diff options
author | Dan Sneddon <dsneddon@redhat.com> | 2015-05-26 17:54:01 -0700 |
---|---|---|
committer | Dan Sneddon <dsneddon@redhat.com> | 2015-05-26 23:34:57 -0700 |
commit | 8072ae85082dd060d1cb8e3bcba76da8372ed593 (patch) | |
tree | e2960aecd56b976e5aaac7daaad153a651d6fec6 | |
parent | 93c488e50591d0b4994b52d4cc91e9bcc954fef4 (diff) |
Map Keystone services to isolated networks
This change adds parameters to specify which networks the Keystone API
services will use. If the external network exists, Keystone will bind to
the IP on that network for the public API, otherwise it will default to
the IP on the Undercloud 'ctlplane' network. If the internal_api network
exists it will be used for the Keystone Admin API, otherwise it will
default to the 'ctlplane' IP. The networks these APIs are bound to can
be overridden in an environment file.
Change-Id: I6694ef6ca3b9b7afbde5d4f9d173723b9ce71b20
-rw-r--r-- | overcloud-resource-registry-puppet.yaml | 2 | ||||
-rw-r--r-- | puppet/controller-puppet.yaml | 4 |
2 files changed, 4 insertions, 2 deletions
diff --git a/overcloud-resource-registry-puppet.yaml b/overcloud-resource-registry-puppet.yaml index 1967646c..db556e80 100644 --- a/overcloud-resource-registry-puppet.yaml +++ b/overcloud-resource-registry-puppet.yaml @@ -72,3 +72,5 @@ parameter_defaults: CinderIscsiNetwork: storage GlanceApiNetwork: storage GlanceRegistryNetwork: internal_api + KeystoneAdminApiNetwork: internal_api + KeystonePublicApiNetwork: external diff --git a/puppet/controller-puppet.yaml b/puppet/controller-puppet.yaml index 3f134d87..ca650979 100644 --- a/puppet/controller-puppet.yaml +++ b/puppet/controller-puppet.yaml @@ -798,8 +798,8 @@ resources: keystone_ssl_certificate: {get_input: keystone_ssl_certificate} keystone_ssl_certificate_key: {get_input: keystone_ssl_certificate_key} keystone::database_connection: {get_input: keystone_dsn} - keystone::public_bind_host: {get_input: controller_host} - keystone::admin_bind_host: {get_input: controller_host} + keystone::public_bind_host: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]} + keystone::admin_bind_host: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]} keystone::debug: {get_input: debug} # MongoDB mongodb::server::bind_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MongoDbNetwork]}]} |