openstack/fuel-library
Code Issues Proposed changes

Pull apart swift haproxy health checker

Browse Source 
Setup custom script checker with additional auth endpoint availability
scan if swift proxy listens to the same ip address with storage daemons
otherwise use default internal health check method.

Also introduce the following haproxy options:
* <spread-checks>
  add some randomness in the check interval to avoid sending
  health checks to servers at exact interspaces.
* <dontlognull>
  disable logging of null connections as these can pollute the logs.
* <tcp-smart-accept, tcp-smart-connect>
  performance tweak, saving one ACK packet during the
  accept/connect sequence.

DocImpact
Change-Id: I70ebdc595e85294559d33cc03d4221a738b0bbc5
Closes-Bug: #1516978
This commit is contained in:
Michael Polenchuk 2015-12-10 16:55:21 +03:00
parent 7ddb373ac9
commit 69390d7d16
12 changed files with 367 additions and 105 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
deployment/puppet/cluster/manifests/haproxy.pp
View File

@ -49,7 +49,8 @@ class cluster::haproxy (
$primary_controller = false,
$debug = false,
$other_networks = false,
$stats_ipaddresses = ['127.0.0.1']
$stats_ipaddresses = ['127.0.0.1'],
$spread_checks = '3',
) {
include ::concat::setup
include ::haproxy::params
@ -70,6 +71,7 @@ class cluster::haproxy (
'group' => 'haproxy',
'daemon' => '',
'stats' => 'socket /var/lib/haproxy/stats',
'spread-checks' => $spread_checks,
'tune.bufsize' => $haproxy_bufsize,
'tune.maxrewrite' => $haproxy_maxrewrite,
'tune.ssl.default-dh-param' => $haproxy_ssl_default_dh_param
@ -84,6 +86,7 @@ class cluster::haproxy (
'redispatch',
'http-server-close',
'splice-auto',
'dontlognull',
],
'timeout' => [
'http-request 20s',

3
deployment/puppet/openstack/.fixtures.yml
View File

@ -42,6 +42,9 @@ fixtures:
'murano':
repo: 'https://review.fuel-infra.org/puppet-modules/puppet-murano.git'
branch: '7.0.0-mos-rc1'
'xinetd':
repo: 'https://review.fuel-infra.org/p/puppet-modules/puppetlabs-xinetd.git'
branch: '1.5.0'
symlinks:
'openstack': "#{source_dir}"
'osnailyfacter': "#{source_dir}/../osnailyfacter"

25
deployment/puppet/openstack/manifests/ha/swift.pp
View File

@ -41,6 +41,10 @@
# [*server_names*]
# (required) Array. This is an array of server names for the haproxy service
#
# [*bind_to_one*]
# (optional) Boolean. If true, uses custom script checker w/ additional tests
# Defaults to false.
#
class openstack::ha::swift (
$internal_virtual_ip,
$ipaddresses,
@ -51,8 +55,19 @@ class openstack::ha::swift (
$internal_ssl = false,
$internal_ssl_path = undef,
$baremetal_virtual_ip = undef,
$bind_to_one = false,
) {
$bm_opt_tail = 'inter 15s fastinter 2s downinter 8s rise 3 fall 3'
if $bind_to_one {
$http_check = 'httpchk'
$balancermember_options = "check port 49001 ${bm_opt_tail}"
} else {
$http_check = 'httpchk HEAD /healthcheck HTTP/1.0'
$balancermember_options = "check ${bm_opt_tail}"
}
# defaults for any haproxy_service within this class
Openstack::Ha::Haproxy_service {
listen_port => 8080,
@ -61,10 +76,16 @@ class openstack::ha::swift (
public_virtual_ip => $public_virtual_ip,
server_names => $server_names,
haproxy_config_options => {
'option' => ['httpchk', 'httplog', 'httpclose'],
'option' => [
$http_check,
'httplog',
'httpclose',
'tcp-smart-accept',
'tcp-smart-connect',
],
'http-request' => 'set-header X-Forwarded-Proto https if { ssl_fc }',
},
balancermember_options => 'check port 49001 inter 15s fastinter 2s downinter 8s rise 3 fall 3',
balancermember_options => $balancermember_options,
}
openstack::ha::haproxy_service { 'swift':

14
deployment/puppet/openstack/manifests/swift/status.pp
View File

@ -21,9 +21,9 @@
# (optional) The Swift endpoint host for swift healthcheck
# Defaults to http://127.0.0.1:8080
#
# [*vip*]
# (optional) The VIP address for the ICMP connectivity check
# Defaults to 127.0.0.1
# [*scan_target*]
# (optional) Specifies that netcat should scan for listening target
# Defaults to 127.0.0.1:5000
#
# [*con_timeout*]
# (optional) The timeout for Swift endpoint connection for swift healthcheck
@ -35,7 +35,7 @@ class openstack::swift::status (
$only_from = '127.0.0.1',
$port = '49001',
$endpoint = 'http://127.0.0.1:8080',
$vip = '127.0.0.1',
$scan_target = '127.0.0.1:5000',
$con_timeout = '5',
) {
@ -50,8 +50,8 @@ class openstack::swift::status (
}
$group = $::osfamily ? {
'redhat' => 'nobody',
'debian' => 'nogroup',
'RedHat' => 'nobody',
'Debian' => 'nogroup',
default => 'nobody',
}
@ -63,7 +63,7 @@ class openstack::swift::status (
cps => '512 10',
per_source => 'UNLIMITED',
server => '/usr/bin/swiftcheck',
server_args => "${endpoint} ${vip} ${con_timeout}",
server_args => "${endpoint} ${scan_target} ${con_timeout}",
user => 'nobody',
group => $group,
flags => 'IPv4',

118
deployment/puppet/openstack/spec/classes/openstack_ha_swift_spec.rb
View File

@ -1,43 +1,89 @@
require 'spec_helper'
describe 'openstack::ha::swift' do
let(:params) { {:internal_virtual_ip => '127.0.0.1',
:ipaddresses => ['127.0.0.2', '127.0.0.3'],
:public_virtual_ip => '192.168.0.1',
:baremetal_virtual_ip => '192.168.0.2',
:server_names => ['node-1', 'node-2'],
:public_ssl => true,
:public_ssl_path => '/var/lib/fuel/haproxy/public_swift.pem',
} }
let(:facts) { {:kernel => 'Linux',
:concat_basedir => '/var/lib/puppet/concat',
:fqdn => 'some.host.tld'
} }
it "should properly configure swift haproxy based on ssl" do
should contain_openstack__ha__haproxy_service('swift').with(
'order' => '120',
'listen_port' => 8080,
'public' => true,
'public_ssl' => true,
'public_ssl_path' => '/var/lib/fuel/haproxy/public_swift.pem',
'haproxy_config_options' => {
'option' => ['httpchk', 'httplog','httpclose'],
'http-request' => 'set-header X-Forwarded-Proto https if { ssl_fc }',
},
)
let(:facts) do
{
:kernel => 'Linux',
:concat_basedir => '/var/lib/puppet/concat',
:fqdn => 'some.host.tld'
}
end
it "should properly configure swift haproxy on baremetal VIP" do
should contain_openstack__ha__haproxy_service('swift-baremetal').with(
'order' => '125',
'listen_port' => 8080,
'public_ssl' => false,
'internal_virtual_ip' => '192.168.0.2',
'haproxy_config_options' => {
'option' => ['httpchk', 'httplog','httpclose'],
'http-request' => 'set-header X-Forwarded-Proto https if { ssl_fc }',
},
)
let(:bm_opt_tail) { 'inter 15s fastinter 2s downinter 8s rise 3 fall 3' }
let(:haproxy_config_opts) do
{
'option' => [@http_check, 'httplog', 'httpclose', 'tcp-smart-accept', 'tcp-smart-connect'],
'http-request' => 'set-header X-Forwarded-Proto https if { ssl_fc }',
}
end
before :each do
if params[:bind_to_one]
@http_check = 'httpchk'
@balancermember_options = "check port 49001 #{bm_opt_tail}"
else
@http_check = 'httpchk HEAD /healthcheck HTTP/1.0'
@balancermember_options = "check #{bm_opt_tail}"
end
end
context 'with custom params' do
let(:params) do
{
:internal_virtual_ip => '127.0.0.1',
:ipaddresses => ['127.0.0.2', '127.0.0.3'],
:public_virtual_ip => '192.168.0.1',
:baremetal_virtual_ip => '192.168.0.2',
:server_names => ['node-1', 'node-2'],
:public_ssl => true,
:public_ssl_path => '/var/lib/fuel/haproxy/public_swift.pem',
:bind_to_one => true,
}
end
it "should properly configure swift haproxy based on ssl" do
should contain_openstack__ha__haproxy_service('swift').with(
'order' => '120',
'listen_port' => 8080,
'public' => true,
'public_ssl' => true,
'public_ssl_path' => '/var/lib/fuel/haproxy/public_swift.pem',
'haproxy_config_options' => haproxy_config_opts,
'balancermember_options' => @balancermember_options,
)
end
it "should properly configure swift haproxy on baremetal VIP" do
should contain_openstack__ha__haproxy_service('swift-baremetal').with(
'order' => '125',
'listen_port' => 8080,
'public_ssl' => false,
'internal_virtual_ip' => '192.168.0.2',
'haproxy_config_options' => haproxy_config_opts,
)
end
end
context 'with default params' do
let(:params) do
{
:internal_virtual_ip => '127.0.0.1',
:ipaddresses => ['127.0.0.2', '127.0.0.3'],
:public_virtual_ip => '192.168.0.1',
:server_names => ['node-1', 'node-2'],
}
end
it "should properly configure swift haproxy" do
should contain_openstack__ha__haproxy_service('swift').with(
'order' => '120',
'listen_port' => 8080,
'public' => true,
'public_ssl' => false,
'haproxy_config_options' => haproxy_config_opts,
'balancermember_options' => @balancermember_options,
)
end
end
end

119
deployment/puppet/openstack/spec/classes/openstack_swift_status_spec.rb Normal file
View File

@ -0,0 +1,119 @@
require 'spec_helper'
describe 'openstack::swift::status' do
let(:default_params) do
{
:address => '0.0.0.0',
:only_from => '127.0.0.1',
:port => '49001',
:endpoint => 'http://127.0.0.1:8080',
:scan_target => '127.0.0.1:5000',
:con_timeout => '5',
}
end
let :params do
{ }
end
shared_examples_for 'swift status configuration' do
context 'with default params' do
it 'contains xinetd::service' do
group = case facts[:osfamily]
when 'RedHat' then 'nobody'
when 'Debian' then 'nogroup'
else'nobody'
end
server_args = "#{default_params[:endpoint]} #{default_params[:scan_target]} #{default_params[:con_timeout]}"
is_expected.to contain_xinetd__service('swiftcheck').with(
{
'bind' => default_params[:address],
'port' => default_params[:port],
'only_from' => default_params[:only_from],
'cps' => '512 10',
'per_source' => 'UNLIMITED',
'server' => '/usr/bin/swiftcheck',
'server_args' => server_args,
'user' => 'nobody',
'group' => group,
'flags' => 'IPv4',
}
).that_requires('Augeas[swiftcheck]')
end
it 'configures (modifies) the /etc/services' do
port = default_params[:port]
is_expected.to contain_augeas('swiftcheck').with(
'context' => '/files/etc/services',
'changes' => [
"set /files/etc/services/service-name[port = '#{port}']/port #{port}",
"set /files/etc/services/service-name[port = '#{port}'] swiftcheck",
"set /files/etc/services/service-name[port = '#{port}']/protocol tcp",
"set /files/etc/services/service-name[port = '#{port}']/#comment 'Swift Health Check'",
],
)
end
end
context 'with overriding class parameters' do
before do
params.merge!(
:address => '100.41.52.5',
:only_from => '100.70.123.1',
:port => '49009',
:endpoint => 'http://193.1.6.88:8080',
:scan_target => '193.44.2.66:5000',
:con_timeout => '3',
)
end
it 'contains xinetd::service' do
server_args = "#{params[:endpoint]} #{params[:scan_target]} #{params[:con_timeout]}"
is_expected.to contain_xinetd__service('swiftcheck').with(
{
'bind' => params[:address],
'port' => params[:port],
'only_from' => params[:only_from],
'cps' => '512 10',
'per_source' => 'UNLIMITED',
'server' => '/usr/bin/swiftcheck',
'server_args' => server_args,
'user' => 'nobody',
'flags' => 'IPv4',
}
)
end
end
end
context 'on Debian platforms' do
let :facts do
{
:osfamily => 'Debian',
:operatingsystem => 'Debian',
:hostname => 'hostname.example.com',
}
end
it_configures 'swift status configuration'
end
context 'on RedHat platforms' do
let :facts do
{
:osfamily => 'RedHat',
:operatingsystem => 'RedHat',
:hostname => 'hostname.example.com',
}
end
it_configures 'swift status configuration'
end
end

8
deployment/puppet/osnailyfacter/modular/openstack-haproxy/openstack-haproxy-swift.pp
View File

@ -33,6 +33,13 @@ if ($use_swift) {
$baremetal_virtual_ip = $network_metadata['vips']['baremetal']['ipaddr']
}
prepare_network_config(hiera_hash('network_scheme'))
# Check proxy and storage daemons binds on the same ip address
$swift_api_ipaddr = get_network_role_property('swift/api', 'ipaddr')
$swift_storage_ipaddr = get_network_role_property('swift/replication', 'ipaddr')
$bind_to_one = ($swift_api_ipaddr == $swift_storage_ipaddr)
# configure swift ha proxy
class { '::openstack::ha::swift':
internal_virtual_ip => $internal_virtual_ip,
@ -44,5 +51,6 @@ if ($use_swift) {
internal_ssl => $internal_ssl,
internal_ssl_path => $internal_ssl_path,
baremetal_virtual_ip => $baremetal_virtual_ip,
bind_to_one => $bind_to_one,
}
}

27
deployment/puppet/osnailyfacter/modular/swift/swift.pp
View File

@ -94,9 +94,6 @@ if !($storage_hash['images_ceph'] and $storage_hash['objects_ceph']) and !$stora
}
if $deploy_swift_proxy {
$sto_nets = get_routable_networks_for_network_role($network_scheme, 'swift/replication', ' ')
$man_nets = get_routable_networks_for_network_role($network_scheme, 'swift/api', ' ')
class { 'openstack::swift::proxy':
swift_user_password => $swift_hash['user_password'],
swift_operator_roles => $swift_operator_roles,
@ -122,13 +119,22 @@ if !($storage_hash['images_ceph'] and $storage_hash['objects_ceph']) and !$stora
rabbit_user => $rabbit_hash['user'],
rabbit_password => $rabbit_hash['password'],
rabbit_hosts => split($rabbit_hosts, ', '),
} ->
class { 'openstack::swift::status':
endpoint => "${swift_internal_protocol}://${swift_internal_endpoint}:${proxy_port}",
vip => $management_vip,
only_from => "127.0.0.1 240.0.0.2 ${sto_nets} ${man_nets}",
con_timeout => 5
} ->
}
if $swift_api_ipaddr == $swift_storage_ipaddr {
$storage_nets = get_routable_networks_for_network_role($network_scheme, 'swift/replication', ' ')
$mgmt_nets = get_routable_networks_for_network_role($network_scheme, 'swift/api', ' ')
class { 'openstack::swift::status':
endpoint => "${swift_internal_protocol}://${swift_internal_endpoint}:${proxy_port}",
scan_target => "${service_endpoint}:5000",
only_from => "127.0.0.1 240.0.0.2 ${storage_nets} ${mgmt_nets}",
con_timeout => 5
}
Class['openstack::swift::status'] -> Class['swift::dispersion']
}
class { 'swift::dispersion':
auth_url => "${keystone_internal_protocol}://${keystone_endpoint}:5000/v2.0/",
auth_user => $keystone_user,
@ -137,6 +143,7 @@ if !($storage_hash['images_ceph'] and $storage_hash['objects_ceph']) and !$stora
auth_version => '2.0',
}
Class['openstack::swift::proxy'] -> Class['swift::dispersion']
Service<| tag == 'swift-service' |> -> Class['swift::dispersion']
if defined(Class['openstack::swift::storage_node']) {

36
files/fuel-ha-utils/tools/swiftcheck
View File

@ -1,36 +1,42 @@
#!/bin/bash
#
# Script to make a HAProxy capable of monitoring the Swift proxy backends status.
# This script checks the given management VIP via ICMP and also performs a Swift
# This script checks the given scan target(auth endpoint) and also performs a Swift
# healthcheck via the given Swift endpoint with the given connect timeout.
# Reports an HTTP 200 OK, if all of the results are OK.
# If the healthcheck result was not OK or the Swift endpoint/VIP was not reachable,
# If the healthcheck result was not OK or the Swift/Auth endpoint was not reachable,
# it would report an HTTP 503 Error.
#
# Author: Bogdan Dobrelya <bdobrelia@mirantis.com>
#
if [[ $1 == '-h' || $1 == '--help' || "$#" -ne 3 ]];then
echo "Usage: $0 <local_swift_endpoint> <management_vip> <connect_timeout>"
echo "Usage: $0 <local_swift_endpoint> <scan_target> <connect_timeout>"
exit
fi
# Remove trailing slash
url=`echo $1 | sed 's#/*$##'`
# Set options
url=${1%/} # remove trailing slash
scan_target=${2/:/ } # convert to netcat format
connect_timeout=$3
ncat=$(type -P nc)
curl=$(type -P curl)
waiting_time=3
pause=1
result='UNDEFINED'
# Check for the management VIP avail.
ping -c3 $2 2>&1 >/dev/null
rc=$?
rc2=1
result="ERROR"
# Scan for the target availability
while !($ncat -z ${scan_target}) && [ $waiting_time -gt 0 ]; do
sleep $pause
(( waiting_time -= pause ))
done
# Also check for the swift healthcheck report via given endpoint url
if [[ $rc == 0 ]]; then
result=`/usr/bin/curl --connect-timeout ${3} -XGET ${url}/healthcheck 2>/dev/null`
rc2=$?
# Check for the swift healthcheck report via given endpoint url
if [[ $waiting_time -gt 0 ]]; then
result=$($curl --silent --connect-timeout ${connect_timeout} --retry 1 -XGET ${url}/healthcheck)
fi
if [[ $result == "OK" && $rc2 == 0 ]] ; then
if [[ $result == 'OK' ]]; then
# Swift healthcheck is OK and endpoint is reachable
# return HTTP 200. Shell return-code is 0
echo -en "HTTP/1.1 200 OK\r\n"

14
tests/noop/astute.yaml/novanet_flat.primary-controller.platforms.yaml
View File

@ -567,7 +567,7 @@ network_metadata:
ceph/public: 10.108.2.4
ceph/radosgw: 10.108.1.4
management: 10.108.2.4
swift/api: 10.108.2.4
swift/api: 10.108.4.2
mgmt/api: 10.108.2.4
storage: 10.108.4.2
mgmt/corosync: 10.108.2.4
@ -608,7 +608,7 @@ network_metadata:
ceph/public: 10.108.2.5
ceph/radosgw: 10.108.1.5
management: 10.108.2.5
swift/api: 10.108.2.5
swift/api: 10.108.4.3
mgmt/api: 10.108.2.5
storage: 10.108.4.3
mgmt/corosync: 10.108.2.5
@ -649,7 +649,7 @@ network_metadata:
ceph/public: 10.108.2.6
ceph/radosgw: 10.108.1.6
management: 10.108.2.6
swift/api: 10.108.2.6
swift/api: 10.108.4.4
mgmt/api: 10.108.2.6
storage: 10.108.4.4
mgmt/corosync: 10.108.2.6
@ -690,7 +690,7 @@ network_metadata:
ceph/public: 10.108.2.7
ceph/radosgw: 10.108.1.7
management: 10.108.2.7
swift/api: 10.108.2.7
swift/api: 10.108.4.5
mgmt/api: 10.108.2.7
storage: 10.108.4.5
mgmt/corosync: 10.108.2.7
@ -731,7 +731,7 @@ network_metadata:
ceph/public: 10.108.2.8
ceph/radosgw: 10.108.1.8
management: 10.108.2.8
swift/api: 10.108.2.8
swift/api: 10.108.4.6
mgmt/api: 10.108.2.8
storage: 10.108.4.6
mgmt/corosync: 10.108.2.8
@ -772,7 +772,7 @@ network_metadata:
ceph/public: 10.108.2.9
ceph/radosgw: 10.108.1.9
management: 10.108.2.9
swift/api: 10.108.2.9
swift/api: 10.108.4.7
mgmt/api: 10.108.2.9
storage: 10.108.4.7
mgmt/corosync: 10.108.2.9
@ -846,7 +846,7 @@ network_scheme:
ceph/public: br-mgmt
mgmt/messaging: br-mgmt
management: br-mgmt
swift/api: br-mgmt
swift/api: br-storage
mgmt/api: br-mgmt
storage: br-storage
mgmt/corosync: br-mgmt

42
tests/noop/spec/hosts/openstack-haproxy/openstack-haproxy-swift_spec.rb
View File

@ -17,7 +17,35 @@ describe manifest do
use_swift = true
end
let (:bind_to_one) {
api_ip = Noop.puppet_function 'get_network_role_property', 'swift/api', 'ipaddr'
storage_ip = Noop.puppet_function 'get_network_role_property', 'swift/replication', 'ipaddr'
api_ip == storage_ip
}
let (:bm_options) {
bm_opt_tail = 'inter 15s fastinter 2s downinter 8s rise 3 fall 3'
bind_to_one ? "check port 49001 #{bm_opt_tail}" : "check #{bm_opt_tail}"
}
let (:http_check) {
bind_to_one ? 'httpchk' : 'httpchk HEAD /healthcheck HTTP/1.0'
}
let(:haproxy_config_opts) do
{
'option' => [http_check, 'httplog', 'httpclose', 'tcp-smart-accept', 'tcp-smart-connect'],
'http-request' => 'set-header X-Forwarded-Proto https if { ssl_fc }',
}
end
if use_swift
it "should declare openstack::ha:swift class with valid params" do
should contain_class('openstack::ha::swift').with(
'bind_to_one' => bind_to_one,
)
end
it "should properly configure swift haproxy based on ssl" do
public_ssl_swift = Noop.hiera_structure('public_ssl/services', false)
should contain_openstack__ha__haproxy_service('swift').with(
@ -25,11 +53,8 @@ describe manifest do
'listen_port' => 8080,
'public' => true,
'public_ssl' => public_ssl_swift,
'haproxy_config_options' => {
'option' => ['httpchk', 'httplog', 'httpclose'],
'http-request' => 'set-header X-Forwarded-Proto https if { ssl_fc }',
},
'balancermember_options' => 'check port 49001 inter 15s fastinter 2s downinter 8s rise 3 fall 3',
'haproxy_config_options' => haproxy_config_opts,
'balancermember_options' => bm_options,
)
end
@ -48,11 +73,8 @@ describe manifest do
'listen_port' => 8080,
'public_virtual_ip' => false,
'internal_virtual_ip' => baremetal_virtual_ip,
'haproxy_config_options' => {
'option' => ['httpchk', 'httplog', 'httpclose'],
'http-request' => 'set-header X-Forwarded-Proto https if { ssl_fc }',
},
'balancermember_options' => 'check port 49001 inter 15s fastinter 2s downinter 8s rise 3 fall 3',
'haproxy_config_options' => haproxy_config_opts,
'balancermember_options' => bm_options,
)
end
end

61
tests/noop/spec/hosts/swift/swift_spec.rb
View File

@ -20,13 +20,20 @@ describe manifest do
rabbit_hosts = Noop.hiera('amqp_hosts')
rabbit_user = Noop.hiera_structure('rabbit/user', 'nova')
rabbit_password = Noop.hiera_structure('rabbit/password')
let (:sto_nets){
network_scheme = Noop.hiera 'network_scheme'
sto_nets = Noop.puppet_function 'get_routable_networks_for_network_role', network_scheme, 'swift/replication', ' '
network_scheme = Noop.hiera 'network_scheme'
let (:storage_nets){
Noop.puppet_function 'get_routable_networks_for_network_role', network_scheme, 'swift/replication', ' '
}
let (:man_nets){
network_scheme = Noop.hiera 'network_scheme'
man_nets = Noop.puppet_function 'get_routable_networks_for_network_role', network_scheme, 'swift/api', ' '
let (:mgmt_nets){
Noop.puppet_function 'get_routable_networks_for_network_role', network_scheme, 'swift/api', ' '
}
let (:bind_to_one) {
api_ip = Noop.puppet_function 'get_network_role_property', 'swift/api', 'ipaddr'
storage_ip = Noop.puppet_function 'get_network_role_property', 'swift/replication', 'ipaddr'
api_ip == storage_ip
}
# Swift
@ -93,36 +100,56 @@ describe manifest do
context 'with enabled internal TLS for keystone' do
keystone_endpoint = Noop.hiera_structure 'use_ssl/keystone_internal_hostname'
it 'should declare swift::dispersion' do
should contain_class('swift::dispersion').with(
'auth_url' => "https://#{keystone_endpoint}:5000/v2.0/"
).that_requires('Class[openstack::swift::status]')
if bind_to_one
should contain_class('swift::dispersion').with(
'auth_url' => "https://#{keystone_endpoint}:5000/v2.0/"
).that_requires('Class[openstack::swift::status]')
else
should contain_class('swift::dispersion').with(
'auth_url' => "https://#{keystone_endpoint}:5000/v2.0/"
).that_requires('Class[openstack::swift::proxy]')
end
end
end
context 'with enabled internal TLS for swift' do
swift_endpoint = Noop.hiera_structure 'use_ssl/swift_internal_hostname'
it {
should contain_class('openstack::swift::status').with(
'endpoint' => "https://#{swift_endpoint}:8080",
'only_from' => "127.0.0.1 240.0.0.2 #{sto_nets} #{man_nets}",
).that_requires('Class[openstack::swift::proxy]')
}
it {
if bind_to_one
should contain_class('openstack::swift::status').with(
'endpoint' => "https://#{swift_endpoint}:8080",
'only_from' => "127.0.0.1 240.0.0.2 #{storage_nets} #{mgmt_nets}",
).that_comes_before('Class[swift::dispersion]')
else
should_not contain_class('openstack::swift::status')
end
}
end
else
keystone_endpoint = Noop.hiera 'service_endpoint'
context 'with disabled internal TLS for keystone' do
it 'should declare swift::dispersion' do
if bind_to_one
should contain_class('swift::dispersion').with(
'auth_url' => "http://#{keystone_endpoint}:5000/v2.0/"
).that_requires('Class[openstack::swift::status]')
else
should contain_class('swift::dispersion').with(
'auth_url' => "http://#{keystone_endpoint}:5000/v2.0/"
).that_requires('Class[openstack::swift::proxy]')
end
end
end
context 'with disabled internal TLS for swift' do
it {
if bind_to_one
should contain_class('openstack::swift::status').with(
'only_from' => "127.0.0.1 240.0.0.2 #{sto_nets} #{man_nets}",
).that_requires('Class[openstack::swift::proxy]')
'only_from' => "127.0.0.1 240.0.0.2 #{storage_nets} #{mgmt_nets}",
).that_comes_before('Class[swift::dispersion]')
else
should_not contain_class('openstack::swift::status')
end
}
end
end