Change keystone admin/internal insecure flags

Make `keystone_service_internaluri_insecure` and `keystone_service_adminuri_insecure` flag default values derived from facts like protocol each endpoint is using and kind of certificates being used to reach that endpoint (user-provided or self-signed). Change-Id: I921031c676776884cb121a7914fcd9c505345e67 Closes-Bug: 1566629
openstack · Apr 20, 2016 · 2ffb776 · 2ffb776
1 parent 6142484
commit 2ffb776
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/playbooks/inventory/group_vars/hosts.yml b/playbooks/inventory/group_vars/hosts.yml
@@ -198,8 +198,8 @@ keystone_service_region: "{{ service_region }}"
 keystone_rabbitmq_userid: keystone
 keystone_rabbitmq_vhost: /keystone
 
-keystone_service_internaluri_insecure: false
-keystone_service_adminuri_insecure: false
+keystone_service_internaluri_insecure: "{% if keystone_service_internaluri_proto == 'https' and (keystone_ssl_cert is not defined or haproxy_ssl_cert is not defined) | bool %}true{% else %}false{% endif %}"
+keystone_service_adminuri_insecure: "{% if keystone_service_adminuri_proto == 'https' and (keystone_ssl_cert is not defined or haproxy_ssl_cert is not defined) | bool %}true{% else %}false{% endif %}"
 
 keystone_service_publicuri: "{{ keystone_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ keystone_service_port }}"
 keystone_service_internaluri: "{{ keystone_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ keystone_service_port }}"