diff --git a/doc/image-building.rst b/doc/image-building.rst index 3b8ae1d71c..18cc3494f4 100644 --- a/doc/image-building.rst +++ b/doc/image-building.rst @@ -209,6 +209,7 @@ as part of a binary install type build: * ``openstack-dashboard`` * ``httpd`` * ``mod_wsgi`` +* ``mod_ssl`` * ``gettext`` To add a package to this list, say, ``iproute``, first create a file, e.g. diff --git a/docker/aodh/aodh-base/Dockerfile.j2 b/docker/aodh/aodh-base/Dockerfile.j2 index 0b04a6486a..02af44bb1b 100644 --- a/docker/aodh/aodh-base/Dockerfile.j2 +++ b/docker/aodh/aodh-base/Dockerfile.j2 @@ -14,13 +14,15 @@ MAINTAINER {{ maintainer }} 'openstack-aodh-common', 'httpd', 'mod_wsgi', + 'mod_ssl', 'python-ldappool' ] %} {{ macros.install_packages(aodh_base_packages | customizable("packages")) }} RUN mkdir -p /var/www/cgi-bin/aodh \ && cp -a /usr/lib/python2.7/site-packages/aodh/api/app.wsgi /var/www/cgi-bin/aodh/ \ - && sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf + && sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf \ + && sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf {% elif base_distro in ['ubuntu'] %} {% set aodh_base_packages = [ @@ -42,12 +44,14 @@ RUN mkdir -p /var/www/cgi-bin/aodh \ {% set aodh_base_packages = [ 'httpd', 'mod_wsgi', + 'mod_ssl', 'python-ldappool' ] %} {{ macros.install_packages(aodh_base_packages | customizable("packages")) }} RUN mkdir -p /var/www/cgi-bin/aodh \ - && sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf + && sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf \ + && sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf {% elif base_distro in ['ubuntu', 'debian'] %} {% set aodh_base_packages = [ diff --git a/docker/ceilometer/ceilometer-api/Dockerfile.j2 b/docker/ceilometer/ceilometer-api/Dockerfile.j2 index 885155e74d..69716b2dc6 100644 --- a/docker/ceilometer/ceilometer-api/Dockerfile.j2 +++ b/docker/ceilometer/ceilometer-api/Dockerfile.j2 @@ -10,10 +10,12 @@ MAINTAINER {{ maintainer }} {% set ceilometer_api_packages = [ 'openstack-ceilometer-api', 'httpd', - 'mod_wsgi' + 'mod_wsgi', + 'mod_ssl' ] %} {{ macros.install_packages(ceilometer_api_packages | customizable("packages")) }} -RUN sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf +RUN sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf \ + && sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf {% elif base_distro in ['ubuntu'] %} {% set ceilometer_api_packages = [ 'ceilometer-api', @@ -32,13 +34,15 @@ RUN echo > /etc/apache2/ports.conf {% set ceilometer_api_packages = [ 'httpd', 'mod_wsgi', + 'mod_ssl', 'gettext' ] %} {{ macros.install_packages(ceilometer_api_packages | customizable("packages")) }} {% block ceilometer_api_redhat_source_setup %} -RUN sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf +RUN sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf \ + && sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf {% endblock %} {% elif base_distro in ['ubuntu', 'debian'] %} diff --git a/docker/cinder/cinder-api/Dockerfile.j2 b/docker/cinder/cinder-api/Dockerfile.j2 index 6c6800fba7..a99dba4bda 100644 --- a/docker/cinder/cinder-api/Dockerfile.j2 +++ b/docker/cinder/cinder-api/Dockerfile.j2 @@ -10,10 +10,12 @@ MAINTAINER {{ maintainer }} {% set cinder_api_packages = [ 'python-keystone', 'httpd', - 'mod_wsgi' + 'mod_wsgi', + 'mod_ssl' ] %} {{ macros.install_packages(cinder_api_packages | customizable("packages")) }} -RUN sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf +RUN sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf \ + && sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf {% elif base_distro in ['ubuntu'] %} {% set cinder_api_packages = [ 'cinder-api', @@ -28,10 +30,12 @@ RUN echo > /etc/apache2/ports.conf {% if base_distro in ['centos', 'oraclelinux', 'rhel'] %} {% set cinder_api_packages = [ 'httpd', - 'mod_wsgi' + 'mod_wsgi', + 'mod_ssl' ] %} {{ macros.install_packages(cinder_api_packages | customizable("packages")) }} -RUN sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf +RUN sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf \ + && sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf {% elif base_distro in ['ubuntu'] %} {% set cinder_api_packages = [ 'apache2', diff --git a/docker/freezer/freezer-api/Dockerfile.j2 b/docker/freezer/freezer-api/Dockerfile.j2 index 3e5fd5bbfc..f3b9831530 100644 --- a/docker/freezer/freezer-api/Dockerfile.j2 +++ b/docker/freezer/freezer-api/Dockerfile.j2 @@ -15,12 +15,14 @@ RUN echo '{{ install_type }} not yet available for {{ base_distro }}' \ {% if base_distro in ['centos', 'oraclelinux', 'rhel'] %} {% set freezer_api_packages = [ 'mod_wsgi', + 'mod_ssl', 'httpd' ] %} {{ macros.install_packages(freezer_api_packages | customizable("packages")) }} -RUN sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf +RUN sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf \ + && sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf {% elif base_distro in ['ubuntu', 'debian'] %} {% set freezer_api_packages = [ 'libapache2-mod-wsgi', diff --git a/docker/gnocchi/gnocchi-base/Dockerfile.j2 b/docker/gnocchi/gnocchi-base/Dockerfile.j2 index 13f1ac5a2e..2011dec33c 100644 --- a/docker/gnocchi/gnocchi-base/Dockerfile.j2 +++ b/docker/gnocchi/gnocchi-base/Dockerfile.j2 @@ -14,12 +14,14 @@ MAINTAINER {{ maintainer }} 'openstack-gnocchi-common', 'httpd', 'mod_wsgi', + 'mod_ssl', 'python-ldappool', 'python-rados' ] %} {{ macros.install_packages(gnocchi_base_packages | customizable("packages")) }} -RUN sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf +RUN sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf \ + && sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf {% elif base_distro in ['ubuntu'] %} {% set gnocchi_base_packages = [ @@ -40,12 +42,14 @@ RUN truncate -s 0 /etc/apache2/ports.conf {% set gnocchi_base_packages = [ 'httpd', 'mod_wsgi', + 'mod_ssl', 'python-ldappool', 'python-rados' ] %} {{ macros.install_packages(gnocchi_base_packages | customizable("packages")) }} RUN mkdir -p /var/www/cgi-bin/gnocchi \ - && sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf + && sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf \ + && sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf {% elif base_distro in ['ubuntu', 'debian'] %} {% set gnocchi_base_packages = [ diff --git a/docker/heat/heat-base/Dockerfile.j2 b/docker/heat/heat-base/Dockerfile.j2 index 49ec781cef..933c9e4290 100644 --- a/docker/heat/heat-base/Dockerfile.j2 +++ b/docker/heat/heat-base/Dockerfile.j2 @@ -13,10 +13,12 @@ MAINTAINER {{ maintainer }} {% set heat_base_packages = [ 'openstack-heat-common', 'httpd', - 'mod_wsgi' + 'mod_wsgi', + 'mod_ssl' ] %} {{ macros.install_packages(heat_base_packages | customizable("packages")) }} -RUN sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf +RUN sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf \ + && sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf {% elif base_distro in ['ubuntu'] %} {% set heat_base_packages = [ 'heat-common', @@ -33,11 +35,12 @@ RUN echo > /etc/apache2/ports.conf {% set heat_base_packages = [ 'httpd', - 'mod_wsgi' + 'mod_wsgi', + 'mod_ssl' ] %} - {{ macros.install_packages(heat_base_packages | customizable("packages")) }} -RUN sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf +RUN sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf \ + && sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf {% elif base_distro in ['ubuntu'] %} diff --git a/docker/horizon/Dockerfile.j2 b/docker/horizon/Dockerfile.j2 index 7948808a4e..f6d63b695f 100644 --- a/docker/horizon/Dockerfile.j2 +++ b/docker/horizon/Dockerfile.j2 @@ -14,6 +14,7 @@ MAINTAINER {{ maintainer }} 'openstack-dashboard', 'httpd', 'mod_wsgi', + 'mod_ssl', 'gettext', 'openstack-cloudkitty-ui', 'openstack-ironic-ui', @@ -30,6 +31,7 @@ MAINTAINER {{ maintainer }} {% block horizon_redhat_binary_setup %} RUN sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf \ + && sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf \ && ln -s /usr/share/openstack-dashboard/openstack_dashboard /usr/lib/python2.7/site-packages/openstack_dashboard \ && ln -s /usr/share/openstack-dashboard/static /usr/lib/python2.7/site-packages/static \ && chown -R horizon: /etc/openstack-dashboard /usr/share/openstack-dashboard \ @@ -81,13 +83,15 @@ RUN echo > /etc/apache2/ports.conf \ {% set horizon_packages = [ 'httpd', 'mod_wsgi', + 'mod_ssl', 'gettext' ] %} {{ macros.install_packages(horizon_packages | customizable("packages")) }} {% block horizon_redhat_source_setup %} -RUN sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf +RUN sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf \ + && sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf {% endblock %} {% elif base_distro in ['ubuntu', 'debian'] %} diff --git a/docker/ironic/ironic-pxe/Dockerfile.j2 b/docker/ironic/ironic-pxe/Dockerfile.j2 index 658a83d631..79e71393d2 100644 --- a/docker/ironic/ironic-pxe/Dockerfile.j2 +++ b/docker/ironic/ironic-pxe/Dockerfile.j2 @@ -11,10 +11,12 @@ MAINTAINER {{ maintainer }} 'syslinux-tftpboot', 'httpd', 'ipxe-bootimgs', - 'mod_wsgi' + 'mod_wsgi', + 'mod_ssl' ] %} {{ macros.install_packages(ironic_pxe_packages | customizable("packages")) }} -RUN sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf +RUN sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf \ + && sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf {% elif base_distro in ['ubuntu', 'debian'] %} {% set ironic_pxe_packages = [ 'tftpd-hpa', diff --git a/docker/keystone/keystone-base/Dockerfile.j2 b/docker/keystone/keystone-base/Dockerfile.j2 index 9b33a55554..a4d98efa4c 100644 --- a/docker/keystone/keystone-base/Dockerfile.j2 +++ b/docker/keystone/keystone-base/Dockerfile.j2 @@ -14,6 +14,7 @@ MAINTAINER {{ maintainer }} 'python-keystoneclient', 'httpd', 'mod_wsgi', + 'mod_ssl', 'python-ldappool' ] %} @@ -21,7 +22,8 @@ MAINTAINER {{ maintainer }} RUN mkdir -p /var/www/cgi-bin/keystone \ && cp -a /usr/bin/keystone-wsgi-public /var/www/cgi-bin/keystone/main \ && cp -a /usr/bin/keystone-wsgi-admin /var/www/cgi-bin/keystone/admin \ - && sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf + && sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf \ + && sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf {% elif base_distro in ['ubuntu'] %} {% set keystone_base_packages = [ @@ -44,10 +46,12 @@ RUN mkdir -p /var/www/cgi-bin/keystone \ {% set keystone_base_packages = [ 'httpd', 'mod_wsgi', + 'mod_ssl', 'python-ldappool' ] %} {{ macros.install_packages(keystone_base_packages | customizable("packages")) }} -RUN sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf +RUN sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf \ + && sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf {% elif base_distro in ['ubuntu', 'debian'] %} {% set keystone_base_packages = [ diff --git a/docker/nova/nova-api/Dockerfile.j2 b/docker/nova/nova-api/Dockerfile.j2 index 287b3a2d0e..ae08ffe658 100644 --- a/docker/nova/nova-api/Dockerfile.j2 +++ b/docker/nova/nova-api/Dockerfile.j2 @@ -11,10 +11,12 @@ MAINTAINER {{ maintainer }} {% set nova_api_packages = [ 'openstack-nova-api', 'httpd', - 'mod_wsgi' + 'mod_wsgi', + 'mod_ssl' ] %} {{ macros.install_packages(nova_api_packages | customizable("packages")) }} -RUN sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf +RUN sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf \ + && sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf {% elif base_distro in ['ubuntu'] %} @@ -35,10 +37,12 @@ RUN echo > /etc/apache2/ports.conf {% set nova_api_packages = [ 'httpd', - 'mod_wsgi' + 'mod_wsgi', + 'mod_ssl' ] %} {{ macros.install_packages(nova_api_packages | customizable("packages")) }} -RUN sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf +RUN sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf \ + && sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf {% elif base_distro in ['ubuntu'] %} diff --git a/docker/nova/nova-placement-api/Dockerfile.j2 b/docker/nova/nova-placement-api/Dockerfile.j2 index dfd7a1f2f6..c90fd6b7cd 100644 --- a/docker/nova/nova-placement-api/Dockerfile.j2 +++ b/docker/nova/nova-placement-api/Dockerfile.j2 @@ -11,11 +11,13 @@ MAINTAINER {{ maintainer }} {% set nova_placement_api_packages = [ 'httpd', 'mod_wsgi', + 'mod_ssl', 'openstack-nova-placement-api' ] %} {{ macros.install_packages(nova_placement_api_packages | customizable("packages")) }} -RUN sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf +RUN sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf \ + && sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf {% elif base_distro in ['ubuntu'] %} @@ -34,11 +36,13 @@ RUN truncate -s 0 /etc/apache2/ports.conf {% set nova_placement_api_packages = [ 'httpd', - 'mod_wsgi' + 'mod_wsgi', + 'mod_ssl' ] %} {{ macros.install_packages(nova_placement_api_packages | customizable("packages")) }} -RUN sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf +RUN sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf \ + && sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf {% elif base_distro in ['ubuntu'] %} {% set nova_placement_api_packages = [ diff --git a/docker/panko/panko-base/Dockerfile.j2 b/docker/panko/panko-base/Dockerfile.j2 index 88ce5b87ce..7db6c48098 100644 --- a/docker/panko/panko-base/Dockerfile.j2 +++ b/docker/panko/panko-base/Dockerfile.j2 @@ -14,11 +14,13 @@ MAINTAINER {{ maintainer }} 'openstack-panko-common', 'httpd', 'mod_wsgi', + 'mod_ssl', 'python-ldappool' ] %} {{ macros.install_packages(panko_base_packages | customizable("packages")) }} -RUN sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf +RUN sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf \ + && sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf {% elif base_distro in ['ubuntu', 'debian'] %} RUN echo '{{ install_type }} not yet available for {{ base_distro }}' \ @@ -31,10 +33,12 @@ RUN echo '{{ install_type }} not yet available for {{ base_distro }}' \ {% set panko_base_packages = [ 'httpd', 'mod_wsgi', + 'mod_ssl', 'python-ldappool' ] %} {{ macros.install_packages(panko_base_packages | customizable("packages")) }} -RUN sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf +RUN sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf \ + && sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf {% elif base_distro in ['ubuntu', 'debian'] %} diff --git a/releasenotes/notes/Add-mod_ssl-to-images-2d2972c3cf794f65.yaml b/releasenotes/notes/Add-mod_ssl-to-images-2d2972c3cf794f65.yaml new file mode 100644 index 0000000000..9a49a6e764 --- /dev/null +++ b/releasenotes/notes/Add-mod_ssl-to-images-2d2972c3cf794f65.yaml @@ -0,0 +1,6 @@ +--- +features: + - Images that contain services that run over httpd now ship mod_ssl as well. + This is useful when deployers want to configure these services to serve TLS + in the internal network instead of just relying on HAProxy for the TLS + termination. Note that currently this only applies to RHEL-based images.