From 2fc0afec71393e82d45d82f964aaf90a029af360 Mon Sep 17 00:00:00 2001
From: Dmitriy Rabotyagov <dmitriy.rabotyagov@citynetwork.eu>
Date: Wed, 28 Oct 2020 17:16:59 +0200
Subject: [PATCH] Cover nova metadata with SSL

We should also cover nova metadata endpoint with SSL in case
haproxy_ssl_all_vips is set to true.

This also places nova_metadata_* variables under correct scope, since
the only place they are used is
neutron hosts

Change-Id: Ie05e07624b204c92f02e05d6d8c8d02ab8ff9008
---
 inventory/group_vars/all/nova.yml        | 4 ++--
 inventory/group_vars/haproxy/haproxy.yml | 3 ++-
 inventory/group_vars/nova_all.yml        | 2 --
 3 files changed, 4 insertions(+), 5 deletions(-)

diff --git a/inventory/group_vars/all/nova.yml b/inventory/group_vars/all/nova.yml
index 22d7bde8cd..b8c270effd 100644
--- a/inventory/group_vars/all/nova.yml
+++ b/inventory/group_vars/all/nova.yml
@@ -13,12 +13,12 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-nova_service_port: 8774
 # Consumed by Neutron role and must remained scoped to 'all' group
 nova_metadata_port: 8775
+nova_metadata_protocol: "{{ openstack_service_internaluri_proto | default('http') }}"
+nova_metadata_insecure: "{{ keystone_service_internaluri_insecure | default(False) }}"
 nova_service_region: "{{ service_region }}"
 nova_service_user_name: nova
 nova_service_project_name: service
 nova_service_project_domain_id: default
 nova_service_user_domain_id: default
-nova_keystone_auth_plugin: password
diff --git a/inventory/group_vars/haproxy/haproxy.yml b/inventory/group_vars/haproxy/haproxy.yml
index d9e2b4a97a..f133b06619 100644
--- a/inventory/group_vars/haproxy/haproxy.yml
+++ b/inventory/group_vars/haproxy/haproxy.yml
@@ -136,7 +136,8 @@ haproxy_default_services:
       haproxy_backend_nodes: "{{ groups['nova_api_metadata'] | default([]) }}"
       haproxy_bind: "{{ [internal_lb_vip_address] }}"
       haproxy_port: 8775
-      haproxy_ssl: False
+      haproxy_ssl: "{{ haproxy_ssl_all_vips }}"
+      haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}"
       haproxy_balance_type: http
       haproxy_backend_options:
         - "httpchk HEAD / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck"
diff --git a/inventory/group_vars/nova_all.yml b/inventory/group_vars/nova_all.yml
index 9b87576ba7..def45531d1 100644
--- a/inventory/group_vars/nova_all.yml
+++ b/inventory/group_vars/nova_all.yml
@@ -15,8 +15,6 @@
 
 nova_service_port: 8774
 nova_service_proto: http
-nova_metadata_protocol: "{{ openstack_service_internaluri_proto | default(nova_service_proto) }}"
-nova_metadata_insecure: False
 nova_service_adminuri_proto: "{{ openstack_service_adminuri_proto | default(nova_service_proto) }}"
 nova_service_adminuri: "{{ nova_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ nova_service_port }}"
 nova_service_adminurl: "{{ nova_service_adminuri }}/v2.1"