Merge "Do not create metadata ssl proxy if we have metadata api via httpd wsgi"

2018-10-06 21:20:48 +00:00 · 2018-10-06 21:20:48 +00:00 · 555f0a0718
commit 555f0a0718
parent b677211d52 a8bef7a313
2 changed files with 8 additions and 1 deletions
--- a/manifests/profile/base/nova/api.pp
+++ b/manifests/profile/base/nova/api.pp
@ -102,7 +102,7 @@ class tripleo::profile::base::nova::api (
  }

  if $step >= 4 or ($step >= 3 and $sync_db) {
-    if $enable_internal_tls and !$nova_api_wsgi_enabled {
+    if $enable_internal_tls and !$nova_api_wsgi_enabled and !$nova_metadata_wsgi_enabled {
      if !$nova_metadata_network {
        fail('nova_metadata_network is not set in the hieradata.')
      }
--- a/releasenotes/notes/nova-metadata-wsgi-ssl-a64c2b9a99deb7a9.yaml
+++ b/releasenotes/notes/nova-metadata-wsgi-ssl-a64c2b9a99deb7a9.yaml
@ -0,0 +1,7 @@
+---
+fixes:
+  - |
+    With nova metadata api running via wsgi we do not need the ssl proxy when
+    configure tls-everywhere as we terminate ssl direct in the httpd wsgi.
+    With this change we only create the ssl proxy vhost if we do not run nova
+    metadata via wsgi.