From e812075fd9ed7c0754e00adaf74db6eeaf403bc1 Mon Sep 17 00:00:00 2001 From: Alex Schultz Date: Thu, 17 Mar 2016 16:00:29 -0600 Subject: [PATCH] Update keystone wsgi scripts This change updates the wsgi configuration for keystone to use the keystone-wsgi-public and keystone-wsgi-admin scripts provided. The previous httpd.py implementation has been deprecated as part of the Mitaka cycle. We are deprecating the previous single script variable that was used for both endpoints infavor of two new variables for each of the scripts. Change-Id: I03a7a057cae0bf86331191faf47ec394487150a7 Closes-Bug: #1558290 --- manifests/params.pp | 4 +- manifests/wsgi/apache.pp | 125 +++++++++++------- ...eystone-wsgi-scripts-0d772d1f9f2d6c57.yaml | 11 ++ spec/classes/keystone_wsgi_apache_spec.rb | 79 +++++------ 4 files changed, 120 insertions(+), 99 deletions(-) create mode 100644 releasenotes/notes/keystone-wsgi-scripts-0d772d1f9f2d6c57.yaml diff --git a/manifests/params.pp b/manifests/params.pp index 7738d4351..553b081a6 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -5,12 +5,13 @@ class keystone::params { $client_package_name = 'python-keystone' $keystone_user = 'keystone' $keystone_group = 'keystone' + $keystone_wsgi_admin_script_path = '/usr/bin/keystone-wsgi-admin' + $keystone_wsgi_public_script_path = '/usr/bin/keystone-wsgi-public' case $::osfamily { 'Debian': { $package_name = 'keystone' $service_name = 'keystone' $keystone_wsgi_script_path = '/usr/lib/cgi-bin/keystone' - $keystone_wsgi_script_source = '/usr/share/keystone/wsgi.py' $python_memcache_package_name = 'python-memcache' $mellon_package_name = 'libapache2-mod-auth-mellon' } @@ -19,7 +20,6 @@ class keystone::params { $service_name = 'openstack-keystone' $keystone_wsgi_script_path = '/var/www/cgi-bin/keystone' $python_memcache_package_name = 'python-memcached' - $keystone_wsgi_script_source = '/usr/share/keystone/keystone.wsgi' $mellon_package_name = 'mod_auth_mellon' } default: { diff --git a/manifests/wsgi/apache.pp b/manifests/wsgi/apache.pp index bf69be6bc..888ac1cbf 100644 --- a/manifests/wsgi/apache.pp +++ b/manifests/wsgi/apache.pp @@ -85,14 +85,6 @@ # (optional) The number of threads for the vhost. # Defaults to $::processorcount # -# [*wsgi_script_ensure*] -# (optional) File ensure parameter for wsgi scripts. -# Defaults to 'file'. -# -# [*wsgi_script_source*] -# (optional) Wsgi script source. -# Defaults to undef. -# # [*wsgi_application_group*] # (optional) The application group of the WSGI script. # Defaults to '%{GLOBAL}' @@ -102,6 +94,22 @@ # script when the equivalent HTTP request headers are present. # Defaults to 'On' # +# [*wsgi_script_ensure*] +# (optional) File ensure parameter for wsgi scripts. +# Defaults to undef. +# +# [*wsgi_admin_script_source*] +# (optional) Wsgi script source for the admin endpoint. If set to undef +# $::keystone::params::keystone_wsgi_admin_script_path is used. This source +# is copied to the apache cgi-bin path as keystone-admin. +# Defaults to undef. +# +# [*wsgi_public_script_source*] +# (optional) Wsgi script source for the public endpoint. If set to undef +# $::keystone::params::keystone_wsgi_public_script_path is used. This source +# is copied to the apache cgi-bin path as keystone-admin. +# Defaults to undef. +# # [*access_log_format*] # The log format for the virtualhost. # Optional. Defaults to false. @@ -119,6 +127,12 @@ # (optional) apache::vhost wsgi_chunked_request parameter. # Defaults to undef # +# DEPRECATED OPTIONS +# +# [*wsgi_script_source*] +# (optional) Wsgi script source. +# Defaults to undef. +# # == Dependencies # # requires Class['apache'] & Class['keystone'] @@ -143,33 +157,35 @@ # Copyright 2013 eNovance # class keystone::wsgi::apache ( - $servername = $::fqdn, - $public_port = 5000, - $admin_port = 35357, - $bind_host = undef, - $admin_bind_host = undef, - $public_path = '/', - $admin_path = '/', - $ssl = true, - $workers = 1, - $ssl_cert = undef, - $ssl_key = undef, - $ssl_chain = undef, - $ssl_ca = undef, - $ssl_crl_path = undef, - $ssl_crl = undef, - $ssl_certs_dir = undef, - $threads = $::processorcount, - $priority = '10', - $wsgi_script_ensure = 'file', - $wsgi_script_source = undef, - $wsgi_application_group = '%{GLOBAL}', - $wsgi_pass_authorization = 'On', - $wsgi_chunked_request = undef, - - $access_log_format = false, - $headers = undef, - $vhost_custom_fragment = undef, + $servername = $::fqdn, + $public_port = 5000, + $admin_port = 35357, + $bind_host = undef, + $admin_bind_host = undef, + $public_path = '/', + $admin_path = '/', + $ssl = true, + $workers = 1, + $ssl_cert = undef, + $ssl_key = undef, + $ssl_chain = undef, + $ssl_ca = undef, + $ssl_crl_path = undef, + $ssl_crl = undef, + $ssl_certs_dir = undef, + $threads = $::processorcount, + $priority = '10', + $wsgi_application_group = '%{GLOBAL}', + $wsgi_pass_authorization = 'On', + $wsgi_chunked_request = undef, + $wsgi_admin_script_source = undef, + $wsgi_public_script_source = undef, + $wsgi_script_ensure = undef, + $access_log_format = false, + $headers = undef, + $vhost_custom_fragment = undef, + #DEPRECATED + $wsgi_script_source = undef, ) { include ::keystone::deps @@ -223,13 +239,10 @@ class keystone::wsgi::apache ( require => Anchor['keystone::install::end'], } - $wsgi_files = { - 'keystone_wsgi_admin' => { - 'path' => "${::keystone::params::keystone_wsgi_script_path}/admin", - }, - 'keystone_wsgi_main' => { - 'path' => "${::keystone::params::keystone_wsgi_script_path}/main", - }, + + $wsgi_file_target = $wsgi_script_ensure ? { + 'link' => 'target', + default => 'source' } $wsgi_file_defaults = { @@ -240,17 +253,27 @@ class keystone::wsgi::apache ( 'require' => File[$::keystone::params::keystone_wsgi_script_path], } - $wsgi_script_source_real = $wsgi_script_source ? { - default => $wsgi_script_source, - undef => $::keystone::params::keystone_wsgi_script_source, + if $wsgi_script_source { + warning('The single wsgi script source has been deprecated as part of the Mitaka cycle, please switch to $wsgi_admin_script_source and $wsgi_public_script_source') + $wsgi_admin_source = $wsgi_script_source + $wsgi_public_source = $wsgi_script_source + } else { + $wsgi_admin_source = $::keystone::params::keystone_wsgi_admin_script_path + $wsgi_public_source = $::keystone::params::keystone_wsgi_public_script_path } - case $wsgi_script_ensure { - 'link': { $wsgi_file_source = { 'target' => $wsgi_script_source_real } } - default: { $wsgi_file_source = { 'source' => $wsgi_script_source_real } } + $wsgi_files = { + 'keystone_wsgi_admin' => { + 'path' => "${::keystone::params::keystone_wsgi_script_path}/keystone-admin", + "${wsgi_file_target}" => $wsgi_admin_source, + }, + 'keystone_wsgi_main' => { + 