From 0933bc5fd896ac2474872bb1b4b217ad8f430885 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Jeanneret?= Date: Thu, 19 Oct 2017 08:32:09 +0200 Subject: [PATCH] Create dedicated "apache" base profile This profile has multiple purposes: - group common httpd configurations/instructions - correct a small issue with the "status" mod Until now, only Horizon was specifically including this mode, and as httpd wasn't listening on localhost, it wasn't in use at all. With this commit, all API using apache will be able to provide the httpd server status on 127.0.0.1/server-status. Change-Id: If6d64f807c244d7e56852a67ac7dbad26c4c002f Closes-Bug: 1724751 --- manifests/profile/base/aodh/api.pp | 2 +- manifests/profile/base/apache.pp | 43 +++++++++++ manifests/profile/base/barbican/api.pp | 2 +- manifests/profile/base/ceilometer/api.pp | 2 +- manifests/profile/base/cinder/api.pp | 2 +- manifests/profile/base/gnocchi/api.pp | 2 +- manifests/profile/base/heat/api.pp | 2 +- manifests/profile/base/heat/api_cfn.pp | 2 +- manifests/profile/base/heat/api_cloudwatch.pp | 2 +- manifests/profile/base/horizon.pp | 3 +- manifests/profile/base/ironic/api.pp | 2 +- manifests/profile/base/keystone.pp | 2 +- manifests/profile/base/mistral/api.pp | 2 +- manifests/profile/base/nova/api.pp | 2 +- manifests/profile/base/nova/placement.pp | 2 +- manifests/profile/base/panko/api.pp | 2 +- manifests/profile/base/zaqar.pp | 2 +- .../tripleo_profile_base_apache_spec.rb | 73 +++++++++++++++++++ 18 files changed, 133 insertions(+), 16 deletions(-) create mode 100644 manifests/profile/base/apache.pp create mode 100644 spec/classes/tripleo_profile_base_apache_spec.rb diff --git a/manifests/profile/base/aodh/api.pp b/manifests/profile/base/aodh/api.pp index d6ec32b25..354490a37 100644 --- a/manifests/profile/base/aodh/api.pp +++ b/manifests/profile/base/aodh/api.pp @@ -78,7 +78,7 @@ class tripleo::profile::base::aodh::api ( if $step >= 4 or ( $step >= 3 and $is_bootstrap ) { include ::aodh::api - include ::apache::mod::ssl + include ::tripleo::profile::base::apache class { '::aodh::wsgi::apache': ssl_cert => $tls_certfile, ssl_key => $tls_keyfile, diff --git a/manifests/profile/base/apache.pp b/manifests/profile/base/apache.pp new file mode 100644 index 000000000..b3ae1fffe --- /dev/null +++ b/manifests/profile/base/apache.pp @@ -0,0 +1,43 @@ +# Copyright 2017 Camptocamp SA. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class tripleo::profile::base::apache +# +# Common apache modules and configurationfor API listeners +# +# === Parameters +# +# [*enable_status_listener*] +# Enable or not the localhost listener in httpd. +# Accepted values: Boolean. +# Default to false. +# +# [*status_listener*] +# Where should apache listen for status page +# Default to 127.0.0.1:80 + + +class tripleo::profile::base::apache( + Boolean $enable_status_listener = false, + String $status_listener = '127.0.0.1:80', +) { + include ::apache::mod::status + include ::apache::mod::ssl + + if $enable_status_listener { + if !defined(Apache::Listen[$status_listener]) { + ::apache::listen {$status_listener: } + } + } +} diff --git a/manifests/profile/base/barbican/api.pp b/manifests/profile/base/barbican/api.pp index 6e9c78f07..09f4b1a9b 100644 --- a/manifests/profile/base/barbican/api.pp +++ b/manifests/profile/base/barbican/api.pp @@ -158,7 +158,7 @@ class tripleo::profile::base::barbican::api ( include ::barbican::api::logging include ::barbican::keystone::notification include ::barbican::quota - include ::apache::mod::ssl + include ::tripleo::profile::base::apache class { '::barbican::wsgi::apache': ssl_cert => $tls_certfile, ssl_key => $tls_keyfile, diff --git a/manifests/profile/base/ceilometer/api.pp b/manifests/profile/base/ceilometer/api.pp index 11c1da33a..cd205077f 100644 --- a/manifests/profile/base/ceilometer/api.pp +++ b/manifests/profile/base/ceilometer/api.pp @@ -76,7 +76,7 @@ class tripleo::profile::base::ceilometer::api ( if $step >= 4 or ( $step >= 3 and $is_bootstrap ) { include ::ceilometer::api - include ::apache::mod::ssl + include ::tripleo::profile::base::apache class { '::ceilometer::wsgi::apache': ssl_cert => $tls_certfile, ssl_key => $tls_keyfile, diff --git