Added apache component
Add test and mods for deployment as an apache module Change-Id: I6f693c0aa41af7190b4466910795a07546347ce5
This commit is contained in:
parent
28abb08c20
commit
ff8615d1f0
|
@ -204,6 +204,15 @@
|
|||
# automatically when the server starts.
|
||||
# Defaults to $::os_service_default
|
||||
#
|
||||
# [*service_name*]
|
||||
# (optional) Name of the service that will be providing the
|
||||
# server functionality of barbican-api.
|
||||
# If the value is 'httpd', this means barbican-api will be a web
|
||||
# service, and you must use another class to configure that
|
||||
# web service. For example, use class { 'barbican::wsgi::apache'...}
|
||||
# to make barbican-api be a web app using apache mod_wsgi.
|
||||
# Defaults to 'barbican-api'
|
||||
#
|
||||
class barbican::api (
|
||||
$ensure_package = 'present',
|
||||
$client_package_ensure = 'present',
|
||||
|
@ -250,6 +259,7 @@ class barbican::api (
|
|||
$enabled = true,
|
||||
$sync_db = true,
|
||||
$db_auto_create = $::os_service_default,
|
||||
$service_name = 'barbican-api',
|
||||
) inherits barbican::params {
|
||||
|
||||
include ::barbican::db
|
||||
|
@ -271,7 +281,7 @@ class barbican::api (
|
|||
owner => 'root',
|
||||
group => 'barbican',
|
||||
require => Package['barbican-api'],
|
||||
notify => Service['barbican-api'],
|
||||
notify => Service[$service_name],
|
||||
}
|
||||
|
||||
file { ['/etc/barbican/barbican.conf',
|
||||
|
@ -279,7 +289,7 @@ class barbican::api (
|
|||
'/etc/barbican/gunicorn-config.py']:
|
||||
ensure => present,
|
||||
require => Package['barbican-api'],
|
||||
notify => Service['barbican-api'],
|
||||
notify => Service[$service_name],
|
||||
}
|
||||
|
||||
package { 'barbican-api':
|
||||
|
@ -290,8 +300,8 @@ class barbican::api (
|
|||
|
||||
File['/etc/barbican/barbican.conf'] -> Barbican_config<||>
|
||||
File['/etc/barbican/barbican-api-paste.ini'] -> Barbican_api_paste_ini<||>
|
||||
Barbican_config<||> ~> Service['barbican-api']
|
||||
Barbican_api_paste_ini<||> ~> Service['barbican-api']
|
||||
Barbican_config<||> ~> Service[$service_name]
|
||||
Barbican_api_paste_ini<||> ~> Service[$service_name]
|
||||
|
||||
# basic service config
|
||||
if $host_href == undef {
|
||||
|
@ -311,7 +321,7 @@ class barbican::api (
|
|||
path => '/etc/barbican/gunicorn-config.py',
|
||||
line => "bind = '${bind_host}:${bind_port}'",
|
||||
match => '.*bind = .*',
|
||||
} -> Service['barbican-api']
|
||||
} -> Service[$service_name]
|
||||
|
||||
#rabbit config
|
||||
if $rpc_backend in [$::os_service_default, 'rabbit'] {
|
||||
|
@ -403,13 +413,28 @@ class barbican::api (
|
|||
include ::barbican::db::sync
|
||||
}
|
||||
|
||||
service { 'barbican-api':
|
||||
ensure => $service_ensure,
|
||||
name => $::barbican::params::api_service_name,
|
||||
enable => $enabled,
|
||||
hasstatus => true,
|
||||
hasrestart => true,
|
||||
tag => 'barbican-service',
|
||||
if $service_name == 'barbican-api' {
|
||||
service { 'barbican-api':
|
||||
ensure => $service_ensure,
|
||||
name => $::barbican::params::api_service_name,
|
||||
enable => $enabled,
|
||||
hasstatus => true,
|
||||
hasrestart => true,
|
||||
tag => 'barbican-service',
|
||||
}
|
||||
} elsif $service_name == 'httpd' {
|
||||
include ::apache::params
|
||||
service { 'barbican-api':
|
||||
ensure => 'stopped',
|
||||
name => $::barbican::params::api_service_name,
|
||||
enable => false,
|
||||
tag => 'barbican-service',
|
||||
}
|
||||
|
||||
# we need to make sure barbican-api is stopped before trying to start apache
|
||||
Service['barbican-api'] -> Service[$service_name]
|
||||
} else {
|
||||
fail('Invalid service_name. Use barbican-api for stand-alone or httpd')
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
@ -11,7 +11,7 @@ class barbican::params {
|
|||
$worker_service_name = 'openstack-barbican-worker'
|
||||
$client_package_name = 'python-barbicanclient'
|
||||
$barbican_wsgi_script_path = '/var/www/cgi-bin/barbican'
|
||||
$barbican_wsgi_script_source = '/usr/share/barbican/barbican.wsgi'
|
||||
$barbican_wsgi_script_source = '/usr/lib/python2.7/site-packages/barbican/api/app.wsgi'
|
||||
$paste_config = '/etc/barbican/barbican-api-paste.ini'
|
||||
$dogtag_client_package = 'pki-base'
|
||||
}
|
||||
|
@ -20,7 +20,7 @@ class barbican::params {
|
|||
$service_name = 'openstack-barbican'
|
||||
$client_package_name = 'python-barbicanclient'
|
||||
$barbican_wsgi_script_path = '/var/www/cgi-bin/barbican'
|
||||
$barbican_wsgi_script_source = '/usr/share/barbican/barbican.wsgi'
|
||||
$barbican_wsgi_script_source = '/usr/lib/python2.7/site-packages/barbican/api/app.wsgi'
|
||||
$paste_config = '/etc/barbican/barbican-api-paste.ini'
|
||||
$dogtag_client_package = 'pki-base'
