Use public endpoint for [keystone_authtoken] www_authenticate_uri
According to the parameter description, www_authenticate_uri should be complete public Identity endpoint, which is accessible by all end users. This change replaces internal endpoint by public endpoint to meet that requirement. Conflicts: deployment/ironic/ironic-conductor-container-puppet.yaml deployment/swift/swift-proxy-container-puppet.yaml Backport note: This change includes commit2b9461e97fwhich fixes the remaining usage of internal endpoint. Also, commit02bb4b8aa0was partially included to remove the following ineffective puppet parameter. neutron::server::placement::www_authenticate_uri (to victoria) Conflicts: deployment/aodh/aodh-api-container-puppet.yaml deployment/experimental/designate/designate-api-container-puppet.yaml deployment/manila/manila-share-container-puppet.yaml Backport note: This backport covers some services like zaqar which were removed in stable/wallaby. Closes-Bug: #1955397 Change-Id: I30165c8ee5aa4b777b73ad89ac709e2c8a375382 (cherry picked from commit160936df13) (cherry picked from commit58129434ac)
This commit is contained in:
Takashi Kajinami
parent
ea944a89f0
commit
5314c792be
|
|
@ -109,7 +109,7 @@ outputs:
|
|||
aodh::keystone::authtoken::user_domain_name: 'Default'
|
||||
aodh::keystone::authtoken::project_domain_name: 'Default'
|
||||
aodh::keystone::authtoken::password: {get_param: AodhPassword}
|
||||
aodh::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
|
||||
aodh::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix] }
|
||||
aodh::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
|
||||
aodh::keystone::authtoken::region_name: {get_param: KeystoneRegion}
|
||||
aodh::keystone::authtoken::interface: 'internal'
|
||||
|
|
|
|||
|
|
@ -259,7 +259,7 @@ outputs:
|
|||
- get_attr: [BarbicanApiLogging, config_settings]
|
||||
- apache::default_vhost: false
|
||||
barbican::keystone::authtoken::password: {get_param: BarbicanPassword}
|
||||
barbican::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
barbican::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix]}
|
||||
barbican::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
barbican::keystone::authtoken::project_name: 'service'
|
||||
barbican::keystone::authtoken::region_name: {get_param: KeystoneRegion}
|
||||
|
|
|
|||
|
|
@ -189,7 +189,7 @@ outputs:
|
|||
- get_attr: [CinderBase, role_data, config_settings]
|
||||
- get_attr: [ApacheServiceBase, role_data, config_settings]
|
||||
- keystone_resources_managed: false
|
||||
- cinder::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
- cinder::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix]}
|
||||
cinder::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
cinder::keystone::authtoken::password: {get_param: CinderPassword}
|
||||
cinder::keystone::authtoken::project_name: 'service'
|
||||
|
|
|
|||
|
|
@ -109,7 +109,7 @@ outputs:
|
|||
mistral::keystone::authtoken::user_domain_name: 'Default'
|
||||
mistral::keystone::authtoken::project_domain_name: 'Default'
|
||||
mistral::keystone::authtoken::password: {get_param: MistralPassword}
|
||||
mistral::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneV3Internal, uri]}
|
||||
mistral::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix]}
|
||||
mistral::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
mistral::keystone::authtoken::region_name: {get_param: KeystoneRegion}
|
||||
mistral::keystone::authtoken::interface: 'internal'
|
||||
|
|
|
|||
|
|
@ -135,7 +135,7 @@ outputs:
|
|||
# kerberos via puppet.
|
||||
nova::metadata::novajoin::api::configure_kerberos: true
|
||||
nova::metadata::novajoin::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
nova::metadata::novajoin::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
nova::metadata::novajoin::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix]}
|
||||
nova::metadata::novajoin::authtoken::password: {get_param: NovajoinPassword}
|
||||
nova::metadata::novajoin::authtoken::project_name: 'service'
|
||||
nova::metadata::novajoin::authtoken::region_name: {get_param: KeystoneRegion}
|
||||
|
|
|
|||
|
|
@ -115,7 +115,7 @@ outputs:
|
|||
sahara::rpc_backend: rabbit
|
||||
sahara::db::database_db_max_retries: -1
|
||||
sahara::db::database_max_retries: -1
|
||||
sahara::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
sahara::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix]}
|
||||
sahara::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
sahara::keystone::authtoken::password: {get_param: SaharaPassword}
|
||||
sahara::keystone::authtoken::project_name: 'service'
|
||||
|
|
|
|||
|
|
@ -104,7 +104,7 @@ outputs:
|
|||
config_settings:
|
||||
map_merge:
|
||||
- get_attr: [DesignateBase, role_data, config_settings]
|
||||
- designate::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
|
||||
- designate::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystonePublic, uri] }
|
||||
designate::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
designate::keystone::authtoken::project_name: 'service'
|
||||
designate::keystone::authtoken::password: {get_param: DesignatePassword}
|
||||
|
|
|
|||
|
|
@ -426,7 +426,7 @@ outputs:
|
|||
read_default_group: tripleo
|
||||
|
||||
glance::api::bind_port: {get_param: [EndpointMap, GlanceInternal, port]}
|
||||
glance::api::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
|
||||
glance::api::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix] }
|
||||
glance::api::authtoken::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
|
||||
glance::api::enable_v1_api: false
|
||||
glance::api::enable_v2_api: true
|
||||
|
|
|
|||
|
|
@ -203,7 +203,7 @@ outputs:
|
|||
gnocchi::cors::allow_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma,X-Auth-Token'
|
||||
gnocchi::cors::expose_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma'
|
||||
gnocchi::cors::allow_methods: 'GET,POST,PUT,DELETE,OPTIONS,PATCH'
|
||||
gnocchi::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
gnocchi::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix]}
|
||||
gnocchi::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
gnocchi::keystone::authtoken::password: {get_param: GnocchiPassword}
|
||||
gnocchi::keystone::authtoken::project_name: 'service'
|
||||
|
|
|
|||
|
|
@ -179,7 +179,7 @@ outputs:
|
|||
heat::keystone::authtoken::project_name: 'service'
|
||||
heat::keystone::authtoken::user_domain_name: 'Default'
|
||||
heat::keystone::authtoken::project_domain_name: 'Default'
|
||||
heat::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
|
||||
heat::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix] }
|
||||
heat::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
|
||||
heat::keystone::authtoken::password: {get_param: HeatPassword}
|
||||
heat::keystone::authtoken::region_name: {get_param: KeystoneRegion}
|
||||
|
|
|
|||
|
|
@ -145,7 +145,7 @@ outputs:
|
|||
ironic::api::authtoken::user_domain_name: 'Default'
|
||||
ironic::api::authtoken::project_domain_name: 'Default'
|
||||
ironic::api::authtoken::username: 'ironic'
|
||||
ironic::api::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
|
||||
ironic::api::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix] }
|
||||
ironic::api::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
ironic::api::authtoken::region_name: {get_param: KeystoneRegion }
|
||||
ironic::api::authtoken::interface: 'internal'
|
||||
|
|
|
|||
|
|
@ -266,7 +266,7 @@ outputs:
|
|||
ironic::inspector::pxe_filter::driver: dnsmasq
|
||||
ironic::inspector::logging::debug: {get_param: Debug}
|
||||
ironic::inspector::always_store_ramdisk_logs: {get_param: Debug}
|
||||
ironic::inspector::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
|
||||
ironic::inspector::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystonePublic, uri, uri_no_suffix] }
|
||||
ironic::inspector::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
ironic::inspector::authtoken::username: 'ironic'
|
||||
ironic::inspector::authtoken::password: {get_param: IronicPassword}
|
||||
|
|
|
|||
|
|
@ -137,7 +137,7 @@ outputs:
|
|||
- get_attr: [ManilaBase, role_data, config_settings]
|
||||
- get_attr: [ApacheServiceBase, role_data, config_settings]
|
||||
- manila::keystone::authtoken::password: {get_param: ManilaPassword}
|
||||
manila::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
manila::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix]}
|
||||
manila::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
|
||||
manila::keystone::authtoken::project_name: 'service'
|
||||
manila::keystone::authtoken::user_domain_name: 'Default'
|
||||
|
|
|
|||
|
|
@ -93,7 +93,7 @@ outputs:
|
|||
-
|
||||
# keystone_authtoken
|
||||
manila::keystone::authtoken::password: {get_param: ManilaPassword}
|
||||
manila::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
|
||||
manila::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystonePublic, uri]}
