Centralize setting internal_protocol
Internal Openstack APIs may be encrypted with https. This patch
centralize setting internal API protocol among services by
setting one of depending if cluster or single models are used:
cluster_internal_protocol: 'https'
internal_protocol: 'https'
Change-Id: I2baff79cd5851678559d7de47460fdd2031f70ee
diff --git a/barbican/server/cluster.yml b/barbican/server/cluster.yml
index 5b5bc5e..ed45b47 100644
--- a/barbican/server/cluster.yml
+++ b/barbican/server/cluster.yml
@@ -1,3 +1,10 @@
classes:
- service.barbican.server.cluster
-- system.haproxy.proxy.listen.openstack.barbican
\ No newline at end of file
+- system.haproxy.proxy.listen.openstack.barbican
+parameters:
+ _param:
+ cluster_internal_protocol: 'http'
+ barbican:
+ server:
+ identity:
+ protocol: ${_param:cluster_internal_protocol}
diff --git a/barbican/server/single.yml b/barbican/server/single.yml
index eb2b30b..aab0b18 100644
--- a/barbican/server/single.yml
+++ b/barbican/server/single.yml
@@ -1,2 +1,9 @@
classes:
- service.barbican.server.single
+parameters:
+ _param:
+ internal_protocol: 'http'
+ barbican:
+ server:
+ identity:
+ protocol: ${_param:internal_protocol}
diff --git a/cinder/control/cluster.yml b/cinder/control/cluster.yml
index c130e97..1110c63 100644
--- a/cinder/control/cluster.yml
+++ b/cinder/control/cluster.yml
@@ -4,13 +4,15 @@
- service.keepalived.cluster.single
- system.haproxy.proxy.listen.openstack.cinder
parameters:
+ _param:
+ cluster_internal_protocol: 'http'
linux:
system:
package:
python-pymysql:
fromrepo: ${_param:openstack_version}
version: latest
- cinder:
+ cinder:
volume:
enabled: false
default_volume_type: ""
@@ -40,9 +42,11 @@
tenant: service
user: cinder
password: ${_param:keystone_cinder_password}
+ protocol: ${_param:cluster_internal_protocol}
glance:
host: ${_param:cluster_vip_address}
port: 9292
+ protocol: ${_param:cluster_internal_protocol}
message_queue:
engine: rabbitmq
members:
diff --git a/cinder/control/single.yml b/cinder/control/single.yml
index 2d7f179..66aea6d 100644
--- a/cinder/control/single.yml
+++ b/cinder/control/single.yml
@@ -1,6 +1,8 @@
classes:
- service.cinder.control.single
parameters:
+ _param:
+ internal_protocol: 'http'
linux:
system:
package:
@@ -15,4 +17,6 @@
default_volume_type: ''
database:
host: ${_param:single_address}
+ identity:
+ protocol: ${_param:internal_protocol}
diff --git a/cinder/volume/single.yml b/cinder/volume/single.yml
index de468ba..1b9948d 100644
--- a/cinder/volume/single.yml
+++ b/cinder/volume/single.yml
@@ -1,6 +1,8 @@
classes:
- service.cinder.volume.single
parameters:
+ _param:
+ cluster_internal_protocol: 'http'
linux:
system:
package:
@@ -21,3 +23,4 @@
- host: ${_param:openstack_message_queue_node03_address}
identity:
host: ${_param:openstack_control_address}
+ protocol: ${_param:cluster_internal_protocol}
diff --git a/designate/server/cluster.yml b/designate/server/cluster.yml
index 1030861..afbb7df 100644
--- a/designate/server/cluster.yml
+++ b/designate/server/cluster.yml
@@ -6,6 +6,7 @@
parameters:
_param:
designate_admin_api_enabled: false
+ cluster_internal_protocol: 'http'
linux:
system:
package:
@@ -41,6 +42,7 @@
tenant: service
user: designate
password: ${_param:keystone_designate_password}
+ protocol: ${_param:cluster_internal_protocol}
bind:
api:
address: ${_param:single_address}
diff --git a/designate/server/single.yml b/designate/server/single.yml
index 765dcf8..3fdd448 100644
--- a/designate/server/single.yml
+++ b/designate/server/single.yml
@@ -3,6 +3,7 @@
parameters:
_param:
designate_admin_api_enabled: false
+ internal_protocol: 'http'
linux:
system:
package:
@@ -38,6 +39,7 @@
tenant: service
user: designate
password: ${_param:keystone_designate_password}
+ protocol: ${_param:internal_protocol}
message_queue:
engine: rabbitmq
host: ${_param:cluster_vip_address}
diff --git a/heat/server/cluster.yml b/heat/server/cluster.yml
