openstack
/
puppet-keystone
Code Issues Proposed changes

Use openstacklib::wsgi::apache for keystone wsgi 

This patch changes the usage of the of
apache::vhost to openstacklib::wsgi::apache.

Also removes the wsgi_script_source param
that was deprecated in Mitaka.

Fixes and cleans up spec testing, cleans up
documentation in the manifest to conform
with the overall standard.

Depends-On: I31096140a6f355ec99496053fb06ce6c73094180
Change-Id: Ic11a0aea68a04d370453a7e81218642e0e150a9f
Closes-Bug: 1657582
This commit is contained in:
Tobias Urdin 2018-04-04 20:12:58 +02:00 committed by Alex Schultz
parent 73f863e21c
commit 15c06a78ae
3 changed files with 442 additions and 494 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

454
manifests/wsgi/apache.pp
View File

@ -1,212 +1,182 @@
# #
# Class to serve keystone with apache mod_wsgi in place of keystone service # Copyright 2013 eNovance <licensing@enovance.com>
# #
# Serving keystone from apache is the recommended way to go for production # Author: Francois Charlier <francois.charlier@enovance.com>
# systems as the current keystone implementation is not multi-processor aware,
# thus limiting the performance for concurrent accesses.
# #
# See the following URIs for reference: # == Class: keystone::wsgi::apache
# https://etherpad.openstack.org/havana-keystone-performance
# http://adam.younglogic.com/2012/03/keystone-should-move-to-apache-httpd/
# #
# Serve keystone with apache mod_wsgi in place of keystone service
# When using this class you should disable your keystone service. # When using this class you should disable your keystone service.
# #
# == Parameters # == Parameters
# #
# [*servername*] # [*servername*]
# The servername for the virtualhost. # (Optional) The servername for the virtualhost.
# Optional. Defaults to $::fqdn # Defaults to $::fqdn
# #
# [*servername_admin*] # [*servername_admin*]
# The servername for the admin virtualhost. # (Optional) The servername for the admin virtualhost.
# Optional. Defaults to $servername # Defaults to $servername
# #
# [*public_port*] # [*public_port*]
# The public port. # (Optional) The public port.
# Optional. Defaults to 5000 # Defaults to 5000
# #
# [*admin_port*] # [*admin_port*]
# The admin port. # (Optional) The admin port.
# Optional. Defaults to 35357 # Defaults to 35357
# #
# [*bind_host*] # [*bind_host*]
# The host/ip address Apache will listen on. # (Optional) The host/ip address Apache will listen on.
# Optional. Defaults to undef (listen on all ip addresses). # Defaults to undef (listen on all ip addresses)
# #
# [*admin_bind_host*] # [*admin_bind_host*]
# The host/ip address Apache will listen on for admin API connections. # (Optional) The host/ip address Apache will listen on for admin API connections.
# Optional. Defaults to undef or bind_host if only that setting is used. # Defaults to undef or bind_host if only that setting is used
# #
# [*public_path*] # [*public_path*]
# The prefix for the public endpoint. # (Optional) The prefix for the public endpoint.
# Optional. Defaults to '/' # Defaults to '/'
# #
# [*admin_path*] # [*admin_path*]
# The prefix for the admin endpoint. # (Optional) The prefix for the admin endpoint.
# Optional. Defaults to '/' # Defaults to '/'
# #
# [*ssl*] # [*ssl*]
# Use ssl ? (boolean) # (Optional) Use SSL.
# Optional. Defaults to true # Defaults to true
# #
# [*workers*] # [*workers*]
# Number of WSGI workers to spawn. # (Optional) Number of WSGI workers to spawn.
# Optional. Defaults to $::os_workers # Defaults to $::os_workers
# #
# [*ssl_cert*] # [*ssl_cert*]
# (optional) Path to SSL certificate # (Optional) Path to SSL certificate
# Default to apache::vhost 'ssl_*' defaults. # Default to apache::vhost 'ssl_*' defaults
# #
# [*ssl_key*] # [*ssl_key*]
# (optional) Path to SSL key # (Optional) Path to SSL key
# Default to apache::vhost 'ssl_*' defaults. # Default to apache::vhost 'ssl_*' defaults
# #
# [*ssl_cert_admin*] # [*ssl_cert_admin*]
# (optional) Path to SSL certificate for the admin endpoint. # (Optional) Path to SSL certificate for the admin endpoint.
# Default to apache::vhost 'ssl_*' defaults. # Default to apache::vhost 'ssl_*' defaults
# #
# [*ssl_key_admin*] # [*ssl_key_admin*]
# (optional) Path to SSL key for the admin endpoint. # (Optional) Path to SSL key for the admin endpoint.
# Default to apache::vhost 'ssl_*' defaults. # Default to apache::vhost 'ssl_*' defaults
# #
# [*ssl_chain*] # [*ssl_chain*]
# (optional) SSL chain # (Optional) SSL chain.
# Default to apache::vhost 'ssl_*' defaults. # Default to apache::vhost 'ssl_*' defaults
# #
# [*ssl_ca*] # [*ssl_ca*]
# (optional) Path to SSL certificate authority # (Optional) Path to SSL certificate authority.
# Default to apache::vhost 'ssl_*' defaults. # Default to apache::vhost 'ssl_*' defaults
# #
# [*ssl_crl_path*] # [*ssl_crl_path*]
# (optional) Path to SSL certificate revocation list # (Optional) Path to SSL certificate revocation list.
# Default to apache::vhost 'ssl_*' defaults. # Default to apache::vhost 'ssl_*' defaults
# #
# [*ssl_crl*] # [*ssl_crl*]
# (optional) SSL certificate revocation list name # (Optional) SSL certificate revocation list name.
# Default to apache::vhost 'ssl_*' defaults. # Default to apache::vhost 'ssl_*' defaults
# #
# [*ssl_certs_dir*] # [*ssl_certs_dir*]
# apache::vhost ssl parameters. # (Optional) apache::vhost ssl parameters.
# Optional. Default to apache::vhost 'ssl_*' defaults. # Default to apache::vhost 'ssl_*' defaults
# #
# [*priority*] # [*priority*]
# (optional) The priority for the vhost. # (Optional) The priority for the vhost.
# Defaults to '10' # Defaults to '10'
# #
# [*threads*] # [*threads*]
# (optional) The number of threads for the vhost. # (Optional) The number of threads for the vhost.
# Defaults to 1 # Defaults to 1
# #
# [*wsgi_application_group*] # [*wsgi_application_group*]
# (optional) The application group of the WSGI script. # (Optional) The application group of the WSGI script.
# Defaults to '%{GLOBAL}' # Defaults to '%{GLOBAL}'
# #
# [*wsgi_pass_authorization*] # [*wsgi_pass_authorization*]
# (optional) Whether HTTP authorisation headers are passed through to a WSGI # (Optional) Whether HTTP authorisation headers are passed through to a WSGI
# script when the equivalent HTTP request headers are present. # script when the equivalent HTTP request headers are present.
# Defaults to 'On' # Defaults to 'On'
# #
# [*wsgi_script_ensure*] # [*wsgi_admin_script_source*]
# (optional) File ensure parameter for wsgi scripts. # (Optional) Wsgi script source for the admin endpoint. If set to undef
# Defaults to undef. # $::keystone::params::keystone_wsgi_admin_script_path is used. This source
# is copied to the apache cgi-bin path as keystone-admin.
# Defaults to undef
# #
# [*wsgi_admin_script_source*] # [*wsgi_public_script_source*]
# (optional) Wsgi script source for the admin endpoint. If set to undef # (Optional) Wsgi script source for the public endpoint. If set to undef
# $::keystone::params::keystone_wsgi_admin_script_path is used. This source # $::keystone::params::keystone_wsgi_public_script_path is used. This source
# is copied to the apache cgi-bin path as keystone-admin. # is copied to the apache cgi-bin path as keystone-main.
# Defaults to undef. # Defaults to undef
# #
# [*wsgi_public_script_source*] # [*custom_wsgi_process_options_main*]
# (optional) Wsgi script source for the public endpoint. If set to undef # (Optional) gives you the oportunity to add custom process options or to
# $::keystone::params::keystone_wsgi_public_script_path is used. This source # overwrite the default options for the WSGI main process.
# is copied to the apache cgi-bin path as keystone-admin. # For example to use a virtual python environment for the WSGI process
# Defaults to undef. # you could set it to:
# { python-path => '/my/python/virtualenv' }
# Defaults to {}
# #
# [*custom_wsgi_process_options_main*] # [*custom_wsgi_process_options_admin*]
# (optional) gives you the oportunity to add custom process options or to # (Optional) gives you the oportunity to add custom process options or to
# overwrite the default options for the WSGI main process. # overwrite the default options for the WSGI admin process.
# eg. to use a virtual python environment for the WSGI process # eg. to use a virtual python environment for the WSGI process
# you could set it to: # you could set it to:
# { python-path => '/my/python/virtualenv' } # { python-path => '/my/python/virtualenv' }
# Defaults to {} # Defaults to {}
# #
# [*custom_wsgi_process_options_admin*] # [*access_log_file*]
# (optional) gives you the oportunity to add custom process options or to # (Optional) The log file name for the virtualhost.
# overwrite the default options for the WSGI admin process. # Defaults to false
# eg. to use a virtual python environment for the WSGI process
# you could set it to:
# { python-path => '/my/python/virtualenv' }
# Defaults to {}
# #
# [*access_log_file*] # [*access_log_pipe*]
# The log file name for the virtualhost. # (Optional) Specifies a pipe where Apache sends access logs for the virtualhost.
# Optional. Defaults to false. # Defaults to false
# #
# [*access_log_pipe*] # [*access_log_syslog*]
# Specifies a pipe where Apache sends access logs for the virtualhost. # (Optional) Sends the virtualhost access log messages to syslog.
# Optional. Defaults to false. # Defaults to false
# #
# [*access_log_syslog*] # [*access_log_format*]
# Sends the virtualhost access log messages to syslog. # (Optional) The log format for the virtualhost.
# Optional. Defaults to false. # Defaults to false
# #
# [*access_log_format*] # [*error_log_file*]
# The log format for the virtualhost. # (Optional) The error log file name for the virtualhost.
# Optional. Defaults to false. # Defaults to undef
# #
# [*error_log_file*] # [*error_log_pipe*]
# The error log file name for the virtualhost. # (Optional) Specifies a pipe where Apache sends error logs for the virtualhost.
# Optional. Defaults to undef. # Defaults to undef
# #
# [*error_log_pipe*] # [*error_log_syslog*]
# Specifies a pipe where Apache sends error logs for the virtualhost. # (Optional) Sends the virtualhost error log messages to syslog.
# Optional. Defaults to undef. # Defaults to undef
# #
# [*error_log_syslog*] # [*headers*]
# Sends the virtualhost error log messages to syslog. # (Optional) Headers for the vhost.
# Optional. Defaults to undef. # Defaults to undef
# #
# [*headers*] # [*vhost_custom_fragment*]
# (optional) Headers for the vhost. # (Optional) Passes a string of custom configuration
# Defaults to undef. # directives to be placed at the end of the vhost configuration.
# Defaults to undef
# #
# [*vhost_custom_fragment*] # [*wsgi_chunked_request*]
# (optional) Passes a string of custom configuration # (Optional) apache::vhost wsgi_chunked_request parameter.
# directives to be placed at the end of the vhost configuration. # Defaults to undef
# Defaults to undef.
# #
# [*wsgi_chunked_request*] # DEPRECATED PARAMETERS
# (optional) apache::vhost wsgi_chunked_request parameter.
# Defaults to undef
# #
# DEPRECATED OPTIONS # [*wsgi_script_ensure*]
# # (Optional) File ensure parameter for wsgi scripts.
# [*wsgi_script_source*] # Defaults to undef
# (optional) Wsgi script source.
# Defaults to undef.
#
# == Dependencies
#
# requires Class['apache'] & Class['keystone']
#
# == Examples
#
# include apache
#
# class { 'keystone::wsgi::apache': }
#
# == Note about ports & paths
#
# When using same port for both endpoints (443 anyone ?), you *MUST* use two
# different public_path & admin_path !
#
# == Authors
#
# Francois Charlier <francois.charlier@enovance.com>
#
# == Copyright
#
# Copyright 2013 eNovance <licensing@enovance.com>
# #
class keystone::wsgi::apache ( class keystone::wsgi::apache (
$servername = $::fqdn, $servername = $::fqdn,
@ -235,7 +205,6 @@ class keystone::wsgi::apache (
$wsgi_chunked_request = undef, $wsgi_chunked_request = undef,
$wsgi_admin_script_source = $::keystone::params::keystone_wsgi_admin_script_path, $wsgi_admin_script_source = $::keystone::params::keystone_wsgi_admin_script_path,
$wsgi_public_script_source = $::keystone::params::keystone_wsgi_public_script_path, $wsgi_public_script_source = $::keystone::params::keystone_wsgi_public_script_path,
$wsgi_script_ensure = undef,
$access_log_file = false, $access_log_file = false,
$access_log_pipe = false, $access_log_pipe = false,
$access_log_syslog = false, $access_log_syslog = false,
@ -247,21 +216,17 @@ class keystone::wsgi::apache (
$vhost_custom_fragment = undef, $vhost_custom_fragment = undef,
$custom_wsgi_process_options_main = {}, $custom_wsgi_process_options_main = {},
$custom_wsgi_process_options_admin = {}, $custom_wsgi_process_options_admin = {},
#DEPRECATED ## DEPRECATED PARAMETERS
$wsgi_script_source = undef, $wsgi_script_ensure = undef,
) inherits ::keystone::params { ) inherits ::keystone::params {
include ::keystone::deps include ::keystone::deps
include ::apache
include ::apache::mod::wsgi
$servername_admin_real = pick_default($servername_admin, $servername) $servername_admin_real = pick_default($servername_admin, $servername)
if $ssl { if $ssl {
include ::apache::mod::ssl
# Attempt to use the admin cert/key, else default to the public one. # Attempt to use the admin cert/key, else default to the public one.
# Since it's possible that no cert/key were given, we allow this to be # Since it's possible that no cert/key were given, we allow this to be empty with pick_default
# empty with pick_default
$ssl_cert_admin_real = pick_default($ssl_cert_admin, $ssl_cert) $ssl_cert_admin_real = pick_default($ssl_cert_admin, $ssl_cert)
$ssl_key_admin_real = pick_default($ssl_key_admin, $ssl_key) $ssl_key_admin_real = pick_default($ssl_key_admin, $ssl_key)
} else { } else {
@ -289,15 +254,12 @@ class keystone::wsgi::apache (
Anchor['keystone::config::end'] Anchor['keystone::config::end']
~> Service['httpd'] ~> Service['httpd']
## Sanitize parameters
# Ensure there's no trailing '/' except if this is also the only character # Ensure there's no trailing '/' except if this is also the only character
$public_path_real = regsubst($public_path, '(^/.*)/$', '\1') $public_path_real = regsubst($public_path, '(^/.*)/$', '\1')
# Ensure there's no trailing '/' except if this is also the only character
$admin_path_real = regsubst($admin_path, '(^/.*)/$', '\1') $admin_path_real = regsubst($admin_path, '(^/.*)/$', '\1')
if $public_port == $admin_port and $public_path_real == $admin_path_real { if $public_port == $admin_port and $public_path_real == $admin_path_real {
fail('When using the same port for public & private endpoints, public_path and admin_path should be different.') fail('When using the same port for public and admin endpoints, public_path and admin_path should be different.')
} }
file { $::keystone::params::keystone_wsgi_script_path: file { $::keystone::params::keystone_wsgi_script_path:
@ -308,74 +270,32 @@ class keystone::wsgi::apache (
require => Anchor['keystone::install::end'], require => Anchor['keystone::install::end'],
} }
# TODO(tobasco): Delete this when wsgi_script_ensure is removed.
$wsgi_file_target = $wsgi_script_ensure ? { if $wsgi_script_ensure {
'link' => 'target', warning('wsgi_script_ensure has NO effect and is deprecated for removal')
default => 'source'
} }
$wsgi_file_defaults = {
'ensure' => $wsgi_script_ensure,
'owner' => 'keystone',
'group' => 'keystone',
'mode' => '0644',
'require' => File[$::keystone::params::keystone_wsgi_script_path],
}
if $wsgi_script_source {
warning("The single wsgi script source has been deprecated as part of the Mitaka cycle, please switch to \
\$wsgi_admin_script_source and \$wsgi_public_script_source")
$wsgi_admin_source = $wsgi_script_source
$wsgi_public_source = $wsgi_script_source
} else {
$wsgi_admin_source = $wsgi_admin_script_source
$wsgi_public_source = $wsgi_public_script_source
}
$wsgi_files = {
'keystone_wsgi_admin' => {
'path' => "${::keystone::params::keystone_wsgi_script_path}/keystone-admin",
"${wsgi_file_target}" => $wsgi_admin_source,
},
'keystone_wsgi_main' => {
'path' => "${::keystone::params::keystone_wsgi_script_path}/keystone-public",
"${wsgi_file_target}" => $wsgi_public_source,
},
}
create_resources('file', $wsgi_files, $wsgi_file_defaults)
$wsgi_daemon_process_options_main = merge(
{
user => 'keystone',
group => 'keystone',
processes => $workers,
threads => $threads,
display-name => 'keystone-main',
},
$custom_wsgi_process_options_main
)
$wsgi_daemon_process_options_admin = merge(
{
user => 'keystone',
group => 'keystone',
processes => $workers,
threads => $threads,
display-name => 'keystone-admin',
},
$custom_wsgi_process_options_admin
)
$wsgi_script_aliases_main = hash([$public_path_real,"${::keystone::params::keystone_wsgi_script_path}/keystone-public"])
$wsgi_script_aliases_admin = hash([$admin_path_real, "${::keystone::params::keystone_wsgi_script_path}/keystone-admin"])
if $public_port == $admin_port { if $public_port == $admin_port {
$wsgi_script_aliases_main_real = merge($wsgi_script_aliases_main, $wsgi_script_aliases_admin) $custom_wsgi_script_aliases = { $admin_path_real => "${::keystone::params::keystone_wsgi_script_path}/keystone-admin" }
# NOTE(tobasco): Create this here since openstacklib::wsgi::apache only handles
# the keystone-public file if running public and admin on the same port.
file { 'keystone_wsgi_admin':
ensure => present,
path => "${::keystone::params::keystone_wsgi_script_path}/keystone-admin",
owner => 'keystone',
group => 'keystone',
mode => '0644',
source => $wsgi_admin_script_source,
require => File[$::keystone::params::keystone_wsgi_script_path],
}
$apache_require = [
File['keystone_wsgi_admin'],
]
} else { } else {
$wsgi_script_aliases_main_real = $wsgi_script_aliases_main $custom_wsgi_script_aliases = undef
$apache_require = []
} }
if $admin_bind_host { if $admin_bind_host {
@ -385,14 +305,15 @@ class keystone::wsgi::apache (
$real_admin_bind_host = $bind_host $real_admin_bind_host = $bind_host
} }
::apache::vhost { 'keystone_wsgi_main': ::openstacklib::wsgi::apache { 'keystone_wsgi_main':
ensure => 'present',
servername => $servername, servername => $servername,
ip => $bind_host, bind_host => $bind_host,
port => $public_port, bind_port => $public_port,
docroot => $::keystone::params::keystone_wsgi_script_path, group => 'keystone',
docroot_owner => 'keystone', path => $public_path_real,
docroot_group => 'keystone', workers => $workers,
threads => $threads,
user => 'keystone',
priority => $priority, priority => $priority,
ssl => $ssl, ssl => $ssl,
ssl_cert => $ssl_cert, ssl_cert => $ssl_cert,
@ -403,15 +324,18 @@ class keystone::wsgi::apache (
ssl_crl => $ssl_crl, ssl_crl => $ssl_crl,
ssl_certs_dir => $ssl_certs_dir, ssl_certs_dir => $ssl_certs_dir,
wsgi_daemon_process => 'keystone_main', wsgi_daemon_process => 'keystone_main',
wsgi_daemon_process_options => $wsgi_daemon_process_options_main, wsgi_process_display_name => 'keystone-main',
wsgi_process_group => 'keystone_main', wsgi_process_group => 'keystone_main',
wsgi_script_aliases => $wsgi_script_aliases_main_real, wsgi_script_dir => $::keystone::params::keystone_wsgi_script_path,
wsgi_script_file => 'keystone-public',
wsgi_script_source => $wsgi_public_script_source,
wsgi_application_group => $wsgi_application_group, wsgi_application_group => $wsgi_application_group,
wsgi_pass_authorization => $wsgi_pass_authorization, wsgi_pass_authorization => $wsgi_pass_authorization,
headers => $headers,
custom_fragment => $vhost_custom_fragment,
wsgi_chunked_request => $wsgi_chunked_request, wsgi_chunked_request => $wsgi_chunked_request,
require => File['keystone_wsgi_main'], headers => $headers,
custom_wsgi_process_options => $custom_wsgi_process_options_main,
custom_wsgi_script_aliases => $custom_wsgi_script_aliases,
vhost_custom_fragment => $vhost_custom_fragment,
access_log_file => $access_log_file, access_log_file => $access_log_file,
access_log_pipe => $access_log_pipe, access_log_pipe => $access_log_pipe,
access_log_syslog => $access_log_syslog, access_log_syslog => $access_log_syslog,
@ -419,17 +343,19 @@ class keystone::wsgi::apache (
error_log_file => $error_log_file, error_log_file => $error_log_file,
error_log_pipe => $error_log_pipe, error_log_pipe => $error_log_pipe,
error_log_syslog => $error_log_syslog, error_log_syslog => $error_log_syslog,
require => $apache_require,
} }
if $public_port != $admin_port { if $public_port != $admin_port {
::apache::vhost { 'keystone_wsgi_admin': ::openstacklib::wsgi::apache { 'keystone_wsgi_admin':
ensure => 'present',
servername => $servername_admin_real, servername => $servername_admin_real,
ip => $real_admin_bind_host, bind_host => $real_admin_bind_host,
port => $admin_port, bind_port => $admin_port,
docroot => $::keystone::params::keystone_wsgi_script_path, group => 'keystone',
docroot_owner => 'keystone', path => $admin_path_real,
docroot_group => 'keystone', workers => $workers,
threads => $threads,
user => 'keystone',
priority => $priority, priority => $priority,
ssl => $ssl, ssl => $ssl,
ssl_cert => $ssl_cert_admin_real, ssl_cert => $ssl_cert_admin_real,
@ -440,15 +366,17 @@ class keystone::wsgi::apache (
ssl_crl => $ssl_crl, ssl_crl => $ssl_crl,
ssl_certs_dir => $ssl_certs_dir, ssl_certs_dir => $ssl_certs_dir,
wsgi_daemon_process => 'keystone_admin', wsgi_daemon_process => 'keystone_admin',
wsgi_daemon_process_options => $wsgi_daemon_process_options_admin, wsgi_process_display_name => 'keystone-admin',
wsgi_process_group => 'keystone_admin', wsgi_process_group => 'keystone_admin',
wsgi_script_aliases => $wsgi_script_aliases_admin, wsgi_script_dir => $::keystone::params::keystone_wsgi_script_path,
wsgi_script_file => 'keystone-admin',
wsgi_script_source => $wsgi_admin_script_source,
wsgi_application_group => $wsgi_application_group, wsgi_application_group => $wsgi_application_group,
wsgi_pass_authorization => $wsgi_pass_authorization, wsgi_pass_authorization => $wsgi_pass_authorization,
headers => $headers, custom_wsgi_process_options => $custom_wsgi_process_options_admin,
custom_fragment => $vhost_custom_fragment, vhost_custom_fragment => $vhost_custom_fragment,
wsgi_chunked_request => $wsgi_chunked_request, wsgi_chunked_request => $wsgi_chunked_request,
require => File['keystone_wsgi_admin'], headers => $headers,
access_log_file => $access_log_file, access_log_file => $access_log_file,
access_log_pipe => $access_log_pipe, access_log_pipe => $access_log_pipe,
access_log_syslog => $access_log_syslog, access_log_syslog => $access_log_syslog,

8
releasenotes/notes/keystone-openstacklib-wsgi-0d565551ab88906c.yaml Normal file
View File

@ -0,0 +1,8 @@
---
upgrade:
- |
The deprecated parameter keystone::wsgi::apache::wsgi_script_source is now removed.
Please use the wsgi_public_script_source and wsgi_admin_script_source instead.
deprecations:
- |
The wsgi_script_ensure parameter now has NO affect and is deprecated for removal.

