Loadbalance keystone's admin endpoints towards the internal backends
Instead of trying to loadbalance keystone's admin endpoint frontends towards the backends of the same network. We instead forward them towards the IP's where the public/internal endpoints are listening on. This way we definitely don't use the admin endpoint (a step towards getting rid of it), and we won't get SSL host failures when trying to access the one single endpoint. Change-Id: I577373b5ff110c47bc4dc350ca753b7a1957554f
This commit is contained in:
parent
a71e9f8074
commit
7de34bf57d
@ -908,11 +908,14 @@ class tripleo::haproxy (
|
|||||||
}
|
}
|
||||||
|
|
||||||
if $keystone_admin {
|
if $keystone_admin {
|
||||||
|
# NOTE(jaosorior): Given that the admin endpoint is in the same vhost
|
||||||
|
# nowadays as the public/internal one. We can just loadbalance towards the
|
||||||
|
# same IP.
|
||||||
::tripleo::haproxy::endpoint { 'keystone_admin':
|
::tripleo::haproxy::endpoint { 'keystone_admin':
|
||||||
internal_ip => hiera('keystone_admin_api_vip', $controller_virtual_ip),
|
internal_ip => hiera('keystone_admin_api_vip', $controller_virtual_ip),
|
||||||
service_port => $ports[keystone_admin_api_port],
|
service_port => $ports[keystone_admin_api_port],
|
||||||
ip_addresses => hiera('keystone_admin_api_node_ips', $controller_hosts_real),
|
ip_addresses => hiera('keystone_public_api_node_ips', $controller_hosts_real),
|
||||||
server_names => hiera('keystone_admin_api_node_names', $controller_hosts_names_real),
|
server_names => hiera('keystone_public_api_node_names', $controller_hosts_names_real),
|
||||||
mode => 'http',
|
mode => 'http',
|
||||||
listen_options => merge($default_listen_options, { 'option' => [ 'httpchk GET /v3' ] }),
|
listen_options => merge($default_listen_options, { 'option' => [ 'httpchk GET /v3' ] }),
|
||||||
service_network => $keystone_admin_network,
|
service_network => $keystone_admin_network,
|
||||||
|
Loading…
Reference in New Issue
Block a user