From 3dcb6ad809510c774654df988941fa3e17ecc362 Mon Sep 17 00:00:00 2001 From: Michal Nasiadka Date: Tue, 4 Jan 2022 16:19:55 +0100 Subject: [PATCH] nova: disable external metadata haproxy frontend We are not using it anywhere (metadata agents are using internal network), so let's disable it by default. Change-Id: If06db5030b0f09e20ef506c3b3ab39c3573b5f3d --- ansible/roles/nova/defaults/main.yml | 4 +++- .../disable-nova-external-metadata-09ba131cf9258be9.yaml | 9 +++++++++ 2 files changed, 12 insertions(+), 1 deletion(-) create mode 100644 releasenotes/notes/disable-nova-external-metadata-09ba131cf9258be9.yaml diff --git a/ansible/roles/nova/defaults/main.yml b/ansible/roles/nova/defaults/main.yml index 543babf00c..af42eaa439 100644 --- a/ansible/roles/nova/defaults/main.yml +++ b/ansible/roles/nova/defaults/main.yml @@ -34,7 +34,7 @@ nova_services: listen_port: "{{ nova_metadata_listen_port }}" tls_backend: "{{ nova_enable_tls_backend }}" nova_metadata_external: - enabled: "{{ enable_nova }}" + enabled: "{{ nova_enable_external_metadata }}" mode: "http" external: true port: "{{ nova_metadata_port }}" @@ -191,6 +191,8 @@ nova_safety_upgrade: "no" nova_services_require_policy_json: - nova-api +nova_enable_external_metadata: "no" + #################### # Keystone #################### diff --git a/releasenotes/notes/disable-nova-external-metadata-09ba131cf9258be9.yaml b/releasenotes/notes/disable-nova-external-metadata-09ba131cf9258be9.yaml new file mode 100644 index 0000000000..375e6ee2d0 --- /dev/null +++ b/releasenotes/notes/disable-nova-external-metadata-09ba131cf9258be9.yaml @@ -0,0 +1,9 @@ +--- +features: + - | + Introduce ``nova_enable_external_metadata`` that defaults to ``no`` to + control if external facing metadata haproxy frontend should be configured. +upgrade: + - | + External Nova metadata service is now disabled by default. It can be + enabled by setting ``nova_enable_external_metadata`` to ``yes``.