(FUEL-450) Horizon https support
This commit is contained in:
parent
6c45bd072d
commit
3f9ec1c5ab
1
deployment/puppet/horizon/.gitignore
vendored
1
deployment/puppet/horizon/.gitignore
vendored
@ -3,3 +3,4 @@ pkg/
|
||||
.DS_Store
|
||||
metadata.json
|
||||
coverage/
|
||||
.project
|
28
deployment/puppet/horizon/files/horizon.key
Normal file
28
deployment/puppet/horizon/files/horizon.key
Normal file
@ -0,0 +1,28 @@
|
||||
-----BEGIN PRIVATE KEY-----
|
||||
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCkwgscebSTSLwU
|
||||
TunIz7UI3JzQTSmsbhW28euCPHpPV20vNOxMsxSNMCCmuLRxpz4P2nxdD5OE5hNC
|
||||
x40ih3BEgcfvGO7lGoNSWaj0wx0gRqtNjl1HoNGfZlMhM1Hw6csnp+IHNcXChYzn
|
||||
qTQO8AfIbtkwIClxPvC2FLngiFfcBK2vcwh6cE+0RHdwU3+XS7ZENhoJP0XvtXTB
|
||||
OlGM+G0td/1y8zOkAzqhVk6g7TByRL2AaPrgHUlRVVmnFI5HjVMVmSbSF3o0NadT
|
||||
NfJiMpozzUMLzmPvjLgUh+Yua7x2yCTgst4VjhqdEATfWMNPpNz10xPQ6sA0fJmh
|
||||
PD7ES2glAgMBAAECggEASGZYuZ+lwV8h/w6aXzsfA5DmfAacfIA3nJf8dNOcr8bs
|
||||
XOU1vZKoQk7W2kyqRpNGi3LoWYChw7HS3vKPy4+WvxQExsW/HQAkmwh5XW1sHCXR
|
||||
2xfnV7WMyC4P87P4mxQxyPBWO/LeP1eujpJlJPdHhEVpvWM0suYEow7Ci69+ZFkZ
|
||||
Ks2ocAfy22QngHNel7cpP9sjuAOnKKjtqhSweX00el2usuhXru/dUIja5zzAaEFo
|
||||
MH+HWzaPtv0kIJsCZHquzP6RaedyNjZt/SlUQAzuDELFZkDpzN0itoOFRHMyVYtG
|
||||
ihKuJQmJjvz34P2YmoMKhDTB1EvmtmI6RpOiKGf49QKBgQDZeKHq/ESC7h7R9Tm6
|
||||
eG94l8q79OzDRgzdkxK4x3NTmEZos7TY9bkq0ZTo77DilqH0tI/lf5hGkQDYPQLL
|
||||
2+HlPoNkBYT82ejX5AXLDQdTTSLjE/ACQS/7aueNjfRmKaiiA5CQDKudIzVff2LO
|
||||
H+ycdYGwdcw3UW2OWi1spIuKbwKBgQDB8pyRqyWhvQbR0t1nMAlTxZuhd47ZRrra
|
||||
3xdMRQC0Wz5ar7tHGrS62puPmF3dL/OZ2nAKiNUzai1iFQi6YWJZNhJaTWnbKdkk
|
||||
ay9k944o1gkTE5LSqi9VrzKjPjWxOy3kppjJeP09x7yOp4hJVKF+z/Qs+Ko4MDMj
|
||||
IQfc6AEQqwKBgFJ4OccYFY8laBCtE1BQnc04mww+LI89AGIChSYHlQeNhp3sEFf6
|
||||
j1balcLkKssy3oYi9zLL+V5BXPWj5WyTnQ3HcCI9KZqNtIwyj7PZ4/5GEUXV6L2i
|
||||
JOUOPHNk8trPT4DpIyhNdcMod/QYJcsPNjZ7JUxaz6/mtEo4jmNV3wkHAoGBALY/
|
||||
Ew7ywu7joBfkzHWdNvaIFsE4hnv3MbhfsBXUNWBE6SfwP8wF9VQr/ceGRpWE7KRj
|
||||
Fatgfu7MVA75cvUoc3EfFUnTuqfeABRvv95hnS0USvypBOt+TfJ3Kd8pouyCjpJw
|
||||
VdvkHBtEqBNoq/E0XHi8Ulc75z/bUwIslKXpQK73AoGAZ3t8bDYkN56pZnJvTqaP
|
||||
ufy1LxEmYyxVp+qLYaGOr0VA09Zl21hDZMQTBFvPe9aLkd0RSCBE73iusDGe0AWd
|
||||
XBp4RcZO2Ah6hEpKG8OfY8slZxKGsd3ef0TjCxJpsg3daMyRhgMVJym9lhbKnWxJ
|
||||
vXMnw+DdqdSM7mpg3GG73OQ=
|
||||
-----END PRIVATE KEY-----
|
18
deployment/puppet/horizon/files/horizon.pem
Normal file
18
deployment/puppet/horizon/files/horizon.pem
Normal file
@ -0,0 +1,18 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIC0jCCAboCCQDwxZM4yuJRajANBgkqhkiG9w0BAQUFADArMSkwJwYDVQQDEyBj
|
||||
aGVmLWNvbnRyb2xsZXIuc3J0Lm1pcmFudGlzLm5ldDAeFw0xMjEyMDYxMTMwMTVa
|
||||
Fw0yMjEyMDQxMTMwMTVaMCsxKTAnBgNVBAMTIGNoZWYtY29udHJvbGxlci5zcnQu
|
||||
bWlyYW50aXMubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApMIL
|
||||
HHm0k0i8FE7pyM+1CNyc0E0prG4VtvHrgjx6T1dtLzTsTLMUjTAgpri0cac+D9p8
|
||||
XQ+ThOYTQseNIodwRIHH7xju5RqDUlmo9MMdIEarTY5dR6DRn2ZTITNR8OnLJ6fi
|
||||
BzXFwoWM56k0DvAHyG7ZMCApcT7wthS54IhX3AStr3MIenBPtER3cFN/l0u2RDYa
|
||||
CT9F77V0wTpRjPhtLXf9cvMzpAM6oVZOoO0wckS9gGj64B1JUVVZpxSOR41TFZkm
|
||||
0hd6NDWnUzXyYjKaM81DC85j74y4FIfmLmu8dsgk4LLeFY4anRAE31jDT6Tc9dMT
|
||||
0OrANHyZoTw+xEtoJQIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQB0oX7/m89rtNrW
|
||||
eMcDKdwSZGbkM35GWhPHnnr8gNfxsC0hnuitPbVylkDhLCSBy+krw/rZpV8jZ5V2
|
||||
NhvaPb5FkXz5VuQIK4YfEtNz4zKl04NeKUS3EoqJt0zZnNAwAhT/CjWocfB+/IWR
|
||||
lmqKaiyl3ZW+wLTUII1YkST1QsBl8tY5Eh6V6tj6qauB2mzNEQp8SvTh/8NWtSFp
|
||||
geIQ08CXZAh1PCPNRXH3MIsb7w4HNn5MgTXIGf02oQqXyMYUdr5s+YZjc389EoNg
|
||||
BhOVZaF6iRKfqISSgcfXk4as2CsV5X08WbML9uc1So2p2FlMepSsXI33ccw3pVF6
|
||||
c7XxlUvG
|
||||
-----END CERTIFICATE-----
|
22
deployment/puppet/horizon/lib/puppet/provider/a2mod/a2mod.rb
Normal file
22
deployment/puppet/horizon/lib/puppet/provider/a2mod/a2mod.rb
Normal file
@ -0,0 +1,22 @@
|
||||
Puppet::Type.type(:a2mod).provide(:a2mod) do
|
||||
desc "Manage Apache 2 modules on Debian and Ubuntu"
|
||||
|
||||
optional_commands :encmd => "a2enmod"
|
||||
optional_commands :discmd => "a2dismod"
|
||||
|
||||
confine :osfamily => :debian
|
||||
defaultfor :operatingsystem => [:debian, :ubuntu]
|
||||
|
||||
def create
|
||||
encmd resource[:name]
|
||||
end
|
||||
|
||||
def destroy
|
||||
discmd resource[:name]
|
||||
end
|
||||
|
||||
def exists?
|
||||
mod= "/etc/apache2/mods-enabled/" + resource[:name] + ".load"
|
||||
File.exists?(mod)
|
||||
end
|
||||
end
|
116
deployment/puppet/horizon/lib/puppet/provider/a2mod/gentoo.rb
Normal file
116
deployment/puppet/horizon/lib/puppet/provider/a2mod/gentoo.rb
Normal file
@ -0,0 +1,116 @@
|
||||
require 'puppet/util/filetype'
|
||||
Puppet::Type.type(:a2mod).provide(:gentoo, :parent => Puppet::Provider) do
|
||||
desc "Manage Apache 2 modules on Gentoo"
|
||||
|
||||
confine :operatingsystem => :gentoo
|
||||
defaultfor :operatingsystem => :gentoo
|
||||
|
||||
attr_accessor :property_hash
|
||||
|
||||
def create
|
||||
@property_hash[:ensure] = :present
|
||||
end
|
||||
|
||||
def exists?
