Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-models / reclass-system / 83266bca291e361aa6e6072437caa9948565a47b^2..83266bca291e361aa6e6072437caa9948565a47b / .
commit83266bca291e361aa6e6072437caa9948565a47b[log] [tgz]
authormcp-jenkins <mcp-jenkins@mirantis.com>Wed Nov 28 14:57:51 2018 +0000
committerGerrit Code Review <mail@domain.com>Wed Nov 28 14:57:51 2018 +0000
treea064652f509495ee744ee851e2a7918a88cc16b4
parentd4c1c8963d83aa5ce57ad057914cc429d0e7fe7c [diff]
parent3d5fe55004f92035f94a2ca77a953c7838f6aa9e [diff]
Merge "Add vrrp check script for Keepalived on DBS nodes"
diff --git a/apache/server/redirect/openstack_web_redirect.yml b/apache/server/redirect/openstack_web_redirect.yml
new file mode 100644
index 0000000..c7be277
--- /dev/null
+++ b/apache/server/redirect/openstack_web_redirect.yml

@@ -0,0 +1,18 @@
+parameters:
+  apache:
+    server:
+      bind:
+        listen_default_ports: False
+      site:
+        horizon_redirect_http_to_https:
+          name: 'openstack_web_redirect'
+          enabled: true
+          type: 'redirect'
+          root: '/var/www/httproot'
+          host:
+            address: ${_param:apache_horizon_api_address}
+            name: ${_param:apache_horizon_api_host}
+            port: 80
+          redirect_mode: rewrite
+          target_url: 'https://%{SERVER_NAME}'
+          listen_address: '0.0.0.0'

diff --git a/apache/server/site/horizon.yml b/apache/server/site/horizon.yml
new file mode 100644
index 0000000..2a3b098
--- /dev/null
+++ b/apache/server/site/horizon.yml

@@ -0,0 +1,63 @@
+parameters:
+  _param:
+    apache_ssl:
+      enabled: false
+    apache_horizon_ssl: ${_param:apache_ssl}
+    apache_horizon_api_address: ${_param:single_address}
+    apache_horizon_api_host: ${linux:network:fqdn}
+  apache:
+    server:
+      enabled: true
+      default_mpm: event
+      modules:
+        - wsgi
+      site:
+        horizon:
+          enabled: false
+          available: true
+          type: wsgi
+          name: openstack_web
+          ssl: ${_param:apache_horizon_ssl}
+          wsgi:
+            daemon_process: horizon
+            processes: 3
+            threads: 10
+            user: horizon
+            group: horizon
+            display_name: '%{GROUP}'
+            script_alias: '/ /usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi'
+            application_group: '%{GLOBAL}'
+            authorization: 'On'
+          limits:
+            request_body: 0
+          host:
+            address: ${_param:apache_horizon_api_address}
+            name: ${_param:apache_horizon_api_host}
+            port: 8078
+          locations:
+            - uri: /static
+              path: /usr/share/openstack-dashboard/static
+          directories:
+            dashboard_static:
+              path: /usr/share/openstack-dashboard/static
+              order: 'allow,deny'
+              allow: 'from all'
+              modules:
+                mod_expires.c:
+                  ExpiresActive: 'On'
+                  ExpiresDefault: '"access 6 month"'
+                mod_deflate.c:
+                  SetOutputFilter: 'DEFLATE'
+            dashboard_wsgi:
+              path: /usr/share/openstack-dashboard/openstack_dashboard/wsgi
+              order: 'allow,deny'
+              allow: 'from all'
+          log:
+            custom:
+              format: >-
+                %v:%p %{X-Forwarded-For}i %h %l %u %t \"%r\" %>s %D %O \"%{Referer}i\" \"%{User-Agent}i\"
+            error:
+              enabled: true
+              level: debug
+              format: '%M'
+              file: '/var/log/apache2/openstack_dashboard_error.log'

diff --git a/defaults/openstack/init.yml b/defaults/openstack/init.yml
index 441e1c1..f04809f 100644
--- a/defaults/openstack/init.yml
+++ b/defaults/openstack/init.yml

@@ -58,3 +58,19 @@
     horizon_public_host: ${_param:cluster_public_host}
     horizon_public_port: 443
     horizon_public_protocol: https
+    # HAproxy
+    haproxy_openstack_web_bind_port: ${_param:horizon_public_port}
+    #
+    # haproxy_openstack_web_sticks_params is defined for SSL by default
+    # if cluster_protocolr HTTP is going to be used then haproxy_openstack_web_sticks_params
+    # should be redefined peroperly. For example empty list.
+    #
+    haproxy_openstack_web_sticks_params:
+      - stick-table type binary len 32 size 30k expire 30m
+      - acl clienthello req_ssl_hello_type 1
+      - acl serverhello rep_ssl_hello_type 2
+      - tcp-request inspect-delay 5s
+      - tcp-request content accept if clienthello
+      - tcp-response content accept if serverhello
+      - stick on payload_lv(43,1) if clienthello
+      - stick store-response payload_lv(43,1) if serverhello

diff --git a/haproxy/proxy/listen/openstack/openstack_web.yml b/haproxy/proxy/listen/openstack/openstack_web.yml
new file mode 100644
index 0000000..a96a337
--- /dev/null
+++ b/haproxy/proxy/listen/openstack/openstack_web.yml

@@ -0,0 +1,22 @@
+parameters:
+  _param:
+    haproxy_openstack_web_check_params: check
+  haproxy:
+    proxy:
+      listen:
+        openstack_web:
+          type: custom
+          check: false
+          sticks: ${_param:haproxy_openstack_web_sticks_params}
+          binds:
+          - address: ${_param:cluster_vip_address}
+            port: ${_param:haproxy_openstack_web_bind_port}
+          servers:
+          - name: ${_param:cluster_node01_hostname}
+            host: ${_param:cluster_node01_address}
+            port: 8078
+            params: ${_param:haproxy_openstack_web_check_params}
+          - name: ${_param:cluster_node02_hostname}
+            host: ${_param:cluster_node02_address}
+            port: 8078
+            params: ${_param:haproxy_openstack_web_check_params}