Keystone v3 support for opencontrail Change-Id: I230438c62aaf9a95f8760f0daeed242906ecd132

commit: 735005f1b30c14dded507fb0cce05ab241f3d18c [log] [tgz]
author: Jakub Pavlik <pavlk.jakub@gmail.com> Fri Feb 26 15:54:53 2016 +0100
committer: Jakub Pavlik <pavlk.jakub@gmail.com> Fri Feb 26 15:54:53 2016 +0100
tree: e5dfb2debb6d2d7f4acb7b09d4b7f18ff3b37082
parent: 2e8ce433d3b37a4fcc98e835d6d194ac2ad5790e [diff]
diff --git a/README.rst b/README.rst
index 00f152f..a539898 100644
--- a/README.rst
+++ b/README.rst

@@ -7,6 +7,33 @@
 Sample pillars
 ==============
 
+Keystone v3
+-------------
+
+To enable support for keystone v3 in opencontrail, there must be defined version for config and web role.
+
+.. code-block:: yaml
+
+    opencontrail:
+      config:
+        version: 2.2
+        enabled: true
+        ...
+        identity:
+          engine: keystone
+          version: '3'
+        ...
+
+    opencontrail:
+      web:
+        version: 2.2
+        enabled: true
+        ...
+        identity:
+          engine: keystone
+          version: '3'
+        ...
+
 Usage
 =====
 

diff --git a/metadata/service/control/cluster.yml b/metadata/service/control/cluster.yml
index 00c337b..c90a8bd 100644
--- a/metadata/service/control/cluster.yml
+++ b/metadata/service/control/cluster.yml

@@ -47,6 +47,7 @@
         host: ${_param:cluster_local_address}
       identity:
         engine: keystone
+        version: '2.0'
         region: RegionOne
         host: ${_param:cluster_vip_address}
         port: 35357
@@ -141,6 +142,7 @@
         id: 3
       identity:
         engine: keystone
+        version: '2.0'
         host: ${_param:cluster_vip_address}
         port: 35357
         user: admin

diff --git a/metadata/service/control/control.yml b/metadata/service/control/control.yml
index 2e8b34d..9c46a34 100644
--- a/metadata/service/control/control.yml
+++ b/metadata/service/control/control.yml

@@ -47,6 +47,7 @@
         host: ${_param:cluster_local_address}
       identity:
         engine: keystone
+        version: '2.0'
         region: RegionOne
         host: ${_param:cluster_vip_address}
         port: 35357
@@ -123,6 +124,7 @@
         id: 3
       identity:
         engine: keystone
+        version: '2.0'
         host: ${_param:cluster_vip_address}
         port: 35357
         user: admin

diff --git a/metadata/service/control/single.yml b/metadata/service/control/single.yml
index d608d75..5c76a63 100644
--- a/metadata/service/control/single.yml
+++ b/metadata/service/control/single.yml

@@ -43,6 +43,7 @@
         host: ${_param:single_address}
       identity:
         engine: keystone
+        version: '2.0'
         region: RegionOne
         host: ${_param:single_address}
         port: 35357
@@ -117,6 +118,7 @@
         id: 1
       identity:
         engine: keystone
+        version: '2.0'
         host: ${_param:single_address}
         port: 35357
         user: admin

diff --git a/opencontrail/files/2.2/config.global.js b/opencontrail/files/2.2/config.global.js
index a01b2bb..67ce1b4 100644
--- a/opencontrail/files/2.2/config.global.js
+++ b/opencontrail/files/2.2/config.global.js

@@ -8,6 +8,10 @@
 config.orchestration = {};
 config.orchestration.Manager = 'openstack'
 
+{%- if web.identity.version == "3" %}
+config.multi_tenancy = {};
+config.multi_tenancy.enabled = true;
+{%- endif %}
 /****************************************************************************
  * This boolean flag indicates to communicate with Orchestration
  * modules(networkManager, imageManager, computeManager, identityManager,
@@ -108,7 +112,7 @@
  * If want to use with default apiVersion(v2.0), then can specify it as 
  * empty array.
 ******************************************************************************/
-config.identityManager.apiVersion = ['v2.0'];
+config.identityManager.apiVersion = ['v{{ web.identity.version }}'];
 config.identityManager.strictSSL = false;
 config.identityManager.ca = '';
 

diff --git a/opencontrail/files/2.2/contrail-api.conf b/opencontrail/files/2.2/contrail-api.conf
index ef1192e..d5d2180 100644
--- a/opencontrail/files/2.2/contrail-api.conf
+++ b/opencontrail/files/2.2/contrail-api.conf

