Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Fixes #30803: Bind to socket for Puma and Apache
  • Loading branch information
ehelms committed Nov 24, 2020
1 parent c6a6082 commit 2473950
Show file tree
Hide file tree
Showing 10 changed files with 38 additions and 23 deletions.
13 changes: 7 additions & 6 deletions manifests/config.pp
Expand Up @@ -53,12 +53,13 @@
ensure => absent,
}

$listen_socket = $foreman::foreman_service_bind ? {
Stdlib::IP::Address::V6 => "[${foreman::foreman_service_bind}]:${foreman::foreman_service_port}",
default => "${foreman::foreman_service_bind}:${foreman::foreman_service_port}",
}

if $foreman::use_foreman_service {
if $foreman::apache {
include apache
}

$listen_stream = regsubst($foreman::foreman_service_bind, 'unix://|tcp://', '')

systemd::dropin_file { 'foreman-socket':
filename => 'installer.conf',
unit => "${foreman::foreman_service}.socket",
Expand Down Expand Up @@ -125,7 +126,7 @@
serveraliases => $foreman::serveraliases,
server_port => $foreman::server_port,
server_ssl_port => $foreman::server_ssl_port,
proxy_backend => "http://${listen_socket}/",
proxy_backend => $foreman::foreman_service_bind,
ssl => $foreman::ssl,
ssl_ca => $foreman::server_ssl_ca,
ssl_chain => $foreman::server_ssl_chain,
Expand Down
12 changes: 9 additions & 3 deletions manifests/config/apache.pp
Expand Up @@ -105,7 +105,7 @@
Array[Stdlib::Fqdn] $serveraliases = [],
Stdlib::Port $server_port = 80,
Stdlib::Port $server_ssl_port = 443,
Stdlib::HTTPUrl $proxy_backend = 'http://localhost:3000/',
Pattern['^(https?|unix)://'] $proxy_backend = 'unix:///run/foreman.sock',
Hash $proxy_params = {'retry' => '0'},
Array[String] $proxy_no_proxy_uris = ['/pulp', '/pulp2', '/streamer', '/pub', '/icons'],
Boolean $ssl = false,
Expand Down Expand Up @@ -134,6 +134,12 @@
) {
$docroot = "${app_root}/public"

if $proxy_backend =~ 'unix://' {
$_proxy_backend = "${proxy_backend}|http://${servername}/"
} else {
$_proxy_backend = regsubst($proxy_backend, 'tcp://', 'http://')
}

if $foreman_url {
$suburi_parts = split($foreman_url, '/')
$suburi_parts_count = size($suburi_parts) - 1
Expand Down Expand Up @@ -186,7 +192,7 @@
}

include apache::mod::proxy_wstunnel
$websockets_backend = regsubst($proxy_backend, 'http://', 'ws://')
$websockets_backend = regsubst($_proxy_backend, 'http://', 'ws://')

$vhost_http_internal_options = {
'proxy_preserve_host' => true,
Expand All @@ -205,7 +211,7 @@
'proxy_pass' => {
'no_proxy_uris' => $proxy_no_proxy_uris,
'path' => pick($suburi, '/'),
'url' => $proxy_backend,
'url' => $_proxy_backend,
'params' => $proxy_params,
},
'rewrites' => [
Expand Down
4 changes: 2 additions & 2 deletions manifests/init.pp
Expand Up @@ -325,10 +325,10 @@

if $apache {
$use_foreman_service = ! $passenger
$foreman_service_bind = '127.0.0.1'
$foreman_service_bind = 'unix:///run/foreman.sock'
} else {
$use_foreman_service = true
$foreman_service_bind = '0.0.0.0'
$foreman_service_bind = 'tcp://0.0.0.0:3000'
}

include foreman::install
Expand Down
1 change: 0 additions & 1 deletion manifests/params.pp
Expand Up @@ -74,7 +74,6 @@
$foreman_service = 'foreman'
$foreman_service_ensure = 'running'
$foreman_service_enable = true
$foreman_service_port = 3000
$foreman_service_puma_threads_min = 0
$foreman_service_puma_threads_max = 16
$foreman_service_puma_workers = 2
Expand Down
8 changes: 7 additions & 1 deletion manifests/service.pp
Expand Up @@ -40,9 +40,15 @@
}

if $use_foreman_service {
service { $foreman_service:
service { "${foreman_service}.socket":
ensure => $foreman_service_ensure,
enable => $foreman_service_enable,
}

