From 9a69201b5fd40c199468d89d7567c7869e7c5178 Mon Sep 17 00:00:00 2001 From: Dan Trainor Date: Tue, 24 Jan 2017 16:51:08 -0700 Subject: Proxy API endpoints that UI uses Add support to enable the UI to use paths via mod_proxy to access API endpoints instead of connecting to each endpoint directly on a port other than where the UI is served from. This is necessary to prevent certificate acceptance errors from non-Chrome browsers which take exception to connections made to other ports on the same hostname, using one SSL certificate. This change extends the UI's Apache configuration to create one mod_proxy location for each of the API endpoints that UI calls upon. These mod_proxy (using ProxyPass, ProxyPassReverse) endpoints are configured using new heira variables provided in the dependent commit. Additionally, this change modifies the default UI configuration file to include endpoint URLs formatted to use the new endpoint paths that are created. Removed puppet variables which were previously used to generate the contents of the tripleo_ui_config.js template, since they are no longer used to generate this file, replaced with the new endpoint URLs formatted to use the new endpoint paths that are created. Change-Id: I55e375ad462fa98e181277ec0bd88658e620e8ad Implements: blueprint proxy-undercloud-api-services Depends-On: Ib20f4b0891563ae90ec80675635a64c39bd2fdb7 --- manifests/ui.pp | 127 +++++++++++++++------ .../proxy-api-endpoints-359e5fb64d80d400.yaml | 6 + .../notes/remove-old-urls-dea2b7fdcb50dd48.yaml | 12 ++ spec/classes/tripleo_ui_spec.rb | 64 +++++++---- templates/ui/tripleo_ui_config.js.erb | 15 +-- 5 files changed, 160 insertions(+), 64 deletions(-) create mode 100644 releasenotes/notes/proxy-api-endpoints-359e5fb64d80d400.yaml create mode 100644 releasenotes/notes/remove-old-urls-dea2b7fdcb50dd48.yaml diff --git a/manifests/ui.pp b/manifests/ui.pp index 27e3e50..7b87397 100644 --- a/manifests/ui.pp +++ b/manifests/ui.pp @@ -31,37 +31,53 @@ # The port on which the UI is listening. # Defaults to 3000 # -# [*keystone_url*] -# The keystone service url -# Defaults to hiera('keystone::endpoint::public_url') +# [*endpoint_proxy_keystone*] +# The keystone proxy endpoint url +# Defaults to undef # -# [*heat_url*] -# The heat service url -# Defaults to hiera('heat::keystone::auth::public_url') +# [*endpoint_config_keystone*] +# The keystone config endpoint url +# Defaults to undef # -# [*heat_url*] -# The heat service url -# Defaults to hiera('heat::keystone::auth::public_url') +# [*endpoint_proxy_heat*] +# The heat proxy endpoint url +# Defaults to undef # -# [*heat_url*] -# The heat service url -# Defaults to hiera('heat::keystone::auth::public_url') +# [*endpoint_config_heat*] +# The heat config endpoint url +# Defaults to undef # -# [*ironic_url*] -# The ironic service url -# Defaults to hiera('ironic::keystone::auth::public_url') +# [*endpoint_proxy_ironic*] +# The ironic proxy endpoint url +# Defaults to undef # -# [*mistral_url*] -# The mistral service url -# Defaults to hiera('mistral::keystone::auth::public_url') +# [*endpoint_config_ironic*] +# The ironic config endpoint