37 Commits

Author SHA1 Message Date
Tobias Urdin
a0468fd8cb Add access_log_format for WSGI
Adds the access_log_format parameter that can be used to set
the log format that is used in the vhosts that puppetlabs-apache
manages.

Adds the same parameter to the init class to make sure that you
can set it when managing apache from there and not including the
wsgi::apache class manually.

The default value of the parameter is the same as enforced in other
modules that has the access_log_format, which is false. That is the
default that the puppetlabs-apache module has.

Change-Id: Ie8ac84c6231ad55c5974a95b50238f0d006b6336
2018-12-10 14:49:00 +01:00
Tobias Urdin
15bd50c2f1 Django WSGI entrypoint change
The Horizon project has changed the old django.wsgi entrypoint to the
wsgi.py file in the openstack_dashboard module.

The following can be seen in the horizon logs:
WARNING:root:Use of this 'djano.wsgi' file has been deprecated since the
Rocky release in favor of 'wsgi.py' in the 'openstack_dashboard' module.
This file is a legacy naming from before Django 1.4 and an importable
'wsgi.py' is now the default. This file will be removed in the T release
cycle.

Change-Id: Iee2b3e78768dd55d5cd1629d64c9d2ff9d0d4b93
2018-08-20 14:17:13 +02:00
Tobias Urdin
bb54858824 apache wsgi: Exchange defaults for workers and threads
Due to Python's GIL [1], we can't use multiple threads for running
 OpenStack services without a performance penalty, since the execution
 ends up serialized, which defeats the purpose.

 Instead, we should use several processes, since this approach doesn't
 have this limitation.

 See the same kind of change here [2]

 [1] https://wiki.python.org/moin/GlobalInterpreterLock
 [2] https://review.openstack.org/#/c/505192/

Change-Id: I9c1ef8991d63b18a0ec106a05576b74ab457a2a0
2018-08-12 21:02:29 +00:00
Tobias Urdin
a56420e5ef Fix redirect to https bug and testing
Fixes a bug where having listen_ssl and ssl_redirect
set to true did not redirect http to https if your
root_url was empty or '/'.

This now forces redirection from http to https no
matter what your root_url is if listen_ssl and ssl_redirect
is set to true.

This also cleans up all apache::wsgi::apache testing and fixes
the structure so it doesn't enforce some context tests only for
the SSL enabled context but for everything.

Change-Id: I53a9107a33e9afffc5d00884c66c073e77c59237
2018-06-24 14:48:54 +02:00
Zuul
58113f9297 Merge "Fix root_url bug when using a slash" 2018-05-02 19:06:56 +00:00
Tobias Urdin
c3eefcb86e Remove deprecated parameters
These parameters has been deprecated for
more than two years.

Let's remove them and add release notes.

Change-Id: I229f49ac4ce02e0b1ddbd0a2f111739ce3059f37
Closes-Bug: 1767114
2018-04-26 17:25:42 +02:00
Tobias Urdin
32a784c784 Fix root_url bug when using a slash
When settings the root_url to a slash the
paths in the local_settings.py and apache config
will be wrong. This patch fixes that issue.

Change-Id: Ib64b22bb88b2827ea4be2eb8356aa404984ee0ba
Closes-Bug: 1651720
2018-04-26 15:53:40 +02:00
melissaml
3f7bdf4eca fix a typo in documentation
Change-Id: I62cf08f188958a1ab71d2d40a92858682e0bbd8d
2018-03-23 06:44:43 +08:00
Benedikt Trefzer
4339c0a8c1 add parameter to overwrite/add wsgi process options
Add parameter to apache_wsgi to allow overwrite
and/or add additional wsgi process options.

Change-Id: I0a8e16971be9c8c76d427b637e8afda79af78845
2017-11-02 07:40:09 +01:00
Mateusz Kowalski
fec29f5586 Set display-name for WSGI
In order to see all the processes named correctly based
on their origins we should set display-name so all the WSGI
processes are named difrerently from the Apache ones.

Change-Id: I123530014c973e7312a18e384a2c0159842bf228
Closes-bug: #1726841
2017-10-24 17:09:37 +02:00
Juan Antonio Osorio Robles
639f1cf98d Make horizon_ca optional when SSL is enabled
This allows the vhost to use the globally set CA file (in ssl.conf) if
present. Or one might just not need the CA to be set (no TLS
authentication).

Change-Id: Iba1aea34e72a0138120fa7bcb7267f73e37bf0ce
Closes-Bug: #1711280
2017-08-17 16:45:10 +03:00
Matthew J. Black
588b9f83c7 Horizon SSL handshake errors with apache
Added in "WSGIApplicationGroup %{GLOBAL}" to fix an issue
where horizon will have ssl handshake issues with various
SSL openstack endpoints.

Change-Id: Idd10380f1b6e6ef0ee4a4cb84317aa12131b77c4
Closes-Bug: #1700176
2017-06-23 17:25:00 -04:00
Mariusz Karpiarz
8a280b091c Allows for custom location to static assets
Gives the ability to specify the path to static assets.
Closes-Bug: #1684194

Change-Id: I580380472ad816b12237dc444178c953251d86bc
2017-04-21 05:31:55 +01:00
Michael Polenchuk
b5139808e3 Rectify static alias
On Debian platforms static files resides in /var/lib.
Fuel bug: https://bugs.launchpad.net/fuel/+bug/1672990

Change-Id: I9aef5da052ee93c27834167089f11aa215ed8447
2017-03-23 16:38:47 +04:00
Mateusz Kowalski
003d69f69c Avoid empty redirect rule in vhost config
When root_url is empty, an incorrect rewrite rule will be
created at vhosts config file causing httpd failure.
In order not to create any rule when root_url is empty,
the value should be ignored inside redirectmatch parameter

Change-Id: Idd4ac6a271b4c8d8e53ab27c68abd821a3aa0249
Closes-bug: #1665380
2017-02-17 11:22:47 +01:00
Maksym Yatsenko
971ab06ea2 Remove unnecessary 'processorcount' facts
It removes unnecessary 'processorcount' facts in the tests
as os_workers fact should be used instead 'processorcount'.

Change-Id: Ic4aaf6be4b44b8799a29a44a063614071d1372a4
2016-10-12 22:00:41 +03:00
Martin Millnert
000a40263b Avoid causing redirect loop
If root_url is '/' it's incorrect, unecessary to redirect from '^/$' to
'/'. It also causes a redirect loop.

This change introduces two sets of checks to avoid configuring apache::vhost
with redirectmatch_regexp and redirectmatch_dest if root_url is '/'.

Change-Id: Id5dcad250e3909e4e1431d9afd5460aa40a4c318
Closes-Bug: #1551759
Signed-off-by: Martin Millnert <martin@millnert.se>
2016-09-02 14:25:27 -06:00
Alex Schultz
72dcec4e9b Switch horizon to use rspec-puppet-facts
This change updates puppet-horizon to use rspec-puppet-facts for all
rspec tests.

Change-Id: I86e4e32037e7c96b47c12077cd0d2fc30c62c5f9
2016-07-07 15:11:36 -06:00
Javier Pena
e1e0a1b56c Fix wsgi_user and wsgi_group in Red Hat platforms
Commit da0cedce6f14f5c35e733ac345d8d862db11cd2b assumed that the
user and group for Horizon in Red Hat platforms was 'dashboard', due
to the following lines being present in openstack-dashboard.conf:

WSGIDaemonProcess dashboard
WSGIProcessGroup dashboard

Actually, based on [1], this does not mean that, and the RPM packages
do not create such user, so we should switch that to the apache user.

[1] http://modwsgi.readthedocs.io/en/latest/configuration-directives/WSGIDaemonProcess.html

Change-Id: I52766ac0521951cc8c857e51a61823410585bed5
2016-05-09 16:08:23 +02:00
Matthew Black
e445ac1ab6 Fixed ubuntu package dependency on puppet 4.3
When running on puppet 4.3, the dependency for the package
is set to 'apache2' but the actual package resource title
in the puppetlabs-apache is 'httpd'. This change removes
$http_service from being set depending on osfamily and
makes it set to 'httpd' for all.

Change-Id: I030446fabb7ec83c9ed94032e4ae54faff060e69
Closes-Bug: 1558131
2016-03-22 11:11:53 -04:00
Cody Herriges
64f5872e5f Making root_url configurable
This commit will make universal modifications to the way the "root_url"
  parameter is set so that a person can modify it.  Adjusts tests
  accordingly and improves on beaker success scenario.

  This needs to occur to allow people the ability to serve horizon from the
  root of a vhost.

Change-Id: If43ea694b2601c55a4b07c1cd5fc411abbaaaa2d
2016-02-25 17:20:31 -08:00
iberezovskiy
1c51079068 Leave an ability to trigger collectstatic for debian/ubuntu
We need to have an ability to re-run collectstatic and compress
in case of changing horizon theme using `custom_theme_path`
parameter. So, we need to have 'exec collecstatic' resource
defined with 'refreshonly' parameter set to 'true.

