Add support for keystone options to wsgi::apache

This patch adds the params that keystone currently
supports to openstacklib::wsgi::apache so we can move
keystone::wsgi::apache to using this and not drop
any existing available options.

Change-Id: Ifb988fedce958d2607365634efeccf2d7b88d073
This commit is contained in:
Tobias Urdin
2018-04-05 10:08:08 +02:00
parent 53ec7a288c
commit 2b239ef5e7
3 changed files with 103 additions and 51 deletions

View File

@@ -23,119 +23,123 @@
# == Parameters
#
# [*service_name*]
# (optional) Name of the service to run.
# (Optional) Name of the service to run.
# Example: nova-api
# Defaults to $name
#
# [*servername*]
# (optional) The servername for the virtualhost.
# (Optional) The servername for the virtualhost
# Defaults to $::fqdn
#
# [*bind_host*]
# (optional) The host/ip address Apache will listen on.
# Defaults to undef (listen on all ip addresses).
# (Optional) The host/ip address Apache will listen on.
# Defaults to undef (listen on all ip addresses)
#
# [*bind_port*]
# (optional) The port to listen.
# (Optional) The port to listen.
# Defaults to undef
#
# [*group*]
# (optional) Group with permissions on the script
# (Optional) Group with permissions on the script.
# Defaults to undef
#
# [*path*]
# (optional) The prefix for the endpoint.
# (Optional) The prefix for the endpoint.
# Defaults to '/'
#
# [*priority*]
# (optional) The priority for the vhost.
# (Optional) The priority for the vhost.
# Defaults to '10'
#
# [*ssl*]
# (optional) Use ssl ? (boolean)
# (Optional) Use SSL.
# Defaults to false
#
# [*ssl_cert*]
# (optional) Path to SSL certificate
# Default to apache::vhost 'ssl_*' defaults.
# (Optional) Path to SSL certificate.
# Default to apache::vhost 'ssl_*' defaults
#
# [*ssl_key*]
# (optional) Path to SSL key
# Default to apache::vhost 'ssl_*' defaults.
# (Optional) Path to SSL key.
# Default to apache::vhost 'ssl_*' defaults
#
# [*ssl_chain*]
# (optional) SSL chain
# Default to apache::vhost 'ssl_*' defaults.
# (Optional) SSL chain.
# Default to apache::vhost 'ssl_*' defaults
#
# [*ssl_ca*]
# (optional) Path to SSL certificate authority
# Default to apache::vhost 'ssl_*' defaults.
# (Optional) Path to SSL certificate authority.
# Default to apache::vhost 'ssl_*' defaults
#
# [*ssl_crl_path*]
# (optional) Path to SSL certificate revocation list
# Default to apache::vhost 'ssl_*' defaults.
# (Optional) Path to SSL certificate revocation list.
# Default to apache::vhost 'ssl_*' defaults
#
# [*ssl_crl*]
# (optional) SSL certificate revocation list name
# Default to apache::vhost 'ssl_*' defaults.
# (Optional) SSL certificate revocation list name.
# Default to apache::vhost 'ssl_*' defaults
#
# [*ssl_certs_dir*]
# (optional) Path to SSL certificate directory
# Default to apache::vhost 'ssl_*' defaults.
# (Optional) Path to SSL certificate directory
# Default to apache::vhost 'ssl_*' defaults
#
# [*threads*]
# (optional) The number of threads for the vhost.
# (Optional) The number of threads for the vhost.
# Defaults to 1
#
# [*user*]
# (optional) User with permissions on the script
# (Optional) User with permissions on the script
# Defaults to undef
#
# [*workers*]
# (optional) The number of workers for the vhost.
# (Optional) The number of workers for the vhost.
# Defaults to $::os_workers
#
# [*wsgi_daemon_process*]
# (optional) Name of the WSGI daemon process.
# (Optional) Name of the WSGI daemon process.
# Defaults to $name
#
# [*wsgi_process_display_name*]
# (optional) Name of the WSGI process display-name.
# (Optional) Name of the WSGI process display-name.
# Defaults to $name
#
# [*wsgi_process_group*]
# (optional) Name of the WSGI process group.
# (Optional) Name of the WSGI process group.
# Defaults to $name
#
# [*wsgi_script_dir*]
# (optional) The directory path of the WSGI script.
# (Optional) The directory path of the WSGI script.
# Defaults to undef
#
# [*wsgi_script_file*]
# (optional) The file path of the WSGI script.
# (Optional) The file path of the WSGI script.
# Defaults to undef
#
# [*wsgi_script_source*]
# (optional) The source of the WSGI script.
# (Optional) The source of the WSGI script.
# Defaults to undef
#
# [*wsgi_application_group*]
# (optional) The application group of the WSGI script.
