ssl endpoint support

hooks/ceilometer_contexts.py

@@ -9,7 +9,8 @@ from charmhelpers.core.hookenv import (
 
 from charmhelpers.contrib.openstack.context import (
     OSContextGenerator,
-    context_complete
+    context_complete,
+    ApacheSSLContext as SSLContext,
 )
 
 CEILOMETER_DB = 'ceilometer'
@@ -72,3 +73,10 @@ class CeilometerServiceContext(OSContextGenerator):
                 if context_complete(conf):
                     return conf
         return {}
+
+
+class ApacheSSLContext(SSLContext):
+
+    service_namespace = "ceilometer"
+
+    external_ports = [CEILOMETER_PORT]

hooks/ceilometer_utils.py

@@ -1,11 +1,16 @@
+import os
+
+from collections import OrderedDict
+
 from charmhelpers.contrib.openstack import (
     templating,
     context,
 )
 from ceilometer_contexts import (
+    ApacheSSLContext,
     LoggingConfigContext,
     MongoDBContext,
-    CeilometerContext
+    CeilometerContext,
 )
 from charmhelpers.contrib.openstack.utils import (
     get_os_codename_package,
@@ -17,6 +22,9 @@ from charmhelpers.fetch import apt_update, apt_install
 
 CEILOMETER_CONF_DIR = "/etc/ceilometer"
 CEILOMETER_CONF = "%s/ceilometer.conf" % CEILOMETER_CONF_DIR
+HTTPS_APACHE_CONF = "/etc/apache2/sites-available/openstack_https_frontend"
+HTTPS_APACHE_24_CONF = "/etc/apache2/sites-available/" \
+    "openstack_https_frontend.conf"
 
 CEILOMETER_SERVICES = [
     'ceilometer-agent-central',
@@ -28,11 +36,13 @@ CEILOMETER_DB = "ceilometer"
 CEILOMETER_SERVICE = "ceilometer"
 
 CEILOMETER_PACKAGES = [
+    'apache2',
     'ceilometer-agent-central',
     'ceilometer-collector',
     'ceilometer-api'
 ]
 
+
 CEILOMETER_ROLE = "ResellerAdmin"
 
 #NOVA_CONF = "/etc/nova/nova.conf"
@@ -42,8 +52,9 @@ CEILOMETER_ROLE = "ResellerAdmin"
 #    ('DEFAULT', 'notification_driver', 'ceilometer.compute.nova_notifier')
 #]
 
-CONFIG_FILES = {
-    CEILOMETER_CONF: {
+
+CONFIG_FILES = OrderedDict([
+    (CEILOMETER_CONF, {
         'hook_contexts': [context.IdentityServiceContext(),
                           context.AMQPContext(ssl_dir=CEILOMETER_CONF_DIR),
                           LoggingConfigContext(),
@@ -51,8 +62,16 @@ CONFIG_FILES = {
                           CeilometerContext(),
                           context.SyslogContext()],
         'services': CEILOMETER_SERVICES
-    }
-}
+    }),
+    (HTTPS_APACHE_CONF, {
+        'hook_contexts': [ApacheSSLContext()],
+        'services': ['apache2'],
+    }),
+    (HTTPS_APACHE_24_CONF, {
+        'hook_contexts': [ApacheSSLContext()],
+        'services': ['apache2'],
+    })
+])
 
 TEMPLATES = 'templates'
 
@@ -74,6 +93,12 @@ def register_configs():
     for conf in CONFIG_FILES:
         configs.register(conf, CONFIG_FILES[conf]['hook_contexts'])
 
+    if os.path.exists('/etc/apache2/conf-available'):
+        configs.register(HTTPS_APACHE_24_CONF,
+                         CONFIG_FILES[HTTPS_APACHE_24_CONF]['hook_contexts'])
+    else:
+        configs.register(HTTPS_APACHE_CONF,
+                         CONFIG_FILES[HTTPS_APACHE_CONF]['hook_contexts'])
     return configs
 
 

revision

@@ -1 +1 @@
-44
+46

templates/openstack_https_frontend

@@ -0,0 +1,23 @@
+{% if endpoints %}
+{% for ext, int in endpoints %}
+Listen {{ ext }}
+NameVirtualHost *:{{ ext }}
+<VirtualHost *:{{ ext }}>
+    ServerName {{ private_address }}
+    SSLEngine on
+    SSLCertificateFile /etc/apache2/ssl/{{ namespace }}/cert
+    SSLCertificateKeyFile /etc/apache2/ssl/{{ namespace }}/key
+    ProxyPass / http://localhost:{{ int }}/
+    ProxyPassReverse / http://localhost:{{ int }}/
+    ProxyPreserveHost on
+</VirtualHost>
+<Proxy *>
+    Order deny,allow
+    Allow from all
+</Proxy>
+<Location />
+    Order allow,deny
+    Allow from all
+</Location>
+{% endfor %}
+{% endif %}

templates/openstack_https_frontend.conf

@@ -0,0 +1 @@
+openstack_https_frontend