openstack/puppet-keystone
Code Issues Proposed changes

Use openstacklib::wsgi::apache for keystone wsgi

Browse Source 
This patch changes the usage of the of
apache::vhost to openstacklib::wsgi::apache.

Also removes the wsgi_script_source param
that was deprecated in Mitaka.

Fixes and cleans up spec testing, cleans up
documentation in the manifest to conform
with the overall standard.

Depends-On: I31096140a6f355ec99496053fb06ce6c73094180
Change-Id: Ic11a0aea68a04d370453a7e81218642e0e150a9f
Closes-Bug: 1657582
This commit is contained in:
Tobias Urdin 2018-04-04 20:12:58 +02:00 committed by Alex Schultz
parent 73f863e21c
commit 15c06a78ae
3 changed files with 442 additions and 494 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

454
manifests/wsgi/apache.pp
View File

@ -1,212 +1,182 @@
#
# Class to serve keystone with apache mod_wsgi in place of keystone service
# Copyright 2013 eNovance <licensing@enovance.com>
#
# Serving keystone from apache is the recommended way to go for production
# systems as the current keystone implementation is not multi-processor aware,
# thus limiting the performance for concurrent accesses.
# Author: Francois Charlier <francois.charlier@enovance.com>
#
# See the following URIs for reference:
# https://etherpad.openstack.org/havana-keystone-performance
# http://adam.younglogic.com/2012/03/keystone-should-move-to-apache-httpd/
# == Class: keystone::wsgi::apache
#
# Serve keystone with apache mod_wsgi in place of keystone service
# When using this class you should disable your keystone service.
#
# == Parameters
#
# [*servername*]
# The servername for the virtualhost.
# Optional. Defaults to $::fqdn
# [*servername*]
# (Optional) The servername for the virtualhost.
# Defaults to $::fqdn
#
# [*servername_admin*]
# The servername for the admin virtualhost.
# Optional. Defaults to $servername
# [*servername_admin*]
# (Optional) The servername for the admin virtualhost.
# Defaults to $servername
#
# [*public_port*]
# The public port.
# Optional. Defaults to 5000
# [*public_port*]
# (Optional) The public port.
# Defaults to 5000
#
# [*admin_port*]
# The admin port.
# Optional. Defaults to 35357
# [*admin_port*]
# (Optional) The admin port.
# Defaults to 35357
#
# [*bind_host*]
# The host/ip address Apache will listen on.
# Optional. Defaults to undef (listen on all ip addresses).
# [*bind_host*]
# (Optional) The host/ip address Apache will listen on.
# Defaults to undef (listen on all ip addresses)
#
# [*admin_bind_host*]
# The host/ip address Apache will listen on for admin API connections.
# Optional. Defaults to undef or bind_host if only that setting is used.
# [*admin_bind_host*]
# (Optional) The host/ip address Apache will listen on for admin API connections.
# Defaults to undef or bind_host if only that setting is used
#
# [*public_path*]
# The prefix for the public endpoint.
# Optional. Defaults to '/'
# [*public_path*]
# (Optional) The prefix for the public endpoint.
# Defaults to '/'
#
# [*admin_path*]
# The prefix for the admin endpoint.
# Optional. Defaults to '/'
# [*admin_path*]
# (Optional) The prefix for the admin endpoint.
# Defaults to '/'
#
# [*ssl*]
# Use ssl ? (boolean)
# Optional. Defaults to true
# [*ssl*]
# (Optional) Use SSL.
# Defaults to true
#
# [*workers*]
# Number of WSGI workers to spawn.
# Optional. Defaults to $::os_workers
# [*workers*]
# (Optional) Number of WSGI workers to spawn.
# Defaults to $::os_workers
#
# [*ssl_cert*]
# (optional) Path to SSL certificate
# Default to apache::vhost 'ssl_*' defaults.
# [*ssl_cert*]
# (Optional) Path to SSL certificate
# Default to apache::vhost 'ssl_*' defaults
#
# [*ssl_key*]
# (optional) Path to SSL key
# Default to apache::vhost 'ssl_*' defaults.
# [*ssl_key*]
# (Optional) Path to SSL key
# Default to apache::vhost 'ssl_*' defaults
#
# [*ssl_cert_admin*]
# (optional) Path to SSL certificate for the admin endpoint.
# Default to apache::vhost 'ssl_*' defaults.
# [*ssl_cert_admin*]
# (Optional) Path to SSL certificate for the admin endpoint.
# Default to apache::vhost 'ssl_*' defaults
#
# [*ssl_key_admin*]
# (optional) Path to SSL key for the admin endpoint.
# Default to apache::vhost 'ssl_*' defaults.
# [*ssl_key_admin*]
# (Optional) Path to SSL key for the admin endpoint.
# Default to apache::vhost 'ssl_*' defaults
#
# [*ssl_chain*]
# (optional) SSL chain
# Default to apache::vhost 'ssl_*' defaults.
# [*ssl_chain*]
# (Optional) SSL chain.
# Default to apache::vhost 'ssl_*' defaults
#
# [*ssl_ca*]
# (optional) Path to SSL certificate authority
# Default to apache::vhost 'ssl_*' defaults.
# [*ssl_ca*]
# (Optional) Path to SSL certificate authority.
# Default to apache::vhost 'ssl_*' defaults
#
# [*ssl_crl_path*]
# (optional) Path to SSL certificate revocation list
# Default to apache::vhost 'ssl_*' defaults.
# [*ssl_crl_path*]
# (Optional) Path to SSL certificate revocation list.
# Default to apache::vhost 'ssl_*' defaults
#
# [*ssl_crl*]
# (optional) SSL certificate revocation list name
# Default to apache::vhost 'ssl_*' defaults.
# [*ssl_crl*]
# (Optional) SSL certificate revocation list name.
# Default to apache::vhost 'ssl_*' defaults
#
# [*ssl_certs_dir*]
# apache::vhost ssl parameters.
# Optional. Default to apache::vhost 'ssl_*' defaults.
