Use public endpoint for [keystone_authtoken] www_authenticate_uri
According to the parameter description, www_authenticate_uri should be complete public Identity endpoint, which is accessible by all end users. This change replaces internal endpoint by public endpoint to meet that requirement. Conflicts: deployment/ironic/ironic-conductor-container-puppet.yaml deployment/swift/swift-proxy-container-puppet.yaml Backport note: This change includes commit2b9461e97f
which fixes the remaining usage of internal endpoint. Also, commit02bb4b8aa0
was partially included to remove the following ineffective puppet parameter. neutron::server::placement::www_authenticate_uri (to victoria) Conflicts: deployment/aodh/aodh-api-container-puppet.yaml deployment/experimental/designate/designate-api-container-puppet.yaml deployment/manila/manila-share-container-puppet.yaml Backport note: This backport covers some services like zaqar which were removed in stable/wallaby. (to train) Conflicts: deployment/octavia/octavia-api-container-puppet.yaml Backport note: This backport covers panko and ec2api which were removed in stable/ussuri. The authtoken parameters in ceilometer template are left because these parameters have no effect. These will be removed by a separate commit. Closes-Bug: #1955397 Change-Id: I30165c8ee5aa4b777b73ad89ac709e2c8a375382 (cherry picked from commit160936df13
) (cherry picked from commit58129434ac
) (cherry picked from commit5314c792be
) (cherry picked from commitcc81d668b8
)
This commit is contained in:
parent
df133f2888
commit
27ab145548
|
@ -93,7 +93,7 @@ outputs:
|
|||
aodh::keystone::authtoken::user_domain_name: 'Default'
|
||||
aodh::keystone::authtoken::project_domain_name: 'Default'
|
||||
aodh::keystone::authtoken::password: {get_param: AodhPassword}
|
||||
aodh::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
|
||||
aodh::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix] }
|
||||
aodh::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
|
||||
aodh::keystone::authtoken::region_name: {get_param: KeystoneRegion}
|
||||
aodh::keystone::authtoken::memcache_use_advanced_pool: {get_param: MemcacheUseAdvancedPool}
|
||||
|
|
|
@ -244,7 +244,7 @@ outputs:
|
|||
- get_attr: [BarbicanApiLogging, config_settings]
|
||||
- apache::default_vhost: false
|
||||
barbican::keystone::authtoken::password: {get_param: BarbicanPassword}
|
||||
barbican::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
barbican::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix]}
|
||||
barbican::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
barbican::keystone::authtoken::project_name: 'service'
|
||||
barbican::keystone::authtoken::region_name: {get_param: KeystoneRegion}
|
||||
|
|
|
@ -184,7 +184,7 @@ outputs:
|
|||
- get_attr: [CinderBase, role_data, config_settings]
|
||||
- get_attr: [ApacheServiceBase, role_data, config_settings]
|
||||
- keystone_resources_managed: false
|
||||
- cinder::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
- cinder::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix]}
|
||||
cinder::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
cinder::keystone::authtoken::password: {get_param: CinderPassword}
|
||||
cinder::keystone::authtoken::project_name: 'service'
|
||||
|
|
|
@ -120,7 +120,7 @@ outputs:
|
|||
- 13788
|
||||
ec2api::keystone::authtoken::project_name: 'service'
|
||||
ec2api::keystone::authtoken::password: {get_param: Ec2ApiPassword}
|
||||
ec2api::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
|
||||
ec2api::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix] }
|
||||
ec2api::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
|
||||
ec2api::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
ec2api::policy::policies: {get_param: Ec2ApiPolicies}
|
||||
|
|
|
@ -203,7 +203,7 @@ outputs:
|
|||
panko::keystone::authtoken::user_domain_name: 'Default'
|
||||
panko::keystone::authtoken::project_domain_name: 'Default'
|
||||
panko::keystone::authtoken::password: {get_param: PankoPassword}
|
||||
panko::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
|
||||
panko::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix] }
|
||||
panko::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
|
||||
panko::keystone::authtoken::region_name: {get_param KeystoneRegion}
|
||||
panko::keystone::authtoken::memcache_use_advanced_pool: {get_param: MemcacheUseAdvancedPool}
|
||||
|
|
|
@ -99,7 +99,7 @@ outputs:
|
|||
config_settings:
|
||||
map_merge:
|
||||
- get_attr: [DesignateBase, role_data, config_settings]
|
||||
- designate::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
|
||||
- designate::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystonePublic, uri] }
|
||||
designate::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
designate::keystone::authtoken::project_name: 'service'
|
||||
designate::keystone::authtoken::password: {get_param: DesignatePassword}
|
||||
|
|
|
@ -395,7 +395,7 @@ outputs:
|
|||
read_default_file: /etc/my.cnf.d/tripleo.cnf
|
||||
read_default_group: tripleo
|
||||
glance::api::bind_port: {get_param: [EndpointMap, GlanceInternal, port]}
|
||||
glance::api::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
|
||||
glance::api::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix] }
|
||||
glance::api::authtoken::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
|
||||
glance::api::enable_v1_api: false
|
||||
glance::api::enable_v2_api: true
|
||||
|
|
|
@ -200,7 +200,7 @@ outputs:
|
|||
gnocchi::cors::allow_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma,X-Auth-Token'
|
||||
gnocchi::cors::expose_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma'
|
||||
gnocchi::cors::allow_methods: 'GET,POST,PUT,DELETE,OPTIONS,PATCH'
|
||||
gnocchi::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
gnocchi::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix]}
|
||||
gnocchi::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
gnocchi::keystone::authtoken::password: {get_param: GnocchiPassword}
|
||||
gnocchi::keystone::authtoken::project_name: 'service'
|
||||
|
|
|
@ -179,7 +179,7 @@ outputs:
|
|||
heat::keystone::authtoken::project_name: 'service'
|
||||
heat::keystone::authtoken::user_domain_name: 'Default'
|
||||
heat::keystone::authtoken::project_domain_name: 'Default'
|
||||
heat::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
|
||||
heat::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix] }
|
||||
heat::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
|
||||
heat::keystone::authtoken::password: {get_param: HeatPassword}
|
||||
heat::keystone::authtoken::region_name: {get_param: KeystoneRegion}
|
||||
|
|
|
@ -145,7 +145,7 @@ outputs:
|
|||
ironic::api::authtoken::user_domain_name: 'Default'
|
||||
ironic::api::authtoken::project_domain_name: 'Default'
|
||||
ironic::api::authtoken::username: 'ironic'
|
||||
ironic::api::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
|
||||
ironic::api::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix] }
|
||||
ironic::api::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
ironic::api::authtoken::region_name: {get_param: KeystoneRegion }
|
||||
ironic::api::authtoken::memcache_use_advanced_pool: {get_param: MemcacheUseAdvancedPool}
|
||||
|
|
|
@ -224,7 +224,7 @@ outputs:
|
|||
ironic::inspector::pxe_filter::driver: dnsmasq
|
||||
ironic::inspector::logging::debug: {get_param: Debug}
|
||||
ironic::inspector::always_store_ramdisk_logs: {get_param: Debug}
|
||||
ironic::inspector::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
|
||||
ironic::inspector::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystonePublic, uri, uri_no_suffix] }
|
||||
ironic::inspector::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
ironic::inspector::authtoken::username: 'ironic'
|
||||
ironic::inspector::authtoken::password: {get_param: IronicPassword}
|
||||
|
|
|
@ -143,7 +143,7 @@ outputs:
|
|||
- get_attr: [ManilaBase, role_data, config_settings]
|
||||
- get_attr: [ApacheServiceBase, role_data, config_settings]
|
||||
- manila::keystone::authtoken::password: {get_param: ManilaPassword}
|
||||
manila::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
manila::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix]}
|
||||
manila::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
|
||||
manila::keystone::authtoken::project_name: 'service'
|
||||
manila::keystone::authtoken::user_domain_name: 'Default'
|
||||
|
|
|
@ -89,7 +89,7 @@ outputs:
|
|||
- manila::volume::cinder::cinder_admin_tenant_name: 'service'
|
||||
# keystone_authtoken
|
||||
manila::keystone::authtoken::password: {get_param: ManilaPassword}
|
||||
manila::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
|
||||
manila::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystonePublic, uri]}
|
||||
manila::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
|
||||
manila::keystone::authtoken::project_name: 'service'
|
||||
# compute
|
||||
|
|
|
@ -93,7 +93,7 @@ outputs:
|
|||
mistral::keystone::authtoken::user_domain_name: 'Default'
|
||||
mistral::keystone::authtoken::project_domain_name: 'Default'
|
||||
mistral::keystone::authtoken::password: {get_param: MistralPassword}
|
||||
mistral::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneV3Internal, uri]}
|
||||
mistral::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix]}
|
||||
mistral::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
mistral::keystone::authtoken::region_name: {get_param: KeystoneRegion}
|
||||
mistral::keystone::authtoken::memcache_use_advanced_pool: {get_param: MemcacheUseAdvancedPool}
|
||||
|
|
|
@ -283,7 +283,7 @@ outputs:
|
|||
read_default_file: /etc/my.cnf.d/tripleo.cnf
|
||||
read_default_group: tripleo
|
||||
neutron::policy::policies: {get_param: NeutronApiPolicies}
|
||||
neutron::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
|
||||
neutron::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix] }
|
||||
neutron::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
neutron::server::agent_down_time: {get_param: NeutronAgentDownTime}
|
||||
neutron::server::allow_automatic_l3agent_failover: {get_param: NeutronAllowL3AgentFailover}
|
||||
|
@ -305,7 +305,6 @@ outputs:
|
|||
neutron::server::notifications::region_name: {get_param: KeystoneRegion}
|
||||
neutron::server::placement::region_name: {get_param: KeystoneRegion}
|
||||
neutron::server::placement::password: {get_param: NovaPassword}
|
||||
neutron::server::placement::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
neutron::server::placement::project_domain_name: 'Default'
|
||||
neutron::server::placement::project_name: 'service'
|
||||
neutron::server::placement::user_domain_name: 'Default'
|
||||
|
|
|
@ -222,7 +222,7 @@ outputs:
|
|||
nova::keystone::authtoken::user_domain_name: 'Default'
|
||||
nova::keystone::authtoken::project_domain_name: 'Default'
|
||||
nova::keystone::authtoken::password: {get_param: NovaPassword}
|
||||
nova::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
|
||||
nova::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix] }
|
||||
nova::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
nova::keystone::authtoken::region_name: {get_param: KeystoneRegion}
|
||||
nova::keystone::authtoken::memcache_use_advanced_pool: {get_param: MemcacheUseAdvancedPool}
|
||||
|
|
|
@ -774,7 +774,7 @@ outputs:
|
|||
nova::keystone::authtoken::user_domain_name: 'Default'
|
||||
nova::keystone::authtoken::project_domain_name: 'Default'
|
||||
nova::keystone::authtoken::password: {get_param: NovaPassword}
|
||||
nova::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
|
||||
nova::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix] }
|
||||
nova::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
nova::keystone::authtoken::region_name: {get_param: KeystoneRegion}
|
||||
nova::cinder::username: 'cinder'
|
||||
|
|
|
@ -165,7 +165,7 @@ outputs:
|
|||
- 13775
|
||||
nova::keystone::authtoken::project_name: 'service'
|
||||
nova::keystone::authtoken::password: {get_param: NovaPassword}
|
||||
nova::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
|
||||
nova::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix] }
|
||||
nova::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
|
||||
nova::keystone::authtoken::region_name: {get_param: KeystoneRegion}
|
||||
nova::metadata::enable_proxy_headers_parsing: true
|
||||
|
|
|
@ -126,7 +126,7 @@ outputs:
|
|||
# kerberos via puppet.
|
||||
nova::metadata::novajoin::api::configure_kerberos: true
|
||||
nova::metadata::novajoin::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
nova::metadata::novajoin::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
nova::metadata::novajoin::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix]}
|
||||
nova::metadata::novajoin::authtoken::password: {get_param: NovajoinPassword}
|
||||
nova::metadata::novajoin::authtoken::project_name: 'service'
|
||||
nova::metadata::novajoin::authtoken::region_name: {get_param: KeystoneRegion}
|
||||
|
|
|
@ -162,7 +162,7 @@ outputs:
|
|||
- {get_attr: [OctaviaBase, role_data, config_settings]}
|
||||
- {get_attr: [OctaviaWorker, role_data, config_settings]}
|
||||
- {get_attr: [OctaviaProviderConfig, role_data, config_settings]}
|
||||
- octavia::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
|
||||
- octavia::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix] }
|
||||
octavia::policy::policies: {get_param: OctaviaApiPolicies}
|
||||
octavia::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
octavia::keystone::authtoken::project_name: {get_param: OctaviaProjectName}
|
||||
|
|
|
@ -141,7 +141,7 @@ outputs:
|
|||
- 13778
|
||||
placement::keystone::authtoken::project_name: 'service'
|
||||
placement::keystone::authtoken::password: {get_param: PlacementPassword}
|
||||
placement::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
placement::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix]}
|
||||
placement::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
placement::keystone::authtoken::region_name: {get_param: KeystoneRegion}
|
||||
placement::keystone::authtoken::memcache_use_advanced_pool: {get_param: MemcacheUseAdvancedPool}
|
||||
|
|
|
@ -101,7 +101,7 @@ outputs:
|
|||
sahara::rpc_backend: rabbit
|
||||
sahara::db::database_db_max_retries: -1
|
||||
sahara::db::database_max_retries: -1
|
||||
sahara::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
sahara::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix]}
|
||||
sahara::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
sahara::keystone::authtoken::password: {get_param: SaharaPassword}
|
||||
sahara::keystone::authtoken::project_name: 'service'
|
||||
|
|
|
@ -158,7 +158,7 @@ outputs:
|
|||
- cors_allowed_origin_unset
|
||||
- {}
|
||||
- swift::proxy::cors_allow_origin: {get_param: SwiftCorsAllowedOrigin}
|
||||
- swift::proxy::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
- swift::proxy::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix]}
|
||||
swift::proxy::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
swift::proxy::authtoken::password: {get_param: SwiftPassword}
|
||||
swift::proxy::authtoken::project_name: 'service'
|
||||
|
|
|
@ -153,7 +153,7 @@ outputs:
|
|||
zaqar::keystone::authtoken::password: {get_param: ZaqarPassword}
|
||||
zaqar::keystone::authtoken::project_name: 'service'
|
||||
zaqar::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
zaqar::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
|
||||
zaqar::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix]}
|
||||
zaqar::keystone::authtoken::region_name: {get_param: KeystoneRegion}
|
||||
zaqar::keystone::authtoken::memcache_use_advanced_pool: {get_param: MemcacheUseAdvancedPool}
|
||||
zaqar::keystone::trust::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
|
|
Loading…
Reference in New Issue