Merge "Don't set keystone URI as unsecure"

2021-06-26 21:48:08 +00:00 · 2021-06-26 21:48:08 +00:00 · 2087c5fbde
commit 2087c5fbde
parent 6454200a5c 6e5b0094d5
2 changed files with 7 additions and 15 deletions
--- a/inventory/group_vars/all/keystone.yml
+++ b/inventory/group_vars/all/keystone.yml
@ -24,31 +24,19 @@ keystone_service_proto: http
 keystone_service_region: "{{ service_region }}"

 keystone_service_adminuri_proto: "{{ openstack_service_adminuri_proto | default(keystone_service_proto) }}"
-keystone_service_adminuri_insecure: >-
-  {{
-    (keystone_service_adminuri_proto == 'https') and
-    (not (keystone_user_ssl_cert is defined or haproxy_user_ssl_cert is defined))
-  }}
+keystone_service_adminuri_insecure: False

 keystone_service_adminuri: "{{ keystone_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ keystone_admin_port }}"
 keystone_service_adminurl: "{{ keystone_service_adminuri }}/v3"

 keystone_service_internaluri_proto: "{{ openstack_service_internaluri_proto | default(keystone_service_proto) }}"
-keystone_service_internaluri_insecure: >-
-  {{
-    (keystone_service_internaluri_proto == 'https') and
-    (not (keystone_user_ssl_cert is defined or haproxy_user_ssl_cert is defined))
-  }}
+keystone_service_internaluri_insecure: False

 keystone_service_internaluri: "{{ keystone_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ keystone_service_port }}"
 keystone_service_internalurl: "{{ keystone_service_internaluri }}/v3"

 keystone_service_publicuri_proto: "{{ openstack_service_publicuri_proto | default(keystone_service_proto) }}"
-keystone_service_publicuri_insecure: >-
-  {{
-    (keystone_service_publicuri_proto == 'https') and
-    (not (keystone_user_ssl_cert is defined or haproxy_user_ssl_cert is defined))
-  }}
+keystone_service_publicuri_insecure: False

 keystone_service_publicuri: "{{ keystone_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ keystone_service_port }}"
 keystone_service_publicurl: "{{ keystone_service_publicuri }}/v3"
--- a/tests/roles/bootstrap-host/templates/user_variables.aio.yml.j2
+++ b/tests/roles/bootstrap-host/templates/user_variables.aio.yml.j2
@ -264,6 +264,10 @@ openstack_user_kernel_options:

 openstack_hosts_package_state: latest

+openstack_service_adminuri_proto: https
+openstack_service_internaluri_proto: https
+haproxy_ssl_all_vips: true
+
 {% if 'octavia' in bootstrap_host_scenarios_expanded %}
 # Enable Octavia V2 API/standalone
 octavia_v2: True