|
| 1 | +# Glance HTTPD Configuration Overrides |
| 2 | + |
| 3 | +The glance-operator provides mechanisms to customize the Apache HTTPD server |
| 4 | +configuration through the use of custom configuration files. This feature |
| 5 | +leverages the |
| 6 | +[ExtraMounts](https://github.com/openstack-k8s-operators/dev-docs/blob/main/extra_mounts.md) |
| 7 | +functionality to mount custom HTTPD configuration files into the Glance |
| 8 | +deployment. |
| 9 | + |
| 10 | +## How It Works |
| 11 | + |
| 12 | +1. **Custom Configuration Files**: Create HTTPD configuration files with your |
| 13 | + custom settings |
| 14 | +2. **ConfigMap**: Create ConfigMaps from files containing the overrides |
| 15 | +3. **OpenStackControlPlane Patch**: Patch the control plane to mount the |
| 16 | + generated ConfigMap into Glance containers. The HTTPD configuration |
| 17 | + automatically includes files mounted to `/etc/httpd/conf_custom/*.conf` |
| 18 | + |
| 19 | + |
| 20 | +### Step 1: Create Custom HTTPD Configuration |
| 21 | + |
| 22 | +Create your custom HTTPD configuration file(s). The filename must start with |
| 23 | +`httpd_custom` to be automatically included by the base HTTPD configuration. |
| 24 | + |
| 25 | +Example (`httpd_custom_timeout.conf`): |
| 26 | +```apache |
| 27 | +# Custom timeout settings for Glance |
| 28 | +Timeout 300 |
| 29 | +KeepAliveTimeout 15 |
| 30 | +``` |
| 31 | + |
| 32 | +### Step 2. Create a ConfigMap |
| 33 | + |
| 34 | +Create a Kubernetes ConfigMap containing your custom configuration files: |
| 35 | + |
| 36 | +```bash |
| 37 | +oc create configmap httpd-overrides --from-file=httpd_custom_timeout.conf |
| 38 | +``` |
| 39 | + |
| 40 | +It is possible to add multiple configuration files containing dedicated |
| 41 | +configuration directives: |
| 42 | + |
| 43 | +```bash |
| 44 | +oc create configmap httpd-overrides \ |
| 45 | + --from-file=httpd_custom_timeout.conf \ |
| 46 | + --from-file=httpd_custom_security.conf \ |
| 47 | + --from-file=httpd_custom_logging.conf |
| 48 | +``` |
| 49 | + |
| 50 | +The following example is based on a single customization file and demonstrates |
| 51 | +how to set a custom `Timeout` parameter. |
| 52 | + |
| 53 | +### Step 3: Configure ExtraMounts in the OpenStackControlPlane |
| 54 | + |
| 55 | +Update your `OpenStackControlPlane` resource to include the custom HTTPD |
| 56 | +configuration files using `extraMounts`. The simplest approach is to mount |
| 57 | +the entire ConfigMap to the target `/etc/httpd/conf_custom` mount point: |
| 58 | + |
| 59 | +```yaml |
| 60 | +apiVersion: core.openstack.org/v1beta1 |
| 61 | +kind: OpenStackControlPlane |
| 62 | +metadata: |
| 63 | + name: openstack |
| 64 | +spec: |
| 65 | + glance: |
| 66 | + enabled: true |
| 67 | + template: |
| 68 | + glanceAPIs: |
| 69 | + extraMounts: |
| 70 | + - extraVol: |
| 71 | + - extraVolType: httpd-overrides |
| 72 | + mounts: |
| 73 | + - mountPath: /etc/httpd/conf_custom |
| 74 | + name: httpd-overrides |
| 75 | + readOnly: true |
| 76 | + volumes: |
| 77 | + - configMap: |
| 78 | + name: httpd-overrides |
| 79 | + name: httpd-overrides |
| 80 | +``` |
| 81 | +
|
| 82 | +#### Selective File Mount (Advanced) |
| 83 | +
|
| 84 | +If you need to mount only specific files from the ConfigMap or customize their |
| 85 | +mount paths, you can use the selective mount approach: |
| 86 | +
|
| 87 | +```yaml |
| 88 | +apiVersion: core.openstack.org/v1beta1 |
| 89 | +kind: OpenStackControlPlane |
| 90 | +metadata: |
| 91 | + name: openstack |
| 92 | +spec: |
| 93 | + glance: |
| 94 | + enabled: true |
| 95 | + template: |
| 96 | + glanceAPIs: |
| 97 | + extraMounts: |
| 98 | + - extraVol: |
| 99 | + - extraVolType: httpd-overrides |
| 100 | + mounts: |
| 101 | + - mountPath: /etc/httpd/conf_custom/httpd_custom_timeout.conf |
| 102 | + name: httpd-overrides |
| 103 | + readOnly: true |
| 104 | + subPath: httpd_custom_timeout.conf |
| 105 | + - mountPath: /etc/httpd/conf_custom/httpd_custom_security.conf |
| 106 | + name: httpd-overrides |
| 107 | + readOnly: true |
| 108 | + subPath: httpd_custom_security.conf |
| 109 | + - mountPath: /etc/httpd/conf_custom/httpd_custom_logging.conf |
| 110 | + name: httpd-overrides |
| 111 | + readOnly: true |
| 112 | + subPath: httpd_custom_logging.conf |
| 113 | + volumes: |
| 114 | + - configMap: |
| 115 | + name: httpd-overrides |
| 116 | + name: httpd-overrides |
| 117 | +``` |
| 118 | +
|
| 119 | +All the specified files are mounted and loaded by httpd during the Pod |
| 120 | +bootstrap process. |
| 121 | +
|
| 122 | +## ExtraMounts Configuration Details |
| 123 | +
|
| 124 | +The `extraMounts` feature uses the following key components: |
| 125 | + |
| 126 | +- **extraVolType**: Set to `httpd-overrides` to indicate the type of volume |
| 127 | + being mounted |
| 128 | +- **mountPath**: The full path where the configuration file will be mounted |
| 129 | + inside the container (`/etc/httpd/conf_custom/`) |
| 130 | +- **subPath**: The specific file from the ConfigMap to mount |
| 131 | +- **readOnly**: Set to `true` to mount the configuration files as read-only |
| 132 | +- **volumes**: References the ConfigMap containing the configuration files |
| 133 | + |
| 134 | +The HTTPD overrides feature: |
| 135 | + |
| 136 | +1. **Leverages ExtraMounts**: Both use the `extraMounts` mechanism to inject |
| 137 | + files into pods |
| 138 | +2. **Requires Specific Mount Paths**: |
| 139 | + - HTTPD overrides mount to `/etc/httpd/conf_custom/` as specified in the |
| 140 | + httpd.conf `IncludeOptional` directive |
| 141 | + |
| 142 | +## Common Use Cases |
| 143 | + |
| 144 | +- **Timeout Adjustments**: Modify request timeout values for specific environments |
| 145 | +- **Security Headers**: Add custom security headers or configurations |
| 146 | +- **Logging**: Customize Apache logging configuration |
| 147 | +- **Performance Tuning**: Adjust worker processes, connection limits, etc. |
| 148 | + |
| 149 | +## Verification |
| 150 | + |
| 151 | +After deploying your custom HTTPD configuration, you can verify that the |
| 152 | +settings have been properly applied: |
| 153 | + |
| 154 | +### 1. Find the Glance Pod |
| 155 | + |
| 156 | +First, identify the running Glance pod: |
| 157 | + |
| 158 | +```bash |
| 159 | +$ oc get pods -l service=glance |
| 160 | +``` |
| 161 | + |
| 162 | +### 2. Verify Configuration Loading |
| 163 | + |
| 164 | +Connect to the Glance Pod and check that your custom configuration has been |
| 165 | +loaded: |
| 166 | + |
| 167 | +```bash |
| 168 | +# Replace <Glance-pod-name> with the actual pod name from step 1 |
| 169 | +oc rsh -c glance-httpd <glance-pod-name> |
| 170 | +# Inside the pod, dump the HTTPD configuration and check for your custom settings |
| 171 | +httpd -D DUMP_CONFIG | grep -i timeout |
| 172 | +``` |
| 173 | + |
| 174 | +For the `httpd_custom_timeout.conf` example, you should see output similar to: |
| 175 | + |
| 176 | +``` |
| 177 | +Timeout 120 |
| 178 | +``` |
| 179 | + |
| 180 | +### 3. Additional Verification Commands |
| 181 | + |
| 182 | +You can also verify other aspects of the configuration: |
| 183 | + |
| 184 | +```bash |
| 185 | +# Check all loaded configuration files |
| 186 | +$ httpd -D DUMP_INCLUDES |
| 187 | +Included configuration files: |
| 188 | + (*) /etc/httpd/conf/httpd.conf |
| 189 | + (14) /etc/httpd/conf.modules.d/00-base.conf |
| 190 | + (14) /etc/httpd/conf.modules.d/00-brotli.conf |
| 191 | + (14) /etc/httpd/conf.modules.d/00-dav.conf |
| 192 | + (14) /etc/httpd/conf.modules.d/00-mpm.conf |
| 193 | + (14) /etc/httpd/conf.modules.d/00-optional.conf |
| 194 | + (14) /etc/httpd/conf.modules.d/00-proxy.conf |
| 195 | + (14) /etc/httpd/conf.modules.d/00-ssl.conf |
| 196 | + (14) /etc/httpd/conf.modules.d/00-systemd.conf |
| 197 | + (14) /etc/httpd/conf.modules.d/01-cgi.conf |
| 198 | + (14) /etc/httpd/conf.modules.d/10-wsgi-python3.conf |
| 199 | + (25) /etc/httpd/conf.d/10-glance-wsgi.conf |
| 200 | + (40) /etc/httpd/conf_custom/httpd_custom_timeout.conf |
| 201 | +``` |
| 202 | + |
| 203 | +### 4. Verify ConfigMap Mount via ExtraMounts |
| 204 | + |
| 205 | +Outside the pod, you can also verify that the ConfigMap is properly mounted |
| 206 | +through extraMounts: |
| 207 | + |
| 208 | +```bash |
| 209 | +# Check that the ConfigMap exists |
| 210 | +oc get configmap httpd-overrides -o yaml |
| 211 | +# Verify the mount in the pod description |
| 212 | +oc describe pod <glance-pod-name> |
| 213 | +``` |
| 214 | + |
| 215 | +## Deploy the Sample |
| 216 | + |
| 217 | +The glance-operator repository includes a sample that can be used to deploy |
| 218 | +glance with httpd overrides (it set a particular Timeout to 120s). This sample |
| 219 | +is provided as a working reference example and is not necessarily meant to |
| 220 | +serve as a deployment recommendation for production environments. |
| 221 | + |
| 222 | +If you're using |
| 223 | +[`install_yamls`](https://github.com/openstack-k8s-operators/install_yamls) and |
| 224 | +already have CRC (Code Ready Containers) running, you can deploy the httpd |
| 225 | +overrides example with the following steps: |
| 226 | + |
| 227 | +```bash |
| 228 | +# Navigate to the install_yamls directory |
| 229 | +$ cd install_yamls |
| 230 | +# Set up the CRC storage and deploy OpenStack Catalog |
| 231 | +$ make crc_storage openstack |
| 232 | +# Deploy OpenStack operators |
| 233 | +$ make openstack_init |
| 234 | +# Generate the OpenStack deployment file |
| 235 | +$ oc kustomize . > ~/openstack-deployment.yaml |
| 236 | +# Set the path to the deployment file |
| 237 | +$ export OPENSTACK_CR=`realpath ~/openstack-deployment.yaml` |
| 238 | +``` |
| 239 | + |
| 240 | +This will create the necessary ConfigMap and a deployable OpenStackControlPlane |
| 241 | +yaml with the custom timeout configuration applied. |
0 commit comments