Merge "Switch public endpoints to use FQDNs by default"

This commit is contained in:
Zuul 2018-05-14 23:27:04 +00:00 committed by Gerrit Code Review
commit f5152da976
6 changed files with 43 additions and 33 deletions

View File

@ -14,8 +14,9 @@ parameter_defaults:
CloudDomain: localdomain CloudDomain: localdomain
# The DNS name of this cloud. E.g. ci-overcloud.tripleo.org # The DNS name of this cloud. E.g. ci-overcloud.tripleo.org
# Mandatory. This parameter must be set by the user.
# Type: string # Type: string
CloudName: overcloud.localdomain CloudName: <None>
# The DNS name of this cloud's provisioning network endpoint. E.g. 'ci-overcloud.ctlplane.tripleo.org'. # The DNS name of this cloud's provisioning network endpoint. E.g. 'ci-overcloud.ctlplane.tripleo.org'.
# Type: string # Type: string

View File

@ -9,7 +9,6 @@ parameters:
{%- if network.name == 'External' %} {%- if network.name == 'External' %}
# Special case the External hostname param, which is CloudName # Special case the External hostname param, which is CloudName
CloudName: CloudName:
default: overcloud.localdomain
description: The DNS name of this cloud. E.g. ci-overcloud.tripleo.org description: The DNS name of this cloud. E.g. ci-overcloud.tripleo.org
type: string type: string
{%- elif network.name == 'InternalApi' %} {%- elif network.name == 'InternalApi' %}

View File

@ -68,7 +68,7 @@ def endpoint_map_default(config):
(F_PROTOCOL, str(svc[ep_type].get(F_PROTOCOL, (F_PROTOCOL, str(svc[ep_type].get(F_PROTOCOL,
svc.get(F_PROTOCOL, 'http')))), svc.get(F_PROTOCOL, 'http')))),
(F_PORT, str(svc[ep_type].get(F_PORT, svc[F_PORT]))), (F_PORT, str(svc[ep_type].get(F_PORT, svc[F_PORT]))),
(F_HOST, SUBST_IP_ADDRESS), (F_HOST, SUBST_IP_ADDRESS if ep_type != 'Public' else SUBST_CLOUDNAME),
]) ])
return ep_name + ep_type, values return ep_name + ep_type, values

