From baa6f22baf46bf2ea39a6ed0de0c703d7f53f256 Mon Sep 17 00:00:00 2001
From: Jens Rosenboom <j.rosenboom@x-ion.de>
Date: Tue, 7 Mar 2017 14:02:38 +0000
Subject: [PATCH] Switch to Ocata release

- Have Ocata as default release for master now
- switch default auth strategy to Fernet as PKI tokens have been removed
- Update OpenStackClient version
- Provide a default WSGI template that can be used from other cookbooks
- Add a fake compute_cell0 service in order to create another DB for nova

Change-Id: I8bc2eb5622b14457ef80cb70bf7a1d60c9fe9793
---
 attributes/default.rb           |  9 ++++----
 spec/client_spec.rb             |  2 +-
 spec/default_spec.rb            |  4 ++--
 templates/default/wsgi.conf.erb | 37 +++++++++++++++++++++++++++++++++
 4 files changed, 45 insertions(+), 7 deletions(-)
 create mode 100644 templates/default/wsgi.conf.erb

diff --git a/attributes/default.rb b/attributes/default.rb
index d0edef89..2305a993 100644
--- a/attributes/default.rb
+++ b/attributes/default.rb
@@ -27,7 +27,7 @@ default['openstack']['common']['custom_template_banner'] = '
 '
 
 # version for python-openstackclient
-default['openstack']['common']['client_version'] = '3.6.0'
+default['openstack']['common']['client_version'] = '3.9.0'
 
 # OpenStack services and their project names
 default['openstack']['common']['services'] = {
@@ -35,6 +35,7 @@ default['openstack']['common']['services'] = {
   'block-storage' => 'cinder',
   'compute' => 'nova',
   'compute_api' => 'nova_api',
+  'compute_cell0' => 'nova_cell0',
   'dashboard' => 'horizon',
   'database' => 'trove',
   'identity' => 'keystone',
@@ -80,8 +81,8 @@ node['openstack']['common']['services'].each_key do |service|
   end
 end
 
-# The type of token signing to use (uuid or pki)
-default['openstack']['auth']['strategy'] = 'pki'
+# The type of token signing to use (uuid or fernet)
+default['openstack']['auth']['strategy'] = 'fernet'
 
 # Set to true where using self-signed certs (in testing environments)
 default['openstack']['auth']['validate_certs'] = true
@@ -118,7 +119,7 @@ default['openstack']['secret']['user_passwords_data_bag'] = 'user_passwords'
 # needs.
 
 # The coordinated release of OpenStack codename
-default['openstack']['release'] = 'newton'
+default['openstack']['release'] = 'ocata'
 
 # The Ubuntu Cloud Archive has packages for multiple Ubuntu releases. For
 # more information, see: https://wiki.ubuntu.com/ServerTeam/CloudArchive.
diff --git a/spec/client_spec.rb b/spec/client_spec.rb
index 49ca1288..5cbe8230 100644
--- a/spec/client_spec.rb
+++ b/spec/client_spec.rb
@@ -20,7 +20,7 @@ describe 'openstack-common::client' do
 
     it do
       expect(chef_run).to install_python_package('python-openstackclient')
-        .with(version: '3.6.0')
+        .with(version: '3.9.0')
     end
 
     it do
diff --git a/spec/default_spec.rb b/spec/default_spec.rb
index 15fff044..6004adc6 100644
--- a/spec/default_spec.rb
+++ b/spec/default_spec.rb
@@ -29,7 +29,7 @@ describe 'openstack-common::default' do
       node.set['openstack']['apt']['live_updates_enabled'] = true
       expect(chef_run).to add_apt_repository('openstack-ppa').with(
         uri: 'http://ubuntu-cloud.archive.canonical.com/ubuntu',
-        distribution: 'xenial-updates/newton',
+        distribution: 'xenial-updates/ocata',
         components: ['main'])
     end
 
@@ -37,7 +37,7 @@ describe 'openstack-common::default' do
       node.set['openstack']['apt']['live_updates_enabled'] = false
       expect(chef_run).to_not add_apt_repository('openstack-ppa').with(
         uri: 'http://ubuntu-cloud.archive.canonical.com/ubuntu',
-        distribution: 'xenial-updates/newton',
+        distribution: 'xenial-updates/ocata',
         components: ['main'])
     end
 
diff --git a/templates/default/wsgi.conf.erb b/templates/default/wsgi.conf.erb
new file mode 100644
index 00000000..5cb07a7f
--- /dev/null
+++ b/templates/default/wsgi.conf.erb
@@ -0,0 +1,37 @@
+<%= node["openstack"]["identity"]["custom_template_banner"] %>
+
+<VirtualHost <%= @params[:server_host] %>:<%= @params[:server_port] %>>
+    WSGIDaemonProcess <%= @service %>-<%= @params[:server_suffix] %> processes=5 threads=1 user=<%= @params[:user] %> group=<%= @params[:group] %> display-name=%{GROUP}
+    WSGIProcessGroup <%= @service %>-<%= @params[:server_suffix] %>
+    WSGIScriptAlias / <%= @params[:server_entry] %>
+    WSGIApplicationGroup %{GLOBAL}
+    WSGIPassAuthorization On
+
+    ErrorLogFormat "%{cu}t %M"
+    ErrorLog <%= @params[:log_dir] %>/<%= @service %>_error.log
+    CustomLog <%= @params[:log_dir] %>/<%= @service %>_access.log combined
+    <% if [true, 'true', 'True'].include?(@params[:log_debug]) -%>
+    LogLevel debug
+    <% end -%>
+
+    <Directory /usr/bin>
+        Require all granted
+    </Directory>
+
+    <% if @params[:use_ssl] -%>
+    SSLEngine On
+    SSLCertificateFile <%= @params[:cert_file] %>
+    SSLCertificateKeyFile <%= @params[:key_file] %>
+    SSLCACertificatePath <%= @params[:ca_certs_path] %>
+      <% if @params[:chain_file] %>
+    SSLCertificateChainFile <%= @params[:chain_file] %>
+      <% end -%>
+    SSLProtocol <%= @params[:protocol] %>
+      <% if @params[:ciphers] -%>
+    SSLCipherSuite <%= @params[:ciphers] %>
+      <% end -%>
+      <% if @params[:cert_required] -%>
+    SSLVerifyClient require
+      <% end -%>
+    <% end -%>
+</VirtualHost>