Code Review / apex-tripleo-heat-templates.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: 93c488e)
Map Keystone services to isolated networks
authorDan Sneddon <dsneddon@redhat.com>
Wed, 27 May 2015 00:54:01 +0000 (17:54 -0700)
committerDan Sneddon <dsneddon@redhat.com>
Wed, 27 May 2015 06:34:57 +0000 (23:34 -0700)
This change adds parameters to specify which networks the Keystone API
services will use. If the external network exists, Keystone will bind to
the IP on that network for the public API, otherwise it will default to
the IP on the Undercloud 'ctlplane' network. If the internal_api network
exists it will be used for the Keystone Admin API, otherwise it will
default to the 'ctlplane' IP. The networks these APIs are bound to can
be overridden in an environment file.

Change-Id: I6694ef6ca3b9b7afbde5d4f9d173723b9ce71b20

overcloud-resource-registry-puppet.yaml patch | blob | history
puppet/controller-puppet.yaml patch | blob | history

diff --git a/overcloud-resource-registry-puppet.yaml b/overcloud-resource-registry-puppet.yaml
index 1967646..db556e8 100644 (file)
--- a/overcloud-resource-registry-puppet.yaml
+++ b/overcloud-resource-registry-puppet.yaml
@@ -72,3 +72,5 @@ parameter_defaults:
     CinderIscsiNetwork: storage
     GlanceApiNetwork: storage
     GlanceRegistryNetwork: internal_api
+    KeystoneAdminApiNetwork: internal_api
+    KeystonePublicApiNetwork: external
diff --git a/puppet/controller-puppet.yaml b/puppet/controller-puppet.yaml
index 3f134d8..ca65097 100644 (file)
--- a/puppet/controller-puppet.yaml
+++ b/puppet/controller-puppet.yaml
@@ -798,8 +798,8 @@ resources:
                 keystone_ssl_certificate: {get_input: keystone_ssl_certificate}
                 keystone_ssl_certificate_key: {get_input: keystone_ssl_certificate_key}
                 keystone::database_connection: {get_input: keystone_dsn}
-                keystone::public_bind_host: {get_input: controller_host}
-                keystone::admin_bind_host: {get_input: controller_host}
+                keystone::public_bind_host: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]}
+                keystone::admin_bind_host: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]}
                 keystone::debug: {get_input: debug}
                 # MongoDB
                 mongodb::server::bind_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MongoDbNetwork]}]}