openstack-ansible-os_keystone/templates/keystone-httpd.conf.j2
git-harry 7a8873415c Fix errors when enabling SSL for apache
keystone_ssl_enabled is used to determine whether or not to configure
apache to use SSL. Currently when this variable is set to true the
apache SSL module is not enabled.

This commit adds a task to enable/disable the SSL module based on the
variable keystone_ssl_enabled.

The keystone-httpd.conf template causes a formatting error. This commit
fixes the error so that additional whitespace is no longer added before
SSLEngine.

Change-Id: I1415e5822684af12e1a1dd8a306e708e8931fa38
Closes-bug: #1466827
2015-06-24 13:33:12 +01:00

56 lines
1.9 KiB
Django/Jinja

# {{ ansible_managed }}
{% set threads = ansible_processor_vcpus|default(2) // 2 %}
WSGIDaemonProcess keystone user={{ keystone_system_user_name }} group=nogroup processes={{ ansible_processor_cores|default(1) }} threads={{ threads if threads > 0 else 1 }}
<VirtualHost *:{{ keystone_service_port }}>
LogLevel {{ keystone_apache_log_level }}
ErrorLog /var/log/keystone/keystone-apache-error.log
CustomLog /var/log/keystone/ssl_access.log combined
Options +FollowSymLinks
{% if keystone_ssl_enabled == true -%}
SSLEngine on
SSLCertificateFile {{ keystone_ssl_cert }}
SSLCertificateKeyFile {{ keystone_ssl_key }}
SSLCACertificatePath {{ keystone_ssl_cert_path }}
SSLCARevocationPath {{ keystone_ssl_cert_path }}
SSLVerifyClient optional
SSLVerifyDepth 10
SSLCompression Off
SSLProtocol {{ keystone_ssl_protocol }}
SSLHonorCipherOrder On
SSLCipherSuite {{ keystone_ssl_cipher_suite }}
SSLOptions +StdEnvVars +ExportCertData
{% endif %}
WSGIScriptAlias / /var/www/cgi-bin/keystone/main
WSGIProcessGroup keystone
</VirtualHost>
<VirtualHost *:{{ keystone_admin_port }}>
LogLevel {{ keystone_apache_log_level }}
ErrorLog /var/log/keystone/keystone-apache-error.log
CustomLog /var/log/keystone/ssl_access.log combined
Options +FollowSymLinks
{% if keystone_ssl_enabled == true -%}
SSLEngine on
SSLCertificateFile {{ keystone_ssl_cert }}
SSLCertificateKeyFile {{ keystone_ssl_key }}
SSLCACertificatePath {{ keystone_ssl_cert_path }}
SSLCARevocationPath {{ keystone_ssl_cert_path }}
SSLVerifyClient optional
SSLVerifyDepth 10
SSLCompression Off
SSLProtocol {{ keystone_ssl_protocol }}
SSLHonorCipherOrder On
SSLCipherSuite {{ keystone_ssl_cipher_suite }}
SSLOptions +StdEnvVars +ExportCertData
{% endif %}
WSGIScriptAlias / /var/www/cgi-bin/keystone/admin
WSGIProcessGroup keystone
</VirtualHost>