Don't generate 10-neutron_wsgi.conf with internal tls

When internal TLS is enabled we use a proxy in front of neutron server. Config generated in change I302558e718ce35c4d632137c5efa08f502939b40 conflicts with the one generated for tls_proxy. Till we convert neutron_api to be deployed with httpd, let's generate the wsgi config only when enable_internal_tls is false. Closes-Bug: #1936776 Change-Id: I2901ea548332a043a8ffeb268f3a0ccbca265377
2021-07-21 08:42:04 +05:30 · 2021-07-21 08:42:04 +05:30 · fb9ba4b89c
parent eb27e5092b
commit fb9ba4b89c
1 changed files with 7 additions and 5 deletions
--- a/manifests/profile/base/neutron/server.pp
+++ b/manifests/profile/base/neutron/server.pp
@ -120,6 +120,7 @@ class tripleo::profile::base::neutron::server (
  }

  if $step >= 4 or ($step >= 3 and $sync_db) {
+    include tripleo::profile::base::apache
    if $enable_internal_tls {
      if !$neutron_network {
        fail('neutron_api_network is not set in the hieradata.')
@ -136,14 +137,15 @@ class tripleo::profile::base::neutron::server (
      }
      Tripleo::Tls_proxy['neutron-api'] ~> Anchor<| title == 'neutron::service::begin' |>
    }
+    else {
+      class { 'neutron::wsgi::apache':
+        ssl_cert => $tls_certfile,
+        ssl_key  => $tls_keyfile,
+      }
+    }
    if $designate_api_enabled {
      include neutron::designate
    }
-    include tripleo::profile::base::apache
-    class { 'neutron::wsgi::apache':
-      ssl_cert => $tls_certfile,
-      ssl_key  => $tls_keyfile,
-    }
  }
  # We start neutron-server on the bootstrap node first, because
  # it will try to populate tables and we need to make sure this happens