Browse Source

Fix keystone auth_uri and auth_url

Post [1] we cannot use auth_uri/auth_url containing :5000, :35357.

Update keystone auth_uri and auth_url in magnum.conf to connect
with keystone using /identity/v3 and /identity_admin/v3.

[1] https://review.openstack.org/#/c/456344/

Change-Id: I5d69e7454cf8a5e8c92ff23b6c932184d82e8a98

devstack: Allow access to ports 80 and 443

So far, we were allowing access to port 5000 for keystone.
When devstack siwtched to uwsgi we couldn't access keystone
anymore.

Co-Authored-By: Spyros Trigazis <strigazi@gmail.com>
Change-Id: I4d3d482889fd9f6119ceec81757abac9d1251a97
(cherry picked from commit 530d225fcd)
yatin 2 years ago
parent
commit
1881152217
2 changed files with 8 additions and 5 deletions
  1. 6
    4
      devstack/lib/magnum
  2. 2
    1
      magnum/tests/contrib/post_test_hook.sh

+ 6
- 4
devstack/lib/magnum View File

@@ -150,9 +150,9 @@ function create_magnum_conf {
150 150
 
151 151
     configure_auth_token_middleware $MAGNUM_CONF magnum $MAGNUM_AUTH_CACHE_DIR
152 152
 
153
-    iniset $MAGNUM_CONF keystone_auth auth_url $KEYSTONE_SERVICE_URI/v3
154
-    iniset $MAGNUM_CONF keystone_authtoken auth_uri \
155
-           ${KEYSTONE_SERVICE_PROTOCOL}://${HOST_IP}:${KEYSTONE_SERVICE_PORT}/v3
153
+    iniset $MAGNUM_CONF keystone_auth auth_url $KEYSTONE_AUTH_URI_V3
154
+    iniset $MAGNUM_CONF keystone_authtoken auth_uri $KEYSTONE_SERVICE_URI_V3
155
+    iniset $MAGNUM_CONF keystone_authtoken auth_url $KEYSTONE_AUTH_URI_V3
156 156
     iniset $MAGNUM_CONF keystone_authtoken auth_version v3
157 157
 
158 158
     if is_fedora || is_suse; then
@@ -330,7 +330,9 @@ function configure_iptables {
330 330
         sudo iptables -t nat -A POSTROUTING -o $OBOUND_DEV -j MASQUERADE
331 331
         # bay nodes will access magnum-api (port $MAGNUM_SERVICE_PORT) to get CA certificate.
332 332
         sudo iptables -I INPUT -d $HOST_IP -p tcp --dport $MAGNUM_SERVICE_PORT -j ACCEPT || true
333
-        sudo iptables -I INPUT -d $HOST_IP -p tcp --dport $KEYSTONE_SERVICE_PORT -j ACCEPT || true
333
+        # allow access to keystone etc (http and https)
334
+        sudo iptables -I INPUT -d $HOST_IP -p tcp --dport 80 -j ACCEPT || true
335
+        sudo iptables -I INPUT -d $HOST_IP -p tcp --dport 443 -j ACCEPT || true
334 336
     fi
335 337
 }
336 338
 

+ 2
- 1
magnum/tests/contrib/post_test_hook.sh View File

@@ -69,6 +69,7 @@ function create_test_data {
69 69
     local magnum_api_ip=$(iniget /etc/magnum/magnum.conf api host)
70 70
     local magnum_api_port=$(iniget /etc/magnum/magnum.conf api port)
71 71
     local magnum_url="http://"$magnum_api_ip":"$magnum_api_port"/v1"
72
+    local keystone_auth_url=$(iniget /etc/magnum/magnum.conf keystone_authtoken auth_uri)
72 73
 
73 74
     # pass the appropriate variables via a config file
74 75
     CREDS_FILE=$MAGNUM_DIR/functional_creds.conf
@@ -76,7 +77,7 @@ function create_test_data {
76 77
 # Credentials for functional testing
77 78
 
78 79
 [auth]
79
-auth_url = $OS_AUTH_URL
80
+auth_url = $keystone_auth_url
80 81
 magnum_url = $magnum_url
81 82
 username = $OS_USERNAME
82 83
 project_name = $OS_PROJECT_NAME

Loading…
Cancel
Save