Gitiles
Code Review Sign In
spfactory.storpool.com / devstack / cdba7b0e533b07d9ea896ced5085c5ce98ee2aaa^! / .
commitcdba7b0e533b07d9ea896ced5085c5ce98ee2aaa[log] [tgz]
authorRob Crittenden <rcritten@redhat.com>Tue May 26 15:33:45 2015 -0400
committerayoung <ayoung@redhat.com>Tue Nov 17 19:39:54 2015 +0000
tree8f083091dff626cbce00b6b7f4a8330bff70925f
parent585501a250cd4ee8210c81176ce89b0430b97753 [diff]
Specify HTTPS URLs to fix tls-proxy mode

A number of new settings are required for glance, cinder
and keystone to be installable when the tls-proxy
service is enabled.

For cinder a new public_endpoint option was added and this
needs to be set to the secure port.

Keystone needs the admin_endpoint and public_endpoints
defined otherwise during discovery the default,
non-secure versions, will be returned.

The keystone authtoken identity_uri was set at its default value
in the glance registry and API configuration files.

Change-Id: Ibb944ad7eb000edc6bccfcded765d1976d4d46d0
Closes-Bug: #1460807

diff --git a/lib/cinder b/lib/cinder
index 1307c11..cc203ad 100644
--- a/lib/cinder
+++ b/lib/cinder

@@ -309,6 +309,8 @@
     if is_service_enabled tls-proxy; then
         # Set the service port for a proxy to take the original
         iniset $CINDER_CONF DEFAULT osapi_volume_listen_port $CINDER_SERVICE_PORT_INT
+
+        iniset $CINDER_CONF DEFAULT public_endpoint $CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT
     fi
 
     if [ "$SYSLOG" != "False" ]; then

diff --git a/lib/glance b/lib/glance
index 2eb93a4..5712943 100644
--- a/lib/glance
+++ b/lib/glance

@@ -167,6 +167,9 @@
         iniset $GLANCE_API_CONF DEFAULT bind_port $GLANCE_SERVICE_PORT_INT
         iniset $GLANCE_API_CONF DEFAULT public_endpoint $GLANCE_SERVICE_PROTOCOL://$GLANCE_HOSTPORT
         iniset $GLANCE_REGISTRY_CONF DEFAULT bind_port $GLANCE_REGISTRY_PORT_INT
+
+        iniset $GLANCE_API_CONF keystone_authtoken identity_uri $KEYSTONE_AUTH_URI
+        iniset $GLANCE_REGISTRY_CONF keystone_authtoken identity_uri $KEYSTONE_AUTH_URI
     fi
 
     # Register SSL certificates if provided

diff --git a/lib/keystone b/lib/keystone
index 5a2afbf..c484795 100644
--- a/lib/keystone
+++ b/lib/keystone

@@ -233,6 +233,9 @@
         # Set the service ports for a proxy to take the originals
         iniset $KEYSTONE_CONF eventlet_server public_port $KEYSTONE_SERVICE_PORT_INT
         iniset $KEYSTONE_CONF eventlet_server admin_port $KEYSTONE_AUTH_PORT_INT
+
+        iniset $KEYSTONE_CONF DEFAULT public_endpoint $KEYSTONE_SERVICE_URI
+        iniset $KEYSTONE_CONF DEFAULT admin_endpoint $KEYSTONE_AUTH_URI
     fi
 
     iniset $KEYSTONE_CONF DEFAULT admin_token "$SERVICE_TOKEN"