migrate plugins from 1.0.0 to 2.0.0 package version

Change-Id: Ib7f3578a14a30c3bbd7b1bd9fa92cfd3aee7f193
This commit is contained in:
sbartel 2015-07-16 15:03:20 +02:00
parent 93228988ed
commit a68502c8c3
17 changed files with 285 additions and 351 deletions

View File

@ -15,7 +15,7 @@ Requirements
| Requirement | Version/Comment |
|----------------------------------|---------------------------------------------------------|
| Mirantis Openstack compatibility | 6.0 |
| Mirantis Openstack compatibility | 6.1 |
|----------------------------------|---------------------------------------------------------|
| Crt & Key files | You have a crt & key files to provide before deployment |
@ -43,20 +43,20 @@ Https plugin installation
``pip install fuel-plugin-builder``
3. Build nova-nfs Fuel plugin:
3. Build tls Fuel plugin:
``fpb --build fuel-plugin-tls/``
4. The tls-<x.x.x>.fp file will be created in the plugin folder (fuel-plugin-tls)
4. The tls-<x.x.x>.rpm file will be created in the plugin folder (fuel-plugin-tls)
5. Move this file to the Fuel Master node with secure copy (scp):
``scp tls-<x.x.x>.fp root@:<the_Fuel_Master_node_IP address>:/tmp``
``scp tls-<x.x.x>.rpm root@:<the_Fuel_Master_node_IP address>:/tmp``
``cd /tmp``
6. Install the nova-nfs plugin:
6. Install the tls plugin:
``fuel plugins --install tls-<x.x.x>.fp``
``fuel plugins --install tls-<x.x.x>.rpm``
6. Plugin is ready to use and can be enabled on the Settings tab of the Fuel web UI.
@ -78,7 +78,7 @@ https plugin configuration
- the certificate .key content
You must pass your .crt and .key files via fuel UI (settings tab)
You must pass your .crt, .key, .ca files via fuel UI (settings tab)
When you pass the content of the files in fuel ui, some "space" characters will appear, don't care about this puppet will remove it.
CRT file must be in the following format :
@ -136,6 +136,30 @@ X43ceACVpWiv5DmBtEUrB8dbwxEJFaoPGqEswwdh1FDxzfsPdapyqGI5B8zRjnpa
SR2QEYok/8lZeDgUOhXkGg==
-----END PRIVATE KEY-----
CA file must be in the following format :
-----BEGIN CERTIFICATE-----
MIIDXTCCAkWgAwIBAgIJAJHydV1v41XIMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV
BAYTAkZSMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
aWRnaXRzIFB0eSBMdGQwHhcNMTUwMTMwMTAyNDU3WhcNMTYwMTMwMTAyNDU3WjBF
MQswCQYDVQQGEwJGUjETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50
ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAqwHssa1A2alSVh8ZZvKffGaix7mSFMDsFjUgPShqbAZ8xGQynvrHPel9
A8E6ml0sGzHDwk8gobpu7k1wuMhcs7Np88xu5GtR1DhZWQ8MUGWHfflyjguMjtzF
pZg4j0M14SE2INwwsRRtvC0/aeV1/q7HqfTk7+y01g/N4OKvYwndNp2lbSjBZZF4
qbL9QD5iesOptxRryJ8tcm47i6hC4LTunz9pgVI13rtlOoqtXjf07ytMydBbzpeR
4joaPAjbPf5ywf+I/n8XFxy6QPC9qAm2H3Gpo/5bb7+9S8AOhYqvWEKNotvyX1E8
aiDLV+LHkL45Xpx47YBty6L8qNuejwIDAQABo1AwTjAdBgNVHQ4EFgQUVQNmpJDO
w5eVB3yjU80NUZSKZlcwHwYDVR0jBBgwFoAUVQNmpJDOw5eVB3yjU80NUZSKZlcw
DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAqadjZT7kMXRf5bp14nfI
20m6G/i5aHBo+0v+6lRtmk5wD/D6VsOh+R/HjjDDo68y/WEWXxQbuOYX+HZCABpf
VTA4oLvY4t3gtzt9Q21VtK/l5e3yyxo2JBnsPqc5wmWDlNO8aImF+QrvovkuyTV5
mX6suZgby4eTllmVzBNK/+FMuPlsSPwB8SxEbu04aOIcwbn4LCCZJZEG6INVGSS8
SRg1iER8mu2Jf45JKkMFDqUhCUp/ejM2t686O7olqKtmF53rDSBnzhtabdgTIx3F
RjCb281gwvwSgyFfUgt5TIIq1o/kci2N33zuxaifFVz6DtDxKegoZg73bUMg/OA2
bg==
-----END CERTIFICATE-----
Here is a screenshot of the fields
![tls fields](./figures/tls-plugin.png "tls-fields")
@ -159,6 +183,10 @@ None.
Release Notes
-------------
**2.0.0**
* migrate plugins from 1.0.0 to 2.0.0 package version
**1.0.0**
* Initial release of the plugin

View File

@ -1,30 +1,19 @@
$fuel_settings = parseyaml(file('/etc/astute.yaml'))
$tls_hash = $::fuel_settings['tls']
$horizon_crt = $tls_hash['horizon_crt']
$horizon_key = $tls_hash['horizon_key']
$nodes_hash = $::fuel_settings['nodes']
if ($::fuel_settings['deployment_mode'] == 'multinode') {
$controller = filter_nodes($nodes_hash,'role','controller')
$controller_node_public = $controller[0]['public_address']
class { 'tls::controller':
horizon_crt => $horizon_crt,
horizon_key => $horizon_key,
external_ip => $controller_node_public,
bind_address => $controller_node_public
}
}
else {
$controllers = concat(filter_nodes($nodes_hash,'role','primary-controller'), filter_nodes($nodes_hash,'role','controller'))
$public_virtual_ip = $::fuel_settings['public_vip']
$internal_virtual_ip = $::fuel_settings['management_vip']
class { 'tls::controller_ha':
controllers => $controllers,
public_virtual_ip => $public_virtual_ip,
internal_virtual_ip => $internal_virtual_ip,
horizon_crt => $horizon_crt,
horizon_key => $horizon_key,
external_ip => $public_virtual_ip
}
$tls_hash = hiera('tls')
$horizon_crt = $tls_hash['horizon_crt']
$horizon_key = $tls_hash['horizon_key']
$horizon_ca = $tls_hash['horizon_ca']
$nodes_hash = hiera('nodes')
$controllers = hiera('controllers')
$public_virtual_ip = hiera('public_vip')
$internal_virtual_ip = hiera('management_vip')
class { 'tls::controller':
controllers => $controllers,
public_virtual_ip => $public_virtual_ip,
internal_virtual_ip => $internal_virtual_ip,
horizon_crt => $horizon_crt,
horizon_key => $horizon_key,
horizon_ca => $horizon_ca,
external_ip => $public_virtual_ip
}

View File

@ -1,18 +1,10 @@
$fuel_settings = parseyaml(file('/etc/astute.yaml'))
$tls_hash = $::fuel_settings['tls']
$tls_hash = hiera('tls')
$horizon_crt = $tls_hash['horizon_crt']
$horizon_key = $tls_hash['horizon_key']
$nodes_hash = $::fuel_settings['nodes']
if ($::fuel_settings['deployment_mode'] == 'multinode') {
$controller = filter_nodes($nodes_hash,'role','controller')
$internal_ip = $controller[0]['internal_address']
$public_ip = $controller[0]['public_address']
}
else {
$public_ip = $::fuel_settings['public_vip']
$internal_ip = $::fuel_settings['management_vip']
}
$nodes_hash = hiera('nodes')
$public_ip = hiera('public_vip')
$internal_ip = hiera('management_vip')
class { 'tls::compute':
public_virtual_ip => $public_ip,
internal_virtual_ip => $internal_ip,