# [*ssl_certs_dir*]
# (Optional) apache::vhost ssl parameters.
# Default to apache::vhost 'ssl_*' defaults
#
# [*priority*]
# (optional) The priority for the vhost.
# Defaults to '10'
# [*priority*]
# (Optional) The priority for the vhost.
# Defaults to '10'
#
# [*threads*]
# (optional) The number of threads for the vhost.
# Defaults to 1
# [*threads*]
# (Optional) The number of threads for the vhost.
# Defaults to 1
#
# [*wsgi_application_group*]
# (optional) The application group of the WSGI script.
# Defaults to '%{GLOBAL}'
# [*wsgi_application_group*]
# (Optional) The application group of the WSGI script.
# Defaults to '%{GLOBAL}'
#
# [*wsgi_pass_authorization*]
# (optional) Whether HTTP authorisation headers are passed through to a WSGI
# script when the equivalent HTTP request headers are present.
# Defaults to 'On'
# [*wsgi_pass_authorization*]
# (Optional) Whether HTTP authorisation headers are passed through to a WSGI
# script when the equivalent HTTP request headers are present.
# Defaults to 'On'
#
# [*wsgi_script_ensure*]
# (optional) File ensure parameter for wsgi scripts.
# Defaults to undef.
# [*wsgi_admin_script_source*]
# (Optional) Wsgi script source for the admin endpoint. If set to undef
# $::keystone::params::keystone_wsgi_admin_script_path is used. This source
# is copied to the apache cgi-bin path as keystone-admin.
# Defaults to undef
#
# [*wsgi_admin_script_source*]
# (optional) Wsgi script source for the admin endpoint. If set to undef
# $::keystone::params::keystone_wsgi_admin_script_path is used. This source
# is copied to the apache cgi-bin path as keystone-admin.
# Defaults to undef.
# [*wsgi_public_script_source*]
# (Optional) Wsgi script source for the public endpoint. If set to undef
# $::keystone::params::keystone_wsgi_public_script_path is used. This source
# is copied to the apache cgi-bin path as keystone-main.
# Defaults to undef
#
# [*wsgi_public_script_source*]
# (optional) Wsgi script source for the public endpoint. If set to undef
# $::keystone::params::keystone_wsgi_public_script_path is used. This source
# is copied to the apache cgi-bin path as keystone-admin.
# Defaults to undef.
# [*custom_wsgi_process_options_main*]
# (Optional) gives you the oportunity to add custom process options or to
# overwrite the default options for the WSGI main process.
# For example to use a virtual python environment for the WSGI process
# you could set it to:
# { python-path => '/my/python/virtualenv' }
# Defaults to {}
#
# [*custom_wsgi_process_options_main*]
# (optional) gives you the oportunity to add custom process options or to
# overwrite the default options for the WSGI main process.
# eg. to use a virtual python environment for the WSGI process
# you could set it to:
# { python-path => '/my/python/virtualenv' }
# Defaults to {}
# [*custom_wsgi_process_options_admin*]
# (Optional) gives you the oportunity to add custom process options or to
# overwrite the default options for the WSGI admin process.
# eg. to use a virtual python environment for the WSGI process
# you could set it to:
# { python-path => '/my/python/virtualenv' }
# Defaults to {}
#
# [*custom_wsgi_process_options_admin*]
# (optional) gives you the oportunity to add custom process options or to
# overwrite the default options for the WSGI admin process.
# eg. to use a virtual python environment for the WSGI process
# you could set it to:
# { python-path => '/my/python/virtualenv' }
# Defaults to {}
# [*access_log_file*]
# (Optional) The log file name for the virtualhost.
# Defaults to false
#
# [*access_log_file*]
# The log file name for the virtualhost.
# Optional. Defaults to false.
# [*access_log_pipe*]
# (Optional) Specifies a pipe where Apache sends access logs for the virtualhost.
# Defaults to false
#
# [*access_log_pipe*]
# Specifies a pipe where Apache sends access logs for the virtualhost.
# Optional. Defaults to false.
# [*access_log_syslog*]
# (Optional) Sends the virtualhost access log messages to syslog.
# Defaults to false
#
# [*access_log_syslog*]
# Sends the virtualhost access log messages to syslog.
# Optional. Defaults to false.
# [*access_log_format*]
# (Optional) The log format for the virtualhost.
# Defaults to false
#
# [*access_log_format*]
# The log format for the virtualhost.
# Optional. Defaults to false.
# [*error_log_file*]
# (Optional) The error log file name for the virtualhost.
# Defaults to undef
#
# [*error_log_file*]
# The error log file name for the virtualhost.
# Optional. Defaults to undef.
# [*error_log_pipe*]
# (Optional) Specifies a pipe where Apache sends error logs for the virtualhost.
# Defaults to undef
#
# [*error_log_pipe*]
# Specifies a pipe where Apache sends error logs for the virtualhost.
# Optional. Defaults to undef.
# [*error_log_syslog*]
# (Optional) Sends the virtualhost error log messages to syslog.
# Defaults to undef
#
# [*error_log_syslog*]
# Sends the virtualhost error log messages to syslog.
# Optional. Defaults to undef.
# [*headers*]
# (Optional) Headers for the vhost.
# Defaults to undef
#
# [*headers*]
# (optional) Headers for the vhost.
# Defaults to undef.
# [*vhost_custom_fragment*]
# (Optional) Passes a string of custom configuration
# directives to be placed at the end of the vhost configuration.
