Update to apache2 ~> 8.0 cookbook
This brings us up to date with the latest apache2 cookbook which included a major refactor in 6.0.0 removing all of the definitions and recipe with proper resources. Instead of using the apache2_default_site resource, directly use a template and then enable the config file using the apache2_site resource. This gives us the most flexibility. Additional fixes: - Install mod_wsgi as a package on RHEL since there is no built-in resource for it. - Convert web_app to template and subscribe to restarting apache. - Remove erroneous restart for ironic-api service on packages - Properly set service password and auth URL - Improve tests for ironic.conf - Add missing apache2 depend - Add missing api RHEL ChefSpec tests - Include additional cookbooks in Berksfile required for CI Depends-On: https://review.opendev.org/702772 Depends-On: https://review.opendev.org/701824 Change-Id: I198e2c211630e190bf2a992b3dc6b6c5afaf54e8
This commit is contained in:
parent
00ed47e742
commit
b643c5f620
|
@ -5,9 +5,13 @@ solver :ruby, :required
|
||||||
%w(
|
%w(
|
||||||
client
|
client
|
||||||
-common
|
-common
|
||||||
|
-dns
|
||||||
-identity
|
-identity
|
||||||
-image
|
-image
|
||||||
|
-integration-test
|
||||||
-network
|
-network
|
||||||
|
-ops-database
|
||||||
|
-ops-messaging
|
||||||
).each do |cookbook|
|
).each do |cookbook|
|
||||||
if Dir.exist?("../cookbook-openstack#{cookbook}")
|
if Dir.exist?("../cookbook-openstack#{cookbook}")
|
||||||
cookbook "openstack#{cookbook}", path: "../cookbook-openstack#{cookbook}"
|
cookbook "openstack#{cookbook}", path: "../cookbook-openstack#{cookbook}"
|
||||||
|
|
|
@ -36,6 +36,7 @@ Cookbooks
|
||||||
|
|
||||||
The following cookbooks are dependencies:
|
The following cookbooks are dependencies:
|
||||||
|
|
||||||
|
- 'apache2', '~> 8.0'
|
||||||
- 'openstack-common', '>= 18.0.0'
|
- 'openstack-common', '>= 18.0.0'
|
||||||
- 'openstack-identity', '>= 18.0.0'
|
- 'openstack-identity', '>= 18.0.0'
|
||||||
- 'openstack-image', '>= 18.0.0'
|
- 'openstack-image', '>= 18.0.0'
|
||||||
|
|
|
@ -104,7 +104,7 @@ default['openstack']['bare_metal']['ssl']['ciphers'] = ''
|
||||||
case node['platform_family']
|
case node['platform_family']
|
||||||
when 'fedora', 'rhel'
|
when 'fedora', 'rhel'
|
||||||
default['openstack']['bare_metal']['platform'] = {
|
default['openstack']['bare_metal']['platform'] = {
|
||||||
'ironic_api_packages' => ['openstack-ironic-api'],
|
'ironic_api_packages' => ['openstack-ironic-api', 'mod_wsgi'],
|
||||||
'ironic_api_service' => 'openstack-ironic-api',
|
'ironic_api_service' => 'openstack-ironic-api',
|
||||||
'ironic_conductor_packages' => ['openstack-ironic-conductor', 'ipmitool'],
|
'ironic_conductor_packages' => ['openstack-ironic-conductor', 'ipmitool'],
|
||||||
'ironic_conductor_service' => 'openstack-ironic-conductor',
|
'ironic_conductor_service' => 'openstack-ironic-conductor',
|
||||||
|
|
|
@ -18,6 +18,7 @@ recipe 'openstack-bare-metal::ironic-common', 'Defines the common pieces of repe
|
||||||
supports os
|
supports os
|
||||||
end
|
end
|
||||||
|
|
||||||
|
depends 'apache2', '~> 8.0'
|
||||||
depends 'openstack-common', '>= 18.0.0'
|
depends 'openstack-common', '>= 18.0.0'
|
||||||
depends 'openstack-identity', '>= 18.0.0'
|
depends 'openstack-identity', '>= 18.0.0'
|
||||||
depends 'openstack-image', '>= 18.0.0'
|
depends 'openstack-image', '>= 18.0.0'
|
||||||
|
|
|
@ -20,6 +20,7 @@
|
||||||
|
|
||||||
class ::Chef::Recipe
|
class ::Chef::Recipe
|
||||||
include ::Openstack
|
include ::Openstack
|
||||||
|
include Apache2::Cookbook::Helpers
|
||||||
end
|
end
|
||||||
|
|
||||||
include_recipe 'openstack-bare-metal::ironic-common'
|
include_recipe 'openstack-bare-metal::ironic-common'
|
||||||
|
@ -29,8 +30,6 @@ platform_options = node['openstack']['bare_metal']['platform']
|
||||||
platform_options['ironic_api_packages'].each do |pkg|
|
platform_options['ironic_api_packages'].each do |pkg|
|
||||||
package pkg do
|
package pkg do
|
||||||
action :upgrade
|
action :upgrade
|
||||||
|
|
||||||
notifies :restart, 'service[ironic-api]', :delayed
|
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -43,32 +42,56 @@ execute 'ironic db sync' do
|
||||||
command 'ironic-dbsync --config-file /etc/ironic/ironic.conf upgrade'
|
command 'ironic-dbsync --config-file /etc/ironic/ironic.conf upgrade'
|
||||||
user 'root'
|
user 'root'
|
||||||
group 'root'
|
group 'root'
|
||||||
action :run
|
|
||||||
end
|
end
|
||||||
|
|
||||||
# remove the ironic-wsgi.conf automatically generated from package
|
# remove the ironic-wsgi.conf automatically generated from package
|
||||||
apache_config 'ironic-wsgi' do
|
apache2_conf 'ironic-wsgi' do
|
||||||
enable false
|
action :disable
|
||||||
end
|
end
|
||||||
|
|
||||||
bind_service = node['openstack']['bind_service']['all']['bare_metal']
|
bind_service = node['openstack']['bind_service']['all']['bare_metal']
|
||||||
|
|
||||||
web_app 'ironic-api' do
|
# Finds and appends the listen port to the apache2_install[openstack]
|
||||||
template 'wsgi-template.conf.erb'
|
# resource which is defined in openstack-identity::server-apache.
|
||||||
daemon_process 'ironic-wsgi'
|
apache_resource = find_resource(:apache2_install, 'openstack')
|
||||||
server_host bind_service['host']
|
|
||||||
server_port bind_service['port']
|
if apache_resource
|
||||||
server_entry '/usr/bin/ironic-api-wsgi'
|
apache_resource.listen = [apache_resource.listen, "#{bind_service['host']}:#{bind_service['port']}"].flatten
|
||||||
log_dir node['apache']['log_dir']
|
else
|
||||||
run_dir node['apache']['run_dir']
|
apache2_install 'openstack' do
|
||||||
user node['openstack']['bare_metal']['user']
|
listen "#{bind_service['host']}:#{bind_service['port']}"
|
||||||
group node['openstack']['bare_metal']['group']
|
end
|
||||||
use_ssl node['openstack']['bare_metal']['ssl']['enabled']
|
end
|
||||||
cert_file node['openstack']['bare_metal']['ssl']['certfile']
|
|
||||||
chain_file node['openstack']['bare_metal']['ssl']['chainfile']
|
# service['apache2'] is defined in the apache2_default_install resource
|
||||||
key_file node['openstack']['bare_metal']['ssl']['keyfile']
|
# but other resources are currently unable to reference it. To work
|
||||||
ca_certs_path node['openstack']['bare_metal']['ssl']['ca_certs_path']
|
# around this issue, define the following helper in your cookbook:
|
||||||
