Set region in authtoken middleware settings
While we can specify keystone region where all keystone resources are created, currently we don't set the specified region correctly in credential configurations used for authtoken middleware. Configure region parameter for authtoken according to the parameter KeystoneRegion so that we're consistent about the region where we expect to have service users created. Change-Id: Icc0ee9a859c2c67cae92339c6b4102946150269f
This commit is contained in:
parent
fe56b682c3
commit
26305fae91
|
@ -107,6 +107,7 @@ outputs:
|
|||
aodh::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
|
||||
aodh::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
|
||||
aodh::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
|
||||
aodh::keystone::authtoken::region_name: {get_param: KeystoneRegion}
|
||||
aodh::auth::auth_password: {get_param: AodhPassword}
|
||||
aodh::auth::auth_region: {get_param: KeystoneRegion}
|
||||
aodh::auth::auth_tenant_name: 'service'
|
||||
|
|
|
@ -216,8 +216,9 @@ outputs:
|
|||
barbican::keystone::authtoken::password: {get_param: BarbicanPassword}
|
||||
barbican::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
barbican::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
barbican::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
barbican::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
barbican::keystone::authtoken::project_name: 'service'
|
||||
barbican::keystone::authtoken::region_name: {get_param: KeystoneRegion}
|
||||
barbican::keystone::notification::enable_keystone_notification: True
|
||||
barbican::keystone::notification::keystone_notification_topic: 'barbican_notifications'
|
||||
barbican::policy::policies: {get_param: BarbicanPolicies}
|
||||
|
|
|
@ -148,6 +148,7 @@ outputs:
|
|||
ceilometer::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
|
||||
ceilometer::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
|
||||
ceilometer::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
|
||||
ceilometer::keystone::authtoken::region_name: {get_param: KeystoneRegion}
|
||||
ceilometer::agent::auth::auth_password: {get_param: CeilometerPassword}
|
||||
ceilometer::agent::auth::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
|
||||
ceilometer::agent::notification::manage_event_pipeline: {get_param: ManageEventPipeline}
|
||||
|
|
|
@ -103,6 +103,7 @@ outputs:
|
|||
designate::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
designate::keystone::authtoken::project_name: 'service'
|
||||
designate::keystone::authtoken::password: {get_param: DesignatePassword}
|
||||
designate::keystone::authtoken::region_name: {get_param: KeystoneRegion}
|
||||
tripleo::profile::base::designate::api::listen_ip:
|
||||
str_replace:
|
||||
template:
|
||||
|
|
|
@ -180,6 +180,7 @@ outputs:
|
|||
gnocchi::keystone::authtoken::project_name: 'service'
|
||||
gnocchi::keystone::authtoken::user_domain_name: 'Default'
|
||||
gnocchi::keystone::authtoken::project_domain_name: 'Default'
|
||||
gnocchi::keystone::authtoken::region_name: {get_param: KeystoneRegion}
|
||||
gnocchi::wsgi::apache::ssl: {get_param: EnableInternalTLS}
|
||||
gnocchi::wsgi::apache::servername:
|
||||
str_replace:
|
||||
|
|
|
@ -133,6 +133,7 @@ outputs:
|
|||
ironic::api::authtoken::username: 'ironic'
|
||||
ironic::api::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
|
||||
ironic::api::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
ironic::api::authtoken::region_name: {get_param: KeystoneRegion }
|
||||
# NOTE: bind IP is found in hiera replacing the network name with the
|
||||
# local node IP for the given network; replacement examples
|
||||
# (eg. for internal_api):
|
||||
|
|
|
@ -256,6 +256,7 @@ outputs:
|
|||
ironic::inspector::authtoken::project_name: 'service'
|
||||
ironic::inspector::authtoken::user_domain_name: 'Default'
|
||||
ironic::inspector::authtoken::project_domain_name: 'Default'
|
||||
ironic::inspector::authtoken::region_name: {get_param: KeystoneRegion}
|
||||
ironic::inspector::cors::allowed_origin: '*'
|
||||
ironic::inspector::cors::max_age: 3600
|
||||
ironic::inspector::cors::allow_methods: 'GET,POST,PUT,DELETE,OPTIONS,PATCH'
|
||||
|
|
|
@ -131,6 +131,7 @@ outputs:
|
|||
manila::keystone::authtoken::project_name: 'service'
|
||||
manila::keystone::authtoken::user_domain_name: 'Default'
|
||||
manila::keystone::authtoken::project_domain_name: 'Default'
|
||||
manila::keystone::authtoken::region_name: {get_param: KeystoneRegion}
|
||||
# NOTE: bind IP is found in hiera replacing the network name with the
|
||||
# local node IP for the given network; replacement examples
|
||||
# (eg. for internal_api):
|
||||
|
|
|
@ -54,6 +54,10 @@ parameters:
|
|||
type: string
|
||||
default: 'messagingv2'
|
||||
description: Driver or drivers to handle sending notifications.