index 8e38f4f..5829aee 100644
--- a/heat/server/cluster.yml
+++ b/heat/server/cluster.yml
@@ -5,7 +5,8 @@
- system.haproxy.proxy.listen.openstack.heat
parameters:
_param:
- cluster_public_protocol: https
+ cluster_public_protocol: 'https'
+ cluster_internal_protocol: 'http'
linux:
system:
package:
@@ -54,6 +55,7 @@
tenant: service
user: heat
password: ${_param:keystone_heat_password}
+ protocol: ${_param:cluster_internal_protocol}
message_queue:
engine: rabbitmq
port: 5672
diff --git a/neutron/control/cluster.yml b/neutron/control/cluster.yml
index ea9596d..166de3a 100644
--- a/neutron/control/cluster.yml
+++ b/neutron/control/cluster.yml
@@ -5,6 +5,8 @@
- system.haproxy.proxy.listen.openstack.neutron
- system.galera.server.database.neutron
parameters:
+ _param:
+ cluster_internal_protocol: 'http'
linux:
system:
package:
@@ -36,3 +38,5 @@
neutron:
server:
plugin: contrail
+ identity:
+ protocol: ${_param:cluster_internal_protocol}
diff --git a/neutron/control/openvswitch/cluster.yml b/neutron/control/openvswitch/cluster.yml
index ca2e066..3f80a55 100644
--- a/neutron/control/openvswitch/cluster.yml
+++ b/neutron/control/openvswitch/cluster.yml
@@ -14,6 +14,7 @@
neutron_enable_vlan_aware_vms: False
neutron_enable_bgp_vpn: False
neutron_bgp_vpn_driver: bagpipe
+ cluster_internal_protocol: 'http'
neutron:
server:
global_physnet_mtu: ${_param:neutron_global_physnet_mtu}
@@ -37,6 +38,7 @@
host: ${_param:openstack_database_address}
identity:
region: ${_param:openstack_region}
+ protocol: ${_param:cluster_internal_protocol}
message_queue:
members:
- host: ${_param:openstack_message_queue_node01_address}
diff --git a/neutron/control/openvswitch/single.yml b/neutron/control/openvswitch/single.yml
index 17cb57e..baa710e 100644
--- a/neutron/control/openvswitch/single.yml
+++ b/neutron/control/openvswitch/single.yml
@@ -12,6 +12,7 @@
neutron_enable_vlan_aware_vms: False
neutron_enable_bgp_vpn: False
neutron_bgp_vpn_driver: bagpipe
+ internal_protocol: 'http'
neutron:
server:
global_physnet_mtu: ${_param:neutron_global_physnet_mtu}
@@ -35,6 +36,7 @@
host: ${_param:openstack_database_address}
identity:
region: ${_param:openstack_region}
+ protocol: ${_param:internal_protocol}
message_queue:
members:
- host: ${_param:openstack_message_queue_node01_address}
diff --git a/neutron/control/single.yml b/neutron/control/single.yml
index 7f02325..067b4df 100644
--- a/neutron/control/single.yml
+++ b/neutron/control/single.yml
@@ -2,6 +2,8 @@
- service.neutron.control.single
- system.galera.server.database.neutron
parameters:
+ _param:
+ internal_protocol: 'http'
linux:
system:
package:
@@ -12,3 +14,5 @@
server:
database:
host: ${_param:single_address}
+ identity:
+ protocol: ${_param:internal_protocol}
diff --git a/nova/compute/cluster.yml b/nova/compute/cluster.yml
index 5d0e6a1..f32fffd 100644
--- a/nova/compute/cluster.yml
+++ b/nova/compute/cluster.yml
@@ -35,6 +35,7 @@
7xDyBz85icFU0rceYQetwFH2p5tRL0GcUQhJmJFgIL0OXdCQvRNJrT3iS00N1aUo
SG9MrLHCd5l60aCUQg0UA5ed7Hd6SA314k+HwxJno9/wJ+voBeacMg==
-----END RSA PRIVATE KEY-----
+ cluster_internal_protocol: 'http'
openssh:
client:
enabled: True
@@ -68,6 +69,7 @@
user: nova
password: ${_param:keystone_nova_password}
tenant: service
+ protocol: ${_param:cluster_internal_protocol}
message_queue:
engine: rabbitmq
port: 5672
@@ -82,6 +84,7 @@
engine: glance
host: ${_param:cluster_vip_address}
port: 9292
+ protocol: ${_param:cluster_internal_protocol}
network:
engine: neutron
region: ${_param:openstack_region}
@@ -90,6 +93,7 @@
user: neutron
tenant: service
password: ${_param:keystone_neutron_password}
+ protocol: ${_param:cluster_internal_protocol}
user:
public_key: ${_param:nova_compute_ssh_public}
private_key: ${_param:nova_compute_ssh_private}
diff --git a/nova/compute/single.yml b/nova/compute/single.yml
index b915145..483a1d3 100644
--- a/nova/compute/single.yml
+++ b/nova/compute/single.yml
@@ -35,6 +35,7 @@
