Configure http/https on OVN Metadata service to talk to Nova
Before this patch, we weren't configuring the 'https' protocol
for OVN Metadata agent to talk to Nova so when EnableInternalTLS
is set to True, http was still used. This patch fixes it by
configuring the metadata_protocol correctly.
Closes-Bug: 1794510
Change-Id: If3e3642038aecfa2b71de4b46d89d9c2c4f8be01
Signed-off-by: Daniel Alvarez <dalvarez@redhat.com>
(cherry picked from commit b78f3ea313
)
This commit is contained in:
parent
cdc8054019
commit
9a003d0c82
@ -30,6 +30,9 @@ parameters:
|
|||||||
description: Mapping of service endpoint -> protocol. Typically set
|
description: Mapping of service endpoint -> protocol. Typically set
|
||||||
via parameter_defaults in the resource registry.
|
via parameter_defaults in the resource registry.
|
||||||
type: json
|
type: json
|
||||||
|
EnableInternalTLS:
|
||||||
|
type: boolean
|
||||||
|
default: false
|
||||||
NeutronMetadataProxySharedSecret:
|
NeutronMetadataProxySharedSecret:
|
||||||
description: Shared secret to prevent spoofing
|
description: Shared secret to prevent spoofing
|
||||||
type: string
|
type: string
|
||||||
@ -79,6 +82,7 @@ parameters:
|
|||||||
conditions:
|
conditions:
|
||||||
neutron_workers_unset: {equals : [{get_param: NeutronWorkers}, '']}
|
neutron_workers_unset: {equals : [{get_param: NeutronWorkers}, '']}
|
||||||
service_debug_unset: {equals: [{get_param: OvnMetadataAgentDebug}, '']}
|
service_debug_unset: {equals: [{get_param: OvnMetadataAgentDebug}, '']}
|
||||||
|
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
|
||||||
|
|
||||||
resources:
|
resources:
|
||||||
|
|
||||||
@ -109,6 +113,12 @@ outputs:
|
|||||||
neutron::agents::ovn_metadata::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
|
neutron::agents::ovn_metadata::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
|
||||||
neutron::agents::ovn_metadata::auth_tenant: 'service'
|
neutron::agents::ovn_metadata::auth_tenant: 'service'
|
||||||
neutron::agents::ovn_metadata::metadata_ip: "%{hiera('nova_metadata_vip')}"
|
neutron::agents::ovn_metadata::metadata_ip: "%{hiera('nova_metadata_vip')}"
|
||||||
|
neutron::agents::ovn_metadata::metadata_host:
|
||||||
|
str_replace:
|
||||||
|
template:
|
||||||
|
"%{hiera('cloud_name_$NETWORK')}"
|
||||||
|
params:
|
||||||
|
$NETWORK: {get_param: [ServiceNetMap, NovaMetadataNetwork]}
|
||||||
neutron::agents::ovn_metadata::ovsdb_connection_timeout: {get_param: OVNDbConnectionTimeout}
|
neutron::agents::ovn_metadata::ovsdb_connection_timeout: {get_param: OVNDbConnectionTimeout}
|
||||||
ovn::southbound::port: {get_param: OVNSouthboundServerPort}
|
ovn::southbound::port: {get_param: OVNSouthboundServerPort}
|
||||||
neutron::agents::ovn_metadata::debug:
|
neutron::agents::ovn_metadata::debug:
|
||||||
@ -116,6 +126,11 @@ outputs:
|
|||||||
- service_debug_unset
|
- service_debug_unset
|
||||||
- {get_param: Debug}
|
- {get_param: Debug}
|
||||||
- {get_param: OvnMetadataAgentDebug}
|
- {get_param: OvnMetadataAgentDebug}
|
||||||
|
neutron::agents::ovn_metadata::metadata_protocol:
|
||||||
|
if:
|
||||||
|
- internal_tls_enabled
|
||||||
|
- 'https'
|
||||||
|
- 'http'
|
||||||
-
|
-
|
||||||
if:
|
if:
|
||||||
- neutron_workers_unset
|
- neutron_workers_unset
|
||||||
|
Loading…
Reference in New Issue
Block a user