openstack
/
puppet-keystone
Code Issues Proposed changes

Keystone hooks support 

This code moves all deps to an external class so that Keystone can be
installed with mechanisms besides packages (like venv or docker). This
also cleans-up the dependency tree by removing false or confusing
dependencies.

Change-Id: If69cd7cba267f75faad51fdbc80a58b24d2095d8
Co-Author: Clayton O'Neill <clayton.oneill@twcable.com>
This commit is contained in:
Matt Fischer 2016-02-23 18:31:15 -07:00
parent 950b430e81
commit a5da52ec52
35 changed files with 255 additions and 84 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/puppet/type/keystone_domain.rb
View File

@ -47,6 +47,6 @@ Puppet::Type.newtype(:keystone_domain) do
# we should not do anything until the keystone service is started
autorequire(:anchor) do
['keystone_started']
['keystone::service::end']
end
end

2
lib/puppet/type/keystone_endpoint.rb
View File

@ -41,7 +41,7 @@ Puppet::Type.newtype(:keystone_endpoint) do
# we should not do anything until the keystone service is started
autorequire(:anchor) do
['keystone_started']
['keystone::service::end']
end
autorequire(:keystone_service) do

2
lib/puppet/type/keystone_identity_provider.rb
View File

@ -93,6 +93,6 @@ Puppet::Type.newtype(:keystone_identity_provider) do
end
autorequire(:anchor) do
['keystone_started']
['keystone::service::end']
end
end

2
lib/puppet/type/keystone_role.rb
View File

@ -23,6 +23,6 @@ Puppet::Type.newtype(:keystone_role) do
# we should not do anything until the keystone service is started
autorequire(:anchor) do
['keystone_started']
['keystone::service::end']
end
end

2
lib/puppet/type/keystone_service.rb
View File

@ -35,7 +35,7 @@ Puppet::Type.newtype(:keystone_service) do
# If there is no keystone config, authentication credentials
# need to come from another source.
autorequire(:anchor) do
['keystone_started']
['keystone::service::end']
end
def self.title_patterns

2
lib/puppet/type/keystone_tenant.rb
View File

@ -60,7 +60,7 @@ Puppet::Type.newtype(:keystone_tenant) do
# If there is no keystone config, authentication credentials
# need to come from another source.
autorequire(:anchor) do
['keystone_started', 'default_domain_created']
['keystone::service::end', 'default_domain_created']
end
def self.title_patterns

2
lib/puppet/type/keystone_user.rb
View File

@ -80,7 +80,7 @@ Puppet::Type.newtype(:keystone_user) do
# we should not do anything until the keystone service is started
autorequire(:anchor) do
['keystone_started', 'default_domain_created']
['keystone::service::end', 'default_domain_created']
end
def self.title_patterns

2
lib/puppet/type/keystone_user_role.rb
View File

@ -104,7 +104,7 @@ Puppet::Type.newtype(:keystone_user_role) do
# we should not do anything until the keystone service is started
autorequire(:anchor) do
['keystone_started']
['keystone::service::end']
end
def self.title_patterns

2
manifests/client.pp
View File

@ -17,6 +17,8 @@ class keystone::client (
$ensure = 'present'
) inherits keystone::params {
include ::keystone::deps
package { 'python-keystoneclient':
ensure => $ensure,
name => $client_package_name,

2
manifests/config.pp
View File

@ -28,6 +28,8 @@ class keystone::config (
$keystone_paste_ini = {},
) {
include ::keystone::deps
validate_hash($keystone_config)
validate_hash($keystone_paste_ini)

2
manifests/cron/token_flush.pp
View File

@ -65,6 +65,8 @@ class keystone::cron::token_flush (
$user = 'keystone',
) {
include ::keystone::deps
if $maxdelay == 0 {
$sleep = ''
} else {

3
manifests/db.pp
View File

@ -43,6 +43,7 @@ class keystone::db (
$database_max_overflow = $::os_service_default,
) {
include ::keystone::deps
include ::keystone::params
# NOTE(spredzy): In order to keep backward compatibility we rely on the pick function
@ -84,7 +85,7 @@ class keystone::db (
package {'keystone-backend-package':
ensure => present,
name => $backend_package,
tag => 'openstack',
tag => ['openstack', 'keystone-package'],
}
}

6
manifests/db/mysql.pp
View File

@ -58,6 +58,8 @@ class keystone::db::mysql(
$allowed_hosts = undef
) {
include ::keystone::deps
validate_string($password)
::openstacklib::db::mysql { 'keystone':
@ -70,5 +72,7 @@ class keystone::db::mysql(
allowed_hosts => $allowed_hosts,
}
::Openstacklib::Db::Mysql['keystone'] ~> Exec<| title == 'keystone-manage db_sync' |>
Anchor['keystone::db::begin']
~> Class['keystone::db::mysql']
~> Anchor['keystone::db::end']
}

7
manifests/db/postgresql.pp
View File

@ -42,7 +42,7 @@ class keystone::db::postgresql(
$privileges = 'ALL',
) {
Class['keystone::db::postgresql'] -> Service<| title == 'keystone' |>
include ::keystone::deps
::openstacklib::db::postgresql { 'keystone':
password_hash => postgresql_password($user, $password),
@ -52,6 +52,7 @@ class keystone::db::postgresql(
privileges => $privileges,
}
::Openstacklib::Db::Postgresql['keystone'] ~> Exec<| title == 'keystone-manage db_sync' |>
Anchor['keystone::db::begin']
~> Class['keystone::db::postgresql']
~> Anchor['keystone::db::end']
}

15
manifests/db/sync.pp
View File

@ -11,15 +11,22 @@
# Defaults to ''
#
class keystone::db::sync(
$extra_params = undef,
$extra_params = undef,
) {
include ::keystone::deps
exec { 'keystone-manage db_sync':
command => "keystone-manage ${extra_params} db_sync",
path => '/usr/bin',
user => 'keystone',
refreshonly => true,
subscribe => [Package['keystone'], Keystone_config['database/connection']],
subscribe => [
Anchor['keystone::install::end'],
Anchor['keystone::config::end'],
Anchor['keystone::dbsync::begin']
],
notify => Anchor['keystone::dbsync::end'],
tag => 'keystone-exec',
}
Exec['keystone-manage db_sync'] ~> Service<| title == 'keystone' |>
}

74
manifests/deps.pp Normal file
View File

@ -0,0 +1,74 @@
# == Class: keystone::deps
#
# keystone anchors and dependency management
#
class keystone::deps {
# Setup anchors for install, config and service phases of the module. These
# anchors allow external modules to hook the begin and end of any of these
# phases. Package or service management can also be replaced by ensuring the
# package is absent or turning off service management and having the
# replacement depend on the appropriate anchors. When applicable, end tags
# should be notified so that subscribers can determine if installation,
# config or service state changed and act on that if needed.
anchor { 'keystone::install::begin': }
-> Package<| tag == 'keystone-package'|>
~> anchor { 'keystone::install::end': }
-> anchor { 'keystone::config::begin': }
-> Keystone_config<||>
~> anchor { 'keystone::config::end': }
-> anchor { 'keystone::db::begin': }
-> anchor { 'keystone::db::end': }
~> anchor { 'keystone::dbsync::begin': }
-> anchor { 'keystone::dbsync::end': }
~> anchor { 'keystone::service::begin': }
~> Service<| tag == 'keystone-service' |>
~> anchor { 'keystone::service::end': }
# paste-api.ini config should occur in the config block also.
Anchor['keystone::config::begin']
-> Keystone_paste_ini<||>
~> Anchor['keystone::config::end']
# policy config should occur in the config block also.
Anchor['keystone::config::begin']
-> Openstacklib::Policy::Base<||>
~> Anchor['keystone::config::end']
# Support packages need to be installed in the install phase, but we don't
# put them in the chain above because we don't want any false dependencies
# between packages with the keystone-package tag and the keystone-support-package
# tag. Note: the package resources here will have a 'before' relationshop on
# the keystone::install::end anchor. The line between keystone-support-package and
# keystone-package should be whether or not keystone services would need to be
# restarted if the package state was changed.
Anchor['keystone::install::begin']
-> Package<| tag == 'keystone-support-package'|>
-> Anchor['keystone::install::end']
# We need openstackclient before marking service end so that keystone
# will have clients available to create resources. This tag handles the
# openstackclient but indirectly since the client is not available in
# all catalogs that don't need the client class (like many spec tests)
Package<| tag == 'openstack'|>
~> Anchor['keystone::service::end']
# The following resources need to be provisioned after the service is up.
Anchor['keystone::service::end']
-> Keystone_domain<||>
Anchor['keystone::service::end']
-> Keystone_endpoint<||>
Anchor['keystone::service::end']
-> Keystone_role<||>
Anchor['keystone::service::end']
-> Keystone_service<||>
Anchor['keystone::service::end']
-> Keystone_tenant<||>
Anchor['keystone::service::end']
-> Keystone_user<||>
Anchor['keystone::service::end']
-> Keystone_user_role<||>
# Installation or config changes will always restart services.
Anchor['keystone::install::end'] ~> Anchor['keystone::service::begin']
Anchor['keystone::config::end'] ~> Anchor['keystone::service::begin']
}

2
manifests/endpoint.pp
View File

@ -62,6 +62,8 @@ class keystone::endpoint (
$version = 'unset', # defaults to 'v2.0' if unset by user
) {
include ::keystone::deps
if $version == 'unset' {
# $version will be set to empty '' once tempest & all openstack clients
# actually support versionless endpoints.

26
manifests/federation/identity_provider.pp
View File

@ -63,6 +63,11 @@
# (Optional) User with access to keystone files. (string value)
# Defaults to 'keystone'.
#
# [*package_ensure*]
# (optional) Desired ensure state of packages.
# accepts latest or specific versions.
# Defaults to present.
#
# == Dependencies
# == Examples
# == Authors
@ -89,7 +94,10 @@ class keystone::federation::identity_provider(
$idp_contact_email = undef,
$idp_contact_telephone = undef,
$idp_contact_type = undef,
$package_ensure = present,
) {
include ::keystone::deps
include ::keystone::params
if $::keystone::service_name != 'httpd' {
@ -97,7 +105,8 @@ class keystone::federation::identity_provider(
}
ensure_packages(['xmlsec1','python-pysaml2'], {
ensure => present
ensure => $package_ensure,
tag => 'keystone-support-package',
})
keystone_config {
@ -125,12 +134,13 @@ class keystone::federation::identity_provider(
}
exec {'saml_idp_metadata':
path => '/usr/bin',
user => "${user}",
command => "keystone-manage saml_idp_metadata > ${idp_metadata_path}",
creates => $idp_metadata_path,
notify => Service[$::keystone::params::service_name],
subscribe => Package['keystone'],
path => '/usr/bin',
user => "${user}",
command => "keystone-manage saml_idp_metadata > ${idp_metadata_path}",
creates => $idp_metadata_path,
subscribe => Anchor['keystone::config::end'],
notify => Anchor['keystone::service::end'],
tag => 'keystone-exec',
}
file { $idp_metadata_path:
@ -139,6 +149,4 @@ class keystone::federation::identity_provider(
owner => "${user}",
}
Keystone_config<||> -> Exec<| title == 'saml_idp_metadata'|>
}

10
manifests/federation/mellon.pp
View File

@ -41,6 +41,11 @@
# The value 999 corresponds to the order for concat::fragment "${name}-file_footer".
# (Optional) Defaults to 331.
#
# [*package_ensure*]
# (optional) Desired ensure state of packages.
# accepts latest or specific versions.
# Defaults to present.
#
class keystone::federation::mellon (
$methods,
$idp_name,
@ -49,9 +54,11 @@ class keystone::federation::mellon (
$main_port = true,
$module_plugin = 'keystone.auth.plugins.mapped.Mapped',
$template_order = 331,
$package_ensure = present,
) {
include ::apache
include ::keystone::deps
include ::keystone::params
# Note: if puppet-apache modify these values, this needs to be updated
@ -84,7 +91,8 @@ class keystone::federation::mellon (
}
ensure_packages([$::keystone::params::mellon_package_name], {
ensure => present
ensure => $package_ensure,
tag => 'keystone-support-package',
})
if $admin_port {

1
manifests/federation/shibboleth.pp
View File

@ -69,6 +69,7 @@ class keystone::federation::shibboleth(
) {
include ::apache
include ::keystone::deps
# Note: if puppet-apache modify these values, this needs to be updated
if $template_order <= 330 or $template_order >= 999 {

