Use variables to specify http or https when constructing URLs

To allow for TLS to protect the service endpoints, the protocol in the URLs for the endpoints will be either http or https. This patch removes the hardcoded values of http and replaces them with variables that can be adjusted accordingly in future patches. Change-Id: Ibca6f8aac09c65115d1ac9957410e7f81ac7671e Partially-implements: blueprint ssl-kolla
2016-02-12 12:37:13 -05:00 · 2016-02-12 12:37:13 -05:00 · 1cedf77f19
parent 9376751d39
commit 1cedf77f19
28 changed files with 91 additions and 86 deletions
--- a/ansible/group_vars/all.yml
+++ b/ansible/group_vars/all.yml
@ -128,6 +128,10 @@ mistral_api_port: "8989"
 kibana_port: "5601"
 elasticsearch_port: "9200"

+public_protocol: "http"
+internal_protocol: "http"
+admin_protocol: "http"
+
 ####################
 # Openstack options
 ####################
@ -145,7 +149,7 @@ nova_console: "novnc"
 # Openstack authentication string. You should only need to override these if you
 # are changing the admin tenant/project or user.
 openstack_auth:
-    auth_url: "http://{{ kolla_internal_address }}:{{ keystone_admin_port }}"
+    auth_url: "{{ admin_protocol }}://{{ kolla_internal_address }}:{{ keystone_admin_port }}"
    username: "admin"
    password: "{{ keystone_admin_password }}"
    project_name: "admin"
@ -153,7 +157,7 @@ openstack_auth:
 # This shouldn't be needed for long. It is only temporary until we get the
 # ansible modules sorted out
 openstack_auth_v2:
-    auth_url: "http://{{ kolla_internal_address }}:{{ keystone_admin_port }}/v2.0"
+    auth_url: "{{ admin_protocol }}://{{ kolla_internal_address }}:{{ keystone_admin_port }}/v2.0"
    username: "admin"
    password: "{{ keystone_admin_password }}"
    project_name: "admin"
--- a/ansible/roles/cinder/tasks/register.yml
+++ b/ansible/roles/cinder/tasks/register.yml
@ -6,9 +6,9 @@
        service_type=volume
        description='Openstack Block Storage'
        endpoint_region={{ openstack_region_name }}
-        admin_url='http://{{ kolla_internal_address }}:{{ cinder_api_port }}/v2/%(tenant_id)s'
-        internal_url='http://{{ kolla_internal_address }}:{{ cinder_api_port }}/v2/%(tenant_id)s'
-        public_url='http://{{ kolla_external_address }}:{{ cinder_api_port }}/v2/%(tenant_id)s'
+        admin_url='{{ admin_protocol }}://{{ kolla_internal_address }}:{{ cinder_api_port }}/v2/%(tenant_id)s'
+        internal_url='{{ internal_protocol }}://{{ kolla_internal_address }}:{{ cinder_api_port }}/v2/%(tenant_id)s'
+        public_url='{{ public_protocol }}://{{ kolla_external_address }}:{{ cinder_api_port }}/v2/%(tenant_id)s'
        region_name={{ openstack_region_name }}
        auth={{ '{{ openstack_cinder_auth }}' }}"
    -e  "{'openstack_cinder_auth':{{ openstack_cinder_auth }}}"
@ -26,9 +26,9 @@
        service_type=volumev2
        description='Openstack Block Storage'
        endpoint_region={{ openstack_region_name }}
-        admin_url='http://{{ kolla_internal_address }}:{{ cinder_api_port }}/v2/%(tenant_id)s'
-        internal_url='http://{{ kolla_internal_address }}:{{ cinder_api_port }}/v2/%(tenant_id)s'
-        public_url='http://{{ kolla_external_address }}:{{ cinder_api_port }}/v2/%(tenant_id)s'
+        admin_url='{{ admin_protocol }}://{{ kolla_internal_address }}:{{ cinder_api_port }}/v2/%(tenant_id)s'
+        internal_url='{{ internal_protocol }}://{{ kolla_internal_address }}:{{ cinder_api_port }}/v2/%(tenant_id)s'
+        public_url='{{ public_protocol }}://{{ kolla_external_address }}:{{ cinder_api_port }}/v2/%(tenant_id)s'
        region_name={{ openstack_region_name }}
        auth={{ '{{ openstack_cinder_auth }}' }}"
    -e  "{'openstack_cinder_auth':{{ openstack_cinder_auth }}}"
--- a/ansible/roles/cinder/templates/cinder.conf.j2
+++ b/ansible/roles/cinder/templates/cinder.conf.j2
@ -7,7 +7,7 @@ syslog_log_facility = LOG_LOCAL0
 enable_v1_api=false
 volume_name_template = %s

