master node keystone under Apache
Fresh keystone packages don't provide ability to run Keystone under eventlet. So this migration is done. Closes-bug: #1601812 Change-Id: Ia469530bf336a3ea2f56d60181e8bee087874298
This commit is contained in:
parent
b31cb67efb
commit
3c70d683d9
@ -7,3 +7,4 @@ fixtures:
|
||||
stdlib: "#{source_dir}/../stdlib"
|
||||
apache: "#{source_dir}/../apache"
|
||||
concat: "#{source_dir}/../concat"
|
||||
fuel: "#{source_dir}/../fuel"
|
||||
|
@ -3,11 +3,16 @@
|
||||
# Configure apache and listen ports.
|
||||
#
|
||||
class cobbler::apache {
|
||||
file { ['/etc/httpd/', '/etc/httpd/conf.ports.d/']: ensure => directory }
|
||||
->
|
||||
class { '::apache':
|
||||
server_signature => 'Off',
|
||||
trace_enable => 'Off',
|
||||
purge_configs => false,
|
||||
purge_vhost_dir => false,
|
||||
default_vhost => false,
|
||||
ports_file => '/etc/httpd/conf.ports.d/cobbler.conf',
|
||||
conf_template => 'fuel/httpd.conf.erb',
|
||||
}
|
||||
|
||||
apache::vhost { 'cobbler non-ssl':
|
||||
|
@ -53,12 +53,21 @@ describe "cobbler::apache" do
|
||||
end
|
||||
end
|
||||
|
||||
it "ensures httpd confdir for ports-configs" do
|
||||
is_expected.to contain_file('/etc/httpd/conf.ports.d/').with(
|
||||
:ensure => 'directory',
|
||||
)
|
||||
end
|
||||
|
||||
it "configures 'apache' class" do
|
||||
is_expected.to contain_class("apache").with(
|
||||
:server_signature => "Off",
|
||||
:trace_enable => "Off",
|
||||
:purge_configs => false,
|
||||
:purge_vhost_dir => false,
|
||||
:default_vhost => false,
|
||||
:conf_template => 'fuel/httpd.conf.erb',
|
||||
:ports_file => '/etc/httpd/conf.ports.d/cobbler.conf',
|
||||
)
|
||||
end
|
||||
|
||||
|
@ -23,10 +23,3 @@ class { 'fuel::keystone':
|
||||
ostf_user => $::fuel_settings['keystone']['ostf_user'],
|
||||
ostf_password => $::fuel_settings['keystone']['ostf_password'],
|
||||
}
|
||||
|
||||
fuel::systemd {['openstack-keystone']:
|
||||
start => true,
|
||||
template_path => 'fuel/systemd/restart_template.erb',
|
||||
config_name => 'restart.conf',
|
||||
require => Class['fuel::keystone'],
|
||||
}
|
||||
|
@ -4,6 +4,10 @@ class fuel::keystone (
|
||||
$admin_port = $::fuel::params::keystone_admin_port,
|
||||
$keystone_domain = $::fuel::params::keystone_domain,
|
||||
|
||||
$ssl = $::fuel::params::ssl,
|
||||
|
||||
$vhost_limit_request_field_size = $::fuel::params::vhost_limit_request_field_size,
|
||||
|
||||
$db_engine = $::fuel::params::db_engine,
|
||||
$db_host = $::fuel::params::db_host,
|
||||
$db_port = $::fuel::params::db_port,
|
||||
@ -31,6 +35,18 @@ class fuel::keystone (
|
||||
ensure_packages(['crontabs', 'os-client-config', 'python-tablib',
|
||||
'python-unicodecsv', 'rubygem-thread_safe'])
|
||||
|
||||
file { ['/etc/httpd/', '/etc/httpd/conf.ports.d/']: ensure => directory }
|
||||
->
|
||||
class {'::apache':
|
||||
server_signature => 'Off',
|
||||
trace_enable => 'Off',
|
||||
purge_configs => false,
|
||||
purge_vhost_dir => false,
|
||||
default_vhost => false,
|
||||
ports_file => '/etc/httpd/conf.ports.d/keystone.conf',
|
||||
conf_template => 'fuel/httpd.conf.erb',
|
||||
}
|
||||
|
||||
class { '::keystone':
|
||||
# (TODO iberezovskiy): Set 'enable_bootstrap' to true when MOS packages will
|
||||
# be updated and 'keystone-manage bootstrap' command will be available
|
||||
@ -41,7 +57,18 @@ class fuel::keystone (
|
||||
token_expiration => $token_expiration,
|
||||
token_provider => 'keystone.token.providers.uuid.Provider',
|
||||
default_domain => $keystone_domain,
|
||||
service_name => $::fuel::params::keystone_service_name,
|
||||
service_name => 'httpd',
|
||||
use_syslog => true,
|
||||
}
|
||||
class { 'keystone::wsgi::apache':
|
||||
public_port => $port,
|
||||
admin_port => $admin_port,
|
||||
ssl => $ssl,
|
||||
priority => '05',
|
||||
threads => 3,
|
||||
workers => min($::processorcount, 6),
|
||||
vhost_custom_fragment => $vhost_limit_request_field_size,
|
||||
access_log_format => 'forwarded',
|
||||
}
|
||||
|
||||
# Ensure that keystone_paste_ini file includes "admin_token_auth" filter
|
||||
|
@ -36,6 +36,9 @@ class fuel::params {
|
||||
$keystone_port = '5000'
|
||||
$keystone_admin_port = '35357'
|
||||
$keystone_domain = 'fuel'
|
||||
$ssl = false
|
||||
|
||||
$vhost_limit_request_field_size = 'LimitRequestFieldSize 81900'
|
||||
|
||||
$keystone_admin_user = 'admin'
|
||||
$keystone_admin_password = 'admin'
|
||||
|
58
deployment/puppet/fuel/spec/classes/fuel_keystone_spec.rb
Normal file
58
deployment/puppet/fuel/spec/classes/fuel_keystone_spec.rb
Normal file
@ -0,0 +1,58 @@
|
||||
require "spec_helper"
|
||||
|
||||
describe "fuel::keystone" do
|
||||
|
||||
let :global_facts do
|
||||
{
|
||||
:processorcount => 42,
|
||||
}
|
||||
end
|
||||
|
||||
shared_examples_for "keystone configuration" do
|
||||
|
||||
context "with default params" do
|
||||
|
||||
it "ensures httpd confdir for ports-configs" do
|
||||
is_expected.to contain_file('/etc/httpd/conf.ports.d/').with(
|
||||
:ensure => 'directory',
|
||||
)
|
||||
end
|
||||
|
||||
it "configures 'apache' class" do
|
||||
is_expected.to contain_class("apache").with(
|
||||
:server_signature => "Off",
|
||||
:trace_enable => "Off",
|
||||
:purge_configs => false,
|
||||
:purge_vhost_dir => false,
|
||||
:default_vhost => false,
|
||||
:conf_template => 'fuel/httpd.conf.erb',
|
||||
:ports_file => '/etc/httpd/conf.ports.d/keystone.conf',
|
||||
)
|
||||
end
|
||||
|
||||
it "creates 'keystone' vhost" do
|
||||
is_expected.to contain_class("keystone::wsgi::apache").with(
|
||||
:public_port => '5000',
|
||||
:admin_port => '35357',
|
||||
:ssl => false,
|
||||
:priority => '05',
|
||||
:threads => 3,
|
||||
:vhost_custom_fragment => 'LimitRequestFieldSize 81900',
|
||||
:workers => 6,
|
||||
:access_log_format => 'forwarded',
|
||||
)
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
on_supported_os(supported_os: supported_os).each do |os, facts|
|
||||
context "on #{os}" do
|
||||
let(:facts) { facts }
|
||||
it_configures "keystone configuration"
|
||||
end
|
||||
end
|
||||
|
||||
end
|
||||
|
146
deployment/puppet/fuel/templates/httpd.conf.erb
Normal file
146
deployment/puppet/fuel/templates/httpd.conf.erb
Normal file
@ -0,0 +1,146 @@
|
||||
# Security
|
||||
ServerTokens <%= @server_tokens %>
|
||||
ServerSignature <%= scope.function_bool2httpd([@server_signature]) %>
|
||||
TraceEnable <%= scope.function_bool2httpd([@trace_enable]) %>
|
||||
|
||||
ServerName "<%= @servername %>"
|
||||
ServerRoot "<%= @server_root %>"
|
||||
PidFile <%= @pidfile %>
|
||||
Timeout <%= @timeout %>
|
||||
KeepAlive <%= @keepalive %>
|
||||
MaxKeepAliveRequests <%= @max_keepalive_requests %>
|
||||
KeepAliveTimeout <%= @keepalive_timeout %>
|
||||
LimitRequestFieldSize <%= @limitreqfieldsize %>
|
||||
|
||||
<%- if @rewrite_lock and scope.function_versioncmp([@apache_version, '2.2']) <= 0 -%>
|
||||
RewriteLock <%= @rewrite_lock %>
|
||||
<%- end -%>
|
||||
|
||||
User <%= @user %>
|
||||
Group <%= @group %>
|
||||
|
||||
AccessFileName .htaccess
|
||||
<FilesMatch "^\.ht">
|
||||
<%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%>
|
||||
Require all denied
|
||||
<%- else -%>
|
||||
Order allow,deny
|
||||
Deny from all
|
||||
Satisfy all
|
||||
<%- end -%>
|
||||
</FilesMatch>
|
||||
|
||||
<Directory />
|
||||
Options <%= Array(@root_directory_options).join(' ') %>
|
||||
AllowOverride None
|
||||
<%- if @root_directory_secured -%>
|
||||
<%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%>
|
||||
Require all denied
|
||||
<%- else -%>
|
||||
Order deny,allow
|
||||
Deny from all
|
||||
<%- end -%>
|
||||
<%- end -%>
|
||||
</Directory>
|
||||
|
||||
<% if @default_charset -%>
|
||||
AddDefaultCharset <%= @default_charset %>
|
||||
<% end -%>
|
||||
|
||||
<%- if scope.function_versioncmp([@apache_version, '2.4']) < 0 -%>
|
||||
DefaultType <%= @default_type %>
|
||||
<%- end -%>
|
||||
HostnameLookups Off
|
||||
ErrorLog "<%= @logroot %>/<%= @error_log %>"
|
||||
LogLevel <%= @log_level %>
|
||||
EnableSendfile <%= @sendfile %>
|
||||
<%- if @allow_encoded_slashes -%>
|
||||
AllowEncodedSlashes <%= @allow_encoded_slashes %>
|
||||
<%- end -%>
|
||||
|
||||
#Listen 80
|
||||
|
||||
<% if @apxs_workaround -%>
|
||||
# Workaround: without this hack apxs would be confused about where to put
|
||||
# LoadModule directives and fail entire procedure of apache package
|
||||
# installation/reinstallation. This problem was observed on FreeBSD (apache22).
|
||||
#LoadModule fake_module libexec/apache22/mod_fake.so
|
||||
<% end -%>
|
||||
|
||||
Include "<%= @mod_load_dir %>/*.load"
|
||||
<% if @mod_load_dir != @confd_dir and @mod_load_dir != @vhost_load_dir -%>
|
||||
Include "<%= @mod_load_dir %>/*.conf"
|
||||
<% end -%>
|
||||
Include /etc/httpd/conf.ports.d/*.conf
|
||||
|
||||
<% unless @log_formats.has_key?('combined') -%>
|
||||
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
|
||||
<% end -%>
|
||||
<% unless @log_formats.has_key?('common') -%>
|
||||
LogFormat "%h %l %u %t \"%r\" %>s %b" common
|
||||
<% end -%>
|
||||
<% unless @log_formats.has_key?('referer') -%>
|
||||
LogFormat "%{Referer}i -> %U" referer
|
||||
<% end -%>
|
||||
<% unless @log_formats.has_key?('agent') -%>
|
||||
LogFormat "%{User-agent}i" agent
|
||||
<% end -%>
|
||||
<% unless @log_formats.has_key?('forwarded') -%>
|
||||
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %s %b \"%{Referer}i\" \"%{User-agent}i\"" forwarded
|
||||
<% end -%>
|
||||
<% if @log_formats and !@log_formats.empty? -%>
|
||||
<%- @log_formats.sort.each do |nickname,format| -%>
|
||||
LogFormat "<%= format -%>" <%= nickname %>
|
||||
<%- end -%>
|
||||
<% end -%>
|
||||
|
||||
<%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%>
|
||||
IncludeOptional "<%= @confd_dir %>/*.conf"
|
||||
<%- else -%>
|
||||
Include "<%= @confd_dir %>/*.conf"
|
||||
<%- end -%>
|
||||
<% if @vhost_load_dir != @confd_dir -%>
|
||||
<%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%>
|
||||
IncludeOptional "<%= @vhost_load_dir %>/<%= @vhost_include_pattern %>"
|
||||
<%- else -%>
|
||||
Include "<%= @vhost_load_dir %>/<%= @vhost_include_pattern %>"
|
||||
<%- end -%>
|
||||
<% end -%>
|
||||
|
||||
<% if @error_documents -%>
|
||||
# /usr/share/apache2/error on debian
|
||||
Alias /error/ "<%= @error_documents_path %>/"
|
||||
|
||||
<Directory "<%= @error_documents_path %>">
|
||||
AllowOverride None
|
||||
Options IncludesNoExec
|
||||
AddOutputFilter Includes html
|
||||
AddHandler type-map var
|
||||
<%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%>
|
||||
Require all granted
|
||||
<%- else -%>
|
||||
Order allow,deny
|
||||
Allow from all
|
||||
<%- end -%>
|
||||
LanguagePriority en cs de es fr it nl sv pt-br ro
|
||||
ForceLanguagePriority Prefer Fallback
|
||||
</Directory>
|
||||
|
||||
ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var
|
||||
ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var
|
||||
ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var
|
||||
ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var
|
||||
ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var
|
||||
ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var
|
||||
ErrorDocument 410 /error/HTTP_GONE.html.var
|
||||
ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var
|
||||
ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var
|
||||
ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var
|
||||
ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var
|
||||
ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var
|
||||
ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var
|
||||
ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var
|
||||
ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var
|
||||
ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var
|
||||
ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var
|
||||
<% end -%>
|
@ -31,14 +31,12 @@ describe manifest do
|
||||
is_expected.to contain_class('fuel::keystone').with parameters
|
||||
end
|
||||
|
||||
it 'should have "openstack-keystone" fuel::systemd service' do
|
||||
parameters = {
|
||||
:start => true,
|
||||
:template_path => 'fuel/systemd/restart_template.erb',
|
||||
:config_name => 'restart.conf',
|
||||
it {
|
||||
should contain_service('httpd').with(
|
||||
:ensure => 'running',
|
||||
:enable => true
|
||||
)
|
||||
}
|
||||
is_expected.to contain_fuel__systemd('openstack-keystone').with parameters
|
||||
end
|
||||
|
||||
end
|
||||
run_test manifest
|
||||
|
Loading…
Reference in New Issue
Block a user