Support using internal network for clients

Openstack mostly defaults to using public endpoints for
internal communication between services. This patch adds
a new option use-internal-endpoints which, if set to True,
will configure services to use internal endpoints where
possible.

Closes-Bug: 1456876
Change-Id: I0f13fa1ab66864859d3adb37e5ec64bd95d7025d

config.yaml

@@ -150,6 +150,13 @@ options:
     default: RegionOne
     type: string
     description: OpenStack Region
+  use-internal-endpoints:
+    default: False
+    type: boolean
+    description: |
+      Openstack mostly defaults to using public endpoints for
+      internal communication between services. If set to True this option will
+      configure services to use internal endpoints where possible.
   # HA configuration settings
   vip:
     type: string

hooks/charmhelpers/contrib/openstack/context.py

@@ -1479,3 +1479,15 @@ class NetworkServiceContext(OSContextGenerator):
                 if self.context_complete(ctxt):
                     return ctxt
         return {}
+
+
+class InternalEndpointContext(OSContextGenerator):
+    """Internal endpoint context.
+
+    This context provides the endpoint type used for communication between
+    services e.g. between Nova and Cinder internally. Openstack uses Public
+    endpoints by default so this allows admins to optionally use internal
+    endpoints.
+    """
+    def __call__(self):
+        return {'use_internal_endpoints': config('use-internal-endpoints')}

hooks/nova_cc_utils.py

@@ -235,7 +235,8 @@ BASE_RESOURCE_MAP = OrderedDict([
                      nova_cc_context.NovaConfigContext(),
                      nova_cc_context.InstanceConsoleContext(),
                      nova_cc_context.ConsoleSSLContext(),
-                     nova_cc_context.CloudComputeContext()],
+                     nova_cc_context.CloudComputeContext(),
+                     context.InternalEndpointContext()],
     }),
     (NOVA_API_PASTE, {
         'services': [s for s in resolve_services() if 'api' in s],

templates/juno/nova.conf

@@ -163,7 +163,7 @@ admin_user = {{ admin_user }}
 admin_password = {{ admin_password }}
 {% endif -%}
 
-{% include "parts/cinder" %}
+{% include "parts/section-cinder" %}
 
 [osapi_v3]
 enabled=True

templates/kilo/nova.conf

@@ -148,7 +148,7 @@ admin_auth_url = {{ auth_protocol }}://{{ auth_host }}:{{ auth_port }}/v2.0
 
 {% include "section-keystone-authtoken-legacy" %}
 
-{% include "parts/cinder" %}
+{% include "parts/section-cinder" %}
 
 [osapi_v3]
 enabled=True

templates/liberty/nova.conf

@@ -146,7 +146,7 @@ auth_plugin = password
 
 {% include "section-keystone-authtoken" %}
 
-{% include "parts/cinder" %}
+{% include "parts/section-cinder" %}
 
 [osapi_v3]
 enabled=True

templates/parts/cinder

@@ -1,5 +0,0 @@
-{% if volume_service and volume_service == 'cinder' -%}
-[cinder]
-os_region_name = {{ region }}
-{% endif -%}
-

templates/parts/section-cinder

@@ -0,0 +1,9 @@
+{% if volume_service and volume_service == 'cinder' -%}
+[cinder]
+{% if use_internal_endpoints -%}
+catalog_info = volumev2:cinderv2:internalURL
+{% endif %}
+{% if region -%}
+os_region_name = {{ region }}
+{% endif %}
+{% endif -%}