X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=3rdparty%2Fmodules%2Fkeystone%2Fmanifests%2Fwsgi%2Fapache.pp;fp=3rdparty%2Fmodules%2Fkeystone%2Fmanifests%2Fwsgi%2Fapache.pp;h=0000000000000000000000000000000000000000;hb=6e1426dc77fb4e5d51f07c187c6f2219431dc31e;hp=66e28aacc14078183f2c25693370add14e881a1a;hpb=87423ba664cd5f2bb462ebadd08b1a90d0fe1c8d;p=mirror%2Fdsa-puppet.git

diff --git a/3rdparty/modules/keystone/manifests/wsgi/apache.pp b/3rdparty/modules/keystone/manifests/wsgi/apache.pp
deleted file mode 100644
index 66e28aacc..000000000
--- a/3rdparty/modules/keystone/manifests/wsgi/apache.pp
+++ /dev/null
@@ -1,275 +0,0 @@
-#
-# Class to serve keystone with apache mod_wsgi in place of keystone service
-#
-# Serving keystone from apache is the recommended way to go for production
-# systems as the current keystone implementation is not multi-processor aware,
-# thus limiting the performance for concurrent accesses.
-#
-# See the following URIs for reference:
-#    https://etherpad.openstack.org/havana-keystone-performance
-#    http://adam.younglogic.com/2012/03/keystone-should-move-to-apache-httpd/
-#
-# When using this class you should disable your keystone service.
-#
-# == Parameters
-#
-#   [*servername*]
-#     The servername for the virtualhost.
-#     Optional. Defaults to $::fqdn
-#
-#   [*public_port*]
-#     The public port.
-#     Optional. Defaults to 5000
-#
-#   [*admin_port*]
-#     The admin port.
-#     Optional. Defaults to 35357
-#
-#   [*bind_host*]
-#     The host/ip address Apache will listen on.
-#     Optional. Defaults to undef (listen on all ip addresses).
-#
-#   [*public_path*]
-#     The prefix for the public endpoint.
-#     Optional. Defaults to '/'
-#
-#   [*admin_path*]
-#     The prefix for the admin endpoint.
-#     Optional. Defaults to '/'
-#
-#   [*ssl*]
-#     Use ssl ? (boolean)
-#     Optional. Defaults to true
-#
-#   [*workers*]
-#     Number of WSGI workers to spawn.
-#     Optional. Defaults to 1
-#
-#   [*ssl_cert*]
-#     (optional) Path to SSL certificate
-#     Default to apache::vhost 'ssl_*' defaults.
-#
-#   [*ssl_key*]
-#     (optional) Path to SSL key
-#     Default to apache::vhost 'ssl_*' defaults.
-#
-#   [*ssl_chain*]
-#     (optional) SSL chain
-#     Default to apache::vhost 'ssl_*' defaults.
-#
-#   [*ssl_ca*]
-#     (optional) Path to SSL certificate authority
-#     Default to apache::vhost 'ssl_*' defaults.
-#
-#   [*ssl_crl_path*]
-#     (optional) Path to SSL certificate revocation list
-#     Default to apache::vhost 'ssl_*' defaults.
-#
-#   [*ssl_crl*]
-#     (optional) SSL certificate revocation list name
-#     Default to apache::vhost 'ssl_*' defaults.
-#
-#   [*ssl_certs_dir*]
-#     apache::vhost ssl parameters.
-#     Optional. Default to apache::vhost 'ssl_*' defaults.
-#
-#   [*priority*]
-#     (optional) The priority for the vhost.
-#     Defaults to '10'
-#
-#   [*threads*]
-#     (optional) The number of threads for the vhost.
-#     Defaults to $::processorcount
-#
-#   [*wsgi_script_ensure*]
-#     (optional) File ensure parameter for wsgi scripts.
-#     Defaults to 'file'.
-#
-#   [*wsgi_script_source*]
-#     (optional) Wsgi script source.
-#     Defaults to undef.
-#
-# == Dependencies
-#
-#   requires Class['apache'] & Class['keystone']
-#
-# == Examples
-#
-#   include apache
-#
-#   class { 'keystone::wsgi::apache': }
-#
-# == Note about ports & paths
-#
-#   When using same port for both endpoints (443 anyone ?), you *MUST* use two
-#  different public_path & admin_path !
-#
-# == Authors
-#
-#   Francois Charlier <francois.charlier@enovance.com>
-#
-# == Copyright
-#
-#   Copyright 2013 eNovance <licensing@enovance.com>
-#
-class keystone::wsgi::apache (
-  $servername         = $::fqdn,
-  $public_port        = 5000,
-  $admin_port         = 35357,
-  $bind_host          = undef,
-  $public_path        = '/',
-  $admin_path         = '/',
-  $ssl                = true,
-  $workers            = 1,
-  $ssl_cert           = undef,
-  $ssl_key            = undef,
-  $ssl_chain          = undef,
-  $ssl_ca             = undef,
-  $ssl_crl_path       = undef,
-  $ssl_crl            = undef,
-  $ssl_certs_dir      = undef,
-  $threads            = $::processorcount,
-  $priority           = '10',
-  $wsgi_script_ensure = 'file',
-  $wsgi_script_source = undef,
-) {
-
-  include ::keystone::params
-  include ::apache
-  include ::apache::mod::wsgi
-  if $ssl {
-    include ::apache::mod::ssl
-  }
-
-  Package['keystone'] -> Package['httpd']
-  Package['keystone'] ~> Service['httpd']
-  Keystone_config <| |> ~> Service['httpd']
-  Service['httpd'] -> Keystone_endpoint <| |>
-  Service['httpd'] -> Keystone_role <| |>
-  Service['httpd'] -> Keystone_service <| |>
-  Service['httpd'] -> Keystone_tenant <| |>
-  Service['httpd'] -> Keystone_user <| |>
-  Service['httpd'] -> Keystone_user_role <| |>
-
-  ## Sanitize parameters
-
-  # Ensure there's no trailing '/' except if this is also the only character
-  $public_path_real = regsubst($public_path, '(^/.*)/$', '\1')
-  # Ensure there's no trailing '/' except if this is also the only character
-  $admin_path_real = regsubst($admin_path, '(^/.*)/$', '\1')
-
-  if $public_port == $admin_port and $public_path_real == $admin_path_real {
-    fail('When using the same port for public & private endpoints, public_path and admin_path should be different.')
