From 19b541df10e595253a0c0c0b164be434402ada8b Mon Sep 17 00:00:00 2001 From: Takashi Kajinami Date: Tue, 6 Sep 2022 11:35:55 +0900 Subject: [PATCH] Debian: Ensure keystone service is stopped when httpd is used This change fixes the missing logic to ensure the standalone keystone service is stopped when httpd + mod_wsgi is used to run the keystone service. Change-Id: I3ae6b9192c3c3d15fbf25be5d276efbcf2e9639b --- manifests/init.pp | 26 ++++++++++++------- ...stone_federation_identity_provider_spec.rb | 3 ++- spec/classes/keystone_init_spec.rb | 13 +++++++--- 3 files changed, 29 insertions(+), 13 deletions(-) diff --git a/manifests/init.pp b/manifests/init.pp index 3daa30e2b..8e419f76d 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -599,6 +599,11 @@ class keystone( case $service_name { $::keystone::params::service_name: { + if $::operatingsystem != 'Debian' { + # TODO(tkajinam): Make this hard-fail + warning('Keystone under Eventlet is no longer supported by this operating system') + } + $service_name_real = $::keystone::params::service_name service { 'keystone': @@ -609,22 +614,25 @@ class keystone( hasrestart => true, tag => 'keystone-service', } - - # Note: Debian uses uwsgi if using keystone service, which isn't deprecated - # and therefore, no warning should be displayed. - if $service_name == $::keystone::params::service_name and $::operatingsystem != 'Debian'{ - warning("Keystone under Eventlet has been deprecated during the Kilo cycle. \ -Support for deploying under eventlet will be dropped as of the M-release of OpenStack.") - } } 'httpd': { include apache::params $service_name_real = $::apache::params::service_name Service <| title == 'httpd' |> { tag +> 'keystone-service' } + + if $::operatingsystem == 'Debian' { + service { 'keystone': + ensure => 'stopped', + name => $::keystone::params::service_name, + enable => false, + tag => 'keystone-service', + } + # we need to make sure keystone/eventlet is stopped before trying to start apache + Service['keystone'] -> Service[$service_name] + } } default: { - fail("Invalid service_name. Either keystone/openstack-keystone for \ -running as a standalone service, or httpd for being run by a httpd server") + fail('Invalid service_name.') } } } else { diff --git a/spec/classes/keystone_federation_identity_provider_spec.rb b/spec/classes/keystone_federation_identity_provider_spec.rb index eb1390972..3421434bb 100644 --- a/spec/classes/keystone_federation_identity_provider_spec.rb +++ b/spec/classes/keystone_federation_identity_provider_spec.rb @@ -28,7 +28,8 @@ describe 'keystone::federation::identity_provider' do shared_examples 'keystone::federation::identity_provider' do let :pre_condition do - "class { 'keystone': + "include apache + class { 'keystone': service_name => 'httpd', enable_ssl => true, }" diff --git a/spec/classes/keystone_init_spec.rb b/spec/classes/keystone_init_spec.rb index d32047752..66a33196d 100644 --- a/spec/classes/keystone_init_spec.rb +++ b/spec/classes/keystone_init_spec.rb @@ -183,9 +183,16 @@ describe 'keystone' do end it do - expect { - is_expected.to contain_service(platform_params[:service_name]).with('ensure' => 'running') - }.to raise_error(RSpec::Expectations::ExpectationNotMetError, /expected that the catalogue would contain Service\[#{platform_params[:service_name]}\]/) + if facts[:operatingsystem] == 'Debian' + is_expected.to contain_service('keystone').with( + :ensure => 'stopped', + :name => platform_params[:service_name], + :enable => false, + :tag => 'keystone-service', + ) + else + is_expected.to_not contain_service('keystone') + end end it { is_expected.to contain_exec('restart_keystone').with(