[Ovirt-devel] [PATCH server] oVirt server single network installer
Joey Boggs
jboggs at redhat.com
Wed Sep 23 21:17:05 UTC 2009
Mohammed Morsi wrote:
> Updates the installer to handle the scenario in which the guest and
> admin networks are the same by using an alternative httpd conf.
>
> Verified to work (eg oVirt managed vms are bootable) on the
> oVirt appliance so far.
> ---
> conf/ovirt-server.conf | 88 --------------------
> installer/bin/ovirt-installer | 11 +--
> installer/modules/ovirt/manifests/ovirt.pp | 29 ++-----
> .../ovirt/templates/ovirt-httpd-seperate.conf.erb | 88 ++++++++++++++++++++
> .../ovirt/templates/ovirt-httpd-single.conf.erb | 77 +++++++++++++++++
> ovirt-server.spec.in | 3 -
> 6 files changed, 178 insertions(+), 118 deletions(-)
> delete mode 100644 conf/ovirt-server.conf
> create mode 100644 installer/modules/ovirt/templates/ovirt-httpd-seperate.conf.erb
> create mode 100644 installer/modules/ovirt/templates/ovirt-httpd-single.conf.erb
>
> diff --git a/conf/ovirt-server.conf b/conf/ovirt-server.conf
> deleted file mode 100644
> index e4ebd5b..0000000
> --- a/conf/ovirt-server.conf
> +++ /dev/null
> @@ -1,88 +0,0 @@
> -NameVirtualHost GuestNetIpAddress:80
> -<VirtualHost GuestNetIpAddress:80>
> - <Location /ovirt>
> - RewriteEngine on
> - RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
> - </Location>
> -</VirtualHost>
> -
> -NameVirtualHost GuestNetIpAddress:443
> -NameVirtualHost AdminNetIpAddress:80
> -
> -<VirtualHost GuestNetIpAddress:443>
> -
> - NSSEngine on
> - NSSCipherSuite +rsa_rc4_128_md5,+rsa_rc4_128_sha,+rsa_3des_sha,-rsa_des_sha,-rsa_rc4_40_md5,-rsa_rc2_40_md5,-rsa_null_md5,-rsa_null_sha,+fips_3des_sha,-fips_des_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-rsa_des_56_sha,-rsa_rc4_56_sha,+rsa_aes_128_sha,+rsa_aes_256_sha
> - NSSProtocol SSLv3,TLSv1
> - NSSNickname Server-Cert
> - NSSCertificateDatabase /etc/httpd/alias
> -
> - ErrorLog /etc/httpd/logs/error_log
> - TransferLog /etc/httpd/logs/access_log
> - LogLevel warn
> -
> - RewriteEngine On
> - RewriteMap vmnodes prg:/usr/bin/ovirt-vm2node
> - RewriteRule ^/terminal/(.+)/anyterm-module$ http://${vmnodes:$1}:81/anyterm-module [P]
> - RewriteRule ^/terminal/(.+)/(.*\.(html|js|css|gif))*$ http://127.0.0.1/terminal/$2 [P,NE]
> -
> - ProxyPass /ovirt http://AdminNodeFQDN/ovirt retry=3
> - ProxyPassReverse /ovirt http://AdminNodeFQDN/ovirt
> -</VirtualHost>
> -
> -<VirtualHost AdminNetIpAddress:80>
> -
> - ServerAlias AdminNodeFQDN
> - ServerName AdminNodeFQDN:80
> -
> - ErrorLog /etc/httpd/logs/error_log
> - TransferLog /etc/httpd/logs/access_log
> - LogLevel warn
> -
> - ProxyRequests Off
> -
> -<ProxyMatch ^.*/ovirt/login.*$>
> - AuthType Kerberos
> - AuthName "Kerberos Login"
> - KrbMethodNegotiate on
> - KrbMethodK5Passwd on
> - KrbServiceName HTTP
> - Krb5KeyTab /etc/httpd/conf/ipa.keytab
> - KrbSaveCredentials on
> - Require valid-user
> - ErrorDocument 401 /ovirt/errors/401.html
> - ErrorDocument 404 /ovirt/errors/404.html
> - ErrorDocument 500 /ovirt/errors/500.html
> - RewriteEngine on
> - Order deny,allow
> - Allow from all
> -
> - # We create a subrequest to find REMOTE_USER. Don't do this for every
> - # subrequest too (slow and huge logs result)
> - RewriteCond %{IS_SUBREQ}% false
> - RewriteRule .* - [E=RU:%{LA-U:REMOTE_USER}]
> - RequestHeader set X-Forwarded-User %{RU}e
> - RequestHeader set X-Forwarded-Keytab %{KRB5CCNAME}e
> -
> - # RequestHeader unset Authorization
> -</ProxyMatch>
> -
> -Alias /ovirt/stylesheets "/usr/share/ovirt-server/public/stylesheets"
> -Alias /ovirt/images "/usr/share/ovirt-server/public/images"
> -Alias /ovirt/errors "/usr/share/ovirt-server/public/"
> -
> -ProxyPass /ovirt/images !
> -ProxyPass /ovirt/stylesheets !
> -ProxyPass /ovirt/errors !
> -ProxyPass /ovirt http://localhost:3000/ovirt
> -ProxyPassReverse /ovirt http://localhost:3000/ovirt
> -ProxyPassReverse /ovirt/images !
> -ProxyPassReverse /ovirt/stylesheets !
> -ProxyPassReverse /ovirt/errors !
> -
> -</VirtualHost>
> -
> -Alias /terminal /usr/share/ovirt-anyterm
> -<Location /terminal>
> - DirectoryIndex anyterm.html
> -</Location>
> diff --git a/installer/bin/ovirt-installer b/installer/bin/ovirt-installer
> index a38ea83..5d6350f 100755
> --- a/installer/bin/ovirt-installer
> +++ b/installer/bin/ovirt-installer
> @@ -172,13 +172,11 @@ else
> end
> end
>
> -guest_httpd_dev = prompt_for_interface("Enter the interface for the Guest network:", interfaces, :default => "eth0")
> +guest_dev = prompt_for_interface("Enter the interface for the Guest network:", interfaces, :default => "eth0")
> admin_dev = prompt_for_interface("Enter the interface for the Admin network (this may be the same as the Guest network interface):", interfaces, :default => "eth0")
>
> -#FIXME: correctly configure separate networks.
> -#For now, define admin and guest networks to be the same
> -guest_dev = admin_dev
> -#sep_networks = (guest_dev == admin_dev) ? "n" : "y"
> +# different scenarios for 1 & 2 networks
> +seperate_networks = (guest_dev == admin_dev) ? "n" : "y"
>
> ovirt_host = prompt_for_answer("Enter the hostname of the oVirt management server (example: management.example.com):", :regex => IP_OR_FQDN)
> ipa_host = ovirt_host
> @@ -193,7 +191,6 @@ File.open('/etc/resolv.conf').each_line{ |line|
> otherwise select \"n\" and a dns server will be configured during the install', RED) %>")
> dns_servers = prompt_yes_no("Use this systems's dns servers?")
>
> -guest_httpd_ipaddr = interfaces[guest_httpd_dev]
> guest_ipaddr = interfaces[guest_dev]
> admin_ipaddr = interfaces[admin_dev]
>
> @@ -276,9 +273,9 @@ firewall::setup{'setup':
> firewall_rule{"ssh": destination_port => "22"}
>
> #DNS Configuration
> -$guest_httpd_ipaddr = '<%= guest_httpd_ipaddr %>'
> $guest_ipaddr = '<%= guest_ipaddr %>'
> $admin_ipaddr = '<%= admin_ipaddr %>'
> +$seperate_networks = '<%= seperate_networks %>'
> $ovirt_host = '<%= ovirt_host %>'
> $ipa_host = '<%= ipa_host %>'
>
> diff --git a/installer/modules/ovirt/manifests/ovirt.pp b/installer/modules/ovirt/manifests/ovirt.pp
> index b018a00..18a14c9 100644
> --- a/installer/modules/ovirt/manifests/ovirt.pp
> +++ b/installer/modules/ovirt/manifests/ovirt.pp
> @@ -20,26 +20,15 @@
>
> class ovirt::setup {
>
> - file_replacement{"ovirt_httpd_config_change_guest_net":
> - file => "/etc/httpd/conf.d/ovirt-server.conf",
> - pattern => "GuestNetIpAddress",
> - replacement => "$guest_httpd_ipaddr",
> - require => Package[ovirt-server]
> - }
> -
> - file_replacement{"ovirt_httpd_config_change_admin_net":
> - file => "/etc/httpd/conf.d/ovirt-server.conf",
> - pattern => "AdminNetIpAddress",
> - replacement => "$admin_ipaddr",
> - require => Package[ovirt-server]
> - }
> -
> - file_replacement{"ovirt_httpd_config_change_server_fqdn":
> - file => "/etc/httpd/conf.d/ovirt-server.conf",
> - pattern => "AdminNodeFQDN",
> - replacement => "$ovirt_host",
> - require => Package[ovirt-server]
> - }
> + file {"/etc/httpd/conf.d/ovirt-server.conf":
> + content => $seperate_networks ? {
> + y => template("ovirt/ovirt-httpd-seperate.conf.erb"),
> + n => template("ovirt/ovirt-httpd-single.conf.erb")
> + },
> + mode => 644,
> + notify => Service[httpd],
> + require => [Package[ovirt-server], Package[httpd]]
> + }
>
> package {"ovirt-server":
> ensure => installed,
> diff --git a/installer/modules/ovirt/templates/ovirt-httpd-seperate.conf.erb b/installer/modules/ovirt/templates/ovirt-httpd-seperate.conf.erb
> new file mode 100644
> index 0000000..f91016e
> --- /dev/null
> +++ b/installer/modules/ovirt/templates/ovirt-httpd-seperate.conf.erb
> @@ -0,0 +1,88 @@
> +NameVirtualHost <%= guest_ipaddr %>:80
> +<VirtualHost <%= guest_ipaddr %>:80>
> + <Location /ovirt>
> + RewriteEngine on
> + RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
> + </Location>
> +</VirtualHost>
> +
> +NameVirtualHost <%= guest_ipaddr %>:443
> +NameVirtualHost <%= admin_ipaddr %>:80
> +
> +<VirtualHost <%= guest_ipaddr %>:443>
> +
> + NSSEngine on
> + NSSCipherSuite +rsa_rc4_128_md5,+rsa_rc4_128_sha,+rsa_3des_sha,-rsa_des_sha,-rsa_rc4_40_md5,-rsa_rc2_40_md5,-rsa_null_md5,-rsa_null_sha,+fips_3des_sha,-fips_des_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-rsa_des_56_sha,-rsa_rc4_56_sha,+rsa_aes_128_sha,+rsa_aes_256_sha
> + NSSProtocol SSLv3,TLSv1
> + NSSNickname Server-Cert
> + NSSCertificateDatabase /etc/httpd/alias
> +
> + ErrorLog /etc/httpd/logs/error_log
> + TransferLog /etc/httpd/logs/access_log
> + LogLevel warn
> +
> + RewriteEngine On
> + RewriteMap vmnodes prg:/usr/bin/ovirt-vm2node
> + RewriteRule ^/terminal/(.+)/anyterm-module$ http://${vmnodes:$1}:81/anyterm-module [P]
> + RewriteRule ^/terminal/(.+)/(.*\.(html|js|css|gif))*$ http://127.0.0.1/terminal/$2 [P,NE]
> +
> + ProxyPass /ovirt http://<%= ovirt_host %>/ovirt retry=3
> + ProxyPassReverse /ovirt http://<%= ovirt_host %>/ovirt
> +</VirtualHost>
> +
> +<VirtualHost <%= admin_ipaddr %>:80>
> +
> + ServerAlias <%= ovirt_host %>
> + ServerName <%= ovirt_host %>:80
> +
> + ErrorLog /etc/httpd/logs/error_log
> + TransferLog /etc/httpd/logs/access_log
> + LogLevel warn
> +
> + ProxyRequests Off
> +
> +<ProxyMatch ^.*/ovirt/login.*$>
> + AuthType Kerberos
> + AuthName "Kerberos Login"
> + KrbMethodNegotiate on
> + KrbMethodK5Passwd on
> + KrbServiceName HTTP
> + Krb5KeyTab /etc/httpd/conf/ipa.keytab
> + KrbSaveCredentials on
> + Require valid-user
> + ErrorDocument 401 /ovirt/errors/401.html
> + ErrorDocument 404 /ovirt/errors/404.html
> + ErrorDocument 500 /ovirt/errors/500.html
> + RewriteEngine on
> + Order deny,allow
> + Allow from all
> +
> + # We create a subrequest to find REMOTE_USER. Don't do this for every
> + # subrequest too (slow and huge logs result)
> + RewriteCond %{IS_SUBREQ}% false
> + RewriteRule .* - [E=RU:%{LA-U:REMOTE_USER}]
> + RequestHeader set X-Forwarded-User %{RU}e
> + RequestHeader set X-Forwarded-Keytab %{KRB5CCNAME}e
> +
> + # RequestHeader unset Authorization
> +</ProxyMatch>
> +
> +Alias /ovirt/stylesheets "/usr/share/ovirt-server/public/stylesheets"
> +Alias /ovirt/images "/usr/share/ovirt-server/public/images"
> +Alias /ovirt/errors "/usr/share/ovirt-server/public/"
> +
> +ProxyPass /ovirt/images !
> +ProxyPass /ovirt/stylesheets !
> +ProxyPass /ovirt/errors !
> +ProxyPass /ovirt http://localhost:3000/ovirt
> +ProxyPassReverse /ovirt http://localhost:3000/ovirt
> +ProxyPassReverse /ovirt/images !
> +ProxyPassReverse /ovirt/stylesheets !
> +ProxyPassReverse /ovirt/errors !
> +
> +</VirtualHost>
> +
> +Alias /terminal /usr/share/ovirt-anyterm
> +<Location /terminal>
> + DirectoryIndex anyterm.html
> +</Location>
> diff --git a/installer/modules/ovirt/templates/ovirt-httpd-single.conf.erb b/installer/modules/ovirt/templates/ovirt-httpd-single.conf.erb
> new file mode 100644
> index 0000000..47cc606
> --- /dev/null
> +++ b/installer/modules/ovirt/templates/ovirt-httpd-single.conf.erb
> @@ -0,0 +1,77 @@
> +NameVirtualHost <%= guest_ipaddr %>:80
> +<VirtualHost <%= guest_ipaddr %>:80>
> + <Location /ovirt>
> + RewriteEngine on
> + RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
> + </Location>
> +</VirtualHost>
> +
> +NameVirtualHost <%= guest_ipaddr %>:443
> +
> +<VirtualHost <%= guest_ipaddr %>:443>
> +
> + ProxyRequests Off
> +
> + ServerAlias <%= ovirt_host %>
> + ServerName <%= ovirt_host %>:443
> +
> + NSSEngine on
> + NSSCipherSuite +rsa_rc4_128_md5,+rsa_rc4_128_sha,+rsa_3des_sha,-rsa_des_sha,-rsa_rc4_40_md5,-rsa_rc2_40_md5,-rsa_null_md5,-rsa_null_sha,+fips_3des_sha,-fips_des_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-rsa_des_56_sha,-rsa_rc4_56_sha,+rsa_aes_128_sha,+rsa_aes_256_sha
> + NSSProtocol SSLv3,TLSv1
> + NSSNickname Server-Cert
> + NSSCertificateDatabase /etc/httpd/alias
> +
> + ErrorLog /etc/httpd/logs/error_log
> + TransferLog /etc/httpd/logs/access_log
> + LogLevel debug
> +
> + RewriteEngine On
> + RewriteMap vmnodes prg:/usr/bin/ovirt-vm2node
> + RewriteRule ^/terminal/(.+)/anyterm-module$ http://${vmnodes:$1}:81/anyterm-module [P]
> + RewriteRule ^/terminal/(.+)/(.*\.(html|js|css|gif))*$ http://127.0.0.1/terminal/$2 [P,NE]
> +
> + <ProxyMatch ^.*/ovirt/login.*$>
> + AuthType Kerberos
> + AuthName "Kerberos Login"
> + KrbMethodNegotiate on
> + KrbMethodK5Passwd on
> + KrbServiceName HTTP
> + Krb5KeyTab /etc/httpd/conf/ipa.keytab
> + KrbSaveCredentials on
> + Require valid-user
> + ErrorDocument 401 /ovirt/errors/401.html
> + ErrorDocument 404 /ovirt/errors/404.html
> + ErrorDocument 500 /ovirt/errors/500.html
> + RewriteEngine on
> + Order deny,allow
> + Allow from all
> +
> + # We create a subrequest to find REMOTE_USER. Don't do this for every
> + # subrequest too (slow and huge logs result)
> + RewriteCond %{IS_SUBREQ}% false
> + RewriteRule .* - [E=RU:%{LA-U:REMOTE_USER}]
> + RequestHeader set X-Forwarded-User %{RU}e
> + RequestHeader set X-Forwarded-Keytab %{KRB5CCNAME}e
> +
> + # RequestHeader unset Authorization
> + </ProxyMatch>
> +
> + Alias /ovirt/stylesheets "/usr/share/ovirt-server/public/stylesheets"
> + Alias /ovirt/images "/usr/share/ovirt-server/public/images"
> + Alias /ovirt/errors "/usr/share/ovirt-server/public/"
> +
> + ProxyPass /ovirt/images !
> + ProxyPass /ovirt/stylesheets !
> + ProxyPass /ovirt/errors !
> + ProxyPass /ovirt http://localhost:3000/ovirt
> + ProxyPassReverse /ovirt http://localhost:3000/ovirt
> + ProxyPassReverse /ovirt/images !
> + ProxyPassReverse /ovirt/stylesheets !
> + ProxyPassReverse /ovirt/errors !
> +
> +</VirtualHost>
> +
> +Alias /terminal /usr/share/ovirt-anyterm
> +<Location /terminal>
> + DirectoryIndex anyterm.html
> +</Location>
> diff --git a/ovirt-server.spec.in b/ovirt-server.spec.in
> index 0715690..ad5ace1 100644
> --- a/ovirt-server.spec.in
> +++ b/ovirt-server.spec.in
> @@ -86,7 +86,6 @@ mkdir %{buildroot}
> %{__install} -d -m0755 %{buildroot}%{_sbindir}
> %{__install} -d -m0755 %{buildroot}%{_initrddir}
> %{__install} -d -m0755 %{buildroot}%{_sysconfdir}/sysconfig
> -%{__install} -d -m0755 %{buildroot}%{_sysconfdir}/httpd/conf.d
> %{__install} -d -m0755 %{buildroot}%{_sysconfdir}/%{name}
> %{__install} -d -m0755 %{buildroot}%{_sysconfdir}/%{name}/db
> %{__install} -d -m0755 %{buildroot}%{_sysconfdir}/logrotate.d
> @@ -105,7 +104,6 @@ touch %{buildroot}%{_localstatedir}/log/%{name}/mongrel.log
> touch %{buildroot}%{_localstatedir}/log/%{name}/rails.log
> touch %{buildroot}%{_localstatedir}/log/%{name}/taskomatic.log
> touch %{buildroot}%{_localstatedir}/log/%{name}/db-omatic.log
> -%{__install} -p -m0644 %{pbuild}/conf/%{name}.conf %{buildroot}%{_sysconfdir}/httpd/conf.d
> %{__install} -p -m0644 %{pbuild}/conf/%{name}.crontab %{buildroot}%{_sysconfdir}/cron.d/%{name}
> %{__install} -p -m0644 %{pbuild}/conf/%{name}.logrotate %{buildroot}%{_sysconfdir}/logrotate.d/%{name}
>
> @@ -240,7 +238,6 @@ fi
> %config(noreplace) %{_sysconfdir}/sysconfig/ovirt-mongrel-rails
> %config(noreplace) %{_sysconfdir}/sysconfig/ovirt-rails
> %config(noreplace) %{_sysconfdir}/sysconfig/ovirt-vnc-proxy
> -%config(noreplace) %{_sysconfdir}/httpd/conf.d/%{name}.conf
> %doc README AUTHORS COPYING
> %attr(-, ovirt, ovirt) %{_localstatedir}/lib/%{name}
> %attr(-, ovirt, ovirt) %{_localstatedir}/run/%{name}
>
I'm running into the eternal redirect problem in single network mode,
might just be my config, anyone else have a chance to try this out?
More information about the ovirt-devel
mailing list