[Ovirt-devel] [PATCH server] Proxy Guest network VirtualHost to Admin network VirtualHost

Thu Mar 19 02:33:45 UTC 2009

On Wed, 2009-03-18 at 20:35 -0500, Steve Linabery wrote:
> This change allows mod_auth_kerb to always have the FQDN for authentication.
> ---
>  conf/ovirt-server.conf                     |   30 ++++++++++++++++++++-------
>  installer/modules/ovirt/manifests/ovirt.pp |    7 ++++++
>  2 files changed, 29 insertions(+), 8 deletions(-)
> 
> diff --git a/conf/ovirt-server.conf b/conf/ovirt-server.conf
> index e414f07..bab6f1a 100644
> --- a/conf/ovirt-server.conf
> +++ b/conf/ovirt-server.conf
> @@ -1,5 +1,5 @@
> -NameVirtualHost *:80
> -<VirtualHost *:80>
> +NameVirtualHost GuestNetIpAddress:80
> +<VirtualHost GuestNetIpAddress:80>
>    <Location /ovirt>
>      RewriteEngine on
>      RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
> @@ -7,20 +7,34 @@ NameVirtualHost *:80
>  </VirtualHost>
>  
>  NameVirtualHost GuestNetIpAddress:443
> -NameVirtualHost AdminNetIpAddress:443
> -<VirtualHost GuestNetIpAddress:443 AdminNetIpAddress:443>
> +NameVirtualHost AdminNetIpAddress:80
>  
> -  RequestHeader set X_FORWARDED_PROTO 'https'
> +<VirtualHost GuestNetIpAddress:443>
>  
> -  ErrorLog /etc/httpd/logs/error_log
> -  TransferLog /etc/httpd/logs/access_log
> -  LogLevel warn
>    NSSEngine on
>    NSSCipherSuite +rsa_rc4_128_md5,+rsa_rc4_128_sha,+rsa_3des_sha,-rsa_des_sha,-rsa_rc4_40_md5,-rsa_rc2_40_md5,-rsa_null_md5,-rsa_null_sha,+fips_3des_sha,-fips_des_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-rsa_des_56_sha,-rsa_rc4_56_sha,+rsa_aes_128_sha,+rsa_aes_256_sha
>    NSSProtocol SSLv3,TLSv1
>    NSSNickname Server-Cert
>    NSSCertificateDatabase /etc/httpd/alias
>  
> +  ErrorLog /etc/httpd/logs/error_log
> +  TransferLog /etc/httpd/logs/access_log
> +  LogLevel warn
> +
> +  ProxyPass /ovirt http://AdminNodeFQDN/ovirt
> +  ProxyPassReverse /ovirt http://AdminNodeFQDN/ovirt
> +
> +</VirtualHost>
> +
> +<VirtualHost AdminNetIpAddress:80>
> +
> +  ServerAlias AdminNodeFQDN
> +  ServerName AdminNodeFQDN:80
> +
> +  ErrorLog /etc/httpd/logs/error_log
> +  TransferLog /etc/httpd/logs/access_log
> +  LogLevel warn
> +
>    ProxyRequests Off
>  
>  <ProxyMatch ^.*/ovirt/login.*$>
> diff --git a/installer/modules/ovirt/manifests/ovirt.pp b/installer/modules/ovirt/manifests/ovirt.pp
> index 723d758..09b1925 100644
> --- a/installer/modules/ovirt/manifests/ovirt.pp
> +++ b/installer/modules/ovirt/manifests/ovirt.pp
> @@ -34,6 +34,13 @@ class ovirt::setup {
>  		require => Package[ovirt-server]
>          }
>  
> +	file_replacement{"ovirt_httpd_config_change_server_fqdn":
> +	        file => "/etc/httpd/conf.d/ovirt-server.conf",
> +	        pattern => "AdminNodeFQDN",
> +	        replacement => "$ovirt_host",
> +		require => Package[ovirt-server]
> +        }
> +
>          package {"ovirt-server":
>  		ensure => installed,
>  		require => Single_exec[set_pw_expiration]

Well, as I have already manually done this and know that works, ACK.  I
will do a fresh build in the morning anyway to make sure on the ovirt.pp
bit, but I am sure that is fine as well.