a/manifests/profile/base/cinder/api.pp b/manifests/profile/base/cinder/api.pp index 892e4edc1..5461a4020 100644 --- a/manifests/profile/base/cinder/api.pp +++ b/manifests/profile/base/cinder/api.pp @@ -85,7 +85,7 @@ class tripleo::profile::base::cinder::api ( class { '::cinder::api': keymgr_api_class => $keymgr_api_class, } - include ::apache::mod::ssl + include ::tripleo::profile::base::apache class { '::cinder::wsgi::apache': ssl_cert => $tls_certfile, ssl_key => $tls_keyfile, diff --git a/manifests/profile/base/gnocchi/api.pp b/manifests/profile/base/gnocchi/api.pp index c958359c1..fdd051775 100644 --- a/manifests/profile/base/gnocchi/api.pp +++ b/manifests/profile/base/gnocchi/api.pp @@ -97,7 +97,7 @@ class tripleo::profile::base::gnocchi::api ( if $step >= 4 or ($step >= 3 and $sync_db) { include ::gnocchi::api - include ::apache::mod::ssl + include ::tripleo::profile::base::apache class { '::gnocchi::wsgi::apache': ssl_cert => $tls_certfile, ssl_key => $tls_keyfile, diff --git a/manifests/profile/base/heat/api.pp b/manifests/profile/base/heat/api.pp index 2221b37ea..46435bfb3 100644 --- a/manifests/profile/base/heat/api.pp +++ b/manifests/profile/base/heat/api.pp @@ -76,7 +76,7 @@ class tripleo::profile::base::heat::api ( if $step >= 4 or ( $step >= 3 and $is_bootstrap ) { include ::heat::api - include ::apache::mod::ssl + include ::tripleo::profile::base::apache class { '::heat::wsgi::apache_api': ssl_cert => $tls_certfile, ssl_key => $tls_keyfile, diff --git a/manifests/profile/base/heat/api_cfn.pp b/manifests/profile/base/heat/api_cfn.pp index 1014b04e4..a2f328734 100644 --- a/manifests/profile/base/heat/api_cfn.pp +++ b/manifests/profile/base/heat/api_cfn.pp @@ -77,7 +77,7 @@ class tripleo::profile::base::heat::api_cfn ( if $step >= 4 or ( $step >= 3 and $is_bootstrap ) { include ::heat::api_cfn - include ::apache::mod::ssl + include ::tripleo::profile::base::apache class { '::heat::wsgi::apache_api_cfn': ssl_cert => $tls_certfile, ssl_key => $tls_keyfile, diff --git a/manifests/profile/base/heat/api_cloudwatch.pp b/manifests/profile/base/heat/api_cloudwatch.pp index 4caac9d3c..7e39028b9 100644 --- a/manifests/profile/base/heat/api_cloudwatch.pp +++ b/manifests/profile/base/heat/api_cloudwatch.pp @@ -77,7 +77,7 @@ class tripleo::profile::base::heat::api_cloudwatch ( if $step >= 4 or ( $step >= 3 and $is_bootstrap ) { include ::heat::api_cloudwatch - include ::apache::mod::ssl + include ::tripleo::profile::base::apache class { '::heat::wsgi::apache_api_cloudwatch': ssl_cert => $tls_certfile, ssl_key => $tls_keyfile, diff --git a/manifests/profile/base/horizon.pp b/manifests/profile/base/horizon.pp index 9441329fc..157d0c0cc 100644 --- a/manifests/profile/base/horizon.pp +++ b/manifests/profile/base/horizon.pp @@ -85,7 +85,8 @@ class tripleo::profile::base::horizon ( if $step >= 4 or ( $step >= 3 and $is_bootstrap ) { # Horizon include ::apache::mod::remoteip - include ::apache::mod::status + include ::tripleo::profile::base::apache + if 'cisco_n1kv' in hiera('neutron::plugins::ml2::mechanism_drivers', undef) { $_profile_support = 'cisco' } else { diff --git a/manifests/profile/base/ironic/api.pp b/manifests/profile/base/ironic/api.pp index bbc91f5a5..78bf9db29 100644 --- a/manifests/profile/base/ironic/api.pp +++ b/manifests/profile/base/ironic/api.pp @@ -75,7 +75,7 @@ class tripleo::profile::base::ironic::api ( if $step >= 4 or ( $step >= 3 and $is_bootstrap ) { include ::ironic::api - include ::apache::mod::ssl + include ::tripleo::profile::base::apache class { '::ironic::wsgi::apache': ssl_cert => $tls_certfile, ssl_key => $tls_keyfile, diff --git a/manifests/profile/base/keystone.pp b/manifests/profile/base/keystone.pp index 6dd271e4b..efc229c6a 100644 --- a/manifests/profile/base/keystone.pp +++ b/manifests/profile/base/keystone.pp @@ -222,7 +222,7 @@ class tripleo::profile::base::keystone ( } include ::keystone::config - include ::apache::mod::ssl + include ::tripleo::profile::base::apache class { '::keystone::wsgi::apache': ssl_cert => $tls_certfile, ssl_key => $tls_keyfile, diff --git a/manifests/profile/base/mistral/api.pp b/manifests/profile/base/mistral/api.pp index 2ab2d9680..f13a44f5d 100644 --- a/manifests/profile/base/mistral/api.pp +++ b/manifests/profile/base/mistral/api.pp @@ -84,7 +84,7 @@ class tripleo::profile::base::mistral::api ( # Temporarily disable Mistral API deployed in WSGI # https://bugs.launchpad.net/tripleo/+bug/1724607 if $mistral_api_wsgi_enabled { - include ::apache::mod::ssl + include ::tripleo::profile::base::apache class { '::mistral::wsgi::apache': ssl_cert => $tls_certfile, ssl_key => $tls_keyfile, diff --git a/manifests/profile/base/nova/api.pp b/manifests/profile/base/nova/api.pp index 2ff1add85..d7764a533 100644 --- a/manifests/profile/base/nova/api.pp +++ b/manifests/profile/base/nova/api.pp @@ -134,7 +134,7 @@ class tripleo::profile::base::nova::api ( $tls_keyfile = undef } if $step >= 4 or ($step >= 3 and $sync_db) { - include ::apache::mod::ssl + include ::tripleo::profile::base::apache class { '::nova::wsgi::apache_api': ssl_cert => $tls_certfile, ssl_key => $tls_keyfile, diff --git a/manifests/profile/base/nova/placement.pp b/manifests/profile/base/nova/placement.pp index 48af39adc..33e40b2a5 100644 --- a/manifests/profile/base/nova/placement.pp +++ b/manifests/profile/base/nova/placement.pp @@ -74,7 +74,7 @@ class tripleo::profile::base::nova::placement ( } if $step >= 4 or ( $step >= 3 and $is_bootstrap ) { - include ::apache::mod::ssl + include ::tripleo::profile::base::apache class { '::nova::wsgi::apache_placement': ssl_cert => $tls_certfile, ssl_key => $tls_keyfile, diff --git a/manifests/profile/base/panko/api.pp b/manifests/profile/base/panko/api.pp index 3b1b8d9fa..a5f9ed0fc 100644 --- a/manifests/profile/base/panko/api.pp +++ b/manifests/profile/base/panko/api.pp @@ -79,7 +79,7 @@ class tripleo::profile::base::panko::api ( class { '::panko::api': sync_db => $sync_db, } - include ::apache::mod::ssl + include ::tripleo::profile::base::apache class { '::panko::wsgi::apache': ssl_cert => $tls_certfile, ssl_key => $tls_keyfile, diff --git a/manifests/profile/base/zaqar.pp b/manifests/profile/base/zaqar.pp index 7e41e9c20..bbc8df56b 100644 --- a/manifests/profile/base/zaqar.pp +++ b/manifests/profile/base/zaqar.pp @@ -135,7 +135,7 @@ class tripleo::profile::base::zaqar ( } include ::zaqar::transport::websocket - include ::apache::mod::ssl + include ::tripleo::profile::base::apache include ::zaqar::transport::wsgi # TODO (bcrochet): At some point, the transports should be split out to diff --git a/spec/classes/tripleo_profile_base_apache_spec.rb b/spec/classes/tripleo_profile_base_apache_spec.rb new file mode 100644 index 000000000..8b3244faf --- /dev/null +++ b/spec/classes/tripleo_profile_base_apache_spec.rb @@ -0,0 +1,73 @@ +# +# Copyright (C) 2017 Camptocamp SA. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# + +require 'spec_helper' + +describe 'tripleo::profile::base::apache' do + shared_examples_for 'tripleo::profile::base::apache' do + + context 'with default params' do + it 'should trigger complete configuration' do + is_expected.to contain_class('apache::mod::status') + is_expected.to contain_class('apache::mod::ssl') + is_expected.to_not contain_apache__listen('127.0.0.1:80') + end + end + + context 'Activate listener' do + let(:params) { { + :enable_status_listener => true, + } } + + it 'should trigger complete configuration' do + is_expected.to contain_class('apache::mod::status') + is_expected.to contain_class('apache::mod::ssl') + is_expected.to contain_apache__listen('127.0.0.1:80') + end + end + + context 'Change listener' do + let(:params) {{ + :enable_status_listener => true, + :status_listener => '10.10.0.10:80', + }} + it 'should trigger complete configuration' do + is_expected.to contain_class('apache::mod::status') + is_expected.to contain_class('apache::mod::ssl') + is_expected.to contain_apache__listen('10.10.0.10:80') + end + end + + + context 'Provide wrong value for ensure_status_listener' do + let(:params) {{ + :enable_status_listener => 'fooo', + }} + it { is_expected.to compile.and_raise_error(/expects a Boolean value/) } + end + end + + + on_supported_os.each do |os, facts| + context "on #{os}" do + let(:facts) do + facts.merge({ :hostname => 'node.example.com' }) + end + + it_behaves_like 'tripleo::profile::base::apache' + end + end +end