Merge "Allow keystone services to use independent hostnames"

2019-03-06 17:06:24 +00:00 · 2019-03-06 17:06:24 +00:00 · 98e5415722
commit 98e5415722
parent b3f1a71d0b bece976b91
4 changed files with 16 additions and 9 deletions
--- a/ansible/group_vars/all.yml
+++ b/ansible/group_vars/all.yml
@ -243,7 +243,9 @@ kafka_port: "9092"
 karbor_api_port: "8799"

 keystone_public_port: "5000"
+keystone_public_listen_port: "{{ keystone_public_port }}"
 keystone_admin_port: "35357"
+keystone_admin_listen_port: "{{ keystone_admin_port }}"
 keystone_ssh_port: "8023"

 kibana_server_port: "5601"
@ -677,9 +679,11 @@ kibana_log_prefix: "flog"
 ####################
 # Keystone options
 ####################
-keystone_admin_url: "{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}"
-keystone_internal_url: "{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}"
-keystone_public_url: "{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ keystone_public_port }}"
+keystone_internal_fqdn: "{{ kolla_internal_fqdn }}"
+keystone_external_fqdn: "{{ kolla_external_fqdn }}"
+keystone_admin_url: "{{ admin_protocol }}://{{ keystone_internal_fqdn }}:{{ keystone_admin_port }}"
+keystone_internal_url: "{{ internal_protocol }}://{{ keystone_internal_fqdn }}:{{ keystone_public_port }}"
+keystone_public_url: "{{ public_protocol }}://{{ keystone_external_fqdn }}:{{ keystone_public_port }}"

 keystone_admin_user: "admin"
 keystone_admin_project: "admin"
--- a/ansible/roles/keystone/defaults/main.yml
+++ b/ansible/roles/keystone/defaults/main.yml
@ -20,16 +20,19 @@ keystone_services:
        mode: "http"
        external: false
        port: "{{ keystone_public_port }}"
+        listen_port: "{{ keystone_public_listen_port }}"
      keystone_external:
        enabled: "{{ enable_keystone }}"
        mode: "http"
        external: true
        port: "{{ keystone_public_port }}"
+        listen_port: "{{ keystone_public_listen_port }}"
      keystone_admin:
        enabled: "{{ enable_keystone }}"
        mode: "http"
        external: false
        port: "{{ keystone_admin_port }}"
+        listen_port: "{{ keystone_admin_listen_port }}"
  keystone-ssh:
    container_name: "keystone_ssh"
    group: "keystone"
--- a/ansible/roles/keystone/tasks/precheck.yml
+++ b/ansible/roles/keystone/tasks/precheck.yml
@ -9,7 +9,7 @@
 - name: Checking free port for Keystone Admin
  wait_for:
    host: "{{ api_interface_address }}"
-    port: "{{ keystone_admin_port }}"
+    port: "{{ keystone_admin_listen_port }}"
    connect_timeout: 1
    timeout: 1
    state: stopped
@ -20,7 +20,7 @@
 - name: Checking free port for Keystone Public
  wait_for:
    host: "{{ api_interface_address }}"
-    port: "{{ keystone_public_port }}"
+    port: "{{ keystone_public_listen_port }}"
    connect_timeout: 1
    timeout: 1
    state: stopped
--- a/ansible/roles/keystone/templates/wsgi-keystone.conf.j2
+++ b/ansible/roles/keystone/templates/wsgi-keystone.conf.j2
@ -1,8 +1,8 @@
 {% set keystone_log_dir = '/var/log/kolla/keystone' %}
 {% set python_path = '/usr/lib/python2.7/site-packages' if keystone_install_type == 'binary' else '/var/lib/kolla/venv/lib/python2.7/site-packages' %}
 {% set binary_path = '/usr/bin' if keystone_install_type == 'binary' else '/var/lib/kolla/venv/bin' %}
-Listen {{ api_interface_address }}:{{ keystone_public_port }}
-Listen {{ api_interface_address }}:{{ keystone_admin_port }}
+Listen {{ api_interface_address }}:{{ keystone_public_listen_port }}
+Listen {{ api_interface_address }}:{{ keystone_admin_listen_port }}

 ServerSignature Off
 ServerTokens Prod
@ -17,7 +17,7 @@ TraceEnable off
 </Directory>


-<VirtualHost *:{{ keystone_public_port }}>
+<VirtualHost *:{{ keystone_public_listen_port }}>
    WSGIDaemonProcess keystone-public processes={{ openstack_service_workers }} threads=1 user=keystone group=keystone display-name=%{GROUP} python-path={{ python_path }}
    WSGIProcessGroup keystone-public
    WSGIScriptAlias / {{ binary_path }}/keystone-wsgi-public
@ -31,7 +31,7 @@ TraceEnable off
    CustomLog "{{ keystone_log_dir }}/keystone-apache-public-access.log" logformat
 </VirtualHost>

-<VirtualHost *:{{ keystone_admin_port }}>
+<VirtualHost *:{{ keystone_admin_listen_port }}>
    WSGIDaemonProcess keystone-admin processes={{ openstack_service_workers }} threads=1 user=keystone group=keystone display-name=%{GROUP} python-path={{ python_path }}
    WSGIProcessGroup keystone-admin
    WSGIScriptAlias / {{ binary_path }}/keystone-wsgi-admin