Force novaclient to use internal network

Closes-Bug: 1456876 Change-Id: Ibff9d2ae7bf978525d4eccacb8f9a535b36d2056
2016-03-24 17:38:30 +00:00 · 2016-03-24 17:38:30 +00:00 · b088b4bc65
parent 0d4e1bfa43
commit b088b4bc65
8 changed files with 37 additions and 1 deletions
--- a/config.yaml
+++ b/config.yaml
@ -73,6 +73,13 @@ options:
    default: RegionOne
    type: string
    description: OpenStack Region
+  use-internal-endpoints:
+    default: False
+    type: boolean
+    description: |
+      Openstack mostly defaults to using public endpoints for
+      internal communication between services. If set to True this option will
+      configure services to use internal endpoints where possible.
  neutron-security-groups:
    type: boolean
    default: False
--- a/hooks/neutron_api_context.py
+++ b/hooks/neutron_api_context.py
@ -379,3 +379,19 @@ class MidonetContext(context.OSContextGenerator):
                if self.context_complete(ctxt):
                    return ctxt
        return {}
+
+
+class InternalEndpointContext(context.OSContextGenerator):
+    """Internal endpoint context.
+
+    This context provides the endpoint type used for communication between
+    services e.g. between Nova and Cinder internally. Openstack uses Public
+    endpoints by default so this allows admins to optionally use internal
+    endpoints.
+    """
+    def __call__(self):
+        type = config('use-internal-endpoints')
+        if type:
+            return {'use_internal_endpoints': True}
+
+        return {}
--- a/hooks/neutron_api_utils.py
+++ b/hooks/neutron_api_utils.py
@ -153,7 +153,8 @@ BASE_RESOURCE_MAP = OrderedDict([
                     context.ZeroMQContext(),
                     context.NotificationDriverContext(),
                     context.BindHostContext(),
-                     context.WorkerConfigContext()],
+                     context.WorkerConfigContext(),
+                     neutron_api_context.InternalEndpointContext()],
    }),
    (NEUTRON_DEFAULT, {
        'services': ['neutron-server'],
--- a/templates/icehouse/neutron.conf
+++ b/templates/icehouse/neutron.conf
@ -116,3 +116,5 @@ admin_password = {{ admin_password }}
 service_provider=LOADBALANCER:Haproxy:neutron.services.loadbalancer.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default
 service_provider=VPN:openswan:neutron.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default
 service_provider=FIREWALL:Iptables:neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver:default
+
+{% include "parts/nova" %}
--- a/templates/juno/neutron.conf
+++ b/templates/juno/neutron.conf
@ -105,3 +105,5 @@ service_provider=VPN:openswan:neutron.services.vpn.service_drivers.ipsec.IPsecVP
 {% if not neutron_plugin or neutron_plugin != 'midonet' -%}
 service_provider=FIREWALL:Iptables:neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver:default
 {% endif -%}
+
+{% include "parts/nova" %}
--- a/templates/liberty/neutron.conf
+++ b/templates/liberty/neutron.conf
@ -106,3 +106,5 @@ root_helper = sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf

 [oslo_concurrency]
 lock_path = $state_path/lock
+
+{% include "parts/nova" %}
--- a/templates/mitaka/neutron.conf
+++ b/templates/mitaka/neutron.conf
@ -101,3 +101,5 @@ root_helper = sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf

 [oslo_concurrency]
 lock_path = $state_path/lock
+
+{% include "parts/nova" %}
--- a/templates/parts/nova
+++ b/templates/parts/nova
@ -0,0 +1,4 @@
+[nova]
+{% if use_internal_endpoints -%}
+endpoint_type = internal
+{% endif %}