service { $foreman_service:
ensure => $foreman_service_ensure,
enable => $foreman_service_enable,
require => Service["${foreman_service}.socket"],
}
}
}
8 changes: 4 additions & 4 deletions spec/classes/foreman_config_apache_spec.rb
Expand Up @@ -229,14 +229,14 @@
.with_proxy_pass(
"no_proxy_uris" => ['/pulp', '/pulp2', '/streamer', '/pub', '/icons'],
"path" => '/',
"url" => 'http://localhost:3000/',
"url" => 'unix:///run/foreman.sock|http://foo.example.com/',
"params" => { "retry" => '0' },
)
.with_rewrites([
{
'comment' => 'Upgrade Websocket connections',
'rewrite_cond' => '%{HTTP:Upgrade} =websocket [NC]',
'rewrite_rule' => '/(.*) ws://localhost:3000/$1 [P,L]',
'rewrite_rule' => '/(.*) unix:///run/foreman.sock|ws://foo.example.com/$1 [P,L]',
},
])
end
Expand All @@ -261,14 +261,14 @@
.with_proxy_pass(
"no_proxy_uris" => ['/pulp', '/pulp2', '/streamer', '/pub', '/icons'],
"path" => '/',
"url" => 'http://localhost:3000/',
"url" => 'unix:///run/foreman.sock|http://foo.example.com/',
"params" => { "retry" => '0' },
)
.with_rewrites([
{
'comment' => 'Upgrade Websocket connections',
'rewrite_cond' => '%{HTTP:Upgrade} =websocket [NC]',
'rewrite_rule' => '/(.*) ws://localhost:3000/$1 [P,L]',
'rewrite_rule' => '/(.*) unix:///run/foreman.sock|ws://foo.example.com/$1 [P,L]',
},
])
end
Expand Down
4 changes: 2 additions & 2 deletions spec/classes/foreman_spec.rb
Expand Up @@ -154,8 +154,8 @@

it { should compile.with_all_deps }
it { should contain_class('foreman::config::apache').with_passenger(false) }
it { should contain_systemd__dropin_file('foreman-socket').with_filename('installer.conf').with_unit('foreman.socket').with_content(/^ListenStream=127\.0\.0\.1:3000$/) }
it { should contain_systemd__dropin_file('foreman-service').with_filename('installer.conf').with_unit('foreman.service').with_content(/^Environment=FOREMAN_BIND=127.0.0.1$/) }
it { should contain_systemd__dropin_file('foreman-socket').with_filename('installer.conf').with_unit('foreman.socket').with_content(/^ListenStream=\/run\/foreman\.sock$/) }
it { should contain_systemd__dropin_file('foreman-service').with_filename('installer.conf').with_unit('foreman.service').with_content(/^Environment=FOREMAN_BIND=unix:\/\/\/run\/foreman\.sock$/) }
it do
should contain_concat__fragment('foreman_settings+01-header.yaml')
.with_content(/^:ssl_client_dn_env: HTTP_SSL_CLIENT_S_DN$/)
Expand Down
4 changes: 2 additions & 2 deletions spec/support/acceptance/examples.rb
Expand Up @@ -19,8 +19,8 @@
it { is_expected.to be_listening }
end

describe port(3000) do
it { is_expected.to be_listening.on('127.0.0.1').with('tcp') }
describe file('/run/foreman.sock') do
it { should be_socket }
end

describe command("curl -s --cacert /etc/foreman-certs/certificate.pem https://#{host_inventory['fqdn']} -w '\%{redirect_url}' -o /dev/null") do
Expand Down
1 change: 0 additions & 1 deletion templates/foreman.service-overrides.erb
Expand Up @@ -3,7 +3,6 @@ User=<%= scope['foreman::user'] %>
Environment=FOREMAN_ENV=<%= scope['foreman::rails_env'] %>
Environment=FOREMAN_HOME=<%= scope['foreman::app_root'] %>
Environment=FOREMAN_BIND=<%= scope['foreman::foreman_service_bind'] %>
Environment=FOREMAN_PORT=<%= scope['foreman::foreman_service_port'] %>
Environment=FOREMAN_PUMA_THREADS_MIN=<%= scope['foreman::foreman_service_puma_threads_min'] %>
Environment=FOREMAN_PUMA_THREADS_MAX=<%= scope['foreman::foreman_service_puma_threads_max'] %>
Environment=FOREMAN_PUMA_WORKERS=<%= scope['foreman::foreman_service_puma_workers'] %>
6 changes: 5 additions & 1 deletion templates/foreman.socket-overrides.erb
@@ -1,3 +1,7 @@
[Socket]
ListenStream=
ListenStream=<%= @listen_socket %>
ListenStream=<%= @listen_stream %>
<% if scope['foreman::apache'] -%>
SocketUser=<%= scope['apache::user'] %>
SocketMode=0600
<% end -%>

0 comments on commit 2473950

Please sign in to comment.