Proxy API endpoints that UI uses

Add support to enable the UI to use paths via mod_proxy to access API endpoints instead of connecting to each endpoint directly on a port other than where the UI is served from. This is necessary to prevent certificate acceptance errors from non-Chrome browsers which take exception to connections made to other ports on the same hostname, using one SSL certificate. This change extends the UI's Apache configuration to create one mod_proxy location for each of the API endpoints that UI calls upon. These mod_proxy (using ProxyPass, ProxyPassReverse) endpoints are configured using new heira variables provided in the dependent commit. Additionally, this change modifies the default UI configuration file to include endpoint URLs formatted to use the new endpoint paths that are created. Removed puppet variables which were previously used to generate the contents of the tripleo_ui_config.js template, since they are no longer used to generate this file, replaced with the new endpoint URLs formatted to use the new endpoint paths that are created. Change-Id: I55e375ad462fa98e181277ec0bd88658e620e8ad Implements: blueprint proxy-undercloud-api-services Depends-On: Ib20f4b0891563ae90ec80675635a64c39bd2fdb7
2017-01-24 16:51:08 -07:00 · 2017-01-24 16:51:08 -07:00 · 9a69201b5f
parent a75c6c618e
commit 9a69201b5f
5 changed files with 160 additions and 64 deletions
--- a/manifests/ui.pp
+++ b/manifests/ui.pp
@ -31,37 +31,53 @@
 #  The port on which the UI is listening.
 #  Defaults to 3000
 #
-# [*keystone_url*]
-#  The keystone service url
-#  Defaults to hiera('keystone::endpoint::public_url')
+# [*endpoint_proxy_keystone*]
+#  The keystone proxy endpoint url
+#  Defaults to undef
 #
-# [*heat_url*]
-#  The heat service url
-#  Defaults to hiera('heat::keystone::auth::public_url')
+# [*endpoint_config_keystone*]
+#  The keystone config endpoint url
+#  Defaults to undef
 #
-# [*heat_url*]
-#  The heat service url
-#  Defaults to hiera('heat::keystone::auth::public_url')
+# [*endpoint_proxy_heat*]
+#  The heat proxy endpoint url
+#  Defaults to undef
 #
-# [*heat_url*]
-#  The heat service url
-#  Defaults to hiera('heat::keystone::auth::public_url')
+# [*endpoint_config_heat*]
+#  The heat config endpoint url
+#  Defaults to undef
 #
-# [*ironic_url*]
-#  The ironic service url
-#  Defaults to hiera('ironic::keystone::auth::public_url')
+# [*endpoint_proxy_ironic*]
+#  The ironic proxy endpoint url
+#  Defaults to undef
 #
-# [*mistral_url*]
-#  The mistral service url
-#  Defaults to hiera('mistral::keystone::auth::public_url')
+# [*endpoint_config_ironic*]
+#  The ironic config endpoint url
+#  Defaults to undef
 #
-# [*swift_url*]
-#  The swift service url
-#  Defaults to hiera('swift::keystone::auth::public_url')
+# [*endpoint_proxy_mistral*]
+#  The mistral proxy endpoint url
+#  Defaults to undef
 #
-# [*zaqar_websocket_url*]
-#  The zaqar websocket url
-#  Defaults to hiera('zaquar::keystone::auth_websocket::public_url')
+# [*endpoint_config_mistral*]
+#  The mistral config endpoint url
+#  Defaults to undef
+#
+# [*endpoint_proxy_swift*]
+#  The swift proxy endpoint url
+#  Defaults to undef
+#
+# [*endpoint_config_swift*]
+#  The swift config endpoint url
+#  Defaults to undef
+#
+# [*endpoint_proxy_zaqar*]
+#  The zaqar proxy endpoint url
+#  Defaults to undef
+#
+# [*endpoint_config_zaqar*]
+#  The zaqar config endpoint url
+#  Defaults to undf
 #
 # [*zaqar_default_queue*]
 #  The zaqar default queue
@ -69,18 +85,29 @@
 #  Defaults to 'tripleo'
 #
 class tripleo::ui (
-  $servername          = $::fqdn,
-  $bind_host           = hiera('controller_host'),
-  $ui_port             = 3000,
-  $keystone_url        = hiera('keystone_auth_uri_v2'),
-  $heat_url            = hiera('heat::keystone::auth::public_url', undef),
-  $ironic_url          = hiera('ironic::keystone::auth::public_url', undef),
-  $mistral_url         = hiera('mistral::keystone::auth::public_url', undef),
-  $swift_url           = hiera('swift::keystone::auth::public_url', undef),
-  $zaqar_websocket_url = hiera('zaqar::keystone::auth_websocket::public_url', undef),
-  $zaqar_default_queue = 'tripleo'
+  $servername               = $::fqdn,
+  $bind_host                = hiera('controller_host'),
+  $ui_port                  = 3000,
+  $zaqar_default_queue      = 'tripleo',
+  $endpoint_proxy_zaqar     = undef,
+  $endpoint_proxy_keystone  = undef,
+  $endpoint_proxy_heat      = undef,
+  $endpoint_proxy_ironic    = undef,
+  $endpoint_proxy_mistral   = undef,
+  $endpoint_proxy_swift     = undef,
+  $endpoint_config_zaqar    = undef,
+  $endpoint_config_keystone = undef,
+  $endpoint_config_heat     = undef,
+  $endpoint_config_ironic   = undef,
+  $endpoint_config_mistral  = undef,
+  $endpoint_config_swift    = undef,
+
 ) {

+  include ::apache::mod::proxy
+  include ::apache::mod::proxy_http
+  include ::apache::mod::proxy_wstunnel
+
  ::apache::vhost { 'tripleo-ui':
    ensure           => 'present',
    servername       => $servername,
@ -89,6 +116,38 @@ class tripleo::ui (
    docroot          => '/var/www/openstack-tripleo-ui/dist',
    options          => ['Indexes', 'FollowSymLinks'],
    fallbackresource => '/index.html',
+    proxy_pass       => [
+    {
+      'path' => '/zaqar',
+      'url'  => $endpoint_proxy_zaqar
+    },
+    {
+      'path'         => '/keystone',
+      'url'          => $endpoint_proxy_keystone,
+      'reverse_urls' => $endpoint_proxy_keystone
+    },
+    {
+      'path'         => '/heat',
+      'url'          => $endpoint_proxy_heat,
+      'reverse_urls' => $endpoint_proxy_heat
+    },
+    {
+      'path'         => '/ironic',
+      'url'          => $endpoint_proxy_ironic,
+      'reverse_urls' => $endpoint_proxy_ironic
+    },
+    {
+      'path'         => '/mistral',
+      'url'          => $endpoint_proxy_mistral,
+      'reverse_urls' => $endpoint_proxy_mistral
+    },
+    {
+      'path'         => '/swift',
+      'url'          => $endpoint_proxy_swift,
+      'reverse_urls' => $endpoint_proxy_swift
+    },
+    ],
+
  }

  # We already use apache::vhost to generate our own
--- a/releasenotes/notes/proxy-api-endpoints-359e5fb64d80d400.yaml
+++ b/releasenotes/notes/proxy-api-endpoints-359e5fb64d80d400.yaml
@ -0,0 +1,6 @@
+---
+features:
+  - Added ability to proxy API service endpoints through
+    Apache mod_rewrite rules by creating ProxyPass and
+    ProxyPassReverse directives for each API service
+
--- a/releasenotes/notes/remove-old-urls-dea2b7fdcb50dd48.yaml
+++ b/releasenotes/notes/remove-old-urls-dea2b7fdcb50dd48.yaml
@ -0,0 +1,12 @@
+---
+upgrade:
+  - |
+    Removed the following URL configuration variables from tripleo::ui:
+
+    * keystone_url
+    * heat_url
+    * ironic_url
+    * mistral_url
+    * swift_url
+    * zaqar_websocket_url
+
--- a/spec/classes/tripleo_ui_spec.rb
+++ b/spec/classes/tripleo_ui_spec.rb
@ -24,9 +24,20 @@ describe 'tripleo::ui' do

    context 'with required parameters' do
      let(:params) { {
-        :servername   => facts[:hostname],
-        :bind_host    => '127.0.0.1',
-        :keystone_url => 'http://127.0.0.1:5000/'
+        :servername               => facts[:hostname],
+        :bind_host                => '127.0.0.1',
+        :endpoint_proxy_keystone  => 'http://127.0.0.1:5000',
+        :endpoint_proxy_zaqar     => 'ws://127.0.0.1:9000/zaqar',
+        :endpoint_proxy_heat      => 'http://127.0.0.1:8004',
+        :endpoint_proxy_ironic    => 'http://127.0.0.1:6385',
+        :endpoint_proxy_mistral   => 'http://127.0.0.1:8989',
+        :endpoint_proxy_swift     => 'http://127.0.0.1:8080',
+        :endpoint_config_keystone => 'https://127.0.0.1:443/keystone/v2.0',
+        :endpoint_config_zaqar    => 'wss://127.0.0.1:443/zaqar',
+        :endpoint_config_heat     => 'https://127.0.0.1:443/heat/v1/%(tenant_id)s',
+        :endpoint_config_ironic   => 'https://127.0.0.1:443/ironic',
+        :endpoint_config_mistral  => 'https://127.0.0.1:443/mistral/v2',
+        :endpoint_config_swift    => 'https://127.0.0.1:443/swift/v1/AUTH_%(tenant_id)s'
      } }

      it 'should configure tripleo ui' do
@ -42,23 +53,34 @@ describe 'tripleo::ui' do
        )
        is_expected.to contain_file('/etc/httpd/conf.d/openstack-tripleo-ui.conf').with_content(/cleaned by Puppet/)
        is_expected.to contain_file('/var/www/openstack-tripleo-ui/dist/tripleo_ui_config.js')
-            .with_content(/"keystone": "http:\/\/127.0.0.1:5000\/"/)
+            .with_content(/"keystone": "https:\/\/127.0.0.1:443\/keystone\/v2.0"/)
+            .with_content(/"heat": "https:\/\/127.0.0.1:443\/heat\/v1\/%\(tenant_id\)s"/)
+            .with_content(/"zaqar-websocket": "wss:\/\/127.0.0.1:443\/zaqar"/)
+            .with_content(/"ironic": "https:\/\/127.0.0.1:443\/ironic"/)
+            .with_content(/"mistral": "https:\/\/127.0.0.1:443\/mistral\/v2"/)
+            .with_content(/"swift": "https:\/\/127.0.0.1:443\/swift\/v1\/AUTH_%\(tenant_id\)s"/)
            .with_content(/"zaqar_default_queue": "tripleo"/)
      end
    end

