From b1cb14bb4afbed876de445bf759e5cd52e6fcc54 Mon Sep 17 00:00:00 2001 From: Olivier Bourdon Date: Fri, 7 Sep 2018 18:07:53 +0200 Subject: [PATCH] Add possibility to use proper public URLs for endpoints This fixes Ironic configuration when Keystone is enabled. Without this fix, provisioning of nodes will stop after waiting for further informations as IPA will be using default address (http://127.0.0.1:6585) because proper values are not present in Ironic database. Change-Id: I4c733dba8e65fe624c9de5b9c5722cef2df59109 --- .../bifrost-ironic-install/tasks/keystone_setup.yml | 7 ++++++- .../tasks/keystone_setup_inspector.yml | 7 ++++++- .../bifrost-keystone-install/tasks/bootstrap.yml | 7 ++++++- .../use_public_urls_endpoints-1220a7f4164696c3.yaml | 13 +++++++++++++ 4 files changed, 31 insertions(+), 3 deletions(-) create mode 100644 releasenotes/notes/use_public_urls_endpoints-1220a7f4164696c3.yaml diff --git a/playbooks/roles/bifrost-ironic-install/tasks/keystone_setup.yml b/playbooks/roles/bifrost-ironic-install/tasks/keystone_setup.yml index 9b0af5024..956036845 100644 --- a/playbooks/roles/bifrost-ironic-install/tasks/keystone_setup.yml +++ b/playbooks/roles/bifrost-ironic-install/tasks/keystone_setup.yml @@ -170,6 +170,11 @@ environment: "{{ bifrost_venv_env if enable_venv else {} }}" when: test_ironic_admin_endpoint.rc != 0 or test_ironic_admin_endpoint.stdout == '[]' +- name: "Setting external Ironic public URL" + set_fact: + ironic_public_url: "{{ ironic.keystone.public_url | default('http://127.0.0.1:6385/') | replace('127.0.0.1', hostvars[inventory_hostname]['ansible_' + ans_network_interface]['ipv4']['address']) }}" + when: use_public_urls | default(false) | bool + - name: "Create ironic public endpoint" command: | openstack @@ -179,7 +184,7 @@ --os-auth-url "{{ ironic.service_catalog.auth_url | default('http://127.0.0.1:5000/') }}" --os-project-name "{{ keystone.bootstrap.project_name | default('admin') }}" endpoint create --region "{{ keystone.bootstrap.region_name | default('RegionOne') }}" - baremetal public "{{ ironic.keystone.public_url | default('http://127.0.0.1:6385/') }}" + baremetal public "{{ ironic_public_url | default(ironic.keystone.public_url) | default('http://127.0.0.1:6385/') }}" no_log: true environment: "{{ bifrost_venv_env if enable_venv else {} }}" when: test_ironic_public_endpoint.rc != 0 or test_ironic_public_endpoint.stdout == '[]' diff --git a/playbooks/roles/bifrost-ironic-install/tasks/keystone_setup_inspector.yml b/playbooks/roles/bifrost-ironic-install/tasks/keystone_setup_inspector.yml index e58a85388..f94b04567 100644 --- a/playbooks/roles/bifrost-ironic-install/tasks/keystone_setup_inspector.yml +++ b/playbooks/roles/bifrost-ironic-install/tasks/keystone_setup_inspector.yml @@ -148,6 +148,11 @@ environment: "{{ bifrost_venv_env if enable_venv else {} }}" when: test_ironic_inspector_admin_endpoint.rc != 0 or test_ironic_inspector_admin_endpoint.stdout == '[]' +- name: "Setting external ironic-inspector public URL" + set_fact: + ironic_inspector_public_url: "{{ ironic_inspector.keystone.public_url | default('http://127.0.0.1:5050/') | replace('127.0.0.1', hostvars[inventory_hostname]['ansible_' + ans_network_interface]['ipv4']['address']) }}" + when: use_public_urls | default(false) | bool + # NOTE(TheJulia): This seems like something that should be # to admin or internal interfaces. Perhaps we should attempt # remove it after we have a working keystone integrated CI job. @@ -160,7 +165,7 @@ --os-auth-url "{{ ironic.service_catalog.auth_url | default('http://127.0.0.1:5000/') }}" --os-project-name admin endpoint create --region "{{ keystone.bootstrap.region_name | default('RegionOne') }}" - baremetal-introspection public "{{ ironic_inspector.keystone.public_url | default('http://127.0.0.1:5050/') }}" + baremetal-introspection public "{{ ironic_inspector_public_url | default(ironic_inspector.keystone.public_url) | default('http://127.0.0.1:5050/') }}" no_log: true environment: "{{ bifrost_venv_env if enable_venv else {} }}" when: test_ironic_inspector_public_endpoint.rc != 0 or test_ironic_inspector_public_endpoint.stdout == '[]' diff --git a/playbooks/roles/bifrost-keystone-install/tasks/bootstrap.yml b/playbooks/roles/bifrost-keystone-install/tasks/bootstrap.yml index 50228dee0..d186a7812 100644 --- a/playbooks/roles/bifrost-keystone-install/tasks/bootstrap.yml +++ b/playbooks/roles/bifrost-keystone-install/tasks/bootstrap.yml @@ -161,6 +161,11 @@ --keystone-user="{{ nginx_user }}" --keystone-group="{{ nginx_user }}" environment: "{{ bifrost_venv_env if enable_venv else {} }}" +- name: "Setting external Keystone public URL" + set_fact: + keystone_public_url: "{{ keystone.bootstrap.public_url | replace('127.0.0.1', hostvars[inventory_hostname]['ansible_' + ans_network_interface]['ipv4']['address']) }}" + when: use_public_urls | default(false) | bool + - name: "Bootstrap Keystone Database" command: > keystone-manage bootstrap @@ -169,7 +174,7 @@ --bootstrap-project-name="{{ keystone.bootstrap.project_name }}" --bootstrap-service-name="keystone" --bootstrap-admin-url="{{ keystone.bootstrap.admin_url }}" - --bootstrap-public-url="{{ keystone.bootstrap.public_url }}" + --bootstrap-public-url="{{ keystone_public_url | default(keystone.bootstrap.public_url) }}" --bootstrap-internal-url="{{ keystone.bootstrap.internal_url }}" --bootstrap-region-id="{{ keystone.bootstrap.region_name }}" environment: "{{ bifrost_venv_env if enable_venv else {} }}" diff --git a/releasenotes/notes/use_public_urls_endpoints-1220a7f4164696c3.yaml b/releasenotes/notes/use_public_urls_endpoints-1220a7f4164696c3.yaml new file mode 100644 index 000000000..531c26ba0 --- /dev/null +++ b/releasenotes/notes/use_public_urls_endpoints-1220a7f4164696c3.yaml @@ -0,0 +1,13 @@ +--- +features: + - | + By adding extra boolean variable ``-e use_public_urls=true`` + Bifrost, if used with Keystone enabled, will configure + public services endpoints (for Keystone, Ironic and Ironic + Inspector) to contain the public IP address of the node + where Bifrost is running in replacement of the default + values which are set to point to localhost. + + The default behaviour is kept unchanged, which means that + services public endpoints will contain references to + localhost aka 127.0.0.1.