Support using internal network for clients

Openstack mostly defaults to using public endpoints for
internal communication between services. This patch adds
a new option use-internal-endpoints which, if set to True,
will configure services to use internal endpoints where
possible.

Closes-Bug: 1456876
Change-Id: Ibff9d2ae7bf978525d4eccacb8f9a535b36d2056

config.yaml

@@ -73,6 +73,13 @@ options:
     default: RegionOne
     type: string
     description: OpenStack Region
+  use-internal-endpoints:
+    default: False
+    type: boolean
+    description: |
+      Openstack mostly defaults to using public endpoints for
+      internal communication between services. If set to True this option will
+      configure services to use internal endpoints where possible.
   neutron-security-groups:
     type: boolean
     default: False

hooks/charmhelpers/contrib/openstack/context.py

@@ -1479,3 +1479,15 @@ class NetworkServiceContext(OSContextGenerator):
                 if self.context_complete(ctxt):
                     return ctxt
         return {}
+
+
+class InternalEndpointContext(OSContextGenerator):
+    """Internal endpoint context.
+
+    This context provides the endpoint type used for communication between
+    services e.g. between Nova and Cinder internally. Openstack uses Public
+    endpoints by default so this allows admins to optionally use internal
+    endpoints.
+    """
+    def __call__(self):
+        return {'use_internal_endpoints': config('use-internal-endpoints')}

hooks/neutron_api_utils.py

@@ -153,7 +153,8 @@ BASE_RESOURCE_MAP = OrderedDict([
                      context.ZeroMQContext(),
                      context.NotificationDriverContext(),
                      context.BindHostContext(),
-                     context.WorkerConfigContext()],
+                     context.WorkerConfigContext(),
+                     context.InternalEndpointContext()],
     }),
     (NEUTRON_DEFAULT, {
         'services': ['neutron-server'],

templates/icehouse/neutron.conf

@@ -116,3 +116,5 @@ admin_password = {{ admin_password }}
 service_provider=LOADBALANCER:Haproxy:neutron.services.loadbalancer.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default
 service_provider=VPN:openswan:neutron.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default
 service_provider=FIREWALL:Iptables:neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver:default
+
+{% include "parts/section-nova" %}

templates/juno/neutron.conf

@@ -105,3 +105,5 @@ service_provider=VPN:openswan:neutron.services.vpn.service_drivers.ipsec.IPsecVP
 {% if not neutron_plugin or neutron_plugin != 'midonet' -%}
 service_provider=FIREWALL:Iptables:neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver:default
 {% endif -%}
+
+{% include "parts/section-nova" %}

templates/kilo/neutron.conf

@@ -117,3 +117,5 @@ service_provider=FIREWALL:Iptables:neutron_fwaas.agent.linux.iptables_firewall.O
 
 [oslo_concurrency]
 lock_path = $state_path/lock
+
+{% include "parts/section-nova" %}

templates/liberty/neutron.conf

@@ -61,9 +61,6 @@ dhcp_agents_per_network = {{ dhcp_agents_per_network }}
 notify_nova_on_port_status_changes = True
 notify_nova_on_port_data_changes = True
 
-[nova]
-auth_section = keystone_authtoken
-
 {% if sections and 'DEFAULT' in sections -%}
 {% for key, value in sections['DEFAULT'] -%}
 {{ key }} = {{ value }}
@@ -106,3 +103,5 @@ root_helper = sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf
 
 [oslo_concurrency]
 lock_path = $state_path/lock
+
+{% include "parts/section-nova" %}

templates/mitaka/neutron.conf

@@ -64,9 +64,6 @@ notify_nova_on_port_data_changes = True
 
 {% include "section-zeromq" %}
 
-[nova]
-auth_section = keystone_authtoken
-
 [quotas]
 {% if quota_driver -%}
 quota_driver = {{ quota_driver }}
@@ -101,3 +98,5 @@ root_helper = sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf
 
 [oslo_concurrency]
 lock_path = $state_path/lock
+
+{% include "parts/section-nova" %}

templates/parts/section-nova

@@ -0,0 +1,5 @@
+[nova]
+auth_section = keystone_authtoken
+{% if use_internal_endpoints -%}
+endpoint_type = internal
+{% endif %}