diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml
index 127667a05172233be9d146df0d8cfe698726f2a1..88b9bb6e835b3f33cd48e2a356a2213eecabca75 100644
--- a/ansible/group_vars/all.yml
+++ b/ansible/group_vars/all.yml
@@ -525,7 +525,8 @@ vitrage_api_port: "8999"
public_protocol: "{{ 'https' if kolla_enable_tls_external | bool else 'http' }}"
internal_protocol: "{{ 'https' if kolla_enable_tls_internal | bool else 'http' }}"
-admin_protocol: "{{ 'https' if kolla_enable_tls_internal | bool else 'http' }}"
+# TODO(yoctozepto): Remove after Zed. Kept for compatibility only.
+admin_protocol: "{{ internal_protocol }}"
####################
# OpenStack options
@@ -849,7 +850,8 @@ kibana_log_prefix: "flog"
keystone_internal_fqdn: "{{ kolla_internal_fqdn }}"
keystone_external_fqdn: "{{ kolla_external_fqdn }}"
-keystone_admin_url: "{{ admin_protocol }}://{{ keystone_internal_fqdn | put_address_in_context('url') }}:{{ keystone_public_port }}"
+# TODO(yoctozepto): Remove after Zed. Kept for compatibility only.
+keystone_admin_url: "{{ keystone_internal_url }}"
keystone_internal_url: "{{ internal_protocol }}://{{ keystone_internal_fqdn | put_address_in_context('url') }}:{{ keystone_public_port }}"
keystone_public_url: "{{ public_protocol }}://{{ keystone_external_fqdn | put_address_in_context('url') }}:{{ keystone_public_port }}"
@@ -877,7 +879,7 @@ keystone_default_user_role: "_member_"
# OpenStack authentication string. You should only need to override these if you
# are changing the admin tenant/project or user.
openstack_auth:
- auth_url: "{{ keystone_admin_url }}"
+ auth_url: "{{ keystone_internal_url }}"
username: "{{ keystone_admin_user }}"
password: "{{ keystone_admin_password }}"
user_domain_name: "{{ default_user_domain_name }}"
diff --git a/ansible/roles/aodh/templates/aodh.conf.j2 b/ansible/roles/aodh/templates/aodh.conf.j2
index 607c19e17e3920aa6ccd71f6b0fa9e4d20dbadb1..860e6f60f4ca9e58f6a861b0872bce7e3c742800 100644
--- a/ansible/roles/aodh/templates/aodh.conf.j2
+++ b/ansible/roles/aodh/templates/aodh.conf.j2
@@ -25,7 +25,7 @@ project_name = service
user_domain_name = {{ default_user_domain_name }}
username = {{ aodh_keystone_user }}
password = {{ aodh_keystone_password }}
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
auth_type = password
cafile = {{ openstack_cacert }}
region_name = {{ openstack_region_name }}
diff --git a/ansible/roles/barbican/templates/barbican.conf.j2 b/ansible/roles/barbican/templates/barbican.conf.j2
index 00c9ecf4135a95ec1be027e687553f2e32d12733..546dbc7f041cc088dc9dfc882a8bbf7aa886a3eb 100644
--- a/ansible/roles/barbican/templates/barbican.conf.j2
+++ b/ansible/roles/barbican/templates/barbican.conf.j2
@@ -59,7 +59,7 @@ project_name = service
user_domain_id = {{ default_user_domain_id }}
username = {{ barbican_keystone_user }}
password = {{ barbican_keystone_password }}
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
auth_type = password
cafile = {{ openstack_cacert }}
region_name = {{ openstack_region_name }}
diff --git a/ansible/roles/blazar/templates/blazar.conf.j2 b/ansible/roles/blazar/templates/blazar.conf.j2
index 07545371fd3b3ca88a35dee0eda1ae52076979de..69890191a37309ba4bcc2429d6d07b24f3681ee4 100644
--- a/ansible/roles/blazar/templates/blazar.conf.j2
+++ b/ansible/roles/blazar/templates/blazar.conf.j2
@@ -6,7 +6,7 @@ host = {{ api_interface_address }}
port = {{ blazar_api_port }}
os_auth_host = {{ keystone_internal_fqdn }}
os_auth_port = {{ keystone_public_port }}
-os_auth_protocol = {{ admin_protocol }}
+os_auth_protocol = {{ internal_protocol }}
os_auth_version = v3
os_admin_username = {{ blazar_keystone_user }}
os_admin_password = {{ blazar_keystone_password }}
@@ -21,7 +21,7 @@ plugins = virtual.instance.plugin,physical.host.plugin
[keystone_authtoken]
www_authenticate_uri = {{ keystone_internal_url }}/v3
-auth_url = {{ keystone_admin_url }}/v3
+auth_url = {{ keystone_internal_url }}/v3
auth_type = password
project_domain_id = default
user_domain_id = default
diff --git a/ansible/roles/cinder/templates/cinder.conf.j2 b/ansible/roles/cinder/templates/cinder.conf.j2
index 51116adaf0b31a0676baf4798a94adc4f188f860..3149bc352fa088ca5d3a576e73251ff2bb2e33ff 100644
--- a/ansible/roles/cinder/templates/cinder.conf.j2
+++ b/ansible/roles/cinder/templates/cinder.conf.j2
@@ -85,7 +85,7 @@ policy_file = {{ cinder_policy_file }}
[nova]
interface = internal
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
auth_type = password
project_domain_id = {{ default_project_domain_id }}
user_domain_id = {{ default_user_domain_id }}
@@ -103,7 +103,7 @@ max_retries = -1
[keystone_authtoken]
www_authenticate_uri = {{ keystone_internal_url }}
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
auth_type = password
project_domain_id = {{ default_project_domain_id }}
user_domain_id = {{ default_user_domain_id }}
diff --git a/ansible/roles/cloudkitty/templates/cloudkitty.conf.j2 b/ansible/roles/cloudkitty/templates/cloudkitty.conf.j2
index efa54250e022a14ea1b1bf54a4160df5f56a4893..af9e368fe882a0b26b5e3d9baa8441769c6b70bb 100644
--- a/ansible/roles/cloudkitty/templates/cloudkitty.conf.j2
+++ b/ansible/roles/cloudkitty/templates/cloudkitty.conf.j2
@@ -18,7 +18,7 @@ max_retries = -1
[keystone_authtoken]
www_authenticate_uri = {{ keystone_internal_url }}
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
auth_type = password
project_domain_id = {{ default_project_domain_id }}
user_domain_id = {{ default_user_domain_id }}
diff --git a/ansible/roles/common/templates/admin-openrc.sh.j2 b/ansible/roles/common/templates/admin-openrc.sh.j2
index deccd58b45f30f5c2590db46b97fad48f729fa6c..615c52a34c56a7bd7ba56a45ed99a1e520007e6e 100644
--- a/ansible/roles/common/templates/admin-openrc.sh.j2
+++ b/ansible/roles/common/templates/admin-openrc.sh.j2
@@ -8,7 +8,7 @@ export OS_PROJECT_NAME={{ keystone_admin_project }}
export OS_TENANT_NAME={{ keystone_admin_project }}
export OS_USERNAME={{ keystone_admin_user }}
export OS_PASSWORD={{ keystone_admin_password }}
-export OS_AUTH_URL={{ keystone_admin_url }}/v3
+export OS_AUTH_URL={{ keystone_internal_url }}/v3
export OS_INTERFACE=internal
export OS_ENDPOINT_TYPE=internalURL
{% if enable_manila | bool %}
diff --git a/ansible/roles/cyborg/templates/cyborg.conf.j2 b/ansible/roles/cyborg/templates/cyborg.conf.j2
index 737925f9a4509deb31a44cfd444720bd73115004..180c7f8ef967258fb4a774bc5f1acaa2a910238a 100644
--- a/ansible/roles/cyborg/templates/cyborg.conf.j2
+++ b/ansible/roles/cyborg/templates/cyborg.conf.j2
@@ -25,14 +25,14 @@ project_name = service
user_domain_name = {{ default_user_domain_name }}
username = {{ cyborg_keystone_user }}
password = {{ cyborg_keystone_password }}
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
auth_type = password
cafile = {{ openstack_cacert }}
region_name = {{ openstack_region_name }}
[placement]
auth_type = password
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
username = {{ placement_keystone_user }}
password = {{ placement_keystone_password }}
user_domain_name = {{ default_user_domain_name }}
diff --git a/ansible/roles/designate/templates/designate.conf.j2 b/ansible/roles/designate/templates/designate.conf.j2
index 3d977f6228779d797ff667d7b2c6155973fd93a9..e47c913d50ceab29b0882fa06c6562d075991765 100644
--- a/ansible/roles/designate/templates/designate.conf.j2
+++ b/ansible/roles/designate/templates/designate.conf.j2
@@ -20,7 +20,7 @@ enabled_extensions_admin = quotas, reports
[keystone_authtoken]
www_authenticate_uri = {{ keystone_internal_url }}
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
auth_type = password
project_domain_id = {{ default_project_domain_id }}
user_domain_id = {{ default_user_domain_id }}
diff --git a/ansible/roles/freezer/templates/freezer.conf.j2 b/ansible/roles/freezer/templates/freezer.conf.j2
index aaa07dcb78559f1796250d07fff70efeb9d19140..99b6365b43d5db3c7689ad7a03689ad8d4d327cb 100644
--- a/ansible/roles/freezer/templates/freezer.conf.j2
+++ b/ansible/roles/freezer/templates/freezer.conf.j2
@@ -25,7 +25,7 @@ os_user_domain_name = {{ openstack_auth.user_domain_name }}
{% if service_name == 'freezer-api' %}
[keystone_authtoken]
www_authenticate_uri = {{ keystone_internal_url }}
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
auth_type = password
project_domain_id = {{ default_project_domain_id }}
user_domain_id = {{ default_user_domain_id }}
diff --git a/ansible/roles/glance/templates/glance-api.conf.j2 b/ansible/roles/glance/templates/glance-api.conf.j2
index 52dab9ba1ea1070fcc5c6923abf45ebda32f75d3..371ad6d464c24b2d8676097df1e0849627d61e2d 100644
--- a/ansible/roles/glance/templates/glance-api.conf.j2
+++ b/ansible/roles/glance/templates/glance-api.conf.j2
@@ -42,7 +42,7 @@ max_retries = -1
[keystone_authtoken]
www_authenticate_uri = {{ keystone_internal_url }}
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
auth_type = password
project_domain_id = {{ default_project_domain_id }}
user_domain_id = {{ default_user_domain_id }}
diff --git a/ansible/roles/glance/templates/glance-cache.conf.j2 b/ansible/roles/glance/templates/glance-cache.conf.j2
index 9e3275399ff0c81187b90593013d97f5eb44b0fd..9ff0f6efc6b3106d6ab9274a65b7409fabf0071a 100644
--- a/ansible/roles/glance/templates/glance-cache.conf.j2
+++ b/ansible/roles/glance/templates/glance-cache.conf.j2
@@ -6,7 +6,7 @@ log_file = /var/log/kolla/glance/glance-cache.log
image_cache_max_size = {{ glance_cache_max_size }}
image_cache_dir = /var/lib/glance/image-cache
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
admin_password = {{ glance_keystone_password }}
admin_user = {{ glance_keystone_user }}
admin_tenant_name = {{ default_project_domain_id }}
diff --git a/ansible/roles/gnocchi/templates/gnocchi.conf.j2 b/ansible/roles/gnocchi/templates/gnocchi.conf.j2
index dc645160a54df5ccd6521ba984b3112f895f9e02..e2f53ad3f8a147fd4d8405cf9598717eb4b2ec80 100644
--- a/ansible/roles/gnocchi/templates/gnocchi.conf.j2
+++ b/ansible/roles/gnocchi/templates/gnocchi.conf.j2
@@ -50,7 +50,7 @@ project_name = service
user_domain_id = {{ default_user_domain_id }}
username = {{ gnocchi_keystone_user }}
password = {{ gnocchi_keystone_password }}
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
auth_type = password
cafile = {{ openstack_cacert }}
region_name = {{ openstack_region_name }}
diff --git a/ansible/roles/heat/templates/heat.conf.j2 b/ansible/roles/heat/templates/heat.conf.j2
index a9fe31fdc7645541bfe54a578d04c1f91008adf9..b9cb32910c8c25dfced230822ae0968c8d384238 100644
--- a/ansible/roles/heat/templates/heat.conf.j2
+++ b/ansible/roles/heat/templates/heat.conf.j2
@@ -44,7 +44,7 @@ max_retries = -1
[keystone_authtoken]
www_authenticate_uri = {{ keystone_internal_url }}
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
auth_type = password
project_domain_id = {{ default_project_domain_id }}
user_domain_id = {{ default_user_domain_id }}
@@ -67,7 +67,7 @@ memcache_servers = {% for host in groups['memcached'] %}{{ 'api' | kolla_address
[trustee]
auth_uri = {{ keystone_internal_url }}
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
auth_type = password
user_domain_id = {{ default_user_domain_id }}
username = {{ heat_keystone_user }}
diff --git a/ansible/roles/ironic/templates/ironic-inspector.conf.j2 b/ansible/roles/ironic/templates/ironic-inspector.conf.j2
index d9e34478af33156b3b81afaa0406977a1e225568..6a1eebb2ebf8c3a28ff79e7bc8fc4ffbafde36b0 100644
--- a/ansible/roles/ironic/templates/ironic-inspector.conf.j2
+++ b/ansible/roles/ironic/templates/ironic-inspector.conf.j2
@@ -20,7 +20,7 @@ ssl_ca_file = {{ om_rabbitmq_cacert }}
[ironic]
{% if ironic_enable_keystone_integration | bool %}
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
auth_type = password
project_domain_id = {{ default_project_domain_id }}
user_domain_id = {{ default_user_domain_id }}
@@ -38,7 +38,7 @@ endpoint_override = {{ ironic_internal_endpoint }}
{% if ironic_enable_keystone_integration | bool %}
[keystone_authtoken]
www_authenticate_uri = {{ keystone_internal_url }}
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
auth_type = password
project_domain_id = {{ default_project_domain_id }}
user_domain_id = {{ default_user_domain_id }}
diff --git a/ansible/roles/ironic/templates/ironic.conf.j2 b/ansible/roles/ironic/templates/ironic.conf.j2
index 2c78dd8ad21b0a4b7a6e0d746d868845ff692c58..17a062e3c50e674463de75d8470340c44a7651bb 100644
--- a/ansible/roles/ironic/templates/ironic.conf.j2
+++ b/ansible/roles/ironic/templates/ironic.conf.j2
@@ -48,7 +48,7 @@ max_retries = -1
{% if ironic_enable_keystone_integration | bool %}
[keystone_authtoken]
www_authenticate_uri = {{ keystone_internal_url }}
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
auth_type = password
project_domain_id = {{ default_project_domain_id }}
user_domain_id = {{ default_user_domain_id }}
@@ -66,7 +66,7 @@ memcached_servers = {% for host in groups['memcached'] %}{{ 'api' | kolla_addres
{% if enable_cinder | bool %}
[cinder]
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
auth_type = password
project_domain_id = {{ default_project_domain_id }}
user_domain_id = default
@@ -80,7 +80,7 @@ cafile = {{ openstack_cacert }}
{% if enable_glance | bool %}
[glance]
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
auth_type = password
project_domain_id = {{ default_project_domain_id }}
user_domain_id = default
@@ -94,7 +94,7 @@ cafile = {{ openstack_cacert }}
{% if enable_neutron | bool %}
[neutron]
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
auth_type = password
project_domain_id = {{ default_project_domain_id }}
user_domain_id = default
@@ -109,7 +109,7 @@ cafile = {{ openstack_cacert }}
{% if enable_nova | bool %}
[nova]
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
auth_type = password
project_domain_id = {{ default_project_domain_id }}
user_domain_id = default
@@ -123,7 +123,7 @@ cafile = {{ openstack_cacert }}
{% if enable_swift | bool %}
[swift]
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
auth_type = password
project_domain_id = {{ default_project_domain_id }}
user_domain_id = {{ default_user_domain_id }}
@@ -137,7 +137,7 @@ cafile = {{ openstack_cacert }}
[inspector]
{% if ironic_enable_keystone_integration | bool %}
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
auth_type = password
project_domain_id = {{ default_project_domain_id }}
user_domain_id = default
@@ -154,7 +154,7 @@ endpoint_override = {{ ironic_inspector_internal_endpoint }}
[service_catalog]
{% if ironic_enable_keystone_integration | bool %}
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
auth_type = password
project_domain_id = {{ default_project_domain_id }}
user_domain_id = default
diff --git a/ansible/roles/keystone/defaults/main.yml b/ansible/roles/keystone/defaults/main.yml
index 541dd41dc1bf1b938d8b3c2d50f307fc9f30b076..d07c9a594ed26f4cfc33a9505d7804fdfa5f0093 100644
--- a/ansible/roles/keystone/defaults/main.yml
+++ b/ansible/roles/keystone/defaults/main.yml
@@ -186,7 +186,7 @@ keystone_ks_services:
type: "identity"
description: "Openstack Identity Service"
endpoints:
- - {'interface': 'admin', 'url': '{{ keystone_admin_url }}'}
+ - {'interface': 'admin', 'url': '{{ keystone_internal_url }}'}
- {'interface': 'internal', 'url': '{{ keystone_internal_url }}'}
- {'interface': 'public', 'url': '{{ keystone_public_url }}'}
