openstack/puppet-openstacklib
Code Issues Proposed changes

Add support for keystone options to wsgi::apache

Browse Source 
This patch adds the params that keystone currently
supports to openstacklib::wsgi::apache so we can move
keystone::wsgi::apache to using this and not drop
any existing available options.

Change-Id: Ifb988fedce958d2607365634efeccf2d7b88d073
This commit is contained in:
Tobias Urdin
2018-04-05 10:08:08 +02:00
parent 53ec7a288c
commit 2b239ef5e7
3 changed files with 103 additions and 51 deletions
Download Patch File Download Diff File Expand all files Collapse all files

132
manifests/wsgi/apache.pp
View File

@@ -23,119 +23,123 @@
# == Parameters # == Parameters
# #
# [*service_name*] # [*service_name*]
# (optional) Name of the service to run. # (Optional) Name of the service to run.
# Example: nova-api # Example: nova-api
# Defaults to $name # Defaults to $name
# #
# [*servername*] # [*servername*]
# (optional) The servername for the virtualhost. # (Optional) The servername for the virtualhost
# Defaults to $::fqdn # Defaults to $::fqdn
# #
# [*bind_host*] # [*bind_host*]
# (optional) The host/ip address Apache will listen on. # (Optional) The host/ip address Apache will listen on.
# Defaults to undef (listen on all ip addresses). # Defaults to undef (listen on all ip addresses)
# #
# [*bind_port*] # [*bind_port*]
# (optional) The port to listen. # (Optional) The port to listen.
# Defaults to undef # Defaults to undef
# #
# [*group*] # [*group*]
# (optional) Group with permissions on the script # (Optional) Group with permissions on the script.
# Defaults to undef # Defaults to undef
# #
# [*path*] # [*path*]
# (optional) The prefix for the endpoint. # (Optional) The prefix for the endpoint.
# Defaults to '/' # Defaults to '/'
# #
# [*priority*] # [*priority*]
# (optional) The priority for the vhost. # (Optional) The priority for the vhost.
# Defaults to '10' # Defaults to '10'
# #
# [*ssl*] # [*ssl*]
# (optional) Use ssl ? (boolean) # (Optional) Use SSL.
# Defaults to false # Defaults to false
# #
# [*ssl_cert*] # [*ssl_cert*]
# (optional) Path to SSL certificate # (Optional) Path to SSL certificate.
# Default to apache::vhost 'ssl_*' defaults. # Default to apache::vhost 'ssl_*' defaults
# #
# [*ssl_key*] # [*ssl_key*]
# (optional) Path to SSL key # (Optional) Path to SSL key.
# Default to apache::vhost 'ssl_*' defaults. # Default to apache::vhost 'ssl_*' defaults
# #
# [*ssl_chain*] # [*ssl_chain*]
# (optional) SSL chain # (Optional) SSL chain.
# Default to apache::vhost 'ssl_*' defaults. # Default to apache::vhost 'ssl_*' defaults
# #
# [*ssl_ca*] # [*ssl_ca*]
# (optional) Path to SSL certificate authority # (Optional) Path to SSL certificate authority.
# Default to apache::vhost 'ssl_*' defaults. # Default to apache::vhost 'ssl_*' defaults
# #
# [*ssl_crl_path*] # [*ssl_crl_path*]
# (optional) Path to SSL certificate revocation list # (Optional) Path to SSL certificate revocation list.
# Default to apache::vhost 'ssl_*' defaults. # Default to apache::vhost 'ssl_*' defaults
# #
# [*ssl_crl*] # [*ssl_crl*]
# (optional) SSL certificate revocation list name # (Optional) SSL certificate revocation list name.
# Default to apache::vhost 'ssl_*' defaults. # Default to apache::vhost 'ssl_*' defaults
# #
# [*ssl_certs_dir*] # [*ssl_certs_dir*]
# (optional) Path to SSL certificate directory # (Optional) Path to SSL certificate directory
# Default to apache::vhost 'ssl_*' defaults. # Default to apache::vhost 'ssl_*' defaults
# #
# [*threads*] # [*threads*]
# (optional) The number of threads for the vhost. # (Optional) The number of threads for the vhost.
# Defaults to 1 # Defaults to 1
# #
# [*user*] # [*user*]
# (optional) User with permissions on the script # (Optional) User with permissions on the script
# Defaults to undef # Defaults to undef
# #
# [*workers*] # [*workers*]
# (optional) The number of workers for the vhost. # (Optional) The number of workers for the vhost.
# Defaults to $::os_workers # Defaults to $::os_workers
# #
# [*wsgi_daemon_process*] # [*wsgi_daemon_process*]
# (optional) Name of the WSGI daemon process. # (Optional) Name of the WSGI daemon process.
# Defaults to $name # Defaults to $name
# #
# [*wsgi_process_display_name*] # [*wsgi_process_display_name*]
# (optional) Name of the WSGI process display-name. # (Optional) Name of the WSGI process display-name.
# Defaults to $name # Defaults to $name
# #
# [*wsgi_process_group*] # [*wsgi_process_group*]
# (optional) Name of the WSGI process group. # (Optional) Name of the WSGI process group.
# Defaults to $name # Defaults to $name
# #
# [*wsgi_script_dir*] # [*wsgi_script_dir*]
# (optional) The directory path of the WSGI script. # (Optional) The directory path of the WSGI script.
# Defaults to undef # Defaults to undef
# #
# [*wsgi_script_file*] # [*wsgi_script_file*]
# (optional) The file path of the WSGI script. # (Optional) The file path of the WSGI script.
# Defaults to undef # Defaults to undef
# #
# [*wsgi_script_source*] # [*wsgi_script_source*]
# (optional) The source of the WSGI script. # (Optional) The source of the WSGI script.
# Defaults to undef # Defaults to undef
# #
# [*wsgi_application_group*] # [*wsgi_application_group*]
# (optional) The application group of the WSGI script. # (Optional) The application group of the WSGI script.
# Defaults to '%{GLOBAL}' # Defaults to '%{GLOBAL}'
# #
# [*wsgi_pass_authorization*] # [*wsgi_pass_authorization*]
# (optional) Whether HTTP authorisation headers are passed through to a WSGI # (Optional) Whether HTTP authorisation headers are passed through to a WSGI
# script when the equivalent HTTP request headers are present. # script when the equivalent HTTP request headers are present.
# Defaults to undef # Defaults to undef
# #
# [*wsgi_chunked_request*] # [*wsgi_chunked_request*]
# (optional) Makes the vhost allow chunked requests which is useful for # (Optional) Makes the vhost allow chunked requests which is useful for
# handling TE (Transfer-Encoding), chunked or gzip. This sets the # handling TE (Transfer-Encoding), chunked or gzip. This sets the
# WSGIChunkedRequest option in the vhost. # WSGIChunkedRequest option in the vhost.
# Defaults to undef # Defaults to undef
# #
# [*headers*]
# (Optional) Headers for the vhost.
# Defaults to undef
#
# [*custom_wsgi_process_options*] # [*custom_wsgi_process_options*]
# (optional) gives you the oportunity to add custom process options or to # (Optional) gives you the oportunity to add custom process options or to
# overwrite the default options for the WSGI process. # overwrite the default options for the WSGI process.
# eg. to use a virtual python environment for the WSGI process # eg. to use a virtual python environment for the WSGI process
# you could set it to: # you could set it to:
@@ -143,28 +147,48 @@
