httpd vhost:80 configuration

Author: stejskalleos

src/playbooks/deploy/deploy.yaml

@@ -11,22 +11,22 @@
     - "../../vars/foreman.yml"
     - "../../vars/base.yaml"
   roles:
-    - role: pre_install
-    - role: checks
-    - role: certificates
-      when: "certificate_source == 'default'"
-    - role: certificate_checks
-      vars:
-        certificate_checks_certificate: "{{ server_certificate }}"
-        certificate_checks_key: "{{ server_key }}"
-        certificate_checks_ca: "{{ ca_certificate }}"
-    - role: postgresql
-      when:
-        - database_mode == 'internal'
-    - redis
-    - candlepin
+    # - role: pre_install
+    # - role: checks
+    # - role: certificates
+    #   when: "certificate_source == 'default'"
+    # - role: certificate_checks
+    #   vars:
+    #     certificate_checks_certificate: "{{ server_certificate }}"
+    #     certificate_checks_key: "{{ server_key }}"
+    #     certificate_checks_ca: "{{ ca_certificate }}"
+    # - role: postgresql
+    #   when:
+    #     - database_mode == 'internal'
+    # - redis
+    # - candlepin
     - httpd
-    - pulp
-    - foreman
-    - role: systemd_target
+    # - pulp
+    # - foreman
+    # - role: systemd_target
     - post_install

src/roles/httpd/tasks/main.yml

@@ -43,6 +43,14 @@
     - src: "{{ httpd_server_key }}"
       dest: "private/katello-apache.key"
 
+- name: Configure foreman vhost
+  ansible.builtin.template:
+    src: foreman-vhost.conf.j2
+    dest: /etc/httpd/conf.d/foreman.conf
+    mode: "0644"
+  notify:
+    - Restart httpd
+
 - name: Configure foreman-ssl vhost
   ansible.builtin.template:
     src: foreman-ssl-vhost.conf.j2

src/roles/httpd/templates/foreman-vhost.conf.j2

@@ -0,0 +1,57 @@
+<VirtualHost *:80>
+  ServerName {{ ansible_facts['fqdn'] }}
+
+  ## Load additional static includes
+  IncludeOptional "/etc/httpd/conf.d/05-foreman.d/*.conf"
+
+  ## Logging
+  ErrorLog "/var/log/httpd/foreman_error.log"
+  ServerSignature Off
+  CustomLog "/var/log/httpd/foreman_access.log" combined
+
+  ## Request header rules
+  ## as per http://httpd.apache.org/docs/2.4/mod/mod_headers.html#requestheader
+  RequestHeader set X-FORWARDED-PROTO "http"
+  RequestHeader set SSL-CLIENT-S-DN ""
+  RequestHeader set SSL-CLIENT-CERT ""
+  RequestHeader set SSL-CLIENT-VERIFY ""
+  RequestHeader unset REMOTE_USER
+  RequestHeader unset REMOTE-USER
+
+  ProxyPass /pulp_ansible/galaxy/ {{ httpd_pulp_api_backend }}/pulp_ansible/galaxy/
+  ProxyPassReverse /pulp_ansible/galaxy/ {{ httpd_pulp_api_backend }}/pulp_ansible/galaxy/
+
+  <Location "/pulpcore_registry/v2/">
+    RequestHeader unset REMOTE_USER
+    RequestHeader unset REMOTE-USER
+    ProxyPass {{ httpd_pulp_api_backend }}/v2/
+    ProxyPassReverse {{ httpd_pulp_api_backend }}/v2/
+  </Location>
+
+  ProxyPass /pulp/container/ {{ httpd_pulp_content_backend }}/pulp/container/
+  ProxyPassReverse /pulp/container/ {{ httpd_pulp_content_backend }}/pulp/container/
+
+  <Location "/pulp/content">
+    ProxyPass {{ httpd_pulp_content_backend }}/pulp/content disablereuse=on timeout=600
+    ProxyPassReverse {{ httpd_pulp_content_backend }}/pulp/content
+  </Location>
+
+  <Location "/pulp/api/v3">
+    RedirectPermanent /pulp/api/v3 https://{{ ansible_facts['fqdn'] }}/pulp/api/v3
+  </Location>
+
+  ProxyPass /pulp/assets/ {{ httpd_pulp_api_backend }}/pulp/assets/
+  ProxyPassReverse /pulp/assets/ {{ httpd_pulp_api_backend }}/pulp/assets/
+
+  ## Proxy rules
+  ProxyRequests Off
+  ProxyPreserveHost On
+  ProxyAddHeaders On
+  ProxyPass /pulp !
+  ProxyPass /icons !
+  ProxyPass /server-status !
+  ProxyPass / {{ httpd_foreman_backend }}/ retry=0 timeout=900
+  ProxyPassReverse / {{ httpd_foreman_backend }}/
+
+  AddDefaultCharset UTF-8
+</VirtualHost>

tests/httpd_test.py

@@ -41,3 +41,23 @@ def test_https_pulp_auth(server, certificates, server_fqdn):
     cmd = server.run(f"curl --cacert {certificates['ca_certificate']} --silent --write-out '%{{stderr}}%{{http_code}}' --cert {certificates['client_certificate']} --key {certificates['client_key']} https://{server_fqdn}/pulp/api/v3/users/")
     assert cmd.succeeded
     assert cmd.stderr == '200'
+
+def test_http_foreman_login(server, server_fqdn):
+    cmd = server.run(f"curl --silent --output /dev/null --write-out '%{{http_code}}' http://{server_fqdn}/users/login")
+    assert cmd.succeeded
+    assert cmd.stdout == '200'
+
+def test_http_pulp_status(server, server_fqdn):
+    cmd = server.run(f"curl --silent --output /dev/null --write-out '%{{http_code}}' http://{server_fqdn}/pulp/api/v3/status/")
+    assert cmd.succeeded
+    assert cmd.stdout == '301'
+
+def test_http_pulp_content(server, server_fqdn):
+    cmd = server.run(f"curl --silent --output /dev/null --write-out '%{{http_code}}' http://{server_fqdn}/pulp/content/")
+    assert cmd.succeeded
+    assert cmd.stdout == '200'
+
+def test_http_pulp_content_response(server, server_fqdn):
+    cmd = server.run(f"curl --silent http://{server_fqdn}/pulp/content/")
+    assert cmd.succeeded
+    assert "Index of /pulp/content/" in cmd.stdout