From c3dde5720f6aef37f4faaf8afbbd433514a6581f Mon Sep 17 00:00:00 2001
From: Kim soo <popododo0720@naver.com>
Date: Wed, 11 Mar 2026 11:25:18 +0900
Subject: [PATCH] Fix cinder WSGI script path in TLS override

Update WSGIScriptAlias to use /var/lib/openstack/bin/cinder-wsgi
which is the correct path in 2025.1 Ubuntu Noble containers where
packages are installed via pip into a virtualenv instead of system
packages. Add Directory block to grant Apache access to the new path.

Signed-off-by: Kim soo <popododo0720@naver.com>
Change-Id: I8af281c842e2d76e59c485096a9c99eb3fb71510
---
 cinder/templates/bin/_cinder-api.sh.tpl | 4 ----
 cinder/templates/deployment-api.yaml    | 4 ----
 values_overrides/cinder/tls.yaml        | 5 ++++-
 3 files changed, 4 insertions(+), 9 deletions(-)

diff --git a/cinder/templates/bin/_cinder-api.sh.tpl b/cinder/templates/bin/_cinder-api.sh.tpl
index 73ae571845..cb061707d9 100644
--- a/cinder/templates/bin/_cinder-api.sh.tpl
+++ b/cinder/templates/bin/_cinder-api.sh.tpl
@@ -19,10 +19,6 @@ COMMAND="${@:-start}"
 
 function start () {
 {{- if .Values.manifests.certificates }}
-  for WSGI_SCRIPT in cinder-wsgi; do
-    cp -a $(type -p ${WSGI_SCRIPT}) /var/www/cgi-bin/cinder/
-  done
-
   if [ -f /etc/apache2/envvars ]; then
     # Loading Apache2 ENV variables
     source /etc/apache2/envvars
diff --git a/cinder/templates/deployment-api.yaml b/cinder/templates/deployment-api.yaml
index 871ad23d16..f645943cdf 100644
--- a/cinder/templates/deployment-api.yaml
+++ b/cinder/templates/deployment-api.yaml
@@ -123,8 +123,6 @@ spec:
               mountPath: /tmp
             - name: oslo-lock-path
               mountPath: {{ .Values.conf.cinder.oslo_concurrency.lock_path }}
-            - name: wsgi-cinder
-              mountPath: /var/www/cgi-bin/cinder
             - name: cinder-bin
               mountPath: /tmp/cinder-api.sh
               subPath: cinder-api.sh
@@ -191,8 +189,6 @@ spec:
           emptyDir: {}
         - name: oslo-lock-path
           emptyDir: {}
-        - name: wsgi-cinder
-          emptyDir: {}
         - name: cinder-bin
           configMap:
             name: cinder-bin
diff --git a/values_overrides/cinder/tls.yaml b/values_overrides/cinder/tls.yaml
index f63b090146..ff74681f05 100644
--- a/values_overrides/cinder/tls.yaml
+++ b/values_overrides/cinder/tls.yaml
@@ -35,11 +35,14 @@ conf:
   wsgi_cinder: |
     {{- $portInt := tuple "volume" "internal" "api" $ | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
     Listen {{ $portInt }}
+    <Directory /var/lib/openstack/bin>
+        Require all granted
+    </Directory>
     <VirtualHost *:{{ $portInt }}>
       ServerName {{ printf "%s.%s.svc.%s" "cinder-api" .Release.Namespace .Values.endpoints.cluster_domain_suffix }}
       WSGIDaemonProcess cinder-api processes=1 threads=1 user=cinder display-name=%{GROUP}
       WSGIProcessGroup cinder-api
-      WSGIScriptAlias /  /var/www/cgi-bin/cinder/cinder-wsgi
+      WSGIScriptAlias /  /var/lib/openstack/bin/cinder-wsgi
       WSGIApplicationGroup %{GLOBAL}
       WSGIPassAuthorization On
       AllowEncodedSlashes On