From b567315f370970a3be6d0e8f11077d7fd1096739 Mon Sep 17 00:00:00 2001 From: Alexey Deryugin Date: Fri, 24 Jul 2015 17:41:16 +0300 Subject: [PATCH] Murano module improvement and minor problem fixes 1. Add cleanup of changes made by modify_horizon_config 2. Move murano dashboard configuration to local_settings 3. Fix style and nit-picks from I61fda794d53ef3aa9b42dbf038228ecbb0a9baf5 4. Fix publicURL endpoint on SSL-enabled environment 5. Add LICENSE Change-Id: I576cc236f300993766e44856e71c3de6fa537779 Closes-Bug: #1462015 Closes-Bug: #1451604 --- deployment/puppet/murano/.fixtures.yml | 2 + deployment/puppet/murano/LICENSE | 182 +++++++++++++++++- .../puppet/murano/manifests/dashboard.pp | 73 +++++-- .../puppet/murano/manifests/keystone/auth.pp | 18 +- .../puppet/murano/manifests/rabbitmq.pp | 15 +- .../osnailyfacter/modular/murano/keystone.pp | 21 +- .../osnailyfacter/modular/murano/murano.pp | 2 - tests/noop/spec/hosts/murano/keystone_spec.rb | 9 +- 8 files changed, 262 insertions(+), 60 deletions(-) diff --git a/deployment/puppet/murano/.fixtures.yml b/deployment/puppet/murano/.fixtures.yml index 8298d426e9..4f1fdaebb1 100644 --- a/deployment/puppet/murano/.fixtures.yml +++ b/deployment/puppet/murano/.fixtures.yml @@ -6,5 +6,7 @@ fixtures: ref: '1.2.1' 'stdlib': 'git://github.com/puppetlabs/puppetlabs-stdlib.git' 'sysctl': 'git://github.com/duritong/puppet-sysctl.git' + 'keystone': 'git://github.com/openstack/puppet-keystone.git' + 'openstacklib': 'git://github.com/openstack/puppet-openstacklib.git' symlinks: 'murano': "#{source_dir}" diff --git a/deployment/puppet/murano/LICENSE b/deployment/puppet/murano/LICENSE index 0594a267b2..67db858821 100644 --- a/deployment/puppet/murano/LICENSE +++ b/deployment/puppet/murano/LICENSE @@ -1,13 +1,175 @@ -Copyright 2015 Mirantis Inc. -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ - http://www.apache.org/licenses/LICENSE-2.0 + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. diff --git a/deployment/puppet/murano/manifests/dashboard.pp b/deployment/puppet/murano/manifests/dashboard.pp index d4d080fd91..b8e850ba6e 100644 --- a/deployment/puppet/murano/manifests/dashboard.pp +++ b/deployment/puppet/murano/manifests/dashboard.pp @@ -28,6 +28,14 @@ # (Optional) Path to horizon manage utility # Defaults to '/usr/share/openstack-dashboard/manage.py' # +# [*metadata_dir*] +# (Optional) Directory to store murano dashboard metadata cache +# Defaults to '/var/cache/muranodashboard-cache' +# +# [*max_file_size*] +# (Optional) Maximum allowed filesize to upload +# Defaults to '5' +# class murano::dashboard( $package_ensure = 'present', $api_url = 'http://127.0.0.1:8082', @@ -35,6 +43,8 @@ class murano::dashboard( $settings_py = '/usr/share/openstack-dashboard/openstack_dashboard/settings.py', $modify_config = '/usr/bin/modify-horizon-config.sh', $collect_static_script = '/usr/share/openstack-dashboard/manage.py', + $metadata_dir = '/var/cache/muranodashboard-cache', + $max_file_size = '5', ) { include ::murano::params @@ -57,30 +67,46 @@ class murano::dashboard( file_line { 'murano_url' : path => $::murano::params::local_settings_path, line => "MURANO_API_URL = '${api_url}'", + tag => 'patch-horizon-config', } - file { $modify_config : - ensure => present, - mode => '0755', - owner => 'root', - group => 'root', + file_line { 'murano_repo_url': + path => $::murano::params::local_settings_path, + line => "MURANO_REPO_URL = '${repo_url}'", + tag => 'patch-horizon-config', + } + + file_line { 'murano_max_file_size': + path => $::murano::params::local_settings_path, + line => "MAX_FILE_SIZE_MB = '${max_file_size}'", + tag => 'patch-horizon-config', + } + + file_line { 'murano_metadata_dir': + path => $::murano::params::local_settings_path, + line => "METADATA_CACHE_DIR = '${metadata_dir}'", + tag => 'patch-horizon-config', + } + + file_line { 'murano_dashboard_logging': + path => $::murano::params::local_settings_path, + line => "LOGGING['loggers']['muranodashboard'] = {'handlers': ['syslog'], 'level': 'DEBUG'}", + tag => 'patch-horizon-config', + } + + file_line { 'murano_client_logging': + path => $::murano::params::local_settings_path, + line => "LOGGING['loggers']['muranoclient'] = {'handlers': ['syslog'], 'level': 'ERROR'}", + tag => 'patch-horizon-config', } exec { 'clean_horizon_config': command => "${modify_config} uninstall", - } - - exec { 'fix_horizon_config': - command => "${modify_config} install", - environment => [ - "HORIZON_CONFIG=${settings_py}", - 'MURANO_SSL_ENABLED=False', - "MURANO_REPO_URL=${repo_url}", - 'USE_KEYSTONE_ENDPOINT=True', - 'USE_SQLITE_BACKEND=False', - "APACHE_USER=${apache_user}", - "APACHE_GROUP=${apache_user}", + onlyif => [ + "test -f ${modify_config}", + "grep MURANO_CONFIG_SECTION_BEGIN ${settings_py}", ], + path => [ '/bin', '/sbin', '/usr/bin', '/usr/sbin' ], } exec { 'django_collectstatic': @@ -89,9 +115,18 @@ class murano::dashboard( "APACHE_USER=${apache_user}", "APACHE_GROUP=${apache_user}", ], + refreshonly => true, } - Package['murano-dashboard'] -> File[$modify_config] -> Exec['clean_horizon_config'] -> Exec['fix_horizon_config'] -> Exec['django_collectstatic'] -> Service <| title == 'httpd' |> + File_line <| tag == 'patch-horizon-config' |> -> Service <| title == 'httpd' |> + + Package['murano-dashboard'] -> + Exec['clean_horizon_config'] -> + Service <| title == 'httpd' |> + + Package['murano-dashboard'] -> + Exec['django_collectstatic'] -> + Service <| title == 'httpd' |> + Package['murano-dashboard'] ~> Service <| title == 'httpd' |> - Exec['fix_horizon_config'] ~> Service <| title == 'httpd' |> } diff --git a/deployment/puppet/murano/manifests/keystone/auth.pp b/deployment/puppet/murano/manifests/keystone/auth.pp index 67ce277d17..7683c6a633 100644 --- a/deployment/puppet/murano/manifests/keystone/auth.pp +++ b/deployment/puppet/murano/manifests/keystone/auth.pp @@ -53,47 +53,47 @@ # # [*version*] # (optional) DEPRECATED: Use public_url, internal_url and admin_url instead. -# API version endpoint. (Defaults to 'v1.1') +# API version endpoint. (Defaults to 'undef') # Setting this parameter overrides public_url, internal_url and admin_url parameters. # # [*port*] # (optional) DEPRECATED: Use public_url, internal_url and admin_url instead. -# Default port for endpoints. (Defaults to 8082) +# Default port for endpoints. (Defaults to 'undef') # Setting this parameter overrides public_url, internal_url and admin_url parameters. # # [*public_port*] # (optional) DEPRECATED: Use public_url instead. -# Default port for endpoints. (Defaults to $port) +# Default port for endpoints. (Defaults to 'undef') # Setting this parameter overrides public_url parameter. # # [*public_protocol*] # (optional) DEPRECATED: Use public_url instead. -# Protocol for public endpoint. (Defaults to 'http') +# Protocol for public endpoint. (Defaults to 'undef') # Setting this parameter overrides public_url parameter. # # [*public_address*] # (optional) DEPRECATED: Use public_url instead. -# Public address for endpoint. (Defaults to '127.0.0.1') +# Public address for endpoint. (Defaults to 'undef') # Setting this parameter overrides public_url parameter. # # [*internal_protocol*] # (optional) DEPRECATED: Use internal_url instead. -# Protocol for internal endpoint. (Defaults to 'http') +# Protocol for internal endpoint. (Defaults to 'undef') # Setting this parameter overrides internal_url parameter. # # [*internal_address*] # (optional) DEPRECATED: Use internal_url instead. -# Internal address for endpoint. (Defaults to '127.0.0.1') +# Internal address for endpoint. (Defaults to 'undef') # Setting this parameter overrides internal_url parameter. # # [*admin_protocol*] # (optional) DEPRECATED: Use admin_url instead. -# Protocol for admin endpoint. (Defaults to 'http') +# Protocol for admin endpoint. (Defaults to 'undef') # Setting this parameter overrides admin_url parameter. # # [*admin_address*] # (optional) DEPRECATED: Use admin_url instead. -# Admin address for endpoint. (Defaults to '127.0.0.1') +# Admin address for endpoint. (Defaults to 'undef') # Setting this parameter overrides admin_url parameter. # # === Deprecation notes diff --git a/deployment/puppet/murano/manifests/rabbitmq.pp b/deployment/puppet/murano/manifests/rabbitmq.pp index 3058253eca..5484891667 100644 --- a/deployment/puppet/murano/manifests/rabbitmq.pp +++ b/deployment/puppet/murano/manifests/rabbitmq.pp @@ -66,6 +66,7 @@ class murano::rabbitmq( exec { 'install_init_script' : command => $::murano::params::init_install_cmd, path => [ '/bin', '/sbin', '/usr/bin', '/usr/sbin' ], + unless => "test -f /etc/init.d/${::murano::params::rabbit_service_name}" } service { 'rabbitmq-server-murano' : @@ -113,18 +114,18 @@ class murano::rabbitmq( } File['rabbitmq_config'] -> - File['init_script'] -> - Exec['install_init_script'] -> - Service['rabbitmq-server-murano'] + File['init_script'] -> + Exec['install_init_script'] -> + Service['rabbitmq-server-murano'] Firewall[$firewall_rule_name] -> Service['rabbitmq-server-murano'] File['rabbitmq_config'] ~> Service['rabbitmq-server-murano'] File['init_script'] ~> Service['rabbitmq-server-murano'] Service['rabbitmq-server-murano'] -> - Exec['remove_murano_guest'] -> - Exec['create_murano_user'] -> - Exec['create_murano_vhost'] -> - Exec['set_murano_user_permissions'] + Exec['remove_murano_guest'] -> + Exec['create_murano_user'] -> + Exec['create_murano_vhost'] -> + Exec['set_murano_user_permissions'] } diff --git a/deployment/puppet/osnailyfacter/modular/murano/keystone.pp b/deployment/puppet/osnailyfacter/modular/murano/keystone.pp index fa9151f4b0..722899f68d 100644 --- a/deployment/puppet/osnailyfacter/modular/murano/keystone.pp +++ b/deployment/puppet/osnailyfacter/modular/murano/keystone.pp @@ -3,23 +3,26 @@ notice('MODULAR: murano/keystone.pp') $murano_hash = hiera_hash('murano_hash', {}) $public_ip = hiera('public_vip') $management_ip = hiera('management_vip') -$service_endpoint = hiera('service_endpoint') -$public_ssl_hash = hiera('public_ssl') +$service_endpoint = hiera('service_endpoint', $management_ip) +$public_ssl = hiera('public_ssl') $region = hiera('region', 'RegionOne') -if $public_ssl_hash['services'] { - $public_protocol = 'https' -} else { - $public_protocol = 'http' +$public_protocol = $public_ssl['services'] ? { + true => 'https', + default => 'http', +} + +$public_address = $public_ssl['services'] ? { + true => $public_ssl['hostname'], + default => $public_ip, } $api_bind_port = '8082' $tenant = pick($murano_hash['tenant'], 'services') -$public_url = "${public_protocol}://${public_ip}:${api_bind_port}" +$public_url = "${public_protocol}://${public_address}:${api_bind_port}" $admin_url = "http://${service_endpoint}:${api_bind_port}" -$internal_url = "http://${service_endpoint}:${api_bind_port}" ################################################################# @@ -30,5 +33,5 @@ class { 'murano::keystone::auth': tenant => $tenant, public_url => $public_url, admin_url => $admin_url, - internal_url => $internal_url, + internal_url => $admin_url, } diff --git a/deployment/puppet/osnailyfacter/modular/murano/murano.pp b/deployment/puppet/osnailyfacter/modular/murano/murano.pp index 6b1021b733..6c3239a90e 100644 --- a/deployment/puppet/osnailyfacter/modular/murano/murano.pp +++ b/deployment/puppet/osnailyfacter/modular/murano/murano.pp @@ -150,8 +150,6 @@ if $murano_hash['enabled'] { Haproxy_backend_status['murano-api'] -> Murano::Application['io.murano'] Service['murano-api'] -> Murano::Application<| mandatory == true |> - } else { - notice("Node Role: ${node_role}") } Firewall[$firewall_rule] -> Class['murano::api'] diff --git a/tests/noop/spec/hosts/murano/keystone_spec.rb b/tests/noop/spec/hosts/murano/keystone_spec.rb index 4ced0b2f04..42ceb73eb5 100644 --- a/tests/noop/spec/hosts/murano/keystone_spec.rb +++ b/tests/noop/spec/hosts/murano/keystone_spec.rb @@ -4,23 +4,24 @@ manifest = 'murano/keystone.pp' describe manifest do shared_examples 'catalog' do - public_address = Noop.hiera('public_vip') - internal_address = Noop.hiera('management_vip', public_address) + public_ip = Noop.hiera('public_vip') + internal_address = Noop.hiera('management_vip', public_ip) service_endpoint = Noop.hiera('service_endpoint', internal_address) public_ssl = Noop.hiera_structure('public_ssl/services') api_bind_port = '8082' if public_ssl public_protocol = 'https' + public_address = Noop.hiera_structure('public_ssl/hostname') else public_protocol = 'http' + public_address = public_ip end murano_password = Noop.hiera_structure('murano_hash/user_password') tenant = Noop.hiera_structure('murano_hash/tenant', 'services') region = Noop.hiera('region', 'RegionOne') public_url = "#{public_protocol}://#{public_address}:#{api_bind_port}" admin_url = "http://#{service_endpoint}:#{api_bind_port}" - internal_url = "http://#{service_endpoint}:#{api_bind_port}" it 'should declare murano::keystone::auth class correctly' do should contain_class('murano::keystone::auth').with( @@ -30,7 +31,7 @@ describe manifest do 'tenant' => tenant, 'public_url' => public_url, 'admin_url' => admin_url, - 'internal_url' => internal_url, + 'internal_url' => admin_url, ) end end