From 1cedf77f19ccd0b01791553016fde77748a2ce74 Mon Sep 17 00:00:00 2001
From: Dave McCowan <dmccowan@cisco.com>
Date: Fri, 12 Feb 2016 12:37:13 -0500
Subject: [PATCH] Use variables to specify http or https when constructing URLs
To allow for TLS to protect the service endpoints, the protocol
in the URLs for the endpoints will be either http or https.
This patch removes the hardcoded values of http and replaces them
with variables that can be adjusted accordingly in future patches.
Change-Id: Ibca6f8aac09c65115d1ac9957410e7f81ac7671e
Partially-implements: blueprint ssl-kolla
---
ansible/group_vars/all.yml | 8 ++++++--
ansible/roles/cinder/tasks/register.yml | 12 ++++++------
ansible/roles/cinder/templates/cinder.conf.j2 | 6 +++---
ansible/roles/common/templates/admin-openrc.sh.j2 | 2 +-
ansible/roles/glance/tasks/register.yml | 6 +++---
ansible/roles/glance/templates/glance-api.conf.j2 | 4 ++--
.../roles/glance/templates/glance-registry.conf.j2 | 4 ++--
ansible/roles/heat/tasks/register.yml | 12 ++++++------
ansible/roles/heat/templates/heat.conf.j2 | 14 +++++++-------
ansible/roles/horizon/templates/local_settings.j2 | 2 +-
ansible/roles/ironic/tasks/register.yml | 6 +++---
ansible/roles/ironic/templates/discoverd.conf.j2 | 2 +-
ansible/roles/ironic/templates/ironic.conf.j2 | 8 ++++----
ansible/roles/keystone/tasks/register.yml | 6 +++---
ansible/roles/kibana/templates/kibana.yml.j2 | 2 +-
ansible/roles/magnum/tasks/register.yml | 6 +++---
ansible/roles/magnum/templates/magnum.conf.j2 | 8 ++++----
ansible/roles/mistral/tasks/register.yml | 6 +++---
ansible/roles/mistral/templates/mistral.conf.j2 | 6 +++---
ansible/roles/murano/tasks/register.yml | 6 +++---
ansible/roles/murano/templates/murano.conf.j2 | 6 +++---
ansible/roles/neutron/tasks/register.yml | 6 +++---
ansible/roles/neutron/templates/neutron.conf.j2 | 6 +++---
ansible/roles/nova/tasks/register.yml | 6 +++---
ansible/roles/nova/templates/nova.conf.j2 | 14 +++++++-------
ansible/roles/swift/tasks/register.yml | 6 +++---
ansible/roles/swift/templates/proxy-server.conf.j2 | 4 ++--
dev/vagrant/centos-bootstrap.sh | 3 ++-
28 files changed, 91 insertions(+), 86 deletions(-)
diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml
index 55aa9fd23f..4ddef5c48a 100644
--- a/ansible/group_vars/all.yml
+++ b/ansible/group_vars/all.yml
@@ -128,6 +128,10 @@ mistral_api_port: "8989"
kibana_port: "5601"
elasticsearch_port: "9200"
+public_protocol: "http"
+internal_protocol: "http"
+admin_protocol: "http"
+
####################
# Openstack options
####################
@@ -145,7 +149,7 @@ nova_console: "novnc"
# Openstack authentication string. You should only need to override these if you
# are changing the admin tenant/project or user.
openstack_auth:
- auth_url: "http://{{ kolla_internal_address }}:{{ keystone_admin_port }}"
+ auth_url: "{{ admin_protocol }}://{{ kolla_internal_address }}:{{ keystone_admin_port }}"
username: "admin"
password: "{{ keystone_admin_password }}"
project_name: "admin"
@@ -153,7 +157,7 @@ openstack_auth:
# This shouldn't be needed for long. It is only temporary until we get the
# ansible modules sorted out
openstack_auth_v2:
- auth_url: "http://{{ kolla_internal_address }}:{{ keystone_admin_port }}/v2.0"
+ auth_url: "{{ admin_protocol }}://{{ kolla_internal_address }}:{{ keystone_admin_port }}/v2.0"
username: "admin"
password: "{{ keystone_admin_password }}"
project_name: "admin"
diff --git a/ansible/roles/cinder/tasks/register.yml b/ansible/roles/cinder/tasks/register.yml
index 31f887cca1..3ce4fc8586 100644
--- a/ansible/roles/cinder/tasks/register.yml
+++ b/ansible/roles/cinder/tasks/register.yml
@@ -6,9 +6,9 @@
service_type=volume
description='Openstack Block Storage'
endpoint_region={{ openstack_region_name }}
- admin_url='http://{{ kolla_internal_address }}:{{ cinder_api_port }}/v2/%(tenant_id)s'
- internal_url='http://{{ kolla_internal_address }}:{{ cinder_api_port }}/v2/%(tenant_id)s'
- public_url='http://{{ kolla_external_address }}:{{ cinder_api_port }}/v2/%(tenant_id)s'
+ admin_url='{{ admin_protocol }}://{{ kolla_internal_address }}:{{ cinder_api_port }}/v2/%(tenant_id)s'
+ internal_url='{{ internal_protocol }}://{{ kolla_internal_address }}:{{ cinder_api_port }}/v2/%(tenant_id)s'
+ public_url='{{ public_protocol }}://{{ kolla_external_address }}:{{ cinder_api_port }}/v2/%(tenant_id)s'
region_name={{ openstack_region_name }}
