[dashboard] Cacheable SSL Page Found

Fix proposed to branch: master
Review: https://review.openstack.org/175934

Reviewed: https://review.openstack.org/175934
Committed: https://git.openstack.org/cgit/stackforge/cookbook-openstack-dashboard/commit/?id=9a68087e76d43e6b4870a3e4caedf8284550e4fd
Submitter: Jenkins
Branch: master

commit 9a68087e76d43e6b4870a3e4caedf8284550e4fd
Author: Mark Vanderwiel <email address hidden>
Date: Tue Apr 21 10:20:20 2015 -0500

    Prevent html page caching by default

    Caching html pages could be a security vulnerability, so
    by default prevent this from happening.
    For now just a simple on/off switch, if more flexibility is needed
    here it can be added later.

    Change-Id: Iccf65edee23d55b016201b643c0d187d04ff3c13
    Closes-Bug: #1446701

It seems this is broken at the moment:

Attempting to do just default it's putting it in:
  # Allow custom files to overlay the site (such as logo.png)
  RewriteEngine On
  RewriteCond /opt/dash/site_overlay%{REQUEST_FILENAME} -s
  RewriteRule ^/(.+) /opt/dash/site_overlay/$1 [L]

  ErrorLog /var/log/apache2/openstack-dashboard-error.log
  LogLevel warn
  CustomLog /var/log/apache2/openstack-dashboard-access.log combined
  TraceEnable Off
  SetEnvIfExpr "req('accept') =~/html/" NO_CACHE
  Header merge Cache-Control no-cache env=NO_CACHE
  Header merge Cache-Control no-store env=NO_CACHE
</VirtualHost>

/etc/apache2/sites-enabled/openstack-dashboard.conf (END)

root@controller:~# service apache2 start
 * Starting web server apache2 *
 * The apache2 configtest failed.
Output of config test was:
AH00526: Syntax error on line 56 of /etc/apache2/sites-enabled/openstack-dashboard.conf:
Invalid command 'Header', perhaps misspelled or defined by a module not included in the server configuration
Action 'configtest' failed.
The Apache error log may have more information.

Humm, something has changed in the default module list, module Headers is no longer getting installed by default. I looked at the diffs between the apach2 3.0.0 and 3.1 cookbooks, but don't see what caused this.
Since we're using the Headers directive by default, we should be explicitly enabling that mod, I'll push up a patch for this.

And this is NOT an issue with the new keystone under apache support since is uses the wep_app definition which includes the Headers module explicitly (https://github.com/svanzoest-cookbooks/apache2/blob/master/definitions/web_app.rb#L26).

Yeah it really is an odd oversight. I wonder if there is a way we can get in integration testing to check horizan is up and running; or hell just an apache check maybe?

Yup, we should be able to add something to the repo tests to do something basic, just a wget on the dashboard ports, I'll take a peek into that.

This issue was fixed in the openstack/cookbook-openstack-dashboard ocata-eol release.