openstack/puppet-ironic
Code Issues Proposed changes

Implement WSGI support for Ironic API

Browse Source 
* Using the same method as other OpenStack modules, add WSGI support in
  manifests.
* Change functional testing to run apache by default.

Change-Id: I96047373b8ee27eade21e1b5b466d8bb7259ddb8
This commit is contained in:
Emilien Macchi
2016-01-04 16:39:25 -05:00
parent 8ff1b22c5f
commit 2af5037a07
6 changed files with 344 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

48
manifests/api.pp
View File

@@ -91,10 +91,20 @@
# (Optional) The number of workers to spawn.
# Defaults to $::os_service_default.
#
# [*service_name*]
# (optional) Name of the service that will be providing the
# server functionality of ironic-api.
# If the value is 'httpd', this means ironic-api will be a web
# service, and you must use another class to configure that
# web service. For example, use class { 'ironic::wsgi::apache'...}
# to make ironic-api be a web app using apache mod_wsgi.
# Defaults to '$::ironic::params::api_service'
#
class ironic::api (
$package_ensure = 'present',
$enabled = true,
$service_name = $::ironic::params::api_service,
$host_ip = '0.0.0.0',
$port = '6385',
$max_limit = '1000',
@@ -111,13 +121,13 @@ class ironic::api (
$auth_port = '35357',
$auth_protocol = 'http',
$auth_admin_prefix = false,
) {
) inherits ironic::params {
include ::ironic::params
include ::ironic::policy
Ironic_config<||> ~> Service['ironic-api']
Class['ironic::policy'] ~> Service['ironic-api']
Ironic_config<||> ~> Service[$service_name]
Class['ironic::policy'] ~> Service[$service_name]
# Configure ironic.conf
ironic_config {
@@ -130,7 +140,7 @@ class ironic::api (
# Install package
if $::ironic::params::api_package {
Package['ironic-api'] -> Class['ironic::policy']
Package['ironic-api'] -> Service['ironic-api']
Package['ironic-api'] -> Service[$service_name]
package { 'ironic-api':
ensure => $package_ensure,
name => $::ironic::params::api_package,
@@ -144,15 +154,31 @@ class ironic::api (
$ensure = 'stopped'
}
# Manage service
service { 'ironic-api':
ensure => $ensure,
name => $::ironic::params::api_service,
enable => $enabled,
hasstatus => true,
tag => 'ironic-service',
if $service_name == $::ironic::params::api_service {
service { 'ironic-api':
ensure => $ensure,
name => $::ironic::params::api_service,
enable => $enabled,
hasstatus => true,
hasrestart => true,
tag => 'ironic-service',
}
} elsif $service_name == 'httpd' {
include ::apache::params
service { 'ironic-api':
ensure => 'stopped',
name => $::ironic::params::api_service,
enable => false,
tag => 'ironic-service',
}
# we need to make sure ironic-api/eventlet is stopped before trying to start apache
Service['ironic-api'] -> Service[$service_name]
} else {
fail('Invalid service_name. Either ironic-api/openstack-ironic-api for running as a standalone service, or httpd for being run by a httpd server')
}
if $neutron_url {
ironic_config { 'neutron/url': value => $neutron_url; }
} else {

4
manifests/params.pp
View File

@@ -39,6 +39,8 @@ class ironic::params {
$inspector_dnsmasq_service = 'openstack-ironic-inspector-dnsmasq'
$sqlite_package_name = undef
$pymysql_package_name = undef
$ironic_wsgi_script_path = '/var/www/cgi-bin/ironic'
$ironic_wsgi_script_source = '/usr/lib/python2.7/site-packages/ironic/api/app.wsgi'
}
'Debian': {
$common_package_name = 'ironic-common'
@@ -55,6 +57,8 @@ class ironic::params {
$inspector_dnsmasq_service = 'ironic-inspector-dnsmasq'
$sqlite_package_name = 'python-pysqlite2'
$pymysql_package_name = 'python-pymysql'
$ironic_wsgi_script_path = '/usr/lib/cgi-bin/ironic'
$ironic_wsgi_script_source = '/usr/lib/python2.7/dist-packages/ironic/api/app.wsgi'
}
default: {
fail("Unsupported osfamily ${::osfamily}")

125
manifests/wsgi/apache.pp Normal file
View File

@@ -0,0 +1,125 @@
# Copyright 2015 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# Class to serve ironic API with apache mod_wsgi in place of ironic-api service.
# Serving ironic API from apache is the recommended way to go for production
# because of limited performance for concurrent accesses when running eventlet.
# When using this class you should disable your ironic-api service.
#
# == Parameters
#
# [*servername*]
# The servername for the virtualhost.
# Optional. Defaults to $::fqdn
#
# [*port*]
# The port.
# Optional. Defaults to 6385
#
# [*bind_host*]
# The host/ip address Apache will listen on.
# Optional. Defaults to undef (listen on all ip addresses).
#
# [*path*]
# The prefix for the endpoint.
# Optional. Defaults to '/'
#
# [*ssl*]
# Use ssl ? (boolean)
# Optional. Defaults to true
#
# [*workers*]
# Number of WSGI workers to spawn.
# Optional. Defaults to 1
#
# [*priority*]
# (optional) The priority for the vhost.
# Defaults to '10'
#
# [*threads*]
# (optional) The number of threads for the vhost.
# Defaults to $::processorcount
#
# [*ssl_cert*]
# [*ssl_key*]
# [*ssl_chain*]
# [*ssl_ca*]
# [*ssl_crl_path*]
# [*ssl_crl*]
# [*ssl_certs_dir*]
# apache::vhost ssl parameters.
# Optional. Default to apache::vhost 'ssl_*' defaults.
#
# == Dependencies
#
# requires Class['apache'] & Class['ironic']
#
# == Examples
#
# include apache
#
# class { 'ironic::wsgi::apache': }
#
class ironic::wsgi::apache (
$servername = $::fqdn,
$port = 6385,
$bind_host = undef,
$path = '/',
$ssl = true,
$workers = 1,
$ssl_cert = undef,
$ssl_key = undef,
$ssl_chain = undef,
$ssl_ca = undef,
$ssl_crl_path = undef,
$ssl_crl = undef,
$ssl_certs_dir = undef,
$threads = $::processorcount,
$priority = '10',
) {
include ::ironic::params
include ::apache
include ::apache::mod::wsgi
if $ssl {
include ::apache::mod::ssl
}
::openstacklib::wsgi::apache { 'ironic_wsgi':
bind_host => $bind_host,
bind_port => $port,
group => 'ironic',
path => $path,
priority => $priority,
servername => $servername,
ssl => $ssl,
ssl_ca => $ssl_ca,
ssl_cert => $ssl_cert,
ssl_certs_dir => $ssl_certs_dir,
ssl_chain => $ssl_chain,
ssl_crl => $ssl_crl,
ssl_crl_path => $ssl_crl_path,
ssl_key => $ssl_key,
threads => $threads,
user => 'ironic',
workers => $workers,
wsgi_daemon_process => 'ironic',
wsgi_process_group => 'ironic',
wsgi_script_dir => $::ironic::params::ironic_wsgi_script_path,
wsgi_script_file => 'app',
wsgi_script_source => $::ironic::params::ironic_wsgi_script_source,
}
}

10
spec/acceptance/basic_ironic_spec.rb → spec/acceptance/ironic_wsgi_apache_spec.rb
View File

@@ -50,7 +50,11 @@ describe 'basic ironic' do
class { '::ironic::conductor': }
class { '::ironic::api':
admin_password => 'a_big_secret',
workers => '2',
service_name => 'httpd',
}
include ::apache
class { '::ironic::wsgi::apache':
ssl => false,
}
class { '::ironic::drivers::ipmi': }
@@ -81,7 +85,7 @@ describe 'basic ironic' do
if os[:family].casecmp('RedHat') == 0
# Ironic API port
describe port(6385) do
it { is_expected.to be_listening.with('tcp') }
it { is_expected.to be_listening }
end
# Inspector API port
describe port(5050) do
@@ -90,7 +94,7 @@ describe 'basic ironic' do
else # Inspector is not packaged, so only test Ironic
# Ironic API port
describe port(6385) do
it { is_expected.to be_listening.with('tcp') }
it { is_expected.to be_listening }
end
end

50
spec/classes/ironic_api_spec.rb
View File

@@ -126,11 +126,48 @@ describe 'ironic::api' do
end
end
context 'when running ironic-api in wsgi' do
before do
params.merge!({ :service_name => 'httpd' })
end
let :pre_condition do
"include ::apache"
end
it 'configures ironic-api service with Apache' do
is_expected.to contain_service('ironic-api').with(
:ensure => 'stopped',
:name => platform_params[:api_service],
:enable => false,
:tag => 'ironic-service',
)
end
end
context 'when service_name is not valid' do
before do
params.merge!({ :service_name => 'foobar' })
end
let :pre_condition do
"include ::apache"
end
it_raises 'a Puppet::Error', /Invalid service_name/
end
end
context 'on Debian platforms' do
let :facts do
@default_facts.merge({ :osfamily => 'Debian' })
@default_facts.merge({
:osfamily => 'Debian',
:operatingsystem => 'Debian',
:operatingsystemrelease => '8.0',
:concat_basedir => '/var/lib/puppet/concat',
:fqdn => 'some.host.tld',
:processorcount => 2,
})
end
let :platform_params do
@@ -143,11 +180,18 @@ describe 'ironic::api' do
context 'on RedHat platforms' do
let :facts do
@default_facts.merge({ :osfamily => 'RedHat' })
@default_facts.merge({
:osfamily => 'RedHat',
:operatingsystem => 'RedHat',
:operatingsystemrelease => '7.2',
:concat_basedir => '/var/lib/puppet/concat',
:fqdn => 'some.host.tld',
:processorcount => 2,
})
end
let :platform_params do
{ :api_service => 'ironic-api' }
{ :api_service => 'openstack-ironic-api' }
end
it_configures 'ironic api'

124
spec/classes/ironic_wsgi_apache_spec.rb Normal file
View File

@@ -0,0 +1,124 @@
require 'spec_helper'
describe 'ironic::wsgi::apache' do
let :global_facts do
{
:processorcount => 42,
:concat_basedir => '/var/lib/puppet/concat',
:fqdn => 'some.host.tld'
}
end
shared_examples_for 'apache serving ironic with mod_wsgi' do
it { is_expected.to contain_service('httpd').with_name(platform_parameters[:httpd_service_name]) }
it { is_expected.to contain_class('ironic::params') }
it { is_expected.to contain_class('apache') }
it { is_expected.to contain_class('apache::mod::wsgi') }
describe 'with default parameters' do
it { is_expected.to contain_file("#{platform_parameters[:wsgi_script_path]}").with(
'ensure' => 'directory',
'owner' => 'ironic',
'group' => 'ironic',
'require' => 'Package[httpd]'
)}
it { is_expected.to contain_file('ironic_wsgi').with(
'ensure' => 'file',
'path' => "#{platform_parameters[:wsgi_script_path]}/app",
'source' => "#{platform_parameters[:wsgi_script_source]}",
'owner' => 'ironic',
'group' => 'ironic',
'mode' => '0644'
)}
it { is_expected.to contain_file('ironic_wsgi').that_requires("File[#{platform_parameters[:wsgi_script_path]}]") }
it { is_expected.to contain_apache__vhost('ironic_wsgi').with(
'servername' => 'some.host.tld',
'ip' => nil,
'port' => '6385',
'docroot' => "#{platform_parameters[:wsgi_script_path]}",
'docroot_owner' => 'ironic',
'docroot_group' => 'ironic',
'ssl' => 'true',
'wsgi_daemon_process' => 'ironic',
'wsgi_process_group' => 'ironic',
'wsgi_script_aliases' => { '/' => "#{platform_parameters[:wsgi_script_path]}/app" },
'require' => 'File[ironic_wsgi]'
)}
it { is_expected.to contain_file("#{platform_parameters[:httpd_ports_file]}") }
end
describe 'when overriding parameters using different ports' do
let :params do
{
:servername => 'dummy.host',
:bind_host => '10.42.51.1',
:port => 12345,
:ssl => false,
:workers => 37,
}
end
it { is_expected.to contain_apache__vhost('ironic_wsgi').with(
'servername' => 'dummy.host',
'ip' => '10.42.51.1',
'port' => '12345',
'docroot' => "#{platform_parameters[:wsgi_script_path]}",
'docroot_owner' => 'ironic',
'docroot_group' => 'ironic',
'ssl' => 'false',
'wsgi_daemon_process' => 'ironic',
'wsgi_process_group' => 'ironic',
'wsgi_script_aliases' => { '/' => "#{platform_parameters[:wsgi_script_path]}/app" },
'require' => 'File[ironic_wsgi]'
)}
it { is_expected.to contain_file("#{platform_parameters[:httpd_ports_file]}") }
end
end
context 'on RedHat platforms' do
let :facts do
global_facts.merge({
:osfamily => 'RedHat',
:operatingsystemrelease => '7.0'
})
end
let :platform_parameters do
{
:httpd_service_name => 'httpd',
:httpd_ports_file => '/etc/httpd/conf/ports.conf',
:wsgi_script_path => '/var/www/cgi-bin/ironic',
:wsgi_script_source => '/usr/lib/python2.7/site-packages/ironic/api/app.wsgi',
}
end
it_configures 'apache serving ironic with mod_wsgi'
end
context 'on Debian platforms' do
let :facts do
global_facts.merge({
:osfamily => 'Debian',
:operatingsystem => 'Debian',
:operatingsystemrelease => '7.0'
})
end
let :platform_parameters do
{
:httpd_service_name => 'apache2',
:httpd_ports_file => '/etc/apache2/ports.conf',
:wsgi_script_path => '/usr/lib/cgi-bin/ironic',
:wsgi_script_source => '/usr/lib/python2.7/dist-packages/ironic/api/app.wsgi',
}
end
it_configures 'apache serving ironic with mod_wsgi'
end
end