Commit 3513d70d authored by David Johnson's avatar David Johnson

Add param to flip all API endpoints to be publicly-accessible.

parent f44eee2e
......@@ -261,6 +261,9 @@ pc.defineParameter("computeDiskImage","Compute Node Disk Image",
pc.defineParameter("networkManagerDiskImage","Network Manager Node Disk Image",
portal.ParameterType.IMAGE,"",advanced=True,
longDescription="An image URN or URL that the network manager node will run.")
pc.defineParameter("publicAPIEndpoints","Make Public API Endpoints Reachable over Internet",
portal.ParameterType.BOOLEAN,False,advanced=True,
longDescription="Make public API endpoints reachable over public internet. The endpoints are still not protected with SSL, so don't enable this unless you must reach these endpoints remotely and have no other option.")
#pc.defineParameter("blockStorageHost", "Name of block storage server node",
# portal.ParameterType.STRING, "ctl")
#pc.defineParameter("objectStorageHost", "Name of object storage server node",
......@@ -1191,6 +1194,9 @@ class Parameters(RSpec.Resource):
param = ET.SubElement(el,paramXML)
param.text = "RESIZEROOT=%s" % (params.resizeRoot)
param = ET.SubElement(el,paramXML)
param.text = "PUBLICAPIENDPOINTS=%d" % (int(bool(params.publicAPIEndpoints)))
return el
pass
......
......@@ -4895,6 +4895,37 @@ if [ -e $OURDIR/random_admin_pass ]; then
RANDPASSSTRING="We generated a random OpenStack admin and instance VM password for you, since one wasn't supplied. The password is '${ADMIN_PASS}'"
fi
#
# Optionally, change all the public-facing service endpoints to our
# FQDN.
#
if [ -n "$PUBLICAPIENDPOINTS" -a $PUBLICAPIENDPOINTS -eq 1 ]; then
HDOMAIN=`hostname`
__openstack endpoint list | grep -q public
if [ $? -eq 0 ]; then
IFS='
'
for line in `openstack endpoint list | grep public`; do
sid=`echo $line | awk '/ / {print $2}'`
surl=`echo $line | sed -e 's/^.*\(http[^ ]*\) *.*$/\1/'`
url=`echo "$surl" | sed -e "s/$CONTROLLER:/$HDOMAIN:/"`
echo "Changing public endpoint ($surl) to ($url)"
__openstack endpoint set --url "$url" "$sid"
done
unset IFS
else
for sid in `openstack endpoint list | awk '/ / {print \$2}' | grep -v ^ID\$`; do
surl=`openstack endpoint show $sid | grep publicurl | awk '/ / {print \$4}'`
if [ -n "$surl" ]; then
url=`echo "$surl" | sed -e "s/$CONTROLLER:/$HDOMAIN:/"`
echo "Changing public endpoint ($surl) to ($url)"
echo "update endpoint set url='$url' where interface='public' and legacy_endpoint_id='$sid'" \
| mysql keystone
fi
done
fi
fi
logtstart "ext"
EXTDIRS=`find $DIRNAME/ext -maxdepth 1 -type d | grep -v ^\.\$ | grep -v $DIRNAME/ext\$ | xargs`
if [ ! -z "$EXTDIRS" ]; then
......
......@@ -132,6 +132,7 @@ OSRELEASE=""
# 0, the max amount of space after removing swap and extra partitions
# will be used.
RESIZEROOT=""
PUBLICAPIENDPOINTS=0
#
# We have an 'adminapi' user that gets a random password. Then, we have
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment