Do not create metadata ssl proxy if we have metadata api via httpd wsgi
With nova metadata api running via wsgi we do not need the ssl proxy when
configure tls-everywhere as we terminate ssl direct in the httpd wsgi.
With this change we only create the ssl proxy vhost if we do not run nova
metadata via wsgi.
Related-Bug: 1781405
Change-Id: Ia0e769925812e91679631bdd631030ab12ceff01
(cherry picked from commit a8bef7a313
)
This commit is contained in:
parent
501f10c485
commit
91e1ff0940
|
@ -102,7 +102,7 @@ class tripleo::profile::base::nova::api (
|
|||
}
|
||||
|
||||
if $step >= 4 or ($step >= 3 and $sync_db) {
|
||||
if $enable_internal_tls and !$nova_api_wsgi_enabled {
|
||||
if $enable_internal_tls and !$nova_api_wsgi_enabled and !$nova_metadata_wsgi_enabled {
|
||||
if !$nova_metadata_network {
|
||||
fail('nova_metadata_network is not set in the hieradata.')
|
||||
}
|
||||
|
|
|
@ -0,0 +1,7 @@
|
|||
---
|
||||
fixes:
|
||||
- |
|
||||
With nova metadata api running via wsgi we do not need the ssl proxy when
|
||||
configure tls-everywhere as we terminate ssl direct in the httpd wsgi.
|
||||
With this change we only create the ssl proxy vhost if we do not run nova
|
||||
metadata via wsgi.
|
Loading…
Reference in New Issue