From f5159fb2384076db43b5ded1f6688c6bf2f34ddb Mon Sep 17 00:00:00 2001
From: Chen Li <chen.li@intel.com>
Date: Mon, 9 Sep 2013 22:45:07 +0800
Subject: [PATCH] use different bind addresses for admin and public

Keystone supports configuration of an admin_port and a public_port.
Applications may well want the admin port to be open on a different private network.
This patch change single bind_host to public_bind_host and admin_bind_host in the configuration.

DocImpact

Change-Id: Ic91aade987724c8f7c9276ca94e27681ae590662
Closes-Bug: #1035326
---
 bin/keystone-all          | 4 ++--
 etc/keystone.conf.sample  | 3 ++-
 keystone/common/config.py | 9 ++++++++-
 3 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/bin/keystone-all b/bin/keystone-all
index 5abdb1371..18e2a1ce3 100755
--- a/bin/keystone-all
+++ b/bin/keystone-all
@@ -125,10 +125,10 @@ if __name__ == '__main__':
     servers = []
     servers.append(create_server(paste_config,
                                  'admin',
-                                 CONF.bind_host,
+                                 CONF.admin_bind_host,
                                  int(CONF.admin_port)))
     servers.append(create_server(paste_config,
                                  'main',
-                                 CONF.bind_host,
+                                 CONF.public_bind_host,
                                  int(CONF.public_port)))
     serve(*servers)
diff --git a/etc/keystone.conf.sample b/etc/keystone.conf.sample
index 4e1c06460..55a5c2c16 100644
--- a/etc/keystone.conf.sample
+++ b/etc/keystone.conf.sample
@@ -3,7 +3,8 @@
 # admin_token = ADMIN
 
 # The IP address of the network interface to listen on
-# bind_host = 0.0.0.0
+# public_bind_host = 0.0.0.0
+# admin_bind_host = 0.0.0.0
 
 # The port number which the public service listens on
 # public_port = 5000
diff --git a/keystone/common/config.py b/keystone/common/config.py
index 115d96a61..23aa6d3d0 100644
--- a/keystone/common/config.py
+++ b/keystone/common/config.py
@@ -27,7 +27,14 @@ _DEFAULT_AUTH_METHODS = ['external', 'password', 'token']
 FILE_OPTIONS = {
     '': [
         cfg.StrOpt('admin_token', secret=True, default='ADMIN'),
-        cfg.StrOpt('bind_host', default='0.0.0.0'),
+        cfg.StrOpt('public_bind_host',
+                   default='0.0.0.0',
+                   deprecated_opts=[cfg.DeprecatedOpt('bind_host',
+                                                      group='DEFAULT')]),
+        cfg.StrOpt('admin_bind_host',
+                   default='0.0.0.0',
+                   deprecated_opts=[cfg.DeprecatedOpt('bind_host',
+                                                      group='DEFAULT')]),
         cfg.IntOpt('compute_port', default=8774),
         cfg.IntOpt('admin_port', default=35357),
         cfg.IntOpt('public_port', default=5000),