openstack/fuel-library
Code Issues Proposed changes
8f4dd7d184
fuel-library/deployment/puppet/horizon/manifests/wsgi/apache.pp
Aleksandr Didenko 8ca4927b82 Sync horizon module with upstream 
168c206dfefa35abec48d7bce33ed469bf98cefb v 5.0.0

Also enables unit tests for 'horizon' module.

Fuel-CI: disable

Change-Id: I64e267f12fac5602069500236538c41cf686532f
Partial blueprint: merge-openstack-puppet-modules
2014-12-30 11:53:51 +02:00

200 lines
6.3 KiB
Puppet
Raw Blame History

# == Class: horizon::wsgi::apache
#
# Configures Apache WSGI for Horizon.
#
# === Parameters
#
# [*bind_address*]
# (optional) Bind address in Apache for Horizon. (Defaults to '0.0.0.0')
#
# [*server_aliases*]
# (optional) List of names which should be defined as ServerAlias directives
# in vhost.conf.
# Defaults to ::fqdn.
#
# [*listen_ssl*]
# (optional) Enable SSL support in Apache. (Defaults to false)
#
# [*horizon_cert*]
# (required with listen_ssl) Certificate to use for SSL support.
#
# [*horizon_key*]
# (required with listen_ssl) Private key to use for SSL support.
#
# [*horizon_ca*]
# (required with listen_ssl) CA certificate to use for SSL support.
#
# [*wsgi_processes*]
# (optional) Number of Horizon processes to spawn
# Defaults to '3'
#
# [*wsgi_threads*]
# (optional) Number of thread to run in a Horizon process
# Defaults to '10'
#
# [*priority*]
# (optional) The apache vhost priority.
# Defaults to '15'. To set Horizon as the primary vhost, change to '10'.
#
# [*extra_params*]
# (optional) A hash of extra paramaters for apache::wsgi class.
# Defaults to {}
class horizon::wsgi::apache (
$bind_address = undef,
$fqdn = undef,
$servername = $::fqdn,
$server_aliases = $::fqdn,
$listen_ssl = false,
$ssl_redirect = true,
$horizon_cert = undef,
$horizon_key = undef,
$horizon_ca = undef,
$wsgi_processes = '3',
$wsgi_threads = '10',
$priority = '15',
$vhost_conf_name = 'horizon_vhost',
$vhost_ssl_conf_name = 'horizon_ssl_vhost',
$extra_params = {},
) {
include ::horizon::params
include ::apache
if $fqdn {
warning('Parameter fqdn is deprecated. Please use parameter server_aliases for setting ServerAlias directives in vhost.conf.')
$final_server_aliases = $fqdn
} else {
$final_server_aliases = $server_aliases
}
include ::apache::mod::wsgi
# We already use apache::vhost to generate our own
# configuration file, let's clean the configuration
# embedded within the package
file { $::horizon::params::httpd_config_file:
ensure => present,
content => "#
# This file has been cleaned by Puppet.
#
# OpenStack Horizon configuration has been moved to:
# - ${priority}-${vhost_conf_name}.conf
# - ${priority}-${vhost_ssl_conf_name}.conf
#",
require => Package[$::horizon::params::package_name]
}
if $listen_ssl {
include ::apache::mod::ssl
$ensure_ssl_vhost = 'present'
if $horizon_ca == undef {
fail('The horizon_ca parameter is required when listen_ssl is true')
}
if $horizon_cert == undef {
fail('The horizon_cert parameter is required when listen_ssl is true')
}
if $horizon_key == undef {
fail('The horizon_key parameter is required when listen_ssl is true')
}
if $ssl_redirect {
$redirect_match = '(.*)'
$redirect_url = "https://${servername}"
}
} else {
$ensure_ssl_vhost = 'absent'
$redirect_match = '^/$'
$redirect_url = $::horizon::params::root_url
}
Package['horizon'] -> Package[$::horizon::params::http_service]
File[$::horizon::params::config_file] ~> Service[$::horizon::params::http_service]
$unix_user = $::osfamily ? {
'RedHat' => $::horizon::params::apache_user,
default => $::horizon::params::wsgi_user
}
$unix_group = $::osfamily ? {
'RedHat' => $::horizon::params::apache_group,
default => $::horizon::params::wsgi_group,
}
file { $::horizon::params::logdir:
ensure => directory,
owner => $unix_user,
group => $unix_group,
before => Service[$::horizon::params::http_service],
mode => '0751',
require => Package['horizon']
}
file { "${::horizon::params::logdir}/horizon.log":
ensure => file,
owner => $unix_user,
group => $unix_group,
before => Service[$::horizon::params::http_service],
mode => '0640',
require => [ File[$::horizon::params::logdir], Package['horizon'] ],
}
$default_vhost_conf_no_ip = {
servername => $servername,
serveraliases => os_any2array($final_server_aliases),
docroot => '/var/www/',
access_log_file => 'horizon_access.log',
error_log_file => 'horizon_error.log',
priority => $priority,
aliases => [
{ alias => '/static', path => '/usr/share/openstack-dashboard/static' }
],
port => 80,
ssl_cert => $horizon_cert,
ssl_key => $horizon_key,
ssl_ca => $horizon_ca,
wsgi_script_aliases => hash([$::horizon::params::root_url, $::horizon::params::django_wsgi]),
wsgi_daemon_process => $::horizon::params::wsgi_group,
wsgi_daemon_process_options => {
processes => $wsgi_processes,
threads => $wsgi_threads,
user => $unix_user,
group => $unix_group,
},
wsgi_import_script => $::horizon::params::django_wsgi,
wsgi_process_group => $::horizon::params::wsgi_group,
redirectmatch_status => 'permanent',
}
# Only add the 'ip' element to the $default_vhost_conf hash if it was explicitly
# specified in the instantiation of the class. This is because ip => undef gets
# changed to ip => '' via the Puppet function API when ensure_resource is called.
# See https://bugs.launchpad.net/puppet-horizon/+bug/1371345
if $bind_address {
$default_vhost_conf = merge($default_vhost_conf_no_ip, { ip => $bind_address })
} else {
$default_vhost_conf = $default_vhost_conf_no_ip
}
ensure_resource('apache::vhost', $vhost_conf_name, merge ($default_vhost_conf, $extra_params, {
redirectmatch_regexp => $redirect_match,
redirectmatch_dest => $redirect_url,
}))
ensure_resource('apache::vhost', $vhost_ssl_conf_name, merge ($default_vhost_conf, $extra_params, {
access_log_file => 'horizon_ssl_access.log',
error_log_file => 'horizon_ssl_error.log',
priority => $priority,
ssl => true,
port => 443,
ensure => $ensure_ssl_vhost,
wsgi_daemon_process => 'horizon-ssl',
wsgi_process_group => 'horizon-ssl',
redirectmatch_regexp => '^/$',
redirectmatch_dest => $::horizon::params::root_url,
}))
}
View Git Blame Copy Permalink