diff --git a/manifests/init.pp b/manifests/init.pp index f30e8a3dd..49a24f8f2 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -211,10 +211,7 @@ # (Optional) The base public endpoint URL for keystone that are # advertised to clients (NOTE: this does NOT affect how # keystone listens for connections) (string value) -# If set to false, public_endpoint will be set from public_bind_host and -# public_port, or default to http://127.0.0.1:5000 -# Sample value: 'http://localhost:5000/' -# Defaults to undef +# Defaults to $::os_service_default # # [*enable_ssl*] # (Optional) Toggle for SSL support on the keystone eventlet servers. @@ -565,7 +562,7 @@ class keystone( $revoke_driver = $::os_service_default, $revoke_by_id = true, $admin_endpoint = $::os_service_default, - $public_endpoint = undef, + $public_endpoint = $::os_service_default, $enable_ssl = false, $ssl_certfile = '/etc/keystone/ssl/certs/keystone.pem', $ssl_keyfile = '/etc/keystone/ssl/private/keystonekey.pem', @@ -683,43 +680,13 @@ class keystone( } if $public_bind_host { - warning('keystone::public_bind_host is deprecated, and will have no effect and be removed in a later release.') - case $public_bind_host { - '0.0.0.0': { - $public_host = '127.0.0.1' - } - '::0': { - $public_host = '[::1]' - } - default: { - $public_host = normalize_ip_for_uri($public_bind_host) - } - } - } else { - $public_host = '127.0.0.1' + warning('keystone::public_bind_host is deprecated. This parameter has no effect and \ +will be removed in a later release.') } if $public_port { - warning('keystone::public_port is deprecated, and will have no effect and be removed in a later release') - $public_port_real = $public_port - } else { - $public_port_real = '5000' - } - - if ! $public_endpoint { - warning('keystone::public_endpoint is not set, but will be required in a later release') - - if $enable_ssl { - $public_protocol = 'https' - } else { - $public_protocol = 'http' - } - $public_endpoint_real = "${public_protocol}://${public_host}:${$public_port_real}" - } else { - if ('v2.0' in $public_endpoint) { - warning('Version string /v2.0/ should not be included in keystone::public_endpoint') - } - $public_endpoint_real = $public_endpoint + warning('keystone::public_port is deprecated. This parameter has no effect and \ +will be removed in a later release') } if $manage_policyrcd { @@ -762,7 +729,7 @@ class keystone( # Endpoint configuration keystone_config { - 'DEFAULT/public_endpoint': value => $public_endpoint_real; + 'DEFAULT/public_endpoint': value => $public_endpoint; } keystone_config { diff --git a/releasenotes/notes/unset-public_endpoint-1f28429335f3d0d7.yaml b/releasenotes/notes/unset-public_endpoint-1f28429335f3d0d7.yaml new file mode 100644 index 000000000..882c89fdc --- /dev/null +++ b/releasenotes/notes/unset-public_endpoint-1f28429335f3d0d7.yaml @@ -0,0 +1,6 @@ +--- +fixes: + - | + The ``default/public_endpiint`` parameter is no longer set by default + because of known issue with different hosts/protocol used for each + endpoints (especially for admin endpoint and public endpoint) diff --git a/spec/classes/keystone_init_spec.rb b/spec/classes/keystone_init_spec.rb index 05734e73c..68b01fe87 100644 --- a/spec/classes/keystone_init_spec.rb +++ b/spec/classes/keystone_init_spec.rb @@ -164,7 +164,7 @@ describe 'keystone' do if param_hash['public_endpoint'] is_expected.to contain_keystone_config('DEFAULT/public_endpoint').with_value(param_hash['public_endpoint']) else - is_expected.to contain_keystone_config('DEFAULT/public_endpoint').with_value('http://127.0.0.1:5000') + is_expected.to contain_keystone_config('DEFAULT/public_endpoint').with_value('') end end @@ -265,45 +265,6 @@ describe 'keystone' do ) } end - describe 'when public_bind_host or public_bind_port are set' do - describe 'when ipv6 loopback is set' do - let :params do - { - :public_bind_host => '::0' - } - end - it { is_expected.to contain_keystone_config("DEFAULT/public_endpoint").with_value('http://[::1]:5000') } - end - - describe 'when ipv4 address is set' do - let :params do - { - :public_bind_host => '192.168.0.1', - :public_port => '15000' - } - end - it { is_expected.to contain_keystone_config("DEFAULT/public_endpoint").with_value('http://192.168.0.1:15000') } - end - - describe 'when unenclosed ipv6 address is set' do - let :params do - { - :public_bind_host => '2001:db8::1' - } - end - it { is_expected.to contain_keystone_config("DEFAULT/public_endpoint").with_value('http://[2001:db8::1]:5000') } - end - - describe 'when enclosed ipv6 address is set' do - let :params do - { - :public_bind_host => '[2001:db8::1]' - } - end - it { is_expected.to contain_keystone_config("DEFAULT/public_endpoint").with_value('http://[2001:db8::1]:5000') } - end - end - describe 'when using invalid service name for keystone' do let (:params) { {'service_name' => 'foo'}.merge(default_params) } @@ -384,7 +345,6 @@ describe 'keystone' do let :params do { 'enable_ssl' => true, - 'public_endpoint' => 'https://localhost:5000', } end it {is_expected.to contain_keystone_config('ssl/enable').with_value(true)} @@ -393,7 +353,6 @@ describe 'keystone' do it {is_expected.to contain_keystone_config('ssl/ca_certs').with_value('/etc/keystone/ssl/certs/ca.pem')} it {is_expected.to contain_keystone_config('ssl/ca_key').with_value('/etc/keystone/ssl/private/cakey.pem')} it {is_expected.to contain_keystone_config('ssl/cert_subject').with_value('/C=US/ST=Unset/L=Unset/O=Unset/CN=localhost')} - it {is_expected.to contain_keystone_config('DEFAULT/public_endpoint').with_value('https://localhost:5000')} end describe 'when disabling SSL' do @@ -403,7 +362,6 @@ describe 'keystone' do } end it {is_expected.to contain_keystone_config('ssl/enable').with_value(false)} - it {is_expected.to contain_keystone_config('DEFAULT/public_endpoint').with_value('http://127.0.0.1:5000')} end describe 'not setting notification settings by default' do