Keystone network isolation fixes
This patch adds explicit nested stack parameters to help manage use of the Keystone Admin API vs. the Keystone Public API. We also add a new output parameter specifically for the Keystone admin API VIP. This can be useful when configuring keystone endpoints with network isolation. Change-Id: I2bd3e61570151e2faeee14ee09b03ad0b3208cc1
This commit is contained in:
Dan Prince
parent
f498e7f3c0
commit
ffd071417f
@ -102,7 +102,10 @@ parameters:
|
|||||||
default: default
|
default: default
|
||||||
constraints:
|
constraints:
|
||||||
- custom_constraint: nova.keypair
|
- custom_constraint: nova.keypair
|
||||||
KeystoneHost:
|
KeystoneAdminApiVirtualIP:
|
||||||
|
type: string
|
||||||
|
default: ''
|
||||||
|
KeystonePublicApiVirtualIP:
|
||||||
type: string
|
type: string
|
||||||
default: ''
|
default: ''
|
||||||
NeutronBridgeMappings:
|
NeutronBridgeMappings:
|
||||||
@ -409,7 +412,7 @@ resources:
|
|||||||
glance_host: {get_param: GlanceHost}
|
glance_host: {get_param: GlanceHost}
|
||||||
glance_port: {get_param: GlancePort}
|
glance_port: {get_param: GlancePort}
|
||||||
glance_protocol: {get_param: GlanceProtocol}
|
glance_protocol: {get_param: GlanceProtocol}
|
||||||
keystone_host: {get_param: KeystoneHost}
|
keystone_host: {get_param: KeystonePublicApiVirtualIP}
|
||||||
neutron_flat_networks: {get_param: NeutronFlatNetworks}
|
neutron_flat_networks: {get_param: NeutronFlatNetworks}
|
||||||
neutron_host: {get_param: NeutronHost}
|
neutron_host: {get_param: NeutronHost}
|
||||||
neutron_local_ip: {get_attr: [NovaCompute, networks, ctlplane, 0]}
|
neutron_local_ip: {get_attr: [NovaCompute, networks, ctlplane, 0]}
|
||||||
|
|||||||
@ -515,6 +515,9 @@ parameters:
|
|||||||
MysqlVirtualIP:
|
MysqlVirtualIP:
|
||||||
type: string
|
type: string
|
||||||
default: ''
|
default: ''
|
||||||
|
KeystoneAdminApiVirtualIP:
|
||||||
|
type: string
|
||||||
|
default: ''
|
||||||
KeystonePublicApiVirtualIP:
|
KeystonePublicApiVirtualIP:
|
||||||
type: string
|
type: string
|
||||||
default: ''
|
default: ''
|
||||||
|
|||||||
@ -826,6 +826,7 @@ resources:
|
|||||||
HeatApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, HeatApiNetwork]}]}
|
HeatApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, HeatApiNetwork]}]}
|
||||||
GlanceApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]}
|
GlanceApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]}
|
||||||
MysqlVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, MysqlNetwork]}]}
|
MysqlVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, MysqlNetwork]}]}
|
||||||
|
KeystoneAdminApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]}
|
||||||
KeystonePublicApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]}
|
KeystonePublicApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]}
|
||||||
NeutronApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]}
|
NeutronApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]}
|
||||||
UpdateIdentifier: {get_param: UpdateIdentifier}
|
UpdateIdentifier: {get_param: UpdateIdentifier}
|
||||||
@ -858,7 +859,8 @@ resources:
|
|||||||
Image: {get_param: NovaImage}
|
Image: {get_param: NovaImage}
|
||||||
ImageUpdatePolicy: {get_param: ImageUpdatePolicy}
|
ImageUpdatePolicy: {get_param: ImageUpdatePolicy}
|
||||||
KeyName: {get_param: KeyName}
|
KeyName: {get_param: KeyName}
|
||||||
KeystoneHost: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]}
|
KeystoneAdminApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]}
|
||||||
|
KeystonePublicApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]}
|
||||||
NeutronBridgeMappings: {get_param: NeutronBridgeMappings}
|
NeutronBridgeMappings: {get_param: NeutronBridgeMappings}
|
||||||
NeutronEnableTunnelling: {get_param: NeutronEnableTunnelling}
|
NeutronEnableTunnelling: {get_param: NeutronEnableTunnelling}
|
||||||
NeutronFlatNetworks: {get_param: NeutronFlatNetworks}
|
NeutronFlatNetworks: {get_param: NeutronFlatNetworks}
|
||||||
@ -1297,6 +1299,9 @@ outputs:
|
|||||||
- - http://
|
- - http://
|
||||||
- {get_attr: [PublicVirtualIP, ip_address]}
|
- {get_attr: [PublicVirtualIP, ip_address]}
|
||||||
- :5000/v2.0/
|
- :5000/v2.0/
|
||||||
|
KeystoneAdminVip:
|
||||||
|
description: Keystone Admin VIP endpoint
|
||||||
|
value: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]}
|
||||||
PublicVip:
|
PublicVip:
|
||||||
description: Controller VIP for public API endpoints
|
description: Controller VIP for public API endpoints
|
||||||
value: {get_attr: [PublicVirtualIP, ip_address]}
|
value: {get_attr: [PublicVirtualIP, ip_address]}
|
||||||
|
|||||||
@ -70,7 +70,10 @@ parameters:
|
|||||||
default: default
|
default: default
|
||||||
constraints:
|
constraints:
|
||||||
- custom_constraint: nova.keypair
|
- custom_constraint: nova.keypair
|
||||||
KeystoneHost:
|
KeystoneAdminApiVirtualIP:
|
||||||
|
type: string
|
||||||
|
default: ''
|
||||||
|
KeystonePublicApiVirtualIP:
|
||||||
type: string
|
type: string
|
||||||
default: ''
|
default: ''
|
||||||
NeutronBridgeMappings:
|
NeutronBridgeMappings:
|
||||||
@ -411,7 +414,7 @@ resources:
|
|||||||
list_join:
|
list_join:
|
||||||
- ''
|
- ''
|
||||||
- - 'http://'
|
- - 'http://'
|
||||||
- {get_param: KeystoneHost}
|
- {get_param: KeystonePublicApiVirtualIP}
|
||||||
- ':5000/v2.0'
|
- ':5000/v2.0'
|
||||||
snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName}
|
snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName}
|
||||||
snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword}
|
snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword}
|
||||||
@ -472,7 +475,7 @@ resources:
|
|||||||
list_join:
|
list_join:
|
||||||
- ''
|
- ''
|
||||||
- - 'http://'
|
- - 'http://'
|
||||||
- {get_param: NeutronHost}
|
- {get_param: KeystoneAdminApiVirtualIP}
|
||||||
- ':35357/v2.0'
|
- ':35357/v2.0'
|
||||||
admin_password: {get_param: AdminPassword}
|
admin_password: {get_param: AdminPassword}
|
||||||
rabbit_username: {get_param: RabbitUserName}
|
rabbit_username: {get_param: RabbitUserName}
|
||||||
|
|||||||
@ -491,6 +491,9 @@ parameters:
|
|||||||
MysqlVirtualIP:
|
MysqlVirtualIP:
|
||||||
type: string
|
type: string
|
||||||
default: ''
|
default: ''
|
||||||
|
KeystoneAdminApiVirtualIP:
|
||||||
|
type: string
|
||||||
|
default: ''
|
||||||
KeystonePublicApiVirtualIP:
|
KeystonePublicApiVirtualIP:
|
||||||
type: string
|
type: string
|
||||||
default: ''
|
default: ''
|
||||||
@ -697,7 +700,7 @@ resources:
|
|||||||
list_join:
|
list_join:
|
||||||
- ''
|
- ''
|
||||||
- - 'http://'
|
- - 'http://'
|
||||||
- {get_param: KeystonePublicApiVirtualIP}
|
- {get_param: KeystoneAdminApiVirtualIP}
|
||||||
- ':35357/'
|
- ':35357/'
|
||||||
keystone_auth_uri:
|
keystone_auth_uri:
|
||||||
list_join:
|
list_join:
|
||||||
@ -783,7 +786,7 @@ resources:
|
|||||||
list_join:
|
list_join:
|
||||||
- ''
|
- ''
|
||||||
- - 'http://'
|
- - 'http://'
|
||||||
- {get_param: KeystonePublicApiVirtualIP}
|
- {get_param: KeystoneAdminApiVirtualIP}
|
||||||
- ':35357/v2.0'
|
- ':35357/v2.0'
|
||||||
ceilometer_backend: {get_param: CeilometerBackend}
|
ceilometer_backend: {get_param: CeilometerBackend}
|
||||||
ceilometer_metering_secret: {get_param: CeilometerMeteringSecret}
|
ceilometer_metering_secret: {get_param: CeilometerMeteringSecret}
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user