From 41ef77528da3ff0dd61f781877b3d0c0e6551069 Mon Sep 17 00:00:00 2001 From: James Slagle Date: Mon, 15 Aug 2016 10:12:50 -0400 Subject: [PATCH] Use http for Ironic deployments When conductor/api_url is not configured in ironic.conf, Ironic queries keystone for the url. When using Undercloud ssl, this results in deployments using ssl and IPA is not able to talk to Ironic over ssl because it does not trust the certificate. Previously, this was not the case, and it would choose the internal url instead of the public url. But something has apparently changed somewhere and the tripleo-ci promote jobs using undercloud ssl are now failing to promote due to this issue. To restore the previous behavior, this patch configures conductor/api_url to use the internal endpoint. Dependst-On: I558b53591b14ed43c725a4d0e0a67401adc7d2f0 Co-Authorized-By: James Slagle Co-Authorized-By: Emilien Macchi Change-Id: Ib99b8a0bec3b8235a32dab4a67a448ec89707f8a Closes-Bug: #1613088 --- elements/puppet-stack-config/puppet-stack-config.yaml.template | 3 +++ 1 file changed, 3 insertions(+) diff --git a/elements/puppet-stack-config/puppet-stack-config.yaml.template b/elements/puppet-stack-config/puppet-stack-config.yaml.template index b3842d9d5..1642307ab 100644 --- a/elements/puppet-stack-config/puppet-stack-config.yaml.template +++ b/elements/puppet-stack-config/puppet-stack-config.yaml.template @@ -389,6 +389,9 @@ ironic::rabbit_host: {{LOCAL_IP}} ironic::rabbit_hosts: {{LOCAL_IP:5672}} ironic::rabbit_userid: {{UNDERCLOUD_RABBIT_USERNAME}} ironic::rabbit_password: {{UNDERCLOUD_RABBIT_PASSWORD}} +# Ironic conductor forces deployments to use http +# https://bugs.launchpad.net/tripleo/+bug/1613088 +ironic::conductor::api_url: {{UNDERCLOUD_ENDPOINT_IRONIC_INTERNAL}} ironic::conductor::force_power_state_during_sync: false ironic::conductor::automated_clean: {{CLEAN_NODES}} ironic::keystone::auth::tenant: 'service'