aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--manifests/haproxy.pp4
-rw-r--r--manifests/profile/base/nova/api.pp37
-rw-r--r--spec/classes/tripleo_profile_base_nova_api_spec.rb8
3 files changed, 25 insertions, 24 deletions
diff --git a/manifests/haproxy.pp b/manifests/haproxy.pp
index e1c44ee..42de8ba 100644
--- a/manifests/haproxy.pp
+++ b/manifests/haproxy.pp
@@ -1044,7 +1044,7 @@ class tripleo::haproxy (
},
public_ssl_port => $ports[nova_api_ssl_port],
service_network => $nova_osapi_network,
- member_options => union($haproxy_member_options, $internal_tls_member_options),
+ #member_options => union($haproxy_member_options, $internal_tls_member_options),
}
}
@@ -1064,7 +1064,7 @@ class tripleo::haproxy (
},
public_ssl_port => $ports[nova_placement_ssl_port],
service_network => $nova_placement_network,
- member_options => union($haproxy_member_options, $internal_tls_member_options),
+ #member_options => union($haproxy_member_options, $internal_tls_member_options),
}
}
diff --git a/manifests/profile/base/nova/api.pp b/manifests/profile/base/nova/api.pp
index 83baae2..99911d2 100644
--- a/manifests/profile/base/nova/api.pp
+++ b/manifests/profile/base/nova/api.pp
@@ -70,21 +70,6 @@ class tripleo::profile::base::nova::api (
include ::tripleo::profile::base::nova
- if $enable_internal_tls {
- if $generate_service_certificates {
- ensure_resources('tripleo::certmonger::httpd', $certificates_specs)
- }
-
- if !$nova_api_network {
- fail('nova_api_network is not set in the hieradata.')
- }
- $tls_certfile = $certificates_specs["httpd-${nova_api_network}"]['service_certificate']
- $tls_keyfile = $certificates_specs["httpd-${nova_api_network}"]['service_key']
- } else {
- $tls_certfile = undef
- $tls_keyfile = undef
- }
-
if $step >= 3 and $sync_db {
include ::nova::cell_v2::simple_setup
}
@@ -105,9 +90,25 @@ class tripleo::profile::base::nova::api (
sync_db => $sync_db,
sync_db_api => $sync_db,
}
- class { '::nova::wsgi::apache_api':
- ssl_cert => $tls_certfile,
- ssl_key => $tls_keyfile,
+ if hiera('nova_wsgi_enabled', true) {
+ if $enable_internal_tls {
+ if $generate_service_certificates {
+ ensure_resources('tripleo::certmonger::httpd', $certificates_specs)
+ }
+
+ if !$nova_api_network {
+ fail('nova_api_network is not set in the hieradata.')
+ }
+ $tls_certfile = $certificates_specs["httpd-${nova_api_network}"]['service_certificate']
+ $tls_keyfile = $certificates_specs["httpd-${nova_api_network}"]['service_key']
+ } else {
+ $tls_certfile = undef
+ $tls_keyfile = undef
+ }
+ class { '::nova::wsgi::apache_api':
+ ssl_cert => $tls_certfile,
+ ssl_key => $tls_keyfile,
+ }
}
include ::nova::network::neutron
}
diff --git a/spec/classes/tripleo_profile_base_nova_api_spec.rb b/spec/classes/tripleo_profile_base_nova_api_spec.rb
index f930342..def4f4e 100644
--- a/spec/classes/tripleo_profile_base_nova_api_spec.rb
+++ b/spec/classes/tripleo_profile_base_nova_api_spec.rb
@@ -39,7 +39,7 @@ eos
is_expected.to contain_class('tripleo::profile::base::nova')
is_expected.to_not contain_class('nova::keystone::authtoken')
is_expected.to_not contain_class('nova::api')
- is_expected.to_not contain_class('nova::wsgi::apache_api')
+ #is_expected.to_not contain_class('nova::wsgi::apache_api')
is_expected.to_not contain_class('nova::network::neutron')
}
end
@@ -56,7 +56,7 @@ eos
is_expected.to contain_class('nova::cell_v2::simple_setup')
is_expected.to contain_class('nova::keystone::authtoken')
is_expected.to contain_class('nova::api')
- is_expected.to contain_class('nova::wsgi::apache_api')
+ #is_expected.to contain_class('nova::wsgi::apache_api')
is_expected.to contain_class('nova::network::neutron')
}
end
@@ -73,7 +73,7 @@ eos
is_expected.to_not contain_class('nova::db::sync_cell_v2')
is_expected.to_not contain_class('nova::keystone::authtoken')
is_expected.to_not contain_class('nova::api')
- is_expected.to_not contain_class('nova::wsgi::apache_api')
+ #is_expected.to_not contain_class('nova::wsgi::apache_api')
is_expected.to_not contain_class('nova::network::neutron')
}
end
@@ -88,7 +88,7 @@ eos
is_expected.to_not contain_class('nova::db::sync_cell_v2')
is_expected.to contain_class('nova::keystone::authtoken')
is_expected.to contain_class('nova::api')
- is_expected.to contain_class('nova::wsgi::apache_api')
+ #is_expected.to contain_class('nova::wsgi::apache_api')
is_expected.to contain_class('nova::network::neutron')
}
end