openstack/openstack-ansible-os_keystone
Code Issues Proposed changes
openstack-ansible-os_keystone/templates/keystone-httpd.conf.j2
Andy McCrae 38dbd423d6 Fix apache + uwsgi for keystone 
The vars port specification in the keystone-httpd.conf.j2 were
incorrectly referencing vars instead of strings, causing failures.

Additionally, the conf created for uwsgi and apache includes all the
WSGI settings - which is not in line with how it should look.

Encasing the WSGI settings in an if statement so that it lines up with
the example conf file from the keystone docs.

We will also need to enable the proxy_http module for uwsgi with apache.

Change-Id: I64eec88452333eee6397ccbad13cd80a5275e607
2016-09-01 14:36:03 +01:00

118 lines
4.3 KiB
Django/Jinja
Raw Blame History

# {{ ansible_managed }}
<VirtualHost *:{{ keystone_service_port }}>
{% if keystone_mod_wsgi_enabled | bool -%}
WSGIDaemonProcess keystone-service user={{ keystone_system_user_name }} group={{ keystone_system_group_name }} processes={{ keystone_wsgi_processes }} threads={{ keystone_wsgi_threads }} display-name=%{GROUP} python-path={{ keystone_bin | dirname }}/lib/python2.7/site-packages
WSGIProcessGroup keystone-service
WSGIScriptAlias / /var/www/cgi-bin/keystone/main
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
<IfVersion >= 2.4>
ErrorLogFormat "%{cu}t %M"
</IfVersion>
LogLevel {{ keystone_apache_log_level }}
ErrorLog /var/log/keystone/keystone-apache-error.log
CustomLog /var/log/keystone/ssl_access.log {{ keystone_apache_custom_log_format }}
Options +FollowSymLinks
{% if keystone_ssl | bool and keystone_service_internaluri_proto == "https" -%}
SSLEngine on
SSLCertificateFile {{ keystone_ssl_cert }}
SSLCertificateKeyFile {{ keystone_ssl_key }}
{% if keystone_user_ssl_ca_cert is defined -%}
SSLCACertificateFile {{ keystone_ssl_ca_cert }}
{% endif -%}
SSLCompression Off
SSLProtocol {{ keystone_ssl_protocol }}
SSLHonorCipherOrder On
SSLCipherSuite {{ keystone_ssl_cipher_suite }}
SSLOptions +StdEnvVars +ExportCertData
{% endif %}
{% if keystone_sp != {} -%}
ShibURLScheme {{ keystone_service_publicuri_proto }}
<Location /Shibboleth.sso>
SetHandler shib
</Location>
<Location /v3/auth/OS-FEDERATION/websso/saml2>
AuthType shibboleth
ShibRequestSetting requireSession 1
ShibRequestSetting exportAssertion 1
ShibRequireSession On
ShibExportAssertion On
Require valid-user
</Location>
<LocationMatch /v3/OS-FEDERATION/identity_providers/.*?/protocols/saml2/auth>
ShibRequestSetting requireSession 1
AuthType shibboleth
ShibExportAssertion Off
Require valid-user
</LocationMatch>
WSGIScriptAliasMatch ^(/v3/OS-FEDERATION/identity_providers/.*?/protocols/.*?/auth)$ /var/www/cgi-bin/keystone/main/$1
{% endif %}
<Directory /var/www/cgi-bin/keystone>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
{% else %}
ProxyPass / uwsgi://127.0.0.1:{{ keystone_uwsgi_ports['keystone-wsgi-public']['socket'] }}/
{% endif %}
</VirtualHost>
<VirtualHost *:{{ keystone_admin_port }}>
{% if keystone_mod_wsgi_enabled | bool -%}
WSGIDaemonProcess keystone-admin user={{ keystone_system_user_name }} group={{ keystone_system_group_name }} processes={{ keystone_wsgi_processes }} threads={{ keystone_wsgi_threads }} display-name=%{GROUP} python-path={{ keystone_bin | dirname }}/lib/python2.7/site-packages
WSGIProcessGroup keystone-admin
WSGIScriptAlias / /var/www/cgi-bin/keystone/admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
<IfVersion >= 2.4>
ErrorLogFormat "%{cu}t %M"
</IfVersion>
LogLevel {{ keystone_apache_log_level }}
ErrorLog /var/log/keystone/keystone-apache-error.log
CustomLog /var/log/keystone/ssl_access.log {{ keystone_apache_custom_log_format }}
Options +FollowSymLinks
{% if keystone_ssl | bool and keystone_service_adminuri_proto == "https" -%}
SSLEngine on
SSLCertificateFile {{ keystone_ssl_cert }}
SSLCertificateKeyFile {{ keystone_ssl_key }}
{% if keystone_user_ssl_ca_cert is defined -%}
SSLCACertificateFile {{ keystone_ssl_ca_cert }}
{% endif -%}
SSLCompression Off
SSLProtocol {{ keystone_ssl_protocol }}
SSLHonorCipherOrder On
SSLCipherSuite {{ keystone_ssl_cipher_suite }}
SSLOptions +StdEnvVars +ExportCertData
{% endif %}
<Directory /var/www/cgi-bin/keystone>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
{% else -%}
ProxyPass / uwsgi://127.0.0.1:{{ keystone_uwsgi_ports['keystone-wsgi-admin']["socket"] }}/
{% endif %}
</VirtualHost>
{% if not keystone_mod_wsgi_enabled | bool -%}
ProxyPass /identity uwsgi://127.0.0.1:{{ keystone_uwsgi_ports['keystone-wsgi-public']['socket'] }}/
ProxyPass /identity_admin uwsgi://127.0.0.1:{{ keystone_uwsgi_ports['keystone-wsgi-admin']['socket'] }}/
{% endif %}
View Git Blame Copy Permalink