Allow keystone services to use independent hostnames

This allows keystone service endpoints to use custom hostnames, and adds the following variables: * keystone_internal_fqdn * keystone_external_fqdn These default to the old values of kolla_internal_fqdn or kolla_external_fqdn. This also adds the following variables: * keystone_admin_listen_port * keystone_public_listen_port These default to keystone_admin_port and keystone_public_port, respectively, for backward compatibility. These options allow the user to differentiate between the port the service listens on, and the port the service is reachable on. This is useful for external load balancers which live on the same host as the service itself. Change-Id: I50c46c674134f9958ee4357f0f4eed5483af2214 Implements: blueprint service-hostnames
2018-12-18 12:45:54 -05:00 · 2018-12-18 12:45:54 -05:00 · bece976b91
commit bece976b91
parent 255fff02b7
4 changed files with 16 additions and 9 deletions
--- a/ansible/group_vars/all.yml
+++ b/ansible/group_vars/all.yml
@ -242,7 +242,9 @@ kafka_port: "9092"
 karbor_api_port: "8799"
 keystone_public_port: "5000"
 keystone_public_listen_port: "{{ keystone_public_port }}"
 keystone_admin_port: "35357"
 keystone_admin_listen_port: "{{ keystone_admin_port }}"
 keystone_ssh_port: "8023"
 kibana_server_port: "5601"
@ -672,9 +674,11 @@ kibana_log_prefix: "flog"
 ####################
 # Keystone options
 ####################
-keystone_admin_url: "{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}"
+keystone_internal_fqdn: "{{ kolla_internal_fqdn }}"
-keystone_internal_url: "{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}"
+keystone_external_fqdn: "{{ kolla_external_fqdn }}"
-keystone_public_url: "{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ keystone_public_port }}"
+keystone_admin_url: "{{ admin_protocol }}://{{ keystone_internal_fqdn }}:{{ keystone_admin_port }}"
 keystone_internal_url: "{{ internal_protocol }}://{{ keystone_internal_fqdn }}:{{ keystone_public_port }}"
 keystone_public_url: "{{ public_protocol }}://{{ keystone_external_fqdn }}:{{ keystone_public_port }}"
 keystone_admin_user: "admin"
 keystone_admin_project: "admin"
--- a/ansible/roles/keystone/defaults/main.yml
+++ b/ansible/roles/keystone/defaults/main.yml
@ -20,16 +20,19 @@ keystone_services:
        mode: "http"
        external: false
        port: "{{ keystone_public_port }}"
        listen_port: "{{ keystone_public_listen_port }}"
      keystone_external:
        enabled: "{{ enable_keystone }}"
        mode: "http"
        external: true
        port: "{{ keystone_public_port }}"
        listen_port: "{{ keystone_public_listen_port }}"
      keystone_admin:
        enabled: "{{ enable_keystone }}"
        mode: "http"
        external: false
        port: "{{ keystone_admin_port }}"
        listen_port: "{{ keystone_admin_listen_port }}"
  keystone-ssh:
    container_name: "keystone_ssh"
    group: "keystone"
--- a/ansible/roles/keystone/tasks/precheck.yml
+++ b/ansible/roles/keystone/tasks/precheck.yml
@ -9,7 +9,7 @@
 - name: Checking free port for Keystone Admin
  wait_for:
    host: "{{ api_interface_address }}"
-    port: "{{ keystone_admin_port }}"
+    port: "{{ keystone_admin_listen_port }}"
    connect_timeout: 1
    timeout: 1
    state: stopped
@ -20,7 +20,7 @@
 - name: Checking free port for Keystone Public
  wait_for:
    host: "{{ api_interface_address }}"
-    port: "{{ keystone_public_port }}"
+    port: "{{ keystone_public_listen_port }}"
    connect_timeout: 1
    timeout: 1
    state: stopped
--- a/ansible/roles/keystone/templates/wsgi-keystone.conf.j2
+++ b/ansible/roles/keystone/templates/wsgi-keystone.conf.j2
@ -1,8 +1,8 @@
 {% set keystone_log_dir = '/var/log/kolla/keystone' %}
 {% set python_path = '/usr/lib/python2.7/site-packages' if keystone_install_type == 'binary' else '/var/lib/kolla/venv/lib/python2.7/site-packages' %}
 {% set binary_path = '/usr/bin' if keystone_install_type == 'binary' else '/var/lib/kolla/venv/bin' %}
-Listen {{ api_interface_address }}:{{ keystone_public_port }}
+Listen {{ api_interface_address }}:{{ keystone_public_listen_port }}
-Listen {{ api_interface_address }}:{{ keystone_admin_port }}
+Listen {{ api_interface_address }}:{{ keystone_admin_listen_port }}
 ServerSignature Off
 ServerTokens Prod
@ -17,7 +17,7 @@ TraceEnable off
 </Directory>
-<VirtualHost *:{{ keystone_public_port }}>
+<VirtualHost *:{{ keystone_public_listen_port }}>
    WSGIDaemonProcess keystone-public processes={{ openstack_service_workers }} threads=1 user=keystone group=keystone display-name=%{GROUP} python-path={{ python_path }}
    WSGIProcessGroup keystone-public
    WSGIScriptAlias / {{ binary_path }}/keystone-wsgi-public
@ -31,7 +31,7 @@ TraceEnable off
    CustomLog "{{ keystone_log_dir }}/keystone-apache-public-access.log" logformat
 </VirtualHost>
-<VirtualHost *:{{ keystone_admin_port }}>
+<VirtualHost *:{{ keystone_admin_listen_port }}>
    WSGIDaemonProcess keystone-admin processes={{ openstack_service_workers }} threads=1 user=keystone group=keystone display-name=%{GROUP} python-path={{ python_path }}
    WSGIProcessGroup keystone-admin
    WSGIScriptAlias / {{ binary_path }}/keystone-wsgi-admin