diff --git a/ansible/roles/keystone/tasks/register.yml b/ansible/roles/keystone/tasks/register.yml
index 4e7bdccc629f58d28cc62cdc46cd422ac65d6176..1afb3fce713a51364cfdca490d7a9c668c37a979 100644
--- a/ansible/roles/keystone/tasks/register.yml
+++ b/ansible/roles/keystone/tasks/register.yml
@@ -4,7 +4,7 @@
command: >
docker exec keystone kolla_keystone_bootstrap
{{ openstack_auth.username }} {{ openstack_auth.password }} {{ keystone_admin_project }}
- admin {{ keystone_admin_url }} {{ keystone_internal_url }} {{ keystone_public_url }} {{ item }}
+ admin {{ keystone_internal_url }} {{ keystone_internal_url }} {{ keystone_public_url }} {{ item }}
register: keystone_bootstrap
changed_when: (keystone_bootstrap.stdout | from_json).changed
failed_when: (keystone_bootstrap.stdout | from_json).failed
diff --git a/ansible/roles/kuryr/templates/kuryr.conf.j2 b/ansible/roles/kuryr/templates/kuryr.conf.j2
index 9ac3d4cf0026d97dc81a7a2aace0a47344d4a823..c399740c07b0a5b62433e2aeb6873a3778816a2a 100644
--- a/ansible/roles/kuryr/templates/kuryr.conf.j2
+++ b/ansible/roles/kuryr/templates/kuryr.conf.j2
@@ -11,7 +11,7 @@ default_driver = kuryr.lib.binding.drivers.veth
[neutron]
auth_uri = {{ keystone_internal_url }}
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
auth_type = password
endpoint_type = internal
project_domain_name = {{ default_project_domain_name }}
diff --git a/ansible/roles/magnum/templates/magnum.conf.j2 b/ansible/roles/magnum/templates/magnum.conf.j2
index 321f54186c43c3d769efaa842e26dff17e5190b0..072ea353aa1946bacb69e18ef304bf4d032ea600 100644
--- a/ansible/roles/magnum/templates/magnum.conf.j2
+++ b/ansible/roles/magnum/templates/magnum.conf.j2
@@ -77,7 +77,7 @@ cafile = {{ openstack_cacert }}
[keystone_authtoken]
auth_version = v3
www_authenticate_uri = {{ keystone_internal_url }}/v3
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
auth_type = password
project_domain_name = {{ default_project_domain_name }}
user_domain_name = {{ default_user_domain_name }}
diff --git a/ansible/roles/manila/templates/manila-share.conf.j2 b/ansible/roles/manila/templates/manila-share.conf.j2
index b36bfa8513da85f944b380c4ca2894baeb84e48f..82cecff683d23da9f198dae307265389b64a4421 100644
--- a/ansible/roles/manila/templates/manila-share.conf.j2
+++ b/ansible/roles/manila/templates/manila-share.conf.j2
@@ -6,7 +6,7 @@ enabled_share_backends = {{ manila_enabled_backends|map(attribute='name')|join('
default_share_type = default_share_type
[glance]
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
auth_type = password
project_domain_id = {{ default_project_domain_id }}
user_domain_id = {{ default_user_domain_id }}
@@ -19,7 +19,7 @@ cafile = {{ openstack_cacert }}
[cinder]
auth_uri = {{ keystone_internal_url }}
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
auth_type = password
project_domain_id = {{ default_project_domain_id }}
user_domain_id = {{ default_user_domain_id }}
@@ -36,7 +36,7 @@ memcached_servers = {% for host in groups['memcached'] %}{{ 'api' | kolla_addres
[nova]
auth_uri = {{ keystone_internal_url }}
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
auth_type = password
project_domain_id = {{ default_project_domain_id }}
user_domain_id = {{ default_user_domain_id }}
@@ -54,7 +54,7 @@ memcached_servers = {% for host in groups['memcached'] %}{{ 'api' | kolla_addres
[neutron]
auth_uri = {{ keystone_internal_url }}
url = {{ neutron_internal_endpoint }}
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
auth_type = password
project_domain_id = {{ default_project_domain_id }}
user_domain_id = {{ default_user_domain_id }}
diff --git a/ansible/roles/manila/templates/manila.conf.j2 b/ansible/roles/manila/templates/manila.conf.j2
index b9335c648a547499276200755313fe2e299617d2..e5f5c359b39943e5601c770da244d7448c06c136 100644
--- a/ansible/roles/manila/templates/manila.conf.j2
+++ b/ansible/roles/manila/templates/manila.conf.j2
@@ -32,7 +32,7 @@ max_retries = -1
[keystone_authtoken]
www_authenticate_uri = {{ keystone_internal_url }}
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
auth_type = password
project_domain_id = {{ default_project_domain_id }}
user_domain_id = {{ default_user_domain_id }}
diff --git a/ansible/roles/masakari/templates/masakari-monitors.conf.j2 b/ansible/roles/masakari/templates/masakari-monitors.conf.j2
index 0239e6e5a4ca890d999254019f57f5cd33c1e989..016fb8d4c93d93d462923788065a278fb8171ddb 100644
--- a/ansible/roles/masakari/templates/masakari-monitors.conf.j2
+++ b/ansible/roles/masakari/templates/masakari-monitors.conf.j2
@@ -4,7 +4,7 @@ log_dir = /var/log/kolla/masakari
[api]
region = {{ openstack_region_name }}
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
user_domain_id = {{ default_user_domain_id }}
project_name = service
project_domain_id = {{ default_project_domain_id }}
diff --git a/ansible/roles/masakari/templates/masakari.conf.j2 b/ansible/roles/masakari/templates/masakari.conf.j2
index b77880073f4d29703ad77bd6922e45a1063887fb..fe46740b762b96b1ab0adb2898b914dce79ad619 100644
--- a/ansible/roles/masakari/templates/masakari.conf.j2
+++ b/ansible/roles/masakari/templates/masakari.conf.j2
