openstack/puppet-keystone
Code Issues Proposed changes

Enable different servername for admin vhost

Browse Source 
When the admin endpoint is configured in a different IP and host, the
servername needs to be changed too. Else the vhost will be routed
wrongly by apache.

Change-Id: Ief84f524b4e221313b36e72beae291616491fa8b
This commit is contained in:
Juan Antonio Osorio Robles 2016-09-05 08:50:10 +03:00
parent 353c396520
commit d823e2798d
3 changed files with 29 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
manifests/wsgi/apache.pp
View File

@ -17,6 +17,10 @@
# The servername for the virtualhost. # The servername for the virtualhost.
# Optional. Defaults to $::fqdn # Optional. Defaults to $::fqdn
# #
# [*servername_admin*]
# The servername for the admin virtualhost.
# Optional. Defaults to $servername
#
# [*public_port*] # [*public_port*]
# The public port. # The public port.
# Optional. Defaults to 5000 # Optional. Defaults to 5000
@ -166,6 +170,7 @@
# #
class keystone::wsgi::apache ( class keystone::wsgi::apache (
$servername = $::fqdn, $servername = $::fqdn,
$servername_admin = undef,
$public_port = 5000, $public_port = 5000,
$admin_port = 35357, $admin_port = 35357,
$bind_host = undef, $bind_host = undef,
@ -201,6 +206,9 @@ class keystone::wsgi::apache (
include ::keystone::deps include ::keystone::deps
include ::apache include ::apache
include ::apache::mod::wsgi include ::apache::mod::wsgi
$servername_admin_real = pick($servername_admin, $servername)
if $ssl { if $ssl {
include ::apache::mod::ssl include ::apache::mod::ssl
# This is probably a bug in Class[apache::mod::ssl] or in the mod_ssl EL # This is probably a bug in Class[apache::mod::ssl] or in the mod_ssl EL
@ -357,7 +365,7 @@ class keystone::wsgi::apache (
if $public_port != $admin_port { if $public_port != $admin_port {
::apache::vhost { 'keystone_wsgi_admin': ::apache::vhost { 'keystone_wsgi_admin':
ensure => 'present', ensure => 'present',
servername => $servername, servername => $servername_admin_real,
ip => $real_admin_bind_host, ip => $real_admin_bind_host,
port => $admin_port, port => $admin_port,
docroot => $::keystone::params::keystone_wsgi_script_path, docroot => $::keystone::params::keystone_wsgi_script_path,

5
releasenotes/notes/Add-servername-for-admin-endpoint-vhost-c62a86939e5b9e49.yaml Normal file
View File

@ -0,0 +1,5 @@
---
features:
- This adds a specific servername parameter for the admin endpoint's vhost.
This is useful in cases where the admin endpoint will serve a different
certificate (on a different hostname) than the public endpoint.

15
spec/classes/keystone_wsgi_apache_spec.rb
View File

@ -193,8 +193,23 @@ describe 'keystone::wsgi::apache' do
it { is_expected.to contain_concat("#{platform_parameters[:httpd_ports_file]}") } it { is_expected.to contain_concat("#{platform_parameters[:httpd_ports_file]}") }
end end
describe 'when servername_admin is overriden' do
let :params do
{
:servername => 'dummy1.host',
:servername_admin => 'dummy2.host',
}
end
it { is_expected.to contain_apache__vhost('keystone_wsgi_admin').with(
'servername' => 'dummy2.host',
)}
it { is_expected.to contain_apache__vhost('keystone_wsgi_main').with(
'servername' => 'dummy1.host',
)}
end
describe 'when overriding parameters using same port' do describe 'when overriding parameters using same port' do
let :params do let :params do