Fix keystone auth_uri and auth_url
Post [1] we cannot use auth_uri/auth_url containing :5000, :35357.
Update keystone auth_uri and auth_url in magnum.conf to connect
with keystone using /identity/v3 and /identity_admin/v3.
[1] https://review.openstack.org/#/c/456344/
Change-Id: I5d69e7454cf8a5e8c92ff23b6c932184d82e8a98
devstack: Allow access to ports 80 and 443
So far, we were allowing access to port 5000 for keystone.
When devstack siwtched to uwsgi we couldn't access keystone
anymore.
Co-Authored-By: Spyros Trigazis <strigazi@gmail.com>
Change-Id: I4d3d482889fd9f6119ceec81757abac9d1251a97
(cherry picked from commit 530d225fcd
)
This commit is contained in:
parent
1a685113d8
commit
1881152217
|
@ -150,9 +150,9 @@ function create_magnum_conf {
|
||||||
|
|
||||||
configure_auth_token_middleware $MAGNUM_CONF magnum $MAGNUM_AUTH_CACHE_DIR
|
configure_auth_token_middleware $MAGNUM_CONF magnum $MAGNUM_AUTH_CACHE_DIR
|
||||||
|
|
||||||
iniset $MAGNUM_CONF keystone_auth auth_url $KEYSTONE_SERVICE_URI/v3
|
iniset $MAGNUM_CONF keystone_auth auth_url $KEYSTONE_AUTH_URI_V3
|
||||||
iniset $MAGNUM_CONF keystone_authtoken auth_uri \
|
iniset $MAGNUM_CONF keystone_authtoken auth_uri $KEYSTONE_SERVICE_URI_V3
|
||||||
${KEYSTONE_SERVICE_PROTOCOL}://${HOST_IP}:${KEYSTONE_SERVICE_PORT}/v3
|
iniset $MAGNUM_CONF keystone_authtoken auth_url $KEYSTONE_AUTH_URI_V3
|
||||||
iniset $MAGNUM_CONF keystone_authtoken auth_version v3
|
iniset $MAGNUM_CONF keystone_authtoken auth_version v3
|
||||||
|
|
||||||
if is_fedora || is_suse; then
|
if is_fedora || is_suse; then
|
||||||
|
@ -330,7 +330,9 @@ function configure_iptables {
|
||||||
sudo iptables -t nat -A POSTROUTING -o $OBOUND_DEV -j MASQUERADE
|
sudo iptables -t nat -A POSTROUTING -o $OBOUND_DEV -j MASQUERADE
|
||||||
# bay nodes will access magnum-api (port $MAGNUM_SERVICE_PORT) to get CA certificate.
|
# bay nodes will access magnum-api (port $MAGNUM_SERVICE_PORT) to get CA certificate.
|
||||||
sudo iptables -I INPUT -d $HOST_IP -p tcp --dport $MAGNUM_SERVICE_PORT -j ACCEPT || true
|
sudo iptables -I INPUT -d $HOST_IP -p tcp --dport $MAGNUM_SERVICE_PORT -j ACCEPT || true
|
||||||
sudo iptables -I INPUT -d $HOST_IP -p tcp --dport $KEYSTONE_SERVICE_PORT -j ACCEPT || true
|
# allow access to keystone etc (http and https)
|
||||||
|
sudo iptables -I INPUT -d $HOST_IP -p tcp --dport 80 -j ACCEPT || true
|
||||||
|
sudo iptables -I INPUT -d $HOST_IP -p tcp --dport 443 -j ACCEPT || true
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -69,6 +69,7 @@ function create_test_data {
|
||||||
local magnum_api_ip=$(iniget /etc/magnum/magnum.conf api host)
|
local magnum_api_ip=$(iniget /etc/magnum/magnum.conf api host)
|
||||||
local magnum_api_port=$(iniget /etc/magnum/magnum.conf api port)
|
local magnum_api_port=$(iniget /etc/magnum/magnum.conf api port)
|
||||||
local magnum_url="http://"$magnum_api_ip":"$magnum_api_port"/v1"
|
local magnum_url="http://"$magnum_api_ip":"$magnum_api_port"/v1"
|
||||||
|
local keystone_auth_url=$(iniget /etc/magnum/magnum.conf keystone_authtoken auth_uri)
|
||||||
|
|
||||||
# pass the appropriate variables via a config file
|
# pass the appropriate variables via a config file
|
||||||
CREDS_FILE=$MAGNUM_DIR/functional_creds.conf
|
CREDS_FILE=$MAGNUM_DIR/functional_creds.conf
|
||||||
|
@ -76,7 +77,7 @@ function create_test_data {
|
||||||
# Credentials for functional testing
|
# Credentials for functional testing
|
||||||
|
|
||||||
[auth]
|
[auth]
|
||||||
auth_url = $OS_AUTH_URL
|
auth_url = $keystone_auth_url
|
||||||
magnum_url = $magnum_url
|
magnum_url = $magnum_url
|
||||||
username = $OS_USERNAME
|
username = $OS_USERNAME
|
||||||
project_name = $OS_PROJECT_NAME
|
project_name = $OS_PROJECT_NAME
|
||||||
|
|
Loading…
Reference in New Issue