251 lines
10 KiB
Ruby
251 lines
10 KiB
Ruby
# ROLE: primary-controller
|
|
# ROLE: controller
|
|
require 'spec_helper'
|
|
require 'shared-examples'
|
|
manifest = 'swift/proxy_storage.pp'
|
|
|
|
describe manifest do
|
|
shared_examples 'catalog' do
|
|
workers_max = Noop.hiera 'workers_max'
|
|
role = Noop.hiera 'role'
|
|
storage_hash = Noop.hiera_hash 'storage'
|
|
swift_hash = Noop.hiera_hash 'swift'
|
|
rabbit_hash = Noop.hiera_structure 'rabbit', {}
|
|
network_scheme = Noop.hiera_hash 'network_scheme'
|
|
|
|
let(:memcached_servers) { Noop.hiera 'memcached_servers' }
|
|
management_vip = Noop.hiera('management_vip')
|
|
|
|
swift_operator_roles = storage_hash.fetch('swift_operator_roles', ['admin', 'SwiftOperator', '_member_'])
|
|
ring_part_power = swift_hash.fetch('ring_part_power', 10)
|
|
ring_min_part_hours = Noop.hiera 'swift_ring_min_part_hours', 1
|
|
deploy_swift_proxy = Noop.hiera('deploy_swift_proxy', true)
|
|
deploy_swift_storage = Noop.hiera('deploy_swift_storage', true)
|
|
swift_proxies_num = (Noop.hiera('swift_proxies')).size
|
|
|
|
let(:transport_url) { Noop.hiera 'transport_url', 'rabbit://guest:password@127.0.0.1:5672/' }
|
|
network_scheme = Noop.hiera_hash 'network_scheme'
|
|
internal_virtual_ip = Noop.hiera_structure('network_metadata/vips/management/ipaddr')
|
|
|
|
if swift_proxies_num < 2
|
|
ring_replicas = 2
|
|
else
|
|
ring_replicas = 3
|
|
end
|
|
|
|
let (:storage_nets){
|
|
Noop.puppet_function 'get_routable_networks_for_network_role', network_scheme, 'swift/replication', ' '
|
|
}
|
|
|
|
let (:mgmt_nets){
|
|
Noop.puppet_function 'get_routable_networks_for_network_role', network_scheme, 'swift/api', ' '
|
|
}
|
|
|
|
let (:bind_to_one) {
|
|
api_net = Noop.puppet_function 'get_network_role_property', 'swift/api', 'network'
|
|
Noop.puppet_function 'has_ip_in_network', internal_virtual_ip, api_net
|
|
}
|
|
|
|
let(:ssl_hash) { Noop.hiera_hash 'use_ssl', {} }
|
|
|
|
let(:public_ssl_hash) { Noop.hiera_hash 'public_ssl', {} }
|
|
|
|
let(:internal_auth_protocol) { Noop.puppet_function 'get_ssl_property',ssl_hash,{},'keystone','internal','protocol','http' }
|
|
|
|
let(:internal_auth_address) { Noop.puppet_function 'get_ssl_property',ssl_hash,{},'keystone','internal','hostname',[Noop.hiera('service_endpoint', ''), management_vip] }
|
|
|
|
let(:admin_auth_protocol) { Noop.puppet_function 'get_ssl_property',ssl_hash,{},'keystone','admin','protocol','http' }
|
|
|
|
let(:admin_auth_address) { Noop.puppet_function 'get_ssl_property',ssl_hash,{},'keystone','admin','hostname',[Noop.hiera('service_endpoint', ''), management_vip] }
|
|
|
|
let(:auth_uri) { "#{internal_auth_protocol}://#{internal_auth_address}:5000/" }
|
|
|
|
let(:identity_uri) { "#{admin_auth_protocol}://#{admin_auth_address}:35357/" }
|
|
|
|
let(:proxy_port) { Noop.hiera 'proxy_port', '8080' }
|
|
let(:swift_api_ipaddr) { Noop.puppet_function 'get_network_role_property', 'swift/api', 'ipaddr' }
|
|
let(:swift_internal_protocol) { Noop.puppet_function 'get_ssl_property',ssl_hash,{},'swift','internal','protocol','http' }
|
|
let(:swift_interal_address) { Noop.puppet_function 'get_ssl_property',ssl_hash,{},'swift','internal','hostname',[swift_api_ipaddr, management_vip] }
|
|
let(:swift_public_protocol) { Noop.puppet_function 'get_ssl_property',ssl_hash,public_ssl_hash,'swift','public','protocol','http' }
|
|
let(:swift_public_address) { Noop.puppet_function 'get_ssl_property',ssl_hash,public_ssl_hash,'swift','public','hostname',[Noop.hiera('public_vip')] }
|
|
let(:swift_url_base) {"#{swift_public_protocol}:"}
|
|
|
|
# Swift
|
|
if !(storage_hash['images_ceph'] and storage_hash['objects_ceph'])
|
|
swift_partition = Noop.hiera 'swift_partition'
|
|
if role == 'primary-controller'
|
|
['account', 'object', 'container'].each do | ring |
|
|
it "should run rebalancing swift #{ring} ring" do
|
|
should contain_exec("rebalance_#{ring}").with(
|
|
'command' => "swift-ring-builder /etc/swift/#{ring}.builder rebalance",
|
|
'user' => 'swift',
|
|
'returns' => [0,1],
|
|
)
|
|
should contain_exec("create_#{ring}").with(
|
|
'command' => "swift-ring-builder /etc/swift/#{ring}.builder create #{ring_part_power} #{ring_replicas} #{ring_min_part_hours}",
|
|
'user' => 'swift',
|
|
)
|
|
end
|
|
end
|
|
['account', 'object', 'container'].each do | ring |
|
|
it "should define swift::ringbuilder::rebalance[#{ring}] before swift proxy service" do
|
|
should contain_swift__ringbuilder__rebalance(ring).that_comes_before('Service[swift-proxy-server]')
|
|
end
|
|
end
|
|
['account', 'object', 'container'].each do | ring |
|
|
['account', 'object', 'container'].each do | storage |
|
|
it "should define swift::ringbuilder::rebalance[#{ring}] before swift::storage::generic[#{storage}]" do
|
|
# expect(graph).to ensure_transitive_dependency("Swift::Ringbuilder::Rebalance[#{ring}]",
|
|
# "Swift::Storage::Generic[#{storage}]")
|
|
end
|
|
end
|
|
end
|
|
end
|
|
|
|
it 'should declare swift::proxy::cache class with correct memcache_servers parameter' do
|
|
should contain_class('swift::proxy::cache').with(
|
|
'memcache_servers' => memcached_servers,
|
|
)
|
|
end
|
|
|
|
it 'should declare class swift::proxy::keystone with correct operator_roles parameter' do
|
|
should contain_class('swift::proxy::keystone').with(
|
|
'operator_roles' => swift_operator_roles,
|
|
)
|
|
end
|
|
|
|
it 'should configure proxy workers' do
|
|
fallback_workers = [[facts[:processorcount].to_i, 2].max, workers_max.to_i].min
|
|
workers = swift_hash.fetch('workers', fallback_workers)
|
|
should contain_class('swift::proxy').with(
|
|
'workers' => workers)
|
|
end
|
|
|
|
it 'should declare swift::proxy class with 4 processess on 4 CPU & 32G system' do
|
|
should contain_class('swift::proxy').with(
|
|
'workers' => '4',
|
|
)
|
|
end
|
|
|
|
if !swift_partition
|
|
swift_partition = '/var/lib/glance/node'
|
|
it 'should allow swift user to write into /var/lib/glance directory' do
|
|
should contain_file('/var/lib/glance').with(
|
|
'ensure' => 'directory',
|
|
'group' => 'glance',
|
|
).that_requires('Package[swift]')
|
|
end
|
|
end
|
|
|
|
it 'should disable mount check for swift devices' do
|
|
should contain_class('swift::storage::all').with('mount_check' => false)
|
|
end
|
|
|
|
it 'should configure swift on separate partition' do
|
|
should contain_file(swift_partition).with(
|
|
'ensure' => 'directory',
|
|
'owner' => 'swift',
|
|
'group' => 'swift',
|
|
)
|
|
end
|
|
|
|
if deploy_swift_proxy
|
|