@@ -23,7 +23,7 @@ max_retries = -1
[keystone_authtoken]
www_authenticate_uri = {{ keystone_internal_url }}/v3
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
auth_type = password
project_domain_name = {{ default_project_domain_name }}
user_domain_name = {{ default_user_domain_name }}
diff --git a/ansible/roles/mistral/templates/mistral.conf.j2 b/ansible/roles/mistral/templates/mistral.conf.j2
index af604947b69dc5d824c8748a3fcfda0ca0fbd5a4..58291e5703a91bd83a89e2f413cfb371e8288824 100644
--- a/ansible/roles/mistral/templates/mistral.conf.j2
+++ b/ansible/roles/mistral/templates/mistral.conf.j2
@@ -40,7 +40,7 @@ max_retries = -1
[keystone_authtoken]
www_authenticate_uri = {{ keystone_internal_url }}/v3
-auth_url = {{ keystone_admin_url }}/v3
+auth_url = {{ keystone_internal_url }}/v3
auth_type = password
project_domain_id = {{ default_project_domain_id }}
user_domain_id = {{ default_user_domain_id }}
diff --git a/ansible/roles/monasca/templates/monasca-agent-forwarder/agent-forwarder.yml.j2 b/ansible/roles/monasca/templates/monasca-agent-forwarder/agent-forwarder.yml.j2
index 84365caed6a00a4ad2b3c0a64562db1b5310509c..5a55dbf7928faf1972fcc5730dd50c4cf56dc803 100644
--- a/ansible/roles/monasca/templates/monasca-agent-forwarder/agent-forwarder.yml.j2
+++ b/ansible/roles/monasca/templates/monasca-agent-forwarder/agent-forwarder.yml.j2
@@ -4,7 +4,7 @@ Api:
region_name: {{ openstack_region_name }}
username: {{ monasca_agent_user }}
password: {{ monasca_agent_password }}
- keystone_url: {{ keystone_admin_url }}
+ keystone_url: {{ keystone_internal_url }}
user_domain_name: Default
project_name: {{ monasca_control_plane_project }}
project_domain_id: {{ default_project_domain_id }}
diff --git a/ansible/roles/monasca/templates/monasca-api/api.conf.j2 b/ansible/roles/monasca/templates/monasca-api/api.conf.j2
index cb55fadbdcad709afe4cbe730853dfe529270efb..14990642b6d2d148fc3d4d243924866dfb15135f 100644
--- a/ansible/roles/monasca/templates/monasca-api/api.conf.j2
+++ b/ansible/roles/monasca/templates/monasca-api/api.conf.j2
@@ -32,7 +32,7 @@ delegate_authorized_roles = {{ monasca_delegate_authorized_roles|join(', ') }}
[keystone_authtoken]
www_authenticate_uri = {{ keystone_internal_url }}
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
auth_type = password
project_domain_id = {{ default_project_domain_id }}
user_domain_id = {{ default_user_domain_id }}
diff --git a/ansible/roles/murano/templates/murano.conf.j2 b/ansible/roles/murano/templates/murano.conf.j2
index d99fe060616e5f91d0120d5561b035d9fd33d330..3d8f05b7b7ef3146a704e677570de4bc4b3b417e 100644
--- a/ansible/roles/murano/templates/murano.conf.j2
+++ b/ansible/roles/murano/templates/murano.conf.j2
@@ -22,7 +22,7 @@ max_retries = -1
[keystone_authtoken]
www_authenticate_uri = {{ keystone_internal_url }}
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
auth_type = password
project_domain_id = {{ default_project_domain_id }}
user_domain_id = {{ default_user_domain_id }}
@@ -38,7 +38,7 @@ memcached_servers = {% for host in groups['memcached'] %}{{ 'api' | kolla_addres
[murano_auth]
auth_uri = {{ keystone_internal_url }}/v3
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
auth_type = password
project_domain_name = {{ default_project_domain_name }}
user_domain_name = {{ default_user_domain_name }}
diff --git a/ansible/roles/neutron/templates/ironic_neutron_agent.ini.j2 b/ansible/roles/neutron/templates/ironic_neutron_agent.ini.j2
index 2e8d05fd916f9b30b140e6e3c24388bf99dbc9d0..5906991f31f4c53b8abd4c7b0a2d086d52a705d2 100644
--- a/ansible/roles/neutron/templates/ironic_neutron_agent.ini.j2
+++ b/ansible/roles/neutron/templates/ironic_neutron_agent.ini.j2
@@ -1,5 +1,5 @@
[ironic]
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
auth_type = password
project_domain_id = {{ default_project_domain_id }}
user_domain_id = {{ default_user_domain_id }}
diff --git a/ansible/roles/neutron/templates/neutron.conf.j2 b/ansible/roles/neutron/templates/neutron.conf.j2
index 5b0ad347ea562377dcd7d02ded41f09d93ebc47b..b952fba2cdc08ecb4d0bc0cef6219887d724b98e 100644
--- a/ansible/roles/neutron/templates/neutron.conf.j2
+++ b/ansible/roles/neutron/templates/neutron.conf.j2
@@ -86,7 +86,7 @@ nsx_extension_drivers = vmware_dvs_dns
ipam_driver = {{ neutron_ipam_driver }}
[nova]
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
auth_type = password
project_domain_id = {{ default_project_domain_id }}
user_domain_id = {{ default_user_domain_id }}
@@ -114,7 +114,7 @@ max_retries = -1
[keystone_authtoken]
www_authenticate_uri = {{ keystone_internal_url }}
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
auth_type = password
project_domain_id = {{ default_project_domain_id }}
user_domain_id = {{ default_user_domain_id }}
@@ -161,7 +161,7 @@ drivers = ovs
[designate]
url = {{ designate_internal_endpoint }}/v2
auth_uri = {{ keystone_internal_url }}
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
auth_type = password
project_domain_id = {{ default_project_domain_id }}
user_domain_id = {{ default_user_domain_id }}
@@ -185,7 +185,7 @@ connection_string = {{ osprofiler_backend_connection_string }}
[placement]
auth_type = password
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
username = {{ placement_keystone_user }}
password = {{ placement_keystone_password }}
user_domain_name = {{ default_user_domain_name }}
diff --git a/ansible/roles/nova-cell/templates/nova.conf.j2 b/ansible/roles/nova-cell/templates/nova.conf.j2
index 9baa712f25f632d050d83ae0801066da3ef0f609..e087f09b9afa480765a223d00efe57f94802aa25 100644
--- a/ansible/roles/nova-cell/templates/nova.conf.j2
+++ b/ansible/roles/nova-cell/templates/nova.conf.j2
@@ -107,7 +107,7 @@ num_retries = 3
[cinder]
catalog_info = volumev3:cinderv3:internalURL
os_region_name = {{ openstack_region_name }}
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
auth_type = password
project_domain_name = {{ default_project_domain_name }}
user_domain_id = {{ default_user_domain_id }}
@@ -123,7 +123,7 @@ service_metadata_proxy = true
{% if neutron_plugin_agent in ['vmware_nsxv3', 'vmware_nsxp'] %}
ovs_bridge = {{ ovs_bridge }}
{% endif %}
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
auth_type = password
cafile = {{ openstack_cacert }}
project_domain_name = {{ default_project_domain_name }}
@@ -203,7 +203,7 @@ debug = {{ nova_logging_debug }}
[placement]
auth_type = password
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
username = {{ placement_keystone_user }}
password = {{ placement_keystone_password }}
user_domain_name = {{ default_user_domain_name }}
diff --git a/ansible/roles/nova/templates/nova.conf.j2 b/ansible/roles/nova/templates/nova.conf.j2
index 93913c065d29cb21b87e99593cef6c26fef1b670..8cf9e77852ea0d0bbf54b9d610f8152798a81592 100644
--- a/ansible/roles/nova/templates/nova.conf.j2
+++ b/ansible/roles/nova/templates/nova.conf.j2
@@ -66,7 +66,7 @@ debug = {{ nova_logging_debug }}
[cinder]
catalog_info = volumev3:cinderv3:internalURL
os_region_name = {{ openstack_region_name }}
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
auth_type = password
project_domain_name = {{ default_project_domain_name }}
user_domain_id = {{ default_user_domain_id }}
@@ -79,7 +79,7 @@ cafile = {{ openstack_cacert }}
[neutron]
metadata_proxy_shared_secret = {{ metadata_secret }}
service_metadata_proxy = true
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
auth_type = password
project_domain_name = {{ default_project_domain_name }}
user_domain_id = {{ default_user_domain_id }}
@@ -111,7 +111,7 @@ memcache_servers = {% for host in groups['memcached'] %}{{ 'api' | kolla_address
[keystone_authtoken]
www_authenticate_uri = {{ keystone_internal_url }}
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
auth_type = password
project_domain_id = {{ default_project_domain_id }}
user_domain_id = {{ default_user_domain_id }}
@@ -170,7 +170,7 @@ workers = {{ openstack_service_workers }}
[placement]
auth_type = password
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
username = {{ placement_keystone_user }}
password = {{ placement_keystone_password }}
user_domain_name = {{ default_user_domain_name }}
diff --git a/ansible/roles/octavia/defaults/main.yml b/ansible/roles/octavia/defaults/main.yml
index 5a41259896d44d81e48fa004ec944a75caab767c..8af04ec28e05b13a63dc03edca5043b5eec415eb 100644
--- a/ansible/roles/octavia/defaults/main.yml
+++ b/ansible/roles/octavia/defaults/main.yml
@@ -251,7 +251,7 @@ octavia_loadbalancer_topology: "SINGLE"
# OpenStack auth used when registering resources for Octavia.
octavia_user_auth:
- auth_url: "{{ keystone_admin_url }}"
+ auth_url: "{{ keystone_internal_url }}"
username: "octavia"
password: "{{ octavia_keystone_password }}"
project_name: "{{ octavia_service_auth_project }}"
diff --git a/ansible/roles/octavia/templates/octavia-openrc.sh.j2 b/ansible/roles/octavia/templates/octavia-openrc.sh.j2
index 605613526beed00777735ce097c9a45bdc2de253..4833855b0bbca59a21972fd4fbd979d4519c141f 100644
--- a/ansible/roles/octavia/templates/octavia-openrc.sh.j2
+++ b/ansible/roles/octavia/templates/octavia-openrc.sh.j2
@@ -5,6 +5,6 @@ export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME={{ octavia_service_auth_project }}
export OS_USERNAME={{ octavia_keystone_user }}
export OS_PASSWORD={{ octavia_keystone_password }}
-export OS_AUTH_URL={{ keystone_admin_url }}/v3
+export OS_AUTH_URL={{ keystone_internal_url }}/v3
export OS_INTERFACE=internal
export OS_ENDPOINT_TYPE=internalURL
diff --git a/ansible/roles/octavia/templates/octavia.conf.j2 b/ansible/roles/octavia/templates/octavia.conf.j2
index 1ed0e27e881e2924f080b06c2a894dd6e8fa3a90..621dd2ee1394fae84f9cfef21a7e63b8eb8802f7 100644
--- a/ansible/roles/octavia/templates/octavia.conf.j2
+++ b/ansible/roles/octavia/templates/octavia.conf.j2
@@ -44,7 +44,7 @@ max_pool_size = {{ database_max_pool_size }}
max_retries = -1
[service_auth]
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
auth_type = password
username = {{ octavia_keystone_user }}
password = {{ octavia_keystone_password }}
@@ -59,7 +59,7 @@ memcached_servers = {% for host in groups['memcached'] %}{{ 'api' | kolla_addres
[keystone_authtoken]
www_authenticate_uri = {{ keystone_internal_url }}
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
auth_type = password
project_domain_id = {{ default_project_domain_id }}
user_domain_id = {{ default_user_domain_id }}
diff --git a/ansible/roles/placement/templates/placement.conf.j2 b/ansible/roles/placement/templates/placement.conf.j2
index 04ca66fa900278e49c426ba26fc2099a2134f772..bb788a7cd169712afa168ef8d30c42a8861c2064 100644
--- a/ansible/roles/placement/templates/placement.conf.j2
+++ b/ansible/roles/placement/templates/placement.conf.j2
@@ -36,7 +36,7 @@ memcache_servers = {% for host in groups['memcached'] %}{{ 'api' | kolla_address
[keystone_authtoken]
www_authenticate_uri = {{ keystone_internal_url }}
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
auth_type = password
project_domain_id = {{ default_project_domain_id }}
user_domain_id = {{ default_user_domain_id }}
diff --git a/ansible/roles/prometheus/templates/clouds.yml.j2 b/ansible/roles/prometheus/templates/clouds.yml.j2
index ffb711d7ff486bf672d0a047d8614eee46815b43..38d4a923832ad9b7c0ce180b1372056953dea5cc 100644
--- a/ansible/roles/prometheus/templates/clouds.yml.j2
+++ b/ansible/roles/prometheus/templates/clouds.yml.j2
@@ -11,4 +11,4 @@ clouds:
project_domain_name: 'Default'
user_domain_name: 'Default'
cacert: {{ openstack_cacert }}
- auth_url: {{ keystone_admin_url }}/v3
+ auth_url: {{ keystone_internal_url }}/v3
diff --git a/ansible/roles/sahara/templates/sahara.conf.j2 b/ansible/roles/sahara/templates/sahara.conf.j2
index 67c128847020224ccdf9c6a32e16e76e1a8a9a74..f53c16405925ff402a6b81d28a85134bdc1e1ddf 100644
--- a/ansible/roles/sahara/templates/sahara.conf.j2
+++ b/ansible/roles/sahara/templates/sahara.conf.j2
@@ -16,7 +16,7 @@ connection_recycle_time = {{ database_connection_recycle_time }}
max_pool_size = {{ database_max_pool_size }}
[keystone_authtoken]
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
auth_type = password
user_domain_name = {{ default_project_domain_name }}
project_name = service
@@ -60,5 +60,5 @@ project_name = service
user_domain_name = {{ default_user_domain_name }}
username = {{ sahara_keystone_user }}
password = {{ sahara_keystone_password }}
-auth_url = {{ keystone_admin_url }}/v3
+auth_url = {{ keystone_internal_url }}/v3
cafile = {{ openstack_cacert }}
diff --git a/ansible/roles/senlin/templates/senlin.conf.j2 b/ansible/roles/senlin/templates/senlin.conf.j2
index 91064bcbac1cefbdf1170a5ef60fdcd78666597d..804a35ec9c9b7c9ad754c7efd36756668b0a830f 100644
--- a/ansible/roles/senlin/templates/senlin.conf.j2
+++ b/ansible/roles/senlin/templates/senlin.conf.j2
@@ -13,7 +13,7 @@ workers = {{ openstack_service_workers }}
{% endif %}
[authentication]
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
service_username = {{ senlin_keystone_user }}
service_password = {{ senlin_keystone_password }}
service_project_name = service
@@ -43,7 +43,7 @@ workers = {{ openstack_service_workers }}
[keystone_authtoken]
www_authenticate_uri = {{ keystone_internal_url }}
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
auth_type = password
project_domain_id = {{ default_project_domain_id }}
user_domain_id = {{ default_user_domain_id }}
diff --git a/ansible/roles/solum/templates/solum.conf.j2 b/ansible/roles/solum/templates/solum.conf.j2
index 60eec43e6552b9c8f13c400168fe37490b5c359f..4ebec02f35276bab94f36d2e0c41160ce634a2c6 100644
--- a/ansible/roles/solum/templates/solum.conf.j2
+++ b/ansible/roles/solum/templates/solum.conf.j2
@@ -49,7 +49,7 @@ max_retries = -1
[keystone_authtoken]
www_authenticate_uri = {{ keystone_internal_url }}
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
auth_type = password
project_domain_id = {{ default_project_domain_id }}
user_domain_id = {{ default_user_domain_id }}
diff --git a/ansible/roles/swift/templates/proxy-server.conf.j2 b/ansible/roles/swift/templates/proxy-server.conf.j2
index 90dab06112b905d08ad822d71ed47b6e312423b2..42f87ee5371f542cb35dad96892967a9469b0bc1 100644
--- a/ansible/roles/swift/templates/proxy-server.conf.j2
+++ b/ansible/roles/swift/templates/proxy-server.conf.j2
@@ -36,7 +36,7 @@ use = egg:swift#proxy_logging
[filter:authtoken]
paste.filter_factory = keystonemiddleware.auth_token:filter_factory
auth_uri = {{ keystone_internal_url }}
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
auth_type = password
project_domain_id = {{ default_project_domain_id }}
user_domain_id = {{ default_user_domain_id }}
diff --git a/ansible/roles/tacker/templates/tacker.conf.j2 b/ansible/roles/tacker/templates/tacker.conf.j2
index dee94b7af7fd860e3b4ea3c75b8ce7a8ddda26fc..df2fa1c2c41599727565a6e50b7e1213a513d477 100644
--- a/ansible/roles/tacker/templates/tacker.conf.j2
+++ b/ansible/roles/tacker/templates/tacker.conf.j2
@@ -33,7 +33,7 @@ max_retries = -1
[keystone_authtoken]
www_authenticate_uri = {{ keystone_internal_url }}
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
auth_type = password
project_domain_name = {{ default_project_domain_id }}
user_domain_name = {{ default_user_domain_id }}
@@ -51,7 +51,7 @@ memcached_servers = {% for host in groups['memcached'] %}{{ 'api' | kolla_addres
username = {{ tacker_keystone_user }}
password = {{ tacker_keystone_password }}
project_name = service
-url = {{ keystone_admin_url }}
+url = {{ keystone_internal_url }}
[ceilometer]
host = {{ api_interface_address }}
diff --git a/ansible/roles/trove/templates/trove.conf.j2 b/ansible/roles/trove/templates/trove.conf.j2
index e7a2d2f016b519caf765ed0502ade4abd465169f..f58ab43ab9a83ccf86dd33f358a71e105c22b599 100644
--- a/ansible/roles/trove/templates/trove.conf.j2
+++ b/ansible/roles/trove/templates/trove.conf.j2
@@ -56,7 +56,7 @@ project_name = service
user_domain_name = {{ default_user_domain_name }}
username = {{ trove_keystone_user }}
password = {{ trove_keystone_password }}
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
auth_type = password
cafile = {{ openstack_cacert }}
region_name = {{ openstack_region_name }}
diff --git a/ansible/roles/venus/templates/venus.conf.j2 b/ansible/roles/venus/templates/venus.conf.j2
index 89039d78164a5e8c8f9786776ee4e4f3f6886596..7e7b08364b25adc0961031ae557449192c50b9c6 100644
--- a/ansible/roles/venus/templates/venus.conf.j2
+++ b/ansible/roles/venus/templates/venus.conf.j2
@@ -23,7 +23,7 @@ cafile = {{ openstack_cacert }}
project_name = service
password = {{ venus_keystone_password }}
username = {{ venus_keystone_user }}
-auth_url = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}
+auth_url = {{ keystone_internal_url }}
project_domain_id = {{ default_project_domain_id }}
user_domain_id = {{ default_user_domain_id }}
auth_type = password
diff --git a/ansible/roles/vitrage/templates/vitrage.conf.j2 b/ansible/roles/vitrage/templates/vitrage.conf.j2
index 1482f8278a1cdc2420418348670c5c2dba382701..4fac689c34dba6cf633d81e4284e75dc0a66b56d 100644
--- a/ansible/roles/vitrage/templates/vitrage.conf.j2
+++ b/ansible/roles/vitrage/templates/vitrage.conf.j2
@@ -33,7 +33,7 @@ plugins = jaccard_correlation
[keystone_authtoken]
www_authenticate_uri = {{ keystone_internal_url }}
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
auth_type = password
project_domain_id = {{ default_project_domain_id }}
user_domain_id = {{ default_user_domain_id }}
diff --git a/ansible/roles/watcher/templates/watcher.conf.j2 b/ansible/roles/watcher/templates/watcher.conf.j2
index 467e0b5b0664991defab215e84d3056efeef9b45..6ac5b966a3466822d554f04a31a60c00b85728e3 100644
--- a/ansible/roles/watcher/templates/watcher.conf.j2
+++ b/ansible/roles/watcher/templates/watcher.conf.j2
@@ -20,7 +20,7 @@ max_retries = -1
[keystone_authtoken]
www_authenticate_uri = {{ keystone_internal_url }}
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
auth_type = password
project_domain_id = {{ default_project_domain_id }}
user_domain_id = {{ default_user_domain_id }}
@@ -37,7 +37,7 @@ memcached_servers = {% for host in groups['memcached'] %}{{ 'api' | kolla_addres
[watcher_clients_auth]
auth_uri = {{ keystone_internal_url }}
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
auth_type = password
project_domain_id = {{ default_project_domain_id }}
user_domain_id = {{ default_user_domain_id }}
diff --git a/ansible/roles/zun/templates/zun.conf.j2 b/ansible/roles/zun/templates/zun.conf.j2
index 491b821c071742b8c07ff94e4cee6f6e998f3a8c..255332495922a9c49e05c1dba0a1bf6f3d305fb0 100644
--- a/ansible/roles/zun/templates/zun.conf.j2
+++ b/ansible/roles/zun/templates/zun.conf.j2
@@ -32,7 +32,7 @@ max_retries = -1
# - best keep them both in sync
[keystone_auth]
www_authenticate_uri = {{ keystone_internal_url }}
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
auth_type = password
project_domain_id = {{ default_project_domain_id }}
user_domain_id = {{ default_user_domain_id }}
@@ -54,7 +54,7 @@ memcached_servers = {% for host in groups['memcached'] %}{{ 'api' | kolla_addres
# - best keep them both in sync
[keystone_authtoken]
www_authenticate_uri = {{ keystone_internal_url }}
-auth_url = {{ keystone_admin_url }}
+auth_url = {{ keystone_internal_url }}
auth_type = password
project_domain_id = {{ default_project_domain_id }}
user_domain_id = {{ default_user_domain_id }}
diff --git a/releasenotes/notes/keystone-admin-port-gone-1a28302df63aa70b.yaml b/releasenotes/notes/keystone-admin-port-gone-1a28302df63aa70b.yaml
index b7721da54d91b2746e8f96321f91d168706dda6f..bbe130224ac2dfd451c39fe2bd8c4da4fed25c43 100644
--- a/releasenotes/notes/keystone-admin-port-gone-1a28302df63aa70b.yaml
+++ b/releasenotes/notes/keystone-admin-port-gone-1a28302df63aa70b.yaml
@@ -1,4 +1,8 @@
---
+deprecations:
+ - |
+ Variables ``keystone_admin_port``, ``keystone_admin_url`` and
+ ``admin_protocol`` are deprecated for removal after Zed.
upgrade:
- |
Keystone's admin interface no longer points to a separate port.
@@ -6,3 +10,7 @@ upgrade:
compatibility. Users are advised to run the deploy and post-deploy
commands afterwards to ensure port's cleanup.
For more information, please refer to the docs.
+ Please note that the relevant variables ``keystone_admin_port``,
+ ``keystone_admin_url`` and ``admin_protocol`` are no longer used
+ and are deprecated for removal after Zed. Please cease their usage
+ in your customisations.