From 041fa712472d887550a540dd50ade546f847c6b4 Mon Sep 17 00:00:00 2001
From: David Kranz <dkranz@redhat.com>
Date: Mon, 24 Feb 2014 13:30:59 -0500
Subject: [PATCH] Make admin_bind_host configurable

The use case is running devstack inside an OpenStack vm and running tempest
from some other machine. To make the catalog export urls that can be accessed
from off the devstack machine, you need to set KEYSTONE_SERVICE_HOST to an
external IP. But devstack uses that address in its setup of keystone in
addition to exporting in the catalog. Because OpenStack has an issue where
a vm cannot access itself through its own floating ip, devstack fails. There
is no way to have this use case by providing an ip address. The workaround
is to use the hostname of the devstack machine. That worked until recently
when a change was made to set admin_bind_host to the value of
KEYSTONE_SERVICE_HOST. The result is that port 35357 is only opened locally.
This change allows the devstack user to restore the original behavior
allowing this use case.

Change-Id: I97b938b305b7dd878397e7e64462650064e59cd2
Closes-Bug: #1283803
---
 lib/keystone | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/lib/keystone b/lib/keystone
index cebb4d3522..44ac94d802 100644
--- a/lib/keystone
+++ b/lib/keystone
@@ -70,6 +70,8 @@ KEYSTONE_SERVICE_PORT=${KEYSTONE_SERVICE_PORT:-5000}
 KEYSTONE_SERVICE_PORT_INT=${KEYSTONE_SERVICE_PORT_INT:-5001}
 KEYSTONE_SERVICE_PROTOCOL=${KEYSTONE_SERVICE_PROTOCOL:-$SERVICE_PROTOCOL}
 
+# Bind hosts
+KEYSTONE_ADMIN_BIND_HOST=${KEYSTONE_ADMIN_BIND_HOST:-$KEYSTONE_SERVICE_HOST}
 # Set the tenant for service accounts in Keystone
 SERVICE_TENANT_NAME=${SERVICE_TENANT_NAME:-service}
 
@@ -178,7 +180,7 @@ function configure_keystone() {
     # Set the URL advertised in the ``versions`` structure returned by the '/' route
     iniset $KEYSTONE_CONF DEFAULT public_endpoint "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:%(public_port)s/"
     iniset $KEYSTONE_CONF DEFAULT admin_endpoint "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:%(admin_port)s/"
-    iniset $KEYSTONE_CONF DEFAULT admin_bind_host "$KEYSTONE_SERVICE_HOST"
+    iniset $KEYSTONE_CONF DEFAULT admin_bind_host "$KEYSTONE_ADMIN_BIND_HOST"
 
     # Register SSL certificates if provided
     if is_ssl_enabled_service key; then