This removes the workaround to add missing selinux rule. The bug in
openstack-sexlinux[1] was already fixed and we no longer need to
add the rule additionally.
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1396553
Change-Id: I979d2c30fb0a0c7f456dff6376bf91ef141e86a2
Currently parameter description of the <module>::wsgi::apache classes
are formatted differently in individual modules, and this is making
the maintenance effort quite difficult.
This change updates the description format following the standard one
we are globally using in our modules to reduce undesired differences
between modules.
Change-Id: Icec870fce75185f2ca902c565dd94c467b9f6638
Add parameters for advanced logging configurations in Apache to
support piped logging and support for syslog (via mod_syslog
available in Apache >= 2.5.0)
Co-Authored-By: Andy Botting <andy@andybotting.com>
Change-Id: Idb3d73309588a7436cd2e067121119c5878eee18
The puppetlabs-apache module is enforcing more strict data type
validation[1].
This change updates the default values to adapt to that change.
[1] f41251e336
Closes-Bug: #1983300
Depends-on: https://review.opendev.org/851652
Change-Id: I2df44be85cb73144ce45b8f5bea2ccba64d0be86
The headers option in apache::vhost is required in some case, for
example when adding the X-XSS-Protection header. This change allows
customizing the option for the api vhost.
Change-Id: I2c527b5511db04f9daa7f605b565a567599b5431
During the previous cycle, a warning message was added to inform users
of this change.
Now the default value is updated so that SSL is disabled by default.
Change-Id: I6bd11a340b8623b45da7284e52ee505ea6870562
It turned out defining dependency for openstacklib::wsgi::apache
doesn't properly enforce resource order and the default vhost file
is not purged properly.
This change adds the more explicit dependency to enforce the order
properly.
Change-Id: I3f8346d8df6c60b36e2abe281e87163b1e2837e6
Currently we support usage of distro packages only, and this custom
fact can be simply replaced by the default fact.
Change-Id: I11bac6405b94e6616e45dd511b842a4ad358148a
This change removes direct reference to some classes in
puppetlabs-apache. Details are explained below.
- The api class doesn't need access to anything defined in
apache::params
- The following classes are included by the openstacklib::wsgi::apache
resource type, and current inclusions are just redundant.
Change-Id: I88684f7f246b226844dc724a35d1cec95742704e
... instead of injecting it by vhost_custom_fragment.
Depends-on: https://review.opendev.org/821082
Change-Id: I684e077d03b318cef01688c1b11ea37d7fc2f664
Currently the <service>::wsgi::apache::ssl parameters have inconsistent
default values. Some parameters default to true while the other default
to false.
Based on the following points, false is considered to be the more
reasonable default.
- Usage of SSL is optional and is not always required
- There are other methods(like load-balancer) to implement SSL
termination
- Enabling SSL doesn't work with the default values currently
defined, and requires additional parameters like ssl_cert.
- false is the default value defined in the base implementation in
puppet-openstacklib.
This change is the preparation to change the default value, and
introduces a warning message to make users aware of the future change.
Change-Id: I76516e3d0c659fabdb7736ff4a5a6621eed29371
This patch is adding the configuration of the number of workers,
threads, and the size of the listen queue in Debian, which uses
uwsgi to run Heat API and api-metadata. Therefore, this patch adds
two new heat_api_uwsgi_config and heat_api_cfn_uwsgi_config
providers as well as two new heat::wsgi::uwsgi_api and
heat::wsgi::uwsgi_api_cfn classes.
Change-Id: I0e226046f6e2d69c89681948cee8e8830c186489
It is provided by the Puppet class 'openstacklib::wsgi::apache'.
This change exposes it for the Heat CFN service.
Change-Id: If689eb5e896dba443358ac83cd7f566aacc276f1
Signed-off-by: Luke Short <ekultails@gmail.com>
This changes all the puppet 3 validate_* functions
to use the validate_legacy function.
The validate_legacy function has been available since
about three years but require Puppet >= 4.4.0 and since
there is Puppet 4.10.12 as latest we should assume people
are running a fairly new Puppet 4 version.
This is the first step to then remove all validate function
calls and use proper types for parameter as described in spec [1].
[1] https://review.openstack.org/#/c/568929/
Change-Id: I422be4bfb6fd6f73f0b24ae9464c5c85689594e1
Being able to set the log files for the apache vhost was done in a
recent commit [1]. However, that commit missed exposing the
configuration in the service-specific manifests. This adds that.
[1] Ic2ffef73f6a12d6225f87d285003c3deb7541126
Change-Id: Iae6a86cb93305cb3307e058cfd31e0fca3b1be8e
Due to Python's GIL [1], we can't use multiple threads for running
OpenStack services without a performance penalty, since the execution
ends up serialized, which defeats the purpose.
Instead, we should use several processes, since this approach doesn't
have this limitation.
[1] https://wiki.python.org/moin/GlobalInterpreterLock
Change-Id: I116df85f259528d547a958850b9c3793d01e2a45
This allows the setting of the error and access file logs, as well as
the access log format. This was done in a similar fashion as one can
configure these ones in the keystone wsgi manifest.
Change-Id: Ic2ffef73f6a12d6225f87d285003c3deb7541126
Add parameter to apache_wsgi to allow overwrite and/or
add additional wsgi process options.
This possibility was added to openstacklib
with Change-Id: I41914ce3361988d5db1695f09d21209772fdf548
Change-Id: I3df74ddc4a258083ccfe4e47180f022742655ba6
This includes a resource that will generically create the vhost for
the specified API.
Co-Authored-By: Thomas Herve <therve@redhat.com>
Depends-On: I9a9246522810de546a7c460ab1133d6bf9081a15
Change-Id: I253f46f5ad943971dd9ea6995591c72a36953bdb