openstack/kolla
Code Issues Proposed changes

Merge "RHEL: Add mod_ssl for services running over httpd"

Browse Source
This commit is contained in:
Jenkins 2017-03-28 13:57:00 +00:00 committed by Gerrit Code Review
commit 6b9a4381a0
14 changed files with 81 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
doc/image-building.rst
View File

@ -209,6 +209,7 @@ as part of a binary install type build:
* ``openstack-dashboard``
* ``httpd``
* ``mod_wsgi``
* ``mod_ssl``
* ``gettext``
To add a package to this list, say, ``iproute``, first create a file, e.g.

8
docker/aodh/aodh-base/Dockerfile.j2
View File

@ -14,13 +14,15 @@ MAINTAINER {{ maintainer }}
'openstack-aodh-common',
'httpd',
'mod_wsgi',
'mod_ssl',
'python-ldappool'
] %}
{{ macros.install_packages(aodh_base_packages | customizable("packages")) }}
RUN mkdir -p /var/www/cgi-bin/aodh \
&& cp -a /usr/lib/python2.7/site-packages/aodh/api/app.wsgi /var/www/cgi-bin/aodh/ \
&& sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf
&& sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf \
&& sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf
{% elif base_distro in ['ubuntu'] %}
{% set aodh_base_packages = [
@ -42,12 +44,14 @@ RUN mkdir -p /var/www/cgi-bin/aodh \
{% set aodh_base_packages = [
'httpd',
'mod_wsgi',
'mod_ssl',
'python-ldappool'
] %}
{{ macros.install_packages(aodh_base_packages | customizable("packages")) }}
RUN mkdir -p /var/www/cgi-bin/aodh \
&& sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf
&& sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf \
&& sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf
{% elif base_distro in ['ubuntu', 'debian'] %}
{% set aodh_base_packages = [

10
docker/ceilometer/ceilometer-api/Dockerfile.j2
View File

@ -10,10 +10,12 @@ MAINTAINER {{ maintainer }}
{% set ceilometer_api_packages = [
'openstack-ceilometer-api',
'httpd',
'mod_wsgi'
'mod_wsgi',
'mod_ssl'
] %}
{{ macros.install_packages(ceilometer_api_packages | customizable("packages")) }}
RUN sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf
RUN sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf \
&& sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf
{% elif base_distro in ['ubuntu'] %}
{% set ceilometer_api_packages = [
'ceilometer-api',
@ -32,13 +34,15 @@ RUN echo > /etc/apache2/ports.conf
{% set ceilometer_api_packages = [
'httpd',
'mod_wsgi',
'mod_ssl',
'gettext'
] %}
{{ macros.install_packages(ceilometer_api_packages | customizable("packages")) }}
{% block ceilometer_api_redhat_source_setup %}
RUN sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf
RUN sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf \
&& sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf
{% endblock %}
{% elif base_distro in ['ubuntu', 'debian'] %}

12
docker/cinder/cinder-api/Dockerfile.j2
View File

@ -10,10 +10,12 @@ MAINTAINER {{ maintainer }}
{% set cinder_api_packages = [
'python-keystone',
'httpd',
'mod_wsgi'
'mod_wsgi',
'mod_ssl'
] %}
{{ macros.install_packages(cinder_api_packages | customizable("packages")) }}
RUN sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf
RUN sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf \
&& sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf
{% elif base_distro in ['ubuntu'] %}
{% set cinder_api_packages = [
'cinder-api',
@ -28,10 +30,12 @@ RUN echo > /etc/apache2/ports.conf
{% if base_distro in ['centos', 'oraclelinux', 'rhel'] %}
{% set cinder_api_packages = [
'httpd',
'mod_wsgi'
'mod_wsgi',
'mod_ssl'
] %}
{{ macros.install_packages(cinder_api_packages | customizable("packages")) }}
RUN sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf
RUN sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf \
&& sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf
{% elif base_distro in ['ubuntu'] %}
{% set cinder_api_packages = [
'apache2',

4
docker/freezer/freezer-api/Dockerfile.j2
View File

@ -15,12 +15,14 @@ RUN echo '{{ install_type }} not yet available for {{ base_distro }}' \
{% if base_distro in ['centos', 'oraclelinux', 'rhel'] %}
{% set freezer_api_packages = [
'mod_wsgi',
'mod_ssl',
'httpd'
] %}
{{ macros.install_packages(freezer_api_packages | customizable("packages")) }}
RUN sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf
RUN sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf \
&& sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf
{% elif base_distro in ['ubuntu', 'debian'] %}
{% set freezer_api_packages = [
'libapache2-mod-wsgi',