# Defaults to undef
#
# [*vhost_custom_fragment*]
# (optional) Passes a string of custom configuration
# directives to be placed at the end of the vhost configuration.
# Defaults to undef.
# [*wsgi_chunked_request*]
# (Optional) apache::vhost wsgi_chunked_request parameter.
# Defaults to undef
#
# [*wsgi_chunked_request*]
# (optional) apache::vhost wsgi_chunked_request parameter.
# Defaults to undef
# DEPRECATED PARAMETERS
#
# DEPRECATED OPTIONS
#
# [*wsgi_script_source*]
# (optional) Wsgi script source.
# Defaults to undef.
#
# == Dependencies
#
# requires Class['apache'] & Class['keystone']
#
# == Examples
#
# include apache
#
# class { 'keystone::wsgi::apache': }
#
# == Note about ports & paths
#
# When using same port for both endpoints (443 anyone ?), you *MUST* use two
# different public_path & admin_path !
#
# == Authors
#
# Francois Charlier <francois.charlier@enovance.com>
#
# == Copyright
#
# Copyright 2013 eNovance <licensing@enovance.com>
# [*wsgi_script_ensure*]
# (Optional) File ensure parameter for wsgi scripts.
# Defaults to undef
#
class keystone::wsgi::apache (
$servername = $::fqdn,
@ -235,7 +205,6 @@ class keystone::wsgi::apache (
$wsgi_chunked_request = undef,
$wsgi_admin_script_source = $::keystone::params::keystone_wsgi_admin_script_path,
$wsgi_public_script_source = $::keystone::params::keystone_wsgi_public_script_path,
$wsgi_script_ensure = undef,
$access_log_file = false,
$access_log_pipe = false,
$access_log_syslog = false,
@ -247,21 +216,17 @@ class keystone::wsgi::apache (
$vhost_custom_fragment = undef,
$custom_wsgi_process_options_main = {},
$custom_wsgi_process_options_admin = {},
#DEPRECATED
$wsgi_script_source = undef,
## DEPRECATED PARAMETERS
$wsgi_script_ensure = undef,
) inherits ::keystone::params {
include ::keystone::deps
include ::apache
include ::apache::mod::wsgi
$servername_admin_real = pick_default($servername_admin, $servername)
if $ssl {
include ::apache::mod::ssl
# Attempt to use the admin cert/key, else default to the public one.
# Since it's possible that no cert/key were given, we allow this to be
# empty with pick_default
# Since it's possible that no cert/key were given, we allow this to be empty with pick_default
$ssl_cert_admin_real = pick_default($ssl_cert_admin, $ssl_cert)
$ssl_key_admin_real = pick_default($ssl_key_admin, $ssl_key)
} else {
@ -289,15 +254,12 @@ class keystone::wsgi::apache (
Anchor['keystone::config::end']
~> Service['httpd']
## Sanitize parameters
# Ensure there's no trailing '/' except if this is also the only character
$public_path_real = regsubst($public_path, '(^/.*)/$', '\1')
# Ensure there's no trailing '/' except if this is also the only character
$admin_path_real = regsubst($admin_path, '(^/.*)/$', '\1')
if $public_port == $admin_port and $public_path_real == $admin_path_real {
fail('When using the same port for public & private endpoints, public_path and admin_path should be different.')
fail('When using the same port for public and admin endpoints, public_path and admin_path should be different.')
}
file { $::keystone::params::keystone_wsgi_script_path:
@ -308,74 +270,32 @@ class keystone::wsgi::apache (
require => Anchor['keystone::install::end'],
}
$wsgi_file_target = $wsgi_script_ensure ? {
'link' => 'target',
default => 'source'
# TODO(tobasco): Delete this when wsgi_script_ensure is removed.
if $wsgi_script_ensure {
warning('wsgi_script_ensure has NO effect and is deprecated for removal')
}
$wsgi_file_defaults = {
'ensure' => $wsgi_script_ensure,
'owner' => 'keystone',
'group' => 'keystone',
'mode' => '0644',
'require' => File[$::keystone::params::keystone_wsgi_script_path],
}
if $wsgi_script_source {
warning("The single wsgi script source has been deprecated as part of the Mitaka cycle, please switch to \
\$wsgi_admin_script_source and \$wsgi_public_script_source")
$wsgi_admin_source = $wsgi_script_source
$wsgi_public_source = $wsgi_script_source
} else {
$wsgi_admin_source = $wsgi_admin_script_source
$wsgi_public_source = $wsgi_public_script_source
}
$wsgi_files = {
'keystone_wsgi_admin' => {
'path' => "${::keystone::params::keystone_wsgi_script_path}/keystone-admin",
"${wsgi_file_target}" => $wsgi_admin_source,
},
'keystone_wsgi_main' => {
'path' => "${::keystone::params::keystone_wsgi_script_path}/keystone-public",
"${wsgi_file_target}" => $wsgi_public_source,
},
}
create_resources('file', $wsgi_files, $wsgi_file_defaults)
$wsgi_daemon_process_options_main = merge(
{
user => 'keystone',
group => 'keystone',
processes => $workers,
threads => $threads,
display-name => 'keystone-main',
},
$custom_wsgi_process_options_main
)
$wsgi_daemon_process_options_admin = merge(
{
user => 'keystone',
group => 'keystone',
processes => $workers,
threads => $threads,
display-name => 'keystone-admin',
},
$custom_wsgi_process_options_admin
)
$wsgi_script_aliases_main = hash([$public_path_real,"${::keystone::params::keystone_wsgi_script_path}/keystone-public"])
$wsgi_script_aliases_admin = hash([$admin_path_real, "${::keystone::params::keystone_wsgi_script_path}/keystone-admin"])
if $public_port == $admin_port {
$wsgi_script_aliases_main_real = merge($wsgi_script_aliases_main, $wsgi_script_aliases_admin)
$custom_wsgi_script_aliases = { $admin_path_real => "${::keystone::params::keystone_wsgi_script_path}/keystone-admin" }
