Update git submodules
* Update openstack-ansible-os_cinder from branch 'master' - Merge "cinder.conf: add [nova] section, override interface defaults" - cinder.conf: add [nova] section, override interface defaults To the best of my knowledge, the [nova] section in cinder.conf is only ever used if the Cinder scheduler is acting as a Nova client when the operator has enabled the InstanceLocalityFilter. Per https://docs.openstack.org/cinder/latest/configuration/block-storage/samples/cinder.conf.html, Cinder defaults to using the public Nova endpoint when using the Nova API. This is contrary to OSA precedent, where services normally use internal endpoints for service-to-service API requests. When enabling the InstanceLocalityFilter in combination with Cinder talking to the public Nova endpoint, this can create a very confusing situation, particularly in pre-production clusters: if the public endpoint has a self-signed SSL certificate, and Cinder is not explicitly configured not to verify certificates, then this creates a whole load of connection errors. Thus, in order to follow POLA, configure the [nova] section to use the internal endpoint, and (in case the internal endpoint does use HTTPS) honor the keystone_service_internaluri_insecure setting, as for other services. Change-Id: Ie31a7e2917a188027db49ac51e6a77ee39a9abf0
This commit is contained in:
parent
e5d31436f4
commit
5a19d99707
|
@ -1 +1 @@
|
|||
Subproject commit 07ffe5cd792ff901413297c19c2efe4954f92419
|
||||
Subproject commit 75f28d087a6d8a1bd7fa60a898902c54499e1f12
|
Loading…
Reference in New Issue