,6 +82,7 @@
|
|||
publicurl: "{{ service_publicurl }}"
|
||||
adminurl: "{{ service_internalurl }}"
|
||||
internalurl: "{{ service_adminurl }}"
|
||||
insecure: "{{ keystone_service_adminuri_insecure }}"
|
||||
register: add_service
|
||||
until: add_service|success
|
||||
retries: 5
|
||||
|
|
|
|||
|
|
@ -94,6 +94,7 @@ root_helper = sudo /usr/local/bin/neutron-rootwrap /etc/neutron/rootwrap.conf
|
|||
|
||||
|
||||
[keystone_authtoken]
|
||||
insecure = {{ keystone_service_internaluri_insecure | bool }}
|
||||
auth_plugin = {{ neutron_keystone_auth_plugin }}
|
||||
signing_dir = /var/cache/neutron
|
||||
auth_url = {{ keystone_service_adminuri }}
|
||||
|
|
|
|||
|
|
@ -22,6 +22,7 @@
|
|||
service_name: "{{ service_name }}"
|
||||
service_type: "{{ service_type }}"
|
||||
description: "{{ service_description }}"
|
||||
insecure: "{{ keystone_service_adminuri_insecure }}"
|
||||
register: add_service
|
||||
until: add_service|success
|
||||
retries: 5
|
||||
|
|
@ -40,6 +41,7 @@
|
|||
user_name: "{{ service_user_name }}"
|
||||
tenant_name: "{{ service_tenant_name }}"
|
||||
password: "{{ service_password }}"
|
||||
insecure: "{{ keystone_service_adminuri_insecure }}"
|
||||
register: add_service
|
||||
until: add_service|success
|
||||
retries: 5
|
||||
|
|
@ -58,6 +60,7 @@
|
|||
user_name: "{{ service_user_name }}"
|
||||
tenant_name: "{{ service_tenant_name }}"
|
||||
role_name: "{{ role_name }}"
|
||||
insecure: "{{ keystone_service_adminuri_insecure }}"
|
||||
register: add_service
|
||||
until: add_service|success
|
||||
retries: 5
|
||||
|
|
@ -79,6 +82,7 @@
|
|||
publicurl: "{{ service_publicurl }}"
|
||||
adminurl: "{{ service_internalurl }}"
|
||||
internalurl: "{{ service_adminurl }}"
|
||||
insecure: "{{ keystone_service_adminuri_insecure }}"
|
||||
register: add_service
|
||||
until: add_service|success
|
||||
retries: 5
|
||||
|
|
|
|||
|
|
@ -157,6 +157,7 @@ enabled = false
|
|||
|
||||
|
||||
[keystone_authtoken]
|
||||
insecure = {{ keystone_service_internaluri_insecure | bool }}
|
||||
auth_plugin = {{ nova_keystone_auth_plugin }}
|
||||
signing_dir = {{ nova_system_home_folder }}/cache/api
|
||||
auth_url = {{ keystone_service_adminuri }}
|
||||
|
|
|
|||
|
|
@ -22,6 +22,7 @@
|
|||
service_name: "{{ swift_service_name }}"
|
||||
service_type: "{{ swift_service_type }}"
|
||||
description: "{{ swift_service_description }}"
|
||||
insecure: "{{ keystone_service_adminuri_insecure }}"
|
||||
register: add_service
|
||||
until: add_service|success
|
||||
retries: 5
|
||||
|
|
@ -40,6 +41,7 @@
|
|||
user_name: "{{ swift_service_user_name }}"
|
||||
tenant_name: "{{ swift_service_project_name }}"
|
||||
password: "{{ swift_service_password }}"
|
||||
insecure: "{{ keystone_service_adminuri_insecure }}"
|
||||
register: add_service
|
||||
until: add_service|success
|
||||
retries: 5
|
||||
|
|
@ -58,6 +60,7 @@
|
|||
user_name: "{{ swift_service_user_name }}"
|
||||
