Simplify apache::listen for services relying on httpd

Due to the way Packstack runs Puppet manifests, we are regularly
having issues related to usage of apache::listen. Using it means
the existing configuration in ports.conf is removed with every new
Puppet run, so we need to maintain an ugly hack in services relying
on httpd to ensure no port is lost.

To simplify this, we are consolidating all apache::listen calls in
one template (apache_ports.pp), which is included by any service
requiring Apache. Also, a new plugin (apache_060.py), will make sure
Apache is installed with a default configuration, so any service
using it later finds the same starting point.

While it does not fix the design issue, it provides a single place to
specify listen ports, and will avoid further issues.

Change-Id: Ic8ed069f4991602d125f40eaad8f050284d680e1
(cherry picked from commit 68d437f5e2)

packstack/plugins/apache_060.py

@@ -0,0 +1,47 @@
+# -*- coding: utf-8 -*-
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+"""
+Installs and configures Apache for all services using it
+"""
+
+from packstack.installer import utils
+
+from packstack.modules.ospluginutils import appendManifestFile
+from packstack.modules.ospluginutils import getManifestTemplate
+
+# ------------- Aodh Packstack Plugin Initialization --------------
+
+PLUGIN_NAME = "OS-Apache"
+PLUGIN_NAME_COLORED = utils.color_text(PLUGIN_NAME, 'blue')
+
+
+def initConfig(controller):
+    # No config needed
+    return
+
+
+def initSequences(controller):
+    steps = [{'title': 'Adding Apache manifest entries',
+              'functions': [create_manifest]}]
+    controller.addSequence("Setting up Apache", [], [],
+                           steps)
+
+# ------------------------- step functions -------------------------
+
+
+def create_manifest(config, messages):
+    manifestfile = "%s_apache.pp" % config['CONFIG_CONTROLLER_HOST']
+    manifestdata = getManifestTemplate("apache")
+    appendManifestFile(manifestfile, manifestdata, 'apache')

packstack/plugins/dashboard_500.py

@@ -208,6 +208,7 @@ def create_manifest(config, messages):
             config["CONFIG_HORIZON_NEUTRON_VPN"] = True
 
     manifestdata = getManifestTemplate("horizon")
+    manifestdata += getManifestTemplate("apache_ports")
     appendManifestFile(manifestfile, manifestdata)
 
     msg = ("To access the OpenStack Dashboard browse to %s://%s/dashboard .\n"

packstack/plugins/keystone_100.py

@@ -780,6 +780,8 @@ def munge_ldap_config_params(config, messages):
 def create_manifest(config, messages):
     manifestfile = "%s_keystone.pp" % config['CONFIG_CONTROLLER_HOST']
     manifestdata = getManifestTemplate("keystone")
+    if config['CONFIG_KEYSTONE_SERVICE_NAME'] == 'httpd':
+        manifestdata += getManifestTemplate("apache_ports")
 
     if config['CONFIG_IP_VERSION'] == 'ipv6':
         host = config['CONFIG_CONTROLLER_HOST']

packstack/plugins/nagios_910.py

@@ -94,6 +94,7 @@ def create_manifest(config, messages):
 
     manifestfile = "%s_nagios.pp" % config['CONFIG_CONTROLLER_HOST']
     manifestdata = getManifestTemplate("nagios_server")
+    manifestdata += getManifestTemplate("apache_ports")
     appendManifestFile(manifestfile, manifestdata)
 
 

packstack/puppet/templates/apache.pp

@@ -0,0 +1,9 @@
+include ::apache
+
+if hiera('CONFIG_HORIZON_SSL')  == 'y' {
+  package { 'mod_ssl':
+    ensure => installed,
+  }
+
+  Package['mod_ssl'] -> Class['::apache']
+}

packstack/puppet/templates/apache_ports.pp

@@ -0,0 +1,9 @@
+if hiera('CONFIG_HORIZON_SSL')  == 'y' {
+  apache::listen { '443': }
+}
+
+if hiera('CONFIG_KEYSTONE_SERVICE_NAME') == 'httpd' {
+  apache::listen { '5000': }
+  apache::listen { '35357': }
+}
+

packstack/puppet/templates/horizon.pp

@@ -52,15 +52,6 @@ File <| path == $::horizon::params::config_file |> {
   mode    => 0640,
 }
 
-if $horizon_ssl {
-  apache::listen { '443': }
-}
-
-if hiera('CONFIG_KEYSTONE_SERVICE_NAME') == 'httpd' {
-  apache::listen { '5000': }
-  apache::listen { '35357': }
-}
-
 # hack for memcached, for now we bind to localhost on ipv6
 # https://bugzilla.redhat.com/show_bug.cgi?id=1210658
 $memcached_bind_host = hiera('CONFIG_IP_VERSION') ? {

packstack/puppet/templates/keystone.pp

@@ -52,10 +52,6 @@ if $keystone_service_name == 'httpd' {
   class { '::keystone::wsgi::apache':
     ssl => $keystone_use_ssl,
   }
-
-  if hiera('CONFIG_HORIZON_SSL') == 'y' {
-    apache::listen { '443': }
-  }
 }
 
 class { '::keystone::roles::admin':

packstack/puppet/templates/nagios_server.pp

@@ -94,12 +94,3 @@ firewall { '001 nagios incoming':
   action => 'accept',
 }
 
-# ensure that we won't stop listening on 443 if horizon has ssl enabled
-if hiera('CONFIG_HORIZON_SSL')  == 'y' {
-  apache::listen { '443': }
-}
-
-if hiera('CONFIG_KEYSTONE_SERVICE_NAME') == 'httpd' {
-  apache::listen { '5000': }
-  apache::listen { '35357': }
-}