stackforge/puppet-openstack-cloud
Code Issues Proposed changes

dashboard: add ssl_forward support

Browse Source 
Allow to configure Apache to forward HTTPS protocol in the headers.
Useful when activating SSL binding on HAproxy and not in Horizon.

Closes-bug #520
This commit is contained in:
Emilien Macchi
2014-06-25 23:49:18 +02:00
parent 49a08614d8
commit 0e87960313
2 changed files with 17 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
manifests/dashboard.pp
View File

@@ -73,6 +73,10 @@
# [*horizon_ca*] # [*horizon_ca*]
# (required with listen_ssl) CA certificate to use for SSL support. # (required with listen_ssl) CA certificate to use for SSL support.
# #
# [*ssl_forward*]
# (optional) Forward HTTPS proto in the headers
# Useful when activating SSL binding on HAproxy and not in Horizon.
# Defaults to false
class cloud::dashboard( class cloud::dashboard(
$ks_keystone_internal_host = '127.0.0.1', $ks_keystone_internal_host = '127.0.0.1',
@@ -90,14 +94,21 @@ class cloud::dashboard(
$horizon_cert = undef, $horizon_cert = undef,
$horizon_key = undef, $horizon_key = undef,
$horizon_ca = undef, $horizon_ca = undef,
$ssl_forward = false
) { ) {
# We build the param needed for horizon class # We build the param needed for horizon class
$keystone_url = "${keystone_proto}://${keystone_host}:${keystone_port}/v2.0" $keystone_url = "${keystone_proto}://${keystone_host}:${keystone_port}/v2.0"
# Apache2 specific configuration # Apache2 specific configuration
if $ssl_forward {
$set_env_real = ['SetEnvIf X-Forwarded-Proto https HTTPS=1']
} else {
$set_env_real = []
}
$vhost_extra_params = { $vhost_extra_params = {
'add_listen' => true 'add_listen' => true,
'setenv' => $set_env_real
} }
ensure_resource('class', 'apache', { ensure_resource('class', 'apache', {
default_vhost => false default_vhost => false

6
spec/classes/cloud_dashboard_spec.rb
View File

@@ -32,6 +32,7 @@ describe 'cloud::dashboard' do
:keystone_port => '5000', :keystone_port => '5000',
:debug => true, :debug => true,
:api_eth => '10.0.0.1', :api_eth => '10.0.0.1',
:ssl_forward => true,
:servername => 'horizon.openstack.org' } :servername => 'horizon.openstack.org' }
end end
@@ -48,7 +49,10 @@ describe 'cloud::dashboard' do
:keystone_url => 'http://keystone.openstack.org:5000/v2.0', :keystone_url => 'http://keystone.openstack.org:5000/v2.0',
:django_debug => true, :django_debug => true,
:neutron_options => { 'enable_lb' => true }, :neutron_options => { 'enable_lb' => true },
:vhost_extra_params => { 'add_listen' => true } :vhost_extra_params => {
'add_listen' => true ,
'setenv' => ['SetEnvIf X-Forwarded-Proto https HTTPS=1']
}
) )
should contain_class('apache').with(:default_vhost => false) should contain_class('apache').with(:default_vhost => false)
end end