37
manifests/init.pp
View File

@ -625,6 +625,7 @@ class keystone(
$public_workers = max($::processorcount, 2),
) inherits keystone::params {
include ::keystone::deps
include ::keystone::logging
if ! $catalog_driver {
@ -651,12 +652,6 @@ class keystone(
}
}
Keystone_config<||> ~> Service[$service_name]
Keystone_config<||> ~> Exec<| title == 'keystone-manage bootstrap'|>
Keystone_config<||> ~> Exec<| title == 'keystone-manage db_sync'|>
Keystone_config<||> ~> Exec<| title == 'keystone-manage pki_setup'|>
Keystone_config<||> ~> Exec<| title == 'keystone-manage fernet_setup'|>
include ::keystone::db
include ::keystone::params
@ -692,6 +687,7 @@ class keystone(
package { 'python-memcache':
ensure => present,
name => $::keystone::params::python_memcache_package_name,
tag => ['openstack', 'keystone-package'],
}
}
@ -725,7 +721,7 @@ class keystone(
}
if !is_service_default($memcache_servers) or !is_service_default($cache_memcache_servers) {
Service<| title == 'memcached' |> -> Service['keystone']
Service<| title == 'memcached' |> -> Anchor['keystone::service::begin']
}
# TODO(aschultz): remove in N cycle
@ -801,8 +797,9 @@ class keystone(
path => '/usr/bin',
refreshonly => true,
creates => $signing_keyfile,
notify => Service[$service_name],
subscribe => Package['keystone'],
notify => Anchor['keystone::service::begin'],
subscribe => [Anchor['keystone::install::end'], Anchor['keystone::config::end']],
tag => 'keystone-exec',
}
}
@ -909,14 +906,15 @@ class keystone(
validate => false,
}
$service_name_real = $::apache::params::service_name
Service['keystone'] -> Service[$service_name_real]
# leave this here because Ubuntu packages will start Keystone and we need it stopped
# before apache can run
Service['keystone'] -> Service[$service_name_real]
} else {
fail('Invalid service_name. Either keystone/openstack-keystone for running as a standalone service, or httpd for being run by a httpd server')
}
if $sync_db {
include ::keystone::db::sync
Class['::keystone::db::sync'] ~> Service[$service_name]
}
# Fernet tokens support
@ -927,8 +925,9 @@ class keystone(
path => '/usr/bin',
refreshonly => true,
creates => "${fernet_key_repository}/0",
notify => Service[$service_name],
subscribe => [Package['keystone'], Keystone_config['fernet_tokens/key_repository']],
notify => Anchor['keystone::service::begin'],
subscribe => [Anchor['keystone::install::end'], Anchor['keystone::config::end']],
tag => 'keystone-exec',
}
}
@ -979,13 +978,16 @@ class keystone(
}
if $enable_bootstrap {
# this requires the database to be up and running and configured
# and is only run once, so we don't need to notify the service
exec { 'keystone-manage bootstrap':
command => "keystone-manage bootstrap --bootstrap-password ${admin_token}",
path => '/usr/bin',
refreshonly => true,
notify => Anchor['keystone::service::begin'],
subscribe => Anchor['keystone::dbsync::end'],
tag => 'keystone-exec',
}
Exec<| title == 'keystone-manage db_sync'|> ~> Exec<| title == 'keystone-manage bootstrap'|>
Exec['keystone-manage bootstrap'] ~> Service<| title == 'keystone' |>
}
if $using_domain_config {
@ -1002,7 +1004,7 @@ class keystone(
group => 'keystone',
mode => '0750',
notify => Service[$service_name],
require => Package['keystone'],
require => Anchor['keystone::install::end'],
}
}
# Here we want the creation to fail if the user has created those
@ -1019,7 +1021,4 @@ class keystone(
{'value' => $domain_config_directory}
)
}
anchor { 'keystone_started':
require => Service[$service_name]
}
}

13
manifests/ldap.pp
View File

@ -356,6 +356,11 @@
# End user auth connection lifetime in seconds. (integer value)
# Defaults to '60'
#
# [*package_ensure*]
# (optional) Desired ensure state of packages.
# accepts latest or specific versions.
# Defaults to present.
#
# === DEPRECATED group/name
#
# == Dependencies
@ -450,12 +455,14 @@ class keystone::ldap(
$use_auth_pool = false,
$auth_pool_size = 100,
$auth_pool_connection_lifetime = 60,
$package_ensure = present,
) {
include ::keystone::deps
$ldap_packages = ['python-ldap', 'python-ldappool']
package { $ldap_packages:
ensure => present,
}
ensure_resource('package', $ldap_packages, { ensure => $package_ensure,
tag => 'keystone-package' })
if ($tls_cacertdir != undef) {
file { $tls_cacertdir:

12
manifests/ldap_backend.pp
View File

@ -359,6 +359,11 @@
# End user auth connection lifetime in seconds. (integer value)
# Defaults to '60'
#
# [*package_ensure*]
# (optional) Desired ensure state of packages.
# accepts latest or specific versions.
# Defaults to present.
#
# === DEPRECATED group/name
#
# == Dependencies
@ -444,8 +449,11 @@ define keystone::ldap_backend(
$use_auth_pool = false,
$auth_pool_size = 100,
$auth_pool_connection_lifetime = 60,
$package_ensure = present,
) {
include ::keystone::deps
$domain_enabled = getparam(Keystone_config['identity/domain_specific_drivers_enabled'], 'value')
$domain_dir_enabled = getparam(Keystone_config['identity/domain_config_dir'], 'value')
$err_msg = "You should add \"using_domain_config => true\" parameter to your Keystone class, got \"${domain_enabled}\" for identity/domain_specific_drivers_enabled and \"${domain_dir_enabled}\" for identity/domain_config_dir"
@ -468,8 +476,8 @@ define keystone::ldap_backend(
$ldap_packages = ['python-ldap', 'python-ldappool']
ensure_resource('package', $ldap_packages, {
ensure => present,
require => Package['keystone'],
ensure => $package_ensure,
tag => ['openstack', 'keystone-package'],
})
if ($tls_cacertdir != undef) {

2
manifests/logging.pp
View File

@ -118,6 +118,8 @@ class keystone::logging(
$log_date_format = $::os_service_default,
) {
include ::keystone::deps
# NOTE(spredzy): In order to keep backward compatibility we rely on the pick function
# to use keystone::<myparam> first then keystone::logging::<myparam>.
$use_syslog_real = pick($::keystone::use_syslog,$use_syslog)

2
manifests/policy.pp
View File

@ -28,6 +28,8 @@ class keystone::policy (
$policy_path = '/etc/keystone/policy.json',
) {
include ::keystone::deps
validate_hash($policies)
Openstacklib::Policy::Base {

2
manifests/resource/authtoken.pp
View File

@ -160,6 +160,8 @@ define keystone::resource::authtoken(
$insecure = false,
) {
include ::keystone::deps
if !$project_name and !$project_id and !$domain_name and !$domain_id {
fail('Must specify either a project (project_name or project_id, for a project scoped token) or a domain (domain_name or domain_id, for a domain scoped token)')
}

3
manifests/resource/service_identity.pp
View File

@ -125,6 +125,9 @@ define keystone::resource::service_identity(
$project_domain = undef,
$default_domain = undef,
) {
include ::keystone::deps
if $service_name == undef {
$service_name_real = $auth_name
} else {

4
manifests/roles/admin.pp
View File

@ -87,6 +87,8 @@ class keystone::roles::admin(
$service_project_domain = undef,
) {
include ::keystone::deps
$domains = unique(delete_undef_values([ $admin_user_domain, $admin_project_domain, $service_project_domain]))
keystone_domain { $domains:
ensure => present,
@ -99,12 +101,14 @@ class keystone::roles::admin(
description => $service_tenant_desc,
domain => $service_project_domain,
}
keystone_tenant { $admin_tenant:
ensure => present,
enabled => true,
description => $admin_tenant_desc,
domain => $admin_project_domain,
}
keystone_role { 'admin':
ensure => present,
}

11
manifests/service.pp
View File

@ -78,6 +78,8 @@ class keystone::service(
$insecure = false,
$cacert = undef,
) {
include ::keystone::deps
include ::keystone::params
service { 'keystone':
@ -112,13 +114,8 @@ class keystone::service(
subscribe => Service['keystone'],
refreshonly => true,
tries => $retries,
try_sleep => $delay
try_sleep => $delay,
notify => Anchor['keystone::service::end'],
}
Exec['validate_keystone_connection'] -> Keystone_user<||>
Exec['validate_keystone_connection'] -> Keystone_role<||>
Exec['validate_keystone_connection'] -> Keystone_tenant<||>
Exec['validate_keystone_connection'] -> Keystone_service<||>
Exec['validate_keystone_connection'] -> Keystone_endpoint<||>
}
}

33
manifests/wsgi/apache.pp
View File

@ -172,6 +172,7 @@ class keystone::wsgi::apache (
$vhost_custom_fragment = undef,
) {
include ::keystone::deps
include ::keystone::params
include ::apache
include ::apache::mod::wsgi
@ -179,15 +180,25 @@ class keystone::wsgi::apache (
include ::apache::mod::ssl
}
Package['keystone'] -> Package['httpd']
Package['keystone'] ~> Service['httpd']
Keystone_config <| |> ~> Service['httpd']
Service['httpd'] -> Keystone_endpoint <| |>
Service['httpd'] -> Keystone_role <| |>
Service['httpd'] -> Keystone_service <| |>
Service['httpd'] -> Keystone_tenant <| |>
Service['httpd'] -> Keystone_user <| |>
Service['httpd'] -> Keystone_user_role <| |>
# The httpd package is untagged, but needs to have ordering enforced,
# so handle it here rather than in the deps class.
Anchor['keystone::install::begin']
-> Package['httpd']
-> Anchor['keystone::install::end']
# Configure apache during the config phase
Anchor['keystone::config::begin']
-> Apache::Vhost<||>
~> Anchor['keystone::config::end']
# Start the service during the service phase
Anchor['keystone::service::begin']
-> Service['httpd']
-> Anchor['keystone::service::end']
# Notify the service when config changes
Anchor['keystone::config::end']
~> Service['httpd']
## Sanitize parameters
@ -204,7 +215,7 @@ class keystone::wsgi::apache (
ensure => directory,
owner => 'keystone',
group => 'keystone',
require => Package['httpd'],
require => Anchor['keystone::install::end'],
}
$wsgi_files = {
@ -221,7 +232,7 @@ class keystone::wsgi::apache (
'owner' => 'keystone',
'group' => 'keystone',
'mode' => '0644',
'require' => [File[$::keystone::params::keystone_wsgi_script_path], Package['keystone']],
'require' => File[$::keystone::params::keystone_wsgi_script_path],
}
$wsgi_script_source_real = $wsgi_script_source ? {

2
spec/classes/keystone_db_spec.rb
View File

@ -92,7 +92,7 @@ describe 'keystone::db' do
is_expected.to contain_package('keystone-backend-package').with(
:ensure => 'present',
:name => 'python-pymysql',
:tag => 'openstack'
:tag => ['openstack', 'keystone-package']
)
end
end

12
spec/classes/keystone_db_sync_spec.rb
View File

@ -6,9 +6,11 @@ describe 'keystone::db::sync' do
it {
is_expected.to contain_exec('keystone-manage db_sync').with(
:command => 'keystone-manage db_sync',
:user => 'keystone',
:refreshonly => true,
:subscribe => ['Package[keystone]', 'Keystone_config[database/connection]'],
:subscribe => ['Anchor[keystone::install::end]',
'Anchor[keystone::config::end]',
'Anchor[keystone::dbsync::begin]'],
:notify => 'Anchor[keystone::dbsync::end]',
)
}
end
@ -23,9 +25,11 @@ describe 'keystone::db::sync' do
it {
is_expected.to contain_exec('keystone-manage db_sync').with(
:command => 'keystone-manage --config-file /etc/keystone/keystone.conf db_sync',
:user => 'keystone',
:refreshonly => true,
:subscribe => ['Package[keystone]', 'Keystone_config[database/connection]'],
:subscribe => ['Anchor[keystone::install::end]',
'Anchor[keystone::config::end]',
'Anchor[keystone::dbsync::begin]'],
:notify => 'Anchor[keystone::dbsync::end]',
)
}
end

17
spec/classes/keystone_deps_spec.rb Normal file
View File

@ -0,0 +1,17 @@
require 'spec_helper'
describe 'keystone::deps' do
it 'set up the anchors' do
is_expected.to contain_anchor('keystone::install::begin')
is_expected.to contain_anchor('keystone::install::end')
is_expected.to contain_anchor('keystone::config::begin')
is_expected.to contain_anchor('keystone::config::end')
is_expected.to contain_anchor('keystone::db::begin')
is_expected.to contain_anchor('keystone::db::end')
is_expected.to contain_anchor('keystone::dbsync::begin')
is_expected.to contain_anchor('keystone::dbsync::end')
is_expected.to contain_anchor('keystone::service::begin')
is_expected.to contain_anchor('keystone::service::end')
end
end

13
spec/classes/keystone_spec.rb
View File

@ -133,7 +133,10 @@ describe 'keystone' do
:command => 'keystone-manage db_sync',
:user => 'keystone',
:refreshonly => true,
:subscribe => ['Package[keystone]', 'Keystone_config[database/connection]'],
:subscribe => ['Anchor[keystone::install::end]',
'Anchor[keystone::config::end]',
'Anchor[keystone::dbsync::begin]'],
:notify => 'Anchor[keystone::dbsync::end]',
)
end
end
@ -262,7 +265,7 @@ describe 'keystone' do
'tag' => 'keystone-service',
) }
it { is_expected.to contain_anchor('keystone_started') }
it { is_expected.to contain_anchor('keystone::service::end') }
end
end
@ -273,7 +276,7 @@ describe 'keystone' do
end
let :pre_condition do
'include ::apache'
'include ::keystone::wsgi::apache'
end
it_configures 'core keystone examples', httpd_params
@ -290,7 +293,7 @@ describe 'keystone' do
'enable' => false,
'validate' => false
)}
it { is_expected.to contain_service('keystone').with_before(/Service\[#{platform_parameters[:httpd_service_name]}\]/) }
it { is_expected.to contain_service('httpd').with_before(/Anchor\[keystone::service::end\]/) }
it { is_expected.to contain_exec('restart_keystone').with(
'command' => "service #{platform_parameters[:httpd_service_name]} restart",
) }
@ -315,7 +318,7 @@ describe 'keystone' do
'hasstatus' => true,
'hasrestart' => true
) }
it { is_expected.to contain_anchor('keystone_started') }
it { is_expected.to contain_anchor('keystone::service::end') }
end
describe 'when configuring signing token provider' do

10
spec/classes/keystone_wsgi_apache_spec.rb
View File

@ -29,7 +29,7 @@ describe 'keystone::wsgi::apache' do
'ensure' => 'directory',
'owner' => 'keystone',
'group' => 'keystone',
'require' => 'Package[httpd]'
'require' => 'Anchor[keystone::install::end]',
)}
it { is_expected.to contain_file('keystone_wsgi_admin').with(
@ -39,7 +39,7 @@ describe 'keystone::wsgi::apache' do
'owner' => 'keystone',
'group' => 'keystone',
'mode' => '0644',
'require' => ["File[#{platform_parameters[:wsgi_script_path]}]", "Package[keystone]"]
'require' => "File[#{platform_parameters[:wsgi_script_path]}]",
)}
it { is_expected.to contain_file('keystone_wsgi_main').with(
@ -49,7 +49,7 @@ describe 'keystone::wsgi::apache' do
'owner' => 'keystone',
'group' => 'keystone',
'mode' => '0644',
'require' => ["File[#{platform_parameters[:wsgi_script_path]}]", "Package[keystone]"]
'require' => "File[#{platform_parameters[:wsgi_script_path]}]",
)}
it { is_expected.to contain_apache__vhost('keystone_wsgi_admin').with(
@ -282,7 +282,7 @@ describe 'keystone::wsgi::apache' do
'owner' => 'keystone',
'group' => 'keystone',
'mode' => '0644',
'require' => ["File[#{platform_parameters[:wsgi_script_path]}]", "Package[keystone]"]
'require' => "File[#{platform_parameters[:wsgi_script_path]}]",
)}
it { is_expected.to contain_file('keystone_wsgi_main').with(
@ -292,7 +292,7 @@ describe 'keystone::wsgi::apache' do
'owner' => 'keystone',
'group' => 'keystone',
'mode' => '0644',
'require' => ["File[#{platform_parameters[:wsgi_script_path]}]", "Package[keystone]"]
'require' => "File[#{platform_parameters[:wsgi_script_path]}]",
)}
end