Fix keystone auth_uri and auth_url

Post [1] we cannot use auth_uri/auth_url containing :5000, :35357. Update keystone auth_uri and auth_url in magnum.conf to connect with keystone using /identity/v3 and /identity_admin/v3. [1] https://review.openstack.org/#/c/456344/ Change-Id: I5d69e7454cf8a5e8c92ff23b6c932184d82e8a98 devstack: Allow access to ports 80 and 443 So far, we were allowing access to port 5000 for keystone. When devstack siwtched to uwsgi we couldn't access keystone anymore. Co-Authored-By: Spyros Trigazis <strigazi@gmail.com> Change-Id: I4d3d482889fd9f6119ceec81757abac9d1251a97
2017-04-21 10:04:03 +05:30 · 2017-04-21 10:04:03 +05:30 · 530d225fcd
commit 530d225fcd
parent d147dd94a3
2 changed files with 8 additions and 5 deletions
--- a/devstack/lib/magnum
+++ b/devstack/lib/magnum
@ -150,9 +150,9 @@ function create_magnum_conf {

    configure_auth_token_middleware $MAGNUM_CONF magnum $MAGNUM_AUTH_CACHE_DIR

-    iniset $MAGNUM_CONF keystone_auth auth_url $KEYSTONE_SERVICE_URI/v3
-    iniset $MAGNUM_CONF keystone_authtoken auth_uri \
-           ${KEYSTONE_SERVICE_PROTOCOL}://${HOST_IP}:${KEYSTONE_SERVICE_PORT}/v3
+    iniset $MAGNUM_CONF keystone_auth auth_url $KEYSTONE_AUTH_URI_V3
+    iniset $MAGNUM_CONF keystone_authtoken auth_uri $KEYSTONE_SERVICE_URI_V3
+    iniset $MAGNUM_CONF keystone_authtoken auth_url $KEYSTONE_AUTH_URI_V3
    iniset $MAGNUM_CONF keystone_authtoken auth_version v3

    if is_fedora || is_suse; then
@ -330,7 +330,9 @@ function configure_iptables {
        sudo iptables -t nat -A POSTROUTING -o $OBOUND_DEV -j MASQUERADE
        # bay nodes will access magnum-api (port $MAGNUM_SERVICE_PORT) to get CA certificate.
        sudo iptables -I INPUT -d $HOST_IP -p tcp --dport $MAGNUM_SERVICE_PORT -j ACCEPT || true
-        sudo iptables -I INPUT -d $HOST_IP -p tcp --dport $KEYSTONE_SERVICE_PORT -j ACCEPT || true
+        # allow access to keystone etc (http and https)
+        sudo iptables -I INPUT -d $HOST_IP -p tcp --dport 80 -j ACCEPT || true
+        sudo iptables -I INPUT -d $HOST_IP -p tcp --dport 443 -j ACCEPT || true
    fi
 }

--- a/magnum/tests/contrib/post_test_hook.sh
+++ b/magnum/tests/contrib/post_test_hook.sh
@ -67,6 +67,7 @@ function create_test_data {
    local magnum_api_ip=$(iniget /etc/magnum/magnum.conf api host)
    local magnum_api_port=$(iniget /etc/magnum/magnum.conf api port)
    local magnum_url="http://"$magnum_api_ip":"$magnum_api_port"/v1"
+    local keystone_auth_url=$(iniget /etc/magnum/magnum.conf keystone_authtoken auth_uri)

    # pass the appropriate variables via a config file
    CREDS_FILE=$MAGNUM_DIR/functional_creds.conf
@ -74,7 +75,7 @@ function create_test_data {
 # Credentials for functional testing

 [auth]
-auth_url = $OS_AUTH_URL
+auth_url = $keystone_auth_url
 magnum_url = $magnum_url
 username = $OS_USERNAME
 project_name = $OS_PROJECT_NAME