auth={{ '{{ openstack_cinder_auth }}' }}"
-e "{'openstack_cinder_auth':{{ openstack_cinder_auth }}}"
@@ -26,9 +26,9 @@
service_type=volumev2
description='Openstack Block Storage'
endpoint_region={{ openstack_region_name }}
- admin_url='http://{{ kolla_internal_address }}:{{ cinder_api_port }}/v2/%(tenant_id)s'
- internal_url='http://{{ kolla_internal_address }}:{{ cinder_api_port }}/v2/%(tenant_id)s'
- public_url='http://{{ kolla_external_address }}:{{ cinder_api_port }}/v2/%(tenant_id)s'
+ admin_url='{{ admin_protocol }}://{{ kolla_internal_address }}:{{ cinder_api_port }}/v2/%(tenant_id)s'
+ internal_url='{{ internal_protocol }}://{{ kolla_internal_address }}:{{ cinder_api_port }}/v2/%(tenant_id)s'
+ public_url='{{ public_protocol }}://{{ kolla_external_address }}:{{ cinder_api_port }}/v2/%(tenant_id)s'
region_name={{ openstack_region_name }}
auth={{ '{{ openstack_cinder_auth }}' }}"
-e "{'openstack_cinder_auth':{{ openstack_cinder_auth }}}"
diff --git a/ansible/roles/cinder/templates/cinder.conf.j2 b/ansible/roles/cinder/templates/cinder.conf.j2
index 107e190100..f7d4463c7b 100644
--- a/ansible/roles/cinder/templates/cinder.conf.j2
+++ b/ansible/roles/cinder/templates/cinder.conf.j2
@@ -7,7 +7,7 @@ syslog_log_facility = LOG_LOCAL0
enable_v1_api=false
volume_name_template = %s
-glance_api_servers = http://{{ kolla_internal_address }}:{{ glance_api_port }}
+glance_api_servers = {{ internal_protocol }}://{{ kolla_internal_address }}:{{ glance_api_port }}
glance_api_version = 2
os_region_name = {{ openstack_region_name }}
@@ -43,8 +43,8 @@ auth_strategy = keystone
connection = mysql+pymysql://{{ cinder_database_user }}:{{ cinder_database_password }}@{{ cinder_database_address }}/{{ cinder_database_name }}
[keystone_authtoken]
-auth_uri = http://{{ kolla_internal_address }}:{{ keystone_public_port }}
-auth_url = http://{{ kolla_internal_address }}:{{ keystone_admin_port }}
+auth_uri = {{ internal_protocol }}://{{ kolla_internal_address }}:{{ keystone_public_port }}
+auth_url = {{ admin_protocol }}://{{ kolla_internal_address }}:{{ keystone_admin_port }}
auth_type = password
project_domain_id = default
user_domain_id = default
diff --git a/ansible/roles/common/templates/admin-openrc.sh.j2 b/ansible/roles/common/templates/admin-openrc.sh.j2
index 9ab250f6ac..0626818cd4 100644
--- a/ansible/roles/common/templates/admin-openrc.sh.j2
+++ b/ansible/roles/common/templates/admin-openrc.sh.j2
@@ -4,5 +4,5 @@ export OS_PROJECT_NAME=admin
export OS_TENANT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD={{ keystone_admin_password }}
-export OS_AUTH_URL=http://{{ kolla_internal_address }}:{{ keystone_admin_port }}/v3
+export OS_AUTH_URL={{ admin_protocol }}://{{ kolla_internal_address }}:{{ keystone_admin_port }}/v3
export OS_IDENTITY_API_VERSION=3
diff --git a/ansible/roles/glance/tasks/register.yml b/ansible/roles/glance/tasks/register.yml
index 905eba8a0d..9e2a11a677 100644
--- a/ansible/roles/glance/tasks/register.yml
+++ b/ansible/roles/glance/tasks/register.yml
@@ -6,9 +6,9 @@
service_type=image
description='Openstack Image'
endpoint_region={{ openstack_region_name }}
- admin_url='http://{{ kolla_internal_address }}:{{ glance_api_port }}'
- internal_url='http://{{ kolla_internal_address }}:{{ glance_api_port }}'
- public_url='http://{{ kolla_external_address }}:{{ glance_api_port }}'
+ admin_url='{{ admin_protocol }}://{{ kolla_internal_address }}:{{ glance_api_port }}'
+ internal_url='{{ internal_protocol }}://{{ kolla_internal_address }}:{{ glance_api_port }}'
+ public_url='{{ public_protocol }}://{{ kolla_external_address }}:{{ glance_api_port }}'
region_name={{ openstack_region_name }}
auth={{ '{{ openstack_glance_auth }}' }}"
-e "{'openstack_glance_auth':{{ openstack_glance_auth }}}"
diff --git a/ansible/roles/glance/templates/glance-api.conf.j2 b/ansible/roles/glance/templates/glance-api.conf.j2
index afec01b1a3..685b2049ec 100644
--- a/ansible/roles/glance/templates/glance-api.conf.j2
+++ b/ansible/roles/glance/templates/glance-api.conf.j2
@@ -18,8 +18,8 @@ show_image_direct_url= True
connection = mysql+pymysql://{{ glance_database_user }}:{{ glance_database_password }}@{{ glance_database_address }}/{{ glance_database_name }}
[keystone_authtoken]
-auth_uri = http://{{ kolla_internal_address }}:{{ keystone_public_port }}
-auth_url = http://{{ kolla_internal_address }}:{{ keystone_admin_port }}
+auth_uri = {{ internal_protocol }}://{{ kolla_internal_address }}:{{ keystone_public_port }}
+auth_url = {{ admin_protocol }}://{{ kolla_internal_address }}:{{ keystone_admin_port }}
auth_type = password
project_domain_id = default
user_domain_id = default
diff --git a/ansible/roles/glance/templates/glance-registry.conf.j2 b/ansible/roles/glance/templates/glance-registry.conf.j2
index e3e0d05aa6..db3e58c803 100644
--- a/ansible/roles/glance/templates/glance-registry.conf.j2
+++ b/ansible/roles/glance/templates/glance-registry.conf.j2
@@ -12,8 +12,8 @@ syslog_log_facility = LOG_LOCAL0
connection = mysql+pymysql://{{ glance_database_user }}:{{ glance_database_password }}@{{ glance_database_address }}/{{ glance_database_name }}
[keystone_authtoken]
-auth_uri = http://{{ kolla_internal_address }}:{{ keystone_public_port }}
-auth_url = http://{{ kolla_internal_address }}:{{ keystone_admin_port }}
+auth_uri = {{ internal_protocol }}://{{ kolla_internal_address }}:{{ keystone_public_port }}
+auth_url = {{ admin_protocol }}://{{ kolla_internal_address }}:{{ keystone_admin_port }}
auth_type = password
project_domain_id = default
user_domain_id = default
diff --git a/ansible/roles/heat/tasks/register.yml b/ansible/roles/heat/tasks/register.yml
index d6fd4d71dc..e9b8127d40 100644
--- a/ansible/roles/heat/tasks/register.yml
+++ b/ansible/roles/heat/tasks/register.yml
@@ -6,9 +6,9 @@
service_type=orchestration
description='Openstack Orchestration'
endpoint_region={{ openstack_region_name }}
- admin_url='http://{{ kolla_internal_address }}:{{ heat_api_port }}/v1/%(tenant_id)s'
- internal_url='http://{{ kolla_internal_address }}:{{ heat_api_port }}/v1/%(tenant_id)s'
- public_url='http://{{ kolla_external_address }}:{{ heat_api_port }}/v1/%(tenant_id)s'
+ admin_url='{{ admin_protocol }}://{{ kolla_internal_address }}:{{ heat_api_port }}/v1/%(tenant_id)s'
+ internal_url='{{ internal_protocol }}://{{ kolla_internal_address }}:{{ heat_api_port }}/v1/%(tenant_id)s'
+ public_url='{{ public_protocol }}://{{ kolla_external_address }}:{{ heat_api_port }}/v1/%(tenant_id)s'
region_name={{ openstack_region_name }}
auth={{ '{{ openstack_heat_auth }}' }}"
-e "{'openstack_heat_auth':{{ openstack_heat_auth }}}"
@@ -26,9 +26,9 @@
service_type=orchestration
description='Openstack Orchestration'
endpoint_region={{ openstack_region_name }}
- admin_url='http://{{ kolla_internal_address }}:{{ heat_api_port }}/v1'
- internal_url='http://{{ kolla_internal_address }}:{{ heat_api_cfn_port }}/v1'
- public_url='http://{{ kolla_external_address }}:{{ heat_api_cfn_port }}/v1'
+ admin_url='{{ admin_protocol }}://{{ kolla_internal_address }}:{{ heat_api_port }}/v1'
+ internal_url='{{ internal_protocol }}://{{ kolla_internal_address }}:{{ heat_api_cfn_port }}/v1'
+ public_url='{{ public_protocol }}://{{ kolla_external_address }}:{{ heat_api_cfn_port }}/v1'
region_name={{ openstack_region_name }}
auth={{ '{{ openstack_heat_auth }}' }}"
-e "{'openstack_heat_auth':{{ openstack_heat_auth }}}"
diff --git a/ansible/roles/heat/templates/heat.conf.j2 b/ansible/roles/heat/templates/heat.conf.j2
index c2faa835fd..330fa5a9f2 100644
--- a/ansible/roles/heat/templates/heat.conf.j2
+++ b/ansible/roles/heat/templates/heat.conf.j2
@@ -1,9 +1,9 @@
[DEFAULT]
debug = {{ heat_logging_debug }}
-heat_watch_server_url = http://{{ kolla_external_address }}:{{ heat_api_cfn_port }}
-heat_metadata_server_url = http://{{ kolla_external_address }}:{{ heat_api_cfn_port }}
-heat_waitcondition_server_url = http://{{ kolla_external_address }}:{{ heat_api_cfn_port }}/v1/waitcondition
+heat_watch_server_url = {{ public_protocol }}://{{ kolla_external_address }}:{{ heat_api_cfn_port }}
+heat_metadata_server_url = {{ public_protocol }}://{{ kolla_external_address }}:{{ heat_api_cfn_port }}
+heat_waitcondition_server_url = {{ public_protocol }}://{{ kolla_external_address }}:{{ heat_api_cfn_port }}/v1/waitcondition
stack_domain_admin = heat_domain_admin
stack_domain_admin_password = {{ heat_domain_admin_password }}
@@ -37,8 +37,8 @@ bind_port = {{ heat_api_cfn_port }}
connection = mysql+pymysql://{{ heat_database_user }}:{{ heat_database_password }}@{{ heat_database_address }}/{{ heat_database_name }}
[keystone_authtoken]
-auth_uri = http://{{ kolla_internal_address }}:{{ keystone_public_port }}
-auth_url = http://{{ kolla_internal_address }}:{{ keystone_admin_port }}
