Merge "Allow customization of internal endpoints IP address"

2018-10-05 12:44:47 +00:00 · 2018-10-05 12:44:47 +00:00 · a038576a68
parent af7cd68b7b a13a599feb
commit a038576a68
4 changed files with 30 additions and 3 deletions
--- a/playbooks/roles/bifrost-ironic-install/tasks/keystone_setup.yml
+++ b/playbooks/roles/bifrost-ironic-install/tasks/keystone_setup.yml
@ -187,6 +187,11 @@
  environment: "{{ bifrost_venv_env if enable_venv else {} }}"
  when: test_ironic_public_endpoint.rc != 0 or test_ironic_public_endpoint.stdout == '[]'

+- name: "Setting internal Ironic URL"
+  set_fact:
+    ironic_private_url: "{{ ironic.keystone.internal_url | default('http://127.0.0.1:6385/') | replace('127.0.0.1', private_ip) }}"
+  when: private_ip is defined and private_ip | length > 0
+
 - name: "Create ironic internal endpoint"
  command: |
    openstack
@ -196,7 +201,7 @@
    --os-auth-url "{{ ironic.service_catalog.auth_url | default('http://127.0.0.1:5000/') }}"
    --os-project-name "{{ keystone.bootstrap.project_name | default('admin') }}"
    endpoint create --region "{{ keystone.bootstrap.region_name | default('RegionOne') }}"
-    baremetal internal "{{ ironic.keystone.internal_url | default('http://127.0.0.1:6385/') }}"
+    baremetal internal "{{ ironic_private_url | default(ironic.keystone.internal_url) | default('http://127.0.0.1:6385/') }}"
  no_log: true
  environment: "{{ bifrost_venv_env if enable_venv else {} }}"
  when: test_ironic_internal_endpoint.rc != 0 or test_ironic_internal_endpoint.stdout == '[]'
--- a/playbooks/roles/bifrost-ironic-install/tasks/keystone_setup_inspector.yml
+++ b/playbooks/roles/bifrost-ironic-install/tasks/keystone_setup_inspector.yml
@ -169,6 +169,11 @@
  environment: "{{ bifrost_venv_env if enable_venv else {} }}"
  when: test_ironic_inspector_public_endpoint.rc != 0 or test_ironic_inspector_public_endpoint.stdout == '[]'

+- name: "Setting internal ironic-inspector URL"
+  set_fact:
+    ironic_inspector_private_url: "{{ ironic_inspector.keystone.internal_url | default('http://127.0.0.1:5050/') | replace('127.0.0.1', private_ip) }}"
+  when: private_ip is defined and private_ip | length > 0
+
 - name: "Create ironic-inspector internal endpoint"
  command: |
    openstack
@ -178,7 +183,7 @@
    --os-auth-url "{{ ironic.service_catalog.auth_url | default('http://127.0.0.1:5000/') }}"
    --os-project-name admin
    endpoint create --region "{{ keystone.bootstrap.region_name | default('RegionOne') }}"
-    baremetal-introspection internal "{{ ironic_inspector.keystone.internal_url | default('http://127.0.0.1:5050/') }}"
+    baremetal-introspection internal "{{ ironic_inspector_private_url | default(ironic_inspector.keystone.internal_url) | default('http://127.0.0.1:5050/') }}"
  no_log: true
  environment: "{{ bifrost_venv_env if enable_venv else {} }}"
  when: test_ironic_inspector_internal_endpoint.rc != 0 or test_ironic_inspector_internal_endpoint.stdout == '[]'
--- a/playbooks/roles/bifrost-keystone-install/tasks/bootstrap.yml
+++ b/playbooks/roles/bifrost-keystone-install/tasks/bootstrap.yml
@ -166,6 +166,11 @@
    keystone_public_url: "{{ keystone.bootstrap.public_url | replace('127.0.0.1', hostvars[inventory_hostname]['ansible_' + ans_network_interface]['ipv4']['address']) }}"
  when: use_public_urls | default(false) | bool

+- name: "Setting internal Keystone URL"
+  set_fact:
+    keystone_private_url: "{{ keystone.bootstrap.internal_url | replace('127.0.0.1', private_ip) }}"
+  when: private_ip is defined and private_ip | length > 0
+
 - name: "Bootstrap Keystone Database"
  command: >
    keystone-manage bootstrap
@ -175,7 +180,7 @@
    --bootstrap-service-name="keystone"
    --bootstrap-admin-url="{{ keystone.bootstrap.admin_url }}"
    --bootstrap-public-url="{{ keystone_public_url | default(keystone.bootstrap.public_url) }}"
-    --bootstrap-internal-url="{{ keystone.bootstrap.internal_url }}"
+    --bootstrap-internal-url="{{ keystone_private_url | default(keystone.bootstrap.internal_url) }}"
    --bootstrap-region-id="{{ keystone.bootstrap.region_name }}"
  environment: "{{ bifrost_venv_env if enable_venv else {} }}"
  when: >
--- a/releasenotes/notes/allow-custom-private-endpoints-ip-b4f29647569a15ce.yaml
+++ b/releasenotes/notes/allow-custom-private-endpoints-ip-b4f29647569a15ce.yaml
@ -0,0 +1,12 @@
+---
+features:
+  - |
+    By adding extra string variable ``-e private_ip=8.8.8.8``
+    Bifrost, if used with Keystone enabled, will configure
+    private/internal services endpoints (for Keystone, Ironic and Ironic
+    Inspector) to contain this private IP address in replacement
+    of the default values which are set to point to localhost.
+
+    The default behaviour is kept unchanged, which means that
+    services private endpoints will contain references to
+    localhost aka 127.0.0.1.