From faa39e7a24609eedc5f4ba20043764d3aa0f372f Mon Sep 17 00:00:00 2001 From: Ghanshyam Mann Date: Thu, 15 Feb 2024 14:15:29 -0800 Subject: [PATCH] Retire openstack-chef: remove repo content OpenStack-chef project is retiring - https://review.opendev.org/c/openstack/governance/+/905279 this commit remove the content of this project repo Depends-On: https://review.opendev.org/c/openstack/project-config/+/909134 Change-Id: I0d0eb6f34bac0c95f38f857845212a09ba6aa7c9 --- .delivery/project.toml | 9 - .gitignore | 9 - .rubocop.yml | 4 - .zuul.yaml | 3 - Berksfile | 23 --- LICENSE | 176 ------------------- README.rst | 127 +------------- attributes/conductor_conf.rb | 2 - attributes/default.rb | 150 ----------------- attributes/ironic_conf.rb | 20 --- metadata.rb | 19 --- recipes/api.rb | 95 ----------- recipes/conductor.rb | 39 ----- recipes/default.rb | 1 - recipes/identity_registration.rb | 87 ---------- recipes/ironic-common.rb | 106 ------------ spec/api-rhel_spec.rb | 22 --- spec/api_spec.rb | 171 ------------------- spec/conductor-rhel_spec.rb | 17 -- spec/conductor_spec.rb | 58 ------- spec/identity_registration_spec.rb | 47 ------ spec/ironic-common-rhel_spec.rb | 24 --- spec/ironic-common_spec.rb | 148 ---------------- spec/spec_helper.rb | 206 ----------------------- templates/default/ironic.conf.erb | 12 -- templates/default/rootwrap.conf.erb | 29 ---- templates/default/wsgi-template.conf.erb | 36 ---- 27 files changed, 8 insertions(+), 1632 deletions(-) delete mode 100644 .delivery/project.toml delete mode 100644 .gitignore delete mode 100644 .rubocop.yml delete mode 100644 .zuul.yaml delete mode 100644 Berksfile delete mode 100644 LICENSE delete mode 100644 attributes/conductor_conf.rb delete mode 100644 attributes/default.rb delete mode 100644 attributes/ironic_conf.rb delete mode 100644 metadata.rb delete mode 100644 recipes/api.rb delete mode 100644 recipes/conductor.rb delete mode 100644 recipes/default.rb delete mode 100644 recipes/identity_registration.rb delete mode 100644 recipes/ironic-common.rb delete mode 100644 spec/api-rhel_spec.rb delete mode 100644 spec/api_spec.rb delete mode 100644 spec/conductor-rhel_spec.rb delete mode 100644 spec/conductor_spec.rb delete mode 100644 spec/identity_registration_spec.rb delete mode 100644 spec/ironic-common-rhel_spec.rb delete mode 100644 spec/ironic-common_spec.rb delete mode 100644 spec/spec_helper.rb delete mode 100644 templates/default/ironic.conf.erb delete mode 100644 templates/default/rootwrap.conf.erb delete mode 100644 templates/default/wsgi-template.conf.erb diff --git a/.delivery/project.toml b/.delivery/project.toml deleted file mode 100644 index 4066e55..0000000 --- a/.delivery/project.toml +++ /dev/null @@ -1,9 +0,0 @@ -[local_phases] -unit = 'rspec spec/' -lint = 'cookstyle --display-cop-names --extra-details' -syntax = "berks install -e integration" -provision = "echo skipping" -deploy = "echo skipping" -smoke = "echo skipping" -functional = "echo skipping" -cleanup = "echo skipping" diff --git a/.gitignore b/.gitignore deleted file mode 100644 index 1ac6115..0000000 --- a/.gitignore +++ /dev/null @@ -1,9 +0,0 @@ -.bundle/ -berks-cookbooks/ -.kitchen/ -.vagrant/ -.coverage/ -*.swp -Berksfile.lock -Vagrantfile -Gemfile.lock diff --git a/.rubocop.yml b/.rubocop.yml deleted file mode 100644 index 389f270..0000000 --- a/.rubocop.yml +++ /dev/null @@ -1,4 +0,0 @@ -Chef/Modernize/FoodcriticComments: - Enabled: true -Chef/Style/CopyrightCommentFormat: - Enabled: true diff --git a/.zuul.yaml b/.zuul.yaml deleted file mode 100644 index f578684..0000000 --- a/.zuul.yaml +++ /dev/null @@ -1,3 +0,0 @@ -- project: - templates: - - openstack-chef-jobs diff --git a/Berksfile b/Berksfile deleted file mode 100644 index ad49509..0000000 --- a/Berksfile +++ /dev/null @@ -1,23 +0,0 @@ -source 'https://supermarket.chef.io' - -solver :ruby, :required - -[ - %w(client dep), - %w(-common dep), - %w(-dns integration), - %w(-identity dep), - %w(-image dep), - %w(-integration-test integration), - %w(-network dep), - %w(-ops-database integration), - %w(-ops-messaging integration), -].each do |cookbook, group| - if Dir.exist?("../cookbook-openstack#{cookbook}") - cookbook "openstack#{cookbook}", path: "../cookbook-openstack#{cookbook}", group: group - else - cookbook "openstack#{cookbook}", git: "https://opendev.org/openstack/cookbook-openstack#{cookbook}", group: group - end -end - -metadata diff --git a/LICENSE b/LICENSE deleted file mode 100644 index 68c771a..0000000 --- a/LICENSE +++ /dev/null @@ -1,176 +0,0 @@ - - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - diff --git a/README.rst b/README.rst index 7d135c1..4ee2c5f 100644 --- a/README.rst +++ b/README.rst @@ -1,121 +1,10 @@ -OpenStack Chef Cookbook - bare-metal -==================================== +This project is no longer maintained. -.. image:: https://governance.openstack.org/badges/cookbook-openstack-bare-metal.svg - :target: https://governance.openstack.org/reference/tags/index.html +The contents of this repository are still available in the Git +source code management system. To see the contents of this +repository before it reached its end of life, please check out the +previous commit with "git checkout HEAD^1". -Description -=========== - -This cookbook installs the OpenStack Bare Metal service **Ironic** as -part of the OpenStack reference deployment Chef for OpenStack. The -`OpenStack chef-repo`_ contains documentation for using this cookbook in -the context of a full OpenStack deployment. Nova is currently installed -from packages. - -.. _OpenStack chef-repo: https://opendev.org/openstack/openstack-chef - -https://docs.openstack.org/ironic/latest/ - -Requirements -============ - -- Chef 16 or higher -- Chef Workstation 21.10.640 for testing (also includes Berkshelf for - cookbook dependency resolution) - -Platform -======== - -- ubuntu -- redhat -- centos - -Cookbooks -========= - -The following cookbooks are dependencies: - -- 'apache2', '~> 8.6' -- 'openstack-common', '>= 20.0.0' -- 'openstack-identity', '>= 20.0.0' -- 'openstack-image', '>= 20.0.0' -- 'openstack-network', '>= 20.0.0' - -Attributes -========== - -Please see the extensive inline documentation in ``attributes/*.rb`` for -descriptions of all the settable attributes for this cookbook. - -Note that all attributes are in the ``default['openstack']`` "namespace" - -The usage of attributes to generate the ``ironic.conf`` is described in the -openstack-common cookbook. - -Recipes -======= - -openstack-bare-metal::api -------------------------- - -- Installs the ``ironic-api``, sets up the ironic database - -openstack-bare-metal::conductor -------------------------------- - -- Installs the ``ironic-conductor`` service - -openstack-bare-metal::default ------------------------------ - -- Temp workaround to create ironic db with user - -openstack-bare-metal::identity_registration -------------------------------------------- - -- Registers ironic service/user/endpoints in keystone - -openstack-bare-metal::ironic-common ------------------------------------ - -- Defines the common pieces of repeated code from the other recipes - -License and Author -================== - -+-----------------+---------------------------------------------------+ -| **Author** | Mark Vanderwiel | -+-----------------+---------------------------------------------------+ -| **Author** | Ma Wen Cheng | -+-----------------+---------------------------------------------------+ -| **Author** | Jan Klare | -+-----------------+---------------------------------------------------+ -| **Author** | Jens Harbott | -+-----------------+---------------------------------------------------+ -| **Author** | Lance Albertson | -+-----------------+---------------------------------------------------+ -| **Author** | Samuel Cassiba | -+-----------------+---------------------------------------------------+ - -+-----------------+---------------------------------------------------+ -| **Copyright** | Copyright (c) 2015, IBM, Corp. | -+-----------------+---------------------------------------------------+ -| **Copyright** | Copyright (c) 2019, x-ion GmbH | -+-----------------+---------------------------------------------------+ -| **Copyright** | Copyright (c) 2019-2021, Oregon State University | -+-----------------+---------------------------------------------------+ - -Licensed under the Apache License, Version 2.0 (the "License"); you may -not use this file except in compliance with the License. You may obtain -a copy of the License at - -:: - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. +For any further questions, please email +openstack-discuss@lists.openstack.org or join #openstack-dev on +OFTC. diff --git a/attributes/conductor_conf.rb b/attributes/conductor_conf.rb deleted file mode 100644 index b308e85..0000000 --- a/attributes/conductor_conf.rb +++ /dev/null @@ -1,2 +0,0 @@ -default['openstack']['bare_metal']['conductor']['periodic_max_workers'] = 8 -default['openstack']['bare_metal']['conductor']['workers_pool_size'] = 100 diff --git a/attributes/default.rb b/attributes/default.rb deleted file mode 100644 index 17805cc..0000000 --- a/attributes/default.rb +++ /dev/null @@ -1,150 +0,0 @@ -# -# Cookbook:: openstack-bare-metal -# Attributes:: default -# -# Copyright:: 2015-2021, IBM, Corp -# Copyright:: 2019-2021, Oregon State University -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -# Set to some text value if you want templated config files -# to contain a custom banner at the top of the written file -default['openstack']['bare_metal']['custom_template_banner'] = " -# This file is managed by Chef -# Do not edit, changes will be overwritten -" - -%w(internal public).each do |ep_type| - # host for openstack internal/public bare metal endpoint - default['openstack']['endpoints'][ep_type]['bare_metal']['host'] = '127.0.0.1' - # scheme for openstack internal/public bare metal endpoint - default['openstack']['endpoints'][ep_type]['bare_metal']['scheme'] = 'http' - # port for openstack internal/public bare metal endpoint - default['openstack']['endpoints'][ep_type]['bare_metal']['port'] = 6385 - # path for openstack internal/public bare metal endpoint - default['openstack']['endpoints'][ep_type]['bare_metal']['path'] = '' -end - -default['openstack']['bare_metal']['verbose'] = 'false' -default['openstack']['bare_metal']['debug'] = 'false' - -# Maximum number of worker threads that can be started -# simultaneously by a periodic task. Should be less than RPC -# thread pool size. (integer value) -default['openstack']['bare_metal']['conductor']['periodic_max_workers'] = 8 - -# The size of the workers greenthread pool. (integer value) -default['openstack']['bare_metal']['conductor']['workers_pool_size'] = 100 - -# Common rpc definitions -default['openstack']['bare_metal']['rpc_thread_pool_size'] = 64 -default['openstack']['bare_metal']['rpc_conn_pool_size'] = 30 -default['openstack']['bare_metal']['rpc_response_timeout'] = 60 - -# The name of the Chef role that knows about the message queue server -# that Ironic uses -default['openstack']['bare_metal']['rabbit_server_chef_role'] = 'os-ops-messaging' - -default['openstack']['bare_metal']['rpc_backend'] = 'rabbit' - -# Logging stuff -default['openstack']['bare_metal']['log_dir'] = '/var/log/ironic' - -default['openstack']['bare_metal']['syslog']['use'] = false -default['openstack']['bare_metal']['syslog']['facility'] = 'LOG_LOCAL1' -default['openstack']['bare_metal']['syslog']['config_facility'] = 'local1' - -default['openstack']['bare_metal']['region'] = node['openstack']['region'] - -# Keystone settings -default['openstack']['bare_metal']['api']['auth_strategy'] = 'keystone' - -# Whether to allow the client to perform insecure SSL (https) requests -default['openstack']['bare_metal']['api']['auth']['insecure'] = false - -default['openstack']['bare_metal']['service_user'] = 'ironic' -default['openstack']['bare_metal']['project'] = 'service' -default['openstack']['bare_metal']['service_role'] = 'service' -default['openstack']['bare_metal']['service_name'] = 'ironic' -default['openstack']['bare_metal']['service_type'] = 'bare_metal' - -default['openstack']['bare_metal']['user'] = 'ironic' -default['openstack']['bare_metal']['group'] = 'ironic' - -# Setup the tftp variables -default['openstack']['bare_metal']['tftp']['enabled'] = false -# IP address of Ironic compute node's tftp server -default['openstack']['bare_metal']['tftp']['server'] = '127.0.0.1' -# Ironic compute node's tftp root path -default['openstack']['bare_metal']['tftp']['root_path'] = '/var/lib/tftpboot' -# Directory where master tftp images are stored on disk -default['openstack']['bare_metal']['tftp']['master_path'] = "#{node['openstack']['bare_metal']['tftp']['root_path']}/master_images" - -# Ironic WSGI app SSL settings -default['openstack']['bare_metal']['ssl']['enabled'] = false -default['openstack']['bare_metal']['ssl']['certfile'] = '' -default['openstack']['bare_metal']['ssl']['chainfile'] = '' -default['openstack']['bare_metal']['ssl']['keyfile'] = '' -default['openstack']['bare_metal']['ssl']['ca_certs_path'] = '' -default['openstack']['bare_metal']['ssl']['cert_required'] = false -default['openstack']['bare_metal']['ssl']['protocol'] = '' -default['openstack']['bare_metal']['ssl']['ciphers'] = '' - -case node['platform_family'] -when 'fedora', 'rhel' - default['openstack']['bare_metal']['platform'] = { - 'ironic_api_packages' => %w(openstack-ironic-api), - 'ironic_api_service' => 'openstack-ironic-api', - 'ironic_conductor_packages' => %w(openstack-ironic-conductor ipmitool), - 'ironic_conductor_service' => 'openstack-ironic-conductor', - 'ironic_common_packages' => node['platform_version'].to_i >= 8 ? %w(openstack-ironic-common python3-ironicclient) : %w(openstack-ironic-common python-ironicclient), - } -when 'debian' - default['openstack']['bare_metal']['platform'] = { - 'ironic_api_packages' => ['ironic-api'], - 'ironic_api_service' => 'ironic-api', - 'ironic_conductor_packages' => %w(ironic-conductor ipmitool), - 'ironic_conductor_service' => 'ironic-conductor', - 'ironic_common_packages' => - %w( - python3-ironic - python3-ironic-lib - python3-ironicclient - ironic-common - ), - } -end - -# ******************** OpenStack Bare Metal Endpoints ***************************** - -# The OpenStack Bare Metal (Ironic) API endpoint -%w(public internal).each do |ep_type| - default['openstack']['endpoints'][ep_type]['bare_metal']['scheme'] = 'http' - default['openstack']['endpoints'][ep_type]['bare_metal']['path'] = '' - default['openstack']['endpoints'][ep_type]['bare_metal']['host'] = '127.0.0.1' - default['openstack']['endpoints'][ep_type]['bare_metal']['port'] = '6385' -end -default['openstack']['bind_service']['all']['bare_metal']['host'] = '127.0.0.1' -default['openstack']['bind_service']['all']['bare_metal']['port'] = '6385' -# ============================= rootwrap Configuration =================== -# use ironic root wrap -default['openstack']['bare_metal']['use_rootwrap'] = true -# rootwrap.conf -default['openstack']['bare_metal']['rootwrap']['conf'].tap do |conf| - conf['DEFAULT']['filters_path'] = '/etc/ironic/rootwrap.d,/usr/share/ironic/rootwrap' - conf['DEFAULT']['exec_dirs'] = '/sbin,/usr/sbin,/bin,/usr/bin' - conf['DEFAULT']['use_syslog'] = false - conf['DEFAULT']['syslog_log_facility'] = 'syslog' - conf['DEFAULT']['syslog_log_level'] = 'ERROR' -end diff --git a/attributes/ironic_conf.rb b/attributes/ironic_conf.rb deleted file mode 100644 index a93e839..0000000 --- a/attributes/ironic_conf.rb +++ /dev/null @@ -1,20 +0,0 @@ -default['openstack']['bare_metal']['conf_secrets'] = {} - -default['openstack']['bare_metal']['conf'].tap do |conf| - if node['openstack']['bare_metal']['syslog']['use'] - conf['DEFAULT']['log_config'] = '/etc/openstack/logging.conf' - end - conf['DEFAULT']['auth_strategy'] = 'keystone' - conf['DEFAULT']['control_exchange'] = 'ironic' - conf['DEFAULT']['glance_api_version'] = '2' - conf['DEFAULT']['state_path'] = '/var/lib/ironic' - - conf['keystone_authtoken']['auth_type'] = 'password' - conf['keystone_authtoken']['region_name'] = node['openstack']['region'] - conf['keystone_authtoken']['username'] = 'ironic' - conf['keystone_authtoken']['project_name'] = 'service' - conf['keystone_authtoken']['user_domain_name'] = 'Default' - conf['keystone_authtoken']['project_domain_name'] = 'Default' - - conf['oslo_concurrency']['lock_path'] = '/var/lib/cinder/tmp' -end diff --git a/metadata.rb b/metadata.rb deleted file mode 100644 index b5c7e04..0000000 --- a/metadata.rb +++ /dev/null @@ -1,19 +0,0 @@ -name 'openstack-bare-metal' -maintainer 'openstack-chef' -maintainer_email 'openstack-discuss@lists.openstack.org' -license 'Apache-2.0' -description 'Installs/Configures OpenStack Bare Metal service Ironic' -version '20.0.0' -issues_url 'https://launchpad.net/openstack-chef' -source_url 'https://opendev.org/openstack/cookbook-openstack-bare-metal' -chef_version '>= 16.0' - -%w(ubuntu redhat centos).each do |os| - supports os -end - -depends 'apache2', '~> 8.6' -depends 'openstack-common', '>= 20.0.0' -depends 'openstack-identity', '>= 20.0.0' -depends 'openstack-image', '>= 20.0.0' -depends 'openstack-network', '>= 20.0.0' diff --git a/recipes/api.rb b/recipes/api.rb deleted file mode 100644 index 2438b85..0000000 --- a/recipes/api.rb +++ /dev/null @@ -1,95 +0,0 @@ -# -# Cookbook:: openstack-bare-metal -# Recipe:: api -# -# Copyright:: 2015-2021, IBM Corp. -# Copyright:: 2020-2021, Oregon State University -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -class ::Chef::Recipe - include ::Openstack - include Apache2::Cookbook::Helpers -end - -include_recipe 'openstack-bare-metal::ironic-common' - -platform_options = node['openstack']['bare_metal']['platform'] - -package platform_options['ironic_api_packages'] do - action :upgrade -end - -service 'ironic-api' do - service_name platform_options['ironic_api_service'] - action [:disable, :stop] -end - -execute 'ironic db sync' do - command 'ironic-dbsync --config-file /etc/ironic/ironic.conf upgrade' - user 'root' - group 'root' -end - -# remove the ironic-wsgi.conf automatically generated from package -apache2_conf 'ironic-wsgi' do - action :disable -end - -bind_service = node['openstack']['bind_service']['all']['bare_metal'] - -# Finds and appends the listen port to the apache2_install[openstack] -# resource which is defined in openstack-identity::server-apache. -apache_resource = find_resource(:apache2_install, 'openstack') - -if apache_resource - apache_resource.listen = [apache_resource.listen, "#{bind_service['host']}:#{bind_service['port']}"].flatten -else - apache2_install 'openstack' do - listen "#{bind_service['host']}:#{bind_service['port']}" - end -end - -# service['apache2'] is defined in the apache2_default_install resource -# but other resources are currently unable to reference it. To work -# around this issue, define the following helper in your cookbook: -service 'apache2' do - extend Apache2::Cookbook::Helpers - service_name lazy { apache_platform_service_name } - supports restart: true, status: true, reload: true - action :nothing -end - -apache2_mod_wsgi 'bare-metal' -apache2_module 'ssl' if node['openstack']['bare_metal']['ssl']['enabled'] - -template "#{apache_dir}/sites-available/ironic-api.conf" do - extend Apache2::Cookbook::Helpers - source 'wsgi-template.conf.erb' - variables( - daemon_process: 'ironic-wsgi', - server_host: bind_service['host'], - server_port: bind_service['port'], - server_entry: '/usr/bin/ironic-api-wsgi', - log_dir: default_log_dir, - run_dir: lock_dir, - user: node['openstack']['bare_metal']['user'], - group: node['openstack']['bare_metal']['group'] - ) - notifies :restart, 'service[apache2]' -end - -apache2_site 'ironic-api' do - notifies :restart, 'service[apache2]', :immediately -end diff --git a/recipes/conductor.rb b/recipes/conductor.rb deleted file mode 100644 index c618adb..0000000 --- a/recipes/conductor.rb +++ /dev/null @@ -1,39 +0,0 @@ -# -# Cookbook:: openstack-bare-metal -# Recipe:: conductor -# -# Copyright:: 2015-2021, IBM Corp. -# Copyright:: 2020-2021, Oregon State University -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -class ::Chef::Recipe - include ::Openstack -end - -include_recipe 'openstack-bare-metal::ironic-common' - -platform_options = node['openstack']['bare_metal']['platform'] - -package platform_options['ironic_conductor_packages'] do - action :upgrade - notifies :restart, 'service[ironic-conductor]', :delayed -end - -service 'ironic-conductor' do - service_name platform_options['ironic_conductor_service'] - supports status: true, restart: true - action [:enable, :start] - subscribes :restart, 'template[/etc/ironic/ironic.conf]' -end diff --git a/recipes/default.rb b/recipes/default.rb deleted file mode 100644 index 8b13789..0000000 --- a/recipes/default.rb +++ /dev/null @@ -1 +0,0 @@ - diff --git a/recipes/identity_registration.rb b/recipes/identity_registration.rb deleted file mode 100644 index 811486e..0000000 --- a/recipes/identity_registration.rb +++ /dev/null @@ -1,87 +0,0 @@ -# -# Cookbook:: openstack-bare-metal -# Recipe:: identity_registration -# -# Copyright:: 2015-2021, IBM, Inc. -# Copyright:: 2019-2021, Oregon State University -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -class ::Chef::Recipe - include ::Openstack -end - -identity_endpoint = internal_endpoint 'identity' -auth_url = identity_endpoint.to_s - -interfaces = { - public: { url: public_endpoint('bare_metal') }, - internal: { url: internal_endpoint('bare_metal') }, -} -service_pass = get_password 'service', 'openstack-bare-metal' -region = node['openstack']['bare_metal']['region'] -service_project_name = node['openstack']['bare_metal']['conf']['keystone_authtoken']['project_name'] -service_user = node['openstack']['bare_metal']['service_user'] -admin_user = node['openstack']['identity']['admin_user'] -admin_pass = get_password 'user', node['openstack']['identity']['admin_user'] -admin_project = node['openstack']['identity']['admin_project'] -admin_domain = node['openstack']['identity']['admin_domain_name'] -# TODO(ramereth): commenting this out until -# https://github.com/fog/fog-openstack/pull/494 gets merged and released. -# endpoint_type = node['openstack']['identity']['endpoint_type'] -service_domain_name = node['openstack']['bare_metal']['conf']['keystone_authtoken']['user_domain_name'] -service_role = node['openstack']['bare_metal']['service_role'] -service_name = node['openstack']['bare_metal']['service_name'] -service_type = node['openstack']['bare_metal']['service_type'] - -connection_params = { - openstack_auth_url: auth_url, - openstack_username: admin_user, - openstack_api_key: admin_pass, - openstack_project_name: admin_project, - openstack_domain_name: admin_domain, - # openstack_endpoint_type: endpoint_type, -} - -# Register Bare Metal Service -openstack_service service_name do - type service_type - connection_params connection_params -end - -interfaces.each do |interface, res| - # Register Bare Metal Endpoints - openstack_endpoint service_type do - service_name service_name - interface interface.to_s - url res[:url].to_s - region region - connection_params connection_params - end -end - -# Register Service Project -openstack_project service_project_name do - connection_params connection_params -end - -# Register Service User -openstack_user service_user do - project_name service_project_name - domain_name service_domain_name - role_name service_role - password service_pass - connection_params connection_params - action [:create, :grant_role] -end diff --git a/recipes/ironic-common.rb b/recipes/ironic-common.rb deleted file mode 100644 index 4eecdc1..0000000 --- a/recipes/ironic-common.rb +++ /dev/null @@ -1,106 +0,0 @@ -# -# Cookbook:: openstack-bare-metal -# Recipe:: ironic-common -# -# Copyright:: 2015-2021, IBM Corp. -# Copyright:: 2020-2021, Oregon State University -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -class ::Chef::Recipe - include ::Openstack -end - -if node['openstack']['bare_metal']['syslog']['use'] - include_recipe 'openstack-common::logging' -end - -platform_options = node['openstack']['bare_metal']['platform'] - -package platform_options['ironic_common_packages'] do - action :upgrade -end - -db_type = node['openstack']['db']['bare_metal']['service_type'] -package node['openstack']['db']['python_packages'][db_type] do - action :upgrade -end - -db_user = node['openstack']['db']['bare_metal']['username'] -db_pass = get_password 'db', 'ironic' - -node.default['openstack']['bare_metal']['conf_secrets'] - .[]('database')['connection'] = - db_uri('bare_metal', db_user, db_pass) -if node['openstack']['endpoints']['db']['enabled_slave'] - node.default['openstack']['bare_metal']['conf_secrets'] - .[]('database')['slave_connection'] = - db_uri('bare_metal', db_user, db_pass, true) -end - -if node['openstack']['mq']['service_type'] == 'rabbit' - node.default['openstack']['bare_metal']['conf_secrets']['DEFAULT']['transport_url'] = - rabbit_transport_url 'bare_metal' -end - -identity_endpoint = internal_endpoint 'identity' -node.default['openstack']['bare_metal']['conf_secrets'] - .[]('keystone_authtoken')['password'] = - get_password 'service', 'openstack-bare-metal' -auth_url = identity_endpoint.to_s - -node.default['openstack']['bare_metal']['conf'].tap do |conf| - conf['keystone_authtoken']['auth_url'] = auth_url -end - -# merge all config options and secrets to be used in ironic.conf -ironic_conf_options = merge_config_options 'bare_metal' - -directory '/etc/ironic' do - owner node['openstack']['bare_metal']['user'] - group node['openstack']['bare_metal']['group'] - mode '750' -end - -template '/etc/ironic/ironic.conf' do - source 'ironic.conf.erb' - owner node['openstack']['bare_metal']['user'] - group node['openstack']['bare_metal']['group'] - sensitive true - mode '640' - variables( - service_config: ironic_conf_options - ) -end - -# delete all secrets saved in the attribute -# node['openstack']['bare_metal']['conf_secrets'] after creating the config file -ruby_block "delete all attributes in node['openstack']['bare_metal']['conf_secrets']" do - block do - node.rm(:openstack, :bare_metal, :conf_secrets) - end -end - -if node['openstack']['bare_metal']['use_rootwrap'] - template '/etc/ironic/rootwrap.conf' do - source 'openstack-service.conf.erb' - cookbook 'openstack-common' - owner 'root' - group 'root' - mode '644' - variables( - service_config: node['openstack']['bare_metal']['rootwrap']['conf'] - ) - end -end diff --git a/spec/api-rhel_spec.rb b/spec/api-rhel_spec.rb deleted file mode 100644 index 268c36b..0000000 --- a/spec/api-rhel_spec.rb +++ /dev/null @@ -1,22 +0,0 @@ -require_relative 'spec_helper' - -describe 'openstack-bare-metal::api' do - ALL_RHEL.each do |p| - context "redhat #{p[:version]}" do - let(:runner) { ChefSpec::SoloRunner.new(p) } - let(:node) { runner.node } - cached(:chef_run) { runner.converge(described_recipe) } - - include_context 'bare-metal-stubs' - - it do - expect(chef_run).to upgrade_package %w(openstack-ironic-api) - end - - it do - expect(chef_run).to disable_service('ironic-api').with(service_name: 'openstack-ironic-api') - expect(chef_run).to stop_service('ironic-api').with(service_name: 'openstack-ironic-api') - end - end - end -end diff --git a/spec/api_spec.rb b/spec/api_spec.rb deleted file mode 100644 index 9fa1609..0000000 --- a/spec/api_spec.rb +++ /dev/null @@ -1,171 +0,0 @@ -# -# Cookbook:: openstack-bare-metal -# Spec:: api_spec -# -# Copyright:: 2015-2021, IBM Corp. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -require_relative 'spec_helper' - -describe 'openstack-bare-metal::api' do - describe 'ubuntu' do - let(:runner) { ChefSpec::SoloRunner.new(UBUNTU_OPTS) } - let(:node) { runner.node } - cached(:chef_run) { runner.converge(described_recipe) } - - include_context 'bare-metal-stubs' - - it 'includes ironic common recipe' do - expect(chef_run).to include_recipe('openstack-bare-metal::ironic-common') - end - - it do - expect(chef_run).to upgrade_package('ironic-api') - end - - it do - expect(chef_run).to disable_service('ironic-api').with(service_name: 'ironic-api') - expect(chef_run).to stop_service('ironic-api').with(service_name: 'ironic-api') - end - - it 'runs db migrations' do - expect(chef_run).to run_execute('ironic db sync').with(user: 'root', group: 'root') - end - - it do - expect(chef_run).to install_apache2_install('openstack').with(listen: %w(127.0.0.1:6385)) - end - - it do - expect(chef_run).to create_apache2_mod_wsgi 'bare-metal' - end - - it do - expect(chef_run).to_not enable_apache2_module('ssl') - end - - it do - expect(chef_run).to create_template('/etc/apache2/sites-available/ironic-api.conf').with( - source: 'wsgi-template.conf.erb', - variables: { - daemon_process: 'ironic-wsgi', - group: 'ironic', - log_dir: '/var/log/apache2', - run_dir: '/var/lock', - server_entry: '/usr/bin/ironic-api-wsgi', - server_host: '127.0.0.1', - server_port: '6385', - user: 'ironic', - } - ) - end - [ - /$/, - /WSGIDaemonProcess ironic-wsgi processes=2 threads=10 user=ironic group=ironic display-name=%{GROUP}$/, - /WSGIProcessGroup ironic-wsgi$/, - %r{WSGIScriptAlias / /usr/bin/ironic-api-wsgi$}, - /WSGIApplicationGroup %{GLOBAL}$/, - %r{ErrorLog /var/log/apache2/ironic-wsgi_error.log$}, - %r{CustomLog /var/log/apache2/ironic-wsgi_access.log combined$}, - %r{WSGISocketPrefix /var/lock$}, - ].each do |line| - it do - expect(chef_run).to render_file('/etc/apache2/sites-available/ironic-api.conf').with_content(line) - end - end - - [ - /SSLEngine On$/, - /SSLCertificateFile/, - /SSLCertificateKeyFile/, - /SSLCACertificatePath/, - /SSLCertificateChainFile/, - /SSLProtocol/, - /SSLCipherSuite/, - /SSLVerifyClient require/, - ].each do |line| - it do - expect(chef_run).to_not render_file('/etc/apache2/sites-available/ironic-api.conf').with_content(line) - end - end - - context 'Enable SSL' do - cached(:chef_run) do - node.override['openstack']['bare_metal']['ssl']['enabled'] = true - node.override['openstack']['bare_metal']['ssl']['certfile'] = 'ssl.cert' - node.override['openstack']['bare_metal']['ssl']['keyfile'] = 'ssl.key' - node.override['openstack']['bare_metal']['ssl']['ca_certs_path'] = 'ca_certs_path' - node.override['openstack']['bare_metal']['ssl']['protocol'] = 'ssl_protocol_value' - runner.converge(described_recipe) - end - - it do - expect(chef_run).to enable_apache2_module('ssl') - end - - [ - /SSLEngine On$/, - /SSLCertificateFile ssl.cert$/, - /SSLCertificateKeyFile ssl.key$/, - /SSLCACertificatePath ca_certs_path$/, - /SSLProtocol ssl_protocol_value$/, - ].each do |line| - it do - expect(chef_run).to render_file('/etc/apache2/sites-available/ironic-api.conf').with_content(line) - end - end - [ - /SSLCipherSuite/, - /SSLCertificateChainFile/, - /SSLVerifyClient require/, - ].each do |line| - it do - expect(chef_run).to_not render_file('/etc/apache2/sites-available/ironic-api.conf').with_content(line) - end - end - context 'Enable chainfile, ciphers & cert_required' do - cached(:chef_run) do - node.override['openstack']['bare_metal']['ssl']['enabled'] = true - node.override['openstack']['bare_metal']['ssl']['ciphers'] = 'ssl_ciphers_value' - node.override['openstack']['bare_metal']['ssl']['chainfile'] = 'chainfile' - node.override['openstack']['bare_metal']['ssl']['cert_required'] = true - runner.converge(described_recipe) - end - [ - /SSLCipherSuite ssl_ciphers_value$/, - /SSLCertificateChainFile chainfile$/, - /SSLVerifyClient require/, - ].each do |line| - it do - expect(chef_run).to render_file('/etc/apache2/sites-available/ironic-api.conf').with_content(line) - end - end - end - end - - it do - expect(chef_run.template('/etc/apache2/sites-available/ironic-api.conf')).to \ - notify('service[apache2]').to(:restart) - end - - it do - expect(chef_run).to enable_apache2_site('ironic-api') - end - - it do - expect(chef_run.apache2_site('ironic-api')).to notify('service[apache2]').to(:restart).immediately - end - end -end diff --git a/spec/conductor-rhel_spec.rb b/spec/conductor-rhel_spec.rb deleted file mode 100644 index 58d8486..0000000 --- a/spec/conductor-rhel_spec.rb +++ /dev/null @@ -1,17 +0,0 @@ -require_relative 'spec_helper' - -describe 'openstack-bare-metal::conductor' do - ALL_RHEL.each do |p| - context "redhat #{p[:version]}" do - let(:runner) { ChefSpec::SoloRunner.new(p) } - let(:node) { runner.node } - cached(:chef_run) { runner.converge(described_recipe) } - - include_context 'bare-metal-stubs' - - it do - expect(chef_run).to upgrade_package %w(openstack-ironic-conductor ipmitool) - end - end - end -end diff --git a/spec/conductor_spec.rb b/spec/conductor_spec.rb deleted file mode 100644 index 09d6d3b..0000000 --- a/spec/conductor_spec.rb +++ /dev/null @@ -1,58 +0,0 @@ -# -# Cookbook:: openstack-bare-metal -# Spec:: conductor_spec -# -# Copyright:: 2015-2021, IBM Corp. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -require_relative 'spec_helper' - -describe 'openstack-bare-metal::conductor' do - describe 'ubuntu' do - let(:runner) { ChefSpec::SoloRunner.new(UBUNTU_OPTS) } - let(:node) { runner.node } - cached(:chef_run) { runner.converge(described_recipe) } - - include_context 'bare-metal-stubs' - - it 'includes ironic common recipe' do - expect(chef_run).to include_recipe('openstack-bare-metal::ironic-common') - end - - it do - expect(chef_run).to upgrade_package %w(ironic-conductor ipmitool) - end - - describe 'ironic-conductor packages' do - let(:package) { chef_run.package(%w(ironic-conductor ipmitool)) } - - it 'sends a notification to the service' do - expect(package).to notify('service[ironic-conductor]').to(:restart).delayed - end - end - - it 'enables ironic conductor on boot' do - expect(chef_run).to enable_service('ironic-conductor') - end - - describe 'ironic-conductor' do - let(:service) { chef_run.service('ironic-conductor') } - - it 'subscribes to the template creation' do - expect(service).to subscribe_to('template[/etc/ironic/ironic.conf]') - end - end - end -end diff --git a/spec/identity_registration_spec.rb b/spec/identity_registration_spec.rb deleted file mode 100644 index 26e7c23..0000000 --- a/spec/identity_registration_spec.rb +++ /dev/null @@ -1,47 +0,0 @@ -require_relative 'spec_helper' - -describe 'openstack-bare-metal::identity_registration' do - describe 'ubuntu' do - let(:runner) { ChefSpec::SoloRunner.new(UBUNTU_OPTS) } - let(:node) { runner.node } - cached(:chef_run) { runner.converge(described_recipe) } - - include_context 'bare-metal-stubs' - - connection_params = { - openstack_auth_url: 'http://127.0.0.1:5000/v3', - openstack_username: 'admin', - openstack_api_key: 'admin_test_pass', - openstack_project_name: 'admin', - openstack_domain_name: 'default', - # openstack_endpoint_type: 'internalURL', - } - service_name = 'bare_metal' - service_project = 'ironic' - service_user = 'ironic' - - it "registers #{service_name} service" do - expect(chef_run).to create_openstack_service( - service_project - ).with( - connection_params: connection_params - ) - end - - it "registers #{service_name} endpoint" do - expect(chef_run).to create_openstack_endpoint( - service_name - ).with( - connection_params: connection_params - ) - end - - it "registers #{service_name} user" do - expect(chef_run).to create_openstack_user( - service_user - ).with( - connection_params: connection_params - ) - end - end -end diff --git a/spec/ironic-common-rhel_spec.rb b/spec/ironic-common-rhel_spec.rb deleted file mode 100644 index 820028b..0000000 --- a/spec/ironic-common-rhel_spec.rb +++ /dev/null @@ -1,24 +0,0 @@ -require_relative 'spec_helper' - -describe 'openstack-bare-metal::ironic-common' do - ALL_RHEL.each do |p| - context "redhat #{p[:version]}" do - let(:runner) { ChefSpec::SoloRunner.new(p) } - let(:node) { runner.node } - cached(:chef_run) { runner.converge(described_recipe) } - - include_context 'bare-metal-stubs' - - case p - when REDHAT_7 - it do - expect(chef_run).to upgrade_package %w(openstack-ironic-common python-ironicclient) - end - when REDHAT_8 - it do - expect(chef_run).to upgrade_package %w(openstack-ironic-common python3-ironicclient) - end - end - end - end -end diff --git a/spec/ironic-common_spec.rb b/spec/ironic-common_spec.rb deleted file mode 100644 index e1347cb..0000000 --- a/spec/ironic-common_spec.rb +++ /dev/null @@ -1,148 +0,0 @@ -# -# Cookbook:: openstack-bare-metal -# Spec:: ironic_common_spec -# -# Copyright:: 2015-2021, IBM Corp. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -require_relative 'spec_helper' - -describe 'openstack-bare-metal::ironic-common' do - describe 'ubuntu' do - let(:runner) { ChefSpec::SoloRunner.new(UBUNTU_OPTS) } - let(:node) { runner.node } - cached(:chef_run) { runner.converge(described_recipe) } - - include_context 'bare-metal-stubs' - - it do - expect(chef_run).to upgrade_package %w(python3-ironic python3-ironic-lib python3-ironicclient ironic-common) - end - - describe '/etc/ironic' do - let(:dir) { chef_run.directory('/etc/ironic') } - - it 'should create the /etc/ironic directory' do - expect(chef_run).to create_directory(dir.name).with( - user: 'ironic', - group: 'ironic', - mode: '750' - ) - end - end - - describe 'ironic.conf' do - let(:file) { chef_run.template('/etc/ironic/ironic.conf') } - let(:test_pass) { 'test_pass' } - before do - allow_any_instance_of(Chef::Recipe).to receive(:get_password) - .with('user', anything) - .and_return(test_pass) - end - - it 'should create the ironic.conf template' do - expect(chef_run).to create_template(file.name).with( - source: 'ironic.conf.erb', - user: 'ironic', - group: 'ironic', - mode: '640', - sensitive: true - ) - end - - it '[DEFAULT]' do - [ - /^auth_strategy = keystone$/, - /^control_exchange = ironic$/, - /^glance_api_version = 2$/, - %r{^state_path = /var/lib/ironic$}, - %r{^transport_url = rabbit://guest:mypass@127.0.0.1:5672$}, - ].each do |line| - expect(chef_run).to render_config_file(file.name).with_section_content('DEFAULT', line) - end - end - it '[keystone_authtoken]' do - [ - /^auth_type = password$/, - /^region_name = RegionOne$/, - /^username = ironic$/, - /^project_name = service$/, - /^user_domain_name = Default$/, - /^project_domain_name = Default$/, - %r{^auth_url = http://127.0.0.1:5000/v3$}, - /^password = ironic_pass$/, - ].each do |line| - expect(chef_run).to render_config_file(file.name).with_section_content('keystone_authtoken', line) - end - end - it '[oslo_concurrency]' do - [ - %r{^lock_path = /var/lib/cinder/tmp$}, - ].each do |line| - expect(chef_run).to render_config_file(file.name).with_section_content('oslo_concurrency', line) - end - end - - context 'template contents' do - cached(:chef_run) do - node.override['openstack']['bare_metal']['syslog']['use'] = true - runner.converge(described_recipe) - end - before do - allow_any_instance_of(Chef::Recipe).to receive(:db_uri) - .and_return('sql_connection_value') - end - - context 'syslog use' do - it 'sets the log_config value when syslog is in use' do - expect(chef_run).to render_file(file.name) - .with_content(%r{^log_config = /etc/openstack/logging.conf$}) - end - end - - it 'has a db connection attribute' do - expect(chef_run).to render_config_file(file.name) - .with_section_content('database', /^connection = sql_connection_value$/) - end - end - end - - describe 'rootwrap.conf' do - let(:file) { chef_run.template('/etc/ironic/rootwrap.conf') } - - it 'should create the /etc/ironic/rootwrap.conf file' do - expect(chef_run).to create_template(file.name).with( - user: 'root', - group: 'root', - mode: '644' - ) - end - - context 'template contents' do - it 'sets the default attributes' do - [ - %r{^filters_path = /etc/ironic/rootwrap.d,/usr/share/ironic/rootwrap$}, - %r{^exec_dirs = /sbin,/usr/sbin,/bin,/usr/bin$}, - /^use_syslog = false$/, - /^syslog_log_facility = syslog$/, - /^syslog_log_level = ERROR$/, - ].each do |line| - expect(chef_run).to render_config_file(file.name).with_section_content('DEFAULT', line) - end - end - end - end - end -end diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb deleted file mode 100644 index 6fd716f..0000000 --- a/spec/spec_helper.rb +++ /dev/null @@ -1,206 +0,0 @@ -require 'chefspec' -require 'chefspec/berkshelf' -require 'chef/application' - -RSpec.configure do |config| - config.color = true - config.formatter = :documentation - config.log_level = :warn -end - -REDHAT_7 = { - platform: 'redhat', - version: '7', -}.freeze - -REDHAT_8 = { - platform: 'redhat', - version: '8', -}.freeze - -ALL_RHEL = [ - REDHAT_7, - REDHAT_8, -].freeze - -UBUNTU_OPTS = { - platform: 'ubuntu', - version: '18.04', -}.freeze - -shared_context 'bare-metal-stubs' do - before do - allow_any_instance_of(Chef::Recipe).to receive(:rabbit_servers) - .and_return('1.1.1.1:5672,2.2.2.2:5672') - allow_any_instance_of(Chef::Recipe).to receive(:get_password) - .with('service', anything) - .and_return('') - allow_any_instance_of(Chef::Recipe).to receive(:get_password) - .with('db', anything) - .and_return('') - allow_any_instance_of(Chef::Recipe).to receive(:get_password) - .with('user', 'guest') - .and_return('mq-pass') - allow_any_instance_of(Chef::Recipe).to receive(:get_password) - .with('user', 'admin') - .and_return('admin_test_pass') - allow_any_instance_of(Chef::Recipe).to receive(:get_password) - .with('service', 'openstack-bare-metal') - .and_return('ironic_pass') - allow_any_instance_of(Chef::Recipe).to receive(:rabbit_transport_url) - .with('bare_metal') - .and_return('rabbit://guest:mypass@127.0.0.1:5672') - stub_command('/usr/sbin/httpd -t').and_return(true) - stub_command('/usr/sbin/apache2 -t').and_return(true) - allow_any_instance_of(Chef::Recipe).to receive(:memcached_servers).and_return [] - allow(Chef::Application).to receive(:fatal!) - # identity stubs - allow_any_instance_of(Chef::Recipe).to receive(:secret) - .with('secrets', 'credential_key0') - .and_return('thisiscredentialkey0') - allow_any_instance_of(Chef::Recipe).to receive(:secret) - .with('secrets', 'credential_key1') - .and_return('thisiscredentialkey1') - allow_any_instance_of(Chef::Recipe).to receive(:secret) - .with('secrets', 'fernet_key0') - .and_return('thisisfernetkey0') - allow_any_instance_of(Chef::Recipe).to receive(:secret) - .with('secrets', 'fernet_key1') - .and_return('thisisfernetkey1') - allow_any_instance_of(Chef::Recipe).to receive(:search_for) - .with('os-identity').and_return( - [{ - 'openstack' => { - 'identity' => { - 'admin_tenant_name' => 'admin', - 'admin_user' => 'admin', - }, - }, - }] - ) - allow_any_instance_of(Chef::Recipe).to receive(:memcached_servers) - .and_return([]) - allow_any_instance_of(Chef::Recipe).to receive(:rabbit_transport_url) - .with('identity') - .and_return('rabbit://openstack:mypass@127.0.0.1:5672') - allow_any_instance_of(Chef::Recipe).to receive(:get_password) - .with('db', 'keystone') - .and_return('test-passes') - end -end - -shared_examples 'expect runs openstack common logging recipe' do - it 'runs logging recipe if node attributes say to' do - expect(chef_run).to include_recipe 'openstack-common::logging' - end -end - -shared_examples 'expect installs common ironic package' do - it 'installs the openstack-ironic common package' do - expect(chef_run).to upgrade_package 'openstack-ironic-common' - end -end - -shared_examples 'expect installs mysql package' do - it 'installs mysql python packages by default' do - expect(chef_run).to upgrade_package 'MySQL-python' - end -end - -shared_examples 'expect runs db migrations' do - it 'runs db migrations' do - expect(chef_run).to run_execute('ironic-dbsync').with(user: 'ironic', group: 'ironic') - end -end - -shared_examples 'expects to create ironic directories' do - it 'creates /etc/ironic' do - expect(chef_run).to create_directory('/etc/ironic').with( - owner: 'ironic', - group: 'ironic', - mode: '750' - ) - end -end - -shared_examples 'expects to create ironic conf' do - describe 'ironic.conf' do - let(:file) { chef_run.template('/etc/ironic/ironic.conf') } - - it 'creates the ironic.conf file' do - expect(chef_run).to create_template(file.name).with( - owner: 'ironic', - group: 'ironic', - mode: '640' - ) - end - - it 'sets auth_encryption_key' do - expect(chef_run).to render_config_file(file.name).with_section_content('DEFAULT', /^auth_encryption_key = auth_encryption_key_secret$/) - end - - describe 'default values' - it 'has default conf values' do - [ - %r{^log_dir = /var/log/ironic$}, - /^region_name_for_services = RegionOne$/, - ].each do |line| - expect(chef_run).to render_config_file(file.name).with_section_content('DEFAULT', line) - end - end - - it 'sets database connection value' do - expect(chef_run).to render_config_file(file.name).with_section_content( - 'database', %r{^connection = mysql\+pymysql://ironic:ironic@127.0.0.1:3306/ironic\?charset=utf8$} - ) - end - end - - describe 'has oslo_messaging_rabbit values' do - it 'has default rabbit values' do - [ - %r{^transport_url = rabbit://guest:mypass@127.0.0.1:5672$}, - ].each do |line| - expect(chef_run).to render_config_file(file.name).with_section_content('DEFAULT', line) - end - end - end - - describe 'has keystone_authtoken values' do - it 'has default keystone_authtoken values' do - [ - %r{^auth_url = http://127.0.0.1:5000/v3$}, - /^auth_type = password$/, - /^username = ironic$/, - /^project_name = service$/, - /^user_domain_name = Default/, - /^project_domain_name = Default/, - /^password = ironic_pass$/, - ].each do |line| - expect(chef_run).to render_config_file(file.name).with_section_content('keystone_authtoken', line) - end - end - end -end - -shared_examples 'logging' do - context 'with logging enabled' do - before do - node.override['openstack']['bare_metal']['syslog']['use'] = true - end - - it 'runs logging recipe if node attributes say to' do - expect(chef_run).to include_recipe 'openstack-common::logging' - end - end - - context 'with logging disabled' do - before do - node.override['openstack']['bare_metal']['syslog']['use'] = false - end - - it 'does not run logging recipe' do - expect(chef_run).not_to include_recipe 'openstack-common::logging' - end - end -end diff --git a/templates/default/ironic.conf.erb b/templates/default/ironic.conf.erb deleted file mode 100644 index 6afcf47..0000000 --- a/templates/default/ironic.conf.erb +++ /dev/null @@ -1,12 +0,0 @@ -<%= node['openstack']['bare_metal']['custom_template_banner'] %> -<% @service_config.each do |section, values| -%> -[<%= section %>] - <% values.each do |key, value| -%> - <% if value.class == Hash -%> -<%= "# #{value['comment']}" -%> -<%= key %> = <%= value['set_to'] %> - <% else -%> -<%= key %> = <%= value %> - <% end -%> - <% end -%> -<% end -%> diff --git a/templates/default/rootwrap.conf.erb b/templates/default/rootwrap.conf.erb deleted file mode 100644 index 36bc237..0000000 --- a/templates/default/rootwrap.conf.erb +++ /dev/null @@ -1,29 +0,0 @@ -<%= node['openstack']['bare_metal']['custom_template_banner'] %> - -# Configuration for ironic-rootwrap -# This file should be owned by (and only-writeable by) the root user - -[DEFAULT] -# List of directories to load filter definitions from (separated by ','). -# These directories MUST all be only writeable by root ! -filters_path=<%= node['openstack']['bare_metal']['rootwrap']['filters_path'] %> - -# List of directories to search executables in, in case filters do not -# explicitely specify a full path (separated by ',') -# If not specified, defaults to system PATH environment variable. -# These directories MUST all be only writeable by root ! -exec_dirs=<%= node['openstack']['bare_metal']['rootwrap']['exec_dirs'] %> - -# Enable logging to syslog -# Default value is False -use_syslog=<%= node['openstack']['bare_metal']['rootwrap']['use_syslog'] %> - -# Which syslog facility to use. -# Valid values include auth, authpriv, syslog, local0, local1... -# Default value is 'syslog' -syslog_log_facility=<%= node['openstack']['bare_metal']['rootwrap']['syslog_log_facility'] %> - -# Which messages to log. -# INFO means log all usage -# ERROR means only log unsuccessful attempts -syslog_log_level=<%= node['openstack']['bare_metal']['rootwrap']['syslog_log_level'] %> diff --git a/templates/default/wsgi-template.conf.erb b/templates/default/wsgi-template.conf.erb deleted file mode 100644 index 3726877..0000000 --- a/templates/default/wsgi-template.conf.erb +++ /dev/null @@ -1,36 +0,0 @@ -<%= node['openstack']['bare_metal']['custom_template_banner'] %> - -:<%= @server_port %>> - WSGIDaemonProcess <%= @daemon_process %> processes=2 threads=10 user=<%= @user %> group=<%= @group %> display-name=%{GROUP} - WSGIProcessGroup <%= @daemon_process %> - WSGIScriptAlias / <%= @server_entry %> - WSGIApplicationGroup %{GLOBAL} - WSGIPassAuthorization On - - - Require all granted - - - ErrorLogFormat "%{cu}t %M" - ErrorLog <%= @log_dir %>/<%= @daemon_process %>_error.log - CustomLog <%= @log_dir %>/<%= @daemon_process %>_access.log combined -<% if node['openstack']['bare_metal']['ssl']['enabled'] -%> - - SSLEngine On - SSLCertificateFile <%= node['openstack']['bare_metal']['ssl']['certfile'] %> - SSLCertificateKeyFile <%= node['openstack']['bare_metal']['ssl']['keyfile'] %> - SSLCACertificatePath <%= node['openstack']['bare_metal']['ssl']['ca_certs_path'] %> -<% unless node['openstack']['bare_metal']['ssl']['chainfile'].empty? %> - SSLCertificateChainFile <%= node['openstack']['bare_metal']['ssl']['chainfile'] %> -<% end -%> - SSLProtocol <%= node['openstack']['bare_metal']['ssl']['protocol'] %> -<% unless node['openstack']['bare_metal']['ssl']['ciphers'].empty? -%> - SSLCipherSuite <%= node['openstack']['bare_metal']['ssl']['ciphers'] %> -<% end -%> -<% if node['openstack']['bare_metal']['ssl']['cert_required'] -%> - SSLVerifyClient require -<% end -%> -<% end -%> - - -WSGISocketPrefix <%= @run_dir -%>