8
docker/gnocchi/gnocchi-base/Dockerfile.j2
View File

@ -14,12 +14,14 @@ MAINTAINER {{ maintainer }}
'openstack-gnocchi-common',
'httpd',
'mod_wsgi',
'mod_ssl',
'python-ldappool',
'python-rados'
] %}
{{ macros.install_packages(gnocchi_base_packages | customizable("packages")) }}
RUN sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf
RUN sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf \
&& sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf
{% elif base_distro in ['ubuntu'] %}
{% set gnocchi_base_packages = [
@ -40,12 +42,14 @@ RUN truncate -s 0 /etc/apache2/ports.conf
{% set gnocchi_base_packages = [
'httpd',
'mod_wsgi',
'mod_ssl',
'python-ldappool',
'python-rados'
] %}
{{ macros.install_packages(gnocchi_base_packages | customizable("packages")) }}
RUN mkdir -p /var/www/cgi-bin/gnocchi \
&& sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf
&& sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf \
&& sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf
{% elif base_distro in ['ubuntu', 'debian'] %}
{% set gnocchi_base_packages = [

13
docker/heat/heat-base/Dockerfile.j2
View File

@ -13,10 +13,12 @@ MAINTAINER {{ maintainer }}
{% set heat_base_packages = [
'openstack-heat-common',
'httpd',
'mod_wsgi'
'mod_wsgi',
'mod_ssl'
] %}
{{ macros.install_packages(heat_base_packages | customizable("packages")) }}
RUN sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf
RUN sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf \
&& sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf
{% elif base_distro in ['ubuntu'] %}
{% set heat_base_packages = [
'heat-common',
@ -33,11 +35,12 @@ RUN echo > /etc/apache2/ports.conf
{% set heat_base_packages = [
'httpd',
'mod_wsgi'
'mod_wsgi',
'mod_ssl'
] %}
{{ macros.install_packages(heat_base_packages | customizable("packages")) }}
RUN sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf
RUN sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf \
&& sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf
{% elif base_distro in ['ubuntu'] %}

6
docker/horizon/Dockerfile.j2
View File

@ -14,6 +14,7 @@ MAINTAINER {{ maintainer }}
'openstack-dashboard',
'httpd',
'mod_wsgi',
'mod_ssl',
'gettext',
'openstack-cloudkitty-ui',
'openstack-ironic-ui',
@ -30,6 +31,7 @@ MAINTAINER {{ maintainer }}
{% block horizon_redhat_binary_setup %}
RUN sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf \
&& sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf \
&& ln -s /usr/share/openstack-dashboard/openstack_dashboard /usr/lib/python2.7/site-packages/openstack_dashboard \
&& ln -s /usr/share/openstack-dashboard/static /usr/lib/python2.7/site-packages/static \
&& chown -R horizon: /etc/openstack-dashboard /usr/share/openstack-dashboard \
@ -81,13 +83,15 @@ RUN echo > /etc/apache2/ports.conf \
{% set horizon_packages = [
'httpd',
'mod_wsgi',
'mod_ssl',
'gettext'
] %}
{{ macros.install_packages(horizon_packages | customizable("packages")) }}
{% block horizon_redhat_source_setup %}
RUN sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf
RUN sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf \
&& sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf
{% endblock %}
{% elif base_distro in ['ubuntu', 'debian'] %}

6
docker/ironic/ironic-pxe/Dockerfile.j2
View File

@ -11,10 +11,12 @@ MAINTAINER {{ maintainer }}
'syslinux-tftpboot',
'httpd',
'ipxe-bootimgs',
'mod_wsgi'
'mod_wsgi',
'mod_ssl'
] %}
{{ macros.install_packages(ironic_pxe_packages | customizable("packages")) }}
RUN sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf
RUN sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf \
&& sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf
{% elif base_distro in ['ubuntu', 'debian'] %}
{% set ironic_pxe_packages = [
'tftpd-hpa',

8
docker/keystone/keystone-base/Dockerfile.j2
View File

@ -14,6 +14,7 @@ MAINTAINER {{ maintainer }}
'python-keystoneclient',
'httpd',
'mod_wsgi',
'mod_ssl',
'python-ldappool'
] %}
@ -21,7 +22,8 @@ MAINTAINER {{ maintainer }}
RUN mkdir -p /var/www/cgi-bin/keystone \
&& cp -a /usr/bin/keystone-wsgi-public /var/www/cgi-bin/keystone/main \
&& cp -a /usr/bin/keystone-wsgi-admin /var/www/cgi-bin/keystone/admin \
&& sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf
&& sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf \
&& sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf
{% elif base_distro in ['ubuntu'] %}
{% set keystone_base_packages = [
@ -44,10 +46,12 @@ RUN mkdir -p /var/www/cgi-bin/keystone \
{% set keystone_base_packages = [
'httpd',
'mod_wsgi',
'mod_ssl',
'python-ldappool'
] %}
{{ macros.install_packages(keystone_base_packages | customizable("packages")) }}
RUN sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf
RUN sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf \
&& sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf
{% elif base_distro in ['ubuntu', 'debian'] %}
{% set keystone_base_packages = [

12
docker/nova/nova-api/Dockerfile.j2
View File

@ -11,10 +11,12 @@ MAINTAINER {{ maintainer }}
{% set nova_api_packages = [
'openstack-nova-api',
'httpd',
'mod_wsgi'
'mod_wsgi',
'mod_ssl'
] %}
{{ macros.install_packages(nova_api_packages | customizable("packages")) }}
RUN sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf
RUN sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf \
&& sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf
{% elif base_distro in ['ubuntu'] %}
@ -35,10 +37,12 @@ RUN echo > /etc/apache2/ports.conf
{% set nova_api_packages = [
'httpd',
'mod_wsgi'
'mod_wsgi',
'mod_ssl'
] %}
{{ macros.install_packages(nova_api_packages | customizable("packages")) }}
RUN sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf
RUN sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf \
&& sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf
{% elif base_distro in ['ubuntu'] %}

10
docker/nova/nova-placement-api/Dockerfile.j2
View File

@ -11,11 +11,13 @@ MAINTAINER {{ maintainer }}
{% set nova_placement_api_packages = [
'httpd',
'mod_wsgi',
'mod_ssl',
'openstack-nova-placement-api'
] %}
{{ macros.install_packages(nova_placement_api_packages | customizable("packages")) }}
RUN sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf
RUN sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf \
&& sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf
{% elif base_distro in ['ubuntu'] %}
@ -34,11 +36,13 @@ RUN truncate -s 0 /etc/apache2/ports.conf
{% set nova_placement_api_packages = [
'httpd',
'mod_wsgi'
'mod_wsgi',
'mod_ssl'
] %}
{{ macros.install_packages(nova_placement_api_packages | customizable("packages")) }}
RUN sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf
RUN sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf \
&& sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf
{% elif base_distro in ['ubuntu'] %}
{% set nova_placement_api_packages = [

8
docker/panko/panko-base/Dockerfile.j2
View File

@ -14,11 +14,13 @@ MAINTAINER {{ maintainer }}
'openstack-panko-common',
'httpd',
'mod_wsgi',
'mod_ssl',
'python-ldappool'
] %}
{{ macros.install_packages(panko_base_packages | customizable("packages")) }}
RUN sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf
RUN sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf \
&& sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf
{% elif base_distro in ['ubuntu', 'debian'] %}
RUN echo '{{ install_type }} not yet available for {{ base_distro }}' \
@ -31,10 +33,12 @@ RUN echo '{{ install_type }} not yet available for {{ base_distro }}' \
{% set panko_base_packages = [
'httpd',
'mod_wsgi',
'mod_ssl',
'python-ldappool'
] %}
{{ macros.install_packages(panko_base_packages | customizable("packages")) }}
RUN sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf
RUN sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf \
&& sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf
{% elif base_distro in ['ubuntu', 'debian'] %}

6
releasenotes/notes/Add-mod_ssl-to-images-2d2972c3cf794f65.yaml Normal file
View File

@ -0,0 +1,6 @@
---
features:
- Images that contain services that run over httpd now ship mod_ssl as well.
This is useful when deployers want to configure these services to serve TLS
in the internal network instead of just relying on HAProxy for the TLS
termination. Note that currently this only applies to RHEL-based images.