summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDan Trainor <dan.trainor@gmail.com>2017-01-24 16:51:08 -0700
committerDan Trainor <dan.trainor@gmail.com>2017-02-03 20:04:10 -0500
commit9a69201b5fd40c199468d89d7567c7869e7c5178 (patch)
tree3a2df42d44cb48c7f5fc7c2f30a7f89e6645cd73
parenta75c6c618e34d74389b9963f994f5e18ec29674a (diff)
Proxy API endpoints that UI uses
Add support to enable the UI to use paths via mod_proxy to access API endpoints instead of connecting to each endpoint directly on a port other than where the UI is served from. This is necessary to prevent certificate acceptance errors from non-Chrome browsers which take exception to connections made to other ports on the same hostname, using one SSL certificate. This change extends the UI's Apache configuration to create one mod_proxy location for each of the API endpoints that UI calls upon. These mod_proxy (using ProxyPass, ProxyPassReverse) endpoints are configured using new heira variables provided in the dependent commit. Additionally, this change modifies the default UI configuration file to include endpoint URLs formatted to use the new endpoint paths that are created. Removed puppet variables which were previously used to generate the contents of the tripleo_ui_config.js template, since they are no longer used to generate this file, replaced with the new endpoint URLs formatted to use the new endpoint paths that are created. Change-Id: I55e375ad462fa98e181277ec0bd88658e620e8ad Implements: blueprint proxy-undercloud-api-services Depends-On: Ib20f4b0891563ae90ec80675635a64c39bd2fdb7
-rw-r--r--manifests/ui.pp127
-rw-r--r--releasenotes/notes/proxy-api-endpoints-359e5fb64d80d400.yaml6
-rw-r--r--releasenotes/notes/remove-old-urls-dea2b7fdcb50dd48.yaml12
-rw-r--r--spec/classes/tripleo_ui_spec.rb64
-rw-r--r--templates/ui/tripleo_ui_config.js.erb15
5 files changed, 160 insertions, 64 deletions
diff --git a/manifests/ui.pp b/manifests/ui.pp
index 27e3e50..7b87397 100644
--- a/manifests/ui.pp
+++ b/manifests/ui.pp
@@ -31,37 +31,53 @@
# The port on which the UI is listening.
# Defaults to 3000
#
-# [*keystone_url*]
-# The keystone service url
-# Defaults to hiera('keystone::endpoint::public_url')
+# [*endpoint_proxy_keystone*]
+# The keystone proxy endpoint url
+# Defaults to undef
#
-# [*heat_url*]
-# The heat service url
-# Defaults to hiera('heat::keystone::auth::public_url')
+# [*endpoint_config_keystone*]
+# The keystone config endpoint url
+# Defaults to undef
#
-# [*heat_url*]
-# The heat service url
-# Defaults to hiera('heat::keystone::auth::public_url')
+# [*endpoint_proxy_heat*]
+# The heat proxy endpoint url
+# Defaults to undef
#
-# [*heat_url*]
-# The heat service url
-# Defaults to hiera('heat::keystone::auth::public_url')
+# [*endpoint_config_heat*]
+# The heat config endpoint url
+# Defaults to undef
#
-# [*ironic_url*]
-# The ironic service url
-# Defaults to hiera('ironic::keystone::auth::public_url')
+# [*endpoint_proxy_ironic*]
+# The ironic proxy endpoint url
+# Defaults to undef
#
-# [*mistral_url*]
-# The mistral service url
-# Defaults to hiera('mistral::keystone::auth::public_url')
+# [*endpoint_config_ironic*]
+# The ironic config endpoint url
+# Defaults to undef
#
-# [*swift_url*]
-# The swift service url
-# Defaults to hiera('swift::keystone::auth::public_url')
+# [*endpoint_proxy_mistral*]
+# The mistral proxy endpoint url
+# Defaults to undef
#
-# [*zaqar_websocket_url*]
-# The zaqar websocket url
-# Defaults to hiera('zaquar::keystone::auth_websocket::public_url')
+# [*endpoint_config_mistral*]
+# The mistral config endpoint url
+# Defaults to undef
+#
+# [*endpoint_proxy_swift*]
+# The swift proxy endpoint url
+# Defaults to undef
+#
+# [*endpoint_config_swift*]
+# The swift config endpoint url
+# Defaults to undef
+#
+# [*endpoint_proxy_zaqar*]
+# The zaqar proxy endpoint url
+# Defaults to undef
+#
+# [*endpoint_config_zaqar*]
+# The zaqar config endpoint url
+# Defaults to undf
#
# [*zaqar_default_queue*]
# The zaqar default queue
@@ -69,18 +85,29 @@
# Defaults to 'tripleo'
#
class tripleo::ui (
- $servername = $::fqdn,
- $bind_host = hiera('controller_host'),
- $ui_port = 3000,
- $keystone_url = hiera('keystone_auth_uri_v2'),
- $heat_url = hiera('heat::keystone::auth::public_url', undef),
- $ironic_url = hiera('ironic::keystone::auth::public_url', undef),
- $mistral_url = hiera('mistral::keystone::auth::public_url', undef),
- $swift_url = hiera('swift::keystone::auth::public_url', undef),
- $zaqar_websocket_url = hiera('zaqar::keystone::auth_websocket::public_url', undef),
- $zaqar_default_queue = 'tripleo'
+ $servername = $::fqdn,
+ $bind_host = hiera('controller_host'),
+ $ui_port = 3000,
+ $zaqar_default_queue = 'tripleo',
+ $endpoint_proxy_zaqar = undef,
+ $endpoint_proxy_keystone = undef,
+ $endpoint_proxy_heat = undef,
+ $endpoint_proxy_ironic = undef,
+ $endpoint_proxy_mistral = undef,
+ $endpoint_proxy_swift = undef,
+ $endpoint_config_zaqar = undef,
+ $endpoint_config_keystone = undef,
+ $endpoint_config_heat = undef,
+ $endpoint_config_ironic = undef,
+ $endpoint_config_mistral = undef,
+ $endpoint_config_swift = undef,
+
) {
+ include ::apache::mod::proxy
+ include ::apache::mod::proxy_http
+ include ::apache::mod::proxy_wstunnel
+
::apache::vhost { 'tripleo-ui':
ensure => 'present',
servername => $servername,
@@ -89,6 +116,38 @@ class tripleo::ui (
docroot => '/var/www/openstack-tripleo-ui/dist',
options => ['Indexes', 'FollowSymLinks'],
fallbackresource => '/index.html',
+ proxy_pass => [
+ {
+ 'path' => '/zaqar',
+ 'url' => $endpoint_proxy_zaqar
+ },
+ {
+ 'path' => '/keystone',
+ 'url' => $endpoint_proxy_keystone,
+ 'reverse_urls' => $endpoint_proxy_keystone
+ },
+ {
+ 'path' => '/heat',
+ 'url' => $endpoint_proxy_heat,
+ 'reverse_urls' => $endpoint_proxy_heat
+ },
+ {
+ 'path' => '/ironic',
+ 'url' => $endpoint_proxy_ironic,
+ 'reverse_urls' => $endpoint_proxy_ironic
+ },
+ {
+ 'path' => '/mistral',
+ 'url' => $endpoint_proxy_mistral,
+ 'reverse_urls' => $endpoint_proxy_mistral
+ },
+ {
+ 'path' => '/swift',
+ 'url' => $endpoint_proxy_swift,
+ 'reverse_urls' => $endpoint_proxy_swift
+ },
+ ],
+
}
# We already use apache::vhost to generate our own
diff --git a/releasenotes/notes/proxy-api-endpoints-359e5fb64d80d400.yaml b/releasenotes/notes/proxy-api-endpoints-359e5fb64d80d400.yaml
