diff options
author | Emilien Macchi <emilien@redhat.com> | 2017-02-03 10:40:41 -0500 |
---|---|---|
committer | Emilien Macchi <emilien@redhat.com> | 2017-02-06 16:10:23 +0000 |
commit | 22c5d341776c02dfafab1f58f68a852da34f3692 (patch) | |
tree | 255d4315325a96fcb0005292f8e84a7b7d8bb77a | |
parent | 2b11f29824719f961d35c66617f3ee654cf9f0f3 (diff) |
Stop deploying Nova API in WSGI with Apache
It was suggested by Nova team to not deploying Nova API in WSGI with
Apache in production.
It's causing some issues that we didn't catch until now (see in the bug
report). Until we figure out what was wrong, let's disable it so we can
move forward in the upgrade process.
Related-Bug: 1661360
Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com>
Change-Id: Ia87b5bdea79e500ed41c30beb9aa9d6be302e3ac
-rw-r--r-- | manifests/haproxy.pp | 4 | ||||
-rw-r--r-- | manifests/profile/base/nova/api.pp | 37 | ||||
-rw-r--r-- | spec/classes/tripleo_profile_base_nova_api_spec.rb | 8 |
3 files changed, 25 insertions, 24 deletions
diff --git a/manifests/haproxy.pp b/manifests/haproxy.pp index e1c44ee..42de8ba 100644 --- a/manifests/haproxy.pp +++ b/manifests/haproxy.pp @@ -1044,7 +1044,7 @@ class tripleo::haproxy ( }, public_ssl_port => $ports[nova_api_ssl_port], service_network => $nova_osapi_network, - member_options => union($haproxy_member_options, $internal_tls_member_options), + #member_options => union($haproxy_member_options, $internal_tls_member_options), } } @@ -1064,7 +1064,7 @@ class tripleo::haproxy ( }, public_ssl_port => $ports[nova_placement_ssl_port], service_network => $nova_placement_network, - member_options => union($haproxy_member_options, $internal_tls_member_options), + #member_options => union($haproxy_member_options, $internal_tls_member_options), } } diff --git a/manifests/profile/base/nova/api.pp b/manifests/profile/base/nova/api.pp index 83baae2..99911d2 100644 --- a/manifests/profile/base/nova/api.pp +++ b/manifests/profile/base/nova/api.pp @@ -70,21 +70,6 @@ class tripleo::profile::base::nova::api ( include ::tripleo::profile::base::nova - if $enable_internal_tls { - if $generate_service_certificates { - ensure_resources('tripleo::certmonger::httpd', $certificates_specs) - } - - if !$nova_api_network { - fail('nova_api_network is not set in the hieradata.') - } - $tls_certfile = $certificates_specs["httpd-${nova_api_network}"]['service_certificate'] - $tls_keyfile = $certificates_specs["httpd-${nova_api_network}"]['service_key'] - } else { - $tls_certfile = undef - $tls_keyfile = undef - } - if $step >= 3 and $sync_db { include ::nova::cell_v2::simple_setup } @@ -105,9 +90,25 @@ class tripleo::profile::base::nova::api ( sync_db => $sync_db, sync_db_api => $sync_db, } - class { '::nova::wsgi::apache_api': - ssl_cert => $tls_certfile, - ssl_key => $tls_keyfile, + if hiera('nova_wsgi_enabled', true) { + if $enable_internal_tls { + if $generate_service_certificates { + ensure_resources('tripleo::certmonger::httpd', $certificates_specs) + } + + if !$nova_api_network { + fail('nova_api_network is not set in the hieradata.') + } + $tls_certfile = $certificates_specs["httpd-${nova_api_network}"]['service_certificate'] + $tls_keyfile = $certificates_specs["httpd-${nova_api_network}"]['service_key'] + } else { + $tls_certfile = undef + $tls_keyfile = undef + } + class { '::nova::wsgi::apache_api': + ssl_cert => $tls_certfile, + ssl_key => $tls_keyfile, + } } include ::nova::network::neutron } diff --git a/spec/classes/tripleo_profile_base_nova_api_spec.rb b/spec/classes/tripleo_profile_base_nova_api_spec.rb index f930342..def4f4e 100644 --- a/spec/classes/tripleo_profile_base_nova_api_spec.rb +++ b/spec/classes/tripleo_profile_base_nova_api_spec.rb @@ -39,7 +39,7 @@ eos is_expected.to contain_class('tripleo::profile::base::nova') is_expected.to_not contain_class('nova::keystone::authtoken') is_expected.to_not contain_class('nova::api') - is_expected.to_not contain_class('nova::wsgi::apache_api') + #is_expected.to_not contain_class('nova::wsgi::apache_api') is_expected.to_not contain_class('nova::network::neutron') } end @@ -56,7 +56,7 @@ eos is_expected.to contain_class('nova::cell_v2::simple_setup') is_expected.to contain_class('nova::keystone::authtoken') is_expected.to contain_class('nova::api') - is_expected.to contain_class('nova::wsgi::apache_api') + #is_expected.to contain_class('nova::wsgi::apache_api') is_expected.to contain_class('nova::network::neutron') } end @@ -73,7 +73,7 @@ eos is_expected.to_not contain_class('nova::db::sync_cell_v2') is_expected.to_not contain_class('nova::keystone::authtoken') is_expected.to_not contain_class('nova::api') - is_expected.to_not contain_class('nova::wsgi::apache_api') + #is_expected.to_not contain_class('nova::wsgi::apache_api') is_expected.to_not contain_class('nova::network::neutron') } end @@ -88,7 +88,7 @@ eos is_expected.to_not contain_class('nova::db::sync_cell_v2') is_expected.to contain_class('nova::keystone::authtoken') is_expected.to contain_class('nova::api') - is_expected.to contain_class('nova::wsgi::apache_api') + #is_expected.to contain_class('nova::wsgi::apache_api') is_expected.to contain_class('nova::network::neutron') } end |