From 016279b71e74700c18f2270649cb7567ae94505f Mon Sep 17 00:00:00 2001 From: Emilien Macchi Date: Thu, 25 Apr 2019 21:23:57 -0400 Subject: [PATCH] standalone/undercloud - post: use EndpointMap to fetch Keystone URL Using EndpointMap to ensure we get the hostname/fqdn if possible otherwise it fallbacks to the IP for Keystone public endpoint. This is useful when the operator uses a certificate based on hostname/fqdn and not an IP address. Closes-Bug #1763776 Change-Id: Ifa9d55cca90caf5be0c83507cb47447e25311fce --- ci/common/vbmc_setup.yaml | 5 +++ common/deploy-steps.j2 | 1 + extraconfig/post_deploy/default.yaml | 5 +++ extraconfig/post_deploy/standalone_post.yaml | 42 +++---------------- extraconfig/post_deploy/undercloud_post.yaml | 34 ++++----------- .../notes/endpointmap-8825fcd5fa5a2ba2.yaml | 7 ++++ 6 files changed, 31 insertions(+), 63 deletions(-) create mode 100644 releasenotes/notes/endpointmap-8825fcd5fa5a2ba2.yaml diff --git a/ci/common/vbmc_setup.yaml b/ci/common/vbmc_setup.yaml index 779d52ad72..4d452c8174 100644 --- a/ci/common/vbmc_setup.yaml +++ b/ci/common/vbmc_setup.yaml @@ -3,6 +3,11 @@ heat_template_version: rocky parameters: servers: type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json resources: diff --git a/common/deploy-steps.j2 b/common/deploy-steps.j2 index 3b8b4044fe..4c50f06b12 100644 --- a/common/deploy-steps.j2 +++ b/common/deploy-steps.j2 @@ -231,6 +231,7 @@ resources: type: OS::TripleO::NodeExtraConfigPost properties: servers: {get_param: [servers, {{role.name}}]} + EndpointMap: {get_param: EndpointMap} # The {{role.name}}PostConfig steps are in charge of # quiescing all services, i.e. in the Controller case, diff --git a/extraconfig/post_deploy/default.yaml b/extraconfig/post_deploy/default.yaml index e1676d0301..b557d69932 100644 --- a/extraconfig/post_deploy/default.yaml +++ b/extraconfig/post_deploy/default.yaml @@ -3,3 +3,8 @@ description: 'Extra Post Deployment Config' parameters: servers: type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json diff --git a/extraconfig/post_deploy/standalone_post.yaml b/extraconfig/post_deploy/standalone_post.yaml index 8f6814d011..876f5ebfe1 100644 --- a/extraconfig/post_deploy/standalone_post.yaml +++ b/extraconfig/post_deploy/standalone_post.yaml @@ -17,17 +17,6 @@ parameters: type: string description: The password for the keystone admin account, used for monitoring, querying neutron etc. hidden: True - SSLCertificate: - description: > - The content of the SSL certificate (without Key) in PEM format. - type: string - default: "" - hidden: True - PublicSSLCertificateAutogenerated: - default: false - description: > - Whether the public SSL certificate was autogenerated or not. - type: boolean KeystoneRegion: type: string default: 'regionOne' @@ -40,18 +29,11 @@ parameters: type: string description: The python interpreter to use for python and ansible actions default: /usr/bin/python - -conditions: - - tls_enabled: - or: - - not: - equals: - - {get_param: SSLCertificate} - - "" - - equals: - - {get_param: PublicSSLCertificateAutogenerated} - - true + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json resources: @@ -108,19 +90,7 @@ resources: config: {get_resource: CloudsYamlConfig} input_values: admin_password: {get_param: AdminPassword} - auth_url: - if: - - tls_enabled - - make_url: - scheme: https - host: {get_param: [DeployedServerPortMap, 'public_virtual_ip', fixed_ips, 0, ip_address]} - port: 13000 - path: / - - make_url: - scheme: http - host: {get_param: [DeployedServerPortMap, 'control_virtual_ip', fixed_ips, 0, ip_address]} - port: 5000 - path: / + auth_url: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix]} cloud_name: {get_param: StandaloneCloudName} home_dir: {get_param: StandaloneHomeDir} identity_api_version: 3 diff --git a/extraconfig/post_deploy/undercloud_post.yaml b/extraconfig/post_deploy/undercloud_post.yaml index b0db158323..2cd7c3a8e5 100644 --- a/extraconfig/post_deploy/undercloud_post.yaml +++ b/extraconfig/post_deploy/undercloud_post.yaml @@ -79,6 +79,11 @@ parameters: type: string default: 'undercloud' description: Cloud name for the clouds.yaml + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json conditions: @@ -130,20 +135,7 @@ resources: - ca_file_enabled - {get_param: InternalTLSCAFile} - '' - # if SSL is enabled we use the public virtual ip as the stackrc endpoint - auth_url: - if: - - tls_enabled - - make_url: - scheme: https - host: {get_param: [DeployedServerPortMap, 'public_virtual_ip', fixed_ips, 0, ip_address]} - port: 13000 - path: / - - make_url: - scheme: http - host: {get_param: [DeployedServerPortMap, 'control_virtual_ip', fixed_ips, 0, ip_address]} - port: 5000 - path: / + auth_url: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix]} CloudsYamlConfig: type: OS::Heat::SoftwareConfig @@ -170,19 +162,7 @@ resources: config: {get_resource: CloudsYamlConfig} input_values: admin_password: {get_param: AdminPassword} - auth_url: - if: - - tls_enabled - - make_url: - scheme: https - host: {get_param: [DeployedServerPortMap, 'public_virtual_ip', fixed_ips, 0, ip_address]} - port: 13000 - path: / - - make_url: - scheme: http - host: {get_param: [DeployedServerPortMap, 'control_virtual_ip', fixed_ips, 0, ip_address]} - port: 5000 - path: / + auth_url: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix]} cloud_name: {get_param: UndercloudCloudName} home_dir: {get_param: UndercloudHomeDir} identity_api_version: 3 diff --git a/releasenotes/notes/endpointmap-8825fcd5fa5a2ba2.yaml b/releasenotes/notes/endpointmap-8825fcd5fa5a2ba2.yaml new file mode 100644 index 0000000000..2438bce2a1 --- /dev/null +++ b/releasenotes/notes/endpointmap-8825fcd5fa5a2ba2.yaml @@ -0,0 +1,7 @@ +--- +other: + - | + The EndpointMap parameter is now required by post_deploy templates. + So if an user overrides OS::TripleO::NodeExtraConfigPost with another + template, the template would need to have EndpointMap parameter to work + fine.