Enable nova-api to run over httpd again

This is needed for TLS everywhere. Change-Id: Iac35b7ddcd8a800901548c75ca8d5083ad17e4d3 Depends-On: I426bfdb9e6c852eb32d10a12e521bb8b47701c41
2017-06-14 12:22:50 +03:00 · 2017-06-14 12:22:50 +03:00 · 47d1794abe
parent 9ac589295f
commit 47d1794abe
2 changed files with 111 additions and 112 deletions
--- a/docker/services/nova-api.yaml
+++ b/docker/services/nova-api.yaml
@ -62,6 +62,9 @@ outputs:
        map_merge:
          - get_attr: [NovaApiBase, role_data, config_settings]
          - apache::default_vhost: false
+            nova_wsgi_enabled: false
+            nova::api::service_name: '%{::nova::params::api_service_name}'
+            nova::wsgi::apache_api::ssl: false
      step_config: &step_config
        list_join:
          - "\n"
--- a/puppet/services/nova-api.yaml
+++ b/puppet/services/nova-api.yaml
@ -81,17 +81,15 @@ conditions:
  nova_workers_zero: {equals : [{get_param: NovaWorkers}, 0]}

 resources:
-  # Temporarily disable Nova API deployed in WSGI
-  # https://bugs.launchpad.net/nova/+bug/1661360
-  # ApacheServiceBase:
-  #   type: ./apache.yaml
-  #   properties:
-  #     ServiceNetMap: {get_param: ServiceNetMap}
-  #     DefaultPasswords: {get_param: DefaultPasswords}
-  #     EndpointMap: {get_param: EndpointMap}
-  #     RoleName: {get_param: RoleName}
-  #     RoleParameters: {get_param: RoleParameters}
-  #     EnableInternalTLS: {get_param: EnableInternalTLS}
+  ApacheServiceBase:
+    type: ./apache.yaml
+    properties:
+      ServiceNetMap: {get_param: ServiceNetMap}
+      DefaultPasswords: {get_param: DefaultPasswords}
+      EndpointMap: {get_param: EndpointMap}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
+      EnableInternalTLS: {get_param: EnableInternalTLS}

  NovaBase:
    type: ./nova-base.yaml
@ -114,9 +112,7 @@ outputs:
      config_settings:
        map_merge:
        - get_attr: [NovaBase, role_data, config_settings]
-        # Temporarily disable Nova API deployed in WSGI
-        # https://bugs.launchpad.net/nova/+bug/1661360
-        # - get_attr: [ApacheServiceBase, role_data, config_settings]
+        - get_attr: [ApacheServiceBase, role_data, config_settings]
        - nova::cron::archive_deleted_rows::hour: '*/12'
          nova::cron::archive_deleted_rows::destination: '/dev/null'
          tripleo.nova_api.firewall_rules:
@ -143,23 +139,21 @@ outputs:
                "%{hiera('fqdn_$NETWORK')}"
              params:
                $NETWORK: {get_param: [ServiceNetMap, NovaApiNetwork]}
-          # Temporarily disable Nova API deployed in WSGI
-          # https://bugs.launchpad.net/nova/+bug/1661360
-          nova_wsgi_enabled: false
-          # nova::api::service_name: 'httpd'
-          # nova::wsgi::apache_api::ssl: {get_param: EnableInternalTLS}
+          nova_wsgi_enabled: true
+          nova::api::service_name: 'httpd'
+          nova::wsgi::apache_api::ssl: {get_param: EnableInternalTLS}
          # NOTE: bind IP is found in Heat replacing the network name with the local node IP
          # for the given network; replacement examples (eg. for internal_api):
          # internal_api -> IP
          # internal_api_uri -> [IP]
          # internal_api_subnet - > IP/CIDR
-          # nova::wsgi::apache_api::bind_host: {get_param: [ServiceNetMap, NovaApiNetwork]}
-          # nova::wsgi::apache_api::servername:
-          #   str_replace:
-          #     template:
-          #       "%{hiera('fqdn_$NETWORK')}"
-          #     params:
-          #       $NETWORK: {get_param: [ServiceNetMap, NovaApiNetwork]}
+          nova::wsgi::apache_api::bind_host: {get_param: [ServiceNetMap, NovaApiNetwork]}
+          nova::wsgi::apache_api::servername:
+            str_replace:
+              template:
+                "%{hiera('fqdn_$NETWORK')}"
+              params:
+                $NETWORK: {get_param: [ServiceNetMap, NovaApiNetwork]}
          nova::api::neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
          nova::api::instance_name_template: {get_param: InstanceNameTemplate}
          nova_enable_db_purge: {get_param: NovaEnableDBPurge}
@ -169,9 +163,7 @@ outputs:
          - nova_workers_zero
          - {}
          - nova::api::osapi_compute_workers: {get_param: NovaWorkers}
-          # Temporarily disable Nova API deployed in WSGI
-          # https://bugs.launchpad.net/nova/+bug/1661360
-          # nova::wsgi::apache_api::workers: {get_param: NovaWorkers}
+            nova::wsgi::apache_api::workers: {get_param: NovaWorkers}
      step_config: |
        include tripleo::profile::base::nova::api
      service_config_settings:
@ -199,87 +191,91 @@ outputs:
          nova::keystone::auth::admin_url: {get_param: [EndpointMap, NovaAdmin, uri]}
          nova::keystone::auth::password: {get_param: NovaPassword}
          nova::keystone::auth::region: {get_param: KeystoneRegion}
-      # Temporarily disable Nova API deployed in WSGI
-      # https://bugs.launchpad.net/nova/+bug/1661360
-      # metadata_settings:
-      #   get_attr: [ApacheServiceBase, role_data, metadata_settings]
+      metadata_settings:
+        get_attr: [ApacheServiceBase, role_data, metadata_settings]
      upgrade_tasks:
-        - name: get bootstrap nodeid
-          tags: common
-          command: hiera bootstrap_nodeid
-          register: bootstrap_node
-        - name: set is_bootstrap_node fact
-          tags: common
-          set_fact: is_bootstrap_node={{bootstrap_node.stdout|lower == ansible_hostname|lower}}
-        - name: Extra migration for nova tripleo/+bug/1656791
-          tags: step0,pre-upgrade
-          when: is_bootstrap_node
-          command: nova-manage db online_data_migrations
-        - name: Stop and disable nova_api service (pre-upgrade not under httpd)
-          tags: step2
-          service: name=openstack-nova-api state=stopped enabled=no
-        - name: Create puppet manifest to set transport_url in nova.conf
-          tags: step5
-          when: is_bootstrap_node
-          copy:
-            dest: /root/nova-api_upgrade_manifest.pp
-            mode: 0600
-            content: >
-              $transport_url = os_transport_url({
-                'transport' => hiera('messaging_service_name', 'rabbit'),
-                'hosts'     => any2array(hiera('rabbitmq_node_names', undef)),
-                'port'      => sprintf('%s',hiera('nova::rabbit_port', '5672') ),
-                'username'  => hiera('nova::rabbit_userid', 'guest'),
-                'password'  => hiera('nova::rabbit_password'),
-                'ssl'       => sprintf('%s', bool2num(str2bool(hiera('nova::rabbit_use_ssl', '0'))))
-              })
-              oslo::messaging::default { 'nova_config':
-                transport_url => $transport_url
-              }
-        - name: Run puppet apply to set tranport_url in nova.conf
-          tags: step5
-          when: is_bootstrap_node
-          command: puppet apply --modulepath /etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules --detailed-exitcodes /root/nova-api_upgrade_manifest.pp
-          register: puppet_apply_nova_api_upgrade
-          failed_when: puppet_apply_nova_api_upgrade.rc not in [0,2]
-          changed_when: puppet_apply_nova_api_upgrade.rc == 2
-        - name: Setup cell_v2 (map cell0)
-          tags: step5
-          when: is_bootstrap_node
-          shell: nova-manage cell_v2 map_cell0 --database_connection=$(hiera nova::cell0_database_connection)
-        - name: Setup cell_v2 (create default cell)
-          tags: step5
-          when: is_bootstrap_node
-          # (owalsh) puppet-nova expects the cell name 'default'
-          # (owalsh) pass the db uri explicitly to avoid https://bugs.launchpad.net/tripleo/+bug/1662344
-          shell: nova-manage cell_v2 create_cell --name='default' --database_connection=$(hiera nova::database_connection)
-          register: nova_api_create_cell
-          failed_when: nova_api_create_cell.rc not in [0,2]
-          changed_when: nova_api_create_cell.rc == 0
-        - name: Setup cell_v2 (sync nova/cell DB)
-          tags: step5
-          when: is_bootstrap_node
-          command: nova-manage db sync
-          async: {get_param: NovaDbSyncTimeout}
-          poll: 10
-        - name: Setup cell_v2 (get cell uuid)
-          tags: step5
-          when: is_bootstrap_node
-          shell: nova-manage cell_v2 list_cells | sed -e '1,3d' -e '$d' | awk -F ' *| *' '$2 == "default" {print $4}'
-          register: nova_api_cell_uuid
-        - name: Setup cell_v2 (migrate hosts)
-          tags: step5
-          when: is_bootstrap_node
-          command: nova-manage cell_v2 discover_hosts --cell_uuid {{nova_api_cell_uuid.stdout}} --verbose
-        - name: Setup cell_v2 (migrate instances)
-          tags: step5
-          when: is_bootstrap_node
-          command: nova-manage cell_v2 map_instances --cell_uuid {{nova_api_cell_uuid.stdout}}
-        - name: Sync nova_api DB
-          tags: step5
-          command: nova-manage api_db sync
-          when: is_bootstrap_node
-        - name: Online data migration for nova
-          tags: step5
-          when: is_bootstrap_node
-          command: nova-manage db online_data_migrations
+        yaql:
+          expression: $.data.apache_upgrade + $.data.nova_api_upgrade
+          data:
+            apache_upgrade:
+              get_attr: [ApacheServiceBase, role_data, upgrade_tasks]
+            nova_api_upgrade:
+              - name: get bootstrap nodeid
+                tags: common
+                command: hiera bootstrap_nodeid
+                register: bootstrap_node
+              - name: set is_bootstrap_node fact
+                tags: common
+                set_fact: is_bootstrap_node={{bootstrap_node.stdout|lower == ansible_hostname|lower}}
+              - name: Extra migration for nova tripleo/+bug/1656791
+                tags: step0,pre-upgrade
+                when: is_bootstrap_node
+                command: nova-manage db online_data_migrations
+              - name: Stop and disable nova_api service (pre-upgrade not under httpd)
+                tags: step2
+                service: name=openstack-nova-api state=stopped enabled=no
+              - name: Create puppet manifest to set transport_url in nova.conf
+                tags: step5
+                when: is_bootstrap_node
+                copy:
+                  dest: /root/nova-api_upgrade_manifest.pp
+                  mode: 0600
+                  content: >
+                    $transport_url = os_transport_url({
+                      'transport' => hiera('messaging_service_name', 'rabbit'),
+                      'hosts'     => any2array(hiera('rabbitmq_node_names', undef)),
+                      'port'      => sprintf('%s',hiera('nova::rabbit_port', '5672') ),
+                      'username'  => hiera('nova::rabbit_userid', 'guest'),
+                      'password'  => hiera('nova::rabbit_password'),
+                      'ssl'       => sprintf('%s', bool2num(str2bool(hiera('nova::rabbit_use_ssl', '0'))))
+                    })
+                    oslo::messaging::default { 'nova_config':
+                      transport_url => $transport_url
+                    }
+              - name: Run puppet apply to set tranport_url in nova.conf
+                tags: step5
+                when: is_bootstrap_node
+                command: puppet apply --modulepath /etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules --detailed-exitcodes /root/nova-api_upgrade_manifest.pp
+                register: puppet_apply_nova_api_upgrade
+                failed_when: puppet_apply_nova_api_upgrade.rc not in [0,2]
+                changed_when: puppet_apply_nova_api_upgrade.rc == 2
+              - name: Setup cell_v2 (map cell0)
+                tags: step5
+                when: is_bootstrap_node
+                shell: nova-manage cell_v2 map_cell0 --database_connection=$(hiera nova::cell0_database_connection)
+              - name: Setup cell_v2 (create default cell)
+                tags: step5
+                when: is_bootstrap_node
+                # (owalsh) puppet-nova expects the cell name 'default'
+                # (owalsh) pass the db uri explicitly to avoid https://bugs.launchpad.net/tripleo/+bug/1662344
+                shell: nova-manage cell_v2 create_cell --name='default' --database_connection=$(hiera nova::database_connection)
+                register: nova_api_create_cell
+                failed_when: nova_api_create_cell.rc not in [0,2]
+                changed_when: nova_api_create_cell.rc == 0
+              - name: Setup cell_v2 (sync nova/cell DB)
+                tags: step5
+                when: is_bootstrap_node
+                command: nova-manage db sync
+                async: {get_param: NovaDbSyncTimeout}
+                poll: 10
+              - name: Setup cell_v2 (get cell uuid)
+                tags: step5
+                when: is_bootstrap_node
+                shell: nova-manage cell_v2 list_cells | sed -e '1,3d' -e '$d' | awk -F ' *| *' '$2 == "default" {print $4}'
+                register: nova_api_cell_uuid
+              - name: Setup cell_v2 (migrate hosts)
+                tags: step5
+                when: is_bootstrap_node
+                command: nova-manage cell_v2 discover_hosts --cell_uuid {{nova_api_cell_uuid.stdout}} --verbose
+              - name: Setup cell_v2 (migrate instances)
+                tags: step5
+                when: is_bootstrap_node
+                command: nova-manage cell_v2 map_instances --cell_uuid {{nova_api_cell_uuid.stdout}}
+              - name: Sync nova_api DB
+                tags: step5
+                command: nova-manage api_db sync
+                when: is_bootstrap_node
+              - name: Online data migration for nova
+                tags: step5
+                when: is_bootstrap_node
+                command: nova-manage db online_data_migrations