Enable haproxy for keystone on controller if SSL enabled
There is only 1 DNS entry created on the public network, so the public VIP must serve keystone for SSL enabled deployment. (Recommit with fix of Change-Id: Iaaba02f55e2501b3e8b45b3b330d05f7b007af03 ) Change-Id: I37cbe436a6f0c19014259f4c9fb8b75efcf18450 Closes-Bug: #1484465
This commit is contained in:
parent
989683f1f3
commit
55f6321e42
|
@ -1,5 +1,6 @@
|
|||
notice('MODULAR: detach-keystone/controller-keystone.pp')
|
||||
|
||||
$network_metadata = hiera('network_metadata')
|
||||
$access_hash = hiera_hash('access',{})
|
||||
$service_endpoint = hiera('service_endpoint')
|
||||
|
||||
|
@ -9,6 +10,12 @@ $admin_user = $access_hash['user']
|
|||
$admin_password = $access_hash['password']
|
||||
$region = hiera('region', 'RegionOne')
|
||||
|
||||
$keystone_hash = hiera_hash('keystone', {})
|
||||
# enabled by default
|
||||
$public_ssl_hash = hiera('public_ssl')
|
||||
#todo(sv): change to 'keystone' as soon as keystone as node-role was ready
|
||||
$keystones_address_map = get_node_to_ipaddr_map_by_network_role(get_nodes_hash_by_roles($network_metadata, ['primary-standalone-keystone', 'standalone-keystone']), 'keystone/api')
|
||||
|
||||
$murano_settings_hash = hiera('murano_settings', {})
|
||||
if has_key($murano_settings_hash, 'murano_repo_url') {
|
||||
$murano_repo_url = $murano_settings_hash['murano_repo_url']
|
||||
|
@ -25,3 +32,24 @@ class { 'openstack::auth_file':
|
|||
murano_repo_url => $murano_repo_url,
|
||||
}
|
||||
|
||||
# Enable keystone on public VIP only if SSL for services is enabled
|
||||
if ($public_ssl_hash['services']) {
|
||||
$server_names = pick(hiera_array('keystone_names', undef),
|
||||
keys($keystones_address_map))
|
||||
$ipaddresses = pick(hiera_array('keystone_ipaddresses', undef),
|
||||
values($keystones_address_map))
|
||||
$public_virtual_ip = hiera('public_vip')
|
||||
$internal_virtual_ip = hiera('management_vip')
|
||||
# configure keystone ha proxy
|
||||
class { '::openstack::ha::keystone':
|
||||
internal_virtual_ip => $internal_virtual_ip,
|
||||
ipaddresses => $ipaddresses,
|
||||
public_virtual_ip => $public_virtual_ip,
|
||||
server_names => $server_names,
|
||||
public_ssl => $public_ssl_hash['services'],
|
||||
}
|
||||
Package['socat'] -> Class['openstack::ha::keystone']
|
||||
package { 'socat':
|
||||
ensure => 'present',
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue