Horizon SSL handshake errors with apache

Added in "WSGIApplicationGroup %{GLOBAL}" to fix an issue
where horizon will have ssl handshake issues with various
SSL openstack endpoints.

Change-Id: Idd10380f1b6e6ef0ee4a4cb84317aa12131b77c4
Closes-Bug: #1700176
Closes-Bug: #1708655
(cherry picked from commit 588b9f83c7)
This commit is contained in:
Matthew J. Black 2017-06-23 17:14:51 -04:00 committed by Radomir Dopieralski
parent e3acd97e9b
commit 155e416d72
4 changed files with 58 additions and 48 deletions

View File

@ -3,9 +3,10 @@
class horizon::params {
include ::openstacklib::defaults
$logdir = '/var/log/horizon'
$django_wsgi = '/usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi'
$manage_py = '/usr/share/openstack-dashboard/manage.py'
$logdir = '/var/log/horizon'
$django_wsgi = '/usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi'
$manage_py = '/usr/share/openstack-dashboard/manage.py'
$wsgi_application_group = '%{GLOBAL}'
case $::osfamily {
'RedHat': {

View File

@ -225,9 +225,10 @@ class horizon::wsgi::apache (
user => $unix_user,
group => $unix_group,
},
wsgi_import_script => $::horizon::params::django_wsgi,
wsgi_process_group => $::horizon::params::wsgi_group,
redirectmatch_status => $redirect_type,
wsgi_import_script => $::horizon::params::django_wsgi,
wsgi_process_group => $::horizon::params::wsgi_group,
wsgi_application_group => $::horizon::params::wsgi_application_group,
redirectmatch_status => $redirect_type,
}
# Only add the 'ip' element to the $default_vhost_conf hash if it was explicitly

View File

@ -0,0 +1,4 @@
---
issues:
- an issue with horizon having ssl handshake issues under apache with ssl endpoints.
Fix adds in WSGIApplicationGroup apache directive.

View File

@ -31,20 +31,21 @@ describe 'horizon::wsgi::apache' do
is_expected.to contain_file(platforms_params[:httpd_config_file])
is_expected.to contain_package('horizon').with_ensure('present')
is_expected.to contain_apache__vhost('horizon_vhost').with(
'servername' => 'some.host.tld',
'access_log_file' => 'horizon_access.log',
'error_log_file' => 'horizon_error.log',
'priority' => '15',
'serveraliases' => ['*'],
'docroot' => '/var/www/',
'ssl' => 'false',
'port' => '80',
'redirectmatch_status' => 'permanent',
'redirectmatch_regexp' => '^/$',
'redirectmatch_dest' => platforms_params[:root_url],
'wsgi_script_aliases' => { platforms_params[:root_url] => '/usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi' },
'wsgi_process_group' => platforms_params[:wsgi_group],
'wsgi_daemon_process' => platforms_params[:wsgi_group],
'servername' => 'some.host.tld',
'access_log_file' => 'horizon_access.log',
'error_log_file' => 'horizon_error.log',
'priority' => '15',
'serveraliases' => ['*'],
'docroot' => '/var/www/',
'ssl' => 'false',
'port' => '80',
'redirectmatch_status' => 'permanent',
'redirectmatch_regexp' => '^/$',
'redirectmatch_dest' => platforms_params[:root_url],
'wsgi_script_aliases' => { platforms_params[:root_url] => '/usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi' },
'wsgi_process_group' => platforms_params[:wsgi_group],
'wsgi_daemon_process' => platforms_params[:wsgi_group],
'wsgi_application_group' => '%{GLOBAL}',
'wsgi_daemon_process_options' => { 'processes' => params[:wsgi_processes], 'threads' => params[:wsgi_threads], 'user' => platforms_params[:unix_user], 'group' => platforms_params[:unix_group] }
)
end
@ -67,20 +68,21 @@ describe 'horizon::wsgi::apache' do
is_expected.to contain_file(platforms_params[:httpd_config_file])
is_expected.to contain_package('horizon').with_ensure('present')
is_expected.to contain_apache__vhost('horizon_vhost').with(
'servername' => 'some.host.tld',
'access_log_file' => 'horizon_access.log',
'error_log_file' => 'horizon_error.log',
'priority' => params[:priority],
'serveraliases' => ['*'],
'docroot' => '/var/www/',
'ssl' => 'false',
'port' => '80',
'redirectmatch_status' => 'temp',
'redirectmatch_regexp' => '^/$',
'redirectmatch_dest' => platforms_params[:root_url],
'wsgi_script_aliases' => { platforms_params[:root_url] => '/usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi' },
'wsgi_process_group' => platforms_params[:wsgi_group],
'wsgi_daemon_process' => platforms_params[:wsgi_group],
'servername' => 'some.host.tld',
'access_log_file' => 'horizon_access.log',
'error_log_file' => 'horizon_error.log',
'priority' => params[:priority],
'serveraliases' => ['*'],
'docroot' => '/var/www/',
'ssl' => 'false',
'port' => '80',
'redirectmatch_status' => 'temp',
'redirectmatch_regexp' => '^/$',
'redirectmatch_dest' => platforms_params[:root_url],
'wsgi_script_aliases' => { platforms_params[:root_url] => '/usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi' },
'wsgi_process_group' => platforms_params[:wsgi_group],
'wsgi_daemon_process' => platforms_params[:wsgi_group],
'wsgi_application_group' => '%{GLOBAL}',
'wsgi_daemon_process_options' => { 'processes' => params[:wsgi_processes], 'threads' => params[:wsgi_threads], 'user' => platforms_params[:unix_user], 'group' => platforms_params[:unix_group] }
)
end
@ -118,24 +120,26 @@ describe 'horizon::wsgi::apache' do
'redirectmatch_dest' => platforms_params[:root_url],
'wsgi_process_group' => 'horizon-ssl',
'wsgi_daemon_process' => 'horizon-ssl',
'wsgi_application_group' => '%{GLOBAL}',
'wsgi_script_aliases' => { platforms_params[:root_url] => '/usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi' },
)}
it { is_expected.to contain_apache__vhost('horizon_vhost').with(
'servername' => 'some.host.tld',
'access_log_file' => 'horizon_access.log',
'error_log_file' => 'horizon_error.log',
'priority' => '15',
'serveraliases' => ['*'],
'docroot' => '/var/www/',
'ssl' => 'false',
'port' => '80',
'redirectmatch_status' => 'permanent',
'redirectmatch_regexp' => '(.*)',
'redirectmatch_dest' => 'https://some.host.tld',
'wsgi_process_group' => platforms_params[:wsgi_group],
'wsgi_daemon_process' => platforms_params[:wsgi_group],
'wsgi_script_aliases' => { platforms_params[:root_url] => '/usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi' },
'servername' => 'some.host.tld',
'access_log_file' => 'horizon_access.log',
'error_log_file' => 'horizon_error.log',
'priority' => '15',
'serveraliases' => ['*'],
'docroot' => '/var/www/',
'ssl' => 'false',
'port' => '80',
'redirectmatch_status' => 'permanent',
'redirectmatch_regexp' => '(.*)',
'redirectmatch_dest' => 'https://some.host.tld',
'wsgi_process_group' => platforms_params[:wsgi_group],
'wsgi_daemon_process' => platforms_params[:wsgi_group],
'wsgi_application_group' => '%{GLOBAL}',
'wsgi_script_aliases' => { platforms_params[:root_url] => '/usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi' },
)}
end