+auth_uri = {{ internal_protocol }}://{{ kolla_internal_address }}:{{ keystone_public_port }}
+auth_url = {{ admin_protocol }}://{{ kolla_internal_address }}:{{ keystone_admin_port }}
auth_type = password
project_domain_id = default
user_domain_id = default
@@ -47,10 +47,10 @@ username = heat
password = {{ heat_keystone_password }}
[ec2authtoken]
-auth_uri = http://{{ kolla_internal_address }}:{{ keystone_public_port }}
+auth_uri = {{ internal_protocol }}://{{ kolla_internal_address }}:{{ keystone_public_port }}
[clients_keystone]
-auth_uri = http://{{ kolla_internal_address }}:{{ keystone_public_port }}
+auth_uri = {{ internal_protocol }}://{{ kolla_internal_address }}:{{ keystone_public_port }}
[oslo_messaging_notifications]
driver = noop
diff --git a/ansible/roles/horizon/templates/local_settings.j2 b/ansible/roles/horizon/templates/local_settings.j2
index 9b7279b671..65d9586bd8 100644
--- a/ansible/roles/horizon/templates/local_settings.j2
+++ b/ansible/roles/horizon/templates/local_settings.j2
@@ -148,7 +148,7 @@ EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'
#]
OPENSTACK_HOST = "{{ kolla_external_address }}"
-OPENSTACK_KEYSTONE_URL = "http://%s:{{ keystone_public_port }}/v3" % OPENSTACK_HOST
+OPENSTACK_KEYSTONE_URL = "{{ public_protocol }}://%s:{{ keystone_public_port }}/v3" % OPENSTACK_HOST
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "_member_"
# Enables keystone web single-sign-on if set to True.
diff --git a/ansible/roles/ironic/tasks/register.yml b/ansible/roles/ironic/tasks/register.yml
index c1862b1d7e..fc44611b3a 100644
--- a/ansible/roles/ironic/tasks/register.yml
+++ b/ansible/roles/ironic/tasks/register.yml
@@ -6,9 +6,9 @@
service_type=baremetal
description='Ironic bare metal provisioning service'
endpoint_region={{ openstack_region_name }}
- admin_url='http://{{ ironic_admin_address }}:{{ ironic_api_port }}'
- internal_url='http://{{ ironic_internal_address }}:{{ ironic_api_port }}'
- public_url='http://{{ ironic_public_address }}:{{ ironic_api_port }}'
+ admin_url='{{ admin_protocol }}://{{ ironic_admin_address }}:{{ ironic_api_port }}'
+ internal_url='{{ internal_protocol }}://{{ ironic_internal_address }}:{{ ironic_api_port }}'
+ public_url='{{ public_protocol }}://{{ ironic_public_address }}:{{ ironic_api_port }}'
region_name={{ openstack_region_name }}
auth={{ '{{ openstack_ironic_auth }}' }}"
-e "{'openstack_ironic_auth':{{ openstack_ironic_auth }}}"
diff --git a/ansible/roles/ironic/templates/discoverd.conf.j2 b/ansible/roles/ironic/templates/discoverd.conf.j2
index 1f64d564ac..151fcfa9d2 100644
--- a/ansible/roles/ironic/templates/discoverd.conf.j2
+++ b/ansible/roles/ironic/templates/discoverd.conf.j2
@@ -1,6 +1,6 @@
[discoverd]
database = inspector.sqlite3
-os_auth_url = http://{{ kolla_internal_address }}:{{ keystone_public_port }}/v2.0
+os_auth_url = {{ internal_protocol }}://{{ kolla_internal_address }}:{{ keystone_public_port }}/v2.0
os_username = {{ openstack_auth.username }}
os_password = {{ openstack_auth.password }}
os_tenant_name = {{ openstack_auth.project_name }}
diff --git a/ansible/roles/ironic/templates/ironic.conf.j2 b/ansible/roles/ironic/templates/ironic.conf.j2
index 0a06349918..f100b681ff 100644
--- a/ansible/roles/ironic/templates/ironic.conf.j2
+++ b/ansible/roles/ironic/templates/ironic.conf.j2
@@ -10,7 +10,7 @@ host_ip = {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['a
{% if service_name == 'ironic-conductor' %}
[conductor]
-api_url = http://{{ kolla_internal_address }}:{{ ironic_api_port }}
+api_url = {{ internal_protocol }}://{{ kolla_internal_address }}:{{ ironic_api_port }}
clean_nodes = false
{% endif %}
@@ -18,8 +18,8 @@ clean_nodes = false
connection = mysql+pymysql://{{ ironic_database_user }}:{{ ironic_database_password }}@{{ ironic_database_address }}/{{ ironic_database_name }}
[keystone_authtoken]
-auth_uri = http://{{ kolla_internal_address }}:{{ keystone_public_port }}
-auth_url = http://{{ kolla_internal_address }}:{{ keystone_admin_port }}
+auth_uri = {{ internal_protocol }}://{{ kolla_internal_address }}:{{ keystone_public_port }}
+auth_url = {{ admin_protocol }}://{{ kolla_internal_address }}:{{ keystone_admin_port }}
auth_type = password
project_domain_id = default
user_domain_id = default
@@ -31,7 +31,7 @@ password = {{ ironic_keystone_password }}
glance_host = {{ kolla_internal_address }}
[neutron]
-url = http://{{ kolla_internal_address }}:{{ neutron_server_port }}
+url = {{ internal_protocol }}://{{ kolla_internal_address }}:{{ neutron_server_port }}
[oslo_messaging_rabbit]
rabbit_userid = {{ rabbitmq_user }}
diff --git a/ansible/roles/keystone/tasks/register.yml b/ansible/roles/keystone/tasks/register.yml
index a20d6c422e..2b9af5a600 100644
--- a/ansible/roles/keystone/tasks/register.yml
+++ b/ansible/roles/keystone/tasks/register.yml
@@ -24,9 +24,9 @@
service_type=identity
description='Openstack Identity'
endpoint_region={{ openstack_region_name }}
- admin_url='http://{{ kolla_internal_address }}:{{ keystone_admin_port }}'
- internal_url='http://{{ kolla_internal_address }}:{{ keystone_admin_port }}'
- public_url='http://{{ kolla_external_address }}:{{ keystone_public_port }}'
+ admin_url='{{ admin_protocol }}://{{ kolla_internal_address }}:{{ keystone_admin_port }}'
+ internal_url='{{ internal_protocol }}://{{ kolla_internal_address }}:{{ keystone_admin_port }}'
+ public_url='{{ public_protocol }}://{{ kolla_external_address }}:{{ keystone_public_port }}'
region_name={{ openstack_region_name }}
auth_type=admin_token
auth={{ '{{ openstack_keystone_token_auth }}' }}"
diff --git a/ansible/roles/kibana/templates/kibana.yml.j2 b/ansible/roles/kibana/templates/kibana.yml.j2
index e144a1b5be..00186c4f4c 100644
--- a/ansible/roles/kibana/templates/kibana.yml.j2
+++ b/ansible/roles/kibana/templates/kibana.yml.j2
@@ -1,6 +1,6 @@
port: {{ kibana_port }}
host: {{ kibana_host }}
-elasticsearch_url: "http://{{ kolla_internal_address }}:{{ elasticsearch_port }}"
+elasticsearch_url: "{{ internal_protocol }}://{{ kolla_internal_address }}:{{ elasticsearch_port }}"
elasticsearch_preserve_host: {{ elasticsearch_preserve_host }}
default_app_id: {{ kibana_app_id }}
request_timeout: {{ kibana_request_timeout }}
diff --git a/ansible/roles/magnum/tasks/register.yml b/ansible/roles/magnum/tasks/register.yml
index a89a124fbc..6e17ccd7ab 100644
--- a/ansible/roles/magnum/tasks/register.yml
+++ b/ansible/roles/magnum/tasks/register.yml
@@ -6,9 +6,9 @@
service_type=container
description='Openstack Container Service'
endpoint_region={{ openstack_region_name }}
- admin_url='http://{{ kolla_internal_address }}:{{ magnum_api_port }}/v1'
- internal_url='http://{{ kolla_internal_address }}:{{ magnum_api_port }}/v1'
- public_url='http://{{ kolla_external_address }}:{{ magnum_api_port }}/v1'
+ admin_url='{{ admin_protocol }}://{{ kolla_internal_address }}:{{ magnum_api_port }}/v1'
+ internal_url='{{ internal_protocol }}://{{ kolla_internal_address }}:{{ magnum_api_port }}/v1'
+ public_url='{{ public_protocol }}://{{ kolla_external_address }}:{{ magnum_api_port }}/v1'
region_name={{ openstack_region_name }}
auth={{ '{{ openstack_magnum_auth }}' }}"
-e "{'openstack_magnum_auth':{{ openstack_magnum_auth }}}"
diff --git a/ansible/roles/magnum/templates/magnum.conf.j2 b/ansible/roles/magnum/templates/magnum.conf.j2
index 44f9c07ad7..6a25720649 100644
--- a/ansible/roles/magnum/templates/magnum.conf.j2
+++ b/ansible/roles/magnum/templates/magnum.conf.j2
@@ -17,8 +17,8 @@ connection = mysql+pymysql://{{ magnum_database_user }}:{{ magnum_database_passw
region_name = {{ openstack_region_name }}
[keystone_authtoken]
-auth_uri = http://{{ kolla_internal_address }}:{{ keystone_public_port }}
-auth_url = http://{{ kolla_internal_address }}:{{ keystone_admin_port }}
+auth_uri = {{ internal_protocol }}://{{ kolla_internal_address }}:{{ keystone_public_port }}
+auth_url = {{ admin_protocol }}://{{ kolla_internal_address }}:{{ keystone_admin_port }}
auth_type = password
project_domain_id = default
user_domain_id = default
@@ -27,8 +27,8 @@ username = {{ magnum_keystone_user }}
password = {{ magnum_keystone_password }}
[trustee]
-auth_uri = http://{{ kolla_internal_address }}:{{ keystone_public_port }}
-auth_url = http://{{ kolla_internal_address }}:{{ keystone_admin_port }}
+auth_uri = {{ internal_protocol }}://{{ kolla_internal_address }}:{{ keystone_public_port }}
+auth_url = {{ admin_protocol }}://{{ kolla_internal_address }}:{{ keystone_admin_port }}
auth_type = password
project_domain_id = default
user_domain_id = default
diff --git a/ansible/roles/mistral/tasks/register.yml b/ansible/roles/mistral/tasks/register.yml
index 5ffbaf1b5c..5994ccb856 100644
--- a/ansible/roles/mistral/tasks/register.yml
+++ b/ansible/roles/mistral/tasks/register.yml
@@ -6,9 +6,9 @@
service_type=application_catalog
description='Openstack Application Catalog'
endpoint_region={{ openstack_region_name }}
- admin_url='http://{{ kolla_internal_address }}:{{ mistral_api_port }}'
- internal_url='http://{{ kolla_internal_address }}:{{ mistral_api_port }}'
- public_url='http://{{ kolla_external_address }}:{{ mistral_api_port }}'
+ admin_url='{{ admin_protocol }}://{{ kolla_internal_address }}:{{ mistral_api_port }}'
+ internal_url='{{ internal_protocol }}://{{ kolla_internal_address }}:{{ mistral_api_port }}'
+ public_url='{{ public_protocol }}://{{ kolla_external_address }}:{{ mistral_api_port }}'
region_name={{ openstack_region_name }}
auth={{ '{{ openstack_mistral_auth }}' }}"
-e "{'openstack_mistral_auth':{{ openstack_mistral_auth }}}"
diff --git a/ansible/roles/mistral/templates/mistral.conf.j2 b/ansible/roles/mistral/templates/mistral.conf.j2
index 24781f7ff0..1c2f24c0a6 100644
--- a/ansible/roles/mistral/templates/mistral.conf.j2
+++ b/ansible/roles/mistral/templates/mistral.conf.j2
@@ -14,8 +14,8 @@ bind_port = {{ mistral_api_port }}
connection = mysql+pymysql://{{ mistral_database_user }}:{{ mistral_database_password }}@{{ mistral_database_address }}/{{ mistral_database_name }}
[keystone_authtoken]
-auth_uri = http://{{ kolla_internal_address }}:{{ keystone_public_port }}
-auth_url = http://{{ kolla_internal_address }}:{{ keystone_admin_port }}
+auth_uri = {{ internal_protocol }}://{{ kolla_internal_address }}:{{ keystone_public_port }}
+auth_url = {{ admin_protocol }}://{{ kolla_internal_address }}:{{ keystone_admin_port }}
auth_type = password
project_domain_id = default
user_domain_id = default
@@ -24,7 +24,7 @@ username = {{ mistral_keystone_user }}
password = {{ mistral_keystone_password }}
[mistral]
-url = http://{{ kolla_internal_address }}:{{ mistral_api_port }}
+url = {{ internal_protocol }}://{{ kolla_internal_address }}:{{ mistral_api_port }}
[oslo_messaging_rabbit]
rabbit_userid = {{ rabbitmq_user }}
diff --git a/ansible/roles/murano/tasks/register.yml b/ansible/roles/murano/tasks/register.yml
index 2d99fa0831..2872cc76e7 100644
--- a/ansible/roles/murano/tasks/register.yml
+++ b/ansible/roles/murano/tasks/register.yml
@@ -6,9 +6,9 @@
service_type=application_catalog
description='Openstack Application Catalogue'
endpoint_region={{ openstack_region_name }}
- admin_url='http://{{ kolla_internal_address }}:{{ murano_api_port }}'
- internal_url='http://{{ kolla_internal_address }}:{{ murano_api_port }}'
- public_url='http://{{ kolla_external_address }}:{{ murano_api_port }}'
+ admin_url='{{ admin_protocol }}://{{ kolla_internal_address }}:{{ murano_api_port }}'
+ internal_url='{{ internal_protocol }}://{{ kolla_internal_address }}:{{ murano_api_port }}'
+ public_url='{{ public_protocol }}://{{ kolla_external_address }}:{{ murano_api_port }}'
region_name={{ openstack_region_name }}
auth={{ '{{ openstack_murano_auth }}' }}"
-e "{'openstack_murano_auth':{{ openstack_murano_auth }}}"
diff --git a/ansible/roles/murano/templates/murano.conf.j2 b/ansible/roles/murano/templates/murano.conf.j2
index 6af9b47518..e0bdda1372 100644
--- a/ansible/roles/murano/templates/murano.conf.j2
+++ b/ansible/roles/murano/templates/murano.conf.j2
@@ -14,8 +14,8 @@ bind_port = {{ murano_api_port }}
connection = mysql+pymysql://{{ murano_database_user }}:{{ murano_database_password }}@{{ murano_database_address }}/{{ murano_database_name }}
[keystone_authtoken]
-auth_uri = http://{{ kolla_internal_address }}:{{ keystone_public_port }}
-auth_url = http://{{ kolla_internal_address }}:{{ keystone_admin_port }}
+auth_uri = {{ internal_protocol }}://{{ kolla_internal_address }}:{{ keystone_public_port }}
+auth_url = {{ admin_protocol }}://{{ kolla_internal_address }}:{{ keystone_admin_port }}
auth_type = password
project_domain_id = default
user_domain_id = default
@@ -24,7 +24,7 @@ username = {{ murano_keystone_user }}
password = {{ murano_keystone_password }}
[murano]
-url = http://{{ kolla_internal_address }}:{{ murano_api_port }}
+url = {{ internal_protocol }}://{{ kolla_internal_address }}:{{ murano_api_port }}
[oslo_messaging_rabbit]
rabbit_userid = {{ rabbitmq_user }}
diff --git a/ansible/roles/neutron/tasks/register.yml b/ansible/roles/neutron/tasks/register.yml
index 2c2c56be8d..d400d6ca7f 100644
--- a/ansible/roles/neutron/tasks/register.yml
