Simplify identity endpoint
Per the Keystone Install Guide[1] the admin endpoint is superseded in favor of a single public endpoint. Although internal goes through the same instance, we should differentiate for project traffic and OpenStack service traffic. [1] https://docs.openstack.org/keystone/queens/install/keystone-install-ubuntu.html#install-and-configure-components Depends-On: Id74966d9f1279f725bc41c08e434230a7845bbc1 Change-Id: I1adb3066c83aaffe8b22f2f2553f634483371974 Implements: blueprint simplify-identity-endpoint
This commit is contained in:
parent
a85aea3845
commit
c16309270c
|
@ -67,20 +67,17 @@ end
|
|||
db_user = node['openstack']['db']['dns']['username']
|
||||
db_pass = get_password 'db', 'designate'
|
||||
|
||||
public_identity_endpoint = identity_uri_transform(public_endpoint('identity'))
|
||||
identity_endpoint = internal_endpoint 'identity'
|
||||
|
||||
bind_services = node['openstack']['bind_service']['all']
|
||||
api_bind = bind_services['dns-api']
|
||||
|
||||
auth_url = auth_uri_transform identity_endpoint.to_s, node['openstack']['dns']['api']['auth']['version']
|
||||
identity_endpoint = internal_endpoint 'identity'
|
||||
|
||||
# define attributes that are needed in designate.conf
|
||||
node.default['openstack']['dns']['conf'].tap do |conf|
|
||||
conf['service:api']['api_host'] = bind_address api_bind
|
||||
conf['service:api']['api_port'] = api_bind['port']
|
||||
conf['keystone_authtoken']['auth_uri'] = public_identity_endpoint
|
||||
conf['keystone_authtoken']['auth_url'] = auth_url
|
||||
conf['keystone_authtoken']['auth_url'] = identity_endpoint.to_s
|
||||
conf['keystone_authtoken']['www_authenticate_uri'] = identity_endpoint.to_s
|
||||
end
|
||||
|
||||
# define secrets that are needed in designate.conf
|
||||
|
|
|
@ -24,9 +24,8 @@ class ::Chef::Recipe
|
|||
include ::Openstack
|
||||
end
|
||||
|
||||
identity_admin_endpoint = admin_endpoint 'identity'
|
||||
|
||||
auth_url = ::URI.decode identity_admin_endpoint.to_s
|
||||
identity_endpoint = internal_endpoint 'identity'
|
||||
auth_url = ::URI.decode identity_endpoint.to_s
|
||||
|
||||
internal_designate_endpoint = internal_endpoint 'dns-api'
|
||||
public_designate_endpoint = public_endpoint 'dns-api'
|
||||
|
|
|
@ -23,11 +23,10 @@ class ::Chef::Recipe
|
|||
end
|
||||
|
||||
dns_endpoint = internal_endpoint 'dns-api'
|
||||
# TODO(jh): Make this more intelligent
|
||||
dns_url = dns_endpoint.to_s + '/v2'
|
||||
|
||||
identity_endpoint = internal_endpoint 'identity'
|
||||
auth_url = auth_uri_transform identity_endpoint.to_s, node['openstack']['dns']['api']['auth']['version']
|
||||
auth_url = ::URI.decode identity_endpoint.to_s
|
||||
|
||||
node.default['openstack']['network']['conf'].tap do |conf|
|
||||
conf['DEFAULT']['external_dns_driver'] = 'designate'
|
||||
|
|
Loading…
Reference in New Issue