474
spec/classes/keystone_wsgi_apache_spec.rb
View File

@ -17,103 +17,99 @@ describe 'keystone::wsgi::apache' do
end end
shared_examples_for 'apache serving keystone with mod_wsgi' do shared_examples_for 'apache serving keystone with mod_wsgi' do
it { is_expected.to contain_service('httpd').with_name(platform_parameters[:httpd_service_name]) } it { is_expected.to contain_service('httpd').with_name(platform_params[:httpd_service_name]) }
it { is_expected.to contain_class('keystone::params') } it { is_expected.to contain_class('keystone::params') }
it { is_expected.to contain_class('apache') } it { is_expected.to contain_class('apache') }
it { is_expected.to contain_class('apache::mod::wsgi') } it { is_expected.to contain_class('apache::mod::wsgi') }
it { is_expected.to contain_class('apache::mod::ssl') }
it { is_expected.to contain_class('keystone::db::sync') } it { is_expected.to contain_class('keystone::db::sync') }
describe 'with default parameters' do describe 'with default parameters' do
it { is_expected.to contain_file("#{platform_parameters[:wsgi_script_path]}").with( it { is_expected.to contain_file("#{platform_params[:wsgi_script_path]}").with(
'ensure' => 'directory', :ensure => 'directory',
'owner' => 'keystone', :owner => 'keystone',
'group' => 'keystone', :group => 'keystone',
'require' => 'Anchor[keystone::install::end]', :require => 'Anchor[keystone::install::end]',
)} )}
it { is_expected.to contain_file('keystone_wsgi_admin').with( it { is_expected.to contain_file('keystone_wsgi_admin').with(
'ensure' => 'file', :ensure => 'file',
'path' => "#{platform_parameters[:wsgi_script_path]}/keystone-admin", :path => "#{platform_params[:wsgi_script_path]}/keystone-admin",
'source' => platform_parameters[:wsgi_admin_script_source], :source => platform_params[:wsgi_admin_script_source],
'owner' => 'keystone', :owner => 'keystone',
'group' => 'keystone', :group => 'keystone',
'mode' => '0644', :mode => '0644',
'require' => "File[#{platform_parameters[:wsgi_script_path]}]", :require => "File[#{platform_params[:wsgi_script_path]}]",
)} )}
it { is_expected.to contain_file('keystone_wsgi_main').with( it { is_expected.to contain_file('keystone_wsgi_main').with(
'ensure' => 'file', :ensure => 'file',
'path' => "#{platform_parameters[:wsgi_script_path]}/keystone-public", :path => "#{platform_params[:wsgi_script_path]}/keystone-public",
'source' => platform_parameters[:wsgi_public_script_source], :source => platform_params[:wsgi_public_script_source],
'owner' => 'keystone', :owner => 'keystone',
'group' => 'keystone', :group => 'keystone',
'mode' => '0644', :mode => '0644',
'require' => "File[#{platform_parameters[:wsgi_script_path]}]", :require => "File[#{platform_params[:wsgi_script_path]}]",
)} )}
it { is_expected.to contain_apache__vhost('keystone_wsgi_admin').with( it { is_expected.to contain_openstacklib__wsgi__apache('keystone_wsgi_main').with(
'servername' => 'some.host.tld', :servername => 'some.host.tld',
'ip' => nil, :bind_port => 35357,
'port' => '35357', :group => 'keystone',
'docroot' => "#{platform_parameters[:wsgi_script_path]}", :workers => facts[:os_workers],
'docroot_owner' => 'keystone', :threads => 1,
'docroot_group' => 'keystone', :user => 'keystone',
'ssl' => 'true', :priority => '10',
'wsgi_daemon_process' => 'keystone_admin', :ssl => true,
'wsgi_daemon_process_options' => { :wsgi_daemon_process => 'keystone_main',
'user' => 'keystone', :wsgi_process_display_name => 'keystone-main',
'group' => 'keystone', :wsgi_process_group => 'keystone_main',
'processes' => '42', :wsgi_application_group => '%{GLOBAL}',
'threads' => '1', :wsgi_script_dir => platform_params[:wsgi_script_path],
'display-name' => 'keystone-admin', :wsgi_script_file => 'keystone-public',
}, :wsgi_pass_authorization => 'On',
'wsgi_process_group' => 'keystone_admin', :headers => nil,
'wsgi_script_aliases' => { '/' => "#{platform_parameters[:wsgi_script_path]}/keystone-admin" }, :custom_wsgi_process_options => {},
'wsgi_application_group' => '%{GLOBAL}', :access_log_file => false,
'wsgi_pass_authorization' => 'On', :access_log_pipe => false,
'headers' => nil, :access_log_syslog => false,
'require' => 'File[keystone_wsgi_admin]', :access_log_format => false,
'access_log_file' => false, :error_log_file => nil,
'access_log_pipe' => false, :error_log_pipe => nil,
'access_log_syslog' => false, :error_log_syslog => nil,
'access_log_format' => false, :require => 'File[keystone_wsgi_main]',
'error_log_file' => nil,
'error_log_pipe' => nil,
'error_log_syslog' => nil,
)} )}
it { is_expected.to contain_apache__vhost('keystone_wsgi_main').with( it { is_expected.to contain_openstacklib__wsgi__apache('keystone_wsgi_admin').with(
'servername' => 'some.host.tld', :servername => 'some.host.tld',
'ip' => nil, :bind_port => 5000,
'port' => '5000', :group => 'keystone',
'docroot' => "#{platform_parameters[:wsgi_script_path]}", :workers => facts[:os_workers],
'docroot_owner' => 'keystone', :threads => 1,
'docroot_group' => 'keystone', :user => 'keystone',
'ssl' => 'true', :priority => '10',
'wsgi_daemon_process' => 'keystone_main', :ssl => true,
'wsgi_daemon_process_options' => { :wsgi_daemon_process => 'keystone_admin',
'user' => 'keystone', :wsgi_process_display_name => 'keystone-admin',
'group' => 'keystone', :wsgi_process_group => 'keystone_admin',
'processes' => '42', :wsgi_application_group => '%{GLOBAL}',
'threads' => '1', :wsgi_script_dir => platform_params[:wsgi_script_path],
'display-name' => 'keystone-main', :wsgi_script_file => 'keystone-admin',
}, :wsgi_pass_authorization => 'On',
'wsgi_process_group' => 'keystone_main', :headers => nil,