tenant_name: "{{ swift_service_project_name }}"
|
||||
role_name: "{{ swift_service_role_name }}"
|
||||
insecure: "{{ keystone_service_adminuri_insecure }}"
|
||||
register: add_service
|
||||
until: add_service|success
|
||||
retries: 5
|
||||
|
|
@ -73,6 +76,7 @@
|
|||
token: "{{ keystone_auth_admin_token }}"
|
||||
endpoint: "{{ keystone_service_adminurl }}"
|
||||
role_name: "{{ swift_operator_role }}"
|
||||
insecure: "{{ keystone_service_adminuri_insecure }}"
|
||||
register: add_service
|
||||
until: add_service|success
|
||||
retries: 5
|
||||
|
|
@ -90,6 +94,7 @@
|
|||
user_name: "{{ swift_dispersion_user }}"
|
||||
tenant_name: "{{ swift_service_project_name }}"
|
||||
password: "{{ swift_dispersion_password }}"
|
||||
insecure: "{{ keystone_service_adminuri_insecure }}"
|
||||
register: add_service
|
||||
until: add_service|success
|
||||
retries: 5
|
||||
|
|
@ -107,6 +112,7 @@
|
|||
user_name: "{{ swift_dispersion_user }}"
|
||||
tenant_name: "{{ swift_service_project_name }}"
|
||||
role_name: "{{ swift_operator_role }}"
|
||||
insecure: "{{ keystone_service_adminuri_insecure }}"
|
||||
register: add_service
|
||||
until: add_service|success
|
||||
retries: 5
|
||||
|
|
@ -128,6 +134,7 @@
|
|||
publicurl: "{{ swift_service_publicurl }}"
|
||||
adminurl: "{{ swift_service_internalurl }}"
|
||||
internalurl: "{{ swift_service_adminurl }}"
|
||||
insecure: "{{ keystone_service_adminuri_insecure }}"
|
||||
register: add_service
|
||||
until: add_service|success
|
||||
retries: 5
|
||||
|
|
|
|||
|
|
@ -46,6 +46,7 @@ user_test_tester3 = testing3
|
|||
{% elif swift_authtoken_active %}
|
||||
[filter:authtoken]
|
||||
paste.filter_factory = keystonemiddleware.auth_token:filter_factory
|
||||
insecure = {{ keystone_service_internaluri_insecure | bool }}
|
||||
auth_plugin = {{ swift_keystone_auth_plugin }}
|
||||
auth_url = {{ keystone_service_adminuri }}
|
||||
auth_uri = {{ keystone_service_internaluri }}
|
||||
|
|
|
|||
|
|
@ -22,6 +22,7 @@
|
|||
image_container_format: bare
|
||||
image_disk_format: qcow2
|
||||
image_is_public: True
|
||||
insecure: "{{ keystone_service_internaluri_insecure }}"
|
||||
tags:
|
||||
- tempest-setup
|
||||
- tempest-config
|
||||
|
|
@ -40,6 +41,7 @@
|
|||
tenant_name: "{{ item }}"
|
||||
description: "{{ item }} Tenant"
|
||||
endpoint: "{{ keystone_service_adminurl }}"
|
||||
insecure: "{{ keystone_service_adminuri_insecure }}"
|
||||
register: add_service
|
||||
until: add_service|success
|
||||
retries: 5
|
||||
|
|
@ -59,6 +61,7 @@
|
|||
password: "{{ item }}"
|
||||
description: "{{ item }} User"
|
||||
endpoint: "{{ keystone_service_adminurl }}"
|
||||
insecure: "{{ keystone_service_adminuri_insecure }}"
|
||||
register: add_service
|
||||
until: add_service|success
|
||||
retries: 5
|
||||
|
|
@ -77,6 +80,7 @@
|
|||
user_name: "{{ item }}"
|
||||
role_name: heat_stack_owner
|
||||
endpoint: "{{ keystone_service_adminurl }}"
|
||||
