Configure http/https on OVN Metadata service to talk to Nova
Before this patch, we weren't configuring the 'https' protocol for OVN Metadata agent to talk to Nova so when EnableInternalTLS is set to True, http was still used. This patch fixes it by configuring the metadata_protocol correctly. Closes-Bug: 1794510 Change-Id: If3e3642038aecfa2b71de4b46d89d9c2c4f8be01 Signed-off-by: Daniel Alvarez <dalvarez@redhat.com>
This commit is contained in:
parent
4656dbe2e0
commit
b78f3ea313
|
@ -30,6 +30,9 @@ parameters:
|
|||
description: Mapping of service endpoint -> protocol. Typically set
|
||||
via parameter_defaults in the resource registry.
|
||||
type: json
|
||||
EnableInternalTLS:
|
||||
type: boolean
|
||||
default: false
|
||||
NeutronMetadataProxySharedSecret:
|
||||
description: Shared secret to prevent spoofing
|
||||
type: string
|
||||
|
@ -79,6 +82,7 @@ parameters:
|
|||
conditions:
|
||||
neutron_workers_unset: {equals : [{get_param: NeutronWorkers}, '']}
|
||||
service_debug_unset: {equals: [{get_param: OvnMetadataAgentDebug}, '']}
|
||||
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
|
||||
|
||||
resources:
|
||||
|
||||
|
@ -107,6 +111,12 @@ outputs:
|
|||
neutron::agents::ovn_metadata::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
|
||||
neutron::agents::ovn_metadata::auth_tenant: 'service'
|
||||
neutron::agents::ovn_metadata::metadata_ip: "%{hiera('nova_metadata_vip')}"
|
||||
neutron::agents::ovn_metadata::metadata_host:
|
||||
str_replace:
|
||||
template:
|
||||
"%{hiera('cloud_name_$NETWORK')}"
|
||||
params:
|
||||
$NETWORK: {get_param: [ServiceNetMap, NovaMetadataNetwork]}
|
||||
neutron::agents::ovn_metadata::ovsdb_connection_timeout: {get_param: OVNDbConnectionTimeout}
|
||||
ovn::southbound::port: {get_param: OVNSouthboundServerPort}
|
||||
neutron::agents::ovn_metadata::debug:
|
||||
|
@ -114,6 +124,11 @@ outputs:
|
|||
- service_debug_unset
|
||||
- {get_param: Debug}
|
||||
- {get_param: OvnMetadataAgentDebug}
|
||||
neutron::agents::ovn_metadata::metadata_protocol:
|
||||
if:
|
||||
- internal_tls_enabled
|
||||
- 'https'
|
||||
- 'http'
|
||||
-
|
||||
if:
|
||||
- neutron_workers_unset
|
||||
|
|
Loading…
Reference in New Issue