url +# Defaults to undef # -# [*swift_url*] -# The swift service url -# Defaults to hiera('swift::keystone::auth::public_url') +# [*endpoint_proxy_mistral*] +# The mistral proxy endpoint url +# Defaults to undef # -# [*zaqar_websocket_url*] -# The zaqar websocket url -# Defaults to hiera('zaquar::keystone::auth_websocket::public_url') +# [*endpoint_config_mistral*] +# The mistral config endpoint url +# Defaults to undef +# +# [*endpoint_proxy_swift*] +# The swift proxy endpoint url +# Defaults to undef +# +# [*endpoint_config_swift*] +# The swift config endpoint url +# Defaults to undef +# +# [*endpoint_proxy_zaqar*] +# The zaqar proxy endpoint url +# Defaults to undef +# +# [*endpoint_config_zaqar*] +# The zaqar config endpoint url +# Defaults to undf # # [*zaqar_default_queue*] # The zaqar default queue @@ -69,18 +85,29 @@ # Defaults to 'tripleo' # class tripleo::ui ( - $servername = $::fqdn, - $bind_host = hiera('controller_host'), - $ui_port = 3000, - $keystone_url = hiera('keystone_auth_uri_v2'), - $heat_url = hiera('heat::keystone::auth::public_url', undef), - $ironic_url = hiera('ironic::keystone::auth::public_url', undef), - $mistral_url = hiera('mistral::keystone::auth::public_url', undef), - $swift_url = hiera('swift::keystone::auth::public_url', undef), - $zaqar_websocket_url = hiera('zaqar::keystone::auth_websocket::public_url', undef), - $zaqar_default_queue = 'tripleo' + $servername = $::fqdn, + $bind_host = hiera('controller_host'), + $ui_port = 3000, + $zaqar_default_queue = 'tripleo', + $endpoint_proxy_zaqar = undef, + $endpoint_proxy_keystone = undef, + $endpoint_proxy_heat = undef, + $endpoint_proxy_ironic = undef, + $endpoint_proxy_mistral = undef, + $endpoint_proxy_swift = undef, + $endpoint_config_zaqar = undef, + $endpoint_config_keystone = undef, + $endpoint_config_heat = undef, + $endpoint_config_ironic = undef, + $endpoint_config_mistral = undef, + $endpoint_config_swift = undef, + ) { + include ::apache::mod::proxy + include ::apache::mod::proxy_http + include ::apache::mod::proxy_wstunnel + ::apache::vhost { 'tripleo-ui': ensure => 'present', servername => $servername, @@ -89,6 +116,38 @@ class tripleo::ui ( docroot => '/var/www/openstack-tripleo-ui/dist', options => ['Indexes', 'FollowSymLinks'], fallbackresource => '/index.html', + proxy_pass => [ + { + 'path' => '/zaqar', + 'url' => $endpoint_proxy_zaqar + }, + { + 'path' => '/keystone', + 'url' => $endpoint_proxy_keystone, + 'reverse_urls' => $endpoint_proxy_keystone + }, + { + 'path' => '/heat', + 'url' => $endpoint_proxy_heat, + 'reverse_urls' => $endpoint_proxy_heat + }, + { + 'path' => '/ironic', + 'url' => $endpoint_proxy_ironic, + 'reverse_urls' => $endpoint_proxy_ironic + }, + { + 'path' => '/mistral', + 'url' => $endpoint_proxy_mistral, + 'reverse_urls' => $endpoint_proxy_mistral + }, + { + 'path' => '/swift', + 'url' => $endpoint_proxy_swift, + 'reverse_urls' => $endpoint_proxy_swift + }, + ], + } # We already use apache::vhost to generate our own diff --git a/releasenotes/notes/proxy-api-endpoints-359e5fb64d80d400.yaml b/releasenotes/notes/proxy-api-endpoints-359e5fb64d80d400.yaml new file mode 100644 index 0000000..63830e5 --- /dev/null +++ b/releasenotes/notes/proxy-api-endpoints-359e5fb64d80d400.yaml @@ -0,0 +1,6 @@ +--- +features: + - Added ability to proxy API service endpoints through + Apache mod_rewrite rules by creating ProxyPass and + ProxyPassReverse directives for each API service + diff --git a/releasenotes/notes/remove-old-urls-dea2b7fdcb50dd48.yaml b/releasenotes/notes/remove-old-urls-dea2b7fdcb50dd48.yaml new file mode 100644 index 0000000..d82ff11 --- /dev/null +++ b/releasenotes/notes/remove-old-urls-dea2b7fdcb50dd48.yaml @@ -0,0 +1,12 @@ +--- +upgrade: + - | + Removed the following URL configuration variables from tripleo::ui: + + * keystone_url + * heat_url + * ironic_url + * mistral_url + * swift_url + * zaqar_websocket_url + diff --git a/spec/classes/tripleo_ui_spec.rb b/spec/classes/tripleo_ui_spec.rb index 588a944..0805e58 100644 --- a/spec/classes/tripleo_ui_spec.rb +++ b/spec/classes/tripleo_ui_spec.rb @@ -24,9 +24,20 @@ describe 'tripleo::ui' do context 'with required parameters' do let(:params) { { - :servername => facts[:hostname], - :bind_host => '127.0.0.1', - :keystone_url => 'http://127.0.0.1:5000/' + :servername => facts[:hostname], + :bind_host => '127.0.0.1', + :endpoint_proxy_keystone => 'http://127.0.0.1:5000', + :endpoint_proxy_zaqar => 'ws://127.0.0.1:9000/zaqar', + :endpoint_proxy_heat => 'http://127.0.0.1:8004', + :endpoint_proxy_ironic => 'http://127.0.0.1:6385', + :endpoint_proxy_mistral => 'http://127.0.0.1:8989', + :endpoint_proxy_swift => 'http://127.0.0.1:8080', + :endpoint_config_keystone => 'https://127.0.0.1:443/keystone/v2.0', + :endpoint_config_zaqar => 'wss://127.0.0.1:443/zaqar', + :endpoint_config_heat => 'https://127.0.0.1:443/heat/v1/%(tenant_id)s', + :endpoint_config_ironic => 'https://127.0.0.1:443/ironic', + :endpoint_config_mistral => 'https://127.0.0.1:443/mistral/v2', + :endpoint_config_swift => 'https://127.0.0.1:443/swift/v1/AUTH_%(tenant_id)s' } } it 'should configure tripleo ui' do @@ -42,23 +53,34 @@ describe 'tripleo::ui' do ) is_expected.to contain_file('/etc/httpd/conf.d/openstack-tripleo-ui.conf').with_content(/cleaned by Puppet/) is_expected.to contain_file('/var/www/openstack-tripleo-ui/dist/tripleo_ui_config.js') - .with_content(/"keystone": "http:\/\/127.0.0.1:5000\/"/) + .with_content(/"keystone": "https:\/\/127.0.0.1:443\/keystone\/v2.0"/) + .with_content(/"heat": "https:\/\/127.0.0.1:443\/heat\/v1\/%\(tenant_id\)s"/) + .with_content(/"zaqar-websocket": "wss:\/\/127.0.0.1:443\/zaqar"/) + .with_content(/"ironic": "https:\/\/127.0.0.1:443\/ironic"/) + .with_content(/"mistral": "https:\/\/127.0.0.1:443\/mistral\/v2"/) + .with_content(/"swift": "https:\/\/127.0.0.1:443\/swift\/v1\/AUTH_%\(tenant_id\)s"/) .with_content(/"zaqar_default_queue": "tripleo"/) end end context 'with all parameters' do let(:params) { { - :servername => 'custom.example.com', - :bind_host => '127.0.0.2', - :ui_port => 3001, - :keystone_url => 'http://127.0.0.1:1111/', - :heat_url => 'http://127.0.0.1:2222/', - :ironic_url => 'http://127.0.0.1:3333/', - :mistral_url => 'http://127.0.0.1:4444/', - :swift_url => 'http://127.0.0.1:5555/', - :zaqar_websocket_url => 'http://127.0.0.1:6666/', - :zaqar_default_queue => 'myqueue' + :servername => 'custom.example.com', + :bind_host => '127.0.0.2', + :ui_port => 3001, + :endpoint_proxy_keystone => 'http://127.0.0.1:5000', + :endpoint_proxy_zaqar => 'ws://127.0.0.1:9000/zaqar', + :endpoint_proxy_heat => 'http://127.0.0.1:8004', + :endpoint_proxy_ironic => 'http://127.0.0.1:6385', + :endpoint_proxy_mistral => 'http://127.0.0.1:8989', + :endpoint_proxy_swift => 'http://127.0.0.1:8080', + :endpoint_config_keystone => 'https://127.0.0.1:443/keystone/v2.0', + :endpoint_config_zaqar => 'wss://127.0.0.1:443/zaqar', + :endpoint_config_heat => 'https://127.0.0.1:443/heat/v1/%(tenant_id)s', + :endpoint_config_ironic => 'https://127.0.0.1:443/ironic', + :endpoint_config_mistral => 'https://127.0.0.1:443/mistral/v2', + :endpoint_config_swift => 'https://127.0.0.1:443/swift/v1/AUTH_%(tenant_id)s', + :zaqar_default_queue => 'tripleo' } } it 'should configure tripleo ui' do @@ -74,13 +96,13 @@ describe 'tripleo::ui' do ) is_expected.to contain_file('/etc/httpd/conf.d/openstack-tripleo-ui.conf').with_content(/cleaned by Puppet/) is_expected.to contain_file('/var/www/openstack-tripleo-ui/dist/tripleo_ui_config.js') - .with_content(/"keystone": "http:\/\/127.0.0.1:1111\/"/) - .with_content(/"heat": "http:\/\/127.0.0.1:2222\/"/) - .with_content(/"ironic": "http:\/\/127.0.0.1:3333\/"/) - .with_content(/"mistral": "http:\/\/127.0.0.1:4444\/"/) - .with_content(/"swift": "http:\/\/127.0.0.1:5555\/"/) - .with_content(/"zaqar-websocket": "http:\/\/127.0.0.1:6666\/"/) - .with_content(/"zaqar_default_queue": "myqueue"/) + .with_content(/"keystone": "https:\/\/127.0.0.1:443\/keystone\/v2.0"/) + .with_content(/"heat": "https:\/\/127.0.0.1:443\/heat\/v1\/%\(tenant_id\)s"/) + .with_content(/"zaqar-websocket": "wss:\/\/127.0.0.1:443\/zaqar"/) + .with_content(/"ironic": "https:\/\/127.0.0.1:443\/ironic"/) + .with_content(/"mistral": "https:\/\/127.0.0.1:443\/mistral\/v2"/) + .with_content(/"swift": "https:\/\/127.0.0.1:443\/swift\/v1\/AUTH_%\(tenant_id\)s"/) + .with_content(/"zaqar_default_queue": "tripleo"/) end end diff --git a/templates/ui/tripleo_ui_config.js.erb b/templates/ui/tripleo_ui_config.js.erb index fef8afb..1dd68c6 100644 --- a/templates/ui/tripleo_ui_config.js.erb +++ b/templates/ui/tripleo_ui_config.js.erb @@ -1,13 +1,10 @@ window.tripleOUiConfig = { - "keystone": "<%= @keystone_url %>", - - // The UI automatically discovers below URLs by querying keystone but can be - // changed here if desired. - //"heat": "<%= @heat_url %>", - //"ironic": "<%= @ironic_url %>", - //"mistral": "<%= @mistral_url %>", - //"swift": "<%= @swift_url %>", - //"zaqar-websocket": "<%= @zaqar_websocket_url %>", + "keystone": "<%= @endpoint_config_keystone %>", + "heat": "<%= @endpoint_config_heat %>", + "ironic": "<%= @endpoint_config_ironic %>", + "mistral": "<%= @endpoint_config_mistral %>", + "swift": "<%= @endpoint_config_swift %>", + "zaqar-websocket": "<%= @endpoint_config_zaqar %>", // Default websocket queue name "zaqar_default_queue": "<%= @zaqar_default_queue %>" -- cgit 1.2.3-korg