summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEmilien Macchi <emilien@redhat.com>2017-02-03 10:40:41 -0500
committerEmilien Macchi <emilien@redhat.com>2017-02-06 16:10:23 +0000
commit22c5d341776c02dfafab1f58f68a852da34f3692 (patch)
tree255d4315325a96fcb0005292f8e84a7b7d8bb77a
parent2b11f29824719f961d35c66617f3ee654cf9f0f3 (diff)
Stop deploying Nova API in WSGI with Apache
It was suggested by Nova team to not deploying Nova API in WSGI with Apache in production. It's causing some issues that we didn't catch until now (see in the bug report). Until we figure out what was wrong, let's disable it so we can move forward in the upgrade process. Related-Bug: 1661360 Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com> Change-Id: Ia87b5bdea79e500ed41c30beb9aa9d6be302e3ac
-rw-r--r--manifests/haproxy.pp4
-rw-r--r--manifests/profile/base/nova/api.pp37
-rw-r--r--spec/classes/tripleo_profile_base_nova_api_spec.rb8
3 files changed, 25 insertions, 24 deletions
diff --git a/manifests/haproxy.pp b/manifests/haproxy.pp
index e1c44ee..42de8ba 100644
--- a/manifests/haproxy.pp
+++ b/manifests/haproxy.pp
@@ -1044,7 +1044,7 @@ class tripleo::haproxy (
},
public_ssl_port => $ports[nova_api_ssl_port],
service_network => $nova_osapi_network,
- member_options => union($haproxy_member_options, $internal_tls_member_options),
+ #member_options => union($haproxy_member_options, $internal_tls_member_options),
}
}
@@ -1064,7 +1064,7 @@ class tripleo::haproxy (
},
public_ssl_port => $ports[nova_placement_ssl_port],
service_network => $nova_placement_network,
- member_options => union($haproxy_member_options, $internal_tls_member_options),
+ #member_options => union($haproxy_member_options, $internal_tls_member_options),
}
}
diff --git a/manifests/profile/base/nova/api.pp b/manifests/profile/base/nova/api.pp
index 83baae2..99911d2 100644
--- a/manifests/profile/base/nova/api.pp
+++ b/manifests/profile/base/nova/api.pp
@@ -70,21 +70,6 @@ class tripleo::profile::base::nova::api (
include ::tripleo::profile::base::nova
- if $enable_internal_tls {
- if $generate_service_certificates {
- ensure_resources('tripleo::certmonger::httpd', $certificates_specs)
- }
-
- if !$nova_api_network {
- fail('nova_api_network is not set in the hieradata.')
- }
- $tls_certfile = $certificates_specs["httpd-${nova_api_network}"]['service_certificate']
- $tls_keyfile = $certificates_specs["httpd-${nova_api_network}"]['service_key']
- } else {
- $tls_certfile = undef
- $tls_keyfile = undef
- }
-
if $step >= 3 and $sync_db {
include ::nova::cell_v2::simple_setup
}
@@ -105,9 +90,25 @@ class tripleo::profile::base::nova::api (
sync_db => $sync_db,
sync_db_api => $sync_db,
}
- class { '::nova::wsgi::apache_api':
- ssl_cert => $tls_certfile,
- ssl_key => $tls_keyfile,
+ if hiera('nova_wsgi_enabled', true) {
+ if $enable_internal_tls {
+ if $generate_service_certificates {
+ ensure_resources('tripleo::certmonger::httpd', $certificates_specs)
+ }
+
+ if !$nova_api_network {
+ fail('nova_api_network is not set in the hieradata.')
+ }
+ $tls_certfile = $certificates_specs["httpd-${nova_api_network}"]['service_certificate']
+ $tls_keyfile = $certificates_specs["httpd-${nova_api_network}"]['service_key']
+ } else {
+ $tls_certfile = undef
+ $tls_keyfile = undef
+ }
+ class { '::nova::wsgi::apache_api':
+ ssl_cert => $tls_certfile,
+ ssl_key => $tls_keyfile,
+ }
}
include ::nova::network::neutron
}
diff --git a/spec/classes/tripleo_profile_base_nova_api_spec.rb b/spec/classes/tripleo_profile_base_nova_api_spec.rb
index f930342..def4f4e 100644
--- a/spec/classes/tripleo_profile_base_nova_api_spec.rb
+++ b/spec/classes/tripleo_profile_base_nova_api_spec.rb
@@ -39,7 +39,7 @@ eos
is_expected.to contain_class('tripleo::profile::base::nova')
is_expected.to_not contain_class('nova::keystone::authtoken')
is_expected.to_not contain_class('nova::api')
- is_expected.to_not contain_class('nova::wsgi::apache_api')
+ #is_expected.to_not contain_class('nova::wsgi::apache_api')
is_expected.to_not contain_class('nova::network::neutron')
}
end
@@ -56,7 +56,7 @@ eos
is_expected.to contain_class('nova::cell_v2::simple_setup')
is_expected.to contain_class('nova::keystone::authtoken')
is_expected.to contain_class('nova::api')
- is_expected.to contain_class('nova::wsgi::apache_api')
+ #is_expected.to contain_class('nova::wsgi::apache_api')
is_expected.to contain_class('nova::network::neutron')
}
end
@@ -73,7 +73,7 @@ eos
is_expected.to_not contain_class('nova::db::sync_cell_v2')
is_expected.to_not contain_class('nova::keystone::authtoken')
is_expected.to_not contain_class('nova::api')
- is_expected.to_not contain_class('nova::wsgi::apache_api')
+ #is_expected.to_not contain_class('nova::wsgi::apache_api')
is_expected.to_not contain_class('nova::network::neutron')
}
end
@@ -88,7 +88,7 @@ eos
is_expected.to_not contain_class('nova::db::sync_cell_v2')
is_expected.to contain_class('nova::keystone::authtoken')
is_expected.to contain_class('nova::api')
- is_expected.to contain_class('nova::wsgi::apache_api')
+ #is_expected.to contain_class('nova::wsgi::apache_api')
is_expected.to contain_class('nova::network::neutron')
}
end