cc2dde0854
Horizon and Neutron mistakenly were using keystone_public_url for authentication. This works without error in deployments when the internal services happen to have access to the public network, but it is still wrong. This fails to work when the internal services can not access the public URLs, for example when TLS is enabled on the public endppoints. This patches corrects horizon and neutron to use keystone_internal_url for auth. Change-Id: I59b9094364bef375036028ba86a771dabf28c963 Closes-bug: #1625648
106 lines
3.7 KiB
Django/Jinja
106 lines
3.7 KiB
Django/Jinja
# neutron.conf
|
|
[DEFAULT]
|
|
debug = {{ neutron_logging_debug }}
|
|
|
|
log_dir = /var/log/kolla/neutron
|
|
|
|
# NOTE(elemoine): set use_stderr to False or the logs will also be sent to
|
|
# stderr and collected by Docker
|
|
use_stderr = False
|
|
|
|
bind_host = {{ api_interface_address }}
|
|
bind_port = {{ neutron_server_port }}
|
|
|
|
api_paste_config = /usr/share/neutron/api-paste.ini
|
|
endpoint_type = internalURL
|
|
|
|
api_workers = {{ openstack_service_workers }}
|
|
metadata_works = {{ openstack_service_workers }}
|
|
|
|
# NOTE(SamYaple): We must specify this value here rather than the metadata conf
|
|
# because it is used by the l3 and dhcp agents. The reason the path has 'kolla'
|
|
# in it is because we are sharing this socket in a volume which is it's own dir
|
|
metadata_proxy_socket = /var/lib/neutron/kolla/metadata_proxy
|
|
|
|
{% if neutron_plugin_agent == "openvswitch" %}
|
|
interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
|
|
{% elif neutron_plugin_agent == "linuxbridge" %}
|
|
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
|
|
{% endif %}
|
|
|
|
{% if enable_nova_fake | bool %}
|
|
ovs_integration_bridge = br-int-{{ item }}
|
|
host = {{ ansible_hostname }}_{{ item }}
|
|
{% endif %}
|
|
|
|
allow_overlapping_ips = true
|
|
core_plugin = ml2
|
|
service_plugins = router{% if enable_neutron_lbaas | bool %},neutron_lbaas.services.loadbalancer.plugin.LoadBalancerPluginv2{% endif %}{% if enable_neutron_qos | bool %},qos{% endif %}{% if enable_neutron_vpnaas | bool %},neutron_vpnaas.services.vpn.plugin.VPNDriverPlugin{% endif %}{% if neutron_plugin_agent == "sfc" %}flow_classifier,sfc{% endif %}
|
|
|
|
{% if enable_neutron_agent_ha | bool %}
|
|
dhcp_agents_per_network = {{ dhcp_agents_per_network }}
|
|
l3_ha = true
|
|
max_l3_agents_per_router = {{ max_l3_agents_per_router }}
|
|
min_l3_agents_per_router = {{ min_l3_agents_per_router }}
|
|
{% endif %}
|
|
|
|
transport_url = rabbit://{% for host in groups['rabbitmq'] %}{{ rabbitmq_user }}:{{ rabbitmq_password }}@{% if orchestration_engine == 'KUBERNETES' %}rabbitmq{% else %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}{% endif %}:{{ rabbitmq_port }}{% if not loop.last %},{% endif %}{% endfor %}
|
|
|
|
{% if enable_neutron_dvr | bool %}
|
|
router_distributed = True
|
|
{% endif %}
|
|
|
|
[nova]
|
|
auth_url = {{ keystone_admin_url }}
|
|
auth_type = password
|
|
project_domain_id = default
|
|
user_domain_id = default
|
|
region_name = {{ openstack_region_name }}
|
|
project_name = service
|
|
username = {{ nova_keystone_user }}
|
|
password = {{ nova_keystone_password }}
|
|
endpoint_type = internal
|
|
|
|
[oslo_concurrency]
|
|
lock_path = /var/lib/neutron/tmp
|
|
|
|
[agent]
|
|
root_helper = sudo neutron-rootwrap /etc/neutron/rootwrap.conf
|
|
|
|
[database]
|
|
connection = mysql+pymysql://{{ neutron_database_user }}:{{ neutron_database_password }}@{{ neutron_database_address }}/{{ neutron_database_name }}
|
|
max_retries = -1
|
|
|
|
[keystone_authtoken]
|
|
auth_uri = {{ keystone_internal_url }}
|
|
auth_url = {{ keystone_admin_url }}
|
|
auth_type = password
|
|
project_domain_id = default
|
|
user_domain_id = default
|
|
project_name = service
|
|
username = {{ neutron_keystone_user }}
|
|
password = {{ neutron_keystone_password }}
|
|
|
|
memcache_security_strategy = ENCRYPT
|
|
memcache_secret_key = {{ memcache_secret_key }}
|
|
|
|
{% if orchestration_engine == 'KUBERNETES' %}
|
|
memcache_servers = {{ memcached_servers }}
|
|
{% else %}
|
|
memcached_servers = {% for host in groups['memcached'] %}{% if orchestration_engine == 'KUBERNETES' %}memcached{% else %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}{% endif %}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}
|
|
{% endif %}
|
|
|
|
[oslo_messaging_notifications]
|
|
{% if enable_ceilometer | bool %}
|
|
driver = messagingv2
|
|
topics = notifications
|
|
{% else %}
|
|
driver = noop
|
|
{% endif %}
|
|
|
|
{% if neutron_plugin_agent == "sfc" %}
|
|
[sfc]
|
|
drivers = ovs
|
|
[flowclassifier]
|
|
{% endif %}
|