From 15c06a78aee924da9fb622955506e0302d25ddda Mon Sep 17 00:00:00 2001 From: Tobias Urdin Date: Wed, 4 Apr 2018 20:12:58 +0200 Subject: [PATCH] Use openstacklib::wsgi::apache for keystone wsgi This patch changes the usage of the of apache::vhost to openstacklib::wsgi::apache. Also removes the wsgi_script_source param that was deprecated in Mitaka. Fixes and cleans up spec testing, cleans up documentation in the manifest to conform with the overall standard. Depends-On: I31096140a6f355ec99496053fb06ce6c73094180 Change-Id: Ic11a0aea68a04d370453a7e81218642e0e150a9f Closes-Bug: 1657582 --- manifests/wsgi/apache.pp | 454 +++++++---------- ...ne-openstacklib-wsgi-0d565551ab88906c.yaml | 8 + spec/classes/keystone_wsgi_apache_spec.rb | 474 +++++++++--------- 3 files changed, 442 insertions(+), 494 deletions(-) create mode 100644 releasenotes/notes/keystone-openstacklib-wsgi-0d565551ab88906c.yaml diff --git a/manifests/wsgi/apache.pp b/manifests/wsgi/apache.pp index 7adfe80f1..8f62bcb22 100644 --- a/manifests/wsgi/apache.pp +++ b/manifests/wsgi/apache.pp @@ -1,212 +1,182 @@ # -# Class to serve keystone with apache mod_wsgi in place of keystone service +# Copyright 2013 eNovance # -# Serving keystone from apache is the recommended way to go for production -# systems as the current keystone implementation is not multi-processor aware, -# thus limiting the performance for concurrent accesses. +# Author: Francois Charlier # -# See the following URIs for reference: -# https://etherpad.openstack.org/havana-keystone-performance -# http://adam.younglogic.com/2012/03/keystone-should-move-to-apache-httpd/ +# == Class: keystone::wsgi::apache # +# Serve keystone with apache mod_wsgi in place of keystone service # When using this class you should disable your keystone service. # # == Parameters # -# [*servername*] -# The servername for the virtualhost. -# Optional. Defaults to $::fqdn +# [*servername*] +# (Optional) The servername for the virtualhost. +# Defaults to $::fqdn # -# [*servername_admin*] -# The servername for the admin virtualhost. -# Optional. Defaults to $servername +# [*servername_admin*] +# (Optional) The servername for the admin virtualhost. +# Defaults to $servername # -# [*public_port*] -# The public port. -# Optional. Defaults to 5000 +# [*public_port*] +# (Optional) The public port. +# Defaults to 5000 # -# [*admin_port*] -# The admin port. -# Optional. Defaults to 35357 +# [*admin_port*] +# (Optional) The admin port. +# Defaults to 35357 # -# [*bind_host*] -# The host/ip address Apache will listen on. -# Optional. Defaults to undef (listen on all ip addresses). +# [*bind_host*] +# (Optional) The host/ip address Apache will listen on. +# Defaults to undef (listen on all ip addresses) # -# [*admin_bind_host*] -# The host/ip address Apache will listen on for admin API connections. -# Optional. Defaults to undef or bind_host if only that setting is used. +# [*admin_bind_host*] +# (Optional) The host/ip address Apache will listen on for admin API connections. +# Defaults to undef or bind_host if only that setting is used # -# [*public_path*] -# The prefix for the public endpoint. -# Optional. Defaults to '/' +# [*public_path*] +# (Optional) The prefix for the public endpoint. +# Defaults to '/' # -# [*admin_path*] -# The prefix for the admin endpoint. -# Optional. Defaults to '/' +# [*admin_path*] +# (Optional) The prefix for the admin endpoint. +# Defaults to '/' # -# [*ssl*] -# Use ssl ? (boolean) -# Optional. Defaults to true +# [*ssl*] +# (Optional) Use SSL. +# Defaults to true # -# [*workers*] -# Number of WSGI workers to spawn. -# Optional. Defaults to $::os_workers +# [*workers*] +# (Optional) Number of WSGI workers to spawn. +# Defaults to $::os_workers # -# [*ssl_cert*] -# (optional) Path to SSL certificate -# Default to apache::vhost 'ssl_*' defaults. +# [*ssl_cert*] +# (Optional) Path to SSL certificate +# Default to apache::vhost 'ssl_*' defaults # -# [*ssl_key*] -# (optional) Path to SSL key -# Default to apache::vhost 'ssl_*' defaults. +# [*ssl_key*] +# (Optional) Path to SSL key +# Default to apache::vhost 'ssl_*' defaults # -# [*ssl_cert_admin*] -# (optional) Path to SSL certificate for the admin endpoint. -# Default to apache::vhost 'ssl_*' defaults. +# [*ssl_cert_admin*] +# (Optional) Path to SSL certificate for the admin endpoint. +# Default to apache::vhost 'ssl_*' defaults # -# [*ssl_key_admin*] -# (optional) Path to SSL key for the admin endpoint. -# Default to apache::vhost 'ssl_*' defaults. +# [*ssl_key_admin*] +# (Optional) Path to SSL key for the admin endpoint. +# Default to apache::vhost 'ssl_*' defaults # -# [*ssl_chain*] -# (optional) SSL chain -# Default to apache::vhost 'ssl_*' defaults. +# [*ssl_chain*] +# (Optional) SSL chain. +# Default to apache::vhost 'ssl_*' defaults # -# [*ssl_ca*] -# (optional) Path to SSL certificate authority -# Default to apache::vhost 'ssl_*' defaults. +# [*ssl_ca*] +# (Optional) Path to SSL certificate authority. +# Default to apache::vhost 'ssl_*' defaults # -# [*ssl_crl_path*] -# (optional) Path to SSL certificate revocation list -# Default to apache::vhost 'ssl_*' defaults. +# [*ssl_crl_path*] +# (Optional) Path to SSL certificate revocation list. +# Default to apache::vhost 'ssl_*' defaults # -# [*ssl_crl*] -# (optional) SSL certificate revocation list name -# Default to apache::vhost 'ssl_*' defaults. +# [*ssl_crl*] +# (Optional) SSL