'wsgi_script_aliases' => { '/' => "#{platform_parameters[:wsgi_script_path]}/main" }, :custom_wsgi_process_options => {},
'wsgi_application_group' => '%{GLOBAL}', :access_log_file => false,
'wsgi_pass_authorization' => 'On', :access_log_pipe => false,
'headers' => nil, :access_log_syslog => false,
'require' => 'File[keystone_wsgi_main]', :access_log_format => false,
'access_log_file' => false, :error_log_file => nil,
'access_log_pipe' => false, :error_log_pipe => nil,
'access_log_syslog' => false, :error_log_syslog => nil,
'access_log_format' => false, :require => 'File[keystone_wsgi_admin]',
'error_log_file' => nil,
'error_log_pipe' => nil,
'error_log_syslog' => nil,
)} )}
it { is_expected.to contain_concat("#{platform_parameters[:httpd_ports_file]}") }
it { is_expected.to contain_concat("#{platform_params[:httpd_ports_file]}") }
end end
describe 'when overriding parameters using different ports' do describe 'when overriding parameters using different ports' do
@ -130,55 +126,67 @@ describe 'keystone::wsgi::apache' do
} }
end end
it { is_expected.to contain_apache__vhost('keystone_wsgi_admin').with( it { is_expected.to contain_openstacklib__wsgi__apache('keystone_wsgi_main').with(
'servername' => 'dummy.host', :servername => 'dummy.host',
'ip' => '10.42.51.2', :bind_host => '10.42.51.1',
'port' => '4142', :bind_port => 12345,
'docroot' => "#{platform_parameters[:wsgi_script_path]}", :user => 'keystone',
'docroot_owner' => 'keystone', :group => 'keystone',
'docroot_group' => 'keystone', :workers => 37,
'ssl' => 'false', :threads => 1,
'wsgi_daemon_process' => 'keystone_admin', :priority => '10',
'wsgi_daemon_process_options' => { :ssl => false,
'user' => 'keystone', :wsgi_daemon_process => 'keystone_main',
'group' => 'keystone', :wsgi_process_display_name => 'keystone-main',
'processes' => '37', :wsgi_process_group => 'keystone_main',
'threads' => '1', :wsgi_application_group => '%{GLOBAL}',
'display-name' => 'keystone-admin', :wsgi_script_dir => platform_params[:wsgi_script_path],
}, :wsgi_script_file => 'keystone-public',
'wsgi_process_group' => 'keystone_admin', :wsgi_pass_authorization => 'On',
'wsgi_script_aliases' => { '/' => "#{platform_parameters[:wsgi_script_path]}/keystone-admin" }, :headers => nil,
'wsgi_application_group' => '%{GLOBAL}', :custom_wsgi_process_options => {},
'wsgi_pass_authorization' => 'On', :vhost_custom_fragment => 'LimitRequestFieldSize 81900',
'require' => 'File[keystone_wsgi_admin]', :access_log_file => false,
'custom_fragment' => 'LimitRequestFieldSize 81900' :access_log_pipe => false,
:access_log_syslog => false,
:access_log_format => false,
:error_log_file => nil,
:error_log_pipe => nil,
:error_log_syslog => nil,
:require => 'File[keystone_wsgi_main]',
)} )}
it { is_expected.to contain_apache__vhost('keystone_wsgi_main').with( it { is_expected.to contain_openstacklib__wsgi__apache('keystone_wsgi_admin').with(
'servername' => 'dummy.host', :servername => 'dummy.host',
'ip' => '10.42.51.1', :bind_host => '10.42.51.1',
'port' => '12345', :bind_port => 4142,
'docroot' => "#{platform_parameters[:wsgi_script_path]}", :group => 'keystone',
'docroot_owner' => 'keystone', :workers => 37,
'docroot_group' => 'keystone', :threads => 1,
'ssl' => 'false', :user => 'keystone',
'wsgi_daemon_process' => 'keystone_main', :priority => '10',
'wsgi_daemon_process_options' => { :ssl => false,
'user' => 'keystone', :wsgi_daemon_process => 'keystone_admin',
'group' => 'keystone', :wsgi_process_display_name => 'keystone-admin',
'processes' => '37', :wsgi_process_group => 'keystone_admin',
'threads' => '1', :wsgi_application_group => '%{GLOBAL}',
'display-name' => 'keystone-main', :wsgi_script_dir => platform_params[:wsgi_script_path],
}, :wsgi_script_file => 'keystone-admin',
'wsgi_process_group' => 'keystone_main', :wsgi_pass_authorization => 'On',
'wsgi_script_aliases' => { '/' => "#{platform_parameters[:wsgi_script_path]}/main" }, :headers => nil,
'wsgi_application_group' => '%{GLOBAL}', :custom_wsgi_process_options => {},
'wsgi_pass_authorization' => 'On', :vhost_custom_fragment => 'LimitRequestFieldSize 81900',
'require' => 'File[keystone_wsgi_main]', :access_log_file => false,
'custom_fragment' => 'LimitRequestFieldSize 81900' :access_log_pipe => false,
:access_log_syslog => false,
:access_log_format => false,
:error_log_file => nil,
:error_log_pipe => nil,
:error_log_syslog => nil,
:require => 'File[keystone_wsgi_admin]',
)} )}
it { is_expected.to contain_concat("#{platform_parameters[:httpd_ports_file]}") } it { is_expected.to contain_concat("#{platform_params[:httpd_ports_file]}") }
end end
describe 'when admin_bind_host is not set default to bind_host' do describe 'when admin_bind_host is not set default to bind_host' do
@ -194,15 +202,25 @@ describe 'keystone::wsgi::apache' do
} }
end end
it { is_expected.to contain_apache__vhost('keystone_wsgi_admin').with( it { is_expected.to contain_openstacklib__wsgi__apache('keystone_wsgi_main').with(
'ip' => '10.42.51.1' :servername => 'dummy.host',
:bind_host => '10.42.51.1',
:bind_port => 12345,
:ssl => false,
:workers => 37,
:vhost_custom_fragment => 'LimitRequestFieldSize 81900'
)} )}
it { is_expected.to contain_apache__vhost('keystone_wsgi_main').with( it { is_expected.to contain_openstacklib__wsgi__apache('keystone_wsgi_admin').with(
'ip' => '10.42.51.1' :servername => 'dummy.host',
:bind_host => '10.42.51.1',
:bind_port => 4142,
:ssl => false,
:workers => 37,
:vhost_custom_fragment => 'LimitRequestFieldSize 81900'
)} )}
it { is_expected.to contain_concat("#{platform_parameters[:httpd_ports_file]}") } it { is_expected.to contain_concat("#{platform_params[:httpd_ports_file]}") }
