openstack-ansible

OSA uses deprecated tenant_id for endpoints in catalog

Bug #1651521 reported by Miguel Alejandro Cantu on 2016-12-20
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
openstack-ansible
Fix Released
Low
Luke Short
Also affects project (?) Also affects distribution/package Nominate for series

Bug Description

Per the keystone releate notes, which say
"Keystone supports $(project_id)s in the catalog. It works the same as $(tenant_id)s. Use of $(tenant_id)s is deprecated and catalog endpoints should be updated to use $(project_id)s."

All mentions of tenant_id to configure endpoints should be changed to project_id. I've pasted all mentions of "%(tenant_id" in the roles:

grep -ER '%\(tenant_id' *
os_cinder/defaults/main.yml:cinder_service_publicurl: "{{ cinder_service_publicuri }}/v1/%(tenant_id)s"
os_cinder/defaults/main.yml:cinder_service_adminurl: "{{ cinder_service_adminuri }}/v1/%(tenant_id)s"
os_cinder/defaults/main.yml:cinder_service_internalurl: "{{ cinder_service_internaluri }}/v1/%(tenant_id)s"
os_cinder/defaults/main.yml:cinder_service_v2_publicurl: "{{ cinder_service_publicuri }}/v2/%(tenant_id)s"
os_cinder/defaults/main.yml:cinder_service_v2_adminurl: "{{ cinder_service_adminuri }}/v2/%(tenant_id)s"
os_cinder/defaults/main.yml:cinder_service_v2_internalurl: "{{ cinder_service_internaluri }}/v2/%(tenant_id)s"
os_designate/templates/policy.json.j2: "owner": "tenant:%(tenant_id)s",
os_heat/defaults/main.yml:heat_service_publicurl: "{{ heat_service_publicuri }}/v1/%(tenant_id)s"
os_heat/defaults/main.yml:heat_service_adminurl: "{{ heat_service_adminuri }}/v1/%(tenant_id)s"
os_heat/defaults/main.yml:heat_service_internalurl: "{{ heat_service_internaluri }}/v1/%(tenant_id)s"
os_horizon/tests/os_horizon-overrides.yml:nova_service_publicurl: "{{ nova_service_publicuri }}/v2.1/%(tenant_id)s"
os_horizon/tests/os_horizon-overrides.yml:nova_service_adminurl: "{{ nova_service_adminuri }}/v2.1/%(tenant_id)s"
os_horizon/tests/os_horizon-overrides.yml:nova_service_internalurl: "{{ nova_service_internaluri }}/v2.1/%(tenant_id)s"
os_neutron/templates/neutron.conf.j2:nova_url = {{ nova_service_adminurl|replace('/%(tenant_id)s', '') }}
os_neutron/templates/policy.json.j2: "owner": "tenant_id:%(tenant_id)s",
os_nova/defaults/main.yml:nova_service_publicurl: "{{ nova_service_publicuri }}/v2.1/%(tenant_id)s"
os_nova/defaults/main.yml:nova_service_adminurl: "{{ nova_service_adminuri }}/v2.1/%(tenant_id)s"
os_nova/defaults/main.yml:nova_service_internalurl: "{{ nova_service_internaluri }}/v2.1/%(tenant_id)s"
os_sahara/defaults/main.yml:sahara_service_publicurl: "{{ sahara_service_publicuri }}/v1.1/%(tenant_id)s"
os_sahara/defaults/main.yml:sahara_service_internalurl: "{{ sahara_service_internaluri }}/v1.1/%(tenant_id)s"
os_sahara/defaults/main.yml:sahara_service_adminurl: "{{ sahara_service_adminuri }}/v1.1/%(tenant_id)s"
os_swift/defaults/main.yml:swift_service_publicurl: "{{ swift_service_publicuri }}/v1/AUTH_%(tenant_id)s"
os_swift/defaults/main.yml:swift_service_adminurl: "{{ swift_service_adminuri }}/v1/AUTH_%(tenant_id)s"
os_swift/defaults/main.yml:swift_service_internalurl: "{{ swift_service_internaluri }}/v1/AUTH_%(tenant_id)s"
os_trove/defaults/main.yml:trove_service_publicurl: "{{ trove_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ trove_service_port }}/v1.0/%(tenant_id)s"
os_trove/defaults/main.yml:trove_service_internalurl: "{{ trove_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ trove_service_port }}/v1.0/%(tenant_id)s"
os_trove/defaults/main.yml:trove_service_adminurl: "{{ trove_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ trove_service_port }}/v1.0/%(tenant_id)s"

See original description
Jean-Philippe Evrard (jean-philippe-evrard) wrote :

Fair point, and thanks for the list :)

I'm adding this as low-hanging-fruit.

tags: added: low-hanging-fruit
Miguel Alejandro Cantu (miguel-cantu) on 2016-12-20
description: updated
Jean-Philippe Evrard (jean-philippe-evrard) wrote :

Please also note that the policy.json files are fetched from upstream, and the fixes should be included there.

Jean-Philippe Evrard (jean-philippe-evrard) on 2017-01-03
Changed in openstack-ansible:
status: New → Confirmed
importance: Undecided → Low
Luke Short (ekultails) wrote :

All references to "%(tenant_id)s" appear to be gone, except for in the Octavia LBaaS variables.

$ grep tenant_id group_vars/all/octavia.yml
octavia_service_internalurl: "{{ octavia_service_internaluri }}/v1/%(tenant_id)s"

I can find no trace of "%(project_id)s" in OpenStack-Ansible now, either. Is this no longer required for the Keystone endpoints in Pike (or, at least, not a standard anymore)? Also, should we remove the "%(tenant_id)s" part for Octavia or should that be changed to "%(project_id)s"? Considering that everything else has dropped the tenant/project ID requirement I am leaning towards the removal of that from the Octavia service.

OpenStack Infra (hudson-openstack) wrote : Fix proposed to openstack-ansible (master)

Fix proposed to branch: master
Review: https://review.openstack.org/552178

Changed in openstack-ansible:
assignee: nobody → Luke Short (ekultails)
status: Confirmed → In Progress
OpenStack Infra (hudson-openstack) wrote : Fix merged to openstack-ansible (master)

Reviewed: https://review.openstack.org/552178
Committed: https://git.openstack.org/cgit/openstack/openstack-ansible/commit/?id=20fdfb9716454836aaa22535640cbb29e58ddb02
Submitter: Zuul
Branch: master

commit 20fdfb9716454836aaa22535640cbb29e58ddb02
Author: ekultails <email address hidden>
Date: Mon Mar 12 19:26:10 2018 -0400

    Update all references from the deprecated tenant_id to project_id.

    Keystone v3 has been out for a long time now and uses the new project_id variable for the API endpoints.

    Change-Id: I62619ac94b0deb67fe4081a0bb1e5f7b40b4f1d9
    Closes-Bug: 1651521

Changed in openstack-ansible:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.
Subscribing...

Other bug subscribers