From 7ca9349b09a06b5e0ad218d82fe2e37d86fc1630 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rados=C5=82aw=20Piliszek?= <radoslaw.piliszek@gmail.com>
Date: Sat, 28 May 2022 18:19:01 +0200
Subject: [PATCH] Do not use keystone_admin_url et al
Following up on [1].
The 3 variables are only introducing noise after we removed
the reliance on Keystone's admin port.
[1] I5099b08953789b280c915a6b7a22bdd4e3404076
Change-Id: I3f9dab93042799eda9174257e604fd1844684c1c
---
ansible/group_vars/all.yml | 8 +++++---
ansible/roles/aodh/templates/aodh.conf.j2 | 2 +-
.../roles/barbican/templates/barbican.conf.j2 | 2 +-
ansible/roles/blazar/templates/blazar.conf.j2 | 4 ++--
ansible/roles/cinder/templates/cinder.conf.j2 | 4 ++--
.../cloudkitty/templates/cloudkitty.conf.j2 | 2 +-
.../roles/common/templates/admin-openrc.sh.j2 | 2 +-
ansible/roles/cyborg/templates/cyborg.conf.j2 | 4 ++--
.../roles/designate/templates/designate.conf.j2 | 2 +-
ansible/roles/freezer/templates/freezer.conf.j2 | 2 +-
.../roles/glance/templates/glance-api.conf.j2 | 2 +-
.../roles/glance/templates/glance-cache.conf.j2 | 2 +-
ansible/roles/gnocchi/templates/gnocchi.conf.j2 | 2 +-
ansible/roles/heat/templates/heat.conf.j2 | 4 ++--
.../ironic/templates/ironic-inspector.conf.j2 | 4 ++--
ansible/roles/ironic/templates/ironic.conf.j2 | 16 ++++++++--------
ansible/roles/keystone/defaults/main.yml | 2 +-
ansible/roles/keystone/tasks/register.yml | 2 +-
ansible/roles/kuryr/templates/kuryr.conf.j2 | 2 +-
ansible/roles/magnum/templates/magnum.conf.j2 | 2 +-
.../roles/manila/templates/manila-share.conf.j2 | 8 ++++----
ansible/roles/manila/templates/manila.conf.j2 | 2 +-
.../masakari/templates/masakari-monitors.conf.j2 | 2 +-
.../roles/masakari/templates/masakari.conf.j2 | 2 +-
ansible/roles/mistral/templates/mistral.conf.j2 | 2 +-
.../agent-forwarder.yml.j2 | 2 +-
.../monasca/templates/monasca-api/api.conf.j2 | 2 +-
ansible/roles/murano/templates/murano.conf.j2 | 4 ++--
.../templates/ironic_neutron_agent.ini.j2 | 2 +-
ansible/roles/neutron/templates/neutron.conf.j2 | 8 ++++----
ansible/roles/nova-cell/templates/nova.conf.j2 | 6 +++---
ansible/roles/nova/templates/nova.conf.j2 | 8 ++++----
ansible/roles/octavia/defaults/main.yml | 2 +-
.../roles/octavia/templates/octavia-openrc.sh.j2 | 2 +-
ansible/roles/octavia/templates/octavia.conf.j2 | 4 ++--
.../roles/placement/templates/placement.conf.j2 | 2 +-
ansible/roles/prometheus/templates/clouds.yml.j2 | 2 +-
ansible/roles/sahara/templates/sahara.conf.j2 | 4 ++--
ansible/roles/senlin/templates/senlin.conf.j2 | 4 ++--
ansible/roles/solum/templates/solum.conf.j2 | 2 +-
.../roles/swift/templates/proxy-server.conf.j2 | 2 +-
ansible/roles/tacker/templates/tacker.conf.j2 | 4 ++--
ansible/roles/trove/templates/trove.conf.j2 | 2 +-
ansible/roles/venus/templates/venus.conf.j2 | 2 +-
ansible/roles/vitrage/templates/vitrage.conf.j2 | 2 +-
ansible/roles/watcher/templates/watcher.conf.j2 | 4 ++--
ansible/roles/zun/templates/zun.conf.j2 | 4 ++--
...eystone-admin-port-gone-1a28302df63aa70b.yaml | 8 ++++++++
48 files changed, 89 insertions(+), 79 deletions(-)
diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml
index ade3e1be4f..2ee5a0451f 100644
--- a/ansible/group_vars/all.yml
+++ b/ansible/group_vars/all.yml
@@ -525,7 +525,8 @@ vitrage_api_port: "8999"
public_protocol: "{{ 'https' if kolla_enable_tls_external | bool else 'http' }}"
internal_protocol: "{{ 'https' if kolla_enable_tls_internal | bool else 'http' }}"
-admin_protocol: "{{ 'https' if kolla_enable_tls_internal | bool else 'http' }}"
+# TODO(yoctozepto): Remove after Zed. Kept for compatibility only.
+admin_protocol: "{{ internal_protocol }}"
####################
# OpenStack options
@@ -847,7 +848,8 @@ kibana_log_prefix: "flog"
keystone_internal_fqdn: "{{ kolla_internal_fqdn }}"
keystone_external_fqdn: "{{ kolla_external_fqdn }}"
-keystone_admin_url: "{{ admin_protocol }}://{{ keystone_internal_fqdn | put_address_in_context('url') }}:{{ keystone_public_port }}"
+# TODO(yoctozepto): Remove after Zed. Kept for compatibility only.
+keystone_admin_url: "{{ keystone_internal_url }}"
keystone_internal_url: "{{ internal_protocol }}://{{ keystone_internal_fqdn | put_address_in_context('url') }}:{{ keystone_public_port }}"
keystone_public_url: "{{ public_protocol }}://{{ keystone_external_fqdn | put_address_in_context('url') }}:{{ keystone_public_port }}"
@@ -875,7 +877,7 @@ keystone_default_user_role: "_member_"
# OpenStack authentication string. You should only need to override these if you
# are changing the admin tenant/project or user.
openstack_auth:
- auth_url: "{{ keystone_admin_url }}"
+ auth_url: "{{ keystone_internal_url }}"
username: "{{ keystone_admin_user }}"
password: "{{ keystone_admin_password }}"
user_domain_name: "{{ default_user_domain_name }}"
diff --git a/ansible/roles/aodh/templates/aodh.conf.j2 b/ansible/roles/aodh/templates/aodh.conf.j2
index 607c19e17e..860e6f60f4 100644
--- a/ansible/roles/aodh/templates/aodh.conf.j2
+++ b/ansible/roles/aodh/templates/aodh.conf.j2
@@ -25,7 +25,7 @@ project_name = service
user_domain_name = {{ default_user_domain_name }}
username = {{ aodh_keystone_user }}
password = {{ aodh_keystone_password }}
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
auth_type = password
cafile = {{ openstack_cacert }}
region_name = {{ openstack_region_name }}
diff --git a/ansible/roles/barbican/templates/barbican.conf.j2 b/ansible/roles/barbican/templates/barbican.conf.j2
index 00c9ecf413..546dbc7f04 100644
--- a/ansible/roles/barbican/templates/barbican.conf.j2
+++ b/ansible/roles/barbican/templates/barbican.conf.j2
@@ -59,7 +59,7 @@ project_name = service
user_domain_id = {{ default_user_domain_id }}
username = {{ barbican_keystone_user }}
password = {{ barbican_keystone_password }}
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
auth_type = password
cafile = {{ openstack_cacert }}
region_name = {{ openstack_region_name }}
diff --git a/ansible/roles/blazar/templates/blazar.conf.j2 b/ansible/roles/blazar/templates/blazar.conf.j2
index 07545371fd..69890191a3 100644
--- a/ansible/roles/blazar/templates/blazar.conf.j2
+++ b/ansible/roles/blazar/templates/blazar.conf.j2
@@ -6,7 +6,7 @@ host = {{ api_interface_address }}
port = {{ blazar_api_port }}
os_auth_host = {{ keystone_internal_fqdn }}
os_auth_port = {{ keystone_public_port }}
-os_auth_protocol = {{ admin_protocol }}
+os_auth_protocol = {{ internal_protocol }}
os_auth_version = v3
os_admin_username = {{ blazar_keystone_user }}
os_admin_password = {{ blazar_keystone_password }}
@@ -21,7 +21,7 @@ plugins = virtual.instance.plugin,physical.host.plugin
[keystone_authtoken]
www_authenticate_uri = {{ keystone_internal_url }}/v3
-auth_url = {{ keystone_admin_url }}/v3
+auth_url = {{ keystone_internal_url }}/v3
auth_type = password
project_domain_id = default
user_domain_id = default
diff --git a/ansible/roles/cinder/templates/cinder.conf.j2 b/ansible/roles/cinder/templates/cinder.conf.j2
index 51116adaf0..3149bc352f 100644
--- a/ansible/roles/cinder/templates/cinder.conf.j2
+++ b/ansible/roles/cinder/templates/cinder.conf.j2
@@ -85,7 +85,7 @@ policy_file = {{ cinder_policy_file }}
[nova]
interface = internal
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
auth_type = password
project_domain_id = {{ default_project_domain_id }}
user_domain_id = {{ default_user_domain_id }}
@@ -103,7 +103,7 @@ max_retries = -1
[keystone_authtoken]
www_authenticate_uri = {{ keystone_internal_url }}
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
auth_type = password
project_domain_id = {{ default_project_domain_id }}
user_domain_id = {{ default_user_domain_id }}
diff --git a/ansible/roles/cloudkitty/templates/cloudkitty.conf.j2 b/ansible/roles/cloudkitty/templates/cloudkitty.conf.j2
index efa54250e0..af9e368fe8 100644
--- a/ansible/roles/cloudkitty/templates/cloudkitty.conf.j2
+++ b/ansible/roles/cloudkitty/templates/cloudkitty.conf.j2
@@ -18,7 +18,7 @@ max_retries = -1
[keystone_authtoken]
www_authenticate_uri = {{ keystone_internal_url }}
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
auth_type = password
project_domain_id = {{ default_project_domain_id }}
user_domain_id = {{ default_user_domain_id }}
diff --git a/ansible/roles/common/templates/admin-openrc.sh.j2 b/ansible/roles/common/templates/admin-openrc.sh.j2
index deccd58b45..615c52a34c 100644
--- a/ansible/roles/common/templates/admin-openrc.sh.j2
+++ b/ansible/roles/common/templates/admin-openrc.sh.j2
@@ -8,7 +8,7 @@ export OS_PROJECT_NAME={{ keystone_admin_project }}
export OS_TENANT_NAME={{ keystone_admin_project }}
export OS_USERNAME={{ keystone_admin_user }}
export OS_PASSWORD={{ keystone_admin_password }}
-export OS_AUTH_URL={{ keystone_admin_url }}/v3
+export OS_AUTH_URL={{ keystone_internal_url }}/v3
export OS_INTERFACE=internal
export OS_ENDPOINT_TYPE=internalURL
{% if enable_manila | bool %}
diff --git a/ansible/roles/cyborg/templates/cyborg.conf.j2 b/ansible/roles/cyborg/templates/cyborg.conf.j2
index 737925f9a4..180c7f8ef9 100644
--- a/ansible/roles/cyborg/templates/cyborg.conf.j2
+++ b/ansible/roles/cyborg/templates/cyborg.conf.j2
@@ -25,14 +25,14 @@ project_name = service
user_domain_name = {{ default_user_domain_name }}
username = {{ cyborg_keystone_user }}
password = {{ cyborg_keystone_password }}
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
auth_type = password
cafile = {{ openstack_cacert }}
region_name = {{ openstack_region_name }}
[placement]
auth_type = password
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
username = {{ placement_keystone_user }}
password = {{ placement_keystone_password }}
user_domain_name = {{ default_user_domain_name }}
diff --git a/ansible/roles/designate/templates/designate.conf.j2 b/ansible/roles/designate/templates/designate.conf.j2
index 3d977f6228..e47c913d50 100644
--- a/ansible/roles/designate/templates/designate.conf.j2
+++ b/ansible/roles/designate/templates/designate.conf.j2
@@ -20,7 +20,7 @@ enabled_extensions_admin = quotas, reports
[keystone_authtoken]
www_authenticate_uri = {{ keystone_internal_url }}
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
auth_type = password
project_domain_id = {{ default_project_domain_id }}
user_domain_id = {{ default_user_domain_id }}
diff --git a/ansible/roles/freezer/templates/freezer.conf.j2 b/ansible/roles/freezer/templates/freezer.conf.j2
index aaa07dcb78..99b6365b43 100644
--- a/ansible/roles/freezer/templates/freezer.conf.j2
+++ b/ansible/roles/freezer/templates/freezer.conf.j2
@@ -25,7 +25,7 @@ os_user_domain_name = {{ openstack_auth.user_domain_name }}
{% if service_name == 'freezer-api' %}
[keystone_authtoken]
www_authenticate_uri = {{ keystone_internal_url }}
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
auth_type = password
project_domain_id = {{ default_project_domain_id }}
user_domain_id = {{ default_user_domain_id }}
diff --git a/ansible/roles/glance/templates/glance-api.conf.j2 b/ansible/roles/glance/templates/glance-api.conf.j2
index 52dab9ba1e..371ad6d464 100644
--- a/ansible/roles/glance/templates/glance-api.conf.j2
+++ b/ansible/roles/glance/templates/glance-api.conf.j2
@@ -42,7 +42,7 @@ max_retries = -1
[keystone_authtoken]
www_authenticate_uri = {{ keystone_internal_url }}
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
auth_type = password
project_domain_id = {{ default_project_domain_id }}
user_domain_id = {{ default_user_domain_id }}
diff --git a/ansible/roles/glance/templates/glance-cache.conf.j2 b/ansible/roles/glance/templates/glance-cache.conf.j2
index 9e3275399f..9ff0f6efc6 100644
--- a/ansible/roles/glance/templates/glance-cache.conf.j2
+++ b/ansible/roles/glance/templates/glance-cache.conf.j2
@@ -6,7 +6,7 @@ log_file = /var/log/kolla/glance/glance-cache.log
image_cache_max_size = {{ glance_cache_max_size }}
image_cache_dir = /var/lib/glance/image-cache
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
admin_password = {{ glance_keystone_password }}
admin_user = {{ glance_keystone_user }}
admin_tenant_name = {{ default_project_domain_id }}
diff --git a/ansible/roles/gnocchi/templates/gnocchi.conf.j2 b/ansible/roles/gnocchi/templates/gnocchi.conf.j2
index dc645160a5..e2f53ad3f8 100644
--- a/ansible/roles/gnocchi/templates/gnocchi.conf.j2
+++ b/ansible/roles/gnocchi/templates/gnocchi.conf.j2
@@ -50,7 +50,7 @@ project_name = service
user_domain_id = {{ default_user_domain_id }}
username = {{ gnocchi_keystone_user }}
password = {{ gnocchi_keystone_password }}
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
auth_type = password
cafile = {{ openstack_cacert }}
region_name = {{ openstack_region_name }}
diff --git a/ansible/roles/heat/templates/heat.conf.j2 b/ansible/roles/heat/templates/heat.conf.j2
index a9fe31fdc7..b9cb32910c 100644
--- a/ansible/roles/heat/templates/heat.conf.j2
+++ b/ansible/roles/heat/templates/heat.conf.j2
@@ -44,7 +44,7 @@ max_retries = -1
[keystone_authtoken]
www_authenticate_uri = {{ keystone_internal_url }}
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
auth_type = password
project_domain_id = {{ default_project_domain_id }}
user_domain_id = {{ default_user_domain_id }}
@@ -67,7 +67,7 @@ memcache_servers = {% for host in groups['memcached'] %}{{ 'api' | kolla_address
[trustee]
auth_uri = {{ keystone_internal_url }}
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
auth_type = password
user_domain_id = {{ default_user_domain_id }}
username = {{ heat_keystone_user }}
diff --git a/ansible/roles/ironic/templates/ironic-inspector.conf.j2 b/ansible/roles/ironic/templates/ironic-inspector.conf.j2
index d9e34478af..6a1eebb2eb 100644
--- a/ansible/roles/ironic/templates/ironic-inspector.conf.j2
+++ b/ansible/roles/ironic/templates/ironic-inspector.conf.j2
@@ -20,7 +20,7 @@ ssl_ca_file = {{ om_rabbitmq_cacert }}
[ironic]
{% if ironic_enable_keystone_integration | bool %}
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
auth_type = password
project_domain_id = {{ default_project_domain_id }}
user_domain_id = {{ default_user_domain_id }}
@@ -38,7 +38,7 @@ endpoint_override = {{ ironic_internal_endpoint }}
{% if ironic_enable_keystone_integration | bool %}
[keystone_authtoken]
www_authenticate_uri = {{ keystone_internal_url }}
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
auth_type = password
project_domain_id = {{ default_project_domain_id }}
user_domain_id = {{ default_user_domain_id }}
diff --git a/ansible/roles/ironic/templates/ironic.conf.j2 b/ansible/roles/ironic/templates/ironic.conf.j2
index 2c78dd8ad2..17a062e3c5 100644
--- a/ansible/roles/ironic/templates/ironic.conf.j2
+++ b/ansible/roles/ironic/templates/ironic.conf.j2
@@ -48,7 +48,7 @@ max_retries = -1
{% if ironic_enable_keystone_integration | bool %}
[keystone_authtoken]
www_authenticate_uri = {{ keystone_internal_url }}
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
auth_type = password
project_domain_id = {{ default_project_domain_id }}
user_domain_id = {{ default_user_domain_id }}
@@ -66,7 +66,7 @@ memcached_servers = {% for host in groups['memcached'] %}{{ 'api' | kolla_addres
{% if enable_cinder | bool %}
[cinder]
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
auth_type = password
project_domain_id = {{ default_project_domain_id }}
user_domain_id = default
@@ -80,7 +80,7 @@ cafile = {{ openstack_cacert }}
{% if enable_glance | bool %}
[glance]
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
auth_type = password
project_domain_id = {{ default_project_domain_id }}
user_domain_id = default
@@ -94,7 +94,7 @@ cafile = {{ openstack_cacert }}
{% if enable_neutron | bool %}
[neutron]
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
auth_type = password
project_domain_id = {{ default_project_domain_id }}
user_domain_id = default
@@ -109,7 +109,7 @@ cafile = {{ openstack_cacert }}
{% if enable_nova | bool %}
[nova]
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
auth_type = password
project_domain_id = {{ default_project_domain_id }}
user_domain_id = default
@@ -123,7 +123,7 @@ cafile = {{ openstack_cacert }}
{% if enable_swift | bool %}
[swift]
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
auth_type = password
project_domain_id = {{ default_project_domain_id }}
user_domain_id = {{ default_user_domain_id }}
@@ -137,7 +137,7 @@ cafile = {{ openstack_cacert }}
[inspector]
{% if ironic_enable_keystone_integration | bool %}
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
auth_type = password
project_domain_id = {{ default_project_domain_id }}
user_domain_id = default
@@ -154,7 +154,7 @@ endpoint_override = {{ ironic_inspector_internal_endpoint }}
[service_catalog]
{% if ironic_enable_keystone_integration | bool %}
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
auth_type = password
project_domain_id = {{ default_project_domain_id }}
user_domain_id = default
diff --git a/ansible/roles/keystone/defaults/main.yml b/ansible/roles/keystone/defaults/main.yml
index 541dd41dc1..d07c9a594e 100644
--- a/ansible/roles/keystone/defaults/main.yml
+++ b/ansible/roles/keystone/defaults/main.yml
@@ -186,7 +186,7 @@ keystone_ks_services:
type: "identity"
description: "Openstack Identity Service"
endpoints:
- - {'interface': 'admin', 'url': '{{ keystone_admin_url }}'}
+ - {'interface': 'admin', 'url': '{{ keystone_internal_url }}'}
- {'interface': 'internal', 'url': '{{ keystone_internal_url }}'}
- {'interface': 'public', 'url': '{{ keystone_public_url }}'}
diff --git a/ansible/roles/keystone/tasks/register.yml b/ansible/roles/keystone/tasks/register.yml
index 4e7bdccc62..1afb3fce71 100644
--- a/ansible/roles/keystone/tasks/register.yml
+++ b/ansible/roles/keystone/tasks/register.yml
@@ -4,7 +4,7 @@
command: >
docker exec keystone kolla_keystone_bootstrap
{{ openstack_auth.username }} {{ openstack_auth.password }} {{ keystone_admin_project }}
- admin {{ keystone_admin_url }} {{ keystone_internal_url }} {{ keystone_public_url }} {{ item }}
+ admin {{ keystone_internal_url }} {{ keystone_internal_url }} {{ keystone_public_url }} {{ item }}
register: keystone_bootstrap
changed_when: (keystone_bootstrap.stdout | from_json).changed
failed_when: (keystone_bootstrap.stdout | from_json).failed
diff --git a/ansible/roles/kuryr/templates/kuryr.conf.j2 b/ansible/roles/kuryr/templates/kuryr.conf.j2
index 9ac3d4cf00..c399740c07 100644
--- a/ansible/roles/kuryr/templates/kuryr.conf.j2
+++ b/ansible/roles/kuryr/templates/kuryr.conf.j2
@@ -11,7 +11,7 @@ default_driver = kuryr.lib.binding.drivers.veth
[neutron]
auth_uri = {{ keystone_internal_url }}
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
auth_type = password
endpoint_type = internal
project_domain_name = {{ default_project_domain_name }}
diff --git a/ansible/roles/magnum/templates/magnum.conf.j2 b/ansible/roles/magnum/templates/magnum.conf.j2
index 321f54186c..072ea353aa 100644
--- a/ansible/roles/magnum/templates/magnum.conf.j2
+++ b/ansible/roles/magnum/templates/magnum.conf.j2
@@ -77,7 +77,7 @@ cafile = {{ openstack_cacert }}
[keystone_authtoken]
auth_version = v3
www_authenticate_uri = {{ keystone_internal_url }}/v3
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
auth_type = password
project_domain_name = {{ default_project_domain_name }}
user_domain_name = {{ default_user_domain_name }}
diff --git a/ansible/roles/manila/templates/manila-share.conf.j2 b/ansible/roles/manila/templates/manila-share.conf.j2
index b36bfa8513..82cecff683 100644
--- a/ansible/roles/manila/templates/manila-share.conf.j2
+++ b/ansible/roles/manila/templates/manila-share.conf.j2
@@ -6,7 +6,7 @@ enabled_share_backends = {{ manila_enabled_backends|map(attribute='name')|join('
default_share_type = default_share_type
[glance]
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
auth_type = password
project_domain_id = {{ default_project_domain_id }}
user_domain_id = {{ default_user_domain_id }}
@@ -19,7 +19,7 @@ cafile = {{ openstack_cacert }}
[cinder]
auth_uri = {{ keystone_internal_url }}
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
auth_type = password
project_domain_id = {{ default_project_domain_id }}
user_domain_id = {{ default_user_domain_id }}
@@ -36,7 +36,7 @@ memcached_servers = {% for host in groups['memcached'] %}{{ 'api' | kolla_addres
[nova]
auth_uri = {{ keystone_internal_url }}
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
auth_type = password
project_domain_id = {{ default_project_domain_id }}
user_domain_id = {{ default_user_domain_id }}
@@ -54,7 +54,7 @@ memcached_servers = {% for host in groups['memcached'] %}{{ 'api' | kolla_addres
[neutron]
auth_uri = {{ keystone_internal_url }}
url = {{ neutron_internal_endpoint }}
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
auth_type = password
project_domain_id = {{ default_project_domain_id }}
user_domain_id = {{ default_user_domain_id }}
diff --git a/ansible/roles/manila/templates/manila.conf.j2 b/ansible/roles/manila/templates/manila.conf.j2
index b9335c648a..e5f5c359b3 100644
--- a/ansible/roles/manila/templates/manila.conf.j2
+++ b/ansible/roles/manila/templates/manila.conf.j2
@@ -32,7 +32,7 @@ max_retries = -1
[keystone_authtoken]
www_authenticate_uri = {{ keystone_internal_url }}
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
auth_type = password
project_domain_id = {{ default_project_domain_id }}
user_domain_id = {{ default_user_domain_id }}
diff --git a/ansible/roles/masakari/templates/masakari-monitors.conf.j2 b/ansible/roles/masakari/templates/masakari-monitors.conf.j2
index 0239e6e5a4..016fb8d4c9 100644
--- a/ansible/roles/masakari/templates/masakari-monitors.conf.j2
+++ b/ansible/roles/masakari/templates/masakari-monitors.conf.j2
@@ -4,7 +4,7 @@ log_dir = /var/log/kolla/masakari
[api]
region = {{ openstack_region_name }}
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
user_domain_id = {{ default_user_domain_id }}
project_name = service
project_domain_id = {{ default_project_domain_id }}
diff --git a/ansible/roles/masakari/templates/masakari.conf.j2 b/ansible/roles/masakari/templates/masakari.conf.j2
index b77880073f..fe46740b76 100644
--- a/ansible/roles/masakari/templates/masakari.conf.j2
+++ b/ansible/roles/masakari/templates/masakari.conf.j2
@@ -23,7 +23,7 @@ max_retries = -1
[keystone_authtoken]
www_authenticate_uri = {{ keystone_internal_url }}/v3
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
auth_type = password
project_domain_name = {{ default_project_domain_name }}
user_domain_name = {{ default_user_domain_name }}
diff --git a/ansible/roles/mistral/templates/mistral.conf.j2 b/ansible/roles/mistral/templates/mistral.conf.j2
index af604947b6..58291e5703 100644
--- a/ansible/roles/mistral/templates/mistral.conf.j2
+++ b/ansible/roles/mistral/templates/mistral.conf.j2
@@ -40,7 +40,7 @@ max_retries = -1
[keystone_authtoken]
www_authenticate_uri = {{ keystone_internal_url }}/v3
-auth_url = {{ keystone_admin_url }}/v3
+auth_url = {{ keystone_internal_url }}/v3
auth_type = password
project_domain_id = {{ default_project_domain_id }}
user_domain_id = {{ default_user_domain_id }}
diff --git a/ansible/roles/monasca/templates/monasca-agent-forwarder/agent-forwarder.yml.j2 b/ansible/roles/monasca/templates/monasca-agent-forwarder/agent-forwarder.yml.j2
index 84365caed6..5a55dbf792 100644
--- a/ansible/roles/monasca/templates/monasca-agent-forwarder/agent-forwarder.yml.j2
+++ b/ansible/roles/monasca/templates/monasca-agent-forwarder/agent-forwarder.yml.j2
@@ -4,7 +4,7 @@ Api:
region_name: {{ openstack_region_name }}
username: {{ monasca_agent_user }}
password: {{ monasca_agent_password }}
- keystone_url: {{ keystone_admin_url }}
+ keystone_url: {{ keystone_internal_url }}
user_domain_name: Default
project_name: {{ monasca_control_plane_project }}
project_domain_id: {{ default_project_domain_id }}
diff --git a/ansible/roles/monasca/templates/monasca-api/api.conf.j2 b/ansible/roles/monasca/templates/monasca-api/api.conf.j2
index cb55fadbdc..14990642b6 100644
--- a/ansible/roles/monasca/templates/monasca-api/api.conf.j2
+++ b/ansible/roles/monasca/templates/monasca-api/api.conf.j2
@@ -32,7 +32,7 @@ delegate_authorized_roles = {{ monasca_delegate_authorized_roles|join(', ') }}
[keystone_authtoken]
www_authenticate_uri = {{ keystone_internal_url }}
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
auth_type = password
project_domain_id = {{ default_project_domain_id }}
user_domain_id = {{ default_user_domain_id }}
diff --git a/ansible/roles/murano/templates/murano.conf.j2 b/ansible/roles/murano/templates/murano.conf.j2
index d99fe06061..3d8f05b7b7 100644
--- a/ansible/roles/murano/templates/murano.conf.j2
+++ b/ansible/roles/murano/templates/murano.conf.j2
@@ -22,7 +22,7 @@ max_retries = -1
[keystone_authtoken]
www_authenticate_uri = {{ keystone_internal_url }}
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
auth_type = password
project_domain_id = {{ default_project_domain_id }}
user_domain_id = {{ default_user_domain_id }}
