From f254a2169dcdf74590bab90ef66b47ba69fdef87 Mon Sep 17 00:00:00 2001 From: James Slagle Date: Wed, 16 May 2018 16:54:44 +0000 Subject: [PATCH] Revert "Switch public endpoints to use FQDNs by default" This reverts commit 8e104b3c549118727b53c9825a438e799715b7f9. https://review.openstack.org/#/c/559926/ introduced requiring CloudName. This broke the documented deployment process. I also don't see how CloudName can be required, but CloudDomain can not. I don't see a technical reason why we can't keep the default as localdomain. If necessary, we can instead add a parameter validation instead of requiring the parameter. Closes-Bug: #1771627 Depends-On: Ia86842b0b1f42512f25390d6bdb695e0f8133c6d Change-Id: I2c5b511df50f29c63aa613899c2bebb506360bf4 --- .../predictable-placement/custom-domain.yaml | 3 +- .../krb-service-principals.j2.yaml | 1 + network/endpoints/build_endpoint_map.py | 2 +- network/endpoints/endpoint_map.yaml | 58 +++++++++---------- overcloud.j2.yaml | 1 + ...cloud-endpoints-FQDN-78797a6c34e31bd5.yaml | 11 ---- 6 files changed, 33 insertions(+), 43 deletions(-) delete mode 100644 releasenotes/notes/Overcloud-endpoints-FQDN-78797a6c34e31bd5.yaml diff --git a/environments/predictable-placement/custom-domain.yaml b/environments/predictable-placement/custom-domain.yaml index 25664d2500..28472fe30c 100644 --- a/environments/predictable-placement/custom-domain.yaml +++ b/environments/predictable-placement/custom-domain.yaml @@ -14,9 +14,8 @@ parameter_defaults: CloudDomain: localdomain # The DNS name of this cloud. E.g. ci-overcloud.tripleo.org - # Mandatory. This parameter must be set by the user. # Type: string - CloudName: + CloudName: overcloud.localdomain # The DNS name of this cloud's provisioning network endpoint. E.g. 'ci-overcloud.ctlplane.tripleo.org'. # Type: string diff --git a/extraconfig/nova_metadata/krb-service-principals.j2.yaml b/extraconfig/nova_metadata/krb-service-principals.j2.yaml index a3aabf561f..f8be39256f 100644 --- a/extraconfig/nova_metadata/krb-service-principals.j2.yaml +++ b/extraconfig/nova_metadata/krb-service-principals.j2.yaml @@ -9,6 +9,7 @@ parameters: {%- if network.name == 'External' %} # Special case the External hostname param, which is CloudName CloudName: + default: overcloud.localdomain description: The DNS name of this cloud. E.g. ci-overcloud.tripleo.org type: string {%- elif network.name == 'InternalApi' %} diff --git a/network/endpoints/build_endpoint_map.py b/network/endpoints/build_endpoint_map.py index d6845b340d..1f251d81e5 100755 --- a/network/endpoints/build_endpoint_map.py +++ b/network/endpoints/build_endpoint_map.py @@ -68,7 +68,7 @@ def endpoint_map_default(config): (F_PROTOCOL, str(svc[ep_type].get(F_PROTOCOL, svc.get(F_PROTOCOL, 'http')))), (F_PORT, str(svc[ep_type].get(F_PORT, svc[F_PORT]))), - (F_HOST, SUBST_IP_ADDRESS if ep_type != 'Public' else SUBST_CLOUDNAME), + (F_HOST, SUBST_IP_ADDRESS), ]) return ep_name + ep_type, values diff --git a/network/endpoints/endpoint_map.yaml b/network/endpoints/endpoint_map.yaml index 4666f637d0..2c0c8330f8 100644 --- a/network/endpoints/endpoint_map.yaml +++ b/network/endpoints/endpoint_map.yaml @@ -21,101 +21,101 @@ parameters: default: AodhAdmin: {protocol: http, port: '8042', host: IP_ADDRESS} AodhInternal: {protocol: http, port: '8042', host: IP_ADDRESS} - AodhPublic: {protocol: http, port: '8042', host: CLOUDNAME} + AodhPublic: {protocol: http, port: '8042', host: IP_ADDRESS} BarbicanAdmin: {protocol: http, port: '9311', host: IP_ADDRESS} BarbicanInternal: {protocol: http, port: '9311', host: IP_ADDRESS} - BarbicanPublic: {protocol: http, port: '9311', host: CLOUDNAME} + BarbicanPublic: {protocol: http, port: '9311', host: IP_ADDRESS} CeilometerAdmin: {protocol: http, port: '8777', host: IP_ADDRESS} CeilometerInternal: {protocol: http, port: '8777', host: IP_ADDRESS} - CeilometerPublic: {protocol: http, port: '8777', host: CLOUDNAME} + CeilometerPublic: {protocol: http, port: '8777', host: IP_ADDRESS} CephRgwAdmin: {protocol: http, port: '8080', host: IP_ADDRESS} CephRgwInternal: {protocol: http, port: '8080', host: IP_ADDRESS} - CephRgwPublic: {protocol: http, port: '8080', host: CLOUDNAME} + CephRgwPublic: {protocol: http, port: '8080', host: IP_ADDRESS} CinderAdmin: {protocol: http, port: '8776', host: IP_ADDRESS} CinderInternal: {protocol: http, port: '8776', host: IP_ADDRESS} - CinderPublic: {protocol: http, port: '8776', host: CLOUDNAME} + CinderPublic: {protocol: http, port: '8776', host: IP_ADDRESS} CongressAdmin: {protocol: http, port: '1789', host: IP_ADDRESS} CongressInternal: {protocol: http, port: '1789', host: IP_ADDRESS} - CongressPublic: {protocol: http, port: '1789', host: CLOUDNAME} + CongressPublic: {protocol: http, port: '1789', host: IP_ADDRESS} DesignateAdmin: {protocol: http, port: '9001', host: IP_ADDRESS} DesignateInternal: {protocol: http, port: '9001', host: IP_ADDRESS} - DesignatePublic: {protocol: http, port: '9001', host: CLOUDNAME} + DesignatePublic: {protocol: http, port: '9001', host: IP_ADDRESS} DockerRegistryInternal: {protocol: http, port: '8787', host: IP_ADDRESS} Ec2ApiAdmin: {protocol: http, port: '8788', host: IP_ADDRESS} Ec2ApiInternal: {protocol: http, port: '8788', host: IP_ADDRESS} - Ec2ApiPublic: {protocol: http, port: '8788', host: CLOUDNAME} + Ec2ApiPublic: {protocol: http, port: '8788', host: IP_ADDRESS} GaneshaInternal: {protocol: nfs, port: '2049', host: IP_ADDRESS} GlanceAdmin: {protocol: http, port: '9292', host: IP_ADDRESS} GlanceInternal: {protocol: http, port: '9292', host: IP_ADDRESS} - GlancePublic: {protocol: http, port: '9292', host: CLOUDNAME} + GlancePublic: {protocol: http, port: '9292', host: IP_ADDRESS} GnocchiAdmin: {protocol: http, port: '8041', host: IP_ADDRESS} GnocchiInternal: {protocol: http, port: '8041', host: IP_ADDRESS} - GnocchiPublic: {protocol: http, port: '8041', host: CLOUDNAME} + GnocchiPublic: {protocol: http, port: '8041', host: IP_ADDRESS} HeatAdmin: {protocol: http, port: '8004', host: IP_ADDRESS} HeatInternal: {protocol: http, port: '8004', host: IP_ADDRESS} - HeatPublic: {protocol: http, port: '8004', host: CLOUDNAME} + HeatPublic: {protocol: http, port: '8004', host: IP_ADDRESS} HeatUIConfig: {protocol: http, port: '3000', host: IP_ADDRESS} HeatCfnAdmin: {protocol: http, port: '8000', host: IP_ADDRESS} HeatCfnInternal: {protocol: http, port: '8000', host: IP_ADDRESS} - HeatCfnPublic: {protocol: http, port: '8000', host: CLOUDNAME} - HorizonPublic: {protocol: http, port: '80', host: CLOUDNAME} + HeatCfnPublic: {protocol: http, port: '8000', host: IP_ADDRESS} + HorizonPublic: {protocol: http, port: '80', host: IP_ADDRESS} IronicAdmin: {protocol: http, port: '6385', host: IP_ADDRESS} IronicInternal: {protocol: http, port: '6385', host: IP_ADDRESS} - IronicPublic: {protocol: http, port: '6385', host: CLOUDNAME} + IronicPublic: {protocol: http, port: '6385', host: IP_ADDRESS} IronicUIConfig: {protocol: http, port: '3000', host: IP_ADDRESS} IronicInspectorAdmin: {protocol: http, port: '5050', host: IP_ADDRESS} IronicInspectorInternal: {protocol: http, port: '5050', host: IP_ADDRESS} - IronicInspectorPublic: {protocol: http, port: '5050', host: CLOUDNAME} + IronicInspectorPublic: {protocol: http, port: '5050', host: IP_ADDRESS} IronicInspectorUIConfig: {protocol: http, port: '3000', host: IP_ADDRESS} KeystoneAdmin: {protocol: http, port: '35357', host: IP_ADDRESS} KeystoneInternal: {protocol: http, port: '5000', host: IP_ADDRESS} - KeystonePublic: {protocol: http, port: '5000', host: CLOUDNAME} + KeystonePublic: {protocol: http, port: '5000', host: IP_ADDRESS} KeystoneUIConfig: {protocol: http, port: '3000', host: IP_ADDRESS} ManilaAdmin: {protocol: http, port: '8786', host: IP_ADDRESS} ManilaInternal: {protocol: http, port: '8786', host: IP_ADDRESS} - ManilaPublic: {protocol: http, port: '8786', host: CLOUDNAME} + ManilaPublic: {protocol: http, port: '8786', host: IP_ADDRESS} MistralAdmin: {protocol: http, port: '8989', host: IP_ADDRESS} MistralInternal: {protocol: http, port: '8989', host: IP_ADDRESS} - MistralPublic: {protocol: http, port: '8989', host: CLOUDNAME} + MistralPublic: {protocol: http, port: '8989', host: IP_ADDRESS} MistralUIConfig: {protocol: http, port: '3000', host: IP_ADDRESS} MysqlInternal: {protocol: mysql+pymysql, port: '3306', host: IP_ADDRESS} NeutronAdmin: {protocol: http, port: '9696', host: IP_ADDRESS} NeutronInternal: {protocol: http, port: '9696', host: IP_ADDRESS} - NeutronPublic: {protocol: http, port: '9696', host: CLOUDNAME} + NeutronPublic: {protocol: http, port: '9696', host: IP_ADDRESS} NovaAdmin: {protocol: http, port: '8774', host: IP_ADDRESS} NovaInternal: {protocol: http, port: '8774', host: IP_ADDRESS} - NovaPublic: {protocol: http, port: '8774', host: CLOUDNAME} + NovaPublic: {protocol: http, port: '8774', host: IP_ADDRESS} NovaUIConfig: {protocol: http, port: '3000', host: IP_ADDRESS} NovaPlacementAdmin: {protocol: http, port: '8778', host: IP_ADDRESS} NovaPlacementInternal: {protocol: http, port: '8778', host: IP_ADDRESS} - NovaPlacementPublic: {protocol: http, port: '8778', host: CLOUDNAME} + NovaPlacementPublic: {protocol: http, port: '8778', host: IP_ADDRESS} NovaVNCProxyAdmin: {protocol: http, port: '6080', host: IP_ADDRESS} NovaVNCProxyInternal: {protocol: http, port: '6080', host: IP_ADDRESS} - NovaVNCProxyPublic: {protocol: http, port: '6080', host: CLOUDNAME} + NovaVNCProxyPublic: {protocol: http, port: '6080', host: IP_ADDRESS} OctaviaAdmin: {protocol: http, port: '9876', host: IP_ADDRESS} OctaviaInternal: {protocol: http, port: '9876', host: IP_ADDRESS} - OctaviaPublic: {protocol: http, port: '9876', host: CLOUDNAME} + OctaviaPublic: {protocol: http, port: '9876', host: IP_ADDRESS} OpenDaylightAdmin: {protocol: http, port: '8081', host: IP_ADDRESS} OpenDaylightInternal: {protocol: http, port: '8081', host: IP_ADDRESS} PankoAdmin: {protocol: http, port: '8977', host: IP_ADDRESS} PankoInternal: {protocol: http, port: '8977', host: IP_ADDRESS} - PankoPublic: {protocol: http, port: '8977', host: CLOUDNAME} + PankoPublic: {protocol: http, port: '8977', host: IP_ADDRESS} SaharaAdmin: {protocol: http, port: '8386', host: IP_ADDRESS} SaharaInternal: {protocol: http, port: '8386', host: IP_ADDRESS} - SaharaPublic: {protocol: http, port: '8386', host: CLOUDNAME} + SaharaPublic: {protocol: http, port: '8386', host: IP_ADDRESS} SwiftAdmin: {protocol: http, port: '8080', host: IP_ADDRESS} SwiftInternal: {protocol: http, port: '8080', host: IP_ADDRESS} - SwiftPublic: {protocol: http, port: '8080', host: CLOUDNAME} + SwiftPublic: {protocol: http, port: '8080', host: IP_ADDRESS} SwiftUIConfig: {protocol: http, port: '3000', host: IP_ADDRESS} TackerAdmin: {protocol: http, port: '9890', host: IP_ADDRESS} TackerInternal: {protocol: http, port: '9890', host: IP_ADDRESS} - TackerPublic: {protocol: http, port: '9890', host: CLOUDNAME} + TackerPublic: {protocol: http, port: '9890', host: IP_ADDRESS} ZaqarAdmin: {protocol: http, port: '8888', host: IP_ADDRESS} ZaqarInternal: {protocol: http, port: '8888', host: IP_ADDRESS} - ZaqarPublic: {protocol: http, port: '8888', host: CLOUDNAME} + ZaqarPublic: {protocol: http, port: '8888', host: IP_ADDRESS} ZaqarWebSocketAdmin: {protocol: ws, port: '9000', host: IP_ADDRESS} ZaqarWebSocketInternal: {protocol: ws, port: '9000', host: IP_ADDRESS} - ZaqarWebSocketPublic: {protocol: ws, port: '9000', host: CLOUDNAME} + ZaqarWebSocketPublic: {protocol: ws, port: '9000', host: IP_ADDRESS} ZaqarWebSocketUIConfig: {protocol: ws, port: '3000', host: IP_ADDRESS} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. diff --git a/overcloud.j2.yaml b/overcloud.j2.yaml index d5693ec94f..61a7401656 100644 --- a/overcloud.j2.yaml +++ b/overcloud.j2.yaml @@ -25,6 +25,7 @@ parameters: {%- if network.name == 'External' %} # Special case the External hostname param, which is CloudName CloudName: + default: overcloud.localdomain description: The DNS name of this cloud. E.g. ci-overcloud.tripleo.org type: string {%- elif network.name == 'InternalApi' %} diff --git a/releasenotes/notes/Overcloud-endpoints-FQDN-78797a6c34e31bd5.yaml b/releasenotes/notes/Overcloud-endpoints-FQDN-78797a6c34e31bd5.yaml deleted file mode 100644 index 64f2ad0836..0000000000 --- a/releasenotes/notes/Overcloud-endpoints-FQDN-78797a6c34e31bd5.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -features: - - | - CloudName is now a required parameter. Given that FQDNs are now the - default instead of IP addresses, to avoid people using the localdomain - (which used to be the default for domain for CloudName), we now remove - the default, and require folks to set their own. - - | - The overcloud endpoints now point to FQDNs instead of IP addresses. - This was done as part of the public TLS by default work, and is needed - since the certificates have FQDNs for SubjectAltNames.