diff options
| author |   Dan Prince <dprince@redhat.com> | 2015-07-23 22:19:25 -0400 |
|---|---|---|
| committer | Dan Prince <dprince@redhat.com> | 2015-09-05 07:29:13 -0400 |
| commit | ffd071417f1ab5f610847d254f03811b4a3ad3b7 (patch) | |
| tree | b28b46d96b2f50b61a80ed19ddcbfa253164c692 /puppet | |
| parent | f498e7f3c05f1d7df34251a2c16d870f7d12d521 (diff) | |
Keystone network isolation fixes
This patch adds explicit nested stack parameters to
help manage use of the Keystone Admin API vs. the
Keystone Public API.
We also add a new output parameter specifically for the Keystone admin
API VIP. This can be useful when configuring keystone endpoints
with network isolation.
Change-Id: I2bd3e61570151e2faeee14ee09b03ad0b3208cc1
Diffstat (limited to 'puppet')
| -rw-r--r-- | puppet/compute-puppet.yaml | 9 | ||||
| -rw-r--r-- | puppet/controller-puppet.yaml | 7 |
2 files changed, 11 insertions, 5 deletions
diff --git a/puppet/compute-puppet.yaml b/puppet/compute-puppet.yaml index 3d5c9345..0e6db3d6 100644 --- a/puppet/compute-puppet.yaml +++ b/puppet/compute-puppet.yaml @@ -70,9 +70,12 @@ parameters: default: default constraints: - custom_constraint: nova.keypair - KeystoneHost: + KeystoneAdminApiVirtualIP: type: string default: '' + KeystonePublicApiVirtualIP: + type: string + default: '' NeutronBridgeMappings: description: > The OVS logical->physical bridge mappings to use. See the Neutron @@ -411,7 +414,7 @@ resources: list_join: - '' - - 'http://' - - {get_param: KeystoneHost} + - {get_param: KeystonePublicApiVirtualIP} - ':5000/v2.0' snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName} snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword} @@ -472,7 +475,7 @@ resources: list_join: - '' - - 'http://' - - {get_param: NeutronHost} + - {get_param: KeystoneAdminApiVirtualIP} - ':35357/v2.0' admin_password: {get_param: AdminPassword} rabbit_username: {get_param: RabbitUserName} diff --git a/puppet/controller-puppet.yaml b/puppet/controller-puppet.yaml index b59bcfc7..a69c22e4 100644 --- a/puppet/controller-puppet.yaml +++ b/puppet/controller-puppet.yaml @@ -491,6 +491,9 @@ parameters: MysqlVirtualIP: type: string default: '' + KeystoneAdminApiVirtualIP: + type: string + default: '' KeystonePublicApiVirtualIP: type: string default: '' @@ -697,7 +700,7 @@ resources: list_join: - '' - - 'http://' - - {get_param: KeystonePublicApiVirtualIP} + - {get_param: KeystoneAdminApiVirtualIP} - ':35357/' keystone_auth_uri: list_join: @@ -783,7 +786,7 @@ resources: list_join: - '' - - 'http://' - - {get_param: KeystonePublicApiVirtualIP} + - {get_param: KeystoneAdminApiVirtualIP} - ':35357/v2.0' ceilometer_backend: {get_param: CeilometerBackend} ceilometer_metering_secret: {get_param: CeilometerMeteringSecret} |