From 1cedf77f19ccd0b01791553016fde77748a2ce74 Mon Sep 17 00:00:00 2001 From: Dave McCowan Date: Fri, 12 Feb 2016 12:37:13 -0500 Subject: [PATCH] Use variables to specify http or https when constructing URLs To allow for TLS to protect the service endpoints, the protocol in the URLs for the endpoints will be either http or https. This patch removes the hardcoded values of http and replaces them with variables that can be adjusted accordingly in future patches. Change-Id: Ibca6f8aac09c65115d1ac9957410e7f81ac7671e Partially-implements: blueprint ssl-kolla --- ansible/group_vars/all.yml | 8 ++++++-- ansible/roles/cinder/tasks/register.yml | 12 ++++++------ ansible/roles/cinder/templates/cinder.conf.j2 | 6 +++--- ansible/roles/common/templates/admin-openrc.sh.j2 | 2 +- ansible/roles/glance/tasks/register.yml | 6 +++--- ansible/roles/glance/templates/glance-api.conf.j2 | 4 ++-- .../roles/glance/templates/glance-registry.conf.j2 | 4 ++-- ansible/roles/heat/tasks/register.yml | 12 ++++++------ ansible/roles/heat/templates/heat.conf.j2 | 14 +++++++------- ansible/roles/horizon/templates/local_settings.j2 | 2 +- ansible/roles/ironic/tasks/register.yml | 6 +++--- ansible/roles/ironic/templates/discoverd.conf.j2 | 2 +- ansible/roles/ironic/templates/ironic.conf.j2 | 8 ++++---- ansible/roles/keystone/tasks/register.yml | 6 +++--- ansible/roles/kibana/templates/kibana.yml.j2 | 2 +- ansible/roles/magnum/tasks/register.yml | 6 +++--- ansible/roles/magnum/templates/magnum.conf.j2 | 8 ++++---- ansible/roles/mistral/tasks/register.yml | 6 +++--- ansible/roles/mistral/templates/mistral.conf.j2 | 6 +++--- ansible/roles/murano/tasks/register.yml | 6 +++--- ansible/roles/murano/templates/murano.conf.j2 | 6 +++--- ansible/roles/neutron/tasks/register.yml | 6 +++--- ansible/roles/neutron/templates/neutron.conf.j2 | 6 +++--- ansible/roles/nova/tasks/register.yml | 6 +++--- ansible/roles/nova/templates/nova.conf.j2 | 14 +++++++------- ansible/roles/swift/tasks/register.yml | 6 +++--- ansible/roles/swift/templates/proxy-server.conf.j2 | 4 ++-- dev/vagrant/centos-bootstrap.sh | 3 ++- 28 files changed, 91 insertions(+), 86 deletions(-) diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml index 55aa9fd23f..4ddef5c48a 100644 --- a/ansible/group_vars/all.yml +++ b/ansible/group_vars/all.yml @@ -128,6 +128,10 @@ mistral_api_port: "8989" kibana_port: "5601" elasticsearch_port: "9200" +public_protocol: "http" +internal_protocol: "http" +admin_protocol: "http" + #################### # Openstack options #################### @@ -145,7 +149,7 @@ nova_console: "novnc" # Openstack authentication string. You should only need to override these if you # are changing the admin tenant/project or user. openstack_auth: - auth_url: "http://{{ kolla_internal_address }}:{{ keystone_admin_port }}" + auth_url: "{{ admin_protocol }}://{{ kolla_internal_address }}:{{ keystone_admin_port }}" username: "admin" password: "{{ keystone_admin_password }}" project_name: "admin" @@ -153,7 +157,7 @@ openstack_auth: # This shouldn't be needed for long. It is only temporary until we get the # ansible modules sorted out openstack_auth_v2: - auth_url: "http://{{ kolla_internal_address }}:{{ keystone_admin_port }}/v2.0" + auth_url: "{{ admin_protocol }}://{{ kolla_internal_address }}:{{ keystone_admin_port }}/v2.0" username: "admin" password: "{{ keystone_admin_password }}" project_name: "admin" diff --git a/ansible/roles/cinder/tasks/register.yml b/ansible/roles/cinder/tasks/register.yml index 31f887cca1..3ce4fc8586 100644 --- a/ansible/roles/cinder/tasks/register.yml +++ b/ansible/roles/cinder/tasks/register.yml @@ -6,9 +6,9 @@ service_type=volume description='Openstack Block Storage' endpoint_region={{ openstack_region_name }} - admin_url='http://{{ kolla_internal_address }}:{{ cinder_api_port }}/v2/%(tenant_id)s' - internal_url='http://{{ kolla_internal_address }}:{{ cinder_api_port }}/v2/%(tenant_id)s' - public_url='http://{{ kolla_external_address }}:{{ cinder_api_port }}/v2/%(tenant_id)s' + admin_url='{{ admin_protocol }}://{{ kolla_internal_address }}:{{ cinder_api_port }}/v2/%(tenant_id)s' + internal_url='{{ internal_protocol }}://{{ kolla_internal_address }}:{{ cinder_api_port }}/v2/%(tenant_id)s' + public_url='{{ public_protocol }}://{{ kolla_external_address }}:{{ cinder_api_port }}/v2/%(tenant_id)s' region_name={{ openstack_region_name }} auth={{ '{{ openstack_cinder_auth }}' }}" -e "{'openstack_cinder_auth':{{ openstack_cinder_auth }}}" @@ -26,9 +26,9 @@ service_type=volumev2 description='Openstack Block Storage' endpoint_region={{ openstack_region_name }} - admin_url='http://{{ kolla_internal_address }}:{{ cinder_api_port }}/v2/%(tenant_id)s' - internal_url='http://{{ kolla_internal_address }}:{{ cinder_api_port }}/v2/%(tenant_id)s' - public_url='http://{{ kolla_external_address }}:{{ cinder_api_port }}/v2/%(tenant_id)s' + admin_url='{{ admin_protocol }}://{{ kolla_internal_address }}:{{ cinder_api_port }}/v2/%(tenant_id)s' + internal_url='{{ internal_protocol }}://{{ kolla_internal_address }}:{{ cinder_api_port }}/v2/%(tenant_id)s' + public_url='{{ public_protocol }}://{{ kolla_external_address }}:{{ cinder_api_port }}/v2/%(tenant_id)s' region_name={{ openstack_region_name }} auth={{ '{{ openstack_cinder_auth }}' }}" -e "{'openstack_cinder_auth':{{ openstack_cinder_auth }}}" diff --git a/ansible/roles/cinder/templates/cinder.conf.j2 b/ansible/roles/cinder/templates/cinder.conf.j2 index 107e190100..f7d4463c7b 100644 --- a/ansible/roles/cinder/templates/cinder.conf.j2 +++ b/ansible/roles/cinder/templates/cinder.conf.j2 @@ -7,7 +7,7 @@ syslog_log_facility = LOG_LOCAL0 enable_v1_api=false volume_name_template = %s -glance_api_servers = http://{{ kolla_internal_address }}:{{ glance_api_port }} +glance_api_servers = {{ internal_protocol }}://{{ kolla_internal_address }}:{{ glance_api_port }} glance_api_version = 2 os_region_name = {{ openstack_region_name }} @@ -43,8 +43,8 @@ auth_strategy = keystone connection = mysql+pymysql://{{ cinder_database_user }}:{{ cinder_database_password }}@{{ cinder_database_address }}/{{ cinder_database_name }} [keystone_authtoken] -auth_uri = http://{{ kolla_internal_address }}:{{ keystone_public_port }} -auth_url = http://{{ kolla_internal_address }}:{{ keystone_admin_port }} +auth_uri = {{ internal_protocol }}://{{ kolla_internal_address }}:{{ keystone_public_port }} +auth_url = {{ admin_protocol }}://{{ kolla_internal_address }}:{{ keystone_admin_port }} auth_type = password project_domain_id = default user_domain_id = default diff --git a/ansible/roles/common/templates/admin-openrc.sh.j2 b/ansible/roles/common/templates/admin-openrc.sh.j2 index 9ab250f6ac..0626818cd4 100644 --- a/ansible/roles/common/templates/admin-openrc.sh.j2 +++ b/ansible/roles/common/templates/admin-openrc.sh.j2 @@ -4,5 +4,5 @@ export OS_PROJECT_NAME=admin export OS_TENANT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD={{ keystone_admin_password }} -export OS_AUTH_URL=http://{{ kolla_internal_address }}:{{ keystone_admin_port }}/v3 +export OS_AUTH_URL={{ admin_protocol }}://{{ kolla_internal_address }}:{{ keystone_admin_port }}/v3 export OS_IDENTITY_API_VERSION=3 diff --git a/ansible/roles/glance/tasks/register.yml b/ansible/roles/glance/tasks/register.yml index 905eba8a0d..9e2a11a677 100644 --- a/ansible/roles/glance/tasks/register.yml +++ b/ansible/roles/glance/tasks/register.yml @@ -6,9 +6,9 @@ service_type=image description='Openstack Image' endpoint_region={{ openstack_region_name }} - admin_url='http://{{ kolla_internal_address }}:{{ glance_api_port }}' - internal_url='http://{{ kolla_internal_address }}:{{ glance_api_port }}' - public_url='http://{{ kolla_external_address }}:{{ glance_api_port }}' + admin_url='{{ admin_protocol }}://{{ kolla_internal_address }}:{{ glance_api_port }}' + internal_url='{{ internal_protocol }}://{{ kolla_internal_address }}:{{ glance_api_port }}' + public_url='{{ public_protocol }}://{{ kolla_external_address }}:{{ glance_api_port }}' region_name={{ openstack_region_name }} auth={{ '{{ openstack_glance_auth }}' }}" -e "{'openstack_glance_auth':{{ openstack_glance_auth }}}" diff --git a/ansible/roles/glance/templates/glance-api.conf.j2 b/ansible/roles/glance/templates/glance-api.conf.j2 index afec01b1a3..685b2049ec 100644 --- a/ansible/roles/glance/templates/glance-api.conf.j2 +++ b/ansible/roles/glance/templates/glance-api.conf.j2 @@ -18,8 +18,8 @@ show_image_direct_url= True connection = mysql+pymysql://{{ glance_database_user }}:{{ glance_database_password }}@{{ glance_database_address }}/{{ glance_database_name }} [keystone_authtoken] -auth_uri = http://{{ kolla_internal_address }}:{{ keystone_public_port }} -auth_url = http://{{ kolla_internal_address }}:{{ keystone_admin_port }} +auth_uri = {{ internal_protocol }}://{{ kolla_internal_address }}:{{ keystone_public_port }} +auth_url = {{ admin_protocol }}://{{ kolla_internal_address }}:{{ keystone_admin_port }} auth_type = password project_domain_id = default user_domain_id = default diff --git a/ansible/roles/glance/templates/glance-registry.conf.j2 b/ansible/roles/glance/templates/glance-registry.conf.j2 index e3e0d05aa6..db3e58c803 100644 --- a/ansible/roles/glance/templates/glance-registry.conf.j2 +++ b/ansible/roles/glance/templates/glance-registry.conf.j2 @@ -12,8 +12,8 @@ syslog_log_facility = LOG_LOCAL0 connection = mysql+pymysql://{{ glance_database_user }}:{{ glance_database_password }}@{{ glance_database_address }}/{{ glance_database_name }} [keystone_authtoken] -auth_uri = http://{{ kolla_internal_address }}:{{ keystone_public_port }} -auth_url = http://{{ kolla_internal_address }}:{{ keystone_admin_port }} +auth_uri = {{ internal_protocol }}://{{ kolla_internal_address }}:{{ keystone_public_port }} +auth_url = {{ admin_protocol }}://{{ kolla_internal_address }}:{{ keystone_admin_port }} auth_type = password project_domain_id = default user_domain_id = default diff --git a/ansible/roles/heat/tasks/register.yml b/ansible/roles/heat/tasks/register.yml index d6fd4d71dc..e9b8127d40 100644 --- a/ansible/roles/heat/tasks/register.yml +++ b/ansible/roles/heat/tasks/register.yml @@ -6,9 +6,9 @@ service_type=orchestration description='Openstack Orchestration' endpoint_region={{ openstack_region_name }} - admin_url='http://{{ kolla_internal_address }}:{{ heat_api_port }}/v1/%(tenant_id)s' - internal_url='http://{{ kolla_internal_address }}:{{ heat_api_port }}/v1/%(tenant_id)s' - public_url='http://{{ kolla_external_address }}:{{ heat_api_port }}/v1/%(tenant_id)s' + admin_url='{{ admin_protocol }}://{{ kolla_internal_address }}:{{ heat_api_port }}/v1/%(tenant_id)s' + internal_url='{{ internal_protocol }}://{{ kolla_internal_address }}:{{ heat_api_port }}/v1/%(tenant_id)s' + public_url='{{ public_protocol }}://{{ kolla_external_address }}:{{ heat_api_port }}/v1/%(tenant_id)s' region_name={{ openstack_region_name }} auth={{ '{{ openstack_heat_auth }}' }}" -e "{'openstack_heat_auth':{{ openstack_heat_auth }}}" @@ -26,9 +26,9 @@ service_type=orchestration description='Openstack Orchestration' endpoint_region={{ openstack_region_name }} - admin_url='http://{{ kolla_internal_address }}:{{ heat_api_port }}/v1' - internal_url='http://{{ kolla_internal_address }}:{{ heat_api_cfn_port }}/v1' - public_url='http://{{ kolla_external_address }}:{{ heat_api_cfn_port }}/v1' + admin_url='{{ admin_protocol }}://{{ kolla_internal_address }}:{{ heat_api_port }}/v1' + internal_url='{{ internal_protocol }}://{{ kolla_internal_address }}:{{ heat_api_cfn_port }}/v1' + public_url='{{ public_protocol }}://{{ kolla_external_address }}:{{ heat_api_cfn_port }}/v1' region_name={{ openstack_region_name }} auth={{ '{{ openstack_heat_auth }}' }}" -e "{'openstack_heat_auth':{{ openstack_heat_auth }}}" diff --git a/ansible/roles/heat/templates/heat.conf.j2 b/ansible/roles/heat/templates/heat.conf.j2 index c2faa835fd..330fa5a9f2 100644 --- a/ansible/roles/heat/templates/heat.conf.j2 +++ b/ansible/roles/heat/templates/heat.conf.j2 @@ -1,9 +1,9 @@ [DEFAULT] debug = {{ heat_logging_debug }} -heat_watch_server_url = http://{{ kolla_external_address }}:{{ heat_api_cfn_port }} -heat_metadata_server_url = http://{{ kolla_external_address }}:{{ heat_api_cfn_port }} -heat_waitcondition_server_url = http://{{ kolla_external_address }}:{{ heat_api_cfn_port }}/v1/waitcondition +heat_watch_server_url = {{ public_protocol }}://{{ kolla_external_address }}:{{ heat_api_cfn_port }} +heat_metadata_server_url = {{ public_protocol }}://{{ kolla_external_address }}:{{ heat_api_cfn_port }} +heat_waitcondition_server_url = {{ public_protocol }}://{{ kolla_external_address }}:{{ heat_api_cfn_port }}/v1/waitcondition stack_domain_admin = heat_domain_admin stack_domain_admin_password = {{ heat_domain_admin_password }} @@ -37,8 +37,8 @@ bind_port = {{ heat_api_cfn_port }} connection = mysql+pymysql://{{ heat_database_user }}:{{ heat_database_password }}@{{ heat_database_address }}/{{ heat_database_name }} [keystone_authtoken] -auth_uri = http://{{ kolla_internal_address }}:{{ keystone_public_port }} -auth_url = http://{{ kolla_internal_address }}:{{ keystone_admin_port }} +auth_uri = {{ internal_protocol }}://{{ kolla_internal_address }}:{{ keystone_public_port }} +auth_url = {{ admin_protocol }}://{{ kolla_internal_address }}:{{ keystone_admin_port }} auth_type = password project_domain_id = default user_domain_id = default @@ -47,10 +47,10 @@ username = heat password = {{ heat_keystone_password }} [ec2authtoken] -auth_uri = http://{{ kolla_internal_address }}:{{ keystone_public_port }} +auth_uri = {{ internal_protocol }}://{{ kolla_internal_address }}:{{ keystone_public_port }} [clients_keystone] -auth_uri = http://{{ kolla_internal_address }}:{{ keystone_public_port }} +auth_uri = {{ internal_protocol }}://{{ kolla_internal_address }}:{{ keystone_public_port }} [oslo_messaging_notifications] driver = noop diff --git a/ansible/roles/horizon/templates/local_settings.j2 b/ansible/roles/horizon/templates/local_settings.j2 index 9b7279b671..65d9586bd8 100644 --- a/ansible/roles/horizon/templates/local_settings.j2 +++ b/ansible/roles/horizon/templates/local_settings.j2 @@ -148,7 +148,7 @@ EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend' #] OPENSTACK_HOST = "{{ kolla_external_address }}" -OPENSTACK_KEYSTONE_URL = "http://%s:{{ keystone_public_port }}/v3" % OPENSTACK_HOST +OPENSTACK_KEYSTONE_URL = "{{ public_protocol }}://%s:{{ keystone_public_port }}/v3" % OPENSTACK_HOST OPENSTACK_KEYSTONE_DEFAULT_ROLE = "_member_" # Enables keystone web single-sign-on if set to True. diff --git a/ansible/roles/ironic/tasks/register.yml b/ansible/roles/ironic/tasks/register.yml index c1862b1d7e..fc44611b3a 100644 --- a/ansible/roles/ironic/tasks/register.yml +++ b/ansible/roles/ironic/tasks/register.yml @@ -6,9 +6,9 @@ service_type=baremetal description='Ironic bare metal provisioning service' endpoint_region={{ openstack_region_name }} - admin_url='http://{{ ironic_admin_address }}:{{ ironic_api_port }}' - internal_url='http://{{ ironic_internal_address }}:{{ ironic_api_port }}' - public_url='http://{{ ironic_public_address }}:{{ ironic_api_port }}' + admin_url='{{ admin_protocol }}://{{ ironic_admin_address }}:{{ ironic_api_port }}' + internal_url='{{ internal_protocol }}://{{ ironic_internal_address }}:{{ ironic_api_port }}' + public_url='{{ public_protocol }}://{{ ironic_public_address }}:{{ ironic_api_port }}' region_name={{ openstack_region_name }} auth={{ '{{ openstack_ironic_auth }}' }}" -e "{'openstack_ironic_auth':{{ openstack_ironic_auth }}}" diff --git a/ansible/roles/ironic/templates/discoverd.conf.j2 b/ansible/roles/ironic/templates/discoverd.conf.j2 index 1f64d564ac..151fcfa9d2 100644 --- a/ansible/roles/ironic/templates/discoverd.conf.j2 +++ b/ansible/roles/ironic/templates/discoverd.conf.j2 @@ -1,6 +1,6 @@ [discoverd] database = inspector.sqlite3 -os_auth_url = http://{{ kolla_internal_address }}:{{ keystone_public_port }}/v2.0 +os_auth_url = {{ internal_protocol }}://{{ kolla_internal_address }}:{{ keystone_public_port }}/v2.0 os_username = {{ openstack_auth.username }} os_password = {{ openstack_auth.password }} os_tenant_name = {{ openstack_auth.project_name }} diff --git a/ansible/roles/ironic/templates/ironic.conf.j2 b/ansible/roles/ironic/templates/ironic.conf.j2 index 0a06349918..f100b681ff 100644 --- a/ansible/roles/ironic/templates/ironic.conf.j2 +++ b/ansible/roles/ironic/templates/ironic.conf.j2 @@ -10,7 +10,7 @@ host_ip = {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['a {% if service_name == 'ironic-conductor' %} [conductor] -api_url = http://{{ kolla_internal_address }}:{{ ironic_api_port }} +api_url = {{ internal_protocol }}://{{ kolla_internal_address }}:{{ ironic_api_port }} clean_nodes = false {% endif %} @@ -18,8 +18,8 @@ clean_nodes = false connection = mysql+pymysql://{{ ironic_database_user }}:{{ ironic_database_password }}@{{ ironic_database_address }}/{{ ironic_database_name }} [keystone_authtoken] -auth_uri = http://{{ kolla_internal_address }}:{{ keystone_public_port }} -auth_url = http://{{ kolla_internal_address }}:{{ keystone_admin_port }} +auth_uri = {{ internal_protocol }}://{{ kolla_internal_address }}:{{ keystone_public_port }} +auth_url = {{ admin_protocol }}://{{ kolla_internal_address }}:{{ keystone_admin_port }} auth_type = password project_domain_id = default user_domain_id = default @@ -31,7 +31,7 @@ password = {{ ironic_keystone_password }} glance_host = {{ kolla_internal_address }} [neutron] -url = http://{{ kolla_internal_address }}:{{ neutron_server_port }} +url = {{ internal_protocol }}://{{ kolla_internal_address }}:{{ neutron_server_port }} [oslo_messaging_rabbit] rabbit_userid = {{ rabbitmq_user }} diff --git a/ansible/roles/keystone/tasks/register.yml b/ansible/roles/keystone/tasks/register.yml index a20d6c422e..2b9af5a600 100644 --- a/ansible/roles/keystone/tasks/register.yml +++ b/ansible/roles/keystone/tasks/register.yml @@ -24,9 +24,9 @@ service_type=identity description='Openstack Identity' endpoint_region={{ openstack_region_name }} - admin_url='http://{{ kolla_internal_address }}:{{ keystone_admin_port }}' - internal_url='http://{{ kolla_internal_address }}:{{ keystone_admin_port }}' - public_url='http://{{ kolla_external_address }}:{{ keystone_public_port }}' + admin_url='{{ admin_protocol }}://{{ kolla_internal_address }}:{{ keystone_admin_port }}' + internal_url='{{ internal_protocol }}://{{ kolla_internal_address }}:{{ keystone_admin_port }}' + public_url='{{ public_protocol }}://{{ kolla_external_address }}:{{ keystone_public_port }}' region_name={{ openstack_region_name }} auth_type=admin_token auth={{ '{{ openstack_keystone_token_auth }}' }}" diff --git a/ansible/roles/kibana/templates/kibana.yml.j2 b/ansible/roles/kibana/templates/kibana.yml.j2 index e144a1b5be..00186c4f4c 100644 --- a/ansible/roles/kibana/templates/kibana.yml.j2 +++ b/ansible/roles/kibana/templates/kibana.yml.j2 @@ -1,6 +1,6 @@ port: {{ kibana_port }} host: {{ kibana_host }} -elasticsearch_url: "http://{{ kolla_internal_address }}:{{ elasticsearch_port }}" +elasticsearch_url: "{{ internal_protocol }}://{{ kolla_internal_address }}:{{ elasticsearch_port }}" elasticsearch_preserve_host: {{ elasticsearch_preserve_host }} default_app_id: {{ kibana_app_id }} request_timeout: {{ kibana_request_timeout }} diff --git a/ansible/roles/magnum/tasks/register.yml b/ansible/roles/magnum/tasks/register.yml index a89a124fbc..6e17ccd7ab 100644 --- a/ansible/roles/magnum/tasks/register.yml +++ b/ansible/roles/magnum/tasks/register.yml @@ -6,9 +6,9 @@ service_type=container description='Openstack Container Service' endpoint_region={{ openstack_region_name }} - admin_url='http://{{ kolla_internal_address }}:{{ magnum_api_port }}/v1' - internal_url='http://{{ kolla_internal_address }}:{{ magnum_api_port }}/v1' - public_url='http://{{ kolla_external_address }}:{{ magnum_api_port }}/v1' + admin_url='{{ admin_protocol }}://{{ kolla_internal_address }}:{{ magnum_api_port }}/v1' + internal_url='{{ internal_protocol }}://{{ kolla_internal_address }}:{{ magnum_api_port }}/v1' + public_url='{{ public_protocol }}://{{ kolla_external_address }}:{{ magnum_api_port }}/v1' region_name={{ openstack_region_name }} auth={{ '{{ openstack_magnum_auth }}' }}" -e "{'openstack_magnum_auth':{{ openstack_magnum_auth }}}" diff --git a/ansible/roles/magnum/templates/magnum.conf.j2 b/ansible/roles/magnum/templates/magnum.conf.j2 index 44f9c07ad7..6a25720649 100644 --- a/ansible/roles/magnum/templates/magnum.conf.j2 +++ b/ansible/roles/magnum/templates/magnum.conf.j2 @@ -17,8 +17,8 @@ connection = mysql+pymysql://{{ magnum_database_user }}:{{ magnum_database_passw region_name = {{ openstack_region_name }} [keystone_authtoken] -auth_uri = http://{{ kolla_internal_address }}:{{ keystone_public_port }} -auth_url = http://{{ kolla_internal_address }}:{{ keystone_admin_port }} +auth_uri = {{ internal_protocol }}://{{ kolla_internal_address }}:{{ keystone_public_port }} +auth_url = {{ admin_protocol }}://{{ kolla_internal_address }}:{{ keystone_admin_port }} auth_type = password project_domain_id = default user_domain_id = default @@ -27,8 +27,8 @@ username = {{ magnum_keystone_user }} password = {{ magnum_keystone_password }} [trustee] -auth_uri = http://{{ kolla_internal_address }}:{{ keystone_public_port }} -auth_url = http://{{ kolla_internal_address }}:{{ keystone_admin_port }} +auth_uri = {{ internal_protocol }}://{{ kolla_internal_address }}:{{ keystone_public_port }} +auth_url = {{ admin_protocol }}://{{ kolla_internal_address }}:{{ keystone_admin_port }} auth_type = password project_domain_id = default user_domain_id = default diff --git a/ansible/roles/mistral/tasks/register.yml b/ansible/roles/mistral/tasks/register.yml index 5ffbaf1b5c..5994ccb856 100644 --- a/ansible/roles/mistral/tasks/register.yml +++ b/ansible/roles/mistral/tasks/register.yml @@ -6,9 +6,9 @@ service_type=application_catalog description='Openstack Application Catalog' endpoint_region={{ openstack_region_name }} - admin_url='http://{{ kolla_internal_address }}:{{ mistral_api_port }}' - internal_url='http://{{ kolla_internal_address }}:{{ mistral_api_port }}' - public_url='http://{{ kolla_external_address }}:{{ mistral_api_port }}' + admin_url='{{ admin_protocol }}://{{ kolla_internal_address }}:{{ mistral_api_port }}' + internal_url='{{ internal_protocol }}://{{ kolla_internal_address }}:{{ mistral_api_port }}' + public_url='{{ public_protocol }}://{{ kolla_external_address }}:{{ mistral_api_port }}' region_name={{ openstack_region_name }} auth={{ '{{ openstack_mistral_auth }}' }}" -e "{'openstack_mistral_auth':{{ openstack_mistral_auth }}}" diff --git a/ansible/roles/mistral/templates/mistral.conf.j2 b/ansible/roles/mistral/templates/mistral.conf.j2 index 24781f7ff0..1c2f24c0a6 100644 --- a/ansible/roles/mistral/templates/mistral.conf.j2 +++ b/ansible/roles/mistral/templates/mistral.conf.j2 @@ -14,8 +14,8 @@ bind_port = {{ mistral_api_port }} connection = mysql+pymysql://{{ mistral_database_user }}:{{ mistral_database_password }}@{{ mistral_database_address }}/{{ mistral_database_name }} [keystone_authtoken] -auth_uri = http://{{ kolla_internal_address }}:{{ keystone_public_port }} -auth_url = http://{{ kolla_internal_address }}:{{ keystone_admin_port }} +auth_uri = {{ internal_protocol }}://{{ kolla_internal_address }}:{{ keystone_public_port }} +auth_url = {{ admin_protocol }}://{{ kolla_internal_address }}:{{ keystone_admin_port }} auth_type = password project_domain_id = default user_domain_id = default @@ -24,7 +24,7 @@ username = {{ mistral_keystone_user }} password = {{ mistral_keystone_password }} [mistral] -url = http://{{ kolla_internal_address }}:{{ mistral_api_port }} +url = {{ internal_protocol }}://{{ kolla_internal_address }}:{{ mistral_api_port }} [oslo_messaging_rabbit] rabbit_userid = {{ rabbitmq_user }} diff --git a/ansible/roles/murano/tasks/register.yml b/ansible/roles/murano/tasks/register.yml index 2d99fa0831..2872cc76e7 100644 --- a/ansible/roles/murano/tasks/register.yml +++ b/ansible/roles/murano/tasks/register.yml @@ -6,9 +6,9 @@ service_type=application_catalog description='Openstack Application Catalogue' endpoint_region={{ openstack_region_name }} - admin_url='http://{{ kolla_internal_address }}:{{ murano_api_port }}' - internal_url='http://{{ kolla_internal_address }}:{{ murano_api_port }}' - public_url='http://{{ kolla_external_address }}:{{ murano_api_port }}' + admin_url='{{ admin_protocol }}://{{ kolla_internal_address }}:{{ murano_api_port }}' + internal_url='{{ internal_protocol }}://{{ kolla_internal_address }}:{{ murano_api_port }}' + public_url='{{ public_protocol }}://{{ kolla_external_address }}:{{ murano_api_port }}' region_name={{ openstack_region_name }} auth={{ '{{ openstack_murano_auth }}' }}" -e "{'openstack_murano_auth':{{ openstack_murano_auth }}}" diff --git a/ansible/roles/murano/templates/murano.conf.j2 b/ansible/roles/murano/templates/murano.conf.j2 index 6af9b47518..e0bdda1372 100644 --- a/ansible/roles/murano/templates/murano.conf.j2 +++ b/ansible/roles/murano/templates/murano.conf.j2 @@ -14,8 +14,8 @@ bind_port = {{ murano_api_port }} connection = mysql+pymysql://{{ murano_database_user }}:{{ murano_database_password }}@{{ murano_database_address }}/{{ murano_database_name }} [keystone_authtoken] -auth_uri = http://{{ kolla_internal_address }}:{{ keystone_public_port }} -auth_url = http://{{ kolla_internal_address }}:{{ keystone_admin_port }} +auth_uri = {{ internal_protocol }}://{{ kolla_internal_address }}:{{ keystone_public_port }} +auth_url = {{ admin_protocol }}://{{ kolla_internal_address }}:{{ keystone_admin_port }} auth_type = password project_domain_id = default user_domain_id = default @@ -24,7 +24,7 @@ username = {{ murano_keystone_user }} password = {{ murano_keystone_password }} [murano] -url = http://{{ kolla_internal_address }}:{{ murano_api_port }} +url = {{ internal_protocol }}://{{ kolla_internal_address }}:{{ murano_api_port }} [oslo_messaging_rabbit] rabbit_userid = {{ rabbitmq_user }} diff --git a/ansible/roles/neutron/tasks/register.yml b/ansible/roles/neutron/tasks/register.yml index 2c2c56be8d..d400d6ca7f 100644 --- a/ansible/roles/neutron/tasks/register.yml +++ b/ansible/roles/neutron/tasks/register.yml @@ -6,9 +6,9 @@ service_type=network description='Openstack Networking' endpoint_region={{ openstack_region_name }} - admin_url='http://{{ kolla_internal_address }}:{{ neutron_server_port }}' - internal_url='http://{{ kolla_internal_address }}:{{ neutron_server_port }}' - public_url='http://{{ kolla_external_address }}:{{ neutron_server_port }}' + admin_url='{{ admin_protocol }}://{{ kolla_internal_address }}:{{ neutron_server_port }}' + internal_url='{{ internal_protocol }}://{{ kolla_internal_address }}:{{ neutron_server_port }}' + public_url='{{ public_protocol }}://{{ kolla_external_address }}:{{ neutron_server_port }}' region_name={{ openstack_region_name }} auth={{ '{{ openstack_neutron_auth }}' }}" -e "{'openstack_neutron_auth':{{ openstack_neutron_auth }}}" diff --git a/ansible/roles/neutron/templates/neutron.conf.j2 b/ansible/roles/neutron/templates/neutron.conf.j2 index 5779ebc3bb..8db961e8e8 100644 --- a/ansible/roles/neutron/templates/neutron.conf.j2 +++ b/ansible/roles/neutron/templates/neutron.conf.j2 @@ -31,7 +31,7 @@ core_plugin = ml2 service_plugins = router [nova] -auth_url = http://{{ kolla_internal_address }}:{{ keystone_admin_port }} +auth_url = {{ internal_protocol }}://{{ kolla_internal_address }}:{{ keystone_admin_port }} auth_type = password project_domain_id = default user_domain_id = default @@ -56,8 +56,8 @@ root_helper = sudo neutron-rootwrap /etc/neutron/rootwrap.conf connection = mysql+pymysql://{{ neutron_database_user }}:{{ neutron_database_password }}@{{ neutron_database_address }}/{{ neutron_database_name }} [keystone_authtoken] -auth_uri = http://{{ kolla_internal_address }}:{{ keystone_public_port }} -auth_url = http://{{ kolla_internal_address }}:{{ keystone_admin_port }} +auth_uri = {{ internal_protocol }}://{{ kolla_internal_address }}:{{ keystone_public_port }} +auth_url = {{ admin_protocol }}://{{ kolla_internal_address }}:{{ keystone_admin_port }} auth_type = password project_domain_id = default user_domain_id = default diff --git a/ansible/roles/nova/tasks/register.yml b/ansible/roles/nova/tasks/register.yml index 43f475d63d..95f0f968dd 100644 --- a/ansible/roles/nova/tasks/register.yml +++ b/ansible/roles/nova/tasks/register.yml @@ -6,9 +6,9 @@ service_type=compute description='Openstack Compute' endpoint_region={{ openstack_region_name }} - admin_url='http://{{ kolla_internal_address }}:{{ nova_api_port }}/v2/%(tenant_id)s' - internal_url='http://{{ kolla_internal_address }}:{{ nova_api_port }}/v2/%(tenant_id)s' - public_url='http://{{ kolla_external_address }}:{{ nova_api_port }}/v2/%(tenant_id)s' + admin_url='{{ admin_protocol }}://{{ kolla_internal_address }}:{{ nova_api_port }}/v2/%(tenant_id)s' + internal_url='{{ internal_protocol }}://{{ kolla_internal_address }}:{{ nova_api_port }}/v2/%(tenant_id)s' + public_url='{{ public_protocol }}://{{ kolla_external_address }}:{{ nova_api_port }}/v2/%(tenant_id)s' region_name={{ openstack_region_name }} auth={{ '{{ openstack_nova_auth }}' }}" -e "{'openstack_nova_auth':{{ openstack_nova_auth }}}" diff --git a/ansible/roles/nova/templates/nova.conf.j2 b/ansible/roles/nova/templates/nova.conf.j2 index f5021fdd7a..e99c80209b 100644 --- a/ansible/roles/nova/templates/nova.conf.j2 +++ b/ansible/roles/nova/templates/nova.conf.j2 @@ -60,7 +60,7 @@ novncproxy_port = {{ nova_novncproxy_port }} vncserver_listen = {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }} vncserver_proxyclient_address = {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }} {% if inventory_hostname in groups['compute'] %} -novncproxy_base_url = http://{{ kolla_internal_address }}:{{ nova_novncproxy_port }}/vnc_auto.html +novncproxy_base_url = {{ internal_protocol }}://{{ kolla_internal_address }}:{{ nova_novncproxy_port }}/vnc_auto.html {% endif %} {% elif nova_console == 'spice' %} [vnc] @@ -70,7 +70,7 @@ enabled = false server_listen = {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }} server_proxyclient_address = {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }} {% if inventory_hostname in groups['compute'] %} -html5proxy_base_url = http://{{ kolla_internal_address }}:{{ nova_spicehtml5proxy_port }}/spice_auto.html +html5proxy_base_url = {{ internal_protocol }}://{{ kolla_internal_address }}:{{ nova_spicehtml5proxy_port }}/spice_auto.html {% endif %} html5proxy_host = {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }} html5proxy_port = {{ nova_spicehtml5proxy_port }} @@ -83,7 +83,7 @@ admin_username = {{ ironic_keystone_user }} admin_password = {{ ironic_keystone_password }} admin_url = {{ openstack_auth_v2.auth_url }} admin_tenant_name = service -api_endpoint = http://{{ kolla_internal_address }}:{{ ironic_api_port }}/v1 +api_endpoint = {{ internal_protocol }}://{{ kolla_internal_address }}:{{ ironic_api_port }}/v1 {% endif %} [oslo_messaging_rabbit] @@ -109,12 +109,12 @@ num_retries = {{ groups['glance-api'] | length }} catalog_info = volume:cinder:internalURL [neutron] -url = http://{{ kolla_internal_address }}:{{ neutron_server_port }} +url = {{ internal_protocol }}://{{ kolla_internal_address }}:{{ neutron_server_port }} auth_strategy = keystone metadata_proxy_shared_secret = {{ metadata_secret }} service_metadata_proxy = true -auth_url = http://{{ kolla_internal_address }}:{{ keystone_admin_port }} +auth_url = {{ admin_protocol }}://{{ kolla_internal_address }}:{{ keystone_admin_port }} auth_plugin = password project_domain_name = default user_domain_id = default @@ -129,8 +129,8 @@ connection = mysql+pymysql://{{ nova_database_user }}:{{ nova_database_password connection = mysql+pymysql://{{ nova_api_database_user }}:{{ nova_api_database_password }}@{{ nova_api_database_address }}/{{ nova_api_database_name }} [keystone_authtoken] -auth_uri = http://{{ kolla_internal_address }}:{{ keystone_public_port }} -auth_url = http://{{ kolla_internal_address }}:{{ keystone_admin_port }} +auth_uri = {{ internal_protocol }}://{{ kolla_internal_address }}:{{ keystone_public_port }} +auth_url = {{ admin_protocol }}://{{ kolla_internal_address }}:{{ keystone_admin_port }} auth_type = password project_domain_id = default user_domain_id = default diff --git a/ansible/roles/swift/tasks/register.yml b/ansible/roles/swift/tasks/register.yml index f26156893f..27e558a857 100644 --- a/ansible/roles/swift/tasks/register.yml +++ b/ansible/roles/swift/tasks/register.yml @@ -6,9 +6,9 @@ service_type=object-store description='Openstack Object Storage' endpoint_region={{ openstack_region_name }} - admin_url='http://{{ kolla_internal_address }}:{{ swift_proxy_server_port }}' - internal_url='http://{{ kolla_internal_address }}:{{ swift_proxy_server_port }}/v1/AUTH_%(tenant_id)s' - public_url='http://{{ kolla_external_address }}:{{ swift_proxy_server_port }}/v1/AUTH_%(tenant_id)s' + admin_url='{{ admin_protocol }}://{{ kolla_internal_address }}:{{ swift_proxy_server_port }}' + internal_url='{{ internal_protocol }}://{{ kolla_internal_address }}:{{ swift_proxy_server_port }}/v1/AUTH_%(tenant_id)s' + public_url='{{ public_protocol }}://{{ kolla_external_address }}:{{ swift_proxy_server_port }}/v1/AUTH_%(tenant_id)s' region_name={{ openstack_region_name }} auth={{ '{{ openstack_swift_auth }}' }}" -e "{'openstack_swift_auth':{{ openstack_swift_auth }}}" diff --git a/ansible/roles/swift/templates/proxy-server.conf.j2 b/ansible/roles/swift/templates/proxy-server.conf.j2 index cea708a953..71a15c8a7f 100644 --- a/ansible/roles/swift/templates/proxy-server.conf.j2 +++ b/ansible/roles/swift/templates/proxy-server.conf.j2 @@ -29,8 +29,8 @@ use = egg:swift#proxy_logging [filter:authtoken] paste.filter_factory = keystonemiddleware.auth_token:filter_factory -auth_uri = http://{{ kolla_internal_address }}:{{ keystone_public_port }} -auth_url = http://{{ kolla_internal_address }}:{{ keystone_admin_port }} +auth_uri = {{ internal_protocol }}://{{ kolla_internal_address }}:{{ keystone_public_port }} +auth_url = {{ admin_protocol }}://{{ kolla_internal_address }}:{{ keystone_admin_port }} auth_type = password project_domain_id = default user_domain_id = default diff --git a/dev/vagrant/centos-bootstrap.sh b/dev/vagrant/centos-bootstrap.sh index bac332768c..83d10c0740 100644 --- a/dev/vagrant/centos-bootstrap.sh +++ b/dev/vagrant/centos-bootstrap.sh @@ -19,6 +19,7 @@ else SUPPORT_NODE=support01 fi REGISTRY=operator.local:${REGISTRY_PORT} +ADMIN_PROTOCOL="http" # Install common packages and do some prepwork. function prep_work { @@ -118,7 +119,7 @@ EOF # The openrc file. cat > ~vagrant/openrc <