Retire openstack-chef: remove repo content
OpenStack-chef project is retiring - https://review.opendev.org/c/openstack/governance/+/905279 this commit remove the content of this project repo Depends-On: https://review.opendev.org/c/openstack/project-config/+/909134 Change-Id: I07e16dd10769a13ae587b94f1387efacda01fdb2
This commit is contained in:
parent
cf9da3b474
commit
fb7c035bf3
@ -1,9 +0,0 @@
|
||||
[local_phases]
|
||||
unit = 'rspec spec/'
|
||||
lint = 'cookstyle --display-cop-names --extra-details'
|
||||
syntax = "berks install -e integration"
|
||||
provision = "echo skipping"
|
||||
deploy = "echo skipping"
|
||||
smoke = "echo skipping"
|
||||
functional = "echo skipping"
|
||||
cleanup = "echo skipping"
|
9
.gitignore
vendored
9
.gitignore
vendored
@ -1,9 +0,0 @@
|
||||
.bundle/
|
||||
berks-cookbooks/
|
||||
.kitchen
|
||||
.vagrant
|
||||
.coverage/
|
||||
*.swp
|
||||
Berksfile.lock
|
||||
Vagrantfile
|
||||
Gemfile.lock
|
@ -1,6 +0,0 @@
|
||||
inherit_from: .rubocop_todo.yml
|
||||
|
||||
Chef/Modernize/FoodcriticComments:
|
||||
Enabled: true
|
||||
Chef/Style/CopyrightCommentFormat:
|
||||
Enabled: true
|
@ -1,20 +0,0 @@
|
||||
# This configuration was generated by
|
||||
# `rubocop --auto-gen-config`
|
||||
# on 2021-10-14 06:25:41 UTC using RuboCop version 1.22.0.
|
||||
# The point is for the user to remove these configuration records
|
||||
# one by one as the offenses are removed from the code base.
|
||||
# Note that changes in the inspected code, or installation of new
|
||||
# versions of RuboCop, may require this file to be generated again.
|
||||
|
||||
# Offense count: 1
|
||||
# Cop supports --auto-correct.
|
||||
# Configuration parameters: Include.
|
||||
# Include: **/libraries/*.rb
|
||||
Chef/Modernize/DefinesChefSpecMatchers:
|
||||
Exclude:
|
||||
- 'libraries/matchers.rb'
|
||||
|
||||
# Offense count: 2
|
||||
Lint/NestedMethodDefinition:
|
||||
Exclude:
|
||||
- 'libraries/matchers.rb'
|
@ -1,3 +0,0 @@
|
||||
- project:
|
||||
templates:
|
||||
- openstack-chef-jobs
|
@ -1,8 +0,0 @@
|
||||
source 'https://supermarket.chef.io'
|
||||
|
||||
solver :ruby, :required
|
||||
|
||||
metadata
|
||||
|
||||
# cookbook for testing database provider:
|
||||
cookbook 'test-openstack-common-database', path: 'spec/cookbooks/test-openstack-common-database'
|
@ -1,36 +0,0 @@
|
||||
Contributing
|
||||
============
|
||||
|
||||
How To Get Started
|
||||
------------------
|
||||
|
||||
If you would like to contribute to the development of OpenStack Chef Cookbooks,
|
||||
you must follow the steps in this page:
|
||||
|
||||
http://docs.openstack.org/infra/manual/developers.html
|
||||
|
||||
Gerrit Workflow
|
||||
---------------
|
||||
|
||||
Once those steps have been completed, changes to OpenStack
|
||||
should be submitted for review via the Gerrit tool, following
|
||||
the workflow documented at:
|
||||
|
||||
http://docs.openstack.org/infra/manual/developers.html#development-workflow
|
||||
|
||||
Pull requests submitted through GitHub will be ignored.
|
||||
|
||||
Bugs
|
||||
----
|
||||
|
||||
Bugs should be filed on Launchpad, not GitHub:
|
||||
|
||||
https://bugs.launchpad.net/openstack-chef
|
||||
|
||||
Contacts
|
||||
--------
|
||||
|
||||
Mailing list: groups.google.com/group/opscode-chef-openstack
|
||||
IRC: #openstack-chef is our channel on irc.freenode.net
|
||||
Wiki: https://wiki.openstack.org/wiki/Chef/GettingStarted and https://docs.getchef.com/openstack.html
|
||||
Twitter: @chefopenstack
|
176
LICENSE
176
LICENSE
@ -1,176 +0,0 @@
|
||||
|
||||
Apache License
|
||||
Version 2.0, January 2004
|
||||
http://www.apache.org/licenses/
|
||||
|
||||
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
|
||||
|
||||
1. Definitions.
|
||||
|
||||
"License" shall mean the terms and conditions for use, reproduction,
|
||||
and distribution as defined by Sections 1 through 9 of this document.
|
||||
|
||||
"Licensor" shall mean the copyright owner or entity authorized by
|
||||
the copyright owner that is granting the License.
|
||||
|
||||
"Legal Entity" shall mean the union of the acting entity and all
|
||||
other entities that control, are controlled by, or are under common
|
||||
control with that entity. For the purposes of this definition,
|
||||
"control" means (i) the power, direct or indirect, to cause the
|
||||
direction or management of such entity, whether by contract or
|
||||
otherwise, or (ii) ownership of fifty percent (50%) or more of the
|
||||
outstanding shares, or (iii) beneficial ownership of such entity.
|
||||
|
||||
"You" (or "Your") shall mean an individual or Legal Entity
|
||||
exercising permissions granted by this License.
|
||||
|
||||
"Source" form shall mean the preferred form for making modifications,
|
||||
including but not limited to software source code, documentation
|
||||
source, and configuration files.
|
||||
|
||||
"Object" form shall mean any form resulting from mechanical
|
||||
transformation or translation of a Source form, including but
|
||||
not limited to compiled object code, generated documentation,
|
||||
and conversions to other media types.
|
||||
|
||||
"Work" shall mean the work of authorship, whether in Source or
|
||||
Object form, made available under the License, as indicated by a
|
||||
copyright notice that is included in or attached to the work
|
||||
(an example is provided in the Appendix below).
|
||||
|
||||
"Derivative Works" shall mean any work, whether in Source or Object
|
||||
form, that is based on (or derived from) the Work and for which the
|
||||
editorial revisions, annotations, elaborations, or other modifications
|
||||
represent, as a whole, an original work of authorship. For the purposes
|
||||
of this License, Derivative Works shall not include works that remain
|
||||
separable from, or merely link (or bind by name) to the interfaces of,
|
||||
the Work and Derivative Works thereof.
|
||||
|
||||
"Contribution" shall mean any work of authorship, including
|
||||
the original version of the Work and any modifications or additions
|
||||
to that Work or Derivative Works thereof, that is intentionally
|
||||
submitted to Licensor for inclusion in the Work by the copyright owner
|
||||
or by an individual or Legal Entity authorized to submit on behalf of
|
||||
the copyright owner. For the purposes of this definition, "submitted"
|
||||
means any form of electronic, verbal, or written communication sent
|
||||
to the Licensor or its representatives, including but not limited to
|
||||
communication on electronic mailing lists, source code control systems,
|
||||
and issue tracking systems that are managed by, or on behalf of, the
|
||||
Licensor for the purpose of discussing and improving the Work, but
|
||||
excluding communication that is conspicuously marked or otherwise
|
||||
designated in writing by the copyright owner as "Not a Contribution."
|
||||
|
||||
"Contributor" shall mean Licensor and any individual or Legal Entity
|
||||
on behalf of whom a Contribution has been received by Licensor and
|
||||
subsequently incorporated within the Work.
|
||||
|
||||
2. Grant of Copyright License. Subject to the terms and conditions of
|
||||
this License, each Contributor hereby grants to You a perpetual,
|
||||
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
|
||||
copyright license to reproduce, prepare Derivative Works of,
|
||||
publicly display, publicly perform, sublicense, and distribute the
|
||||
Work and such Derivative Works in Source or Object form.
|
||||
|
||||
3. Grant of Patent License. Subject to the terms and conditions of
|
||||
this License, each Contributor hereby grants to You a perpetual,
|
||||
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
|
||||
(except as stated in this section) patent license to make, have made,
|
||||
use, offer to sell, sell, import, and otherwise transfer the Work,
|
||||
where such license applies only to those patent claims licensable
|
||||
by such Contributor that are necessarily infringed by their
|
||||
Contribution(s) alone or by combination of their Contribution(s)
|
||||
with the Work to which such Contribution(s) was submitted. If You
|
||||
institute patent litigation against any entity (including a
|
||||
cross-claim or counterclaim in a lawsuit) alleging that the Work
|
||||
or a Contribution incorporated within the Work constitutes direct
|
||||
or contributory patent infringement, then any patent licenses
|
||||
granted to You under this License for that Work shall terminate
|
||||
as of the date such litigation is filed.
|
||||
|
||||
4. Redistribution. You may reproduce and distribute copies of the
|
||||
Work or Derivative Works thereof in any medium, with or without
|
||||
modifications, and in Source or Object form, provided that You
|
||||
meet the following conditions:
|
||||
|
||||
(a) You must give any other recipients of the Work or
|
||||
Derivative Works a copy of this License; and
|
||||
|
||||
(b) You must cause any modified files to carry prominent notices
|
||||
stating that You changed the files; and
|
||||
|
||||
(c) You must retain, in the Source form of any Derivative Works
|
||||
that You distribute, all copyright, patent, trademark, and
|
||||
attribution notices from the Source form of the Work,
|
||||
excluding those notices that do not pertain to any part of
|
||||
the Derivative Works; and
|
||||
|
||||
(d) If the Work includes a "NOTICE" text file as part of its
|
||||
distribution, then any Derivative Works that You distribute must
|
||||
include a readable copy of the attribution notices contained
|
||||
within such NOTICE file, excluding those notices that do not
|
||||
pertain to any part of the Derivative Works, in at least one
|
||||
of the following places: within a NOTICE text file distributed
|
||||
as part of the Derivative Works; within the Source form or
|
||||
documentation, if provided along with the Derivative Works; or,
|
||||
within a display generated by the Derivative Works, if and
|
||||
wherever such third-party notices normally appear. The contents
|
||||
of the NOTICE file are for informational purposes only and
|
||||
do not modify the License. You may add Your own attribution
|
||||
notices within Derivative Works that You distribute, alongside
|
||||
or as an addendum to the NOTICE text from the Work, provided
|
||||
that such additional attribution notices cannot be construed
|
||||
as modifying the License.
|
||||
|
||||
You may add Your own copyright statement to Your modifications and
|
||||
may provide additional or different license terms and conditions
|
||||
for use, reproduction, or distribution of Your modifications, or
|
||||
for any such Derivative Works as a whole, provided Your use,
|
||||
reproduction, and distribution of the Work otherwise complies with
|
||||
the conditions stated in this License.
|
||||
|
||||
5. Submission of Contributions. Unless You explicitly state otherwise,
|
||||
any Contribution intentionally submitted for inclusion in the Work
|
||||
by You to the Licensor shall be under the terms and conditions of
|
||||
this License, without any additional terms or conditions.
|
||||
Notwithstanding the above, nothing herein shall supersede or modify
|
||||
the terms of any separate license agreement you may have executed
|
||||
with Licensor regarding such Contributions.
|
||||
|
||||
6. Trademarks. This License does not grant permission to use the trade
|
||||
names, trademarks, service marks, or product names of the Licensor,
|
||||
except as required for reasonable and customary use in describing the
|
||||
origin of the Work and reproducing the content of the NOTICE file.
|
||||
|
||||
7. Disclaimer of Warranty. Unless required by applicable law or
|
||||
agreed to in writing, Licensor provides the Work (and each
|
||||
Contributor provides its Contributions) on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
|
||||
implied, including, without limitation, any warranties or conditions
|
||||
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
|
||||
PARTICULAR PURPOSE. You are solely responsible for determining the
|
||||
appropriateness of using or redistributing the Work and assume any
|
||||
risks associated with Your exercise of permissions under this License.
|
||||
|
||||
8. Limitation of Liability. In no event and under no legal theory,
|
||||
whether in tort (including negligence), contract, or otherwise,
|
||||
unless required by applicable law (such as deliberate and grossly
|
||||
negligent acts) or agreed to in writing, shall any Contributor be
|
||||
liable to You for damages, including any direct, indirect, special,
|
||||
incidental, or consequential damages of any character arising as a
|
||||
result of this License or out of the use or inability to use the
|
||||
Work (including but not limited to damages for loss of goodwill,
|
||||
work stoppage, computer failure or malfunction, or any and all
|
||||
other commercial damages or losses), even if such Contributor
|
||||
has been advised of the possibility of such damages.
|
||||
|
||||
9. Accepting Warranty or Additional Liability. While redistributing
|
||||
the Work or Derivative Works thereof, You may choose to offer,
|
||||
and charge a fee for, acceptance of support, warranty, indemnity,
|
||||
or other liability obligations and/or rights consistent with this
|
||||
License. However, in accepting such obligations, You may act only
|
||||
on Your own behalf and on Your sole responsibility, not on behalf
|
||||
of any other Contributor, and only if You agree to indemnify,
|
||||
defend, and hold each Contributor harmless for any liability
|
||||
incurred by, or claims asserted against, such Contributor by reason
|
||||
of your accepting any such warranty or additional liability.
|
||||
|
342
README.rst
342
README.rst
@ -1,336 +1,10 @@
|
||||
OpenStack Chef Cookbook - common
|
||||
================================
|
||||
This project is no longer maintained.
|
||||
|
||||
.. image:: https://governance.openstack.org/badges/cookbook-openstack-common.svg
|
||||
:target: https://governance.openstack.org/reference/tags/index.html
|
||||
The contents of this repository are still available in the Git
|
||||
source code management system. To see the contents of this
|
||||
repository before it reached its end of life, please check out the
|
||||
previous commit with "git checkout HEAD^1".
|
||||
|
||||
.. Change things from this point on
|
||||
|
||||
Description
|
||||
===========
|
||||
|
||||
This cookbook provides common setup recipes, helper methods and
|
||||
attributes that describe an OpenStack deployment as part of the
|
||||
OpenStack reference deployment Chef for OpenStack.
|
||||
|
||||
Please relate to the official OpenStack Configuration and Installation
|
||||
Guides for a more detailed documentation on operating and administration
|
||||
of an OpenStack cluster:
|
||||
|
||||
https://docs.openstack.org/latest/configuration/
|
||||
https://docs.openstack.org/latest/install/
|
||||
|
||||
Requirements
|
||||
============
|
||||
|
||||
- Chef 16 or higher
|
||||
- Chef Workstation 21.10.640 for testing (also includes berkshelf for
|
||||
cookbook dependency resolution)
|
||||
|
||||
Platform
|
||||
========
|
||||
|
||||
- ubuntu
|
||||
- redhat
|
||||
- centos
|
||||
|
||||
Cookbooks
|
||||
=========
|
||||
|
||||
The following cookbooks are dependencies:
|
||||
|
||||
- 'etcd', '~> 7.0'
|
||||
- 'mariadb', '~> 5.0'
|
||||
- 'memcached', '~> 7.0'
|
||||
- 'selinux'
|
||||
- 'yum-centos', '>= 3.2.0'
|
||||
- 'yum-epel'
|
||||
|
||||
Attributes
|
||||
==========
|
||||
|
||||
Please see the extensive inline documentation in ``attributes/*.rb`` for
|
||||
descriptions of all the settable attributes for this cookbook.
|
||||
|
||||
Note that all attributes are in the ``default["openstack"]`` "namespace"
|
||||
|
||||
Attributes to generate OpenStack service configuration files
|
||||
------------------------------------------------------------
|
||||
|
||||
Since the mitaka release, we moved to a completely new way to generate
|
||||
all OpenStack service configuration files. The base template is the
|
||||
``openstack-service.conf.erb`` included in the templates of this
|
||||
cookbook. In each of the service cookbook (e.g. openstack-network,
|
||||
openstack-identity or openstack-compute), the service configuration file
|
||||
(e.g neutron.conf, keystone.conf or nova.conf) gets generated directly
|
||||
from attributes set inside the cookbook. To merge all the configuration
|
||||
options (including the secrets) properly, before handing them over as
|
||||
``@service_config`` to the mentioned template above, we use the methods
|
||||
defined in ``libraries/config_helpers``.
|
||||
|
||||
For examples how to use these attributes, please refer to the attribute
|
||||
files included in the service cookbooks (e.g.
|
||||
``attributes/neutron_conf.rb`` in openstack-network or
|
||||
``attributes/keystone_conf.rb`` in openstack-identity). The basic
|
||||
structure of all these attributes always follows this model:
|
||||
|
||||
.. code-block:: ruby
|
||||
|
||||
# usual config option that should eventually be saved to the node object
|
||||
default['openstack'][service]['conf'][section][key][value]
|
||||
# configuration options like passwords that should not be saved in the node
|
||||
# object
|
||||
default['openstack'][service]['conf_secrets'][section][key][value]
|
||||
|
||||
Recipes
|
||||
=======
|
||||
|
||||
openstack-common::client
|
||||
------------------------
|
||||
|
||||
- Install the common python openstack client package
|
||||
|
||||
openstack-common::completions
|
||||
-----------------------------
|
||||
|
||||
- Install bash completions for openstack client
|
||||
|
||||
openstack-common::default
|
||||
-------------------------
|
||||
|
||||
- Installs/Configures common recipes
|
||||
|
||||
openstack-common::etcd
|
||||
----------------------
|
||||
|
||||
- Installs and starts etcd
|
||||
|
||||
openstack-common::logging
|
||||
-------------------------
|
||||
|
||||
- Installs/Configures common logging
|
||||
|
||||
openstack-common::sysctl
|
||||
------------------------
|
||||
|
||||
- Iterates over the contents of the ``node['openstack']['sysctl']``
|
||||
hash and executes the ``sysctl`` resource.
|
||||
|
||||
Data Bags
|
||||
=========
|
||||
|
||||
This cookbook contains Libraries to work with passwords and secrets in
|
||||
databags. Databags can be unencrypted (for dev) or encrypted (for prod).
|
||||
In addition to traditionally encrypted data bags they can also be
|
||||
created as chef-vault items. To read more about chef-vault and how to
|
||||
use it, go to https://docs.chef.io/chef_vault.html.
|
||||
|
||||
Documentation for Attributes for selecting databag format can be found
|
||||
in the attributes section of this cookbook.
|
||||
|
||||
Documentation for format of these Databags can be found in the
|
||||
`Openstack Chef
|
||||
Repo <https://opendev.org/openstack/openstack-chef#data-bags>`__
|
||||
repository.
|
||||
|
||||
Resources
|
||||
=========
|
||||
|
||||
This cookbook provides the ``openstack_database`` custom resource. When
|
||||
this cookbook is included as dependency, this custom resource can be
|
||||
used to create databases needed by the OpenStack services.
|
||||
|
||||
.. code-block:: ruby
|
||||
|
||||
depends 'openstack-common'
|
||||
|
||||
.. code-block:: ruby
|
||||
|
||||
openstack_database 'compute' do
|
||||
user 'nova'
|
||||
pass 'supersecret'
|
||||
end
|
||||
|
||||
An example of the usage can be seen here
|
||||
https://opendev.org/openstack/cookbook-openstack-ops-database/src/branch/master/recipes/openstack-db.rb
|
||||
.
|
||||
|
||||
Libraries
|
||||
=========
|
||||
|
||||
This cookbook exposes a set of default library routines:
|
||||
|
||||
- ``cli`` -- Used to call openstack CLIs
|
||||
- ``endpoint`` -- Used to return a ``::URI`` object representing the
|
||||
named OpenStack endpoint
|
||||
- ``internal_endpoint`` -- Used to return a ``::URI`` object
|
||||
representing the named OpenStack internal endpoint if one was
|
||||
specified. Otherwise, it will return the same value as ``endpoint``.
|
||||
- ``public_endpoint`` -- Used to return a ``::URI`` object representing
|
||||
the named OpenStack public endpoint if one was specified. Otherwise,
|
||||
it will return the same value as ``endpoint``.
|
||||
- ``endpoints`` -- Useful for operating on all OpenStack endpoints
|
||||
- ``db`` -- Returns a Hash of information about a named OpenStack
|
||||
database
|
||||
- ``db_uri`` -- Returns the SQLAlchemy RFC-1738 DB URI (see:
|
||||
http://rfc.net/rfc1738.html) for a named OpenStack database
|
||||
- ``secret`` -- Returns the value of an encrypted data bag for a named
|
||||
OpenStack secret key and key-section
|
||||
- ``get_password`` -- Ease-of-use helper that returns the decrypted
|
||||
password for a named database, service or keystone user.
|
||||
- ``matchers`` -- A custom matcher(``render_config_file``) for testing
|
||||
ini format file section content by ``with_section_content``.
|
||||
|
||||
Examples
|
||||
========
|
||||
|
||||
The following are code examples showing the above library routines in
|
||||
action. Remember when using the library routines exposed by this library
|
||||
to include the Openstack routines in your recipe's ``::Chef::Recipe``
|
||||
namespace, like so:
|
||||
|
||||
.. code-block:: ruby
|
||||
|
||||
class ::Chef::Recipe
|
||||
include ::Openstack
|
||||
end
|
||||
|
||||
Example of using the ``endpoint`` routine:
|
||||
|
||||
.. code-block:: ruby
|
||||
|
||||
nova_api_ep = endpoint "compute-api"
|
||||
::Chef::Log.info("Using Openstack Compute API endpoint at #{nova_api_ep.to_s}")
|
||||
|
||||
# Note that endpoint URIs may contain variable interpolation markers such
|
||||
# as `%(tenant_id)s`, so you may need to decode them. Do so like this:
|
||||
|
||||
require "uri"
|
||||
|
||||
puts ::URI.decode nova_api_ap.to_s
|
||||
|
||||
Example of using the ``get_password`` and ``db_uri`` routine:
|
||||
|
||||
.. code-block:: ruby
|
||||
|
||||
db_pass = get_password "db" "cinder"
|
||||
db_user = node["cinder"]["db"]["user"]
|
||||
sql_connection = db_uri "volume", db_user, db_pass
|
||||
|
||||
template "/etc/cinder/cinder.conf" do
|
||||
source "cinder.conf.erb"
|
||||
owner node["cinder"]["user"]
|
||||
group node["cinder"]["group"]
|
||||
mode 00644
|
||||
variables(
|
||||
"sql_connection" => sql_connection
|
||||
)
|
||||
end
|
||||
|
||||
URI Operations
|
||||
--------------
|
||||
|
||||
Use the ``Openstack::uri_from_hash`` routine to helpfully return a
|
||||
``::URI::Generic`` object for a hash that contains any of the following
|
||||
keys:
|
||||
|
||||
- ``host``
|
||||
- ``uri``
|
||||
- ``port``
|
||||
- ``path``
|
||||
- ``scheme``
|
||||
|
||||
If the ``uri`` key is in the hash, that will be used as the URI,
|
||||
otherwise the URI will be constructed from the various parts of the hash
|
||||
corresponding to the keys above.
|
||||
|
||||
.. code-block:: ruby
|
||||
|
||||
# Suppose node hash contains the following subhash in the :identity_service key:
|
||||
# {
|
||||
# :host => 'identity.example.com',
|
||||
# :port => 5000,
|
||||
# :scheme => 'https'
|
||||
# }
|
||||
uri = ::Openstack::uri_from_hash(node[:identity_service])
|
||||
# uri.to_s would == "https://identity.example.com:5000"
|
||||
|
||||
The routine will return nil if neither a ``uri`` or ``host`` key exists
|
||||
in the supplied hash.
|
||||
|
||||
Using the library without prefixing with ::Openstack
|
||||
----------------------------------------------------
|
||||
|
||||
Don't like prefixing calls to the library's routines with
|
||||
``::Openstack``? Do this:
|
||||
|
||||
.. code-block:: ruby
|
||||
|
||||
class ::Chef::Recipe
|
||||
include ::Openstack
|
||||
end
|
||||
|
||||
in your recipe.
|
||||
|
||||
License and Author
|
||||
==================
|
||||
|
||||
+-----------------+-------------------------------------------------+
|
||||
| **Author** | Jay Pipes (jaypipes@att.com) |
|
||||
+-----------------+-------------------------------------------------+
|
||||
| **Author** | John Dewey (jdewey@att.com) |
|
||||
+-----------------+-------------------------------------------------+
|
||||
| **Author** | Matt Ray (matt@opscode.com) |
|
||||
+-----------------+-------------------------------------------------+
|
||||
| **Author** | Craig Tracey (craigtracey@gmail.com) |
|
||||
+-----------------+-------------------------------------------------+
|
||||
| **Author** | Sean Gallagher (sean.gallagher@att.com) |
|
||||
+-----------------+-------------------------------------------------+
|
||||
| **Author** | Ionut Artarisi (iartarisi@suse.cz) |
|
||||
+-----------------+-------------------------------------------------+
|
||||
| **Author** | Chen Zhiwei (zhiwchen@cn.ibm.com) |
|
||||
+-----------------+-------------------------------------------------+
|
||||
| **Author** | Brett Campbell (brett.campbell@rackspace.com) |
|
||||
+-----------------+-------------------------------------------------+
|
||||
| **Author** | Mark Vanderwiel (vanderwl@us.ibm.com) |
|
||||
+-----------------+-------------------------------------------------+
|
||||
| **Author** | Jan Klare (j.klare@cloudbau.de) |
|
||||
+-----------------+-------------------------------------------------+
|
||||
| **Author** | Christoph Albers (c.albers@x-ion.de) |
|
||||
+-----------------+-------------------------------------------------+
|
||||
| **Author** | Jens Harbott (j.harbott@x-ion.de) |
|
||||
+-----------------+-------------------------------------------------+
|
||||
| **Author** | Lance Albertson (lance@osuosl.org) |
|
||||
+-----------------+-------------------------------------------------+
|
||||
|
||||
+-----------------+--------------------------------------------------+
|
||||
| **Copyright** | Copyright (c) 2012-2013, AT&T Services, Inc. |
|
||||
+-----------------+--------------------------------------------------+
|
||||
| **Copyright** | Copyright (c) 2013, Opscode, Inc. |
|
||||
+-----------------+--------------------------------------------------+
|
||||
| **Copyright** | Copyright (c) 2013, Craig Tracey |
|
||||
+-----------------+--------------------------------------------------+
|
||||
| **Copyright** | Copyright (c) 2013-2014, SUSE Linux GmbH |
|
||||
+-----------------+--------------------------------------------------+
|
||||
| **Copyright** | Copyright (c) 2013-2015, IBM, Corp. |
|
||||
+-----------------+--------------------------------------------------+
|
||||
| **Copyright** | Copyright (c) 2013-2014, Rackspace US, Inc. |
|
||||
+-----------------+--------------------------------------------------+
|
||||
| **Copyright** | Copyright (c) 2016-2019, x-ion GmbH |
|
||||
+-----------------+--------------------------------------------------+
|
||||
| **Copyright** | Copyright (c) 2016-2021, Oregon State University |
|
||||
+-----------------+--------------------------------------------------+
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
not use this file except in compliance with the License. You may obtain
|
||||
a copy of the License at
|
||||
|
||||
::
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
For any further questions, please email
|
||||
openstack-discuss@lists.openstack.org or join #openstack-dev on
|
||||
OFTC.
|
||||
|
51
Rakefile
51
Rakefile
@ -1,51 +0,0 @@
|
||||
task default: ['test']
|
||||
|
||||
task test: [:syntax, :unit]
|
||||
|
||||
desc 'Vendor the cookbooks in the Berksfile'
|
||||
task :berks_prep do
|
||||
sh %(chef exec berks vendor)
|
||||
end
|
||||
|
||||
desc 'Run CookStyle (syntax & lint) tests'
|
||||
task :syntax do
|
||||
sh %(delivery local lint)
|
||||
end
|
||||
|
||||
desc 'Run RSpec (unit) tests'
|
||||
task unit: :berks_prep do
|
||||
sh %(delivery local unit)
|
||||
end
|
||||
|
||||
desc 'Remove the berks-cookbooks directory and the Berksfile.lock'
|
||||
task :clean do
|
||||
rm_rf [
|
||||
'berks-cookbooks',
|
||||
'Berksfile.lock',
|
||||
]
|
||||
end
|
||||
|
||||
desc 'All-in-One Neutron build'
|
||||
task integration: :common_integration do
|
||||
# Noop
|
||||
end
|
||||
|
||||
desc 'Common task used by all cookbooks for integration test'
|
||||
task :common_integration do
|
||||
# Use the berksfile support to make use of the existing patch clones.
|
||||
# Make a sym link from workspace/gate-cookbook-openstack-common-chef-rake-integration
|
||||
# to workspace/cookbook-openstack-common
|
||||
patch_dir = Dir.pwd
|
||||
patch_dir_berks = ENV['ZUUL_PROJECT'].split('/')[1]
|
||||
sh %(ls -la ..)
|
||||
sh %(ls -la ../..)
|
||||
sh %(sudo ln -s #{patch_dir} ../#{patch_dir_berks})
|
||||
|
||||
unless Dir.exist?('../openstack-chef')
|
||||
sh %(git clone --depth 1 https://opendev.org/openstack/openstack-chef ../openstack-chef)
|
||||
end
|
||||
|
||||
Dir.chdir('../openstack-chef') do
|
||||
sh %(chef exec rake integration)
|
||||
end
|
||||
end
|
30
TESTING.md
30
TESTING.md
@ -1,30 +0,0 @@
|
||||
# Testing the Cookbook #
|
||||
|
||||
This cookbook uses [chefdk](https://downloads.chef.io/chef-dk/) and [berkshelf](http://berkshelf.com/) to isolate dependencies. Make sure you have chefdk and the header files for `gecode` installed before continuing. Make sure that you're using gecode version 3. More info [here](https://github.com/opscode/dep-selector-libgecode/tree/0bad63fea305ede624c58506423ced697dd2545e#using-a-system-gecode-instead). For more detailed information on what needs to be installed, you can have a quick look into the bootstrap.sh file in this repository, which does install all the needed things to get going on ubuntu trusty. The tests defined in the Rakefile include lint, style and unit. For integration testing please refere to the [openstack-chef-repo](https://github.com/openstack/openstack-chef-repo).
|
||||
|
||||
We have three test suites which you can run either, individually (there are three rake tasks):
|
||||
|
||||
$ chef exec rake lint
|
||||
$ chef exec rake style
|
||||
$ chef exec rake unit
|
||||
|
||||
or altogether:
|
||||
|
||||
$ chef exec rake
|
||||
|
||||
The `rake` tasks will take care of installing the needed cookbooks with `berkshelf`.
|
||||
|
||||
## Rubocop ##
|
||||
|
||||
[Rubocop](https://github.com/bbatsov/rubocop) is a static Ruby code analyzer, based on the community [Ruby style guide](https://github.com/bbatsov/ruby-style-guide). We are attempting to adhere to this where applicable, slowly cleaning up the cookbooks until we can turn on Rubocop for gating the commits.
|
||||
|
||||
## Foodcritic ##
|
||||
|
||||
[Foodcritic](http://acrmp.github.io/foodcritic/) is a lint tool for Chef cookbooks. We ignore the following rules:
|
||||
|
||||
* [FC003](http://acrmp.github.io/foodcritic/#FC003) These cookbooks are not intended for Chef Solo.
|
||||
* [FC023](http://acrmp.github.io/foodcritic/#FC023) Prefer conditional attributes.
|
||||
|
||||
## Chefspec
|
||||
|
||||
[ChefSpec](https://github.com/sethvargo/chefspec) is a unit testing framework for testing Chef cookbooks. ChefSpec makes it easy to write examples and get fast feedback on cookbook changes without the need for virtual machines or cloud servers.
|
@ -1,207 +0,0 @@
|
||||
#
|
||||
# Cookbook:: openstack-common
|
||||
# Attributes:: database
|
||||
#
|
||||
# Copyright:: 2012-2021, AT&T Services, Inc.
|
||||
# Copyright:: 2013-2021, SUSE Linux GmbH
|
||||
# Copyright:: 2020-2021, Oregon State University
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
#
|
||||
|
||||
# ======================== OpenStack DB Support ================================
|
||||
#
|
||||
# This section of node attributes stores information about the database hosts
|
||||
# used in an OpenStack deployment.
|
||||
#
|
||||
# There is no 'scheme' key. Instead, there is a 'service_type' key that should
|
||||
# contain one of 'sqlite', 'mysql', or 'postgresql'
|
||||
#
|
||||
# The ::Openstack::db(<SERVICE_NAME>) library routine allows a lookup from any recipe
|
||||
# to this array, returning the host information for the server that contains
|
||||
# the database for <SERVICE_NAME>, where <SERVICE_NAME> is one of 'compute' (Nova),
|
||||
# 'image' (Glance), 'identity' (Keystone), 'network' (Neutron), or 'volume' (Cinder)
|
||||
#
|
||||
# The ::Openstack::db_connection(<SERVICE_NAME>, <USER>, <PASSWORD>) library routine
|
||||
# returns the SQLAlchemy DB URI for <SERVICE_NAME>, with the supplied user and password
|
||||
# that a calling service might be using when connecting to the database.
|
||||
#
|
||||
# For example, let's assume that the database that is used by the OpenStack Identity
|
||||
# service (Keystone) is configured as follows:
|
||||
#
|
||||
# host: 192.168.0.3
|
||||
# port: 3306
|
||||
# service_type: mysql
|
||||
# db_name: keystone
|
||||
#
|
||||
# Further suppose that a node running the OpenStack Identity API service needs to
|
||||
# connect to the above identity database server. It has the following in it's node
|
||||
# attributes:
|
||||
#
|
||||
# node['openstack']['db']['identity']['username'] = 'keystone'
|
||||
#
|
||||
# In a 'keystone' recipe, you might find the following code:
|
||||
#
|
||||
# user = node['openstack']['db']['identity']['username']
|
||||
# pass = get_password 'db', 'keystone'
|
||||
#
|
||||
# sql_connection = ::Openstack::db_uri('identity', user, pass)
|
||||
#
|
||||
# The sql_connection variable would then be set to "mysql://keystone:password@192.168.0.3:keystone"
|
||||
# and could then be written to the keystone.conf file in a template.
|
||||
#
|
||||
# Database Migrations:
|
||||
#
|
||||
# node['openstack']['db'][<SERVICE_NAME>]['migrate']
|
||||
#
|
||||
# The above attribute causes database migrations to be executed for the given
|
||||
# service. There are cases where migrations should not be executed. For
|
||||
# example when upgrading a zone, and the image or identity database are replicated
|
||||
# across many zones.
|
||||
#
|
||||
|
||||
# ******************** Database Endpoint **************************************
|
||||
%w(endpoints bind_service).each do |type|
|
||||
default['openstack'][type]['db']['host'] = '127.0.0.1'
|
||||
default['openstack'][type]['db']['port'] = '3306'
|
||||
end
|
||||
default['openstack']['bind_service']['db']['interface'] = nil
|
||||
default['openstack']['endpoints']['db']['enabled_slave'] = false
|
||||
default['openstack']['endpoints']['db']['slave_host'] = '127.0.0.1'
|
||||
default['openstack']['endpoints']['db']['slave_port'] = '3316'
|
||||
|
||||
# If you bind the database to a specific ip-address (you can only choose one
|
||||
# here for mysql, so 127.0.0.1 + external address is not an option), to allow
|
||||
# the services and applications to access it via this one, you probably do not
|
||||
# want to allow the db root user to access it via this external address. In this
|
||||
# case you have the option to allow root access only via localhost, which
|
||||
# will work for mysql databases, since it will use a direct connection via
|
||||
# the socket, so the database does not have not to listen on 127.0.0.1.
|
||||
# Set this to 'localhost' for mysql to connect via socket.
|
||||
default['openstack']['endpoints']['db']['host_for_db_root_user'] = 'localhost'
|
||||
|
||||
# Default database attributes
|
||||
default['openstack']['db']['server_role'] = 'os-ops-database'
|
||||
# Database charset during create database
|
||||
default['openstack']['db']['charset'] = {
|
||||
mysql: 'utf8',
|
||||
'percona-cluster' => 'utf8',
|
||||
mariadb: 'utf8',
|
||||
postgresql: nil,
|
||||
pgsql: nil,
|
||||
sqlite: nil,
|
||||
nosql: nil,
|
||||
galera: 'utf8',
|
||||
}
|
||||
|
||||
# Database connection options. Should include starting '?'
|
||||
default['openstack']['db']['options'] = {
|
||||
mysql: "?charset=#{node['openstack']['db']['charset']['mysql']}",
|
||||
'percona-cluster' => "?charset=#{node['openstack']['db']['charset']['percona-cluster']}",
|
||||
mariadb: "?charset=#{node['openstack']['db']['charset']['mariadb']}",
|
||||
sqlite: '',
|
||||
nosql: '',
|
||||
galera: "?charset=#{node['openstack']['db']['charset']['galera']}",
|
||||
}
|
||||
|
||||
# platform and DBMS-specific python client packages
|
||||
default['openstack']['db']['python_packages'] = {
|
||||
postgresql: [],
|
||||
sqlite: [],
|
||||
}
|
||||
case node['platform_family']
|
||||
when 'rhel'
|
||||
default['openstack']['db']['service_type'] = 'mariadb'
|
||||
if node['platform_version'].to_i >= 8
|
||||
default['openstack']['db']['python_packages']['mariadb'] = ['python3-PyMySQL']
|
||||
default['openstack']['db']['python_packages']['percona-cluster'] = ['python3-PyMySQL']
|
||||
default['openstack']['db']['python_packages']['galera'] = ['python3-PyMySQL']
|
||||
else
|
||||
default['openstack']['db']['python_packages']['mariadb'] = ['MySQL-python']
|
||||
default['openstack']['db']['python_packages']['percona-cluster'] = ['MySQL-python']
|
||||
default['openstack']['db']['python_packages']['galera'] = ['MySQL-python']
|
||||
end
|
||||
when 'debian'
|
||||
default['openstack']['db']['service_type'] = 'mariadb'
|
||||
default['openstack']['db']['python_packages']['mariadb'] = ['python3-mysqldb']
|
||||
default['openstack']['db']['python_packages']['percona-cluster'] = ['python3-mysqldb']
|
||||
default['openstack']['db']['python_packages']['galera'] = ['python3-mysqldb']
|
||||
end
|
||||
|
||||
# database sockets, because different
|
||||
case node['platform_family']
|
||||
when 'rhel'
|
||||
default['openstack']['db']['socket'] = '/var/lib/mysql/mysql.sock'
|
||||
when 'debian'
|
||||
default['openstack']['db']['socket'] = '/var/run/mysqld/mysqld.sock'
|
||||
end
|
||||
|
||||
# Database used by the OpenStack services
|
||||
node['openstack']['common']['services'].each do |service, project|
|
||||
default['openstack']['db'][service]['service_type'] = node['openstack']['db']['service_type']
|
||||
default['openstack']['db'][service]['host'] = node['openstack']['endpoints']['db']['host']
|
||||
default['openstack']['db'][service]['port'] = node['openstack']['endpoints']['db']['port']
|
||||
default['openstack']['db'][service]['db_name'] = project
|
||||
default['openstack']['db'][service]['username'] = project
|
||||
default['openstack']['db'][service]['options'] = node['openstack']['db']['options']
|
||||
|
||||
default['openstack']['db'][service]['slave_host'] = node['openstack']['endpoints']['db']['slave_host']
|
||||
default['openstack']['db'][service]['slave_port'] = node['openstack']['endpoints']['db']['slave_port']
|
||||
|
||||
default['openstack']['db'][service]['socket'] = node['openstack']['db']['socket']
|
||||
|
||||
case service
|
||||
when 'dashboard'
|
||||
default['openstack']['db'][service]['migrate'] = true
|
||||
when 'identity'
|
||||
default['openstack']['db'][service]['migrate'] = true
|
||||
when 'image'
|
||||
default['openstack']['db'][service]['migrate'] = true
|
||||
when 'network'
|
||||
# The SQLAlchemy connection string used to connect to the slave database
|
||||
default['openstack']['db'][service]['slave_connection'] = ''
|
||||
|
||||
# Database reconnection retry times - in event connectivity is lost
|
||||
default['openstack']['db'][service]['max_retries'] = 10
|
||||
|
||||
# Database reconnection interval in seconds - if the initial connection to the database fails
|
||||
default['openstack']['db'][service]['retry_interval'] = 10
|
||||
|
||||
# Minimum number of SQL connections to keep open in a pool
|
||||
default['openstack']['db'][service]['min_pool_size'] = 1
|
||||
|
||||
# Maximum number of SQL connections to keep open in a pool
|
||||
default['openstack']['db'][service]['max_pool_size'] = 10
|
||||
|
||||
# Timeout in seconds before idle sql connections are reaped
|
||||
default['openstack']['db'][service]['idle_timeout'] = 3600
|
||||
|
||||
# If set, use this value for max_overflow with sqlalchemy
|
||||
default['openstack']['db'][service]['max_overflow'] = 20
|
||||
|
||||
# Verbosity of SQL debugging information. 0=None, 100=Everything
|
||||
default['openstack']['db'][service]['connection_debug'] = 0
|
||||
|
||||
# Add python stack traces to SQL as comment strings
|
||||
default['openstack']['db'][service]['connection_trace'] = false
|
||||
|
||||
# If set, use this value for pool_timeout with sqlalchemy
|
||||
default['openstack']['db'][service]['pool_timeout'] = 10
|
||||
when 'telemetry'
|
||||
default['openstack']['db'][service]['nosql']['used'] = false
|
||||
default['openstack']['db'][service]['nosql']['port'] = '27017'
|
||||
end
|
||||
end
|
||||
|
||||
# DB key to the get_password library routine
|
||||
default['openstack']['db']['root_user_key'] = 'mysqlroot'
|
@ -1,357 +0,0 @@
|
||||
#
|
||||
# Cookbook:: openstack-common
|
||||
# Attributes:: default
|
||||
#
|
||||
# Copyright:: 2012-2021, AT&T Services, Inc.
|
||||
# Copyright:: 2013-2021, SUSE Linux GmbH
|
||||
# Copyright:: 2016-2021, Oregon State University
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
#
|
||||
|
||||
# Release mode toggle for testing frameworks. Defaults to false.
|
||||
# Override this to true at the environment level when you're ready.
|
||||
default['openstack']['is_release'] = false
|
||||
|
||||
# Set to some text value if you want templated config files
|
||||
# to contain a custom banner at the top of the written file
|
||||
default['openstack']['common']['custom_template_banner'] = '
|
||||
# This file is automatically generated by Chef
|
||||
# Any changes will be overwritten
|
||||
'
|
||||
|
||||
# OpenStack services and their project names
|
||||
default['openstack']['common']['services'] = {
|
||||
'aodh' => 'aodh',
|
||||
'baremetal' => 'ironic',
|
||||
'bare_metal' => 'ironic',
|
||||
'block_storage' => 'cinder',
|
||||
'block-storage' => 'cinder',
|
||||
'compute' => 'nova',
|
||||
'compute_api' => 'nova_api',
|
||||
'compute_cell0' => 'nova_cell0',
|
||||
'dashboard' => 'horizon',
|
||||
'database' => 'trove',
|
||||
'dns' => 'designate',
|
||||
'identity' => 'keystone',
|
||||
'image' => 'glance',
|
||||
'load_balancer' => 'octavia',
|
||||
'network' => 'neutron',
|
||||
'object_storage' => 'swift',
|
||||
'orchestration' => 'heat',
|
||||
'placement' => 'placement',
|
||||
'telemetry' => 'ceilometer',
|
||||
'telemetry_metric' => 'gnocchi',
|
||||
'application_catalog' => 'murano',
|
||||
}
|
||||
|
||||
# Setting this to True means that database passwords and service user
|
||||
# passwords for Keystone will be easy-to-remember values -- they will be
|
||||
# the same value as the key. For instance, if a cookbook calls the
|
||||
# ::Openstack::secret routine like so:
|
||||
#
|
||||
# pass = secret "passwords", "nova"
|
||||
#
|
||||
# The value of pass will be "nova"
|
||||
#
|
||||
|
||||
# Use data bags for storing passwords
|
||||
# Set this to false in order to get the passwords from attributes like:
|
||||
# node['openstack']['secret'][key][type]
|
||||
default['openstack']['use_databags'] = true
|
||||
|
||||
# Set databag type
|
||||
# acceptable values 'encrypted', 'standard', 'vault'
|
||||
# Set this to 'standard' in order to use regular databags.
|
||||
# this is not recommended for anything other than dev/CI
|
||||
# type environments. Storing real secrets in plaintext = craycray.
|
||||
# In addition to the encrypted data_bags which are an included
|
||||
# feature of the official chef project, you can use 'vault' to
|
||||
# encrypt your secrets with the method provided in the chef-vault gem.
|
||||
default['openstack']['databag_type'] = 'encrypted'
|
||||
default['openstack']['vault_gem_version'] = '~> 3.2'
|
||||
|
||||
# Default attributes when not using data bags (use_databags = false)
|
||||
node['openstack']['common']['services'].each_key do |service|
|
||||
%w(user service db token).each do |type|
|
||||
default['openstack']['secret'][service][type] = "#{service}-#{type}"
|
||||
end
|
||||
end
|
||||
|
||||
# The type of token signing to use (uuid or fernet)
|
||||
default['openstack']['auth']['strategy'] = 'fernet'
|
||||
|
||||
# Set to true where using self-signed certs (in testing environments)
|
||||
default['openstack']['auth']['validate_certs'] = true
|
||||
|
||||
# ========================= Encrypted Databag Setup ===========================
|
||||
#
|
||||
# The openstack-common cookbook's default library contains a `secret`
|
||||
# routine that looks up the value of encrypted databag values. This routine
|
||||
# uses the secret key file located at the following location to decrypt the
|
||||
# values in the data bag.
|
||||
default['openstack']['secret']['key_path'] = '/etc/chef/openstack_data_bag_secret'
|
||||
|
||||
# The name of the encrypted data bag that stores openstack secrets
|
||||
default['openstack']['secret']['secrets_data_bag'] = 'secrets'
|
||||
|
||||
# The name of the encrypted data bag that stores service user passwords, with
|
||||
# each key in the data bag corresponding to a named OpenStack service, like
|
||||
# "nova", "cinder", etc.
|
||||
default['openstack']['secret']['service_passwords_data_bag'] = 'service_passwords'
|
||||
|
||||
# The name of the encrypted data bag that stores DB passwords, with
|
||||
# each key in the data bag corresponding to a named OpenStack database, like
|
||||
# "nova", "cinder", etc.
|
||||
default['openstack']['secret']['db_passwords_data_bag'] = 'db_passwords'
|
||||
|
||||
# The name of the encrypted data bag that stores Keystone user passwords, with
|
||||
# each key in the data bag corresponding to a user (Keystone or otherwise).
|
||||
default['openstack']['secret']['user_passwords_data_bag'] = 'user_passwords'
|
||||
|
||||
# ========================= Package and Repository Setup ======================
|
||||
#
|
||||
# Various Linux distributions provide OpenStack packages and repositories.
|
||||
# The provide some sensible defaults, but feel free to override per your
|
||||
# needs.
|
||||
|
||||
# The coordinated release of OpenStack codename
|
||||
default['openstack']['release'] = 'train'
|
||||
|
||||
# The Ubuntu Cloud Archive has packages for multiple Ubuntu releases. For
|
||||
# more information, see: https://wiki.ubuntu.com/ServerTeam/CloudArchive.
|
||||
# In the component strings, %codename% will be replaced by the value of
|
||||
# the node['lsb']['codename'] Ohai value and %release% will be replaced
|
||||
# by the value of node['openstack']['release']
|
||||
#
|
||||
# Change ['openstack']['apt']['update_apt_cache'] to true if you would like
|
||||
# have the cache automatically updated
|
||||
default['openstack']['apt']['update_apt_cache'] = false
|
||||
default['openstack']['apt']['live_updates_enabled'] = true
|
||||
default['openstack']['apt']['uri'] = 'http://ubuntu-cloud.archive.canonical.com/ubuntu'
|
||||
default['openstack']['apt']['components'] = ['main']
|
||||
|
||||
default['openstack']['yum']['update_yum_cache'] = false
|
||||
default['openstack']['yum']['rdo_enabled'] = true
|
||||
default['openstack']['yum']['uri'] =
|
||||
if node['platform_version'].to_i >= 8
|
||||
# TODO: Train has been archived to vault for RHEL 8
|
||||
# "http://mirror.centos.org/centos/$releasever/cloud/$basearch/openstack-#{node['openstack']['release']}"
|
||||
"https://vault.centos.org/8.5.2111/cloud/x86_64/openstack-#{node['openstack']['release']}/"
|
||||
else
|
||||
"http://mirror.centos.org/centos/$releasever/cloud/$basearch/openstack-#{node['openstack']['release']}"
|
||||
end
|
||||
default['openstack']['yum']['repo-key'] = "https://github.com/rdo-infra/rdo-release/raw/#{node['openstack']['release']}-rdo/RPM-GPG-KEY-CentOS-SIG-Cloud"
|
||||
# Enforcing GnuPG signature check for RDO repo. Set this to false if you want to disable the check.
|
||||
default['openstack']['yum']['gpgcheck'] = true
|
||||
default['openstack']['endpoints']['family'] = 'inet'
|
||||
|
||||
# Set a default region that other regions are set to - such that changing the region for all services can be done in one place
|
||||
default['openstack']['region'] = 'RegionOne'
|
||||
|
||||
# Allow configured loggers in logging.conf
|
||||
default['openstack']['logging']['loggers'] = {
|
||||
'root' => {
|
||||
'level' => 'NOTSET',
|
||||
'handlers' => 'devel',
|
||||
},
|
||||
'ceilometer' => {
|
||||
'level' => 'DEBUG',
|
||||
'handlers' => 'prod,debug',
|
||||
'qualname' => 'ceilometer',
|
||||
},
|
||||
'cinder' => {
|
||||
'level' => 'DEBUG',
|
||||
'handlers' => 'prod,debug',
|
||||
'qualname' => 'cinder',
|
||||
},
|
||||
'glance' => {
|
||||
'level' => 'DEBUG',
|
||||
'handlers' => 'prod,debug',
|
||||
'qualname' => 'glance',
|
||||
},
|
||||
'horizon' => {
|
||||
'level' => 'DEBUG',
|
||||
'handlers' => 'prod,debug',
|
||||
'qualname' => 'horizon',
|
||||
},
|
||||
'keystone' => {
|
||||
'level' => 'DEBUG',
|
||||
'handlers' => 'prod,debug',
|
||||
'qualname' => 'keystone',
|
||||
},
|
||||
'nova' => {
|
||||
'level' => 'DEBUG',
|
||||
'handlers' => 'prod,debug',
|
||||
'qualname' => 'nova',
|
||||
},
|
||||
'neutron' => {
|
||||
'level' => 'DEBUG',
|
||||
'handlers' => 'prod,debug',
|
||||
'qualname' => 'neutron',
|
||||
},
|
||||
'trove' => {
|
||||
'level' => 'DEBUG',
|
||||
'handlers' => 'prod,debug',
|
||||
'qualname' => 'trove',
|
||||
},
|
||||
'amqplib' => {
|
||||
'level' => 'WARNING',
|
||||
'handlers' => 'stderr',
|
||||
'qualname' => 'amqplib',
|
||||
},
|
||||
'sqlalchemy' => {
|
||||
'level' => 'WARNING',
|
||||
# "level' => 'INFO" logs SQL queries.
|
||||
# "level' => 'DEBUG" logs SQL queries and results.
|
||||
# "level' => 'WARNING" logs neither. (Recommended for production systems.)
|
||||
'handlers' => 'stderr',
|
||||
'qualname' => 'sqlalchemy',
|
||||
},
|
||||
'boto' => {
|
||||
'level' => 'WARNING',
|
||||
'handlers' => 'stderr',
|
||||
'qualname' => 'boto',
|
||||
},
|
||||
'suds' => {
|
||||
'level' => 'INFO',
|
||||
'handlers' => 'stderr',
|
||||
'qualname' => 'suds',
|
||||
},
|
||||
'eventletwsgi' => {
|
||||
'level' => 'WARNING',
|
||||
'handlers' => 'stderr',
|
||||
'qualname' => 'eventlet.wsgi.server',
|
||||
},
|
||||
'nova_api_openstack_wsgi' => {
|
||||
'level' => 'WARNING',
|
||||
'handlers' => 'prod,debug',
|
||||
'qualname' => 'nova.api.openstack.wsgi',
|
||||
},
|
||||
'nova_osapi_compute_wsgi_server' => {
|
||||
'level' => 'WARNING',
|
||||
'handlers' => 'prod,debug',
|
||||
'qualname' => 'nova.osapi_compute.wsgi.server',
|
||||
},
|
||||
}
|
||||
|
||||
# Allow configured formatters in logging.conf
|
||||
default['openstack']['logging']['formatters'] = {
|
||||
'normal' => {
|
||||
'format' => '%(asctime)s %(levelname)s %(message)s',
|
||||
},
|
||||
'normal_with_name' => {
|
||||
'format' => '[%(name)s]: %(asctime)s %(levelname)s %(message)s',
|
||||
},
|
||||
'debug' => {
|
||||
'format' => '[%(name)s]: %(asctime)s %(levelname)s %(module)s.%(funcName)s %(message)s',
|
||||
},
|
||||
'syslog_with_name' => {
|
||||
'format' => '%(name)s: %(levelname)s %(message)s',
|
||||
},
|
||||
'syslog_debug' => {
|
||||
'format' => '%(name)s: %(levelname)s %(module)s.%(funcName)s %(message)s',
|
||||
},
|
||||
}
|
||||
|
||||
# Allow configured logging handlers in logging.conf
|
||||
default['openstack']['logging']['handlers'] = {
|
||||
'stderr' => {
|
||||
'args' => '(sys.stderr,)',
|
||||
'class' => 'StreamHandler',
|
||||
'formatter' => 'debug',
|
||||
},
|
||||
'devel' => {
|
||||
'args' => '(sys.stdout,)',
|
||||
'class' => 'StreamHandler',
|
||||
'formatter' => 'debug',
|
||||
'level' => 'NOTSET',
|
||||
},
|
||||
'prod' => {
|
||||
'args' => '((\'/dev/log\'), handlers.SysLogHandler.LOG_LOCAL0)',
|
||||
'class' => 'handlers.SysLogHandler',
|
||||
'formatter' => 'syslog_with_name',
|
||||
'level' => 'INFO',
|
||||
},
|
||||
'debug' => {
|
||||
'args' => '((\'/dev/log\'), handlers.SysLogHandler.LOG_LOCAL1)',
|
||||
'class' => 'handlers.SysLogHandler',
|
||||
'formatter' => 'syslog_debug',
|
||||
'level' => 'DEBUG',
|
||||
},
|
||||
}
|
||||
|
||||
default['openstack']['memcached_servers'] = nil
|
||||
|
||||
# Default sysctl settings
|
||||
default['openstack']['sysctl']['net.ipv4.conf.all.rp_filter'] = 0
|
||||
default['openstack']['sysctl']['net.ipv4.conf.default.rp_filter'] = 0
|
||||
|
||||
case node['platform_family']
|
||||
when 'rhel'
|
||||
default['openstack']['common']['platform'] =
|
||||
if node['platform_version'].to_i >= 8
|
||||
{
|
||||
'common_client_packages' => ['python3-openstackclient'],
|
||||
'python_packages' => %w(
|
||||
python3-pip
|
||||
python3-setuptools
|
||||
python3-virtualenv
|
||||
python3-wheel
|
||||
python36
|
||||
python36-devel
|
||||
),
|
||||
'package_overrides' => '',
|
||||
}
|
||||
else
|
||||
{
|
||||
'common_client_packages' => ['python-openstackclient'],
|
||||
'python_packages' => %w(
|
||||
python
|
||||
python2-pip
|
||||
python2-setuptools
|
||||
python-devel
|
||||
python-virtualenv
|
||||
python-wheel
|
||||
),
|
||||
'package_overrides' => '',
|
||||
}
|
||||
end
|
||||
when 'debian'
|
||||
default['openstack']['common']['platform'] = {
|
||||
'common_client_packages' => ['python3-openstackclient'],
|
||||
'python_packages' => %w(
|
||||
python3
|
||||
python3-dev
|
||||
python3-pip
|
||||
python3-setuptools
|
||||
python3-virtualenv
|
||||
python3-wheel
|
||||
virtualenv
|
||||
),
|
||||
'package_overrides' => '',
|
||||
}
|
||||
end
|
||||
|
||||
# The location of the OSC bash completion file
|
||||
default['openstack']['common']['bash_complete'] = '/etc/bash_completion.d/osc.bash_completion'
|
||||
|
||||
# Set maximum count for searches [1]
|
||||
# [1] https://review.opendev.org/60126
|
||||
default['openstack']['common']['search_count_max'] = 7
|
||||
|
||||
# The name of the Chef role that installs the Keystone Service API
|
||||
default['openstack']['identity_service_chef_role'] = 'os-identity'
|
||||
|
||||
# The name of the Chef role that sets up the compute worker
|
||||
default['openstack']['compute_worker_chef_role'] = 'os-compute-worker'
|
@ -1,125 +0,0 @@
|
||||
#
|
||||
# Cookbook:: openstack-common
|
||||
# Attributes:: messaging
|
||||
#
|
||||
# Copyright:: 2012-2021, AT&T Services, Inc.
|
||||
# Copyright:: 2013-2021, SUSE Linux GmbH
|
||||
# Copyright:: 2013-2021, Rackspace US, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
#
|
||||
# The rabbitmq user's password is stored in an encrypted databag and accessed
|
||||
# with openstack-common cookbook library's user_password routine. You are
|
||||
# expected to create the user, pass, vhost in a wrapper rabbitmq cookbook.
|
||||
#
|
||||
|
||||
# ******************** RabbitMQ Endpoint **************************************
|
||||
%w(endpoints bind_service).each do |type|
|
||||
default['openstack'][type]['mq']['host'] = '127.0.0.1'
|
||||
default['openstack'][type]['mq']['port'] = '5672'
|
||||
end
|
||||
default['openstack']['bind_service']['mq']['interface'] = nil
|
||||
|
||||
###################################################################
|
||||
# Services to assign mq attributes for
|
||||
###################################################################
|
||||
services =
|
||||
%w(
|
||||
aodh
|
||||
bare_metal
|
||||
baremetal
|
||||
block-storage
|
||||
block_storage
|
||||
compute
|
||||
database
|
||||
dns
|
||||
identity
|
||||
image
|
||||
load_balancer
|
||||
network
|
||||
orchestration
|
||||
placement
|
||||
telemetry
|
||||
)
|
||||
|
||||
###################################################################
|
||||
# Generic default attributes
|
||||
###################################################################
|
||||
default['openstack']['mq']['server_role'] = 'os-ops-messaging'
|
||||
default['openstack']['mq']['service_type'] = 'rabbit'
|
||||
default['openstack']['mq']['user'] = 'openstack'
|
||||
default['openstack']['mq']['vhost'] = '/'
|
||||
|
||||
# defined in oslo/messaging/_drivers/amqp.py
|
||||
default['openstack']['mq']['durable_queues'] = false
|
||||
default['openstack']['mq']['auto_delete'] = false
|
||||
|
||||
###################################################################
|
||||
# Default rabbit values (for attribute assignment below)
|
||||
###################################################################
|
||||
# global switch for handling rabbit ssl
|
||||
default['openstack']['mq']['rabbitmq']['use_ssl'] = false
|
||||
# SSL version to use (valid only if SSL enabled)
|
||||
default['openstack']['mq']['rabbitmq']['kombu_ssl_version'] = nil
|
||||
# SSL key file (valid only if SSL enabled)
|
||||
default['openstack']['mq']['rabbitmq']['kombu_ssl_keyfile'] = nil
|
||||
# SSL cert file (valid only if SSL enabled)
|
||||
default['openstack']['mq']['rabbitmq']['kombu_ssl_certfile'] = nil
|
||||
# SSL certification authority file (valid only if SSL enabled)
|
||||
default['openstack']['mq']['rabbitmq']['kombu_ssl_ca_certs'] = nil
|
||||
# How long to wait before reconnecting in response to an AMQP consumer cancel notification
|
||||
default['openstack']['mq']['rabbitmq']['kombu_reconnect_delay'] = 1.0
|
||||
# How long to wait before considering a reconnect attempt to have failed.
|
||||
# This value should not be longer than rpc_response_timeout
|
||||
default['openstack']['mq']['rabbitmq']['kombu_reconnect_timeout'] = 60
|
||||
# global switch for handling rabbit ha
|
||||
default['openstack']['mq']['rabbitmq']['ha'] = false
|
||||
# global switch for number of seconds after which the Rabbit broker is considered down if heartbeat's keep-alive fails (0 disable the heartbeat)
|
||||
default['openstack']['mq']['rabbitmq']['heartbeat_timeout_threshold'] = 0
|
||||
# global switch for how often times during the heartbeat_timeout_threshold we check the heartbeat
|
||||
default['openstack']['mq']['rabbitmq']['heartbeat_rate'] = 2
|
||||
|
||||
rabbit_defaults = {
|
||||
rabbit_max_retries: 0,
|
||||
rabbit_retry_interval: 1,
|
||||
userid: node['openstack']['mq']['user'],
|
||||
vhost: node['openstack']['mq']['vhost'],
|
||||
port: node['openstack']['endpoints']['mq']['port'],
|
||||
host: node['openstack']['endpoints']['mq']['host'],
|
||||
ha: node['openstack']['mq']['rabbitmq']['ha'],
|
||||
heartbeat_timeout_threshold: node['openstack']['mq']['rabbitmq']['heartbeat_timeout_threshold'],
|
||||
heartbeat_rate: node['openstack']['mq']['rabbitmq']['heartbeat_rate'],
|
||||
use_ssl: node['openstack']['mq']['rabbitmq']['use_ssl'],
|
||||
kombu_ssl_version: node['openstack']['mq']['rabbitmq']['kombu_ssl_version'],
|
||||
kombu_ssl_keyfile: node['openstack']['mq']['rabbitmq']['kombu_ssl_keyfile'],
|
||||
kombu_ssl_certfile: node['openstack']['mq']['rabbitmq']['kombu_ssl_certfile'],
|
||||
kombu_ssl_ca_certs: node['openstack']['mq']['rabbitmq']['kombu_ssl_ca_certs'],
|
||||
kombu_reconnect_delay: node['openstack']['mq']['rabbitmq']['kombu_reconnect_delay'],
|
||||
kombu_reconnect_timeout: node['openstack']['mq']['rabbitmq']['kombu_reconnect_timeout'],
|
||||
}
|
||||
|
||||
###################################################################
|
||||
# Assign default mq attributes for every service
|
||||
###################################################################
|
||||
services.each do |svc|
|
||||
default['openstack']['mq'][svc]['service_type'] = node['openstack']['mq']['service_type']
|
||||
|
||||
default['openstack']['mq'][svc]['durable_queues'] =
|
||||
node['openstack']['mq']['durable_queues']
|
||||
default['openstack']['mq'][svc]['auto_delete'] =
|
||||
node['openstack']['mq']['auto_delete']
|
||||
|
||||
rabbit_defaults.each do |key, val|
|
||||
default['openstack']['mq'][svc]['rabbit'][key.to_s] = val
|
||||
end
|
||||
end
|
138
libraries/cli.rb
138
libraries/cli.rb
@ -1,138 +0,0 @@
|
||||
#
|
||||
# Cookbook:: openstack-common
|
||||
# library:: cli
|
||||
#
|
||||
# Copyright:: 2014-2021, IBM Corp.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
#
|
||||
|
||||
require 'chef/mixin/shell_out'
|
||||
include Chef::Mixin::ShellOut
|
||||
require 'uri'
|
||||
|
||||
# CLI methods
|
||||
module ::Openstack
|
||||
# return an environment suitable for calling openstack commands.
|
||||
#
|
||||
# @param [String] user name
|
||||
# @param [String] tenant name
|
||||
# @return [Hash] environment
|
||||
def openstack_command_env(name, project, user_domain, project_domain)
|
||||
identity_endpoint = public_endpoint 'identity'
|
||||
auth_url = identity_endpoint.to_s
|
||||
|
||||
pass = get_password 'user', name
|
||||
{
|
||||
'OS_USERNAME' => name,
|
||||
'OS_PASSWORD' => pass,
|
||||
'OS_PROJECT_NAME' => project,
|
||||
'OS_USER_DOMAIN_NAME' => user_domain,
|
||||
'OS_PROJECT_DOMAIN_NAME' => project_domain,
|
||||
'OS_IDENTITY_API_VERSION' => '3',
|
||||
'OS_AUTH_URL' => auth_url,
|
||||
}
|
||||
end
|
||||
|
||||
# return stdout from calling an openstack command.
|
||||
#
|
||||
# @param [String] command to run
|
||||
# @param [String] command options
|
||||
# @param [Hash] environment to use
|
||||
# @param [Hash] optional command argument/values pairs
|
||||
# @return [String] stdout or fail
|
||||
#
|
||||
def openstack_command(cmd, options = '', env = {}, args = {})
|
||||
# NOTE: Here we split options (which creates an array) and then merge that
|
||||
# array into [cmd]. This is done to accomdate cmd + options like:
|
||||
# keystone user-list
|
||||
# glance image-show <id|name>
|
||||
openstackcmd = [cmd]
|
||||
args.each do |key, val|
|
||||
openstackcmd << "--#{key}"
|
||||
openstackcmd << val.to_s unless val.to_s.empty?
|
||||
end
|
||||
# If options is a string, split on whitespace into array; otherwise, assume
|
||||
# it is an array already and leave it untouched.
|
||||
options = options.split if options.instance_of? String
|
||||
openstackcmd = openstackcmd.concat(options)
|
||||
Chef::Log.debug("Running openstack command: #{openstackcmd} with environment: #{env}")
|
||||
result = shell_out(openstackcmd, env: env)
|
||||
Chef::Log.debug("Output for command: #{cmd}:\n#{result.stdout}\n#{result.stderr}")
|
||||
raise "#{result.stderr} (#{result.exitstatus})" if result.exitstatus != 0
|
||||
result.stdout
|
||||
end
|
||||
|
||||
# return uuid for a resource.
|
||||
#
|
||||
# @param [String] client of resource (keystone, neutron, glance, ...)
|
||||
# @param [String] type of resource (user, service, tenant, endpoint, role; net, subnet, router, ...)
|
||||
# @param [String] key of resource to match
|
||||
# @param [String] value of resource key to match
|
||||
# @param [Hash] environment to use.
|
||||
# @param [Hash] optional command argument/values pairs
|
||||
# @param [String] optional uuid field to match
|
||||
# @return [String] uuid or nil
|
||||
#
|
||||
def get_uuid(client, type, key, value, env, args = {}, uuid_field = 'id') # rubocop: disable Metrics/ParameterLists
|
||||
begin
|
||||
output = openstack_command(client, "#{type} list", env, args)
|
||||
prettytable_to_array(output).each do |obj|
|
||||
return obj[uuid_field] if obj.key?(uuid_field) && obj[key] == value
|
||||
end
|
||||
rescue RuntimeError => e
|
||||
raise "Could not lookup uuid for #{type}:#{key}=>#{value}. Error was #{e.message}"
|
||||
end
|
||||
nil
|
||||
end
|
||||
|
||||
# return uuid for an identity resource.
|
||||
#
|
||||
# @param [String] type of resource (user, service, tenant, endpoint, role)
|
||||
# @param [String] key of resource to match
|
||||
# @param [String] value of resource key to match
|
||||
# @param [Hash] environment to use.
|
||||
# @param [Hash] optional command argument/values pairs
|
||||
# @param [String] optional uuid field to match
|
||||
# @return [String] uuid or nil
|
||||
#
|
||||
# TODO: update openstack-identity register provider to use these functions.
|
||||
#
|
||||
def identity_uuid(*args)
|
||||
get_uuid('openstack', *args)
|
||||
end
|
||||
|
||||
# return id for a glance image.
|
||||
#
|
||||
# @param [String] name of image
|
||||
# @param [Hash] environment to use.
|
||||
# @param [Hash] optional command argument/values pairs
|
||||
# @return [String] id or nil
|
||||
def image_id(name, env, args = {})
|
||||
get_uuid('openstack', 'image', 'Name', name, env, args, 'ID')
|
||||
end
|
||||
|
||||
# return uuid for a network resource.
|
||||
#
|
||||
# @param [String] type of resource (net, subnet, router, port, ...)
|
||||
# @param [String] key of resource to match
|
||||
# @param [String] value of resource key to match
|
||||
# @param [Hash] environment to use.
|
||||
# @param [Hash] optional command argument/values pairs
|
||||
# @param [String] optional uuid field to match
|
||||
# @return [String] uuid or nil
|
||||
#
|
||||
def network_uuid(*args)
|
||||
get_uuid('openstack', *args)
|
||||
end
|
||||
end
|
@ -1,46 +0,0 @@
|
||||
#
|
||||
# Cookbook:: openstack-common
|
||||
# library:: config_helpers
|
||||
#
|
||||
# Copyright:: 2016-2021, cloudbau GmbH
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
#
|
||||
|
||||
# config helper methods
|
||||
module ::Openstack
|
||||
# return a Mash with config options which can be used for the service config
|
||||
# templates
|
||||
# @param [String] service
|
||||
def merge_config_options(service)
|
||||
conf = deep_dup(node['openstack'][service]['conf'])
|
||||
conf_secrets = if node['openstack'][service]['conf_secrets']
|
||||
deep_dup(node['openstack'][service]['conf_secrets'])
|
||||
else
|
||||
{}
|
||||
end
|
||||
Chef::Mixin::DeepMerge.merge(conf, conf_secrets)
|
||||
end
|
||||
|
||||
# return a full dup of the given Mash even if nested
|
||||
# @param kind_of(Mash) can be a Chef::Node::ImmutableMash and will output a
|
||||
# simple Mash on all layers
|
||||
def deep_dup(mash)
|
||||
duplicate = mash.dup
|
||||
duplicate.each_pair do |k, v|
|
||||
tv = duplicate[k]
|
||||
duplicate[k] = tv.is_a?(Hash) && v.is_a?(Hash) ? deep_dup(tv) : v
|
||||
end
|
||||
duplicate
|
||||
end
|
||||
end
|
@ -1,94 +0,0 @@
|
||||
#
|
||||
# Cookbook:: openstack-common
|
||||
# library:: endpoints
|
||||
#
|
||||
# Copyright:: 2012-2021, AT&T Services, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
#
|
||||
|
||||
# Endpoint methods
|
||||
module ::Openstack
|
||||
# Instead of specifying the verbose node['openstack']['db'][service],
|
||||
# this shortcut allows the simpler and shorter db(service), where
|
||||
# service can be: 'compute', 'image', 'identity', 'network', etc.
|
||||
def db(service)
|
||||
node['openstack']['db'][service]
|
||||
rescue
|
||||
nil
|
||||
end
|
||||
|
||||
# Shortcut to get the transport_url for rabbitmq
|
||||
def rabbit_transport_url(service)
|
||||
mq_user = node['openstack']['mq'][service]['rabbit']['userid']
|
||||
mq_password = get_password 'user', mq_user
|
||||
mq_port = node['openstack']['endpoints']['mq']['port']
|
||||
vhost = node['openstack']['mq']['vhost']
|
||||
mq_host = node['openstack']['endpoints']['mq']['host']
|
||||
url = 'rabbit://'
|
||||
if node['openstack']['mq']['cluster']
|
||||
node['openstack']['mq']['servers'].each do |server|
|
||||
url += "#{mq_user}:#{mq_password}@#{server}:#{mq_port}"
|
||||
url += ',' unless node['openstack']['mq']['servers'].last == server
|
||||
end
|
||||
else
|
||||
url += "#{mq_user}:#{mq_password}@#{mq_host}:#{mq_port}"
|
||||
end
|
||||
url += vhost
|
||||
url
|
||||
end
|
||||
|
||||
# Shortcut to get the SQLAlchemy DB URI for a named service
|
||||
def db_uri(service, user, pass, is_slave = false)
|
||||
info = db(service)
|
||||
return unless info
|
||||
|
||||
if is_slave
|
||||
host = info['slave_host']
|
||||
port = info['slave_port'].to_s
|
||||
else
|
||||
host = info['host']
|
||||
port = info['port'].to_s
|
||||
end
|
||||
type = info['service_type']
|
||||
name = info['db_name']
|
||||
options = info['options'][type]
|
||||
|
||||
# Normalize to the SQLAlchemy standard db type identifier
|
||||
case type
|
||||
when 'mariadb', 'galera', 'percona-cluster'
|
||||
type = 'mysql'
|
||||
end
|
||||
|
||||
# Build uri
|
||||
case type
|
||||
when 'mysql'
|
||||
"mysql+pymysql://#{user}:#{pass}@#{host}:#{port}/#{name}#{options}"
|
||||
when 'sqlite'
|
||||
# SQLite uses filepaths not db name
|
||||
# README(galstrom): 3 slashes is a relative path, 4 slashes is an absolute path
|
||||
# example: info['path'] = 'path/to/foo.db' -- will return sqlite:///foo.db
|
||||
# example: info['path'] = '/path/to/foo.db' -- will return sqlite:////foo.db
|
||||
path = info['path']
|
||||
"#{type}:///#{path}#{options}"
|
||||
end
|
||||
end
|
||||
|
||||
# Find the specific endpoint type ('internal' or
|
||||
# 'public') for the given service.
|
||||
%w(public internal).each do |ep_type|
|
||||
define_method("#{ep_type}_endpoint") do |service|
|
||||
uri_from_hash(node['openstack']['endpoints'][ep_type][service])
|
||||
end
|
||||
end
|
||||
end
|
@ -1,101 +0,0 @@
|
||||
if defined?(ChefSpec)
|
||||
|
||||
#
|
||||
# Test method for ini format file
|
||||
#
|
||||
# Example file content:
|
||||
#
|
||||
# [section1]
|
||||
# option1 = value1
|
||||
# option2 = value2
|
||||
# [section2]
|
||||
# option3 = value3
|
||||
#
|
||||
# Example file content with dup sections:
|
||||
#
|
||||
# [section1]
|
||||
# option1 = value1
|
||||
# option2 = value2
|
||||
# [section2]
|
||||
# option3 = value3
|
||||
# [section1]
|
||||
# option4 = value4
|
||||
#
|
||||
# Example custom matcher that can be called in other
|
||||
# cookbooks.
|
||||
#
|
||||
# render_config_file(path).with_section_content(
|
||||
# 'section1', 'option1 = value1')
|
||||
# render_config_file(path).with_section_content(
|
||||
# 'section1', /^option2 = value2$/)
|
||||
#
|
||||
def render_config_file(path)
|
||||
RenderConfigFileMatcher.new(path)
|
||||
end
|
||||
|
||||
#
|
||||
# Extend the RenderFileMatcher as RenderConfigFileMatcher,
|
||||
# add a new method with_section_content for ini format file.
|
||||
#
|
||||
class RenderConfigFileMatcher < ChefSpec::Matchers::RenderFileMatcher
|
||||
def with_section_content(section, expected_content)
|
||||
@section = section
|
||||
@expected_content << expected_content
|
||||
self
|
||||
end
|
||||
|
||||
def matches_content?
|
||||
def section?(line, section = '.*')
|
||||
return true if line =~ /^[ \t]*\[#{section}\]/
|
||||
end
|
||||
|
||||
def get_section_content(content, section)
|
||||
within_section = false
|
||||
section_content = ''
|
||||
content.split("\n").each do |line|
|
||||
if section?(line, section)
|
||||
within_section = true
|
||||
next
|
||||
end
|
||||
|
||||
start_of_new_section = section?(line)
|
||||
section_content << "#{line}\n" if within_section && !start_of_new_section
|
||||
within_section = false if start_of_new_section
|
||||
end
|
||||
section_content
|
||||
end
|
||||
|
||||
return true if @expected_content.nil?
|
||||
|
||||
@actual_content = ChefSpec::Renderer.new(@runner, resource).content
|
||||
|
||||
unless @actual_content.nil?
|
||||
unless @section.nil?
|
||||
@actual_content = get_section_content(@actual_content, @section)
|
||||
end
|
||||
end
|
||||
|
||||
return false if @actual_content.nil?
|
||||
|
||||
# Knock out matches that pass. When we're done, we pass if the list is
|
||||
# empty. Otherwise, @expected_content is the list of matchers that
|
||||
# failed
|
||||
@expected_content.delete_if do |expected|
|
||||
if expected.is_a?(Regexp)
|
||||
@actual_content =~ expected
|
||||
elsif RSpec::Matchers.is_a_matcher?(expected)
|
||||
expected.matches?(@actual_content)
|
||||
elsif expected.is_a?(Proc)
|
||||
expected.call(@actual_content)
|
||||
# Weird RSpecish, but that block will return false for a negated check,
|
||||
# so we always return true. The block will raise an exception if the
|
||||
# assertion fails.
|
||||
true
|
||||
else
|
||||
@actual_content.include?(expected)
|
||||
end
|
||||
end
|
||||
@expected_content.empty?
|
||||
end
|
||||
end
|
||||
end
|
@ -1,72 +0,0 @@
|
||||
#
|
||||
# Cookbook:: openstack-common
|
||||
# library:: network
|
||||
#
|
||||
# Copyright:: 2012-2021, AT&T Services, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
#
|
||||
|
||||
# Network methods
|
||||
module ::Openstack
|
||||
# return the IPv4 (default) address of the given interface.
|
||||
#
|
||||
# @param [String] interface The interface to query.
|
||||
# @param [String] family The protocol family to use.
|
||||
# @param [Mash] nodeish The node object to query.
|
||||
# @param [Boolean] drop_vips Option to exclude virtual ips with netmask 32 (ipv4) or 128 (ipv6).
|
||||
# @return [String] The address or log error when address is nil
|
||||
def address_for(interface, family = node['openstack']['endpoints']['family'], nodeish = node, drop_vips = true)
|
||||
Chef::Log.debug("address_for(#{interface}, #{family}, #{nodeish})")
|
||||
if interface == 'all'
|
||||
case family
|
||||
when 'inet6'
|
||||
return '::'
|
||||
when 'inet'
|
||||
return '0.0.0.0'
|
||||
end
|
||||
end
|
||||
raise "Interface #{interface} does not exist" unless nodeish['network']['interfaces'][interface]
|
||||
addresses = nodeish['network']['interfaces'][interface]['addresses']
|
||||
raise "Interface #{interface} has no addresses assigned" if addresses.to_a.empty?
|
||||
get_address addresses, family, drop_vips
|
||||
end
|
||||
|
||||
# return the IPv4 (default) address for either interface
|
||||
# via address_for method or [Hash] host
|
||||
#
|
||||
# @param [Hash] service_config pointed to the set Hash
|
||||
def bind_address(service_config)
|
||||
iface = service_config['interface']
|
||||
if iface
|
||||
address_for(iface)
|
||||
else
|
||||
service_config['host']
|
||||
end
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def get_address(addresses, family, drop_vips)
|
||||
case family
|
||||
when 'inet'
|
||||
vip_prefixlen = '32'
|
||||
when 'inet6'
|
||||
vip_prefixlen = '128'
|
||||
end
|
||||
addresses.each do |addr, data|
|
||||
return addr if data['family'] == family && (data['prefixlen'] != vip_prefixlen || !drop_vips)
|
||||
end
|
||||
raise "No address for family #{family} found"
|
||||
end
|
||||
end
|
@ -1,56 +0,0 @@
|
||||
#
|
||||
# Cookbook:: openstack-common
|
||||
# library:: parse
|
||||
#
|
||||
# Copyright:: 2013-2021, Craig Tracey <craigtracey@gmail.com>
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
# Parse methods
|
||||
module ::Openstack
|
||||
# The current state of (at least some) OpenStack CLI tools do not provide a
|
||||
# mechanism for outputting data in formats other than PrettyTable output.
|
||||
# Therefore this function is intended to parse PrettyTable output into a
|
||||
# usable array of hashes. Similarly, it will flatten Property/Value tables
|
||||
# into a single element array.
|
||||
# table - the raw PrettyTable output of the CLI command
|
||||
# output - array of hashes representing the data.
|
||||
def prettytable_to_array(table)
|
||||
ret = []
|
||||
return ret if table.nil?
|
||||
indicies = []
|
||||
table.split(/$/).map(&:strip).each do |line|
|
||||
next if line.start_with?('+--') || line.empty?
|
||||
cols = line.split('|').map(&:strip)
|
||||
cols.shift
|
||||
if indicies == []
|
||||
indicies = cols
|
||||
next
|
||||
end
|
||||
newobj = {}
|
||||
cols.each { |val| newobj[indicies[newobj.length]] = val }
|
||||
ret.push(newobj)
|
||||
end
|
||||
|
||||
# this kinda sucks, but some prettytable data comes
|
||||
# as Property Value pairs. If this is the case, then
|
||||
# flatten it as expected.
|
||||
newobj = {}
|
||||
if indicies == %w(Property Value)
|
||||
ret.each { |x| newobj[x['Property']] = x['Value'] }
|
||||
[newobj]
|
||||
else
|
||||
ret
|
||||
end
|
||||
end
|
||||
end
|
@ -1,86 +0,0 @@
|
||||
#
|
||||
# Cookbook:: openstack-common
|
||||
# library:: passwords
|
||||
#
|
||||
# Copyright:: 2012-2021, AT&T Services, Inc.
|
||||
# Copyright:: 2014-2021, SUSE Linux, GmbH.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
#
|
||||
|
||||
# Password methods
|
||||
module ::Openstack
|
||||
# Library routine that returns an encrypted data bag value
|
||||
# for a supplied string. The key used in decrypting the
|
||||
# encrypted value should be located at
|
||||
# node['openstack']['secret']['key_path'].
|
||||
#
|
||||
def secret(bag_name, index)
|
||||
case node['openstack']['databag_type']
|
||||
when 'encrypted'
|
||||
encrypted_secret(bag_name, index)
|
||||
when 'standard'
|
||||
standard_secret(bag_name, index)
|
||||
when 'vault' # chef-vault, by convention use "vault_<bag_name>" as bag_name
|
||||
vault_secret('vault_' + bag_name, index)
|
||||
else
|
||||
::Chef::Log.error("Unsupported value for node['openstack']['databag_type']")
|
||||
end
|
||||
end
|
||||
|
||||
def encrypted_secret(bag_name, index)
|
||||
key_path = node['openstack']['secret']['key_path']
|
||||
::Chef::Log.info "Loading encrypted databag #{bag_name}.#{index} using key at #{key_path}"
|
||||
secret = ::Chef::EncryptedDataBagItem.load_secret key_path
|
||||
::Chef::EncryptedDataBagItem.load(bag_name, index, secret)[index]
|
||||
end
|
||||
|
||||
def standard_secret(bag_name, index)
|
||||
::Chef::Log.info "Loading databag #{bag_name}.#{index}"
|
||||
::Chef::DataBagItem.load(bag_name, index)[index]
|
||||
end
|
||||
|
||||
def vault_secret(bag_name, index)
|
||||
begin
|
||||
require 'chef-vault'
|
||||
rescue LoadError
|
||||
Chef::Log.warn("Missing gem 'chef-vault'")
|
||||
end
|
||||
::Chef::Log.info "Loading vault secret #{index} from #{bag_name}"
|
||||
::ChefVault::Item.load(bag_name, index)[index]
|
||||
end
|
||||
|
||||
# Return a password using either data bags or attributes for
|
||||
# storage. The storage mechanism used is determined by the
|
||||
# node['openstack']['use_databags'] attribute.
|
||||
# @param [String] type of password, one of 'user', 'service', 'db' or 'token'
|
||||
# @param [String] the identifier of the password (usually the
|
||||
# component name, but can also be a token name
|
||||
# e.g. openstack_identity_bootstrap_token
|
||||
def get_password(type, key)
|
||||
unless %w(db user service token).include?(type)
|
||||
::Chef::Log.error("Unsupported type for get_password: #{type}")
|
||||
return
|
||||
end
|
||||
|
||||
if node['openstack']['use_databags']
|
||||
if type == 'token'
|
||||
secret node['openstack']['secret']['secrets_data_bag'], key
|
||||
else
|
||||
secret node['openstack']['secret']["#{type}_passwords_data_bag"], key
|
||||
end
|
||||
else
|
||||
node['openstack']['secret'][key][type]
|
||||
end
|
||||
end
|
||||
end
|
@ -1,87 +0,0 @@
|
||||
#
|
||||
# Cookbook:: openstack-common
|
||||
# library:: search
|
||||
#
|
||||
# Copyright:: 2013-2021, AT&T Services, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
#
|
||||
|
||||
# Search methods
|
||||
module ::Openstack
|
||||
# Search the nodes environment for the given role or recipe.
|
||||
#
|
||||
# @param [String] The role or recipe to be found.
|
||||
# @return [Array] The matching result or an empty list.
|
||||
def search_for(r, &block)
|
||||
role_query = "(chef_environment:#{node.chef_environment} AND roles:#{r})"
|
||||
recipe_query = "(chef_environment:#{node.chef_environment} AND recipes:#{r})".sub('::', '\:\:')
|
||||
query = "#{role_query} OR #{recipe_query}"
|
||||
count = 1
|
||||
sum = node['openstack']['common']['search_count_max']
|
||||
while count < sum
|
||||
resp = search(:node, query, &block)
|
||||
break unless resp.nil?
|
||||
sleep 2**count
|
||||
count += 1
|
||||
end
|
||||
resp || []
|
||||
end
|
||||
|
||||
# Returns the value for ['openstack']['memcached_servers'] when
|
||||
# set, otherwise will perform a search.
|
||||
#
|
||||
# @param [String] role The role to be found (optional).
|
||||
# @return [Array] A list of memcached servers in format
|
||||
# '<ip>:<port>'.
|
||||
def memcached_servers(role = 'infra-caching')
|
||||
if node['openstack']['memcached_servers'].nil?
|
||||
search_for(role).map do |n|
|
||||
listen = n['memcached']['listen']
|
||||
port = n['memcached']['port'] || '11211'
|
||||
|
||||
"#{listen}:#{port}"
|
||||
end.sort
|
||||
elsif node['openstack']['memcached_servers']
|
||||
node['openstack']['memcached_servers']
|
||||
else
|
||||
[]
|
||||
end
|
||||
end
|
||||
|
||||
# Returns all rabbit servers.
|
||||
# Uses the value for ['openstack']['mq']['servers'] when set, otherwise
|
||||
# will perform a search.
|
||||
#
|
||||
# @return [String] Rabbit servers joined by a comma in
|
||||
# the format of '<ip>:<port>'.
|
||||
def rabbit_servers
|
||||
if node['openstack']['mq']['servers']
|
||||
servers = node['openstack']['mq']['servers']
|
||||
port = node['openstack']['endpoints']['mq']['port']
|
||||
|
||||
servers.map { |s| "#{s}:#{port}" }.join ','
|
||||
else
|
||||
role = node['openstack']['mq']['server_role']
|
||||
search_for(role).map do |n|
|
||||
# The listen attribute should be saved to the node
|
||||
# in the wrapper cookbook. See the reference cookbook
|
||||
# openstack-ops-messaging.
|
||||
address = n['openstack']['mq']['listen']
|
||||
port = n['openstack']['endpoints']['mq']['port']
|
||||
|
||||
"#{address}:#{port}"
|
||||
end.sort.join ','
|
||||
end
|
||||
end
|
||||
end
|
@ -1,53 +0,0 @@
|
||||
#
|
||||
# Cookbook:: openstack-common
|
||||
# library:: uri
|
||||
#
|
||||
# Copyright:: 2012-2021, AT&T Services, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
#
|
||||
|
||||
require 'uri'
|
||||
# TODO(ramereth): Workaround for this issue https://github.com/chef/chef/issues/10452
|
||||
# require 'addressable/uri'
|
||||
autoload :Addressable, 'addressable/uri'
|
||||
|
||||
# URI methods
|
||||
module ::Openstack
|
||||
# Returns a uri::URI from a hash. If the hash has a 'uri' key, the value
|
||||
# of that is returned. If not, then the routine attempts to construct
|
||||
# the URI from other parts of the hash. The values of the 'port' and 'path'
|
||||
# keys are used directly from the hash.
|
||||
def uri_from_hash(hash)
|
||||
if hash['uri']
|
||||
::URI.parse Addressable::URI.encode(hash['uri'])
|
||||
else
|
||||
host = hash['host']
|
||||
scheme = hash['scheme'] || 'http'
|
||||
port = hash['port'] # Returns nil if missing, which is fine.
|
||||
path = hash['path'] # Returns nil if missing, which is fine.
|
||||
::URI::Generic.new scheme, nil, host, port, nil, path, nil, nil, nil
|
||||
end
|
||||
end
|
||||
|
||||
# Helper for joining URI paths. The standard URI::join method is not
|
||||
# intended for joining URI relative path segments. This function merely
|
||||
# helps to accurately join supplied paths.
|
||||
def uri_join_paths(*paths)
|
||||
return if paths.empty?
|
||||
leadingslash = paths[0][0] == '/' ? '/' : ''
|
||||
trailingslash = paths[-1][-1] == '/' ? '/' : ''
|
||||
paths.map! { |path| path.sub(%r{^\/+}, '').sub(%r{\/+$}, '') }
|
||||
leadingslash + paths.join('/') + trailingslash
|
||||
end
|
||||
end
|
@ -1,28 +0,0 @@
|
||||
# Cookbook:: openstack-common
|
||||
# library:: wrappers
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
#
|
||||
|
||||
# Wrapper methods
|
||||
module ::Openstack
|
||||
# Wrapper method to allow to easier spec testing
|
||||
def recipe_included?(recipe)
|
||||
node['recipes'].include?(recipe)
|
||||
end
|
||||
|
||||
# Wrapper method to allow to easier spec testing
|
||||
def role_included?(role)
|
||||
node.role?(role)
|
||||
end
|
||||
end
|
21
metadata.rb
21
metadata.rb
@ -1,21 +0,0 @@
|
||||
name 'openstack-common'
|
||||
maintainer 'openstack-chef'
|
||||
maintainer_email 'openstack-discuss@lists.openstack.org'
|
||||
license 'Apache-2.0'
|
||||
description 'Common OpenStack attributes, libraries and recipes.'
|
||||
version '20.0.0'
|
||||
|
||||
%w(ubuntu redhat centos).each do |os|
|
||||
supports os
|
||||
end
|
||||
|
||||
depends 'etcd', '~> 7.0'
|
||||
depends 'mariadb', '~> 5.0'
|
||||
depends 'memcached', '~> 7.0'
|
||||
depends 'selinux'
|
||||
depends 'yum-centos', '>= 3.2.0'
|
||||
depends 'yum-epel'
|
||||
|
||||
issues_url 'https://launchpad.net/openstack-chef'
|
||||
source_url 'https://opendev.org/openstack/cookbook-openstack-common'
|
||||
chef_version '>= 16.0'
|
@ -1,27 +0,0 @@
|
||||
#
|
||||
# Cookbook:: openstack-common
|
||||
# Recipe:: client
|
||||
#
|
||||
# Copyright:: 2014-2021, IBM Corp.
|
||||
# Copyright:: 2017-2021, cloudbau GmbH
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
#
|
||||
|
||||
platform_options = node['openstack']['common']['platform']
|
||||
platform_options['common_client_packages'].each do |pkg|
|
||||
package pkg do
|
||||
options platform_options['package_overrides']
|
||||
action :upgrade
|
||||
end
|
||||
end
|
@ -1,29 +0,0 @@
|
||||
#
|
||||
# Cookbook:: openstack-common
|
||||
# Recipe:: completions
|
||||
#
|
||||
# Copyright:: 2019-2021, x-ion GmbH
|
||||
# Copyright:: 2020-2021, Oregon State University
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
#
|
||||
package 'bash-completion'
|
||||
|
||||
directory '/etc/bash_completion.d/' do
|
||||
mode '755'
|
||||
end
|
||||
|
||||
execute 'create OSC bash completions' do
|
||||
command "openstack complete > #{node['openstack']['common']['bash_complete']}"
|
||||
creates node['openstack']['common']['bash_complete']
|
||||
end
|
@ -1,139 +0,0 @@
|
||||
#
|
||||
# Cookbook:: openstack-common
|
||||
# library:: default
|
||||
#
|
||||
# Copyright:: 2012-2021, AT&T Services, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
#
|
||||
|
||||
platform_options = node['openstack']['common']['platform']
|
||||
case node['platform_family']
|
||||
when 'debian'
|
||||
if node['openstack']['apt']['update_apt_cache']
|
||||
# update the apt cache before installing anything
|
||||
apt_update 'default' do
|
||||
action :update
|
||||
end
|
||||
end
|
||||
|
||||
# populate the necessary apt options
|
||||
# by default, do not overwrite existing configuration files
|
||||
# this alleviates the need to populate package_overrides in every cookbook
|
||||
file '/etc/apt/apt.conf.d/confdef' do
|
||||
owner 'root'
|
||||
group 'root'
|
||||
mode '644'
|
||||
content 'Dpkg::Options {
|
||||
"--force-confdef";
|
||||
"--force-confold";
|
||||
}'
|
||||
action :create
|
||||
end
|
||||
|
||||
package 'ubuntu-cloud-keyring' do
|
||||
options platform_options['package_overrides']
|
||||
action :upgrade
|
||||
end
|
||||
|
||||
if node['openstack']['apt']['live_updates_enabled']
|
||||
apt_components = node['openstack']['apt']['components']
|
||||
apt_repository 'openstack-ppa' do
|
||||
uri node['openstack']['apt']['uri']
|
||||
distribution "#{node['lsb']['codename']}-updates/#{node['openstack']['release']}"
|
||||
components apt_components
|
||||
cache_rebuild true # update the cache after a new repo is added
|
||||
end
|
||||
|
||||
# add in the proposed repo, but only if we're in development
|
||||
proposed_action = if node['openstack']['is_release']
|
||||
:remove
|
||||
else
|
||||
:add
|
||||
end
|
||||
|
||||
apt_repository 'openstack-ppa-proposed' do
|
||||
uri node['openstack']['apt']['uri']
|
||||
distribution "#{node['lsb']['codename']}-proposed/#{node['openstack']['release']}"
|
||||
components apt_components
|
||||
action proposed_action
|
||||
cache_rebuild true # update the cache after a new repo is added
|
||||
end
|
||||
end
|
||||
|
||||
when 'rhel'
|
||||
case node['platform_version'].to_i
|
||||
when 7
|
||||
# TODO(ramereth): These packages conflict with the RDO repo for Train
|
||||
node.default['yum']['epel']['exclude'] = 'python2-qpid-proton python2-pyngus qpid-proton-c'
|
||||
when 8
|
||||
# Need PowerTools repo for some of the python deps
|
||||
node.default['yum']['powertools']['enabled'] = true
|
||||
node.default['yum']['powertools']['managed'] = true
|
||||
# Need to use RabbitMQ repo on EL8
|
||||
node.default['yum']['centos-rabbitmq']['enabled'] = true
|
||||
node.default['yum']['centos-rabbitmq']['managed'] = true
|
||||
|
||||
include_recipe 'yum-centos'
|
||||
end
|
||||
|
||||
include_recipe 'yum-epel'
|
||||
|
||||
repo_action = if node['openstack']['yum']['rdo_enabled']
|
||||
:add
|
||||
elsif FileTest.exist? "/etc/yum.repos.d/RDO-#{node['openstack']['release']}.repo"
|
||||
:remove
|
||||
else
|
||||
:nothing
|
||||
end
|
||||
|
||||
yum_repository "RDO-#{node['openstack']['release']}" do
|
||||
description "OpenStack RDO repo for #{node['openstack']['release']}"
|
||||
gpgkey node['openstack']['yum']['repo-key']
|
||||
baseurl node['openstack']['yum']['uri']
|
||||
gpgcheck node['openstack']['yum']['gpgcheck']
|
||||
enabled true
|
||||
action repo_action
|
||||
end
|
||||
|
||||
# add in the RDO deps, but only if we're in development
|
||||
deps_action = if node['openstack']['is_release']
|
||||
:remove
|
||||
else
|
||||
:add
|
||||
end
|
||||
|
||||
yum_repository "RDO-#{node['openstack']['release']}-deps" do
|
||||
description "OpenStack RDO deps repo for #{node['openstack']['release']}"
|
||||
baseurl "https://buildlogs.centos.org/centos/7/cloud/x86_64/openstack-#{node['openstack']['release']}"
|
||||
gpgcheck false
|
||||
enabled true
|
||||
action deps_action
|
||||
end
|
||||
|
||||
package 'centos-release-qemu-ev' do
|
||||
action :upgrade
|
||||
end if node['platform_version'].to_i < 8
|
||||
end
|
||||
|
||||
# install a python
|
||||
package node['openstack']['common']['platform']['python_packages'] do
|
||||
options platform_options['package_overrides']
|
||||
action :upgrade
|
||||
end
|
||||
|
||||
if node['openstack']['databag_type'] == 'vault'
|
||||
chef_gem 'chef-vault' do
|
||||
version node['openstack']['vault_gem_version']
|
||||
end
|
||||
end
|
@ -1,24 +0,0 @@
|
||||
#
|
||||
# Cookbook:: openstack-common
|
||||
# library:: etcd
|
||||
#
|
||||
# Copyright:: 2017-2021, Workday Inc.
|
||||
# Copyright:: 2020-2021, Oregon State University
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
#
|
||||
|
||||
# create a new etcd installation named 'openstack'
|
||||
etcd_service 'openstack' do
|
||||
action [:create, :start]
|
||||
end
|
@ -1,37 +0,0 @@
|
||||
#
|
||||
# Cookbook:: openstack-common
|
||||
# library:: logging
|
||||
#
|
||||
# Copyright:: 2012-2021, AT&T Services, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
#
|
||||
|
||||
directory '/etc/openstack' do
|
||||
owner 'root'
|
||||
group 'root'
|
||||
mode '755'
|
||||
action :create
|
||||
end
|
||||
|
||||
template '/etc/openstack/logging.conf' do
|
||||
source 'logging.conf.erb'
|
||||
owner 'root'
|
||||
group 'root'
|
||||
mode '644'
|
||||
variables(
|
||||
loggers: node['openstack']['logging']['loggers'],
|
||||
formatters: node['openstack']['logging']['formatters'],
|
||||
handlers: node['openstack']['logging']['handlers']
|
||||
)
|
||||
end
|
@ -1,24 +0,0 @@
|
||||
#
|
||||
# Cookbook:: openstack-common
|
||||
# recipe:: sysctl
|
||||
#
|
||||
# Copyright:: 2013-2021, Chef Software, Inc.
|
||||
# Copyright:: 2020-2021, Oregon State University
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
#
|
||||
node['openstack']['sysctl'].each do |name, value|
|
||||
sysctl name do
|
||||
value value
|
||||
end
|
||||
end
|
@ -1,57 +0,0 @@
|
||||
#
|
||||
# Author:: Lance Albertson (<lance@osuosl.org>)
|
||||
# Cookbook:: openstack-common
|
||||
# Resource:: openstack_database
|
||||
#
|
||||
# Copyright:: 2020-2021, Oregon State University
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
# this file is originally from the database cookbook, preserved for legacy
|
||||
# purposes until the functionality can be refactored into a custom resource.
|
||||
# Original: https://github.com/chef-boneyard/database
|
||||
|
||||
resource_name :openstack_database
|
||||
provides :openstack_database
|
||||
unified_mode true
|
||||
default_action :create
|
||||
|
||||
property :service, String, name_property: true
|
||||
property :user, String, required: true
|
||||
property :pass, String, required: true
|
||||
|
||||
action :create do
|
||||
service_info = db new_resource.service
|
||||
db_name = service_info['db_name']
|
||||
db_type = service_info['service_type']
|
||||
user_key = node['openstack']['db']['root_user_key']
|
||||
super_password = get_password 'db', user_key
|
||||
|
||||
mariadb_database db_name do
|
||||
encoding node['openstack']['db']['charset'][db_type]
|
||||
password super_password
|
||||
end
|
||||
|
||||
mariadb_user new_resource.user do
|
||||
password new_resource.pass
|
||||
database_name db_name
|
||||
host '%'
|
||||
privileges [:all]
|
||||
ctrl_password super_password
|
||||
action [:create, :grant]
|
||||
end
|
||||
end
|
||||
|
||||
action_class do
|
||||
include ::Openstack
|
||||
end
|
177
spec/cli_spec.rb
177
spec/cli_spec.rb
@ -1,177 +0,0 @@
|
||||
require_relative 'spec_helper'
|
||||
require ::File.join ::File.dirname(__FILE__), '..', 'libraries', 'cli'
|
||||
|
||||
describe 'openstack-common::default' do
|
||||
describe 'Openstack CLI' do
|
||||
let(:runner) { ChefSpec::SoloRunner.new(CHEFSPEC_OPTS) }
|
||||
let(:node) { runner.node }
|
||||
cached(:chef_run) do
|
||||
runner.converge(described_recipe)
|
||||
end
|
||||
let(:subject) { Object.new.extend(Openstack) }
|
||||
|
||||
include_context 'library-stubs'
|
||||
|
||||
describe 'openstack_command_env' do
|
||||
before do
|
||||
node.override['openstack']['endpoints']['public']['identity'] = {
|
||||
host: '127.0.0.1',
|
||||
scheme: 'http',
|
||||
path: '/v3',
|
||||
port: '5000',
|
||||
}
|
||||
end
|
||||
it 'returns cli enviroment' do
|
||||
allow(subject).to receive(:get_password).with(
|
||||
'user', 'name').and_return('pass')
|
||||
|
||||
expect(
|
||||
subject.openstack_command_env('name', 'project', 'default', 'default')
|
||||
).to eq(
|
||||
'OS_USERNAME' => 'name',
|
||||
'OS_PASSWORD' => 'pass',
|
||||
'OS_PROJECT_NAME' => 'project',
|
||||
'OS_USER_DOMAIN_NAME' => 'default',
|
||||
'OS_PROJECT_DOMAIN_NAME' => 'default',
|
||||
'OS_AUTH_URL' => 'http://127.0.0.1:5000/v3',
|
||||
'OS_IDENTITY_API_VERSION' => '3'
|
||||
)
|
||||
end
|
||||
end
|
||||
|
||||
describe 'openstack_command' do
|
||||
it 'runs openstack command' do
|
||||
env =
|
||||
{
|
||||
'OS_USERNAME' => 'name',
|
||||
'OS_PASSWORD' => 'pass',
|
||||
'OS_PROJECT_NAME' => 'project',
|
||||
'OS_USER_DOMAIN_NAME' => 'default',
|
||||
'OS_PROJECT_DOMAIN_NAME' => 'default',
|
||||
'OS_AUTH_URL' => 'http://127.0.0.1:5000/v3',
|
||||
'OS_IDENTITY_API_VERSION' => 3,
|
||||
}
|
||||
allow(subject).to receive(:shell_out).with(
|
||||
%w(openstack user list),
|
||||
env: env
|
||||
).and_return double('shell_out', exitstatus: 0, stdout: 'good', stderr: '')
|
||||
|
||||
result = subject.openstack_command('openstack', 'user list', env)
|
||||
expect(result).to eq('good')
|
||||
end
|
||||
|
||||
it 'runs openstack command with args' do
|
||||
env =
|
||||
{
|
||||
'OS_USERNAME' => 'name',
|
||||
'OS_PASSWORD' => 'pass',
|
||||
'OS_PROJECT_NAME' => 'project',
|
||||
'OS_USER_DOMAIN_NAME' => 'default',
|
||||
'OS_PROJECT_DOMAIN_NAME' => 'default',
|
||||
'OS_AUTH_URL' => 'http://127.0.0.1:5000/v3',
|
||||
'OS_IDENTITY_API_VERSION' => 3,
|
||||
}
|
||||
allow(subject).to receive(:shell_out).with(
|
||||
%w(openstack --key1 value1 --key2 value2 --key3 user list),
|
||||
env: env
|
||||
).and_return double('shell_out', exitstatus: 0, stdout: 'good', stderr: '')
|
||||
|
||||
result = subject.openstack_command('openstack', 'user list', env, 'key1' => 'value1', 'key2' => 'value2', 'key3' => '')
|
||||
expect(result).to eq('good')
|
||||
end
|
||||
|
||||
it 'runs openstack command with failure' do
|
||||
env =
|
||||
{
|
||||
'OS_USERNAME' => 'name',
|
||||
'OS_PASSWORD' => 'pass',
|
||||
'OS_PROJECT_NAME' => 'project',
|
||||
'OS_USER_DOMAIN_NAME' => 'default',
|
||||
'OS_PROJECT_DOMAIN_NAME' => 'default',
|
||||
'OS_AUTH_URL' => 'http://127.0.0.1:5000/v3',
|
||||
'OS_IDENTITY_API_VERSION' => 3,
|
||||
}
|
||||
allow(subject).to receive(:shell_out).with(
|
||||
%w(openstack user list),
|
||||
env: env
|
||||
).and_return double('shell_out', exitstatus: 123, stdout: 'fail', stderr: '')
|
||||
end
|
||||
end
|
||||
|
||||
describe 'identity_uuid' do
|
||||
it 'runs identity command to query uuid' do
|
||||
env =
|
||||
{
|
||||
'OS_USERNAME' => 'name',
|
||||
'OS_PASSWORD' => 'pass',
|
||||
'OS_PROJECT_NAME' => 'project',
|
||||
'OS_USER_DOMAIN_NAME' => 'default',
|
||||
'OS_PROJECT_DOMAIN_NAME' => 'default',
|
||||
'OS_AUTH_URL' => 'http://127.0.0.1:5000/v3',
|
||||
'OS_IDENTITY_API_VERSION' => 3,
|
||||
}
|
||||
allow(subject).to receive(:openstack_command).with(
|
||||
'openstack', 'user list', env, {})
|
||||
allow(subject).to receive(:prettytable_to_array).and_return(
|
||||
[{ 'name' => 'user1', 'id' => '1234567890ABCDEFGH' }])
|
||||
|
||||
result = subject.identity_uuid('user', 'name', 'user1', env)
|
||||
expect(result).to eq('1234567890ABCDEFGH')
|
||||
end
|
||||
end
|
||||
|
||||
describe 'image_id' do
|
||||
let(:env) do
|
||||
{
|
||||
'OS_USERNAME' => 'name',
|
||||
'OS_PASSWORD' => 'pass',
|
||||
'OS_PROJECT_NAME' => 'project',
|
||||
'OS_USER_DOMAIN_NAME' => 'default',
|
||||
'OS_PROJECT_DOMAIN_NAME' => 'default',
|
||||
'OS_AUTH_URL' => 'http://127.0.0.1:5000/v3',
|
||||
'OS_IDENTITY_API_VERSION' => 3,
|
||||
}
|
||||
end
|
||||
|
||||
it 'runs glance command to query valid id' do
|
||||
allow(subject).to receive(:openstack_command).with(
|
||||
'openstack', 'image list', :env, {})
|
||||
allow(subject).to receive(:prettytable_to_array).and_return(
|
||||
[{ 'ID' => '87f38e15-9737-46cc-a612-7c67ee29a24f', 'Name' => 'cirros' }])
|
||||
|
||||
result = subject.image_id('cirros', :env)
|
||||
expect(result).to eq('87f38e15-9737-46cc-a612-7c67ee29a24f')
|
||||
end
|
||||
|
||||
it 'runs glance command to query invalid id' do
|
||||
allow(subject).to receive(:openstack_command).with(
|
||||
'openstack', 'image list', :env, {}).and_raise(
|
||||
"No image with a name or ID of 'test' exists. (1)")
|
||||
|
||||
expect { subject.image_id('test', :env) }.to raise_error(RuntimeError)
|
||||
end
|
||||
end
|
||||
|
||||
describe 'network_uuid' do
|
||||
it 'runs network command to query uuid' do
|
||||
env =
|
||||
{
|
||||
'OS_USERNAME' => 'name',
|
||||
'OS_PASSWORD' => 'pass',
|
||||
'OS_PROJECT_NAME' => 'project',
|
||||
'OS_USER_DOMAIN_NAME' => 'default',
|
||||
'OS_PROJECT_DOMAIN_NAME' => 'default',
|
||||
'OS_AUTH_URL' => 'http://127.0.0.1:5000/v3',
|
||||
'OS_IDENTITY_API_VERSION' => 3,
|
||||
}
|
||||
allow(subject).to receive(:openstack_command).with(
|
||||
'openstack', 'network list', env, {})
|
||||
allow(subject).to receive(:prettytable_to_array).and_return(
|
||||
[{ 'name' => 'net1', 'id' => '1234567890ABCDEFGH' }])
|
||||
|
||||
result = subject.network_uuid('network', 'name', 'net1', env)
|
||||
expect(result).to eq('1234567890ABCDEFGH')
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
@ -1,28 +0,0 @@
|
||||
require_relative 'spec_helper'
|
||||
|
||||
describe 'openstack-common::client' do
|
||||
ALL_RHEL.each do |p|
|
||||
context "redhat #{p[:version]}" do
|
||||
let(:runner) { ChefSpec::SoloRunner.new(p) }
|
||||
let(:node) { runner.node }
|
||||
cached(:chef_run) do
|
||||
runner.converge(described_recipe)
|
||||
end
|
||||
|
||||
it 'converges successfully' do
|
||||
expect { chef_run }.to_not raise_error
|
||||
end
|
||||
|
||||
case p
|
||||
when REDHAT_7
|
||||
it do
|
||||
expect(chef_run).to upgrade_package('python-openstackclient')
|
||||
end
|
||||
when REDHAT_8
|
||||
it do
|
||||
expect(chef_run).to upgrade_package('python3-openstackclient')
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
@ -1,19 +0,0 @@
|
||||
require_relative 'spec_helper'
|
||||
|
||||
describe 'openstack-common::client' do
|
||||
describe 'ubuntu' do
|
||||
let(:runner) { ChefSpec::SoloRunner.new(UBUNTU_OPTS) }
|
||||
let(:node) { runner.node }
|
||||
cached(:chef_run) do
|
||||
runner.converge(described_recipe)
|
||||
end
|
||||
|
||||
it 'converges successfully' do
|
||||
expect { chef_run }.to_not raise_error
|
||||
end
|
||||
|
||||
it do
|
||||
expect(chef_run).to upgrade_package('python3-openstackclient')
|
||||
end
|
||||
end
|
||||
end
|
@ -1,27 +0,0 @@
|
||||
require_relative 'spec_helper'
|
||||
|
||||
describe 'openstack-common::completions' do
|
||||
describe 'ubuntu' do
|
||||
let(:runner) { ChefSpec::SoloRunner.new(UBUNTU_OPTS) }
|
||||
let(:node) { runner.node }
|
||||
cached(:chef_run) do
|
||||
runner.converge(described_recipe)
|
||||
end
|
||||
it 'converges successfully' do
|
||||
expect { chef_run }.to_not raise_error
|
||||
end
|
||||
it do
|
||||
expect(chef_run).to install_package('bash-completion')
|
||||
end
|
||||
it do
|
||||
expect(chef_run).to create_directory('/etc/bash_completion.d/').with(mode: '755')
|
||||
end
|
||||
it do
|
||||
expect(chef_run).to run_execute('create OSC bash completions')
|
||||
.with(
|
||||
command: 'openstack complete > /etc/bash_completion.d/osc.bash_completion',
|
||||
creates: '/etc/bash_completion.d/osc.bash_completion'
|
||||
)
|
||||
end
|
||||
end
|
||||
end
|
@ -1,55 +0,0 @@
|
||||
require_relative 'spec_helper'
|
||||
require ::File.join ::File.dirname(__FILE__), '..', 'libraries', 'config_helpers'
|
||||
|
||||
describe 'openstack-common::default' do
|
||||
describe 'module Openstack config_helpers' do
|
||||
let(:runner) { ChefSpec::SoloRunner.new(CHEFSPEC_OPTS) }
|
||||
let(:node) { runner.node }
|
||||
cached(:chef_run) do
|
||||
runner.converge(described_recipe)
|
||||
end
|
||||
let(:subject) { Object.new.extend(Openstack) }
|
||||
include_context 'library-stubs'
|
||||
before do
|
||||
node.override['openstack']['anyservice']['conf'] =
|
||||
{
|
||||
'Default' => { 'logfile' => 'file_to_log' },
|
||||
'secret_section' => {},
|
||||
'another_section' => { 'foo' => 'bar', 'baz' => 'yay' },
|
||||
'deep_section' => {
|
||||
'foo' => { key: 'bar', value: 'baz' },
|
||||
'baz' => 'yay',
|
||||
},
|
||||
}
|
||||
node.override['openstack']['anyservice']['conf_secrets'] =
|
||||
{
|
||||
'Default' => { 'secret_log' => 'secret_file_to_log' },
|
||||
'secret_section' => { 'password' => '1234' },
|
||||
'another_section' => { 'secret_foo' => 'secret_bar' },
|
||||
'another_secret_section' => { 'secret_baz' => 'secret_yay' },
|
||||
}
|
||||
end
|
||||
|
||||
describe 'merge_config_options' do
|
||||
it ' node objects should be duped and be kind of Mash afterwards' do
|
||||
expect(
|
||||
subject.merge_config_options('anyservice')
|
||||
).to be_a(Mash)
|
||||
end
|
||||
it 'duped node objects should be merged correctly' do
|
||||
expect(
|
||||
subject.merge_config_options('anyservice')
|
||||
).to eq(
|
||||
'Default' => { 'logfile' => 'file_to_log', 'secret_log' => 'secret_file_to_log' },
|
||||
'secret_section' => { 'password' => '1234' },
|
||||
'another_section' => { 'foo' => 'bar', 'baz' => 'yay', 'secret_foo' => 'secret_bar' },
|
||||
'another_secret_section' => { 'secret_baz' => 'secret_yay' },
|
||||
'deep_section' => {
|
||||
'foo' => { 'key' => 'bar', 'value' => 'baz' },
|
||||
'baz' => 'yay',
|
||||
}
|
||||
)
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
@ -1,8 +0,0 @@
|
||||
name 'test-openstack-common-database'
|
||||
maintainer 'openstack-chef'
|
||||
maintainer_email 'opscode-chef-openstack@googlegroups.com'
|
||||
license 'Apache-2.0'
|
||||
description 'Test LWRP openstack_common_databse'
|
||||
version '1.0.0'
|
||||
|
||||
depends 'openstack-common'
|
@ -1,4 +0,0 @@
|
||||
openstack_database('service') do
|
||||
user 'db_user'
|
||||
pass 'db_pass'
|
||||
end
|
@ -1,73 +0,0 @@
|
||||
require_relative 'spec_helper'
|
||||
|
||||
describe 'test-openstack-common-database::default' do
|
||||
let(:runner) do
|
||||
ChefSpec::SoloRunner.new(CHEFSPEC_OPTS.dup.merge(step_into: %w(openstack_database)))
|
||||
end
|
||||
let(:node) { runner.node }
|
||||
cached(:chef_run) do
|
||||
node.override['openstack']['use_databags'] = false
|
||||
node.override['openstack']['secret']['mysqlroot']['db'] = 'root_pass'
|
||||
node.override['openstack']['db']['service'] = { service_type: 'mysql', port: 3306, db_name: 'service_db' }
|
||||
runner.converge(described_recipe)
|
||||
end
|
||||
|
||||
it 'uses the lwrp openstack_common_database' do
|
||||
expect(chef_run).to create_openstack_database('service').with(user: 'db_user', pass: 'db_pass')
|
||||
end
|
||||
|
||||
context 'specific root user db endpoint' do
|
||||
cached(:chef_run) do
|
||||
node.override['openstack']['endpoints']['db']['host_for_db_root_user'] = 'localhost123'
|
||||
node.override['openstack']['use_databags'] = false
|
||||
node.override['openstack']['secret']['mysqlroot']['db'] = 'root_pass'
|
||||
node.override['openstack']['db']['service'] = { service_type: 'mysql', port: 3306, db_name: 'service_db' }
|
||||
runner.converge(described_recipe)
|
||||
end
|
||||
it 'connects to the database via a specific endpoint for the root user' do
|
||||
expect(chef_run).to create_mariadb_database('service_db')
|
||||
.with(
|
||||
database_name: 'service_db',
|
||||
encoding: 'utf8',
|
||||
password: 'root_pass'
|
||||
)
|
||||
end
|
||||
end
|
||||
|
||||
it 'creates the database with the database resource' do
|
||||
expect(chef_run).to create_mariadb_database('service_db')
|
||||
.with(
|
||||
database_name: 'service_db',
|
||||
encoding: 'utf8',
|
||||
password: 'root_pass'
|
||||
)
|
||||
end
|
||||
|
||||
it 'creates the database use with the database_user resource' do
|
||||
expect(chef_run).to create_mariadb_user('db_user')
|
||||
.with(
|
||||
password: 'db_pass',
|
||||
database_name: 'service_db',
|
||||
host: '%',
|
||||
privileges: [:all],
|
||||
ctrl_password: 'root_pass'
|
||||
)
|
||||
end
|
||||
|
||||
it 'grants database privileges to the user with the database_user resource' do
|
||||
expect(chef_run).to grant_mariadb_user('db_user')
|
||||
.with(
|
||||
password: 'db_pass',
|
||||
database_name: 'service_db',
|
||||
host: '%',
|
||||
privileges: [:all],
|
||||
ctrl_password: 'root_pass'
|
||||
)
|
||||
end
|
||||
|
||||
context 'galera' do
|
||||
before do
|
||||
node.override['openstack']['db']['service'] = { service_type: 'galera', port: 3306, db_name: 'service_db' }
|
||||
end
|
||||
end
|
||||
end
|
@ -1,136 +0,0 @@
|
||||
require_relative 'spec_helper'
|
||||
|
||||
describe 'openstack-common::default' do
|
||||
ALL_RHEL.each do |p|
|
||||
context "redhat #{p[:version]}" do
|
||||
let(:runner) { ChefSpec::SoloRunner.new(p) }
|
||||
let(:node) { runner.node }
|
||||
cached(:chef_run) do
|
||||
node.override['openstack']['release'] = 'testrelease'
|
||||
runner.converge(described_recipe)
|
||||
end
|
||||
|
||||
it 'converges successfully' do
|
||||
expect { chef_run }.to_not raise_error
|
||||
end
|
||||
|
||||
case p
|
||||
when REDHAT_7
|
||||
pkgs = %w(python python2-pip python2-setuptools python-devel python-virtualenv python-wheel)
|
||||
|
||||
it do
|
||||
expect(chef_run).to upgrade_package('centos-release-qemu-ev')
|
||||
end
|
||||
|
||||
it do
|
||||
expect(chef_run).to include_recipe('yum-epel')
|
||||
end
|
||||
|
||||
it do
|
||||
expect(chef_run).to_not include_recipe('yum-centos')
|
||||
end
|
||||
|
||||
it do
|
||||
expect(chef_run).to create_yum_repository('epel').with(
|
||||
exclude: 'python2-qpid-proton python2-pyngus qpid-proton-c'
|
||||
)
|
||||
end
|
||||
when REDHAT_8
|
||||
pkgs = %w(python3-pip python3-setuptools python3-virtualenv python3-wheel python36 python36-devel)
|
||||
|
||||
it do
|
||||
expect(chef_run).to_not upgrade_package('centos-release-qemu-ev')
|
||||
end
|
||||
|
||||
%w(yum-epel yum-centos).each do |r|
|
||||
it do
|
||||
expect(chef_run).to include_recipe(r)
|
||||
end
|
||||
end
|
||||
|
||||
it do
|
||||
expect(chef_run).to create_yum_repository('epel').with(exclude: nil)
|
||||
end
|
||||
|
||||
%w(powertools centos-rabbitmq).each do |repo|
|
||||
it do
|
||||
expect(chef_run).to create_yum_repository(repo).with(enabled: true)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
it do
|
||||
expect(chef_run).to upgrade_package(pkgs)
|
||||
end
|
||||
|
||||
context 'enabling RDO with gpgcheck enabled' do
|
||||
cached(:chef_run) do
|
||||
node.override['openstack']['release'] = 'testrelease'
|
||||
node.override['openstack']['yum']['rdo_enabled'] = true
|
||||
node.override['openstack']['yum']['gpgcheck'] = true
|
||||
runner.converge(described_recipe)
|
||||
end
|
||||
|
||||
it do
|
||||
expect(chef_run).to add_yum_repository('RDO-testrelease').with(gpgcheck: true)
|
||||
end
|
||||
end
|
||||
|
||||
context 'enabling RDO with gpgcheck disabled' do
|
||||
cached(:chef_run) do
|
||||
node.override['openstack']['release'] = 'testrelease'
|
||||
node.override['openstack']['yum']['rdo_enabled'] = true
|
||||
node.override['openstack']['yum']['gpgcheck'] = false
|
||||
runner.converge(described_recipe)
|
||||
end
|
||||
|
||||
it do
|
||||
expect(chef_run).to add_yum_repository('RDO-testrelease').with(gpgcheck: false)
|
||||
end
|
||||
end
|
||||
|
||||
context 'disabling RDO deps repo with is_release true' do
|
||||
cached(:chef_run) do
|
||||
node.override['openstack']['release'] = 'testrelease'
|
||||
node.override['openstack']['is_release'] = true
|
||||
runner.converge(described_recipe)
|
||||
end
|
||||
|
||||
it 'does not add the RDO deps yum repository' do
|
||||
expect(chef_run).to_not add_yum_repository('RDO-testrelease-deps')
|
||||
end
|
||||
end
|
||||
|
||||
context 'disabling RDO' do
|
||||
cached(:chef_run) do
|
||||
node.override['openstack']['release'] = 'testrelease'
|
||||
node.override['openstack']['yum']['rdo_enabled'] = false
|
||||
runner.converge(described_recipe)
|
||||
end
|
||||
|
||||
it 'removes RDO yum repository' do
|
||||
allow(FileTest).to receive(:exist?).and_call_original
|
||||
allow(FileTest).to receive(:exist?).with('/etc/yum.repos.d/RDO-testrelease.repo').and_return(true)
|
||||
expect(chef_run).to remove_yum_repository('RDO-testrelease')
|
||||
end
|
||||
|
||||
it 'does not create RDO-Manager yum repositories' do
|
||||
expect(chef_run).to_not create_remote_file('/etc/yum.repos.d/rdo-manager-release.repo')
|
||||
end
|
||||
end
|
||||
|
||||
context 'disabling RDO and repo file does not exist' do
|
||||
cached(:chef_run) do
|
||||
node.override['openstack']['release'] = 'testrelease'
|
||||
node.override['openstack']['yum']['rdo_enabled'] = false
|
||||
runner.converge(described_recipe)
|
||||
end
|
||||
it 'does nothing when RDO yum repository does not exist' do
|
||||
allow(FileTest).to receive(:exist?).and_call_original
|
||||
allow(FileTest).to receive(:exist?).with('/etc/yum.repos.d/RDO-testrelease.repo').and_return(false)
|
||||
expect(chef_run).to nothing_yum_repository('RDO-testrelease')
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
@ -1,158 +0,0 @@
|
||||
require_relative 'spec_helper'
|
||||
|
||||
describe 'openstack-common::default' do
|
||||
describe 'ubuntu' do
|
||||
let(:runner) { ChefSpec::SoloRunner.new(UBUNTU_OPTS) }
|
||||
let(:mq_services) { %w(bare_metal block_storage compute database image telemetry network orchestration) }
|
||||
let(:node) { runner.node }
|
||||
cached(:chef_run) do
|
||||
runner.converge(described_recipe)
|
||||
end
|
||||
|
||||
it 'converges successfully' do
|
||||
expect { chef_run }.to_not raise_error
|
||||
end
|
||||
|
||||
context 'update_apt_cache true' do
|
||||
cached(:chef_run) do
|
||||
node.override['openstack']['apt']['update_apt_cache'] = true
|
||||
runner.converge(described_recipe)
|
||||
end
|
||||
it 'updates apt cache before installing packages' do
|
||||
expect(chef_run).to update_apt_update 'default'
|
||||
end
|
||||
end
|
||||
|
||||
it do
|
||||
expect(chef_run).to create_file('/etc/apt/apt.conf.d/confdef')
|
||||
.with(
|
||||
owner: 'root',
|
||||
group: 'root',
|
||||
mode: '644',
|
||||
content: "Dpkg::Options {\n \"--force-confdef\";\n \"--force-confold\";\n }"
|
||||
)
|
||||
end
|
||||
|
||||
it 'upgrades ubuntu-cloud-keyring package' do
|
||||
expect(chef_run).to upgrade_package 'ubuntu-cloud-keyring'
|
||||
end
|
||||
|
||||
context 'live_updates_enabled true' do
|
||||
cached(:chef_run) do
|
||||
node.override['openstack']['apt']['live_updates_enabled'] = true
|
||||
runner.converge(described_recipe)
|
||||
end
|
||||
it 'configures openstack repository' do
|
||||
# Using cookbook(apt) LWRP custom matcher
|
||||
# https://github.com/sethvargo/chefspec#packaging-custom-matchers
|
||||
expect(chef_run).to add_apt_repository('openstack-ppa').with(
|
||||
uri: 'http://ubuntu-cloud.archive.canonical.com/ubuntu',
|
||||
distribution: 'bionic-updates/train',
|
||||
components: ['main'],
|
||||
cache_rebuild: true
|
||||
)
|
||||
end
|
||||
end
|
||||
|
||||
context 'live_updates_enabled false' do
|
||||
cached(:chef_run) do
|
||||
node.override['openstack']['apt']['live_updates_enabled'] = false
|
||||
runner.converge(described_recipe)
|
||||
end
|
||||
it 'disables openstack live updates' do
|
||||
expect(chef_run).to_not add_apt_repository('openstack-ppa').with(
|
||||
uri: 'http://ubuntu-cloud.archive.canonical.com/ubuntu',
|
||||
distribution: 'bionic-updates/train',
|
||||
components: ['main']
|
||||
)
|
||||
end
|
||||
end
|
||||
|
||||
it 'configures openstack proposed repository' do
|
||||
expect(chef_run).to add_apt_repository('openstack-ppa-proposed').with(
|
||||
uri: 'http://ubuntu-cloud.archive.canonical.com/ubuntu',
|
||||
distribution: 'bionic-proposed/train',
|
||||
components: ['main'],
|
||||
cache_rebuild: true
|
||||
)
|
||||
end
|
||||
|
||||
context 'is_release true' do
|
||||
cached(:chef_run) do
|
||||
node.override['openstack']['is_release'] = true
|
||||
runner.converge(described_recipe)
|
||||
end
|
||||
it 'disables openstack proposed repository' do
|
||||
expect(chef_run).to_not add_apt_repository('openstack-ppa-proposed').with(
|
||||
uri: 'http://ubuntu-cloud.archive.canonical.com/ubuntu',
|
||||
distribution: 'bionic-proposed/train',
|
||||
components: ['main']
|
||||
)
|
||||
end
|
||||
end
|
||||
|
||||
pkgs = %w(python3 python3-dev python3-pip python3-setuptools python3-virtualenv python3-wheel virtualenv)
|
||||
|
||||
it 'installs python packages' do
|
||||
expect(chef_run).to upgrade_package(pkgs)
|
||||
end
|
||||
|
||||
it 'does not install the gem chef-vault by default' do
|
||||
expect(chef_run).to_not install_chef_gem('chef-vault')
|
||||
end
|
||||
|
||||
context 'databag_type vault' do
|
||||
cached(:chef_run) do
|
||||
node.override['openstack']['databag_type'] = 'vault'
|
||||
runner.converge(described_recipe)
|
||||
end
|
||||
it 'installs the gem chef-vault if databag_type is vault' do
|
||||
expect(chef_run).to install_chef_gem('chef-vault').with(version: '~> 3.2')
|
||||
end
|
||||
end
|
||||
|
||||
context 'rabbit mq' do
|
||||
rabbit_opts = {
|
||||
'userid' => 'openstack',
|
||||
'vhost' => '/',
|
||||
'port' => '5672',
|
||||
'host' => '127.0.0.1',
|
||||
'ha' => true,
|
||||
'heartbeat_timeout_threshold' => 123,
|
||||
'heartbeat_rate' => 123,
|
||||
'kombu_ssl_version' => 'TLSv1.2',
|
||||
'kombu_ssl_keyfile' => 'key_file',
|
||||
'kombu_ssl_certfile' => 'cert_file',
|
||||
'kombu_ssl_ca_certs' => 'ca_certs_file',
|
||||
'kombu_reconnect_delay' => 123.456,
|
||||
'kombu_reconnect_timeout' => 123,
|
||||
}
|
||||
cached(:chef_run) do
|
||||
rabbit_opts.each do |key, value|
|
||||
node.override['openstack']['mq']['rabbitmq'][key] = value
|
||||
end
|
||||
runner.converge(described_recipe)
|
||||
end
|
||||
rabbit_opts.each do |key, value|
|
||||
it "configures rabbit mq #{key}" do
|
||||
node.override['openstack']['mq']['rabbitmq'][key] = value
|
||||
mq_services.each do |service|
|
||||
expect(chef_run.node['openstack']['mq'][service]['rabbit'][key]).to eq(value)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
it 'set rabbit_max_retries to 0 for all services' do
|
||||
mq_services.each do |svc|
|
||||
expect(chef_run.node['openstack']['mq'][svc]['rabbit']['rabbit_max_retries']).to eq(0)
|
||||
end
|
||||
end
|
||||
|
||||
it 'set rabbit_retry_interval to 1 for all services' do
|
||||
mq_services.each do |svc|
|
||||
expect(chef_run.node['openstack']['mq'][svc]['rabbit']['rabbit_retry_interval']).to eq(1)
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
@ -1,241 +0,0 @@
|
||||
require_relative 'spec_helper'
|
||||
require ::File.join ::File.dirname(__FILE__), '..', 'libraries', 'uri'
|
||||
require ::File.join ::File.dirname(__FILE__), '..', 'libraries', 'endpoints'
|
||||
|
||||
describe 'openstack-common::default' do
|
||||
describe 'Openstack endpoints' do
|
||||
let(:runner) { ChefSpec::SoloRunner.new(CHEFSPEC_OPTS) }
|
||||
let(:node) { runner.node }
|
||||
cached(:chef_run) do
|
||||
runner.converge(described_recipe)
|
||||
end
|
||||
let(:subject) { Object.new.extend(Openstack) }
|
||||
|
||||
%w(public internal).each do |ep_type|
|
||||
describe "#{ep_type}_endpoint" do
|
||||
it 'fails with a NoMethodError when no openstack.endpoints in node attrs' do
|
||||
allow(subject).to receive(:node).and_return({})
|
||||
expect do
|
||||
subject.send("#{ep_type}_endpoint", 'someservice')
|
||||
end.to raise_error(NoMethodError)
|
||||
end
|
||||
|
||||
it 'fails with a NoMethodError when no endpoint was found' do
|
||||
allow(subject).to receive(:node).and_return(node)
|
||||
expect do
|
||||
subject.send("#{ep_type}_endpoint", 'someservice')
|
||||
end.to raise_error(NoMethodError)
|
||||
end
|
||||
|
||||
it 'handles a URI needing escaped' do
|
||||
uri_hash = {
|
||||
'openstack' => {
|
||||
'endpoints' => {
|
||||
ep_type => {
|
||||
'compute-api' => {
|
||||
'uri' => 'http://localhost:8080/v2/%(tenant_id)s',
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
}
|
||||
allow(subject).to receive(:node).and_return(uri_hash)
|
||||
expect(
|
||||
subject.send("#{ep_type}_endpoint", 'compute-api').path
|
||||
).to eq('/v2/%25(tenant_id)s')
|
||||
end
|
||||
|
||||
it 'returns endpoint URI object when uri key in endpoint hash' do
|
||||
uri_hash = {
|
||||
'openstack' => {
|
||||
'endpoints' => {
|
||||
ep_type => {
|
||||
'compute-api' => {
|
||||
'uri' => 'http://localhost:1234/path',
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
}
|
||||
allow(subject).to receive(:node).and_return(uri_hash)
|
||||
expect(
|
||||
subject.send("#{ep_type}_endpoint", 'compute-api').port
|
||||
).to eq(1234)
|
||||
end
|
||||
|
||||
it 'returns endpoint URI string when uri key in endpoint hash and host also in hash' do
|
||||
uri_hash = {
|
||||
'openstack' => {
|
||||
'endpoints' => {
|
||||
ep_type => {
|
||||
'compute-api' => {
|
||||
'uri' => 'http://localhost',
|
||||
'host' => 'ignored',
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
}
|
||||
allow(subject).to receive(:node).and_return(uri_hash)
|
||||
expect(subject.send("#{ep_type}_endpoint", 'compute-api').to_s).to eq('http://localhost')
|
||||
end
|
||||
|
||||
it 'returns endpoint URI object when uri key not in endpoint hash but host is in hash' do
|
||||
expect(subject).to receive(:uri_from_hash).with('host' => 'localhost', 'port' => '1234')
|
||||
uri_hash = {
|
||||
'openstack' => {
|
||||
'endpoints' => {
|
||||
ep_type => {
|
||||
'compute-api' => {
|
||||
'host' => 'localhost',
|
||||
'port' => '1234',
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
}
|
||||
allow(subject).to receive(:node).and_return(uri_hash)
|
||||
subject.send("#{ep_type}_endpoint", 'compute-api')
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
describe 'transport_url' do
|
||||
it do
|
||||
allow(subject).to receive(:node).and_return(chef_run.node)
|
||||
allow(subject).to receive(:get_password)
|
||||
.with('user', 'openstack')
|
||||
.and_return('mypass')
|
||||
expected = 'rabbit://openstack:mypass@127.0.0.1:5672/'
|
||||
expect(subject.rabbit_transport_url('compute')).to eq(expected)
|
||||
end
|
||||
|
||||
context 'non-default mq attributes' do
|
||||
cached(:chef_run) do
|
||||
node.override['openstack']['mq']['service_type'] = 'rabbit'
|
||||
node.override['openstack']['mq']['cluster'] = true
|
||||
node.override['openstack']['mq']['compute']['rabbit']['userid'] = 'rabbit2'
|
||||
node.override['openstack']['endpoints']['mq']['port'] = 1234
|
||||
node.override['openstack']['mq']['servers'] = %w(10.0.0.1 10.0.0.2 10.0.0.3)
|
||||
node.override['openstack']['mq']['vhost'] = '/anyhost'
|
||||
runner.converge(described_recipe)
|
||||
end
|
||||
it do
|
||||
allow(subject).to receive(:node).and_return(chef_run.node)
|
||||
allow(subject).to receive(:get_password)
|
||||
.with('user', 'rabbit2')
|
||||
.and_return('mypass2')
|
||||
expected = 'rabbit://rabbit2:mypass2@10.0.0.1:1234,rabbit2:mypass2@10.0.0.2:1234,rabbit2:mypass2@10.0.0.3:1234/anyhost'
|
||||
expect(subject.rabbit_transport_url('compute')).to eq(expected)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
describe '#db' do
|
||||
it 'returns nil when no openstack.db not in node attrs' do
|
||||
allow(subject).to receive(:node).and_return({})
|
||||
expect(subject.db('nonexisting')).to be_nil
|
||||
end
|
||||
|
||||
it 'returns nil when no such service was found' do
|
||||
allow(subject).to receive(:node).and_return(chef_run.node)
|
||||
expect(subject.db('nonexisting')).to be_nil
|
||||
end
|
||||
|
||||
it 'returns db info hash when service found' do
|
||||
allow(subject).to receive(:node).and_return(chef_run.node)
|
||||
expect(subject.db('compute')['host']).to eq('127.0.0.1')
|
||||
expect(subject.db('compute').key?('uri')).to be_falsey
|
||||
end
|
||||
end
|
||||
|
||||
describe '#db_uri' do
|
||||
it 'returns nil when no openstack.db not in node attrs' do
|
||||
allow(subject).to receive(:node).and_return({})
|
||||
expect(subject.db_uri('nonexisting', 'user', 'pass')).to be_nil
|
||||
end
|
||||
|
||||
it 'returns nil when no such service was found' do
|
||||
allow(subject).to receive(:node).and_return(chef_run.node)
