From 2b239ef5e7af4da681d5a3fd32131f291417c48a Mon Sep 17 00:00:00 2001 From: Tobias Urdin Date: Thu, 5 Apr 2018 10:08:08 +0200 Subject: [PATCH] Add support for keystone options to wsgi::apache This patch adds the params that keystone currently supports to openstacklib::wsgi::apache so we can move keystone::wsgi::apache to using this and not drop any existing available options. Change-Id: Ifb988fedce958d2607365634efeccf2d7b88d073 --- manifests/wsgi/apache.pp | 132 +++++++++++------- ...che-keystone-support-54bc020f9f1553c6.yaml | 6 + spec/defines/openstacklib_wsgi_apache_spec.rb | 16 ++- 3 files changed, 103 insertions(+), 51 deletions(-) create mode 100644 releasenotes/notes/openstacklib-wsgi-apache-keystone-support-54bc020f9f1553c6.yaml diff --git a/manifests/wsgi/apache.pp b/manifests/wsgi/apache.pp index d931d727..118b2f00 100644 --- a/manifests/wsgi/apache.pp +++ b/manifests/wsgi/apache.pp @@ -23,119 +23,123 @@ # == Parameters # # [*service_name*] -# (optional) Name of the service to run. +# (Optional) Name of the service to run. # Example: nova-api # Defaults to $name # # [*servername*] -# (optional) The servername for the virtualhost. +# (Optional) The servername for the virtualhost # Defaults to $::fqdn # # [*bind_host*] -# (optional) The host/ip address Apache will listen on. -# Defaults to undef (listen on all ip addresses). +# (Optional) The host/ip address Apache will listen on. +# Defaults to undef (listen on all ip addresses) # # [*bind_port*] -# (optional) The port to listen. +# (Optional) The port to listen. # Defaults to undef # # [*group*] -# (optional) Group with permissions on the script +# (Optional) Group with permissions on the script. # Defaults to undef # # [*path*] -# (optional) The prefix for the endpoint. +# (Optional) The prefix for the endpoint. # Defaults to '/' # # [*priority*] -# (optional) The priority for the vhost. +# (Optional) The priority for the vhost. # Defaults to '10' # # [*ssl*] -# (optional) Use ssl ? (boolean) +# (Optional) Use SSL. # Defaults to false # # [*ssl_cert*] -# (optional) Path to SSL certificate -# Default to apache::vhost 'ssl_*' defaults. +# (Optional) Path to SSL certificate. +# Default to apache::vhost 'ssl_*' defaults # # [*ssl_key*] -# (optional) Path to SSL key -# Default to apache::vhost 'ssl_*' defaults. +# (Optional) Path to SSL key. +# Default to apache::vhost 'ssl_*' defaults # # [*ssl_chain*] -# (optional) SSL chain -# Default to apache::vhost 'ssl_*' defaults. +# (Optional) SSL chain. +# Default to apache::vhost 'ssl_*' defaults # # [*ssl_ca*] -# (optional) Path to SSL certificate authority -# Default to apache::vhost 'ssl_*' defaults. +# (Optional) Path to SSL certificate authority. +# Default to apache::vhost 'ssl_*' defaults # # [*ssl_crl_path*] -# (optional) Path to SSL certificate revocation list -# Default to apache::vhost 'ssl_*' defaults. +# (Optional) Path to SSL certificate revocation list. +# Default to apache::vhost 'ssl_*' defaults # # [*ssl_crl*] -# (optional) SSL certificate revocation list name -# Default to apache::vhost 'ssl_*' defaults. +# (Optional) SSL certificate revocation list name. +# Default to apache::vhost 'ssl_*' defaults # # [*ssl_certs_dir*] -# (optional) Path to SSL certificate directory -# Default to apache::vhost 'ssl_*' defaults. +# (Optional) Path to SSL certificate directory +# Default to apache::vhost 'ssl_*' defaults # # [*threads*] -# (optional) The number of threads for the vhost. +# (Optional) The number of threads for the vhost. # Defaults to 1 # # [*user*] -# (optional) User with permissions on the script +# (Optional) User with permissions on the script # Defaults to undef # # [*workers*] -# (optional) The number of workers for the vhost. +# (Optional) The number of workers for the vhost. # Defaults to $::os_workers # # [*wsgi_daemon_process*] -# (optional) Name of the WSGI daemon process. +# (Optional) Name of the WSGI daemon process. # Defaults to $name # # [*wsgi_process_display_name*] -# (optional) Name of the WSGI process display-name. +# (Optional) Name of the WSGI process display-name. # Defaults to $name # # [*wsgi_process_group*] -# (optional) Name of the WSGI process group. +# (Optional) Name of the WSGI process group. # Defaults to $name # # [*wsgi_script_dir*] -# (optional) The directory path of the WSGI script. +# (Optional) The directory path of the WSGI script. # Defaults to undef # # [*wsgi_script_file*] -# (optional) The file path of the WSGI script. +# (Optional) The file path of the WSGI script. # Defaults to undef # # [*wsgi_script_source*] -# (optional) The source of the WSGI script. +# (Optional) The source of the WSGI script. # Defaults to undef # # [*wsgi_application_group*] -# (optional) The application group of the WSGI script. +# (Optional) The application group of the WSGI script. # Defaults to '%{GLOBAL}' # # [*wsgi_pass_authorization*] -# (optional) Whether HTTP authorisation headers are passed through to a WSGI +# (Optional) Whether HTTP authorisation headers are passed through to a WSGI # script when the equivalent HTTP request headers are present. # Defaults to undef # # [*wsgi_chunked_request*] -# (optional) Makes the vhost allow chunked requests which is useful for +# (Optional) Makes the vhost allow chunked requests which is useful for # handling TE (Transfer-Encoding), chunked or gzip. This sets the # WSGIChunkedRequest option in the vhost. # Defaults to undef # +# [*headers*] +# (Optional) Headers for the vhost. +# Defaults to undef +# # [*custom_wsgi_process_options*] -# (optional) gives you the oportunity to add custom process options or to +# (Optional) gives you the oportunity to add custom process options or to # overwrite the default options for the WSGI process. # eg. to use a virtual python environment for the WSGI process # you could set it to: @@ -143,28 +147,48 @@ # Defaults to {} # # [*vhost_custom_fragment*] -# (optional) Passes a string of custom configuration +# (Optional) Passes a string of custom configuration # directives to be placed at the end of the vhost configuration. -# Defaults to undef. +# Defaults to undef # # [*allow_encoded_slashes*] -# (optional) If set, uses apache's AllowEncodedSlashes option in the vhost. +# (Optional) If set, uses apache's AllowEncodedSlashes option in the vhost. # This option is passed to puppetlabs-apache, which accepts only 4 # options: undef, "on", "off" or "nodecode". This is thus validated in the # underlying vhost resource. -# Defaults to undef. +# Defaults to undef # -# [*access_log_file*] -# The log file name for the virtualhost. -# Optional. Defaults to false. +# [*access_log_file*] +# (Optional) The log file name for the virtualhost. +# access_log_file and access_log_pipe is mutually exclusive. +# Defaults to false # -# [*access_log_format*] -# The log format for the virtualhost. -# Optional. Defaults to false. +# [*access_log_pipe*] +# (Optional) Specifies a pipe where Apache sends access logs for the virtualhost. +# access_log_file and access_log_pipe is mutually exclusive. +# Defaults to false # -# [*error_log_file*] -# The error log file name for the virtualhost. -# Optional. Defaults to undef. +# [*access_log_syslog*] +# (Optional) Sends the virtualhost access log messages to syslog. +# Defaults to false +# +# [*access_log_format*] +# (Optional) The log format for the virtualhost. +# Defaults to false +# +# [*error_log_file*] +# (Optional) The error log file name for the virtualhost. +# error_log_file and error_log_pipe is mutually exclusive. +# Defaults to undef +# +# [*error_log_pipe*] +# (Optional) Specifies a pipe where Apache sends error logs for the virtualhost. +# error_log_file and error_log_pipe is mutually exclusive. +# Defaults to undef +# +# [*error_log_syslog*] +# (Optional) Sends the virtualhost error log messages to syslog. +# Defaults to undef # define openstacklib::wsgi::apache ( $service_name = $name, @@ -194,12 +218,17 @@ define openstacklib::wsgi::apache ( $wsgi_application_group = '%{GLOBAL}', $wsgi_pass_authorization = undef, $wsgi_chunked_request = undef, + $headers = undef, $custom_wsgi_process_options = {}, $vhost_custom_fragment = undef, $allow_encoded_slashes = undef, $access_log_file = false, + $access_log_pipe = false, + $access_log_syslog = false, $access_log_format = false, $error_log_file = undef, + $error_log_pipe = undef, + $error_log_syslog = undef, ) { include ::apache @@ -266,11 +295,16 @@ define openstacklib::wsgi::apache ( wsgi_application_group => $wsgi_application_group, wsgi_pass_authorization => $wsgi_pass_authorization, wsgi_chunked_request => $wsgi_chunked_request, + headers => $headers, custom_fragment => $vhost_custom_fragment, allow_encoded_slashes => $allow_encoded_slashes, access_log_file => $access_log_file, + access_log_pipe => $access_log_pipe, + access_log_syslog => $access_log_syslog, access_log_format => $access_log_format, error_log_file => $error_log_file, + error_log_pipe => $error_log_pipe, + error_log_syslog => $error_log_syslog, } Package<| title == 'httpd' |> diff --git a/releasenotes/notes/openstacklib-wsgi-apache-keystone-support-54bc020f9f1553c6.yaml b/releasenotes/notes/openstacklib-wsgi-apache-keystone-support-54bc020f9f1553c6.yaml new file mode 100644 index 00000000..49601f66 --- /dev/null +++ b/releasenotes/notes/openstacklib-wsgi-apache-keystone-support-54bc020f9f1553c6.yaml @@ -0,0 +1,6 @@ +--- +features: + - | + openstacklib::wsgi::apache now has support for headers, access_log_pipe, + access_log_syslog, error_log_pipe and error_log_syslog params which will + be added to the apache::vhost setup. diff --git a/spec/defines/openstacklib_wsgi_apache_spec.rb b/spec/defines/openstacklib_wsgi_apache_spec.rb index a6298462..60983a97 100644 --- a/spec/defines/openstacklib_wsgi_apache_spec.rb +++ b/spec/defines/openstacklib_wsgi_apache_spec.rb @@ -85,9 +85,15 @@ describe 'openstacklib::wsgi::apache' do 'display-name' => 'keystone_wsgi', }, 'wsgi_application_group' => '%{GLOBAL}', + 'headers' => nil, 'setenvif' => ['X-Forwarded-Proto https HTTPS=1'], 'access_log_file' => false, + 'access_log_pipe' => false, + 'access_log_syslog' => false, 'access_log_format' => false, + 'error_log_file' => nil, + 'error_log_pipe' => nil, + 'error_log_syslog' => nil )} it { is_expected.to contain_concat("#{platform_params[:httpd_ports_file]}") } end @@ -100,6 +106,7 @@ describe 'openstacklib::wsgi::apache' do :wsgi_script_source => '/usr/share/keystone/keystone.wsgi', :wsgi_pass_authorization => 'On', :wsgi_chunked_request => 'On', + :headers => 'set X-Frame-Options "DENY"', :servername => 'dummy.host', :bind_host => '10.42.51.1', :bind_port => 4142, @@ -110,8 +117,10 @@ describe 'openstacklib::wsgi::apache' do :vhost_custom_fragment => 'LimitRequestFieldSize 81900', :allow_encoded_slashes => 'on', :access_log_file => '/var/log/httpd/access_log', + :access_log_syslog => 'syslog:local0', :access_log_format => 'some format', - :error_log_file => '/var/log/httpd/error_log' + :error_log_file => '/var/log/httpd/error_log', + :error_log_syslog => 'syslog:local0' } end it { is_expected.to contain_apache__vhost('keystone_wsgi').with( @@ -133,11 +142,14 @@ describe 'openstacklib::wsgi::apache' do 'wsgi_application_group' => '%{GLOBAL}', 'wsgi_pass_authorization' => 'On', 'wsgi_chunked_request' => 'On', + 'headers' => 'set X-Frame-Options "DENY"', 'custom_fragment' => 'LimitRequestFieldSize 81900', 'allow_encoded_slashes' => 'on', 'access_log_file' => '/var/log/httpd/access_log', + 'access_log_syslog' => 'syslog:local0', 'access_log_format' => 'some format', - 'error_log_file' => '/var/log/httpd/error_log' + 'error_log_file' => '/var/log/httpd/error_log', + 'error_log_syslog' => 'syslog:local0' )} end