Re-enable SSL en p-o-i scenarios 1, 3 and 4

It has been long since we disabled ssl in scenarios. With current
versions of OpenStack projects and libraries, all projects but glance,
which has removed native ssl support with [1], are working fine with
SSL, so we can enable it again.

I'm  leaving scenario002 without SSL to cover both cases in CI.

[1] https://review.opendev.org/c/openstack/glance/+/697969

Change-Id: Id95b73003e1f91bc4bf9cb92b6665c1e6cbe2923
This commit is contained in:
Alfredo Moralejo 2021-02-01 10:49:31 +01:00 committed by yatin
parent ce87f2cdef
commit bc8675fe05
6 changed files with 10 additions and 19 deletions

View File

@ -14,9 +14,7 @@
# limitations under the License.
#
if ($::os['name'] == 'Ubuntu') or ($::os['name'] == 'Fedora') or
($::os['family'] == 'RedHat' and Integer.new($::os['release']['major']) > 7) {
# FIXME(ykarel) Disable SSL until services are ready to work with SSL + Python3
if ($::os['name'] == 'Ubuntu') or ($::os['name'] == 'Fedora') {
$ssl = false
} else {
$ssl = true

View File

@ -14,9 +14,7 @@
# limitations under the License.
#
if ($::os['name'] == 'Ubuntu') or ($::os['name'] == 'Fedora') or
($::os['family'] == 'RedHat' and Integer.new($::os['release']['major']) > 7) {
# FIXME(ykarel) Disable SSL until services are ready to work with SSL + Python3
if ($::os['name'] == 'Ubuntu') or ($::os['name'] == 'Fedora') {
$ssl = false
} else {
$ssl = true

View File

@ -14,9 +14,7 @@
# limitations under the License.
#
if ($::os['name'] == 'Ubuntu') or ($::os['name'] == 'Fedora') or
($::os['family'] == 'RedHat' and Integer.new($::os['release']['major']) > 7) {
# FIXME(ykarel) Disable SSL until services are ready to work with SSL + Python3
if ($::os['name'] == 'Ubuntu') or ($::os['name'] == 'Fedora') {
$ssl = false
} else {
$ssl = true

View File

@ -123,7 +123,7 @@ class openstack_integration::cinder (
class { 'cinder::backup': }
class { 'cinder::cron::db_purge': }
class { 'cinder::glance':
glance_api_servers => "${::openstack_integration::config::base_url}:9292",
glance_api_servers => "http://${::openstack_integration::config::ip_for_url}:9292",
}
case $backend {
'iscsi': {

View File

@ -14,12 +14,9 @@ class openstack_integration::glance (
if $::openstack_integration::config::ssl {
openstack_integration::ssl_key { 'glance':
notify => Service['glance-api'],
}
Package<| tag == 'glance-package' |> -> File['/etc/glance/ssl']
$key_file = "/etc/glance/ssl/private/${::fqdn}.pem"
$crt_file = $::openstack_integration::params::cert_path
Exec['update-ca-certificates'] ~> Service['glance-api']
$key_file = undef
$crt_file = undef
} else {
$key_file = undef
$crt_file = undef
@ -36,9 +33,9 @@ class openstack_integration::glance (
include glance
include glance::client
class { 'glance::keystone::auth':
public_url => "${::openstack_integration::config::base_url}:9292",
internal_url => "${::openstack_integration::config::base_url}:9292",
admin_url => "${::openstack_integration::config::base_url}:9292",
public_url => "http://${::openstack_integration::config::ip_for_url}:9292",
internal_url => "http://${::openstack_integration::config::ip_for_url}:9292",
admin_url => "http://${::openstack_integration::config::ip_for_url}:9292",
password => 'a_big_secret',
}
class { 'glance::api::authtoken':

View File

@ -38,7 +38,7 @@ class openstack_integration::neutron (
notify => Service['neutron-server'],
require => Package['neutron'],
}
Exec['update-ca-certificates'] ~> Service['neutron-server']
Exec['update-ca-certificates'] ~> Service<| tag == 'neutron-service' |>
}
if ($::operatingsystem == 'CentOS') and (versioncmp($::operatingsystemmajrelease, '8') == 0) {