diff --git a/src/roles/httpd/defaults/main.yml b/src/roles/httpd/defaults/main.yml index 199616851..3df4838f9 100644 --- a/src/roles/httpd/defaults/main.yml +++ b/src/roles/httpd/defaults/main.yml @@ -3,6 +3,7 @@ httpd_pulp_api_backend: http://localhost:24817 httpd_pulp_content_backend: http://localhost:24816 httpd_foreman_backend: http://localhost:3000 httpd_pub_dir: /var/www/html/pub +httpd_enabled_pulp_snippets: [] # External authentication configuration httpd_external_authentication: "{{ external_authentication | default(None) }}" diff --git a/src/roles/httpd/templates/foreman-ssl-vhost.conf.j2 b/src/roles/httpd/templates/foreman-ssl-vhost.conf.j2 index 3807529f0..042e2bafc 100644 --- a/src/roles/httpd/templates/foreman-ssl-vhost.conf.j2 +++ b/src/roles/httpd/templates/foreman-ssl-vhost.conf.j2 @@ -68,6 +68,10 @@ ProxyPassReverse {{ httpd_pulp_content_backend }}/pulp/content +{% for httpd_pulp_snippet in httpd_enabled_pulp_snippets %} +{% include httpd_pulp_snippet+'.j2' %} +{% endfor %} + RequestHeader unset REMOTE_USER RequestHeader unset REMOTE-USER diff --git a/src/roles/httpd/templates/pypi.j2 b/src/roles/httpd/templates/pypi.j2 new file mode 100644 index 000000000..40c5257cb --- /dev/null +++ b/src/roles/httpd/templates/pypi.j2 @@ -0,0 +1,7 @@ + + RequestHeader unset X-CLIENT-CERT + RequestHeader set X-CLIENT-CERT "%{SSL_CLIENT_CERT}s" env=SSL_CLIENT_CERT + RequestHeader set X-FORWARDED-PROTO expr=%{REQUEST_SCHEME} + ProxyPass {{ httpd_pulp_api_backend }}/pypi timeout=600 + ProxyPassReverse {{ httpd_pulp_api_backend }}/pypi + diff --git a/src/vars/base.yaml b/src/vars/base.yaml index 16765f9a7..ccbb41cba 100644 --- a/src/vars/base.yaml +++ b/src/vars/base.yaml @@ -25,6 +25,7 @@ httpd_server_ca_certificate: "{{ server_ca_certificate }}" httpd_client_ca_certificate: "{{ client_ca_certificate }}" httpd_server_certificate: "{{ server_certificate }}" httpd_server_key: "{{ server_key }}" +httpd_enabled_pulp_snippets: "{{ ['pypi'] if 'content/python' in enabled_features else [] }}" pulp_content_origin: "https://{{ ansible_facts['fqdn'] }}" pulp_pulp_url: "https://{{ ansible_facts['fqdn'] }}" diff --git a/src/vars/flavors/katello.yml b/src/vars/flavors/katello.yml index bd87829c0..ca5cd86d0 100644 --- a/src/vars/flavors/katello.yml +++ b/src/vars/flavors/katello.yml @@ -5,4 +5,5 @@ flavor_features: - content/ansible - content/container - content/deb + - content/python - content/rpm diff --git a/tests/httpd_test.py b/tests/httpd_test.py index ca4aa0d64..b94529f23 100644 --- a/tests/httpd_test.py +++ b/tests/httpd_test.py @@ -52,6 +52,13 @@ def test_https_pulp_auth(server, certificates, server_fqdn): assert cmd.succeeded assert cmd.stdout == '200' +def test_https_pypi_endpoint(server, certificates, server_fqdn): + cmd = server.run(f"{CURL_CMD} --cacert {certificates['ca_certificate']} --write-out '%{{http_code}}' https://{server_fqdn}/pypi/") + assert cmd.succeeded + # Verify route proxies to Pulp: 404 from Pulp confirms correct configuration + # (unconfigured routes return 503) + assert cmd.stdout == '404' + def test_pub_directory_exists(server): pub_dir = server.file(HTTPD_PUB_DIR) assert pub_dir.exists