openstack/kayobe
Code Issues Proposed changes

Use public FQDN for OS_AUTH_URL in public-openrc.sh

Browse Source 
If a public FQDN is defined, use it instead of the virtual IP address.
When using TLS, certificates are generally tied to a hostname rather
than to an IP address.

Change-Id: I0afef32a0f4030bba613febdf266e2ccd863512d
This commit is contained in:
Pierre Riteau 2018-12-10 10:18:57 +00:00
parent 4244a8d7a6
commit c6764f557f
2 changed files with 10 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ansible/public-openrc.yml
View File

@ -8,9 +8,9 @@
- public-openrc - public-openrc
vars: vars:
public_api_proto: "{% if kolla_enable_tls_external | bool %}https{% else %}http{% endif %}" public_api_proto: "{% if kolla_enable_tls_external | bool %}https{% else %}http{% endif %}"
public_api_vip_address: "{{ public_net_name | net_vip_address }}" public_api_host: "{{ public_net_name | net_fqdn or public_net_name | net_vip_address }}"
public_api_keystone_port: 5000 public_api_keystone_port: 5000
roles: roles:
- role: public-openrc - role: public-openrc
public_openrc_kolla_config_path: "{{ kolla_config_path }}" public_openrc_kolla_config_path: "{{ kolla_config_path }}"
public_openrc_auth_url: "{{ public_api_proto }}://{{ public_api_vip_address }}:{{ public_api_keystone_port }}" public_openrc_auth_url: "{{ public_api_proto }}://{{ public_api_host }}:{{ public_api_keystone_port }}"

8
releasenotes/notes/use-public-fqdn-in-openrc-f7990958ceec817d.yaml Normal file
View File

@ -0,0 +1,8 @@
---
fixes:
- |
The ``public-openrc.sh`` file generated by Kayobe now uses the public
network FQDN for populating the OS_AUTH_URL variable instead of using the
public virtual IP address. If the FQDN variable is not set, the virtual IP
address remains used. This ensures better compatibility with TLS-enabled
deployments where certificates are generally tied to a hostname.