diff --git a/README.md b/README.md index 4ec5a24..14f08ad 100644 --- a/README.md +++ b/README.md @@ -58,14 +58,14 @@ Attributes * `openstack['dashboard']['ssl_offload']` - Set SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTOCOL', 'https') flag for offloading SSL * `openstack['dashboard']['plugins']` - Array of plugins to include via INSTALED\_APPS * `openstack['dashboard']['simple_ip_management']` - Boolean to enable or disable simplified floating IP address management -* `openstack['dashboard']['http_port']` - Port that httpd should listen on (default: 80) -* `openstack['dashboard']['https_port']` - Port that httpd should listen on for using ssl (default: 443) * `openstack['dashboard']['password_autocomplete']` - Toggle browser autocompletion for login form ('on' or 'off', default: 'off') * `openstack['dashboard']['ssl_no_verify']` - Disable SSL certificate checks (useful for self-signed certificates) * `openstack['dashboard']['ssl_cacert']` - The CA certificate to use to verify SSL connections * `openstack['dashboard']['misc_local_settings']` - Additions to the local_settings conf file * `openstack['dashboard']['hash_algorithm']` - Hash algorithm to use for hashing PKI tokens +For listen addresses and ports, there are http and https bind endpoints defined in Common. + Identity -------- * `openstack['dashboard']['identity_api_version']` - Force a specific Identity API version ('2.0' or '3', default: '2.0') @@ -130,11 +130,12 @@ License and Author | **Author** | Ionut Artarisi () | | **Author** | Eric Zhou () | | **Author** | Jens Rosenboom () | +| **Author** | Mark Vanderwiel () | | | | | **Copyright** | Copyright (c) 2012, Rackspace US, Inc. | | **Copyright** | Copyright (c) 2012-2013, AT&T Services, Inc. | | **Copyright** | Copyright (c) 2013, Opscode, Inc. | -| **Copyright** | Copyright (c) 2013-2014, IBM, Corp. | +| **Copyright** | Copyright (c) 2013-2015, IBM, Corp. | | **Copyright** | Copyright (c) 2013-2014, SUSE Linux GmbH. | | **Copyright** | Copyright (c) 2014, x-ion GmbH. | diff --git a/attributes/default.rb b/attributes/default.rb index d4cb82f..9c1941c 100644 --- a/attributes/default.rb +++ b/attributes/default.rb @@ -67,9 +67,6 @@ default['openstack']['dashboard']['apache']['sites-path'] = "#{node['apache']['d # Set to one of: On | Off | extended default['openstack']['dashboard']['traceenable'] = node['apache']['traceenable'] -default['openstack']['dashboard']['http_port'] = 80 -default['openstack']['dashboard']['https_port'] = 443 - default['openstack']['dashboard']['secret_key_content'] = nil default['openstack']['dashboard']['ssl_no_verify'] = 'True' diff --git a/metadata.rb b/metadata.rb index e559703..34da834 100644 --- a/metadata.rb +++ b/metadata.rb @@ -15,4 +15,4 @@ recipe 'openstack-dashboard::server', 'Sets up the Horizon dashboard a end depends 'apache2', '~> 3.0.0' -depends 'openstack-common', '>= 11.0.0' +depends 'openstack-common', '>= 11.1.0' diff --git a/recipes/apache2-server.rb b/recipes/apache2-server.rb index c8c8f6f..d5e8aae 100644 --- a/recipes/apache2-server.rb +++ b/recipes/apache2-server.rb @@ -41,6 +41,17 @@ execute 'set-selinux-permissive' do only_if "[ ! -e /etc/httpd/conf/httpd.conf ] && [ -e /etc/redhat-release ] && [ $(/sbin/sestatus | grep -c '^Current mode:.*enforcing') -eq 1 ]" end +http_bind = endpoint 'dashboard-http-bind' +https_bind = endpoint 'dashboard-https-bind' + +# This allow the apache2/templates/default/ports.conf.erb to setup the correct listeners. +listen_addresses = [http_bind.host] +listen_addresses += [https_bind.host] if node['openstack']['dashboard']['use_ssl'] +listen_ports = [http_bind.port] +listen_ports += [https_bind.port] if node['openstack']['dashboard']['use_ssl'] +node.set['apache']['listen_addresses'] = listen_addresses +node.set['apache']['listen_ports'] = listen_ports + include_recipe 'apache2' include_recipe 'apache2::mod_wsgi' include_recipe 'apache2::mod_rewrite' @@ -156,7 +167,11 @@ template node['openstack']['dashboard']['apache']['sites-path'] do variables( ssl_cert_file: "#{node["openstack"]["dashboard"]["ssl"]["dir"]}/certs/#{node["openstack"]["dashboard"]["ssl"]["cert"]}", - ssl_key_file: "#{node["openstack"]["dashboard"]["ssl"]["dir"]}/private/#{node["openstack"]["dashboard"]["ssl"]["key"]}" + ssl_key_file: "#{node["openstack"]["dashboard"]["ssl"]["dir"]}/private/#{node["openstack"]["dashboard"]["ssl"]["key"]}", + http_bind_address: http_bind.host, + http_bind_port: http_bind.port.to_i, + https_bind_address: https_bind.host, + https_bind_port: https_bind.port.to_i ) notifies :run, 'execute[restore-selinux-context]', :immediately diff --git a/spec/apache2-server_spec.rb b/spec/apache2-server_spec.rb index 12ef8fe..366f2a5 100644 --- a/spec/apache2-server_spec.rb +++ b/spec/apache2-server_spec.rb @@ -2,24 +2,18 @@ require_relative 'spec_helper' shared_examples 'virtualhost port configurator' do |port_attribute_name, port_attribute_value| - let(:virtualhost_directive) { "" } + let(:virtualhost_directive) { "" } before do - node.set['openstack']['dashboard'][port_attribute_name] = port_attribute_value + node.set['openstack']['endpoints'][port_attribute_name]['port'] = port_attribute_value end - it "sets Listen and NameVirtualHost directives when apache's listen_ports does not include #{port_attribute_value}" do - node.set['apache']['listen_ports'] = [port_attribute_value.to_i + 1] - %w(Listen NameVirtualHost).each do |directive| - expect(chef_run).to render_file(file.name).with_content(/^#{directive} \*:#{port_attribute_value}$/) - end + it 'does not set NameVirtualHost directives when apache 2.4' do + expect(chef_run).not_to render_file(file.name).with_content(/^NameVirtualHost/) end - it "does not set Listen and NameVirtualHost directives when apache's listen_ports include #{port_attribute_value}" do - node.set['apache']['listen_ports'] = [port_attribute_value] - chef_run.converge(described_recipe) - %w(Listen NameVirtualHost).each do |directive| - expect(chef_run).not_to render_file(file.name).with_content(/^#{directive} \*:#{port_attribute_value}$/) - end + it 'sets NameVirtualHost directives when apache 2.2' do + node.set['apache']['version'] = '2.2' + expect(chef_run).to render_file(file.name).with_content(/^NameVirtualHost 127.0.0.1:#{port_attribute_value}$/) end it 'sets the VirtualHost directive' do @@ -152,38 +146,38 @@ describe 'openstack-dashboard::apache2-server' do expect(chef_run).to render_file(file.name).with_content(/^custom_template_banner_value$/) end - it_should_behave_like 'virtualhost port configurator', 'http_port', 8080 + it_should_behave_like 'virtualhost port configurator', 'dashboard-http-bind', 8080 context 'with use_ssl enabled' do before do node.set['openstack']['dashboard']['use_ssl'] = true end - it_should_behave_like 'virtualhost port configurator', 'https_port', 4433 + it_should_behave_like 'virtualhost port configurator', 'dashboard-https-bind', 4433 it 'shows rewrite ssl directive' do expect(chef_run).to render_file(file.name).with_content(rewrite_ssl_directive) end context 'rewrite rule' do - it 'shows the default rewrite rule when http_port is 80 and https_port is 443' do - node.set['openstack']['dashboard']['http_port'] = 80 - node.set['openstack']['dashboard']['https_port'] = 443 + it 'shows the default SSL rewrite rule when http_port is 80 and https_port is 443' do + node.set['openstack']['endpoints']['dashboard-http-bind']['port'] = 80 + node.set['openstack']['endpoints']['dashboard-https-bind']['port'] = 443 expect(chef_run).to render_file(file.name).with_content(default_rewrite_rule) end - it 'shows the parameterized rewrite rule when http_port is different from 80' do + it 'shows the parameterized SSL rewrite rule when http_port is different from 80' do https_port_value = 443 - node.set['openstack']['dashboard']['http_port'] = 81 - node.set['openstack']['dashboard']['https_port'] = https_port_value + node.set['openstack']['endpoints']['dashboard-http-bind']['port'] = 81 + node.set['openstack']['endpoints']['dashboard-https-bind']['port'] = https_port_value expect(chef_run).to render_file(file.name) .with_content(%r(^\s*RewriteRule \^\(\.\*\)\$ https://%\{SERVER_NAME\}:#{https_port_value}%\{REQUEST_URI\} \[L,R\]$)) end - it 'shows the parameterized rewrite rule when https_port is different from 443' do + it 'shows the parameterized SSL rewrite rule when https_port is different from 443' do https_port_value = 444 - node.set['openstack']['dashboard']['http_port'] = 80 - node.set['openstack']['dashboard']['https_port'] = https_port_value + node.set['openstack']['endpoints']['dashboard-http-bind']['port'] = 80 + node.set['openstack']['endpoints']['dashboard-https-bind']['port'] = https_port_value expect(chef_run).to render_file(file.name) .with_content(%r(^\s*RewriteRule \^\(\.\*\)\$ https://%\{SERVER_NAME\}:#{https_port_value}%\{REQUEST_URI\} \[L,R\]$)) end @@ -223,8 +217,8 @@ describe 'openstack-dashboard::apache2-server' do end it 'does not show the default rewrite rule' do - node.set['openstack']['dashboard']['http_port'] = 80 - node.set['openstack']['dashboard']['https_port'] = 443 + node.set['openstack']['endpoints']['dashboard-http-bind']['port'] = 80 + node.set['openstack']['endpoints']['dashboard-https-bind']['port'] = 443 expect(chef_run).not_to render_file(file.name).with_content(default_rewrite_rule) end diff --git a/templates/default/dash-site.erb b/templates/default/dash-site.erb index fb0ae82..b3f2fd6 100644 --- a/templates/default/dash-site.erb +++ b/templates/default/dash-site.erb @@ -1,32 +1,32 @@ <%= node["openstack"]["dashboard"]["custom_template_banner"] %> -<% unless node['apache']['listen_ports'].map(&:to_i).uniq.include?(node['openstack']['dashboard']['http_port'].to_i) %> -Listen *:<%= node['openstack']['dashboard']['http_port'].to_i%> -NameVirtualHost *:<%= node['openstack']['dashboard']['http_port'].to_i%> +<% if node['apache']['version'] != '2.4' -%> +NameVirtualHost <%= @http_bind_address %>:<%= @http_bind_port %> <% end -%> -> + +:<%= @http_bind_port %>> <% if node["openstack"]["dashboard"]["server_hostname"] -%> ServerName <%= node["openstack"]["dashboard"]["server_hostname"] %> <% end -%> <% if node["openstack"]["dashboard"]["use_ssl"] %> RewriteEngine On RewriteCond %{HTTPS} off -<% if node['openstack']['dashboard']['http_port'].to_i != 80 or node['openstack']['dashboard']['https_port'].to_i != 443 %> - RewriteRule ^(.*)$ https://%{SERVER_NAME}:<%= node['openstack']['dashboard']['https_port'] %>%{REQUEST_URI} [L,R] -<% else -%> + <% if @http_bind_port != 80 or @https_bind_port != 443 %> + RewriteRule ^(.*)$ https://%{SERVER_NAME}:<%= @https_bind_port %>%{REQUEST_URI} [L,R] + <% else -%> RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R] -<% end -%> + <% end -%> TraceEnable <%= node['openstack']['dashboard']['traceenable'] %> -<% unless node['apache']['listen_ports'].map(&:to_i).uniq.include?(node['openstack']['dashboard']['https_port'].to_i) %> -Listen *:<%= node['openstack']['dashboard']['https_port'].to_i%> -NameVirtualHost *:<%= node['openstack']['dashboard']['https_port'].to_i%> -<% end -%> -> -<% if node["openstack"]["dashboard"]["server_hostname"] -%> + <% if node['apache']['version'] != '2.4' -%> +NameVirtualHost <%= @https_bind_address %>:<%= @https_bind_port %> + <% end -%> + +:<%= @https_bind_port %>> + <% if node["openstack"]["dashboard"]["server_hostname"] -%> ServerName <%= node["openstack"]["dashboard"]["server_hostname"] %> -<% end -%> + <% end -%> <% end %> ServerAdmin <%= node["apache"]["contact"] %> WSGIScriptAlias <%= node["openstack"]["dashboard"]["webroot"] %> <%= node["openstack"]["dashboard"]["wsgi_path"] %>