standalone/undercloud - post: use EndpointMap to fetch Keystone URL

Using EndpointMap to ensure we get the hostname/fqdn if possible
otherwise it fallbacks to the IP for Keystone public endpoint.

This is useful when the operator uses a certificate based on
hostname/fqdn and not an IP address.

Closes-Bug #1763776

(cherry picked from commit 016279b71e)
Depends-On: I1c222fce178e164432acbfaeda8695c3cf7a6e98 
Change-Id: Id8e1c6408ee6a322c61de90a52ab1eacaf0dba88

ci/common/vbmc_setup.yaml

@@ -3,6 +3,11 @@ heat_template_version: rocky
 parameters:
   servers:
     type: json
+  EndpointMap:
+    default: {}
+    description: Mapping of service endpoint -> protocol. Typically set
+                 via parameter_defaults in the resource registry.
+    type: json
 
 resources:
 

common/deploy-steps.j2

@@ -389,6 +389,7 @@ resources:
     type: OS::TripleO::NodeExtraConfigPost
     properties:
         servers: {get_param: [servers, {{role.name}}]}
+        EndpointMap: {get_param: EndpointMap}
 
   # The {{role.name}}PostConfig steps are in charge of
   # quiescing all services, i.e. in the Controller case,

extraconfig/post_deploy/default.yaml

@@ -3,3 +3,8 @@ description: 'Extra Post Deployment Config'
 parameters:
   servers:
     type: json
+  EndpointMap:
+    default: {}
+    description: Mapping of service endpoint -> protocol. Typically set
+                 via parameter_defaults in the resource registry.
+    type: json

extraconfig/post_deploy/standalone_post.yaml

@@ -17,17 +17,6 @@ parameters:
     type: string
     description: The password for the keystone admin account, used for monitoring, querying neutron etc.
     hidden: True
-  SSLCertificate:
-    description: >
-      The content of the SSL certificate (without Key) in PEM format.
-    type: string
-    default: ""
-    hidden: True
-  PublicSSLCertificateAutogenerated:
-    default: false
-    description: >
-      Whether the public SSL certificate was autogenerated or not.
-    type: boolean
   KeystoneRegion:
     type: string
     default: 'regionOne'
@@ -36,18 +25,11 @@ parameters:
     type: string
     default: 'standalone'
     description: Cloud name for the clouds.yaml
-
-conditions:
-
-  tls_enabled:
-    or:
-    - not:
-        equals:
-        - {get_param: SSLCertificate}
-        - ""
-    - equals:
-        - {get_param: PublicSSLCertificateAutogenerated}
-        - true
+  EndpointMap:
+    default: {}
+    description: Mapping of service endpoint -> protocol. Typically set
+                 via parameter_defaults in the resource registry.
+    type: json
 
 resources:
 
@@ -71,20 +53,7 @@ resources:
       config: {get_resource: StandalonePostConfig}
       input_values:
         admin_password: {get_param: AdminPassword}
-        # if SSL is enabled we use the public virtual ip as the stackrc endpoint
-        auth_url:
-          if:
-          - tls_enabled
-          - make_url:
-              scheme: https
-              host: {get_param: [DeployedServerPortMap, 'public_virtual_ip', fixed_ips, 0, ip_address]}
-              port: 13000
-              path: /
-          - make_url:
-              scheme: http
-              host: {get_param: [DeployedServerPortMap, 'control_virtual_ip', fixed_ips, 0, ip_address]}
-              port: 5000
-              path: /
+        auth_url: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix]}
         cloud_name: {get_param: StandaloneCloudName}
         homedir: {get_param: StandaloneHomeDir}
         region_name: {get_param: KeystoneRegion}

extraconfig/post_deploy/undercloud_post.yaml

@@ -71,6 +71,11 @@ parameters:
     type: number
     constraints:
       - range: { min: 1000, max: 65536 }
+  EndpointMap:
+    default: {}
+    description: Mapping of service endpoint -> protocol. Typically set
+                 via parameter_defaults in the resource registry.
+    type: json
 
 conditions:
 
@@ -124,20 +129,7 @@ resources:
           - ca_file_enabled
           - {get_param: InternalTLSCAFile}
           - ''
-        # if SSL is enabled we use the public virtual ip as the stackrc endpoint
-        auth_url:
-          if:
-          - tls_enabled
-          - make_url:
-              scheme: https
-              host: {get_param: [DeployedServerPortMap, 'public_virtual_ip', fixed_ips, 0, ip_address]}
-              port: 13000
-              path: /
-          - make_url:
-              scheme: http
-              host: {get_param: [DeployedServerPortMap, 'control_virtual_ip', fixed_ips, 0, ip_address]}
-              port: 5000
-              path: /
+        auth_url: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix]}
 
   UndercloudCtlplaneNetworkConfig:
     type: OS::Heat::SoftwareConfig
@@ -157,20 +149,7 @@ resources:
       config: {get_resource: UndercloudCtlplaneNetworkConfig}
       input_values:
         admin_password: {get_param: AdminPassword}
-        # if SSL is enabled we use the public virtual ip as the stackrc endpoint
-        auth_url:
-          if:
-          - tls_enabled
-          - make_url:
-              scheme: https
-              host: {get_param: [DeployedServerPortMap, 'public_virtual_ip', fixed_ips, 0, ip_address]}
-              port: 13000
-              path: /
-          - make_url:
-              scheme: http
-              host: {get_param: [DeployedServerPortMap, 'control_virtual_ip', fixed_ips, 0, ip_address]}
-              port: 5000
-              path: /
+        auth_url: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix]}
         config:
           str_replace:
             template: JSON

releasenotes/notes/endpointmap-8825fcd5fa5a2ba2.yaml

@@ -0,0 +1,7 @@
+---
+other:
+  - |
+    The EndpointMap parameter is now required by post_deploy templates.
+    So if an user overrides OS::TripleO::NodeExtraConfigPost with another
+    template, the template would need to have EndpointMap parameter to work
+    fine.