end end
describe 'when servername_admin is overridden' do describe 'when servername_admin is overridden' do
@ -213,12 +231,12 @@ describe 'keystone::wsgi::apache' do
} }
end end
it { is_expected.to contain_apache__vhost('keystone_wsgi_admin').with( it { is_expected.to contain_openstacklib__wsgi__apache('keystone_wsgi_main').with(
'servername' => 'dummy2.host', :servername => 'dummy1.host',
)} )}
it { is_expected.to contain_apache__vhost('keystone_wsgi_main').with( it { is_expected.to contain_openstacklib__wsgi__apache('keystone_wsgi_admin').with(
'servername' => 'dummy1.host', :servername => 'dummy2.host',
)} )}
end end
@ -226,34 +244,23 @@ describe 'keystone::wsgi::apache' do
describe 'when wsgi_daemon_process_options are overridden' do describe 'when wsgi_daemon_process_options are overridden' do
let :params do let :params do
{ {
:custom_wsgi_process_options_admin => {
user => 'keystone-admin',
python_path => '/my/python/admin/path',
},
:custom_wsgi_process_options_main => { :custom_wsgi_process_options_main => {
user => 'keystone-main',
python_path => '/my/python/main/path', python_path => '/my/python/main/path',
}, },
:custom_wsgi_process_options_admin => {
python_path => '/my/python/admin/path',
},
} }
end end
it { is_expected.to contain_apache__vhost('keystone_wsgi_admin').with( it { is_expected.to contain_openstacklib__wsgi__apache('keystone_wsgi_main').with(
'wsgi_daemon_process_options' => { :custom_wsgi_process_options => { 'python-path' => '/my/python/main/path' },
'user' => 'keystone-admin',
'group' => 'keystone',
'python-path' => '/my/python/admin/path',
'display-name' => 'keystone_main',
},
)} )}
it { is_expected.to contain_apache__vhost('keystone_wsgi_main').with( it { is_expected.to contain_openstacklib__wsgi__apache('keystone_wsgi_admin').with(
'wsgi_daemon_process_options' => { :custom_wsgi_process_options => { 'python-path' => '/my/python/admin/path' },
'user' => 'keystone-main',
'group' => 'keystone',
'python-path' => '/my/python/main/path',
'display-name' => 'keystone-main',
},
)} )}
end end
describe 'when overriding parameters using same port' do describe 'when overriding parameters using same port' do
@ -269,32 +276,35 @@ describe 'keystone::wsgi::apache' do
} }
end end
it { is_expected.to_not contain_apache__vhost('keystone_wsgi_admin') } it { is_expected.to_not contain_openstacklib__wsgi__apache('keystone_wsgi_admin') }
it { is_expected.to contain_apache__vhost('keystone_wsgi_main').with( it { is_expected.to contain_openstacklib__wsgi__apache('keystone_wsgi_main').with(
'servername' => 'dummy.host', :servername => 'dummy.host',
'ip' => nil, :bind_port => 4242,
'port' => '4242', :user => 'keystone',
'docroot' => "#{platform_parameters[:wsgi_script_path]}", :group => 'keystone',
'docroot_owner' => 'keystone', :workers => 37,
'docroot_group' => 'keystone', :threads => 1,
'ssl' => 'true', :priority => '10',
'wsgi_daemon_process' => 'keystone_main', :ssl => true,
'wsgi_daemon_process_options' => { :wsgi_daemon_process => 'keystone_main',
'user' => 'keystone', :wsgi_process_display_name => 'keystone-main',
'group' => 'keystone', :wsgi_process_group => 'keystone_main',
'processes' => '37', :wsgi_application_group => '%{GLOBAL}',
'threads' => '1', :wsgi_script_dir => platform_params[:wsgi_script_path],
'display-name' => 'keystone-main', :wsgi_script_file => 'keystone-public',
}, :wsgi_pass_authorization => 'On',
'wsgi_process_group' => 'keystone_main', :headers => nil,
'wsgi_script_aliases' => { :custom_wsgi_process_options => {},
'/main/endpoint' => "#{platform_parameters[:wsgi_script_path]}/keystone-public", :custom_wsgi_script_aliases => { '/admin/endpoint' => "#{platform_parameters[:wsgi_script_path]}/keystone-admin" },
'/admin/endpoint' => "#{platform_parameters[:wsgi_script_path]}/keystone-admin" :access_log_file => false,
}, :access_log_pipe => false,
'wsgi_application_group' => '%{GLOBAL}', :access_log_syslog => false,
'wsgi_pass_authorization' => 'On', :access_log_format => false,
'require' => 'File[keystone_wsgi_main]' :error_log_file => nil,
:error_log_pipe => nil,
:error_log_syslog => nil,
:require => 'File[keystone_wsgi_main]'
)} )}
end end
@ -311,7 +321,7 @@ describe 'keystone::wsgi::apache' do
} }
end end
it_raises 'a Puppet::Error', /When using the same port for public & private endpoints, public_path and admin_path should be different\./ it_raises 'a Puppet::Error', /When using the same port for public and admin endpoints, public_path and admin_path should be different\./
end end
describe 'when overriding default apache logging' do describe 'when overriding default apache logging' do
@ -322,11 +332,11 @@ describe 'keystone::wsgi::apache' do
:access_log_syslog => 'syslog:local0', :access_log_syslog => 'syslog:local0',
} }
end end
it { is_expected.to contain_apache__vhost('keystone_wsgi_main').with( it { is_expected.to contain_openstacklib__wsgi__apache('keystone_wsgi_main').with(
'servername' => 'dummy.host', :servername => 'dummy.host',
'access_log_format' => 'foo', :access_log_format => 'foo',
'access_log_syslog' => 'syslog:local0', :access_log_syslog => 'syslog:local0',
)} )}
end end
describe 'when overriding parameters using symlink and custom file source' do describe 'when overriding parameters using symlink and custom file source' do
@ -338,23 +348,23 @@ describe 'keystone::wsgi::apache' do
end end
it { is_expected.to contain_file('keystone_wsgi_admin').with( it { is_expected.to contain_file('keystone_wsgi_admin').with(
'ensure' => 'link', :ensure => 'link',
'path' => "#{platform_parameters[:wsgi_script_path]}/keystone-admin", :path => "#{platform_params[:wsgi_script_path]}/keystone-admin",
'target' => '/opt/keystone/httpd/keystone.py', :target => '/opt/keystone/httpd/keystone.py',
'owner' => 'keystone', :owner => 'keystone',
'group' => 'keystone', :group => 'keystone',
'mode' => '0644', :mode => '0644',
'require' => "File[#{platform_parameters[:wsgi_script_path]}]", :require => "File[#{platform_params[:wsgi_script_path]}]",
)} )}
it { is_expected.to contain_file('keystone_wsgi_main').with( it { is_expected.to contain_file('keystone_wsgi_main').with(
'ensure' => 'link', :ensure => 'link',
'path' => "#{platform_parameters[:wsgi_script_path]}/keystone-public", :path => "#{platform_params[:wsgi_script_path]}/keystone-public",
'target' => '/opt/keystone/httpd/keystone.py', :target => '/opt/keystone/httpd/keystone.py',
'owner' => 'keystone', :owner => 'keystone',
'group' => 'keystone', :group => 'keystone',
'mode' => '0644', :mode => '0644',
'require' => "File[#{platform_parameters[:wsgi_script_path]}]", :require => "File[#{platform_params[:wsgi_script_path]}]",
)} )}
end end
@ -365,13 +375,13 @@ describe 'keystone::wsgi::apache' do
:ssl_key => 'some key', :ssl_key => 'some key',
} }
end end
it { is_expected.to contain_apache__vhost('keystone_wsgi_main').with( it { is_expected.to contain_openstacklib__wsgi__apache('keystone_wsgi_main').with(
'ssl_cert' => 'some cert', :ssl_cert => 'some cert',
'ssl_key' => 'some key', :ssl_key => 'some key',
)} )}
it { is_expected.to contain_apache__vhost('keystone_wsgi_admin').with( it { is_expected.to contain_openstacklib__wsgi__apache('keystone_wsgi_admin').with(
'ssl_cert' => 'some cert', :ssl_cert => 'some cert',
'ssl_key' => 'some key', :ssl_key => 'some key',
)} )}
end end
@ -384,13 +394,13 @@ describe 'keystone::wsgi::apache' do
:ssl_key_admin => 'some key admin', :ssl_key_admin => 'some key admin',
} }
end end
it { is_expected.to contain_apache__vhost('keystone_wsgi_main').with( it { is_expected.to contain_openstacklib__wsgi__apache('keystone_wsgi_main').with(
'ssl_cert' => 'some cert', :ssl_cert => 'some cert',
'ssl_key' => 'some key', :ssl_key => 'some key',
)} )}
it { is_expected.to contain_apache__vhost('keystone_wsgi_admin').with( it { is_expected.to contain_openstacklib__wsgi__apache('keystone_wsgi_admin').with(
'ssl_cert' => 'some cert admin', :ssl_cert => 'some cert admin',
'ssl_key' => 'some key admin', :ssl_key => 'some key admin',
)} )}
end end
@ -401,27 +411,29 @@ describe 'keystone::wsgi::apache' do
} }
end end
it { is_expected.to contain_apache__vhost('keystone_wsgi_admin').with( it { is_expected.to contain_openstacklib__wsgi__apache('keystone_wsgi_main').with(
'wsgi_chunked_request' => 'On' :wsgi_chunked_request => 'On'
)} )}
it { is_expected.to contain_apache__vhost('keystone_wsgi_main').with( it { is_expected.to contain_openstacklib__wsgi__apache('keystone_wsgi_admin').with(
'wsgi_chunked_request' => 'On' :wsgi_chunked_request => 'On'
)} )}
end end
describe 'when overriding parameters using additional headers' do describe 'when overriding parameters using additional headers' do
let :params do let :params do
{ {
:headers => 'set X-Frame-Options "DENY"' :headers => 'set X-Frame-Options "DENY"'
} }
end end
it { is_expected.to contain_apache__vhost('keystone_wsgi_admin').with( it { is_expected.to contain_openstacklib__wsgi__apache('keystone_wsgi_main').with(
'headers' => 'set X-Frame-Options "DENY"' :headers => 'set X-Frame-Options "DENY"'
)} )}
it { is_expected.to contain_apache__vhost('keystone_wsgi_main').with( it { is_expected.to contain_openstacklib__wsgi__apache('keystone_wsgi_admin').with(
'headers' => 'set X-Frame-Options "DENY"' :headers => 'set X-Frame-Options "DENY"'
)} )}
end end
describe 'when overriding script paths with link' do describe 'when overriding script paths with link' do
@ -434,13 +446,13 @@ describe 'keystone::wsgi::apache' do
end end
it 'should contain correct files' do it 'should contain correct files' do
is_expected.to contain_file('keystone_wsgi_admin').with(
'path' => "#{facts[:wsgi_script_path]}/keystone-admin",
'target' => params[:wsgi_admin_script_source]
)
is_expected.to contain_file('keystone_wsgi_main').with( is_expected.to contain_file('keystone_wsgi_main').with(
'path' => "#{facts[:wsgi_script_path]}/keystone-public", :path => "#{facts[:wsgi_script_path]}/keystone-public",
'target' => params[:wsgi_public_script_source] :target => params[:wsgi_public_script_source]
)
is_expected.to contain_file('keystone_wsgi_admin').with(
:path => "#{facts[:wsgi_script_path]}/keystone-admin",
:target => params[:wsgi_admin_script_source]
) )
end end
end end
@ -454,13 +466,13 @@ describe 'keystone::wsgi::apache' do
end end
it 'should contain correct files' do it 'should contain correct files' do
is_expected.to contain_file('keystone_wsgi_admin').with(
'path' => "#{facts[:wsgi_script_path]}/keystone-admin",
'source' => params[:wsgi_admin_script_source]
)
is_expected.to contain_file('keystone_wsgi_main').with( is_expected.to contain_file('keystone_wsgi_main').with(
'path' => "#{facts[:wsgi_script_path]}/keystone-public", :path => "#{facts[:wsgi_script_path]}/keystone-public",
'source' => params[:wsgi_public_script_source] :source => params[:wsgi_public_script_source]
)
is_expected.to contain_file('keystone_wsgi_admin').with(
:path => "#{facts[:wsgi_script_path]}/keystone-admin",
:source => params[:wsgi_admin_script_source]
) )
end end
end end
@ -472,7 +484,7 @@ describe 'keystone::wsgi::apache' do
facts.merge!(OSDefaults.get_facts({})) facts.merge!(OSDefaults.get_facts({}))
end end
let(:platform_parameters) do let(:platform_params) do
case facts[:osfamily] case facts[:osfamily]
when 'Debian' when 'Debian'
{ {