From: Mohammed Morsi mmorsi@redhat.com
--- contrib/deltacloud-configure.spec | 1 + recipes/apache/manifests/init.pp | 34 ++++++++++++++++++ .../files/aggregator-httpd-ssl.conf | 37 ++++++++++++++++++++ .../deltacloud_recipe/files/aggregator-httpd.conf | 25 +++++++++++++ recipes/deltacloud_recipe/manifests/aggregator.pp | 15 ++++++-- recipes/deltacloud_recipe/manifests/deltacloud.pp | 1 + 6 files changed, 110 insertions(+), 3 deletions(-) create mode 100644 recipes/apache/manifests/init.pp create mode 100644 recipes/deltacloud_recipe/files/aggregator-httpd-ssl.conf create mode 100644 recipes/deltacloud_recipe/files/aggregator-httpd.conf
diff --git a/contrib/deltacloud-configure.spec b/contrib/deltacloud-configure.spec index e49877f..670d401 100644 --- a/contrib/deltacloud-configure.spec +++ b/contrib/deltacloud-configure.spec @@ -33,6 +33,7 @@ rm -rf %{buildroot} %{__cp} -R %{pbuild}/recipes/deltacloud_recipe/deltacloud_recipe.pp %{buildroot}/%{dchome} %{__cp} -R %{pbuild}/recipes/deltacloud_recipe/deltacloud_uninstall.pp %{buildroot}/%{dchome} %{__cp} -R %{pbuild}/recipes/deltacloud_recipe/*/ %{buildroot}/%{dchome}/modules/deltacloud_recipe +%{__cp} -R %{pbuild}/recipes/apache/ %{buildroot}/%{dchome}/modules/apache %{__cp} -R %{pbuild}/recipes/firewall/ %{buildroot}/%{dchome}/modules/firewall %{__cp} -R %{pbuild}/recipes/ntp/ %{buildroot}/%{dchome}/modules/ntp %{__cp} -R %{pbuild}/recipes/postgres/ %{buildroot}/%{dchome}/modules/postgres diff --git a/recipes/apache/manifests/init.pp b/recipes/apache/manifests/init.pp new file mode 100644 index 0000000..fa8fe53 --- /dev/null +++ b/recipes/apache/manifests/init.pp @@ -0,0 +1,34 @@ +$apache_dir = "/etc/httpd" +$apache_conf_dir = "${apache_dir}/conf.d" + +class apache { + # require apache and mod_ssl + package { "httpd": ensure => installed } + + if $enable_security { + package { "mod_ssl": ensure => installed } + } + + service { "httpd": + ensure => running, + require => Package["httpd"], + hasrestart => true, + hasstatus => true + } + + exec { "reload-apache": + command => "/sbin/service httpd reload", + refreshonly => true + } +} + +define apache::site ( $ensure = 'present', $source = '') { + $site_file = "${apache_conf_dir}/${name}.conf" + file { + $site_file: + ensure => $ensure, + source => $source, + notify => Exec["reload-apache"], + require => Service['httpd'] + } +} diff --git a/recipes/deltacloud_recipe/files/aggregator-httpd-ssl.conf b/recipes/deltacloud_recipe/files/aggregator-httpd-ssl.conf new file mode 100644 index 0000000..204f422 --- /dev/null +++ b/recipes/deltacloud_recipe/files/aggregator-httpd-ssl.conf @@ -0,0 +1,37 @@ +NameVirtualHost *:443 +<VirtualHost *:443> + + ErrorLog /etc/httpd/logs/error_log + TransferLog /etc/httpd/logs/access_log + LogLevel debug + + ProxyRequests Off + SSLEngine On + SSLCertificateFile /etc/pki/tls/certs/localhost.crt + SSLCertificateKeyFile /etc/pki/tls/private/localhost.key + ProxyPreserveHost Off + RequestHeader set X_FORWARDED_PROTO 'https' + +Alias /deltacloud/stylesheets "/usr/share/deltacloud-aggregator/public/stylesheets" +Alias /deltacloud/images "/usr/share/deltacloud-aggregator/public/images" +Alias /deltacloud/errors "/usr/share/deltacloud-aggregator/public/errors" +Alias /deltacloud/javascripts "/usr/share/deltacloud-aggregator/public/javascripts" +Alias /fonts "/usr/share/deltacloud-aggregator/public/fonts" + +ProxyPass /deltacloud/images ! +ProxyPass /deltacloud/stylesheets ! +ProxyPass /deltacloud/errors ! +ProxyPass /deltacloud http://localhost:3000/deltacloud +ProxyPassReverse /deltacloud http://localhost:3000/deltacloud +ProxyPassReverse /deltacloud/images ! +ProxyPassReverse /deltacloud/stylesheets ! +ProxyPassReverse /deltacloud/errors ! + +</VirtualHost> + +NameVirtualHost *:80 +<VirtualHost *:80> + RewriteEngine On + RewriteCond %{HTTPS} off + RewriteRule /deltacloud(.*) https://%%7BHTTP_HOST%7D%%7BREQUEST_URI%7D +</VirtualHost> diff --git a/recipes/deltacloud_recipe/files/aggregator-httpd.conf b/recipes/deltacloud_recipe/files/aggregator-httpd.conf new file mode 100644 index 0000000..5b5774c --- /dev/null +++ b/recipes/deltacloud_recipe/files/aggregator-httpd.conf @@ -0,0 +1,25 @@ +NameVirtualHost *:80 +<VirtualHost *:80> + + ErrorLog /etc/httpd/logs/error_log + TransferLog /etc/httpd/logs/access_log + LogLevel warn + + ProxyRequests Off + +Alias /deltacloud/stylesheets "/usr/share/deltacloud-aggregator/public/stylesheets" +Alias /deltacloud/images "/usr/share/deltacloud-aggregator/public/images" +Alias /deltacloud/errors "/usr/share/deltacloud-aggregator/public/errors" +Alias /deltacloud/javascripts "/usr/share/deltacloud-aggregator/public/javascripts" +Alias /fonts "/usr/share/deltacloud-aggregator/public/fonts" + +ProxyPass /deltacloud/images ! +ProxyPass /deltacloud/stylesheets ! +ProxyPass /deltacloud/errors ! +ProxyPass /deltacloud http://localhost:3000/deltacloud +ProxyPassReverse /deltacloud http://localhost:3000/deltacloud +ProxyPassReverse /deltacloud/images ! +ProxyPassReverse /deltacloud/stylesheets ! +ProxyPassReverse /deltacloud/errors ! + +</VirtualHost> diff --git a/recipes/deltacloud_recipe/manifests/aggregator.pp b/recipes/deltacloud_recipe/manifests/aggregator.pp index 538b7f1..6650b89 100644 --- a/recipes/deltacloud_recipe/manifests/aggregator.pp +++ b/recipes/deltacloud_recipe/manifests/aggregator.pp @@ -21,13 +21,14 @@ class deltacloud::aggregator inherits deltacloud { selinux::mode{"permissive":}
### Setup firewall for deltacloud - firewall::rule{"http": destination_port => '80'} + firewall::rule{"http": destination_port => '80' } + firewall::rule{"https": destination_port => '443'}
### Start the deltacloud services file {"/var/lib/condor/condor_config.local": source => "puppet:///modules/deltacloud_recipe/condor_config.local", require => Package['deltacloud-aggregator-daemons'] } - service { ['condor', 'httpd']: + service { 'condor': ensure => 'running', enable => true, require => File['/var/lib/condor/condor_config.local'] } @@ -83,6 +84,14 @@ class deltacloud::aggregator inherits deltacloud { command => "/usr/bin/rake sunspot:reindex", environment => "RAILS_ENV=production", require => Rails::Migrate::Db['migrate_deltacloud_database']} + + ### Setup apache for deltacloud + include apache + if $enable_security { + apache::site{"deltacloud-aggregator": source => 'puppet:///modules/deltacloud_recipe/aggregator-httpd-ssl.conf'} + } else{ + apache::site{"deltacloud-aggregator": source => 'puppet:///modules/deltacloud_recipe/aggregator-httpd.conf'} + } }
class deltacloud::aggregator::disabled { @@ -113,7 +122,7 @@ class deltacloud::aggregator::disabled { require => Package['deltacloud-aggregator']}
### Stop the deltacloud services - service { ['condor', 'httpd']: + service { 'condor': ensure => 'stopped', enable => false, require => Service['deltacloud-aggregator', diff --git a/recipes/deltacloud_recipe/manifests/deltacloud.pp b/recipes/deltacloud_recipe/manifests/deltacloud.pp index eef014f..c7693c1 100644 --- a/recipes/deltacloud_recipe/manifests/deltacloud.pp +++ b/recipes/deltacloud_recipe/manifests/deltacloud.pp @@ -3,6 +3,7 @@ import "firewall"
import "postgres" +import "apache" import "rails" import "selinux" import "ntp"