A nginx based reverse proxy configuration is installed on each bare metal node. It helps when the OpenStack cluster is made of nodes located on various hosting providers ( such as eNovance, Hetzner, etc. ). Each machine to which the IP for a given web site is routed is able to find the actual virtual machine supporting it. The configuration is pulled from the git repository by the puppet agent running on each node.
nginx configuration repository
The reverse proxy configuration project is created and associated with a git repository. It can be checked out read-only with
git clone http://redmine.the.re/git/proxy.git
from each bare metal machine within the OpenStack cluster hosting the redmine.the.re virtual machine. Editing the configuration files is done on the virtual machine itself, in a read/write clone of the repository located in the /root directory:
git clone /srv/repos/git/proxy.git
The author of the commit should use the same email address as the user registered in redmine.the.re so that the commit is associated to the redmine user.
git commit --author='Loic Dachary <loic@dachary.org>' -a -m 'proxy pass configuration for horizon'
proxy pass for horizon
When following the Debian GNU/Linux puppet HOWTO horizon is installed on a bare metal node and uses the default http port. It is moved to port 8080
diff --git a/apache2/ports.conf b/apache2/ports.conf
index 0693a44..9a73ab1 100644
--- a/apache2/ports.conf
+++ b/apache2/ports.conf
@@ -5,8 +5,8 @@
# Debian etch). See /usr/share/doc/apache2.2-common/NEWS.Debian.gz and
# README.Debian.gz
-NameVirtualHost *:80
-Listen 80
+NameVirtualHost *:8080
+Listen 8080
<IfModule mod_ssl.c>
# If you add NameVirtualHost *:443 here, you will also have to change
diff --git a/apache2/sites-available/openstack-dashboard b/apache2/sites-available/openstack-dashboard
index 38aa206..a194386 100644
--- a/apache2/sites-available/openstack-dashboard
+++ b/apache2/sites-available/openstack-dashboard
@@ -1,4 +1,4 @@
-<VirtualHost *:80>
+<VirtualHost *:8080>
WSGIScriptAlias / /usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi
WSGIDaemonProcess openstack-dashboard user=horizon group=horizon
WSGIProcessGroup openstack-dashboard
and configured in nginx:
server {
server_name os.the.re;
location / {
proxy_pass http://127.0.0.1:8080;
}
}
multiple entry points
An OpenStack cluster is usually within a single Autonomous System. When a packet is targeted to a Hetzner IP address, it will be routed thru their AS and the entry point of the cluster will be different than if it was routed to an eNovance IP address.
By duplicating the nginx configuration and installation on each bare metal machine of the OpenStack cluster, each incoming packet will be routed to the appropriate virtual machine no matter where it comes from.
The nginx configuration is installed on each bare metal machine with the following puppet snippet.
package { 'nginx':
ensure => present,
}
file { '/etc/nginx/sites-enabled':
ensure => 'directory',
owner => root,
group => root,
mode => '0755',
before => Exec['nginx_clone'],
}
service { 'nginx':
ensure => running,
enable => true
}
exec { "nginx_clone":
command => "bash -c 'rm -f /etc/nginx/sites-enabled/default ; git clone git://redmine.the/git/public/proxy.git /etc/nginx/sites-enabled'",
unless => "test -d /etc/nginx/sites-enabled/.git",
notify => Service['nginx'],
require => Package['nginx'],
}
exec { "nginx_pull":
command => "bash -c 'cd /etc/nginx/sites-enabled ; git pull'",
notify => Service['nginx'],
require => Exec['nginx_clone'],
}