From da0cedce6f14f5c35e733ac345d8d862db11cd2b Mon Sep 17 00:00:00 2001 From: Martin Magr Date: Mon, 14 Apr 2014 18:06:56 +0200 Subject: [PATCH] Fix log ownership and WSGIProcess* settings for Red Hat releases According to python-django-horizon's SPEC file log file should be owned by user 'apache'. According to openstack-dashboard.conf file located in the same package WSGIProcessGroup should be 'dashboard' and the name should be identical as WSGIDaemonProcess' name. It is required to set /var/run/wsgi as WSGISocketPrefix. [1] http://modwsgi.readthedocs.org/en/latest/configuration-directives/WSGIDaemonProcess.html Change-Id: I9aca382798c7ab37e267c9988b3947e1b3780712 --- manifests/params.pp | 4 +-- manifests/wsgi/apache.pp | 32 ++++++++++++++++++------ spec/classes/horizon_wsgi_apache_spec.rb | 27 ++++++++++++++++---- 3 files changed, 48 insertions(+), 15 deletions(-) diff --git a/manifests/params.pp b/manifests/params.pp index afbe45c6..67b44ac8 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -17,8 +17,8 @@ class horizon::params { $root_url = '/dashboard' $apache_user = 'apache' $apache_group = 'apache' - $wsgi_user = 'apache' - $wsgi_group = 'apache' + $wsgi_user = 'dashboard' + $wsgi_group = 'dashboard' } 'Debian': { $http_service = 'apache2' diff --git a/manifests/wsgi/apache.pp b/manifests/wsgi/apache.pp index bb4a7823..5aed5368 100644 --- a/manifests/wsgi/apache.pp +++ b/manifests/wsgi/apache.pp @@ -46,7 +46,14 @@ class horizon::wsgi::apache ( include ::horizon::params include ::apache - include ::apache::mod::wsgi + + if $::osfamily == 'RedHat' { + class { 'apache::mod::wsgi': + wsgi_socket_prefix => '/var/run/wsgi' + } + } else { + include ::apache::mod::wsgi + } # We already use apache::vhost to generate our own # configuration file, let's remove the configuration @@ -86,10 +93,19 @@ class horizon::wsgi::apache ( Package['horizon'] -> Package[$::horizon::params::http_service] File[$::horizon::params::config_file] ~> Service[$::horizon::params::http_service] + $unix_user = $::osfamily ? { + 'RedHat' => $::horizon::params::apache_user, + default => $::horizon::params::wsgi_user + } + $unix_group = $::osfamily ? { + 'RedHat' => $::horizon::params::apache_group, + default => $::horizon::params::wsgi_group, + } + file { $::horizon::params::logdir: ensure => directory, - owner => $::horizon::params::wsgi_user, - group => $::horizon::params::wsgi_group, + owner => $unix_user, + group => $unix_group, before => Service[$::horizon::params::http_service], mode => '0751', require => Package['horizon'] @@ -97,8 +113,8 @@ class horizon::wsgi::apache ( file { "${::horizon::params::logdir}/horizon.log": ensure => file, - owner => $::horizon::params::wsgi_user, - group => $::horizon::params::wsgi_group, + owner => $unix_user, + group => $unix_group, before => Service[$::horizon::params::http_service], mode => '0640', require => [ File[$::horizon::params::logdir], Package['horizon'] ], @@ -120,12 +136,12 @@ class horizon::wsgi::apache ( ssl_key => $horizon_key, ssl_ca => $horizon_ca, wsgi_script_aliases => hash([$::horizon::params::root_url, $::horizon::params::django_wsgi]), - wsgi_daemon_process => 'horizon', + wsgi_daemon_process => $::horizon::params::wsgi_group, wsgi_daemon_process_options => { processes => $wsgi_processes, threads => $wsgi_threads, - user => $::horizon::params::wsgi_user, - group => $::horizon::params::wsgi_group, + user => $unix_user, + group => $unix_group, }, wsgi_import_script => $::horizon::params::django_wsgi, wsgi_process_group => $::horizon::params::wsgi_group, diff --git a/spec/classes/horizon_wsgi_apache_spec.rb b/spec/classes/horizon_wsgi_apache_spec.rb index e2c8dc43..f27e7844 100644 --- a/spec/classes/horizon_wsgi_apache_spec.rb +++ b/spec/classes/horizon_wsgi_apache_spec.rb @@ -3,8 +3,10 @@ require 'spec_helper' describe 'horizon::wsgi::apache' do let :params do - { 'fqdn' => '*', - 'servername' => 'some.host.tld', + { :fqdn => '*', + :servername => 'some.host.tld', + :wsgi_processes => '3', + :wsgi_threads => '10', } end @@ -43,7 +45,10 @@ describe 'horizon::wsgi::apache' do 'ssl' => 'false', 'redirectmatch_status' => 'permanent', 'redirectmatch_regexp' => "^/$ #{platforms_params[:root_url]}", - 'wsgi_script_aliases' => { platforms_params[:root_url] => '/usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi' } + 'wsgi_script_aliases' => { platforms_params[:root_url] => '/usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi' }, + 'wsgi_process_group' => platforms_params[:wsgi_group], + 'wsgi_daemon_process' => platforms_params[:wsgi_group], + 'wsgi_daemon_process_options' => { 'processes' => params[:wsgi_processes], 'threads' => params[:wsgi_threads], 'user' => platforms_params[:unix_user], 'group' => platforms_params[:unix_group] } ) end end @@ -145,7 +150,13 @@ describe 'horizon::wsgi::apache' do let :platforms_params do { :http_service => 'httpd', :httpd_config_file => '/etc/httpd/conf.d/openstack-dashboard.conf', - :root_url => '/dashboard' } + :root_url => '/dashboard', + :apache_user => 'apache', + :apache_group => 'apache', + :wsgi_user => 'dashboard', + :wsgi_group => 'dashboard', + :unix_user => 'apache', + :unix_group => 'apache' } end it_behaves_like 'apache for horizon' @@ -162,7 +173,13 @@ describe 'horizon::wsgi::apache' do let :platforms_params do { :http_service => 'apache2', :httpd_config_file => '/etc/apache2/conf.d/openstack-dashboard.conf', - :root_url => '/horizon' } + :root_url => '/horizon', + :apache_user => 'www-data', + :apache_group => 'www-data', + :wsgi_user => 'horizon', + :wsgi_group => 'horizon', + :unix_user => 'horizon', + :unix_group => 'horizon' } end it_behaves_like 'apache for horizon'