certificate revocation list name. +# Default to apache::vhost 'ssl_*' defaults # -# [*ssl_certs_dir*] -# apache::vhost ssl parameters. -# Optional. Default to apache::vhost 'ssl_*' defaults. +# [*ssl_certs_dir*] +# (Optional) apache::vhost ssl parameters. +# Default to apache::vhost 'ssl_*' defaults # -# [*priority*] -# (optional) The priority for the vhost. -# Defaults to '10' +# [*priority*] +# (Optional) The priority for the vhost. +# Defaults to '10' # -# [*threads*] -# (optional) The number of threads for the vhost. -# Defaults to 1 +# [*threads*] +# (Optional) The number of threads for the vhost. +# Defaults to 1 # -# [*wsgi_application_group*] -# (optional) The application group of the WSGI script. -# Defaults to '%{GLOBAL}' +# [*wsgi_application_group*] +# (Optional) The application group of the WSGI script. +# Defaults to '%{GLOBAL}' # -# [*wsgi_pass_authorization*] -# (optional) Whether HTTP authorisation headers are passed through to a WSGI -# script when the equivalent HTTP request headers are present. -# Defaults to 'On' +# [*wsgi_pass_authorization*] +# (Optional) Whether HTTP authorisation headers are passed through to a WSGI +# script when the equivalent HTTP request headers are present. +# Defaults to 'On' # -# [*wsgi_script_ensure*] -# (optional) File ensure parameter for wsgi scripts. -# Defaults to undef. +# [*wsgi_admin_script_source*] +# (Optional) Wsgi script source for the admin endpoint. If set to undef +# $::keystone::params::keystone_wsgi_admin_script_path is used. This source +# is copied to the apache cgi-bin path as keystone-admin. +# Defaults to undef # -# [*wsgi_admin_script_source*] -# (optional) Wsgi script source for the admin endpoint. If set to undef -# $::keystone::params::keystone_wsgi_admin_script_path is used. This source -# is copied to the apache cgi-bin path as keystone-admin. -# Defaults to undef. +# [*wsgi_public_script_source*] +# (Optional) Wsgi script source for the public endpoint. If set to undef +# $::keystone::params::keystone_wsgi_public_script_path is used. This source +# is copied to the apache cgi-bin path as keystone-main. +# Defaults to undef # -# [*wsgi_public_script_source*] -# (optional) Wsgi script source for the public endpoint. If set to undef -# $::keystone::params::keystone_wsgi_public_script_path is used. This source -# is copied to the apache cgi-bin path as keystone-admin. -# Defaults to undef. +# [*custom_wsgi_process_options_main*] +# (Optional) gives you the oportunity to add custom process options or to +# overwrite the default options for the WSGI main process. +# For example to use a virtual python environment for the WSGI process +# you could set it to: +# { python-path => '/my/python/virtualenv' } +# Defaults to {} # -# [*custom_wsgi_process_options_main*] -# (optional) gives you the oportunity to add custom process options or to -# overwrite the default options for the WSGI main process. -# eg. to use a virtual python environment for the WSGI process -# you could set it to: -# { python-path => '/my/python/virtualenv' } -# Defaults to {} +# [*custom_wsgi_process_options_admin*] +# (Optional) gives you the oportunity to add custom process options or to +# overwrite the default options for the WSGI admin process. +# eg. to use a virtual python environment for the WSGI process +# you could set it to: +# { python-path => '/my/python/virtualenv' } +# Defaults to {} # -# [*custom_wsgi_process_options_admin*] -# (optional) gives you the oportunity to add custom process options or to -# overwrite the default options for the WSGI admin process. -# eg. to use a virtual python environment for the WSGI process -# you could set it to: -# { python-path => '/my/python/virtualenv' } -# Defaults to {} +# [*access_log_file*] +# (Optional) The log file name for the virtualhost. +# Defaults to false # -# [*access_log_file*] -# The log file name for the virtualhost. -# Optional. Defaults to false. +# [*access_log_pipe*] +# (Optional) Specifies a pipe where Apache sends access logs for the virtualhost. +# Defaults to false # -# [*access_log_pipe*] -# Specifies a pipe where Apache sends access logs for the virtualhost. -# Optional. Defaults to false. +# [*access_log_syslog*] +# (Optional) Sends the virtualhost access log messages to syslog. +# Defaults to false # -# [*access_log_syslog*] -# Sends the virtualhost access log messages to syslog. -# Optional. Defaults to false. +# [*access_log_format*] +# (Optional) The log format for the virtualhost. +# Defaults to false # -# [*access_log_format*] -# The log format for the virtualhost. -# Optional. Defaults to false. +# [*error_log_file*] +# (Optional) The error log file name for the virtualhost. +# Defaults to undef # -# [*error_log_file*] -# The error log file name for the virtualhost. -# Optional. Defaults to undef. +# [*error_log_pipe*] +# (Optional) Specifies a pipe where Apache sends error logs for the virtualhost. +# Defaults to undef # -# [*error_log_pipe*] -# Specifies a pipe where Apache sends error logs for the virtualhost. -# Optional. Defaults to undef. +# [*error_log_syslog*] +# (Optional) Sends the virtualhost error log messages to syslog. +# Defaults to undef # -# [*error_log_syslog*] -# Sends the virtualhost error log messages to syslog. -# Optional. Defaults to undef. +# [*headers*] +# (Optional) Headers for the vhost. +# Defaults to undef # -# [*headers*] -# (optional) Headers for the vhost. -# Defaults to undef. +# [*vhost_custom_fragment*] +# (Optional) Passes a string of custom configuration +# directives to be placed at the end of the vhost configuration. +# Defaults to undef # -# [*vhost_custom_fragment*] -# (optional) Passes a string of custom configuration -# directives to be placed at the end of the vhost configuration. -# Defaults to undef. +# [*wsgi_chunked_request*] +# (Optional) apache::vhost wsgi_chunked_request parameter. +# Defaults to undef # -# [*wsgi_chunked_request*] -# (optional) apache::vhost wsgi_chunked_request parameter. -# Defaults to undef +# DEPRECATED PARAMETERS # -# DEPRECATED OPTIONS -# -# [*wsgi_script_source*] -# (optional) Wsgi script source. -# Defaults to undef. -# -# == Dependencies -# -# requires Class['apache'] & Class['keystone'] -# -# == Examples -# -# include apache -# -# class { 'keystone::wsgi::apache': } -# -# == Note about ports & paths -# -# When using same port for both endpoints (443 anyone ?), you *MUST* use two -# different public_path & admin_path ! -# -# == Authors -# -# Francois Charlier -# -# == Copyright -# -# Copyright 2013 eNovance +# [*wsgi_script_ensure*] +# (Optional) File ensure parameter for wsgi scripts. +# Defaults to undef # class keystone::wsgi::apache ( $servername = $::fqdn, @@ -235,7 +205,6 @@ class keystone::wsgi::apache ( $wsgi_chunked_request = undef, $wsgi_admin_script_source = $::keystone::params::keystone_wsgi_admin_script_path, $wsgi_public_script_source = $::keystone::params::keystone_wsgi_public_script_path, - $wsgi_script_ensure = undef, $access_log_file = false, $access_log_pipe = false, $access_log_syslog = false, @@ -247,21 +216,17 @@ class keystone::wsgi::apache ( $vhost_custom_fragment = undef, $custom_wsgi_process_options_main = {}, $custom_wsgi_process_options_admin = {}, - #DEPRECATED - $wsgi_script_source = undef, + ## DEPRECATED PARAMETERS + $wsgi_script_ensure = undef, ) inherits ::keystone::params { include ::keystone::deps - include ::apache - include ::apache::mod::wsgi $servername_admin_real = pick_default($servername_admin, $servername) if $ssl { - include ::apache::mod::ssl # Attempt to use the admin cert/key, else default to the public one. - # Since it's possible that no cert/key were given, we allow this to be - # empty with pick_default + # Since it's possible that no cert/key were given, we allow this to be empty with pick_default $ssl_cert_admin_real = pick_default($ssl_cert_admin, $ssl_cert) $ssl_key_admin_real = pick_default($ssl_key_admin, $ssl_key) } else { @@ -289,15 +254,12 @@ class keystone::wsgi::apache ( Anchor['keystone::config::end'] ~> Service['httpd'] - ## Sanitize parameters - # Ensure there's no trailing '/' except if this is also the only character $public_path_real = regsubst($public_path, '(^/.*)/$', '\1') - # Ensure there's no trailing '/' except if this is also the only character $admin_path_real = regsubst($admin_path, '(^/.*)/$', '\1') if $public_port == $admin_port and $public_path_real == $admin_path_real { - fail('When using the same port for public & private endpoints, public_path and admin_path should be different.') + fail('When using the same port for public and admin endpoints, public_path and admin_path should be different.') } file { $::keystone::params::keystone_wsgi_script_path: @@ -308,74 +270,32 @@ class keystone::wsgi::apache ( require => Anchor['keystone::install::end'], } - - $wsgi_file_target = $wsgi_script_ensure ? { - 'link' => 'target', - default => 'source' + # TODO(tobasco): Delete this when wsgi_script_ensure is removed. + if $wsgi_script_ensure { + warning('wsgi_script_ensure has NO effect and is deprecated for removal') } - $wsgi_file_defaults = { - 'ensure' => $wsgi_script_ensure, - 'owner' => 'keystone', - 'group' => 'keystone', - 'mode' => '0644', - 'require' => File[$::keystone::params::keystone_wsgi_script_path], - } - - if $wsgi_script_source { - - warning("The single wsgi script source has been deprecated as part of the Mitaka cycle, please switch to \ -\$wsgi_admin_script_source and \$wsgi_public_script_source") - - $wsgi_admin_source = $wsgi_script_source - $wsgi_public_source = $wsgi_script_source - } else { - $wsgi_admin_source = $wsgi_admin_script_source - $wsgi_public_source = $wsgi_public_script_source - } - - $wsgi_files = { - 'keystone_wsgi_admin' => { - 'path' => "${::keystone::params::keystone_wsgi_script_path}/keystone-admin", - "${wsgi_file_target}" => $wsgi_admin_source, - }, - 'keystone_wsgi_main' => { - 'path' => "${::keystone::params::keystone_wsgi_script_path}/keystone-public", - "${wsgi_file_target}" => $wsgi_public_source, - }, - } - - create_resources('file', $wsgi_files, $wsgi_file_defaults) - - $wsgi_daemon_process_options_main = merge( - { - user => 'keystone', - group => 'keystone', - processes => $workers, - threads => $threads, - display-name => 'keystone-main', - }, - $custom_wsgi_process_options_main - ) - - $wsgi_daemon_process_options_admin = merge( - { - user => 'keystone', - group => 'keystone', - processes => $workers, - threads => $threads, - display-name => 'keystone-admin', - }, - $custom_wsgi_process_options_admin - ) - - $wsgi_script_aliases_main = hash([$public_path_real,"${::keystone::params::keystone_wsgi_script_path}/keystone-public"]) - $wsgi_script_aliases_admin = hash([$admin_path_real, "${::keystone::params::keystone_wsgi_script_path}/keystone-admin"]) - if $public_port == $admin_port { - $wsgi_script_aliases_main_real = merge($wsgi_script_aliases_main, $wsgi_script_aliases_admin) + $custom_wsgi_script_aliases = { $admin_path_real => "${::keystone::params::keystone_wsgi_script_path}/keystone-admin" } + + # NOTE(tobasco): Create this here since openstacklib::wsgi::apache only handles + # the keystone-public file if running public and admin on the same port. + file { 'keystone_wsgi_admin': + ensure => present, + path => "${::keystone::params::keystone_wsgi_script_path}/keystone-admin", + owner => 'keystone', + group => 'keystone', + mode => '0644', + source => $wsgi_admin_script_source, + require => File[$::keystone::params::keystone_wsgi_script_path], + } + + $apache_require = [ + File['keystone_wsgi_admin'], + ] } else { - $wsgi_script_aliases_main_real = $wsgi_script_aliases_main + $custom_wsgi_script_aliases = undef + $apache_require = [] } if $admin_bind_host { @@ -385,14 +305,15 @@ class keystone::wsgi::apache ( $real_admin_bind_host = $bind_host } - ::apache::vhost { 'keystone_wsgi_main': - ensure => 'present', + ::openstacklib::wsgi::apache { 'keystone_wsgi_main': servername => $servername, - ip => $bind_host, - port => $public_port, - docroot => $::keystone::params::keystone_wsgi_script_path, - docroot_owner => 'keystone', - docroot_group => 'keystone', + bind_host => $bind_host, + bind_port => $public_port, + group => 'keystone', + path => $public_path_real, + workers => $workers, + threads => $threads, + user => 'keystone', priority => $priority, ssl => $ssl, ssl_cert => $ssl_cert, @@ -403,15 +324,18 @@ class keystone::wsgi::apache ( ssl_crl => $ssl_crl, ssl_certs_dir => $ssl_certs_dir, wsgi_daemon_process => 'keystone_main', - wsgi_daemon_process_options => $wsgi_daemon_process_options_main, + wsgi_process_display_name => 'keystone-main', wsgi_process_group => 'keystone_main', - wsgi_script_aliases => $wsgi_script_aliases_main_real, + wsgi_script_dir => $::keystone::params::keystone_wsgi_script_path, + wsgi_script_file => 'keystone-public', + wsgi_script_source => $wsgi_public_script_source, wsgi_application_group => $wsgi_application_group, wsgi_pass_authorization => $wsgi_pass_authorization, - headers => $headers, - custom_fragment => $vhost_custom_fragment, wsgi_chunked_request => $wsgi_chunked_request, - require => File['keystone_wsgi_main'], + headers => $headers, + custom_wsgi_process_options => $custom_wsgi_process_options_main, + custom_wsgi_script_aliases => $custom_wsgi_script_aliases, + vhost_custom_fragment => $vhost_custom_fragment, access_log_file => $access_log_file, access_log_pipe => $access_log_pipe, access_log_syslog => $access_log_syslog, @@ -419,17 +343,19 @@ class keystone::wsgi::apache ( error_log_file => $error_log_file, error_log_pipe => $error_log_pipe, error_log_syslog => $error_log_syslog, + require => $apache_require, } if $public_port != $admin_port { - ::apache::vhost { 'keystone_wsgi_admin': - ensure => 'present', + ::openstacklib::wsgi::apache { 'keystone_wsgi_admin': servername => $servername_admin_real, - ip => $real_admin_bind_host, - port => $admin_port, - docroot => $::keystone::params::keystone_wsgi_script_path, - docroot_owner => 'keystone', - docroot_group => 'keystone', + bind_host => $real_admin_bind_host, + bind_port => $admin_port, + group => 'keystone', + path => $admin_path_real, + workers => $workers, + threads => $threads, + user => 'keystone', priority => $priority, ssl => $ssl, ssl_cert => $ssl_cert_admin_real, @@ -440,15 +366,17 @@ class keystone::wsgi::apache ( ssl_crl => $ssl_crl, ssl_certs_dir => $ssl_certs_dir, wsgi_daemon_process => 'keystone_admin', - wsgi_daemon_process_options => $wsgi_daemon_process_options_admin, + wsgi_process_display_name => 'keystone-admin', wsgi_process_group => 'keystone_admin', - wsgi_script_aliases => $wsgi_script_aliases_admin, + wsgi_script_dir => $::keystone::params::keystone_wsgi_script_path, + wsgi_script_file => 'keystone-admin', + wsgi_script_source => $wsgi_admin_script_source, wsgi_application_group => $wsgi_application_group, wsgi_pass_authorization => $wsgi_pass_authorization, - headers => $headers, - custom_fragment => $vhost_custom_fragment, + custom_wsgi_process_options => $custom_wsgi_process_options_admin, + vhost_custom_fragment => $vhost_custom_fragment, wsgi_chunked_request => $wsgi_chunked_request, - require => File['keystone_wsgi_admin'], + headers => $headers, access_log_file => $access_log_file, access_log_pipe => $access_log_pipe, access_log_syslog => $access_log_syslog, diff --git a/releasenotes/notes/keystone-openstacklib-wsgi-0d565551ab88906c.yaml b/releasenotes/notes/keystone-openstacklib-wsgi-0d565551ab88906c.yaml new file mode 100644 index 000000000..a16d9d4ad --- /dev/null +++ b/releasenotes/notes/keystone-openstacklib-wsgi-0d565551ab88906c.yaml @@ -0,0 +1,8 @@ +--- +upgrade: + - | + The deprecated parameter keystone::wsgi::apache::wsgi_script_source is now removed. + Please use the wsgi_public_script_source and wsgi_admin_script_source instead. +deprecations: + - | + The wsgi_script_ensure parameter now has NO affect and is deprecated for removal. diff --git a/spec/classes/keystone_wsgi_apache_spec.rb b/spec/classes/keystone_wsgi_apache_spec.rb index 381c6c23f..30bafdc36 100644 --- a/spec/classes/keystone_wsgi_apache_spec.rb +++ b/spec/classes/keystone_wsgi_apache_spec.rb @@ -17,103 +17,99 @@ describe 