Fix keystone endpoint for heat servers
This patch changes the heat config so that communication between the heat service and the other internal parts of openstack occurs over the internal API endpoint, but a new heat configuration option [1] is set which ensures that the keystone endpoint written into server configs points to the external API endpoint. This should address several long running SSL related failures when self signed certificates are used, and allows heat to work correctly when the internal and external endpoints are on different networks. Change-Id: I533ab16557cb83e2791dbb7267a97fb0d44e9ba6 Fixes-Bug: 1811086 Fixes-Bug: 1820591 Related-Bug: 1824646 Related-Bug: 1814909 Depends-On: https://review.opendev.org/678062
This commit is contained in:
parent
2d60bf6e38
commit
288634ce0b
|
@ -14,6 +14,7 @@ stack_user_domain_name = {{ heat_stack_user_domain_name }}
|
|||
max_nested_stack_depth = {{ heat_max_nested_stack_depth }}
|
||||
heat_waitcondition_server_url = {{ heat_waitcondition_server_url }}
|
||||
heat_metadata_server_url = {{ heat_metadata_server_url }}
|
||||
server_keystone_endpoint_type = public
|
||||
|
||||
deferred_auth_method = {{ heat_deferred_auth_method }}
|
||||
trusts_delegated_roles = {{ heat_trusts_delegated_roles | join(',') }}
|
||||
|
@ -43,13 +44,13 @@ endpoint_type = {{ heat_clients_heat_endpoint }}
|
|||
[clients_keystone]
|
||||
insecure = {{ keystone_service_internaluri_insecure | bool }}
|
||||
endpoint_type = {{ heat_clients_endpoint }}
|
||||
auth_uri = {{ keystone_service_publicuri }}
|
||||
auth_uri = {{ keystone_service_internaluri }}
|
||||
|
||||
[database]
|
||||
connection = mysql+pymysql://{{ heat_galera_user }}:{{ heat_container_mysql_password }}@{{ heat_galera_address }}/{{ heat_galera_database }}?charset=utf8{% if heat_galera_use_ssl | bool %}&ssl_ca={{ heat_galera_ssl_ca_cert }}{% endif %}
|
||||
|
||||
[ec2authtoken]
|
||||
auth_uri = {{ keystone_service_publicuri }}
|
||||
auth_uri = {{ keystone_service_internaluri }}
|
||||
|
||||
[heat_api]
|
||||
bind_port = {{ heat_service_port }}
|
||||
|
@ -81,7 +82,7 @@ trace_sqlalchemy = {{ heat_profiler_trace_sqlalchemy }}
|
|||
insecure = {{ keystone_service_internaluri_insecure | bool }}
|
||||
auth_type = {{ heat_keystone_auth_plugin }}
|
||||
auth_url = {{ keystone_service_adminurl }}
|
||||
www_authenticate_uri = {{ keystone_service_publicuri }}
|
||||
www_authenticate_uri = {{ keystone_service_internaluri }}
|
||||
project_domain_id = {{ heat_service_project_domain_id }}
|
||||
user_domain_id = {{ heat_service_user_domain_id }}
|
||||
project_name = {{ heat_service_project_name }}
|
||||
|
|
Loading…
Reference in New Issue