Allow connections to Aodh API

* Add Aodh API port to list of opened for connections from master node. * Add ability to override this list from hiera. Closes-bug: #1566371 Change-Id: Ia9c0e141c340e63147f5f3123eaca2a487361cbc (cherry picked from commit 66323c18e6)
2016-04-05 18:36:31 +03:00 · 2016-04-05 18:36:31 +03:00 · 7171603f6b
commit 7171603f6b
parent eea206ed77
4 changed files with 18 additions and 5 deletions
--- a/deployment/puppet/osnailyfacter/manifests/apache_api_proxy.pp
+++ b/deployment/puppet/osnailyfacter/manifests/apache_api_proxy.pp
@ -3,15 +3,21 @@
 # Class for proxy realization using apache
 #
 # [*master_ip*]
-# (required) String. IP address of master node.
+#  (required) String. IP address of master node.
 #
 # [*max_header_size*]
-# (optional) String. Set the limit on the allowed size
+#  (optional) String. Set the limit on the allowed size
 #  of an HTTP request header field.
 #
+# [*ports*]
+#  (optional) List of open ports for connections from master node.
+#  (list value)
+#
 class osnailyfacter::apache_api_proxy(
  $master_ip,
  $max_header_size = '8190',
+  $ports           = ['443', '563', '5000', '6385', '8000', '8003', '8004', '8042', '8080',
+                        '8082', '8386', '8773', '8774', '8776', '8777', '9292', '9696'],
 ) {

  # Allow connection to the apache for ostf tests
--- a/deployment/puppet/osnailyfacter/manifests/api_proxy/api_proxy.pp
+++ b/deployment/puppet/osnailyfacter/manifests/api_proxy/api_proxy.pp
@ -2,7 +2,9 @@ class osnailyfacter::api_proxy::api_proxy {

  notice('MODULAR: api_proxy/api_proxy.pp')

-  $max_header_size = hiera('max_header_size', '81900')
+  $max_header_size        = hiera('max_header_size', '81900')
+  $apache_api_proxy_ports = hiera('apache_api_proxy_ports',
+   ['443', '563', '5000', '6385', '8000', '8003', '8004', '8042', '8080', '8082', '8386', '8773', '8774', '8776', '8777', '9292', '9696'])

  # Listen directives with host required for ip_based vhosts
  class { '::osnailyfacter::apache':
@ -13,6 +15,7 @@ class osnailyfacter::api_proxy::api_proxy {
  class { '::osnailyfacter::apache_api_proxy':
    master_ip       => hiera('master_ip'),
    max_header_size => $max_header_size,
+    ports           => $apache_api_proxy_ports,
  }

  include ::tweaks::apache_wrappers
--- a/deployment/puppet/osnailyfacter/templates/api_proxy.conf.erb
+++ b/deployment/puppet/osnailyfacter/templates/api_proxy.conf.erb
@ -1,6 +1,6 @@
  ProxyRequests on
  ProxyVia On
-  AllowCONNECT 443 563 5000 6385 8000 8003 8004 8080 8082 8386 8773 8774 8776 8777 9292 9696
+  AllowCONNECT <%= @ports.join(" ") %>
  HostnameLookups off
  LimitRequestFieldSize <%= @max_header_size %>
  SetEnv force-proxy-request-1.0 1
--- a/tests/noop/spec/hosts/api-proxy/api-proxy_spec.rb
+++ b/tests/noop/spec/hosts/api-proxy/api-proxy_spec.rb
@ -22,6 +22,10 @@ describe manifest do
      Noop.hiera('max_header_size', '81900')
    end

+    let(:ports) do
+      Noop.hiera('apache_api_proxy_ports', ['443', '563', '5000', '6385', '8000', '8003', '8004', '8042', '8080', '8082', '8386', '8773', '8774', '8776', '8777', '9292', '9696'])
+    end
+
    it {
      should contain_service('httpd').with(
           'hasrestart' => true,
@ -60,7 +64,7 @@ describe manifest do
  ## Custom fragment
  ProxyRequests on
  ProxyVia On
-  AllowCONNECT 443 563 5000 6385 8000 8003 8004 8080 8082 8386 8773 8774 8776 8777 9292 9696
+  AllowCONNECT #{ports.join(' ')}
  HostnameLookups off
  LimitRequestFieldSize 81900
  SetEnv force-proxy-request-1.0 1