Fixing cinder to work for external url

There are some more last minute testing changes done with cinder, so that it can work with both internal and external url. This change cinder configuration to not include ssl on wsgi as well as cinder to not listen on hostport. Change-Id: Iee0bb1edeccc6ec6540b54f84fffb4de940548ce
2022-09-01 14:38:23 -05:00 · 2022-09-01 14:38:23 -05:00 · fb35b74c07
parent baf984deea
commit fb35b74c07
1 changed files with 0 additions and 65 deletions
--- a/global/software/charts/osh/openstack-cinder/cinder.yaml
+++ b/global/software/charts/osh/openstack-cinder/cinder.yaml
@ -275,9 +275,6 @@ data:
            pod_replacement_strategy: RollingUpdate
            rolling_update:
              max_unavailable: 50%
-      useHostNetwork:
-        volume: true
-        backup: true
      security_context:
        cinder_volume:
          container:
@ -316,69 +313,7 @@ data:
    ceph_client:
      configmap: tenant-ceph-etc
      user_secret_name: pvc-tceph-client-key
-    network:
-      api:
-        ingress:
-          annotations:
-            nginx.ingress.kubernetes.io/backend-protocol: "https"
-            nginx.ingress.kubernetes.io/configuration-snippet: |
-              more_set_headers "X-Content-Type-Options: nosniff";
-              more_set_headers "X-Frame-Options: deny";
-              more_set_headers "Content-Security-Policy: default-src 'self'";
-              more_set_headers "X-Permitted-Cross-Domain-Policies: none";
-              more_set_headers "X-XSS-Protection: 1; mode=block";
-    endpoints:
-      ingress:
-        port:
-          ingress:
-            default: 443
    conf:
-      software:
-        apache2:
-          binary: apache2
-          start_parameters: -DFOREGROUND
-          site_dir: /etc/apache2/sites-enabled
-          conf_dir: /etc/apache2/conf-enabled
-          mods_dir: /etc/apache2/mods-available
-          a2enmod:
-            - ssl
-          a2dismod: null
-      mpm_event: |
-        <IfModule mpm_event_module>
-          ServerLimit         1024
-          StartServers        32
-          MinSpareThreads     32
-          MaxSpareThreads     256
-          ThreadsPerChild     25
-          MaxRequestsPerChild 128
-          ThreadLimit         720
-        </IfModule>
-      wsgi_cinder: |
-        {{- $portInt := tuple "volume" "internal" "api" $ | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
-        Listen {{ $portInt }}
-        <VirtualHost *:{{ $portInt }}>
-          ServerName {{ printf "%s.%s.svc.%s" "cinder-api" .Release.Namespace .Values.endpoints.cluster_domain_suffix }}
-          WSGIDaemonProcess cinder-api processes=1 threads=1 user=cinder display-name=%{GROUP}
-          WSGIProcessGroup cinder-api
-          WSGIScriptAlias /  /var/www/cgi-bin/cinder/cinder-wsgi
-          WSGIApplicationGroup %{GLOBAL}
-          WSGIPassAuthorization On
-          AllowEncodedSlashes On
-          <IfVersion >= 2.4>
-            ErrorLogFormat "%{cu}t %M"
-          </IfVersion>
-          SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
-          ErrorLog /dev/stdout
-          CustomLog /dev/stdout combined env=!forwarded
-          CustomLog /dev/stdout proxy env=forwarded
-
-          SSLEngine on
-          SSLCertificateFile      /etc/cinder/certs/tls.crt
-          SSLCertificateKeyFile   /etc/cinder/certs/tls.key
-          SSLProtocol             all -SSLv3 -TLSv1 -TLSv1.1
-          SSLCipherSuite          ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
-          SSLHonorCipherOrder     on
-        </VirtualHost>
      ceph:
        pools:
          backup: