diff --git a/manifests/profile/base/aodh/api.pp b/manifests/profile/base/aodh/api.pp index d6ec32b25..354490a37 100644 --- a/manifests/profile/base/aodh/api.pp +++ b/manifests/profile/base/aodh/api.pp @@ -78,7 +78,7 @@ class tripleo::profile::base::aodh::api ( if $step >= 4 or ( $step >= 3 and $is_bootstrap ) { include ::aodh::api - include ::apache::mod::ssl + include ::tripleo::profile::base::apache class { '::aodh::wsgi::apache': ssl_cert => $tls_certfile, ssl_key => $tls_keyfile, diff --git a/manifests/profile/base/apache.pp b/manifests/profile/base/apache.pp new file mode 100644 index 000000000..b3ae1fffe --- /dev/null +++ b/manifests/profile/base/apache.pp @@ -0,0 +1,43 @@ +# Copyright 2017 Camptocamp SA. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class tripleo::profile::base::apache +# +# Common apache modules and configurationfor API listeners +# +# === Parameters +# +# [*enable_status_listener*] +# Enable or not the localhost listener in httpd. +# Accepted values: Boolean. +# Default to false. +# +# [*status_listener*] +# Where should apache listen for status page +# Default to 127.0.0.1:80 + + +class tripleo::profile::base::apache( + Boolean $enable_status_listener = false, + String $status_listener = '127.0.0.1:80', +) { + include ::apache::mod::status + include ::apache::mod::ssl + + if $enable_status_listener { + if !defined(Apache::Listen[$status_listener]) { + ::apache::listen {$status_listener: } + } + } +} diff --git a/manifests/profile/base/barbican/api.pp b/manifests/profile/base/barbican/api.pp index 6e9c78f07..09f4b1a9b 100644 --- a/manifests/profile/base/barbican/api.pp +++ b/manifests/profile/base/barbican/api.pp @@ -158,7 +158,7 @@ class tripleo::profile::base::barbican::api ( include ::barbican::api::logging include ::barbican::keystone::notification include ::barbican::quota - include ::apache::mod::ssl + include ::tripleo::profile::base::apache class { '::barbican::wsgi::apache': ssl_cert => $tls_certfile, ssl_key => $tls_keyfile, diff --git a/manifests/profile/base/ceilometer/api.pp b/manifests/profile/base/ceilometer/api.pp index 11c1da33a..cd205077f 100644 --- a/manifests/profile/base/ceilometer/api.pp +++ b/manifests/profile/base/ceilometer/api.pp @@ -76,7 +76,7 @@ class tripleo::profile::base::ceilometer::api ( if $step >= 4 or ( $step >= 3 and $is_bootstrap ) { include ::ceilometer::api - include ::apache::mod::ssl + include ::tripleo::profile::base::apache class { '::ceilometer::wsgi::apache': ssl_cert => $tls_certfile, ssl_key => $tls_keyfile, diff --git a/manifests/profile/base/cinder/api.pp b/manifests/profile/base/cinder/api.pp index 892e4edc1..5461a4020 100644 --- a/manifests/profile/base/cinder/api.pp +++ b/manifests/profile/base/cinder/api.pp @@ -85,7 +85,7 @@ class tripleo::profile::base::cinder::api ( class { '::cinder::api': keymgr_api_class => $keymgr_api_class, } - include ::apache::mod::ssl + include ::tripleo::profile::base::apache class { '::cinder::wsgi::apache': ssl_cert => $tls_certfile, ssl_key => $tls_keyfile, diff --git a/manifests/profile/base/gnocchi/api.pp b/manifests/profile/base/gnocchi/api.pp index c958359c1..fdd051775 100644 --- a/manifests/profile/base/gnocchi/api.pp +++ b/manifests/profile/base/gnocchi/api.pp @@ -97,7 +97,7 @@ class tripleo::profile::base::gnocchi::api ( if $step >= 4 or ($step >= 3 and $sync_db) { include ::gnocchi::api - include ::apache::mod::ssl + include ::tripleo::profile::base::apache class { '::gnocchi::wsgi::apache': ssl_cert => $tls_certfile, ssl_key => $tls_keyfile, diff --git a/manifests/profile/base/heat/api.pp b/manifests/profile/base/heat/api.pp index 2221b37ea..46435bfb3 100644 --- a/manifests/profile/base/heat/api.pp +++ b/manifests/profile/base/heat/api.pp @@ -76,7 +76,7 @@ class tripleo::profile::base::heat::api ( if $step >= 4 or ( $step >= 3 and $is_bootstrap ) { include ::heat::api - include ::apache::mod::ssl + include ::tripleo::profile::base::apache class { '::heat::wsgi::apache_api': ssl_cert => $tls_certfile, ssl_key => $tls_keyfile, diff --git a/manifests/profile/base/heat/api_cfn.pp b/manifests/profile/base/heat/api_cfn.pp index 1014b04e4..a2f328734 100644 --- a/manifests/profile/base/heat/api_cfn.pp +++ b/manifests/profile/base/heat/api_cfn.pp @@ -77,7 +77,7 @@ class tripleo::profile::base::heat::api_cfn ( if $step >= 4 or ( $step >= 3 and $is_bootstrap ) { include ::heat::api_cfn - include ::apache::mod::ssl + include ::tripleo::profile::base::apache class { '::heat::wsgi::apache_api_cfn': ssl_cert => $tls_certfile, ssl_key => $tls_keyfile, diff --git a/manifests/profile/base/heat/api_cloudwatch.pp b/manifests/profile/base/heat/api_cloudwatch.pp index 4caac9d3c..7e39028b9 100644 --- a/manifests/profile/base/heat/api_cloudwatch.pp +++ b/manifests/profile/base/heat/api_cloudwatch.pp @@ -77,7 +77,7 @@ class tripleo::profile::base::heat::api_cloudwatch ( if $step >= 4 or ( $step >= 3 and $is_bootstrap ) { include ::heat::api_cloudwatch - include ::apache::mod::ssl + include ::tripleo::profile::base::apache class { '::heat::wsgi::apache_api_cloudwatch': ssl_cert => $tls_certfile, ssl_key => $tls_keyfile, diff --git a/manifests/profile/base/horizon.pp b/manifests/profile/base/horizon.pp index 9441329fc..157d0c0cc 100644 --- a/manifests/profile/base/horizon.pp +++ b/manifests/profile/base/horizon.pp @@ -85,7 +85,8 @@ class tripleo::profile::base::horizon ( if $step >= 4 or ( $step >= 3 and $is_bootstrap ) { # Horizon include ::apache::mod::remoteip - include ::apache::mod::status + include ::tripleo::profile::base::apache + if 'cisco_n1kv' in hiera('neutron::plugins::ml2::mechanism_drivers', undef) { $_profile_support = 'cisco' } else { diff --git a/manifests/profile/base/ironic/api.pp b/manifests/profile/base/ironic/api.pp index bbc91f5a5..78bf9db29 100644 --- a/manifests/profile/base/ironic/api.pp +++ b/manifests/profile/base/ironic/api.pp @@ -75,7 +75,7 @@ class tripleo::profile::base::ironic::api ( if $step >= 4 or ( $step >= 3 and $is_bootstrap ) { include ::ironic::api - include ::apache::mod::ssl + include ::tripleo::profile::base::apache class { '::ironic::wsgi::apache': ssl_cert => $tls_certfile, ssl_key => $tls_keyfile, diff --git a/manifests/profile/base/keystone.pp b/manifests/profile/base/keystone.pp index 6dd271e4b..efc229c6a 100644 --- a/manifests/profile/base/keystone.pp +++ b/manifests/profile/base/keystone.pp @@ -222,7 +222,7 @@ class tripleo::profile::base::keystone ( } include ::keystone::config - include ::apache::mod::ssl + include ::tripleo::profile::base::apache class { '::keystone::wsgi::apache': ssl_cert => $tls_certfile, ssl_key => $tls_keyfile, diff --git a/manifests/profile/base/mistral/api.pp b/manifests/profile/base/mistral/api.pp index 2ab2d9680..f13a44f5d 100644 --- a/manifests/profile/base/mistral/api.pp +++ b/manifests/profile/base/mistral/api.pp @@ -84,7 +84,7 @@ class tripleo::profile::base::mistral::api ( # Temporarily disable Mistral API deployed in WSGI # https://bugs.launchpad.net/tripleo/+bug/1724607 if $mistral_api_wsgi_enabled { - include ::apache::mod::ssl + include ::tripleo::profile::base::apache class { '::mistral::wsgi::apache': ssl_cert => $tls_certfile, ssl_key => $tls_keyfile, diff --git a/manifests/profile/base/nova/api.pp b/manifests/profile/base/nova/api.pp index 2ff1add85..d7764a533 100644 --- a/manifests/profile/base/nova/api.pp +++ b/manifests/profile/base/nova/api.pp @@ -134,7 +134,7 @@ class tripleo::profile::base::nova::api ( $tls_keyfile = undef } if $step >= 4 or ($step >= 3 and $sync_db) { - include ::apache::mod::ssl + include ::tripleo::profile::base::apache class { '::nova::wsgi::apache_api': ssl_cert => $tls_certfile, ssl_key => $tls_keyfile, diff --git a/manifests/profile/base/nova/placement.pp b/manifests/profile/base/nova/placement.pp index 48af39adc..33e40b2a5 100644 --- a/manifests/profile/base/nova/placement.pp +++ b/manifests/profile/base/nova/placement.pp @@ -74,7 +74,7 @@ class tripleo::profile::base::nova::placement ( } if $step >= 4 or ( $step >= 3 and $is_bootstrap ) { - include ::apache::mod::ssl + include ::tripleo::profile::base::apache class { '::nova::wsgi::apache_placement': ssl_cert => $tls_certfile, ssl_key => $tls_keyfile, diff --git a/manifests/profile/base/panko/api.pp b/manifests/profile/base/panko/api.pp index 3b1b8d9fa..a5f9ed0fc 100644 --- a/manifests/profile/base/panko/api.pp +++ b/manifests/profile/base/panko/api.pp @@ -79,7 +79,7 @@ class tripleo::profile::base::panko::api ( class { '::panko::api': sync_db => $sync_db, } - include ::apache::mod::ssl + include ::tripleo::profile::base::apache class { '::panko::wsgi::apache': ssl_cert => $tls_certfile, ssl_key => $tls_keyfile, diff --git a/manifests/profile/base/zaqar.pp b/manifests/profile/base/zaqar.pp index 7e41e9c20..bbc8df56b 100644 --- a/manifests/profile/base/zaqar.pp +++ b/manifests/profile/base/zaqar.pp @@ -135,7 +135,7 @@ class tripleo::profile::base::zaqar ( } include ::zaqar::transport::websocket - include ::apache::mod::ssl + include ::tripleo::profile::base::apache include ::zaqar::transport::wsgi # TODO (bcrochet): At some point, the transports should be split out to diff --git a/spec/classes/tripleo_profile_base_apache_spec.rb b/spec/classes/tripleo_profile_base_apache_spec.rb new file mode 100644 index 000000000..8b3244faf --- /dev/null +++ b/spec/classes/tripleo_profile_base_apache_spec.rb @@ -0,0 +1,73 @@ +# +# Copyright (C) 2017 Camptocamp SA. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# + +require 'spec_helper' + +describe 'tripleo::profile::base::apache' do + shared_examples_for 'tripleo::profile::base::apache' do + + context 'with default params' do + it 'should trigger complete configuration' do + is_expected.to contain_class('apache::mod::status') + is_expected.to contain_class('apache::mod::ssl') + is_expected.to_not contain_apache__listen('127.0.0.1:80') + end + end + + context 'Activate listener' do + let(:params) { { + :enable_status_listener => true, + } } + + it 'should trigger complete configuration' do + is_expected.to contain_class('apache::mod::status') + is_expected.to contain_class('apache::mod::ssl') + is_expected.to contain_apache__listen('127.0.0.1:80') + end + end + + context 'Change listener' do + let(:params) {{ + :enable_status_listener => true, + :status_listener => '10.10.0.10:80', + }} + it 'should trigger complete configuration' do + is_expected.to contain_class('apache::mod::status') + is_expected.to contain_class('apache::mod::ssl') + is_expected.to contain_apache__listen('10.10.0.10:80') + end + end + + + context 'Provide wrong value for ensure_status_listener' do + let(:params) {{ + :enable_status_listener => 'fooo', + }} + it { is_expected.to compile.and_raise_error(/expects a Boolean value/) } + end + end + + + on_supported_os.each do |os, facts| + context "on #{os}" do + let(:facts) do + facts.merge({ :hostname => 'node.example.com' }) + end + + it_behaves_like 'tripleo::profile::base::apache' + end + end +end