From c16309270ca67104ae32fe6bafc2ae70b3f80970 Mon Sep 17 00:00:00 2001 From: Samuel Cassiba Date: Tue, 12 Jun 2018 21:55:40 -0700 Subject: [PATCH] Simplify identity endpoint Per the Keystone Install Guide[1] the admin endpoint is superseded in favor of a single public endpoint. Although internal goes through the same instance, we should differentiate for project traffic and OpenStack service traffic. [1] https://docs.openstack.org/keystone/queens/install/keystone-install-ubuntu.html#install-and-configure-components Depends-On: Id74966d9f1279f725bc41c08e434230a7845bbc1 Change-Id: I1adb3066c83aaffe8b22f2f2553f634483371974 Implements: blueprint simplify-identity-endpoint --- recipes/common.rb | 9 +++------ recipes/identity_registration.rb | 5 ++--- recipes/neutron_int.rb | 3 +-- 3 files changed, 6 insertions(+), 11 deletions(-) diff --git a/recipes/common.rb b/recipes/common.rb index ead8a33..77876a8 100644 --- a/recipes/common.rb +++ b/recipes/common.rb @@ -67,20 +67,17 @@ end db_user = node['openstack']['db']['dns']['username'] db_pass = get_password 'db', 'designate' -public_identity_endpoint = identity_uri_transform(public_endpoint('identity')) -identity_endpoint = internal_endpoint 'identity' - bind_services = node['openstack']['bind_service']['all'] api_bind = bind_services['dns-api'] -auth_url = auth_uri_transform identity_endpoint.to_s, node['openstack']['dns']['api']['auth']['version'] +identity_endpoint = internal_endpoint 'identity' # define attributes that are needed in designate.conf node.default['openstack']['dns']['conf'].tap do |conf| conf['service:api']['api_host'] = bind_address api_bind conf['service:api']['api_port'] = api_bind['port'] - conf['keystone_authtoken']['auth_uri'] = public_identity_endpoint - conf['keystone_authtoken']['auth_url'] = auth_url + conf['keystone_authtoken']['auth_url'] = identity_endpoint.to_s + conf['keystone_authtoken']['www_authenticate_uri'] = identity_endpoint.to_s end # define secrets that are needed in designate.conf diff --git a/recipes/identity_registration.rb b/recipes/identity_registration.rb index 71c45ea..84800c9 100644 --- a/recipes/identity_registration.rb +++ b/recipes/identity_registration.rb @@ -24,9 +24,8 @@ class ::Chef::Recipe include ::Openstack end -identity_admin_endpoint = admin_endpoint 'identity' - -auth_url = ::URI.decode identity_admin_endpoint.to_s +identity_endpoint = internal_endpoint 'identity' +auth_url = ::URI.decode identity_endpoint.to_s internal_designate_endpoint = internal_endpoint 'dns-api' public_designate_endpoint = public_endpoint 'dns-api' diff --git a/recipes/neutron_int.rb b/recipes/neutron_int.rb index 015417d..0678539 100644 --- a/recipes/neutron_int.rb +++ b/recipes/neutron_int.rb @@ -23,11 +23,10 @@ class ::Chef::Recipe end dns_endpoint = internal_endpoint 'dns-api' -# TODO(jh): Make this more intelligent dns_url = dns_endpoint.to_s + '/v2' identity_endpoint = internal_endpoint 'identity' -auth_url = auth_uri_transform identity_endpoint.to_s, node['openstack']['dns']['api']['auth']['version'] +auth_url = ::URI.decode identity_endpoint.to_s node.default['openstack']['network']['conf'].tap do |conf| conf['DEFAULT']['external_dns_driver'] = 'designate'