openstack/kolla-ansible
Code Issues Proposed changes

Standardize use and construction of endpoint URLs

Browse Source 
The goal for this push request is to normalize the construction and use
 of internal, external, and admin URLs. While extending Kolla-ansible
 to enable a more flexible method to manage external URLs, we noticed
 that the same URL was constructed multiple times in different parts
 of the code. This can make it difficult for people that want to work
 with these URLs and create inconsistencies in a large code base with
 time. Therefore, we are proposing here the use of
 "single Kolla-ansible variable" per endpoint URL, which facilitates
 for people that are interested in overriding/extending these URLs.

As an example, we extended Kolla-ansible to facilitate the "override"
of public (external) URLs with the following standard
"<component/serviceName>.<companyBaseUrl>".
Therefore, the "NAT/redirect" in the SSL termination system (HAproxy,
HTTPD or some other) is done via the service name, and not by the port.
This allows operators to easily and automatically create more friendly
 URL names. To develop this feature, we first applied this patch that
 we are sending now to the community. We did that to reduce the surface
  of changes in Kolla-ansible.

Another example is the integration of Kolla-ansible and Consul, which
we also implemented internally, and also requires URLs changes.
Therefore, this PR is essential to reduce code duplicity, and to
facility users/developers to work/customize the services URLs.

Change-Id: I73d483e01476e779a5155b2e18dd5ea25f514e93
Signed-off-by: Rafael Weingärtner <rafael@apache.org>
This commit is contained in:
Rafael Weingärtner 2020-06-16 16:03:31 -03:00 committed by Radosław Piliszek
parent a90aa3e443
commit f425c0678f
49 changed files with 192 additions and 125 deletions
ansible
group_vars
all.yml
roles
barbican
defaults
main.yml
templates
barbican.conf.j2
cinder
defaults
main.yml
templates
cinder.conf.j2
common/templates/conf/output
00-local.conf.j202-monasca.conf.j2
cyborg/templates
cyborg.conf.j2
designate/templates
designate.conf.j2
elasticsearch/tasks
upgrade.yml
etcd/defaults
main.yml
freezer/defaults
main.yml
gnocchi/templates
gnocchi.conf.j2
grafana
defaults
main.yml
tasks
post_config.yml
templates
prometheus.yaml.j2
heat
defaults
main.yml
templates
heat.conf.j2
horizon/defaults
main.yml
ironic
defaults
main.yml
templates
inspector.ipxe.j2ironic.conf.j2pxelinux.default.j2
keystone/templates
keystone.conf.j2
kibana/templates
kibana.yml.j2
kuryr
defaults
main.yml
templates
kuryr.conf.j2kuryr.spec.j2
manila
defaults
main.yml
templates
manila-share.conf.j2
mistral
defaults
main.yml
templates
mistral.conf.j2
monasca
defaults
main.yml
tasks
post_config.yml
murano
tasks
import_library_packages.yml
templates
murano.conf.j2
neutron
defaults
main.yml
templates
neutron.conf.j2
nova-cell/templates
nova.conf.j2
nova
defaults
main.yml
templates
nova.conf.j2
octavia/defaults
main.yml
prometheus/templates
clouds.yml.j2prometheus-alertmanager.yml.j2
searchlight
defaults
main.yml
templates
searchlight.conf.j2
swift/defaults
main.yml
tempest/templates
tempest.conf.j2
vitrage/defaults
main.yml

67
ansible/group_vars/all.yml

@ -168,6 +168,8 @@ keepalived_virtual_router_id: "51"
es_heap_size: "1G"
elasticsearch_datadir_volume: "elasticsearch"
elasticsearch_internal_endpoint: "{{ internal_protocol }}://{{ elasticsearch_address | put_address_in_context('url') }}:{{ elasticsearch_port }}"
###################
# Messaging options
###################
@ -301,6 +303,7 @@ heat_api_cfn_port: "8000"
heat_api_cfn_listen_port: "{{ heat_api_cfn_port }}"
horizon_port: "80"
horizon_tls_port: "443"
horizon_listen_port: "{{ horizon_port }}"
influxdb_http_port: "8086"
@ -690,6 +693,13 @@ enable_destroy_images: "no"
####################
# Monasca options
####################
monasca_api_admin_base_endpoint: "{{ admin_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ monasca_api_port }}"
monasca_api_internal_base_endpoint: "{{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ monasca_api_port }}"
monasca_api_public_base_endpoint: "{{ public_protocol }}://{{ kolla_external_fqdn | put_address_in_context('url') }}:{{ monasca_api_port }}"
monasca_log_api_admin_endpoint: "{{ admin_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ monasca_log_api_port }}"
monasca_log_api_internal_endpoint: "{{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ monasca_log_api_port }}"
monasca_log_api_public_endpoint: "{{ public_protocol }}://{{ kolla_external_fqdn | put_address_in_context('url') }}:{{ monasca_log_api_port }}"
# The OpenStack username used by the Monasca Agent and the Fluentd Monasca
# plugin to post logs and metrics from the control plane to Monasca.
@ -786,6 +796,7 @@ kibana_log_prefix: "flog"
####################
keystone_internal_fqdn: "{{ kolla_internal_fqdn }}"
keystone_external_fqdn: "{{ kolla_external_fqdn }}"
keystone_admin_url: "{{ admin_protocol }}://{{ keystone_internal_fqdn | put_address_in_context('url') }}:{{ keystone_admin_port }}"
keystone_internal_url: "{{ internal_protocol }}://{{ keystone_internal_fqdn | put_address_in_context('url') }}:{{ keystone_public_port }}"
keystone_public_url: "{{ public_protocol }}://{{ keystone_external_fqdn | put_address_in_context('url') }}:{{ keystone_public_port }}"
@ -837,6 +848,10 @@ glance_enable_property_protection: "no"
glance_enable_interoperable_image_import: "no"
glance_api_hosts: "{{ [groups['glance-api']|first] if glance_backend_file | bool and glance_file_datadir_volume == 'glance' else groups['glance-api'] }}"
glance_admin_endpoint: "{{ admin_protocol }}://{{ glance_internal_fqdn | put_address_in_context('url') }}:{{ glance_api_port }}"
glance_internal_endpoint: "{{ internal_protocol }}://{{ glance_internal_fqdn | put_address_in_context('url') }}:{{ glance_api_port }}"
glance_public_endpoint: "{{ public_protocol }}://{{ glance_external_fqdn | put_address_in_context('url') }}:{{ glance_api_port }}"
#######################
# Barbican options
#######################
@ -844,6 +859,10 @@ glance_api_hosts: "{{ [groups['glance-api']|first] if glance_backend_file | bool
barbican_crypto_plugin: "simple_crypto"
barbican_library_path: "/usr/lib/libCryptoki2_64.so"
barbican_admin_endpoint: "{{ admin_protocol }}://{{ barbican_internal_fqdn | put_address_in_context('url') }}:{{ barbican_api_port }}"
barbican_internal_endpoint: "{{ internal_protocol }}://{{ barbican_internal_fqdn | put_address_in_context('url') }}:{{ barbican_api_port }}"
barbican_public_endpoint: "{{ public_protocol }}://{{ barbican_external_fqdn | put_address_in_context('url') }}:{{ barbican_api_port }}"
#################
# Gnocchi options
#################
@ -854,7 +873,6 @@ gnocchi_backend_storage: "{% if enable_swift | bool %}swift{% else %}file{% endi
gnocchi_incoming_storage: "{{ 'redis' if enable_redis | bool else '' }}"
gnocchi_metric_datadir_volume: "gnocchi"
#################################
# Cinder options
#################################
@ -893,6 +911,10 @@ designate_backend_external_bind9_nameservers: ""
# Valid options are [ '', redis ]
designate_coordination_backend: "{{ 'redis' if enable_redis|bool else '' }}"
designate_admin_endpoint: "{{ admin_protocol }}://{{ designate_internal_fqdn | put_address_in_context('url') }}:{{ designate_api_port }}"
designate_internal_endpoint: "{{ internal_protocol }}://{{ designate_internal_fqdn | put_address_in_context('url') }}:{{ designate_api_port }}"
designate_public_endpoint: "{{ public_protocol }}://{{ designate_external_fqdn | put_address_in_context('url') }}:{{ designate_api_port }}"
#######################
# Neutron options
#######################
@ -917,6 +939,11 @@ neutron_legacy_iptables: "no"
# Enable distributed floating ip for OVN deployments
neutron_ovn_distributed_fip: "no"
neutron_admin_endpoint: "{{ admin_protocol }}://{{ neutron_internal_fqdn | put_address_in_context('url') }}:{{ neutron_server_port }}"
neutron_internal_endpoint: "{{ internal_protocol }}://{{ neutron_internal_fqdn | put_address_in_context('url') }}:{{ neutron_server_port }}"
neutron_public_endpoint: "{{ public_protocol }}://{{ neutron_external_fqdn | put_address_in_context('url') }}:{{ neutron_server_port }}"
#######################
# Nova options
#######################
@ -954,6 +981,8 @@ enable_keystone_horizon_policy_file: "{{ enable_keystone }}"
enable_neutron_horizon_policy_file: "{{ enable_neutron }}"
enable_nova_horizon_policy_file: "{{ enable_nova }}"
horizon_internal_endpoint: "{{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ horizon_tls_port if kolla_enable_tls_internal | bool else horizon_port }}"
#################
# Octavia options
#################
@ -1044,12 +1073,15 @@ prometheus_openstack_exporter_endpoint_type: "internal"
############
enable_vitrage_prometheus_datasource: "{{ enable_prometheus | bool }}"
####################
# InfluxDB options
####################
influxdb_address: "{{ kolla_internal_fqdn }}"
influxdb_datadir_volume: "influxdb"
infuxdb_internal_endpoint: "{{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ influxdb_http_port }}"
#################
# Kafka options
#################
@ -1073,3 +1105,36 @@ distro_python_version: "{{ distro_python_version_map[kolla_base_distro] }}"
# Configure telegraf to use the docker daemon itself as an input for
# telemetry data.
telegraf_enable_docker_input: "no"
vitrage_admin_endpoint: "{{ admin_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ vitrage_api_port }}"
vitrage_internal_endpoint: "{{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ vitrage_api_port }}"
vitrage_public_endpoint: "{{ public_protocol }}://{{ kolla_external_fqdn | put_address_in_context('url') }}:{{ vitrage_api_port }}"
####################
# Grafana
####################
grafana_internal_endpoint: "{{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ grafana_server_port }}"
grafana_public_endpoint: "{{ public_protocol }}://{{ kolla_external_fqdn | put_address_in_context('url') }}:{{ grafana_server_port }}"
#############
# Ironic
#############
ironic_admin_endpoint: "{{ admin_protocol }}://{{ ironic_internal_fqdn | put_address_in_context('url') }}:{{ ironic_api_port }}"
ironic_internal_endpoint: "{{ internal_protocol }}://{{ ironic_internal_fqdn | put_address_in_context('url') }}:{{ ironic_api_port }}"
ironic_public_endpoint: "{{ public_protocol }}://{{ ironic_external_fqdn | put_address_in_context('url') }}:{{ ironic_api_port }}"
########
# Swift
########
swift_internal_base_endpoint: "{{ internal_protocol }}://{{ swift_internal_fqdn | put_address_in_context('url') }}:{{ swift_proxy_server_port }}"
swift_admin_endpoint: "{{ admin_protocol }}://{{ swift_internal_fqdn | put_address_in_context('url') }}:{{ swift_proxy_server_port }}/v1"
swift_internal_endpoint: "{{ swift_internal_base_endpoint }}/v1/AUTH_%(tenant_id)s"
swift_public_endpoint: "{{ public_protocol }}://{{ swift_external_fqdn | put_address_in_context('url') }}:{{ swift_proxy_server_port }}/v1/AUTH_%(tenant_id)s"
##########
# Octavia
##########
octavia_admin_endpoint: "{{ admin_protocol }}://{{ octavia_internal_fqdn | put_address_in_context('url') }}:{{ octavia_api_port }}"
octavia_internal_endpoint: "{{ internal_protocol }}://{{ octavia_internal_fqdn | put_address_in_context('url') }}:{{ octavia_api_port }}"
octavia_public_endpoint: "{{ public_protocol }}://{{ octavia_external_fqdn | put_address_in_context('url') }}:{{ octavia_api_port }}"

4
ansible/roles/barbican/defaults/main.yml

@ -98,10 +98,6 @@ barbican_worker_extra_volumes: "{{ barbican_extra_volumes }}"
####################
# OpenStack
####################
barbican_admin_endpoint: "{{ admin_protocol }}://{{ barbican_internal_fqdn | put_address_in_context('url') }}:{{ barbican_api_port }}"
barbican_internal_endpoint: "{{ internal_protocol }}://{{ barbican_internal_fqdn | put_address_in_context('url') }}:{{ barbican_api_port }}"
barbican_public_endpoint: "{{ public_protocol }}://{{ barbican_external_fqdn | put_address_in_context('url') }}:{{ barbican_api_port }}"
barbican_logging_debug: "{{ openstack_logging_debug }}"
barbican_keystone_user: "barbican"

3
ansible/roles/barbican/templates/barbican.conf.j2

@ -4,7 +4,8 @@ log_dir = /var/log/kolla/barbican
bind_port = {{ barbican_api_listen_port }}
bind_host = {{ api_interface_address }}
host_href = {{ public_protocol }}://{{ barbican_external_fqdn | put_address_in_context('url') }}:{{ barbican_api_port }}
host_href = {{ barbican_public_endpoint }}
backlog = 4096
max_allowed_secret_in_bytes = 10000
max_allowed_request_size_in_bytes = 1000000

17
ansible/roles/cinder/defaults/main.yml

@ -128,12 +128,17 @@ cinder_volume_extra_volumes: "{{ cinder_extra_volumes }}"
####################
# OpenStack
####################
cinder_v2_admin_endpoint: "{{ admin_protocol }}://{{ cinder_internal_fqdn | put_address_in_context('url') }}:{{ cinder_api_port }}/v2/%(tenant_id)s"
cinder_v2_internal_endpoint: "{{ internal_protocol }}://{{ cinder_internal_fqdn | put_address_in_context('url') }}:{{ cinder_api_port }}/v2/%(tenant_id)s"
cinder_v2_public_endpoint: "{{ public_protocol }}://{{ cinder_external_fqdn | put_address_in_context('url') }}:{{ cinder_api_port }}/v2/%(tenant_id)s"
cinder_v3_admin_endpoint: "{{ admin_protocol }}://{{ cinder_internal_fqdn | put_address_in_context('url') }}:{{ cinder_api_port }}/v3/%(tenant_id)s"
cinder_v3_internal_endpoint: "{{ internal_protocol }}://{{ cinder_internal_fqdn | put_address_in_context('url') }}:{{ cinder_api_port }}/v3/%(tenant_id)s"
cinder_v3_public_endpoint: "{{ public_protocol }}://{{ cinder_external_fqdn | put_address_in_context('url') }}:{{ cinder_api_port }}/v3/%(tenant_id)s"
cinder_admin_base_endpoint: "{{ admin_protocol }}://{{ cinder_internal_fqdn | put_address_in_context('url') }}:{{ cinder_api_port }}"
cinder_internal_base_endpoint: "{{ internal_protocol }}://{{ cinder_internal_fqdn | put_address_in_context('url') }}:{{ cinder_api_port }}"
cinder_public_base_endpoint: "{{ public_protocol }}://{{ cinder_external_fqdn | put_address_in_context('url') }}:{{ cinder_api_port }}"
cinder_v2_admin_endpoint: "{{ cinder_admin_base_endpoint }}/v2/%(tenant_id)s"
cinder_v2_internal_endpoint: "{{ cinder_internal_base_endpoint }}/v2/%(tenant_id)s"
cinder_v2_public_endpoint: "{{ cinder_public_base_endpoint }}/v2/%(tenant_id)s"
cinder_v3_admin_endpoint: "{{ cinder_admin_base_endpoint }}/v3/%(tenant_id)s"
cinder_v3_internal_endpoint: "{{ cinder_internal_base_endpoint }}/v3/%(tenant_id)s"
cinder_v3_public_endpoint: "{{ cinder_public_base_endpoint }}/v3/%(tenant_id)s"
cinder_logging_debug: "{{ openstack_logging_debug }}"

4
ansible/roles/cinder/templates/cinder.conf.j2

@ -13,7 +13,7 @@ my_ip = {{ api_interface_address }}
osapi_volume_workers = {{ openstack_service_workers }}
volume_name_template = volume-%s
glance_api_servers = {{ internal_protocol }}://{{ glance_internal_fqdn | put_address_in_context('url') }}:{{ glance_api_port }}
glance_api_servers = {{ glance_internal_endpoint }}
glance_num_retries = {{ groups['glance-api'] | length }}
glance_api_version = 2
@ -43,7 +43,7 @@ backup_share = {{ cinder_backup_share }}
backup_file_size = 327680000
{% elif enable_swift | bool and cinder_backup_driver == "swift" %}
backup_driver = cinder.backup.drivers.swift.SwiftBackupDriver
backup_swift_url = {{ internal_protocol }}://{{ swift_internal_fqdn | put_address_in_context('url') }}:{{ swift_proxy_server_port }}/v1/AUTH_
backup_swift_url = {{ swift_internal_base_endpoint }}/v1/AUTH_
backup_swift_auth = per_user
backup_swift_auth_version = 1
backup_swift_user =

6
ansible/roles/common/templates/conf/output/00-local.conf.j2

@ -40,7 +40,7 @@
<store>
@type monasca
keystone_url {{ keystone_internal_url }}
monasca_api {{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ monasca_log_api_port }}
monasca_api {{ monasca_log_api_internal_endpoint }}
monasca_api_version v2.0
username {{ monasca_agent_user }}
password {{ monasca_agent_password }}
@ -102,7 +102,7 @@
<store>
@type monasca
keystone_url {{ keystone_internal_url }}
monasca_api {{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ monasca_log_api_port }}
monasca_api {{ monasca_log_api_internal_endpoint }}
monasca_api_version v2.0
username {{ monasca_agent_user }}
password {{ monasca_agent_password }}
@ -161,7 +161,7 @@
<store>
@type monasca
keystone_url {{ keystone_internal_url }}
monasca_api {{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ monasca_log_api_port }}
monasca_api {{ monasca_log_api_internal_endpoint }}
monasca_api_version v2.0
username {{ monasca_agent_user }}
password {{ monasca_agent_password }}

2
ansible/roles/common/templates/conf/output/02-monasca.conf.j2

@ -3,7 +3,7 @@
<store>
@type monasca
keystone_url {{ keystone_internal_url }}
monasca_api {{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ monasca_log_api_port }}
monasca_api {{ monasca_log_api_internal_endpoint }}
monasca_api_version v2.0
username {{ monasca_agent_user }}
password {{ monasca_agent_password }}

4
ansible/roles/cyborg/templates/cyborg.conf.j2

@ -17,13 +17,13 @@ connection = mysql+pymysql://{{ cyborg_database_user }}:{{ cyborg_database_passw
memcache_security_strategy = ENCRYPT
memcache_secret_key = {{ memcache_secret_key }}
memcache_servers = {% for host in groups['memcached'] %}{{ 'api' | kolla_address(host) | put_address_in_context('memcache') }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}
auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ keystone_public_port }}
auth_uri = {{ keystone_internal_url }}
project_domain_name = {{ default_project_domain_name }}
project_name = service
user_domain_name = {{ default_user_domain_name }}
username = {{ cyborg_keystone_user }}
password = {{ cyborg_keystone_password }}
auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ keystone_admin_port }}
auth_url = {{ keystone_admin_url }}
auth_type = password
cafile = {{ openstack_cacert }}

2
ansible/roles/designate/templates/designate.conf.j2

@ -12,7 +12,7 @@ workers = {{ openstack_service_workers }}
[service:api]
listen = {{ api_interface_address | put_address_in_context('url') }}:{{ designate_api_listen_port }}
api_base_uri = {{ internal_protocol }}://{{ designate_internal_fqdn | put_address_in_context('url') }}:{{ designate_api_port }}
api_base_uri = {{ designate_internal_endpoint }}
workers = {{ openstack_service_workers }}
enable_api_admin = True
enable_host_header = True

8
ansible/roles/elasticsearch/tasks/upgrade.yml

@ -1,8 +1,4 @@
---
- name: Set fact for Elasticsearch URL
set_fact:
elasticsearch_url: "{{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ elasticsearch_port }}"
# The official procedure for upgrade elasticsearch:
# https://www.elastic.co/guide/en/elasticsearch/reference/6.x/restart-upgrade.html
- name: Disable shard allocation
@ -12,7 +8,7 @@
kolla_toolbox:
module_name: uri
module_args:
url: "{{ elasticsearch_url }}/_cluster/settings"
url: "{{ elasticsearch_internal_endpoint }}/_cluster/settings"
method: PUT
status_code: 200
return_content: yes
@ -26,7 +22,7 @@
kolla_toolbox:
module_name: uri
module_args:
url: "{{ elasticsearch_url }}/_flush/synced"
url: "{{ elasticsearch_internal_endpoint }}/_flush/synced"
method: POST
status_code: 200
return_content: yes

