[Openstack-operators] [puppet] openstack providers - endpoint not configurable

Justin Cattle j at ocado.com
Thu Nov 8 14:55:55 UTC 2018


I've been recently working on separating management and client traffic onto
different endpoints.  We have different endpoint URLs configured for
"public", "admin" and "internal".

For openstack itself, this is working well.  However, puppet providers
don't seem to cater for this.

Particularly, right now, I'm looking at the neutron providers, but they may
be mostly the same.  It always uses the public endpoint, and doesn't seem
configurable [ unless I'm missing something ].
All the client config for auth etc is sourced from neutron.conf, and I
can't see a way of specifying endpoint type via that mechanism.

I can change the provider like this, and it all works:

diff --git a/lib/puppet/provider/neutron.rb b/lib/puppet/provider/neutron.rb
index a55fa0b..786e64d 100644
--- a/lib/puppet/provider/neutron.rb
+++ b/lib/puppet/provider/neutron.rb
@@ -75,14 +75,16 @@ correctly configured.")
         :OS_AUTH_URL    => q['identity_uri'],
         :OS_USERNAME    => q['admin_user'],
         :OS_TENANT_NAME => q['admin_tenant_name'],
-        :OS_PASSWORD    => q['admin_password']
+        :OS_PASSWORD    => q['admin_password'],
+        :OS_ENDPOINT_TYPE => 'internal',
       authenv = {
         :OS_AUTH_URL    => q['auth_url'],
         :OS_USERNAME    => q['username'],
         :OS_TENANT_NAME => q['tenant_name'],
-        :OS_PASSWORD    => q['password']
+        :OS_PASSWORD    => q['password'],
+        :OS_ENDPOINT_TYPE => 'internal',
     if q.key?('nova_region_name')

Notice, I'm adding OS_ENDPOINT_TYPE to control the endpoint that selected
from the catalogue.

I want to keep the "public" endpoints for external clients only on the
external network, the "internal" endpoints for inter service API comms on
the management network, and the "admin" endpoints for admin operations on
the management network.

In particular, I want to be able to stop advertising the public endpoints
during maintenance windows, and still be able to run puppet!

Can anyone think of a way of overcoming this?

If it's not possible through config, is there some way I can drop in my own
provider version with the same name safely ?

Anything else I'm missing?




Notice:  This email is confidential and may contain copyright material of 
members of the Ocado Group. Opinions and views expressed in this message 
may not necessarily reflect the opinions and views of the members of the 
Ocado Group. 


If you are not the intended recipient, please notify us 
immediately and delete all copies of this message. Please note that it is 
your responsibility to scan this message for viruses. 


Fetch and Sizzle 
are trading names of Speciality Stores Limited and Fabled is a trading name 
of Marie Claire Beauty Limited, both members of the Ocado Group.


References to the “Ocado Group” are to Ocado Group plc (registered in 
England and Wales with number 7098618) and its subsidiary undertakings (as 
that expression is defined in the Companies Act 2006) from time to time.  
The registered office of Ocado Group plc is Buildings One & Two, Trident 
Place, Mosquito Way, Hatfield, Hertfordshire, AL10 9UL.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20181108/3b45f213/attachment.html>

More information about the OpenStack-operators mailing list