Added HTTP Modules.

Modulefile

@@ -8,6 +8,8 @@ description 'This module installs and maintains the OpenStack RefStack service.'
 project_page 'https://github.com/openstack-ci/puppet-refstack'
 
 ## Add dependencies, if any:
-dependency 'stankevich/python', '= 1.6.6'
-dependency 'openstackci/vcsrepo', '= 0.0.8'
+dependency 'puppetlabs/stdlib', '= 3.2.0'
 dependency 'puppetlabs/mysql', '= 0.6.1'
+dependency 'puppetlabs/apache', '= 0.0.4'
+dependency 'openstackci/vcsrepo', '= 0.0.8'
+dependency 'stankevich/python', '= 1.6.6'

manifests/apache/http.pp

@@ -0,0 +1,47 @@
+# Copyright (c) 2015 Hewlett-Packard Development Company, L.P.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+# == Class: refstack::apache::http
+#
+# This module installs refstack onto the current host using an unecrypted http
+# protocol.
+#
+class refstack::apache::http () {
+  require ::refstack::params
+  require ::refstack::api
+  # require ::refstack::app
+
+  # Pull various variables into this module, for slightly saner templates.
+  $install_api_root       = $::refstack::params::install_api_root
+  $install_www_root       = $::refstack::params::install_www_root
+  $hostname               = $::refstack::params::hostname
+  $user                   = $::refstack::params::user
+  $group                  = $::refstack::params::group
+  $server_admin           = $::refstack::params::server_admin
+  $python_version         = $::refstack::params::python_version
+
+  # Install apache
+  include apache
+  include apache::mod::wsgi
+
+  # Set up refstack as HTTP
+  apache::vhost { $hostname:
+    port     => 80,
+    docroot  => $install_www_root,
+    priority => '50',
+    template => 'refstack/refstack_http.vhost.erb',
+    ssl      => false,
+    notify   => Service['httpd'],
+  }
+}

manifests/apache/https.pp

@@ -0,0 +1,85 @@
+# Copyright (c) 2015 Hewlett-Packard Development Company, L.P.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+# == Class: refstack::apache::https
+#
+# This module installs refstack onto the current host using an the https
+# protocol.
+#
+class refstack::apache::https () {
+
+  require ::refstack::params
+  require ::refstack::api
+# require ::refstack::app
+
+  # Pull various variables into this module, for slightly saner templates.
+  $install_api_root       = $::refstack::params::install_api_root
+  $install_www_root       = $::refstack::params::install_www_root
+  $hostname               = $::refstack::params::hostname
+  $user                   = $::refstack::params::user
+  $group                  = $::refstack::params::group
+  $server_admin           = $::refstack::params::server_admin
+  $python_version         = $::refstack::params::python_version
+  
+  $ssl_cert_content       = $::refstack::params::ssl_cert_content
+  $ssl_cert               = $::refstack::params::ssl_cert
+  $ssl_key_content        = $::refstack::params::ssl_key_content
+  $ssl_key                = $::refstack::params::ssl_key
+  $ssl_ca_content         = $::refstack::params::ssl_ca_content
+  $resolved_ssl_ca        = $::refstack::params::resolved_ssl_ca
+
+  # Install apache
+  include apache
+  include apache::mod::wsgi
+
+  if $ssl_cert_content != undef {
+    file { $ssl_cert:
+      owner   => 'root',
+      group   => 'ssl-cert',
+      mode    => '0640',
+      content => $ssl_cert_content,
+      notify  => Service['httpd'],
+    }
+  }
+
+  if $ssl_key_content != undef {
+    file { $ssl_key:
+      owner   => 'root',
+      group   => 'ssl-cert',
+      mode    => '0640',
+      content => $ssl_key_content,
+      notify  => Service['httpd'],
+    }
+  }
+
+  if $ssl_ca_content != undef {
+    file { $resolved_ssl_ca:
+      owner   => 'root',
+      group   => 'ssl-cert',
+      mode    => '0640',
+      content => $ssl_ca_content,
+      notify  => Service['httpd'],
+    }
+  }
+
+  # Set up ::refstack as HTTPS
+  apache::vhost { $hostname:
+    port     => 443,
+    docroot  => $install_www_root,
+    priority => '50',
+    template => 'refstack/refstack_https.vhost.erb',
+    ssl      => true,
+    notify   => Service['httpd'],
+  }
+}

manifests/init.pp

@@ -21,6 +21,7 @@ class refstack (
   $mysql_database      = 'refstack',
   $mysql_user          = 'refstack',
   $mysql_user_password,
+  $hostname            = $::ipaddress,
 ) {
 
   # Configure the entire refstack instance. This does not install anything,
@@ -29,8 +30,11 @@ class refstack (
     mysql_database         => $mysql_database,
     mysql_user             => $mysql_user,
     mysql_user_password    => $mysql_user_password,
+    hostname               => $hostname
   }
 
   include ::refstack::mysql
   include ::refstack::api
+
+  include ::refstack::apache::http
 }

manifests/params.pp

@@ -17,14 +17,18 @@
 # Centralized configuration management for the refstack module.
 #
 class refstack::params (
-  $python_version = '2.7',
+  $python_version         = '2.7',
 
   # Source and install directories.
-  $src_api_root   = '/opt/refstack-api',
+  $src_api_root           = '/opt/refstack-api',
+  $src_www_root           = '/opt/refstack-www',
+  $install_www_root       = '/var/www/refstack-www',
 
   # The user under which refstack will run.
-  $user           = 'refstack',
-  $group          = 'refstack',
+  $user                   = 'refstack',
+  $group                  = 'refstack',
+  $server_admin           = undef,
+  $hostname               = $::ipaddress,
 
   # [database] refstack.conf
   $mysql_user             = 'refstack',
@@ -32,6 +36,14 @@ class refstack::params (
   $mysql_host             = localhost,
   $mysql_port             = 3306,
   $mysql_database         = 'refstack',
+
+  # Apache2 ssl configuration
+  $ssl_cert_content = undef,
+  $ssl_cert         = '/etc/ssl/certs/refstack.pem',
+  $ssl_key_content  = undef,
+  $ssl_key          = '/etc/ssl/private/refstack.key',
+  $ssl_ca_content   = undef,
+  $ssl_ca           = undef, # '/etc/ssl/certs/ca.pem'
 ) {
 
   # Resolve a few parameters based on the install environment.
@@ -45,4 +57,11 @@ class refstack::params (
   # Build the connection string from individual parameters
   $mysql_connection_string = "mysql://${mysql_user}:${mysql_user_password}@${mysql_host}:${mysql_port}/${mysql_database}"
 
+  # CA file needs special treatment, since we want the path variable
+  # to be undef in some cases.
+  if $ssl_ca == undef and $ssl_ca_content != undef {
+    $resolved_ssl_ca = '/etc/ssl/certs/storyboard.ca.pem'
+  } else {
+    $resolved_ssl_ca = $ssl_ca
+  }
 }

metadata.json

@@ -9,16 +9,36 @@
   "issues_url": "https://refstack.openstack.org/#!/project/700",
   "dependencies": [
     {
-      "name": "stankevich/python",
-      "version_requirement": ">= 1.6.6"
+      "name": "puppetlabs/stdlib",
+      "version_requirement": ">= 3.2.0"
+    },
+    {
+      "name": "puppetlabs/mysql",
+      "version_requirement": ">= 0.6.1"
+    },
+    {
+      "name": "openstackci/httpd",
+      "version_requirement": "= 0.0.4"
+    },
+    {
+      "name": "puppetlabs/rabbitmq",
+      "version_requirement": ">= 4.0.0"
+    },
+    {
+      "name": "example42/puppi",
+      "version_requirement": ">= 2.1.9"
     },
     {
       "name": "openstackci/vcsrepo",
       "version_requirement": ">= 0.0.8"
     },
     {
-      "name": "puppetlabs/mysql",
-      "version_requirement": ">= 0.6.1"
+      "name": "stankevich/python",
+      "version_requirement": ">= 1.6.6"
+    },
+    {
+      "name": "puppetlabs/stdlib",
+      "version_requirement": ">= 3.2.0"
     }
   ]
 }

templates/refstack_http.vhost.erb

@@ -0,0 +1,21 @@
+WSGIPythonHome <%= @install_api_root %>
+
+<VirtualHost <%= @hostname %>:80>
+<% if !!@server_admin %>
+  ServerAdmin <%= @server_admin %>
+<% end %>
+  ServerName <%= @hostname %>
+
+  DocumentRoot <%= @install_www_root %>
+
+#  WSGIDaemonProcess refstack user=<%= @user %> group=<%= @group %> threads=5
+#  WSGIScriptAlias /api <%= @install_api_root %>/lib/python<%= @python_version %>/site-packages/refstack/api/app.wsgi
+#  WSGIPassAuthorization On
+  LogLevel warn
+  ErrorLog ${APACHE_LOG_DIR}/refstack-error.log
+  CustomLog ${APACHE_LOG_DIR}/refstack-access.log combined
+
+  <Directory "<%= @install_api_root %>">
+      Require all granted
+  </Directory>
+</VirtualHost>

templates/refstack_https.vhost.erb

@@ -0,0 +1,60 @@
+WSGIPythonHome <%= @install_api_root %>
+
+<VirtualHost <%= @hostname %>:80>
+  <% if !!@server_admin %>
+    ServerAdmin <%= @server_admin %>
+  <% end %>
+    ServerName <%= @hostname %>
+
+    DocumentRoot <%= @install_www_root %>
+
+    Redirect / https://<%= @hostname %>/
+
+    LogLevel warn
+    ErrorLog ${APACHE_LOG_DIR}/storyboard-error.log
+    CustomLog ${APACHE_LOG_DIR}/storyboard-access.log combined
+
+</VirtualHost>
+<IfModule mod_ssl.c>
+  <VirtualHost <%= @hostname %>:443>
+  <% if !!@server_admin %>
+    ServerAdmin <%= @server_admin %>
+  <% end %>
+    ServerName <%= @hostname %>
+
+    LogLevel warn
+    ErrorLog ${APACHE_LOG_DIR}/storyboard-ssl-error.log
+    CustomLog ${APACHE_LOG_DIR}/storyboard-ssl-access.log combined
+
+    SSLEngine on
+
+    SSLCertificateFile      <%= @ssl_cert %>
+    SSLCertificateKeyFile   <%= @ssl_key %>
+  <% if !!@resolved_ssl_ca %>
+    SSLCertificateChainFile <%= @resolved_ssl_ca %>
+  <% end %>
+
+    <FilesMatch "\.(cgi|shtml|phtml|php)$">
+      SSLOptions +StdEnvVars
+    </FilesMatch>
+    <Directory /usr/lib/cgi-bin>
+      SSLOptions +StdEnvVars
+    </Directory>
+
+    BrowserMatch "MSIE [2-6]" \
+        nokeepalive ssl-unclean-shutdown \
+        downgrade-1.0 force-response-1.0
+    # MSIE 7 and newer should be able to use keepalive
+    BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
+
+    DocumentRoot <%= @install_www_root %>
+
+#    WSGIDaemonProcess storyboard user=<%= @user %> group=<%= @group %> threads=5
+#    WSGIScriptAlias /api <%= @install_api_root %>/lib/python<%= @python_version %>/site-packages/storyboard/api/app.wsgi
+#    WSGIPassAuthorization On
+
+    <Directory "<%= @install_api_root %>">
+        Require all granted
+    </Directory>
+  </VirtualHost>
+</IfModule>

vagrant.pp

@@ -1,5 +1,6 @@
 node default {
   class { 'refstack':
+    hostname               => '192.168.99.88',
     mysql_user_password    => 'refstack',
   }
 }

vagrant.sh

@@ -15,12 +15,18 @@ if [ ! -d /etc/puppet/modules/refstack ]; then
 fi
 
 # Install required puppet modules.
-if [ ! -d /etc/puppet/modules/python ]; then
-  puppet module install stankevich-python --version 1.6.6
+if [ ! -d /etc/puppet/modules/stdlib ]; then
+  puppet module install puppetlabs-stdlib --version 3.2.0
+fi
+if [ ! -d /etc/puppet/modules/mysql ]; then
+  puppet module install puppetlabs-mysql --version 0.6.1
+fi
+if [ ! -d /etc/puppet/modules/apache ]; then
+  puppet module install puppetlabs-apache --version 0.0.4
 fi
 if [ ! -d /etc/puppet/modules/vcsrepo ]; then
   puppet module install openstackci-vcsrepo --version 0.0.8
 fi
-if [ ! -d /etc/puppet/modules/mysql ]; then
-  puppet module install puppetlabs-mysql --version 0.6.1
+if [ ! -d /etc/puppet/modules/python ]; then
+  puppet module install stankevich-python --version 1.6.6
 fi