diff --git a/deployment/puppet/glance/.fixtures.yml b/deployment/puppet/glance/.fixtures.yml index fa126a21db..187635d0e7 100644 --- a/deployment/puppet/glance/.fixtures.yml +++ b/deployment/puppet/glance/.fixtures.yml @@ -1,17 +1,17 @@ fixtures: repositories: - "apt": "git://github.com/puppetlabs/puppetlabs-apt.git" - "keystone": "git://github.com/stackforge/puppet-keystone.git" - "mysql": - repo: "git://github.com/puppetlabs/puppetlabs-mysql.git" - ref: 'origin/0.x' - "stdlib": "git://github.com/puppetlabs/puppetlabs-stdlib.git" - "rabbitmq": - repo: "git://github.com/puppetlabs/puppetlabs-rabbitmq" + 'apt': 'git://github.com/puppetlabs/puppetlabs-apt.git' + 'concat': + 'repo': 'git://github.com/puppetlabs/puppetlabs-concat.git' + 'ref': '1.2.1' + 'keystone': 'git://github.com/stackforge/puppet-keystone.git' + 'mysql': 'git://github.com/puppetlabs/puppetlabs-mysql.git' + 'openstacklib': 'git://github.com/stackforge/puppet-openstacklib.git' + 'stdlib': 'git://github.com/puppetlabs/puppetlabs-stdlib.git' + 'rabbitmq': + repo: 'git://github.com/puppetlabs/puppetlabs-rabbitmq' ref: 'origin/2.x' 'inifile': 'git://github.com/puppetlabs/puppetlabs-inifile' - "postgresql": - repo: "git://github.com/puppetlabs/puppet-postgresql.git" - ref: "2.5.0" + 'postgresql': 'git://github.com/puppetlabs/puppet-postgresql.git' symlinks: "glance": "#{source_dir}" diff --git a/deployment/puppet/glance/.gitignore b/deployment/puppet/glance/.gitignore deleted file mode 100644 index bde49f4db4..0000000000 --- a/deployment/puppet/glance/.gitignore +++ /dev/null @@ -1,5 +0,0 @@ -spec/fixtures/modules/* -spec/fixtures/manifests/* -*swp -pkg -Gemfile.lock diff --git a/deployment/puppet/glance/CHANGELOG.md b/deployment/puppet/glance/CHANGELOG.md new file mode 100644 index 0000000000..1e69f7f3ff --- /dev/null +++ b/deployment/puppet/glance/CHANGELOG.md @@ -0,0 +1,167 @@ +##2015-06-17 - 5.1.0 +###Summary + +This is a feature and bugfix release in the Juno series. + +####Features +- Add service validation for Glance-API +- Switch to TLSv1 +- Makes kombu_ssl_* parameters optional when rabbit_use_ssl => true +- Allow overriding package ensure for glance-registry +- Add openstack tag to glance packages +- Create a sync_db boolean for Glance +- Command parameter to sync the correct Database +- Add $notification_driver parameter to notify::rabbitmq + +####Bugfixes +- Move rbd related options into glance_store section +- Change default MySQL collate to utf8_general_ci +- Correctly munge glance_image is_public property +- Fix catalog compilation when not configuring endpoint +- Fix is_public munge + +####Maintenance +- spec: pin rspec-puppet to 1.0.1 +- Pin puppetlabs-concat to 1.2.1 in fixtures +- Update .gitreview file for project rename + +##2014-11-24 - 5.0.0 +###Summary + +This is a backwards-incompatible major release for OpenStack Juno. + +####Backwards-incompatible changes +- Bump stdlib dependency to >=4.0.0 +- Migrate the mysql backend to use openstacklib::db::mysql, adding dependency + on puppet-openstacklib + +####Features +- Add ceilometer::policy to control policy.json +- Add parameter os_region_name to glance::api +- Add support for vSphere datastore backend +- Update the calls to the glance command-line utility +- Add parameter swift_store_large_object_size to glance::backend::swift +- Add parameter command_options to glance::cache::cleaner and + glance::cache::pruner +- Add parameter package_ensure to glance::backend::rbd +- Add parameter manage_service to various classes +- Add parameters to control whether to configure users +- Add parameter registery_client_protocol to glance::api + +####Bugfixes +- Fix bug in glance_image type +- Fix ssl parameter requirements for kombu and rabbit + +##2014-10-16 - 4.2.0 +###Summary + +This is a feature release in the Icehouse series. + +####Features + +- Add ability to hide secret type parameters from logs + +##2014-06-19 - 4.1.0 +###Summary + +This is a feature and bugfix release in the Icehouse series. + +####Features +- Add multiple rabbit hosts support. +- Add image_cache_dir parameter. +- Deprecate old SQL parameters. + +####Bugfixes +- Fix the Glance add_image parser for new client. +- Fix values in get_glance_image_attrs. +- Fix 'could not find user glance' bug. + +####Maintenance +- Pin major gems. + +##2014-05-01 - 4.0.0 +###Summary + +This is a backwards-incompatible major release for OpenStack Icehouse. + +####Backwards-incompatible changes +- Remove deprecated notifier_stratgy parameter. + +####Features +- Add glance::config to handle additional custom options. +- Add known_stores option for glance::api. +- Add copy-on-write cloning of images to volumes. +- Add support for puppetlabs-mysql 2.2 and greater. +- Add support for python-glanceclient v2 API update. +- Deprecate show_image_direct_url in glance::rbd. + +##2014-03-26 - 3.1.0 +###Summary + +This is a feature and bugfix release in the Havana series. + +####Features +- Add availability to configure show_image_direct_url. +- Add support for https authentication endpoints. +- Enable ssl configuration for glance-registry. +- Explicitly set default notifier strategy. + +####Bugfixes +- Remove Keystone client warnings. + +##2014-01-09 - 3.0.0 +###Summary + +This is a major release for OpenStack Havana but contains no API-breaking +changes. + +####Features +- Add Cinder backend to image storage. + +####Bugfixes +- Fix bug to ensure keystone endpoint is set before service starts. +- Fix qpid_hostname bug. + +##2013-10-07 - 2.2.0 +###Summary + +This is a feature and bugfix release in the Grizzly series. + +####Features +- Add syslog support. +- Add support for iso disk format. + +####Bugfixes +- Fix bug to allow support for rdb options in glance-api.conf. +- Fix bug for rabbitmq options in notify::rabbitmq. +- Remove non-implemented glance::scrubber class. + +##2013-08-07 - 2.1.0 +###Summary + +This is a feature and bugfix release in the Grizzly series. + +####Features + +- Add glance-cache-cleaner and glance-cache-pruner. +- Add ceph/rdb support. +- Add retry for glance provider to account for service startup time. +- Add support for both file and swift backends. + +####Bugfixes +- Fix allowed_hosts/database access bug. +- Fix glance_image type example. +- Remove unnecessary mysql::server dependency. +- Remove --silent-upload option. +- Remove glance-manage version_control. + +####Maintenance +- Pin rabbit and mysql module versions. + +##2013-06-24 - 2.0.0 +###Summary + +Initial release on Stackforge. + +####Features +- Add postgresql support. diff --git a/deployment/puppet/glance/Gemfile b/deployment/puppet/glance/Gemfile index 0d35201b4d..9ea2113331 100644 --- a/deployment/puppet/glance/Gemfile +++ b/deployment/puppet/glance/Gemfile @@ -2,8 +2,24 @@ source 'https://rubygems.org' group :development, :test do gem 'puppetlabs_spec_helper', :require => false - gem 'puppet-lint', '~> 0.3.2' - gem 'rake', '10.1.1' + gem 'rspec-puppet', '~> 2.1.0', :require => false + + gem 'metadata-json-lint' + gem 'puppet-lint-param-docs' + gem 'puppet-lint-absolute_classname-check' + gem 'puppet-lint-absolute_template_path' + gem 'puppet-lint-trailing_newline-check' + + # Puppet 4.x related lint checks + gem 'puppet-lint-unquoted_string-check' + gem 'puppet-lint-leading_zero-check' + gem 'puppet-lint-variable_contains_upcase' + gem 'puppet-lint-numericvariable' + + gem 'beaker-rspec', :require => false + gem 'beaker-puppet_install_helper', :require => false + gem 'json' + gem 'webmock' end if puppetversion = ENV['PUPPET_GEM_VERSION'] diff --git a/deployment/puppet/glance/LICENSE b/deployment/puppet/glance/LICENSE index 8d968b6cb0..8961ce8a6d 100644 --- a/deployment/puppet/glance/LICENSE +++ b/deployment/puppet/glance/LICENSE @@ -1,201 +1,15 @@ - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ +Copyright (C) 2012 Puppet Labs Inc - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION +Puppet Labs can be contacted at: info@puppetlabs.com - 1. Definitions. +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. + http://www.apache.org/licenses/LICENSE-2.0 - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright [yyyy] [name of copyright owner] - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/deployment/puppet/glance/Modulefile b/deployment/puppet/glance/Modulefile deleted file mode 100644 index 6d50248960..0000000000 --- a/deployment/puppet/glance/Modulefile +++ /dev/null @@ -1,13 +0,0 @@ -name 'puppetlabs-glance' -version '4.0.0' -source 'https://github.com/stackforge/puppet-glance' -author 'Puppet Labs' -license 'Apache License 2.0' -summary 'Puppet Labs Glance Module' -description 'Puppet module to install and configure the Openstack Glance image service' -project_page 'https://launchpad.net/puppet-openstack' - -dependency 'puppetlabs/inifile', '>=1.0.0 <2.0.0' -dependency 'puppetlabs/keystone', '>=4.0.0 <5.0.0' -dependency 'puppetlabs/mysql', '>=0.9.0 <3.0.0' -dependency 'puppetlabs/stdlib', '>= 3.2.0' diff --git a/deployment/puppet/glance/README.md b/deployment/puppet/glance/README.md index 36dcb5b5b1..a980477ae3 100644 --- a/deployment/puppet/glance/README.md +++ b/deployment/puppet/glance/README.md @@ -1,7 +1,7 @@ glance ======= -4.0.0 - 2014.1.0 - Icehouse +5.1.0 - 2014.2 - Juno #### Table of Contents @@ -12,26 +12,25 @@ glance 5. [Limitations - OS compatibility, etc.](#limitations) 6. [Development - Guide for contributing to the module](#development) 7. [Contributors - Those with commits](#contributors) -8. [Release Notes - Notes on the most recent updates to the module](#release-notes) Overview -------- -The glance module is a part of [Stackforge](https://github.com/stackfoge), an effort by the Openstack infrastructure team to provide continuous integration testing and code review for Openstack and Openstack community projects not part of the core software. The module its self is used to flexibly configure and manage the image service for Openstack. +The glance module is a part of [OpenStack](https://github.com/openstack), an effort by the OpenStack infrastructure team to provide continuous integration testing and code review for OpenStack and OpenStack community projects as part of the core software. The module its self is used to flexibly configure and manage the image service for OpenStack. Module Description ------------------ The glance module is a thorough attempt to make Puppet capable of managing the entirety of glance. This includes manifests to provision such things as keystone endpoints, RPC configurations specific to glance, and database connections. Types are shipped as part of the glance module to assist in manipulation of configuration files. -This module is tested in combination with other modules needed to build and leverage an entire Openstack software stack. These modules can be found, all pulled together in the [openstack module](https://github.com/stackfoge/puppet-openstack). +This module is tested in combination with other modules needed to build and leverage an entire OpenStack software stack. These modules can be found, all pulled together in the [openstack module](https://github.com/stackfoge/puppet-openstack). Setup ----- **What the glance module affects** -* glance, the image service for Openstack. +* glance, the image service for OpenStack. ### Installing glance @@ -45,19 +44,19 @@ To utilize the glance module's functionality you will need to declare multiple r ```puppet class { 'glance::api': - verbose => true, - keystone_tenant => 'services', - keystone_user => 'glance', - keystone_password => '12345', - sql_connection => 'mysql://glance:12345@127.0.0.1/glance', + verbose => true, + keystone_tenant => 'services', + keystone_user => 'glance', + keystone_password => '12345', + database_connection => 'mysql://glance:12345@127.0.0.1/glance', } class { 'glance::registry': - verbose => true, - keystone_tenant => 'services', - keystone_user => 'glance', - keystone_password => '12345', - sql_connection => 'mysql://glance:12345@127.0.0.1/glance', + verbose => true, + keystone_tenant => 'services', + keystone_user => 'glance', + keystone_password => '12345', + database_connection => 'mysql://glance:12345@127.0.0.1/glance', } class { 'glance::backend::file': } @@ -118,7 +117,23 @@ Limitations * Only supports configuring the file, swift and rbd storage backends. -* The Glance Openstack service depends on a sqlalchemy database. If you are using puppetlabs-mysql to achieve this, there is a parameter called mysql_module that can be used to swap between the two supported versions: 0.9 and 2.2. This is needed because the puppetlabs-mysql module was rewritten and the custom type names have changed between versions. +Beaker-Rspec +------------ + +This module has beaker-rspec tests + +To run the tests on the default vagrant node: + +To run: + +```shell +bundle install +bundle exec rspec spec/acceptance +``` + +For more information on writing and running beaker-rspec tests visit the documentation: + +* https://github.com/puppetlabs/beaker/wiki/How-to-Write-a-Beaker-Test-for-a-Module Development ----------- @@ -130,62 +145,4 @@ Developer documentation for the entire puppet-openstack project. Contributors ------------ -* https://github.com/stackforge/puppet-glance/graphs/contributors - -Release Notes -------------- - -**4.0.0** - -* Stable Icehouse release. -* Added glance::config to handle additional custom options. -* Added known_stores option for glance::api. -* Added copy-on-write cloning of images to volumes. -* Added support for puppetlabs-mysql 2.2 and greater. -* Added support for python-glanceclient v2 API update. -* Removed deprecated notifier_stratgy parameter. -* Deprecated show_image_direct_url in glance::rbd. - -**3.1.0** - -* Added availability to configure show_image_direct_url. -* Removed Keystone client warnings. -* Added support for https authentication endpoints. -* Enabled ssl configuration for glance-registry. -* Explicitly sets default notifier strategy. - -**3.0.0** - -* Major release for OpenStack Havana. -* Fixed bug to ensure keystone endpoint is set before service starts. -* Added Cinder backend to image storage. -* Fixed qpid_hostname bug. - -**2.2.0** - -* Added syslog support. -* Added support for iso disk format. -* Fixed bug to allow support for rdb options in glance-api.conf. -* Fixed bug for rabbitmq options in notify::rabbitmq. -* Removed non-implemented glance::scrubber class. -* Various lint and bug fixes. - -**2.1.0** - -* Added glance-cache-cleaner and glance-cache-pruner. -* Added ceph/rdb support. -* Added retry for glance provider to account for service startup time. -* Added support for both file and swift backends. -* Fixed allowed_hosts/database access bug. -* Fixed glance_image type example. -* Removed unnecessary mysql::server dependency. -* Removed --silent-upload option. -* Removed glance-manage version_control. -* Pinned rabbit and mysql module versions. -* Various lint and bug fixes. - -**2.0.0** - -* Upstream is now part of stackfoge. -* Added postgresql support. -* Various cleanups and bug fixes. +* https://github.com/openstack/puppet-glance/graphs/contributors diff --git a/deployment/puppet/glance/lib/puppet/provider/glance.rb b/deployment/puppet/glance/lib/puppet/provider/glance.rb index d3791b6b4c..2501d63c95 100644 --- a/deployment/puppet/glance/lib/puppet/provider/glance.rb +++ b/deployment/puppet/glance/lib/puppet/provider/glance.rb @@ -15,7 +15,8 @@ class Puppet::Provider::Glance < Puppet::Provider glance_file['keystone_authtoken']['auth_protocol'] and glance_file['keystone_authtoken']['admin_tenant_name'] and glance_file['keystone_authtoken']['admin_user'] and - glance_file['keystone_authtoken']['admin_password'] + glance_file['keystone_authtoken']['admin_password'] and + glance_file['glance_store']['os_region_name'] g = {} g['auth_host'] = glance_file['keystone_authtoken']['auth_host'].strip @@ -24,10 +25,26 @@ class Puppet::Provider::Glance < Puppet::Provider g['admin_tenant_name'] = glance_file['keystone_authtoken']['admin_tenant_name'].strip g['admin_user'] = glance_file['keystone_authtoken']['admin_user'].strip g['admin_password'] = glance_file['keystone_authtoken']['admin_password'].strip + g['os_region_name'] = glance_file['glance_store']['os_region_name'].strip # auth_admin_prefix not required to be set. g['auth_admin_prefix'] = (glance_file['keystone_authtoken']['auth_admin_prefix'] || '').strip + return g + elsif glance_file and glance_file['keystone_authtoken'] and + glance_file['keystone_authtoken']['identity_uri'] and + glance_file['keystone_authtoken']['admin_tenant_name'] and + glance_file['keystone_authtoken']['admin_user'] and + glance_file['keystone_authtoken']['admin_password'] and + glance_file['glance_store']['os_region_name'] + + g = {} + g['identity_uri'] = glance_file['keystone_authtoken']['identity_uri'].strip + g['admin_tenant_name'] = glance_file['keystone_authtoken']['admin_tenant_name'].strip + g['admin_user'] = glance_file['keystone_authtoken']['admin_user'].strip + g['admin_password'] = glance_file['keystone_authtoken']['admin_password'].strip + g['os_region_name'] = glance_file['glance_store']['os_region_name'].strip + return g else raise(Puppet::Error, 'File: /etc/glance/glance-api.conf does not contain all required sections.') @@ -44,7 +61,11 @@ class Puppet::Provider::Glance < Puppet::Provider def self.get_auth_endpoint g = glance_credentials - "#{g['auth_protocol']}://#{g['auth_host']}:#{g['auth_port']}#{g['auth_admin_prefix']}/v2.0/" + if g.key?('identity_uri') + "#{g['identity_uri']}/" + else + "#{g['auth_protocol']}://#{g['auth_host']}:#{g['auth_port']}#{g['auth_admin_prefix']}/v2.0/" + end end def self.glance_file @@ -72,11 +93,11 @@ class Puppet::Provider::Glance < Puppet::Provider def self.auth_glance(*args) begin g = glance_credentials - remove_warnings(glance('-T', g['admin_tenant_name'], '-I', g['admin_user'], '-K', g['admin_password'], '-N', auth_endpoint, args)) + remove_warnings(glance('--os-tenant-name', g['admin_tenant_name'], '--os-username', g['admin_user'], '--os-password', g['admin_password'], '--os-region-name', g['os_region_name'], '--os-auth-url', auth_endpoint, args)) rescue Exception => e if (e.message =~ /\[Errno 111\] Connection refused/) or (e.message =~ /\(HTTP 400\)/) or (e.message =~ /HTTP Unable to establish connection/) sleep 10 - remove_warnings(glance('-T', g['admin_tenant_name'], '-I', g['admin_user'], '-K', g['admin_password'], '-N', auth_endpoint, args)) + remove_warnings(glance('--os-tenant-name', g['admin_tenant_name'], '--os-username', g['admin_user'], '--os-password', g['admin_password'], '--os-region-name', g['os_region_name'], '--os-auth-url', auth_endpoint, args)) else raise(e) end @@ -90,7 +111,7 @@ class Puppet::Provider::Glance < Puppet::Provider def self.auth_glance_stdin(*args) begin g = glance_credentials - command = "glance -T #{g['admin_tenant_name']} -I #{g['admin_user']} -K #{g['admin_password']} -N #{auth_endpoint} #{args.join(' ')}" + command = "glance --os-tenant-name #{g['admin_tenant_name']} --os-username #{g['admin_user']} --os-password #{g['admin_password']} --os-region-name #{g['os_region_name']} --os-auth-url #{auth_endpoint} #{args.join(' ')}" # This is a horrible, horrible hack # Redirect stderr to stdout in order to report errors @@ -109,14 +130,14 @@ class Puppet::Provider::Glance < Puppet::Provider private def self.list_glance_images ids = [] - (auth_glance('index').split("\n")[2..-1] || []).collect do |line| - ids << line.split[0] + (auth_glance('image-list').split("\n")[3..-2] || []).collect do |line| + ids << line.split('|')[1].strip() end return ids end def self.get_glance_image_attr(id, attr) - (auth_glance('show', id).split("\n") || []).collect do |line| + (auth_glance('image-show', id).split("\n") || []).collect do |line| if line =~ /^#{attr}:/ return line.split(': ')[1..-1] end @@ -125,8 +146,8 @@ class Puppet::Provider::Glance < Puppet::Provider def self.get_glance_image_attrs(id) attrs = {} - (auth_glance('show', id).split("\n") || []).collect do |line| - attrs[line.split(': ').first.downcase] = line.split(': ')[1..-1].pop + (auth_glance('image-show', id).split("\n")[3..-2] || []).collect do |line| + attrs[line.split('|')[1].strip()] = line.split('|')[2].strip() end return attrs end diff --git a/deployment/puppet/glance/lib/puppet/provider/glance_image/glance.rb b/deployment/puppet/glance/lib/puppet/provider/glance_image/glance.rb index 53ebd61bc2..fae22e0325 100644 --- a/deployment/puppet/glance/lib/puppet/provider/glance_image/glance.rb +++ b/deployment/puppet/glance/lib/puppet/provider/glance_image/glance.rb @@ -21,10 +21,10 @@ Puppet::Type.type(:glance_image).provide( new( :ensure => :present, :name => attrs['name'], - :is_public => attrs['public'], - :container_format => attrs['container format'], + :is_public => attrs['is_public'], + :container_format => attrs['container_format'], :id => attrs['id'], - :disk_format => attrs['disk format'] + :disk_format => attrs['disk_format'] ) end end @@ -43,12 +43,10 @@ Puppet::Type.type(:glance_image).provide( end def create - stdin = nil if resource[:source] # copy_from cannot handle file:// if resource[:source] =~ /^\// # local file - location = "< #{resource[:source]}" - stdin = true + location = "--file=#{resource[:source]}" else location = "--copy-from=#{resource[:source]}" end @@ -59,11 +57,7 @@ Puppet::Type.type(:glance_image).provide( else raise(Puppet::Error, "Must specify either source or location") end - if stdin - result = auth_glance_stdin('image-create', "--name=#{resource[:name]}", "--is-public=#{resource[:is_public]}", "--container-format=#{resource[:container_format]}", "--disk-format=#{resource[:disk_format]}", location) - else - results = auth_glance('image-create', "--name=#{resource[:name]}", "--is-public=#{resource[:is_public]}", "--container-format=#{resource[:container_format]}", "--disk-format=#{resource[:disk_format]}", location) - end + results = auth_glance('image-create', "--name=#{resource[:name]}", "--is-public=#{resource[:is_public]}", "--container-format=#{resource[:container_format]}", "--disk-format=#{resource[:disk_format]}", location) id = nil @@ -98,10 +92,6 @@ Puppet::Type.type(:glance_image).provide( @property_hash[:ensure] = :absent end - def location=(value) - auth_glance('image-update', id, "--location=#{value}") - end - def is_public=(value) auth_glance('image-update', id, "--is-public=#{value}") end diff --git a/deployment/puppet/glance/lib/puppet/type/glance_api_config.rb b/deployment/puppet/glance/lib/puppet/type/glance_api_config.rb index d7bd10f92a..80c7f6cc8a 100644 --- a/deployment/puppet/glance/lib/puppet/type/glance_api_config.rb +++ b/deployment/puppet/glance/lib/puppet/type/glance_api_config.rb @@ -14,6 +14,30 @@ Puppet::Type.newtype(:glance_api_config) do value.capitalize! if value =~ /^(true|false)$/i value end + + def is_to_s( currentvalue ) + if resource.secret? + return '[old secret redacted]' + else + return currentvalue + end + end + + def should_to_s( newvalue ) + if resource.secret? + return '[new secret redacted]' + else + return newvalue + end + end + end + + newparam(:secret, :boolean => true) do + desc 'Whether to hide the value from Puppet logs. Defaults to `false`.' + + newvalues(:true, :false) + + defaultto false end end diff --git a/deployment/puppet/glance/lib/puppet/type/glance_api_paste_ini.rb b/deployment/puppet/glance/lib/puppet/type/glance_api_paste_ini.rb index 740f2bbc8a..daf4cc498e 100644 --- a/deployment/puppet/glance/lib/puppet/type/glance_api_paste_ini.rb +++ b/deployment/puppet/glance/lib/puppet/type/glance_api_paste_ini.rb @@ -14,6 +14,30 @@ Puppet::Type.newtype(:glance_api_paste_ini) do value.capitalize! if value =~ /^(true|false)$/i value end + + def is_to_s( currentvalue ) + if resource.secret? + return '[old secret redacted]' + else + return currentvalue + end + end + + def should_to_s( newvalue ) + if resource.secret? + return '[new secret redacted]' + else + return newvalue + end + end + end + + newparam(:secret, :boolean => true) do + desc 'Whether to hide the value from Puppet logs. Defaults to `false`.' + + newvalues(:true, :false) + + defaultto false end end diff --git a/deployment/puppet/glance/lib/puppet/type/glance_cache_config.rb b/deployment/puppet/glance/lib/puppet/type/glance_cache_config.rb index ae0254e197..5f801fd7ac 100644 --- a/deployment/puppet/glance/lib/puppet/type/glance_cache_config.rb +++ b/deployment/puppet/glance/lib/puppet/type/glance_cache_config.rb @@ -14,6 +14,30 @@ Puppet::Type.newtype(:glance_cache_config) do value.capitalize! if value =~ /^(true|false)$/i value end + + def is_to_s( currentvalue ) + if resource.secret? + return '[old secret redacted]' + else + return currentvalue + end + end + + def should_to_s( newvalue ) + if resource.secret? + return '[new secret redacted]' + else + return newvalue + end + end + end + + newparam(:secret, :boolean => true) do + desc 'Whether to hide the value from Puppet logs. Defaults to `false`.' + + newvalues(:true, :false) + + defaultto false end end diff --git a/deployment/puppet/glance/lib/puppet/type/glance_image.rb b/deployment/puppet/glance/lib/puppet/type/glance_image.rb index d63590d9c7..10e577efec 100644 --- a/deployment/puppet/glance/lib/puppet/type/glance_image.rb +++ b/deployment/puppet/glance/lib/puppet/type/glance_image.rb @@ -36,7 +36,7 @@ Puppet::Type.newtype(:glance_image) do end end - newproperty(:location) do + newparam(:location) do desc "The permanent location of the image. Optional" newvalues(/\S+/) end @@ -46,7 +46,11 @@ Puppet::Type.newtype(:glance_image) do newvalues(/(y|Y)es/, /(n|N)o/) defaultto('Yes') munge do |v| - v.to_s.capitalize + if v =~ /^(y|Y)es$/ + 'True' + elsif v =~ /^(n|N)o$/ + 'False' + end end end diff --git a/deployment/puppet/glance/lib/puppet/type/glance_registry_config.rb b/deployment/puppet/glance/lib/puppet/type/glance_registry_config.rb index 3b08e6a60b..3291be391f 100644 --- a/deployment/puppet/glance/lib/puppet/type/glance_registry_config.rb +++ b/deployment/puppet/glance/lib/puppet/type/glance_registry_config.rb @@ -14,6 +14,30 @@ Puppet::Type.newtype(:glance_registry_config) do value.capitalize! if value =~ /^(true|false)$/i value end + + def is_to_s( currentvalue ) + if resource.secret? + return '[old secret redacted]' + else + return currentvalue + end + end + + def should_to_s( newvalue ) + if resource.secret? + return '[new secret redacted]' + else + return newvalue + end + end + end + + newparam(:secret, :boolean => true) do + desc 'Whether to hide the value from Puppet logs. Defaults to `false`.' + + newvalues(:true, :false) + + defaultto false end end diff --git a/deployment/puppet/glance/lib/puppet/type/glance_registry_paste_ini.rb b/deployment/puppet/glance/lib/puppet/type/glance_registry_paste_ini.rb index 8c9b956bca..1afeafd750 100644 --- a/deployment/puppet/glance/lib/puppet/type/glance_registry_paste_ini.rb +++ b/deployment/puppet/glance/lib/puppet/type/glance_registry_paste_ini.rb @@ -14,6 +14,30 @@ Puppet::Type.newtype(:glance_registry_paste_ini) do value.capitalize! if value =~ /^(true|false)$/i value end + + def is_to_s( currentvalue ) + if resource.secret? + return '[old secret redacted]' + else + return currentvalue + end + end + + def should_to_s( newvalue ) + if resource.secret? + return '[new secret redacted]' + else + return newvalue + end + end + end + + newparam(:secret, :boolean => true) do + desc 'Whether to hide the value from Puppet logs. Defaults to `false`.' + + newvalues(:true, :false) + + defaultto false end end diff --git a/deployment/puppet/glance/manifests/api.pp b/deployment/puppet/glance/manifests/api.pp index 0ef119af66..26dc0b386b 100644 --- a/deployment/puppet/glance/manifests/api.pp +++ b/deployment/puppet/glance/manifests/api.pp @@ -7,6 +7,11 @@ # [*keystone_password*] # (required) Password used to authentication. # +# [*package_ensure*] +# (optional) Ensure state for package. On RedHat platforms this +# setting is ignored and the setting from the glance class is used +# because there is only one glance package. Defaults to 'present'. +# # [*verbose*] # (optional) Rather to log the glance api service at verbose level. # Default: false @@ -49,44 +54,48 @@ # (optional) The port of the Glance registry service. # Default: 9191 # +# [*registry_client_protocol*] +# (optional) The protocol of the Glance registry service. +# Default: http +# # [*auth_type*] # (optional) Type is authorization being used. # Defaults to 'keystone' # -# [* auth_host*] -# (optional) Host running auth service. +# [*auth_host*] +# (optional) DEPRECATED Host running auth service. # Defaults to '127.0.0.1'. # # [*auth_url*] -# (optional) Authentication URL. +# (optional) DEPRECATED Authentication URL. # Defaults to 'http://localhost:5000/v2.0'. # -# [*identity_uri*] -# (optional) Complete admin Identity API endpoint. -# Defaults to "${auth_protocol}://${auth_host}:${auth_port}/" -# -# [* auth_port*] -# (optional) Port to use for auth service on auth_host. +# [*auth_port*] +# (optional) DEPRECATED Port to use for auth service on auth_host. # Defaults to '35357'. # -# [* auth_uri*] +# [*auth_uri*] # (optional) Complete public Identity API endpoint. # Defaults to false. # # [*auth_admin_prefix*] -# (optional) Path part of the auth url. +# (optional) DEPRECATED Path part of the auth url. # This allow admin auth URIs like http://auth_host:35357/keystone/admin. # (where '/keystone/admin' is auth_admin_prefix) # Defaults to false for empty. If defined, should be a string with a leading '/' and no trailing '/'. # -# [* auth_protocol*] -# (optional) Protocol to use for auth. +# [*auth_protocol*] +# (optional) DEPRECATED Protocol to use for auth. # Defaults to 'http'. # +# [*identity_uri*] +# (optional) Complete admin Identity API endpoint. +# Defaults to: false +# # [*pipeline*] # (optional) Partial name of a pipeline in your paste configuration file with the # service name removed. -# Defaults to 'keystone+cachemanagement'. +# Defaults to 'keystone'. # # [*keystone_tenant*] # (optional) Tenant to authenticate to. @@ -96,18 +105,21 @@ # (optional) User to authenticate as with keystone. # Defaults to 'glance'. # +# [*manage_service*] +# (optional) If Puppet should manage service startup / shutdown. +# Defaults to true. +# # [*enabled*] # (optional) Whether to enable services. # Defaults to true. # -# [*sql_idle_timeout*] -# (optional) Period in seconds after which SQLAlchemy should reestablish its connection -# to the database. -# Defaults to '3600'. +# [*database_connection*] +# (optional) Connection url to connect to nova database. +# Defaults to 'sqlite:///var/lib/glance/glance.sqlite' # -# [*sql_connection*] -# (optional) Database connection. -# Defaults to 'sqlite:///var/lib/glance/glance.sqlite'. +# [*database_idle_timeout*] +# (optional) Timeout before idle db connections are reaped. +# Defaults to 3600 # # [*use_syslog*] # (optional) Use syslog for logging. @@ -139,9 +151,7 @@ # Defaults to false, not set # # [*mysql_module*] -# (optional) Mysql puppet module version to use -# Tested versions include 0.9 and 2.2 -# Defaults to '0.9'. +# (optional) Deprecated. Does nothing. # # [*known_stores*] # (optional)List of which store classes and store class locations are @@ -149,55 +159,99 @@ # Defaults to false. # Example: ['glance.store.filesystem.Store','glance.store.http.Store'] # +# [*image_cache_dir*] +# (optional) Base directory that the Image Cache uses. +# Defaults to '/var/lib/glance/image-cache'. +# +# [*os_region_name*] +# (optional) Sets the keystone region to use. +# Defaults to 'RegionOne'. +# +# [*validate*] +# (optional) Whether to validate the service is working after any service refreshes +# Defaults to false +# +# [*validation_options*] +# (optional) Service validation options +# Should be a hash of options defined in openstacklib::service_validation +# If empty, defaults values are taken from openstacklib function. +# Default command list images. +# Require validate set at True. +# Example: +# glance::api::validation_options: +# glance-api: +# command: check_glance-api.py +# path: /usr/bin:/bin:/usr/sbin:/sbin +# provider: shell +# tries: 5 +# try_sleep: 10 +# Defaults to {} +# class glance::api( $keystone_password, - $verbose = false, - $debug = false, - $bind_host = '0.0.0.0', - $bind_port = '9292', - $backlog = '4096', - $workers = $::processorcount, - $log_file = '/var/log/glance/api.log', - $log_dir = '/var/log/glance', - $registry_host = '0.0.0.0', - $registry_port = '9191', - $auth_type = 'keystone', - $auth_host = '127.0.0.1', - $auth_url = 'http://localhost:5000/v2.0', - $auth_port = '35357', - $auth_uri = false, - $identity_uri = false, - $auth_admin_prefix = false, - $auth_protocol = 'http', - $pipeline = 'keystone+cachemanagement', - $keystone_tenant = 'services', - $keystone_user = 'glance', - $enabled = true, - $sql_idle_timeout = '3600', - $sql_connection = 'sqlite:///var/lib/glance/glance.sqlite', - $use_syslog = false, - $log_facility = 'LOG_USER', - $show_image_direct_url = false, - $purge_config = false, - $cert_file = false, - $key_file = false, - $ca_file = false, - $mysql_module = '0.9', - $known_stores = false, + $package_ensure = 'present', + $verbose = false, + $debug = false, + $bind_host = '0.0.0.0', + $bind_port = '9292', + $backlog = '4096', + $workers = $::processorcount, + $log_file = '/var/log/glance/api.log', + $log_dir = '/var/log/glance', + $registry_host = '0.0.0.0', + $registry_port = '9191', + $registry_client_protocol = 'http', + $auth_type = 'keystone', + $auth_uri = false, + $identity_uri = false, + $pipeline = 'keystone', + $keystone_tenant = 'services', + $keystone_user = 'glance', + $manage_service = true, + $enabled = true, + $use_syslog = false, + $log_facility = 'LOG_USER', + $show_image_direct_url = false, + $purge_config = false, + $cert_file = false, + $key_file = false, + $ca_file = false, + $known_stores = false, + $database_connection = 'sqlite:///var/lib/glance/glance.sqlite', + $database_idle_timeout = 3600, + $image_cache_dir = '/var/lib/glance/image-cache', + $os_region_name = 'RegionOne', + $validate = false, + $validation_options = {}, + # DEPRECATED PARAMETERS + $mysql_module = undef, + $auth_host = '127.0.0.1', + $auth_url = 'http://localhost:5000/v2.0', + $auth_port = '35357', + $auth_admin_prefix = false, + $auth_protocol = 'http', ) inherits glance { + include ::glance::policy require keystone::python - validate_re($sql_connection, '(sqlite|mysql|postgresql):\/\/(\S+:\S+@\S+\/\S+)?') + if $mysql_module { + warning('The mysql_module parameter is deprecated. The latest 2.x mysql module will be used.') + } if ( $glance::params::api_package_name != $glance::params::registry_package_name ) { - ensure_packages([$glance::params::api_package_name]) + ensure_packages([$glance::params::api_package_name], + { + ensure => $package_ensure, + tag => ['openstack'], + } + ) } Package[$glance::params::api_package_name] -> File['/etc/glance/'] + Package[$glance::params::api_package_name] -> Class['glance::policy'] Package[$glance::params::api_package_name] -> Glance_api_config<||> Package[$glance::params::api_package_name] -> Glance_cache_config<||> - Package[$glance::params::api_package_name] ~> Service['glance-api'] # adding all of this stuff b/c it devstack says glance-api uses the # db now @@ -206,6 +260,8 @@ class glance::api( Exec<| title == 'glance-manage db_sync' |> ~> Service['glance-api'] Glance_api_config<||> ~> Service['glance-api'] Glance_cache_config<||> ~> Service['glance-api'] + Class['glance::policy'] ~> Service['glance-api'] + Service['glance-api'] ~> Glance_image<||> File { ensure => present, @@ -213,22 +269,24 @@ class glance::api( group => 'glance', mode => '0640', notify => Service['glance-api'], - require => Class['glance'], + require => Class['glance'] } - if($sql_connection =~ /mysql:\/\/\S+:\S+@\S+\/\S+/) { - if ($mysql_module >= 2.2) { + if $database_connection { + if($database_connection =~ /mysql:\/\/\S+:\S+@\S+\/\S+/) { require 'mysql::bindings' require 'mysql::bindings::python' + } elsif($database_connection =~ /postgresql:\/\/\S+:\S+@\S+\/\S+/) { + + } elsif($database_connection =~ /sqlite:\/\//) { + } else { - require 'mysql::python' + fail("Invalid db connection ${database_connection}") + } + glance_api_config { + 'database/connection': value => $database_connection, secret => true; + 'database/idle_timeout': value => $database_idle_timeout; } - } elsif($sql_connection =~ /postgresql:\/\/\S+:\S+@\S+\/\S+/) { - - } elsif($sql_connection =~ /sqlite:\/\//) { - - } else { - fail("Invalid db connection ${sql_connection}") } # basic service config @@ -240,6 +298,8 @@ class glance::api( 'DEFAULT/backlog': value => $backlog; 'DEFAULT/workers': value => $workers; 'DEFAULT/show_image_direct_url': value => $show_image_direct_url; + 'DEFAULT/image_cache_dir': value => $image_cache_dir; + 'glance_store/os_region_name': value => $os_region_name; } # known_stores config @@ -254,14 +314,16 @@ class glance::api( } glance_cache_config { - 'DEFAULT/verbose': value => $verbose; - 'DEFAULT/debug': value => $debug; + 'DEFAULT/verbose': value => $verbose; + 'DEFAULT/debug': value => $debug; + 'glance_store/os_region_name': value => $os_region_name; } # configure api service to connect registry service glance_api_config { - 'DEFAULT/registry_host': value => $registry_host; - 'DEFAULT/registry_port': value => $registry_port; + 'DEFAULT/registry_host': value => $registry_host; + 'DEFAULT/registry_port': value => $registry_port; + 'DEFAULT/registry_client_protocol': value => $registry_client_protocol; } glance_cache_config { @@ -269,13 +331,10 @@ class glance::api( 'DEFAULT/registry_port': value => $registry_port; } - # db connection config - # I do not believe this was required in Essex. - # Does the API server now need to connect to the DB? - # TODO figure out if I need this... - glance_api_config { - 'DEFAULT/sql_connection': value => $sql_connection; - 'DEFAULT/sql_idle_timeout': value => $sql_idle_timeout; + if $identity_uri { + glance_api_config { 'keystone_authtoken/identity_uri': value => $identity_uri; } + } else { + glance_api_config { 'keystone_authtoken/identity_uri': ensure => absent; } } if $auth_uri { @@ -284,30 +343,45 @@ class glance::api( glance_api_config { 'keystone_authtoken/auth_uri': value => "${auth_protocol}://${auth_host}:5000/"; } } - # auth config - if $identity_uri { - glance_api_config { 'keystone_authtoken/identity_uri': value => $identity_uri; } - } else { - if $auth_admin_prefix { - glance_api_config { 'keystone_authtoken/identity_uri': value => "${auth_protocol}://${auth_host}:${auth_port}/${auth_admin_prefix}"; } + # if both auth_uri and identity_uri are set we skip these deprecated settings entirely + if !$auth_uri or !$identity_uri { + + if $auth_host { + warning('The auth_host parameter is deprecated. Please use auth_uri and identity_uri instead.') + glance_api_config { 'keystone_authtoken/auth_host': value => $auth_host; } } else { - glance_api_config { 'keystone_authtoken/identity_uri': value => "${auth_protocol}://${auth_host}:${auth_port}/"; } + glance_api_config { 'keystone_authtoken/auth_host': ensure => absent; } } - } - glance_api_config { - 'keystone_authtoken/auth_host': value => $auth_host; - 'keystone_authtoken/auth_port': value => $auth_port; - 'keystone_authtoken/auth_protocol': value => $auth_protocol; - } - - if $auth_admin_prefix { - validate_re($auth_admin_prefix, '^(/.+[^/])?$') - glance_api_config { - 'keystone_authtoken/auth_admin_prefix': value => $auth_admin_prefix; + if $auth_port { + warning('The auth_port parameter is deprecated. Please use auth_uri and identity_uri instead.') + glance_api_config { 'keystone_authtoken/auth_port': value => $auth_port; } + } else { + glance_api_config { 'keystone_authtoken/auth_port': ensure => absent; } } + + if $auth_protocol { + warning('The auth_protocol parameter is deprecated. Please use auth_uri and identity_uri instead.') + glance_api_config { 'keystone_authtoken/auth_protocol': value => $auth_protocol; } + } else { + glance_api_config { 'keystone_authtoken/auth_protocol': ensure => absent; } + } + + if $auth_admin_prefix { + warning('The auth_admin_prefix parameter is deprecated. Please use auth_uri and identity_uri instead.') + validate_re($auth_admin_prefix, '^(/.+[^/])?$') + glance_api_config { + 'keystone_authtoken/auth_admin_prefix': value => $auth_admin_prefix; + } + } else { + glance_api_config { 'keystone_authtoken/auth_admin_prefix': ensure => absent; } + } + } else { glance_api_config { + 'keystone_authtoken/auth_host': ensure => absent; + 'keystone_authtoken/auth_port': ensure => absent; + 'keystone_authtoken/auth_protocol': ensure => absent; 'keystone_authtoken/auth_admin_prefix': ensure => absent; } } @@ -329,13 +403,13 @@ class glance::api( glance_api_config { 'keystone_authtoken/admin_tenant_name': value => $keystone_tenant; 'keystone_authtoken/admin_user' : value => $keystone_user; - 'keystone_authtoken/admin_password' : value => $keystone_password; + 'keystone_authtoken/admin_password' : value => $keystone_password, secret => true; } glance_cache_config { 'DEFAULT/auth_url' : value => $auth_url; 'DEFAULT/admin_tenant_name': value => $keystone_tenant; 'DEFAULT/admin_user' : value => $keystone_user; - 'DEFAULT/admin_password' : value => $keystone_password; + 'DEFAULT/admin_password' : value => $keystone_password, secret => true; } } @@ -410,10 +484,12 @@ class glance::api( '/etc/glance/glance-cache.conf']: } - if $enabled { - $service_ensure = 'running' - } else { - $service_ensure = 'stopped' + if $manage_service { + if $enabled { + $service_ensure = 'running' + } else { + $service_ensure = 'stopped' + } } service { 'glance-api': @@ -423,4 +499,15 @@ class glance::api( hasstatus => true, hasrestart => true, } + + if $validate { + $defaults = { + 'glance-api' => { + 'command' => "glance --os-auth-url ${auth_url} --os-tenant-name ${keystone_tenant} --os-username ${keystone_user} --os-password ${keystone_password} image-list", + } + } + $validation_options_hash = merge ($defaults, $validation_options) + create_resources('openstacklib::service_validation', $validation_options_hash, {'subscribe' => 'Service[glance-api]'}) + } + } diff --git a/deployment/puppet/glance/manifests/backend/cinder.pp b/deployment/puppet/glance/manifests/backend/cinder.pp index 03b13b0002..75507d7f53 100644 --- a/deployment/puppet/glance/manifests/backend/cinder.pp +++ b/deployment/puppet/glance/manifests/backend/cinder.pp @@ -33,9 +33,9 @@ # Defaults to 'undef' # # [*os_region_name*] -# (optional) Region name of this node. -# Should be a valid region name -# Defaults to 'RegionOne' +# (optional) The os_region_name parameter is deprecated and has no effect. +# Use glance::api::os_region_name instead. +# Defaults to 'undef' # # [*cinder_ca_certificates_file*] # (optional) Location of ca certicate file to use for cinder client requests. @@ -54,7 +54,7 @@ # class glance::backend::cinder( - $os_region_name = 'RegionOne', + $os_region_name = undef, $cinder_ca_certificates_file = undef, $cinder_api_insecure = false, $cinder_catalog_info = 'volume:cinder:publicURL', @@ -63,35 +63,37 @@ class glance::backend::cinder( ) { + if $os_region_name { + notice('The os_region_name parameter is deprecated and has no effect. Use glance::api::os_region_name instead.') + } + glance_api_config { - 'glance_store/cinder_api_insecure': value => $cinder_api_insecure; - 'glance_store/cinder_catalog_info': value => $cinder_catalog_info; - 'glance_store/cinder_http_retries': value => $cinder_http_retries; + 'DEFAULT/cinder_api_insecure': value => $cinder_api_insecure; + 'DEFAULT/cinder_catalog_info': value => $cinder_catalog_info; + 'DEFAULT/cinder_http_retries': value => $cinder_http_retries; 'glance_store/default_store': value => 'cinder'; - 'glance_store/os_region_name': value => $os_region_name; } glance_cache_config { 'DEFAULT/cinder_api_insecure': value => $cinder_api_insecure; 'DEFAULT/cinder_catalog_info': value => $cinder_catalog_info; 'DEFAULT/cinder_http_retries': value => $cinder_http_retries; - 'DEFAULT/os_region_name': value => $os_region_name; } if $cinder_endpoint_template { - glance_api_config { 'glance_store/cinder_endpoint_template': value => $cinder_endpoint_template; } - glance_cache_config { 'DEFAULT/cinder_endpoint_template': value => $cinder_endpoint_template; } + glance_api_config { 'DEFAULT/cinder_endpoint_template': value => $cinder_endpoint_template; } + glance_cache_config { 'DEFAULT/cinder_endpoint_template': value => $cinder_endpoint_template; } } else { - glance_api_config { 'glance_store/cinder_endpoint_template': ensure => absent; } - glance_cache_config { 'DEFAULT/cinder_endpoint_template': ensure => absent; } + glance_api_config { 'DEFAULT/cinder_endpoint_template': ensure => absent; } + glance_cache_config { 'DEFAULT/cinder_endpoint_template': ensure => absent; } } if $cinder_ca_certificates_file { - glance_api_config { 'glance_store/cinder_ca_certificates_file': value => $cinder_ca_certificates_file; } - glance_cache_config { 'DEFAULT/cinder_ca_certificates_file': value => $cinder_ca_certificates_file; } + glance_api_config { 'DEFAULT/cinder_ca_certificates_file': value => $cinder_ca_certificates_file; } + glance_cache_config { 'DEFAULT/cinder_ca_certificates_file': value => $cinder_ca_certificates_file; } } else { - glance_api_config { 'glance_store/cinder_ca_certificates_file': ensure => absent; } - glance_cache_config { 'DEFAULT/cinder_ca_certificates_file': ensure => absent; } + glance_api_config { 'DEFAULT/cinder_ca_certificates_file': ensure => absent; } + glance_cache_config { 'DEFAULT/cinder_ca_certificates_file': ensure => absent; } } } diff --git a/deployment/puppet/glance/manifests/backend/file.pp b/deployment/puppet/glance/manifests/backend/file.pp index c04d100905..ffc5d2e6b8 100644 --- a/deployment/puppet/glance/manifests/backend/file.pp +++ b/deployment/puppet/glance/manifests/backend/file.pp @@ -1,9 +1,14 @@ +# === class: glance::backend::file # # used to configure file backends for glance # -# $filesystem_store_datadir - Location where dist images are stored when -# default_store == file. -# Optional. Default: /var/lib/glance/images/ +# === parameters: +# +# [*filesystem_store_datadir*] +# Location where dist images are stored when +# default_store == file. +# Optional. Default: /var/lib/glance/images/ +# class glance::backend::file( $filesystem_store_datadir = '/var/lib/glance/images/' ) inherits glance::api { @@ -14,6 +19,6 @@ class glance::backend::file( } glance_cache_config { - 'DEFAULT/filesystem_store_datadir': value => $filesystem_store_datadir; + 'glance_store/filesystem_store_datadir': value => $filesystem_store_datadir; } } diff --git a/deployment/puppet/glance/manifests/backend/rbd.pp b/deployment/puppet/glance/manifests/backend/rbd.pp index fdec360903..edd8301069 100644 --- a/deployment/puppet/glance/manifests/backend/rbd.pp +++ b/deployment/puppet/glance/manifests/backend/rbd.pp @@ -1,17 +1,31 @@ - # +# == class: glance::backend::rbd +# # configures the storage backend for glance # as a rbd instance # -# $rbd_store_user - Optional. +# === parameters: # -# $rbd_store_pool - Optional. Default:'images' +# [*rbd_store_user*] +# Optional. # -# $rbd_store_ceph_conf - Optional. Default:'/etc/ceph/ceph.conf' +# [*rbd_store_pool*] +# Optional. Default:'images' # -# $rbd_store_chunk_size - Optional. Default:'8' +# [*rbd_store_ceph_conf*] +# Optional. Default:'/etc/ceph/ceph.conf' +# +# [*rbd_store_chunk_size*] +# Optional. Default:'8' +# +# [*show_image_direct_url*] +# Optional. Enables direct COW from glance to rbd +# DEPRECATED, use show_image_direct_url in glance::api +# +# [*package_ensure*] +# (optional) Desired ensure state of packages. +# accepts latest or specific versions. +# Defaults to present. # -# $show_image_direct_url - Optional. Enables direct COW from glance to rbd -# DEPRECATED, use show_image_direct_url in glance::api class glance::backend::rbd( $rbd_store_user = undef, @@ -19,23 +33,24 @@ class glance::backend::rbd( $rbd_store_pool = 'images', $rbd_store_chunk_size = '8', $show_image_direct_url = undef, + $package_ensure = 'present', ) { - include glance::params + include ::glance::params if $show_image_direct_url { notice('parameter show_image_direct_url is deprecated, use parameter in glance::api') } glance_api_config { - 'glance_store/rbd_store_ceph_conf': value => $rbd_store_ceph_conf; - 'glance_store/rbd_store_user': value => $rbd_store_user; - 'glance_store/rbd_store_pool': value => $rbd_store_pool; - 'glance_store/rbd_store_chunk_size': value => $rbd_store_chunk_size; - 'glance_store/default_store': value => 'rbd'; + 'glance_store/default_store': value => 'rbd'; + 'glance_store/rbd_store_ceph_conf': value => $rbd_store_ceph_conf; + 'glance_store/rbd_store_user': value => $rbd_store_user; + 'glance_store/rbd_store_pool': value => $rbd_store_pool; + 'glance_store/rbd_store_chunk_size': value => $rbd_store_chunk_size; } package { 'python-ceph': - ensure => 'present', + ensure => $package_ensure, name => $::glance::params::pyceph_package_name, } diff --git a/deployment/puppet/glance/manifests/backend/swift.pp b/deployment/puppet/glance/manifests/backend/swift.pp index 0d5bd179f3..25aa00393a 100644 --- a/deployment/puppet/glance/manifests/backend/swift.pp +++ b/deployment/puppet/glance/manifests/backend/swift.pp @@ -1,24 +1,34 @@ +# == class: glance::backend::swift # # configures the storage backend for glance # as a swift instance # -# $swift_store_user - Required. +# === parameters: # -# $swift_store_key - Required. +# [*swift_store_user*] +# Required. Swift store user. # -# $swift_store_auth_address - Optional. Default: '127.0.0.1:5000/v2.0/' +# [*swift_store_key*] +# Required. Swift store key. # -# $swift_store_container - Optional. Default: 'glance' +# [*swift_store_auth_address*] +# Optional. Default: '127.0.0.1:5000/v2.0/' # -# $swift_store_auth_version - Optional. Default: '2' +# [*swift_store_container*] +# Optional. Default: 'glance' # -# $swift_store_create_container_on_put - Optional. Default: 'False' +# [*swift_store_auth_version*] +# Optional. Default: '2' # -# $swift_store_large_object_size - Optional. Default: '5120' +# [*swift_store_large_object_size*] +# Optional. Default: '5120' # -# $swift_store_endpoint_type - Optional. Default: 'internalURL' +# [*swift_store_create_container_on_put*] +# Optional. Default: 'False' +# +# [*swift_store_endpoint_type*] +# Optional. Default: 'internalURL' # -# $swift_store_region - Optional. Default: '' class glance::backend::swift( $swift_store_user, $swift_store_key, @@ -28,7 +38,6 @@ class glance::backend::swift( $swift_store_large_object_size = '5120', $swift_store_create_container_on_put = false, $swift_store_endpoint_type = 'internalURL', - $swift_store_region = '', ) { glance_api_config { @@ -36,23 +45,22 @@ class glance::backend::swift( 'glance_store/swift_store_user': value => $swift_store_user; 'glance_store/swift_store_key': value => $swift_store_key; 'glance_store/swift_store_auth_address': value => $swift_store_auth_address; - 'glance_store/swift_store_container': value => $swift_store_container; - 'glance_store/swift_store_auth_version': value => $swift_store_auth_version; - 'glance_store/swift_store_region': value => $swift_store_region; - 'glance_store/swift_store_create_container_on_put': + 'DEFAULT/swift_store_container': value => $swift_store_container; + 'DEFAULT/swift_store_auth_version': value => $swift_store_auth_version; + 'DEFAULT/swift_store_create_container_on_put': value => $swift_store_create_container_on_put; - 'glance_store/swift_store_large_object_size': + 'DEFAULT/swift_store_large_object_size': value => $swift_store_large_object_size; 'glance_store/swift_store_endpoint_type': value => $swift_store_endpoint_type; } glance_cache_config { - 'DEFAULT/swift_store_user': value => $swift_store_user; - 'DEFAULT/swift_store_key': value => $swift_store_key; - 'DEFAULT/swift_store_auth_address': value => $swift_store_auth_address; - 'DEFAULT/swift_store_container': value => $swift_store_container; - 'DEFAULT/swift_store_auth_version': value => $swift_store_auth_version; + 'glance_store/swift_store_user': value => $swift_store_user; + 'glance_store/swift_store_key': value => $swift_store_key; + 'glance_store/swift_store_auth_address': value => $swift_store_auth_address; + 'DEFAULT/swift_store_container': value => $swift_store_container; + 'DEFAULT/swift_store_auth_version': value => $swift_store_auth_version; 'DEFAULT/swift_store_create_container_on_put': value => $swift_store_create_container_on_put; 'DEFAULT/swift_store_large_object_size': diff --git a/deployment/puppet/glance/manifests/backend/vsphere.pp b/deployment/puppet/glance/manifests/backend/vsphere.pp index fd3cf650e6..133b0986e4 100644 --- a/deployment/puppet/glance/manifests/backend/vsphere.pp +++ b/deployment/puppet/glance/manifests/backend/vsphere.pp @@ -58,26 +58,26 @@ # Defaults to '10' # class glance::backend::vsphere( - $vcenter_api_insecure = 'False', $vcenter_host, $vcenter_user, $vcenter_password, $vcenter_datacenter, $vcenter_datastore, $vcenter_image_dir, + $vcenter_api_insecure = 'False', $vcenter_task_poll_interval = '5', $vcenter_api_retry_count = '10', ) { glance_api_config { - 'glance_store/default_store': value => 'vsphere'; - 'glance_store/vmware_api_insecure': value => $vcenter_api_insecure; - 'glance_store/vmware_server_host': value => $vcenter_host; - 'glance_store/vmware_server_username': value => $vcenter_user; - 'glance_store/vmware_server_password': value => $vcenter_password; - 'glance_store/vmware_datastore_name': value => $vcenter_datastore; - 'glance_store/vmware_store_image_dir': value => $vcenter_image_dir; - 'glance_store/vmware_task_poll_interval': value => $vcenter_task_poll_interval; - 'glance_store/vmware_api_retry_count': value => $vcenter_api_retry_count; - 'glance_store/vmware_datacenter_path': value => $vcenter_datacenter; + 'DEFAULT/default_store': value => 'vsphere'; + 'DEFAULT/vmware_api_insecure': value => $vcenter_api_insecure; + 'DEFAULT/vmware_server_host': value => $vcenter_host; + 'DEFAULT/vmware_server_username': value => $vcenter_user; + 'DEFAULT/vmware_server_password': value => $vcenter_password; + 'DEFAULT/vmware_datastore_name': value => $vcenter_datastore; + 'DEFAULT/vmware_store_image_dir': value => $vcenter_image_dir; + 'DEFAULT/vmware_task_poll_interval': value => $vcenter_task_poll_interval; + 'DEFAULT/vmware_api_retry_count': value => $vcenter_api_retry_count; + 'DEFAULT/vmware_datacenter_path': value => $vcenter_datacenter; } } diff --git a/deployment/puppet/glance/manifests/cache/cleaner.pp b/deployment/puppet/glance/manifests/cache/cleaner.pp index 181c627e6f..3ac2226d60 100644 --- a/deployment/puppet/glance/manifests/cache/cleaner.pp +++ b/deployment/puppet/glance/manifests/cache/cleaner.pp @@ -19,24 +19,31 @@ # [*weekday*] # (optional) Defaults to '*'. # +# [*command_options*] +# command options to add to the cronjob +# (eg. point to config file, or redirect output) +# (optional) Defaults to ''. +# class glance::cache::cleaner ( - $minute = 1, - $hour = 0, - $monthday = '*', - $month = '*', - $weekday = '*', + $minute = 1, + $hour = 0, + $monthday = '*', + $month = '*', + $weekday = '*', + $command_options = '', ) { - include glance::params + include ::glance::params cron { 'glance-cache-cleaner': - command => $glance::params::cache_cleaner_command, + command => "${glance::params::cache_cleaner_command} ${command_options}", environment => 'PATH=/bin:/usr/bin:/usr/sbin', user => 'glance', minute => $minute, hour => $hour, monthday => $monthday, month => $month, - weekday => $weekday + weekday => $weekday, + require => Package[$::glance::params::api_package_name], } } diff --git a/deployment/puppet/glance/manifests/cache/pruner.pp b/deployment/puppet/glance/manifests/cache/pruner.pp index 9c3811a91b..cdff84947c 100644 --- a/deployment/puppet/glance/manifests/cache/pruner.pp +++ b/deployment/puppet/glance/manifests/cache/pruner.pp @@ -19,24 +19,32 @@ # [*weekday*] # (optional) Defaults to '*'. # +# [*command_options*] +# command options to add to the cronjob +# (eg. point to config file, or redirect output) +# (optional) Defaults to ''. +# class glance::cache::pruner ( - $minute = '*/30', - $hour = '*', - $monthday = '*', - $month = '*', - $weekday = '*', + $minute = '*/30', + $hour = '*', + $monthday = '*', + $month = '*', + $weekday = '*', + $command_options = '', ) { - include glance::params + include ::glance::params cron { 'glance-cache-pruner': - command => $glance::params::cache_pruner_command, + command => "${glance::params::cache_pruner_command} ${command_options}", environment => 'PATH=/bin:/usr/bin:/usr/sbin', user => 'glance', minute => $minute, hour => $hour, monthday => $monthday, month => $month, - weekday => $weekday + weekday => $weekday, + require => Package[$::glance::params::api_package_name], + } } diff --git a/deployment/puppet/glance/manifests/client.pp b/deployment/puppet/glance/manifests/client.pp index cbb0f1c0c0..efcdf563f0 100644 --- a/deployment/puppet/glance/manifests/client.pp +++ b/deployment/puppet/glance/manifests/client.pp @@ -2,17 +2,20 @@ # Installs the glance python library. # # == parameters -# * ensure - ensure state for pachage. +# [*ensure*] +# (Optional) Ensure state for pachage. +# Defaults to 'present' # class glance::client ( $ensure = 'present' ) { - include glance::params + include ::glance::params package { 'python-glanceclient': ensure => $ensure, name => $::glance::params::client_package_name, + tag => ['openstack'], } } diff --git a/deployment/puppet/glance/manifests/config.pp b/deployment/puppet/glance/manifests/config.pp index d9c6a4371b..dccb29a67b 100644 --- a/deployment/puppet/glance/manifests/config.pp +++ b/deployment/puppet/glance/manifests/config.pp @@ -17,19 +17,19 @@ # DEFAULT/bar: # value: barValue # -# [**api_config**] +# [*api_config*] # (optional) Allow configuration of glance-api.conf configurations. # -# [**api_paste_ini_config**] +# [*api_paste_ini_config*] # (optional) Allow configuration of glance-api-paste.ini configurations. # -# [**registry_config**] +# [*registry_config*] # (optional) Allow configuration of glance-registry.conf configurations. # -# [**registry_paste_ini_config**] +# [*registry_paste_ini_config*] # (optional) Allow configuration of glance-registry-paste.ini configurations. # -# [**cache_config**] +# [*cache_config*] # (optional) Allow configuration of glance-cache.conf configurations. # # NOTE: The configuration MUST NOT be already handled by this module diff --git a/deployment/puppet/glance/manifests/db/mysql.pp b/deployment/puppet/glance/manifests/db/mysql.pp index 720061a55f..f0b2090ad2 100644 --- a/deployment/puppet/glance/manifests/db/mysql.pp +++ b/deployment/puppet/glance/manifests/db/mysql.pp @@ -1,11 +1,37 @@ +# The glance::db::mysql class creates a MySQL database for glance. +# It must be used on the MySQL server # -# I should change this to mysql -# for consistency +# == Parameters # -# [*mysql_module*] -# (optional) The mysql puppet module version to use. Tested -# versions include 0.9 and 2.2 -# Default to '0.9' +# [*password*] +# password to connect to the database. Mandatory. +# +# [*dbname*] +# name of the database. Optional. Defaults to glance. +# +# [*user*] +# user to connect to the database. Optional. Defaults to glance. +# +# [*host*] +# the default source host user is allowed to connect from. +# Optional. Defaults to 'localhost' +# +# [*allowed_hosts*] +# other hosts the user is allowd to connect from. +# Optional. Defaults to undef. +# +# [*charset*] +# the database charset. Optional. Defaults to 'utf8' +# +# [*collate*] +# the database collation. Optional. Defaults to 'utf8_general_ci' +# +# [*mysql_module*] +# (optional) Deprecated. Does nothing. +# +# === Deprecated parameters: +# +# [*cluster_id*] This parameter does nothing # class glance::db::mysql( $password, @@ -14,56 +40,27 @@ class glance::db::mysql( $host = '127.0.0.1', $allowed_hosts = undef, $charset = 'utf8', - $collate = 'utf8_unicode_ci', + $collate = 'utf8_general_ci', $cluster_id = 'localzone', - $mysql_module = '0.9' + $mysql_module = undef, ) { - Class['glance::db::mysql'] -> Exec<| title == 'glance-manage db_sync' |> - - if ($mysql_module >= 2.2) { - require mysql::bindings - require mysql::bindings::python - Mysql_database[$dbname] ~> Exec<| title == 'glance-manage db_sync' |> - - mysql::db { $dbname: - user => $user, - password => $password, - host => $host, - charset => $charset, - collate => $collate, - require => Class['mysql::server'], - } - - } else { - require mysql::python - Database[$dbname] ~> Exec<| title == 'glance-manage db_sync' |> - - mysql::db { $dbname: - user => $user, - password => $password, - host => $host, - charset => $charset, - require => Class['mysql::config'], - } + if $mysql_module { + warning('The mysql_module parameter is deprecated. The latest 2.x mysql module will be used.') } - # Check allowed_hosts to avoid duplicate resource declarations - # If $host in $allowed_hosts, then remove it - if is_array($allowed_hosts) and delete($allowed_hosts,$host) != [] { - $real_allowed_hosts = delete($allowed_hosts,$host) - # If $host = $allowed_hosts, then set it to undef - } elsif is_string($allowed_hosts) and ($allowed_hosts != $host) { - $real_allowed_hosts = $allowed_hosts + validate_string($password) + + ::openstacklib::db::mysql { 'glance': + user => $user, + password_hash => mysql_password($password), + dbname => $dbname, + host => $host, + charset => $charset, + collate => $collate, + allowed_hosts => $allowed_hosts, } - if $real_allowed_hosts { - # TODO this class should be in the mysql namespace - glance::db::mysql::host_access { $real_allowed_hosts: - user => $user, - password => $password, - database => $dbname, - mysql_module => $mysql_module, - } - } + ::Openstacklib::Db::Mysql['glance'] ~> Exec<| title == 'glance-manage db_sync' |> + } diff --git a/deployment/puppet/glance/manifests/db/mysql/host_access.pp b/deployment/puppet/glance/manifests/db/mysql/host_access.pp deleted file mode 100644 index 2bbcfe7088..0000000000 --- a/deployment/puppet/glance/manifests/db/mysql/host_access.pp +++ /dev/null @@ -1,33 +0,0 @@ -# -# Used to grant access to the glance mysql DB -# -define glance::db::mysql::host_access ($user, $password, $database, $mysql_module = '0.9') { - - if ($mysql_module >= 2.2) { - mysql_user { "${user}@${name}": - password_hash => mysql_password($password), - require => Mysql_database[$database], - } - - mysql_grant { "${user}@${name}/${database}.*": - privileges => ['ALL'], - options => ['GRANT'], - provider => 'mysql', - table => "${database}.*", - require => Mysql_user["${user}@${name}"], - user => "${user}@${name}" - } - } else { - database_user { "${user}@${name}": - password_hash => mysql_password($password), - provider => 'mysql', - require => Database[$database], - } - database_grant { "${user}@${name}/${database}": - # TODO figure out which privileges to grant. - privileges => 'all', - provider => 'mysql', - require => Database_user["${user}@${name}"] - } - } -} diff --git a/deployment/puppet/glance/manifests/db/postgresql.pp b/deployment/puppet/glance/manifests/db/postgresql.pp index d063f234aa..47730bb597 100644 --- a/deployment/puppet/glance/manifests/db/postgresql.pp +++ b/deployment/puppet/glance/manifests/db/postgresql.pp @@ -1,21 +1,45 @@ +# == Class: glance::db::postgresql # # Class that configures postgresql for glance -# # Requires the Puppetlabs postgresql module. +# +# === Parameters +# +# [*password*] +# (Required) Password to connect to the database. +# +# [*dbname*] +# (Optional) Name of the database. +# Defaults to 'glance'. +# +# [*user*] +# (Optional) User to connect to the database. +# Defaults to 'glance'. +# +# [*encoding*] +# (Optional) The charset to use for the database. +# Default to undef. +# +# [*privileges*] +# (Optional) Privileges given to the database user. +# Default to 'ALL' +# class glance::db::postgresql( $password, - $dbname = 'glance', - $user = 'glance' + $dbname = 'glance', + $user = 'glance', + $encoding = undef, + $privileges = 'ALL', ) { - require postgresql::python - - Postgresql::Server::Db[$dbname] ~> Exec<| title == 'glance-manage db_sync' |> - Package['python-psycopg2'] -> Exec<| title == 'glance-manage db_sync' |> - - postgresql::server::db { $dbname: - user => $user, - password => $password, + ::openstacklib::db::postgresql { 'glance': + password_hash => postgresql_password($user, $password), + dbname => $dbname, + user => $user, + encoding => $encoding, + privileges => $privileges, } + ::Openstacklib::Db::Postgresql['glance'] ~> Exec<| title == 'glance-manage db_sync' |> + } diff --git a/deployment/puppet/glance/manifests/init.pp b/deployment/puppet/glance/manifests/init.pp index 6414f771aa..3b1042252e 100644 --- a/deployment/puppet/glance/manifests/init.pp +++ b/deployment/puppet/glance/manifests/init.pp @@ -1,26 +1,32 @@ +# == class: glance # -# base glacne config. +# base glance config. # -# == parameters -# * package_ensure - ensure state for package. +# === parameters: +# +# [*package_ensure*] +# (Optional) Ensure state for package. On Ubuntu this setting +# is ignored since Ubuntu has separate API and registry packages. +# Defaults to 'present' # class glance( $package_ensure = 'present' ) { - include glance::params + include ::glance::params file { '/etc/glance/': - ensure => directory, - owner => 'glance', - group => 'root', - mode => '0770', + ensure => directory, + owner => 'glance', + group => 'root', + mode => '0770', } if ( $glance::params::api_package_name == $glance::params::registry_package_name ) { package { $glance::params::api_package_name : ensure => $package_ensure, name => $::glance::params::package_name, + tag => ['openstack'], } } } diff --git a/deployment/puppet/glance/manifests/keystone/auth.pp b/deployment/puppet/glance/manifests/keystone/auth.pp index cdd6e8628f..68bc2a0b40 100644 --- a/deployment/puppet/glance/manifests/keystone/auth.pp +++ b/deployment/puppet/glance/manifests/keystone/auth.pp @@ -1,67 +1,209 @@ +# == Class: glance::keystone::auth # # Sets up glance users, service and endpoint # # == Parameters: # -# $auth_name :: identifier used for all keystone objects related to glance. -# Optional. Defaults to glance. -# $password :: password for glance user. Optional. Defaults to glance_password. -# $service_type :: type of service to create. Optional. Defaults to image. -# $public_address :: Public address for endpoint. Optional. Defaults to 127.0.0.1. -# $admin_address :: Admin address for endpoint. Optional. Defaults to 127.0.0.1. -# $inernal_address :: Internal address for endpoint. Optional. Defaults to 127.0.0.1. -# $port :: Port for endpoint. Needs to match glance api service port. Optional. -# Defaults to 9292. -# $region :: Region where endpoint is set. -# $public_protocol :: Protocol for public endpoint. Optional. Defaults to http. -# $admin_protocol :: Protocol for admin endpoint. Optional. Defaults to http. -# $internal_protocol :: Protocol for internal endpoint. Optional. Defaults to http. +# [*password*] +# Password for glance user. Required. +# +# [*email*] +# Email for glance user. Optional. Defaults to 'glance@localhost'. +# +# [*auth_name*] +# Username for glance service. Optional. Defaults to 'glance'. +# +# [*configure_endpoint*] +# Should glance endpoint be configured? Optional. Defaults to 'true'. +# +# [*configure_user*] +# Should the service user be configured? Optional. Defaults to 'true'. +# +# [*configure_user_role*] +# Should the admin role be configured for the service user? +# Optional. Defaults to 'true'. +# +# [*service_name*] +# Name of the service. Optional. +# Defaults to value of auth_name. +# +# [*service_type*] +# Type of service. Optional. Defaults to 'image'. +# +# [*service_description*] +# Description for keystone service. Optional. Defaults to 'OpenStack Image Service'. +# +# [*region*] +# Region for endpoint. Optional. Defaults to 'RegionOne'. +# +# [*tenant*] +# Tenant for glance user. Optional. Defaults to 'services'. +# +# [*public_url*] +# (optional) The endpoint's public url. (Defaults to 'http://127.0.0.1:9292') +# This url should *not* contain any trailing '/'. +# +# [*admin_url*] +# (optional) The endpoint's admin url. (Defaults to 'http://127.0.0.1:9292') +# This url should *not* contain any trailing '/'. +# +# [*internal_url*] +# (optional) The endpoint's internal url. (Defaults to 'http://127.0.0.1:9292') +# This url should *not* contain any trailing '/'. +# +# [*port*] +# (optional) DEPRECATED: Use public_url, internal_url and admin_url instead. +# Default port for endpoints. (Defaults to 9292) +# Setting this parameter overrides public_url, internal_url and admin_url parameters. +# +# [*public_protocol*] +# (optional) DEPRECATED: Use public_url instead. +# Protocol for public endpoint. (Defaults to 'http') +# Setting this parameter overrides public_url parameter. +# +# [*public_address*] +# (optional) DEPRECATED: Use public_url instead. +# Public address for endpoint. (Defaults to '127.0.0.1') +# Setting this parameter overrides public_url parameter. +# +# [*internal_protocol*] +# (optional) DEPRECATED: Use internal_url instead. +# Protocol for internal endpoint. (Defaults to 'http') +# Setting this parameter overrides internal_url parameter. +# +# [*internal_address*] +# (optional) DEPRECATED: Use internal_url instead. +# Internal address for endpoint. (Defaults to '127.0.0.1') +# Setting this parameter overrides internal_url parameter. +# +# [*admin_protocol*] +# (optional) DEPRECATED: Use admin_url instead. +# Protocol for admin endpoint. (Defaults to 'http') +# Setting this parameter overrides admin_url parameter. +# +# [*admin_address*] +# (optional) DEPRECATED: Use admin_url instead. +# Admin address for endpoint. (Defaults to '127.0.0.1') +# Setting this parameter overrides admin_url parameter. +# +# === Deprecation notes +# +# If any value is provided for public_protocol, public_address or port parameters, +# public_url will be completely ignored. The same applies for internal and admin parameters. +# +# === Examples +# +# class { 'glance::keystone::auth': +# public_url => 'https://10.0.0.10:9292', +# internal_url => 'https://10.0.0.11:9292', +# admin_url => 'https://10.0.0.11:9292', +# } # class glance::keystone::auth( $password, - $email = 'glance@localhost', - $auth_name = 'glance', - $configure_endpoint = true, - $service_type = 'image', - $public_address = '127.0.0.1', - $admin_address = '127.0.0.1', - $internal_address = '127.0.0.1', - $port = '9292', - $region = 'RegionOne', - $tenant = 'services', - $public_protocol = 'http', - $admin_protocol = 'http', - $internal_protocol = 'http' + $email = 'glance@localhost', + $auth_name = 'glance', + $configure_endpoint = true, + $configure_user = true, + $configure_user_role = true, + $service_name = undef, + $service_type = 'image', + $region = 'RegionOne', + $tenant = 'services', + $service_description = 'OpenStack Image Service', + $public_url = 'http://127.0.0.1:9292', + $admin_url = 'http://127.0.0.1:9292', + $internal_url = 'http://127.0.0.1:9292', + # DEPRECATED PARAMETERS + $port = undef, + $public_protocol = undef, + $public_address = undef, + $internal_protocol = undef, + $internal_address = undef, + $admin_protocol = undef, + $admin_address = undef, ) { - Keystone_user_role["${auth_name}@${tenant}"] ~> Service <| name == 'glance-registry' |> - Keystone_user_role["${auth_name}@${tenant}"] ~> Service <| name == 'glance-api' |> - Keystone_endpoint["${region}/${auth_name}"] ~> Service <| name == 'glance-api' |> - - keystone_user { $auth_name: - ensure => present, - password => $password, - email => $email, - tenant => $tenant, + if $port { + warning('The port parameter is deprecated, use public_url, internal_url and admin_url instead.') } - keystone_user_role { "${auth_name}@${tenant}": - ensure => present, - roles => 'admin', + if $public_protocol { + warning('The public_protocol parameter is deprecated, use public_url instead.') } - keystone_service { $auth_name: - ensure => present, - type => $service_type, - description => 'Openstack Image Service', + if $internal_protocol { + warning('The internal_protocol parameter is deprecated, use internal_url instead.') } + if $admin_protocol { + warning('The admin_protocol parameter is deprecated, use admin_url instead.') + } + + if $public_address { + warning('The public_address parameter is deprecated, use public_url instead.') + } + + if $internal_address { + warning('The internal_address parameter is deprecated, use internal_url instead.') + } + + if $admin_address { + warning('The admin_address parameter is deprecated, use admin_url instead.') + } + + if ($public_protocol or $public_address or $port) { + $public_url_real = sprintf('%s://%s:%s', + pick($public_protocol, 'http'), + pick($public_address, '127.0.0.1'), + pick($port, '9292')) + } else { + $public_url_real = $public_url + } + + if ($admin_protocol or $admin_address or $port) { + $admin_url_real = sprintf('%s://%s:%s', + pick($admin_protocol, 'http'), + pick($admin_address, '127.0.0.1'), + pick($port, '9292')) + } else { + $admin_url_real = $admin_url + } + + if ($internal_protocol or $internal_address or $port) { + $internal_url_real = sprintf('%s://%s:%s', + pick($internal_protocol, 'http'), + pick($internal_address, '127.0.0.1'), + pick($port, '9292')) + } else { + $internal_url_real = $internal_url + } + + $real_service_name = pick($service_name, $auth_name) + if $configure_endpoint { - keystone_endpoint { "${region}/${auth_name}": - ensure => present, - public_url => "${public_protocol}://${public_address}:${port}", - admin_url => "${admin_protocol}://${admin_address}:${port}", - internal_url => "${internal_protocol}://${internal_address}:${port}", - } + Keystone_endpoint["${region}/${real_service_name}"] ~> Service <| name == 'glance-api' |> } + + keystone::resource::service_identity { $auth_name: + configure_user => $configure_user, + configure_user_role => $configure_user_role, + configure_endpoint => $configure_endpoint, + service_type => $service_type, + service_description => $service_description, + service_name => $real_service_name, + region => $region, + password => $password, + email => $email, + tenant => $tenant, + public_url => $public_url_real, + admin_url => $admin_url_real, + internal_url => $internal_url_real, + } + + if $configure_user_role { + Keystone_user_role["${auth_name}@${tenant}"] ~> Service <| name == 'glance-registry' |> + Keystone_user_role["${auth_name}@${tenant}"] ~> Service <| name == 'glance-api' |> + } + } diff --git a/deployment/puppet/glance/manifests/notify/qpid.pp b/deployment/puppet/glance/manifests/notify/qpid.pp index 8e4034e9a1..c6a9ebe3cd 100644 --- a/deployment/puppet/glance/manifests/notify/qpid.pp +++ b/deployment/puppet/glance/manifests/notify/qpid.pp @@ -1,6 +1,28 @@ +# == Class: glance::notify::qpid # # used to configure qpid notifications for glance # +# === Parameters: +# +# [*qpid_password*] +# (required) Password to connect to the qpid server. +# +# [*qpid_username*] +# (Optional) User to connect to the qpid server. +# Defaults to 'guest'. +# +# [*qpid_hostname*] +# (Optional) IP or hostname of the qpid server. +# Defaults to 'localhost'. +# +# [*qpid_port*] +# (Optional) Port of the qpid server. +# Defaults to 5672. +# +# [*qpid_protocol*] +# (Optional) Protocol to use for qpid (tcp/ssl). +# Defaults to tcp. +# class glance::notify::qpid( $qpid_password, $qpid_username = 'guest', @@ -15,7 +37,7 @@ class glance::notify::qpid( 'DEFAULT/qpid_port': value => $qpid_port; 'DEFAULT/qpid_protocol': value => $qpid_protocol; 'DEFAULT/qpid_username': value => $qpid_username; - 'DEFAULT/qpid_password': value => $qpid_password; + 'DEFAULT/qpid_password': value => $qpid_password, secret => true; } } diff --git a/deployment/puppet/glance/manifests/notify/rabbitmq.pp b/deployment/puppet/glance/manifests/notify/rabbitmq.pp index 4aa86f6b1b..a554349269 100644 --- a/deployment/puppet/glance/manifests/notify/rabbitmq.pp +++ b/deployment/puppet/glance/manifests/notify/rabbitmq.pp @@ -3,37 +3,59 @@ # # [*rabbit_password*] # password to connect to the rabbit_server. +# # [*rabbit_userid*] # user to connect to the rabbit server. Optional. Defaults to 'guest' +# # [*rabbit_host*] # ip or hostname of the rabbit server. Optional. Defaults to 'localhost' +# +# [*rabbit_hosts*] +# (Optional) IP or hostname of the rabbits servers. +# comma separated array (ex: ['1.0.0.10:5672','1.0.0.11:5672']) +# Defaults to false. +# # [*rabbit_port*] # port of the rabbit server. Optional. Defaults to 5672. +# # [*rabbit_virtual_host*] # virtual_host to use. Optional. Defaults to '/' +# # [*rabbit_use_ssl*] # (optional) Connect over SSL for RabbitMQ # Defaults to false +# # [*kombu_ssl_ca_certs*] # (optional) SSL certification authority file (valid only if SSL enabled). # Defaults to undef +# # [*kombu_ssl_certfile*] # (optional) SSL cert file (valid only if SSL enabled). # Defaults to undef +# # [*kombu_ssl_keyfile*] # (optional) SSL key file (valid only if SSL enabled). # Defaults to undef +# # [*kombu_ssl_version*] # (optional) SSL version to use (valid only if SSL enabled). # Valid values are TLSv1, SSLv23 and SSLv3. SSLv2 may be # available on some distributions. -# Defaults to 'SSLv3' +# Defaults to 'TLSv1' +# # [*rabbit_notification_exchange*] # Defaults to 'glance' +# # [*rabbit_notification_topic*] # Defaults to 'notifications' +# # [*rabbit_durable_queues*] # Defaults to false +# +# [*amqp_durable_queues*] +# (Optional) Use durable queues in broker. +# Defaults to false. +# # [*notification_driver*] # Notification driver to use. Defaults to 'messaging'. @@ -48,7 +70,7 @@ class glance::notify::rabbitmq( $kombu_ssl_ca_certs = undef, $kombu_ssl_certfile = undef, $kombu_ssl_keyfile = undef, - $kombu_ssl_version = 'SSLv3', + $kombu_ssl_version = 'TLSv1', $rabbit_notification_exchange = 'glance', $rabbit_notification_topic = 'notifications', $rabbit_durable_queues = false, @@ -65,55 +87,55 @@ class glance::notify::rabbitmq( if $rabbit_hosts { glance_api_config { - 'DEFAULT/rabbit_hosts': value => join($rabbit_hosts, ','); - 'DEFAULT/rabbit_ha_queues': value => true + 'oslo_messaging_rabbit/rabbit_hosts': value => join($rabbit_hosts, ','); + 'oslo_messaging_rabbit/rabbit_ha_queues': value => true } } else { glance_api_config { - 'DEFAULT/rabbit_host': value => $rabbit_host; - 'DEFAULT/rabbit_port': value => $rabbit_port; - 'DEFAULT/rabbit_hosts': value => "${rabbit_host}:${rabbit_port}"; - 'DEFAULT/rabbit_ha_queues': value => false + 'oslo_messaging_rabbit/rabbit_host': value => $rabbit_host; + 'oslo_messaging_rabbit/rabbit_port': value => $rabbit_port; + 'oslo_messaging_rabbit/rabbit_hosts': value => "${rabbit_host}:${rabbit_port}"; + 'oslo_messaging_rabbit/rabbit_ha_queues': value => false } } glance_api_config { 'DEFAULT/notification_driver': value => $notification_driver; - 'DEFAULT/rabbit_virtual_host': value => $rabbit_virtual_host; - 'DEFAULT/rabbit_password': value => $rabbit_password; - 'DEFAULT/rabbit_userid': value => $rabbit_userid; - 'DEFAULT/rabbit_notification_exchange': value => $rabbit_notification_exchange; - 'DEFAULT/rabbit_notification_topic': value => $rabbit_notification_topic; - 'DEFAULT/rabbit_use_ssl': value => $rabbit_use_ssl; + 'oslo_messaging_rabbit/rabbit_virtual_host': value => $rabbit_virtual_host; + 'oslo_messaging_rabbit/rabbit_password': value => $rabbit_password, secret => true; + 'oslo_messaging_rabbit/rabbit_userid': value => $rabbit_userid; + 'oslo_messaging_rabbit/rabbit_notification_exchange': value => $rabbit_notification_exchange; + 'oslo_messaging_rabbit/rabbit_notification_topic': value => $rabbit_notification_topic; + 'oslo_messaging_rabbit/rabbit_use_ssl': value => $rabbit_use_ssl; 'DEFAULT/amqp_durable_queues': value => $amqp_durable_queues_real; } if $rabbit_use_ssl { - glance_api_config { 'DEFAULT/kombu_ssl_version': value => $kombu_ssl_version } + glance_api_config { 'oslo_messaging_rabbit/kombu_ssl_version': value => $kombu_ssl_version } if $kombu_ssl_ca_certs { - glance_api_config { 'DEFAULT/kombu_ssl_ca_certs': value => $kombu_ssl_ca_certs } + glance_api_config { 'oslo_messaging_rabbit/kombu_ssl_ca_certs': value => $kombu_ssl_ca_certs } } else { - glance_api_config { 'DEFAULT/kombu_ssl_ca_certs': ensure => absent} + glance_api_config { 'oslo_messaging_rabbit/kombu_ssl_ca_certs': ensure => absent} } if $kombu_ssl_certfile { - glance_api_config { 'DEFAULT/kombu_ssl_certfile': value => $kombu_ssl_certfile } + glance_api_config { 'oslo_messaging_rabbit/kombu_ssl_certfile': value => $kombu_ssl_certfile } } else { - glance_api_config { 'DEFAULT/kombu_ssl_certfile': ensure => absent} + glance_api_config { 'oslo_messaging_rabbit/kombu_ssl_certfile': ensure => absent} } if $kombu_ssl_keyfile { - glance_api_config { 'DEFAULT/kombu_ssl_keyfile': value => $kombu_ssl_keyfile } + glance_api_config { 'oslo_messaging_rabbit/kombu_ssl_keyfile': value => $kombu_ssl_keyfile } } else { - glance_api_config { 'DEFAULT/kombu_ssl_keyfile': ensure => absent} + glance_api_config { 'oslo_messaging_rabbit/kombu_ssl_keyfile': ensure => absent} } } else { glance_api_config { - 'DEFAULT/kombu_ssl_version': ensure => absent; - 'DEFAULT/kombu_ssl_ca_certs': ensure => absent; - 'DEFAULT/kombu_ssl_certfile': ensure => absent; - 'DEFAULT/kombu_ssl_keyfile': ensure => absent; + 'oslo_messaging_rabbit/kombu_ssl_version': ensure => absent; + 'oslo_messaging_rabbit/kombu_ssl_ca_certs': ensure => absent; + 'oslo_messaging_rabbit/kombu_ssl_certfile': ensure => absent; + 'oslo_messaging_rabbit/kombu_ssl_keyfile': ensure => absent; } if ($kombu_ssl_keyfile or $kombu_ssl_certfile or $kombu_ssl_ca_certs) { notice('Configuration of certificates with $rabbit_use_ssl == false is a useless config') diff --git a/deployment/puppet/glance/manifests/params.pp b/deployment/puppet/glance/manifests/params.pp index 746cdbc414..6fbed16a2a 100644 --- a/deployment/puppet/glance/manifests/params.pp +++ b/deployment/puppet/glance/manifests/params.pp @@ -3,7 +3,6 @@ class glance::params { $client_package_name = 'python-glanceclient' - $pyceph_package_name = 'python-ceph' $cache_cleaner_command = 'glance-cache-cleaner' $cache_pruner_command = 'glance-cache-pruner' @@ -14,14 +13,20 @@ class glance::params { $registry_package_name = 'openstack-glance' $api_service_name = 'openstack-glance-api' $registry_service_name = 'openstack-glance-registry' - $db_sync_command = 'glance-manage db_sync' + $db_sync_command = 'glance-manage --config-file=/etc/glance/glance-registry.conf db_sync' + if ($::operatingsystem != 'fedora' and versioncmp($::operatingsystemrelease, '7') < 0) { + $pyceph_package_name = 'python-ceph' + } else { + $pyceph_package_name = 'python-rbd' + } } 'Debian': { $api_package_name = 'glance-api' $registry_package_name = 'glance-registry' $api_service_name = 'glance-api' $registry_service_name = 'glance-registry' - $db_sync_command = 'glance-manage db_sync' + $db_sync_command = 'glance-manage --config-file=/etc/glance/glance-registry.conf db_sync' + $pyceph_package_name = 'python-ceph' } default: { fail("Unsupported osfamily: ${::osfamily} operatingsystem: ${::operatingsystem}, module ${module_name} only support osfamily RedHat and Debian") diff --git a/deployment/puppet/glance/manifests/policy.pp b/deployment/puppet/glance/manifests/policy.pp new file mode 100644 index 0000000000..bf1d8e45d6 --- /dev/null +++ b/deployment/puppet/glance/manifests/policy.pp @@ -0,0 +1,39 @@ +# == Class: glance::policy +# +# Configure the glance policies +# +# === Parameters +# +# [*policies*] +# (optional) Set of policies to configure for glance +# Example : +# { +# 'glance-context_is_admin' => { +# 'key' => 'context_is_admin', +# 'value' => 'true' +# }, +# 'glance-default' => { +# 'key' => 'default', +# 'value' => 'rule:admin_or_owner' +# } +# } +# Defaults to empty hash. +# +# [*policy_path*] +# (optional) Path to the glance policy.json file +# Defaults to /etc/glance/policy.json +# +class glance::policy ( + $policies = {}, + $policy_path = '/etc/glance/policy.json', +) { + + validate_hash($policies) + + Openstacklib::Policy::Base { + file_path => $policy_path, + } + + create_resources('openstacklib::policy::base', $policies) + +} diff --git a/deployment/puppet/glance/manifests/registry.pp b/deployment/puppet/glance/manifests/registry.pp index 4b06f8a656..00fd78ac45 100644 --- a/deployment/puppet/glance/manifests/registry.pp +++ b/deployment/puppet/glance/manifests/registry.pp @@ -7,6 +7,11 @@ # [*keystone_password*] # (required) The keystone password for administrative user # +# [*package_ensure*] +# (optional) Ensure state for package. Defaults to 'present'. On RedHat +# platforms this setting is ignored and the setting from the glance class is +# used because there is only one glance package. +# # [*verbose*] # (optional) Enable verbose logs (true|false). Defaults to false. # @@ -29,31 +34,32 @@ # If set to boolean false, it will not log to any directory. # Defaults to '/var/log/glance' # -# [*sql_connection*] -# (optional) SQL connection string. -# Defaults to 'sqlite:///var/lib/glance/glance.sqlite'. +# [*database_connection*] +# (optional) Connection url to connect to nova database. +# Defaults to 'sqlite:///var/lib/glance/glance.sqlite' # -# [*sql_idle_timeout*] -# (optional) SQL connections idle timeout. Defaults to '3600'. +# [*database_idle_timeout*] +# (optional) Timeout before idle db connections are reaped. +# Defaults to 3600 # # [*auth_type*] # (optional) Authentication type. Defaults to 'keystone'. # # [*auth_host*] -# (optional) Address of the admin authentication endpoint. +# (optional) DEPRECATED Address of the admin authentication endpoint. # Defaults to '127.0.0.1'. # # [*auth_port*] -# (optional) Port of the admin authentication endpoint. Defaults to '35357'. +# (optional) DEPRECATED Port of the admin authentication endpoint. Defaults to '35357'. # # [*auth_admin_prefix*] -# (optional) path part of the auth url. +# (optional) DEPRECATED path part of the auth url. # This allow admin auth URIs like http://auth_host:35357/keystone/admin. # (where '/keystone/admin' is auth_admin_prefix) # Defaults to false for empty. If defined, should be a string with a leading '/' and no trailing '/'. # # [*auth_protocol*] -# (optional) Protocol to communicate with the admin authentication endpoint. +# (optional) DEPRECATED Protocol to communicate with the admin authentication endpoint. # Defaults to 'http'. Should be 'http' or 'https'. # # [*auth_uri*] @@ -61,6 +67,7 @@ # # [*identity_uri*] # (optional) Complete admin Identity API endpoint. +# Defaults to: false # # [*keystone_tenant*] # (optional) administrative tenant name to connect to keystone. @@ -70,6 +77,11 @@ # (optional) administrative user name to connect to keystone. # Defaults to 'glance'. # +# [*pipeline*] +# (optional) Partial name of a pipeline in your paste configuration +# file with the service name removed. +# Defaults to 'keystone'. +# # [*use_syslog*] # (optional) Use syslog for logging. # Defaults to false. @@ -78,8 +90,13 @@ # (optional) Syslog facility to receive log lines. # Defaults to LOG_USER. # +# [*manage_service*] +# (optional) If Puppet should manage service startup / shutdown. +# Defaults to true. +# # [*enabled*] -# (optional) Should the service be enabled. Defaults to true. +# (optional) Should the service be enabled. +# Defaults to true. # # [*purge_config*] # (optional) Whether to create only the specified config values in @@ -98,52 +115,64 @@ # (optional) CA certificate file to use to verify connecting clients # Defaults to false, not set # +# [*sync_db*] +# (Optional) Run db sync on the node. +# Defaults to true +# # [*mysql_module*] -# (optional) The version of puppet-mysql to use. Tested versions -# include 0.9 and 2.2 -# Defaults to '0.9' +# (optional) Deprecated. Does nothing. # class glance::registry( $keystone_password, - $verbose = false, - $debug = false, - $bind_host = '0.0.0.0', - $bind_port = '9191', - $log_file = '/var/log/glance/registry.log', - $log_dir = '/var/log/glance', - $sql_connection = 'sqlite:///var/lib/glance/glance.sqlite', - $sql_idle_timeout = '3600', - $auth_type = 'keystone', - $auth_host = '127.0.0.1', - $auth_port = '35357', - $auth_admin_prefix = false, - $auth_uri = false, - $identity_uri = false, - $auth_protocol = 'http', - $keystone_tenant = 'services', - $keystone_user = 'glance', - $pipeline = 'keystone', - $use_syslog = false, - $log_facility = 'LOG_USER', - $enabled = true, - $purge_config = false, - $cert_file = false, - $key_file = false, - $ca_file = false, - $mysql_module = '0.9', + $package_ensure = 'present', + $verbose = false, + $debug = false, + $bind_host = '0.0.0.0', + $bind_port = '9191', + $log_file = '/var/log/glance/registry.log', + $log_dir = '/var/log/glance', + $database_connection = 'sqlite:///var/lib/glance/glance.sqlite', + $database_idle_timeout = 3600, + $auth_type = 'keystone', + $auth_uri = false, + $identity_uri = false, + $keystone_tenant = 'services', + $keystone_user = 'glance', + $pipeline = 'keystone', + $use_syslog = false, + $log_facility = 'LOG_USER', + $manage_service = true, + $enabled = true, + $purge_config = false, + $cert_file = false, + $key_file = false, + $ca_file = false, + $sync_db = true, + # DEPRECATED PARAMETERS + $mysql_module = undef, + $auth_host = '127.0.0.1', + $auth_port = '35357', + $auth_admin_prefix = false, + $auth_protocol = 'http', ) inherits glance { require keystone::python - validate_re($sql_connection, '(sqlite|mysql|postgresql):\/\/(\S+:\S+@\S+\/\S+)?') + if $mysql_module { + warning('The mysql_module parameter is deprecated. The latest 2.x mysql module will be used.') + } if ( $glance::params::api_package_name != $glance::params::registry_package_name ) { - ensure_packages([$glance::params::registry_package_name]) + ensure_packages( [$glance::params::registry_package_name], + { + ensure => $package_ensure, + tag => ['openstack'], + } + ) } Package[$glance::params::registry_package_name] -> File['/etc/glance/'] Package[$glance::params::registry_package_name] -> Glance_registry_config<||> - Package[$glance::params::registry_package_name] ~> Service['glance-registry'] Glance_registry_config<||> ~> Exec<| title == 'glance-manage db_sync' |> Glance_registry_config<||> ~> Service['glance-registry'] @@ -157,18 +186,21 @@ class glance::registry( require => Class['glance'] } - if($sql_connection =~ /mysql:\/\/\S+:\S+@\S+\/\S+/) { - if ($mysql_module >= 2.2) { - require mysql::bindings::python + if $database_connection { + if($database_connection =~ /mysql:\/\/\S+:\S+@\S+\/\S+/) { + require 'mysql::bindings' + require 'mysql::bindings::python' + } elsif($database_connection =~ /postgresql:\/\/\S+:\S+@\S+\/\S+/) { + + } elsif($database_connection =~ /sqlite:\/\//) { + } else { - require mysql::python + fail("Invalid db connection ${database_connection}") + } + glance_registry_config { + 'database/connection': value => $database_connection, secret => true; + 'database/idle_timeout': value => $database_idle_timeout; } - } elsif($sql_connection =~ /postgresql:\/\/\S+:\S+@\S+\/\S+/) { - - } elsif($sql_connection =~ /sqlite:\/\//) { - - } else { - fail("Invalid db connection ${sql_connection}") } glance_registry_config { @@ -178,9 +210,10 @@ class glance::registry( 'DEFAULT/bind_port': value => $bind_port; } - glance_registry_config { - 'DEFAULT/sql_connection': value => $sql_connection; - 'DEFAULT/sql_idle_timeout': value => $sql_idle_timeout; + if $identity_uri { + glance_registry_config { 'keystone_authtoken/identity_uri': value => $identity_uri; } + } else { + glance_registry_config { 'keystone_authtoken/identity_uri': ensure => absent; } } if $auth_uri { @@ -189,30 +222,45 @@ class glance::registry( glance_registry_config { 'keystone_authtoken/auth_uri': value => "${auth_protocol}://${auth_host}:5000/"; } } - # auth config - if $identity_uri { - glance_registry_config { 'keystone_authtoken/identity_uri': value => $identity_uri; } - } else { - if $auth_admin_prefix { - glance_registry_config { 'keystone_authtoken/identity_uri': value => "${auth_protocol}://${auth_host}:${auth_port}/${auth_admin_prefix}"; } + # if both auth_uri and identity_uri are set we skip these deprecated settings entirely + if !$auth_uri or !$identity_uri { + + if $auth_host { + warning('The auth_host parameter is deprecated. Please use auth_uri and identity_uri instead.') + glance_registry_config { 'keystone_authtoken/auth_host': value => $auth_host; } } else { - glance_registry_config { 'keystone_authtoken/identity_uri': value => "${auth_protocol}://${auth_host}:${auth_port}/"; } + glance_registry_config { 'keystone_authtoken/auth_host': ensure => absent; } } - } - glance_registry_config { - 'keystone_authtoken/auth_host': value => $auth_host; - 'keystone_authtoken/auth_port': value => $auth_port; - 'keystone_authtoken/auth_protocol': value => $auth_protocol; - } - - if $auth_admin_prefix { - validate_re($auth_admin_prefix, '^(/.+[^/])?$') - glance_registry_config { - 'keystone_authtoken/auth_admin_prefix': value => $auth_admin_prefix; + if $auth_port { + warning('The auth_port parameter is deprecated. Please use auth_uri and identity_uri instead.') + glance_registry_config { 'keystone_authtoken/auth_port': value => $auth_port; } + } else { + glance_registry_config { 'keystone_authtoken/auth_port': ensure => absent; } } + + if $auth_protocol { + warning('The auth_protocol parameter is deprecated. Please use auth_uri and identity_uri instead.') + glance_registry_config { 'keystone_authtoken/auth_protocol': value => $auth_protocol; } + } else { + glance_registry_config { 'keystone_authtoken/auth_protocol': ensure => absent; } + } + + if $auth_admin_prefix { + warning('The auth_admin_prefix parameter is deprecated. Please use auth_uri and identity_uri instead.') + validate_re($auth_admin_prefix, '^(/.+[^/])?$') + glance_registry_config { + 'keystone_authtoken/auth_admin_prefix': value => $auth_admin_prefix; + } + } else { + glance_registry_config { 'keystone_authtoken/auth_admin_prefix': ensure => absent; } + } + } else { glance_registry_config { + 'keystone_authtoken/auth_host': ensure => absent; + 'keystone_authtoken/auth_port': ensure => absent; + 'keystone_authtoken/auth_protocol': ensure => absent; 'keystone_authtoken/auth_admin_prefix': ensure => absent; } } @@ -234,7 +282,7 @@ class glance::registry( glance_registry_config { 'keystone_authtoken/admin_tenant_name': value => $keystone_tenant; 'keystone_authtoken/admin_user' : value => $keystone_user; - 'keystone_authtoken/admin_password' : value => $keystone_password; + 'keystone_authtoken/admin_password' : value => $keystone_password, secret => true; } } @@ -308,8 +356,7 @@ class glance::registry( '/etc/glance/glance-registry-paste.ini']: } - if $enabled { - + if $sync_db { Exec['glance-manage db_sync'] ~> Service['glance-registry'] exec { 'glance-manage db_sync': @@ -320,9 +367,16 @@ class glance::registry( logoutput => on_failure, subscribe => [Package[$glance::params::registry_package_name], File['/etc/glance/glance-registry.conf']], } - $service_ensure = 'running' + } + + if $manage_service { + if $enabled { + $service_ensure = 'running' + } else { + $service_ensure = 'stopped' + } } else { - $service_ensure = 'stopped' + warning('Execution of db_sync does not depend on $manage_service or $enabled anymore. Please use sync_db instead.') } service { 'glance-registry': diff --git a/deployment/puppet/glance/metadata.json b/deployment/puppet/glance/metadata.json new file mode 100644 index 0000000000..33e1556448 --- /dev/null +++ b/deployment/puppet/glance/metadata.json @@ -0,0 +1,39 @@ +{ + "name": "stackforge-glance", + "version": "5.1.0", + "author": "Puppet Labs and OpenStack Contributors", + "summary": "Puppet module for OpenStack Glance", + "license": "Apache-2.0", + "source": "git://github.com/openstack/puppet-glance.git", + "project_page": "https://launchpad.net/puppet-glance", + "issues_url": "https://bugs.launchpad.net/puppet-glance", + "requirements": [ + { "name": "pe","version_requirement": "3.x" }, + { "name": "puppet","version_requirement": "3.x" } + ], + "operatingsystem_support": [ + { + "operatingsystem": "Debian", + "operatingsystemrelease": ["7"] + }, + { + "operatingsystem": "Fedora", + "operatingsystemrelease": ["20"] + }, + { + "operatingsystem": "RedHat", + "operatingsystemrelease": ["6.5","7"] + }, + { + "operatingsystem": "Ubuntu", + "operatingsystemrelease": ["12.04","14.04"] + } + ], + "description": "Installs and configures OpenStack Glance (Image Service).", + "dependencies": [ + { "name": "puppetlabs/inifile", "version_requirement": ">=1.0.0 <2.0.0" }, + { "name": "stackforge/keystone", "version_requirement": ">=5.0.0 <6.0.0" }, + { "name": "puppetlabs/stdlib", "version_requirement": ">=4.0.0 <5.0.0" }, + { "name": "stackforge/openstacklib", "version_requirement": ">=5.0.0 <6.0.0" } + ] +} diff --git a/deployment/puppet/glance/spec/acceptance/basic_glance_spec.rb b/deployment/puppet/glance/spec/acceptance/basic_glance_spec.rb new file mode 100644 index 0000000000..c60fcf18e6 --- /dev/null +++ b/deployment/puppet/glance/spec/acceptance/basic_glance_spec.rb @@ -0,0 +1,100 @@ +require 'spec_helper_acceptance' + +describe 'glance class' do + + context 'default parameters' do + + it 'should work with no errors' do + pp= <<-EOS + Exec { logoutput => 'on_failure' } + + # Common resources + case $::osfamily { + 'Debian': { + include ::apt + class { '::openstack_extras::repo::debian::ubuntu': + release => 'kilo', + package_require => true, + } + } + 'RedHat': { + class { '::openstack_extras::repo::redhat::redhat': + release => 'kilo', + } + package { 'openstack-selinux': ensure => 'latest' } + } + default: { + fail("Unsupported osfamily (${::osfamily})") + } + } + + class { '::mysql::server': } + + # Keystone resources, needed by Glance to run + class { '::keystone::db::mysql': + # https://bugs.launchpad.net/puppet-keystone/+bug/1446375 + collate => 'utf8_general_ci', + password => 'keystone', + } + class { '::keystone': + verbose => true, + debug => true, + database_connection => 'mysql://keystone:keystone@127.0.0.1/keystone', + admin_token => 'admin_token', + enabled => true, + } + class { '::keystone::roles::admin': + email => 'test@example.tld', + password => 'a_big_secret', + } + class { '::keystone::endpoint': + public_url => "https://${::fqdn}:5000/", + admin_url => "https://${::fqdn}:35357/", + } + + # Glance resources + include ::glance + include ::glance::client + class { '::glance::db::mysql': + # https://bugs.launchpad.net/puppet-glance/+bug/1446375 + collate => 'utf8_general_ci', + password => 'a_big_secret', + } + class { '::glance::keystone::auth': + password => 'a_big_secret', + } + class { '::glance::api': + database_connection => 'mysql://glance:a_big_secret@127.0.0.1/glance?charset=utf8', + verbose => false, + keystone_password => 'a_big_secret', + } + class { '::glance::registry': + database_connection => 'mysql://glance:a_big_secret@127.0.0.1/glance?charset=utf8', + verbose => false, + keystone_password => 'a_big_secret', + } + + glance_image { 'test_image': + ensure => present, + container_format => 'bare', + disk_format => 'qcow2', + is_public => 'yes', + source => 'http://download.cirros-cloud.net/0.3.1/cirros-0.3.1-x86_64-disk.img', + } + EOS + + # Run it twice and test for idempotency + apply_manifest(pp, :catch_failures => true) + apply_manifest(pp, :catch_changes => true) + end + + describe 'glance images' do + it 'should create a glance image' do + shell('openstack --os-username glance --os-password a_big_secret --os-tenant-name services --os-auth-url http://127.0.0.1:5000/v2.0 image list') do |r| + expect(r.stdout).to match(/test_image/) + expect(r.stderr).to be_empty + end + end + end + end +end diff --git a/deployment/puppet/glance/spec/acceptance/nodesets/default.yml b/deployment/puppet/glance/spec/acceptance/nodesets/default.yml new file mode 100644 index 0000000000..da9eac860d --- /dev/null +++ b/deployment/puppet/glance/spec/acceptance/nodesets/default.yml @@ -0,0 +1,10 @@ +HOSTS: + ubuntu-14.04-amd64: + roles: + - master + platform: ubuntu-14.04-amd64 + box : puppetlabs/ubuntu-14.04-64-nocm + box_url : https://vagrantcloud.com/puppetlabs/ubuntu-14.04-64-nocm + hypervisor : vagrant +CONFIG: + type: foss diff --git a/deployment/puppet/glance/spec/acceptance/nodesets/nodepool-centos7.yml b/deployment/puppet/glance/spec/acceptance/nodesets/nodepool-centos7.yml new file mode 100644 index 0000000000..575ae6732b --- /dev/null +++ b/deployment/puppet/glance/spec/acceptance/nodesets/nodepool-centos7.yml @@ -0,0 +1,10 @@ +HOSTS: + centos-70-x64: + roles: + - master + platform: el-7-x86_64 + hypervisor : none + ip: 127.0.0.1 +CONFIG: + type: foss + set_env: false diff --git a/deployment/puppet/glance/spec/acceptance/nodesets/nodepool-trusty.yml b/deployment/puppet/glance/spec/acceptance/nodesets/nodepool-trusty.yml new file mode 100644 index 0000000000..a95d9f38db --- /dev/null +++ b/deployment/puppet/glance/spec/acceptance/nodesets/nodepool-trusty.yml @@ -0,0 +1,10 @@ +HOSTS: + ubuntu-14.04-amd64: + roles: + - master + platform: ubuntu-14.04-amd64 + hypervisor : none + ip: 127.0.0.1 +CONFIG: + type: foss + set_env: false diff --git a/deployment/puppet/glance/spec/classes/glance_api_spec.rb b/deployment/puppet/glance/spec/classes/glance_api_spec.rb index 38fbf09e96..bdac287a05 100644 --- a/deployment/puppet/glance/spec/classes/glance_api_spec.rb +++ b/deployment/puppet/glance/spec/classes/glance_api_spec.rb @@ -11,58 +11,62 @@ describe 'glance::api' do let :default_params do { - :verbose => false, - :debug => false, - :bind_host => '0.0.0.0', - :bind_port => '9292', - :registry_host => '0.0.0.0', - :registry_port => '9191', - :log_file => '/var/log/glance/api.log', - :log_dir => '/var/log/glance', - :auth_type => 'keystone', - :enabled => true, - :backlog => '4096', - :workers => '7', - :auth_host => '127.0.0.1', - :auth_port => '35357', - :auth_protocol => 'http', - :auth_uri => 'http://127.0.0.1:5000/', - :identity_uri => 'http://127.0.0.1:35357/', - :keystone_tenant => 'services', - :keystone_user => 'glance', - :keystone_password => 'ChangeMe', - :sql_idle_timeout => '3600', - :sql_connection => 'sqlite:///var/lib/glance/glance.sqlite', - :show_image_direct_url => false, - :purge_config => false, - :mysql_module => '0.9', - :known_stores => false, + :verbose => false, + :debug => false, + :bind_host => '0.0.0.0', + :bind_port => '9292', + :registry_host => '0.0.0.0', + :registry_port => '9191', + :registry_client_protocol => 'http', + :log_file => '/var/log/glance/api.log', + :log_dir => '/var/log/glance', + :auth_type => 'keystone', + :enabled => true, + :manage_service => true, + :backlog => '4096', + :workers => '7', + :auth_host => '127.0.0.1', + :auth_port => '35357', + :auth_protocol => 'http', + :keystone_tenant => 'services', + :keystone_user => 'glance', + :keystone_password => 'ChangeMe', + :database_idle_timeout => '3600', + :database_connection => 'sqlite:///var/lib/glance/glance.sqlite', + :show_image_direct_url => false, + :purge_config => false, + :known_stores => false, + :image_cache_dir => '/var/lib/glance/image-cache', + :os_region_name => 'RegionOne', + :pipeline => 'keystone', } end [{:keystone_password => 'ChangeMe'}, { - :verbose => true, - :debug => true, - :bind_host => '127.0.0.1', - :bind_port => '9222', - :registry_host => '127.0.0.1', - :registry_port => '9111', - :auth_type => 'not_keystone', - :enabled => false, - :backlog => '4095', - :workers => '5', - :auth_host => '127.0.0.2', - :auth_port => '35358', - :auth_protocol => 'https', - :auth_uri => 'https://127.0.0.2:5000/v2.0/', - :identity_uri => 'https://127.0.0.2:35358/', - :keystone_tenant => 'admin2', - :keystone_user => 'admin2', - :keystone_password => 'ChangeMe2', - :sql_idle_timeout => '36002', - :sql_connection => 'mysql:///var:lib@glance/glance', - :show_image_direct_url => true + :verbose => true, + :debug => true, + :bind_host => '127.0.0.1', + :bind_port => '9222', + :registry_host => '127.0.0.1', + :registry_port => '9111', + :registry_client_protocol => 'https', + :auth_type => 'not_keystone', + :enabled => false, + :backlog => '4095', + :workers => '5', + :auth_host => '127.0.0.2', + :auth_port => '35358', + :auth_protocol => 'https', + :keystone_tenant => 'admin2', + :keystone_user => 'admin2', + :keystone_password => 'ChangeMe2', + :database_idle_timeout => '36002', + :database_connection => 'mysql:///var:lib@glance/glance', + :show_image_direct_url => true, + :image_cache_dir => '/tmp/glance', + :os_region_name => 'RegionOne2', + :pipeline => 'keystone2', } ].each do |param_set| @@ -76,16 +80,20 @@ describe 'glance::api' do param_set end - it { should contain_class 'glance' } + it { is_expected.to contain_class 'glance' } + it { is_expected.to contain_class 'glance::policy' } - it { should contain_service('glance-api').with( - 'ensure' => param_hash[:enabled] ? 'running': 'stopped', + it { is_expected.to contain_service('glance-api').with( + 'ensure' => (param_hash[:manage_service] && param_hash[:enabled]) ? 'running': 'stopped', 'enable' => param_hash[:enabled], 'hasstatus' => true, 'hasrestart' => true ) } - it 'should lay down default api config' do + it { is_expected.to_not contain_exec('validate_nova_api') } + it { is_expected.to contain_glance_api_config("paste_deploy/flavor").with_value(param_hash[:pipeline]) } + + it 'is_expected.to lay down default api config' do [ 'verbose', 'debug', @@ -93,68 +101,101 @@ describe 'glance::api' do 'bind_port', 'registry_host', 'registry_port', - 'show_image_direct_url' + 'registry_client_protocol', + 'show_image_direct_url', ].each do |config| - should contain_glance_api_config("DEFAULT/#{config}").with_value(param_hash[config.intern]) + is_expected.to contain_glance_api_config("DEFAULT/#{config}").with_value(param_hash[config.intern]) end end - it 'should lay down default cache config' do + it 'is_expected.to lay down default cache config' do [ 'verbose', 'debug', 'registry_host', - 'registry_port' + 'registry_port', ].each do |config| - should contain_glance_cache_config("DEFAULT/#{config}").with_value(param_hash[config.intern]) + is_expected.to contain_glance_cache_config("DEFAULT/#{config}").with_value(param_hash[config.intern]) end end - it 'should config db' do - should contain_glance_api_config('DEFAULT/sql_connection').with_value(param_hash[:sql_connection]) - should contain_glance_api_config('DEFAULT/sql_idle_timeout').with_value(param_hash[:sql_idle_timeout]) + it 'is_expected.to lay down default glance_store api and cache config' do + [ + 'os_region_name', + ].each do |config| + is_expected.to contain_glance_cache_config("glance_store/#{config}").with_value(param_hash[config.intern]) + is_expected.to contain_glance_api_config("glance_store/#{config}").with_value(param_hash[config.intern]) + end end - it 'should have no ssl options' do - should contain_glance_api_config('DEFAULT/ca_file').with_ensure('absent') - should contain_glance_api_config('DEFAULT/cert_file').with_ensure('absent') - should contain_glance_api_config('DEFAULT/key_file').with_ensure('absent') + it 'is_expected.to config db' do + is_expected.to contain_glance_api_config('database/connection').with_value(param_hash[:database_connection]) + is_expected.to contain_glance_api_config('database/connection').with_value(param_hash[:database_connection]).with_secret(true) + is_expected.to contain_glance_api_config('database/idle_timeout').with_value(param_hash[:database_idle_timeout]) end - it 'should lay down default auth config' do + it 'is_expected.to have no ssl options' do + is_expected.to contain_glance_api_config('DEFAULT/ca_file').with_ensure('absent') + is_expected.to contain_glance_api_config('DEFAULT/cert_file').with_ensure('absent') + is_expected.to contain_glance_api_config('DEFAULT/key_file').with_ensure('absent') + end + + it 'is_expected.to lay down default auth config' do [ 'auth_host', 'auth_port', 'auth_protocol' ].each do |config| - should contain_glance_api_config("keystone_authtoken/#{config}").with_value(param_hash[config.intern]) + is_expected.to contain_glance_api_config("keystone_authtoken/#{config}").with_value(param_hash[config.intern]) end end - it { should contain_glance_api_config('keystone_authtoken/auth_admin_prefix').with_ensure('absent') } + it { is_expected.to contain_glance_api_config('keystone_authtoken/auth_admin_prefix').with_ensure('absent') } - it 'should configure itself for keystone if that is the auth_type' do + it 'is_expected.to configure itself for keystone if that is the auth_type' do if params[:auth_type] == 'keystone' - should contain('paste_deploy/flavor').with_value('keystone+cachemanagement') + is_expected.to contain('paste_deploy/flavor').with_value('keystone+cachemanagement') + ['admin_tenant_name', 'admin_user', 'admin_password'].each do |config| - should contain_glance_api_config("keystone_authtoken/#{config}").with_value(param_hash[config.intern]) + is_expected.to contain_glance_api_config("keystone_authtoken/#{config}").with_value(param_hash[config.intern]) end + is_expected.to contain_glance_api_config('keystone_authtoken/admin_password').with_value(param_hash[:keystone_password]).with_secret(true) + ['admin_tenant_name', 'admin_user', 'admin_password'].each do |config| - should contain_glance_cache_config("keystone_authtoken/#{config}").with_value(param_hash[config.intern]) + is_expected.to contain_glance_cache_config("keystone_authtoken/#{config}").with_value(param_hash[config.intern]) end + is_expected.to contain_glance_cache_config('keystone_authtoken/admin_password').with_value(param_hash[:keystone_password]).with_secret(true) end end end + + end + + describe 'with disabled service managing' do + let :params do + { + :keystone_password => 'ChangeMe', + :manage_service => false, + :enabled => false, + } + end + + it { is_expected.to contain_service('glance-api').with( + 'ensure' => nil, + 'enable' => false, + 'hasstatus' => true, + 'hasrestart' => true + ) } end describe 'with overridden pipeline' do let :params do { :keystone_password => 'ChangeMe', - :pipeline => 'keystone', + :pipeline => 'something', } end - it { should contain_glance_api_config('paste_deploy/flavor').with_value('keystone') } + it { is_expected.to contain_glance_api_config('paste_deploy/flavor').with_value('something') } end describe 'with blank pipeline' do @@ -165,7 +206,7 @@ describe 'glance::api' do } end - it { should contain_glance_api_config('paste_deploy/flavor').with_ensure('absent') } + it { is_expected.to contain_glance_api_config('paste_deploy/flavor').with_ensure('absent') } end [ @@ -183,7 +224,7 @@ describe 'glance::api' do } end - it { expect { should contain_glance_api_config('filter:paste_deploy/flavor') }.to\ + it { expect { is_expected.to contain_glance_api_config('filter:paste_deploy/flavor') }.to\ raise_error(Puppet::Error, /validate_re\(\): .* does not match/) } end end @@ -196,7 +237,7 @@ describe 'glance::api' do } end - it { should contain_glance_api_config('keystone_authtoken/auth_admin_prefix').with_value('/keystone/main') } + it { is_expected.to contain_glance_api_config('keystone_authtoken/auth_admin_prefix').with_value('/keystone/main') } end [ @@ -215,7 +256,7 @@ describe 'glance::api' do } end - it { expect { should contain_glance_api_config('filter:authtoken/auth_admin_prefix') }.to\ + it { expect { is_expected.to contain_glance_api_config('filter:authtoken/auth_admin_prefix') }.to\ raise_error(Puppet::Error, /validate_re\(\): "#{auth_admin_prefix}" does not match/) } end end @@ -225,8 +266,8 @@ describe 'glance::api' do default_params end - it { should contain_glance_api_config('DEFAULT/use_syslog').with_value(false) } - it { should_not contain_glance_api_config('DEFAULT/syslog_log_facility') } + it { is_expected.to contain_glance_api_config('DEFAULT/use_syslog').with_value(false) } + it { is_expected.to_not contain_glance_api_config('DEFAULT/syslog_log_facility') } end describe 'with syslog enabled' do @@ -236,8 +277,8 @@ describe 'glance::api' do }) end - it { should contain_glance_api_config('DEFAULT/use_syslog').with_value(true) } - it { should contain_glance_api_config('DEFAULT/syslog_log_facility').with_value('LOG_USER') } + it { is_expected.to contain_glance_api_config('DEFAULT/use_syslog').with_value(true) } + it { is_expected.to contain_glance_api_config('DEFAULT/syslog_log_facility').with_value('LOG_USER') } end describe 'with syslog enabled and custom settings' do @@ -248,29 +289,29 @@ describe 'glance::api' do }) end - it { should contain_glance_api_config('DEFAULT/use_syslog').with_value(true) } - it { should contain_glance_api_config('DEFAULT/syslog_log_facility').with_value('LOG_LOCAL0') } + it { is_expected.to contain_glance_api_config('DEFAULT/use_syslog').with_value(true) } + it { is_expected.to contain_glance_api_config('DEFAULT/syslog_log_facility').with_value('LOG_LOCAL0') } end describe 'with log_file enabled by default' do let(:params) { default_params } - it { should contain_glance_api_config('DEFAULT/log_file').with_value(default_params[:log_file]) } + it { is_expected.to contain_glance_api_config('DEFAULT/log_file').with_value(default_params[:log_file]) } context 'with log_file disabled' do let(:params) { default_params.merge!({ :log_file => false }) } - it { should contain_glance_api_config('DEFAULT/log_file').with_ensure('absent') } + it { is_expected.to contain_glance_api_config('DEFAULT/log_file').with_ensure('absent') } end end describe 'with log_dir enabled by default' do let(:params) { default_params } - it { should contain_glance_api_config('DEFAULT/log_dir').with_value(default_params[:log_dir]) } + it { is_expected.to contain_glance_api_config('DEFAULT/log_dir').with_value(default_params[:log_dir]) } context 'with log_dir disabled' do let(:params) { default_params.merge!({ :log_dir => false }) } - it { should contain_glance_api_config('DEFAULT/log_dir').with_ensure('absent') } + it { is_expected.to contain_glance_api_config('DEFAULT/log_dir').with_ensure('absent') } end end @@ -284,9 +325,9 @@ describe 'glance::api' do end context 'with ssl options' do - it { should contain_glance_api_config('DEFAULT/ca_file').with_value('/tmp/ca_file') } - it { should contain_glance_api_config('DEFAULT/cert_file').with_value('/tmp/cert_file') } - it { should contain_glance_api_config('DEFAULT/key_file').with_value('/tmp/key_file') } + it { is_expected.to contain_glance_api_config('DEFAULT/ca_file').with_value('/tmp/ca_file') } + it { is_expected.to contain_glance_api_config('DEFAULT/cert_file').with_value('/tmp/cert_file') } + it { is_expected.to contain_glance_api_config('DEFAULT/key_file').with_value('/tmp/key_file') } end end describe 'with known_stores by default' do @@ -294,7 +335,7 @@ describe 'glance::api' do default_params end - it { should_not contain_glance_api_config('glance_store/stores').with_value('false') } + it { is_expected.to_not contain_glance_api_config('glance_store/stores').with_value('false') } end describe 'with known_stores override' do @@ -304,16 +345,106 @@ describe 'glance::api' do }) end - it { should contain_glance_api_config('glance_store/stores').with_value("glance.store.filesystem.Store,glance.store.http.Store") } + it { is_expected.to contain_glance_api_config('glance_store/stores').with_value("glance.store.filesystem.Store,glance.store.http.Store") } end + describe 'while validating the service with default command' do + let :params do + default_params.merge({ + :validate => true, + }) + end + it { is_expected.to contain_exec('execute glance-api validation').with( + :path => '/usr/bin:/bin:/usr/sbin:/sbin', + :provider => 'shell', + :tries => '10', + :try_sleep => '2', + :command => 'glance --os-auth-url http://localhost:5000/v2.0 --os-tenant-name services --os-username glance --os-password ChangeMe image-list', + )} + + it { is_expected.to contain_anchor('create glance-api anchor').with( + :require => 'Exec[execute glance-api validation]', + )} + end + + describe 'while validating the service with custom command' do + let :params do + default_params.merge({ + :validate => true, + :validation_options => { 'glance-api' => { 'command' => 'my-script' } } + }) + end + it { is_expected.to contain_exec('execute glance-api validation').with( + :path => '/usr/bin:/bin:/usr/sbin:/sbin', + :provider => 'shell', + :tries => '10', + :try_sleep => '2', + :command => 'my-script', + )} + + it { is_expected.to contain_anchor('create glance-api anchor').with( + :require => 'Exec[execute glance-api validation]', + )} + end + + describe 'with identity and auth settings' do + let :params do + { + :keystone_password => 'ChangeMe', + } + end + context 'with custom keystone identity_uri' do + let :params do + default_params.merge!({ + :identity_uri => 'https://foo.bar:1234/', + }) + end + it 'configures identity_uri' do + is_expected.to contain_glance_api_config('keystone_authtoken/identity_uri').with_value("https://foo.bar:1234/"); + # since only identity_uri is set the deprecated auth parameters is_expected.to + # still get set in case they are still in use + is_expected.to contain_glance_api_config('keystone_authtoken/auth_host').with_value('127.0.0.1'); + is_expected.to contain_glance_api_config('keystone_authtoken/auth_port').with_value('35357'); + is_expected.to contain_glance_api_config('keystone_authtoken/auth_protocol').with_value('http'); + end + end + + context 'with custom keystone identity_uri and auth_uri' do + let :params do + default_params.merge!({ + :identity_uri => 'https://foo.bar:35357/', + :auth_uri => 'https://foo.bar:5000/v2.0/', + }) + end + it 'configures identity_uri' do + is_expected.to contain_glance_api_config('keystone_authtoken/identity_uri').with_value("https://foo.bar:35357/"); + is_expected.to contain_glance_api_config('keystone_authtoken/auth_uri').with_value("https://foo.bar:5000/v2.0/"); + is_expected.to contain_glance_api_config('keystone_authtoken/auth_host').with_ensure('absent') + is_expected.to contain_glance_api_config('keystone_authtoken/auth_port').with_ensure('absent') + is_expected.to contain_glance_api_config('keystone_authtoken/auth_protocol').with_ensure('absent') + is_expected.to contain_glance_api_config('keystone_authtoken/auth_admin_prefix').with_ensure('absent') + end + end + end + + describe 'on Debian platforms' do let :facts do { :osfamily => 'Debian' } end let(:params) { default_params } - it {should contain_package('glance-api')} + # We only test this on Debian platforms, since on RedHat there isn't a + # separate package for glance API. + ['present', 'latest'].each do |package_ensure| + context "with package_ensure '#{package_ensure}'" do + let(:params) { default_params.merge({ :package_ensure => package_ensure }) } + it { is_expected.to contain_package('glance-api').with( + :ensure => package_ensure, + :tag => ['openstack'] + )} + end + end end describe 'on RedHat platforms' do @@ -322,7 +453,9 @@ describe 'glance::api' do end let(:params) { default_params } - it { should contain_package('openstack-glance')} + it { is_expected.to contain_package('openstack-glance').with( + :tag => ['openstack'], + )} end describe 'on unknown platforms' do @@ -331,9 +464,7 @@ describe 'glance::api' do end let(:params) { default_params } - it 'should fails to configure glance-api' do - expect { subject }.to raise_error(Puppet::Error, /module glance only support osfamily RedHat and Debian/) - end + it_raises 'a Puppet::Error', /module glance only support osfamily RedHat and Debian/ end end diff --git a/deployment/puppet/glance/spec/classes/glance_backend_cinder_spec.rb b/deployment/puppet/glance/spec/classes/glance_backend_cinder_spec.rb index 24249defdb..f961dfae55 100644 --- a/deployment/puppet/glance/spec/classes/glance_backend_cinder_spec.rb +++ b/deployment/puppet/glance/spec/classes/glance_backend_cinder_spec.rb @@ -31,21 +31,19 @@ describe 'glance::backend::cinder' do context 'when default parameters' do it 'configures glance-api.conf' do - should contain_glance_api_config('glance_store/default_store').with_value('cinder') - should contain_glance_api_config('glance_store/cinder_api_insecure').with_value(false) - should contain_glance_api_config('glance_store/cinder_catalog_info').with_value('volume:cinder:publicURL') - should contain_glance_api_config('glance_store/os_region_name').with_value('RegionOne') - should contain_glance_api_config('glance_store/cinder_http_retries').with_value('3') - should contain_glance_api_config('glance_store/cinder_ca_certificates_file').with(:ensure => 'absent') - should contain_glance_api_config('glance_store/cinder_endpoint_template').with(:ensure => 'absent') + is_expected.to contain_glance_api_config('glance_store/default_store').with_value('cinder') + is_expected.to contain_glance_api_config('DEFAULT/cinder_api_insecure').with_value(false) + is_expected.to contain_glance_api_config('DEFAULT/cinder_catalog_info').with_value('volume:cinder:publicURL') + is_expected.to contain_glance_api_config('DEFAULT/cinder_http_retries').with_value('3') + is_expected.to contain_glance_api_config('DEFAULT/cinder_ca_certificates_file').with(:ensure => 'absent') + is_expected.to contain_glance_api_config('DEFAULT/cinder_endpoint_template').with(:ensure => 'absent') end it 'configures glance-cache.conf' do - should contain_glance_cache_config('DEFAULT/cinder_api_insecure').with_value(false) - should contain_glance_cache_config('DEFAULT/cinder_catalog_info').with_value('volume:cinder:publicURL') - should contain_glance_cache_config('DEFAULT/os_region_name').with_value('RegionOne') - should contain_glance_cache_config('DEFAULT/cinder_http_retries').with_value('3') - should contain_glance_cache_config('DEFAULT/cinder_ca_certificates_file').with(:ensure => 'absent') - should contain_glance_cache_config('DEFAULT/cinder_endpoint_template').with(:ensure => 'absent') + is_expected.to contain_glance_cache_config('DEFAULT/cinder_api_insecure').with_value(false) + is_expected.to contain_glance_cache_config('DEFAULT/cinder_catalog_info').with_value('volume:cinder:publicURL') + is_expected.to contain_glance_cache_config('DEFAULT/cinder_http_retries').with_value('3') + is_expected.to contain_glance_cache_config('DEFAULT/cinder_ca_certificates_file').with(:ensure => 'absent') + is_expected.to contain_glance_cache_config('DEFAULT/cinder_endpoint_template').with(:ensure => 'absent') end end @@ -57,25 +55,22 @@ describe 'glance::backend::cinder' do :cinder_catalog_info => 'volume:cinder:internalURL', :cinder_endpoint_template => 'http://srv-foo:8776/v1/%(project_id)s', :cinder_http_retries => '10', - :os_region_name => 'foo' } end it 'configures glance-api.conf' do - should contain_glance_api_config('glance_store/default_store').with_value('cinder') - should contain_glance_api_config('glance_store/cinder_api_insecure').with_value(true) - should contain_glance_api_config('glance_store/cinder_ca_certificates_file').with_value('/etc/ssh/ca.crt') - should contain_glance_api_config('glance_store/cinder_catalog_info').with_value('volume:cinder:internalURL') - should contain_glance_api_config('glance_store/cinder_endpoint_template').with_value('http://srv-foo:8776/v1/%(project_id)s') - should contain_glance_api_config('glance_store/cinder_http_retries').with_value('10') - should contain_glance_api_config('glance_store/os_region_name').with_value('foo') + is_expected.to contain_glance_api_config('glance_store/default_store').with_value('cinder') + is_expected.to contain_glance_api_config('DEFAULT/cinder_api_insecure').with_value(true) + is_expected.to contain_glance_api_config('DEFAULT/cinder_ca_certificates_file').with_value('/etc/ssh/ca.crt') + is_expected.to contain_glance_api_config('DEFAULT/cinder_catalog_info').with_value('volume:cinder:internalURL') + is_expected.to contain_glance_api_config('DEFAULT/cinder_endpoint_template').with_value('http://srv-foo:8776/v1/%(project_id)s') + is_expected.to contain_glance_api_config('DEFAULT/cinder_http_retries').with_value('10') end it 'configures glance-cache.conf' do - should contain_glance_cache_config('DEFAULT/cinder_api_insecure').with_value(true) - should contain_glance_cache_config('DEFAULT/cinder_ca_certificates_file').with_value('/etc/ssh/ca.crt') - should contain_glance_cache_config('DEFAULT/cinder_catalog_info').with_value('volume:cinder:internalURL') - should contain_glance_cache_config('DEFAULT/cinder_endpoint_template').with_value('http://srv-foo:8776/v1/%(project_id)s') - should contain_glance_cache_config('DEFAULT/cinder_http_retries').with_value('10') - should contain_glance_cache_config('DEFAULT/os_region_name').with_value('foo') + is_expected.to contain_glance_cache_config('DEFAULT/cinder_api_insecure').with_value(true) + is_expected.to contain_glance_cache_config('DEFAULT/cinder_ca_certificates_file').with_value('/etc/ssh/ca.crt') + is_expected.to contain_glance_cache_config('DEFAULT/cinder_catalog_info').with_value('volume:cinder:internalURL') + is_expected.to contain_glance_cache_config('DEFAULT/cinder_endpoint_template').with_value('http://srv-foo:8776/v1/%(project_id)s') + is_expected.to contain_glance_cache_config('DEFAULT/cinder_http_retries').with_value('10') end end diff --git a/deployment/puppet/glance/spec/classes/glance_backend_file_spec.rb b/deployment/puppet/glance/spec/classes/glance_backend_file_spec.rb index 4b6361d1b4..4566eaebc2 100644 --- a/deployment/puppet/glance/spec/classes/glance_backend_file_spec.rb +++ b/deployment/puppet/glance/spec/classes/glance_backend_file_spec.rb @@ -10,12 +10,12 @@ describe 'glance::backend::file' do end it 'configures glance-api.conf' do - should contain_glance_api_config('glance_store/default_store').with_value('file') - should contain_glance_api_config('glance_store/filesystem_store_datadir').with_value('/var/lib/glance/images/') + is_expected.to contain_glance_api_config('glance_store/default_store').with_value('file') + is_expected.to contain_glance_api_config('glance_store/filesystem_store_datadir').with_value('/var/lib/glance/images/') end it 'configures glance-cache.conf' do - should contain_glance_cache_config('DEFAULT/filesystem_store_datadir').with_value('/var/lib/glance/images/') + is_expected.to contain_glance_cache_config('glance_store/filesystem_store_datadir').with_value('/var/lib/glance/images/') end describe 'when overriding datadir' do @@ -24,11 +24,11 @@ describe 'glance::backend::file' do end it 'configures glance-api.conf' do - should contain_glance_api_config('glance_store/filesystem_store_datadir').with_value('/tmp/') + is_expected.to contain_glance_api_config('glance_store/filesystem_store_datadir').with_value('/tmp/') end it 'configures glance-cache.conf' do - should contain_glance_cache_config('DEFAULT/filesystem_store_datadir').with_value('/tmp/') + is_expected.to contain_glance_cache_config('glance_store/filesystem_store_datadir').with_value('/tmp/') end end end diff --git a/deployment/puppet/glance/spec/classes/glance_backend_rbd_spec.rb b/deployment/puppet/glance/spec/classes/glance_backend_rbd_spec.rb index 3d62619602..0de3daf6cd 100644 --- a/deployment/puppet/glance/spec/classes/glance_backend_rbd_spec.rb +++ b/deployment/puppet/glance/spec/classes/glance_backend_rbd_spec.rb @@ -14,12 +14,12 @@ describe 'glance::backend::rbd' do } end - it { should contain_glance_api_config('glance_store/default_store').with_value('rbd') } - it { should contain_glance_api_config('glance_store/rbd_store_pool').with_value('images') } - it { should contain_glance_api_config('glance_store/rbd_store_ceph_conf').with_value('/etc/ceph/ceph.conf') } - it { should contain_glance_api_config('glance_store/rbd_store_chunk_size').with_value('8') } + it { is_expected.to contain_glance_api_config('glance_store/default_store').with_value('rbd') } + it { is_expected.to contain_glance_api_config('glance_store/rbd_store_pool').with_value('images') } + it { is_expected.to contain_glance_api_config('glance_store/rbd_store_ceph_conf').with_value('/etc/ceph/ceph.conf') } + it { is_expected.to contain_glance_api_config('glance_store/rbd_store_chunk_size').with_value('8') } - it { should contain_package('python-ceph').with( + it { is_expected.to contain_package('python-ceph').with( :name => 'python-ceph', :ensure => 'present' ) @@ -31,9 +31,42 @@ describe 'glance::backend::rbd' do { :rbd_store_user => 'user', :rbd_store_chunk_size => '2', + :package_ensure => 'latest', } end - it { should contain_glance_api_config('glance_store/rbd_store_user').with_value('user') } - it { should contain_glance_api_config('glance_store/rbd_store_chunk_size').with_value('2') } + it { is_expected.to contain_glance_api_config('glance_store/rbd_store_user').with_value('user') } + it { is_expected.to contain_glance_api_config('glance_store/rbd_store_chunk_size').with_value('2') } + it { is_expected.to contain_package('python-ceph').with( + :name => 'python-ceph', + :ensure => 'latest' + ) + } + end + + describe 'package on RedHat platform el6' do + let :facts do + { + :osfamily => 'RedHat', + :operatingsystemrelease => '6.5', + } + end + it { is_expected.to contain_package('python-ceph').with( + :name => 'python-ceph', + :ensure => 'present' + ) + } + end + describe 'package on RedHat platform el7' do + let :facts do + { + :osfamily => 'RedHat', + :operatingsystemrelease => '7.0' + } + end + it { is_expected.to contain_package('python-ceph').with( + :name => 'python-rbd', + :ensure => 'present' + ) + } end end diff --git a/deployment/puppet/glance/spec/classes/glance_backend_swift_spec.rb b/deployment/puppet/glance/spec/classes/glance_backend_swift_spec.rb index a6b480db20..d9e3b2216d 100644 --- a/deployment/puppet/glance/spec/classes/glance_backend_swift_spec.rb +++ b/deployment/puppet/glance/spec/classes/glance_backend_swift_spec.rb @@ -21,24 +21,25 @@ describe 'glance::backend::swift' do describe 'when default parameters' do it 'configures glance-api.conf' do - should contain_glance_api_config('glance_store/default_store').with_value('swift') - should contain_glance_api_config('glance_store/swift_store_key').with_value('key') - should contain_glance_api_config('glance_store/swift_store_user').with_value('user') - should contain_glance_api_config('glance_store/swift_store_auth_version').with_value('2') - should contain_glance_api_config('glance_store/swift_store_large_object_size').with_value('5120') - should contain_glance_api_config('glance_store/swift_store_auth_address').with_value('127.0.0.1:5000/v2.0/') - should contain_glance_api_config('glance_store/swift_store_container').with_value('glance') - should contain_glance_api_config('glance_store/swift_store_create_container_on_put').with_value(false) + is_expected.to contain_glance_api_config('glance_store/default_store').with_value('swift') + is_expected.to contain_glance_api_config('glance_store/swift_store_key').with_value('key') + is_expected.to contain_glance_api_config('glance_store/swift_store_user').with_value('user') + is_expected.to contain_glance_api_config('DEFAULT/swift_store_auth_version').with_value('2') + is_expected.to contain_glance_api_config('DEFAULT/swift_store_large_object_size').with_value('5120') + is_expected.to contain_glance_api_config('glance_store/swift_store_auth_address').with_value('127.0.0.1:5000/v2.0/') + is_expected.to contain_glance_api_config('DEFAULT/swift_store_container').with_value('glance') + is_expected.to contain_glance_api_config('DEFAULT/swift_store_create_container_on_put').with_value(false) + is_expected.to contain_glance_api_config('glance_store/swift_store_endpoint_type').with_value('internalURL') end it 'configures glance-cache.conf' do - should contain_glance_cache_config('DEFAULT/swift_store_key').with_value('key') - should contain_glance_cache_config('DEFAULT/swift_store_user').with_value('user') - should contain_glance_cache_config('DEFAULT/swift_store_auth_version').with_value('2') - should contain_glance_cache_config('DEFAULT/swift_store_large_object_size').with_value('5120') - should contain_glance_cache_config('DEFAULT/swift_store_auth_address').with_value('127.0.0.1:5000/v2.0/') - should contain_glance_cache_config('DEFAULT/swift_store_container').with_value('glance') - should contain_glance_cache_config('DEFAULT/swift_store_create_container_on_put').with_value(false) + is_expected.to contain_glance_cache_config('glance_store/swift_store_key').with_value('key') + is_expected.to contain_glance_cache_config('glance_store/swift_store_user').with_value('user') + is_expected.to contain_glance_cache_config('DEFAULT/swift_store_auth_version').with_value('2') + is_expected.to contain_glance_cache_config('DEFAULT/swift_store_large_object_size').with_value('5120') + is_expected.to contain_glance_cache_config('glance_store/swift_store_auth_address').with_value('127.0.0.1:5000/v2.0/') + is_expected.to contain_glance_cache_config('DEFAULT/swift_store_container').with_value('glance') + is_expected.to contain_glance_cache_config('DEFAULT/swift_store_create_container_on_put').with_value(false) end end @@ -51,24 +52,26 @@ describe 'glance::backend::swift' do :swift_store_large_object_size => '100', :swift_store_auth_address => '127.0.0.2:8080/v1.0/', :swift_store_container => 'swift', - :swift_store_create_container_on_put => true + :swift_store_create_container_on_put => true, + :swift_store_endpoint_type => 'publicURL' } end it 'configures glance-api.conf' do - should contain_glance_api_config('glance_store/swift_store_container').with_value('swift') - should contain_glance_api_config('glance_store/swift_store_create_container_on_put').with_value(true) - should contain_glance_api_config('glance_store/swift_store_auth_version').with_value('1') - should contain_glance_api_config('glance_store/swift_store_large_object_size').with_value('100') - should contain_glance_api_config('glance_store/swift_store_auth_address').with_value('127.0.0.2:8080/v1.0/') + is_expected.to contain_glance_api_config('DEFAULT/swift_store_container').with_value('swift') + is_expected.to contain_glance_api_config('DEFAULT/swift_store_create_container_on_put').with_value(true) + is_expected.to contain_glance_api_config('DEFAULT/swift_store_auth_version').with_value('1') + is_expected.to contain_glance_api_config('DEFAULT/swift_store_large_object_size').with_value('100') + is_expected.to contain_glance_api_config('glance_store/swift_store_auth_address').with_value('127.0.0.2:8080/v1.0/') + is_expected.to contain_glance_api_config('glance_store/swift_store_endpoint_type').with_value('publicURL') end it 'configures glance-cache.conf' do - should contain_glance_cache_config('DEFAULT/swift_store_container').with_value('swift') - should contain_glance_cache_config('DEFAULT/swift_store_create_container_on_put').with_value(true) - should contain_glance_cache_config('DEFAULT/swift_store_auth_version').with_value('1') - should contain_glance_cache_config('DEFAULT/swift_store_large_object_size').with_value('100') - should contain_glance_cache_config('DEFAULT/swift_store_auth_address').with_value('127.0.0.2:8080/v1.0/') + is_expected.to contain_glance_cache_config('DEFAULT/swift_store_container').with_value('swift') + is_expected.to contain_glance_cache_config('DEFAULT/swift_store_create_container_on_put').with_value(true) + is_expected.to contain_glance_cache_config('DEFAULT/swift_store_auth_version').with_value('1') + is_expected.to contain_glance_cache_config('DEFAULT/swift_store_large_object_size').with_value('100') + is_expected.to contain_glance_cache_config('glance_store/swift_store_auth_address').with_value('127.0.0.2:8080/v1.0/') end end end diff --git a/deployment/puppet/glance/spec/classes/glance_backend_vsphere_spec.rb b/deployment/puppet/glance/spec/classes/glance_backend_vsphere_spec.rb index c67312ed8d..43ab90cf8a 100644 --- a/deployment/puppet/glance/spec/classes/glance_backend_vsphere_spec.rb +++ b/deployment/puppet/glance/spec/classes/glance_backend_vsphere_spec.rb @@ -1,62 +1,94 @@ +# +# Copyright (C) 2014 Mirantis +# +# Author: Steapn Rogov +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# Unit tests for glance::backend::vsphere class +# + require 'spec_helper' describe 'glance::backend::vsphere' do - let :facts do - { - :osfamily => 'Debian' - } - end - - let :params do - { - :vcenter_host => '10.0.0.1', - :vcenter_user => 'root', - :vcenter_password => '123456', - :vcenter_datacenter => 'Datacenter', - :vcenter_datastore => 'Datastore', - :vcenter_image_dir => '/openstack_glance', - } - end let :pre_condition do 'class { "glance::api": keystone_password => "pass" }' end - describe 'when default parameters' do + shared_examples_for 'glance with vsphere backend' do - it 'configures glance-api.conf' do - should contain_glance_api_config('glance_store/default_store').with_value('vsphere') - should contain_glance_api_config('glance_store/vmware_api_insecure').with_value('False') - should contain_glance_api_config('glance_store/vmware_server_host').with_value('10.0.0.1') - should contain_glance_api_config('glance_store/vmware_server_username').with_value('root') - should contain_glance_api_config('glance_store/vmware_server_password').with_value('123456') - should contain_glance_api_config('glance_store/vmware_datastore_name').with_value('Datastore') - should contain_glance_api_config('glance_store/vmware_store_image_dir').with_value('/openstack_glance') - should contain_glance_api_config('glance_store/vmware_task_poll_interval').with_value('5') - should contain_glance_api_config('glance_store/vmware_api_retry_count').with_value('10') - should contain_glance_api_config('glance_store/vmware_datacenter_path').with_value('Datacenter') + context 'when default parameters' do + let :params do + { + :vcenter_host => '10.0.0.1', + :vcenter_user => 'root', + :vcenter_password => '123456', + :vcenter_datacenter => 'Datacenter', + :vcenter_datastore => 'Datastore', + :vcenter_image_dir => '/openstack_glance', + } + end + it 'configures glance-api.conf' do + is_expected.to contain_glance_api_config('DEFAULT/default_store').with_value('vsphere') + is_expected.to contain_glance_api_config('DEFAULT/vmware_api_insecure').with_value('False') + is_expected.to contain_glance_api_config('DEFAULT/vmware_server_host').with_value('10.0.0.1') + is_expected.to contain_glance_api_config('DEFAULT/vmware_server_username').with_value('root') + is_expected.to contain_glance_api_config('DEFAULT/vmware_server_password').with_value('123456') + is_expected.to contain_glance_api_config('DEFAULT/vmware_datastore_name').with_value('Datastore') + is_expected.to contain_glance_api_config('DEFAULT/vmware_store_image_dir').with_value('/openstack_glance') + is_expected.to contain_glance_api_config('DEFAULT/vmware_task_poll_interval').with_value('5') + is_expected.to contain_glance_api_config('DEFAULT/vmware_api_retry_count').with_value('10') + is_expected.to contain_glance_api_config('DEFAULT/vmware_datacenter_path').with_value('Datacenter') + end end + + context 'when overriding parameters' do + let :params do + { + :vcenter_host => '10.0.0.1', + :vcenter_user => 'root', + :vcenter_password => '123456', + :vcenter_datacenter => 'Datacenter', + :vcenter_datastore => 'Datastore', + :vcenter_image_dir => '/openstack_glance', + :vcenter_api_insecure => 'True', + :vcenter_task_poll_interval => '6', + :vcenter_api_retry_count => '11', + } + end + it 'configures glance-api.conf' do + is_expected.to contain_glance_api_config('DEFAULT/vmware_api_insecure').with_value('True') + is_expected.to contain_glance_api_config('DEFAULT/vmware_task_poll_interval').with_value('6') + is_expected.to contain_glance_api_config('DEFAULT/vmware_api_retry_count').with_value('11') + end + end + end - describe 'when overriding parameters' do - let :params do - { - :vcenter_host => '10.0.0.1', - :vcenter_user => 'root', - :vcenter_password => '123456', - :vcenter_datacenter => 'Datacenter', - :vcenter_datastore => 'Datastore', - :vcenter_image_dir => '/openstack_glance', - :vcenter_api_insecure => 'True', - :vcenter_task_poll_interval => '6', - :vcenter_api_retry_count => '11', - } + context 'on Debian platforms' do + let :facts do + { :osfamily => 'Debian' } end - it 'configures glance-api.conf' do - should contain_glance_api_config('glance_store/vmware_api_insecure').with_value('True') - should contain_glance_api_config('glance_store/vmware_task_poll_interval').with_value('6') - should contain_glance_api_config('glance_store/vmware_api_retry_count').with_value('11') + it_configures 'glance with vsphere backend' + end + + context 'on RedHat platforms' do + let :facts do + { :osfamily => 'RedHat' } end + + it_configures 'glance with vsphere backend' end end diff --git a/deployment/puppet/glance/spec/classes/glance_cache_cleaner_spec.rb b/deployment/puppet/glance/spec/classes/glance_cache_cleaner_spec.rb index 8b8bbe48ed..ccb87845ba 100644 --- a/deployment/puppet/glance/spec/classes/glance_cache_cleaner_spec.rb +++ b/deployment/puppet/glance/spec/classes/glance_cache_cleaner_spec.rb @@ -2,20 +2,64 @@ require 'spec_helper' describe 'glance::cache::cleaner' do - let :facts do - { :osfamily => 'Debian' } + shared_examples_for 'glance cache cleaner' do + + context 'when default parameters' do + + it 'configures a cron' do + is_expected.to contain_cron('glance-cache-cleaner').with( + :command => 'glance-cache-cleaner ', + :environment => 'PATH=/bin:/usr/bin:/usr/sbin', + :user => 'glance', + :minute => 1, + :hour => 0, + :monthday => '*', + :month => '*', + :weekday => '*' + ) + end + end + + context 'when overriding parameters' do + let :params do + { + :minute => 59, + :hour => 23, + :monthday => '1', + :month => '2', + :weekday => '3', + :command_options => '--config-dir /etc/glance/', + } + end + it 'configures a cron' do + is_expected.to contain_cron('glance-cache-cleaner').with( + :command => 'glance-cache-cleaner --config-dir /etc/glance/', + :environment => 'PATH=/bin:/usr/bin:/usr/sbin', + :user => 'glance', + :minute => 59, + :hour => 23, + :monthday => '1', + :month => '2', + :weekday => '3' + ) + end + end end - it 'configures a cron' do - should contain_cron('glance-cache-cleaner').with( - :command => 'glance-cache-cleaner', - :environment => 'PATH=/bin:/usr/bin:/usr/sbin', - :user => 'glance', - :minute => 1, - :hour => 0, - :monthday => '*', - :month => '*', - :weekday => '*' - ) + context 'on Debian platforms' do + let :facts do + { :osfamily => 'Debian' } + end + include_examples 'glance cache cleaner' + it { is_expected.to contain_cron('glance-cache-cleaner').with(:require => 'Package[glance-api]')} end + + context 'on RedHat platforms' do + let :facts do + { :osfamily => 'RedHat' } + end + include_examples 'glance cache cleaner' + it { is_expected.to contain_cron('glance-cache-cleaner').with(:require => 'Package[openstack-glance]')} + end + end diff --git a/deployment/puppet/glance/spec/classes/glance_cache_pruner_spec.rb b/deployment/puppet/glance/spec/classes/glance_cache_pruner_spec.rb index 5bcf7cd2ac..1d08b33fc5 100644 --- a/deployment/puppet/glance/spec/classes/glance_cache_pruner_spec.rb +++ b/deployment/puppet/glance/spec/classes/glance_cache_pruner_spec.rb @@ -2,20 +2,64 @@ require 'spec_helper' describe 'glance::cache::pruner' do - let :facts do - { :osfamily => 'Debian' } + shared_examples_for 'glance cache pruner' do + + context 'when default parameters' do + + it 'configures a cron' do + is_expected.to contain_cron('glance-cache-pruner').with( + :command => 'glance-cache-pruner ', + :environment => 'PATH=/bin:/usr/bin:/usr/sbin', + :user => 'glance', + :minute => '*/30', + :hour => '*', + :monthday => '*', + :month => '*', + :weekday => '*' + ) + end + end + + context 'when overriding parameters' do + let :params do + { + :minute => 59, + :hour => 23, + :monthday => '1', + :month => '2', + :weekday => '3', + :command_options => '--config-dir /etc/glance/', + } + end + it 'configures a cron' do + is_expected.to