diff --git a/salt/cloud/clouds/openstack.py b/salt/cloud/clouds/openstack.py index 880c543cb8..ea47106d90 100644 --- a/salt/cloud/clouds/openstack.py +++ b/salt/cloud/clouds/openstack.py @@ -27,7 +27,9 @@ Set up in the cloud configuration at ``/etc/salt/cloud.providers`` or my-openstack-config: # The OpenStack identity service url - identity_url: https://region-b.geo-1.identity.hpcloudsvc.com:35357/v2.0/ + identity_url: https://region-b.geo-1.identity.hpcloudsvc.com:35357/v2.0/tokens + # The OpenStack Identity Version (default: 2) + auth_version: 2 # The OpenStack compute region compute_region: region-b.geo-1 # The OpenStack compute service name @@ -67,6 +69,22 @@ For in-house Openstack Essex installation, libcloud needs the service_type : compute_name : Compute Service service_type : compute +To use identity v3 for authentication, specify the `domain` and `auth_version` + +.. code-block:: yaml + + my-openstack-config: + identity_url: 'http://control.openstack.example.org:5000/v3/auth/tokens' + auth_version: 3 + compute_name : Compute Service + compute_region: East + service_type : compute + tenant: tenant + domain: testing + user: daniel + password: securepassword + driver: openstack + Either a password or an API key must also be specified: @@ -256,6 +274,9 @@ def get_conn(): 'ex_tenant_name': config.get_cloud_config_value( 'tenant', vm_, __opts__, search_global=False ), + 'ex_domain_name': config.get_cloud_config_value( + 'domain', vm_, __opts__, default='Default', search_global=False + ), } service_type = config.get_cloud_config_value('service_type', @@ -288,7 +309,10 @@ def get_conn(): ) if password is not None: - authinfo['ex_force_auth_version'] = '2.0_password' + if config.get_cloud_config_value('auth_version', vm_, __opts__, search_global=False) == 3: + authinfo['ex_force_auth_version'] = '3.x_password' + else: + authinfo['ex_force_auth_version'] = '2.0_password' log.debug('OpenStack authenticating using password') if password == 'USE_KEYRING': # retrieve password from system keyring