standalone/undercloud - post: use EndpointMap to fetch Keystone URL

Using EndpointMap to ensure we get the hostname/fqdn if possible
otherwise it fallbacks to the IP for Keystone public endpoint.

This is useful when the operator uses a certificate based on
hostname/fqdn and not an IP address.

Closes-Bug #1763776
Change-Id: Ifa9d55cca90caf5be0c83507cb47447e25311fce
This commit is contained in:
Emilien Macchi 2019-04-25 21:23:57 -04:00
parent 719304d1af
commit 016279b71e
6 changed files with 31 additions and 63 deletions

View File

@ -3,6 +3,11 @@ heat_template_version: rocky
parameters:
servers:
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
resources:

View File

@ -231,6 +231,7 @@ resources:
type: OS::TripleO::NodeExtraConfigPost
properties:
servers: {get_param: [servers, {{role.name}}]}
EndpointMap: {get_param: EndpointMap}
# The {{role.name}}PostConfig steps are in charge of
# quiescing all services, i.e. in the Controller case,

View File

@ -3,3 +3,8 @@ description: 'Extra Post Deployment Config'
parameters:
servers:
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json

View File

@ -17,17 +17,6 @@ parameters:
type: string
description: The password for the keystone admin account, used for monitoring, querying neutron etc.
hidden: True
SSLCertificate:
description: >
The content of the SSL certificate (without Key) in PEM format.
type: string
default: ""
hidden: True
PublicSSLCertificateAutogenerated:
default: false
description: >
Whether the public SSL certificate was autogenerated or not.
type: boolean
KeystoneRegion:
type: string
default: 'regionOne'
@ -40,18 +29,11 @@ parameters:
type: string
description: The python interpreter to use for python and ansible actions
default: /usr/bin/python
conditions:
tls_enabled:
or:
- not:
equals:
- {get_param: SSLCertificate}
- ""
- equals:
- {get_param: PublicSSLCertificateAutogenerated}
- true
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
resources:
@ -108,19 +90,7 @@ resources:
config: {get_resource: CloudsYamlConfig}
input_values:
admin_password: {get_param: AdminPassword}
auth_url:
if:
- tls_enabled
- make_url:
scheme: https
host: {get_param: [DeployedServerPortMap, 'public_virtual_ip', fixed_ips, 0, ip_address]}
port: 13000
path: /
- make_url:
scheme: http
host: {get_param: [DeployedServerPortMap, 'control_virtual_ip', fixed_ips, 0, ip_address]}
port: 5000
path: /
auth_url: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix]}
cloud_name: {get_param: StandaloneCloudName}
home_dir: {get_param: StandaloneHomeDir}
identity_api_version: 3

View File

@ -79,6 +79,11 @@ parameters:
type: string
default: 'undercloud'
description: Cloud name for the clouds.yaml
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
conditions:
@ -130,20 +135,7 @@ resources:
- ca_file_enabled
- {get_param: InternalTLSCAFile}
- ''
# if SSL is enabled we use the public virtual ip as the stackrc endpoint
auth_url:
if:
- tls_enabled
- make_url:
scheme: https
host: {get_param: [DeployedServerPortMap, 'public_virtual_ip', fixed_ips, 0, ip_address]}
port: 13000
path: /
- make_url:
scheme: http
host: {get_param: [DeployedServerPortMap, 'control_virtual_ip', fixed_ips, 0, ip_address]}
port: 5000
path: /
auth_url: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix]}
CloudsYamlConfig:
type: OS::Heat::SoftwareConfig
@ -170,19 +162,7 @@ resources:
config: {get_resource: CloudsYamlConfig}
input_values:
admin_password: {get_param: AdminPassword}
auth_url:
if:
- tls_enabled
- make_url:
scheme: https
host: {get_param: [DeployedServerPortMap, 'public_virtual_ip', fixed_ips, 0, ip_address]}
port: 13000
path: /
- make_url:
scheme: http
host: {get_param: [DeployedServerPortMap, 'control_virtual_ip', fixed_ips, 0, ip_address]}
port: 5000
path: /
auth_url: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix]}
cloud_name: {get_param: UndercloudCloudName}
home_dir: {get_param: UndercloudHomeDir}
identity_api_version: 3

View File

@ -0,0 +1,7 @@
---
other:
- |
The EndpointMap parameter is now required by post_deploy templates.
So if an user overrides OS::TripleO::NodeExtraConfigPost with another
template, the template would need to have EndpointMap parameter to work
fine.