From 3b378b11edd74e5263945927b147ea3def34604d Mon Sep 17 00:00:00 2001
From: Dave McCowan <dmccowan@cisco.com>
Date: Mon, 7 Mar 2016 10:12:30 -0500
Subject: [PATCH] Glance registry should only be accessible from internal
 network

When configured with a separate external VIP, glance registry
should listen on only the internal VIP.

TrivialFix

Change-Id: Ie186f2ea391b53b9ea0cb230c573c9e09efd44b2
---
 ansible/roles/haproxy/templates/haproxy.cfg.j2 | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/ansible/roles/haproxy/templates/haproxy.cfg.j2 b/ansible/roles/haproxy/templates/haproxy.cfg.j2
index 56d34e79b4..0af6a7dbd8 100644
--- a/ansible/roles/haproxy/templates/haproxy.cfg.j2
+++ b/ansible/roles/haproxy/templates/haproxy.cfg.j2
@@ -101,12 +101,6 @@ listen glance_api
 {% endfor %}
 {% if haproxy_enable_external_vip | bool %}
 
-listen glance_registry_external
-  bind {{ kolla_external_vip_address }}:{{ glance_registry_port }} {{ tls_bind_info }}
-{% for host in groups['glance-registry'] %}
-  server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ glance_registry_port }} check inter 2000 rise 2 fall 5
-{% endfor %}
-
 listen glance_api_external
   bind {{ kolla_external_vip_address }}:{{ glance_api_port }} {{ tls_bind_info }}
 {% for host in groups['glance-api'] %}