+++ b/ansible/roles/neutron/tasks/register.yml
@@ -6,9 +6,9 @@
service_type=network
description='Openstack Networking'
endpoint_region={{ openstack_region_name }}
- admin_url='http://{{ kolla_internal_address }}:{{ neutron_server_port }}'
- internal_url='http://{{ kolla_internal_address }}:{{ neutron_server_port }}'
- public_url='http://{{ kolla_external_address }}:{{ neutron_server_port }}'
+ admin_url='{{ admin_protocol }}://{{ kolla_internal_address }}:{{ neutron_server_port }}'
+ internal_url='{{ internal_protocol }}://{{ kolla_internal_address }}:{{ neutron_server_port }}'
+ public_url='{{ public_protocol }}://{{ kolla_external_address }}:{{ neutron_server_port }}'
region_name={{ openstack_region_name }}
auth={{ '{{ openstack_neutron_auth }}' }}"
-e "{'openstack_neutron_auth':{{ openstack_neutron_auth }}}"
diff --git a/ansible/roles/neutron/templates/neutron.conf.j2 b/ansible/roles/neutron/templates/neutron.conf.j2
index 5779ebc3bb..8db961e8e8 100644
--- a/ansible/roles/neutron/templates/neutron.conf.j2
+++ b/ansible/roles/neutron/templates/neutron.conf.j2
@@ -31,7 +31,7 @@ core_plugin = ml2
service_plugins = router
[nova]
-auth_url = http://{{ kolla_internal_address }}:{{ keystone_admin_port }}
+auth_url = {{ internal_protocol }}://{{ kolla_internal_address }}:{{ keystone_admin_port }}
auth_type = password
project_domain_id = default
user_domain_id = default
@@ -56,8 +56,8 @@ root_helper = sudo neutron-rootwrap /etc/neutron/rootwrap.conf
connection = mysql+pymysql://{{ neutron_database_user }}:{{ neutron_database_password }}@{{ neutron_database_address }}/{{ neutron_database_name }}
[keystone_authtoken]
-auth_uri = http://{{ kolla_internal_address }}:{{ keystone_public_port }}
-auth_url = http://{{ kolla_internal_address }}:{{ keystone_admin_port }}
+auth_uri = {{ internal_protocol }}://{{ kolla_internal_address }}:{{ keystone_public_port }}
+auth_url = {{ admin_protocol }}://{{ kolla_internal_address }}:{{ keystone_admin_port }}
auth_type = password
project_domain_id = default
user_domain_id = default
diff --git a/ansible/roles/nova/tasks/register.yml b/ansible/roles/nova/tasks/register.yml
index 43f475d63d..95f0f968dd 100644
--- a/ansible/roles/nova/tasks/register.yml
+++ b/ansible/roles/nova/tasks/register.yml
@@ -6,9 +6,9 @@
service_type=compute
description='Openstack Compute'
endpoint_region={{ openstack_region_name }}
- admin_url='http://{{ kolla_internal_address }}:{{ nova_api_port }}/v2/%(tenant_id)s'
- internal_url='http://{{ kolla_internal_address }}:{{ nova_api_port }}/v2/%(tenant_id)s'
- public_url='http://{{ kolla_external_address }}:{{ nova_api_port }}/v2/%(tenant_id)s'
+ admin_url='{{ admin_protocol }}://{{ kolla_internal_address }}:{{ nova_api_port }}/v2/%(tenant_id)s'
+ internal_url='{{ internal_protocol }}://{{ kolla_internal_address }}:{{ nova_api_port }}/v2/%(tenant_id)s'
+ public_url='{{ public_protocol }}://{{ kolla_external_address }}:{{ nova_api_port }}/v2/%(tenant_id)s'
region_name={{ openstack_region_name }}
auth={{ '{{ openstack_nova_auth }}' }}"
-e "{'openstack_nova_auth':{{ openstack_nova_auth }}}"
diff --git a/ansible/roles/nova/templates/nova.conf.j2 b/ansible/roles/nova/templates/nova.conf.j2
index f5021fdd7a..e99c80209b 100644
--- a/ansible/roles/nova/templates/nova.conf.j2
+++ b/ansible/roles/nova/templates/nova.conf.j2
@@ -60,7 +60,7 @@ novncproxy_port = {{ nova_novncproxy_port }}
vncserver_listen = {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}
vncserver_proxyclient_address = {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}
{% if inventory_hostname in groups['compute'] %}
-novncproxy_base_url = http://{{ kolla_internal_address }}:{{ nova_novncproxy_port }}/vnc_auto.html
+novncproxy_base_url = {{ internal_protocol }}://{{ kolla_internal_address }}:{{ nova_novncproxy_port }}/vnc_auto.html
{% endif %}
{% elif nova_console == 'spice' %}
[vnc]
@@ -70,7 +70,7 @@ enabled = false
server_listen = {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}
server_proxyclient_address = {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}
{% if inventory_hostname in groups['compute'] %}
-html5proxy_base_url = http://{{ kolla_internal_address }}:{{ nova_spicehtml5proxy_port }}/spice_auto.html
+html5proxy_base_url = {{ internal_protocol }}://{{ kolla_internal_address }}:{{ nova_spicehtml5proxy_port }}/spice_auto.html
{% endif %}