insecure: "{{ keystone_service_adminuri_insecure }}"
|
||||
register: add_service
|
||||
until: add_service|success
|
||||
retries: 5
|
||||
|
|
@ -93,6 +97,7 @@
|
|||
token: "{{ keystone_auth_admin_token }}"
|
||||
endpoint: "{{ keystone_service_adminurl }}"
|
||||
role_name: "reseller_admin"
|
||||
insecure: "{{ keystone_service_adminuri_insecure }}"
|
||||
register: add_service
|
||||
until: add_service|success
|
||||
retries: 5
|
||||
|
|
@ -106,6 +111,7 @@
|
|||
token: "{{ keystone_auth_admin_token }}"
|
||||
role_name: remote_image
|
||||
endpoint: "{{ keystone_service_adminurl }}"
|
||||
insecure: "{{ keystone_service_adminuri_insecure }}"
|
||||
register: add_service
|
||||
until: add_service|success
|
||||
retries: 5
|
||||
|
|
@ -119,6 +125,7 @@
|
|||
token: "{{ keystone_auth_admin_token }}"
|
||||
tenant_name: demo
|
||||
endpoint: "{{ keystone_service_adminurl }}"
|
||||
insecure: "{{ keystone_service_adminuri_insecure }}"
|
||||
register: add_service
|
||||
until: add_service|success
|
||||
retries: 5
|
||||
|
|
@ -140,6 +147,7 @@
|
|||
openrc_path: /root/openrc
|
||||
net_name: private
|
||||
tenant_id: "{{ keystone_demo_tenant_id }}"
|
||||
insecure: "{{ keystone_service_internaluri_insecure }}"
|
||||
tags:
|
||||
- tempest-setup
|
||||
- tempest-config
|
||||
|
|
@ -159,6 +167,7 @@
|
|||
provider_network_type: flat
|
||||
provider_physical_network: flat
|
||||
router_external: true
|
||||
insecure: "{{ keystone_service_internaluri_insecure }}"
|
||||
tags:
|
||||
- tempest-setup
|
||||
- tempest-config
|
||||
|
|
@ -178,6 +187,7 @@
|
|||
subnet_name: private-subnet
|
||||
cidr: "{{ tempest_private_subnet_cidr }}"
|
||||
tenant_id: "{{ keystone_demo_tenant_id }}"
|
||||
insecure: "{{ keystone_service_internaluri_insecure }}"
|
||||
tags:
|
||||
- tempest-setup
|
||||
|
||||
|
|
@ -188,6 +198,7 @@
|
|||
net_name: public
|
||||
subnet_name: public-subnet
|
||||
cidr: "{{ tempest_public_subnet_cidr }}"
|
||||
insecure: "{{ keystone_service_internaluri_insecure }}"
|
||||
tags:
|
||||
- tempest-setup
|
||||
|
||||
|
|
@ -198,6 +209,7 @@
|
|||
router_name: router
|
||||
external_gateway_info: public
|
||||
tenant_id: "{{ keystone_demo_tenant_id }}"
|
||||
insecure: "{{ keystone_service_internaluri_insecure }}"
|
||||
tags:
|
||||
- tempest-setup
|
||||
|
||||
|
|
@ -207,6 +219,7 @@
|
|||
openrc_path: /root/openrc
|
||||
router_name: router
|
||||
subnet_name: private-subnet
|
||||
insecure: "{{ keystone_service_internaluri_insecure }}"
|
||||
tags:
|
||||
- tempest-setup
|
||||
|
||||
|
|
|
|||
|
|
@ -112,7 +112,7 @@ alt_password = alt_demo
|
|||
alt_username = alt_demo
|
||||
auth_version = v2
|
||||
catalog_type = identity
|
||||
disable_ssl_certificate_validation = false
|
||||
disable_ssl_certificate_validation = {{ keystone_service_internaluri_insecure | bool }}
|
||||
endpoint_type = internalURL
|
||||
password = demo
|
||||
tenant_name = demo
|
||||
|
|
|
|||
Loading…
Reference in New Issue