x
/
fuel-plugin-detach-keystone
Code Issues Proposed changes

Point haproxy on controllers to service_endpoint vip for keystone 

Keystone on controllers are used to proxy traffic to public_vip
so that public SSL works. Now traffic will proxy to haproxy on
separate-keystone HAProxy and then to keystone backed by apache.

This change enables a deployer to remove any given keystone node,
but keep HAproxy reporting as UP because plugins cannot trigger
controller redeploy.

Change-Id: If54c7d4f9cf069fc932b354ce6f263d5a87b3969
Partial-Bug: #1544023
This commit is contained in:
Matthew Mosesohn 2016-02-24 12:23:10 +03:00
parent 4dc2277164
commit a4f1373010
1 changed files with 5 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
deployment_scripts/keystone-controller.pp
View File

@ -20,19 +20,16 @@ $ssl_hash = hiera_hash('use_ssl', {})
$public_ssl = get_ssl_property($ssl_hash, $public_ssl_hash, 'keystone', 'public', 'usage', false)
$public_ssl_path = get_ssl_property($ssl_hash, $public_ssl_hash, 'keystone', 'public', 'path', [''])
#todo(sv): change to 'keystone' as soon as keystone as node-role was ready
$keystones_address_map = get_node_to_ipaddr_map_by_network_role(get_nodes_hash_by_roles($network_metadata, ['primary-standalone-keystone', 'standalone-keystone']), 'keystone/api')
$public_protocol = get_ssl_property($ssl_hash, $public_ssl_hash, 'keystone', 'public', 'protocol', 'http')
$public_address = get_ssl_property($ssl_hash, $public_ssl_hash, 'keystone', 'public', 'hostname', [$public_vip])
$public_port = '5000'
$internal_protocol = get_ssl_property($ssl_hash, {}, 'keystone', 'internal', 'protocol', 'http')
$internal_address = get_ssl_property($ssl_hash, {}, 'keystone', 'internal', 'hostname', [$service_endpoint, $management_vip])
$internal_address = get_ssl_property($ssl_hash, {}, 'keystone', 'internal', 'hostname', [$management_vip])
$internal_port = '5000'
$admin_protocol = get_ssl_property($ssl_hash, {}, 'keystone', 'admin', 'protocol', 'http')
$admin_address = get_ssl_property($ssl_hash, {}, 'keystone', 'admin', 'hostname', [$service_endpoint, $management_vip])
$admin_address = get_ssl_property($ssl_hash, {}, 'keystone', 'admin', 'hostname', [$management_vip])
$admin_port = '35357'
$public_url = "${public_protocol}://${public_address}:${public_port}"
@ -59,10 +56,9 @@ class { 'openstack::auth_file':
}
# Enable keystone HAProxy on controller so public VIP can be used
$server_names = pick(hiera_array('keystone_names', undef),
keys($keystones_address_map))
$ipaddresses = pick(hiera_array('keystone_ipaddresses', undef),
values($keystones_address_map))
$server_names = [$service_endpoint]
$ipaddresses = [$service_endpoint]
# configure keystone ha proxy
class { '::openstack::ha::keystone':
internal_virtual_ip => $management_vip,