Merge "Enable nova metadata via httpd wsgi"

2018-09-20 15:13:56 +00:00 · 2018-09-20 15:13:56 +00:00 · 3fb3d56c73
commit 3fb3d56c73
parent dedc5ccd0d ba4be683d4
2 changed files with 28 additions and 5 deletions
--- a/manifests/neutron.pp
+++ b/manifests/neutron.pp
@ -208,10 +208,24 @@ class openstack_integration::neutron (
    mechanism_drivers    => $driver,
    firewall_driver      => $firewall_driver,
  }
+
+  if $::openstack_integration::config::ssl {
+    # with nova metadata api running via wsgi it is ssl terminated, also
+    # neutron metadata agent does not support an ipv6 address for the
+    # metadata_host, so we need to use the hostname
+    $metadata_host     = 'localhost'
+    $metadata_protocol = 'https'
+  } else {
+    $metadata_host     = $::openstack_integration::config::host
+    $metadata_protocol = 'http'
+  }
+
  class { '::neutron::agents::metadata':
    debug             => true,
    shared_secret     => 'a_big_secret',
    metadata_workers  => 2,
+    metadata_host     => $metadata_host,
+    metadata_protocol => $metadata_protocol,
  }
  class { '::neutron::agents::lbaas':
    interface_driver => $driver,
--- a/manifests/nova.pp
+++ b/manifests/nova.pp
@ -131,10 +131,12 @@ class openstack_integration::nova (
  }
  class { '::nova::api':
    api_bind_address                     => $::openstack_integration::config::host,
-    neutron_metadata_proxy_shared_secret => 'a_big_secret',
-    metadata_workers                     => 2,
    sync_db_api                          => true,
    service_name                         => 'httpd',
+    nova_metadata_wsgi_enabled           => true,
+  }
+  class { '::nova::metadata':
+    neutron_metadata_proxy_shared_secret => 'a_big_secret',
  }
  include ::apache
  class { '::nova::wsgi::apache_api':
@ -144,6 +146,13 @@ class openstack_integration::nova (
    ssl       => $::openstack_integration::config::ssl,
    workers   => '2',
  }
+  class { '::nova::wsgi::apache_metadata':
+    bind_host => $::openstack_integration::config::ip_for_url,
+    ssl_key   => "/etc/nova/ssl/private/${::fqdn}.pem",
+    ssl_cert  => $::openstack_integration::params::cert_path,
+    ssl       => $::openstack_integration::config::ssl,
+    workers   => '2',
+  }
  if ($::os_package_type != 'debian') {
    class { '::nova::wsgi::apache_placement':
      bind_host => $::openstack_integration::config::ip_for_url,