Merge "Cover nova metadata with SSL"

This commit is contained in:
Zuul 2020-12-01 22:40:00 +00:00 committed by Gerrit Code Review
commit 6e23840e88
3 changed files with 4 additions and 5 deletions

View File

@ -13,12 +13,12 @@
# See the License for the specific language governing permissions and
# limitations under the License.
nova_service_port: 8774
# Consumed by Neutron role and must remained scoped to 'all' group
nova_metadata_port: 8775
nova_metadata_protocol: "{{ openstack_service_internaluri_proto | default('http') }}"
nova_metadata_insecure: "{{ keystone_service_internaluri_insecure | default(False) }}"
nova_service_region: "{{ service_region }}"
nova_service_user_name: nova
nova_service_project_name: service
nova_service_project_domain_id: default
nova_service_user_domain_id: default
nova_keystone_auth_plugin: password

View File

@ -138,7 +138,8 @@ haproxy_default_services:
haproxy_backend_nodes: "{{ groups['nova_api_metadata'] | default([]) }}"
haproxy_bind: "{{ [internal_lb_vip_address] }}"
haproxy_port: 8775
haproxy_ssl: False
haproxy_ssl: "{{ haproxy_ssl_all_vips }}"
haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}"
haproxy_balance_type: http
haproxy_backend_options:
- "httpchk HEAD / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck"

View File

@ -15,8 +15,6 @@
nova_service_port: 8774
nova_service_proto: http
nova_metadata_protocol: "{{ openstack_service_internaluri_proto | default(nova_service_proto) }}"
nova_metadata_insecure: False
nova_service_adminuri_proto: "{{ openstack_service_adminuri_proto | default(nova_service_proto) }}"
nova_service_adminuri: "{{ nova_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ nova_service_port }}"
nova_service_adminurl: "{{ nova_service_adminuri }}/v2.1"