bb7bd1c58e
The current implementation of airship-libvirt-gate is using sushy-emulator binary to emulate redfish. Sushy-emulator works only for http and also can’t authenticate users out-of-box if ran by itself. In order to check https and authentication the reverse-proxy was introduced. This approach had several drawbacks: 1) http still doesn’t check auth 2) to use apache for https only is too heavy solution for https This change converts reverse proxy to apache running sushy-emulator as wsgi backend, that gives an ability to check authentication for both http and https. We’re also getting rid of ad-hoc sushy-emulator service and using out-of-box apache service implementation. The code also introduces gathering of apache resulting configs and logs for quicker debug if needed. Right now authentication is disabled, since manifests are written in a way so they don’t use them. If it’s necessary to enable it, just set username here[1] PS There is ability to use apache for http-server [2], but it’s better to do as a separate PR [1] roles/airship-libvirt-gate/defaults/main.yaml [2] roles/http-fileserver Change-Id: I43b5bca41519c88b01535c156b2db0e9edaa81bb
65 lines
1.7 KiB
YAML
65 lines
1.7 KiB
YAML
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
---
|
|
- name: redhat | ensuring apache packages are present
|
|
become: true
|
|
when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux'
|
|
yum:
|
|
name:
|
|
- httpd
|
|
update_cache: yes
|
|
state: present
|
|
|
|
- name: ubuntu | ensuring apache packages are present
|
|
become: true
|
|
when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
|
|
apt:
|
|
name:
|
|
- apache2
|
|
update_cache: yes
|
|
state: present
|
|
|
|
- name: Disable default virtual host
|
|
become: true
|
|
command: a2dissite 000-default
|
|
|
|
- name: Enable ssl module
|
|
become: true
|
|
command: a2enmod headers ssl
|
|
|
|
- name: Add ssl configuration
|
|
become: true
|
|
template:
|
|
src: ssl-params.conf.j2
|
|
dest: /etc/apache2/conf-available/ssl-params.conf
|
|
|
|
- name: Enable ssl configuration
|
|
become: true
|
|
command: a2enconf ssl-params
|
|
|
|
- name: redhat | enabling apache on boot and starting
|
|
become: true
|
|
when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux'
|
|
service:
|
|
name: httpd
|
|
state: started
|
|
enabled: true
|
|
|
|
- name: Reload apache2 service
|
|
become: true
|
|
when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
|
|
service:
|
|
name: apache2
|
|
state: reloaded
|
|
|