openstack
/
cookbook-openstack-dashboard
Code Issues Proposed changes

Use new bind endpoints for dashboard 

Use the new http and https bind endpoints for dashboard that are
defined in the Common cookbook.  These will allow more control and
consistency with the other bind endpoints for openstack services.

Change-Id: I15c0c2c40a88e18ff9805d48c4da83890b7f4da7
Partial-Bug: #1430422
This commit is contained in:
Mark Vanderwiel 2015-03-10 14:32:35 -05:00
parent 1150cad969
commit 40b59919d6
6 changed files with 56 additions and 49 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
README.md
View File

@ -58,14 +58,14 @@ Attributes
* `openstack['dashboard']['ssl_offload']` - Set SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTOCOL', 'https') flag for offloading SSL
* `openstack['dashboard']['plugins']` - Array of plugins to include via INSTALED\_APPS
* `openstack['dashboard']['simple_ip_management']` - Boolean to enable or disable simplified floating IP address management
* `openstack['dashboard']['http_port']` - Port that httpd should listen on (default: 80)
* `openstack['dashboard']['https_port']` - Port that httpd should listen on for using ssl (default: 443)
* `openstack['dashboard']['password_autocomplete']` - Toggle browser autocompletion for login form ('on' or 'off', default: 'off')
* `openstack['dashboard']['ssl_no_verify']` - Disable SSL certificate checks (useful for self-signed certificates)
* `openstack['dashboard']['ssl_cacert']` - The CA certificate to use to verify SSL connections
* `openstack['dashboard']['misc_local_settings']` - Additions to the local_settings conf file
* `openstack['dashboard']['hash_algorithm']` - Hash algorithm to use for hashing PKI tokens
For listen addresses and ports, there are http and https bind endpoints defined in Common.
Identity
--------
* `openstack['dashboard']['identity_api_version']` - Force a specific Identity API version ('2.0' or '3', default: '2.0')
@ -130,11 +130,12 @@ License and Author
| **Author** | Ionut Artarisi (<iartarisi@suse.cz>) |
| **Author** | Eric Zhou (<iartarisi@suse.cz>) |
| **Author** | Jens Rosenboom (<j.rosenboom@x-ion.de>) |
| **Author** | Mark Vanderwiel (<vanderwl@us.ibm.com>) |
| | |
| **Copyright** | Copyright (c) 2012, Rackspace US, Inc. |
| **Copyright** | Copyright (c) 2012-2013, AT&T Services, Inc. |
| **Copyright** | Copyright (c) 2013, Opscode, Inc. |
| **Copyright** | Copyright (c) 2013-2014, IBM, Corp. |
| **Copyright** | Copyright (c) 2013-2015, IBM, Corp. |
| **Copyright** | Copyright (c) 2013-2014, SUSE Linux GmbH. |
| **Copyright** | Copyright (c) 2014, x-ion GmbH. |

3
attributes/default.rb
View File

@ -67,9 +67,6 @@ default['openstack']['dashboard']['apache']['sites-path'] = "#{node['apache']['d
# Set to one of: On | Off | extended
default['openstack']['dashboard']['traceenable'] = node['apache']['traceenable']
default['openstack']['dashboard']['http_port'] = 80
default['openstack']['dashboard']['https_port'] = 443
default['openstack']['dashboard']['secret_key_content'] = nil
default['openstack']['dashboard']['ssl_no_verify'] = 'True'

2
metadata.rb
View File

@ -15,4 +15,4 @@ recipe 'openstack-dashboard::server', 'Sets up the Horizon dashboard a
end
depends 'apache2', '~> 3.0.0'
depends 'openstack-common', '>= 11.0.0'
depends 'openstack-common', '>= 11.1.0'

17
recipes/apache2-server.rb
View File

@ -41,6 +41,17 @@ execute 'set-selinux-permissive' do
only_if "[ ! -e /etc/httpd/conf/httpd.conf ] && [ -e /etc/redhat-release ] && [ $(/sbin/sestatus | grep -c '^Current mode:.*enforcing') -eq 1 ]"
end
http_bind = endpoint 'dashboard-http-bind'
https_bind = endpoint 'dashboard-https-bind'
# This allow the apache2/templates/default/ports.conf.erb to setup the correct listeners.
listen_addresses = [http_bind.host]
listen_addresses += [https_bind.host] if node['openstack']['dashboard']['use_ssl']
listen_ports = [http_bind.port]
listen_ports += [https_bind.port] if node['openstack']['dashboard']['use_ssl']
node.set['apache']['listen_addresses'] = listen_addresses
node.set['apache']['listen_ports'] = listen_ports
include_recipe 'apache2'
include_recipe 'apache2::mod_wsgi'
include_recipe 'apache2::mod_rewrite'
@ -156,7 +167,11 @@ template node['openstack']['dashboard']['apache']['sites-path'] do
variables(
ssl_cert_file: "#{node["openstack"]["dashboard"]["ssl"]["dir"]}/certs/#{node["openstack"]["dashboard"]["ssl"]["cert"]}",
ssl_key_file: "#{node["openstack"]["dashboard"]["ssl"]["dir"]}/private/#{node["openstack"]["dashboard"]["ssl"]["key"]}"
ssl_key_file: "#{node["openstack"]["dashboard"]["ssl"]["dir"]}/private/#{node["openstack"]["dashboard"]["ssl"]["key"]}",
http_bind_address: http_bind.host,
http_bind_port: http_bind.port.to_i,
https_bind_address: https_bind.host,
https_bind_port: https_bind.port.to_i
)
notifies :run, 'execute[restore-selinux-context]', :immediately

46
spec/apache2-server_spec.rb
View File

@ -2,24 +2,18 @@
require_relative 'spec_helper'
shared_examples 'virtualhost port configurator' do |port_attribute_name, port_attribute_value|
let(:virtualhost_directive) { "<VirtualHost \\*:#{port_attribute_value}>" }
let(:virtualhost_directive) { "<VirtualHost 127.0.0.1:#{port_attribute_value}>" }
before do
node.set['openstack']['dashboard'][port_attribute_name] = port_attribute_value
node.set['openstack']['endpoints'][port_attribute_name]['port'] = port_attribute_value
end
it "sets Listen and NameVirtualHost directives when apache's listen_ports does not include #{port_attribute_value}" do
node.set['apache']['listen_ports'] = [port_attribute_value.to_i + 1]
%w(Listen NameVirtualHost).each do |directive|
expect(chef_run).to render_file(file.name).with_content(/^#{directive} \*:#{port_attribute_value}$/)
end
it 'does not set NameVirtualHost directives when apache 2.4' do
expect(chef_run).not_to render_file(file.name).with_content(/^NameVirtualHost/)
end
it "does not set Listen and NameVirtualHost directives when apache's listen_ports include #{port_attribute_value}" do
node.set['apache']['listen_ports'] = [port_attribute_value]
chef_run.converge(described_recipe)
%w(Listen NameVirtualHost).each do |directive|
expect(chef_run).not_to render_file(file.name).with_content(/^#{directive} \*:#{port_attribute_value}$/)
end
it 'sets NameVirtualHost directives when apache 2.2' do
node.set['apache']['version'] = '2.2'
expect(chef_run).to render_file(file.name).with_content(/^NameVirtualHost 127.0.0.1:#{port_attribute_value}$/)
end
it 'sets the VirtualHost directive' do
@ -152,38 +146,38 @@ describe 'openstack-dashboard::apache2-server' do
expect(chef_run).to render_file(file.name).with_content(/^custom_template_banner_value$/)
end
it_should_behave_like 'virtualhost port configurator', 'http_port', 8080
it_should_behave_like 'virtualhost port configurator', 'dashboard-http-bind', 8080
context 'with use_ssl enabled' do
before do
node.set['openstack']['dashboard']['use_ssl'] = true
end
it_should_behave_like 'virtualhost port configurator', 'https_port', 4433
it_should_behave_like 'virtualhost port configurator', 'dashboard-https-bind', 4433
it 'shows rewrite ssl directive' do
expect(chef_run).to render_file(file.name).with_content(rewrite_ssl_directive)
end
context 'rewrite rule' do
it 'shows the default rewrite rule when http_port is 80 and https_port is 443' do
node.set['openstack']['dashboard']['http_port'] = 80
node.set['openstack']['dashboard']['https_port'] = 443
it 'shows the default SSL rewrite rule when http_port is 80 and https_port is 443' do
node.set['openstack']['endpoints']['dashboard-http-bind']['port'] = 80
node.set['openstack']['endpoints']['dashboard-https-bind']['port'] = 443
expect(chef_run).to render_file(file.name).with_content(default_rewrite_rule)
end
it 'shows the parameterized rewrite rule when http_port is different from 80' do
it 'shows the parameterized SSL rewrite rule when http_port is different from 80' do
https_port_value = 443
node.set['openstack']['dashboard']['http_port'] = 81
node.set['openstack']['dashboard']['https_port'] = https_port_value
node.set['openstack']['endpoints']['dashboard-http-bind']['port'] = 81
node.set['openstack']['endpoints']['dashboard-https-bind']['port'] = https_port_value
expect(chef_run).to render_file(file.name)
.with_content(%r(^\s*RewriteRule \^\(\.\*\)\$ https://%\{SERVER_NAME\}:#{https_port_value}%\{REQUEST_URI\} \[L,R\]$))
end
it 'shows the parameterized rewrite rule when https_port is different from 443' do
it 'shows the parameterized SSL rewrite rule when https_port is different from 443' do
https_port_value = 444
node.set['openstack']['dashboard']['http_port'] = 80
node.set['openstack']['dashboard']['https_port'] = https_port_value
node.set['openstack']['endpoints']['dashboard-http-bind']['port'] = 80
node.set['openstack']['endpoints']['dashboard-https-bind']['port'] = https_port_value
expect(chef_run).to render_file(file.name)
.with_content(%r(^\s*RewriteRule \^\(\.\*\)\$ https://%\{SERVER_NAME\}:#{https_port_value}%\{REQUEST_URI\} \[L,R\]$))
end
@ -223,8 +217,8 @@ describe 'openstack-dashboard::apache2-server' do
end
it 'does not show the default rewrite rule' do
node.set['openstack']['dashboard']['http_port'] = 80
node.set['openstack']['dashboard']['https_port'] = 443
node.set['openstack']['endpoints']['dashboard-http-bind']['port'] = 80
node.set['openstack']['endpoints']['dashboard-https-bind']['port'] = 443
expect(chef_run).not_to render_file(file.name).with_content(default_rewrite_rule)
end

30
templates/default/dash-site.erb
View File

@ -1,32 +1,32 @@
<%= node["openstack"]["dashboard"]["custom_template_banner"] %>
<% unless node['apache']['listen_ports'].map(&:to_i).uniq.include?(node['openstack']['dashboard']['http_port'].to_i) %>
Listen *:<%= node['openstack']['dashboard']['http_port'].to_i%>
NameVirtualHost *:<%= node['openstack']['dashboard']['http_port'].to_i%>
<% if node['apache']['version'] != '2.4' -%>
NameVirtualHost <%= @http_bind_address %>:<%= @http_bind_port %>
<% end -%>
<VirtualHost *:<%= node['openstack']['dashboard']['http_port'] %>>
<VirtualHost <%= @http_bind_address %>:<%= @http_bind_port %>>
<% if node["openstack"]["dashboard"]["server_hostname"] -%>
ServerName <%= node["openstack"]["dashboard"]["server_hostname"] %>
<% end -%>
<% if node["openstack"]["dashboard"]["use_ssl"] %>
RewriteEngine On
RewriteCond %{HTTPS} off
<% if node['openstack']['dashboard']['http_port'].to_i != 80 or node['openstack']['dashboard']['https_port'].to_i != 443 %>
RewriteRule ^(.*)$ https://%{SERVER_NAME}:<%= node['openstack']['dashboard']['https_port'] %>%{REQUEST_URI} [L,R]
<% else -%>
<% if @http_bind_port != 80 or @https_bind_port != 443 %>
RewriteRule ^(.*)$ https://%{SERVER_NAME}:<%= @https_bind_port %>%{REQUEST_URI} [L,R]
<% else -%>
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R]
<% end -%>
<% end -%>
TraceEnable <%= node['openstack']['dashboard']['traceenable'] %>
</VirtualHost>
<% unless node['apache']['listen_ports'].map(&:to_i).uniq.include?(node['openstack']['dashboard']['https_port'].to_i) %>
Listen *:<%= node['openstack']['dashboard']['https_port'].to_i%>
NameVirtualHost *:<%= node['openstack']['dashboard']['https_port'].to_i%>
<% end -%>
<VirtualHost *:<%= node['openstack']['dashboard']['https_port'] %>>
<% if node["openstack"]["dashboard"]["server_hostname"] -%>
<% if node['apache']['version'] != '2.4' -%>
NameVirtualHost <%= @https_bind_address %>:<%= @https_bind_port %>
<% end -%>
<VirtualHost <%= @https_bind_address %>:<%= @https_bind_port %>>
<% if node["openstack"]["dashboard"]["server_hostname"] -%>
ServerName <%= node["openstack"]["dashboard"]["server_hostname"] %>
<% end -%>
<% end -%>
<% end %>
ServerAdmin <%= node["apache"]["contact"] %>
WSGIScriptAlias <%= node["openstack"]["dashboard"]["webroot"] %> <%= node["openstack"]["dashboard"]["wsgi_path"] %>