As part of Katello's integration with foreman we find ourselves in need
of customizing the default virtual host for port 80 and 443 in apache in
order to:
support RHSM communication with candlepin (add the +ExportCertData SSL
Option)
Allow access to /pub (where we currently place the client bootstrap
rpm) (disabling passenger)
Allow access to /pulp/repos (and other pulp urls) via http (disabling
passenger, and assigning an alias)
I'm planning on opening a PR against puppet-foreman to allow plugins to
add configuration and wanted to get opinions on what would be most desired.
A directory in /etc/foreman like::
/etc/foreman/vhosts80/
/etc/foreman/vhosts443/
where plugins can drop in config files. We would then add:
Include /etc/foreman/vhosts80/.conf
and
Include /etc/foreman/vhosts443/.conf
within their respective virtual hosts sections.
Alternatively we could place the files in /etc/httd/conf.d/ like:
You could add a parameter that adds the template fragments. We already
do that for our assets.
···
On Fri, Jan 31, 2014 at 05:19:16PM -0500, Justin Sherrill wrote:
> As part of Katello's integration with foreman we find ourselves in
> need of customizing the default virtual host for port 80 and 443 in
> apache in order to:
>
> * support RHSM communication with candlepin (add the +ExportCertData
> SSL Option)
> * Allow access to /pub (where we currently place the client
> bootstrap rpm) (disabling passenger)
> * Allow access to /pulp/repos (and other pulp urls) via http
> (disabling passenger, and assigning an alias)
>
> I'm planning on opening a PR against puppet-foreman to allow plugins
> to add configuration and wanted to get opinions on what would be
> most desired.
>
> A directory in /etc/foreman like::
>
> /etc/foreman/vhosts80/
> /etc/foreman/vhosts443/
>
> where plugins can drop in config files. We would then add:
>
> Include /etc/foreman/vhosts80/*.conf
> and
> Include /etc/foreman/vhosts443/*.conf
>
> within their respective virtual hosts sections.
>
> Alternatively we could place the files in /etc/httd/conf.d/ like:
>
> /etc/httpd/conf.d/foreman80/
> /etc/httpd/conf.d/foreman443/
···
On 02/01/2014 07:09 AM, Ewoud Kohl van Wijngaarden wrote:
> On Fri, Jan 31, 2014 at 05:19:16PM -0500, Justin Sherrill wrote:
>> As part of Katello's integration with foreman we find ourselves in
>> need of customizing the default virtual host for port 80 and 443 in
>> apache in order to:
>>
>> * support RHSM communication with candlepin (add the +ExportCertData
>> SSL Option)
>> * Allow access to /pub (where we currently place the client
>> bootstrap rpm) (disabling passenger)
>> * Allow access to /pulp/repos (and other pulp urls) via http
>> (disabling passenger, and assigning an alias)
>>
>> I'm planning on opening a PR against puppet-foreman to allow plugins
>> to add configuration and wanted to get opinions on what would be
>> most desired.
>>
>> A directory in /etc/foreman like::
>>
>> /etc/foreman/vhosts80/
>> /etc/foreman/vhosts443/
>>
>> where plugins can drop in config files. We would then add:
>>
>> Include /etc/foreman/vhosts80/*.conf
>> and
>> Include /etc/foreman/vhosts443/*.conf
>>
>> within their respective virtual hosts sections.
>>
>> Alternatively we could place the files in /etc/httd/conf.d/ like:
>>
>> /etc/httpd/conf.d/foreman80/
>> /etc/httpd/conf.d/foreman443/
> You could add a parameter that adds the template fragments. We already
> do that for our assets.
>
Actually I was just over thinking what you were suggesting
That would work for katello's case since we're running the installer
(and the only plugin needing to do this), but if we had more than one
plugin that needed to drop in some virtual host entries, it wouldn't work.
-Justin
···
On 02/03/2014 08:00 AM, Justin Sherrill wrote:
> On 02/01/2014 07:09 AM, Ewoud Kohl van Wijngaarden wrote:
>> On Fri, Jan 31, 2014 at 05:19:16PM -0500, Justin Sherrill wrote:
>>> As part of Katello's integration with foreman we find ourselves in
>>> need of customizing the default virtual host for port 80 and 443 in
>>> apache in order to:
>>>
>>> * support RHSM communication with candlepin (add the +ExportCertData
>>> SSL Option)
>>> * Allow access to /pub (where we currently place the client
>>> bootstrap rpm) (disabling passenger)
>>> * Allow access to /pulp/repos (and other pulp urls) via http
>>> (disabling passenger, and assigning an alias)
>>>
>>> I'm planning on opening a PR against puppet-foreman to allow plugins
>>> to add configuration and wanted to get opinions on what would be
>>> most desired.
>>>
>>> A directory in /etc/foreman like::
>>>
>>> /etc/foreman/vhosts80/
>>> /etc/foreman/vhosts443/
>>>
>>> where plugins can drop in config files. We would then add:
>>>
>>> Include /etc/foreman/vhosts80/*.conf
>>> and
>>> Include /etc/foreman/vhosts443/*.conf
>>>
>>> within their respective virtual hosts sections.
>>>
>>> Alternatively we could place the files in /etc/httd/conf.d/ like:
>>>
>>> /etc/httpd/conf.d/foreman80/
>>> /etc/httpd/conf.d/foreman443/
>> You could add a parameter that adds the template fragments. We already
>> do that for our assets.
>>
> Could you point me to an example of that? I poked around in
> https://github.com/theforeman/puppet-foreman and didn't see anything
> obvious.
>
> Thanks!