|
||||
KeystoneRegion:
|
||||
type: string
|
||||
default: 'regionOne'
|
||||
description: Keystone region for endpoint
|
||||
|
||||
conditions:
|
||||
service_debug_unset: {equals : [{get_param: MistralDebug}, '']}
|
||||
|
@ -99,6 +103,7 @@ outputs:
|
|||
mistral::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneV3Internal, uri]}
|
||||
mistral::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneV3Internal, uri]}
|
||||
mistral::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
mistral::keystone::authtoken::region_name: {get_param: KeystoneRegion}
|
||||
mistral::keystone_ec2_uri:
|
||||
list_join:
|
||||
- ''
|
||||
|
|
|
@ -133,6 +133,7 @@ outputs:
|
|||
nova::metadata::novajoin::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
nova::metadata::novajoin::authtoken::password: {get_param: NovajoinPassword}
|
||||
nova::metadata::novajoin::authtoken::project_name: 'service'
|
||||
nova::metadata::novajoin::authtoken::region_name: {get_param: KeystoneRegion}
|
||||
nova::metadata::novajoin::policy::policies: {get_param: NovajoinPolicies}
|
||||
service_config_settings:
|
||||
nova_metadata: &nova_vendordata
|
||||
|
|
|
@ -154,6 +154,7 @@ outputs:
|
|||
octavia::keystone::authtoken::password: {get_param: OctaviaPassword}
|
||||
octavia::keystone::authtoken::user_domain_name: 'Default'
|
||||
octavia::keystone::authtoken::project_domain_name: 'Default'
|
||||
octavia::keystone::authtoken::region_name: {get_param: KeystoneRegion}
|
||||
octavia::worker::manage_nova_flavor: {get_param: OctaviaManageNovaFlavor}
|
||||
octavia::worker::nova_flavor_config: {get_param: OctaviaFlavorProperties}
|
||||
octavia::api::sync_db: true
|
||||
|
|
|
@ -63,6 +63,10 @@ parameters:
|
|||
in order to have a sane default for Pacemaker deployments when
|
||||
not configuring this parameter by default.
|
||||
type: comma_delimited_list
|
||||
KeystoneRegion:
|
||||
type: string
|
||||
default: 'regionOne'
|
||||
description: Keystone region for endpoint
|
||||
|
||||
conditions:
|
||||
service_debug_unset: {equals : [{get_param: SaharaDebug}, '']}
|
||||
|
@ -115,3 +119,4 @@ outputs:
|
|||
sahara::keystone::authtoken::project_name: 'service'
|
||||
sahara::keystone::authtoken::user_domain_name: 'Default'
|
||||
sahara::keystone::authtoken::project_domain_name: 'Default'
|
||||
sahara::keystone::authtoken::region_name: {get_param: KeystoneRegion}
|
||||
|
|
|
@ -153,6 +153,7 @@ outputs:
|
|||
zaqar::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
zaqar::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
|
||||
zaqar::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
|
||||
zaqar::keystone::authtoken::region_name: {get_param: KeystoneRegion}
|
||||
zaqar::keystone::trust::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
zaqar::logging::debug:
|
||||
if:
|
||||
|
|
Loading…
Reference in New Issue