This change introduces the new parameter to override
the apache::vhost::request_headers parameter, which is used to define
RequestHeader statements in vhost configuration.
Change-Id: I360b18acdf974bf3cdc9f8e817b66cd85f116afd
because apache::vhost::wsgi_daemon_process_options has been deprecated
in puppetlabs-apache[1].
[1] 0d5e0bef88
Change-Id: I0a233190d2a1c9d96128d99e1ac1a612161a7446
By default, puppetlabs-apache module enables Indexes option, which can
lead in data/structure leak.
The following patch disable that option on a global base, since we
shouldn't need such a feature.
Closes-Bug: #1854442
Change-Id: Icba53f4e32237556608f4cb6dcd9da1a71705c19
This should prevent slow loading on the first request, especially
annoying when this first request is done by a healthcheck launched by an
inflight validation.
This patch is a reaction to the whole issue raised by the new nova
inflight validations[1], followed by some discussions in order to get a
faster application loading.
[1] https://review.opendev.org/#/q/status:merged+project:openstack/tripleo-heat-templates+branch:master+topic:bug/1842687
Related-Bug: #1843555
Change-Id: I27e37e30823c4312d9d7a93f18fe0f930ce70c49
Adds simple spec test for multiple ports in
the bind_port. The change in puppet-keystone
will need to support multiple ports so we
ensure nobody breaks this.
Change-Id: Ie2ab4641b0829b872fee0dea3aab236455eb3266
When the system-wide umask setting is more restrictive than the
default setting, the wsgi script directory permissions may not allow
the apache process to access them, resulting in errors.
A similar fix was applied to Keystone some time ago, see [1].
[1] - 4f15fb64b1
Change-Id: Ie9769657dc530bc895a3119b3e458864a8b5f293
This patch adds a new parameter named custom_wsgi_script_aliases
to the openstacklib::wsgi::apache class. This can be used to specify
extra WSGI script alias statements for the apache::vhost resource
which is merged with the default one calculated using $path,
$wsgi_script_dir and $wsgi_script_file.
This is the final piece to be able to move keystone::wsgi::apache
over to using openstacklib::wsgi::apache.
Change-Id: I31096140a6f355ec99496053fb06ce6c73094180
This patch adds the params that keystone currently
supports to openstacklib::wsgi::apache so we can move
keystone::wsgi::apache to using this and not drop
any existing available options.
Change-Id: Ifb988fedce958d2607365634efeccf2d7b88d073
This allows the setting of the error and access file logs, as well as
the access log format. This was done in a similar fashion as one can
configure these ones in the keystone wsgi manifest.
Change-Id: I5e7d3588b7b3b106813d6d37b55aa812273d04d6
Due to Python's GIL [1], we can't use multiple threads for running
OpenStack services without a performance penalty, since the execution
ends up serialized, which defeats the purpose.
Instead, we should use several processes, since this approach doesn't
have this limitation.
[1] https://wiki.python.org/moin/GlobalInterpreterLock
Change-Id: I09b4dfa0873c5a086d4492a7e2ebb72460e507c9
The latest version of puppet now reports these as catalog failures so
this change removes the unnecessary references and the references
should be updated.
Change-Id: Id09c3358c5843510e6a2a8c0e2d4aeb3607e098b
Closes-Bug: #1702964
if wsgi_script file is a symlink to another file (eg.
in a virtual environment) the file resource copied the
symlink instead of creating a new file.
This patch ensures, that symlinks are followed and a
ordinary file is created instead of copying the symlink.
Change-Id: I53e59dbfb8810a519fce24e1e381e0f83c5a1c29
when ceilometer api is deployed in httpd, however
the process name is like '/usr/sbin/httpd -DFOREGROUND',
it is ambiguous and make monitoring more difficult.
the aodh, gnocchi module are also like that.
so we should set an appropriate name for wsgi process.
Change-Id: I5e8c9be062a88e9ed6442e6cbce6573fba385030
Related-Bug: #1626550
This sets the WSGIChunkedRequest setting in the vhost, which is
something that services like glance need when running over httpd.
Change-Id: I1c8816e9e5a9a38a3a86f3c0c5016df18f09ea62
This change updates the tests to use rspec-puppet-facts when doing
different OS testing. Additionally as part of this change, there are
improvements to the openstacklib::policycrd testing which uncovered
issues with the verify_contents catalog test. The verify_contents calls
have been replaced with heredocs to better test when multiple services
are excluded.
Change-Id: I86bae2b16026e15b6e4445f3749419b8802bc94d
This patch changes the default worker count from ::processorcount to the
new ::os_workers fact. ::os_workers is based on the number of processors
(currently cpu/4) but is capped at a maximum of 8 worker processors.
This is a much more reasonable default in general and prevents excessive
resource consumption on systems with a large number of CPUs.
Change-Id: I458791aa8027cffeeec49698b302cb96ae5af2e2
Without this, some OpenStack services will return invalid URLs if
you are using SSL termination at a proxy in front of the service.
Change-Id: I3ee6b5838f4703e3b8b1b6632dd45c94057b2202
Closes-Bug: 1597935
It's recommended to use WSGIApplicationGroup and WSGIPassAuthorization
options when a service is running under Apache.
Change-Id: Ia6bacab44c1d25f0253c84183f4a561d7682c6e8
Add possibility to pass custom_fragment to apache::vhost
in order to provide lines, that are not supported by module.
(for example LimitRequestFieldSize for keystone)
Change-Id: Ib199dc75c17de0bcdc385afcc33cb3854668a1b2
'owner' is not a valid option for the WSGIDaemonProcess directive. The
correct option is 'user' [1]. Trying to set 'owner' causes the service
to be unable to start. This patch corrects that option name.
[1] https://code.google.com/p/modwsgi/wiki/ConfigurationDirectives#WSGIDaemonProcess
Change-Id: I907fbcb48db823ea8f5caca4496efaaa456ef69c
This patch aim to update our specs test in order to work with the rspec-puppet
release 2.0.0, in the mean time, we update rspec syntax order to be prepared
for rspec 3.x move.
In details:
* Upgrade and pin rspec-puppet from 1.0.1 to 2.0.0
* Convert 'should' keyword to 'is_expected.to' (prepare rspec 3.x)
* Fix spec tests for rspec-puppet 2.0.0
* Clean Gemfile (remove over-specificication of runtime deps of
puppetlabs_spec_helper)
Change-Id: Ice356e35a65204a62e47f49dd4f5816208a6dace
Signed-off-by: Gael Chamoulaud <gchamoul@redhat.com>
Because of backward compatibility with puppet-keystone, we should not
hardcode the name of the service.
Change-Id: Icf2356ea13344a57ed46b18a277e4534e510873c
Allow to serve a service with apache mod_wsgi like.
This code will be consummed by OpenStack project that allow to run a
service as a WSGI process.
Change-Id: Ib606df7d6ceec1db032c8e133598056878df0a01
