Configure http/https on OVN Metadata service to talk to Nova

Before this patch, we weren't configuring the 'https' protocol for OVN Metadata agent to talk to Nova so when EnableInternalTLS is set to True, http was still used. This patch fixes it by configuring the metadata_protocol correctly. Closes-Bug: 1794510 Change-Id: If3e3642038aecfa2b71de4b46d89d9c2c4f8be01 Signed-off-by: Daniel Alvarez <dalvarez@redhat.com>
2018-09-26 14:03:40 +02:00 · 2018-09-26 14:03:40 +02:00 · b78f3ea313
parent 4656dbe2e0
commit b78f3ea313
1 changed files with 15 additions and 0 deletions
--- a/puppet/services/ovn-metadata.yaml
+++ b/puppet/services/ovn-metadata.yaml
@ -30,6 +30,9 @@ parameters:
    description: Mapping of service endpoint -> protocol. Typically set
                 via parameter_defaults in the resource registry.
    type: json
+  EnableInternalTLS:
+    type: boolean
+    default: false
  NeutronMetadataProxySharedSecret:
    description: Shared secret to prevent spoofing
    type: string
@ -79,6 +82,7 @@ parameters:
 conditions:
  neutron_workers_unset: {equals : [{get_param: NeutronWorkers}, '']}
  service_debug_unset: {equals: [{get_param: OvnMetadataAgentDebug}, '']}
+  internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}

 resources:

@ -107,6 +111,12 @@ outputs:
            neutron::agents::ovn_metadata::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
            neutron::agents::ovn_metadata::auth_tenant: 'service'
            neutron::agents::ovn_metadata::metadata_ip: "%{hiera('nova_metadata_vip')}"
+            neutron::agents::ovn_metadata::metadata_host:
+              str_replace:
+                template:
+                  "%{hiera('cloud_name_$NETWORK')}"
+                params:
+                  $NETWORK: {get_param: [ServiceNetMap, NovaMetadataNetwork]}
            neutron::agents::ovn_metadata::ovsdb_connection_timeout: {get_param: OVNDbConnectionTimeout}
            ovn::southbound::port: {get_param: OVNSouthboundServerPort}
            neutron::agents::ovn_metadata::debug:
@ -114,6 +124,11 @@ outputs:
                - service_debug_unset
                - {get_param: Debug}
                - {get_param: OvnMetadataAgentDebug}
+            neutron::agents::ovn_metadata::metadata_protocol:
+              if:
+              - internal_tls_enabled
+              - 'https'
+              - 'http'
          -
            if:
            - neutron_workers_unset