Conditional ACK. I think it needs a few minor tweaks.
I believe setting the request header X_FORWARDED_PROTO will get you
around the redirection that you mentioned in your comment but please
double check that part.
On 01/19/2011 04:54 PM, Mohammed Morsi wrote:
> ---
> contrib/deltacloud-configure.spec | 1 +
> recipes/apache/manifests/init.pp | 34 +++++++++++++++++
> .../files/aggregator-httpd-ssl.conf | 38
> ++++++++++++++++++++
> .../deltacloud_recipe/files/aggregator-httpd.conf | 23 ++++++++++++
> recipes/deltacloud_recipe/manifests/aggregator.pp | 15 ++++++--
> recipes/deltacloud_recipe/manifests/deltacloud.pp | 1 +
> 6 files changed, 109 insertions(+), 3 deletions(-)
> create mode 100644 recipes/apache/manifests/init.pp
> create mode 100644 recipes/deltacloud_recipe/files/aggregator-httpd-ssl.conf
> create mode 100644 recipes/deltacloud_recipe/files/aggregator-httpd.conf
>
> diff --git a/contrib/deltacloud-configure.spec
> b/contrib/deltacloud-configure.spec
> index e49877f..670d401 100644
> --- a/contrib/deltacloud-configure.spec
> +++ b/contrib/deltacloud-configure.spec
> @@ -33,6 +33,7 @@ rm -rf %{buildroot}
> %{__cp} -R %{pbuild}/recipes/deltacloud_recipe/deltacloud_recipe.pp
> %{buildroot}/%{dchome}
> %{__cp} -R %{pbuild}/recipes/deltacloud_recipe/deltacloud_uninstall.pp
> %{buildroot}/%{dchome}
> %{__cp} -R %{pbuild}/recipes/deltacloud_recipe/*/
> %{buildroot}/%{dchome}/modules/deltacloud_recipe
> +%{__cp} -R %{pbuild}/recipes/apache/ %{buildroot}/%{dchome}/modules/apache
> %{__cp} -R %{pbuild}/recipes/firewall/
> %{buildroot}/%{dchome}/modules/firewall
> %{__cp} -R %{pbuild}/recipes/ntp/ %{buildroot}/%{dchome}/modules/ntp
> %{__cp} -R %{pbuild}/recipes/postgres/
> %{buildroot}/%{dchome}/modules/postgres
> diff --git a/recipes/apache/manifests/init.pp
> b/recipes/apache/manifests/init.pp
> new file mode 100644
> index 0000000..fa8fe53
> --- /dev/null
> +++ b/recipes/apache/manifests/init.pp
> @@ -0,0 +1,34 @@
> +$apache_dir = "/etc/httpd"
> +$apache_conf_dir = "${apache_dir}/conf.d"
> +
> +class apache {
> + # require apache and mod_ssl
> + package { "httpd": ensure => installed }
> +
> + if $enable_security {
> + package { "mod_ssl": ensure => installed }
> + }
> +
> + service { "httpd":
> + ensure => running,
> + require => Package["httpd"],
> + hasrestart => true,
> + hasstatus => true
> + }
> +
> + exec { "reload-apache":
> + command => "/sbin/service httpd reload",
> + refreshonly => true
> + }
> +}
> +
> +define apache::site ( $ensure = 'present', $source = '') {
> + $site_file = "${apache_conf_dir}/${name}.conf"
> + file {
> + $site_file:
> + ensure => $ensure,
> + source => $source,
> + notify => Exec["reload-apache"],
> + require => Service['httpd']
> + }
> +}
> diff --git a/recipes/deltacloud_recipe/files/aggregator-httpd-ssl.conf
> b/recipes/deltacloud_recipe/files/aggregator-httpd-ssl.conf
> new file mode 100644
> index 0000000..122952f
> --- /dev/null
> +++ b/recipes/deltacloud_recipe/files/aggregator-httpd-ssl.conf
> @@ -0,0 +1,38 @@
> +NameVirtualHost *:443
> +<VirtualHost *:443>
> +
> + ErrorLog /etc/httpd/logs/error_log
> + TransferLog /etc/httpd/logs/access_log
> + LogLevel debug
> +
> + ProxyRequests Off
> + SSLEngine On
> + SSLCertificateFile /etc/pki/tls/certs/localhost.crt
> + SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
RequestHeader set X_FORWARDED_PROTO 'https'
> + ProxyPreserveHost Off
> +
> +Alias /deltacloud/stylesheets "/usr/share/deltacloud-aggregator/public/"
> +Alias /deltacloud/images "/usr/share/deltacloud-aggregator/public/"
> +Alias /deltacloud/errors "/usr/share/deltacloud-aggregator/public/"
> +
Alias /deltacloud/stylesheets
"/usr/share/deltacloud-aggregator/public/stylesheets"
Alias /deltacloud/images "/usr/share/deltacloud-aggregator/public/images"
Alias /deltacloud/errors "/usr/share/deltacloud-aggregator/public/errors"
Alias /deltacloud/javascripts
"/usr/share/deltacloud-aggregator/public/javascripts"
Alias /fonts "/usr/share/deltacloud-aggregator/public/fonts"
> +# TODO Apache will set HTTP_X_FORWARDED_HOST here to the hostname minus the
> port.
> +# Rails (actioncontroller) will take this and use it for the hostname for
> redirects.
> +# Since we define the http->https rewrite below this isn't an issue but
> +# should probably be resolved at some point
> +ProxyPass /deltacloud/images !
> +ProxyPass /deltacloud/stylesheets !
> +ProxyPass /deltacloud/errors !
> +ProxyPass /deltacloud http://localhost:3000/deltacloud
> +ProxyPassReverse /deltacloud http://localhost:3000/deltacloud
> +ProxyPassReverse /deltacloud/images !
> +ProxyPassReverse /deltacloud/stylesheets !
> +ProxyPassReverse /deltacloud/errors !
> +
> +</VirtualHost>
> +
> +NameVirtualHost *:80
> +<VirtualHost *:80>
> + RewriteEngine On
> + RewriteCond %{HTTPS} off
> + RewriteRule /deltacloud(.*) https://%{HTTP_HOST}%{REQUEST_URI}
> +</VirtualHost>
> diff --git a/recipes/deltacloud_recipe/files/aggregator-httpd.conf
> b/recipes/deltacloud_recipe/files/aggregator-httpd.conf
> new file mode 100644
> index 0000000..6ef80b8
> --- /dev/null
> +++ b/recipes/deltacloud_recipe/files/aggregator-httpd.conf
> @@ -0,0 +1,23 @@
> +NameVirtualHost *:80
> +<VirtualHost *:80>
> +
> + ErrorLog /etc/httpd/logs/error_log
> + TransferLog /etc/httpd/logs/access_log
> + LogLevel warn
> +
> + ProxyRequests Off
> +
> +Alias /deltacloud/stylesheets
> "/usr/share/deltacloud-aggregator/public/stylesheets"
> +Alias /deltacloud/images "/usr/share/deltacloud-aggregator/public/images"
> +Alias /deltacloud/errors "/usr/share/deltacloud-aggregator/public/"
> +
Alias /deltacloud/stylesheets
"/usr/share/deltacloud-aggregator/public/stylesheets"
Alias /deltacloud/images "/usr/share/deltacloud-aggregator/public/images"
Alias /deltacloud/errors "/usr/share/deltacloud-aggregator/public/errors"
Alias /deltacloud/javascripts
"/usr/share/deltacloud-aggregator/public/javascripts"
Alias /fonts "/usr/share/deltacloud-aggregator/public/fonts"
> +ProxyPass /deltacloud/images !
