Merge "Consistently configure authtoken options"

2024-10-04 16:43:11 +00:00 · 2024-10-04 16:43:11 +00:00 · 2dfe0d2463
commit 2dfe0d2463
parent 5419da93b8 2687df4797
13 changed files with 15 additions and 32 deletions
--- a/packstack/puppet/modules/packstack/manifests/aodh.pp
+++ b/packstack/puppet/modules/packstack/manifests/aodh.pp
@ -14,8 +14,9 @@ class packstack::aodh ()
    }

    class { 'aodh::keystone::authtoken':
-      password => lookup('CONFIG_AODH_KS_PW'),
-      auth_url => lookup('CONFIG_KEYSTONE_ADMIN_URL'),
+      password             => lookup('CONFIG_AODH_KS_PW'),
+      www_authenticate_uri => lookup('CONFIG_KEYSTONE_PUBLIC_URL_VERSIONLESS'),
+      auth_url             => lookup('CONFIG_KEYSTONE_ADMIN_URL'),
    }

    class { 'aodh::api':
--- a/packstack/puppet/modules/packstack/manifests/glance.pp
+++ b/packstack/puppet/modules/packstack/manifests/glance.pp
@ -19,7 +19,7 @@ class packstack::glance ()
    }

    class { 'glance::api::authtoken':
-      www_authenticate_uri => lookup('CONFIG_KEYSTONE_PUBLIC_URL'),
+      www_authenticate_uri => lookup('CONFIG_KEYSTONE_PUBLIC_URL_VERSIONLESS'),
      auth_url             => lookup('CONFIG_KEYSTONE_ADMIN_URL'),
      password             => lookup('CONFIG_GLANCE_KS_PW'),
    }
--- a/packstack/puppet/modules/packstack/manifests/gnocchi.pp
+++ b/packstack/puppet/modules/packstack/manifests/gnocchi.pp
@ -28,7 +28,6 @@ class packstack::gnocchi ()
    class { 'gnocchi::keystone::authtoken':
      www_authenticate_uri => lookup('CONFIG_KEYSTONE_PUBLIC_URL'),
      auth_url             => lookup('CONFIG_KEYSTONE_ADMIN_URL'),
-      auth_version         => lookup('CONFIG_KEYSTONE_API_VERSION'),
      password             => lookup('CONFIG_GNOCCHI_KS_PW')
    }

--- a/packstack/puppet/modules/packstack/manifests/heat/rabbitmq.pp
+++ b/packstack/puppet/modules/packstack/manifests/heat/rabbitmq.pp
@ -35,7 +35,7 @@ class packstack::heat::rabbitmq ()
    }
    class { 'heat::keystone::authtoken':
      password             => lookup('CONFIG_HEAT_KS_PW'),
-      www_authenticate_uri => lookup('CONFIG_KEYSTONE_PUBLIC_URL'),
+      www_authenticate_uri => lookup('CONFIG_KEYSTONE_PUBLIC_URL_VERSIONLESS'),
      auth_url             => lookup('CONFIG_KEYSTONE_ADMIN_URL'),
    }

--- a/packstack/puppet/modules/packstack/manifests/ironic.pp
+++ b/packstack/puppet/modules/packstack/manifests/ironic.pp
@ -3,7 +3,8 @@ class packstack::ironic ()
    create_resources(packstack::firewall, lookup('FIREWALL_IRONIC_API_RULES', undef, undef, {}))

    class { 'ironic::api::authtoken':
-      www_authenticate_uri => lookup('CONFIG_KEYSTONE_PUBLIC_URL'),
+      auth_url             => lookup('CONFIG_KEYSTONE_ADMIN_URL'),
+      www_authenticate_uri => lookup('CONFIG_KEYSTONE_PUBLIC_URL_VERSIONLESS'),
      password             => lookup('CONFIG_IRONIC_KS_PW'),
    }

--- a/packstack/puppet/modules/packstack/manifests/keystone/placement.pp
+++ b/packstack/puppet/modules/packstack/manifests/keystone/placement.pp
@ -7,8 +7,6 @@ class packstack::keystone::placement ()

    class { 'placement::keystone::authtoken':
      password             => lookup('CONFIG_NOVA_KS_PW'),
-      user_domain_name     => 'Default',
-      project_domain_name  => 'Default',
      auth_url             => lookup('CONFIG_KEYSTONE_ADMIN_URL'),
      www_authenticate_uri => lookup('CONFIG_KEYSTONE_PUBLIC_URL_VERSIONLESS'),
    }
--- a/packstack/puppet/modules/packstack/manifests/magnum.pp
+++ b/packstack/puppet/modules/packstack/manifests/magnum.pp
@ -12,12 +12,7 @@ class packstack::magnum ()
    class { 'magnum::keystone::authtoken':
      www_authenticate_uri => lookup('CONFIG_KEYSTONE_PUBLIC_URL_VERSIONLESS'),
      auth_url             => lookup('CONFIG_KEYSTONE_ADMIN_URL'),
-      auth_version         => 'v3',
-      username             => 'magnum',
      password             => lookup('CONFIG_MAGNUM_KS_PW'),
-      auth_type            => 'password',
-      memcached_servers    => "${magnum_host}:11211",
-      project_name         => 'services'
    }

    class { 'magnum::keystone::keystone_auth':
--- a/packstack/puppet/modules/packstack/manifests/manila.pp
+++ b/packstack/puppet/modules/packstack/manifests/manila.pp
@ -10,7 +10,8 @@ class packstack::manila ()

    class { 'manila::keystone::authtoken':
      password             => lookup('CONFIG_MANILA_KS_PW'),
-      www_authenticate_uri => lookup('CONFIG_KEYSTONE_PUBLIC_URL'),
+      www_authenticate_uri => lookup('CONFIG_KEYSTONE_PUBLIC_URL_VERSIONLESS'),
+      auth_url             => lookup('CONFIG_KEYSTONE_ADMIN_URL'),
    }

    class { 'manila::api':
--- a/packstack/puppet/modules/packstack/manifests/neutron/api.pp
+++ b/packstack/puppet/modules/packstack/manifests/neutron/api.pp
@ -11,11 +11,9 @@ class packstack::neutron::api ()
    $neutron_vpnaas_enabled  = str2bool(lookup('CONFIG_NEUTRON_VPNAAS'))

    class { 'neutron::keystone::authtoken':
-      username             => 'neutron',
      password             => $neutron_user_password,
      www_authenticate_uri => lookup('CONFIG_KEYSTONE_PUBLIC_URL_VERSIONLESS'),
      auth_url             => lookup('CONFIG_KEYSTONE_ADMIN_URL'),
-      project_name         => 'services',
    }

    class { 'neutron::db':
--- a/packstack/puppet/modules/packstack/manifests/nova/api.pp
+++ b/packstack/puppet/modules/packstack/manifests/nova/api.pp
@ -8,12 +8,11 @@ class packstack::nova::api ()
      # TO-DO(mmagr): Add IPv6 support when hostnames are used
    }

-    $www_authenticate_uri = lookup('CONFIG_KEYSTONE_PUBLIC_URL_VERSIONLESS')
    $admin_password = lookup('CONFIG_NOVA_KS_PW')

    class { 'nova::keystone::authtoken':
      password             => $admin_password,
-      www_authenticate_uri => $www_authenticate_uri,
+      www_authenticate_uri => lookup('CONFIG_KEYSTONE_PUBLIC_URL_VERSIONLESS'),
      auth_url             => lookup('CONFIG_KEYSTONE_ADMIN_URL'),
    }

@ -62,7 +61,7 @@ class packstack::nova::api ()
    }

    class { 'nova::placement':
-      auth_url    => $www_authenticate_uri,
+      auth_url    => lookup('CONFIG_KEYSTONE_ADMIN_URL'),
      password    => $admin_password,
      region_name => lookup('CONFIG_KEYSTONE_REGION'),
    }
--- a/packstack/puppet/modules/packstack/manifests/provision/bridge.pp
+++ b/packstack/puppet/modules/packstack/manifests/provision/bridge.pp
@ -14,14 +14,6 @@ class packstack::provision::bridge ()
      $floating_range_br = lookup('CONFIG_PROVISION_TEMPEST_FLOATRANGE')
    }

-    class { 'neutron::keystone::authtoken':
-      username             => 'neutron',
-      password             => $neutron_user_password,
-      www_authenticate_uri => lookup('CONFIG_KEYSTONE_PUBLIC_URL_VERSIONLESS'),
-      auth_url             => lookup('CONFIG_KEYSTONE_ADMIN_URL'),
-      project_name         => 'services',
-    }
-
    if $provision_neutron_br and $setup_ovs_bridge {
      Neutron_config<||> -> Neutron_l3_ovs_bridge['demo_bridge']
      neutron_l3_ovs_bridge { 'demo_bridge':
--- a/packstack/puppet/modules/packstack/manifests/swift/proxy.pp
+++ b/packstack/puppet/modules/packstack/manifests/swift/proxy.pp
@ -110,11 +110,9 @@ class packstack::swift::proxy ()
    }

    class { 'swift::proxy::authtoken':
-      username             => 'swift',
-      project_name         => 'services',
      password             => lookup('CONFIG_SWIFT_KS_PW'),
      # assume that the controller host is the swift api server
-      www_authenticate_uri => lookup('CONFIG_KEYSTONE_PUBLIC_URL'),
+      www_authenticate_uri => lookup('CONFIG_KEYSTONE_PUBLIC_URL_VERSIONLESS'),
      auth_url             => lookup('CONFIG_KEYSTONE_ADMIN_URL'),
    }

--- a/packstack/puppet/modules/packstack/manifests/trove.pp
+++ b/packstack/puppet/modules/packstack/manifests/trove.pp
@ -9,8 +9,9 @@ class packstack::trove ()
    }

    class { 'trove::keystone::authtoken':
-      password => lookup('CONFIG_TROVE_KS_PW'),
-      auth_url => lookup('CONFIG_KEYSTONE_PUBLIC_URL_VERSIONLESS'),
+      password             => lookup('CONFIG_TROVE_KS_PW'),
+      www_authenticate_uri => lookup('CONFIG_KEYSTONE_PUBLIC_URL_VERSIONLESS'),
+      auth_url             => lookup('CONFIG_KEYSTONE_ADMIN_URL'),
    }

    class { 'trove::logging':