|
||||
expect(
|
||||
subject.db_uri('nonexisting', 'user', 'pass')
|
||||
).to be_nil
|
||||
end
|
||||
|
||||
it 'returns compute db info hash when service found for default mysql' do
|
||||
allow(subject).to receive(:node).and_return(chef_run.node)
|
||||
expected = 'mysql+pymysql://user:pass@127.0.0.1:3306/nova?charset=utf8'
|
||||
expect(
|
||||
subject.db_uri('compute', 'user', 'pass')
|
||||
).to eq(expected)
|
||||
end
|
||||
|
||||
context 'sqlite' do
|
||||
cached(:chef_run) do
|
||||
node.override['openstack']['db']['service_type'] = 'sqlite'
|
||||
node.override['openstack']['db']['options'] = { 'sqlite' => '?options' }
|
||||
node.override['openstack']['db']['network']['path'] = 'path'
|
||||
runner.converge(described_recipe)
|
||||
end
|
||||
it 'returns network db info hash when service found for sqlite with options' do
|
||||
allow(subject).to receive(:node).and_return(chef_run.node)
|
||||
expected = 'sqlite:///path?options'
|
||||
expect(
|
||||
subject.db_uri('network', 'user', 'pass')
|
||||
).to eq(expected)
|
||||
end
|
||||
end
|
||||
|
||||
it 'returns compute db info hash when service found for mariadb' do
|
||||
node.override['openstack']['db']['service_type'] = 'mariadb'
|
||||
allow(subject).to receive(:node).and_return(chef_run.node)
|
||||
expected = 'mysql+pymysql://user:pass@127.0.0.1:3306/nova?charset=utf8'
|
||||
expect(
|
||||
subject.db_uri('compute', 'user', 'pass')
|
||||
).to eq(expected)
|
||||
end
|
||||
|
||||
%w(galera percona-cluster).each do |db|
|
||||
it "returns compute db info hash when service found for #{db}" do
|
||||
node.override['openstack']['db']['service_type'] = db
|
||||
allow(subject).to receive(:node).and_return(chef_run.node)
|
||||
expected = 'mysql+pymysql://user:pass@127.0.0.1:3306/nova?charset=utf8'
|
||||
expect(
|
||||
subject.db_uri('compute', 'user', 'pass')
|
||||
).to eq(expected)
|
||||
end
|
||||
end
|
||||
|
||||
it 'returns compute slave db info hash when service found for default mysql' do
|
||||
node.override['openstack']['endpoints']['db']['enabled_slave'] = true
|
||||
allow(subject).to receive(:node).and_return(chef_run.node)
|
||||
expected = 'mysql+pymysql://user:pass@127.0.0.1:3316/nova?charset=utf8'
|
||||
expect(
|
||||
subject.db_uri('compute', 'user', 'pass', true)
|
||||
).to eq(expected)
|
||||
end
|
||||
|
||||
it 'returns image slave db info hash when service found for mariadb' do
|
||||
node.override['openstack']['db']['service_type'] = 'mariadb'
|
||||
node.override['openstack']['endpoints']['db']['enabled_slave'] = true
|
||||
allow(subject).to receive(:node).and_return(chef_run.node)
|
||||
expected = 'mysql+pymysql://user:pass@127.0.0.1:3316/glance?charset=utf8'
|
||||
expect(
|
||||
subject.db_uri('image', 'user', 'pass', true)
|
||||
).to eq(expected)
|
||||
end
|
||||
|
||||
%w(galera percona-cluster).each do |db|
|
||||
it "returns network slave db info hash when service found for #{db}" do
|
||||
node.override['openstack']['db']['service_type'] = db
|
||||
node.override['openstack']['endpoints']['db']['enabled_slave'] = true
|
||||
allow(subject).to receive(:node).and_return(chef_run.node)
|
||||
expected = 'mysql+pymysql://user:pass@127.0.0.1:3316/neutron?charset=utf8'
|
||||
expect(
|
||||
subject.db_uri('network', 'user', 'pass', true)
|
||||
).to eq(expected)
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
@ -1,206 +0,0 @@
|
||||
require_relative 'spec_helper'
|
||||
|
||||
describe 'openstack-common::logging' do
|
||||
describe 'ubuntu' do
|
||||
let(:runner) { ChefSpec::SoloRunner.new(UBUNTU_OPTS) }
|
||||
let(:node) { runner.node }
|
||||
cached(:chef_run) { runner.converge(described_recipe) }
|
||||
|
||||
describe '/etc/openstack' do
|
||||
let(:dir) { chef_run.directory('/etc/openstack') }
|
||||
|
||||
it 'should create /etc/openstack' do
|
||||
expect(chef_run).to create_directory('/etc/openstack').with(
|
||||
owner: 'root',
|
||||
group: 'root',
|
||||
mode: '755'
|
||||
)
|
||||
end
|
||||
end
|
||||
|
||||
describe 'logging.conf' do
|
||||
let(:file) { chef_run.template('/etc/openstack/logging.conf') }
|
||||
|
||||
it 'should create /etc/openstack/logging.conf' do
|
||||
expect(chef_run).to create_template(file.name).with(
|
||||
owner: 'root',
|
||||
group: 'root',
|
||||
mode: '644'
|
||||
)
|
||||
end
|
||||
|
||||
context 'loggers' do
|
||||
it 'adds default loggers' do
|
||||
{
|
||||
'loggers' =>
|
||||
[
|
||||
'keys=root,ceilometer,cinder,glance,horizon,keystone,nova,'\
|
||||
'neutron,trove,amqplib,sqlalchemy,boto,suds,eventletwsgi,'\
|
||||
'nova_api_openstack_wsgi,nova_osapi_compute_wsgi_server',
|
||||
],
|
||||
'logger_root' =>
|
||||
[
|
||||
'level=NOTSET',
|
||||
'handlers=devel',
|
||||
],
|
||||
'logger_ceilometer' =>
|
||||
[
|
||||
'level=DEBUG',
|
||||
'handlers=prod,debug',
|
||||
'qualname=ceilometer',
|
||||
],
|
||||
'logger_cinder' =>
|
||||
[
|
||||
'level=DEBUG',
|
||||
'handlers=prod,debug',
|
||||
'qualname=cinder',
|
||||
],
|
||||
'logger_glance' =>
|
||||
[
|
||||
'level=DEBUG',
|
||||
'handlers=prod,debug',
|
||||
'qualname=glance',
|
||||
],
|
||||
'logger_horizon' =>
|
||||
[
|
||||
'level=DEBUG',
|
||||
'handlers=prod,debug',
|
||||
'qualname=horizon',
|
||||
],
|
||||
'logger_keystone' =>
|
||||
[
|
||||
'level=DEBUG',
|
||||
'handlers=prod,debug',
|
||||
'qualname=keystone',
|
||||
],
|
||||
'logger_nova' =>
|
||||
[
|
||||
'level=DEBUG',
|
||||
'handlers=prod,debug',
|
||||
'qualname=nova',
|
||||
],
|
||||
'logger_neutron' =>
|
||||
[
|
||||
'level=DEBUG',
|
||||
'handlers=prod,debug',
|
||||
'qualname=neutron',
|
||||
],
|
||||
'logger_trove' =>
|
||||
[
|
||||
'level=DEBUG',
|
||||
'handlers=prod,debug',
|
||||
'qualname=trove',
|
||||
],
|
||||
'logger_amqplib' =>
|
||||
[
|
||||
'level=WARNING',
|
||||
'handlers=stderr',
|
||||
'qualname=amqplib',
|
||||
],
|
||||
'logger_sqlalchemy' =>
|
||||
[
|
||||
'level=WARNING',
|
||||
'handlers=stderr',
|
||||
'qualname=sqlalchemy',
|
||||
],
|
||||
'logger_boto' =>
|
||||
[
|
||||
'level=WARNING',
|
||||
'handlers=stderr',
|
||||
'qualname=boto',
|
||||
],
|
||||
'logger_suds' =>
|
||||
[
|
||||
'level=INFO',
|
||||
'handlers=stderr',
|
||||
'qualname=suds',
|
||||
],
|
||||
'logger_eventletwsgi' =>
|
||||
[
|
||||
'level=WARNING',
|
||||
'handlers=stderr',
|
||||
'qualname=eventlet.wsgi.server',
|
||||
],
|
||||
'logger_nova_api_openstack_wsgi' =>
|
||||
[
|
||||
'level=WARNING',
|
||||
'handlers=prod,debug',
|
||||
'qualname=nova.api.openstack.wsgi',
|
||||
],
|
||||
'logger_nova_osapi_compute_wsgi_server' =>
|
||||
[
|
||||
'level=WARNING',
|
||||
'handlers=prod,debug',
|
||||
'qualname=nova.osapi_compute.wsgi.server',
|
||||
],
|
||||
}.each do |section, content|
|
||||
content.each do |line|
|
||||
expect(chef_run).to render_config_file(file.name).with_section_content(section, line)
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
context 'formatters' do
|
||||
it 'adds default formatters' do
|
||||
{
|
||||
'formatters' =>
|
||||
'keys=normal,normal_with_name,debug,syslog_with_name,syslog_debug',
|
||||
'formatter_normal' =>
|
||||
'format=%(asctime)s %(levelname)s %(message)s',
|
||||
'formatter_normal_with_name' =>
|
||||
'format=[%(name)s]: %(asctime)s %(levelname)s %(message)s',
|
||||
'formatter_debug' =>
|
||||
'format=[%(name)s]: %(asctime)s %(levelname)s %(module)s.%(funcName)s %(message)s',
|
||||
'formatter_syslog_with_name' =>
|
||||
'format=%(name)s: %(levelname)s %(message)s',
|
||||
'formatter_syslog_debug' =>
|
||||
'format=%(name)s: %(levelname)s %(module)s.%(funcName)s %(message)s',
|
||||
}.each do |section, content|
|
||||
expect(chef_run).to render_config_file(file.name).with_section_content(section, content)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
context 'handlers' do
|
||||
it 'adds default handlers' do
|
||||
{
|
||||
'handlers' =>
|
||||
['keys=stderr,devel,prod,debug'],
|
||||
'handler_stderr' =>
|
||||
[
|
||||
'args=(sys.stderr,)',
|
||||
'class=StreamHandler',
|
||||
'formatter=debug',
|
||||
],
|
||||
'handler_devel' =>
|
||||
[
|
||||
'args=(sys.stdout,)',
|
||||
'class=StreamHandler',
|
||||
'formatter=debug',
|
||||
'level=NOTSET',
|
||||
],
|
||||
'handler_prod' =>
|
||||
[
|
||||
"args=(('/dev/log'), handlers.SysLogHandler.LOG_LOCAL0)",
|
||||
'class=handlers.SysLogHandler',
|
||||
'formatter=syslog_with_name',
|
||||
'level=INFO',
|
||||
],
|
||||
'handler_debug' =>
|
||||
[
|
||||
"args=(('/dev/log'), handlers.SysLogHandler.LOG_LOCAL1)",
|
||||
'class=handlers.SysLogHandler',
|
||||
'formatter=syslog_debug',
|
||||
'level=DEBUG',
|
||||
],
|
||||
}.each do |section, content|
|
||||
content.each do |line|
|
||||
expect(chef_run).to render_config_file(file.name).with_section_content(section, line)
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
@ -1,218 +0,0 @@
|
||||
require_relative 'spec_helper'
|
||||
require ::File.join ::File.dirname(__FILE__), '..', 'libraries', 'network'
|
||||
|
||||
describe 'openstack-common::default' do
|
||||
describe 'Openstack address_for and bind_address' do
|
||||
interfaces = {
|
||||
'lo' => {
|
||||
'addresses' => {
|
||||
'127.0.0.1' => {
|
||||
'family' => 'inet',
|
||||
'prefixlen' => '8',
|
||||
'netmask' => '255.0.0.0',
|
||||
'scope' => 'Node',
|
||||
},
|
||||
'::1' => {
|
||||
'family' => 'inet6',
|
||||
'prefixlen' => '128',
|
||||
'scope' => 'Node',
|
||||
},
|
||||
'2001:db8::1' => {
|
||||
'family' => 'inet6',
|
||||
'prefixlen' => '64',
|
||||
'scope' => 'Node',
|
||||
},
|
||||
},
|
||||
},
|
||||
'eth0' => {
|
||||
'addresses' => {
|
||||
'10.0.0.2' => {
|
||||
'family' => 'inet',
|
||||
'prefixlen' => '32',
|
||||
'netmask' => '255.255.255.255',
|
||||
'scope' => 'Node',
|
||||
},
|
||||
'10.0.0.3' => {
|
||||
'family' => 'inet',
|
||||
'prefixlen' => '24',
|
||||
'netmask' => '255.255.255.0',
|
||||
'scope' => 'Node',
|
||||
},
|
||||
},
|
||||
},
|
||||
}
|
||||
cached(:runner) { ChefSpec::SoloRunner.new(CHEFSPEC_OPTS) }
|
||||
cached(:node) { runner.node }
|
||||
cached(:chef_run) do
|
||||
node.automatic['network']['interfaces'] = interfaces
|
||||
runner.converge(described_recipe)
|
||||
end
|
||||
|
||||
let(:subject) { Object.new.extend(Openstack) }
|
||||
|
||||
include_context 'library-stubs'
|
||||
|
||||
describe '#address_for ipv4' do
|
||||
it 'returns ipv4 address' do
|
||||
expect(
|
||||
subject.address_for('lo')
|
||||
).to eq('127.0.0.1')
|
||||
end
|
||||
|
||||
it 'returns first ipv4 address but no virtual ips with prefixlen 32' do
|
||||
expect(
|
||||
subject.address_for('eth0', 'inet', node, true)
|
||||
).to eq('10.0.0.3')
|
||||
end
|
||||
|
||||
it 'returns first ipv4 address even if virtual and with prefixlen 32' do
|
||||
expect(
|
||||
subject.address_for('eth0', 'inet', node, false)
|
||||
).to eq('10.0.0.2')
|
||||
end
|
||||
|
||||
it 'returns 0.0.0.0 for interface "all"' do
|
||||
expect(
|
||||
subject.address_for('all')
|
||||
).to eq('0.0.0.0')
|
||||
end
|
||||
end
|
||||
|
||||
context '#address_for ipv6' do
|
||||
cached(:chef_run) do
|
||||
node.automatic['network']['interfaces'] = interfaces
|
||||
node.override['openstack']['endpoints']['family'] = 'inet6'
|
||||
runner.converge(described_recipe)
|
||||
end
|
||||
|
||||
it 'returns ipv6 address' do
|
||||
expect(
|
||||
subject.address_for('lo')
|
||||
).to eq('2001:db8::1')
|
||||
end
|
||||
|
||||
it 'returns ipv6 address' do
|
||||
expect(
|
||||
subject.address_for('lo', 'inet6')
|
||||
).to eq('2001:db8::1')
|
||||
end
|
||||
|
||||
it 'returns first ipv6 address and also virtual ips with prefixlen 128' do
|
||||
expect(
|
||||
subject.address_for('lo', 'inet6', node, false)
|
||||
).to eq('::1')
|
||||
end
|
||||
|
||||
it 'returns :: for interface "all"' do
|
||||
expect(
|
||||
subject.address_for('all', 'inet6')
|
||||
).to eq('::')
|
||||
end
|
||||
end
|
||||
describe 'bind_address' do
|
||||
describe 'mq' do
|
||||
it 'returns the host' do
|
||||
expect(
|
||||
subject.bind_address(node['openstack']['bind_service']['mq'])
|
||||
).to eq('127.0.0.1')
|
||||
end
|
||||
context 'mq interface set' do
|
||||
cached(:chef_run) do
|
||||
node.automatic['network']['interfaces'] = interfaces
|
||||
node.override['openstack']['endpoints']['family'] = 'inet'
|
||||
node.override['openstack']['bind_service']['mq']['interface'] = 'eth0'
|
||||
runner.converge(described_recipe)
|
||||
end
|
||||
it 'returns the interface address' do
|
||||
expect(
|
||||
subject.bind_address(node['openstack']['bind_service']['mq'])
|
||||
).to eq('10.0.0.3')
|
||||
end
|
||||
end
|
||||
end
|
||||
describe 'db' do
|
||||
it 'returns the host' do
|
||||
expect(
|
||||
subject.bind_address(node['openstack']['bind_service']['db'])
|
||||
).to eq('127.0.0.1')
|
||||
end
|
||||
context 'interface set' do
|
||||
cached(:chef_run) do
|
||||
node.automatic['network']['interfaces'] = interfaces
|
||||
node.override['openstack']['endpoints']['family'] = 'inet'
|
||||
node.override['openstack']['bind_service']['db']['interface'] = 'eth0'
|
||||
runner.converge(described_recipe)
|
||||
end
|
||||
it 'returns the interface address' do
|
||||
expect(
|
||||
subject.bind_address(node['openstack']['bind_service']['db'])
|
||||
).to eq('10.0.0.3')
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
describe '#address_for failures' do
|
||||
it 'fails when addresses for interface is nil' do
|
||||
node.automatic['network'] = {
|
||||
'interfaces' => {
|
||||
'lo' => {
|
||||
'addresses' => nil,
|
||||
},
|
||||
},
|
||||
}
|
||||
expect { subject.address_for('lo') }
|
||||
.to raise_error(RuntimeError, 'Interface lo has no addresses assigned')
|
||||
end
|
||||
|
||||
it 'fails when no addresses are avaiable for interface' do
|
||||
node.automatic['network'] = {
|
||||
'interfaces' => {
|
||||
'lo' => {
|
||||
'addresses' => {},
|
||||
},
|
||||
},
|
||||
}
|
||||
expect { subject.address_for('lo') }
|
||||
.to raise_error(RuntimeError, 'Interface lo has no addresses assigned')
|
||||
end
|
||||
|
||||
it 'fails when no address is available for interface family' do
|
||||
node.automatic['network'] = {
|
||||
'interfaces' => {
|
||||
'lo' => {
|
||||
'addresses' => {
|
||||
'127.0.0.1' => {
|
||||
'family' => 'inet',
|
||||
'prefixlen' => '8',
|
||||
'netmask' => '255.0.0.0',
|
||||
'scope' => 'Node',
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
}
|
||||
expect { subject.address_for('lo', 'inet6') }
|
||||
.to raise_error(RuntimeError, 'No address for family inet6 found')
|
||||
end
|
||||
|
||||
it 'fails when no address is available after dropping virtual ips' do
|
||||
node.automatic['network'] = {
|
||||
'interfaces' => {
|
||||
'lo' => {
|
||||
'addresses' => {
|
||||
'127.0.0.1' => {
|
||||
'family' => 'inet',
|
||||
'prefixlen' => '32',
|
||||
'netmask' => '255.255.255.255',
|
||||
'scope' => 'Node',
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
}
|
||||
expect { subject.address_for('lo', 'inet') }
|
||||
.to raise_error(RuntimeError, 'No address for family inet found')
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
@ -1,91 +0,0 @@
|
||||
require_relative 'spec_helper'
|
||||
require 'uri'
|
||||
require ::File.join ::File.dirname(__FILE__), '..', 'libraries', 'parse'
|
||||
|
||||
describe 'Openstack parse' do
|
||||
let(:subject) { Object.new.extend(Openstack) }
|
||||
|
||||
describe '#prettytable_to_array' do
|
||||
it 'returns [] when no table provided' do
|
||||
expect(
|
||||
subject.prettytable_to_array(nil)
|
||||
).to eq([])
|
||||
end
|
||||
it 'returns [] when table provided is empty' do
|
||||
expect(
|
||||
subject.prettytable_to_array('')
|
||||
).to eq([])
|
||||
end
|
||||
it 'returns proper array of hashes when proper table provided' do
|
||||
table =
|
||||
'+---------+----------------------------------+----------------------------------+
|
||||
| tenant | access | secret |
|
||||
+---------+----------------------------------+----------------------------------+
|
||||
| service | 91af731b3be244beb8f30fc59b7bc96d | ce811442cfb549c39390a203778a4bf5 |
|
||||
+---------+----------------------------------+----------------------------------+'
|
||||
expect(
|
||||
subject.prettytable_to_array(table)
|
||||
).to eq(
|
||||
[{ 'tenant' => 'service',
|
||||
'access' => '91af731b3be244beb8f30fc59b7bc96d',
|
||||
'secret' => 'ce811442cfb549c39390a203778a4bf5' }]
|
||||
)
|
||||
end
|
||||
it 'returns proper array of hashes when proper table provided including whitespace' do
|
||||
table =
|
||||
'+---------+----------------------------------+----------------------------------+
|
||||
| tenant | access | secret |
|
||||
+---------+----------------------------------+----------------------------------+
|
||||
| service | 91af731b3be244beb8f30fc59b7bc96d | ce811442cfb549c39390a203778a4bf5 |
|
||||
+---------+----------------------------------+----------------------------------+
|
||||
|
||||
|
||||
'
|
||||
expect(
|
||||
subject.prettytable_to_array(table)
|
||||
).to eq(
|
||||
[{ 'tenant' => 'service',
|
||||
'access' => '91af731b3be244beb8f30fc59b7bc96d',
|
||||
'secret' => 'ce811442cfb549c39390a203778a4bf5' }]
|
||||
)
|
||||
end
|
||||
it 'returns a flatten hash when provided a Property/Value table' do
|
||||
table =
|
||||
'+-----------+----------------------------------+
|
||||
| Property | Value |
|
||||
+-----------+----------------------------------+
|
||||
| access | 91af731b3be244beb8f30fc59b7bc96d |
|
||||
| secret | ce811442cfb549c39390a203778a4bf5 |
|
||||
| tenant_id | 429271dd1cf54b7ca921a0017524d8ea |
|
||||
| user_id | 1c4fc229560f40689c490c5d0838fd84 |
|
||||
+-----------+----------------------------------+'
|
||||
expect(
|
||||
subject.prettytable_to_array(table)
|
||||
).to eq(
|
||||
[{ 'tenant_id' => '429271dd1cf54b7ca921a0017524d8ea',
|
||||
'access' => '91af731b3be244beb8f30fc59b7bc96d',
|
||||
'secret' => 'ce811442cfb549c39390a203778a4bf5',
|
||||
'user_id' => '1c4fc229560f40689c490c5d0838fd84' }]
|
||||
)
|
||||
end
|
||||
it 'returns a flatten hash when provided a Property/Value table including whitespace' do
|
||||
table =
|
||||
'+-----------+----------------------------------+
|
||||
| Property | Value |
|
||||
+-----------+----------------------------------+
|
||||
| access | 91af731b3be244beb8f30fc59b7bc96d |
|
||||
| secret | ce811442cfb549c39390a203778a4bf5 |
|
||||
| tenant_id | 429271dd1cf54b7ca921a0017524d8ea |
|
||||
| user_id | 1c4fc229560f40689c490c5d0838fd84 |
|
||||
+-----------+----------------------------------+'
|
||||
expect(
|
||||
subject.prettytable_to_array(table)
|
||||
).to eq(
|
||||
[{ 'tenant_id' => '429271dd1cf54b7ca921a0017524d8ea',
|
||||
'access' => '91af731b3be244beb8f30fc59b7bc96d',
|
||||
'secret' => 'ce811442cfb549c39390a203778a4bf5',
|
||||
'user_id' => '1c4fc229560f40689c490c5d0838fd84' }]
|
||||
)
|
||||
end
|
||||
end
|
||||
end
|
@ -1,121 +0,0 @@
|
||||
require_relative 'spec_helper'
|
||||
require ::File.join ::File.dirname(__FILE__), '..', 'libraries', 'passwords'
|
||||
require 'chef-vault'
|
||||
|
||||
describe 'openstack-common::default' do
|
||||
describe 'Passwords' do
|
||||
let(:runner) { ChefSpec::SoloRunner.new(CHEFSPEC_OPTS) }
|
||||
let(:node) { runner.node }
|
||||
cached(:chef_run) { runner.converge(described_recipe) }
|
||||
let(:subject) { Object.new.extend(Openstack) }
|
||||
|
||||
include_context 'library-stubs'
|
||||
|
||||
context 'stored in encrypted data bags by default' do
|
||||
describe '#secret' do
|
||||
it 'returns databag' do
|
||||
value = { 'nova' => 'this' }
|
||||
allow(Chef::EncryptedDataBagItem).to receive(:load_secret).with(
|
||||
'/etc/chef/openstack_data_bag_secret').and_return('secret')
|
||||
allow(Chef::EncryptedDataBagItem).to receive(:load).with(
|
||||
'passwords', 'nova', 'secret').and_return(value)
|
||||
expect(subject.secret('passwords', 'nova')).to eq('this')
|
||||
end
|
||||
end
|
||||
|
||||
context 'using chef-vault' do
|
||||
cached(:chef_run) do
|
||||
node.override['openstack']['databag_type'] = 'vault'
|
||||
runner.converge(described_recipe)
|
||||
end
|
||||
it 'returns the data from a chef vault item' do
|
||||
allow(ChefVault::Item).to receive(:load)
|
||||
.with('vault_passwords', 'nova')
|
||||
.and_return('nova' => 'novapassword')
|
||||
expect(subject.secret('passwords', 'nova')).to eq('novapassword')
|
||||
end
|
||||
end
|
||||
|
||||
describe '#get_password' do
|
||||
%w(service db user).each do |type|
|
||||
it "returns databag value for #{type}" do
|
||||
value = { 'nova' => 'this' }
|
||||
allow(Chef::EncryptedDataBagItem).to receive(:load_secret).with(
|
||||
'/etc/chef/openstack_data_bag_secret').and_return('secret')
|
||||
allow(Chef::EncryptedDataBagItem).to receive(:load).with(
|
||||
"#{type}_passwords", 'nova', 'secret').and_return(value)
|
||||
expect(subject.get_password(type, 'nova')).to eq('this')
|
||||
end
|
||||
end
|
||||
|
||||
it 'returns nil for an invalid type' do
|
||||
expect(subject.get_password('invalid_type', 'nova')).to be_nil
|
||||
end
|
||||
|
||||
it 'returns tokens from the secrets_data_bag' do
|
||||
bag_content = { 'nova' => 'mysecret' }
|
||||
allow(Chef::EncryptedDataBagItem).to receive(:load_secret).with(
|
||||
'/etc/chef/openstack_data_bag_secret'
|
||||
).and_return('secret')
|
||||
allow(Chef::EncryptedDataBagItem).to receive(:load).with(
|
||||
'secrets', 'nova', 'secret'
|
||||
).and_return(bag_content)
|
||||
expect(subject.get_password('token', 'nova')).to eq('mysecret')
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
context 'stored in standard data bags' do
|
||||
cached(:chef_run) do
|
||||
node.override['openstack']['databag_type'] = 'standard'
|
||||
runner.converge(described_recipe)
|
||||
end
|
||||
describe '#secret' do
|
||||
it 'returns databag' do
|
||||
value = { 'nova' => 'this' }
|
||||
allow(Chef::DataBagItem).to receive(:load)
|
||||
.with('passwords', 'nova').and_return(value)
|
||||
expect(subject.secret('passwords', 'nova')).to eq('this')
|
||||
end
|
||||
end
|
||||
|
||||
describe '#get_password' do
|
||||
%w(service db user).each do |type|
|
||||
it "returns databag value for #{type}" do
|
||||
value = { 'nova' => 'this' }
|
||||
allow(Chef::DataBagItem).to receive(:load).with(
|
||||
"#{type}_passwords", 'nova').and_return(value)
|
||||
expect(subject.get_password(type, 'nova')).to eq('this')
|
||||
end
|
||||
end
|
||||
|
||||
it 'returns nil for an invalid type' do
|
||||
expect(subject.get_password('invalid_type', 'nova')).to be_nil
|
||||
end
|
||||
|
||||
it 'returns tokens from the secrets_data_bag' do
|
||||
bag_content = { 'nova' => 'mysecret' }
|
||||
allow(Chef::DataBagItem).to receive(:load).with(
|
||||
'secrets', 'nova'
|
||||
).and_return(bag_content)
|
||||
expect(subject.get_password('token', 'nova')).to eq('mysecret')
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
context 'stored in attributes as an alternative' do
|
||||
cached(:chef_run) do
|
||||
node.override['openstack']['use_databags'] = false
|
||||
runner.converge(described_recipe)
|
||||
end
|
||||
|
||||
describe '#get_password' do
|
||||
%w(service db user token).each do |type|
|
||||
it "returns the set attribute for #{type}" do
|
||||
expect(subject.get_password(type, 'compute')).to eq("compute-#{type}")
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
@ -1,140 +0,0 @@
|
||||
require_relative 'spec_helper'
|
||||
require ::File.join ::File.dirname(__FILE__), '..', 'libraries', 'search'
|
||||
|
||||
describe 'openstack-common::default' do
|
||||
describe 'Openstack Search' do
|
||||
let(:runner) { ChefSpec::SoloRunner.new(CHEFSPEC_OPTS) }
|
||||
let(:node) { runner.node }
|
||||
cached(:chef_run) do
|
||||
node.override['openstack']['mq']['server_role'] = 'openstack-ops-mq'
|
||||
node.override['openstack']['endpoints']['mq']['port'] = 5672
|
||||
# speed up tests
|
||||
node.override['openstack']['common']['search_count_max'] = 2
|
||||
runner.converge(described_recipe)
|
||||
end
|
||||
cached(:subject) { Object.new.extend(Openstack) }
|
||||
|
||||
describe '#search_for' do
|
||||
it 'returns results' do
|
||||
allow(subject).to receive(:node).and_return(chef_run.node)
|
||||
allow(subject).to receive(:search)
|
||||
.with(:node, '(chef_environment:_default AND roles:role) OR (chef_environment:_default AND recipes:role)')
|
||||
.and_return([chef_run.node])
|
||||
resp = subject.search_for('role')
|
||||
expect(resp[0]['fqdn']).to eq('fauxhai.local')
|
||||
end
|
||||
|
||||
it 'returns empty results' do
|
||||
allow(subject).to receive(:node).and_return(chef_run.node)
|
||||
allow(subject).to receive(:search)
|
||||
.with(:node, '(chef_environment:_default AND roles:empty-role) OR (chef_environment:_default AND recipes:empty-role)')
|
||||
.and_return([])
|
||||
expect(
|
||||
subject.search_for('empty-role')
|
||||
).to eq([])
|
||||
end
|
||||
|
||||
it 'always returns empty results' do
|
||||
allow(subject).to receive(:node).and_return(chef_run.node)
|
||||
allow(subject).to receive(:search)
|
||||
.with(:node, '(chef_environment:_default AND roles:empty-role) OR (chef_environment:_default AND recipes:empty-role)')
|
||||
.and_return(nil)
|
||||
expect(
|
||||
subject.search_for('empty-role')
|
||||
).to eq([])
|
||||
end
|
||||
end
|
||||
|
||||
describe '#memcached_servers' do
|
||||
it 'returns memcached list' do
|
||||
nodes = [
|
||||
{ 'memcached' => { 'listen' => '1.1.1.1', 'port' => '11211' } },
|
||||
{ 'memcached' => { 'listen' => '2.2.2.2', 'port' => '11211' } },
|
||||
]
|
||||
allow(subject).to receive(:node).and_return(chef_run.node)
|
||||
allow(subject).to receive(:search_for)
|
||||
.with('role')
|
||||
.and_return(nodes)
|
||||
expect(
|
||||
subject.memcached_servers('role')
|
||||
).to eq(['1.1.1.1:11211', '2.2.2.2:11211'])
|
||||
end
|
||||
|
||||
it 'returns sorted memcached list' do
|
||||
nodes = [
|
||||
{ 'memcached' => { 'listen' => '3.3.3.3', 'port' => '11211' } },
|
||||
{ 'memcached' => { 'listen' => '1.1.1.1', 'port' => '11211' } },
|
||||
{ 'memcached' => { 'listen' => '2.2.2.2', 'port' => '11211' } },
|
||||
]
|
||||
allow(subject).to receive(:node).and_return(chef_run.node)
|
||||
allow(subject).to receive(:search_for)
|
||||
.with('role')
|
||||
.and_return(nodes)
|
||||
expect(
|
||||
subject.memcached_servers('role')
|
||||
).to eq(['1.1.1.1:11211', '2.2.2.2:11211', '3.3.3.3:11211'])
|
||||
end
|
||||
|
||||
it 'returns memcached servers as defined by attributes' do
|
||||
nodes = {
|
||||
'openstack' => {
|
||||
'memcached_servers' => ['1.1.1.1:11211', '2.2.2.2:11211'],
|
||||
},
|
||||
}
|
||||
allow(subject).to receive(:node).and_return(chef_run.node.merge(nodes))
|
||||
expect(
|
||||
subject.memcached_servers('role')
|
||||
).to eq(['1.1.1.1:11211', '2.2.2.2:11211'])
|
||||
end
|
||||
|
||||
it 'returns empty memcached servers as defined by attributes' do
|
||||
nodes = {
|
||||
'openstack' => {
|
||||
'memcached_servers' => [],
|
||||
},
|
||||
}
|
||||
allow(subject).to receive(:node).and_return(chef_run.node.merge(nodes))
|
||||
expect(
|
||||
subject.memcached_servers('empty-role')
|
||||
).to eq([])
|
||||
end
|
||||
end
|
||||
|
||||
describe '#rabbit_servers' do
|
||||
it 'returns rabbit servers' do
|
||||
nodes = [
|
||||
{ 'openstack' => { 'mq' => { 'listen' => '1.1.1.1' }, 'endpoints' => { 'mq' => { 'port' => '5672' } } } },
|
||||
{ 'openstack' => { 'mq' => { 'listen' => '2.2.2.2' }, 'endpoints' => { 'mq' => { 'port' => '5672' } } } },
|
||||
]
|
||||
allow(subject).to receive(:node).and_return(chef_run.node)
|
||||
allow(subject).to receive(:search_for)
|
||||
.and_return(nodes)
|
||||
expect(
|
||||
subject.rabbit_servers
|
||||
).to eq('1.1.1.1:5672,2.2.2.2:5672')
|
||||
end
|
||||
|
||||
it 'returns sorted rabbit servers' do
|
||||
nodes = [
|
||||
{ 'openstack' => { 'mq' => { 'listen' => '3.3.3.3' }, 'endpoints' => { 'mq' => { 'port' => '5672' } } } },
|
||||
{ 'openstack' => { 'mq' => { 'listen' => '1.1.1.1' }, 'endpoints' => { 'mq' => { 'port' => '5672' } } } },
|
||||
{ 'openstack' => { 'mq' => { 'listen' => '2.2.2.2' }, 'endpoints' => { 'mq' => { 'port' => '5672' } } } },
|
||||
]
|
||||
allow(subject).to receive(:node).and_return(chef_run.node)
|
||||
allow(subject).to receive(:search_for)
|
||||
.and_return(nodes)
|
||||
expect(
|
||||
subject.rabbit_servers
|
||||
).to eq('1.1.1.1:5672,2.2.2.2:5672,3.3.3.3:5672')
|
||||
end
|
||||
|
||||
it 'returns rabbit servers when not searching' do
|
||||
chef_run.node.override['openstack']['mq']['servers'] = ['1.1.1.1', '2.2.2.2']
|
||||
allow(subject).to receive(:node).and_return(chef_run.node)
|
||||
expect(
|
||||
subject.rabbit_servers
|
||||
).to eq('1.1.1.1:5672,2.2.2.2:5672')
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
@ -1,59 +0,0 @@
|
||||
require 'chefspec'
|
||||
require 'chefspec/berkshelf'
|
||||
|
||||
RSpec.configure do |config|
|
||||
config.color = true
|
||||
config.formatter = :documentation
|
||||
config.log_level = :warn
|
||||
end
|
||||
|
||||
UBUNTU_OPTS = {
|
||||
platform: 'ubuntu',
|
||||
version: '18.04',
|
||||
}.freeze
|
||||
|
||||
REDHAT_7 = {
|
||||
platform: 'redhat',
|
||||
version: '7',
|
||||
}.freeze
|
||||
|
||||
REDHAT_8 = {
|
||||
platform: 'redhat',
|
||||
version: '8',
|
||||
}.freeze
|
||||
|
||||
ALL_RHEL = [
|
||||
REDHAT_7,
|
||||
REDHAT_8,
|
||||
].freeze
|
||||
|
||||
# We set a default platform for non-platform specific test cases
|
||||
CHEFSPEC_OPTS = UBUNTU_OPTS
|
||||
|
||||
shared_context 'library-stubs' do
|
||||
before do
|
||||
allow(subject).to receive(:node).and_return(chef_run.node)
|
||||
end
|
||||
end
|
||||
|
||||
shared_context 'common-stubs' do
|
||||
before do
|
||||
allow_any_instance_of(Chef::Recipe).to receive(:search_for)
|
||||
.with('os-identity').and_return(
|
||||
[{
|
||||
'openstack' => {
|
||||
'identity' => {
|
||||
'admin_tenant_name' => 'admin',
|
||||
'admin_user' => 'admin',
|
||||
},
|
||||
},
|
||||
}]
|
||||
)
|
||||
allow_any_instance_of(Chef::Recipe).to receive(:get_password)
|
||||
.with('user', 'admin')
|
||||
.and_return('admin')
|
||||
allow_any_instance_of(Chef::Recipe).to receive(:get_password)
|
||||
.with('user', 'admin-user-override')
|
||||
.and_return('admin-user-override')
|
||||
end
|
||||
end
|
@ -1,22 +0,0 @@
|
||||
require_relative 'spec_helper'
|
||||
|
||||
describe 'openstack-common::sysctl' do
|
||||
describe 'ubuntu' do
|
||||
sysctl_kv = {
|
||||
'sysctl_key1' => 'sysctl_value1',
|
||||
'sysctl_key2' => 'sysctl_value2',
|
||||
}
|
||||
let(:runner) { ChefSpec::SoloRunner.new(UBUNTU_OPTS) }
|
||||
let(:node) { runner.node }
|
||||
cached(:chef_run) do
|
||||
node.override['openstack']['sysctl'] = sysctl_kv
|
||||
runner.converge(described_recipe)
|
||||
end
|
||||
it do
|
||||
expect(chef_run).to apply_sysctl('sysctl_key1').with(value: 'sysctl_value1')
|
||||
end
|
||||
it do
|
||||
expect(chef_run).to apply_sysctl('sysctl_key2').with(value: 'sysctl_value2')
|
||||
end
|
||||
end
|
||||
end
|
@ -1,90 +0,0 @@
|
||||
require_relative 'spec_helper'
|
||||
require ::File.join ::File.dirname(__FILE__), '..', 'libraries', 'uri'
|
||||
require 'uri'
|
||||
|
||||
describe 'Openstack uri' do
|
||||
let(:subject) { Object.new.extend(Openstack) }
|
||||
|
||||
describe '#uri_from_hash' do
|
||||
it 'returns uri when uri key found, ignoring other parts' do
|
||||
uri = 'http://localhost/'
|
||||
hash = {
|
||||
'port' => 8888,
|
||||
'path' => '/path',
|
||||
'uri' => uri,
|
||||
}
|
||||
result = subject.uri_from_hash(hash)
|
||||
expect(result).to be_a URI
|
||||
expect(result.to_s).to eq(uri)
|
||||
end
|
||||
|
||||
it 'constructs from host' do
|
||||
uri = 'https://localhost:8888/path'
|
||||
hash = {
|
||||
'scheme' => 'https',
|
||||
'port' => 8888,
|
||||
'path' => '/path',
|
||||
'host' => 'localhost',
|
||||
}
|
||||
expect(
|
||||
subject.uri_from_hash(hash).to_s
|
||||
).to eq(uri)
|
||||
end
|
||||
|
||||
it 'constructs with defaults' do
|
||||
uri = 'https://localhost'
|
||||
hash = {
|
||||
'scheme' => 'https',
|
||||
'host' => 'localhost',
|
||||
}
|
||||
expect(
|
||||
subject.uri_from_hash(hash).to_s
|
||||
).to eq(uri)
|
||||
end
|
||||
|
||||
it 'constructs with extraneous keys' do
|
||||
uri = 'http://localhost'
|
||||
hash = {
|
||||
'host' => 'localhost',
|
||||
'network' => 'public', # To emulate the osops-utils::ip_location way...
|
||||
}
|
||||
expect(
|
||||
subject.uri_from_hash(hash).to_s
|
||||
).to eq(uri)
|
||||
end
|
||||
end
|
||||
|
||||
describe '#uri_join_paths' do
|
||||
it 'returns nil when no paths are passed in' do
|
||||
expect(subject.uri_join_paths).to be_nil
|
||||
end
|
||||
|
||||
it 'preserves absolute path when only absolute path passed in' do
|
||||
path = '/abspath'
|
||||
expect(
|
||||
subject.uri_join_paths(path)
|
||||
).to eq(path)
|
||||
end
|
||||
|
||||
it 'preserves relative path when only relative path passed in' do
|
||||
path = 'abspath/'
|
||||
expect(
|
||||
subject.uri_join_paths(path)
|
||||
).to eq(path)
|
||||
end
|
||||
|
||||
it 'preserves leadng and trailing slashes' do
|
||||
expected = '/path/to/resource/'
|
||||
expect(
|
||||
subject.uri_join_paths('/path', 'to', 'resource/')
|
||||
).to eq(expected)
|
||||
end
|
||||
|
||||
it 'removes extraneous intermediate slashes' do
|
||||
expected = '/path/to/resource'
|
||||
expect(
|
||||
subject.uri_join_paths('/path', '//to/', '/resource')
|
||||
).to eq(expected)
|
||||
end
|
||||
end
|
||||
end
|
@ -1,37 +0,0 @@
|
||||
require_relative 'spec_helper'
|
||||
require ::File.join ::File.dirname(__FILE__), '..', 'libraries', 'wrappers'
|
||||
|
||||
describe 'openstack-common::default' do
|
||||
describe 'Openstack wrappers' do
|
||||
let(:runner) { ChefSpec::SoloRunner.new(CHEFSPEC_OPTS) }
|
||||
let(:node) { runner.node }
|
||||
cached(:chef_run) do
|
||||
runner.converge(described_recipe)
|
||||
end
|
||||
let(:subject) { Object.new.extend(Openstack) }
|
||||
|
||||
include_context 'library-stubs'
|
||||
|
||||
describe '#recipe_included' do
|
||||
it 'returns boolean for recipe list' do
|
||||
node_hash = {
|
||||
'recipes' => 'included_recipe',
|
||||
}
|
||||
allow(subject).to receive(:node).and_return(node_hash)
|
||||
expect(subject.recipe_included?('included_recipe')).to be_truthy
|
||||
expect(subject.recipe_included?('not_included_recipe')).to be_falsey
|
||||
end
|
||||
end
|
||||
|
||||
describe '#role_included' do
|
||||
it 'returns boolean for role list' do
|
||||
node_hash_true = double('node', automatic: { 'roles' => 'included_role' }, role?: true)
|
||||
node_hash_false = double('node', automatic: { 'roles' => 'included_role' }, role?: false)
|
||||
allow(subject).to receive(:node).and_return(node_hash_true)
|
||||
expect(subject.role_included?('included_role')).to be_truthy
|
||||
allow(subject).to receive(:node).and_return(node_hash_false)
|
||||
expect(subject.role_included?('not_included_role')).to be_falsey
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
@ -1,5 +0,0 @@
|
||||
# Managed by Chef
|
||||
|
||||
<% node['openstack']['sysctl'].sort.each do |k,v| -%>
|
||||
<%= k %> = <%= v %>
|
||||
<% end -%>
|
@ -1,38 +0,0 @@
|
||||
[loggers]
|
||||
keys=<%= (@loggers.keys).join(',') %>
|
||||
|
||||
[formatters]
|
||||
keys=<%= @formatters.keys.join(',') %>
|
||||
|
||||
[handlers]
|
||||
keys=<%= @handlers.keys.join(',') %>
|
||||
|
||||
## LOGGERS ##
|
||||
|
||||
<% @loggers.each do |section, options| %>
|
||||
[logger_<%= section %>]
|
||||
<% options.each do |key, value| %>
|
||||
<%= key %>=<%= value %>
|
||||
<% end %>
|
||||
|
||||
<% end %>
|
||||
|
||||
## FORMATTERS ##
|
||||
|
||||
<% @formatters.each do |section, options| %>
|
||||
[formatter_<%= section %>]
|
||||
<% options.each do |key, value| %>
|
||||
<%= key %>=<%= value %>
|
||||
<% end %>
|
||||
|
||||
<% end %>
|
||||
|
||||
## HANDLERS ##
|
||||
|
||||
<% @handlers.each do |section, options| %>
|
||||
[handler_<%= section %>]
|
||||
<% options.each do |key, value| %>
|
||||
<%= key %>=<%= value %>
|
||||
<% end %>
|
||||
|
||||
<% end %>
|
@ -1,13 +0,0 @@
|
||||
<%= node['openstack']['common']['custom_template_banner'] %>
|
||||
<% @service_config.each do |section, values| -%>
|
||||
|
||||
[<%= section %>]
|
||||
<% values.each do |key, value| -%>
|
||||
<% if value.class == Hash -%>
|
||||
<%= "# #{value['comment']}" -%>
|
||||
<%= key %> = <%= value['set_to'] %>
|
||||
<% else -%>
|
||||
<%= key %> = <%= value %>
|
||||
<% end -%>
|
||||
<% end -%>
|
||||
<% end -%>
|
@ -1,37 +0,0 @@
|
||||
<%= node["openstack"]["identity"]["custom_template_banner"] %>
|
||||
|
||||
<VirtualHost <%= @params[:server_host] %>:<%= @params[:server_port] %>>
|
||||
WSGIDaemonProcess <%= @service %>-<%= @params[:server_suffix] %> processes=5 threads=1 user=<%= @params[:user] %> group=<%= @params[:group] %> display-name=%{GROUP}
|
||||
WSGIProcessGroup <%= @service %>-<%= @params[:server_suffix] %>
|
||||
WSGIScriptAlias / <%= @params[:server_entry] %>
|
||||
WSGIApplicationGroup %{GLOBAL}
|
||||
WSGIPassAuthorization On
|
||||
|
||||
ErrorLogFormat "%{cu}t %M"
|
||||
ErrorLog <%= @params[:log_dir] %>/<%= @service %>_error.log
|
||||
CustomLog <%= @params[:log_dir] %>/<%= @service %>_access.log combined
|
||||
<% if [true, 'true', 'True'].include?(@params[:log_debug]) -%>
|
||||
LogLevel debug
|
||||
<% end -%>
|
||||
|
||||
<Directory /usr/bin>
|
||||
Require all granted
|
||||
</Directory>
|
||||
|
||||
<% if @params[:use_ssl] -%>
|
||||
SSLEngine On
|
||||
SSLCertificateFile <%= @params[:cert_file] %>
|
||||
SSLCertificateKeyFile <%= @params[:key_file] %>
|
||||
SSLCACertificatePath <%= @params[:ca_certs_path] %>
|
||||
<% if @params[:chain_file] %>
|
||||
SSLCertificateChainFile <%= @params[:chain_file] %>
|
||||
<% end -%>
|
||||
SSLProtocol <%= @params[:protocol] %>
|
||||
<% if @params[:ciphers] -%>
|
||||
SSLCipherSuite <%= @params[:ciphers] %>
|
||||
<% end -%>
|
||||
<% if @params[:cert_required] -%>
|
||||
SSLVerifyClient require
|
||||
<% end -%>
|
||||
<% end -%>
|
||||
</VirtualHost>
|
Loading…
Reference in New Issue
Block a user