Pass necessary options to Apache when using WSGI

Keystone recommend to use WSGIApplicationGroup and WSGIPassAuthorization options when is running under Apache. When WSGIApplicationGroup is not set, import failures are observed and Keystone doesn't work as expected. Change-Id: I30483d269f6ae6edcecd376d6814c80c0166b265 Closes-bug: #1502318
2015-10-02 23:18:55 +03:00 · 2015-10-02 23:18:55 +03:00 · 94123494c1
parent 5f15bbb1b6
commit 94123494c1
2 changed files with 45 additions and 19 deletions
--- a/manifests/wsgi/apache.pp
+++ b/manifests/wsgi/apache.pp
@ -89,6 +89,15 @@
 #     (optional) Wsgi script source.
 #     Defaults to undef.
 #
+#   [*wsgi_application_group*]
+#     (optional) The application group of the WSGI script.
+#     Defaults to '%{GLOBAL}'
+#
+#   [*wsgi_pass_authorization*]
+#     (optional) Whether HTTP authorisation headers are passed through to a WSGI
+#     script when the equivalent HTTP request headers are present.
+#     Defaults to 'On'
+#
 #   [*access_log_format*]
 #     The log format for the virtualhost.
 #     Optional. Defaults to false.
@ -122,25 +131,28 @@
 #   Copyright 2013 eNovance <licensing@enovance.com>
 #
 class keystone::wsgi::apache (
-  $servername            = $::fqdn,
-  $public_port           = 5000,
-  $admin_port            = 35357,
-  $bind_host             = undef,
-  $public_path           = '/',
-  $admin_path            = '/',
-  $ssl                   = true,
-  $workers               = 1,
-  $ssl_cert              = undef,
-  $ssl_key               = undef,
-  $ssl_chain             = undef,
-  $ssl_ca                = undef,
-  $ssl_crl_path          = undef,
-  $ssl_crl               = undef,
-  $ssl_certs_dir         = undef,
-  $threads               = $::processorcount,
-  $priority              = '10',
-  $wsgi_script_ensure    = 'file',
-  $wsgi_script_source    = undef,
+  $servername              = $::fqdn,
+  $public_port             = 5000,
+  $admin_port              = 35357,
+  $bind_host               = undef,
+  $public_path             = '/',
+  $admin_path              = '/',
+  $ssl                     = true,
+  $workers                 = 1,
+  $ssl_cert                = undef,
+  $ssl_key                 = undef,
+  $ssl_chain               = undef,
+  $ssl_ca                  = undef,
+  $ssl_crl_path            = undef,
+  $ssl_crl                 = undef,
+  $ssl_certs_dir           = undef,
+  $threads                 = $::processorcount,
+  $priority                = '10',
+  $wsgi_script_ensure      = 'file',
+  $wsgi_script_source      = undef,
+  $wsgi_application_group  = '%{GLOBAL}',
+  $wsgi_pass_authorization = 'On',
+
  $access_log_format     = false,
  $vhost_custom_fragment = undef,
 ) {
@ -255,6 +267,8 @@ class keystone::wsgi::apache (
    wsgi_daemon_process_options => $wsgi_daemon_process_options_main,
    wsgi_process_group          => 'keystone_main',
    wsgi_script_aliases         => $wsgi_script_aliases_main_real,
+    wsgi_application_group      => $wsgi_application_group,
+    wsgi_pass_authorization     => $wsgi_pass_authorization,
    custom_fragment             => $vhost_custom_fragment,
    require                     => File['keystone_wsgi_main'],
    access_log_format           => $access_log_format,
@ -282,6 +296,8 @@ class keystone::wsgi::apache (
      wsgi_daemon_process_options => $wsgi_daemon_process_options_admin,
      wsgi_process_group          => 'keystone_admin',
      wsgi_script_aliases         => $wsgi_script_aliases_admin,
+      wsgi_application_group      => $wsgi_application_group,
+      wsgi_pass_authorization     => $wsgi_pass_authorization,
      custom_fragment             => $vhost_custom_fragment,
      require                     => File['keystone_wsgi_admin'],
      access_log_format           => $access_log_format,
--- a/spec/classes/keystone_wsgi_apache_spec.rb
+++ b/spec/classes/keystone_wsgi_apache_spec.rb
@ -70,6 +70,8 @@ describe 'keystone::wsgi::apache' do
        },
        'wsgi_process_group'          => 'keystone_admin',
        'wsgi_script_aliases'         => { '/' => "#{platform_parameters[:wsgi_script_path]}/admin" },
+        'wsgi_application_group'      => '%{GLOBAL}',
+        'wsgi_pass_authorization'     => 'On',
        'require'                     => 'File[keystone_wsgi_admin]',
        'access_log_format'           => false,
      )}
@ -92,6 +94,8 @@ describe 'keystone::wsgi::apache' do
        },
        'wsgi_process_group'          => 'keystone_main',
        'wsgi_script_aliases'         => { '/' => "#{platform_parameters[:wsgi_script_path]}/main" },
+        'wsgi_application_group'      => '%{GLOBAL}',
+        'wsgi_pass_authorization'     => 'On',
        'require'                     => 'File[keystone_wsgi_main]',
        'access_log_format'           => false,
      )}
@ -129,6 +133,8 @@ describe 'keystone::wsgi::apache' do
        },
        'wsgi_process_group'          => 'keystone_admin',
        'wsgi_script_aliases'         => { '/' => "#{platform_parameters[:wsgi_script_path]}/admin" },
+        'wsgi_application_group'      => '%{GLOBAL}',
+        'wsgi_pass_authorization'     => 'On',
        'require'                     => 'File[keystone_wsgi_admin]',
        'custom_fragment'             => 'LimitRequestFieldSize 81900'
      )}
@ -151,6 +157,8 @@ describe 'keystone::wsgi::apache' do
        },
        'wsgi_process_group'          => 'keystone_main',
        'wsgi_script_aliases'         => { '/' => "#{platform_parameters[:wsgi_script_path]}/main" },
+        'wsgi_application_group'      => '%{GLOBAL}',
+        'wsgi_pass_authorization'     => 'On',
        'require'                     => 'File[keystone_wsgi_main]',
        'custom_fragment'             => 'LimitRequestFieldSize 81900'
      )}
@ -194,6 +202,8 @@ describe 'keystone::wsgi::apache' do
        '/main/endpoint'  => "#{platform_parameters[:wsgi_script_path]}/main",
        '/admin/endpoint' => "#{platform_parameters[:wsgi_script_path]}/admin"
        },
+        'wsgi_application_group'      => '%{GLOBAL}',
+        'wsgi_pass_authorization'     => 'On',
        'require'                     => 'File[keystone_wsgi_main]'
      )}
    end