-  }
-
-  file { $::keystone::params::keystone_wsgi_script_path:
-    ensure  => directory,
-    owner   => 'keystone',
-    group   => 'keystone',
-    require => Package['httpd'],
-  }
-
-  $wsgi_files = {
-    'keystone_wsgi_admin' => {
-      'path' => "${::keystone::params::keystone_wsgi_script_path}/admin",
-    },
-    'keystone_wsgi_main'  => {
-      'path' => "${::keystone::params::keystone_wsgi_script_path}/main",
-    },
-  }
-
-  $wsgi_file_defaults = {
-    'ensure'  => $wsgi_script_ensure,
-    'owner'   => 'keystone',
-    'group'   => 'keystone',
-    'mode'    => '0644',
-    'require' => [File[$::keystone::params::keystone_wsgi_script_path], Package['keystone']],
-  }
-
-  $wsgi_script_source_real = $wsgi_script_source ? {
-    default => $wsgi_script_source,
-    undef   => $::keystone::params::keystone_wsgi_script_source,
-  }
-
-  case $wsgi_script_ensure {
-    'link':  { $wsgi_file_source = { 'target' => $wsgi_script_source_real } }
-    default: { $wsgi_file_source = { 'source' => $wsgi_script_source_real } }
-  }
-
-  create_resources('file', $wsgi_files, merge($wsgi_file_defaults, $wsgi_file_source))
-
-  $wsgi_daemon_process_options_main = {
-    user         => 'keystone',
-    group        => 'keystone',
-    processes    => $workers,
-    threads      => $threads,
-    display-name => 'keystone-main',
-  }
-
-  $wsgi_daemon_process_options_admin = {
-    user         => 'keystone',
-    group        => 'keystone',
-    processes    => $workers,
-    threads      => $threads,
-    display-name => 'keystone-admin',
-  }
-
-  $wsgi_script_aliases_main = hash([$public_path_real,"${::keystone::params::keystone_wsgi_script_path}/main"])
-  $wsgi_script_aliases_admin = hash([$admin_path_real, "${::keystone::params::keystone_wsgi_script_path}/admin"])
-
-  if $public_port == $admin_port {
-    $wsgi_script_aliases_main_real = merge($wsgi_script_aliases_main, $wsgi_script_aliases_admin)
-  } else {
-    $wsgi_script_aliases_main_real = $wsgi_script_aliases_main
-  }
-
-  ::apache::vhost { 'keystone_wsgi_main':
-    ensure                      => 'present',
-    servername                  => $servername,
-    ip                          => $bind_host,
-    port                        => $public_port,
-    docroot                     => $::keystone::params::keystone_wsgi_script_path,
-    docroot_owner               => 'keystone',
-    docroot_group               => 'keystone',
-    priority                    => $priority,
-    ssl                         => $ssl,
-    ssl_cert                    => $ssl_cert,
-    ssl_key                     => $ssl_key,
-    ssl_chain                   => $ssl_chain,
-    ssl_ca                      => $ssl_ca,
-    ssl_crl_path                => $ssl_crl_path,
-    ssl_crl                     => $ssl_crl,
-    ssl_certs_dir               => $ssl_certs_dir,
-    wsgi_daemon_process         => 'keystone_main',
-    wsgi_daemon_process_options => $wsgi_daemon_process_options_main,
-    wsgi_process_group          => 'keystone_main',
-    wsgi_script_aliases         => $wsgi_script_aliases_main_real,
-    require                     => File['keystone_wsgi_main'],
-  }
-
-  if $public_port != $admin_port {
-    ::apache::vhost { 'keystone_wsgi_admin':
-      ensure                      => 'present',
-      servername                  => $servername,
-      ip                          => $bind_host,
-      port                        => $admin_port,
-      docroot                     => $::keystone::params::keystone_wsgi_script_path,
-      docroot_owner               => 'keystone',
-      docroot_group               => 'keystone',
-      priority                    => $priority,
-      ssl                         => $ssl,
-      ssl_cert                    => $ssl_cert,
-      ssl_key                     => $ssl_key,
-      ssl_chain                   => $ssl_chain,
-      ssl_ca                      => $ssl_ca,
-      ssl_crl_path                => $ssl_crl_path,
-      ssl_crl                     => $ssl_crl,
-      ssl_certs_dir               => $ssl_certs_dir,
-      wsgi_daemon_process         => 'keystone_admin',
-      wsgi_daemon_process_options => $wsgi_daemon_process_options_admin,
-      wsgi_process_group          => 'keystone_admin',
-      wsgi_script_aliases         => $wsgi_script_aliases_admin,
-      require                     => File['keystone_wsgi_admin'],
-    }
-  }
-}