    context 'with all parameters' do
      let(:params) { {
-          :servername        => 'custom.example.com',
-        :bind_host           => '127.0.0.2',
-        :ui_port             => 3001,
-        :keystone_url        => 'http://127.0.0.1:1111/',
-        :heat_url            => 'http://127.0.0.1:2222/',
-        :ironic_url          => 'http://127.0.0.1:3333/',
-        :mistral_url         => 'http://127.0.0.1:4444/',
-        :swift_url           => 'http://127.0.0.1:5555/',
-        :zaqar_websocket_url => 'http://127.0.0.1:6666/',
-        :zaqar_default_queue => 'myqueue'
+          :servername             => 'custom.example.com',
+        :bind_host                => '127.0.0.2',
+        :ui_port                  => 3001,
+        :endpoint_proxy_keystone  => 'http://127.0.0.1:5000',
+        :endpoint_proxy_zaqar     => 'ws://127.0.0.1:9000/zaqar',
+        :endpoint_proxy_heat      => 'http://127.0.0.1:8004',
+        :endpoint_proxy_ironic    => 'http://127.0.0.1:6385',
+        :endpoint_proxy_mistral   => 'http://127.0.0.1:8989',
+        :endpoint_proxy_swift     => 'http://127.0.0.1:8080',
+        :endpoint_config_keystone => 'https://127.0.0.1:443/keystone/v2.0',
+        :endpoint_config_zaqar    => 'wss://127.0.0.1:443/zaqar',
+        :endpoint_config_heat     => 'https://127.0.0.1:443/heat/v1/%(tenant_id)s',
+        :endpoint_config_ironic   => 'https://127.0.0.1:443/ironic',
+        :endpoint_config_mistral  => 'https://127.0.0.1:443/mistral/v2',
+        :endpoint_config_swift    => 'https://127.0.0.1:443/swift/v1/AUTH_%(tenant_id)s',
+        :zaqar_default_queue      => 'tripleo'
      } }

      it 'should configure tripleo ui' do
@ -74,13 +96,13 @@ describe 'tripleo::ui' do
        )
        is_expected.to contain_file('/etc/httpd/conf.d/openstack-tripleo-ui.conf').with_content(/cleaned by Puppet/)
        is_expected.to contain_file('/var/www/openstack-tripleo-ui/dist/tripleo_ui_config.js')
-            .with_content(/"keystone": "http:\/\/127.0.0.1:1111\/"/)
-            .with_content(/"heat": "http:\/\/127.0.0.1:2222\/"/)
-            .with_content(/"ironic": "http:\/\/127.0.0.1:3333\/"/)
-            .with_content(/"mistral": "http:\/\/127.0.0.1:4444\/"/)
-            .with_content(/"swift": "http:\/\/127.0.0.1:5555\/"/)
-            .with_content(/"zaqar-websocket": "http:\/\/127.0.0.1:6666\/"/)
-            .with_content(/"zaqar_default_queue": "myqueue"/)
+          .with_content(/"keystone": "https:\/\/127.0.0.1:443\/keystone\/v2.0"/)
+          .with_content(/"heat": "https:\/\/127.0.0.1:443\/heat\/v1\/%\(tenant_id\)s"/)
+          .with_content(/"zaqar-websocket": "wss:\/\/127.0.0.1:443\/zaqar"/)
+          .with_content(/"ironic": "https:\/\/127.0.0.1:443\/ironic"/)
+          .with_content(/"mistral": "https:\/\/127.0.0.1:443\/mistral\/v2"/)
+          .with_content(/"swift": "https:\/\/127.0.0.1:443\/swift\/v1\/AUTH_%\(tenant_id\)s"/)
+          .with_content(/"zaqar_default_queue": "tripleo"/)
      end
    end

--- a/templates/ui/tripleo_ui_config.js.erb
+++ b/templates/ui/tripleo_ui_config.js.erb
@ -1,13 +1,10 @@
 window.tripleOUiConfig = {
-  "keystone": "<%= @keystone_url %>",
-
-  // The UI automatically discovers below URLs by querying keystone but can be
-  // changed here if desired.
-  //"heat": "<%= @heat_url %>",
-  //"ironic": "<%= @ironic_url %>",
-  //"mistral": "<%= @mistral_url %>",
-  //"swift": "<%= @swift_url %>",
-  //"zaqar-websocket": "<%= @zaqar_websocket_url %>",
+  "keystone": "<%= @endpoint_config_keystone %>",
+  "heat": "<%= @endpoint_config_heat %>",
+  "ironic": "<%= @endpoint_config_ironic %>",
+  "mistral": "<%= @endpoint_config_mistral %>",
+  "swift": "<%= @endpoint_config_swift %>",
+  "zaqar-websocket": "<%= @endpoint_config_zaqar %>",

  // Default websocket queue name
  "zaqar_default_queue": "<%= @zaqar_default_queue %>"