From ffd071417f1ab5f610847d254f03811b4a3ad3b7 Mon Sep 17 00:00:00 2001
From: Dan Prince <dprince@redhat.com>
Date: Thu, 23 Jul 2015 22:19:25 -0400
Subject: Keystone network isolation fixes

This patch adds explicit nested stack parameters to
help manage use of the Keystone Admin API vs. the
Keystone Public API.

We also add a new output parameter specifically for the Keystone admin
API VIP. This can be useful when configuring keystone endpoints
with network isolation.

Change-Id: I2bd3e61570151e2faeee14ee09b03ad0b3208cc1
---
 puppet/compute-puppet.yaml    | 9 ++++++---
 puppet/controller-puppet.yaml | 7 +++++--
 2 files changed, 11 insertions(+), 5 deletions(-)

(limited to 'puppet')

diff --git a/puppet/compute-puppet.yaml b/puppet/compute-puppet.yaml
index 3d5c9345..0e6db3d6 100644
--- a/puppet/compute-puppet.yaml
+++ b/puppet/compute-puppet.yaml
@@ -70,9 +70,12 @@ parameters:
     default: default
     constraints:
       - custom_constraint: nova.keypair
-  KeystoneHost:
+  KeystoneAdminApiVirtualIP:
     type: string
     default: ''
+  KeystonePublicApiVirtualIP:
+     type: string
+     default: ''
   NeutronBridgeMappings:
     description: >
       The OVS logical->physical bridge mappings to use. See the Neutron
@@ -411,7 +414,7 @@ resources:
           list_join:
             - ''
             - - 'http://'
-              - {get_param: KeystoneHost}
+              - {get_param: KeystonePublicApiVirtualIP}
               - ':5000/v2.0'
         snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName}
         snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword}
@@ -472,7 +475,7 @@ resources:
           list_join:
             - ''
             - - 'http://'
-              - {get_param: NeutronHost}
+              - {get_param: KeystoneAdminApiVirtualIP}
               - ':35357/v2.0'
         admin_password: {get_param: AdminPassword}
         rabbit_username: {get_param: RabbitUserName}
diff --git a/puppet/controller-puppet.yaml b/puppet/controller-puppet.yaml
index b59bcfc7..a69c22e4 100644
--- a/puppet/controller-puppet.yaml
+++ b/puppet/controller-puppet.yaml
@@ -491,6 +491,9 @@ parameters:
   MysqlVirtualIP:
     type: string
     default: ''
+  KeystoneAdminApiVirtualIP:
+    type: string
+    default: ''
   KeystonePublicApiVirtualIP:
     type: string
     default: ''
@@ -697,7 +700,7 @@ resources:
           list_join:
             - ''
             - - 'http://'
-              - {get_param: KeystonePublicApiVirtualIP}
+              - {get_param: KeystoneAdminApiVirtualIP}
               - ':35357/'
         keystone_auth_uri:
           list_join:
@@ -783,7 +786,7 @@ resources:
           list_join:
             - ''
             - - 'http://'
-              - {get_param: KeystonePublicApiVirtualIP}
+              - {get_param: KeystoneAdminApiVirtualIP}
               - ':35357/v2.0'
         ceilometer_backend: {get_param: CeilometerBackend}
         ceilometer_metering_secret: {get_param: CeilometerMeteringSecret}
-- 
cgit 1.2.3-korg