Stop deploying Nova API in WSGI with Apache

It was suggested by Nova team to not deploying Nova API in WSGI with Apache in production. It's causing some issues that we didn't catch until now (see in the bug report). Until we figure out what was wrong, let's disable it so we can move forward in the upgrade process. Related-Bug: 1661360 Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com> Change-Id: Ia87b5bdea79e500ed41c30beb9aa9d6be302e3ac
2017-02-03 10:40:41 -05:00 · 2017-02-03 10:40:41 -05:00 · 22c5d34177
parent 2b11f29824
commit 22c5d34177
3 changed files with 25 additions and 24 deletions
--- a/manifests/haproxy.pp
+++ b/manifests/haproxy.pp
@ -1044,7 +1044,7 @@ class tripleo::haproxy (
      },
      public_ssl_port   => $ports[nova_api_ssl_port],
      service_network   => $nova_osapi_network,
-      member_options    => union($haproxy_member_options, $internal_tls_member_options),
+      #member_options    => union($haproxy_member_options, $internal_tls_member_options),
    }
  }

@ -1064,7 +1064,7 @@ class tripleo::haproxy (
      },
      public_ssl_port   => $ports[nova_placement_ssl_port],
      service_network   => $nova_placement_network,
-      member_options    => union($haproxy_member_options, $internal_tls_member_options),
+      #member_options    => union($haproxy_member_options, $internal_tls_member_options),
    }
  }

--- a/manifests/profile/base/nova/api.pp
+++ b/manifests/profile/base/nova/api.pp
@ -70,21 +70,6 @@ class tripleo::profile::base::nova::api (

  include ::tripleo::profile::base::nova

-  if $enable_internal_tls {
-    if $generate_service_certificates {
-      ensure_resources('tripleo::certmonger::httpd', $certificates_specs)
-    }
-
-    if !$nova_api_network {
-      fail('nova_api_network is not set in the hieradata.')
-    }
-    $tls_certfile = $certificates_specs["httpd-${nova_api_network}"]['service_certificate']
-    $tls_keyfile = $certificates_specs["httpd-${nova_api_network}"]['service_key']
-  } else {
-    $tls_certfile = undef
-    $tls_keyfile = undef
-  }
-
  if $step >= 3 and $sync_db {
    include ::nova::cell_v2::simple_setup
  }
@ -105,9 +90,25 @@ class tripleo::profile::base::nova::api (
      sync_db     => $sync_db,
      sync_db_api => $sync_db,
    }
-    class { '::nova::wsgi::apache_api':
-      ssl_cert => $tls_certfile,
-      ssl_key  => $tls_keyfile,
+    if hiera('nova_wsgi_enabled', true) {
+      if $enable_internal_tls {
+        if $generate_service_certificates {
+          ensure_resources('tripleo::certmonger::httpd', $certificates_specs)
+        }
+
+        if !$nova_api_network {
+          fail('nova_api_network is not set in the hieradata.')
+        }
+        $tls_certfile = $certificates_specs["httpd-${nova_api_network}"]['service_certificate']
+        $tls_keyfile = $certificates_specs["httpd-${nova_api_network}"]['service_key']
+      } else {
+        $tls_certfile = undef
+        $tls_keyfile = undef
+      }
+      class { '::nova::wsgi::apache_api':
+        ssl_cert => $tls_certfile,
+        ssl_key  => $tls_keyfile,
+      }
    }
    include ::nova::network::neutron
  }
--- a/spec/classes/tripleo_profile_base_nova_api_spec.rb
+++ b/spec/classes/tripleo_profile_base_nova_api_spec.rb
@ -39,7 +39,7 @@ eos
        is_expected.to contain_class('tripleo::profile::base::nova')
        is_expected.to_not contain_class('nova::keystone::authtoken')
        is_expected.to_not contain_class('nova::api')
-        is_expected.to_not contain_class('nova::wsgi::apache_api')
+        #is_expected.to_not contain_class('nova::wsgi::apache_api')
        is_expected.to_not contain_class('nova::network::neutron')
      }
    end
@ -56,7 +56,7 @@ eos
        is_expected.to contain_class('nova::cell_v2::simple_setup')
        is_expected.to contain_class('nova::keystone::authtoken')
        is_expected.to contain_class('nova::api')
-        is_expected.to contain_class('nova::wsgi::apache_api')
+        #is_expected.to contain_class('nova::wsgi::apache_api')
        is_expected.to contain_class('nova::network::neutron')
      }
    end
@ -73,7 +73,7 @@ eos
        is_expected.to_not contain_class('nova::db::sync_cell_v2')
        is_expected.to_not contain_class('nova::keystone::authtoken')
        is_expected.to_not contain_class('nova::api')
-        is_expected.to_not contain_class('nova::wsgi::apache_api')
+        #is_expected.to_not contain_class('nova::wsgi::apache_api')
        is_expected.to_not contain_class('nova::network::neutron')
      }
    end
@ -88,7 +88,7 @@ eos
        is_expected.to_not contain_class('nova::db::sync_cell_v2')
        is_expected.to contain_class('nova::keystone::authtoken')
        is_expected.to contain_class('nova::api')
-        is_expected.to contain_class('nova::wsgi::apache_api')
+        #is_expected.to contain_class('nova::wsgi::apache_api')
        is_expected.to contain_class('nova::network::neutron')
      }
    end