# (Optional) The application group of the WSGI script.
# Defaults to '%{GLOBAL}'
#
# [*wsgi_pass_authorization*]
# (optional) Whether HTTP authorisation headers are passed through to a WSGI
# (Optional) Whether HTTP authorisation headers are passed through to a WSGI
# script when the equivalent HTTP request headers are present.
# Defaults to undef
#
# [*wsgi_chunked_request*]
# (optional) Makes the vhost allow chunked requests which is useful for
# (Optional) Makes the vhost allow chunked requests which is useful for
# handling TE (Transfer-Encoding), chunked or gzip. This sets the
# WSGIChunkedRequest option in the vhost.
# Defaults to undef
#
# [*headers*]
# (Optional) Headers for the vhost.
# Defaults to undef
#
# [*custom_wsgi_process_options*]
# (optional) gives you the oportunity to add custom process options or to
# (Optional) gives you the oportunity to add custom process options or to
# overwrite the default options for the WSGI process.
# eg. to use a virtual python environment for the WSGI process
# you could set it to:
@@ -143,28 +147,48 @@
# Defaults to {}
#
# [*vhost_custom_fragment*]
# (optional) Passes a string of custom configuration
# (Optional) Passes a string of custom configuration
# directives to be placed at the end of the vhost configuration.
# Defaults to undef.
# Defaults to undef
#
# [*allow_encoded_slashes*]
# (optional) If set, uses apache's AllowEncodedSlashes option in the vhost.
# (Optional) If set, uses apache's AllowEncodedSlashes option in the vhost.
# This option is passed to puppetlabs-apache, which accepts only 4
# options: undef, "on", "off" or "nodecode". This is thus validated in the
# underlying vhost resource.
# Defaults to undef.
# Defaults to undef
#
# [*access_log_file*]
# The log file name for the virtualhost.
# Optional. Defaults to false.
# [*access_log_file*]
# (Optional) The log file name for the virtualhost.
# access_log_file and access_log_pipe is mutually exclusive.
# Defaults to false
#
# [*access_log_format*]
# The log format for the virtualhost.
# Optional. Defaults to false.
# [*access_log_pipe*]
# (Optional) Specifies a pipe where Apache sends access logs for the virtualhost.
# access_log_file and access_log_pipe is mutually exclusive.
# Defaults to false
#
# [*error_log_file*]
# The error log file name for the virtualhost.
# Optional. Defaults to undef.
# [*access_log_syslog*]
# (Optional) Sends the virtualhost access log messages to syslog.
# Defaults to false
#
# [*access_log_format*]
# (Optional) The log format for the virtualhost.
# Defaults to false
#
# [*error_log_file*]
# (Optional) The error log file name for the virtualhost.
# error_log_file and error_log_pipe is mutually exclusive.
# Defaults to undef
#
# [*error_log_pipe*]
# (Optional) Specifies a pipe where Apache sends error logs for the virtualhost.
# error_log_file and error_log_pipe is mutually exclusive.
# Defaults to undef
#
# [*error_log_syslog*]
# (Optional) Sends the virtualhost error log messages to syslog.
# Defaults to undef
#
define openstacklib::wsgi::apache (
$service_name = $name,
@@ -194,12 +218,17 @@ define openstacklib::wsgi::apache (
$wsgi_application_group = '%{GLOBAL}',
$wsgi_pass_authorization = undef,
$wsgi_chunked_request = undef,
$headers = undef,
$custom_wsgi_process_options = {},
$vhost_custom_fragment = undef,
$allow_encoded_slashes = undef,
$access_log_file = false,
$access_log_pipe = false,
$access_log_syslog = false,
$access_log_format = false,
$error_log_file = undef,
$error_log_pipe = undef,
$error_log_syslog = undef,
) {
include ::apache
@@ -266,11 +295,16 @@ define openstacklib::wsgi::apache (
wsgi_application_group => $wsgi_application_group,
wsgi_pass_authorization => $wsgi_pass_authorization,
wsgi_chunked_request => $wsgi_chunked_request,
headers => $headers,
custom_fragment => $vhost_custom_fragment,
allow_encoded_slashes => $allow_encoded_slashes,
access_log_file => $access_log_file,
access_log_pipe => $access_log_pipe,
access_log_syslog => $access_log_syslog,
access_log_format => $access_log_format,
error_log_file => $error_log_file,
error_log_pipe => $error_log_pipe,
error_log_syslog => $error_log_syslog,
}
Package<| title == 'httpd' |>

View File

@@ -0,0 +1,6 @@
---
features:
- |
openstacklib::wsgi::apache now has support for headers, access_log_pipe,
access_log_syslog, error_log_pipe and error_log_syslog params which will
be added to the apache::vhost setup.

View File

@@ -85,9 +85,15 @@ describe 'openstacklib::wsgi::apache' do
'display-name' => 'keystone_wsgi',
},
'wsgi_application_group' => '%{GLOBAL}',
'headers' => nil,
'setenvif' => ['X-Forwarded-Proto https HTTPS=1'],
'access_log_file' => false,
'access_log_pipe' => false,
'access_log_syslog' => false,
'access_log_format' => false,
'error_log_file' => nil,
'error_log_pipe' => nil,
'error_log_syslog' => nil
)}
it { is_expected.to contain_concat("#{platform_params[:httpd_ports_file]}") }
end
@@ -100,6 +106,7 @@ describe 'openstacklib::wsgi::apache' do
:wsgi_script_source => '/usr/share/keystone/keystone.wsgi',
:wsgi_pass_authorization => 'On',
:wsgi_chunked_request => 'On',
:headers => 'set X-Frame-Options "DENY"',
:servername => 'dummy.host',
:bind_host => '10.42.51.1',
:bind_port => 4142,
@@ -110,8 +117,10 @@ describe 'openstacklib::wsgi::apache' do
:vhost_custom_fragment => 'LimitRequestFieldSize 81900',
:allow_encoded_slashes => 'on',
:access_log_file => '/var/log/httpd/access_log',
:access_log_syslog => 'syslog:local0',
:access_log_format => 'some format',
:error_log_file => '/var/log/httpd/error_log'
:error_log_file => '/var/log/httpd/error_log',
:error_log_syslog => 'syslog:local0'
}
end
it { is_expected.to contain_apache__vhost('keystone_wsgi').with(
@@ -133,11 +142,14 @@ describe 'openstacklib::wsgi::apache' do
'wsgi_application_group' => '%{GLOBAL}',
'wsgi_pass_authorization' => 'On',
'wsgi_chunked_request' => 'On',
'headers' => 'set X-Frame-Options "DENY"',
'custom_fragment' => 'LimitRequestFieldSize 81900',
'allow_encoded_slashes' => 'on',
'access_log_file' => '/var/log/httpd/access_log',
'access_log_syslog' => 'syslog:local0',
'access_log_format' => 'some format',
'error_log_file' => '/var/log/httpd/error_log'
'error_log_file' => '/var/log/httpd/error_log',
'error_log_syslog' => 'syslog:local0'
)}
end