Fix etcd protocol configuration
The etcd service protocol is currently configured with internal_protocol. The etcd service is not load balanced by a HAProxy container, so there is no proxy layer to do TLS termination when internal_protocol is configured to be "https". Until the etcd service is configured to deploy with native TLS termination, the etcd uses should be independent of internal_protocol, and "http" by default. Change-Id: I730c02331514244e44004aa06e9399c01264c65d Closes-Bug: 1884137
This commit is contained in:
parent
e2acee87ee
commit
a158432223
@ -268,6 +268,7 @@ elasticsearch_port: "9200"
|
|||||||
|
|
||||||
etcd_client_port: "2379"
|
etcd_client_port: "2379"
|
||||||
etcd_peer_port: "2380"
|
etcd_peer_port: "2380"
|
||||||
|
etcd_protocol: "http"
|
||||||
|
|
||||||
fluentd_syslog_port: "5140"
|
fluentd_syslog_port: "5140"
|
||||||
|
|
||||||
|
@ -216,5 +216,5 @@ backend_url = {{ redis_connection_string }}
|
|||||||
# NOTE(yoctozepto): we must use etcd3gw (aka etcd3+http) due to issues with alternative (etcd3) and eventlet (as used by cinder)
|
# NOTE(yoctozepto): we must use etcd3gw (aka etcd3+http) due to issues with alternative (etcd3) and eventlet (as used by cinder)
|
||||||
# see https://bugs.launchpad.net/kolla-ansible/+bug/1854932
|
# see https://bugs.launchpad.net/kolla-ansible/+bug/1854932
|
||||||
# and https://review.opendev.org/466098 for details
|
# and https://review.opendev.org/466098 for details
|
||||||
backend_url = etcd3+http://{{ 'api' | kolla_address(groups['etcd'][0]) | put_address_in_context('url') }}:{{ etcd_client_port }}
|
backend_url = etcd3+{{ etcd_protocol }}://{{ 'api' | kolla_address(groups['etcd'][0]) | put_address_in_context('url') }}:{{ etcd_client_port }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
@ -9,12 +9,12 @@ etcd_services:
|
|||||||
environment:
|
environment:
|
||||||
ETCD_DATA_DIR: "/var/lib/etcd"
|
ETCD_DATA_DIR: "/var/lib/etcd"
|
||||||
ETCD_NAME: "{{ ansible_hostname }}"
|
ETCD_NAME: "{{ ansible_hostname }}"
|
||||||
ETCD_ADVERTISE_CLIENT_URLS: "{{ internal_protocol }}://{{ api_interface_address | put_address_in_context('url') }}:{{ etcd_client_port }}"
|
ETCD_ADVERTISE_CLIENT_URLS: "{{ etcd_protocol }}://{{ api_interface_address | put_address_in_context('url') }}:{{ etcd_client_port }}"
|
||||||
ETCD_LISTEN_CLIENT_URLS: "{{ internal_protocol }}://{{ api_interface_address | put_address_in_context('url') }}:{{ etcd_client_port }}"
|
ETCD_LISTEN_CLIENT_URLS: "{{ etcd_protocol }}://{{ api_interface_address | put_address_in_context('url') }}:{{ etcd_client_port }}"
|
||||||
ETCD_INITIAL_ADVERTISE_PEER_URLS: "{{ internal_protocol }}://{{ api_interface_address | put_address_in_context('url') }}:{{ etcd_peer_port }}"
|
ETCD_INITIAL_ADVERTISE_PEER_URLS: "{{ etcd_protocol }}://{{ api_interface_address | put_address_in_context('url') }}:{{ etcd_peer_port }}"
|
||||||
ETCD_LISTEN_PEER_URLS: "{{ internal_protocol }}://{{ api_interface_address | put_address_in_context('url') }}:{{ etcd_peer_port }}"
|
ETCD_LISTEN_PEER_URLS: "{{ etcd_protocol }}://{{ api_interface_address | put_address_in_context('url') }}:{{ etcd_peer_port }}"
|
||||||
ETCD_INITIAL_CLUSTER_TOKEN: "{{ etcd_cluster_token }}"
|
ETCD_INITIAL_CLUSTER_TOKEN: "{{ etcd_cluster_token }}"
|
||||||
ETCD_INITIAL_CLUSTER: "{% for host in groups['etcd'] %}{{ hostvars[host]['ansible_hostname'] }}={{ internal_protocol }}://{{ 'api' | kolla_address(host) | put_address_in_context('url') }}:{{ etcd_peer_port }}{% if not loop.last %},{% endif %}{% endfor %}"
|
ETCD_INITIAL_CLUSTER: "{% for host in groups['etcd'] %}{{ hostvars[host]['ansible_hostname'] }}={{ etcd_protocol }}://{{ 'api' | kolla_address(host) | put_address_in_context('url') }}:{{ etcd_peer_port }}{% if not loop.last %},{% endif %}{% endfor %}"
|
||||||
ETCD_INITIAL_CLUSTER_STATE: "new"
|
ETCD_INITIAL_CLUSTER_STATE: "new"
|
||||||
ETCD_OUT_FILE: "/var/log/kolla/etcd/etcd.log"
|
ETCD_OUT_FILE: "/var/log/kolla/etcd/etcd.log"
|
||||||
KOLLA_CONFIG_STRATEGY: "{{ config_strategy }}"
|
KOLLA_CONFIG_STRATEGY: "{{ config_strategy }}"
|
||||||
|
@ -41,7 +41,7 @@ file_system_dir = /var/lib/qinling/package
|
|||||||
{% if enable_etcd | bool %}
|
{% if enable_etcd | bool %}
|
||||||
host = {{ api_interface_address }}
|
host = {{ api_interface_address }}
|
||||||
port = {{ etcd_client_port }}
|
port = {{ etcd_client_port }}
|
||||||
protocol = {{ internal_protocol }}
|
protocol = {{ etcd_protocol }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
[oslo_messaging_notifications]
|
[oslo_messaging_notifications]
|
||||||
|
@ -15,11 +15,11 @@ etcd:
|
|||||||
servers:
|
servers:
|
||||||
{% if enable_etcd | bool %}
|
{% if enable_etcd | bool %}
|
||||||
{% for host in groups['etcd'] %}
|
{% for host in groups['etcd'] %}
|
||||||
- http://{{ 'api' | kolla_address(host) | put_address_in_context('url') }}:{{ etcd_client_port }}
|
- {{ etcd_protocol }}://{{ 'api' | kolla_address(host) | put_address_in_context('url') }}:{{ etcd_client_port }}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{% else %}
|
{% else %}
|
||||||
{% for host in groups['skydive-analyzer'] %}
|
{% for host in groups['skydive-analyzer'] %}
|
||||||
- http://{{ 'api' | kolla_address(host) | put_address_in_context('url') }}:{{ etcd_client_port }}
|
- {{ etcd_protocol }}://{{ 'api' | kolla_address(host) | put_address_in_context('url') }}:{{ etcd_client_port }}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
|
@ -26,13 +26,13 @@ etcd:
|
|||||||
embedded: false
|
embedded: false
|
||||||
servers:
|
servers:
|
||||||
{% for host in groups['etcd'] %}
|
{% for host in groups['etcd'] %}
|
||||||
- http://{{ 'api' | kolla_address(host) | put_address_in_context('url') }}:{{ etcd_client_port }}
|
- {{ etcd_protocol }}://{{ 'api' | kolla_address(host) | put_address_in_context('url') }}:{{ etcd_client_port }}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{% else %}
|
{% else %}
|
||||||
embedded: true
|
embedded: true
|
||||||
servers:
|
servers:
|
||||||
{% for host in groups['skydive-analyzer'] %}
|
{% for host in groups['skydive-analyzer'] %}
|
||||||
- http://{{ 'api' | kolla_address(host) | put_address_in_context('url') }}:{{ etcd_client_port }}
|
- {{ etcd_protocol }}://{{ 'api' | kolla_address(host) | put_address_in_context('url') }}:{{ etcd_client_port }}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
listen: {{ api_interface_address | put_address_in_context('url') }}:{{ etcd_client_port }}
|
listen: {{ api_interface_address | put_address_in_context('url') }}:{{ etcd_client_port }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
@ -0,0 +1,8 @@
|
|||||||
|
---
|
||||||
|
fixes:
|
||||||
|
- |
|
||||||
|
Fix the configuration of the etcd service so that its protocol is
|
||||||
|
independant of the value of the ``internal_protocol`` parameter. The etcd
|
||||||
|
service is not load balanced by HAProxy, so there is no proxy
|
||||||
|
layer to do TLS termination when ``internal_protocol`` is configured to be
|
||||||
|
``https``.
|
Loading…
Reference in New Issue
Block a user