-glance_api_servers = http://{{ kolla_internal_address }}:{{ glance_api_port }}
+glance_api_servers = {{ internal_protocol }}://{{ kolla_internal_address }}:{{ glance_api_port }}
 glance_api_version = 2

 os_region_name = {{ openstack_region_name }}
@ -43,8 +43,8 @@ auth_strategy = keystone
 connection = mysql+pymysql://{{ cinder_database_user }}:{{ cinder_database_password }}@{{ cinder_database_address }}/{{ cinder_database_name }}

 [keystone_authtoken]
-auth_uri = http://{{ kolla_internal_address }}:{{ keystone_public_port }}
-auth_url = http://{{ kolla_internal_address }}:{{ keystone_admin_port }}
+auth_uri = {{ internal_protocol }}://{{ kolla_internal_address }}:{{ keystone_public_port }}
+auth_url = {{ admin_protocol }}://{{ kolla_internal_address }}:{{ keystone_admin_port }}
 auth_type = password
 project_domain_id = default
 user_domain_id = default
--- a/ansible/roles/common/templates/admin-openrc.sh.j2
+++ b/ansible/roles/common/templates/admin-openrc.sh.j2
@ -4,5 +4,5 @@ export OS_PROJECT_NAME=admin
 export OS_TENANT_NAME=admin
 export OS_USERNAME=admin
 export OS_PASSWORD={{ keystone_admin_password }}
-export OS_AUTH_URL=http://{{ kolla_internal_address }}:{{ keystone_admin_port }}/v3
+export OS_AUTH_URL={{ admin_protocol }}://{{ kolla_internal_address }}:{{ keystone_admin_port }}/v3
 export OS_IDENTITY_API_VERSION=3
--- a/ansible/roles/glance/tasks/register.yml
+++ b/ansible/roles/glance/tasks/register.yml
@ -6,9 +6,9 @@
        service_type=image
        description='Openstack Image'
        endpoint_region={{ openstack_region_name }}
-        admin_url='http://{{ kolla_internal_address }}:{{ glance_api_port }}'
-        internal_url='http://{{ kolla_internal_address }}:{{ glance_api_port }}'
-        public_url='http://{{ kolla_external_address }}:{{ glance_api_port }}'
+        admin_url='{{ admin_protocol }}://{{ kolla_internal_address }}:{{ glance_api_port }}'
+        internal_url='{{ internal_protocol }}://{{ kolla_internal_address }}:{{ glance_api_port }}'
+        public_url='{{ public_protocol }}://{{ kolla_external_address }}:{{ glance_api_port }}'
        region_name={{ openstack_region_name }}
        auth={{ '{{ openstack_glance_auth }}' }}"
    -e "{'openstack_glance_auth':{{ openstack_glance_auth }}}"
--- a/ansible/roles/glance/templates/glance-api.conf.j2
+++ b/ansible/roles/glance/templates/glance-api.conf.j2
@ -18,8 +18,8 @@ show_image_direct_url= True
 connection = mysql+pymysql://{{ glance_database_user }}:{{ glance_database_password }}@{{ glance_database_address }}/{{ glance_database_name }}

 [keystone_authtoken]
-auth_uri = http://{{ kolla_internal_address }}:{{ keystone_public_port }}
-auth_url = http://{{ kolla_internal_address }}:{{ keystone_admin_port }}
+auth_uri = {{ internal_protocol }}://{{ kolla_internal_address }}:{{ keystone_public_port }}
+auth_url = {{ admin_protocol }}://{{ kolla_internal_address }}:{{ keystone_admin_port }}
 auth_type = password
 project_domain_id = default
 user_domain_id = default
--- a/ansible/roles/glance/templates/glance-registry.conf.j2
+++ b/ansible/roles/glance/templates/glance-registry.conf.j2
@ -12,8 +12,8 @@ syslog_log_facility = LOG_LOCAL0
 connection = mysql+pymysql://{{ glance_database_user }}:{{ glance_database_password }}@{{ glance_database_address }}/{{ glance_database_name }}

