openstack/puppet-openstack-integration
Code Issues Proposed changes

Stop deploying Nova API in WSGI with Apache

Browse Source 
It was suggested by Nova team to not deploying Nova API in WSGI with
Apache in production.
It's causing some issues that we didn't catch until now (see in the bug
report). Until we figure out what was wrong, let's disable it so we can
move forward in the upgrade process.

Note: we also need to fix orchestration in provision to make sure
Keystone is ready before creating nova flavors, and other resources.

Depends-On: I1688eae1369f6da2c7084dc3864d19708d15c78d
Change-Id: I4a0d999d5290785a416bbb11953fee7a5028a00b
Related-Bug: 1661360
This commit is contained in:
Emilien Macchi 2017-02-03 11:02:03 -05:00
parent 3bc4c2ff52
commit 067e1a32a9
3 changed files with 32 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
manifests/neutron.pp
View File

@ -141,10 +141,23 @@ class openstack_integration::neutron (
mechanism_drivers => $driver,
firewall_driver => $firewall_driver,
}
if $::openstack_integration::config::ssl {
$metadata_protocol = 'https'
$nova_client_cert = $::openstack_integration::params::cert_path
$nova_client_priv_key = "/etc/neutron/ssl/private/${::fqdn}.pem"
} else {
$metadata_protocol = $::os_service_default
$nova_client_cert = $::os_service_default
$nova_client_priv_key = $::os_service_default
}
class { '::neutron::agents::metadata':
debug => true,
shared_secret => 'a_big_secret',
metadata_workers => 2,
debug => true,
shared_secret => 'a_big_secret',
metadata_workers => 2,
metadata_protocol => $metadata_protocol,
metadata_insecure => true,
nova_client_cert => $nova_client_cert,
nova_client_priv_key => $nova_client_priv_key,
}
class { '::neutron::agents::lbaas':
interface_driver => $driver,

20
manifests/nova.pp
View File

@ -30,9 +30,13 @@ class openstack_integration::nova (
if $::openstack_integration::config::ssl {
openstack_integration::ssl_key { 'nova':
notify => Service['httpd'],
notify => [
Service['nova-api'],
Service['httpd'],
],
require => Package['nova-common'],
}
Exec['update-ca-certificates'] ~> Service['nova-api']
Exec['update-ca-certificates'] ~> Service['httpd']
}
@ -103,22 +107,18 @@ class openstack_integration::nova (
debug => true,
notification_driver => 'messagingv2',
notify_on_state_change => 'vm_and_task_state',
use_ssl => $::openstack_integration::config::ssl,
key_file => "/etc/nova/ssl/private/${::fqdn}.pem",
cert_file => $::openstack_integration::params::cert_path,
}
class { '::nova::api':
api_bind_address => $::openstack_integration::config::host,
neutron_metadata_proxy_shared_secret => 'a_big_secret',
metadata_workers => 2,
osapi_compute_workers => 2,
default_floating_pool => 'public',
sync_db_api => true,
service_name => 'httpd',
}
include ::apache
class { '::nova::wsgi::apache_api':
bind_host => $::openstack_integration::config::ip_for_url,
ssl_key => "/etc/nova/ssl/private/${::fqdn}.pem",
ssl_cert => $::openstack_integration::params::cert_path,
ssl => $::openstack_integration::config::ssl,
workers => '2',
}
if $::osfamily == 'RedHat' {
class { '::nova::wsgi::apache_placement':

9
manifests/provision.pp
View File

@ -18,7 +18,8 @@ class openstack_integration::provision {
disk => '0',
vcpus => '1',
}
Keystone_user_role['admin@openstack'] -> Nova_flavor<||>
Keystone_user_role <||>-> Nova_flavor<||>
Keystone_endpoint <||>-> Nova_flavor<||>
neutron_network { 'public':
tenant_name => 'openstack',
@ -26,7 +27,8 @@ class openstack_integration::provision {
provider_physical_network => 'external',
provider_network_type => 'flat',
}
Keystone_user_role['admin@openstack'] -> Neutron_network<||>
Keystone_user_role <||>-> Neutron_network<||>
Keystone_endpoint <||>-> Neutron_network<||>
neutron_subnet { 'public-subnet':
cidr => '172.24.5.0/24',
@ -52,5 +54,6 @@ class openstack_integration::provision {
is_public => 'yes',
source => '/tmp/openstack/tempest/cirros-0.3.4-x86_64-disk.img'
}
Keystone_user_role['admin@openstack'] -> Glance_image<||>
Keystone_user_role <||>-> Glance_image<||>
Keystone_endpoint <||>-> Glance_image<||>
}