diff --git a/files/default/99-origin-dns.sh b/files/default/99-origin-dns.sh index 1f922e0..673843d 100644 --- a/files/default/99-origin-dns.sh +++ b/files/default/99-origin-dns.sh @@ -110,8 +110,14 @@ BASH if ! grep -q '99-origin-dns.sh' /etc/resolv.conf; then echo "# nameserver updated by /etc/NetworkManager/dispatcher.d/99-origin-dns.sh" >> ${NEW_RESOLV_CONF} fi - sed -e '/^nameserver.*$/d' /etc/resolv.conf >> ${NEW_RESOLV_CONF} - echo "nameserver "${def_route_ip}"" >> ${NEW_RESOLV_CONF} + sed -e "/^nameserver.*${def_route_ip}$/d" /etc/resolv.conf >> ${NEW_RESOLV_CONF} + # Add nameserver rather than replace if existing != def_route_ip. Fix for nip.io in kitchen environment + # Pods always uses first nameserver entry from /etc/resolv.conf therefore adding default route IP as first nameserver + if grep -q '^nameserver.*$' ${NEW_RESOLV_CONF}; then + sed -in "0,/^nameserver.*$/s/^nameserver.*$/nameserver ${def_route_ip}\n&/" ${NEW_RESOLV_CONF} + else + echo "nameserver "${def_route_ip}"" >> ${NEW_RESOLV_CONF} + fi if ! grep -q 'search.*cluster.local' ${NEW_RESOLV_CONF}; then sed -i '/^search/ s/$/ cluster.local/' ${NEW_RESOLV_CONF} fi diff --git a/libraries/openshift_helper.rb b/libraries/openshift_helper.rb index c9e931f..8809283 100644 --- a/libraries/openshift_helper.rb +++ b/libraries/openshift_helper.rb @@ -174,6 +174,10 @@ def check_certificate_server_etcd ca_exist && !dir_exist end + def certificate_server_protocol + node['cookbook-openshift3']['httpd_secure'] ? 'https' : 'http' + end + def get_nodevar(var) if node_servers.any? { |server_node| server_node['fqdn'] == node['fqdn'] && server_node.key?(var) } node_servers.find { |server_node| server_node['fqdn'] == node['fqdn'] }[var.to_s] diff --git a/recipes/adhoc_migrate_etcd.rb b/recipes/adhoc_migrate_etcd.rb index ed5f144..5e57513 100644 --- a/recipes/adhoc_migrate_etcd.rb +++ b/recipes/adhoc_migrate_etcd.rb @@ -14,6 +14,7 @@ is_certificate_server = server_info.on_certificate_server? is_control_plane_server = server_info.on_control_plane_server? etcd_servers = server_info.etcd_servers +certificate_server_protocol = server_info.certificate_server_protocol include_recipe 'cookbook-openshift3::services' @@ -178,7 +179,8 @@ remote_file "Retrieve ETCD SystemD Drop-in from Certificate Server[#{certificate_server['fqdn']}]" do path "/etc/systemd/system/#{node['cookbook-openshift3']['etcd_service_name']}.service.d/etcd-dropin" - source "http://#{certificate_server['ipaddress']}:#{node['cookbook-openshift3']['httpd_xfer_port']}/etcd/migration/etcd-#{node['fqdn']}" + source "#{certificate_server_protocol}://#{certificate_server['ipaddress']}:#{node['cookbook-openshift3']['httpd_xfer_port']}/etcd/migration/etcd-#{node['fqdn']}" + headers(node['cookbook-openshift3']['cert_server_headers'] || node.run_state['openshift3_cert_server_headers']) if node['cookbook-openshift3']['cert_server_headers'] || node.run_state['openshift3_cert_server_headers'] notifies :run, 'execute[daemon-reload]', :immediately retries 120 retry_delay 5 diff --git a/recipes/etcd_certificates.rb b/recipes/etcd_certificates.rb index 86fd9b7..82f9b63 100644 --- a/recipes/etcd_certificates.rb +++ b/recipes/etcd_certificates.rb @@ -6,6 +6,7 @@ server_info = OpenShiftHelper::NodeHelper.new(node) etcd_servers = server_info.etcd_servers + server_info.new_etcd_servers +master_servers = server_info.master_servers is_certificate_server = server_info.on_certificate_server? if node['cookbook-openshift3']['encrypted_file_password']['data_bag_name'] && node['cookbook-openshift3']['encrypted_file_password']['data_bag_item_name'] @@ -81,6 +82,14 @@ variables(servers: etcd_servers) end + template "#{node['cookbook-openshift3']['etcd_generated_ca_dir']}/.htaccess" do + owner 'apache' + group 'apache' + source 'access-htaccess.erb' + notifies :run, 'ruby_block[Modify the AllowOverride options]', :immediately + variables(servers: etcd_servers + master_servers) + end + remote_file '/var/www/html/etcd/ca.crt' do owner 'apache' group 'apache' diff --git a/recipes/etcd_cluster.rb b/recipes/etcd_cluster.rb index aa4011b..5d442e4 100644 --- a/recipes/etcd_cluster.rb +++ b/recipes/etcd_cluster.rb @@ -14,6 +14,7 @@ is_new_etcd_server = server_info.on_new_etcd_server? is_master_server = server_info.on_master_server? etcd_healthy = helper.checketcd_healthy? +certificate_server_protocol = server_info.certificate_server_protocol if node['cookbook-openshift3']['encrypted_file_password']['data_bag_name'] && node['cookbook-openshift3']['encrypted_file_password']['data_bag_item_name'] secret_file = node['cookbook-openshift3']['encrypted_file_password']['secret_file'] || nil @@ -73,8 +74,9 @@ end remote_file "#{node['cookbook-openshift3']['etcd_conf_dir']}/ca.crt" do - source "http://#{certificate_server['ipaddress']}:#{node['cookbook-openshift3']['httpd_xfer_port']}/etcd/ca.crt" + source "#{certificate_server_protocol}://#{certificate_server['ipaddress']}:#{node['cookbook-openshift3']['httpd_xfer_port']}/etcd/ca.crt" retries ::Mixlib::ShellOut.new("systemctl is-enabled #{node['cookbook-openshift3']['etcd_service_name']}").run_command.error? ? 180 : 60 + headers(node['cookbook-openshift3']['cert_server_headers'] || node.run_state['openshift3_cert_server_headers']) if node['cookbook-openshift3']['cert_server_headers'] || node.run_state['openshift3_cert_server_headers'] retry_delay 5 sensitive true action :create_if_missing @@ -82,10 +84,11 @@ remote_file "Retrieve ETCD certificates from Certificate Server[#{certificate_server['fqdn']}]" do path "#{node['cookbook-openshift3']['etcd_conf_dir']}/etcd-#{node['fqdn']}.tgz.enc" - source "http://#{certificate_server['ipaddress']}:#{node['cookbook-openshift3']['httpd_xfer_port']}/etcd/generated_certs/etcd-#{node['fqdn']}.tgz.enc" + source "#{certificate_server_protocol}://#{certificate_server['ipaddress']}:#{node['cookbook-openshift3']['httpd_xfer_port']}/etcd/generated_certs/etcd-#{node['fqdn']}.tgz.enc" action :create_if_missing notifies :run, 'execute[Un-encrypt etcd certificate tgz files]', :immediately notifies :run, 'execute[Extract certificate to ETCD folder]', :immediately + headers(node['cookbook-openshift3']['cert_server_headers'] || node.run_state['openshift3_cert_server_headers']) if node['cookbook-openshift3']['cert_server_headers'] || node.run_state['openshift3_cert_server_headers'] retries 60 retry_delay 5 end diff --git a/recipes/etcd_recovery.rb b/recipes/etcd_recovery.rb index 5fc28a3..86024c5 100644 --- a/recipes/etcd_recovery.rb +++ b/recipes/etcd_recovery.rb @@ -11,6 +11,7 @@ is_certificate_server = server_info.on_certificate_server? etcd_servers = server_info.etcd_servers etcd_healthy = helper.checketcd_healthy? +certificate_server_protocol = server_info.certificate_server_protocol if is_certificate_server && etcd_healthy && ::File.file?(node['cookbook-openshift3']['adhoc_recovery_etcd_certificate_server']) file node['cookbook-openshift3']['adhoc_recovery_etcd_certificate_server'] do @@ -87,9 +88,10 @@ remote_file "Retrieve ETCD SystemD Drop-in from Certificate Server[#{certificate_server['fqdn']}]" do path "/etc/systemd/system/#{node['cookbook-openshift3']['etcd_service_name']}.service.d/etcd-dropin" - source "http://#{certificate_server['ipaddress']}:#{node['cookbook-openshift3']['httpd_xfer_port']}/etcd/recovery/etcd-#{node['fqdn']}" + source "#{certificate_server_protocol}://#{certificate_server['ipaddress']}:#{node['cookbook-openshift3']['httpd_xfer_port']}/etcd/recovery/etcd-#{node['fqdn']}" notifies :run, 'execute[daemon-reload]', :immediately notifies :delete, "directory[#{node['cookbook-openshift3']['etcd_data_dir']}/member]", :immediately + headers(node['cookbook-openshift3']['cert_server_headers'] || node.run_state['openshift3_cert_server_headers']) if node['cookbook-openshift3']['cert_server_headers'] || node.run_state['openshift3_cert_server_headers'] retries 120 retry_delay 5 end diff --git a/recipes/etcd_scaleup.rb b/recipes/etcd_scaleup.rb index 526cf98..35fb470 100644 --- a/recipes/etcd_scaleup.rb +++ b/recipes/etcd_scaleup.rb @@ -13,6 +13,7 @@ is_certificate_server = server_info.on_certificate_server? etcds = etcd_servers.map { |srv| "https://#{srv['ipaddress']}:2379" }.join(',') path_bin = node['cookbook-openshift3']['openshift_docker_etcd_image'].include?('coreos') ? '/usr/local/bin/etcd' : '/usr/bin/etcd' +certificate_server_protocol = server_info.certificate_server_protocol unless new_etcd_servers.empty? if is_certificate_server @@ -60,7 +61,8 @@ remote_file "Retrieve ETCD SystemD Drop-in from Certificate Server[#{certificate_server['fqdn']}]" do path "/etc/systemd/system/#{node['cookbook-openshift3']['etcd_service_name']}.service.d/etcd-dropin" - source "http://#{certificate_server['ipaddress']}:#{node['cookbook-openshift3']['httpd_xfer_port']}/etcd/scaleup/etcd-#{node['fqdn']}" + source "#{certificate_server_protocol}://#{certificate_server['ipaddress']}:#{node['cookbook-openshift3']['httpd_xfer_port']}/etcd/scaleup/etcd-#{node['fqdn']}" + headers(node['cookbook-openshift3']['cert_server_headers'] || node.run_state['openshift3_cert_server_headers']) if node['cookbook-openshift3']['cert_server_headers'] || node.run_state['openshift3_cert_server_headers'] action :create_if_missing notifies :run, 'execute[daemon-reload]', :immediately notifies :start, 'service[etcd-service]', :immediately diff --git a/recipes/master_cluster.rb b/recipes/master_cluster.rb index c0ebe66..5cb0238 100644 --- a/recipes/master_cluster.rb +++ b/recipes/master_cluster.rb @@ -10,6 +10,7 @@ master_servers = server_info.master_servers etcd_servers = server_info.etcd_servers certificate_server = server_info.certificate_server +certificate_server_protocol = server_info.certificate_server_protocol ose_major_version = node['cookbook-openshift3']['deploy_containerized'] == true ? node['cookbook-openshift3']['openshift_docker_image_version'] : node['cookbook-openshift3']['ose_major_version'] @@ -60,7 +61,8 @@ remote_file "Retrieve ETCD client certificate from Certificate Server[#{certificate_server['fqdn']}]" do path "#{node['cookbook-openshift3']['openshift_master_config_dir']}/openshift-master-#{node['fqdn']}.tgz.enc" - source "http://#{certificate_server['ipaddress']}:#{node['cookbook-openshift3']['httpd_xfer_port']}/master/generated_certs/openshift-master-#{node['fqdn']}.tgz.enc" + source "#{certificate_server_protocol}://#{certificate_server['ipaddress']}:#{node['cookbook-openshift3']['httpd_xfer_port']}/master/generated_certs/openshift-master-#{node['fqdn']}.tgz.enc" + headers(node['cookbook-openshift3']['cert_server_headers'] || node.run_state['openshift3_cert_server_headers']) if node['cookbook-openshift3']['cert_server_headers'] || node.run_state['openshift3_cert_server_headers'] action :create_if_missing notifies :run, 'execute[Un-encrypt etcd certificates tgz files]', :immediately notifies :run, 'execute[Extract etcd certificates to Master folder]', :immediately @@ -83,7 +85,8 @@ remote_file "Retrieve ETCD CA cert from Certificate Server[#{certificate_server['fqdn']}]" do path "#{node['cookbook-openshift3']['openshift_master_config_dir']}/#{node['cookbook-openshift3']['master_etcd_cert_prefix']}ca.crt" - source "http://#{certificate_server['ipaddress']}:#{node['cookbook-openshift3']['httpd_xfer_port']}/etcd/ca.crt" + source "#{certificate_server_protocol}://#{certificate_server['ipaddress']}:#{node['cookbook-openshift3']['httpd_xfer_port']}/etcd/ca.crt" + headers(node['cookbook-openshift3']['cert_server_headers'] || node.run_state['openshift3_cert_server_headers']) if node['cookbook-openshift3']['cert_server_headers'] || node.run_state['openshift3_cert_server_headers'] owner 'root' group 'root' mode '0600' @@ -95,7 +98,8 @@ remote_file "Retrieve master certificates from Certificate Server[#{certificate_server['fqdn']}]" do path "#{node['cookbook-openshift3']['openshift_master_config_dir']}/openshift-#{node['fqdn']}.tgz.enc" - source "http://#{certificate_server['ipaddress']}:#{node['cookbook-openshift3']['httpd_xfer_port']}/master/generated_certs/openshift-#{node['fqdn']}.tgz.enc" + source "#{certificate_server_protocol}://#{certificate_server['ipaddress']}:#{node['cookbook-openshift3']['httpd_xfer_port']}/master/generated_certs/openshift-#{node['fqdn']}.tgz.enc" + headers(node['cookbook-openshift3']['cert_server_headers'] || node.run_state['openshift3_cert_server_headers']) if node['cookbook-openshift3']['cert_server_headers'] || node.run_state['openshift3_cert_server_headers'] action :create_if_missing notifies :run, 'execute[Un-encrypt master certificates master tgz files]', :immediately notifies :run, 'execute[Extract master certificates to Master folder]', :immediately diff --git a/recipes/ng_etcd_cluster.rb b/recipes/ng_etcd_cluster.rb index a2ab599..9e35bba 100644 --- a/recipes/ng_etcd_cluster.rb +++ b/recipes/ng_etcd_cluster.rb @@ -16,6 +16,7 @@ user_id = node['cookbook-openshift3']['openshift_etcd_static_pod'] ? 'root' : 'etcd' group_id = node['cookbook-openshift3']['openshift_etcd_static_pod'] ? 'root' : 'etcd' etcd_ipaddress = etcd_servers.find { |etcd| etcd['fqdn'] == node['fqdn'] }['ipaddress'] +certificate_server_protocol = server_info.certificate_server_protocol if node['cookbook-openshift3']['encrypted_file_password']['data_bag_name'] && node['cookbook-openshift3']['encrypted_file_password']['data_bag_item_name'] secret_file = node['cookbook-openshift3']['encrypted_file_password']['secret_file'] || nil @@ -68,7 +69,8 @@ end remote_file "#{node['cookbook-openshift3']['etcd_conf_dir']}/ca.crt" do - source "http://#{certificate_server['ipaddress']}:#{node['cookbook-openshift3']['httpd_xfer_port']}/etcd/ca.crt" + source "#{certificate_server_protocol}://#{certificate_server['ipaddress']}:#{node['cookbook-openshift3']['httpd_xfer_port']}/etcd/ca.crt" + headers(node['cookbook-openshift3']['cert_server_headers'] || node.run_state['openshift3_cert_server_headers']) if node['cookbook-openshift3']['cert_server_headers'] || node.run_state['openshift3_cert_server_headers'] retries 60 retry_delay 5 sensitive true @@ -77,7 +79,8 @@ remote_file "Retrieve ETCD certificates from Certificate Server[#{certificate_server['fqdn']}]" do path "#{node['cookbook-openshift3']['etcd_conf_dir']}/etcd-#{node['fqdn']}.tgz.enc" - source "http://#{certificate_server['ipaddress']}:#{node['cookbook-openshift3']['httpd_xfer_port']}/etcd/generated_certs/etcd-#{node['fqdn']}.tgz.enc" + source "#{certificate_server_protocol}://#{certificate_server['ipaddress']}:#{node['cookbook-openshift3']['httpd_xfer_port']}/etcd/generated_certs/etcd-#{node['fqdn']}.tgz.enc" + headers(node['cookbook-openshift3']['cert_server_headers'] || node.run_state['openshift3_cert_server_headers']) if node['cookbook-openshift3']['cert_server_headers'] || node.run_state['openshift3_cert_server_headers'] action :create_if_missing notifies :run, 'execute[Un-encrypt etcd certificate tgz files]', :immediately notifies :run, 'execute[Extract certificate to ETCD folder]', :immediately diff --git a/recipes/ng_master.rb b/recipes/ng_master.rb index bd2e93e..e77a5a7 100644 --- a/recipes/ng_master.rb +++ b/recipes/ng_master.rb @@ -11,6 +11,7 @@ is_certificate_server = server_info.on_certificate_server? docker_version = node['cookbook-openshift3']['openshift_docker_image_version'] service_accounts = node['cookbook-openshift3']['openshift_common_service_accounts_additional'].any? ? node['cookbook-openshift3']['openshift_common_service_accounts'] + node['cookbook-openshift3']['openshift_common_service_accounts_additional'] : node['cookbook-openshift3']['openshift_common_service_accounts'] +certificate_server_protocol = server_info.certificate_server_protocol if is_master_server node['cookbook-openshift3']['enabled_firewall_rules_master_cluster'].each do |rule| @@ -49,7 +50,8 @@ remote_file "Retrieve ETCD client certificate from Certificate Server[#{certificate_server['fqdn']}]" do path "#{node['cookbook-openshift3']['openshift_master_config_dir']}/openshift-master-#{node['fqdn']}.tgz.enc" - source "http://#{certificate_server['ipaddress']}:#{node['cookbook-openshift3']['httpd_xfer_port']}/master/generated_certs/openshift-master-#{node['fqdn']}.tgz.enc" + source "#{certificate_server_protocol}://#{certificate_server['ipaddress']}:#{node['cookbook-openshift3']['httpd_xfer_port']}/master/generated_certs/openshift-master-#{node['fqdn']}.tgz.enc" + headers(node['cookbook-openshift3']['cert_server_headers'] || node.run_state['openshift3_cert_server_headers']) if node['cookbook-openshift3']['cert_server_headers'] || node.run_state['openshift3_cert_server_headers'] action :create_if_missing notifies :run, 'execute[Un-encrypt etcd certificates tgz files]', :immediately notifies :run, 'execute[Extract etcd certificates to Master folder]', :immediately @@ -72,7 +74,8 @@ remote_file "Retrieve ETCD CA cert from Certificate Server[#{certificate_server['fqdn']}]" do path "#{node['cookbook-openshift3']['openshift_master_config_dir']}/#{node['cookbook-openshift3']['master_etcd_cert_prefix']}ca.crt" - source "http://#{certificate_server['ipaddress']}:#{node['cookbook-openshift3']['httpd_xfer_port']}/etcd/ca.crt" + source "#{certificate_server_protocol}://#{certificate_server['ipaddress']}:#{node['cookbook-openshift3']['httpd_xfer_port']}/etcd/ca.crt" + headers(node['cookbook-openshift3']['cert_server_headers'] || node.run_state['openshift3_cert_server_headers']) if node['cookbook-openshift3']['cert_server_headers'] || node.run_state['openshift3_cert_server_headers'] owner 'root' group 'root' mode '0600' @@ -84,7 +87,8 @@ remote_file "Retrieve master certificates from Certificate Server[#{certificate_server['fqdn']}]" do path "#{node['cookbook-openshift3']['openshift_master_config_dir']}/openshift-#{node['fqdn']}.tgz.enc" - source "http://#{certificate_server['ipaddress']}:#{node['cookbook-openshift3']['httpd_xfer_port']}/master/generated_certs/openshift-#{node['fqdn']}.tgz.enc" + source "#{certificate_server_protocol}://#{certificate_server['ipaddress']}:#{node['cookbook-openshift3']['httpd_xfer_port']}/master/generated_certs/openshift-#{node['fqdn']}.tgz.enc" + headers(node['cookbook-openshift3']['cert_server_headers'] || node.run_state['openshift3_cert_server_headers']) if node['cookbook-openshift3']['cert_server_headers'] || node.run_state['openshift3_cert_server_headers'] action :create_if_missing notifies :run, 'execute[Un-encrypt master certificates master tgz files]', :immediately notifies :run, 'execute[Extract master certificates to Master folder]', :immediately diff --git a/recipes/ng_node_join.rb b/recipes/ng_node_join.rb index 3db2f9f..2178876 100644 --- a/recipes/ng_node_join.rb +++ b/recipes/ng_node_join.rb @@ -6,6 +6,7 @@ server_info = OpenShiftHelper::NodeHelper.new(node) certificate_server = server_info.certificate_server +certificate_server_protocol = server_info.certificate_server_protocol if node['cookbook-openshift3']['encrypted_file_password']['data_bag_name'] && node['cookbook-openshift3']['encrypted_file_password']['data_bag_item_name'] secret_file = node['cookbook-openshift3']['encrypted_file_password']['secret_file'] || nil @@ -16,7 +17,8 @@ remote_file "Retrieve certificate from Master[#{certificate_server['fqdn']}]" do path "#{node['cookbook-openshift3']['openshift_node_config_dir']}/#{node['fqdn']}.tgz.enc" - source "http://#{certificate_server['ipaddress']}:#{node['cookbook-openshift3']['httpd_xfer_port']}/node/generated-configs/#{node['fqdn']}.tgz.enc" + source "#{certificate_server_protocol}://#{certificate_server['ipaddress']}:#{node['cookbook-openshift3']['httpd_xfer_port']}/node/generated-configs/#{node['fqdn']}.tgz.enc" + headers(node['cookbook-openshift3']['cert_server_headers'] || node.run_state['openshift3_cert_server_headers']) if node['cookbook-openshift3']['cert_server_headers'] || node.run_state['openshift3_cert_server_headers'] action :create_if_missing notifies :run, 'execute[Un-encrypt node certificate tgz files]', :immediately notifies :run, 'execute[Extract certificate to Node folder]', :immediately diff --git a/recipes/node.rb b/recipes/node.rb index 7593376..339098d 100644 --- a/recipes/node.rb +++ b/recipes/node.rb @@ -12,6 +12,7 @@ ose_major_version = node['cookbook-openshift3']['deploy_containerized'] == true ? node['cookbook-openshift3']['openshift_docker_image_version'] : node['cookbook-openshift3']['ose_major_version'] path_certificate = node['cookbook-openshift3']['use_wildcard_nodes'] ? 'wildcard_nodes.tgz.enc' : "#{node['fqdn']}.tgz.enc" +certificate_server_protocol = server_info.certificate_server_protocol if node['cookbook-openshift3']['encrypted_file_password']['data_bag_name'] && node['cookbook-openshift3']['encrypted_file_password']['data_bag_item_name'] secret_file = node['cookbook-openshift3']['encrypted_file_password']['secret_file'] || nil @@ -150,7 +151,8 @@ remote_file "Retrieve certificate from Master[#{certificate_server['fqdn']}]" do path "#{node['cookbook-openshift3']['openshift_node_config_dir']}/#{node['fqdn']}.tgz.enc" - source "http://#{certificate_server['ipaddress']}:#{node['cookbook-openshift3']['httpd_xfer_port']}/node/generated-configs/#{path_certificate}" + source "#{certificate_server_protocol}://#{certificate_server['ipaddress']}:#{node['cookbook-openshift3']['httpd_xfer_port']}/node/generated-configs/#{path_certificate}" + headers(node['cookbook-openshift3']['cert_server_headers'] || node.run_state['openshift3_cert_server_headers']) if node['cookbook-openshift3']['cert_server_headers'] || node.run_state['openshift3_cert_server_headers'] action :create_if_missing notifies :run, 'execute[Un-encrypt node certificate tgz files]', :immediately notifies :run, 'execute[Extract certificate to Node folder]', :immediately diff --git a/recipes/nodes_certificates.rb b/recipes/nodes_certificates.rb index b2f24e0..e9cde86 100644 --- a/recipes/nodes_certificates.rb +++ b/recipes/nodes_certificates.rb @@ -110,4 +110,13 @@ end end end + + # Add .htaccess for nodes if non-wildcard nodes are used + template "#{node['cookbook-openshift3']['openshift_node_generated_configs_dir']}/.htaccess" do + owner 'apache' + group 'apache' + source 'access-htaccess.erb' + notifies :run, 'ruby_block[Modify the AllowOverride options]', :immediately + variables(servers: node_servers) + end end diff --git a/recipes/wire_aggregator.rb b/recipes/wire_aggregator.rb index 2b744b5..4e8d141 100644 --- a/recipes/wire_aggregator.rb +++ b/recipes/wire_aggregator.rb @@ -6,6 +6,7 @@ server_info = OpenShiftHelper::NodeHelper.new(node) certificate_server = server_info.certificate_server +certificate_server_protocol = server_info.certificate_server_protocol if node['cookbook-openshift3']['encrypted_file_password']['data_bag_name'] && node['cookbook-openshift3']['encrypted_file_password']['data_bag_item_name'] secret_file = node['cookbook-openshift3']['encrypted_file_password']['secret_file'] || nil @@ -16,7 +17,8 @@ remote_file 'Retrieve the aggregator certs' do path "#{node['cookbook-openshift3']['openshift_master_config_dir']}/wire_aggregator-masters.tgz.enc" - source "http://#{certificate_server['ipaddress']}:#{node['cookbook-openshift3']['httpd_xfer_port']}/master/generated_certs/wire_aggregator-masters.tgz.enc" + source "#{certificate_server_protocol}://#{certificate_server['ipaddress']}:#{node['cookbook-openshift3']['httpd_xfer_port']}/master/generated_certs/wire_aggregator-masters.tgz.enc" + headers(node['cookbook-openshift3']['cert_server_headers'] || node.run_state['openshift3_cert_server_headers']) if node['cookbook-openshift3']['cert_server_headers'] || node.run_state['openshift3_cert_server_headers'] action :create_if_missing notifies :run, 'execute[Un-encrypt aggregator tgz files]', :immediately notifies :run, 'execute[Extract aggregator to Master folder]', :immediately