From: Dan Sneddon <dsneddon@redhat.com>
Date: Wed, 27 May 2015 00:54:01 +0000 (-0700)
Subject: Map Keystone services to isolated networks
X-Git-Tag: opnfv-6.0.0~2540^2
X-Git-Url: https://gerrit.opnfv.org/gerrit/gitweb?a=commitdiff_plain;h=8072ae85082dd060d1cb8e3bcba76da8372ed593;p=apex-tripleo-heat-templates.git

Map Keystone services to isolated networks

This change adds parameters to specify which networks the Keystone API
services will use. If the external network exists, Keystone will bind to
the IP on that network for the public API, otherwise it will default to
the IP on the Undercloud 'ctlplane' network. If the internal_api network
exists it will be used for the Keystone Admin API, otherwise it will
default to the 'ctlplane' IP. The networks these APIs are bound to can
be overridden in an environment file.

Change-Id: I6694ef6ca3b9b7afbde5d4f9d173723b9ce71b20
---

diff --git a/overcloud-resource-registry-puppet.yaml b/overcloud-resource-registry-puppet.yaml
index 1967646c..db556e80 100644
--- a/overcloud-resource-registry-puppet.yaml
+++ b/overcloud-resource-registry-puppet.yaml
@@ -72,3 +72,5 @@ parameter_defaults:
     CinderIscsiNetwork: storage
     GlanceApiNetwork: storage
     GlanceRegistryNetwork: internal_api
+    KeystoneAdminApiNetwork: internal_api
+    KeystonePublicApiNetwork: external
diff --git a/puppet/controller-puppet.yaml b/puppet/controller-puppet.yaml
index 3f134d87..ca650979 100644
--- a/puppet/controller-puppet.yaml
+++ b/puppet/controller-puppet.yaml
@@ -798,8 +798,8 @@ resources:
                 keystone_ssl_certificate: {get_input: keystone_ssl_certificate}
                 keystone_ssl_certificate_key: {get_input: keystone_ssl_certificate_key}
                 keystone::database_connection: {get_input: keystone_dsn}
-                keystone::public_bind_host: {get_input: controller_host}
-                keystone::admin_bind_host: {get_input: controller_host}
+                keystone::public_bind_host: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]}
+                keystone::admin_bind_host: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]}
                 keystone::debug: {get_input: debug}
                 # MongoDB
                 mongodb::server::bind_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MongoDbNetwork]}]}