diff options
author | Dan Trainor <dan.trainor@gmail.com> | 2017-01-24 16:51:08 -0700 |
---|---|---|
committer | Dan Trainor <dan.trainor@gmail.com> | 2017-02-03 20:04:10 -0500 |
commit | 9a69201b5fd40c199468d89d7567c7869e7c5178 (patch) | |
tree | 3a2df42d44cb48c7f5fc7c2f30a7f89e6645cd73 | |
parent | a75c6c618e34d74389b9963f994f5e18ec29674a (diff) |
Proxy API endpoints that UI uses
Add support to enable the UI to use paths via mod_proxy to access API
endpoints instead of connecting to each endpoint directly on a port
other than where the UI is served from. This is necessary to prevent
certificate acceptance errors from non-Chrome browsers which take
exception to connections made to other ports on the same hostname, using
one SSL certificate.
This change extends the UI's Apache configuration to create one
mod_proxy location for each of the API endpoints that UI calls upon.
These mod_proxy (using ProxyPass, ProxyPassReverse) endpoints are
configured using new heira variables provided in the dependent commit.
Additionally, this change modifies the default UI configuration file to
include endpoint URLs formatted to use the new endpoint paths that are
created.
Removed puppet variables which were previously used to generate the
contents of the tripleo_ui_config.js template, since they are no longer
used to generate this file, replaced with the new endpoint URLs
formatted to use the new endpoint paths that are created.
Change-Id: I55e375ad462fa98e181277ec0bd88658e620e8ad
Implements: blueprint proxy-undercloud-api-services
Depends-On: Ib20f4b0891563ae90ec80675635a64c39bd2fdb7
-rw-r--r-- | manifests/ui.pp | 127 | ||||
-rw-r--r-- | releasenotes/notes/proxy-api-endpoints-359e5fb64d80d400.yaml | 6 | ||||
-rw-r--r-- | releasenotes/notes/remove-old-urls-dea2b7fdcb50dd48.yaml | 12 | ||||
-rw-r--r-- | spec/classes/tripleo_ui_spec.rb | 64 | ||||
-rw-r--r-- | templates/ui/tripleo_ui_config.js.erb | 15 |
5 files changed, 160 insertions, 64 deletions
diff --git a/manifests/ui.pp b/manifests/ui.pp index 27e3e50..7b87397 100644 --- a/manifests/ui.pp +++ b/manifests/ui.pp @@ -31,37 +31,53 @@ # The port on which the UI is listening. # Defaults to 3000 # -# [*keystone_url*] -# The keystone service url -# Defaults to hiera('keystone::endpoint::public_url') +# [*endpoint_proxy_keystone*] +# The keystone proxy endpoint url +# Defaults to undef # -# [*heat_url*] -# The heat service url -# Defaults to hiera('heat::keystone::auth::public_url') +# [*endpoint_config_keystone*] +# The keystone config endpoint url +# Defaults to undef # -# [*heat_url*] -# The heat service url -# Defaults to hiera('heat::keystone::auth::public_url') +# [*endpoint_proxy_heat*] +# The heat proxy endpoint url +# Defaults to undef # -# [*heat_url*] -# The heat service url -# Defaults to hiera('heat::keystone::auth::public_url') +# [*endpoint_config_heat*] +# The heat config endpoint url +# Defaults to undef # -# [*ironic_url*] -# The ironic service url -# Defaults to hiera('ironic::keystone::auth::public_url') +# [*endpoint_proxy_ironic*] +# The ironic proxy endpoint url +# Defaults to undef # -# [*mistral_url*] -# The mistral service url -# Defaults to hiera('mistral::keystone::auth::public_url') +# [*endpoint_config_ironic*] +# The ironic config endpoint url +# Defaults to undef # -# [*swift_url*] -# The swift service url -# Defaults to hiera('swift::keystone::auth::public_url') +# [*endpoint_proxy_mistral*] +# The mistral proxy endpoint url +# Defaults to undef # -# [*zaqar_websocket_url*] -# The zaqar websocket url -# Defaults to hiera('zaquar::keystone::auth_websocket::public_url') +# [*endpoint_config_mistral*] +# The mistral config endpoint url +# Defaults to undef +# +# [*endpoint_proxy_swift*] +# The swift proxy endpoint url +# Defaults to undef +# +# [*endpoint_config_swift*] +# The swift config endpoint url +# Defaults to undef +# +# [*endpoint_proxy_zaqar*] +# The zaqar proxy endpoint url +# Defaults to undef +# +# [*endpoint_config_zaqar*] +# The zaqar config endpoint url +# Defaults to undf # # [*zaqar_default_queue*] # The zaqar default queue @@ -69,18 +85,29 @@ # Defaults to 'tripleo' # class tripleo::ui ( - $servername = $::fqdn, - $bind_host = hiera('controller_host'), - $ui_port = 3000, - $keystone_url = hiera('keystone_auth_uri_v2'), - $heat_url = hiera('heat::keystone::auth::public_url', undef), - $ironic_url = hiera('ironic::keystone::auth::public_url', undef), - $mistral_url = hiera('mistral::keystone::auth::public_url', undef), - $swift_url = hiera('swift::keystone::auth::public_url', undef), - $zaqar_websocket_url = hiera('zaqar::keystone::auth_websocket::public_url', undef), - $zaqar_default_queue = 'tripleo' + $servername = $::fqdn, + $bind_host = hiera('controller_host'), + $ui_port = 3000, + $zaqar_default_queue = 'tripleo', + $endpoint_proxy_zaqar = undef, + $endpoint_proxy_keystone = undef, + $endpoint_proxy_heat = undef, + $endpoint_proxy_ironic = undef, + $endpoint_proxy_mistral = undef, + $endpoint_proxy_swift = undef, + $endpoint_config_zaqar = undef, + $endpoint_config_keystone = undef, + $endpoint_config_heat = undef, + $endpoint_config_ironic = undef, + $endpoint_config_mistral = undef, + $endpoint_config_swift = undef, + ) { + include ::apache::mod::proxy + include ::apache::mod::proxy_http + include ::apache::mod::proxy_wstunnel + ::apache::vhost { 'tripleo-ui': ensure => 'present', servername => $servername, @@ -89,6 +116,38 @@ class tripleo::ui ( docroot => '/var/www/openstack-tripleo-ui/dist', options => ['Indexes', 'FollowSymLinks'], fallbackresource => '/index.html', + proxy_pass => [ + { + 'path' => '/zaqar', + 'url' => $endpoint_proxy_zaqar + }, + { + 'path' => '/keystone', + 'url' => $endpoint_proxy_keystone, + 'reverse_urls' => $endpoint_proxy_keystone + }, + { + 'path' => '/heat', + 'url' => $endpoint_proxy_heat, + 'reverse_urls' => $endpoint_proxy_heat + }, + { + 'path' => '/ironic', + 'url' => $endpoint_proxy_ironic, + 'reverse_urls' => $endpoint_proxy_ironic + }, + { + 'path' => '/mistral', + 'url' => $endpoint_proxy_mistral, + 'reverse_urls' => $endpoint_proxy_mistral + }, + { + 'path' => '/swift', + 'url' => $endpoint_proxy_swift, + 'reverse_urls' => $endpoint_proxy_swift + }, + ], + } # We already use apache::vhost to generate our own diff --git a/releasenotes/notes/proxy-api-endpoints-359e5fb64d80d400.yaml b/releasenotes/notes/proxy-api-endpoints-359e5fb64d80d400.yaml new file mode 100644 index 0000000..63830e5 --- /dev/null +++ b/releasenotes/notes/proxy-api-endpoints-359e5fb64d80d400.yaml @@ -0,0 +1,6 @@ +--- +features: + - Added ability to proxy API service endpoints through + Apache mod_rewrite rules by creating ProxyPass and + ProxyPassReverse directives for each API service + diff --git a/releasenotes/notes/remove-old-urls-dea2b7fdcb50dd48.yaml b/releasenotes/notes/remove-old-urls-dea2b7fdcb50dd48.yaml new file mode 100644 index 0000000..d82ff11 --- /dev/null +++ b/releasenotes/notes/remove-old-urls-dea2b7fdcb50dd48.yaml @@ -0,0 +1,12 @@ +--- +upgrade: + - | + Removed the following URL configuration variables from tripleo::ui: + + * keystone_url + * heat_url + * ironic_url + * mistral_url + * swift_url + * zaqar_websocket_url + diff --git a/spec/classes/tripleo_ui_spec.rb b/spec/classes/tripleo_ui_spec.rb index 588a944..0805e58 100644 --- a/spec/classes/tripleo_ui_spec.rb +++ b/spec/classes/tripleo_ui_spec.rb @@ -24,9 +24,20 @@ describe 'tripleo::ui' do context 'with required parameters' do let(:params) { { - :servername => facts[:hostname], - :bind_host => '127.0.0.1', - :keystone_url => 'http://127.0.0.1:5000/' + :servername => facts[:hostname], + :bind_host => '127.0.0.1', + :endpoint_proxy_keystone => 'http://127.0.0.1:5000', + :endpoint_proxy_zaqar => 'ws://127.0.0.1:9000/zaqar', + :endpoint_proxy_heat => 'http://127.0.0.1:8004', + :endpoint_proxy_ironic => 'http://127.0.0.1:6385', + :endpoint_proxy_mistral => 'http://127.0.0.1:8989', + :endpoint_proxy_swift => 'http://127.0.0.1:8080', + :endpoint_config_keystone => 'https://127.0.0.1:443/keystone/v2.0', + :endpoint_config_zaqar => 'wss://127.0.0.1:443/zaqar', + :endpoint_config_heat => 'https://127.0.0.1:443/heat/v1/%(tenant_id)s', + :endpoint_config_ironic => 'https://127.0.0.1:443/ironic', + :endpoint_config_mistral => 'https://127.0.0.1:443/mistral/v2', + :endpoint_config_swift => 'https://127.0.0.1:443/swift/v1/AUTH_%(tenant_id)s' } } it 'should configure tripleo ui' do @@ -42,23 +53,34 @@ describe 'tripleo::ui' do ) is_expected.to contain_file('/etc/httpd/conf.d/openstack-tripleo-ui.conf').with_content(/cleaned by Puppet/) is_expected.to contain_file('/var/www/openstack-tripleo-ui/dist/tripleo_ui_config.js') - .with_content(/"keystone": "http:\/\/127.0.0.1:5000\/"/) + .with_content(/"keystone": "https:\/\/127.0.0.1:443\/keystone\/v2.0"/) + .with_content(/"heat": "https:\/\/127.0.0.1:443\/heat\/v1\/%\(tenant_id\)s"/) + .with_content(/"zaqar-websocket": "wss:\/\/127.0.0.1:443\/zaqar"/) + .with_content(/"ironic": "https:\/\/127.0.0.1:443\/ironic"/) + .with_content(/"mistral": "https:\/\/127.0.0.1:443\/mistral\/v2"/) + .with_content(/"swift": "https:\/\/127.0.0.1:443\/swift\/v1\/AUTH_%\(tenant_id\)s"/) .with_content(/"zaqar_default_queue": "tripleo"/) end end context 'with all parameters' do let(:params) { { - :servername => 'custom.example.com', - :bind_host => '127.0.0.2', - :ui_port => 3001, - :keystone_url => 'http://127.0.0.1:1111/', - :heat_url => 'http://127.0.0.1:2222/', - :ironic_url => 'http://127.0.0.1:3333/', - :mistral_url => 