From fb35b74c073e1d547dae52ddc998e335827a8085 Mon Sep 17 00:00:00 2001 From: Jasvinder Singh Date: Thu, 1 Sep 2022 14:38:23 -0500 Subject: [PATCH] Fixing cinder to work for external url There are some more last minute testing changes done with cinder, so that it can work with both internal and external url. This change cinder configuration to not include ssl on wsgi as well as cinder to not listen on hostport. Change-Id: Iee0bb1edeccc6ec6540b54f84fffb4de940548ce --- .../charts/osh/openstack-cinder/cinder.yaml | 65 ------------------- 1 file changed, 65 deletions(-) diff --git a/global/software/charts/osh/openstack-cinder/cinder.yaml b/global/software/charts/osh/openstack-cinder/cinder.yaml index 489c60cdd..0b5d1706b 100644 --- a/global/software/charts/osh/openstack-cinder/cinder.yaml +++ b/global/software/charts/osh/openstack-cinder/cinder.yaml @@ -275,9 +275,6 @@ data: pod_replacement_strategy: RollingUpdate rolling_update: max_unavailable: 50% - useHostNetwork: - volume: true - backup: true security_context: cinder_volume: container: @@ -316,69 +313,7 @@ data: ceph_client: configmap: tenant-ceph-etc user_secret_name: pvc-tceph-client-key - network: - api: - ingress: - annotations: - nginx.ingress.kubernetes.io/backend-protocol: "https" - nginx.ingress.kubernetes.io/configuration-snippet: | - more_set_headers "X-Content-Type-Options: nosniff"; - more_set_headers "X-Frame-Options: deny"; - more_set_headers "Content-Security-Policy: default-src 'self'"; - more_set_headers "X-Permitted-Cross-Domain-Policies: none"; - more_set_headers "X-XSS-Protection: 1; mode=block"; - endpoints: - ingress: - port: - ingress: - default: 443 conf: - software: - apache2: - binary: apache2 - start_parameters: -DFOREGROUND - site_dir: /etc/apache2/sites-enabled - conf_dir: /etc/apache2/conf-enabled - mods_dir: /etc/apache2/mods-available - a2enmod: - - ssl - a2dismod: null - mpm_event: | - - ServerLimit 1024 - StartServers 32 - MinSpareThreads 32 - MaxSpareThreads 256 - ThreadsPerChild 25 - MaxRequestsPerChild 128 - ThreadLimit 720 - - wsgi_cinder: | - {{- $portInt := tuple "volume" "internal" "api" $ | include "helm-toolkit.endpoints.endpoint_port_lookup" }} - Listen {{ $portInt }} - - ServerName {{ printf "%s.%s.svc.%s" "cinder-api" .Release.Namespace .Values.endpoints.cluster_domain_suffix }} - WSGIDaemonProcess cinder-api processes=1 threads=1 user=cinder display-name=%{GROUP} - WSGIProcessGroup cinder-api - WSGIScriptAlias / /var/www/cgi-bin/cinder/cinder-wsgi - WSGIApplicationGroup %{GLOBAL} - WSGIPassAuthorization On - AllowEncodedSlashes On - = 2.4> - ErrorLogFormat "%{cu}t %M" - - SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded - ErrorLog /dev/stdout - CustomLog /dev/stdout combined env=!forwarded - CustomLog /dev/stdout proxy env=forwarded - - SSLEngine on - SSLCertificateFile /etc/cinder/certs/tls.crt - SSLCertificateKeyFile /etc/cinder/certs/tls.key - SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 - SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256 - SSLHonorCipherOrder on - ceph: pools: backup: