openstack/kolla-ansible
Code Issues Proposed changes
ac9c74bda9
kolla-ansible/ansible/roles/placement/templates/placement-api-wsgi.conf.j2
James Kirsch e3d5a91a90 Add support for encrypting Horizon and Placement API 
This patch introduces an optional backend encryption for Horizon and
Placement services. When used in conjunction with enabling TLS for
service API endpoints, network communcation will be encrypted end to
end, from client through HAProxy to the Horizon and Placement services.

Change-Id: I9cb274141c95aea20e733baa623da071b30acf2d
Partially-Implements: blueprint add-ssl-internal-network
2020-04-30 20:55:07 +01:00

48 lines
1.9 KiB
Django/Jinja
Raw Blame History

{% set log_dir = '/var/log/kolla/placement' %}
{% if placement_install_type == 'binary' %}
{% set python_path = '/usr/lib/python3/dist-packages' if kolla_base_distro in ['debian', 'ubuntu'] else '/usr/lib/python' ~ distro_python_version ~ '/site-packages' %}
{% else %}
{% set python_path = '/var/lib/kolla/venv/lib/python' + distro_python_version + '/site-packages' %}
{% endif %}
{% set wsgi_directory = '/usr/bin' if placement_install_type == 'binary' else '/var/lib/kolla/venv/bin' %}
{% if placement_enable_tls_backend | bool %}
{% if kolla_base_distro in ['centos'] %}
LoadModule ssl_module /usr/lib64/httpd/modules/mod_ssl.so
{% else %}
LoadModule ssl_module /usr/lib/apache2/modules/mod_ssl.so
{% endif %}
{% endif %}
Listen {{ api_interface_address | put_address_in_context('url') }}:{{ placement_api_listen_port }}
ServerSignature Off
ServerTokens Prod
TraceEnable off
{% if placement_logging_debug | bool %}
LogLevel info
{% endif %}
<VirtualHost *:{{ placement_api_listen_port }}>
WSGIDaemonProcess placement-api processes={{ openstack_service_workers }} threads=1 user=placement group=placement display-name=%{GROUP} python-path={{ python_path }}
WSGIProcessGroup placement-api
WSGIScriptAlias / {{ wsgi_directory }}/placement-api
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
<IfVersion >= 2.4>
ErrorLogFormat "%{cu}t %M"
</IfVersion>
ErrorLog "{{ log_dir }}/placement-api.log"
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b %D \"%{Referer}i\" \"%{User-Agent}i\"" logformat
CustomLog "{{ log_dir }}/placement-api-access.log" logformat
<Directory {{ wsgi_directory }}>
<Files placement-api>
Require all granted
</Files>
</Directory>
{% if placement_enable_tls_backend | bool %}
SSLEngine on
SSLCertificateFile /etc/placement/certs/placement-cert.pem
SSLCertificateKeyFile /etc/placement/certs/placement-key.pem
{% endif %}
</VirtualHost>
View Git Blame Copy Permalink