[Ovirt-devel] [PATCH server] oVirt server single network installer

Mohammed Morsi mmorsi at redhat.com
Thu Sep 17 22:08:18 UTC 2009


Updates the installer to handle the scenario in which the guest and
admin networks are the same by using an alternative httpd conf.

Verified to work (eg oVirt managed vms are bootable) on the
oVirt appliance so far.
---
 conf/ovirt-server.conf                             |   88 --------------------
 installer/bin/ovirt-installer                      |   11 +--
 installer/modules/ovirt/manifests/ovirt.pp         |   29 ++-----
 .../ovirt/templates/ovirt-httpd-seperate.conf.erb  |   88 ++++++++++++++++++++
 .../ovirt/templates/ovirt-httpd-single.conf.erb    |   77 +++++++++++++++++
 ovirt-server.spec.in                               |    3 -
 6 files changed, 178 insertions(+), 118 deletions(-)
 delete mode 100644 conf/ovirt-server.conf
 create mode 100644 installer/modules/ovirt/templates/ovirt-httpd-seperate.conf.erb
 create mode 100644 installer/modules/ovirt/templates/ovirt-httpd-single.conf.erb

diff --git a/conf/ovirt-server.conf b/conf/ovirt-server.conf
deleted file mode 100644
index e4ebd5b..0000000
--- a/conf/ovirt-server.conf
+++ /dev/null
@@ -1,88 +0,0 @@
-NameVirtualHost GuestNetIpAddress:80
-<VirtualHost GuestNetIpAddress:80>
-  <Location /ovirt>
-    RewriteEngine on
-    RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
-  </Location>
-</VirtualHost>
-
-NameVirtualHost GuestNetIpAddress:443
-NameVirtualHost AdminNetIpAddress:80
-
-<VirtualHost GuestNetIpAddress:443>
-
-  NSSEngine on
-  NSSCipherSuite +rsa_rc4_128_md5,+rsa_rc4_128_sha,+rsa_3des_sha,-rsa_des_sha,-rsa_rc4_40_md5,-rsa_rc2_40_md5,-rsa_null_md5,-rsa_null_sha,+fips_3des_sha,-fips_des_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-rsa_des_56_sha,-rsa_rc4_56_sha,+rsa_aes_128_sha,+rsa_aes_256_sha
-  NSSProtocol SSLv3,TLSv1
-  NSSNickname Server-Cert
-  NSSCertificateDatabase /etc/httpd/alias
-
-  ErrorLog /etc/httpd/logs/error_log
-  TransferLog /etc/httpd/logs/access_log
-  LogLevel warn
-
-  RewriteEngine On
-  RewriteMap vmnodes prg:/usr/bin/ovirt-vm2node
-  RewriteRule ^/terminal/(.+)/anyterm-module$ http://${vmnodes:$1}:81/anyterm-module [P]
-  RewriteRule ^/terminal/(.+)/(.*\.(html|js|css|gif))*$ http://127.0.0.1/terminal/$2 [P,NE]
-
-  ProxyPass /ovirt http://AdminNodeFQDN/ovirt retry=3
-  ProxyPassReverse /ovirt http://AdminNodeFQDN/ovirt
-</VirtualHost>
-
-<VirtualHost AdminNetIpAddress:80>
-
-  ServerAlias AdminNodeFQDN
-  ServerName AdminNodeFQDN:80
-
-  ErrorLog /etc/httpd/logs/error_log
-  TransferLog /etc/httpd/logs/access_log
-  LogLevel warn
-
-  ProxyRequests Off
-
-<ProxyMatch ^.*/ovirt/login.*$>
-  AuthType Kerberos
-  AuthName "Kerberos Login"
-  KrbMethodNegotiate on
-  KrbMethodK5Passwd on
-  KrbServiceName HTTP
-  Krb5KeyTab /etc/httpd/conf/ipa.keytab
-  KrbSaveCredentials on
-  Require valid-user
-  ErrorDocument 401 /ovirt/errors/401.html
-  ErrorDocument 404 /ovirt/errors/404.html
-  ErrorDocument 500 /ovirt/errors/500.html
-  RewriteEngine on
-  Order deny,allow
-  Allow from all
-
-  # We create a subrequest to find REMOTE_USER. Don't do this for every
-  # subrequest too (slow and huge logs result)
-  RewriteCond %{IS_SUBREQ}% false
-  RewriteRule .* - [E=RU:%{LA-U:REMOTE_USER}]
-  RequestHeader set X-Forwarded-User %{RU}e
-  RequestHeader set X-Forwarded-Keytab %{KRB5CCNAME}e
-
-  # RequestHeader unset Authorization
-</ProxyMatch>
-
-Alias /ovirt/stylesheets "/usr/share/ovirt-server/public/stylesheets"
-Alias /ovirt/images "/usr/share/ovirt-server/public/images"
-Alias /ovirt/errors "/usr/share/ovirt-server/public/"
-
-ProxyPass /ovirt/images !
-ProxyPass /ovirt/stylesheets !
-ProxyPass /ovirt/errors !
-ProxyPass /ovirt http://localhost:3000/ovirt
-ProxyPassReverse /ovirt http://localhost:3000/ovirt
-ProxyPassReverse /ovirt/images !
-ProxyPassReverse /ovirt/stylesheets !
-ProxyPassReverse /ovirt/errors !
-
-</VirtualHost>
-
-Alias /terminal /usr/share/ovirt-anyterm
-<Location /terminal>
-  DirectoryIndex anyterm.html
-</Location>
diff --git a/installer/bin/ovirt-installer b/installer/bin/ovirt-installer
index a38ea83..5d6350f 100755
--- a/installer/bin/ovirt-installer
+++ b/installer/bin/ovirt-installer
@@ -172,13 +172,11 @@ else
     end
 end
 
