gnocchi: deploy services with Keystone v3 endpoints

* Move swift_authurl to gnocchi-base hieradata, where other swift auth
  credentials live and switch it to versionless keystone endpoint.
* Force swift_auth_version to 3 for Keystone v3.
* Switch auth_uri to use versionless Keystone endpoint.
* Switch auth_url to use Keystone admin endpoint (instead of internal).
* Remove old parameters from gnocchi::api, not used anymore.

Partial-blueprint: keystone-v3

Change-Id: I2feed8b1219069128faa1a1e8dcd2ddfbae7e40a

diff --git a/puppet/services/gnocchi-api.yaml b/puppet/services/gnocchi-api.yaml
index 08a939a..f462991 100644 (file)
--- a/puppet/services/gnocchi-api.yaml
+++ b/puppet/services/gnocchi-api.yaml
@@ -83,10 +83,12 @@ outputs:
             gnocchi::api::enabled: true
             gnocchi::api::enable_proxy_headers_parsing: true
             gnocchi::api::service_name: 'httpd'
-            gnocchi::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
+            gnocchi::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
             gnocchi::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
             gnocchi::keystone::authtoken::password: {get_param: GnocchiPassword}
             gnocchi::keystone::authtoken::project_name: 'service'
+            gnocchi::keystone::authtoken::user_domain_name: 'Default'
+            gnocchi::keystone::authtoken::project_domain_name: 'Default'
             gnocchi::wsgi::apache::ssl: {get_param: EnableInternalTLS}
             gnocchi::wsgi::apache::servername:
               str_replace:
@@ -103,10 +105,6 @@ outputs:
             # internal_api_subnet - > IP/CIDR
             gnocchi::wsgi::apache::bind_host: {get_param: [ServiceNetMap, GnocchiApiNetwork]}
             gnocchi::wsgi::apache::wsgi_process_display_name: 'gnocchi_wsgi'
-
-            gnocchi::api::keystone_auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
-            gnocchi::api::keystone_identity_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
-            gnocchi::storage::swift::swift_authurl: {get_param: [EndpointMap, KeystoneInternal, uri]}
       step_config: |
         include ::tripleo::profile::base::gnocchi::api
       service_config_settings:

diff --git a/puppet/services/gnocchi-base.yaml b/puppet/services/gnocchi-base.yaml
index c631005..d755556 100644 (file)
--- a/puppet/services/gnocchi-base.yaml
+++ b/puppet/services/gnocchi-base.yaml
@@ -70,8 +70,9 @@ outputs:
               - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo'
         gnocchi::db::sync::extra_opts: '--skip-storage'
         gnocchi::storage::swift::swift_user: 'service:gnocchi'
-        gnocchi::storage::swift::swift_auth_version: 2
+        gnocchi::storage::swift::swift_auth_version: 3
         gnocchi::storage::swift::swift_key: {get_param: GnocchiPassword}
+        gnocchi::storage::swift::swift_authurl: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
         gnocchi::storage::ceph::ceph_pool: {get_param: GnocchiRbdPoolName}
         gnocchi::storage::ceph::ceph_username: {get_param: CephClientUserName}
         gnocchi::storage::ceph::ceph_keyring:

diff --git a/releasenotes/notes/gnocchi-keystonev3-d288ba40226545c9.yaml b/releasenotes/notes/gnocchi-keystonev3-d288ba40226545c9.yaml
new file mode 100644 (file)
index 0000000..2f2513c
--- /dev/null
+++ b/releasenotes/notes/gnocchi-keystonev3-d288ba40226545c9.yaml
@@ -0,0 +1,4 @@
+---
+features:
+  - Deploy Gnocchi with Keystone v3 endpoints and make
+    sure it doesn't rely on Keystone v2 anymore.