|
||||
manila::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
|
||||
manila::keystone::authtoken::project_name: 'service'
|
||||
manila::keystone::authtoken::user_domain_name: 'Default'
|
||||
|
|
|
|||
|
|
@ -303,7 +303,7 @@ outputs:
|
|||
read_default_group: tripleo
|
||||
|
||||
neutron::policy::policies: {get_param: NeutronApiPolicies}
|
||||
neutron::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
|
||||
neutron::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix] }
|
||||
neutron::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
neutron::server::agent_down_time: {get_param: NeutronAgentDownTime}
|
||||
neutron::server::allow_automatic_l3agent_failover: {get_param: NeutronAllowL3AgentFailover}
|
||||
|
|
@ -327,7 +327,6 @@ outputs:
|
|||
neutron::quota::quota_security_group: {get_param: NeutronSecurityGroupQuota}
|
||||
neutron::server::placement::region_name: {get_param: KeystoneRegion}
|
||||
neutron::server::placement::password: {get_param: NovaPassword}
|
||||
neutron::server::placement::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
neutron::server::placement::project_domain_name: 'Default'
|
||||
neutron::server::placement::project_name: 'service'
|
||||
neutron::server::placement::user_domain_name: 'Default'
|
||||
|
|
|
|||
|
|
@ -222,7 +222,7 @@ outputs:
|
|||
nova::keystone::authtoken::user_domain_name: 'Default'
|
||||
nova::keystone::authtoken::project_domain_name: 'Default'
|
||||
nova::keystone::authtoken::password: {get_param: NovaPassword}
|
||||
nova::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
|
||||
nova::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix] }
|
||||
nova::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
nova::keystone::authtoken::region_name: {get_param: KeystoneRegion}
|
||||
nova::keystone::authtoken::interface: 'internal'
|
||||
|
|
|
|||
|
|
@ -827,7 +827,7 @@ outputs:
|
|||
nova::keystone::authtoken::user_domain_name: 'Default'
|
||||
nova::keystone::authtoken::project_domain_name: 'Default'
|
||||
nova::keystone::authtoken::password: {get_param: NovaPassword}
|
||||
nova::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
|
||||
nova::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix] }
|
||||
nova::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
nova::keystone::authtoken::region_name: {get_param: KeystoneRegion}
|
||||
nova::keystone::authtoken::interface: 'internal'
|
||||
|
|
|
|||
|
|
@ -165,7 +165,7 @@ outputs:
|
|||
- apache::default_vhost: false
|
||||
- nova::keystone::authtoken::project_name: 'service'
|
||||
nova::keystone::authtoken::password: {get_param: NovaPassword}
|
||||
nova::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
|
||||
nova::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix] }
|
||||
nova::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
|
||||
nova::keystone::authtoken::region_name: {get_param: KeystoneRegion}
|
||||
nova::keystone::authtoken::interface: 'internal'
|
||||
|
|
|
|||
|
|
@ -169,7 +169,7 @@ outputs:
|
|||
- {get_attr: [OctaviaBase, role_data, config_settings]}
|
||||
- {get_attr: [OctaviaWorker, role_data, config_settings]}
|
||||
- {get_attr: [OctaviaProviderConfig, role_data, config_settings]}
|
||||
- octavia::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
|
||||
- octavia::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix] }
|
||||
octavia::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
octavia::keystone::authtoken::project_name: {get_param: OctaviaProjectName}
|
||||
octavia::keystone::authtoken::password: {get_param: OctaviaPassword}
|
||||
|
|
|
|||
|
|
@ -147,7 +147,7 @@ outputs:
|
|||
- apache::default_vhost: false
|
||||
- placement::keystone::authtoken::project_name: 'service'
|
||||
placement::keystone::authtoken::password: {get_param: PlacementPassword}
|
||||
placement::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
placement::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix]}
|
||||
placement::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
placement::keystone::authtoken::region_name: {get_param: KeystoneRegion}
|
||||
placement::keystone::authtoken::interface: 'internal'
|
||||
|
|
|
|||
|
|
@ -163,7 +163,7 @@ outputs:
|
|||
- cors_allowed_origin_unset
|
||||
- {}
|
||||
- swift::proxy::cors_allow_origin: {get_param: SwiftCorsAllowedOrigin}
|
||||
- swift::proxy::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
- swift::proxy::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix]}
|
||||
swift::proxy::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
swift::proxy::authtoken::password: {get_param: SwiftPassword}
|
||||
swift::proxy::authtoken::project_name: 'service'
|
||||
|
|
|
|||
|
|
@ -162,7 +162,7 @@ outputs:
|
|||
zaqar::keystone::authtoken::password: {get_param: ZaqarPassword}
|
||||
zaqar::keystone::authtoken::project_name: 'service'
|
||||
zaqar::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
zaqar::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
|
||||
zaqar::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix]}
|
||||
zaqar::keystone::authtoken::region_name: {get_param: KeystoneRegion}
|
||||
zaqar::keystone::authtoken::interface: 'internal'
|
||||
zaqar::keystone::authtoken::memcache_use_advanced_pool: {get_param: MemcacheUseAdvancedPool}
|
||||
|
|
|
|||
Loading…
Reference in New Issue