Merge "Remove keystone admin leftovers"

ansible/group_vars/all.yml

@@ -443,12 +443,9 @@ iscsi_port: "3260"
 
 keystone_public_port: "{{ haproxy_single_external_frontend_public_port if haproxy_single_external_frontend | bool else keystone_public_listen_port }}"
 keystone_public_listen_port: "5000"
-# NOTE(yoctozepto): Admin port settings are kept only for upgrade compatibility.
-# TODO(yoctozepto): Remove after Zed.
-keystone_admin_port: "35357"
-keystone_admin_listen_port: "{{ keystone_admin_port }}"
 keystone_internal_port: "5000"
 keystone_internal_listen_port: "{{ keystone_internal_port }}"
+
 keystone_ssh_port: "8023"
 
 kuryr_port: "23750"
@@ -702,8 +699,6 @@ vitrage_api_listen_port: "{{ vitrage_api_port }}"
 
 public_protocol: "{{ 'https' if kolla_enable_tls_external | bool else 'http' }}"
 internal_protocol: "{{ 'https' if kolla_enable_tls_internal | bool else 'http' }}"
-# TODO(yoctozepto): Remove after Zed. Kept for compatibility only.
-admin_protocol: "{{ internal_protocol }}"
 
 ##################
 # Firewall options
@@ -1006,8 +1001,6 @@ acme_client_servers: []
 keystone_internal_fqdn: "{{ kolla_internal_fqdn }}"
 keystone_external_fqdn: "{{ kolla_external_fqdn }}"
 
-# TODO(yoctozepto): Remove after Zed. Kept for compatibility only.
-keystone_admin_url: "{{ keystone_internal_fqdn | kolla_url(admin_protocol, keystone_admin_port) }}"
 keystone_internal_url: "{{ keystone_internal_fqdn | kolla_url(internal_protocol, keystone_internal_port) }}"
 keystone_public_url: "{{ keystone_external_fqdn | kolla_url(public_protocol, keystone_public_port) }}"
 

ansible/roles/keystone/defaults/main.yml

@@ -26,15 +26,6 @@ keystone_services:
         port: "{{ keystone_public_port }}"
         listen_port: "{{ keystone_public_listen_port }}"
         backend_http_extra: "{{ ['balance source'] if enable_keystone_federation | bool else [] }}"
-      # NOTE(yoctozepto): Admin port settings are kept only for upgrade compatibility.
-      # TODO(yoctozepto): Remove after Zed.
-      keystone_admin:
-        enabled: "{{ enable_keystone and kolla_action == 'upgrade' }}"
-        mode: "http"
-        external: false
-        tls_backend: "{{ keystone_enable_tls_backend }}"
-        port: "{{ keystone_admin_port }}"
-        listen_port: "{{ keystone_admin_listen_port }}"
   keystone-ssh:
     container_name: "keystone_ssh"
     group: "keystone"

ansible/roles/keystone/tasks/upgrade.yml

@@ -48,14 +48,3 @@
   run_once: True
   when:
     - not use_preconfigured_databases | bool
-
-# TODO(yoctozepto): Remove after Zed (in AA).
-# This is needed to update the admin endpoint as the port has
-# changed in the same release (Zed), i.e., the admin endpoint uses the
-# same port as the other ones (public, internal).
-- import_role:
-    name: service-ks-register
-  vars:
-    service_ks_register_auth: "{{ openstack_keystone_auth }}"
-    service_ks_register_services: "{{ keystone_ks_services }}"
-  run_once: True

ansible/roles/keystone/templates/wsgi-keystone.conf.j2

@@ -8,11 +8,6 @@ LoadModule ssl_module /usr/lib/apache2/modules/mod_ssl.so
 {% endif %}
 {% endif %}
 Listen {{ api_interface_address | put_address_in_context('url') }}:{{ keystone_public_listen_port }}
-{% if kolla_action == 'upgrade' %}
-# NOTE(yoctozepto): Admin port settings are kept only for upgrade compatibility.
-# TODO(yoctozepto): Remove after Zed.
-Listen {{ api_interface_address | put_address_in_context('url') }}:{{ keystone_admin_listen_port }}
-{% endif %}
 
 ServerSignature Off
 ServerTokens Prod
@@ -116,26 +111,3 @@ LogLevel info
 {% endif %}
 </VirtualHost>
 
-{% if kolla_action == 'upgrade' %}
-# NOTE(yoctozepto): Admin port settings are kept only for upgrade compatibility.
-# TODO(yoctozepto): Remove after Zed.
-<VirtualHost *:{{ keystone_admin_listen_port }}>
-    WSGIDaemonProcess keystone-admin processes={{ keystone_api_workers }} threads=1 user=keystone group=keystone display-name=keystone-admin
-    WSGIProcessGroup keystone-admin
-    WSGIScriptAlias / {{ binary_path }}/keystone-wsgi-admin
-    WSGIApplicationGroup %{GLOBAL}
-    WSGIPassAuthorization On
-    <IfVersion >= 2.4>
-      ErrorLogFormat "%{cu}t %M"
-    </IfVersion>
-    ErrorLog "{{ keystone_log_dir }}/keystone-apache-admin-error.log"
-    LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b %D \"%{Referer}i\" \"%{User-Agent}i\"" logformat
-    CustomLog "{{ keystone_log_dir }}/keystone-apache-admin-access.log" logformat
-
-{% if keystone_enable_tls_backend | bool %}
-    SSLEngine on
-    SSLCertificateFile /etc/keystone/certs/keystone-cert.pem
-    SSLCertificateKeyFile /etc/keystone/certs/keystone-key.pem
-{% endif %}
-</VirtualHost>
-{% endif %}

tests/upgrade.sh

@@ -44,9 +44,6 @@ function upgrade {
 
     kolla-ansible -i ${RAW_INVENTORY} -vvv upgrade &> /tmp/logs/ansible/upgrade
 
-    # NOTE(yoctozepto): These actions remove the leftovers of the admin port.
-    # TODO(yoctozepto): Remove after Zed.
-    kolla-ansible -i ${RAW_INVENTORY} -vvv deploy --tags keystone &> /tmp/logs/ansible/upgrade-deploy
     kolla-ansible -i ${RAW_INVENTORY} -vvv post-deploy &> /tmp/logs/ansible/upgrade-post-deploy
 
     kolla-ansible -i ${RAW_INVENTORY} -vvv validate-config &> /tmp/logs/ansible/validate-config