From 5c264be5c02bfc53404674add6ed253fcf044e9a Mon Sep 17 00:00:00 2001 From: Andy McCrae Date: Mon, 28 Apr 2014 18:18:34 +0100 Subject: [PATCH] Only manage the keystone-paste.ini if specified There are no attributes in this template file, which means it just overrides the existing keystone-paste.ini, and needs to be updated for each release. Additionally, the current template file adds in options that are listed as deprecated, resulting in warnings in keystone.log. Removing the template file will mean the packaged keystone-paste.ini is used. This patch removes the keystone-paste.ini template and adds an attribute to allow a keystone-paste.ini file to be specified. Change-Id: Id2e6df82acea480320eaf3d07c0570802e4424ca Closes-Bug: #1313828 --- README.md | 1 + attributes/default.rb | 3 + recipes/server.rb | 15 ++-- spec/server_spec.rb | 94 ++++-------------------- templates/default/keystone-paste.ini.erb | 93 ----------------------- 5 files changed, 26 insertions(+), 180 deletions(-) delete mode 100644 templates/default/keystone-paste.ini.erb diff --git a/README.md b/README.md index 28d64e1..f158827 100644 --- a/README.md +++ b/README.md @@ -247,6 +247,7 @@ Please refer to the Common cookbook for more attributes. * `openstack['identity']['admin_token']` - Admin token for bootstraping keystone server * `openstack['identity']['roles']` - Array of roles to create in the keystone server * `openstack['identity']['users']` - Array of users to create in the keystone server +* `openstack['identity']['pastefile_url']` - Specify the URL for a keystone-paste.ini file that will override the default packaged file TODO: Add DB2 support on other platforms * `openstack['identity']['platform']['db2_python_packages']` - Array of DB2 python packages, only available on redhat platform * `openstack['identity']['token']['expiration']` - Token validity time in seconds diff --git a/attributes/default.rb b/attributes/default.rb index 97aa77b..d9db784 100644 --- a/attributes/default.rb +++ b/attributes/default.rb @@ -35,6 +35,9 @@ default['credentials']['EC2']['admin']['secret'] = '' default['openstack']['identity']['verbose'] = 'False' default['openstack']['identity']['debug'] = 'False' +# Specify a location to retrieve keystone-paste.ini from +default['openstack']['identity']['pastefile_url'] = nil + default['openstack']['identity']['region'] = node['openstack']['region'] default['openstack']['identity']['token']['expiration'] = '86400' diff --git a/recipes/server.rb b/recipes/server.rb index f6c6c2f..5f9c755 100644 --- a/recipes/server.rb +++ b/recipes/server.rb @@ -148,13 +148,16 @@ template '/etc/keystone/keystone.conf' do notifies :restart, 'service[keystone]', :delayed end -template '/etc/keystone/keystone-paste.ini' do - source 'keystone-paste.ini.erb' - owner node['openstack']['identity']['user'] - group node['openstack']['identity']['group'] - mode 00644 +# If a keystone-paste.ini is specified use it +if node['openstack']['identity']['pastefile_url'] + remote_file '/etc/keystone/keystone-paste.ini' do + source node['openstack']['identity']['pastefile_url'] + owner node['openstack']['identity']['user'] + group node['openstack']['identity']['group'] + mode 00644 - notifies :restart, 'service[keystone]', :immediately + notifies :restart, 'service[keystone]', :immediately + end end # populate the templated catlog, if you're using the templated catalog backend diff --git a/spec/server_spec.rb b/spec/server_spec.rb index 746bdca..823ce53 100644 --- a/spec/server_spec.rb +++ b/spec/server_spec.rb @@ -479,94 +479,26 @@ describe 'openstack-identity::server' do end describe 'keystone-paste.ini' do - let(:paste_file_path) { '/etc/keystone/keystone-paste.ini' } - let(:paste_file_template) { chef_run.template paste_file_path } - it 'has proper owner' do - expect(paste_file_template.owner).to eq('keystone') - expect(paste_file_template.group).to eq('keystone') + it 'does not manage keystone-paste unless specified' do + expect(chef_run).not_to create_remote_file('/etc/keystone/keystone-paste.ini') end - it 'has proper modes' do - expect(sprintf('%o', paste_file_template.mode)).to eq '644' - end + describe 'keystone-paste remote specified' do - it 'contains sections' do - required_sections = %w{filter:debug filter:token_auth - filter:admin_token_auth filter:xml_body - filter:json_body filter:user_crud_extension - filter:crud_extension filter:ec2_extension - filter:oauth_extension filter:s3_extension - filter:endpoint_filter_extension filter:url_normalize - filter:sizelimit filter:stats_monitoring - filter:stats_reporting filter:access_log - app:public_service app:service_v3 - app:admin_service pipeline:public_api - pipeline:admin_api pipeline:api_v3 - app:public_version_service app:admin_version_service - pipeline:public_version_api pipeline:admin_version_api - composite:main composite:admin} - required_sections.each do |section| - expect(chef_run).to render_file(paste_file_path).with_content( - /#{Regexp.quote(section)}/) + before { node.set['openstack']['identity']['pastefile_url'] = 'http://server/mykeystone-paste.ini' } + let(:remote_paste) { chef_run.remote_file('/etc/keystone/keystone-paste.ini') } + + it 'does manage keystone-paste from remote file if specified' do + expect(chef_run).to create_remote_file('/etc/keystone/keystone-paste.ini').with( + user: 'keystone', + group: 'keystone', + mode: 00644) + expect(remote_paste).to notify('service[keystone]').to(:restart) end end - it 'has the correct filter configuration' do - filter_factory_key = 'paste.filter_factory' - required_filter_factories = %w{keystone.common.wsgi:Debug.factory - keystone.middleware:TokenAuthMiddleware.factory - keystone.middleware:AdminTokenAuthMiddleware.factory - keystone.middleware:XmlBodyMiddleware.factory - keystone.middleware:JsonBodyMiddleware.factory - keystone.contrib.user_crud:CrudExtension.factory - keystone.contrib.admin_crud:CrudExtension.factory - keystone.contrib.ec2:Ec2Extension.factory - keystone.contrib.oauth1.routers:OAuth1Extension.factory - keystone.contrib.s3:S3Extension.factory - keystone.contrib.endpoint_filter.routers:EndpointFilterExtension.factory - keystone.middleware:NormalizingFilter.factory - keystone.middleware:RequestBodySizeLimiter.factory - keystone.contrib.stats:StatsMiddleware.factory - keystone.contrib.stats:StatsExtension.factory - keystone.contrib.access:AccessLogMiddleware.factory} - required_filter_factories.each do |filter_factory| - r = line_regexp("#{filter_factory_key} = #{filter_factory}") - expect(chef_run).to render_file(paste_file_path).with_content(r) - end - end - - it 'has the correct app configuration' do - app_factory_key = 'paste.app_factory' - required_app_factories = %w{keystone.service:public_app_factory - keystone.service:v3_app_factory - keystone.service:admin_app_factory - keystone.service:public_version_app_factory - keystone.service:admin_version_app_factory} - required_app_factories.each do |app_factory| - r = line_regexp("#{app_factory_key} = #{app_factory}") - expect(chef_run).to render_file(paste_file_path).with_content(r) - end - end - - it 'has the correct pipeline configuration for public_api' do - r = line_regexp('pipeline = access_log sizelimit url_normalize token_auth admin_token_auth xml_body json_body ec2_extension user_crud_extension public_service') - expect(chef_run).to render_file(paste_file_path).with_content(r) - end - - it 'has the correct pipeline configuration for admin_api' do - r = line_regexp('pipeline = access_log sizelimit url_normalize token_auth admin_token_auth xml_body json_body ec2_extension s3_extension crud_extension admin_service') - expect(chef_run).to render_file(paste_file_path).with_content(r) - end - - it 'has the correct pipeline configuration for admin_api' do - r = line_regexp('pipeline = access_log sizelimit url_normalize token_auth admin_token_auth xml_body json_body ec2_extension s3_extension crud_extension admin_service') - expect(chef_run).to render_file(paste_file_path).with_content(r) - end - - it 'notifies keystone restart' do - expect(paste_file_template).to notify('service[keystone]').to(:restart) - end end + end end diff --git a/templates/default/keystone-paste.ini.erb b/templates/default/keystone-paste.ini.erb deleted file mode 100644 index 1df0fb9..0000000 --- a/templates/default/keystone-paste.ini.erb +++ /dev/null @@ -1,93 +0,0 @@ -<%= node["openstack"]["identity"]["custom_template_banner"] %> - -# keystone PasteDeploy configuration file. - -[filter:debug] -paste.filter_factory = keystone.common.wsgi:Debug.factory - -[filter:token_auth] -paste.filter_factory = keystone.middleware:TokenAuthMiddleware.factory - -[filter:admin_token_auth] -paste.filter_factory = keystone.middleware:AdminTokenAuthMiddleware.factory - -[filter:xml_body] -paste.filter_factory = keystone.middleware:XmlBodyMiddleware.factory - -[filter:json_body] -paste.filter_factory = keystone.middleware:JsonBodyMiddleware.factory - -[filter:user_crud_extension] -paste.filter_factory = keystone.contrib.user_crud:CrudExtension.factory - -[filter:crud_extension] -paste.filter_factory = keystone.contrib.admin_crud:CrudExtension.factory - -[filter:ec2_extension] -paste.filter_factory = keystone.contrib.ec2:Ec2Extension.factory - -[filter:oauth_extension] -paste.filter_factory = keystone.contrib.oauth1.routers:OAuth1Extension.factory - -[filter:s3_extension] -paste.filter_factory = keystone.contrib.s3:S3Extension.factory - -[filter:endpoint_filter_extension] -paste.filter_factory = keystone.contrib.endpoint_filter.routers:EndpointFilterExtension.factory - -[filter:url_normalize] -paste.filter_factory = keystone.middleware:NormalizingFilter.factory - -[filter:sizelimit] -paste.filter_factory = keystone.middleware:RequestBodySizeLimiter.factory - -[filter:stats_monitoring] -paste.filter_factory = keystone.contrib.stats:StatsMiddleware.factory - -[filter:stats_reporting] -paste.filter_factory = keystone.contrib.stats:StatsExtension.factory - -[filter:access_log] -paste.filter_factory = keystone.contrib.access:AccessLogMiddleware.factory - -[app:public_service] -paste.app_factory = keystone.service:public_app_factory - -[app:service_v3] -paste.app_factory = keystone.service:v3_app_factory - -[app:admin_service] -paste.app_factory = keystone.service:admin_app_factory - -[pipeline:public_api] -pipeline = access_log sizelimit url_normalize token_auth admin_token_auth xml_body json_body ec2_extension user_crud_extension public_service - -[pipeline:admin_api] -pipeline = access_log sizelimit url_normalize token_auth admin_token_auth xml_body json_body ec2_extension s3_extension crud_extension admin_service - -[pipeline:api_v3] -pipeline = access_log sizelimit url_normalize token_auth admin_token_auth xml_body json_body ec2_extension s3_extension service_v3 - -[app:public_version_service] -paste.app_factory = keystone.service:public_version_app_factory - -[app:admin_version_service] -paste.app_factory = keystone.service:admin_version_app_factory - -[pipeline:public_version_api] -pipeline = access_log sizelimit url_normalize xml_body public_version_service - -[pipeline:admin_version_api] -pipeline = access_log sizelimit url_normalize xml_body admin_version_service - -[composite:main] -use = egg:Paste#urlmap -/v2.0 = public_api -/v3 = api_v3 -/ = public_version_api - -[composite:admin] -use = egg:Paste#urlmap -/v2.0 = admin_api -/v3 = api_v3 -/ = admin_version_api