Enable different servername for admin vhost

When the admin endpoint is configured in a different IP and host, the servername needs to be changed too. Else the vhost will be routed wrongly by apache. Change-Id: Ief84f524b4e221313b36e72beae291616491fa8b
2016-09-05 08:50:10 +03:00 · 2016-09-05 08:50:10 +03:00 · d823e2798d
commit d823e2798d
parent 353c396520
3 changed files with 29 additions and 1 deletions
--- a/manifests/wsgi/apache.pp
+++ b/manifests/wsgi/apache.pp
@ -17,6 +17,10 @@
 #     The servername for the virtualhost.
 #     Optional. Defaults to $::fqdn
 #
+#   [*servername_admin*]
+#     The servername for the admin virtualhost.
+#     Optional. Defaults to $servername
+#
 #   [*public_port*]
 #     The public port.
 #     Optional. Defaults to 5000
@ -166,6 +170,7 @@
 #
 class keystone::wsgi::apache (
  $servername                = $::fqdn,
+  $servername_admin          = undef,
  $public_port               = 5000,
  $admin_port                = 35357,
  $bind_host                 = undef,
@ -201,6 +206,9 @@ class keystone::wsgi::apache (
  include ::keystone::deps
  include ::apache
  include ::apache::mod::wsgi
+
+  $servername_admin_real = pick($servername_admin, $servername)
+
  if $ssl {
    include ::apache::mod::ssl
    # This is probably a bug in Class[apache::mod::ssl] or in the mod_ssl EL
@ -357,7 +365,7 @@ class keystone::wsgi::apache (
  if $public_port != $admin_port {
    ::apache::vhost { 'keystone_wsgi_admin':
      ensure                      => 'present',
-      servername                  => $servername,
+      servername                  => $servername_admin_real,
      ip                          => $real_admin_bind_host,
      port                        => $admin_port,
      docroot                     => $::keystone::params::keystone_wsgi_script_path,
--- a/releasenotes/notes/Add-servername-for-admin-endpoint-vhost-c62a86939e5b9e49.yaml
+++ b/releasenotes/notes/Add-servername-for-admin-endpoint-vhost-c62a86939e5b9e49.yaml
@ -0,0 +1,5 @@
+---
+features:
+  - This adds a specific servername parameter for the admin endpoint's vhost.
+    This is useful in cases where the admin endpoint will serve a different
+    certificate (on a different hostname) than the public endpoint.
--- a/spec/classes/keystone_wsgi_apache_spec.rb
+++ b/spec/classes/keystone_wsgi_apache_spec.rb
@ -193,8 +193,23 @@ describe 'keystone::wsgi::apache' do
      it { is_expected.to contain_concat("#{platform_parameters[:httpd_ports_file]}") }
    end

+    describe 'when servername_admin is overriden' do
+      let :params do
+        {
+          :servername            => 'dummy1.host',
+          :servername_admin      => 'dummy2.host',
+        }
+      end

+      it { is_expected.to contain_apache__vhost('keystone_wsgi_admin').with(
+        'servername'                  => 'dummy2.host',
+      )}

+      it { is_expected.to contain_apache__vhost('keystone_wsgi_main').with(
+        'servername'                  => 'dummy1.host',
+      )}
+
+    end

    describe 'when overriding parameters using same port' do
      let :params do