contain_cron('glance-cache-pruner').with( + :command => 'glance-cache-pruner --config-dir /etc/glance/', + :environment => 'PATH=/bin:/usr/bin:/usr/sbin', + :user => 'glance', + :minute => 59, + :hour => 23, + :monthday => '1', + :month => '2', + :weekday => '3' + ) + end + end end - it 'configures a cron' do - should contain_cron('glance-cache-pruner').with( - :command => 'glance-cache-pruner', - :environment => 'PATH=/bin:/usr/bin:/usr/sbin', - :user => 'glance', - :minute => '*/30', - :hour => '*', - :monthday => '*', - :month => '*', - :weekday => '*' - ) + context 'on Debian platforms' do + let :facts do + { :osfamily => 'Debian' } + end + include_examples 'glance cache pruner' + it { is_expected.to contain_cron('glance-cache-pruner').with(:require => 'Package[glance-api]')} end + + context 'on RedHat platforms' do + let :facts do + { :osfamily => 'RedHat' } + end + include_examples 'glance cache pruner' + it { is_expected.to contain_cron('glance-cache-pruner').with(:require => 'Package[openstack-glance]')} + end + end diff --git a/deployment/puppet/glance/spec/classes/glance_client_spec.rb b/deployment/puppet/glance/spec/classes/glance_client_spec.rb index e00e29a931..bad0a9c2d8 100644 --- a/deployment/puppet/glance/spec/classes/glance_client_spec.rb +++ b/deployment/puppet/glance/spec/classes/glance_client_spec.rb @@ -3,10 +3,11 @@ require 'spec_helper' describe 'glance::client' do shared_examples 'glance client' do - it { should contain_class('glance::params') } - it { should contain_package('python-glanceclient').with( + it { is_expected.to contain_class('glance::params') } + it { is_expected.to contain_package('python-glanceclient').with( :name => 'python-glanceclient', - :ensure => 'present' + :ensure => 'present', + :tag => ['openstack'], ) } end diff --git a/deployment/puppet/glance/spec/classes/glance_db_mysql_spec.rb b/deployment/puppet/glance/spec/classes/glance_db_mysql_spec.rb index a4d9421d4c..d2da9e338e 100644 --- a/deployment/puppet/glance/spec/classes/glance_db_mysql_spec.rb +++ b/deployment/puppet/glance/spec/classes/glance_db_mysql_spec.rb @@ -15,16 +15,13 @@ describe 'glance::db::mysql' do let :params do { :password => 'glancepass1', - :mysql_module => '0.9' } end - it { should contain_class('mysql::python') } - - it { should contain_mysql__db('glance').with( - :password => 'glancepass1', - :require => 'Class[Mysql::Config]', - :charset => 'utf8' + it { is_expected.to contain_openstacklib__db__mysql('glance').with( + :password_hash => '*41C910F70EB213CF4CB7B2F561B4995503C0A87B', + :charset => 'utf8', + :collate => 'utf8_general_ci', )} end @@ -38,9 +35,10 @@ describe 'glance::db::mysql' do } end - it { should contain_mysql__db('glancedb2').with( - :password => 'glancepass2', - :charset => 'utf8' + it { is_expected.to contain_openstacklib__db__mysql('glance').with( + :password_hash => '*6F9A1CB9BD83EE06F3903BDFF9F4188764E694CA', + :dbname => 'glancedb2', + :charset => 'utf8' )} end @@ -54,17 +52,6 @@ describe 'glance::db::mysql' do } end - it {should_not contain_glance__db__mysql__host_access("127.0.0.1").with( - :user => 'glance', - :password => 'glancepass2', - :database => 'glancedb2' - )} - it {should contain_glance__db__mysql__host_access("%").with( - :user => 'glance', - :password => 'glancepass2', - :database => 'glancedb2' - )} - end describe "overriding allowed_hosts param to string" do @@ -76,11 +63,6 @@ describe 'glance::db::mysql' do } end - it {should contain_glance__db__mysql__host_access("192.168.1.1").with( - :user => 'glance', - :password => 'glancepass2', - :database => 'glancedb2' - )} end describe "overriding allowed_hosts param equals to host param " do @@ -92,11 +74,6 @@ describe 'glance::db::mysql' do } end - it {should_not contain_glance__db__mysql__host_access("127.0.0.1").with( - :user => 'glance', - :password => 'glancepass2', - :database => 'glancedb2' - )} end end diff --git a/deployment/puppet/glance/spec/classes/glance_db_postgresql_spec.rb b/deployment/puppet/glance/spec/classes/glance_db_postgresql_spec.rb index dcb2b01262..c51afe5b87 100644 --- a/deployment/puppet/glance/spec/classes/glance_db_postgresql_spec.rb +++ b/deployment/puppet/glance/spec/classes/glance_db_postgresql_spec.rb @@ -3,24 +3,56 @@ require 'spec_helper' describe 'glance::db::postgresql' do let :req_params do - {:password => 'pw'} + { :password => 'pw' } end - let :facts do - { - :postgres_default_version => '8.4', - :osfamily => 'RedHat', - } + let :pre_condition do + 'include postgresql::server' end - describe 'with only required params' do - let :params do - req_params + context 'on a RedHat osfamily' do + let :facts do + { + :osfamily => 'RedHat', + :operatingsystemrelease => '7.0', + :concat_basedir => '/var/lib/puppet/concat' + } end - it { should contain_postgresql__db('glance').with( - :user => 'glance', - :password => 'pw' - ) } + + context 'with only required parameters' do + let :params do + req_params + end + + it { is_expected.to contain_postgresql__server__db('glance').with( + :user => 'glance', + :password => 'md56c7c03b193c2c1e0667bc5bd891703db' + )} + end + + end + + context 'on a Debian osfamily' do + let :facts do + { + :operatingsystemrelease => '7.8', + :operatingsystem => 'Debian', + :osfamily => 'Debian', + :concat_basedir => '/var/lib/puppet/concat' + } + end + + context 'with only required parameters' do + let :params do + req_params + end + + it { is_expected.to contain_postgresql__server__db('glance').with( + :user => 'glance', + :password => 'md56c7c03b193c2c1e0667bc5bd891703db' + )} + end + end end diff --git a/deployment/puppet/glance/spec/classes/glance_keystone_auth_spec.rb b/deployment/puppet/glance/spec/classes/glance_keystone_auth_spec.rb index 551d00df11..a5cac91c5d 100644 --- a/deployment/puppet/glance/spec/classes/glance_keystone_auth_spec.rb +++ b/deployment/puppet/glance/spec/classes/glance_keystone_auth_spec.rb @@ -8,23 +8,23 @@ describe 'glance::keystone::auth' do {:password => 'pass'} end - it { should contain_keystone_user('glance').with( + it { is_expected.to contain_keystone_user('glance').with( :ensure => 'present', :password => 'pass' )} - it { should contain_keystone_user_role('glance@services').with( + it { is_expected.to contain_keystone_user_role('glance@services').with( :ensure => 'present', - :roles => 'admin' + :roles => ['admin'] ) } - it { should contain_keystone_service('glance').with( + it { is_expected.to contain_keystone_service('glance').with( :ensure => 'present', :type => 'image', - :description => 'Openstack Image Service' + :description => 'OpenStack Image Service' ) } - it { should contain_keystone_endpoint('RegionOne/glance').with( + it { is_expected.to contain_keystone_endpoint('RegionOne/glance').with( :ensure => 'present', :public_url => 'http://127.0.0.1:9292', :admin_url => 'http://127.0.0.1:9292', @@ -43,25 +43,42 @@ describe 'glance::keystone::auth' do } end - it { should contain_keystone_user('glancey').with( + it { is_expected.to contain_keystone_user('glancey').with( :ensure => 'present', :password => 'password' )} - it { should contain_keystone_user_role('glancey@services').with( + it { is_expected.to contain_keystone_user_role('glancey@services').with( :ensure => 'present', - :roles => 'admin' + :roles => ['admin'] ) } - it { should contain_keystone_service('glancey').with( + it { is_expected.to contain_keystone_service('glancey').with( :ensure => 'present', :type => 'imagey', - :description => 'Openstack Image Service' + :description => 'OpenStack Image Service' ) } end - describe 'when address, region, port and protocoll are overridden' do + describe 'when overriding endpoint URLs' do + let :params do + { :password => 'passw0rd', + :region => 'RegionTwo', + :public_url => 'https://10.10.10.10:81/v2', + :internal_url => 'https://10.10.10.11:81/v2', + :admin_url => 'https://10.10.10.12:81/v2' } + end + + it { is_expected.to contain_keystone_endpoint('RegionTwo/glance').with( + :ensure => 'present', + :public_url => 'https://10.10.10.10:81/v2', + :internal_url => 'https://10.10.10.11:81/v2', + :admin_url => 'https://10.10.10.12:81/v2' + ) } + end + + describe 'with deprecated endpoints parameters' do let :params do { @@ -77,7 +94,7 @@ describe 'glance::keystone::auth' do } end - it { should contain_keystone_endpoint('RegionTwo/glance').with( + it { is_expected.to contain_keystone_endpoint('RegionTwo/glance').with( :ensure => 'present', :public_url => 'https://10.0.0.1:9393', :admin_url => 'https://10.0.0.2:9393', @@ -95,7 +112,46 @@ describe 'glance::keystone::auth' do } end - it { should_not contain_keystone_endpoint('glance') } + it { is_expected.to_not contain_keystone_endpoint('RegionOne/glance') } + end + + describe 'when disabling user configuration' do + let :params do + { + :configure_user => false, + :password => 'pass', + } + end + + it { is_expected.to_not contain_keystone_user('glance') } + + it { is_expected.to contain_keystone_user_role('glance@services') } + + it { is_expected.to contain_keystone_service('glance').with( + :ensure => 'present', + :type => 'image', + :description => 'OpenStack Image Service' + ) } + end + + describe 'when disabling user and user role configuration' do + let :params do + { + :configure_user => false, + :configure_user_role => false, + :password => 'pass', + } + end + + it { is_expected.to_not contain_keystone_user('glance') } + + it { is_expected.to_not contain_keystone_user_role('glance@services') } + + it { is_expected.to contain_keystone_service('glance').with( + :ensure => 'present', + :type => 'image', + :description => 'OpenStack Image Service' + ) } end describe 'when configuring glance-api and the keystone endpoint' do @@ -114,6 +170,23 @@ describe 'glance::keystone::auth' do } end - it { should contain_keystone_endpoint('RegionOne/glance').with_notify('Service[glance-api]') } + it { is_expected.to contain_keystone_endpoint('RegionOne/glance').with_notify(["Service[glance-api]"]) } end + + describe 'when overriding service name' do + + let :params do + { + :service_name => 'glance_service', + :password => 'pass' + } + end + + it { is_expected.to contain_keystone_user('glance') } + it { is_expected.to contain_keystone_user_role('glance@services') } + it { is_expected.to contain_keystone_service('glance_service') } + it { is_expected.to contain_keystone_endpoint('RegionOne/glance_service') } + + end + end diff --git a/deployment/puppet/glance/spec/classes/glance_notify_qpid_spec.rb b/deployment/puppet/glance/spec/classes/glance_notify_qpid_spec.rb index 6ae87cf57c..695c56e2e5 100644 --- a/deployment/puppet/glance/spec/classes/glance_notify_qpid_spec.rb +++ b/deployment/puppet/glance/spec/classes/glance_notify_qpid_spec.rb @@ -15,12 +15,13 @@ describe 'glance::notify::qpid' do {:qpid_password => 'pass'} end - it { should contain_glance_api_config('DEFAULT/notifier_driver').with_value('qpid') } - it { should contain_glance_api_config('DEFAULT/qpid_username').with_value('guest') } - it { should contain_glance_api_config('DEFAULT/qpid_password').with_value('pass') } - it { should contain_glance_api_config('DEFAULT/qpid_hostname').with_value('localhost') } - it { should contain_glance_api_config('DEFAULT/qpid_port').with_value('5672') } - it { should contain_glance_api_config('DEFAULT/qpid_protocol').with_value('tcp') } + it { is_expected.to contain_glance_api_config('DEFAULT/notifier_driver').with_value('qpid') } + it { is_expected.to contain_glance_api_config('DEFAULT/qpid_username').with_value('guest') } + it { is_expected.to contain_glance_api_config('DEFAULT/qpid_password').with_value('pass') } + it { is_expected.to contain_glance_api_config('DEFAULT/qpid_password').with_value(params[:qpid_password]).with_secret(true) } + it { is_expected.to contain_glance_api_config('DEFAULT/qpid_hostname').with_value('localhost') } + it { is_expected.to contain_glance_api_config('DEFAULT/qpid_port').with_value('5672') } + it { is_expected.to contain_glance_api_config('DEFAULT/qpid_protocol').with_value('tcp') } end describe 'when passing params' do @@ -32,10 +33,10 @@ describe 'glance::notify::qpid' do :qpid_port => '5673' } end - it { should contain_glance_api_config('DEFAULT/qpid_username').with_value('guest2') } - it { should contain_glance_api_config('DEFAULT/qpid_hostname').with_value('localhost2') } - it { should contain_glance_api_config('DEFAULT/qpid_port').with_value('5673') } - it { should contain_glance_api_config('DEFAULT/qpid_protocol').with_value('tcp') } + it { is_expected.to contain_glance_api_config('DEFAULT/qpid_username').with_value('guest2') } + it { is_expected.to contain_glance_api_config('DEFAULT/qpid_hostname').with_value('localhost2') } + it { is_expected.to contain_glance_api_config('DEFAULT/qpid_port').with_value('5673') } + it { is_expected.to contain_glance_api_config('DEFAULT/qpid_protocol').with_value('tcp') } end describe 'when configuring with ssl' do @@ -48,9 +49,9 @@ describe 'glance::notify::qpid' do :qpid_protocol => 'ssl' } end - it { should contain_glance_api_config('DEFAULT/qpid_username').with_value('guest3') } - it { should contain_glance_api_config('DEFAULT/qpid_hostname').with_value('localhost3') } - it { should contain_glance_api_config('DEFAULT/qpid_port').with_value('5671') } - it { should contain_glance_api_config('DEFAULT/qpid_protocol').with_value('ssl') } + it { is_expected.to contain_glance_api_config('DEFAULT/qpid_username').with_value('guest3') } + it { is_expected.to contain_glance_api_config('DEFAULT/qpid_hostname').with_value('localhost3') } + it { is_expected.to contain_glance_api_config('DEFAULT/qpid_port').with_value('5671') } + it { is_expected.to contain_glance_api_config('DEFAULT/qpid_protocol').with_value('ssl') } end end diff --git a/deployment/puppet/glance/spec/classes/glance_notify_rabbitmq_spec.rb b/deployment/puppet/glance/spec/classes/glance_notify_rabbitmq_spec.rb index 26d61b88a3..7f5f76fa01 100644 --- a/deployment/puppet/glance/spec/classes/glance_notify_rabbitmq_spec.rb +++ b/deployment/puppet/glance/spec/classes/glance_notify_rabbitmq_spec.rb @@ -14,17 +14,18 @@ describe 'glance::notify::rabbitmq' do let :params do {:rabbit_password => 'pass'} end - it { should contain_glance_api_config('DEFAULT/notification_driver').with_ensure('absent') } - it { should contain_glance_api_config('DEFAULT/rabbit_password').with_value('pass') } - it { should contain_glance_api_config('DEFAULT/rabbit_userid').with_value('guest') } - it { should contain_glance_api_config('DEFAULT/rabbit_host').with_value('localhost') } - it { should contain_glance_api_config('DEFAULT/rabbit_port').with_value('5672') } - it { should contain_glance_api_config('DEFAULT/rabbit_hosts').with_value('localhost:5672') } - it { should contain_glance_api_config('DEFAULT/rabbit_ha_queues').with_value('false') } - it { should contain_glance_api_config('DEFAULT/amqp_durable_queues').with_value('false') } - it { should contain_glance_api_config('DEFAULT/rabbit_virtual_host').with_value('/') } - it { should contain_glance_api_config('DEFAULT/rabbit_notification_exchange').with_value('glance') } - it { should contain_glance_api_config('DEFAULT/rabbit_notification_topic').with_value('notifications') } + it { is_expected.to contain_glance_api_config('DEFAULT/notification_driver').with_value('messaging') } + it { is_expected.to contain_glance_api_config('oslo_messaging_rabbit/rabbit_password').with_value('pass') } + it { is_expected.to contain_glance_api_config('oslo_messaging_rabbit/rabbit_password').with_value(params[:rabbit_password]).with_secret(true) } + it { is_expected.to contain_glance_api_config('oslo_messaging_rabbit/rabbit_userid').with_value('guest') } + it { is_expected.to contain_glance_api_config('oslo_messaging_rabbit/rabbit_host').with_value('localhost') } + it { is_expected.to contain_glance_api_config('oslo_messaging_rabbit/rabbit_port').with_value('5672') } + it { is_expected.to contain_glance_api_config('oslo_messaging_rabbit/rabbit_hosts').with_value('localhost:5672') } + it { is_expected.to contain_glance_api_config('oslo_messaging_rabbit/rabbit_ha_queues').with_value('false') } + it { is_expected.to contain_glance_api_config('DEFAULT/amqp_durable_queues').with_value('false') } + it { is_expected.to contain_glance_api_config('oslo_messaging_rabbit/rabbit_virtual_host').with_value('/') } + it { is_expected.to contain_glance_api_config('oslo_messaging_rabbit/rabbit_notification_exchange').with_value('glance') } + it { is_expected.to contain_glance_api_config('oslo_messaging_rabbit/rabbit_notification_topic').with_value('notifications') } end describe 'when passing params and use ssl' do @@ -37,15 +38,15 @@ describe 'glance::notify::rabbitmq' do :rabbit_use_ssl => true, :rabbit_durable_queues => true, } - it { should contain_glance_api_config('DEFAULT/rabbit_userid').with_value('guest2') } - it { should contain_glance_api_config('DEFAULT/rabbit_host').with_value('localhost2') } - it { should contain_glance_api_config('DEFAULT/rabbit_port').with_value('5673') } - it { should contain_glance_api_config('DEFAULT/rabbit_use_ssl').with_value('true') } - it { should contain_glance_api_config('DEFAULT/kombu_ssl_ca_certs').with_ensure('absent') } - it { should contain_glance_api_config('DEFAULT/kombu_ssl_certfile').with_ensure('absent') } - it { should contain_glance_api_config('DEFAULT/kombu_ssl_keyfile').with_ensure('absent') } - it { should contain_glance_api_config('DEFAULT/kombu_ssl_version').with_value('SSLv3') } - it { should contain_glance_api_config('DEFAULT/rabbit_durable_queues').with_value('true') } + it { is_expected.to contain_glance_api_config('oslo_messaging_rabbit/rabbit_userid').with_value('guest2') } + it { is_expected.to contain_glance_api_config('oslo_messaging_rabbit/rabbit_host').with_value('localhost2') } + it { is_expected.to contain_glance_api_config('oslo_messaging_rabbit/rabbit_port').with_value('5673') } + it { is_expected.to contain_glance_api_config('oslo_messaging_rabbit/rabbit_use_ssl').with_value('true') } + it { is_expected.to contain_glance_api_config('oslo_messaging_rabbit/kombu_ssl_ca_certs').with_ensure('absent') } + it { is_expected.to contain_glance_api_config('oslo_messaging_rabbit/kombu_ssl_certfile').with_ensure('absent') } + it { is_expected.to contain_glance_api_config('oslo_messaging_rabbit/kombu_ssl_keyfile').with_ensure('absent') } + it { is_expected.to contain_glance_api_config('oslo_messaging_rabbit/kombu_ssl_version').with_value('TLSv1') } + it { is_expected.to contain_glance_api_config('oslo_messaging_rabbit/rabbit_durable_queues').with_value('true') } end end @@ -60,11 +61,30 @@ describe 'glance::notify::rabbitmq' do :kombu_ssl_version => 'TLSv1', } end - it { should contain_glance_api_config('DEFAULT/rabbit_use_ssl').with_value(true) } - it { should contain_glance_api_config('DEFAULT/kombu_ssl_ca_certs').with_value('/etc/ca.cert') } - it { should contain_glance_api_config('DEFAULT/kombu_ssl_certfile').with_value('/etc/certfile') } - it { should contain_glance_api_config('DEFAULT/kombu_ssl_keyfile').with_value('/etc/key') } - it { should contain_glance_api_config('DEFAULT/kombu_ssl_version').with_value('TLSv1') } + it { is_expected.to contain_glance_api_config('oslo_messaging_rabbit/rabbit_use_ssl').with_value(true) } + it { is_expected.to contain_glance_api_config('oslo_messaging_rabbit/kombu_ssl_ca_certs').with_value('/etc/ca.cert') } + it { is_expected.to contain_glance_api_config('oslo_messaging_rabbit/kombu_ssl_certfile').with_value('/etc/certfile') } + it { is_expected.to contain_glance_api_config('oslo_messaging_rabbit/kombu_ssl_keyfile').with_value('/etc/key') } + it { is_expected.to contain_glance_api_config('oslo_messaging_rabbit/kombu_ssl_version').with_value('TLSv1') } + end + + describe 'with rabbit ssl disabled' do + let :params do + { + :rabbit_password => 'pass', + :rabbit_use_ssl => false, + :kombu_ssl_ca_certs => 'undef', + :kombu_ssl_certfile => 'undef', + :kombu_ssl_keyfile => 'undef', + :kombu_ssl_version => 'TLSv1', + } + end + + it { is_expected.to contain_glance_api_config('oslo_messaging_rabbit/rabbit_use_ssl').with_value('false') } + it { is_expected.to contain_glance_api_config('oslo_messaging_rabbit/kombu_ssl_ca_certs').with_ensure('absent') } + it { is_expected.to contain_glance_api_config('oslo_messaging_rabbit/kombu_ssl_certfile').with_ensure('absent') } + it { is_expected.to contain_glance_api_config('oslo_messaging_rabbit/kombu_ssl_keyfile').with_ensure('absent') } + it { is_expected.to contain_glance_api_config('oslo_messaging_rabbit/kombu_ssl_version').with_ensure('absent') } end describe 'when passing params for single rabbit host' do @@ -78,12 +98,12 @@ describe 'glance::notify::rabbitmq' do :rabbit_durable_queues => true, } end - it { should contain_glance_api_config('DEFAULT/rabbit_userid').with_value('guest2') } - it { should contain_glance_api_config('DEFAULT/rabbit_host').with_value('localhost2') } - it { should contain_glance_api_config('DEFAULT/rabbit_port').with_value('5673') } - it { should contain_glance_api_config('DEFAULT/rabbit_hosts').with_value('localhost2:5673') } - it { should contain_glance_api_config('DEFAULT/rabbit_use_ssl').with_value('true') } - it { should contain_glance_api_config('DEFAULT/amqp_durable_queues').with_value('true') } + it { is_expected.to contain_glance_api_config('oslo_messaging_rabbit/rabbit_userid').with_value('guest2') } + it { is_expected.to contain_glance_api_config('oslo_messaging_rabbit/rabbit_host').with_value('localhost2') } + it { is_expected.to contain_glance_api_config('oslo_messaging_rabbit/rabbit_port').with_value('5673') } + it { is_expected.to contain_glance_api_config('oslo_messaging_rabbit/rabbit_hosts').with_value('localhost2:5673') } + it { is_expected.to contain_glance_api_config('oslo_messaging_rabbit/rabbit_use_ssl').with_value('true') } + it { is_expected.to contain_glance_api_config('DEFAULT/amqp_durable_queues').with_value('true') } end describe 'when passing params for multiple rabbit hosts' do @@ -94,12 +114,12 @@ describe 'glance::notify::rabbitmq' do :rabbit_hosts => ['nonlocalhost3:5673', 'nonlocalhost4:5673'] } end - it { should contain_glance_api_config('DEFAULT/rabbit_userid').with_value('guest3') } - it { should contain_glance_api_config('DEFAULT/rabbit_hosts').with_value( + it { is_expected.to contain_glance_api_config('oslo_messaging_rabbit/rabbit_userid').with_value('guest3') } + it { is_expected.to contain_glance_api_config('oslo_messaging_rabbit/rabbit_hosts').with_value( 'nonlocalhost3:5673,nonlocalhost4:5673') } - it { should contain_glance_api_config('DEFAULT/rabbit_ha_queues').with_value('true') } - it { should_not contain_glance_api_config('DEFAULT/rabbit_port') } - it { should_not contain_glance_api_config('DEFAULT/rabbit_host') } + it { is_expected.to contain_glance_api_config('oslo_messaging_rabbit/rabbit_ha_queues').with_value('true') } + it { is_expected.to_not contain_glance_api_config('oslo_messaging_rabbit/rabbit_port') } + it { is_expected.to_not contain_glance_api_config('oslo_messaging_rabbit/rabbit_host') } end describe 'when using deprecated params' do @@ -109,6 +129,6 @@ describe 'glance::notify::rabbitmq' do :rabbit_password => 'pass' } end - it { should contain_glance_api_config('DEFAULT/amqp_durable_queues').with_value('true') } + it { is_expected.to contain_glance_api_config('DEFAULT/amqp_durable_queues').with_value('true') } end end diff --git a/deployment/puppet/glance/spec/classes/glance_policy_spec.rb b/deployment/puppet/glance/spec/classes/glance_policy_spec.rb new file mode 100644 index 0000000000..9bab0d163e --- /dev/null +++ b/deployment/puppet/glance/spec/classes/glance_policy_spec.rb @@ -0,0 +1,41 @@ +require 'spec_helper' + +describe 'glance::policy' do + + shared_examples_for 'glance policies' do + let :params do + { + :policy_path => '/etc/glance/policy.json', + :policies => { + 'context_is_admin' => { + 'key' => 'context_is_admin', + 'value' => 'foo:bar' + } + } + } + end + + it 'set up the policies' do + is_expected.to contain_openstacklib__policy__base('context_is_admin').with({ + :key => 'context_is_admin', + :value => 'foo:bar' + }) + end + end + + context 'on Debian platforms' do + let :facts do + { :osfamily => 'Debian' } + end + + it_configures 'glance policies' + end + + context 'on RedHat platforms' do + let :facts do + { :osfamily => 'RedHat' } + end + + it_configures 'glance policies' + end +end diff --git a/deployment/puppet/glance/spec/classes/glance_registry_spec.rb b/deployment/puppet/glance/spec/classes/glance_registry_spec.rb index 61e79916ec..9f956dfcf3 100644 --- a/deployment/puppet/glance/spec/classes/glance_registry_spec.rb +++ b/deployment/puppet/glance/spec/classes/glance_registry_spec.rb @@ -9,48 +9,48 @@ describe 'glance::registry' do let :default_params do { - :verbose => false, - :debug => false, - :bind_host => '0.0.0.0', - :bind_port => '9191', - :log_file => '/var/log/glance/registry.log', - :log_dir => '/var/log/glance', - :sql_connection => 'sqlite:///var/lib/glance/glance.sqlite', - :sql_idle_timeout => '3600', - :enabled => true, - :auth_type => 'keystone', - :auth_host => '127.0.0.1', - :auth_port => '35357', - :auth_protocol => 'http', - :auth_uri => 'http://127.0.0.1:5000/', - :identity_uri => 'http://127.0.0.1:35357/', - :keystone_tenant => 'services', - :keystone_user => 'glance', - :keystone_password => 'ChangeMe', - :purge_config => false, - :mysql_module => '0.9' + :verbose => false, + :debug => false, + :bind_host => '0.0.0.0', + :bind_port => '9191', + :log_file => '/var/log/glance/registry.log', + :log_dir => '/var/log/glance', + :database_connection => 'sqlite:///var/lib/glance/glance.sqlite', + :database_idle_timeout => '3600', + :enabled => true, + :manage_service => true, + :auth_type => 'keystone', + :auth_host => '127.0.0.1', + :auth_port => '35357', + :auth_protocol => 'http', + :auth_uri => 'http://127.0.0.1:5000/', + :keystone_tenant => 'services', + :keystone_user => 'glance', + :keystone_password => 'ChangeMe', + :purge_config => false, + :sync_db => true, } end [ {:keystone_password => 'ChangeMe'}, { - :verbose => true, - :debug => true, - :bind_host => '127.0.0.1', - :bind_port => '9111', - :sql_connection => 'sqlite:///var/lib/glance.sqlite', - :sql_idle_timeout => '360', - :enabled => false, - :auth_type => 'keystone', - :auth_host => '127.0.0.1', - :auth_port => '35357', - :auth_protocol => 'http', - :auth_uri => 'http://127.0.0.1:5000/', - :identity_uri => 'http://127.0.0.1:35357/', - :keystone_tenant => 'admin', - :keystone_user => 'admin', - :keystone_password => 'ChangeMe', + :verbose => true, + :debug => true, + :bind_host => '127.0.0.1', + :bind_port => '9111', + :database_connection => 'sqlite:///var/lib/glance.sqlite', + :database_idle_timeout => '360', + :enabled => false, + :auth_type => 'keystone', + :auth_host => '127.0.0.1', + :auth_port => '35357', + :auth_protocol => 'http', + :auth_uri => 'http://127.0.0.1:5000/', + :keystone_tenant => 'admin', + :keystone_user => 'admin', + :keystone_password => 'ChangeMe', + :sync_db => false, } ].each do |param_set| @@ -63,10 +63,10 @@ describe 'glance::registry' do param_set end - it { should contain_class 'glance::registry' } + it { is_expected.to contain_class 'glance::registry' } - it { should contain_service('glance-registry').with( - 'ensure' => param_hash[:enabled] ? 'running' : 'stopped', + it { is_expected.to contain_service('glance-registry').with( + 'ensure' => (param_hash[:manage_service] && param_hash[:enabled]) ? 'running' : 'stopped', 'enable' => param_hash[:enabled], 'hasstatus' => true, 'hasrestart' => true, @@ -74,47 +74,78 @@ describe 'glance::registry' do 'require' => 'Class[Glance]' )} - it 'should only sync the db if the service is enabled' do + it 'is_expected.to only sync the db if sync_db is enabled' do - if param_hash[:enabled] - should contain_exec('glance-manage db_sync').with( + if param_hash[:sync_db] + is_expected.to contain_exec('glance-manage db_sync').with( 'path' => '/usr/bin', + 'command' => 'glance-manage --config-file=/etc/glance/glance-registry.conf db_sync', 'refreshonly' => true, 'logoutput' => 'on_failure', 'subscribe' => ['Package[glance-registry]', 'File[/etc/glance/glance-registry.conf]'], - 'notify' => 'Service[glance-registry]' + 'notify' => ["Service[glance-registry]"] ) end end - it 'should configure itself' do + it 'is_expected.to not sync the db if sync_db is set to false' do + + if !param_hash[:sync_db] + is_expected.not_to contain_exec('glance-manage db_sync') + end + end + it 'is_expected.to configure itself' do [ 'verbose', 'debug', 'bind_port', 'bind_host', - 'sql_connection', - 'sql_idle_timeout' ].each do |config| - should contain_glance_registry_config("DEFAULT/#{config}").with_value(param_hash[config.intern]) + is_expected.to contain_glance_registry_config("DEFAULT/#{config}").with_value(param_hash[config.intern]) + end + [ + 'database_connection', + 'database_idle_timeout', + ].each do |config| + is_expected.to contain_glance_registry_config("database/#{config.gsub(/database_/,'')}").with_value(param_hash[config.intern]) end [ 'auth_host', 'auth_port', 'auth_protocol' ].each do |config| - should contain_glance_registry_config("keystone_authtoken/#{config}").with_value(param_hash[config.intern]) + is_expected.to contain_glance_registry_config("keystone_authtoken/#{config}").with_value(param_hash[config.intern]) end - should contain_glance_registry_config('keystone_authtoken/auth_admin_prefix').with_ensure('absent') + is_expected.to contain_glance_registry_config('keystone_authtoken/auth_admin_prefix').with_ensure('absent') if param_hash[:auth_type] == 'keystone' - should contain_glance_registry_config("paste_deploy/flavor").with_value('keystone') - should contain_glance_registry_config("keystone_authtoken/admin_tenant_name").with_value(param_hash[:keystone_tenant]) - should contain_glance_registry_config("keystone_authtoken/admin_user").with_value(param_hash[:keystone_user]) - should contain_glance_registry_config("keystone_authtoken/admin_password").with_value(param_hash[:keystone_password]) + is_expected.to contain_glance_registry_config("paste_deploy/flavor").with_value('keystone') + is_expected.to contain_glance_registry_config("keystone_authtoken/admin_tenant_name").with_value(param_hash[:keystone_tenant]) + is_expected.to contain_glance_registry_config("keystone_authtoken/admin_user").with_value(param_hash[:keystone_user]) + is_expected.to contain_glance_registry_config("keystone_authtoken/admin_password").with_value(param_hash[:keystone_password]) + is_expected.to contain_glance_registry_config("keystone_authtoken/admin_password").with_value(param_hash[:keystone_password]).with_secret(true) end end end end + describe 'with disabled service managing' do + let :params do + { + :keystone_password => 'ChangeMe', + :manage_service => false, + :enabled => false, + } + end + + it { is_expected.to contain_service('glance-registry').with( + 'ensure' => nil, + 'enable' => false, + 'hasstatus' => true, + 'hasrestart' => true, + 'subscribe' => 'File[/etc/glance/glance-registry.conf]', + 'require' => 'Class[Glance]' + )} + end + describe 'with overridden pipeline' do # At the time of writing there was only blank and keystone as options # but there is no reason that there can't be more options in the future. @@ -125,7 +156,7 @@ describe 'glance::registry' do } end - it { should contain_glance_registry_config('paste_deploy/flavor').with_value('validoptionstring') } + it { is_expected.to contain_glance_registry_config('paste_deploy/flavor').with_value('validoptionstring') } end describe 'with blank pipeline' do @@ -136,7 +167,7 @@ describe 'glance::registry' do } end - it { should contain_glance_registry_config('paste_deploy/flavor').with_ensure('absent') } + it { is_expected.to contain_glance_registry_config('paste_deploy/flavor').with_ensure('absent') } end [ @@ -155,7 +186,7 @@ describe 'glance::registry' do } end - it { expect { should contain_glance_registry_config('filter:paste_deploy/flavor') }.to\ + it { expect { is_expected.to contain_glance_registry_config('filter:paste_deploy/flavor') }.to\ raise_error(Puppet::Error, /validate_re\(\): .* does not match/) } end end @@ -168,7 +199,7 @@ describe 'glance::registry' do } end - it { should contain_glance_registry_config('keystone_authtoken/auth_admin_prefix').with_value('/keystone/main') } + it { is_expected.to contain_glance_registry_config('keystone_authtoken/auth_admin_prefix').with_value('/keystone/main') } end [ @@ -187,7 +218,7 @@ describe 'glance::registry' do } end - it { expect { should contain_glance_registry_config('filter:authtoken/auth_admin_prefix') }.to\ + it { expect { is_expected.to contain_glance_registry_config('filter:authtoken/auth_admin_prefix') }.to\ raise_error(Puppet::Error, /validate_re\(\): "#{auth_admin_prefix}" does not match/) } end end @@ -197,8 +228,8 @@ describe 'glance::registry' do default_params end - it { should contain_glance_registry_config('DEFAULT/use_syslog').with_value(false) } - it { should_not contain_glance_registry_config('DEFAULT/syslog_log_facility') } + it { is_expected.to contain_glance_registry_config('DEFAULT/use_syslog').with_value(false) } + it { is_expected.to_not contain_glance_registry_config('DEFAULT/syslog_log_facility') } end describe 'with syslog enabled' do @@ -208,8 +239,8 @@ describe 'glance::registry' do }) end - it { should contain_glance_registry_config('DEFAULT/use_syslog').with_value(true) } - it { should contain_glance_registry_config('DEFAULT/syslog_log_facility').with_value('LOG_USER') } + it { is_expected.to contain_glance_registry_config('DEFAULT/use_syslog').with_value(true) } + it { is_expected.to contain_glance_registry_config('DEFAULT/syslog_log_facility').with_value('LOG_USER') } end describe 'with syslog enabled and custom settings' do @@ -220,38 +251,38 @@ describe 'glance::registry' do }) end - it { should contain_glance_registry_config('DEFAULT/use_syslog').with_value(true) } - it { should contain_glance_registry_config('DEFAULT/syslog_log_facility').with_value('LOG_LOCAL0') } + it { is_expected.to contain_glance_registry_config('DEFAULT/use_syslog').with_value(true) } + it { is_expected.to contain_glance_registry_config('DEFAULT/syslog_log_facility').with_value('LOG_LOCAL0') } end describe 'with log_file enabled by default' do let(:params) { default_params } - it { should contain_glance_registry_config('DEFAULT/log_file').with_value(default_params[:log_file]) } + it { is_expected.to contain_glance_registry_config('DEFAULT/log_file').with_value(default_params[:log_file]) } context 'with log_file disabled' do let(:params) { default_params.merge!({ :log_file => false }) } - it { should contain_glance_registry_config('DEFAULT/log_file').with_ensure('absent') } + it { is_expected.to contain_glance_registry_config('DEFAULT/log_file').with_ensure('absent') } end end describe 'with log_dir enabled by default' do let(:params) { default_params } - it { should contain_glance_registry_config('DEFAULT/log_dir').with_value(default_params[:log_dir]) } + it { is_expected.to contain_glance_registry_config('DEFAULT/log_dir').with_value(default_params[:log_dir]) } context 'with log_dir disabled' do let(:params) { default_params.merge!({ :log_dir => false }) } - it { should contain_glance_registry_config('DEFAULT/log_dir').with_ensure('absent') } + it { is_expected.to contain_glance_registry_config('DEFAULT/log_dir').with_ensure('absent') } end end describe 'with no ssl options (default)' do let(:params) { default_params } - it { should contain_glance_registry_config('DEFAULT/ca_file').with_ensure('absent')} - it { should contain_glance_registry_config('DEFAULT/cert_file').with_ensure('absent')} - it { should contain_glance_registry_config('DEFAULT/key_file').with_ensure('absent')} + it { is_expected.to contain_glance_registry_config('DEFAULT/ca_file').with_ensure('absent')} + it { is_expected.to contain_glance_registry_config('DEFAULT/cert_file').with_ensure('absent')} + it { is_expected.to contain_glance_registry_config('DEFAULT/key_file').with_ensure('absent')} end describe 'with ssl options' do @@ -264,9 +295,50 @@ describe 'glance::registry' do end context 'with ssl options' do - it { should contain_glance_registry_config('DEFAULT/ca_file').with_value('/tmp/ca_file') } - it { should contain_glance_registry_config('DEFAULT/cert_file').with_value('/tmp/cert_file') } - it { should contain_glance_registry_config('DEFAULT/key_file').with_value('/tmp/key_file') } + it { is_expected.to contain_glance_registry_config('DEFAULT/ca_file').with_value('/tmp/ca_file') } + it { is_expected.to contain_glance_registry_config('DEFAULT/cert_file').with_value('/tmp/cert_file') } + it { is_expected.to contain_glance_registry_config('DEFAULT/key_file').with_value('/tmp/key_file') } + end + end + + + describe 'with identity and auth settings' do + let :params do + { + :keystone_password => 'ChangeMe', + } + end + context 'with custom keystone identity_uri' do + before do + params.merge!({ + :identity_uri => 'https://foo.bar:1234/', + }) + end + it 'configures identity_uri' do + is_expected.to contain_glance_registry_config('keystone_authtoken/identity_uri').with_value("https://foo.bar:1234/"); + # since only auth_uri is set the deprecated auth parameters is_expected.to + # still get set in case they are still in use + is_expected.to contain_glance_registry_config('keystone_authtoken/auth_host').with_value('127.0.0.1'); + is_expected.to contain_glance_registry_config('keystone_authtoken/auth_port').with_value('35357'); + is_expected.to contain_glance_registry_config('keystone_authtoken/auth_protocol').with_value('http'); + end + end + + context 'with custom keystone identity_uri and auth_uri' do + before do + params.merge!({ + :identity_uri => 'https://foo.bar:35357/', + :auth_uri => 'https://foo.bar:5000/v2.0/', + }) + end + it 'configures identity_uri' do + is_expected.to contain_glance_registry_config('keystone_authtoken/identity_uri').with_value("https://foo.bar:35357/"); + is_expected.to contain_glance_registry_config('keystone_authtoken/auth_uri').with_value("https://foo.bar:5000/v2.0/"); + is_expected.to contain_glance_registry_config('keystone_authtoken/auth_host').with_ensure('absent') + is_expected.to contain_glance_registry_config('keystone_authtoken/auth_port').with_ensure('absent') + is_expected.to contain_glance_registry_config('keystone_authtoken/auth_protocol').with_ensure('absent') + is_expected.to contain_glance_registry_config('keystone_authtoken/auth_admin_prefix').with_ensure('absent') + end end end @@ -274,9 +346,18 @@ describe 'glance::registry' do let :facts do { :osfamily => 'Debian' } end - let(:params) { default_params } - it {should contain_package('glance-registry')} + # We only test this on Debian platforms, since on RedHat there isn't a + # separate package for glance registry. + ['present', 'latest'].each do |package_ensure| + context "with package_ensure '#{package_ensure}'" do + let(:params) { default_params.merge({ :package_ensure => package_ensure }) } + it { is_expected.to contain_package('glance-registry').with( + :ensure => package_ensure, + :tag => ['openstack'] + )} + end + end end describe 'on RedHat platforms' do @@ -285,7 +366,7 @@ describe 'glance::registry' do end let(:params) { default_params } - it { should contain_package('openstack-glance')} + it { is_expected.to contain_package('openstack-glance')} end describe 'on unknown platforms' do @@ -294,9 +375,7 @@ describe 'glance::registry' do end let(:params) { default_params } - it 'should fails to configure glance-registry' do - expect { subject }.to raise_error(Puppet::Error, /module glance only support osfamily RedHat and Debian/) - end + it_raises 'a Puppet::Error', /module glance only support osfamily RedHat and Debian/ end end diff --git a/deployment/puppet/glance/spec/classes/glance_spec.rb b/deployment/puppet/glance/spec/classes/glance_spec.rb index 9af348a2f0..075cec5eb1 100644 --- a/deployment/puppet/glance/spec/classes/glance_spec.rb +++ b/deployment/puppet/glance/spec/classes/glance_spec.rb @@ -25,7 +25,7 @@ describe 'glance' do let :params do param_set end - it { should contain_file('/etc/glance/').with( + it { is_expected.to contain_file('/etc/glance/').with( 'ensure' => 'directory', 'owner' => 'glance', 'mode' => '0770' @@ -40,7 +40,7 @@ describe 'glance' do end let(:params) { default_params } - it {should_not contain_package('glance')} + it { is_expected.to_not contain_package('glance') } end describe 'on RedHat platforms' do @@ -49,7 +49,9 @@ describe 'glance' do end let(:params) { default_params } - it { should contain_package('openstack-glance')} + it { is_expected.to contain_package('openstack-glance').with( + :tag => ['openstack'], + )} end end diff --git a/deployment/puppet/glance/spec/shared_examples.rb b/deployment/puppet/glance/spec/shared_examples.rb index d92156a361..fec0eacc98 100644 --- a/deployment/puppet/glance/spec/shared_examples.rb +++ b/deployment/puppet/glance/spec/shared_examples.rb @@ -1,5 +1,5 @@ shared_examples_for "a Puppet::Error" do |description| it "with message matching #{description.inspect}" do - expect { should have_class_count(1) }.to raise_error(Puppet::Error, description) + expect { is_expected.to have_class_count(1) }.to raise_error(Puppet::Error, description) end end diff --git a/deployment/puppet/glance/spec/spec_helper.rb b/deployment/puppet/glance/spec/spec_helper.rb index 076e2bb39d..53d4dd02de 100644 --- a/deployment/puppet/glance/spec/spec_helper.rb +++ b/deployment/puppet/glance/spec/spec_helper.rb @@ -2,6 +2,6 @@ require 'puppetlabs_spec_helper/module_spec_helper' require 'shared_examples' RSpec.configure do |c| - c.alias_it_should_behave_like_to :it_configures, 'configures' - c.alias_it_should_behave_like_to :it_raises, 'raises' + c.alias_it_should_behave_like_to :it_configures, 'configures' + c.alias_it_should_behave_like_to :it_raises, 'raises' end diff --git a/deployment/puppet/glance/spec/spec_helper_acceptance.rb b/deployment/puppet/glance/spec/spec_helper_acceptance.rb new file mode 100644 index 0000000000..386d612fe9 --- /dev/null +++ b/deployment/puppet/glance/spec/spec_helper_acceptance.rb @@ -0,0 +1,43 @@ +require 'beaker-rspec' +require 'beaker/puppet_install_helper' + +run_puppet_install_helper + +RSpec.configure do |c| + # Project root + proj_root = File.expand_path(File.join(File.dirname(__FILE__), '..')) + + # Readable test descriptions + c.formatter = :documentation + + # Configure all nodes in nodeset + c.before :suite do + # Install module + hosts.each do |host| + + # install git + install_package host, 'git' + + # clean out any module cruft + shell('rm -fr /etc/puppet/modules/*') + + # install library modules from the forge + on host, puppet('module','install', '--force', 'puppetlabs-mysql', '--version', '3.2.0'), { :acceptable_exit_codes => [0,1] } + on host, puppet('module','install','dprince/qpid'), { :acceptable_exit_codes => [0,1] } + on host, puppet('module','install','puppetlabs-apt', '--version', '1.8.0'), { :acceptable_exit_codes => [0,1] } + on host, puppet('module','install','puppetlabs-inifile'), { :acceptable_exit_codes => [0,1] } + on host, puppet('module','install','puppetlabs-stdlib'), { :acceptable_exit_codes => [0,1] } + on host, puppet('module','install','stahnma-epel'), { :acceptable_exit_codes => [0,1] } + + # install puppet modules from git, use master + shell('git clone https://git.openstack.org/openstack/puppet-openstacklib /etc/puppet/modules/openstacklib') + shell('git clone https://git.openstack.org/openstack/puppet-keystone /etc/puppet/modules/keystone') + shell('git clone https://git.openstack.org/openstack/puppet-openstack_extras /etc/puppet/modules/openstack_extras') + + # Install the module being tested + puppet_module_install(:source => proj_root, :module_name => 'glance') + # List modules installed to help with debugging + on hosts[0], puppet('module','list'), { :acceptable_exit_codes => [0,1] } + end + end +end diff --git a/deployment/puppet/glance/spec/unit/provider/glance_spec.rb b/deployment/puppet/glance/spec/unit/provider/glance_spec.rb index 0834ce01a9..344ec4a215 100644 --- a/deployment/puppet/glance/spec/unit/provider/glance_spec.rb +++ b/deployment/puppet/glance/spec/unit/provider/glance_spec.rb @@ -35,19 +35,25 @@ describe Puppet::Provider::Glance do 'admin_tenant_name' => 'foo', 'admin_user' => 'user', 'admin_password' => 'pass' + }, + 'glance_store' => + { + 'os_region_name' => 'SomeRegion', } } Puppet::Util::IniConfig::File.expects(:new).returns(mock) mock.expects(:read).with('/etc/glance/glance-api.conf') klass.expects(:sleep).with(10).returns(nil) klass.expects(:glance).twice.with( - '-T', + '--os-tenant-name', 'foo', - '-I', + '--os-username', 'user', - '-K', + '--os-password', 'pass', - '-N', + '--os-region-name', + 'SomeRegion', + '--os-auth-url', 'http://127.0.0.1:35357/v2.0/', ['test_retries'] ).raises(Exception, valid_message).then.returns('') diff --git a/deployment/puppet/glance/tests/api.pp b/deployment/puppet/glance/tests/api.pp index 7b49319160..eba4700740 100644 --- a/deployment/puppet/glance/tests/api.pp +++ b/deployment/puppet/glance/tests/api.pp @@ -1,4 +1,4 @@ -class { 'glance::api': +class { '::glance::api': debug => true, verbose => true, } diff --git a/deployment/puppet/glance/tests/init.pp b/deployment/puppet/glance/tests/init.pp index 57cf401a16..776103ddc4 100644 --- a/deployment/puppet/glance/tests/init.pp +++ b/deployment/puppet/glance/tests/init.pp @@ -1 +1 @@ -class { 'glance': } +class { '::glance': } diff --git a/deployment/puppet/glance/tests/registry.pp b/deployment/puppet/glance/tests/registry.pp index 8635cb267c..52a2d1cee3 100644 --- a/deployment/puppet/glance/tests/registry.pp +++ b/deployment/puppet/glance/tests/registry.pp @@ -1,4 +1,4 @@ -class { 'glance::registry': +class { '::glance::registry': debug => true, verbose => true, } diff --git a/deployment/puppet/glance/tests/site.pp b/deployment/puppet/glance/tests/site.pp index 2859b72d7e..7c3edb7465 100644 --- a/deployment/puppet/glance/tests/site.pp +++ b/deployment/puppet/glance/tests/site.pp @@ -4,32 +4,32 @@ Exec { logoutput => 'on_failure' } node glance_keystone_mysql { - class { 'mysql::server': } - class { 'keystone': + class { '::mysql::server': } + class { '::keystone': verbose => true, debug => true, catalog_type => 'sql', admin_token => 'admin_token', } - class { 'keystone::db::mysql': + class { '::keystone::db::mysql': password => 'keystone', } - class { 'keystone::roles::admin': + class { '::keystone::roles::admin': email => 'test@puppetlabs.com', password => 'ChangeMe', } - class { 'glance::api': - verbose => true, - debug => true, - auth_type => 'keystone', - keystone_tenant => 'services', - keystone_user => 'glance', - keystone_password => 'glance_password', - sql_connection => 'mysql://glance:glance@127.0.0.1/glance', + class { '::glance::api': + verbose => true, + debug => true, + auth_type => 'keystone', + keystone_tenant => 'services', + keystone_user => 'glance', + keystone_password => 'glance_password', + database_connection => 'mysql://glance:glance@127.0.0.1/glance', } - class { 'glance::backend::file': } + class { '::glance::backend::file': } - class { 'glance::db::mysql': + class { '::glance::db::mysql': password => 'glance', dbname => 'glance', user => 'glance', @@ -38,16 +38,16 @@ node glance_keystone_mysql { # $cluster_id = 'localzone' } - class { 'glance::registry': - verbose => true, - debug => true, - auth_type => 'keystone', - keystone_tenant => 'services', - keystone_user => 'glance', - keystone_password => 'glance_password', - sql_connection => 'mysql://glance:glance@127.0.0.1/glance', + class { '::glance::registry': + verbose => true, + debug => true, + auth_type => 'keystone', + keystone_tenant => 'services', + keystone_user => 'glance', + keystone_password => 'glance_password', + database_connection => 'mysql://glance:glance@127.0.0.1/glance', } - class { 'glance::keystone::auth': + class { '::glance::keystone::auth': password => 'glance_pass', } }