it 'should configure proxy workers' do
|
|
fallback_workers = [[facts[:processorcount].to_i, 2].max, workers_max.to_i].min
|
|
workers = swift_hash.fetch('workers', fallback_workers)
|
|
should contain_class('swift::proxy').with(
|
|
'workers' => workers)
|
|
end
|
|
|
|
it 'should declare swift::proxy class with 4 processess on 4 CPU & 32G system' do
|
|
should contain_class('swift::proxy').with(
|
|
'workers' => '4',
|
|
)
|
|
end
|
|
|
|
it 'should contain correct transport url' do
|
|
should contain_class('openstack_tasks::swift::parts::proxy').with(
|
|
:transport_url => transport_url
|
|
)
|
|
end
|
|
|
|
it 'should contain correct swift url base' do
|
|
should contain_class('openstack_tasks::swift::parts::proxy').with(
|
|
:swift_url_base => swift_url_base
|
|
)
|
|
end
|
|
|
|
it 'should contain memcached params' do
|
|
should contain_class('openstack_tasks::swift::parts::proxy').with(
|
|
:memcached_servers => memcached_servers
|
|
)
|
|
end
|
|
|
|
it 'should configure health check service correctly' do
|
|
if !bind_to_one
|
|
should_not contain_class('openstack_tasks::swift:::parts::status').with(
|
|
:endpoint => "#{swift_internal_protocol}://#{swift_internal_address}:#{proxy_port}",
|
|
:scan_target => "#{internal_auth_address}:5000",
|
|
:only_from => "127.0.0.1 240.0.0.2 #{storage_nets} #{mgmt_nets}",
|
|
:con_timeout => 5
|
|
).that_comes_before('Class[swift::dispersion]')
|
|
else
|
|
should_not contain_class('openstack_tasks::swift::parts:status')
|
|
end
|
|
end
|
|
|
|
it 'should contain valid auth uris' do
|
|
should contain_class('swift::proxy::authtoken').with(
|
|
'auth_uri' => auth_uri,
|
|
'identity_uri' => identity_uri,
|
|
)
|
|
end
|
|
|
|
it 'should contain container_sync class' do
|
|
should contain_class('swift::proxy::container_sync')
|
|
end
|
|
|
|
if Noop.hiera 'is_primary_swift_proxy'
|
|
it 'should contain swift backups section in rsync conf' do
|
|
should contain_rsync__server__module('swift_backups').with(
|
|
'path' => '/etc/swift/backups',
|
|
'lock_file' => '/var/lock/swift_backups.lock',
|
|
'uid' => 'swift',
|
|
'gid' => 'swift',
|
|
'incoming_chmod' => false,
|
|
'outgoing_chmod' => false,
|
|
'max_connections' => '5',
|
|
'read_only' => true,
|
|
)
|
|
end
|
|
end
|
|
end
|
|
|
|
if deploy_swift_storage
|
|
it 'should disable swift-container-reconciler service' do
|
|
should contain_service('swift-container-reconciler').with(
|
|
'ensure' => 'stopped',
|
|
'enable' => 'false',
|
|
).that_requires('Package[swift-container]')
|
|
end
|
|
|
|
it 'should disable swift-object-reconstructor service' do
|
|
should contain_service('swift-object-reconstructor').with(
|
|
'ensure' => 'stopped',
|
|
'enable' => 'false',
|
|
).that_requires('Package[swift-object]')
|
|
end
|
|
end
|
|
|
|
if deploy_swift_proxy or deploy_swift_storage
|
|
realm1_key = Noop.hiera('swift_realm1_key', 'realm1key')
|
|
it 'should contain swift_container-sync-realms config' do
|
|
should contain_swift_container_sync_realms_config('realm1/key').with_value(realm1_key)
|
|
should contain_swift_container_sync_realms_config('realm1/cluster_name1').with_value("#{swift_public_protocol}://#{swift_public_address}:8080/v1")
|
|
end
|
|
end
|
|
end
|
|
end
|
|
test_ubuntu_and_centos manifest
|
|
end
|