Provide a control knob to use the internal EP interface
By default neutron client is always using the public interface. However one customer decided to disable the public interface for some security reason and requested a way to use the internal interface instead. Change-Id: I829eb77a428fc5ee86911067ea5b6a0353301c20
This commit is contained in:
parent
6b02f21230
commit
8f70f3da53
|
@ -40,6 +40,8 @@ class ProjectNameCache(object):
|
|||
self.project_names = {}
|
||||
self.keystone = None
|
||||
self.gbp = None
|
||||
self.enable_neutronclient_internal_ep_interface = (
|
||||
cfg.CONF.ml2_apic_aim.enable_neutronclient_internal_ep_interface)
|
||||
|
||||
def _get_keystone_client(self):
|
||||
# REVISIT: It seems load_from_conf_options() and
|
||||
|
@ -56,7 +58,11 @@ class ProjectNameCache(object):
|
|||
LOG.debug("Got session: %s", session)
|
||||
self.keystone = ksc_client.Client(session=session)
|
||||
LOG.debug("Got keystone client: %s", self.keystone)
|
||||
self.gbp = gbp_client.Client(session=session)
|
||||
endpoint_type = 'publicURL'
|
||||
if self.enable_neutronclient_internal_ep_interface:
|
||||
endpoint_type = 'internalURL'
|
||||
self.gbp = gbp_client.Client(session=session,
|
||||
endpoint_type=endpoint_type)
|
||||
LOG.debug("Got gbp client: %s", self.gbp)
|
||||
|
||||
def ensure_project(self, project_id):
|
||||
|
|
|
@ -38,6 +38,11 @@ apic_opts = [
|
|||
help=("This will enable purging all the resources including "
|
||||
"the tenant once a keystone project.deleted "
|
||||
"notification is received.")),
|
||||
cfg.BoolOpt('enable_neutronclient_internal_ep_interface',
|
||||
default=False,
|
||||
help=("Set to True to use the internal endpoint interface "
|
||||
"while initializing the neutron client. By default its "
|
||||
"using the public interface.")),
|
||||
cfg.BoolOpt('enable_iptables_firewall',
|
||||
default=False,
|
||||
help=("This will enable the iptables firewall implementation "
|
||||
|
|
Loading…
Reference in New Issue