Update keystone wsgi scripts

This change updates the wsgi configuration for keystone to use the
keystone-wsgi-public and keystone-wsgi-admin scripts provided. The
previous httpd.py implementation has been deprecated as part of the
Mitaka cycle. We are deprecating the previous single script variable
that was used for both endpoints infavor of two new variables for each
of the scripts.

Change-Id: I03a7a057cae0bf86331191faf47ec394487150a7
Closes-Bug: #1558290

manifests/params.pp

@@ -5,12 +5,13 @@ class keystone::params {
   $client_package_name = 'python-keystone'
   $keystone_user       = 'keystone'
   $keystone_group      = 'keystone'
+  $keystone_wsgi_admin_script_path  = '/usr/bin/keystone-wsgi-admin'
+  $keystone_wsgi_public_script_path = '/usr/bin/keystone-wsgi-public'
   case $::osfamily {
     'Debian': {
       $package_name                 = 'keystone'
       $service_name                 = 'keystone'
       $keystone_wsgi_script_path    = '/usr/lib/cgi-bin/keystone'
-      $keystone_wsgi_script_source  = '/usr/share/keystone/wsgi.py'
       $python_memcache_package_name = 'python-memcache'
       $mellon_package_name          = 'libapache2-mod-auth-mellon'
     }
@@ -19,7 +20,6 @@ class keystone::params {
       $service_name                 = 'openstack-keystone'
       $keystone_wsgi_script_path    = '/var/www/cgi-bin/keystone'
       $python_memcache_package_name = 'python-memcached'
-      $keystone_wsgi_script_source  = '/usr/share/keystone/keystone.wsgi'
       $mellon_package_name          = 'mod_auth_mellon'
     }
     default: {

manifests/wsgi/apache.pp

@@ -85,14 +85,6 @@
 #     (optional) The number of threads for the vhost.
 #     Defaults to $::processorcount
 #
-#   [*wsgi_script_ensure*]
-#     (optional) File ensure parameter for wsgi scripts.
-#     Defaults to 'file'.
-#
-#   [*wsgi_script_source*]
-#     (optional) Wsgi script source.
-#     Defaults to undef.
-#
 #   [*wsgi_application_group*]
 #     (optional) The application group of the WSGI script.
 #     Defaults to '%{GLOBAL}'
@@ -102,6 +94,22 @@
 #     script when the equivalent HTTP request headers are present.
 #     Defaults to 'On'
 #
+#   [*wsgi_script_ensure*]
+#     (optional) File ensure parameter for wsgi scripts.
+#     Defaults to undef.
+#
+#   [*wsgi_admin_script_source*]
+#     (optional) Wsgi script source for the admin endpoint. If set to undef
+#     $::keystone::params::keystone_wsgi_admin_script_path is used. This source
+#     is copied to the apache cgi-bin path as keystone-admin.
+#     Defaults to undef.
+#
+#   [*wsgi_public_script_source*]
+#     (optional) Wsgi script source for the public endpoint. If set to undef
+#     $::keystone::params::keystone_wsgi_public_script_path is used. This source
+#     is copied to the apache cgi-bin path as keystone-admin.
+#     Defaults to undef.
+#
 #   [*access_log_format*]
 #     The log format for the virtualhost.
 #     Optional. Defaults to false.
@@ -119,6 +127,12 @@
 #     (optional) apache::vhost wsgi_chunked_request parameter.
 #     Defaults to undef
 #
+#  DEPRECATED OPTIONS
+#
+#   [*wsgi_script_source*]
+#     (optional) Wsgi script source.
+#     Defaults to undef.
+#
 # == Dependencies
 #
 #   requires Class['apache'] & Class['keystone']
@@ -143,33 +157,35 @@
 #   Copyright 2013 eNovance <licensing@enovance.com>
 #
 class keystone::wsgi::apache (
-  $servername              = $::fqdn,
-  $public_port             = 5000,
-  $admin_port              = 35357,
-  $bind_host               = undef,
-  $admin_bind_host         = undef,
-  $public_path             = '/',
-  $admin_path              = '/',
-  $ssl                     = true,
-  $workers                 = 1,
-  $ssl_cert                = undef,
-  $ssl_key                 = undef,
-  $ssl_chain               = undef,
-  $ssl_ca                  = undef,
-  $ssl_crl_path            = undef,
-  $ssl_crl                 = undef,
-  $ssl_certs_dir           = undef,
-  $threads                 = $::processorcount,
-  $priority                = '10',
-  $wsgi_script_ensure      = 'file',
-  $wsgi_script_source      = undef,
-  $wsgi_application_group  = '%{GLOBAL}',
-  $wsgi_pass_authorization = 'On',
-  $wsgi_chunked_request    = undef,
-
-  $access_log_format     = false,
-  $headers               = undef,
-  $vhost_custom_fragment = undef,
+  $servername                = $::fqdn,
+  $public_port               = 5000,
+  $admin_port                = 35357,
+  $bind_host                 = undef,
+  $admin_bind_host           = undef,
+  $public_path               = '/',
+  $admin_path                = '/',
+  $ssl                       = true,
+  $workers                   = 1,
+  $ssl_cert                  = undef,
+  $ssl_key                   = undef,
+  $ssl_chain                 = undef,
+  $ssl_ca                    = undef,
+  $ssl_crl_path              = undef,
+  $ssl_crl                   = undef,
+  $ssl_certs_dir             = undef,
+  $threads                   = $::processorcount,
+  $priority                  = '10',
+  $wsgi_application_group    = '%{GLOBAL}',
+  $wsgi_pass_authorization   = 'On',
+  $wsgi_chunked_request      = undef,
+  $wsgi_admin_script_source  = undef,
+  $wsgi_public_script_source = undef,
+  $wsgi_script_ensure        = undef,
+  $access_log_format         = false,
+  $headers                   = undef,
+  $vhost_custom_fragment     = undef,
+  #DEPRECATED
+  $wsgi_script_source        = undef,
 ) {
 
