commit 673c45e789a6947856540cfca2771851f3b1d0aa
Author: Juan Antonio Osorio Robles <email address hidden>
Date: Tue Aug 15 19:02:42 2017 +0300
Remove extra keystone admin haproxy listen and allow TLS
The current code exposes an unused public listen directive in HAProxy
for the keystone admin endpoint. This is not ideal and should be
removed, as it exposes the service unnecessarily. We should stick to
just exposing it to the ctlplane network as is the default.
If folks really need to expose it to the public network, they can do so
by modifying the ServiceNetMap through t-h-t and setting the keystone
admin endpoint's network to external.
Now, for "single" or "internal" haproxy endpoints, this adds the ability
to detect if they're using the external network, and thus use TLS on it.
Which is something a deployer would want if they exposed the keystone
admin endpoint in such a way.
Reviewed: https:/ /review. openstack. org/494947 /git.openstack. org/cgit/ openstack/ puppet- tripleo/ commit/ ?id=673c45e789a 6947856540cfca2 771851f3b1d0aa
Committed: https:/
Submitter: Jenkins
Branch: stable/ocata
commit 673c45e789a6947 856540cfca27718 51f3b1d0aa
Author: Juan Antonio Osorio Robles <email address hidden>
Date: Tue Aug 15 19:02:42 2017 +0300
Remove extra keystone admin haproxy listen and allow TLS
The current code exposes an unused public listen directive in HAProxy
for the keystone admin endpoint. This is not ideal and should be
removed, as it exposes the service unnecessarily. We should stick to
just exposing it to the ctlplane network as is the default.
If folks really need to expose it to the public network, they can do so
by modifying the ServiceNetMap through t-h-t and setting the keystone
admin endpoint's network to external.
Now, for "single" or "internal" haproxy endpoints, this adds the ability
to detect if they're using the external network, and thus use TLS on it.
Which is something a deployer would want if they exposed the keystone
admin endpoint in such a way.
Conflicts: haproxy. pp
manifests/
Change-Id: I79563f62fd49a4 f7654779157ebda 3c239d6dd22 2e87004c10808b6 bea597720a)
Closes-Bug: #1710909
Closes-Bug: #1639996
(cherry picked from commit 5222b8d920d5b5b