@@ -38,7 +38,7 @@ memcached_servers = {% for host in groups['memcached'] %}{{ 'api' | kolla_addres
[murano_auth]
auth_uri = {{ keystone_internal_url }}/v3
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
auth_type = password
project_domain_name = {{ default_project_domain_name }}
user_domain_name = {{ default_user_domain_name }}
diff --git a/ansible/roles/neutron/templates/ironic_neutron_agent.ini.j2 b/ansible/roles/neutron/templates/ironic_neutron_agent.ini.j2
index 2e8d05fd91..5906991f31 100644
--- a/ansible/roles/neutron/templates/ironic_neutron_agent.ini.j2
+++ b/ansible/roles/neutron/templates/ironic_neutron_agent.ini.j2
@@ -1,5 +1,5 @@
[ironic]
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
auth_type = password
project_domain_id = {{ default_project_domain_id }}
user_domain_id = {{ default_user_domain_id }}
diff --git a/ansible/roles/neutron/templates/neutron.conf.j2 b/ansible/roles/neutron/templates/neutron.conf.j2
index 5b0ad347ea..b952fba2cd 100644
--- a/ansible/roles/neutron/templates/neutron.conf.j2
+++ b/ansible/roles/neutron/templates/neutron.conf.j2
@@ -86,7 +86,7 @@ nsx_extension_drivers = vmware_dvs_dns
ipam_driver = {{ neutron_ipam_driver }}
[nova]
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
auth_type = password
project_domain_id = {{ default_project_domain_id }}
user_domain_id = {{ default_user_domain_id }}
@@ -114,7 +114,7 @@ max_retries = -1
[keystone_authtoken]
www_authenticate_uri = {{ keystone_internal_url }}
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
auth_type = password
project_domain_id = {{ default_project_domain_id }}
user_domain_id = {{ default_user_domain_id }}
@@ -161,7 +161,7 @@ drivers = ovs
[designate]
url = {{ designate_internal_endpoint }}/v2
auth_uri = {{ keystone_internal_url }}
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
auth_type = password
project_domain_id = {{ default_project_domain_id }}
user_domain_id = {{ default_user_domain_id }}
@@ -185,7 +185,7 @@ connection_string = {{ osprofiler_backend_connection_string }}
[placement]
auth_type = password
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
username = {{ placement_keystone_user }}
password = {{ placement_keystone_password }}
user_domain_name = {{ default_user_domain_name }}
diff --git a/ansible/roles/nova-cell/templates/nova.conf.j2 b/ansible/roles/nova-cell/templates/nova.conf.j2
index 9baa712f25..e087f09b9a 100644
--- a/ansible/roles/nova-cell/templates/nova.conf.j2
+++ b/ansible/roles/nova-cell/templates/nova.conf.j2
@@ -107,7 +107,7 @@ num_retries = 3
[cinder]
catalog_info = volumev3:cinderv3:internalURL
os_region_name = {{ openstack_region_name }}
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
auth_type = password
project_domain_name = {{ default_project_domain_name }}
user_domain_id = {{ default_user_domain_id }}
@@ -123,7 +123,7 @@ service_metadata_proxy = true
{% if neutron_plugin_agent in ['vmware_nsxv3', 'vmware_nsxp'] %}
ovs_bridge = {{ ovs_bridge }}
{% endif %}
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
auth_type = password
cafile = {{ openstack_cacert }}
project_domain_name = {{ default_project_domain_name }}
@@ -203,7 +203,7 @@ debug = {{ nova_logging_debug }}
[placement]
auth_type = password
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
username = {{ placement_keystone_user }}
password = {{ placement_keystone_password }}
user_domain_name = {{ default_user_domain_name }}
diff --git a/ansible/roles/nova/templates/nova.conf.j2 b/ansible/roles/nova/templates/nova.conf.j2
index 93913c065d..8cf9e77852 100644
--- a/ansible/roles/nova/templates/nova.conf.j2
+++ b/ansible/roles/nova/templates/nova.conf.j2
@@ -66,7 +66,7 @@ debug = {{ nova_logging_debug }}
[cinder]
catalog_info = volumev3:cinderv3:internalURL
os_region_name = {{ openstack_region_name }}
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
auth_type = password
project_domain_name = {{ default_project_domain_name }}
user_domain_id = {{ default_user_domain_id }}
@@ -79,7 +79,7 @@ cafile = {{ openstack_cacert }}
[neutron]
metadata_proxy_shared_secret = {{ metadata_secret }}
service_metadata_proxy = true
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
auth_type = password
project_domain_name = {{ default_project_domain_name }}
user_domain_id = {{ default_user_domain_id }}
@@ -111,7 +111,7 @@ memcache_servers = {% for host in groups['memcached'] %}{{ 'api' | kolla_address
[keystone_authtoken]
www_authenticate_uri = {{ keystone_internal_url }}
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
auth_type = password
project_domain_id = {{ default_project_domain_id }}
user_domain_id = {{ default_user_domain_id }}
@@ -170,7 +170,7 @@ workers = {{ openstack_service_workers }}
[placement]
auth_type = password
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
username = {{ placement_keystone_user }}
password = {{ placement_keystone_password }}
user_domain_name = {{ default_user_domain_name }}
diff --git a/ansible/roles/octavia/defaults/main.yml b/ansible/roles/octavia/defaults/main.yml
index 5a41259896..8af04ec28e 100644
--- a/ansible/roles/octavia/defaults/main.yml
+++ b/ansible/roles/octavia/defaults/main.yml
@@ -251,7 +251,7 @@ octavia_loadbalancer_topology: "SINGLE"
# OpenStack auth used when registering resources for Octavia.
octavia_user_auth:
- auth_url: "{{ keystone_admin_url }}"
+ auth_url: "{{ keystone_internal_url }}"
username: "octavia"
password: "{{ octavia_keystone_password }}"
project_name: "{{ octavia_service_auth_project }}"
diff --git a/ansible/roles/octavia/templates/octavia-openrc.sh.j2 b/ansible/roles/octavia/templates/octavia-openrc.sh.j2
index 605613526b..4833855b0b 100644
--- a/ansible/roles/octavia/templates/octavia-openrc.sh.j2
+++ b/ansible/roles/octavia/templates/octavia-openrc.sh.j2
@@ -5,6 +5,6 @@ export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME={{ octavia_service_auth_project }}
export OS_USERNAME={{ octavia_keystone_user }}
export OS_PASSWORD={{ octavia_keystone_password }}
-export OS_AUTH_URL={{ keystone_admin_url }}/v3
+export OS_AUTH_URL={{ keystone_internal_url }}/v3
export OS_INTERFACE=internal
export OS_ENDPOINT_TYPE=internalURL
diff --git a/ansible/roles/octavia/templates/octavia.conf.j2 b/ansible/roles/octavia/templates/octavia.conf.j2
index 1ed0e27e88..621dd2ee13 100644
--- a/ansible/roles/octavia/templates/octavia.conf.j2
+++ b/ansible/roles/octavia/templates/octavia.conf.j2
@@ -44,7 +44,7 @@ max_pool_size = {{ database_max_pool_size }}
max_retries = -1
[service_auth]
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
auth_type = password
username = {{ octavia_keystone_user }}
password = {{ octavia_keystone_password }}
@@ -59,7 +59,7 @@ memcached_servers = {% for host in groups['memcached'] %}{{ 'api' | kolla_addres
[keystone_authtoken]
www_authenticate_uri = {{ keystone_internal_url }}
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
auth_type = password
project_domain_id = {{ default_project_domain_id }}
user_domain_id = {{ default_user_domain_id }}
diff --git a/ansible/roles/placement/templates/placement.conf.j2 b/ansible/roles/placement/templates/placement.conf.j2
index 04ca66fa90..bb788a7cd1 100644
--- a/ansible/roles/placement/templates/placement.conf.j2
+++ b/ansible/roles/placement/templates/placement.conf.j2
@@ -36,7 +36,7 @@ memcache_servers = {% for host in groups['memcached'] %}{{ 'api' | kolla_address
[keystone_authtoken]
www_authenticate_uri = {{ keystone_internal_url }}
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
auth_type = password
project_domain_id = {{ default_project_domain_id }}
user_domain_id = {{ default_user_domain_id }}
diff --git a/ansible/roles/prometheus/templates/clouds.yml.j2 b/ansible/roles/prometheus/templates/clouds.yml.j2
index ffb711d7ff..38d4a92383 100644
--- a/ansible/roles/prometheus/templates/clouds.yml.j2
+++ b/ansible/roles/prometheus/templates/clouds.yml.j2
@@ -11,4 +11,4 @@ clouds:
project_domain_name: 'Default'
user_domain_name: 'Default'
cacert: {{ openstack_cacert }}
- auth_url: {{ keystone_admin_url }}/v3
+ auth_url: {{ keystone_internal_url }}/v3
diff --git a/ansible/roles/sahara/templates/sahara.conf.j2 b/ansible/roles/sahara/templates/sahara.conf.j2
index 67c1288470..f53c164059 100644
--- a/ansible/roles/sahara/templates/sahara.conf.j2
+++ b/ansible/roles/sahara/templates/sahara.conf.j2
@@ -16,7 +16,7 @@ connection_recycle_time = {{ database_connection_recycle_time }}
max_pool_size = {{ database_max_pool_size }}
[keystone_authtoken]
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
auth_type = password
user_domain_name = {{ default_project_domain_name }}
project_name = service
@@ -60,5 +60,5 @@ project_name = service
user_domain_name = {{ default_user_domain_name }}
username = {{ sahara_keystone_user }}
password = {{ sahara_keystone_password }}
-auth_url = {{ keystone_admin_url }}/v3
+auth_url = {{ keystone_internal_url }}/v3
cafile = {{ openstack_cacert }}
diff --git a/ansible/roles/senlin/templates/senlin.conf.j2 b/ansible/roles/senlin/templates/senlin.conf.j2
index 91064bcbac..804a35ec9c 100644
--- a/ansible/roles/senlin/templates/senlin.conf.j2
+++ b/ansible/roles/senlin/templates/senlin.conf.j2
@@ -13,7 +13,7 @@ workers = {{ openstack_service_workers }}
{% endif %}
[authentication]
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
service_username = {{ senlin_keystone_user }}
service_password = {{ senlin_keystone_password }}
service_project_name = service
@@ -43,7 +43,7 @@ workers = {{ openstack_service_workers }}
[keystone_authtoken]
www_authenticate_uri = {{ keystone_internal_url }}
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
auth_type = password
project_domain_id = {{ default_project_domain_id }}
user_domain_id = {{ default_user_domain_id }}
diff --git a/ansible/roles/solum/templates/solum.conf.j2 b/ansible/roles/solum/templates/solum.conf.j2
index 60eec43e65..4ebec02f35 100644
--- a/ansible/roles/solum/templates/solum.conf.j2
+++ b/ansible/roles/solum/templates/solum.conf.j2
@@ -49,7 +49,7 @@ max_retries = -1
[keystone_authtoken]
www_authenticate_uri = {{ keystone_internal_url }}
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
auth_type = password
project_domain_id = {{ default_project_domain_id }}
user_domain_id = {{ default_user_domain_id }}
diff --git a/ansible/roles/swift/templates/proxy-server.conf.j2 b/ansible/roles/swift/templates/proxy-server.conf.j2
index 90dab06112..42f87ee537 100644
--- a/ansible/roles/swift/templates/proxy-server.conf.j2
+++ b/ansible/roles/swift/templates/proxy-server.conf.j2
@@ -36,7 +36,7 @@ use = egg:swift#proxy_logging
[filter:authtoken]
paste.filter_factory = keystonemiddleware.auth_token:filter_factory
auth_uri = {{ keystone_internal_url }}
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
auth_type = password
project_domain_id = {{ default_project_domain_id }}
user_domain_id = {{ default_user_domain_id }}
diff --git a/ansible/roles/tacker/templates/tacker.conf.j2 b/ansible/roles/tacker/templates/tacker.conf.j2
index dee94b7af7..df2fa1c2c4 100644
--- a/ansible/roles/tacker/templates/tacker.conf.j2
+++ b/ansible/roles/tacker/templates/tacker.conf.j2
@@ -33,7 +33,7 @@ max_retries = -1
[keystone_authtoken]
www_authenticate_uri = {{ keystone_internal_url }}
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
auth_type = password
project_domain_name = {{ default_project_domain_id }}
user_domain_name = {{ default_user_domain_id }}
@@ -51,7 +51,7 @@ memcached_servers = {% for host in groups['memcached'] %}{{ 'api' | kolla_addres
username = {{ tacker_keystone_user }}
password = {{ tacker_keystone_password }}
project_name = service
-url = {{ keystone_admin_url }}
+url = {{ keystone_internal_url }}
[ceilometer]
host = {{ api_interface_address }}
diff --git a/ansible/roles/trove/templates/trove.conf.j2 b/ansible/roles/trove/templates/trove.conf.j2
index e7a2d2f016..f58ab43ab9 100644
--- a/ansible/roles/trove/templates/trove.conf.j2
+++ b/ansible/roles/trove/templates/trove.conf.j2
@@ -56,7 +56,7 @@ project_name = service
user_domain_name = {{ default_user_domain_name }}
username = {{ trove_keystone_user }}
password = {{ trove_keystone_password }}
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
auth_type = password
cafile = {{ openstack_cacert }}
region_name = {{ openstack_region_name }}
diff --git a/ansible/roles/venus/templates/venus.conf.j2 b/ansible/roles/venus/templates/venus.conf.j2
index 89039d7816..7e7b08364b 100644
--- a/ansible/roles/venus/templates/venus.conf.j2
+++ b/ansible/roles/venus/templates/venus.conf.j2
@@ -23,7 +23,7 @@ cafile = {{ openstack_cacert }}
project_name = service
password = {{ venus_keystone_password }}
username = {{ venus_keystone_user }}
-auth_url = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}
+auth_url = {{ keystone_internal_url }}
project_domain_id = {{ default_project_domain_id }}
user_domain_id = {{ default_user_domain_id }}
auth_type = password
diff --git a/ansible/roles/vitrage/templates/vitrage.conf.j2 b/ansible/roles/vitrage/templates/vitrage.conf.j2
index 1482f8278a..4fac689c34 100644
--- a/ansible/roles/vitrage/templates/vitrage.conf.j2
+++ b/ansible/roles/vitrage/templates/vitrage.conf.j2
@@ -33,7 +33,7 @@ plugins = jaccard_correlation
[keystone_authtoken]
www_authenticate_uri = {{ keystone_internal_url }}
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
auth_type = password
project_domain_id = {{ default_project_domain_id }}
user_domain_id = {{ default_user_domain_id }}
diff --git a/ansible/roles/watcher/templates/watcher.conf.j2 b/ansible/roles/watcher/templates/watcher.conf.j2
index 467e0b5b06..6ac5b966a3 100644
--- a/ansible/roles/watcher/templates/watcher.conf.j2
+++ b/ansible/roles/watcher/templates/watcher.conf.j2
@@ -20,7 +20,7 @@ max_retries = -1
[keystone_authtoken]
www_authenticate_uri = {{ keystone_internal_url }}
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
auth_type = password
project_domain_id = {{ default_project_domain_id }}
user_domain_id = {{ default_user_domain_id }}
@@ -37,7 +37,7 @@ memcached_servers = {% for host in groups['memcached'] %}{{ 'api' | kolla_addres
[watcher_clients_auth]
auth_uri = {{ keystone_internal_url }}
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
auth_type = password
project_domain_id = {{ default_project_domain_id }}
user_domain_id = {{ default_user_domain_id }}
diff --git a/ansible/roles/zun/templates/zun.conf.j2 b/ansible/roles/zun/templates/zun.conf.j2
index 491b821c07..2553324959 100644
--- a/ansible/roles/zun/templates/zun.conf.j2
+++ b/ansible/roles/zun/templates/zun.conf.j2
@@ -32,7 +32,7 @@ max_retries = -1
# - best keep them both in sync
[keystone_auth]
www_authenticate_uri = {{ keystone_internal_url }}
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
auth_type = password
project_domain_id = {{ default_project_domain_id }}
user_domain_id = {{ default_user_domain_id }}
@@ -54,7 +54,7 @@ memcached_servers = {% for host in groups['memcached'] %}{{ 'api' | kolla_addres
# - best keep them both in sync
[keystone_authtoken]
www_authenticate_uri = {{ keystone_internal_url }}
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
auth_type = password
project_domain_id = {{ default_project_domain_id }}
user_domain_id = {{ default_user_domain_id }}
diff --git a/releasenotes/notes/keystone-admin-port-gone-1a28302df63aa70b.yaml b/releasenotes/notes/keystone-admin-port-gone-1a28302df63aa70b.yaml
index b7721da54d..bbe130224a 100644
--- a/releasenotes/notes/keystone-admin-port-gone-1a28302df63aa70b.yaml
+++ b/releasenotes/notes/keystone-admin-port-gone-1a28302df63aa70b.yaml
@@ -1,4 +1,8 @@
---
+deprecations:
+ - |
+ Variables ``keystone_admin_port``, ``keystone_admin_url`` and
+ ``admin_protocol`` are deprecated for removal after Zed.
upgrade:
- |
Keystone's admin interface no longer points to a separate port.
@@ -6,3 +10,7 @@ upgrade:
compatibility. Users are advised to run the deploy and post-deploy
commands afterwards to ensure port's cleanup.
For more information, please refer to the docs.
+ Please note that the relevant variables ``keystone_admin_port``,
+ ``keystone_admin_url`` and ``admin_protocol`` are no longer used
+ and are deprecated for removal after Zed. Please cease their usage
+ in your customisations.