From 9471eb030f21d425cb049ada3b91935d4b1bdea7 Mon Sep 17 00:00:00 2001
From: Alan Bishop <abishop@redhat.com>
Date: Thu, 27 Aug 2020 12:22:02 -0700
Subject: [PATCH] DCN: use FQDN in glance endpoint with internal TLS

Fix the glance-api endpoint used by cinder and nova services at DCN
sites. When internal TLS is enabled, the URI must use a FQDN and not
an IP address.

Closes-Bug: #1893453
Change-Id: I386a035f9688c54d617e714888c9c0fa14f34a1e
(cherry picked from commit 2035b88f5b9eb1c86391c995f768f9ecc45855a4)
---
 .../glance-api-edge-container-puppet.yaml     | 22 ++++++++++---------
 .../haproxy-edge-container-puppet.yaml        | 22 ++++++++++---------
 2 files changed, 24 insertions(+), 20 deletions(-)

diff --git a/deployment/glance/glance-api-edge-container-puppet.yaml b/deployment/glance/glance-api-edge-container-puppet.yaml
index cc0e6277f0..7a06f931d7 100644
--- a/deployment/glance/glance-api-edge-container-puppet.yaml
+++ b/deployment/glance/glance-api-edge-container-puppet.yaml
@@ -55,16 +55,18 @@ outputs:
   glance_api_edge_uri:
     description: URI of the glance-api service runing at the edge site.
     value: &glance_api_edge_uri
-      str_replace:
-        template:
-          "PROTOCOL://%{hiera('NETWORK_uri')}:9292"
-        params:
-          PROTOCOL:
-            if:
-            - internal_tls_enabled
-            - https
-            - http
-          NETWORK: {get_param: [ServiceNetMap, GlanceApiEdgeNetwork]}
+      if:
+      - internal_tls_enabled
+      - str_replace:
+          template:
+            "https://%{hiera('fqdn_NETWORK')}:9292"
+          params:
+            NETWORK: {get_param: [ServiceNetMap, GlanceApiEdgeNetwork]}
+      - str_replace:
+          template:
+            "http://%{hiera('NETWORK_uri')}:9292"
+          params:
+            NETWORK: {get_param: [ServiceNetMap, GlanceApiEdgeNetwork]}
 
   role_data:
     description: Role data for the Glance API role for DCN/Edge.
diff --git a/deployment/haproxy/haproxy-edge-container-puppet.yaml b/deployment/haproxy/haproxy-edge-container-puppet.yaml
index 1f5b370a6c..d12c9ce5cc 100644
--- a/deployment/haproxy/haproxy-edge-container-puppet.yaml
+++ b/deployment/haproxy/haproxy-edge-container-puppet.yaml
@@ -61,16 +61,18 @@ outputs:
   glance_api_edge_uri:
     description: URI of the glance-api service runing at the edge site.
     value: &glance_api_edge_uri
-      str_replace:
-        template:
-          "PROTOCOL://%{hiera('NETWORK_uri')}:9292"
-        params:
-          PROTOCOL:
-            if:
-            - internal_tls_enabled
-            - https
-            - http
-          NETWORK: {get_param: [ServiceNetMap, GlanceApiEdgeNetwork]}
+      if:
+      - internal_tls_enabled
+      - str_replace:
+          template:
+            "https://%{hiera('fqdn_NETWORK')}:9292"
+          params:
+            NETWORK: {get_param: [ServiceNetMap, GlanceApiEdgeNetwork]}
+      - str_replace:
+          template:
+            "http://%{hiera('NETWORK_uri')}:9292"
+          params:
+            NETWORK: {get_param: [ServiceNetMap, GlanceApiEdgeNetwork]}
 
   role_data:
     description: Role data for the HAproxy role for DCN/Edge.