Mohammed Morsi
2009-Sep-17 22:08 UTC
[Ovirt-devel] [PATCH server] oVirt server single network installer
Updates the installer to handle the scenario in which the guest and admin networks are the same by using an alternative httpd conf. Verified to work (eg oVirt managed vms are bootable) on the oVirt appliance so far. --- conf/ovirt-server.conf | 88 -------------------- installer/bin/ovirt-installer | 11 +-- installer/modules/ovirt/manifests/ovirt.pp | 29 ++----- .../ovirt/templates/ovirt-httpd-seperate.conf.erb | 88 ++++++++++++++++++++ .../ovirt/templates/ovirt-httpd-single.conf.erb | 77 +++++++++++++++++ ovirt-server.spec.in | 3 - 6 files changed, 178 insertions(+), 118 deletions(-) delete mode 100644 conf/ovirt-server.conf create mode 100644 installer/modules/ovirt/templates/ovirt-httpd-seperate.conf.erb create mode 100644 installer/modules/ovirt/templates/ovirt-httpd-single.conf.erb diff --git a/conf/ovirt-server.conf b/conf/ovirt-server.conf deleted file mode 100644 index e4ebd5b..0000000 --- a/conf/ovirt-server.conf +++ /dev/null @@ -1,88 +0,0 @@ -NameVirtualHost GuestNetIpAddress:80 -<VirtualHost GuestNetIpAddress:80> - <Location /ovirt> - RewriteEngine on - RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L] - </Location> -</VirtualHost> - -NameVirtualHost GuestNetIpAddress:443 -NameVirtualHost AdminNetIpAddress:80 - -<VirtualHost GuestNetIpAddress:443> - - NSSEngine on - NSSCipherSuite +rsa_rc4_128_md5,+rsa_rc4_128_sha,+rsa_3des_sha,-rsa_des_sha,-rsa_rc4_40_md5,-rsa_rc2_40_md5,-rsa_null_md5,-rsa_null_sha,+fips_3des_sha,-fips_des_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-rsa_des_56_sha,-rsa_rc4_56_sha,+rsa_aes_128_sha,+rsa_aes_256_sha - NSSProtocol SSLv3,TLSv1 - NSSNickname Server-Cert - NSSCertificateDatabase /etc/httpd/alias - - ErrorLog /etc/httpd/logs/error_log - TransferLog /etc/httpd/logs/access_log - LogLevel warn - - RewriteEngine On - RewriteMap vmnodes prg:/usr/bin/ovirt-vm2node - RewriteRule ^/terminal/(.+)/anyterm-module$ http://${vmnodes:$1}:81/anyterm-module [P] - RewriteRule ^/terminal/(.+)/(.*\.(html|js|css|gif))*$ http://127.0.0.1/terminal/$2 [P,NE] - - ProxyPass /ovirt http://AdminNodeFQDN/ovirt retry=3 - ProxyPassReverse /ovirt http://AdminNodeFQDN/ovirt -</VirtualHost> - -<VirtualHost AdminNetIpAddress:80> - - ServerAlias AdminNodeFQDN - ServerName AdminNodeFQDN:80 - - ErrorLog /etc/httpd/logs/error_log - TransferLog /etc/httpd/logs/access_log - LogLevel warn - - ProxyRequests Off - -<ProxyMatch ^.*/ovirt/login.*$> - AuthType Kerberos - AuthName "Kerberos Login" - KrbMethodNegotiate on - KrbMethodK5Passwd on - KrbServiceName HTTP - Krb5KeyTab /etc/httpd/conf/ipa.keytab - KrbSaveCredentials on - Require valid-user - ErrorDocument 401 /ovirt/errors/401.html - ErrorDocument 404 /ovirt/errors/404.html - ErrorDocument 500 /ovirt/errors/500.html - RewriteEngine on - Order deny,allow - Allow from all - - # We create a subrequest to find REMOTE_USER. Don't do this for every - # subrequest too (slow and huge logs result) - RewriteCond %{IS_SUBREQ}% false - RewriteRule .* - [E=RU:%{LA-U:REMOTE_USER}] - RequestHeader set X-Forwarded-User %{RU}e - RequestHeader set X-Forwarded-Keytab %{KRB5CCNAME}e - - # RequestHeader unset Authorization -</ProxyMatch> - -Alias /ovirt/stylesheets "/usr/share/ovirt-server/public/stylesheets" -Alias /ovirt/images "/usr/share/ovirt-server/public/images" -Alias /ovirt/errors "/usr/share/ovirt-server/public/" - -ProxyPass /ovirt/images ! -ProxyPass /ovirt/stylesheets ! -ProxyPass /ovirt/errors ! -ProxyPass /ovirt http://localhost:3000/ovirt -ProxyPassReverse /ovirt http://localhost:3000/ovirt -ProxyPassReverse /ovirt/images ! -ProxyPassReverse /ovirt/stylesheets ! -ProxyPassReverse /ovirt/errors ! - -</VirtualHost> - -Alias /terminal /usr/share/ovirt-anyterm -<Location /terminal> - DirectoryIndex anyterm.html -</Location> diff --git a/installer/bin/ovirt-installer b/installer/bin/ovirt-installer index a38ea83..5d6350f 100755 --- a/installer/bin/ovirt-installer +++ b/installer/bin/ovirt-installer @@ -172,13 +172,11 @@ else end end -guest_httpd_dev = prompt_for_interface("Enter the interface for the Guest network:", interfaces, :default => "eth0") +guest_dev = prompt_for_interface("Enter the interface for the Guest network:", interfaces, :default => "eth0") admin_dev = prompt_for_interface("Enter the interface for the Admin network (this may be the same as the Guest network interface):", interfaces, :default => "eth0") -#FIXME: correctly configure separate networks. -#For now, define admin and guest networks to be the same -guest_dev = admin_dev -#sep_networks = (guest_dev == admin_dev) ? "n" : "y" +# different scenarios for 1 & 2 networks +seperate_networks = (guest_dev == admin_dev) ? "n" : "y" ovirt_host = prompt_for_answer("Enter the hostname of the oVirt management server (example: management.example.com):", :regex => IP_OR_FQDN) ipa_host = ovirt_host @@ -193,7 +191,6 @@ File.open('/etc/resolv.conf').each_line{ |line| otherwise select \"n\" and a dns server will be configured during the install', RED) %>") dns_servers = prompt_yes_no("Use this systems's dns servers?") -guest_httpd_ipaddr = interfaces[guest_httpd_dev] guest_ipaddr = interfaces[guest_dev] admin_ipaddr = interfaces[admin_dev] @@ -276,9 +273,9 @@ firewall::setup{'setup': firewall_rule{"ssh": destination_port => "22"} #DNS Configuration -$guest_httpd_ipaddr = '<%= guest_httpd_ipaddr %>' $guest_ipaddr = '<%= guest_ipaddr %>' $admin_ipaddr = '<%= admin_ipaddr %>' +$seperate_networks = '<%= seperate_networks %>' $ovirt_host = '<%= ovirt_host %>' $ipa_host = '<%= ipa_host %>' diff --git a/installer/modules/ovirt/manifests/ovirt.pp b/installer/modules/ovirt/manifests/ovirt.pp index b018a00..18a14c9 100644 --- a/installer/modules/ovirt/manifests/ovirt.pp +++ b/installer/modules/ovirt/manifests/ovirt.pp @@ -20,26 +20,15 @@ class ovirt::setup { - file_replacement{"ovirt_httpd_config_change_guest_net": - file => "/etc/httpd/conf.d/ovirt-server.conf", - pattern => "GuestNetIpAddress", - replacement => "$guest_httpd_ipaddr", - require => Package[ovirt-server] - } - - file_replacement{"ovirt_httpd_config_change_admin_net": - file => "/etc/httpd/conf.d/ovirt-server.conf", - pattern => "AdminNetIpAddress", - replacement => "$admin_ipaddr", - require => Package[ovirt-server] - } - - file_replacement{"ovirt_httpd_config_change_server_fqdn": - file => "/etc/httpd/conf.d/ovirt-server.conf", - pattern => "AdminNodeFQDN", - replacement => "$ovirt_host", - require => Package[ovirt-server] - } + file {"/etc/httpd/conf.d/ovirt-server.conf": + content => $seperate_networks ? { + y => template("ovirt/ovirt-httpd-seperate.conf.erb"), + n => template("ovirt/ovirt-httpd-single.conf.erb") + }, + mode => 644, + notify => Service[httpd], + require => [Package[ovirt-server], Package[httpd]] + } package {"ovirt-server": ensure => installed, diff --git a/installer/modules/ovirt/templates/ovirt-httpd-seperate.conf.erb b/installer/modules/ovirt/templates/ovirt-httpd-seperate.conf.erb new file mode 100644 index 0000000..f91016e --- /dev/null +++ b/installer/modules/ovirt/templates/ovirt-httpd-seperate.conf.erb @@ -0,0 +1,88 @@ +NameVirtualHost <%= guest_ipaddr %>:80 +<VirtualHost <%= guest_ipaddr %>:80> + <Location /ovirt> + RewriteEngine on + RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L] + </Location> +</VirtualHost> + +NameVirtualHost <%= guest_ipaddr %>:443 +NameVirtualHost <%= admin_ipaddr %>:80 + +<VirtualHost <%= guest_ipaddr %>:443> + + NSSEngine on + NSSCipherSuite +rsa_rc4_128_md5,+rsa_rc4_128_sha,+rsa_3des_sha,-rsa_des_sha,-rsa_rc4_40_md5,-rsa_rc2_40_md5,-rsa_null_md5,-rsa_null_sha,+fips_3des_sha,-fips_des_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-rsa_des_56_sha,-rsa_rc4_56_sha,+rsa_aes_128_sha,+rsa_aes_256_sha + NSSProtocol SSLv3,TLSv1 + NSSNickname Server-Cert + NSSCertificateDatabase /etc/httpd/alias + + ErrorLog /etc/httpd/logs/error_log + TransferLog /etc/httpd/logs/access_log + LogLevel warn + + RewriteEngine On + RewriteMap vmnodes prg:/usr/bin/ovirt-vm2node + RewriteRule ^/terminal/(.+)/anyterm-module$ http://${vmnodes:$1}:81/anyterm-module [P] + RewriteRule ^/terminal/(.+)/(.*\.(html|js|css|gif))*$ http://127.0.0.1/terminal/$2 [P,NE] + + ProxyPass /ovirt http://<%= ovirt_host %>/ovirt retry=3 + ProxyPassReverse /ovirt http://<%= ovirt_host %>/ovirt +</VirtualHost> + +<VirtualHost <%= admin_ipaddr %>:80> + + ServerAlias <%= ovirt_host %> + ServerName <%= ovirt_host %>:80 + + ErrorLog /etc/httpd/logs/error_log + TransferLog /etc/httpd/logs/access_log + LogLevel warn + + ProxyRequests Off + +<ProxyMatch ^.*/ovirt/login.*$> + AuthType Kerberos + AuthName "Kerberos Login" + KrbMethodNegotiate on + KrbMethodK5Passwd on + KrbServiceName HTTP + Krb5KeyTab /etc/httpd/conf/ipa.keytab + KrbSaveCredentials on + Require valid-user + ErrorDocument 401 /ovirt/errors/401.html + ErrorDocument 404 /ovirt/errors/404.html + ErrorDocument 500 /ovirt/errors/500.html + RewriteEngine on + Order deny,allow + Allow from all + + # We create a subrequest to find REMOTE_USER. Don't do this for every + # subrequest too (slow and huge logs result) + RewriteCond %{IS_SUBREQ}% false + RewriteRule .* - [E=RU:%{LA-U:REMOTE_USER}] + RequestHeader set X-Forwarded-User %{RU}e + RequestHeader set X-Forwarded-Keytab %{KRB5CCNAME}e + + # RequestHeader unset Authorization +</ProxyMatch> + +Alias /ovirt/stylesheets "/usr/share/ovirt-server/public/stylesheets" +Alias /ovirt/images "/usr/share/ovirt-server/public/images" +Alias /ovirt/errors "/usr/share/ovirt-server/public/" + +ProxyPass /ovirt/images ! +ProxyPass /ovirt/stylesheets ! +ProxyPass /ovirt/errors ! +ProxyPass /ovirt http://localhost:3000/ovirt +ProxyPassReverse /ovirt http://localhost:3000/ovirt +ProxyPassReverse /ovirt/images ! +ProxyPassReverse /ovirt/stylesheets ! +ProxyPassReverse /ovirt/errors ! + +</VirtualHost> + +Alias /terminal /usr/share/ovirt-anyterm +<Location /terminal> + DirectoryIndex anyterm.html +</Location> diff --git a/installer/modules/ovirt/templates/ovirt-httpd-single.conf.erb b/installer/modules/ovirt/templates/ovirt-httpd-single.conf.erb new file mode 100644 index 0000000..47cc606 --- /dev/null +++ b/installer/modules/ovirt/templates/ovirt-httpd-single.conf.erb @@ -0,0 +1,77 @@ +NameVirtualHost <%= guest_ipaddr %>:80 +<VirtualHost <%= guest_ipaddr %>:80> + <Location /ovirt> + RewriteEngine on + RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L] + </Location> +</VirtualHost> + +NameVirtualHost <%= guest_ipaddr %>:443 + +<VirtualHost <%= guest_ipaddr %>:443> + + ProxyRequests Off + + ServerAlias <%= ovirt_host %> + ServerName <%= ovirt_host %>:443 + + NSSEngine on + NSSCipherSuite +rsa_rc4_128_md5,+rsa_rc4_128_sha,+rsa_3des_sha,-rsa_des_sha,-rsa_rc4_40_md5,-rsa_rc2_40_md5,-rsa_null_md5,-rsa_null_sha,+fips_3des_sha,-fips_des_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-rsa_des_56_sha,-rsa_rc4_56_sha,+rsa_aes_128_sha,+rsa_aes_256_sha + NSSProtocol SSLv3,TLSv1 + NSSNickname Server-Cert + NSSCertificateDatabase /etc/httpd/alias + + ErrorLog /etc/httpd/logs/error_log + TransferLog /etc/httpd/logs/access_log + LogLevel debug + + RewriteEngine On + RewriteMap vmnodes prg:/usr/bin/ovirt-vm2node + RewriteRule ^/terminal/(.