From 3dcb6ad809510c774654df988941fa3e17ecc362 Mon Sep 17 00:00:00 2001
From: Michal Nasiadka <mnasiadka@gmail.com>
Date: Tue, 4 Jan 2022 16:19:55 +0100
Subject: [PATCH] nova: disable external metadata haproxy frontend
We are not using it anywhere (metadata agents are using internal network),
so let's disable it by default.
Change-Id: If06db5030b0f09e20ef506c3b3ab39c3573b5f3d
---
ansible/roles/nova/defaults/main.yml | 4 +++-
.../disable-nova-external-metadata-09ba131cf9258be9.yaml | 9 +++++++++
2 files changed, 12 insertions(+), 1 deletion(-)
create mode 100644 releasenotes/notes/disable-nova-external-metadata-09ba131cf9258be9.yaml
diff --git a/ansible/roles/nova/defaults/main.yml b/ansible/roles/nova/defaults/main.yml
index 543babf00c..af42eaa439 100644
--- a/ansible/roles/nova/defaults/main.yml
+++ b/ansible/roles/nova/defaults/main.yml
@@ -34,7 +34,7 @@ nova_services:
listen_port: "{{ nova_metadata_listen_port }}"
tls_backend: "{{ nova_enable_tls_backend }}"
nova_metadata_external:
- enabled: "{{ enable_nova }}"
+ enabled: "{{ nova_enable_external_metadata }}"
mode: "http"
external: true
port: "{{ nova_metadata_port }}"
@@ -191,6 +191,8 @@ nova_safety_upgrade: "no"
nova_services_require_policy_json:
- nova-api
+nova_enable_external_metadata: "no"
+
####################
# Keystone
####################
diff --git a/releasenotes/notes/disable-nova-external-metadata-09ba131cf9258be9.yaml b/releasenotes/notes/disable-nova-external-metadata-09ba131cf9258be9.yaml
new file mode 100644
index 0000000000..375e6ee2d0
--- /dev/null
+++ b/releasenotes/notes/disable-nova-external-metadata-09ba131cf9258be9.yaml
@@ -0,0 +1,9 @@
+---
+features:
+ - |
+ Introduce ``nova_enable_external_metadata`` that defaults to ``no`` to
+ control if external facing metadata haproxy frontend should be configured.
+upgrade:
+ - |
+ External Nova metadata service is now disabled by default. It can be
+ enabled by setting ``nova_enable_external_metadata`` to ``yes``.