openstack
/
puppet-tripleo
Code Issues Proposed changes

Create dedicated "apache" base profile 

This profile has multiple purposes:
- group common httpd configurations/instructions
- correct a small issue with the "status" mod

Until now, only Horizon was specifically including this mode, and as
httpd wasn't listening on localhost, it wasn't in use at all.

With this commit, all API using apache will be able to provide the httpd
server status on 127.0.0.1/server-status.

Change-Id: If6d64f807c244d7e56852a67ac7dbad26c4c002f
Closes-Bug: 1724751
(cherry picked from commit 0933bc5fd8)
(cherry picked from commit 8eafd014a8)
This commit is contained in:
Cédric Jeanneret 2017-10-19 08:32:09 +02:00 committed by Emilien Macchi
parent 1285b770db
commit ca7239a5dc
13 changed files with 131 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
manifests/profile/base/aodh/api.pp
View File

@ -91,7 +91,7 @@ class tripleo::profile::base::aodh::api (
if $step >= 4 or ( $step >= 3 and $is_bootstrap ) {
include ::aodh::api
include ::apache::mod::ssl
include ::tripleo::profile::base::apache
class { '::aodh::wsgi::apache':
ssl_cert => $tls_certfile,
ssl_key => $tls_keyfile,

43
manifests/profile/base/apache.pp Normal file
View File

@ -0,0 +1,43 @@
# Copyright 2017 Camptocamp SA.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class tripleo::profile::base::apache
#
# Common apache modules and configurationfor API listeners
#
# === Parameters
#
# [*enable_status_listener*]
# Enable or not the localhost listener in httpd.
# Accepted values: Boolean.
# Default to false.
#
# [*status_listener*]
# Where should apache listen for status page
# Default to 127.0.0.1:80
class tripleo::profile::base::apache(
Boolean $enable_status_listener = false,
String $status_listener = '127.0.0.1:80',
) {
include ::apache::mod::status
include ::apache::mod::ssl
if $enable_status_listener {
if !defined(Apache::Listen[$status_listener]) {
::apache::listen {$status_listener: }
}
}
}

2
manifests/profile/base/barbican/api.pp
View File

@ -99,7 +99,7 @@ class tripleo::profile::base::barbican::api (
include ::barbican::api::logging
include ::barbican::keystone::notification
include ::barbican::quota
include ::apache::mod::ssl
include ::tripleo::profile::base::apache
class { '::barbican::wsgi::apache':
ssl_cert => $tls_certfile,
ssl_key => $tls_keyfile,

2
manifests/profile/base/ceilometer/api.pp
View File

@ -89,7 +89,7 @@ class tripleo::profile::base::ceilometer::api (
if $step >= 4 or ( $step >= 3 and $is_bootstrap ) {
include ::ceilometer::api
include ::apache::mod::ssl
include ::tripleo::profile::base::apache
class { '::ceilometer::wsgi::apache':
ssl_cert => $tls_certfile,
ssl_key => $tls_keyfile,

5
manifests/profile/base/cinder/api.pp
View File

@ -89,7 +89,10 @@ class tripleo::profile::base::cinder::api (
if $step >= 4 or ($step >= 3 and $sync_db) {
include ::cinder::api
include ::apache::mod::ssl
class { '::cinder::api':
keymgr_api_class => $keymgr_api_class,
}
include ::tripleo::profile::base::apache
class { '::cinder::wsgi::apache':
ssl_cert => $tls_certfile,
ssl_key => $tls_keyfile,

2
manifests/profile/base/gnocchi/api.pp
View File

@ -118,7 +118,7 @@ class tripleo::profile::base::gnocchi::api (
}
include ::gnocchi::api
include ::apache::mod::ssl
include ::tripleo::profile::base::apache
class { '::gnocchi::wsgi::apache':
ssl_cert => $tls_certfile,
ssl_key => $tls_keyfile,

3
manifests/profile/base/horizon.pp
View File

@ -40,7 +40,8 @@ class tripleo::profile::base::horizon (
if $step >= 4 or ( $step >= 3 and $is_bootstrap ) {
# Horizon
include ::apache::mod::remoteip
include ::apache::mod::status
include ::tripleo::profile::base::apache
if 'cisco_n1kv' in hiera('neutron::plugins::ml2::mechanism_drivers', undef) {
$_profile_support = 'cisco'
} else {

2
manifests/profile/base/keystone.pp
View File

@ -161,7 +161,7 @@ class tripleo::profile::base::keystone (
}
include ::keystone::config
include ::apache::mod::ssl
include ::tripleo::profile::base::apache
class { '::keystone::wsgi::apache':
ssl_cert => $tls_certfile,
ssl_key => $tls_keyfile,

2
manifests/profile/base/nova/api.pp
View File

@ -116,7 +116,7 @@ class tripleo::profile::base::nova::api (
$tls_keyfile = undef
}
if $step >= 4 or ($step >= 3 and $sync_db) {
include ::apache::mod::ssl
include ::tripleo::profile::base::apache
class { '::nova::wsgi::apache_api':
ssl_cert => $tls_certfile,
ssl_key => $tls_keyfile,

2
manifests/profile/base/nova/placement.pp
View File

@ -86,7 +86,7 @@ class tripleo::profile::base::nova::placement (
}
if $step >= 4 or ( $step >= 3 and $is_bootstrap ) {
include ::apache::mod::ssl
include ::tripleo::profile::base::apache
class { '::nova::wsgi::apache_placement':
ssl_cert => $tls_certfile,
ssl_key => $tls_keyfile,

2
manifests/profile/base/panko/api.pp
View File

@ -92,7 +92,7 @@ class tripleo::profile::base::panko::api (
class { '::panko::api':
sync_db => $sync_db,
}
include ::apache::mod::ssl
include ::tripleo::profile::base::apache
class { '::panko::wsgi::apache':
ssl_cert => $tls_certfile,
ssl_key => $tls_keyfile,

2
manifests/profile/base/zaqar.pp
View File

@ -57,7 +57,7 @@ class tripleo::profile::base::zaqar (
uri => $database_connection,
}
include ::zaqar::transport::websocket
include ::apache::mod::ssl
include ::tripleo::profile::base::apache
include ::zaqar::transport::wsgi
# TODO (bcrochet): At some point, the transports should be split out to

73
spec/classes/tripleo_profile_base_apache_spec.rb Normal file
View File

@ -0,0 +1,73 @@
#
# Copyright (C) 2017 Camptocamp SA.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
require 'spec_helper'
describe 'tripleo::profile::base::apache' do
shared_examples_for 'tripleo::profile::base::apache' do
context 'with default params' do
it 'should trigger complete configuration' do
is_expected.to contain_class('apache::mod::status')
is_expected.to contain_class('apache::mod::ssl')
is_expected.to_not contain_apache__listen('127.0.0.1:80')
end
end
context 'Activate listener' do
let(:params) { {
:enable_status_listener => true,
} }
it 'should trigger complete configuration' do
is_expected.to contain_class('apache::mod::status')
is_expected.to contain_class('apache::mod::ssl')
is_expected.to contain_apache__listen('127.0.0.1:80')
end
end
context 'Change listener' do
let(:params) {{
:enable_status_listener => true,
:status_listener => '10.10.0.10:80',
}}
it 'should trigger complete configuration' do
is_expected.to contain_class('apache::mod::status')
is_expected.to contain_class('apache::mod::ssl')
is_expected.to contain_apache__listen('10.10.0.10:80')
end
end
context 'Provide wrong value for ensure_status_listener' do
let(:params) {{
:enable_status_listener => 'fooo',
}}
it { is_expected.to compile.and_raise_error(/expects a Boolean value/) }
end
end
on_supported_os.each do |os, facts|
context "on #{os}" do
let(:facts) do
facts.merge({ :hostname => 'node.example.com' })
end
it_behaves_like 'tripleo::profile::base::apache'
end
end
end