e12dfaefd7
This adds defined anchor points for external modules to hook into the software install, config and service dependency chain. This allows external modules to manage software installation (virtualenv, containers, etc) and service management (pacemaker) without needing rely on resources that may change or be renamed. Change-Id: If0175f5719ec72871febcec04785d63f56fd3d2b
161 lines
4.3 KiB
Puppet
161 lines
4.3 KiB
Puppet
#
|
|
# Class to serve barbican with apache mod_wsgi in place of barbican service
|
|
#
|
|
# Serving barbican from apache is the recommended way to go for production
|
|
# systems as the current barbican implementation is not multi-processor aware,
|
|
# thus limiting the performance for concurrent accesses.
|
|
#
|
|
# When using this class you should disable your barbican service.
|
|
#
|
|
# == Parameters
|
|
#
|
|
# [*servername*]
|
|
# The servername for the virtualhost.
|
|
# Optional. Defaults to $::fqdn
|
|
#
|
|
# [*public_port*]
|
|
# The public port.
|
|
# Optional. Defaults to 9311
|
|
#
|
|
# [*bind_host*]
|
|
# The host/ip address Apache will listen on.
|
|
# Optional. Defaults to undef (listen on all ip addresses).
|
|
#
|
|
# [*public_path*]
|
|
# The prefix for the public endpoint.
|
|
# Optional. Defaults to '/'
|
|
#
|
|
# [*ssl*]
|
|
# Use ssl ? (boolean)
|
|
# Optional. Defaults to true
|
|
#
|
|
# [*workers*]
|
|
# Number of WSGI workers to spawn.
|
|
# Optional. Defaults to 1
|
|
#
|
|
# [*ssl_cert*]
|
|
# (optional) Path to SSL certificate
|
|
# Default to apache::vhost 'ssl_*' defaults.
|
|
#
|
|
# [*ssl_key*]
|
|
# (optional) Path to SSL key
|
|
# Default to apache::vhost 'ssl_*' defaults.
|
|
#
|
|
# [*ssl_chain*]
|
|
# (optional) SSL chain
|
|
# Default to apache::vhost 'ssl_*' defaults.
|
|
#
|
|
# [*ssl_ca*]
|
|
# (optional) Path to SSL certificate authority
|
|
# Default to apache::vhost 'ssl_*' defaults.
|
|
#
|
|
# [*ssl_crl_path*]
|
|
# (optional) Path to SSL certificate revocation list
|
|
# Default to apache::vhost 'ssl_*' defaults.
|
|
#
|
|
# [*ssl_crl*]
|
|
# (optional) SSL certificate revocation list name
|
|
# Default to apache::vhost 'ssl_*' defaults.
|
|
#
|
|
# [*ssl_certs_dir*]
|
|
# apache::vhost ssl parameters.
|
|
# Optional. Default to apache::vhost 'ssl_*' defaults.
|
|
#
|
|
# [*priority*]
|
|
# (optional) The priority for the vhost.
|
|
# Defaults to '10'
|
|
#
|
|
# [*threads*]
|
|
# (optional) The number of threads for the vhost.
|
|
# Defaults to $::os_workers
|
|
#
|
|
# == Dependencies
|
|
#
|
|
# requires Class['apache'] & Class['barbican']
|
|
#
|
|
# == Examples
|
|
#
|
|
# include apache
|
|
#
|
|
# class { 'barbican::wsgi::apache': }
|
|
#
|
|
# == Authors
|
|
#
|
|
# Ade Lee <alee@redhat.com>
|
|
#
|
|
# == Copyright
|
|
#
|
|
# Copyright 2015 Red Hat Inc. <licensing@redhat.com>
|
|
#
|
|
class barbican::wsgi::apache (
|
|
$servername = $::fqdn,
|
|
$public_port = 9311,
|
|
$bind_host = undef,
|
|
$public_path = '/',
|
|
$ssl = true,
|
|
$workers = 1,
|
|
$ssl_cert = undef,
|
|
$ssl_key = undef,
|
|
$ssl_chain = undef,
|
|
$ssl_ca = undef,
|
|
$ssl_crl_path = undef,
|
|
$ssl_crl = undef,
|
|
$ssl_certs_dir = undef,
|
|
$threads = $::os_workers,
|
|
$priority = '10',
|
|
) {
|
|
|
|
include ::barbican::deps
|
|
include ::barbican::params
|
|
include ::apache
|
|
include ::apache::mod::wsgi
|
|
if $ssl {
|
|
include ::apache::mod::ssl
|
|
}
|
|
|
|
Service['httpd'] -> Keystone_endpoint <| |>
|
|
Service['httpd'] -> Keystone_role <| |>
|
|
Service['httpd'] -> Keystone_service <| |>
|
|
Service['httpd'] -> Keystone_tenant <| |>
|
|
Service['httpd'] -> Keystone_user <| |>
|
|
Service['httpd'] -> Keystone_user_role <| |>
|
|
|
|
file { $::barbican::params::httpd_config_file:
|
|
ensure => present,
|
|
content => "#
|
|
# This file has been cleaned by Puppet.
|
|
#
|
|
# OpenStack Horizon configuration has been moved to:
|
|
# - ${priority}-barbican_wsgi_main.conf
|
|
#",
|
|
}
|
|
|
|
Package<| tag == 'barbican-api' |> -> File[$::barbican::params::httpd_config_file]
|
|
File[$::barbican::params::httpd_config_file] ~> Service['httpd']
|
|
|
|
::openstacklib::wsgi::apache { 'barbican_wsgi_main':
|
|
bind_host => $bind_host,
|
|
bind_port => $public_port,
|
|
group => 'barbican',
|
|
path => $public_path,
|
|
priority => $priority,
|
|
servername => $servername,
|
|
ssl => $ssl,
|
|
ssl_ca => $ssl_ca,
|
|
ssl_cert => $ssl_cert,
|
|
ssl_certs_dir => $ssl_certs_dir,
|
|
ssl_chain => $ssl_chain,
|
|
ssl_crl => $ssl_crl,
|
|
ssl_crl_path => $ssl_crl_path,
|
|
ssl_key => $ssl_key,
|
|
threads => $threads,
|
|
user => 'barbican',
|
|
workers => $workers,
|
|
wsgi_daemon_process => 'barbican-api',
|
|
wsgi_process_group => 'barbican-api',
|
|
wsgi_script_dir => $::barbican::params::barbican_wsgi_script_path,
|
|
wsgi_script_file => 'main',
|
|
wsgi_script_source => $::barbican::params::barbican_wsgi_script_source,
|
|
}
|
|
}
|