Simplify identity endpoint

Per the Keystone Install Guide[1] the admin endpoint is superseded in
favor of a single public endpoint. Although internal goes through the
same instance, we should differentiate for project traffic and OpenStack
service traffic.

[1] https://docs.openstack.org/keystone/queens/install/keystone-install-ubuntu.html#install-and-configure-components

Depends-On: Id74966d9f1279f725bc41c08e434230a7845bbc1
Change-Id: I1adb3066c83aaffe8b22f2f2553f634483371974
Implements: blueprint simplify-identity-endpoint
This commit is contained in:
Samuel Cassiba 2018-06-12 21:55:40 -07:00
parent a85aea3845
commit c16309270c
3 changed files with 6 additions and 11 deletions

View File

@ -67,20 +67,17 @@ end
db_user = node['openstack']['db']['dns']['username']
db_pass = get_password 'db', 'designate'
public_identity_endpoint = identity_uri_transform(public_endpoint('identity'))
identity_endpoint = internal_endpoint 'identity'
bind_services = node['openstack']['bind_service']['all']
api_bind = bind_services['dns-api']
auth_url = auth_uri_transform identity_endpoint.to_s, node['openstack']['dns']['api']['auth']['version']
identity_endpoint = internal_endpoint 'identity'
# define attributes that are needed in designate.conf
node.default['openstack']['dns']['conf'].tap do |conf|
conf['service:api']['api_host'] = bind_address api_bind
conf['service:api']['api_port'] = api_bind['port']
conf['keystone_authtoken']['auth_uri'] = public_identity_endpoint
conf['keystone_authtoken']['auth_url'] = auth_url
conf['keystone_authtoken']['auth_url'] = identity_endpoint.to_s
conf['keystone_authtoken']['www_authenticate_uri'] = identity_endpoint.to_s
end
# define secrets that are needed in designate.conf

View File

@ -24,9 +24,8 @@ class ::Chef::Recipe
include ::Openstack
end
identity_admin_endpoint = admin_endpoint 'identity'
auth_url = ::URI.decode identity_admin_endpoint.to_s
identity_endpoint = internal_endpoint 'identity'
auth_url = ::URI.decode identity_endpoint.to_s
internal_designate_endpoint = internal_endpoint 'dns-api'
public_designate_endpoint = public_endpoint 'dns-api'

View File

@ -23,11 +23,10 @@ class ::Chef::Recipe
end
dns_endpoint = internal_endpoint 'dns-api'
# TODO(jh): Make this more intelligent
dns_url = dns_endpoint.to_s + '/v2'
identity_endpoint = internal_endpoint 'identity'
auth_url = auth_uri_transform identity_endpoint.to_s, node['openstack']['dns']['api']['auth']['version']
auth_url = ::URI.decode identity_endpoint.to_s
node.default['openstack']['network']['conf'].tap do |conf|
conf['DEFAULT']['external_dns_driver'] = 'designate'