View File

@ -2,7 +2,8 @@
CRT=$1
KEY=$2
SSL_PATH=$3
CA=$3
SSL_PATH=$4
############################################################################################################################
# Horizon part
############################################################################################################################
@ -14,6 +15,12 @@ echo "-----BEGIN PRIVATE KEY-----" > $SSL_PATH/horizon.key
echo $KEY | awk -F "-----" '{ print $3}' | sed 's/ /\n/g' | sed '/^$/d' >> $SSL_PATH/horizon.key
echo "-----END PRIVATE KEY-----" >> $SSL_PATH/horizon.key
echo "-----BEGIN CERTIFICATE-----" > $SSL_PATH/horizon.ca
echo $CA | awk -F "-----" '{ print $3}' | sed 's/ /\n/g' | sed '/^$/d' >> $SSL_PATH/horizon.ca
echo "-----END CERTIFICATE-----" >> $SSL_PATH/horizon.ca
############################################################################################################################
# Nova part
############################################################################################################################

View File

@ -1,9 +1,16 @@
class tls::controller(
$controllers,
$public_virtual_ip,
$internal_virtual_ip,
$horizon_crt,
$horizon_key,
$external_ip,
$bind_address
$horizon_ca,
$external_ip
) {
$nodes_hash = hiera('nodes')
$node = filter_nodes($nodes_hash,'name',$::hostname)
$internal_address = $node[0]['internal_address']
$bind_address = $internal_address
$server_hostname = $external_ip
include tls::params
$apache_tls_path = $tls::params::apache_tls_path
@ -33,20 +40,23 @@ class tls::controller(
require => File["$apache_tls_path"]
}
exec {'format.sh':
command => "bash -c \"format.sh \'${horizon_crt}\' \'${horizon_key}\' \'${apache_tls_path}\'\"",
command => "bash -c \"format.sh \'${horizon_crt}\' \'${horizon_key}\' \'${horizon_ca}\' \'${apache_tls_path}\'\"",
path => '/usr/sbin:/usr/bin:/sbin:/bin',
require => File['format.sh'],
before => File['openstack-dashboard.conf'],
}
class { 'tls::horizon::horizon':
horizon_crt => $horizon_crt,
horizon_key => $horizon_key,
bind_address => $bind_address
}
class { 'tls::nova::novnc_controller':
server_hostname => $server_hostname,
novnc_service => $tls::params::nova_novnc_service,
httpd_service => $tls::params::httpd_service_name
}
httpd_service => $tls::params::httpd_service_name
}->
class { 'tls::horizon::horizon':
bind_address => $bind_address,
controllers => $controllers,
public_virtual_ip => $public_virtual_ip,
internal_virtual_ip => $internal_virtual_ip,
}->
exec { "ha_proxy_restart":
command => "/usr/sbin/crm resource restart p_haproxy",
}
}

View File

@ -1,29 +0,0 @@
class tls::controller_ha(
$controllers,
$public_virtual_ip,
$internal_virtual_ip,
$horizon_crt,
$horizon_key,
$external_ip
) {
$nodes_hash = $::fuel_settings['nodes']
$node = filter_nodes($nodes_hash,'name',$::hostname)
$internal_address = $node[0]['internal_address']
$bind_address = $internal_address
class { 'tls::controller':
horizon_crt => $horizon_crt,
horizon_key => $horizon_key,
external_ip => $external_ip,
bind_address => $bind_address
}
class { 'tls::horizon::horizon_ha':
controllers => $controllers,
public_virtual_ip => $public_virtual_ip,
internal_virtual_ip => $internal_virtual_ip,
}
exec { "ha_proxy_restart":
command => "/usr/sbin/crm resource restart p_haproxy",
require => Class['tls::horizon::horizon_ha'],
}
}

View File

@ -1,13 +1,39 @@
class tls::horizon::horizon(
$horizon_crt,
$horizon_key,
$bind_address,
$bind_address = '*',
$controllers,
$public_virtual_ip,
$internal_virtual_ip,
) {
include tls::params
$root_url = $tls::params::root_url
$ssl_cert_file = $tls::params::tls_cert_file
$ssl_key_file = $tls::params::tls_key_file
$ssl_port = 443
$horizon_hash = hiera_hash('horizon',{})
$root_url = $tls::params::root_url
$horizon_cert = $tls::params::tls_cert_file
$horizon_key = $tls::params::tls_key_file
$horizon_ca = $tls::params::tls_ca_file
$controller_internal_addresses = nodes_to_hash($controllers,'name','internal_address')
$controller_nodes = ipsort(values($controller_internal_addresses))
$cache_server_ip = hiera('memcache_servers', $controller_nodes)
$cache_server_port = hiera('memcache_server_port', '11211')
$swift = false
$neutron = hiera('use_neutron')
$horizon_app_links = undef
$keystone_host = hiera('management_vip')
$keystone_scheme = 'http'
$keystone_default_role = '_member_'
$verbose = hiera('verbose', true)
$debug = hiera('debug')
$api_result_limit = 1000
$package_ensure = hiera('horizon_package_ensure', 'installed')
$use_ssl = true
$use_syslog = hiera('use_syslog', true)
$log_level = 'WARNING'
$nova_quota = hiera('nova_quota')
$local_settings_template = 'openstack/horizon/local_settings.py.erb'
$django_session_engine = 'django.contrib.sessions.backends.cache'
$servername = hiera('public_vip')
$cache_backend = 'horizon.backends.memcached.HorizonMemcached'
$cache_options = ["'SOCKET_TIMEOUT': 1","'SERVER_RETRIES': 1","'DEAD_RETRY': 1"]
#update horizon config file
exec { "USE_SSL":
@ -51,35 +77,138 @@ class tls::horizon::horizon(
}
}
#update apache config file
file { 'openstack-dashboard.conf' :
ensure => present,
path => $tls::params::apache_conf_file,
owner => 'root',
group => 'root',
mode => '0755',
content => template('tls/openstack-dashboard.conf.erb'),
notify => Service[$tls::params::httpd_service_name],
if $horizon_hash['secret_key'] {
$secret_key = $horizon_hash['secret_key']
} else {
$secret_key = 'dummy_secret_key'
}
file { 'port.conf' :
ensure => present,
path => $tls::params::apache_port_file,
owner => 'root',
group => 'root',
mode => '0755',
content => template('tls/port.conf.erb'),
notify => Service[$tls::params::httpd_service_name],
if $debug { #syslog and nondebug case
#We don't realy want django debug, it is too verbose.
$django_debug = false
$django_verbose = false
$log_level_real = 'DEBUG'
} elsif $verbose {
$django_verbose = true
$django_debug = false
$log_level_real = 'INFO'
} else {
$django_verbose = false
$django_debug = false
$log_level_real = $log_level
}
file { 'vhost.conf' :
ensure => present,
path => $tls::params::apache_vhost_file,
owner => 'root',
group => 'root',
mode => '0755',
content => template('tls/vhost.erb'),
notify => Service[$tls::params::httpd_service_name],
apache::listen{ $ssl_port:}
apache::namevirtualhost{ "*:$ssl_port":}
class { '::horizon':
bind_address => $bind_address,
cache_server_ip => $cache_server_ip,
cache_server_port => $cache_server_port,
cache_backend => $cache_backend,
cache_options => $cache_options,
secret_key => $secret_key,
swift => $swift,
package_ensure => $package_ensure,
horizon_app_links => $horizon_app_links,
keystone_host => $keystone_host,
keystone_scheme => $keystone_scheme,
keystone_default_role => $keystone_default_role,
django_debug => $django_debug,
api_result_limit => $api_result_limit,
listen_ssl => $use_ssl,
log_level => $log_level_real,
local_settings_template => $local_settings_template,
configure_apache => false,
django_session_engine => $django_session_engine,
allowed_hosts => '*',
secure_cookies => false,
horizon_cert => $horizon_cert ,
horizon_key => $horizon_key,
horizon_ca => $horizon_ca
}
class { '::horizon::wsgi::apache':
priority => false,
servername => $public_virtual_ip,
bind_address => $bind_address,
wsgi_processes => $wsgi_processes,
wsgi_threads => $wsgi_threads,
horizon_cert => $horizon_cert ,
horizon_key => $horizon_key,
horizon_ca => $horizon_ca,
listen_ssl => $use_ssl,
extra_params => {
default_vhost => true,
add_listen => false,
ssl_protocol => '+TLSv1',
ssl_cipher => 'HIGH:!RC4:!MD5:!aNULL:!eNULL:!EXP:!LOW:!MEDIUM',
custom_fragment => template("openstack/horizon/wsgi_vhost_custom.erb"),
},
} ~>
Service[$::apache::params::service_name]
Haproxy::Service { use_include => true }
Haproxy::Balancermember { use_include => true }
$haproxy_config_options = {
'option' => ['ssl-hello-chk', 'tcpka'],
'stick-table' => 'type ip size 200k expire 30m',
'stick' => 'on src',
'balance' => 'source',
'timeout' => ['client 3h', 'server 3h'],
'mode' => 'tcp',
}
haproxy::listen { 'horizon-ssl':
order => '017',
ipaddress => $public_virtual_ip,
ports => '443',
options => $haproxy_config_options,
mode => 'tcp',
}
haproxy::balancermember { 'horizon-ssl':
order => '017',
listening_service => 'horizon-tls',
server_names => filter_hash($controllers, 'name'),
ipaddresses => filter_hash($controllers, 'internal_address'),
ports => '443',
options => 'weight 1 check',
define_cookies => false,
define_backups => false,
}
##################################################################################
$haproxy_config_options_nova = {
'option' => ['ssl-hello-chk', 'tcpka'],
'mode' => 'tcp',
}
haproxy::listen { 'nova-novncproxy':
order => '170',
ipaddress => $public_virtual_ip,
ports => '6080',
options => $haproxy_config_options_nova,
mode => 'tcp',
}
haproxy::balancermember { 'nova-novncproxy':
order => '170',
listening_service => 'horizon-tls',
server_names => filter_hash($controllers, 'name'),
ipaddresses => filter_hash($controllers, 'internal_address'),
ports => '6080',
options => 'check',
define_cookies => false,
define_backups => false,
}
######################################################################################
service { 'haproxy':
enable => true,
ensure => running,
}
}

View File

@ -1,74 +0,0 @@
class tls::horizon::horizon_ha (
$controllers,
$public_virtual_ip,
$internal_virtual_ip,
) {
require tls::horizon::horizon
include tls::params
Haproxy::Service { use_include => true }
Haproxy::Balancermember { use_include => true }
$haproxy_config_options = {
'option' => ['ssl-hello-chk', 'tcpka'],
'stick-table' => 'type ip size 200k expire 30m',
'stick' => 'on src',
'balance' => 'source',
'timeout' => ['client 3h', 'server 3h'],
'mode' => 'tcp',
}
haproxy::listen { 'horizon-ssl':
order => '017',
ipaddress => $public_virtual_ip,
ports => '443',
options => $haproxy_config_options,
mode => 'tcp',
}
haproxy::balancermember { 'horizon-ssl':
order => '017',
listening_service => 'horizon-tls',
server_names => filter_hash($controllers, 'name'),
ipaddresses => filter_hash($controllers, 'internal_address'),
ports => '443',
options => 'weight 1 check',
define_cookies => false,
define_backups => false,
}
##################################################################################
$haproxy_config_options_nova = {
'option' => ['ssl-hello-chk', 'tcpka'],
'mode' => 'tcp',
}
haproxy::listen { 'nova-novncproxy':
order => '170',
ipaddress => $public_virtual_ip,
ports => '6080',
options => $haproxy_config_options_nova,
mode => 'tcp',
}
haproxy::balancermember { 'nova-novncproxy':
order => '170',
listening_service => 'horizon-tls',
server_names => filter_hash($controllers, 'name'),
ipaddresses => filter_hash($controllers, 'internal_address'),
ports => '6080',
options => 'check',
define_cookies => false,
define_backups => false,
}
######################################################################################
service { 'haproxy':
enable => true,
ensure => running,
}
}

View File

@ -16,9 +16,4 @@ class tls::nova::novnc_controller (
enable => true,
ensure => running,
}
service { $httpd_service:
enable => true,
ensure => running,
}
}
}

View File

@ -1,30 +1,32 @@
class tls::params {
if $::osfamily == 'Debian' {
$httpd_service_name = 'apache2'
$httpd_service_name = 'apache2'
$horizon_settings_file = '/etc/openstack-dashboard/local_settings.py'
$usergroup = 'nogroup'
$usergroup = 'nogroup'
$nova_compute_service = 'nova-compute'
$nova_novnc_service = 'nova-novncproxy'
$apache_tls_path = '/etc/apache2/TLS'
$tls_cert_file = '/etc/apache2/TLS/horizon.crt'
$tls_key_file = '/etc/apache2/TLS/horizon.key'
$nova_novnc_service = 'nova-novncproxy'
$apache_tls_path = '/etc/apache2/TLS'
$tls_cert_file = '/etc/apache2/TLS/horizon.crt'
$tls_key_file = '/etc/apache2/TLS/horizon.key'
$tls_ca_file = '/etc/apache2/TLS/horizon.ca'
$root_url = '/horizon'
$apache_conf_file = '/etc/apache2/conf-available/openstack-dashboard.conf'
$apache_conf_file = '/etc/apache2/conf-available/openstack-dashboard.conf'
$apache_vhost_file = '/etc/apache2/sites-available/openstack-dashboard.conf'
$apache_port_file = '/etc/apache2/ports.conf'
$apache_port_file = '/etc/apache2/ports.conf'
} elsif($::osfamily == 'RedHat') {
$httpd_service_name = 'httpd'
$httpd_service_name = 'httpd'
$horizon_settings_file = '/etc/openstack-dashboard/local_settings'
$usergroup = 'nobody'
$usergroup = 'nobody'
$nova_compute_service = 'openstack-nova-compute'
$nova_novnc_service = 'openstack-nova-novncproxy'
$apache_tls_path = '/etc/httpd/TLS'
$tls_cert_file = '/etc/httpd/TLS/horizon.crt'
$tls_key_file = '/etc/httpd/TLS/horizon.key'
$nova_novnc_service = 'openstack-nova-novncproxy'
$apache_tls_path = '/etc/httpd/TLS'
$tls_cert_file = '/etc/httpd/TLS/horizon.crt'
$tls_key_file = '/etc/httpd/TLS/horizon.key'
$tls_ca_file = '/etc/httpd/TLS/horizon.ca'
$root_url = '/dashboard'
$apache_conf_file = '/etc/httpd/conf.d/openstack-dashboard.conf'
$apache_conf_file = '/etc/httpd/conf.d/openstack-dashboard.conf'
$apache_vhost_file = '/etc/httpd/conf.d/ssl.conf'
$apache_port_file = '/etc/httpd/conf.d/ports.conf'
$apache_port_file = '/etc/httpd/conf.d/ports.conf'
} else {
fail("unsupported family ${::osfamily}")
}

View File

@ -1,58 +0,0 @@
#
# This file autogenerated by Puppet
# Do not edit, changes will be overwritten
#
<%
if @memorysize_mb.to_i < 1200 or @processorcount.to_i <= 3
wsgi_daemon_processes = 3
wsgi_daemon_threads = 10
else
wsgi_daemon_processes = @processorcount
wsgi_daemon_threads = 15
end
if @osfamily == 'RedHat' %>
WSGIDaemonProcess dashboard processes=<%= wsgi_daemon_processes %> threads=<%= wsgi_daemon_threads %>
WSGIProcessGroup dashboard
WSGISocketPrefix run/wsgi
WSGIScriptAlias /dashboard /usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi
Alias /static /usr/share/openstack-dashboard/static
<Directory /usr/share/openstack-dashboard/openstack_dashboard/wsgi>
<IfModule mod_deflate.c>
SetOutputFilter DEFLATE
<IfModule mod_headers.c>
# Make sure proxies don’t deliver the wrong content
Header append Vary User-Agent env=!dont-vary
</IfModule>
</IfModule>
Order allow,deny
Allow from all
</Directory>
<Directory /usr/share/openstack-dashboard/static>
<IfModule mod_expires.c>
ExpiresActive On
ExpiresDefault "access 6 month"
</IfModule>
<IfModule mod_deflate.c>
SetOutputFilter DEFLATE
</IfModule>
Order allow,deny
Allow from all
</Directory>
<%
end
if @osfamily == 'Debian' %>
WSGIScriptAlias /horizon /usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi
WSGIDaemonProcess horizon user=horizon group=horizon processes=<%= wsgi_daemon_processes %> threads=<%= wsgi_daemon_threads %>
WSGIProcessGroup horizon
Alias /static /usr/share/openstack-dashboard/openstack_dashboard/static/
<Directory /usr/share/openstack-dashboard/openstack_dashboard/wsgi>
Order allow,deny
Allow from all
</Directory>
<% end %>

View File

@ -1,21 +0,0 @@
# If you just change the port or add more ports here, you will likely also
# have to change the VirtualHost statement
NameVirtualHost *:80
Listen <%= @bind_address %>:80
<% if @osfamily == 'RedHat' -%>
NameVirtualHost *:443
Listen <%= @bind_address %>:443
<% else %>
<IfModule mod_ssl.c>
# Server Name Indication for SSL named virtual hosts is currently not
# supported by MSIE on Windows XP.
NameVirtualHost *:443
Listen <%= @bind_address %>:443
</IfModule>
<IfModule mod_gnutls.c>
Listen <%= @bind_address %>:443
</IfModule>
<% end %>

View File

@ -1,37 +0,0 @@
#
# This file autogenerated by Puppet
# Do not edit, changes will be overwritten
#
# SSL support
<% if @osfamily == 'RedHat' -%>
LoadModule ssl_module modules/mod_ssl.so
<% end -%>
SSLPassPhraseDialog builtin
SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout 300
SSLMutex default
SSLRandomSeed startup file:/dev/urandom 256
SSLRandomSeed connect builtin
SSLCryptoDevice builtin
<% if @use_syslog -%>
ErrorLog syslog:local1
<% end -%>
<VirtualHost *:80>
RedirectMatch permanent ^/$ <%= @root_url %>/
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R]
</VirtualHost>
<VirtualHost *:443>
RedirectMatch permanent ^/$ <%= @root_url %>/
SSLEngine on
SSLProtocol +TLSv1
SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!EXP:!LOW:!MEDIUM
SSLCertificateFile <%= @ssl_cert_file %>
SSLCertificateKeyFile <%= @ssl_key_file %>
</VirtualHost>

View File

@ -9,5 +9,5 @@
# Learn more about module testing here:
# http://docs.puppetlabs.com/guides/tests_smoke.html
#
include tls::controller_ha
include tls::controller
include tls::compute

View File

@ -9,5 +9,11 @@ attributes:
value: ""
label: "Key"
description: "Certificate .key content"
weight: 10
weight: 11
type: "password"
horizon_ca:
value: ""
label: "CA"
description: "Certificate .ca content"
weight: 12
type: "password"

View File

@ -6,29 +6,24 @@ version: 1.0.0
# Description
description: Enables the Transport Layer Security (TLS) protocol to secure openstack
# Required fuel version
fuel_version: ['6.0']
fuel_version: ['6.1']
authors: [Orange]
licenses: [Apache License Version 2.0]
homepage: https://github.com/stackforge/fuel-plugin-tls
groups: []
# The plugin is compatible with releases in the list
releases:
- os: ubuntu
version: 2014.2-6.0
version: 2014.2-6.1
mode: ['ha', 'multinode']
deployment_scripts_path: deployment_scripts/
repository_path: repositories/ubuntu
- os: centos
version: 2014.2-6.0
mode: ['ha', 'multinode']
deployment_scripts_path: deployment_scripts/
repository_path: repositories/centos
- os: ubuntu
version: 2014.2-6.0.1
mode: ['ha', 'multinode']
deployment_scripts_path: deployment_scripts/
repository_path: repositories/ubuntu
- os: centos
version: 2014.2-6.0.1
version: 2014.2-6.1
mode: ['ha', 'multinode']
deployment_scripts_path: deployment_scripts/
repository_path: repositories/centos
# Version of plugin package
package_version: '1.0.0'
package_version: '2.0.0'

View File

@ -1,13 +1,13 @@
# Deployment is required for controllers
- role: ['controller']
stage: post_deployment
- role: ['primary-controller','controller']
stage: post_deployment/6003
type: puppet
parameters:
puppet_manifest: puppet/manifests/site.pp
puppet_modules: "puppet/modules/:/etc/puppet/modules/"
timeout: 360
- role: ['compute']
stage: post_deployment
stage: post_deployment/6004
type: puppet
parameters:
puppet_manifest: puppet/manifests/site_compute.pp