View File

@ -21,101 +21,101 @@ parameters:
default: default:
AodhAdmin: {protocol: http, port: '8042', host: IP_ADDRESS} AodhAdmin: {protocol: http, port: '8042', host: IP_ADDRESS}
AodhInternal: {protocol: http, port: '8042', host: IP_ADDRESS} AodhInternal: {protocol: http, port: '8042', host: IP_ADDRESS}
AodhPublic: {protocol: http, port: '8042', host: IP_ADDRESS} AodhPublic: {protocol: http, port: '8042', host: CLOUDNAME}
BarbicanAdmin: {protocol: http, port: '9311', host: IP_ADDRESS} BarbicanAdmin: {protocol: http, port: '9311', host: IP_ADDRESS}
BarbicanInternal: {protocol: http, port: '9311', host: IP_ADDRESS} BarbicanInternal: {protocol: http, port: '9311', host: IP_ADDRESS}
BarbicanPublic: {protocol: http, port: '9311', host: IP_ADDRESS} BarbicanPublic: {protocol: http, port: '9311', host: CLOUDNAME}
CeilometerAdmin: {protocol: http, port: '8777', host: IP_ADDRESS} CeilometerAdmin: {protocol: http, port: '8777', host: IP_ADDRESS}
CeilometerInternal: {protocol: http, port: '8777', host: IP_ADDRESS} CeilometerInternal: {protocol: http, port: '8777', host: IP_ADDRESS}
CeilometerPublic: {protocol: http, port: '8777', host: IP_ADDRESS} CeilometerPublic: {protocol: http, port: '8777', host: CLOUDNAME}
CephRgwAdmin: {protocol: http, port: '8080', host: IP_ADDRESS} CephRgwAdmin: {protocol: http, port: '8080', host: IP_ADDRESS}
CephRgwInternal: {protocol: http, port: '8080', host: IP_ADDRESS} CephRgwInternal: {protocol: http, port: '8080', host: IP_ADDRESS}
CephRgwPublic: {protocol: http, port: '8080', host: IP_ADDRESS} CephRgwPublic: {protocol: http, port: '8080', host: CLOUDNAME}
CinderAdmin: {protocol: http, port: '8776', host: IP_ADDRESS} CinderAdmin: {protocol: http, port: '8776', host: IP_ADDRESS}
CinderInternal: {protocol: http, port: '8776', host: IP_ADDRESS} CinderInternal: {protocol: http, port: '8776', host: IP_ADDRESS}
CinderPublic: {protocol: http, port: '8776', host: IP_ADDRESS} CinderPublic: {protocol: http, port: '8776', host: CLOUDNAME}
CongressAdmin: {protocol: http, port: '1789', host: IP_ADDRESS} CongressAdmin: {protocol: http, port: '1789', host: IP_ADDRESS}
CongressInternal: {protocol: http, port: '1789', host: IP_ADDRESS} CongressInternal: {protocol: http, port: '1789', host: IP_ADDRESS}
CongressPublic: {protocol: http, port: '1789', host: IP_ADDRESS} CongressPublic: {protocol: http, port: '1789', host: CLOUDNAME}
DesignateAdmin: {protocol: http, port: '9001', host: IP_ADDRESS} DesignateAdmin: {protocol: http, port: '9001', host: IP_ADDRESS}
DesignateInternal: {protocol: http, port: '9001', host: IP_ADDRESS} DesignateInternal: {protocol: http, port: '9001', host: IP_ADDRESS}
DesignatePublic: {protocol: http, port: '9001', host: IP_ADDRESS} DesignatePublic: {protocol: http, port: '9001', host: CLOUDNAME}
DockerRegistryInternal: {protocol: http, port: '8787', host: IP_ADDRESS} DockerRegistryInternal: {protocol: http, port: '8787', host: IP_ADDRESS}
Ec2ApiAdmin: {protocol: http, port: '8788', host: IP_ADDRESS} Ec2ApiAdmin: {protocol: http, port: '8788', host: IP_ADDRESS}
Ec2ApiInternal: {protocol: http, port: '8788', host: IP_ADDRESS} Ec2ApiInternal: {protocol: http, port: '8788', host: IP_ADDRESS}
Ec2ApiPublic: {protocol: http, port: '8788', host: IP_ADDRESS} Ec2ApiPublic: {protocol: http, port: '8788', host: CLOUDNAME}
GaneshaInternal: {protocol: nfs, port: '2049', host: IP_ADDRESS} GaneshaInternal: {protocol: nfs, port: '2049', host: IP_ADDRESS}
GlanceAdmin: {protocol: http, port: '9292', host: IP_ADDRESS} GlanceAdmin: {protocol: http, port: '9292', host: IP_ADDRESS}
GlanceInternal: {protocol: http, port: '9292', host: IP_ADDRESS} GlanceInternal: {protocol: http, port: '9292', host: IP_ADDRESS}
GlancePublic: {protocol: http, port: '9292', host: IP_ADDRESS} GlancePublic: {protocol: http, port: '9292', host: CLOUDNAME}
GnocchiAdmin: {protocol: http, port: '8041', host: IP_ADDRESS} GnocchiAdmin: {protocol: http, port: '8041', host: IP_ADDRESS}
GnocchiInternal: {protocol: http, port: '8041', host: IP_ADDRESS} GnocchiInternal: {protocol: http, port: '8041', host: IP_ADDRESS}
GnocchiPublic: {protocol: http, port: '8041', host: IP_ADDRESS} GnocchiPublic: {protocol: http, port: '8041', host: CLOUDNAME}
HeatAdmin: {protocol: http, port: '8004', host: IP_ADDRESS} HeatAdmin: {protocol: http, port: '8004', host: IP_ADDRESS}
HeatInternal: {protocol: http, port: '8004', host: IP_ADDRESS} HeatInternal: {protocol: http, port: '8004', host: IP_ADDRESS}
HeatPublic: {protocol: http, port: '8004', host: IP_ADDRESS} HeatPublic: {protocol: http, port: '8004', host: CLOUDNAME}
HeatUIConfig: {protocol: http, port: '3000', host: IP_ADDRESS} HeatUIConfig: {protocol: http, port: '3000', host: IP_ADDRESS}
HeatCfnAdmin: {protocol: http, port: '8000', host: IP_ADDRESS} HeatCfnAdmin: {protocol: http, port: '8000', host: IP_ADDRESS}
HeatCfnInternal: {protocol: http, port: '8000', host: IP_ADDRESS} HeatCfnInternal: {protocol: http, port: '8000', host: IP_ADDRESS}
HeatCfnPublic: {protocol: http, port: '8000', host: IP_ADDRESS} HeatCfnPublic: {protocol: http, port: '8000', host: CLOUDNAME}
HorizonPublic: {protocol: http, port: '80', host: IP_ADDRESS} HorizonPublic: {protocol: http, port: '80', host: CLOUDNAME}
IronicAdmin: {protocol: http, port: '6385', host: IP_ADDRESS} IronicAdmin: {protocol: http, port: '6385', host: IP_ADDRESS}
IronicInternal: {protocol: http, port: '6385', host: IP_ADDRESS} IronicInternal: {protocol: http, port: '6385', host: IP_ADDRESS}
IronicPublic: {protocol: http, port: '6385', host: IP_ADDRESS} IronicPublic: {protocol: http, port: '6385', host: CLOUDNAME}
IronicUIConfig: {protocol: http, port: '3000', host: IP_ADDRESS} IronicUIConfig: {protocol: http, port: '3000', host: IP_ADDRESS}
IronicInspectorAdmin: {protocol: http, port: '5050', host: IP_ADDRESS} IronicInspectorAdmin: {protocol: http, port: '5050', host: IP_ADDRESS}
IronicInspectorInternal: {protocol: http, port: '5050', host: IP_ADDRESS} IronicInspectorInternal: {protocol: http, port: '5050', host: IP_ADDRESS}
IronicInspectorPublic: {protocol: http, port: '5050', host: IP_ADDRESS} IronicInspectorPublic: {protocol: http, port: '5050', host: CLOUDNAME}
IronicInspectorUIConfig: {protocol: http, port: '3000', host: IP_ADDRESS} IronicInspectorUIConfig: {protocol: http, port: '3000', host: IP_ADDRESS}
KeystoneAdmin: {protocol: http, port: '35357', host: IP_ADDRESS} KeystoneAdmin: {protocol: http, port: '35357', host: IP_ADDRESS}
KeystoneInternal: {protocol: http, port: '5000', host: IP_ADDRESS} KeystoneInternal: {protocol: http, port: '5000', host: IP_ADDRESS}
KeystonePublic: {protocol: http, port: '5000', host: IP_ADDRESS} KeystonePublic: {protocol: http, port: '5000', host: CLOUDNAME}
KeystoneUIConfig: {protocol: http, port: '3000', host: IP_ADDRESS} KeystoneUIConfig: {protocol: http, port: '3000', host: IP_ADDRESS}
ManilaAdmin: {protocol: http, port: '8786', host: IP_ADDRESS} ManilaAdmin: {protocol: http, port: '8786', host: IP_ADDRESS}
ManilaInternal: {protocol: http, port: '8786', host: IP_ADDRESS} ManilaInternal: {protocol: http, port: '8786', host: IP_ADDRESS}
