5ba3b60874
Added a new config option to specify the keystone authentication endpoint to pass into cloud-init data. Heat code currently has several different methods of retrieving the keystone endpoint to embed into cloud-init data for created servers. This data is currently read from several different parts of the heat config file rather than the service catalog which results in URLs being passed which are appropriate for the heat service rather than the server. In particular there can be misconfiguration of servers due to deployments which separate the internal and external API endpoints. This patch introduces a new config variable server_keystone_endpoint_type which if set reads the keystone endpoint directly from the service catalog, if it is unset the original behavior is unchanged. story: 2004808 task: 28967 story: 2004524 Change-Id: I5d8fc5977014b196c34f4a59a30a7525bc778359
17 lines
713 B
YAML
17 lines
713 B
YAML
---
|
|
features:
|
|
- |
|
|
Added a new config option server_keystone_endpoint_type to specify
|
|
the keystone authentication endpoint (public/internal/admin)
|
|
to pass into cloud-init data.
|
|
If left unset the original behavior should remain unchanged.
|
|
|
|
This feature allows the deployer to unambiguously specify the
|
|
keystone endpoint passed to user provisioned servers, and is particularly
|
|
useful where the deployment network architecture requires the heat
|
|
service to interact with the internal endpoint,
|
|
but user provisioned servers only have access to the external network.
|
|
|
|
For more information see
|
|
http://lists.openstack.org/pipermail/openstack-discuss/2019-February/002925.html
|