From d41f072c7b34192c707beb6e3d219356e1b732dc Mon Sep 17 00:00:00 2001
From: James Kirsch <generalfuzz@gmail.com>
Date: Tue, 11 Feb 2020 10:52:23 -0800
Subject: [PATCH] Construct service REST API urls using configured protocol

Service REST API urls should be constructed using the
{{ internal_protocol }} and {{ external_protocol }} configuration
parameters.

Change-Id: Id1e8098cf59f66aa35b371149fdb4b517fa4c908
Closes-Bug: 1862817
---
 ansible/roles/grafana/templates/prometheus.yaml.j2          | 2 +-
 ansible/roles/ironic/templates/inspector.ipxe.j2            | 2 +-
 ansible/roles/ironic/templates/pxelinux.default.j2          | 2 +-
 ansible/roles/prometheus/defaults/main.yml                  | 2 +-
 .../notes/fix-rest-url-protocol-07db2f6ffe02f9b3.yaml       | 6 ++++++
 5 files changed, 10 insertions(+), 4 deletions(-)
 create mode 100644 releasenotes/notes/fix-rest-url-protocol-07db2f6ffe02f9b3.yaml

diff --git a/ansible/roles/grafana/templates/prometheus.yaml.j2 b/ansible/roles/grafana/templates/prometheus.yaml.j2
index 23c1790bdf..d57891dedb 100644
--- a/ansible/roles/grafana/templates/prometheus.yaml.j2
+++ b/ansible/roles/grafana/templates/prometheus.yaml.j2
@@ -5,5 +5,5 @@ datasources:
   type: prometheus
   access: proxy
   orgId: 1
-  url: http://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ prometheus_port }}
+  url: {{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ prometheus_port }}
   version: 1
diff --git a/ansible/roles/ironic/templates/inspector.ipxe.j2 b/ansible/roles/ironic/templates/inspector.ipxe.j2
index cd25a1ae88..4094bf41e4 100644
--- a/ansible/roles/ironic/templates/inspector.ipxe.j2
+++ b/ansible/roles/ironic/templates/inspector.ipxe.j2
@@ -13,6 +13,6 @@ chain pxelinux.cfg/${mac:hexhyp} || goto inspector_ipa
 :inspector_ipa
 :retry_boot
 imgfree
-kernel --timeout 30000 {{ ironic_ipxe_url }}/ironic-agent.kernel ipa-inspection-callback-url=http://{{ ironic_inspector_internal_fqdn | put_address_in_context('url') }}:{{ ironic_inspector_port }}/v1/continue systemd.journald.forward_to_console=yes BOOTIF=${mac} initrd=ironic-agent.initramfs {{ ironic_inspector_kernel_cmdline_extras | join(' ') }} || goto retry_boot
+kernel --timeout 30000 {{ ironic_ipxe_url }}/ironic-agent.kernel ipa-inspection-callback-url={{ internal_protocol }}://{{ ironic_inspector_internal_fqdn | put_address_in_context('url') }}:{{ ironic_inspector_port }}/v1/continue systemd.journald.forward_to_console=yes BOOTIF=${mac} initrd=ironic-agent.initramfs {{ ironic_inspector_kernel_cmdline_extras | join(' ') }} || goto retry_boot
 initrd --timeout 30000 {{ ironic_ipxe_url }}/ironic-agent.initramfs || goto retry_boot
 boot
diff --git a/ansible/roles/ironic/templates/pxelinux.default.j2 b/ansible/roles/ironic/templates/pxelinux.default.j2
index 518d8aa64d..f75e757489 100644
--- a/ansible/roles/ironic/templates/pxelinux.default.j2
+++ b/ansible/roles/ironic/templates/pxelinux.default.j2
@@ -2,6 +2,6 @@ default introspect
 
 label introspect
 kernel ironic-agent.kernel
-append initrd=ironic-agent.initramfs ipa-inspection-callback-url=http://{{ ironic_inspector_internal_fqdn | put_address_in_context('url') }}:{{ ironic_inspector_port }}/v1/continue systemd.journald.forward_to_console=yes {{ ironic_inspector_kernel_cmdline_extras | join(' ') }}
+append initrd=ironic-agent.initramfs ipa-inspection-callback-url={{ internal_protocol }}://{{ ironic_inspector_internal_fqdn | put_address_in_context('url') }}:{{ ironic_inspector_port }}/v1/continue systemd.journald.forward_to_console=yes {{ ironic_inspector_kernel_cmdline_extras | join(' ') }}
 
 ipappend 3
diff --git a/ansible/roles/prometheus/defaults/main.yml b/ansible/roles/prometheus/defaults/main.yml
index 558dfa9652..ae6f29275a 100644
--- a/ansible/roles/prometheus/defaults/main.yml
+++ b/ansible/roles/prometheus/defaults/main.yml
@@ -108,7 +108,7 @@ prometheus_mysql_exporter_database_user: "{% if use_preconfigured_databases | bo
 # 'service_name:blackbox_exporter_module:endpoint' for example:
 #
 # prometheus_blackbox_exporter_targets:
-#   - 'glance:os_endpoint:http://{{ kolla_external_fqdn | put_address_in_context('url') }}:{{ glance_api_port}}'
+#   - 'glance:os_endpoint:{{ external_protocol }}://{{ kolla_external_fqdn | put_address_in_context('url') }}:{{ glance_api_port}}'
 #
 # For a list of modules see the alertmanager config.
 prometheus_blackbox_exporter_endpoints: []
diff --git a/releasenotes/notes/fix-rest-url-protocol-07db2f6ffe02f9b3.yaml b/releasenotes/notes/fix-rest-url-protocol-07db2f6ffe02f9b3.yaml
new file mode 100644
index 0000000000..16fbb6c12c
--- /dev/null
+++ b/releasenotes/notes/fix-rest-url-protocol-07db2f6ffe02f9b3.yaml
@@ -0,0 +1,6 @@
+---
+fixes:
+  - |
+    Since Openstack services can now be configured to use TLS enabled REST
+    endpoints, urls should be constructed using the {{ internal_protocol }}
+    and {{ external_protocol }} configuration parameters.