From 9a003d0c822bd958c1edc5bc4c36ab4bf41b19a6 Mon Sep 17 00:00:00 2001
From: Daniel Alvarez <dalvarez@redhat.com>
Date: Wed, 26 Sep 2018 14:03:40 +0200
Subject: [PATCH] Configure http/https on OVN Metadata service to talk to Nova

Before this patch, we weren't configuring the 'https' protocol
for OVN Metadata agent to talk to Nova so when EnableInternalTLS
is set to True, http was still used. This patch fixes it by
configuring the metadata_protocol correctly.

Closes-Bug: 1794510

Change-Id: If3e3642038aecfa2b71de4b46d89d9c2c4f8be01
Signed-off-by: Daniel Alvarez <dalvarez@redhat.com>
(cherry picked from commit b78f3ea313f882428d0d8bb6fa2b0c473f4746c2)
---
 puppet/services/ovn-metadata.yaml | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/puppet/services/ovn-metadata.yaml b/puppet/services/ovn-metadata.yaml
index bae685b0eb..a3e00f2a6c 100644
--- a/puppet/services/ovn-metadata.yaml
+++ b/puppet/services/ovn-metadata.yaml
@@ -30,6 +30,9 @@ parameters:
     description: Mapping of service endpoint -> protocol. Typically set
                  via parameter_defaults in the resource registry.
     type: json
+  EnableInternalTLS:
+    type: boolean
+    default: false
   NeutronMetadataProxySharedSecret:
     description: Shared secret to prevent spoofing
     type: string
@@ -79,6 +82,7 @@ parameters:
 conditions:
   neutron_workers_unset: {equals : [{get_param: NeutronWorkers}, '']}
   service_debug_unset: {equals: [{get_param: OvnMetadataAgentDebug}, '']}
+  internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
 
 resources:
 
@@ -109,6 +113,12 @@ outputs:
             neutron::agents::ovn_metadata::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
             neutron::agents::ovn_metadata::auth_tenant: 'service'
             neutron::agents::ovn_metadata::metadata_ip: "%{hiera('nova_metadata_vip')}"
+            neutron::agents::ovn_metadata::metadata_host:
+              str_replace:
+                template:
+                  "%{hiera('cloud_name_$NETWORK')}"
+                params:
+                  $NETWORK: {get_param: [ServiceNetMap, NovaMetadataNetwork]}
             neutron::agents::ovn_metadata::ovsdb_connection_timeout: {get_param: OVNDbConnectionTimeout}
             ovn::southbound::port: {get_param: OVNSouthboundServerPort}
             neutron::agents::ovn_metadata::debug:
@@ -116,6 +126,11 @@ outputs:
                 - service_debug_unset
                 - {get_param: Debug}
                 - {get_param: OvnMetadataAgentDebug}
+            neutron::agents::ovn_metadata::metadata_protocol:
+              if:
+              - internal_tls_enabled
+              - 'https'
+              - 'http'
           -
             if:
             - neutron_workers_unset