diff --git a/elasticsearch/templates/bin/_apache.sh.tpl b/elasticsearch/templates/bin/_apache.sh.tpl
index cbba386da..6f8aaa8e2 100644
--- a/elasticsearch/templates/bin/_apache.sh.tpl
+++ b/elasticsearch/templates/bin/_apache.sh.tpl
@@ -30,9 +30,9 @@ function start () {
rm -f /etc/httpd/logs/httpd.pid
if [ -f /usr/local/apache2/conf/.htpasswd ]; then
- htpasswd -b /usr/local/apache2/conf/.htpasswd $ELASTICSEARCH_USERNAME $ELASTICSEARCH_PASSWORD
+ htpasswd -b /usr/local/apache2/conf/.htpasswd "$ELASTICSEARCH_USERNAME" "$ELASTICSEARCH_PASSWORD"
else
- htpasswd -cb /usr/local/apache2/conf/.htpasswd $ELASTICSEARCH_USERNAME $ELASTICSEARCH_PASSWORD
+ htpasswd -cb /usr/local/apache2/conf/.htpasswd "$ELASTICSEARCH_USERNAME" "$ELASTICSEARCH_PASSWORD"
fi
#Launch Apache on Foreground
diff --git a/elasticsearch/templates/configmap-etc.yaml b/elasticsearch/templates/configmap-etc.yaml
index cd1ea37d2..17e1065c5 100644
--- a/elasticsearch/templates/configmap-etc.yaml
+++ b/elasticsearch/templates/configmap-etc.yaml
@@ -27,10 +27,6 @@ kind: ConfigMap
metadata:
name: elasticsearch-etc
data:
- httpd.conf: |
-{{- tuple .Values.conf.apache.httpd "etc/_httpd.conf.tpl" . | include "helm-toolkit.utils.configmap_templater" }}
- elasticsearch-host.conf: |
-{{- tuple .Values.conf.apache.host "etc/_elasticsearch-host.conf.tpl" . | include "helm-toolkit.utils.configmap_templater" }}
elasticsearch.yml: |
{{ toYaml .Values.conf.elasticsearch.config | indent 4 }}
log4j2.properties: |
@@ -39,4 +35,6 @@ data:
{{ toYaml .Values.conf.curator.action_file | indent 4 }}
config.yml: |
{{ toYaml .Values.conf.curator.config | indent 4 }}
+#NOTE(portdirect): this must be last, to work round helm ~2.7 bug.
+{{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.httpd "key" "httpd.conf") | indent 2 }}
{{- end }}
diff --git a/elasticsearch/templates/deployment-client.yaml b/elasticsearch/templates/deployment-client.yaml
index 51733ddaf..60088e7d1 100644
--- a/elasticsearch/templates/deployment-client.yaml
+++ b/elasticsearch/templates/deployment-client.yaml
@@ -128,8 +128,6 @@ spec:
initialDelaySeconds: 20
periodSeconds: 10
env:
- - name: ELASTICSEARCH_PORT
- value: {{ tuple "elasticsearch" "internal" "client" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }}
- name: ELASTICSEARCH_USERNAME
valueFrom:
secretKeyRef:
@@ -140,18 +138,6 @@ spec:
secretKeyRef:
name: {{ $esUserSecret }}
key: ELASTICSEARCH_PASSWORD
- - name: LDAP_URL
- value: {{ tuple "ldap" "default" "ldap" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | quote }}
- - name: BIND_DN
- valueFrom:
- secretKeyRef:
- name: {{ $esUserSecret }}
- key: BIND_DN
- - name: BIND_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ $esUserSecret }}
- key: BIND_PASSWORD
volumeMounts:
- name: elasticsearch-bin
mountPath: /tmp/apache.sh
@@ -161,12 +147,6 @@ spec:
mountPath: /usr/local/apache2/conf/httpd.conf
subPath: httpd.conf
readOnly: true
- - name: pod-etc-apache
- mountPath: /usr/local/apache2/conf/sites-enabled
- - name: elasticsearch-etc
- mountPath: /usr/local/apache2/conf/sites-enabled/elasticsearch-host.conf
- subPath: elasticsearch-host.conf
- readOnly: true
- name: elasticsearch-client
{{ tuple $envAll "elasticsearch" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ tuple $envAll $envAll.Values.pod.resources.client | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
diff --git a/elasticsearch/templates/etc/_elasticsearch-host.conf.tpl b/elasticsearch/templates/etc/_elasticsearch-host.conf.tpl
deleted file mode 100644
index 0b5e0f092..000000000
--- a/elasticsearch/templates/etc/_elasticsearch-host.conf.tpl
+++ /dev/null
@@ -1,34 +0,0 @@
-{{/*
-Copyright 2017 The Openstack-Helm Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/}}
-
-
- ProxyRequests On
- ProxyPreserveHost On
-
- ProxyPass http://localhost:${ELASTICSEARCH_PORT}/
- ProxyPassReverse http://localhost:${ELASTICSEARCH_PORT}/
-
-
- AuthName "Elasticsearch"
- AuthType Basic
- AuthBasicProvider file ldap
- AuthUserFile /usr/local/apache2/conf/.htpasswd
- AuthLDAPBindDN ${BIND_DN}
- AuthLDAPBindPassword ${BIND_PASSWORD}
- AuthLDAPURL ${LDAP_URL}
- Require valid-user
-
-
diff --git a/elasticsearch/templates/etc/_httpd.conf.tpl b/elasticsearch/templates/etc/_httpd.conf.tpl
deleted file mode 100644
index 19af85523..000000000
--- a/elasticsearch/templates/etc/_httpd.conf.tpl
+++ /dev/null
@@ -1,189 +0,0 @@
-#
-# This is the main Apache HTTP server configuration file. It contains the
-# configuration directives that give the server its instructions.
-# See for detailed information.
-# In particular, see
-#
-# for a discussion of each configuration directive.
-#
-# Do NOT simply read the instructions in here without understanding
-# what they do. They're here only as hints or reminders. If you are unsure
-# consult the online docs. You have been warned.
-#
-# Configuration and logfile names: If the filenames you specify for many
-# of the server's control files begin with "/" (or "drive:/" for Win32), the
-# server will use that explicit path. If the filenames do *not* begin
-# with "/", the value of ServerRoot is prepended -- so "logs/access_log"
-# with ServerRoot set to "/usr/local/apache2" will be interpreted by the
-# server as "/usr/local/apache2/logs/access_log", whereas "/logs/access_log"
-# will be interpreted as '/logs/access_log'.
-
-ServerRoot "/usr/local/apache2"
-
-#
-# Listen: Allows you to bind Apache to specific IP addresses and/or
-# ports, instead of the default. See also the
-# directive.
-#
-# Change this to Listen on specific IP addresses as shown below to
-# prevent Apache from glomming onto all bound IP addresses.
-#
-#Listen 12.34.56.78:80
-Listen 80
-
-#
-# Dynamic Shared Object (DSO) Support
-#
-# To be able to use the functionality of a module which was built as a DSO you
-# have to place corresponding `LoadModule' lines at this location so the
-# directives contained in it are actually available _before_ they are used.
-# Statically compiled modules (those listed by `httpd -l') do not need
-# to be loaded here.
-#
-# Example:
-# LoadModule foo_module modules/mod_foo.so
-#
-LoadModule mpm_event_module modules/mod_mpm_event.so
-LoadModule authn_file_module modules/mod_authn_file.so
-LoadModule authn_core_module modules/mod_authn_core.so
-LoadModule authz_host_module modules/mod_authz_host.so
-LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
-LoadModule authz_user_module modules/mod_authz_user.so
-LoadModule authz_core_module modules/mod_authz_core.so
-LoadModule access_compat_module modules/mod_access_compat.so
-LoadModule auth_basic_module modules/mod_auth_basic.so
-LoadModule ldap_module modules/mod_ldap.so
-LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
-LoadModule reqtimeout_module modules/mod_reqtimeout.so
-LoadModule filter_module modules/mod_filter.so
-LoadModule proxy_html_module modules/mod_proxy_html.so
-LoadModule log_config_module modules/mod_log_config.so
-LoadModule env_module modules/mod_env.so
-LoadModule headers_module modules/mod_headers.so
-LoadModule setenvif_module modules/mod_setenvif.so
-LoadModule version_module modules/mod_version.so
-LoadModule proxy_module modules/mod_proxy.so
-LoadModule proxy_connect_module modules/mod_proxy_connect.so
-LoadModule proxy_http_module modules/mod_proxy_http.so
-LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
-LoadModule slotmem_shm_module modules/mod_slotmem_shm.so
-LoadModule slotmem_plain_module modules/mod_slotmem_plain.so
-LoadModule unixd_module modules/mod_unixd.so
-LoadModule status_module modules/mod_status.so
-LoadModule autoindex_module modules/mod_autoindex.so
-
-
-#
-# If you wish httpd to run as a different user or group, you must run
-# httpd as root initially and it will switch.
-#
-# User/Group: The name (or #number) of the user/group to run httpd as.
-# It is usually good practice to create a dedicated user and group for
-# running httpd, as with most system services.
-#
-User daemon
-Group daemon
-
-
-
-# 'Main' server configuration
-#
-# The directives in this section set up the values used by the 'main'
-# server, which responds to any requests that aren't handled by a
-# definition. These values also provide defaults for
-# any containers you may define later in the file.
-#
-# All of these directives may appear inside containers,
-# in which case these default settings will be overridden for the
-# virtual host being defined.
-#
-
-#
-# Deny access to the entirety of your server's filesystem. You must
-# explicitly permit access to web content directories in other
-# blocks below.
-#
-
- AllowOverride none
- Require all denied
-
-
-#
-# The following lines prevent .htaccess and .htpasswd files from being
-# viewed by Web clients.
-#
-
- Require all denied
-
-
-#
-# ErrorLog: The location of the error log file.
-# If you do not specify an ErrorLog directive within a
-# container, error messages relating to that virtual host will be
-# logged here. If you *do* define an error logfile for a
-# container, that host's errors will be logged there and not here.
-#
-ErrorLog /dev/stderr
-
-#
-# LogLevel: Control the number of messages logged to the error_log.
-# Possible values include: debug, info, notice, warn, error, crit,
-# alert, emerg.
-#
-LogLevel warn
-
-
- #
- # The following directives define some format nicknames for use with
- # a CustomLog directive (see below).
- #
- LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
- LogFormat "%h %l %u %t \"%r\" %>s %b" common
-
-
- # You need to enable mod_logio.c to use %I and %O
- LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
-
-
- #
- # The location and format of the access logfile (Common Logfile Format).
- # If you do not define any access logfiles within a
- # container, they will be logged here. Contrariwise, if you *do*
- # define per- access logfiles, transactions will be
- # logged therein and *not* in this file.
- #
- CustomLog /dev/stdout common
-
- #
- # If you prefer a logfile with access, agent, and referer information
- # (Combined Logfile Format) you can use the following directive.
- #
- CustomLog /dev/stdout combined
-
-
-#
-# "/usr/local/apache2/cgi-bin" should be changed to whatever your ScriptAliased
-# CGI directory exists, if you have that configured.
-#
-
- AllowOverride None
- Options None
- Require all granted
-
-
-
- #
- # Avoid passing HTTP_PROXY environment to CGI's on this or any proxied
- # backend servers which have lingering "httpoxy" defects.
- # 'Proxy' request header is undefined by the IETF, not listed by IANA
- #
- RequestHeader unset Proxy early
-
-
-# Virtual hosts
-Include conf/sites-enabled/*.conf
-
-# Configure mod_proxy_html to understand HTML4/XHTML1
-
-Include conf/extra/proxy-html.conf
-
diff --git a/elasticsearch/values.yaml b/elasticsearch/values.yaml
index 94b63613f..ebd6adad8 100644
--- a/elasticsearch/values.yaml
+++ b/elasticsearch/values.yaml
@@ -176,9 +176,101 @@ secrets:
user: elasticsearch-admin-creds
conf:
- apache:
- httpd: null
- elasticsearch_host: null
+ httpd: |
+ ServerRoot "/usr/local/apache2"
+
+ Listen 80
+
+ LoadModule mpm_event_module modules/mod_mpm_event.so
+ LoadModule authn_file_module modules/mod_authn_file.so
+ LoadModule authn_core_module modules/mod_authn_core.so
+ LoadModule authz_host_module modules/mod_authz_host.so
+ LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
+ LoadModule authz_user_module modules/mod_authz_user.so
+ LoadModule authz_core_module modules/mod_authz_core.so
+ LoadModule access_compat_module modules/mod_access_compat.so
+ LoadModule auth_basic_module modules/mod_auth_basic.so
+ LoadModule ldap_module modules/mod_ldap.so
+ LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
+ LoadModule reqtimeout_module modules/mod_reqtimeout.so
+ LoadModule filter_module modules/mod_filter.so
+ LoadModule proxy_html_module modules/mod_proxy_html.so
+ LoadModule log_config_module modules/mod_log_config.so
+ LoadModule env_module modules/mod_env.so
+ LoadModule headers_module modules/mod_headers.so
+ LoadModule setenvif_module modules/mod_setenvif.so
+ LoadModule version_module modules/mod_version.so
+ LoadModule proxy_module modules/mod_proxy.so
+ LoadModule proxy_connect_module modules/mod_proxy_connect.so
+ LoadModule proxy_http_module modules/mod_proxy_http.so
+ LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
+ LoadModule slotmem_shm_module modules/mod_slotmem_shm.so
+ LoadModule slotmem_plain_module modules/mod_slotmem_plain.so
+ LoadModule unixd_module modules/mod_unixd.so
+ LoadModule status_module modules/mod_status.so
+ LoadModule autoindex_module modules/mod_autoindex.so
+
+
+ User daemon
+ Group daemon
+
+
+
+ AllowOverride none
+ Require all denied
+
+
+
+ Require all denied
+
+
+ ErrorLog /dev/stderr
+
+ LogLevel warn
+
+
+ LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
+ LogFormat "%h %l %u %t \"%r\" %>s %b" common
+
+
+ LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
+
+
+ CustomLog /dev/stdout common
+
+ CustomLog /dev/stdout combined
+
+
+
+ AllowOverride None
+ Options None
+ Require all granted
+
+
+
+ RequestHeader unset Proxy early
+
+
+
+ Include conf/extra/proxy-html.conf
+
+
+
+
+ ProxyPass http://localhost:{{ tuple "elasticsearch" "internal" "client" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}/
+ ProxyPassReverse http://localhost:{{ tuple "elasticsearch" "internal" "client" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}/
+
+
+ AuthName "Elasticsearch"
+ AuthType Basic
+ AuthBasicProvider file ldap
+ AuthUserFile /usr/local/apache2/conf/.htpasswd
+ AuthLDAPBindDN {{ .Values.endpoints.ldap.auth.admin.bind }}
+ AuthLDAPBindPassword {{ .Values.endpoints.ldap.auth.admin.password }}
+ AuthLDAPURL {{ tuple "ldap" "default" "ldap" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | quote }}
+ Require valid-user
+
+
init:
max_map_count: 262144
curator:
diff --git a/kibana/templates/bin/_apache.sh.tpl b/kibana/templates/bin/_apache.sh.tpl
index e80ead098..6f8aaa8e2 100644
--- a/kibana/templates/bin/_apache.sh.tpl
+++ b/kibana/templates/bin/_apache.sh.tpl
@@ -29,6 +29,12 @@ function start () {
# Apache gets grumpy about PID files pre-existing
rm -f /etc/httpd/logs/httpd.pid
+ if [ -f /usr/local/apache2/conf/.htpasswd ]; then
+ htpasswd -b /usr/local/apache2/conf/.htpasswd "$ELASTICSEARCH_USERNAME" "$ELASTICSEARCH_PASSWORD"
+ else
+ htpasswd -cb /usr/local/apache2/conf/.htpasswd "$ELASTICSEARCH_USERNAME" "$ELASTICSEARCH_PASSWORD"
+ fi
+
#Launch Apache on Foreground
exec httpd -DFOREGROUND
}
diff --git a/kibana/templates/configmap-etc.yaml b/kibana/templates/configmap-etc.yaml
index 09cf679ce..93742d7c2 100644
--- a/kibana/templates/configmap-etc.yaml
+++ b/kibana/templates/configmap-etc.yaml
@@ -22,10 +22,8 @@ kind: ConfigMap
metadata:
name: kibana-etc
data:
- httpd.conf: |
-{{- tuple .Values.conf.apache.httpd "etc/_httpd.conf.tpl" . | include "helm-toolkit.utils.configmap_templater" }}
- kibana-host.conf: |
-{{- tuple .Values.conf.apache.host "etc/_kibana-host.conf.tpl" . | include "helm-toolkit.utils.configmap_templater" }}
kibana.yml: |
{{ toYaml .Values.conf.kibana | indent 4 }}
+#NOTE(portdirect): this must be last, to work round helm ~2.7 bug.
+{{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.httpd "key" "httpd.conf") | indent 2 }}
{{- end }}
diff --git a/kibana/templates/deployment.yaml b/kibana/templates/deployment.yaml
index 903d7bd43..adb4521c5 100644
--- a/kibana/templates/deployment.yaml
+++ b/kibana/templates/deployment.yaml
@@ -65,30 +65,16 @@ spec:
initialDelaySeconds: 20
periodSeconds: 10
env:
- - name: KIBANA_PORT
- value: {{ tuple "kibana" "internal" "kibana" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }}
- - name: KIBANA_USERNAME
+ - name: ELASTICSEARCH_USERNAME
valueFrom:
secretKeyRef:
name: {{ $esUserSecret }}
key: ELASTICSEARCH_USERNAME
- - name: KIBANA_PASSWORD
+ - name: ELASTICSEARCH_PASSWORD
valueFrom:
secretKeyRef:
name: {{ $esUserSecret }}
key: ELASTICSEARCH_PASSWORD
- - name: LDAP_URL
- value: {{ tuple "ldap" "default" "ldap" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | quote }}
- - name: BIND_DN
- valueFrom:
- secretKeyRef:
- name: {{ $esUserSecret }}
- key: BIND_DN
- - name: BIND_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ $esUserSecret }}
- key: BIND_PASSWORD
volumeMounts:
- name: kibana-bin
mountPath: /tmp/apache.sh
@@ -98,12 +84,6 @@ spec:
mountPath: /usr/local/apache2/conf/httpd.conf
subPath: httpd.conf
readOnly: true
- - name: pod-etc-apache
- mountPath: /usr/local/apache2/conf/sites-enabled
- - name: kibana-etc
- mountPath: /usr/local/apache2/conf/sites-enabled/kibana-host.conf
- subPath: kibana-host.conf
- readOnly: true
- name: kibana
{{ tuple $envAll "kibana" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ tuple $envAll $envAll.Values.pod.resources.kibana | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
diff --git a/kibana/templates/etc/_httpd.conf.tpl b/kibana/templates/etc/_httpd.conf.tpl
deleted file mode 100644
index 19af85523..000000000
--- a/kibana/templates/etc/_httpd.conf.tpl
+++ /dev/null
@@ -1,189 +0,0 @@
-#
-# This is the main Apache HTTP server configuration file. It contains the
-# configuration directives that give the server its instructions.
-# See for detailed information.
-# In particular, see
-#
-# for a discussion of each configuration directive.
-#
-# Do NOT simply read the instructions in here without understanding
-# what they do. They're here only as hints or reminders. If you are unsure
-# consult the online docs. You have been warned.
-#
-# Configuration and logfile names: If the filenames you specify for many
-# of the server's control files begin with "/" (or "drive:/" for Win32), the
-# server will use that explicit path. If the filenames do *not* begin
-# with "/", the value of ServerRoot is prepended -- so "logs/access_log"
-# with ServerRoot set to "/usr/local/apache2" will be interpreted by the
-# server as "/usr/local/apache2/logs/access_log", whereas "/logs/access_log"
-# will be interpreted as '/logs/access_log'.
-
-ServerRoot "/usr/local/apache2"
-
-#
-# Listen: Allows you to bind Apache to specific IP addresses and/or
-# ports, instead of the default. See also the
-# directive.
-#
-# Change this to Listen on specific IP addresses as shown below to
-# prevent Apache from glomming onto all bound IP addresses.
-#
-#Listen 12.34.56.78:80
-Listen 80
-
-#
-# Dynamic Shared Object (DSO) Support
-#
-# To be able to use the functionality of a module which was built as a DSO you
-# have to place corresponding `LoadModule' lines at this location so the
-# directives contained in it are actually available _before_ they are used.
-# Statically compiled modules (those listed by `httpd -l') do not need
-# to be loaded here.
-#
-# Example:
-# LoadModule foo_module modules/mod_foo.so
-#
-LoadModule mpm_event_module modules/mod_mpm_event.so
-LoadModule authn_file_module modules/mod_authn_file.so
-LoadModule authn_core_module modules/mod_authn_core.so
-LoadModule authz_host_module modules/mod_authz_host.so
-LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
-LoadModule authz_user_module modules/mod_authz_user.so
-LoadModule authz_core_module modules/mod_authz_core.so
-LoadModule access_compat_module modules/mod_access_compat.so
-LoadModule auth_basic_module modules/mod_auth_basic.so
-LoadModule ldap_module modules/mod_ldap.so
-LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
-LoadModule reqtimeout_module modules/mod_reqtimeout.so
-LoadModule filter_module modules/mod_filter.so
-LoadModule proxy_html_module modules/mod_proxy_html.so
-LoadModule log_config_module modules/mod_log_config.so
-LoadModule env_module modules/mod_env.so
-LoadModule headers_module modules/mod_headers.so
-LoadModule setenvif_module modules/mod_setenvif.so
-LoadModule version_module modules/mod_version.so
-LoadModule proxy_module modules/mod_proxy.so
-LoadModule proxy_connect_module modules/mod_proxy_connect.so
-LoadModule proxy_http_module modules/mod_proxy_http.so
-LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
-LoadModule slotmem_shm_module modules/mod_slotmem_shm.so
-LoadModule slotmem_plain_module modules/mod_slotmem_plain.so
-LoadModule unixd_module modules/mod_unixd.so
-LoadModule status_module modules/mod_status.so
-LoadModule autoindex_module modules/mod_autoindex.so
-
-
-#
-# If you wish httpd to run as a different user or group, you must run
-# httpd as root initially and it will switch.
-#
-# User/Group: The name (or #number) of the user/group to run httpd as.
-# It is usually good practice to create a dedicated user and group for
-# running httpd, as with most system services.
-#
-User daemon
-Group daemon
-
-
-
-# 'Main' server configuration
-#
-# The directives in this section set up the values used by the 'main'
-# server, which responds to any requests that aren't handled by a
-# definition. These values also provide defaults for
-# any containers you may define later in the file.
-#
-# All of these directives may appear inside containers,
-# in which case these default settings will be overridden for the
-# virtual host being defined.
-#
-
-#
-# Deny access to the entirety of your server's filesystem. You must
-# explicitly permit access to web content directories in other
-# blocks below.
-#
-
- AllowOverride none
- Require all denied
-
-
-#
-# The following lines prevent .htaccess and .htpasswd files from being
-# viewed by Web clients.
-#
-
- Require all denied
-
-
-#
-# ErrorLog: The location of the error log file.
-# If you do not specify an ErrorLog directive within a
-# container, error messages relating to that virtual host will be
-# logged here. If you *do* define an error logfile for a
-# container, that host's errors will be logged there and not here.
-#
-ErrorLog /dev/stderr
-
-#
-# LogLevel: Control the number of messages logged to the error_log.
-# Possible values include: debug, info, notice, warn, error, crit,
-# alert, emerg.
-#
-LogLevel warn
-
-
- #
- # The following directives define some format nicknames for use with
- # a CustomLog directive (see below).
- #
- LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
- LogFormat "%h %l %u %t \"%r\" %>s %b" common
-
-
- # You need to enable mod_logio.c to use %I and %O
- LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
-
-
- #
- # The location and format of the access logfile (Common Logfile Format).
- # If you do not define any access logfiles within a
- # container, they will be logged here. Contrariwise, if you *do*
- # define per- access logfiles, transactions will be
- # logged therein and *not* in this file.
- #
- CustomLog /dev/stdout common
-
- #
- # If you prefer a logfile with access, agent, and referer information
- # (Combined Logfile Format) you can use the following directive.
- #
- CustomLog /dev/stdout combined
-
-
-#
-# "/usr/local/apache2/cgi-bin" should be changed to whatever your ScriptAliased
-# CGI directory exists, if you have that configured.
-#
-
- AllowOverride None
- Options None
- Require all granted
-
-
-
- #
- # Avoid passing HTTP_PROXY environment to CGI's on this or any proxied
- # backend servers which have lingering "httpoxy" defects.
- # 'Proxy' request header is undefined by the IETF, not listed by IANA
- #
- RequestHeader unset Proxy early
-
-
-# Virtual hosts
-Include conf/sites-enabled/*.conf
-
-# Configure mod_proxy_html to understand HTML4/XHTML1
-
-Include conf/extra/proxy-html.conf
-
diff --git a/kibana/templates/etc/_kibana-host.conf.tpl b/kibana/templates/etc/_kibana-host.conf.tpl
deleted file mode 100644
index a58e00bd7..000000000
--- a/kibana/templates/etc/_kibana-host.conf.tpl
+++ /dev/null
@@ -1,31 +0,0 @@
-{{/*
-Copyright 2017 The Openstack-Helm Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/}}
-
-
-
- ProxyPass http://localhost:${KIBANA_PORT}/
- ProxyPassReverse http://localhost:${KIBANA_PORT}/
-
-
- AuthName "Kibana"
- AuthType Basic
- AuthBasicProvider ldap
- AuthLDAPBindDN ${BIND_DN}
- AuthLDAPBindPassword ${BIND_PASSWORD}
- AuthLDAPURL ${LDAP_URL}
- Require valid-user
-
-
diff --git a/kibana/values.yaml b/kibana/values.yaml
index 6feb36067..761ee2243 100644
--- a/kibana/values.yaml
+++ b/kibana/values.yaml
@@ -103,9 +103,101 @@ dependencies:
service: elasticsearch
conf:
- apache:
- httpd: null
- kibana_host: null
+ httpd: |
+ ServerRoot "/usr/local/apache2"
+
+ Listen 80
+
+ LoadModule mpm_event_module modules/mod_mpm_event.so
+ LoadModule authn_file_module modules/mod_authn_file.so
+ LoadModule authn_core_module modules/mod_authn_core.so
+ LoadModule authz_host_module modules/mod_authz_host.so
+ LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
+ LoadModule authz_user_module modules/mod_authz_user.so
+ LoadModule authz_core_module modules/mod_authz_core.so
+ LoadModule access_compat_module modules/mod_access_compat.so
+ LoadModule auth_basic_module modules/mod_auth_basic.so
+ LoadModule ldap_module modules/mod_ldap.so
+ LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
+ LoadModule reqtimeout_module modules/mod_reqtimeout.so
+ LoadModule filter_module modules/mod_filter.so
+ LoadModule proxy_html_module modules/mod_proxy_html.so
+ LoadModule log_config_module modules/mod_log_config.so
+ LoadModule env_module modules/mod_env.so
+ LoadModule headers_module modules/mod_headers.so
+ LoadModule setenvif_module modules/mod_setenvif.so
+ LoadModule version_module modules/mod_version.so
+ LoadModule proxy_module modules/mod_proxy.so
+ LoadModule proxy_connect_module modules/mod_proxy_connect.so
+ LoadModule proxy_http_module modules/mod_proxy_http.so
+ LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
+ LoadModule slotmem_shm_module modules/mod_slotmem_shm.so
+ LoadModule slotmem_plain_module modules/mod_slotmem_plain.so
+ LoadModule unixd_module modules/mod_unixd.so
+ LoadModule status_module modules/mod_status.so
+ LoadModule autoindex_module modules/mod_autoindex.so
+
+
+ User daemon
+ Group daemon
+
+
+
+ AllowOverride none
+ Require all denied
+
+
+
+ Require all denied
+
+
+ ErrorLog /dev/stderr
+
+ LogLevel warn
+
+
+ LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
+ LogFormat "%h %l %u %t \"%r\" %>s %b" common
+
+
+ LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
+
+
+ CustomLog /dev/stdout common
+
+ CustomLog /dev/stdout combined
+
+
+
+ AllowOverride None
+ Options None
+ Require all granted
+
+
+
+ RequestHeader unset Proxy early
+
+
+
+ Include conf/extra/proxy-html.conf
+
+
+
+
+ ProxyPass http://localhost:{{ tuple "kibana" "internal" "kibana" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}/
+ ProxyPassReverse http://localhost:{{ tuple "kibana" "internal" "kibana" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}/
+
+
+ AuthName "Kibana"
+ AuthType Basic
+ AuthBasicProvider file ldap
+ AuthUserFile /usr/local/apache2/conf/.htpasswd
+ AuthLDAPBindDN {{ .Values.endpoints.ldap.auth.admin.bind }}
+ AuthLDAPBindPassword {{ .Values.endpoints.ldap.auth.admin.password }}
+ AuthLDAPURL {{ tuple "ldap" "default" "ldap" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | quote }}
+ Require valid-user
+
+
kibana:
elasticsearch:
pingTimeout: 1500
diff --git a/nagios/templates/bin/_apache.sh.tpl b/nagios/templates/bin/_apache.sh.tpl
index b55925f5d..bcb0344fd 100644
--- a/nagios/templates/bin/_apache.sh.tpl
+++ b/nagios/templates/bin/_apache.sh.tpl
@@ -30,9 +30,9 @@ function start () {
rm -f /etc/httpd/logs/httpd.pid
if [ -f /usr/local/apache2/conf/.htpasswd ]; then
- htpasswd -b /usr/local/apache2/conf/.htpasswd $NAGIOSADMIN_USER $NAGIOSADMIN_PASS
+ htpasswd -b /usr/local/apache2/conf/.htpasswd "$NAGIOSADMIN_USER" "$NAGIOSADMIN_PASS"
else
- htpasswd -cb /usr/local/apache2/conf/.htpasswd $NAGIOSADMIN_USER $NAGIOSADMIN_PASS
+ htpasswd -cb /usr/local/apache2/conf/.htpasswd "$NAGIOSADMIN_USER" "$NAGIOSADMIN_PASS"
fi
#Launch Apache on Foreground
diff --git a/nagios/templates/configmap-etc.yaml b/nagios/templates/configmap-etc.yaml
index 1864ad01c..6503b84a3 100644
--- a/nagios/templates/configmap-etc.yaml
+++ b/nagios/templates/configmap-etc.yaml
@@ -22,10 +22,6 @@ kind: ConfigMap
metadata:
name: nagios-etc
data:
- httpd.conf: |
-{{- tuple .Values.conf.apache.httpd "etc/_httpd.conf.tpl" . | include "helm-toolkit.utils.configmap_templater" }}
- nagios-host.conf: |
-{{- tuple .Values.conf.apache.host "etc/_nagios-host.conf.tpl" . | include "helm-toolkit.utils.configmap_templater" }}
cgi.cfg: |+
{{ include "nagios.utils.to_nagios_conf" .Values.conf.nagios.cgi | indent 4 }}
nagios.cfg: |+
@@ -37,4 +33,6 @@ data:
{{- tuple "hostgroup" .Values.conf.nagios.host_groups | include "nagios.utils.object_definition" | indent 4 }}
{{- tuple "command" .Values.conf.nagios.commands | include "nagios.utils.object_definition" | indent 4 }}
{{- tuple "service" .Values.conf.nagios.services | include "nagios.utils.object_definition" | indent 4 }}
+#NOTE(portdirect): this must be last, to work round helm ~2.7 bug.
+{{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.httpd "key" "httpd.conf") | indent 2 }}
{{- end }}
diff --git a/nagios/templates/deployment.yaml b/nagios/templates/deployment.yaml
index 0e057b507..9abda5160 100644
--- a/nagios/templates/deployment.yaml
+++ b/nagios/templates/deployment.yaml
@@ -98,10 +98,6 @@ spec:
initialDelaySeconds: 20
periodSeconds: 10
env:
- - name: NAGIOS_PORT
- value: {{ tuple "nagios" "internal" "nagios" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }}
- - name: LDAP_URL
- value: {{ tuple "ldap" "default" "ldap" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | quote }}
- name: NAGIOSADMIN_USER
valueFrom:
secretKeyRef:
@@ -112,16 +108,6 @@ spec:
secretKeyRef:
name: {{ $nagiosUserSecret }}
key: NAGIOSADMIN_PASS
- - name: BIND_DN
- valueFrom:
- secretKeyRef:
- name: {{ $nagiosUserSecret }}
- key: BIND_DN
- - name: BIND_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ $nagiosUserSecret }}
- key: BIND_PASSWORD
volumeMounts:
- name: nagios-bin
mountPath: /tmp/apache.sh
@@ -131,12 +117,6 @@ spec:
mountPath: /usr/local/apache2/conf/httpd.conf
subPath: httpd.conf
readOnly: true
- - name: pod-etc-apache
- mountPath: /usr/local/apache2/conf/sites-enabled
- - name: nagios-etc
- mountPath: /usr/local/apache2/conf/sites-enabled/nagios-host.conf
- subPath: nagios-host.conf
- readOnly: true
- name: nagios
{{ tuple $envAll "nagios" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ tuple $envAll $envAll.Values.pod.resources.nagios | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
diff --git a/nagios/templates/etc/_httpd.conf.tpl b/nagios/templates/etc/_httpd.conf.tpl
deleted file mode 100644
index 19af85523..000000000
--- a/nagios/templates/etc/_httpd.conf.tpl
+++ /dev/null
@@ -1,189 +0,0 @@
-#
-# This is the main Apache HTTP server configuration file. It contains the
-# configuration directives that give the server its instructions.
-# See for detailed information.
-# In particular, see
-#
-# for a discussion of each configuration directive.
-#
-# Do NOT simply read the instructions in here without understanding
-# what they do. They're here only as hints or reminders. If you are unsure
-# consult the online docs. You have been warned.
-#
-# Configuration and logfile names: If the filenames you specify for many
-# of the server's control files begin with "/" (or "drive:/" for Win32), the
-# server will use that explicit path. If the filenames do *not* begin
-# with "/", the value of ServerRoot is prepended -- so "logs/access_log"
-# with ServerRoot set to "/usr/local/apache2" will be interpreted by the
-# server as "/usr/local/apache2/logs/access_log", whereas "/logs/access_log"
-# will be interpreted as '/logs/access_log'.
-
-ServerRoot "/usr/local/apache2"
-
-#
-# Listen: Allows you to bind Apache to specific IP addresses and/or
-# ports, instead of the default. See also the
-# directive.
-#
-# Change this to Listen on specific IP addresses as shown below to
-# prevent Apache from glomming onto all bound IP addresses.
-#
-#Listen 12.34.56.78:80
-Listen 80
-
-#
-# Dynamic Shared Object (DSO) Support
-#
-# To be able to use the functionality of a module which was built as a DSO you
-# have to place corresponding `LoadModule' lines at this location so the
-# directives contained in it are actually available _before_ they are used.
-# Statically compiled modules (those listed by `httpd -l') do not need
-# to be loaded here.
-#
-# Example:
-# LoadModule foo_module modules/mod_foo.so
-#
-LoadModule mpm_event_module modules/mod_mpm_event.so
-LoadModule authn_file_module modules/mod_authn_file.so
-LoadModule authn_core_module modules/mod_authn_core.so
-LoadModule authz_host_module modules/mod_authz_host.so
-LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
-LoadModule authz_user_module modules/mod_authz_user.so
-LoadModule authz_core_module modules/mod_authz_core.so
-LoadModule access_compat_module modules/mod_access_compat.so
-LoadModule auth_basic_module modules/mod_auth_basic.so
-LoadModule ldap_module modules/mod_ldap.so
-LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
-LoadModule reqtimeout_module modules/mod_reqtimeout.so
-LoadModule filter_module modules/mod_filter.so
-LoadModule proxy_html_module modules/mod_proxy_html.so
-LoadModule log_config_module modules/mod_log_config.so
-LoadModule env_module modules/mod_env.so
-LoadModule headers_module modules/mod_headers.so
-LoadModule setenvif_module modules/mod_setenvif.so
-LoadModule version_module modules/mod_version.so
-LoadModule proxy_module modules/mod_proxy.so
-LoadModule proxy_connect_module modules/mod_proxy_connect.so
-LoadModule proxy_http_module modules/mod_proxy_http.so
-LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
-LoadModule slotmem_shm_module modules/mod_slotmem_shm.so
-LoadModule slotmem_plain_module modules/mod_slotmem_plain.so
-LoadModule unixd_module modules/mod_unixd.so
-LoadModule status_module modules/mod_status.so
-LoadModule autoindex_module modules/mod_autoindex.so
-
-
-#
-# If you wish httpd to run as a different user or group, you must run
-# httpd as root initially and it will switch.
-#
-# User/Group: The name (or #number) of the user/group to run httpd as.
-# It is usually good practice to create a dedicated user and group for
-# running httpd, as with most system services.
-#
-User daemon
-Group daemon
-
-
-
-# 'Main' server configuration
-#
-# The directives in this section set up the values used by the 'main'
-# server, which responds to any requests that aren't handled by a
-# definition. These values also provide defaults for
-# any containers you may define later in the file.
-#
-# All of these directives may appear inside containers,
-# in which case these default settings will be overridden for the
-# virtual host being defined.
-#
-
-#
-# Deny access to the entirety of your server's filesystem. You must
-# explicitly permit access to web content directories in other
-# blocks below.
-#
-
- AllowOverride none
- Require all denied
-
-
-#
-# The following lines prevent .htaccess and .htpasswd files from being
-# viewed by Web clients.
-#
-
- Require all denied
-
-
-#
-# ErrorLog: The location of the error log file.
-# If you do not specify an ErrorLog directive within a
-# container, error messages relating to that virtual host will be
-# logged here. If you *do* define an error logfile for a
-# container, that host's errors will be logged there and not here.
-#
-ErrorLog /dev/stderr
-
-#
-# LogLevel: Control the number of messages logged to the error_log.
-# Possible values include: debug, info, notice, warn, error, crit,
-# alert, emerg.
-#
-LogLevel warn
-
-
- #
- # The following directives define some format nicknames for use with
- # a CustomLog directive (see below).
- #
- LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
- LogFormat "%h %l %u %t \"%r\" %>s %b" common
-
-
- # You need to enable mod_logio.c to use %I and %O
- LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
-
-
- #
- # The location and format of the access logfile (Common Logfile Format).
- # If you do not define any access logfiles within a
- # container, they will be logged here. Contrariwise, if you *do*
- # define per- access logfiles, transactions will be
- # logged therein and *not* in this file.
- #
- CustomLog /dev/stdout common
-
- #
- # If you prefer a logfile with access, agent, and referer information
- # (Combined Logfile Format) you can use the following directive.
- #
- CustomLog /dev/stdout combined
-
-
-#
-# "/usr/local/apache2/cgi-bin" should be changed to whatever your ScriptAliased
-# CGI directory exists, if you have that configured.
-#
-
- AllowOverride None
- Options None
- Require all granted
-
-
-
- #
- # Avoid passing HTTP_PROXY environment to CGI's on this or any proxied
- # backend servers which have lingering "httpoxy" defects.
- # 'Proxy' request header is undefined by the IETF, not listed by IANA
- #
- RequestHeader unset Proxy early
-
-
-# Virtual hosts
-Include conf/sites-enabled/*.conf
-
-# Configure mod_proxy_html to understand HTML4/XHTML1
-
-Include conf/extra/proxy-html.conf
-
diff --git a/nagios/templates/etc/_nagios-host.conf.tpl b/nagios/templates/etc/_nagios-host.conf.tpl
deleted file mode 100644
index 4e51aff17..000000000
--- a/nagios/templates/etc/_nagios-host.conf.tpl
+++ /dev/null
@@ -1,29 +0,0 @@
-{{/*
-Copyright 2017 The Openstack-Helm Authors.
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
- http://www.apache.org/licenses/LICENSE-2.0
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/}}
-
-
-
- ProxyPass http://localhost:${NAGIOS_PORT}/
- ProxyPassReverse http://localhost:${NAGIOS_PORT}/
-
-
- AuthName "Nagios"
- AuthType Basic
- AuthBasicProvider file ldap
- AuthUserFile /usr/local/apache2/conf/.htpasswd
- AuthLDAPBindDN ${BIND_DN}
- AuthLDAPBindPassword ${BIND_PASSWORD}
- AuthLDAPURL ${LDAP_URL}
- Require valid-user
-
-
diff --git a/nagios/values.yaml b/nagios/values.yaml
index 05e463007..870b07ada 100644
--- a/nagios/values.yaml
+++ b/nagios/values.yaml
@@ -198,9 +198,101 @@ manifests:
service_ingress: true
conf:
- apache:
- httpd: null
- elasticsearch_host: null
+ httpd: |
+ ServerRoot "/usr/local/apache2"
+
+ Listen 80
+
+ LoadModule mpm_event_module modules/mod_mpm_event.so
+ LoadModule authn_file_module modules/mod_authn_file.so
+ LoadModule authn_core_module modules/mod_authn_core.so
+ LoadModule authz_host_module modules/mod_authz_host.so
+ LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
+ LoadModule authz_user_module modules/mod_authz_user.so
+ LoadModule authz_core_module modules/mod_authz_core.so
+ LoadModule access_compat_module modules/mod_access_compat.so
+ LoadModule auth_basic_module modules/mod_auth_basic.so
+ LoadModule ldap_module modules/mod_ldap.so
+ LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
+ LoadModule reqtimeout_module modules/mod_reqtimeout.so
+ LoadModule filter_module modules/mod_filter.so
+ LoadModule proxy_html_module modules/mod_proxy_html.so
+ LoadModule log_config_module modules/mod_log_config.so
+ LoadModule env_module modules/mod_env.so
+ LoadModule headers_module modules/mod_headers.so
+ LoadModule setenvif_module modules/mod_setenvif.so
+ LoadModule version_module modules/mod_version.so
+ LoadModule proxy_module modules/mod_proxy.so
+ LoadModule proxy_connect_module modules/mod_proxy_connect.so
+ LoadModule proxy_http_module modules/mod_proxy_http.so
+ LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
+ LoadModule slotmem_shm_module modules/mod_slotmem_shm.so
+ LoadModule slotmem_plain_module modules/mod_slotmem_plain.so
+ LoadModule unixd_module modules/mod_unixd.so
+ LoadModule status_module modules/mod_status.so
+ LoadModule autoindex_module modules/mod_autoindex.so
+
+
+ User daemon
+ Group daemon
+
+
+
+ AllowOverride none
+ Require all denied
+
+
+
+ Require all denied
+
+
+ ErrorLog /dev/stderr
+
+ LogLevel warn
+
+
+ LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
+ LogFormat "%h %l %u %t \"%r\" %>s %b" common
+
+
+ LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
+
+
+ CustomLog /dev/stdout common
+
+ CustomLog /dev/stdout combined
+
+
+
+ AllowOverride None
+ Options None
+ Require all granted
+
+
+
+ RequestHeader unset Proxy early
+
+
+
+ Include conf/extra/proxy-html.conf
+
+
+
+
+ ProxyPass http://localhost:{{ tuple "nagios" "internal" "nagios" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}/
+ ProxyPassReverse http://localhost:{{ tuple "nagios" "internal" "nagios" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}/
+
+
+ AuthName "Nagios"
+ AuthType Basic
+ AuthBasicProvider file ldap
+ AuthUserFile /usr/local/apache2/conf/.htpasswd
+ AuthLDAPBindDN {{ .Values.endpoints.ldap.auth.admin.bind }}
+ AuthLDAPBindPassword {{ .Values.endpoints.ldap.auth.admin.password }}
+ AuthLDAPURL {{ tuple "ldap" "default" "ldap" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | quote }}
+ Require valid-user
+
+
nagios:
contacts:
- notifying_contact: