From 7c1ce39496b66f00c33a9ac8d5a4c06a894857a7 Mon Sep 17 00:00:00 2001
From: Kim soo <popododo0720@naver.com>
Date: Wed, 11 Mar 2026 10:15:05 +0900
Subject: [PATCH] Fix keystone WSGI script path in TLS override

The tls.yaml override for keystone references keystone-wsgi-public
as the WSGI script, but since 2025.1-ubuntu_noble the script was
renamed to wsgi.py. This causes Apache to fail with
"Target WSGI script not found" when TLS is enabled.

Fix tls.yaml directly to:
- Use the correct script path /var/www/cgi-bin/keystone/wsgi.py
- Reuse $portInt variable instead of duplicate endpoint_port_lookup
- Move ErrorLogFormat/ErrorLog before VirtualHost to match values.yaml

Change-Id: I40b2d20f1aace07c8f1754902c4fad256d844800
Signed-off-by: Kim soo <popododo0720@naver.com>
---
 values_overrides/keystone/tls.yaml | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/values_overrides/keystone/tls.yaml b/values_overrides/keystone/tls.yaml
index 17bd336f49..c4ed1b78d6 100644
--- a/values_overrides/keystone/tls.yaml
+++ b/values_overrides/keystone/tls.yaml
@@ -36,12 +36,14 @@ conf:
     SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
     CustomLog /dev/stdout combined env=!forwarded
     CustomLog /dev/stdout proxy env=forwarded
+    ErrorLogFormat "%{cu}t %M"
+    ErrorLog /dev/stdout
 
-    <VirtualHost *:{{ tuple "identity" "service" "api" $ | include "helm-toolkit.endpoints.endpoint_port_lookup" }}>
+    <VirtualHost *:{{ $portInt }}>
       ServerName {{ printf "%s.%s.svc.%s" "keystone-api" .Release.Namespace .Values.endpoints.cluster_domain_suffix }}
       WSGIDaemonProcess keystone-public processes=1 threads=1 user=keystone group=keystone display-name=%{GROUP}
       WSGIProcessGroup keystone-public
-      WSGIScriptAlias / /var/www/cgi-bin/keystone/keystone-wsgi-public
+      WSGIScriptAlias / /var/www/cgi-bin/keystone/wsgi.py
       WSGIApplicationGroup %{GLOBAL}
       WSGIPassAuthorization On
       ErrorLogFormat "%{cu}t %M"