1 # == Class: horizon::wsgi::apache
3 # Configures Apache WSGI for Horizon.
8 # (optional) Bind address in Apache for Horizon. (Defaults to '0.0.0.0')
11 # (optional) List of names which should be defined as ServerAlias directives
16 # (optional) Enable SSL support in Apache. (Defaults to false)
19 # (required with listen_ssl) Certificate to use for SSL support.
22 # (required with listen_ssl) Private key to use for SSL support.
25 # (required with listen_ssl) CA certificate to use for SSL support.
28 # (optional) Number of Horizon processes to spawn
32 # (optional) Number of thread to run in a Horizon process
36 # (optional) The apache vhost priority.
37 # Defaults to '15'. To set Horizon as the primary vhost, change to '10'.
40 # (optional) A hash of extra paramaters for apache::wsgi class.
42 class horizon::wsgi::apache (
43 $bind_address = undef,
45 $servername = $::fqdn,
46 $server_aliases = $::fqdn,
49 $horizon_cert = undef,
52 $wsgi_processes = '3',
55 $vhost_conf_name = 'horizon_vhost',
56 $vhost_ssl_conf_name = 'horizon_ssl_vhost',
60 include ::horizon::params
64 warning('Parameter fqdn is deprecated. Please use parameter server_aliases for setting ServerAlias directives in vhost.conf.')
65 $final_server_aliases = $fqdn
67 $final_server_aliases = $server_aliases
70 include ::apache::mod::wsgi
72 # We already use apache::vhost to generate our own
73 # configuration file, let's clean the configuration
74 # embedded within the package
75 file { $::horizon::params::httpd_config_file:
78 # This file has been cleaned by Puppet.
80 # OpenStack Horizon configuration has been moved to:
81 # - ${priority}-${vhost_conf_name}.conf
82 # - ${priority}-${vhost_ssl_conf_name}.conf
84 require => Package[$::horizon::params::package_name]
89 include ::apache::mod::ssl
90 $ensure_ssl_vhost = 'present'
92 if $horizon_ca == undef {
93 fail('The horizon_ca parameter is required when listen_ssl is true')
96 if $horizon_cert == undef {
97 fail('The horizon_cert parameter is required when listen_ssl is true')
100 if $horizon_key == undef {
101 fail('The horizon_key parameter is required when listen_ssl is true')
105 $redirect_match = '(.*)'
106 $redirect_url = "https://${servername}"
110 $ensure_ssl_vhost = 'absent'
111 $redirect_match = '^/$'
112 $redirect_url = $::horizon::params::root_url
115 Package['horizon'] -> Package[$::horizon::params::http_service]
116 File[$::horizon::params::config_file] ~> Service[$::horizon::params::http_service]
118 $unix_user = $::osfamily ? {
119 'RedHat' => $::horizon::params::apache_user,
120 default => $::horizon::params::wsgi_user
122 $unix_group = $::osfamily ? {
123 'RedHat' => $::horizon::params::apache_group,
124 default => $::horizon::params::wsgi_group,
127 file { $::horizon::params::logdir:
130 group => $unix_group,
131 before => Service[$::horizon::params::http_service],
133 require => Package['horizon']
136 file { "${::horizon::params::logdir}/horizon.log":
139 group => $unix_group,
140 before => Service[$::horizon::params::http_service],
142 require => [ File[$::horizon::params::logdir], Package['horizon'] ],
145 $default_vhost_conf_no_ip = {
146 servername => $servername,
147 serveraliases => os_any2array($final_server_aliases),
148 docroot => '/var/www/',
149 access_log_file => 'horizon_access.log',
150 error_log_file => 'horizon_error.log',
151 priority => $priority,
153 { alias => '/static', path => '/usr/share/openstack-dashboard/static' }
156 ssl_cert => $horizon_cert,
157 ssl_key => $horizon_key,
158 ssl_ca => $horizon_ca,
159 wsgi_script_aliases => hash([$::horizon::params::root_url, $::horizon::params::django_wsgi]),
160 wsgi_daemon_process => $::horizon::params::wsgi_group,
161 wsgi_daemon_process_options => {
162 processes => $wsgi_processes,
163 threads => $wsgi_threads,
165 group => $unix_group,
167 wsgi_import_script => $::horizon::params::django_wsgi,
168 wsgi_process_group => $::horizon::params::wsgi_group,
169 redirectmatch_status => 'permanent',
172 # Only add the 'ip' element to the $default_vhost_conf hash if it was explicitly
173 # specified in the instantiation of the class. This is because ip => undef gets
174 # changed to ip => '' via the Puppet function API when ensure_resource is called.
175 # See https://bugs.launchpad.net/puppet-horizon/+bug/1371345
177 $default_vhost_conf = merge($default_vhost_conf_no_ip, { ip => $bind_address })
179 $default_vhost_conf = $default_vhost_conf_no_ip
182 ensure_resource('apache::vhost', $vhost_conf_name, merge ($default_vhost_conf, $extra_params, {
183 redirectmatch_regexp => $redirect_match,
184 redirectmatch_dest => $redirect_url,
186 ensure_resource('apache::vhost', $vhost_ssl_conf_name, merge ($default_vhost_conf, $extra_params, {
187 access_log_file => 'horizon_ssl_access.log',
188 error_log_file => 'horizon_ssl_error.log',
189 priority => $priority,
192 ensure => $ensure_ssl_vhost,
193 wsgi_daemon_process => 'horizon-ssl',
194 wsgi_process_group => 'horizon-ssl',
195 redirectmatch_regexp => '^/$',
196 redirectmatch_dest => $::horizon::params::root_url,