From b4b625c9f529ac0554203ab4b14cf76b8cbdb3c3 Mon Sep 17 00:00:00 2001
From: Sumit Jamgade <sjamgade@suse.com>
Date: Wed, 24 Oct 2018 13:11:52 +0200
Subject: [PATCH] start tls-proxy (if enabled) before checking for api

When tls-proxy is enabled, first start the tls-proxy and then then wait
for api to come up.

Without this the api comes up on the internal port as a result the
subsequent curl fails killing the deployment
- create a zuul job to test with tls
- fix apache ports accordingly

Depends-On: Ie665240b53df92b8e5ca509e998e95d859bd5282
Change-Id: I610a7a24daab68c7ab0e30977e3cabd62cdb56a5
---
 .zuul.yaml           | 12 ++++++++++++
 devstack/lib/watcher | 17 ++++++++++++-----
 2 files changed, 24 insertions(+), 5 deletions(-)

diff --git a/.zuul.yaml b/.zuul.yaml
index 169fd013a..273787dd3 100644
--- a/.zuul.yaml
+++ b/.zuul.yaml
@@ -15,6 +15,7 @@
         - watcher-tempest-workload_balancing
         - watcherclient-tempest-functional
         - watcher-tempest-zone_migration
+        - watcher-tls-test
         - openstack-tox-lower-constraints
     gate:
       queue: watcher
@@ -57,6 +58,17 @@
     vars:
       tempest_test_regex: watcher_tempest_plugin.tests.scenario.test_execute_zone_migration
 
+- job:
+    name: watcher-tls-test
+    parent: watcher-tempest-multinode
+    group-vars:
+      subnode:
+          devstack_services:
+            tls-proxy: true
+    vars:
+      devstack_services:
+        tls-proxy: true
+
 - job:
     name: watcher-tempest-multinode
     parent: watcher-tempest-functional
diff --git a/devstack/lib/watcher b/devstack/lib/watcher
index d247f5ca6..57a952fed 100644
--- a/devstack/lib/watcher
+++ b/devstack/lib/watcher
@@ -151,12 +151,17 @@ function create_watcher_accounts {
 function _config_watcher_apache_wsgi {
     local watcher_apache_conf
     if [[ "$WATCHER_USE_MOD_WSGI" == "True" ]]; then
+        local service_port=$WATCHER_SERVICE_PORT
+        if is_service_enabled tls-proxy; then
+            service_port=$WATCHER_SERVICE_PORT_INT
+            service_protocol="http"
+        fi
         sudo mkdir -p $WATCHER_WSGI_DIR
         sudo cp $WATCHER_DIR/watcher/api/app.wsgi $WATCHER_WSGI_DIR/app.wsgi
         watcher_apache_conf=$(apache_site_config_for watcher-api)
         sudo cp $WATCHER_DEVSTACK_FILES_DIR/apache-watcher-api.template $watcher_apache_conf
         sudo sed -e "
-            s|%WATCHER_SERVICE_PORT%|$WATCHER_SERVICE_PORT|g;
+            s|%WATCHER_SERVICE_PORT%|$service_port|g;
             s|%WATCHER_WSGI_DIR%|$WATCHER_WSGI_DIR|g;
             s|%USER%|$STACK_USER|g;
             s|%APIWORKERS%|$API_WORKERS|g;
@@ -294,15 +299,17 @@ function start_watcher_api {
     else
         run_process watcher-api "$WATCHER_BIN_DIR/watcher-api --config-file $WATCHER_CONF"
     fi
-    echo "Waiting for watcher-api to start..."
-    if ! wait_for_service $SERVICE_TIMEOUT $service_protocol://$WATCHER_SERVICE_HOST:$service_port; then
-        die $LINENO "watcher-api did not start"
-    fi
 
     # Start proxies if enabled
     if is_service_enabled tls-proxy; then
         start_tls_proxy watcher '*' $WATCHER_SERVICE_PORT $WATCHER_SERVICE_HOST $WATCHER_SERVICE_PORT_INT
     fi
+
+    echo "Waiting for watcher-api to start..."
+    if ! wait_for_service $SERVICE_TIMEOUT $service_protocol://$WATCHER_SERVICE_HOST:$service_port; then
+        die $LINENO "watcher-api did not start"
+    fi
+
 }
 
 # start_watcher() - Start running processes, including screen