From bbe9d418ba84d3248b2ea67617b491064e790f92 Mon Sep 17 00:00:00 2001 From: Flavio Percoco Date: Fri, 23 Jun 2017 16:21:51 +0200 Subject: [PATCH] Allow for running standalone Ironic w/o keystone The Ironic templates and roles assume Keystone is enabled and they don't make use of the `enable_keystone var. This patch changes the behavior so that `noauth` is used as auth method for Ironic if keystone is not enabled, the Ironic endpoint is not registered if keystone is not enabled and the keystone section is not created in the config file. Change-Id: I813de42d10ac264eec81076cb107b58af09ff686 --- ansible/roles/ironic/tasks/deploy.yml | 5 +++-- ansible/roles/ironic/templates/ironic.conf.j2 | 10 +++++++--- 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/ansible/roles/ironic/tasks/deploy.yml b/ansible/roles/ironic/tasks/deploy.yml index 13589d6aa9..55db93d752 100644 --- a/ansible/roles/ironic/tasks/deploy.yml +++ b/ansible/roles/ironic/tasks/deploy.yml @@ -1,7 +1,8 @@ --- - include: register.yml - when: inventory_hostname in groups['ironic-api'] or - inventory_hostname in groups['ironic-inspector'] + when: enable_keystone | bool and + (inventory_hostname in groups['ironic-api'] or + inventory_hostname in groups['ironic-inspector']) - include: config.yml when: inventory_hostname in groups['ironic-api'] or diff --git a/ansible/roles/ironic/templates/ironic.conf.j2 b/ansible/roles/ironic/templates/ironic.conf.j2 index 48d37858f7..77b8bdd9b6 100644 --- a/ansible/roles/ironic/templates/ironic.conf.j2 +++ b/ansible/roles/ironic/templates/ironic.conf.j2 @@ -6,13 +6,15 @@ # suppressed by the deployer by setting a value for the option. [DEFAULT] +{% if not enable_keystone | bool %} +auth_strategy = noauth +admin_user = {{ openstack_auth.username }} +admin_password = {{ keystone_admin_password }} +{% endif %} debug = {{ ironic_logging_debug }} log_dir = /var/log/kolla/ironic -admin_user = {{ openstack_auth.username }} -admin_password = {{ keystone_admin_password }} - enabled_drivers = pxe_ipmitool,pxe_ssh transport_url = rabbit://{% for host in groups['rabbitmq'] %}{{ rabbitmq_user }}:{{ rabbitmq_password }}@{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ rabbitmq_port }}{% if not loop.last %},{% endif %}{% endfor %} @@ -34,6 +36,7 @@ automated_clean=false connection = mysql+pymysql://{{ ironic_database_user }}:{{ ironic_database_password }}@{{ ironic_database_address }}/{{ ironic_database_name }} max_retries = -1 +{% if enable_keystone | bool %} [keystone_authtoken] auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }} auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }} @@ -47,6 +50,7 @@ password = {{ ironic_keystone_password }} memcache_security_strategy = ENCRYPT memcache_secret_key = {{ memcache_secret_key }} memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %} +{% endif %} [glance]