diff --git a/environments/predictable-placement/custom-domain.yaml b/environments/predictable-placement/custom-domain.yaml index 28472fe30c..25664d2500 100644 --- a/environments/predictable-placement/custom-domain.yaml +++ b/environments/predictable-placement/custom-domain.yaml @@ -14,8 +14,9 @@ parameter_defaults: CloudDomain: localdomain # The DNS name of this cloud. E.g. ci-overcloud.tripleo.org + # Mandatory. This parameter must be set by the user. # Type: string - CloudName: overcloud.localdomain + CloudName: # The DNS name of this cloud's provisioning network endpoint. E.g. 'ci-overcloud.ctlplane.tripleo.org'. # Type: string diff --git a/extraconfig/nova_metadata/krb-service-principals.j2.yaml b/extraconfig/nova_metadata/krb-service-principals.j2.yaml index 53bd955f54..8cf51e9610 100644 --- a/extraconfig/nova_metadata/krb-service-principals.j2.yaml +++ b/extraconfig/nova_metadata/krb-service-principals.j2.yaml @@ -9,7 +9,6 @@ parameters: {%- if network.name == 'External' %} # Special case the External hostname param, which is CloudName CloudName: - default: overcloud.localdomain description: The DNS name of this cloud. E.g. ci-overcloud.tripleo.org type: string {%- elif network.name == 'InternalApi' %} diff --git a/network/endpoints/build_endpoint_map.py b/network/endpoints/build_endpoint_map.py index a6483e2376..ed0271ad7b 100755 --- a/network/endpoints/build_endpoint_map.py +++ b/network/endpoints/build_endpoint_map.py @@ -68,7 +68,7 @@ def endpoint_map_default(config): (F_PROTOCOL, str(svc[ep_type].get(F_PROTOCOL, svc.get(F_PROTOCOL, 'http')))), (F_PORT, str(svc[ep_type].get(F_PORT, svc[F_PORT]))), - (F_HOST, SUBST_IP_ADDRESS), + (F_HOST, SUBST_IP_ADDRESS if ep_type != 'Public' else SUBST_CLOUDNAME), ]) return ep_name + ep_type, values diff --git a/network/endpoints/endpoint_map.yaml b/network/endpoints/endpoint_map.yaml index 71d3b51103..f0f6634653 100644 --- a/network/endpoints/endpoint_map.yaml +++ b/network/endpoints/endpoint_map.yaml @@ -21,101 +21,101 @@ parameters: default: AodhAdmin: {protocol: http, port: '8042', host: IP_ADDRESS} AodhInternal: {protocol: http, port: '8042', host: IP_ADDRESS} - AodhPublic: {protocol: http, port: '8042', host: IP_ADDRESS} + AodhPublic: {protocol: http, port: '8042', host: CLOUDNAME} BarbicanAdmin: {protocol: http, port: '9311', host: IP_ADDRESS} BarbicanInternal: {protocol: http, port: '9311', host: IP_ADDRESS} - BarbicanPublic: {protocol: http, port: '9311', host: IP_ADDRESS} + BarbicanPublic: {protocol: http, port: '9311', host: CLOUDNAME} CeilometerAdmin: {protocol: http, port: '8777', host: IP_ADDRESS} CeilometerInternal: {protocol: http, port: '8777', host: IP_ADDRESS} - CeilometerPublic: {protocol: http, port: '8777', host: IP_ADDRESS} + CeilometerPublic: {protocol: http, port: '8777', host: CLOUDNAME} CephRgwAdmin: {protocol: http, port: '8080', host: IP_ADDRESS} CephRgwInternal: {protocol: http, port: '8080', host: IP_ADDRESS} - CephRgwPublic: {protocol: http, port: '8080', host: IP_ADDRESS} + CephRgwPublic: {protocol: http, port: '8080', host: CLOUDNAME} CinderAdmin: {protocol: http, port: '8776', host: IP_ADDRESS} CinderInternal: {protocol: http, port: '8776', host: IP_ADDRESS} - CinderPublic: {protocol: http, port: '8776', host: IP_ADDRESS} + CinderPublic: {protocol: http, port: '8776', host: CLOUDNAME} CongressAdmin: {protocol: http, port: '1789', host: IP_ADDRESS} CongressInternal: {protocol: http, port: '1789', host: IP_ADDRESS} - CongressPublic: {protocol: http, port: '1789', host: IP_ADDRESS} + CongressPublic: {protocol: http, port: '1789', host: CLOUDNAME} DesignateAdmin: {protocol: http, port: '9001', host: IP_ADDRESS} DesignateInternal: {protocol: http, port: '9001', host: IP_ADDRESS} - DesignatePublic: {protocol: http, port: '9001', host: IP_ADDRESS} + DesignatePublic: {protocol: http, port: '9001', host: CLOUDNAME} DockerRegistryInternal: {protocol: http, port: '8787', host: IP_ADDRESS} Ec2ApiAdmin: {protocol: http, port: '8788', host: IP_ADDRESS} Ec2ApiInternal: {protocol: http, port: '8788', host: IP_ADDRESS} - Ec2ApiPublic: {protocol: http, port: '8788', host: IP_ADDRESS} + Ec2ApiPublic: {protocol: http, port: '8788', host: CLOUDNAME} GaneshaInternal: {protocol: nfs, port: '2049', host: IP_ADDRESS} GlanceAdmin: {protocol: http, port: '9292', host: IP_ADDRESS} GlanceInternal: {protocol: http, port: '9292', host: IP_ADDRESS} - GlancePublic: {protocol: http, port: '9292', host: IP_ADDRESS} + GlancePublic: {protocol: http, port: '9292', host: CLOUDNAME} GnocchiAdmin: {protocol: http, port: '8041', host: IP_ADDRESS} GnocchiInternal: {protocol: http, port: '8041', host: IP_ADDRESS} - GnocchiPublic: {protocol: http, port: '8041', host: IP_ADDRESS} + GnocchiPublic: {protocol: http, port: '8041', host: CLOUDNAME} HeatAdmin: {protocol: http, port: '8004', host: IP_ADDRESS} HeatInternal: {protocol: http, port: '8004', host: IP_ADDRESS} - HeatPublic: {protocol: http, port: '8004', host: IP_ADDRESS} + HeatPublic: {protocol: http, port: '8004', host: CLOUDNAME} HeatUIConfig: {protocol: http, port: '3000', host: IP_ADDRESS} HeatCfnAdmin: {protocol: http, port: '8000', host: IP_ADDRESS} HeatCfnInternal: {protocol: http, port: '8000', host: IP_ADDRESS} - HeatCfnPublic: {protocol: http, port: '8000', host: IP_ADDRESS} - HorizonPublic: {protocol: http, port: '80', host: IP_ADDRESS} + HeatCfnPublic: {protocol: http, port: '8000', host: CLOUDNAME} + HorizonPublic: {protocol: http, port: '80', host: CLOUDNAME} IronicAdmin: {protocol: http, port: '6385', host: IP_ADDRESS} IronicInternal: {protocol: http, port: '6385', host: IP_ADDRESS} - IronicPublic: {protocol: http, port: '6385', host: IP_ADDRESS} + IronicPublic: {protocol: http, port: '6385', host: CLOUDNAME} IronicUIConfig: {protocol: http, port: '3000', host: IP_ADDRESS} IronicInspectorAdmin: {protocol: http, port: '5050', host: IP_ADDRESS} IronicInspectorInternal: {protocol: http, port: '5050', host: IP_ADDRESS} - IronicInspectorPublic: {protocol: http, port: '5050', host: IP_ADDRESS} + IronicInspectorPublic: {protocol: http, port: '5050', host: CLOUDNAME} IronicInspectorUIConfig: {protocol: http, port: '3000', host: IP_ADDRESS} KeystoneAdmin: {protocol: http, port: '35357', host: IP_ADDRESS} KeystoneInternal: {protocol: http, port: '5000', host: IP_ADDRESS} - KeystonePublic: {protocol: http, port: '5000', host: IP_ADDRESS} + KeystonePublic: {protocol: http, port: '5000', host: CLOUDNAME} KeystoneUIConfig: {protocol: http, port: '3000', host: IP_ADDRESS} ManilaAdmin: {protocol: http, port: '8786', host: IP_ADDRESS} ManilaInternal: {protocol: http, port: '8786', host: IP_ADDRESS} - ManilaPublic: {protocol: http, port: '8786', host: IP_ADDRESS} + ManilaPublic: {protocol: http, port: '8786', host: CLOUDNAME} MistralAdmin: {protocol: http, port: '8989', host: IP_ADDRESS} MistralInternal: {protocol: http, port: '8989', host: IP_ADDRESS} - MistralPublic: {protocol: http, port: '8989', host: IP_ADDRESS} + MistralPublic: {protocol: http, port: '8989', host: CLOUDNAME} MistralUIConfig: {protocol: http, port: '3000', host: IP_ADDRESS} MysqlInternal: {protocol: mysql+pymysql, port: '3306', host: IP_ADDRESS} NeutronAdmin: {protocol: http, port: '9696', host: IP_ADDRESS} NeutronInternal: {protocol: http, port: '9696', host: IP_ADDRESS} - NeutronPublic: {protocol: http, port: '9696', host: IP_ADDRESS} + NeutronPublic: {protocol: http, port: '9696', host: CLOUDNAME} NovaAdmin: {protocol: http, port: '8774', host: IP_ADDRESS} NovaInternal: {protocol: http, port: '8774', host: IP_ADDRESS} - NovaPublic: {protocol: http, port: '8774', host: IP_ADDRESS} + NovaPublic: {protocol: http, port: '8774', host: CLOUDNAME} NovaUIConfig: {protocol: http, port: '3000', host: IP_ADDRESS} NovaPlacementAdmin: {protocol: http, port: '8778', host: IP_ADDRESS} NovaPlacementInternal: {protocol: http, port: '8778', host: IP_ADDRESS} - NovaPlacementPublic: {protocol: http, port: '8778', host: IP_ADDRESS} + NovaPlacementPublic: {protocol: http, port: '8778', host: CLOUDNAME} NovaVNCProxyAdmin: {protocol: http, port: '6080', host: IP_ADDRESS} NovaVNCProxyInternal: {protocol: http, port: '6080', host: IP_ADDRESS} - NovaVNCProxyPublic: {protocol: http, port: '6080', host: IP_ADDRESS} + NovaVNCProxyPublic: {protocol: http, port: '6080', host: CLOUDNAME} OctaviaAdmin: {protocol: http, port: '9876', host: IP_ADDRESS} OctaviaInternal: {protocol: http, port: '9876', host: IP_ADDRESS} - OctaviaPublic: {protocol: http, port: '9876', host: IP_ADDRESS} + OctaviaPublic: {protocol: http, port: '9876', host: CLOUDNAME} OpenDaylightAdmin: {protocol: http, port: '8081', host: IP_ADDRESS} OpenDaylightInternal: {protocol: http, port: '8081', host: IP_ADDRESS} PankoAdmin: {protocol: http, port: '8977', host: IP_ADDRESS} PankoInternal: {protocol: http, port: '8977', host: IP_ADDRESS} - PankoPublic: {protocol: http, port: '8977', host: IP_ADDRESS} + PankoPublic: {protocol: http, port: '8977', host: CLOUDNAME} SaharaAdmin: {protocol: http, port: '8386', host: IP_ADDRESS} SaharaInternal: {protocol: http, port: '8386', host: IP_ADDRESS} - SaharaPublic: {protocol: http, port: '8386', host: IP_ADDRESS} + SaharaPublic: {protocol: http, port: '8386', host: CLOUDNAME} SwiftAdmin: {protocol: http, port: '8080', host: IP_ADDRESS} SwiftInternal: {protocol: http, port: '8080', host: IP_ADDRESS} - SwiftPublic: {protocol: http, port: '8080', host: IP_ADDRESS} + SwiftPublic: {protocol: http, port: '8080', host: CLOUDNAME} SwiftUIConfig: {protocol: http, port: '3000', host: IP_ADDRESS} TackerAdmin: {protocol: http, port: '9890', host: IP_ADDRESS} TackerInternal: {protocol: http, port: '9890', host: IP_ADDRESS} - TackerPublic: {protocol: http, port: '9890', host: IP_ADDRESS} + TackerPublic: {protocol: http, port: '9890', host: CLOUDNAME} ZaqarAdmin: {protocol: http, port: '8888', host: IP_ADDRESS} ZaqarInternal: {protocol: http, port: '8888', host: IP_ADDRESS} - ZaqarPublic: {protocol: http, port: '8888', host: IP_ADDRESS} + ZaqarPublic: {protocol: http, port: '8888', host: CLOUDNAME} ZaqarWebSocketAdmin: {protocol: ws, port: '9000', host: IP_ADDRESS} ZaqarWebSocketInternal: {protocol: ws, port: '9000', host: IP_ADDRESS} - ZaqarWebSocketPublic: {protocol: ws, port: '9000', host: IP_ADDRESS} + ZaqarWebSocketPublic: {protocol: ws, port: '9000', host: CLOUDNAME} ZaqarWebSocketUIConfig: {protocol: ws, port: '3000', host: IP_ADDRESS} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. diff --git a/overcloud.j2.yaml b/overcloud.j2.yaml index 788a0e0373..44ff08c335 100644 --- a/overcloud.j2.yaml +++ b/overcloud.j2.yaml @@ -25,7 +25,6 @@ parameters: {%- if network.name == 'External' %} # Special case the External hostname param, which is CloudName CloudName: - default: overcloud.localdomain description: The DNS name of this cloud. E.g. ci-overcloud.tripleo.org type: string {%- elif network.name == 'InternalApi' %} diff --git a/releasenotes/notes/Overcloud-endpoints-FQDN-78797a6c34e31bd5.yaml b/releasenotes/notes/Overcloud-endpoints-FQDN-78797a6c34e31bd5.yaml new file mode 100644 index 0000000000..64f2ad0836 --- /dev/null +++ b/releasenotes/notes/Overcloud-endpoints-FQDN-78797a6c34e31bd5.yaml @@ -0,0 +1,11 @@ +--- +features: + - | + CloudName is now a required parameter. Given that FQDNs are now the + default instead of IP addresses, to avoid people using the localdomain + (which used to be the default for domain for CloudName), we now remove + the default, and require folks to set their own. + - | + The overcloud endpoints now point to FQDNs instead of IP addresses. + This was done as part of the public TLS by default work, and is needed + since the certificates have FQDNs for SubjectAltNames.