8c436038e3
To the best of my knowledge, the [nova] section in cinder.conf is only ever used if the Cinder scheduler is acting as a Nova client when the operator has enabled the InstanceLocalityFilter. Per https://docs.openstack.org/cinder/latest/configuration/block-storage/samples/cinder.conf.html, Cinder defaults to using the public Nova endpoint when using the Nova API. This is contrary to OSA precedent, where services normally use internal endpoints for service-to-service API requests. When enabling the InstanceLocalityFilter in combination with Cinder talking to the public Nova endpoint, this can create a very confusing situation, particularly in pre-production clusters: if the public endpoint has a self-signed SSL certificate, and Cinder is not explicitly configured not to verify certificates, then this creates a whole load of connection errors. Thus, in order to follow POLA, configure the [nova] section to use the internal endpoint, and (in case the internal endpoint does use HTTPS) honor the keystone_service_internaluri_insecure setting, as for other services. Change-Id: Ie31a7e2917a188027db49ac51e6a77ee39a9abf0 |
||
---|---|---|
defaults | ||
doc | ||
examples | ||
handlers | ||
meta | ||
releasenotes | ||
tasks | ||
templates | ||
tests | ||
vars | ||
zuul.d | ||
.gitignore | ||
.gitreview | ||
CONTRIBUTING.rst | ||
LICENSE | ||
README.rst | ||
Vagrantfile | ||
bindep.txt | ||
manual-test.rc | ||
run_tests.sh | ||
setup.cfg | ||
setup.py | ||
tox.ini |
README.rst
Team and repository tags
OpenStack-Ansible cinder
This Ansible role installs and configures OpenStack cinder.
- Documentation for the project can be found at:
-
https://docs.openstack.org/openstack-ansible-os_cinder/latest/
- Release notes for the project can be found at:
-
https://docs.openstack.org/releasenotes/openstack-ansible-os_cinder
- The project source code repository is located at:
-
https://git.openstack.org/cgit/openstack/openstack-ansible-os_cinder
- The project home is at:
- The project bug tracker is located at: