Update to apache2 ~> 8.0 cookbook
This brings us up to date with the latest apache2 cookbook which included a major refactor in 6.0.0 removing all of the definitions and recipe with proper resources. Instead of using the apache2_default_site resource, directly use a template and then enable the config file using the apache2_site resource. This gives us the most flexibility. Additional fixes: - Remove or replace references to node['apache'] attributes - Install mod_wsgi as a package on RHEL since there is no built-in resource for it. - Don't set SELinux to permissive on RHEL (I tested this works properly with it set to enforcing). - Remove hack for restarting apache. - Convert web_app to template and subscribe to restarting apache. - Remove resources to restore SELinux contexts since this taken care of by Chef now automatically. - Include additional cookbooks in Berksfile required for CI Depends-On: https://review.opendev.org/702772 Depends-On: https://review.opendev.org/701824 Change-Id: Ib82595c27f03a7b456d5d5bfecc466f5ac199a5c
This commit is contained in:
parent
71b91f5553
commit
4e4bed1eed
14
Berksfile
14
Berksfile
|
@ -1,6 +1,18 @@
|
||||||
source 'https://supermarket.chef.io'
|
source 'https://supermarket.chef.io'
|
||||||
|
|
||||||
%w(client -common -identity).each do |cookbook|
|
solver :ruby, :required
|
||||||
|
|
||||||
|
%w(
|
||||||
|
client
|
||||||
|
-common
|
||||||
|
-dns
|
||||||
|
-identity
|
||||||
|
-image
|
||||||
|
-integration-test
|
||||||
|
-network
|
||||||
|
-ops-database
|
||||||
|
-ops-messaging
|
||||||
|
).each do |cookbook|
|
||||||
if Dir.exist?("../cookbook-openstack#{cookbook}")
|
if Dir.exist?("../cookbook-openstack#{cookbook}")
|
||||||
cookbook "openstack#{cookbook}", path: "../cookbook-openstack#{cookbook}"
|
cookbook "openstack#{cookbook}", path: "../cookbook-openstack#{cookbook}"
|
||||||
else
|
else
|
||||||
|
|
|
@ -36,7 +36,7 @@ Cookbooks
|
||||||
|
|
||||||
The following cookbooks are dependencies:
|
The following cookbooks are dependencies:
|
||||||
|
|
||||||
- 'apache2', '~> 5.0.1'
|
- 'apache2', '~> 8.0'
|
||||||
- 'openstack-common', '>= 18.0.0'
|
- 'openstack-common', '>= 18.0.0'
|
||||||
- 'openstack-identity', '>= 18.0.0'
|
- 'openstack-identity', '>= 18.0.0'
|
||||||
- 'poise-python'
|
- 'poise-python'
|
||||||
|
|
|
@ -48,6 +48,7 @@ default['openstack']['dashboard']['keystone_default_role'] = 'member'
|
||||||
|
|
||||||
default['openstack']['dashboard']['server_hostname'] = nil
|
default['openstack']['dashboard']['server_hostname'] = nil
|
||||||
default['openstack']['dashboard']['server_aliases'] = []
|
default['openstack']['dashboard']['server_aliases'] = []
|
||||||
|
default['openstack']['dashboard']['server_admin'] = 'root@localhost'
|
||||||
default['openstack']['dashboard']['use_ssl'] = true
|
default['openstack']['dashboard']['use_ssl'] = true
|
||||||
# When using a remote certificate and key, the names of the actual installed certificate
|
# When using a remote certificate and key, the names of the actual installed certificate
|
||||||
# and key in the file system are determined by the following two attributes.
|
# and key in the file system are determined by the following two attributes.
|
||||||
|
@ -70,15 +71,13 @@ default['openstack']['dashboard']['ssl']['use_data_bag'] = true
|
||||||
# allows everything
|
# allows everything
|
||||||
default['openstack']['dashboard']['allowed_hosts'] = ['*']
|
default['openstack']['dashboard']['allowed_hosts'] = ['*']
|
||||||
|
|
||||||
default['openstack']['dashboard']['apache']['sites-path'] = "#{node['apache']['dir']}/openstack-dashboard.conf"
|
|
||||||
|
|
||||||
# Allow TRACE method
|
# Allow TRACE method
|
||||||
#
|
#
|
||||||
# Set to "extended" to also reflect the request body (only for testing and
|
# Set to "extended" to also reflect the request body (only for testing and
|
||||||
# diagnostic purposes).
|
# diagnostic purposes).
|
||||||
#
|
#
|
||||||
# Set to one of: On | Off | extended
|
# Set to one of: On | Off | extended
|
||||||
default['openstack']['dashboard']['traceenable'] = node['apache']['traceenable']
|
default['openstack']['dashboard']['traceenable'] = 'Off'
|
||||||
|
|
||||||
default['openstack']['dashboard']['secret_key_content'] = nil
|
default['openstack']['dashboard']['secret_key_content'] = nil
|
||||||
|
|
||||||
|
@ -110,11 +109,10 @@ when 'rhel'
|
||||||
default['openstack']['dashboard']['logout_url'] = "#{node['openstack']['dashboard']['webroot']}auth/logout/"
|
default['openstack']['dashboard']['logout_url'] = "#{node['openstack']['dashboard']['webroot']}auth/logout/"
|
||||||
default['openstack']['dashboard']['login_redirect_url'] = node['openstack']['dashboard']['webroot']
|
default['openstack']['dashboard']['login_redirect_url'] = node['openstack']['dashboard']['webroot']
|
||||||
default['openstack']['dashboard']['platform'] = {
|
default['openstack']['dashboard']['platform'] = {
|
||||||
'horizon_packages' => ['openstack-dashboard'],
|
'horizon_packages' => ['openstack-dashboard', 'mod_wsgi'],
|
||||||
'memcache_python_packages' => ['python-memcached'],
|
'memcache_python_packages' => ['python-memcached'],
|
||||||
'package_overrides' => '',
|
'package_overrides' => '',
|
||||||
}
|
}
|
||||||
default['openstack']['dashboard']['apache']['sites-path'] = "#{node['apache']['dir']}/sites-available/openstack-dashboard.conf"
|
|
||||||
when 'debian'
|
when 'debian'
|
||||||
default['openstack']['dashboard']['key_group'] = 'ssl-cert'
|
default['openstack']['dashboard']['key_group'] = 'ssl-cert'
|
||||||
default['openstack']['dashboard']['horizon_user'] = 'horizon'
|
default['openstack']['dashboard']['horizon_user'] = 'horizon'
|
||||||
|
@ -133,8 +131,8 @@ when 'debian'
|
||||||
'memcache_python_packages' => ['python3-memcache'],
|
'memcache_python_packages' => ['python3-memcache'],
|
||||||
'package_overrides' => '',
|
'package_overrides' => '',
|
||||||
}
|
}
|
||||||
default['openstack']['dashboard']['platform']['horizon_packages'] = ['node-less', 'libapache2-mod-wsgi-py3', 'python3-django-horizon', 'openstack-dashboard']
|
default['openstack']['dashboard']['platform']['horizon_packages'] =
|
||||||
default['openstack']['dashboard']['apache']['sites-path'] = "#{node['apache']['dir']}/sites-available/openstack-dashboard.conf"
|
['node-less', 'libapache2-mod-wsgi-py3', 'python3-django-horizon', 'openstack-dashboard']
|
||||||
else
|
else
|
||||||
default['openstack']['dashboard']['key_group'] = 'root'
|
default['openstack']['dashboard']['key_group'] = 'root'
|
||||||
end
|
end
|
||||||
|
|
|
@ -14,9 +14,9 @@ recipe 'neutron-lbaas-dashboard', 'Installs the python neutron-lbaas-dashboard p
|
||||||
supports os
|
supports os
|
||||||
end
|
end
|
||||||
|
|
||||||
|
depends 'apache2', '~> 8.0'
|
||||||
depends 'openstack-common', '>= 18.0.0'
|
depends 'openstack-common', '>= 18.0.0'
|
||||||
depends 'openstack-identity', '>= 18.0.0'
|
depends 'openstack-identity', '>= 18.0.0'
|
||||||
depends 'apache2', '5.0.1'
|
|
||||||
depends 'poise-python'
|
depends 'poise-python'
|
||||||
|
|
||||||
issues_url 'https://launchpad.net/openstack-chef'
|
issues_url 'https://launchpad.net/openstack-chef'
|
||||||
|
|
|
@ -26,19 +26,7 @@ require 'uri'
|
||||||
|
|
||||||
class ::Chef::Recipe
|
class ::Chef::Recipe
|
||||||
include ::Openstack
|
include ::Openstack
|
||||||
end
|
include Apache2::Cookbook::Helpers
|
||||||
|
|
||||||
#
|
|
||||||
# Workaround to install apache2 on a fedora machine with selinux set to enforcing
|
|
||||||
# TODO(breu): this should move to a subscription of the template from the apache2 recipe
|
|
||||||
# and it should simply be a restorecon on the configuration file(s) and not
|
|
||||||
# change the selinux mode
|
|
||||||
#
|
|
||||||
execute 'set-selinux-permissive' do
|
|
||||||
command '/sbin/setenforce Permissive'
|
|
||||||
action :run
|
|
||||||
|
|
||||||
only_if "[ ! -e /etc/httpd/conf/httpd.conf ] && [ -e /etc/redhat-release ] && [ $(/sbin/sestatus | grep -c '^Current mode:.*enforcing') -eq 1 ]"
|
|
||||||
end
|
end
|
||||||
|
|
||||||
http_bind = node['openstack']['bind_service']['dashboard_http']
|
http_bind = node['openstack']['bind_service']['dashboard_http']
|
||||||
|
@ -46,37 +34,43 @@ http_bind_address = bind_address http_bind
|
||||||
https_bind = node['openstack']['bind_service']['dashboard_https']
|
https_bind = node['openstack']['bind_service']['dashboard_https']
|
||||||
https_bind_address = bind_address https_bind
|
https_bind_address = bind_address https_bind
|
||||||
|
|
||||||
# This allows the apache2/templates/default/ports.conf.erb to setup the correct listeners.
|
# service['apache2'] is defined in the apache2_default_install resource
|
||||||
# Need to convert from Chef::Node::ImmutableArray in order to be able to modify
|
# but other resources are currently unable to reference it. To work
|
||||||
apache2_listen = Array(node['apache']['listen'])
|
# around this issue, define the following helper in your cookbook:
|
||||||
# Remove the default apache2 cookbook port, as that is also the default for horizon, but with
|
service 'apache2' do
|
||||||
# a different address syntax. *:80 vs 0.0.0.0:80
|
extend Apache2::Cookbook::Helpers
|
||||||
apache2_listen -= ['*:80']
|
service_name lazy { apache_platform_service_name }
|
||||||
|
supports restart: true, status: true, reload: true
|
||||||
apache2_listen += ["#{http_bind['host']}:#{http_bind['port']}"]
|
action :nothing
|
||||||
if node['openstack']['dashboard']['use_ssl']
|
|
||||||
apache2_listen += ["#{https_bind['host']}:#{https_bind['port']}"]
|
|
||||||
end
|
end
|
||||||
|
|
||||||
node.normal['apache']['listen'] = apache2_listen.uniq
|
# Finds and appends the listen port to the apache2_install[openstack]
|
||||||
|
# resource which is defined in openstack-identity::server-apache.
|
||||||
|
apache_resource = find_resource(:apache2_install, 'openstack')
|
||||||
|
|
||||||
include_recipe 'apache2'
|
apache_port =
|
||||||
include_recipe 'apache2::mod_headers'
|
if node['openstack']['dashboard']['use_ssl']
|
||||||
# TODO(jh): recipe is hardcoded to include py2 mod-wsgi package
|
["#{http_bind_address}:#{http_bind['port']}", "#{https_bind_address}:#{https_bind['port']}"]
|
||||||
case node['platform_family']
|
else
|
||||||
when 'debian'
|
"#{http_bind_address}:#{http_bind['port']}"
|
||||||
package 'libapache2-mod-wsgi-py3'
|
end
|
||||||
apache_module 'wsgi'
|
|
||||||
when 'rhel'
|
if apache_resource
|
||||||
include_recipe 'apache2::mod_wsgi'
|
apache_resource.listen = [apache_resource.listen, apache_port].flatten
|
||||||
|
else
|
||||||
|
apache2_install 'openstack' do
|
||||||
|
listen apache_port
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
include_recipe 'apache2::mod_rewrite'
|
apache2_module 'wsgi'
|
||||||
include_recipe 'apache2::mod_ssl' if node['openstack']['dashboard']['use_ssl']
|
apache2_module 'rewrite'
|
||||||
|
apache2_module 'headers'
|
||||||
|
apache2_module 'ssl' if node['openstack']['dashboard']['use_ssl']
|
||||||
|
|
||||||
# delete the openstack-dashboard.conf before reload apache2 service on redhat and centos
|
# delete the openstack-dashboard.conf before reload apache2 service on redhat and centos
|
||||||
# since this file is not valid on those platforms for the apache2 service.
|
# since this file is not valid on those platforms for the apache2 service.
|
||||||
file "#{node['apache']['dir']}/conf.d/openstack-dashboard.conf" do
|
file "#{apache_dir}/conf.d/openstack-dashboard.conf" do
|
||||||
action :delete
|
action :delete
|
||||||
backup false
|
backup false
|
||||||
only_if { platform_family?('rhel') } # :pragma-foodcritic: ~FC024 - won't fix this
|
only_if { platform_family?('rhel') } # :pragma-foodcritic: ~FC024 - won't fix this
|
||||||
|
@ -107,7 +101,6 @@ if node['openstack']['dashboard']['use_ssl'] &&
|
||||||
mode cert_mode
|
mode cert_mode
|
||||||
owner cert_owner
|
owner cert_owner
|
||||||
group cert_group
|
group cert_group
|
||||||
notifies :run, 'execute[restore-selinux-context]', :immediately
|
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -121,7 +114,6 @@ if node['openstack']['dashboard']['use_ssl'] &&
|
||||||
mode cert_mode
|
mode cert_mode
|
||||||
owner cert_owner
|
owner cert_owner
|
||||||
group cert_group
|
group cert_group
|
||||||
notifies :run, 'execute[restore-selinux-context]', :immediately
|
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -134,7 +126,6 @@ if node['openstack']['dashboard']['use_ssl'] &&
|
||||||
mode key_mode
|
mode key_mode
|
||||||
owner key_owner
|
owner key_owner
|
||||||
group key_group
|
group key_group
|
||||||
notifies :run, 'execute[restore-selinux-context]', :immediately
|
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -160,13 +151,12 @@ directory "#{node['openstack']['dashboard']['dash_path']}/.blackhole" do
|
||||||
action :create
|
action :create
|
||||||
end
|
end
|
||||||
|
|
||||||
template node['openstack']['dashboard']['apache']['sites-path'] do
|
template "#{apache_dir}/sites-available/openstack-dashboard.conf" do
|
||||||
|
extend Apache2::Cookbook::Helpers
|
||||||
source 'dash-site.erb'
|
source 'dash-site.erb'
|
||||||
owner 'root'
|
|
||||||
group node['apache']['root_group']
|
|
||||||
mode 0o0644
|
|
||||||
|
|
||||||
variables(
|
variables(
|
||||||
|
apache_admin: node['openstack']['dashboard']['server_admin'],
|
||||||
|
log_dir: default_log_dir,
|
||||||
ssl_cert_file: ssl_cert_file.to_s,
|
ssl_cert_file: ssl_cert_file.to_s,
|
||||||
ssl_key_file: ssl_key_file.to_s,
|
ssl_key_file: ssl_key_file.to_s,
|
||||||
ssl_chain_file: ssl_chain_file.to_s,
|
ssl_chain_file: ssl_chain_file.to_s,
|
||||||
|
@ -175,34 +165,20 @@ template node['openstack']['dashboard']['apache']['sites-path'] do
|
||||||
https_bind_address: https_bind_address,
|
https_bind_address: https_bind_address,
|
||||||
https_bind_port: https_bind['port'].to_i
|
https_bind_port: https_bind['port'].to_i
|
||||||
)
|
)
|
||||||
|
|
||||||
notifies :run, 'execute[restore-selinux-context]', :immediately
|
|
||||||
notifies :reload, 'service[apache2]', :immediately
|
notifies :reload, 'service[apache2]', :immediately
|
||||||
end
|
end
|
||||||
|
|
||||||
# The `apache_site` provided by the apache2 cookbook
|
|
||||||
# is not an LWRP. Guards do not apply to definitions.
|
|
||||||
# http://tickets.opscode.com/browse/CHEF-778
|
|
||||||
case node['platform_family']
|
case node['platform_family']
|
||||||
when 'debian'
|
when 'debian'
|
||||||
apache_site '000-default' do
|
apache2_site '000-default' do
|
||||||
enable false
|
action :disable
|
||||||
end
|
end
|
||||||
when 'rhel'
|
when 'rhel'
|
||||||
apache_site 'default' do
|
apache2_site 'default' do
|
||||||
enable false
|
action :disable
|
||||||
notifies :run, 'execute[restore-selinux-context]', :immediately
|
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
apache_site 'openstack-dashboard' do
|
apache2_site 'openstack-dashboard' do
|
||||||
enable true
|
|
||||||
notifies :run, 'execute[restore-selinux-context]', :immediately
|
|
||||||
notifies :reload, 'service[apache2]', :immediately
|
notifies :reload, 'service[apache2]', :immediately
|
||||||
end
|
end
|
||||||
|
|
||||||
execute 'restore-selinux-context' do
|
|
||||||
command 'restorecon -Rv /etc/httpd /etc/pki; chcon -R -t httpd_sys_content_t /usr/share/openstack-dashboard /var/www/html || :'
|
|
||||||
action :nothing
|
|
||||||
only_if { platform_family?('fedora') }
|
|
||||||
end
|
|
||||||
|
|
|
@ -25,7 +25,6 @@ when 'rhel'
|
||||||
|
|
||||||
python_package 'neutron-lbaas-dashboard' do
|
python_package 'neutron-lbaas-dashboard' do
|
||||||
version node['openstack']['dashboard']['lbaas']['version']
|
version node['openstack']['dashboard']['lbaas']['version']
|
||||||
notifies :run, 'execute[restore-selinux-context]', :immediately
|
|
||||||
notifies :run, 'execute[openstack-dashboard collectstatic]'
|
notifies :run, 'execute[openstack-dashboard collectstatic]'
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -11,12 +11,6 @@ describe 'openstack-dashboard::apache2-server' do
|
||||||
include_context 'dashboard_stubs'
|
include_context 'dashboard_stubs'
|
||||||
include_context 'redhat_stubs'
|
include_context 'redhat_stubs'
|
||||||
|
|
||||||
it 'executes set-selinux-permissive' do
|
|
||||||
cmd = '/sbin/setenforce Permissive'
|
|
||||||
|
|
||||||
expect(chef_run).to run_execute(cmd)
|
|
||||||
end
|
|
||||||
|
|
||||||
describe 'certs' do
|
describe 'certs' do
|
||||||
describe 'get secret' do
|
describe 'get secret' do
|
||||||
let(:pem) { chef_run.file('/etc/pki/tls/certs/horizon.pem') }
|
let(:pem) { chef_run.file('/etc/pki/tls/certs/horizon.pem') }
|
||||||
|
@ -33,8 +27,6 @@ describe 'openstack-dashboard::apache2-server' do
|
||||||
group: 'root',
|
group: 'root',
|
||||||
mode: 0o640
|
mode: 0o640
|
||||||
)
|
)
|
||||||
expect(pem).to notify('execute[restore-selinux-context]').to(:run)
|
|
||||||
expect(key).to notify('execute[restore-selinux-context]').to(:run)
|
|
||||||
end
|
end
|
||||||
|
|
||||||
context 'does not mess with certs if ssl not enabled' do
|
context 'does not mess with certs if ssl not enabled' do
|
||||||
|
@ -51,14 +43,15 @@ describe 'openstack-dashboard::apache2-server' do
|
||||||
end
|
end
|
||||||
it 'deletes openstack-dashboard.conf' do
|
it 'deletes openstack-dashboard.conf' do
|
||||||
file = '/etc/httpd/conf.d/openstack-dashboard.conf'
|
file = '/etc/httpd/conf.d/openstack-dashboard.conf'
|
||||||
|
|
||||||
expect(chef_run).to delete_file(file)
|
expect(chef_run).to delete_file(file)
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'does not execute restore-selinux-context' do
|
it do
|
||||||
cmd = 'restorecon -Rv /etc/httpd /etc/pki; chcon -R -t httpd_sys_content_t /usr/share/openstack-dashboard || :'
|
expect(chef_run).to_not disable_apache2_site('000-default')
|
||||||
|
end
|
||||||
|
|
||||||
expect(chef_run).not_to run_execute(cmd)
|
it do
|
||||||
|
expect(chef_run).to disable_apache2_site('default')
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'sets the WSGI daemon user to attribute default' do
|
it 'sets the WSGI daemon user to attribute default' do
|
||||||
|
|
|
@ -56,8 +56,6 @@ describe 'openstack-dashboard::apache2-server' do
|
||||||
cached(:chef_run) do
|
cached(:chef_run) do
|
||||||
node.override['openstack']['dashboard']['custom_template_banner'] = 'custom_template_banner_value'
|
node.override['openstack']['dashboard']['custom_template_banner'] = 'custom_template_banner_value'
|
||||||
node.override['openstack']['dashboard']['traceenable'] = 'value'
|
node.override['openstack']['dashboard']['traceenable'] = 'value'
|
||||||
node.override['apache']['log_dir'] = 'log_dir_value'
|
|
||||||
node.override['apache']['contact'] = 'apache_contact_value'
|
|
||||||
node.override['openstack']['dashboard']['error_log'] = 'error_log_value'
|
node.override['openstack']['dashboard']['error_log'] = 'error_log_value'
|
||||||
node.override['openstack']['dashboard']['access_log'] = 'access_log_value'
|
node.override['openstack']['dashboard']['access_log'] = 'access_log_value'
|
||||||
runner.converge(described_recipe)
|
runner.converge(described_recipe)
|
||||||
|
@ -77,33 +75,18 @@ describe 'openstack-dashboard::apache2-server' do
|
||||||
include_context 'non_redhat_stubs'
|
include_context 'non_redhat_stubs'
|
||||||
include_context 'dashboard_stubs'
|
include_context 'dashboard_stubs'
|
||||||
|
|
||||||
it 'does not execute set-selinux-permissive' do
|
it do
|
||||||
cmd = '/sbin/setenforce Permissive'
|
expect(chef_run).to install_apache2_install('openstack').with(listen: %w(0.0.0.0:80 0.0.0.0:443))
|
||||||
expect(chef_run).not_to run_execute(cmd)
|
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'set apache addresses and ports' do
|
it 'enables apache modules' do
|
||||||
expect(chef_run.node['apache']['listen']).to eq %w(0.0.0.0:80 0.0.0.0:443)
|
expect(chef_run).to enable_apache2_module('wsgi')
|
||||||
end
|
expect(chef_run).to enable_apache2_module('rewrite')
|
||||||
|
expect(chef_run).to enable_apache2_module('headers')
|
||||||
it 'includes apache packages' do
|
|
||||||
%w(
|
|
||||||
apache2
|
|
||||||
apache2::mod_headers
|
|
||||||
apache2::mod_rewrite
|
|
||||||
apache2::mod_ssl
|
|
||||||
).each do |recipe|
|
|
||||||
expect(chef_run).to include_recipe(recipe)
|
|
||||||
end
|
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'does not include the apache mod_ssl package when ssl disabled' do
|
it 'does not include the apache mod_ssl package when ssl disabled' do
|
||||||
expect(chef_run_no_ssl).not_to include_recipe('apache2::mod_ssl')
|
expect(chef_run_no_ssl).not_to enable_apache2_module('ssl')
|
||||||
end
|
|
||||||
|
|
||||||
it 'does not execute set-selinux-enforcing' do
|
|
||||||
cmd = '/sbin/setenforce Enforcing ; restorecon -R /etc/httpd'
|
|
||||||
expect(chef_run).not_to run_execute(cmd)
|
|
||||||
end
|
end
|
||||||
|
|
||||||
describe 'certs' do
|
describe 'certs' do
|
||||||
|
@ -124,8 +107,6 @@ describe 'openstack-dashboard::apache2-server' do
|
||||||
group: 'ssl-cert',
|
group: 'ssl-cert',
|
||||||
mode: 0o640
|
mode: 0o640
|
||||||
)
|
)
|
||||||
expect(pem).to notify('execute[restore-selinux-context]').to(:run)
|
|
||||||
expect(key).to notify('execute[restore-selinux-context]').to(:run)
|
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
describe 'set ssl chain' do
|
describe 'set ssl chain' do
|
||||||
|
@ -138,7 +119,6 @@ describe 'openstack-dashboard::apache2-server' do
|
||||||
group: 'root',
|
group: 'root',
|
||||||
mode: 0o644
|
mode: 0o644
|
||||||
)
|
)
|
||||||
expect(chain).to notify('execute[restore-selinux-context]').to(:run)
|
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
describe 'get secret with only one pem' do
|
describe 'get secret with only one pem' do
|
||||||
|
@ -169,7 +149,6 @@ describe 'openstack-dashboard::apache2-server' do
|
||||||
group: 'ssl-cert',
|
group: 'ssl-cert',
|
||||||
mode: 0o640
|
mode: 0o640
|
||||||
)
|
)
|
||||||
expect(key).to notify('execute[restore-selinux-context]').to(:run)
|
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'does not mess with certs if ssl not enabled' do
|
it 'does not mess with certs if ssl not enabled' do
|
||||||
|
@ -217,8 +196,6 @@ describe 'openstack-dashboard::apache2-server' do
|
||||||
group: 'ssl-cert',
|
group: 'ssl-cert',
|
||||||
mode: 0o640
|
mode: 0o640
|
||||||
)
|
)
|
||||||
expect(key).to notify('execute[restore-selinux-context]').to(:run)
|
|
||||||
expect(pem).to notify('execute[restore-selinux-context]').to(:run)
|
|
||||||
end
|
end
|
||||||
describe 'set ssl chain' do
|
describe 'set ssl chain' do
|
||||||
let(:chain) { chef_run.file('/etc/anypath/any-chain.pem') }
|
let(:chain) { chef_run.file('/etc/anypath/any-chain.pem') }
|
||||||
|
@ -229,7 +206,6 @@ describe 'openstack-dashboard::apache2-server' do
|
||||||
group: 'root',
|
group: 'root',
|
||||||
mode: 0o644
|
mode: 0o644
|
||||||
)
|
)
|
||||||
expect(chain).to notify('execute[restore-selinux-context]').to(:run)
|
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
it 'does not mess with certs if ssl not enabled' do
|
it 'does not mess with certs if ssl not enabled' do
|
||||||
|
@ -262,13 +238,27 @@ describe 'openstack-dashboard::apache2-server' do
|
||||||
let(:file) { chef_run.template('/etc/apache2/sites-available/openstack-dashboard.conf') }
|
let(:file) { chef_run.template('/etc/apache2/sites-available/openstack-dashboard.conf') }
|
||||||
|
|
||||||
it 'creates openstack-dashboard.conf' do
|
it 'creates openstack-dashboard.conf' do
|
||||||
expect(chef_run).to create_template(file.name).with(
|
expect(chef_run).to create_template('/etc/apache2/sites-available/openstack-dashboard.conf').with(
|
||||||
user: 'root',
|
source: 'dash-site.erb',
|
||||||
group: 'root',
|
variables: {
|
||||||
mode: 0o644
|
apache_admin: 'root@localhost',
|
||||||
|
http_bind_address: '0.0.0.0',
|
||||||
|
http_bind_port: 80,
|
||||||
|
https_bind_address: '0.0.0.0',
|
||||||
|
https_bind_port: 443,
|
||||||
|
log_dir: '/var/log/apache2',
|
||||||
|
ssl_cert_file: '/etc/ssl/certs/horizon.pem',
|
||||||
|
ssl_chain_file: '',
|
||||||
|
ssl_key_file: '/etc/ssl/private/horizon.key',
|
||||||
|
}
|
||||||
)
|
)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
it do
|
||||||
|
expect(chef_run.template('/etc/apache2/sites-available/openstack-dashboard.conf')).to \
|
||||||
|
notify('service[apache2]').to(:reload).immediately
|
||||||
|
end
|
||||||
|
|
||||||
describe 'template content' do
|
describe 'template content' do
|
||||||
let(:rewrite_ssl_directive) { /^\s*RewriteEngine On\s*RewriteCond \%\{HTTPS\} off$/ }
|
let(:rewrite_ssl_directive) { /^\s*RewriteEngine On\s*RewriteCond \%\{HTTPS\} off$/ }
|
||||||
let(:default_rewrite_rule) { %r(^\s*RewriteRule \^\(\.\*\)\$ https\://%\{HTTP_HOST\}%\{REQUEST_URI\} \[L,R\]$) }
|
let(:default_rewrite_rule) { %r(^\s*RewriteRule \^\(\.\*\)\$ https\://%\{HTTP_HOST\}%\{REQUEST_URI\} \[L,R\]$) }
|
||||||
|
@ -462,7 +452,7 @@ describe 'openstack-dashboard::apache2-server' do
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'shows the ServerAdmin' do
|
it 'shows the ServerAdmin' do
|
||||||
expect(chef_run).to render_file(file.name).with_content(/\s*ServerAdmin apache_contact_value$/)
|
expect(chef_run).to render_file(file.name).with_content(/\s*ServerAdmin root@localhost$/)
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'sets the WSGI script alias defaults' do
|
it 'sets the WSGI script alias defaults' do
|
||||||
|
@ -539,17 +529,6 @@ describe 'openstack-dashboard::apache2-server' do
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
describe 'log directives' do
|
|
||||||
it 'sets the ErrorLog directive' do
|
|
||||||
expect(chef_run).to render_file(file.name).with_content(%r{^\s*ErrorLog log_dir_value/error_log_value$})
|
|
||||||
end
|
|
||||||
|
|
||||||
it 'sets the CustomLog directive' do
|
|
||||||
expect(chef_run).to render_file(file.name)
|
|
||||||
.with_content(%r{^\s*CustomLog log_dir_value/access_log_value combined$})
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
context 'sets wsgi socket prefix if wsgi_socket_prefix attribute is preset' do
|
context 'sets wsgi socket prefix if wsgi_socket_prefix attribute is preset' do
|
||||||
cached(:chef_run) do
|
cached(:chef_run) do
|
||||||
node.override['openstack']['dashboard']['wsgi_socket_prefix'] = '/var/run/wsgi'
|
node.override['openstack']['dashboard']['wsgi_socket_prefix'] = '/var/run/wsgi'
|
||||||
|
@ -564,10 +543,6 @@ describe 'openstack-dashboard::apache2-server' do
|
||||||
expect(chef_run).not_to render_file(file.name).with_content(/^WSGISocketPrefix $/)
|
expect(chef_run).not_to render_file(file.name).with_content(/^WSGISocketPrefix $/)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'notifies restore-selinux-context' do
|
|
||||||
expect(file).to notify('execute[restore-selinux-context]').to(:run)
|
|
||||||
end
|
|
||||||
end
|
end
|
||||||
|
|
||||||
describe 'secret_key_path file' do
|
describe 'secret_key_path file' do
|
||||||
|
@ -619,38 +594,20 @@ describe 'openstack-dashboard::apache2-server' do
|
||||||
expect(chef_run).not_to delete_file(file)
|
expect(chef_run).not_to delete_file(file)
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'calls apache_site to disable 000-default virtualhost' do
|
it do
|
||||||
resource = chef_run.find_resource('execute',
|
expect(chef_run).to disable_apache2_site('000-default')
|
||||||
'a2dissite 000-default.conf').to_hash
|
|
||||||
expect(resource).to include(
|
|
||||||
action: [:run],
|
|
||||||
params: {
|
|
||||||
enable: false,
|
|
||||||
name: '000-default',
|
|
||||||
}
|
|
||||||
)
|
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'calls apache_site to enable openstack-dashboard virtualhost' do
|
it do
|
||||||
resource = chef_run.find_resource('execute',
|
expect(chef_run).to_not disable_apache2_site('default')
|
||||||
'a2ensite openstack-dashboard.conf').to_hash
|
|
||||||
expect(resource).to include(
|
|
||||||
action: [:run],
|
|
||||||
params: {
|
|
||||||
enable: true,
|
|
||||||
notifies: [:reload, 'service[apache2]', :immediately],
|
|
||||||
name: 'openstack-dashboard',
|
|
||||||
}
|
|
||||||
)
|
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'notifies apache2 restart' do
|
it do
|
||||||
skip 'TODO: how to test when tied to an LWRP'
|
expect(chef_run).to enable_apache2_site('openstack-dashboard')
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'does not execute restore-selinux-context' do
|
it do
|
||||||
cmd = 'restorecon -Rv /etc/httpd /etc/pki; chcon -R -t httpd_sys_content_t /usr/share/openstack-dashboard || :'
|
expect(chef_run.apache2_site('openstack-dashboard')).to notify('service[apache2]').to(:reload).immediately
|
||||||
expect(chef_run).not_to run_execute(cmd)
|
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -6,7 +6,7 @@ describe 'openstack-dashboard::horizon' do
|
||||||
let(:runner) { ChefSpec::SoloRunner.new(REDHAT_OPTS) }
|
let(:runner) { ChefSpec::SoloRunner.new(REDHAT_OPTS) }
|
||||||
let(:node) { runner.node }
|
let(:node) { runner.node }
|
||||||
cached(:chef_run) do
|
cached(:chef_run) do
|
||||||
runner.converge(described_recipe)
|
runner.converge('openstack-identity::server-apache', described_recipe)
|
||||||
end
|
end
|
||||||
|
|
||||||
include_context 'dashboard_stubs'
|
include_context 'dashboard_stubs'
|
||||||
|
@ -14,6 +14,7 @@ describe 'openstack-dashboard::horizon' do
|
||||||
|
|
||||||
it 'installs packages' do
|
it 'installs packages' do
|
||||||
expect(chef_run).to upgrade_package('openstack-dashboard')
|
expect(chef_run).to upgrade_package('openstack-dashboard')
|
||||||
|
expect(chef_run).to upgrade_package('mod_wsgi')
|
||||||
expect(chef_run).to upgrade_package('MySQL-python')
|
expect(chef_run).to upgrade_package('MySQL-python')
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -28,7 +28,7 @@ describe 'openstack-dashboard::horizon' do
|
||||||
'variable2' => 'value2',
|
'variable2' => 'value2',
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
runner.converge(described_recipe)
|
runner.converge('openstack-identity::server-apache', described_recipe)
|
||||||
end
|
end
|
||||||
|
|
||||||
cached(:chef_run2) do
|
cached(:chef_run2) do
|
||||||
|
@ -46,12 +46,12 @@ describe 'openstack-dashboard::horizon' do
|
||||||
node.override['openstack']['dashboard']['neutron']['enable_lb'] = true
|
node.override['openstack']['dashboard']['neutron']['enable_lb'] = true
|
||||||
node.override['openstack']['dashboard']['plugins'] = %w(testPlugin1 testPlugin2)
|
node.override['openstack']['dashboard']['plugins'] = %w(testPlugin1 testPlugin2)
|
||||||
node.override['openstack']['db']['dashboard']['migrate'] = false
|
node.override['openstack']['db']['dashboard']['migrate'] = false
|
||||||
runner.converge(described_recipe)
|
runner.converge('openstack-identity::server-apache', described_recipe)
|
||||||
end
|
end
|
||||||
|
|
||||||
cached(:chef_run_sql) do
|
cached(:chef_run_sql) do
|
||||||
node.override['openstack']['dashboard']['session_backend'] = 'sql'
|
node.override['openstack']['dashboard']['session_backend'] = 'sql'
|
||||||
runner.converge(described_recipe)
|
runner.converge('openstack-identity::server-apache', described_recipe)
|
||||||
end
|
end
|
||||||
|
|
||||||
include_context 'non_redhat_stubs'
|
include_context 'non_redhat_stubs'
|
||||||
|
@ -136,7 +136,7 @@ describe 'openstack-dashboard::horizon' do
|
||||||
cached(:chef_run) do
|
cached(:chef_run) do
|
||||||
node.override['openstack']['dashboard']['use_ssl'] = true
|
node.override['openstack']['dashboard']['use_ssl'] = true
|
||||||
node.override['openstack']['dashboard']['ssl_no_verify'] = 'False'
|
node.override['openstack']['dashboard']['ssl_no_verify'] = 'False'
|
||||||
runner.converge(described_recipe)
|
runner.converge('openstack-identity::server-apache', described_recipe)
|
||||||
end
|
end
|
||||||
it 'has a False value for the OPENSTACK_SSL_NO_VERIFY attribute' do
|
it 'has a False value for the OPENSTACK_SSL_NO_VERIFY attribute' do
|
||||||
expect(chef_run).to render_file(file.name).with_content(/^OPENSTACK_SSL_NO_VERIFY = False$/)
|
expect(chef_run).to render_file(file.name).with_content(/^OPENSTACK_SSL_NO_VERIFY = False$/)
|
||||||
|
@ -200,7 +200,7 @@ describe 'openstack-dashboard::horizon' do
|
||||||
cached(:chef_run) do
|
cached(:chef_run) do
|
||||||
node.override['openstack']['dashboard']['csrf_cookie_secure'] = false
|
node.override['openstack']['dashboard']['csrf_cookie_secure'] = false
|
||||||
node.override['openstack']['dashboard']['session_cookie_secure'] = false
|
node.override['openstack']['dashboard']['session_cookie_secure'] = false
|
||||||
runner.converge(described_recipe)
|
runner.converge('openstack-identity::server-apache', described_recipe)
|
||||||
end
|
end
|
||||||
it do
|
it do
|
||||||
expect(chef_run).to render_file(file.name).with_content(/^CSRF_COOKIE_SECURE = False$/)
|
expect(chef_run).to render_file(file.name).with_content(/^CSRF_COOKIE_SECURE = False$/)
|
||||||
|
@ -321,16 +321,14 @@ describe 'openstack-dashboard::horizon' do
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
[nil, []].each do |empty_value|
|
context 'without memcache servers' do
|
||||||
context 'without memcache servers' do
|
cached(:chef_run) do
|
||||||
cached(:chef_run) do
|
allow_any_instance_of(Chef::Recipe).to receive(:memcached_servers).and_return([])
|
||||||
allow_any_instance_of(Chef::Recipe).to receive(:memcached_servers).and_return(empty_value)
|
runner.converge('openstack-identity::server-apache', described_recipe)
|
||||||
runner.converge(described_recipe)
|
end
|
||||||
end
|
it 'does not configure caching when backend == memcache and memcached_servers == []' do
|
||||||
it "does not configure caching when backend == memcache and #{empty_value} provided as memcache servers" do
|
expect(chef_run).to_not render_file(file.name)
|
||||||
expect(chef_run).to_not render_file(file.name)
|
.with_content(/^\s*'LOCATION': \[\s*'hostA:port',\s*'hostB:port',\s*\]$/)
|
||||||
.with_content(/^\s*'LOCATION': \[\s*'hostA:port',\s*'hostB:port',\s*\]$/)
|
|
||||||
end
|
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
@ -365,7 +363,7 @@ describe 'openstack-dashboard::horizon' do
|
||||||
keystone_settings.each do |keystone_setting|
|
keystone_settings.each do |keystone_setting|
|
||||||
node.override['openstack']['dashboard']['keystone_backend'][keystone_setting] = true
|
node.override['openstack']['dashboard']['keystone_backend'][keystone_setting] = true
|
||||||
end
|
end
|
||||||
runner.converge(described_recipe)
|
runner.converge('openstack-identity::server-apache', described_recipe)
|
||||||
end
|
end
|
||||||
keystone_settings.each do |keystone_setting|
|
keystone_settings.each do |keystone_setting|
|
||||||
it do
|
it do
|
||||||
|
@ -379,7 +377,7 @@ describe 'openstack-dashboard::horizon' do
|
||||||
keystone_settings.each do |keystone_setting|
|
keystone_settings.each do |keystone_setting|
|
||||||
node.override['openstack']['dashboard']['keystone_backend'][keystone_setting] = false
|
node.override['openstack']['dashboard']['keystone_backend'][keystone_setting] = false
|
||||||
end
|
end
|
||||||
runner.converge(described_recipe)
|
runner.converge('openstack-identity::server-apache', described_recipe)
|
||||||
end
|
end
|
||||||
keystone_settings.each do |keystone_setting|
|
keystone_settings.each do |keystone_setting|
|
||||||
it do
|
it do
|
||||||
|
@ -428,7 +426,7 @@ describe 'openstack-dashboard::horizon' do
|
||||||
components.each do |component|
|
components.each do |component|
|
||||||
node.override['openstack']['dashboard']['log_level'][component] = "#{component}_log_level_value"
|
node.override['openstack']['dashboard']['log_level'][component] = "#{component}_log_level_value"
|
||||||
end
|
end
|
||||||
runner.converge(described_recipe)
|
runner.converge('openstack-identity::server-apache', described_recipe)
|
||||||
end
|
end
|
||||||
components.each do |component|
|
components.each do |component|
|
||||||
it do
|
it do
|
||||||
|
@ -447,7 +445,7 @@ describe 'openstack-dashboard::horizon' do
|
||||||
cached(:chef_run) do
|
cached(:chef_run) do
|
||||||
node.override['openstack']['db']['dashboard']['username'] = "#{service_type}_user"
|
node.override['openstack']['db']['dashboard']['username'] = "#{service_type}_user"
|
||||||
node.override['openstack']['db']['python_packages'][service_type] = ['pkg1', 'pkg2']
|
node.override['openstack']['db']['python_packages'][service_type] = ['pkg1', 'pkg2']
|
||||||
runner.converge(described_recipe)
|
runner.converge('openstack-identity::server-apache', described_recipe)
|
||||||
end
|
end
|
||||||
before do
|
before do
|
||||||
allow_any_instance_of(Chef::Recipe).to receive(:db)
|
allow_any_instance_of(Chef::Recipe).to receive(:db)
|
||||||
|
@ -539,7 +537,7 @@ describe 'openstack-dashboard::horizon' do
|
||||||
context 'executes when database backend is sqlite' do
|
context 'executes when database backend is sqlite' do
|
||||||
cached(:chef_run) do
|
cached(:chef_run) do
|
||||||
node.override['openstack']['db']['dashboard']['service_type'] = 'sqlite'
|
node.override['openstack']['db']['dashboard']['service_type'] = 'sqlite'
|
||||||
runner.converge(described_recipe)
|
runner.converge('openstack-identity::server-apache', described_recipe)
|
||||||
end
|
end
|
||||||
it do
|
it do
|
||||||
expect(chef_run).to run_execute(sync_db_cmd).with(
|
expect(chef_run).to run_execute(sync_db_cmd).with(
|
||||||
|
|
|
@ -6,7 +6,7 @@ describe 'openstack-dashboard::neutron-fwaas-dashboard' do
|
||||||
cached(:runner) { ChefSpec::SoloRunner.new(UBUNTU_OPTS) }
|
cached(:runner) { ChefSpec::SoloRunner.new(UBUNTU_OPTS) }
|
||||||
cached(:node) { runner.node }
|
cached(:node) { runner.node }
|
||||||
cached(:chef_run) do
|
cached(:chef_run) do
|
||||||
runner.converge(described_recipe)
|
runner.converge('openstack-identity::server-apache', described_recipe)
|
||||||
end
|
end
|
||||||
|
|
||||||
include_context 'non_redhat_stubs'
|
include_context 'non_redhat_stubs'
|
||||||
|
|
|
@ -6,7 +6,7 @@ describe 'openstack-dashboard::neutron-lbaas-dashboard' do
|
||||||
cached(:runner) { ChefSpec::SoloRunner.new(UBUNTU_OPTS) }
|
cached(:runner) { ChefSpec::SoloRunner.new(UBUNTU_OPTS) }
|
||||||
cached(:node) { runner.node }
|
cached(:node) { runner.node }
|
||||||
cached(:chef_run) do
|
cached(:chef_run) do
|
||||||
runner.converge(described_recipe)
|
runner.converge('openstack-identity::server-apache', described_recipe)
|
||||||
end
|
end
|
||||||
|
|
||||||
include_context 'non_redhat_stubs'
|
include_context 'non_redhat_stubs'
|
||||||
|
|
|
@ -39,6 +39,42 @@ shared_context 'dashboard_stubs' do
|
||||||
allow_any_instance_of(Chef::Recipe).to receive(:secret)
|
allow_any_instance_of(Chef::Recipe).to receive(:secret)
|
||||||
.with('certs', 'horizon.key')
|
.with('certs', 'horizon.key')
|
||||||
.and_return('horizon_key_value')
|
.and_return('horizon_key_value')
|
||||||
|
# identity stubs
|
||||||
|
allow_any_instance_of(Chef::Recipe).to receive(:secret)
|
||||||
|
.with('secrets', 'credential_key0')
|
||||||
|
.and_return('thisiscredentialkey0')
|
||||||
|
allow_any_instance_of(Chef::Recipe).to receive(:secret)
|
||||||
|
.with('secrets', 'credential_key1')
|
||||||
|
.and_return('thisiscredentialkey1')
|
||||||
|
allow_any_instance_of(Chef::Recipe).to receive(:secret)
|
||||||
|
.with('secrets', 'fernet_key0')
|
||||||
|
.and_return('thisisfernetkey0')
|
||||||
|
allow_any_instance_of(Chef::Recipe).to receive(:secret)
|
||||||
|
.with('secrets', 'fernet_key1')
|
||||||
|
.and_return('thisisfernetkey1')
|
||||||
|
allow_any_instance_of(Chef::Recipe).to receive(:search_for)
|
||||||
|
.with('os-identity').and_return(
|
||||||
|
[{
|
||||||
|
'openstack' => {
|
||||||
|
'identity' => {
|
||||||
|
'admin_tenant_name' => 'admin',
|
||||||
|
'admin_user' => 'admin',
|
||||||
|
},
|
||||||
|
},
|
||||||
|
}]
|
||||||
|
)
|
||||||
|
allow_any_instance_of(Chef::Recipe).to receive(:rabbit_transport_url)
|
||||||
|
.with('identity')
|
||||||
|
.and_return('rabbit://openstack:mypass@127.0.0.1:5672')
|
||||||
|
allow_any_instance_of(Chef::Recipe).to receive(:get_password)
|
||||||
|
.with('user', anything)
|
||||||
|
.and_return('')
|
||||||
|
allow_any_instance_of(Chef::Recipe).to receive(:get_password)
|
||||||
|
.with('db', anything)
|
||||||
|
.and_return('test-passes')
|
||||||
|
allow_any_instance_of(Chef::Recipe).to receive(:db_uri)
|
||||||
|
.with(anything, anything, anything)
|
||||||
|
.and_return('')
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -26,7 +26,7 @@
|
||||||
ServerAlias <%= node["openstack"]["dashboard"]["server_aliases"].join(" ") %>
|
ServerAlias <%= node["openstack"]["dashboard"]["server_aliases"].join(" ") %>
|
||||||
<% end -%>
|
<% end -%>
|
||||||
<% end %>
|
<% end %>
|
||||||
ServerAdmin <%= node["apache"]["contact"] %>
|
ServerAdmin <%= @apache_admin %>
|
||||||
# Note(jr): This is needed when SSL is used for the services, see
|
# Note(jr): This is needed when SSL is used for the services, see
|
||||||
# https://bugs.launchpad.net/openstack-ansible/+bug/1624791/comments/17
|
# https://bugs.launchpad.net/openstack-ansible/+bug/1624791/comments/17
|
||||||
WSGIApplicationGroup %{GLOBAL}
|
WSGIApplicationGroup %{GLOBAL}
|
||||||
|
@ -53,8 +53,8 @@
|
||||||
AllowOverride None
|
AllowOverride None
|
||||||
Require all granted
|
Require all granted
|
||||||
</Directory>
|
</Directory>
|
||||||
|
|
||||||
<% if node["openstack"]["dashboard"]["use_ssl"] -%>
|
<% if node["openstack"]["dashboard"]["use_ssl"] -%>
|
||||||
|
|
||||||
SSLEngine on
|
SSLEngine on
|
||||||
SSLCertificateFile <%= @ssl_cert_file %>
|
SSLCertificateFile <%= @ssl_cert_file %>
|
||||||
SSLCertificateKeyFile <%= @ssl_key_file %>
|
SSLCertificateKeyFile <%= @ssl_key_file %>
|
||||||
|
@ -72,9 +72,9 @@
|
||||||
RewriteCond /opt/dash/site_overlay%{REQUEST_FILENAME} -s
|
RewriteCond /opt/dash/site_overlay%{REQUEST_FILENAME} -s
|
||||||
RewriteRule ^/(.+) /opt/dash/site_overlay/$1 [L]
|
RewriteRule ^/(.+) /opt/dash/site_overlay/$1 [L]
|
||||||
|
|
||||||
ErrorLog <%= node["apache"]["log_dir"] %>/<%= node["openstack"]["dashboard"]["error_log"] %>
|
ErrorLog <%= @log_dir %>/<%= node["openstack"]["dashboard"]["error_log"] %>
|
||||||
LogLevel warn
|
LogLevel warn
|
||||||
CustomLog <%= node["apache"]["log_dir"] %>/<%= node["openstack"]["dashboard"]["access_log"] %> combined
|
CustomLog <%= @log_dir %>/<%= node["openstack"]["dashboard"]["access_log"] %> combined
|
||||||
TraceEnable <%= node['openstack']['dashboard']['traceenable'] %>
|
TraceEnable <%= node['openstack']['dashboard']['traceenable'] %>
|
||||||
<% unless node["openstack"]["dashboard"]["cache_html"] %>
|
<% unless node["openstack"]["dashboard"]["cache_html"] %>
|
||||||
SetEnvIfExpr "req('accept') =~/html/" NO_CACHE
|
SetEnvIfExpr "req('accept') =~/html/" NO_CACHE
|
||||||
|
@ -82,7 +82,7 @@
|
||||||
Header merge Cache-Control no-store env=NO_CACHE
|
Header merge Cache-Control no-store env=NO_CACHE
|
||||||
<% end -%>
|
<% end -%>
|
||||||
</VirtualHost>
|
</VirtualHost>
|
||||||
|
|
||||||
<% unless node["openstack"]["dashboard"]["wsgi_socket_prefix"].nil? %>
|
<% unless node["openstack"]["dashboard"]["wsgi_socket_prefix"].nil? %>
|
||||||
|
|
||||||
WSGISocketPrefix <%= node["openstack"]["dashboard"]["wsgi_socket_prefix"] %>
|
WSGISocketPrefix <%= node["openstack"]["dashboard"]["wsgi_socket_prefix"] %>
|
||||||
<% end %>
|
<% end %>
|
||||||
|
|
Loading…
Reference in New Issue