Drop admin endpoints

The admin endpoints offer no special functionality, users may talk to the public endpoints instead. The only historic use case has been the keystone v2 admin endpoint, but with keystone v3 API, even that is no longer needed. [0] https://opendev.org/openstack/openstack-chef-specs/src/branch/master/specs/ocata/all/drop-admin-endpoints.rst Depends-On: https://review.openstack.org/652050 Change-Id: I8bee6f671187324cfecd820510d2a6d56f26ca77
2019-04-12 15:07:05 +00:00
parent edaf314d29
commit 9fb22fbbed
4 changed files with 13 additions and 19 deletions
--- a/attributes/default.rb
+++ b/attributes/default.rb
@@ -1,9 +1,5 @@
 # encoding: UTF-8
 #
-########################################################################
-# Toggles - These can be overridden at the environment level
-default['enable_monit'] = false # OS provides packages
-########################################################################

 # Set to some text value if you want templated config files
 # to contain a custom banner at the top of the written file
@@ -15,7 +11,7 @@ default['openstack']['compute']['custom_template_banner'] = '
 # Set dbsync command timeout value
 default['openstack']['compute']['dbsync_timeout'] = 3600

-# Disallow non-encrypted connections
+# Role to assign for the nova service user
 default['openstack']['compute']['service_role'] = 'admin'

 # Used to set correct permissions for directories and files
@@ -130,12 +126,12 @@ default['openstack']['compute']['misc_paste'] = nil
  compute-vnc compute-api
 ).each do |service|
  default['openstack']['bind_service']['all'][service]['host'] = '127.0.0.1'
-  %w(public internal admin).each do |type|
+  %w(public internal).each do |type|
    default['openstack']['endpoints'][type][service]['host'] = '127.0.0.1'
    default['openstack']['endpoints'][type][service]['scheme'] = 'http'
  end
 end
-%w(public internal admin).each do |type|
+%w(public internal).each do |type|
  default['openstack']['endpoints'][type]['compute-xvpvnc']['port'] = '6081'
  default['openstack']['endpoints'][type]['compute-xvpvnc']['path'] = '/console'
  # The OpenStack Compute (Nova) Native API endpoint
--- a/recipes/identity_registration.rb
+++ b/recipes/identity_registration.rb
@@ -29,7 +29,6 @@ identity_endpoint = internal_endpoint 'identity'
 interfaces = {
  public: { url: public_endpoint('compute-api') },
  internal: { url: internal_endpoint('compute-api') },
-  admin: { url: admin_endpoint('compute-api') },
 }
 placement_interfaces = {
  public: { url: public_endpoint('placement-api') },
@@ -44,21 +43,20 @@ service_role = node['openstack']['compute']['service_role']
 service_project_name = node['openstack']['compute']['conf']['keystone_authtoken']['project_name']
 service_domain_name = node['openstack']['compute']['conf']['keystone_authtoken']['user_domain_name']

-# TBD, another clean up opportunity. We could use the 'admin', and
-# 'internal' endpoints for a single service name. For now, we'll
-# leave the old names in place.
 region = node['openstack']['region']
 admin_user = node['openstack']['identity']['admin_user']
 admin_pass = get_password 'user', node['openstack']['identity']['admin_user']
 admin_project = node['openstack']['identity']['admin_project']
 admin_domain = node['openstack']['identity']['admin_domain_name']
+endpoint_type = node['openstack']['identity']['endpoint_type']

 connection_params = {
-  openstack_auth_url:     "#{auth_url}/auth/tokens",
-  openstack_username:     admin_user,
-  openstack_api_key:      admin_pass,
-  openstack_project_name: admin_project,
-  openstack_domain_name:  admin_domain,
+  openstack_auth_url:      "#{auth_url}/auth/tokens",
+  openstack_username:      admin_user,
+  openstack_api_key:       admin_pass,
+  openstack_project_name:  admin_project,
+  openstack_domain_name:   admin_domain,
+  openstack_endpoint_type: endpoint_type,
 }

 # Register Compute Services
--- a/recipes/nova-common.rb
+++ b/recipes/nova-common.rb
@@ -102,7 +102,7 @@ memcache_servers = memcached_servers.join ','

 # find the node attribute endpoint settings for the server holding a given role
 # Note that the bind and vnc endpoints don't have possible different values for
-# internal/admin/public. We'll stick with the general endpoint routine
+# internal/public. We'll stick with the general endpoint routine
 # for those.
 identity_endpoint = internal_endpoint 'identity'
 xvpvnc_endpoint = public_endpoint 'compute-xvpvnc'
@@ -153,7 +153,6 @@ node.default['openstack']['compute']['conf_secrets']

 node.default['openstack']['compute']['conf'].tap do |conf|
  conf['DEFAULT']['iscsi_helper'] = platform_options['iscsi_helper']
-  # conf['DEFAULT']['scheduler_default_filters'] = node['openstack']['compute']['scheduler']['default_filters'].join(',')

  conf['DEFAULT']['metadata_listen'] = compute_metadata_api_bind_address
  conf['DEFAULT']['metadata_listen_port'] = compute_metadata_api_bind['port']
--- a/spec/identity_registration_spec.rb
+++ b/spec/identity_registration_spec.rb
@@ -16,6 +16,7 @@ describe 'openstack-compute::identity_registration' do
      openstack_api_key: 'admin',
      openstack_project_name: 'admin',
      openstack_domain_name: 'default',
+      openstack_endpoint_type: 'internalURL',
    }
    service_name = 'nova'
    service_type = 'compute'
@@ -59,7 +60,7 @@ describe 'openstack-compute::identity_registration' do
    end

    context "registers #{service_name} endpoint" do
-      %w(admin internal public).each do |interface|
+      %w(internal public).each do |interface|
        it "creates #{interface} endpoint with default values" do
          expect(chef_run).to create_openstack_endpoint(
            service_type