From 78bb5942649507f4340e562ce8fa2a766ca2bc4e Mon Sep 17 00:00:00 2001
From: Bharat Kunwar <bharat@stackhpc.com>
Date: Sun, 28 Jun 2020 12:13:07 +0100
Subject: [PATCH] Use public interface for Magnum client and trustee Keystone
 interface

While all other clients should use internalURL, the Magnum client itself
and Keystone interface for trustee credentials should be publicly
accessible (upstream default when no config is specified) since
instances need to be able to reach them.

Closes-Bug: #1885420
Change-Id: I74359cec7147a80db24eb4aa4156c35d31a026bf
---
 ansible/roles/magnum/templates/magnum.conf.j2              | 3 ++-
 ...clients-in-magnum-use-internalURL-af3ad82af71a88c6.yaml | 7 +++----
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/ansible/roles/magnum/templates/magnum.conf.j2 b/ansible/roles/magnum/templates/magnum.conf.j2
index 40bde9b208..764433175b 100644
--- a/ansible/roles/magnum/templates/magnum.conf.j2
+++ b/ansible/roles/magnum/templates/magnum.conf.j2
@@ -25,7 +25,7 @@ default_docker_volume_type = {{ default_docker_volume_type }}
 
 [magnum_client]
 region_name = {{ openstack_region_name }}
-endpoint_type = internalURL
+endpoint_type = publicURL
 
 [heat_client]
 region_name = {{ openstack_region_name }}
@@ -85,6 +85,7 @@ trustee_domain_admin_password = {{ magnum_keystone_password }}
 trustee_domain_admin_name = {{ magnum_trustee_domain_admin }}
 trustee_domain_name = {{ magnum_trustee_domain }}
 trustee_keystone_region_name = {{ openstack_region_name }}
+trustee_keystone_interface = public
 cluster_user_trust = {{ enable_cluster_user_trust }}
 
 [oslo_concurrency]
diff --git a/releasenotes/notes/clients-in-magnum-use-internalURL-af3ad82af71a88c6.yaml b/releasenotes/notes/clients-in-magnum-use-internalURL-af3ad82af71a88c6.yaml
index 0cfbd32ecf..eb5293a37c 100644
--- a/releasenotes/notes/clients-in-magnum-use-internalURL-af3ad82af71a88c6.yaml
+++ b/releasenotes/notes/clients-in-magnum-use-internalURL-af3ad82af71a88c6.yaml
@@ -1,7 +1,6 @@
 ---
 fixes:
   - |
-    In line with clients for other services used by Magnum, it now uses
-    endpoint_type = internalURL also for Magnum itself, Cinder and Octavia
-    clients. In the same tune, these services also use the globally defined
-    `openstack_region_name`.
+    In line with clients for other services used by Magnum, Cinder and Octavia
+    also use endpoint_type = internalURL. In the same tune, these services also
+    use the globally defined `openstack_region_name`.