14
ansible/roles/etcd/defaults/main.yml

@ -9,10 +9,10 @@ etcd_services:
environment:
ETCD_DATA_DIR: "/var/lib/etcd"
ETCD_NAME: "{{ ansible_hostname }}"
ETCD_ADVERTISE_CLIENT_URLS: "{{ etcd_protocol }}://{{ api_interface_address | put_address_in_context('url') }}:{{ etcd_client_port }}"
ETCD_LISTEN_CLIENT_URLS: "{{ etcd_protocol }}://{{ api_interface_address | put_address_in_context('url') }}:{{ etcd_client_port }}"
ETCD_INITIAL_ADVERTISE_PEER_URLS: "{{ etcd_protocol }}://{{ api_interface_address | put_address_in_context('url') }}:{{ etcd_peer_port }}"
ETCD_LISTEN_PEER_URLS: "{{ etcd_protocol }}://{{ api_interface_address | put_address_in_context('url') }}:{{ etcd_peer_port }}"
ETCD_ADVERTISE_CLIENT_URLS: "{{ etcd_client_internal_endpoint }}"
ETCD_LISTEN_CLIENT_URLS: "{{ etcd_client_internal_endpoint }}"
ETCD_INITIAL_ADVERTISE_PEER_URLS: "{{ etcd_peer_internal_endpoint }}"
ETCD_LISTEN_PEER_URLS: "{{ etcd_peer_internal_endpoint }}"
ETCD_INITIAL_CLUSTER_TOKEN: "{{ etcd_cluster_token }}"
ETCD_INITIAL_CLUSTER: "{% for host in groups['etcd'] %}{{ hostvars[host]['ansible_hostname'] }}={{ etcd_protocol }}://{{ 'api' | kolla_address(host) | put_address_in_context('url') }}:{{ etcd_peer_port }}{% if not loop.last %},{% endif %}{% endfor %}"
ETCD_INITIAL_CLUSTER_STATE: "new"
@ -43,3 +43,9 @@ etcd_default_volumes:
- "kolla_etcd:/var/lib/etcd/"
- "kolla_logs:/var/log/kolla/"
etcd_extra_volumes: "{{ default_extra_volumes }}"
############
# Endpoints
############
etcd_client_internal_endpoint: "{{ internal_protocol }}://{{ api_interface_address | put_address_in_context('url') }}:{{ etcd_client_port }}"
etcd_peer_internal_endpoint: "{{ internal_protocol }}://{{ api_interface_address | put_address_in_context('url') }}:{{ etcd_peer_port }}"

6
ansible/roles/freezer/defaults/main.yml

@ -36,9 +36,9 @@ freezer_database_name: "freezer"
freezer_database_user: "{% if use_preconfigured_databases | bool and use_common_mariadb_user | bool %}{{ database_user }}{% else %}freezer{% endif %}"
freezer_database_address: "{{ database_address | put_address_in_context('url') }}:{{ database_port }}"
freezer_elasticsearch_replicas: "1"
freezer_es_protocol:
freezer_es_address:
freezer_es_port:
freezer_es_protocol: "{{ internal_protocol }}"
freezer_es_address: "{{ elasticsearch_address }}"
freezer_es_port: "{{ elasticsearch_port }}"
####################
# Docker

2
ansible/roles/gnocchi/templates/gnocchi.conf.j2

@ -89,5 +89,5 @@ swift_project_name = {{ swift_admin_tenant_name }}
{% if enable_grafana | bool %}
[cors]
allowed_origin = {{ public_protocol }}://{{ kolla_external_fqdn | put_address_in_context('url') }}:{{ grafana_server_port }}
allowed_origin = {{ grafana_public_endpoint }}
{% endif %}

10
ansible/roles/grafana/defaults/main.yml

@ -39,7 +39,7 @@ grafana_data_sources:
database: "telegraf"
name: "telegraf"
type: "influxdb"
url: "{{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ influxdb_http_port }}"
url: "{{ infuxdb_internal_endpoint }}"
access: "proxy"
basicAuth: false
elasticsearch:
@ -48,7 +48,7 @@ grafana_data_sources:
name: "elasticsearch"
type: "elasticsearch"
access: "proxy"
url: "{{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ elasticsearch_port }}"
url: "{{ elasticsearch_internal_endpoint }}"
database: "flog-*"
jsonData:
esVersion: 5
@ -64,7 +64,6 @@ grafana_image_full: "{{ grafana_image }}:{{ grafana_tag }}"
grafana_admin_username: "admin"
grafana_dimensions: "{{ default_container_dimensions }}"
grafana_default_volumes:
- "{{ node_config_directory }}/grafana/:{{ container_config_directory }}/:ro"
- "/etc/localtime:/etc/localtime:ro"
@ -72,3 +71,8 @@ grafana_default_volumes:
- "grafana:/var/lib/grafana/"
- "kolla_logs:/var/log/kolla/"
grafana_extra_volumes: "{{ default_extra_volumes }}"
############
# Prometheus
############
grafana_prometheus_url: "{{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ prometheus_port }}"

6
ansible/roles/grafana/tasks/post_config.yml

@ -4,7 +4,7 @@
kolla_toolbox:
module_name: uri
module_args:
url: "{{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ grafana_server_port }}/login"
url: "{{ grafana_internal_endpoint }}/login"
status_code: 200
register: result
until: result.get('status') == 200
@ -17,7 +17,7 @@
kolla_toolbox:
module_name: uri
module_args:
url: "{{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ grafana_server_port }}/api/datasources"
url: "{{ grafana_internal_endpoint }}/api/datasources"
method: POST
user: "{{ grafana_admin_username }}"
password: "{{ grafana_admin_password }}"
@ -38,7 +38,7 @@
kolla_toolbox:
module_name: uri
module_args:
url: "{{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ grafana_server_port }}/api/user/helpflags/1"
url: "{{ grafana_internal_endpoint }}/api/user/helpflags/1"
method: PUT
user: "{{ grafana_admin_username }}"
password: "{{ grafana_admin_password }}"

2
ansible/roles/grafana/templates/prometheus.yaml.j2

@ -5,5 +5,5 @@ datasources:
type: prometheus
access: proxy
orgId: 1
url: {{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ prometheus_port }}
url: {{ grafana_prometheus_url }}
version: 1

5
ansible/roles/heat/defaults/main.yml

@ -114,9 +114,12 @@ heat_engine_extra_volumes: "{{ heat_extra_volumes }}"
heat_admin_endpoint: "{{ admin_protocol }}://{{ heat_internal_fqdn | put_address_in_context('url') }}:{{ heat_api_port }}/v1/%(tenant_id)s"
heat_internal_endpoint: "{{ internal_protocol }}://{{ heat_internal_fqdn | put_address_in_context('url') }}:{{ heat_api_port }}/v1/%(tenant_id)s"
heat_public_endpoint: "{{ public_protocol }}://{{ heat_external_fqdn | put_address_in_context('url') }}:{{ heat_api_port }}/v1/%(tenant_id)s"
heat_cfn_public_base_endpoint: "{{ public_protocol }}://{{ heat_cfn_external_fqdn | put_address_in_context('url') }}:{{ heat_api_cfn_port }}"
heat_cfn_admin_endpoint: "{{ admin_protocol }}://{{ heat_cfn_internal_fqdn | put_address_in_context('url') }}:{{ heat_api_cfn_port }}/v1"
heat_cfn_internal_endpoint: "{{ internal_protocol }}://{{ heat_cfn_internal_fqdn | put_address_in_context('url') }}:{{ heat_api_cfn_port }}/v1"
heat_cfn_public_endpoint: "{{ public_protocol }}://{{ heat_cfn_external_fqdn | put_address_in_context('url') }}:{{ heat_api_cfn_port }}/v1"
heat_cfn_public_endpoint: "{{ heat_cfn_public_base_endpoint }}/v1"
heat_logging_debug: "{{ openstack_logging_debug }}"