> +ProxyPass /deltacloud/stylesheets !
> +ProxyPass /deltacloud/errors !
> +ProxyPass /deltacloud http://localhost:3000/deltacloud
> +ProxyPassReverse /deltacloud http://localhost:3000/deltacloud
> +ProxyPassReverse /deltacloud/images !
> +ProxyPassReverse /deltacloud/stylesheets !
> +ProxyPassReverse /deltacloud/errors !
> +
> +</VirtualHost>
> diff --git a/recipes/deltacloud_recipe/manifests/aggregator.pp
> b/recipes/deltacloud_recipe/manifests/aggregator.pp
> index 2be247c..0c0c2e2 100644
> --- a/recipes/deltacloud_recipe/manifests/aggregator.pp
> +++ b/recipes/deltacloud_recipe/manifests/aggregator.pp
> @@ -18,13 +18,14 @@ class deltacloud::aggregator inherits deltacloud {
> selinux::mode{"permissive":}
>
> ### Setup firewall for deltacloud
> - firewall::rule{"http": destination_port => '80'}
> + firewall::rule{"http": destination_port => '80' }
> + firewall::rule{"https": destination_port => '443'}
>
> ### Start the deltacloud services
> file {"/var/lib/condor/condor_config.local":
> source =>
> "puppet:///modules/deltacloud_recipe/condor_config.local",
> require => Package['deltacloud-aggregator-daemons'] }
> - service { ['condor', 'httpd']:
> + service { 'condor':
> ensure => 'running',
> enable => true,
> require => File['/var/lib/condor/condor_config.local'] }
> @@ -60,6 +61,14 @@ class deltacloud::aggregator inherits deltacloud {
> cwd => "/usr/share/deltacloud-aggregator",
> rails_env => "production",
> require =>
> Rails::Create::Db[create_deltacloud_database]}
> +
> + ### Setup apache for deltacloud
> + include apache
> + if $enable_security {
> + apache::site{"aggregator": source =>
> 'puppet:///modules/deltacloud_recipe/aggregator-httpd-ssl.conf'}
#This takes over the /etc/httpd/conf.d/deltacloud-aggregator.conf from
#deltacloud-aggregator-daemons.rpm
#Do we need it in deltacloud-aggregator-daemons.rpm anymore?
apache::site{"deltacloud-aggregator": source =>
'puppet:///modules/deltacloud_recipe/aggregator-httpd-ssl.conf'}
> + } else{
> + apache::site{"aggregator": source =>
> 'puppet:///modules/deltacloud_recipe/aggregator-httpd.conf'}
> + apache::site{"deltacloud-aggregator": source =>
'puppet:///modules/deltacloud_recipe/aggregator-httpd.conf'}
> + }
Works for now. It might be worth playing around with the use of
templates instead of files to see if we can avoid the conditionals in
the .pp.
> }
>
> class deltacloud::aggregator::disabled {
> @@ -84,7 +93,7 @@ class deltacloud::aggregator::disabled {
> require => Package['deltacloud-aggregator']}
>
> ### Stop the deltacloud services
> - service { ['condor', 'httpd']:
> + service { 'condor':
> ensure => 'stopped',
> enable => false,
> require => Service['deltacloud-aggregator',
> diff --git a/recipes/deltacloud_recipe/manifests/deltacloud.pp
> b/recipes/deltacloud_recipe/manifests/deltacloud.pp
> index eef014f..c7693c1 100644
> --- a/recipes/deltacloud_recipe/manifests/deltacloud.pp
> +++ b/recipes/deltacloud_recipe/manifests/deltacloud.pp
> @@ -3,6 +3,7 @@
> import "firewall"
>
> import "postgres"
> +import "apache"
> import "rails"
> import "selinux"
> import "ntp"
_______________________________________________
deltacloud-devel mailing list
[email protected]
https://fedorahosted.org/mailman/listinfo/deltacloud-devel
