openstack
/
puppet-keystone
Code Issues Proposed changes

Update keystone wsgi scripts 

This change updates the wsgi configuration for keystone to use the
keystone-wsgi-public and keystone-wsgi-admin scripts provided. The
previous httpd.py implementation has been deprecated as part of the
Mitaka cycle. We are deprecating the previous single script variable
that was used for both endpoints infavor of two new variables for each
of the scripts.

Change-Id: I03a7a057cae0bf86331191faf47ec394487150a7
Closes-Bug: #1558290
This commit is contained in:
Alex Schultz 2016-03-17 16:00:29 -06:00
parent ce5b4a30e3
commit e812075fd9
4 changed files with 120 additions and 99 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
manifests/params.pp
View File

@ -5,12 +5,13 @@ class keystone::params {
$client_package_name = 'python-keystone'
$keystone_user = 'keystone'
$keystone_group = 'keystone'
$keystone_wsgi_admin_script_path = '/usr/bin/keystone-wsgi-admin'
$keystone_wsgi_public_script_path = '/usr/bin/keystone-wsgi-public'
case $::osfamily {
'Debian': {
$package_name = 'keystone'
$service_name = 'keystone'
$keystone_wsgi_script_path = '/usr/lib/cgi-bin/keystone'
$keystone_wsgi_script_source = '/usr/share/keystone/wsgi.py'
$python_memcache_package_name = 'python-memcache'
$mellon_package_name = 'libapache2-mod-auth-mellon'
}
@ -19,7 +20,6 @@ class keystone::params {
$service_name = 'openstack-keystone'
$keystone_wsgi_script_path = '/var/www/cgi-bin/keystone'
$python_memcache_package_name = 'python-memcached'
$keystone_wsgi_script_source = '/usr/share/keystone/keystone.wsgi'
$mellon_package_name = 'mod_auth_mellon'
}
default: {

125
manifests/wsgi/apache.pp
View File

@ -85,14 +85,6 @@
# (optional) The number of threads for the vhost.
# Defaults to $::processorcount
#
# [*wsgi_script_ensure*]
# (optional) File ensure parameter for wsgi scripts.
# Defaults to 'file'.
#
# [*wsgi_script_source*]
# (optional) Wsgi script source.
# Defaults to undef.
#
# [*wsgi_application_group*]
# (optional) The application group of the WSGI script.
# Defaults to '%{GLOBAL}'
@ -102,6 +94,22 @@
# script when the equivalent HTTP request headers are present.
# Defaults to 'On'
#
# [*wsgi_script_ensure*]
# (optional) File ensure parameter for wsgi scripts.
# Defaults to undef.
#
# [*wsgi_admin_script_source*]
# (optional) Wsgi script source for the admin endpoint. If set to undef
# $::keystone::params::keystone_wsgi_admin_script_path is used. This source
# is copied to the apache cgi-bin path as keystone-admin.
# Defaults to undef.
#
# [*wsgi_public_script_source*]
# (optional) Wsgi script source for the public endpoint. If set to undef
# $::keystone::params::keystone_wsgi_public_script_path is used. This source
# is copied to the apache cgi-bin path as keystone-admin.
# Defaults to undef.
#
# [*access_log_format*]
# The log format for the virtualhost.
# Optional. Defaults to false.
@ -119,6 +127,12 @@
# (optional) apache::vhost wsgi_chunked_request parameter.
# Defaults to undef
#
# DEPRECATED OPTIONS
#
# [*wsgi_script_source*]
# (optional) Wsgi script source.
# Defaults to undef.
#
# == Dependencies
#
# requires Class['apache'] & Class['keystone']
@ -143,33 +157,35 @@
# Copyright 2013 eNovance <licensing@enovance.com>
#
class keystone::wsgi::apache (
$servername = $::fqdn,
$public_port = 5000,
$admin_port = 35357,
$bind_host = undef,
$admin_bind_host = undef,
$public_path = '/',
$admin_path = '/',
$ssl = true,
$workers = 1,
$ssl_cert = undef,
$ssl_key = undef,
$ssl_chain = undef,
$ssl_ca = undef,
$ssl_crl_path = undef,
$ssl_crl = undef,
$ssl_certs_dir = undef,
$threads = $::processorcount,
$priority = '10',
$wsgi_script_ensure = 'file',
$wsgi_script_source = undef,
$wsgi_application_group = '%{GLOBAL}',
$wsgi_pass_authorization = 'On',
$wsgi_chunked_request = undef,
$access_log_format = false,
$headers = undef,
$vhost_custom_fragment = undef,
$servername = $::fqdn,
$public_port = 5000,
$admin_port = 35357,
$bind_host = undef,
$admin_bind_host = undef,
$public_path = '/',
$admin_path = '/',
$ssl = true,
$workers = 1,
$ssl_cert = undef,
$ssl_key = undef,
$ssl_chain = undef,
$ssl_ca = undef,
$ssl_crl_path = undef,
$ssl_crl = undef,
$ssl_certs_dir = undef,
$threads = $::processorcount,
$priority = '10',
$wsgi_application_group = '%{GLOBAL}',
$wsgi_pass_authorization = 'On',
$wsgi_chunked_request = undef,
$wsgi_admin_script_source = undef,
$wsgi_public_script_source = undef,
$wsgi_script_ensure = undef,
$access_log_format = false,
$headers = undef,
$vhost_custom_fragment = undef,
#DEPRECATED
$wsgi_script_source = undef,
) {
include ::keystone::deps
@ -223,13 +239,10 @@ class keystone::wsgi::apache (
require => Anchor['keystone::install::end'],
}
$wsgi_files = {
'keystone_wsgi_admin' => {
'path' => "${::keystone::params::keystone_wsgi_script_path}/admin",
},
'keystone_wsgi_main' => {
'path' => "${::keystone::params::keystone_wsgi_script_path}/main",
},
$wsgi_file_target = $wsgi_script_ensure ? {
'link' => 'target',
default => 'source'
}
$wsgi_file_defaults = {
@ -240,17 +253,27 @@ class keystone::wsgi::apache (
'require' => File[$::keystone::params::keystone_wsgi_script_path],
}
$wsgi_script_source_real = $wsgi_script_source ? {
default => $wsgi_script_source,
undef => $::keystone::params::keystone_wsgi_script_source,
if $wsgi_script_source {
warning('The single wsgi script source has been deprecated as part of the Mitaka cycle, please switch to $wsgi_admin_script_source and $wsgi_public_script_source')
$wsgi_admin_source = $wsgi_script_source
$wsgi_public_source = $wsgi_script_source
} else {
$wsgi_admin_source = $::keystone::params::keystone_wsgi_admin_script_path
$wsgi_public_source = $::keystone::params::keystone_wsgi_public_script_path
}
case $wsgi_script_ensure {
'link': { $wsgi_file_source = { 'target' => $wsgi_script_source_real } }
default: { $wsgi_file_source = { 'source' => $wsgi_script_source_real } }
$wsgi_files = {
'keystone_wsgi_admin' => {
'path' => "${::keystone::params::keystone_wsgi_script_path}/keystone-admin",
"${wsgi_file_target}" => $wsgi_admin_source,
},
'keystone_wsgi_main' => {
'path' => "${::keystone::params::keystone_wsgi_script_path}/keystone-public",
"${wsgi_file_target}" => $wsgi_public_source,
},
}
create_resources('file', $wsgi_files, merge($wsgi_file_defaults, $wsgi_file_source))
create_resources('file', $wsgi_files, $wsgi_file_defaults)
$wsgi_daemon_process_options_main = {
user => 'keystone',
@ -268,8 +291,8 @@ class keystone::wsgi::apache (
display-name => 'keystone-admin',
}
$wsgi_script_aliases_main = hash([$public_path_real,"${::keystone::params::keystone_wsgi_script_path}/main"])
$wsgi_script_aliases_admin = hash([$admin_path_real, "${::keystone::params::keystone_wsgi_script_path}/admin"])
$wsgi_script_aliases_main = hash([$public_path_real,"${::keystone::params::keystone_wsgi_script_path}/keystone-public"])
$wsgi_script_aliases_admin = hash([$admin_path_real, "${::keystone::params::keystone_wsgi_script_path}/keystone-admin"])
if $public_port == $admin_port {
$wsgi_script_aliases_main_real = merge($wsgi_script_aliases_main, $wsgi_script_aliases_admin)

11
releasenotes/notes/keystone-wsgi-scripts-0d772d1f9f2d6c57.yaml Normal file
View File

@ -0,0 +1,11 @@
---
deprecations:
- The single wsgi script for both the keystone admin and
public endpoints have been deprecated upstream. As such,
our support of a single wsgi script for keystone is also
deprecated.
other:
- Add support for the newer admin and public wsgi scripts
for keystone. Also added is the ability to provide a custom
script for each of these. By default, the module will leverage
scripts provided by the keystone package.

79
spec/classes/keystone_wsgi_apache_spec.rb
View File

@ -34,8 +34,8 @@ describe 'keystone::wsgi::apache' do
it { is_expected.to contain_file('keystone_wsgi_admin').with(
'ensure' => 'file',
'path' => "#{platform_parameters[:wsgi_script_path]}/admin",
'source' => platform_parameters[:wsgi_script_source],
'path' => "#{platform_parameters[:wsgi_script_path]}/keystone-admin",
'source' => platform_parameters[:wsgi_admin_script_source],
'owner' => 'keystone',
'group' => 'keystone',
'mode' => '0644',
@ -44,8 +44,8 @@ describe 'keystone::wsgi::apache' do
it { is_expected.to contain_file('keystone_wsgi_main').with(
'ensure' => 'file',
'path' => "#{platform_parameters[:wsgi_script_path]}/main",
'source' => platform_parameters[:wsgi_script_source],
'path' => "#{platform_parameters[:wsgi_script_path]}/keystone-public",
'source' => platform_parameters[:wsgi_public_script_source],
'owner' => 'keystone',
'group' => 'keystone',
'mode' => '0644',
@ -69,7 +69,7 @@ describe 'keystone::wsgi::apache' do
'display-name' => 'keystone-admin',
},
'wsgi_process_group' => 'keystone_admin',
'wsgi_script_aliases' => { '/' => "#{platform_parameters[:wsgi_script_path]}/admin" },
'wsgi_script_aliases' => { '/' => "#{platform_parameters[:wsgi_script_path]}/keystone-admin" },
'wsgi_application_group' => '%{GLOBAL}',
'wsgi_pass_authorization' => 'On',
'headers' => nil,
@ -135,7 +135,7 @@ describe 'keystone::wsgi::apache' do
'display-name' => 'keystone-admin',
},
'wsgi_process_group' => 'keystone_admin',
'wsgi_script_aliases' => { '/' => "#{platform_parameters[:wsgi_script_path]}/admin" },
'wsgi_script_aliases' => { '/' => "#{platform_parameters[:wsgi_script_path]}/keystone-admin" },
'wsgi_application_group' => '%{GLOBAL}',
'wsgi_pass_authorization' => 'On',
'require' => 'File[keystone_wsgi_admin]',
@ -229,8 +229,8 @@ describe 'keystone::wsgi::apache' do
},
'wsgi_process_group' => 'keystone_main',
'wsgi_script_aliases' => {
'/main/endpoint' => "#{platform_parameters[:wsgi_script_path]}/main",
'/admin/endpoint' => "#{platform_parameters[:wsgi_script_path]}/admin"
'/main/endpoint' => "#{platform_parameters[:wsgi_script_path]}/keystone-public",
'/admin/endpoint' => "#{platform_parameters[:wsgi_script_path]}/keystone-admin"
},
'wsgi_application_group' => '%{GLOBAL}',
'wsgi_pass_authorization' => 'On',
@ -277,7 +277,7 @@ describe 'keystone::wsgi::apache' do
it { is_expected.to contain_file('keystone_wsgi_admin').with(
'ensure' => 'link',
'path' => "#{platform_parameters[:wsgi_script_path]}/admin",
'path' => "#{platform_parameters[:wsgi_script_path]}/keystone-admin",
'target' => '/opt/keystone/httpd/keystone.py',
'owner' => 'keystone',
'group' => 'keystone',
@ -287,7 +287,7 @@ describe 'keystone::wsgi::apache' do
it { is_expected.to contain_file('keystone_wsgi_main').with(
'ensure' => 'link',
'path' => "#{platform_parameters[:wsgi_script_path]}/main",
'path' => "#{platform_parameters[:wsgi_script_path]}/keystone-public",
'target' => '/opt/keystone/httpd/keystone.py',
'owner' => 'keystone',
'group' => 'keystone',
@ -327,44 +327,31 @@ describe 'keystone::wsgi::apache' do
end
end
context 'on RedHat platforms' do
let :facts do
@default_facts.merge(global_facts.merge({
:osfamily => 'RedHat',
:operatingsystemrelease => '6.0'
}))
on_supported_os({
}).each do |os,facts|
let (:facts) do
facts.merge!(OSDefaults.get_facts({}))
end
let :platform_parameters do
{
:httpd_service_name => 'httpd',
:httpd_ports_file => '/etc/httpd/conf/ports.conf',
:wsgi_script_path => '/var/www/cgi-bin/keystone',
:wsgi_script_source => '/usr/share/keystone/keystone.wsgi'
}
let(:platform_params) do
case facts[:osfamily]
when 'Debian'
{
:httpd_service_name => 'apache2',
:httpd_ports_file => '/etc/apache2/ports.conf',
:wsgi_script_path => '/usr/lib/cgi-bin/keystone',
:wsgi_admin_script_source => '/usr/bin/keystone-wsgi-admin',
:wsgi_public_script_source => '/usr/bin/keystone-wsgi-public'
}
when 'RedHat'
{
:httpd_service_name => 'httpd',
:httpd_ports_file => '/etc/httpd/conf/ports.conf',
:wsgi_script_path => '/var/www/cgi-bin/keystone',
:wsgi_admin_script_source => '/usr/bin/keystone-wsgi-admin',
:wsgi_public_script_source => '/usr/bin/keystone-wsgi-public'
}
end
end
it_configures 'apache serving keystone with mod_wsgi'
end
context 'on Debian platforms' do
let :facts do
@default_facts.merge(global_facts.merge({
:osfamily => 'Debian',
:operatingsystem => 'Debian',
:operatingsystemrelease => '7.0'
}))
end
let :platform_parameters do
{
:httpd_service_name => 'apache2',
:httpd_ports_file => '/etc/apache2/ports.conf',
:wsgi_script_path => '/usr/lib/cgi-bin/keystone',
:wsgi_script_source => '/usr/share/keystone/wsgi.py'
}
end
it_configures 'apache serving keystone with mod_wsgi'
end
end