---
bin/dc-install | 1 +
bin/dc-uninstall | 1 +
contrib/deltacloud_recipe.spec | 1 +
recipes/apache/manifests/init.pp | 34 +++++++++++++++++
.../files/aggregator-httpd-ssl.conf | 38 ++++++++++++++++++++
.../deltacloud_recipe/files/aggregator-httpd.conf | 23 ++++++++++++
recipes/deltacloud_recipe/manifests/aggregator.pp | 16 +++++++--
recipes/deltacloud_recipe/manifests/deltacloud.pp | 7 ++++
10 files changed, 120 insertions(+), 3 deletions(-)
create mode 100644 recipes/apache/manifests/init.pp
create mode 100644 recipes/deltacloud_recipe/files/aggregator-httpd-ssl.conf
create mode 100644 recipes/deltacloud_recipe/files/aggregator-httpd.conf
diff --git a/bin/dc-install b/bin/dc-install
index 8583232..058f14b 100755
--- a/bin/dc-install
+++ b/bin/dc-install
@@ -1,4 +1,5 @@
#!/bin/sh
+export FACTER_DELTACLOUD_ENABLE_SECURITY=true
puppet /usr/share/deltacloud-recipe/deltacloud_recipe.pp \
--modulepath=/usr/share/deltacloud-recipe/modules/
diff --git a/bin/dc-uninstall b/bin/dc-uninstall
index 02a99de..8d3c19e 100755
--- a/bin/dc-uninstall
+++ b/bin/dc-uninstall
@@ -1,4 +1,5 @@
#!/bin/sh
+export FACTER_DELTACLOUD_ENABLE_SECURITY=true
puppet /usr/share/deltacloud-recipe/deltacloud_uninstall.pp \
--modulepath=/usr/share/deltacloud-recipe/modules/
diff --git a/contrib/deltacloud_recipe.spec b/contrib/deltacloud_recipe.spec
index 02ed945..7badda8 100644
--- a/contrib/deltacloud_recipe.spec
+++ b/contrib/deltacloud_recipe.spec
@@ -33,6 +33,7 @@ rm -rf %{buildroot}
%{__cp} -R %{pbuild}/recipes/%{name}/deltacloud_recipe.pp
%{buildroot}/%{dchome}
%{__cp} -R %{pbuild}/recipes/%{name}/deltacloud_uninstall.pp
%{buildroot}/%{dchome}
%{__cp} -R %{pbuild}/recipes/%{name}/*/ %{buildroot}/%{dchome}/modules/%{name}
+%{__cp} -R %{pbuild}/recipes/apache/ %{buildroot}/%{dchome}/modules/apache
%{__cp} -R %{pbuild}/recipes/firewall/ %{buildroot}/%{dchome}/modules/firewall
%{__cp} -R %{pbuild}/recipes/ntp/ %{buildroot}/%{dchome}/modules/ntp
%{__cp} -R %{pbuild}/recipes/postgres/ %{buildroot}/%{dchome}/modules/postgres
diff --git a/recipes/apache/manifests/init.pp b/recipes/apache/manifests/init.pp
new file mode 100644
index 0000000..fa8fe53
--- /dev/null
+++ b/recipes/apache/manifests/init.pp
@@ -0,0 +1,34 @@
+$apache_dir = "/etc/httpd"
+$apache_conf_dir = "${apache_dir}/conf.d"
+
+class apache {
+ # require apache and mod_ssl
+ package { "httpd": ensure => installed }
+
+ if $enable_security {
+ package { "mod_ssl": ensure => installed }
+ }
+
+ service { "httpd":
+ ensure => running,
+ require => Package["httpd"],
+ hasrestart => true,
+ hasstatus => true
+ }
+
+ exec { "reload-apache":
+ command => "/sbin/service httpd reload",
+ refreshonly => true
+ }
+}
+
+define apache::site ( $ensure = 'present', $source = '') {
+ $site_file = "${apache_conf_dir}/${name}.conf"
+ file {
+ $site_file:
+ ensure => $ensure,
+ source => $source,
+ notify => Exec["reload-apache"],
+ require => Service['httpd']
+ }
+}
diff --git a/recipes/deltacloud_recipe/files/aggregator-httpd-ssl.conf
b/recipes/deltacloud_recipe/files/aggregator-httpd-ssl.conf
new file mode 100644
index 0000000..4d10fdb
--- /dev/null
+++ b/recipes/deltacloud_recipe/files/aggregator-httpd-ssl.conf
@@ -0,0 +1,38 @@
+NameVirtualHost *:443
+<VirtualHost *:443>
+
+ ErrorLog /etc/httpd/logs/error_log
+ TransferLog /etc/httpd/logs/access_log
+ LogLevel debug
+
+ ProxyRequests Off
+ SSLEngine On
+ SSLCertificateFile /etc/pki/tls/certs/localhost.crt
+ SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
+ ProxyPreserveHost Off
+
+Alias /deltacloud/stylesheets "/usr/share/deltacloud-aggregator/public/"
+Alias /deltacloud/images "/usr/share/deltacloud-aggregator/public/"
+Alias /deltacloud/errors "/usr/share/deltacloud-aggregator/public/"
+
+# TODO Apache will set HTTP_X_FORWARDED_HOST here to the hostname minus the
port.