cert_required node['openstack']['bare_metal']['ssl']['cert_required']
|
service 'apache2' do
|
||||||
protocol node['openstack']['bare_metal']['ssl']['protocol']
|
extend Apache2::Cookbook::Helpers
|
||||||
ciphers node['openstack']['bare_metal']['ssl']['ciphers']
|
service_name lazy { apache_platform_service_name }
|
||||||
|
supports restart: true, status: true, reload: true
|
||||||
|
action :nothing
|
||||||
|
end
|
||||||
|
|
||||||
|
apache2_module 'wsgi'
|
||||||
|
apache2_module 'ssl' if node['openstack']['bare_metal']['ssl']['enabled']
|
||||||
|
|
||||||
|
template "#{apache_dir}/sites-available/ironic-api.conf" do
|
||||||
|
extend Apache2::Cookbook::Helpers
|
||||||
|
source 'wsgi-template.conf.erb'
|
||||||
|
variables(
|
||||||
|
daemon_process: 'ironic-wsgi',
|
||||||
|
server_host: bind_service['host'],
|
||||||
|
server_port: bind_service['port'],
|
||||||
|
server_entry: '/usr/bin/ironic-api-wsgi',
|
||||||
|
log_dir: default_log_dir,
|
||||||
|
run_dir: lock_dir,
|
||||||
|
user: node['openstack']['bare_metal']['user'],
|
||||||
|
group: node['openstack']['bare_metal']['group']
|
||||||
|
)
|
||||||
|
notifies :restart, 'service[apache2]'
|
||||||
|
end
|
||||||
|
|
||||||
|
apache2_site 'ironic-api' do
|
||||||
|
notifies :restart, 'service[apache2]', :immediately
|
||||||
end
|
end
|
||||||
|
|
|
@ -57,6 +57,16 @@ if node['openstack']['mq']['service_type'] == 'rabbit'
|
||||||
node.default['openstack']['bare_metal']['conf_secrets']['DEFAULT']['transport_url'] = rabbit_transport_url 'bare_metal'
|
node.default['openstack']['bare_metal']['conf_secrets']['DEFAULT']['transport_url'] = rabbit_transport_url 'bare_metal'
|
||||||
end
|
end
|
||||||
|
|
||||||
|
identity_endpoint = internal_endpoint 'identity'
|
||||||
|
node.default['openstack']['bare_metal']['conf_secrets']
|
||||||
|
.[]('keystone_authtoken')['password'] =
|
||||||
|
get_password 'service', 'openstack-bare-metal'
|
||||||
|
auth_url = ::URI.decode identity_endpoint.to_s
|
||||||
|
|
||||||
|
node.default['openstack']['bare_metal']['conf'].tap do |conf|
|
||||||
|
conf['keystone_authtoken']['auth_url'] = auth_url
|
||||||
|
end
|
||||||
|
|
||||||
# merge all config options and secrets to be used in ironic.conf
|
# merge all config options and secrets to be used in ironic.conf
|
||||||
ironic_conf_options = merge_config_options 'bare_metal'
|
ironic_conf_options = merge_config_options 'bare_metal'
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,23 @@
|
||||||
|
# Encoding: utf-8
|
||||||
|
|
||||||
|
require_relative 'spec_helper'
|
||||||
|
|
||||||
|
describe 'openstack-bare-metal::api' do
|
||||||
|
describe 'redhat' do
|
||||||
|
let(:runner) { ChefSpec::SoloRunner.new(REDHAT_OPTS) }
|
||||||
|
let(:node) { runner.node }
|
||||||
|
cached(:chef_run) { runner.converge(described_recipe) }
|
||||||
|
|
||||||
|
include_context 'bare-metal-stubs'
|
||||||
|
|
||||||
|
it do
|
||||||
|
expect(chef_run).to upgrade_package('openstack-ironic-api')
|
||||||
|
expect(chef_run).to upgrade_package('mod_wsgi')
|
||||||
|
end
|
||||||
|
|
||||||
|
it do
|
||||||
|
expect(chef_run).to disable_service('ironic-api').with(service_name: 'openstack-ironic-api')
|
||||||
|
expect(chef_run).to stop_service('ironic-api').with(service_name: 'openstack-ironic-api')
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
131
spec/api_spec.rb
131
spec/api_spec.rb
|
@ -32,16 +32,141 @@ describe 'openstack-bare-metal::api' do
|
||||||
expect(chef_run).to include_recipe('openstack-bare-metal::ironic-common')
|
expect(chef_run).to include_recipe('openstack-bare-metal::ironic-common')
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'upgrades ironic api packages' do
|
it do
|
||||||
expect(chef_run).to upgrade_package('ironic-api')
|
expect(chef_run).to upgrade_package('ironic-api')
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'disables ironic api on boot' do
|
it do
|
||||||
expect(chef_run).to disable_service('ironic-api')
|
expect(chef_run).to disable_service('ironic-api').with(service_name: 'ironic-api')
|
||||||
|
expect(chef_run).to stop_service('ironic-api').with(service_name: 'ironic-api')
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'runs db migrations' do
|
it 'runs db migrations' do
|
||||||
expect(chef_run).to run_execute('ironic db sync').with(user: 'root', group: 'root')
|
expect(chef_run).to run_execute('ironic db sync').with(user: 'root', group: 'root')
|
||||||
end
|
end
|
||||||
|
|
||||||
|
it do
|
||||||
|
expect(chef_run).to install_apache2_install('openstack').with(listen: '127.0.0.1:6385')
|
||||||
|
end
|
||||||
|
|
||||||
|
it do
|
||||||
|
expect(chef_run).to enable_apache2_module('wsgi')
|
||||||
|
end
|
||||||
|
|
||||||
|
it do
|
||||||
|
expect(chef_run).to_not enable_apache2_module('ssl')
|
||||||
|
end
|
||||||
|
|
||||||
|
it do
|
||||||
|
expect(chef_run).to create_template('/etc/apache2/sites-available/ironic-api.conf').with(
|
||||||
|
source: 'wsgi-template.conf.erb',
|
||||||
|
variables: {
|
||||||
|
daemon_process: 'ironic-wsgi',
|
||||||
|
group: 'ironic',
|
||||||
|
log_dir: '/var/log/apache2',
|
||||||
|
run_dir: '/var/lock/apache2',
|
||||||
|
server_entry: '/usr/bin/ironic-api-wsgi',
|
||||||
|
server_host: '127.0.0.1',
|
||||||
|
server_port: '6385',
|
||||||
|
user: 'ironic',
|
||||||
|
}
|
||||||
|
)
|
||||||
|
end
|
||||||
|
[
|
||||||
|
/<VirtualHost 127.0.0.1:6385>$/,
|
||||||
|
/WSGIDaemonProcess ironic-wsgi processes=2 threads=10 user=ironic group=ironic display-name=%{GROUP}$/,
|
||||||
|
/WSGIProcessGroup ironic-wsgi$/,
|
||||||
|
%r{WSGIScriptAlias / /usr/bin/ironic-api-wsgi$},
|
||||||
|
/WSGIApplicationGroup %{GLOBAL}$/,
|
||||||
|
%r{ErrorLog /var/log/apache2/ironic-wsgi_error.log$},
|
||||||
|
%r{CustomLog /var/log/apache2/ironic-wsgi_access.log combined$},
|
||||||
|
%r{WSGISocketPrefix /var/lock/apache2$},
|
||||||
|
].each do |line|
|
||||||
|
it do
|
||||||
|
expect(chef_run).to render_file('/etc/apache2/sites-available/ironic-api.conf').with_content(line)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
[
|
||||||
|
/SSLEngine On$/,
|
||||||
|
/SSLCertificateFile/,
|
||||||
|
/SSLCertificateKeyFile/,
|
||||||
|
/SSLCACertificatePath/,
|
||||||
|
/SSLCertificateChainFile/,
|
||||||
|
/SSLProtocol/,
|
||||||
|
/SSLCipherSuite/,
|
||||||
|
/SSLVerifyClient require/,
|
||||||
|
].each do |line|
|
||||||
|
it do
|
||||||
|
expect(chef_run).to_not render_file('/etc/apache2/sites-available/ironic-api.conf').with_content(line)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'Enable SSL' do
|
||||||
|
cached(:chef_run) do
|
||||||
|
node.override['openstack']['bare_metal']['ssl']['enabled'] = true
|
||||||
|
node.override['openstack']['bare_metal']['ssl']['certfile'] = 'ssl.cert'
|
||||||
|
node.override['openstack']['bare_metal']['ssl']['keyfile'] = 'ssl.key'
|
||||||
|
node.override['openstack']['bare_metal']['ssl']['ca_certs_path'] = 'ca_certs_path'
|
||||||
|
node.override['openstack']['bare_metal']['ssl']['protocol'] = 'ssl_protocol_value'
|
||||||
|
runner.converge(described_recipe)
|
||||||
|
end
|
||||||
|
|
||||||
|
it do
|
||||||
|
expect(chef_run).to enable_apache2_module('ssl')
|
||||||
|
end
|
||||||
|
|
||||||
|
[
|
||||||
|
/SSLEngine On$/,
|
||||||
|
/SSLCertificateFile ssl.cert$/,
|
||||||
|
/SSLCertificateKeyFile ssl.key$/,
|
||||||
|
/SSLCACertificatePath ca_certs_path$/,
|
||||||
|
/SSLProtocol ssl_protocol_value$/,
|
||||||
|
].each do |line|
|
||||||
|
it do
|
||||||
|
expect(chef_run).to render_file('/etc/apache2/sites-available/ironic-api.conf').with_content(line)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
[
|
||||||
|
/SSLCipherSuite/,
|
||||||
|
/SSLCertificateChainFile/,
|
||||||
|
/SSLVerifyClient require/,
|
||||||
|
].each do |line|
|
||||||
|
it do
|
||||||
|
expect(chef_run).to_not render_file('/etc/apache2/sites-available/ironic-api.conf').with_content(line)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
context 'Enable chainfile, ciphers & cert_required' do
|
||||||
|
cached(:chef_run) do
|
||||||
|
node.override['openstack']['bare_metal']['ssl']['enabled'] = true
|
||||||
|
node.override['openstack']['bare_metal']['ssl']['ciphers'] = 'ssl_ciphers_value'
|
||||||
|
node.override['openstack']['bare_metal']['ssl']['chainfile'] = 'chainfile'
|
||||||
|
node.override['openstack']['bare_metal']['ssl']['cert_required'] = true
|
||||||
|
runner.converge(described_recipe)
|
||||||
|
end
|
||||||
|
[
|
||||||
|
/SSLCipherSuite ssl_ciphers_value$/,
|
||||||
|
/SSLCertificateChainFile chainfile$/,
|
||||||
|
/SSLVerifyClient require/,
|
||||||
|
].each do |line|
|
||||||
|
it do
|
||||||
|
expect(chef_run).to render_file('/etc/apache2/sites-available/ironic-api.conf').with_content(line)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
it do
|
||||||
|
expect(chef_run.template('/etc/apache2/sites-available/ironic-api.conf')).to \
|
||||||
|
notify('service[apache2]').to(:restart)
|
||||||
|
end
|
||||||
|
|
||||||
|
it do
|
||||||
|
expect(chef_run).to enable_apache2_site('ironic-api')
|
||||||
|
end
|
||||||
|
|
||||||
|
it do
|
||||||
|
expect(chef_run.apache2_site('ironic-api')).to notify('service[apache2]').to(:restart).immediately
|
||||||
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -64,6 +64,39 @@ describe 'openstack-bare-metal::ironic-common' do
|
||||||
)
|
)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
[
|
||||||
|
/^auth_strategy = keystone$/,
|
||||||
|
/^control_exchange = ironic$/,
|
||||||
|
/^glance_api_version = 2$/,
|
||||||
|
%r{^state_path = /var/lib/ironic$},
|
||||||
|
%r{^transport_url = rabbit://guest:mypass@127.0.0.1:5672$},
|
||||||
|
].each do |line|
|
||||||
|
it do
|
||||||
|
expect(chef_run).to render_config_file(file.name).with_section_content('DEFAULT', line)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
[
|
||||||
|
/^auth_type = password$/,
|
||||||
|
/^region_name = RegionOne$/,
|
||||||
|
/^username = ironic$/,
|
||||||
|
/^project_name = service$/,
|
||||||
|
/^user_domain_name = Default$/,
|
||||||
|
/^project_domain_name = Default$/,
|
||||||
|
%r{^auth_url = http://127.0.0.1:5000/v3$},
|
||||||
|
/^password = ironic_pass$/,
|
||||||
|
].each do |line|
|
||||||
|
it do
|
||||||
|
expect(chef_run).to render_config_file(file.name).with_section_content('keystone_authtoken', line)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
[
|
||||||
|
%r{^lock_path = /var/lib/cinder/tmp$},
|
||||||
|
].each do |line|
|
||||||
|
it do
|
||||||
|
expect(chef_run).to render_config_file(file.name).with_section_content('oslo_concurrency', line)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
context 'template contents' do
|
context 'template contents' do
|
||||||
cached(:chef_run) do
|
cached(:chef_run) do
|
||||||
node.override['openstack']['bare_metal']['syslog']['use'] = true
|
node.override['openstack']['bare_metal']['syslog']['use'] = true
|
||||||
|
|
|
@ -45,6 +45,38 @@ shared_context 'bare-metal-stubs' do
|
||||||
stub_command('/usr/sbin/apache2 -t').and_return(true)
|
stub_command('/usr/sbin/apache2 -t').and_return(true)
|
||||||
allow_any_instance_of(Chef::Recipe).to receive(:memcached_servers).and_return []
|
allow_any_instance_of(Chef::Recipe).to receive(:memcached_servers).and_return []
|
||||||
allow(Chef::Application).to receive(:fatal!)
|
allow(Chef::Application).to receive(:fatal!)
|
||||||
|
# identity stubs
|
||||||
|
allow_any_instance_of(Chef::Recipe).to receive(:secret)
|
||||||
|
.with('secrets', 'credential_key0')
|
||||||
|
.and_return('thisiscredentialkey0')
|
||||||
|
allow_any_instance_of(Chef::Recipe).to receive(:secret)
|
||||||
|
.with('secrets', 'credential_key1')
|
||||||
|
.and_return('thisiscredentialkey1')
|
||||||
|
allow_any_instance_of(Chef::Recipe).to receive(:secret)
|
||||||
|
.with('secrets', 'fernet_key0')
|
||||||
|
.and_return('thisisfernetkey0')
|
||||||
|
allow_any_instance_of(Chef::Recipe).to receive(:secret)
|
||||||
|
.with('secrets', 'fernet_key1')
|
||||||
|
.and_return('thisisfernetkey1')
|
||||||
|
allow_any_instance_of(Chef::Recipe).to receive(:search_for)
|
||||||
|
.with('os-identity').and_return(
|
||||||
|
[{
|
||||||
|
'openstack' => {
|
||||||
|
'identity' => {
|
||||||
|
'admin_tenant_name' => 'admin',
|
||||||
|
'admin_user' => 'admin',
|
||||||
|
},
|
||||||
|
},
|
||||||
|
}]
|
||||||
|
)
|
||||||
|
allow_any_instance_of(Chef::Recipe).to receive(:memcached_servers)
|
||||||
|
.and_return([])
|
||||||
|
allow_any_instance_of(Chef::Recipe).to receive(:rabbit_transport_url)
|
||||||
|
.with('identity')
|
||||||
|
.and_return('rabbit://openstack:mypass@127.0.0.1:5672')
|
||||||
|
allow_any_instance_of(Chef::Recipe).to receive(:get_password)
|
||||||
|
.with('db', 'keystone')
|
||||||
|
.and_return('test-passes')
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -1,11 +1,9 @@
|
||||||
<%= node['openstack']['bare_metal']['custom_template_banner'] %>
|
<%= node['openstack']['bare_metal']['custom_template_banner'] %>
|
||||||
|
|
||||||
Listen <%= @params[:server_host] %>:<%= @params[:server_port] %>
|
<VirtualHost <%= @server_host %>:<%= @server_port %>>
|
||||||
|
WSGIDaemonProcess <%= @daemon_process %> processes=2 threads=10 user=<%= @user %> group=<%= @group %> display-name=%{GROUP}
|
||||||
<VirtualHost <%= @params[:server_host] %>:<%= @params[:server_port] %>>
|
WSGIProcessGroup <%= @daemon_process %>
|
||||||
WSGIDaemonProcess <%= @params[:daemon_process] %> processes=2 threads=10 user=<%= @params[:user] %> group=<%= @params[:group] %> display-name=%{GROUP}
|
WSGIScriptAlias / <%= @server_entry %>
|
||||||
WSGIProcessGroup <%= @params[:daemon_process] %>
|
|
||||||
WSGIScriptAlias / <%= @params[:server_entry] %>
|
|
||||||
WSGIApplicationGroup %{GLOBAL}
|
WSGIApplicationGroup %{GLOBAL}
|
||||||
WSGIPassAuthorization On
|
WSGIPassAuthorization On
|
||||||
|
|
||||||
|
@ -14,29 +12,25 @@ Listen <%= @params[:server_host] %>:<%= @params[:server_port] %>
|
||||||
</Directory>
|
</Directory>
|
||||||
|
|
||||||
ErrorLogFormat "%{cu}t %M"
|
ErrorLogFormat "%{cu}t %M"
|
||||||
ErrorLog <%= @params[:log_dir] %>/<%= @params[:daemon_process] %>_error.log
|
ErrorLog <%= @log_dir %>/<%= @daemon_process %>_error.log
|
||||||
CustomLog <%= @params[:log_dir] %>/<%= @params[:daemon_process] %>_access.log combined
|
CustomLog <%= @log_dir %>/<%= @daemon_process %>_access.log combined
|
||||||
<% if [true, 'true', 'True'].include?(@params[:log_debug]) -%>
|
<% if node['openstack']['bare_metal']['ssl']['enabled'] -%>
|
||||||
LogLevel debug
|
|
||||||
<% end -%>
|
|
||||||
|
|
||||||
<% if @params[:use_ssl] -%>
|
|
||||||
SSLEngine On
|
SSLEngine On
|
||||||
SSLCertificateFile <%= @params[:cert_file] %>
|
SSLCertificateFile <%= node['openstack']['bare_metal']['ssl']['certfile'] %>
|
||||||
SSLCertificateKeyFile <%= @params[:key_file] %>
|
SSLCertificateKeyFile <%= node['openstack']['bare_metal']['ssl']['keyfile'] %>
|
||||||
SSLCACertificatePath <%= @params[:ca_certs_path] %>
|
SSLCACertificatePath <%= node['openstack']['bare_metal']['ssl']['ca_certs_path'] %>
|
||||||
<% if @params[:chain_file] %>
|
<% unless node['openstack']['bare_metal']['ssl']['chainfile'].empty? %>
|
||||||
SSLCertificateChainFile <%= @params[:chain_file] %>
|
SSLCertificateChainFile <%= node['openstack']['bare_metal']['ssl']['chainfile'] %>
|
||||||
<% end -%>
|
<% end -%>
|
||||||
SSLProtocol <%= @params[:protocol] %>
|
SSLProtocol <%= node['openstack']['bare_metal']['ssl']['protocol'] %>
|
||||||
<% if @params[:ciphers] -%>
|
<% unless node['openstack']['bare_metal']['ssl']['ciphers'].empty? -%>
|
||||||
SSLCipherSuite <%= @params[:ciphers] %>
|
SSLCipherSuite <%= node['openstack']['bare_metal']['ssl']['ciphers'] %>
|
||||||
<% end -%>
|
<% end -%>
|
||||||
<% if @params[:cert_required] -%>
|
<% if node['openstack']['bare_metal']['ssl']['cert_required'] -%>
|
||||||
SSLVerifyClient require
|
SSLVerifyClient require
|
||||||
<% end -%>
|
<% end -%>
|
||||||
<% end -%>
|
<% end -%>
|
||||||
</VirtualHost>
|
</VirtualHost>
|
||||||
|
|
||||||
WSGISocketPrefix <%= @params[:run_dir] -%>
|
WSGISocketPrefix <%= @run_dir -%>
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue