Keystone: Remove unnecessary binds for admin endpoint
In the past Keystone required a separate instance for admin endpoint. However that requirement was removed and current TripleO deploys only a single keystone instance, which listens on tcp/5000 in KeystonePublicApiNetwork [1]. Now haproxy forwards all keystone api access to tcp/5000 in KeystonePublicApiNetwork and no longer uses backend on tcp/35357 in KeystoneAdminApiNetwork. [1] 5bd82e9ef051e732c0f991eaf4f9e3572aac87f6 Closes-Bug: #1978131 Change-Id: I9daaf69463e74f0f7fb63586ff6464194391da30
This commit is contained in:
parent
e30c94f760
commit
2de73e7624
|
@ -499,7 +499,6 @@ outputs:
|
|||
'111 keystone':
|
||||
dport:
|
||||
- 5000
|
||||
- {get_param: [EndpointMap, KeystoneAdmin, port]}
|
||||
firewall_frontend_rules:
|
||||
'100 keystone_public_haproxy_frontend':
|
||||
dport:
|
||||
|
@ -582,9 +581,6 @@ outputs:
|
|||
keystone::service_name: 'httpd'
|
||||
keystone::enable_ssl: {get_param: EnableInternalTLS}
|
||||
keystone::wsgi::apache::access_log_format: 'forwarded'
|
||||
keystone::wsgi::apache::api_port:
|
||||
- 5000
|
||||
- {get_param: [EndpointMap, KeystoneAdmin, port]}
|
||||
keystone::wsgi::apache::ssl: {get_param: EnableInternalTLS}
|
||||
keystone::wsgi::apache::servername:
|
||||
str_replace:
|
||||
|
@ -603,18 +599,12 @@ outputs:
|
|||
# internal_api -> IP
|
||||
# internal_api_uri -> [IP]
|
||||
# internal_api_subnet - > IP/CIDR
|
||||
# NOTE: this applies to all 2 bind IP settings below...
|
||||
keystone::wsgi::apache::bind_host:
|
||||
- str_replace:
|
||||
template:
|
||||
"%{lookup('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}
|
||||
- str_replace:
|
||||
template:
|
||||
"%{lookup('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}
|
||||
str_replace:
|
||||
template:
|
||||
"%{lookup('$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}
|
||||
- keystone::cache::enabled: {get_param: EnableCache}
|
||||
keystone::cache::tls_enabled: {get_param: MemcachedTLS}
|
||||
- if:
|
||||
|
|
Loading…
Reference in New Issue