Switch public endpoints to use FQDNs by default
This is in preparation for TLS by default, since the TLS certificate will use FQDNs for the SubjectAltName, and that will be verified. This required for us to change both CloudDomain and CloudName to be required parameters, and not default them to use localdomain. This is to avoid folks in real deployments using them in their clouds. Change-Id: Ic70dd323b33596eaa3fc18bdc69a7c011ccd7fa1
This commit is contained in:
Juan Antonio Osorio Robles
parent
9be5b8fce3
commit
8e104b3c54
@ -14,8 +14,9 @@ parameter_defaults:
|
||||
CloudDomain: localdomain
|
||||
|
||||
# The DNS name of this cloud. E.g. ci-overcloud.tripleo.org
|
||||
# Mandatory. This parameter must be set by the user.
|
||||
# Type: string
|
||||
CloudName: overcloud.localdomain
|
||||
CloudName: <None>
|
||||
|
||||
# The DNS name of this cloud's provisioning network endpoint. E.g. 'ci-overcloud.ctlplane.tripleo.org'.
|
||||
# Type: string
|
||||
|
||||
@ -9,7 +9,6 @@ parameters:
|
||||
{%- if network.name == 'External' %}
|
||||
# Special case the External hostname param, which is CloudName
|
||||
CloudName:
|
||||
default: overcloud.localdomain
|
||||
description: The DNS name of this cloud. E.g. ci-overcloud.tripleo.org
|
||||
type: string
|
||||
{%- elif network.name == 'InternalApi' %}
|
||||
|
||||
@ -68,7 +68,7 @@ def endpoint_map_default(config):
|
||||
(F_PROTOCOL, str(svc[ep_type].get(F_PROTOCOL,
|
||||
svc.get(F_PROTOCOL, 'http')))),
|
||||
(F_PORT, str(svc[ep_type].get(F_PORT, svc[F_PORT]))),
|
||||
(F_HOST, SUBST_IP_ADDRESS),
|
||||
(F_HOST, SUBST_IP_ADDRESS if ep_type != 'Public' else SUBST_CLOUDNAME),
|
||||
])
|
||||
return ep_name + ep_type, values
|
||||
|
||||
|
||||
@ -21,101 +21,101 @@ parameters:
|
||||
default:
|
||||
AodhAdmin: {protocol: http, port: '8042', host: IP_ADDRESS}
|
||||
AodhInternal: {protocol: http, port: '8042', host: IP_ADDRESS}
|
||||
AodhPublic: {protocol: http, port: '8042', host: IP_ADDRESS}
|
||||
AodhPublic: {protocol: http, port: '8042', host: CLOUDNAME}
|
||||
BarbicanAdmin: {protocol: http, port: '9311', host: IP_ADDRESS}
|
||||
BarbicanInternal: {protocol: http, port: '9311', host: IP_ADDRESS}
|
||||
BarbicanPublic: {protocol: http, port: '9311', host: IP_ADDRESS}
|
||||
BarbicanPublic: {protocol: http, port: '9311', host: CLOUDNAME}
|
||||
CeilometerAdmin: {protocol: http, port: '8777', host: IP_ADDRESS}
|
||||
CeilometerInternal: {protocol: http, port: '8777', host: IP_ADDRESS}
|
||||
CeilometerPublic: {protocol: http, port: '8777', host: IP_ADDRESS}
|
||||
CeilometerPublic: {protocol: http, port: '8777', host: CLOUDNAME}
|
||||
CephRgwAdmin: {protocol: http, port: '8080', host: IP_ADDRESS}
|
||||
CephRgwInternal: {protocol: http, port: '8080', host: IP_ADDRESS}
|
||||
CephRgwPublic: {protocol: http, port: '8080', host: IP_ADDRESS}
|
||||
CephRgwPublic: {protocol: http, port: '8080', host: CLOUDNAME}
|
||||
CinderAdmin: {protocol: http, port: '8776', host: IP_ADDRESS}
|
||||
CinderInternal: {protocol: http, port: '8776', host: IP_ADDRESS}
|
||||
CinderPublic: {protocol: http, port: '8776', host: IP_ADDRESS}
|
||||
CinderPublic: {protocol: http, port: '8776', host: CLOUDNAME}
|
||||
CongressAdmin: {protocol: http, port: '1789', host: IP_ADDRESS}
|
||||
CongressInternal: {protocol: http, port: '1789', host: IP_ADDRESS}
|
||||
CongressPublic: {protocol: http, port: '1789', host: IP_ADDRESS}
|
||||
CongressPublic: {protocol: http, port: '1789', host: CLOUDNAME}
|
||||
DesignateAdmin: {protocol: http, port: '9001', host: IP_ADDRESS}
|
||||
DesignateInternal: {protocol: http, port: '9001', host: IP_ADDRESS}
|
||||
DesignatePublic: {protocol: http, port: '9001', host: IP_ADDRESS}
|
||||
DesignatePublic: {protocol: http, port: '9001', host: CLOUDNAME}
|
||||
DockerRegistryInternal: {protocol: http, port: '8787', host: IP_ADDRESS}
|
||||
Ec2ApiAdmin: {protocol: http, port: '8788', host: IP_ADDRESS}
|
||||
Ec2ApiInternal: {protocol: http, port: '8788', host: IP_ADDRESS}
|
||||
Ec2ApiPublic: {protocol: http, port: '8788', host: IP_ADDRESS}
|
||||
Ec2ApiPublic: {protocol: http, port: '8788', host: CLOUDNAME}
|
||||
GaneshaInternal: {protocol: nfs, port: '2049', host: IP_ADDRESS}
|
||||
GlanceAdmin: {protocol: http, port: '9292', host: IP_ADDRESS}
|
||||
GlanceInternal: {protocol: http, port: '9292', host: IP_ADDRESS}
|
||||
GlancePublic: {protocol: http, port: '9292', host: IP_ADDRESS}
|
||||
GlancePublic: {protocol: http, port: '9292', host: CLOUDNAME}
|
||||
GnocchiAdmin: {protocol: http, port: '8041', host: IP_ADDRESS}
|
||||
GnocchiInternal: {protocol: http, port: '8041', host: IP_ADDRESS}
|
||||
GnocchiPublic: {protocol: http, port: '8041', host: IP_ADDRESS}
|
||||
GnocchiPublic: {protocol: http, port: '8041', host: CLOUDNAME}
|
||||
HeatAdmin: {protocol: http, port: '8004', host: IP_ADDRESS}
|
||||
HeatInternal: {protocol: http, port: '8004', host: IP_ADDRESS}
|
||||
HeatPublic: {protocol: http, port: '8004', host: IP_ADDRESS}
|
||||
HeatPublic: {protocol: http, port: '8004', host: CLOUDNAME}
|
||||
HeatUIConfig: {protocol: http, port: '3000', host: IP_ADDRESS}
|
||||
HeatCfnAdmin: {protocol: http, port: '8000', host: IP_ADDRESS}
|
||||
HeatCfnInternal: {protocol: http, port: '8000', host: IP_ADDRESS}
|
||||
HeatCfnPublic: {protocol: http, port: '8000', host: IP_ADDRESS}
|
||||
HorizonPublic: {protocol: http, port: '80', host: IP_ADDRESS}
|
||||
HeatCfnPublic: {protocol: http, port: '8000', host: CLOUDNAME}
|
||||
HorizonPublic: {protocol: http, port: '80', host: CLOUDNAME}
|
||||
IronicAdmin: {protocol: http, port: '6385', host: IP_ADDRESS}
|
||||
IronicInternal: {protocol: http, port: '6385', host: IP_ADDRESS}
|
||||
IronicPublic: {protocol: http, port: '6385', host: IP_ADDRESS}
|
||||
IronicPublic: {protocol: http, port: '6385', host: CLOUDNAME}
|
||||
IronicUIConfig: {protocol: http, port: '3000', host: IP_ADDRESS}
|
||||
IronicInspectorAdmin: {protocol: http, port: '5050', host: IP_ADDRESS}
|
||||
IronicInspectorInternal: {protocol: http, port: '5050', host: IP_ADDRESS}
|
||||
IronicInspectorPublic: {protocol: http, port: '5050', host: IP_ADDRESS}
|
||||
IronicInspectorPublic: {protocol: http, port: '5050', host: CLOUDNAME}
|
||||
IronicInspectorUIConfig: {protocol: http, port: '3000', host: IP_ADDRESS}
|
||||
KeystoneAdmin: {protocol: http, port: '35357', host: IP_ADDRESS}
|
||||
KeystoneInternal: {protocol: http, port: '5000', host: IP_ADDRESS}
|
||||
KeystonePublic: {protocol: http, port: '5000', host: IP_ADDRESS}
|
||||
KeystonePublic: {protocol: http, port: '5000', host: CLOUDNAME}
|
||||
KeystoneUIConfig: {protocol: http, port: '3000', host: IP_ADDRESS}
|
||||
ManilaAdmin: {protocol: http, port: '8786', host: IP_ADDRESS}
|
||||
ManilaInternal: {protocol: http, port: '8786', host: IP_ADDRESS}
|
||||
ManilaPublic: {protocol: http, port: '8786', host: IP_ADDRESS}
|
||||
ManilaPublic: {protocol: http, port: '8786', host: CLOUDNAME}
|
||||
MistralAdmin: {protocol: http, port: '8989', host: IP_ADDRESS}
|
||||
MistralInternal: {protocol: http, port: '8989', host: IP_ADDRESS}
|
||||
MistralPublic: {protocol: http, port: '8989', host: IP_ADDRESS}
|
||||
MistralPublic: {protocol: http, port: '8989', host: CLOUDNAME}
|
||||
MistralUIConfig: {protocol: http, port: '3000', host: IP_ADDRESS}
|
||||
MysqlInternal: {protocol: mysql+pymysql, port: '3306', host: IP_ADDRESS}
|
||||
NeutronAdmin: {protocol: http, port: '9696', host: IP_ADDRESS}
|
||||
NeutronInternal: {protocol: http, port: '9696', host: IP_ADDRESS}
|
||||
NeutronPublic: {protocol: http, port: '9696', host: IP_ADDRESS}
|
||||
NeutronPublic: {protocol: http, port: '9696', host: CLOUDNAME}
|
||||
NovaAdmin: {protocol: http, port: '8774', host: IP_ADDRESS}
|
||||
NovaInternal: {protocol: http, port: '8774', host: IP_ADDRESS}
|
||||
NovaPublic: {protocol: http, port: '8774', host: IP_ADDRESS}
|
||||
NovaPublic: {protocol: http, port: '8774', host: CLOUDNAME}
|
||||
NovaUIConfig: {protocol: http, port: '3000', host: IP_ADDRESS}
|
||||
NovaPlacementAdmin: {protocol: http, port: '8778', host: IP_ADDRESS}
|
||||
NovaPlacementInternal: {protocol: http, port: '8778', host: IP_ADDRESS}
|
||||
NovaPlacementPublic: {protocol: http, port: '8778', host: IP_ADDRESS}
|
||||
NovaPlacementPublic: {protocol: http, port: '8778', host: CLOUDNAME}
|
||||
NovaVNCProxyAdmin: {protocol: http, port: '6080', host: IP_ADDRESS}
|
||||
NovaVNCProxyInternal: {protocol: http, port: '6080', host: IP_ADDRESS}
|
||||
NovaVNCProxyPublic: {protocol: http, port: '6080', host: IP_ADDRESS}
|
||||
NovaVNCProxyPublic: {protocol: http, port: '6080', host: CLOUDNAME}
|
||||
OctaviaAdmin: {protocol: http, port: '9876', host: IP_ADDRESS}
|
||||
OctaviaInternal: {protocol: http, port: '9876', host: IP_ADDRESS}
|
||||
OctaviaPublic: {protocol: http, port: '9876', host: IP_ADDRESS}
|
||||
OctaviaPublic: {protocol: http, port: '9876', host: CLOUDNAME}
|
||||
OpenDaylightAdmin: {protocol: http, port: '8081', host: IP_ADDRESS}
|
||||
OpenDaylightInternal: {protocol: http, port: '8081', host: IP_ADDRESS}
|
||||
PankoAdmin: {protocol: http, port: '8977', host: IP_ADDRESS}
|
||||
PankoInternal: {protocol: http, port: '8977', host: IP_ADDRESS}
|
||||
PankoPublic: {protocol: http, port: '8977', host: IP_ADDRESS}
|
||||
PankoPublic: {protocol: http, port: '8977', host: CLOUDNAME}
|
||||
SaharaAdmin: {protocol: http, port: '8386', host: IP_ADDRESS}
|
||||
SaharaInternal: {protocol: http, port: '8386', host: IP_ADDRESS}
|
||||
SaharaPublic: {protocol: http, port: '8386', host: IP_ADDRESS}
|
||||
SaharaPublic: {protocol: http, port: '8386', host: CLOUDNAME}
|
||||
SwiftAdmin: {protocol: http, port: '8080', host: IP_ADDRESS}
|
||||
SwiftInternal: {protocol: http, port: '8080', host: IP_ADDRESS}
|
||||
SwiftPublic: {protocol: http, port: '8080', host: IP_ADDRESS}
|
||||
SwiftPublic: {protocol: http, port: '8080', host: CLOUDNAME}
|
||||
SwiftUIConfig: {protocol: http, port: '3000', host: IP_ADDRESS}
|
||||
TackerAdmin: {protocol: http, port: '9890', host: IP_ADDRESS}
|
||||
TackerInternal: {protocol: http, port: '9890', host: IP_ADDRESS}
|
||||
TackerPublic: {protocol: http, port: '9890', host: IP_ADDRESS}
|
||||
TackerPublic: {protocol: http, port: '9890', host: CLOUDNAME}
|
||||
ZaqarAdmin: {protocol: http, port: '8888', host: IP_ADDRESS}
|
||||
ZaqarInternal: {protocol: http, port: '8888', host: IP_ADDRESS}
|
||||
ZaqarPublic: {protocol: http, port: '8888', host: IP_ADDRESS}
|
||||
ZaqarPublic: {protocol: http, port: '8888', host: CLOUDNAME}
|
||||
ZaqarWebSocketAdmin: {protocol: ws, port: '9000', host: IP_ADDRESS}
|
||||
ZaqarWebSocketInternal: {protocol: ws, port: '9000', host: IP_ADDRESS}
|
||||
ZaqarWebSocketPublic: {protocol: ws, port: '9000', host: IP_ADDRESS}
|
||||
ZaqarWebSocketPublic: {protocol: ws, port: '9000', host: CLOUDNAME}
|
||||
ZaqarWebSocketUIConfig: {protocol: ws, port: '3000', host: IP_ADDRESS}
|
||||
description: Mapping of service endpoint -> protocol. Typically set
|
||||
via parameter_defaults in the resource registry.
|
||||
|
||||
@ -25,7 +25,6 @@ parameters:
|
||||
{%- if network.name == 'External' %}
|
||||
# Special case the External hostname param, which is CloudName
|
||||
CloudName:
|
||||
default: overcloud.localdomain
|
||||
description: The DNS name of this cloud. E.g. ci-overcloud.tripleo.org
|
||||
type: string
|
||||
{%- elif network.name == 'InternalApi' %}
|
||||
|
||||
@ -0,0 +1,11 @@
|
||||
---
|
||||
features:
|
||||
- |
|
||||
CloudName is now a required parameter. Given that FQDNs are now the
|
||||
default instead of IP addresses, to avoid people using the localdomain
|
||||
(which used to be the default for domain for CloudName), we now remove
|
||||
the default, and require folks to set their own.
|
||||
- |
|
||||
The overcloud endpoints now point to FQDNs instead of IP addresses.
|
||||
This was done as part of the public TLS by default work, and is needed
|
||||
since the certificates have FQDNs for SubjectAltNames.
|
||||
Loading…
Reference in New Issue
Block a user