@@ -36,4 +36,7 @@
 admin_token={{ config.identity.token }}
 admin_tenant_name={{ config.identity.tenant }}
 insecure=True
-
+{%- if config.identity.version == "3" %}
+project_name={{ config.identity.tenant }}
+auth_url=http://{{ config.identity.host }}:{{ config.identity.port }}/v3
+{%- endif %}

diff --git a/opencontrail/files/2.2/contrail-webui-userauth.js b/opencontrail/files/2.2/contrail-webui-userauth.js
index e1a19d7..760a304 100644
--- a/opencontrail/files/2.2/contrail-webui-userauth.js
+++ b/opencontrail/files/2.2/contrail-webui-userauth.js

@@ -11,5 +11,5 @@
 auth.admin_password = '{{ web.identity.password }}';
 auth.admin_token = '{{ web.identity.token }}';
 auth.admin_tenant_name = '{{ web.identity.tenant }}';
-
+auth.admin_domain = 'default';
 module.exports = auth;

diff --git a/opencontrail/files/2.2/vnc_api_lib.ini b/opencontrail/files/2.2/vnc_api_lib.ini
index 9465554..df0e2a3 100644
--- a/opencontrail/files/2.2/vnc_api_lib.ini
+++ b/opencontrail/files/2.2/vnc_api_lib.ini

@@ -14,4 +14,3 @@
 AUTHN_PROTOCOL = http
 AUTHN_SERVER= {{ config.identity.host }}
 AUTHN_PORT = {{ config.identity.port }}
-AUTHN_URL = /v2.0/tokens

diff --git a/tests/pillar/cluster.sls b/tests/pillar/cluster.sls
index aed4819..33bb380 100644
--- a/tests/pillar/cluster.sls
+++ b/tests/pillar/cluster.sls

@@ -43,6 +43,7 @@
       host: 127.0.0.1
     identity:
       engine: keystone
+      version: '2.0'
       region: RegionOne
       host: 127.0.0.1
       port: 35357
@@ -137,9 +138,10 @@
       id: 3
     identity:
       engine: keystone
+      version: '2.0'
       host: 127.0.0.1
       port: 35357
       user: admin
       password: password
       token: token
-      tenant: admin
\ No newline at end of file
+      tenant: admin

diff --git a/tests/pillar/control.sls b/tests/pillar/control.sls
index db0cd7f..37ffae9 100644
--- a/tests/pillar/control.sls
+++ b/tests/pillar/control.sls

@@ -40,6 +40,7 @@
       host: 127.0.0.1
     identity:
       engine: keystone
+      version: '2.0'
       region: RegionOne
       host: 127.0.0.1
       port: 35357
@@ -116,9 +117,10 @@
       id: 3
     identity:
       engine: keystone
+      version: '2.0'
       host: 127.0.0.1
       port: 35357
       user: admin
       password: password
       token: token
-      tenant: admin
\ No newline at end of file
+      tenant: admin

diff --git a/tests/pillar/single.sls b/tests/pillar/single.sls
index 4dd7c22..0c7b9a3 100644
--- a/tests/pillar/single.sls
+++ b/tests/pillar/single.sls

@@ -39,6 +39,7 @@
       host: 127.0.0.1
     identity:
       engine: keystone
+      version: '2.0'
       region: RegionOne
       host: 127.0.0.1
       port: 35357
@@ -113,9 +114,10 @@
       id: 1
     identity:
       engine: keystone
+      version: '2.0'
       host: 127.0.0.1
       port: 35357
       user: admin
       password: password
       token: token
-      tenant: admin
\ No newline at end of file
+      tenant: admin
commit	735005f1b30c14dded507fb0cce05ab241f3d18c	[log] [tgz]
author	Jakub Pavlik <pavlk.jakub@gmail.com>	Fri Feb 26 15:54:53 2016 +0100
committer	Jakub Pavlik <pavlk.jakub@gmail.com>	Fri Feb 26 15:54:53 2016 +0100
tree	e5dfb2debb6d2d7f4acb7b09d4b7f18ff3b37082
parent	2e8ce433d3b37a4fcc98e835d6d194ac2ad5790e [diff]