# == Class: horizon::wsgi::apache # # Configures Apache WSGI for Horizon. # # === Parameters # # [*bind_address*] # (optional) Bind address in Apache for Horizon. (Defaults to '0.0.0.0') # # [*server_aliases*] # (optional) List of names which should be defined as ServerAlias directives # in vhost.conf. # Defaults to ::fqdn. # # [*listen_ssl*] # (optional) Enable SSL support in Apache. (Defaults to false) # # [*horizon_cert*] # (required with listen_ssl) Certificate to use for SSL support. # # [*horizon_key*] # (required with listen_ssl) Private key to use for SSL support. # # [*horizon_ca*] # (required with listen_ssl) CA certificate to use for SSL support. # # [*wsgi_processes*] # (optional) Number of Horizon processes to spawn # Defaults to '3' # # [*wsgi_threads*] # (optional) Number of thread to run in a Horizon process # Defaults to '10' # # [*priority*] # (optional) The apache vhost priority. # Defaults to '15'. To set Horizon as the primary vhost, change to '10'. # # [*extra_params*] # (optional) A hash of extra paramaters for apache::wsgi class. # Defaults to {} class horizon::wsgi::apache ( $bind_address = undef, $fqdn = undef, $servername = $::fqdn, $server_aliases = $::fqdn, $listen_ssl = false, $ssl_redirect = true, $horizon_cert = undef, $horizon_key = undef, $horizon_ca = undef, $wsgi_processes = '3', $wsgi_threads = '10', $priority = '15', $vhost_conf_name = 'horizon_vhost', $vhost_ssl_conf_name = 'horizon_ssl_vhost', $extra_params = {}, ) { include ::horizon::params include ::apache if $fqdn { warning('Parameter fqdn is deprecated. Please use parameter server_aliases for setting ServerAlias directives in vhost.conf.') $final_server_aliases = $fqdn } else { $final_server_aliases = $server_aliases } include ::apache::mod::wsgi # We already use apache::vhost to generate our own # configuration file, let's clean the configuration # embedded within the package file { $::horizon::params::httpd_config_file: ensure => present, content => "# # This file has been cleaned by Puppet. # # OpenStack Horizon configuration has been moved to: # - ${priority}-${vhost_conf_name}.conf # - ${priority}-${vhost_ssl_conf_name}.conf #", require => Package[$::horizon::params::package_name] } if $listen_ssl { include ::apache::mod::ssl $ensure_ssl_vhost = 'present' if $horizon_ca == undef { fail('The horizon_ca parameter is required when listen_ssl is true') } if $horizon_cert == undef { fail('The horizon_cert parameter is required when listen_ssl is true') } if $horizon_key == undef { fail('The horizon_key parameter is required when listen_ssl is true') } if $ssl_redirect { $redirect_match = '(.*)' $redirect_url = "https://${servername}" } } else { $ensure_ssl_vhost = 'absent' $redirect_match = '^/$' $redirect_url = $::horizon::params::root_url } Package['horizon'] -> Package[$::horizon::params::http_service] File[$::horizon::params::config_file] ~> Service[$::horizon::params::http_service] $unix_user = $::osfamily ? { 'RedHat' => $::horizon::params::apache_user, default => $::horizon::params::wsgi_user } $unix_group = $::osfamily ? { 'RedHat' => $::horizon::params::apache_group, default => $::horizon::params::wsgi_group, } file { $::horizon::params::logdir: ensure => directory, owner => $unix_user, group => $unix_group, before => Service[$::horizon::params::http_service], mode => '0751', require => Package['horizon'] } file { "${::horizon::params::logdir}/horizon.log": ensure => file, owner => $unix_user, group => $unix_group, before => Service[$::horizon::params::http_service], mode => '0640', require => [ File[$::horizon::params::logdir], Package['horizon'] ], } $default_vhost_conf_no_ip = { servername => $servername, serveraliases => os_any2array($final_server_aliases), docroot => '/var/www/', access_log_file => 'horizon_access.log', error_log_file => 'horizon_error.log', priority => $priority, aliases => [ { alias => '/static', path => '/usr/share/openstack-dashboard/static' } ], port => 80, ssl_cert => $horizon_cert, ssl_key => $horizon_key, ssl_ca => $horizon_ca, wsgi_script_aliases => hash([$::horizon::params::root_url, $::horizon::params::django_wsgi]), wsgi_daemon_process => $::horizon::params::wsgi_group, wsgi_daemon_process_options => { processes => $wsgi_processes, threads => $wsgi_threads, user => $unix_user, group => $unix_group, }, wsgi_import_script => $::horizon::params::django_wsgi, wsgi_process_group => $::horizon::params::wsgi_group, redirectmatch_status => 'permanent', } # Only add the 'ip' element to the $default_vhost_conf hash if it was explicitly # specified in the instantiation of the class. This is because ip => undef gets # changed to ip => '' via the Puppet function API when ensure_resource is called. # See https://bugs.launchpad.net/puppet-horizon/+bug/1371345 if $bind_address { $default_vhost_conf = merge($default_vhost_conf_no_ip, { ip => $bind_address }) } else { $default_vhost_conf = $default_vhost_conf_no_ip } ensure_resource('apache::vhost', $vhost_conf_name, merge ($default_vhost_conf, $extra_params, { redirectmatch_regexp => $redirect_match, redirectmatch_dest => $redirect_url, })) ensure_resource('apache::vhost', $vhost_ssl_conf_name, merge ($default_vhost_conf, $extra_params, { access_log_file => 'horizon_ssl_access.log', error_log_file => 'horizon_ssl_error.log', priority => $priority, ssl => true, port => 443, ensure => $ensure_ssl_vhost, wsgi_daemon_process => 'horizon-ssl', wsgi_process_group => 'horizon-ssl', redirectmatch_regexp => '^/$', redirectmatch_dest => $::horizon::params::root_url, })) }