proxy: Support options to enable SSL
Swift has built-in feature to enable SSL for proxy-server. Add support for the options to use this feature so that we can test deployment with SSL enabled for swift. Change-Id: I9dc2b1fb752b2e4bf27ce252b724ae9220053cd2
This commit is contained in:
Takashi Kajinami
@@ -10,6 +10,14 @@
|
|||||||
# (optional) The port to which the proxy server will bind.
|
# (optional) The port to which the proxy server will bind.
|
||||||
# Defaults to 8080.
|
# Defaults to 8080.
|
||||||
#
|
#
|
||||||
|
# [*cert_file*]
|
||||||
|
# (optional) Certificate file to use for HTTPS
|
||||||
|
# Defaults to $facts['os_service_default'].
|
||||||
|
#
|
||||||
|
# [*key_file*]
|
||||||
|
# (optional) Key file to use for HTTPS
|
||||||
|
# Defaults to $facts['os_service_default'].
|
||||||
|
#
|
||||||
# [*pipeline*]
|
# [*pipeline*]
|
||||||
# (optional) The list of elements of the swift proxy pipeline.
|
# (optional) The list of elements of the swift proxy pipeline.
|
||||||
# Currently supports healthcheck, cache, proxy-server, and
|
# Currently supports healthcheck, cache, proxy-server, and
|
||||||
@@ -188,6 +196,8 @@
|
|||||||
class swift::proxy(
|
class swift::proxy(
|
||||||
$proxy_local_net_ip,
|
$proxy_local_net_ip,
|
||||||
$port = '8080',
|
$port = '8080',
|
||||||
|
$cert_file = $facts['os_service_default'],
|
||||||
|
$key_file = $facts['os_service_default'],
|
||||||
Swift::Pipeline $pipeline = [
|
Swift::Pipeline $pipeline = [
|
||||||
'catch_errors', 'gatekeeper', 'healthcheck', 'proxy-logging', 'cache',
|
'catch_errors', 'gatekeeper', 'healthcheck', 'proxy-logging', 'cache',
|
||||||
'listing_formats', 'tempauth', 'copy', 'proxy-logging', 'proxy-server'],
|
'listing_formats', 'tempauth', 'copy', 'proxy-logging', 'proxy-server'],
|
||||||
@@ -271,6 +281,8 @@ class swift::proxy(
|
|||||||
swift_proxy_config {
|
swift_proxy_config {
|
||||||
'DEFAULT/bind_port': value => $port;
|
'DEFAULT/bind_port': value => $port;
|
||||||
'DEFAULT/bind_ip': value => $proxy_local_net_ip;
|
'DEFAULT/bind_ip': value => $proxy_local_net_ip;
|
||||||
|
'DEFAULT/cert_file': value => $cert_file;
|
||||||
|
'DEFAULT/key_file': value => $key_file;
|
||||||
'DEFAULT/workers': value => $workers;
|
'DEFAULT/workers': value => $workers;
|
||||||
'DEFAULT/user': value => $::swift::params::user;
|
'DEFAULT/user': value => $::swift::params::user;
|
||||||
'DEFAULT/log_name': value => $log_name;
|
'DEFAULT/log_name': value => $log_name;
|
||||||
|
|||||||
5
releasenotes/notes/proxy-ssl-f9ca617598b2a1a3.yaml
Normal file
5
releasenotes/notes/proxy-ssl-f9ca617598b2a1a3.yaml
Normal file
@@ -0,0 +1,5 @@
|
|||||||
|
---
|
||||||
|
features:
|
||||||
|
- |
|
||||||
|
The ``cert_file`` parameter and the ``key_file`` parameter have been added
|
||||||
|
to the ``swift::proxy`` class.
|
||||||
@@ -57,6 +57,8 @@ describe 'swift::proxy' do
|
|||||||
it { should contain_service('swift-proxy-server').that_notifies('Anchor[swift::service::end]') }
|
it { should contain_service('swift-proxy-server').that_notifies('Anchor[swift::service::end]') }
|
||||||
it { should contain_swift_proxy_config('DEFAULT/bind_port').with_value('8080') }
|
it { should contain_swift_proxy_config('DEFAULT/bind_port').with_value('8080') }
|
||||||
it { should contain_swift_proxy_config('DEFAULT/bind_ip').with_value('127.0.0.1') }
|
it { should contain_swift_proxy_config('DEFAULT/bind_ip').with_value('127.0.0.1') }
|
||||||
|
it { should contain_swift_proxy_config('DEFAULT/cert_file').with_value('<SERVICE DEFAULT>') }
|
||||||
|
it { should contain_swift_proxy_config('DEFAULT/key_file').with_value('<SERVICE DEFAULT>') }
|
||||||
it { should contain_swift_proxy_config('DEFAULT/workers').with_value('2') }
|
it { should contain_swift_proxy_config('DEFAULT/workers').with_value('2') }
|
||||||
it { should contain_swift_proxy_config('DEFAULT/user').with_value('swift') }
|
it { should contain_swift_proxy_config('DEFAULT/user').with_value('swift') }
|
||||||
it { should contain_swift_proxy_config('DEFAULT/log_name').with_value('proxy-server') }
|
it { should contain_swift_proxy_config('DEFAULT/log_name').with_value('proxy-server') }
|
||||||
@@ -136,6 +138,8 @@ describe 'swift::proxy' do
|
|||||||
{
|
{
|
||||||
:proxy_local_net_ip => '10.0.0.2',
|
:proxy_local_net_ip => '10.0.0.2',
|
||||||
:port => '80',
|
:port => '80',
|
||||||
|
:cert_file => '/path/to/cert',
|
||||||
|
:key_file => '/path/to/key',
|
||||||
:workers => 3,
|
:workers => 3,
|
||||||
:pipeline => ['swauth', 'proxy-server'],
|
:pipeline => ['swauth', 'proxy-server'],
|
||||||
:allow_account_management => false,
|
:allow_account_management => false,
|
||||||
@@ -166,6 +170,8 @@ describe 'swift::proxy' do
|
|||||||
|
|
||||||
it { should contain_swift_proxy_config('DEFAULT/bind_port').with_value('80') }
|
it { should contain_swift_proxy_config('DEFAULT/bind_port').with_value('80') }
|
||||||
it { should contain_swift_proxy_config('DEFAULT/bind_ip').with_value('10.0.0.2') }
|
it { should contain_swift_proxy_config('DEFAULT/bind_ip').with_value('10.0.0.2') }
|
||||||
|
it { should contain_swift_proxy_config('DEFAULT/cert_file').with_value('/path/to/cert') }
|
||||||
|
it { should contain_swift_proxy_config('DEFAULT/key_file').with_value('/path/to/key') }
|
||||||
it { should contain_swift_proxy_config('DEFAULT/workers').with_value('3') }
|
it { should contain_swift_proxy_config('DEFAULT/workers').with_value('3') }
|
||||||
it { should contain_swift_proxy_config('DEFAULT/user').with_value('swift') }
|
it { should contain_swift_proxy_config('DEFAULT/user').with_value('swift') }
|
||||||
it { should contain_swift_proxy_config('DEFAULT/log_name').with_value('swift-proxy-server') }
|
it { should contain_swift_proxy_config('DEFAULT/log_name').with_value('swift-proxy-server') }
|
||||||
|
|||||||
Reference in New Issue
Block a user