   include ::keystone::deps
@@ -223,13 +239,10 @@ class keystone::wsgi::apache (
     require => Anchor['keystone::install::end'],
   }
 
-  $wsgi_files = {
-    'keystone_wsgi_admin' => {
-      'path' => "${::keystone::params::keystone_wsgi_script_path}/admin",
-    },
-    'keystone_wsgi_main'  => {
-      'path' => "${::keystone::params::keystone_wsgi_script_path}/main",
-    },
+
+  $wsgi_file_target = $wsgi_script_ensure ? {
+    'link'  => 'target',
+    default => 'source'
   }
 
   $wsgi_file_defaults = {
@@ -240,17 +253,27 @@ class keystone::wsgi::apache (
     'require' => File[$::keystone::params::keystone_wsgi_script_path],
   }
 
-  $wsgi_script_source_real = $wsgi_script_source ? {
-    default => $wsgi_script_source,
-    undef   => $::keystone::params::keystone_wsgi_script_source,
+  if $wsgi_script_source {
+    warning('The single wsgi script source has been deprecated as part of the Mitaka cycle, please switch to $wsgi_admin_script_source and $wsgi_public_script_source')
+    $wsgi_admin_source = $wsgi_script_source
+    $wsgi_public_source = $wsgi_script_source
+  } else {
+    $wsgi_admin_source = $::keystone::params::keystone_wsgi_admin_script_path
+    $wsgi_public_source = $::keystone::params::keystone_wsgi_public_script_path
   }
 
-  case $wsgi_script_ensure {
-    'link':  { $wsgi_file_source = { 'target' => $wsgi_script_source_real } }
-    default: { $wsgi_file_source = { 'source' => $wsgi_script_source_real } }
+  $wsgi_files = {
+    'keystone_wsgi_admin' => {
+      'path'                => "${::keystone::params::keystone_wsgi_script_path}/keystone-admin",
+      "${wsgi_file_target}" => $wsgi_admin_source,
+    },
+    'keystone_wsgi_main'  => {
+      'path'                => "${::keystone::params::keystone_wsgi_script_path}/keystone-public",
+      "${wsgi_file_target}" => $wsgi_public_source,
+    },
   }
 