-guest_httpd_dev = prompt_for_interface("Enter the interface for the Guest network:", interfaces, :default => "eth0")
+guest_dev = prompt_for_interface("Enter the interface for the Guest network:", interfaces, :default => "eth0")
 admin_dev = prompt_for_interface("Enter the interface for the Admin network (this may be the same as the Guest network interface):", interfaces, :default => "eth0")
 
-#FIXME: correctly configure separate networks.
-#For now, define admin and guest networks to be the same
-guest_dev = admin_dev
-#sep_networks = (guest_dev == admin_dev) ? "n" : "y"
+# different scenarios for 1 & 2 networks
+seperate_networks = (guest_dev == admin_dev) ? "n" : "y"
 
 ovirt_host = prompt_for_answer("Enter the hostname of the oVirt management server (example: management.example.com):", :regex => IP_OR_FQDN)
 ipa_host = ovirt_host
@@ -193,7 +191,6 @@ File.open('/etc/resolv.conf').each_line{ |line|
 otherwise select \"n\" and a dns server will be configured during the install', RED) %>")
 dns_servers = prompt_yes_no("Use this systems's dns servers?")
 
-guest_httpd_ipaddr = interfaces[guest_httpd_dev]
 guest_ipaddr = interfaces[guest_dev]
 admin_ipaddr = interfaces[admin_dev]
 
@@ -276,9 +273,9 @@ firewall::setup{'setup':
 firewall_rule{"ssh": destination_port => "22"}
 
 #DNS Configuration
-$guest_httpd_ipaddr = '<%= guest_httpd_ipaddr %>'
 $guest_ipaddr = '<%= guest_ipaddr %>'
 $admin_ipaddr = '<%= admin_ipaddr %>'
+$seperate_networks = '<%= seperate_networks %>'
 $ovirt_host = '<%= ovirt_host %>'
 $ipa_host = '<%= ipa_host %>'
 
diff --git a/installer/modules/ovirt/manifests/ovirt.pp b/installer/modules/ovirt/manifests/ovirt.pp
index b018a00..18a14c9 100644
--- a/installer/modules/ovirt/manifests/ovirt.pp
+++ b/installer/modules/ovirt/manifests/ovirt.pp
@@ -20,26 +20,15 @@
 
 class ovirt::setup {
 
-	file_replacement{"ovirt_httpd_config_change_guest_net":
-	        file => "/etc/httpd/conf.d/ovirt-server.conf",
-	        pattern => "GuestNetIpAddress",
-	        replacement => "$guest_httpd_ipaddr",
-		require => Package[ovirt-server]
-        }
-
-	file_replacement{"ovirt_httpd_config_change_admin_net":
-	        file => "/etc/httpd/conf.d/ovirt-server.conf",
-	        pattern => "AdminNetIpAddress",
-	        replacement => "$admin_ipaddr",
-		require => Package[ovirt-server]
-        }
-
-	file_replacement{"ovirt_httpd_config_change_server_fqdn":
-	        file => "/etc/httpd/conf.d/ovirt-server.conf",
-	        pattern => "AdminNodeFQDN",
-	        replacement => "$ovirt_host",
-		require => Package[ovirt-server]
-        }
+	file {"/etc/httpd/conf.d/ovirt-server.conf":
+		content => $seperate_networks ? {
+                    y => template("ovirt/ovirt-httpd-seperate.conf.erb"),
+                    n => template("ovirt/ovirt-httpd-single.conf.erb")
+                },
+                mode    => 644,
+		notify  => Service[httpd],
+                require => [Package[ovirt-server], Package[httpd]]
+	}
 
         package {"ovirt-server":
 		ensure => installed,
diff --git a/installer/modules/ovirt/templates/ovirt-httpd-seperate.conf.erb b/installer/modules/ovirt/templates/ovirt-httpd-seperate.conf.erb
new file mode 100644
index 0000000..f91016e
--- /dev/null
+++ b/installer/modules/ovirt/templates/ovirt-httpd-seperate.conf.erb
@@ -0,0 +1,88 @@
+NameVirtualHost <%= guest_ipaddr %>:80
+<VirtualHost <%= guest_ipaddr %>:80>
+  <Location /ovirt>
+    RewriteEngine on
+    RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
+  </Location>
+</VirtualHost>
+
+NameVirtualHost <%= guest_ipaddr %>:443
+NameVirtualHost <%= admin_ipaddr %>:80
+
+<VirtualHost <%= guest_ipaddr %>:443>
+
+  NSSEngine on
+  NSSCipherSuite +rsa_rc4_128_md5,+rsa_rc4_128_sha,+rsa_3des_sha,-rsa_des_sha,-rsa_rc4_40_md5,-rsa_rc2_40_md5,-rsa_null_md5,-rsa_null_sha,+fips_3des_sha,-fips_des_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-rsa_des_56_sha,-rsa_rc4_56_sha,+rsa_aes_128_sha,+rsa_aes_256_sha
+  NSSProtocol SSLv3,TLSv1
+  NSSNickname Server-Cert
+  NSSCertificateDatabase /etc/httpd/alias
+
+  ErrorLog /etc/httpd/logs/error_log
+  TransferLog /etc/httpd/logs/access_log
+  LogLevel warn
+
+  RewriteEngine On
+  RewriteMap vmnodes prg:/usr/bin/ovirt-vm2node
+  RewriteRule ^/terminal/(.+)/anyterm-module$ http://${vmnodes:$1}:81/anyterm-module [P]
+  RewriteRule ^/terminal/(.+)/(.*\.(html|js|css|gif))*$ http://127.0.0.1/terminal/$2 [P,NE]
+
+  ProxyPass /ovirt http://<%= ovirt_host %>/ovirt retry=3
+  ProxyPassReverse /ovirt http://<%= ovirt_host %>/ovirt
+</VirtualHost>
+
+<VirtualHost <%= admin_ipaddr %>:80>
+
+  ServerAlias <%= ovirt_host %>
+  ServerName <%= ovirt_host %>:80
+
+  ErrorLog /etc/httpd/logs/error_log
+  TransferLog /etc/httpd/logs/access_log
+  LogLevel warn
+
+  ProxyRequests Off
+
+<ProxyMatch ^.*/ovirt/login.*$>
+  AuthType Kerberos
+  AuthName "Kerberos Login"
+  KrbMethodNegotiate on
+  KrbMethodK5Passwd on
+  KrbServiceName HTTP
+  Krb5KeyTab /etc/httpd/conf/ipa.keytab
+  KrbSaveCredentials on
+  Require valid-user
+  ErrorDocument 401 /ovirt/errors/401.html
+  ErrorDocument 404 /ovirt/errors/404.html
+  ErrorDocument 500 /ovirt/errors/500.html
+  RewriteEngine on
+  Order deny,allow
+  Allow from all
+
+  # We create a subrequest to find REMOTE_USER. Don't do this for every
+  # subrequest too (slow and huge logs result)
+  RewriteCond %{IS_SUBREQ}% false
+  RewriteRule .* - [E=RU:%{LA-U:REMOTE_USER}]
+  RequestHeader set X-Forwarded-User %{RU}e
+  RequestHeader set X-Forwarded-Keytab %{KRB5CCNAME}e
+
+  # RequestHeader unset Authorization
+</ProxyMatch>
+
+Alias /ovirt/stylesheets "/usr/share/ovirt-server/public/stylesheets"
+Alias /ovirt/images "/usr/share/ovirt-server/public/images"
+Alias /ovirt/errors "/usr/share/ovirt-server/public/"
+
+ProxyPass /ovirt/images !
+ProxyPass /ovirt/stylesheets !
+ProxyPass /ovirt/errors !
+ProxyPass /ovirt http://localhost:3000/ovirt
+ProxyPassReverse /ovirt http://localhost:3000/ovirt
+ProxyPassReverse /ovirt/images !
+ProxyPassReverse /ovirt/stylesheets !
+ProxyPassReverse /ovirt/errors !
+
+</VirtualHost>
+
+Alias /terminal /usr/share/ovirt-anyterm
+<Location /terminal>
+  DirectoryIndex anyterm.html
+</Location>
diff --git a/installer/modules/ovirt/templates/ovirt-httpd-single.conf.erb b/installer/modules/ovirt/templates/ovirt-httpd-single.conf.erb
new file mode 100644
index 0000000..47cc606
--- /dev/null
+++ b/installer/modules/ovirt/templates/ovirt-httpd-single.conf.erb
@@ -0,0 +1,77 @@
+NameVirtualHost <%= guest_ipaddr %>:80
+<VirtualHost <%= guest_ipaddr %>:80>
+  <Location /ovirt>
+    RewriteEngine on
+    RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
+  </Location>
+</VirtualHost>
+
+NameVirtualHost <%= guest_ipaddr %>:443
+
+<VirtualHost <%= guest_ipaddr %>:443>
+
+  ProxyRequests Off
+
+  ServerAlias <%= ovirt_host %>
+  ServerName <%= ovirt_host %>:443
+
+  NSSEngine on
+  NSSCipherSuite +rsa_rc4_128_md5,+rsa_rc4_128_sha,+rsa_3des_sha,-rsa_des_sha,-rsa_rc4_40_md5,-rsa_rc2_40_md5,-rsa_null_md5,-rsa_null_sha,+fips_3des_sha,-fips_des_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-rsa_des_56_sha,-rsa_rc4_56_sha,+rsa_aes_128_sha,+rsa_aes_256_sha
+  NSSProtocol SSLv3,TLSv1
+  NSSNickname Server-Cert
+  NSSCertificateDatabase /etc/httpd/alias
+
+  ErrorLog /etc/httpd/logs/error_log
+  TransferLog /etc/httpd/logs/access_log
+  LogLevel debug
+
+  RewriteEngine On
+  RewriteMap vmnodes prg:/usr/bin/ovirt-vm2node
+  RewriteRule ^/terminal/(.+)/anyterm-module$ http://${vmnodes:$1}:81/anyterm-module [P]
+  RewriteRule ^/terminal/(.+)/(.*\.(html|js|css|gif))*$ http://127.0.0.1/terminal/$2 [P,NE]
+
+  <ProxyMatch ^.*/ovirt/login.*$>
+    AuthType Kerberos
+    AuthName "Kerberos Login"
+    KrbMethodNegotiate on
+    KrbMethodK5Passwd on
+    KrbServiceName HTTP
+    Krb5KeyTab /etc/httpd/conf/ipa.keytab
+    KrbSaveCredentials on
+    Require valid-user
+    ErrorDocument 401 /ovirt/errors/401.html
+    ErrorDocument 404 /ovirt/errors/404.html
+    ErrorDocument 500 /ovirt/errors/500.html
+    RewriteEngine on
+    Order deny,allow
+    Allow from all
+  
+    # We create a subrequest to find REMOTE_USER. Don't do this for every
+    # subrequest too (slow and huge logs result)
+    RewriteCond %{IS_SUBREQ}% false
+    RewriteRule .* - [E=RU:%{LA-U:REMOTE_USER}]
+    RequestHeader set X-Forwarded-User %{RU}e
+    RequestHeader set X-Forwarded-Keytab %{KRB5CCNAME}e
+  
+    # RequestHeader unset Authorization
+  </ProxyMatch>
+
+  Alias /ovirt/stylesheets "/usr/share/ovirt-server/public/stylesheets"
+  Alias /ovirt/images "/usr/share/ovirt-server/public/images"
+  Alias /ovirt/errors "/usr/share/ovirt-server/public/"
+  
+  ProxyPass /ovirt/images !
+  ProxyPass /ovirt/stylesheets !
+  ProxyPass /ovirt/errors !
+  ProxyPass /ovirt http://localhost:3000/ovirt
+  ProxyPassReverse /ovirt http://localhost:3000/ovirt
+  ProxyPassReverse /ovirt/images !
+  ProxyPassReverse /ovirt/stylesheets !
+  ProxyPassReverse /ovirt/errors !
+
+</VirtualHost>
+
+Alias /terminal /usr/share/ovirt-anyterm
+<Location /terminal>
+  DirectoryIndex anyterm.html
+</Location>
diff --git a/ovirt-server.spec.in b/ovirt-server.spec.in
index 0715690..ad5ace1 100644
--- a/ovirt-server.spec.in
+++ b/ovirt-server.spec.in
@@ -86,7 +86,6 @@ mkdir %{buildroot}
 %{__install} -d -m0755 %{buildroot}%{_sbindir}
 %{__install} -d -m0755 %{buildroot}%{_initrddir}
 %{__install} -d -m0755 %{buildroot}%{_sysconfdir}/sysconfig
-%{__install} -d -m0755 %{buildroot}%{_sysconfdir}/httpd/conf.d
 %{__install} -d -m0755 %{buildroot}%{_sysconfdir}/%{name}
 %{__install} -d -m0755 %{buildroot}%{_sysconfdir}/%{name}/db
 %{__install} -d -m0755 %{buildroot}%{_sysconfdir}/logrotate.d
@@ -105,7 +104,6 @@ touch %{buildroot}%{_localstatedir}/log/%{name}/mongrel.log
 touch %{buildroot}%{_localstatedir}/log/%{name}/rails.log
 touch %{buildroot}%{_localstatedir}/log/%{name}/taskomatic.log
 touch %{buildroot}%{_localstatedir}/log/%{name}/db-omatic.log
-%{__install} -p -m0644 %{pbuild}/conf/%{name}.conf %{buildroot}%{_sysconfdir}/httpd/conf.d
 %{__install} -p -m0644 %{pbuild}/conf/%{name}.crontab %{buildroot}%{_sysconfdir}/cron.d/%{name}
 %{__install} -p -m0644 %{pbuild}/conf/%{name}.logrotate %{buildroot}%{_sysconfdir}/logrotate.d/%{name}
 
@@ -240,7 +238,6 @@ fi
 %config(noreplace) %{_sysconfdir}/sysconfig/ovirt-mongrel-rails
 %config(noreplace) %{_sysconfdir}/sysconfig/ovirt-rails
 %config(noreplace) %{_sysconfdir}/sysconfig/ovirt-vnc-proxy
-%config(noreplace) %{_sysconfdir}/httpd/conf.d/%{name}.conf
 %doc README AUTHORS COPYING
 %attr(-, ovirt, ovirt) %{_localstatedir}/lib/%{name}
 %attr(-, ovirt, ovirt) %{_localstatedir}/run/%{name}
-- 
1.6.0.6




More information about the ovirt-devel mailing list