Merge "Map Keystone services to isolated networks"

diff --git a/overcloud-resource-registry-puppet.yaml b/overcloud-resource-registry-puppet.yaml
index 1967646..db556e8 100644 (file)
--- a/overcloud-resource-registry-puppet.yaml
+++ b/overcloud-resource-registry-puppet.yaml
@@ -72,3 +72,5 @@ parameter_defaults:
     CinderIscsiNetwork: storage
     GlanceApiNetwork: storage
     GlanceRegistryNetwork: internal_api
+    KeystoneAdminApiNetwork: internal_api
+    KeystonePublicApiNetwork: external

diff --git a/puppet/controller-puppet.yaml b/puppet/controller-puppet.yaml
index 5cb57a7..3437c29 100644 (file)
--- a/puppet/controller-puppet.yaml
+++ b/puppet/controller-puppet.yaml
@@ -810,8 +810,8 @@ resources:
                 keystone_ssl_certificate: {get_input: keystone_ssl_certificate}
                 keystone_ssl_certificate_key: {get_input: keystone_ssl_certificate_key}
                 keystone::database_connection: {get_input: keystone_dsn}
-                keystone::public_bind_host: {get_input: controller_host}
-                keystone::admin_bind_host: {get_input: controller_host}
+                keystone::public_bind_host: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]}
+                keystone::admin_bind_host: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]}
                 keystone::debug: {get_input: debug}
                 # MongoDB
                 mongodb::server::bind_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MongoDbNetwork]}]}