From 6a331d4e3742e43228ed16fba07f0d7913df29f3 Mon Sep 17 00:00:00 2001
From: Joshua Harlow <jxharlow@godaddy.com>
Date: Wed, 7 Mar 2018 11:39:23 -0800
Subject: [PATCH] Create and use keystone_admin[project|user]
It is not always convenient to use the the given
admin project and admin user; especially when some clouds
use different user and project for there keystone 'admin'
This allows setting the variables for these users to something
else, and defaults them to there current values of 'admin'.
Change-Id: I22b79a30f01c90a92ecc0974886edf3791518f2f
---
ansible/group_vars/all.yml | 23 +++++++++++--------
.../roles/common/templates/admin-openrc.sh.j2 | 6 ++---
etc/kolla/globals.yml | 4 ++++
3 files changed, 20 insertions(+), 13 deletions(-)
diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml
index 8694f8e02..6196f65fb 100644
--- a/ansible/group_vars/all.yml
+++ b/ansible/group_vars/all.yml
@@ -369,16 +369,6 @@ set_sysctl: "yes"
# Valid options are [ none, novnc, spice, rdp ]
nova_console: "novnc"
-# OpenStack authentication string. You should only need to override these if you
-# are changing the admin tenant/project or user.
-openstack_auth:
- auth_url: "{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}"
- username: "admin"
- password: "{{ keystone_admin_password }}"
- project_name: "admin"
- domain_name: "default"
- user_domain_name: "default"
-
# Endpoint type used to connect with OpenStack services with ansible modules.
# Valid options are [ public, internal, admin ]
openstack_interface: "admin"
@@ -594,6 +584,9 @@ keystone_admin_url: "{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keyston
keystone_internal_url: "{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}"
keystone_public_url: "{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ keystone_public_port }}"
+keystone_admin_user: "admin"
+keystone_admin_project: "admin"
+
default_project_domain_name: "Default"
default_project_domain_id: "default"
@@ -606,6 +599,16 @@ fernet_token_expiry: 86400
keystone_default_user_role: "_member_"
+# OpenStack authentication string. You should only need to override these if you
+# are changing the admin tenant/project or user.
+openstack_auth:
+ auth_url: "{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}"
+ username: "{{ keystone_admin_user }}"
+ password: "{{ keystone_admin_password }}"
+ project_name: "{{ keystone_admin_project }}"
+ domain_name: "default"
+ user_domain_name: "default"
+
#######################
# Glance options
#######################
diff --git a/ansible/roles/common/templates/admin-openrc.sh.j2 b/ansible/roles/common/templates/admin-openrc.sh.j2
index e400db5fb..03cb934c4 100644
--- a/ansible/roles/common/templates/admin-openrc.sh.j2
+++ b/ansible/roles/common/templates/admin-openrc.sh.j2
@@ -1,8 +1,8 @@
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
-export OS_PROJECT_NAME=admin
-export OS_TENANT_NAME=admin
-export OS_USERNAME=admin
+export OS_PROJECT_NAME={{ keystone_admin_project }}
+export OS_TENANT_NAME={{ keystone_admin_project }}
+export OS_USERNAME={{ keystone_admin_user }}
export OS_PASSWORD={{ keystone_admin_password }}
export OS_AUTH_URL={{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}/v3
export OS_INTERFACE=internal
diff --git a/etc/kolla/globals.yml b/etc/kolla/globals.yml
index eff4104ac..5757ceb09 100644
--- a/etc/kolla/globals.yml
+++ b/etc/kolla/globals.yml
@@ -290,6 +290,10 @@ kolla_internal_vip_address: "10.10.10.254"
# Valid options are [ fernet ]
#keystone_token_provider: 'fernet'
+#keystone_admin_user: "admin"
+
+#keystone_admin_project: "admin"
+
# Interval to rotate fernet keys by (in seconds). Must be an interval of
# 60(1 min), 120(2 min), 180(3 min), 240(4 min), 300(5 min), 360(6 min),
# 600(10 min), 720(12 min), 900(15 min), 1200(20 min), 1800(30 min),
--
GitLab