summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDimitri Savineau <dsavinea@redhat.com>2016-03-23 11:49:41 -0400
committerDimitri Savineau <dsavinea@redhat.com>2016-04-15 11:28:02 -0400
commitddecbab150ea87b12819af7b2cc8a23d4ccf1a82 (patch)
treef2e1b331cc29b6c44c3e1b1206cb5e689434ed06
parent4afed8617e56b1d9648955b971d5c2e4cd3cd7f8 (diff)
Enable client address in Horizon's logs.
Horizon's backends (httpd) see IP address of the haproxy in the logs instead of the client address. This patch allows to: - Install the remoteip httpd module [1]. - Use the X-Forwarded-For HTTP header and override the haproxy address. - Configure the Horizon's logs with the client address via httpd logformat. [1] https://httpd.apache.org/docs/2.4/mod/mod_remoteip.html [2] https://httpd.apache.org/docs/2.4/mod/mod_log_config.html#logformat Change-Id: Ib2f215913065426848b48f6293f33a75aff3d328 Depends-On: I54f0f5549d64768dacca71539c71a28cc99d9d95
-rw-r--r--puppet/controller.yaml6
-rw-r--r--puppet/hieradata/controller.yaml1
-rw-r--r--puppet/manifests/overcloud_controller.pp1
-rw-r--r--puppet/manifests/overcloud_controller_pacemaker.pp1
4 files changed, 9 insertions, 0 deletions
diff --git a/puppet/controller.yaml b/puppet/controller.yaml
index 56eb8b96..8ed28ccb 100644
--- a/puppet/controller.yaml
+++ b/puppet/controller.yaml
@@ -1234,6 +1234,11 @@ resources:
nova_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaApiNetwork]}]}
nova_metadata_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaMetadataNetwork]}]}
horizon_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HorizonNetwork]}]}
+ horizon_subnet:
+ str_replace:
+ template: "['SUBNET']"
+ params:
+ SUBNET: {get_attr: [NetIpSubnetMap, net_ip_subnet_map, {get_param: [ServiceNetMap, HorizonNetwork]}]}
rabbitmq_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RabbitMqNetwork]}]}
redis_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RedisNetwork]}]}
redis_password: {get_param: RedisPassword}
@@ -1582,6 +1587,7 @@ resources:
nova_enable_db_purge: {get_input: nova_enable_db_purge}
# Horizon
+ apache::mod::remoteip::proxy_ips: {get_input: horizon_subnet}
apache::ip: {get_input: horizon_network}
horizon::allowed_hosts: {get_input: horizon_allowed_hosts}
horizon::django_debug: {get_input: debug}
diff --git a/puppet/hieradata/controller.yaml b/puppet/hieradata/controller.yaml
index 79db9418..9316cf17 100644
--- a/puppet/hieradata/controller.yaml
+++ b/puppet/hieradata/controller.yaml
@@ -141,6 +141,7 @@ horizon::django_session_engine: 'django.contrib.sessions.backends.cache'
horizon::vhost_extra_params:
add_listen: false
priority: 10
+ access_log_format: '%a %l %u %t \"%r\" %>s %b \"%%{}{Referer}i\" \"%%{}{User-Agent}i\"'
# mysql
mysql::server::manage_config_file: true
diff --git a/puppet/manifests/overcloud_controller.pp b/puppet/manifests/overcloud_controller.pp
index d7bb025a..25dac170 100644
--- a/puppet/manifests/overcloud_controller.pp
+++ b/puppet/manifests/overcloud_controller.pp
@@ -619,6 +619,7 @@ if hiera('step') >= 4 {
include ::sahara::service::engine
# Horizon
+ include ::apache::mod::remoteip
if 'cisco_n1kv' in hiera('neutron::plugins::ml2::mechanism_drivers') {
$_profile_support = 'cisco'
} else {
diff --git a/puppet/manifests/overcloud_controller_pacemaker.pp b/puppet/manifests/overcloud_controller_pacemaker.pp
index 3a6dbc06..16226c6e 100644
--- a/puppet/manifests/overcloud_controller_pacemaker.pp
+++ b/puppet/manifests/overcloud_controller_pacemaker.pp
@@ -960,6 +960,7 @@ if hiera('step') >= 4 {
service_enable => false,
# service_manage => false, # <-- not supported with horizon&apache mod_wsgi?
}
+ include ::apache::mod::remoteip
include ::apache::mod::status
if 'cisco_n1kv' in hiera('neutron::plugins::ml2::mechanism_drivers') {
$_profile_support = 'cisco'