Make ingress-internal mandatory relation

* Make ingress-internal relation mandatory for
charms instead of ingress-public
* If ingress-public is not integrated, default
public endpoint to internal endpoint

Change-Id: Ibbc600b3dd53655f2160394d4717b75e14d63cf8

charms/aodh-k8s/charmcraft.yaml

@@ -84,10 +84,10 @@ requires:
     interface: keystone
   ingress-internal:
     interface: ingress
-    optional: true
     limit: 1
   ingress-public:
     interface: ingress
+    optional: true
     limit: 1
   amqp:
     interface: rabbitmq

charms/aodh-k8s/src/charm.py

@@ -255,7 +255,7 @@ class AodhOperatorCharm(sunbeam_charm.OSBaseOperatorAPICharm):
     mandatory_relations = {
         "database",
         "identity-service",
-        "ingress-public",
+        "ingress-internal",
         "amqp",
     }
 

charms/aodh-k8s/src/templates/wsgi-aodh-api.conf

@@ -4,8 +4,8 @@ Listen {{ wsgi_config.public_port }}
     WSGIDaemonProcess {{ wsgi_config.group }} processes=3 threads=1 user={{ wsgi_config.user }} group={{ wsgi_config.group }} \
                       display-name=%{GROUP}
     WSGIProcessGroup {{ wsgi_config.group }}
-    {% if ingress_public.ingress_path -%}
-    WSGIScriptAlias {{ ingress_public.ingress_path }} {{ wsgi_config.wsgi_public_script }}
+    {% if ingress_internal.ingress_path -%}
+    WSGIScriptAlias {{ ingress_internal.ingress_path }} {{ wsgi_config.wsgi_public_script }}
     {% endif -%}
     WSGIScriptAlias / {{ wsgi_config.wsgi_public_script }}
     WSGIApplicationGroup %{GLOBAL}

charms/aodh-k8s/src/templates/wsgi-template.conf.j2

@@ -4,8 +4,8 @@ Listen {{ wsgi_config.public_port }}
     WSGIDaemonProcess {{ wsgi_config.group }} processes=3 threads=1 user={{ wsgi_config.user }} group={{ wsgi_config.group }} \
                       display-name=%{GROUP}
     WSGIProcessGroup {{ wsgi_config.group }}
-    {% if ingress_public.ingress_path -%}
-    WSGIScriptAlias {{ ingress_public.ingress_path }} {{ wsgi_config.wsgi_public_script }}
+    {% if ingress_internal.ingress_path -%}
+    WSGIScriptAlias {{ ingress_internal.ingress_path }} {{ wsgi_config.wsgi_public_script }}
     {% endif -%}
     WSGIScriptAlias / {{ wsgi_config.wsgi_public_script }}
     WSGIApplicationGroup %{GLOBAL}

charms/barbican-k8s/charmcraft.yaml

@@ -50,9 +50,9 @@ requires:
   ingress-internal:
     interface: ingress
     limit: 1
-    optional: true
   ingress-public:
     interface: ingress
+    optional: true
     limit: 1
   database:
     interface: mysql_client

charms/barbican-k8s/src/charm.py

@@ -254,7 +254,7 @@ class BarbicanOperatorCharm(sunbeam_charm.OSBaseOperatorAPICharm):
         "database",
         "amqp",
         "identity-service",
-        "ingress-public",
+        "ingress-internal",
     }
 
     db_sync_cmds = [

charms/barbican-k8s/src/templates/wsgi-barbican-api.conf

@@ -4,8 +4,8 @@ Listen {{ wsgi_barbican_admin.public_port }}
     WSGIDaemonProcess barbican-api processes=4 threads=1 user={{ wsgi_config.user }} group={{ wsgi_config.group }} \
                       display-name=%{GROUP}
     WSGIProcessGroup barbican-api
-    {% if ingress_public and ingress_public.ingress_path -%}
-    WSGIScriptAlias {{ ingress_public.ingress_path }} {{ wsgi_config.wsgi_public_script }}
+    {% if ingress_internal and ingress_internal.ingress_path -%}
+    WSGIScriptAlias {{ ingress_internal.ingress_path }} {{ wsgi_config.wsgi_public_script }}
     {% endif -%}
     WSGIScriptAlias / {{ wsgi_config.wsgi_public_script }}
     WSGIApplicationGroup %{GLOBAL}

charms/ceilometer-k8s/src/templates/wsgi-ceilometer-api.conf

@@ -4,8 +4,8 @@ Listen {{ wsgi_config.public_port }}
     WSGIDaemonProcess {{ wsgi_config.group }} processes=3 threads=1 user={{ wsgi_config.user }} group={{ wsgi_config.group }} \
                       display-name=%{GROUP}
     WSGIProcessGroup {{ wsgi_config.group }}
-    {% if ingress_public.ingress_path -%}
-    WSGIScriptAlias {{ ingress_public.ingress_path }} {{ wsgi_config.wsgi_public_script }}
+    {% if ingress_internal.ingress_path -%}
+    WSGIScriptAlias {{ ingress_internal.ingress_path }} {{ wsgi_config.wsgi_public_script }}
     {% endif -%}
     WSGIScriptAlias / {{ wsgi_config.wsgi_public_script }}
     WSGIApplicationGroup %{GLOBAL}

charms/ceilometer-k8s/src/templates/wsgi-template.conf.j2

@@ -4,8 +4,8 @@ Listen {{ wsgi_config.public_port }}
     WSGIDaemonProcess {{ wsgi_config.group }} processes=3 threads=1 user={{ wsgi_config.user }} group={{ wsgi_config.group }} \
                       display-name=%{GROUP}
     WSGIProcessGroup {{ wsgi_config.group }}
-    {% if ingress_public.ingress_path -%}
-    WSGIScriptAlias {{ ingress_public.ingress_path }} {{ wsgi_config.wsgi_public_script }}
+    {% if ingress_internal.ingress_path -%}
+    WSGIScriptAlias {{ ingress_internal.ingress_path }} {{ wsgi_config.wsgi_public_script }}
     {% endif -%}
     WSGIScriptAlias / {{ wsgi_config.wsgi_public_script }}
     WSGIApplicationGroup %{GLOBAL}

charms/cinder-k8s/charmcraft.yaml

@@ -50,10 +50,10 @@ requires:
     limit: 1
   ingress-internal:
     interface: ingress
-    optional: true
     limit: 1
   ingress-public:
     interface: ingress
+    optional: true
     limit: 1
   identity-service:
     interface: keystone

charms/cinder-k8s/src/charm.py

@@ -206,7 +206,7 @@ class CinderOperatorCharm(sunbeam_charm.OSBaseOperatorAPICharm):
         "amqp",
         "storage-backend",
         "identity-service",
-        "ingress-public",
+        "ingress-internal",
     }
 
     db_sync_cmds = [

charms/cinder-k8s/src/templates/api-paste.ini.j2

@@ -3,9 +3,9 @@ use = call:cinder.api:root_app_factory
 /: apiversions
 /healthcheck: healthcheck
 /v3: openstack_volume_api_v3
-{% if ingress_public.ingress_path -%}
-{{ ingress_public.ingress_path }}: apiversions
-{{ ingress_public.ingress_path }}/v3: openstack_volume_api_v3
+{% if ingress_internal.ingress_path -%}
+{{ ingress_internal.ingress_path }}: apiversions
+{{ ingress_internal.ingress_path }}/v3: openstack_volume_api_v3
 {% endif -%}
 
 [composite:openstack_volume_api_v3]

charms/cinder-k8s/src/templates/wsgi-cinder-api.conf.j2

@@ -3,8 +3,8 @@ Listen 8776
     WSGIDaemonProcess cinder processes=4 threads=1 user=cinder group=cinder \
                       display-name=%{GROUP}
     WSGIProcessGroup cinder
-    {% if ingress_public and ingress_public.ingress_path -%}
-    WSGIScriptAlias {{ ingress_public.ingress_path }} {{ wsgi_config.wsgi_public_script }}
+    {% if ingress_internal and ingress_internal.ingress_path -%}
+    WSGIScriptAlias {{ ingress_internal.ingress_path }} {{ wsgi_config.wsgi_public_script }}
     {% endif -%}
     WSGIScriptAlias / {{ wsgi_config.wsgi_public_script }}
     WSGIApplicationGroup %{GLOBAL}

charms/designate-k8s/charmcraft.yaml

@@ -54,10 +54,10 @@ requires:
     interface: keystone
   ingress-internal:
     interface: ingress
-    optional: true
     limit: 1
   ingress-public:
     interface: ingress
+    optional: true
     limit: 1
   amqp:
     interface: rabbitmq

charms/designate-k8s/src/charm.py

@@ -364,7 +364,7 @@ class DesignateOperatorCharm(sunbeam_charm.OSBaseOperatorAPICharm):
     mandatory_relations = {
         "database",
         "identity-service",
-        "ingress-public",
+        "ingress-internal",
         "amqp",
         BIND_RNDC_RELATION,
     }

charms/designate-k8s/src/templates/wsgi-designate-api.conf.j2

@@ -4,8 +4,8 @@ Listen {{ wsgi_config.public_port }}
     WSGIDaemonProcess {{ wsgi_config.group }} processes=3 threads=1 user={{ wsgi_config.user }} group={{ wsgi_config.group }} \
                       display-name=%{GROUP}
     WSGIProcessGroup {{ wsgi_config.group }}
-    {% if ingress_public.ingress_path -%}
-    WSGIScriptAlias {{ ingress_public.ingress_path }} {{ wsgi_config.wsgi_public_script }}
+    {% if ingress_internal.ingress_path -%}
+    WSGIScriptAlias {{ ingress_internal.ingress_path }} {{ wsgi_config.wsgi_public_script }}
     {% endif -%}
     WSGIScriptAlias / {{ wsgi_config.wsgi_public_script }}
     WSGIApplicationGroup %{GLOBAL}

charms/glance-k8s/charmcraft.yaml

@@ -316,10 +316,10 @@ requires:
     limit: 1
   ingress-internal:
     interface: ingress
-    optional: true
     limit: 1
   ingress-public:
     interface: ingress
+    optional: true
     limit: 1
   identity-service:
     interface: keystone

charms/glance-k8s/src/charm.py

@@ -290,7 +290,7 @@ class GlanceOperatorCharm(sunbeam_charm.OSBaseOperatorAPICharm):
     mandatory_relations = {
         "database",
         "identity-service",
-        "ingress-public",
+        "ingress-internal",
         "ceph",
     }
 

charms/glance-k8s/src/templates/glance-forwarding.conf.j2

@@ -3,9 +3,9 @@ Listen 9292
 <VirtualHost *:9292>
   ProxyPreserveHost On
   ProxyRequests Off
-  {% if ingress_public and ingress_public.ingress_path -%}
-  ProxyPass {{ ingress_public.ingress_path }} http://localhost:9282/
-  ProxyPassReverse {{ ingress_public.ingress_path }} http://localhost:9282/
+  {% if ingress_internal and ingress_internal.ingress_path -%}
+  ProxyPass {{ ingress_internal.ingress_path }} http://localhost:9282/
+  ProxyPassReverse {{ ingress_internal.ingress_path }} http://localhost:9282/
   {% endif -%}
   ProxyPass / http://localhost:9282/
   ProxyPassReverse / http://localhost:9282/

charms/gnocchi-k8s/charmcraft.yaml

@@ -283,10 +283,10 @@ requires:
     interface: keystone
   ingress-internal:
     interface: ingress
-    optional: true
     limit: 1
   ingress-public:
     interface: ingress
+    optional: true
     limit: 1
   ceph:
     interface: ceph-client

charms/gnocchi-k8s/src/charm.py

@@ -187,7 +187,7 @@ class GnocchiOperatorCharm(sunbeam_charm.OSBaseOperatorAPICharm):
     mandatory_relations = {
         "database",
         "identity-service",
-        "ingress-public",
+        "ingress-internal",
         "ceph",
     }
 

charms/gnocchi-k8s/src/templates/api-paste.ini.j2

@@ -3,10 +3,10 @@ use = egg:Paste#urlmap
 / = gnocchiversions_pipeline
 /v1 = gnocchiv1+noauth
 /healthcheck = healthcheck
-{% if ingress_public.ingress_path -%}
-{{ ingress_public.ingress_path }}: gnocchiversions_pipeline
-{{ ingress_public.ingress_path }}/v1 = gnocchiv1+noauth
-{{ ingress_public.ingress_path }}/healthcheck = healthcheck
+{% if ingress_internal.ingress_path -%}
+{{ ingress_internal.ingress_path }}: gnocchiversions_pipeline
+{{ ingress_internal.ingress_path }}/v1 = gnocchiv1+noauth
+{{ ingress_internal.ingress_path }}/healthcheck = healthcheck
 {% endif -%}
 
 [composite:gnocchi+keystone]
@@ -14,10 +14,10 @@ use = egg:Paste#urlmap
 / = gnocchiversions_pipeline
 /v1 = gnocchiv1+keystone
 /healthcheck = healthcheck
-{% if ingress_public.ingress_path -%}
-{{ ingress_public.ingress_path }}: gnocchiversions_pipeline
-{{ ingress_public.ingress_path }}/v1 = gnocchiv1+keystone
-{{ ingress_public.ingress_path }}/healthcheck = healthcheck
+{% if ingress_internal.ingress_path -%}
+{{ ingress_internal.ingress_path }}: gnocchiversions_pipeline
+{{ ingress_internal.ingress_path }}/v1 = gnocchiv1+keystone
+{{ ingress_internal.ingress_path }}/healthcheck = healthcheck
 {% endif -%}
 
 [composite:gnocchi+remoteuser]
@@ -25,10 +25,10 @@ use = egg:Paste#urlmap
 / = gnocchiversions_pipeline
 /v1 = gnocchiv1+noauth
 /healthcheck = healthcheck
-{% if ingress_public.ingress_path -%}
-{{ ingress_public.ingress_path }}: gnocchiversions_pipeline
-{{ ingress_public.ingress_path }}/v1 = gnocchiv1+noauth
-{{ ingress_public.ingress_path }}/healthcheck = healthcheck
+{% if ingress_internal.ingress_path -%}
+{{ ingress_internal.ingress_path }}: gnocchiversions_pipeline
+{{ ingress_internal.ingress_path }}/v1 = gnocchiv1+noauth
+{{ ingress_internal.ingress_path }}/healthcheck = healthcheck
 {% endif -%}
 
 [pipeline:gnocchiv1+noauth]

charms/gnocchi-k8s/src/templates/wsgi-gnocchi-api.conf

@@ -4,8 +4,8 @@ Listen {{ wsgi_config.public_port }}
     WSGIDaemonProcess {{ wsgi_config.group }} processes=3 threads=1 user={{ wsgi_config.user }} group={{ wsgi_config.group }} \
                       display-name=%{GROUP}
     WSGIProcessGroup {{ wsgi_config.group }}
-    {% if ingress_public.ingress_path -%}
-    WSGIScriptAlias {{ ingress_public.ingress_path }} {{ wsgi_config.wsgi_public_script }}
+    {% if ingress_internal.ingress_path -%}
+    WSGIScriptAlias {{ ingress_internal.ingress_path }} {{ wsgi_config.wsgi_public_script }}
     {% endif -%}
     WSGIScriptAlias / {{ wsgi_config.wsgi_public_script }}
     WSGIApplicationGroup %{GLOBAL}

charms/heat-k8s/charmcraft.yaml

@@ -55,10 +55,10 @@ requires:
     interface: keystone
   traefik-route-internal:
     interface: traefik_route
-    optional: true
     limit: 1
   traefik-route-public:
     interface: traefik_route
+    optional: true
     limit: 1
   amqp:
     interface: rabbitmq

charms/heat-k8s/src/charm.py

@@ -207,7 +207,7 @@ class HeatOperatorCharm(sunbeam_charm.OSBaseOperatorAPICharm):
         "database",
         "amqp",
         "identity-service",
-        "traefik-route-public",
+        "traefik-route-internal",
         "identity-ops",
     }
 
@@ -509,9 +509,7 @@ class HeatOperatorCharm(sunbeam_charm.OSBaseOperatorAPICharm):
             )
             return self.add_explicit_port(public_url)
         else:
-            return self.add_explicit_port(
-                self.service_url(self.public_ingress_address)
-            )
+            return self.heat_internal_url
 
     @property
     def heat_cfn_public_url(self) -> str:
@@ -528,9 +526,7 @@ class HeatOperatorCharm(sunbeam_charm.OSBaseOperatorAPICharm):
             )
             return self.add_explicit_port(public_url)
         else:
-            return self.add_explicit_port(
-                self.service_url(self.public_ingress_address)
-            )
+            return self.heat_cfn_internal_url
 
     @property
     def heat_internal_url(self) -> str:

charms/horizon-k8s/src/charm.py

@@ -102,7 +102,7 @@ class WSGIHorizonPebbleHandler(sunbeam_chandlers.WSGIPebbleHandler):
         logger.debug("Files changed: %r", files)
         if (
             self.charm.service_conf in files
-            and self.charm.ingress_public.ready
+            and self.charm.ingress_internal.ready
         ):
             logger.debug("local_settings.py changed, running django utilities")
             container = self.charm.unit.get_container(self.container_name)
@@ -141,7 +141,7 @@ class HorizonOperatorCharm(sunbeam_charm.OSBaseOperatorAPICharm):
 
     mandatory_relations = {
         "database",
-        "ingress-public",
+        "ingress-internal",
         "identity-credentials",
     }
 
@@ -231,6 +231,10 @@ class HorizonOperatorCharm(sunbeam_charm.OSBaseOperatorAPICharm):
                     self.model.app.status = ops.model.ActiveStatus(
                         self.ingress_public.url
                     )
+                elif self.ingress_internal.url:
+                    self.model.app.status = ops.model.ActiveStatus(
+                        self.ingress_internal.url
+                    )
                 else:
                     self.model.app.status = ops.model.ActiveStatus()
 
@@ -273,7 +277,7 @@ class HorizonOperatorCharm(sunbeam_charm.OSBaseOperatorAPICharm):
         """Healthcheck HTTP URL for the service."""
         return (
             super().healthcheck_http_url
-            + self.ingress_public.context().get(
+            + self.ingress_internal.context().get(
                 "ingress_path", self.model.name + "-horizon"
             )
             + "/auth/login/"

charms/horizon-k8s/src/templates/local_settings.py.j2

@@ -833,17 +833,17 @@ REST_API_REQUIRED_SETTINGS = ['OPENSTACK_HYPERVISOR_FEATURES',
 
 # XXX Review theme handling and update here
 
-WEBROOT = '{{ ingress_public.ingress_path }}'
-STATIC_URL = '{{ ingress_public.ingress_path }}/static/'
+WEBROOT = '{{ ingress_internal.ingress_path }}'
+STATIC_URL = '{{ ingress_internal.ingress_path }}/static/'
 
 {% if webroot == "/" %}
 LOGIN_URL='/auth/login/'
 LOGOUT_URL='/auth/logout/'
 {% else %}
-LOGIN_URL='{{ ingress_public.ingress_path }}/auth/login/'
-LOGOUT_URL='{{ ingress_public.ingress_path }}/auth/logout/'
+LOGIN_URL='{{ ingress_internal.ingress_path }}/auth/login/'
+LOGOUT_URL='{{ ingress_internal.ingress_path }}/auth/logout/'
 {% endif %}
-LOGIN_REDIRECT_URL='{{ ingress_public.ingress_path }}'
+LOGIN_REDIRECT_URL='{{ ingress_internal.ingress_path }}'
 
 # By default, validation of the HTTP Host header is disabled.  Production
 # installations should have this set accordingly.  For more information

charms/horizon-k8s/src/templates/wsgi-horizon.conf

@@ -1,12 +1,12 @@
 Listen 0.0.0.0:80
 
-WSGIScriptAlias {{ ingress_public.ingress_path }} /usr/share/openstack-dashboard/openstack_dashboard/wsgi.py process-group=horizon
+WSGIScriptAlias {{ ingress_internal.ingress_path }} /usr/share/openstack-dashboard/openstack_dashboard/wsgi.py process-group=horizon
 WSGIDaemonProcess horizon user=horizon group=horizon processes=4 threads=10 display-name=%{GROUP}
 WSGIProcessGroup horizon
 WSGIApplicationGroup %{GLOBAL}
 
 Alias /static /var/lib/openstack-dashboard/static/
-Alias {{ ingress_public.ingress_path }}/static /var/lib/openstack-dashboard/static/
+Alias {{ ingress_internal.ingress_path }}/static /var/lib/openstack-dashboard/static/
 
 ErrorLog {{ wsgi_config.error_log }}
 CustomLog {{ wsgi_config.custom_log }} combined

charms/horizon-k8s/tests/unit/test_horizon_charm.py

@@ -113,5 +113,5 @@ class TestHorizonOperatorCharm(test_utils.CharmTestCase):
         action_event = MagicMock()
         self.harness.charm._get_dashboard_url_action(action_event)
         action_event.set_results.assert_called_with(
-            {"url": "http://dashboard.juju:80"}
+            {"url": "http://10.0.0.10:80"}
         )

charms/keystone-k8s/charmcraft.yaml

@@ -141,9 +141,9 @@ requires:
   ingress-internal:
     interface: ingress
     limit: 1
-    optional: true
   ingress-public:
     interface: ingress
+    optional: true
     limit: 1
   amqp:
     interface: rabbitmq

charms/keystone-k8s/src/charm.py

@@ -334,7 +334,7 @@ class KeystoneOperatorCharm(sunbeam_charm.OSBaseOperatorAPICharm):
     domain_config_dir = Path("/etc/keystone/domains")
     domain_ca_dir = Path("/usr/local/share/ca-certificates")
     service_port = 5000
-    mandatory_relations = {"database", "ingress-public"}
+    mandatory_relations = {"database", "ingress-internal"}
     db_sync_cmds = [
         [
             "sudo",
@@ -1461,12 +1461,7 @@ export OS_AUTH_VERSION=3
         if self.ingress_public and self.ingress_public.url:
             return self.ingress_public.url.removesuffix("/") + "/v3"
 
-        address = self.public_ingress_address
-        if not address:
-            address = self.model.get_binding(
-                self.IDSVC_RELATION_NAME
-            ).network.ingress_address
-        return f"http://{address}:{self.service_port}/v3"
+        return self.internal_endpoint
 
     @property
     def healthcheck_http_url(self) -> str:

charms/keystone-k8s/src/templates/wsgi-keystone.conf.j2

@@ -3,8 +3,8 @@ Listen 0.0.0.0:{{ ks_config.public_port }}
 <VirtualHost *:{{ ks_config.public_port }}>
     WSGIDaemonProcess keystone-public processes=4 threads=1 user=keystone group=keystone display-name=%{GROUP} python-path=/usr/lib/python3/site-packages
     WSGIProcessGroup keystone-public
-    {% if ingress_public and ingress_public.ingress_path -%}
-    WSGIScriptAlias {{ ingress_public.ingress_path }} /usr/bin/keystone-wsgi-public
+    {% if ingress_internal and ingress_internal.ingress_path -%}
+    WSGIScriptAlias {{ ingress_internal.ingress_path }} /usr/bin/keystone-wsgi-public
     {% endif -%}
     WSGIScriptAlias / /usr/bin/keystone-wsgi-public
     WSGIApplicationGroup %{GLOBAL}

charms/keystone-k8s/tests/unit/test_keystone_charm.py

@@ -543,7 +543,7 @@ class TestKeystoneOperatorCharm(test_utils.CharmTestCase):
         label = charm.CREDENTIALS_SECRET_PREFIX + "svc_" + "cinder"
         secret_id = rel_data["service-credentials"]
         if remove_ingress:
-            rel = self.harness.charm.model.get_relation("ingress-public")
+            rel = self.harness.charm.model.get_relation("ingress-internal")
             rel_id = rel.id
             self.harness.remove_relation(rel_id)
         self.km_mock.create_service_account = create_service_mock

charms/magnum-k8s/charmcraft.yaml

@@ -59,10 +59,10 @@ requires:
     interface: keystone-resources
   ingress-internal:
     interface: ingress
-    optional: true
     limit: 1
   ingress-public:
     interface: ingress
+    optional: true
     limit: 1
   amqp:
     interface: rabbitmq

charms/magnum-k8s/src/charm.py

@@ -146,7 +146,7 @@ class MagnumOperatorCharm(sunbeam_charm.OSBaseOperatorAPICharm):
         "database",
         "amqp",
         "identity-service",
-        "ingress-public",
+        "ingress-internal",
         "identity-ops",
     }
 

charms/magnum-k8s/src/templates/api-paste.ini.j2

@@ -2,8 +2,8 @@
 paste.composite_factory = magnum.api:root_app_factory
 /: api
 /healthcheck: healthcheck
-{% if ingress_public.ingress_path -%}
-{{ ingress_public.ingress_path }}: api
+{% if ingress_internal.ingress_path -%}
+{{ ingress_internal.ingress_path }}: api
 {% endif %}
 
 [pipeline:api]

charms/magnum-k8s/src/templates/wsgi-magnum-api.conf.j2

@@ -3,8 +3,8 @@ Listen {{ wsgi_config.public_port }}
     WSGIDaemonProcess {{ wsgi_config.group }} processes=3 threads=1 user={{ wsgi_config.user }} group={{ wsgi_config.group }} \
                       display-name=%{GROUP}
     WSGIProcessGroup {{ wsgi_config.group }}
-    {% if ingress_public and ingress_public.ingress_path -%}
-    WSGIScriptAlias {{ ingress_public.ingress_path }} {{ wsgi_config.wsgi_public_script }}
+    {% if ingress_internal and ingress_internal.ingress_path -%}
+    WSGIScriptAlias {{ ingress_internal.ingress_path }} {{ wsgi_config.wsgi_public_script }}
     {% endif -%}
     WSGIScriptAlias / {{ wsgi_config.wsgi_public_script }}
     WSGIApplicationGroup %{GLOBAL}

charms/masakari-k8s/charmcraft.yaml

@@ -69,9 +69,9 @@ requires:
   ingress-internal:
     interface: ingress
     limit: 1
-    optional: true
   ingress-public:
     interface: ingress
+    optional: true
     limit: 1
   logging:
     interface: loki_push_api

charms/masakari-k8s/src/charm.py

@@ -294,7 +294,7 @@ class MasakariOperatorCharm(sunbeam_charm.OSBaseOperatorAPICharm):
         "database",
         "amqp",
         "identity-service",
-        "ingress-public",
+        "ingress-internal",
     }
 
     wsgi_admin_script = "/usr/bin/masakari-wsgi"

charms/masakari-k8s/src/templates/wsgi-masakari-api.conf.j2

@@ -4,8 +4,8 @@ Listen {{ wsgi_config.public_port }}
     WSGIDaemonProcess {{ wsgi_config.name }} processes=4 threads=1 user={{ wsgi_config.user }} group={{ wsgi_config.group }} \
                       display-name=%{GROUP}
     WSGIProcessGroup {{ wsgi_config.name }}
-    {% if ingress_public and ingress_public.ingress_path -%}
-    WSGIScriptAlias {{ ingress_public.ingress_path }} {{ wsgi_config.wsgi_public_script }}
+    {% if ingress_internal and ingress_internal.ingress_path -%}
+    WSGIScriptAlias {{ ingress_internal.ingress_path }} {{ wsgi_config.wsgi_public_script }}
     {% endif -%}
     WSGIScriptAlias / {{ wsgi_config.wsgi_public_script }}
     WSGIApplicationGroup %{GLOBAL}

charms/neutron-k8s/charmcraft.yaml

@@ -123,10 +123,10 @@ resources:
 requires:
   ingress-internal:
     interface: ingress
-    optional: true
     limit: 1
   ingress-public:
     interface: ingress
+    optional: true
     limit: 1
   database:
     interface: mysql_client

charms/neutron-k8s/src/charm.py

@@ -432,7 +432,7 @@ class NeutronOVNOperatorCharm(NeutronOperatorCharm):
         "database",
         "ovsdb-cms",
         "identity-service",
-        "ingress-public",
+        "ingress-internal",
     }
 
     @property

charms/neutron-k8s/src/templates/api-paste.ini.j2

@@ -3,9 +3,9 @@ use = egg:Paste#urlmap
 /: neutronversions_composite
 /healthcheck: healthcheck
 /v2.0: neutronapi_v2_0
-{% if ingress_public.ingress_path -%}
-{{ ingress_public.ingress_path }}: neutronversions_composite
-{{ ingress_public.ingress_path }}/v2.0: neutronapi_v2_0
+{% if ingress_internal.ingress_path -%}
+{{ ingress_internal.ingress_path }}: neutronversions_composite
+{{ ingress_internal.ingress_path }}/v2.0: neutronapi_v2_0
 {% endif -%}
 
 [composite:neutronapi_v2_0]

charms/neutron-k8s/src/templates/wsgi-neutron-api.conf.j2

@@ -3,8 +3,8 @@ Listen {{ wsgi_config.public_port }}
     WSGIDaemonProcess glance processes=4 threads=1 user={{ wsgi_config.user }} group={{ wsgi_config.group }} \
                       display-name=%{GROUP}
     WSGIProcessGroup glance
-    {% if ingress_public and ingress_public.ingress_path -%}
-    WSGIScriptAlias {{ ingress_public.ingress_path }} {{ wsgi_config.wsgi_public_script }}
+    {% if ingress_internal and ingress_internal.ingress_path -%}
+    WSGIScriptAlias {{ ingress_internal.ingress_path }} {{ wsgi_config.wsgi_public_script }}
     {% endif -%}
     WSGIScriptAlias / {{ wsgi_config.wsgi_public_script }}
     WSGIApplicationGroup %{GLOBAL}

charms/nova-k8s/charmcraft.yaml

@@ -68,17 +68,17 @@ resources:
 requires:
   ingress-internal:
     interface: ingress
-    optional: true
     limit: 1
   ingress-public:
     interface: ingress
+    optional: true
     limit: 1
   traefik-route-internal:
     interface: traefik_route
-    optional: true
     limit: 1
   traefik-route-public:
     interface: traefik_route
+    optional: true
     limit: 1
   database:
     interface: mysql_client

charms/nova-k8s/src/charm.py

@@ -349,8 +349,8 @@ class NovaOperatorCharm(sunbeam_charm.OSBaseOperatorAPICharm):
         "cell-database",
         "amqp",
         "identity-service",
-        "ingress-public",
-        "traefik-route-public",
+        "ingress-internal",
+        "traefik-route-internal",
     }
 
     def __init__(self, framework):
@@ -448,6 +448,15 @@ class NovaOperatorCharm(sunbeam_charm.OSBaseOperatorAPICharm):
                 f"{self.model.name}-{NOVA_SPICEPROXY_INGRESS_NAME}"
             )
             return public_url
+        elif self.traefik_route_internal and self.traefik_route_internal.ready:
+            scheme = self.traefik_route_internal.interface.scheme
+            external_host = self.traefik_route_internal.interface.external_host
+            internal_url = (
+                f"{scheme}://{external_host}/{self.model.name}"
+                f"-{NOVA_SPICEPROXY_INGRESS_NAME}/spice_auto.html?path=/"
+                f"{self.model.name}-{NOVA_SPICEPROXY_INGRESS_NAME}"
+            )
+            return internal_url
 
         return None
 

charms/nova-k8s/src/templates/wsgi-nova-api.conf.j2

@@ -4,8 +4,8 @@ Listen {{ wsgi_nova_metadata.public_port }}
     WSGIDaemonProcess nova-api processes=4 threads=1 user={{ wsgi_config.user }} group={{ wsgi_config.group }} \
                       display-name=%{GROUP}
     WSGIProcessGroup nova-api
-    {% if ingress_public and ingress_public.ingress_path -%}
-    WSGIScriptAlias {{ ingress_public.ingress_path }} {{ wsgi_config.wsgi_public_script }}
+    {% if ingress_internal and ingress_internal.ingress_path -%}
+    WSGIScriptAlias {{ ingress_internal.ingress_path }} {{ wsgi_config.wsgi_public_script }}
     {% endif -%}
     WSGIScriptAlias / {{ wsgi_config.wsgi_public_script }}
     WSGIApplicationGroup %{GLOBAL}

charms/octavia-k8s/charmcraft.yaml

@@ -72,10 +72,10 @@ requires:
     interface: keystone
   ingress-internal:
     interface: ingress
-    optional: true
     limit: 1
   ingress-public:
     interface: ingress
+    optional: true
     limit: 1
   ovsdb-cms:
     interface: ovsdb-cms

charms/octavia-k8s/src/charm.py

@@ -304,7 +304,7 @@ class OctaviaOVNOperatorCharm(OctaviaOperatorCharm):
         "database",
         "ovsdb-cms",
         "identity-service",
-        "ingress-public",
+        "ingress-internal",
     }
 
     @property

charms/octavia-k8s/src/templates/wsgi-octavia-api.conf

@@ -4,8 +4,8 @@ Listen {{ wsgi_config.public_port }}
     WSGIDaemonProcess {{ wsgi_config.group }} processes=3 threads=1 user={{ wsgi_config.user }} group={{ wsgi_config.group }} \
                       display-name=%{GROUP}
     WSGIProcessGroup {{ wsgi_config.group }}
-    {% if ingress_public.ingress_path -%}
-    WSGIScriptAlias {{ ingress_public.ingress_path }} {{ wsgi_config.wsgi_public_script }}
+    {% if ingress_internal.ingress_path -%}
+    WSGIScriptAlias {{ ingress_internal.ingress_path }} {{ wsgi_config.wsgi_public_script }}
     {% endif -%}
     WSGIScriptAlias / {{ wsgi_config.wsgi_public_script }}
     WSGIApplicationGroup %{GLOBAL}

charms/octavia-k8s/src/templates/wsgi-template.conf.j2

@@ -4,8 +4,8 @@ Listen {{ wsgi_config.public_port }}
     WSGIDaemonProcess {{ wsgi_config.group }} processes=3 threads=1 user={{ wsgi_config.user }} group={{ wsgi_config.group }} \
                       display-name=%{GROUP}
     WSGIProcessGroup {{ wsgi_config.group }}
-    {% if ingress_public.ingress_path -%}
-    WSGIScriptAlias {{ ingress_public.ingress_path }} {{ wsgi_config.wsgi_public_script }}
+    {% if ingress_internal.ingress_path -%}
+    WSGIScriptAlias {{ ingress_internal.ingress_path }} {{ wsgi_config.wsgi_public_script }}
     {% endif -%}
     WSGIScriptAlias / {{ wsgi_config.wsgi_public_script }}
     WSGIApplicationGroup %{GLOBAL}

charms/openstack-images-sync-k8s/charmcraft.yaml

@@ -62,6 +62,7 @@ requires:
     optional: true
   ingress-public:
     interface: ingress
+    optional: true
     limit: 1
   identity-service:
     interface: keystone

charms/openstack-images-sync-k8s/src/charm.py

@@ -157,7 +157,7 @@ class OpenstackImagesSyncK8SCharm(sunbeam_charm.OSBaseOperatorAPICharm):
     service_name = "openstack-images-sync"
     mandatory_relations = {
         "identity-service",
-        "ingress-public",
+        "ingress-internal",
     }
 
     @property

charms/openstack-images-sync-k8s/src/templates/http-sync.conf.j2

@@ -3,8 +3,8 @@ Listen {{ httpd_config.public_port }}
 <VirtualHost *:{{ httpd_config.public_port }}>
   DocumentRoot "/var/www/html/simplestreams"
 
- {% if ingress_public and ingress_public.ingress_path %}
-  Alias {{ ingress_public.ingress_path }} "/var/www/html/simplestreams"
+ {% if ingress_internal and ingress_internal.ingress_path %}
+  Alias {{ ingress_internal.ingress_path }} "/var/www/html/simplestreams"
  {% endif %}
 
   <Directory "/var/www/html/simplestreams">

charms/placement-k8s/src/templates/wsgi-placement-api.conf.j2

@@ -3,8 +3,8 @@ Listen {{ wsgi_config.public_port }}
     WSGIDaemonProcess placement processes=4 threads=1 user={{ wsgi_config.user }} group={{ wsgi_config.group }} \
                       display-name=%{GROUP}
     WSGIProcessGroup placement
-    {% if ingress_public and ingress_public.ingress_path -%}
-    WSGIScriptAlias {{ ingress_public.ingress_path }} {{ wsgi_config.wsgi_public_script }}
+    {% if ingress_internal and ingress_internal.ingress_path -%}
+    WSGIScriptAlias {{ ingress_internal.ingress_path }} {{ wsgi_config.wsgi_public_script }}
     {% endif -%}
     WSGIScriptAlias / {{ wsgi_config.wsgi_public_script }}
     WSGIApplicationGroup %{GLOBAL}

charms/watcher-k8s/charmcraft.yaml

@@ -80,9 +80,9 @@ requires:
   ingress-internal:
     interface: ingress
     limit: 1
-    optional: true
   ingress-public:
     interface: ingress
+    optional: true
     limit: 1
   logging:
     interface: loki_push_api

charms/watcher-k8s/src/charm.py

@@ -118,7 +118,12 @@ class WatcherOperatorCharm(sunbeam_charm.OSBaseOperatorAPICharm):
     service_name = "watcher-api"
     wsgi_admin_script = "/usr/bin/watcher-api-wsgi"
     wsgi_public_script = "/usr/bin/watcher-api-wsgi"
-    mandatory_relations = {"database", "amqp", "identity-service"}
+    mandatory_relations = {
+        "database",
+        "amqp",
+        "identity-service",
+        "ingress-internal",
+    }
 
     db_sync_cmds = [
         [

charms/watcher-k8s/src/templates/wsgi-watcher-api.conf.j2

@@ -3,8 +3,8 @@ Listen {{ wsgi_config.public_port }}
     WSGIDaemonProcess {{ wsgi_config.name }} processes=4 threads=1 user={{ wsgi_config.user }} group={{ wsgi_config.group }} \
                       display-name=%{GROUP}
     WSGIProcessGroup {{ wsgi_config.name }}
-    {% if ingress_public and ingress_public.ingress_path -%}
-    WSGIScriptAlias {{ ingress_public.ingress_path }} {{ wsgi_config.wsgi_public_script }}
+    {% if ingress_internal and ingress_internal.ingress_path -%}
+    WSGIScriptAlias {{ ingress_internal.ingress_path }} {{ wsgi_config.wsgi_public_script }}
     {% endif -%}
     WSGIScriptAlias / {{ wsgi_config.wsgi_public_script }}
     WSGIApplicationGroup %{GLOBAL}
@@ -24,4 +24,4 @@ Listen {{ wsgi_config.public_port }}
             Allow from all
         </IfVersion>
     </Directory>
-</VirtualHost>
+</VirtualHost>

ops-sunbeam/ops_sunbeam/charm.py

@@ -789,7 +789,7 @@ class OSBaseOperatorCharmK8S(OSBaseOperatorCharm):
 class OSBaseOperatorAPICharm(OSBaseOperatorCharmK8S):
     """Base class for OpenStack API operators."""
 
-    mandatory_relations = {"database", "identity-service", "ingress-public"}
+    mandatory_relations = {"database", "identity-service", "ingress-internal"}
     wsgi_admin_script: str
     wsgi_public_script: str
 
@@ -918,9 +918,7 @@ class OSBaseOperatorAPICharm(OSBaseOperatorCharmK8S):
         except (AttributeError, KeyError):
             pass
 
-        return self.add_explicit_port(
-            self.service_url(self.public_ingress_address)
-        )
+        return self.internal_url
 
     @property
     def admin_url(self) -> str:

tests/caas/smoke.yaml.j2

@@ -144,7 +144,7 @@ relations:
 - - mysql:database
   - keystone:database
 - - traefik:ingress
-  - keystone:ingress-public
+  - keystone:ingress-internal
 
 - - mysql:database
   - glance:database
@@ -153,7 +153,7 @@ relations:
 - - rabbitmq:amqp
   - glance:amqp
 - - traefik:ingress
-  - glance:ingress-public
+  - glance:ingress-internal
 - - keystone:send-ca-cert
   - glance:receive-ca-cert
 
@@ -164,7 +164,7 @@ relations:
 - - keystone:identity-ops
   - heat:identity-ops
 - - traefik:traefik-route
-  - heat:traefik-route-public
+  - heat:traefik-route-internal
 - - rabbitmq:amqp
   - heat:amqp
 - - keystone:send-ca-cert
@@ -177,7 +177,7 @@ relations:
 - - keystone:identity-ops
   - octavia:identity-ops
 - - traefik:ingress
-  - octavia:ingress-public
+  - octavia:ingress-internal
 - - tls-operator:certificates
   - octavia:certificates
 - - octavia:ovsdb-cms
@@ -194,7 +194,7 @@ relations:
 - - keystone:identity-ops
   - barbican:identity-ops
 - - traefik:ingress
-  - barbican:ingress-public
+  - barbican:ingress-internal
 - - vault:vault-kv
   - barbican:vault-kv
 - - keystone:send-ca-cert
@@ -209,6 +209,6 @@ relations:
 - - keystone:identity-ops
   - magnum:identity-ops
 - - traefik:ingress
-  - magnum:ingress-public
+  - magnum:ingress-internal
 - - keystone:send-ca-cert
   - magnum:receive-ca-cert

tests/ceph/smoke.yaml.j2

@@ -125,7 +125,7 @@ relations:
 - - mysql:database
   - keystone:database
 - - traefik:ingress
-  - keystone:ingress-public
+  - keystone:ingress-internal
 
 - - mysql:database
   - cinder:database
@@ -134,7 +134,7 @@ relations:
 - - keystone:identity-service
   - cinder:identity-service
 - - traefik:ingress
-  - cinder:ingress-public
+  - cinder:ingress-internal
 - - keystone:send-ca-cert
   - cinder:receive-ca-cert
 
@@ -150,7 +150,7 @@ relations:
 - - mysql:database
   - gnocchi:database
 - - traefik:ingress
-  - gnocchi:ingress-public
+  - gnocchi:ingress-internal
 - - keystone:identity-service
   - gnocchi:identity-service
 - - keystone:send-ca-cert
@@ -172,7 +172,7 @@ relations:
 - - keystone:identity-service
   - aodh:identity-service
 - - traefik:ingress
-  - aodh:ingress-public
+  - aodh:ingress-internal
 - - keystone:send-ca-cert
   - aodh:receive-ca-cert
 
@@ -183,7 +183,7 @@ relations:
 - - keystone:identity-service
   - watcher:identity-service
 - - traefik:ingress
-  - watcher:ingress-public
+  - watcher:ingress-internal
 - - keystone:send-ca-cert
   - watcher:receive-ca-cert
 - - gnocchi:gnocchi-service

tests/core/smoke.yaml.j2

@@ -159,7 +159,7 @@ relations:
 - - mysql:database
   - keystone:database
 - - traefik:ingress
-  - keystone:ingress-public
+  - keystone:ingress-internal
 
 - - mysql:database
   - glance:database
@@ -168,7 +168,7 @@ relations:
 - - rabbitmq:amqp
   - glance:amqp
 - - traefik:ingress
-  - glance:ingress-public
+  - glance:ingress-internal
 - - keystone:send-ca-cert
   - glance:receive-ca-cert
 
@@ -183,9 +183,9 @@ relations:
 - - keystone:identity-service
   - nova:identity-service
 - - traefik:ingress
-  - nova:ingress-public
+  - nova:ingress-internal
 - - traefik:traefik-route
-  - nova:traefik-route-public
+  - nova:traefik-route-internal
 - - keystone:send-ca-cert
   - nova:receive-ca-cert
 
@@ -194,7 +194,7 @@ relations:
 - - keystone:identity-service
   - placement:identity-service
 - - traefik:ingress
-  - placement:ingress-public
+  - placement:ingress-internal
 - - keystone:send-ca-cert
   - placement:receive-ca-cert
 
@@ -205,7 +205,7 @@ relations:
 - - keystone:identity-service
   - neutron:identity-service
 - - traefik:ingress
-  - neutron:ingress-public
+  - neutron:ingress-internal
 - - tls-operator:certificates
   - neutron:certificates
 - - neutron:ovsdb-cms
@@ -216,4 +216,4 @@ relations:
 - - keystone:identity-service
   - openstack-images-sync:identity-service
 - - traefik:ingress
-  - openstack-images-sync:ingress-public
+  - openstack-images-sync:ingress-internal

tests/misc/smoke.yaml.j2

@@ -127,7 +127,7 @@ relations:
 - - mysql:database
   - keystone:database
 - - traefik:ingress
-  - keystone:ingress-public
+  - keystone:ingress-internal
 
 - - mysql:database
   - designate:database
@@ -136,7 +136,7 @@ relations:
 - - keystone:identity-service
   - designate:identity-service
 - - traefik:ingress
-  - designate:ingress-public
+  - designate:ingress-internal
 - - designate-bind:dns-backend
   - designate:dns-backend
 - - keystone:send-ca-cert
@@ -153,7 +153,7 @@ relations:
 - - keystone:identity-credentials
   - horizon:identity-credentials
 - - traefik:ingress
-  - horizon:ingress-public
+  - horizon:ingress-internal
 - - keystone:send-ca-cert
   - horizon:receive-ca-cert
 
@@ -164,7 +164,7 @@ relations:
 - - keystone:identity-service
   - masakari:identity-service
 - - traefik:ingress
-  - masakari:ingress-public
+  - masakari:ingress-internal
 
 - - masakari:consul-management
   - consul:consul-cluster

tests/tempest/smoke.yaml.j2

@@ -154,7 +154,7 @@ relations:
 - - mysql:database
   - keystone:database
 - - traefik:ingress
-  - keystone:ingress-public
+  - keystone:ingress-internal
 
 - - mysql:database
   - glance:database
@@ -163,7 +163,7 @@ relations:
 - - rabbitmq:amqp
   - glance:amqp
 - - traefik:ingress
-  - glance:ingress-public
+  - glance:ingress-internal
 - - keystone:send-ca-cert
   - glance:receive-ca-cert
 
@@ -178,9 +178,9 @@ relations:
 - - keystone:identity-service
   - nova:identity-service
 - - traefik:ingress
-  - nova:ingress-public
+  - nova:ingress-internal
 - - traefik:traefik-route
-  - nova:traefik-route-public
+  - nova:traefik-route-internal
 - - keystone:send-ca-cert
   - nova:receive-ca-cert
 
@@ -189,7 +189,7 @@ relations:
 - - keystone:identity-service
   - placement:identity-service
 - - traefik:ingress
-  - placement:ingress-public
+  - placement:ingress-internal
 - - keystone:send-ca-cert
   - placement:receive-ca-cert
 
@@ -200,7 +200,7 @@ relations:
 - - keystone:identity-service
   - neutron:identity-service
 - - traefik:ingress
-  - neutron:ingress-public
+  - neutron:ingress-internal
 - - tls-operator:certificates
   - neutron:certificates
 - - neutron:ovsdb-cms