html5proxy_host = {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}
html5proxy_port = {{ nova_spicehtml5proxy_port }}
@@ -83,7 +83,7 @@ admin_username = {{ ironic_keystone_user }}
admin_password = {{ ironic_keystone_password }}
admin_url = {{ openstack_auth_v2.auth_url }}
admin_tenant_name = service
-api_endpoint = http://{{ kolla_internal_address }}:{{ ironic_api_port }}/v1
+api_endpoint = {{ internal_protocol }}://{{ kolla_internal_address }}:{{ ironic_api_port }}/v1
{% endif %}
[oslo_messaging_rabbit]
@@ -109,12 +109,12 @@ num_retries = {{ groups['glance-api'] | length }}
catalog_info = volume:cinder:internalURL
[neutron]
-url = http://{{ kolla_internal_address }}:{{ neutron_server_port }}
+url = {{ internal_protocol }}://{{ kolla_internal_address }}:{{ neutron_server_port }}
auth_strategy = keystone
metadata_proxy_shared_secret = {{ metadata_secret }}
service_metadata_proxy = true
-auth_url = http://{{ kolla_internal_address }}:{{ keystone_admin_port }}
+auth_url = {{ admin_protocol }}://{{ kolla_internal_address }}:{{ keystone_admin_port }}
auth_plugin = password
project_domain_name = default
user_domain_id = default
@@ -129,8 +129,8 @@ connection = mysql+pymysql://{{ nova_database_user }}:{{ nova_database_password
connection = mysql+pymysql://{{ nova_api_database_user }}:{{ nova_api_database_password }}@{{ nova_api_database_address }}/{{ nova_api_database_name }}
[keystone_authtoken]
-auth_uri = http://{{ kolla_internal_address }}:{{ keystone_public_port }}
-auth_url = http://{{ kolla_internal_address }}:{{ keystone_admin_port }}
+auth_uri = {{ internal_protocol }}://{{ kolla_internal_address }}:{{ keystone_public_port }}
+auth_url = {{ admin_protocol }}://{{ kolla_internal_address }}:{{ keystone_admin_port }}
auth_type = password
project_domain_id = default
user_domain_id = default
diff --git a/ansible/roles/swift/tasks/register.yml b/ansible/roles/swift/tasks/register.yml
index f26156893f..27e558a857 100644
--- a/ansible/roles/swift/tasks/register.yml
+++ b/ansible/roles/swift/tasks/register.yml
@@ -6,9 +6,9 @@
service_type=object-store
description='Openstack Object Storage'
endpoint_region={{ openstack_region_name }}
- admin_url='http://{{ kolla_internal_address }}:{{ swift_proxy_server_port }}'
- internal_url='http://{{ kolla_internal_address }}:{{ swift_proxy_server_port }}/v1/AUTH_%(tenant_id)s'
- public_url='http://{{ kolla_external_address }}:{{ swift_proxy_server_port }}/v1/AUTH_%(tenant_id)s'
+ admin_url='{{ admin_protocol }}://{{ kolla_internal_address }}:{{ swift_proxy_server_port }}'
+ internal_url='{{ internal_protocol }}://{{ kolla_internal_address }}:{{ swift_proxy_server_port }}/v1/AUTH_%(tenant_id)s'
+ public_url='{{ public_protocol }}://{{ kolla_external_address }}:{{ swift_proxy_server_port }}/v1/AUTH_%(tenant_id)s'
region_name={{ openstack_region_name }}
auth={{ '{{ openstack_swift_auth }}' }}"
-e "{'openstack_swift_auth':{{ openstack_swift_auth }}}"
diff --git a/ansible/roles/swift/templates/proxy-server.conf.j2 b/ansible/roles/swift/templates/proxy-server.conf.j2
index cea708a953..71a15c8a7f 100644
--- a/ansible/roles/swift/templates/proxy-server.conf.j2
+++ b/ansible/roles/swift/templates/proxy-server.conf.j2
@@ -29,8 +29,8 @@ use = egg:swift#proxy_logging
[filter:authtoken]
paste.filter_factory = keystonemiddleware.auth_token:filter_factory
-auth_uri = http://{{ kolla_internal_address }}:{{ keystone_public_port }}
-auth_url = http://{{ kolla_internal_address }}:{{ keystone_admin_port }}
+auth_uri = {{ internal_protocol }}://{{ kolla_internal_address }}:{{ keystone_public_port }}
+auth_url = {{ admin_protocol }}://{{ kolla_internal_address }}:{{ keystone_admin_port }}
auth_type = password
project_domain_id = default
user_domain_id = default
diff --git a/dev/vagrant/centos-bootstrap.sh b/dev/vagrant/centos-bootstrap.sh
index bac332768c..83d10c0740 100644
--- a/dev/vagrant/centos-bootstrap.sh
+++ b/dev/vagrant/centos-bootstrap.sh
@@ -19,6 +19,7 @@ else
SUPPORT_NODE=support01
fi
REGISTRY=operator.local:${REGISTRY_PORT}
+ADMIN_PROTOCOL="http"
# Install common packages and do some prepwork.
function prep_work {
@@ -118,7 +119,7 @@ EOF
# The openrc file.
cat > ~vagrant/openrc <<EOF
-export OS_AUTH_URL="http://${SUPPORT_NODE}:35357/v3"
+export OS_AUTH_URL="$(ADMIN_PROTOCOL)://${SUPPORT_NODE}:35357/v3"
export OS_USERNAME=admin
export OS_PASSWORD=password
export OS_TENANT_NAME=admin