+# Rails (actioncontroller) will take this and use it for the hostname for
redirects.
+# Since we define the http->https rewrite below this isn't an issue but
+# should probably be resolved at some point
+ProxyPass /deltacloud/images !
+ProxyPass /deltacloud/stylesheets !
+ProxyPass /deltacloud/errors !
+ProxyPass /deltacloud http://localhost:3000/deltacloud
+ProxyPassReverse /deltacloud http://localhost:3000/deltacloud
+ProxyPassReverse /deltacloud/images !
+ProxyPassReverse /deltacloud/stylesheets !
+ProxyPassReverse /deltacloud/errors !
+
+</VirtualHost>
+
+NameVirtualHost *:80
+<VirtualHost *:80>
+ RewriteEngine On
+ RewriteCond %{HTTPS} off
+ RewriteRule /deltacloud(.*) https://%{HTTP_HOST}%{REQUEST_URI}
+</VirtualHost>
diff --git a/recipes/deltacloud_recipe/files/aggregator-httpd.conf
b/recipes/deltacloud_recipe/files/aggregator-httpd.conf
new file mode 100644
index 0000000..9e4bcf5
--- /dev/null
+++ b/recipes/deltacloud_recipe/files/aggregator-httpd.conf
@@ -0,0 +1,23 @@
+NameVirtualHost *:80
+<VirtualHost *:80>
+
+ ErrorLog /etc/httpd/logs/error_log
+ TransferLog /etc/httpd/logs/access_log
+ LogLevel warn
+
+ ProxyRequests Off
+
+Alias /deltacloud/stylesheets
"/usr/share/deltacloud-aggregator/public/stylesheets"
+Alias /deltacloud/images "/usr/share/deltacloud-aggregator/public/images"
+Alias /deltacloud/errors "/usr/share/deltacloud-aggregator/public/"
+
+ProxyPass /deltacloud/images !
+ProxyPass /deltacloud/stylesheets !
+ProxyPass /deltacloud/errors !
+ProxyPass /deltacloud http://localhost:3000/deltacloud
+ProxyPassReverse /deltacloud http://localhost:3000/deltacloud
+ProxyPassReverse /deltacloud/images !
+ProxyPassReverse /deltacloud/stylesheets !
+ProxyPassReverse /deltacloud/errors !
+
+</VirtualHost>
diff --git a/recipes/deltacloud_recipe/manifests/aggregator.pp
b/recipes/deltacloud_recipe/manifests/aggregator.pp
index 42e5240..0c0c2e2 100644
--- a/recipes/deltacloud_recipe/manifests/aggregator.pp
+++ b/recipes/deltacloud_recipe/manifests/aggregator.pp
@@ -18,13 +18,14 @@ class deltacloud::aggregator inherits deltacloud {
selinux::mode{"permissive":}
### Setup firewall for deltacloud
- firewall::rule{"http": destination_port => '80'}
+ firewall::rule{"http": destination_port => '80' }
+ firewall::rule{"https": destination_port => '443'}
### Start the deltacloud services
file {"/var/lib/condor/condor_config.local":
source => "puppet:///modules/deltacloud_recipe/condor_config.local",
require => Package['deltacloud-aggregator-daemons'] }
- service { ['condor', 'httpd']:
+ service { 'condor':
ensure => 'running',
enable => true,
require => File['/var/lib/condor/condor_config.local'] }
@@ -60,6 +61,14 @@ class deltacloud::aggregator inherits deltacloud {
cwd => "/usr/share/deltacloud-aggregator",
rails_env => "production",
require =>
Rails::Create::Db[create_deltacloud_database]}
+
+ ### Setup apache for deltacloud
+ include apache
+ if $enable_security {
+ apache::site{"aggregator": source =>
'puppet:///modules/deltacloud_recipe/aggregator-httpd-ssl.conf'}
+ } else{
+ apache::site{"aggregator": source =>
'puppet:///modules/deltacloud_recipe/aggregator-httpd.conf'}
+ }
}
class deltacloud::aggregator::disabled {
@@ -84,7 +93,7 @@ class deltacloud::aggregator::disabled {
require => Package['deltacloud-aggregator']}
### Stop the deltacloud services
- service { ['condor', 'httpd']:
+ service { 'condor':
ensure => 'stopped',
enable => false,
require => Service['deltacloud-aggregator',
diff --git a/recipes/deltacloud_recipe/manifests/deltacloud.pp
b/recipes/deltacloud_recipe/manifests/deltacloud.pp
index e892df5..63a71fa 100644
--- a/recipes/deltacloud_recipe/manifests/deltacloud.pp
+++ b/recipes/deltacloud_recipe/manifests/deltacloud.pp
@@ -3,6 +3,7 @@
import "firewall"
import "postgres"
+import "apache"
import "rails"
import "selinux"
import "ntp"
@@ -12,6 +13,12 @@ import "core"
import "iwhd"
import "image-factory"
+if $deltacloud_enable_security == "true" or $deltacloud_enable_security == "1"
{
+ $enable_security = true
+} else {
+ $enable_security = false
+}
+
# Base deltacloud class
class deltacloud {
# Setup repos which to pull deltacloud components
--
1.7.2.3
_______________________________________________
deltacloud-devel mailing list
[email protected]
https://fedorahosted.org/mailman/listinfo/deltacloud-devel
