Ceilometer-api / Gnocchi-api WSGI refactor
- now using wsgi apps for both apis - bumped gnocchi package version due to python-openssl bugs Change-Id: I63636ca8c08660f44433e701c55e1e0e7db5465f
This commit is contained in:
parent
6477bbaf3c
commit
b33c0ca574
@ -18,7 +18,10 @@
|
|||||||
# See the License for the specific language governing permissions and
|
# See the License for the specific language governing permissions and
|
||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
#
|
#
|
||||||
|
# Set to some text value if you want templated config files
|
||||||
|
# to contain a custom banner at the top of the written file
|
||||||
|
default['openstack']['telemetry']['custom_template_banner'] =
|
||||||
|
'# This file autogenerated by Chef, changes will be overwritten'
|
||||||
# Set the endpoints for the telemetry services to allow all other cookbooks to
|
# Set the endpoints for the telemetry services to allow all other cookbooks to
|
||||||
# access and use them
|
# access and use them
|
||||||
%w(telemetry telemetry-metric).each do |ts|
|
%w(telemetry telemetry-metric).each do |ts|
|
||||||
@ -58,6 +61,28 @@ default['openstack']['telemetry']['identity-api']['auth']['version'] =
|
|||||||
default['openstack']['telemetry-metric']['identity-api']['auth']['version'] =
|
default['openstack']['telemetry-metric']['identity-api']['auth']['version'] =
|
||||||
node['openstack']['api']['auth']['version']
|
node['openstack']['api']['auth']['version']
|
||||||
|
|
||||||
|
%w(telemetry telemetry-metric).each do |ts|
|
||||||
|
# specify whether to enable SSL for ceilometer API endpoint
|
||||||
|
default['openstack'][ts]['ssl']['enabled'] = false
|
||||||
|
# specify server whether to enforce client certificate requirement
|
||||||
|
default['openstack'][ts]['ssl']['cert_required'] = false
|
||||||
|
# SSL certificate, keyfile and CA certficate file locations
|
||||||
|
default['openstack'][ts]['ssl']['basedir'] = '/etc/ceilometer/ssl'
|
||||||
|
# Protocol for SSL (Apache)
|
||||||
|
default['openstack'][ts]['ssl']['protocol'] = 'All -SSLv2 -SSLv3'
|
||||||
|
# Which ciphers to use with the SSL/TLS protocol (Apache)
|
||||||
|
# Example: 'RSA:HIGH:MEDIUM:!LOW:!kEDH:!aNULL:!ADH:!eNULL:!EXP:!SSLv2:!SEED:!CAMELLIA:!PSK!RC4:!RC4-MD5:!RC4-SHA'
|
||||||
|
default['openstack'][ts]['ssl']['ciphers'] = nil
|
||||||
|
# path of the cert file for SSL.
|
||||||
|
default['openstack'][ts]['ssl']['certfile'] = "#{node['openstack'][ts]['ssl']['basedir']}/certs/sslcert.pem"
|
||||||
|
# path of the keyfile for SSL.
|
||||||
|
default['openstack'][ts]['ssl']['keyfile'] = "#{node['openstack'][ts]['ssl']['basedir']}/private/sslkey.pem"