'http://127.0.0.1:4444/', - :swift_url => 'http://127.0.0.1:5555/', - :zaqar_websocket_url => 'http://127.0.0.1:6666/', - :zaqar_default_queue => 'myqueue' + :servername => 'custom.example.com', + :bind_host => '127.0.0.2', + :ui_port => 3001, + :endpoint_proxy_keystone => 'http://127.0.0.1:5000', + :endpoint_proxy_zaqar => 'ws://127.0.0.1:9000/zaqar', + :endpoint_proxy_heat => 'http://127.0.0.1:8004', + :endpoint_proxy_ironic => 'http://127.0.0.1:6385', + :endpoint_proxy_mistral => 'http://127.0.0.1:8989', + :endpoint_proxy_swift => 'http://127.0.0.1:8080', + :endpoint_config_keystone => 'https://127.0.0.1:443/keystone/v2.0', + :endpoint_config_zaqar => 'wss://127.0.0.1:443/zaqar', + :endpoint_config_heat => 'https://127.0.0.1:443/heat/v1/%(tenant_id)s', + :endpoint_config_ironic => 'https://127.0.0.1:443/ironic', + :endpoint_config_mistral => 'https://127.0.0.1:443/mistral/v2', + :endpoint_config_swift => 'https://127.0.0.1:443/swift/v1/AUTH_%(tenant_id)s', + :zaqar_default_queue => 'tripleo' } } it 'should configure tripleo ui' do @@ -74,13 +96,13 @@ describe 'tripleo::ui' do ) is_expected.to contain_file('/etc/httpd/conf.d/openstack-tripleo-ui.conf').with_content(/cleaned by Puppet/) is_expected.to contain_file('/var/www/openstack-tripleo-ui/dist/tripleo_ui_config.js') - .with_content(/"keystone": "http:\/\/127.0.0.1:1111\/"/) - .with_content(/"heat": "http:\/\/127.0.0.1:2222\/"/) - .with_content(/"ironic": "http:\/\/127.0.0.1:3333\/"/) - .with_content(/"mistral": "http:\/\/127.0.0.1:4444\/"/) - .with_content(/"swift": "http:\/\/127.0.0.1:5555\/"/) - .with_content(/"zaqar-websocket": "http:\/\/127.0.0.1:6666\/"/) - .with_content(/"zaqar_default_queue": "myqueue"/) + .with_content(/"keystone": "https:\/\/127.0.0.1:443\/keystone\/v2.0"/) + .with_content(/"heat": "https:\/\/127.0.0.1:443\/heat\/v1\/%\(tenant_id\)s"/) + .with_content(/"zaqar-websocket": "wss:\/\/127.0.0.1:443\/zaqar"/) + .with_content(/"ironic": "https:\/\/127.0.0.1:443\/ironic"/) + .with_content(/"mistral": "https:\/\/127.0.0.1:443\/mistral\/v2"/) + .with_content(/"swift": "https:\/\/127.0.0.1:443\/swift\/v1\/AUTH_%\(tenant_id\)s"/) + .with_content(/"zaqar_default_queue": "tripleo"/) end end diff --git a/templates/ui/tripleo_ui_config.js.erb b/templates/ui/tripleo_ui_config.js.erb index fef8afb..1dd68c6 100644 --- a/templates/ui/tripleo_ui_config.js.erb +++ b/templates/ui/tripleo_ui_config.js.erb @@ -1,13 +1,10 @@ window.tripleOUiConfig = { - "keystone": "<%= @keystone_url %>", - - // The UI automatically discovers below URLs by querying keystone but can be - // changed here if desired. - //"heat": "<%= @heat_url %>", - //"ironic": "<%= @ironic_url %>", - //"mistral": "<%= @mistral_url %>", - //"swift": "<%= @swift_url %>", - //"zaqar-websocket": "<%= @zaqar_websocket_url %>", + "keystone": "<%= @endpoint_config_keystone %>", + "heat": "<%= @endpoint_config_heat %>", + "ironic": "<%= @endpoint_config_ironic %>", + "mistral": "<%= @endpoint_config_mistral %>", + "swift": "<%= @endpoint_config_swift %>", + "zaqar-websocket": "<%= @endpoint_config_zaqar %>", // Default websocket queue name "zaqar_default_queue": "<%= @zaqar_default_queue %>" |