From 22c5d341776c02dfafab1f58f68a852da34f3692 Mon Sep 17 00:00:00 2001 From: Emilien Macchi Date: Fri, 3 Feb 2017 10:40:41 -0500 Subject: Stop deploying Nova API in WSGI with Apache It was suggested by Nova team to not deploying Nova API in WSGI with Apache in production. It's causing some issues that we didn't catch until now (see in the bug report). Until we figure out what was wrong, let's disable it so we can move forward in the upgrade process. Related-Bug: 1661360 Co-Authored-By: Juan Antonio Osorio Robles Change-Id: Ia87b5bdea79e500ed41c30beb9aa9d6be302e3ac --- manifests/profile/base/nova/api.pp | 37 +++++++++++++++++++------------------ 1 file changed, 19 insertions(+), 18 deletions(-) (limited to 'manifests/profile/base/nova') diff --git a/manifests/profile/base/nova/api.pp b/manifests/profile/base/nova/api.pp index 83baae2..99911d2 100644 --- a/manifests/profile/base/nova/api.pp +++ b/manifests/profile/base/nova/api.pp @@ -70,21 +70,6 @@ class tripleo::profile::base::nova::api ( include ::tripleo::profile::base::nova - if $enable_internal_tls { - if $generate_service_certificates { - ensure_resources('tripleo::certmonger::httpd', $certificates_specs) - } - - if !$nova_api_network { - fail('nova_api_network is not set in the hieradata.') - } - $tls_certfile = $certificates_specs["httpd-${nova_api_network}"]['service_certificate'] - $tls_keyfile = $certificates_specs["httpd-${nova_api_network}"]['service_key'] - } else { - $tls_certfile = undef - $tls_keyfile = undef - } - if $step >= 3 and $sync_db { include ::nova::cell_v2::simple_setup } @@ -105,9 +90,25 @@ class tripleo::profile::base::nova::api ( sync_db => $sync_db, sync_db_api => $sync_db, } - class { '::nova::wsgi::apache_api': - ssl_cert => $tls_certfile, - ssl_key => $tls_keyfile, + if hiera('nova_wsgi_enabled', true) { + if $enable_internal_tls { + if $generate_service_certificates { + ensure_resources('tripleo::certmonger::httpd', $certificates_specs) + } + + if !$nova_api_network { + fail('nova_api_network is not set in the hieradata.') + } + $tls_certfile = $certificates_specs["httpd-${nova_api_network}"]['service_certificate'] + $tls_keyfile = $certificates_specs["httpd-${nova_api_network}"]['service_key'] + } else { + $tls_certfile = undef + $tls_keyfile = undef + } + class { '::nova::wsgi::apache_api': + ssl_cert => $tls_certfile, + ssl_key => $tls_keyfile, + } } include ::nova::network::neutron } -- cgit 1.2.3-korg