Use wsgi template for nova-placement and cinder-api
Use templated wsgi from system.apache.server.site.
to make sure Keepalive is disabled when ssl is used.
For more info please see:
https://bugs.launchpad.net/devstack/+bug/1630664
https://review.openstack.org/#/c/433738/
Change-Id: I887a43677855986edc29e2f93a14b6a1d27fa24d
Related-Prod: PROD-18995
diff --git a/classes/cluster/virtual-mcp-pike-dvr-ssl-barbican/openstack/control.yml b/classes/cluster/virtual-mcp-pike-dvr-ssl-barbican/openstack/control.yml
index 778f57d..581ade2 100644
--- a/classes/cluster/virtual-mcp-pike-dvr-ssl-barbican/openstack/control.yml
+++ b/classes/cluster/virtual-mcp-pike-dvr-ssl-barbican/openstack/control.yml
@@ -10,10 +10,11 @@
- system.rabbitmq.server.vhost.openstack
- system.apache.server.site.manila
- system.apache.server.site.barbican
+- system.apache.server.site.nova-placement
+- system.apache.server.site.cinder
- system.nginx.server.single
- system.nginx.server.proxy.openstack_api
- system.nginx.server.proxy.openstack.designate
-- system.nginx.server.proxy.openstack.placement
- system.keystone.server.wsgi
- system.keystone.server.cluster
- system.glusterfs.client.cluster
@@ -66,12 +67,10 @@
nginx_proxy_openstack_api_address: ${_param:cluster_local_address}
nginx_proxy_openstack_keystone_host: 127.0.0.1
nginx_proxy_openstack_nova_host: 127.0.0.1
- nginx_proxy_openstack_cinder_host: 127.0.0.1
nginx_proxy_openstack_glance_host: 127.0.0.1
nginx_proxy_openstack_neutron_host: 127.0.0.1
nginx_proxy_openstack_heat_host: 127.0.0.1
nginx_proxy_openstack_designate_host: 127.0.0.1
- nginx_proxy_openstack_placement_host: 127.0.0.1
apache_manila_api_address: ${_param:single_address}
apache_manila_ssl: ${_param:nginx_proxy_ssl}
apache_keystone_api_host: ${_param:single_address}
@@ -79,8 +78,12 @@
apache_barbican_api_address: ${_param:cluster_local_address}
apache_barbican_api_host: ${_param:single_address}
apache_barbican_ssl: ${_param:nginx_proxy_ssl}
+ apache_nova_placement_api_address: ${_param:cluster_local_address}
+ apache_nova_placement_ssl: ${_param:nginx_proxy_ssl}
barbican_dogtag_nss_password: workshop
barbican_dogtag_host: ${_param:cluster_vip_address}
+ apache_cinder_api_address: ${_param:cluster_local_address}
+ apache_cinder_ssl: ${_param:nginx_proxy_ssl}
# dogtag listens on 8443 but there is no way to bind it to
# Specific IP, as on this setup dogtag installed on ctl nodes
# Change port on haproxy side to avoid binding conflict.
@@ -101,6 +104,8 @@
enabled: false
nginx_proxy_openstack_api_keystone_private:
enabled: false
+ nginx_proxy_openstack_api_cinder:
+ enabled: false
linux:
system:
package: