Stop deploying Nova API in WSGI with Apache
It was suggested by Nova team to not deploying Nova API in WSGI with Apache in production. It's causing some issues that we didn't catch until now (see in the bug report). Until we figure out what was wrong, let's disable it so we can move forward in the upgrade process. Related-Bug: 1661360 Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com> Change-Id: Ia87b5bdea79e500ed41c30beb9aa9d6be302e3ac
This commit is contained in:
parent
2b11f29824
commit
22c5d34177
|
@ -1044,7 +1044,7 @@ class tripleo::haproxy (
|
|||
},
|
||||
public_ssl_port => $ports[nova_api_ssl_port],
|
||||
service_network => $nova_osapi_network,
|
||||
member_options => union($haproxy_member_options, $internal_tls_member_options),
|
||||
#member_options => union($haproxy_member_options, $internal_tls_member_options),
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -1064,7 +1064,7 @@ class tripleo::haproxy (
|
|||
},
|
||||
public_ssl_port => $ports[nova_placement_ssl_port],
|
||||
service_network => $nova_placement_network,
|
||||
member_options => union($haproxy_member_options, $internal_tls_member_options),
|
||||
#member_options => union($haproxy_member_options, $internal_tls_member_options),
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -70,21 +70,6 @@ class tripleo::profile::base::nova::api (
|
|||
|
||||
include ::tripleo::profile::base::nova
|
||||
|
||||
if $enable_internal_tls {
|
||||
if $generate_service_certificates {
|
||||
ensure_resources('tripleo::certmonger::httpd', $certificates_specs)
|
||||
}
|
||||
|
||||
if !$nova_api_network {
|
||||
fail('nova_api_network is not set in the hieradata.')
|
||||
}
|
||||
$tls_certfile = $certificates_specs["httpd-${nova_api_network}"]['service_certificate']
|
||||
$tls_keyfile = $certificates_specs["httpd-${nova_api_network}"]['service_key']
|
||||
} else {
|
||||
$tls_certfile = undef
|
||||
$tls_keyfile = undef
|
||||
}
|
||||
|
||||
if $step >= 3 and $sync_db {
|
||||
include ::nova::cell_v2::simple_setup
|
||||
}
|
||||
|
@ -105,9 +90,25 @@ class tripleo::profile::base::nova::api (
|
|||
sync_db => $sync_db,
|
||||
sync_db_api => $sync_db,
|
||||
}
|
||||
class { '::nova::wsgi::apache_api':
|
||||
ssl_cert => $tls_certfile,
|
||||
ssl_key => $tls_keyfile,
|
||||
if hiera('nova_wsgi_enabled', true) {
|
||||
if $enable_internal_tls {
|
||||
if $generate_service_certificates {
|
||||
ensure_resources('tripleo::certmonger::httpd', $certificates_specs)
|
||||
}
|
||||
|
||||
if !$nova_api_network {
|
||||
fail('nova_api_network is not set in the hieradata.')
|
||||
}
|
||||
$tls_certfile = $certificates_specs["httpd-${nova_api_network}"]['service_certificate']
|
||||
$tls_keyfile = $certificates_specs["httpd-${nova_api_network}"]['service_key']
|
||||
} else {
|
||||
$tls_certfile = undef
|
||||
$tls_keyfile = undef
|
||||
}
|
||||
class { '::nova::wsgi::apache_api':
|
||||
ssl_cert => $tls_certfile,
|
||||
ssl_key => $tls_keyfile,
|
||||
}
|
||||
}
|
||||
include ::nova::network::neutron
|
||||
}
|
||||
|
|
|
@ -39,7 +39,7 @@ eos
|
|||
is_expected.to contain_class('tripleo::profile::base::nova')
|
||||
is_expected.to_not contain_class('nova::keystone::authtoken')
|
||||
is_expected.to_not contain_class('nova::api')
|
||||
is_expected.to_not contain_class('nova::wsgi::apache_api')
|
||||
#is_expected.to_not contain_class('nova::wsgi::apache_api')
|
||||
is_expected.to_not contain_class('nova::network::neutron')
|
||||
}
|
||||
end
|
||||
|
@ -56,7 +56,7 @@ eos
|
|||
is_expected.to contain_class('nova::cell_v2::simple_setup')
|
||||
is_expected.to contain_class('nova::keystone::authtoken')
|
||||
is_expected.to contain_class('nova::api')
|
||||
is_expected.to contain_class('nova::wsgi::apache_api')
|
||||
#is_expected.to contain_class('nova::wsgi::apache_api')
|
||||
is_expected.to contain_class('nova::network::neutron')
|
||||
}
|
||||
end
|
||||
|
@ -73,7 +73,7 @@ eos
|
|||
is_expected.to_not contain_class('nova::db::sync_cell_v2')
|
||||
is_expected.to_not contain_class('nova::keystone::authtoken')
|
||||
is_expected.to_not contain_class('nova::api')
|
||||
is_expected.to_not contain_class('nova::wsgi::apache_api')
|
||||
#is_expected.to_not contain_class('nova::wsgi::apache_api')
|
||||
is_expected.to_not contain_class('nova::network::neutron')
|
||||
}
|
||||
end
|
||||
|
@ -88,7 +88,7 @@ eos
|
|||
is_expected.to_not contain_class('nova::db::sync_cell_v2')
|
||||
is_expected.to contain_class('nova::keystone::authtoken')
|
||||
is_expected.to contain_class('nova::api')
|
||||
is_expected.to contain_class('nova::wsgi::apache_api')
|
||||
#is_expected.to contain_class('nova::wsgi::apache_api')
|
||||
is_expected.to contain_class('nova::network::neutron')
|
||||
}
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue