diff options
| author |   Dimitri Savineau <dsavinea@redhat.com> | 2016-03-23 11:49:41 -0400 |
|---|---|---|
| committer | Dimitri Savineau <dsavinea@redhat.com> | 2016-04-15 11:28:02 -0400 |
| commit | ddecbab150ea87b12819af7b2cc8a23d4ccf1a82 (patch) | |
| tree | f2e1b331cc29b6c44c3e1b1206cb5e689434ed06 /puppet | |
| parent | 4afed8617e56b1d9648955b971d5c2e4cd3cd7f8 (diff) | |
Enable client address in Horizon's logs.
Horizon's backends (httpd) see IP address of the haproxy in the logs instead
of the client address.
This patch allows to:
- Install the remoteip httpd module [1].
- Use the X-Forwarded-For HTTP header and override the haproxy address.
- Configure the Horizon's logs with the client address via httpd logformat.
[1] https://httpd.apache.org/docs/2.4/mod/mod_remoteip.html
[2] https://httpd.apache.org/docs/2.4/mod/mod_log_config.html#logformat
Change-Id: Ib2f215913065426848b48f6293f33a75aff3d328
Depends-On: I54f0f5549d64768dacca71539c71a28cc99d9d95
Diffstat (limited to 'puppet')
| -rw-r--r-- | puppet/controller.yaml | 6 | ||||
| -rw-r--r-- | puppet/hieradata/controller.yaml | 1 | ||||
| -rw-r--r-- | puppet/manifests/overcloud_controller.pp | 1 | ||||
| -rw-r--r-- | puppet/manifests/overcloud_controller_pacemaker.pp | 1 |
4 files changed, 9 insertions, 0 deletions
diff --git a/puppet/controller.yaml b/puppet/controller.yaml index 56eb8b96..8ed28ccb 100644 --- a/puppet/controller.yaml +++ b/puppet/controller.yaml @@ -1234,6 +1234,11 @@ resources: nova_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaApiNetwork]}]} nova_metadata_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaMetadataNetwork]}]} horizon_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HorizonNetwork]}]} + horizon_subnet: + str_replace: + template: "['SUBNET']" + params: + SUBNET: {get_attr: [NetIpSubnetMap, net_ip_subnet_map, {get_param: [ServiceNetMap, HorizonNetwork]}]} rabbitmq_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RabbitMqNetwork]}]} redis_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RedisNetwork]}]} redis_password: {get_param: RedisPassword} @@ -1582,6 +1587,7 @@ resources: nova_enable_db_purge: {get_input: nova_enable_db_purge} # Horizon + apache::mod::remoteip::proxy_ips: {get_input: horizon_subnet} apache::ip: {get_input: horizon_network} horizon::allowed_hosts: {get_input: horizon_allowed_hosts} horizon::django_debug: {get_input: debug} diff --git a/puppet/hieradata/controller.yaml b/puppet/hieradata/controller.yaml index 79db9418..9316cf17 100644 --- a/puppet/hieradata/controller.yaml +++ b/puppet/hieradata/controller.yaml @@ -141,6 +141,7 @@ horizon::django_session_engine: 'django.contrib.sessions.backends.cache' horizon::vhost_extra_params: add_listen: false priority: 10 + access_log_format: '%a %l %u %t \"%r\" %>s %b \"%%{}{Referer}i\" \"%%{}{User-Agent}i\"' # mysql mysql::server::manage_config_file: true diff --git a/puppet/manifests/overcloud_controller.pp b/puppet/manifests/overcloud_controller.pp index d7bb025a..25dac170 100644 --- a/puppet/manifests/overcloud_controller.pp +++ b/puppet/manifests/overcloud_controller.pp @@ -619,6 +619,7 @@ if hiera('step') >= 4 { include ::sahara::service::engine # Horizon + include ::apache::mod::remoteip if 'cisco_n1kv' in hiera('neutron::plugins::ml2::mechanism_drivers') { $_profile_support = 'cisco' } else { diff --git a/puppet/manifests/overcloud_controller_pacemaker.pp b/puppet/manifests/overcloud_controller_pacemaker.pp index 3a6dbc06..16226c6e 100644 --- a/puppet/manifests/overcloud_controller_pacemaker.pp +++ b/puppet/manifests/overcloud_controller_pacemaker.pp @@ -960,6 +960,7 @@ if hiera('step') >= 4 { service_enable => false, # service_manage => false, # <-- not supported with horizon&apache mod_wsgi? } + include ::apache::mod::remoteip include ::apache::mod::status if 'cisco_n1kv' in hiera('neutron::plugins::ml2::mechanism_drivers') { $_profile_support = 'cisco' |