-  create_resources('file', $wsgi_files, merge($wsgi_file_defaults, $wsgi_file_source))
+  create_resources('file', $wsgi_files, $wsgi_file_defaults)
 
   $wsgi_daemon_process_options_main = {
     user         => 'keystone',
@@ -268,8 +291,8 @@ class keystone::wsgi::apache (
     display-name => 'keystone-admin',
   }
 
-  $wsgi_script_aliases_main = hash([$public_path_real,"${::keystone::params::keystone_wsgi_script_path}/main"])
-  $wsgi_script_aliases_admin = hash([$admin_path_real, "${::keystone::params::keystone_wsgi_script_path}/admin"])
+  $wsgi_script_aliases_main = hash([$public_path_real,"${::keystone::params::keystone_wsgi_script_path}/keystone-public"])
+  $wsgi_script_aliases_admin = hash([$admin_path_real, "${::keystone::params::keystone_wsgi_script_path}/keystone-admin"])
 
   if $public_port == $admin_port {
     $wsgi_script_aliases_main_real = merge($wsgi_script_aliases_main, $wsgi_script_aliases_admin)

releasenotes/notes/keystone-wsgi-scripts-0d772d1f9f2d6c57.yaml

@@ -0,0 +1,11 @@
+---
+deprecations:
+  - The single wsgi script for both the keystone admin and
+    public endpoints have been deprecated upstream. As such,
+    our support of a single wsgi script for keystone is also
+    deprecated.
+other:
+  - Add support for the newer admin and public wsgi scripts
+    for keystone. Also added is the ability to provide a custom
+    script for each of these. By default, the module will leverage
+    scripts provided by the keystone package.

spec/classes/keystone_wsgi_apache_spec.rb

@@ -34,8 +34,8 @@ describe 'keystone::wsgi::apache' do
 
       it { is_expected.to contain_file('keystone_wsgi_admin').with(
         'ensure'  => 'file',
-        'path'    => "#{platform_parameters[:wsgi_script_path]}/admin",
-        'source'  => platform_parameters[:wsgi_script_source],
+        'path'    => "#{platform_parameters[:wsgi_script_path]}/keystone-admin",
+        'source'  => platform_parameters[:wsgi_admin_script_source],
         'owner'   => 'keystone',
         'group'   => 'keystone',
         'mode'    => '0644',
@@ -44,8 +44,8 @@ describe 'keystone::wsgi::apache' do
 
       it { is_expected.to contain_file('keystone_wsgi_main').with(
         'ensure'  => 'file',
-        'path'    => "#{platform_parameters[:wsgi_script_path]}/main",
-        'source'  => platform_parameters[:wsgi_script_source],
+        'path'    => "#{platform_parameters[:wsgi_script_path]}/keystone-public",
+        'source'  => platform_parameters[:wsgi_public_script_source],
         'owner'   => 'keystone',
         'group'   => 'keystone',
         'mode'    => '0644',
@@ -69,7 +69,7 @@ describe 'keystone::wsgi::apache' do
           'display-name' => 'keystone-admin',
         },
         'wsgi_process_group'          => 'keystone_admin',
-        'wsgi_script_aliases'         => { '/' => "#{platform_parameters[:wsgi_script_path]}/admin" },
+        'wsgi_script_aliases'         => { '/' => "#{platform_parameters[:wsgi_script_path]}/keystone-admin" },
         'wsgi_application_group'      => '%{GLOBAL}',
         'wsgi_pass_authorization'     => 'On',
         'headers'                     => nil,
@@ -135,7 +135,7 @@ describe 'keystone::wsgi::apache' do
           'display-name' => 'keystone-admin',
         },
         'wsgi_process_group'          => 'keystone_admin',
-        'wsgi_script_aliases'         => { '/' => "#{platform_parameters[:wsgi_script_path]}/admin" },
+        'wsgi_script_aliases'         => { '/' => "#{platform_parameters[:wsgi_script_path]}/keystone-admin" },
         'wsgi_application_group'      => '%{GLOBAL}',
         'wsgi_pass_authorization'     => 'On',
         'require'                     => 'File[keystone_wsgi_admin]',
@@ -229,8 +229,8 @@ describe 'keystone::wsgi::apache' do
         },
         'wsgi_process_group'          => 'keystone_main',
         'wsgi_script_aliases'         => {
-        '/main/endpoint'  => "#{platform_parameters[:wsgi_script_path]}/main",
-        '/admin/endpoint' => "#{platform_parameters[:wsgi_script_path]}/admin"
+        '/main/endpoint'  => "#{platform_parameters[:wsgi_script_path]}/keystone-public",
+        '/admin/endpoint' => "#{platform_parameters[:wsgi_script_path]}/keystone-admin"
         },
         'wsgi_application_group'      => '%{GLOBAL}',
         'wsgi_pass_authorization'     => 'On',
@@ -277,7 +277,7 @@ describe 'keystone::wsgi::apache' do
 
