From cccdb2ab139c1518c4cd860fb4d1db36ad80cf58 Mon Sep 17 00:00:00 2001
From: Logan V <logan2211@gmail.com>
Date: Thu, 14 Jul 2016 14:27:03 -0500
Subject: [PATCH] Add support for Keystone v3 API

The Keystone v2 APIs are deprecated and scheduled to be removed in
Q release of Openstack. This adds support for configuring RGW to
use the current Keystone v3 API.
---
 group_vars/all.yml.sample                | 2 ++
 roles/ceph-common/defaults/main.yml      | 2 ++
 roles/ceph-common/templates/ceph.conf.j2 | 2 ++
 3 files changed, 6 insertions(+)

diff --git a/group_vars/all.yml.sample b/group_vars/all.yml.sample
index ba5b37772..c46a20a0a 100644
--- a/group_vars/all.yml.sample
+++ b/group_vars/all.yml.sample
@@ -285,6 +285,7 @@ dummy:
 #radosgw_civetweb_num_threads: 50
 #radosgw_keystone: false # activate OpenStack Keystone options full detail here: http://ceph.com/docs/master/radosgw/keystone/
 #radosgw_keystone_url: # url:admin_port ie: http://192.168.0.1:35357
+#radosgw_keystone_api_version: 2 # API versions 2 and 3 are supported
 #radosgw_keystone_ssl: true # Can be used to disable PKI revocation checks when other token types are used.
 # for admin_token method, define radosgw_keystone_admin_token
 # for auth_token method, define _user, _password, and _tenant
@@ -293,6 +294,7 @@ dummy:
 #radosgw_keystone_admin_user: username
 #radosgw_keystone_admin_password: password
 #radosgw_keystone_admin_tenant: tenant
+#radosgw_keystone_admin_domain: default
 #radosgw_keystone_accepted_roles: Member, _member_, admin
 #radosgw_keystone_token_cache_size: 10000
 #radosgw_keystone_revocation_internal: 900
diff --git a/roles/ceph-common/defaults/main.yml b/roles/ceph-common/defaults/main.yml
index e1216e709..b9970b8c6 100644
--- a/roles/ceph-common/defaults/main.yml
+++ b/roles/ceph-common/defaults/main.yml
@@ -277,6 +277,7 @@ radosgw_civetweb_bind_ip: "{{ ansible_default_ipv4.address }}"
 radosgw_civetweb_num_threads: 50
 radosgw_keystone: false # activate OpenStack Keystone options full detail here: http://ceph.com/docs/master/radosgw/keystone/
 #radosgw_keystone_url: # url:admin_port ie: http://192.168.0.1:35357
+radosgw_keystone_api_version: 2 # API versions 2 and 3 are supported
 radosgw_keystone_ssl: true # Can be used to disable PKI revocation checks when other token types are used.
 # for admin_token method, define radosgw_keystone_admin_token
 # for auth_token method, define _user, _password, and _tenant
@@ -285,6 +286,7 @@ radosgw_keystone_admin_token: password
 radosgw_keystone_admin_user: username
 radosgw_keystone_admin_password: password
 radosgw_keystone_admin_tenant: tenant
+radosgw_keystone_admin_domain: default
 radosgw_keystone_accepted_roles: Member, _member_, admin
 radosgw_keystone_token_cache_size: 10000
 radosgw_keystone_revocation_internal: 900
diff --git a/roles/ceph-common/templates/ceph.conf.j2 b/roles/ceph-common/templates/ceph.conf.j2
index c45dd2b9b..e278a6726 100644
--- a/roles/ceph-common/templates/ceph.conf.j2
+++ b/roles/ceph-common/templates/ceph.conf.j2
@@ -114,12 +114,14 @@ rgw data = /var/lib/ceph/radosgw/{{ cluster }}-rgw.{{ hostvars[host]['ansible_ho
 rgw frontends = civetweb port={{ radosgw_civetweb_bind_ip }}:{{ radosgw_civetweb_port }} num_threads={{ radosgw_civetweb_num_threads }}
 {% if radosgw_keystone %}
 rgw keystone url = {{ radosgw_keystone_url }}
+rgw keystone api version = {{ radosgw_keystone_api_version }}
 {% if radosgw_keystone_auth_method == 'admin_token' %}
 rgw keystone admin token = {{ radosgw_keystone_admin_token }}
 {% elif radosgw_keystone_auth_method == 'auth_token' %}
 rgw keystone admin user = {{ radosgw_keystone_admin_user }}
 rgw keystone admin password = {{ radosgw_keystone_admin_password }}
 rgw keystone admin tenant = {{ radosgw_keystone_admin_tenant }}
+rgw keystone admin domain = {{ radosgw_keystone_admin_domain }}
 {% endif %}
 rgw keystone accepted roles = {{ radosgw_keystone_accepted_roles }}
 rgw keystone token cache size = {{ radosgw_keystone_token_cache_size }}
-- 
2.39.5