Fix keystone auth_uri and auth_url

Post [1] we cannot use auth_uri/auth_url containing :5000, :35357.

Update keystone auth_uri and auth_url in magnum.conf to connect
with keystone using /identity/v3 and /identity_admin/v3.

[1] https://review.openstack.org/#/c/456344/

Change-Id: I5d69e7454cf8a5e8c92ff23b6c932184d82e8a98

devstack: Allow access to ports 80 and 443

So far, we were allowing access to port 5000 for keystone.
When devstack siwtched to uwsgi we couldn't access keystone
anymore.

Co-Authored-By: Spyros Trigazis <strigazi@gmail.com>
Change-Id: I4d3d482889fd9f6119ceec81757abac9d1251a97
(cherry picked from commit 530d225fcd)
This commit is contained in:
yatin 2017-04-21 10:04:03 +05:30 committed by Kevin Lefevre
parent 1a685113d8
commit 1881152217
2 changed files with 8 additions and 5 deletions

View File

@ -150,9 +150,9 @@ function create_magnum_conf {
configure_auth_token_middleware $MAGNUM_CONF magnum $MAGNUM_AUTH_CACHE_DIR
iniset $MAGNUM_CONF keystone_auth auth_url $KEYSTONE_SERVICE_URI/v3
iniset $MAGNUM_CONF keystone_authtoken auth_uri \
${KEYSTONE_SERVICE_PROTOCOL}://${HOST_IP}:${KEYSTONE_SERVICE_PORT}/v3
iniset $MAGNUM_CONF keystone_auth auth_url $KEYSTONE_AUTH_URI_V3
iniset $MAGNUM_CONF keystone_authtoken auth_uri $KEYSTONE_SERVICE_URI_V3
iniset $MAGNUM_CONF keystone_authtoken auth_url $KEYSTONE_AUTH_URI_V3
iniset $MAGNUM_CONF keystone_authtoken auth_version v3
if is_fedora || is_suse; then
@ -330,7 +330,9 @@ function configure_iptables {
sudo iptables -t nat -A POSTROUTING -o $OBOUND_DEV -j MASQUERADE
# bay nodes will access magnum-api (port $MAGNUM_SERVICE_PORT) to get CA certificate.
sudo iptables -I INPUT -d $HOST_IP -p tcp --dport $MAGNUM_SERVICE_PORT -j ACCEPT || true
sudo iptables -I INPUT -d $HOST_IP -p tcp --dport $KEYSTONE_SERVICE_PORT -j ACCEPT || true
# allow access to keystone etc (http and https)
sudo iptables -I INPUT -d $HOST_IP -p tcp --dport 80 -j ACCEPT || true
sudo iptables -I INPUT -d $HOST_IP -p tcp --dport 443 -j ACCEPT || true
fi
}

View File

@ -69,6 +69,7 @@ function create_test_data {
local magnum_api_ip=$(iniget /etc/magnum/magnum.conf api host)
local magnum_api_port=$(iniget /etc/magnum/magnum.conf api port)
local magnum_url="http://"$magnum_api_ip":"$magnum_api_port"/v1"
local keystone_auth_url=$(iniget /etc/magnum/magnum.conf keystone_authtoken auth_uri)
# pass the appropriate variables via a config file
CREDS_FILE=$MAGNUM_DIR/functional_creds.conf
@ -76,7 +77,7 @@ function create_test_data {
# Credentials for functional testing
[auth]
auth_url = $OS_AUTH_URL
auth_url = $keystone_auth_url
magnum_url = $magnum_url
username = $OS_USERNAME
project_name = $OS_PROJECT_NAME