       it { is_expected.to contain_file('keystone_wsgi_admin').with(
         'ensure'  => 'link',
-        'path'    => "#{platform_parameters[:wsgi_script_path]}/admin",
+        'path'    => "#{platform_parameters[:wsgi_script_path]}/keystone-admin",
         'target'  => '/opt/keystone/httpd/keystone.py',
         'owner'   => 'keystone',
         'group'   => 'keystone',
@@ -287,7 +287,7 @@ describe 'keystone::wsgi::apache' do
 
       it { is_expected.to contain_file('keystone_wsgi_main').with(
         'ensure'  => 'link',
-        'path'    => "#{platform_parameters[:wsgi_script_path]}/main",
+        'path'    => "#{platform_parameters[:wsgi_script_path]}/keystone-public",
         'target'  => '/opt/keystone/httpd/keystone.py',
         'owner'   => 'keystone',
         'group'   => 'keystone',
@@ -327,44 +327,31 @@ describe 'keystone::wsgi::apache' do
     end
   end
 
-  context 'on RedHat platforms' do
-    let :facts do
-      @default_facts.merge(global_facts.merge({
-        :osfamily               => 'RedHat',
-        :operatingsystemrelease => '6.0'
-      }))
+  on_supported_os({
+  }).each do |os,facts|
+    let (:facts) do
+      facts.merge!(OSDefaults.get_facts({}))
     end
 
-    let :platform_parameters do
-      {
-        :httpd_service_name => 'httpd',
-        :httpd_ports_file   => '/etc/httpd/conf/ports.conf',
-        :wsgi_script_path   => '/var/www/cgi-bin/keystone',
-        :wsgi_script_source => '/usr/share/keystone/keystone.wsgi'
-      }
+    let(:platform_params) do
+      case facts[:osfamily]
+      when 'Debian'
+        {
+          :httpd_service_name => 'apache2',
+          :httpd_ports_file   => '/etc/apache2/ports.conf',
+          :wsgi_script_path   => '/usr/lib/cgi-bin/keystone',
+          :wsgi_admin_script_source => '/usr/bin/keystone-wsgi-admin',
+          :wsgi_public_script_source => '/usr/bin/keystone-wsgi-public'
+        }
+      when 'RedHat'
+        {
+          :httpd_service_name => 'httpd',
+          :httpd_ports_file   => '/etc/httpd/conf/ports.conf',
+          :wsgi_script_path   => '/var/www/cgi-bin/keystone',
+          :wsgi_admin_script_source => '/usr/bin/keystone-wsgi-admin',
+          :wsgi_public_script_source => '/usr/bin/keystone-wsgi-public'
+        }
+      end
     end
-
-    it_configures 'apache serving keystone with mod_wsgi'
-  end
-
-  context 'on Debian platforms' do
-    let :facts do
-      @default_facts.merge(global_facts.merge({
-        :osfamily               => 'Debian',
-        :operatingsystem        => 'Debian',
-        :operatingsystemrelease => '7.0'
-      }))
-    end
-
-    let :platform_parameters do
-      {
-        :httpd_service_name => 'apache2',
-        :httpd_ports_file   => '/etc/apache2/ports.conf',
-        :wsgi_script_path   => '/usr/lib/cgi-bin/keystone',
-        :wsgi_script_source => '/usr/share/keystone/wsgi.py'
-      }
-    end
-
-    it_configures 'apache serving keystone with mod_wsgi'
   end
 end