# # Class to serve barbican with apache mod_wsgi in place of barbican service # # Serving barbican from apache is the recommended way to go for production # systems as the current barbican implementation is not multi-processor aware, # thus limiting the performance for concurrent accesses. # # When using this class you should disable your barbican service. # # == Parameters # # [*servername*] # The servername for the virtualhost. # Optional. Defaults to $::fqdn # # [*public_port*] # The public port. # Optional. Defaults to 9311 # # [*bind_host*] # The host/ip address Apache will listen on. # Optional. Defaults to undef (listen on all ip addresses). # # [*public_path*] # The prefix for the public endpoint. # Optional. Defaults to '/' # # [*ssl*] # Use ssl ? (boolean) # Optional. Defaults to true # # [*workers*] # Number of WSGI workers to spawn. # Optional. Defaults to 1 # # [*ssl_cert*] # (optional) Path to SSL certificate # Default to apache::vhost 'ssl_*' defaults. # # [*ssl_key*] # (optional) Path to SSL key # Default to apache::vhost 'ssl_*' defaults. # # [*ssl_chain*] # (optional) SSL chain # Default to apache::vhost 'ssl_*' defaults. # # [*ssl_ca*] # (optional) Path to SSL certificate authority # Default to apache::vhost 'ssl_*' defaults. # # [*ssl_crl_path*] # (optional) Path to SSL certificate revocation list # Default to apache::vhost 'ssl_*' defaults. # # [*ssl_crl*] # (optional) SSL certificate revocation list name # Default to apache::vhost 'ssl_*' defaults. # # [*ssl_certs_dir*] # apache::vhost ssl parameters. # Optional. Default to apache::vhost 'ssl_*' defaults. # # [*priority*] # (optional) The priority for the vhost. # Defaults to '10' # # [*threads*] # (optional) The number of threads for the vhost. # Defaults to $::os_workers # # == Dependencies # # requires Class['apache'] & Class['barbican'] # # == Examples # # include apache # # class { 'barbican::wsgi::apache': } # # == Authors # # Ade Lee # # == Copyright # # Copyright 2015 Red Hat Inc. # class barbican::wsgi::apache ( $servername = $::fqdn, $public_port = 9311, $bind_host = undef, $public_path = '/', $ssl = true, $workers = 1, $ssl_cert = undef, $ssl_key = undef, $ssl_chain = undef, $ssl_ca = undef, $ssl_crl_path = undef, $ssl_crl = undef, $ssl_certs_dir = undef, $threads = $::os_workers, $priority = '10', ) { include ::barbican::deps include ::barbican::params include ::apache include ::apache::mod::wsgi if $ssl { include ::apache::mod::ssl } Service['httpd'] -> Keystone_endpoint <| |> Service['httpd'] -> Keystone_role <| |> Service['httpd'] -> Keystone_service <| |> Service['httpd'] -> Keystone_tenant <| |> Service['httpd'] -> Keystone_user <| |> Service['httpd'] -> Keystone_user_role <| |> file { $::barbican::params::httpd_config_file: ensure => present, content => "# # This file has been cleaned by Puppet. # # OpenStack Horizon configuration has been moved to: # - ${priority}-barbican_wsgi_main.conf #", } Package<| tag == 'barbican-api' |> -> File[$::barbican::params::httpd_config_file] File[$::barbican::params::httpd_config_file] ~> Service['httpd'] ::openstacklib::wsgi::apache { 'barbican_wsgi_main': bind_host => $bind_host, bind_port => $public_port, group => 'barbican', path => $public_path, priority => $priority, servername => $servername, ssl => $ssl, ssl_ca => $ssl_ca, ssl_cert => $ssl_cert, ssl_certs_dir => $ssl_certs_dir, ssl_chain => $ssl_chain, ssl_crl => $ssl_crl, ssl_crl_path => $ssl_crl_path, ssl_key => $ssl_key, threads => $threads, user => 'barbican', workers => $workers, wsgi_daemon_process => 'barbican-api', wsgi_process_group => 'barbican-api', wsgi_script_dir => $::barbican::params::barbican_wsgi_script_path, wsgi_script_file => 'main', wsgi_script_source => $::barbican::params::barbican_wsgi_script_source, } }