Split v2 and v3 web config
In v3, we need to be able to use some variables from zuul/web.pp in the vhost template, but the vhost is created in ::zuul because of how v2 worked. Split the config, and split where we're defining it so that in the next patch we can make use of variables from zuul/web.pp. Change-Id: I3e1c72bb773be050854f5563d09f6c19af8bc6dc Depends-On: https://review.openstack.org/557085
This commit is contained in:
parent
ad7b7953d0
commit
fa66845b5b
@ -105,12 +105,6 @@ class zuul (
|
||||
$pip_command = 'pip'
|
||||
}
|
||||
|
||||
if ($zuul_tenant_name) {
|
||||
$zuul_web_full_url = "${zuul_web_url}/${zuul_tenant_name}"
|
||||
} else {
|
||||
$zuul_web_full_url = $zuul_web_url
|
||||
}
|
||||
|
||||
$packages = [
|
||||
'libffi-dev',
|
||||
'libssl-dev',
|
||||
@ -513,12 +507,6 @@ class zuul (
|
||||
mode => '0444',
|
||||
content => "PIDFILE=/var/run/zuul/merger.pid\n",
|
||||
}
|
||||
|
||||
file { '/etc/default/zuul-web':
|
||||
ensure => present,
|
||||
mode => '0444',
|
||||
content => "PIDFILE=/var/run/zuul/web.pid\n",
|
||||
}
|
||||
}
|
||||
|
||||
file { '/etc/init.d/zuul':
|
||||
@ -566,6 +554,7 @@ class zuul (
|
||||
notify => Class['zuul::systemd_reload'],
|
||||
}
|
||||
|
||||
if ! $zuulv3 {
|
||||
if $proxy_ssl_cert_file_contents == '' {
|
||||
$ssl = false
|
||||
} else {
|
||||
@ -612,6 +601,7 @@ class zuul (
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if $site_variables_yaml_file != undef {
|
||||
file { '/etc/zuul/site-variables.yaml':
|
||||
@ -625,6 +615,7 @@ class zuul (
|
||||
}
|
||||
}
|
||||
|
||||
if ! $zuulv3 {
|
||||
::httpd::vhost { $vhost_name:
|
||||
port => 443, # Is required despite not being used.
|
||||
docroot => 'MEANINGLESS ARGUMENT',
|
||||
@ -648,9 +639,6 @@ class zuul (
|
||||
if ! defined(Httpd::Mod['cgid']) {
|
||||
httpd::mod { 'cgid': ensure => present }
|
||||
}
|
||||
if !defined(Mod['proxy_wstunnel']) {
|
||||
httpd::mod { 'proxy_wstunnel': ensure => present }
|
||||
}
|
||||
|
||||
case $::lsbdistcodename {
|
||||
'precise': {
|
||||
@ -667,5 +655,5 @@ class zuul (
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
|
103
manifests/web.pp
103
manifests/web.pp
@ -35,6 +35,7 @@ class zuul::web (
|
||||
enable => true,
|
||||
hasrestart => true,
|
||||
require => [File['/etc/init.d/zuul-web'],
|
||||
File['/etc/default/zuul-web'],
|
||||
Class['zuul::systemd_reload']]
|
||||
}
|
||||
|
||||
@ -78,6 +79,12 @@ class zuul::web (
|
||||
require => Service['zuul-web'],
|
||||
}
|
||||
|
||||
file { '/etc/default/zuul-web':
|
||||
ensure => present,
|
||||
mode => '0444',
|
||||
content => "PIDFILE=/var/run/zuul/web.pid\n",
|
||||
}
|
||||
|
||||
if !defined(Package['curl']) {
|
||||
package { 'curl':
|
||||
ensure => present
|
||||
@ -97,10 +104,10 @@ class zuul::web (
|
||||
# We are downloading this file at a location served by the vhost so that we
|
||||
# can query it easily should the need arise.
|
||||
# If the status.json is unavailable for download, no new files are created.
|
||||
if $zuul::proxy_ssl_cert_file_contents != '' {
|
||||
$status = "https://${zuul::vhost_name}/status"
|
||||
if $ssl_cert_file_contents != '' {
|
||||
$status = "https://${vhost_name}/status"
|
||||
} else {
|
||||
$status = "http://${zuul::vhost_name}/status"
|
||||
$status = "http://${vhost_name}/status"
|
||||
}
|
||||
cron { 'zuul_scheduler_status_backup':
|
||||
user => 'root',
|
||||
@ -123,10 +130,59 @@ class zuul::web (
|
||||
}
|
||||
}
|
||||
|
||||
file { '/var/lib/zuul/www/static':
|
||||
ensure => absent,
|
||||
if $ssl_cert_file_contents == '' {
|
||||
$use_ssl = false
|
||||
} else {
|
||||
$use_ssl = true
|
||||
file { '/etc/ssl/certs':
|
||||
ensure => directory,
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0755',
|
||||
}
|
||||
file { '/etc/ssl/private':
|
||||
ensure => directory,
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0700',
|
||||
}
|
||||
file { "/etc/ssl/certs/${vhost_name}.pem":
|
||||
ensure => present,
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0644',
|
||||
content => $ssl_cert_file_contents,
|
||||
require => File['/etc/ssl/certs'],
|
||||
before => Httpd::Vhost[$vhost_name],
|
||||
}
|
||||
file { "/etc/ssl/private/${vhost_name}.key":
|
||||
ensure => present,
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0600',
|
||||
content => $ssl_key_file_contents,
|
||||
require => File['/etc/ssl/private'],
|
||||
before => Httpd::Vhost[$vhost_name],
|
||||
}
|
||||
if $ssl_chain_file_contents != '' {
|
||||
file { "/etc/ssl/certs/${vhost_name}_intermediate.pem":
|
||||
ensure => present,
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0644',
|
||||
content => $ssl_chain_file_contents,
|
||||
require => File['/etc/ssl/certs'],
|
||||
before => Httpd::Vhost[$vhost_name],
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
$web_url = "http://${web_listen_address}:${web_listen_port}"
|
||||
if ($tenant_name) {
|
||||
$zuul_web_full_url = "${web_url}/${tenant_name}"
|
||||
} else {
|
||||
$zuul_web_full_url = $web_url
|
||||
}
|
||||
$zuul_web_root = '/opt/zuul-web'
|
||||
$zuul_web_content_root = '/opt/zuul-web/content'
|
||||
$zuul_web_src_root = '/opt/zuul-web/source'
|
||||
@ -199,4 +255,41 @@ class zuul::web (
|
||||
subscribe => Exec['unpack-zuul-web'],
|
||||
}
|
||||
|
||||
::httpd::vhost { $vhost_name:
|
||||
port => 80,
|
||||
docroot => $zuul_web_content_root,
|
||||
priority => '50',
|
||||
ssl => false,
|
||||
template => 'zuul/zuulv3.vhost.erb',
|
||||
vhost_name => $vhost_name,
|
||||
}
|
||||
if $use_ssl {
|
||||
::httpd::vhost { "${vhost_name}-ssl":
|
||||
port => 443,
|
||||
docroot => $zuul_web_content_root,
|
||||
priority => '50',
|
||||
ssl => true,
|
||||
template => 'zuul/zuulv3.vhost.erb',
|
||||
vhost_name => $vhost_name,
|
||||
}
|
||||
}
|
||||
if ! defined(Httpd::Mod['rewrite']) {
|
||||
httpd::mod { 'rewrite': ensure => present }
|
||||
}
|
||||
if ! defined(Httpd::Mod['proxy']) {
|
||||
httpd::mod { 'proxy': ensure => present }
|
||||
}
|
||||
if ! defined(Httpd::Mod['proxy_http']) {
|
||||
httpd::mod { 'proxy_http': ensure => present }
|
||||
}
|
||||
if ! defined(Httpd::Mod['cache']) {
|
||||
httpd::mod { 'cache': ensure => present }
|
||||
}
|
||||
if !defined(Mod['proxy_wstunnel']) {
|
||||
httpd::mod { 'proxy_wstunnel': ensure => present }
|
||||
}
|
||||
if ! defined(Httpd::Mod['cache_disk']) {
|
||||
httpd::mod { 'cache_disk': ensure => present }
|
||||
}
|
||||
|
||||
}
|
||||
|
@ -1,6 +1,4 @@
|
||||
class { '::zuul':
|
||||
proxy_ssl_cert_file_contents => file('/etc/ssl/certs/ssl-cert-snakeoil.pem'),
|
||||
proxy_ssl_key_file_contents => file('/etc/ssl/private/ssl-cert-snakeoil.key'),
|
||||
zuul_ssh_private_key => file('/tmp/zuul-ssh-keys/ssh_rsa_key'),
|
||||
zuulv3 => true,
|
||||
python_version => 3,
|
||||
@ -14,7 +12,12 @@ class { '::zuul::scheduler':
|
||||
|
||||
class { '::zuul::merger': }
|
||||
class { '::zuul::executor': }
|
||||
class { '::zuul::web': }
|
||||
class { '::zuul::web':
|
||||
tenant_name => 'openstack',
|
||||
ssl_cert_file_contents => file('/etc/ssl/certs/ssl-cert-snakeoil.pem'),
|
||||
ssl_key_file_contents => file('/etc/ssl/private/ssl-cert-snakeoil.key'),
|
||||
}
|
||||
|
||||
class { '::zuul::fingergw': }
|
||||
|
||||
class { '::zuul::known_hosts':
|
||||
|
@ -1,7 +1,17 @@
|
||||
<VirtualHost *:80>
|
||||
ServerName <%= @vhost_name %>
|
||||
ServerAdmin <%= @serveradmin %>
|
||||
DocumentRoot /var/lib/zuul/www
|
||||
|
||||
<Directory /var/lib/zuul/www>
|
||||
<IfVersion >= 2.4>
|
||||
Require all granted
|
||||
</IfVersion>
|
||||
<IfVersion < 2.4>
|
||||
Order deny,allow
|
||||
Allow from all
|
||||
</IfVersion>
|
||||
</Directory>
|
||||
<Directory /usr/lib/git-core>
|
||||
<IfVersion >= 2.4>
|
||||
Require all granted
|
||||
@ -26,16 +36,8 @@
|
||||
RewriteRule ^/status.json - [F]
|
||||
<% end -%>
|
||||
|
||||
<% unless @zuulv3 %>
|
||||
RewriteRule ^/status.json$ <%= @zuul_status_url %>/status.json [P]
|
||||
RewriteRule ^/status/(.*) <%= @zuul_status_url %>/status/$1 [P]
|
||||
<% end %>
|
||||
|
||||
<% if @zuulv3 %>
|
||||
RewriteRule ^/console-stream <%= @zuul_web_full_url.sub('http://', 'ws://') %>/console-stream [P]
|
||||
RewriteRule ^/(.*)$ <%= @zuul_web_full_url %>/$1 [P]
|
||||
RewriteRule ^/$ <%= @zuul_web_full_url %>/status.html [P]
|
||||
<% end %>
|
||||
|
||||
AddOutputFilterByType DEFLATE application/json
|
||||
|
||||
@ -49,12 +51,8 @@
|
||||
<IfModule mod_cache.c>
|
||||
CacheDefaultExpire 5
|
||||
<IfModule mod_mem_cache.c>
|
||||
<% if @zuulv3 %>
|
||||
CacheEnable mem /status
|
||||
CacheEnable mem /status.json
|
||||
<% else %>
|
||||
CacheEnable mem /status.json
|
||||
<% end %>
|
||||
# 12MByte total cache size.
|
||||
MCacheSize 12288
|
||||
MCacheMaxObjectCount 10
|
||||
@ -64,12 +62,8 @@
|
||||
MCacheMaxStreamingBuffer 8388608
|
||||
</IfModule>
|
||||
<IfModule mod_cache_disk.c>
|
||||
<% if @zuulv3 %>
|
||||
CacheEnable disk /status
|
||||
CacheEnable disk /status.json
|
||||
<% else %>
|
||||
CacheEnable disk /status.json
|
||||
<% end %>
|
||||
CacheRoot /var/cache/apache2/mod_cache_disk
|
||||
</IfModule>
|
||||
</IfModule>
|
||||
@ -90,12 +84,22 @@
|
||||
<% end %>
|
||||
|
||||
<Directory /var/lib/zuul/www>
|
||||
<IfVersion >= 2.4>
|
||||
Require all granted
|
||||
</IfVersion>
|
||||
<IfVersion < 2.4>
|
||||
Order deny,allow
|
||||
Allow from all
|
||||
Satisfy Any
|
||||
</IfVersion>
|
||||
</Directory>
|
||||
<Directory /usr/lib/git-core>
|
||||
<IfVersion >= 2.4>
|
||||
Require all granted
|
||||
</IfVersion>
|
||||
<IfVersion < 2.4>
|
||||
Order deny,allow
|
||||
Allow from all
|
||||
Satisfy Any
|
||||
</IfVersion>
|
||||
</Directory>
|
||||
|
||||
ErrorLog ${APACHE_LOG_DIR}/<%= @vhost_name %>-error.log
|
||||
@ -111,16 +115,9 @@
|
||||
RewriteCond %{HTTP_REFERER} =<%= referer %>
|
||||
RewriteRule ^/status.json - [F]
|
||||
<% end -%>
|
||||
<% unless @zuulv3 %>
|
||||
|
||||
RewriteRule ^/status.json$ <%= @zuul_status_url %>/status.json [P]
|
||||
RewriteRule ^/status/(.*) <%= @zuul_status_url %>/status/$1 [P]
|
||||
<% end %>
|
||||
|
||||
<% if @zuulv3 %>
|
||||
RewriteRule ^/console-stream <%= @zuul_web_full_url.sub('http://', 'ws://') %>/console-stream [P]
|
||||
RewriteRule ^/(.*)$ <%= @zuul_web_full_url %>/$1 [P]
|
||||
RewriteRule ^/$ <%= @zuul_web_full_url %>/status.html [P]
