Adds the access_log_format parameter that can be used to set
the log format that is used in the vhosts that puppetlabs-apache
manages.
Adds the same parameter to the init class to make sure that you
can set it when managing apache from there and not including the
wsgi::apache class manually.
The default value of the parameter is the same as enforced in other
modules that has the access_log_format, which is false. That is the
default that the puppetlabs-apache module has.
Change-Id: Ie8ac84c6231ad55c5974a95b50238f0d006b6336
The Horizon project has changed the old django.wsgi entrypoint to the
wsgi.py file in the openstack_dashboard module.
The following can be seen in the horizon logs:
WARNING:root:Use of this 'djano.wsgi' file has been deprecated since the
Rocky release in favor of 'wsgi.py' in the 'openstack_dashboard' module.
This file is a legacy naming from before Django 1.4 and an importable
'wsgi.py' is now the default. This file will be removed in the T release
cycle.
Change-Id: Iee2b3e78768dd55d5cd1629d64c9d2ff9d0d4b93
Due to Python's GIL [1], we can't use multiple threads for running
OpenStack services without a performance penalty, since the execution
ends up serialized, which defeats the purpose.
Instead, we should use several processes, since this approach doesn't
have this limitation.
See the same kind of change here [2]
[1] https://wiki.python.org/moin/GlobalInterpreterLock
[2] https://review.openstack.org/#/c/505192/
Change-Id: I9c1ef8991d63b18a0ec106a05576b74ab457a2a0
Fixes a bug where having listen_ssl and ssl_redirect
set to true did not redirect http to https if your
root_url was empty or '/'.
This now forces redirection from http to https no
matter what your root_url is if listen_ssl and ssl_redirect
is set to true.
This also cleans up all apache::wsgi::apache testing and fixes
the structure so it doesn't enforce some context tests only for
the SSL enabled context but for everything.
Change-Id: I53a9107a33e9afffc5d00884c66c073e77c59237
These parameters has been deprecated for
more than two years.
Let's remove them and add release notes.
Change-Id: I229f49ac4ce02e0b1ddbd0a2f111739ce3059f37
Closes-Bug: 1767114
When settings the root_url to a slash the
paths in the local_settings.py and apache config
will be wrong. This patch fixes that issue.
Change-Id: Ib64b22bb88b2827ea4be2eb8356aa404984ee0ba
Closes-Bug: 1651720
In order to see all the processes named correctly based
on their origins we should set display-name so all the WSGI
processes are named difrerently from the Apache ones.
Change-Id: I123530014c973e7312a18e384a2c0159842bf228
Closes-bug: #1726841
This allows the vhost to use the globally set CA file (in ssl.conf) if
present. Or one might just not need the CA to be set (no TLS
authentication).
Change-Id: Iba1aea34e72a0138120fa7bcb7267f73e37bf0ce
Closes-Bug: #1711280
Added in "WSGIApplicationGroup %{GLOBAL}" to fix an issue
where horizon will have ssl handshake issues with various
SSL openstack endpoints.
Change-Id: Idd10380f1b6e6ef0ee4a4cb84317aa12131b77c4
Closes-Bug: #1700176
When root_url is empty, an incorrect rewrite rule will be
created at vhosts config file causing httpd failure.
In order not to create any rule when root_url is empty,
the value should be ignored inside redirectmatch parameter
Change-Id: Idd4ac6a271b4c8d8e53ab27c68abd821a3aa0249
Closes-bug: #1665380
It removes unnecessary 'processorcount' facts in the tests
as os_workers fact should be used instead 'processorcount'.
Change-Id: Ic4aaf6be4b44b8799a29a44a063614071d1372a4
If root_url is '/' it's incorrect, unecessary to redirect from '^/$' to
'/'. It also causes a redirect loop.
This change introduces two sets of checks to avoid configuring apache::vhost
with redirectmatch_regexp and redirectmatch_dest if root_url is '/'.
Change-Id: Id5dcad250e3909e4e1431d9afd5460aa40a4c318
Closes-Bug: #1551759
Signed-off-by: Martin Millnert <martin@millnert.se>
Commit da0cedce6f14f5c35e733ac345d8d862db11cd2b assumed that the
user and group for Horizon in Red Hat platforms was 'dashboard', due
to the following lines being present in openstack-dashboard.conf:
WSGIDaemonProcess dashboard
WSGIProcessGroup dashboard
Actually, based on [1], this does not mean that, and the RPM packages
do not create such user, so we should switch that to the apache user.
[1] http://modwsgi.readthedocs.io/en/latest/configuration-directives/WSGIDaemonProcess.html
Change-Id: I52766ac0521951cc8c857e51a61823410585bed5
When running on puppet 4.3, the dependency for the package
is set to 'apache2' but the actual package resource title
in the puppetlabs-apache is 'httpd'. This change removes
$http_service from being set depending on osfamily and
makes it set to 'httpd' for all.
Change-Id: I030446fabb7ec83c9ed94032e4ae54faff060e69
Closes-Bug: 1558131
This commit will make universal modifications to the way the "root_url"
parameter is set so that a person can modify it. Adjusts tests
accordingly and improves on beaker success scenario.
This needs to occur to allow people the ability to serve horizon from the
root of a vhost.
Change-Id: If43ea694b2601c55a4b07c1cd5fc411abbaaaa2d
We need to have an ability to re-run collectstatic and compress
in case of changing horizon theme using `custom_theme_path`
parameter. So, we need to have 'exec collecstatic' resource
defined with 'refreshonly' parameter set to 'true.
The default behavior is still the same: collecstatic
isn't triggerred for debian packages.
Change-Id: I9096feca0935bfbeb1cc492c5aacb10d2ffa2b6d
Changed apache http/https ports to be configurable. This can be used for
example in cases where you have a load balancer listening to the default
ports on the same host.
The defaults are set to 80 for http and 443 for https, which were the
hardcoded values.
Change-Id: I9187a0abdbe9232667066d8c693985caf6481fa7
The Debian packages are handling compress & collectstatic in a
different way as for Ubuntu. This patch avoids running them,
and offload that works to the package. The original collectstatic
indicated that it was a workaround for Debian. See
I813b5f6067bb6ecce279cab7278d9227c4d31d28. Because of this, the
logic around the collectstatic exec has been limited to only
RedHat packaging.
Note that the variable os_package_type can be defined if we're
using Debian packages on top of Ubuntu (this is achieved by
installing the puppet-openstack-debian-fact package on Ubuntu).
This has been discussed in Tokyo with Emilien.
Also, this package fixes the configuration file path for Apache.
Change-Id: I3fbb1b576dd61ddd92921e9f12edfe5df21fddd0
Co-Authored-By: Alex Schultz <aschultz@mirantis.com>
This change exposes a redirect type configuration variable so that a
user can specify if they want to use 'temp' or 'permanent' redirects.
This change allows a user to switch to use a 'temp' redirect type
because Mozilla Firefox and Google Chrome cache the responses of '301
Moved Permanently'. Some users have multi tenant environments that have
different URLs for Horizon dashboards (Ubuntu - /horizon, CentOS -
dashboard). '302 Found' is not cacheable response which solves the issue
for multitenant users.
Change-Id: I81694d0ddeebafec7824f5b275d5fb504cd302b1
Closes-Bug: 1385133
Co-Authored-By: Alex Schultz <aschultz@mirantis.com>
Starting in Kilo, a new WEBROOT setting has been added in file
local_settings (see
http://docs.openstack.org/developer/horizon/topics/settings.html).
This requires changes in the Apache vhost configuration, too.
Change-Id: Ibbeec600502964b51c0c725c35d2afd6fd7bd9e9
This patch aim to update our specs test in order to work with the rspec-puppet
release 2.0.0, in the mean time, we update rspec syntax order to be prepared
for rspec 3.x move.
In details:
* Upgrade and pin rspec-puppet from 1.0.1 to 2.0.0
* Convert 'should' keyword to 'is_expected.to' (prepare rspec 3.x)
* Fix spec tests for rspec-puppet 2.0.0
* Clean Gemfile (remove over-specificication of runtime deps of
puppetlabs_spec_helper)
Change-Id: I405830cd95c9f0635418b91ff081c43d77234e39
Signed-off-by: Gael Chamoulaud <gchamoul@redhat.com>
A recent bugfix in the puppetlabs-apache module broke this module's
usage of vhost redirects. This patch updates our usage of apache::vhost
to use the new redirectmatch_dest parameter and pins the apache module
dependency to 1.2.0 so that the new parameter will be available.
Change-Id: I123b49eb54d7fd2908f09db03acacd1ba4f01492
Closes-Bug: 1390453
The configuration file /etc/apache2/conf.d/openstack-dashboard.conf
is not properly cleaned on Ubuntu platforms.
The configuration file is actually a symbolic link and
it looks like Puppet cannot manage its content if ensure
is present is used on the file resource.
This bug manifests itself with Puppet <= 3.2.x:
https://projects.puppetlabs.com/issues/6808
Updating the actual file on Ubuntu platforms fixes the problem.
Closes-bug: #1382222
Change-Id: I673d991f0de4d899cffc07a8ec6d60dbc4a1fb39
The per-platform setting of wsgi_socket_prefix has been moved
into the Apache module - horizon should just include ::apache::mod::wsgi
Add a dependency on the version of puppetlabs-apache that sets the
default wsgi_socket_prefix for osfamily RedHat
Closes-Bug: #1374634
Change-Id: Iba8311ba25445d3367e71d3c0e854291c33e7258
WSGIDaemonProcess and WSGIProcessGroup must have the same name. Without it Apache won't run.
Change-Id: Idf7dc3baca1fa43143997a9c9f7cbd9082af2e21
(cherry picked from commit 7f19008e3d74c029e6c5b47a161bfb679c18f4f5)
Previously, the apache vhost priority was hard coded to '15'.
This does not allow the vhost priority to be managed, even with
$extra_params, due to apache looking for either default_vhost OR
priority.
Change-Id: I58df7ce45564093711a12cacb2f85f74c5ed4069
According to python-django-horizon's SPEC file log file should
be owned by user 'apache'. According to openstack-dashboard.conf
file located in the same package WSGIProcessGroup should
be 'dashboard' and the name should be identical as WSGIDaemonProcess'
name. It is required to set /var/run/wsgi as WSGISocketPrefix.
[1] http://modwsgi.readthedocs.org/en/latest/configuration-directives/WSGIDaemonProcess.html
Change-Id: I9aca382798c7ab37e267c9988b3947e1b3780712
In some situation, it is useful to be able to pass extra parameters
to apache::vhost.
This change introduces a new parameter to pass a hash. It is use to
overwrite or add new parameters.
The variable uses an agnostic vhost_* name for the case we introduce
the support of a new server (e.g: nginx).
Closes-bug: #1294339
Change-Id: I749f005964c3bc549d724329d2dc9bc4f6dbcf6f
This patch improves the WSGI support:
- introduce a wsgi_user and wsgi_group to avoid confusion with
apache_user and apache_group
- ensure openstack-dashboard.conf will not conflict with apache::vhost
- ensure the WSGI user can write in the log file
- ability to define the number of WSGI process/thread
- disable the SSL vhost if needed
- create the /static alias using puppet-apache "alias" key
Closes-bug: #1265169
Change-Id: I39b52b2bc51ba04d59de81dc45b5a4ad82d0dc2c
Apache fails to start when the SSLEngine directive is turned
on outside of a vhost. Horizon configuration has been turned
into two apache vhosts. When SSL is enabled it will create
the second vhost for SSL. Additionally ssl_redirect was added
to have a redirect from http to https.
Closes-Bug: #1246742
Change-Id: Icf2a4bed8980137181810f2f5d3a38db54af4443
Add configure_apache parameter to add the ability to disable
configuration of Apache vhost for Horizon.
- Move Apache configuration to horizon::wsgi::apache class.
- Move management of logdir resource to horizon::wsgi::apache class.
Change-Id: I5aeb577ce827e923ed01a73cca1bd79789f81eff
Closes-bug: #1190282