Fix ironic authentication configuration

As of [1], the ironic configuration for neutron, glance, swift, inspector and service_catalog requires explicit configuration of authentication parameters for communication with these services. This change adds the required parameters to [neutron], [glance] and [inspector] sections of ironic.conf. Kolla-ansible does not configure the [swift] or [service_discovery] sections currently. We also replace option [glance] glance_hosts with [glance] glance_api_servers as the former is deprecated. Since we no longer need to support generating configuration for kolla-kubernetes[2], some related options have been cleaned. [1] 4f9035c24f [2] https://blueprints.launchpad.net/kolla-ansible/+spec/clean-k8s-config Change-Id: Ifc239af5f3e44a508fedc9dea08cb06160c4f7f3 Closes-Bug: #1701713
2017-06-30 19:20:06 +01:00 · 2017-06-30 19:20:06 +01:00 · f0062331f5
commit f0062331f5
parent f568358c63
1 changed files with 22 additions and 5 deletions
--- a/ansible/roles/ironic/templates/ironic.conf.j2
+++ b/ansible/roles/ironic/templates/ironic.conf.j2
@ -62,18 +62,35 @@ memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansi
 default_boot_option = netboot

 [glance]
-glance_host = {{ internal_protocol }}://{% if orchestration_engine == 'KUBERNETES' %}glance-api{% else %}{{ kolla_internal_fqdn }}{% endif %}:{{ glance_api_port }}
+glance_api_servers = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ glance_api_port }}
+auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
+auth_type = password
+project_domain_id = default
+user_domain_id = default
+project_name = service
+username = {{ ironic_keystone_user }}
+password = {{ ironic_keystone_password }}

 [neutron]
-{% if orchestration_engine == 'KUBERNETES' %}
-url = {{ internal_protocol }}://neutron-server:{{ neutron_server_port }}
-{% else %}
 url = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ neutron_server_port }}
-{% endif %}
+auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
+auth_type = password
+project_domain_id = default
+user_domain_id = default
+project_name = service
+username = {{ ironic_keystone_user }}
+password = {{ ironic_keystone_password }}
 cleaning_network = {{ ironic_cleaning_network }}

 [inspector]
 enabled = true
+auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}
+auth_type = password
+project_domain_id = default
+user_domain_id = default
+project_name = service
+username = {{ ironic_keystone_user }}
+password = {{ ironic_keystone_password }}

 [agent]
 deploy_logs_local_path = /var/log/kolla/ironic