7xDyBz85icFU0rceYQetwFH2p5tRL0GcUQhJmJFgIL0OXdCQvRNJrT3iS00N1aUo
SG9MrLHCd5l60aCUQg0UA5ed7Hd6SA314k+HwxJno9/wJ+voBeacMg==
-----END RSA PRIVATE KEY-----
+ cluster_internal_protocol: 'http'
openssh:
client:
enabled: True
@@ -66,6 +67,7 @@
user: nova
password: ${_param:keystone_nova_password}
tenant: service
+ protocol: ${_param:cluster_internal_protocol}
message_queue:
engine: rabbitmq
host: ${_param:control_address}
@@ -77,10 +79,12 @@
engine: glance
host: ${_param:control_address}
port: 9292
+ protocol: ${_param:cluster_internal_protocol}
network:
engine: neutron
host: ${_param:control_address}
port: 9696
+ protocol: ${_param:cluster_internal_protocol}
cache:
engine: memcached
members:
diff --git a/nova/compute_ironic/cluster.yml b/nova/compute_ironic/cluster.yml
index 2526373..885a869 100644
--- a/nova/compute_ironic/cluster.yml
+++ b/nova/compute_ironic/cluster.yml
@@ -1,6 +1,8 @@
classes:
- service.nova.compute.ironic
parameters:
+ _param:
+ cluster_internal_protocol: 'http'
nova:
compute:
version: ${_param:nova_version}
@@ -23,6 +25,7 @@
user: nova
password: ${_param:keystone_nova_password}
tenant: service
+ protocol: ${_param:cluster_internal_protocol}
message_queue:
engine: rabbitmq
port: 5672
@@ -41,6 +44,9 @@
user: neutron
tenant: service
password: ${_param:keystone_neutron_password}
+ protocol: ${_param:cluster_internal_protocol}
+ glance:
+ protocol: ${_param:cluster_internal_protocol}
ironic:
region: ${_param:openstack_region}
host: ${_param:ironic_service_host}
@@ -51,3 +57,4 @@
auth_type: password
project_domain_name: Default
user_domain_name: Default
+ protocol: ${_param:cluster_internal_protocol}
diff --git a/nova/compute_ironic/single.yml b/nova/compute_ironic/single.yml
index 5c19023..69025d3 100644
--- a/nova/compute_ironic/single.yml
+++ b/nova/compute_ironic/single.yml
@@ -1,6 +1,8 @@
classes:
- service.nova.compute.ironic
parameters:
+ _param:
+ cluster_internal_protocol: 'http'
nova:
compute:
version: ${_param:nova_version}
@@ -23,6 +25,7 @@
user: nova
password: ${_param:keystone_nova_password}
tenant: service
+ protocol: ${_param:cluster_internal_protocol}
message_queue:
engine: rabbitmq
port: 5672
@@ -38,6 +41,9 @@
user: neutron
tenant: service
password: ${_param:keystone_neutron_password}
+ protocol: ${_param:cluster_internal_protocol}
+ glance:
+ protocol: ${_param:cluster_internal_protocol}
ironic:
region: ${_param:openstack_region}
host: ${_param:control_address}
@@ -45,3 +51,4 @@
user: ironic
tenant: service
password: ${_param:keystone_ironic_password}
+ protocol: ${_param:cluster_internal_protocol}
diff --git a/nova/control/cluster.yml b/nova/control/cluster.yml
index f583156..be5f775 100644
--- a/nova/control/cluster.yml
+++ b/nova/control/cluster.yml
@@ -11,6 +11,7 @@
nova_ram_allocation_ratio: 1.5
nova_disk_allocation_ratio: 1.0
metadata_password: metadataPass
+ cluster_internal_protocol: 'http'
linux:
system:
package:
@@ -50,6 +51,7 @@
user: nova
password: ${_param:keystone_nova_password}
tenant: service
+ protocol: ${_param:cluster_internal_protocol}
message_queue:
engine: rabbitmq
port: 5672
@@ -63,6 +65,7 @@
glance:
host: ${_param:cluster_vip_address}
port: 9292
+ protocol: ${_param:cluster_internal_protocol}
network:
engine: neutron
region: ${_param:openstack_region}
@@ -72,5 +75,6 @@
port: 9696
mtu: 1500
tenant: service
+ protocol: ${_param:cluster_internal_protocol}
metadata:
password: ${_param:metadata_password}
diff --git a/nova/control/single.yml b/nova/control/single.yml
index c2aef10..ca21d05 100644
--- a/nova/control/single.yml
+++ b/nova/control/single.yml
@@ -1,6 +1,8 @@
classes:
- service.nova.control.single
parameters:
+ _param:
+ cluster_internal_protocol: 'http'
linux:
system:
package:
@@ -11,3 +13,9 @@
controller:
database:
host: ${_param:single_address}
+ identity:
+ protocol: ${_param:cluster_internal_protocol}
+ network:
+ protocol: ${_param:cluster_internal_protocol}
+ glance:
+ protocol: ${_param:cluster_internal_protocol}