fix(auth): Define service_type in keystone_authtoken (#411)
* feat: Define service_type in keystone_authtoken
If application credentials with access rules are required,
an OpenStack service using keystonemiddleware to authenticate
with keystone, needs to define service_type in its configuration
file.
Once https://review.opendev.org/c/openstack/openstack-helm/+/883066
is merged, we can revert this PR.
* chore: clean-up yaml configs
---------
Co-authored-by: okozachenko1203 <okozachenko1203@users.noreply.github.com>
Co-authored-by: Mohammed Naser <mnaser@vexxhost.com>
diff --git a/roles/barbican/vars/main.yml b/roles/barbican/vars/main.yml
index 7eb2c78..63307e1 100644
--- a/roles/barbican/vars/main.yml
+++ b/roles/barbican/vars/main.yml
@@ -23,6 +23,10 @@
barbican:
DEFAULT:
log_config_append: null
+ keystone_authtoken:
+ # NOTE(okozachenko1203): We can remove it once the following is merged:
+ # https://review.opendev.org/883066
+ service_type: key-manager
oslo_messaging_notifications:
driver: noop
simple_crypto_plugin:
diff --git a/roles/cinder/vars/main.yml b/roles/cinder/vars/main.yml
index e65b1c4..28bf6e2 100644
--- a/roles/cinder/vars/main.yml
+++ b/roles/cinder/vars/main.yml
@@ -40,6 +40,10 @@
barbican_endpoint_type: internal
cors:
allowed_origins: "*"
+ keystone_authtoken:
+ # NOTE(okozachenko1203): We can remove it once the following is merged:
+ # https://review.opendev.org/883066
+ service_type: volumev3
oslo_messaging_notifications:
driver: noop
manifests:
diff --git a/roles/designate/vars/main.yml b/roles/designate/vars/main.yml
index 09ac03c..db8110c 100644
--- a/roles/designate/vars/main.yml
+++ b/roles/designate/vars/main.yml
@@ -18,6 +18,10 @@
tags: "{{ atmosphere_images | vexxhost.atmosphere.openstack_helm_image_tags('designate') }}"
conf:
designate:
+ keystone_authtoken:
+ # NOTE(okozachenko1203): We can remove it once the following is merged:
+ # https://review.opendev.org/883066
+ service_type: dns
service:central:
managed_resource_tenant_id: "{{ _designate_project_info.openstack_projects[0].id }}"
pools: "{{ designate_pools | to_yaml }}"
diff --git a/roles/glance/vars/main.yml b/roles/glance/vars/main.yml
index 9f62885..5523c2e 100644
--- a/roles/glance/vars/main.yml
+++ b/roles/glance/vars/main.yml
@@ -45,6 +45,10 @@
allowed_origins: "*"
image_format:
disk_formats: "qcow2,raw"
+ keystone_authtoken:
+ # NOTE(okozachenko1203): We can remove it once the following is merged:
+ # https://review.opendev.org/883066
+ service_type: image
oslo_messaging_notifications:
driver: noop
manifests:
diff --git a/roles/heat/vars/main.yml b/roles/heat/vars/main.yml
index 3104161..c8d233c 100644
--- a/roles/heat/vars/main.yml
+++ b/roles/heat/vars/main.yml
@@ -43,6 +43,10 @@
workers: 8
heat_api_cloudwatch:
workers: 8
+ keystone_authtoken:
+ # NOTE(okozachenko1203): We can remove it once the following is merged:
+ # https://review.opendev.org/883066
+ service_type: orchestration
oslo_messaging_notifications:
driver: noop
manifests:
diff --git a/roles/magnum/vars/main.yml b/roles/magnum/vars/main.yml
index 7e2b684..8baa2b0 100644
--- a/roles/magnum/vars/main.yml
+++ b/roles/magnum/vars/main.yml
@@ -51,6 +51,9 @@
# NOTE(mnaser): Magnum does not allow changing the interface to internal
# so we workaround with this for now.
insecure: true
+ # NOTE(okozachenko1203): We can remove it once the following is merged:
+ # https://review.opendev.org/883066
+ service_type: container-infra
magnum_client:
region_name: "{{ openstack_helm_endpoints_magnum_region_name }}"
neutron_client:
diff --git a/roles/manila/vars/main.yml b/roles/manila/vars/main.yml
index 8667a14..abde25e 100644
--- a/roles/manila/vars/main.yml
+++ b/roles/manila/vars/main.yml
@@ -53,6 +53,10 @@
path_to_public_key: /etc/manila/ssh-keys/id_rsa.pub
service_image_name: "{{ manila_image_name }}"
service_instance_flavor_id: "{{ _manila_flavor.id }}"
+ keystone_authtoken:
+ # NOTE(okozachenko1203): We can remove it once the following is merged:
+ # https://review.opendev.org/883066
+ service_type: sharev2
oslo_messaging_no tifications:
driver: noop
manifests:
diff --git a/roles/neutron/vars/main.yml b/roles/neutron/vars/main.yml
index cdab428..5dfaca0 100644
--- a/roles/neutron/vars/main.yml
+++ b/roles/neutron/vars/main.yml
@@ -37,6 +37,10 @@
live_migration_events: true
oslo_messaging_notifications:
driver: noop
+ keystone_authtoken:
+ # NOTE(okozachenko1203): We can remove it once the following is merged:
+ # https://review.opendev.org/883066
+ service_type: network
service_providers:
service_provider: VPN:strongswan:neutron_vpnaas.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default
dhcp_agent:
diff --git a/roles/nova/vars/main.yml b/roles/nova/vars/main.yml
index 820b12c..02ea38d 100644
--- a/roles/nova/vars/main.yml
+++ b/roles/nova/vars/main.yml
@@ -80,6 +80,10 @@
max_instances_per_host: 200
glance:
enable_rbd_download: true
+ keystone_authtoken:
+ # NOTE(okozachenko1203): We can remove it once the following is merged:
+ # https://review.opendev.org/883066
+ service_type: compute
neutron:
metadata_proxy_shared_secret: "{{ openstack_helm_endpoints['compute_metadata']['secret'] }}"
oslo_messaging_notifications:
diff --git a/roles/octavia/vars/main.yml b/roles/octavia/vars/main.yml
index a137ae5..1cbff82 100644
--- a/roles/octavia/vars/main.yml
+++ b/roles/octavia/vars/main.yml
@@ -106,6 +106,10 @@
health_manager:
controller_ip_port_list: "{{ _octavia_controller_ip_port_list | sort | join(',') }}"
heartbeat_key: "{{ octavia_heartbeat_key }}"
+ keystone_authtoken:
+ # NOTE(okozachenko1203): We can remove it once the following is merged:
+ # https://review.opendev.org/883066
+ service_type: load-balancer
oslo_messaging_notifications:
driver: noop
neutron:
diff --git a/roles/placement/vars/main.yml b/roles/placement/vars/main.yml
index 322a0ba..10e32ae 100644
--- a/roles/placement/vars/main.yml
+++ b/roles/placement/vars/main.yml
@@ -23,6 +23,10 @@
placement:
DEFAULT:
log_config_append: null
+ keystone_authtoken:
+ # NOTE(okozachenko1203): We can remove it once the following is merged:
+ # https://review.opendev.org/883066
+ service_type: placement
oslo_messaging_notifications:
driver: noop
manifests:
diff --git a/roles/senlin/vars/main.yml b/roles/senlin/vars/main.yml
index 6f62432..f48bddb 100644
--- a/roles/senlin/vars/main.yml
+++ b/roles/senlin/vars/main.yml
@@ -26,6 +26,10 @@
senlin:
DEFAULT:
log_config_append: null
+ keystone_authtoken:
+ # NOTE(okozachenko1203): We can remove it once the following is merged:
+ # https://review.opendev.org/883066
+ service_type: clustering
oslo_messaging_notifications:
driver: noop
manifests: