Add support for keystone v3 in ocata

1. group_vars/all.yml - Add default values for enable_keystone_v3,
    keystone_admin_project_name and keystone_admin_project_domain_name
2. horizon/templates/local_settings.j2 - If enable_keystone_v3 is true, then
   enable the OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT and
   OPENSTACK_KEYSTONE_DEFAULT_DOMAIN variables
3. keystone/tasks/config.yml - Upstream bug - typo in the notify tag
4. keystone/tasks/register.yml - Assign admin user to default domain  for v3
5. keystone/template/keystone.conf.j2 - Fix for Bug #1710739 - setting admin
   project details in keystone.conf
6. neutron_opencontrail.conf.j2 - No need to use keystone_admin_user variable,
   use the existing openstack_auth dictionary instead
7. globals.yml.original - update sample kolla_globals with the newly introduced
   variables
8. roles/openstack/compute/tasks/configure.yml - transport_url was not being
   populated with all the rabbitmq hosts in the case of oenstack ha

Closes-bug: #1710739
Closes-bug: #1715427

Change-Id: I13f1b8a5f615496f3fbfb30ce611a2e32a7965d5

kolla-ansible/ansible/group_vars/all.yml

@@ -20,6 +20,10 @@ enable_heat_opencontrail: "yes"
 # contrail_additions : IP address where contrail-api is listening on - on an
 # all-in-one, it will be same as kolla_internal_vip_address
 contrail_api_interface_address: "{{ kolla_internal_vip_address }}"
+
+enable_keystone_v3: "yes"
+keystone_admin_project_name: "admin"
+keystone_admin_project_domain_name: "Default"
 ####################### CONTRAIL ADDITIONS - BEGIN ###########################
 
 # The "temp" files that are created before merge need to stay persistent due

kolla-ansible/ansible/roles/horizon/templates/local_settings.j2

@@ -88,6 +88,9 @@ OPENSTACK_API_VERSIONS = {
 # will require the user to enter the Domain name in addition to the username
 # for login.
 #OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = False
+{% if enable_keystone_v3 | bool %}
+OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
+{% endif %}
 
 # Overrides the default domain used when running on single-domain model
 # with Keystone V3. All entities will be created in the default domain.
@@ -96,6 +99,9 @@ OPENSTACK_API_VERSIONS = {
 #    "cloud_admin": "rule:admin_required and domain_id:<your domain id>"
 # This value must match the domain id specified there.
 #OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = 'default'
+{% if enable_keystone_v3 | bool %}
+OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = 'default'
+{% endif %}
 
 # Set this to True to enable panels that provide the ability for users to
 # manage Identity Providers (IdPs) and establish a set of rules to map

kolla-ansible/ansible/roles/keystone/tasks/config.yml

@@ -97,7 +97,7 @@
     - keystone_policy.stat.exists
   with_dict: "{{ keystone_services }}"
   notify:
-    - Restart keystone containers
+    - Restart keystone container
 
 - name: Copying over wsgi-keystone.conf
   vars:

kolla-ansible/ansible/roles/keystone/tasks/register.yml

@@ -19,3 +19,20 @@
   retries: 10
   delay: 5
   run_once: True
+
+- name: Assigning user role to domain
+  kolla_toolbox:
+    module_name: "os_user_role"
+    module_args:
+      domain: "{{ openstack_keystone_auth.domain_name }}"
+      user: "{{ openstack_keystone_auth.username }}"
+      role: "admin"
+      auth: "{{ '{{ openstack_keystone_auth }}' }}"
+    module_extra_vars:
+      openstack_keystone_auth: "{{ openstack_keystone_auth }}"
+  register: default_role
+  until: default_role|success
+  retries: 10
+  delay: 5
+  run_once: True
+  when: enable_keystone_v3|bool

kolla-ansible/ansible/roles/keystone/templates/keystone.conf.j2

@@ -52,3 +52,9 @@ memcache_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansib
 [oslo_messaging_notifications]
 driver = messagingv2
 {% endif %}
+
+{% if enable_keystone_v3 | bool %}
+[resource]
+admin_project_name = {{ keystone_admin_project_name }}
+admin_project_domain_name = {{ keystone_admin_project_domain_name }}
+{% endif %}

kolla-ansible/ansible/roles/neutron/templates/neutron_opencontrail.conf.j2

@@ -10,7 +10,7 @@ analytics_api_port = 8081
 
 [KEYSTONE]
 auth_url = {{ keystone_admin_url }}
-admin_user= {{ keystone_admin_user }}
+admin_user= {{ openstack_auth.username }}
 admin_password= {{ keystone_admin_password }}
 admin_tenant_name=admin
 {% endif %}

kolla-ansible/etc/kolla/globals.yml.original

@@ -101,10 +101,6 @@ neutron_plugin_agent: "openvswitch"
 ####################
 # Arbitrary unique number from 0..255
 #keepalived_virtual_router_id: "151"
-nova_compute_image_full: "192.168.1.1:4000/kolla/ubuntu-binary-nova-compute:5.0.0"
-#neutron_server_image_full: "192.168.1.11:5100/kolla/ubuntu-binary-neutron-server:4.0.3"
-#neutron_server_image_full: "192.168.1.1:4000/kolla/ubuntu-binary-neutron-server-contrail-debug:5.0.0"
-neutron_server_image_full: "192.168.1.1:4000/kolla/ubuntu-binary-neutron-server:5.0.0"
 enable_neutron_opencontrail: "yes"
 contrail_api_interface_address: "192.168.1.21"
 
@@ -228,6 +224,9 @@ contrail_api_interface_address: "192.168.1.21"
 
 # Valid options are [ uuid, fernet ]
 #keystone_token_provider: 'uuid'
+enable_keystone_v3: "yes"
+keystone_admin_project_name: "admin"
+keystone_admin_project_domain_name: "Default"
 
 # Interval to rotate fernet keys by (in seconds). Must be an interval of
 # 60(1 min), 120(2 min), 180(3 min), 240(4 min), 300(5 min), 360(6 min),
@@ -345,3 +344,4 @@ tempest_floating_network_name:
 
 # tempest_image_alt_id: "{{ tempest_image_id }}"
 # tempest_flavor_ref_alt_id: "{{ tempest_flavor_ref_id }}"
+

playbooks/roles/openstack/compute/tasks/configure.yml

@@ -81,7 +81,7 @@
   ini_file: dest={{ nova_conf }} section=DEFAULT option={{ item.key }} value={{ item.value }}  create=yes
   notify: restart nova-compute
   with_dict:
-    transport_url: "rabbit://{{ rabbitmq_user }}:{{ rabbitmq_password }}@{{ rabbitmq_server_list[0] }}:{{ rabbitmq_port }}"
+    transport_url: "rabbit://{% for h in rabbitmq_server_list %}{{ rabbitmq_user }}:{{ rabbitmq_password }}@{{ h | trim() }}:{{ rabbitmq_port }}{% if not loop.last %},{% endif %}{% endfor %}"
   when:
     - openstack_sku == 'ocata'