|
||||
(!(@property_hash[:ensure].nil?) and @property_hash[:ensure] == :present)
|
||||
end
|
||||
|
||||
def destroy
|
||||
@property_hash[:ensure] = :absent
|
||||
end
|
||||
|
||||
def flush
|
||||
self.class.flush
|
||||
end
|
||||
|
||||
class << self
|
||||
attr_reader :conf_file
|
||||
end
|
||||
|
||||
def self.clear
|
||||
@mod_resources = []
|
||||
@modules = []
|
||||
@other_args = ""
|
||||
end
|
||||
|
||||
def self.initvars
|
||||
@conf_file = "/etc/conf.d/apache2"
|
||||
@filetype = Puppet::Util::FileType.filetype(:flat).new(conf_file)
|
||||
@mod_resources = []
|
||||
@modules = []
|
||||
@other_args = ""
|
||||
end
|
||||
|
||||
self.initvars
|
||||
|
||||
# Retrieve an array of all existing modules
|
||||
def self.modules
|
||||
if @modules.length <= 0
|
||||
# Locate the APACHE_OPTS variable
|
||||
records = filetype.read.split(/\n/)
|
||||
apache2_opts = records.grep(/^\s*APACHE2_OPTS=/).first
|
||||
|
||||
# Extract all defines
|
||||
while apache2_opts.sub!(/-D\s+(\w+)/, '')
|
||||
@modules << $1.downcase
|
||||
end
|
||||
|
||||
# Hang on to any remaining options.
|
||||
if apache2_opts.match(/APACHE2_OPTS="(.+)"/)
|
||||
@other_args = $1.strip
|
||||
end
|
||||
|
||||
@modules.sort!.uniq!
|
||||
end
|
||||
|
||||
@modules
|
||||
end
|
||||
|
||||
def self.prefetch(resources={})
|
||||
# Match resources with existing providers
|
||||
instances.each do |provider|
|
||||
if resource = resources[provider.name]
|
||||
resource.provider = provider
|
||||
end
|
||||
end
|
||||
|
||||
# Store all resources using this provider for flushing
|
||||
resources.each do |name, resource|
|
||||
@mod_resources << resource
|
||||
end
|
||||
end
|
||||
|
||||
def self.instances
|
||||
modules.map {|mod| new(:name => mod, :provider => :gentoo, :ensure => :present)}
|
||||
end
|
||||
|
||||
def self.flush
|
||||
|
||||
mod_list = modules
|
||||
mods_to_remove = @mod_resources.select {|mod| mod.should(:ensure) == :absent}.map {|mod| mod[:name]}
|
||||
mods_to_add = @mod_resources.select {|mod| mod.should(:ensure) == :present}.map {|mod| mod[:name]}
|
||||
|
||||
mod_list -= mods_to_remove
|
||||
mod_list += mods_to_add
|
||||
mod_list.sort!.uniq!
|
||||
|
||||
if modules != mod_list
|
||||
opts = @other_args + " "
|
||||
opts << mod_list.map {|mod| "-D #{mod.upcase}"}.join(" ")
|
||||
opts.strip!
|
||||
opts.gsub!(/\s+/, ' ')
|
||||
|
||||
apache2_opts = %Q{APACHE2_OPTS="#{opts}"}
|
||||
Puppet.debug("Writing back \"#{apache2_opts}\" to #{conf_file}")
|
||||
|
||||
records = filetype.read.split(/\n/)
|
||||
|
||||
opts_index = records.find_index {|i| i.match(/^\s*APACHE2_OPTS/)}
|
||||
records[opts_index] = apache2_opts
|
||||
|
||||
filetype.backup
|
||||
filetype.write(records.join("\n"))
|
||||
@modules = mod_list
|
||||
end
|
||||
end
|
||||
end
|
@ -0,0 +1,12 @@
|
||||
Puppet::Type.type(:a2mod).provide :modfix do
|
||||
desc "Dummy provider for A2mod.
|
||||
|
||||
Fake nil resources when there is no crontab binary available. Allows
|
||||
puppetd to run on a bootstrapped machine before a Cron package has been
|
||||
installed. Workaround for: http://projects.puppetlabs.com/issues/2384
|
||||
"
|
||||
|
||||
def self.instances
|
||||
[]
|
||||
end
|
||||
end
|
@ -0,0 +1,61 @@
|
||||
Puppet::Type.type(:a2mod).provide(:redhat) do
|
||||
desc "Manage Apache 2 modules on RedHat family OSs"
|
||||
|
||||
confine :osfamily => :redhat
|
||||
defaultfor :osfamily => :redhat
|
||||
|
||||
require 'pathname'
|
||||
|
||||
# modpath: Path to default apache modules directory /etc/httpd/mod.d
|
||||
# modfile: Path to module load configuration file; Default: resides under modpath directory
|
||||
# libfile: Path to actual apache module library. Added in modfile LoadModule
|
||||
|
||||
attr_accessor :modfile, :libfile
|
||||
class << self
|
||||
attr_accessor :modpath
|
||||
def preinit
|
||||
@modpath = "/etc/httpd/mod.d"
|
||||
end
|
||||
end
|
||||
|
||||
self.preinit
|
||||
|
||||
def create
|
||||
File.open(modfile,'w') do |f|
|
||||
f.puts "LoadModule #{resource[:identifier]} #{libfile}"
|
||||
end
|
||||
end
|
||||
|
||||
def destroy
|
||||
File.delete(modfile)
|
||||
end
|
||||
|
||||
def exists?
|
||||
File.exists?(modfile) and File.read(modfile).match(libfile)
|
||||
end
|
||||
|
||||
def self.instances
|
||||
modules = []
|
||||
Dir.glob("#{modpath}/*.load").each do |file|
|
||||
m = file.match(/(\w+)\.load$/)
|
||||
modules << m[1] if m
|
||||
end
|
||||
|
||||
modules.map do |mod|
|
||||
new(
|
||||
:name => mod,
|
||||
:ensure => :present,
|
||||
:provider => :redhat
|
||||
)
|
||||
end
|
||||
end
|
||||
|
||||
def modfile
|
||||
modfile ||= "#{self.class.modpath}/#{resource[:name]}.load"
|
||||
end
|
||||
|
||||
# Set libfile path: If absolute path is passed, then maintain it. Else, make it default from 'modules' dir.
|
||||
def libfile
|
||||
libfile = Pathname.new(resource[:lib]).absolute? ? resource[:lib] : "modules/#{resource[:lib]}"
|
||||
end
|
||||
end
|
29
deployment/puppet/horizon/lib/puppet/type/a2mod.rb
Normal file
29
deployment/puppet/horizon/lib/puppet/type/a2mod.rb
Normal file
@ -0,0 +1,29 @@
|
||||
Puppet::Type.newtype(:a2mod) do
|
||||
@doc = "Manage Apache 2 modules"
|
||||
|
||||
ensurable
|
||||
|
||||
newparam(:name) do
|
||||
desc "The name of the module to be managed"
|
||||
|
||||
isnamevar
|
||||
|
||||
end
|
||||
|
||||
newparam(:lib) do
|
||||
desc "The name of the .so library to be loaded"
|
||||
|
||||
defaultto { "mod_#{@resource[:name]}.so" }
|
||||
end
|
||||
|
||||
newparam(:identifier) do
|
||||
desc "Module identifier string used by LoadModule. Default: module-name_module"
|
||||
|
||||
# http://httpd.apache.org/docs/2.2/mod/module-dict.html#ModuleIdentifier
|
||||
|
||||
defaultto { "#{resource[:name]}_module" }
|
||||
end
|
||||
|
||||
autorequire(:package) { catalog.resource(:package, 'httpd')}
|
||||
|
||||
end
|
@ -20,8 +20,8 @@
|
||||
# $api_result_limit max number of Swift containers/objects to display on a single page
|
||||
#
|
||||
class horizon(
|
||||
$bind_address = '127.0.0.1',
|
||||
$secret_key,
|
||||
$bind_address = '127.0.0.1',
|
||||
$cache_server_ip = '127.0.0.1',
|
||||
$cache_server_port = '11211',
|
||||
$swift = false,
|
||||
@ -33,11 +33,20 @@ class horizon(
|
||||
$keystone_scheme = 'http',
|
||||
$keystone_default_role = 'Member',
|
||||
$django_debug = 'False',
|
||||
$api_result_limit = 1000
|
||||
$api_result_limit = 1000,
|
||||
$http_port = 80,
|
||||
$https_port = 443,
|
||||
$use_ssl = false,
|
||||
) {
|
||||
|
||||
include horizon::params
|
||||
|
||||
$root_url = $::horizon::params::root_url
|
||||
$ssl_cert_file = $::horizon::params::ssl_cert_file
|
||||
$ssl_key_file = $::horizon::params::ssl_key_file
|
||||
$wsgi_user = $::horizon::params::apache_user
|
||||
$wsgi_group = $::horizon::params::apache_group
|
||||
|
||||
package { ["$::horizon::params::http_service", "$::horizon::params::http_modwsgi"]:
|
||||
ensure => present,
|
||||
}
|
||||
@ -47,37 +56,74 @@ class horizon(
|
||||
require => Package[$::horizon::params::http_service],
|
||||
}
|
||||
|
||||
case $::osfamily {
|
||||
'RedHat': {
|
||||
File {
|
||||
require => Package["$::horizon::params::package_name"],
|
||||
owner => 'apache',
|
||||
group => 'apache',
|
||||
}
|
||||
}
|
||||
'Debian': {
|
||||
File {
|
||||
require => Package["$::horizon::params::package_name"],
|
||||
owner => 'www-data',
|
||||
group => 'www-data',
|
||||
}
|
||||
}
|
||||
}
|
||||
$dashboard_urlpart = $::osfamily ? {
|
||||
'Debian' => 'horizon',
|
||||
'RedHat' => 'dashboard'
|
||||
owner => $wsgi_user,
|
||||
group => $wsgi_group,
|
||||
}
|
||||
|
||||
file { $::horizon::params::local_settings_path:
|
||||
content => template('horizon/local_settings.py.erb'),
|
||||
mode => '0644',
|
||||
}
|
||||
|
||||
# file { '/etc/apache2/sites-available/openstack-dashboard':
|
||||
# content => template('horizon/dash-site.erb'),
|
||||
# mode => '0644',
|
||||
# }
|
||||
|
||||
|
||||
# stop apache bitching
|
||||
# file { "${dash_path}/.blackhole":
|
||||
# ensure => directory,
|
||||
# owner => 'root',
|
||||
# }
|
||||
|
||||
if $use_ssl {
|
||||
file { $ssl_cert_file:
|
||||
ensure => present,
|
||||
mode => '0644',
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
source => 'puppet:///modules/horizon/horizon.pem',
|
||||
}
|
||||
|
||||
file { $ssl_key_file:
|
||||
ensure => present,
|
||||
mode => '0640',
|
||||
owner => 'root',
|
||||
group => $::horizon::params::ssl_key_group,
|
||||
source => 'puppet:///modules/horizon/horizon.key',
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
file { $::horizon::params::logdir:
|
||||
ensure => directory,
|
||||
mode => '0751',
|
||||
before => Service["$::horizon::params::http_service"],
|
||||
}
|
||||
|
||||
# file_line { 'horizon_redirect_rule':
|
||||
# path => $::horizon::params::config_file,
|
||||
# line => "RedirectMatch permanent ^/$ ${root_url}/",
|
||||
# require => Package["$::horizon::params::package_name"],
|
||||
# notify => Service["$::horizon::params::http_service"]
|
||||
# }
|
||||
|
||||
file { $::horizon::params::vhosts_file:
|
||||
content => template('horizon/vhosts.erb'),
|
||||
mode => '0644',
|
||||
require => Package["$::horizon::params::package_name"],
|
||||
notify => Service["$::horizon::params::http_service"]
|
||||
}
|
||||
|
||||
file { $::horizon::params::httpd_listen_config_file:
|
||||
content => template('horizon/ports.conf.erb'),
|
||||
require => Package[$::horizon::params::package_name],
|
||||
#before => Package[$::horizon::params::package_name],
|
||||
}
|
||||
|
||||
case $::osfamily {
|
||||
'RedHat': {
|
||||
file { '/etc/httpd/conf.d/wsgi.conf':
|
||||
@ -88,19 +134,36 @@ class horizon(
|
||||
require => Package["$::horizon::params::http_service", "$::horizon::params::http_modwsgi"],
|
||||
before => Package["$::horizon::params::package_name"],
|
||||
} # ensure there is a HTTP redirect from / to /dashboard
|
||||
file_line { 'horizon_redirect_rule':
|
||||
path => $::horizon::params::config_file,
|
||||
line => 'RedirectMatch permanent ^/$ /dashboard/',
|
||||
require => Package["$::horizon::params::package_name"],
|
||||
notify => Service["$::horizon::params::http_service"]
|
||||
|
||||
# file_line { 'horizon_redirect_rule':
|
||||
# path => $::horizon::params::config_file,
|
||||
# line => 'RedirectMatch permanent ^/$ /dashboard/',
|
||||
# require => Package["$::horizon::params::package_name"],
|
||||
# notify => Service["$::horizon::params::http_service"]
|
||||
# }
|
||||
|
||||
# file_line { 'httpd_listen_on_internal_network_only':
|
||||
# path => $::horizon::params::httpd_listen_config_file,
|
||||
# match => '^Listen (.*)$',
|
||||
# line => "Listen ${bind_address}:80",
|
||||
# before => [Service["$::horizon::params::http_service"]],
|
||||
# notify => [Service["$::horizon::params::http_service"]],
|
||||
# require =>[Package["$::horizon::params::package_name"]]
|
||||
# }
|
||||
|
||||
if $use_ssl {
|
||||
package { 'mod_ssl':
|
||||
ensure => present,
|
||||
before => Service[$::horizon::params::http_service],
|
||||
}
|
||||
file_line { 'httpd_listen_on_internal_network_only':
|
||||
path => $::horizon::params::httpd_listen_config_file,
|
||||
match => '^Listen (.*)$',
|
||||
line => "Listen ${bind_address}:80",
|
||||
before => [Service["$::horizon::params::http_service"]],
|
||||
notify => [Service["$::horizon::params::http_service"]],
|
||||
require =>[Package["$::horizon::params::package_name"]]
|
||||
}
|
||||
|
||||
augeas { "remove_listen_directive":
|
||||
context => "/files/etc/httpd/conf/httpd.conf",
|
||||
changes => [
|
||||
"rm directive[. = 'Listen']"
|
||||
],
|
||||
before => Service[$::horizon::params::http_service],
|
||||
}
|
||||
}
|
||||
'Debian': {
|
||||
@ -108,19 +171,41 @@ class horizon(
|
||||
ensure => directory,
|
||||
require => []
|
||||
}
|
||||
file { $::horizon::params::httpd_listen_config_file:
|
||||
content => template('horizon/ports.conf.erb'),
|
||||
require => File['/etc/apache2'],
|
||||
before => Package[$::horizon::params::package_name],
|
||||
}
|
||||
exec { 'a2enmod wsgi':
|
||||
command => 'a2enmod wsgi',
|
||||
path => ['/usr/bin','/usr/sbin','/bin/','/sbin'],
|
||||
require => Package["$::horizon::params::http_service", "$::horizon::params::http_modwsgi"],
|
||||
before => Package["$::horizon::params::package_name"],
|
||||
|
||||
A2mod {
|
||||
ensure => present,
|
||||
require => Package[$::horizon::params::package_name],
|
||||
notify => Service[$::horizon::params::http_service],
|
||||
}
|
||||
|
||||
a2mod { 'wsgi': }
|
||||
|
||||
if $use_ssl {
|
||||
a2mod { ['rewrite', 'ssl']: }
|
||||
}
|
||||
|
||||
file { '/etc/apache2/sites-enabled/openstack-dashboard':
|
||||
ensure => link,
|
||||
target => $::horizon::params::vhosts_file,
|
||||
#require => File['/etc/apache2/sites-available/openstack-dashboard'],
|
||||
}
|
||||
|
||||
file { '/etc/apache2/sites-enabled/000-default':
|
||||
ensure => absent,
|
||||
before => Service[$::horizon::params::http_service],
|
||||
}
|
||||
|
||||
# exec { 'a2enmod wsgi':
|
||||
# command => 'a2enmod wsgi',
|
||||
# path => ['/usr/bin','/usr/sbin','/bin/','/sbin'],
|
||||
# require => Package["$::horizon::params::http_service", "$::horizon::params::http_modwsgi"],
|
||||
# before => Package["$::horizon::params::package_name"],
|
||||
# }
|
||||
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
service { '$::horizon::params::http_service':
|
||||
name => $::horizon::params::http_service,
|
||||
ensure => 'running',
|
||||
@ -128,6 +213,7 @@ class horizon(
|
||||
require => Package["$::horizon::params::http_service", "$::horizon::params::http_modwsgi"],
|
||||
subscribe => File["$::horizon::params::local_settings_path", "$::horizon::params::logdir"]
|
||||
}
|
||||
|
||||
if $cache_server_ip =~ /^127\.0\.0\.1/ {
|
||||
Class['memcached'] -> Class['horizon']
|
||||
}
|
||||
|
@ -7,17 +7,28 @@ class horizon::params {
|
||||
case $::osfamily {
|
||||
'RedHat': {
|
||||
$http_service = 'httpd'
|
||||
$vhosts_file = '/etc/httpd/conf.d/ssl.conf'
|
||||
$http_modwsgi = 'mod_wsgi'
|
||||
$package_name = 'openstack-dashboard'
|
||||
$httpd_listen_config_file = '/etc/httpd/conf/httpd.conf'
|
||||
$config_file = '/etc/httpd/conf.d/openstack-dashboard.conf'
|
||||
$httpd_listen_config_file = '/etc/httpd/conf.d/ports.conf'
|
||||
$local_settings_path = '/etc/openstack-dashboard/local_settings'
|
||||
$root_url = '/dashboard'
|
||||
$apache_user = 'apache'
|
||||
$apache_group = 'apache'
|
||||
$ssl_key_group = 'root'
|
||||
$ssl_dir = '/etc/pki/tls'
|
||||
}
|
||||
'Debian': {
|
||||
$http_service = 'apache2'
|
||||
$config_file = '/etc/apache2/conf.d/openstack-dashboard.conf'
|
||||
$vhosts_file = '/etc/apache2/sites-available/openstack-dashboard.conf'
|
||||
$local_settings_path = '/etc/openstack-dashboard/local_settings.py'
|
||||
$httpd_listen_config_file = '/etc/apache2/ports.conf'
|
||||
$http_modwsgi = 'libapache2-mod-wsgi'
|
||||
$root_url = '/horizon'
|
||||
$apache_user = 'www-data'
|
||||
$apache_group = 'www-data'
|
||||
$ssl_key_group = 'ssl-cert'
|
||||
$ssl_dir = '/etc/ssl'
|
||||
case $::operatingsystem {
|
||||
'Debian': {
|
||||
$package_name = 'openstack-dashboard-apache'
|
||||
@ -26,10 +37,12 @@ class horizon::params {
|
||||
$package_name = 'openstack-dashboard'
|
||||
}
|
||||
}
|
||||
$local_settings_path = '/etc/openstack-dashboard/local_settings.py'
|
||||
}
|
||||
default: {
|
||||
fail("Unsupported osfamily: ${::osfamily} operatingsystem: ${::operatingsystem}, module ${module_name} only support osfamily RedHat and Debian")
|
||||
}
|
||||
}
|
||||
|
||||
$ssl_cert_file = "${ssl_dir}/certs/horizon.pem"
|
||||
$ssl_key_file = "${ssl_dir}/private/horizon.key"
|
||||
}
|
||||
|
@ -4,11 +4,8 @@ from django.utils.translation import ugettext_lazy as _
|
||||
|
||||
DEBUG = <%= django_debug %>
|
||||
TEMPLATE_DEBUG = DEBUG
|
||||
PROD = False
|
||||
USE_SSL = False
|
||||
|
||||
# Note: You should change this value
|
||||
SECRET_KEY = '<%= secret_key %>'
|
||||
|
||||
|
||||
# Specify a regular expression to validate user passwords.
|
||||
# HORIZON_CONFIG = {
|
||||
@ -20,6 +17,9 @@ SECRET_KEY = '<%= secret_key %>'
|
||||
|
||||
LOCAL_PATH = os.path.dirname(os.path.abspath(__file__))
|
||||
|
||||
# Note: You should change this value
|
||||
SECRET_KEY = '<%= secret_key %>'
|
||||
|
||||
# We recommend you use memcached for development; otherwise after every reload
|
||||
# of the django development server, you will have to login again. To use
|
||||
# memcached set CACHE_BACKED to something like 'memcached://127.0.0.1:11211/'
|
||||
@ -46,6 +46,9 @@ OPENSTACK_HOST = "<%= keystone_host %>"
|
||||
OPENSTACK_KEYSTONE_URL = "<%= keystone_scheme %>://%s:<%= keystone_port %>/v2.0" % OPENSTACK_HOST
|
||||
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "<%= keystone_default_role %>"
|
||||
|
||||
# Disable SSL certificate checks (useful for self-signed certificates):
|
||||
OPENSTACK_SSL_NO_VERIFY = True
|
||||
|
||||
# The OPENSTACK_KEYSTONE_BACKEND settings can be used to identify the
|
||||
# capabilities of the auth backend for Keystone.
|
||||
# If Keystone has been configured to use LDAP as the auth backend then set
|
||||
@ -57,6 +60,10 @@ OPENSTACK_KEYSTONE_BACKEND = {
|
||||
'can_edit_user': True
|
||||
}
|
||||
|
||||
OPENSTACK_HYPERVISOR_FEATURES = {
|
||||
'can_set_mount_point': True
|
||||
}
|
||||
|
||||
# OPENSTACK_ENDPOINT_TYPE specifies the endpoint type to use for the endpoints
|
||||
# in the Keystone service catalog. Use this setting when Horizon is running
|
||||
# external to the OpenStack environment. The default is 'internalURL'.
|
||||
@ -65,15 +72,21 @@ OPENSTACK_KEYSTONE_BACKEND = {
|
||||
<% if swift -%>
|
||||
# Include the SWIFT interface extension in Horizon
|
||||
SWIFT_ENABLED = True
|
||||
SWIFT_PAGINATE_LIMIT = 100
|
||||
<% end -%>
|
||||
|
||||
# The number of Swift containers and objects to display on a single page before
|
||||
# providing a paging element (a "more" link) to paginate results.
|
||||
API_RESULT_LIMIT = <%= api_result_limit %>
|
||||
API_RESULT_PAGE_SIZE = 20
|
||||
|
||||
<% if quantum -%>
|
||||
# Include the Quantum interface extensions in Horizon
|
||||
QUANTUM_ENABLED = True
|
||||
QUANTUM_URL = '%s' % OPENSTACK_HOST
|
||||
QUANTUM_PORT = '9696'
|
||||
QUANTUM_TENANT = 'services'
|
||||
QUANTUM_CLIENT_VERSION='2.0'
|
||||
<% end -%>
|
||||
|
||||
# If you have external monitoring links, eg:
|
||||
@ -136,8 +149,9 @@ LOGGING = {
|
||||
}
|
||||
}
|
||||
|
||||
LOGIN_URL='/<%= dashboard_urlpart %>/auth/login/'
|
||||
LOGIN_REDIRECT_URL='/<%= dashboard_urlpart%>'
|
||||
LOGIN_URL = '<%= root_url %>/auth/login/'
|
||||
LOGOUT_URL = '<%= root_url %>/auth/logout/'
|
||||
LOGIN_REDIRECT_URL = '<%= root_url %>/syspanel/'
|
||||
|
||||
# The Ubuntu package includes pre-compressed JS and compiled CSS to allow
|
||||
# offline compression by default. To enable online compression, install
|
||||
|
@ -1,12 +1,23 @@
|
||||
NameVirtualHost *:80
|
||||
Listen <%= bind_address %>:80
|
||||
# If you just change the port or add more ports here, you will likely also
|
||||
# have to change the VirtualHost statement
|
||||
|
||||
NameVirtualHost *:<%= @http_port %>
|
||||
Listen <%= @bind_address %>:<%= @http_port %>
|
||||
|
||||
<% if @osfamily == 'RedHat' -%>
|
||||
<% if @use_ssl -%>
|
||||
NameVirtualHost *:<%= @https_port %>
|
||||
Listen <%= @bind_address %>:<%= @https_port %>
|
||||
<% end %>
|
||||
<% else %>
|
||||
<IfModule mod_ssl.c>
|
||||
Listen <%= bind_address %>:443
|
||||
# Server Name Indication for SSL named virtual hosts is currently not
|
||||
# supported by MSIE on Windows XP.
|
||||
NameVirtualHost *:<%= @https_port %>
|
||||
Listen <%= @bind_address %>:<%= @https_port %>
|
||||
</IfModule>
|
||||
|
||||
<IfModule mod_gnutls.c>
|
||||
Listen <%= bind_address %>:443
|
||||
Listen <%= @bind_address %>:<%= @https_port %>
|
||||
</IfModule>
|
||||
|
||||
|
||||
<% end %>
|
||||
|
35
deployment/puppet/horizon/templates/vhosts.erb
Normal file
35
deployment/puppet/horizon/templates/vhosts.erb
Normal file
@ -0,0 +1,35 @@
|
||||
#
|
||||
# This file autogenerated by Puppet
|
||||
# Do not edit, changes will be overwritten
|
||||
#
|
||||
|
||||
RedirectMatch permanent ^/$ <%= @root_url %>/
|
||||
|
||||
<% if @use_ssl -%>
|
||||
# SSL support
|
||||
<% if @osfamily == 'RedHat' -%>
|
||||
LoadModule ssl_module modules/mod_ssl.so
|
||||
<% end -%>
|
||||
|
||||
SSLPassPhraseDialog builtin
|
||||
SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
|
||||
SSLSessionCacheTimeout 300
|
||||
SSLMutex default
|
||||
SSLRandomSeed startup file:/dev/urandom 256
|
||||
SSLRandomSeed connect builtin
|
||||
SSLCryptoDevice builtin
|
||||
<% end -%>
|
||||
|
||||
<VirtualHost *:<%= @http_port %>>
|
||||
<% if @use_ssl -%>
|
||||
RewriteEngine On
|
||||
RewriteCond %{HTTPS} off
|
||||
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R]
|
||||
</VirtualHost>
|
||||
|
||||
<VirtualHost *:<%= @https_port %>>
|
||||
SSLEngine on
|
||||
SSLCertificateFile <%= @ssl_cert_file %>
|
||||
SSLCertificateKeyFile <%= @ssl_key_file %>
|
||||
<% end -%>
|
||||
</VirtualHost>
|
Loading…
Reference in New Issue
Block a user