(FUEL-450) Horizon https support

This commit is contained in:
Michael Polenchuk 2013-02-21 11:13:01 +04:00
parent 6c45bd072d
commit 3f9ec1c5ab
13 changed files with 532 additions and 86 deletions

View File

@ -3,3 +3,4 @@ pkg/
.DS_Store
metadata.json
coverage/
.project

View File

@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCkwgscebSTSLwU
TunIz7UI3JzQTSmsbhW28euCPHpPV20vNOxMsxSNMCCmuLRxpz4P2nxdD5OE5hNC
x40ih3BEgcfvGO7lGoNSWaj0wx0gRqtNjl1HoNGfZlMhM1Hw6csnp+IHNcXChYzn
qTQO8AfIbtkwIClxPvC2FLngiFfcBK2vcwh6cE+0RHdwU3+XS7ZENhoJP0XvtXTB
OlGM+G0td/1y8zOkAzqhVk6g7TByRL2AaPrgHUlRVVmnFI5HjVMVmSbSF3o0NadT
NfJiMpozzUMLzmPvjLgUh+Yua7x2yCTgst4VjhqdEATfWMNPpNz10xPQ6sA0fJmh
PD7ES2glAgMBAAECggEASGZYuZ+lwV8h/w6aXzsfA5DmfAacfIA3nJf8dNOcr8bs
XOU1vZKoQk7W2kyqRpNGi3LoWYChw7HS3vKPy4+WvxQExsW/HQAkmwh5XW1sHCXR
2xfnV7WMyC4P87P4mxQxyPBWO/LeP1eujpJlJPdHhEVpvWM0suYEow7Ci69+ZFkZ
Ks2ocAfy22QngHNel7cpP9sjuAOnKKjtqhSweX00el2usuhXru/dUIja5zzAaEFo
MH+HWzaPtv0kIJsCZHquzP6RaedyNjZt/SlUQAzuDELFZkDpzN0itoOFRHMyVYtG
ihKuJQmJjvz34P2YmoMKhDTB1EvmtmI6RpOiKGf49QKBgQDZeKHq/ESC7h7R9Tm6
eG94l8q79OzDRgzdkxK4x3NTmEZos7TY9bkq0ZTo77DilqH0tI/lf5hGkQDYPQLL
2+HlPoNkBYT82ejX5AXLDQdTTSLjE/ACQS/7aueNjfRmKaiiA5CQDKudIzVff2LO
H+ycdYGwdcw3UW2OWi1spIuKbwKBgQDB8pyRqyWhvQbR0t1nMAlTxZuhd47ZRrra
3xdMRQC0Wz5ar7tHGrS62puPmF3dL/OZ2nAKiNUzai1iFQi6YWJZNhJaTWnbKdkk
ay9k944o1gkTE5LSqi9VrzKjPjWxOy3kppjJeP09x7yOp4hJVKF+z/Qs+Ko4MDMj
IQfc6AEQqwKBgFJ4OccYFY8laBCtE1BQnc04mww+LI89AGIChSYHlQeNhp3sEFf6
j1balcLkKssy3oYi9zLL+V5BXPWj5WyTnQ3HcCI9KZqNtIwyj7PZ4/5GEUXV6L2i
JOUOPHNk8trPT4DpIyhNdcMod/QYJcsPNjZ7JUxaz6/mtEo4jmNV3wkHAoGBALY/
Ew7ywu7joBfkzHWdNvaIFsE4hnv3MbhfsBXUNWBE6SfwP8wF9VQr/ceGRpWE7KRj
Fatgfu7MVA75cvUoc3EfFUnTuqfeABRvv95hnS0USvypBOt+TfJ3Kd8pouyCjpJw
VdvkHBtEqBNoq/E0XHi8Ulc75z/bUwIslKXpQK73AoGAZ3t8bDYkN56pZnJvTqaP
ufy1LxEmYyxVp+qLYaGOr0VA09Zl21hDZMQTBFvPe9aLkd0RSCBE73iusDGe0AWd
XBp4RcZO2Ah6hEpKG8OfY8slZxKGsd3ef0TjCxJpsg3daMyRhgMVJym9lhbKnWxJ
vXMnw+DdqdSM7mpg3GG73OQ=
-----END PRIVATE KEY-----

View File

@ -0,0 +1,18 @@
-----BEGIN CERTIFICATE-----
MIIC0jCCAboCCQDwxZM4yuJRajANBgkqhkiG9w0BAQUFADArMSkwJwYDVQQDEyBj
aGVmLWNvbnRyb2xsZXIuc3J0Lm1pcmFudGlzLm5ldDAeFw0xMjEyMDYxMTMwMTVa
Fw0yMjEyMDQxMTMwMTVaMCsxKTAnBgNVBAMTIGNoZWYtY29udHJvbGxlci5zcnQu
bWlyYW50aXMubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApMIL
HHm0k0i8FE7pyM+1CNyc0E0prG4VtvHrgjx6T1dtLzTsTLMUjTAgpri0cac+D9p8
XQ+ThOYTQseNIodwRIHH7xju5RqDUlmo9MMdIEarTY5dR6DRn2ZTITNR8OnLJ6fi
BzXFwoWM56k0DvAHyG7ZMCApcT7wthS54IhX3AStr3MIenBPtER3cFN/l0u2RDYa
CT9F77V0wTpRjPhtLXf9cvMzpAM6oVZOoO0wckS9gGj64B1JUVVZpxSOR41TFZkm
0hd6NDWnUzXyYjKaM81DC85j74y4FIfmLmu8dsgk4LLeFY4anRAE31jDT6Tc9dMT
0OrANHyZoTw+xEtoJQIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQB0oX7/m89rtNrW
eMcDKdwSZGbkM35GWhPHnnr8gNfxsC0hnuitPbVylkDhLCSBy+krw/rZpV8jZ5V2
NhvaPb5FkXz5VuQIK4YfEtNz4zKl04NeKUS3EoqJt0zZnNAwAhT/CjWocfB+/IWR
lmqKaiyl3ZW+wLTUII1YkST1QsBl8tY5Eh6V6tj6qauB2mzNEQp8SvTh/8NWtSFp
geIQ08CXZAh1PCPNRXH3MIsb7w4HNn5MgTXIGf02oQqXyMYUdr5s+YZjc389EoNg
BhOVZaF6iRKfqISSgcfXk4as2CsV5X08WbML9uc1So2p2FlMepSsXI33ccw3pVF6
c7XxlUvG
-----END CERTIFICATE-----

View File

@ -0,0 +1,22 @@
Puppet::Type.type(:a2mod).provide(:a2mod) do
desc "Manage Apache 2 modules on Debian and Ubuntu"
optional_commands :encmd => "a2enmod"
optional_commands :discmd => "a2dismod"
confine :osfamily => :debian
defaultfor :operatingsystem => [:debian, :ubuntu]
def create
encmd resource[:name]
end
def destroy
discmd resource[:name]
end
def exists?
mod= "/etc/apache2/mods-enabled/" + resource[:name] + ".load"
File.exists?(mod)
end
end

View File

@ -0,0 +1,116 @@
require 'puppet/util/filetype'
Puppet::Type.type(:a2mod).provide(:gentoo, :parent => Puppet::Provider) do
desc "Manage Apache 2 modules on Gentoo"
confine :operatingsystem => :gentoo
defaultfor :operatingsystem => :gentoo
attr_accessor :property_hash
def create
@property_hash[:ensure] = :present
end
def exists?
(!(@property_hash[:ensure].nil?) and @property_hash[:ensure] == :present)
end
def destroy
@property_hash[:ensure] = :absent
end
def flush
self.class.flush
end
class << self
attr_reader :conf_file
end
def self.clear
@mod_resources = []
@modules = []
@other_args = ""
end
def self.initvars
@conf_file = "/etc/conf.d/apache2"
@filetype = Puppet::Util::FileType.filetype(:flat).new(conf_file)
@mod_resources = []
@modules = []
@other_args = ""
end
self.initvars
# Retrieve an array of all existing modules
def self.modules
if @modules.length <= 0
# Locate the APACHE_OPTS variable
records = filetype.read.split(/\n/)
apache2_opts = records.grep(/^\s*APACHE2_OPTS=/).first
# Extract all defines
while apache2_opts.sub!(/-D\s+(\w+)/, '')
@modules << $1.downcase
end
# Hang on to any remaining options.
if apache2_opts.match(/APACHE2_OPTS="(.+)"/)
@other_args = $1.strip
end
@modules.sort!.uniq!
end
@modules
end
def self.prefetch(resources={})
# Match resources with existing providers
instances.each do |provider|
if resource = resources[provider.name]
resource.provider = provider
end
end
# Store all resources using this provider for flushing
resources.each do |name, resource|
@mod_resources << resource
end
end
def self.instances
modules.map {|mod| new(:name => mod, :provider => :gentoo, :ensure => :present)}
end
def self.flush
mod_list = modules
mods_to_remove = @mod_resources.select {|mod| mod.should(:ensure) == :absent}.map {|mod| mod[:name]}
mods_to_add = @mod_resources.select {|mod| mod.should(:ensure) == :present}.map {|mod| mod[:name]}
mod_list -= mods_to_remove
mod_list += mods_to_add
mod_list.sort!.uniq!
if modules != mod_list
opts = @other_args + " "
opts << mod_list.map {|mod| "-D #{mod.upcase}"}.join(" ")
opts.strip!
opts.gsub!(/\s+/, ' ')
apache2_opts = %Q{APACHE2_OPTS="#{opts}"}
Puppet.debug("Writing back \"#{apache2_opts}\" to #{conf_file}")
records = filetype.read.split(/\n/)
opts_index = records.find_index {|i| i.match(/^\s*APACHE2_OPTS/)}
records[opts_index] = apache2_opts
filetype.backup
filetype.write(records.join("\n"))
@modules = mod_list
end
end
end

View File

@ -0,0 +1,12 @@
Puppet::Type.type(:a2mod).provide :modfix do
desc "Dummy provider for A2mod.
Fake nil resources when there is no crontab binary available. Allows
puppetd to run on a bootstrapped machine before a Cron package has been
installed. Workaround for: http://projects.puppetlabs.com/issues/2384
"
def self.instances
[]
end
end

View File

@ -0,0 +1,61 @@
Puppet::Type.type(:a2mod).provide(:redhat) do
desc "Manage Apache 2 modules on RedHat family OSs"
confine :osfamily => :redhat
defaultfor :osfamily => :redhat
require 'pathname'
# modpath: Path to default apache modules directory /etc/httpd/mod.d
# modfile: Path to module load configuration file; Default: resides under modpath directory
# libfile: Path to actual apache module library. Added in modfile LoadModule
attr_accessor :modfile, :libfile
class << self
attr_accessor :modpath
def preinit
@modpath = "/etc/httpd/mod.d"
end
end
self.preinit
def create
File.open(modfile,'w') do |f|
f.puts "LoadModule #{resource[:identifier]} #{libfile}"
end
end
def destroy
File.delete(modfile)
end
def exists?
File.exists?(modfile) and File.read(modfile).match(libfile)
end
def self.instances
modules = []
Dir.glob("#{modpath}/*.load").each do |file|
m = file.match(/(\w+)\.load$/)
modules << m[1] if m
end
modules.map do |mod|
new(
:name => mod,
:ensure => :present,
:provider => :redhat
)
end
end
def modfile
modfile ||= "#{self.class.modpath}/#{resource[:name]}.load"
end
# Set libfile path: If absolute path is passed, then maintain it. Else, make it default from 'modules' dir.
def libfile
libfile = Pathname.new(resource[:lib]).absolute? ? resource[:lib] : "modules/#{resource[:lib]}"
end
end

View File

@ -0,0 +1,29 @@
Puppet::Type.newtype(:a2mod) do
@doc = "Manage Apache 2 modules"
ensurable
newparam(:name) do
desc "The name of the module to be managed"
isnamevar
end
newparam(:lib) do
desc "The name of the .so library to be loaded"
defaultto { "mod_#{@resource[:name]}.so" }
end
newparam(:identifier) do
desc "Module identifier string used by LoadModule. Default: module-name_module"
# http://httpd.apache.org/docs/2.2/mod/module-dict.html#ModuleIdentifier
defaultto { "#{resource[:name]}_module" }
end
autorequire(:package) { catalog.resource(:package, 'httpd')}
end

View File

@ -20,8 +20,8 @@
# $api_result_limit max number of Swift containers/objects to display on a single page
#
class horizon(
$bind_address = '127.0.0.1',
$secret_key,
$bind_address = '127.0.0.1',
$cache_server_ip = '127.0.0.1',
$cache_server_port = '11211',
$swift = false,
@ -33,11 +33,20 @@ class horizon(
$keystone_scheme = 'http',
$keystone_default_role = 'Member',
$django_debug = 'False',
$api_result_limit = 1000
$api_result_limit = 1000,
$http_port = 80,
$https_port = 443,
$use_ssl = false,
) {
include horizon::params
$root_url = $::horizon::params::root_url
$ssl_cert_file = $::horizon::params::ssl_cert_file
$ssl_key_file = $::horizon::params::ssl_key_file
$wsgi_user = $::horizon::params::apache_user
$wsgi_group = $::horizon::params::apache_group
package { ["$::horizon::params::http_service", "$::horizon::params::http_modwsgi"]:
ensure => present,
}
@ -47,37 +56,74 @@ class horizon(
require => Package[$::horizon::params::http_service],
}
case $::osfamily {
'RedHat': {
File {
require => Package["$::horizon::params::package_name"],
owner => 'apache',
group => 'apache',
}
}
'Debian': {
File {
require => Package["$::horizon::params::package_name"],
owner => 'www-data',
group => 'www-data',
}
}
}
$dashboard_urlpart = $::osfamily ? {
'Debian' => 'horizon',
'RedHat' => 'dashboard'
owner => $wsgi_user,
group => $wsgi_group,
}
file { $::horizon::params::local_settings_path:
content => template('horizon/local_settings.py.erb'),
mode => '0644',
}
# file { '/etc/apache2/sites-available/openstack-dashboard':
# content => template('horizon/dash-site.erb'),
# mode => '0644',
# }
# stop apache bitching
# file { "${dash_path}/.blackhole":
# ensure => directory,
# owner => 'root',
# }
if $use_ssl {
file { $ssl_cert_file:
ensure => present,
mode => '0644',
owner => 'root',
group => 'root',
source => 'puppet:///modules/horizon/horizon.pem',
}
file { $ssl_key_file:
ensure => present,
mode => '0640',
owner => 'root',
group => $::horizon::params::ssl_key_group,
source => 'puppet:///modules/horizon/horizon.key',
}
}
file { $::horizon::params::logdir:
ensure => directory,
mode => '0751',
before => Service["$::horizon::params::http_service"],
}
# file_line { 'horizon_redirect_rule':
# path => $::horizon::params::config_file,
# line => "RedirectMatch permanent ^/$ ${root_url}/",
# require => Package["$::horizon::params::package_name"],
# notify => Service["$::horizon::params::http_service"]
# }
file { $::horizon::params::vhosts_file:
content => template('horizon/vhosts.erb'),
mode => '0644',
require => Package["$::horizon::params::package_name"],
notify => Service["$::horizon::params::http_service"]
}
file { $::horizon::params::httpd_listen_config_file:
content => template('horizon/ports.conf.erb'),
require => Package[$::horizon::params::package_name],
#before => Package[$::horizon::params::package_name],
}
case $::osfamily {
'RedHat': {
file { '/etc/httpd/conf.d/wsgi.conf':
@ -88,19 +134,36 @@ class horizon(
require => Package["$::horizon::params::http_service", "$::horizon::params::http_modwsgi"],
before => Package["$::horizon::params::package_name"],
} # ensure there is a HTTP redirect from / to /dashboard
file_line { 'horizon_redirect_rule':
path => $::horizon::params::config_file,
line => 'RedirectMatch permanent ^/$ /dashboard/',
require => Package["$::horizon::params::package_name"],
notify => Service["$::horizon::params::http_service"]
# file_line { 'horizon_redirect_rule':
# path => $::horizon::params::config_file,
# line => 'RedirectMatch permanent ^/$ /dashboard/',
# require => Package["$::horizon::params::package_name"],
# notify => Service["$::horizon::params::http_service"]
# }
# file_line { 'httpd_listen_on_internal_network_only':
# path => $::horizon::params::httpd_listen_config_file,
# match => '^Listen (.*)$',
# line => "Listen ${bind_address}:80",
# before => [Service["$::horizon::params::http_service"]],
# notify => [Service["$::horizon::params::http_service"]],
# require =>[Package["$::horizon::params::package_name"]]
# }
if $use_ssl {
package { 'mod_ssl':
ensure => present,
before => Service[$::horizon::params::http_service],
}
file_line { 'httpd_listen_on_internal_network_only':
path => $::horizon::params::httpd_listen_config_file,
match => '^Listen (.*)$',
line => "Listen ${bind_address}:80",
before => [Service["$::horizon::params::http_service"]],
notify => [Service["$::horizon::params::http_service"]],
require =>[Package["$::horizon::params::package_name"]]
}
augeas { "remove_listen_directive":
context => "/files/etc/httpd/conf/httpd.conf",
changes => [
"rm directive[. = 'Listen']"
],
before => Service[$::horizon::params::http_service],
}
}
'Debian': {
@ -108,19 +171,41 @@ class horizon(
ensure => directory,
require => []
}
file { $::horizon::params::httpd_listen_config_file:
content => template('horizon/ports.conf.erb'),
require => File['/etc/apache2'],
before => Package[$::horizon::params::package_name],
}
exec { 'a2enmod wsgi':
command => 'a2enmod wsgi',
path => ['/usr/bin','/usr/sbin','/bin/','/sbin'],
require => Package["$::horizon::params::http_service", "$::horizon::params::http_modwsgi"],
before => Package["$::horizon::params::package_name"],
A2mod {
ensure => present,
require => Package[$::horizon::params::package_name],
notify => Service[$::horizon::params::http_service],
}
a2mod { 'wsgi': }
if $use_ssl {
a2mod { ['rewrite', 'ssl']: }
}
file { '/etc/apache2/sites-enabled/openstack-dashboard':
ensure => link,
target => $::horizon::params::vhosts_file,
#require => File['/etc/apache2/sites-available/openstack-dashboard'],
}
file { '/etc/apache2/sites-enabled/000-default':
ensure => absent,
before => Service[$::horizon::params::http_service],
}
# exec { 'a2enmod wsgi':
# command => 'a2enmod wsgi',
# path => ['/usr/bin','/usr/sbin','/bin/','/sbin'],
# require => Package["$::horizon::params::http_service", "$::horizon::params::http_modwsgi"],
# before => Package["$::horizon::params::package_name"],
# }
}
}
service { '$::horizon::params::http_service':
name => $::horizon::params::http_service,
ensure => 'running',
@ -128,6 +213,7 @@ class horizon(
require => Package["$::horizon::params::http_service", "$::horizon::params::http_modwsgi"],
subscribe => File["$::horizon::params::local_settings_path", "$::horizon::params::logdir"]
}
if $cache_server_ip =~ /^127\.0\.0\.1/ {
Class['memcached'] -> Class['horizon']
}

View File

@ -7,17 +7,28 @@ class horizon::params {
case $::osfamily {
'RedHat': {
$http_service = 'httpd'
$vhosts_file = '/etc/httpd/conf.d/ssl.conf'
$http_modwsgi = 'mod_wsgi'
$package_name = 'openstack-dashboard'
$httpd_listen_config_file = '/etc/httpd/conf/httpd.conf'
$config_file = '/etc/httpd/conf.d/openstack-dashboard.conf'
$httpd_listen_config_file = '/etc/httpd/conf.d/ports.conf'
$local_settings_path = '/etc/openstack-dashboard/local_settings'
$root_url = '/dashboard'
$apache_user = 'apache'
$apache_group = 'apache'
$ssl_key_group = 'root'
$ssl_dir = '/etc/pki/tls'
}
'Debian': {
$http_service = 'apache2'
$config_file = '/etc/apache2/conf.d/openstack-dashboard.conf'
$vhosts_file = '/etc/apache2/sites-available/openstack-dashboard.conf'
$local_settings_path = '/etc/openstack-dashboard/local_settings.py'
$httpd_listen_config_file = '/etc/apache2/ports.conf'
$http_modwsgi = 'libapache2-mod-wsgi'
$root_url = '/horizon'
$apache_user = 'www-data'
$apache_group = 'www-data'
$ssl_key_group = 'ssl-cert'
$ssl_dir = '/etc/ssl'
case $::operatingsystem {
'Debian': {
$package_name = 'openstack-dashboard-apache'
@ -26,10 +37,12 @@ class horizon::params {
$package_name = 'openstack-dashboard'
}
}
$local_settings_path = '/etc/openstack-dashboard/local_settings.py'
}
default: {
fail("Unsupported osfamily: ${::osfamily} operatingsystem: ${::operatingsystem}, module ${module_name} only support osfamily RedHat and Debian")
}
}
$ssl_cert_file = "${ssl_dir}/certs/horizon.pem"
$ssl_key_file = "${ssl_dir}/private/horizon.key"
}

View File

@ -4,11 +4,8 @@ from django.utils.translation import ugettext_lazy as _
DEBUG = <%= django_debug %>
TEMPLATE_DEBUG = DEBUG
PROD = False
USE_SSL = False
# Note: You should change this value
SECRET_KEY = '<%= secret_key %>'
# Specify a regular expression to validate user passwords.
# HORIZON_CONFIG = {
@ -20,6 +17,9 @@ SECRET_KEY = '<%= secret_key %>'
LOCAL_PATH = os.path.dirname(os.path.abspath(__file__))
# Note: You should change this value
SECRET_KEY = '<%= secret_key %>'
# We recommend you use memcached for development; otherwise after every reload
# of the django development server, you will have to login again. To use
# memcached set CACHE_BACKED to something like 'memcached://127.0.0.1:11211/'
@ -46,6 +46,9 @@ OPENSTACK_HOST = "<%= keystone_host %>"
OPENSTACK_KEYSTONE_URL = "<%= keystone_scheme %>://%s:<%= keystone_port %>/v2.0" % OPENSTACK_HOST
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "<%= keystone_default_role %>"
# Disable SSL certificate checks (useful for self-signed certificates):
OPENSTACK_SSL_NO_VERIFY = True
# The OPENSTACK_KEYSTONE_BACKEND settings can be used to identify the
# capabilities of the auth backend for Keystone.
# If Keystone has been configured to use LDAP as the auth backend then set
@ -57,6 +60,10 @@ OPENSTACK_KEYSTONE_BACKEND = {
'can_edit_user': True
}
OPENSTACK_HYPERVISOR_FEATURES = {
'can_set_mount_point': True
}
# OPENSTACK_ENDPOINT_TYPE specifies the endpoint type to use for the endpoints
# in the Keystone service catalog. Use this setting when Horizon is running
# external to the OpenStack environment. The default is 'internalURL'.
@ -65,15 +72,21 @@ OPENSTACK_KEYSTONE_BACKEND = {
<% if swift -%>
# Include the SWIFT interface extension in Horizon
SWIFT_ENABLED = True
SWIFT_PAGINATE_LIMIT = 100
<% end -%>
# The number of Swift containers and objects to display on a single page before
# providing a paging element (a "more" link) to paginate results.
API_RESULT_LIMIT = <%= api_result_limit %>
API_RESULT_PAGE_SIZE = 20
<% if quantum -%>
# Include the Quantum interface extensions in Horizon
QUANTUM_ENABLED = True
QUANTUM_URL = '%s' % OPENSTACK_HOST
QUANTUM_PORT = '9696'
QUANTUM_TENANT = 'services'
QUANTUM_CLIENT_VERSION='2.0'
<% end -%>
# If you have external monitoring links, eg:
@ -136,8 +149,9 @@ LOGGING = {
}
}
LOGIN_URL='/<%= dashboard_urlpart %>/auth/login/'
LOGIN_REDIRECT_URL='/<%= dashboard_urlpart%>'
LOGIN_URL = '<%= root_url %>/auth/login/'
LOGOUT_URL = '<%= root_url %>/auth/logout/'
LOGIN_REDIRECT_URL = '<%= root_url %>/syspanel/'
# The Ubuntu package includes pre-compressed JS and compiled CSS to allow
# offline compression by default. To enable online compression, install

View File

@ -1,12 +1,23 @@
NameVirtualHost *:80
Listen <%= bind_address %>:80
# If you just change the port or add more ports here, you will likely also
# have to change the VirtualHost statement
NameVirtualHost *:<%= @http_port %>
Listen <%= @bind_address %>:<%= @http_port %>
<% if @osfamily == 'RedHat' -%>
<% if @use_ssl -%>
NameVirtualHost *:<%= @https_port %>
Listen <%= @bind_address %>:<%= @https_port %>
<% end %>
<% else %>
<IfModule mod_ssl.c>
Listen <%= bind_address %>:443
# Server Name Indication for SSL named virtual hosts is currently not
# supported by MSIE on Windows XP.
NameVirtualHost *:<%= @https_port %>
Listen <%= @bind_address %>:<%= @https_port %>
</IfModule>
<IfModule mod_gnutls.c>
Listen <%= bind_address %>:443
Listen <%= @bind_address %>:<%= @https_port %>
</IfModule>
<% end %>

View File

@ -0,0 +1,35 @@
#
# This file autogenerated by Puppet
# Do not edit, changes will be overwritten
#
RedirectMatch permanent ^/$ <%= @root_url %>/
<% if @use_ssl -%>
# SSL support
<% if @osfamily == 'RedHat' -%>
LoadModule ssl_module modules/mod_ssl.so
<% end -%>
SSLPassPhraseDialog builtin
SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout 300
SSLMutex default
SSLRandomSeed startup file:/dev/urandom 256
SSLRandomSeed connect builtin
SSLCryptoDevice builtin
<% end -%>
<VirtualHost *:<%= @http_port %>>
<% if @use_ssl -%>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R]
</VirtualHost>
<VirtualHost *:<%= @https_port %>>
SSLEngine on
SSLCertificateFile <%= @ssl_cert_file %>
SSLCertificateKeyFile <%= @ssl_key_file %>
<% end -%>
</VirtualHost>