In openstack-ansible we are trying to help a number of our end users with their heat deployments, some of them in conjunction with magnum.
There is some uncertainty with how the following heat.conf sections should be configured:
[clients_keystone] auth_uri = ...
[keystone_authtoken] www_authenticate_uri = ...
It does not appear to be possible to define a set of internal or external keystone endpoints in heat.conf which allow the following:
* The orchestration panels being functional in horizon * Deployers isolating internal openstack from external networks * Deployers using self signed/company cert on the external endpoint * Magnum deployments completing * Heat delivering an external endpoint at [1] * Heat delivering an external endpoint at [2]
There are a number of related bugs:
https://bugs.launchpad.net/openstack-ansible/+bug/1814909 https://bugs.launchpad.net/openstack-ansible/+bug/1811086 https://storyboard.openstack.org/#!/story/2004808 https://storyboard.openstack.org/#!/story/2004524
Any help we could get from the heat team to try to understand the root cause of these issues would be really helpful.
Jon.
[1] https://github.com/openstack/heat/blob/master/heat/engine/resources/server_b...
[2] https://github.com/openstack/heat/blob/master/heat/engine/resources/signal_r...