standalone/undercloud - post: use EndpointMap to fetch Keystone URL
Using EndpointMap to ensure we get the hostname/fqdn if possible
otherwise it fallbacks to the IP for Keystone public endpoint.
This is useful when the operator uses a certificate based on
hostname/fqdn and not an IP address.
Closes-Bug #1763776
Change-Id: Ifa9d55cca90caf5be0c83507cb47447e25311fce
(cherry picked from commit 016279b71e
)
This commit is contained in:
parent
dd200499de
commit
ed5f481aa6
|
@ -3,6 +3,11 @@ heat_template_version: rocky
|
||||||
parameters:
|
parameters:
|
||||||
servers:
|
servers:
|
||||||
type: json
|
type: json
|
||||||
|
EndpointMap:
|
||||||
|
default: {}
|
||||||
|
description: Mapping of service endpoint -> protocol. Typically set
|
||||||
|
via parameter_defaults in the resource registry.
|
||||||
|
type: json
|
||||||
|
|
||||||
resources:
|
resources:
|
||||||
|
|
||||||
|
|
|
@ -213,6 +213,7 @@ resources:
|
||||||
type: OS::TripleO::NodeExtraConfigPost
|
type: OS::TripleO::NodeExtraConfigPost
|
||||||
properties:
|
properties:
|
||||||
servers: {get_param: [servers, {{role.name}}]}
|
servers: {get_param: [servers, {{role.name}}]}
|
||||||
|
EndpointMap: {get_param: EndpointMap}
|
||||||
|
|
||||||
# The {{role.name}}PostConfig steps are in charge of
|
# The {{role.name}}PostConfig steps are in charge of
|
||||||
# quiescing all services, i.e. in the Controller case,
|
# quiescing all services, i.e. in the Controller case,
|
||||||
|
|
|
@ -3,3 +3,8 @@ description: 'Extra Post Deployment Config'
|
||||||
parameters:
|
parameters:
|
||||||
servers:
|
servers:
|
||||||
type: json
|
type: json
|
||||||
|
EndpointMap:
|
||||||
|
default: {}
|
||||||
|
description: Mapping of service endpoint -> protocol. Typically set
|
||||||
|
via parameter_defaults in the resource registry.
|
||||||
|
type: json
|
||||||
|
|
|
@ -17,17 +17,6 @@ parameters:
|
||||||
type: string
|
type: string
|
||||||
description: The password for the keystone admin account, used for monitoring, querying neutron etc.
|
description: The password for the keystone admin account, used for monitoring, querying neutron etc.
|
||||||
hidden: True
|
hidden: True
|
||||||
SSLCertificate:
|
|
||||||
description: >
|
|
||||||
The content of the SSL certificate (without Key) in PEM format.
|
|
||||||
type: string
|
|
||||||
default: ""
|
|
||||||
hidden: True
|
|
||||||
PublicSSLCertificateAutogenerated:
|
|
||||||
default: false
|
|
||||||
description: >
|
|
||||||
Whether the public SSL certificate was autogenerated or not.
|
|
||||||
type: boolean
|
|
||||||
KeystoneRegion:
|
KeystoneRegion:
|
||||||
type: string
|
type: string
|
||||||
default: 'regionOne'
|
default: 'regionOne'
|
||||||
|
@ -40,18 +29,11 @@ parameters:
|
||||||
type: string
|
type: string
|
||||||
description: The python interpreter to use for python and ansible actions
|
description: The python interpreter to use for python and ansible actions
|
||||||
default: /usr/bin/python
|
default: /usr/bin/python
|
||||||
|
EndpointMap:
|
||||||
conditions:
|
default: {}
|
||||||
|
description: Mapping of service endpoint -> protocol. Typically set
|
||||||
tls_enabled:
|
via parameter_defaults in the resource registry.
|
||||||
or:
|
type: json
|
||||||
- not:
|
|
||||||
equals:
|
|
||||||
- {get_param: SSLCertificate}
|
|
||||||
- ""
|
|
||||||
- equals:
|
|
||||||
- {get_param: PublicSSLCertificateAutogenerated}
|
|
||||||
- true
|
|
||||||
|
|
||||||
resources:
|
resources:
|
||||||
|
|
||||||
|
@ -108,19 +90,7 @@ resources:
|
||||||
config: {get_resource: CloudsYamlConfig}
|
config: {get_resource: CloudsYamlConfig}
|
||||||
input_values:
|
input_values:
|
||||||
admin_password: {get_param: AdminPassword}
|
admin_password: {get_param: AdminPassword}
|
||||||
auth_url:
|
auth_url: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix]}
|
||||||
if:
|
|
||||||
- tls_enabled
|
|
||||||
- make_url:
|
|
||||||
scheme: https
|
|
||||||
host: {get_param: [DeployedServerPortMap, 'public_virtual_ip', fixed_ips, 0, ip_address]}
|
|
||||||
port: 13000
|
|
||||||
path: /
|
|
||||||
- make_url:
|
|
||||||
scheme: http
|
|
||||||
host: {get_param: [DeployedServerPortMap, 'control_virtual_ip', fixed_ips, 0, ip_address]}
|
|
||||||
port: 5000
|
|
||||||
path: /
|
|
||||||
cloud_name: {get_param: StandaloneCloudName}
|
cloud_name: {get_param: StandaloneCloudName}
|
||||||
home_dir: {get_param: StandaloneHomeDir}
|
home_dir: {get_param: StandaloneHomeDir}
|
||||||
identity_api_version: 3
|
identity_api_version: 3
|
||||||
|
|
|
@ -79,6 +79,11 @@ parameters:
|
||||||
type: string
|
type: string
|
||||||
default: 'undercloud'
|
default: 'undercloud'
|
||||||
description: Cloud name for the clouds.yaml
|
description: Cloud name for the clouds.yaml
|
||||||
|
EndpointMap:
|
||||||
|
default: {}
|
||||||
|
description: Mapping of service endpoint -> protocol. Typically set
|
||||||
|
via parameter_defaults in the resource registry.
|
||||||
|
type: json
|
||||||
|
|
||||||
conditions:
|
conditions:
|
||||||
|
|
||||||
|
@ -130,20 +135,7 @@ resources:
|
||||||
- ca_file_enabled
|
- ca_file_enabled
|
||||||
- {get_param: InternalTLSCAFile}
|
- {get_param: InternalTLSCAFile}
|
||||||
- ''
|
- ''
|
||||||
# if SSL is enabled we use the public virtual ip as the stackrc endpoint
|
auth_url: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix]}
|
||||||
auth_url:
|
|
||||||
if:
|
|
||||||
- tls_enabled
|
|
||||||
- make_url:
|
|
||||||
scheme: https
|
|
||||||
host: {get_param: [DeployedServerPortMap, 'public_virtual_ip', fixed_ips, 0, ip_address]}
|
|
||||||
port: 13000
|
|
||||||
path: /
|
|
||||||
- make_url:
|
|
||||||
scheme: http
|
|
||||||
host: {get_param: [DeployedServerPortMap, 'control_virtual_ip', fixed_ips, 0, ip_address]}
|
|
||||||
port: 5000
|
|
||||||
path: /
|
|
||||||
|
|
||||||
CloudsYamlConfig:
|
CloudsYamlConfig:
|
||||||
type: OS::Heat::SoftwareConfig
|
type: OS::Heat::SoftwareConfig
|
||||||
|
@ -170,19 +162,7 @@ resources:
|
||||||
config: {get_resource: CloudsYamlConfig}
|
config: {get_resource: CloudsYamlConfig}
|
||||||
input_values:
|
input_values:
|
||||||
admin_password: {get_param: AdminPassword}
|
admin_password: {get_param: AdminPassword}
|
||||||
auth_url:
|
auth_url: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix]}
|
||||||
if:
|
|
||||||
- tls_enabled
|
|
||||||
- make_url:
|
|
||||||
scheme: https
|
|
||||||
host: {get_param: [DeployedServerPortMap, 'public_virtual_ip', fixed_ips, 0, ip_address]}
|
|
||||||
port: 13000
|
|
||||||
path: /
|
|
||||||
- make_url:
|
|
||||||
scheme: http
|
|
||||||
host: {get_param: [DeployedServerPortMap, 'control_virtual_ip', fixed_ips, 0, ip_address]}
|
|
||||||
port: 5000
|
|
||||||
path: /
|
|
||||||
cloud_name: {get_param: UndercloudCloudName}
|
cloud_name: {get_param: UndercloudCloudName}
|
||||||
home_dir: {get_param: UndercloudHomeDir}
|
home_dir: {get_param: UndercloudHomeDir}
|
||||||
identity_api_version: 3
|
identity_api_version: 3
|
||||||
|
|
|
@ -0,0 +1,7 @@
|
||||||
|
---
|
||||||
|
other:
|
||||||
|
- |
|
||||||
|
The EndpointMap parameter is now required by post_deploy templates.
|
||||||
|
So if an user overrides OS::TripleO::NodeExtraConfigPost with another
|
||||||
|
template, the template would need to have EndpointMap parameter to work
|
||||||
|
fine.
|
Loading…
Reference in New Issue