From ba4be683d4a0323a56d996f64907114e3d85fa4d Mon Sep 17 00:00:00 2001
From: Martin Schuppert <mschuppert@redhat.com>
Date: Mon, 20 Aug 2018 15:03:31 +0200
Subject: [PATCH] Enable nova metadata via httpd wsgi

Support for nova metadata api via wsgi was added in dependency.
This changes so that we test with running via wsgi.

With nova metadata api running via wsgi it is ssl terminated, also
neutron metadata agent does not support an ipv6 address for the
metadata_host, so we need to configure the neutron metadata agent
to connect via https to the nova metadata api.

Related-Bug: 1781405

Depends-On: Ic65736cb0e95c400a728cd699ecf06c6aecff832
Depends-On: I3d572dda2e90b7e24f2f8912d704462b9332d807

Change-Id: I03f4dcb7f40055d802b114ee305323c95975e4df
---
 manifests/neutron.pp | 20 +++++++++++++++++---
 manifests/nova.pp    | 13 +++++++++++--
 2 files changed, 28 insertions(+), 5 deletions(-)

diff --git a/manifests/neutron.pp b/manifests/neutron.pp
index f6cebd8c7..813a6e082 100644
--- a/manifests/neutron.pp
+++ b/manifests/neutron.pp
@@ -208,10 +208,24 @@ class openstack_integration::neutron (
     mechanism_drivers    => $driver,
     firewall_driver      => $firewall_driver,
   }
+
+  if $::openstack_integration::config::ssl {
+    # with nova metadata api running via wsgi it is ssl terminated, also
+    # neutron metadata agent does not support an ipv6 address for the
+    # metadata_host, so we need to use the hostname
+    $metadata_host     = 'localhost'
+    $metadata_protocol = 'https'
+  } else {
+    $metadata_host     = $::openstack_integration::config::host
+    $metadata_protocol = 'http'
+  }
+
   class { '::neutron::agents::metadata':
-    debug            => true,
-    shared_secret    => 'a_big_secret',
-    metadata_workers => 2,
+    debug             => true,
+    shared_secret     => 'a_big_secret',
+    metadata_workers  => 2,
+    metadata_host     => $metadata_host,
+    metadata_protocol => $metadata_protocol,
   }
   class { '::neutron::agents::lbaas':
     interface_driver => $driver,
diff --git a/manifests/nova.pp b/manifests/nova.pp
index 7c7d970c7..ff4656909 100644
--- a/manifests/nova.pp
+++ b/manifests/nova.pp
@@ -131,10 +131,12 @@ class openstack_integration::nova (
   }
   class { '::nova::api':
     api_bind_address                     => $::openstack_integration::config::host,
-    neutron_metadata_proxy_shared_secret => 'a_big_secret',
-    metadata_workers                     => 2,
     sync_db_api                          => true,
     service_name                         => 'httpd',
+    nova_metadata_wsgi_enabled           => true,
+  }
+  class { '::nova::metadata':
+    neutron_metadata_proxy_shared_secret => 'a_big_secret',
   }
   include ::apache
   class { '::nova::wsgi::apache_api':
@@ -144,6 +146,13 @@ class openstack_integration::nova (
     ssl       => $::openstack_integration::config::ssl,
     workers   => '2',
   }
+  class { '::nova::wsgi::apache_metadata':
+    bind_host => $::openstack_integration::config::ip_for_url,
+    ssl_key   => "/etc/nova/ssl/private/${::fqdn}.pem",
+    ssl_cert  => $::openstack_integration::params::cert_path,
+    ssl       => $::openstack_integration::config::ssl,
+    workers   => '2',
+  }
   if ($::os_package_type != 'debian') {
     class { '::nova::wsgi::apache_placement':
       bind_host => $::openstack_integration::config::ip_for_url,