Merge "Use public FQDN for OS_AUTH_URL in public-openrc.sh"

ansible/public-openrc.yml

@@ -8,9 +8,9 @@
     - public-openrc
   vars:
     public_api_proto: "{% if kolla_enable_tls_external | bool %}https{% else %}http{% endif %}"
-    public_api_vip_address: "{{ public_net_name | net_vip_address }}"
+    public_api_host: "{{ public_net_name | net_fqdn or public_net_name | net_vip_address }}"
     public_api_keystone_port: 5000
   roles:
     - role: public-openrc
       public_openrc_kolla_config_path: "{{ kolla_config_path }}"
-      public_openrc_auth_url: "{{ public_api_proto }}://{{ public_api_vip_address }}:{{ public_api_keystone_port }}"
+      public_openrc_auth_url: "{{ public_api_proto }}://{{ public_api_host }}:{{ public_api_keystone_port }}"

releasenotes/notes/use-public-fqdn-in-openrc-f7990958ceec817d.yaml

@@ -0,0 +1,8 @@
+---
+fixes:
+  - |
+    The ``public-openrc.sh`` file generated by Kayobe now uses the public
+    network FQDN for populating the OS_AUTH_URL variable instead of using the
+    public virtual IP address. If the FQDN variable is not set, the virtual IP
+    address remains used. This ensures better compatibility with TLS-enabled
+    deployments where certificates are generally tied to a hostname.