 [keystone_authtoken]
-auth_uri = http://{{ kolla_internal_address }}:{{ keystone_public_port }}
-auth_url = http://{{ kolla_internal_address }}:{{ keystone_admin_port }}
+auth_uri = {{ internal_protocol }}://{{ kolla_internal_address }}:{{ keystone_public_port }}
+auth_url = {{ admin_protocol }}://{{ kolla_internal_address }}:{{ keystone_admin_port }}
 auth_type = password
 project_domain_id = default
 user_domain_id = default
--- a/ansible/roles/heat/tasks/register.yml
+++ b/ansible/roles/heat/tasks/register.yml
@ -6,9 +6,9 @@
        service_type=orchestration
        description='Openstack Orchestration'
        endpoint_region={{ openstack_region_name }}
-        admin_url='http://{{ kolla_internal_address }}:{{ heat_api_port }}/v1/%(tenant_id)s'
-        internal_url='http://{{ kolla_internal_address }}:{{ heat_api_port }}/v1/%(tenant_id)s'
-        public_url='http://{{ kolla_external_address }}:{{ heat_api_port }}/v1/%(tenant_id)s'
+        admin_url='{{ admin_protocol }}://{{ kolla_internal_address }}:{{ heat_api_port }}/v1/%(tenant_id)s'
+        internal_url='{{ internal_protocol }}://{{ kolla_internal_address }}:{{ heat_api_port }}/v1/%(tenant_id)s'
+        public_url='{{ public_protocol }}://{{ kolla_external_address }}:{{ heat_api_port }}/v1/%(tenant_id)s'
        region_name={{ openstack_region_name }}
        auth={{ '{{ openstack_heat_auth }}' }}"
    -e "{'openstack_heat_auth':{{ openstack_heat_auth }}}"
@ -26,9 +26,9 @@
        service_type=orchestration
        description='Openstack Orchestration'
        endpoint_region={{ openstack_region_name }}
-        admin_url='http://{{ kolla_internal_address }}:{{ heat_api_port }}/v1'
-        internal_url='http://{{ kolla_internal_address }}:{{ heat_api_cfn_port }}/v1'
-        public_url='http://{{ kolla_external_address }}:{{ heat_api_cfn_port }}/v1'
+        admin_url='{{ admin_protocol }}://{{ kolla_internal_address }}:{{ heat_api_port }}/v1'
+        internal_url='{{ internal_protocol }}://{{ kolla_internal_address }}:{{ heat_api_cfn_port }}/v1'
+        public_url='{{ public_protocol }}://{{ kolla_external_address }}:{{ heat_api_cfn_port }}/v1'
        region_name={{ openstack_region_name }}
        auth={{ '{{ openstack_heat_auth }}' }}"
    -e "{'openstack_heat_auth':{{ openstack_heat_auth }}}"
--- a/ansible/roles/heat/templates/heat.conf.j2
+++ b/ansible/roles/heat/templates/heat.conf.j2
@ -1,9 +1,9 @@
 [DEFAULT]
 debug = {{ heat_logging_debug }}

-heat_watch_server_url = http://{{ kolla_external_address }}:{{ heat_api_cfn_port }}
-heat_metadata_server_url = http://{{ kolla_external_address }}:{{ heat_api_cfn_port }}
-heat_waitcondition_server_url = http://{{ kolla_external_address }}:{{ heat_api_cfn_port }}/v1/waitcondition
+heat_watch_server_url = {{ public_protocol }}://{{ kolla_external_address }}:{{ heat_api_cfn_port }}
+heat_metadata_server_url = {{ public_protocol }}://{{ kolla_external_address }}:{{ heat_api_cfn_port }}
+heat_waitcondition_server_url = {{ public_protocol }}://{{ kolla_external_address }}:{{ heat_api_cfn_port }}/v1/waitcondition

 stack_domain_admin = heat_domain_admin
 stack_domain_admin_password = {{ heat_domain_admin_password }}
@ -37,8 +37,8 @@ bind_port = {{ heat_api_cfn_port }}
 connection = mysql+pymysql://{{ heat_database_user }}:{{ heat_database_password }}@{{ heat_database_address }}/{{ heat_database_name }}

 [keystone_authtoken]
-auth_uri = http://{{ kolla_internal_address }}:{{ keystone_public_port }}
-auth_url = http://{{ kolla_internal_address }}:{{ keystone_admin_port }}
+auth_uri = {{ internal_protocol }}://{{ kolla_internal_address }}:{{ keystone_public_port }}
+auth_url = {{ admin_protocol }}://{{ kolla_internal_address }}:{{ keystone_admin_port }}
 auth_type = password
 project_domain_id = default
 user_domain_id = default
@ -47,10 +47,10 @@ username = heat
 password = {{ heat_keystone_password }}

 [ec2authtoken]
-auth_uri = http://{{ kolla_internal_address }}:{{ keystone_public_port }}
+auth_uri = {{ internal_protocol }}://{{ kolla_internal_address }}:{{ keystone_public_port }}

 [clients_keystone]
-auth_uri = http://{{ kolla_internal_address }}:{{ keystone_public_port }}
+auth_uri = {{ internal_protocol }}://{{ kolla_internal_address }}:{{ keystone_public_port }}

 [oslo_messaging_notifications]
 driver = noop
--- a/ansible/roles/horizon/templates/local_settings.j2
+++ b/ansible/roles/horizon/templates/local_settings.j2
@ -148,7 +148,7 @@ EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'
 #]

 OPENSTACK_HOST = "{{ kolla_external_address }}"
-OPENSTACK_KEYSTONE_URL = "http://%s:{{ keystone_public_port }}/v3" % OPENSTACK_HOST
+OPENSTACK_KEYSTONE_URL = "{{ public_protocol }}://%s:{{ keystone_public_port }}/v3" % OPENSTACK_HOST
 OPENSTACK_KEYSTONE_DEFAULT_ROLE = "_member_"

 # Enables keystone web single-sign-on if set to True.
--- a/ansible/roles/ironic/tasks/register.yml
+++ b/ansible/roles/ironic/tasks/register.yml
@ -6,9 +6,9 @@
        service_type=baremetal
        description='Ironic bare metal provisioning service'
        endpoint_region={{ openstack_region_name }}
-        admin_url='http://{{ ironic_admin_address }}:{{ ironic_api_port }}'
-        internal_url='http://{{ ironic_internal_address }}:{{ ironic_api_port }}'
-        public_url='http://{{ ironic_public_address }}:{{ ironic_api_port }}'
+        admin_url='{{ admin_protocol }}://{{ ironic_admin_address }}:{{ ironic_api_port }}'
+        internal_url='{{ internal_protocol }}://{{ ironic_internal_address }}:{{ ironic_api_port }}'
+        public_url='{{ public_protocol }}://{{ ironic_public_address }}:{{ ironic_api_port }}'
        region_name={{ openstack_region_name }}
        auth={{ '{{ openstack_ironic_auth }}' }}"
    -e "{'openstack_ironic_auth':{{ openstack_ironic_auth }}}"
--- a/ansible/roles/ironic/templates/discoverd.conf.j2
+++ b/ansible/roles/ironic/templates/discoverd.conf.j2
@ -1,6 +1,6 @@
 [discoverd]
 database = inspector.sqlite3
-os_auth_url = http://{{ kolla_internal_address }}:{{ keystone_public_port }}/v2.0
+os_auth_url = {{ internal_protocol }}://{{ kolla_internal_address }}:{{ keystone_public_port }}/v2.0
 os_username = {{ openstack_auth.username }}
 os_password = {{ openstack_auth.password }}
 os_tenant_name = {{ openstack_auth.project_name }}
--- a/ansible/roles/ironic/templates/ironic.conf.j2
+++ b/ansible/roles/ironic/templates/ironic.conf.j2
@ -10,7 +10,7 @@ host_ip = {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['a

 {% if service_name == 'ironic-conductor' %}
 [conductor]
-api_url = http://{{ kolla_internal_address }}:{{ ironic_api_port }}
+api_url = {{ internal_protocol }}://{{ kolla_internal_address }}:{{ ironic_api_port }}
 clean_nodes = false
 {% endif %}

@ -18,8 +18,8 @@ clean_nodes = false
 connection = mysql+pymysql://{{ ironic_database_user }}:{{ ironic_database_password }}@{{ ironic_database_address }}/{{ ironic_database_name }}

 [keystone_authtoken]
-auth_uri = http://{{ kolla_internal_address }}:{{ keystone_public_port }}
-auth_url = http://{{ kolla_internal_address }}:{{ keystone_admin_port }}
+auth_uri = {{ internal_protocol }}://{{ kolla_internal_address }}:{{ keystone_public_port }}
+auth_url = {{ admin_protocol }}://{{ kolla_internal_address }}:{{ keystone_admin_port }}
 auth_type = password
 project_domain_id = default
 user_domain_id = default
@ -31,7 +31,7 @@ password = {{ ironic_keystone_password }}
 glance_host = {{ kolla_internal_address }}

 [neutron]
-url = http://{{ kolla_internal_address }}:{{ neutron_server_port }}
+url = {{ internal_protocol }}://{{ kolla_internal_address }}:{{ neutron_server_port }}

 [oslo_messaging_rabbit]
 rabbit_userid = {{ rabbitmq_user }}
--- a/ansible/roles/keystone/tasks/register.yml
+++ b/ansible/roles/keystone/tasks/register.yml
@ -24,9 +24,9 @@
        service_type=identity
        description='Openstack Identity'
        endpoint_region={{ openstack_region_name }}
-        admin_url='http://{{ kolla_internal_address }}:{{ keystone_admin_port }}'
-        internal_url='http://{{ kolla_internal_address }}:{{ keystone_admin_port }}'
-        public_url='http://{{ kolla_external_address }}:{{ keystone_public_port }}'
+        admin_url='{{ admin_protocol }}://{{ kolla_internal_address }}:{{ keystone_admin_port }}'
+        internal_url='{{ internal_protocol }}://{{ kolla_internal_address }}:{{ keystone_admin_port }}'
+        public_url='{{ public_protocol }}://{{ kolla_external_address }}:{{ keystone_public_port }}'
        region_name={{ openstack_region_name }}
        auth_type=admin_token
        auth={{ '{{ openstack_keystone_token_auth }}' }}"
--- a/ansible/roles/kibana/templates/kibana.yml.j2
+++ b/ansible/roles/kibana/templates/kibana.yml.j2
@ -1,6 +1,6 @@
 port: {{ kibana_port }}
 host: {{ kibana_host }}
-elasticsearch_url: "http://{{ kolla_internal_address }}:{{ elasticsearch_port }}"
+elasticsearch_url: "{{ internal_protocol }}://{{ kolla_internal_address }}:{{ elasticsearch_port }}"
 elasticsearch_preserve_host: {{ elasticsearch_preserve_host }}
 default_app_id: {{ kibana_app_id }}
 request_timeout: {{ kibana_request_timeout }}
--- a/ansible/roles/magnum/tasks/register.yml
+++ b/ansible/roles/magnum/tasks/register.yml
@ -6,9 +6,9 @@
        service_type=container
        description='Openstack Container Service'
        endpoint_region={{ openstack_region_name }}
-        admin_url='http://{{ kolla_internal_address }}:{{ magnum_api_port }}/v1'
-        internal_url='http://{{ kolla_internal_address }}:{{ magnum_api_port }}/v1'
-        public_url='http://{{ kolla_external_address }}:{{ magnum_api_port }}/v1'
+        admin_url='{{ admin_protocol }}://{{ kolla_internal_address }}:{{ magnum_api_port }}/v1'
+        internal_url='{{ internal_protocol }}://{{ kolla_internal_address }}:{{ magnum_api_port }}/v1'
+        public_url='{{ public_protocol }}://{{ kolla_external_address }}:{{ magnum_api_port }}/v1'
        region_name={{ openstack_region_name }}
        auth={{ '{{ openstack_magnum_auth }}' }}"
    -e "{'openstack_magnum_auth':{{ openstack_magnum_auth }}}"
--- a/ansible/roles/magnum/templates/magnum.conf.j2
+++ b/ansible/roles/magnum/templates/magnum.conf.j2
@ -17,8 +17,8 @@ connection = mysql+pymysql://{{ magnum_database_user }}:{{ magnum_database_passw
 region_name = {{ openstack_region_name }}

 [keystone_authtoken]
-auth_uri = http://{{ kolla_internal_address }}:{{ keystone_public_port }}
-auth_url = http://{{ kolla_internal_address }}:{{ keystone_admin_port }}
+auth_uri = {{ internal_protocol }}://{{ kolla_internal_address }}:{{ keystone_public_port }}
+auth_url = {{ admin_protocol }}://{{ kolla_internal_address }}:{{ keystone_admin_port }}
 auth_type = password
 project_domain_id = default
 user_domain_id = default
@ -27,8 +27,8 @@ username = {{ magnum_keystone_user }}
 password = {{ magnum_keystone_password }}

 [trustee]
-auth_uri = http://{{ kolla_internal_address }}:{{ keystone_public_port }}
-auth_url = http://{{ kolla_internal_address }}:{{ keystone_admin_port }}
+auth_uri = {{ internal_protocol }}://{{ kolla_internal_address }}:{{ keystone_public_port }}
+auth_url = {{ admin_protocol }}://{{ kolla_internal_address }}:{{ keystone_admin_port }}
 auth_type = password
 project_domain_id = default
 user_domain_id = default
--- a/ansible/roles/mistral/tasks/register.yml
+++ b/ansible/roles/mistral/tasks/register.yml
@ -6,9 +6,9 @@
        service_type=application_catalog
        description='Openstack Application Catalog'
        endpoint_region={{ openstack_region_name }}
-        admin_url='http://{{ kolla_internal_address }}:{{ mistral_api_port }}'
-        internal_url='http://{{ kolla_internal_address }}:{{ mistral_api_port }}'
-        public_url='http://{{ kolla_external_address }}:{{ mistral_api_port }}'
+        admin_url='{{ admin_protocol }}://{{ kolla_internal_address }}:{{ mistral_api_port }}'
+        internal_url='{{ internal_protocol }}://{{ kolla_internal_address }}:{{ mistral_api_port }}'
+        public_url='{{ public_protocol }}://{{ kolla_external_address }}:{{ mistral_api_port }}'
        region_name={{ openstack_region_name }}
        auth={{ '{{ openstack_mistral_auth }}' }}"
    -e "{'openstack_mistral_auth':{{ openstack_mistral_auth }}}"
--- a/ansible/roles/mistral/templates/mistral.conf.j2
+++ b/ansible/roles/mistral/templates/mistral.conf.j2
@ -14,8 +14,8 @@ bind_port = {{ mistral_api_port }}
 connection = mysql+pymysql://{{ mistral_database_user }}:{{ mistral_database_password }}@{{ mistral_database_address }}/{{ mistral_database_name }}

 [keystone_authtoken]
-auth_uri = http://{{ kolla_internal_address }}:{{ keystone_public_port }}
-auth_url = http://{{ kolla_internal_address }}:{{ keystone_admin_port }}
+auth_uri = {{ internal_protocol }}://{{ kolla_internal_address }}:{{ keystone_public_port }}
+auth_url = {{ admin_protocol }}://{{ kolla_internal_address }}:{{ keystone_admin_port }}
 auth_type = password
 project_domain_id = default
 user_domain_id = default
@ -24,7 +24,7 @@ username = {{ mistral_keystone_user }}
 password = {{ mistral_keystone_password }}

 [mistral]
-url = http://{{ kolla_internal_address }}:{{ mistral_api_port }}
+url = {{ internal_protocol }}://{{ kolla_internal_address }}:{{ mistral_api_port }}

 [oslo_messaging_rabbit]
 rabbit_userid = {{ rabbitmq_user }}
--- a/ansible/roles/murano/tasks/register.yml
+++ b/ansible/roles/murano/tasks/register.yml
@ -6,9 +6,9 @@
        service_type=application_catalog
        description='Openstack Application Catalogue'
        endpoint_region={{ openstack_region_name }}
-        admin_url='http://{{ kolla_internal_address }}:{{ murano_api_port }}'
-        internal_url='http://{{ kolla_internal_address }}:{{ murano_api_port }}'
-        public_url='http://{{ kolla_external_address }}:{{ murano_api_port }}'
+        admin_url='{{ admin_protocol }}://{{ kolla_internal_address }}:{{ murano_api_port }}'
+        internal_url='{{ internal_protocol }}://{{ kolla_internal_address }}:{{ murano_api_port }}'
+        public_url='{{ public_protocol }}://{{ kolla_external_address }}:{{ murano_api_port }}'
        region_name={{ openstack_region_name }}
        auth={{ '{{ openstack_murano_auth }}' }}"
    -e "{'openstack_murano_auth':{{ openstack_murano_auth }}}"
--- a/ansible/roles/murano/templates/murano.conf.j2
+++ b/ansible/roles/murano/templates/murano.conf.j2
@ -14,8 +14,8 @@ bind_port = {{ murano_api_port }}
 connection = mysql+pymysql://{{ murano_database_user }}:{{ murano_database_password }}@{{ murano_database_address }}/{{ murano_database_name }}

 [keystone_authtoken]
-auth_uri = http://{{ kolla_internal_address }}:{{ keystone_public_port }}
-auth_url = http://{{ kolla_internal_address }}:{{ keystone_admin_port }}
+auth_uri = {{ internal_protocol }}://{{ kolla_internal_address }}:{{ keystone_public_port }}
+auth_url = {{ admin_protocol }}://{{ kolla_internal_address }}:{{ keystone_admin_port }}
 auth_type = password
 project_domain_id = default
 user_domain_id = default
@ -24,7 +24,7 @@ username = {{ murano_keystone_user }}
 password = {{ murano_keystone_password }}

 [murano]
-url = http://{{ kolla_internal_address }}:{{ murano_api_port }}
+url = {{ internal_protocol }}://{{ kolla_internal_address }}:{{ murano_api_port }}

 [oslo_messaging_rabbit]
 rabbit_userid = {{ rabbitmq_user }}
--- a/ansible/roles/neutron/tasks/register.yml
+++ b/ansible/roles/neutron/tasks/register.yml
@ -6,9 +6,9 @@
        service_type=network
        description='Openstack Networking'
        endpoint_region={{ openstack_region_name }}
-        admin_url='http://{{ kolla_internal_address }}:{{ neutron_server_port }}'
-        internal_url='http://{{ kolla_internal_address }}:{{ neutron_server_port }}'
-        public_url='http://{{ kolla_external_address }}:{{ neutron_server_port }}'
+        admin_url='{{ admin_protocol }}://{{ kolla_internal_address }}:{{ neutron_server_port }}'
+        internal_url='{{ internal_protocol }}://{{ kolla_internal_address }}:{{ neutron_server_port }}'
+        public_url='{{ public_protocol }}://{{ kolla_external_address }}:{{ neutron_server_port }}'
        region_name={{ openstack_region_name }}
        auth={{ '{{ openstack_neutron_auth }}' }}"
    -e "{'openstack_neutron_auth':{{ openstack_neutron_auth }}}"
--- a/ansible/roles/neutron/templates/neutron.conf.j2
+++ b/ansible/roles/neutron/templates/neutron.conf.j2
@ -31,7 +31,7 @@ core_plugin = ml2
 service_plugins = router

 [nova]
-auth_url = http://{{ kolla_internal_address }}:{{ keystone_admin_port }}
+auth_url = {{ internal_protocol }}://{{ kolla_internal_address }}:{{ keystone_admin_port }}
 auth_type = password
 project_domain_id = default
 user_domain_id = default
@ -56,8 +56,8 @@ root_helper = sudo neutron-rootwrap /etc/neutron/rootwrap.conf
 connection = mysql+pymysql://{{ neutron_database_user }}:{{ neutron_database_password }}@{{ neutron_database_address }}/{{ neutron_database_name }}

 [keystone_authtoken]
-auth_uri = http://{{ kolla_internal_address }}:{{ keystone_public_port }}
-auth_url = http://{{ kolla_internal_address }}:{{ keystone_admin_port }}
+auth_uri = {{ internal_protocol }}://{{ kolla_internal_address }}:{{ keystone_public_port }}
+auth_url = {{ admin_protocol }}://{{ kolla_internal_address }}:{{ keystone_admin_port }}
 auth_type = password
 project_domain_id = default
 user_domain_id = default
--- a/ansible/roles/nova/tasks/register.yml
+++ b/ansible/roles/nova/tasks/register.yml
@ -6,9 +6,9 @@
        service_type=compute
        description='Openstack Compute'
        endpoint_region={{ openstack_region_name }}
-        admin_url='http://{{ kolla_internal_address }}:{{ nova_api_port }}/v2/%(tenant_id)s'
-        internal_url='http://{{ kolla_internal_address }}:{{ nova_api_port }}/v2/%(tenant_id)s'
-        public_url='http://{{ kolla_external_address }}:{{ nova_api_port }}/v2/%(tenant_id)s'
+        admin_url='{{ admin_protocol }}://{{ kolla_internal_address }}:{{ nova_api_port }}/v2/%(tenant_id)s'
+        internal_url='{{ internal_protocol }}://{{ kolla_internal_address }}:{{ nova_api_port }}/v2/%(tenant_id)s'
+        public_url='{{ public_protocol }}://{{ kolla_external_address }}:{{ nova_api_port }}/v2/%(tenant_id)s'
        region_name={{ openstack_region_name }}
        auth={{ '{{ openstack_nova_auth }}' }}"
    -e "{'openstack_nova_auth':{{ openstack_nova_auth }}}"
--- a/ansible/roles/nova/templates/nova.conf.j2
+++ b/ansible/roles/nova/templates/nova.conf.j2
@ -60,7 +60,7 @@ novncproxy_port = {{ nova_novncproxy_port }}
 vncserver_listen = {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}
 vncserver_proxyclient_address = {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}
 {% if inventory_hostname in groups['compute'] %}
-novncproxy_base_url = http://{{ kolla_internal_address }}:{{ nova_novncproxy_port }}/vnc_auto.html
+novncproxy_base_url = {{ internal_protocol }}://{{ kolla_internal_address }}:{{ nova_novncproxy_port }}/vnc_auto.html
 {% endif %}
 {% elif nova_console == 'spice' %}
 [vnc]
@ -70,7 +70,7 @@ enabled = false
 server_listen = {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}
 server_proxyclient_address = {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}
 {% if inventory_hostname in groups['compute'] %}
-html5proxy_base_url = http://{{ kolla_internal_address }}:{{ nova_spicehtml5proxy_port }}/spice_auto.html
+html5proxy_base_url = {{ internal_protocol }}://{{ kolla_internal_address }}:{{ nova_spicehtml5proxy_port }}/spice_auto.html
 {% endif %}
 html5proxy_host = {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}
 html5proxy_port = {{ nova_spicehtml5proxy_port }}
@ -83,7 +83,7 @@ admin_username = {{ ironic_keystone_user }}
 admin_password = {{ ironic_keystone_password }}
 admin_url = {{ openstack_auth_v2.auth_url }}
 admin_tenant_name = service
-api_endpoint = http://{{ kolla_internal_address }}:{{ ironic_api_port }}/v1
+api_endpoint = {{ internal_protocol }}://{{ kolla_internal_address }}:{{ ironic_api_port }}/v1
 {% endif %}

