Create dedicated "apache" base profile

This profile has multiple purposes:
- group common httpd configurations/instructions
- correct a small issue with the "status" mod

Until now, only Horizon was specifically including this mode, and as
httpd wasn't listening on localhost, it wasn't in use at all.

With this commit, all API using apache will be able to provide the httpd
server status on 127.0.0.1/server-status.

Change-Id: If6d64f807c244d7e56852a67ac7dbad26c4c002f
Closes-Bug: 1724751

manifests/profile/base/aodh/api.pp

@@ -78,7 +78,7 @@ class tripleo::profile::base::aodh::api (
 
   if $step >= 4 or ( $step >= 3 and $is_bootstrap ) {
     include ::aodh::api
-    include ::apache::mod::ssl
+    include ::tripleo::profile::base::apache
     class { '::aodh::wsgi::apache':
       ssl_cert => $tls_certfile,
       ssl_key  => $tls_keyfile,

manifests/profile/base/apache.pp

@@ -0,0 +1,43 @@
+# Copyright 2017 Camptocamp SA.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# == Class tripleo::profile::base::apache
+#
+# Common apache modules and configurationfor API listeners
+#
+# === Parameters
+#
+# [*enable_status_listener*]
+#   Enable or not the localhost listener in httpd.
+#   Accepted values: Boolean.
+#   Default to false.
+#
+# [*status_listener*]
+#   Where should apache listen for status page
+#   Default to 127.0.0.1:80
+
+
+class tripleo::profile::base::apache(
+  Boolean $enable_status_listener = false,
+  String  $status_listener        = '127.0.0.1:80',
+) {
+  include ::apache::mod::status
+  include ::apache::mod::ssl
+
+  if $enable_status_listener {
+    if !defined(Apache::Listen[$status_listener]) {
+      ::apache::listen {$status_listener: }
+    }
+  }
+}

manifests/profile/base/barbican/api.pp

@@ -158,7 +158,7 @@ class tripleo::profile::base::barbican::api (
     include ::barbican::api::logging
     include ::barbican::keystone::notification
     include ::barbican::quota
-    include ::apache::mod::ssl
+    include ::tripleo::profile::base::apache
     class { '::barbican::wsgi::apache':
       ssl_cert => $tls_certfile,
       ssl_key  => $tls_keyfile,

manifests/profile/base/ceilometer/api.pp

@@ -76,7 +76,7 @@ class tripleo::profile::base::ceilometer::api (
 
   if $step >= 4 or ( $step >= 3 and $is_bootstrap ) {
     include ::ceilometer::api
-    include ::apache::mod::ssl
+    include ::tripleo::profile::base::apache
     class { '::ceilometer::wsgi::apache':
       ssl_cert => $tls_certfile,
       ssl_key  => $tls_keyfile,

manifests/profile/base/cinder/api.pp

@@ -85,7 +85,7 @@ class tripleo::profile::base::cinder::api (
     class { '::cinder::api':
       keymgr_api_class => $keymgr_api_class,
     }
-    include ::apache::mod::ssl
+    include ::tripleo::profile::base::apache
     class { '::cinder::wsgi::apache':
       ssl_cert => $tls_certfile,
       ssl_key  => $tls_keyfile,

manifests/profile/base/gnocchi/api.pp

@@ -97,7 +97,7 @@ class tripleo::profile::base::gnocchi::api (
 
   if $step >= 4 or ($step >= 3 and $sync_db) {
     include ::gnocchi::api
-    include ::apache::mod::ssl
+    include ::tripleo::profile::base::apache
     class { '::gnocchi::wsgi::apache':
       ssl_cert => $tls_certfile,
       ssl_key  => $tls_keyfile,

manifests/profile/base/heat/api.pp

@@ -76,7 +76,7 @@ class tripleo::profile::base::heat::api (
 
   if $step >= 4 or ( $step >= 3 and $is_bootstrap ) {
     include ::heat::api
-    include ::apache::mod::ssl
+    include ::tripleo::profile::base::apache
     class { '::heat::wsgi::apache_api':
       ssl_cert => $tls_certfile,
       ssl_key  => $tls_keyfile,

manifests/profile/base/heat/api_cfn.pp

@@ -77,7 +77,7 @@ class tripleo::profile::base::heat::api_cfn (
   if $step >= 4 or ( $step >= 3 and $is_bootstrap ) {
     include ::heat::api_cfn
 
-    include ::apache::mod::ssl
+    include ::tripleo::profile::base::apache
     class { '::heat::wsgi::apache_api_cfn':
       ssl_cert => $tls_certfile,
       ssl_key  => $tls_keyfile,

manifests/profile/base/heat/api_cloudwatch.pp

@@ -77,7 +77,7 @@ class tripleo::profile::base::heat::api_cloudwatch (
   if $step >= 4 or ( $step >= 3 and $is_bootstrap ) {
     include ::heat::api_cloudwatch
 
-    include ::apache::mod::ssl
+    include ::tripleo::profile::base::apache
     class { '::heat::wsgi::apache_api_cloudwatch':
       ssl_cert => $tls_certfile,
       ssl_key  => $tls_keyfile,

manifests/profile/base/horizon.pp

@@ -85,7 +85,8 @@ class tripleo::profile::base::horizon (
   if $step >= 4 or ( $step >= 3 and $is_bootstrap ) {
     # Horizon
     include ::apache::mod::remoteip
-    include ::apache::mod::status
+    include ::tripleo::profile::base::apache
+
     if 'cisco_n1kv' in hiera('neutron::plugins::ml2::mechanism_drivers', undef) {
       $_profile_support = 'cisco'
     } else {

manifests/profile/base/ironic/api.pp

@@ -75,7 +75,7 @@ class tripleo::profile::base::ironic::api (
 
   if $step >= 4 or ( $step >= 3 and $is_bootstrap ) {
     include ::ironic::api
-    include ::apache::mod::ssl
+    include ::tripleo::profile::base::apache
     class { '::ironic::wsgi::apache':
       ssl_cert => $tls_certfile,
       ssl_key  => $tls_keyfile,

manifests/profile/base/keystone.pp

@@ -222,7 +222,7 @@ class tripleo::profile::base::keystone (
     }
 
     include ::keystone::config
-    include ::apache::mod::ssl
+    include ::tripleo::profile::base::apache
     class { '::keystone::wsgi::apache':
       ssl_cert       => $tls_certfile,
       ssl_key        => $tls_keyfile,

manifests/profile/base/mistral/api.pp

@@ -84,7 +84,7 @@ class tripleo::profile::base::mistral::api (
     # Temporarily disable Mistral API deployed in WSGI
     # https://bugs.launchpad.net/tripleo/+bug/1724607
     if $mistral_api_wsgi_enabled {
-      include ::apache::mod::ssl
+      include ::tripleo::profile::base::apache
       class { '::mistral::wsgi::apache':
         ssl_cert => $tls_certfile,
         ssl_key  => $tls_keyfile,

manifests/profile/base/nova/api.pp

@@ -134,7 +134,7 @@ class tripleo::profile::base::nova::api (
       $tls_keyfile = undef
     }
     if $step >= 4 or ($step >= 3 and $sync_db) {
-      include ::apache::mod::ssl
+      include ::tripleo::profile::base::apache
       class { '::nova::wsgi::apache_api':
         ssl_cert => $tls_certfile,
         ssl_key  => $tls_keyfile,

manifests/profile/base/nova/placement.pp

@@ -74,7 +74,7 @@ class tripleo::profile::base::nova::placement (
   }
 
   if $step >= 4 or ( $step >= 3 and $is_bootstrap ) {
-    include ::apache::mod::ssl
+    include ::tripleo::profile::base::apache
     class { '::nova::wsgi::apache_placement':
       ssl_cert => $tls_certfile,
       ssl_key  => $tls_keyfile,

manifests/profile/base/panko/api.pp

@@ -79,7 +79,7 @@ class tripleo::profile::base::panko::api (
     class { '::panko::api':
       sync_db => $sync_db,
     }
-    include ::apache::mod::ssl
+    include ::tripleo::profile::base::apache
     class { '::panko::wsgi::apache':
       ssl_cert => $tls_certfile,
       ssl_key  => $tls_keyfile,

manifests/profile/base/zaqar.pp

@@ -135,7 +135,7 @@ class tripleo::profile::base::zaqar (
     }
 
     include ::zaqar::transport::websocket
-    include ::apache::mod::ssl
+    include ::tripleo::profile::base::apache
     include ::zaqar::transport::wsgi
 
     # TODO (bcrochet): At some point, the transports should be split out to

spec/classes/tripleo_profile_base_apache_spec.rb

@@ -0,0 +1,73 @@
+#
+# Copyright (C) 2017 Camptocamp SA.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+
+require 'spec_helper'
+
+describe 'tripleo::profile::base::apache' do
+  shared_examples_for 'tripleo::profile::base::apache' do
+
+    context 'with default params' do
+      it 'should trigger complete configuration' do
+        is_expected.to contain_class('apache::mod::status')
+        is_expected.to contain_class('apache::mod::ssl')
+        is_expected.to_not contain_apache__listen('127.0.0.1:80')
+      end
+    end
+
+    context 'Activate listener' do
+      let(:params) { {
+        :enable_status_listener => true,
+      } }
+
+      it 'should trigger complete configuration' do
+        is_expected.to contain_class('apache::mod::status')
+        is_expected.to contain_class('apache::mod::ssl')
+        is_expected.to contain_apache__listen('127.0.0.1:80')
+      end
+    end
+
+    context 'Change listener' do
+      let(:params) {{
+        :enable_status_listener => true,
+        :status_listener        => '10.10.0.10:80',
+      }}
+      it 'should trigger complete configuration' do
+        is_expected.to contain_class('apache::mod::status')
+        is_expected.to contain_class('apache::mod::ssl')
+        is_expected.to contain_apache__listen('10.10.0.10:80')
+      end
+    end
+
+
+    context 'Provide wrong value for ensure_status_listener' do
+      let(:params) {{
+        :enable_status_listener => 'fooo',
+      }}
+      it { is_expected.to compile.and_raise_error(/expects a Boolean value/) }
+    end
+  end
+
+
+  on_supported_os.each do |os, facts|
+    context "on #{os}" do
+      let(:facts) do
+        facts.merge({ :hostname => 'node.example.com' })
+      end
+
+      it_behaves_like 'tripleo::profile::base::apache'
+    end
+  end
+end