From 7ffcff03c86d54affb2eed4d7e1a407306b36045 Mon Sep 17 00:00:00 2001 From: Liam Young Date: Mon, 13 Jun 2016 10:51:23 +0000 Subject: [PATCH 1/3] Remove old template for apache pre-2.4 and update openstack_https_frontend.conf to match adapter parameters --- templates/openstack_https_frontend | 24 ---------------------- templates/openstack_https_frontend.conf | 27 ++++++++++++++++++++++++- 2 files changed, 26 insertions(+), 25 deletions(-) delete mode 100644 templates/openstack_https_frontend mode change 120000 => 100644 templates/openstack_https_frontend.conf diff --git a/templates/openstack_https_frontend b/templates/openstack_https_frontend deleted file mode 100644 index ce28fa3..0000000 --- a/templates/openstack_https_frontend +++ /dev/null @@ -1,24 +0,0 @@ -{% if endpoints -%} -{% for ext_port in ext_ports -%} -Listen {{ ext_port }} -{% endfor -%} -{% for address, endpoint, ext, int in endpoints -%} - - ServerName {{ endpoint }} - SSLEngine on - SSLCertificateFile /etc/apache2/ssl/{{ namespace }}/cert_{{ endpoint }} - SSLCertificateKeyFile /etc/apache2/ssl/{{ namespace }}/key_{{ endpoint }} - ProxyPass / http://localhost:{{ int }}/ - ProxyPassReverse / http://localhost:{{ int }}/ - ProxyPreserveHost on - -{% endfor -%} - - Order deny,allow - Allow from all - - - Order allow,deny - Allow from all - -{% endif -%} diff --git a/templates/openstack_https_frontend.conf b/templates/openstack_https_frontend.conf deleted file mode 120000 index 9a2f6f2..0000000 --- a/templates/openstack_https_frontend.conf +++ /dev/null @@ -1 +0,0 @@ -openstack_https_frontend \ No newline at end of file diff --git a/templates/openstack_https_frontend.conf b/templates/openstack_https_frontend.conf new file mode 100644 index 0000000..ebac26a --- /dev/null +++ b/templates/openstack_https_frontend.conf @@ -0,0 +1,26 @@ +{% if options.endpoints -%} +{% for ext_port in options.ext_ports -%} +Listen {{ ext_port }} +{% endfor -%} +{% for address, endpoint, ext, int in options.endpoints -%} + + ServerName {{ endpoint }} + SSLEngine on + SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2 + SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!EXP:!LOW:!MEDIUM + SSLCertificateFile /etc/apache2/ssl/{{ options.service_name }}/cert_{{ endpoint }} + SSLCertificateKeyFile /etc/apache2/ssl/{{ options.service_name }}/key_{{ endpoint }} + ProxyPass / http://localhost:{{ int }}/ + ProxyPassReverse / http://localhost:{{ int }}/ + ProxyPreserveHost on + +{% endfor -%} + + Order deny,allow + Allow from all + + + Order allow,deny + Allow from all + +{% endif -%} From 59db7a57a440b2a12d95ecb3212f8460d50847dc Mon Sep 17 00:00:00 2001 From: Liam Young Date: Mon, 13 Jun 2016 11:11:50 +0000 Subject: [PATCH 2/3] Temp repoint wheelhouse --- wheelhouse.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wheelhouse.txt b/wheelhouse.txt index a5cc61f..3c39e2d 100644 --- a/wheelhouse.txt +++ b/wheelhouse.txt @@ -1,3 +1,3 @@ netifaces>=0.10.4 #charms_openstack -git+https://github.com/openstack-charmers/charms.openstack.git#egg=charms.openstack +git+https://github.com/gnuoy/charms.openstack.git@feature/ssl-support#egg=charms.openstack From 0c69d04e54f33cf52fd1d7b9eb46cda25fa31a62 Mon Sep 17 00:00:00 2001 From: Liam Young Date: Mon, 13 Jun 2016 12:02:00 +0000 Subject: [PATCH 3/3] Ipdate haproxy template --- templates/haproxy.cfg | 38 +++++++++++++++++++------------------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/templates/haproxy.cfg b/templates/haproxy.cfg index 8721d8a..212bae8 100644 --- a/templates/haproxy.cfg +++ b/templates/haproxy.cfg @@ -1,6 +1,6 @@ global - log {{ local_host }} local0 - log {{ local_host }} local1 notice + log {{ options.local_host }} local0 + log {{ options.local_host }} local1 notice maxconn 20000 user haproxy group haproxy @@ -12,52 +12,52 @@ defaults option tcplog option dontlognull retries 3 -{%- if haproxy_queue_timeout %} - timeout queue {{ haproxy_queue_timeout }} +{%- if options.haproxy_queue_timeout %} + timeout queue {{ options.haproxy_queue_timeout }} {%- else %} timeout queue 5000 {%- endif %} -{%- if haproxy_connect_timeout %} - timeout connect {{ haproxy_connect_timeout }} +{%- if options.haproxy_connect_timeout %} + timeout connect {{ options.haproxy_connect_timeout }} {%- else %} timeout connect 5000 {%- endif %} -{%- if haproxy_client_timeout %} - timeout client {{ haproxy_client_timeout }} +{%- if options.haproxy_client_timeout %} + timeout client {{ options.haproxy_client_timeout }} {%- else %} timeout client 30000 {%- endif %} -{%- if haproxy_server_timeout %} - timeout server {{ haproxy_server_timeout }} +{%- if options.haproxy_server_timeout %} + timeout server {{ options.haproxy_server_timeout }} {%- else %} timeout server 30000 {%- endif %} -listen stats {{ stat_port }} +listen stats {{ options.stat_port }} mode http stats enable stats hide-version stats realm Haproxy\ Statistics stats uri / - stats auth admin:password + stats auth admin:{{ options.haproxy_stat_password }} -{% if frontends -%} -{% for service, ports in service_ports.items() -%} +{% if cluster.cluster_hosts -%} +{% for service, ports in options.service_ports.items() -%} frontend tcp-in_{{ service }} bind *:{{ ports[0] }} {% if ipv6 -%} bind :::{{ ports[0] }} {% endif -%} - {% for frontend in frontends -%} - acl net_{{ frontend }} dst {{ frontends[frontend]['network'] }} + {% for frontend in cluster.cluster_hosts -%} + acl net_{{ frontend }} dst {{ cluster.cluster_hosts[frontend]['network'] }} use_backend {{ service }}_{{ frontend }} if net_{{ frontend }} {% endfor -%} - default_backend {{ service }}_{{ default_backend }} + default_backend {{ service }}_{{ options.local_address }} -{% for frontend in frontends -%} +{% for frontend in cluster.cluster_hosts -%} backend {{ service }}_{{ frontend }} balance leastconn - {% for unit, address in frontends[frontend]['backends'].items() -%} + {% for unit, address in cluster.cluster_hosts[frontend]['backends'].items() -%} server {{ unit }} {{ address }}:{{ ports[1] }} check {% endfor %} {% endfor -%}