It was suggested by Nova team to not deploying Nova API in WSGI with
Apache in production.
It's causing some issues that we didn't catch until now (see in the bug
report). Until we figure out what was wrong, let's disable it so we can
move forward in the upgrade process.
Related-Bug:
1661360
Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com>
Change-Id: Ia87b5bdea79e500ed41c30beb9aa9d6be302e3ac
},
public_ssl_port => $ports[nova_api_ssl_port],
service_network => $nova_osapi_network,
- member_options => union($haproxy_member_options, $internal_tls_member_options),
+ #member_options => union($haproxy_member_options, $internal_tls_member_options),
}
}
},
public_ssl_port => $ports[nova_placement_ssl_port],
service_network => $nova_placement_network,
- member_options => union($haproxy_member_options, $internal_tls_member_options),
+ #member_options => union($haproxy_member_options, $internal_tls_member_options),
}
}
include ::tripleo::profile::base::nova
- if $enable_internal_tls {
- if $generate_service_certificates {
- ensure_resources('tripleo::certmonger::httpd', $certificates_specs)
- }
-
- if !$nova_api_network {
- fail('nova_api_network is not set in the hieradata.')
- }
- $tls_certfile = $certificates_specs["httpd-${nova_api_network}"]['service_certificate']
- $tls_keyfile = $certificates_specs["httpd-${nova_api_network}"]['service_key']
- } else {
- $tls_certfile = undef
- $tls_keyfile = undef
- }
-
if $step >= 3 and $sync_db {
include ::nova::cell_v2::simple_setup
}
sync_db => $sync_db,
sync_db_api => $sync_db,
}
- class { '::nova::wsgi::apache_api':
- ssl_cert => $tls_certfile,
- ssl_key => $tls_keyfile,
+ if hiera('nova_wsgi_enabled', true) {
+ if $enable_internal_tls {
+ if $generate_service_certificates {
+ ensure_resources('tripleo::certmonger::httpd', $certificates_specs)
+ }
+
+ if !$nova_api_network {
+ fail('nova_api_network is not set in the hieradata.')
+ }
+ $tls_certfile = $certificates_specs["httpd-${nova_api_network}"]['service_certificate']
+ $tls_keyfile = $certificates_specs["httpd-${nova_api_network}"]['service_key']
+ } else {
+ $tls_certfile = undef
+ $tls_keyfile = undef
+ }
+ class { '::nova::wsgi::apache_api':
+ ssl_cert => $tls_certfile,
+ ssl_key => $tls_keyfile,
+ }
}
include ::nova::network::neutron
}
is_expected.to contain_class('tripleo::profile::base::nova')
is_expected.to_not contain_class('nova::keystone::authtoken')
is_expected.to_not contain_class('nova::api')
- is_expected.to_not contain_class('nova::wsgi::apache_api')
+ #is_expected.to_not contain_class('nova::wsgi::apache_api')
is_expected.to_not contain_class('nova::network::neutron')
}
end
is_expected.to contain_class('nova::cell_v2::simple_setup')
is_expected.to contain_class('nova::keystone::authtoken')
is_expected.to contain_class('nova::api')
- is_expected.to contain_class('nova::wsgi::apache_api')
+ #is_expected.to contain_class('nova::wsgi::apache_api')
is_expected.to contain_class('nova::network::neutron')
}
end
is_expected.to_not contain_class('nova::db::sync_cell_v2')
is_expected.to_not contain_class('nova::keystone::authtoken')
is_expected.to_not contain_class('nova::api')
- is_expected.to_not contain_class('nova::wsgi::apache_api')
+ #is_expected.to_not contain_class('nova::wsgi::apache_api')
is_expected.to_not contain_class('nova::network::neutron')
}
end
is_expected.to_not contain_class('nova::db::sync_cell_v2')
is_expected.to contain_class('nova::keystone::authtoken')
is_expected.to contain_class('nova::api')
- is_expected.to contain_class('nova::wsgi::apache_api')
+ #is_expected.to contain_class('nova::wsgi::apache_api')
is_expected.to contain_class('nova::network::neutron')
}
end
Code Review / apex-puppet-tripleo.git / commitdiff