'keystone::wsgi::apache' do end shared_examples_for 'apache serving keystone with mod_wsgi' do - it { is_expected.to contain_service('httpd').with_name(platform_parameters[:httpd_service_name]) } + it { is_expected.to contain_service('httpd').with_name(platform_params[:httpd_service_name]) } it { is_expected.to contain_class('keystone::params') } it { is_expected.to contain_class('apache') } it { is_expected.to contain_class('apache::mod::wsgi') } + it { is_expected.to contain_class('apache::mod::ssl') } it { is_expected.to contain_class('keystone::db::sync') } describe 'with default parameters' do - it { is_expected.to contain_file("#{platform_parameters[:wsgi_script_path]}").with( - 'ensure' => 'directory', - 'owner' => 'keystone', - 'group' => 'keystone', - 'require' => 'Anchor[keystone::install::end]', + it { is_expected.to contain_file("#{platform_params[:wsgi_script_path]}").with( + :ensure => 'directory', + :owner => 'keystone', + :group => 'keystone', + :require => 'Anchor[keystone::install::end]', )} it { is_expected.to contain_file('keystone_wsgi_admin').with( - 'ensure' => 'file', - 'path' => "#{platform_parameters[:wsgi_script_path]}/keystone-admin", - 'source' => platform_parameters[:wsgi_admin_script_source], - 'owner' => 'keystone', - 'group' => 'keystone', - 'mode' => '0644', - 'require' => "File[#{platform_parameters[:wsgi_script_path]}]", + :ensure => 'file', + :path => "#{platform_params[:wsgi_script_path]}/keystone-admin", + :source => platform_params[:wsgi_admin_script_source], + :owner => 'keystone', + :group => 'keystone', + :mode => '0644', + :require => "File[#{platform_params[:wsgi_script_path]}]", )} it { is_expected.to contain_file('keystone_wsgi_main').with( - 'ensure' => 'file', - 'path' => "#{platform_parameters[:wsgi_script_path]}/keystone-public", - 'source' => platform_parameters[:wsgi_public_script_source], - 'owner' => 'keystone', - 'group' => 'keystone', - 'mode' => '0644', - 'require' => "File[#{platform_parameters[:wsgi_script_path]}]", + :ensure => 'file', + :path => "#{platform_params[:wsgi_script_path]}/keystone-public", + :source => platform_params[:wsgi_public_script_source], + :owner => 'keystone', + :group => 'keystone', + :mode => '0644', + :require => "File[#{platform_params[:wsgi_script_path]}]", )} - it { is_expected.to contain_apache__vhost('keystone_wsgi_admin').with( - 'servername' => 'some.host.tld', - 'ip' => nil, - 'port' => '35357', - 'docroot' => "#{platform_parameters[:wsgi_script_path]}", - 'docroot_owner' => 'keystone', - 'docroot_group' => 'keystone', - 'ssl' => 'true', - 'wsgi_daemon_process' => 'keystone_admin', - 'wsgi_daemon_process_options' => { - 'user' => 'keystone', - 'group' => 'keystone', - 'processes' => '42', - 'threads' => '1', - 'display-name' => 'keystone-admin', - }, - 'wsgi_process_group' => 'keystone_admin', - 'wsgi_script_aliases' => { '/' => "#{platform_parameters[:wsgi_script_path]}/keystone-admin" }, - 'wsgi_application_group' => '%{GLOBAL}', - 'wsgi_pass_authorization' => 'On', - 'headers' => nil, - 'require' => 'File[keystone_wsgi_admin]', - 'access_log_file' => false, - 'access_log_pipe' => false, - 'access_log_syslog' => false, - 'access_log_format' => false, - 'error_log_file' => nil, - 'error_log_pipe' => nil, - 'error_log_syslog' => nil, + it { is_expected.to contain_openstacklib__wsgi__apache('keystone_wsgi_main').with( + :servername => 'some.host.tld', + :bind_port => 35357, + :group => 'keystone', + :workers => facts[:os_workers], + :threads => 1, + :user => 'keystone', + :priority => '10', + :ssl => true, + :wsgi_daemon_process => 'keystone_main', + :wsgi_process_display_name => 'keystone-main', + :wsgi_process_group => 'keystone_main', + :wsgi_application_group => '%{GLOBAL}', + :wsgi_script_dir => platform_params[:wsgi_script_path], + :wsgi_script_file => 'keystone-public', + :wsgi_pass_authorization => 'On', + :headers => nil, + :custom_wsgi_process_options => {}, + :access_log_file => false, + :access_log_pipe => false, + :access_log_syslog => false, + :access_log_format => false, + :error_log_file => nil, + :error_log_pipe => nil, + :error_log_syslog => nil, + :require => 'File[keystone_wsgi_main]', )} - it { is_expected.to contain_apache__vhost('keystone_wsgi_main').with( - 'servername' => 'some.host.tld', - 'ip' => nil, - 'port' => '5000', - 'docroot' => "#{platform_parameters[:wsgi_script_path]}", - 'docroot_owner' => 'keystone', - 'docroot_group' => 'keystone', - 'ssl' => 'true', - 'wsgi_daemon_process' => 'keystone_main', - 'wsgi_daemon_process_options' => { - 'user' => 'keystone', - 'group' => 'keystone', - 'processes' => '42', - 'threads' => '1', - 'display-name' => 'keystone-main', - }, - 'wsgi_process_group' => 'keystone_main', - 'wsgi_script_aliases' => { '/' => "#{platform_parameters[:wsgi_script_path]}/main" }, - 'wsgi_application_group' => '%{GLOBAL}', - 'wsgi_pass_authorization' => 'On', - 'headers' => nil, - 'require' => 'File[keystone_wsgi_main]', - 'access_log_file' => false, - 'access_log_pipe' => false, - 'access_log_syslog' => false, - 'access_log_format' => false, - 'error_log_file' => nil, - 'error_log_pipe' => nil, - 'error_log_syslog' => nil, + it { is_expected.to contain_openstacklib__wsgi__apache('keystone_wsgi_admin').with( + :servername => 'some.host.tld', + :bind_port => 5000, + :group => 'keystone', + :workers => facts[:os_workers], + :threads => 1, + :user => 'keystone', + :priority => '10', + :ssl => true, + :wsgi_daemon_process => 'keystone_admin', + :wsgi_process_display_name => 'keystone-admin', + :wsgi_process_group => 'keystone_admin', + :wsgi_application_group => '%{GLOBAL}', + :wsgi_script_dir => platform_params[:wsgi_script_path], + :wsgi_script_file => 'keystone-admin', + :wsgi_pass_authorization => 'On', + :headers => nil, + :custom_wsgi_process_options => {}, + :access_log_file => false, + :access_log_pipe => false, + :access_log_syslog => false, + :access_log_format => false, + :error_log_file => nil, + :error_log_pipe => nil, + :error_log_syslog => nil, + :require => 'File[keystone_wsgi_admin]', )} - it { is_expected.to contain_concat("#{platform_parameters[:httpd_ports_file]}") } + + it { is_expected.to contain_concat("#{platform_params[:httpd_ports_file]}") } end describe 'when overriding parameters using different ports' do @@ -130,55 +126,67 @@ describe 'keystone::wsgi::apache' do } end - it { is_expected.to contain_apache__vhost('keystone_wsgi_admin').with( - 'servername' => 'dummy.host', - 'ip' => '10.42.51.2', - 'port' => '4142', - 'docroot' => "#{platform_parameters[:wsgi_script_path]}", - 'docroot_owner' => 'keystone', - 'docroot_group' => 'keystone', - 'ssl' => 'false', - 'wsgi_daemon_process' => 'keystone_admin', - 'wsgi_daemon_process_options' => { - 'user' => 'keystone', - 'group' => 'keystone', - 'processes' => '37', - 'threads' => '1', - 'display-name' => 'keystone-admin', - }, - 'wsgi_process_group' => 'keystone_admin', - 'wsgi_script_aliases' => { '/' => "#{platform_parameters[:wsgi_script_path]}/keystone-admin" }, - 'wsgi_application_group' => '%{GLOBAL}', - 'wsgi_pass_authorization' => 'On', - 'require' => 'File[keystone_wsgi_admin]', - 'custom_fragment' => 'LimitRequestFieldSize 81900' + it { is_expected.to contain_openstacklib__wsgi__apache('keystone_wsgi_main').with( + :servername => 'dummy.host', + :bind_host => '10.42.51.1', + :bind_port => 12345, + :user => 'keystone', + :group => 'keystone', + :workers => 37, + :threads => 1, + :priority => '10', + :ssl => false, + :wsgi_daemon_process => 'keystone_main', + :wsgi_process_display_name => 'keystone-main', + :wsgi_process_group => 'keystone_main', + :wsgi_application_group => '%{GLOBAL}', + :wsgi_script_dir => platform_params[:wsgi_script_path], + :wsgi_script_file => 'keystone-public', + :wsgi_pass_authorization => 'On', + :headers => nil, + :custom_wsgi_process_options => {}, + :vhost_custom_fragment => 'LimitRequestFieldSize 81900', + :access_log_file => false, + :access_log_pipe => false, + :access_log_syslog => false, + :access_log_format => false, + :error_log_file => nil, + :error_log_pipe => nil, + :error_log_syslog => nil, + :require => 'File[keystone_wsgi_main]', )} - it { is_expected.to contain_apache__vhost('keystone_wsgi_main').with( - 'servername' => 'dummy.host', - 'ip' => '10.42.51.1', - 'port' => '12345', - 'docroot' => "#{platform_parameters[:wsgi_script_path]}", - 'docroot_owner' => 'keystone', - 'docroot_group' => 'keystone', - 'ssl' => 'false', - 'wsgi_daemon_process' => 'keystone_main', - 'wsgi_daemon_process_options' => { - 'user' => 'keystone', - 'group' => 'keystone', - 'processes' => '37', - 'threads' => '1', - 'display-name' => 'keystone-main', - }, - 'wsgi_process_group' => 'keystone_main', - 'wsgi_script_aliases' => { '/' => "#{platform_parameters[:wsgi_script_path]}/main" }, - 'wsgi_application_group' => '%{GLOBAL}', - 'wsgi_pass_authorization' => 'On', - 'require' => 'File[keystone_wsgi_main]', - 'custom_fragment' => 'LimitRequestFieldSize 81900' + it { is_expected.to contain_openstacklib__wsgi__apache('keystone_wsgi_admin').with( + :servername => 'dummy.host', + :bind_host => '10.42.51.1', + :bind_port => 4142, + :group => 'keystone', + :workers => 37, + :threads => 1, + :user => 'keystone', + :priority => '10', + :ssl => false, + :wsgi_daemon_process => 'keystone_admin', + :wsgi_process_display_name => 'keystone-admin', + :wsgi_process_group => 'keystone_admin', + :wsgi_application_group => '%{GLOBAL}', + :wsgi_script_dir => platform_params[:wsgi_script_path], + :wsgi_script_file => 'keystone-admin', + :wsgi_pass_authorization => 'On', + :headers => nil, + :custom_wsgi_process_options => {}, + :vhost_custom_fragment => 'LimitRequestFieldSize 81900', + :access_log_file => false, + :access_log_pipe => false, + :access_log_syslog => false, + :access_log_format => false, + :error_log_file => nil, + :error_log_pipe => nil, + :error_log_syslog => nil, + :require => 'File[keystone_wsgi_admin]', )} - it { is_expected.to contain_concat("#{platform_parameters[:httpd_ports_file]}") } + it { is_expected.to contain_concat("#{platform_params[:httpd_ports_file]}") } end describe 'when admin_bind_host is not set default to bind_host' do @@ -194,15 +202,25 @@ describe 'keystone::wsgi::apache' do } end - it { is_expected.to contain_apache__vhost('keystone_wsgi_admin').with( - 'ip' => '10.42.51.1' + it { is_expected.to contain_openstacklib__wsgi__apache('keystone_wsgi_main').with( + :servername => 'dummy.host', + :bind_host => '10.42.51.1', + :bind_port => 12345, + :ssl => false, + :workers => 37, + :vhost_custom_fragment => 'LimitRequestFieldSize 81900' )} - it { is_expected.to contain_apache__vhost('keystone_wsgi_main').with( - 'ip' => '10.42.51.1' + it { is_expected.to contain_openstacklib__wsgi__apache('keystone_wsgi_admin').with( + :servername => 'dummy.host', + :bind_host => '10.42.51.1', + :bind_port => 4142, + :ssl => false, + :workers => 37, + :vhost_custom_fragment => 'LimitRequestFieldSize 81900' )} - it { is_expected.to contain_concat("#{platform_parameters[:httpd_ports_file]}") } + it { is_expected.to contain_concat("#{platform_params[:httpd_ports_file]}") } end describe 'when servername_admin is overridden' do @@ -213,12 +231,12 @@ describe 'keystone::wsgi::apache' do } end - it { is_expected.to contain_apache__vhost('keystone_wsgi_admin').with( - 'servername' => 'dummy2.host', + it { is_expected.to contain_openstacklib__wsgi__apache('keystone_wsgi_main').with( + :servername => 'dummy1.host', )} - it { is_expected.to contain_apache__vhost('keystone_wsgi_main').with( - 'servername' => 'dummy1.host', + it { is_expected.to contain_openstacklib__wsgi__apache('keystone_wsgi_admin').with( + :servername => 'dummy2.host', )} end @@ -226,34 +244,23 @@ describe 'keystone::wsgi::apache' do describe 'when wsgi_daemon_process_options are overridden' do let :params do { - :custom_wsgi_process_options_admin => { - user => 'keystone-admin', - python_path => '/my/python/admin/path', - }, :custom_wsgi_process_options_main => { - user => 'keystone-main', python_path => '/my/python/main/path', }, + :custom_wsgi_process_options_admin => { + python_path => '/my/python/admin/path', + }, } end - it { is_expected.to contain_apache__vhost('keystone_wsgi_admin').with( - 'wsgi_daemon_process_options' => { - 'user' => 'keystone-admin', - 'group' => 'keystone', - 'python-path' => '/my/python/admin/path', - 'display-name' => 'keystone_main', - }, + it { is_expected.to contain_openstacklib__wsgi__apache('keystone_wsgi_main').with( + :custom_wsgi_process_options => { 'python-path' => '/my/python/main/path' }, )} - it { is_expected.to contain_apache__vhost('keystone_wsgi_main').with( - 'wsgi_daemon_process_options' => { - 'user' => 'keystone-main', - 'group' => 'keystone', - 'python-path' => '/my/python/main/path', - 'display-name' => 'keystone-main', - }, + it { is_expected.to contain_openstacklib__wsgi__apache('keystone_wsgi_admin').with( + :custom_wsgi_process_options => { 'python-path' => '/my/python/admin/path' }, )} + end describe 'when overriding parameters using same port' do @@ -269,32 +276,35 @@ describe 'keystone::wsgi::apache' do } end - it { is_expected.to_not contain_apache__vhost('keystone_wsgi_admin') } + it { is_expected.to_not contain_openstacklib__wsgi__apache('keystone_wsgi_admin') } - it { is_expected.to contain_apache__vhost('keystone_wsgi_main').with( - 'servername' => 'dummy.host', - 'ip' => nil, - 'port' => '4242', - 'docroot' => "#{platform_parameters[:wsgi_script_path]}", - 'docroot_owner' => 'keystone', - 'docroot_group' => 'keystone', - 'ssl' => 'true', - 'wsgi_daemon_process' => 'keystone_main', - 'wsgi_daemon_process_options' => { - 'user' => 'keystone', - 'group' => 'keystone', - 'processes' => '37', - 'threads' => '1', - 'display-name' => 'keystone-main', - }, - 'wsgi_process_group' => 'keystone_main', - 'wsgi_script_aliases' => { - '/main/endpoint' => "#{platform_parameters[:wsgi_script_path]}/keystone-public", - '/admin/endpoint' => "#{platform_parameters[:wsgi_script_path]}/keystone-admin" - }, - 'wsgi_application_group' => '%{GLOBAL}', - 'wsgi_pass_authorization' => 'On', - 'require' => 'File[keystone_wsgi_main]' + it { is_expected.to contain_openstacklib__wsgi__apache('keystone_wsgi_main').with( + :servername => 'dummy.host', + :bind_port => 4242, + :user => 'keystone', + :group => 'keystone', + :workers => 37, + :threads => 1, + :priority => '10', + :ssl => true, + :wsgi_daemon_process => 'keystone_main', + :wsgi_process_display_name => 'keystone-main', + :wsgi_process_group => 'keystone_main', + :wsgi_application_group => '%{GLOBAL}', + :wsgi_script_dir => platform_params[:wsgi_script_path], + :wsgi_script_file => 'keystone-public', + :wsgi_pass_authorization => 'On', + :headers => nil, + :custom_wsgi_process_options => {}, + :custom_wsgi_script_aliases => { '/admin/endpoint' => "#{platform_parameters[:wsgi_script_path]}/keystone-admin" }, + :access_log_file => false, + :access_log_pipe => false, + :access_log_syslog => false, + :access_log_format => false, + :error_log_file => nil, + :error_log_pipe => nil, + :error_log_syslog => nil, + :require => 'File[keystone_wsgi_main]' )} end @@ -311,7 +321,7 @@ describe 'keystone::wsgi::apache' do } end - it_raises 'a Puppet::Error', /When using the same port for public & private endpoints, public_path and admin_path should be different\./ + it_raises 'a Puppet::Error', /When using the same port for public and admin endpoints, public_path and admin_path should be different\./ end describe 'when overriding default apache logging' do @@ -322,11 +332,11 @@ describe 'keystone::wsgi::apache' do :access_log_syslog => 'syslog:local0', } end - it { is_expected.to contain_apache__vhost('keystone_wsgi_main').with( - 'servername' => 'dummy.host', - 'access_log_format' => 'foo', - 'access_log_syslog' => 'syslog:local0', - )} + it { is_expected.to contain_openstacklib__wsgi__apache('keystone_wsgi_main').with( + :servername => 'dummy.host', + :access_log_format => 'foo', + :access_log_syslog => 'syslog:local0', + )} end describe 'when overriding parameters using symlink and custom file source' do @@ -338,23 +348,23 @@ describe 'keystone::wsgi::apache' do end it { is_expected.to contain_file('keystone_wsgi_admin').with( - 'ensure' => 'link', - 'path' => "#{platform_parameters[:wsgi_script_path]}/keystone-admin", - 'target' => '/opt/keystone/httpd/keystone.py', - 'owner' => 'keystone', - 'group' => 'keystone', - 'mode' => '0644', - 'require' => "File[#{platform_parameters[:wsgi_script_path]}]", + :ensure => 'link', + :path => "#{platform_params[:wsgi_script_path]}/keystone-admin", + :target => '/opt/keystone/httpd/keystone.py', + :owner => 'keystone', + :group => 'keystone', + :mode => '0644', + :require => "File[#{platform_params[:wsgi_script_path]}]", )} it { is_expected.to contain_file('keystone_wsgi_main').with( - 'ensure' => 'link', - 'path' => "#{platform_parameters[:wsgi_script_path]}/keystone-public", - 'target' => '/opt/keystone/httpd/keystone.py', - 'owner' => 'keystone', - 'group' => 'keystone', - 'mode' => '0644', - 'require' => "File[#{platform_parameters[:wsgi_script_path]}]", + :ensure => 'link', + :path => "#{platform_params[:wsgi_script_path]}/keystone-public", + :target => '/opt/keystone/httpd/keystone.py', + :owner => 'keystone', + :group => 'keystone', + :mode => '0644', + :require => "File[#{platform_params[:wsgi_script_path]}]", )} end @@ -365,13 +375,13 @@ describe 'keystone::wsgi::apache' do :ssl_key => 'some key', } end - it { is_expected.to contain_apache__vhost('keystone_wsgi_main').with( - 'ssl_cert' => 'some cert', - 'ssl_key' => 'some key', + it { is_expected.to contain_openstacklib__wsgi__apache('keystone_wsgi_main').with( + :ssl_cert => 'some cert', + :ssl_key => 'some key', )} - it { is_expected.to contain_apache__vhost('keystone_wsgi_admin').with( - 'ssl_cert' => 'some cert', - 'ssl_key' => 'some key', + it { is_expected.to contain_openstacklib__wsgi__apache('keystone_wsgi_admin').with( + :ssl_cert => 'some cert', + :ssl_key => 'some key', )} end @@ -384,13 +394,13 @@ describe 'keystone::wsgi::apache' do :ssl_key_admin => 'some key admin', } end - it { is_expected.to contain_apache__vhost('keystone_wsgi_main').with( - 'ssl_cert' => 'some cert', - 'ssl_key' => 'some key', + it { is_expected.to contain_openstacklib__wsgi__apache('keystone_wsgi_main').with( + :ssl_cert => 'some cert', + :ssl_key => 'some key', )} - it { is_expected.to contain_apache__vhost('keystone_wsgi_admin').with( - 'ssl_cert' => 'some cert admin', - 'ssl_key' => 'some key admin', + it { is_expected.to contain_openstacklib__wsgi__apache('keystone_wsgi_admin').with( + :ssl_cert => 'some cert admin', + :ssl_key => 'some key admin', )} end @@ -401,27 +411,29 @@ describe 'keystone::wsgi::apache' do } end - it { is_expected.to contain_apache__vhost('keystone_wsgi_admin').with( - 'wsgi_chunked_request' => 'On' + it { is_expected.to contain_openstacklib__wsgi__apache('keystone_wsgi_main').with( + :wsgi_chunked_request => 'On' )} - it { is_expected.to contain_apache__vhost('keystone_wsgi_main').with( - 'wsgi_chunked_request' => 'On' + it { is_expected.to contain_openstacklib__wsgi__apache('keystone_wsgi_admin').with( + :wsgi_chunked_request => 'On' )} + end - describe 'when overriding parameters using additional headers' do + describe 'when overriding parameters using additional headers' do let :params do { :headers => 'set X-Frame-Options "DENY"' } end - it { is_expected.to contain_apache__vhost('keystone_wsgi_admin').with( - 'headers' => 'set X-Frame-Options "DENY"' + it { is_expected.to contain_openstacklib__wsgi__apache('keystone_wsgi_main').with( + :headers => 'set X-Frame-Options "DENY"' )} - it { is_expected.to contain_apache__vhost('keystone_wsgi_main').with( - 'headers' => 'set X-Frame-Options "DENY"' + it { is_expected.to contain_openstacklib__wsgi__apache('keystone_wsgi_admin').with( + :headers => 'set X-Frame-Options "DENY"' )} + end describe 'when overriding script paths with link' do @@ -434,13 +446,13 @@ describe 'keystone::wsgi::apache' do end it 'should contain correct files' do - is_expected.to contain_file('keystone_wsgi_admin').with( - 'path' => "#{facts[:wsgi_script_path]}/keystone-admin", - 'target' => params[:wsgi_admin_script_source] - ) is_expected.to contain_file('keystone_wsgi_main').with( - 'path' => "#{facts[:wsgi_script_path]}/keystone-public", - 'target' => params[:wsgi_public_script_source] + :path => "#{facts[:wsgi_script_path]}/keystone-public", + :target => params[:wsgi_public_script_source] + ) + is_expected.to contain_file('keystone_wsgi_admin').with( + :path => "#{facts[:wsgi_script_path]}/keystone-admin", + :target => params[:wsgi_admin_script_source] ) end end @@ -454,13 +466,13 @@ describe 'keystone::wsgi::apache' do end it 'should contain correct files' do - is_expected.to contain_file('keystone_wsgi_admin').with( - 'path' => "#{facts[:wsgi_script_path]}/keystone-admin", - 'source' => params[:wsgi_admin_script_source] - ) is_expected.to contain_file('keystone_wsgi_main').with( - 'path' => "#{facts[:wsgi_script_path]}/keystone-public", - 'source' => params[:wsgi_public_script_source] + :path => "#{facts[:wsgi_script_path]}/keystone-public", + :source => params[:wsgi_public_script_source] + ) + is_expected.to contain_file('keystone_wsgi_admin').with( + :path => "#{facts[:wsgi_script_path]}/keystone-admin", + :source => params[:wsgi_admin_script_source] ) end end @@ -472,7 +484,7 @@ describe 'keystone::wsgi::apache' do facts.merge!(OSDefaults.get_facts({})) end - let(:platform_parameters) do + let(:platform_params) do case facts[:osfamily] when 'Debian' {