>
> -Justin
>
I see what you mean. Maybe that's something we could add a parameter to
foreman::plugin which places some content in the correct directory. I
think I'd prefer it in the apache directory somewhere, but I'm not
exactly sure yet.
···
On Mon, Feb 03, 2014 at 09:26:41AM -0500, Justin Sherrill wrote:
> On 02/03/2014 08:00 AM, Justin Sherrill wrote:
> >On 02/01/2014 07:09 AM, Ewoud Kohl van Wijngaarden wrote:
> >>On Fri, Jan 31, 2014 at 05:19:16PM -0500, Justin Sherrill wrote:
> >>>As part of Katello's integration with foreman we find ourselves in
> >>>need of customizing the default virtual host for port 80 and 443 in
> >>>apache in order to:
> >>>
> >>>* support RHSM communication with candlepin (add the +ExportCertData
> >>>SSL Option)
> >>>* Allow access to /pub (where we currently place the client
> >>>bootstrap rpm) (disabling passenger)
> >>>* Allow access to /pulp/repos (and other pulp urls) via http
> >>>(disabling passenger, and assigning an alias)
> >>>
> >>>I'm planning on opening a PR against puppet-foreman to allow plugins
> >>>to add configuration and wanted to get opinions on what would be
> >>>most desired.
> >>>
> >>>A directory in /etc/foreman like::
> >>>
> >>>/etc/foreman/vhosts80/
> >>>/etc/foreman/vhosts443/
> >>>
> >>>where plugins can drop in config files. We would then add:
> >>>
> >>>Include /etc/foreman/vhosts80/*.conf
> >>>and
> >>>Include /etc/foreman/vhosts443/*.conf
> >>>
> >>>within their respective virtual hosts sections.
> >>>
> >>>Alternatively we could place the files in /etc/httd/conf.d/ like:
> >>>
> >>>/etc/httpd/conf.d/foreman80/
> >>>/etc/httpd/conf.d/foreman443/
> >>You could add a parameter that adds the template fragments. We already
> >>do that for our assets.
> >>
> >Could you point me to an example of that? I poked around in
> >https://github.com/theforeman/puppet-foreman and didn't see
> >anything obvious.
> >
> >Thanks!
> >
> >-Justin
> >
> Actually I was just over thinking what you were suggesting :)
>
> That would work for katello's case since we're running the installer
> (and the only plugin needing to do this), but if we had more than
> one plugin that needed to drop in some virtual host entries, it
> wouldn't work.
I'd suggest adding a .d directory named after our vhost, e.g.
/etc/httpd/conf.d/05-foreman.d/
···
On 04/02/14 12:31, Ewoud Kohl van Wijngaarden wrote:
> On Mon, Feb 03, 2014 at 09:26:41AM -0500, Justin Sherrill wrote:
>> On 02/03/2014 08:00 AM, Justin Sherrill wrote:
>>> On 02/01/2014 07:09 AM, Ewoud Kohl van Wijngaarden wrote:
>>>> On Fri, Jan 31, 2014 at 05:19:16PM -0500, Justin Sherrill wrote:
>>>>> As part of Katello's integration with foreman we find ourselves in
>>>>> need of customizing the default virtual host for port 80 and 443 in
>>>>> apache in order to:
>>>>>
>>>>> * support RHSM communication with candlepin (add the +ExportCertData
>>>>> SSL Option)
>>>>> * Allow access to /pub (where we currently place the client
>>>>> bootstrap rpm) (disabling passenger)
>>>>> * Allow access to /pulp/repos (and other pulp urls) via http
>>>>> (disabling passenger, and assigning an alias)
>>>>>
>>>>> I'm planning on opening a PR against puppet-foreman to allow plugins
>>>>> to add configuration and wanted to get opinions on what would be
>>>>> most desired.
>>>>>
>>>>> A directory in /etc/foreman like::
>>>>>
>>>>> /etc/foreman/vhosts80/
>>>>> /etc/foreman/vhosts443/
>>>>>
>>>>> where plugins can drop in config files. We would then add:
>>>>>
>>>>> Include /etc/foreman/vhosts80/*.conf
>>>>> and
>>>>> Include /etc/foreman/vhosts443/*.conf
>>>>>
>>>>> within their respective virtual hosts sections.
>>>>>
>>>>> Alternatively we could place the files in /etc/httd/conf.d/ like:
>>>>>
>>>>> /etc/httpd/conf.d/foreman80/
>>>>> /etc/httpd/conf.d/foreman443/
>>>> You could add a parameter that adds the template fragments. We already
>>>> do that for our assets.
>>>>
>>> Could you point me to an example of that? I poked around in
>>> https://github.com/theforeman/puppet-foreman and didn't see
>>> anything obvious.
>>>
>>> Thanks!
>>>
>>> -Justin
>>>
>> Actually I was just over thinking what you were suggesting :)
>>
>> That would work for katello's case since we're running the installer
>> (and the only plugin needing to do this), but if we had more than
>> one plugin that needed to drop in some virtual host entries, it
>> wouldn't work.
>
> I see what you mean. Maybe that's something we could add a parameter to
> foreman::plugin which places some content in the correct directory. I
> think I'd prefer it in the apache directory somewhere, but I'm not
> exactly sure yet.
That's might not play nicely with Debian's
sites-available/sites-enabled structure, I suspect. We'd have to test
it carefully, especially with the lexical ordering the pl-apache
module uses.
···
On 6 February 2014 09:15, Dominic Cleal wrote:
> I'd suggest adding a .d directory named after our vhost, e.g.
>
> /etc/httpd/conf.d/05-foreman.d/
