Conditional ACK. I think it needs a few minor tweaks.
I believe setting the request header X_FORWARDED_PROTO will get you around the redirection that you mentioned in your comment but please double check that part.
On 01/19/2011 04:54 PM, Mohammed Morsi wrote:
contrib/deltacloud-configure.spec | 1 + recipes/apache/manifests/init.pp | 34 +++++++++++++++++ .../files/aggregator-httpd-ssl.conf | 38 ++++++++++++++++++++ .../deltacloud_recipe/files/aggregator-httpd.conf | 23 ++++++++++++ recipes/deltacloud_recipe/manifests/aggregator.pp | 15 ++++++-- recipes/deltacloud_recipe/manifests/deltacloud.pp | 1 + 6 files changed, 109 insertions(+), 3 deletions(-) create mode 100644 recipes/apache/manifests/init.pp create mode 100644 recipes/deltacloud_recipe/files/aggregator-httpd-ssl.conf create mode 100644 recipes/deltacloud_recipe/files/aggregator-httpd.conf
diff --git a/contrib/deltacloud-configure.spec b/contrib/deltacloud-configure.spec index e49877f..670d401 100644 --- a/contrib/deltacloud-configure.spec +++ b/contrib/deltacloud-configure.spec @@ -33,6 +33,7 @@ rm -rf %{buildroot} %{__cp} -R %{pbuild}/recipes/deltacloud_recipe/deltacloud_recipe.pp %{buildroot}/%{dchome} %{__cp} -R %{pbuild}/recipes/deltacloud_recipe/deltacloud_uninstall.pp %{buildroot}/%{dchome} %{__cp} -R %{pbuild}/recipes/deltacloud_recipe/*/ %{buildroot}/%{dchome}/modules/deltacloud_recipe +%{__cp} -R %{pbuild}/recipes/apache/ %{buildroot}/%{dchome}/modules/apache %{__cp} -R %{pbuild}/recipes/firewall/ %{buildroot}/%{dchome}/modules/firewall %{__cp} -R %{pbuild}/recipes/ntp/ %{buildroot}/%{dchome}/modules/ntp %{__cp} -R %{pbuild}/recipes/postgres/ %{buildroot}/%{dchome}/modules/postgres diff --git a/recipes/apache/manifests/init.pp b/recipes/apache/manifests/init.pp new file mode 100644 index 0000000..fa8fe53 --- /dev/null +++ b/recipes/apache/manifests/init.pp @@ -0,0 +1,34 @@ +$apache_dir = "/etc/httpd" +$apache_conf_dir = "${apache_dir}/conf.d"
+class apache {
- # require apache and mod_ssl
- package { "httpd": ensure => installed }
- if $enable_security {
package { "mod_ssl": ensure => installed }
- }
- service { "httpd":
ensure => running,
require => Package["httpd"],
hasrestart => true,
- hasstatus => true
- }
- exec { "reload-apache":
- command => "/sbin/service httpd reload",
refreshonly => true
- }
+}
+define apache::site ( $ensure = 'present', $source = '') {
- $site_file = "${apache_conf_dir}/${name}.conf"
- file {
$site_file:
ensure => $ensure,
source => $source,
notify => Exec["reload-apache"],
require => Service['httpd']
- }
+} diff --git a/recipes/deltacloud_recipe/files/aggregator-httpd-ssl.conf b/recipes/deltacloud_recipe/files/aggregator-httpd-ssl.conf new file mode 100644 index 0000000..122952f --- /dev/null +++ b/recipes/deltacloud_recipe/files/aggregator-httpd-ssl.conf @@ -0,0 +1,38 @@ +NameVirtualHost *:443 +<VirtualHost *:443>
- ErrorLog /etc/httpd/logs/error_log
- TransferLog /etc/httpd/logs/access_log
- LogLevel debug
- ProxyRequests Off
- SSLEngine On
- SSLCertificateFile /etc/pki/tls/certs/localhost.crt
- SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
RequestHeader set X_FORWARDED_PROTO 'https'
- ProxyPreserveHost Off
+Alias /deltacloud/stylesheets "/usr/share/deltacloud-aggregator/public/" +Alias /deltacloud/images "/usr/share/deltacloud-aggregator/public/" +Alias /deltacloud/errors "/usr/share/deltacloud-aggregator/public/"
Alias /deltacloud/stylesheets "/usr/share/deltacloud-aggregator/public/stylesheets" Alias /deltacloud/images "/usr/share/deltacloud-aggregator/public/images" Alias /deltacloud/errors "/usr/share/deltacloud-aggregator/public/errors" Alias /deltacloud/javascripts "/usr/share/deltacloud-aggregator/public/javascripts" Alias /fonts "/usr/share/deltacloud-aggregator/public/fonts"
+# TODO Apache will set HTTP_X_FORWARDED_HOST here to the hostname minus the port. +# Rails (actioncontroller) will take this and use it for the hostname for redirects. +# Since we define the http->https rewrite below this isn't an issue but +# should probably be resolved at some point +ProxyPass /deltacloud/images ! +ProxyPass /deltacloud/stylesheets ! +ProxyPass /deltacloud/errors ! +ProxyPass /deltacloud http://localhost:3000/deltacloud +ProxyPassReverse /deltacloud http://localhost:3000/deltacloud +ProxyPassReverse /deltacloud/images ! +ProxyPassReverse /deltacloud/stylesheets ! +ProxyPassReverse /deltacloud/errors !
+</VirtualHost>
+NameVirtualHost *:80 +<VirtualHost *:80>
- RewriteEngine On
- RewriteCond %{HTTPS} off
- RewriteRule /deltacloud(.*) https://%%7BHTTP_HOST%7D%%7BREQUEST_URI%7D
+</VirtualHost> diff --git a/recipes/deltacloud_recipe/files/aggregator-httpd.conf b/recipes/deltacloud_recipe/files/aggregator-httpd.conf new file mode 100644 index 0000000..6ef80b8 --- /dev/null +++ b/recipes/deltacloud_recipe/files/aggregator-httpd.conf @@ -0,0 +1,23 @@ +NameVirtualHost *:80 +<VirtualHost *:80>
- ErrorLog /etc/httpd/logs/error_log
- TransferLog /etc/httpd/logs/access_log
- LogLevel warn
- ProxyRequests Off
+Alias /deltacloud/stylesheets "/usr/share/deltacloud-aggregator/public/stylesheets" +Alias /deltacloud/images "/usr/share/deltacloud-aggregator/public/images" +Alias /deltacloud/errors "/usr/share/deltacloud-aggregator/public/"
Alias /deltacloud/stylesheets "/usr/share/deltacloud-aggregator/public/stylesheets" Alias /deltacloud/images "/usr/share/deltacloud-aggregator/public/images" Alias /deltacloud/errors "/usr/share/deltacloud-aggregator/public/errors" Alias /deltacloud/javascripts "/usr/share/deltacloud-aggregator/public/javascripts" Alias /fonts "/usr/share/deltacloud-aggregator/public/fonts"
+ProxyPass /deltacloud/images ! +ProxyPass /deltacloud/stylesheets ! +ProxyPass /deltacloud/errors ! +ProxyPass /deltacloud http://localhost:3000/deltacloud +ProxyPassReverse /deltacloud http://localhost:3000/deltacloud +ProxyPassReverse /deltacloud/images ! +ProxyPassReverse /deltacloud/stylesheets ! +ProxyPassReverse /deltacloud/errors !
+</VirtualHost> diff --git a/recipes/deltacloud_recipe/manifests/aggregator.pp b/recipes/deltacloud_recipe/manifests/aggregator.pp index 2be247c..0c0c2e2 100644 --- a/recipes/deltacloud_recipe/manifests/aggregator.pp +++ b/recipes/deltacloud_recipe/manifests/aggregator.pp @@ -18,13 +18,14 @@ class deltacloud::aggregator inherits deltacloud { selinux::mode{"permissive":}
### Setup firewall for deltacloud
- firewall::rule{"http": destination_port => '80'}
firewall::rule{"http": destination_port => '80' }
firewall::rule{"https": destination_port => '443'}
### Start the deltacloud services file {"/var/lib/condor/condor_config.local": source => "puppet:///modules/deltacloud_recipe/condor_config.local", require => Package['deltacloud-aggregator-daemons'] }
- service { ['condor', 'httpd']:
- service { 'condor': ensure => 'running', enable => true, require => File['/var/lib/condor/condor_config.local'] }
@@ -60,6 +61,14 @@ class deltacloud::aggregator inherits deltacloud { cwd => "/usr/share/deltacloud-aggregator", rails_env => "production", require => Rails::Create::Db[create_deltacloud_database]}
- ### Setup apache for deltacloud
- include apache
- if $enable_security {
apache::site{"aggregator": source => 'puppet:///modules/deltacloud_recipe/aggregator-httpd-ssl.conf'}
#This takes over the /etc/httpd/conf.d/deltacloud-aggregator.conf from #deltacloud-aggregator-daemons.rpm #Do we need it in deltacloud-aggregator-daemons.rpm anymore? apache::site{"deltacloud-aggregator": source => 'puppet:///modules/deltacloud_recipe/aggregator-httpd-ssl.conf'}
- } else{
apache::site{"aggregator": source => 'puppet:///modules/deltacloud_recipe/aggregator-httpd.conf'}
apache::site{"deltacloud-aggregator": source =>
'puppet:///modules/deltacloud_recipe/aggregator-httpd.conf'}
- }
Works for now. It might be worth playing around with the use of templates instead of files to see if we can avoid the conditionals in the .pp.
}
class deltacloud::aggregator::disabled { @@ -84,7 +93,7 @@ class deltacloud::aggregator::disabled { require => Package['deltacloud-aggregator']}
### Stop the deltacloud services
- service { ['condor', 'httpd']:
- service { 'condor': ensure => 'stopped', enable => false, require => Service['deltacloud-aggregator',
diff --git a/recipes/deltacloud_recipe/manifests/deltacloud.pp b/recipes/deltacloud_recipe/manifests/deltacloud.pp index eef014f..c7693c1 100644 --- a/recipes/deltacloud_recipe/manifests/deltacloud.pp +++ b/recipes/deltacloud_recipe/manifests/deltacloud.pp @@ -3,6 +3,7 @@ import "firewall"
import "postgres" +import "apache" import "rails" import "selinux" import "ntp"