From 9510ce46e4d9d59a44fdb4e60a072d6577992bf7 Mon Sep 17 00:00:00 2001 From: Emilien Macchi Date: Tue, 20 Oct 2015 12:07:57 -0400 Subject: [PATCH] Implement Evaluator service * Manifest for evaluator and auth * acceptance * example * unit tests * Fix dbsync command and run it to make evaluator work Change-Id: I3e9f43ebeceaf62abed9412959c067c4bd4409da --- examples/aodh.pp | 4 + manifests/auth.pp | 73 +++++++++++++++ manifests/db/mysql.pp | 2 +- manifests/db/postgresql.pp | 2 +- manifests/db/sync.pp | 23 +++-- manifests/evaluator.pp | 59 ++++++++++++ spec/acceptance/aodh_wsgi_apache_spec.rb | 13 +++ spec/classes/aodh_auth_spec.rb | 55 +++++++++++ spec/classes/aodh_evaluator_spec.rb | 112 +++++++++++++++++++++++ 9 files changed, 334 insertions(+), 9 deletions(-) create mode 100644 manifests/auth.pp create mode 100644 manifests/evaluator.pp create mode 100644 spec/classes/aodh_auth_spec.rb create mode 100644 spec/classes/aodh_evaluator_spec.rb diff --git a/examples/aodh.pp b/examples/aodh.pp index 26cbdf1c..f2a927fe 100644 --- a/examples/aodh.pp +++ b/examples/aodh.pp @@ -9,3 +9,7 @@ include ::apache class { '::aodh::wsgi::apache': ssl => false, } +class { '::aodh::auth': + auth_password => 'a_big_secret', +} +class { '::aodh::evaluator': } diff --git a/manifests/auth.pp b/manifests/auth.pp new file mode 100644 index 00000000..d83551f1 --- /dev/null +++ b/manifests/auth.pp @@ -0,0 +1,73 @@ +# The aodh::auth class helps configure auth settings +# +# == Parameters +# [*auth_url*] +# the keystone public endpoint +# Optional. Defaults to 'http://localhost:5000/v2.0' +# +# [*auth_region*] +# the keystone region of this node +# Optional. Defaults to 'RegionOne' +# +# [*auth_user*] +# the keystone user for aodh services +# Optional. Defaults to 'aodh' +# +# [*auth_password*] +# the keystone password for aodh services +# Required. +# +# [*auth_tenant_name*] +# the keystone tenant name for aodh services +# Optional. Defaults to 'services' +# +# [*auth_tenant_id*] +# the keystone tenant id for aodh services. +# Optional. Defaults to undef. +# +# [*auth_cacert*] +# Certificate chain for SSL validation. Optional; Defaults to 'undef' +# +# [*auth_endpoint_type*] +# Type of endpoint in Identity service catalog to use for +# communication with OpenStack services. +# Optional. Defaults to undef. +# +class aodh::auth ( + $auth_password, + $auth_url = 'http://localhost:5000/v2.0', + $auth_region = 'RegionOne', + $auth_user = 'aodh', + $auth_tenant_name = 'services', + $auth_tenant_id = undef, + $auth_cacert = undef, + $auth_endpoint_type = undef, +) { + + if $auth_cacert { + aodh_config { 'service_credentials/os_cacert': value => $auth_cacert } + } else { + aodh_config { 'service_credentials/os_cacert': ensure => absent } + } + + aodh_config { + 'service_credentials/os_auth_url' : value => $auth_url; + 'service_credentials/os_region_name' : value => $auth_region; + 'service_credentials/os_username' : value => $auth_user; + 'service_credentials/os_password' : value => $auth_password, secret => true; + 'service_credentials/os_tenant_name' : value => $auth_tenant_name; + } + + if $auth_tenant_id { + aodh_config { + 'service_credentials/os_tenant_id' : value => $auth_tenant_id; + } + } + + if $auth_endpoint_type { + aodh_config { + 'service_credentials/os_endpoint_type' : value => $auth_endpoint_type; + } + } + +} diff --git a/manifests/db/mysql.pp b/manifests/db/mysql.pp index 71078e1b..6cda0479 100644 --- a/manifests/db/mysql.pp +++ b/manifests/db/mysql.pp @@ -65,5 +65,5 @@ class aodh::db::mysql( allowed_hosts => $allowed_hosts, } - ::Openstacklib::Db::Mysql['aodh'] ~> Exec<| title == 'aodh-manage db_sync' |> + ::Openstacklib::Db::Mysql['aodh'] ~> Exec<| title == 'aodh-db-sync' |> } diff --git a/manifests/db/postgresql.pp b/manifests/db/postgresql.pp index 86e645b4..d34aa9d9 100644 --- a/manifests/db/postgresql.pp +++ b/manifests/db/postgresql.pp @@ -50,6 +50,6 @@ class aodh::db::postgresql( privileges => $privileges, } - ::Openstacklib::Db::Postgresql['aodh'] ~> Exec<| title == 'aodh-manage db_sync' |> + ::Openstacklib::Db::Postgresql['aodh'] ~> Exec<| title == 'aodh-db-sync' |> } diff --git a/manifests/db/sync.pp b/manifests/db/sync.pp index 27aa0f80..a6566c74 100644 --- a/manifests/db/sync.pp +++ b/manifests/db/sync.pp @@ -1,14 +1,23 @@ # -# Class to execute "aodh-manage db_sync +# Class to execute "aodh-dbsync" # -class aodh::db::sync { - exec { 'aodh-manage db_sync': +# [*user*] +# (optional) User to run dbsync command. +# Defaults to 'aodh' +# +class aodh::db::sync ( + $user = 'aodh', +){ + exec { 'aodh-db-sync': + command => 'aodh-dbsync --config-file /etc/aodh/aodh.conf', path => '/usr/bin', - user => 'aodh', refreshonly => true, - subscribe => [Package['aodh'], Aodh_config['database/connection']], - require => User['aodh'], + user => $user, + logoutput => on_failure, } - Exec['aodh-manage db_sync'] ~> Service<| title == 'aodh' |> + Package<| tag == 'aodh-package' |> ~> Exec['aodh-db-sync'] + Exec['aodh-db-sync'] ~> Service<| tag == 'aodh-db-sync-service' |> + Aodh_config<||> ~> Exec['aodh-db-sync'] + Aodh_config<| title == 'database/connection' |> ~> Exec['aodh-db-sync'] } diff --git a/manifests/evaluator.pp b/manifests/evaluator.pp new file mode 100644 index 00000000..fbe55f89 --- /dev/null +++ b/manifests/evaluator.pp @@ -0,0 +1,59 @@ +# Installs the aodh evaluator service +# +# == Params +# [*enabled*] +# (optional) Should the service be enabled. +# Defaults to true. +# +# [*manage_service*] +# (optional) Whether the service should be managed by Puppet. +# Defaults to true. +# +# [*package_ensure*] +# (optional) ensure state for package. +# Defaults to 'present' +# +# [*coordination_url*] +# (optional) The url to use for distributed group membership coordination. +# Defaults to undef. +# +class aodh::evaluator ( + $manage_service = true, + $enabled = true, + $package_ensure = 'present', + $coordination_url = undef, +) { + + include ::aodh::params + + Aodh_config<||> ~> Service['aodh-evaluator'] + + if $coordination_url { + aodh_config { + 'coordination/backend_url' : value => $coordination_url; + } + } + + Package[$::aodh::params::evaluator_package_name] -> Service['aodh-evaluator'] + ensure_resource( 'package', [$::aodh::params::evaluator_package_name], + { ensure => $package_ensure } + ) + + if $manage_service { + if $enabled { + $service_ensure = 'running' + } else { + $service_ensure = 'stopped' + } + } + + Package['aodh'] -> Service['aodh-evaluator'] + service { 'aodh-evaluator': + ensure => $service_ensure, + name => $::aodh::params::evaluator_service_name, + enable => $enabled, + hasstatus => true, + hasrestart => true, + tag => ['aodh-service','aodh-db-sync-service'] + } +} diff --git a/spec/acceptance/aodh_wsgi_apache_spec.rb b/spec/acceptance/aodh_wsgi_apache_spec.rb index 0fe2083d..b85e6be3 100644 --- a/spec/acceptance/aodh_wsgi_apache_spec.rb +++ b/spec/acceptance/aodh_wsgi_apache_spec.rb @@ -119,6 +119,19 @@ describe 'basic aodh' do class { '::aodh::wsgi::apache': ssl => false, } + class { '::aodh::auth': + auth_url => 'http://127.0.0.1:5000/v2.0', + auth_password => 'a_big_secret', + } + case $::osfamily { + 'Debian': { + warning('aodh-evaluator cannot be run on ubuntu system, package is broken. See LP#1508463') + } + 'RedHat': { + class { '::aodh::evaluator': } + class { '::aodh::db::sync': } + } + } EOS diff --git a/spec/classes/aodh_auth_spec.rb b/spec/classes/aodh_auth_spec.rb new file mode 100644 index 00000000..9813451c --- /dev/null +++ b/spec/classes/aodh_auth_spec.rb @@ -0,0 +1,55 @@ +require 'spec_helper' + +describe 'aodh::auth' do + + let :params do + { :auth_url => 'http://localhost:5000/v2.0', + :auth_region => 'RegionOne', + :auth_user => 'aodh', + :auth_password => 'password', + :auth_tenant_name => 'services', + } + end + + shared_examples_for 'aodh-auth' do + + it 'configures authentication' do + is_expected.to contain_aodh_config('service_credentials/os_auth_url').with_value('http://localhost:5000/v2.0') + is_expected.to contain_aodh_config('service_credentials/os_region_name').with_value('RegionOne') + is_expected.to contain_aodh_config('service_credentials/os_username').with_value('aodh') + is_expected.to contain_aodh_config('service_credentials/os_password').with_value('password') + is_expected.to contain_aodh_config('service_credentials/os_password').with_value(params[:auth_password]).with_secret(true) + is_expected.to contain_aodh_config('service_credentials/os_tenant_name').with_value('services') + is_expected.to contain_aodh_config('service_credentials/os_cacert').with(:ensure => 'absent') + end + + context 'when overriding parameters' do + before do + params.merge!( + :auth_cacert => '/tmp/dummy.pem', + :auth_endpoint_type => 'internalURL', + ) + end + it { is_expected.to contain_aodh_config('service_credentials/os_cacert').with_value(params[:auth_cacert]) } + it { is_expected.to contain_aodh_config('service_credentials/os_endpoint_type').with_value(params[:auth_endpoint_type]) } + end + + end + + context 'on Debian platforms' do + let :facts do + { :osfamily => 'Debian' } + end + + it_configures 'aodh-auth' + end + + context 'on RedHat platforms' do + let :facts do + { :osfamily => 'RedHat' } + end + + it_configures 'aodh-auth' + end + +end diff --git a/spec/classes/aodh_evaluator_spec.rb b/spec/classes/aodh_evaluator_spec.rb new file mode 100644 index 00000000..a9b3c284 --- /dev/null +++ b/spec/classes/aodh_evaluator_spec.rb @@ -0,0 +1,112 @@ +require 'spec_helper' +# LP1492636 - Cohabitation of compile matcher and webmock +WebMock.disable_net_connect!(:allow => "169.254.169.254") + +describe 'aodh::evaluator' do + + let :pre_condition do + "class { '::aodh': }" + end + + let :params do + { :enabled => true } + end + + shared_examples_for 'aodh-evaluator' do + + context 'with coordination' do + before do + params.merge!({ :coordination_url => 'redis://localhost:6379' }) + end + + it 'configures backend_url' do + is_expected.to contain_aodh_config('coordination/backend_url').with_value('redis://localhost:6379') + end + end + + context 'when enabled' do + it { is_expected.to contain_class('aodh::params') } + + it 'installs aodh-evaluator package' do + is_expected.to contain_package(platform_params[:evaluator_package_name]).with( + :ensure => 'present' + ) + end + + it 'configures aodh-evaluator service' do + is_expected.to contain_service('aodh-evaluator').with( + :ensure => 'running', + :name => platform_params[:evaluator_service_name], + :enable => true, + :hasstatus => true, + :hasrestart => true, + :tag => ['aodh-service','aodh-db-sync-service'] + ) + end + + end + + context 'when disabled' do + let :params do + { :enabled => false } + end + + # Catalog compilation does not crash for lack of aodh::db + it { is_expected.to compile } + it 'configures aodh-evaluator service' do + is_expected.to contain_service('aodh-evaluator').with( + :ensure => 'stopped', + :name => platform_params[:evaluator_service_name], + :enable => false, + :hasstatus => true, + :hasrestart => true, + :tag => ['aodh-service','aodh-db-sync-service'] + ) + end + end + + context 'when service management is disabled' do + let :params do + { :enabled => false, + :manage_service => false } + end + + it 'configures aodh-evaluator service' do + is_expected.to contain_service('aodh-evaluator').with( + :ensure => nil, + :name => platform_params[:evaluator_service_name], + :enable => false, + :hasstatus => true, + :hasrestart => true, + :tag => ['aodh-service','aodh-db-sync-service'] + ) + end + end + end + + context 'on Debian platforms' do + let :facts do + { :osfamily => 'Debian' } + end + + let :platform_params do + { :evaluator_package_name => 'aodh-evaluator', + :evaluator_service_name => 'aodh-evaluator' } + end + + it_configures 'aodh-evaluator' + end + + context 'on RedHat platforms' do + let :facts do + { :osfamily => 'RedHat' } + end + + let :platform_params do + { :evaluator_package_name => 'openstack-aodh-evaluator', + :evaluator_service_name => 'openstack-aodh-evaluator' } + end + + it_configures 'aodh-evaluator' + end +end