'path' => "${::keystone::params::keystone_wsgi_script_path}/keystone-public", + "${wsgi_file_target}" => $wsgi_public_source, + }, } - create_resources('file', $wsgi_files, merge($wsgi_file_defaults, $wsgi_file_source)) + create_resources('file', $wsgi_files, $wsgi_file_defaults) $wsgi_daemon_process_options_main = { user => 'keystone', @@ -268,8 +291,8 @@ class keystone::wsgi::apache ( display-name => 'keystone-admin', } - $wsgi_script_aliases_main = hash([$public_path_real,"${::keystone::params::keystone_wsgi_script_path}/main"]) - $wsgi_script_aliases_admin = hash([$admin_path_real, "${::keystone::params::keystone_wsgi_script_path}/admin"]) + $wsgi_script_aliases_main = hash([$public_path_real,"${::keystone::params::keystone_wsgi_script_path}/keystone-public"]) + $wsgi_script_aliases_admin = hash([$admin_path_real, "${::keystone::params::keystone_wsgi_script_path}/keystone-admin"]) if $public_port == $admin_port { $wsgi_script_aliases_main_real = merge($wsgi_script_aliases_main, $wsgi_script_aliases_admin) diff --git a/releasenotes/notes/keystone-wsgi-scripts-0d772d1f9f2d6c57.yaml b/releasenotes/notes/keystone-wsgi-scripts-0d772d1f9f2d6c57.yaml new file mode 100644 index 000000000..0080c2896 --- /dev/null +++ b/releasenotes/notes/keystone-wsgi-scripts-0d772d1f9f2d6c57.yaml @@ -0,0 +1,11 @@ +--- +deprecations: + - The single wsgi script for both the keystone admin and + public endpoints have been deprecated upstream. As such, + our support of a single wsgi script for keystone is also + deprecated. +other: + - Add support for the newer admin and public wsgi scripts + for keystone. Also added is the ability to provide a custom + script for each of these. By default, the module will leverage + scripts provided by the keystone package. diff --git a/spec/classes/keystone_wsgi_apache_spec.rb b/spec/classes/keystone_wsgi_apache_spec.rb index dcaf81410..502bd6c5d 100644 --- a/spec/classes/keystone_wsgi_apache_spec.rb +++ b/spec/classes/keystone_wsgi_apache_spec.rb @@ -34,8 +34,8 @@ describe 'keystone::wsgi::apache' do it { is_expected.to contain_file('keystone_wsgi_admin').with( 'ensure' => 'file', - 'path' => "#{platform_parameters[:wsgi_script_path]}/admin", - 'source' => platform_parameters[:wsgi_script_source], + 'path' => "#{platform_parameters[:wsgi_script_path]}/keystone-admin", + 'source' => platform_parameters[:wsgi_admin_script_source], 'owner' => 'keystone', 'group' => 'keystone', 'mode' => '0644', @@ -44,8 +44,8 @@ describe 'keystone::wsgi::apache' do it { is_expected.to contain_file('keystone_wsgi_main').with( 'ensure' => 'file', - 'path' => "#{platform_parameters[:wsgi_script_path]}/main", - 'source' => platform_parameters[:wsgi_script_source], + 'path' => "#{platform_parameters[:wsgi_script_path]}/keystone-public", + 'source' => platform_parameters[:wsgi_public_script_source], 'owner' => 'keystone', 'group' => 'keystone', 'mode' => '0644', @@ -69,7 +69,7 @@ describe 'keystone::wsgi::apache' do 'display-name' => 'keystone-admin', }, 'wsgi_process_group' => 'keystone_admin', - 'wsgi_script_aliases' => { '/' => "#{platform_parameters[:wsgi_script_path]}/admin" }, + 'wsgi_script_aliases' => { '/' => "#{platform_parameters[:wsgi_script_path]}/keystone-admin" }, 'wsgi_application_group' => '%{GLOBAL}', 'wsgi_pass_authorization' => 'On', 'headers' => nil, @@ -135,7 +135,7 @@ describe 'keystone::wsgi::apache' do 'display-name' => 'keystone-admin', }, 'wsgi_process_group' => 'keystone_admin', - 'wsgi_script_aliases' => { '/' => "#{platform_parameters[:wsgi_script_path]}/admin" }, + 'wsgi_script_aliases' => { '/' => "#{platform_parameters[:wsgi_script_path]}/keystone-admin" }, 'wsgi_application_group' => '%{GLOBAL}', 'wsgi_pass_authorization' => 'On', 'require' => 'File[keystone_wsgi_admin]', @@ -229,8 +229,8 @@ describe 'keystone::wsgi::apache' do }, 'wsgi_process_group' => 'keystone_main', 'wsgi_script_aliases' => { - '/main/endpoint' => "#{platform_parameters[:wsgi_script_path]}/main", - '/admin/endpoint' => "#{platform_parameters[:wsgi_script_path]}/admin" + '/main/endpoint' => "#{platform_parameters[:wsgi_script_path]}/keystone-public", + '/admin/endpoint' => "#{platform_parameters[:wsgi_script_path]}/keystone-admin" }, 'wsgi_application_group' => '%{GLOBAL}', 'wsgi_pass_authorization' => 'On', @@ -277,7 +277,7 @@ describe 'keystone::wsgi::apache' do it { is_expected.to contain_file('keystone_wsgi_admin').with( 'ensure' => 'link', - 'path' => "#{platform_parameters[:wsgi_script_path]}/admin", + 'path' => "#{platform_parameters[:wsgi_script_path]}/keystone-admin", 'target' => '/opt/keystone/httpd/keystone.py', 'owner' => 'keystone', 'group' => 'keystone', @@ -287,7 +287,7 @@ describe 'keystone::wsgi::apache' do it { is_expected.to contain_file('keystone_wsgi_main').with( 'ensure' => 'link', - 'path' => "#{platform_parameters[:wsgi_script_path]}/main", + 'path' => "#{platform_parameters[:wsgi_script_path]}/keystone-public", 'target' => '/opt/keystone/httpd/keystone.py', 'owner' => 'keystone', 'group' => 'keystone', @@ -327,44 +327,31 @@ describe 'keystone::wsgi::apache' do end end - context 'on RedHat platforms' do - let :facts do - @default_facts.merge(global_facts.merge({ - :osfamily => 'RedHat', - :operatingsystemrelease => '6.0' - })) + on_supported_os({ + }).each do |os,facts| + let (:facts) do + facts.merge!(OSDefaults.get_facts({})) end - let :platform_parameters do - { - :httpd_service_name => 'httpd', - :httpd_ports_file => '/etc/httpd/conf/ports.conf', - :wsgi_script_path => '/var/www/cgi-bin/keystone', - :wsgi_script_source => '/usr/share/keystone/keystone.wsgi' - } + let(:platform_params) do + case facts[:osfamily] + when 'Debian' + { + :httpd_service_name => 'apache2', + :httpd_ports_file => '/etc/apache2/ports.conf', + :wsgi_script_path => '/usr/lib/cgi-bin/keystone', + :wsgi_admin_script_source => '/usr/bin/keystone-wsgi-admin', + :wsgi_public_script_source => '/usr/bin/keystone-wsgi-public' + } + when 'RedHat' + { + :httpd_service_name => 'httpd', + :httpd_ports_file => '/etc/httpd/conf/ports.conf', + :wsgi_script_path => '/var/www/cgi-bin/keystone', + :wsgi_admin_script_source => '/usr/bin/keystone-wsgi-admin', + :wsgi_public_script_source => '/usr/bin/keystone-wsgi-public' + } + end end - - it_configures 'apache serving keystone with mod_wsgi' - end - - context 'on Debian platforms' do - let :facts do - @default_facts.merge(global_facts.merge({ - :osfamily => 'Debian', - :operatingsystem => 'Debian', - :operatingsystemrelease => '7.0' - })) - end - - let :platform_parameters do - { - :httpd_service_name => 'apache2', - :httpd_ports_file => '/etc/apache2/ports.conf', - :wsgi_script_path => '/usr/lib/cgi-bin/keystone', - :wsgi_script_source => '/usr/share/keystone/wsgi.py' - } - end - - it_configures 'apache serving keystone with mod_wsgi' end end