Merge "Use Keystone internal endpoint instead of admin for services"
This commit is contained in:
commit
d6794ec1d3
@ -80,7 +80,7 @@ outputs:
|
||||
aodh::keystone::authtoken::project_name: 'service'
|
||||
aodh::keystone::authtoken::password: {get_param: AodhPassword}
|
||||
aodh::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
|
||||
aodh::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
|
||||
aodh::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
|
||||
aodh::auth::auth_password: {get_param: AodhPassword}
|
||||
aodh::auth::auth_region: 'regionOne'
|
||||
aodh::auth::auth_tenant_name: 'service'
|
||||
|
@ -75,7 +75,7 @@ outputs:
|
||||
- get_attr: [ApacheServiceBase, role_data, config_settings]
|
||||
- barbican::keystone::authtoken::password: {get_param: BarbicanPassword}
|
||||
barbican::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
|
||||
barbican::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
|
||||
barbican::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
barbican::keystone::authtoken::project_name: 'service'
|
||||
barbican::api::host_href: {get_param: [EndpointMap, BarbicanPublic, uri]}
|
||||
barbican::api::db_auto_create: false
|
||||
|
@ -102,7 +102,7 @@ outputs:
|
||||
ceilometer::keystone::authtoken::project_name: 'service'
|
||||
ceilometer::keystone::authtoken::password: {get_param: CeilometerPassword}
|
||||
ceilometer::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
|
||||
ceilometer::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
|
||||
ceilometer::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
|
||||
ceilometer::agent::auth::auth_password: {get_param: CeilometerPassword}
|
||||
ceilometer::agent::auth::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
|
||||
ceilometer::agent::notification::event_pipeline_publishers: {get_param: EventPipelinePublishers}
|
||||
|
@ -54,7 +54,7 @@ outputs:
|
||||
- get_attr: [CephBase, role_data, config_settings]
|
||||
- tripleo::profile::base::ceph::rgw::rgw_key: {get_param: CephRgwKey}
|
||||
tripleo::profile::base::ceph::rgw::keystone_admin_token: {get_param: AdminToken}
|
||||
tripleo::profile::base::ceph::rgw::keystone_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
|
||||
tripleo::profile::base::ceph::rgw::keystone_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
tripleo::profile::base::ceph::rgw::civetweb_bind_ip: {get_param: [ServiceNetMap, CephRgwNetwork]}
|
||||
tripleo::profile::base::ceph::rgw::civetweb_bind_port: {get_param: [EndpointMap, CephRgwInternal, port]}
|
||||
tripleo::profile::base::ceph::rgw::rgw_keystone_version: v3
|
||||
|
@ -81,7 +81,7 @@ outputs:
|
||||
- get_attr: [CinderBase, role_data, config_settings]
|
||||
- get_attr: [ApacheServiceBase, role_data, config_settings]
|
||||
- cinder::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
|
||||
cinder::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
|
||||
cinder::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
cinder::keystone::authtoken::password: {get_param: CinderPassword}
|
||||
cinder::keystone::authtoken::project_name: 'service'
|
||||
cinder::api::enable_proxy_headers_parsing: true
|
||||
|
@ -66,7 +66,7 @@ outputs:
|
||||
ec2api::keystone::authtoken::project_name: 'service'
|
||||
ec2api::keystone::authtoken::password: {get_param: Ec2ApiPassword}
|
||||
ec2api::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
|
||||
ec2api::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
|
||||
ec2api::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
ec2api::api::enabled: true
|
||||
ec2api::package_manage: {get_param: EnablePackageInstall}
|
||||
ec2api::api::ec2api_listen:
|
||||
|
@ -95,7 +95,7 @@ outputs:
|
||||
- "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}"
|
||||
glance::api::bind_port: {get_param: [EndpointMap, GlanceInternal, port]}
|
||||
glance::api::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
|
||||
glance::api::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
|
||||
glance::api::authtoken::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
|
||||
glance::api::enable_v1_api: false
|
||||
glance::api::enable_v2_api: true
|
||||
glance::api::authtoken::password: {get_param: GlancePassword}
|
||||
|
@ -84,7 +84,7 @@ outputs:
|
||||
gnocchi::api::enable_proxy_headers_parsing: true
|
||||
gnocchi::api::service_name: 'httpd'
|
||||
gnocchi::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
|
||||
gnocchi::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
|
||||
gnocchi::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
gnocchi::keystone::authtoken::password: {get_param: GnocchiPassword}
|
||||
gnocchi::keystone::authtoken::project_name: 'service'
|
||||
gnocchi::wsgi::apache::ssl: {get_param: EnableInternalTLS}
|
||||
@ -105,7 +105,7 @@ outputs:
|
||||
gnocchi::wsgi::apache::wsgi_process_display_name: 'gnocchi_wsgi'
|
||||
|
||||
gnocchi::api::keystone_auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
|
||||
gnocchi::api::keystone_identity_uri: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
|
||||
gnocchi::api::keystone_identity_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
gnocchi::storage::swift::swift_authurl: {get_param: [EndpointMap, KeystoneInternal, uri]}
|
||||
step_config: |
|
||||
include ::tripleo::profile::base::gnocchi::api
|
||||
|
@ -122,7 +122,7 @@ outputs:
|
||||
heat::rabbit_heartbeat_timeout_threshold: 60
|
||||
heat::keystone::authtoken::project_name: 'service'
|
||||
heat::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
|
||||
heat::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
|
||||
heat::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
|
||||
heat::keystone::authtoken::password: {get_param: HeatPassword}
|
||||
heat::keystone::domain::domain_name: 'heat_stack'
|
||||
heat::keystone::domain::domain_admin: 'heat_stack_domain_admin'
|
||||
|
@ -51,7 +51,7 @@ outputs:
|
||||
ironic::api::authtoken::project_name: 'service'
|
||||
ironic::api::authtoken::username: 'ironic'
|
||||
ironic::api::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
|
||||
ironic::api::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
|
||||
ironic::api::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
# NOTE: bind IP is found in Heat replacing the network name with the
|
||||
# local node IP for the given network; replacement examples
|
||||
# (eg. for internal_api):
|
||||
|
@ -49,7 +49,7 @@ outputs:
|
||||
- get_attr: [ManilaBase, role_data, config_settings]
|
||||
- manila::keystone::authtoken::password: {get_param: ManilaPassword}
|
||||
manila::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
|
||||
manila::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
|
||||
manila::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
|
||||
manila::keystone::authtoken::project_name: 'service'
|
||||
tripleo.manila_api.firewall_rules:
|
||||
'150 manila':
|
||||
|
@ -46,7 +46,7 @@ outputs:
|
||||
- manila::volume::cinder::cinder_admin_tenant_name: 'service'
|
||||
manila::keystone::authtoken::password: {get_param: ManilaPassword}
|
||||
manila::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
|
||||
manila::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
|
||||
manila::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
|
||||
manila::keystone::authtoken::project_name: 'service'
|
||||
service_config_settings:
|
||||
get_attr: [ManilaBase, role_data, service_config_settings]
|
||||
|
@ -76,7 +76,7 @@ outputs:
|
||||
mistral::keystone_tenant: 'service'
|
||||
mistral::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
|
||||
mistral::keystone_ec2_uri: {get_param: [EndpointMap, KeystoneEC2, uri]}
|
||||
mistral::identity_uri: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
|
||||
mistral::identity_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
service_config_settings:
|
||||
keystone:
|
||||
mistral::keystone::auth::tenant: 'service'
|
||||
|
@ -130,7 +130,7 @@ outputs:
|
||||
- '?bind_address='
|
||||
- "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}"
|
||||
neutron::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
|
||||
neutron::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
|
||||
neutron::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
neutron::server::api_workers: {get_param: NeutronWorkers}
|
||||
neutron::server::rpc_workers: {get_param: NeutronWorkers}
|
||||
neutron::server::allow_automatic_l3agent_failover: {get_param: NeutronAllowL3AgentFailover}
|
||||
|
@ -70,7 +70,7 @@ outputs:
|
||||
- neutron::agents::metadata::shared_secret: {get_param: NeutronMetadataProxySharedSecret}
|
||||
neutron::agents::metadata::metadata_workers: {get_param: NeutronWorkers}
|
||||
neutron::agents::metadata::auth_password: {get_param: NeutronPassword}
|
||||
neutron::agents::metadata::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
|
||||
neutron::agents::metadata::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
|
||||
neutron::agents::metadata::auth_tenant: 'service'
|
||||
neutron::agents::metadata::metadata_ip: "%{hiera('nova_metadata_vip')}"
|
||||
step_config: |
|
||||
|
@ -102,7 +102,7 @@ outputs:
|
||||
- '/ovs_neutron'
|
||||
- '?bind_address='
|
||||
- "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}"
|
||||
neutron::plugins::plumgrid::controller_priv_host: {get_param: [EndpointMap, KeystoneAdmin, host]}
|
||||
neutron::plugins::plumgrid::controller_priv_host: {get_param: [EndpointMap, KeystoneInternal, host]}
|
||||
neutron::plugins::plumgrid::admin_password: {get_param: AdminPassword}
|
||||
neutron::plugins::plumgrid::metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
|
||||
neutron::plugins::plumgrid::director_server: {get_param: PLUMgridDirectorServer}
|
||||
|
@ -108,7 +108,7 @@ outputs:
|
||||
nova::keystone::authtoken::project_name: 'service'
|
||||
nova::keystone::authtoken::password: {get_param: NovaPassword}
|
||||
nova::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
|
||||
nova::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
|
||||
nova::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
nova::api::enabled: true
|
||||
nova::api::default_floating_pool: {get_param: NovaDefaultFloatingPool}
|
||||
nova::api::sync_db_api: true
|
||||
|
@ -139,7 +139,7 @@ outputs:
|
||||
nova::rabbit_port: {get_param: RabbitClientPort}
|
||||
nova::placement::project_name: 'service'
|
||||
nova::placement::password: {get_param: NovaPassword}
|
||||
nova::placement::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
|
||||
nova::placement::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
nova::placement::os_region_name: {get_param: KeystoneRegion}
|
||||
nova::placement::os_interface: {get_param: NovaPlacementAPIInterface}
|
||||
nova::database_connection:
|
||||
|
@ -68,7 +68,7 @@ outputs:
|
||||
- '/octavia'
|
||||
- '?bind_address='
|
||||
- "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}"
|
||||
octavia::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
|
||||
octavia::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
octavia::keystone::authtoken::project_name: 'service'
|
||||
octavia::keystone::authtoken::password: {get_param: OctaviaPassword}
|
||||
octavia::api::sync_db: true
|
||||
|
@ -53,7 +53,7 @@ outputs:
|
||||
panko::keystone::authtoken::project_name: 'service'
|
||||
panko::keystone::authtoken::password: {get_param: PankoPassword}
|
||||
panko::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
|
||||
panko::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
|
||||
panko::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
|
||||
panko::auth::auth_password: {get_param: PankoPassword}
|
||||
panko::auth::auth_region: 'regionOne'
|
||||
panko::auth::auth_tenant_name: 'service'
|
||||
|
@ -73,7 +73,7 @@ outputs:
|
||||
sahara::debug: {get_param: Debug}
|
||||
sahara::admin_password: {get_param: SaharaPassword}
|
||||
sahara::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
|
||||
sahara::identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
|
||||
sahara::identity_uri: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
|
||||
sahara::use_neutron: true
|
||||
sahara::plugins: {get_param: SaharaPlugins}
|
||||
sahara::rpc_backend: rabbit
|
||||
|
@ -87,7 +87,7 @@ outputs:
|
||||
- get_attr: [SwiftBase, role_data, config_settings]
|
||||
|
||||
- swift::proxy::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
|
||||
swift::proxy::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
|
||||
swift::proxy::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
swift::proxy::authtoken::password: {get_param: SwiftPassword}
|
||||
swift::proxy::authtoken::project_name: 'service'
|
||||
swift::proxy::node_timeout: {get_param: SwiftProxyNodeTimeout}
|
||||
|
@ -40,7 +40,7 @@ outputs:
|
||||
config_settings:
|
||||
zaqar::keystone::authtoken::password: {get_param: ZaqarPassword}
|
||||
zaqar::keystone::authtoken::project_name: 'service'
|
||||
zaqar::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
|
||||
zaqar::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||
zaqar::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
|
||||
zaqar::debug: {get_param: Debug}
|
||||
zaqar::transport::websocket::bind: {get_param: [EndpointMap, ZaqarInternal, host]}
|
||||
|
Loading…
Reference in New Issue
Block a user