standalone/undercloud - post: use EndpointMap to fetch Keystone URL
Using EndpointMap to ensure we get the hostname/fqdn if possible
otherwise it fallbacks to the IP for Keystone public endpoint.
This is useful when the operator uses a certificate based on
hostname/fqdn and not an IP address.
Closes-Bug #1763776
(cherry picked from commit 016279b71e
)
Depends-On: I1c222fce178e164432acbfaeda8695c3cf7a6e98
Change-Id: Id8e1c6408ee6a322c61de90a52ab1eacaf0dba88
This commit is contained in:
parent
b2f89aeca3
commit
74fd3fe5b9
|
@ -3,6 +3,11 @@ heat_template_version: rocky
|
|||
parameters:
|
||||
servers:
|
||||
type: json
|
||||
EndpointMap:
|
||||
default: {}
|
||||
description: Mapping of service endpoint -> protocol. Typically set
|
||||
via parameter_defaults in the resource registry.
|
||||
type: json
|
||||
|
||||
resources:
|
||||
|
||||
|
|
|
@ -389,6 +389,7 @@ resources:
|
|||
type: OS::TripleO::NodeExtraConfigPost
|
||||
properties:
|
||||
servers: {get_param: [servers, {{role.name}}]}
|
||||
EndpointMap: {get_param: EndpointMap}
|
||||
|
||||
# The {{role.name}}PostConfig steps are in charge of
|
||||
# quiescing all services, i.e. in the Controller case,
|
||||
|
|
|
@ -3,3 +3,8 @@ description: 'Extra Post Deployment Config'
|
|||
parameters:
|
||||
servers:
|
||||
type: json
|
||||
EndpointMap:
|
||||
default: {}
|
||||
description: Mapping of service endpoint -> protocol. Typically set
|
||||
via parameter_defaults in the resource registry.
|
||||
type: json
|
||||
|
|
|
@ -17,17 +17,6 @@ parameters:
|
|||
type: string
|
||||
description: The password for the keystone admin account, used for monitoring, querying neutron etc.
|
||||
hidden: True
|
||||
SSLCertificate:
|
||||
description: >
|
||||
The content of the SSL certificate (without Key) in PEM format.
|
||||
type: string
|
||||
default: ""
|
||||
hidden: True
|
||||
PublicSSLCertificateAutogenerated:
|
||||
default: false
|
||||
description: >
|
||||
Whether the public SSL certificate was autogenerated or not.
|
||||
type: boolean
|
||||
KeystoneRegion:
|
||||
type: string
|
||||
default: 'regionOne'
|
||||
|
@ -36,18 +25,11 @@ parameters:
|
|||
type: string
|
||||
default: 'standalone'
|
||||
description: Cloud name for the clouds.yaml
|
||||
|
||||
conditions:
|
||||
|
||||
tls_enabled:
|
||||
or:
|
||||
- not:
|
||||
equals:
|
||||
- {get_param: SSLCertificate}
|
||||
- ""
|
||||
- equals:
|
||||
- {get_param: PublicSSLCertificateAutogenerated}
|
||||
- true
|
||||
EndpointMap:
|
||||
default: {}
|
||||
description: Mapping of service endpoint -> protocol. Typically set
|
||||
via parameter_defaults in the resource registry.
|
||||
type: json
|
||||
|
||||
resources:
|
||||
|
||||
|
@ -71,20 +53,7 @@ resources:
|
|||
config: {get_resource: StandalonePostConfig}
|
||||
input_values:
|
||||
admin_password: {get_param: AdminPassword}
|
||||
# if SSL is enabled we use the public virtual ip as the stackrc endpoint
|
||||
auth_url:
|
||||
if:
|
||||
- tls_enabled
|
||||
- make_url:
|
||||
scheme: https
|
||||
host: {get_param: [DeployedServerPortMap, 'public_virtual_ip', fixed_ips, 0, ip_address]}
|
||||
port: 13000
|
||||
path: /
|
||||
- make_url:
|
||||
scheme: http
|
||||
host: {get_param: [DeployedServerPortMap, 'control_virtual_ip', fixed_ips, 0, ip_address]}
|
||||
port: 5000
|
||||
path: /
|
||||
auth_url: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix]}
|
||||
cloud_name: {get_param: StandaloneCloudName}
|
||||
homedir: {get_param: StandaloneHomeDir}
|
||||
region_name: {get_param: KeystoneRegion}
|
||||
|
|
|
@ -71,6 +71,11 @@ parameters:
|
|||
type: number
|
||||
constraints:
|
||||
- range: { min: 1000, max: 65536 }
|
||||
EndpointMap:
|
||||
default: {}
|
||||
description: Mapping of service endpoint -> protocol. Typically set
|
||||
via parameter_defaults in the resource registry.
|
||||
type: json
|
||||
|
||||
conditions:
|
||||
|
||||
|
@ -124,20 +129,7 @@ resources:
|
|||
- ca_file_enabled
|
||||
- {get_param: InternalTLSCAFile}
|
||||
- ''
|
||||
# if SSL is enabled we use the public virtual ip as the stackrc endpoint
|
||||
auth_url:
|
||||
if:
|
||||
- tls_enabled
|
||||
- make_url:
|
||||
scheme: https
|
||||
host: {get_param: [DeployedServerPortMap, 'public_virtual_ip', fixed_ips, 0, ip_address]}
|
||||
port: 13000
|
||||
path: /
|
||||
- make_url:
|
||||
scheme: http
|
||||
host: {get_param: [DeployedServerPortMap, 'control_virtual_ip', fixed_ips, 0, ip_address]}
|
||||
port: 5000
|
||||
path: /
|
||||
auth_url: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix]}
|
||||
|
||||
UndercloudCtlplaneNetworkConfig:
|
||||
type: OS::Heat::SoftwareConfig
|
||||
|
@ -157,20 +149,7 @@ resources:
|
|||
config: {get_resource: UndercloudCtlplaneNetworkConfig}
|
||||
input_values:
|
||||
admin_password: {get_param: AdminPassword}
|
||||
# if SSL is enabled we use the public virtual ip as the stackrc endpoint
|
||||
auth_url:
|
||||
if:
|
||||
- tls_enabled
|
||||
- make_url:
|
||||
scheme: https
|
||||
host: {get_param: [DeployedServerPortMap, 'public_virtual_ip', fixed_ips, 0, ip_address]}
|
||||
port: 13000
|
||||
path: /
|
||||
- make_url:
|
||||
scheme: http
|
||||
host: {get_param: [DeployedServerPortMap, 'control_virtual_ip', fixed_ips, 0, ip_address]}
|
||||
port: 5000
|
||||
path: /
|
||||
auth_url: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix]}
|
||||
config:
|
||||
str_replace:
|
||||
template: JSON
|
||||
|
|
|
@ -0,0 +1,7 @@
|
|||
---
|
||||
other:
|
||||
- |
|
||||
The EndpointMap parameter is now required by post_deploy templates.
|
||||
So if an user overrides OS::TripleO::NodeExtraConfigPost with another
|
||||
template, the template would need to have EndpointMap parameter to work
|
||||
fine.
|
Loading…
Reference in New Issue