[Ovirt-devel] [PATCH server] Proxy Guest network VirtualHost to Admin network VirtualHost
Jason Guiditta
jguiditt at redhat.com
Thu Mar 19 02:33:45 UTC 2009
On Wed, 2009-03-18 at 20:35 -0500, Steve Linabery wrote:
> This change allows mod_auth_kerb to always have the FQDN for authentication.
> ---
> conf/ovirt-server.conf | 30 ++++++++++++++++++++-------
> installer/modules/ovirt/manifests/ovirt.pp | 7 ++++++
> 2 files changed, 29 insertions(+), 8 deletions(-)
>
> diff --git a/conf/ovirt-server.conf b/conf/ovirt-server.conf
> index e414f07..bab6f1a 100644
> --- a/conf/ovirt-server.conf
> +++ b/conf/ovirt-server.conf
> @@ -1,5 +1,5 @@
> -NameVirtualHost *:80
> -<VirtualHost *:80>
> +NameVirtualHost GuestNetIpAddress:80
> +<VirtualHost GuestNetIpAddress:80>
> <Location /ovirt>
> RewriteEngine on
> RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
> @@ -7,20 +7,34 @@ NameVirtualHost *:80
> </VirtualHost>
>
> NameVirtualHost GuestNetIpAddress:443
> -NameVirtualHost AdminNetIpAddress:443
> -<VirtualHost GuestNetIpAddress:443 AdminNetIpAddress:443>
> +NameVirtualHost AdminNetIpAddress:80
>
> - RequestHeader set X_FORWARDED_PROTO 'https'
> +<VirtualHost GuestNetIpAddress:443>
>
> - ErrorLog /etc/httpd/logs/error_log
> - TransferLog /etc/httpd/logs/access_log
> - LogLevel warn
> NSSEngine on
> NSSCipherSuite +rsa_rc4_128_md5,+rsa_rc4_128_sha,+rsa_3des_sha,-rsa_des_sha,-rsa_rc4_40_md5,-rsa_rc2_40_md5,-rsa_null_md5,-rsa_null_sha,+fips_3des_sha,-fips_des_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-rsa_des_56_sha,-rsa_rc4_56_sha,+rsa_aes_128_sha,+rsa_aes_256_sha
> NSSProtocol SSLv3,TLSv1
> NSSNickname Server-Cert
> NSSCertificateDatabase /etc/httpd/alias
>
> + ErrorLog /etc/httpd/logs/error_log
> + TransferLog /etc/httpd/logs/access_log
> + LogLevel warn
> +
> + ProxyPass /ovirt http://AdminNodeFQDN/ovirt
> + ProxyPassReverse /ovirt http://AdminNodeFQDN/ovirt
> +
> +</VirtualHost>
> +
> +<VirtualHost AdminNetIpAddress:80>
> +
> + ServerAlias AdminNodeFQDN
> + ServerName AdminNodeFQDN:80
> +
> + ErrorLog /etc/httpd/logs/error_log
> + TransferLog /etc/httpd/logs/access_log
> + LogLevel warn
> +
> ProxyRequests Off
>
> <ProxyMatch ^.*/ovirt/login.*$>
> diff --git a/installer/modules/ovirt/manifests/ovirt.pp b/installer/modules/ovirt/manifests/ovirt.pp
> index 723d758..09b1925 100644
> --- a/installer/modules/ovirt/manifests/ovirt.pp
> +++ b/installer/modules/ovirt/manifests/ovirt.pp
> @@ -34,6 +34,13 @@ class ovirt::setup {
> require => Package[ovirt-server]
> }
>
> + file_replacement{"ovirt_httpd_config_change_server_fqdn":
> + file => "/etc/httpd/conf.d/ovirt-server.conf",
> + pattern => "AdminNodeFQDN",
> + replacement => "$ovirt_host",
> + require => Package[ovirt-server]
> + }
> +
> package {"ovirt-server":
> ensure => installed,
> require => Single_exec[set_pw_expiration]
Well, as I have already manually done this and know that works, ACK. I
will do a fresh build in the morning anyway to make sure on the ovirt.pp
bit, but I am sure that is fine as well.
More information about the ovirt-devel
mailing list