5
ansible/roles/heat/templates/heat.conf.j2

@ -3,9 +3,8 @@ debug = {{ heat_logging_debug }}
log_dir = /var/log/kolla/heat
log_file = $log_dir/{{ service_name }}.log
heat_metadata_server_url = {{ public_protocol }}://{{ heat_cfn_external_fqdn | put_address_in_context('url') }}:{{ heat_api_cfn_port }}
heat_waitcondition_server_url = {{ public_protocol }}://{{ heat_cfn_external_fqdn | put_address_in_context('url') }}:{{ heat_api_cfn_port }}/v1/waitcondition
heat_metadata_server_url = {{ heat_cfn_public_base_endpoint }}
heat_waitcondition_server_url = {{ heat_cfn_public_base_endpoint }}/v1/waitcondition
heat_stack_user_role = {{ heat_stack_user_role }}

4
ansible/roles/horizon/defaults/main.yml

@ -41,7 +41,7 @@ horizon_services:
enabled: "{{ enable_horizon }}"
mode: "http"
external: false
port: "{% if kolla_enable_tls_internal|bool %}443{% else %}{{ horizon_port }}{% endif %}"
port: "{% if kolla_enable_tls_internal|bool %}{{ horizon_tls_port }}{% else %}{{ horizon_port }}{% endif %}"
listen_port: "{{ horizon_listen_port }}"
backend_http_extra:
- "balance source"
@ -56,7 +56,7 @@ horizon_services:
enabled: "{{ enable_horizon }}"
mode: "http"
external: true
port: "{% if kolla_enable_tls_external|bool %}443{% else %}{{ horizon_port }}{% endif %}"
port: "{% if kolla_enable_tls_external|bool %}{{ horizon_tls_port }}{% else %}{{ horizon_port }}{% endif %}"
listen_port: "{{ horizon_listen_port }}"
backend_http_extra:
- "balance source"

6
ansible/roles/ironic/defaults/main.yml

@ -180,10 +180,6 @@ ironic_dnsmasq_extra_volumes: "{{ ironic_extra_volumes }}"
####################
ironic_inspector_keystone_user: "ironic-inspector"
ironic_admin_endpoint: "{{ admin_protocol }}://{{ ironic_internal_fqdn | put_address_in_context('url') }}:{{ ironic_api_port }}"
ironic_internal_endpoint: "{{ internal_protocol }}://{{ ironic_internal_fqdn | put_address_in_context('url') }}:{{ ironic_api_port }}"
ironic_public_endpoint: "{{ public_protocol }}://{{ ironic_external_fqdn | put_address_in_context('url') }}:{{ ironic_api_port }}"
ironic_inspector_admin_endpoint: "{{ admin_protocol }}://{{ ironic_inspector_internal_fqdn | put_address_in_context('url') }}:{{ ironic_inspector_port }}"
ironic_inspector_internal_endpoint: "{{ internal_protocol }}://{{ ironic_inspector_internal_fqdn | put_address_in_context('url') }}:{{ ironic_inspector_port }}"
ironic_inspector_public_endpoint: "{{ public_protocol }}://{{ ironic_inspector_external_fqdn | put_address_in_context('url') }}:{{ ironic_inspector_port }}"
@ -204,7 +200,7 @@ ironic_dnsmasq_default_gateway:
ironic_dnsmasq_boot_file: "{% if enable_ironic_ipxe | bool %}undionly.kpxe{% else %}pxelinux.0{% endif %}"
ironic_cleaning_network:
ironic_console_serial_speed: "115200n8"
ironic_ipxe_url: http://{{ api_interface_address | put_address_in_context('url') }}:{{ ironic_ipxe_port }}
ironic_ipxe_url: "http://{{ api_interface_address | put_address_in_context('url') }}:{{ ironic_ipxe_port }}"
ironic_enable_rolling_upgrade: "yes"
ironic_inspector_kernel_cmdline_extras: []
ironic_inspector_pxe_filter: "{% if enable_neutron | bool %}dnsmasq{% else %}none{% endif %}"

2
ansible/roles/ironic/templates/inspector.ipxe.j2

@ -13,6 +13,6 @@ chain pxelinux.cfg/${mac:hexhyp} || goto inspector_ipa
:inspector_ipa
:retry_boot
imgfree
kernel --timeout 30000 {{ ironic_ipxe_url }}/ironic-agent.kernel ipa-inspection-callback-url={{ internal_protocol }}://{{ ironic_inspector_internal_fqdn | put_address_in_context('url') }}:{{ ironic_inspector_port }}/v1/continue systemd.journald.forward_to_console=yes BOOTIF=${mac} initrd=ironic-agent.initramfs {{ ironic_inspector_kernel_cmdline_extras | join(' ') }} || goto retry_boot
kernel --timeout 30000 {{ ironic_ipxe_url }}/ironic-agent.kernel ipa-inspection-callback-url={{ ironic_inspector_internal_endpoint }}/v1/continue systemd.journald.forward_to_console=yes BOOTIF=${mac} initrd=ironic-agent.initramfs {{ ironic_inspector_kernel_cmdline_extras | join(' ') }} || goto retry_boot
initrd --timeout 30000 {{ ironic_ipxe_url }}/ironic-agent.initramfs || goto retry_boot
boot

2
ansible/roles/ironic/templates/ironic.conf.j2

@ -172,7 +172,7 @@ valid_interfaces = internal
cafile = {{ openstack_cacert }}
{% else %}
auth_type = none
endpoint_override = {{ internal_protocol }}://{{ ironic_internal_fqdn | put_address_in_context('url') }}:{{ ironic_api_port }}
endpoint_override = {{ ironic_internal_endpoint }}
{% endif %}
[agent]

3
ansible/roles/ironic/templates/pxelinux.default.j2

@ -2,6 +2,7 @@ default introspect
label introspect
kernel ironic-agent.kernel
append initrd=ironic-agent.initramfs ipa-inspection-callback-url={{ internal_protocol }}://{{ ironic_inspector_internal_fqdn | put_address_in_context('url') }}:{{ ironic_inspector_port }}/v1/continue systemd.journald.forward_to_console=yes {{ ironic_inspector_kernel_cmdline_extras | join(' ') }}
append initrd=ironic-agent.initramfs ipa-inspection-callback-url={{ ironic_inspector_internal_endpoint }}/v1/continue systemd.journald.forward_to_console=yes {{ ironic_inspector_kernel_cmdline_extras | join(' ') }}
ipappend 3

2
ansible/roles/keystone/templates/keystone.conf.j2

@ -68,5 +68,5 @@ connection_string = {{ osprofiler_backend_connection_string }}
{% if enable_grafana | bool %}
[cors]
allowed_origin = {{ public_protocol }}://{{ kolla_external_fqdn | put_address_in_context('url') }}:{{ grafana_server_port }}
allowed_origin = {{ grafana_public_endpoint }}
{% endif %}

2
ansible/roles/kibana/templates/kibana.yml.j2

@ -2,7 +2,7 @@ kibana.defaultAppId: "{{ kibana_default_app_id }}"
logging.dest: /var/log/kolla/kibana/kibana.log
server.port: {{ kibana_server_port }}
server.host: "{{ api_interface_address }}"
elasticsearch.url: "{{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ elasticsearch_port }}"
elasticsearch.url: "{{ elasticsearch_internal_endpoint }}"
elasticsearch.requestTimeout: {{ kibana_elasticsearch_request_timeout }}
elasticsearch.shardTimeout: {{ kibana_elasticsearch_shard_timeout }}
elasticsearch.ssl.verificationMode: "{{ 'full' if kibana_elasticsearch_ssl_verify | bool else 'none' }}"

5
ansible/roles/kuryr/defaults/main.yml

@ -70,3 +70,8 @@ kuryr_ks_users:
user: "{{ kuryr_keystone_user }}"
password: "{{ kuryr_keystone_password }}"
role: "admin"
###########
# Endpoints
##########
kuryr_internal_endpoint: "{{ internal_protocol }}://{{ api_interface_address | put_address_in_context('url') }}:{{ kuryr_port }}"

2
ansible/roles/kuryr/templates/kuryr.conf.j2

@ -1,5 +1,5 @@
[DEFAULT]
kuryr_uri = {{ internal_protocol }}://{{ api_interface_address | put_address_in_context('url') }}:{{ kuryr_port }}
kuryr_uri = {{ kuryr_internal_endpoint }}
debug = {{ kuryr_logging_debug }}
log_dir = /var/log/kolla/kuryr

2
ansible/roles/kuryr/templates/kuryr.spec.j2

@ -1 +1 @@
http://{{ api_interface_address | put_address_in_context('url') }}:{{ kuryr_port }}
{{ kuryr_internal_endpoint }}

18
ansible/roles/manila/defaults/main.yml

@ -118,12 +118,18 @@ manila_data_extra_volumes: "{{ manila_extra_volumes }}"
#####################
## OpenStack
#####################
manila_admin_endpoint: "{{ admin_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ manila_api_port }}/v1/%(tenant_id)s"
manila_internal_endpoint: "{{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ manila_api_port }}/v1/%(tenant_id)s"
manila_public_endpoint: "{{ public_protocol }}://{{ kolla_external_fqdn | put_address_in_context('url') }}:{{ manila_api_port }}/v1/%(tenant_id)s"
manila_v2_admin_endpoint: "{{ admin_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ manila_api_port }}/v2/%(tenant_id)s"
manila_v2_internal_endpoint: "{{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ manila_api_port }}/v2/%(tenant_id)s"
manila_v2_public_endpoint: "{{ public_protocol }}://{{ kolla_external_fqdn | put_address_in_context('url') }}:{{ manila_api_port }}/v2/%(tenant_id)s"
manila_admin_base_endpoint: "{{ admin_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ manila_api_port }}"
manila_internal_base_endpoint: "{{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ manila_api_port }}"
manila_public_base_endpoint: "{{ public_protocol }}://{{ kolla_external_fqdn | put_address_in_context('url') }}:{{ manila_api_port }}"
manila_admin_endpoint: "{{ manila_admin_base_endpoint }}/v1/%(tenant_id)s"
manila_internal_endpoint: "{{ manila_internal_base_endpoint }}/v1/%(tenant_id)s"
manila_public_endpoint: "{{ manila_public_base_endpoint }}/v1/%(tenant_id)s"
manila_v2_admin_endpoint: "{{ manila_admin_base_endpoint }}/v2/%(tenant_id)s"
manila_v2_internal_endpoint: "{{ manila_internal_base_endpoint }}/v2/%(tenant_id)s"
manila_v2_public_endpoint: "{{ manila_public_base_endpoint }}/v2/%(tenant_id)s"
manila_logging_debug: "{{ openstack_logging_debug }}"

2
ansible/roles/manila/templates/manila-share.conf.j2

@ -40,8 +40,8 @@ memcache_secret_key = {{ memcache_secret_key }}
memcached_servers = {% for host in groups['memcached'] %}{{ 'api' | kolla_address(host) | put_address_in_context('memcache') }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}
[neutron]
url = {{ internal_protocol }}://{{ neutron_internal_fqdn | put_address_in_context('url') }}:{{ neutron_server_port }}
auth_uri = {{ keystone_internal_url }}
url = {{ neutron_internal_endpoint }}
auth_url = {{ keystone_admin_url }}
auth_type = password
project_domain_id = {{ default_project_domain_id }}

4
ansible/roles/mistral/defaults/main.yml

@ -112,8 +112,10 @@ mistral_api_extra_volumes: "{{ mistral_extra_volumes }}"
####################
# OpenStack
####################
mistral_internal_base_endpoint: "{{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ mistral_api_port }}"
mistral_admin_endpoint: "{{ admin_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ mistral_api_port }}/v2"
mistral_internal_endpoint: "{{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ mistral_api_port }}/v2"
mistral_internal_endpoint: "{{ mistral_internal_base_endpoint }}/v2"
mistral_public_endpoint: "{{ public_protocol }}://{{ kolla_external_fqdn | put_address_in_context('url') }}:{{ mistral_api_port }}/v2"
mistral_logging_debug: "{{ openstack_logging_debug }}"

2
ansible/roles/mistral/templates/mistral.conf.j2

@ -53,7 +53,7 @@ memcached_servers = {% for host in groups['memcached'] %}{{ 'api' | kolla_addres
[mistral]
url = {{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ mistral_api_port }}
url = {{ mistral_internal_base_endpoint }}
[openstack_actions]
os_actions_endpoint_type = internal

14
ansible/roles/monasca/defaults/main.yml

@ -171,7 +171,7 @@ monasca_grafana_data_sources:
name: "Monasca API"
type: "monasca-datasource"
access: "proxy"
url: "{{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ monasca_api_port }}"
url: "{{ monasca_api_internal_base_endpoint }}"
isDefault: True
basicAuth: false
jsonData:
@ -316,16 +316,14 @@ monasca_agent_authorized_roles:
monasca_delegate_authorized_roles:
- admin
monasca_api_admin_endpoint: "{{ admin_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ monasca_api_port }}/v2.0"
monasca_api_internal_endpoint: "{{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ monasca_api_port }}/v2.0"
monasca_api_public_endpoint: "{{ public_protocol }}://{{ kolla_external_fqdn | put_address_in_context('url') }}:{{ monasca_api_port }}/v2.0"
monasca_log_api_admin_endpoint: "{{ admin_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ monasca_log_api_port }}"
monasca_log_api_internal_endpoint: "{{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ monasca_log_api_port }}"
monasca_log_api_public_endpoint: "{{ public_protocol }}://{{ kolla_external_fqdn | put_address_in_context('url') }}:{{ monasca_log_api_port }}"
monasca_api_admin_endpoint: "{{ monasca_api_admin_base_endpoint }}/v2.0"
monasca_api_internal_endpoint: "{{ monasca_api_internal_base_endpoint }}/v2.0"
monasca_api_public_endpoint: "{{ monasca_api_public_base_endpoint }}/v2.0"
monasca_logging_debug: "{{ openstack_logging_debug }}"
monasca_grafana_internal_endpoint: "{{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ monasca_grafana_server_port }}"
####################
# Keystone
####################

14
ansible/roles/monasca/tasks/post_config.yml

@ -4,7 +4,7 @@
kolla_toolbox:
module_name: uri
module_args:
url: "{{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ monasca_grafana_server_port }}/login"
url: "{{ monasca_grafana_internal_endpoint }}/login"
status_code: 200
register: result
until: result.get('status') == 200
@ -22,7 +22,7 @@
module_name: uri
module_args:
method: GET
url: "{{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ monasca_grafana_server_port }}/api/orgs"
url: "{{ monasca_grafana_internal_endpoint }}/api/orgs"
user: '{{ monasca_grafana_admin_username }}'
password: '{{ monasca_grafana_admin_password }}'
return_content: true
@ -39,7 +39,7 @@
module_name: uri
module_args:
method: POST
url: "{{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ monasca_grafana_server_port }}/api/orgs"
url: "{{ monasca_grafana_internal_endpoint }}/api/orgs"
user: '{{ monasca_grafana_admin_username }}'
password: '{{ monasca_grafana_admin_password }}'
body_format: json
@ -54,7 +54,7 @@
module_name: uri
module_args:
method: GET
url: "{{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ monasca_grafana_server_port }}/api/orgs/name/{{ monasca_grafana_control_plane_org }}" # noqa 204
url: "{{ monasca_grafana_internal_endpoint }}/api/orgs/name/{{ monasca_grafana_control_plane_org }}" # noqa 204
user: '{{ monasca_grafana_admin_username }}'
password: '{{ monasca_grafana_admin_password }}'
return_content: true
@ -72,7 +72,7 @@
module_name: uri
module_args:
method: POST
url: "{{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ monasca_grafana_server_port }}/api/orgs/{{ monasca_grafana_conf_org.json.id }}/users" # noqa 204
url: "{{ monasca_grafana_internal_endpoint }}/api/orgs/{{ monasca_grafana_conf_org.json.id }}/users" # noqa 204
user: '{{ monasca_grafana_admin_username }}'
password: '{{ monasca_grafana_admin_password }}'
body: "{{ monasca_user_body | to_json }}"
@ -91,7 +91,7 @@
module_name: uri
module_args:
method: POST
url: "{{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ monasca_grafana_server_port }}/api/user/using/{{ monasca_grafana_conf_org.json.id }}" # noqa 204
url: "{{ monasca_grafana_internal_endpoint }}/api/user/using/{{ monasca_grafana_conf_org.json.id }}" # noqa 204
user: '{{ monasca_grafana_admin_username }}'
password: '{{ monasca_grafana_admin_password }}'
force_basic_auth: true
@ -102,7 +102,7 @@
kolla_toolbox:
module_name: uri
module_args:
url: "{{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ monasca_grafana_server_port }}/api/datasources"
url: "{{ monasca_grafana_internal_endpoint }}/api/datasources"
method: POST
user: "{{ monasca_grafana_admin_username }}"
password: "{{ monasca_grafana_admin_password }}"

6
ansible/roles/murano/tasks/import_library_packages.yml

@ -21,7 +21,7 @@
--os-project-name {{ openstack_auth.project_name }}
{% if openstack_cacert != '' %}--os-cacert {{ openstack_cacert }}{% endif %}
--os-auth-url {{ keystone_admin_url }}
--murano-url {{ admin_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ murano_api_port }}
--murano-url {{ murano_admin_endpoint }}
package-list
register: status
changed_when: False
@ -37,7 +37,7 @@
--os-project-name {{ openstack_auth.project_name }}
{% if openstack_cacert != '' %}--os-cacert {{ openstack_cacert }}{% endif %}
--os-auth-url {{ keystone_admin_url }}
--murano-url {{ admin_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ murano_api_port }}
--murano-url {{ murano_admin_endpoint }}
package-import --exists-action u --is-public /io.murano.zip
run_once: True
delegate_to: "{{ groups['murano-api'][0] }}"
@ -53,7 +53,7 @@
--os-project-name {{ openstack_auth.project_name }}
{% if openstack_cacert != '' %}--os-cacert {{ openstack_cacert }}{% endif %}
--os-auth-url {{ keystone_admin_url }}
--murano-url {{ admin_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ murano_api_port }}
--murano-url {{ murano_admin_endpoint }}
package-import --exists-action u --is-public /io.murano.applications.zip
run_once: True
delegate_to: "{{ groups['murano-api'][0] }}"

2
ansible/roles/murano/templates/murano.conf.j2

@ -45,7 +45,7 @@ password = {{ murano_keystone_password }}
cafile = {{ openstack_cacert }}
[murano]
url = {{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ murano_api_port }}
url = {{ murano_internal_endpoint }}
api_workers = {{ openstack_service_workers }}
[oslo_messaging_notifications]

4
ansible/roles/neutron/defaults/main.yml

@ -373,10 +373,6 @@ ironic_neutron_agent_extra_volumes: "{{ neutron_extra_volumes }}"
dhcp_agents_per_network: 2
max_l3_agents_per_router: 3
neutron_admin_endpoint: "{{ admin_protocol }}://{{ neutron_internal_fqdn | put_address_in_context('url') }}:{{ neutron_server_port }}"
neutron_internal_endpoint: "{{ internal_protocol }}://{{ neutron_internal_fqdn | put_address_in_context('url') }}:{{ neutron_server_port }}"
neutron_public_endpoint: "{{ public_protocol }}://{{ neutron_external_fqdn | put_address_in_context('url') }}:{{ neutron_server_port }}"
neutron_logging_debug: "{{ openstack_logging_debug }}"
openstack_neutron_auth: "{{ openstack_auth }}"

4
ansible/roles/neutron/templates/neutron.conf.j2

@ -139,12 +139,12 @@ drivers = ovs
{% if enable_octavia | bool %}
[octavia]
base_url = {{ internal_protocol }}://{{ octavia_internal_fqdn | put_address_in_context('url') }}:{{ octavia_api_port }}
base_url = {{ octavia_internal_endpoint }}
{% endif %}
{% if enable_designate | bool %}
[designate]
url = {{ internal_protocol }}://{{ designate_internal_fqdn | put_address_in_context('url') }}:{{ designate_api_port }}/v2
url = {{ designate_internal_endpoint }}/v2
auth_uri = {{ keystone_internal_url }}
auth_url = {{ keystone_admin_url }}
auth_type = password

4
ansible/roles/nova-cell/templates/nova.conf.j2

@ -90,7 +90,7 @@ auth_type = password
project_name = service
user_domain_name = {{ default_user_domain_name }}
project_domain_name = {{ default_project_domain_name }}
endpoint_override = {{ internal_protocol }}://{{ ironic_internal_fqdn | put_address_in_context('url') }}:{{ ironic_api_port }}/v1
endpoint_override = {{ ironic_internal_endpoint }}/v1
{% endif %}
@ -98,7 +98,7 @@ endpoint_override = {{ internal_protocol }}://{{ ironic_internal_fqdn | put_addr
lock_path = /var/lib/nova/tmp
[glance]
api_servers = {{ internal_protocol }}://{{ glance_internal_fqdn | put_address_in_context('url') }}:{{ glance_api_port }}
api_servers = {{ glance_internal_endpoint }}
cafile = {{ openstack_cacert }}
num_retries = 3

15
ansible/roles/nova/defaults/main.yml

@ -131,14 +131,17 @@ nova_api_bootstrap_extra_volumes: "{{ nova_extra_volumes }}"
####################
# OpenStack
####################
nova_admin_base_endpoint: "{{ admin_protocol }}://{{ nova_internal_fqdn | put_address_in_context('url') }}:{{ nova_api_port }}"
nova_internal_base_endpoint: "{{ internal_protocol }}://{{ nova_internal_fqdn | put_address_in_context('url') }}:{{ nova_api_port }}"
nova_public_base_endpoint: "{{ public_protocol }}://{{ nova_external_fqdn | put_address_in_context('url') }}:{{ nova_api_port }}"
nova_legacy_admin_endpoint: "{{ admin_protocol }}://{{ nova_internal_fqdn | put_address_in_context('url') }}:{{ nova_api_port }}/v2/%(tenant_id)s"
nova_legacy_internal_endpoint: "{{ internal_protocol }}://{{ nova_internal_fqdn | put_address_in_context('url') }}:{{ nova_api_port }}/v2/%(tenant_id)s"
nova_legacy_public_endpoint: "{{ public_protocol }}://{{ nova_external_fqdn | put_address_in_context('url') }}:{{ nova_api_port }}/v2/%(tenant_id)s"
nova_legacy_admin_endpoint: "{{ nova_admin_base_endpoint }}/v2/%(tenant_id)s"
nova_legacy_internal_endpoint: "{{ nova_internal_base_endpoint }}/v2/%(tenant_id)s"
nova_legacy_public_endpoint: "{{ nova_public_base_endpoint }}/v2/%(tenant_id)s"
nova_admin_endpoint: "{{ admin_protocol }}://{{ nova_internal_fqdn | put_address_in_context('url') }}:{{ nova_api_port }}/v2.1"
nova_internal_endpoint: "{{ internal_protocol }}://{{ nova_internal_fqdn | put_address_in_context('url') }}:{{ nova_api_port }}/v2.1"
nova_public_endpoint: "{{ public_protocol }}://{{ nova_external_fqdn | put_address_in_context('url') }}:{{ nova_api_port }}/v2.1"
nova_admin_endpoint: "{{ nova_admin_base_endpoint }}/v2.1"
nova_internal_endpoint: "{{ nova_internal_base_endpoint }}/v2.1"
nova_public_endpoint: "{{ nova_public_base_endpoint }}/v2.1"
nova_logging_debug: "{{ openstack_logging_debug }}"

3
ansible/roles/nova/templates/nova.conf.j2

@ -49,8 +49,9 @@ enable_proxy_headers_parsing = True
lock_path = /var/lib/nova/tmp
[glance]
api_servers = {{ internal_protocol }}://{{ glance_internal_fqdn | put_address_in_context('url') }}:{{ glance_api_port }}
cafile = {{ openstack_cacert }}
api_servers = {{ glance_internal_endpoint }}
num_retries = {{ groups['glance-api'] | length }}
debug = {{ nova_logging_debug }}

4
ansible/roles/octavia/defaults/main.yml

@ -119,10 +119,6 @@ octavia_worker_extra_volumes: "{{ octavia_extra_volumes }}"
####################
# OpenStack
####################
octavia_admin_endpoint: "{{ admin_protocol }}://{{ octavia_internal_fqdn | put_address_in_context('url') }}:{{ octavia_api_port }}"
octavia_internal_endpoint: "{{ internal_protocol }}://{{ octavia_internal_fqdn | put_address_in_context('url') }}:{{ octavia_api_port }}"
octavia_public_endpoint: "{{ public_protocol }}://{{ octavia_external_fqdn | put_address_in_context('url') }}:{{ octavia_api_port }}"
octavia_logging_debug: "{{ openstack_logging_debug }}"
octavia_keystone_user: "octavia"

2
ansible/roles/prometheus/templates/clouds.yml.j2

@ -9,5 +9,5 @@ clouds:
project_name: {{ keystone_admin_project }}
project_domain_name: 'Default'
user_domain_name: 'Default'
auth_url: {{ admin_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ keystone_admin_port }}/v3
cacert: {{ openstack_cacert }}
auth_url: {{ keystone_admin_url }}/v3

2
ansible/roles/prometheus/templates/prometheus-alertmanager.yml.j2

@ -11,7 +11,7 @@ receivers:
{% if enable_vitrage | bool and enable_vitrage_prometheus_datasource | bool %}
webhook_configs:
- send_resolved: true
url: '{{ public_protocol }}://{{ kolla_external_fqdn | put_address_in_context('url') }}:{{ vitrage_api_port }}/v1/event'
url: '{{ vitrage_public_endpoint }}/v1/event'
http_config:
basic_auth:
username: '{{ keystone_admin_user }}'

2
ansible/roles/searchlight/defaults/main.yml

@ -31,7 +31,7 @@ searchlight_services:
####################
# Elasticsearch
####################
searchlight_elasticsearch_url: "{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ elasticsearch_port }}"
searchlight_elasticsearch_url: "{{ elasticsearch_address | put_address_in_context('url') }}:{{ elasticsearch_port }}"
####################
# Docker

2
ansible/roles/searchlight/templates/searchlight.conf.j2

@ -7,7 +7,7 @@ transport_url = {{ rpc_transport_url }}
[api]
port = {{ searchlight_api_port }}
bind_host = {{ api_interface_address }}
public_endpoint = {{ public_protocol }}://{{ kolla_external_fqdn | put_address_in_context('url') }}:{{ searchlight_api_port }}
public_endpoint = {{ searchlight_public_endpoint }}
workers = {{ openstack_service_workers }}
[elasticsearch]

4
ansible/roles/swift/defaults/main.yml

@ -52,10 +52,6 @@ swift_log_level: "{{ 'DEBUG' if openstack_logging_debug | bool else 'INFO'}}"
####################
# OpenStack
####################
swift_admin_endpoint: "{{ admin_protocol }}://{{ swift_internal_fqdn | put_address_in_context('url') }}:{{ swift_proxy_server_port }}/v1"
swift_internal_endpoint: "{{ internal_protocol }}://{{ swift_internal_fqdn | put_address_in_context('url') }}:{{ swift_proxy_server_port }}/v1/AUTH_%(tenant_id)s"
swift_public_endpoint: "{{ public_protocol }}://{{ swift_external_fqdn | put_address_in_context('url') }}:{{ swift_proxy_server_port }}/v1/AUTH_%(tenant_id)s"
swift_logging_debug: "{{ openstack_logging_debug }}"
swift_keystone_user: "swift"

8
ansible/roles/tempest/templates/tempest.conf.j2

@ -11,8 +11,8 @@ admin_project_name = {{ openstack_auth.project_name }}
admin_domain_name = {{ openstack_auth.domain_name }}
[dashboard]
dashboard_url = {{ internal_protocol }}://{{ kolla_internal_fqdn }}
login_url = {{ internal_protocol }}://{{ kolla_internal_fqdn }}/auth/login/
dashboard_url = {{ horizon_internal_endpoint }}
login_url = {{ horizon_internal_endpoint }}/auth/login/
[service_available]
cinder = {{ enable_cinder }}
@ -32,10 +32,6 @@ flavor_ref = {{ tempest_flavor_ref_id }}
flavor_ref_alt = {{ tempest_flavor_ref_alt_id }}
region = {{ openstack_region_name }}
[dashboard]
dashboard_url = {{ internal_protocol }}://{{ kolla_internal_fqdn }}/
login_url = {{ internal_protocol }}://{{ kolla_internal_fqdn }}/auth/login
[identity]
region = {{ openstack_region_name }}
auth_version = v3

4
ansible/roles/vitrage/defaults/main.yml

@ -130,10 +130,6 @@ vitrage_persistor_extra_volumes: "{{ vitrage_extra_volumes }}"
####################
# OpenStack
####################
vitrage_admin_endpoint: "{{ admin_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ vitrage_api_port }}"
vitrage_internal_endpoint: "{{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ vitrage_api_port }}"
vitrage_public_endpoint: "{{ public_protocol }}://{{ kolla_external_fqdn | put_address_in_context('url') }}:{{ vitrage_api_port }}"
vitrage_logging_debug: "{{ openstack_logging_debug }}"
vitrage_keystone_user: "vitrage"