From 5846e4d0b1346dc08268fcff7ae0afff1289e784 Mon Sep 17 00:00:00 2001
From: Dmitriy Rabotyagov <noonedeadpunk@ya.ru>
Date: Wed, 9 Feb 2022 09:41:55 +0200
Subject: [PATCH] Remove secure_proxy_ssl_header logic

According to nova doc, secure_proxy_ssl_header has been deprecated and
has no effect [1]. Since these variables are not used for other purpose
we drop them.

[1] https://docs.openstack.org/nova/latest/configuration/config.html#oslo_middleware.secure_proxy_ssl_header

Change-Id: Ibc3ac4f0f3fb038463748f8c1608fa475374cf67
---
 defaults/main.yml                                        | 6 ------
 releasenotes/notes/nova_ssl_header-c5d95a629a0a1df5.yaml | 6 ++++++
 templates/nova.conf.j2                                   | 4 +---
 3 files changed, 7 insertions(+), 9 deletions(-)
 create mode 100644 releasenotes/notes/nova_ssl_header-c5d95a629a0a1df5.yaml

diff --git a/defaults/main.yml b/defaults/main.yml
index 63269b50..41b713fd 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -291,12 +291,6 @@ nova_vencrypt_ca_certs: "/etc/pki/nova-novncproxy/ca-cert.pem"
 # it is possible to remove the none option from the list
 nova_vencrypt_auth_scheme: "vencrypt,none"
 
-# Set to true when terminating SSL/TLS at a load balancer
-nova_external_ssl: "{{ openstack_external_ssl | default(False) }}"
-
-# External SSL forwarding proto
-nova_secure_proxy_ssl_header: HTTP_X_FORWARDED_PROTO
-
 ## Nova global config
 nova_image_cache_manager_interval: 0
 
diff --git a/releasenotes/notes/nova_ssl_header-c5d95a629a0a1df5.yaml b/releasenotes/notes/nova_ssl_header-c5d95a629a0a1df5.yaml
new file mode 100644
index 00000000..b6456a88
--- /dev/null
+++ b/releasenotes/notes/nova_ssl_header-c5d95a629a0a1df5.yaml
@@ -0,0 +1,6 @@
+---
+deprecations:
+  - |
+    Variables ``nova_external_ssl`` and ``nova_secure_proxy_ssl_header``
+    have been removed since secure_proxy_ssl_header option from nova.conf
+    they controlled has been deprecated and has no effect.
diff --git a/templates/nova.conf.j2 b/templates/nova.conf.j2
index 3dd51e3c..cfe276a8 100644
--- a/templates/nova.conf.j2
+++ b/templates/nova.conf.j2
@@ -279,9 +279,7 @@ insecure = {{ keystone_service_adminuri_insecure | bool }}
 
 [wsgi]
 api_paste_config = /etc/nova/api-paste.ini
-{% if nova_external_ssl | bool %}
-secure_proxy_ssl_header = {{ nova_secure_proxy_ssl_header }}
-{% endif %}
+
 
 [api]
 use_forwarded_for = {{ nova_network_services[nova_network_type]['use_forwarded_for'] | bool }}