|
||||||
|
default['openstack'][ts]['ssl']['chainfile'] = nil
|
||||||
|
# path of the CA cert file for SSL.
|
||||||
|
default['openstack'][ts]['ssl']['ca_certs'] = "#{node['openstack'][ts]['ssl']['basedir']}/certs/sslca.pem"
|
||||||
|
# path of the CA cert files for SSL (Apache)
|
||||||
|
default['openstack'][ts]['ssl']['ca_certs_path'] = "#{node['openstack'][ts]['ssl']['basedir']}/certs/"
|
||||||
|
end
|
||||||
case platform_family
|
case platform_family
|
||||||
when 'rhel'
|
when 'rhel'
|
||||||
default['openstack']['telemetry']['platform'] = {
|
default['openstack']['telemetry']['platform'] = {
|
||||||
@ -82,7 +107,7 @@ when 'rhel'
|
|||||||
when 'debian'
|
when 'debian'
|
||||||
default['openstack']['telemetry']['platform'] = {
|
default['openstack']['telemetry']['platform'] = {
|
||||||
'common_packages' => ['ceilometer-common'],
|
'common_packages' => ['ceilometer-common'],
|
||||||
'gnocchi_packages' => ['gnocchi-api', 'gnocchi-metricd'],
|
'gnocchi_packages' => ['python-gnocchi', 'gnocchi-common', 'gnocchi-api', 'gnocchi-metricd'],
|
||||||
'gnocchi-api_service' => 'gnocchi-api',
|
'gnocchi-api_service' => 'gnocchi-api',
|
||||||
'gnocchi-metricd_service' => 'gnocchi-metricd',
|
'gnocchi-metricd_service' => 'gnocchi-metricd',
|
||||||
'agent_central_packages' => ['ceilometer-agent-central'],
|
'agent_central_packages' => ['ceilometer-agent-central'],
|
||||||
@ -91,6 +116,8 @@ when 'debian'
|
|||||||
'agent_compute_service' => 'ceilometer-agent-compute',
|
'agent_compute_service' => 'ceilometer-agent-compute',
|
||||||
'agent_notification_packages' => ['ceilometer-agent-notification'],
|
'agent_notification_packages' => ['ceilometer-agent-notification'],
|
||||||
'agent_notification_service' => 'ceilometer-agent-notification',
|
'agent_notification_service' => 'ceilometer-agent-notification',
|
||||||
|
'ceilometer-api_wsgi_file' => '/usr/lib/python2.7/dist-packages/ceilometer/api/app.wsgi',
|
||||||
|
'gnocchi-api_wsgi_file' => '/usr/share/gnocchi-common/app.wsgi',
|
||||||
'api_packages' => ['ceilometer-api'],
|
'api_packages' => ['ceilometer-api'],
|
||||||
'api_service' => 'ceilometer-api',
|
'api_service' => 'ceilometer-api',
|
||||||
'client_packages' => ['python-ceilometerclient', 'python-gnocchiclient'],
|
'client_packages' => ['python-ceilometerclient', 'python-gnocchiclient'],
|
||||||
|
@ -26,3 +26,4 @@ end
|
|||||||
depends 'openstack-common', '>= 14.0.0'
|
depends 'openstack-common', '>= 14.0.0'
|
||||||
depends 'openstack-identity', '>= 14.0.0'
|
depends 'openstack-identity', '>= 14.0.0'
|
||||||
depends 'openstackclient'
|
depends 'openstackclient'
|
||||||
|
depends 'apache2', '~> 3.2'
|
||||||
|
@ -20,7 +20,14 @@
|
|||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
#
|
#
|
||||||
|
|
||||||
include_recipe 'openstack-telemetry::common'
|
require 'uri'
|
||||||
|
|
||||||
|
# load the methods defined in cookbook-openstack-common libraries
|
||||||
|
class ::Chef::Recipe
|
||||||
|
include ::Openstack
|
||||||
|
end
|
||||||
|
|
||||||
|
# include_recipe 'openstack-telemetry::common'
|
||||||
|
|
||||||
platform = node['openstack']['telemetry']['platform']
|
platform = node['openstack']['telemetry']['platform']
|
||||||
platform['api_packages'].each do |pkg|
|
platform['api_packages'].each do |pkg|
|
||||||
@ -29,9 +36,58 @@ platform['api_packages'].each do |pkg|
|
|||||||
action :upgrade
|
action :upgrade
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
bind_service = node['openstack']['bind_service']['all']['telemetry']
|
||||||
|
bind_service_address = bind_address bind_service
|
||||||
|
#### Start of Apache specific work
|
||||||
|
|
||||||
service 'ceilometer-api' do
|
# configure attributes for apache2 cookbook to align with openstack settings
|
||||||
service_name platform['api_service']
|
apache_listen = Array(node['apache']['listen']) # include already defined listen attributes
|
||||||
subscribes :restart, "template[#{node['openstack']['telemetry']['conf_file']}]"
|
# Remove the default apache2 cookbook port, as that is also the default for horizon, but with
|
||||||
action [:enable, :start]
|
# a different address syntax. *:80 vs 0.0.0.0:80
|
||||||
|
apache_listen -= ['*:80']
|
||||||
|
apache_listen += ["#{bind_service_address}:#{bind_service.port}"]
|
||||||
|
node.normal['apache']['listen'] = apache_listen.uniq
|
||||||
|
|
||||||
|
# include the apache2 default recipe and the recipes for mod_wsgi
|
||||||
|
include_recipe 'apache2'
|
||||||
|
include_recipe 'apache2::mod_wsgi'
|
||||||
|
# include the apache2 mod_ssl recipe if ssl is enabled for identity
|
||||||
|
include_recipe 'apache2::mod_ssl' if node['openstack']['telemetry']['ssl']['enabled']
|
||||||
|
|
||||||
|
# create the ceilometer-api apache directory
|
||||||
|
ceilometer_apache_dir = "#{node['apache']['docroot_dir']}/ceilometer"
|
||||||
|
directory ceilometer_apache_dir do
|
||||||
|
owner 'root'
|
||||||
|
group 'root'
|
||||||
|
mode 00755
|
||||||
|
end
|
||||||
|
|
||||||
|
ceilometer_server_entry = "#{ceilometer_apache_dir}/app"
|
||||||
|
# Note: Using lazy here as the wsgi file is not available until after
|
||||||
|
# the ceilometer-api package is installed during execution phase.
|
||||||
|
file ceilometer_server_entry do
|
||||||
|
content lazy { IO.read(platform['ceilometer-api_wsgi_file']) }
|
||||||
|
owner 'root'
|
||||||
|
group 'root'
|
||||||
|
mode 00755
|
||||||
|
end
|
||||||
|
|
||||||
|
web_app 'ceilometer-api' do
|
||||||
|
template 'wsgi-template.conf.erb'
|
||||||
|
deamon_process 'ceilometer-api'
|
||||||
|
server_host node['openstack']['telemetry']['conf']['api']['host']
|
||||||
|
server_port node['openstack']['telemetry']['conf']['api']['port']
|
||||||
|
server_entry ceilometer_server_entry
|
||||||
|
log_dir node['apache']['log_dir']
|
||||||
|
log_debug node['openstack']['telemetry']['debug']
|
||||||
|
user node['openstack']['telemetry']['user']
|
||||||
|
group node['openstack']['telemetry']['group']
|
||||||
|
use_ssl node['openstack']['telemetry']['ssl']['enabled']
|
||||||
|
cert_file node['openstack']['telemetry']['ssl']['certfile']
|
||||||
|
chain_file node['openstack']['telemetry']['ssl']['chainfile']
|
||||||
|
key_file node['openstack']['telemetry']['ssl']['keyfile']
|
||||||
|
ca_certs_path node['openstack']['telemetry']['ssl']['ca_certs_path']
|
||||||
|
cert_required node['openstack']['telemetry']['ssl']['cert_required']
|
||||||
|
protocol node['openstack']['telemetry']['ssl']['protocol']
|
||||||
|
ciphers node['openstack']['telemetry']['ssl']['ciphers']
|
||||||
end
|
end
|
||||||
|
@ -15,7 +15,9 @@
|
|||||||
# See the License for the specific language governing permissions and
|
# See the License for the specific language governing permissions and
|
||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
#
|
#
|
||||||
|
class ::Chef::Recipe
|
||||||
|
include ::Openstack
|
||||||
|
end
|
||||||
platform = node['openstack']['telemetry']['platform']
|
platform = node['openstack']['telemetry']['platform']
|
||||||
db_user = node['openstack']['db']['telemetry-metric']['username']
|
db_user = node['openstack']['db']['telemetry-metric']['username']
|
||||||
db_pass = get_password 'db', 'gnocchi'
|
db_pass = get_password 'db', 'gnocchi'
|
||||||
@ -95,10 +97,58 @@ execute 'gnocchi-upgrade' do
|
|||||||
user node['openstack']['telemetry-metric']['user']
|
user node['openstack']['telemetry-metric']['user']
|
||||||
end
|
end
|
||||||
|
|
||||||
service 'gnocchi-api' do
|
#### Start of Apache specific work
|
||||||
service_name platform['gnocchi-api_service']
|
|
||||||
subscribes :restart, "template[#{node['openstack']['telemetry-metric']['conf_file']}]"
|
# configure attributes for apache2 cookbook to align with openstack settings
|
||||||
action [:enable, :start]
|
apache_listen = Array(node['apache']['listen']) # include already defined listen attributes
|
||||||
|
# Remove the default apache2 cookbook port, as that is also the default for horizon, but with
|
||||||
|
# a different address syntax. *:80 vs 0.0.0.0:80
|
||||||
|
apache_listen -= ['*:80']
|
||||||
|
apache_listen += ["#{bind_service_address}:#{bind_service.port}"]
|
||||||
|
node.normal['apache']['listen'] = apache_listen.uniq
|
||||||
|
|
||||||
|
# include the apache2 default recipe and the recipes for mod_wsgi
|
||||||
|
include_recipe 'apache2'
|
||||||
|
include_recipe 'apache2::mod_wsgi'
|
||||||
|
# include the apache2 mod_ssl recipe if ssl is enabled for identity
|
||||||
|
include_recipe 'apache2::mod_ssl' if node['openstack']['identity']['ssl']['enabled']
|
||||||
|
|
||||||
|
# create the gnocchi-api apache directory
|
||||||
|
gnocchi_apache_dir = "#{node['apache']['docroot_dir']}/gnocchi"
|
||||||
|
directory gnocchi_apache_dir do
|
||||||
|
owner 'root'
|
||||||
|
group 'root'
|
||||||
|
mode 00755
|
||||||
|
end
|
||||||
|
|
||||||
|
gnocchi_server_entry = "#{gnocchi_apache_dir}/app"
|
||||||
|
# Note: Using lazy here as the wsgi file is not available until after
|
||||||
|
# the gnocchik-api package is installed during execution phase.
|
||||||
|
file gnocchi_server_entry do
|
||||||
|
content lazy { IO.read(platform['gnocchi-api_wsgi_file']) }
|
||||||
|
owner 'root'
|
||||||
|
group 'root'
|
||||||
|
mode 00755
|
||||||
|
end
|
||||||
|
|
||||||
|
web_app 'gnocchi-api' do
|
||||||
|
template 'wsgi-template.conf.erb'
|
||||||
|
deamon_process 'gnocchi-api'
|
||||||
|
server_host node['openstack']['telemetry-metric']['conf']['api']['host']
|
||||||
|
server_port node['openstack']['telemetry-metric']['conf']['api']['port']
|
||||||
|
server_entry gnocchi_server_entry
|
||||||
|
log_dir node['apache']['log_dir']
|
||||||
|
log_debug node['openstack']['telemetry-metric']['debug']
|
||||||
|
user node['openstack']['telemetry-metric']['user']
|
||||||
|
group node['openstack']['telemetry-metric']['group']
|
||||||
|
use_ssl node['openstack']['telemetry-metric']['ssl']['enabled']
|
||||||
|
cert_file node['openstack']['telemetry-metric']['ssl']['certfile']
|
||||||
|
chain_file node['openstack']['telemetry-metric']['ssl']['chainfile']
|
||||||
|
key_file node['openstack']['telemetry-metric']['ssl']['keyfile']
|
||||||
|
ca_certs_path node['openstack']['telemetry-metric']['ssl']['ca_certs_path']
|
||||||
|
cert_required node['openstack']['telemetry-metric']['ssl']['cert_required']
|
||||||
|
protocol node['openstack']['telemetry-metric']['ssl']['protocol']
|
||||||
|
ciphers node['openstack']['telemetry-metric']['ssl']['ciphers']
|
||||||
end
|
end
|
||||||
|
|
||||||
service 'gnocchi-metricd' do
|
service 'gnocchi-metricd' do
|
||||||
|
@ -22,6 +22,6 @@ platform = node['openstack']['telemetry']['platform']
|
|||||||
platform['gnocchi_packages'].each do |pkg|
|
platform['gnocchi_packages'].each do |pkg|
|
||||||
package pkg do
|
package pkg do
|
||||||
options platform['package_overrides']
|
options platform['package_overrides']
|
||||||
action :upgrade
|
version '2.0.2-4'
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
@ -9,14 +9,9 @@ describe 'openstack-telemetry::api' do
|
|||||||
let(:chef_run) { runner.converge(described_recipe) }
|
let(:chef_run) { runner.converge(described_recipe) }
|
||||||
|
|
||||||
include_context 'telemetry-stubs'
|
include_context 'telemetry-stubs'
|
||||||
include_examples 'expect-runs-common-recipe'
|
|
||||||
|
|
||||||
it 'installs the api package' do
|
it 'installs the api package' do
|
||||||
expect(chef_run).to upgrade_package('openstack-ceilometer-api')
|
expect(chef_run).to upgrade_package 'openstack-ceilometer-api'
|
||||||
end
|
|
||||||
|
|
||||||
it 'starts api service' do
|
|
||||||
expect(chef_run).to start_service('openstack-ceilometer-api')
|
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
106
spec/api_spec.rb
106
spec/api_spec.rb
@ -9,20 +9,112 @@ describe 'openstack-telemetry::api' do
|
|||||||
let(:chef_run) { runner.converge(described_recipe) }
|
let(:chef_run) { runner.converge(described_recipe) }
|
||||||
|
|
||||||
include_context 'telemetry-stubs'
|
include_context 'telemetry-stubs'
|
||||||
include_examples 'expect-runs-common-recipe'
|
|
||||||
|
|
||||||
it 'installs the api package' do
|
it 'installs the api package' do
|
||||||
expect(chef_run).to upgrade_package 'ceilometer-api'
|
expect(chef_run).to upgrade_package 'ceilometer-api'
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'enables and starts the api service' do
|
describe 'apache recipes' do
|
||||||
expect(chef_run).to enable_service('ceilometer-api')
|
it 'include apache recipes' do
|
||||||
expect(chef_run).to start_service('ceilometer-api')
|
expect(chef_run).to include_recipe('apache2')
|
||||||
|
expect(chef_run).to include_recipe('apache2::mod_wsgi')
|
||||||
|
expect(chef_run).not_to include_recipe('apache2::mod_ssl')
|
||||||
end
|
end
|
||||||
|
|
||||||
describe 'ceilometer-api' do
|
it 'include apache recipes' do
|
||||||
it 'subscribes to its config file' do
|
node.set['openstack']['telemetry']['ssl']['enabled'] = true
|
||||||
expect(chef_run.service('ceilometer-api')).to subscribe_to('template[/etc/ceilometer/ceilometer.conf]').delayed
|
expect(chef_run).to include_recipe('apache2::mod_ssl')
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'creates directory /var/www/html/ceilometer' do
|
||||||
|
expect(chef_run).to create_directory('/var/www/html/ceilometer').with(
|
||||||
|
user: 'root',
|
||||||
|
group: 'root',
|
||||||
|
mode: 00755
|
||||||
|
)
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'creates wsgi file' do
|
||||||
|
expect(chef_run).to create_file('/var/www/html/ceilometer/app').with(
|
||||||
|
user: 'root',
|
||||||
|
group: 'root',
|
||||||
|
mode: 00755
|
||||||
|
)
|
||||||
|
end
|
||||||
|
|
||||||
|
describe 'apache wsgi' do
|
||||||
|
file = '/etc/apache2/sites-available/ceilometer-api.conf'
|
||||||
|
it "creates #{file}" do
|
||||||
|
expect(chef_run).to create_template(file).with(
|
||||||
|
user: 'root',
|
||||||
|
group: 'root',
|
||||||
|
mode: '0644'
|
||||||
|
)
|
||||||
|
end
|
||||||
|
|
||||||
|
it "configures #{file} common lines" do
|
||||||
|
node.set['openstack']['telemetry']['custom_template_banner'] = 'custom_template_banner_value'
|
||||||
|
[/user=ceilometer/,
|
||||||
|
/group=ceilometer/,
|
||||||
|
%r{^ ErrorLog /var/log/apache2/ceilometer-api_error.log$},
|
||||||
|
%r{^ CustomLog /var/log/apache2/ceilometer-api_access.log}].each do |line|
|
||||||
|
expect(chef_run).to render_file(file).with_content(line)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
it "does not configure #{file} triggered common lines" do
|
||||||
|
[/^ LogLevel/,
|
||||||
|
/^ SSL/].each do |line|
|
||||||
|
expect(chef_run).not_to render_file(file).with_content(line)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
context 'Enable SSL' do
|
||||||
|
before do
|
||||||
|
node.set['openstack']['telemetry']['ssl']['enabled'] = true
|
||||||
|
end
|
||||||
|
it "configures #{file} common ssl lines" do
|
||||||
|
[/^ SSLEngine On$/,
|
||||||
|
%r{^ SSLCertificateFile /etc/ceilometer/ssl/certs/sslcert.pem$},
|
||||||
|
%r{^ SSLCertificateKeyFile /etc/ceilometer/ssl/private/sslkey.pem$},
|
||||||
|
%r{^ SSLCACertificatePath /etc/ceilometer/ssl/certs/$},
|
||||||
|
/^ SSLProtocol All -SSLv2 -SSLv3$/].each do |line|
|
||||||
|
expect(chef_run).to render_file(file).with_content(line)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
it "does not configure #{file} common ssl lines" do
|
||||||
|
[/^ SSLCertificateChainFile/,
|
||||||
|
/^ SSLCipherSuite/,
|
||||||
|
/^ SSLVerifyClient require/].each do |line|
|
||||||
|
expect(chef_run).not_to render_file(file).with_content(line)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
it "configures #{file} chainfile when set" do
|
||||||
|
node.set['openstack']['telemetry']['ssl']['chainfile'] = '/etc/ceilometer/ssl/certs/chainfile.pem'
|
||||||
|
expect(chef_run).to render_file(file)
|
||||||
|
.with_content(%r{^ SSLCertificateChainFile /etc/ceilometer/ssl/certs/chainfile.pem$})
|
||||||
|
end
|
||||||
|
it "configures #{file} ciphers when set" do
|
||||||
|
node.set['openstack']['telemetry']['ssl']['ciphers'] = 'ciphers_value'
|
||||||
|
expect(chef_run).to render_file(file)
|
||||||
|
.with_content(/^ SSLCipherSuite ciphers_value$/)
|
||||||
|
end
|
||||||
|
it "configures #{file} cert_required set" do
|
||||||
|
node.set['openstack']['telemetry']['ssl']['cert_required'] = true
|
||||||
|
expect(chef_run).to render_file(file)
|
||||||
|
.with_content(/^ SSLVerifyClient require$/)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
describe 'ceilometer-api WSGI app' do
|
||||||
|
it 'configures required lines' do
|
||||||
|
[/^<VirtualHost 127.0.0.1:8777>$/,
|
||||||
|
/^ WSGIDaemonProcess ceilometer-api/,
|
||||||
|
/^ WSGIProcessGroup ceilometer-api$/,
|
||||||
|
%r{^ WSGIScriptAlias / /var/www/html/ceilometer/app$}].each do |line|
|
||||||
|
expect(chef_run).to render_file('/etc/apache2/sites-available/ceilometer-api.conf').with_content(line)
|
||||||
|
end
|
||||||
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
@ -115,12 +115,115 @@ describe 'openstack-telemetry::gnocchi_configure' do
|
|||||||
.with(user: 'gnocchi')
|
.with(user: 'gnocchi')
|
||||||
end
|
end
|
||||||
|
|
||||||
%w(gnocchi-api gnocchi-metricd).each do |service|
|
|
||||||
it do
|
it do
|
||||||
expect(chef_run).to enable_service(service)
|
expect(chef_run).to enable_service('gnocchi-metricd')
|
||||||
end
|
end
|
||||||
|
|
||||||
it do
|
it do
|
||||||
expect(chef_run).to start_service(service)
|
expect(chef_run).to start_service('gnocchi-metricd')
|
||||||
|
end
|
||||||
|
|
||||||
|
describe 'apache recipes' do
|
||||||
|
it 'include apache recipes' do
|
||||||
|
expect(chef_run).to include_recipe('apache2')
|
||||||
|
expect(chef_run).to include_recipe('apache2::mod_wsgi')
|
||||||
|
expect(chef_run).not_to include_recipe('apache2::mod_ssl')
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'include apache recipes' do
|
||||||
|
node.set['openstack']['identity']['ssl']['enabled'] = true
|
||||||
|
expect(chef_run).to include_recipe('apache2::mod_ssl')
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'creates directory /var/www/html/gnocchi' do
|
||||||
|
expect(chef_run).to create_directory('/var/www/html/gnocchi').with(
|
||||||
|
user: 'root',
|
||||||
|
group: 'root',
|
||||||
|
mode: 00755
|
||||||
|
)
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'creates wsgi file' do
|
||||||
|
expect(chef_run).to create_file('/var/www/html/gnocchi/app').with(
|
||||||
|
user: 'root',
|
||||||
|
group: 'root',
|
||||||
|
mode: 00755
|
||||||
|
)
|
||||||
|
end
|
||||||
|
|
||||||
|
describe 'apache wsgi' do
|
||||||
|
file = '/etc/apache2/sites-available/gnocchi-api.conf'
|
||||||
|
it "creates #{file}" do
|
||||||
|
expect(chef_run).to create_template(file).with(
|
||||||
|
user: 'root',
|
||||||
|
group: 'root',
|
||||||
|
mode: '0644'
|
||||||
|
)
|
||||||
|
end
|
||||||
|
|
||||||
|
it "configures #{file} common lines" do
|
||||||
|
node.set['openstack']['telemetry-metric']['custom_template_banner'] = 'custom_template_banner_value'
|
||||||
|
[/user=gnocchi/,
|
||||||
|
/group=gnocchi/,
|
||||||
|
%r{^ ErrorLog /var/log/apache2/gnocchi-api_error.log$},
|
||||||
|
%r{^ CustomLog /var/log/apache2/gnocchi-api_access.log combined$}].each do |line|
|
||||||
|
expect(chef_run).to render_file(file).with_content(line)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
it "does not configure #{file} triggered common lines" do
|
||||||
|
[/^ LogLevel/,
|
||||||
|
/^ SSL/].each do |line|
|
||||||
|
expect(chef_run).not_to render_file(file).with_content(line)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
context 'Enable SSL' do
|
||||||
|
before do
|
||||||
|
node.set['openstack']['telemetry-metric']['ssl']['enabled'] = true
|
||||||
|
end
|
||||||
|
it "configures #{file} common ssl lines" do
|
||||||
|
[/^ SSLEngine On$/,
|
||||||
|
%r{^ SSLCertificateFile /etc/ceilometer/ssl/certs/sslcert.pem$},
|
||||||
|
%r{^ SSLCertificateKeyFile /etc/ceilometer/ssl/private/sslkey.pem$},
|
||||||
|
%r{^ SSLCACertificatePath /etc/ceilometer/ssl/certs/$},
|
||||||
|
/^ SSLProtocol All -SSLv2 -SSLv3$/].each do |line|
|
||||||
|
expect(chef_run).to render_file(file).with_content(line)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
it "does not configure #{file} common ssl lines" do
|
||||||
|
[/^ SSLCertificateChainFile/,
|
||||||
|
/^ SSLCipherSuite/,
|
||||||
|
/^ SSLVerifyClient require/].each do |line|
|
||||||
|
expect(chef_run).not_to render_file(file).with_content(line)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
it "configures #{file} chainfile when set" do
|
||||||
|
node.set['openstack']['telemetry-metric']['ssl']['chainfile'] = '/etc/ceilometer/ssl/certs/chainfile.pem'
|
||||||
|
expect(chef_run).to render_file(file)
|
||||||
|
.with_content(%r{^ SSLCertificateChainFile /etc/ceilometer/ssl/certs/chainfile.pem$})
|
||||||
|
end
|
||||||
|
it "configures #{file} ciphers when set" do
|
||||||
|
node.set['openstack']['telemetry-metric']['ssl']['ciphers'] = 'ciphers_value'
|
||||||
|
expect(chef_run).to render_file(file)
|
||||||
|
.with_content(/^ SSLCipherSuite ciphers_value$/)
|
||||||
|
end
|
||||||
|
it "configures #{file} cert_required set" do
|
||||||
|
node.set['openstack']['telemetry-metric']['ssl']['cert_required'] = true
|
||||||
|
expect(chef_run).to render_file(file)
|
||||||
|
.with_content(/^ SSLVerifyClient require$/)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
describe 'gnocchi-api WSGI app' do
|
||||||
|
it 'configures required lines' do
|
||||||
|
[/^<VirtualHost 127.0.0.1:8041>$/,
|
||||||
|
/^ WSGIDaemonProcess gnocchi-api/,
|
||||||
|
/^ WSGIProcessGroup gnocchi-api$/,
|
||||||
|
%r{^ WSGIScriptAlias / /var/www/html/gnocchi/app$}].each do |line|
|
||||||
|
expect(chef_run).to render_file('/etc/apache2/sites-available/gnocchi-api.conf').with_content(line)
|
||||||
|
end
|
||||||
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
@ -11,11 +11,11 @@ describe 'openstack-telemetry::gnocchi_install' do
|
|||||||
include_context 'telemetry-stubs'
|
include_context 'telemetry-stubs'
|
||||||
|
|
||||||
it do
|
it do
|
||||||
expect(chef_run).to upgrade_package 'gnocchi-api'
|
expect(chef_run).to install_package 'gnocchi-api'
|
||||||
end
|
end
|
||||||
|
|
||||||
it do
|
it do
|
||||||
expect(chef_run).to upgrade_package 'gnocchi-metricd'
|
expect(chef_run).to install_package 'gnocchi-metricd'
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
@ -42,6 +42,12 @@ shared_context 'telemetry-stubs' do
|
|||||||
.with('user', 'admin')
|
.with('user', 'admin')
|
||||||
.and_return('admin-pass')
|
.and_return('admin-pass')
|
||||||
allow(Chef::Application).to receive(:fatal!)
|
allow(Chef::Application).to receive(:fatal!)
|
||||||
|
node.set['openstack']['telemetry']['conf']['api']['host'] = '127.0.0.1'
|
||||||
|
node.set['openstack']['telemetry']['conf']['api']['port'] = '8777'
|
||||||
|
node.set['openstack']['telemetry-metric']['conf']['api']['host'] = '127.0.0.1'
|
||||||
|
node.set['openstack']['telemetry-metric']['conf']['api']['port'] = '8041'
|
||||||
|
stub_command('/usr/sbin/apache2 -t')
|
||||||
|
stub_command('/usr/sbin/httpd -t')
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
37
templates/wsgi-template.conf.erb
Normal file
37
templates/wsgi-template.conf.erb
Normal file
@ -0,0 +1,37 @@
|
|||||||
|
<%= node["openstack"]["telemetry"]["custom_template_banner"] %>
|
||||||
|
|
||||||
|
Listen <%= @params[:server_host] %>:<%= @params[:server_port] %>
|
||||||
|
|
||||||
|
<VirtualHost <%= @params[:server_host] %>:<%= @params[:server_port] %>>
|
||||||
|
WSGIDaemonProcess <%= @params[:deamon_process] %> processes=2 threads=10 user=<%= @params[:user] %> group=<%= @params[:group] %> display-name=%{GROUP}
|
||||||
|
WSGIProcessGroup <%= @params[:deamon_process] %>
|
||||||
|
WSGIScriptAlias / <%= @params[:server_entry] %>
|
||||||
|
WSGIApplicationGroup %{GLOBAL}
|
||||||
|
WSGIPassAuthorization On
|
||||||
|
|
||||||
|
ErrorLogFormat "%{cu}t %M"
|
||||||
|
ErrorLog <%= @params[:log_dir] %>/<%= @params[:deamon_process] %>_error.log
|
||||||
|
CustomLog <%= @params[:log_dir] %>/<%= @params[:deamon_process] %>_access.log combined
|
||||||
|
<% if [true, 'true', 'True'].include?(@params[:log_debug]) -%>
|
||||||
|
LogLevel debug
|
||||||
|
<% end -%>
|
||||||
|
|
||||||
|
<% if @params[:use_ssl] -%>
|
||||||
|
SSLEngine On
|
||||||
|
SSLCertificateFile <%= @params[:cert_file] %>
|
||||||
|
SSLCertificateKeyFile <%= @params[:key_file] %>
|
||||||
|
SSLCACertificatePath <%= @params[:ca_certs_path] %>
|
||||||
|
<% if @params[:chain_file] %>
|
||||||
|
SSLCertificateChainFile <%= @params[:chain_file] %>
|
||||||
|
<% end -%>
|
||||||
|
SSLProtocol <%= @params[:protocol] %>
|
||||||
|
<% if @params[:ciphers] -%>
|
||||||
|
SSLCipherSuite <%= @params[:ciphers] %>
|
||||||
|
<% end -%>
|
||||||
|
<% if @params[:cert_required] -%>
|
||||||
|
SSLVerifyClient require
|
||||||
|
<% end -%>
|
||||||
|
<% end -%>
|
||||||
|
</VirtualHost>
|
||||||
|
|
||||||
|
WSGISocketPrefix /var/run/apache2
|
Loading…
Reference in New Issue
Block a user