openstack
/
puppet-ec2api
Code Issues Proposed changes

Initial commit for puppet-ec2api 

Change-Id: Ied75d3c234eae5533bd6393b4ca2259fbaefa9e4
This commit is contained in:
Marcos Fermin Lobo 2016-02-04 10:04:48 +01:00
parent ae25d3d74c
commit 1cf3cf7ace
46 changed files with 3328 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
.gitignore vendored Normal file
View File

@ -0,0 +1,11 @@
pkg/
Gemfile.lock
vendor/
spec/fixtures/
.vagrant/
.bundle/
coverage/
.idea/
*.swp
*.iml
openstack/

2
.rspec Normal file
View File

@ -0,0 +1,2 @@
--format documentation
--color

39
Gemfile Normal file
View File

@ -0,0 +1,39 @@
source ENV['GEM_SOURCE'] || "https://rubygems.org"
group :development, :test do
gem 'puppetlabs_spec_helper', :require => 'false'
gem 'rspec-puppet', '~> 2.2.0', :require => 'false'
gem 'rspec-puppet-facts', :require => 'false'
gem 'metadata-json-lint', :require => 'false'
gem 'puppet-lint-param-docs', :require => 'false'
gem 'puppet-lint-absolute_classname-check', :require => 'false'
gem 'puppet-lint-absolute_template_path', :require => 'false'
gem 'puppet-lint-trailing_newline-check', :require => 'false'
gem 'puppet-lint-unquoted_string-check', :require => 'false'
gem 'puppet-lint-leading_zero-check', :require => 'false'
gem 'puppet-lint-variable_contains_upcase', :require => 'false'
gem 'puppet-lint-numericvariable', :require => 'false'
gem 'json', :require => 'false'
gem 'puppet-openstack_spec_helper', :require => 'false', :git => 'https://git.openstack.org/openstack/puppet-openstack_spec_helper'
gem 'pry', :require => 'false'
end
group :system_tests do
gem 'beaker-rspec', :require => 'false'
gem 'beaker-puppet_install_helper', :require => 'false'
gem 'r10k', :require => 'false'
end
if facterversion = ENV['FACTER_GEM_VERSION']
gem 'facter', facterversion, :require => false
else
gem 'facter', :require => false
end
if puppetversion = ENV['PUPPET_GEM_VERSION']
gem 'puppet', puppetversion, :require => false
else
gem 'puppet', :require => false
end
# vim:ft=ruby

13
LICENSE Normal file
View File

@ -0,0 +1,13 @@
Copyright 2016 OpenStack Foundation
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

78
README.md Normal file
View File

@ -0,0 +1,78 @@
ec2api
=======
#### Table of Contents
1. [Overview - What is the ec2api module?](#overview)
2. [Module Description - What does the module do?](#module-description)
3. [Setup - The basics of getting started with ec2api](#setup)
4. [Implementation - An under-the-hood peek at what the module is doing](#implementation)
5. [Limitations - OS compatibility, etc.](#limitations)
6. [Development - Guide for contributing to the module](#development)
7. [Contributors - Those with commits](#contributors)
Overview
--------
The ec2api module is a part of [OpenStack](https://www.openstack.org), an effort by the OpenStack infrastructure team to provide continuous integration testing and code review for OpenStack and OpenStack community projects not part of the core software. The module its self is used to flexibly configure and manage the FIXME service for OpenStack.
Module Description
------------------
The ec2api module is a thorough attempt to make Puppet capable of managing the entirety of ec2api. This includes manifests to provision region specific endpoint and database connections. Types are shipped as part of the ec2api module to assist in manipulation of configuration files.
Setup
-----
**What the ec2api module affects**
* [My_module](https://wiki.openstack.org/wiki/My_module), the FIXME service for OpenStack.
### Installing ec2api
ec2api is not currently in Puppet Forge, but is anticipated to be added soon. Once that happens, you'll be able to install ec2api with:
puppet module install openstack/ec2api
### Beginning with ec2api
To utilize the ec2api module's functionality you will need to declare multiple resources.
Implementation
--------------
### ec2api
ec2api is a combination of Puppet manifest and ruby code to delivery configuration and extra functionality through types and providers.
Limitations
------------
* All the ec2api types use the CLI tools and so need to be ran on the ec2api node.
Beaker-Rspec
------------
This module has beaker-rspec tests
To run the tests on the default vagrant node:
```shell
bundle install
bundle exec rake acceptance
```
For more information on writing and running beaker-rspec tests visit the documentation:
* https://github.com/puppetlabs/beaker-rspec/blob/master/README.md
Development
-----------
Developer documentation for the entire puppet-openstack project.
* https://wiki.openstack.org/wiki/Puppet
Contributors
------------
* https://github.com/openstack/puppet-ec2api/graphs/contributors

1
Rakefile Normal file
View File

@ -0,0 +1 @@
require 'puppet-openstack_spec_helper/rake_tasks'

27
lib/puppet/provider/ec2api_api_paste_ini/ini_setting.rb Normal file
View File

@ -0,0 +1,27 @@
Puppet::Type.type(:ec2api_api_paste_ini).provide(
:ini_setting,
:parent => Puppet::Type.type(:openstack_config).provider(:ini_setting)
) do
def section
resource[:name].split('/', 2).first
end
def setting
resource[:name].split('/', 2).last
end
def separator
'='
end
def self.file_path
'/etc/ec2api/api-paste.ini'
end
# added for backwards compatibility with older versions of inifile
def file_path
self.class.file_path
end
end

27
lib/puppet/provider/ec2api_config/ini_setting.rb Normal file
View File

@ -0,0 +1,27 @@
Puppet::Type.type(:ec2api_config).provide(
:ini_setting,
:parent => Puppet::Type.type(:openstack_config).provider(:ini_setting)
) do
def section
resource[:name].split('/', 2).first
end
def setting
resource[:name].split('/', 2).last
end
def separator
'='
end
def self.file_path
'/etc/ec2api/ec2api.conf'
end
# added for backwards compatibility with older versions of inifile
def file_path
self.class.file_path
end
end

56
lib/puppet/type/ec2api_api_paste_ini.rb Normal file
View File

@ -0,0 +1,56 @@
Puppet::Type.newtype(:ec2api_api_paste_ini) do
ensurable do
defaultvalues
defaultto :present
end
newparam(:name, :namevar => true) do
desc 'Section/setting name to manage from /etc/ec2api/api-paste.ini'
newvalues(/\S+\/\S+/)
end
newproperty(:value) do
desc 'The value of the setting to be defined.'
munge do |value|
value = value.to_s.strip
value.capitalize! if value =~ /^(true|false)$/i
value
end
newvalues(/^[\S ]*$/)
def is_to_s( currentvalue )
if resource.secret?
return '[old secret redacted]'
else
return currentvalue
end
end
def should_to_s( newvalue )
if resource.secret?
return '[new secret redacted]'
else
return newvalue
end
end
end
newparam(:secret, :boolean => true) do
desc 'Whether to hide the value from Puppet logs. Defaults to `false`.'
newvalues(:true, :false)
defaultto false
end
newparam(:ensure_absent_val) do
desc 'A value that is specified as the value property will behave as if ensure => absent was specified'
defaultto('<SERVICE DEFAULT>')
end
autorequire(:package) do
'ec2api'
end
end

56
lib/puppet/type/ec2api_config.rb Normal file
View File

@ -0,0 +1,56 @@
Puppet::Type.newtype(:ec2api_config) do
ensurable do
defaultvalues
defaultto :present
end
newparam(:name, :namevar => true) do
desc 'Section/setting name to manage from /etc/ec2api/ec2api.conf'
newvalues(/\S+\/\S+/)
end
newproperty(:value) do
desc 'The value of the setting to be defined.'
munge do |value|
value = value.to_s.strip
value.capitalize! if value =~ /^(true|false)$/i
value
end
newvalues(/^[\S ]*$/)
def is_to_s( currentvalue )
if resource.secret?
return '[old secret redacted]'
else
return currentvalue
end
end
def should_to_s( newvalue )
if resource.secret?
return '[new secret redacted]'
else
return newvalue
end
end
end
newparam(:secret, :boolean => true) do
desc 'Whether to hide the value from Puppet logs. Defaults to `false`.'
newvalues(:true, :false)
defaultto false
end
newparam(:ensure_absent_val) do
desc 'A value that is specified as the value property will behave as if ensure => absent was specified'
defaultto('<SERVICE DEFAULT>')
end
autorequire(:package) do
'ec2api'
end
end

549
manifests/api.pp Normal file
View File

@ -0,0 +1,549 @@
# == Class: ec2api::api
#
# EC2 API class to configure the API service via puppet.
#
# === Parameters
#
# [*debug*]
# Print debugging output (set logging level to DEBUG instead of default
# WARNING level). Defaults to false
#
# [*verbose*]
# Print more verbose output (set logging level to INFO instead of default
# WARNING level). Defaults to false
#
# [*admin_user*]
# The user does not need admin credentials into the project
# Admin use. Defaults to undef
#
# [*admin_password*]
# Admin password. Defaults to undef
#
# [*admin_tenant_name*]
# Admin tenant name. Defaults to undef
#
# [*fatal_exception_format_errors*]
# Make exception message format errors fatal. Defaults false
#
# [*ec2api_listen*]
# The IP address on which the EC2 API will listen. Default '0.0.0.0'
#
# [*ec2api_listen_port*]
# The port on which the EC2 API will listen. Default 8788
#
# [*ec2api_use_ssl*]
# Enable ssl connections or not for EC2 API. Default false
#
# [*ec2api_workers*]
# Number of workers for EC2 API service. The default will be equal to the
# number of CPUs available. Default undef
#
# [*metadata_listen*]
# The IP address on which the metadata API will listen. Default '0.0.0.0'
#
# [*metadata_listen_port*]
# The port on which the metadata API will listen. Default 8789
#
# [*metadata_use_ssl*]
# Enable ssl connections or not for EC2 API Metadata. Default false
#
# [*metadata_workers*]
# Number of workers for metadata service. The default will be the number of
# CPUs available. Default undef
#
# [*service_down_time*]
# Maximum time since last check-in for up service. Default 60
#
# [*api_paste_config*]
# File name for the paste.deploy config for ec2api (string
# value). Defaults to 'api-paste.ini'
#
# [*log_dir*]
# Directory to save the logs. Defaults '/var/log/ec2api'
#
# [*use_ssl*]
# Server will work under SSL. Defaults false
#
# [*wsgi_ssl_ca_file*]
# (optional) CA certificate file to use to verify connecting clients
# Defaults to false, not set
#
# [*wsgi_ssl_cert_file*]
# (optinal) Certificate file to use when starting API server securely
# Defaults to false, not set
#
# [*wsgi_ssl_key_file*]
# (optional) Private key file to use when starting API server securely
# Defaults to false, not set
#
# [*database_use_tpool*]
# (optional) Use of thread pooling for all DB API calls.
# Defaults to false
#
# [*keystone_url*]
# URL to get token from ec2 request. (string value).
# Defaults to 'http://localhost:5000/v2.0'#
#
# [*keystone_ec2_tokens_url*]
# URL to get token from ec2 request.(string value).
# Defaults to '$keystone_url/ec2tokens'
#
# [*ec2_timestamp_expiry*]
# Time in seconds before ec2 timestamp expires
# Defaults 300
#
# [*api_rate_limit*]
# Whether to use per-user rate limiting for the api.
# Defaults false, not set
#
# [*use_forwarded_for*]
# Treat X-Forwarded-For as the canonical remote address. Only enable this if
# you have a sanitizing proxy.
# Defaults false, not set
#
# [*internal_service_availability_zone*]
# The availability_zone to show internal services under
# Defaults internal
#
# [*my_ip*]
# IP address of this host
# Defaults '10.0.0.1'
#
# [*ec2_host*]
# The IP address of the EC2 API server
# Defaults $my_ip
#
# [*ec2_port*]
# The port of the EC2 API server
# Defaults 8788
#
# [*ec2_scheme*]
# The protocol to use when connecting to the EC2 API server (http, https)
# Defaults 'http'
#
# [*ec2_path*]
# The path prefix used to call the ec2 API server
# Defaults '/'
#
# [*region_list*]
# List of region=fqdn pairs separated by commas
# Defaults undef
#
# [*full_vpc_support*]
# True if server supports Neutron for full VPC access
# Defaults true
#
# [*network_device_mtu*]
# MTU size to set by DHCP for instances. Corresponds with the
# network_device_mtu in ec2api.conf.
# Defaults 1500
#
# [*cert_topic*]
# The topic cert nodes listen on
# Defaulst 'cert'
#
# [*image_decryption_dir*]
# Parent directory for tempdir used for image decryption
# Defaults '/tmp'
#
# [*s3_host*]
# Hostname or IP for OpenStack to use when accessing the S3
# Defaults '10.0.0.1'
#
# [*s3_port*]
# Port used when accessing the S3 api
# Defaults 3334
#
# [*s3_use_ssl*]
# Whether to use SSL when talking to S3
# Defaults false, not set
#
# [*s3_affix_tenant*]
# Whether to affix the tenant id to the access key when downloading from S3
# Defaults false, not set
#
# [*ec2_private_dns_show_ip*]
# Return the IP address as private dns hostname in describe instances
# Defaults false, not set
#
# [*external_network*]
# Name of the external network, which is used to connectVPCs to Internet and
# to allocate Elastic IPs
# Defaults undef
#
# [*s3_listen*]
# IP address for S3 API to listen
# Defaults '0.0.0.0'
#
# [*s3_listen_port*]
# Port for S3 API to listen
# Defaults 3334
#
# [*database_connection*]
# (optional) The SQLAlchemy connection string to use to connect to the
# database. By default is SQLite backend and is installed in:
# /usr/lib/python2.7/site-packages/
# Defaults to 'sqlite:////var/lib/ec2api/ec2api.sqlite'
#
# [*auth_uri*]
# Complete public Identity API endpoint
# Defaults 'http://localhost:5000/'
#
# [*identity_uri*]
# Complete admin Identity API endpoint. This should specify the unversioned
# root endpoint
# Defaults 'http://localhost:35357/'
#
# [*auth_version*]
# API version of the admin Identity API endpoint
# Defaults 'v2.0'
#
# [*delay_auth_decision*]
# Do not handle authorization requests within the middleware, but delegate
# the authorization decision to downstream WSGI components
# Defaults false, not set
#
# [*http_connect_timeout*]
# Request timeout value for communicating with Identity API server
# Defaults undef
#
# [*http_request_max_retries*]
# How many times are we trying to reconnect when communicating with
# Identity API Server
# Defaults 3
#
# [*admin_token*]
# This option is deprecated and may be removed in a future release. Single
# shared secret with the Keystone configuration used for bootstrapping a
# Keystone installation, or otherwise bypassing the normal authentication
# process. This option should not be used, use `admin_user` and
# `admin_password` instead
# Defaults undef
#
# [*keystone_admin_user*]
# Keystone account username
# Defaults 'ec2api'
#
# [*keystone_admin_password*]
# Keystone account password
# Defaults undef
#
# [*keystone_admin_tenant_name*]
# Keystone service account tenant name to validate user tokens
# Defaults 'services'
#
# [*keystone_certfile*]
# Required if Keystone server requires client certificate
# Defaults undef
#
# [*keystone_keyfile*]
# Required if Keystone server requires client certificate
# Defaults undef
#
# [*keystone_cafile*]
# A PEM encoded Certificate Authority to use when verifying HTTPs
# connections. Defaults to system CAs.
# Defaults undef
#
# [*insecure*]
# Verify HTTPS connections
# Defaults false
#
# [*signing_dir*]
# Directory used to cache files related to PKI tokens
# Defaults undef
#
# [*memcached_servers*]
# Optionally specify a list of memcached server(s) to use for caching. If
# left undefined, tokens will instead be cached in-process.
# Defaults undef
#
# [*token_cache_time*]
# In order to prevent excessive effort spent validating tokens, the
# middleware caches previously-seen tokens for a configurable duration
# (in seconds). Set to -1 to disable caching completely
# Defaults 300
#
# [*revocation_cache_time*]
# Determines the frequency at which the list of revoked tokens is retrieved
# from the Identity service (in seconds). A high number of revocation events
# combined with a low cache duration may significantly reduce performance
# Defaults 10
#
# [*memcache_security_strategy*]
# (optional) if defined, indicate whether token data should be
# authenticated or authenticated and encrypted. Acceptable values are MAC
# or ENCRYPT. If MAC, token data is authenticated (with HMAC) in the
# cache. If ENCRYPT, token data is encrypted and authenticated in the
# cache. If the value is not one of these options or empty, auth_token will
# raise an exception on initialization
# Defaults undef
#
# [*memcache_secret_key*]
# (optional, mandatory if memcache_security_strategy is defined) this string
# is used for key derivation
# Defaults undef
#
# [*include_service_catalog*]
# (optional) indicate whether to set the X-Service-Catalog header. If False,
# middleware will not ask for service catalog on token validation and
# will not set the X-Service-Catalog header
# Defaults true
#
# [*enforce_token_bind*]
# Used to control the use and type of token binding. Can be set to:
# "disabled" to not check token binding. "permissive" (default) to
# validate binding information if the bind type is of a form known to the
# server and ignore it if not. "strict" like "permissive" but if the bind
# type is unknown the token will be rejected. "required" any form of token
# binding is needed to be allowed. Finally the name of a binding method that
# must be present in tokens
# Defaults 'permissive'
#
# [*check_revocations_for_cached*]
# Used to control the use and type of token binding. Can be set to:
# "disabled" to not check token binding. "permissive" (default) to validate
# binding information if the bind type is of a form known to the server and
# ignore it if not. "strict" like "permissive" but if the bind type is
# unknown the token will be rejected. "required" any form of token binding
# is needed to be allowed. Finally the name of a binding method that must
# be present in tokens
# Defaults false
#
# [*hash_algorithms*]
# Hash algorithms to use for hashing PKI tokens. This may be a single
# algorithm or multiple. The algorithms are those supported by Python
# standard hashlib.new(). The hashes will be tried in the order given, so
# put the preferred one first for performance. The result of the first hash
# will be stored in the cache. This will typically be set to multiple values
# only while migrating from a less secure algorithm to a more secure one.
# Once all the old tokens are expired this option should be set to a single
# value for better performance
# Defaults 'md5'
#
# [*api_service_manage*]
# Should the API service actually be managed by Puppet?
# Default: true
#
# [*api_service_name*]
# The real system name of the API service.
# Default: openstack-ec2-api
#
# [*api_service_enable*]
# Should the service be enabled and started (true) of disabled and stopped (false).
# Default: true
#
# [*api_service_provider*]
# Override the Puppet provider used to manage the service.
# Default: undef
#
class ec2api::api (
$debug = $ec2api::params::debug,
$verbose = $ec2api::params::verbose,
$admin_user = $ec2api::params::admin_user,
$admin_password = $ec2api::params::admin_password,
$admin_tenant_name = $ec2api::params::admin_tenant_name,
$fatal_exception_format_errors = $ec2api::params::fatal_exception_format_errors,
$ec2api_listen = $ec2api::params::ec2api_listen,
$ec2api_listen_port = $ec2api::params::ec2api_listen_port,
$ec2api_use_ssl = $ec2api::params::ec2api_use_ssl,
$ec2api_workers = $ec2api::params::ec2api_workers,
$metadata_listen = $ec2api::params::metadata_listen,
$metadata_listen_port = $ec2api::params::metadata_listen_port,
$metadata_use_ssl = $ec2api::params::metadata_use_ssl,
$metadata_workers = $ec2api::params::metadata_workers,
$service_down_time = $ec2api::params::service_down_time,
$api_paste_config = $ec2api::params::api_paste_config,
$use_ssl = $ec2api::params::use_ssl,
$wsgi_ssl_ca_file = $ec2api::params::wsgi_ssl_ca_file,
$wsgi_ssl_cert_file = $ec2api::params::wsgi_ssl_cert_file,
$wsgi_ssl_key_file = $ec2api::params::wsgi_ssl_key_file,
$database_use_tpool = $ec2api::params::database_use_tpool,
$keystone_url = $ec2api::params::keystone_url,
$keystone_ec2_tokens_url = $ec2api::params::keystone_ec2_tokens_url,
$ec2_timestamp_expiry = $ec2api::params::ec2_timestamp_expiry,
$api_rate_limit = $ec2api::params::api_rate_limit,
$use_forwarded_for = $ec2api::params::use_forwarded_for,
$internal_service_availability_zone = $ec2api::params::internal_service_availability_zone,
$my_ip = $ec2api::params::my_ip,
$ec2_host = $ec2api::params::ec2_host,
$ec2_port = $ec2api::params::ec2_port,
$ec2_scheme = $ec2api::params::ec2_scheme,
$ec2_path = $ec2api::params::ec2_path,
$region_list = $ec2api::params::region_list,
$full_vpc_support = $ec2api::params::full_vpc_support,
$network_device_mtu = $ec2api::params::network_device_mtu,
$cert_topic = $ec2api::params::cert_topic,
$image_decryption_dir = $ec2api::params::image_decryption_dir,
$s3_host = $ec2api::params::s3_host,
$s3_port = $ec2api::params::s3_port,
$s3_use_ssl = $ec2api::params::s3_use_ssl,
$s3_affix_tenant = $ec2api::params::s3_affix_tenant,
$ec2_private_dns_show_ip = $ec2api::params::ec2_private_dns_show_ip,
$external_network = $ec2api::params::external_network,
$s3_listen = $ec2api::params::s3_listen,
$s3_listen_port = $ec2api::params::s3_listen_port,
$log_dir = $ec2api::params::log_dir,
$database_connection = $ec2api::params::database_connection,
$auth_uri = $ec2api::params::auth_uri,
$identity_uri = $ec2api::params::identity_uri,
$auth_version = $ec2api::params::auth_version,
$delay_auth_decision = $ec2api::params::delay_auth_decision,
$http_connect_timeout = $ec2api::params::http_connect_timeout,
$http_request_max_retries = $ec2api::params::http_request_max_retries,
$admin_token = $ec2api::params::admin_token,
$keystone_admin_user = $ec2api::params::keystone_admin_user,
$keystone_admin_password = $ec2api::params::keystone_admin_password,
$keystone_admin_tenant_name = $ec2api::params::keystone_admin_tenant_name,
$keystone_certfile = $ec2api::params::keystone_certfile,
$keystone_keyfile = $ec2api::params::keystone_keyfile,
$keystone_cafile = $ec2api::params::keystone_cafile,
$insecure = $ec2api::params::insecure,
$signing_dir = $ec2api::params::signing_dir,
$memcached_servers = $ec2api::params::memcached_servers,
$token_cache_time = $ec2api::params::token_cache_time,
$revocation_cache_time = $ec2api::params::revocation_cache_time,
$memcache_security_strategy = $ec2api::params::memcache_security_strategy,
$memcache_secret_key = $ec2api::params::memcache_secret_key,
$include_service_catalog = $ec2api::params::include_service_catalog,
$enforce_token_bind = $ec2api::params::enforce_token_bind,
$check_revocations_for_cached = $ec2api::params::check_revocations_for_cached,
$hash_algorithms = $ec2api::params::hash_algorithms,
$api_service_manage = $ec2api::params::api_service_manage,
$api_service_name = $ec2api::params::api_service_name,
$api_service_enable = $ec2api::params::api_service_enable,
$api_service_provider = $ec2api::params::api_service_provider,
) inherits ::ec2api::params {
validate_bool($api_service_manage)
validate_string($api_service_name)
validate_bool($api_service_enable)
if $use_ssl {
if !$wsgi_ssl_cert_file {
fail("The wsgi_ssl_cert_file parameter is required when use_ssl is \
set to true")
}
if !$wsgi_ssl_key_file {
fail("The wsgi_ssl_key_file parameter is required when use_ssl is \
set to true")
}
}
ec2api_config {
'DEFAULT/debug': value => $debug;
'DEFAULT/verbose': value => $verbose;
'DEFAULT/admin_user': value => $admin_user;
'DEFAULT/admin_password': value => $admin_password;
'DEFAULT/admin_tenant_name': value => $admin_tenant_name;
'DEFAULT/fatal_exception_format_errors': value => $fatal_exception_format_errors;
'DEFAULT/ec2api_listen': value => $ec2api_listen;
'DEFAULT/ec2api_listen_port': value => $ec2api_listen_port;
'DEFAULT/ec2api_use_ssl': value => $ec2api_use_ssl;
'DEFAULT/ec2api_workers': value => $ec2api_workers;
'DEFAULT/metadata_listen': value => $metadata_listen;
'DEFAULT/metadata_listen_port': value => $metadata_listen_port;
'DEFAULT/metadata_use_ssl': value => $metadata_use_ssl;
'DEFAULT/metadata_workers': value => $metadata_workers;
'DEFAULT/service_down_time': value => $service_down_time;
'DEFAULT/api_paste_config': value => $api_paste_config;
'database/use_tpool': value => $database_use_tpool;
'database/connection': value => $database_connection;
'DEFAULT/keystone_url': value => $keystone_url;
'DEFAULT/keystone_ec2_tokens_url': value => $keystone_ec2_tokens_url;
'DEFAULT/ec2_timestamp_expiry': value => $ec2_timestamp_expiry;
'DEFAULT/api_rate_limit': value => $api_rate_limit;
'DEFAULT/use_forwarded_for': value => $use_forwarded_for;
'DEFAULT/internal_service_availability_zone': value => $internal_service_availability_zone;
'DEFAULT/my_ip': value => $my_ip;
# 'DEFAULT/ec2_host': value => $ec2_host;
'DEFAULT/ec2_port': value => $ec2_port;
'DEFAULT/ec2_scheme': value => $ec2_scheme;
'DEFAULT/ec2_path': value => $ec2_path;
'DEFAULT/region_list': value => $region_list;
'DEFAULT/full_vpc_support': value => $full_vpc_support;
'DEFAULT/network_device_mtu': value => $network_device_mtu;
'DEFAULT/cert_topic': value => $cert_topic;
'DEFAULT/image_decryption_dir': value => $image_decryption_dir;
'DEFAULT/s3_host': value => $s3_host;
'DEFAULT/s3_port': value => $s3_port;
'DEFAULT/s3_listen': value => $s3_listen;
'DEFAULT/s3_use_ssl': value => $s3_use_ssl;
'DEFAULT/s3_affix_tenant': value => $s3_affix_tenant;
'DEFAULT/ec2_private_dns_show_ip': value => $ec2_private_dns_show_ip;
'DEFAULT/external_network': value => $external_network;
'keystone_authtoken/auth_uri': value => $auth_uri;
'keystone_authtoken/identity_uri': value => $identity_uri;
'keystone_authtoken/auth_version': value => $auth_version;
'keystone_authtoken/delay_auth_decision': value => $delay_auth_decision;
'keystone_authtoken/http_connect_timeout': value => $http_connect_timeout;
'keystone_authtoken/http_request_max_retries': value => $http_request_max_retries;
'keystone_authtoken/admin_token': value => $admin_token;
'keystone_authtoken/admin_user': value => $keystone_admin_user;
'keystone_authtoken/admin_tenant': value => $keystone_admin_tenant_name;
'keystone_authtoken/admin_password': value => $keystone_admin_password;
'keystone_authtoken/certfile': value => $keystone_certfile;
'keystone_authtoken/keyfile': value => $keystone_keyfile;
'keystone_authtoken/cafile': value => $keystone_cafile;
'keystone_authtoken/insecure': value => $insecure;
'keystone_authtoken/signing_dir': value => $signing_dir;
'keystone_authtoken/memcached_servers': value => $memcached_servers;
'keystone_authtoken/token_cache_time': value => $token_cache_time;
'keystone_authtoken/revocation_cache_time': value => $revocation_cache_time;
'keystone_authtoken/memcache_security_strategy': value => $memcache_security_strategy;
'keystone_authtoken/memcache_secret_key': value => $memcache_secret_key;
'keystone_authtoken/include_service_catalog': value => $include_service_catalog;
'keystone_authtoken/enforce_token_bind': value => $enforce_token_bind;
'keystone_authtoken/check_revocations_for_cached': value => $check_revocations_for_cached;
'keystone_authtoken/hash_algorithms': value => $hash_algorithms;
}
# SSL options
if $use_ssl {
if $wsgi_ssl_ca_file {
ec2api_config { 'DEFAULT/ssl_ca_file': value => $wsgi_ssl_ca_file }
} else {
ec2api_config { 'DEFAULT/ssl_ca_file': ensure => 'absent' }
}
if $wsgi_ssl_cert_file {
ec2api_config { 'DEFAULT/ssl_cert_file': value => $wsgi_ssl_cert_file }
} else {
ec2api_config { 'DEFAULT/ssl_cert_file': ensure => 'absent' }
}
if $wsgi_ssl_key_file {
ec2api_config { 'DEFAULT/ssl_key_file': value => $wsgi_ssl_key_file }
} else {
ec2api_config { 'DEFAULT/ssl_key_file': ensure => 'absent' }
}
} else {
ec2api_config {
'DEFAULT/ssl_cert_file' : ensure => 'absent';
'DEFAULT/ssl_key_file' : ensure => 'absent';
'DEFAULT/ssl_ca_file' : ensure => 'absent';
}
}
if $api_service_enable {
$api_service_ensure = 'running'
} else {
$api_service_ensure = 'stopped'
}
if $api_service_manage {
service { 'openstack-ec2api-api-service' :
ensure => $api_service_ensure,
name => $api_service_name,
enable => $api_service_enable,
hasstatus => true,
hasrestart => true,
provider => $api_service_provider,
}
Ec2api_config <||> ~>
Service['openstack-ec2api-api-service']
}
}

93
manifests/config.pp Normal file
View File

@ -0,0 +1,93 @@
# == Class: ec2api::config
#
# This class is used to manage arbitrary ec2api configurations.
#
# === Parameters
#
# [*config_file_path*]
# The path to the main EC2 API config file.
# Cannot be changed because of ac2api_config type.
# Default: /etc/ec2api/ec2api.conf
#
# [*paste_ini_file_path*]
# The path to the EC2 API paste init file
# Cannot be changed because of ec2api_api_paste_ini type.
# Default: /etc/ec2api/api-paste.ini
#
# [*config_file_owner*]
# The owner user of both config files.
# Default: ec2api
#
# [*config_file_group*]
# The owner group of both config files.
# Default: ec2api
#
# [*config_file_mode*]
# The Unix access mode of both config files.
# Default: 0644
#
# [*config_options*]
# (optional) Allow configuration of arbitrary ec2api configurations.
#
# The value is an hash of ec2api_config resources. Example:
# { 'DEFAULT/foo' => { value => 'fooValue'},
# 'DEFAULT/bar' => { value => 'barValue'}
# }
#
# In yaml format, Example:
# ec2api_config:
# DEFAULT/foo:
# value: fooValue
# DEFAULT/bar:
# value: barValue
#
# [*paste_ini_options*]
# (optional) Allow configuration of /etc/ec2api/api-paste.ini configurations.
#
# NOTE: The configuration MUST NOT be already handled by this module
# or Puppet catalog compilation will fail with duplicate resources.
#
class ec2api::config (
$config_file_path = $::ec2api::params::config_file_path,
$paste_ini_file_path = $::ec2api::params::paste_ini_file_path,
$config_file_owner = $::ec2api::params::config_file_owner,
$config_file_group = $::ec2api::params::config_file_group,
$config_file_mode = $::ec2api::params::config_file_mode,
$config_options = {},
$paste_ini_options = {},
) inherits ::ec2api::params {
validate_absolute_path($config_file_path)
validate_absolute_path($paste_ini_file_path)
validate_string($config_file_owner)
validate_string($config_file_group)
validate_string($config_file_mode)
validate_hash($config_options)
validate_hash($paste_ini_options)
file { 'ec2-api-config-file' :
ensure => 'present',
path => $config_file_path,
owner => $config_file_owner,
group => $config_file_group,
mode => $config_file_mode,
}
file { 'ec2-api-paste-ini-file' :
ensure => 'present',
path => $paste_ini_file_path,
owner => $config_file_owner,
group => $config_file_group,
mode => $config_file_mode,
}
File['ec2-api-config-file'] ->
Ec2api_config <||>
File['ec2-api-paste-ini-file'] ->
Ec2api_api_paste_ini <||>
create_resources('ec2api_config', $config_options)
create_resources('ec2api_api_paste_ini', $paste_ini_options)
}

74
manifests/db/mysql.pp Normal file
View File

@ -0,0 +1,74 @@
# The ec2api::db::mysql class implements mysql backend for ec2api
#
# This class can be used to create tables, users and grant
# privelege for a mysql ec2api database.
#
# == parameters
#
# [*password*]
# Password to connect to the database.
# Defaults to 'CHANGEME'.
#
# [*dbname*]
# (Optional) Name of the database.
# Defaults to 'ec2api'.
#
# [*user*]
# (Optional) User to connect to the database.
# Defaults to 'ec2api'.
#
# [*host*]
# (Optional) The default source host user is allowed to connect from.
# Defaults to '127.0.0.1'
#
# [*allowed_hosts*]
# (Optional) Other hosts the user is allowed to connect from.
# Defaults to 'undef'.
#
# [*charset*]
# (Optional) The database charset.
# Defaults to 'utf8'
#
# [*collate*]
# (Optional) The database collate.
# Only used with mysql modules >= 2.2.
# Defaults to 'utf8_general_ci'
#
# == Dependencies
# Class['mysql::server']
#
# == Examples
#
# == Authors
#
# == Copyright
#
class ec2api::db::mysql (
$password = $::ec2api::params::db_password,
$user = $::ec2api::params::db_user,
$dbname = $::ec2api::params::db_name,
$host = '127.0.0.1',
$charset = 'utf8',
$collate = 'utf8_general_ci',
$allowed_hosts = undef
) inherits ::ec2api::params {
validate_string($password)
validate_string($dbname)
validate_string($user)
validate_string($host)
validate_string($charset)
validate_string($collate)
::openstacklib::db::mysql { 'ec2api':
user => $user,
password_hash => mysql_password($password),
dbname => $dbname,
host => $host,
charset => $charset,
collate => $collate,
allowed_hosts => $allowed_hosts,
}
::Openstacklib::Db::Mysql['ec2api'] ~>
Exec<| title == 'ec2-api-manage db_sync' |>
}

58
manifests/db/postgresql.pp Normal file
View File

@ -0,0 +1,58 @@
# == Class: ec2api::db::postgresql
#
# Class that configures postgresql for ec2api
# Requires the Puppetlabs postgresql module.
#
# === Parameters
#
# [*password*]
# Password to connect to the database.
# Default: CHANGEME
#
# [*dbname*]
# (Optional) Name of the database.
# Defaults to 'ec2api'.
#
# [*user*]
# (Optional) User to connect to the database.
# Defaults to 'ec2api'.
#
# [*encoding*]
# (Optional) The charset to use for the database.
# Default to undef.
#
# [*privileges*]
# (Optional) Privileges given to the database user.
# Default to 'ALL'
#
# == Dependencies
#
# == Examples
#
# == Authors
#
# == Copyright
#
class ec2api::db::postgresql (
$password = $::ec2api::params::db_password,
$user = $::ec2api::params::db_user,
$dbname = $::ec2api::params::db_name,
$encoding = undef,
$privileges = 'ALL',
) inherits ::ec2api::params {
Class['ec2api::db::postgresql'] ->
Service<| title == 'ec2api' |>
::openstacklib::db::postgresql { 'ec2api':
password_hash => postgresql_password($user, $password),
dbname => $dbname,
user => $user,
encoding => $encoding,
privileges => $privileges,
}
::Openstacklib::Db::Postgresql['ec2api'] ~>
Exec<| title == 'ec2-api-manage db_sync' |>
}

38
manifests/db/sync.pp Normal file
View File

@ -0,0 +1,38 @@
# == Class: ec2api::db::sync
#
# Class to execute "ec2api-manage db_sync
#
# === Parameters
#
# [*system_user*]
# Run db_sync from this system user account.
# Default: ec2api
#
class ec2api::db::sync(
$system_user = $::ec2api::params::system_user,
) inherits ::ec2api::params {
exec { 'ec2api_db_sync' :
command => 'ec2api-manage db_sync',
path => '/usr/bin',
user => $system_user,
refreshonly => true,
}
Package <| title == 'ec2api' |> ~>
Exec['ec2api_db_sync']
Ec2api_config <| title == 'database/connection' |> ~>
Exec['ec2api_db_sync']
User <| title == 'ec2api' |> ->
Exec['ec2api_db_sync']
Exec['ec2api_db_sync'] ~>
Service<| title == 'openstack-ec2api-api-service' |>
Exec['ec2api_db_sync'] ~>
Service<| title == 'openstack-ec2-api-metadata' |>
Exec['ec2api_db_sync'] ~>
Service<| title == 'openstack-ec2-api-s3' |>
}

10
manifests/init.pp Normal file
View File

@ -0,0 +1,10 @@
# == Class: ec2api
#
# Main EC2 API class to configure the service via puppet.
#
class ec2api(
) inherits ::ec2api::params {
#TODO: include here: install, config, logging
#TODO: include externally: db, keystone, api, metsadata, s3
}

43
manifests/install.pp Normal file
View File

@ -0,0 +1,43 @@
# == Class: ec2api::install
#
# Installs the packages for the Nova ec2 api services
#
# [*package_manage*]
# Should the package be actually managed by Puppet?
# Default: true
#
# [*package_ensure*]
# The package ensure value. Can be present/absent/latest/purged
# or the exact package version number.
# Default: present
#
# [*package_name*]
# The real package name.
# Default: openstack-ec2-api
#
# [*package_provider*]
# Override the provider used to manage the package.
# Default: undef
#
class ec2api::install (
$package_manage = $::ec2api::params::package_manage,
$package_ensure = $::ec2api::params::package_ensure,
$package_name = $::ec2api::params::package_name,
$package_provider = $::ec2api::params::package_provider,
) inherits ::ec2api::params {
if $package_manage {
package { 'ec2api':
ensure => $package_ensure,
name => $package_name,
provider => $package_provider,
}
Package['ec2api'] ->
File <| title == 'ec2-api-config-file' |>
Package['ec2api'] ->
File <| title == 'ec2-api-paste-ini-file' |>
}
}

136
manifests/keystone/auth.pp Normal file
View File

@ -0,0 +1,136 @@
# == Class: ec2api::keystone::auth
#
# Configures ec2api user, service and endpoint in Keystone.
#
# === Parameters
#
# [*password*]
# (required) Password for ec2api user.
#
# [*auth_name*]
# Username for ec2api service. Defaults to 'ec2api'.
#
# [*email*]
# Email for ec2api user. Defaults to 'ec2api@localhost'.
#
# [*tenant*]
# Tenant for ec2api user. Defaults to 'services'.
#
# [*configure_endpoint*]
# Should ec2api endpoint be configured? Defaults to 'true'.
#
# [*configure_user*]
# (Optional) Should the service user be configured?
# Defaults to 'true'.
#
# [*configure_user_role*]
# (Optional) Should the admin role be configured for the service user?
# Defaults to 'true'.
#
# [*service_type*]
# Type of service. Defaults to 'ec2api'.
#
# [*public_protocol*]
# Protocol for public endpoint. Defaults to 'http'.
#
# [*public_address*]
# Public address for endpoint. Defaults to '127.0.0.1'.
#
# [*admin_protocol*]
# Protocol for admin endpoint. Defaults to 'http'.
#
# [*admin_address*]
# Admin address for endpoint. Defaults to '127.0.0.1'.
#
# [*internal_protocol*]
# Protocol for internal endpoint. Defaults to 'http'.
#
# [*internal_address*]
# Internal address for endpoint. Defaults to '127.0.0.1'.
#
# [*port*]
# Port for endpoint. Defaults to '8788'.
#
# [*public_port*]
# Port for public endpoint. Defaults to $port.
#
# [*region*]
# Region for endpoint. Defaults to 'RegionOne'.
#
# [*service_name*]
# (optional) Name of the service.
# Defaults to the value of auth_name.
#
# [*service_description*]
# (optional) Description of the service
#
class ec2api::keystone::auth (
$password = $ec2api::params::password,
$auth_name = $ec2api::params::auth_name,
$email = $ec2api::params::email,
$tenant = $ec2api::params::tenant,
$configure_endpoint = $ec2api::params::configure_endpoint,
$configure_user = $ec2api::params::configure_user,
$configure_user_role = $ec2api::params::configure_user_role,
$service_name = $ec2api::params::service_name,
$service_description = $ec2api::params::service_description,
$service_type = $ec2api::params::service_type,
$public_protocol = $ec2api::params::public_protocol,
$public_address = $ec2api::params::public_address,
$admin_protocol = $ec2api::params::admin_protocol,
$admin_address = $ec2api::params::admin_address,
$internal_protocol = $ec2api::params::internal_protocol,
$internal_address = $ec2api::params::internal_address,
$port = $ec2api::params::port,
$public_port = $ec2api::params::public_port,
$region = $ec2api::params::region,
) inherits ::ec2api::params {
validate_string($password)
validate_string($auth_name)
validate_string($email)
validate_string($tenant)
validate_bool($configure_endpoint)
validate_bool($configure_user)
validate_bool($configure_user_role)
$real_service_name = pick($service_name, $auth_name)
$real_public_port = pick($public_port, $port)
if $configure_user_role {
Keystone_user_role["${auth_name}@${tenant}"] ~>
Service <| title == 'openstack-ec2api-api-service' |>
Keystone_user_role["${auth_name}@${tenant}"] ~>
Service <| title == 'openstack-ec2-api-metadata' |>
Keystone_user_role["${auth_name}@${tenant}"] ~>
Service <| title == 'openstack-ec2-api-s3' |>
}
Keystone_endpoint["${region}/${real_service_name}"] ~>
Service <| title == 'openstack-ec2api-api-service' |>
Keystone_endpoint["${region}/${real_service_name}"] ~>
Service <| title == 'openstack-ec2-api-metadata' |>
Keystone_endpoint["${region}/${real_service_name}"] ~>
Service <| title == 'openstack-ec2-api-s3' |>
keystone::resource::service_identity { 'ec2api':
configure_user => $configure_user,
configure_user_role => $configure_user_role,
configure_endpoint => $configure_endpoint,
service_name => $real_service_name,
service_type => $service_type,
service_description => $service_description,
region => $region,
auth_name => $auth_name,
password => $password,
email => $email,
tenant => $tenant,
public_url => "${public_protocol}://${public_address}:${real_public_port}/",
internal_url => "${internal_protocol}://${internal_address}:${port}/",
admin_url => "${admin_protocol}://${admin_address}:${port}/",
}
}

195
manifests/logging.pp Normal file
View File

@ -0,0 +1,195 @@
# Class ec2api::logging
#
# ec2api extended logging configuration
#
# == Parameters
#
# [*logging_context_format_string*]
# (optional) Format string to use for log messages with context.
# Defaults to undef.
# Example: '%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s\
# [%(request_id)s %(user_identity)s] %(instance)s%(message)s'
#
# [*logging_default_format_string*]
# (optional) Format string to use for log messages without context.
# Defaults to undef.
# Example: '%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s\
# [-] %(instance)s%(message)s'
#
# [*logging_debug_format_suffix*]
# (optional) Formatted data to append to log format when level is DEBUG.
# Defaults to undef.
# Example: '%(funcName)s %(pathname)s:%(lineno)d'
#
# [*logging_exception_prefix*]
# (optional) Prefix each line of exception output with this format.
# Defaults to undef.
# Example: '%(asctime)s.%(msecs)03d %(process)d TRACE %(name)s %(instance)s'
#
# [*log_config_append*]
# The name of an additional logging configuration file.
# Defaults to undef.
# See https://docs.python.org/2/howto/logging.html
#
# [*default_log_levels*]
# (optional) Hash of logger (keys) and level (values) pairs.
# Defaults to undef.
# Example:
# { 'amqp' => 'WARN', 'amqplib' => 'WARN', 'boto' => 'WARN',
# 'qpid' => 'WARN', 'sqlalchemy' => 'WARN', 'suds' => 'INFO',
# 'oslo.messaging' => 'INFO', 'iso8601' => 'WARN',
# 'requests.packages.urllib3.connectionpool' => 'WARN',
# 'urllib3.connectionpool' => 'WARN',
# 'websocket' => 'WARN', 'ec2apimiddleware' => 'WARN',
# 'routes.middleware' => 'WARN', stevedore => 'WARN' }
#
# [*publish_errors*]
# (optional) Publish error events (boolean value).
# Defaults to undef (false if unconfigured).
#
# [*fatal_deprecations*]
# (optional) Make deprecations fatal (boolean value)
# Defaults to undef (false if unconfigured).
#
# [*instance_format*]
# (optional) If an instance is passed with the log message, format it
# like this (string value).
# Defaults to undef.
# Example: '[instance: %(uuid)s] '
#
# [*instance_uuid_format*]
# (optional) If an instance UUID is passed with the log message, format
# it like this (string value).
# Defaults to undef.
# Example: instance_uuid_format='[instance: %(uuid)s] '
#
# [*log_date_format*]
# (optional) Format string for %%(asctime)s in log records.
# Defaults to undef.
# Example: 'Y-%m-%d %H:%M:%S'
#
class ec2api::logging (
$logging_context_format_string = $ec2api::params::logging_context_format_string,
$logging_default_format_string = $ec2api::params::logging_default_format_string,
$logging_debug_format_suffix = $ec2api::params::logging_debug_format_suffix,
$logging_exception_prefix = $ec2api::params::logging_exception_prefix,
$log_config_append = $ec2api::params::log_config_append,
$default_log_levels = $ec2api::params::default_log_levels,
$publish_errors = $ec2api::params::publish_errors,
$fatal_deprecations = $ec2api::params::fatal_deprecations,
$instance_format = $ec2api::params::instance_format,
$instance_uuid_format = $ec2api::params::instance_uuid_format,
$log_date_format = $ec2api::params::log_date_format,
) inherits ec2api::params {
if $logging_context_format_string {
ec2api_config {
'DEFAULT/logging_context_format_string' : value => $logging_context_format_string;
}
} else {
ec2api_config {
'DEFAULT/logging_context_format_string' : ensure => 'absent';
}
}
if $logging_default_format_string {
ec2api_config {
'DEFAULT/logging_default_format_string' : value => $logging_default_format_string;
}
} else {
ec2api_config {
'DEFAULT/logging_default_format_string' : ensure => 'absent';
}
}
if $logging_debug_format_suffix {
ec2api_config {
'DEFAULT/logging_debug_format_suffix' : value => $logging_debug_format_suffix;
}
} else {
ec2api_config {
'DEFAULT/logging_debug_format_suffix' : ensure => 'absent';
}
}
if $logging_exception_prefix {
ec2api_config {
'DEFAULT/logging_exception_prefix' : value => $logging_exception_prefix;
}
} else {
ec2api_config {
'DEFAULT/logging_exception_prefix' : ensure => 'absent';
}
}
if $log_config_append {
ec2api_config {
'DEFAULT/log_config_append' : value => $log_config_append;
}
} else {
ec2api_config {
'DEFAULT/log_config_append' : ensure => 'absent';
}
}
if $default_log_levels {
ec2api_config {
'DEFAULT/default_log_levels' : value => join(sort(join_keys_to_values($default_log_levels, '=')), ',');
}
} else {
ec2api_config {
'DEFAULT/default_log_levels' : ensure => 'absent';
}
}
if $publish_errors {
ec2api_config {
'DEFAULT/publish_errors' : value => $publish_errors;
}
} else {
ec2api_config {
'DEFAULT/publish_errors' : ensure => 'absent';
}
}
if $fatal_deprecations {
ec2api_config {
'DEFAULT/fatal_deprecations' : value => $fatal_deprecations;
}
} else {
ec2api_config {
'DEFAULT/fatal_deprecations' : ensure => 'absent';
}
}
if $instance_format {
ec2api_config {
'DEFAULT/instance_format' : value => $instance_format;
}
} else {
ec2api_config {
'DEFAULT/instance_format' : ensure => 'absent';
}
}
if $instance_uuid_format {
ec2api_config {
'DEFAULT/instance_uuid_format' : value => $instance_uuid_format;
}
} else {
ec2api_config {
'DEFAULT/instance_uuid_format' : ensure => 'absent';
}
}
if $log_date_format {
ec2api_config {
'DEFAULT/log_date_format' : value => $log_date_format;
}
} else {
ec2api_config {
'DEFAULT/log_date_format' : ensure => 'absent';
}
}
}

109
manifests/metadata.pp Normal file
View File

@ -0,0 +1,109 @@
# == Class: ec2api::metadata
#
# Manage the EC2 API Metadata service and its configuration
#
# === Parameters
# [*nova_metadata_ip*]
# IP address used by Nova metadata server
# Defaults '127.0.0.1'
#
# [*nova_metadata_port*]
# TCP Port used by Nova metadata server
# Defaults 8775
#
# [*nova_metadata_protocol*]
# Protocol to access nova metadata, http or https
# Defaults 'http'
#
# [*nova_metadata_insecure*]
# Allow to perform insecure SSL (https) requests to nova metadata
# Defaults false
#
# [*auth_ca_cert*]
# Certificate Authority public key (CA cert) file for ssl
# Defaults undef
#
# [*nova_client_cert*]
# Client certificate for nova metadata api server
# Defaults undef
#
# [*nova_client_priv_key*]
# Private key of client certificate
# Defaults undef
#
# [*metadata_proxy_shared_secret*]
# Shared secret to sign instance-id request
# Defaults undef
#
# [*metadata_service_manage*]
# Should the METADATA service actually be managed by Puppet?
# Default: true
#
# [*metadata_service_name*]
# The real system name of the Metadata service.
# Default: openstack-ec2-metadata
#
# [*metadata_service_enable*]
# Should the service be enabled and started (true) of disabled and stopped (false).
# Default: true
#
# [*metadata_service_provider*]
# Override the Puppet provider used to manage the service.
# Default: undef
#
class ec2api::metadata (
$nova_metadata_ip = $ec2api::params::nova_metadata_ip,
$nova_metadata_port = $ec2api::params::nova_metadata_port,
$nova_metadata_protocol = $ec2api::params::nova_metadata_protocol,
$nova_metadata_insecure = $ec2api::params::nova_metadata_insecure,
$auth_ca_cert = $ec2api::params::auth_ca_cert,
$nova_client_cert = $ec2api::params::nova_client_cert,
$nova_client_priv_key = $ec2api::params::nova_client_priv_key,
$metadata_proxy_shared_secret = $ec2api::params::metadata_proxy_shared_secret,
$metadata_service_manage = $ec2api::params::metadata_service_manage,
$metadata_service_name = $ec2api::params::metadata_service_name,
$metadata_service_enable = $ec2api::params::metadata_service_enable,
$metadata_service_provider = $ec2api::params::metadata_service_provider,
) inherits ec2api::params {
validate_string($nova_metadata_ip)
validate_integer($nova_metadata_port)
validate_string($nova_metadata_protocol)
validate_bool($nova_metadata_insecure)
validate_bool($metadata_service_manage)
validate_string($metadata_service_name)
validate_bool($metadata_service_enable)
ec2api_config {
'metadata/nova_metadata_ip' : value => $nova_metadata_ip;
'metadata/nova_metadata_port' : value => $nova_metadata_port;
'metadata/nova_metadata_protocol' : value => $nova_metadata_protocol;
'metadata/nova_metadata_insecure' : value => $nova_metadata_insecure;
'metadata/auth_ca_cert' : value => $auth_ca_cert;
'metadata/nova_client_cert' : value => $nova_client_cert;
'metadata/nova_client_priv_key' : value => $nova_client_priv_key;
'metadata/metadata_proxy_shared_secret' : value => $metadata_proxy_shared_secret;
}
if $metadata_service_enable {
$metadata_service_ensure = 'running'
} else {
$metadata_service_ensure = 'stopped'
}
if $metadata_service_manage {
service { 'openstack-ec2-api-metadata' :
ensure => $metadata_service_ensure,
name => $metadata_service_name,
enable => $metadata_service_enable,
hasstatus => true,
hasrestart => true,
provider => $metadata_service_provider,
}
Ec2api_config <||> ~>
Service['openstack-ec2-api-metadata']
}
}

179
manifests/params.pp Normal file
View File

@ -0,0 +1,179 @@
# == Class: ec2api::params
#
# These parameters need to be accessed from several locations and
# should be considered to be constant
#
class ec2api::params {
# [package]
$package_ensure = 'present'
$package_manage = true
$package_name = 'openstack-ec2-api'
$package_provider = undef
# [api]
$api_service_manage = true
$api_service_name = 'openstack-ec2-api'
$api_service_enable = true
$api_service_provider = undef
$config_file_path = '/etc/ec2api/ec2api.conf'
$paste_ini_file_path = '/etc/ec2api/api-paste.ini'
$config_file_owner = 'ec2api'
$config_file_group = 'ec2api'
$config_file_mode = '0644'
$debug = false
$verbose = false
$admin_user = undef
$admin_password = undef
$admin_tenant_name = undef
$ec2api_listen = '0.0.0.0'
$ec2api_listen_port = 8788
$ec2api_use_ssl = false
$ec2api_workers = undef
$metadata_listen = '0.0.0.0'
$metadata_listen_port = 8789
$metadata_use_ssl = false
$metadata_workers = undef
$s3_host = '10.0.0.1'
$s3_port = 3334
$s3_use_ssl = false
$s3_affix_tenant = false
$fatal_exception_format_errors = false
$service_down_time = 60
$api_paste_config = 'api-paste.ini'
$use_ssl = false
$wsgi_ssl_ca_file = undef
$wsgi_ssl_cert_file = undef
$wsgi_ssl_key_file = undef
$database_use_tpool = false
$keystone_url = 'http://localhost:5000/v2.0'
$keystone_ec2_tokens_url = 'http://localhost:5000/v2.0/ec2tokens'
$ec2_timestamp_expiry = 300
$api_rate_limit = false
$use_forwarded_for = false
$internal_service_availability_zone = 'internal'
$my_ip = '10.0.0.1'
$ec2_host = $my_ip
$ec2_port = 8788
$ec2_scheme = 'http'
$ec2_path = '/'
$region_list = undef
$full_vpc_support = true
$network_device_mtu = 1500
$cert_topic = 'cert'
$image_decryption_dir = '/tmp'
$ec2_private_dns_show_ip = false
$external_network = undef
$log_dir = '/var/log/ec2api'
# [database]
$database_connection = 'sqlite:////var/lib/ec2api/ec2api.sqlite'
# [keystone_authtoken]
$auth_uri = 'http://localhost:5000/'
$identity_uri = 'http://localhost:35357/'
$auth_version = 'v2.0'
$delay_auth_decision = false
$http_connect_timeout = undef
$http_request_max_retries = 3
$admin_token = undef
$keystone_admin_user = 'ec2api'
$keystone_admin_password = undef
$keystone_admin_tenant_name = 'services'
$keystone_certfile = undef
$keystone_keyfile = undef
$keystone_cafile = undef
$insecure = false
$signing_dir = undef
$token_cache_time = 300
$revocation_cache_time = 10
$memcached_servers = undef
$memcache_security_strategy = undef
$memcache_secret_key = undef
$include_service_catalog = true
$enforce_token_bind = 'permissive'
$check_revocations_for_cached = false
$hash_algorithms = 'md5'
# [metadata]
$metadata_service_manage = true
$metadata_service_name = 'openstack-ec2-api-metadata'
$metadata_service_enable = true
$metadata_service_provider = undef
$nova_metadata_ip = '127.0.0.1'
$nova_metadata_port = 8775
$nova_metadata_protocol = 'http'
$nova_metadata_insecure = false
$auth_ca_cert = undef
$nova_client_cert = undef
$nova_client_priv_key = undef
$metadata_proxy_shared_secret = undef
# [s3]
$s3_service_manage = true
$s3_service_name = 'openstack-ec2-api-s3'
$s3_service_enable = true
$s3_service_provider = undef
$buckets_path = undef
$s3_listen = '0.0.0.0'
$s3_listen_port = 3334
# [keystone]
$password = 'CHANGEME'
$auth_name = 'ec2api'
$email = 'ec2api@localhost'
$tenant = 'services'
$configure_endpoint = true
$configure_user = true
$configure_user_role = true
$service_name = 'ec2api'
$service_description = 'The EC2 API Service'
$service_type = 'ec2api'
$public_protocol = 'http'
$public_address = '127.0.0.1'
$admin_protocol = 'http'
$admin_address = '127.0.0.1'
$internal_protocol = 'http'
$internal_address = '127.0.0.1'
$port = 8788
$public_port = undef
$region = 'RegionOne'
# [logging]
$logging_context_format_string = undef
$logging_default_format_string = undef
$logging_debug_format_suffix = undef
$logging_exception_prefix = undef
$log_config_append = undef
$default_log_levels = undef
$publish_errors = undef
$fatal_deprecations = undef
$instance_format = undef
$instance_uuid_format = undef
$log_date_format = undef
# [database credentials]
$db_name = 'ec2api'
$db_user = 'ec2api'
$db_password = 'CHANGEME'
$system_user = 'ec2api'
}

81
manifests/s3.pp Normal file
View File

@ -0,0 +1,81 @@
# == Class: ec2api::s3
#
# Manage the EC2 S3 service and its configuration
#
# === Parameters
#
# [*buckets_path*]
# Path to S3 buckets
# Defaults undef
#
# [*s3_listen*]
# IP address for S3 API to listen
# Defaults '0.0.0.0'
#
# [*s3_listen_port*]
# Port used when accessing the S3 api
# Defaults 3334
#
# [*s3_service_manage*]
# Should the S3 service actually be managed by Puppet?
# Default: true
#
# [*s3_service_name*]
# The real system name of the S3 service.
# Default: openstack-ec2-s3
#
# [*s3_service_enable*]
# Should the service be enabled and started (true) of disabled and stopped (false).
# Default: true
#
# [*s3_service_provider*]
# Override the Puppet provider used to manage the service.
# Default: undef
#
class ec2api::s3 (
$buckets_path = $ec2api::params::buckets_path,
$s3_listen = $ec2api::params::s3_listen,
$s3_listen_port = $ec2api::params::s3_listen_port,
$s3_service_manage = $ec2api::params::s3_service_manage,
$s3_service_name = $ec2api::params::s3_service_name,
$s3_service_enable = $ec2api::params::s3_service_enable,
$s3_service_provider = $ec2api::params::s3_service_provider,
) inherits ec2api::params {
validate_string($s3_listen)
validate_integer($s3_listen_port)
if $buckets_path {
validate_absolute_path($buckets_path)
}
validate_bool($s3_service_manage)
validate_string($s3_service_name)
validate_bool($s3_service_enable)
ec2api_config {
'DEFAULT/buckets_path': value => $buckets_path;
'DEFAULT/s3_listen': value => $s3_listen;
'DEFAULT/s3_listen_port': value => $s3_listen_port;
}
if $s3_service_enable {
$s3_service_ensure = 'running'
} else {
$s3_service_ensure = 'stopped'
}
if $s3_service_manage {
service { 'openstack-ec2-api-s3':
ensure => $s3_service_ensure,
name => $s3_service_name,
enable => $s3_service_enable,
hasstatus => true,
hasrestart => true,
provider => $s3_service_provider,
}
Ec2api_config <||> ~>
Service['openstack-ec2-api-s3']
}
}

34
metadata.json Normal file
View File

@ -0,0 +1,34 @@
{
"name": "puppet-ec2api",
"version": "0.0.1",
"author": "OpenStack Contributors",
"summary": "Puppet module for OpenStack Ec2api",
"license": "Apache-2.0",
"source": "git://github.com/openstack/puppet-ec2api.git",
"project_page": "https://launchpad.net/puppet-ec2api",
"issues_url": "https://bugs.launchpad.net/puppet-ec2api",
"description": "Installs and configures OpenStack Ec2api.",
"operatingsystem_support": [
{
"operatingsystem": "Debian",
"operatingsystemrelease": ["8"]
},
{
"operatingsystem": "Fedora",
"operatingsystemrelease": ["21","22"]
},
{
"operatingsystem": "RedHat",
"operatingsystemrelease": ["7"]
},
{
"operatingsystem": "Ubuntu",
"operatingsystemrelease": ["14.04"]
}
],
"dependencies": [
{ "name": "puppetlabs/inifile", "version_requirement": ">=1.0.0 <2.0.0" },
{ "name": "puppetlabs/stdlib", "version_requirement": ">= 4.0.0 <5.0.0" },
{ "name": "stackforge/openstacklib", "version_requirement": ">=5.0.0 <6.0.0" }
]
}

11
spec/acceptance/nodesets/centos-70-x64.yml Normal file
View File

@ -0,0 +1,11 @@
HOSTS:
centos-server-70-x64:
roles:
- master
platform: el-7-x86_64
box: puppetlabs/centos-7.0-64-nocm
box_url: https://vagrantcloud.com/puppetlabs/centos-7.0-64-nocm
hypervisor: vagrant
CONFIG:
log_level: debug
type: foss

10
spec/acceptance/nodesets/default.yml Normal file
View File

@ -0,0 +1,10 @@
HOSTS:
ubuntu-server-14.04-amd64:
roles:
- master
platform: ubuntu-14.04-amd64
box: puppetlabs/ubuntu-14.04-64-nocm
box_url: https://vagrantcloud.com/puppetlabs/ubuntu-14.04-64-nocm
hypervisor: vagrant
CONFIG:
type: foss

10
spec/acceptance/nodesets/nodepool-centos7.yml Normal file
View File

@ -0,0 +1,10 @@
HOSTS:
centos-70-x64:
roles:
- master
platform: el-7-x86_64
hypervisor: none
ip: 127.0.0.1
CONFIG:
type: foss
set_env: false

10
spec/acceptance/nodesets/nodepool-trusty.yml Normal file
View File

@ -0,0 +1,10 @@
HOSTS:
ubuntu-14.04-amd64:
roles:
- master
platform: ubuntu-14.04-amd64
hypervisor: none
ip: 127.0.0.1
CONFIG:
type: foss
set_env: false

11
spec/acceptance/nodesets/ubuntu-server-1404-x64.yml Normal file
View File

@ -0,0 +1,11 @@
HOSTS:
ubuntu-server-14.04-amd64:
roles:
- master
platform: ubuntu-14.04-amd64
box: puppetlabs/ubuntu-14.04-64-nocm
box_url: https://vagrantcloud.com/puppetlabs/ubuntu-14.04-64-nocm
hypervisor: vagrant
CONFIG:
log_level: debug
type: foss

291
spec/classes/ec2api_api_spec.rb Normal file
View File

@ -0,0 +1,291 @@
require 'spec_helper'
describe 'ec2api::api', type: :class do
on_supported_os.each do |os, facts|
context "on #{os}" do
let(:facts) { facts }
config_values = {
'DEFAULT/debug' => {value: false},
'DEFAULT/verbose' => {value: false},
'DEFAULT/admin_user' => {value: nil},
'DEFAULT/admin_password' => {value: nil},
'DEFAULT/admin_tenant_name' => {value: nil},
'DEFAULT/fatal_exception_format_errors' => {value: false},
'DEFAULT/ec2api_listen' => {value: '0.0.0.0'},
'DEFAULT/ec2api_listen_port' => {value: 8788},
'DEFAULT/ec2api_use_ssl' => {value: false},
'DEFAULT/ec2api_workers' => {value: nil},
'DEFAULT/metadata_listen' => {value: '0.0.0.0'},
'DEFAULT/metadata_listen_port' => {value: 8789},
'DEFAULT/metadata_use_ssl' => {value: false},
'DEFAULT/metadata_workers' => {value: nil},
'DEFAULT/service_down_time' => {value: 60},
'DEFAULT/api_paste_config' => {value: 'api-paste.ini'},
'database/use_tpool' => {value: false},
'database/connection' => {value: 'sqlite:////var/lib/ec2api/ec2api.sqlite'},
'DEFAULT/keystone_url' => {value: 'http://localhost:5000/v2.0'},
'DEFAULT/keystone_ec2_tokens_url' => {value: 'http://localhost:5000/v2.0/ec2tokens'},
'DEFAULT/ec2_timestamp_expiry' => {value: 300},
'DEFAULT/api_rate_limit' => {value: false},
'DEFAULT/use_forwarded_for' => {value: false},
'DEFAULT/internal_service_availability_zone' => {value: 'internal'},
'DEFAULT/my_ip' => {value: '10.0.0.1'},
'DEFAULT/ec2_port' => {value: 8788},
'DEFAULT/ec2_scheme' => {value: 'http'},
'DEFAULT/ec2_path' => {value: '/'},
'DEFAULT/region_list' => {value: nil},
'DEFAULT/full_vpc_support' => {value: true},
'DEFAULT/network_device_mtu' => {value: 1500},
'DEFAULT/cert_topic' => {value: 'cert'},
'DEFAULT/image_decryption_dir' => {value: '/tmp'},
'DEFAULT/s3_host' => {value: '10.0.0.1'},
'DEFAULT/s3_port' => {value: 3334},
'DEFAULT/s3_listen' => {value: '0.0.0.0'},
'DEFAULT/s3_use_ssl' => {value: false},
'DEFAULT/s3_affix_tenant' => {value: false},
'DEFAULT/ec2_private_dns_show_ip' => {value: false},
'DEFAULT/external_network' => {value: nil},
'keystone_authtoken/auth_uri' => {value: 'http://localhost:5000/'},
'keystone_authtoken/identity_uri' => {value: 'http://localhost:35357/'},
'keystone_authtoken/auth_version' => {value: 'v2.0'},
'keystone_authtoken/delay_auth_decision' => {value: false},
'keystone_authtoken/http_connect_timeout' => {value: nil},
'keystone_authtoken/http_request_max_retries' => {value: 3},
'keystone_authtoken/admin_token' => {value: nil},
'keystone_authtoken/admin_user' => {value: 'ec2api'},
'keystone_authtoken/admin_tenant' => {value: 'services'},
'keystone_authtoken/admin_password' => {value: nil},
'keystone_authtoken/certfile' => {value: nil},
'keystone_authtoken/keyfile' => {value: nil},
'keystone_authtoken/cafile' => {value: nil},
'keystone_authtoken/insecure' => {value: false},
'keystone_authtoken/signing_dir' => {value: nil},
'keystone_authtoken/memcached_servers' => {value: nil},
'keystone_authtoken/token_cache_time' => {value: 300},
'keystone_authtoken/revocation_cache_time' => {value: 10},
'keystone_authtoken/memcache_security_strategy' => {value: nil},
'keystone_authtoken/memcache_secret_key' => {value: nil},
'keystone_authtoken/include_service_catalog' => {value: true},
'keystone_authtoken/enforce_token_bind' => {value: 'permissive'},
'keystone_authtoken/check_revocations_for_cached' => {value: false},
'keystone_authtoken/hash_algorithms' => {value: 'md5'},
'DEFAULT/ssl_cert_file' => {value: nil, ensure: 'absent'},
'DEFAULT/ssl_key_file' => {value: nil, ensure: 'absent'},
'DEFAULT/ssl_ca_file' => {value: nil, ensure: 'absent'},
}
override_config_values = {
'DEFAULT/debug' => {:value => true},
'DEFAULT/verbose' => {:value => true},
'DEFAULT/admin_user' => {:value => 'my_user'},
'DEFAULT/admin_password' => {:value => 'my_pwd'},
'DEFAULT/admin_tenant_name' => {:value => 'my_tenant'},
'DEFAULT/fatal_exception_format_errors' => {:value => true},
'DEFAULT/ec2api_listen' => {:value => '192.0.0.1'},
'DEFAULT/ec2api_listen_port' => {:value => 81},
'DEFAULT/ec2api_use_ssl' => {:value => true},
'DEFAULT/ec2api_workers' => {:value => 11},
'DEFAULT/metadata_listen' => {:value => '192.0.0.1'},
'DEFAULT/metadata_listen_port' => {:value => 82},
'DEFAULT/metadata_use_ssl' => {:value => true},
'DEFAULT/metadata_workers' => {:value => 12},
'DEFAULT/service_down_time' => {:value => 50},
'DEFAULT/api_paste_config' => {:value => 'my-paste.ini'},
'database/use_tpool' => {:value => true},
'database/connection' => {:value => 'sqlite:////var/lib/my.db'},
'DEFAULT/keystone_url' => {:value => 'http://my-host:5000/v2.0'},
'DEFAULT/keystone_ec2_tokens_url' => {:value => 'http://my-host:5000/v2.0/ec2tokens'},
'DEFAULT/ec2_timestamp_expiry' => {:value => 200},
'DEFAULT/api_rate_limit' => {:value => 10000},
'DEFAULT/use_forwarded_for' => {:value => true},
'DEFAULT/internal_service_availability_zone' => {:value => 'my-zone'},
'DEFAULT/my_ip' => {:value => '192.168.0.1'},
'DEFAULT/ec2_port' => {:value => 83},
'DEFAULT/ec2_scheme' => {:value => 'https'},
'DEFAULT/ec2_path' => {:value => '/my/path'},
'DEFAULT/region_list' => {:value => ['my_region']},
'DEFAULT/full_vpc_support' => {:value => false},
'DEFAULT/network_device_mtu' => {:value => 1486},
'DEFAULT/cert_topic' => {:value => 'my_cert'},
'DEFAULT/image_decryption_dir' => {:value => '/root'},
'DEFAULT/s3_host' => {:value => '192.168.0.1'},
'DEFAULT/s3_port' => {:value => 84},
'DEFAULT/s3_listen' => {:value => '192.168.0.1'},
'DEFAULT/s3_use_ssl' => {:value => true},
'DEFAULT/s3_affix_tenant' => {:value => true},
'DEFAULT/ec2_private_dns_show_ip' => {:value => true},
'DEFAULT/external_network' => {:value => 'my_net'},
'keystone_authtoken/auth_uri' => {:value => 'http://my-host:5000/'},
'keystone_authtoken/identity_uri' => {:value => 'http://my-host:35357/'},
'keystone_authtoken/auth_version' => {:value => '1.0'},
'keystone_authtoken/delay_auth_decision' => {:value => true},
'keystone_authtoken/http_connect_timeout' => {:value => 10},
'keystone_authtoken/http_request_max_retries' => {:value => 20},
'keystone_authtoken/admin_token' => {:value => 'qwerty'},
'keystone_authtoken/admin_user' => {:value => 'my-admin'},
'keystone_authtoken/admin_tenant' => {:value => 'my-tenant'},
'keystone_authtoken/admin_password' => {:value => 'my-pwd'},
'keystone_authtoken/certfile' => {:value => '/root/k-cert.txt'},
'keystone_authtoken/keyfile' => {:value => '/root/k-key.txt'},
'keystone_authtoken/cafile' => {:value => '/root/k-ca.txt'},
'keystone_authtoken/insecure' => {:value => true},
'keystone_authtoken/signing_dir' => {:value => '/my/dir'},
'keystone_authtoken/memcached_servers' => {:value => ['192.168.0.2']},
'keystone_authtoken/token_cache_time' => {:value => 80},
'keystone_authtoken/revocation_cache_time' => {:value => 90},
'keystone_authtoken/memcache_security_strategy' => {:value => 'my_strategy'},
'keystone_authtoken/memcache_secret_key' => {:value => 'my_key'},
'keystone_authtoken/include_service_catalog' => {:value => false},
'keystone_authtoken/enforce_token_bind' => {:value => 'strict'},
'keystone_authtoken/check_revocations_for_cached' => {:value => true},
'keystone_authtoken/hash_algorithms' => {:value => 'sha256'},
'DEFAULT/ssl_ca_file' => {:value => '/root/my.ca.txt'},
'DEFAULT/ssl_cert_file' => {:value => '/root/my.cert.txt'},
'DEFAULT/ssl_key_file' => {:value => '/root/my.key.txt'}
}
override_params = {
debug: true,
verbose: true,
admin_user: 'my_user',
admin_password: 'my_pwd',
admin_tenant_name: 'my_tenant',
fatal_exception_format_errors: true,
ec2api_listen: '192.0.0.1',
ec2api_listen_port: 81,
ec2api_use_ssl: true,
ec2api_workers: 11,
metadata_listen: '192.0.0.1',
metadata_listen_port: 82,
metadata_use_ssl: true,
metadata_workers: 12,
service_down_time: 50,
api_paste_config: 'my-paste.ini',
use_ssl: true,
wsgi_ssl_ca_file: '/root/my.ca.txt',
wsgi_ssl_cert_file: '/root/my.cert.txt',
wsgi_ssl_key_file: '/root/my.key.txt',
database_use_tpool: true,
keystone_url: 'http://my-host:5000/v2.0',
keystone_ec2_tokens_url: 'http://my-host:5000/v2.0/ec2tokens',
ec2_timestamp_expiry: 200,
api_rate_limit: 10000,
use_forwarded_for: true,
internal_service_availability_zone: 'my-zone',
my_ip: '192.168.0.1',
ec2_host: '192.168.0.1',
ec2_port: 83,
ec2_scheme: 'https',
ec2_path: '/my/path',
region_list: ['my_region'],
full_vpc_support: false,
network_device_mtu: 1486,
cert_topic: 'my_cert',
image_decryption_dir: '/root',
s3_host: '192.168.0.1',
s3_port: 84,
s3_use_ssl: true,
s3_affix_tenant: true,
ec2_private_dns_show_ip: true,
external_network: 'my_net',
s3_listen: '192.168.0.1',
s3_listen_port: 85,
log_dir: '/my/log',
database_connection: 'sqlite:////var/lib/my.db',
auth_uri: 'http://my-host:5000/',
identity_uri: 'http://my-host:35357/',
auth_version: '1.0',
delay_auth_decision: true,
http_connect_timeout: 10,
http_request_max_retries: 20,
admin_token: 'qwerty',
keystone_admin_user: 'my-admin',
keystone_admin_password: 'my-pwd',
keystone_admin_tenant_name: 'my-tenant',
keystone_certfile: '/root/k-cert.txt',
keystone_keyfile: '/root/k-key.txt',
keystone_cafile: '/root/k-ca.txt',
insecure: true,
signing_dir: '/my/dir',
memcached_servers: ['192.168.0.2'],
token_cache_time: 80,
revocation_cache_time: 90,
memcache_security_strategy: 'my_strategy',
memcache_secret_key: 'my_key',
include_service_catalog: false,
enforce_token_bind: 'strict',
check_revocations_for_cached: true,
hash_algorithms: 'sha256',
}
context 'with default parameters' do
it { is_expected.to compile.with_all_deps }
it { is_expected.to contain_class('ec2api::api') }
it { is_expected.to contain_class('ec2api::params') }
config_values.each do |title, parameters|
it { is_expected.to contain_ec2api_config(title).with(parameters) }
end
service_parameters = {
ensure: 'running',
enable: true,
name: 'openstack-ec2-api',
}
it { is_expected.to contain_service('openstack-ec2api-api-service').with(service_parameters) }
end
context 'with non-default config values' do
let(:params) do
override_params
end
it { is_expected.to compile.with_all_deps }
it { is_expected.to contain_class('ec2api::api') }
it { is_expected.to contain_class('ec2api::params') }
override_config_values.each do |title, parameters|
it { is_expected.to contain_ec2api_config(title).with(parameters) }
end
end
context 'with non-default service parameters' do
let(:params) do
{
api_service_manage: true,
api_service_name: 'my-api-service',
api_service_enable: false,
api_service_provider: 'systemd',
}
end
service_parameters = {
ensure: 'stopped',
enable: false,
name: 'my-api-service',
provider: 'systemd',
}
it { is_expected.to contain_service('openstack-ec2api-api-service').with(service_parameters) }
context 'with service manage disabled' do
let(:params) do
{
api_service_manage: false,
}
end
it { is_expected.not_to contain_service('openstack-ec2api-api-service') }
end
end
end
end
end

96
spec/classes/ec2api_config_spec.rb Normal file
View File

@ -0,0 +1,96 @@
require 'spec_helper'
describe 'ec2api::config', type: :class do
on_supported_os.each do |os, facts|
context "on #{os}" do
let(:facts) { facts }
context 'with default parameters' do
it { is_expected.to compile.with_all_deps }
it { is_expected.to contain_class('ec2api::config') }
it { is_expected.to contain_class('ec2api::params') }
config_params = {
ensure: 'present',
path: '/etc/ec2api/ec2api.conf',
owner: 'ec2api',
group: 'ec2api',
mode: '0644',
}
it { is_expected.to contain_file('ec2-api-config-file').with(config_params) }
paste_params = {
ensure: 'present',
path: '/etc/ec2api/api-paste.ini',
owner: 'ec2api',
group: 'ec2api',
mode: '0644',
}
it { is_expected.to contain_file('ec2-api-paste-ini-file').with(paste_params) }
it { is_expected.to have_ec2api_config_count(0) }
it { is_expected.to have_ec2api_api_paste_ini_count(0) }
end
context 'with custom parameters' do
let(:params) do
{
config_file_path: '/usr/local/etc/ec2api/ec2api.conf',
paste_ini_file_path: '/usr/local/etc/ec2api/api-paste.ini',
config_file_owner: 'root',
config_file_group: 'operators',
config_file_mode: '0640',
config_options: {
'DEFAULT/test1' => { 'value' => '1'},
},
paste_ini_options: {
'DEFAULT/test1' => { 'value' => '1'},
},
}
end
it { is_expected.to compile.with_all_deps }
it { is_expected.to contain_class('ec2api::config') }
it { is_expected.to contain_class('ec2api::params') }
config_params = {
ensure: 'present',
path: '/usr/local/etc/ec2api/ec2api.conf',
owner: 'root',
group: 'operators',
mode: '0640',
}
it { is_expected.to contain_file('ec2-api-config-file').with(config_params) }
paste_params = {
ensure: 'present',
path: '/usr/local/etc/ec2api/api-paste.ini',
owner: 'root',
group: 'operators',
mode: '0640',
}
it { is_expected.to contain_file('ec2-api-paste-ini-file').with(paste_params) }
it do
is_expected.to contain_ec2api_config('DEFAULT/test1').with_value('1').that_requires('File[ec2-api-config-file]')
end
it do
is_expected.to contain_ec2api_api_paste_ini('DEFAULT/test1').with_value('1').that_requires('File[ec2-api-paste-ini-file]')
end
end
end
end
end

63
spec/classes/ec2api_db_mysql_spec.rb Normal file
View File

@ -0,0 +1,63 @@
require 'spec_helper'
describe 'ec2api::db::mysql' do
on_supported_os.each do |os, facts|
context "on #{os}" do
let(:facts) { facts }
describe 'with default parameters' do
db_parameters = {
user: 'ec2api',
password_hash: '*2E945A1461C4D73235B456AEE09F86A2B485F33A',
dbname: 'ec2api',
host: '127.0.0.1',
charset: 'utf8',
collate: 'utf8_general_ci',
}
it { is_expected.to compile.with_all_deps }
it { is_expected.to contain_class('ec2api::db::mysql') }
it { is_expected.to contain_class('ec2api::params') }
it { is_expected.to contain_openstacklib__db__mysql('ec2api').with(db_parameters) }
end
describe 'with custom parameters' do
let(:params) do
{
password: 'my_pasword',
user: 'ec2user',
dbname: 'ec2db',
host: '192.168.0.1',
charset: 'cp1251',
collate: 'cp1251_general_ci',
allowed_hosts: %w(192.168.0.2 192.168.0.3),
}
end
db_parameters = {
user: 'ec2user',
password_hash: '*AF4D1E4873502AE3BD21B9065981C488BBAA922B',
dbname: 'ec2db',
host: '192.168.0.1',
charset: 'cp1251',
collate: 'cp1251_general_ci',
allowed_hosts: %w(192.168.0.2 192.168.0.3)
}
it { is_expected.to compile.with_all_deps }
it { is_expected.to contain_class('ec2api::db::mysql') }
it { is_expected.to contain_class('ec2api::params') }
it { is_expected.to contain_openstacklib__db__mysql('ec2api').with(db_parameters) }
end
end
end
end

67
spec/classes/ec2api_db_postgresql_spec.rb Normal file
View File

@ -0,0 +1,67 @@
require 'spec_helper'
describe 'ec2api::db::postgresql' do
on_supported_os.each do |os, facts|
context "on #{os}" do
let(:facts) do
facts.merge({
concat_basedir: '/var/lib/puppet/concat',
})
end
let(:pre_condition) do
<<-eof
include ::postgresql::server
eof
end
describe 'with default parameters' do
db_parameters = {
user: 'ec2api',
password_hash: 'md5fdb2c8016a95dc9b1bd3ad7aa79e1172',
dbname: 'ec2api',
privileges: 'ALL',
}
it { is_expected.to compile.with_all_deps }
it { is_expected.to contain_class('ec2api::db::postgresql') }
it { is_expected.to contain_class('ec2api::params') }
it { is_expected.to contain_openstacklib__db__postgresql('ec2api').with(db_parameters) }
end
describe 'with custom parameters' do
let(:params) do
{
password: 'my_password',
user: 'ec2user',
dbname: 'ec2db',
encoding: 'cp1251',
privileges: 'SELECT',
}
end
db_parameters = {
user: 'ec2user',
password_hash: 'md569dc747cbcb571b87b2af07b8a330797',
dbname: 'ec2db',
encoding: 'cp1251',
privileges: 'SELECT',
}
it { is_expected.to compile.with_all_deps }
it { is_expected.to contain_class('ec2api::db::postgresql') }
it { is_expected.to contain_class('ec2api::params') }
it { is_expected.to contain_openstacklib__db__postgresql('ec2api').with(db_parameters) }
end
end
end
end

29
spec/classes/ec2api_db_sync_spec.rb Normal file
View File

@ -0,0 +1,29 @@
require 'spec_helper'
describe 'ec2api::db::sync' do
on_supported_os.each do |os, facts|
context "on #{os}" do
let(:facts) { facts }
describe 'with default parameters' do
exec_parameters = {
command: 'ec2api-manage db_sync',
path: '/usr/bin',
user: 'ec2api',
refreshonly: true,
}
it { is_expected.to compile.with_all_deps }
it { is_expected.to contain_class('ec2api::db::sync') }
it { is_expected.to contain_class('ec2api::params') }
it { is_expected.to contain_exec('ec2api_db_sync').with(exec_parameters) }
end
end
end
end

90
spec/classes/ec2api_install_spec.rb Normal file
View File

@ -0,0 +1,90 @@
require 'spec_helper'
describe 'ec2api::install', type: :class do
on_supported_os.each do |os, facts|
context "on #{os}" do
let(:facts) { facts }
context 'with default parameters' do
it { is_expected.to compile.with_all_deps }
it { is_expected.to contain_class('ec2api::install') }
it { is_expected.to contain_class('ec2api::params') }
package_parameters = {
ensure: 'present',
name: 'openstack-ec2-api',
}
it { is_expected.to contain_package('ec2api').with(package_parameters) }
context 'when config files are defined' do
let(:pre_condition) do
<<-eof
file { 'ec2-api-config-file' :
ensure => 'present',
path => '/tmp/1',
}
file { 'ec2-api-paste-ini-file' :
ensure => 'present',
path => '/tmp/2',
}
eof
end
it { is_expected.to compile.with_all_deps }
it { is_expected.to contain_package('ec2api').that_comes_before('File[ec2-api-config-file]') }
it { is_expected.to contain_package('ec2api').that_comes_before('File[ec2-api-paste-ini-file]') }
end
end
context 'with custom parameters' do
let(:params) do
{
package_manage: true,
package_ensure: 'latest',
package_name: 'my-ec2',
package_provider: 'pip'
}
end
it { is_expected.to compile.with_all_deps }
it { is_expected.to contain_class('ec2api::install') }
it { is_expected.to contain_class('ec2api::params') }
package_parameters = {
ensure: 'latest',
name: 'my-ec2',
provider: 'pip'
}
it { is_expected.to contain_package('ec2api').with(package_parameters) }
end
context 'with package_manage disabled' do
let(:params) do
{
package_manage: false,
}
end
it { is_expected.to compile.with_all_deps }
it { is_expected.to contain_class('ec2api::install') }
it { is_expected.to contain_class('ec2api::params') }
it { is_expected.not_to contain_package('ec2api') }
end
end
end
end

48
spec/classes/ec2api_keystone_auth_spec.rb Normal file
View File

@ -0,0 +1,48 @@
require 'spec_helper'
describe 'ec2api::keystone::auth' do
on_supported_os.each do |os, facts|
context "on #{os}" do
let(:facts) { facts }
describe 'with default parameters' do
auth_parameters = {
configure_user: true,
configure_user_role: true,
configure_endpoint: true,
service_name: 'ec2api',
service_type: 'ec2api',
service_description: 'The EC2 API Service',
region: 'RegionOne',
auth_name: 'ec2api',
password: 'CHANGEME',
email: 'ec2api@localhost',
tenant: 'services',
public_url: 'http://127.0.0.1:8788/',
internal_url: 'http://127.0.0.1:8788/',
admin_url: 'http://127.0.0.1:8788/',
}
it { is_expected.to compile.with_all_deps }
it { is_expected.to contain_class('ec2api::keystone::auth') }
it { is_expected.to contain_class('ec2api::params') }
it { is_expected.to contain_keystone__resource__service_identity('ec2api').with(auth_parameters) }
it { is_expected.to contain_keystone_endpoint('RegionOne/ec2api::ec2api') }
it { is_expected.to contain_keystone_service('ec2api::ec2api') }
it { is_expected.to contain_keystone_user('ec2api') }
it { is_expected.to contain_keystone_user_role('ec2api@services') }
end
end
end
end

107
spec/classes/ec2api_logging_spec.rb Normal file
View File

@ -0,0 +1,107 @@
require 'spec_helper'
describe 'ec2api::logging' do
on_supported_os.each do |os, facts|
context "on #{os}" do
let(:facts) { facts }
let(:log_params) do
{
:logging_context_format_string => '%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s',
:logging_default_format_string => '%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s',
:logging_debug_format_suffix => '%(funcName)s %(pathname)s:%(lineno)d',
:logging_exception_prefix => '%(asctime)s.%(msecs)03d %(process)d TRACE %(name)s %(instance)s',
:log_config_append => '/etc/ec2api/logging.conf',
:publish_errors => true,
:default_log_levels => {
'amqp' => 'WARN', 'amqplib' => 'WARN', 'boto' => 'WARN',
'qpid' => 'WARN', 'sqlalchemy' => 'WARN', 'suds' => 'INFO',
'iso8601' => 'WARN',
'requests.packages.urllib3.connectionpool' => 'WARN'},
:fatal_deprecations => true,
:instance_format => '[instance: %(uuid)s] ',
:instance_uuid_format => '[instance: %(uuid)s] ',
:log_date_format => '%Y-%m-%d %H:%M:%S',
}
end
shared_examples_for 'logging params unset' do
[
:logging_context_format_string, :logging_default_format_string,
:logging_debug_format_suffix, :logging_exception_prefix,
:log_config_append, :publish_errors,
:default_log_levels, :fatal_deprecations,
:instance_format, :instance_uuid_format,
:log_date_format,
].each { |param|
it { is_expected.to contain_ec2api_config("DEFAULT/#{param}").with_ensure('absent') }
}
end
shared_examples_for 'logging params set' do
it 'enables logging params' do
is_expected.to contain_ec2api_config('DEFAULT/logging_context_format_string').with_value(
'%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s')
is_expected.to contain_ec2api_config('DEFAULT/logging_default_format_string').with_value(
'%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s')
is_expected.to contain_ec2api_config('DEFAULT/logging_debug_format_suffix').with_value(
'%(funcName)s %(pathname)s:%(lineno)d')
is_expected.to contain_ec2api_config('DEFAULT/logging_exception_prefix').with_value(
'%(asctime)s.%(msecs)03d %(process)d TRACE %(name)s %(instance)s')
is_expected.to contain_ec2api_config('DEFAULT/log_config_append').with_value(
'/etc/ec2api/logging.conf')
is_expected.to contain_ec2api_config('DEFAULT/publish_errors').with_value(
true)
is_expected.to contain_ec2api_config('DEFAULT/default_log_levels').with_value(
'amqp=WARN,amqplib=WARN,boto=WARN,iso8601=WARN,qpid=WARN,requests.packages.urllib3.connectionpool=WARN,sqlalchemy=WARN,suds=INFO')
is_expected.to contain_ec2api_config('DEFAULT/fatal_deprecations').with_value(
true)
is_expected.to contain_ec2api_config('DEFAULT/instance_format').with_value(
'[instance: %(uuid)s] ')
is_expected.to contain_ec2api_config('DEFAULT/instance_uuid_format').with_value(
'[instance: %(uuid)s] ')
is_expected.to contain_ec2api_config('DEFAULT/log_date_format').with_value(
'%Y-%m-%d %H:%M:%S')
end
end
context 'with default parameters' do
it { is_expected.to compile.with_all_deps }
it { is_expected.to contain_class('ec2api::logging') }
it { is_expected.to contain_class('ec2api::params') }
include_examples 'logging params unset'
end
context 'with custom parameters' do
let(:params) do
log_params
end
it { is_expected.to compile.with_all_deps }
it { is_expected.to contain_class('ec2api::logging') }
it { is_expected.to contain_class('ec2api::params') }
include_examples 'logging params set'
end
end
end
end

110
spec/classes/ec2api_metadata_spec.rb Normal file
View File

@ -0,0 +1,110 @@
require 'spec_helper'
describe 'ec2api::metadata', type: :class do
on_supported_os.each do |os, facts|
context "on #{os}" do
let(:facts) { facts }
config_values = {
'metadata/nova_metadata_ip' => {:value => '127.0.0.1'},
'metadata/nova_metadata_port' => {:value => 8775},
'metadata/nova_metadata_protocol' => {:value => 'http'},
'metadata/nova_metadata_insecure' => {:value => false},
'metadata/auth_ca_cert' => {:value => nil},
'metadata/nova_client_cert' => {:value => nil},
'metadata/nova_client_priv_key' => {:value => nil},
'metadata/metadata_proxy_shared_secret' => {:value => nil},
}
override_config_values = {
'metadata/nova_metadata_ip' => {:value => '192.168.0.1'},
'metadata/nova_metadata_port' => {:value => 81},
'metadata/nova_metadata_protocol' => {:value => 'https'},
'metadata/nova_metadata_insecure' => {:value => true},
'metadata/auth_ca_cert' => {:value => '/tmp/ca.txt'},
'metadata/nova_client_cert' => {:value => '/tmp/cert.txt'},
'metadata/nova_client_priv_key' => {:value => '/tmp/priv.txt'},
'metadata/metadata_proxy_shared_secret' => {:value => 'qwerty'},
}
override_params = {
nova_metadata_ip: '192.168.0.1',
nova_metadata_port: 81,
nova_metadata_protocol: 'https',
nova_metadata_insecure: true,
auth_ca_cert: '/tmp/ca.txt',
nova_client_cert: '/tmp/cert.txt',
nova_client_priv_key: '/tmp/priv.txt',
metadata_proxy_shared_secret: 'qwerty',
}
context 'with default parameters' do
it { is_expected.to compile.with_all_deps }
it { is_expected.to contain_class('ec2api::metadata') }
it { is_expected.to contain_class('ec2api::params') }
config_values.each do |title, parameters|
it { is_expected.to contain_ec2api_config(title).with(parameters) }
end
service_parameters = {
ensure: 'running',
enable: true,
name: 'openstack-ec2-api-metadata',
}
it { is_expected.to contain_service('openstack-ec2-api-metadata').with(service_parameters) }
end
context 'with non-default config values' do
let(:params) do
override_params
end
it { is_expected.to compile.with_all_deps }
it { is_expected.to contain_class('ec2api::metadata') }
it { is_expected.to contain_class('ec2api::params') }
override_config_values.each do |title, parameters|
it { is_expected.to contain_ec2api_config(title).with(parameters) }
end
end
context 'with non-default service parameters' do
let(:params) do
{
metadata_service_manage: true,
metadata_service_name: 'my-api-service',
metadata_service_enable: false,
metadata_service_provider: 'systemd',
}
end
service_parameters = {
ensure: 'stopped',
enable: false,
name: 'my-api-service',
provider: 'systemd',
}
it { is_expected.to contain_service('openstack-ec2-api-metadata').with(service_parameters) }
context 'with service manage disabled' do
let(:params) do
{
metadata_service_manage: false,
}
end
it { is_expected.not_to contain_service('openstack-ec2-api-metadata') }
end
end
end
end
end

95
spec/classes/ec2api_s3_spec.rb Normal file
View File

@ -0,0 +1,95 @@
require 'spec_helper'
describe 'ec2api::s3', type: :class do
on_supported_os.each do |os, facts|
context "on #{os}" do
let(:facts) { facts }
config_values = {
'DEFAULT/buckets_path' => {:value => nil},
'DEFAULT/s3_listen' => {:value => '0.0.0.0'},
'DEFAULT/s3_listen_port' => {:value => 3334},
}
override_config_values = {
'DEFAULT/buckets_path' => {:value => '/my/buckets'},
'DEFAULT/s3_listen' => {:value => '192.168.0.1'},
'DEFAULT/s3_listen_port' => {:value => 82},
}
override_params = {
buckets_path: '/my/buckets',
s3_listen: '192.168.0.1',
s3_listen_port: 82,
}
context 'with default parameters' do
it { is_expected.to compile.with_all_deps }
it { is_expected.to contain_class('ec2api::s3') }
it { is_expected.to contain_class('ec2api::params') }
config_values.each do |title, parameters|
it { is_expected.to contain_ec2api_config(title).with(parameters) }
end
service_parameters = {
ensure: 'running',
enable: true,
name: 'openstack-ec2-api-s3',
}
it { is_expected.to contain_service('openstack-ec2-api-s3').with(service_parameters) }
end
context 'with non-default config values' do
let(:params) do
override_params
end
it { is_expected.to compile.with_all_deps }
it { is_expected.to contain_class('ec2api::s3') }
it { is_expected.to contain_class('ec2api::params') }
override_config_values.each do |title, parameters|
it { is_expected.to contain_ec2api_config(title).with(parameters) }
end
end
context 'with non-default service parameters' do
let(:params) do
{
s3_service_manage: true,
s3_service_name: 'my-api-service',
s3_service_enable: false,
s3_service_provider: 'systemd',
}
end
service_parameters = {
ensure: 'stopped',
enable: false,
name: 'my-api-service',
provider: 'systemd',
}
it { is_expected.to contain_service('openstack-ec2-api-s3').with(service_parameters) }
context 'with service manage disabled' do
let(:params) do
{
s3_service_manage: false,
}
end
it { is_expected.not_to contain_service('openstack-ec2-api-s3') }
end
end
end
end
end

5
spec/shared_examples.rb Normal file
View File

@ -0,0 +1,5 @@
shared_examples_for "a Puppet::Error" do |description|
it "with message matching #{description.inspect}" do
expect { is_expected.to have_class_count(1) }.to raise_error(Puppet::Error, description)
end
end

18
spec/spec_helper.rb Normal file
View File

@ -0,0 +1,18 @@
require 'puppetlabs_spec_helper/module_spec_helper'
require 'shared_examples'
require 'puppet-openstack_spec_helper/defaults'
require 'rspec-puppet-facts'
include RspecPuppetFacts
RSpec.configure do |c|
c.alias_it_should_behave_like_to :it_configures, 'configures'
c.alias_it_should_behave_like_to :it_raises, 'raises'
# TODO(aschultz): remove this after all tests converted to use OSDefaults
# instead of referencing @default_facts
c.before :each do
@default_facts = OSDefaults.get_facts
end
end
at_exit { RSpec::Puppet::Coverage.report! }

1
spec/spec_helper_acceptance.rb Normal file
View File

@ -0,0 +1 @@
require 'puppet-openstack_spec_helper/beaker_spec_helper'

69
spec/unit/provider/ec2api_api_paste_ini/ini_setting_spec.rb Normal file
View File

@ -0,0 +1,69 @@
#
# these tests are a little concerning b/c they are hacking around the
# modulepath, so these tests will not catch issues that may eventually arise
# related to loading these plugins.
# I could not, for the life of me, figure out how to programatcally set the modulepath
$LOAD_PATH.push(
File.join(
File.dirname(__FILE__),
'..',
'..',
'..',
'fixtures',
'modules',
'inifile',
'lib')
)
$LOAD_PATH.push(
File.join(
File.dirname(__FILE__),
'..',
'..',
'..',
'fixtures',
'modules',
'openstacklib',
'lib')
)
require 'spec_helper'
provider_class = Puppet::Type.type(:ec2api_api_paste_ini).provider(:ini_setting)
describe provider_class do
it 'should default to the default setting when no other one is specified' do
resource = Puppet::Type::Ec2api_api_paste_ini.new(
{:name => 'DEFAULT/foo', :value => 'bar'}
)
provider = provider_class.new(resource)
expect(provider.section).to eq('DEFAULT')
expect(provider.setting).to eq('foo')
end
it 'should allow setting to be set explicitly' do
resource = Puppet::Type::Ec2api_api_paste_ini.new(
{:name => 'dude/foo', :value => 'bar'}
)
provider = provider_class.new(resource)
expect(provider.section).to eq('dude')
expect(provider.setting).to eq('foo')
end
it 'should ensure absent when <SERVICE DEFAULT> is specified as a value' do
resource = Puppet::Type::Ec2api_api_paste_ini.new(
{:name => 'dude/foo', :value => '<SERVICE DEFAULT>'}
)
provider = provider_class.new(resource)
provider.exists?
expect(resource[:ensure]).to eq :absent
end
it 'should ensure absent when value matches ensure_absent_val' do
resource = Puppet::Type::Ec2api_api_paste_ini.new(
{:name => 'dude/foo', :value => 'foo', :ensure_absent_val => 'foo' }
)
provider = provider_class.new(resource)
provider.exists?
expect(resource[:ensure]).to eq :absent
end
end

69
spec/unit/provider/ec2api_config/ini_setting_spec.rb Normal file
View File

@ -0,0 +1,69 @@
#
# these tests are a little concerning b/c they are hacking around the
# modulepath, so these tests will not catch issues that may eventually arise
# related to loading these plugins.
# I could not, for the life of me, figure out how to programatcally set the modulepath
$LOAD_PATH.push(
File.join(
File.dirname(__FILE__),
'..',
'..',
'..',
'fixtures',
'modules',
'inifile',
'lib')
)
$LOAD_PATH.push(
File.join(
File.dirname(__FILE__),
'..',
'..',
'..',
'fixtures',
'modules',
'openstacklib',
'lib')
)
require 'spec_helper'
provider_class = Puppet::Type.type(:ec2api_config).provider(:ini_setting)
describe provider_class do
it 'should default to the default setting when no other one is specified' do
resource = Puppet::Type::Ec2api_config.new(
{:name => 'DEFAULT/foo', :value => 'bar'}
)
provider = provider_class.new(resource)
expect(provider.section).to eq('DEFAULT')
expect(provider.setting).to eq('foo')
end
it 'should allow setting to be set explicitly' do
resource = Puppet::Type::Ec2api_config.new(
{:name => 'dude/foo', :value => 'bar'}
)
provider = provider_class.new(resource)
expect(provider.section).to eq('dude')
expect(provider.setting).to eq('foo')
end
it 'should ensure absent when <SERVICE DEFAULT> is specified as a value' do
resource = Puppet::Type::Ec2api_config.new(
{:name => 'dude/foo', :value => '<SERVICE DEFAULT>'}
)
provider = provider_class.new(resource)
provider.exists?
expect(resource[:ensure]).to eq :absent
end
it 'should ensure absent when value matches ensure_absent_val' do
resource = Puppet::Type::Ec2api_config.new(
{:name => 'dude/foo', :value => 'foo', :ensure_absent_val => 'foo' }
)
provider = provider_class.new(resource)
provider.exists?
expect(resource[:ensure]).to eq :absent
end
end

90
spec/unit/type/ec2api_api_paste_ini_spec.rb Normal file
View File

@ -0,0 +1,90 @@
#
# these tests are a little concerning b/c they are hacking around the
# modulepath, so these tests will not catch issues that may eventually arise
# related to loading these plugins.
# I could not, for the life of me, figure out how to programatcally set the modulepath
$LOAD_PATH.push(
File.join(
File.dirname(__FILE__),
'..',
'..',
'fixtures',
'modules',
'inifile',
'lib')
)
$LOAD_PATH.push(
File.join(
File.dirname(__FILE__),
'..',
'..',
'fixtures',
'modules',
'openstacklib',
'lib')
)
require 'spec_helper'
require 'puppet'
describe Puppet::Type.type(:ec2api_api_paste_ini) do
before :each do
@ec2api_api_paste_ini = Puppet::Type.type(:ec2api_api_paste_ini).new(:name => 'DEFAULT/foo', :value => 'bar')
end
it 'should require a name' do
expect {
Puppet::Type.type(:ec2api_api_paste_ini).new({})
}.to raise_error(Puppet::Error, 'Title or name must be provided')
end
it 'should not expect a name with whitespace' do
expect {
Puppet::Type.type(:ec2api_api_paste_ini).new(:name => 'f oo')
}.to raise_error(Puppet::Error, /Parameter name failed/)
end
it 'should fail when there is no section' do
expect {
Puppet::Type.type(:ec2api_api_paste_ini).new(:name => 'foo')
}.to raise_error(Puppet::Error, /Parameter name failed/)
end
it 'should not require a value when ensure is absent' do
Puppet::Type.type(:ec2api_api_paste_ini).new(:name => 'DEFAULT/foo', :ensure => :absent)
end
it 'should accept a valid value' do
@ec2api_api_paste_ini[:value] = 'bar'
expect(@ec2api_api_paste_ini[:value]).to eq('bar')
end
it 'should not accept a value with whitespace' do
@ec2api_api_paste_ini[:value] = 'b ar'
expect(@ec2api_api_paste_ini[:value]).to eq('b ar')
end
it 'should accept valid ensure values' do
@ec2api_api_paste_ini[:ensure] = :present
expect(@ec2api_api_paste_ini[:ensure]).to eq(:present)
@ec2api_api_paste_ini[:ensure] = :absent
expect(@ec2api_api_paste_ini[:ensure]).to eq(:absent)
end
it 'should not accept invalid ensure values' do
expect {
@ec2api_api_paste_ini[:ensure] = :latest
}.to raise_error(Puppet::Error, /Invalid value/)
end
it 'should autorequire the package that install the file' do
catalog = Puppet::Resource::Catalog.new
package = Puppet::Type.type(:package).new(:name => 'ec2api')
catalog.add_resource package, @ec2api_api_paste_ini
dependency = @ec2api_api_paste_ini.autorequire
expect(dependency.size).to eq(1)
expect(dependency[0].target).to eq(@ec2api_api_paste_ini)
expect(dependency[0].source).to eq(package)
end
end

90
spec/unit/type/ec2api_config_spec.rb Normal file
View File

@ -0,0 +1,90 @@
#
# these tests are a little concerning b/c they are hacking around the
# modulepath, so these tests will not catch issues that may eventually arise
# related to loading these plugins.
# I could not, for the life of me, figure out how to programatcally set the modulepath
$LOAD_PATH.push(
File.join(
File.dirname(__FILE__),
'..',
'..',
'fixtures',
'modules',
'inifile',
'lib')
)
$LOAD_PATH.push(
File.join(
File.dirname(__FILE__),
'..',
'..',
'fixtures',
'modules',
'openstacklib',
'lib')
)
require 'spec_helper'
require 'puppet'
describe Puppet::Type.type(:ec2api_config) do
before :each do
@ec2api_config = Puppet::Type.type(:ec2api_config).new(:name => 'DEFAULT/foo', :value => 'bar')
end
it 'should require a name' do
expect {
Puppet::Type.type(:ec2api_config).new({})
}.to raise_error(Puppet::Error, 'Title or name must be provided')
end
it 'should not expect a name with whitespace' do
expect {
Puppet::Type.type(:ec2api_config).new(:name => 'f oo')
}.to raise_error(Puppet::Error, /Parameter name failed/)
end
it 'should fail when there is no section' do
expect {
Puppet::Type.type(:ec2api_config).new(:name => 'foo')
}.to raise_error(Puppet::Error, /Parameter name failed/)
end
it 'should not require a value when ensure is absent' do
Puppet::Type.type(:ec2api_config).new(:name => 'DEFAULT/foo', :ensure => :absent)
end
it 'should accept a valid value' do
@ec2api_config[:value] = 'bar'
expect(@ec2api_config[:value]).to eq('bar')
end
it 'should not accept a value with whitespace' do
@ec2api_config[:value] = 'b ar'
expect(@ec2api_config[:value]).to eq('b ar')
end
it 'should accept valid ensure values' do
@ec2api_config[:ensure] = :present
expect(@ec2api_config[:ensure]).to eq(:present)
@ec2api_config[:ensure] = :absent
expect(@ec2api_config[:ensure]).to eq(:absent)
end
it 'should not accept invalid ensure values' do
expect {
@ec2api_config[:ensure] = :latest
}.to raise_error(Puppet::Error, /Invalid value/)
end
it 'should autorequire the package that install the file' do
catalog = Puppet::Resource::Catalog.new
package = Puppet::Type.type(:package).new(:name => 'ec2api')
catalog.add_resource package, @ec2api_config
dependency = @ec2api_config.autorequire
expect(dependency.size).to eq(1)
expect(dependency[0].target).to eq(@ec2api_config)
expect(dependency[0].source).to eq(package)
end
end

29
tests/init.pp Normal file
View File

@ -0,0 +1,29 @@
# The baseline for module testing used by Puppet Labs is that each manifest
# should have a corresponding test manifest that declares that class or defined
# type.
#
# Tests are then run by using puppet apply --noop (to check for compilation
# errors and view a log of events) or by fully applying the test in a virtual
# environment (to compare the resulting system state to the desired state).
#
# Learn more about module testing here:
# http://docs.puppetlabs.com/guides/tests_smoke.html
#
# Install the packages, config files and logging
class { '::ec2api' :}
# Configure the MySQL db and user
class { '::ec2api::db::mysql' :}
# Configure Keystone user and endpoint
class { '::ec2api::keystone::auth' :}
# Confugure and run API service
class { '::ec2api::api' :}
# Confugure and run Metadata service
class { '::ec2api::metadata' :}
# Confugure and run S3 service
class { '::ec2api::s3' :}