From 22c5d341776c02dfafab1f58f68a852da34f3692 Mon Sep 17 00:00:00 2001
From: Emilien Macchi <emilien@redhat.com>
Date: Fri, 3 Feb 2017 10:40:41 -0500
Subject: Stop deploying Nova API in WSGI with Apache

It was suggested by Nova team to not deploying Nova API in WSGI with
Apache in production.
It's causing some issues that we didn't catch until now (see in the bug
report). Until we figure out what was wrong, let's disable it so we can
move forward in the upgrade process.

Related-Bug: 1661360

Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com>
Change-Id: Ia87b5bdea79e500ed41c30beb9aa9d6be302e3ac
---
 manifests/profile/base/nova/api.pp | 37 +++++++++++++++++++------------------
 1 file changed, 19 insertions(+), 18 deletions(-)

(limited to 'manifests/profile/base/nova')

diff --git a/manifests/profile/base/nova/api.pp b/manifests/profile/base/nova/api.pp
index 83baae2..99911d2 100644
--- a/manifests/profile/base/nova/api.pp
+++ b/manifests/profile/base/nova/api.pp
@@ -70,21 +70,6 @@ class tripleo::profile::base::nova::api (
 
   include ::tripleo::profile::base::nova
 
-  if $enable_internal_tls {
-    if $generate_service_certificates {
-      ensure_resources('tripleo::certmonger::httpd', $certificates_specs)
-    }
-
-    if !$nova_api_network {
-      fail('nova_api_network is not set in the hieradata.')
-    }
-    $tls_certfile = $certificates_specs["httpd-${nova_api_network}"]['service_certificate']
-    $tls_keyfile = $certificates_specs["httpd-${nova_api_network}"]['service_key']
-  } else {
-    $tls_certfile = undef
-    $tls_keyfile = undef
-  }
-
   if $step >= 3 and $sync_db {
     include ::nova::cell_v2::simple_setup
   }
@@ -105,9 +90,25 @@ class tripleo::profile::base::nova::api (
       sync_db     => $sync_db,
       sync_db_api => $sync_db,
     }
-    class { '::nova::wsgi::apache_api':
-      ssl_cert => $tls_certfile,
-      ssl_key  => $tls_keyfile,
+    if hiera('nova_wsgi_enabled', true) {
+      if $enable_internal_tls {
+        if $generate_service_certificates {
+          ensure_resources('tripleo::certmonger::httpd', $certificates_specs)
+        }
+
+        if !$nova_api_network {
+          fail('nova_api_network is not set in the hieradata.')
+        }
+        $tls_certfile = $certificates_specs["httpd-${nova_api_network}"]['service_certificate']
+        $tls_keyfile = $certificates_specs["httpd-${nova_api_network}"]['service_key']
+      } else {
+        $tls_certfile = undef
+        $tls_keyfile = undef
+      }
+      class { '::nova::wsgi::apache_api':
+        ssl_cert => $tls_certfile,
+        ssl_key  => $tls_keyfile,
+      }
     }
     include ::nova::network::neutron
   }
-- 
cgit 1.2.3-korg