+)/anyterm-module$ http://${vmnodes:$1}:81/anyterm-module [P] + RewriteRule ^/terminal/(.+)/(.*\.(html|js|css|gif))*$ http://127.0.0.1/terminal/$2 [P,NE] + + <ProxyMatch ^.*/ovirt/login.*$> + AuthType Kerberos + AuthName "Kerberos Login" + KrbMethodNegotiate on + KrbMethodK5Passwd on + KrbServiceName HTTP + Krb5KeyTab /etc/httpd/conf/ipa.keytab + KrbSaveCredentials on + Require valid-user + ErrorDocument 401 /ovirt/errors/401.html + ErrorDocument 404 /ovirt/errors/404.html + ErrorDocument 500 /ovirt/errors/500.html + RewriteEngine on + Order deny,allow + Allow from all + + # We create a subrequest to find REMOTE_USER. Don't do this for every + # subrequest too (slow and huge logs result) + RewriteCond %{IS_SUBREQ}% false + RewriteRule .* - [E=RU:%{LA-U:REMOTE_USER}] + RequestHeader set X-Forwarded-User %{RU}e + RequestHeader set X-Forwarded-Keytab %{KRB5CCNAME}e + + # RequestHeader unset Authorization + </ProxyMatch> + + Alias /ovirt/stylesheets "/usr/share/ovirt-server/public/stylesheets" + Alias /ovirt/images "/usr/share/ovirt-server/public/images" + Alias /ovirt/errors "/usr/share/ovirt-server/public/" + + ProxyPass /ovirt/images ! + ProxyPass /ovirt/stylesheets ! + ProxyPass /ovirt/errors ! + ProxyPass /ovirt http://localhost:3000/ovirt + ProxyPassReverse /ovirt http://localhost:3000/ovirt + ProxyPassReverse /ovirt/images ! + ProxyPassReverse /ovirt/stylesheets ! + ProxyPassReverse /ovirt/errors ! + +</VirtualHost> + +Alias /terminal /usr/share/ovirt-anyterm +<Location /terminal> + DirectoryIndex anyterm.html +</Location> diff --git a/ovirt-server.spec.in b/ovirt-server.spec.in index 0715690..ad5ace1 100644 --- a/ovirt-server.spec.in +++ b/ovirt-server.spec.in @@ -86,7 +86,6 @@ mkdir %{buildroot} %{__install} -d -m0755 %{buildroot}%{_sbindir} %{__install} -d -m0755 %{buildroot}%{_initrddir} %{__install} -d -m0755 %{buildroot}%{_sysconfdir}/sysconfig -%{__install} -d -m0755 %{buildroot}%{_sysconfdir}/httpd/conf.d %{__install} -d -m0755 %{buildroot}%{_sysconfdir}/%{name} %{__install} -d -m0755 %{buildroot}%{_sysconfdir}/%{name}/db %{__install} -d -m0755 %{buildroot}%{_sysconfdir}/logrotate.d @@ -105,7 +104,6 @@ touch %{buildroot}%{_localstatedir}/log/%{name}/mongrel.log touch %{buildroot}%{_localstatedir}/log/%{name}/rails.log touch %{buildroot}%{_localstatedir}/log/%{name}/taskomatic.log touch %{buildroot}%{_localstatedir}/log/%{name}/db-omatic.log -%{__install} -p -m0644 %{pbuild}/conf/%{name}.conf %{buildroot}%{_sysconfdir}/httpd/conf.d %{__install} -p -m0644 %{pbuild}/conf/%{name}.crontab %{buildroot}%{_sysconfdir}/cron.d/%{name} %{__install} -p -m0644 %{pbuild}/conf/%{name}.logrotate %{buildroot}%{_sysconfdir}/logrotate.d/%{name} @@ -240,7 +238,6 @@ fi %config(noreplace) %{_sysconfdir}/sysconfig/ovirt-mongrel-rails %config(noreplace) %{_sysconfdir}/sysconfig/ovirt-rails %config(noreplace) %{_sysconfdir}/sysconfig/ovirt-vnc-proxy -%config(noreplace) %{_sysconfdir}/httpd/conf.d/%{name}.conf %doc README AUTHORS COPYING %attr(-, ovirt, ovirt) %{_localstatedir}/lib/%{name} %attr(-, ovirt, ovirt) %{_localstatedir}/run/%{name} -- 1.6.0.6
Joey Boggs
2009-Sep-23 21:17 UTC
[Ovirt-devel] [PATCH server] oVirt server single network installer
Mohammed Morsi wrote:> Updates the installer to handle the scenario in which the guest and > admin networks are the same by using an alternative httpd conf. > > Verified to work (eg oVirt managed vms are bootable) on the > oVirt appliance so far. > --- > conf/ovirt-server.conf | 88 -------------------- > installer/bin/ovirt-installer | 11 +-- > installer/modules/ovirt/manifests/ovirt.pp | 29 ++----- > .../ovirt/templates/ovirt-httpd-seperate.conf.erb | 88 ++++++++++++++++++++ > .../ovirt/templates/ovirt-httpd-single.conf.erb | 77 +++++++++++++++++ > ovirt-server.spec.in | 3 - > 6 files changed, 178 insertions(+), 118 deletions(-) > delete mode 100644 conf/ovirt-server.conf > create mode 100644 installer/modules/ovirt/templates/ovirt-httpd-seperate.conf.erb > create mode 100644 installer/modules/ovirt/templates/ovirt-httpd-single.conf.erb > > diff --git a/conf/ovirt-server.conf b/conf/ovirt-server.conf > deleted file mode 100644 > index e4ebd5b..0000000 > --- a/conf/ovirt-server.conf > +++ /dev/null > @@ -1,88 +0,0 @@ > -NameVirtualHost GuestNetIpAddress:80 > -<VirtualHost GuestNetIpAddress:80> > - <Location /ovirt> > - RewriteEngine on > - RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L] > - </Location> > -</VirtualHost> > - > -NameVirtualHost GuestNetIpAddress:443 > -NameVirtualHost AdminNetIpAddress:80 > - > -<VirtualHost GuestNetIpAddress:443> > - > - NSSEngine on > - NSSCipherSuite +rsa_rc4_128_md5,+rsa_rc4_128_sha,+rsa_3des_sha,-rsa_des_sha,-rsa_rc4_40_md5,-rsa_rc2_40_md5,-rsa_null_md5,-rsa_null_sha,+fips_3des_sha,-fips_des_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-rsa_des_56_sha,-rsa_rc4_56_sha,+rsa_aes_128_sha,+rsa_aes_256_sha > - NSSProtocol SSLv3,TLSv1 > - NSSNickname Server-Cert > - NSSCertificateDatabase /etc/httpd/alias > - > - ErrorLog /etc/httpd/logs/error_log > - TransferLog /etc/httpd/logs/access_log > - LogLevel warn > - > - RewriteEngine On > - RewriteMap vmnodes prg:/usr/bin/ovirt-vm2node > - RewriteRule ^/terminal/(.+)/anyterm-module$ http://${vmnodes:$1}:81/anyterm-module [P] > - RewriteRule ^/terminal/(.+)/(.*\.(html|js|css|gif))*$ http://127.0.0.1/terminal/$2 [P,NE] > - > - ProxyPass /ovirt http://AdminNodeFQDN/ovirt retry=3 > - ProxyPassReverse /ovirt http://AdminNodeFQDN/ovirt > -</VirtualHost> > - > -<VirtualHost AdminNetIpAddress:80> > - > - ServerAlias AdminNodeFQDN > - ServerName AdminNodeFQDN:80 > - > - ErrorLog /etc/httpd/logs/error_log > - TransferLog /etc/httpd/logs/access_log > - LogLevel warn > - > - ProxyRequests Off > - > -<ProxyMatch ^.*/ovirt/login.*$> > - AuthType Kerberos > - AuthName "Kerberos Login" > - KrbMethodNegotiate on > - KrbMethodK5Passwd on > - KrbServiceName HTTP > - Krb5KeyTab /etc/httpd/conf/ipa.keytab > - KrbSaveCredentials on > - Require valid-user > - ErrorDocument 401 /ovirt/errors/401.html > - ErrorDocument 404 /ovirt/errors/404.html > - ErrorDocument 500 /ovirt/errors/500.html > - RewriteEngine on > - Order deny,allow > - Allow from all > - > - # We create a subrequest to find REMOTE_USER. Don't do this for every > - # subrequest too (slow and huge logs result) > - RewriteCond %{IS_SUBREQ}% false > - RewriteRule .* - [E=RU:%{LA-U:REMOTE_USER}] > - RequestHeader set X-Forwarded-User %{RU}e > - RequestHeader set X-Forwarded-Keytab %{KRB5CCNAME}e > - > - # RequestHeader unset Authorization > -</ProxyMatch> > - > -Alias /ovirt/stylesheets "/usr/share/ovirt-server/public/stylesheets" > -Alias /ovirt/images "/usr/share/ovirt-server/public/images" > -Alias /ovirt/errors "/usr/share/ovirt-server/public/" > - > -ProxyPass /ovirt/images ! > -ProxyPass /ovirt/stylesheets ! > -ProxyPass /ovirt/errors ! > -ProxyPass /ovirt http://localhost:3000/ovirt > -ProxyPassReverse /ovirt http://localhost:3000/ovirt > -ProxyPassReverse /ovirt/images ! > -ProxyPassReverse /ovirt/stylesheets ! > -ProxyPassReverse /ovirt/errors ! > - > -</VirtualHost> > - > -Alias /terminal /usr/share/ovirt-anyterm > -<Location /terminal> > - DirectoryIndex anyterm.html > -</Location> > diff --git a/installer/bin/ovirt-installer b/installer/bin/ovirt-installer > index a38ea83..5d6350f 100755 > --- a/installer/bin/ovirt-installer > +++ b/installer/bin/ovirt-installer > @@ -172,13 +172,11 @@ else > end > end > > -guest_httpd_dev = prompt_for_interface("Enter