From 447059ae0ca4a69ab9171969a1f30962e886b1a9 Mon Sep 17 00:00:00 2001 From: Lukas Bezdicka Date: Wed, 2 Sep 2015 18:37:33 +0200 Subject: [PATCH] Bump modules to their latest masters Update apache to 00b0da75cbe2a11a8577b87cb635d0c04440db10 00b0da75cbe2a11a8577b87cb635d0c04440db10 Merge pull request #1180 from roidelapluie/ProxyPassReverseCookiePath 7cf4b96f7806c9960ffd002b6c9f4a6cc8720800 Support the mod_proxy ProxyPassReverseCookiePath directive 4a2b0dbaa59f5db406502bd7e902dced316ee593 Merge pull request #1189 from traylenator/melon c78ff52febc8b28f39a629543b26b407a50cfac2 Merge pull request #1190 from mhaskel/MODULES-2439 3b5e4db1c5cb9194b757c7ca4a3f30f79e7103e5 MODULES-2439 - ProxyPassMatch parameters were ending up on a newline 8600f3e37791542b417f600078d1499e644aae7c Merge pull request #1184 from mpdude/patch-1 b2f842c9c03e86de855422827954fbb9e4471b87 (MODULES-2458) Support for mod_auth_mellon. a34f171c214497a3cdd80b615e7de7425385b17b Merge pull request #1185 from mwhahaha/ticket/2432-worker_listenbacklog d245182d0b13faaecfd7cc45589a6e26f05ff41c Add ListenBacklog for mod worker (MODULES-2432) ea54cf0e46d585596b6e83f714b0b34a07d5caeb The purge_vhost_configs parameter is actually called purge_vhost_dir 8ef4ee58a7ce6cc3848c6b72c4cee8961eee0aa0 Merge pull request #1182 from bmjen/fix-ci d4dbc720c69e4a92384bb492cc78a3f82db81c78 corrects mod_cgid worker/event defaults c137d269d99266f2200ed314e03561939d26ede5 Merge pull request #1159 from vamegh/master cd1102bb20bc6ed876994986f28931248fa200dd Add support for user modifiable installation of mod_systemd and pidfile locations. 3449663c786e3feb20d350af619c641734af0f53 Merge pull request #1181 from bmjen/fix-ci 3ff15a5e7e3fc3cc9adb7efd23c89169adde8a07 fixes conditional in vhost aliases fbf0effc73d8afdc19e8d029190e7034fa4e3350 Merge pull request #1178 from jewjitsu/fcgid_loadfile_name 1bf0aba5f6c457149786878afaba525bec940118 load unixd before fcgid on all operating systems (see #879) 5a2730ed70a3dbe10b217d9c3539ccda15a1dcf4 Merge pull request #1155 from pcfens/mod_alias 7f8dfb3195c0ba21a15413396acf1338a96e8c1a Merge pull request #1146 from Gamesparks-OSS/ticket/1410-mod_disk_cache 7e4c6bc55043506140c950876f53299fb324d0b0 Adding support to mod_disk_cache for >= 2.4 e504da604dca75fc584c96c1359c8aa79d1daf9f mod::alias should be included when the aliases parameter is used (even without scriptaliases) 3ef6c41b4eb9d1696c7e57584886228f53bb2522 Merge pull request #1175 from MasonM/fix-cgid-with-event-mpm eb022c68b35d42ca145973d846e3ff8ec8fc10b5 Update README.md a40e09774db0c24021d0f757e1dd3694d1df072c Merge pull request #1154 from pcfens/userdir_fix 30f6d1654f68f02e77d750e0b792e66fbcd24216 Merge pull request #1148 from olivierHa/master 7fffc482b0a5e3d433a21ac96af353e04fb9dc07 Merge pull request #1158 from wubr/feature/mod_passenger_spawnmethod 2d4723f42a9f132c6c43c0c62dbb50fb3d6e5112 mod_passenger: allow setting PassengerSpawnMethod db2eabd7affbc231c2c93ab8e5434418a6050f00 Merge pull request #1162 from cropalato/master 62e1370fbfc9e7e0e1f8a2458b7f66102dcbf26c DOC-1493: Resolve broken links. 7b6fd26694019d24c3e393d79bc89d2d38a28fcc Merge pull request #1176 from mhaskel/readme 660dda1e14edb86994d7ef49917406bd3ef68f98 Apache readme reorganization. cd5090b5a4c4293d00f54a55ea2a51617c0c5656 Merge pull request #1156 from dconry/master 20e7abe95bb572ea11fb7f0a9bac78f6327465a2 Merge pull request #1170 from bmjen/remove_187 fb4aa9b10983cd2b575fc1c78cdb510313b1bf06 Removes ruby 1.8.7 from the travisci test matrix cb81fd4ecfa0c3c8142b81a408fcd3377985d7ec Merge pull request #1169 from mhaskel/merge_1.6.x_to_master 11b1bd827918437b7c4dc6da200a3b36274d966c Added documentation for ForceType directive (MODULES-2152) 4daaa34da62eb0d4a42c2649f8dbcb3574daf974 Adding ability to enable/disable the secruleengine through a parameter 90c4befeea0cadba006adf93fe5d93908159160d we also want to have groups with '-' like vhost-users f87394e74838ea9e9d9e07dc22da25898e928766 add possibility to set icons_path to false so no alias will be set for it 634fc0089fd6bb247aaf756de3369f48b83d871c Merge pull request #1167 from bmurtagh/fix/MODULES-2152 9b7bde91968dea386b59be53f8f6b6d2e66779dd Added documentation for ForceType directive (MODULES-2152) ddb76e444f1abf8d17884a73cc7ffd733d24d6d4 Merge pull request #1168 from igalic/secrule_engine 5b03bef8e029135573720366b60d649d84f46b72 Merge pull request #1166 from noris-network/suexec_group fa56b56311edf8b21353477f07cf12b731d105a8 Merge pull request #1160 from AntagonistHQ/no-icons-alias 9f0c303e79a88eaae59a332fa62159082b93f9b3 Adding ability to enable/disable the secruleengine through a parameter 883ca3a226233563fcaf4f17bd1afe22eb1715b0 Merge pull request #1165 from bmjen/fix-rhel-aio 4646f7be28f38f8f361a9f64408de26585ca4d41 we also want to have groups with '-' like vhost-users 4cca48fd04fc2c7986ad8bb020a233e28317c918 fixes timing of mod_security tests for aio 8b2e700360f2a36ce19f9b1cc56640d3014ede25 Fix apache::mod::cgid so it can be used with the event MPM b1a3cc18f3d07ec239b5183384c12798f83b852f Include full path for UserDir directive 855415d6b6f3857781cb42dc33eec84b54d067e0 Merge pull request #1164 from bmjen/fix-changelog a403853cded8764c64e84f3dfe6985f3da6b5a95 update to CHANGELOG a791a72b2397dbb2b13e3afc2824eab19750209c Merge pull request #1163 from mhaskel/1.6.0-prep bbbe6044478799412b08921e9fb3c84164450566 1.6.0 prep 8b00664a26728ca3556b532caa1ececa95962ed2 Adding use_optional_includes parameter to vhost define. 2605c7696b8024c76a6572295b3f9abef6c2939a Merge pull request #1161 from bmjen/deb7-fix eaa0044c9a4cbf6602543f3f61f868ce088dbbb1 fixes ordering of mod_security tests to pass on debian7 f3e861efcb19346c98e12a55dba759556375a6d5 add possibility to set icons_path to false so no alias will be set for it 48a72ea2fede5f9077af6ebc4dcbdd938e428ab7 Merge pull request #1157 from puppetlabs/1.5.x 15d513467f5a2111d0ec8a2bdb1351ef59822c52 Fix _proxy.erb to put multiple SetEnv ce72c66ad49b81b23fb72607184d90ad5f0014ba Merge pull request #1151 from bmjen/install-nettools 11fc4774373776542d1eb886261f721bc804e919 Installs net-tools on RHEL7, so that be_listening tests work e01b717b305c7be949ee6ffc9f6c220d89e44a6f Merge pull request #1143 from BIAndrews/master f0810d29170403e13d3403028b8dcd6f426a4640 Fix: missing package for mod_geoip on Debian systems 28e74e33eb3bf59d15f1535cce3c4e4ef65926d3 Merge pull request #1147 from jonnytpuppet/readme_fix 2c27798702074eccc4cdabb3d5af7d8d1d035d2f MODULES-2148 - Readme update for timeout property. 1314c27bf0ee0c1d6403b6dec88de60d570b7b3b added spec test for apache::vhost filters support a79a581efc1837879377588274d1f04e40650230 typo fixed in unit test fe118fb556974701bcd35e2cb379b6ce094759d6 added unit test for apache::vhost support c77abfc6f40d4054c04eb2d6fd8fe27ded79fce9 doc updates about mod_filter for apache::vhost 2f525f0045aaae49422b58eb273da3c2fedfd623 fixed mod filter name and docs 9e4f8ef9204459b6447138df52041a37b9549171 adding support for a filters array to apache::vhost fcc73608e0daa8b3856488c0f7ef29b715b49ef2 Merge pull request #1141 from bmjen/fix-amazon-pr a29cf82ec7217f65b6dae523d5482a14c5c36e2c makes the acceptance tests more robust by ensuring selinux is disabled on all runs. 87cd728cdc6d65945f0948bf8421bce8f98c364b fixes bug introduced by PR1133 ebc16b2578f186daba9c61ad77787714749d3691 Merge pull request #1139 from mhaskel/release_updates 667335f634f131132b46221afd22ab8b065dcce7 Updated changelog b78c05daee4f03cd8ca77c1a0f1d58d1594a443a Merge branch 'cliles-feature-amazon' into 1.5.x 9f1559ed4d8e8d95254c580d548dd7282079c0bd Amazon Linux does not support systemd. Having the versioncmp makes this fail on newer versions (which do not yet support systemd). Run this on 2015.03 and you end up with an apache server that will not start. 34fb5d6043fc55bfc3a5b963317893ee29401a3a Merge pull request #1138 from mhaskel/concat f54393e60eaec4e926eaf6cfadee729d81650130 Revert "Support puppetlabs-concat 2.x" 4ac403bdd077342f9d14755c84fc7e30cbecc958 Merge pull request #1134 from mhaskel/changelog_date 2a1d700c035dba0d0f17a2c16d3e42ab0dc3c61b Incorrect date in the changelog Change-Id: I6f9864ba514f824deeb7fe991fe10c5e06a824c6 Update ceilometer to 7d20689bbb3857872cd63497ac45d523ed775d0d 7d20689bbb3857872cd63497ac45d523ed775d0d Merge "Reflect provider change in puppet-openstacklib" f167c7a3a95190efeb2533aeeee237de1ecaa0aa Merge "Initial msync run for all Puppet OpenStack modules" 05c5ec1605769579d6f6caeb91cd850da895a730 Reflect provider change in puppet-openstacklib 212630d4f20ef897ba43006408ae7fd90da91a3f acceptance: enable debug & verbosity for OpenStack logs 4ff5f42a759c45834ade52bf3aacfe1047c0689f Merge "wsgi: fix typos in comments" fe4eb1f5efcc6af093663efaa9d3ea7eff8f5ea0 Merge "acceptance: bump to Liberty release" a0fe2020da5cedcbed87bfbc4ffba6f527047c84 wsgi: fix typos in comments 257a60ce79f00f96239d06d84c9660f14a31bd68 WSGI: make it work, and test it with acceptance 6114cbf65fecd62cc905275de8c6f56fafecde20 Merge "Rely on autorequire for config resource ordering" 5100d55cd2597575c714b5761fdde90b65384f22 Merge "acceptance: clean an old FIXME in manifest" e729f2d91177a64db52476b4e3b3c2d361b1cf47 Rely on autorequire for config resource ordering 47e61845e42ff3f67acaf973a7f6eb5fb3e489aa Merge "Add an ability to manage use_stderr parameter" b8424f9ffd978ba7b5406d0cc9d9c23308e4217d Use openstack/ namespace for fixtures modules 985c48951b42810cbfcf3a077c8773a8787fa6d2 Add an ability to manage use_stderr parameter 3dbe940b19d9541b1964f9cba62d1f4369590b99 acceptance: bump to Liberty release 6d461c803bb86c2fc224a61ba8e9138a2019d319 Merge "Add ability to specify ttl and timeout parameters" 93575b1639fc8a465065c6d78d4e514612edbd39 Initial msync run for all Puppet OpenStack modules def35c7fd5278ab1da23ec5f8f090de4a51a0629 acceptance: clean an old FIXME in manifest 2ff489103bf401983c27aa6523c01bbd950c768f Add ability to specify ttl and timeout parameters 9529fd4e831cb9f3f37a26435bd33d8fab7521c5 Update Setup in Ceilometer README Change-Id: I043e74523b9ad19f5f8f0939c5eb454e70d85554 Update cinder to 7519759797dbf797971ac0dd6411053c78ac4d41 7519759797dbf797971ac0dd6411053c78ac4d41 don't run vgcreate if vg exists 770ee4e229630d7532aaa0a0628d9400c2b1b3f3 dont run losetup if it's been done already 8f40d3c7aead546343ba7805d48f1ca39735258b Merge " Add 'host' parameter to cinder.conf" 0d1b1fa222338390ebd5a46e8ad7687d5dc300a3 Merge "Reflect provider change in puppet-openstacklib" 4f5a4beb2f56dc4896724157670b2d100efa2c53 Merge "Fix "Add lock_path to cinder config"" 923c5bcabdd6f57b1c07e39fcb9ff835eb379cc1 Merge "Initial msync run for all Puppet OpenStack modules" b554d30aaf7b08d928183d5fab9fe4e8319d492f Reflect provider change in puppet-openstacklib 8d7a24ec03cdfe302660d0322e05e071f100ef6f Merge "acceptance: enable debug & verbosity for OpenStack logs" 2895cf14b6b9175c88f0592dfc27c76b4e7a0acb acceptance: enable debug & verbosity for OpenStack logs 2c34b74d1068997ffece49532b13ef3f0a821e63 Merge "acceptance: bump to Liberty release" d46b5eb996e8c59aa1a8777eb1fc7748a5a7ed38 Merge "Rely on autorequire for config resource ordering" 575465f3ac57693c3d0e057a1b861470a274f374 Merge "Sync cinder::db::sync with new standard" 69bfb7cb815d95cffebfeb7f46384e04548ba64d Rely on autorequire for config resource ordering 99b185c66f8747ef48b2963188cdcbcaca39774a Fix "Add lock_path to cinder config" 775b96af2f78485fcfe7e6025707f64adfa6ec9f Merge "Add an ability to manage use_stderr parameter" 393c457ee9785e8000efa9eeafa5768b716e47e2 Merge "DB purge cron job" bf4534ab802d2e6189699edbe22683fa15926c3d DB purge cron job a51e43bd6b4c1ca731d58ba132af218a684204b5 Use openstack/ namespace for fixtures modules c9de4988543b6f0bf55891a4f3f90fa804abe74b Add an ability to manage use_stderr parameter 7158e23f586a59f1352ae446699c29f5847b9d6b acceptance: bump to Liberty release 8a2dc3c2f255b58f0f793a4f218ab551c07186dc Initial msync run for all Puppet OpenStack modules e58b63a0d9358ce7a4d8219208ffe681e5125080 Add 'host' parameter to cinder.conf 6796a75d5afca133818df416f4f810a9d1c3a99b Merge "Add lock_path to cinder config" d5c38006e8cd2690088555b93db29e69e8b507c1 Add lock_path to cinder config aa63bf4d34e31f9e6115c93ca26c88c89b70d901 set parameter host in vmdk.pp 81163c0fad37f60b8995d0ed35e79ce611870445 Sync cinder::db::sync with new standard Change-Id: Ibc03b16622da5c3c04c9e3c3edb852295d05e8cc Update firewall to f973175bc01e6ab357857efbd611bb34ef1a2e4b f973175bc01e6ab357857efbd611bb34ef1a2e4b Merge pull request #572 from roman-mueller/deprecation_warning 44184f23b9f0bb81f14a04bb6e7205365fbf7f63 Improve deprecation warning, add module name to it c9a79d5c8ef5e6af35eb7feaa6cecf8b530424ba Merge pull request #571 from tphoney/release_1.7.1 9cd6b1e859c67d364bbb52931b2d2d998696f0a0 release prep 3b6d365edb74073b8d1b112f31e541906b7bc192 Merge pull request #570 from hunner/deprecate_port 4f2df97faab93e530ff5a4d99afa3d9d16a246cd Deprecate port parameter 7281b0a771ec818578f3d4b4a70c44294a525a75 Merge pull request #569 from grigarr/patch-1 6ecf2118b28f7714cdd4c6d6c8aa2d3d43a3ba66 Always use dport f77dc9016e6d21185c5bf1a2ef08a0c1fb9cd304 Merge pull request #567 from puppetlabs/1.7.x 9911c30731cf5b6c9f7b3b025a54c3fa5f82143d Release 1.7.0 Prep 9708d541f51c835e2ddb1878ba2a549eb785cf7d Merge pull request #566 from jonnytpuppet/more_test_fixes 7c041a8a1c7dbb0371a7f798f0e0385a09ea4e54 More test logic fixes for SLES 10 2aeb948e33f80fa0e3dbf346346c29c626a8f862 Merge pull request #565 from jonnytpuppet/more_test_fixes 9642742dbcafab23cf718d27d2411ac6bd1ed34c More test exclusion logic fixes 7e35cec9c3fc426c56ba3e8be780754e09ad2fab Merge pull request #564 from jonnytpuppet/more_test_fixes 6d2716eebb4baf93ffd183a26c0d3145f6be7ce8 Further test exclusions for SLES 10 8d670c757a3c796e148bfe34a33973ddf1ee6c9d Merge pull request #563 from jonnytpuppet/more_test_fixes d0e2dd7b04c345190226200ebab3794e721eb23b Exclude SLES 10 from some tests 01ce84f2a29025c6b3f63540cd93ad72c2be9d99 Merge pull request #562 from jonnytpuppet/more_test_fixes ad409015dae305b87e99c3ef7535150b49510d73 Adding allow ssh rule to tests ea901268e016aa9dd3d0f5af0d6f2069cfb167fb Merge pull request #561 from jonnytpuppet/more_test_fixes 80c7a9341137ec48d6c4e67135ea2840aafa39f4 Removed reject test in acceptance test 99283a160c4415b1645732e24a15b7b4a48603b4 Merge pull request #559 from BlendMarketing/master 75544d9376e0e4723b9c0d4c415f65b0fbd1cffa Merge pull request #560 from estonfer/add_dscp_markings 932d0d900644f285966ca405bdeb6f5012ed040e add set_dscp and set_dscp_class 0022afe573c488e2dfb706654a634c9358f46b4c Merge branch 'master' of git://github.com/puppetlabs/puppetlabs-firewall 38c66d5fb2dabc96b4f78186ecd712743232c36d facter 4 compat 7161ec2c0e277945cedb99b308266f7606c8b13a Merge pull request #555 from TJM/ticket/MODULES-2186-remove_fwrules_A eb25e66173507d7fecd2866e8ce0a2581f921214 Merge pull request #554 from ghoneycutt/patch-1 a21dc5c6e7c32642339e6ae98c56033bdaa27e54 Merge pull request #558 from jonnytpuppet/test_fix 97f2a148ccbf78bcdfd68c0b4fe0702471399f05 Test fixes that may prevent hanging problems during beaker tests. fc0622bb0c9a8888f09a0b9157a2e1c1b355b34d Merge pull request #557 from DavidS/modules-2155-update-docs b53a3fd36912e828bc31d472290881d731de862d (MODULES-2155) Remove note about purge restrictions 69fa795bc36d738a8aed26ad8c2dd79ff3d135fa Merge pull request #556 from jonnytpuppet/autorequire_service 1ec285a4a1d150b909b9a55feddbe16f9cebfe9a Makes all the services autorequired by the firewall and firewall chain types. 511f21cc6a6ea8837cfa4e3c515d21577f4da654 MODULES-2186 - iptables rules with -A in comment 2a9a3b9134efb710df3d4ff65856adda180a341c Style fixes in documentation's example code cf17f45be26017d8d2d57c968787f3924ba360b4 Merge pull request #553 from jonnytpuppet/test_fix b0982928d8ad3fa9fa67d802dd2cf21ec4e888b5 Only catch changes if not EL5 due to selinux warning issue. 6bf091842c31dd0d4aea38ba8dd7b7b0e30ae60f Merge pull request #551 from jonnytpuppet/physdev_idem_fix 35943dec4abf11005321450d495f77c27907a614 Fix for physdev idempotency on EL5 8a556e7e7d0893ede42222a6352573ae44c007ed Merge pull request #550 from hunner/undefault_seluser f8bb236d754b38a254ac5a52c9c23d7c2849d6dd Enforce the seluser on selinux systems Change-Id: I98c5bd17952501c28772f383b432e244f93f01fb Update glance to 35c1701ba8817ace08f882a670d3d7152544d133 35c1701ba8817ace08f882a670d3d7152544d133 Merge "Add an ability to manage use_stderr parameter" afa0ed8122a95aba44c6d23e3a7307c579f36e98 Make sure Glance_image is executed after Keystone_endpoint 1f4a545247049eebff60d7946fe3f648fce583b6 Add an ability to manage use_stderr parameter Change-Id: I281d4fd79191a2ff2fada351c496c0aff75443c1 Update gluster to e3c2486867b950a892663b7eca03bceee84c8b6e e3c2486867b950a892663b7eca03bceee84c8b6e search for uuidgen instead of using a fixed path 0f9101a763ee940abaa2633e167cc14dc2ff3829 fuse glusterfs mount doesn't support remount option f2605fe625a10010212c7e350ee081e244036f16 add op-version 3.7.2 ffd29df0a33b4f4fb25a01e35aae9eec2939b005 Fix whitespace issues found by git whitespace-check 69d03aa824d7daf00a6a7c7bbfc7ec9ef159d394 add support for creating gluster with an arbiter b3878501916cebe18560f5049105d2e6bf06d33e Update folder path 895b2dad4e2cbb2cbcbf6f5fb6eb6a4f6ad681f0 Fix interface fact name for vrrp Change-Id: I75fd69745d2dfe11c0f4b1e9731452e1acdec95b Update gnocchi to 34be2c3ec87cb7250146779d58462b21468c37dc 34be2c3ec87cb7250146779d58462b21468c37dc Merge "Reflect provider change in puppet-openstacklib" 9ea37dda383a0d18c461f0e802ce84f2fff51409 Merge "Initial msync run for all Puppet OpenStack modules" eb5fe69efb006ae2f31ff1e74d0ef2b5d4faac6c Reflect provider change in puppet-openstacklib 74c4e1d88e169c03fb5fd9c4001d62368c9b824c Initial msync run for all Puppet OpenStack modules 46925dd1475392ffea156ddd91c7a7c43a271f2c Rely on autorequire for config resource ordering a0a4ec7ebb0d86afbff6e16548360c112e362fc8 Use openstack/ namespace for fixtures modules 2d0b518283fb23fb3a1e71a52ead53423eceaf87 Merge "keystone/auth: make service description configurable" b3e503c3e09b24c1540ac13bba8c07181f10563a Add tag to package and service resources 14558869ea888202c0d9f5f1094f56bae7d7e829 keystone/auth: make service description configurable Change-Id: I7b1b1382f0d3784768ff41b991cf264d48db206d Update haproxy to ad4fa8dfe69268f6daa1aa532bd8684d6427c991 ad4fa8dfe69268f6daa1aa532bd8684d6427c991 Merge pull request #195 from zoojar/patch-1 6aa30cfe8835a9adb6f1614a52bf661440f0e72f Merge pull request #193 from icg-puppet/hotfix-timeout-client-is-in-ms c51a0367baf7b9b1e2d4906f613216ffce6ac933 fixed frontend description e621da895fa01dad1b589a7d4e0ace80a661261e Merge pull request #194 from DavidS/allow-defaults-file-override 14540d0f2e794ffbea0320ce0e854722e910aaf1 Allow the contents of /etc/default/haproxy to be overridden fee32c4991883caed6b7bb421ca0b2edbf035b88 Update examples to use seconds (default is ms) d657ec226d229c62c33a04346790b1a7bb441a7b Merge pull request #191 from mlehner616/bind_options 67713bc8ab3bcd6be67c228bcd1858d1aa230179 prevent warning on puppet 4 Change-Id: Ib8cdaaac94fc7ccd1f9ac38fa91e1bceda642d63 Update heat to 16b4eca4c95d7873ef510181f4a52592abeca24c 16b4eca4c95d7873ef510181f4a52592abeca24c Merge "Create Heat Domain with Keystone_domain resource" 5212597481d0470958f91421069f4b43277f2dc6 Merge "Reflect provider change in puppet-openstacklib" b8cb6286176b8658726a7aa10488eceefbd11318 Merge "Initial msync run for all Puppet OpenStack modules" ed3732cc781af877b9072dc23ec74bc5ae600fde Reflect provider change in puppet-openstacklib 4fa9985f2a860b34e26973f95de40c3594e33f99 Initial msync run for all Puppet OpenStack modules 4db0ab63b45002ad5577c1e53a7c8e5261e1f223 Merge "acceptance: enable debug & verbosity for OpenStack logs" 2ed33d3166158bd4cfe3af32d93a72f2c5d1a3ac acceptance: enable debug & verbosity for OpenStack logs 68f99e2f1c9bcdeec24a74d0032be3df2f3b3681 Merge "Creation of heat::db::sync" 0cf89d487e51d53dbce1807ce684cac4b86c0b85 Rely on autorequire for config resource ordering 2a45eec02d69118d18d270135b532a06a9707c02 Merge "Add an ability to manage use_stderr parameter" 397241c58507a909223dd1ba44d44e5e80bcb81a Merge "Use openstack/ namespace for fixtures modules" 4a845f704c0ecd629b2c1a13e5367922012b1e86 Use openstack/ namespace for fixtures modules 0b983460fee6eeee020455d36ad6d03690f7d57c Add an ability to manage use_stderr parameter 4d31f22f13a273fef042c6002fac53c85a88c678 Merge "Update README.md for Heat" 13fcf95bea48af3fb5815011a995b572e09183f5 Merge "Remove deprecated parameter stack_user_domain" b0bc5d9a482ffda8c0e49aa70cf229c33bb171bb Creation of heat::db::sync 3b563c52483d7966218666de46edd3de423156f3 Merge "keystone/auth: make service description configurable" b5f0f0de7469aa734a3d3ff005a819e03d6633ac Create Heat Domain with Keystone_domain resource 7aa7151b19ca93be3d9392049e572ffc52ad24b4 Update README.md for Heat b7d19f43bd729e505d12979350082bf0c26b5b40 Remove deprecated parameter stack_user_domain f6f7d5287a778cb901ad0ca7dbddad9fcf377323 Merge "Fix module install reference" e9b10e86fe5a174c6b5adca9a1036cbffd680ba4 Fix module install reference 0ea44a1eb117bdffb4dcd2ccc95e2c34d31cdd35 keystone/auth: make service description configurable Change-Id: I2336fe211760519d13da6a4b105170f941bbc700 Update horizon to 2eaaebdf08e66096bb3da6d52a876fbe0d8dee0e 2eaaebdf08e66096bb3da6d52a876fbe0d8dee0e Merge "Initial msync run for all Puppet OpenStack modules" 619608e7167f7b7962cb347b3878bf0281415a17 Merge "Make redirect type configurable" 8de1b6100bd325e09b7964ba910183237b36b779 Make redirect type configurable 65386255d18ab570190537e6f2b6a62c057a98e4 acceptance: bump to Liberty release aba03fb6758f811775ea08bdb2549561c39c0daf Initial msync run for all Puppet OpenStack modules e3bc1cb95825615f0843022de98ebe64a0cb3529 add CUSTOM_THEME_PATH variable 331fc0c86779359059bd99652e045fb0bb5276a5 Merge "Add tag to package resource" 1d006006c253c0c8641d5737ccaf81b4d55c622d Add tag to package resource Change-Id: I85d41377d4dd3f8755499ba086d8bbf5997f26b2 Update inifile to 960d85a670191e8d59ac2aa67b20fc6160a40acd 960d85a670191e8d59ac2aa67b20fc6160a40acd Merge pull request #190 from puppetlabs/1.4.x 2c8a08e6756d98b6a5f1a828dc010cd773c3c8c4 Merge pull request #189 from bmjen/fix-metadata f29cdb8b133e8d7b94adb27e21a90d90ef65aa34 updates metadata.json to match Puppet 4.x PMT output 43bf3b0b78e060df002c3d8c000aefc8cb95e529 Merge pull request #188 from DavidS/fix-readme 53606a2ac858a0ef7b9bc522619f0ea669dfdd0b (maint) Fix README for ini_setting parameters 2fbeac25daf2852f4d7410aae1058e18d64d0c18 Merge pull request #185 from danzilio/create_ini_settings_namespace 65ee1d69b132f3aaf9d62fb2a5fab8bd8a3865f7 Merge pull request #187 from tphoney/release_prep_1_4_2 cda3ccaecccf18f069d664fcef1b22aba991ed38 1.4.2 release prep 54f12d3f8e60bfcebc1496646fe05e39fc0f6880 Merge branch 'master' of https://github.com/puppetlabs/puppetlabs-inifile into create_ini_settings_namespace 7e0527248f180a3a60f39ed63af9a19d58687a16 Merge pull request #186 from puppetlabs/1.4.x a94f51e68dca6f2eef877d9703da1e83eacfc74d Adding path to create_ini_settings resources de451637520a52db01264c333d2b64c02e9dfb63 Merge pull request #184 from glarizza/MODULES_2369_key_val_separator d452e6ca1e8df61cb639d85d5944df465096d886 Support a space as a key_val_separator f1e4313740063b03a821f99858550ff3a2f63116 Merge pull request #183 from cyberious/MODULES-1908 48965fb01c4822ff2046d61c7a033800437529e7 (MODULES-1908) Munge the setting to ensure we always strip the whitespace b499f7071026179074be7784a1e82b2e4e12960a Merge pull request #182 from mhaskel/MODULES-2212 2ab47100c74ffdb5be98d9f9ba62736f5ea125bf MODULES-2212 - Add use_exact_match parameter for subsettings 9147ecc3e8487901a5b2b5db35179db4953e423e Whitespace cleanup ab87c7314290ecae621d81c21af4910e7cbaf7da Merge pull request #181 from hunner/tweak_readme af399747080eb18d5afd45283c6444c3df5f8e91 Reorder output and remove whitespace 43f0c6863101185d0d03592df3bfe9766e68d3a8 Merge pull request #180 from jbondpdx/1.4.x d9b4c3622a66c979c828ea83545ac6a70280d556 fixing mistakes in code samples 7f465f53ceb77c0a38474eddd28e0b34a0b42af7 Edits to new Function: `create_ini_settings` in README f72730d3c074914d8d198b746517ab9963499cc7 Merge pull request #179 from hunner/docs_changes 7a45b38414147977ebade573860938147cc0eb85 Merge pull request #173 from poikilotherm/fix/master/add_create_ini_settings_to_readme 9fc499baa56b932c3e8c68a92868e2ad4c95b2fd Merge pull request #174 from DavidS/fixup-readme e2f1fe1c169d2f5bd458b9f7f52343e4b8f0a74b Merge pull request #178 from hunner/release_1.4.1 c3ce25ad7f8902bbd086b8573aea83762b7a1b59 Release 1.4.1 2a7dbc140deed9768b4254a6ea2c98b0099ef924 Merge pull request #177 from puppetlabs/1.4.x 7543b3c0e70b82fe23e787e89dfb0b14848f9e73 Merge pull request #175 from hunner/bump_version b36984132dc45600f69d7d3166673e31dd1aa652 Bump version for release 560134c6614cd1d40a17552e0e95499966461f65 (maint) fixup description of ini_setting%setting 101519d5e9a093357da89b62322ff61a869a7f39 Release Prep 1.4.0 d3724aa87584e0906aab2e64dae8962b7c9bd0a1 Add documentation for create_ini_settings() to README bf32ac86ca230eeaedbd902caed3fcf8f906f730 Merge pull request #172 from drewfisher314/ticket/2136-add-solaris-12 366523b5abe44b0520e86e3338ed15355d79009c Add support for Solaris 12 Change-Id: I84579ded8e24b73faea5c22371df4974c7ff6d59 Update ironic to 7f09ae46c15fe5fd97e39b85e7cdb63a83283c37 7f09ae46c15fe5fd97e39b85e7cdb63a83283c37 Merge "Put configuration files under configurable folder" 5baf8d135ccf858df8a918461c730272f1f609d9 Put configuration files under configurable folder 74e33ba9d539aec855036c3852d878641d803716 Merge "Reflect provider change in puppet-openstacklib" 88556408022efa47a755339438a43ed15927c570 Merge "Initial msync run for all Puppet OpenStack modules" bb1bab5b2832b433111fde3dc574ebb8ff37e804 Reflect provider change in puppet-openstacklib a9717c4129383f1a84c1f38df83d9d8fee07feb8 Merge "acceptance: install openstack-selinux on redhat plateforms" db4b6afb7ab95118a1a2ee437672286b98048809 acceptance: enable debug & verbosity for OpenStack logs 36cbfc0bccb8b8b110b98ff5c4bc19cbbc2bea65 acceptance: install openstack-selinux on redhat plateforms 6a29e260bb5428cfdb63d371d5ee6febfe8605e7 Merge "Fixed the comment for port in ironic api.pp" 69fa70013893a323a7cf62bc57963bd7a86bab04 Rely on autorequire for config resource ordering 93c68b626f3b9c6d4d04ebba2250defef3e0cc12 Fixed the comment for port in ironic api.pp 005d532a4f14f32603ecc6050e607380131be79b Merge "Use openstack/ namespace for fixtures modules" e309ca66b3360db0008c899c55bc50c5888a095a Use openstack/ namespace for fixtures modules 558215949344dd476b00280e56aa799b4a1d7e59 Merge "Creation of ironic::db::sync" 5e258816b20d226ab10f693e1edd920154310992 Initial msync run for all Puppet OpenStack modules 5099c089882f49747cb151cd58e3cd00483dbd48 Merge "Update README.md for Ironic" d9a9a977fc271d1cb982686d4b7b816cff5edb6f Merge "Add bifrost manifest" 95eeb73c4c3cb54c337cf20f369c79ddbe2823a9 Add bifrost manifest e986414cc7e72ba30e0dd0fdf3a248612456c12f Update README.md for Ironic 48bf5c3adf0b3145c5c4e3332ab0d76bf2b6a3a3 Creation of ironic::db::sync 49dc0e100f3a9a8d68fddc38133002977c9e2f3c Add tag to package and service resources Change-Id: I4936abd6cb4e5cdad1c3d65ae06838f38da8d86d Update keystone to a39ce03ac03cc31964ae530d7b6239a630059a5f a39ce03ac03cc31964ae530d7b6239a630059a5f Add custom fragment to vhost a6b9bddab1301009d6a77e83769323871ddcff61 Merge "acceptance/eventlet: make sure apache is stopped" ee830a5277fe6b54e9814a0a00f79cafd0c89561 Merge "if running eventlet, send deprecation warning" c8f8e436192554122feddc6339644a85f25bfe43 acceptance/eventlet: make sure apache is stopped b34e2e3bedc80168b99917f582492e5bf879486f Merge "Reflect provider change in puppet-openstacklib" 5a92644f5a71e6ded1518fdac8ccfc657f797d98 Merge "Authentication URLs and endpoint clarity re-factor" 95598cb43d70c33707ab7a3fd76688ec15547f72 Merge "Validate service_identity resources" 36bdbcc07e049d7c1b8ca08910da91be166306a3 Authentication URLs and endpoint clarity re-factor 6c827e49bddbc85875f77c3700b0ecaea58156ea if running eventlet, send deprecation warning 37d5af0229a48a6fd3b8dbcae14ef364d7d9d523 Merge "Clarify the origin of provider warning messages" 3d2e817b48e6d8f32a1b401888d0a4b04566e8fc Merge "Purely cosmetic change on keystone provider" 11a216703799e6e4b526e65a097dd75fdabafc76 Merge "Initial msync run for all Puppet OpenStack modules" 97a4bcea483b7e86a54e67b7a3ed933772bde1c8 Purely cosmetic change on keystone provider 5764e03754458894e025190a6a106f63dc0c8d38 Merge "Adding wsgi log formatting" 8c0555d55d71f68d49a4a030d326bf76e1df7e79 Merge "acceptance: bump to Liberty release" 0de67952bf0b8e887d8307861959dcf2e63ec328 Adding wsgi log formatting d686122ce7f03c87b779ae3dccf14aa3b1adad73 Reflect provider change in puppet-openstacklib 3294e1dfaf52efff2bfbc17458fc3c6b2be3554e Merge "Rely on autorequire for config resource ordering" b9e6fb9f16e91b15f5fc66e2cf0a71ae4d9310db Clarify the origin of provider warning messages 9dcac4682aecc24f9afb5974a2161b177852a75f Merge "Move openstackclient install to keystone::client" 8c0acc3617002acc19d12763ff5b8dc8ad0d449d Rely on autorequire for config resource ordering 6b1401e38da415f52ba031cc06878b8c3c4eb6a4 Merge "Add an ability to manage use_stderr parameter" 40995cf3f6346ca4f67b64bbb7c873fd610db52b Merge "Use openstack/ namespace for fixtures modules" f8fdeb9421b76f91612e1da72dfdf45ba6a2e817 Use openstack/ namespace for fixtures modules 4d749f5abfe13b8ff5f2919d8dce6ff8f499f35e Add an ability to manage use_stderr parameter d2637ed73dfff0347579a01b7d0e7e513629460d Initial msync run for all Puppet OpenStack modules ff89c950a059b51419fd7c015416987a5d86fe7c Move openstackclient install to keystone::client a41504d2df5723d201b3b18d712427bc6d41504b Validate service_identity resources 552e0e0163eeeae4c0790b05dfbc4f45ebfb42a1 acceptance: bump to Liberty release 1baf0e78e0daa0361256ae5d80b2aef8878f0e6a Allow to change archive destination f654d3cd9b8ce57345823e544047b311856c7fa7 WSGI: use real service name in restart_keystone Exec 2fd7fd339d75906af4010c613dd277f13cf15a5f Merge "v3: make sure default domain is created before any other resource" a4c17955c7a55d2e10e13887d65bf1ce8925b8d4 admin_user_domain and admin_project_domain can now be equal 50059b6c470623bc2cf315861c7ba2a28b8954c4 v3: make sure default domain is created before any other resource Change-Id: Ifa7a70b7131142a09bf1b25b05308f655e87959c Update manila to 635f1ffce006d19e1c1788ec2b75bdf6b1c4c627 635f1ffce006d19e1c1788ec2b75bdf6b1c4c627 Merge "Reflect provider change in puppet-openstacklib" f9383c536b91914bbf0c06aa0e20620292809c4e Merge "Rely on autorequire for config resource ordering" e2bcbee7922b36bf53cda645f353232e63a3e209 Reflect provider change in puppet-openstacklib 734f59be829c227619d62791d3bb5fc3d6dbed9e Rely on autorequire for config resource ordering b974849a8694ae4559b9ebaa7329118fe963188b Use openstack/ namespace for fixtures modules 8cbd33f7e6184ffad4ad6be7f8998e424d637c3b acceptance: bump to Liberty release 32f9ff5d28fb948bf9c0e30d1e7e9225237e26e1 api: require ::keystone::python c796f9111788f188f029500c0c41a819278a1cfb Merge "Add related parameters to oslo_messaging_amqp section" 3aa063160d02b6200599d4c2276fa3ad71017354 Add related parameters to oslo_messaging_amqp section 496e595d1b17483257b9843aebd9c49d2c881d26 Merge "keystone/auth: make service description configurable" 085f703eb50ec23fec719f1ee777430fe6c8e29f Merge "Add tag to package and service resources" 0ed300aecc3a529d983c043efa0af397352e3678 Add tag to package and service resources b2fae35db5b6b1bb9d41a99cde04c657ec716681 keystone/auth: make service description configurable Change-Id: Ib49079de948b43a9e15975bb394fd535e08a87bc Update module-collectd to b16d0e7cf1c7469b063ef5205d54c6e9a8de1734 b16d0e7cf1c7469b063ef5205d54c6e9a8de1734 Merge pull request #316 from TheMeier/ceph_plugin_2 f5e5abafeaa285603c2b6c768ddec64164dc0cb5 Merge pull request #329 from ttarczynski/netlink_plugin 0196847f07f0ddd35510e1016e194439b2dcef44 Added tests for plugin::netlink 75fa909e1141ff8929c4db0639f932078196ebe9 Added docs for plugin::netlink e2131793622ae5f67735c6564e823aeb7bfe1768 Added plugin::netlink 8a76f28e7befbefc5a2b9015b1d2f362683aae89 add docs and test c6295a02aeee52f8d4ffbe4af454e169ffd231ae Merge pull request #321 from ortegaga/feature/plugin_snmp 052daea72c741bcb0405b57ed550b81730267bd2 Merge pull request #320 from ttarczynski/docs-fix 952a6453601e330f521f2fd9a14860b80d371f85 Merge pull request #318 from simonpasquier/master ec1b12c58b8246a61cfe9bf482a9f4b706561a8e Merge pull request #327 from dfilion/tcpconns-allportssummary e1717df8d5dbd4440e9469a1bb39b3ea15027168 Merge pull request #315 from matejzero/master 990fdc7e4587b40f41c8fea0288b43a88f8a3c25 Add support for the new AllPortsSummary option. 9368d617c1dce822fff0d07e9042d7058c367f23 Small fix in documentation. ccb2ba274326ba0a91bfa76c661358ce4b1a4dc9 Check if Table option is defined on plugin snmp e84027ed16e51fd5fed687ddd90733a1def05bdb Remove sorting of Values option in data block on snmp plugin bf6f86b470391dce74bf2d294ec1943f9dac9347 Support InstancePrefix, Scale and Shift options on snmp plugin 9ecfac2b1ffa32fcc180d6252e0d5053931541bf Add support for PrintSeverity option (fix #317) 6cd8c568a7f5f19a9fade58d54ff19ef91328c94 add collectd::plugin::ceph 2fffd78230d54a6265fd074b42010abec80a4343 Exec plugin can also be used with a parameterized class. e6b7b6a7fdb961a03e3078df5a80d455fafdaece Merge pull request #312 from matejzero/master d00ced669bfe4251a346fe247a3d55e2d4690768 Typo: changed colon to =>, since colon generates error a38f9fe102a1fb77bd466a534a95eba9772b3565 Merge pull request #310 from nibalizer/release_4.1.2 19742da128f0acedeae334f9df8643de65109c06 Release 4.1.2 a0e3a06eb8d8ca6e65af24ee566cd43b5c2c85a2 Merge pull request #309 from blkperl/release_411 7842169440d7477578f2dda0f7e8214bf8638dce Release 4.1.1 572914c6e77feb2584773a9cf16b293b258bcc04 Merge pull request #308 from blkperl/release_410 1b01579328233caebf83aa662484718727992993 Release 4.1.0 772740a3b4885791c5bdda17e310b6dae372ae4e Merge pull request #307 from blkperl/rspec_deprecation_warnings 2ee7ecc900de78ed6226cd35d44338ced87f3524 Fix rspec deprecation warnings 708a1da192858c1ed2a7f6d7bd2f63195b932fad Merge pull request #301 from jonnangle/disk-udevname 6baf7909c9b38e7647e21828e8df1d56ce46fa1e Merge pull request #302 from jonnangle/237-iptables cee944ebb312542ccd00b487a07ae81c5aa5c071 Merge pull request #306 from blkperl/move_to_puppet_community 2ff16af938ade3bcfd580e4092c8472cf84f7ad7 GH-293: Move to puppet community github org 8d89800a869981aa297f5d9103d15ad9493c6e0c Merge pull request #303 from gibre/iptables_centos_inf_7 0be3a28b11a5bfce712bccb92562e5dec37b2466 add option to not try to install collectd-iptables on centos 6 4eaa664172ecfd988ebf4b3bce900a3848d31221 Use separate tags for each line of code 772512070840b1d157ee07364c681ee32e25cf99 Allow iptables chains parameter to be an array de42d18c38ee9855078977ff5936e70e7d06a9fd Document udevnameattr attribute on collectd::plugin::disk ed2cdf5d89214b79d3e2dc74a45d64cf962f48b7 Support UdevNameAttr attribute on disk plugin (fixes #300) 1f1122722d23d57938b2c159f1f3288724e72929 Merge pull request #298 from pdxcat/v400 9a4d10e8569bf0b433134116ae48955ac1888c4a Release 4.0.0 d39c2393357f482015df3fcc708237a68bf6996b Merge pull request #287 from deric/exec 125b28cfbae49999252f249709c160474e38eccb Merge pull request #297 from ChrisHeerschap/master ebbe1291b59f28cd543d49de36d8834e4a7b9774 trying to check for sub 5.5 not having ValuesPercentage f6b4d38664d84d7b3c2bd68200879d0c246d0315 removing my improvements since they suck 9ca5d941bf60ecff8d2d20582d288b41b5f68f22 improving the memory spec 6de1b80b01f62a38fc32ff0f0a433d2b0fe2c921 fix syntax error in memory spec 294cd121df5c1fbb35672d95e07507c677bd72e8 fixing the memory spec 5424d8122e5e4592af9e656025cd8756b360fff5 missed false in the swap spec 98b10115b360ca839d1f749479eb42e86162a8f0 working on the spec files for memory and swap 7b04dfe2df2836a7e39e9f33f23ee457d7919e65 adding spec file for memory - copied from swap 112eb712a5aa87f26d06b0669c2b058b8eed6495 adding ValuesAbsolute and ValuesPercentage for swap as well f7af2f2a64aa87b1cebc3f1d551dce79c0c605bb adding ValuesAbsolute and ValuesPercentage to memory a35e172c74dde8d05d21db51f81c41db8ce81d16 Merge pull request #296 from jyaworski/add_carbon_default_values 91a14d58820be1df7a70a8a6478529648a0320e9 Add carbon default values as parameter to create_resources c6604073b8585e5d5d7878dd34d993efd1641dc0 remove unnecessary empty lines 48273f6a287ab7eb5c72b6aa45a1a8e2accfc277 remove extra whitespace, fix handling empty exec, add notification_exec spec 6aec1f31b802f61db81e468f8486d16da469f153 support definition of multiple exec commands #286 975e1d543fa7c333a27e3e69b0834d517f0fd38a Merge pull request #262 from deric/graphite 0e138ce420f8968d5ca8157781be17fb1ef14be4 Merge pull request #285 from d3cker/master 6dd73aa4192a642c7626c4cf9a2a56d45da6713b Merge pull request #289 from kurpipio/master 71a1bdfbd7c91ee5916a31930c3f6f28bc5f23b9 Merge pull request #295 from tbielawa/master b8614337c6216c88d6e1f28a014329583fea33eb use older syntax, when undefined version ffb56ba8d1afaf49be8a307c62e51865db5f037e Fixing tests for other ruby versions c59ff590bc091241d431d643925d3056c8090de4 Add spec tests for openvpn plugin fbda2f12c734692210e150952785251647531eb7 Begin adding support for multiple openvpn 'statusfile' parameters bdf34567bfc957800047e5f1fe44279ecf99cab9 lint fixed f3eaad2754a1ee92582e449687b3069ac0b44c8c add support for aggregation plugin and chains 85e230ce67317216af5b177fd2aa0f2bb0ea831f Merge pull request #282 from ttarczynski/python-formatting 1d4202e8f731a68e32d80d9d89cad559d1df9e7a linting 2849b89776bd6eb4663ce53e902f450185e3fefd use Node syntax for Collectd 5.3 and newer 7ecf13de6766630da37eb9bb8ed15342af6d2cff fix write_graphite specs 15125a901b71989d854b6025d77cf4fd46a31178 Support multiple carbon backends 8b452d3030e8bae06065cfe3c7dfebfd3aeed334 fix multiple instances for curl_json 0d771f62c3f1019af90efe2c119a4ccffc417650 Removed double quotes. Only newlines added in template. 