-
Notifications
You must be signed in to change notification settings - Fork 118
/
runhttpd
executable file
·95 lines (76 loc) · 3.59 KB
/
runhttpd
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
#!/usr/bin/bash
. /bin/ironic-common.sh
IRONIC_CERT_FILE=/certs/ironic/tls.crt
HTTP_PORT=${HTTP_PORT:-"80"}
INSPECTOR_ORIG_HTTPD_CONFIG=/etc/httpd/conf.d/inspector-apache.conf.j2
INSPECTOR_RESULT_HTTPD_CONFIG=/etc/httpd/conf.d/ironic-inspector.conf
export IRONIC_INSPECTOR_CERT_FILE=/certs/ironic-inspector/tls.crt
export IRONIC_INSPECTOR_KEY_FILE=/certs/ironic-inspector/tls.key
export INSPECTOR_REVERSE_PROXY_SETUP=${INSPECTOR_REVERSE_PROXY_SETUP:-"false"}
export RESTART_CONTAINER_CERTIFICATE_UPDATED=${RESTART_CONTAINER_CERTIFICATE_UPDATED:-"false"}
# Whether to enable fast_track provisioning or not
IRONIC_FAST_TRACK=${IRONIC_FAST_TRACK:-true}
wait_for_interface_or_ip
mkdir -p /shared/html
chmod 0777 /shared/html
if [ -f "$IRONIC_CERT_FILE" ]; then
IRONIC_BASE_URL="https://${IRONIC_URL_HOST}"
else
IRONIC_BASE_URL="http://${IRONIC_URL_HOST}"
fi
if [[ $IRONIC_FAST_TRACK == true ]]; then
INSPECTOR_EXTRA_ARGS=" ipa-api-url=${IRONIC_BASE_URL}:6385 ipa-inspection-callback-url=${IRONIC_BASE_URL}:5050/v1/continue"
else
INSPECTOR_EXTRA_ARGS=" ipa-inspection-callback-url=${IRONIC_BASE_URL}:5050/v1/continue"
fi
# Copy files to shared mount
render_j2_config /tmp/inspector.ipxe.j2 /shared/html/inspector.ipxe
cp /tmp/dualboot.ipxe /shared/html/dualboot.ipxe
cp /tmp/uefi_esp.img /shared/html/uefi_esp.img
if [ -f "$IRONIC_INSPECTOR_CERT_FILE" ] && [ ! -f "$IRONIC_INSPECTOR_KEY_FILE" ] ; then
echo "Missing TLS Certificate key file /certs/ironic-inspector/tls.key"
exit 1
fi
if [ ! -f "$IRONIC_INSPECTOR_CERT_FILE" ] && [ -f "$IRONIC_INSPECTOR_KEY_FILE" ] ; then
echo "Missing TLS Certificate file /certs/ironic-inspector/tls.crt"
exit 1
fi
if [ -f "$IRONIC_INSPECTOR_CERT_FILE" ]; then
export IRONIC_INSPECTOR_TLS_SETUP="true"
if [[ "${INSPECTOR_REVERSE_PROXY_SETUP}" == "true" ]]; then
render_j2_config $INSPECTOR_ORIG_HTTPD_CONFIG $INSPECTOR_RESULT_HTTPD_CONFIG
fi
# Add user 'apache' to the group `ironic-inspector`, so httpd can access /etc/ironic-inspector and read the pasword file
usermod -aG ironic-inspector apache
else
export IRONIC_INSPECTOR_TLS_SETUP="false"
export INSPECTOR_REVERSE_PROXY_SETUP="false" # If TLS is not used, we have no reason to use the reverse proxy
fi
# Configure HTTP basic auth for API server
HTPASSWD_FILE=/etc/ironic-inspector/htpasswd
if [ -n "${HTTP_BASIC_HTPASSWD:-}" ]; then
printf "%s\n" "${HTTP_BASIC_HTPASSWD}" >"${HTPASSWD_FILE}"
fi
# Use configured values
sed -i -e s/IRONIC_IP/${IRONIC_URL_HOST}/g \
-e s/HTTP_PORT/${HTTP_PORT}/g \
-e "s|EXTRA_ARGS|${INSPECTOR_EXTRA_ARGS}|g" \
/shared/html/inspector.ipxe
sed -i 's/^Listen .*$/Listen [::]:'"$HTTP_PORT"'/' /etc/httpd/conf/httpd.conf
sed -i -e 's|\(^[[:space:]]*\)\(DocumentRoot\)\(.*\)|\1\2 "/shared/html"|' \
-e 's|<Directory "/var/www/html">|<Directory "/shared/html">|' \
-e 's|<Directory "/var/www">|<Directory "/shared">|' /etc/httpd/conf/httpd.conf
# Log to std out/err
sed -i -e 's%^ \+CustomLog.*% CustomLog /dev/stderr combined%g' /etc/httpd/conf/httpd.conf
sed -i -e 's%^ErrorLog.*%ErrorLog /dev/stderr%g' /etc/httpd/conf/httpd.conf
if [[ "$IRONIC_INSPECTOR_TLS_SETUP" == "true" && "${RESTART_CONTAINER_CERTIFICATE_UPDATED}" == "true" ]]; then
inotifywait -m -e delete_self "${IRONIC_INSPECTOR_CERT_FILE}" | while read file event; do
kill -WINCH $(pgrep httpd)
done &
fi
if [[ "$IRONIC_TLS_SETUP" == "true" && "${RESTART_CONTAINER_CERTIFICATE_UPDATED}" == "true" ]]; then
inotifywait -m -e delete_self "${IRONIC_CERT_FILE}" | while read file event; do
kill -WINCH $(pgrep httpd)
done &
fi
exec /usr/sbin/httpd -DFOREGROUND