Change stx-openstack services token validation endpoint

If no interface is set, the default is the admin interface. In a normal deployment both openstack-keystone admin and internal endpoints are exposed on the same URL. In case of Distributed Cloud openstack-keystone URL for admin is overriden to something different than internal URL. Due to lack of interface, the default `admin` is used, yet the URL is set to the interal one. The config doesn't point to a valid Keystone service. Thus Cinder, Nova and Nova-api-proxy cannot validate tokens. Modify configs for services to point to the internal keystone service. Closes-Bug: 1875914 Change-Id: I19385f1fe27cf8f20f5ee7b43abf86b220c9d8d6 Signed-off-by: Dan Voiculeasa <dan.voiculeasa@windriver.com>
2020-06-11 12:09:13 +03:00 · 2020-06-11 12:09:13 +03:00 · ce81e5bcea
parent 949dd5aa77
commit ce81e5bcea
1 changed files with 6 additions and 0 deletions
--- a/stx-openstack-helm/stx-openstack-helm/manifests/manifest.yaml
+++ b/stx-openstack-helm/stx-openstack-helm/manifests/manifest.yaml
@ -775,6 +775,8 @@ data:
        DEFAULT:
          backup_driver: cinder.backup.drivers.ceph.CephBackupDriver
          osapi_volume_listen: "::"
+        keystone_authtoken:
+          interface: internal
    storage: rbd
  source:
    type: tar
@ -1035,6 +1037,8 @@ data:
          metadata_listen: "::"
          metadata_host: "::"
          my_ip: "::"
+        keystone_authtoken:
+          interface: internal
        vnc:
          novncproxy_host: "::"
          vncserver_listen: "::"
@ -1248,6 +1252,8 @@ data:
        DEFAULT:
          osapi_proxy_listen: "::"
          nfvi_compute_listen: "::"
+        keystone_authtoken:
+          interface: internal
  source:
    type: tar
    location: http://172.17.0.1/helm_charts/starlingx/nova-api-proxy-0.1.0.tgz