openstack
/
puppet-tripleo
Code Issues Proposed changes

Do not create metadata ssl proxy if we have metadata api via httpd wsgi 

With nova metadata api running via wsgi we do not need the ssl proxy when
configure tls-everywhere as we terminate ssl direct in the httpd wsgi.
With this change we only create the ssl proxy vhost if we do not run nova
metadata via wsgi.

Related-Bug: 1781405

Change-Id: Ia0e769925812e91679631bdd631030ab12ceff01
(cherry picked from commit a8bef7a313)
This commit is contained in:
Martin Schuppert 2018-08-22 10:29:07 +02:00
parent 501f10c485
commit 91e1ff0940
2 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
manifests/profile/base/nova/api.pp
View File

@ -102,7 +102,7 @@ class tripleo::profile::base::nova::api (
}
if $step >= 4 or ($step >= 3 and $sync_db) {
if $enable_internal_tls and !$nova_api_wsgi_enabled {
if $enable_internal_tls and !$nova_api_wsgi_enabled and !$nova_metadata_wsgi_enabled {
if !$nova_metadata_network {
fail('nova_metadata_network is not set in the hieradata.')
}

7
releasenotes/notes/nova-metadata-wsgi-ssl-a64c2b9a99deb7a9.yaml Normal file
View File

@ -0,0 +1,7 @@
---
fixes:
- |
With nova metadata api running via wsgi we do not need the ssl proxy when
configure tls-everywhere as we terminate ssl direct in the httpd wsgi.
With this change we only create the ssl proxy vhost if we do not run nova
metadata via wsgi.