the interface for the Guest network:", interfaces, :default => "eth0") > +guest_dev = prompt_for_interface("Enter the interface for the Guest network:", interfaces, :default => "eth0") > admin_dev = prompt_for_interface("Enter the interface for the Admin network (this may be the same as the Guest network interface):", interfaces, :default => "eth0") > > -#FIXME: correctly configure separate networks. > -#For now, define admin and guest networks to be the same > -guest_dev = admin_dev > -#sep_networks = (guest_dev == admin_dev) ? "n" : "y" > +# different scenarios for 1 & 2 networks > +seperate_networks = (guest_dev == admin_dev) ? "n" : "y" > > ovirt_host = prompt_for_answer("Enter the hostname of the oVirt management server (example: management.example.com):", :regex => IP_OR_FQDN) > ipa_host = ovirt_host > @@ -193,7 +191,6 @@ File.open('/etc/resolv.conf').each_line{ |line| > otherwise select \"n\" and a dns server will be configured during the install', RED) %>") > dns_servers = prompt_yes_no("Use this systems's dns servers?") > > -guest_httpd_ipaddr = interfaces[guest_httpd_dev] > guest_ipaddr = interfaces[guest_dev] > admin_ipaddr = interfaces[admin_dev] > > @@ -276,9 +273,9 @@ firewall::setup{'setup': > firewall_rule{"ssh": destination_port => "22"} > > #DNS Configuration > -$guest_httpd_ipaddr = '<%= guest_httpd_ipaddr %>' > $guest_ipaddr = '<%= guest_ipaddr %>' > $admin_ipaddr = '<%= admin_ipaddr %>' > +$seperate_networks = '<%= seperate_networks %>' > $ovirt_host = '<%= ovirt_host %>' > $ipa_host = '<%= ipa_host %>' > > diff --git a/installer/modules/ovirt/manifests/ovirt.pp b/installer/modules/ovirt/manifests/ovirt.pp > index b018a00..18a14c9 100644 > --- a/installer/modules/ovirt/manifests/ovirt.pp > +++ b/installer/modules/ovirt/manifests/ovirt.pp > @@ -20,26 +20,15 @@ > > class ovirt::setup { > > - file_replacement{"ovirt_httpd_config_change_guest_net": > - file => "/etc/httpd/conf.d/ovirt-server.conf", > - pattern => "GuestNetIpAddress", > - replacement => "$guest_httpd_ipaddr", > - require => Package[ovirt-server] > - } > - > - file_replacement{"ovirt_httpd_config_change_admin_net": > - file => "/etc/httpd/conf.d/ovirt-server.conf", > - pattern => "AdminNetIpAddress", > - replacement => "$admin_ipaddr", > - require => Package[ovirt-server] > - } > - > - file_replacement{"ovirt_httpd_config_change_server_fqdn": > - file => "/etc/httpd/conf.d/ovirt-server.conf", > - pattern => "AdminNodeFQDN", > - replacement => "$ovirt_host", > - require => Package[ovirt-server] > - } > + file {"/etc/httpd/conf.d/ovirt-server.conf": > + content => $seperate_networks ? { > + y => template("ovirt/ovirt-httpd-seperate.conf.erb"), > + n => template("ovirt/ovirt-httpd-single.conf.erb") > + }, > + mode => 644, > + notify => Service[httpd], > + require => [Package[ovirt-server], Package[httpd]] > + } > > package {"ovirt-server": > ensure => installed, > diff --git a/installer/modules/ovirt/templates/ovirt-httpd-seperate.conf.erb b/installer/modules/ovirt/templates/ovirt-httpd-seperate.conf.erb > new file mode 100644 > index 0000000..f91016e > --- /dev/null > +++ b/installer/modules/ovirt/templates/ovirt-httpd-seperate.conf.erb > @@ -0,0 +1,88 @@ > +NameVirtualHost <%= guest_ipaddr %>:80 > +<VirtualHost <%= guest_ipaddr %>:80> > + <Location /ovirt> > + RewriteEngine on > + RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L] > + </Location> > +</VirtualHost> > + > +NameVirtualHost <%= guest_ipaddr %>:443 > +NameVirtualHost <%= admin_ipaddr %>:80 > + > +<VirtualHost <%= guest_ipaddr %>:443> > + > + NSSEngine on > + NSSCipherSuite +rsa_rc4_128_md5,+rsa_rc4_128_sha,+rsa_3des_sha,-rsa_des_sha,-rsa_rc4_40_md5,-rsa_rc2_40_md5,-rsa_null_md5,-rsa_null_sha,+fips_3des_sha,-fips_des_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-rsa_des_56_sha,-rsa_rc4_56_sha,+rsa_aes_128_sha,+rsa_aes_256_sha > + NSSProtocol SSLv3,TLSv1 > + NSSNickname Server-Cert > + NSSCertificateDatabase /etc/httpd/alias > + > + ErrorLog /etc/httpd/logs/error_log > + TransferLog /etc/httpd/logs/access_log > + LogLevel warn > + > + RewriteEngine On > + RewriteMap vmnodes prg:/usr/bin/ovirt-vm2node > + RewriteRule ^/terminal/(.+)/anyterm-module$ http://${vmnodes:$1}:81/anyterm-module [P] > + RewriteRule ^/terminal/(.+)/(.*\.(html|js|css|gif))*$ http://127.0.0.1/terminal/$2 [P,NE] > + > + ProxyPass /ovirt http://<%= ovirt_host %>/ovirt retry=3 > + ProxyPassReverse /ovirt http://<%= ovirt_host %>/ovirt > +</VirtualHost> > + > +<VirtualHost <%= admin_ipaddr %>:80> > + > + ServerAlias <%= ovirt_host %> > + ServerName <%= ovirt_host %>:80 > + > + ErrorLog /etc/httpd/logs/error_log > + TransferLog /etc/httpd/logs/access_log > + LogLevel warn > + > + ProxyRequests Off > + > +<ProxyMatch ^.*/ovirt/login.*$> > + AuthType Kerberos > + AuthName "Kerberos Login" > + KrbMethodNegotiate on > + KrbMethodK5Passwd on > + KrbServiceName HTTP > + Krb5KeyTab /etc/httpd/conf/ipa.keytab > + KrbSaveCredentials on > + Require valid-user > + ErrorDocument 401 /ovirt/errors/401.html > + ErrorDocument 404 /ovirt/errors/404.html > + ErrorDocument 500 /ovirt/errors/500.html > + RewriteEngine on > + Order deny,allow > + Allow from all > + > + # We create a subrequest to find REMOTE_USER. Don't do this for every > + # subrequest too (slow and huge logs result) > + RewriteCond %{IS_SUBREQ}% false > + RewriteRule .* - [E=RU:%{LA-U:REMOTE_USER}] > + RequestHeader set X-Forwarded-User %{RU}e > + RequestHeader set X-Forwarded-Keytab %{KRB5CCNAME}e > + > + # RequestHeader unset Authorization > +</ProxyMatch> > + > +Alias /ovirt/stylesheets "/usr/share/ovirt-server/public/stylesheets" > +Alias /ovirt/images "/usr/share/ovirt-server/public/images" > +Alias /ovirt/errors "/usr/share/ovirt-server/public/" > + > +ProxyPass /ovirt/images ! > +ProxyPass /ovirt/stylesheets ! > +ProxyPass /ovirt/errors ! > +ProxyPass /ovirt http://localhost:3000/ovirt > +ProxyPassReverse /ovirt http://localhost:3000/ovirt > +ProxyPassReverse /ovirt/images ! > +ProxyPassReverse /ovirt/stylesheets ! > +ProxyPassReverse /ovirt/errors ! > + > +</VirtualHost> > + > +Alias /terminal /usr/share/ovirt-anyterm > +<Location /terminal> > + DirectoryIndex anyterm.html > +</Location> > diff --git a/installer/modules/ovirt/templates/ovirt-httpd-single.conf.erb b/installer/modules/ovirt/templates/ovirt-httpd-single.conf.erb > new file mode 100644 > index 0000000..47cc606 > --- /dev/null > +++ b/installer/modules/ovirt/templates/ovirt-httpd-single.conf.erb > @@ -0,0 +1,77 @@ > +NameVirtualHost <%= guest_ipaddr %>:80 > +<VirtualHost <%= guest_ipaddr %>:80> > + <Location /ovirt> > + RewriteEngine on > + RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L] > + </Location> > +</VirtualHost> > + > +NameVirtualHost <%= guest_ipaddr %>:443 > + > +<VirtualHost <%= guest_ipaddr %>:443> > + > + ProxyRequests Off > + > + ServerAlias <%= ovirt_host %> > + ServerName <%= ovirt_host %>:443 > + > + NSSEngine on > + NSSCipherSuite +rsa_rc4_128_md5,+rsa_rc4_128_sha,+rsa_3des_sha,-rsa_des_sha,-rsa_rc4_40_md5,-rsa_rc2_40_md5,-rsa_null_md5,-rsa_null_sha,+fips_3des_sha,-fips_des_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-rsa_des_56_sha,-rsa_rc4_56_sha,+rsa_aes_128_sha,+rsa_aes_256_sha > + NSSProtocol SSLv3,TLSv1 > + NSSNickname Server-Cert > + NSSCertificateDatabase /etc/httpd/alias > + > + ErrorLog /etc/httpd/logs/error_log > + TransferLog /etc/httpd/logs/access_log > + LogLevel debug > + > + RewriteEngine On > + RewriteMap vmnodes prg:/usr/bin/ovirt-vm2node > + RewriteRule ^/terminal/(.+)/anyterm-module$ http://${vmnodes:$1}:81/anyterm-module [P] > + RewriteRule ^/terminal/(.+)/(.*\.(html|js|css|gif))*$ http://127.0.0.1/terminal/$2 [P,NE] > + > + <ProxyMatch ^.*/ovirt/login.*$> > + AuthType Kerberos > + AuthName "Kerberos Login" > + KrbMethodNegotiate on > + KrbMethodK5Passwd on > + KrbServiceName HTTP > + Krb5KeyTab /etc/httpd/conf/ipa.keytab > + KrbSaveCredentials on > + Require valid-user > + ErrorDocument 401 /ovirt/errors/401.html > + ErrorDocument 404 /ovirt/errors/404.html > + ErrorDocument 500 /ovirt/errors/500.html > + RewriteEngine on > + Order deny,allow > + Allow from all > + > + # We create a subrequest to find REMOTE_USER. Don't do this for every > + # subrequest too (slow and huge logs result) > + RewriteCond %{IS_SUBREQ}% false > + RewriteRule .* - [E=RU:%{LA-U:REMOTE_USER}] > + RequestHeader set X-Forwarded-User %{RU}e > + RequestHeader set X-Forwarded-Keytab %{KRB5CCNAME}e > + > + # RequestHeader unset Authorization > + </ProxyMatch> > + > + Alias /ovirt/stylesheets "/usr/share/ovirt-server/public/stylesheets" > + Alias /ovirt/images "/usr/share/ovirt-server/public/images" > + Alias /ovirt/errors "/usr/share/ovirt-server/public/" > + > + ProxyPass /ovirt/images ! > + ProxyPass /ovirt/stylesheets ! > + ProxyPass /ovirt/errors ! > + ProxyPass /ovirt http://localhost:3000/ovirt > + ProxyPassReverse /ovirt http://localhost:3000/ovirt > + ProxyPassReverse /ovirt/images ! > + ProxyPassReverse /ovirt/stylesheets ! > + ProxyPassReverse /ovirt/errors ! > + > +</VirtualHost> > + > +Alias /terminal /usr/share/ovirt-anyterm > +<Location /terminal> > + DirectoryIndex anyterm.html > +</Location> > diff --git a/ovirt-server.spec.in b/ovirt-server.spec.in > index 0715690..ad5ace1 100644 > --- a/ovirt-server.spec.in > +++ b/ovirt-server.spec.in > @@ -86,7 +86,6 @@ mkdir %{buildroot} > %{__install} -d -m0755 %{buildroot}%{_sbindir} > %{__install} -d -m0755 %{buildroot}%{_initrddir} > %{__install} -d -m0755 %{buildroot}%{_sysconfdir}/sysconfig > -%{__install} -d -m0755 %{buildroot}%{_sysconfdir}/httpd/conf.d > %{__install} -d -m0755 %{buildroot}%{_sysconfdir}/%{name} > %{__install} -d -m0755 %{buildroot}%{_sysconfdir}/%{name}/db > %{__install} -d -m0755 %{buildroot}%{_sysconfdir}/logrotate.d > @@ -105,7 +104,6 @@ touch %{buildroot}%{_localstatedir}/log/%{name}/mongrel.log > touch %{buildroot}%{_localstatedir}/log/%{name}/rails.log > touch %{buildroot}%{_localstatedir}/log/%{name}/taskomatic.log > touch %{buildroot}%{_localstatedir}/log/%{name}/db-omatic.log > -%{__install} -p -m0644 %{pbuild}/conf/%{name}.conf %{buildroot}%{_sysconfdir}/httpd/conf.d > %{__install} -p -m0644 %{pbuild}/conf/%{name}.crontab %{buildroot}%{_sysconfdir}/cron.d/%{name} > %{__install} -p -m0644 %{pbuild}/conf/%{name}.logrotate %{buildroot}%{_sysconfdir}/logrotate.d/%{name} > > @@ -240,7 +238,6 @@ fi > %config(noreplace) %{_sysconfdir}/sysconfig/ovirt-mongrel-rails > %config(noreplace) %{_sysconfdir}/sysconfig/ovirt-rails > %config(noreplace) %{_sysconfdir}/sysconfig/ovirt-vnc-proxy > -%config(noreplace) %{_sysconfdir}/httpd/conf.d/%{name}.conf > %doc README AUTHORS COPYING > %attr(-, ovirt, ovirt) %{_localstatedir}/lib/%{name} > %attr(-, ovirt, ovirt) %{_localstatedir}/run/%{name} >I'm running into the eternal redirect problem in single network mode, might just be my config, anyone else have a chance to try this out?
Maybe Matching Threads
- [PATCH server] add server-side groundwork for remote freeipa server
- How to install ovirt in working environment?
- [PATCH server] last patch to implement remote freeipa
- [PATCH server] Fix anyterm for multinode support
- [error] avahi_entry_group_add_service_strlst("AdminNodeFQDN") failed: Invalid host name