ff232ae316
This change makes it so that all services are expecting SSL termination at the load balancer by default. This is more indicative of how a real world deployment will be setup and is being added such that we can test a more production like deployment system by default. The AIO will now terminate SSL in HAProxy using a self-signed cert. Change-Id: Ibbeca3325947b549ae00d11e60bf719741b4b0e4 Re-Implementation-Of: https://review.openstack.org/#/c/277199/9 Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
85 lines
2.7 KiB
YAML
85 lines
2.7 KiB
YAML
---
|
|
# Copyright 2014, Rackspace US, Inc.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
- name: Drop apache2 configs
|
|
template:
|
|
src: "{{ item.src }}"
|
|
dest: "{{ item.dest }}"
|
|
owner: "{{ item.owner|default(horizon_system_user_name) }}"
|
|
group: "{{ item.group|default(horizon_system_group_name) }}"
|
|
with_items:
|
|
- { src: "horizon_apache_ports.conf.j2", dest: "/etc/apache2/ports.conf", owner: "root", group: "root" }
|
|
- { src: "openstack_dashboard.conf.j2", dest: "/etc/apache2/sites-available/openstack-dashboard.conf" }
|
|
notify: Restart apache2
|
|
tags:
|
|
- horizon-apache-config
|
|
- horizon-apache-ports
|
|
- horizon-apache-vhost
|
|
|
|
- name: Enable Horizon Site
|
|
file:
|
|
src: "/etc/apache2/sites-available/{{ item.name }}"
|
|
dest: "/etc/apache2/sites-enabled/{{ item.name }}"
|
|
state: "{{ item.state }}"
|
|
with_items:
|
|
- { state: link, name: openstack-dashboard.conf }
|
|
- { state: absent, name: 000-default.conf }
|
|
notify: Restart apache2
|
|
tags:
|
|
- horizon-apache-config
|
|
- horizon-apache-sites-enabled
|
|
|
|
- name: Enable apache2 modules
|
|
apache2_module:
|
|
state: "{{ item.state }}"
|
|
name: "{{ item.name }}"
|
|
with_items:
|
|
- { state: present, name: wsgi }
|
|
- { state: present, name: ssl }
|
|
- { state: absent, name: mpm_event }
|
|
- { state: present, name: mpm_worker }
|
|
- { state: present, name: rewrite }
|
|
- { state: present, name: headers }
|
|
notify: Restart apache2
|
|
tags:
|
|
- horizon-apache-config
|
|
- horizon-apache-modules
|
|
|
|
- name: Ensure Apache ServerName
|
|
lineinfile:
|
|
dest: "/etc/apache2/apache2.conf"
|
|
line: "ServerName {{ horizon_server_name }}"
|
|
notify: Restart apache2
|
|
tags:
|
|
- horizon-apache-config
|
|
|
|
- name: Ensure Apache ServerTokens
|
|
lineinfile:
|
|
dest: "/etc/apache2/conf-available/security.conf"
|
|
regexp: '^ServerTokens'
|
|
line: "ServerTokens {{ horizon_apache_servertokens }}"
|
|
notify: Restart apache2
|
|
tags:
|
|
- horizon-apache-config
|
|
|
|
- name: Ensure Apache ServerSignature
|
|
lineinfile:
|
|
dest: "/etc/apache2/conf-available/security.conf"
|
|
regexp: '^ServerSignature'
|
|
line: "ServerSignature {{ horizon_apache_serversignature }}"
|
|
notify: Restart apache2
|
|
tags:
|
|
- horizon-apache-config
|