Unhardcode protocol on auth_url
This patch makes available to configure protocol on
auth_url.
Change-Id: I7d5539f9112b8a3739fb6ae88c49980c655f0deb
diff --git a/keystone/files/keystonerc b/keystone/files/keystonerc
index c91d196..680dbab 100644
--- a/keystone/files/keystonerc
+++ b/keystone/files/keystonerc
@@ -2,10 +2,10 @@
export OS_USERNAME={{ server.admin_name }}
export OS_PASSWORD={{ server.admin_password }}
export OS_TENANT_NAME={{ server.admin_tenant }}
-export OS_AUTH_URL=http://{{ server.bind.private_address }}:{{ server.bind.private_port }}/v2.0
+export OS_AUTH_URL={{ server.bind.private_protocol }}://{{ server.bind.private_address }}:{{ server.bind.private_port }}/v2.0
export OS_REGION_NAME={{ server.region }}
export OS_SERVICE_TOKEN={{ server.service_token }}
-export OS_SERVICE_ENDPOINT="http://{{ server.bind.private_address }}:{{ server.bind.private_port }}/v2.0/"
+export OS_SERVICE_ENDPOINT="{{ server.bind.private_protocol }}://{{ server.bind.private_address }}:{{ server.bind.private_port }}/v2.0/"
{%- if server.interface is defined %}
export OS_INTERFACE={{ server.interface }}
{%- endif %}
diff --git a/keystone/files/keystonercv3 b/keystone/files/keystonercv3
index bf2b3ad..1b7f378 100644
--- a/keystone/files/keystonercv3
+++ b/keystone/files/keystonercv3
@@ -1,6 +1,6 @@
{%- from "keystone/map.jinja" import server with context %}
export OS_IDENTITY_API_VERSION=3
-export OS_AUTH_URL=http://{{ server.bind.private_address }}:{{ server.bind.private_port }}/v3
+export OS_AUTH_URL={{ server.bind.private_protocol }}://{{ server.bind.private_address }}:{{ server.bind.private_port }}/v3
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME={{ server.admin_tenant }}
diff --git a/keystone/map.jinja b/keystone/map.jinja
index bf9e891..bee64cc 100644
--- a/keystone/map.jinja
+++ b/keystone/map.jinja
@@ -2,7 +2,11 @@
'cacert_file': salt['grains.filter_by']({
'Debian': '/etc/ssl/certs/ca-certificates.crt',
'RedHat': '/etc/pki/tls/certs/ca-bundle.crt'
- })}
+ }),
+ 'bind': {
+ 'private_protocol': 'http',
+ 'public_protocol': 'http', }}
+
%}
{% set server = salt['grains.filter_by']({
diff --git a/keystone/meta/salt.yml b/keystone/meta/salt.yml
index a729abd..4a3f557 100644
--- a/keystone/meta/salt.yml
+++ b/keystone/meta/salt.yml
@@ -15,23 +15,19 @@
keystone:
{%- if pillar.keystone.get('server', {'enabled': False}).enabled %}
keystone.token: '{{ server.service_token }}'
- keystone.endpoint: 'http://{{ server.bind.address }}:{{ server.bind.private_port }}/v2.0'
+ keystone.endpoint: '{{ server.bind.private_protocol }}://{{ server.bind.address }}:{{ server.bind.private_port }}/v2.0'
{%- else %}
{%- if client.get('server', {}).get('user') %}
keystone.user: '{{ client.server.user }}'
keystone.password: '{{ client.server.password }}'
keystone.tenant: '{{ client.server.tenant }}'
- keystone.auth_url: 'http://{{ client.server.host }}:{{ client.server.public_port }}/v2.0/'
+ keystone.auth_url: '{{ client.server.get('public_protocol', 'http') }}://{{ client.server.host }}:{{ client.server.public_port }}/v2.0/'
{%- endif %}
{%- endif %}
{#- Profile based metadata #}
{%- for profile_name, identity in client.get('server', {}).iteritems() %}
- {%- if identity.admin.get('protocol', 'http') == 'http' %}
- {%- set protocol = 'http' %}
- {%- else %}
- {%- set protocol = 'https' %}
- {%- endif %}
+ {%- set protocol = identity.admin.get('protocol', 'http') %}
{%- if identity.admin.get('api_version', '2') == '3' %}
{%- set version = "v3" %}
diff --git a/keystone/meta/telegraf.yml b/keystone/meta/telegraf.yml
index 6b92366..8daaa80 100644
--- a/keystone/meta/telegraf.yml
+++ b/keystone/meta/telegraf.yml
@@ -9,15 +9,15 @@
region: "{{ server.region }}"
username: "{{ server.admin_name }}"
password: "{{ server.admin_password }}"
- identity_endpoint: "http://{{ server.bind.private_address|replace('0.0.0.0', '127.0.0.1') }}:{{ server.bind.private_port }}/v{% if server.get('api_version', 2)|int == 2 %}2.0{% else %}3{% endif %}"
+ identity_endpoint: "{{ server.bind.private_protocol }}://{{ server.bind.private_address|replace('0.0.0.0', '127.0.0.1') }}:{{ server.bind.private_port }}/v{% if server.get('api_version', 2)|int == 2 %}2.0{% else %}3{% endif %}"
monitor_agents: "true"
agent:
input:
http_response:
keystone-public-api:
- address: "http://{{ server.bind.address|replace('0.0.0.0', '127.0.0.1') }}:{{ server.bind.public_port }}/"
+ address: "{{ server.bind.public_protocol }}://{{ server.bind.address|replace('0.0.0.0', '127.0.0.1') }}:{{ server.bind.public_port }}/"
expected_code: 300
keystone-admin-api:
- address: "http://{{ server.bind.address|replace('0.0.0.0', '127.0.0.1') }}:{{ server.bind.private_port }}/"
+ address: "{{ server.bind.private_protocol }}://{{ server.bind.address|replace('0.0.0.0', '127.0.0.1') }}:{{ server.bind.private_port }}/"
expected_code: 300
{%- endif %}
diff --git a/metadata/service/server/cluster.yml b/metadata/service/server/cluster.yml
index fd80ebd..1088421 100644
--- a/metadata/service/server/cluster.yml
+++ b/metadata/service/server/cluster.yml
@@ -6,6 +6,7 @@
_param:
openstack_log_appender: false
openstack_fluentd_handler_enabled: false
+ cluster_internal_protocol: http
keystone:
server:
enabled: true
@@ -20,6 +21,7 @@
address: ${_param:cluster_local_address}
private_address: ${_param:cluster_vip_address}
private_port: 35357
+ private_protocol: ${_param:cluster_internal_protocol}
public_address: ${_param:cluster_vip_address}
public_port: 5000
region: RegionOne
diff --git a/metadata/service/server/single.yml b/metadata/service/server/single.yml
index 39cf725..f17cfe9 100644
--- a/metadata/service/server/single.yml
+++ b/metadata/service/server/single.yml
@@ -6,6 +6,7 @@
_param:
openstack_log_appender: false
openstack_fluentd_handler_enabled: false
+ keystone_service_protocol: http
keystone:
server:
enabled: true
@@ -20,6 +21,7 @@
address: 0.0.0.0
private_address: ${_param:keystone_service_host}
private_port: 35357
+ private_protocol: ${_param:keystone_service_protocol}
public_address: ${_param:keystone_service_host}
public_port: 5000
region: RegionOne