From 3c56f32facb01d9265c5224e088e6e876b7506b6 Mon Sep 17 00:00:00 2001 From: Mark Goddard Date: Thu, 19 Aug 2021 16:30:11 +0100 Subject: [PATCH] Fix configuration check without public API network If no public API network is used, as in the case of typical all-in-one environments, the checks in kolla-ansible.yml, task "Validate Kolla Ansible API address configuration" may fail. This happens only when using the new kolla_internal_vip_address variable, and not if the legacy vip_address network attribute is used. This change fixes the issue by only checking for valid external VIP address/FQDN configuration when a separate public API network is in use. If the external VIP/FQDN are not set, then Kayobe no longer defaults their values to the internal VIP/FQDN, instead relying on the Kolla Ansible defaults to do this. This may have consequences for anyone relying on these variables in configuration. Change-Id: I0b1c963006c044ade5c67c4046da5e2addc9a8c7 Story: 2009134 Task: 43070 --- ansible/kolla-ansible.yml | 4 ++-- ansible/public-openrc.yml | 2 +- ansible/roles/kolla-ansible/templates/globals.yml.j2 | 4 ++++ .../notes/fix-precheck-no-public-net-c0db9168063b6203.yaml | 6 ++++++ 4 files changed, 13 insertions(+), 3 deletions(-) create mode 100644 releasenotes/notes/fix-precheck-no-public-net-c0db9168063b6203.yaml diff --git a/ansible/kolla-ansible.yml b/ansible/kolla-ansible.yml index 7a5f9e499..6c1361483 100644 --- a/ansible/kolla-ansible.yml +++ b/ansible/kolla-ansible.yml @@ -87,10 +87,10 @@ required: True - var_name: "kolla_external_vip_address" description: "external API VIP address" - required: True + required: "{{ public_net_name != internal_net_name }}" - var_name: "kolla_external_fqdn" description: "External API Fully Qualified Domain Name (FQDN)" - required: True + required: "{{ public_net_name != internal_net_name }}" tags: - config - config-validation diff --git a/ansible/public-openrc.yml b/ansible/public-openrc.yml index d81d1300b..412c2cd19 100644 --- a/ansible/public-openrc.yml +++ b/ansible/public-openrc.yml @@ -8,7 +8,7 @@ - public-openrc vars: public_api_proto: "{% if kolla_enable_tls_external | bool %}https{% else %}http{% endif %}" - public_api_host: "{{ kolla_external_fqdn }}" + public_api_host: "{{ kolla_external_fqdn or kolla_internal_fqdn }}" public_api_keystone_port: 5000 roles: - role: public-openrc diff --git a/ansible/roles/kolla-ansible/templates/globals.yml.j2 b/ansible/roles/kolla-ansible/templates/globals.yml.j2 index 85b84472e..10b809a10 100644 --- a/ansible/roles/kolla-ansible/templates/globals.yml.j2 +++ b/ansible/roles/kolla-ansible/templates/globals.yml.j2 @@ -36,17 +36,21 @@ kolla_internal_vip_address: "{{ kolla_internal_vip_address }}" # default it is the same as kolla_internal_vip_address. kolla_internal_fqdn: "{{ kolla_internal_fqdn }}" +{% if kolla_external_vip_address %} # This should be a VIP, an unused IP on your network that will float between # the hosts running keepalived for high-availability. It defaults to the # kolla_internal_vip_address, allowing internal and external communication to # share the same address. Specify a kolla_external_vip_address to separate # internal and external requests between two VIPs. kolla_external_vip_address: "{{ kolla_external_vip_address }}" +{% endif %} +{% if kolla_external_fqdn %} # The Public address used to communicate with OpenStack as set in the public_url # for the endpoints that will be created. This DNS name should map to # kolla_external_vip_address. kolla_external_fqdn: "{{ kolla_external_fqdn }}" +{% endif %} ################ # Docker options diff --git a/releasenotes/notes/fix-precheck-no-public-net-c0db9168063b6203.yaml b/releasenotes/notes/fix-precheck-no-public-net-c0db9168063b6203.yaml new file mode 100644 index 000000000..cfe1ffced --- /dev/null +++ b/releasenotes/notes/fix-precheck-no-public-net-c0db9168063b6203.yaml @@ -0,0 +1,6 @@ +--- +fixes: + - | + Fixes an issue with configuration validation when no public API network is + in use. See `story 2009134 + `__ for details.