Fixing cinder to work for external url
There are some more last minute testing changes done with cinder, so that it can work with both internal and external url. This change cinder configuration to not include ssl on wsgi as well as cinder to not listen on hostport. Change-Id: Iee0bb1edeccc6ec6540b54f84fffb4de940548ce
This commit is contained in:
parent
baf984deea
commit
fb35b74c07
|
@ -275,9 +275,6 @@ data:
|
||||||
pod_replacement_strategy: RollingUpdate
|
pod_replacement_strategy: RollingUpdate
|
||||||
rolling_update:
|
rolling_update:
|
||||||
max_unavailable: 50%
|
max_unavailable: 50%
|
||||||
useHostNetwork:
|
|
||||||
volume: true
|
|
||||||
backup: true
|
|
||||||
security_context:
|
security_context:
|
||||||
cinder_volume:
|
cinder_volume:
|
||||||
container:
|
container:
|
||||||
|
@ -316,69 +313,7 @@ data:
|
||||||
ceph_client:
|
ceph_client:
|
||||||
configmap: tenant-ceph-etc
|
configmap: tenant-ceph-etc
|
||||||
user_secret_name: pvc-tceph-client-key
|
user_secret_name: pvc-tceph-client-key
|
||||||
network:
|
|
||||||
api:
|
|
||||||
ingress:
|
|
||||||
annotations:
|
|
||||||
nginx.ingress.kubernetes.io/backend-protocol: "https"
|
|
||||||
nginx.ingress.kubernetes.io/configuration-snippet: |
|
|
||||||
more_set_headers "X-Content-Type-Options: nosniff";
|
|
||||||
more_set_headers "X-Frame-Options: deny";
|
|
||||||
more_set_headers "Content-Security-Policy: default-src 'self'";
|
|
||||||
more_set_headers "X-Permitted-Cross-Domain-Policies: none";
|
|
||||||
more_set_headers "X-XSS-Protection: 1; mode=block";
|
|
||||||
endpoints:
|
|
||||||
ingress:
|
|
||||||
port:
|
|
||||||
ingress:
|
|
||||||
default: 443
|
|
||||||
conf:
|
conf:
|
||||||
software:
|
|
||||||
apache2:
|
|
||||||
binary: apache2
|
|
||||||
start_parameters: -DFOREGROUND
|
|
||||||
site_dir: /etc/apache2/sites-enabled
|
|
||||||
conf_dir: /etc/apache2/conf-enabled
|
|
||||||
mods_dir: /etc/apache2/mods-available
|
|
||||||
a2enmod:
|
|
||||||
- ssl
|
|
||||||
a2dismod: null
|
|
||||||
mpm_event: |
|
|
||||||
<IfModule mpm_event_module>
|
|
||||||
ServerLimit 1024
|
|
||||||
StartServers 32
|
|
||||||
MinSpareThreads 32
|
|
||||||
MaxSpareThreads 256
|
|
||||||
ThreadsPerChild 25
|
|
||||||
MaxRequestsPerChild 128
|
|
||||||
ThreadLimit 720
|
|
||||||
</IfModule>
|
|
||||||
wsgi_cinder: |
|
|
||||||
{{- $portInt := tuple "volume" "internal" "api" $ | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
|
|
||||||
Listen {{ $portInt }}
|
|
||||||
<VirtualHost *:{{ $portInt }}>
|
|
||||||
ServerName {{ printf "%s.%s.svc.%s" "cinder-api" .Release.Namespace .Values.endpoints.cluster_domain_suffix }}
|
|
||||||
WSGIDaemonProcess cinder-api processes=1 threads=1 user=cinder display-name=%{GROUP}
|
|
||||||
WSGIProcessGroup cinder-api
|
|
||||||
WSGIScriptAlias / /var/www/cgi-bin/cinder/cinder-wsgi
|
|
||||||
WSGIApplicationGroup %{GLOBAL}
|
|
||||||
WSGIPassAuthorization On
|
|
||||||
AllowEncodedSlashes On
|
|
||||||
<IfVersion >= 2.4>
|
|
||||||
ErrorLogFormat "%{cu}t %M"
|
|
||||||
</IfVersion>
|
|
||||||
SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
|
|
||||||
ErrorLog /dev/stdout
|
|
||||||
CustomLog /dev/stdout combined env=!forwarded
|
|
||||||
CustomLog /dev/stdout proxy env=forwarded
|
|
||||||
|
|
||||||
SSLEngine on
|
|
||||||
SSLCertificateFile /etc/cinder/certs/tls.crt
|
|
||||||
SSLCertificateKeyFile /etc/cinder/certs/tls.key
|
|
||||||
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
|
|
||||||
SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
|
|
||||||
SSLHonorCipherOrder on
|
|
||||||
</VirtualHost>
|
|
||||||
ceph:
|
ceph:
|
||||||
pools:
|
pools:
|
||||||
backup:
|
backup:
|
||||||
|
|
Loading…
Reference in New Issue