# Defaults to {} # Defaults to {}
# #
# [*vhost_custom_fragment*] # [*vhost_custom_fragment*]
# (optional) Passes a string of custom configuration # (Optional) Passes a string of custom configuration
# directives to be placed at the end of the vhost configuration. # directives to be placed at the end of the vhost configuration.
# Defaults to undef. # Defaults to undef
# #
# [*allow_encoded_slashes*] # [*allow_encoded_slashes*]
# (optional) If set, uses apache's AllowEncodedSlashes option in the vhost. # (Optional) If set, uses apache's AllowEncodedSlashes option in the vhost.
# This option is passed to puppetlabs-apache, which accepts only 4 # This option is passed to puppetlabs-apache, which accepts only 4
# options: undef, "on", "off" or "nodecode". This is thus validated in the # options: undef, "on", "off" or "nodecode". This is thus validated in the
# underlying vhost resource. # underlying vhost resource.
# Defaults to undef. # Defaults to undef
# #
# [*access_log_file*] # [*access_log_file*]
# The log file name for the virtualhost. # (Optional) The log file name for the virtualhost.
# Optional. Defaults to false. # access_log_file and access_log_pipe is mutually exclusive.
# Defaults to false
# #
# [*access_log_format*] # [*access_log_pipe*]
# The log format for the virtualhost. # (Optional) Specifies a pipe where Apache sends access logs for the virtualhost.
# Optional. Defaults to false. # access_log_file and access_log_pipe is mutually exclusive.
# Defaults to false
# #
# [*error_log_file*] # [*access_log_syslog*]
# The error log file name for the virtualhost. # (Optional) Sends the virtualhost access log messages to syslog.
# Optional. Defaults to undef. # Defaults to false
#
# [*access_log_format*]
# (Optional) The log format for the virtualhost.
# Defaults to false
#
# [*error_log_file*]
# (Optional) The error log file name for the virtualhost.
# error_log_file and error_log_pipe is mutually exclusive.
# Defaults to undef
#
# [*error_log_pipe*]
# (Optional) Specifies a pipe where Apache sends error logs for the virtualhost.
# error_log_file and error_log_pipe is mutually exclusive.
# Defaults to undef
#
# [*error_log_syslog*]
# (Optional) Sends the virtualhost error log messages to syslog.
# Defaults to undef
# #
define openstacklib::wsgi::apache ( define openstacklib::wsgi::apache (
$service_name = $name, $service_name = $name,
@@ -194,12 +218,17 @@ define openstacklib::wsgi::apache (
$wsgi_application_group = '%{GLOBAL}', $wsgi_application_group = '%{GLOBAL}',
$wsgi_pass_authorization = undef, $wsgi_pass_authorization = undef,
$wsgi_chunked_request = undef, $wsgi_chunked_request = undef,
$headers = undef,
$custom_wsgi_process_options = {}, $custom_wsgi_process_options = {},
$vhost_custom_fragment = undef, $vhost_custom_fragment = undef,
$allow_encoded_slashes = undef, $allow_encoded_slashes = undef,
$access_log_file = false, $access_log_file = false,
$access_log_pipe = false,
$access_log_syslog = false,
$access_log_format = false, $access_log_format = false,
$error_log_file = undef, $error_log_file = undef,
$error_log_pipe = undef,
$error_log_syslog = undef,
) { ) {
include ::apache include ::apache
@@ -266,11 +295,16 @@ define openstacklib::wsgi::apache (
wsgi_application_group => $wsgi_application_group, wsgi_application_group => $wsgi_application_group,
wsgi_pass_authorization => $wsgi_pass_authorization, wsgi_pass_authorization => $wsgi_pass_authorization,
wsgi_chunked_request => $wsgi_chunked_request, wsgi_chunked_request => $wsgi_chunked_request,
headers => $headers,
custom_fragment => $vhost_custom_fragment, custom_fragment => $vhost_custom_fragment,
allow_encoded_slashes => $allow_encoded_slashes, allow_encoded_slashes => $allow_encoded_slashes,
access_log_file => $access_log_file, access_log_file => $access_log_file,
access_log_pipe => $access_log_pipe,
access_log_syslog => $access_log_syslog,
access_log_format => $access_log_format, access_log_format => $access_log_format,
error_log_file => $error_log_file, error_log_file => $error_log_file,
error_log_pipe => $error_log_pipe,
error_log_syslog => $error_log_syslog,
} }
Package<| title == 'httpd' |> Package<| title == 'httpd' |>

