openstack/openstack-ansible
Code Issues Proposed changes

Ensure that gnocchi uses keystone authentication

Browse Source 
The upstream default implementation of gnocchi is not
to use keystone authentication, but a preferred deployment
configuration in enterprise environments is to ensure that
keystone authentication is configured.

This patch ensures that keystone auth is enabled if keystone
is implemented in the environment.

Closes-Bug: 1622251
Depends-On: Ic41cf161af1d59e5b0f4b71c0d698cd7348c962c
Change-Id: Iaac6174f5588856a594ca646ed869d637c04d95a
This commit is contained in:
Jesse Pretorius 2016-09-13 18:36:40 +01:00 committed by Kevin Carter (cloudnull)
parent ecd9c097c1
commit cc250b78ac
2 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
playbooks/inventory/group_vars/gnocchi_all.yml
View File

@ -23,3 +23,7 @@ gnocchi_service_region: "{{ service_region }}"
# Ensure that the package state matches the global setting
gnocchi_package_state: "{{ package_state }}"
# Ensure that keystone authentication is enabled for gnocchi
gnocchi_keystone_auth: "{{ (groups['keystone_all'] is defined) and (groups['keystone_all'] | length > 0) }}"

1
scripts/sources-branch-updater.sh
View File

@ -113,6 +113,7 @@ for repo in $(grep 'git_repo\:' ${SERVICE_FILE}); do
# Tweak the paste files
find ${os_repo_tmp_path}/etc -name "*[_-]paste.ini" -exec \
sed -i.bak "s|hmac_keys = SECRET_KEY|hmac_keys = {{ ${repo_name}_profiler_hmac_key }}|" {} \;
sed -i.bak "s|pipeline = gnocchi+noauth|pipeline = {{ (gnocchi_keystone_auth | bool) | ternary('gnocchi+noauth', 'gnocchi+auth') }}|" {} \;
# Update the paste files
find ${os_repo_tmp_path}/etc -name "*[_-]paste.ini" -exec \