|
||||
<% end %>
|
||||
|
||||
AddOutputFilterByType DEFLATE application/json
|
||||
|
||||
@ -134,12 +131,8 @@
|
||||
<IfModule mod_cache.c>
|
||||
CacheDefaultExpire 5
|
||||
<IfModule mod_mem_cache.c>
|
||||
<% if @zuulv3 %>
|
||||
CacheEnable mem /status
|
||||
CacheEnable mem /status.json
|
||||
<% else %>
|
||||
CacheEnable mem /status.json
|
||||
<% end %>
|
||||
# 12MByte total cache size.
|
||||
MCacheSize 12288
|
||||
MCacheMaxObjectCount 10
|
||||
@ -149,12 +142,8 @@
|
||||
MCacheMaxStreamingBuffer 8388608
|
||||
</IfModule>
|
||||
<IfModule mod_cache_disk.c>
|
||||
<% if @zuulv3 %>
|
||||
CacheEnable disk /status
|
||||
CacheEnable disk /status.json
|
||||
<% else %>
|
||||
CacheEnable disk /status.json
|
||||
<% end %>
|
||||
CacheRoot /var/cache/apache2/mod_cache_disk
|
||||
</IfModule>
|
||||
</IfModule>
|
||||
|
68
templates/zuulv3.vhost.erb
Normal file
68
templates/zuulv3.vhost.erb
Normal file
@ -0,0 +1,68 @@
|
||||
<% if @ssl -%>
|
||||
<IfModule mod_ssl.c>
|
||||
<% end -%>
|
||||
<VirtualHost *:<%= @port %>>
|
||||
|
||||
<% if @ssl -%>
|
||||
SSLEngine on
|
||||
SSLProtocol All -SSLv2 -SSLv3
|
||||
SSLCertificateFile /etc/ssl/certs/<%= @vhost_name %>.pem
|
||||
SSLCertificateKeyFile /etc/ssl/private/<%= @vhost_name %>.key
|
||||
<% if @ssl_chain_file_contents != '' -%>
|
||||
SSLCertificateChainFile /etc/ssl/certs/<%= @vhost_name %>_intermediate.pem
|
||||
<% end -%>
|
||||
<% end -%>
|
||||
|
||||
ServerName <%= @vhost_name %>
|
||||
ServerAdmin <%= @serveradmin %>
|
||||
|
||||
DocumentRoot <%= @docroot %>
|
||||
<Directory <%= @docroot %>>
|
||||
<IfVersion >= 2.4>
|
||||
Require all granted
|
||||
</IfVersion>
|
||||
<IfVersion < 2.4>
|
||||
Order deny,allow
|
||||
Allow from all
|
||||
</IfVersion>
|
||||
</Directory>
|
||||
|
||||
ErrorLog ${APACHE_LOG_DIR}/<%= @vhost_name %>-error.log
|
||||
|
||||
LogLevel warn
|
||||
|
||||
CustomLog ${APACHE_LOG_DIR}/<%= @vhost_name %>-access.log combined
|
||||
|
||||
RewriteEngine on
|
||||
<% @block_referers.each do |referer| -%>
|
||||
RewriteCond %{HTTP_REFERER} =<%= referer %>
|
||||
RewriteRule ^/status - [F]
|
||||
<% end -%>
|
||||
|
||||
RewriteRule ^/console-stream <%= @zuul_web_full_url.sub('http://', 'ws://') %>/console-stream [P]
|
||||
RewriteRule ^/(.*)$ <%= @zuul_web_full_url %>/$1 [P]
|
||||
RewriteRule ^/$ <%= @zuul_web_full_url %>/status.html [P]
|
||||
|
||||
AddOutputFilterByType DEFLATE application/json
|
||||
|
||||
<IfModule mod_cache.c>
|
||||
CacheDefaultExpire 5
|
||||
<IfModule mod_mem_cache.c>
|
||||
CacheEnable mem /status
|
||||
# 12MByte total cache size.
|
||||
MCacheSize 12288
|
||||
MCacheMaxObjectCount 10
|
||||
MCacheMinObjectSize 1
|
||||
# 8MByte max size per cache entry
|
||||
MCacheMaxObjectSize 8388608
|
||||
MCacheMaxStreamingBuffer 8388608
|
||||
</IfModule>
|
||||
<IfModule mod_cache_disk.c>
|
||||
CacheEnable disk /status
|
||||
CacheRoot /var/cache/apache2/mod_cache_disk
|
||||
</IfModule>
|
||||
</IfModule>
|
||||
</VirtualHost>
|
||||
<% if @ssl -%>
|
||||
</IfModule>
|
||||
<% end -%>
|
Loading…
Reference in New Issue
Block a user