Horizon SSL handshake errors with apache

Added in "WSGIApplicationGroup %{GLOBAL}" to fix an issue where horizon will have ssl handshake issues with various SSL openstack endpoints. Change-Id: Idd10380f1b6e6ef0ee4a4cb84317aa12131b77c4 Closes-Bug: #1700176 Closes-Bug: #1708655 (cherry picked from commit 588b9f83c7)
2017-06-23 17:14:51 -04:00 · 2017-06-23 17:14:51 -04:00 · 155e416d72
parent e3acd97e9b
commit 155e416d72
4 changed files with 58 additions and 48 deletions
--- a/manifests/params.pp
+++ b/manifests/params.pp
@ -3,9 +3,10 @@
 class horizon::params {
  include ::openstacklib::defaults
-  $logdir      = '/var/log/horizon'
+  $logdir                 = '/var/log/horizon'
-  $django_wsgi = '/usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi'
+  $django_wsgi            = '/usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi'
-  $manage_py   = '/usr/share/openstack-dashboard/manage.py'
+  $manage_py              = '/usr/share/openstack-dashboard/manage.py'
  $wsgi_application_group = '%{GLOBAL}'
  case $::osfamily {
    'RedHat': {
--- a/manifests/wsgi/apache.pp
+++ b/manifests/wsgi/apache.pp
@ -225,9 +225,10 @@ class horizon::wsgi::apache (
      user                      => $unix_user,
      group                     => $unix_group,
    },
-    wsgi_import_script   => $::horizon::params::django_wsgi,
+    wsgi_import_script     => $::horizon::params::django_wsgi,
-    wsgi_process_group   => $::horizon::params::wsgi_group,
+    wsgi_process_group     => $::horizon::params::wsgi_group,
-    redirectmatch_status => $redirect_type,
+    wsgi_application_group => $::horizon::params::wsgi_application_group,
    redirectmatch_status   => $redirect_type,
  }
  # Only add the 'ip' element to the $default_vhost_conf hash if it was explicitly
--- a/releasenotes/notes/fix_ssl_handshake_errors-aece1e80e78820a2.yaml
+++ b/releasenotes/notes/fix_ssl_handshake_errors-aece1e80e78820a2.yaml
@ -0,0 +1,4 @@
 ---
 issues:
  - an issue with horizon having ssl handshake issues under apache with ssl endpoints.
    Fix adds in WSGIApplicationGroup apache directive.
--- a/spec/classes/horizon_wsgi_apache_spec.rb
+++ b/spec/classes/horizon_wsgi_apache_spec.rb
@ -31,20 +31,21 @@ describe 'horizon::wsgi::apache' do
        is_expected.to contain_file(platforms_params[:httpd_config_file])
        is_expected.to contain_package('horizon').with_ensure('present')
        is_expected.to contain_apache__vhost('horizon_vhost').with(
-          'servername'           => 'some.host.tld',
+          'servername'             => 'some.host.tld',
-          'access_log_file'      => 'horizon_access.log',
+          'access_log_file'        => 'horizon_access.log',
-          'error_log_file'       => 'horizon_error.log',
+          'error_log_file'         => 'horizon_error.log',
-          'priority'             => '15',
+          'priority'               => '15',
-          'serveraliases'        => ['*'],
+          'serveraliases'          => ['*'],
-          'docroot'              => '/var/www/',
+          'docroot'                => '/var/www/',
-          'ssl'                  => 'false',
+          'ssl'                    => 'false',
-          'port'                 => '80',
+          'port'                   => '80',
-          'redirectmatch_status' => 'permanent',
+          'redirectmatch_status'   => 'permanent',
-          'redirectmatch_regexp' => '^/$',
+          'redirectmatch_regexp'   => '^/$',
-          'redirectmatch_dest'   => platforms_params[:root_url],
+          'redirectmatch_dest'     => platforms_params[:root_url],
-          'wsgi_script_aliases'  => { platforms_params[:root_url] => '/usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi' },
+          'wsgi_script_aliases'    => { platforms_params[:root_url] => '/usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi' },
-          'wsgi_process_group'   => platforms_params[:wsgi_group],
+          'wsgi_process_group'     => platforms_params[:wsgi_group],
-          'wsgi_daemon_process'  => platforms_params[:wsgi_group],
+          'wsgi_daemon_process'    => platforms_params[:wsgi_group],
          'wsgi_application_group' => '%{GLOBAL}',
          'wsgi_daemon_process_options' => { 'processes' => params[:wsgi_processes], 'threads' => params[:wsgi_threads], 'user' => platforms_params[:unix_user], 'group' => platforms_params[:unix_group] }
         )
      end
@ -67,20 +68,21 @@ describe 'horizon::wsgi::apache' do
        is_expected.to contain_file(platforms_params[:httpd_config_file])
        is_expected.to contain_package('horizon').with_ensure('present')
        is_expected.to contain_apache__vhost('horizon_vhost').with(
-          'servername'           => 'some.host.tld',
+          'servername'             => 'some.host.tld',
-          'access_log_file'      => 'horizon_access.log',
+          'access_log_file'        => 'horizon_access.log',
-          'error_log_file'       => 'horizon_error.log',
+          'error_log_file'         => 'horizon_error.log',
-          'priority'             => params[:priority],
+          'priority'               => params[:priority],
-          'serveraliases'        => ['*'],
+          'serveraliases'          => ['*'],
-          'docroot'              => '/var/www/',
+          'docroot'                => '/var/www/',
-          'ssl'                  => 'false',
+          'ssl'                    => 'false',
-          'port'                 => '80',
+          'port'                   => '80',
-          'redirectmatch_status' => 'temp',
+          'redirectmatch_status'   => 'temp',
-          'redirectmatch_regexp' => '^/$',
+          'redirectmatch_regexp'   => '^/$',
-          'redirectmatch_dest'   => platforms_params[:root_url],
+          'redirectmatch_dest'     => platforms_params[:root_url],
-          'wsgi_script_aliases'  => { platforms_params[:root_url] => '/usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi' },
+          'wsgi_script_aliases'    => { platforms_params[:root_url] => '/usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi' },
-          'wsgi_process_group'   => platforms_params[:wsgi_group],
+          'wsgi_process_group'     => platforms_params[:wsgi_group],
-          'wsgi_daemon_process'  => platforms_params[:wsgi_group],
+          'wsgi_daemon_process'    => platforms_params[:wsgi_group],
          'wsgi_application_group' => '%{GLOBAL}',
          'wsgi_daemon_process_options' => { 'processes' => params[:wsgi_processes], 'threads' => params[:wsgi_threads], 'user' => platforms_params[:unix_user], 'group' => platforms_params[:unix_group] }
         )
      end
@ -118,24 +120,26 @@ describe 'horizon::wsgi::apache' do
          'redirectmatch_dest'     => platforms_params[:root_url],
          'wsgi_process_group'     => 'horizon-ssl',
          'wsgi_daemon_process'    => 'horizon-ssl',
          'wsgi_application_group' => '%{GLOBAL}',
          'wsgi_script_aliases'  => { platforms_params[:root_url] => '/usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi' },
        )}
        it { is_expected.to contain_apache__vhost('horizon_vhost').with(
-          'servername'           => 'some.host.tld',
+          'servername'             => 'some.host.tld',
-          'access_log_file'      => 'horizon_access.log',
+          'access_log_file'        => 'horizon_access.log',
-          'error_log_file'       => 'horizon_error.log',
+          'error_log_file'         => 'horizon_error.log',
-          'priority'             => '15',
+          'priority'               => '15',
-          'serveraliases'        => ['*'],
+          'serveraliases'          => ['*'],
-          'docroot'              => '/var/www/',
+          'docroot'                => '/var/www/',
-          'ssl'                  => 'false',
+          'ssl'                    => 'false',
-          'port'                 => '80',
+          'port'                   => '80',
-          'redirectmatch_status' => 'permanent',
+          'redirectmatch_status'   => 'permanent',
-          'redirectmatch_regexp' => '(.*)',
+          'redirectmatch_regexp'   => '(.*)',
-          'redirectmatch_dest'   => 'https://some.host.tld',
+          'redirectmatch_dest'     => 'https://some.host.tld',
-          'wsgi_process_group'   => platforms_params[:wsgi_group],
+          'wsgi_process_group'     => platforms_params[:wsgi_group],
-          'wsgi_daemon_process'  => platforms_params[:wsgi_group],
+          'wsgi_daemon_process'    => platforms_params[:wsgi_group],
-          'wsgi_script_aliases'  => { platforms_params[:root_url] => '/usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi' },
+          'wsgi_application_group' => '%{GLOBAL}',
          'wsgi_script_aliases'    => { platforms_params[:root_url] => '/usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi' },
        )}
      end