From 256322a8feb161ead091a8b0d4ada0a77fe2dc39 Mon Sep 17 00:00:00 2001 From: James Kirsch Date: Fri, 7 Feb 2020 13:42:50 -0800 Subject: [PATCH] Construct service configuration urls using kolla_internal_fqdn Service configuration urls should be constructed using kolla_internal_fqdn instead of kolla_internal_vip_address. Otherwise SSL validation will fail when certificates are issued using domain names. Change-Id: I21689e22870c2f6206e37c60a3c33e19140f77ff Closes-Bug: 1862419 --- ansible/roles/elasticsearch/tasks/upgrade.yml | 4 ++-- ansible/roles/grafana/defaults/main.yml | 4 ++-- ansible/roles/grafana/tasks/post_config.yml | 6 +++--- ansible/roles/grafana/templates/prometheus.yaml.j2 | 2 +- ansible/roles/kibana/tasks/post_config.yml | 10 +++++----- ansible/roles/kibana/templates/kibana.yml.j2 | 2 +- ansible/roles/monasca/defaults/main.yml | 2 +- ansible/roles/monasca/tasks/post_config.yml | 14 +++++++------- ansible/roles/prometheus/defaults/main.yml | 2 +- .../notes/fix-rest-urls-fqdn-a555e8299fe34efb.yaml | 6 ++++++ 10 files changed, 29 insertions(+), 23 deletions(-) create mode 100644 releasenotes/notes/fix-rest-urls-fqdn-a555e8299fe34efb.yaml diff --git a/ansible/roles/elasticsearch/tasks/upgrade.yml b/ansible/roles/elasticsearch/tasks/upgrade.yml index a15ca5026e..b51287d8ae 100644 --- a/ansible/roles/elasticsearch/tasks/upgrade.yml +++ b/ansible/roles/elasticsearch/tasks/upgrade.yml @@ -6,7 +6,7 @@ kolla_toolbox: module_name: uri module_args: - url: "{{ internal_protocol }}://{{ kolla_internal_vip_address | put_address_in_context('url') }}:{{ elasticsearch_port }}/_cluster/settings" + url: "{{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ elasticsearch_port }}/_cluster/settings" method: PUT status_code: 200 return_content: yes @@ -20,7 +20,7 @@ kolla_toolbox: module_name: uri module_args: - url: "{{ internal_protocol }}://{{ kolla_internal_vip_address | put_address_in_context('url') }}:{{ elasticsearch_port }}/_flush/synced" + url: "{{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ elasticsearch_port }}/_flush/synced" method: POST status_code: 200 return_content: yes diff --git a/ansible/roles/grafana/defaults/main.yml b/ansible/roles/grafana/defaults/main.yml index 1a901c56e2..bbe51ad52f 100644 --- a/ansible/roles/grafana/defaults/main.yml +++ b/ansible/roles/grafana/defaults/main.yml @@ -39,7 +39,7 @@ grafana_data_sources: database: "telegraf" name: "telegraf" type: "influxdb" - url: "{{ internal_protocol }}://{{ kolla_internal_vip_address | put_address_in_context('url') }}:{{ influxdb_http_port }}" + url: "{{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ influxdb_http_port }}" access: "proxy" basicAuth: false elasticsearch: @@ -48,7 +48,7 @@ grafana_data_sources: name: "elasticsearch" type: "elasticsearch" access: "proxy" - url: "{{ internal_protocol }}://{{ kolla_internal_vip_address | put_address_in_context('url') }}:{{ elasticsearch_port }}" + url: "{{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ elasticsearch_port }}" database: "flog-*" jsonData: esVersion: 5 diff --git a/ansible/roles/grafana/tasks/post_config.yml b/ansible/roles/grafana/tasks/post_config.yml index 60add9ec6f..ede3c7902c 100644 --- a/ansible/roles/grafana/tasks/post_config.yml +++ b/ansible/roles/grafana/tasks/post_config.yml @@ -4,7 +4,7 @@ kolla_toolbox: module_name: uri module_args: - url: "{{ internal_protocol }}://{{ kolla_internal_vip_address | put_address_in_context('url') }}:{{ grafana_server_port }}/login" + url: "{{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ grafana_server_port }}/login" status_code: 200 register: result until: result.get('status') == 200 @@ -17,7 +17,7 @@ kolla_toolbox: module_name: uri module_args: - url: "{{ internal_protocol }}://{{ kolla_internal_vip_address | put_address_in_context('url') }}:{{ grafana_server_port }}/api/datasources" + url: "{{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ grafana_server_port }}/api/datasources" method: POST user: "{{ grafana_admin_username }}" password: "{{ grafana_admin_password }}" @@ -38,7 +38,7 @@ kolla_toolbox: module_name: uri module_args: - url: "{{ internal_protocol }}://{{ kolla_internal_vip_address | put_address_in_context('url') }}:{{ grafana_server_port }}/api/user/helpflags/1" + url: "{{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ grafana_server_port }}/api/user/helpflags/1" method: PUT user: "{{ grafana_admin_username }}" password: "{{ grafana_admin_password }}" diff --git a/ansible/roles/grafana/templates/prometheus.yaml.j2 b/ansible/roles/grafana/templates/prometheus.yaml.j2 index f1be95873c..23c1790bdf 100644 --- a/ansible/roles/grafana/templates/prometheus.yaml.j2 +++ b/ansible/roles/grafana/templates/prometheus.yaml.j2 @@ -5,5 +5,5 @@ datasources: type: prometheus access: proxy orgId: 1 - url: http://{{ kolla_internal_vip_address | put_address_in_context('url') }}:{{ prometheus_port }} + url: http://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ prometheus_port }} version: 1 diff --git a/ansible/roles/kibana/tasks/post_config.yml b/ansible/roles/kibana/tasks/post_config.yml index d53584f90a..b411aff45f 100644 --- a/ansible/roles/kibana/tasks/post_config.yml +++ b/ansible/roles/kibana/tasks/post_config.yml @@ -10,7 +10,7 @@ kolla_toolbox: module_name: uri module_args: - url: "{{ internal_protocol }}://{{ kolla_internal_vip_address | put_address_in_context('url') }}:{{ elasticsearch_port }}/.kibana" + url: "{{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ elasticsearch_port }}/.kibana" method: PUT body: "{{ kibana_default_index_options | to_json }}" body_format: json @@ -28,7 +28,7 @@ kolla_toolbox: module_name: uri module_args: - url: "{{ internal_protocol }}://{{ kolla_internal_vip_address | put_address_in_context('url') }}:{{ elasticsearch_port }}/.kibana" + url: "{{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ elasticsearch_port }}/.kibana" status_code: 200 register: result until: result.status == 200 @@ -41,7 +41,7 @@ kolla_toolbox: module_name: uri module_args: - url: "{{ internal_protocol }}://{{ kolla_internal_vip_address | put_address_in_context('url') }}:{{ elasticsearch_port }}/.kibana/config/*" + url: "{{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ elasticsearch_port }}/.kibana/config/*" method: PUT body: defaultIndex: "{{ kibana_default_index_pattern }}" @@ -56,7 +56,7 @@ module_args: headers: Content-Type: application/json - url: "{{ internal_protocol }}://{{ kolla_internal_vip_address | put_address_in_context('url') }}:{{ elasticsearch_port }}/.kibana" + url: "{{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ elasticsearch_port }}/.kibana" method: GET register: kibana_default_indexes run_once: true @@ -75,7 +75,7 @@ kolla_toolbox: module_name: uri module_args: - url: "{{ internal_protocol }}://{{ kolla_internal_vip_address | put_address_in_context('url') }}:{{ elasticsearch_port }}/.kibana/index-pattern/{{ kibana_default_index_pattern }}" + url: "{{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ elasticsearch_port }}/.kibana/index-pattern/{{ kibana_default_index_pattern }}" method: PUT body: "{{ kibana_default_index | to_json }}" body_format: json diff --git a/ansible/roles/kibana/templates/kibana.yml.j2 b/ansible/roles/kibana/templates/kibana.yml.j2 index 9203d2a0ae..bf5f08012d 100644 --- a/ansible/roles/kibana/templates/kibana.yml.j2 +++ b/ansible/roles/kibana/templates/kibana.yml.j2 @@ -2,7 +2,7 @@ kibana.defaultAppId: "{{ kibana_default_app_id }}" logging.dest: /var/log/kolla/kibana/kibana.log server.port: {{ kibana_server_port }} server.host: "{{ api_interface_address }}" -elasticsearch.url: "{{ internal_protocol }}://{{ kolla_internal_vip_address | put_address_in_context('url') }}:{{ elasticsearch_port }}" +elasticsearch.url: "{{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ elasticsearch_port }}" elasticsearch.requestTimeout: {{ kibana_elasticsearch_request_timeout }} elasticsearch.shardTimeout: {{ kibana_elasticsearch_shard_timeout }} elasticsearch.ssl.verificationMode: "{{ 'full' if kibana_elasticsearch_ssl_verify | bool else 'none' }}" diff --git a/ansible/roles/monasca/defaults/main.yml b/ansible/roles/monasca/defaults/main.yml index b5c08e7a28..29843c4e30 100644 --- a/ansible/roles/monasca/defaults/main.yml +++ b/ansible/roles/monasca/defaults/main.yml @@ -189,7 +189,7 @@ monasca_grafana_data_sources: name: "Monasca API" type: "monasca-datasource" access: "proxy" - url: "{{ internal_protocol }}://{{ kolla_internal_vip_address | put_address_in_context('url') }}:{{ monasca_api_port }}" + url: "{{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ monasca_api_port }}" isDefault: True basicAuth: false jsonData: diff --git a/ansible/roles/monasca/tasks/post_config.yml b/ansible/roles/monasca/tasks/post_config.yml index de3f0170d9..03c52a4109 100644 --- a/ansible/roles/monasca/tasks/post_config.yml +++ b/ansible/roles/monasca/tasks/post_config.yml @@ -4,7 +4,7 @@ kolla_toolbox: module_name: uri module_args: - url: "{{ internal_protocol }}://{{ kolla_internal_vip_address | put_address_in_context('url') }}:{{ monasca_grafana_server_port }}/login" + url: "{{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ monasca_grafana_server_port }}/login" status_code: 200 register: result until: result.get('status') == 200 @@ -22,7 +22,7 @@ module_name: uri module_args: method: GET - url: "{{ internal_protocol }}://{{ kolla_internal_vip_address | put_address_in_context('url') }}:{{ monasca_grafana_server_port }}/api/orgs" + url: "{{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ monasca_grafana_server_port }}/api/orgs" user: '{{ monasca_grafana_admin_username }}' password: '{{ monasca_grafana_admin_password }}' return_content: true @@ -36,7 +36,7 @@ module_name: uri module_args: method: POST - url: "{{ internal_protocol }}://{{ kolla_internal_vip_address | put_address_in_context('url') }}:{{ monasca_grafana_server_port }}/api/orgs" + url: "{{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ monasca_grafana_server_port }}/api/orgs" user: '{{ monasca_grafana_admin_username }}' password: '{{ monasca_grafana_admin_password }}' body_format: json @@ -52,7 +52,7 @@ module_name: uri module_args: method: GET - url: "{{ internal_protocol }}://{{ kolla_internal_vip_address | put_address_in_context('url') }}:{{ monasca_grafana_server_port }}/api/orgs/name/{{ monasca_grafana_control_plane_org }}" + url: "{{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ monasca_grafana_server_port }}/api/orgs/name/{{ monasca_grafana_control_plane_org }}" user: '{{ monasca_grafana_admin_username }}' password: '{{ monasca_grafana_admin_password }}' return_content: true @@ -66,7 +66,7 @@ module_name: uri module_args: method: POST - url: "{{ internal_protocol }}://{{ kolla_internal_vip_address | put_address_in_context('url') }}:{{ monasca_grafana_server_port }}/api/orgs/{{ monasca_grafana_conf_org.json.id }}/users" + url: "{{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ monasca_grafana_server_port }}/api/orgs/{{ monasca_grafana_conf_org.json.id }}/users" user: '{{ monasca_grafana_admin_username }}' password: '{{ monasca_grafana_admin_password }}' body: @@ -87,7 +87,7 @@ module_name: uri module_args: method: POST - url: "{{ internal_protocol }}://{{ kolla_internal_vip_address | put_address_in_context('url') }}:{{ monasca_grafana_server_port }}/api/user/using/{{ monasca_grafana_conf_org.json.id }}" + url: "{{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ monasca_grafana_server_port }}/api/user/using/{{ monasca_grafana_conf_org.json.id }}" user: '{{ monasca_grafana_admin_username }}' password: '{{ monasca_grafana_admin_password }}' force_basic_auth: true @@ -98,7 +98,7 @@ kolla_toolbox: module_name: uri module_args: - url: "{{ internal_protocol }}://{{ kolla_internal_vip_address | put_address_in_context('url') }}:{{ monasca_grafana_server_port }}/api/datasources" + url: "{{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ monasca_grafana_server_port }}/api/datasources" method: POST user: "{{ monasca_grafana_admin_username }}" password: "{{ monasca_grafana_admin_password }}" diff --git a/ansible/roles/prometheus/defaults/main.yml b/ansible/roles/prometheus/defaults/main.yml index b764202027..558dfa9652 100644 --- a/ansible/roles/prometheus/defaults/main.yml +++ b/ansible/roles/prometheus/defaults/main.yml @@ -108,7 +108,7 @@ prometheus_mysql_exporter_database_user: "{% if use_preconfigured_databases | bo # 'service_name:blackbox_exporter_module:endpoint' for example: # # prometheus_blackbox_exporter_targets: -# - 'glance:os_endpoint:http://{{ kolla_external_vip_address | put_address_in_context('url') }}:{{ glance_api_port}}' +# - 'glance:os_endpoint:http://{{ kolla_external_fqdn | put_address_in_context('url') }}:{{ glance_api_port}}' # # For a list of modules see the alertmanager config. prometheus_blackbox_exporter_endpoints: [] diff --git a/releasenotes/notes/fix-rest-urls-fqdn-a555e8299fe34efb.yaml b/releasenotes/notes/fix-rest-urls-fqdn-a555e8299fe34efb.yaml new file mode 100644 index 0000000000..6009d5e98a --- /dev/null +++ b/releasenotes/notes/fix-rest-urls-fqdn-a555e8299fe34efb.yaml @@ -0,0 +1,6 @@ +--- +fixes: + - | + Construct service REST API urls using ``kolla_internal_fqdn`` instead of + ``kolla_internal_vip_address``. Otherwise SSL validation will fail when + certificates are issued using domain names.