From bece976b919b734d7d23ff169ec7a2df90e2b64a Mon Sep 17 00:00:00 2001
From: Jim Rollenhagen <jim@jimrollenhagen.com>
Date: Tue, 18 Dec 2018 12:45:54 -0500
Subject: [PATCH] Allow keystone services to use independent hostnames
This allows keystone service endpoints to use custom hostnames, and adds the
following variables:
* keystone_internal_fqdn
* keystone_external_fqdn
These default to the old values of kolla_internal_fqdn or
kolla_external_fqdn.
This also adds the following variables:
* keystone_admin_listen_port
* keystone_public_listen_port
These default to keystone_admin_port and keystone_public_port,
respectively, for backward compatibility.
These options allow the user to differentiate between the port the
service listens on, and the port the service is reachable on. This is
useful for external load balancers which live on the same host as the
service itself.
Change-Id: I50c46c674134f9958ee4357f0f4eed5483af2214
Implements: blueprint service-hostnames
---
ansible/group_vars/all.yml | 10 +++++++---
ansible/roles/keystone/defaults/main.yml | 3 +++
ansible/roles/keystone/tasks/precheck.yml | 4 ++--
ansible/roles/keystone/templates/wsgi-keystone.conf.j2 | 8 ++++----
4 files changed, 16 insertions(+), 9 deletions(-)
diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml
index bdc4b242de..a7eac3a161 100644
--- a/ansible/group_vars/all.yml
+++ b/ansible/group_vars/all.yml
@@ -242,7 +242,9 @@ kafka_port: "9092"
karbor_api_port: "8799"
keystone_public_port: "5000"
+keystone_public_listen_port: "{{ keystone_public_port }}"
keystone_admin_port: "35357"
+keystone_admin_listen_port: "{{ keystone_admin_port }}"
keystone_ssh_port: "8023"
kibana_server_port: "5601"
@@ -672,9 +674,11 @@ kibana_log_prefix: "flog"
####################
# Keystone options
####################
-keystone_admin_url: "{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}"
-keystone_internal_url: "{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}"
-keystone_public_url: "{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ keystone_public_port }}"
+keystone_internal_fqdn: "{{ kolla_internal_fqdn }}"
+keystone_external_fqdn: "{{ kolla_external_fqdn }}"
+keystone_admin_url: "{{ admin_protocol }}://{{ keystone_internal_fqdn }}:{{ keystone_admin_port }}"
+keystone_internal_url: "{{ internal_protocol }}://{{ keystone_internal_fqdn }}:{{ keystone_public_port }}"
+keystone_public_url: "{{ public_protocol }}://{{ keystone_external_fqdn }}:{{ keystone_public_port }}"
keystone_admin_user: "admin"
keystone_admin_project: "admin"
diff --git a/ansible/roles/keystone/defaults/main.yml b/ansible/roles/keystone/defaults/main.yml
index 64c40b1100..5154c45a4e 100644
--- a/ansible/roles/keystone/defaults/main.yml
+++ b/ansible/roles/keystone/defaults/main.yml
@@ -20,16 +20,19 @@ keystone_services:
mode: "http"
external: false
port: "{{ keystone_public_port }}"
+ listen_port: "{{ keystone_public_listen_port }}"
keystone_external:
enabled: "{{ enable_keystone }}"
mode: "http"
external: true
port: "{{ keystone_public_port }}"
+ listen_port: "{{ keystone_public_listen_port }}"
keystone_admin:
enabled: "{{ enable_keystone }}"
mode: "http"
external: false
port: "{{ keystone_admin_port }}"
+ listen_port: "{{ keystone_admin_listen_port }}"
keystone-ssh:
container_name: "keystone_ssh"
group: "keystone"
diff --git a/ansible/roles/keystone/tasks/precheck.yml b/ansible/roles/keystone/tasks/precheck.yml
index 53c268c793..d0863b940e 100644
--- a/ansible/roles/keystone/tasks/precheck.yml
+++ b/ansible/roles/keystone/tasks/precheck.yml
@@ -9,7 +9,7 @@
- name: Checking free port for Keystone Admin
wait_for:
host: "{{ api_interface_address }}"
- port: "{{ keystone_admin_port }}"
+ port: "{{ keystone_admin_listen_port }}"
connect_timeout: 1
timeout: 1
state: stopped
@@ -20,7 +20,7 @@
- name: Checking free port for Keystone Public
wait_for:
host: "{{ api_interface_address }}"
- port: "{{ keystone_public_port }}"
+ port: "{{ keystone_public_listen_port }}"
connect_timeout: 1
timeout: 1
state: stopped
diff --git a/ansible/roles/keystone/templates/wsgi-keystone.conf.j2 b/ansible/roles/keystone/templates/wsgi-keystone.conf.j2
index 522f872770..5e14169ab4 100644
--- a/ansible/roles/keystone/templates/wsgi-keystone.conf.j2
+++ b/ansible/roles/keystone/templates/wsgi-keystone.conf.j2
@@ -1,8 +1,8 @@
{% set keystone_log_dir = '/var/log/kolla/keystone' %}
{% set python_path = '/usr/lib/python2.7/site-packages' if keystone_install_type == 'binary' else '/var/lib/kolla/venv/lib/python2.7/site-packages' %}
{% set binary_path = '/usr/bin' if keystone_install_type == 'binary' else '/var/lib/kolla/venv/bin' %}
-Listen {{ api_interface_address }}:{{ keystone_public_port }}
-Listen {{ api_interface_address }}:{{ keystone_admin_port }}
+Listen {{ api_interface_address }}:{{ keystone_public_listen_port }}
+Listen {{ api_interface_address }}:{{ keystone_admin_listen_port }}
ServerSignature Off
ServerTokens Prod
@@ -17,7 +17,7 @@ TraceEnable off
</Directory>
-<VirtualHost *:{{ keystone_public_port }}>
+<VirtualHost *:{{ keystone_public_listen_port }}>
WSGIDaemonProcess keystone-public processes={{ openstack_service_workers }} threads=1 user=keystone group=keystone display-name=%{GROUP} python-path={{ python_path }}
WSGIProcessGroup keystone-public
WSGIScriptAlias / {{ binary_path }}/keystone-wsgi-public
@@ -31,7 +31,7 @@ TraceEnable off
CustomLog "{{ keystone_log_dir }}/keystone-apache-public-access.log" logformat
</VirtualHost>
-<VirtualHost *:{{ keystone_admin_port }}>
+<VirtualHost *:{{ keystone_admin_listen_port }}>
WSGIDaemonProcess keystone-admin processes={{ openstack_service_workers }} threads=1 user=keystone group=keystone display-name=%{GROUP} python-path={{ python_path }}
WSGIProcessGroup keystone-admin
WSGIScriptAlias / {{ binary_path }}/keystone-wsgi-admin