[Ovirt-devel] [PATCH server] Proxy Guest network VirtualHost to Admin network VirtualHost
Steve Linabery
slinabery at redhat.com
Thu Mar 19 03:51:06 UTC 2009
On Wed, Mar 18, 2009 at 10:33:45PM -0400, Jason Guiditta wrote:
> On Wed, 2009-03-18 at 20:35 -0500, Steve Linabery wrote:
> > This change allows mod_auth_kerb to always have the FQDN for authentication.
> > ---
> > conf/ovirt-server.conf | 30 ++++++++++++++++++++-------
> > installer/modules/ovirt/manifests/ovirt.pp | 7 ++++++
> > 2 files changed, 29 insertions(+), 8 deletions(-)
> >
> > diff --git a/conf/ovirt-server.conf b/conf/ovirt-server.conf
> > index e414f07..bab6f1a 100644
> > --- a/conf/ovirt-server.conf
> > +++ b/conf/ovirt-server.conf
> > @@ -1,5 +1,5 @@
> > -NameVirtualHost *:80
> > -<VirtualHost *:80>
> > +NameVirtualHost GuestNetIpAddress:80
> > +<VirtualHost GuestNetIpAddress:80>
> > <Location /ovirt>
> > RewriteEngine on
> > RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
> > @@ -7,20 +7,34 @@ NameVirtualHost *:80
> > </VirtualHost>
> >
> > NameVirtualHost GuestNetIpAddress:443
> > -NameVirtualHost AdminNetIpAddress:443
> > -<VirtualHost GuestNetIpAddress:443 AdminNetIpAddress:443>
> > +NameVirtualHost AdminNetIpAddress:80
> >
> > - RequestHeader set X_FORWARDED_PROTO 'https'
> > +<VirtualHost GuestNetIpAddress:443>
> >
> > - ErrorLog /etc/httpd/logs/error_log
> > - TransferLog /etc/httpd/logs/access_log
> > - LogLevel warn
> > NSSEngine on
> > NSSCipherSuite +rsa_rc4_128_md5,+rsa_rc4_128_sha,+rsa_3des_sha,-rsa_des_sha,-rsa_rc4_40_md5,-rsa_rc2_40_md5,-rsa_null_md5,-rsa_null_sha,+fips_3des_sha,-fips_des_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-rsa_des_56_sha,-rsa_rc4_56_sha,+rsa_aes_128_sha,+rsa_aes_256_sha
> > NSSProtocol SSLv3,TLSv1
> > NSSNickname Server-Cert
> > NSSCertificateDatabase /etc/httpd/alias
> >
> > + ErrorLog /etc/httpd/logs/error_log
> > + TransferLog /etc/httpd/logs/access_log
> > + LogLevel warn
> > +
> > + ProxyPass /ovirt http://AdminNodeFQDN/ovirt
> > + ProxyPassReverse /ovirt http://AdminNodeFQDN/ovirt
> > +
> > +</VirtualHost>
> > +
> > +<VirtualHost AdminNetIpAddress:80>
> > +
> > + ServerAlias AdminNodeFQDN
> > + ServerName AdminNodeFQDN:80
> > +
> > + ErrorLog /etc/httpd/logs/error_log
> > + TransferLog /etc/httpd/logs/access_log
> > + LogLevel warn
> > +
> > ProxyRequests Off
> >
> > <ProxyMatch ^.*/ovirt/login.*$>
> > diff --git a/installer/modules/ovirt/manifests/ovirt.pp b/installer/modules/ovirt/manifests/ovirt.pp
> > index 723d758..09b1925 100644
> > --- a/installer/modules/ovirt/manifests/ovirt.pp
> > +++ b/installer/modules/ovirt/manifests/ovirt.pp
> > @@ -34,6 +34,13 @@ class ovirt::setup {
> > require => Package[ovirt-server]
> > }
> >
> > + file_replacement{"ovirt_httpd_config_change_server_fqdn":
> > + file => "/etc/httpd/conf.d/ovirt-server.conf",
> > + pattern => "AdminNodeFQDN",
> > + replacement => "$ovirt_host",
> > + require => Package[ovirt-server]
> > + }
> > +
> > package {"ovirt-server":
> > ensure => installed,
> > require => Single_exec[set_pw_expiration]
>
> Well, as I have already manually done this and know that works, ACK. I
> will do a fresh build in the morning anyway to make sure on the ovirt.pp
> bit, but I am sure that is fine as well.
>
Yeah, and I built with this tonight, and it worked fine. So I'll push it.
Goodnight,
Steve
More information about the ovirt-devel
mailing list