diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml index 275ec38093..df35e488e7 100644 --- a/ansible/group_vars/all.yml +++ b/ansible/group_vars/all.yml @@ -703,7 +703,7 @@ keystone_default_user_role: "_member_" # OpenStack authentication string. You should only need to override these if you # are changing the admin tenant/project or user. openstack_auth: - auth_url: "{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}" + auth_url: "{{ keystone_admin_url }}" username: "{{ keystone_admin_user }}" password: "{{ keystone_admin_password }}" project_name: "{{ keystone_admin_project }}" diff --git a/ansible/roles/aodh/templates/aodh.conf.j2 b/ansible/roles/aodh/templates/aodh.conf.j2 index 45edf4beb3..a5ae91e69f 100644 --- a/ansible/roles/aodh/templates/aodh.conf.j2 +++ b/ansible/roles/aodh/templates/aodh.conf.j2 @@ -17,13 +17,13 @@ connection = mysql+pymysql://{{ aodh_database_user }}:{{ aodh_database_password memcache_security_strategy = ENCRYPT memcache_secret_key = {{ memcache_secret_key }} memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %} -www_authenticate_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }} +www_authenticate_uri = {{ keystone_internal_url }} project_domain_name = {{ default_project_domain_name }} project_name = service user_domain_name = {{ default_user_domain_name }} username = {{ aodh_keystone_user }} password = {{ aodh_keystone_password }} -auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }} +auth_url = {{ keystone_admin_url }} auth_type = password [oslo_middleware] @@ -35,7 +35,7 @@ policy_file = {{ aodh_policy_file }} {% endif %} [service_credentials] -auth_url = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}/v3 +auth_url = {{ keystone_internal_url }}/v3 region_name = {{ openstack_region_name }} password = {{ aodh_keystone_password }} username = {{ aodh_keystone_user }} diff --git a/ansible/roles/barbican/templates/barbican.conf.j2 b/ansible/roles/barbican/templates/barbican.conf.j2 index 62cf4cb6f1..f8a25de778 100644 --- a/ansible/roles/barbican/templates/barbican.conf.j2 +++ b/ansible/roles/barbican/templates/barbican.conf.j2 @@ -48,13 +48,13 @@ kek = '{{ barbican_crypto_key }}' enable = True [keystone_authtoken] -www_authenticate_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }} +www_authenticate_uri = {{ keystone_internal_url }} project_domain_id = {{ default_project_domain_id }} project_name = service user_domain_id = {{ default_user_domain_id }} username = {{ barbican_keystone_user }} password = {{ barbican_keystone_password }} -auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }} +auth_url = {{ keystone_admin_url }} auth_type = password memcache_security_strategy = ENCRYPT @@ -62,7 +62,7 @@ memcache_secret_key = {{ memcache_secret_key }} memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %} [service_credentials] -auth_url = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }} +auth_url = {{ keystone_internal_url }} region_name = {{ openstack_region_name }} password = {{ barbican_keystone_password }} username = {{ barbican_keystone_user }} diff --git a/ansible/roles/blazar/templates/blazar.conf.j2 b/ansible/roles/blazar/templates/blazar.conf.j2 index c8ecba23a4..8c83a8bc0f 100644 --- a/ansible/roles/blazar/templates/blazar.conf.j2 +++ b/ansible/roles/blazar/templates/blazar.conf.j2 @@ -23,8 +23,8 @@ api_v2_controllers = oshosts,leases plugins = virtual.instance.plugin,physical.host.plugin [keystone_authtoken] -www_authenticate_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}/v3 -auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}/v3 +www_authenticate_uri = {{ keystone_internal_url }}/v3 +auth_url = {{ keystone_admin_url }}/v3 auth_type = password project_domain_id = default user_domain_id = default diff --git a/ansible/roles/ceilometer/templates/ceilometer.conf.j2 b/ansible/roles/ceilometer/templates/ceilometer.conf.j2 index d63c4d27f8..59dfa93d0b 100644 --- a/ansible/roles/ceilometer/templates/ceilometer.conf.j2 +++ b/ansible/roles/ceilometer/templates/ceilometer.conf.j2 @@ -12,7 +12,7 @@ hypervisor_inspector = xenapi {% endif %} [service_credentials] -auth_url = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}/v3 +auth_url = {{ keystone_internal_url }}/v3 region_name = {{ openstack_region_name }} password = {{ ceilometer_keystone_password }} username = {{ ceilometer_keystone_user }} diff --git a/ansible/roles/ceph/templates/ceph.conf.j2 b/ansible/roles/ceph/templates/ceph.conf.j2 index 0b788f8390..db82800f8f 100644 --- a/ansible/roles/ceph/templates/ceph.conf.j2 +++ b/ansible/roles/ceph/templates/ceph.conf.j2 @@ -38,7 +38,7 @@ mon cluster log file = /var/log/kolla/ceph/$cluster.log host = {{ hostvars[inventory_hostname]['ansible_' + storage_interface]['ipv4']['address'] }} rgw frontends = civetweb port={{ api_interface_address }}:{{ rgw_port }} {% if enable_ceph_rgw_keystone | bool %} -rgw_keystone_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }} +rgw_keystone_url = {{ keystone_admin_url }} rgw_keystone_admin_user = {{ ceph_rgw_keystone_user }} rgw_keystone_admin_password = {{ ceph_rgw_keystone_password }} rgw_keystone_admin_project = service diff --git a/ansible/roles/cinder/templates/cinder.conf.j2 b/ansible/roles/cinder/templates/cinder.conf.j2 index 5446a4d099..eb9491eb1d 100644 --- a/ansible/roles/cinder/templates/cinder.conf.j2 +++ b/ansible/roles/cinder/templates/cinder.conf.j2 @@ -92,8 +92,8 @@ connection = mysql+pymysql://{{ cinder_database_user }}:{{ cinder_database_passw max_retries = -1 [keystone_authtoken] -www_authenticate_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }} -auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }} +www_authenticate_uri = {{ keystone_internal_url }} +auth_url = {{ keystone_admin_url }} auth_type = password project_domain_id = {{ default_project_domain_id }} user_domain_id = {{ default_user_domain_id }} @@ -216,7 +216,7 @@ connection_string = {{ osprofiler_backend_connection_string }} {% if enable_barbican | bool %} [barbican] -auth_endpoint = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }} +auth_endpoint = {{ keystone_internal_url }} {% endif %} [coordination] diff --git a/ansible/roles/cloudkitty/templates/cloudkitty.conf.j2 b/ansible/roles/cloudkitty/templates/cloudkitty.conf.j2 index 0fd8e18db3..9ca9081089 100644 --- a/ansible/roles/cloudkitty/templates/cloudkitty.conf.j2 +++ b/ansible/roles/cloudkitty/templates/cloudkitty.conf.j2 @@ -15,8 +15,8 @@ connection = mysql+pymysql://{{ cloudkitty_database_user }}:{{ cloudkitty_databa max_retries = -1 [keystone_authtoken] -www_authenticate_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }} -auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }} +www_authenticate_uri = {{ keystone_internal_url }} +auth_url = {{ keystone_admin_url }} auth_type = password project_domain_id = {{ default_project_domain_id }} user_domain_id = {{ default_user_domain_id }} diff --git a/ansible/roles/common/templates/admin-openrc.sh.j2 b/ansible/roles/common/templates/admin-openrc.sh.j2 index 03cb934c40..c71b5a2e84 100644 --- a/ansible/roles/common/templates/admin-openrc.sh.j2 +++ b/ansible/roles/common/templates/admin-openrc.sh.j2 @@ -4,7 +4,7 @@ export OS_PROJECT_NAME={{ keystone_admin_project }} export OS_TENANT_NAME={{ keystone_admin_project }} export OS_USERNAME={{ keystone_admin_user }} export OS_PASSWORD={{ keystone_admin_password }} -export OS_AUTH_URL={{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}/v3 +export OS_AUTH_URL={{ keystone_admin_url }}/v3 export OS_INTERFACE=internal export OS_IDENTITY_API_VERSION=3 export OS_REGION_NAME={{ openstack_region_name }} diff --git a/ansible/roles/congress/templates/congress.conf.j2 b/ansible/roles/congress/templates/congress.conf.j2 index c5855647fe..5eb3260aa3 100644 --- a/ansible/roles/congress/templates/congress.conf.j2 +++ b/ansible/roles/congress/templates/congress.conf.j2 @@ -29,8 +29,8 @@ connection = mysql+pymysql://{{ congress_database_user }}:{{ congress_database_p max_retries = -1 [keystone_authtoken] -www_authenticate_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }} -auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }} +www_authenticate_uri = {{ keystone_internal_url }} +auth_url = {{ keystone_admin_url }} auth_type = password project_domain_id = {{ default_project_domain_id }} user_domain_id = {{ default_user_domain_id }} diff --git a/ansible/roles/designate/templates/designate.conf.j2 b/ansible/roles/designate/templates/designate.conf.j2 index 7c462aca16..533744082b 100644 --- a/ansible/roles/designate/templates/designate.conf.j2 +++ b/ansible/roles/designate/templates/designate.conf.j2 @@ -18,8 +18,8 @@ workers = {{ openstack_service_workers }} enable_host_header = True [keystone_authtoken] -www_authenticate_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }} -auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }} +www_authenticate_uri = {{ keystone_internal_url }} +auth_url = {{ keystone_admin_url }} auth_type = password project_domain_id = {{ default_project_domain_id }} user_domain_id = {{ default_user_domain_id }} diff --git a/ansible/roles/freezer/templates/freezer.conf.j2 b/ansible/roles/freezer/templates/freezer.conf.j2 index d7c2b471da..15ac9a1413 100644 --- a/ansible/roles/freezer/templates/freezer.conf.j2 +++ b/ansible/roles/freezer/templates/freezer.conf.j2 @@ -22,8 +22,8 @@ os_user_domain_name = {{ openstack_auth.user_domain_name }} {% if service_name == 'freezer-api' %} [keystone_authtoken] -www_authenticate_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }} -auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }} +www_authenticate_uri = {{ keystone_internal_url }} +auth_url = {{ keystone_admin_url }} auth_type = password project_domain_id = {{ default_project_domain_id }} user_domain_id = {{ default_user_domain_id }} diff --git a/ansible/roles/glance/templates/glance-api.conf.j2 b/ansible/roles/glance/templates/glance-api.conf.j2 index c737d1aca4..fdd225dea1 100644 --- a/ansible/roles/glance/templates/glance-api.conf.j2 +++ b/ansible/roles/glance/templates/glance-api.conf.j2 @@ -29,8 +29,8 @@ connection = mysql+pymysql://{{ glance_database_user }}:{{ glance_database_passw max_retries = -1 [keystone_authtoken] -www_authenticate_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }} -auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }} +www_authenticate_uri = {{ keystone_internal_url }} +auth_url = {{ keystone_admin_url }} auth_type = password project_domain_id = {{ default_project_domain_id }} user_domain_id = {{ default_user_domain_id }} diff --git a/ansible/roles/glance/templates/glance-cache.conf.j2 b/ansible/roles/glance/templates/glance-cache.conf.j2 index 66aef9b590..77b3591e25 100644 --- a/ansible/roles/glance/templates/glance-cache.conf.j2 +++ b/ansible/roles/glance/templates/glance-cache.conf.j2 @@ -6,7 +6,7 @@ log_file = /var/log/kolla/glance/glance-cache.log image_cache_max_size = {{ glance_cache_max_size }} image_cache_dir = /var/lib/glance/image-cache -auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }} +auth_url = {{ keystone_admin_url }} admin_password = {{ glance_keystone_password }} admin_user = {{ glance_keystone_user }} admin_tenant_name = {{ default_project_domain_id }} diff --git a/ansible/roles/gnocchi/templates/gnocchi.conf.j2 b/ansible/roles/gnocchi/templates/gnocchi.conf.j2 index f9f3ca155f..11a50dee5e 100644 --- a/ansible/roles/gnocchi/templates/gnocchi.conf.j2 +++ b/ansible/roles/gnocchi/templates/gnocchi.conf.j2 @@ -42,13 +42,13 @@ workers = {{ gnocchi_metricd_workers }} url = mysql+pymysql://{{ gnocchi_database_user }}:{{ gnocchi_database_password }}@{{ gnocchi_database_address }}/{{ gnocchi_database_name }} [keystone_authtoken] -www_authenticate_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}/v3 +www_authenticate_uri = {{ keystone_internal_url }}/v3 project_domain_id = {{ default_project_domain_id }} project_name = service user_domain_id = {{ default_user_domain_id }} username = {{ gnocchi_keystone_user }} password = {{ gnocchi_keystone_password }} -auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }} +auth_url = {{ keystone_admin_url }} auth_type = password memcache_security_strategy = ENCRYPT @@ -78,7 +78,7 @@ ceph_keyring = /etc/ceph/ceph.client.gnocchi.keyring ceph_conffile = /etc/ceph/ceph.conf {% elif gnocchi_backend_storage == 'swift' %} driver = swift -swift_authurl = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}/v3 +swift_authurl = {{ keystone_internal_url }}/v3 swift_auth_version = 3 swift_user = service:{{ swift_keystone_user }} swift_key = {{ swift_keystone_password }} diff --git a/ansible/roles/heat/templates/heat.conf.j2 b/ansible/roles/heat/templates/heat.conf.j2 index 468aed9db7..b33dacb0bb 100644 --- a/ansible/roles/heat/templates/heat.conf.j2 +++ b/ansible/roles/heat/templates/heat.conf.j2 @@ -42,8 +42,8 @@ connection = mysql+pymysql://{{ heat_database_user }}:{{ heat_database_password max_retries = -1 [keystone_authtoken] -www_authenticate_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }} -auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }} +www_authenticate_uri = {{ keystone_internal_url }} +auth_url = {{ keystone_admin_url }} auth_type = password project_domain_id = {{ default_project_domain_id }} user_domain_id = {{ default_user_domain_id }} @@ -63,18 +63,18 @@ memcache_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansib [trustee] -auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }} -auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }} +auth_uri = {{ keystone_internal_url }} +auth_url = {{ keystone_admin_url }} auth_type = password user_domain_id = {{ default_user_domain_id }} username = {{ heat_keystone_user }} password = {{ heat_keystone_password }} [ec2authtoken] -auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}/v3 +auth_uri = {{ keystone_internal_url }}/v3 [clients_keystone] -auth_uri = {{ public_protocol }}://{{ kolla_external_fqdn }}:{{ keystone_public_port }} +auth_uri = {{ keystone_public_url }} [oslo_messaging_notifications] transport_url = {{ notify_transport_url }} diff --git a/ansible/roles/horizon/templates/local_settings.j2 b/ansible/roles/horizon/templates/local_settings.j2 index 50e26ee1dd..7e7f569741 100644 --- a/ansible/roles/horizon/templates/local_settings.j2 +++ b/ansible/roles/horizon/templates/local_settings.j2 @@ -833,7 +833,7 @@ REST_API_REQUIRED_SETTINGS = ['OPENSTACK_HYPERVISOR_FEATURES', {% if enable_murano | bool and enable_barbican | bool %} KEY_MANAGER = { - 'auth_url': '{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}/v3', + 'auth_url': '{{ keystone_internal_url }}/v3', 'username': '{{ murano_keystone_user }}', 'user_domain_name': '{{ default_project_domain_name }}', 'password': '{{ murano_keystone_password }}', diff --git a/ansible/roles/ironic/templates/ironic-inspector.conf.j2 b/ansible/roles/ironic/templates/ironic-inspector.conf.j2 index f423a33ee5..144b566b80 100644 --- a/ansible/roles/ironic/templates/ironic-inspector.conf.j2 +++ b/ansible/roles/ironic/templates/ironic-inspector.conf.j2 @@ -14,7 +14,7 @@ transport_url = {{ notify_transport_url }} [ironic] {% if enable_keystone | bool %} -auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }} +auth_url = {{ keystone_admin_url }} auth_type = password project_domain_id = {{ default_project_domain_id }} user_domain_id = {{ default_user_domain_id }} @@ -29,8 +29,8 @@ endpoint_override = {{ ironic_internal_endpoint }} {% if enable_keystone | bool %} [keystone_authtoken] -www_authenticate_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }} -auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }} +www_authenticate_uri = {{ keystone_internal_url }} +auth_url = {{ keystone_admin_url }} auth_type = password project_domain_id = {{ default_project_domain_id }} user_domain_id = {{ default_user_domain_id }} diff --git a/ansible/roles/ironic/templates/ironic.conf.j2 b/ansible/roles/ironic/templates/ironic.conf.j2 index c692fc7afb..3b28b59c5d 100644 --- a/ansible/roles/ironic/templates/ironic.conf.j2 +++ b/ansible/roles/ironic/templates/ironic.conf.j2 @@ -45,8 +45,8 @@ max_retries = -1 {% if enable_keystone | bool %} [keystone_authtoken] -www_authenticate_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }} -auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }} +www_authenticate_uri = {{ keystone_internal_url }} +auth_url = {{ keystone_admin_url }} auth_type = password project_domain_id = {{ default_project_domain_id }} user_domain_id = {{ default_user_domain_id }} @@ -61,7 +61,7 @@ memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansi {% if enable_cinder | bool %} [cinder] -auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }} +auth_url = {{ keystone_admin_url }} auth_type = password project_domain_id = default user_domain_id = default @@ -73,7 +73,7 @@ password = {{ ironic_keystone_password }} {% if enable_glance | bool %} [glance] glance_api_servers = {{ internal_protocol }}://{{ glance_internal_fqdn }}:{{ glance_api_port }} -auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }} +auth_url = {{ keystone_admin_url }} auth_type = password project_domain_id = default user_domain_id = default @@ -85,7 +85,7 @@ password = {{ ironic_keystone_password }} {% if enable_neutron | bool %} [neutron] url = {{ internal_protocol }}://{{ neutron_internal_fqdn }}:{{ neutron_server_port }} -auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }} +auth_url = {{ keystone_admin_url }} auth_type = password project_domain_id = default user_domain_id = default @@ -98,7 +98,7 @@ cleaning_network = {{ ironic_cleaning_network }} [inspector] enabled = true {% if enable_keystone | bool %} -auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }} +auth_url = {{ keystone_admin_url }} auth_type = password project_domain_id = default user_domain_id = default diff --git a/ansible/roles/karbor/templates/karbor.conf.j2 b/ansible/roles/karbor/templates/karbor.conf.j2 index 3527f6f24d..a945c21cc8 100644 --- a/ansible/roles/karbor/templates/karbor.conf.j2 +++ b/ansible/roles/karbor/templates/karbor.conf.j2 @@ -17,11 +17,11 @@ max_retries = -1 user_domain_id = {{ default_user_domain_id }} username = {{ karbor_keystone_user }} password = {{ karbor_keystone_password }} -auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }} +auth_url = {{ keystone_admin_url }} auth_type = password [clients_keystone] -auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }} +auth_uri = {{ keystone_internal_url }} [karbor_client] version = 1 @@ -30,8 +30,8 @@ service_name = karbor region_id = {{ openstack_region_name }} [keystone_authtoken] -www_authenticate_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }} -auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }} +www_authenticate_uri = {{ keystone_internal_url }} +auth_url = {{ keystone_admin_url }} project_domain_name = {{ default_project_domain_name }} auth_type = password project_domain_id = {{ default_project_domain_id }} diff --git a/ansible/roles/karbor/templates/providers.d/openstack-infra.conf.j2 b/ansible/roles/karbor/templates/providers.d/openstack-infra.conf.j2 index 831437dbac..410256fb95 100644 --- a/ansible/roles/karbor/templates/providers.d/openstack-infra.conf.j2 +++ b/ansible/roles/karbor/templates/providers.d/openstack-infra.conf.j2 @@ -9,7 +9,7 @@ plugin=karbor-server-protection-plugin bank=karbor-swift-bank-plugin [swift_client] -swift_auth_url={{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}/v3 +swift_auth_url={{ keystone_internal_url }}/v3 swift_auth_version=3 swift_user=admin swift_key={{ keystone_admin_password }} diff --git a/ansible/roles/kuryr/templates/kuryr.conf.j2 b/ansible/roles/kuryr/templates/kuryr.conf.j2 index b7d0696007..9aad659266 100644 --- a/ansible/roles/kuryr/templates/kuryr.conf.j2 +++ b/ansible/roles/kuryr/templates/kuryr.conf.j2 @@ -10,8 +10,8 @@ bindir = /var/lib/kolla/venv/libexec/kuryr default_driver = kuryr.lib.binding.drivers.veth [neutron] -auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }} -auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }} +auth_uri = {{ keystone_internal_url }} +auth_url = {{ keystone_admin_url }} auth_type = password endpoint_type = internal project_domain_name = {{ default_project_domain_name }} diff --git a/ansible/roles/magnum/templates/magnum.conf.j2 b/ansible/roles/magnum/templates/magnum.conf.j2 index 699237acb6..a9ec797d32 100644 --- a/ansible/roles/magnum/templates/magnum.conf.j2 +++ b/ansible/roles/magnum/templates/magnum.conf.j2 @@ -47,7 +47,7 @@ region_name = {{ openstack_region_name }} endpoint_type = internalURL [keystone_auth] -auth_url = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}/v3 +auth_url = {{ keystone_internal_url }}/v3 user_domain_name = {{ default_user_domain_name }} project_domain_name = {{ default_project_domain_name }} project_name = service @@ -57,8 +57,8 @@ auth_type = password [keystone_authtoken] auth_version = v3 -www_authenticate_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}/v3 -auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }} +www_authenticate_uri = {{ keystone_internal_url }}/v3 +auth_url = {{ keystone_admin_url }} auth_type = password project_domain_name = {{ default_project_domain_name }} user_domain_name = {{ default_user_domain_name }} diff --git a/ansible/roles/manila/templates/manila-share.conf.j2 b/ansible/roles/manila/templates/manila-share.conf.j2 index 7180a1edd7..843add764a 100644 --- a/ansible/roles/manila/templates/manila-share.conf.j2 +++ b/ansible/roles/manila/templates/manila-share.conf.j2 @@ -6,8 +6,8 @@ enabled_share_backends = {{ manila_enabled_backends|map(attribute='name')|join(' default_share_type = default_share_type [cinder] -auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }} -auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }} +auth_uri = {{ keystone_internal_url }} +auth_url = {{ keystone_admin_url }} auth_type = password project_domain_id = {{ default_project_domain_id }} user_domain_id = {{ default_user_domain_id }} @@ -22,8 +22,8 @@ memcache_secret_key = {{ memcache_secret_key }} memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %} [nova] -auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }} -auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }} +auth_uri = {{ keystone_internal_url }} +auth_url = {{ keystone_admin_url }} auth_type = password project_domain_id = {{ default_project_domain_id }} user_domain_id = {{ default_user_domain_id }} @@ -39,8 +39,8 @@ memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansi [neutron] url = {{ internal_protocol }}://{{ neutron_internal_fqdn }}:{{ neutron_server_port }} -uth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }} -auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }} +uth_uri = {{ keystone_internal_url }} +auth_url = {{ keystone_admin_url }} auth_type = password project_domain_id = {{ default_project_domain_id }} user_domain_id = {{ default_user_domain_id }} diff --git a/ansible/roles/manila/templates/manila.conf.j2 b/ansible/roles/manila/templates/manila.conf.j2 index 2decbcf0b6..3a631df18d 100644 --- a/ansible/roles/manila/templates/manila.conf.j2 +++ b/ansible/roles/manila/templates/manila.conf.j2 @@ -29,8 +29,8 @@ connection = mysql+pymysql://{{ manila_database_user }}:{{ manila_database_passw max_retries = -1 [keystone_authtoken] -www_authenticate_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }} -auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }} +www_authenticate_uri = {{ keystone_internal_url }} +auth_url = {{ keystone_admin_url }} auth_type = password project_domain_id = {{ default_project_domain_id }} user_domain_id = {{ default_user_domain_id }} diff --git a/ansible/roles/mistral/templates/mistral.conf.j2 b/ansible/roles/mistral/templates/mistral.conf.j2 index d3d9473d58..783c71ee92 100644 --- a/ansible/roles/mistral/templates/mistral.conf.j2 +++ b/ansible/roles/mistral/templates/mistral.conf.j2 @@ -37,8 +37,8 @@ connection = mysql+pymysql://{{ mistral_database_user }}:{{ mistral_database_pas max_retries = -1 [keystone_authtoken] -www_authenticate_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}/v3 -auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}/v3 +www_authenticate_uri = {{ keystone_internal_url }}/v3 +auth_url = {{ keystone_admin_url }}/v3 auth_type = password project_domain_id = {{ default_project_domain_id }} user_domain_id = {{ default_user_domain_id }} diff --git a/ansible/roles/murano/templates/murano.conf.j2 b/ansible/roles/murano/templates/murano.conf.j2 index c2cc50047f..3fa686b70f 100644 --- a/ansible/roles/murano/templates/murano.conf.j2 +++ b/ansible/roles/murano/templates/murano.conf.j2 @@ -19,8 +19,8 @@ connection = mysql+pymysql://{{ murano_database_user }}:{{ murano_database_passw max_retries = -1 [keystone_authtoken] -www_authenticate_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }} -auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }} +www_authenticate_uri = {{ keystone_internal_url }} +auth_url = {{ keystone_admin_url }} auth_type = password project_domain_id = {{ default_project_domain_id }} user_domain_id = {{ default_user_domain_id }} @@ -33,8 +33,8 @@ memcache_secret_key = {{ memcache_secret_key }} memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %} [murano_auth] -auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}/v3 -auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }} +auth_uri = {{ keystone_internal_url }}/v3 +auth_url = {{ keystone_admin_url }} auth_type = password project_domain_name = {{ default_project_domain_name }} user_domain_name = {{ default_user_domain_name }} @@ -69,7 +69,7 @@ virtual_host = {{ murano_agent_rabbitmq_vhost }} {% if enable_barbican | bool %} [key_manager] auth_type = keystone_password -auth_url = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}/v3 +auth_url = {{ keystone_internal_url }}/v3 username = {{ murano_keystone_user }} password = {{ murano_keystone_password }} user_domain_name = {{ default_project_domain_name }} diff --git a/ansible/roles/neutron/templates/ironic_neutron_agent.ini.j2 b/ansible/roles/neutron/templates/ironic_neutron_agent.ini.j2 index 5752d9edc5..2c35d42e1a 100644 --- a/ansible/roles/neutron/templates/ironic_neutron_agent.ini.j2 +++ b/ansible/roles/neutron/templates/ironic_neutron_agent.ini.j2 @@ -1,5 +1,5 @@ [ironic] -auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }} +auth_url = {{ keystone_admin_url }} auth_type = password project_domain_id = {{ default_project_domain_id }} user_domain_id = {{ default_user_domain_id }} diff --git a/ansible/roles/neutron/templates/neutron.conf.j2 b/ansible/roles/neutron/templates/neutron.conf.j2 index 7560d10b00..8f183732b0 100644 --- a/ansible/roles/neutron/templates/neutron.conf.j2 +++ b/ansible/roles/neutron/templates/neutron.conf.j2 @@ -139,8 +139,8 @@ base_url = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ octavia_api_po {% if enable_designate | bool %} [designate] url = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ designate_api_port }}/v2 -auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }} -auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }} +auth_uri = {{ keystone_internal_url }} +auth_url = {{ keystone_admin_url }} auth_type = password project_domain_id = {{ default_project_domain_id }} user_domain_id = {{ default_user_domain_id }} @@ -167,7 +167,7 @@ notification_drivers = {{ neutron_notification_drivers|map(attribute='name')|joi [placement] auth_type = password -auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }} +auth_url = {{ keystone_admin_url }} username = {{ placement_keystone_user }} password = {{ placement_keystone_password }} user_domain_name = {{ default_user_domain_name }} diff --git a/ansible/roles/neutron/templates/neutron_lbaas.conf.j2 b/ansible/roles/neutron/templates/neutron_lbaas.conf.j2 index 776abcc8c9..5d5c3530e0 100644 --- a/ansible/roles/neutron/templates/neutron_lbaas.conf.j2 +++ b/ansible/roles/neutron/templates/neutron_lbaas.conf.j2 @@ -9,7 +9,7 @@ service_provider = LOADBALANCERV2:Haproxy:neutron_lbaas.drivers.haproxy.plugin_d {% endif %} [service_auth] -auth_url = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}/v3 +auth_url = {{ keystone_admin_url }}/v3 admin_tenant_name = service admin_user = neutron admin_password = {{ neutron_keystone_password }} diff --git a/ansible/roles/nova-hyperv/templates/nova_hyperv.conf.j2 b/ansible/roles/nova-hyperv/templates/nova_hyperv.conf.j2 index 54ab387174..9d0bb44938 100644 --- a/ansible/roles/nova-hyperv/templates/nova_hyperv.conf.j2 +++ b/ansible/roles/nova-hyperv/templates/nova_hyperv.conf.j2 @@ -22,7 +22,7 @@ transport_url = {{ rpc_transport_url }} [placement] auth_type = password -auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}/v3 +auth_url = {{ keystone_admin_url }}/v3 project_name = service username = {{ placement_keystone_user }} password = {{ placement_keystone_password }} diff --git a/ansible/roles/nova-hyperv/templates/wsgate.ini.j2 b/ansible/roles/nova-hyperv/templates/wsgate.ini.j2 index e11c8d37dd..1079667967 100644 --- a/ansible/roles/nova-hyperv/templates/wsgate.ini.j2 +++ b/ansible/roles/nova-hyperv/templates/wsgate.ini.j2 @@ -18,7 +18,7 @@ certfile = C:\Program Files\Cloudbase Solutions\FreeRDP-WebConnect\etc\server.ce nofullwindowdrag = true [openstack] -authurl = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}/v2.0 +authurl = {{ keystone_admin_url }}/v2.0 tenantname = service username = {{ nova_keystone_user }} password = {{ nova_keystone_password }} diff --git a/ansible/roles/nova/templates/nova.conf.j2 b/ansible/roles/nova/templates/nova.conf.j2 index b7871bc83b..2f66613694 100644 --- a/ansible/roles/nova/templates/nova.conf.j2 +++ b/ansible/roles/nova/templates/nova.conf.j2 @@ -170,8 +170,8 @@ memcache_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansib [keystone_authtoken] -www_authenticate_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }} -auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }} +www_authenticate_uri = {{ keystone_internal_url }} +auth_url = {{ keystone_admin_url }} auth_type = password project_domain_id = {{ default_project_domain_id }} user_domain_id = {{ default_user_domain_id }} @@ -260,7 +260,7 @@ default_filters = RetryFilter,AvailabilityZoneFilter,ComputeFilter,ComputeCapabi [placement] auth_type = password -auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }} +auth_url = {{ keystone_admin_url }} username = {{ placement_keystone_user }} password = {{ placement_keystone_password }} user_domain_name = {{ default_user_domain_name }} @@ -284,7 +284,7 @@ connection_string = {{ osprofiler_backend_connection_string }} {% if enable_barbican | bool %} [barbican] -auth_endpoint = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }} +auth_endpoint = {{ keystone_internal_url }} {% endif %} {% if nova_compute_virt_type == "xenapi" %} diff --git a/ansible/roles/octavia/templates/octavia.conf.j2 b/ansible/roles/octavia/templates/octavia.conf.j2 index aeeef6e7d3..7e355951fc 100644 --- a/ansible/roles/octavia/templates/octavia.conf.j2 +++ b/ansible/roles/octavia/templates/octavia.conf.j2 @@ -23,7 +23,7 @@ connection = mysql+pymysql://{{ octavia_database_user }}:{{ octavia_database_pas max_retries = -1 [service_auth] -auth_url = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }} +auth_url = {{ keystone_admin_url }} auth_type = password username = {{ octavia_keystone_user }} password = {{ octavia_keystone_password }} diff --git a/ansible/roles/panko/templates/panko.conf.j2 b/ansible/roles/panko/templates/panko.conf.j2 index 9c00037315..ed18bca3a4 100644 --- a/ansible/roles/panko/templates/panko.conf.j2 +++ b/ansible/roles/panko/templates/panko.conf.j2 @@ -17,13 +17,13 @@ metering_connection = mysql+pymysql://{{ panko_database_user }}:{{ panko_databas {% endif %} [keystone_authtoken] -www_authenticate_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }} +www_authenticate_uri = {{ keystone_internal_url }} project_domain_name = {{ default_project_domain_name }} project_name = service user_domain_name = {{ default_user_domain_name }} username = {{ panko_keystone_user }} password = {{ panko_keystone_password }} -auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }} +auth_url = {{ keystone_admin_url }} auth_type = password memcache_security_strategy = ENCRYPT diff --git a/ansible/roles/sahara/templates/sahara.conf.j2 b/ansible/roles/sahara/templates/sahara.conf.j2 index f6df4c4c1c..93baf0dfc2 100644 --- a/ansible/roles/sahara/templates/sahara.conf.j2 +++ b/ansible/roles/sahara/templates/sahara.conf.j2 @@ -14,7 +14,7 @@ use_rootwrap = True connection = mysql+pymysql://{{ sahara_database_user }}:{{ sahara_database_password }}@{{ sahara_database_address }}/{{ sahara_database_name }} [keystone_authtoken] -auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }} +auth_url = {{ keystone_admin_url }} auth_type = password user_domain_name = {{ default_project_domain_name }} project_name = service @@ -27,7 +27,7 @@ memcache_secret_key = {{ memcache_secret_key }} memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %} [service_credentials] -auth_url = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }} +auth_url = {{ keystone_internal_url }} region_name = {{ openstack_region_name }} password = {{ sahara_keystone_password }} username = {{ sahara_keystone_user }} @@ -60,4 +60,4 @@ project_name = service user_domain_name = {{ default_user_domain_name }} username = {{ sahara_keystone_user }} password = {{ sahara_keystone_password }} -auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}/v3 +auth_url = {{ keystone_admin_url }}/v3 diff --git a/ansible/roles/searchlight/templates/searchlight.conf.j2 b/ansible/roles/searchlight/templates/searchlight.conf.j2 index 8ed07fc8f9..ec407e2355 100644 --- a/ansible/roles/searchlight/templates/searchlight.conf.j2 +++ b/ansible/roles/searchlight/templates/searchlight.conf.j2 @@ -21,8 +21,8 @@ notifications_pool = searchlight-listener flavor = keystone [keystone_authtoken] -www_authenticate_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }} -auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }} +www_authenticate_uri = {{ keystone_internal_url }} +auth_url = {{ keystone_admin_url }} project_domain_name = {{ default_project_domain_name }} project_name = service user_domain_name = {{ default_user_domain_name }} @@ -43,8 +43,8 @@ policy_file = {{ searchlight_policy_file }} {% endif %} [service_credentials] -auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }} -auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }} +auth_uri = {{ keystone_internal_url }} +auth_url = {{ keystone_admin_url }} region_name = {{ openstack_region_name }} project_domain_name = default project_name = service diff --git a/ansible/roles/senlin/templates/senlin.conf.j2 b/ansible/roles/senlin/templates/senlin.conf.j2 index 06dd1e851a..514597d0c5 100644 --- a/ansible/roles/senlin/templates/senlin.conf.j2 +++ b/ansible/roles/senlin/templates/senlin.conf.j2 @@ -17,7 +17,7 @@ workers = {{ openstack_service_workers }} {% endif %} [authentication] -auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }} +auth_url = {{ keystone_admin_url }} service_username = {{ senlin_keystone_user }} service_password = {{ senlin_keystone_password }} service_project_name = service @@ -29,8 +29,8 @@ connection = mysql+pymysql://{{ senlin_database_user }}:{{ senlin_database_passw max_retries = -1 [keystone_authtoken] -www_authenticate_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }} -auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }} +www_authenticate_uri = {{ keystone_internal_url }} +auth_url = {{ keystone_admin_url }} auth_type = password project_domain_id = {{ default_project_domain_id }} user_domain_id = {{ default_user_domain_id }} diff --git a/ansible/roles/solum/templates/solum.conf.j2 b/ansible/roles/solum/templates/solum.conf.j2 index f421c71275..33afdec09f 100644 --- a/ansible/roles/solum/templates/solum.conf.j2 +++ b/ansible/roles/solum/templates/solum.conf.j2 @@ -43,8 +43,8 @@ connection = mysql+pymysql://{{ solum_database_user }}:{{ solum_database_passwor max_retries = -1 [keystone_authtoken] -www_authenticate_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }} -auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }} +www_authenticate_uri = {{ keystone_internal_url }} +auth_url = {{ keystone_admin_url }} auth_type = password project_domain_id = {{ default_project_domain_id }} user_domain_id = {{ default_user_domain_id }} diff --git a/ansible/roles/swift/templates/proxy-server.conf.j2 b/ansible/roles/swift/templates/proxy-server.conf.j2 index ded3f7489e..84067cf006 100644 --- a/ansible/roles/swift/templates/proxy-server.conf.j2 +++ b/ansible/roles/swift/templates/proxy-server.conf.j2 @@ -35,8 +35,8 @@ use = egg:swift#proxy_logging [filter:authtoken] paste.filter_factory = keystonemiddleware.auth_token:filter_factory -auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }} -auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }} +auth_uri = {{ keystone_internal_url }} +auth_url = {{ keystone_admin_url }} auth_type = password project_domain_id = {{ default_project_domain_id }} user_domain_id = {{ default_user_domain_id }} diff --git a/ansible/roles/tacker/templates/tacker.conf.j2 b/ansible/roles/tacker/templates/tacker.conf.j2 index 2320582a0f..9d5fe80b61 100644 --- a/ansible/roles/tacker/templates/tacker.conf.j2 +++ b/ansible/roles/tacker/templates/tacker.conf.j2 @@ -30,8 +30,8 @@ connection = mysql+pymysql://{{ tacker_database_user }}:{{ tacker_database_passw max_retries = -1 [keystone_authtoken] -www_authenticate_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }} -auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }} +www_authenticate_uri = {{ keystone_internal_url }} +auth_url = {{ keystone_admin_url }} auth_type = password project_domain_name = {{ default_project_domain_id }} user_domain_name = {{ default_user_domain_id }} @@ -47,7 +47,7 @@ memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansi username = {{ tacker_keystone_user }} password = {{ tacker_keystone_password }} project_name = service -url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }} +url = {{ keystone_admin_url }} [ceilometer] host = {{ api_interface_address }} diff --git a/ansible/roles/tempest/templates/tempest.conf.j2 b/ansible/roles/tempest/templates/tempest.conf.j2 index eda81add92..873a338e3d 100644 --- a/ansible/roles/tempest/templates/tempest.conf.j2 +++ b/ansible/roles/tempest/templates/tempest.conf.j2 @@ -40,8 +40,8 @@ login_url = {{ internal_protocol }}://{{ kolla_internal_fqdn }}/auth/login [identity] region = {{ openstack_region_name }} auth_version = v3 -uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}/v2.0 -uri_v3 = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}/v3 +uri = {{ keystone_admin_url }}/v2.0 +uri_v3 = {{ keystone_admin_url }}/v3 [image] region = {{ openstack_region_name }} diff --git a/ansible/roles/trove/templates/trove-conductor.conf.j2 b/ansible/roles/trove/templates/trove-conductor.conf.j2 index aff9fca256..55eee599f3 100644 --- a/ansible/roles/trove/templates/trove-conductor.conf.j2 +++ b/ansible/roles/trove/templates/trove-conductor.conf.j2 @@ -2,7 +2,7 @@ debug = {{ trove_logging_debug }} log_dir = /var/log/kolla/trove -trove_auth_url = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}/v3 +trove_auth_url = {{ keystone_internal_url }}/v3 conductor_manager = trove.conductor.manager.Manager control_exchange = trove diff --git a/ansible/roles/trove/templates/trove-taskmanager.conf.j2 b/ansible/roles/trove/templates/trove-taskmanager.conf.j2 index 9a3af2eb8e..9d74a79982 100644 --- a/ansible/roles/trove/templates/trove-taskmanager.conf.j2 +++ b/ansible/roles/trove/templates/trove-taskmanager.conf.j2 @@ -15,7 +15,7 @@ taskmanager_manager = trove.taskmanager.manager.Manager transport_url = {{ rpc_transport_url }} -trove_auth_url = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}/v3 +trove_auth_url = {{ keystone_internal_url }}/v3 os_region_name = {{ openstack_region_name }} diff --git a/ansible/roles/trove/templates/trove.conf.j2 b/ansible/roles/trove/templates/trove.conf.j2 index 6dc71f38fe..39dcbc9d05 100644 --- a/ansible/roles/trove/templates/trove.conf.j2 +++ b/ansible/roles/trove/templates/trove.conf.j2 @@ -12,7 +12,7 @@ auth_strategy = keystone transport_url = {{ rpc_transport_url }} -trove_auth_url = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}/v3 +trove_auth_url = {{ keystone_internal_url }}/v3 os_region_name = {{ openstack_region_name }} @@ -31,13 +31,13 @@ network_label_regex = .* connection = mysql+pymysql://{{ trove_database_user }}:{{ trove_database_password }}@{{ trove_database_address }}/{{ trove_database_name }} [keystone_authtoken] -www_authenticate_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }} +www_authenticate_uri = {{ keystone_internal_url }} project_domain_name = {{ default_project_domain_name }} project_name = service user_domain_name = {{ default_user_domain_name }} username = {{ trove_keystone_user }} password = {{ trove_keystone_password }} -auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }} +auth_url = {{ keystone_admin_url }} auth_type = password [oslo_messaging_notifications] diff --git a/ansible/roles/vitrage/templates/vitrage.conf.j2 b/ansible/roles/vitrage/templates/vitrage.conf.j2 index def9f284e0..be04ede0f1 100644 --- a/ansible/roles/vitrage/templates/vitrage.conf.j2 +++ b/ansible/roles/vitrage/templates/vitrage.conf.j2 @@ -30,8 +30,8 @@ types = {{ vitrage_datasources|map(attribute='name')|join(',') }} plugins = jaccard_correlation [keystone_authtoken] -www_authenticate_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }} -auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }} +www_authenticate_uri = {{ keystone_internal_url }} +auth_url = {{ keystone_admin_url }} auth_type = password project_domain_id = {{ default_project_domain_id }} user_domain_id = {{ default_user_domain_id }} @@ -45,7 +45,7 @@ memcache_secret_key = {{ memcache_secret_key }} memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %} [service_credentials] -auth_url = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}/v3 +auth_url = {{ keystone_internal_url }}/v3 region_name = {{ openstack_region_name }} auth_type = password project_domain_id = default diff --git a/ansible/roles/watcher/templates/watcher.conf.j2 b/ansible/roles/watcher/templates/watcher.conf.j2 index fc0fc58347..9ed4fb645e 100644 --- a/ansible/roles/watcher/templates/watcher.conf.j2 +++ b/ansible/roles/watcher/templates/watcher.conf.j2 @@ -17,8 +17,8 @@ connection = mysql+pymysql://{{ watcher_database_user }}:{{ watcher_database_pas max_retries = -1 [keystone_authtoken] -www_authenticate_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }} -auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }} +www_authenticate_uri = {{ keystone_internal_url }} +auth_url = {{ keystone_admin_url }} auth_type = password project_domain_id = {{ default_project_domain_id }} user_domain_id = {{ default_user_domain_id }} @@ -32,8 +32,8 @@ memcache_secret_key = {{ memcache_secret_key }} memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %} [watcher_clients_auth] -auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }} -auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }} +auth_uri = {{ keystone_internal_url }} +auth_url = {{ keystone_admin_url }} auth_type = password project_domain_id = {{ default_project_domain_id }} user_domain_id = {{ default_user_domain_id }} diff --git a/ansible/roles/zun/templates/zun.conf.j2 b/ansible/roles/zun/templates/zun.conf.j2 index 709dddc7a9..fc0dc60a1d 100644 --- a/ansible/roles/zun/templates/zun.conf.j2 +++ b/ansible/roles/zun/templates/zun.conf.j2 @@ -38,8 +38,8 @@ service_type = container service_name = zun [keystone_auth] -auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }} -auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }} +auth_uri = {{ keystone_internal_url }} +auth_url = {{ keystone_admin_url }} auth_type = password project_domain_id = {{ default_project_domain_id }} user_domain_id = {{ default_user_domain_id }} @@ -52,8 +52,8 @@ memcache_secret_key = {{ memcache_secret_key }} memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %} [keystone_authtoken] -www_authenticate_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }} -auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }} +www_authenticate_uri = {{ keystone_internal_url }} +auth_url = {{ keystone_admin_url }} auth_type = password project_domain_id = {{ default_project_domain_id }} user_domain_id = {{ default_user_domain_id }} @@ -67,8 +67,8 @@ memcache_secret_key = {{ memcache_secret_key }} memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %} [glance_client] -auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }} -auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }} +auth_uri = {{ keystone_internal_url }} +auth_url = {{ keystone_admin_url }} auth_type = password project_domain_id = {{ default_project_domain_id }} user_domain_id = {{ default_user_domain_id }} @@ -79,8 +79,8 @@ region_name = {{ openstack_region_name }} endpoint_type = internalURL [neutron_client] -auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }} -auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }} +auth_uri = {{ keystone_internal_url }} +auth_url = {{ keystone_admin_url }} auth_type = password project_domain_id = {{ default_project_domain_id }} user_domain_id = {{ default_user_domain_id }}