Keystone: Remove unnecessary binds for admin endpoint

In the past Keystone required a separate instance for admin endpoint. However that requirement was removed and current TripleO deploys only a single keystone instance, which listens on tcp/5000 in KeystonePublicApiNetwork [1]. Now haproxy forwards all keystone api access to tcp/5000 in KeystonePublicApiNetwork and no longer uses backend on tcp/35357 in KeystoneAdminApiNetwork. [1] 5bd82e9ef051e732c0f991eaf4f9e3572aac87f6 Closes-Bug: #1978131 Change-Id: I9daaf69463e74f0f7fb63586ff6464194391da30
2022-06-10 13:50:57 +09:00 · 2022-06-10 13:50:57 +09:00 · 2de73e7624
parent e30c94f760
commit 2de73e7624
1 changed files with 5 additions and 15 deletions
--- a/deployment/keystone/keystone-container-puppet.yaml
+++ b/deployment/keystone/keystone-container-puppet.yaml
@ -499,7 +499,6 @@ outputs:
        '111 keystone':
          dport:
            - 5000
-            - {get_param: [EndpointMap, KeystoneAdmin, port]}
      firewall_frontend_rules:
        '100 keystone_public_haproxy_frontend':
          dport:
@ -582,9 +581,6 @@ outputs:
            keystone::service_name: 'httpd'
            keystone::enable_ssl: {get_param: EnableInternalTLS}
            keystone::wsgi::apache::access_log_format: 'forwarded'
-            keystone::wsgi::apache::api_port:
-              - 5000
-              - {get_param: [EndpointMap, KeystoneAdmin, port]}
            keystone::wsgi::apache::ssl: {get_param: EnableInternalTLS}
            keystone::wsgi::apache::servername:
              str_replace:
@ -603,18 +599,12 @@ outputs:
            # internal_api -> IP
            # internal_api_uri -> [IP]
            # internal_api_subnet - > IP/CIDR
-            # NOTE: this applies to all 2 bind IP settings below...
            keystone::wsgi::apache::bind_host:
-              - str_replace:
-                  template:
-                    "%{lookup('$NETWORK')}"
-                  params:
-                    $NETWORK: {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}
-              - str_replace:
-                  template:
-                    "%{lookup('$NETWORK')}"
-                  params:
-                    $NETWORK: {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}
+              str_replace:
+                template:
+                  "%{lookup('$NETWORK')}"
+                params:
+                  $NETWORK: {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}
          - keystone::cache::enabled: {get_param: EnableCache}
            keystone::cache::tls_enabled: {get_param: MemcachedTLS}
          - if: