bb7bd1c58e
The current implementation of airship-libvirt-gate is using sushy-emulator binary to emulate redfish. Sushy-emulator works only for http and also can’t authenticate users out-of-box if ran by itself. In order to check https and authentication the reverse-proxy was introduced. This approach had several drawbacks: 1) http still doesn’t check auth 2) to use apache for https only is too heavy solution for https This change converts reverse proxy to apache running sushy-emulator as wsgi backend, that gives an ability to check authentication for both http and https. We’re also getting rid of ad-hoc sushy-emulator service and using out-of-box apache service implementation. The code also introduces gathering of apache resulting configs and logs for quicker debug if needed. Right now authentication is disabled, since manifests are written in a way so they don’t use them. If it’s necessary to enable it, just set username here[1] PS There is ability to use apache for http-server [2], but it’s better to do as a separate PR [1] roles/airship-libvirt-gate/defaults/main.yaml [2] roles/http-fileserver Change-Id: I43b5bca41519c88b01535c156b2db0e9edaa81bb
36 lines
1.4 KiB
Django/Jinja
36 lines
1.4 KiB
Django/Jinja
<IfModule mod_ssl.c>
|
|
{% if sushy_emulator_frontend_https_port != 443 %}
|
|
Listen {{ sushy_emulator_frontend_https_port }}
|
|
{% endif %}
|
|
<VirtualHost *:{{ sushy_emulator_frontend_https_port }}>
|
|
# Add machine's IP address (use ifconfig command)
|
|
ServerName {{ sushy_emulator_frontend_servername }}
|
|
# Give an alias to to start your website url with
|
|
WSGIDaemonProcess wsgiapp-{{ sushy_emulator_frontend_name }}-https user=wsgiapp-sushy processes=2 threads=5
|
|
WSGIScriptAlias / /var/www/sushy-emulator/sushy-emulator.wsgi
|
|
<Directory /var/www/sushy-emulator/>
|
|
# set permissions as per apache2.conf file
|
|
WSGIProcessGroup wsgiapp-{{ sushy_emulator_frontend_name }}-https
|
|
Options FollowSymLinks
|
|
AllowOverride None
|
|
Require all granted
|
|
</Directory>
|
|
{% if sushy_emulator_frontend_user is defined %}
|
|
<Location />
|
|
AuthType Basic
|
|
AuthName "Authentication Required"
|
|
AuthUserFile /etc/apache2/sites-available/{{ sushy_emulator_frontend_name }}.htpasswd
|
|
Require valid-user
|
|
</Location>
|
|
{% endif %}
|
|
SSLEngine on
|
|
SSLCertificateFile /etc/ssl/certs/{{ sushy_emulator_frontend_name }}.pem
|
|
SSLCertificateKeyFile /etc/ssl/private/{{ sushy_emulator_frontend_name }}.key
|
|
|
|
ErrorLog ${APACHE_LOG_DIR}/error.log
|
|
LogLevel warn
|
|
CustomLog ${APACHE_LOG_DIR}/access.log combined
|
|
</VirtualHost>
|
|
</IfModule>
|
|
|