[puppet] openstack providers - endpoint not configurable

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

[puppet] openstack providers - endpoint not configurable

Justin Cattle

I've been recently working on separating management and client traffic onto different endpoints.  We have different endpoint URLs configured for "public", "admin" and "internal".

For openstack itself, this is working well.  However, puppet providers don't seem to cater for this.

Particularly, right now, I'm looking at the neutron providers, but they may be mostly the same.  It always uses the public endpoint, and doesn't seem configurable [ unless I'm missing something ].
All the client config for auth etc is sourced from neutron.conf, and I can't see a way of specifying endpoint type via that mechanism.

I can change the provider like this, and it all works:

diff --git a/lib/puppet/provider/neutron.rb b/lib/puppet/provider/neutron.rb
index a55fa0b..786e64d 100644
--- a/lib/puppet/provider/neutron.rb
+++ b/lib/puppet/provider/neutron.rb
@@ -75,14 +75,16 @@ correctly configured.")
         :OS_AUTH_URL    => q['identity_uri'],
         :OS_USERNAME    => q['admin_user'],
         :OS_TENANT_NAME => q['admin_tenant_name'],
-        :OS_PASSWORD    => q['admin_password']
+        :OS_PASSWORD    => q['admin_password'],
+        :OS_ENDPOINT_TYPE => 'internal',
       authenv = {
         :OS_AUTH_URL    => q['auth_url'],
         :OS_USERNAME    => q['username'],
         :OS_TENANT_NAME => q['tenant_name'],
-        :OS_PASSWORD    => q['password']
+        :OS_PASSWORD    => q['password'],
+        :OS_ENDPOINT_TYPE => 'internal',
     if q.key?('nova_region_name')

Notice, I'm adding OS_ENDPOINT_TYPE to control the endpoint that selected from the catalogue.

I want to keep the "public" endpoints for external clients only on the external network, the "internal" endpoints for inter service API comms on the management network, and the "admin" endpoints for admin operations on the management network.

In particular, I want to be able to stop advertising the public endpoints during maintenance windows, and still be able to run puppet!

Can anyone think of a way of overcoming this?

If it's not possible through config, is there some way I can drop in my own provider version with the same name safely ?

Anything else I'm missing?



Notice:  This email is confidential and may contain copyright material of members of the Ocado Group. Opinions and views expressed in this message may not necessarily reflect the opinions and views of the members of the Ocado Group. 


If you are not the intended recipient, please notify us immediately and delete all copies of this message. Please note that it is your responsibility to scan this message for viruses. 


Fetch and Sizzle are trading names of Speciality Stores Limited and Fabled is a trading name of Marie Claire Beauty Limited, both members of the Ocado Group.


References to the “Ocado Group” are to Ocado Group plc (registered in England and Wales with number 7098618) and its subsidiary undertakings (as that expression is defined in the Companies Act 2006) from time to time.  The registered office of Ocado Group plc is Buildings One & Two, Trident Place, Mosquito Way, Hatfield, Hertfordshire, AL10 9UL.

OpenStack-operators mailing list
[hidden email]