In the new MCP 2019.2.3 deployments, the OpenStack environments use FQDN on the internal endpoints in the Keystone catalog by default.
In the existing MCP deployments, the IP addresses are used on the internal Keystone endpoints. This section instructs you on how to enable FQDN on the internal endpoints for the existing MCP deployments updated to the MCP 2019.2.3 or newer version.
To enable FQDN on the Keystone internal endpoints:
Verify that you have updated MCP DriveTrain to the 2019.2.3 or newer version as described in Update DriveTrain.
Log in to the Salt Master node.
On the system Reclass level:
Verify that there are classes present under the
/srv/salt/reclass/classes/system/linux/network/hosts/openstack
directory.
Verify that the following parameters are set in
defaults/openstack/init.yml
as follows:
parameters:
_param:
openstack_service_hostname: os-ctl-vip
openstack_service_host: ${_param:openstack_service_hostname}.${linux:system:domain}
If you have the extra OpenStack services installed, define the additional
parameters in defaults/openstack/init.yml
as required:
For Manila:
parameters:
_param:
openstack_share_service_hostname: os-share-vip
openstack_share_service_host: ${_param:openstack_share_service_hostname}.${linux:system:domain}
For Barbican:
parameters:
_param:
openstack_kmn_service_hostname: os-kmn-vip
openstack_kmn_service_host: ${_param:openstack_kmn_service_hostname}.${linux:system:domain}
For Tenant Telemetry:
parameters:
_param:
openstack_telemetry_service_hostname: os-telemetry-vip
openstack_telemetry_service_host: ${_param:openstack_telemetry_service_hostname}.${linux:system:domain}
On the cluster Reclass level, configure the FQDN on internal endpoints
by editing infra/init.yml
:
Add the following class for the core OpenStack services:
classes:
- system.linux.network.hosts.openstack
If you have the extra OpenStack services installed, define the additional classes as required:
For Manila:
classes:
- system.linux.network.hosts.openstack.share
For Barbican:
classes:
- system.linux.network.hosts.openstack.kmn
For Tenant Telemetry:
classes:
- system.linux.network.hosts.openstack.telemetry
On the cluster Reclass level, define the following parameters in the
openstack/init.yml
file:
Define the following parameters for the core OpenStack services:
parameters:
_param:
glance_service_host: ${_param:openstack_service_host}
keystone_service_host: ${_param:openstack_service_host}
heat_service_host: ${_param:openstack_service_host}
cinder_service_host: ${_param:openstack_service_host}
nova_service_host: ${_param:openstack_service_host}
placement_service_host: ${_param:openstack_service_host}
neutron_service_host: ${_param:openstack_service_host}
If you have the extra services installed, define the following parameters as required:
For Tenant Telemetry:
parameters:
_param:
aodh_service_host: ${_param:openstack_telemetry_service_host}
ceilometer_service_host: ${_param:openstack_telemetry_service_host}
panko_service_host: ${_param:openstack_telemetry_service_host}
gnocchi_service_host: ${_param:openstack_telemetry_service_host}
For Manila:
parameters:
_param:
manila_service_host: ${_param:openstack_share_service_host}
For Designate:
parameters:
_param:
designate_service_host: ${_param:openstack_service_host}
For Barbican:
parameters:
_param:
barbican_service_host: ${_param:openstack_kmn_service_host}
Apply the keystone state:
salt -C 'I@keystone:server' state.apply keystone
Log in to one of the OpenStack controller nodes.
Verify that the changes have been applied successfully:
openstack endpoint list
If SSL is used on the Keystone internal endpoints:
If Manila or Telemetry is installed:
Log in to the Salt Master node.
Open the Reclass cluster level of your deployment.
For Manila, edit /openstack/share.yml
. For example:
parameters:
_param:
openstack_api_cert_alternative_names: IP:127.0.0.1,IP:${_param:cluster_local_address},IP:${_param:cluster_vip_address},DNS:${linux:system:name},DNS:${linux:network:fqdn},DNS:${_param:cluster_vip_address},DNS:${_param:openstack_share_service_host}
For Tenant Telemetry, edit /openstack/telemetry.yml
. For example:
parameters:
_param:
openstack_api_cert_alternative_names: IP:128.0.0.1,IP:${_param:cluster_local_address},IP:${_param:cluster_vip_address},DNS:${linux:system:name},DNS:${linux:network:fqdn},DNS:${_param:cluster_vip_address},DNS:${_param:openstack_telemetry_service_host}
Renew the OpenStack API certificates to include FQDN in CommonName (CN) as described in Manage certificates.