2 files changed, 21 insertions, 20 deletions

diff --git a/manifests/haproxy.pp b/manifests/haproxy.pp
index e1c44ee..42de8ba 100644
--- a/manifests/haproxy.pp
+++ b/manifests/haproxy.pp
@@ -1044,7 +1044,7 @@ class tripleo::haproxy (
       },
       public_ssl_port   => $ports[nova_api_ssl_port],
       service_network   => $nova_osapi_network,
-      member_options    => union($haproxy_member_options, $internal_tls_member_options),
+      #member_options    => union($haproxy_member_options, $internal_tls_member_options),
     }
   }
 
@@ -1064,7 +1064,7 @@ class tripleo::haproxy (
       },
       public_ssl_port   => $ports[nova_placement_ssl_port],
       service_network   => $nova_placement_network,
-      member_options    => union($haproxy_member_options, $internal_tls_member_options),
+      #member_options    => union($haproxy_member_options, $internal_tls_member_options),
     }
   }
 
diff --git a/manifests/profile/base/nova/api.pp b/manifests/profile/base/nova/api.pp
index 83baae2..99911d2 100644
--- a/manifests/profile/base/nova/api.pp
+++ b/manifests/profile/base/nova/api.pp
@@ -70,21 +70,6 @@ class tripleo::profile::base::nova::api (
 
   include ::tripleo::profile::base::nova
 
-  if $enable_internal_tls {
-    if $generate_service_certificates {
-      ensure_resources('tripleo::certmonger::httpd', $certificates_specs)
-    }
-
-    if !$nova_api_network {
-      fail('nova_api_network is not set in the hieradata.')
-    }
-    $tls_certfile = $certificates_specs["httpd-${nova_api_network}"]['service_certificate']
-    $tls_keyfile = $certificates_specs["httpd-${nova_api_network}"]['service_key']
-  } else {
-    $tls_certfile = undef
-    $tls_keyfile = undef
-  }
-
   if $step >= 3 and $sync_db {
     include ::nova::cell_v2::simple_setup
   }
@@ -105,9 +90,25 @@ class tripleo::profile::base::nova::api (
       sync_db     => $sync_db,
       sync_db_api => $sync_db,
     }
-    class { '::nova::wsgi::apache_api':
-      ssl_cert => $tls_certfile,
-      ssl_key  => $tls_keyfile,
+    if hiera('nova_wsgi_enabled', true) {
+      if $enable_internal_tls {
+        if $generate_service_certificates {
+          ensure_resources('tripleo::certmonger::httpd', $certificates_specs)
+        }
+
+        if !$nova_api_network {
+          fail('nova_api_network is not set in the hieradata.')
+        }
+        $tls_certfile = $certificates_specs["httpd-${nova_api_network}"]['service_certificate']
+        $tls_keyfile = $certificates_specs["httpd-${nova_api_network}"]['service_key']
+      } else {
+        $tls_certfile = undef
+        $tls_keyfile = undef
+      }
+      class { '::nova::wsgi::apache_api':
+        ssl_cert => $tls_certfile,
+        ssl_key  => $tls_keyfile,
+      }
     }
     include ::nova::network::neutron
   }