From b87d8b8cf8141c25a1a88f3cb66160e3d2900e11 Mon Sep 17 00:00:00 2001 From: Samuel Cassiba Date: Tue, 12 Jun 2018 21:55:40 -0700 Subject: [PATCH] Simplify identity endpoint Per the Keystone Install Guide[1] the admin endpoint is superseded in favor of a single public endpoint. As a result, the admin endpoint is no longer deployed by default. [1] https://docs.openstack.org/keystone/queens/install/keystone-install-ubuntu.html#install-and-configure-components Change-Id: I1adb3066c83aaffe8b22f2f2553f634483371974 Implements: blueprint simplify-identity-endpoint --- attributes/default.rb | 1 + recipes/common.rb | 7 ++----- recipes/dashboard.rb | 2 +- recipes/identity_registration.rb | 5 ++--- recipes/neutron_int.rb | 7 +++---- 5 files changed, 9 insertions(+), 13 deletions(-) diff --git a/attributes/default.rb b/attributes/default.rb index 1425a9d..09898a6 100644 --- a/attributes/default.rb +++ b/attributes/default.rb @@ -24,6 +24,7 @@ default['openstack']['endpoints'][ep_type]['dns-api']['host'] = '127.0.0.1' default['openstack']['endpoints'][ep_type]['dns-api']['scheme'] = 'http' default['openstack']['endpoints'][ep_type]['dns-api']['port'] = 9001 + default['openstack']['endpoints'][ep_type]['dns-api']['path'] = '/v2' end default['openstack']['bind_service']['all']['dns-api']['host'] = '127.0.0.1' default['openstack']['bind_service']['all']['dns-api']['port'] = 9001 diff --git a/recipes/common.rb b/recipes/common.rb index ead8a33..c0898bf 100644 --- a/recipes/common.rb +++ b/recipes/common.rb @@ -67,19 +67,16 @@ end db_user = node['openstack']['db']['dns']['username'] db_pass = get_password 'db', 'designate' -public_identity_endpoint = identity_uri_transform(public_endpoint('identity')) -identity_endpoint = internal_endpoint 'identity' - bind_services = node['openstack']['bind_service']['all'] api_bind = bind_services['dns-api'] -auth_url = auth_uri_transform identity_endpoint.to_s, node['openstack']['dns']['api']['auth']['version'] +identity_endpoint = public_endpoint 'identity' +auth_url = auth_uri_transform identity_endpoint.to_s, node['openstack']['api']['auth']['version'] # define attributes that are needed in designate.conf node.default['openstack']['dns']['conf'].tap do |conf| conf['service:api']['api_host'] = bind_address api_bind conf['service:api']['api_port'] = api_bind['port'] - conf['keystone_authtoken']['auth_uri'] = public_identity_endpoint conf['keystone_authtoken']['auth_url'] = auth_url end diff --git a/recipes/dashboard.rb b/recipes/dashboard.rb index f6ba110..209bc9c 100644 --- a/recipes/dashboard.rb +++ b/recipes/dashboard.rb @@ -18,7 +18,7 @@ # limitations under the License. # -class ::Chef::Recipe # rubocop:disable Documentation +class ::Chef::Recipe include ::Openstack end diff --git a/recipes/identity_registration.rb b/recipes/identity_registration.rb index 71c45ea..15392b4 100644 --- a/recipes/identity_registration.rb +++ b/recipes/identity_registration.rb @@ -24,9 +24,8 @@ class ::Chef::Recipe include ::Openstack end -identity_admin_endpoint = admin_endpoint 'identity' - -auth_url = ::URI.decode identity_admin_endpoint.to_s +identity_endpoint = public_endpoint 'identity' +auth_url = auth_uri_transform identity_endpoint.to_s, node['openstack']['api']['auth']['version'] internal_designate_endpoint = internal_endpoint 'dns-api' public_designate_endpoint = public_endpoint 'dns-api' diff --git a/recipes/neutron_int.rb b/recipes/neutron_int.rb index 015417d..3d5205a 100644 --- a/recipes/neutron_int.rb +++ b/recipes/neutron_int.rb @@ -23,11 +23,10 @@ class ::Chef::Recipe end dns_endpoint = internal_endpoint 'dns-api' -# TODO(jh): Make this more intelligent -dns_url = dns_endpoint.to_s + '/v2' +dns_url = dns_endpoint.to_s + node['openstack']['endpoints']['internal']['dns-api']['path'] -identity_endpoint = internal_endpoint 'identity' -auth_url = auth_uri_transform identity_endpoint.to_s, node['openstack']['dns']['api']['auth']['version'] +identity_endpoint = public_endpoint 'identity' +auth_url = auth_uri_transform identity_endpoint.to_s, node['openstack']['api']['auth']['version'] node.default['openstack']['network']['conf'].tap do |conf| conf['DEFAULT']['external_dns_driver'] = 'designate'