Split v2 and v3 web config

In v3, we need to be able to use some variables from zuul/web.pp in the
vhost template, but the vhost is created in ::zuul because of how v2
worked.

Split the config, and split where we're defining it so that in the next
patch we can make use of variables from zuul/web.pp.

Change-Id: I3e1c72bb773be050854f5563d09f6c19af8bc6dc
Depends-On: https://review.openstack.org/557085
This commit is contained in:
Monty Taylor 2018-03-27 09:16:09 -05:00
parent ad7b7953d0
commit fa66845b5b
No known key found for this signature in database
GPG Key ID: 7BAE94BC7141A594
5 changed files with 280 additions and 139 deletions

View File

@ -105,12 +105,6 @@ class zuul (
$pip_command = 'pip'
}
if ($zuul_tenant_name) {
$zuul_web_full_url = "${zuul_web_url}/${zuul_tenant_name}"
} else {
$zuul_web_full_url = $zuul_web_url
}
$packages = [
'libffi-dev',
'libssl-dev',
@ -513,12 +507,6 @@ class zuul (
mode => '0444',
content => "PIDFILE=/var/run/zuul/merger.pid\n",
}
file { '/etc/default/zuul-web':
ensure => present,
mode => '0444',
content => "PIDFILE=/var/run/zuul/web.pid\n",
}
}
file { '/etc/init.d/zuul':
@ -566,6 +554,7 @@ class zuul (
notify => Class['zuul::systemd_reload'],
}
if ! $zuulv3 {
if $proxy_ssl_cert_file_contents == '' {
$ssl = false
} else {
@ -612,6 +601,7 @@ class zuul (
}
}
}
}
if $site_variables_yaml_file != undef {
file { '/etc/zuul/site-variables.yaml':
@ -625,6 +615,7 @@ class zuul (
}
}
if ! $zuulv3 {
::httpd::vhost { $vhost_name:
port => 443, # Is required despite not being used.
docroot => 'MEANINGLESS ARGUMENT',
@ -648,9 +639,6 @@ class zuul (
if ! defined(Httpd::Mod['cgid']) {
httpd::mod { 'cgid': ensure => present }
}
if !defined(Mod['proxy_wstunnel']) {
httpd::mod { 'proxy_wstunnel': ensure => present }
}
case $::lsbdistcodename {
'precise': {
@ -667,5 +655,5 @@ class zuul (
}
}
}
}
}

View File

@ -35,6 +35,7 @@ class zuul::web (
enable => true,
hasrestart => true,
require => [File['/etc/init.d/zuul-web'],
File['/etc/default/zuul-web'],
Class['zuul::systemd_reload']]
}
@ -78,6 +79,12 @@ class zuul::web (
require => Service['zuul-web'],
}
file { '/etc/default/zuul-web':
ensure => present,
mode => '0444',
content => "PIDFILE=/var/run/zuul/web.pid\n",
}
if !defined(Package['curl']) {
package { 'curl':
ensure => present
@ -97,10 +104,10 @@ class zuul::web (
# We are downloading this file at a location served by the vhost so that we
# can query it easily should the need arise.
# If the status.json is unavailable for download, no new files are created.
if $zuul::proxy_ssl_cert_file_contents != '' {
$status = "https://${zuul::vhost_name}/status"
if $ssl_cert_file_contents != '' {
$status = "https://${vhost_name}/status"
} else {
$status = "http://${zuul::vhost_name}/status"
$status = "http://${vhost_name}/status"
}
cron { 'zuul_scheduler_status_backup':
user => 'root',
@ -123,10 +130,59 @@ class zuul::web (
}
}
file { '/var/lib/zuul/www/static':
ensure => absent,
if $ssl_cert_file_contents == '' {
$use_ssl = false
} else {
$use_ssl = true
file { '/etc/ssl/certs':
ensure => directory,
owner => 'root',
group => 'root',
mode => '0755',
}
file { '/etc/ssl/private':
ensure => directory,
owner => 'root',
group => 'root',
mode => '0700',
}
file { "/etc/ssl/certs/${vhost_name}.pem":
ensure => present,
owner => 'root',
group => 'root',
mode => '0644',
content => $ssl_cert_file_contents,
require => File['/etc/ssl/certs'],
before => Httpd::Vhost[$vhost_name],
}
file { "/etc/ssl/private/${vhost_name}.key":
ensure => present,
owner => 'root',
group => 'root',
mode => '0600',
content => $ssl_key_file_contents,
require => File['/etc/ssl/private'],
before => Httpd::Vhost[$vhost_name],
}
if $ssl_chain_file_contents != '' {
file { "/etc/ssl/certs/${vhost_name}_intermediate.pem":
ensure => present,
owner => 'root',
group => 'root',
mode => '0644',
content => $ssl_chain_file_contents,
require => File['/etc/ssl/certs'],
before => Httpd::Vhost[$vhost_name],
}
}
}
$web_url = "http://${web_listen_address}:${web_listen_port}"
if ($tenant_name) {
$zuul_web_full_url = "${web_url}/${tenant_name}"
} else {
$zuul_web_full_url = $web_url
}
$zuul_web_root = '/opt/zuul-web'
$zuul_web_content_root = '/opt/zuul-web/content'
$zuul_web_src_root = '/opt/zuul-web/source'
@ -199,4 +255,41 @@ class zuul::web (
subscribe => Exec['unpack-zuul-web'],
}
::httpd::vhost { $vhost_name:
port => 80,
docroot => $zuul_web_content_root,
priority => '50',
ssl => false,
template => 'zuul/zuulv3.vhost.erb',
vhost_name => $vhost_name,
}
if $use_ssl {
::httpd::vhost { "${vhost_name}-ssl":
port => 443,
docroot => $zuul_web_content_root,
priority => '50',
ssl => true,
template => 'zuul/zuulv3.vhost.erb',
vhost_name => $vhost_name,
}
}
if ! defined(Httpd::Mod['rewrite']) {
httpd::mod { 'rewrite': ensure => present }
}
if ! defined(Httpd::Mod['proxy']) {
httpd::mod { 'proxy': ensure => present }
}
if ! defined(Httpd::Mod['proxy_http']) {
httpd::mod { 'proxy_http': ensure => present }
}
if ! defined(Httpd::Mod['cache']) {
httpd::mod { 'cache': ensure => present }
}
if !defined(Mod['proxy_wstunnel']) {
httpd::mod { 'proxy_wstunnel': ensure => present }
}
if ! defined(Httpd::Mod['cache_disk']) {
httpd::mod { 'cache_disk': ensure => present }
}
}

View File

@ -1,6 +1,4 @@
class { '::zuul':
proxy_ssl_cert_file_contents => file('/etc/ssl/certs/ssl-cert-snakeoil.pem'),
proxy_ssl_key_file_contents => file('/etc/ssl/private/ssl-cert-snakeoil.key'),
zuul_ssh_private_key => file('/tmp/zuul-ssh-keys/ssh_rsa_key'),
zuulv3 => true,
python_version => 3,
@ -14,7 +12,12 @@ class { '::zuul::scheduler':
class { '::zuul::merger': }
class { '::zuul::executor': }
class { '::zuul::web': }
class { '::zuul::web':
tenant_name => 'openstack',
ssl_cert_file_contents => file('/etc/ssl/certs/ssl-cert-snakeoil.pem'),
ssl_key_file_contents => file('/etc/ssl/private/ssl-cert-snakeoil.key'),
}
class { '::zuul::fingergw': }
class { '::zuul::known_hosts':

View File

@ -1,7 +1,17 @@
<VirtualHost *:80>
ServerName <%= @vhost_name %>
ServerAdmin <%= @serveradmin %>
DocumentRoot /var/lib/zuul/www
<Directory /var/lib/zuul/www>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order deny,allow
Allow from all
</IfVersion>
</Directory>
<Directory /usr/lib/git-core>
<IfVersion >= 2.4>
Require all granted
@ -26,16 +36,8 @@
RewriteRule ^/status.json - [F]
<% end -%>
<% unless @zuulv3 %>
RewriteRule ^/status.json$ <%= @zuul_status_url %>/status.json [P]
RewriteRule ^/status/(.*) <%= @zuul_status_url %>/status/$1 [P]
<% end %>
<% if @zuulv3 %>
RewriteRule ^/console-stream <%= @zuul_web_full_url.sub('http://', 'ws://') %>/console-stream [P]
RewriteRule ^/(.*)$ <%= @zuul_web_full_url %>/$1 [P]
RewriteRule ^/$ <%= @zuul_web_full_url %>/status.html [P]
<% end %>
AddOutputFilterByType DEFLATE application/json
@ -49,12 +51,8 @@
<IfModule mod_cache.c>
CacheDefaultExpire 5
<IfModule mod_mem_cache.c>
<% if @zuulv3 %>
CacheEnable mem /status
CacheEnable mem /status.json
<% else %>
CacheEnable mem /status.json
<% end %>
# 12MByte total cache size.
MCacheSize 12288
MCacheMaxObjectCount 10
@ -64,12 +62,8 @@
MCacheMaxStreamingBuffer 8388608
</IfModule>
<IfModule mod_cache_disk.c>
<% if @zuulv3 %>
CacheEnable disk /status
CacheEnable disk /status.json
<% else %>
CacheEnable disk /status.json
<% end %>
CacheRoot /var/cache/apache2/mod_cache_disk
</IfModule>
</IfModule>
@ -90,12 +84,22 @@
<% end %>
<Directory /var/lib/zuul/www>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order deny,allow
Allow from all
Satisfy Any
</IfVersion>
</Directory>
<Directory /usr/lib/git-core>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order deny,allow
Allow from all
Satisfy Any
</IfVersion>
</Directory>
ErrorLog ${APACHE_LOG_DIR}/<%= @vhost_name %>-error.log
@ -111,16 +115,9 @@
RewriteCond %{HTTP_REFERER} =<%= referer %>
RewriteRule ^/status.json - [F]
<% end -%>
<% unless @zuulv3 %>
RewriteRule ^/status.json$ <%= @zuul_status_url %>/status.json [P]
RewriteRule ^/status/(.*) <%= @zuul_status_url %>/status/$1 [P]
<% end %>
<% if @zuulv3 %>
RewriteRule ^/console-stream <%= @zuul_web_full_url.sub('http://', 'ws://') %>/console-stream [P]
RewriteRule ^/(.*)$ <%= @zuul_web_full_url %>/$1 [P]
RewriteRule ^/$ <%= @zuul_web_full_url %>/status.html [P]
<% end %>
AddOutputFilterByType DEFLATE application/json
@ -134,12 +131,8 @@
<IfModule mod_cache.c>
CacheDefaultExpire 5
<IfModule mod_mem_cache.c>
<% if @zuulv3 %>
CacheEnable mem /status
CacheEnable mem /status.json
<% else %>
CacheEnable mem /status.json
<% end %>
# 12MByte total cache size.
MCacheSize 12288
MCacheMaxObjectCount 10
@ -149,12 +142,8 @@
MCacheMaxStreamingBuffer 8388608
</IfModule>
<IfModule mod_cache_disk.c>
<% if @zuulv3 %>
CacheEnable disk /status
CacheEnable disk /status.json
<% else %>
CacheEnable disk /status.json
<% end %>
CacheRoot /var/cache/apache2/mod_cache_disk
</IfModule>
</IfModule>

View File

@ -0,0 +1,68 @@
<% if @ssl -%>
<IfModule mod_ssl.c>
<% end -%>
<VirtualHost *:<%= @port %>>
<% if @ssl -%>
SSLEngine on
SSLProtocol All -SSLv2 -SSLv3
SSLCertificateFile /etc/ssl/certs/<%= @vhost_name %>.pem
SSLCertificateKeyFile /etc/ssl/private/<%= @vhost_name %>.key
<% if @ssl_chain_file_contents != '' -%>
SSLCertificateChainFile /etc/ssl/certs/<%= @vhost_name %>_intermediate.pem
<% end -%>
<% end -%>
ServerName <%= @vhost_name %>
ServerAdmin <%= @serveradmin %>
DocumentRoot <%= @docroot %>
<Directory <%= @docroot %>>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order deny,allow
Allow from all
</IfVersion>
</Directory>
ErrorLog ${APACHE_LOG_DIR}/<%= @vhost_name %>-error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/<%= @vhost_name %>-access.log combined
RewriteEngine on
<% @block_referers.each do |referer| -%>
RewriteCond %{HTTP_REFERER} =<%= referer %>
RewriteRule ^/status - [F]
<% end -%>
RewriteRule ^/console-stream <%= @zuul_web_full_url.sub('http://', 'ws://') %>/console-stream [P]
RewriteRule ^/(.*)$ <%= @zuul_web_full_url %>/$1 [P]
RewriteRule ^/$ <%= @zuul_web_full_url %>/status.html [P]
AddOutputFilterByType DEFLATE application/json
<IfModule mod_cache.c>
CacheDefaultExpire 5
<IfModule mod_mem_cache.c>
CacheEnable mem /status
# 12MByte total cache size.
MCacheSize 12288
MCacheMaxObjectCount 10
MCacheMinObjectSize 1
# 8MByte max size per cache entry
MCacheMaxObjectSize 8388608
MCacheMaxStreamingBuffer 8388608
</IfModule>
<IfModule mod_cache_disk.c>
CacheEnable disk /status
CacheRoot /var/cache/apache2/mod_cache_disk
</IfModule>
</IfModule>
</VirtualHost>
<% if @ssl -%>
</IfModule>
<% end -%>