ManilaPublic: {protocol: http, port: '8786', host: IP_ADDRESS} ManilaPublic: {protocol: http, port: '8786', host: CLOUDNAME}
MistralAdmin: {protocol: http, port: '8989', host: IP_ADDRESS} MistralAdmin: {protocol: http, port: '8989', host: IP_ADDRESS}
MistralInternal: {protocol: http, port: '8989', host: IP_ADDRESS} MistralInternal: {protocol: http, port: '8989', host: IP_ADDRESS}
MistralPublic: {protocol: http, port: '8989', host: IP_ADDRESS} MistralPublic: {protocol: http, port: '8989', host: CLOUDNAME}
MistralUIConfig: {protocol: http, port: '3000', host: IP_ADDRESS} MistralUIConfig: {protocol: http, port: '3000', host: IP_ADDRESS}
MysqlInternal: {protocol: mysql+pymysql, port: '3306', host: IP_ADDRESS} MysqlInternal: {protocol: mysql+pymysql, port: '3306', host: IP_ADDRESS}
NeutronAdmin: {protocol: http, port: '9696', host: IP_ADDRESS} NeutronAdmin: {protocol: http, port: '9696', host: IP_ADDRESS}
NeutronInternal: {protocol: http, port: '9696', host: IP_ADDRESS} NeutronInternal: {protocol: http, port: '9696', host: IP_ADDRESS}
NeutronPublic: {protocol: http, port: '9696', host: IP_ADDRESS} NeutronPublic: {protocol: http, port: '9696', host: CLOUDNAME}
NovaAdmin: {protocol: http, port: '8774', host: IP_ADDRESS} NovaAdmin: {protocol: http, port: '8774', host: IP_ADDRESS}
NovaInternal: {protocol: http, port: '8774', host: IP_ADDRESS} NovaInternal: {protocol: http, port: '8774', host: IP_ADDRESS}
NovaPublic: {protocol: http, port: '8774', host: IP_ADDRESS} NovaPublic: {protocol: http, port: '8774', host: CLOUDNAME}
NovaUIConfig: {protocol: http, port: '3000', host: IP_ADDRESS} NovaUIConfig: {protocol: http, port: '3000', host: IP_ADDRESS}
NovaPlacementAdmin: {protocol: http, port: '8778', host: IP_ADDRESS} NovaPlacementAdmin: {protocol: http, port: '8778', host: IP_ADDRESS}
NovaPlacementInternal: {protocol: http, port: '8778', host: IP_ADDRESS} NovaPlacementInternal: {protocol: http, port: '8778', host: IP_ADDRESS}
NovaPlacementPublic: {protocol: http, port: '8778', host: IP_ADDRESS} NovaPlacementPublic: {protocol: http, port: '8778', host: CLOUDNAME}
NovaVNCProxyAdmin: {protocol: http, port: '6080', host: IP_ADDRESS} NovaVNCProxyAdmin: {protocol: http, port: '6080', host: IP_ADDRESS}
NovaVNCProxyInternal: {protocol: http, port: '6080', host: IP_ADDRESS} NovaVNCProxyInternal: {protocol: http, port: '6080', host: IP_ADDRESS}
NovaVNCProxyPublic: {protocol: http, port: '6080', host: IP_ADDRESS} NovaVNCProxyPublic: {protocol: http, port: '6080', host: CLOUDNAME}
OctaviaAdmin: {protocol: http, port: '9876', host: IP_ADDRESS} OctaviaAdmin: {protocol: http, port: '9876', host: IP_ADDRESS}
OctaviaInternal: {protocol: http, port: '9876', host: IP_ADDRESS} OctaviaInternal: {protocol: http, port: '9876', host: IP_ADDRESS}
OctaviaPublic: {protocol: http, port: '9876', host: IP_ADDRESS} OctaviaPublic: {protocol: http, port: '9876', host: CLOUDNAME}
OpenDaylightAdmin: {protocol: http, port: '8081', host: IP_ADDRESS} OpenDaylightAdmin: {protocol: http, port: '8081', host: IP_ADDRESS}
OpenDaylightInternal: {protocol: http, port: '8081', host: IP_ADDRESS} OpenDaylightInternal: {protocol: http, port: '8081', host: IP_ADDRESS}
PankoAdmin: {protocol: http, port: '8977', host: IP_ADDRESS} PankoAdmin: {protocol: http, port: '8977', host: IP_ADDRESS}
PankoInternal: {protocol: http, port: '8977', host: IP_ADDRESS} PankoInternal: {protocol: http, port: '8977', host: IP_ADDRESS}
PankoPublic: {protocol: http, port: '8977', host: IP_ADDRESS} PankoPublic: {protocol: http, port: '8977', host: CLOUDNAME}
SaharaAdmin: {protocol: http, port: '8386', host: IP_ADDRESS} SaharaAdmin: {protocol: http, port: '8386', host: IP_ADDRESS}
SaharaInternal: {protocol: http, port: '8386', host: IP_ADDRESS} SaharaInternal: {protocol: http, port: '8386', host: IP_ADDRESS}
SaharaPublic: {protocol: http, port: '8386', host: IP_ADDRESS} SaharaPublic: {protocol: http, port: '8386', host: CLOUDNAME}
SwiftAdmin: {protocol: http, port: '8080', host: IP_ADDRESS} SwiftAdmin: {protocol: http, port: '8080', host: IP_ADDRESS}
SwiftInternal: {protocol: http, port: '8080', host: IP_ADDRESS} SwiftInternal: {protocol: http, port: '8080', host: IP_ADDRESS}
SwiftPublic: {protocol: http, port: '8080', host: IP_ADDRESS} SwiftPublic: {protocol: http, port: '8080', host: CLOUDNAME}
SwiftUIConfig: {protocol: http, port: '3000', host: IP_ADDRESS} SwiftUIConfig: {protocol: http, port: '3000', host: IP_ADDRESS}
TackerAdmin: {protocol: http, port: '9890', host: IP_ADDRESS} TackerAdmin: {protocol: http, port: '9890', host: IP_ADDRESS}
TackerInternal: {protocol: http, port: '9890', host: IP_ADDRESS} TackerInternal: {protocol: http, port: '9890', host: IP_ADDRESS}
TackerPublic: {protocol: http, port: '9890', host: IP_ADDRESS} TackerPublic: {protocol: http, port: '9890', host: CLOUDNAME}
ZaqarAdmin: {protocol: http, port: '8888', host: IP_ADDRESS} ZaqarAdmin: {protocol: http, port: '8888', host: IP_ADDRESS}
ZaqarInternal: {protocol: http, port: '8888', host: IP_ADDRESS} ZaqarInternal: {protocol: http, port: '8888', host: IP_ADDRESS}
ZaqarPublic: {protocol: http, port: '8888', host: IP_ADDRESS} ZaqarPublic: {protocol: http, port: '8888', host: CLOUDNAME}
ZaqarWebSocketAdmin: {protocol: ws, port: '9000', host: IP_ADDRESS} ZaqarWebSocketAdmin: {protocol: ws, port: '9000', host: IP_ADDRESS}
ZaqarWebSocketInternal: {protocol: ws, port: '9000', host: IP_ADDRESS} ZaqarWebSocketInternal: {protocol: ws, port: '9000', host: IP_ADDRESS}
ZaqarWebSocketPublic: {protocol: ws, port: '9000', host: IP_ADDRESS} ZaqarWebSocketPublic: {protocol: ws, port: '9000', host: CLOUDNAME}
ZaqarWebSocketUIConfig: {protocol: ws, port: '3000', host: IP_ADDRESS} ZaqarWebSocketUIConfig: {protocol: ws, port: '3000', host: IP_ADDRESS}
description: Mapping of service endpoint -> protocol. Typically set description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry. via parameter_defaults in the resource registry.

View File

@ -25,7 +25,6 @@ parameters:
{%- if network.name == 'External' %} {%- if network.name == 'External' %}
# Special case the External hostname param, which is CloudName # Special case the External hostname param, which is CloudName
CloudName: CloudName:
default: overcloud.localdomain
description: The DNS name of this cloud. E.g. ci-overcloud.tripleo.org description: The DNS name of this cloud. E.g. ci-overcloud.tripleo.org
type: string type: string
{%- elif network.name == 'InternalApi' %} {%- elif network.name == 'InternalApi' %}

View File

@ -0,0 +1,11 @@
---
features:
- |
CloudName is now a required parameter. Given that FQDNs are now the
default instead of IP addresses, to avoid people using the localdomain
(which used to be the default for domain for CloudName), we now remove
the default, and require folks to set their own.
- |
The overcloud endpoints now point to FQDNs instead of IP addresses.
This was done as part of the public TLS by default work, and is needed
since the certificates have FQDNs for SubjectAltNames.