6
releasenotes/notes/openstacklib-wsgi-apache-keystone-support-54bc020f9f1553c6.yaml Normal file
View File

@@ -0,0 +1,6 @@
---
features:
- |
openstacklib::wsgi::apache now has support for headers, access_log_pipe,
access_log_syslog, error_log_pipe and error_log_syslog params which will
be added to the apache::vhost setup.

16
spec/defines/openstacklib_wsgi_apache_spec.rb
View File

@@ -85,9 +85,15 @@ describe 'openstacklib::wsgi::apache' do
'display-name' => 'keystone_wsgi', 'display-name' => 'keystone_wsgi',
}, },
'wsgi_application_group' => '%{GLOBAL}', 'wsgi_application_group' => '%{GLOBAL}',
'headers' => nil,
'setenvif' => ['X-Forwarded-Proto https HTTPS=1'], 'setenvif' => ['X-Forwarded-Proto https HTTPS=1'],
'access_log_file' => false, 'access_log_file' => false,
'access_log_pipe' => false,
'access_log_syslog' => false,
'access_log_format' => false, 'access_log_format' => false,
'error_log_file' => nil,
'error_log_pipe' => nil,
'error_log_syslog' => nil
)} )}
it { is_expected.to contain_concat("#{platform_params[:httpd_ports_file]}") } it { is_expected.to contain_concat("#{platform_params[:httpd_ports_file]}") }
end end
@@ -100,6 +106,7 @@ describe 'openstacklib::wsgi::apache' do
:wsgi_script_source => '/usr/share/keystone/keystone.wsgi', :wsgi_script_source => '/usr/share/keystone/keystone.wsgi',
:wsgi_pass_authorization => 'On', :wsgi_pass_authorization => 'On',
:wsgi_chunked_request => 'On', :wsgi_chunked_request => 'On',
:headers => 'set X-Frame-Options "DENY"',
:servername => 'dummy.host', :servername => 'dummy.host',
:bind_host => '10.42.51.1', :bind_host => '10.42.51.1',
:bind_port => 4142, :bind_port => 4142,
@@ -110,8 +117,10 @@ describe 'openstacklib::wsgi::apache' do
:vhost_custom_fragment => 'LimitRequestFieldSize 81900', :vhost_custom_fragment => 'LimitRequestFieldSize 81900',
:allow_encoded_slashes => 'on', :allow_encoded_slashes => 'on',
:access_log_file => '/var/log/httpd/access_log', :access_log_file => '/var/log/httpd/access_log',
:access_log_syslog => 'syslog:local0',
:access_log_format => 'some format', :access_log_format => 'some format',
:error_log_file => '/var/log/httpd/error_log' :error_log_file => '/var/log/httpd/error_log',
:error_log_syslog => 'syslog:local0'
} }
end end
it { is_expected.to contain_apache__vhost('keystone_wsgi').with( it { is_expected.to contain_apache__vhost('keystone_wsgi').with(
@@ -133,11 +142,14 @@ describe 'openstacklib::wsgi::apache' do
'wsgi_application_group' => '%{GLOBAL}', 'wsgi_application_group' => '%{GLOBAL}',
'wsgi_pass_authorization' => 'On', 'wsgi_pass_authorization' => 'On',
'wsgi_chunked_request' => 'On', 'wsgi_chunked_request' => 'On',
'headers' => 'set X-Frame-Options "DENY"',
'custom_fragment' => 'LimitRequestFieldSize 81900', 'custom_fragment' => 'LimitRequestFieldSize 81900',
'allow_encoded_slashes' => 'on', 'allow_encoded_slashes' => 'on',
'access_log_file' => '/var/log/httpd/access_log', 'access_log_file' => '/var/log/httpd/access_log',
'access_log_syslog' => 'syslog:local0',
'access_log_format' => 'some format', 'access_log_format' => 'some format',
'error_log_file' => '/var/log/httpd/error_log' 'error_log_file' => '/var/log/httpd/error_log',
'error_log_syslog' => 'syslog:local0'
)} )}
end end