From a4f13730100dba25112d0a1bb494e00bda14cb80 Mon Sep 17 00:00:00 2001
From: Matthew Mosesohn <mmosesohn@mirantis.com>
Date: Wed, 24 Feb 2016 12:23:10 +0300
Subject: [PATCH] Point haproxy on controllers to service_endpoint vip for
 keystone

Keystone on controllers are used to proxy traffic to public_vip
so that public SSL works. Now traffic will proxy to haproxy on
separate-keystone HAProxy and then to keystone backed by apache.

This change enables a deployer to remove any given keystone node,
but keep HAproxy reporting as UP because plugins cannot trigger
controller redeploy.

Change-Id: If54c7d4f9cf069fc932b354ce6f263d5a87b3969
Partial-Bug: #1544023
---
 deployment_scripts/keystone-controller.pp | 14 +++++---------
 1 file changed, 5 insertions(+), 9 deletions(-)

diff --git a/deployment_scripts/keystone-controller.pp b/deployment_scripts/keystone-controller.pp
index ceafe5d..33b6956 100644
--- a/deployment_scripts/keystone-controller.pp
+++ b/deployment_scripts/keystone-controller.pp
@@ -20,19 +20,16 @@ $ssl_hash = hiera_hash('use_ssl', {})
 $public_ssl = get_ssl_property($ssl_hash, $public_ssl_hash, 'keystone', 'public', 'usage', false)
 $public_ssl_path = get_ssl_property($ssl_hash, $public_ssl_hash, 'keystone', 'public', 'path', [''])
 
-#todo(sv): change to 'keystone' as soon as keystone as node-role was ready
-$keystones_address_map = get_node_to_ipaddr_map_by_network_role(get_nodes_hash_by_roles($network_metadata, ['primary-standalone-keystone', 'standalone-keystone']), 'keystone/api')
-
 $public_protocol = get_ssl_property($ssl_hash, $public_ssl_hash, 'keystone', 'public', 'protocol', 'http')
 $public_address  = get_ssl_property($ssl_hash, $public_ssl_hash, 'keystone', 'public', 'hostname', [$public_vip])
 $public_port     = '5000'
 
 $internal_protocol = get_ssl_property($ssl_hash, {}, 'keystone', 'internal', 'protocol', 'http')
-$internal_address  = get_ssl_property($ssl_hash, {}, 'keystone', 'internal', 'hostname', [$service_endpoint, $management_vip])
+$internal_address  = get_ssl_property($ssl_hash, {}, 'keystone', 'internal', 'hostname', [$management_vip])
 $internal_port     = '5000'
 
 $admin_protocol = get_ssl_property($ssl_hash, {}, 'keystone', 'admin', 'protocol', 'http')
-$admin_address  = get_ssl_property($ssl_hash, {}, 'keystone', 'admin', 'hostname', [$service_endpoint, $management_vip])
+$admin_address  = get_ssl_property($ssl_hash, {}, 'keystone', 'admin', 'hostname', [$management_vip])
 $admin_port     = '35357'
 
 $public_url   = "${public_protocol}://${public_address}:${public_port}"
@@ -59,10 +56,9 @@ class { 'openstack::auth_file':
 }
 
 # Enable keystone HAProxy on controller so public VIP can be used
-$server_names        = pick(hiera_array('keystone_names', undef),
-                            keys($keystones_address_map))
-$ipaddresses         = pick(hiera_array('keystone_ipaddresses', undef),
-                            values($keystones_address_map))
+$server_names        = [$service_endpoint]
+$ipaddresses         = [$service_endpoint]
+
 # configure keystone ha proxy
 class { '::openstack::ha::keystone':
   internal_virtual_ip => $management_vip,