Use public FQDN for OS_AUTH_URL in public-openrc.sh

If a public FQDN is defined, use it instead of the virtual IP address. When using TLS, certificates are generally tied to a hostname rather than to an IP address. Change-Id: I0afef32a0f4030bba613febdf266e2ccd863512d
2018-12-10 10:18:57 +00:00 · 2018-12-10 10:18:57 +00:00 · c6764f557f
parent 4244a8d7a6
commit c6764f557f
2 changed files with 10 additions and 2 deletions
--- a/ansible/public-openrc.yml
+++ b/ansible/public-openrc.yml
@ -8,9 +8,9 @@
    - public-openrc
  vars:
    public_api_proto: "{% if kolla_enable_tls_external | bool %}https{% else %}http{% endif %}"
-    public_api_vip_address: "{{ public_net_name | net_vip_address }}"
+    public_api_host: "{{ public_net_name | net_fqdn or public_net_name | net_vip_address }}"
    public_api_keystone_port: 5000
  roles:
    - role: public-openrc
      public_openrc_kolla_config_path: "{{ kolla_config_path }}"
-      public_openrc_auth_url: "{{ public_api_proto }}://{{ public_api_vip_address }}:{{ public_api_keystone_port }}"
+      public_openrc_auth_url: "{{ public_api_proto }}://{{ public_api_host }}:{{ public_api_keystone_port }}"
--- a/releasenotes/notes/use-public-fqdn-in-openrc-f7990958ceec817d.yaml
+++ b/releasenotes/notes/use-public-fqdn-in-openrc-f7990958ceec817d.yaml
@ -0,0 +1,8 @@
+---
+fixes:
+  - |
+    The ``public-openrc.sh`` file generated by Kayobe now uses the public
+    network FQDN for populating the OS_AUTH_URL variable instead of using the
+    public virtual IP address. If the FQDN variable is not set, the virtual IP
+    address remains used. This ensures better compatibility with TLS-enabled
+    deployments where certificates are generally tied to a hostname.