From 47df1633e5718d0ff77879befbe5b9b4c64c384d Mon Sep 17 00:00:00 2001 From: Matthew Kassawara Date: Sat, 4 Apr 2015 09:54:49 -0500 Subject: [PATCH] Update keystone middleware in glance for Kilo Update keystone authentication middleware in glance to support the v3 API in Kilo. Partially implements: blueprint master-kilofication Change-Id: If2427f7e9dc124dc98cf140941623688bde623ed --- playbooks/inventory/group_vars/all.yml | 4 +++- playbooks/roles/os_glance/defaults/main.yml | 7 ++++++- .../os_glance/tasks/glance_service_setup.yml | 4 ++-- .../roles/os_glance/templates/glance-api.conf.j2 | 13 ++++++++----- .../os_glance/templates/glance-registry.conf.j2 | 15 +++++++++------ 5 files changed, 28 insertions(+), 15 deletions(-) diff --git a/playbooks/inventory/group_vars/all.yml b/playbooks/inventory/group_vars/all.yml index 5eecdcc481..023e867e07 100644 --- a/playbooks/inventory/group_vars/all.yml +++ b/playbooks/inventory/group_vars/all.yml @@ -109,7 +109,9 @@ neutron_service_metering_program_enabled: true glance_service_port: 9292 glance_service_proto: http glance_service_user_name: glance -glance_service_tenant_name: service +glance_service_project_name: service +glance_service_project_domain_id: default +glance_service_user_domain_id: default glance_service_adminurl: "{{ glance_service_proto }}://{{ internal_lb_vip_address }}:{{ glance_service_port }}" glance_service_region: RegionOne glance_api_servers: "{% for host in groups['glance_all'] %}{{ hostvars[host]['container_address'] }}:{{ glance_service_port }}{% if not loop.last %},{% endif %}{% endfor %}" diff --git a/playbooks/roles/os_glance/defaults/main.yml b/playbooks/roles/os_glance/defaults/main.yml index c596825366..fe46649af0 100644 --- a/playbooks/roles/os_glance/defaults/main.yml +++ b/playbooks/roles/os_glance/defaults/main.yml @@ -75,7 +75,9 @@ glance_service_proto: http glance_service_type: image glance_service_description: "Glance Image Service" glance_service_user_name: glance -glance_service_tenant_name: service +glance_service_project_name: service +glance_service_project_domain_id: default +glance_service_user_domain_id: default glance_service_publicuri: "{{ glance_service_proto }}://{{ external_lb_vip_address }}:{{ glance_service_port }}" glance_service_publicurl: "{{ glance_service_publicuri }}" glance_service_internaluri: "{{ glance_service_proto }}://{{ internal_lb_vip_address }}:{{ glance_service_port }}" @@ -83,6 +85,9 @@ glance_service_internalurl: "{{ glance_service_internaluri }}" glance_service_adminuri: "{{ glance_service_proto }}://{{ internal_lb_vip_address }}:{{ glance_service_port }}" glance_service_adminurl: "{{ glance_service_adminuri }}" +## Keystone authentication middleware +glance_keystone_auth_plugin: password + ## Glance config glance_image_cache_max_size: 10737418240 diff --git a/playbooks/roles/os_glance/tasks/glance_service_setup.yml b/playbooks/roles/os_glance/tasks/glance_service_setup.yml index 526b7094e1..e0ed4f105d 100644 --- a/playbooks/roles/os_glance/tasks/glance_service_setup.yml +++ b/playbooks/roles/os_glance/tasks/glance_service_setup.yml @@ -38,7 +38,7 @@ token: "{{ keystone_auth_admin_token }}" endpoint: "{{ keystone_service_adminurl }}" user_name: "{{ glance_service_user_name }}" - tenant_name: "{{ glance_service_tenant_name }}" + tenant_name: "{{ glance_service_project_name }}" password: "{{ glance_service_password }}" register: add_service until: add_service|success @@ -56,7 +56,7 @@ token: "{{ keystone_auth_admin_token }}" endpoint: "{{ keystone_service_adminurl }}" user_name: "{{ glance_service_user_name }}" - tenant_name: "{{ glance_service_tenant_name }}" + tenant_name: "{{ glance_service_project_name }}" role_name: "{{ glance_role_name }}" register: add_service until: add_service|success diff --git a/playbooks/roles/os_glance/templates/glance-api.conf.j2 b/playbooks/roles/os_glance/templates/glance-api.conf.j2 index 396335cb38..b7a8ac0539 100644 --- a/playbooks/roles/os_glance/templates/glance-api.conf.j2 +++ b/playbooks/roles/os_glance/templates/glance-api.conf.j2 @@ -52,12 +52,15 @@ task_executor = {{ glance_task_executor }} connection = mysql://{{ glance_galera_user }}:{{ glance_container_mysql_password }}@{{ galera_address }}/{{ glance_galera_database }}?charset=utf8 [keystone_authtoken] +auth_plugin = {{ glance_keystone_auth_plugin }} signing_dir = {{ glance_system_user_home }}/cache/api -identity_uri = {{ keystone_service_adminuri }} -auth_uri = {{ keystone_service_internalurl }} -admin_tenant_name = {{ glance_service_tenant_name }} -admin_user = {{ glance_service_user_name }} -admin_password = {{ glance_service_password }} +auth_url = {{ keystone_service_adminuri }} +auth_uri = {{ keystone_service_internaluri }} +project_domain_id = {{ glance_service_project_domain_id }} +user_domain_id = {{ glance_service_user_domain_id }} +project_name = {{ glance_service_project_name }} +username = {{ glance_service_user_name }} +password = {{ glance_service_password }} memcached_servers = {{ memcached_servers }} diff --git a/playbooks/roles/os_glance/templates/glance-registry.conf.j2 b/playbooks/roles/os_glance/templates/glance-registry.conf.j2 index c9dd6a920f..fdc0a5ea81 100644 --- a/playbooks/roles/os_glance/templates/glance-registry.conf.j2 +++ b/playbooks/roles/os_glance/templates/glance-registry.conf.j2 @@ -21,12 +21,15 @@ limit_param_default = 25 connection = mysql://{{ glance_galera_user }}:{{ glance_container_mysql_password }}@{{ galera_address }}/{{ glance_galera_database }}?charset=utf8 [keystone_authtoken] +auth_plugin = {{ glance_keystone_auth_plugin }} signing_dir = {{ glance_system_user_home }}/cache/registry/ -identity_uri = {{ keystone_service_adminuri }} -auth_uri = {{ keystone_service_internalurl }} -admin_tenant_name = {{ glance_service_tenant_name }} -admin_user = {{ glance_service_user_name }} -admin_password = {{ glance_service_password }} +auth_url = {{ keystone_service_adminuri }} +auth_uri = {{ keystone_service_internaluri }} +project_domain_id = {{ glance_service_project_domain_id }} +user_domain_id = {{ glance_service_user_domain_id }} +project_name = {{ glance_service_project_name }} +username = {{ glance_service_user_name }} +password = {{ glance_service_password }} memcached_servers = {{ memcached_servers }} @@ -49,4 +52,4 @@ policy_dirs = {{ glance_policy_dirs }} flavor = keystone [profiler] -enabled = {{ glance_profiler_enabled }} \ No newline at end of file +enabled = {{ glance_profiler_enabled }}