# NOTE(tobasco): Create this here since openstacklib::wsgi::apache only handles
# the keystone-public file if running public and admin on the same port.
file { 'keystone_wsgi_admin':
ensure => present,
path => "${::keystone::params::keystone_wsgi_script_path}/keystone-admin",
owner => 'keystone',
group => 'keystone',
mode => '0644',
source => $wsgi_admin_script_source,
require => File[$::keystone::params::keystone_wsgi_script_path],
}
$apache_require = [
File['keystone_wsgi_admin'],
]
} else {
$wsgi_script_aliases_main_real = $wsgi_script_aliases_main
$custom_wsgi_script_aliases = undef
$apache_require = []
}
if $admin_bind_host {
@ -385,14 +305,15 @@ class keystone::wsgi::apache (
$real_admin_bind_host = $bind_host
}
::apache::vhost { 'keystone_wsgi_main':
ensure => 'present',
::openstacklib::wsgi::apache { 'keystone_wsgi_main':
servername => $servername,
ip => $bind_host,
port => $public_port,
docroot => $::keystone::params::keystone_wsgi_script_path,
docroot_owner => 'keystone',
docroot_group => 'keystone',
bind_host => $bind_host,
bind_port => $public_port,
group => 'keystone',
path => $public_path_real,
workers => $workers,
threads => $threads,
user => 'keystone',
priority => $priority,
ssl => $ssl,
ssl_cert => $ssl_cert,
@ -403,15 +324,18 @@ class keystone::wsgi::apache (
ssl_crl => $ssl_crl,
ssl_certs_dir => $ssl_certs_dir,
wsgi_daemon_process => 'keystone_main',
wsgi_daemon_process_options => $wsgi_daemon_process_options_main,
wsgi_process_display_name => 'keystone-main',
wsgi_process_group => 'keystone_main',
wsgi_script_aliases => $wsgi_script_aliases_main_real,
wsgi_script_dir => $::keystone::params::keystone_wsgi_script_path,
wsgi_script_file => 'keystone-public',
wsgi_script_source => $wsgi_public_script_source,
wsgi_application_group => $wsgi_application_group,
wsgi_pass_authorization => $wsgi_pass_authorization,
headers => $headers,
custom_fragment => $vhost_custom_fragment,
wsgi_chunked_request => $wsgi_chunked_request,
require => File['keystone_wsgi_main'],
headers => $headers,
custom_wsgi_process_options => $custom_wsgi_process_options_main,
custom_wsgi_script_aliases => $custom_wsgi_script_aliases,
vhost_custom_fragment => $vhost_custom_fragment,
access_log_file => $access_log_file,
access_log_pipe => $access_log_pipe,
access_log_syslog => $access_log_syslog,
@ -419,17 +343,19 @@ class keystone::wsgi::apache (
error_log_file => $error_log_file,
error_log_pipe => $error_log_pipe,
error_log_syslog => $error_log_syslog,
require => $apache_require,
}
if $public_port != $admin_port {
::apache::vhost { 'keystone_wsgi_admin':
ensure => 'present',
::openstacklib::wsgi::apache { 'keystone_wsgi_admin':
servername => $servername_admin_real,
ip => $real_admin_bind_host,
port => $admin_port,
docroot => $::keystone::params::keystone_wsgi_script_path,
docroot_owner => 'keystone',
docroot_group => 'keystone',
bind_host => $real_admin_bind_host,
bind_port => $admin_port,
group => 'keystone',
path => $admin_path_real,
workers => $workers,
threads => $threads,
user => 'keystone',
priority => $priority,
ssl => $ssl,
ssl_cert => $ssl_cert_admin_real,
@ -440,15 +366,17 @@ class keystone::wsgi::apache (
ssl_crl => $ssl_crl,
ssl_certs_dir => $ssl_certs_dir,
wsgi_daemon_process => 'keystone_admin',
wsgi_daemon_process_options => $wsgi_daemon_process_options_admin,
wsgi_process_display_name => 'keystone-admin',
wsgi_process_group => 'keystone_admin',
wsgi_script_aliases => $wsgi_script_aliases_admin,
wsgi_script_dir => $::keystone::params::keystone_wsgi_script_path,
wsgi_script_file => 'keystone-admin',
wsgi_script_source => $wsgi_admin_script_source,
wsgi_application_group => $wsgi_application_group,
wsgi_pass_authorization => $wsgi_pass_authorization,
headers => $headers,
custom_fragment => $vhost_custom_fragment,
custom_wsgi_process_options => $custom_wsgi_process_options_admin,
vhost_custom_fragment => $vhost_custom_fragment,
wsgi_chunked_request => $wsgi_chunked_request,
require => File['keystone_wsgi_admin'],
headers => $headers,
access_log_file => $access_log_file,
access_log_pipe => $access_log_pipe,
access_log_syslog => $access_log_syslog,

8
releasenotes/notes/keystone-openstacklib-wsgi-0d565551ab88906c.yaml Normal file
View File

@ -0,0 +1,8 @@
---
upgrade:
- |
The deprecated parameter keystone::wsgi::apache::wsgi_script_source is now removed.
Please use the wsgi_public_script_source and wsgi_admin_script_source instead.
deprecations:
- |
The wsgi_script_ensure parameter now has NO affect and is deprecated for removal.

474
spec/classes/keystone_wsgi_apache_spec.rb
View File

@ -17,103 +17,99 @@ describe 'keystone::wsgi::apache' do
end
shared_examples_for 'apache serving keystone with mod_wsgi' do
it { is_expected.to contain_service('httpd').with_name(platform_parameters[:httpd_service_name]) }
it { is_expected.to contain_service('httpd').with_name(platform_params[:httpd_service_name]) }
it { is_expected.to contain_class('keystone::params') }
it { is_expected.to contain_class('apache') }
it { is_expected.to contain_class('apache::mod::wsgi') }
it { is_expected.to contain_class('apache::mod::ssl') }
it { is_expected.to contain_class('keystone::db::sync') }
describe 'with default parameters' do
it { is_expected.to contain_file("#{platform_parameters[:wsgi_script_path]}").with(
'ensure' => 'directory',
'owner' => 'keystone',
'group' => 'keystone',
'require' => 'Anchor[keystone::install::end]',
it { is_expected.to contain_file("#{platform_params[:wsgi_script_path]}").with(
:ensure => 'directory',
:owner => 'keystone',
:group => 'keystone',
:require => 'Anchor[keystone::install::end]',
)}
it { is_expected.to contain_file('keystone_wsgi_admin').with(
'ensure' => 'file',
'path' => "#{platform_parameters[:wsgi_script_path]}/keystone-admin",
'source' => platform_parameters[:wsgi_admin_script_source],
'owner' => 'keystone',
'group' => 'keystone',
'mode' => '0644',
'require' => "File[#{platform_parameters[:wsgi_script_path]}]",
:ensure => 'file',
:path => "#{platform_params[:wsgi_script_path]}/keystone-admin",
:source => platform_params[:wsgi_admin_script_source],
:owner => 'keystone',
:group => 'keystone',
:mode => '0644',
:require => "File[#{platform_params[:wsgi_script_path]}]",
)}
it { is_expected.to contain_file('keystone_wsgi_main').with(
'ensure' => 'file',
'path' => "#{platform_parameters[:wsgi_script_path]}/keystone-public",
'source' => platform_parameters[:wsgi_public_script_source],
'owner' => 'keystone',
'group' => 'keystone',
'mode' => '0644',
'require' => "File[#{platform_parameters[:wsgi_script_path]}]",
:ensure => 'file',
:path => "#{platform_params[:wsgi_script_path]}/keystone-public",
:source => platform_params[:wsgi_public_script_source],
:owner => 'keystone',
:group => 'keystone',
:mode => '0644',
:require => "File[#{platform_params[:wsgi_script_path]}]",
)}
it { is_expected.to contain_apache__vhost('keystone_wsgi_admin').with(
'servername' => 'some.host.tld',
'ip' => nil,
'port' => '35357',
'docroot' => "#{platform_parameters[:wsgi_script_path]}",
'docroot_owner' => 'keystone',
'docroot_group' => 'keystone',
'ssl' => 'true',
'wsgi_daemon_process' => 'keystone_admin',
'wsgi_daemon_process_options' => {
'user' => 'keystone',
'group' => 'keystone',
'processes' => '42',
'threads' => '1',
'display-name' => 'keystone-admin',
},
'wsgi_process_group' => 'keystone_admin',
'wsgi_script_aliases' => { '/' => "#{platform_parameters[:wsgi_script_path]}/keystone-admin" },
'wsgi_application_group' => '%{GLOBAL}',
'wsgi_pass_authorization' => 'On',
'headers' => nil,
'require' => 'File[keystone_wsgi_admin]',
'access_log_file' => false,
'access_log_pipe' => false,
'access_log_syslog' => false,
'access_log_format' => false,
'error_log_file' => nil,
'error_log_pipe' => nil,
'error_log_syslog' => nil,
it { is_expected.to contain_openstacklib__wsgi__apache('keystone_wsgi_main').with(
:servername => 'some.host.tld',
:bind_port => 35357,
:group => 'keystone',
:workers => facts[:os_workers],
:threads => 1,
:user => 'keystone',
:priority => '10',
:ssl => true,
:wsgi_daemon_process => 'keystone_main',
:wsgi_process_display_name => 'keystone-main',
:wsgi_process_group => 'keystone_main',
:wsgi_application_group => '%{GLOBAL}',
:wsgi_script_dir => platform_params[:wsgi_script_path],
:wsgi_script_file => 'keystone-public',
:wsgi_pass_authorization => 'On',
:headers => nil,
:custom_wsgi_process_options => {},
:access_log_file => false,
:access_log_pipe => false,
:access_log_syslog => false,
:access_log_format => false,
:error_log_file => nil,
:error_log_pipe => nil,
:error_log_syslog => nil,
:require => 'File[keystone_wsgi_main]',
)}
it { is_expected.to contain_apache__vhost('keystone_wsgi_main').with(
'servername' => 'some.host.tld',
'ip' => nil,
'port' => '5000',
'docroot' => "#{platform_parameters[:wsgi_script_path]}",
'docroot_owner' => 'keystone',
'docroot_group' => 'keystone',
'ssl' => 'true',
'wsgi_daemon_process' => 'keystone_main',
'wsgi_daemon_process_options' => {
'user' => 'keystone',
'group' => 'keystone',
'processes' => '42',
'threads' => '1',
'display-name' => 'keystone-main',
},
'wsgi_process_group' => 'keystone_main',
'wsgi_script_aliases' => { '/' => "#{platform_parameters[:wsgi_script_path]}/main" },
'wsgi_application_group' => '%{GLOBAL}',
'wsgi_pass_authorization' => 'On',
'headers' => nil,
'require' => 'File[keystone_wsgi_main]',
'access_log_file' => false,
'access_log_pipe' => false,
'access_log_syslog' => false,
'access_log_format' => false,
'error_log_file' => nil,
'error_log_pipe' => nil,
'error_log_syslog' => nil,
it { is_expected.to contain_openstacklib__wsgi__apache('keystone_wsgi_admin').with(
:servername => 'some.host.tld',
:bind_port => 5000,
:group => 'keystone',
:workers => facts[:os_workers],
:threads => 1,
:user => 'keystone',
:priority => '10',
:ssl => true,
:wsgi_daemon_process => 'keystone_admin',
:wsgi_process_display_name => 'keystone-admin',
:wsgi_process_group => 'keystone_admin',
:wsgi_application_group => '%{GLOBAL}',
:wsgi_script_dir => platform_params[:wsgi_script_path],
:wsgi_script_file => 'keystone-admin',
:wsgi_pass_authorization => 'On',
:headers => nil,
:custom_wsgi_process_options => {},
:access_log_file => false,
:access_log_pipe => false,
:access_log_syslog => false,
:access_log_format => false,
:error_log_file => nil,
:error_log_pipe => nil,
:error_log_syslog => nil,
:require => 'File[keystone_wsgi_admin]',
)}
it { is_expected.to contain_concat("#{platform_parameters[:httpd_ports_file]}") }
it { is_expected.to contain_concat("#{platform_params[:httpd_ports_file]}") }
end
describe 'when overriding parameters using different ports' do
@ -130,55 +126,67 @@ describe 'keystone::wsgi::apache' do
}
end
it { is_expected.to contain_apache__vhost('keystone_wsgi_admin').with(
'servername' => 'dummy.host',
'ip' => '10.42.51.2',
'port' => '4142',
'docroot' => "#{platform_parameters[:wsgi_script_path]}",
'docroot_owner' => 'keystone',
'docroot_group' => 'keystone',
'ssl' => 'false',
'wsgi_daemon_process' => 'keystone_admin',
'wsgi_daemon_process_options' => {
'user' => 'keystone',
'group' => 'keystone',
'processes' => '37',
'threads' => '1',
'display-name' => 'keystone-admin',
},
'wsgi_process_group' => 'keystone_admin',
'wsgi_script_aliases' => { '/' => "#{platform_parameters[:wsgi_script_path]}/keystone-admin" },
'wsgi_application_group' => '%{GLOBAL}',
'wsgi_pass_authorization' => 'On',
'require' => 'File[keystone_wsgi_admin]',
'custom_fragment' => 'LimitRequestFieldSize 81900'
it { is_expected.to contain_openstacklib__wsgi__apache('keystone_wsgi_main').with(
:servername => 'dummy.host',
:bind_host => '10.42.51.1',
:bind_port => 12345,
:user => 'keystone',
:group => 'keystone',
:workers => 37,
:threads => 1,
:priority => '10',
:ssl => false,
:wsgi_daemon_process => 'keystone_main',
:wsgi_process_display_name => 'keystone-main',
:wsgi_process_group => 'keystone_main',
:wsgi_application_group => '%{GLOBAL}',
:wsgi_script_dir => platform_params[:wsgi_script_path],
:wsgi_script_file => 'keystone-public',
:wsgi_pass_authorization => 'On',
:headers => nil,
:custom_wsgi_process_options => {},
:vhost_custom_fragment => 'LimitRequestFieldSize 81900',
:access_log_file => false,
:access_log_pipe => false,
:access_log_syslog => false,
:access_log_format => false,
:error_log_file => nil,
:error_log_pipe => nil,
:error_log_syslog => nil,
:require => 'File[keystone_wsgi_main]',
)}
it { is_expected.to contain_apache__vhost('keystone_wsgi_main').with(
'servername' => 'dummy.host',
'ip' => '10.42.51.1',
'port' => '12345',
'docroot' => "#{platform_parameters[:wsgi_script_path]}",
'docroot_owner' => 'keystone',
'docroot_group' => 'keystone',
'ssl' => 'false',
'wsgi_daemon_process' => 'keystone_main',
'wsgi_daemon_process_options' => {
'user' => 'keystone',
'group' => 'keystone',
'processes' => '37',
'threads' => '1',
'display-name' => 'keystone-main',
},
'wsgi_process_group' => 'keystone_main',
'wsgi_script_aliases' => { '/' => "#{platform_parameters[:wsgi_script_path]}/main" },
'wsgi_application_group' => '%{GLOBAL}',
'wsgi_pass_authorization' => 'On',
'require' => 'File[keystone_wsgi_main]',
'custom_fragment' => 'LimitRequestFieldSize 81900'
it { is_expected.to contain_openstacklib__wsgi__apache('keystone_wsgi_admin').with(
:servername => 'dummy.host',
:bind_host => '10.42.51.1',
:bind_port => 4142,
:group => 'keystone',
:workers => 37,
:threads => 1,
:user => 'keystone',
:priority => '10',
:ssl => false,
:wsgi_daemon_process => 'keystone_admin',
:wsgi_process_display_name => 'keystone-admin',
:wsgi_process_group => 'keystone_admin',
:wsgi_application_group => '%{GLOBAL}',
:wsgi_script_dir => platform_params[:wsgi_script_path],
:wsgi_script_file => 'keystone-admin',
:wsgi_pass_authorization => 'On',
:headers => nil,
:custom_wsgi_process_options => {},
:vhost_custom_fragment => 'LimitRequestFieldSize 81900',
:access_log_file => false,
:access_log_pipe => false,
:access_log_syslog => false,
:access_log_format => false,
:error_log_file => nil,
:error_log_pipe => nil,
:error_log_syslog => nil,
:require => 'File[keystone_wsgi_admin]',
)}
it { is_expected.to contain_concat("#{platform_parameters[:httpd_ports_file]}") }
it { is_expected.to contain_concat("#{platform_params[:httpd_ports_file]}") }
end
describe 'when admin_bind_host is not set default to bind_host' do
@ -194,15 +202,25 @@ describe 'keystone::wsgi::apache' do
}
end
it { is_expected.to contain_apache__vhost('keystone_wsgi_admin').with(
'ip' => '10.42.51.1'
it { is_expected.to contain_openstacklib__wsgi__apache('keystone_wsgi_main').with(
:servername => 'dummy.host',
:bind_host => '10.42.51.1',
:bind_port => 12345,
:ssl => false,
:workers => 37,
:vhost_custom_fragment => 'LimitRequestFieldSize 81900'
)}
it { is_expected.to contain_apache__vhost('keystone_wsgi_main').with(
'ip' => '10.42.51.1'
it { is_expected.to contain_openstacklib__wsgi__apache('keystone_wsgi_admin').with(
:servername => 'dummy.host',
:bind_host => '10.42.51.1',
:bind_port => 4142,
:ssl => false,
:workers => 37,
:vhost_custom_fragment => 'LimitRequestFieldSize 81900'
)}
it { is_expected.to contain_concat("#{platform_parameters[:httpd_ports_file]}") }
it { is_expected.to contain_concat("#{platform_params[:httpd_ports_file]}") }
end
describe 'when servername_admin is overridden' do
@ -213,12 +231,12 @@ describe 'keystone::wsgi::apache' do
}
end
it { is_expected.to contain_apache__vhost('keystone_wsgi_admin').with(
'servername' => 'dummy2.host',
it { is_expected.to contain_openstacklib__wsgi__apache('keystone_wsgi_main').with(
:servername => 'dummy1.host',
)}
it { is_expected.to contain_apache__vhost('keystone_wsgi_main').with(
'servername' => 'dummy1.host',
it { is_expected.to contain_openstacklib__wsgi__apache('keystone_wsgi_admin').with(
:servername => 'dummy2.host',
)}
end
@ -226,34 +244,23 @@ describe 'keystone::wsgi::apache' do
describe 'when wsgi_daemon_process_options are overridden' do
let :params do
{
:custom_wsgi_process_options_admin => {
user => 'keystone-admin',
python_path => '/my/python/admin/path',
},
:custom_wsgi_process_options_main => {
user => 'keystone-main',
python_path => '/my/python/main/path',
},
:custom_wsgi_process_options_admin => {
python_path => '/my/python/admin/path',
},
}
end
it { is_expected.to contain_apache__vhost('keystone_wsgi_admin').with(
'wsgi_daemon_process_options' => {
'user' => 'keystone-admin',
'group' => 'keystone',
'python-path' => '/my/python/admin/path',
'display-name' => 'keystone_main',
},
it { is_expected.to contain_openstacklib__wsgi__apache('keystone_wsgi_main').with(
:custom_wsgi_process_options => { 'python-path' => '/my/python/main/path' },
)}
it { is_expected.to contain_apache__vhost('keystone_wsgi_main').with(
'wsgi_daemon_process_options' => {
'user' => 'keystone-main',
'group' => 'keystone',
'python-path' => '/my/python/main/path',
'display-name' => 'keystone-main',
},
it { is_expected.to contain_openstacklib__wsgi__apache('keystone_wsgi_admin').with(
:custom_wsgi_process_options => { 'python-path' => '/my/python/admin/path' },
)}
end
describe 'when overriding parameters using same port' do
@ -269,32 +276,35 @@ describe 'keystone::wsgi::apache' do
}
end
it { is_expected.to_not contain_apache__vhost('keystone_wsgi_admin') }
it { is_expected.to_not contain_openstacklib__wsgi__apache('keystone_wsgi_admin') }
it { is_expected.to contain_apache__vhost('keystone_wsgi_main').with(
'servername' => 'dummy.host',
'ip' => nil,
'port' => '4242',
'docroot' => "#{platform_parameters[:wsgi_script_path]}",
'docroot_owner' => 'keystone',
'docroot_group' => 'keystone',
'ssl' => 'true',
'wsgi_daemon_process' => 'keystone_main',
'wsgi_daemon_process_options' => {
'user' => 'keystone',
'group' => 'keystone',
'processes' => '37',
'threads' => '1',
'display-name' => 'keystone-main',
},
'wsgi_process_group' => 'keystone_main',
'wsgi_script_aliases' => {
'/main/endpoint' => "#{platform_parameters[:wsgi_script_path]}/keystone-public",
'/admin/endpoint' => "#{platform_parameters[:wsgi_script_path]}/keystone-admin"
},
'wsgi_application_group' => '%{GLOBAL}',
'wsgi_pass_authorization' => 'On',
'require' => 'File[keystone_wsgi_main]'
it { is_expected.to contain_openstacklib__wsgi__apache('keystone_wsgi_main').with(
:servername => 'dummy.host',
:bind_port => 4242,
:user => 'keystone',
:group => 'keystone',
:workers => 37,
:threads => 1,
:priority => '10',
:ssl => true,
:wsgi_daemon_process => 'keystone_main',
:wsgi_process_display_name => 'keystone-main',
:wsgi_process_group => 'keystone_main',
:wsgi_application_group => '%{GLOBAL}',
:wsgi_script_dir => platform_params[:wsgi_script_path],
:wsgi_script_file => 'keystone-public',
:wsgi_pass_authorization => 'On',
:headers => nil,
:custom_wsgi_process_options => {},
:custom_wsgi_script_aliases => { '/admin/endpoint' => "#{platform_parameters[:wsgi_script_path]}/keystone-admin" },
:access_log_file => false,
:access_log_pipe => false,
:access_log_syslog => false,
:access_log_format => false,
:error_log_file => nil,
:error_log_pipe => nil,
:error_log_syslog => nil,
:require => 'File[keystone_wsgi_main]'
)}
end
@ -311,7 +321,7 @@ describe 'keystone::wsgi::apache' do
}
end
it_raises 'a Puppet::Error', /When using the same port for public & private endpoints, public_path and admin_path should be different\./
it_raises 'a Puppet::Error', /When using the same port for public and admin endpoints, public_path and admin_path should be different\./
end
describe 'when overriding default apache logging' do
@ -322,11 +332,11 @@ describe 'keystone::wsgi::apache' do
:access_log_syslog => 'syslog:local0',
}
end
it { is_expected.to contain_apache__vhost('keystone_wsgi_main').with(
'servername' => 'dummy.host',
'access_log_format' => 'foo',
'access_log_syslog' => 'syslog:local0',
)}
it { is_expected.to contain_openstacklib__wsgi__apache('keystone_wsgi_main').with(
:servername => 'dummy.host',
:access_log_format => 'foo',
:access_log_syslog => 'syslog:local0',
)}
end
describe 'when overriding parameters using symlink and custom file source' do
@ -338,23 +348,23 @@ describe 'keystone::wsgi::apache' do
end
it { is_expected.to contain_file('keystone_wsgi_admin').with(
'ensure' => 'link',
'path' => "#{platform_parameters[:wsgi_script_path]}/keystone-admin",
'target' => '/opt/keystone/httpd/keystone.py',
'owner' => 'keystone',
'group' => 'keystone',
'mode' => '0644',
'require' => "File[#{platform_parameters[:wsgi_script_path]}]",
:ensure => 'link',
:path => "#{platform_params[:wsgi_script_path]}/keystone-admin",
:target => '/opt/keystone/httpd/keystone.py',
:owner => 'keystone',
:group => 'keystone',
:mode => '0644',
:require => "File[#{platform_params[:wsgi_script_path]}]",
)}
it { is_expected.to contain_file('keystone_wsgi_main').with(
'ensure' => 'link',
'path' => "#{platform_parameters[:wsgi_script_path]}/keystone-public",
'target' => '/opt/keystone/httpd/keystone.py',
'owner' => 'keystone',
'group' => 'keystone',
'mode' => '0644',
'require' => "File[#{platform_parameters[:wsgi_script_path]}]",
:ensure => 'link',
:path => "#{platform_params[:wsgi_script_path]}/keystone-public",
:target => '/opt/keystone/httpd/keystone.py',
:owner => 'keystone',
:group => 'keystone',
:mode => '0644',
:require => "File[#{platform_params[:wsgi_script_path]}]",
)}
end
@ -365,13 +375,13 @@ describe 'keystone::wsgi::apache' do
:ssl_key => 'some key',
}
end
it { is_expected.to contain_apache__vhost('keystone_wsgi_main').with(
'ssl_cert' => 'some cert',
'ssl_key' => 'some key',
it { is_expected.to contain_openstacklib__wsgi__apache('keystone_wsgi_main').with(
:ssl_cert => 'some cert',
:ssl_key => 'some key',
)}
it { is_expected.to contain_apache__vhost('keystone_wsgi_admin').with(
'ssl_cert' => 'some cert',
'ssl_key' => 'some key',
it { is_expected.to contain_openstacklib__wsgi__apache('keystone_wsgi_admin').with(
:ssl_cert => 'some cert',
:ssl_key => 'some key',
)}
end
@ -384,13 +394,13 @@ describe 'keystone::wsgi::apache' do
:ssl_key_admin => 'some key admin',
}
end
it { is_expected.to contain_apache__vhost('keystone_wsgi_main').with(
'ssl_cert' => 'some cert',
'ssl_key' => 'some key',
it { is_expected.to contain_openstacklib__wsgi__apache('keystone_wsgi_main').with(
:ssl_cert => 'some cert',
:ssl_key => 'some key',
)}
it { is_expected.to contain_apache__vhost('keystone_wsgi_admin').with(
'ssl_cert' => 'some cert admin',
'ssl_key' => 'some key admin',
it { is_expected.to contain_openstacklib__wsgi__apache('keystone_wsgi_admin').with(
:ssl_cert => 'some cert admin',
:ssl_key => 'some key admin',
)}
end
@ -401,27 +411,29 @@ describe 'keystone::wsgi::apache' do
}
end
it { is_expected.to contain_apache__vhost('keystone_wsgi_admin').with(
'wsgi_chunked_request' => 'On'
it { is_expected.to contain_openstacklib__wsgi__apache('keystone_wsgi_main').with(
:wsgi_chunked_request => 'On'
)}
it { is_expected.to contain_apache__vhost('keystone_wsgi_main').with(
'wsgi_chunked_request' => 'On'
it { is_expected.to contain_openstacklib__wsgi__apache('keystone_wsgi_admin').with(
:wsgi_chunked_request => 'On'
)}
end
describe 'when overriding parameters using additional headers' do
describe 'when overriding parameters using additional headers' do
let :params do
{
:headers => 'set X-Frame-Options "DENY"'
}
end
it { is_expected.to contain_apache__vhost('keystone_wsgi_admin').with(
'headers' => 'set X-Frame-Options "DENY"'
it { is_expected.to contain_openstacklib__wsgi__apache('keystone_wsgi_main').with(
:headers => 'set X-Frame-Options "DENY"'
)}
it { is_expected.to contain_apache__vhost('keystone_wsgi_main').with(
'headers' => 'set X-Frame-Options "DENY"'
it { is_expected.to contain_openstacklib__wsgi__apache('keystone_wsgi_admin').with(
:headers => 'set X-Frame-Options "DENY"'
)}
end
describe 'when overriding script paths with link' do
@ -434,13 +446,13 @@ describe 'keystone::wsgi::apache' do
end
it 'should contain correct files' do
is_expected.to contain_file('keystone_wsgi_admin').with(
'path' => "#{facts[:wsgi_script_path]}/keystone-admin",
'target' => params[:wsgi_admin_script_source]
)
is_expected.to contain_file('keystone_wsgi_main').with(
'path' => "#{facts[:wsgi_script_path]}/keystone-public",
'target' => params[:wsgi_public_script_source]
:path => "#{facts[:wsgi_script_path]}/keystone-public",
:target => params[:wsgi_public_script_source]
)
is_expected.to contain_file('keystone_wsgi_admin').with(
:path => "#{facts[:wsgi_script_path]}/keystone-admin",
:target => params[:wsgi_admin_script_source]
)
end
end
@ -454,13 +466,13 @@ describe 'keystone::wsgi::apache' do
end
it 'should contain correct files' do
is_expected.to contain_file('keystone_wsgi_admin').with(
'path' => "#{facts[:wsgi_script_path]}/keystone-admin",
'source' => params[:wsgi_admin_script_source]
)
is_expected.to contain_file('keystone_wsgi_main').with(
'path' => "#{facts[:wsgi_script_path]}/keystone-public",
'source' => params[:wsgi_public_script_source]
:path => "#{facts[:wsgi_script_path]}/keystone-public",
:source => params[:wsgi_public_script_source]
)
is_expected.to contain_file('keystone_wsgi_admin').with(
:path => "#{facts[:wsgi_script_path]}/keystone-admin",
:source => params[:wsgi_admin_script_source]
)
end
end
@ -472,7 +484,7 @@ describe 'keystone::wsgi::apache' do
facts.merge!(OSDefaults.get_facts({}))
end
let(:platform_parameters) do
let(:platform_params) do
case facts[:osfamily]
when 'Debian'
{