From 08806947a8e282f80bdd33c16a4e45bbd3bf189f Mon Sep 17 00:00:00 2001 From: Oleksiy Molchanov Date: Mon, 11 Jan 2016 22:30:22 +0200 Subject: [PATCH] Add possibility to use mod_proxy for radosgw Add possibility to configure apache to work not only with mod_fastcgi, but with mod_proxy_fcgi Change-Id: I0df8a87ec91f6203d1daf573f956e7d073b68834 Closes-Bug: 1532209 --- manifests/rgw.pp | 49 ++- manifests/rgw/apache.pp | 65 +--- manifests/rgw/apache_fastcgi.pp | 117 ++++++ manifests/rgw/apache_proxy_fcgi.pp | 85 +++++ spec/acceptance/ceph_rgw_spec.rb | 339 +++++++++++++++++- spec/defines/ceph_rgw_apache_fastcgi_spec.rb | 219 +++++++++++ .../ceph_rgw_apache_proxy_fcgi_spec.rb | 183 ++++++++++ spec/defines/ceph_rgw_apache_spec.rb | 1 - spec/defines/ceph_rgw_keystone_spec.rb | 8 +- 9 files changed, 991 insertions(+), 75 deletions(-) create mode 100644 manifests/rgw/apache_fastcgi.pp create mode 100644 manifests/rgw/apache_proxy_fcgi.pp create mode 100644 spec/defines/ceph_rgw_apache_fastcgi_spec.rb create mode 100644 spec/defines/ceph_rgw_apache_proxy_fcgi_spec.rb diff --git a/manifests/rgw.pp b/manifests/rgw.pp index ff362e7a..eda8daa0 100644 --- a/manifests/rgw.pp +++ b/manifests/rgw.pp @@ -58,35 +58,58 @@ # [*rgw_port*] Port the rados gateway listens. # Optional. Default is undef. # +# [*frontend_type*] What type of frontend to use +# Optional. Default is apache-fastcgi. Other option is apache-proxy-fcgi. +# +# [*rgw_frontends*] String for rgw_frontends config. +# Optional. Default is 'fastcgi socket_port=9000 socket_host=127.0.0.1'. +# # [*syslog*] Whether or not to log to syslog. # Optional. Default is true. # define ceph::rgw ( - $pkg_radosgw = $::ceph::params::pkg_radosgw, - $rgw_ensure = 'running', - $rgw_enable = true, - $rgw_data = "/var/lib/ceph/radosgw/ceph-${name}", - $user = $::ceph::params::user_radosgw, - $keyring_path = "/etc/ceph/ceph.client.${name}.keyring", - $log_file = '/var/log/ceph/radosgw.log', - $rgw_dns_name = $::fqdn, - $rgw_socket_path = $::ceph::params::rgw_socket_path, - $rgw_print_continue = false, - $rgw_port = undef, - $syslog = true, + $pkg_radosgw = $::ceph::params::pkg_radosgw, + $rgw_ensure = 'running', + $rgw_enable = true, + $rgw_data = "/var/lib/ceph/radosgw/ceph-${name}", + $user = $::ceph::params::user_radosgw, + $keyring_path = "/etc/ceph/ceph.client.${name}.keyring", + $log_file = '/var/log/ceph/radosgw.log', + $rgw_dns_name = $::fqdn, + $rgw_socket_path = $::ceph::params::rgw_socket_path, + $rgw_print_continue = false, + $rgw_port = undef, + $frontend_type = 'apache-fastcgi', + $rgw_frontends = 'fastcgi socket_port=9000 socket_host=127.0.0.1', + $syslog = true, ) { + if $frontend_type { + validate_re(downcase($frontend_type), '^(apache-fastcgi|apache-proxy-fcgi)$', + "${frontend_type} is not supported for frontend_type. + Allowed values are 'apache-fastcgi' and 'apache-proxy-fcgi'.") + } + ceph_config { "client.${name}/host": value => $::hostname; "client.${name}/keyring": value => $keyring_path; "client.${name}/log_file": value => $log_file; "client.${name}/rgw_dns_name": value => $rgw_dns_name; - "client.${name}/rgw_port": value => $rgw_port; "client.${name}/rgw_print_continue": value => $rgw_print_continue; "client.${name}/rgw_socket_path": value => $rgw_socket_path; "client.${name}/user": value => $user; } + if $frontend_type == 'apache-fastcgi' { + ceph_config { + "client.${name}/rgw_port": value => $rgw_port; + } + } elsif $frontend_type == 'apache-proxy-fcgi' { + ceph_config { + "client.${name}/rgw_frontends": value => $rgw_frontends; + } + } + package { $pkg_radosgw: ensure => installed, tag => 'ceph', diff --git a/manifests/rgw/apache.pp b/manifests/rgw/apache.pp index 6dad4f30..6a982458 100644 --- a/manifests/rgw/apache.pp +++ b/manifests/rgw/apache.pp @@ -45,7 +45,7 @@ # [*syslog*] Whether or not to log to syslog. # Optional. Default is true. # -# [*ceph_apache_repo*] Wether to require the CEPH apache repo (ceph::repo::fastcgi). +# [*ceph_apache_repo*] Whether to require the CEPH apache repo (ceph::repo::fastcgi). # Optional. Default is true. Check: # http://ceph.com/docs/master/install/install-ceph-gateway/ # for more info on repository recommendations. @@ -61,57 +61,16 @@ define ceph::rgw::apache ( $ceph_apache_repo = true, ) { - class { '::apache': - default_mods => false, - default_vhost => false, + warning ('Class rgw::apache is deprecated in favor of rgw::apache_fastcgi') + + ceph::rgw::apache_fastcgi { $name: + admin_email => $admin_email, + docroot => $docroot, + fcgi_file => $fcgi_file, + rgw_dns_name => $rgw_dns_name, + rgw_port => $rgw_port, + rgw_socket_path => $rgw_socket_path, + syslog => $syslog, + ceph_apache_repo => $ceph_apache_repo, } - include ::apache::mod::alias - include ::apache::mod::auth_basic - include ::apache::mod::mime - include ::apache::mod::rewrite - - apache::vhost { "${rgw_dns_name}-radosgw": - servername => $rgw_dns_name, - serveradmin => $admin_email, - port => $rgw_port, - docroot => $docroot, - rewrite_rule => '^/([a-zA-Z0-9-_.]*)([/]?.*) /s3gw.fcgi?page=$1¶ms=$2&%{QUERY_STRING} [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]', - access_log => $syslog, - error_log => $syslog, - fastcgi_server => $fcgi_file, - fastcgi_socket => $rgw_socket_path, - fastcgi_dir => $docroot, - } - - # radosgw fast-cgi script - file { $fcgi_file: - ensure => file, - owner => 'root', - group => 'root', - mode => '0750', - content => "#!/bin/sh -exec /usr/bin/radosgw -c /etc/ceph/ceph.conf -n ${name}", - } - - File[$fcgi_file] - ~> Service['httpd'] - - # dependency on ceph apache repo if set - $pkg_fastcgi = $::apache::params::mod_packages['fastcgi'] - if $ceph_apache_repo { - case $::osfamily { - 'Debian': { - Apt::Source['ceph-fastcgi'] - -> Package[$pkg_fastcgi] - } - 'RedHat': { - Yumrepo['ext-ceph-fastcgi'] - -> Package[$pkg_fastcgi] - } - default: { - fail("Unsupported osfamily: ${::osfamily} operatingsystem: ${::operatingsystem}, module ${module_name} only supports osfamily Debian and RedHat") - } - } - } - } diff --git a/manifests/rgw/apache_fastcgi.pp b/manifests/rgw/apache_fastcgi.pp new file mode 100644 index 00000000..28c4466b --- /dev/null +++ b/manifests/rgw/apache_fastcgi.pp @@ -0,0 +1,117 @@ +# +# Copyright (C) 2014 Catalyst IT Limited. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Author: Ricardo Rocha +# +# Configures a ceph radosgw apache frontend with mod_fastcgi. +# +## == Define: ceph::rgw::apache_fastcgi +# +# The RGW id. An alphanumeric string uniquely identifying the RGW. +# ( example: radosgw.gateway ) +# +### == Parameters +# +# [*admin_email*] Admin email for the radosgw reports. +# Optional. Default is 'root@localhost'. +# +# [*docroot*] Location of the apache docroot. +# Optional. Default is '/var/www'. +# +# [*fcgi_file*] Path to the fcgi file. +# Optional. Default is '/var/www/s3gw.cgi'. +# +# [*rgw_port*] Port the rados gateway listens. +# Optional. Default is 80. +# +# [*rgw_dns_name*] Hostname to use for the service. +# Optional. Default is $fqdn. +# +# [*rgw_socket_path*] Path to socket file. +# Optional. Default is '/tmp/radosgw.sock'. +# +# [*syslog*] Whether or not to log to syslog. +# Optional. Default is true. +# +# [*ceph_apache_repo*] Whether to require the CEPH apache repo (ceph::repo::fastcgi). +# Optional. Default is true. Check: +# http://ceph.com/docs/master/install/install-ceph-gateway/ +# for more info on repository recommendations. +# +define ceph::rgw::apache_fastcgi ( + $admin_email = 'root@localhost', + $docroot = '/var/www', + $fcgi_file = '/var/www/s3gw.fcgi', + $rgw_dns_name = $::fqdn, + $rgw_port = 80, + $rgw_socket_path = $::ceph::params::rgw_socket_path, + $syslog = true, + $ceph_apache_repo = true, +) { + + class { '::apache': + default_mods => false, + default_vhost => false, + } + include ::apache::mod::alias + include ::apache::mod::auth_basic + include ::apache::mod::mime + include ::apache::mod::rewrite + + apache::vhost { "${rgw_dns_name}-radosgw": + servername => $rgw_dns_name, + serveradmin => $admin_email, + port => $rgw_port, + docroot => $docroot, + rewrite_rule => '^/([a-zA-Z0-9-_.]*)([/]?.*) /s3gw.fcgi?page=$1¶ms=$2&%{QUERY_STRING} [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]', + access_log => $syslog, + error_log => $syslog, + fastcgi_server => $fcgi_file, + fastcgi_socket => $rgw_socket_path, + fastcgi_dir => $docroot, + } + + # radosgw fast-cgi script + file { $fcgi_file: + ensure => file, + owner => 'root', + group => 'root', + mode => '0750', + content => "#!/bin/sh +exec /usr/bin/radosgw -c /etc/ceph/ceph.conf -n ${name}", + } + + File[$fcgi_file] + ~> Service['httpd'] + + # dependency on ceph apache repo if set + $pkg_fastcgi = $::apache::params::mod_packages['fastcgi'] + if $ceph_apache_repo { + case $::osfamily { + 'Debian': { + Apt::Source['ceph-fastcgi'] + -> Package[$pkg_fastcgi] + } + 'RedHat': { + Yumrepo['ext-ceph-fastcgi'] + -> Package[$pkg_fastcgi] + } + default: { + fail("Unsupported osfamily: ${::osfamily} operatingsystem: ${::operatingsystem}, module ${module_name} only supports osfamily Debian and RedHat") + } + } + } + +} diff --git a/manifests/rgw/apache_proxy_fcgi.pp b/manifests/rgw/apache_proxy_fcgi.pp new file mode 100644 index 00000000..e6396fdd --- /dev/null +++ b/manifests/rgw/apache_proxy_fcgi.pp @@ -0,0 +1,85 @@ +# +# Copyright (C) 2016 Mirantis Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Author: Oleksiy Molchanov +# +# Configures a ceph radosgw apache frontend with mod_proxy. +# +## == Define: ceph::rgw::apache_proxy_fcgi +# +# The RGW id. An alphanumeric string uniquely identifying the RGW. +# ( example: radosgw.gateway ) +# +### == Parameters +# +# [*admin_email*] Admin email for the radosgw reports. +# Optional. Default is 'root@localhost'. +# +# [*docroot*] Location of the apache docroot. +# Optional. Default is '/var/www'. +# +# [*rgw_port*] Port the rados gateway listens. +# Optional. Default is 80. +# +# [*rgw_dns_name*] Hostname to use for the service. +# Optional. Default is $fqdn. +# +# [*rewrite_rule*] RewriteRule for the apache config. +# Optional. Default is '.* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]'. +# +# [*setenv*] String or aray for the apache setenv directive. +# Optional. Default is 'proxy-nokeepalive 1'. +# +# [*proxy_pass*] Hash that contains local virtual path and remote url. +# Optional. Default is {'path' => '/', 'url' => 'fcgi://127.0.0.1:9000/'}. +# +# [*syslog*] Whether or not to log to syslog. +# Optional. Default is true. +# +define ceph::rgw::apache_proxy_fcgi ( + $admin_email = 'root@localhost', + $docroot = '/var/www', + $rgw_dns_name = $::fqdn, + $rgw_port = 80, + $rewrite_rule = '.* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]', + $setenv = 'proxy-nokeepalive 1', + $proxy_pass = {'path' => '/', 'url' => 'fcgi://127.0.0.1:9000/'}, + $syslog = true, +) { + + class { '::apache': + default_mods => false, + default_vhost => false, + } + include ::apache::mod::alias + include ::apache::mod::auth_basic + include ::apache::mod::mime + include ::apache::mod::rewrite + include ::apache::mod::proxy + ::apache::mod { 'proxy_fcgi': } + ::apache::mod { 'env': } + + apache::vhost { "${rgw_dns_name}-radosgw": + servername => $rgw_dns_name, + serveradmin => $admin_email, + docroot => $docroot, + access_log => $syslog, + error_log => $syslog, + port => $rgw_port, + rewrite_rule => $rewrite_rule, + setenv => $setenv, + proxy_pass => $proxy_pass, + } +} diff --git a/spec/acceptance/ceph_rgw_spec.rb b/spec/acceptance/ceph_rgw_spec.rb index 184eb900..84ae0ce6 100644 --- a/spec/acceptance/ceph_rgw_spec.rb +++ b/spec/acceptance/ceph_rgw_spec.rb @@ -37,7 +37,7 @@ describe 'ceph rgw' do describe 'ceph::rgw::keystone' do - it 'should install one monitor/osd with cephx keys' do + it 'should install one monitor/osd with cephx keys for rgw-fcgi' do pp = <<-EOS class { 'ceph::repo': release => '#{release}', @@ -106,7 +106,7 @@ describe 'ceph rgw' do end end - it 'should install a radosgw' do + it 'should install a radosgw with fcgi' do pp = <<-EOS # ceph::repo and ceph are needed as dependencies in the catalog class { 'ceph::repo': @@ -139,7 +139,8 @@ describe 'ceph rgw' do ceph::rgw { 'radosgw.gateway': rgw_socket_path => '/var/run/ceph/ceph-client.radosgw.gateway.asok', } - ceph::rgw::apache { 'radosgw.gateway': + + ceph::rgw::apache_fastcgi { 'radosgw.gateway': rgw_port => '8080', rgw_socket_path => '/var/run/ceph/ceph-client.radosgw.gateway.asok', } @@ -176,7 +177,7 @@ describe 'ceph rgw' do end end - it 'should configure keystone and rgw keystone integration' do + it 'should configure keystone and rgw-fcgi keystone integration' do pp = <<-EOS # ceph::repo and ceph are needed as dependencies in the catalog class { 'ceph::repo': @@ -370,6 +371,336 @@ describe 'ceph rgw' do apply_manifest(purge, :catch_failures => true) end end + + it 'should install one monitor/osd with cephx keys for rgw-proxy' do + pp = <<-EOS + class { 'ceph::repo': + release => '#{release}', + fastcgi => true, + } + -> + class { 'ceph': + fsid => '#{fsid}', + mon_host => $::ipaddress, + mon_initial_members => 'a', + osd_pool_default_size => '1', + osd_pool_default_min_size => '1', + } + ceph_config { + 'global/mon_data_avail_warn': value => 10; # workaround for health warn in mon + 'global/osd_journal_size': value => 100; + } + ceph::mon { 'a': + public_addr => $::ipaddress, + key => '#{mon_key}', + } + ceph::key { 'client.admin': + secret => '#{admin_key}', + cap_mon => 'allow *', + cap_osd => 'allow *', + cap_mds => 'allow *', + inject => true, + inject_as_id => 'mon.', + inject_keyring => '/var/lib/ceph/mon/ceph-a/keyring', + } + -> + ceph::key { 'client.radosgw.gateway': + user => $apache_user, + secret => '#{radosgw_key}', + cap_mon => 'allow rwx', + cap_osd => 'allow rwx', + inject => true, + } + -> + exec { 'bootstrap-key': + command => '/usr/sbin/ceph-create-keys --id a', + } + -> + ceph::osd { '/srv/data': } + EOS + + osfamily = fact 'osfamily' + + # RGW on CentOS is currently broken, so lets disable tests for now. + if osfamily != 'RedHat' + apply_manifest(pp, :catch_failures => true) + # Enable as soon as remaining changes are fixed + #apply_manifest(pp, :catch_changes => true) + + shell 'sleep 10' # we need to wait a bit until the OSD is up + + shell 'ceph -s', { :acceptable_exit_codes => [0] } do |r| + expect(r.stdout).to match(/1 mons at/) + expect(r.stderr).to be_empty + end + + shell 'ceph osd tree', { :acceptable_exit_codes => [0] } do |r| + expect(r.stdout).to match(/osd.0/) + expect(r.stderr).to be_empty + end + end + end + + it 'should install a radosgw with mod_proxy' do + pp = <<-EOS + # ceph::repo and ceph are needed as dependencies in the catalog + class { 'ceph::repo': + release => '#{release}', + fastcgi => true, + } + class { 'ceph': + fsid => '#{fsid}', + mon_host => $::ipaddress, + mon_initial_members => 'a', + osd_pool_default_size => '1', + osd_pool_default_min_size => '1', + } + + $apache_user = $::osfamily ? { + 'RedHat' => 'apache', + default => 'www-data', + } + + host { $::fqdn: # workaround for bad 'hostname -f' in vagrant box + ip => $ipaddress, + host_aliases => [$::hostname], + } + -> + file { '/var/run/ceph': # workaround for bad sysvinit script (ignores socket) + ensure => directory, + owner => $apache_user, + } + -> + ceph::rgw { 'radosgw.gateway': + frontend_type => 'apache-proxy-fcgi', + rgw_socket_path => '/var/run/ceph/ceph-client.radosgw.gateway.asok', + } + + ceph::rgw::apache_proxy_fcgi { 'radosgw.gateway': + rgw_port => '8080', + proxy_pass => {'path' => '/', 'url' => 'fcgi://127.0.0.1:9000/', 'params' => { 'retry' => '0' }}, + } + EOS + + osfamily = fact 'osfamily' + + servicequery = { + 'Debian' => 'status radosgw id=radosgw.gateway', + 'RedHat' => 'service ceph-radosgw status id=radosgw.gateway', + } + + # RGW on CentOS is currently broken, so lets disable tests for now. + if osfamily != 'RedHat' + apply_manifest(pp, :catch_failures => true) + # Enable as soon as remaining changes are fixed + #apply_manifest(pp, :catch_changes => true) + + shell servicequery[osfamily] do |r| + expect(r.exit_code).to be_zero + end + + shell "radosgw-admin user create --uid=#{test_user} --display-name=#{test_user}" + + shell "radosgw-admin subuser create --uid=#{test_user} --subuser=#{test_user}:swift --access=full" + + shell "radosgw-admin key create --subuser=#{test_user}:swift --key-type=swift --secret='#{test_password}'" + + shell "curl -i -H 'X-Auth-User: #{test_user}:swift' -H 'X-Auth-Key: #{test_password}' http://127.0.0.1:8080/auth/v1.0/" do |r| + expect(r.exit_code).to be_zero + expect(r.stdout).to match(/HTTP\/1\.1 204 No Content/) + expect(r.stdout).not_to match(/401 Unauthorized/) + end + end + end + + it 'should configure keystone and rgw-proxy keystone integration' do + pp = <<-EOS + # ceph::repo and ceph are needed as dependencies in the catalog + class { 'ceph::repo': + release => '#{release}', + fastcgi => true, + } + class { 'ceph': + fsid => '#{fsid}', + mon_host => $::ipaddress, + mon_initial_members => 'a', + osd_pool_default_size => '1', + osd_pool_default_min_size => '1', + } + + # this is needed for the refresh triggered by ceph::rgw::keystone + ceph::rgw { 'radosgw.gateway': + rgw_socket_path => '/var/run/ceph/ceph-client.radosgw.gateway.asok', + } + + case $::osfamily { + 'Debian': { + include ::apt + apt::source { 'cloudarchive-juno': + location => 'http://ubuntu-cloud.archive.canonical.com/ubuntu', + release => 'trusty-updates/juno', + repos => 'main', + include_src => false, + required_packages => 'ubuntu-cloud-keyring', + } + Apt::Source['cloudarchive-juno'] -> Package['keystone','python-swiftclient'] + Exec['apt_update'] -> Package['keystone','python-swiftclient'] + } + 'RedHat': { + yumrepo { 'openstack-juno': + descr => 'OpenStack Juno Repository', + baseurl => 'http://repos.fedorapeople.org/repos/openstack/openstack-juno/epel-7/', + enabled => '1', + gpgcheck => '1', + gpgkey => 'https://raw.githubusercontent.com/redhat-openstack/rdo-release/juno/RPM-GPG-KEY-RDO-Juno', + priority => '15', # prefer over EPEL, but below ceph + } + Yumrepo<||> -> Package['python-swiftclient','keystone'] + } + } + + class { 'keystone': + verbose => true, + catalog_type => 'sql', + admin_token => '#{keystone_admin_token}', + admin_endpoint => "http://${::ipaddress}:35357", + } + -> + class { 'keystone::roles::admin': + email => 'admin@example.com', + password => '#{keystone_password}', + } + -> + class { 'keystone::endpoint': + public_url => "http://${::ipaddress}:5000", + admin_url => "http://${::ipaddress}:35357", + internal_url => "http://${::ipaddress}:5000", + region => 'example-1', + } + Service['keystone'] -> Ceph::Rgw::Keystone['radosgw.gateway'] + + keystone_service { 'swift': + ensure => present, + type => 'object-store', + description => 'Openstack Object Storage Service', + } + Keystone_service<||> -> Ceph::Rgw::Keystone['radosgw.gateway'] + keystone_endpoint { 'example-1/swift': + ensure => present, + public_url => "http://${::fqdn}:8080/swift/v1", + admin_url => "http://${::fqdn}:8080/swift/v1", + internal_url => "http://${::fqdn}:8080/swift/v1", + } + Keystone_endpoint<||> -> Ceph::Rgw::Keystone['radosgw.gateway'] + + # add a testuser for validation below + keystone_user { '#{test_user}': + ensure => present, + enabled => true, + email => '#{test_email}', + password => '#{test_password}', + tenant => '#{test_tenant}', + } + Keystone_user<||> -> Ceph::Rgw::Keystone['radosgw.gateway'] + keystone_user_role { 'testuser@openstack': + ensure => present, + roles => ['_member_'], + } + Keystone_user_role<||> -> Ceph::Rgw::Keystone['radosgw.gateway'] + + package { 'python-swiftclient': # required for tests below + ensure => present, + } + + ceph::rgw::keystone { 'radosgw.gateway': + rgw_keystone_url => "http://${::ipaddress}:5000", + rgw_keystone_admin_token => '#{keystone_admin_token}', + } + EOS + + osfamily = fact 'osfamily' + + servicequery = { + 'Debian' => 'status radosgw id=radosgw.gateway', + 'RedHat' => 'service ceph-radosgw status id=radosgw.gateway', + } + + # RGW on CentOS is currently broken, so lets disable tests for now. + if osfamily != 'RedHat' + apply_manifest(pp, :catch_failures => true) + # Enable as soon as remaining changes are fixed + #apply_manifest(pp, :catch_changes => true) + + shell servicequery[osfamily] do |r| + expect(r.exit_code).to be_zero + end + + shell "swift -V 2.0 -A http://127.0.0.1:5000/v2.0 -U #{test_tenant}:#{test_user} -K #{test_password} stat" do |r| + expect(r.exit_code).to be_zero + expect(r.stdout).to match(/Content-Type: text\/plain; charset=utf-8/) + expect(r.stdout).not_to match(/401 Unauthorized/) + end + end + end + + it 'should purge everything again' do + purge = <<-EOS + $radosgw = $::osfamily ? { + 'RedHat' => 'ceph-radosgw', + default => 'radosgw', + } + class { 'keystone': + admin_token => 'keystonetoken', + enabled => false, + } + -> + ceph::osd { '/srv/data': + ensure => absent, + } + -> + ceph::mon { 'a': ensure => absent } + -> + file { [ + '/var/lib/ceph/bootstrap-osd/ceph.keyring', + '/var/lib/ceph/bootstrap-mds/ceph.keyring', + '/var/lib/ceph/nss/cert8.db', + '/var/lib/ceph/nss/key3.db', + '/var/lib/ceph/nss/secmod.db', + '/var/lib/ceph/radosgw/ceph-radosgw.gateway', + '/var/lib/ceph/radosgw', + '/var/lib/ceph/nss', + '/etc/ceph/ceph.client.admin.keyring', + '/etc/ceph/ceph.client.radosgw.gateway', + ]: + ensure => absent + } + -> + package { $radosgw: ensure => purged } + -> + package { #{packages}: + ensure => purged + } + class { 'ceph::repo': + release => '#{release}', + ensure => absent, + } + class { 'apache': + service_ensure => stopped, + service_enable => false, + } + apache::vhost { "$fqdn-radosgw": + ensure => absent, + docroot => '/var/www', + } + EOS + + osfamily = fact 'osfamily' + + # RGW on CentOS is currently broken, so lets disable tests for now. + if osfamily != 'RedHat' + apply_manifest(purge, :catch_failures => true) + end + end end end # Local Variables: diff --git a/spec/defines/ceph_rgw_apache_fastcgi_spec.rb b/spec/defines/ceph_rgw_apache_fastcgi_spec.rb new file mode 100644 index 00000000..e4f10397 --- /dev/null +++ b/spec/defines/ceph_rgw_apache_fastcgi_spec.rb @@ -0,0 +1,219 @@ +# +# Copyright (C) 2014 Catalyst IT Limited. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Author: Ricardo Rocha +# Author: David Gurtner +# +require 'spec_helper' + +describe 'ceph::rgw::apache_fastcgi' do + + let :pre_condition do + "include ceph::params + class { 'ceph::repo': + fastcgi => true, + }" + end + + describe 'Debian Family' do + + let :facts do + { + :concat_basedir => '/var/lib/puppet/concat', + :fqdn => 'myhost.domain', + :hostname => 'myhost', + :osfamily => 'Debian', + :operatingsystem => 'Ubuntu', + :lsbdistid => 'Ubuntu', + :operatingsystemrelease => '14.04', + :lsbdistcodename => 'trusty', + :pkg_fastcgi => 'libapache2-mod-fastcgi', + } + end + + describe 'activated with default params' do + + let :title do + 'radosgw.gateway' + end + + it { is_expected.to contain_apache__vhost('myhost.domain-radosgw').with( { + 'servername' => 'myhost.domain', + 'serveradmin' => 'root@localhost', + 'port' => 80, + 'docroot' => '/var/www', + 'rewrite_rule' => '^/([a-zA-Z0-9-_.]*)([/]?.*) /s3gw.fcgi?page=$1¶ms=$2&%{QUERY_STRING} [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]', + 'access_log' => true, + 'error_log' => true, + 'fastcgi_server' => '/var/www/s3gw.fcgi', + 'fastcgi_socket' => '/tmp/radosgw.sock', + 'fastcgi_dir' => '/var/www', + })} + + it { is_expected.to contain_class('apache') } + it { is_expected.to contain_class('apache::mod::alias') } + it { is_expected.to contain_class('apache::mod::auth_basic') } + it { is_expected.to contain_class('apache::mod::fastcgi') } + it { is_expected.to contain_class('apache::mod::mime') } + it { is_expected.to contain_class('apache::mod::rewrite') } + + it { is_expected.to contain_file('/var/www/s3gw.fcgi').with({ + 'ensure' => 'file', + 'owner' => 'root', + 'group' => 'root', + 'mode' => '0750', + 'content' => "#!/bin/sh +exec /usr/bin/radosgw -c /etc/ceph/ceph.conf -n radosgw.gateway", + })} + + end + + describe "activated with custom params" do + + let :title do + 'myid' + end + + let :params do + { + :rgw_dns_name => 'mydns.hostname', + :rgw_socket_path => '/some/location/radosgw.sock', + :rgw_port => 1111, + :admin_email => 'admin@hostname', + :fcgi_file => '/some/fcgi/filepath', + :syslog => false, + } + end + + it { is_expected.to contain_apache__vhost('mydns.hostname-radosgw').with( { + 'servername' => 'mydns.hostname', + 'serveradmin' => 'admin@hostname', + 'port' => 1111, + 'docroot' => '/var/www', + 'rewrite_rule' => '^/([a-zA-Z0-9-_.]*)([/]?.*) /s3gw.fcgi?page=$1¶ms=$2&%{QUERY_STRING} [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]', + 'access_log' => false, + 'error_log' => false, + 'fastcgi_server' => '/some/fcgi/filepath', + 'fastcgi_socket' => '/some/location/radosgw.sock', + 'fastcgi_dir' => '/var/www', + } ) } + + it { is_expected.to contain_class('apache') } + it { is_expected.to contain_class('apache::mod::alias') } + it { is_expected.to contain_class('apache::mod::auth_basic') } + it { is_expected.to contain_class('apache::mod::fastcgi') } + it { is_expected.to contain_class('apache::mod::mime') } + it { is_expected.to contain_class('apache::mod::rewrite') } + + it { is_expected.to contain_file('/some/fcgi/filepath') } + + end + end + + describe 'RedHat Family' do + + let :facts do + { + :concat_basedir => '/var/lib/puppet/concat', + :fqdn => 'myhost.domain', + :hostname => 'myhost', + :osfamily => 'RedHat', + :operatingsystem => 'RedHat', + :operatingsystemrelease => '7.2', + :operatingsystemmajrelease => '7', + :pkg_fastcgi => 'libapache2-mod-fastcgi', + } + end + + describe 'activated with default params' do + + let :title do + 'radosgw.gateway' + end + + it { is_expected.to contain_apache__vhost('myhost.domain-radosgw').with( { + 'servername' => 'myhost.domain', + 'serveradmin' => 'root@localhost', + 'port' => 80, + 'docroot' => '/var/www', + 'rewrite_rule' => '^/([a-zA-Z0-9-_.]*)([/]?.