The default behavior is still the same: collecstatic
isn't triggerred for debian packages.

Change-Id: I9096feca0935bfbeb1cc492c5aacb10d2ffa2b6d
2016-02-16 14:34:23 +03:00
Kalle Happonen
1a52b5bb0d Take apache http and https ports as parameters
Changed apache http/https ports to be configurable. This can be used for
example in cases where you have a load balancer listening to the default
ports on the same host.

The defaults are set to 80 for http and 443 for https, which were the
hardcoded values.

Change-Id: I9187a0abdbe9232667066d8c693985caf6481fa7
2015-12-31 12:54:05 +02:00
Thomas Goirand
0eada93284 Do not run collectstatic or compress in Debian
The Debian packages are handling compress & collectstatic in a
different way as for Ubuntu. This patch avoids running them,
and offload that works to the package. The original collectstatic
indicated that it was a workaround for Debian. See
I813b5f6067bb6ecce279cab7278d9227c4d31d28. Because of this, the
logic around the collectstatic exec has been limited to only
RedHat packaging.

Note that the variable os_package_type can be defined if we're
using Debian packages on top of Ubuntu (this is achieved by
installing the puppet-openstack-debian-fact package on Ubuntu).
This has been discussed in Tokyo with Emilien.

Also, this package fixes the configuration file path for Apache.

Change-Id: I3fbb1b576dd61ddd92921e9f12edfe5df21fddd0
Co-Authored-By: Alex Schultz <aschultz@mirantis.com>
2015-11-17 16:17:24 -06:00
Sergii Golovatiuk
8de1b6100b Make redirect type configurable
This change exposes a redirect type configuration variable so that a
user can specify if they want to use 'temp' or 'permanent' redirects.

This change allows a user to switch to use a 'temp' redirect type
because Mozilla Firefox and Google Chrome cache the responses of '301
Moved Permanently'. Some users have multi tenant environments that have
different URLs for Horizon dashboards (Ubuntu - /horizon, CentOS -
dashboard). '302 Found' is not cacheable response which solves the issue
for multitenant users.

Change-Id: I81694d0ddeebafec7824f5b275d5fb504cd302b1
Closes-Bug: 1385133
Co-Authored-By: Alex Schultz <aschultz@mirantis.com>
2015-08-12 09:01:56 -05:00
Javier Pena
42ed4ec736 Add support for WEBROOT in local_settings
Starting in Kilo, a new WEBROOT setting has been added in file
local_settings (see
http://docs.openstack.org/developer/horizon/topics/settings.html).
This requires changes in the Apache vhost configuration, too.

Change-Id: Ibbeec600502964b51c0c725c35d2afd6fd7bd9e9
2015-06-16 10:35:58 +02:00
Gael Chamoulaud
cb436e722e spec: updates for rspec-puppet 2.x and rspec 3.x
This patch aim to update our specs test in order to work with the rspec-puppet
release 2.0.0, in the mean time, we update rspec syntax order to be prepared
for rspec 3.x move.

In details:
* Upgrade and pin rspec-puppet from 1.0.1 to 2.0.0
* Convert 'should' keyword to 'is_expected.to' (prepare rspec 3.x)
* Fix spec tests for rspec-puppet 2.0.0
* Clean Gemfile (remove over-specificication of runtime deps of
  puppetlabs_spec_helper)

Change-Id: I405830cd95c9f0635418b91ff081c43d77234e39
Signed-off-by: Gael Chamoulaud <gchamoul@redhat.com>
2015-04-14 11:38:34 +02:00
Colleen Murphy
512ff352eb Update horzion::wsgi::apache for new apache module
A recent bugfix in the puppetlabs-apache module broke this module's
usage of vhost redirects. This patch updates our usage of apache::vhost
to use the new redirectmatch_dest parameter and pins the apache module
dependency to 1.2.0 so that the new parameter will be available.

Change-Id: I123b49eb54d7fd2908f09db03acacd1ba4f01492
Closes-Bug: 1390453
2014-11-24 12:55:44 -08:00
Mathieu Gagné
ba17482781 Fix default Apache config cleanup on Ubuntu
The configuration file /etc/apache2/conf.d/openstack-dashboard.conf
is not properly cleaned on Ubuntu platforms.

The configuration file is actually a symbolic link and
it looks like Puppet cannot manage its content if ensure
is present is used on the file resource.

This bug manifests itself with Puppet <= 3.2.x:
https://projects.puppetlabs.com/issues/6808

Updating the actual file on Ubuntu platforms fixes the problem.

Closes-bug: #1382222
Change-Id: I673d991f0de4d899cffc07a8ec6d60dbc4a1fb39
2014-10-17 19:44:20 -04:00
Rich Megginson
78bdbe683a should not set wsgi_socket_prefix
The per-platform setting of wsgi_socket_prefix has been moved
into the Apache module - horizon should just include ::apache::mod::wsgi
Add a dependency on the version of puppetlabs-apache that sets the
default wsgi_socket_prefix for osfamily RedHat

Closes-Bug: #1374634
Change-Id: Iba8311ba25445d3367e71d3c0e854291c33e7258
2014-10-09 09:06:03 -06:00
Lukas Bezdicka
03dd7ad3c6 Ensure ssl wsgi_process_group is the same as wsgi_daemon_process
WSGIDaemonProcess and WSGIProcessGroup must have the same name. Without it Apache won't run.

Change-Id: Idf7dc3baca1fa43143997a9c9f7cbd9082af2e21
(cherry picked from commit 7f19008e3d74c029e6c5b47a161bfb679c18f4f5)
2014-06-12 14:18:14 +02:00
Donald Talton
0066781b67 Enabled the vhost priority to be set.
Previously, the apache vhost priority was hard coded to '15'.
This does not allow the vhost priority to be managed, even with
$extra_params, due to apache looking for either default_vhost OR
priority.

Change-Id: I58df7ce45564093711a12cacb2f85f74c5ed4069
2014-05-02 10:09:49 -07:00
Martin Magr
da0cedce6f Fix log ownership and WSGIProcess* settings for Red Hat releases
According to python-django-horizon's SPEC file log file should
be owned by user 'apache'. According to openstack-dashboard.conf
file located in the same package WSGIProcessGroup should
be 'dashboard' and the name should be identical as WSGIDaemonProcess'
name. It is required to set /var/run/wsgi as WSGISocketPrefix.

[1] http://modwsgi.readthedocs.org/en/latest/configuration-directives/WSGIDaemonProcess.html

Change-Id: I9aca382798c7ab37e267c9988b3947e1b3780712
2014-04-15 15:00:51 +02:00
Gonéri Le Bouder
19bacbefa8 ability to pass extra parameters to the vhost
In some situation, it is useful to be able to pass extra parameters
to apache::vhost.
This change introduces a new parameter to pass a hash. It is use to
overwrite or add new parameters.

The variable uses an agnostic vhost_* name for the case we introduce
the support of a new server (e.g: nginx).

Closes-bug: #1294339

Change-Id: I749f005964c3bc549d724329d2dc9bc4f6dbcf6f
2014-03-21 11:53:08 +01:00
Gonéri Le Bouder
10a8821d90 improve WSGI configuration
This patch improves the WSGI support:
 - introduce a wsgi_user and wsgi_group to avoid confusion with
   apache_user and apache_group
 - ensure openstack-dashboard.conf will not conflict with apache::vhost
 - ensure the WSGI user can write in the log file
 - ability to define the number of WSGI process/thread
 - disable the SSL vhost if needed
 - create the /static alias using puppet-apache "alias" key

Closes-bug: #1265169

Change-Id: I39b52b2bc51ba04d59de81dc45b5a4ad82d0dc2c
2014-03-12 18:19:50 +01:00
Matthew Black
fa5729c7b5 Fixed Horizon SSL issues
Apache fails to start when the SSLEngine directive is turned
on outside of a vhost. Horizon configuration has been turned
into two apache vhosts. When SSL is enabled it will create
the second vhost for SSL. Additionally ssl_redirect was added
to have a redirect from http to https.

Closes-Bug: #1246742
Change-Id: Icf2a4bed8980137181810f2f5d3a38db54af4443
2014-02-25 13:03:58 -05:00
Mathieu Gagné
4b864789c0 Add ability to disable configuration of apache
Add configure_apache parameter to add the ability to disable
configuration of Apache vhost for Horizon.

- Move Apache configuration to horizon::wsgi::apache class.
- Move management of logdir resource to horizon::wsgi::apache class.

Change-Id: I5aeb577ce827e923ed01a73cca1bd79789f81eff
Closes-bug: #1190282
2014-01-30 16:35:47 -05:00