|
||||
}
|
||||
|
|
|
@ -0,0 +1,235 @@
|
|||
#
|
||||
# Class to serve barbican with apache mod_wsgi in place of barbican service
|
||||
#
|
||||
# Serving barbican from apache is the recommended way to go for production
|
||||
# systems as the current barbican implementation is not multi-processor aware,
|
||||
# thus limiting the performance for concurrent accesses.
|
||||
#
|
||||
# When using this class you should disable your barbican service.
|
||||
#
|
||||
# == Parameters
|
||||
#
|
||||
# [*servername*]
|
||||
# The servername for the virtualhost.
|
||||
# Optional. Defaults to $::fqdn
|
||||
#
|
||||
# [*public_port*]
|
||||
# The public port.
|
||||
# Optional. Defaults to 9311
|
||||
#
|
||||
# [*bind_host*]
|
||||
# The host/ip address Apache will listen on.
|
||||
# Optional. Defaults to undef (listen on all ip addresses).
|
||||
#
|
||||
# [*public_path*]
|
||||
# The prefix for the public endpoint.
|
||||
# Optional. Defaults to '/'
|
||||
#
|
||||
# [*ssl*]
|
||||
# Use ssl ? (boolean)
|
||||
# Optional. Defaults to true
|
||||
#
|
||||
# [*workers*]
|
||||
# Number of WSGI workers to spawn.
|
||||
# Optional. Defaults to 1
|
||||
#
|
||||
# [*ssl_cert*]
|
||||
# (optional) Path to SSL certificate
|
||||
# Default to apache::vhost 'ssl_*' defaults.
|
||||
#
|
||||
# [*ssl_key*]
|
||||
# (optional) Path to SSL key
|
||||
# Default to apache::vhost 'ssl_*' defaults.
|
||||
#
|
||||
# [*ssl_chain*]
|
||||
# (optional) SSL chain
|
||||
# Default to apache::vhost 'ssl_*' defaults.
|
||||
#
|
||||
# [*ssl_ca*]
|
||||
# (optional) Path to SSL certificate authority
|
||||
# Default to apache::vhost 'ssl_*' defaults.
|
||||
#
|
||||
# [*ssl_crl_path*]
|
||||
# (optional) Path to SSL certificate revocation list
|
||||
# Default to apache::vhost 'ssl_*' defaults.
|
||||
#
|
||||
# [*ssl_crl*]
|
||||
# (optional) SSL certificate revocation list name
|
||||
# Default to apache::vhost 'ssl_*' defaults.
|
||||
#
|
||||
# [*ssl_certs_dir*]
|
||||
# apache::vhost ssl parameters.
|
||||
# Optional. Default to apache::vhost 'ssl_*' defaults.
|
||||
#
|
||||
# [*priority*]
|
||||
# (optional) The priority for the vhost.
|
||||
# Defaults to '10'
|
||||
#
|
||||
# [*threads*]
|
||||
# (optional) The number of threads for the vhost.
|
||||
# Defaults to $::processorcount
|
||||
#
|
||||
# [*wsgi_script_ensure*]
|
||||
# (optional) File ensure parameter for wsgi scripts.
|
||||
# Defaults to 'file'.
|
||||
#
|
||||
# [*wsgi_script_source*]
|
||||
# (optional) Wsgi script source.
|
||||
# Defaults to undef.
|
||||
#
|
||||
# [*wsgi_application_group*]
|
||||
# (optional) The application group of the WSGI script.
|
||||
# Defaults to '%{GLOBAL}'
|
||||
#
|
||||
# [*wsgi_pass_authorization*]
|
||||
# (optional) Whether HTTP authorisation headers are passed through to a WSGI
|
||||
# script when the equivalent HTTP request headers are present.
|
||||
# Defaults to 'On'
|
||||
#
|
||||
# [*access_log_format*]
|
||||
# The log format for the virtualhost.
|
||||
# Optional. Defaults to false.
|
||||
#
|
||||
# [*vhost_custom_fragment*]
|
||||
# (optional) Passes a string of custom configuration
|
||||
# directives to be placed at the end of the vhost configuration.
|
||||
# Defaults to undef.
|
||||
#
|
||||
# == Dependencies
|
||||
#
|
||||
# requires Class['apache'] & Class['barbican']
|
||||
#
|
||||
# == Examples
|
||||
#
|
||||
# include apache
|
||||
#
|
||||
# class { 'barbican::wsgi::apache': }
|
||||
#
|
||||
# == Authors
|
||||
#
|
||||
# Ade Lee <alee@redhat.com>
|
||||
#
|
||||
# == Copyright
|
||||
#
|
||||
# Copyright 2015 Red Hat Inc. <licensing@redhat.com>
|
||||
#
|
||||
class barbican::wsgi::apache (
|
||||
$servername = $::fqdn,
|
||||
$public_port = 9311,
|
||||
$bind_host = undef,
|
||||
$public_path = '/',
|
||||
$ssl = true,
|
||||
$workers = 1,
|
||||
$ssl_cert = undef,
|
||||
$ssl_key = undef,
|
||||
$ssl_chain = undef,
|
||||
$ssl_ca = undef,
|
||||
$ssl_crl_path = undef,
|
||||
$ssl_crl = undef,
|
||||
$ssl_certs_dir = undef,
|
||||
$threads = $::processorcount,
|
||||
$priority = '10',
|
||||
$wsgi_script_ensure = 'file',
|
||||
$wsgi_script_source = undef,
|
||||
$wsgi_application_group = '%{GLOBAL}',
|
||||
$wsgi_pass_authorization = 'On',
|
||||
|
||||
$access_log_format = false,
|
||||
$vhost_custom_fragment = undef,
|
||||
) {
|
||||
|
||||
include ::barbican::params
|
||||
include ::apache
|
||||
include ::apache::mod::wsgi
|
||||
if $ssl {
|
||||
include ::apache::mod::ssl
|
||||
}
|
||||
|
||||
Package['barbican-api'] -> Package['httpd']
|
||||
Package['barbican-api'] ~> Service['httpd']
|
||||
Barbican_config <| |> ~> Service['httpd']
|
||||
Service['httpd'] -> Keystone_endpoint <| |>
|
||||
Service['httpd'] -> Keystone_role <| |>
|
||||
Service['httpd'] -> Keystone_service <| |>
|
||||
Service['httpd'] -> Keystone_tenant <| |>
|
||||
Service['httpd'] -> Keystone_user <| |>
|
||||
Service['httpd'] -> Keystone_user_role <| |>
|
||||
|
||||
## Sanitize parameters
|
||||
|
||||
# Ensure there's no trailing '/' except if this is also the only character
|
||||
$public_path_real = regsubst($public_path, '(^/.*)/$', '\1')
|
||||
|
||||
file { $::barbican::params::barbican_wsgi_script_path:
|
||||
ensure => directory,
|
||||
owner => 'barbican',
|
||||
group => 'barbican',
|
||||
require => Package['httpd'],
|
||||
}
|
||||
|
||||
$wsgi_files = {
|
||||
'barbican_wsgi_main' => {
|
||||
'path' => "${::barbican::params::barbican_wsgi_script_path}/main",
|
||||
},
|
||||
}
|
||||
|
||||
$wsgi_file_defaults = {
|
||||
'ensure' => $wsgi_script_ensure,
|
||||
'owner' => 'barbican',
|
||||
'group' => 'barbican',
|
||||
'mode' => '0644',
|
||||
'require' => [File[$::barbican::params::barbican_wsgi_script_path], Package['barbican-api']],
|
||||
}
|
||||
|
||||
$wsgi_script_source_real = $wsgi_script_source ? {
|
||||
default => $wsgi_script_source,
|
||||
undef => $::barbican::params::barbican_wsgi_script_source,
|
||||
}
|
||||
|
||||
case $wsgi_script_ensure {
|
||||
'link': { $wsgi_file_source = { 'target' => $wsgi_script_source_real } }
|
||||
default: { $wsgi_file_source = { 'source' => $wsgi_script_source_real } }
|
||||
}
|
||||
|
||||
create_resources('file', $wsgi_files, merge($wsgi_file_defaults, $wsgi_file_source))
|
||||
|
||||
$wsgi_daemon_process_options_main = {
|
||||
user => 'barbican',
|
||||
group => 'barbican',
|
||||
processes => $workers,
|
||||
threads => $threads,
|
||||
display-name => 'barbican-api',
|
||||
}
|
||||
|
||||
$wsgi_script_aliases_main = hash([$public_path_real,"${::barbican::params::barbican_wsgi_script_path}/main"])
|
||||
$wsgi_script_aliases_main_real = $wsgi_script_aliases_main
|
||||
|
||||
::apache::vhost { 'barbican_wsgi_main':
|
||||
ensure => 'present',
|
||||
servername => $servername,
|
||||
ip => $bind_host,
|
||||
port => $public_port,
|
||||
docroot => $::barbican::params::barbican_wsgi_script_path,
|
||||
docroot_owner => 'barbican',
|
||||
docroot_group => 'barbican',
|
||||
priority => $priority,
|
||||
ssl => $ssl,
|
||||
ssl_cert => $ssl_cert,
|
||||
ssl_key => $ssl_key,
|
||||
ssl_chain => $ssl_chain,
|
||||
ssl_ca => $ssl_ca,
|
||||
ssl_crl_path => $ssl_crl_path,
|
||||
ssl_crl => $ssl_crl,
|
||||
ssl_certs_dir => $ssl_certs_dir,
|
||||
wsgi_daemon_process => 'barbican-api',
|
||||
wsgi_daemon_process_options => $wsgi_daemon_process_options_main,
|
||||
wsgi_process_group => 'barbican-api',
|
||||
wsgi_script_aliases => $wsgi_script_aliases_main_real,
|
||||
wsgi_application_group => $wsgi_application_group,
|
||||
wsgi_pass_authorization => $wsgi_pass_authorization,
|
||||
custom_fragment => $vhost_custom_fragment,
|
||||
require => File['barbican_wsgi_main'],
|
||||
access_log_format => $access_log_format,
|
||||
log_level => 'debug',
|
||||
}
|
||||
}
|
|
@ -1,5 +1,5 @@
|
|||
require 'spec_helper_acceptance'
|
||||
describe 'barbican::api class' do
|
||||
describe 'barbican::api basic test class' do
|
||||
context 'default parameters' do
|
||||
pp= <<-EOS
|
||||
include ::openstack_integration
|
||||
|
@ -41,9 +41,15 @@ describe 'barbican::api class' do
|
|||
host_href => 'http://localhost:9311',
|
||||
auth_type => 'keystone',
|
||||
keystone_password => 'a_big_secret',
|
||||
service_name => 'httpd',
|
||||
enabled_certificate_plugins => ['snakeoil_ca'],
|
||||
db_auto_create => false,
|
||||
}
|
||||
|
||||
include ::apache
|
||||
class { '::barbican::wsgi::apache':
|
||||
ssl => false,
|
||||
}
|
||||
}
|
||||
}
|
||||
EOS
|
||||
|
@ -72,7 +78,7 @@ describe 'barbican::api class' do
|
|||
end
|
||||
|
||||
describe port(9311) do
|
||||
it { is_expected.to be_listening.with('tcp') }
|
||||
it { is_expected.to be_listening }
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue