Add support for Keystone v3 API

The Keystone v2 APIs are deprecated and scheduled to be removed in
Q release of Openstack. This adds support for configuring RGW to
use the current Keystone v3 API.

diff --git a/group_vars/all.yml.sample b/group_vars/all.yml.sample
index ba5b37772917e6df551b2ad545fd1d9eaef4c5a3..c46a20a0aa54f70b3b8e1b475c908cea09f84ee0 100644 (file)
--- a/group_vars/all.yml.sample
+++ b/group_vars/all.yml.sample
@@ -285,6 +285,7 @@ dummy:
 #radosgw_civetweb_num_threads: 50
 #radosgw_keystone: false # activate OpenStack Keystone options full detail here: http://ceph.com/docs/master/radosgw/keystone/
 #radosgw_keystone_url: # url:admin_port ie: http://192.168.0.1:35357
+#radosgw_keystone_api_version: 2 # API versions 2 and 3 are supported
 #radosgw_keystone_ssl: true # Can be used to disable PKI revocation checks when other token types are used.
 # for admin_token method, define radosgw_keystone_admin_token
 # for auth_token method, define _user, _password, and _tenant
@@ -293,6 +294,7 @@ dummy:
 #radosgw_keystone_admin_user: username
 #radosgw_keystone_admin_password: password
 #radosgw_keystone_admin_tenant: tenant
+#radosgw_keystone_admin_domain: default
 #radosgw_keystone_accepted_roles: Member, _member_, admin
 #radosgw_keystone_token_cache_size: 10000
 #radosgw_keystone_revocation_internal: 900

diff --git a/roles/ceph-common/defaults/main.yml b/roles/ceph-common/defaults/main.yml
index e1216e70921e6db05a1726e46e48d37ed7ad9d28..b9970b8c66c91d6ed1cbca7d3743868da135c621 100644 (file)
--- a/roles/ceph-common/defaults/main.yml
+++ b/roles/ceph-common/defaults/main.yml
@@ -277,6 +277,7 @@ radosgw_civetweb_bind_ip: "{{ ansible_default_ipv4.address }}"
 radosgw_civetweb_num_threads: 50
 radosgw_keystone: false # activate OpenStack Keystone options full detail here: http://ceph.com/docs/master/radosgw/keystone/
 #radosgw_keystone_url: # url:admin_port ie: http://192.168.0.1:35357
+radosgw_keystone_api_version: 2 # API versions 2 and 3 are supported
 radosgw_keystone_ssl: true # Can be used to disable PKI revocation checks when other token types are used.
 # for admin_token method, define radosgw_keystone_admin_token
 # for auth_token method, define _user, _password, and _tenant
@@ -285,6 +286,7 @@ radosgw_keystone_admin_token: password
 radosgw_keystone_admin_user: username
 radosgw_keystone_admin_password: password
 radosgw_keystone_admin_tenant: tenant
+radosgw_keystone_admin_domain: default
 radosgw_keystone_accepted_roles: Member, _member_, admin
 radosgw_keystone_token_cache_size: 10000
 radosgw_keystone_revocation_internal: 900

diff --git a/roles/ceph-common/templates/ceph.conf.j2 b/roles/ceph-common/templates/ceph.conf.j2
index c45dd2b9bb4d0e70715b540d9ec887abc922e27f..e278a672603ea61cabd62eaab5db79e20902e058 100644 (file)
--- a/roles/ceph-common/templates/ceph.conf.j2
+++ b/roles/ceph-common/templates/ceph.conf.j2
@@ -114,12 +114,14 @@ rgw data = /var/lib/ceph/radosgw/{{ cluster }}-rgw.{{ hostvars[host]['ansible_ho
 rgw frontends = civetweb port={{ radosgw_civetweb_bind_ip }}:{{ radosgw_civetweb_port }} num_threads={{ radosgw_civetweb_num_threads }}
 {% if radosgw_keystone %}
 rgw keystone url = {{ radosgw_keystone_url }}
+rgw keystone api version = {{ radosgw_keystone_api_version }}
 {% if radosgw_keystone_auth_method == 'admin_token' %}
 rgw keystone admin token = {{ radosgw_keystone_admin_token }}
 {% elif radosgw_keystone_auth_method == 'auth_token' %}
 rgw keystone admin user = {{ radosgw_keystone_admin_user }}
 rgw keystone admin password = {{ radosgw_keystone_admin_password }}
 rgw keystone admin tenant = {{ radosgw_keystone_admin_tenant }}
+rgw keystone admin domain = {{ radosgw_keystone_admin_domain }}
 {% endif %}
 rgw keystone accepted roles = {{ radosgw_keystone_accepted_roles }}
 rgw keystone token cache size = {{ radosgw_keystone_token_cache_size }}