diff --git a/manifests/init.pp b/manifests/init.pp index 619282ffc..8eba6452c 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -83,6 +83,9 @@ $log_level = 'DEBUG', $can_set_mount_point = 'True', $listen_ssl = false, + $horizon_cert = undef, + $horizon_key = undef, + $horizon_ca = undef, $local_settings_template = 'horizon/local_settings.py.erb' ) { @@ -141,6 +144,12 @@ } if $listen_ssl { + include apache::mod::ssl + + if $horizon_ca == undef or $horizon_cert == undef or $horizon_key == undef { + fail('The horizon CA, cert and key are all required.') + } + file_line { 'httpd_listen_on_bind_address_443': path => $::horizon::params::httpd_listen_config_file, match => '^Listen (.*):?443$', @@ -148,6 +157,40 @@ require => Package['horizon'], notify => Service[$::horizon::params::http_service], } + + # Enable SSL Engine + file_line{'httpd_sslengine_on': + path => $::horizon::params::httpd_listen_config_file, + match => '^SSLEngine ', + line => 'SSLEngine on', + notify => Service[$::horizon::params::http_service], + require => Class['apache::mod::ssl'], + } + + # set the name of the ssl cert and key file + file_line{'httpd_sslcert_path': + path => $::horizon::params::httpd_listen_config_file, + match => '^SSLCertificateFile ', + line => "SSLCertificateFile ${horizon_cert}", + notify => Service[$::horizon::params::http_service], + require => Class['apache::mod::ssl'], + } + + file_line{'httpd_sslkey_path': + path => $::horizon::params::httpd_listen_config_file, + match => '^SSLCertificateKeyFile ', + line => "SSLCertificateKeyFile ${horizon_key}", + notify => Service[$::horizon::params::http_service], + require => Class['apache::mod::ssl'], + } + + file_line{'httpd_sslca_path': + path => $::horizon::params::httpd_listen_config_file, + match => '^SSLCACertificateFile ', + line => "SSLCACertificateFile ${horizon_ca}", + notify => Service[$::horizon::params::http_service], + require => Class['apache::mod::ssl'], + } } $django_wsgi = '/usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi' diff --git a/spec/classes/horizon_init_spec.rb b/spec/classes/horizon_init_spec.rb index 5aec94b26..edc84adb9 100644 --- a/spec/classes/horizon_init_spec.rb +++ b/spec/classes/horizon_init_spec.rb @@ -29,6 +29,31 @@ it { should contain_service('httpd').with_name('httpd') } it { should contain_file('/etc/httpd/conf.d/openstack-dashboard.conf') } + describe 'with default parameters' do + it { should contain_package('horizon').with_ensure('present') } + it { should contain_file_line('horizon_redirect_rule').with( + :line => "RedirectMatch permanent ^/$ \/dashboard/" + )} + end + + describe 'when ssl is enabled' do + before do + params.merge!({ + :listen_ssl => true, + :horizon_cert => '/etc/pki/tls/certs/httpd.crt', + :horizon_key => '/etc/pki/tls/private/httpd.key', + :horizon_ca => '/etc/pki/tls/certs/ca.crt', + }) + end + + it { should contain_file_line('httpd_sslcert_path').with( + :line => "SSLCertificateFile /etc/pki/tls/certs/httpd.crt" + )} + it { should contain_file_line('httpd_sslkey_path').with( + :line => "SSLCertificateKeyFile /etc/pki/tls/private/httpd.key" + )} + end + end describe 'on Debian platforms' do @@ -44,6 +69,9 @@ describe 'with default parameters' do it { should contain_package('horizon').with_ensure('present') } + it { should contain_file_line('horizon_redirect_rule').with( + :line => "RedirectMatch permanent ^/$ /horizon/" + )} it 'generates local_settings.py' do verify_contents(subject, '/etc/openstack-dashboard/local_settings.py', [ 'DEBUG = False', @@ -104,5 +132,23 @@ ]) end end + + describe 'when ssl is enabled' do + before do + params.merge!({ + :listen_ssl => true, + :horizon_cert => '/etc/ssl/localcerts/apache.crt', + :horizon_key => '/etc/ssl/localcerts/apache.key', + :horizon_ca => '/etc/ssl/localcerts/ca.crt', + }) + end + + it { should contain_file_line('httpd_sslcert_path').with( + :line => "SSLCertificateFile /etc/ssl/localcerts/apache.crt" + )} + it { should contain_file_line('httpd_sslkey_path').with( + :line => "SSLCertificateKeyFile /etc/ssl/localcerts/apache.key" + )} + end end end