Update keystone wsgi scripts

This change updates the wsgi configuration for keystone to use the
keystone-wsgi-public and keystone-wsgi-admin scripts provided. The
previous httpd.py implementation has been deprecated as part of the
Mitaka cycle. We are deprecating the previous single script variable
that was used for both endpoints infavor of two new variables for each
of the scripts.

Change-Id: I03a7a057cae0bf86331191faf47ec394487150a7
Closes-Bug: #1558290
This commit is contained in:
Alex Schultz 2016-03-17 16:00:29 -06:00
parent ce5b4a30e3
commit e812075fd9
4 changed files with 120 additions and 99 deletions

View File

@ -5,12 +5,13 @@ class keystone::params {
$client_package_name = 'python-keystone' $client_package_name = 'python-keystone'
$keystone_user = 'keystone' $keystone_user = 'keystone'
$keystone_group = 'keystone' $keystone_group = 'keystone'
$keystone_wsgi_admin_script_path = '/usr/bin/keystone-wsgi-admin'
$keystone_wsgi_public_script_path = '/usr/bin/keystone-wsgi-public'
case $::osfamily { case $::osfamily {
'Debian': { 'Debian': {
$package_name = 'keystone' $package_name = 'keystone'
$service_name = 'keystone' $service_name = 'keystone'
$keystone_wsgi_script_path = '/usr/lib/cgi-bin/keystone' $keystone_wsgi_script_path = '/usr/lib/cgi-bin/keystone'
$keystone_wsgi_script_source = '/usr/share/keystone/wsgi.py'
$python_memcache_package_name = 'python-memcache' $python_memcache_package_name = 'python-memcache'
$mellon_package_name = 'libapache2-mod-auth-mellon' $mellon_package_name = 'libapache2-mod-auth-mellon'
} }
@ -19,7 +20,6 @@ class keystone::params {
$service_name = 'openstack-keystone' $service_name = 'openstack-keystone'
$keystone_wsgi_script_path = '/var/www/cgi-bin/keystone' $keystone_wsgi_script_path = '/var/www/cgi-bin/keystone'
$python_memcache_package_name = 'python-memcached' $python_memcache_package_name = 'python-memcached'
$keystone_wsgi_script_source = '/usr/share/keystone/keystone.wsgi'
$mellon_package_name = 'mod_auth_mellon' $mellon_package_name = 'mod_auth_mellon'
} }
default: { default: {

View File

@ -85,14 +85,6 @@
# (optional) The number of threads for the vhost. # (optional) The number of threads for the vhost.
# Defaults to $::processorcount # Defaults to $::processorcount
# #
# [*wsgi_script_ensure*]
# (optional) File ensure parameter for wsgi scripts.
# Defaults to 'file'.
#
# [*wsgi_script_source*]
# (optional) Wsgi script source.
# Defaults to undef.
#
# [*wsgi_application_group*] # [*wsgi_application_group*]
# (optional) The application group of the WSGI script. # (optional) The application group of the WSGI script.
# Defaults to '%{GLOBAL}' # Defaults to '%{GLOBAL}'
@ -102,6 +94,22 @@
# script when the equivalent HTTP request headers are present. # script when the equivalent HTTP request headers are present.
# Defaults to 'On' # Defaults to 'On'
# #
# [*wsgi_script_ensure*]
# (optional) File ensure parameter for wsgi scripts.
# Defaults to undef.
#
# [*wsgi_admin_script_source*]
# (optional) Wsgi script source for the admin endpoint. If set to undef
# $::keystone::params::keystone_wsgi_admin_script_path is used. This source
# is copied to the apache cgi-bin path as keystone-admin.
# Defaults to undef.
#
# [*wsgi_public_script_source*]
# (optional) Wsgi script source for the public endpoint. If set to undef
# $::keystone::params::keystone_wsgi_public_script_path is used. This source
# is copied to the apache cgi-bin path as keystone-admin.
# Defaults to undef.
#
# [*access_log_format*] # [*access_log_format*]
# The log format for the virtualhost. # The log format for the virtualhost.
# Optional. Defaults to false. # Optional. Defaults to false.
@ -119,6 +127,12 @@
# (optional) apache::vhost wsgi_chunked_request parameter. # (optional) apache::vhost wsgi_chunked_request parameter.
# Defaults to undef # Defaults to undef
# #
# DEPRECATED OPTIONS
#
# [*wsgi_script_source*]
# (optional) Wsgi script source.
# Defaults to undef.
#
# == Dependencies # == Dependencies
# #
# requires Class['apache'] & Class['keystone'] # requires Class['apache'] & Class['keystone']
@ -143,33 +157,35 @@
# Copyright 2013 eNovance <licensing@enovance.com> # Copyright 2013 eNovance <licensing@enovance.com>
# #
class keystone::wsgi::apache ( class keystone::wsgi::apache (
$servername = $::fqdn, $servername = $::fqdn,
$public_port = 5000, $public_port = 5000,
$admin_port = 35357, $admin_port = 35357,
$bind_host = undef, $bind_host = undef,
$admin_bind_host = undef, $admin_bind_host = undef,
$public_path = '/', $public_path = '/',
$admin_path = '/', $admin_path = '/',
$ssl = true, $ssl = true,
$workers = 1, $workers = 1,
$ssl_cert = undef, $ssl_cert = undef,
$ssl_key = undef, $ssl_key = undef,
$ssl_chain = undef, $ssl_chain = undef,
$ssl_ca = undef, $ssl_ca = undef,
$ssl_crl_path = undef, $ssl_crl_path = undef,
$ssl_crl = undef, $ssl_crl = undef,
$ssl_certs_dir = undef, $ssl_certs_dir = undef,
$threads = $::processorcount, $threads = $::processorcount,
$priority = '10', $priority = '10',
$wsgi_script_ensure = 'file', $wsgi_application_group = '%{GLOBAL}',
$wsgi_script_source = undef, $wsgi_pass_authorization = 'On',
$wsgi_application_group = '%{GLOBAL}', $wsgi_chunked_request = undef,
$wsgi_pass_authorization = 'On', $wsgi_admin_script_source = undef,
$wsgi_chunked_request = undef, $wsgi_public_script_source = undef,
$wsgi_script_ensure = undef,
$access_log_format = false, $access_log_format = false,
$headers = undef, $headers = undef,
$vhost_custom_fragment = undef, $vhost_custom_fragment = undef,
#DEPRECATED
$wsgi_script_source = undef,
) { ) {
include ::keystone::deps include ::keystone::deps
@ -223,13 +239,10 @@ class keystone::wsgi::apache (
require => Anchor['keystone::install::end'], require => Anchor['keystone::install::end'],
} }
$wsgi_files = {
'keystone_wsgi_admin' => { $wsgi_file_target = $wsgi_script_ensure ? {
'path' => "${::keystone::params::keystone_wsgi_script_path}/admin", 'link' => 'target',
}, default => 'source'
'keystone_wsgi_main' => {
'path' => "${::keystone::params::keystone_wsgi_script_path}/main",
},
} }
$wsgi_file_defaults = { $wsgi_file_defaults = {
@ -240,17 +253,27 @@ class keystone::wsgi::apache (
'require' => File[$::keystone::params::keystone_wsgi_script_path], 'require' => File[$::keystone::params::keystone_wsgi_script_path],
} }
$wsgi_script_source_real = $wsgi_script_source ? { if $wsgi_script_source {
default => $wsgi_script_source, warning('The single wsgi script source has been deprecated as part of the Mitaka cycle, please switch to $wsgi_admin_script_source and $wsgi_public_script_source')
undef => $::keystone::params::keystone_wsgi_script_source, $wsgi_admin_source = $wsgi_script_source
$wsgi_public_source = $wsgi_script_source
} else {
$wsgi_admin_source = $::keystone::params::keystone_wsgi_admin_script_path
$wsgi_public_source = $::keystone::params::keystone_wsgi_public_script_path
} }
case $wsgi_script_ensure { $wsgi_files = {
'link': { $wsgi_file_source = { 'target' => $wsgi_script_source_real } } 'keystone_wsgi_admin' => {
default: { $wsgi_file_source = { 'source' => $wsgi_script_source_real } } 'path' => "${::keystone::params::keystone_wsgi_script_path}/keystone-admin",
"${wsgi_file_target}" => $wsgi_admin_source,
},
'keystone_wsgi_main' => {
'path' => "${::keystone::params::keystone_wsgi_script_path}/keystone-public",
"${wsgi_file_target}" => $wsgi_public_source,
},
} }
create_resources('file', $wsgi_files, merge($wsgi_file_defaults, $wsgi_file_source)) create_resources('file', $wsgi_files, $wsgi_file_defaults)
$wsgi_daemon_process_options_main = { $wsgi_daemon_process_options_main = {
user => 'keystone', user => 'keystone',
@ -268,8 +291,8 @@ class keystone::wsgi::apache (
display-name => 'keystone-admin', display-name => 'keystone-admin',
} }
$wsgi_script_aliases_main = hash([$public_path_real,"${::keystone::params::keystone_wsgi_script_path}/main"]) $wsgi_script_aliases_main = hash([$public_path_real,"${::keystone::params::keystone_wsgi_script_path}/keystone-public"])
$wsgi_script_aliases_admin = hash([$admin_path_real, "${::keystone::params::keystone_wsgi_script_path}/admin"]) $wsgi_script_aliases_admin = hash([$admin_path_real, "${::keystone::params::keystone_wsgi_script_path}/keystone-admin"])
if $public_port == $admin_port { if $public_port == $admin_port {
$wsgi_script_aliases_main_real = merge($wsgi_script_aliases_main, $wsgi_script_aliases_admin) $wsgi_script_aliases_main_real = merge($wsgi_script_aliases_main, $wsgi_script_aliases_admin)

View File

@ -0,0 +1,11 @@
---
deprecations:
- The single wsgi script for both the keystone admin and
public endpoints have been deprecated upstream. As such,
our support of a single wsgi script for keystone is also
deprecated.
other:
- Add support for the newer admin and public wsgi scripts
for keystone. Also added is the ability to provide a custom
script for each of these. By default, the module will leverage
scripts provided by the keystone package.

View File

@ -34,8 +34,8 @@ describe 'keystone::wsgi::apache' do
it { is_expected.to contain_file('keystone_wsgi_admin').with( it { is_expected.to contain_file('keystone_wsgi_admin').with(
'ensure' => 'file', 'ensure' => 'file',
'path' => "#{platform_parameters[:wsgi_script_path]}/admin", 'path' => "#{platform_parameters[:wsgi_script_path]}/keystone-admin",
'source' => platform_parameters[:wsgi_script_source], 'source' => platform_parameters[:wsgi_admin_script_source],
'owner' => 'keystone', 'owner' => 'keystone',
'group' => 'keystone', 'group' => 'keystone',
'mode' => '0644', 'mode' => '0644',
@ -44,8 +44,8 @@ describe 'keystone::wsgi::apache' do
it { is_expected.to contain_file('keystone_wsgi_main').with( it { is_expected.to contain_file('keystone_wsgi_main').with(
'ensure' => 'file', 'ensure' => 'file',
'path' => "#{platform_parameters[:wsgi_script_path]}/main", 'path' => "#{platform_parameters[:wsgi_script_path]}/keystone-public",
'source' => platform_parameters[:wsgi_script_source], 'source' => platform_parameters[:wsgi_public_script_source],
'owner' => 'keystone', 'owner' => 'keystone',
'group' => 'keystone', 'group' => 'keystone',
'mode' => '0644', 'mode' => '0644',
@ -69,7 +69,7 @@ describe 'keystone::wsgi::apache' do
'display-name' => 'keystone-admin', 'display-name' => 'keystone-admin',
}, },
'wsgi_process_group' => 'keystone_admin', 'wsgi_process_group' => 'keystone_admin',
'wsgi_script_aliases' => { '/' => "#{platform_parameters[:wsgi_script_path]}/admin" }, 'wsgi_script_aliases' => { '/' => "#{platform_parameters[:wsgi_script_path]}/keystone-admin" },
'wsgi_application_group' => '%{GLOBAL}', 'wsgi_application_group' => '%{GLOBAL}',
'wsgi_pass_authorization' => 'On', 'wsgi_pass_authorization' => 'On',
'headers' => nil, 'headers' => nil,
@ -135,7 +135,7 @@ describe 'keystone::wsgi::apache' do
'display-name' => 'keystone-admin', 'display-name' => 'keystone-admin',
}, },
'wsgi_process_group' => 'keystone_admin', 'wsgi_process_group' => 'keystone_admin',
'wsgi_script_aliases' => { '/' => "#{platform_parameters[:wsgi_script_path]}/admin" }, 'wsgi_script_aliases' => { '/' => "#{platform_parameters[:wsgi_script_path]}/keystone-admin" },
'wsgi_application_group' => '%{GLOBAL}', 'wsgi_application_group' => '%{GLOBAL}',
'wsgi_pass_authorization' => 'On', 'wsgi_pass_authorization' => 'On',
'require' => 'File[keystone_wsgi_admin]', 'require' => 'File[keystone_wsgi_admin]',
@ -229,8 +229,8 @@ describe 'keystone::wsgi::apache' do
}, },
'wsgi_process_group' => 'keystone_main', 'wsgi_process_group' => 'keystone_main',
'wsgi_script_aliases' => { 'wsgi_script_aliases' => {
'/main/endpoint' => "#{platform_parameters[:wsgi_script_path]}/main", '/main/endpoint' => "#{platform_parameters[:wsgi_script_path]}/keystone-public",
'/admin/endpoint' => "#{platform_parameters[:wsgi_script_path]}/admin" '/admin/endpoint' => "#{platform_parameters[:wsgi_script_path]}/keystone-admin"
}, },
'wsgi_application_group' => '%{GLOBAL}', 'wsgi_application_group' => '%{GLOBAL}',
'wsgi_pass_authorization' => 'On', 'wsgi_pass_authorization' => 'On',
@ -277,7 +277,7 @@ describe 'keystone::wsgi::apache' do
it { is_expected.to contain_file('keystone_wsgi_admin').with( it { is_expected.to contain_file('keystone_wsgi_admin').with(
'ensure' => 'link', 'ensure' => 'link',
'path' => "#{platform_parameters[:wsgi_script_path]}/admin", 'path' => "#{platform_parameters[:wsgi_script_path]}/keystone-admin",
'target' => '/opt/keystone/httpd/keystone.py', 'target' => '/opt/keystone/httpd/keystone.py',
'owner' => 'keystone', 'owner' => 'keystone',
'group' => 'keystone', 'group' => 'keystone',
@ -287,7 +287,7 @@ describe 'keystone::wsgi::apache' do
it { is_expected.to contain_file('keystone_wsgi_main').with( it { is_expected.to contain_file('keystone_wsgi_main').with(
'ensure' => 'link', 'ensure' => 'link',
'path' => "#{platform_parameters[:wsgi_script_path]}/main", 'path' => "#{platform_parameters[:wsgi_script_path]}/keystone-public",
'target' => '/opt/keystone/httpd/keystone.py', 'target' => '/opt/keystone/httpd/keystone.py',
'owner' => 'keystone', 'owner' => 'keystone',
'group' => 'keystone', 'group' => 'keystone',
@ -327,44 +327,31 @@ describe 'keystone::wsgi::apache' do
end end
end end
context 'on RedHat platforms' do on_supported_os({
let :facts do }).each do |os,facts|
@default_facts.merge(global_facts.merge({ let (:facts) do
:osfamily => 'RedHat', facts.merge!(OSDefaults.get_facts({}))
:operatingsystemrelease => '6.0'
}))
end end
let :platform_parameters do let(:platform_params) do
{ case facts[:osfamily]
:httpd_service_name => 'httpd', when 'Debian'
:httpd_ports_file => '/etc/httpd/conf/ports.conf', {
:wsgi_script_path => '/var/www/cgi-bin/keystone', :httpd_service_name => 'apache2',
:wsgi_script_source => '/usr/share/keystone/keystone.wsgi' :httpd_ports_file => '/etc/apache2/ports.conf',
} :wsgi_script_path => '/usr/lib/cgi-bin/keystone',
:wsgi_admin_script_source => '/usr/bin/keystone-wsgi-admin',
:wsgi_public_script_source => '/usr/bin/keystone-wsgi-public'
}
when 'RedHat'
{
:httpd_service_name => 'httpd',
:httpd_ports_file => '/etc/httpd/conf/ports.conf',
:wsgi_script_path => '/var/www/cgi-bin/keystone',
:wsgi_admin_script_source => '/usr/bin/keystone-wsgi-admin',
:wsgi_public_script_source => '/usr/bin/keystone-wsgi-public'
}
end
end end
it_configures 'apache serving keystone with mod_wsgi'
end
context 'on Debian platforms' do
let :facts do
@default_facts.merge(global_facts.merge({
:osfamily => 'Debian',
:operatingsystem => 'Debian',
:operatingsystemrelease => '7.0'
}))
end
let :platform_parameters do
{
:httpd_service_name => 'apache2',
:httpd_ports_file => '/etc/apache2/ports.conf',
:wsgi_script_path => '/usr/lib/cgi-bin/keystone',
:wsgi_script_source => '/usr/share/keystone/wsgi.py'
}
end
it_configures 'apache serving keystone with mod_wsgi'
end end
end end