new file mode 100644
index 0000000..63830e5
--- /dev/null
+++ b/releasenotes/notes/proxy-api-endpoints-359e5fb64d80d400.yaml
@@ -0,0 +1,6 @@
+---
+features:
+ - Added ability to proxy API service endpoints through
+ Apache mod_rewrite rules by creating ProxyPass and
+ ProxyPassReverse directives for each API service
+
diff --git a/releasenotes/notes/remove-old-urls-dea2b7fdcb50dd48.yaml b/releasenotes/notes/remove-old-urls-dea2b7fdcb50dd48.yaml
new file mode 100644
index 0000000..d82ff11
--- /dev/null
+++ b/releasenotes/notes/remove-old-urls-dea2b7fdcb50dd48.yaml
@@ -0,0 +1,12 @@
+---
+upgrade:
+ - |
+ Removed the following URL configuration variables from tripleo::ui:
+
+ * keystone_url
+ * heat_url
+ * ironic_url
+ * mistral_url
+ * swift_url
+ * zaqar_websocket_url
+
diff --git a/spec/classes/tripleo_ui_spec.rb b/spec/classes/tripleo_ui_spec.rb
index 588a944..0805e58 100644
--- a/spec/classes/tripleo_ui_spec.rb
+++ b/spec/classes/tripleo_ui_spec.rb
@@ -24,9 +24,20 @@ describe 'tripleo::ui' do
context 'with required parameters' do
let(:params) { {
- :servername => facts[:hostname],
- :bind_host => '127.0.0.1',
- :keystone_url => 'http://127.0.0.1:5000/'
+ :servername => facts[:hostname],
+ :bind_host => '127.0.0.1',
+ :endpoint_proxy_keystone => 'http://127.0.0.1:5000',
+ :endpoint_proxy_zaqar => 'ws://127.0.0.1:9000/zaqar',
+ :endpoint_proxy_heat => 'http://127.0.0.1:8004',
+ :endpoint_proxy_ironic => 'http://127.0.0.1:6385',
+ :endpoint_proxy_mistral => 'http://127.0.0.1:8989',
+ :endpoint_proxy_swift => 'http://127.0.0.1:8080',
+ :endpoint_config_keystone => 'https://127.0.0.1:443/keystone/v2.0',
+ :endpoint_config_zaqar => 'wss://127.0.0.1:443/zaqar',
+ :endpoint_config_heat => 'https://127.0.0.1:443/heat/v1/%(tenant_id)s',
+ :endpoint_config_ironic => 'https://127.0.0.1:443/ironic',
+ :endpoint_config_mistral => 'https://127.0.0.1:443/mistral/v2',
+ :endpoint_config_swift => 'https://127.0.0.1:443/swift/v1/AUTH_%(tenant_id)s'
} }
it 'should configure tripleo ui' do
@@ -42,23 +53,34 @@ describe 'tripleo::ui' do
)
is_expected.to contain_file('/etc/httpd/conf.d/openstack-tripleo-ui.conf').with_content(/cleaned by Puppet/)
is_expected.to contain_file('/var/www/openstack-tripleo-ui/dist/tripleo_ui_config.js')
- .with_content(/"keystone": "http:\/\/127.0.0.1:5000\/"/)
+ .with_content(/"keystone": "https:\/\/127.0.0.1:443\/keystone\/v2.0"/)
+ .with_content(/"heat": "https:\/\/127.0.0.1:443\/heat\/v1\/%\(tenant_id\)s"/)
+ .with_content(/"zaqar-websocket": "wss:\/\/127.0.0.1:443\/zaqar"/)
+ .with_content(/"ironic": "https:\/\/127.0.0.1:443\/ironic"/)
+ .with_content(/"mistral": "https:\/\/127.0.0.1:443\/mistral\/v2"/)
+ .with_content(/"swift": "https:\/\/127.0.0.1:443\/swift\/v1\/AUTH_%\(tenant_id\)s"/)
.with_content(/"zaqar_default_queue": "tripleo"/)
end
end
context 'with all parameters' do
let(:params) { {
- :servername => 'custom.example.com',
- :bind_host => '127.0.0.2',
- :ui_port => 3001,
- :keystone_url => 'http://127.0.0.1:1111/',
- :heat_url => 'http://127.0.0.1:2222/',
- :ironic_url => 'http://127.0.0.1:3333/',
- :mistral_url => 'http://127.0.0.1:4444/',
- :swift_url => 'http://127.0.0.1:5555/',
- :zaqar_websocket_url => 'http://127.0.0.1:6666/',
- :zaqar_default_queue => 'myqueue'
+ :servername => 'custom.example.com',
+ :bind_host => '127.0.0.2',
+ :ui_port => 3001,
+ :endpoint_proxy_keystone => 'http://127.0.0.1:5000',
+ :endpoint_proxy_zaqar => 'ws://127.0.0.1:9000/zaqar',
+ :endpoint_proxy_heat => 'http://127.0.0.1:8004',
+ :endpoint_proxy_ironic => 'http://127.0.0.1:6385',
+ :endpoint_proxy_mistral => 'http://127.0.0.1:8989',
+ :endpoint_proxy_swift => 'http://127.0.0.1:8080',
+ :endpoint_config_keystone => 'https://127.0.0.1:443/keystone/v2.0',
+ :endpoint_config_zaqar => 'wss://127.0.0.1:443/zaqar',
+ :endpoint_config_heat => 'https://127.0.0.1:443/heat/v1/%(tenant_id)s',
+ :endpoint_config_ironic => 'https://127.0.0.1:443/ironic',
+ :endpoint_config_mistral => 'https://127.0.0.1:443/mistral/v2',
+ :endpoint_config_swift => 'https://127.0.0.1:443/swift/v1/AUTH_%(tenant_id)s',
+ :zaqar_default_queue => 'tripleo'
} }
it 'should configure tripleo ui' do
@@ -74,13 +96,13 @@ describe 'tripleo::ui' do
)
is_expected.to contain_file('/etc/httpd/conf.d/openstack-tripleo-ui.conf').with_content(/cleaned by Puppet/)
is_expected.to contain_file('/var/www/openstack-tripleo-ui/dist/tripleo_ui_config.js')
- .with_content(/"keystone": "http:\/\/127.0.0.1:1111\/"/)
- .with_content(/"heat": "http:\/\/127.0.0.1:2222\/"/)
- .with_content(/"ironic": "http:\/\/127.0.0.1:3333\/"/)
- .with_content(/"mistral": "http:\/\/127.0.0.1:4444\/"/)
- .with_content(/"swift": "http:\/\/127.0.0.1:5555\/"/)
- .with_content(/"zaqar-websocket": "http:\/\/127.0.0.1:6666\/"/)
- .with_content(/"zaqar_default_queue": "myqueue"/)
+ .with_content(/"keystone": "https:\/\/127.0.0.1:443\/keystone\/v2.0"/)
+ .with_content(/"heat": "https:\/\/127.0.0.1:443\/heat\/v1\/%\(tenant_id\)s"/)
+ .with_content(/"zaqar-websocket": "wss:\/\/127.0.0.1:443\/zaqar"/)
+ .with_content(/"ironic": "https:\/\/127.0.0.1:443\/ironic"/)
+ .with_content(/"mistral": "https:\/\/127.0.0.1:443\/mistral\/v2"/)
+ .with_content(/"swift": "https:\/\/127.0.0.1:443\/swift\/v1\/AUTH_%\(tenant_id\)s"/)
+ .with_content(/"zaqar_default_queue": "tripleo"/)
end
end
diff --git a/templates/ui/tripleo_ui_config.js.erb b/templates/ui/tripleo_ui_config.js.erb
index fef8afb..1dd68c6 100644
--- a/templates/ui/tripleo_ui_config.js.erb
+++ b/templates/ui/tripleo_ui_config.js.erb
@@ -1,13 +1,10 @@
window.tripleOUiConfig = {
- "keystone": "<%= @keystone_url %>",
-
- // The UI automatically discovers below URLs by querying keystone but can be
- // changed here if desired.
- //"heat": "<%= @heat_url %>",
- //"ironic": "<%= @ironic_url %>",
- //"mistral": "<%= @mistral_url %>",
- //"swift": "<%= @swift_url %>",
- //"zaqar-websocket": "<%= @zaqar_websocket_url %>",
+ "keystone": "<%= @endpoint_config_keystone %>",
+ "heat": "<%= @endpoint_config_heat %>",
+ "ironic": "<%= @endpoint_config_ironic %>",
+ "mistral": "<%= @endpoint_config_mistral %>",
+ "swift": "<%= @endpoint_config_swift %>",
+ "zaqar-websocket": "<%= @endpoint_config_zaqar %>",
// Default websocket queue name
"zaqar_default_queue": "<%= @zaqar_default_queue %>"