*) /s3gw.fcgi?page=$1¶ms=$2&%{QUERY_STRING} [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]', + 'access_log' => true, + 'error_log' => true, + 'fastcgi_server' => '/var/www/s3gw.fcgi', + 'fastcgi_socket' => '/tmp/radosgw.sock', + 'fastcgi_dir' => '/var/www', + })} + + it { is_expected.to contain_class('apache') } + it { is_expected.to contain_class('apache::mod::alias') } + it { is_expected.to contain_class('apache::mod::auth_basic') } + it { is_expected.to contain_class('apache::mod::fastcgi') } + it { is_expected.to contain_class('apache::mod::mime') } + it { is_expected.to contain_class('apache::mod::rewrite') } + + it { is_expected.to contain_file('/var/www/s3gw.fcgi').with({ + 'ensure' => 'file', + 'owner' => 'root', + 'group' => 'root', + 'mode' => '0750', + 'content' => "#!/bin/sh +exec /usr/bin/radosgw -c /etc/ceph/ceph.conf -n radosgw.gateway", + })} + + end + + describe "activated with custom params" do + + let :title do + 'myid' + end + + let :params do + { + :rgw_dns_name => 'mydns.hostname', + :rgw_socket_path => '/some/location/radosgw.sock', + :rgw_port => 1111, + :admin_email => 'admin@hostname', + :fcgi_file => '/some/fcgi/filepath', + :syslog => false, + } + end + + it { is_expected.to contain_apache__vhost('mydns.hostname-radosgw').with( { + 'servername' => 'mydns.hostname', + 'serveradmin' => 'admin@hostname', + 'port' => 1111, + 'docroot' => '/var/www', + 'rewrite_rule' => '^/([a-zA-Z0-9-_.]*)([/]?.*) /s3gw.fcgi?page=$1¶ms=$2&%{QUERY_STRING} [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]', + 'access_log' => false, + 'error_log' => false, + 'fastcgi_server' => '/some/fcgi/filepath', + 'fastcgi_socket' => '/some/location/radosgw.sock', + 'fastcgi_dir' => '/var/www', + } ) } + + it { is_expected.to contain_class('apache') } + it { is_expected.to contain_class('apache::mod::alias') } + it { is_expected.to contain_class('apache::mod::auth_basic') } + it { is_expected.to contain_class('apache::mod::fastcgi') } + it { is_expected.to contain_class('apache::mod::mime') } + it { is_expected.to contain_class('apache::mod::rewrite') } + + it { is_expected.to contain_file('/some/fcgi/filepath') } + + end + end + +end diff --git a/spec/defines/ceph_rgw_apache_proxy_fcgi_spec.rb b/spec/defines/ceph_rgw_apache_proxy_fcgi_spec.rb new file mode 100644 index 00000000..2960aba2 --- /dev/null +++ b/spec/defines/ceph_rgw_apache_proxy_fcgi_spec.rb @@ -0,0 +1,183 @@ +# +# Copyright (C) 2014 Catalyst IT Limited. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Author: Ricardo Rocha +# Author: David Gurtner +# Author: Oleksiy Molchanov +# +require 'spec_helper' + +describe 'ceph::rgw::apache_proxy_fcgi' do + + describe 'Debian Family' do + + let :facts do + { + :concat_basedir => '/var/lib/puppet/concat', + :fqdn => 'myhost.domain', + :hostname => 'myhost', + :osfamily => 'Debian', + :operatingsystem => 'Ubuntu', + :lsbdistid => 'Ubuntu', + :operatingsystemrelease => '14.04', + :lsbdistcodename => 'trusty', + } + end + + describe 'activated with default params' do + + let :title do + 'radosgw.gateway' + end + + it { is_expected.to contain_apache__vhost('myhost.domain-radosgw').with( { + 'servername' => 'myhost.domain', + 'serveradmin' => 'root@localhost', + 'port' => 80, + 'docroot' => '/var/www', + 'access_log' => true, + 'error_log' => true, + 'rewrite_rule' => '.* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]', + 'setenv' => 'proxy-nokeepalive 1', + 'proxy_pass' => {'path' => '/', 'url' => 'fcgi://127.0.0.1:9000/'}, + })} + + it { is_expected.to contain_class('apache') } + it { is_expected.to contain_class('apache::mod::alias') } + it { is_expected.to contain_class('apache::mod::auth_basic') } + it { is_expected.to contain_class('apache::mod::proxy') } + it { is_expected.to contain_class('apache::mod::mime') } + it { is_expected.to contain_class('apache::mod::rewrite') } + + end + + describe "activated with custom params" do + + let :title do + 'myid' + end + + let :params do + { + :rgw_dns_name => 'mydns.hostname', + :rgw_port => 1111, + :admin_email => 'admin@hostname', + :syslog => false, + :proxy_pass => {'path' => '/', 'url' => 'fcgi://127.0.0.1:9999/'}, + } + end + + it { is_expected.to contain_apache__vhost('mydns.hostname-radosgw').with( { + 'servername' => 'mydns.hostname', + 'serveradmin' => 'admin@hostname', + 'port' => 1111, + 'docroot' => '/var/www', + 'access_log' => false, + 'error_log' => false, + 'rewrite_rule' => '.* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]', + 'setenv' => 'proxy-nokeepalive 1', + 'proxy_pass' => {'path' => '/', 'url' => 'fcgi://127.0.0.1:9999/'}, + } ) } + + it { is_expected.to contain_class('apache') } + it { is_expected.to contain_class('apache::mod::alias') } + it { is_expected.to contain_class('apache::mod::auth_basic') } + it { is_expected.to contain_class('apache::mod::proxy') } + it { is_expected.to contain_class('apache::mod::mime') } + it { is_expected.to contain_class('apache::mod::rewrite') } + + end + end + + describe 'RedHat Family' do + + let :facts do + { + :concat_basedir => '/var/lib/puppet/concat', + :fqdn => 'myhost.domain', + :hostname => 'myhost', + :osfamily => 'RedHat', + :operatingsystem => 'RedHat', + :operatingsystemrelease => '7.2', + :operatingsystemmajrelease => '7', + } + end + + describe 'activated with default params' do + + let :title do + 'radosgw.gateway' + end + + it { is_expected.to contain_apache__vhost('myhost.domain-radosgw').with( { + 'servername' => 'myhost.domain', + 'serveradmin' => 'root@localhost', + 'port' => 80, + 'docroot' => '/var/www', + 'access_log' => true, + 'error_log' => true, + 'rewrite_rule' => '.* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]', + 'setenv' => 'proxy-nokeepalive 1', + 'proxy_pass' => {'path' => '/', 'url' => 'fcgi://127.0.0.1:9000/'}, + })} + + it { is_expected.to contain_class('apache') } + it { is_expected.to contain_class('apache::mod::alias') } + it { is_expected.to contain_class('apache::mod::auth_basic') } + it { is_expected.to contain_class('apache::mod::proxy') } + it { is_expected.to contain_class('apache::mod::mime') } + it { is_expected.to contain_class('apache::mod::rewrite') } + + end + + describe "activated with custom params" do + + let :title do + 'myid' + end + + let :params do + { + :rgw_dns_name => 'mydns.hostname', + :rgw_port => 1111, + :admin_email => 'admin@hostname', + :syslog => false, + :proxy_pass => {'path'=>'/', 'url'=>'fcgi://127.0.0.1:9999/'}, + } + end + + it { is_expected.to contain_apache__vhost('mydns.hostname-radosgw').with( { + 'servername' => 'mydns.hostname', + 'serveradmin' => 'admin@hostname', + 'port' => 1111, + 'docroot' => '/var/www', + 'access_log' => false, + 'error_log' => false, + 'rewrite_rule' => '.* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]', + 'setenv' => 'proxy-nokeepalive 1', + 'proxy_pass' => {'path' => '/', 'url' => 'fcgi://127.0.0.1:9999/'}, + } ) } + + it { is_expected.to contain_class('apache') } + it { is_expected.to contain_class('apache::mod::alias') } + it { is_expected.to contain_class('apache::mod::auth_basic') } + it { is_expected.to contain_class('apache::mod::proxy') } + it { is_expected.to contain_class('apache::mod::mime') } + it { is_expected.to contain_class('apache::mod::rewrite') } + + end + end + +end diff --git a/spec/defines/ceph_rgw_apache_spec.rb b/spec/defines/ceph_rgw_apache_spec.rb index 5ccf4573..5a4e45db 100644 --- a/spec/defines/ceph_rgw_apache_spec.rb +++ b/spec/defines/ceph_rgw_apache_spec.rb @@ -1,4 +1,3 @@ -# # Copyright (C) 2014 Catalyst IT Limited. # # Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/spec/defines/ceph_rgw_keystone_spec.rb b/spec/defines/ceph_rgw_keystone_spec.rb index 07008472..a83e297c 100644 --- a/spec/defines/ceph_rgw_keystone_spec.rb +++ b/spec/defines/ceph_rgw_keystone_spec.rb @@ -44,7 +44,7 @@ describe 'ceph::rgw::keystone' do class { 'ceph::repo': fastcgi => true, } include ceph ceph::rgw { 'radosgw.gateway': } - ceph::rgw::apache { 'radosgw.gateway': } + ceph::rgw::apache_fastcgi { 'radosgw.gateway': } " end @@ -93,7 +93,7 @@ openssl x509 -in /tmp/signing -pubkey | certutil -A -d /var/lib/ceph/nss -n sign class { 'ceph': fsid => 'd5252e7d-75bc-4083-85ed-fe51fa83f62b' } class { 'ceph::repo': fastcgi => true, } ceph::rgw { 'radosgw.custom': } - ceph::rgw::apache { 'radosgw.custom': } + ceph::rgw::apache_fastcgi { 'radosgw.custom': } " end @@ -162,7 +162,7 @@ openssl x509 -in /tmp/signing -pubkey | certutil -A -d /some/path/to/nss -n sign class { 'ceph::repo': fastcgi => true, } include ceph ceph::rgw { 'radosgw.gateway': } - ceph::rgw::apache { 'radosgw.gateway': } + ceph::rgw::apache_fastcgi { 'radosgw.gateway': } " end @@ -211,7 +211,7 @@ openssl x509 -in /tmp/signing -pubkey | certutil -A -d /var/lib/ceph/nss -n sign class { 'ceph': fsid => 'd5252e7d-75bc-4083-85ed-fe51fa83f62b' } class { 'ceph::repo': fastcgi => true, } ceph::rgw { 'radosgw.custom': } - ceph::rgw::apache { 'radosgw.custom': } + ceph::rgw::apache_fastcgi { 'radosgw.custom': } " end