 [oslo_messaging_rabbit]
@ -109,12 +109,12 @@ num_retries = {{ groups['glance-api'] | length }}
 catalog_info = volume:cinder:internalURL

 [neutron]
-url = http://{{ kolla_internal_address }}:{{ neutron_server_port }}
+url = {{ internal_protocol }}://{{ kolla_internal_address }}:{{ neutron_server_port }}
 auth_strategy = keystone
 metadata_proxy_shared_secret = {{ metadata_secret }}
 service_metadata_proxy = true

-auth_url = http://{{ kolla_internal_address }}:{{ keystone_admin_port }}
+auth_url = {{ admin_protocol }}://{{ kolla_internal_address }}:{{ keystone_admin_port }}
 auth_plugin = password
 project_domain_name = default
 user_domain_id = default
@ -129,8 +129,8 @@ connection = mysql+pymysql://{{ nova_database_user }}:{{ nova_database_password
 connection = mysql+pymysql://{{ nova_api_database_user }}:{{ nova_api_database_password }}@{{ nova_api_database_address }}/{{ nova_api_database_name }}

 [keystone_authtoken]
-auth_uri = http://{{ kolla_internal_address }}:{{ keystone_public_port }}
-auth_url = http://{{ kolla_internal_address }}:{{ keystone_admin_port }}
+auth_uri = {{ internal_protocol }}://{{ kolla_internal_address }}:{{ keystone_public_port }}
+auth_url = {{ admin_protocol }}://{{ kolla_internal_address }}:{{ keystone_admin_port }}
 auth_type = password
 project_domain_id = default
 user_domain_id = default
--- a/ansible/roles/swift/tasks/register.yml
+++ b/ansible/roles/swift/tasks/register.yml
@ -6,9 +6,9 @@
        service_type=object-store
        description='Openstack Object Storage'
        endpoint_region={{ openstack_region_name }}
-        admin_url='http://{{ kolla_internal_address }}:{{ swift_proxy_server_port }}'
-        internal_url='http://{{ kolla_internal_address }}:{{ swift_proxy_server_port }}/v1/AUTH_%(tenant_id)s'
-        public_url='http://{{ kolla_external_address }}:{{ swift_proxy_server_port }}/v1/AUTH_%(tenant_id)s'
+        admin_url='{{ admin_protocol }}://{{ kolla_internal_address }}:{{ swift_proxy_server_port }}'
+        internal_url='{{ internal_protocol }}://{{ kolla_internal_address }}:{{ swift_proxy_server_port }}/v1/AUTH_%(tenant_id)s'
+        public_url='{{ public_protocol }}://{{ kolla_external_address }}:{{ swift_proxy_server_port }}/v1/AUTH_%(tenant_id)s'
        region_name={{ openstack_region_name }}
        auth={{ '{{ openstack_swift_auth }}' }}"
    -e "{'openstack_swift_auth':{{ openstack_swift_auth }}}"
--- a/ansible/roles/swift/templates/proxy-server.conf.j2
+++ b/ansible/roles/swift/templates/proxy-server.conf.j2
@ -29,8 +29,8 @@ use = egg:swift#proxy_logging

 [filter:authtoken]
 paste.filter_factory = keystonemiddleware.auth_token:filter_factory
-auth_uri = http://{{ kolla_internal_address }}:{{ keystone_public_port }}
-auth_url = http://{{ kolla_internal_address }}:{{ keystone_admin_port }}
+auth_uri = {{ internal_protocol }}://{{ kolla_internal_address }}:{{ keystone_public_port }}
+auth_url = {{ admin_protocol }}://{{ kolla_internal_address }}:{{ keystone_admin_port }}
 auth_type = password
 project_domain_id = default
 user_domain_id = default
--- a/dev/vagrant/centos-bootstrap.sh
+++ b/dev/vagrant/centos-bootstrap.sh
@ -19,6 +19,7 @@ else
    SUPPORT_NODE=support01
 fi
 REGISTRY=operator.local:${REGISTRY_PORT}
+ADMIN_PROTOCOL="http"

 # Install common packages and do some prepwork.
 function prep_work {
@ -118,7 +119,7 @@ EOF

    # The openrc file.
    cat > ~vagrant/openrc <<EOF
-export OS_AUTH_URL="http://${SUPPORT_NODE}:35357/v3"
+export OS_AUTH_URL="$(ADMIN_PROTOCOL)://${SUPPORT_NODE}:35357/v3"
 export OS_USERNAME=admin
 export OS_PASSWORD=password
 export OS_TENANT_NAME=admin