27adfd35e9c1d81138ee2c93754315e9db5186ac Merge pull request #278 from bzed/process_processmatch_concat b12a86ac0d7de82e5a4c5525ede0f5030d3299b9 Fix formatting in python plugin template 05967216bc09bb8ce5ccef98b89a098c9eaf5e1f Update documentation. 5d4b52727e5c6b311a84dfe025dd8b4593d9ea5c Merge pull request #280 from bzed/cpu-plugin-for-old-collectd-versions-fix 211b3d586a6cb4d35181952f34278796714671bf Add missing include collectd::params. 80b94b3fdf4be93da4861d6c7f3b6a74807488dc fix cpu config parsing 2ed9e84114f6140d61b5678142708230604895e9 Use Debian as osfamily instead of RedHat. e3a221c402590e2dbe55451f0983f7730151aaa9 Pass order/interval; Fix spec tests. 6c101d5c4bcb9b354dba3a9ccd3f12ff1db67c37 Use concat to define the process plugin config. Change-Id: I995f1b8ddd85b498422fc34f82a1397f044ef796 Update module-data to 324e79829b29734bd711a991baadb27ae5331642 324e79829b29734bd711a991baadb27ae5331642 Merge pull request #28 from timogoebel/fix_parse_error 8796f044b1802819e374c9b8d626bed6d13d0113 make deserialize_symbols a symbol b45b62685f6acf3002f47640f093df15a2a593ec Merge pull request #27 from timogoebel/fix_nil_error c111c7f1ca750f9eef54b92b9d8a04503ef4e3c9 Merge pull request #26 from timogoebel/fix_parse_error ff15feffc13c96c24e8ff9b267f15ffd7a6dd09a fix error that mod is nil if unless matches in load_module_config 980a1c2f04e9a2f49126100511cb3f437fcdf169 fix parse error introduced in GH-24 Change-Id: Ie02f7f59ac216d50fe4ccb8e6fb0bc4c73151c21 Update mongodb to b2441019cfaafa1ad50236fc2d45d3a00ee1b715 b2441019cfaafa1ad50236fc2d45d3a00ee1b715 Merge pull request #228 from dprince/revert_auth_enabled 31ce292f4255b3b115d64f94bb74703a10210a14 Revert "Initiate replica set creation from e2383ef854707f1f2a92196b943f377770b2b7ae Merge pull request #224 from nibalizer/pr_204 4560185bce759aa9abad0323593e14e57b2136ad Merge pull request #219 from vorlock/master 6fad8b44495aabe87db5dd3548f432ad0c04ec87 Merge pull request #217 from iberezovskiy/master 3cf6f329556a20fbf5adf316674e1aeacfe0b230 Merge pull request #216 from sielaq/master 1e235c267ed3a62ce6aab955ede21afc2ec454ef fix 'Undefined variable' by adding 'mongodb::globals::mongos_service_[enable|ensure|status]' and 'mongodb::params::[pidfilepath|journal]' for Debian" 7d1d7383fce0c15b421b6408e9f903df335d809f Merge pull request #208 from mvernimmen-CG/MODULE-1835/mongoDB_3_engine_selection_support e90818a30dcbcb05cdb68118a5a8ce5703037445 Merge pull request #188 from andyroyle/noprealloc-negation a7fe0e247346c6390b1d2455d9665cbbef1e2226 Merge pull request #186 from serverbiz/master 20e3bc6b0be617875c77432347620b7a48b402d2 Merge pull request #223 from nibalizer/pr_185 c6160d75a7bcb6d1b8d08796a2686e1d6f32c3f4 ensure that the client install does not start before the repo setup 1caa046c5bf51a29ff1732e1aef54f0d59086e52 Merge pull request #207 from ikoniaris/master e73dc2212c8b6fa8a692cdb541a27b015c43e310 Added specific service provider for Debian 7dcb230e18c9856b3031e6cad9585161bde4b919 Initiate replica set creation from localhost if auth is enabled eca75727cb5ccadf168891f3db15e79397942e8a Implement retries for MongoDB shell commands 0d59bea14dd94b2a6830dbf85d53beb8eb48d71c Make distinguish between repo and package mgmt 01ba34f34cc040dd34c342deeaaf0f095bf98a15 (MODULES-1835) Add mongoDB 3.x storage engine selection support. Allows user to set the attribute with empty value without affecting the mongod.conf Without this it is not possible to use the wiredTiger engine in MongoDB 3.x. This change is backwards compatible with MongoDB 2.x Add test for mongoDB 3.x engine support 85d632552be517e16caf1ac75cb53a479f3301bc Make distinguish between repo and package mgmt e89f984094ee5551805002f50b8fc6cf17e45b27 Fix mongodb_user's username => name 04c9d2dd97f5df352a6c248277fbf7fe830968af prealloc setting needs to be negated 4b99ab2ac49b64e4d5979d293d6a2d1fd65dac14 Fix replset not working on mongo 3.x due to the output containing an ObjectID Change-Id: Ie7fd0a35a967a50faa3d9d0bb56554fb8e63d248 Update mysql to 8b365689caceb5dc0bcb0763b4a7b369c6434778 8b365689caceb5dc0bcb0763b4a7b369c6434778 Merge pull request #753 from mhaskel/compat_with_pe_3.3 3e8e0320cfb1025398a833cdffe93762668f295c Compatibility with PE 3.3 2fd0b9cec4a9c1ebd8620b79e6e1fb40f226ed20 Merge pull request #749 from Herr-Herner/fixImproperUseOfFctWarn 7681c1363abfaf1c0b85a9904c8ea6200aa002da Merge pull request #750 from puppetlabs/3.6.x ff4ce8c5d44a401e2ae49cf0746039e07fd6328b Fixes improper use of function 'warn' in backup manifest of server. afc156739672684fc89ea31417f025fd17131a6a Merge pull request #748 from jbondpdx/3.6.x bfcba988599c6122c497b01e1a905a54104af09e DOCS: minor tuneups on README 8dae90d0fa86a8ede5bf4c17b44a5eaa199f79fb Merge pull request #747 from hunner/prep_3.6.0 f1f47f4311be3d05cd185f174c0047bd9f6f5af4 Prep 3.6.0 5f17b94026e197b7f15951fc77112f16be87cf18 Merge pull request #746 from hunner/fix_dep 603a02d118df74b17e837b03cb182e034190c0cf (PUP-5021) depend on package title, not name ced1a08c34168f6b3f8e1ada1f75223ce7f27f07 Merge pull request #682 from eems-leo/process-secret-file 4049258c30601a144f885588932e9bad4a267f54 Merge pull request #745 from jonnytpuppet/2030-only-establish-service-depencency-when-managed 6924dea7bda1c68c06da9aadbefc6bd3f8d8dc7d #2030 Only establish dependency between service and package if package is managed. 2c8a822f254ba39acdfb4f1251cd6651c2638ad7 Merge pull request #744 from danzilio/xtrabackup_enhancements a7a5c66bc431898e2931d7520a434394ef495276 Add support for postscript for xtrabackup provider 8dcb82ccf2f27d4a720561ae215a84253b324a84 Merge pull request #743 from michaeltchapman/showdiff 0dffab292367501e48b67ad82c95239ee1bdbfb4 Fix show_diff already set on .my.cnf c7de52013bb6ba5f2b2c39d39f6c1af127907b55 Merge pull request #742 from redhat-cip/idempotent-config ba52d1d6e9b86f835ea002cac990050788fe2963 Ensure idempotency between Puppet runs d6942fbaef2971fbf5420200e969b85001ac95e6 Merge pull request #740 from puppetlabs/3.5.x f0a064aebd6e5b2859edc6be4063a7a59675d022 Merge pull request #739 from hunner/dont_print_root e3c9932a293024a5d0bd668258b7530822e6fb21 Merge pull request #736 from igalic/no_server f44830ca7b87a1a573297bf18eb564e9e40c8181 autorequire mysql::server in types 23a4a362a0fa5a308b1b346106d3d56ca9862beb [#puppethack] use of mysql::db without mysql::server d8728eb32dc2d9307d1fb2d4e1a3abf654187041 Merge pull request #735 from DavidS/solaris-11-workaround 502bdc936052445901b9f5d13e69cf5e90e888d6 (maint) workaround PUP-3450 on Solaris 11 c9e9f403a0fdc6e5dbe2a5a81228a9e9c194fa5d Merge pull request #734 from DavidS/release-prep 91c44c2e2525b8cd47894532f2c29d6672a41077 Release prep for 3.5.0 253f74925e35ecb0888516608c255ca97ba2a3fc (maint) fix spec formatting c2e4b9f01cee688993f320372d2052b344171856 (maint) update to current modulesync configs 845b151e37fe4471e40211c565f0b7a732a1851f Merge pull request #733 from hunner/remove_sles10 d0800c5b07f155124ffc57f1ace3a1a16b88a26f Remove sles 10 from metadata.json f9359624f0c715b68614872241d7c020eba3f7bc Merge pull request #732 from DavidS/dont_print_root 8f628b8d73acfc5e214f844fd79fbd0c6f4d90b7 (maint) don't print diff root password in diff d2b33b5af2babc00f3658ca633a074c13e1a1461 dont print diff root password in diff fd033183312961f6fdefeef4bcdf1c4aed520419 Merge pull request #729 from drewfisher314/ticket/2153-add-solaris-12 ffa2b1eceace29c0caed4c6d5d4572900fad454d Merge pull request #730 from binford2k/fix/dont_explode_if_mac_fails c6afa1181abfd8ecce47307604683820408653c8 Merge pull request #722 from igalic/lenght_check eaff7e40b5a348b4e494a49f8700897190f1c002 Don't explode if macaddress isn't set aba6280a492f5666dfc713beb6c67f03775f4400 Add Solaris support to MySQL module 545f0a591fa60f51c050929f8d6be47269c32ac9 Merge pull request #728 from timogoebel/fix_nil_object_future_parser 7ea4a748c2819552fe691e9d8f5c98911df83f4b fix Evaluation Error with future parser 837c21b9632dbaca774ebc2f2a11df03d8accbcc length check for usernames should take mysql version into consideration a26b80d750030481d3f13f629b07b8bcd9698958 Remove default install root password if set Change-Id: I7417089067aaf5ef197a19bd7039f30ba7a0a75e Update n1k_vsm to a9bbbc6e6455c9fd9b9bd18b90ce5422af0d6e3c a9bbbc6e6455c9fd9b9bd18b90ce5422af0d6e3c Add pacemaker integration code into VSM puppetry Change-Id: I86e2dff6efd76a8036c532f87e0b007196689bd3 Update neutron to f4a0f2aa66bd04a930b02e2c2b3f9f0377a451e7 f4a0f2aa66bd04a930b02e2c2b3f9f0377a451e7 Fix 'shared' parameter check in neutron_network provider 774470c8bb6c279e95100845ab67be04e2bd7448 Merge "Initial msync run for all Puppet OpenStack modules" c13ed0c97bad59418d028dc77769772f5dbd7f15 Merge "lint: Add and fix missing parameter documentation" 0143e4721f723ff2d63abeb917937708bc6b9c46 Merge "Prepare Liberty release" bff7f0f5d622e4a01936ae04a8fdd58eec20eb42 Merge "Allow deployment when DVR is enabled and L2 pop and tunneling are disabled" 1947761dd731653f9279c642ac1156605f94946e Merge "acceptance: enable debug & verbosity for OpenStack logs" 9034bb2c1834b9d693d9e6cb9017391f1873c8ba Initial msync run for all Puppet OpenStack modules 11e58e03a9cec2afe392cc9a102949a52bf736e0 lint: Add and fix missing parameter documentation 6120731d80c65c7e894810551369719756be7e7c Merge "Update Cisco ML2 classes and templates" d8d056af702a1cad7c866bb6333d21e91d52232f acceptance: enable debug & verbosity for OpenStack logs 737135ef496962cbef95cd5b3191df7949362865 Prepare Liberty release 02afb3762859b8c5db33fc3f4cdc22ab981d71fd Update Cisco ML2 classes and templates f60061a2a80956b6a80f68fbdaef04b6662e0f4d Allow deployment when DVR is enabled and L2 pop and tunneling are disabled 2b3fb6802f721b3873565e7bf1e7496ee181c5d2 Merge "Add an ability to manage use_stderr parameter" 8a02849276b12a336e43470d129a30e5302b30f0 Merge "drop neutron_plugin_ovs type/provider" 96bcfd3192df83d73d6beaaea481e859e2b7903a Merge "Use openstack/ namespace for fixtures modules" f829c8d31e10819bf13724ce712b1780238d7d50 Use openstack/ namespace for fixtures modules 5561243f5ad6ea802edee3096a1d759e65b2e154 Merge "ml2: Fix typo with ml2_srvio/supported_pci_vendor_devs param." 7c4a0d6535fc338f540ac393b23d54c990bf4818 Add an ability to manage use_stderr parameter 09961314b8df19c5b953180884abd777f3669984 drop neutron_plugin_ovs type/provider 0c7d7e0e32425b2a5e945b007e186168a9b5a60c ml2: Fix typo with ml2_srvio/supported_pci_vendor_devs param. ff38d8d3ac2b2572a1cb82729d881160cb99f7fe Jumbo frames between instances b2336b454903992db396353c0d936d508eec4ac4 acceptance: test OVS bridge listing e9e5e38906cd0268d8607e33ee892fa3ff983027 Merge "keystone/auth: make service description configurable" d937539a4bb4b6faa10a8c728f3089ae832607cc Merge "Allow neutron-dhcp-agent broadcast reply." a63da90375a3800aa1e97c6b5de0755f75c55b8f Add tag to package and service resources 3d3953652a54be74cf1e2acc8a89f1ef87b5ca93 Allow neutron-dhcp-agent broadcast reply. c8f4c4cd17c072aa9bb24ef89430da564ed3fe24 keystone/auth: make service description configurable Change-Id: Id1d0894a757fdabce7fef5568a1235d5a82c016a Update nova to 5ee9fcdf00e5363efb68f3605747c606a6eaabee 5ee9fcdf00e5363efb68f3605747c606a6eaabee Merge "Initial msync run for all Puppet OpenStack modules" e7444b9a14dece4c09f369c26b45beb256dc5891 Initial msync run for all Puppet OpenStack modules be84925e327cd13f7ab72ce919e51615dc935106 Add nameservers (dns) parameters 196dce78ad9c416c8e2d0932698fd9c511639ed1 acceptance: enable debug & verbosity for OpenStack logs 6fd96101849c2cf52d56150a4bc5f430439b7f3a Merge "acceptance: bump to Liberty release" 8796733101f920c706ec8f3c4545e68ffd00e5dd Merge "Rely on autorequire for config resource ordering" 8bf6cc80461093de6544b77f09ef6c0a6b0e15af Merge "Allow to change archive destination" e2a7d0da4db3f92036ff3314b2b02f76a8eff881 Rely on autorequire for config resource ordering 4c1a34d720721786240a942f9c883e18473356f7 Merge "Add an ability to manage use_stderr parameter" cade2b7a5f7ae6c7b4195bc86b022555e6825e41 Merge "Use openstack/ namespace for fixtures modules" e8b959fed6515ac5bc11fc08a1bb5694ad200066 Use openstack/ namespace for fixtures modules 7863f8b08a7c8d931d39ae2a5a549ac76911da6c Merge "Move os_region_name config option" 94e41fb6f6119620dacb1164bdb1ccd649e740ba Merge "Creation of nova::db::sync" 4190d9d10888ac8025a5e0a366c5bbb0a975db0a Add an ability to manage use_stderr parameter 3c80a1f730d45306444777f68afae01b574ec653 Move os_region_name config option f859bb3a30286b96377bc1b6a8265eb01a86320a acceptance: bump to Liberty release 0c5aa925ce11bfe1d56040633079a007fc141197 Merge "Add ability to set default baremetal filters" 459d075c61a6719aabe2af825153acd3456c7d07 Allow to change archive destination 3543216dedf47b2a4a7a2465853a1d6233f2ccb1 Merge "Update Nova README" d834a87a2067824445b3204c1cdef102de2187ff Creation of nova::db::sync 03458a12108d8e8a46e6199461b9287f20415fd3 Update Nova README 6e508ef56c81e6bc03e3198fb7894c33a70ca83c Add ability to set default baremetal filters Change-Id: Ibcba5df01c43d50d2fd8f984cd253c459dc7022d Update ntp to dfa496a394dd1a7120af203f0a31eeb536f7af2d dfa496a394dd1a7120af203f0a31eeb536f7af2d Merge pull request #292 from DavidS/fix-management-of-etc-and-unit-test-runtime d93595f8dbbba4395bc1f650aeba253a523f2acf (MAINT) Do not manage the keys_file's parent when it would be inappropriate to do so f3907ffd44596d888be133f2cfb406b307f33e11 (MAINT) deprecate ntp_dirname function cd292274b3e47c7cfc4883cce6bdb238232a720d (MAINT) clean out unused cleanup code and utilities from spec_helper 8f768e1af206f0aa84691915a237afcf568ffd3d Merge pull request #291 from dmcnaught/master 765a33c6bcf55c84f838365bec8b4ff2dc021d93 Adding ::operatingsystem Amazon for Facter < 1.7.0 (cloud-init installs 1.6.18) c54aad662805b43b1829027b8c8719f47730580c Merge pull request #289 from lvlie/master 7c9e36f1013d4fe2f87c5ca258ee52799772fcdd Merge pull request #290 from xaque208/solarisupdate 4b53db93b9121535a4d761e4cab09006be626968 Update Solaris support for newer Facter 84425a9ec34b14f3f3bb011cc7af239a2c2d48b2 Fixed tos lines in ntp_spec.rb 81475c5862ba37d1a646ea46c4acaa9fd195cfd9 Fixed tos_minclock if statement in ntp.conf.etc fe97d51fb492cea10d01f7f279ec742ea6c9880e Merge pull request #288 from ocadotechnology/ticket/2282-add-disable-kernel 5c32d441499c9944c6b6d7ebeb4b6d4f28dd70b4 (#2282) Add support for 'disable kernel' 55640d21cfd5b93e7821cbd370bdcfdb6db801b6 Merge pull request #287 from bmjen/mergeback 5317d442cff91cab64e6ae14101837f7bd29860b Merge pull request #282 from petems/MODULES-2210-add_tos c745262984d4486774d9e92abfc891cd590684aa (MODULES-2210) Add TOS option 5774e6b206afabfda696ac13aff4e09503170341 Merge pull request #286 from bmjen/revert-solaris-12 9dbf1d6f2ccae82a34ad38760e8281d397a6d279 update changelog d08256af97519488d7eb1ed537556a00d72bff86 Merge pull request #285 from bmjen/revert-solaris-12 d725df80e5906377db36dedd1ef5bf556e8e7885 Revert "- add Solaris 12 support" 90778bc5060d3fa3a274cbf58d76226d5356ab03 Merge pull request #284 from bmjen/4.1.0_prep d58e30b18085780e4fac6fc115174696b69926d6 Release 4.1.0 prep ee1105bbff1b99495ae074c7f7944e1f375cb046 Merge pull request #283 from DavidS/fix-ci-for-pe-next 2a5b0caa75c9a0b8a837ae22e5fd3b12ca0a59f6 (maint) improve the ntp/dhcp disintegration to actually do something c872c0311825048110c10bcc85a14c0a4abc0c3f (maint) improve workaround for "ssl cert issue" 67df952ea77d21158f93b853e05c014b79596766 (FM-3124) add SLES10 params 8e763efae1a2b166b0084063dd85ce5d11febcfe Merge pull request #272 from jhoblitt/feature/fedora-support 7291d1ab224dabe171c64f9d5fe4d92dfcd750bf add fedora 21 nodeset 7f4cd1d1338f744789350705654615866fecdb75 add fedora support 9067bb6f4f1433dbbf5aa73d1ac32252a59b3a58 Merge pull request #277 from pixelpark/solaris10_support d2bfdc03b87d834d641f678e4704ee2ae5cd8dea Add Solaris 10 Support 45e234d2c6fd6dc402cca8bbdffa55ba4206adf2 Merge pull request #265 from mmonaco/master 261f381f57d72368604fde091c51eae748955cc0 Merge pull request #267 from mysteq/correct_disable_monitor 09d4db045ff5d7793b5b12876dd1132107016d37 Merge pull request #274 from drewfisher314/ticket/2137-add-solaris-12 cb1af284bd3390897a8919d7bb8a45f361896e03 Merge pull request #276 from jonnytpuppet/config_fix 5df8cf349793788a9209117407ef3916b048579a Ensure the log file is created before the service is started/configured. 158f33fe6098e615ebe91dc562b7c3d61cf06763 - add Solaris 12 support a79c2e2f950ae47a6962db02c00f6c143dca5290 Correct the description of the disable_monitor parameter 821943586c4d6ab979621d3a76bfdce76e278c1f Update Arch Linux defaults Change-Id: I5458ec647c87c4885ff90d1fae69c99cfcb0a59b Update openstack_extras to 6f44d1844601fda47b73456e05980a23234a873b 6f44d1844601fda47b73456e05980a23234a873b Add acceptance tests for repo::* classes 25d9caa3af1b0cdd2dd6220d97f10f198a548997 Add auth_file acceptance test e3a2b0627fe73dc94187e587e9eff19564beffb4 Initial msync run for all Puppet OpenStack modules Change-Id: Ifb94c9aa30f1727a890e11de5f62609c37193f43 Update openstacklib to 745dccbfcd3637821f4f9135f4489e865184da82 745dccbfcd3637821f4f9135f4489e865184da82 Merge "Enable acceptance tests for openstack_config" 480e38bb5dbb63b95637e5d93ba0290d021b71f5 Merge "Initial msync run for all Puppet OpenStack modules" 04fa19c741cb948441e2eced521c9feb2bafd9ae Enable acceptance tests for openstack_config 4fe3a9e5bd9782df361c8c73eb6bf25fe8a4d26b Initial msync run for all Puppet OpenStack modules 3b85306d042292713d0fd89fa508e0a0fbf99671 Allow the use of an ensure_absent_val param 9ce94f1fa618c774041293f8ed08174673f49b50 update openstacklib reference Change-Id: Ic91aebe6f7e7742b4347cb80b2657064df4b182a Update pacemaker to 69e914e3c6d6c65866c3e087f97b0816c1af78c6 69e914e3c6d6c65866c3e087f97b0816c1af78c6 Merge pull request #61 from jistr/pcmk_resource_default a2c8705a72703dbf9401d780fcc335723a131373 Support setting pacemaker resource defaults Change-Id: Iac54137e21a041e21d883adf589d8643c04c00b7 Update redis to df4e2077220b13751c6f4fa89e714c0be72a65a7 df4e2077220b13751c6f4fa89e714c0be72a65a7 Redis: add support for hz option 8fde53fb9d9e2f8e10cde9bce54bca43daf8954e Bump version to 1.1.3 6f62479f283a53fbda6bbeb629541969b86a7864 Bump puppetlabs-stdlib version spec ed87638cc9094c25764a138e1d006995cd192672 Bump version to 1.1.2 1e49022fd33197c09c955736e8d2dd3c20ed02c7 Lintian fixes 465e5b646340840d80f4e034aface95605536073 Metadata lintian fixes 312e002600e8b672543bee60c21e0173a072d3a5 Add EL7 repo management support bf4139816780ea255a2f014b4c7c6860f35626b5 Bump version to 1.1.1 fcf53708b26b66c5d4465112afe66d8e9558d6bd Add unit test for parameter save_db_to_disk fba38a369675b37237f8dfb351a00e5c6636557d Style fixes f169b64b2eb2c4bff01d5ed1dd0ad494926e1416 Set local variable in config.pp. 5efad9a570404febe74d61cdc42a27ce47942869 clean template 80da8b7d560041db6af40bd02b4aa9bc2f38f80a [NOT TESTED] save db to disk added eef056c67c904a9fceca19c95961521261918168 use bundle when testing ddecefc2ea6c42b2ea026a2354d1cb4809ce4982 fix broken test setup ef0fadfe99cc88a508a0fe8054975fa3d9f8745f copy variables used in template to local scope Change-Id: I5aab41fa6603ac329d0f7105ce24ff179d8dd36e Update sahara to a0a09deb43e7ac8f896764078aa098516f27fbcf a0a09deb43e7ac8f896764078aa098516f27fbcf Merge "Configure rpc options separately from ceilometer notifications" 06132f997a88347e2a2b6aff9dacccfd1f60e4ad Merge "Initial msync run for all Puppet OpenStack modules" 48f0042f599e9c0ea0f8473ffe19c6a0b14dc346 Reflect provider change in puppet-openstacklib 7a637de5b6691689d956723a1541b82aaeaadcab Initial msync run for all Puppet OpenStack modules 44bdf30585204ab891ffed480697f0f9b7120f0f Configure rpc options separately from ceilometer notifications 92a53a6b587e8f8dddddbb253a1b4595db6605c3 Remove Sqlite validation for database_connection 8c4357fde242cc5a628806009fa582858b148443 Merge "Update parameters for Sahara" a30382fc7742071d4ee82d0aaa90b32ca63a9174 Merge "acceptance: bump to Liberty release" 1d8f58a9b2b0a61c27abc521e3031ebd3e027c6f acceptance: bump to Liberty release f590f384a92916671cf7904a9c983b789b4abb7b Update parameters for Sahara 12d2ec8fb70f2f1424390475ab4a7e5ed1a68d0a Merge "Add an ability to manage use_stderr parameter" 08bb3b98e4e22ff0eac0738c1032901f9d017d57 Merge "Use openstack/ namespace for fixtures modules" 3c458b377ccb8641061ee77f2ef74ffa3c94bcc7 Use openstack/ namespace for fixtures modules 3e993877ee118593a53c8c5fa37ac985f5074aa6 Add an ability to manage use_stderr parameter 55c99504b8e3b63a1ab35071a0bfe85cd9a36ff5 Merge "Creation of sahara::db::sync" 231c70e452df2e9542dbf94f28cd4943a0e9a83e Merge "Update README.md for Sahara" 038e352256c1107ca633be3ae21bb89ad3589e02 Creation of sahara::db::sync 5639b6fdb5c307b66ee53944335365848efdf614 Add support of SSL configuring for Sahara 5012e22e6ea3d4ab1870a7b239fe59e6ea76af69 Update README.md for Sahara 2db7e5a3e7b3d3a50692c51e4093cca26cce29d9 Add tag to package and service resources Change-Id: I8060c84db09066903c302d2be2f806275515ab40 Update stdlib to 6a1afae97e0451590c833acdd79fd730f49137b9 6a1afae97e0451590c833acdd79fd730f49137b9 Merge pull request #517 from DavidS/try_get_value-acceptance 5ef5c6629fee2eecba0389eab3c3ce2f3d57d0f4 (MAINT) fix up try_get_value acceptance test 64267eb6508bd910cb368bcaa00d7411458b0c44 Merge pull request #513 from dmitryilyin/fetch 823a352f0f47d4481844bb6b6a6c00224ed556b8 Add a new function "try_get_value" 9352db77a6d265f1a49ab6b4d0f9e1df2ed2b007 Merge pull request #515 from jfautley/ticket/MODULES-2478-support_root_home_fact_on_AIX 6c2a003f2139a482f92f245ce1d49830be13c5f1 (MODULES-2478) Support root_home fact on AIX through "lsuser" command b10978703a5e4f07f240c509a3cf881210fbd5c5 Merge pull request #514 from DavidS/add-convert_base 2d4f5aa4d943e27ffeae524469f9c6eb18ce64d8 Adds a convert_base function, which can convert numbers between bases 1bed010dbbd4590b3299c81b0e962e76b8ffa845 Merge pull request #512 from Jetroid/consistentreadme ba345abfb75e0d6840a174f4d6c9b1967105385d Add consistent *Type* information da0e063af6c1e62f7262b591128e31ae6b12d523 Merge pull request #510 from DavidS/base64-unit-tests aa23894dd3e3259f73b0e0999b8b183988696a81 (MAINT) improve base64 unit tests 24e57b5d2849982d5a927f43d698ff7f312ab93a Merge pull request #507 from Jetroid/mod2456 1d9189d860f28067b72093cbe4027cf49b7d612c (MODULE-2456) Modify union to accept more than two arrays 1d89df906e1ae1d09a862974181663caaf8012c6 Merge pull request #505 from gibbsoft/dos2unix 4cbe846750c40dec57c55dbe6382dfa57c4d79af (MODULES-2410) Add new functions dos2unix and unix2dos e84090df1d081679e0c687614efb982354cf3cbe Merge pull request #499 from jearls/2370-use-match-for-ensure-absent 605fffd852e972a2df76be1b051d3b4a5f740bd5 Merge pull request #503 from puppetlabs/4.8.x 57275061ab63f26c0fc08361cb0d838708b1003c Add puppet_version back to spec_helper a72918f6759d99db774e1cfc036cc01a440fa9de Merge pull request #502 from hunner/fix_after 9baca7f7556e1db3722e992244f98e54aef41309 Sometimes this exits 1 cf5d4ff34b1556d59c5360e01b5f9bfd5e2686e6 Merge pull request #501 from hunner/bug_helper 0a58b9382c9cb5eb74519219dfe0cce1dd814993 Fix extraneous end a56e119f186dda16a4e04d3f5b1a180be7335e37 Merge pull request #500 from hunner/prep_4.8.0 dfa98b89f7a5513cccc5a4ded4b119dee39d1a59 Prep 4.8.0 9bacf14ca24283a94883523064603babcd7046d3 allow `match` parameter to influence `ensure => absent` behavior. 061d0c29fc54391f3e713e9ed76da3933b19083b Merge pull request #497 from domcleal/tickets/master/MODULES-2316 a7adcda803abe82e6a16e2410c10d58abedbd82d (MODULES-2316) Change file_type boolean parameter to symbols e815da59620c4fe7ae3e612b99ef20e8924f8f23 Merge pull request #483 from nibalizer/load_metadata_json f411ee7119cab1277baffee2fe2b2f978f402072 Add load_metadata_json function d1f6c5c5538ecfe39161a9ac75aaf6740e927fda Merge pull request #496 from pizzaops/master aca29129cb0fada02cd4590eba30b560dc08ac64 Remove colorful language from module. ebf73482e55c827bcb46b7d6b479ae7afd3628af Merge pull request #494 from CENGN/fix/master/file_line_replace 41a7297cb73e48a9548d7d0137f2ffe4108f248a Merge pull request #495 from puppetlabs/4.7.x 35e92645f727f02ef9ace8948154079bc0fff05a (MODULES-2024) Adding replace attribute to file_line 956c329a8a2f497b0953e47c307e4cc60b7044e9 Merge pull request #493 from DavidS/fixup-acceptance-testing 44c4bad392e627ed6394a4a5e93ae85cd4c4ca50 (maint) use puppet's utility function instead of API that's not available on all rubies ac0b096d49b7c00b43b98c75ed5c1c2b6af60169 Merge pull request #492 from DavidS/fixup-acceptance-testing 4d889cbcb6f5eb2358eed940f2d40d1f73cc8f51 Merge pull request #491 from ekohl/style-fixes c7403a4e050352b6b6dd98a2626aa90490884ca1 Style fixes a8d7563a441834ba5e4b9029c9446bb8f41f0921 (main) clean up fqdn_rand acceptance tests to work on windows 24b1cd78db93d14a8f9d27ce0f3ab09884892fe4 (maint) Remove failing acceptance test for ensure_packages dca8bdba59990cb8a3451cd87d0244c92ca94901 Merge pull request #489 from gcmalloc/master 5c79107863a42a9d347637146f0c0f728f9b92ad adding support for hash in the size function f996a38d1164cb9eb3750975e9fc96250685d164 Merge pull request #490 from hunner/fix_specifier 615227918a72c54c2064b81183fc98f4abd513d4 disable pw_hash test on sles, as it only supports md5 dde8aa095af5c7caa28c8dd0aa9ea31565482317 Merge pull request #487 from liv3d/fix_docs_in_upcase 21feb4b1f1da3d566a48b597abea2f053d7705bb Merge pull request #488 from cyberious/master 78e8c73671d0d3b69b2999094ec3af638327f7c0 (maint) Fix test to not assume is_pe fact on > 4.0.0 puppet 939aceffad5c9eafbab336e4e5e7477a97154e41 Fix documentation error in upcase 1282649b91b482dd547b674f4d52af166a5eab69 Merge pull request #481 from tphoney/release_4.7.0 14709d625b840da1919b5cd8933b73fb771e547b prep work for 4.7.0 a0224412893d39463a4fde82887312b279f83e1b Merge pull request #485 from ghoneycutt/patch-2 f485e6e2eb1d2ffa8c16402249bec96e0886b86b Clarify that third argument to ensure_resource() is a hash 01fe9dc15c83e7855431a7fc1cff84204761ba0a Merge pull request #484 from mhaskel/use_puppet_install_helper 224b644003f99d83e53654af74f4002133545d55 Use puppet_install_helper a2026bf13bad920393e4792a40f08721ef1c0e67 Merge pull request #475 from DavidS/document-puppet4-compat 07c38e518a19892bd6c77314d65e2209ebddc48d Merge pull request #482 from DavidS/document_validate_slength_3rd_arg b2aed66226b4fe33fe24252eab7a6e64a4a03ddd Merge pull request #479 from mklette/master c64ecfb0c39b633675269ab02f323f7eb486dad4 Add validate_slength's optional 3rd arg to README e96a818782c944b4b1af5417d0bcffc08e95aadc catch and rescue from looking up non-existent facts when looking for 'kind' 771320a8305a7e2cad427f52fcca576dc63e4f37 Document puppet 4 compatability in 4.6 Change-Id: If6f5fa5366d83bcbc741beded61201fd7ca56210 Update swift to 4c5f53d0d3723256633e858b838c14b46f43685e 4c5f53d0d3723256633e858b838c14b46f43685e Add a blank line to the beginning of each filter 4e20b735001766365336cab8127423b3df2f090d Merge "Reflect provider change in puppet-openstacklib" 8a09d4c33db17de962b33ba1f4798b9e09f50962 Merge "Add tempurl middleware options" e6e8c9d8368eb98ea374c623e8e07bbf28d610ed Reflect provider change in puppet-openstacklib c91b4c09415306c02e6fb70090ea6605c83c5675 Merge "Rely on autorequire for config resource ordering" 8f334ea1df969f450522d74c531343022e412d4a Merge "acceptance: bump to Liberty release" a72e27f83c81316997e3b208f2246708c9573096 Rely on autorequire for config resource ordering 43bb515ea3893ed5989487aad2f3d9594c91bbc1 Merge "Fix ordering issue related to swift.conf" 29e110e2f171327a0e3041237addc18e58928692 Use openstack/ namespace for fixtures modules cd0e32b2c6cb6e3762ddc3edc8932f778161b482 Fix ordering issue related to swift.conf 48c4134cebe81c45a8d69911d310c85fc0b29cd3 Merge "Add tempauth middleware options" 4dfa6e03205aa8055e2522bc96f0633fc17359b9 acceptance: bump to Liberty release 62ba90a47571653672cdc1f81f3187ac88f8387c Add tempauth middleware options ccccd66b09c3235e36ec3235c6b77e812893f270 Merge "keystone/auth: make service description configurable" 25a96920f662f43c1c28e99e4636bdbecdca788d Add tempurl middleware options 720dd4c30753e33613bfc4758d48c31d6cea77b8 Update Swift README 8d7fa4d5a76defd8d20dfe698b7cedc719292f48 keystone/auth: make service description configurable Change-Id: I8495737eae8c220974e4c8470c6bb3ecbf4ab90d Update tempest to 44dc6707130842a94fc2629d4f5a92e14af25587 44dc6707130842a94fc2629d4f5a92e14af25587 Bad configuration for glance/neutron setters. 2f25cb84e5a35f3b04bf686ad2f13ee8be296459 allow to optionally git clone tempest b8ed4ead2ffcdb2d84ff173ecd3be716a250c23c glance_id_setter: execute after creating Glance image 54c013e6720fb90d1e157434c69522a169f4e249 Merge "Reflect provider change in puppet-openstacklib" 6c1d7f5620709cda02b35cb64648045131009950 Reflect provider change in puppet-openstacklib 5125ce37f43602a5b84fa5d14ff65a301939033a Initial msync run for all Puppet OpenStack modules 0e9c5dbf51c0de0514ecef90f065b5c52fb3cfd7 do not create tempest.conf from .sample file 7507b4bca65d2cd51e3f6bdc3074ff9b477076a3 Merge "Add config parameters to run Keystone v3 tests" 5d69c28185935889481534b29225347433a671ab Add config parameters to run Keystone v3 tests Change-Id: Ic1002a7049c83fcd0393f48960c3f250202bb119 Update tripleo to c529fce3ef2f246909cb821bc2319cc5413960d3 c529fce3ef2f246909cb821bc2319cc5413960d3 Remove httpchk option from haproxy listeners 4ba15f8918ea34a2de49f68ab66229d5c30adaf9 Enable Manila Service 6486099b7934ddba9e5fc8e8ea886fefd9203142 Fix HAProxy config for Nova EC2 API Change-Id: I929d6d1d35feacfbe3c64aa0b7086f8b5d087c7f Update trove to 3da8e3e2fa5c8a5484bd17f7206f287201cd3e1c 3da8e3e2fa5c8a5484bd17f7206f287201cd3e1c Merge "Introduce use_guestagent_template option" 1244fcaf35a8857437418e1065c8bed0fb4beb03 Merge "Reflect provider change in puppet-openstacklib" cdf452769e0da7944c51ca422898911de753a3cc Introduce use_guestagent_template option c8527beace1b2138b6953a518a2f1bb1e328b70c Reflect provider change in puppet-openstacklib f5288e5d0ad8486b2f3ec19ec987041e178666b6 Fix default value of guestagent_config_file option 27313c16bc6fd953b382c31d0b583c09a202d406 Merge "acceptance: enable debug & verbosity for OpenStack logs" de3899f7861e72499b6a110b9477d49fb47da456 Merge "Add api ratelimit options" ca97cff6105433b18db48f406da57096a2057389 acceptance: enable debug & verbosity for OpenStack logs 9c4efb004654fb575a161a866e310a9467be6fe6 Merge "acceptance: bump to Liberty release" 4a34620aa769cffa20a3608e3c02c846c90b063c Merge "Make taskmanager_queue option configurable" 37b81a21509255e5344300283f62cb25e3338526 Make taskmanager_queue option configurable 2b91b85c510065f3bc87fac78592b8019e823d2f Use openstack/ namespace for fixtures modules 3f9c2ce517054e0509733b784ef0d9553c38f447 acceptance: bump to Liberty release b2a76998dff311a60153420d95b1a700741a881e Add api ratelimit options 4ce651ef07dad50dca1563737e7403f7ac7f46f1 Merge "Fix catalog compilation when not configuring endpoint" 39867dcd31cacf6882ede22fb25d9cd62aaf1a40 Fix catalog compilation when not configuring endpoint Change-Id: Ie624aa0b68c391cdb3dc45aff640f0d48fc9d71e Update vcsrepo to a39349a4388cd56aad5cfc8eead2f2a17f545287 a39349a4388cd56aad5cfc8eead2f2a17f545287 Merge pull request #257 from alexmv/master 9a0cca837011c8920f2723ecc04ba6c17c9f033a Merge pull request #266 from puppet-by-examples/example-shallow-clone-with-just-one-commit dc1f92fe2b4e3dd9a54f3e45e1ae052b9f8e921e Example how to create a shallow clone with just one commit 181e448d234e3ef78481e3f05b5a22e942304fa2 Merge pull request #265 from mhaskel/MODULES-1232 ba9d0cf6c1d98ea70270faa5cf4e70997ea75595 MODULES-1232 Make sure HOME is set correctly d196a2a61deee9290826407ab17b994e0747f0af Remove 2.7 from travis matrix ac6e22e56067cb4c7f525b12670068fa19be3cba Merge pull request #264 from hunner/fix_hang 965f657c48c1855422384dfc6cad5d64a82a5ab6 Fix acceptance hang The ssh-keygen is waiting for a 'y' to confirm overwrite, and the test hangs. dd4b638a420c75eb3a3a2badceffc720be231096 Merge pull request #263 from mhaskel/MODULES-2326 f385df10c57a0a09fa316004e6af18acd56df710 MODULES-2326 - Run Regexp.escape on the source URL d7534d7cfe98d62b8f0d9ae8adcc30bea483a1e2 Merge pull request #261 from mhaskel/MODULES-2125 14c05f5d6c589bebc9f93eb117105c14ce7be6f1 MODULES-2125 - Allow revision to be passed without source 5ef1b4740e1aab6672ee3971762c796c898ca639 Merge pull request #260 from mhaskel/MODULES-1800 d68402d1f930d5a30f1ec9224ac3791b6d9d29b9 MODULES-1800 - fix case where ensure => latest and no revision specified 266b20510b9eec7e8e91096f5aa370ae52a136e7 Merge pull request #259 from mhaskel/merge_1.3.x_to_master 56d55ee4426ddcbcf568d5b413ed780812738657 Merge pull request #258 from mhaskel/1.3.1-prep 03ceba70e71e32a4ed56a06c716d91f7db2783f9 1.3.1 prep 2a498ae29cd2d4eeac52fa123bb97e5e2d5b1c90 Explitly unset SSH_AUTH_SOCK; it is preferred to the -i flag 231f711e3f0ccb8601bea55f0e6d562b8674488e Merge pull request #256 from keeleysam/master b3cddcbd57639acbf0c4a7fa671a70f787e010da fix for detached HEAD on git 2.4+ 3a437ea1bc4eafb64621911c34e9821f1e10241b Merge pull request #242 from BillWeiss/bump-ssl-expiry 1be44c3b95b8e01ac583661c5f9465c141cf82da Just bumping the expiration date... Change-Id: I66b2898f6d8edd77b8087d03e804fd57dac0e835 Update vswitch to 49354c402f6a097bf25f8eccec325a76fe57b71e 49354c402f6a097bf25f8eccec325a76fe57b71e Initial msync run for all Puppet OpenStack modules c22bfc509562ad95425382ccd7416e91ea70a779 acceptance: bump to Liberty release Change-Id: I1c219a1bd785784eb125279241ea137ef1b334e0 Update xinetd to 749651ed7d4e8924bb701153f184a13af0a669a3 749651ed7d4e8924bb701153f184a13af0a669a3 Merge pull request #66 from ekohl/style-fixes bde09d867ce525f1e6ac08f7aeb9faa6294938b1 Merge pull request #69 from ghoneycutt/puppetv4 5ccd0f3e2ed63e059e5c3ce765aca9b4ee405a53 Document parameter, nice, ensuring it is an integer with correct bounds 02eb47bc35dd47d268c71dff5992829500f492c5 Add support for Puppet v4 and v3 with the future parser deb722d1ef52fad9b14e34b0d693db4bb938f599 Merge pull request #54 from ghoneycutt/support_newer_versions 5e8b5e7334f2796bd900209757bfd48c3446fa08 Support Puppet v3.8.x 3374f5481655d09725b84aea38896a6c336ab660 Style fixes 970030d64e4bf7b9341e7d637478d1a36a06773e Merge pull request #65 from tphoney/validate_metadata ee786b8d89f775b50a78264dc28e3397747e963e Validate metadata with Travis-ci 9ae87f84d5d67c776d421deb2f1fc47c09013b84 Merge pull request #60 from jearls/port-should-not-be-required-parameter cfe09c95146bf03918c96d51d439224768a4b7a2 Merge pull request #61 from tphoney/temp f32c4cee442ad26b6b56fac78464790244c3620f Pipe through instances variable from xinetd::service 1f42dbf382eeda6b4c57630122f55f17ab928a51 make port an optional parameter to xinetd::service 291ffeaaca8d98ea9908d42d9014f9bd8ee573c4 Support Puppet v3.2.0 with Ruby v1.8.7 fa3662b9c8169d9fb598d84ed6562fbd0ae6d656 Support Ruby v2.1.0 dad2d4c1a3e129a419853a0a68dde1f6c97af82d Support Puppet versions 3.5 - 3.7 0dc46b53ab5b3b8036987e6960135a6e8e4a7327 Drop support for Puppet v2 which is EOL c5965297bb73e8c0ee393d754491373c0f0d3677 Merge pull request #59 from tphoney/pin_highline 6c8e38c2183b357fb66fe8ddbd181cd8aa099d76 pin highline for older ruby a4ab17ac6359ca59d50d668f1fb3045b3316f7ff Merge pull request #52 from ghoneycutt/travis_use_containers da1c89f308a8f3149fa4dcdc41889e12e9fad9dd Merge pull request #58 from jangrewe/master a0d14cb8279a5e33e5b1b7d4b91a4455e414413e add variable $service_status to params.pp for Debian to fix error when using strict_variables 10d859fec5b0f9eaa4d81f56276c6849b36394fe Enable Travis-ci to use containers for much faster testing Change-Id: I3daa35b931505962acb4845aad4e41a8f390eca7 --- Puppetfile | 70 +- apache/.travis.yml | 2 - apache/CHANGELOG.md | 76 +- apache/README.md | 3133 ++++++++++------- apache/README.passenger.md | 63 +- apache/manifests/default_mods.pp | 7 +- apache/manifests/init.pp | 7 +- apache/manifests/mod/alias.pp | 31 +- apache/manifests/mod/auth_mellon.pp | 24 + apache/manifests/mod/cgid.pp | 6 +- apache/manifests/mod/disk_cache.pp | 41 +- apache/manifests/mod/fcgid.pp | 13 +- apache/manifests/mod/passenger.pp | 7 + apache/manifests/mod/security.pp | 1 + apache/manifests/mod/worker.pp | 56 + apache/manifests/params.pp | 29 + apache/manifests/vhost.pp | 23 +- apache/metadata.json | 16 +- apache/spec/acceptance/mod_security_spec.rb | 23 +- apache/spec/classes/mod/auth_mellon_spec.rb | 87 + apache/spec/classes/mod/disk_cache.rb | 111 + apache/spec/classes/mod/fcgid_spec.rb | 27 +- apache/spec/classes/mod/passenger_spec.rb | 12 + apache/spec/classes/mod/worker_spec.rb | 5 +- apache/spec/defines/vhost_spec.rb | 44 +- apache/spec/spec_helper_acceptance.rb | 9 + apache/templates/mod/auth_mellon.conf.erb | 21 + apache/templates/mod/disk_cache.conf.erb | 12 +- apache/templates/mod/passenger.conf.erb | 3 + apache/templates/mod/security.conf.erb | 2 +- .../{fcgid.conf.erb => unixd_fcgid.conf.erb} | 0 apache/templates/mod/userdir.conf.erb | 2 +- apache/templates/mod/worker.conf.erb | 1 + apache/templates/vhost/_directories.erb | 31 + apache/templates/vhost/_filters.erb | 10 + apache/templates/vhost/_proxy.erb | 9 +- apache/tests/vhost_filter.pp | 17 + ceilometer/.fixtures.yml | 6 +- ceilometer/.gitignore | 12 +- ceilometer/Gemfile | 41 +- ceilometer/README.md | 62 +- ceilometer/Rakefile | 23 +- .../provider/ceilometer_config/ini_setting.rb | 14 +- .../lib/puppet/type/ceilometer_config.rb | 9 + ceilometer/manifests/api.pp | 54 +- ceilometer/manifests/init.pp | 24 +- ceilometer/manifests/params.pp | 2 +- ceilometer/manifests/wsgi/apache.pp | 3 +- .../acceptance/ceilometer_with_mysql_spec.rb | 26 +- .../acceptance/ceilometer_wsgi_apache_spec.rb | 133 + .../acceptance/nodesets/centos-70-x64.yml | 11 + .../spec/acceptance/nodesets/default.yml | 7 +- .../acceptance/nodesets/nodepool-centos7.yml | 2 +- .../acceptance/nodesets/nodepool-trusty.yml | 2 +- .../nodesets/ubuntu-server-1404-x64.yml | 11 + .../spec/classes/ceilometer_api_spec.rb | 52 +- .../spec/classes/ceilometer_init_spec.rb | 27 +- .../classes/ceilometer_wsgi_apache_spec.rb | 2 +- ceilometer/spec/spec_helper.rb | 3 + .../ceilometer_config/ini_setting_spec.rb | 30 + .../spec/unit/type/ceilometer_config_spec.rb | 11 + cinder/.fixtures.yml | 4 +- cinder/.gitignore | 12 +- cinder/Gemfile | 40 +- cinder/README.md | 30 + cinder/Rakefile | 21 +- .../provider/cinder_config/ini_setting.rb | 19 +- .../lib/puppet/type/cinder_api_paste_ini.rb | 5 + cinder/lib/puppet/type/cinder_config.rb | 13 +- cinder/manifests/api.pp | 14 +- cinder/manifests/backend/rbd.pp | 1 + cinder/manifests/backend/vmdk.pp | 1 + cinder/manifests/backup.pp | 1 - cinder/manifests/cron/db_purge.pp | 76 + cinder/manifests/db/sync.pp | 10 +- cinder/manifests/init.pp | 16 +- cinder/manifests/params.pp | 2 + cinder/manifests/scheduler.pp | 2 - cinder/manifests/setup_test_volume.pp | 2 + cinder/manifests/volume.pp | 2 - cinder/spec/acceptance/basic_cinder_spec.rb | 30 +- .../acceptance/nodesets/centos-70-x64.yml | 11 + cinder/spec/acceptance/nodesets/default.yml | 7 +- .../acceptance/nodesets/nodepool-centos7.yml | 2 +- .../acceptance/nodesets/nodepool-trusty.yml | 2 +- .../nodesets/ubuntu-server-1404-x64.yml | 11 + cinder/spec/classes/cinder_api_spec.rb | 10 +- cinder/spec/classes/cinder_backup_spec.rb | 1 - .../spec/classes/cinder_cron_db_purge_spec.rb | 33 + cinder/spec/classes/cinder_db_sync_spec.rb | 46 +- cinder/spec/classes/cinder_scheduler_spec.rb | 2 +- cinder/spec/classes/cinder_spec.rb | 13 +- cinder/spec/classes/cinder_volume_rbd_spec.rb | 3 +- .../spec/defines/cinder_backend_vmdk_spec.rb | 1 + cinder/spec/spec_helper.rb | 3 + .../cinder_config/ini_setting_spec.rb | 72 + cinder/spec/unit/type/cinder_config_spec.rb | 19 + firewall/CHANGELOG.md | 33 + firewall/README.markdown | 36 +- .../lib/puppet/provider/firewall/ip6tables.rb | 6 +- .../lib/puppet/provider/firewall/iptables.rb | 42 +- firewall/lib/puppet/type/firewall.rb | 49 +- firewall/lib/puppet/type/firewallchain.rb | 9 + firewall/manifests/linux/redhat.pp | 17 +- firewall/metadata.json | 6 +- firewall/spec/acceptance/class_spec.rb | 12 +- firewall/spec/acceptance/connlimit_spec.rb | 91 +- .../spec/acceptance/firewall_bridging_spec.rb | 60 +- .../spec/acceptance/firewall_dscp_spec.rb | 118 + .../acceptance/firewall_iptmodules_spec.rb | 28 +- firewall/spec/acceptance/firewall_mss_spec.rb | 2 +- firewall/spec/acceptance/firewall_spec.rb | 96 +- .../spec/acceptance/firewall_time_spec.rb | 8 +- firewall/spec/acceptance/firewall_uid_spec.rb | 16 +- .../spec/acceptance/firewallchain_spec.rb | 18 +- firewall/spec/acceptance/invert_spec.rb | 6 +- firewall/spec/acceptance/ip6_fragment_spec.rb | 12 +- firewall/spec/acceptance/isfragment_spec.rb | 10 +- firewall/spec/acceptance/match_mark_spec.rb | 2 +- firewall/spec/acceptance/purge_spec.rb | 193 +- firewall/spec/acceptance/resource_cmd_spec.rb | 30 +- firewall/spec/acceptance/rules_spec.rb | 19 +- firewall/spec/acceptance/socket_spec.rb | 10 +- .../spec/acceptance/standard_usage_spec.rb | 4 +- .../spec/fixtures/iptables/conversion_hash.rb | 19 +- firewall/spec/spec_helper_acceptance.rb | 8 + .../unit/puppet/provider/iptables_spec.rb | 1 - .../spec/unit/puppet/type/firewall_spec.rb | 7 + glance/manifests/api.pp | 6 + glance/manifests/keystone/auth.pp | 1 + glance/manifests/registry.pp | 16 +- glance/spec/classes/glance_api_spec.rb | 2 + glance/spec/classes/glance_registry_spec.rb | 7 + gluster/.travis.yml | 1 - gluster/COPYRIGHT | 1 - gluster/DOCUMENTATION.md | 1 - gluster/Gemfile | 1 - gluster/INSTALL | 1 - gluster/Makefile | 3 +- gluster/README | 1 - gluster/README.md | 1 - gluster/Rakefile | 1 - gluster/builder/README | 1 - gluster/data/versions/3.7/3.7.2.yaml | 4 + ...ilesystem-backed-bricks-arbiter-example.pp | 86 + .../filesystem-backed-bricks-example.pp | 1 - gluster/examples/gluster-nfs-ipa-example.pp | 1 - gluster/examples/gluster-simple-example.pp | 1 - .../gluster-simple-physical-example-best.pp | 1 - .../gluster-simple-physical-example.pp | 1 - gluster/examples/mount-example.pp | 1 - gluster/examples/wrapper-example.pp | 1 - gluster/lib/facter/gluster_fsm.rb | 1 - gluster/lib/facter/gluster_fsuuid.rb | 6 +- gluster/lib/facter/gluster_uuid.rb | 6 +- gluster/lib/facter/gluster_vrrp.rb | 2 +- gluster/manifests/mount.pp | 4 + gluster/manifests/volume.pp | 9 +- gluster/metadata.json | 1 - gluster/spec/spec_helper.rb | 1 - gluster/vagrant/README | 1 - gluster/vagrant/Vagrantfile | 1 - gluster/vagrant/puppet/files/README | 1 - gluster/vagrant/puppet/manifests/site.pp | 1 - gluster/vagrant/puppet/modules/Makefile | 1 - gluster/vagrant/puppet/modules/README | 1 - gnocchi/.fixtures.yml | 4 +- gnocchi/.gitignore | 13 +- gnocchi/Gemfile | 41 +- gnocchi/README.md | 30 + gnocchi/Rakefile | 22 +- .../provider/gnocchi_config/ini_setting.rb | 19 +- gnocchi/lib/puppet/type/gnocchi_config.rb | 11 + gnocchi/manifests/api.pp | 1 - gnocchi/manifests/generic_service.pp | 2 + gnocchi/manifests/keystone/auth.pp | 6 +- .../acceptance/nodesets/centos-70-x64.yml | 11 + gnocchi/spec/acceptance/nodesets/default.yml | 11 +- .../acceptance/nodesets/nodepool-centos7.yml | 2 +- .../acceptance/nodesets/nodepool-trusty.yml | 2 +- .../nodesets/ubuntu-server-1404-x64.yml | 12 +- gnocchi/spec/shared_examples.rb | 12 +- gnocchi/spec/spec_helper.rb | 3 + .../gnocchi_config/ini_setting_spec.rb | 29 + gnocchi/spec/unit/type/gnocchi_config_spec.rb | 11 + haproxy/README.md | 10 +- haproxy/manifests/frontend.pp | 4 +- haproxy/manifests/init.pp | 5 + haproxy/manifests/service.pp | 2 +- heat/.fixtures.yml | 6 +- heat/.gitignore | 11 +- heat/Gemfile | 41 +- heat/README.md | 64 +- heat/Rakefile | 21 +- .../provider/heat_config/ini_setting.rb | 16 +- .../provider/heat_domain_id_setter/ruby.rb | 189 - heat/lib/puppet/type/heat_config.rb | 10 +- heat/lib/puppet/type/heat_domain_id_setter.rb | 31 - heat/manifests/api.pp | 1 - heat/manifests/api_cfn.pp | 1 - heat/manifests/api_cloudwatch.pp | 1 - heat/manifests/db/sync.pp | 22 + heat/manifests/engine.pp | 3 - heat/manifests/init.pp | 20 +- heat/manifests/keystone/auth.pp | 7 +- heat/manifests/keystone/domain.pp | 100 +- heat/spec/acceptance/basic_heat_spec.rb | 10 +- .../acceptance/nodesets/centos-70-x64.yml | 11 + heat/spec/acceptance/nodesets/default.yml | 7 +- .../acceptance/nodesets/nodepool-centos7.yml | 2 +- .../acceptance/nodesets/nodepool-trusty.yml | 2 +- .../nodesets/ubuntu-server-1404-x64.yml | 11 + heat/spec/classes/heat_db_sync_spec.rb | 44 + heat/spec/classes/heat_engine_spec.rb | 18 - heat/spec/classes/heat_init_spec.rb | 9 +- .../spec/classes/heat_keystone_domain_spec.rb | 51 +- heat/spec/spec_helper.rb | 3 +- .../provider/heat_config/ini_setting_spec.rb | 71 + .../heat_domain_id_setter/heat_spec.rb | 177 - heat/spec/unit/type/heat_config_spec.rb | 20 + horizon/.gitignore | 11 +- horizon/.sync.yml | 3 + horizon/Gemfile | 42 +- horizon/Rakefile | 22 +- horizon/manifests/init.pp | 19 +- horizon/manifests/wsgi/apache.pp | 17 +- .../acceptance/horizon_with_apache_spec.rb | 22 +- .../acceptance/nodesets/centos-70-x64.yml | 11 + horizon/spec/acceptance/nodesets/default.yml | 7 +- .../acceptance/nodesets/nodepool-centos7.yml | 2 +- .../acceptance/nodesets/nodepool-trusty.yml | 2 +- .../nodesets/ubuntu-server-1404-x64.yml | 11 + horizon/spec/classes/horizon_init_spec.rb | 21 +- .../spec/classes/horizon_wsgi_apache_spec.rb | 5 +- horizon/spec/spec_helper.rb | 3 + horizon/templates/local_settings.py.erb | 10 + inifile/CHANGELOG.md | 25 + inifile/README.markdown | 194 +- inifile/{tests => examples}/ini_setting.pp | 0 inifile/{tests => examples}/ini_subsetting.pp | 0 .../parser/functions/create_ini_settings.rb | 12 +- .../puppet/provider/ini_subsetting/ruby.rb | 8 +- inifile/lib/puppet/type/ini_setting.rb | 6 + inifile/lib/puppet/type/ini_subsetting.rb | 6 + inifile/lib/puppet/util/ini_file.rb | 2 +- inifile/lib/puppet/util/setting_value.rb | 158 +- inifile/metadata.json | 9 +- inifile/spec/acceptance/ini_setting_spec.rb | 2 + .../classes/create_ini_settings_test_spec.rb | 6 +- .../functions/create_ini_settings_spec.rb | 15 +- .../puppet/provider/ini_setting/ruby_spec.rb | 43 + .../provider/ini_subsetting/ruby_spec.rb | 46 + ironic/.fixtures.yml | 5 +- ironic/.gitignore | 13 +- ironic/Gemfile | 40 +- ironic/README.md | 82 +- ironic/Rakefile | 22 +- ironic/examples/ironic.pp | 38 + .../provider/ironic_config/ini_setting.rb | 19 +- ironic/lib/puppet/type/ironic_config.rb | 13 +- ironic/manifests/api.pp | 6 +- ironic/manifests/bifrost.pp | 216 ++ ironic/manifests/conductor.pp | 4 +- ironic/manifests/db/mysql.pp | 2 + ironic/manifests/db/sync.pp | 26 + ironic/manifests/init.pp | 25 +- ironic/metadata.json | 3 +- ironic/spec/acceptance/basic_ironic_spec.rb | 3 + .../acceptance/nodesets/centos-70-x64.yml | 11 + ironic/spec/acceptance/nodesets/default.yml | 7 +- .../acceptance/nodesets/nodepool-centos7.yml | 2 +- .../acceptance/nodesets/nodepool-trusty.yml | 2 +- .../nodesets/ubuntu-server-1404-x64.yml | 11 + ironic/spec/classes/ironic_api_spec.rb | 8 +- ironic/spec/classes/ironic_bifrost_spec.rb | 91 + ironic/spec/classes/ironic_conductor_spec.rb | 8 +- ironic/spec/classes/ironic_db_sync_spec.rb | 44 + ironic/spec/classes/ironic_init_spec.rb | 2 +- ironic/spec/spec_helper.rb | 3 + .../ironic_config/ini_setting_spec.rb | 71 + ironic/spec/unit/type/ironic_config_spec.rb | 19 + ironic/templates/baremetal.json.erb | 3 + ironic/templates/bifrost_global_vars.erb | 44 + keystone/.fixtures.yml | 2 +- keystone/.gitignore | 11 +- keystone/.sync.yml | 3 + keystone/Gemfile | 41 +- keystone/README.md | 30 + keystone/Rakefile | 22 +- keystone/lib/puppet/provider/keystone.rb | 200 +- .../provider/keystone_config/ini_setting.rb | 19 +- .../provider/keystone_user/openstack.rb | 23 +- keystone/lib/puppet/type/keystone_config.rb | 9 + .../lib/puppet/type/keystone_paste_ini.rb | 4 + keystone/lib/puppet/type/keystone_tenant.rb | 4 +- keystone/lib/puppet/type/keystone_user.rb | 8 +- keystone/manifests/client.pp | 8 + keystone/manifests/cron/token_flush.pp | 21 +- keystone/manifests/init.pp | 23 +- .../manifests/resource/service_identity.pp | 33 +- keystone/manifests/roles/admin.pp | 35 +- keystone/manifests/wsgi/apache.pp | 53 +- .../spec/acceptance/basic_keystone_spec.rb | 34 +- .../acceptance/keystone_wsgi_apache_spec.rb | 27 +- .../acceptance/nodesets/centos-70-x64.yml | 11 + keystone/spec/acceptance/nodesets/default.yml | 7 +- .../acceptance/nodesets/nodepool-centos7.yml | 2 +- .../acceptance/nodesets/nodepool-trusty.yml | 2 +- .../nodesets/ubuntu-server-1404-x64.yml | 11 + keystone/spec/classes/keystone_client_spec.rb | 4 + .../classes/keystone_cron_token_flush_spec.rb | 67 +- .../spec/classes/keystone_roles_admin_spec.rb | 11 + keystone/spec/classes/keystone_spec.rb | 43 +- .../spec/classes/keystone_wsgi_apache_spec.rb | 38 +- ...keystone_resource_service_identity_spec.rb | 15 +- keystone/spec/spec_helper.rb | 3 + .../keystone_config/ini_setting_spec.rb | 57 + keystone/spec/unit/provider/keystone_spec.rb | 136 +- .../provider/keystone_user/openstack_spec.rb | 30 +- .../spec/unit/type/keystone_config_spec.rb | 19 + .../spec/unit/type/keystone_paste_ini_spec.rb | 11 + manila/.fixtures.yml | 6 +- manila/Gemfile | 2 +- manila/README.md | 30 + .../manila_api_paste_ini/ini_setting.rb | 19 +- .../provider/manila_config/ini_setting.rb | 19 +- .../lib/puppet/type/manila_api_paste_ini.rb | 10 + manila/lib/puppet/type/manila_config.rb | 13 +- manila/manifests/api.pp | 5 +- manila/manifests/init.pp | 98 +- manila/manifests/keystone/auth.pp | 6 +- manila/manifests/scheduler.pp | 4 +- manila/manifests/share.pp | 4 +- manila/spec/acceptance/basic_manila_spec.rb | 22 +- manila/spec/acceptance/manila_config_spec.rb | 55 + manila/spec/classes/manila_api_spec.rb | 3 +- manila/spec/classes/manila_scheduler_spec.rb | 9 +- manila/spec/classes/manila_share_spec.rb | 6 +- manila/spec/classes/manila_spec.rb | 72 + .../manila_config/ini_setting_spec.rb | 72 + manila/spec/unit/type/manila_config_spec.rb | 19 + module-collectd/.travis.yml | 25 +- module-collectd/CHANGELOG.md | 36 + module-collectd/Gemfile | 54 +- module-collectd/Gemfile.lock | 181 +- module-collectd/README.md | 173 +- module-collectd/Rakefile | 53 +- .../collectd_convert_processmatch.rb | 32 + .../manifests/plugin/aggregation.pp | 16 + .../plugin/aggregation/aggregator.pp | 34 + module-collectd/manifests/plugin/ceph.pp | 35 + module-collectd/manifests/plugin/chain.pp | 20 + module-collectd/manifests/plugin/curl_json.pp | 4 +- module-collectd/manifests/plugin/disk.pp | 1 + module-collectd/manifests/plugin/exec.pp | 59 +- module-collectd/manifests/plugin/exec/cmd.pp | 29 + module-collectd/manifests/plugin/iptables.pp | 3 +- module-collectd/manifests/plugin/logfile.pp | 13 +- module-collectd/manifests/plugin/memory.pp | 13 +- module-collectd/manifests/plugin/netlink.pp | 27 + module-collectd/manifests/plugin/openvpn.pp | 10 +- module-collectd/manifests/plugin/processes.pp | 41 +- .../manifests/plugin/processes/process.pp | 16 + .../plugin/processes/processmatch.pp | 17 + module-collectd/manifests/plugin/snmp/data.pp | 3 + module-collectd/manifests/plugin/swap.pp | 14 +- module-collectd/manifests/plugin/syslog.pp | 2 +- module-collectd/manifests/plugin/tcpconns.pp | 15 +- .../manifests/plugin/write_graphite.pp | 49 +- .../manifests/plugin/write_graphite/carbon.pp | 30 + module-collectd/metadata.json | 14 +- .../spec/classes/collectd_plugin_ceph_spec.rb | 56 + .../spec/classes/collectd_plugin_disk_spec.rb | 36 +- .../spec/classes/collectd_plugin_exec_spec.rb | 78 + .../classes/collectd_plugin_iptables_spec.rb | 20 + .../classes/collectd_plugin_logfile_spec.rb | 87 + .../classes/collectd_plugin_memory_spec.rb | 70 + .../classes/collectd_plugin_netlink_spec.rb | 64 + .../classes/collectd_plugin_openvpn_spec.rb | 171 + .../classes/collectd_plugin_processes_spec.rb | 67 +- .../spec/classes/collectd_plugin_swap_spec.rb | 16 + .../classes/collectd_plugin_tcpconns_spec.rb | 35 + .../collectd_plugin_write_graphite_spec.rb | 113 +- .../defines/collectd_plugin_exec_cmd_spec.rb | 49 + .../collectd_plugin_write_graphite_spec.rb | 80 + module-collectd/spec/spec_helper.rb | 1 - .../spec/unit/collectd_version_spec.rb | 5 +- module-collectd/templates/exec.conf.erb | 11 - .../plugin/aggregation-aggregator.conf.erb | 55 + .../templates/plugin/ceph.conf.erb | 11 + .../templates/plugin/chain.conf.erb | 23 + module-collectd/templates/plugin/cpu.conf.erb | 4 +- .../templates/plugin/disk.conf.erb | 3 + .../templates/plugin/exec/cmd.conf.erb | 6 + .../templates/plugin/iptables.conf.erb | 4 +- .../templates/plugin/logfile.conf.erb | 3 + .../templates/plugin/memory.conf.erb | 6 + .../templates/plugin/netlink.conf.erb | 18 + .../templates/plugin/openvpn.conf.erb | 4 +- .../templates/plugin/processes.conf.erb | 22 - .../templates/plugin/python/module.conf.erb | 6 +- .../templates/plugin/snmp.conf.erb | 13 +- .../templates/plugin/snmp/data.conf.erb | 9 + .../templates/plugin/swap.conf.erb | 4 + .../templates/plugin/tcpconns.conf.erb | 3 + .../templates/plugin/write_graphite.conf.erb | 18 - .../plugin/write_graphite/carbon.conf.erb | 24 + module-collectd/tests/plugins/ceph.pp | 7 + module-collectd/tests/plugins/netlink.pp | 10 + .../lib/hiera/backend/module_data_backend.rb | 4 +- mongodb/README.md | 21 +- mongodb/lib/puppet/provider/mongodb.rb | 18 +- .../puppet/provider/mongodb_replset/mongo.rb | 1 + mongodb/manifests/client.pp | 4 +- mongodb/manifests/globals.pp | 4 + mongodb/manifests/params.pp | 19 +- mongodb/manifests/server.pp | 1 + mongodb/manifests/server/config.pp | 13 +- mongodb/spec/classes/server_config_spec.rb | 8 + mongodb/templates/mongodb.conf.2.6.erb | 5 +- mysql/.gitignore | 1 + mysql/.travis.yml | 5 +- mysql/CHANGELOG.md | 29 +- mysql/CONTRIBUTING.md | 6 +- mysql/Gemfile | 7 +- mysql/README.md | 242 +- mysql/lib/facter/mysql_server_id.rb | 2 +- mysql/lib/puppet/type/mysql_database.rb | 1 + mysql/lib/puppet/type/mysql_grant.rb | 9 +- mysql/lib/puppet/type/mysql_user.rb | 10 +- mysql/manifests/backup/mysqlbackup.pp | 1 + mysql/manifests/backup/mysqldump.pp | 1 + mysql/manifests/backup/xtrabackup.pp | 14 +- mysql/manifests/db.pp | 8 +- mysql/manifests/params.pp | 27 + mysql/manifests/server.pp | 1 + mysql/manifests/server/backup.pp | 6 + mysql/manifests/server/config.pp | 7 +- mysql/manifests/server/mysqltuner.pp | 29 +- mysql/manifests/server/root_password.pp | 21 + mysql/manifests/server/service.pp | 11 +- mysql/metadata.json | 17 +- mysql/spec/classes/mycnf_template_spec.rb | 3 +- .../spec/classes/mysql_server_backup_spec.rb | 48 + mysql/spec/classes/mysql_server_spec.rb | 26 +- mysql/spec/spec_helper.rb | 3 - mysql/spec/spec_helper_acceptance.rb | 21 +- .../puppet/provider/mysql_user/mysql_spec.rb | 1 + .../spec/unit/puppet/type/mysql_user_spec.rb | 22 +- mysql/templates/xtrabackup.sh.erb | 21 + n1k_vsm/manifests/deploy.pp | 67 +- n1k_vsm/manifests/init.pp | 29 +- n1k_vsm/manifests/pkgprep_ovscfg.pp | 86 +- n1k_vsm/manifests/vsmprep.pp | 21 +- n1k_vsm/templates/vsm_vm.xml.erb | 9 + n1k_vsm/templates/vsm_vm_secondary.xml.erb | 92 + neutron/.fixtures.yml | 8 +- neutron/Gemfile | 4 +- neutron/Rakefile | 2 +- neutron/examples/cisco_ml2.pp | 64 + .../provider/neutron_agent_ovs/ini_setting.rb | 2 +- .../provider/neutron_network/neutron.rb | 2 +- .../neutron_plugin_ovs/ini_setting.rb | 22 - neutron/lib/puppet/type/neutron_plugin_ovs.rb | 18 - neutron/manifests/agents/dhcp.pp | 11 +- neutron/manifests/agents/l3.pp | 3 +- neutron/manifests/agents/lbaas.pp | 3 +- neutron/manifests/agents/metadata.pp | 3 +- neutron/manifests/agents/metering.pp | 3 +- neutron/manifests/agents/ml2/linuxbridge.pp | 7 +- neutron/manifests/agents/ml2/ovs.pp | 11 +- neutron/manifests/agents/ml2/sriov.pp | 3 +- neutron/manifests/agents/n1kv_vem.pp | 2 +- neutron/manifests/agents/vpnaas.pp | 5 +- neutron/manifests/config.pp | 38 +- neutron/manifests/db/mysql.pp | 5 +- neutron/manifests/init.pp | 26 +- neutron/manifests/keystone/auth.pp | 7 +- neutron/manifests/params.pp | 13 +- neutron/manifests/plugins/cisco.pp | 36 + neutron/manifests/plugins/ml2.pp | 29 + neutron/manifests/plugins/ml2/cisco.pp | 31 + neutron/manifests/plugins/ml2/cisco/nexus.pp | 134 +- .../manifests/plugins/ml2/cisco/nexus1000v.pp | 11 +- .../plugins/ml2/cisco/nexus_creds.pp | 111 +- .../plugins/ml2/cisco/type_nexus_vxlan.pp | 35 + neutron/manifests/plugins/ml2/cisco/ucsm.pp | 48 + neutron/manifests/plugins/ml2/mech_driver.pp | 14 +- neutron/manifests/plugins/ml2/type_driver.pp | 26 +- neutron/manifests/plugins/nvp.pp | 4 + neutron/manifests/plugins/opencontrail.pp | 4 + neutron/manifests/plugins/plumgrid.pp | 17 +- neutron/manifests/server.pp | 7 +- neutron/spec/acceptance/basic_neutron_spec.rb | 40 +- .../acceptance/nodesets/centos-70-x64.yml | 11 + neutron/spec/acceptance/nodesets/default.yml | 7 +- .../acceptance/nodesets/nodepool-centos7.yml | 2 +- .../acceptance/nodesets/nodepool-trusty.yml | 2 +- .../nodesets/ubuntu-server-1404-x64.yml | 11 + .../spec/classes/neutron_agents_dhcp_spec.rb | 9 +- .../spec/classes/neutron_agents_l3_spec.rb | 5 +- .../spec/classes/neutron_agents_lbaas_spec.rb | 5 +- .../classes/neutron_agents_metadata_spec.rb | 7 +- .../classes/neutron_agents_metering_spec.rb | 5 +- .../neutron_agents_ml2_linuxbridge_spec.rb | 5 +- .../classes/neutron_agents_ml2_ovs_spec.rb | 28 +- .../classes/neutron_agents_ml2_sriov_spec.rb | 7 +- .../classes/neutron_agents_vpnaas_spec.rb | 5 +- neutron/spec/classes/neutron_init_spec.rb | 17 +- .../classes/neutron_plugins_cisco_ml2_spec.rb | 117 - .../neutron_plugins_ml2_cisco_nexus_spec.rb | 105 + .../classes/neutron_plugins_ml2_cisco_spec.rb | 55 + ...plugins_ml2_cisco_type_nexus_vxlan_spec.rb | 58 + .../neutron_plugins_ml2_cisco_ucsm_spec.rb | 64 + .../spec/classes/neutron_plugins_ml2_spec.rb | 26 +- neutron/spec/classes/neutron_server_spec.rb | 5 +- .../neutron_agent_ovs/ini_setting_spec.rb | 4 +- .../provider/neutron_network/neutron_spec.rb | 28 +- ....ini.erb => ml2_mech_cisco_nexus_conf.erb} | 44 +- nova/.fixtures.yml | 6 +- nova/.gitignore | 13 +- nova/Gemfile | 41 +- nova/README.md | 6 +- nova/Rakefile | 22 +- .../provider/nova_network/nova_manage.rb | 1 + nova/lib/puppet/type/nova_config.rb | 5 + nova/lib/puppet/type/nova_network.rb | 5 + nova/lib/puppet/type/nova_paste_api_ini.rb | 4 + nova/manifests/api.pp | 11 +- nova/manifests/cron/archive_deleted_rows.pp | 21 +- nova/manifests/db/sync.pp | 22 + nova/manifests/init.pp | 22 +- nova/manifests/manage/network.pp | 12 + nova/manifests/network.pp | 13 +- nova/manifests/scheduler/filter.pp | 68 +- nova/spec/acceptance/basic_nova_spec.rb | 25 +- .../acceptance/nodesets/centos-70-x64.yml | 11 + nova/spec/acceptance/nodesets/default.yml | 11 +- .../acceptance/nodesets/nodepool-centos7.yml | 2 +- .../acceptance/nodesets/nodepool-trusty.yml | 2 +- .../nodesets/ubuntu-server-1404-x64.yml | 12 +- .../nova_cron_archive_deleted_rows_spec.rb | 23 +- nova/spec/classes/nova_db_sync_spec.rb | 42 + nova/spec/classes/nova_init_spec.rb | 5 +- nova/spec/classes/nova_network_spec.rb | 20 + .../classes/nova_scheduler_filter_spec.rb | 13 +- nova/spec/spec_helper.rb | 1 + nova/spec/unit/type/nova_config_spec.rb | 12 + ntp/CHANGELOG.md | 13 + ntp/README.markdown | 32 +- .../puppet/parser/functions/ntp_dirname.rb | 2 + ntp/manifests/config.pp | 26 +- ntp/manifests/init.pp | 14 + ntp/manifests/params.pp | 164 +- ntp/metadata.json | 25 +- .../acceptance/nodesets/fedora-21-x64.yml | 9 + ntp/spec/acceptance/ntp_config_spec.rb | 9 +- ntp/spec/acceptance/ntp_install_spec.rb | 2 +- ntp/spec/acceptance/ntp_parameters_spec.rb | 2 +- ntp/spec/classes/ntp_spec.rb | 68 +- ntp/spec/spec_helper.rb | 18 - ntp/spec/spec_helper_acceptance.rb | 31 +- ntp/templates/ntp.conf.erb | 8 + openstack_extras/.gitignore | 11 +- openstack_extras/Gemfile | 32 +- openstack_extras/Rakefile | 24 +- .../manifests/pacemaker/service.pp | 10 +- .../manifests/repo/redhat/params.pp | 10 +- .../acceptance/nodesets/centos-70-x64.yml | 11 + .../spec/acceptance/nodesets/default.yml | 10 + .../acceptance/nodesets/nodepool-centos7.yml | 10 + .../acceptance/nodesets/nodepool-trusty.yml | 10 + .../nodesets/ubuntu-server-1404-x64.yml | 11 + .../openstack_extras_auth_file_spec.rb | 24 + .../acceptance/openstack_extras_repo_spec.rb | 37 + openstack_extras/spec/shared_examples.rb | 5 + openstack_extras/spec/spec_helper.rb | 9 + .../spec/spec_helper_acceptance.rb | 56 + openstacklib/.gitignore | 12 +- openstacklib/Gemfile | 42 +- openstacklib/README.md | 4 +- openstacklib/Rakefile | 22 +- .../provider/openstack_config/ini_setting.rb | 19 +- .../lib/puppet_x/openstack/util/ini_file.rb | 12 - .../acceptance/nodesets/centos-70-x64.yml | 11 + .../spec/acceptance/nodesets/default.yml | 7 +- .../acceptance/nodesets/nodepool-centos7.yml | 2 +- .../acceptance/nodesets/nodepool-trusty.yml | 2 +- .../nodesets/ubuntu-server-1404-x64.yml | 11 + .../openstacklib_config_provider_spec.rb | 57 + openstacklib/spec/spec_helper.rb | 3 + .../openstack_config/ini_setting_spec.rb | 69 + .../provider/pcmk_resource_default/pcs.rb | 54 + .../lib/puppet/type/pcmk_resource_default.rb | 16 + pacemaker/manifests/resource_defaults.pp | 12 + redis/.travis.yml | 2 +- redis/Rakefile | 1 - redis/manifests/config.pp | 42 + redis/manifests/init.pp | 19 +- redis/manifests/install.pp | 2 +- redis/manifests/params.pp | 2 + redis/manifests/preinstall.pp | 36 +- redis/manifests/sentinel.pp | 3 +- redis/metadata.json | 10 +- redis/spec/classes/redis_spec.rb | 41 + redis/spec/spec_helper.rb | 9 +- redis/templates/redis-sentinel.conf.erb | 2 +- redis/templates/redis.conf.erb | 99 +- sahara/.fixtures.yml | 4 +- sahara/.gitignore | 12 +- sahara/Gemfile | 43 +- sahara/README.md | 36 +- sahara/Rakefile | 25 +- sahara/examples/basic.pp | 20 +- .../provider/sahara_config/ini_setting.rb | 16 +- sahara/lib/puppet/type/sahara_config.rb | 7 + sahara/manifests/db/sync.pp | 22 + sahara/manifests/init.pp | 535 ++- sahara/manifests/notify.pp | 46 + sahara/manifests/notify/qpid.pp | 91 +- sahara/manifests/notify/rabbitmq.pp | 29 +- sahara/manifests/notify/zeromq.pp | 72 +- sahara/spec/acceptance/basic_sahara_spec.rb | 34 +- .../acceptance/nodesets/centos-70-x64.yml | 11 + sahara/spec/acceptance/nodesets/default.yml | 7 +- .../acceptance/nodesets/nodepool-centos7.yml | 2 +- .../acceptance/nodesets/nodepool-trusty.yml | 2 +- .../nodesets/ubuntu-server-1404-x64.yml | 11 + sahara/spec/classes/sahara_db_sync_spec.rb | 44 + sahara/spec/classes/sahara_init_spec.rb | 329 +- .../spec/classes/sahara_notify_qpid_spec.rb | 34 +- .../classes/sahara_notify_rabbitmq_spec.rb | 13 +- sahara/spec/classes/sahara_notify_spec.rb | 35 + sahara/spec/shared_examples.rb | 4 +- sahara/spec/spec_helper.rb | 2 + .../sahara_config/ini_setting_spec.rb | 30 + stdlib/CHANGELOG.md | 56 + stdlib/Gemfile | 5 +- stdlib/README.markdown | 107 +- stdlib/{tests => examples}/file_line.pp | 4 +- .../{tests => examples}/has_interface_with.pp | 3 +- stdlib/{tests => examples}/has_ip_address.pp | 2 +- stdlib/{tests => examples}/has_ip_network.pp | 3 +- stdlib/examples/init.pp | 1 + stdlib/lib/facter/root_home.rb | 13 + .../puppet/parser/functions/convert_base.rb | 35 + .../lib/puppet/parser/functions/dos2unix.rb | 15 + .../parser/functions/has_interface_with.rb | 7 +- .../parser/functions/load_module_metadata.rb | 16 + stdlib/lib/puppet/parser/functions/size.rb | 8 +- .../puppet/parser/functions/try_get_value.rb | 77 + stdlib/lib/puppet/parser/functions/union.rb | 17 +- .../lib/puppet/parser/functions/unix2dos.rb | 15 + stdlib/lib/puppet/parser/functions/upcase.rb | 2 +- .../parser/functions/validate_integer.rb | 2 +- .../parser/functions/validate_slength.rb | 6 +- stdlib/lib/puppet/provider/file_line/ruby.rb | 57 +- stdlib/lib/puppet/type/file_line.rb | 28 + stdlib/manifests/init.pp | 2 +- stdlib/metadata.json | 4 +- .../spec/acceptance/ensure_packages_spec.rb | 22 - .../spec/acceptance/ensure_resource_spec.rb | 2 +- .../spec/acceptance/fqdn_rand_string_spec.rb | 111 +- stdlib/spec/acceptance/fqdn_rotate_spec.rb | 107 +- stdlib/spec/acceptance/pw_hash_spec.rb | 2 +- stdlib/spec/acceptance/try_get_value_spec.rb | 47 + stdlib/spec/acceptance/union_spec.rb | 5 +- stdlib/spec/fixtures/lsuser/root | 2 + stdlib/spec/functions/base64_spec.rb | 1 + stdlib/spec/functions/convert_base_spec.rb | 24 + stdlib/spec/functions/dos2unix_spec.rb | 40 + stdlib/spec/functions/load_module_metadata.rb | 16 + stdlib/spec/functions/size_spec.rb | 9 +- stdlib/spec/functions/try_get_value_spec.rb | 100 + stdlib/spec/functions/union_spec.rb | 9 +- stdlib/spec/functions/unix2dos_spec.rb | 40 + .../spec/functions/validate_slength_spec.rb | 2 +- stdlib/spec/spec_helper_acceptance.rb | 54 +- stdlib/spec/unit/facter/root_home_spec.rb | 13 + .../puppet/provider/file_line/ruby_spec.rb | 147 + .../spec/unit/puppet/type/file_line_spec.rb | 3 + stdlib/tests/init.pp | 1 - swift/.fixtures.yml | 4 +- swift/README.md | 59 +- .../swift_account_config/ini_setting.rb | 19 +- .../swift_bench_config/ini_setting.rb | 19 +- .../provider/swift_config/ini_setting.rb | 19 +- .../swift_container_config/ini_setting.rb | 19 +- .../swift_dispersion_config/ini_setting.rb | 19 +- .../swift_object_config/ini_setting.rb | 19 +- .../swift_proxy_config/ini_setting.rb | 19 +- swift/lib/puppet/type/swift_account_config.rb | 13 + swift/lib/puppet/type/swift_bench_config.rb | 13 + swift/lib/puppet/type/swift_config.rb | 12 +- .../lib/puppet/type/swift_container_config.rb | 13 + .../puppet/type/swift_dispersion_config.rb | 13 + swift/lib/puppet/type/swift_object_config.rb | 13 + swift/lib/puppet/type/swift_proxy_config.rb | 13 + swift/manifests/bench.pp | 2 - swift/manifests/dispersion.pp | 1 - swift/manifests/keystone/auth.pp | 14 +- swift/manifests/proxy/tempauth.pp | 103 +- swift/manifests/proxy/tempurl.pp | 83 +- swift/spec/acceptance/basic_swift_spec.rb | 22 +- swift/spec/acceptance/swift_config_spec.rb | 187 + swift/spec/classes/swift_bench_spec.rb | 4 - swift/spec/classes/swift_dispersion_spec.rb | 4 - .../spec/classes/swift_proxy_tempauth_spec.rb | 103 + .../spec/classes/swift_proxy_tempurl_spec.rb | 43 + .../swift_account_config/ini_setting_spec.rb | 72 + .../swift_bench_config/ini_setting_spec.rb | 71 + .../provider/swift_config/ini_setting_spec.rb | 72 + .../ini_setting_spec.rb | 72 + .../ini_setting_spec.rb | 71 + .../swift_object_config/ini_setting_spec.rb | 71 + .../swift_proxy_config/ini_setting_spec.rb | 72 + .../unit/type/swift_account_config_spec.rb | 19 + .../spec/unit/type/swift_bench_config_spec.rb | 19 + swift/spec/unit/type/swift_config_spec.rb | 19 + .../unit/type/swift_container_config_spec.rb | 19 + .../unit/type/swift_dispersion_config_spec.rb | 19 + .../unit/type/swift_object_config_spec.rb | 19 + .../spec/unit/type/swift_proxy_config_spec.rb | 19 + swift/templates/account-server.conf.erb | 2 - swift/templates/proxy/account_quotas.conf.erb | 1 - swift/templates/proxy/authtoken.conf.erb | 1 + swift/templates/proxy/bulk.conf.erb | 1 - swift/templates/proxy/cache.conf.erb | 1 + swift/templates/proxy/catch_errors.conf.erb | 2 +- swift/templates/proxy/ceilometer.conf.erb | 2 +- .../templates/proxy/container_quotas.conf.erb | 1 - swift/templates/proxy/crossdomain.conf.erb | 2 +- swift/templates/proxy/formpost.conf.erb | 1 - swift/templates/proxy/gatekeeper.conf.erb | 1 + swift/templates/proxy/healthcheck.conf.erb | 1 - swift/templates/proxy/proxy-logging.conf.erb | 2 +- swift/templates/proxy/ratelimit.conf.erb | 2 +- swift/templates/proxy/s3token.conf.erb | 1 + swift/templates/proxy/slo.conf.erb | 1 + swift/templates/proxy/staticweb.conf.erb | 1 - swift/templates/proxy/swauth.conf.erb | 1 - swift/templates/proxy/swift3.conf.erb | 2 +- swift/templates/proxy/tempauth.conf.erb | 20 +- swift/templates/proxy/tempurl.conf.erb | 16 +- swift/templates/recon.conf.erb | 1 + swift/tests/all.pp | 31 +- tempest/.fixtures.yml | 2 + tempest/.gitignore | 15 +- tempest/Gemfile | 40 +- tempest/Rakefile | 26 +- .../provider/tempest_config/ini_setting.rb | 14 +- .../provider/tempest_glance_id_setter/ruby.rb | 27 +- .../tempest_neutron_net_id_setter/ruby.rb | 27 +- tempest/lib/puppet/type/tempest_config.rb | 6 + tempest/manifests/init.pp | 157 +- .../acceptance/nodesets/centos-70-x64.yml | 11 + tempest/spec/acceptance/nodesets/default.yml | 7 +- .../acceptance/nodesets/nodepool-centos7.yml | 2 +- .../acceptance/nodesets/nodepool-trusty.yml | 2 +- .../nodesets/ubuntu-server-1404-x64.yml | 11 + tempest/spec/classes/tempest_spec.rb | 20 +- tempest/spec/spec_helper.rb | 2 + .../tempest_config/ini_setting_spec.rb | 30 + .../spec/unit/puppet/provider/ruby_spec.rb | 144 + tripleo/manifests/loadbalancer.pp | 104 +- trove/.fixtures.yml | 4 +- trove/README.md | 114 + .../trove_api_paste_ini/ini_setting.rb | 19 +- .../trove_conductor_config/ini_setting.rb | 19 +- .../provider/trove_config/ini_setting.rb | 19 +- .../trove_guestagent_config/ini_setting.rb | 19 +- .../trove_taskmanager_config/ini_setting.rb | 19 +- trove/lib/puppet/type/trove_api_paste_ini.rb | 6 + .../lib/puppet/type/trove_conductor_config.rb | 7 + trove/lib/puppet/type/trove_config.rb | 7 + .../puppet/type/trove_guestagent_config.rb | 7 + .../puppet/type/trove_taskmanager_config.rb | 7 + trove/manifests/api.pp | 34 + trove/manifests/keystone/auth.pp | 6 +- trove/manifests/taskmanager.pp | 36 +- trove/spec/acceptance/basic_trove_spec.rb | 34 +- trove/spec/classes/trove_api_spec.rb | 26 + .../spec/classes/trove_keystone_auth_spec.rb | 8 + trove/spec/classes/trove_taskmanager_spec.rb | 17 + .../provider/trove_config/ini_setting_spec.rb | 30 + trove/templates/trove-guestagent.conf.erb | 83 +- vcsrepo/.sync.yml | 6 - vcsrepo/.travis.yml | 4 - vcsrepo/CHANGELOG.md | 11 + .../git/shallow-clone-with-just-one-commit.pp | 7 + vcsrepo/lib/puppet/provider/vcsrepo/git.rb | 40 +- vcsrepo/metadata.json | 12 +- vcsrepo/spec/acceptance/create_repo_spec.rb | 16 + vcsrepo/spec/acceptance/files/server.crt | 14 +- vcsrepo/spec/acceptance/modules_1800_spec.rb | 41 + vcsrepo/spec/acceptance/modules_2326_spec.rb | 69 + .../unit/puppet/provider/vcsrepo/git_spec.rb | 10 +- vswitch/.gitignore | 11 +- vswitch/Gemfile | 41 +- vswitch/Rakefile | 22 +- vswitch/spec/acceptance/basic_vswitch_spec.rb | 15 +- .../acceptance/nodesets/centos-70-x64.yml | 11 + vswitch/spec/acceptance/nodesets/default.yml | 7 +- .../acceptance/nodesets/nodepool-centos7.yml | 2 +- .../acceptance/nodesets/nodepool-trusty.yml | 2 +- .../nodesets/ubuntu-server-1404-x64.yml | 11 + vswitch/spec/shared_examples.rb | 5 + vswitch/spec/spec_helper.rb | 5 + xinetd/.fixtures.yml | 6 +- xinetd/.gitignore | 2 + xinetd/.travis.yml | 47 +- xinetd/Gemfile | 10 +- xinetd/README.md | 1 + xinetd/Rakefile | 5 + xinetd/examples/init.pp | 2 +- xinetd/manifests/params.pp | 1 + xinetd/manifests/service.pp | 22 +- xinetd/metadata.json | 2 +- xinetd/spec/defines/xinetd_service_spec.rb | 18 +- xinetd/templates/service.erb | 5 + 820 files changed, 17432 insertions(+), 5655 deletions(-) create mode 100644 apache/manifests/mod/auth_mellon.pp create mode 100644 apache/spec/classes/mod/auth_mellon_spec.rb create mode 100644 apache/spec/classes/mod/disk_cache.rb create mode 100644 apache/templates/mod/auth_mellon.conf.erb rename apache/templates/mod/{fcgid.conf.erb => unixd_fcgid.conf.erb} (100%) create mode 100644 apache/templates/vhost/_filters.erb create mode 100644 apache/tests/vhost_filter.pp create mode 100644 ceilometer/spec/acceptance/ceilometer_wsgi_apache_spec.rb create mode 100644 ceilometer/spec/acceptance/nodesets/centos-70-x64.yml create mode 100644 ceilometer/spec/acceptance/nodesets/ubuntu-server-1404-x64.yml create mode 100644 cinder/manifests/cron/db_purge.pp create mode 100644 cinder/spec/acceptance/nodesets/centos-70-x64.yml create mode 100644 cinder/spec/acceptance/nodesets/ubuntu-server-1404-x64.yml create mode 100644 cinder/spec/classes/cinder_cron_db_purge_spec.rb create mode 100644 cinder/spec/unit/provider/cinder_config/ini_setting_spec.rb create mode 100644 cinder/spec/unit/type/cinder_config_spec.rb create mode 100644 firewall/spec/acceptance/firewall_dscp_spec.rb create mode 100644 gluster/data/versions/3.7/3.7.2.yaml create mode 100644 gluster/examples/filesystem-backed-bricks-arbiter-example.pp create mode 100644 gnocchi/spec/acceptance/nodesets/centos-70-x64.yml delete mode 100644 heat/lib/puppet/provider/heat_domain_id_setter/ruby.rb delete mode 100644 heat/lib/puppet/type/heat_domain_id_setter.rb create mode 100644 heat/manifests/db/sync.pp create mode 100644 heat/spec/acceptance/nodesets/centos-70-x64.yml create mode 100644 heat/spec/acceptance/nodesets/ubuntu-server-1404-x64.yml create mode 100644 heat/spec/classes/heat_db_sync_spec.rb create mode 100644 heat/spec/unit/provider/heat_config/ini_setting_spec.rb delete mode 100644 heat/spec/unit/provider/heat_domain_id_setter/heat_spec.rb create mode 100644 heat/spec/unit/type/heat_config_spec.rb create mode 100644 horizon/.sync.yml create mode 100644 horizon/spec/acceptance/nodesets/centos-70-x64.yml create mode 100644 horizon/spec/acceptance/nodesets/ubuntu-server-1404-x64.yml rename inifile/{tests => examples}/ini_setting.pp (100%) rename inifile/{tests => examples}/ini_subsetting.pp (100%) create mode 100644 ironic/manifests/bifrost.pp create mode 100644 ironic/manifests/db/sync.pp create mode 100644 ironic/spec/acceptance/nodesets/centos-70-x64.yml create mode 100644 ironic/spec/acceptance/nodesets/ubuntu-server-1404-x64.yml create mode 100644 ironic/spec/classes/ironic_bifrost_spec.rb create mode 100644 ironic/spec/classes/ironic_db_sync_spec.rb create mode 100644 ironic/spec/unit/provider/ironic_config/ini_setting_spec.rb create mode 100644 ironic/spec/unit/type/ironic_config_spec.rb create mode 100644 ironic/templates/baremetal.json.erb create mode 100644 ironic/templates/bifrost_global_vars.erb create mode 100644 keystone/.sync.yml create mode 100644 keystone/spec/acceptance/nodesets/centos-70-x64.yml create mode 100644 keystone/spec/acceptance/nodesets/ubuntu-server-1404-x64.yml create mode 100644 keystone/spec/unit/provider/keystone_config/ini_setting_spec.rb create mode 100644 keystone/spec/unit/type/keystone_config_spec.rb create mode 100644 manila/spec/acceptance/manila_config_spec.rb create mode 100644 manila/spec/unit/provider/manila_config/ini_setting_spec.rb create mode 100644 manila/spec/unit/type/manila_config_spec.rb create mode 100644 module-collectd/lib/puppet/parser/functions/collectd_convert_processmatch.rb create mode 100644 module-collectd/manifests/plugin/aggregation.pp create mode 100644 module-collectd/manifests/plugin/aggregation/aggregator.pp create mode 100644 module-collectd/manifests/plugin/ceph.pp create mode 100644 module-collectd/manifests/plugin/chain.pp create mode 100644 module-collectd/manifests/plugin/exec/cmd.pp create mode 100644 module-collectd/manifests/plugin/netlink.pp create mode 100644 module-collectd/manifests/plugin/processes/process.pp create mode 100644 module-collectd/manifests/plugin/processes/processmatch.pp create mode 100644 module-collectd/manifests/plugin/write_graphite/carbon.pp create mode 100644 module-collectd/spec/classes/collectd_plugin_ceph_spec.rb create mode 100644 module-collectd/spec/classes/collectd_plugin_exec_spec.rb create mode 100644 module-collectd/spec/classes/collectd_plugin_logfile_spec.rb create mode 100644 module-collectd/spec/classes/collectd_plugin_memory_spec.rb create mode 100644 module-collectd/spec/classes/collectd_plugin_netlink_spec.rb create mode 100644 module-collectd/spec/classes/collectd_plugin_openvpn_spec.rb create mode 100644 module-collectd/spec/defines/collectd_plugin_exec_cmd_spec.rb create mode 100644 module-collectd/spec/defines/collectd_plugin_write_graphite_spec.rb delete mode 100644 module-collectd/templates/exec.conf.erb create mode 100644 module-collectd/templates/plugin/aggregation-aggregator.conf.erb create mode 100644 module-collectd/templates/plugin/ceph.conf.erb create mode 100644 module-collectd/templates/plugin/chain.conf.erb create mode 100644 module-collectd/templates/plugin/exec/cmd.conf.erb create mode 100644 module-collectd/templates/plugin/memory.conf.erb create mode 100644 module-collectd/templates/plugin/netlink.conf.erb delete mode 100644 module-collectd/templates/plugin/processes.conf.erb delete mode 100644 module-collectd/templates/plugin/write_graphite.conf.erb create mode 100644 module-collectd/templates/plugin/write_graphite/carbon.conf.erb create mode 100644 module-collectd/tests/plugins/ceph.pp create mode 100644 module-collectd/tests/plugins/netlink.pp create mode 100644 mysql/templates/xtrabackup.sh.erb create mode 100644 n1k_vsm/templates/vsm_vm_secondary.xml.erb create mode 100644 neutron/examples/cisco_ml2.pp delete mode 100644 neutron/lib/puppet/provider/neutron_plugin_ovs/ini_setting.rb delete mode 100644 neutron/lib/puppet/type/neutron_plugin_ovs.rb create mode 100644 neutron/manifests/plugins/ml2/cisco.pp create mode 100644 neutron/manifests/plugins/ml2/cisco/type_nexus_vxlan.pp create mode 100644 neutron/manifests/plugins/ml2/cisco/ucsm.pp create mode 100644 neutron/spec/acceptance/nodesets/centos-70-x64.yml create mode 100644 neutron/spec/acceptance/nodesets/ubuntu-server-1404-x64.yml delete mode 100644 neutron/spec/classes/neutron_plugins_cisco_ml2_spec.rb create mode 100644 neutron/spec/classes/neutron_plugins_ml2_cisco_nexus_spec.rb create mode 100644 neutron/spec/classes/neutron_plugins_ml2_cisco_spec.rb create mode 100644 neutron/spec/classes/neutron_plugins_ml2_cisco_type_nexus_vxlan_spec.rb create mode 100644 neutron/spec/classes/neutron_plugins_ml2_cisco_ucsm_spec.rb rename neutron/templates/{ml2_conf_cisco.ini.erb => ml2_mech_cisco_nexus_conf.erb} (51%) create mode 100644 nova/manifests/db/sync.pp create mode 100644 nova/spec/acceptance/nodesets/centos-70-x64.yml create mode 100644 nova/spec/classes/nova_db_sync_spec.rb create mode 100644 ntp/spec/acceptance/nodesets/fedora-21-x64.yml create mode 100644 openstack_extras/spec/acceptance/nodesets/centos-70-x64.yml create mode 100644 openstack_extras/spec/acceptance/nodesets/default.yml create mode 100644 openstack_extras/spec/acceptance/nodesets/nodepool-centos7.yml create mode 100644 openstack_extras/spec/acceptance/nodesets/nodepool-trusty.yml create mode 100644 openstack_extras/spec/acceptance/nodesets/ubuntu-server-1404-x64.yml create mode 100644 openstack_extras/spec/acceptance/openstack_extras_auth_file_spec.rb create mode 100644 openstack_extras/spec/acceptance/openstack_extras_repo_spec.rb create mode 100644 openstack_extras/spec/shared_examples.rb create mode 100644 openstack_extras/spec/spec_helper_acceptance.rb delete mode 100644 openstacklib/lib/puppet_x/openstack/util/ini_file.rb create mode 100644 openstacklib/spec/acceptance/nodesets/centos-70-x64.yml create mode 100644 openstacklib/spec/acceptance/nodesets/ubuntu-server-1404-x64.yml create mode 100644 openstacklib/spec/acceptance/openstacklib_config_provider_spec.rb create mode 100644 openstacklib/spec/unit/provider/openstack_config/ini_setting_spec.rb create mode 100644 pacemaker/lib/puppet/provider/pcmk_resource_default/pcs.rb create mode 100644 pacemaker/lib/puppet/type/pcmk_resource_default.rb create mode 100644 pacemaker/manifests/resource_defaults.pp create mode 100644 sahara/manifests/db/sync.pp create mode 100644 sahara/manifests/notify.pp create mode 100644 sahara/spec/acceptance/nodesets/centos-70-x64.yml create mode 100644 sahara/spec/acceptance/nodesets/ubuntu-server-1404-x64.yml create mode 100644 sahara/spec/classes/sahara_db_sync_spec.rb create mode 100644 sahara/spec/classes/sahara_notify_spec.rb rename stdlib/{tests => examples}/file_line.pp (87%) rename stdlib/{tests => examples}/has_interface_with.pp (97%) rename stdlib/{tests => examples}/has_ip_address.pp (89%) rename stdlib/{tests => examples}/has_ip_network.pp (88%) create mode 100644 stdlib/examples/init.pp create mode 100644 stdlib/lib/puppet/parser/functions/convert_base.rb create mode 100644 stdlib/lib/puppet/parser/functions/dos2unix.rb create mode 100644 stdlib/lib/puppet/parser/functions/load_module_metadata.rb create mode 100644 stdlib/lib/puppet/parser/functions/try_get_value.rb create mode 100644 stdlib/lib/puppet/parser/functions/unix2dos.rb delete mode 100755 stdlib/spec/acceptance/ensure_packages_spec.rb create mode 100755 stdlib/spec/acceptance/try_get_value_spec.rb create mode 100644 stdlib/spec/fixtures/lsuser/root create mode 100644 stdlib/spec/functions/convert_base_spec.rb create mode 100644 stdlib/spec/functions/dos2unix_spec.rb create mode 100755 stdlib/spec/functions/load_module_metadata.rb create mode 100644 stdlib/spec/functions/try_get_value_spec.rb create mode 100644 stdlib/spec/functions/unix2dos_spec.rb delete mode 100644 stdlib/tests/init.pp create mode 100644 swift/spec/acceptance/swift_config_spec.rb create mode 100644 swift/spec/classes/swift_proxy_tempauth_spec.rb create mode 100644 swift/spec/unit/provider/swift_account_config/ini_setting_spec.rb create mode 100644 swift/spec/unit/provider/swift_bench_config/ini_setting_spec.rb create mode 100644 swift/spec/unit/provider/swift_config/ini_setting_spec.rb create mode 100644 swift/spec/unit/provider/swift_container_config/ini_setting_spec.rb create mode 100644 swift/spec/unit/provider/swift_dispersion_config/ini_setting_spec.rb create mode 100644 swift/spec/unit/provider/swift_object_config/ini_setting_spec.rb create mode 100644 swift/spec/unit/provider/swift_proxy_config/ini_setting_spec.rb create mode 100644 swift/spec/unit/type/swift_account_config_spec.rb create mode 100644 swift/spec/unit/type/swift_bench_config_spec.rb create mode 100644 swift/spec/unit/type/swift_config_spec.rb create mode 100644 swift/spec/unit/type/swift_container_config_spec.rb create mode 100644 swift/spec/unit/type/swift_dispersion_config_spec.rb create mode 100644 swift/spec/unit/type/swift_object_config_spec.rb create mode 100644 swift/spec/unit/type/swift_proxy_config_spec.rb create mode 100644 tempest/spec/acceptance/nodesets/centos-70-x64.yml create mode 100644 tempest/spec/acceptance/nodesets/ubuntu-server-1404-x64.yml create mode 100644 tempest/spec/unit/puppet/provider/ruby_spec.rb create mode 100644 vcsrepo/examples/git/shallow-clone-with-just-one-commit.pp create mode 100644 vcsrepo/spec/acceptance/modules_1800_spec.rb create mode 100644 vcsrepo/spec/acceptance/modules_2326_spec.rb create mode 100644 vswitch/spec/acceptance/nodesets/centos-70-x64.yml create mode 100644 vswitch/spec/acceptance/nodesets/ubuntu-server-1404-x64.yml create mode 100644 vswitch/spec/shared_examples.rb diff --git a/Puppetfile b/Puppetfile index ab93e9135..1b5e0c6ca 100644 --- a/Puppetfile +++ b/Puppetfile @@ -1,5 +1,5 @@ mod 'apache', - :commit => '44b0f0f851119c6504628b287f1776f303f22f99', + :commit => '00b0da75cbe2a11a8577b87cb635d0c04440db10', :git => 'https://github.com/puppetlabs/puppetlabs-apache.git' mod 'aviator', @@ -7,7 +7,7 @@ mod 'aviator', :git => 'https://github.com/aimonb/puppet_aviator.git' mod 'ceilometer', - :commit => 'cf846dc5324f023a19eddc7ea292895b9a747a8b', + :commit => '7d20689bbb3857872cd63497ac45d523ed775d0d', :git => 'https://github.com/openstack/puppet-ceilometer.git' mod 'ceph', @@ -19,7 +19,7 @@ mod 'certmonger', :git => 'https://github.com/rcritten/puppet-certmonger.git' mod 'cinder', - :commit => '307bf250587a972020fbe3623a6851c0cf19b9e8', + :commit => '7519759797dbf797971ac0dd6411053c78ac4d41', :git => 'https://github.com/openstack/puppet-cinder.git' mod 'common', @@ -35,7 +35,7 @@ mod 'corosync', :git => 'https://github.com/puppetlabs/puppetlabs-corosync.git' mod 'firewall', - :commit => '185d2cdd1b8ee5e886c7daedec33fbe681e32986', + :commit => 'f973175bc01e6ab357857efbd611bb34ef1a2e4b', :git => 'https://github.com/puppetlabs/puppetlabs-firewall.git' mod 'galera', @@ -43,31 +43,31 @@ mod 'galera', :git => 'https://github.com/redhat-openstack/puppet-galera.git' mod 'glance', - :commit => '4e8e53bff3818c7cfda3317426281d8f6c4ea295', + :commit => '35c1701ba8817ace08f882a670d3d7152544d133', :git => 'https://github.com/openstack/puppet-glance.git' mod 'gluster', - :commit => 'da4dd8e45d7f3e3acc77ceba01d96c5bb4675424', + :commit => 'e3c2486867b950a892663b7eca03bceee84c8b6e', :git => 'https://github.com/purpleidea/puppet-gluster.git' mod 'gnocchi', - :commit => 'dc2a8521b45fba14ed33318d447694fe4569290e', + :commit => '34be2c3ec87cb7250146779d58462b21468c37dc', :git => 'https://github.com/openstack/puppet-gnocchi.git' mod 'haproxy', - :commit => 'fc13a7e7716f1689e38ae6bb4a9bbc713be9ae6b', + :commit => 'ad4fa8dfe69268f6daa1aa532bd8684d6427c991', :git => 'https://github.com/puppetlabs/puppetlabs-haproxy.git' mod 'heat', - :commit => '0e850373a8196b06e4387abb5f2fe81727dce1fb', + :commit => '16b4eca4c95d7873ef510181f4a52592abeca24c', :git => 'https://github.com/openstack/puppet-heat.git' mod 'horizon', - :commit => '04239bd5a55d0e454c97c3c229f654e40e64cca0', + :commit => '2eaaebdf08e66096bb3da6d52a876fbe0d8dee0e', :git => 'https://github.com/openstack/puppet-horizon.git' mod 'inifile', - :commit => 'a09bfef1ed434ab48d5b57c3efba3ad4885a40b7', + :commit => '960d85a670191e8d59ac2aa67b20fc6160a40acd', :git => 'https://github.com/puppetlabs/puppetlabs-inifile.git' mod 'ipa', @@ -75,7 +75,7 @@ mod 'ipa', :git => 'https://github.com/xbezdick/puppet-ipa-1.git' mod 'ironic', - :commit => '4ad6a50a4bcba6ea4c5719a58572409fdaad7ab6', + :commit => '7f09ae46c15fe5fd97e39b85e7cdb63a83283c37', :git => 'https://github.com/openstack/puppet-ironic.git' mod 'keepalived', @@ -83,11 +83,11 @@ mod 'keepalived', :git => 'https://github.com/Unyonsys/puppet-module-keepalived.git' mod 'keystone', - :commit => '8f5286557f9c38e858198f243560d1167a01d3a3', + :commit => 'a39ce03ac03cc31964ae530d7b6239a630059a5f', :git => 'https://github.com/openstack/puppet-keystone.git' mod 'manila', - :commit => '6f7c6999842a2f8ab4db503614a61f57a1dde0a5', + :commit => '635f1ffce006d19e1c1788ec2b75bdf6b1c4c627', :git => 'https://github.com/openstack/puppet-manila.git' mod 'memcached', @@ -95,23 +95,23 @@ mod 'memcached', :git => 'https://github.com/saz/puppet-memcached.git' mod 'module-collectd', - :commit => 'a1901fb888a9964c9bdc64badc721e033a7d27ce', + :commit => 'b16d0e7cf1c7469b063ef5205d54c6e9a8de1734', :git => 'https://github.com/pdxcat/puppet-module-collectd.git' mod 'module-data', - :commit => 'f62e245b08fd4003f13be13d75ea4a899fe8d3ea', + :commit => '324e79829b29734bd711a991baadb27ae5331642', :git => 'https://github.com/ripienaar/puppet-module-data.git' mod 'mongodb', - :commit => '6e0351d3f60e2bffc63dcf107617473e2903792a', + :commit => 'b2441019cfaafa1ad50236fc2d45d3a00ee1b715', :git => 'https://github.com/puppetlabs/puppetlabs-mongodb.git' mod 'mysql', - :commit => 'c095230b9e680043bed2b4a39e672068c6982ebd', + :commit => '8b365689caceb5dc0bcb0763b4a7b369c6434778', :git => 'https://github.com/puppetlabs/puppetlabs-mysql.git' mod 'n1k_vsm', - :commit => '7b57af350fdb25830e0136658324f9c51e49657f', + :commit => 'a9bbbc6e6455c9fd9b9bd18b90ce5422af0d6e3c', :git => 'https://github.com/stackforge/puppet-n1k-vsm.git' mod 'nagios', @@ -119,11 +119,11 @@ mod 'nagios', :git => 'https://github.com/gildub/puppet-nagios-openstack.git' mod 'neutron', - :commit => '78d9f0b803965108ed09a4de03c9a4b4c81ac740', + :commit => 'f4a0f2aa66bd04a930b02e2c2b3f9f0377a451e7', :git => 'https://github.com/openstack/puppet-neutron.git' mod 'nova', - :commit => '24f8b79c5c670d5569ef020ee50eed8e8711499d', + :commit => '5ee9fcdf00e5363efb68f3605747c606a6eaabee', :git => 'https://github.com/openstack/puppet-nova.git' mod 'nssdb', @@ -131,19 +131,19 @@ mod 'nssdb', :git => 'https://github.com/rcritten/puppet-nssdb.git' mod 'ntp', - :commit => 'e02640f066279808e9bd6cfa49b90e7792c0fa00', + :commit => 'dfa496a394dd1a7120af203f0a31eeb536f7af2d', :git => 'https://github.com/puppetlabs/puppetlabs-ntp' mod 'openstack_extras', - :commit => '05a78ad7948b5a90ebd3664ca72f0c779d4ef964', + :commit => '6f44d1844601fda47b73456e05980a23234a873b', :git => 'https://github.com/openstack/puppet-openstack_extras.git' mod 'openstacklib', - :commit => 'f754ef3bcf05177e50375c6464231214f66f83f8', + :commit => '745dccbfcd3637821f4f9135f4489e865184da82', :git => 'https://github.com/openstack/puppet-openstacklib.git' mod 'pacemaker', - :commit => '1fa8e5591ab606a7be3bae32df088f6cec26d3c0', + :commit => '69e914e3c6d6c65866c3e087f97b0816c1af78c6', :git => 'https://github.com/redhat-openstack/puppet-pacemaker.git' mod 'puppet', @@ -159,7 +159,7 @@ mod 'rabbitmq', :git => 'https://github.com/puppetlabs/puppetlabs-rabbitmq.git' mod 'redis', - :commit => 'e0dd310acd2d5eaac496dc8c295bf53bb5d09557', + :commit => 'df4e2077220b13751c6f4fa89e714c0be72a65a7', :git => 'https://github.com/arioch/puppet-redis.git' mod 'remote', @@ -171,7 +171,7 @@ mod 'rsync', :git => 'https://github.com/puppetlabs/puppetlabs-rsync.git' mod 'sahara', - :commit => 'd8cccf84b07972456310c571480446b7e0bc3aca', + :commit => 'a0a09deb43e7ac8f896764078aa098516f27fbcf', :git => 'https://github.com/openstack/puppet-sahara.git' mod 'snmp', @@ -187,11 +187,11 @@ mod 'staging', :git => 'https://github.com/nanliu/puppet-staging.git' mod 'stdlib', - :commit => 'f820bb156038f638d8e488286d0c2b92c5636925', + :commit => '6a1afae97e0451590c833acdd79fd730f49137b9', :git => 'https://github.com/puppetlabs/puppetlabs-stdlib.git' mod 'swift', - :commit => 'da4a0dd2aecd695b22796447e1f9ab742890816d', + :commit => '4c5f53d0d3723256633e858b838c14b46f43685e', :git => 'https://github.com/openstack/puppet-swift.git' mod 'sysctl', @@ -199,7 +199,7 @@ mod 'sysctl', :git => 'https://github.com/puppetlabs/puppetlabs-sysctl.git' mod 'tempest', - :commit => '3c939852efae33ab5570813b93f162d4a5c89db2', + :commit => '44dc6707130842a94fc2629d4f5a92e14af25587', :git => 'https://github.com/openstack/puppet-tempest.git' mod 'timezone', @@ -207,11 +207,11 @@ mod 'timezone', :git => 'https://github.com/saz/puppet-timezone.git' mod 'tripleo', - :commit => 'f626a227b25b2345afcc27217be7df9f1664317a', + :commit => 'c529fce3ef2f246909cb821bc2319cc5413960d3', :git => 'https://github.com/openstack/puppet-tripleo.git' mod 'trove', - :commit => 'b3be8c5f78119cb581e47fb836de53941aa7429b', + :commit => '3da8e3e2fa5c8a5484bd17f7206f287201cd3e1c', :git => 'https://github.com/openstack/puppet-trove' mod 'tuskar', @@ -219,7 +219,7 @@ mod 'tuskar', :git => 'https://github.com/openstack/puppet-tuskar.git' mod 'vcsrepo', - :commit => 'fd63cd94caae3aedcce53b8fad9fd1d5f29139da', + :commit => 'a39349a4388cd56aad5cfc8eead2f2a17f545287', :git => 'https://github.com/puppetlabs/puppetlabs-vcsrepo.git' mod 'vlan', @@ -227,10 +227,10 @@ mod 'vlan', :git => 'https://github.com/derekhiggins/puppet-vlan.git' mod 'vswitch', - :commit => 'b3d2f93dc076256a58f2d30b474ab32028c76390', + :commit => '49354c402f6a097bf25f8eccec325a76fe57b71e', :git => 'https://github.com/openstack/puppet-vswitch.git' mod 'xinetd', - :commit => '1420bf2bf2462a95185e9d2fffdf0a93edd8c7dc', + :commit => '749651ed7d4e8924bb701153f184a13af0a669a3', :git => 'https://github.com/puppetlabs/puppetlabs-xinetd.git' diff --git a/apache/.travis.yml b/apache/.travis.yml index 16d694bb6..c418ab5f2 100644 --- a/apache/.travis.yml +++ b/apache/.travis.yml @@ -6,8 +6,6 @@ script: "bundle exec rake validate && bundle exec rake lint && bundle exec rake matrix: fast_finish: true include: - - rvm: 1.8.7 - env: PUPPET_GEM_VERSION="~> 3.0" - rvm: 1.9.3 env: PUPPET_GEM_VERSION="~> 3.0" - rvm: 2.1.5 diff --git a/apache/CHANGELOG.md b/apache/CHANGELOG.md index 7a722a8a9..985194bf5 100644 --- a/apache/CHANGELOG.md +++ b/apache/CHANGELOG.md @@ -1,9 +1,23 @@ -##2015-06-11 - Supported Release 1.5.0 +## 2015-07-28 - Supported Release 1.6.0 +### Summary +This release includes a couple of new features, along with test and documentation updates, and support for the latest AIO puppet builds. + +#### Features +- Add `scan_proxy_header_field` parameter to `apache::mod::geoip` +- Add `ssl_openssl_conf_cmd` parameter to `apache::vhost` and `apache::mod::ssl` +- Add `filters` parameter to `apache::vhost` + +#### Bugfixes +- Test updates +- Do not use systemd on Amazon Linux +- Add missing docs for `timeout` parameter (MODULES-2148) + +## 2015-06-11 - Supported Release 1.5.0 ### Summary This release primarily adds Suse compatibility. It also adds a handful of other parameters for greater configuration control. -### Features +#### Features - Add `apache::lib_path` parameter - Add `apache::service_restart` parameter - Add `apache::vhost::geoip_enable` parameter @@ -17,7 +31,7 @@ parameters for greater configuration control. - Add `apache::mod::ssl::ssl_honorcipherorder` parameter - Add `apache::mod::userdir::options` parameter -### Bugfixes +#### Bugfixes - Document `apache::user` parameter - Document `apache::group` parameter - Fix apache::dev on FreeBSD @@ -30,16 +44,16 @@ parameters for greater configuration control. - Fix userdir access permissions - Fix issue where the module was trying to use systemd on Amazon Linux. -##2015-04-28 - Supported Release 1.4.1 +## 2015-04-28 - Supported Release 1.4.1 This release corrects a metadata issue that has been present since release 1.2.0. The refactoring of `apache::vhost` to use `puppetlabs-concat` requires a version of concat newer than the version required in PE. If you are using PE 3.3.0 or earlier you will need to use version 1.1.1 or earlier of the `puppetlabs-apache` module. -##2015-03-17 - Supported Release 1.4.0 +## 2015-03-17 - Supported Release 1.4.0 ###Summary This release fixes the issue where the docroot was still managed even if the default vhosts were disabled and has many other features and bugfixes including improved support for 'deny' and 'require' as arrays in the 'directories' parameter under `apache::vhost` -####Features +#### Features - New parameters to `apache` - `default_charset` - `default_type` @@ -67,7 +81,7 @@ This release fixes the issue where the docroot was still managed even if the def - Added proper array support for `require` in the `directories` parameter in `apache::vhost` - Added support for `setenv` inside proxy locations -###Bugfixes +### Bugfixes - Fix issue in `apache::vhost` that was preventing the scriptalias fragment from being included (MODULES-1784) - Install required `mod_ldap` package for EL7 (MODULES-1779) - Change default value of `maxrequestworkers` in `apache::mod::event` to be a multiple of the default `ThreadsPerChild` of 25. @@ -77,12 +91,12 @@ This release fixes the issue where the docroot was still managed even if the def - Change the loadfile name for `mod_passenger` so `mod_proxy` will load by default before `mod_passenger` - Remove old Debian work-around that removed `passenger_extra.conf` -##2015-02-17 - Supported Release 1.3.0 -###Summary +## 2015-02-17 - Supported Release 1.3.0 +### Summary This release has many new features and bugfixes, including the ability to optionally not trigger service restarts on config changes. -####Features +#### Features - New parameters - `apache` - `service_manage` - `use_optional_includes` @@ -117,7 +131,7 @@ This release has many new features and bugfixes, including the ability to option - Add passenger support for Debian Jessie - Add support for not having puppet restart the apache service (MODULES-1559) -####Bugfixes +#### Bugfixes - For apache 2.4 `mod_itk` requires `mod_prefork` (MODULES-825) - Allow SSLCACertificatePath to be unset in `apache::vhost` (MODULES-1457) - Load fcgid after unixd on RHEL7 @@ -136,12 +150,12 @@ This release has many new features and bugfixes, including the ability to option - Fix indentation in `vhost/_directories.erb` template (MODULES-1688) - Create symlinks on all distros if `vhost_enable_dir` is specified -##2014-09-30 - Supported Release 1.2.0 -###Summary +## 2014-09-30 - Supported Release 1.2.0 +### Summary This release features many improvements and bugfixes, including several new defines, a reworking of apache::vhost for more extensibility, and many new parameters for more customization. This release also includes improved support for strict variables and the future parser. -####Features +#### Features - Convert apache::vhost to use concat for easier extensions - Test improvements - Synchronize files with modulesync @@ -204,7 +218,7 @@ This release features many improvements and bugfixes, including several new defi - Add apache_version parameter to apache::mod::userdir - Add apache::mod::version class -####Bugfixes +#### Bugfixes - Set osfamily defaults for wsgi_socket_prefix - Support multiple balancermembers with the same url - Validate apache::vhost::custom_fragment @@ -235,25 +249,25 @@ This release features many improvements and bugfixes, including several new defi - Fix RedirectMatch rules - Fix misleading error message in apache::version -####Known Bugs +#### Known Bugs * By default, the version of Apache that ships with Ubuntu 10.04 does not work with `wsgi_import_script`. * SLES is unsupported. -##2014-07-15 - Supported Release 1.1.1 -###Summary +## 2014-07-15 - Supported Release 1.1.1 +### Summary This release merely updates metadata.json so the module can be uninstalled and upgraded via the puppet module command. ## 2014-04-14 Supported Release 1.1.0 -###Summary +### Summary This release primarily focuses on extending the httpd 2.4 support, tested through adding RHEL7 and Ubuntu 14.04 support. It also includes Passenger 4 support, as well as several new modules and important bugfixes. -####Features +#### Features - Add support for RHEL7 and Ubuntu 14.04 - More complete apache24 support @@ -268,7 +282,7 @@ through adding RHEL7 and Ubuntu 14.04 support. It also includes Passenger - Add support for custom extensions for mod_php - Improve proxy_html support for Debian -####Bugfixes +#### Bugfixes - Remove NameVirtualHost directive for apache >= 2.4 - Order proxy_set option so it doesn't change between runs @@ -276,42 +290,42 @@ through adding RHEL7 and Ubuntu 14.04 support. It also includes Passenger - Fix missing ensure on concat::fragment resources - Fix bad dependencies in apache::mod and apache::mod::mime -####Known Bugs +#### Known Bugs * By default, the version of Apache that ships with Ubuntu 10.04 does not work with `wsgi_import_script`. * SLES is unsupported. ## 2014-03-04 Supported Release 1.0.1 -###Summary +### Summary This is a supported release. This release removes a testing symlink that can cause trouble on systems where /var is on a seperate filesystem from the modulepath. -####Features -####Bugfixes -####Known Bugs +#### Features +#### Bugfixes +#### Known Bugs * By default, the version of Apache that ships with Ubuntu 10.04 does not work with `wsgi_import_script`. * SLES is unsupported. ## 2014-03-04 Supported Release 1.0.0 -###Summary +### Summary This is a supported release. This release introduces Apache 2.4 support for Debian and RHEL based osfamilies. -####Features +#### Features - Add apache24 support - Add rewrite_base functionality to rewrites - Updated README documentation - Add WSGIApplicationGroup and WSGIImportScript directives -####Bugfixes +#### Bugfixes - Replace mutating hashes with merge() for Puppet 3.5 - Fix WSGI import_script and mod_ssl issues on Lucid -####Known Bugs +#### Known Bugs * By default, the version of Apache that ships with Ubuntu 10.04 does not work with `wsgi_import_script`. * SLES is unsupported. @@ -493,7 +507,7 @@ worker/prefork - Fix formatting in vhost template - Fix spec tests such that they pass -##2012-05-08 Puppet Labs - 0.0.4 +## 2012-05-08 Puppet Labs - 0.0.4 * e62e362 Fix broken tests for ssl, vhost, vhost::* * 42c6363 Changes to match style guide and pass puppet-lint without error * 42bc8ba changed name => path for file resources in order to name namevar by it's name diff --git a/apache/README.md b/apache/README.md index 68a91e94c..58e8e03eb 100644 --- a/apache/README.md +++ b/apache/README.md @@ -1,564 +1,1184 @@ -#apache - -####Table of Contents - -1. [Overview - What is the apache module?](#overview) -2. [Module Description - What does the module do?](#module-description) -3. [Setup - The basics of getting started with apache](#setup) - * [Beginning with apache - Installation](#beginning-with-apache) - * [Configure a virtual host - Basic options for getting started](#configure-a-virtual-host) -4. [Usage - The classes and defined types available for configuration](#usage) - * [Classes and Defined Types](#classes-and-defined-types) - * [Class: apache](#class-apache) - * [Defined Type: apache::custom_config](#defined-type-apachecustom_config) - * [Class: apache::default_mods](#class-apachedefault_mods) - * [Defined Type: apache::mod](#defined-type-apachemod) - * [Classes: apache::mod::*](#classes-apachemodname) - * [Class: apache::mod::alias](#class-apachemodalias) - * [Class: apache::mod::event](#class-apachemodevent) - * [Class: apache::mod::geoip](#class-apachemodgeoip) - * [Class: apache::mod::info](#class-apachemodinfo) - * [Class: apache::mod::pagespeed](#class-apachemodpagespeed) - * [Class: apache::mod::php](#class-apachemodphp) - * [Class: apache::mod::ssl](#class-apachemodssl) - * [Class: apache::mod::status](#class-apachemodstatus) - * [Class: apache::mod::expires](#class-apachemodexpires) - * [Class: apache::mod::wsgi](#class-apachemodwsgi) - * [Class: apache::mod::fcgid](#class-apachemodfcgid) - * [Class: apache::mod::negotiation](#class-apachemodnegotiation) - * [Class: apache::mod::deflate](#class-apachemoddeflate) - * [Class: apache::mod::reqtimeout](#class-apachemodreqtimeout) - * [Class: apache::mod::security](#class-modsecurity) - * [Class: apache::mod::version](#class-apachemodversion) - * [Defined Type: apache::vhost](#defined-type-apachevhost) - * [Parameter: `directories` for apache::vhost](#parameter-directories-for-apachevhost) - * [SSL parameters for apache::vhost](#ssl-parameters-for-apachevhost) - * [Defined Type: apache::fastcgi::server](#defined-type-fastcgi-server) - * [Virtual Host Examples - Demonstrations of some configuration options](#virtual-host-examples) - * [Load Balancing](#load-balancing) - * [Defined Type: apache::balancer](#defined-type-apachebalancer) - * [Defined Type: apache::balancermember](#defined-type-apachebalancermember) - * [Examples - Load balancing with exported and non-exported resources](#examples) -5. [Reference - An under-the-hood peek at what the module is doing and how](#reference) - * [Classes](#classes) - * [Public Classes](#public-classes) - * [Private Classes](#private-classes) - * [Defined Types](#defined-types) - * [Public Defined Types](#public-defined-types) - * [Private Defined Types](#private-defined-types) - * [Templates](#templates) -6. [Limitations - OS compatibility, etc.](#limitations) -7. [Development - Guide for contributing to the module](#development) - * [Contributing to the apache module](#contributing) - * [Running tests - A quick guide](#running-tests) - -##Overview - -The apache module allows you to set up virtual hosts and manage web services with minimal effort. - -##Module Description - -Apache is a widely-used web server, and this module provides a simplified way of creating configurations to manage your infrastructure. This includes the ability to configure and manage a range of different virtual host setups, as well as a streamlined way to install and configure Apache modules. - -##Setup - -**What apache affects:** - -* configuration files and directories (created and written to) - * **WARNING**: Configurations that are *not* managed by Puppet will be purged. -* package/service/configuration files for Apache -* Apache modules -* virtual hosts -* listened-to ports -* `/etc/make.conf` on FreeBSD and Gentoo -* depends on module 'gentoo/puppet-portage' for Gentoo - -###Beginning with Apache - -To install Apache with the default parameters +# apache + +[Module description]: #module-description + +[Setup]: #setup +[Beginning with Apache]: #beginning-with-apache + +[Usage]: #usage +[Configuring virtual hosts]: #configuring-virtual-hosts +[Configuring virtual hosts with SSL]: #configuring-virtual-hosts-with-ssl +[Configuring virtual host port and address bindings]: #configuring-virtual-host-port-and-address-bindings +[Configuring virtual hosts for apps and processors]: #configuring-virtual-hosts-for-apps-and-processors +[Configuring IP-based virtual hosts]: #configuring-ip-based-virtual-hosts +[Installing Apache modules]: #installing-apache-modules +[Installing arbitrary modules]: #installing-arbitrary-modules +[Installing specific modules]: #installing-specific-modules +[Configuring FastCGI servers]: #configuring-fastcgi-servers-to-handle-php-files +[Load balancing examples]: #load-balancing-examples + +[Reference]: #reference +[Public classes]: #public-classes +[Private classes]: #private-classes +[Public defines]: #public-defines +[Private defines]: #private-defines +[Templates]: #templates + +[Limitations]: #limitations + +[Development]: #development +[Contributing]: #contributing +[Running tests]: #running-tests + +[`AddDefaultCharset`]: http://httpd.apache.org/docs/current/mod/core.html#adddefaultcharset +[`add_listen`]: #add_listen +[`Alias`]: https://httpd.apache.org/docs/current/mod/mod_alias.html#alias +[`AliasMatch`]: https://httpd.apache.org/docs/current/mod/mod_alias.html#aliasmatch +[aliased servers]: https://httpd.apache.org/docs/current/urlmapping.html +[`AllowEncodedSlashes`]: http://httpd.apache.org/docs/current/mod/core.html#allowencodedslashes +[`apache`]: #class-apache +[`apache_version`]: #apache_version +[`apache::balancer`]: #define-apachebalancer +[`apache::balancermember`]: #define-apachebalancermember +[`apache::fastcgi::server`]: #define-apachefastcgiserver +[`apache::mod`]: #define-apachemod +[`apache::mod::`]: #classes-apachemodmodule-name +[`apache::mod::alias`]: #class-apachemodalias +[`apache::mod::auth_cas`]: #class-apachemodauth_cas +[`apache::mod::auth_mellon`]: #class-apachemodauth_mellon +[`apache::mod::disk_cache`]: #class-apachemoddisk_cache +[`apache::mod::event`]: #class-apachemodevent +[`apache::mod::geoip`]: #class-apachemodgeoip +[`apache::mod::itk`]: #class-apachemoditk +[`apache::mod::passenger`]: #class-apachemodpassenger +[`apache::mod::peruser`]: #class-apachemodperuser +[`apache::mod::prefork`]: #class-apachemodprefork +[`apache::mod::proxy_html`]: #class-apachemodproxy_html +[`apache::mod::security`]: #class-apachemodsecurity +[`apache::mod::shib`]: #class-apachemodshib +[`apache::mod::ssl`]: #class-apachemodssl +[`apache::mod::status`]: #class-apachemodstatus +[`apache::mod::worker`]: #class-apachemodworker +[`apache::mod::wsgi`]: #class-apachemodwsgi +[`apache::params`]: #class-apacheparams +[`apache::version`]: #class-apacheversion +[`apache::vhost`]: #define-apachevhost +[`apache::vhost::WSGIImportScript`]: #wsgiimportscript +[Apache HTTP Server]: http://httpd.apache.org +[Apache modules]: http://httpd.apache.org/docs/current/mod/ +[array]: https://docs.puppetlabs.com/puppet/latest/reference/lang_data_array.html + +[beaker-rspec]: https://github.com/puppetlabs/beaker-rspec + +[certificate revocation list]: http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcarevocationfile +[certificate revocation list path]: http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcarevocationpath +[common gateway interface]: http://httpd.apache.org/docs/current/howto/cgi.html +[`confd_dir`]: #confd_dir +[`content`]: #content +[custom error documents]: http://httpd.apache.org/docs/current/custom-error.html +[`custom_fragment`]: #custom_fragment + +[`default_mods`]: #default_mods +[`default_ssl_crl`]: #default_ssl_crl +[`default_ssl_crl_path`]: #default_ssl_crl_path +[`default_ssl_vhost`]: #default_ssl_vhost +[`dev_packages`]: #dev_packages +[`directory`]: #directory +[`directories`]: #parameter-directories-for-apachevhost +[`DirectoryIndex`]: http://httpd.apache.org/docs/current/mod/mod_dir.html#directoryindex +[`docroot`]: #docroot +[`docroot_owner`]: #docroot_owner +[`docroot_group`]: #docroot_group +[`DocumentRoot`]: https://httpd.apache.org/docs/current/mod/core.html#documentroot + +[`EnableSendfile`]: http://httpd.apache.org/docs/current/mod/core.html#enablesendfile +[`ExpiresByType`]: http://httpd.apache.org/docs/current/mod/mod_expires.html#expiresbytype +[enforcing mode]: http://selinuxproject.org/page/Guide/Mode +[`ensure`]: https://docs.puppetlabs.com/references/latest/type.html#package-attribute-ensure +[exported resources]: http://docs.puppetlabs.com/latest/reference/lang_exported.md +[`ExtendedStatus`]: http://httpd.apache.org/docs/current/mod/core.html#extendedstatus + +[Facter]: http://docs.puppetlabs.com/facter/ +[FastCGI]: http://www.fastcgi.com/ +[FallbackResource]: https://httpd.apache.org/docs/current/mod/mod_dir.html#fallbackresource +[`fallbackresource`]: #fallbackresource +[filter rules]: http://httpd.apache.org/docs/current/filter.html +[`filters`]: #filters +[`ForceType`]: http://httpd.apache.org/docs/current/mod/core.html#forcetype + +[GeoIPScanProxyHeaders]: http://dev.maxmind.com/geoip/legacy/mod_geoip2/#Proxy-Related_Directives +[`gentoo/puppet-portage`]: https://github.com/gentoo/puppet-portage + +[Hash]: https://docs.puppetlabs.com/puppet/latest/reference/lang_data_hash.html + +[`IncludeOptional`]: http://httpd.apache.org/docs/current/mod/core.html#includeoptional +[`Include`]: http://httpd.apache.org/docs/current/mod/core.html#include +[interval syntax]: http://httpd.apache.org/docs/current/mod/mod_expires.html#AltSyn +[`ip`]: #ip +[`ip_based`]: #ip_based +[IP-based virtual hosts]: http://httpd.apache.org/docs/current/vhosts/ip-based.html + +[`KeepAlive`]: http://httpd.apache.org/docs/current/mod/core.html#keepalive +[`KeepAliveTimeout`]: http://httpd.apache.org/docs/current/mod/core.html#keepalivetimeout +[`keepalive` parameter]: #keepalive +[`keepalive_timeout`]: #keepalive_timeout + +[`lib`]: #lib +[`lib_path`]: #lib_path +[`Listen`]: http://httpd.apache.org/docs/current/bind.html +[`ListenBackLog`]: https://httpd.apache.org/docs/current/mod/mpm_common.html#listenbacklog +[`LoadFile`]: https://httpd.apache.org/docs/current/mod/mod_so.html#loadfile +[`LogFormat`]: https://httpd.apache.org/docs/current/mod/mod_log_config.html#logformat +[`logroot`]: #logroot +[Log security]: http://httpd.apache.org/docs/current/logs.html#security + +[`manage_user`]: #manage_user +[`manage_group`]: #manage_group +[`MaxConnectionsPerChild`]: https://httpd.apache.org/docs/current/mod/mpm_common.html#maxconnectionsperchild +[`max_keepalive_requests`]: #max_keepalive_requests +[`MaxRequestWorkers`]: https://httpd.apache.org/docs/current/mod/mpm_common.html#maxrequestworkers +[`MaxSpareThreads`]: https://httpd.apache.org/docs/current/mod/mpm_common.html#maxsparethreads +[MIME `content-type`]: https://www.iana.org/assignments/media-types/media-types.xhtml +[`MinSpareThreads`]: https://httpd.apache.org/docs/current/mod/mpm_common.html#minsparethreads +[`mod_alias`]: https://httpd.apache.org/docs/current/mod/mod_alias.html +[`mod_auth_cas`]: https://github.com/Jasig/mod_auth_cas +[`mod_authnz_external`]: https://code.google.com/p/mod-auth-external/ +[`mod_auth_mellon`]: https://github.com/UNINETT/mod_auth_mellon +[`mod_expires`]: http://httpd.apache.org/docs/current/mod/mod_expires.html +[`mod_fcgid`]: https://httpd.apache.org/mod_fcgid/mod/mod_fcgid.html +[`mod_geoip`]: http://dev.maxmind.com/geoip/legacy/mod_geoip2/ +[`mod_info`]: https://httpd.apache.org/docs/current/mod/mod_info.html +[`mod_mpm_event`]: https://httpd.apache.org/docs/current/mod/event.html +[`mod_negotiation`]: http://httpd.apache.org/docs/current/mod/mod_negotiation.html +[`mod_pagespeed`]: https://developers.google.com/speed/pagespeed/module/?hl=en +[`mod_php`]: http://php.net/manual/en/book.apache.php +[`mod_proxy`]: https://httpd.apache.org/docs/current/mod/mod_proxy.html +[`mod_proxy_balancer`]: http://httpd.apache.org/docs/current/mod/mod_proxy_balancer.html +[`mod_reqtimeout`]: http://httpd.apache.org/docs/current/mod/mod_reqtimeout.html +[`mod_security`]: https://www.modsecurity.org/ +[`mod_ssl`]: http://httpd.apache.org/docs/current/mod/mod_ssl.html +[`mod_status`]: http://httpd.apache.org/docs/current/mod/mod_status.html +[`mod_version`]: http://httpd.apache.org/docs/current/mod/mod_version.html +[`mod_wsgi`]: http://modwsgi.readthedocs.org/en/latest/ +[module contribution guide]: http://docs.puppetlabs.com/forge/contributing.html +[`mpm_module`]: #mpm_module +[multi-processing module]: http://httpd.apache.org/docs/current/mpm.html + +[name-based virtual hosts]: https://httpd.apache.org/docs/current/vhosts/name-based.html + +[open source Puppet]: http://docs.puppetlabs.com/puppet/ +[`Options`]: https://httpd.apache.org/docs/current/mod/core.html#options + +[`path`]: #path +[`Peruser`]: http://www.freebsd.org/cgi/url.cgi?ports/www/apache22-peruser-mpm/pkg-descr +[`port`]: #port +[`priority`]: #defines-apachevhost +[`ProxyPass`]: http://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypass +[`ProxySet`]: http://httpd.apache.org/docs/current/mod/mod_proxy.html#proxyset +[Puppet Enterprise]: http://docs.puppetlabs.com/pe/ +[Puppet Forge]: http://forge.puppetlabs.com +[Puppet Labs]: http://puppetlabs.com +[Puppet module]: http://docs.puppetlabs.com/puppet/latest/reference/modules_fundamentals.html +[Puppet module's code]: https://github.com/puppetlabs/puppetlabs-apache/blob/master/manifests/default_mods.pp +[`purge_configs`]: #purge_configs +[`purge_vhost_dir`]: #purge_vhost_dir +[Python]: https://www.python.org/ + +[Rack]: http://rack.github.io/ +[`rack_base_uris`]: #rack_base_uris +[RFC 2616]: https://www.ietf.org/rfc/rfc2616.txt +[`RequestReadTimeout`]: http://httpd.apache.org/docs/current/mod/mod_reqtimeout.html#requestreadtimeout +[rspec-puppet]: http://rspec-puppet.com/ + +[`ScriptAlias`]: https://httpd.apache.org/docs/current/mod/mod_alias.html#scriptalias +[`ScriptAliasMatch`]: https://httpd.apache.org/docs/current/mod/mod_alias.html#scriptaliasmatch +[`scriptalias`]: #scriptalias +[SELinux]: http://selinuxproject.org/ +[`ServerAdmin`]: http://httpd.apache.org/docs/current/mod/core.html#serveradmin +[`serveraliases`]: #serveraliases +[`ServerLimit`]: https://httpd.apache.org/docs/current/mod/mpm_common.html#serverlimit +[`ServerName`]: http://httpd.apache.org/docs/current/mod/core.html#servername +[`ServerRoot`]: http://httpd.apache.org/docs/current/mod/core.html#serverroot +[`ServerTokens`]: http://httpd.apache.org/docs/current/mod/core.html#servertokens +[`ServerSignature`]: http://httpd.apache.org/docs/current/mod/core.html#serversignature +[Service attribute restart]: http://docs.puppetlabs.com/references/latest/type.html#service-attribute-restart +[`source`]: #source +[`SSLCARevocationCheck`]: http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcarevocationcheck +[SSL certificate key file]: http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcertificatekeyfile +[SSL chain]: https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcertificatechainfile +[SSL encryption]: https://httpd.apache.org/docs/current/ssl/index.html +[`ssl`]: #ssl +[`ssl_cert`]: #ssl_cert +[`ssl_compression`]: #ssl_compression +[`ssl_key`]: #ssl_key +[`StartServers`]: https://httpd.apache.org/docs/current/mod/mpm_common.html#startservers +[suPHP]: http://www.suphp.org/Home.html +[`suphp_addhandler`]: #suphp_addhandler +[`suphp_configpath`]: #suphp_configpath +[`suphp_engine`]: #suphp_engine +[supported operating system]: https://forge.puppetlabs.com/supported#puppet-supported-modules-compatibility-matrix + +[`ThreadLimit`]: http://httpd.apache.org/docs/current/mod/mpm_common.html#threadlimit +[`ThreadsPerChild`]: https://httpd.apache.org/docs/current/mod/mpm_common.html#threadsperchild +[`TimeOut`]: http://httpd.apache.org/docs/current/mod/core.html#timeout +[template]: http://docs.puppetlabs.com/puppet/latest/reference/lang_template.html +[`TraceEnable`]: http://httpd.apache.org/docs/current/mod/core.html#traceenable + +[`verify_config`]: #verify_config +[`vhost`]: #define-apachevhost +[`vhost_dir`]: #vhost_dir +[`virtual_docroot`]: #virtual_docroot + +[Web Server Gateway Interface]: https://www.python.org/dev/peps/pep-3333/#abstract +[`WSGIPythonPath`]: https://code.google.com/p/modwsgi/wiki/ConfigurationDirectives#WSGIPythonPath +[`WSGIPythonHome`]: https://code.google.com/p/modwsgi/wiki/ConfigurationDirectives#WSGIPythonHome + +#### Table of Contents + +1. [Module description - What is the apache module, and what does it do?][Module description] +2. [Setup - The basics of getting started with apache][Setup] + - [Beginning with Apache - Installation][Beginning with Apache] +3. [Usage - The classes and defined types available for configuration][Usage] + - [Configuring virtual hosts - Examples to help get started][Configuring virtual hosts] + - [Configuring FastCGI servers to handle PHP files][Configuring FastCGI servers] + - [Load balancing with exported and non-exported resources][Load balancing examples] +4. [Reference - An under-the-hood peek at what the module is doing and how][Reference] + - [Public classes][] + - [Private classes][] + - [Public defines][] + - [Private defines][] + - [Templates][] +5. [Limitations - OS compatibility, etc.][Limitations] +6. [Development - Guide for contributing to the module][Development] + - [Contributing to the apache module][Contributing] + - [Running tests - A quick guide][Running tests] + +## Module description + +[Apache HTTP Server][] (also called Apache HTTPD, or simply Apache) is a widely used web server. This [Puppet module][] simplifies the task of creating configurations to manage Apache servers in your infrastructure. It can configure and manage a range of virtual host setups and provides a streamlined way to install and configure [Apache modules][]. + +## Setup + +**What the apache Puppet module affects:** + +- Configuration files and directories (created and written to) + - **WARNING**: Configurations *not* managed by Puppet will be purged. +- Package/service/configuration files for Apache +- Apache modules +- Virtual hosts +- Listened-to ports +- `/etc/make.conf` on FreeBSD and Gentoo + +On Gentoo, this module depends on the [`gentoo/puppet-portage`][] Puppet module. Note that while several options apply or enable certain features and settings for Gentoo, it is not a [supported operating system][] for this module. + +**Note**: This module modifies Apache configuration files and directories and purges any configuration not managed by Puppet. Apache configuration should be managed by Puppet, as unmanaged configuration files can cause unexpected failures. + +To temporarily disable full Puppet management, set the [`purge_configs`][] parameter in the [`apache`][] class declaration to 'false'. We recommend using this only as a temporary means of saving and relocating customized configurations. + +### Beginning with Apache + +To have Puppet install Apache with the default parameters, declare the [`apache`][] class: + +~~~ puppet +class { 'apache': } +~~~ + +The Puppet module applies a default configuration based on your operating system; Debian, Red Hat, FreeBSD, and Gentoo systems each have unique default configurations. These defaults work in testing environments but are not suggested for production, and Puppet recommends customizing the class's parameters to suit your site. Use the [Reference](#reference) section to find information about the class's parameters and their default values. + +You can customize parameters when declaring the `apache` class. For instance, this declaration installs Apache without the apache module's [default virtual host configuration][Configuring virtual hosts], allowing you to customize all Apache virtual hosts: + +~~~ puppet +class { 'apache': + default_vhosts => false, +} +~~~ -```puppet - class { 'apache': } -``` +## Usage -The defaults are determined by your operating system (e.g. Debian systems have one set of defaults, and RedHat systems have another, as do FreeBSD and Gentoo systems). These defaults work well in a testing environment, but are not suggested for production. To establish customized parameters +### Configuring a virtual host -```puppet - class { 'apache': - default_mods => false, - default_confd_files => false, - } -``` +The default [`apache`][] class sets up a virtual host on port 80, listening on all interfaces and serving the [`docroot`][] parameter's default directory of `/var/www`. -###Configure a virtual host +**Note**: See the [`apache::vhost`][] define's reference for a list of all virtual host parameters. -Declaring the `apache` class creates a default virtual host by setting up a vhost on port 80, listening on all interfaces and serving `$apache::docroot`. +To configure basic [name-based virtual hosts][], specify the [`port`][] and [`docroot`][] parameters in the [`apache::vhost`][] define: -```puppet - class { 'apache': } -``` +~~~ puppet +apache::vhost { 'vhost.example.com': + port => '80', + docroot => '/var/www/vhost', +} +~~~ -To configure a very basic, name-based virtual host +**Note**: Apache processes virtual hosts in alphabetical order, and server administrators can prioritize Apache's virtual host processing by prefixing a virtual host's configuration file name with a number. The [`apache::vhost`][] define applies a default [`priority`][] of 15, which Puppet interprets by prefixing the virtual host's file name with `15-`. This all means that if multiple sites have the same priority, or if you disable priority numbers by setting the `priority` parameter's value to 'false', Apache still processes virtual hosts in alphabetical order. -```puppet - apache::vhost { 'first.example.com': - port => '80', - docroot => '/var/www/first', - } -``` +To configure user and group ownership for `docroot`, use the [`docroot_owner`][] and [`docroot_group`][] parameters: -*Note:* The default priority is 15. If nothing matches this priority, the alphabetically first name-based vhost is used. This is also true if you pass a higher priority and no names match anything else. +~~~ puppet +apache::vhost { 'user.example.com': + port => '80', + docroot => '/var/www/user', + docroot_owner => 'www-data', + docroot_group => 'www-data', +} +~~~ -A slightly more complicated example, changes the docroot owner/group from the default 'root' +#### Configuring virtual hosts with SSL -```puppet - apache::vhost { 'second.example.com': - port => '80', - docroot => '/var/www/second', - docroot_owner => 'third', - docroot_group => 'third', - } -``` +To configure a virtual host to use [SSL encryption][] and default SSL certificates, set the [`ssl`][] parameter. You must also specify the [`port`][] parameter, typically with a value of '443', to accomodate HTTPS requests: -To set up a virtual host with SSL and default SSL certificates +~~~ puppet +apache::vhost { 'ssl.example.com': + port => '443', + docroot => '/var/www/ssl', + ssl => true, +} +~~~ -```puppet - apache::vhost { 'ssl.example.com': - port => '443', - docroot => '/var/www/ssl', - ssl => true, - } -``` +To configure a virtual host to use SSL and specific SSL certificates, use the paths to the certificate and key in the [`ssl_cert`][] and [`ssl_key`][] parameters, respectively: -To set up a virtual host with SSL and specific SSL certificates +~~~ puppet +apache::vhost { 'cert.example.com': + port => '443', + docroot => '/var/www/cert', + ssl => true, + ssl_cert => '/etc/ssl/fourth.example.com.cert', + ssl_key => '/etc/ssl/fourth.example.com.key', +} +~~~ -```puppet - apache::vhost { 'fourth.example.com': - port => '443', - docroot => '/var/www/fourth', - ssl => true, - ssl_cert => '/etc/ssl/fourth.example.com.cert', - ssl_key => '/etc/ssl/fourth.example.com.key', - } -``` +To configure a mix of SSL and unencrypted virtual hosts at the same domain, declare them with separate [`apache::vhost`] defines: -Virtual hosts listen on '*' by default. To listen on a specific IP address +~~~ puppet +# The non-ssl virtual host +apache::vhost { 'mix.example.com non-ssl': + servername => 'mix.example.com', + port => '80', + docroot => '/var/www/mix', +} -```puppet - apache::vhost { 'subdomain.example.com': - ip => '127.0.0.1', - port => '80', - docroot => '/var/www/subdomain', - } -``` +# The SSL virtual host at the same domain +apache::vhost { 'mix.example.com ssl': + servername => 'mix.example.com', + port => '443', + docroot => '/var/www/mix', + ssl => true, +} +~~~ -To set up a virtual host with a wildcard alias for the subdomain mapped to a same-named directory, for example: `http://example.com.loc` to `/var/www/example.com` +To configure a virtual host to redirect unencrypted connections to SSL, declare them with separate [`apache::vhost`] defines and redirect unencrypted requests to the virtual host with SSL enabled: -```puppet - apache::vhost { 'subdomain.loc': - vhost_name => '*', - port => '80', - virtual_docroot => '/var/www/%-2+', - docroot => '/var/www', - serveraliases => ['*.loc',], - } -``` +~~~ puppet +apache::vhost { 'redirect.example.com non-ssl': + servername => 'redirect.example.com', + port => '80', + docroot => '/var/www/redirect', + redirect_status => 'permanent', + redirect_dest => 'https://redirect.example.com/' +} -To set up a virtual host with suPHP +apache::vhost { 'redirect.example.com ssl': + servername => 'redirect.example.com', + port => '443', + docroot => '/var/www/redirect', + ssl => true, +} +~~~ -```puppet - apache::vhost { 'suphp.example.com': - port => '80', - docroot => '/home/appuser/myphpapp', - suphp_addhandler => 'x-httpd-php', - suphp_engine => 'on', - suphp_configpath => '/etc/php5/apache2', - directories => { path => '/home/appuser/myphpapp', - 'suphp' => { user => 'myappuser', group => 'myappgroup' }, - } - } -``` +#### Configuring virtual host port and address bindings -To set up a virtual host with WSGI +Virtual hosts listen on all IP addresses ('*') by default. To configure the virtual host to listen on a specific IP address, use the [`ip`][] parameter: -```puppet - apache::vhost { 'wsgi.example.com': - port => '80', - docroot => '/var/www/pythonapp', - wsgi_application_group => '%{GLOBAL}', - wsgi_daemon_process => 'wsgi', - wsgi_daemon_process_options => { - processes => '2', - threads => '15', - display-name => '%{GROUP}', - }, - wsgi_import_script => '/var/www/demo.wsgi', - wsgi_import_script_options => - { process-group => 'wsgi', application-group => '%{GLOBAL}' }, - wsgi_process_group => 'wsgi', - wsgi_script_aliases => { '/' => '/var/www/demo.wsgi' }, - } -``` +~~~ puppet +apache::vhost { 'ip.example.com': + ip => '127.0.0.1', + port => '80', + docroot => '/var/www/ip', +} +~~~ -Starting in Apache 2.2.16, HTTPD supports [FallbackResource](https://httpd.apache.org/docs/current/mod/mod_dir.html#fallbackresource), a simple replacement for common RewriteRules. +To configure a virtual host with [aliased servers][], refer to the aliases using the [`serveraliases`][] parameter: -```puppet - apache::vhost { 'wordpress.example.com': - port => '80', - docroot => '/var/www/wordpress', - fallbackresource => '/index.php', - } -``` +~~~ puppet +apache::vhost { 'aliases.example.com': + serveraliases => [ + 'aliases.example.org', + 'aliases.example.net', + ], + port => '80', + docroot => '/var/www/aliases', +} +~~~ + +To set up a virtual host with a wildcard alias for the subdomain mapped to a same-named directory, such as 'http://example.com.loc' mapped to `/var/www/example.com`, define the wildcard alias using the [`serveraliases`][] parameter and the document root with the [`virtual_docroot`][] parameter: + +~~~ puppet +apache::vhost { 'subdomain.loc': + vhost_name => '*', + port => '80', + virtual_docroot => '/var/www/%-2+', + docroot => '/var/www', + serveraliases => ['*.loc',], +} +~~~ + +To configure a virtual host with [filter rules][], pass the filter directives as an [array][] using the [`filters`][] parameter: + +~~~ puppet +apache::vhost { 'subdomain.loc': + port => '80', + filters => [ + 'FilterDeclare COMPRESS', + 'FilterProvider COMPRESS DEFLATE resp=Content-Type $text/html', + 'FilterChain COMPRESS', + 'FilterProtocol COMPRESS DEFLATE change=yes;byteranges=no', + ], + docroot => '/var/www/html', +} +~~~ + +#### Configuring virtual hosts for apps and processors + +To set up a virtual host with [suPHP][], use the [`suphp_engine`][] parameter to enable the suPHP engine, [`suphp_addhandler`][] parameter to define a MIME type, [`suphp_configpath`][] to set which path suPHP passes to the PHP interpreter, and the [`directory`][] parameter to configure Directory, File, and Location directive blocks: + +~~~ puppet +apache::vhost { 'suphp.example.com': + port => '80', + docroot => '/home/appuser/myphpapp', + suphp_addhandler => 'x-httpd-php', + suphp_engine => 'on', + suphp_configpath => '/etc/php5/apache2', + directories => [ + { 'path' => '/home/appuser/myphpapp', + 'suphp' => { + user => 'myappuser', + group => 'myappgroup', + }, + }, + ], +} +~~~ + +You can use a set of parameters to configure a virtual host to use the [Web Server Gateway Interface][] (WSGI) for [Python][] applications: + +~~~ puppet +apache::vhost { 'wsgi.example.com': + port => '80', + docroot => '/var/www/pythonapp', + wsgi_application_group => '%{GLOBAL}', + wsgi_daemon_process => 'wsgi', + wsgi_daemon_process_options => { + processes => '2', + threads => '15', + display-name => '%{GROUP}', + }, + wsgi_import_script => '/var/www/demo.wsgi', + wsgi_import_script_options => { + process-group => 'wsgi', + application-group => '%{GLOBAL}', + }, + wsgi_process_group => 'wsgi', + wsgi_script_aliases => { '/' => '/var/www/demo.wsgi' }, +} +~~~ + +Starting in Apache 2.2.16, Apache supports [FallbackResource][], a simple replacement for common RewriteRules. You can set a FallbackResource using the [`fallbackresource`][] parameter: + +~~~ puppet +apache::vhost { 'wordpress.example.com': + port => '80', + docroot => '/var/www/wordpress', + fallbackresource => '/index.php', +} +~~~ + +**Note**: The `fallbackresource` parameter only supports the 'disabled' value since Apache 2.2.24. -Please note that the 'disabled' argument to FallbackResource is only supported since Apache 2.2.24. +To configure a virtual host with a designated directory for [Common Gateway Interface][] (CGI) files, use the [`scriptalias`][] parameter to define the `cgi-bin` path: -See a list of all [virtual host parameters](#defined-type-apachevhost). See an extensive list of [virtual host examples](#virtual-host-examples). +~~~ puppet +apache::vhost { 'cgi.example.com': + port => '80', + docroot => '/var/www/cgi', + scriptalias => '/usr/lib/cgi-bin', +} +~~~ + +To configure a virtual host for [Rack][], use the [`rack_base_uris`][] parameter: + +~~~ puppet +apache::vhost { 'rack.example.com': + port => '80', + docroot => '/var/www/rack', + rack_base_uris => ['/rackapp1', '/rackapp2'], +} +~~~ + +#### Configuring IP-based virtual hosts + +You can configure [IP-based virtual hosts][] to listen on any port and have them respond to requests on specific IP addresses. In this example, we set the server to listen on ports 80 and 81 because the example virtual hosts are _not_ declared with a [`port`][] parameter: + +~~~ puppet +apache::listen { '80': } + +apache::listen { '81': } +~~~ + +Then we configure the IP-based virtual hosts with the [`ip_based`][] parameter: + +~~~ puppet +apache::vhost { 'first.example.com': + ip => '10.0.0.10', + docroot => '/var/www/first', + ip_based => true, +} + +apache::vhost { 'second.example.com': + ip => '10.0.0.11', + docroot => '/var/www/second', + ip_based => true, +} +~~~ + +You can also configure a mix of IP- and [name-based virtual hosts][], and in any combination of [SSL][SSL encryption] and unencrypted configurations. First, we add two IP-based virtual hosts on an IP address (in this example, 10.0.0.10). One uses SSL and the other is unencrypted: + +~~~ puppet +apache::vhost { 'The first IP-based virtual host, non-ssl': + servername => 'first.example.com', + ip => '10.0.0.10', + port => '80', + ip_based => true, + docroot => '/var/www/first', +} + +apache::vhost { 'The first IP-based vhost, ssl': + servername => 'first.example.com', + ip => '10.0.0.10', + port => '443', + ip_based => true, + docroot => '/var/www/first-ssl', + ssl => true, +} +~~~ + +Next, we add two name-based virtual hosts listening on a second IP address (10.0.0.20): + +~~~ puppet +apache::vhost { 'second.example.com': + ip => '10.0.0.20', + port => '80', + docroot => '/var/www/second', +} + +apache::vhost { 'third.example.com': + ip => '10.0.0.20', + port => '80', + docroot => '/var/www/third', +} +~~~ + +To add name-based virtual hosts that answer on either 10.0.0.10 or 10.0.0.20, you **must** set the [`add_listen`][] parameter to 'false' to disable the default Apache setting of `Listen 80`, as it conflicts with the preceding IP-based virtual hosts. + +~~~ puppet +apache::vhost { 'fourth.example.com': + port => '80', + docroot => '/var/www/fourth', + add_listen => false, +} + +apache::vhost { 'fifth.example.com': + port => '80', + docroot => '/var/www/fifth', + add_listen => false, +} +~~~ + +### Installing Apache modules + +There's two ways to install [Apache modules][] using the Puppet apache module: + +- Use the [`apache::mod::`][] classes to [install specific Apache modules with parameters][Installing specific modules]. +- Use the [`apache::mod`][] define to [install arbitrary Apache modules][Installing arbitrary modules]. + +#### Installing specific modules + +The Puppet apache module supports installing many common [Apache modules][], often with parameterized configuration options. For a list of supported Apache modules, see the [`apache::mod::`][] class references. + +For example, you can install the `mod_ssl` Apache module with default settings by declaring the [`apache::mod::ssl`][] class: + +~~~ puppet +class { 'apache::mod::ssl': } +~~~ + +[`apache::mod::ssl`][] has several parameterized options that you can set when declaring it. For instance, to enable `mod_ssl` with compression enabled, set the [`ssl_compression`][] parameter to 'true': + +~~~ puppet +class { 'apache::mod::ssl': + ssl_compression => true, +} +~~~ + +Note that some modules have prerequisites, which are documented in their references under [`apache::mod::`][]. + +#### Installing arbitrary modules + +You can pass the name of any module that your operating system's package manager can install to the [`apache::mod`][] define to install it. Unlike the specific-module classes, the [`apache::mod`][] define doesn't tailor the installation based on other installed modules or with specific parameters---Puppet only grabs and installs the module's package, leaving detailed configuration up to you. + +For example, to install the [`mod_authnz_external`][] Apache module, declare the define with the 'mod_authnz_external' name: + +~~~ puppet +apache::mod { 'mod_authnz_external': } +~~~ -##Usage +There's several optional parameters you can specify when defining Apache modules this way. See the [define's reference][`apache::mod`] for details. -###Classes and Defined Types +### Configuring FastCGI servers to handle PHP files -This module modifies Apache configuration files and directories and purges any configuration not managed by Puppet. Configuration of Apache should be managed by Puppet, as non-Puppet configuration files can cause unexpected failures. +Add the [`apache::fastcgi::server`][] define to allow [FastCGI][] servers to handle requests for specific files. For example, the following defines a FastCGI server at 127.0.0.1 (localhost) on port 9000 to handle PHP requests: -It is possible to temporarily disable full Puppet management by setting the [`purge_configs`](#purge_configs) parameter within the base `apache` class to 'false'. This option should only be used as a temporary means of saving and relocating customized configurations. See the [`purge_configs` parameter](#purge_configs) for more information. +~~~ puppet +apache::fastcgi::server { 'php': + host => '127.0.0.1:9000', + timeout => 15, + flush => false, + faux_path => '/var/www/php.fcgi', + fcgi_alias => '/php.fcgi', + file_type => 'application/x-httpd-php' +} +~~~ + +You can then use the [`custom_fragment`] parameter to configure the virtual host to have the FastCGI server handle the specified file type: + +~~~ puppet +apache::vhost { 'www': + ... + custom_fragment => 'AddType application/x-httpd-php .php' + ... +} +~~~ + +### Load balancing examples -####Class: `apache` +Apache supports load balancing across groups of servers through the [`mod_proxy`][] Apache module. Puppet supports configuring Apache load balancing groups (also known as balancer clusters) through the [`apache::balancer`][] and [`apache::balancermember`][] defines. -The apache module's primary class, `apache`, guides the basic setup of Apache on your system. +To enable load balancing with [exported resources][], export the [`apache::balancermember`][] define from the load balancer member server: -You can establish a default vhost in this class, the `vhost` class, or both. You can add additional vhost configurations for specific virtual hosts using a declaration of the `vhost` type. +~~~ puppet +@@apache::balancermember { "${::fqdn}-puppet00": + balancer_cluster => 'puppet00', + url => "ajp://${::fqdn}:8009", + options => ['ping=5', 'disablereuse=on', 'retry=5', 'ttl=120'], +} +~~~ + +Then, on the proxy server, create the load balancing group: + +~~~ puppet +apache::balancer { 'puppet00': } +~~~ + +To enable load balancing without exporting resources, declare the following on the proxy server: + +~~~ puppet +apache::balancer { 'puppet00': } + +apache::balancermember { "${::fqdn}-puppet00": + balancer_cluster => 'puppet00', + url => "ajp://${::fqdn}:8009", + options => ['ping=5', 'disablereuse=on', 'retry=5', 'ttl=120'], + } +~~~ + +Then declare the `apache::balancer` and `apache::balancermember` defines on the proxy server. + +If you need to use the [ProxySet](http://httpd.apache.org/docs/current/mod/mod_proxy.html#proxyset) directive on the balancer, use the [`proxy_set`](#proxy_set) parameter of `apache::balancer`: + +~~~ puppet +apache::balancer { 'puppet01': + proxy_set => { + 'stickysession' => 'JSESSIONID', + }, +} +~~~ + +## Reference + +- [**Public Classes**](#public-classes) + - [Class: apache](#class-apache) + - [Class: apache::dev](#class-apachedev) + - [Classes: apache::mod::*](#classes-apachemodname) +- [**Private Classes**](#private-classes) + - [Class: apache::confd::no_accf](#class-apacheconfdno_accf) + - [Class: apache::default_confd_files](#class-apachedefault_confd_files) + - [Class: apache::default_mods](#class-apachedefault_mods) + - [Class: apache::package](#class-apachepackage) + - [Class: apache::params](#class-apacheparams) + - [Class: apache::service](#class-apacheservice) + - [Class: apache::version](#class-apacheversion) +- [**Public Defines**](#public-defines) + - [Define: apache::balancer](#define-apachebalancer) + - [Define: apache::balancermember](#define-apachebalancermember) + - [Define: apache::custom_config](#define-apachecustom_config) + - [Define: apache::fastcgi::server](#define-fastcgi-server) + - [Define: apache::listen](#define-apachelisten) + - [Define: apache::mod](#define-apachemod) + - [Define: apache::namevirtualhost](#define-apachenamevirtualhost) + - [Define: apache::vhost](#define-apachevhost) +- [**Private Defines**](#private-defines) + - [Define: apache::default_mods::load](#define-default_mods-load) + - [Define: apache::peruser::multiplexer](#define-apacheperusermultiplexer) + - [Define: apache::peruser::processor](#define-apacheperuserprocessor) + - [Define: apache::security::file_link](#define-apachesecurityfile_link) +- [**Templates**](#templates) + +### Public Classes + +#### Class: `apache` + +Guides the basic setup and installation of Apache on your system. + +When this class is declared with the default options, Puppet: + +- Installs the appropriate Apache software package and [required Apache modules](#default_mods) for your operating system. +- Places the required configuration files in a directory, with the [default location](#conf_dir) determined by your operating system. +- Configures the server with a default virtual host and standard port ('80') and address ('*') bindings. +- Creates a document root directory determined by your operating system, typically `/var/www`. +- Starts the Apache service. + +You can simply declare the default `apache` class: + +~~~ puppet +class { 'apache': } +~~~ + +You can establish a default virtual host in this class, by using the [`apache::vhost`][] define, or both. You can also configure additional specific virtual hosts with the [`apache::vhost`][] define. Puppet recommends customizing the `apache` class's declaration with the following parameters, as its default settings are not optimized for production. **Parameters within `apache`:** -#####`allow_encoded_slashes` +##### `allow_encoded_slashes` -This sets the server default for the [`AllowEncodedSlashes` declaration](http://httpd.apache.org/docs/current/mod/core.html#allowencodedslashes) which modifies the responses to URLs with `\` and `/` characters. The default is undefined, which omits the declaration from the server configuration and select the Apache default setting of `Off`. Allowed values are: `on`, `off` or `nodecode`. +Sets the server default for the [`AllowEncodedSlashes`][] declaration, which modifies the responses to URLs containing '\' and '/' characters. Valid options: 'on', 'off', 'nodecode'. Default: 'undef', which omits the declaration from the server's configuration and uses Apache's default setting of 'off'. -#####`apache_version` +##### `apache_version` -Configures the behavior of the module templates, package names, and default mods by setting the Apache version. Default is determined by the class `apache::version` using the OS family and release. It should not be configured manually without special reason. +Configures module template behavior, package names, and default Apache modules by defining the version of Apache to use. Default: Determined by your operating system family and release via the [`apache::version`][] class. Puppet recommends against manually configuring this parameter without reason. -#####`conf_dir` +##### `conf_dir` -Changes the location of the configuration directory the main configuration file is placed in. Defaults to '/etc/httpd/conf' on RedHat, '/etc/apache2' on Debian, '/usr/local/etc/apache22' on FreeBSD, and '/etc/apache2' on Gentoo. +Sets the directory where the Apache server's main configuration file is located. Default: Depends on your operating system. -#####`confd_dir` +- **Debian**: `/etc/apache2` +- **FreeBSD**: `/usr/local/etc/apache22` +- **Gentoo**: `/etc/apache2` +- **Red Hat**: `/etc/httpd/conf` -Changes the location of the configuration directory your custom configuration files are placed in. Defaults to '/etc/httpd/conf' on RedHat, '/etc/apache2/conf.d' on Debian, '/usr/local/etc/apache22' on FreeBSD, and '/etc/apache2/conf.d' on Gentoo. +##### `conf_template` -#####`conf_template` +Defines the [template][] used for the main Apache configuration file. Default: `apache/httpd.conf.erb`. Modifying this parameter is potentially risky, as the apache Puppet module is designed to use a minimal configuration file customized by `conf.d` entries. -Overrides the template used for the main apache configuration file. Defaults to 'apache/httpd.conf.erb'. +##### `confd_dir` -*Note:* Using this parameter is potentially risky, as the module has been built for a minimal configuration file with the configuration primarily coming from conf.d/ entries. +Sets the location of the Apache server's custom configuration directory. Default: Depends on your operating system. -#####`default_charset` +- **Debian**: `/etc/apache2/conf.d` +- **FreeBSD**: `/usr/local/etc/apache22` +- **Gentoo**: `/etc/apache2/conf.d` +- **Red Hat**: `/etc/httpd/conf.d` -If defined, the value will be set as `AddDefaultCharset` in the main configuration file. It is undefined by default. +##### `default_charset` -#####`default_confd_files` +Used as the [`AddDefaultCharset`][] directive in the main configuration file. Default: 'undef'. -Generates default set of include-able Apache configuration files under `${apache::confd_dir}` directory. These configuration files correspond to what is usually installed with the Apache package on a given platform. +##### `default_confd_files` -#####`default_mods` +Determines whether Puppet generates a default set of includable Apache configuration files in the directory defined by the [`confd_dir`][] parameter. These configuration files correspond to what is typically installed with the Apache package on the server's operating system. Valid options: Boolean. Default: 'true'. -Sets up Apache with default settings based on your OS. Valid values are 'true', 'false', or an array of mod names. +##### `default_mods` -Defaults to 'true', which includes the default [HTTPD mods](https://github.com/puppetlabs/puppetlabs-apache/blob/master/manifests/default_mods.pp). +Determines whether to configure and enable a set of default [Apache modules][] depending on your operating system. Valid options: 'true', 'false', or an array of Apache module names. Default: 'true'. -If false, it only includes the mods required to make HTTPD work, and any other mods can be declared on their own. +If this parameter's value is 'false', Puppet only includes the Apache modules required to make the HTTP daemon work on your operating system, and you can declare any other modules separately using the [`apache::mod::`][] class or [`apache::mod`][] define. -If an array, the apache module includes the array of mods listed. +If 'true', Puppet installs additional modules, the list of which depends on the operating system as well as the [`apache_version`][] and [`mpm_module`][] parameters' values. As these lists of modules can change frequently, consult the [Puppet module's code][] for up-to-date lists. -#####`default_ssl_ca` +If this parameter contains an array, Puppet instead enables all passed Apache modules. -The default certificate authority, which is automatically set to 'undef'. This default works out of the box but must be updated with your specific certificate information before being used in production. +##### `default_ssl_ca` -#####`default_ssl_cert` +Sets the default certificate authority for the Apache server. Default: 'undef'. -The default SSL certification, which is automatically set based on your operating system ('/etc/pki/tls/certs/localhost.crt' for RedHat, '/etc/ssl/certs/ssl-cert-snakeoil.pem' for Debian, '/usr/local/etc/apache22/server.crt' for FreeBSD, and '/etc/ssl/apache2/server.crt' for Gentoo). This default works out of the box but must be updated with your specific certificate information before being used in production. +While this default value results in a functioning Apache server, you **must** update this parameter with your certificate authority information before deploying this server in a production environment. -#####`default_ssl_chain` +##### `default_ssl_cert` -The default SSL chain, which is automatically set to 'undef'. This default works out of the box but must be updated with your specific certificate information before being used in production. +Sets the [SSL encryption][] certificate location. Default: Determined by your operating system. -#####`default_ssl_crl` +- **Debian**: `/etc/ssl/certs/ssl-cert-snakeoil.pem` +- **FreeBSD**: `/usr/local/etc/apache22/server.crt` +- **Gentoo**: `/etc/ssl/apache2/server.crt` +- **Red Hat**: `/etc/pki/tls/certs/localhost.crt` -The default certificate revocation list to use, which is automatically set to 'undef'. This default works out of the box but must be updated with your specific certificate information before being used in production. +While the default value results in a functioning Apache server, you **must** update this parameter with your certificate location before deploying this server in a production environment. -#####`default_ssl_crl_path` +##### `default_ssl_chain` -The default certificate revocation list path, which is automatically set to 'undef'. This default works out of the box but must be updated with your specific certificate information before being used in production. +Sets the default [SSL chain][] location. Default: 'undef'. -#####`default_ssl_crl_check` +While this default value results in a functioning Apache server, you **must** update this parameter with your SSL chain before deploying this server in a production environment. -Sets the default certificate revocation check level via the [SSLCARevocationCheck directive](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcarevocationcheck), which is automatically set to 'undef'. This default works out of the box but must be specified when using CRLs in production. Only applicable to Apache 2.4 or higher, the value is ignored on older versions. +##### `default_ssl_crl` -#####`default_ssl_key` +Sets the path of the default [certificate revocation list][] (CRL) file to use. Default: 'undef'. -The default SSL key, which is automatically set based on your operating system ('/etc/pki/tls/private/localhost.key' for RedHat, '/etc/ssl/private/ssl-cert-snakeoil.key' for Debian, '/usr/local/etc/apache22/server.key' for FreeBSD, and '/etc/ssl/apache2/server.key' for Gentoo). This default works out of the box but must be updated with your specific certificate information before being used in production. +While this default value results in a functioning Apache server, you **must** update this parameter with your CRL file's path before deploying this server in a production environment. You can use this parameter with or in place of the [`default_ssl_crl_path`][]. -#####`default_ssl_vhost` +##### `default_ssl_crl_path` -Sets up a default SSL virtual host. Defaults to 'false'. If set to 'true', sets up the following vhost: +Sets the server's [certificate revocation list path][], which contains your CRLs. Default: 'undef'. -```puppet - apache::vhost { 'default-ssl': - port => 443, - ssl => true, - docroot => $docroot, - scriptalias => $scriptalias, - serveradmin => $serveradmin, - access_log_file => "ssl_${access_log_file}", - } -``` +While this default value results in a functioning Apache server, you **must** update this parameter with the CRL path before deploying this server in a production environment. -SSL vhosts only respond to HTTPS queries. +##### `default_ssl_crl_check` -#####`default_type` +Sets the default certificate revocation check level via the [`SSLCARevocationCheck`][] directive. Default: 'undef'. -(Apache httpd 2.2 only) MIME content-type that will be sent if the server cannot determine a type in any other way. This directive has been deprecated in Apache httpd 2.4, and only exists there for backwards compatibility of configuration files. +While this default value results in a functioning Apache server, you **must** specify this parameter when using certificate revocation lists in a production environment. -#####`default_vhost` +This parameter only applies to Apache 2.4 or higher and is ignored on older versions. -Sets up a default virtual host. Defaults to 'true', set to 'false' to set up [customized virtual hosts](#configure-a-virtual-host). +##### `default_ssl_key` -#####`docroot` +Sets the [SSL certificate key file][] location. Default: Determined by your operating system. -Changes the location of the default [Documentroot](https://httpd.apache.org/docs/current/mod/core.html#documentroot). Defaults to '/var/www/html' on RedHat, '/var/www' on Debian, '/usr/local/www/apache22/data' on FreeBSD, and '/var/www/localhost/htdocs' on Gentoo. +- **Debian**: `/etc/ssl/private/ssl-cert-snakeoil.key` +- **FreeBSD**: `/usr/local/etc/apache22/server.key` +- **Gentoo**: `/etc/ssl/apache2/server.key` +- **Red Hat**: `/etc/pki/tls/private/localhost.key` -#####`error_documents` +While these default values result in a functioning Apache server, you **must** update this parameter with your SSL key's location before deploying this server in a production environment. -Enables custom error documents. Defaults to 'false'. +##### `default_ssl_vhost` -#####`group` +Configures a default [SSL][SSL encryption] virtual host. Valid options: Boolean. Default: 'false'. -Changes the group that Apache will answer requests as. The parent process will continue to be run as root, but resource accesses by child processes will be done under this group. By default, puppet will attempt to manage this group as a resource under `::apache`. If this is not what you want, set [`manage_group`](#manage_group) to 'false'. Defaults to the OS-specific default user for apache, as detected in `::apache::params`. +If 'true', Puppet automatically configures the following virtual host using the [`apache::vhost`][] define: -#####`httpd_dir` +~~~ puppet +apache::vhost { 'default-ssl': + port => 443, + ssl => true, + docroot => $docroot, + scriptalias => $scriptalias, + serveradmin => $serveradmin, + access_log_file => "ssl_${access_log_file}", + } +~~~ -Changes the base location of the configuration directories used for the apache service. This is useful for specially repackaged HTTPD builds, but might have unintended consequences when used in combination with the default distribution packages. Defaults to '/etc/httpd' on RedHat, '/etc/apache2' on Debian, '/usr/local/etc/apache22' on FreeBSD, and '/etc/apache2' on Gentoo. +**Note**: SSL virtual hosts only respond to HTTPS queries. -#####`keepalive` +##### `default_type` -Enables persistent connections. +_Apache 2.2 only_. Sets the [MIME `content-type`][] sent if the server cannot otherwise determine an appropriate `content-type`. This directive is deprecated in Apache 2.4 and newer and only exists for backwards compatibility in configuration files. Default: 'undef'. -#####`keepalive_timeout` +##### `default_vhost` -Sets the amount of time the server waits for subsequent requests on a persistent connection. Defaults to '15'. +Configures a default virtual host when the class is declared. Valid options: Boolean. Default: 'true'. -#####`max_keepalive_requests` +To configure [customized virtual hosts][Configuring virtual hosts], set this parameter's value to 'false'. -Sets the limit of the number of requests allowed per connection when KeepAlive is on. Defaults to '100'. +##### `docroot` -#####`lib_path` +Sets the default [`DocumentRoot`][] location. Default: Determined by your operating system. -Specifies the location where apache module files are stored. It should not be configured manually without special reason. +- **Debian**: `/var/www` +- **FreeBSD**: `/usr/local/www/apache22/data` +- **Gentoo**: `/var/www/localhost/htdocs` +- **Red Hat**: `/var/www/html` -#####`loadfile_name` +##### `error_documents` -Sets the file name for the module loadfile. Should be in the format \*.load. This can be used to set the module load order. +Determines whether to enable [custom error documents][] on the Apache server. Valid options: Boolean. Default: 'false'. -#####`log_level` +##### `group` -Changes the verbosity level of the error log. Defaults to 'warn'. Valid values are 'emerg', 'alert', 'crit', 'error', 'warn', 'notice', 'info', or 'debug'. +Sets the group ID that owns any Apache processes spawned to answer requests. -#####`log_formats` +By default, Puppet attempts to manage this group as a resource under the `apache` class, determining the group based on the operating system as detected by the [`apache::params`][] class. To to prevent the group resource from being created and use a group created by another Puppet module, set the [`manage_group`][] parameter's value to 'false'. -Define additional [LogFormats](https://httpd.apache.org/docs/current/mod/mod_log_config.html#logformat). This is done in a Hash: +**Note**: Modifying this parameter only changes the group ID that Apache uses to spawn child processes to access resources. It does not change the user that owns the parent server process. -```puppet - $log_formats = { vhost_common => '%v %h %l %u %t \"%r\" %>s %b' } -``` +##### `httpd_dir` + +Sets the Apache server's base configuration directory. This is useful for specially repackaged Apache server builds but might have unintended consequences when combined with the default distribution packages. Default: Determined by your operating system. + +- **Debian**: `/etc/apache2` +- **FreeBSD**: `/usr/local/etc/apache22` +- **Gentoo**: `/etc/apache2` +- **Red Hat**: `/etc/httpd` + +##### `keepalive` + +Determines whether to enable persistent HTTP connections with the [`KeepAlive`][] directive. Valid options: 'Off', 'On'. Default: 'Off'. + +If 'On', use the [`keepalive_timeout`][] and [`max_keepalive_requests`][] parameters to set relevant options. + +##### `keepalive_timeout` + +Sets the [`KeepAliveTimeout`] directive, which determines the amount of time the Apache server waits for subsequent requests on a persistent HTTP connection. Default: '15'. + +This parameter is only relevant if the [`keepalive` parameter][] is enabled. + +##### `max_keepalive_requests` -There are a number of predefined LogFormats in the httpd.conf that Puppet writes out: +Limits the number of requests allowed per connection when the [`keepalive` parameter][] is enabled. Default: '100'. -```httpd +##### `lib_path` + +Specifies the location where [Apache module][Apache modules] files are stored. Default: Depends on the operating system. + +- **Debian** and **Gentoo**: `/usr/lib/apache2/modules` +- **FreeBSD**: `/usr/local/libexec/apache24` +- **Red Hat**: `modules` + +**Note**: Do not configure this parameter manually without special reason. + +##### `loadfile_name` + +Sets the [`LoadFile`] directive's filename. Valid options: Filenames in the format `\*.load`. + +This can be used to set the module load order. + +##### `log_level` + +Changes the error log's verbosity. Valid options: 'alert', 'crit', 'debug', 'emerg', 'error', 'info', 'notice', 'warn'. Default: 'warn'. + +##### `log_formats` + +Define additional [`LogFormat`][] directives. Valid options: A [Hash][], such as: + +~~~ puppet +$log_formats = { vhost_common => '%v %h %l %u %t \"%r\" %>s %b' } +~~~ + +There are a number of predefined `LogFormats` in the `httpd.conf` that Puppet creates: + +~~~ httpd LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined LogFormat "%h %l %u %t \"%r\" %>s %b" common LogFormat "%{Referer}i -> %U" referer LogFormat "%{User-agent}i" agent -``` +~~~ -If your `$log_formats` contains one of those, they will be overwritten with **your** definition. +If your `log_formats` parameter contains one of those, it will be overwritten with **your** definition. -#####`logroot` +##### `logroot` -Changes the directory where Apache log files for the virtual host are placed. Defaults to '/var/log/httpd' on RedHat, '/var/log/apache2' on Debian, '/var/log/apache22' on FreeBSD, and '/var/log/apache2' on Gentoo. +Changes the directory of Apache log files for the virtual host. Default: Determined by your operating system. -#####`logroot_mode` +- **Debian**: `/var/log/apache2` +- **FreeBSD**: `/var/log/apache22` +- **Gentoo**: `/var/log/apache2` +- **Red Hat**: `/var/log/httpd` -Overrides the mode the default logroot directory is set to ($::apache::logroot). Defaults to undef. Do NOT give people write access to the directory the logs are stored -in without being aware of the consequences; see http://httpd.apache.org/docs/2.4/logs.html#security for details. +##### `logroot_mode` -#####`manage_group` +Overrides the default [`logroot`][] directory's mode. Default: 'undef'. -Setting this to 'false' stops the group resource from being created. This is for when you have a group, created from another Puppet module, you want to use to run Apache. Without this parameter, attempting to use a previously established group would result in a duplicate resource error. +**Note**: Do _not_ grant write access to the directory where the logs are stored without being aware of the consequences. See the [Apache documentation][Log security] for details. -#####`manage_user` +##### `manage_group` -Setting this to 'false' stops the user resource from being created. This is for instances when you have a user, created from another Puppet module, you want to use to run Apache. Without this parameter, attempting to use a previously established user would result in a duplicate resource error. +When 'false', stops Puppet from creating the group resource. Valid options: Boolean. Default: 'true'. -#####`mod_dir` +If you have a group created from another Puppet module that you want to use to run Apache, set this to 'false'. Without this parameter, attempting to use a previously established group results in a duplicate resource error. -Changes the location of the configuration directory your Apache modules configuration files are placed in. Defaults to '/etc/httpd/conf.d' for RedHat, '/etc/apache2/mods-available' for Debian, '/usr/local/etc/apache22/Modules' for FreeBSD, and '/etc/apache2/modules.d' on Gentoo. +##### `manage_user` -#####`mpm_module` +When 'false', stops Puppet from creating the user resource. Valid options: Boolean. Default: 'true'. -Determines which MPM is loaded and configured for the HTTPD process. Valid values are 'event', 'itk', 'peruser', 'prefork', 'worker', or 'false'. Defaults to 'prefork' on RedHat, FreeBSD and Gentoo, and 'worker' on Debian. Must be set to 'false' to explicitly declare the following classes with custom parameters: +This is for instances when you have a user, created from another Puppet module, you want to use to run Apache. Without this parameter, attempting to use a previously established user would result in a duplicate resource error. -* `apache::mod::event` -* `apache::mod::itk` -* `apache::mod::peruser` -* `apache::mod::prefork` -* `apache::mod::worker` +##### `mod_dir` -*Note:* Switching between different MPMs on FreeBSD is possible but quite difficult. Before changing `$mpm_module` you must uninstall all packages that depend on your currently-installed Apache. +Sets where Puppet places configuration files for your [Apache modules][]. Default: Determined by your operating system. -#####`package_ensure` +- **Debian**: `/etc/apache2/mods-available` +- **FreeBSD**: `/usr/local/etc/apache22/Modules` +- **Gentoo**: `/etc/apache2/modules.d` +- **Red Hat**: `/etc/httpd/conf.d` -Allows control over the package ensure attribute. Can be 'present','absent', or a version string. +##### `mpm_module` -#####`ports_file` +Determines which [multi-processing module][] (MPM) is loaded and configured for the HTTPD process. Valid options: 'event', 'itk', 'peruser', 'prefork', 'worker', or 'false'. Default: Determined by your operating system. -Changes the name of the file containing Apache ports configuration. Default is `${conf_dir}/ports.conf`. +- **Debian**: `worker` +- **FreeBSD, Gentoo, and Red Hat**: `prefork` -#####`purge_configs` +You must set this to 'false' to explicitly declare the following classes with custom parameters: -Removes all other Apache configs and vhosts, defaults to 'true'. Setting this to 'false' is a stopgap measure to allow the apache module to coexist with existing or otherwise-managed configuration. It is recommended that you move your configuration entirely to resources within this module. +- [`apache::mod::event`][] +- [`apache::mod::itk`][] +- [`apache::mod::peruser`][] +- [`apache::mod::prefork`][] +- [`apache::mod::worker`][] -#####`purge_vhost_configs` +**Note**: Switching between different MPMs on FreeBSD is possible but quite difficult. Before changing `mpm_module`, you must uninstall all packages that depend on your installed Apache server. -If `vhost_dir` != `confd_dir`, this controls the removal of any configurations that are not managed by Puppet within `vhost_dir`. It defaults to the value of `purge_configs`. Setting this to false is a stopgap measure to allow the apache module to coexist with existing or otherwise unmanaged configurations within `vhost_dir` +##### `package_ensure` -#####`sendfile` +Controls the `package` resource's [`ensure`][] attribute. Valid options: 'absent', 'installed' (or the equivalent 'present'), or a version string. Default: 'installed'. -Makes Apache use the Linux kernel sendfile to serve static files. Defaults to 'On'. +##### `pidfile` -#####`serveradmin` +Allows settting a custom location for the pid file - useful if using a custom built Apache rpm. Defaults to 'run/httpd.pid' on RedHat, '/var/run/httpd.pid on FreeBSD and '\${APACHE_PID_FILE}' on Debian. -Sets the server administrator. Defaults to 'root@localhost'. +##### `ports_file` -#####`servername` +Sets the path to the file containing Apache ports configuration. Default: `{$conf_dir}/ports.conf`. -Sets the server name. Defaults to `fqdn` provided by Facter. +##### `purge_configs` -#####`server_root` +Removes all other Apache configs and virtual hosts. Valid options: Boolean. Default: 'true'. -Sets the root directory in which the server resides. Defaults to '/etc/httpd' on RedHat, '/etc/apache2' on Debian, '/usr/local' on FreeBSD, and '/var/www' on Gentoo. +Setting this to 'false' is a stopgap measure to allow the apache Puppet module to coexist with existing or unmanaged configurations. We recommend moving your configuration to resources within this module. For virtual host configurations, see [`purge_vhost_dir`][]. -#####`server_signature` +##### `purge_vhost_dir` -Configures a trailing footer line under server-generated documents. More information about [ServerSignature](http://httpd.apache.org/docs/current/mod/core.html#serversignature). Defaults to 'On'. +If the [`vhost_dir`][] parameter's value differs from the [`confd_dir`][] parameter's, the Boolean parameter `purge_vhost_dir` determines whether Puppet removes any configurations inside `vhost_dir` _not_ managed by Puppet. Default: same as [`purge_configs`][]. -#####`server_tokens` +Setting `purge_vhost_dir` to 'false' is a stopgap measure to allow the apache Puppet module to coexist with existing or otherwise unmanaged configurations within `vhost_dir`. -Controls how much information Apache sends to the browser about itself and the operating system. More information about [ServerTokens](http://httpd.apache.org/docs/current/mod/core.html#servertokens). Defaults to 'OS'. +##### `sendfile` -#####`service_enable` +Forces Apache to use the Linux kernel's `sendfile` support to serve static files, via the [`EnableSendfile`][] directive. Valid options: 'On', 'Off'. Default: 'On'. -Determines whether the HTTPD service is enabled when the machine is booted. Defaults to 'true'. +##### `serveradmin` -#####`service_ensure` +Sets the Apache server administrator's contact information via Apache's [`ServerAdmin`][] directive. Default: 'root@localhost'. -Determines whether the service should be running. Valid values are 'true', 'false', 'running', or 'stopped' when Puppet should manage the service. Any other value sets ensure to 'false' for the Apache service, which is useful when you want to let the service be managed by some other application like Pacemaker. Defaults to 'running'. +##### `servername` -#####`service_name` +Sets the Apache server name via Apache's [`ServerName`][] directive. Default: the 'fqdn' fact reported by [Facter][]. -Name of the Apache service to run. Defaults to: 'httpd' on RedHat, 'apache2' on Debian and Gentoo, and 'apache22' on FreeBSD. +##### `server_root` -#####`service_manage` +Sets the Apache server's root directory via Apache's [`ServerRoot`][] directive. Default: determined by your operating system. -Determines whether the HTTPD service state is managed by Puppet . Defaults to 'true'. +- **Debian**: `/etc/apache2` +- **FreeBSD**: `/usr/local` +- **Gentoo**: `/var/www` +- **Red Hat**: `/etc/httpd` -#####`service_restart` +##### `server_signature` -Determines whether the HTTPD service restart command should be anything other than the default managed by Puppet. Defaults to undef. +Configures a trailing footer line to display at the bottom of server-generated documents, such as error documents and output of certain [Apache modules][], via Apache's [`ServerSignature`][] directive. Valid options: 'Off', 'On'. Default: 'On'. +##### `server_tokens` -#####`trace_enable` +Controls how much information Apache sends to the browser about itself and the operating system, via Apache's [`ServerTokens`][] directive. Defaults to 'OS'. -Controls how TRACE requests per RFC 2616 are handled. More information about [TraceEnable](http://httpd.apache.org/docs/current/mod/core.html#traceenable). Defaults to 'On'. +##### `service_enable` -#####`vhost_dir` +Determines whether Puppet enables the Apache HTTPD service when the system is booted. Valid options: Boolean. Default: 'true'. -Changes the location of the configuration directory your virtual host configuration files are placed in. Defaults to 'etc/httpd/conf.d' on RedHat, '/etc/apache2/sites-available' on Debian, '/usr/local/etc/apache22/Vhosts' on FreeBSD, and '/etc/apache2/vhosts.d' on Gentoo. +##### `service_ensure` -#####`user` +Determines whether Puppet should make sure the service is running. Valid options: 'true' (equivalent to 'running'), 'false' (equivalent to 'stopped'). Default: 'running'. -Changes the user that Apache will answer requests as. The parent process will continue to be run as root, but resource accesses by child processes will be done under this user. By default, puppet will attept to manage this user as a resource under `::apache`. If this is not what you want, set [`manage_user`](#manage_user) to 'false'. Defaults to the OS-specific default user for apache, as detected in `::apache::params`. +The 'false' or 'stopped' values set the 'httpd' service resource's `ensure` parameter to 'false', which is useful when you want to let the service be managed by another application, such as Pacemaker. -#####`apache_name` +##### `service_name` -The name of the Apache package to install. This is automatically detected in `::apache::params`. You might need to override this if you are using a non-standard Apache package, such as those from Red Hat's software collections. +Sets the name of the Apache service. Default: determined by your operating system. -####Defined Type: `apache::custom_config` +- **Debian and Gentoo**: `apache2` +- **FreeBSD**: `apache22` +- **Red Hat**: `httpd` -Allows you to create custom configs for Apache. The configuration files are only added to the Apache confd dir if the file is valid. An error is raised during the Puppet run if the file is invalid and `$verify_config` is `true`. +##### `service_manage` -```puppet - apache::custom_config { 'test': - content => '# Test', - } -``` +Determines whether Puppet manages the HTTPD service's state. Default: 'true'. -**Parameters within `apache::custom_config`:** +##### `service_restart` -#####`ensure` +Determines whether Puppet should use a specific command to restart the HTTPD service. Valid options: a command to restart the Apache service. Default: 'undef', which uses the [default Puppet behavior][Service attribute restart]. -Specify whether the configuration file is present or absent. Defaults to 'present'. Valid values are 'present' and 'absent'. +##### `timeout` -#####`confdir` +Sets Apache's [`TimeOut`][] directive, which defines the number of seconds Apache waits for certain events before failing a request. Defaults to 120. -The directory to place the configuration file in. Defaults to `$::apache::confd_dir`. +##### `trace_enable` -#####`content` +Controls how Apache handles `TRACE` requests (per [RFC 2616][]) via the [`TraceEnable`][] directive. Valid options: 'Off', 'On'. Default: 'On'. -The content of the configuration file. Only one of `$content` and `$source` can be specified. +##### `use_systemd` -#####`priority` +Controls whether the systemd module should be installed on Centos 7 servers, this is especially useful if using custom built rpms. This can either be 'true' or 'false, defaults to 'true'. -The priority of the configuration file, used for ordering. Defaults to '25'. +##### `vhost_dir` -Pass priority `false` to omit the priority prefix in file names. +Changes your virtual host configuration files' location. Default: determined by your operating system. -#####`source` +- **Debian**: `/etc/apache2/sites-available` +- **FreeBSD**: `/usr/local/etc/apache22/Vhosts` +- **Gentoo**: `/etc/apache2/vhosts.d` +- **Red Hat**: `/etc/httpd/conf.d` -The source of the configuration file. Only one of `$content` and `$source` can be specified. +##### `user` -#####`verify_command` +Changes the user Apache uses to answer requests. Apache's parent process will continue to be run as root, but child processes will access resources as the user defined by this parameter. -The command to use to verify the configuration file. It should use a fully qualified command. Defaults to '/usr/sbin/apachectl -t'. The `$verify_command` is only used if `$verify_config` is `true`. If the `$verify_command` fails, the configuration file is deleted, the Apache service is not notified, and an error is raised during the Puppet run. +Default: Puppet sets the default value via the [`apache::params`][] class, which manages the user based on your operating system: -#####`verify_config` +- **Debian**: 'www-data' +- **FreeBSD**: 'www' +- **Gentoo** and **Red Hat**: 'apache' -Boolean to specify whether the configuration file should be validated before the Apache service is notified. Defaults to `true`. +To prevent Puppet from managing the user, set the [`manage_user`][] parameter to 'false'. -####Class: `apache::default_mods` +##### `apache_name` -Installs default Apache modules based on what OS you are running. +The name of the Apache package to install. Default: Puppet sets the default value via the [`apache::params`][] class, which manages the user based on your operating system: -```puppet - class { 'apache::default_mods': } -``` +The default value is determined by your operating system: -####Defined Type: `apache::mod` +- **Debian**: 'apache2' +- **FreeBSD**: 'apache24' +- **Gentoo**: 'www-servers/apache' +- **Red Hat**: 'httpd' -Used to enable arbitrary Apache HTTPD modules for which there is no specific `apache::mod::[name]` class. The `apache::mod` defined type also installs the required packages to enable the module, if any. +You might need to override this if you are using a non-standard Apache package, such as those from Red Hat's software collections. -```puppet - apache::mod { 'rewrite': } - apache::mod { 'ldap': } -``` +#### Class: `apache::dev` + +Installs Apache development libraries. By default, the package name is defined by the [`dev_packages`][] parameter of the [`apache::params`][] class based on your operating system: + +The default value is determined by your operating system: -####Classes: `apache::mod::[name]` +- **Debian** : 'libaprutil1-dev', 'libapr1-dev'; 'apache2-dev' on Ubuntu 13.10 and Debian 8; 'apache2-prefork-dev' on other versions +- **FreeBSD**: 'undef'; see note below +- **Gentoo**: 'undef' +- **Red Hat**: 'httpd-devel' -There are many `apache::mod::[name]` classes within this module that can be declared using `include`: +**Note**: On FreeBSD, you must declare the `apache::package` or `apache` classes before declaring `apache::dev`. + +#### Classes: `apache::mod::` + +Enables specific [Apache modules][]. You can enable and configure an Apache module by declaring its class. For example, to install and enable [`mod_alias`][] with no icons, you can declare the [`apache::mod::alias`][] class with the `icons_options` parameter set to 'None': + +~~~ puppet +class { 'apache::mod::alias': + icons_options => 'None', +} +~~~ + +The following Apache modules have supported classes, many of which allow for parameterized configuration. You can install other Apache modules with the [`apache::mod`][] define. * `actions` -* `alias`(see [`apache::mod::alias`](#class-apachemodalias) below) +* `alias` (see [`apache::mod::alias`][]) * `auth_basic` -* `auth_cas`* (see [`apache::mod::auth_cas`](#class-apachemodauthcas) below) +* `auth_cas`* (see [`apache::mod::auth_cas`][]) +* `auth_mellon`* (see [`apache::mod::auth_mellon`][]) * `auth_kerb` * `authn_core` * `authn_file` @@ -575,12 +1195,13 @@ There are many `apache::mod::[name]` classes within this module that can be decl * `deflate` * `dev` * `dir`* -* `disk_cache` -* `event`(see [`apache::mod::event`](#class-apachemodevent) below) +* `disk_cache` (see [`apache::mod::disk_cache`][]) +* `event` (see [`apache::mod::event`][]) * `expires` * `fastcgi` * `fcgid` * `filter` +* `geoip` (see [`apache::mod::geoip`][]) * `headers` * `include` * `info`* @@ -590,11 +1211,11 @@ There are many `apache::mod::[name]` classes within this module that can be decl * `mime_magic`* * `negotiation` * `nss`* -* `pagespeed` (see [`apache::mod::pagespeed`](#class-apachemodpagespeed) below) +* `pagespeed` (see [`apache::mod::pagespeed`][]) * `passenger`* * `perl` * `peruser` -* `php` (requires [`mpm_module`](#mpm_module) set to `prefork`) +* `php` (requires [`mpm_module`][] set to `prefork`) * `prefork`* * `proxy`* * `proxy_ajp` @@ -608,558 +1229,580 @@ There are many `apache::mod::[name]` classes within this module that can be decl * `rpaf`* * `setenvif` * `security` -* `shib`* (see [`apache::mod::shib`](#class-apachemodshib) below) +* `shib`* (see [`apache::mod::shib`]) * `speling` -* `ssl`* (see [`apache::mod::ssl`](#class-apachemodssl) below) -* `status`* (see [`apache::mod::status`](#class-apachemodstatus) below) +* `ssl`* (see [`apache::mod::ssl`][]) +* `status`* (see [`apache::mod::status`][]) * `suphp` * `userdir`* +* `version` * `vhost_alias` * `worker`* -* `wsgi` (see [`apache::mod::wsgi`](#class-apachemodwsgi) below) +* `wsgi` (see [`apache::mod::wsgi`][]) * `xsendfile` -Modules noted with a * indicate that the module has settings and, thus, a template that includes parameters. These parameters control the module's configuration. Most of the time, these parameters do not require any configuration or attention. +Modules noted with a * indicate that the module has settings and a template that includes parameters to configure the module. Most Apache module class parameters have default values and don't require configuration. For modules with templates, Puppet installs template files with the module; these template files are required for the module to work. + +##### Class: `apache::mod::alias` + +Installs and manages [`mod_alias`][]. + +**Parameters within `apache::mod::alias`**: -The modules mentioned above, and other Apache modules that have templates, cause template files to be dropped along with the mod install. The module will not work without the template. Any module without a template installs the package but drops no files. +* `icons_options`: Disables directory listings for the icons directory, via Apache [`Options`] directive. Default: 'Indexes MultiViews'. +* `icons_path`: Sets the local path for an `/icons/` Alias. Default: depends on your operating system. -###Class: `apache::mod::alias` +- **Debian**: `/usr/share/apache2/icons` +- **FreeBSD**: `/usr/local/www/apache24/icons` +- **Gentoo**: `/var/www/icons` +- **Red Hat**: `/var/www/icons`, except on Apache 2.4, where it's `/usr/share/httpd/icons` -Installs and manages the alias module. +####Class: `apache::mod::disk_cache` -Full Documentation for alias is available from [Apache](https://httpd.apache.org/docs/current/mod/mod_alias.html). +Installs and configures mod_disk_cache. The cache root is determined based on apache version and OS. It can be specified directly as well. -To disable directory listing for the icons directory: +Specifying the cache root: ```puppet - class { 'apache::mod::alias': - icons_options => 'None', + class {'::apache::mod::disk_cache': + cache_root => '/path/to/cache', } ``` -####Class: `apache::mod::event` +##### Class: `apache::mod::event` -Installs and manages mpm_event module. +Installs and manages [`mod_mpm_event`][]. You can't include both `apache::mod::event` and [`apache::mod::itk`][], [`apache::mod::peruser`][], [`apache::mod::prefork`][], or [`apache::mod::worker`][] on the same server. -Full Documentation for mpm_event is available from [Apache](https://httpd.apache.org/docs/current/mod/event.html). +**Parameters within `apache::mod::event`**: -To configure the event thread limit: +- `listenbacklog`: Sets the maximum length of the pending connections queue via the module's [`ListenBackLog`][] directive. Default: '511'. +- `maxclients` (_Apache 2.3.12 or older_: `maxrequestworkers`): Sets the maximum number of connections Apache can simultaneously process, via the module's [`MaxRequestWorkers`][] directive. Default: '150'. +- `maxconnectionsperchild` (_Apache 2.3.8 or older_: `maxrequestsperchild`): Limits the number of connections a child server handles during its life, via the module's [`MaxConnectionsPerChild`][] directive. Default: '0'. +- `maxsparethreads` and `minsparethreads`: Sets the maximum and minimum number of idle threads, via the [`MaxSpareThreads`][] and [`MinSpareThreads`][] directives. Default: '75' and '25', respectively. +- `serverlimit`: Limits the configurable number of processes via the [`ServerLimit`][] directive. Default: '25'. +- `startservers`: Sets the number of child server processes created at startup, via the module's [`StartServers`][] directive. Default: '2'. +- `threadlimit`: Limits the number of event threads via the module's [`ThreadLimit`][] directive. Default: '64'. +- `threadsperchild`: Sets the number of threads created by each child process, via the [`ThreadsPerChild`][] directive. Default: '25'. -```puppet - class {'apache::mod::event': - $threadlimit => '128', - } -``` +##### Class: `apache::mod::auth_cas` -####Class: `apache::mod::auth_cas` +Installs and manages [`mod_auth_cas`][]. Its parameters share names with the Apache module's directives. -Installs and manages mod_auth_cas. The parameters `cas_login_url` and `cas_validate_url` are required. +The `cas_login_url` and `cas_validate_url` parameters are required; several other parameters have 'undef' default values. -Full documentation on mod_auth_cas is available from [JASIG](https://github.com/Jasig/mod_auth_cas). +**Parameters within `apache::mod::auth_cas`**: -####Class: `apache::mod::geoip` +- `cas_authoritative`: Determines whether an optional authorization directive is authoritative and binding. Default: 'undef'. +- `cas_certificate_path`: Sets the path to the X509 certificate of the Certificate Authority for the server in `cas_login_url` and `cas_validate_url`. Default: 'undef'. +- `cas_cache_clean_interval`: Sets the minimum number of seconds that must pass between cache cleanings. Default: 'undef'. +- `cas_cookie_domain`: Sets the value of the `Domain=` parameter in the `Set-Cookie` HTTP header. Default: 'undef'. +- `cas_cookie_entropy`: Sets the number of bytes to use when creating session identifiers. Default: 'undef'. +- `cas_cookie_http_only`: Sets the optional `HttpOnly` flag when `mod_auth_cas` issues cookies. Default: 'undef'. +- `cas_debug`: Determines whether to enable the module's debugging mode. Default: 'Off'. +- `cas_idle_timeout`: Default: 'undef'. +- `cas_login_url`: **Required**. Sets the URL to which the module redirects users when they attempt to access a CAS-protected resource and don't have an active session. +- `cas_root_proxied_as`: Sets the URL end users see when access to this Apache server is proxied. Default: 'undef'. +- `cas_timeout`: Limits the number of seconds a `mod_auth_cas` session can remain active. Default: 'undef'. +- `cas_validate_depth`: Limits the depth for chained certificate validation. Default: 'undef'. +- `cas_validate_url`: **Required**. Sets the URL to use when validating a client-presented ticket in an HTTP query string. +- `cas_version`: The CAS protocol version to adhere to. Valid options: '1', '2'. Default: '2'. -Installs and manages mod_geoip. +##### Class: `apache::mod::auth_mellon` -Full documentation on mod_geoip is available from [MaxMind](http://dev.maxmind.com/geoip/legacy/mod_geoip2/). +Installs and manages [`mod_auth_mellon`][]. It's parameters share names with the Apache module's directives. -These are the default settings: +~~~puppet +class{'apache::mod::auth_mellon': + mellon_cache_size => 101 +} +~~~ -```puppet - class {'apache::mod::geoip': - enable => false, - db_file => '/usr/share/GeoIP/GeoIP.dat', - flag => 'Standard', - output => 'All', - } -``` +**Parameters within `apache::mod::auth_mellon`**: -#####`enable` +- `mellon_cache_size`: Size in megabytes of mellon cache. +- `mellon_cache_entry_size`: Maximum size for single session. +- `mellon_lock_file`: Location of lock file. +- `mellon_post_directory`: Full path where post requests are saved. +- `mellon_post_ttl`: Time to keep post requests. +- `mellon_post_size`: Maximum size of post requests. +- `mellon_post_count`: Maxmum number of post requests. -Boolean. Enable or Disable mod_geoip globally. Defaults to false. +##### Class: `apache::mod::deflate` -#####`db_file` +Installs and configures [`mod_deflate`][]. -The full path to your GeoIP database file. Defaults to `/usr/share/GeoIP/GeoIP.dat`. This parameter optionally takes an array of paths for multiple GeoIP database files. +**Parameters within `apache::mod::deflate`:** -#####`flag` +- `types`: An [array][] of [MIME types][MIME `content-type`] to be deflated. Default: [ 'text/html text/plain text/xml', 'text/css', 'application/x-javascript application/javascript application/ecmascript', 'application/rss+xml' ]. +- `notes`: A [Hash][] where the key represents the type and the value represents the note name. Default: { 'Input' => 'instream', 'Output' => 'outstream', 'Ratio' => 'ratio' } -GeoIP Flag. Defaults to 'Standard'. +##### Class: `apache::mod::expires` -#####`output` +Installs [`mod_expires`][] and uses the `expires.conf.erb` template to generate its configuration. -Defines which output variables to use. Defaults to 'All'. +**Parameters within `apache::mod::expires`**: -#####`enable_utf8` +- `expires_active`: Enables generation of `Expires` headers for a document realm. Default: 'true'. +- `expires_default`: Default algorithm for calculating expiration time using [`ExpiresByType`][] syntax or [interval syntax][]. Default: undef. +- `expires_by_type`: Describes a set of [MIME `content-type`][] and their expiration times. Valid options: An [array][] of [Hashes][Hash], with each Hash's key a valid MIME `content-type` (i.e. 'text/json') and its value following valid [interval syntax][]. Default: undef. -Boolean. Changes the output from ISO-8859-1 (Latin-1) to UTF-8. +##### Class: `apache::mod::fcgid` -#####`scan_proxy_headers` +Installs and configures [`mod_fcgid`][]. -Boolean. Enables the GeoIPScanProxyHeaders option. More information can be found [here](http://dev.maxmind.com/geoip/legacy/mod_geoip2/#Proxy-Related_Directives). +The class makes no effort to individually parameterize all available options. Instead, configure `mod_fcgid` using the `options` [Hash][]. For example: -#####`scan_proxy_header_field` +~~~ puppet +class { 'apache::mod::fcgid': + options => { + 'FcgidIPCDir' => '/var/run/fcgidsock', + 'SharememPath' => '/var/run/fcgid_shm', + 'AddHandler' => 'fcgid-script .fcgi', + }, +} +~~~ -Specifies which header that mod_geoip should look at to determine the client's IP address. +For a full list of options, see the [official `mod_fcgid` documentation][`mod_fcgid`]. -#####`use_last_xforwarededfor_ip` +If you include `apache::mod::fcgid`, you can set the [`FcgidWrapper`][] per directory, per virtual host. The module must be loaded first; Puppet will not automatically enable it if you set the `fcgiwrapper` parameter in `apache::vhost`. -Boolean. If a comma-separated list of IP addresses is found, use the last IP address for the client's IP. +~~~ puppet +include apache::mod::fcgid -####Class: `apache::mod::info` +apache::vhost { 'example.org': + docroot => '/var/www/html', + directories => { + path => '/var/www/html', + fcgiwrapper => { + command => '/usr/local/bin/fcgiwrapper', + } + }, +} +~~~ -Installs and manages mod_info which provides a comprehensive overview of the server configuration. +##### Class: `apache::mod::geoip` -Full documentation for mod_info is available from [Apache](https://httpd.apache.org/docs/current/mod/mod_info.html). +Installs and manages [`mod_geoip`][]. -These are the default settings: +**Parameters within `apache::mod::geoip`**: -```puppet - $allow_from = ['127.0.0.1','::1'], - $apache_version = $::apache::apache_version, - $restrict_access = true, -``` +- `db_file`: Sets the path to your GeoIP database file. Valid options: a path, or an [array][] paths for multiple GeoIP database files. Default: `/usr/share/GeoIP/GeoIP.dat`. +- `enable`: Determines whether to globally enable [`mod_geoip`][]. Valid options: Boolean. Default: 'false'. +- `flag`: Sets the GeoIP flag. Valid options: 'CheckCache', 'IndexCache', 'MemoryCache', 'Standard'. Default: 'Standard'. +- `output`: Defines which output variables to use. Valid options: 'All', 'Env', 'Request', 'Notes'. Default: 'All'. +- `enable_utf8`: Changes the output from ISO-8859-1 (Latin-1) to UTF-8. Valid options: Boolean. Default: 'undef'. +- `scan_proxy_headers`: Enables the [GeoIPScanProxyHeaders][] option. Valid options: Boolean. Default: 'undef'. +- `scan_proxy_header_field`: Specifies which header [`mod_geoip`][] should look at to determine the client's IP address. Default: 'undef'. +- `use_last_xforwarededfor_ip` (sic): Determines whether to use the first or last IP address for the client's IP if a comma-separated list of IP addresses is found. Valid options: Boolean. Default: 'undef'. -To set the addresses that are allowed to access /server-info add the following: +##### Class: `apache::mod::info` -```puppet - class {'apache::mod::info': - allow_from => [ - '10.10.36', - '10.10.38', - '127.0.0.1', - ], - } -``` +Installs and manages [`mod_info`][], which provides a comprehensive overview of the server configuration. -To disable the access restrictions add the following: +**Parameters within `apache::mod::info`**: -```puppet - class {'apache::mod::info': - restrict_access => false, - } -``` +- `allow_from`: Whitelist of IPv4 or IPv6 addresses or ranges that can access `/server-info`. Valid options: One or more octets of an IPv4 address, an IPv6 address or range, or an array of either. Default: ['127.0.0.1','::1'] +- `apache_version`: Default: `$::apache::apache_version`, +- `restrict_access`: Determines whether to enable access restrictions. If 'false', the `allow_from` whitelist is ignored and any IP address can access `/server-info`. Valid options: Boolean. Default: 'true'. -It is not recommended to leave this set to false though it can be very useful for testing. For this reason, you can insert this setting in your normal code to temporarily disable the restrictions like so: +##### Class: `apache::mod::negotiation` -```puppet - class {'apache::mod::info': - restrict_access => false, # false disables the block below - allow_from => [ - '10.10.36', - '10.10.38', - '127.0.0.1', - ], - } -``` +Installs and configures [`mod_negotiation`][]. -####Class: `apache::mod::pagespeed` +**Parameters within `apache::mod::negotiation`:** -Installs and manages mod_pagespeed, which is a Google module that rewrites web pages to reduce latency and bandwidth. +- `force_language_priority`: Sets the `ForceLanguagePriority` option. Valid option: String. Default: `Prefer Fallback`. +- `language_priority`: An [array][] of languages to set the `LanguagePriority` option of the module. Default: [ 'en', 'ca', 'cs', 'da', 'de', 'el', 'eo', 'es', 'et', 'fr', 'he', 'hr', 'it', 'ja', 'ko', 'ltz', 'nl', 'nn', 'no', 'pl', 'pt', 'pt-BR', 'ru', 'sv', 'zh-CN', 'zh-TW' ] -This module does *not* manage the software repositories needed to automatically install the -mod-pagespeed-stable package. The module does however require that the package be installed, -or be installable using the system's default package provider. You should ensure that this -pre-requisite is met or declaring `apache::mod::pagespeed` causes the Puppet run to fail. +##### Class: `apache::mod::pagespeed` -These are the defaults: +Installs and manages [`mod_pagespeed`], a Google module that rewrites web pages to reduce latency and bandwidth. -```puppet - class { 'apache::mod::pagespeed': - inherit_vhost_config => 'on', - filter_xhtml => false, - cache_path => '/var/cache/mod_pagespeed/', - log_dir => '/var/log/pagespeed', - memcache_servers => [], - rewrite_level => 'CoreFilters', - disable_filters => [], - enable_filters => [], - forbid_filters => [], - rewrite_deadline_per_flush_ms => 10, - additional_domains => undef, - file_cache_size_kb => 102400, - file_cache_clean_interval_ms => 3600000, - lru_cache_per_process => 1024, - lru_cache_byte_limit => 16384, - css_flatten_max_bytes => 2048, - css_inline_max_bytes => 2048, - css_image_inline_max_bytes => 2048, - image_inline_max_bytes => 2048, - js_inline_max_bytes => 2048, - css_outline_min_bytes => 3000, - js_outline_min_bytes => 3000, - inode_limit => 500000, - image_max_rewrites_at_once => 8, - num_rewrite_threads => 4, - num_expensive_rewrite_threads => 4, - collect_statistics => 'on', - statistics_logging => 'on', - allow_view_stats => [], - allow_pagespeed_console => [], - allow_pagespeed_message => [], - message_buffer_size => 100000, - additional_configuration => { } - } -``` +While this Apache module requires the `mod-pagespeed-stable` package, Puppet **doesn't** manage the software repositories required to automatically install the package. If you declare this class when the package is either not installed or not available to your package manager, your Puppet run will fail. -Full documentation for mod_pagespeed is available from [Google](http://modpagespeed.com). +**Parameters within `apache::mod::info`**: -####Class: `apache::mod::php` +- `inherit_vhost_config`: Default: 'on'. +- `filter_xhtml`: Default: false. +- `cache_path`: Default: '/var/cache/mod_pagespeed/'. +- `log_dir`: Default: '/var/log/pagespeed'. +- `memcache_servers`: Default: []. +- `rewrite_level`: Default: 'CoreFilters'. +- `disable_filters`: Default: []. +- `enable_filters`: Default: []. +- `forbid_filters`: Default: []. +- `rewrite_deadline_per_flush_ms`: Default: 10. +- `additional_domains`: Default: undef. +- `file_cache_size_kb`: Default: 102400. +- `file_cache_clean_interval_ms`: Default: 3600000. +- `lru_cache_per_process`: Default: 1024. +- `lru_cache_byte_limit`: Default: 16384. +- `css_flatten_max_bytes`: Default: 2048. +- `css_inline_max_bytes`: Default: 2048. +- `css_image_inline_max_bytes`: Default: 2048. +- `image_inline_max_bytes`: Default: 2048. +- `js_inline_max_bytes`: Default: 2048. +- `css_outline_min_bytes`: Default: 3000. +- `js_outline_min_bytes`: Default: 3000. +- `inode_limit`: Default: 500000. +- `image_max_rewrites_at_once`: Default: 8. +- `num_rewrite_threads`: Default: 4. +- `num_expensive_rewrite_threads`: Default: 4. +- `collect_statistics`: Default: 'on'. +- `statistics_logging`: Default: 'on'. +- `allow_view_stats`: Default: []. +- `allow_pagespeed_console`: Default: []. +- `allow_pagespeed_message`: Default: []. +- `message_buffer_size`: Default: 100000. +- `additional_configuration`: Default: { }. -Installs and configures mod_php. The defaults are OS-dependant. +The class's parameters correspond to the module's directives. See the [module's documentation][`mod_pagespeed`] for details. -Overriding the package name: -```puppet - class {'::apache::mod::php': - package_name => "php54-php", - path => "${::apache::params::lib_path}/libphp54-php5.so", - } -``` +##### Class: `apache::mod::php` -Overriding the default configuartion: -```puppet - class {'::apache::mod::php': - source => 'puppet:///modules/apache/my_php.conf', - } -``` +Installs and configures [`mod_php`][]. -or -```puppet - class {'::apache::mod::php': - template => 'apache/php.conf.erb', - } -``` +**Parameters within `apache::mod::php`**: -or +Default values depend on your operating system. -```puppet - class {'::apache::mod::php': - content => ' -AddHandler php5-script .php -AddType text/html .php', - } -``` -####Class: `apache::mod::shib` +> **Note**: This list is incomplete. Most of this class's parameters correspond to `mod_php` directives; see the [module's documentation][`mod_php`] for details. -Installs the [Shibboleth](http://shibboleth.net/) module for Apache which allows the use of SAML2 Single-Sign-On (SSO) authentication by Shibboleth Identity Providers and Shibboleth Federations. This class only installs and configures the Apache components of a Shibboleth Service Provider (a web application that consumes Shibboleth SSO identities). The Shibboleth configuration can be managed manually, with Puppet, or using a [Shibboleth Puppet Module](https://github.com/aethylred/puppet-shibboleth). +- `package_name`: Names the package that installs `php_mod`. +- `path`: Defines the path to the `mod_php` shared object (`.so`) file. +- `source`: Defines the path to the default configuration. Valid options include a `puppet:///` paths. +- `template`: Defines the path to the `php.conf` template Puppet uses to generate the configuration file. +- `content`: Adds arbitrary content to `php.conf`. -Defining this class enables the Shibboleth specific parameters in `apache::vhost` instances. +##### Class: `apache::mod::reqtimeout` -####Class: `apache::mod::ssl` +Installs and configures [`mod_reqtimeout`][]. -Installs Apache SSL capabilities and uses the ssl.conf.erb template. These are the defaults: +**Parameters within `apache::mod::reqtimeout`**: -```puppet - class { 'apache::mod::ssl': - ssl_compression => false, - ssl_cryptodevice => 'builtin', - ssl_options => [ 'StdEnvVars' ], - ssl_openssl_conf_cmd => undef, - ssl_cipher => 'HIGH:MEDIUM:!aNULL:!MD5', - ssl_honorcipherorder => 'On', - ssl_protocol => [ 'all', '-SSLv2', '-SSLv3' ], - ssl_pass_phrase_dialog => 'builtin', - ssl_random_seed_bytes => '512', - ssl_sessioncachetimeout => '300', - } -``` +- `timeouts`: A string or [array][] that sets the [`RequestReadTimeout`][] option. Default: ['header=20-40,MinRate=500', 'body=20,MinRate=500']. -To *use* SSL with a virtual host, you must either set the`default_ssl_vhost` parameter in `::apache` to 'true' or set the `ssl` parameter in `apache::vhost` to 'true'. +##### Class: `apache::mod::shib` -####Class: `apache::mod::status` +Installs the [Shibboleth](http://shibboleth.net/) Apache module `mod_shib`, which enables SAML2 single sign-on (SSO) authentication by Shibboleth Identity Providers and Shibboleth Federations. This class only installs and configures the Apache components of a web application that consumes Shibboleth SSO identities, also known as a Shibboleth Service Provider. You can manage the Shibboleth configuration manually, with Puppet, or using a [Shibboleth Puppet Module](https://github.com/aethylred/puppet-shibboleth). -Installs Apache mod_status and uses the status.conf.erb template. These are the defaults: +Defining this class enables Shibboleth-specific parameters in `apache::vhost` instances. -```puppet - class { 'apache::mod::status': - allow_from => ['127.0.0.1','::1'], - extended_status => 'On', - status_path => '/server-status', -){ +##### Class: `apache::mod::ssl` +Installs [Apache SSL features][`mod_ssl`] and uses the `ssl.conf.erb` template to generate its configuration. - } -``` +**Parameters within `apache::mod::ssl`**: -####Class: `apache::mod::expires` +- `ssl_cipher`: Default: 'HIGH:MEDIUM:!aNULL:!MD5'. +- `ssl_compression`: Default: 'false'. +- `ssl_cryptodevice`: Default: 'builtin'. +- `ssl_honorcipherorder`: Default: 'On'. +- `ssl_openssl_conf_cmd`: Default: 'undef'. +- `ssl_options`: Default: [ 'StdEnvVars' ] +- `ssl_pass_phrase_dialog`: Default: 'builtin'. +- `ssl_protocol`: Default: [ 'all', '-SSLv2', '-SSLv3' ]. +- `ssl_random_seed_bytes`: Default: '512'. +- `ssl_sessioncachetimeout`: Default: '300'. -Installs Apache mod_expires and uses the expires.conf.erb template. These are the defaults: +To use SSL with a virtual host, you must either set the [`default_ssl_vhost`][] parameter in `::apache` to 'true' **o**r the [`ssl`][] parameter in [`apache::vhost`][] to 'true'. -```puppet - class { 'apache::mod::expires': - expires_active => true, - expires_default => undef, - expires_by_type => undef, -){ +##### Class: `apache::mod::status` +Installs [`mod_status`][] and uses the `status.conf.erb` template to generate its configuration. - } -``` +**Parameters within `apache::mod::status`**: -`expires_by_type` is an array of Hashes, describing a set of types and their expire times: +- `allow_from`: An [array][] of IPv4 or IPv6 addresses that can access `/server-status`. Default: ['127.0.0.1','::1']. +- `extended_status`: Determines whether to track extended status information for each request, via the [`ExtendedStatus`][] directive. Valid options: 'Off', 'On'. Default: 'On'. +- `status_path`: The server location of the status page. Default: '/server-status'. -```puppet - class { 'apache::mod::expires': - expires_by_type => [ - { 'text/json' => 'access plus 1 month' }, - { 'text/html' => 'access plus 1 year' }, - ] - } -``` +##### Class: `apache::mod::version` -####Class: `apache::mod::wsgi` +Installs [`mod_version`][] on many operating systems and Apache configurations. -Enables Python support in the WSGI module. To use, simply `include 'apache::mod::wsgi'`. +If Debian and Ubuntu systems with Apache 2.4 are classified with `apache::mod::version`, Puppet warns that `mod_version` is built-in and can't be loaded. -For customized parameters, which tell Apache how Python is currently configured on the operating system, +##### Class: `apache::mod::security` -```puppet - class { 'apache::mod::wsgi': - wsgi_socket_prefix => "\${APACHE_RUN_DIR}WSGI", - wsgi_python_home => '/path/to/venv', - wsgi_python_path => '/path/to/venv/site-packages', - } -``` +Installs and configures Trustwave's [`mod_security`][]. It is enabled and runs by default on all virtual hosts. -To specify an alternate mod\_wsgi package name to install and the name of the module .so it provides, -(e.g. a "python27-mod\_wsgi" package that provides "python27-mod_wsgi.so" in the default module directory): +**Parameters within `apache::mod::security`**: -```puppet - class { 'apache::mod::wsgi': - wsgi_socket_prefix => "\${APACHE_RUN_DIR}WSGI", - wsgi_python_home => '/path/to/venv', - wsgi_python_path => '/path/to/venv/site-packages', - package_name => 'python27-mod_wsgi', - mod_path => 'python27-mod_wsgi.so', - } -``` +- `activated_rules`: An [array][] of rules from the `modsec_crs_path` to activate via symlinks. Default: `modsec_default_rules` in [`apache::params`][]. +- `allowed_methods`: A space-separated list of allowed HTTP methods. Default: 'GET HEAD POST OPTIONS'. +- `content_types`: A list of one or more allowed [MIME types][MIME `content-type`]. Default: 'application/x-www-form-urlencoded|multipart/form-data|text/xml|application/xml|application/x-amf' +- `crs_package`: Names the package that installs CRS rules. Default: `modsec_crs_package` in [`apache::params`][]. +- `modsec_dir`: Defines the path where Puppet installs the modsec configuration and activated rules links. Default: 'On', set by `modsec_dir` in [`apache::params`][]. +${modsec_dir}/activated_rules. +- `modsec_secruleengine`: Configures the modsec rules engine. Valid options: 'On', 'Off', and 'DetectionOnly'. Default: `modsec_secruleengine` in [`apache::params`][]. +- `restricted_extensions`: A space-separated list of prohibited file extensions. Default: '.asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/'. +- `restricted_headers`: A list of restricted headers separated by slashes and spaces. Default: 'Proxy-Connection/ /Lock-Token/ /Content-Range/ /Translate/ /via/ /if/'. -If ``mod_path`` does not contain "/", it will be prefixed by the default module path -for your OS; otherwise, it will be used literally. +##### Class: `apache::mod::wsgi` -More information about [WSGI](http://modwsgi.readthedocs.org/en/latest/). +Enables Python support via [`mod_wsgi`][]. -####Class: `apache::mod::fcgid` +**Parameters within `apache::mod::wsgi`**: -Installs and configures mod_fcgid. +- `mod_path`: Defines the path to the `mod_wsgi` shared object (`.so`) file. Default: undef. + - If the `mod_path` parameter doesn't contain `/`, Puppet prefixes it with your operating system's default module path. +Otherwise, Puppet follows it literally. +- `package_name`: Names the package that installs `mod_wsgi`. Default: undef. +- `wsgi_python_home`: Defines the [`WSGIPythonHome`][] directive, such as '/path/to/venv'. Valid options: path. Default: undef. +- `wsgi_python_path`: Defines the [`WSGIPythonPath`][] directive, such as '/path/to/venv/site-packages'. Valid options: path. Default: undef. +- `wsgi_socket_prefix`: Defines the [`WSGISocketPrefix`][] directive, such as "\${APACHE_RUN_DIR}WSGI". Default: `wsgi_socket_prefix` in [`apache::params`][]. -The class makes no effort to list all available options, but rather uses an options hash to allow for ultimate flexibility: +The class's parameters correspond to the module's directives. See the [module's documentation][`mod_wsgi`] for details. -```puppet - class { 'apache::mod::fcgid': - options => { - 'FcgidIPCDir' => '/var/run/fcgidsock', - 'SharememPath' => '/var/run/fcgid_shm', - 'AddHandler' => 'fcgid-script .fcgi', - }, - } -``` +### Private Classes -For a full list op options, see the [official mod_fcgid documentation](https://httpd.apache.org/mod_fcgid/mod/mod_fcgid.html). +#### Class: `apache::confd::no_accf` -It is also possible to set the FcgidWrapper per directory per vhost. You must ensure the fcgid module is loaded because there is no auto loading. +Creates the `no-accf.conf` configuration file in `conf.d`, required by FreeBSD's Apache 2.4. -```puppet - include apache::mod::fcgid - apache::vhost { 'example.org': - docroot => '/var/www/html', - directories => { - path => '/var/www/html', - fcgiwrapper => { - command => '/usr/local/bin/fcgiwrapper', - } - }, - } -``` +#### Class: `apache::default_confd_files` -See [FcgidWrapper documentation](https://httpd.apache.org/mod_fcgid/mod/mod_fcgid.html#fcgidwrapper) for more information. +Includes `conf.d` files for FreeBSD. -####Class: `apache::mod::negotiation` +#### Class: `apache::default_mods` -Installs and configures mod_negotiation. If there are not provided any -parameter, default apache mod_negotiation configuration is done. +Installs the Apache modules required to run the default configuration. See the `apache` class's [`default_mods`][] parameter for details. -```puppet - class { '::apache::mod::negotiation': - force_language_priority => 'Prefer', - language_priority => [ 'es', 'en', 'ca', 'cs', 'da', 'de', 'el', 'eo' ], - } -``` +#### Class: `apache::package` -**Parameters within `apache::mod::negotiation`:** +Installs and configures basic Apache packages. -#####`force_language_priority` +#### Class: `apache::params` -A string that sets the `ForceLanguagePriority` option. Defaults to `Prefer Fallback`. +Manages Apache parameters for different operating systems. -#####`language_priority` +#### Class: `apache::service` -An array of languages to set the `LanguagePriority` option of the module. +Manages the Apache daemon. -####Class: `apache::mod::deflate` +#### Class: `apache::version` -Installs and configures mod_deflate. If no parameters are provided, a default configuration is applied. +Attempts to automatically detect the Apache version based on the operating system. -```puppet - class { '::apache::mod::deflate': - types => [ 'text/html', 'text/css' ], - notes => { - 'Input' => 'instream', - 'Ratio' => 'ratio', - }, - } -``` +### Public Defines -#####`types` +#### Define: `apache::balancer` -An array of mime types to be deflated. +Creates an Apache load balancing group, also known as a balancer cluster, using [`mod_proxy`][]. Each load balancing group needs one or more balancer members, which you can declare in Puppet with the [`apache::balancermember`][] define. -#####`notes` +Declare one `apache::balancer` define for each Apache load balancing group. You can export `apache::balancermember` defines for all balancer members and collect them on a single Apache load balancer server using [exported resources][]. -A hash where the key represents the type and the value represents the note name. +**Parameters within `apache::balancer`**: +##### `name` -####Class: `apache::mod::reqtimeout` +Sets the title of the balancer cluster and name of the `conf.d` file containing its configuration. -Installs and configures mod_reqtimeout. Defaults to recommended apache -mod_reqtimeout configuration. +##### `proxy_set` -```puppet - class { '::apache::mod::reqtimeout': - timeouts => ['header=20-40,MinRate=500', 'body=20,MinRate=500'], - } -``` +Configures key-value pairs as [`ProxySet`][] lines. Valid options: [Hash][]. Default: '{}'. -####Class: `apache::mod::version` +##### `collect_exported` -This wrapper around mod_version warns on Debian and Ubuntu systems with Apache httpd 2.4 -about loading mod_version, as on these platforms it's already built-in. +Determines whether to use [exported resources][]. Valid options: Boolean. Default: 'true'. -```puppet - include '::apache::mod::version' -``` +If you statically declare all of your backend servers, set this parameter to 'false' to rely on existing, declared balancer member resources. Also, use `apache::balancermember` with [array][] arguments. -#####`timeouts` +To dynamically declare backend servers via exported resources collected on a central node, set this parameter to 'true' to collect the balancer member resources exported by the balancer member nodes. -A string or an array that sets the `RequestReadTimeout` option. Defaults to -`['header=20-40,MinRate=500', 'body=20,MinRate=500']`. +If you don't use exported resources, a single Puppet run configures all balancer members. If you use exported resources, Puppet has to run on the balanced nodes first, then run on the balancer. +#### Define: `apache::balancermember` -####Class: `apache::mod::security` +Defines members of [`mod_proxy_balancer`][], which sets up a balancer member inside a listening service configuration block in the load balancer's `apache.cfg`. -Installs and configures mod_security. Defaults to enabled and running on all -vhosts. +**Parameters within `apache::balancermember`**: -```puppet - include '::apache::mod::security' -``` +##### `balancer_cluster` -#####`crs_package` +**Required**. Sets the Apache service's instance name, and must match the name of a declared [`apache::balancer`][] resource. -Name of package to install containing crs rules +##### `url` -#####`modsec_dir` +Specifies the URL used to contact the balancer member server. Default: 'http://${::fqdn}/'. -Directory to install the modsec configuration and activated rules links into +##### `options` -#####`activated_rules` +Specifies an [array][] of [options](http://httpd.apache.org/docs/current/mod/mod_proxy.html#balancermember) after the URL, and accepts any key-value pairs available to [`ProxyPass`][]. Default: an empty array. -Array of rules from the modsec_crs_path to activate by symlinking to -${modsec_dir}/activated_rules. +#### Define: `apache::custom_config` -#####`allowed_methods` +Adds a custom configuration file to the Apache server's `conf.d` directory. If the file is invalid and this define's `$verify_config` parameter is 'true', Puppet throws an error during a Puppet run. -HTTP methods allowed by mod_security +**Parameters within `apache::custom_config`**: -#####`content_types` +##### `ensure` -Content-types allowed by mod_security +Specifies whether the configuration file should be present. Valid options: 'absent', 'present'. Default: 'present'. -#####`restricted_extensions` +##### `confdir` -Extensions prohibited by mod_security +Sets the directory in which Puppet places configuration files. Default: '$::apache::confd_dir'. -#####`restricted_headers` +##### `content` -Headers restricted by mod_security +Sets the configuration file's content. The `content` and [`source`][] parameters are exclusive of each other. +##### `priority` -####Defined Type: `apache::vhost` +Sets the configuration file's priority by prefixing its filename with this parameter's numeric value, as Apache processes configuration files in alphanumeric order. The default value is `25`. -The Apache module allows a lot of flexibility in the setup and configuration of virtual hosts. This flexibility is due, in part, to `vhost` being a defined resource type, which allows it to be evaluated multiple times with different parameters. +To omit the priority prefix in the configuration file's name, set this parameter to `false`. -The `vhost` defined type allows you to have specialized configurations for virtual hosts that have requirements outside the defaults. You can set up a default vhost within the base `::apache` class, as well as set a customized vhost as default. Your customized vhost (priority 10) will be privileged over the base class vhost (15). +##### `source` -The `vhost` defined type uses `concat::fragment` to build the configuration file, so if you want to inject custom fragments for pieces of the configuration not supported by default by the defined type, you can add a custom fragment. For the `order` parameter for the custom fragment, the `vhost` defined type uses multiples of 10, so any order that isn't a multiple of 10 should work. +Points to the configuration file's source. The [`content`][] and `source` parameters are exclusive of each other. -```puppet - apache::vhost { "example.com": - docroot => '/var/www/html', - priority => '25', - } - concat::fragment { "example.com-my_custom_fragment": - target => '25-example.com.conf', - order => 11, - content => '# my custom comment', - } -``` +##### `verify_command` -If you have a series of specific configurations and do not want a base `::apache` class default vhost, make sure to set the base class `default_vhost` to 'false'. +Specifies the command Puppet uses to verify the configuration file. Use a fully qualified command. Default: `/usr/sbin/apachectl -t`. -```puppet - class { 'apache': - default_vhost => false, - } -``` +This parameter is only used if the [`verify_config`][] parameter's value is 'true'. If the `verify_command` fails, the Puppet run deletes the configuration file, does not notify the Apache service, and raises an error. + +##### `verify_config` + +Specifies whether to validate the configuration file before notifying the Apache service. Valid options: Boolean. Default: `true`. + +#### Define: `apache::fastcgi::server` + +Defines one or more external FastCGI servers to handle specific file types. Use this define with [`mod_fastcgi`][FastCGI]. -**Parameters within `apache::vhost`:** +**Parameters within `apache::fastcgi::server`:** -#####`access_log` +##### `host` -Specifies whether `*_access.log` directives (`*_file`,`*_pipe`, or `*_syslog`) should be configured. Setting the value to 'false' chooses none. Defaults to 'true'. +Determines the FastCGI's hostname or IP address and TCP port number (1-65535). -#####`access_log_file` +##### `timeout` -Sets the `*_access.log` filename that is placed in `$logroot`. Given a vhost, example.com, it defaults to 'example.com_ssl.log' for SSL vhosts and 'example.com_access.log' for non-SSL vhosts. +Sets the number of seconds a [FastCGI][] application can be inactive before aborting the request and logging the event at the error LogLevel. The inactivity timer applies only as long as a connection is pending with the FastCGI application. If a request is queued to an application, but the application doesn't respond by writing and flushing within this period, the request is aborted. If communication is complete with the application but incomplete with the client (the response is buffered), the timeout does not apply. -#####`access_log_pipe` +##### `flush` -Specifies a pipe to send access log messages to. Defaults to 'undef'. +Forces [`mod_fastcgi`][FastCGI] to write to the client as data is received from the application. By default, `mod_fastcgi` buffers data in order to free the application as quickly as possible. -#####`access_log_syslog` +##### `faux_path` -Sends all access log messages to syslog. Defaults to 'undef'. +Apache has [FastCGI][] handle URIs that resolve to this filename. The path set in this parameter does not have to exist in the local filesystem. -#####`access_log_format` +##### `alias` -Specifies the use of either a LogFormat nickname or a custom format string for the access log. Defaults to 'combined'. See [these examples](http://httpd.apache.org/docs/current/mod/mod_log_config.html). +Internally links actions with the FastCGI server. This alias must be unique. -#####`access_log_env_var` +##### `file_type` + +Sets the [MIME `content-type`][] of the file to be processed by the FastCGI server. + +#### Define: `apache::listen` + +Adds [`Listen`][] directives to `ports.conf` in the Apache configuration directory that define the Apache server's or a virtual host's listening address and port. The [`apache::vhost`][] class uses this define, and titles take the form '', ':', or ':'. + +#### Define: `apache::mod` + +Installs packages for an Apache module that doesn't have a corresponding [`apache::mod::`][] class, and checks for or places the module's default configuration files in the Apache server's `module` and `enable` directories. The default locations depend on your operating system. + +**Parameters within `apache::mod`**: + +##### `package` + +**Required**. Names the package Puppet uses to install the Apache module. + +##### `package_ensure` + +Determines whether Puppet ensures the Apache module should be installed. Valid options: 'absent', 'present'. Default: 'present'. + +##### `lib` + +Defines the module's shared object name. Its default value is `mod_$name.so`, and it should not be configured manually without special reason. + +##### `lib_path` + +Specifies a path to the module's libraries. Default: the `apache` class's [`lib_path`][] parameter. + +Don't manually set this parameter without special reason. The [`path`][] parameter overrides this value. + +##### `loadfile_name` + +Sets the filename for the module's [`LoadFile`][] directive, which can also set the module load order as Apache processes them in alphanumeric order. Valid options: filenames formatted `\*.load`. Default: `$name.load`. + +##### `loadfiles` + +Specifies an [array][] of [`LoadFile`][] directives. + +##### `path` + +Specifies a path to the module. Default: [`lib_path`][]/[`lib`][]. Don't manually set this parameter without special reason. + +#### Define: `apache::namevirtualhost` + +Enables [name-based virtual hosts][] and adds all related directives to the `ports.conf` file in the Apache HTTPD configuration directory. Titles can take the forms '\*', '*:', '\_default_:, '', or ':'. + +#### Define: `apache::vhost` + +The Apache module allows a lot of flexibility in the setup and configuration of virtual hosts. This flexibility is due, in part, to `vhost` being a defined resource type, which allows Apache to evaluate it multiple times with different parameters. + +The `apache::vhost` define allows you to have specialized configurations for virtual hosts that have requirements outside the defaults. You can set up a default virtual host within the base `::apache` class, as well as set a customized virtual host as the default. Customized virtual hosts have a lower numeric [`priority`][] than the base class's, causing Apache to process the customized virtual host first. + +The `apache::vhost` define uses `concat::fragment` to build the configuration file. To inject custom fragments for pieces of the configuration that the define doesn't inherently support, add a custom fragment. + +For the custom fragment's `order` parameter, the `apache::vhost` define uses multiples of 10, so any `order` that isn't a multiple of 10 should work. + +**Parameters within `apache::vhost`**: + +##### `access_log` + +Determines whether to configure `*_access.log` directives (`*_file`,`*_pipe`, or `*_syslog`). Valid options: Boolean. Default: 'true'. + +##### `access_log_env_var` Specifies that only requests with particular environment variables be logged. Defaults to 'undef'. -#####`add_default_charset` +##### `access_log_file` -Sets [AddDefaultCharset](http://httpd.apache.org/docs/current/mod/core.html#adddefaultcharset), a default value for the media charset, which is added to text/plain and text/html responses. +Sets the filename of the `*_access.log` placed in [`logroot`][]. Given a virtual host---for instance, example.com---it defaults to 'example.com_ssl.log' for [SSL-encrypted][SSL encryption] virtual hosts and 'example.com_access.log' for unencrypted virtual hosts. -#####`add_listen` +##### `access_log_format` -Determines whether the vhost creates a Listen statement. The default value is 'true'. +Specifies the use of either a [`LogFormat`][] nickname or a custom-formatted string for the access log. Default: 'combined'. -Setting `add_listen` to 'false' stops the vhost from creating a Listen statement, and this is important when you combine vhosts that are not passed an `ip` parameter with vhosts that *are* passed the `ip` parameter. +##### `access_log_pipe` -#####`use_optional_includes` +Specifies a pipe where Apache sends access log messages. Default: 'undef'. -Specifies if for apache > 2.4 it should use IncludeOptional instead of Include for `additional_includes`. Defaults to 'false'. +##### `access_log_syslog` -#####`additional_includes` +Sends all access log messages to syslog. Default: 'undef'. -Specifies paths to additional static, vhost-specific Apache configuration files. Useful for implementing a unique, custom configuration not supported by this module. Can be an array. Defaults to '[]'. +##### `add_default_charset` -#####`aliases` +Sets a default media charset value for the [`AddDefaultCharset`][] directive, which is added to `text/plain` and `text/html` responses. -Passes a list of hashes to the vhost to create Alias, AliasMatch, ScriptAlias or ScriptAliasMatch directives as per the [mod_alias documentation](http://httpd.apache.org/docs/current/mod/mod_alias.html). These hashes are formatted as follows: +##### `add_listen` -```puppet +Determines whether the virtual host creates a [`Listen`][] statement. Valid options: Boolean. Default: 'true'. + +Setting `add_listen` to 'false' prevents the virtual host from creating a `Listen` statement. This is important when combining virtual hosts that aren't passed an `ip` parameter with those that are. + +##### `use_optional_includes` + +Specifies whether Apache uses the [`IncludeOptional`][] directive instead of [`Include`][] for `additional_includes` in Apache 2.4 or newer. Valid options: Boolean. Default: 'false'. + +##### `additional_includes` + +Specifies paths to additional static, virtual host-specific Apache configuration files. You can use this parameter to implement a unique, custom configuration not supported by this module. Valid options: a string path or [array][] of them. Default: an empty array. + +##### `aliases` + +Passes a list of [Hashes][Hash] to the virtual host to create [`Alias`][], [`AliasMatch`][], [`ScriptAlias`][] or [`ScriptAliasMatch`][] directives as per the [`mod_alias`][] documentation. + +For example: + +~~~ puppet aliases => [ { aliasmatch => '^/image/(.*)\.jpg$', path => '/files/jpg.images/$1.jpg', @@ -1177,110 +1820,127 @@ aliases => [ path => '/usr/share/nagios/html', }, ], -``` +~~~ -For `alias`, `aliasmatch`, `scriptalias` and `scriptaliasmatch` to work, each needs a corresponding context, such as `` or ``. The directives are created in the order specified in the `aliases` parameter. As described in the [`mod_alias` documentation](http://httpd.apache.org/docs/current/mod/mod_alias.html), more specific `alias`, `aliasmatch`, `scriptalias` or `scriptaliasmatch` parameters should come before the more general ones to avoid shadowing. +For the `alias`, `aliasmatch`, `scriptalias` and `scriptaliasmatch` keys to work, each needs a corresponding context, such as `` or ``. Puppet creates the directives in the order specified in the `aliases` parameter. As described in the [`mod_alias`][] documentation, add more specific `alias`, `aliasmatch`, `scriptalias` or `scriptaliasmatch` parameters before the more general ones to avoid shadowing. -*Note*: Using the `aliases` parameter is preferred over the `scriptaliases` parameter since here the order of the various alias directives among each other can be controlled precisely. Defining ScriptAliases using the `scriptaliases` parameter means *all* ScriptAlias directives will come after *all* Alias directives, which can lead to Alias directives shadowing ScriptAlias directives. This is often problematic, for example in case of Nagios. +**Note**: Use the `aliases` parameter instead of the `scriptaliases` parameter because you can precisely control the various alias directives' order. Defining `ScriptAliases` using the `scriptaliases` parameter means *all* `ScriptAlias` directives will come after *all* `Alias` directives, which can lead to `Alias` directives shadowing `ScriptAlias` directives. This often causes problems, for example with Nagios. -*Note:* If `apache::mod::passenger` is loaded and `PassengerHighPerformance => true` is set, then Alias might have issues honoring the `PassengerEnabled => off` statement. See [this article](http://www.conandalton.net/2010/06/passengerenabled-off-not-working.html) for details. +If [`apache::mod::passenger`][] is loaded and `PassengerHighPerformance` is 'true', the `Alias` directive might not be able to honor the `PassengerEnabled => off` statement. See [this article](http://www.conandalton.net/2010/06/passengerenabled-off-not-working.html) for details. -#####`allow_encoded_slashes` +##### `allow_encoded_slashes` -This sets the [`AllowEncodedSlashes` declaration](http://httpd.apache.org/docs/current/mod/core.html#allowencodedslashes) for the vhost, overriding the server default. This modifies the vhost responses to URLs with `\` and `/` characters. The default is undefined, which omits the declaration from the server configuration and select the Apache default setting of `Off`. Allowed values are: `on`, `off` or `nodecode`. +Sets the [`AllowEncodedSlashes`][] declaration for the virtual host, overriding the server default. This modifies the virtual host responses to URLs with `\` and `/` characters. Valid options: 'nodecode', 'off', 'on'. Default: undef, which omits the declaration from the server configuration and selects the Apache default setting of `Off`. -#####`block` +##### `block` -Specifies the list of things Apache blocks access to. The default is an empty set, '[]'. Currently, the only option is 'scm', which blocks web access to .svn, .git and .bzr directories. +Specifies the list of things to which Apache blocks access. Valid option: 'scm', which blocks web access to `.svn`, `.git`, and `.bzr` directories. Default: an empty [array][]. -#####`custom_fragment` +##### `custom_fragment` -Passes a string of custom configuration directives to be placed at the end of the vhost configuration. Defaults to 'undef'. +Passes a string of custom configuration directives to place at the end of the virtual host configuration. Default: 'undef'. -#####`default_vhost` +##### `default_vhost` -Sets a given `apache::vhost` as the default to serve requests that do not match any other `apache::vhost` definitions. The default value is 'false'. +Sets a given `apache::vhost` define as the default to serve requests that do not match any other `apache::vhost` defines. Default: 'false'. -#####`directories` +##### `directories` -See the [`directories` section](#parameter-directories-for-apachevhost). +See the [`directories`](#parameter-directories-for-apachevhost) section. -#####`directoryindex` +##### `directoryindex` -Sets the list of resources to look for when a client requests an index of the directory by specifying a '/' at the end of the directory name. [DirectoryIndex](http://httpd.apache.org/docs/current/mod/mod_dir.html#directoryindex) has more information. Defaults to 'undef'. +Sets the list of resources to look for when a client requests an index of the directory by specifying a '/' at the end of the directory name. See the [`DirectoryIndex`][] directive documentation for details. Default: 'undef'. -#####`docroot` +##### `docroot` -Provides the -[DocumentRoot](http://httpd.apache.org/docs/current/mod/core.html#documentroot) -directive, which identifies the directory Apache serves files from. Required. +**Required**. Sets the [`DocumentRoot`][] location, from which Apache serves files. -#####`docroot_group` +##### `docroot_group` -Sets group access to the docroot directory. Defaults to 'root'. +Sets group access to the [`docroot`][] directory. Defaults to 'root'. -#####`docroot_owner` +##### `docroot_owner` Sets individual user access to the docroot directory. Defaults to 'root'. -#####`docroot_mode` +##### `docroot_mode` Sets access permissions of the docroot directory. Defaults to 'undef'. -#####`manage_docroot` +##### `manage_docroot` Whether to manage to docroot directory at all. Defaults to 'true'. -#####`error_log` +##### `error_log` Specifies whether `*_error.log` directives should be configured. Defaults to 'true'. -#####`error_log_file` +##### `error_log_file` Points to the `*_error.log` file. Given a vhost, example.com, it defaults to 'example.com_ssl_error.log' for SSL vhosts and 'example.com_access_error.log' for non-SSL vhosts. -#####`error_log_pipe` +##### `error_log_pipe` Specifies a pipe to send error log messages to. Defaults to 'undef'. -#####`error_log_syslog` +##### `error_log_syslog` Sends all error log messages to syslog. Defaults to 'undef'. -#####`error_documents` +##### `error_documents` A list of hashes which can be used to override the [ErrorDocument](https://httpd.apache.org/docs/current/mod/core.html#errordocument) settings for this vhost. Defaults to '[]'. Example: -```puppet +~~~ puppet apache::vhost { 'sample.example.net': error_documents => [ { 'error_code' => '503', 'document' => '/service-unavail' }, { 'error_code' => '407', 'document' => 'https://example.com/proxy/login' }, ], } -``` +~~~ -#####`ensure` +##### `ensure` Specifies if the vhost file is present or absent. Defaults to 'present'. -#####`fallbackresource` +##### `fallbackresource` Sets the [FallbackResource](http://httpd.apache.org/docs/current/mod/mod_dir.html#fallbackresource) directive, which specifies an action to take for any URL that doesn't map to anything in your filesystem and would otherwise return 'HTTP 404 (Not Found)'. Valid values must either begin with a / or be 'disabled'. Defaults to 'undef'. -#####`headers` +##### `filters` + +[Filters](http://httpd.apache.org/docs/2.2/mod/mod_filter.html) enable smart, context-sensitive configuration of output content filters. + +~~~ puppet + apache::vhost { "$::fqdn": + filters => [ + 'FilterDeclare COMPRESS', + 'FilterProvider COMPRESS DEFLATE resp=Content-Type $text/html', + 'FilterChain COMPRESS', + 'FilterProtocol COMPRESS DEFLATE change=yes;byteranges=no', + ], + } +~~~ + +##### `force_type` + +Sets the [`ForceType`][] directive, which forces Apache to serve all matching files with the specified [MIME `content-type`][]. + +##### `headers` Adds lines to replace, merge, or remove response headers. See [Header](http://httpd.apache.org/docs/current/mod/mod_headers.html#header) for more information. Can be an array. Defaults to 'undef'. -#####`ip` +##### `ip` Sets the IP address the vhost listens on. Defaults to listen on all IPs. -#####`ip_based` +##### `ip_based` Enables an [IP-based](http://httpd.apache.org/docs/current/vhosts/ip-based.html) vhost. This parameter inhibits the creation of a NameVirtualHost directive, since those are used to funnel requests to name-based vhosts. Defaults to 'false'. -#####`itk` +##### `itk` Configures [ITK](http://mpm-itk.sesse.net/) in a hash. Keys can be: @@ -1294,7 +1954,7 @@ Configures [ITK](http://mpm-itk.sesse.net/) in a hash. Keys can be: Usage typically looks like: -```puppet +~~~ puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', itk => { @@ -1302,123 +1962,125 @@ Usage typically looks like: group => 'somegroup', }, } -``` +~~~ -#####`logroot` +##### `logroot` Specifies the location of the virtual host's logfiles. Defaults to '/var/log//'. -#####`$logroot_ensure` +##### `$logroot_ensure` Determines whether or not to remove the logroot directory for a virtual host. Valid values are 'directory', or 'absent'. -#####`logroot_mode` +##### `logroot_mode` Overrides the mode the logroot directory is set to. Defaults to undef. Do NOT give people write access to the directory the logs are stored in without being aware of the consequences; see http://httpd.apache.org/docs/2.4/logs.html#security for details. -#####`log_level` +##### `log_level` Specifies the verbosity of the error log. Defaults to 'warn' for the global server configuration and can be overridden on a per-vhost basis. Valid values are 'emerg', 'alert', 'crit', 'error', 'warn', 'notice', 'info' or 'debug'. -######`modsec_body_limit` +###### `modsec_body_limit` Configures the maximum request body size (in bytes) ModSecurity will accept for buffering -######`modsec_disable_vhost` +###### `modsec_disable_vhost` Boolean. Only valid if apache::mod::security is included. Used to disable mod_security on an individual vhost. Only relevant if apache::mod::security is included. -######`modsec_disable_ids` +###### `modsec_disable_ids` Array of mod_security IDs to remove from the vhost. Also takes a hash allowing removal of an ID from a specific location. -```puppet +~~~ puppet apache::vhost { 'sample.example.net': modsec_disable_ids => [ 90015, 90016 ], } -``` +~~~ -```puppet +~~~ puppet apache::vhost { 'sample.example.net': modsec_disable_ids => { '/location1' => [ 90015, 90016 ] }, } -``` +~~~ -######`modsec_disable_ips` +###### `modsec_disable_ips` Array of IPs to exclude from mod_security rule matching -#####`no_proxy_uris` +##### `no_proxy_uris` Specifies URLs you do not want to proxy. This parameter is meant to be used in combination with [`proxy_dest`](#proxy_dest). -#####`no_proxy_uris_match` +##### `no_proxy_uris_match` This directive is equivalent to `no_proxy_uris`, but takes regular expressions. -#####`proxy_preserve_host` +##### `proxy_preserve_host` -Sets the [ProxyPreserveHost Directive](http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxypreservehost). true Enables the Host: line from an incoming request to be proxied to the host instead of hostname . false sets this option to off (default). +Sets the [ProxyPreserveHost Directive](http://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypreservehost). Valid options: Boolean. Default: 'false'. -#####`proxy_error_override` +Setting this parameter to 'true' enables the `Host:` line from an incoming request to be proxied to the host instead of hostname. 'false' sets this option to 'Off'. -Sets the [ProxyErrorOverride Directive](http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxyerroroverride). This directive controls whether apache should override error pages for proxied content. This option is off by default. +##### `proxy_error_override` -#####`options` +Sets the [ProxyErrorOverride Directive](http://httpd.apache.org/docs/current/mod/mod_proxy.html#proxyerroroverride). This directive controls whether apache should override error pages for proxied content. This option is off by default. -Sets the [Options](http://httpd.apache.org/docs/current/mod/core.html#options) for the specified virtual host. Defaults to '['Indexes','FollowSymLinks','MultiViews']', as demonstrated below: +##### `options` -```puppet +Sets the [`Options`][] for the specified virtual host. Default: ['Indexes','FollowSymLinks','MultiViews'], as demonstrated below: + +~~~ puppet apache::vhost { 'site.name.fdqn': … options => ['Indexes','FollowSymLinks','MultiViews'], } -``` +~~~ -*Note:* If you use [`directories`](#parameter-directories-for-apachevhost), 'Options', 'Override', and 'DirectoryIndex' are ignored because they are parameters within `directories`. +**Note**: If you use the [`directories`][] parameter of [`apache::vhost`][], 'Options', 'Override', and 'DirectoryIndex' are ignored because they are parameters within `directories`. -#####`override` +##### `override` Sets the overrides for the specified virtual host. Accepts an array of [AllowOverride](http://httpd.apache.org/docs/current/mod/core.html#allowoverride) arguments. Defaults to '[none]'. -#####`passenger_app_root` +##### `passenger_app_root` Sets [PassengerRoot](https://www.phusionpassenger.com/documentation/Users%20guide%20Apache.html#PassengerAppRoot), the location of the Passenger application root if different from the DocumentRoot. -#####`passenger_app_env` +##### `passenger_app_env` Sets [PassengerAppEnv](https://www.phusionpassenger.com/documentation/Users%20guide%20Apache.html#PassengerAppEnv), the environment for the Passenger application. If not specifies, defaults to the global setting or 'production'. -#####`passenger_ruby` +##### `passenger_ruby` Sets [PassengerRuby](https://www.phusionpassenger.com/documentation/Users%20guide%20Apache.html#PassengerRuby) on this virtual host, the Ruby interpreter to use for the application. -#####`passenger_min_instances` +##### `passenger_min_instances` Sets [PassengerMinInstances](https://www.phusionpassenger.com/documentation/Users%20guide%20Apache.html#PassengerMinInstances), the minimum number of application processes to run. -#####`passenger_start_timeout` +##### `passenger_start_timeout` Sets [PassengerStartTimeout](https://www.phusionpassenger.com/documentation/Users%20guide%20Apache.html#_passengerstarttimeout_lt_seconds_gt), the timeout for the application startup. -#####`passenger_pre_start` +##### `passenger_pre_start` Sets [PassengerPreStart](https://www.phusionpassenger.com/documentation/Users%20guide%20Apache.html#PassengerPreStart), the URL of the application if pre-starting is required. -#####`php_flags & values` +##### `php_flags & values` Allows per-vhost setting [`php_value`s or `php_flag`s](http://php.net/manual/en/configuration.changes.php). These flags or values can be overwritten by a user or an application. Defaults to '{}'. -#####`php_admin_flags & values` +##### `php_admin_flags & values` Allows per-vhost setting [`php_admin_value`s or `php_admin_flag`s](http://php.net/manual/en/configuration.changes.php). These flags or values cannot be overwritten by a user or an application. Defaults to '{}'. -#####`port` +##### `port` Sets the port the host is configured on. The module's defaults ensure the host listens on port 80 for non-SSL vhosts and port 443 for SSL vhosts. The host only listens on the port set in this parameter. -#####`priority` +##### `priority` Sets the relative load-order for Apache HTTPD VirtualHost configuration files. Defaults to '25'. @@ -1428,15 +2090,15 @@ If nothing matches the priority, the first name-based vhost is used. Likewise, p Pass priority `false` to omit the priority prefix in file names. -#####`proxy_dest` +##### `proxy_dest` Specifies the destination address of a [ProxyPass](http://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypass) configuration. Defaults to 'undef'. -#####`proxy_pass` +##### `proxy_pass` Specifies an array of `path => URI` for a [ProxyPass](http://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypass) configuration. Defaults to 'undef'. Optionally parameters can be added as an array. -```puppet +~~~ puppet apache::vhost { 'site.name.fdqn': … proxy_pass => [ @@ -1451,75 +2113,78 @@ apache::vhost { 'site.name.fdqn': 'keywords' => ['nocanon', 'interpolate'] }, { 'path' => '/f', 'url' => 'http://backend-f/', 'setenv' => ['proxy-nokeepalive 1','force-proxy-request-1.0 1']}, + { 'path' => '/g', 'url' => 'http://backend-g/', + 'reverse_cookies' => [{'path' => '/g', 'url' => 'http://backend-g/',}], }, ], } -``` +~~~ `reverse_urls` is optional and can be an array or a string. It is useful when used with `mod_proxy_balancer`. +`reverse_cookies` is optional and is used to set ProxyPassReverseCookiePath. `params` is an optional parameter. It allows to provide the ProxyPass key=value parameters (Connection settings). `setenv` is optional and is an array to set environment variables for the proxy directive, for details see http://httpd.apache.org/docs/current/mod/mod_proxy.html#envsettings -#####`proxy_dest_match` +##### `proxy_dest_match` This directive is equivalent to proxy_dest, but takes regular expressions, see [ProxyPassMatch](http://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypassmatch) for details. -#####`proxy_dest_reverse_match` +##### `proxy_dest_reverse_match` Allows you to pass a ProxyPassReverse if `proxy_dest_match` is specified. See [ProxyPassReverse](http://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypassreverse) for details. -#####`proxy_pass_match` +##### `proxy_pass_match` This directive is equivalent to proxy_pass, but takes regular expressions, see [ProxyPassMatch](http://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypassmatch) for details. -#####`rack_base_uris` +##### `rack_base_uris` Specifies the resource identifiers for a rack configuration. The file paths specified are listed as rack application roots for [Phusion Passenger](http://www.modrails.com/documentation/Users%20guide%20Apache.html#_railsbaseuri_and_rackbaseuri) in the _rack.erb template. Defaults to 'undef'. -#####`redirect_dest` +##### `redirect_dest` Specifies the address to redirect to. Defaults to 'undef'. -#####`redirect_source` +##### `redirect_source` Specifies the source URIs that redirect to the destination specified in `redirect_dest`. If more than one item for redirect is supplied, the source and destination must be the same length, and the items are order-dependent. -```puppet +~~~ puppet apache::vhost { 'site.name.fdqn': … redirect_source => ['/images','/downloads'], redirect_dest => ['http://img.example.com/','http://downloads.example.com/'], } -``` +~~~ -#####`redirect_status` +##### `redirect_status` Specifies the status to append to the redirect. Defaults to 'undef'. -```puppet +~~~ puppet apache::vhost { 'site.name.fdqn': … redirect_status => ['temp','permanent'], } -``` +~~~ -#####`redirectmatch_regexp` & `redirectmatch_status` & `redirectmatch_dest` +##### `redirectmatch_regexp` & `redirectmatch_status` & `redirectmatch_dest` Determines which server status should be raised for a given regular expression and where to forward the user to. Entered as arrays. Defaults to 'undef'. -```puppet +~~~ puppet apache::vhost { 'site.name.fdqn': … redirectmatch_status => ['404','404'], redirectmatch_regexp => ['\.git(/.*|$)/','\.svn(/.*|$)'], redirectmatch_dest => ['http://www.example.com/1','http://www.example.com/2'], } -``` +~~~ -#####`request_headers` +##### `request_headers` Modifies collected [request headers](http://httpd.apache.org/docs/current/mod/mod_headers.html#requestheader) in various ways, including adding additional request headers, removing request headers, etc. Defaults to 'undef'. -```puppet +~~~ puppet apache::vhost { 'site.name.fdqn': … request_headers => [ @@ -1527,24 +2192,23 @@ Modifies collected [request headers](http://httpd.apache.org/docs/current/mod/mo 'unset MirrorID', ], } -``` - -#####`rewrites` +~~~ +##### `rewrites` Creates URL rewrite rules. Expects an array of hashes, and the hash keys can be any of 'comment', 'rewrite_base', 'rewrite_cond', 'rewrite_rule' or 'rewrite_map'. Defaults to 'undef'. For example, you can specify that anyone trying to access index.html is served welcome.html -```puppet +~~~ puppet apache::vhost { 'site.name.fdqn': … rewrites => [ { rewrite_rule => ['^index\.html$ welcome.html'] } ] } -``` +~~~ The parameter allows rewrite conditions that, when true, execute the associated rule. For instance, if you wanted to rewrite URLs only if the visitor is using IE -```puppet +~~~ puppet apache::vhost { 'site.name.fdqn': … rewrites => [ @@ -1555,11 +2219,11 @@ The parameter allows rewrite conditions that, when true, execute the associated }, ], } -``` +~~~ You can also apply multiple conditions. For instance, rewrite index.html to welcome.html only when the browser is Lynx or Mozilla (version 1 or 2) -```puppet +~~~ puppet apache::vhost { 'site.name.fdqn': … rewrites => [ @@ -1570,11 +2234,11 @@ You can also apply multiple conditions. For instance, rewrite index.html to welc }, ], } -``` +~~~ Multiple rewrites and conditions are also possible -```puppet +~~~ puppet apache::vhost { 'site.name.fdqn': … rewrites => [ @@ -1599,21 +2263,21 @@ Multiple rewrites and conditions are also possible }, ], } -``` +~~~ Refer to the [`mod_rewrite` documentation](http://httpd.apache.org/docs/current/mod/mod_rewrite.html) for more details on what is possible with rewrite rules and conditions. -#####`scriptalias` +##### `scriptalias` Defines a directory of CGI scripts to be aliased to the path '/cgi-bin', for example: '/usr/scripts'. Defaults to 'undef'. -#####`scriptaliases` +##### `scriptaliases` *Note*: This parameter is deprecated in favour of the `aliases` parameter. Passes an array of hashes to the vhost to create either ScriptAlias or ScriptAliasMatch statements as per the [`mod_alias` documentation](http://httpd.apache.org/docs/current/mod/mod_alias.html). These hashes are formatted as follows: -```puppet +~~~ puppet scriptaliases => [ { alias => '/myscript', @@ -1632,39 +2296,39 @@ Passes an array of hashes to the vhost to create either ScriptAlias or ScriptAli path => '/usr/share/neatscript', }, ] -``` +~~~ The ScriptAlias and ScriptAliasMatch directives are created in the order specified. As with [Alias and AliasMatch](#aliases) directives, more specific aliases should come before more general ones to avoid shadowing. -#####`serveradmin` +##### `serveradmin` Specifies the email address Apache displays when it renders one of its error pages. Defaults to 'undef'. -#####`serveraliases` +##### `serveraliases` Sets the [ServerAliases](http://httpd.apache.org/docs/current/mod/core.html#serveralias) of the site. Defaults to '[]'. -#####`servername` +##### `servername` Sets the servername corresponding to the hostname you connect to the virtual host at. Defaults to the title of the resource. -#####`setenv` +##### `setenv` Used by HTTPD to set environment variables for vhosts. Defaults to '[]'. Example: -```puppet +~~~ puppet apache::vhost { 'setenv.example.com': setenv => ['SPECIAL_PATH /foo/bin'], } -``` +~~~ -#####`setenvif` +##### `setenvif` Used by HTTPD to conditionally set environment variables for vhosts. Defaults to '[]'. -#####`suphp_addhandler`, `suphp_configpath`, & `suphp_engine` +##### `suphp_addhandler`, `suphp_configpath`, & `suphp_engine` Set up a virtual host with [suPHP](http://suphp.org/DocumentationView.html?file=apache/CONFIG). @@ -1676,7 +2340,7 @@ Set up a virtual host with [suPHP](http://suphp.org/DocumentationView.html?file= To set up a virtual host with suPHP -```puppet +~~~ puppet apache::vhost { 'suphp.example.com': port => '80', docroot => '/home/appuser/myphpapp', @@ -1687,17 +2351,17 @@ To set up a virtual host with suPHP 'suphp' => { user => 'myappuser', group => 'myappgroup' }, } } -``` +~~~ -#####`vhost_name` +##### `vhost_name` Enables name-based virtual hosting. If no IP is passed to the virtual host, but the vhost is assigned a port, then the vhost name is 'vhost_name:port'. If the virtual host has no assigned IP or port, the vhost name is set to the title of the resource. Defaults to '*'. -#####`virtual_docroot` +##### `virtual_docroot` Sets up a virtual host with a wildcard alias subdomain mapped to a directory with the same name. For example, 'http://example.com' would map to '/var/www/example.com'. Defaults to 'false'. -```puppet +~~~ puppet apache::vhost { 'subdomain.loc': vhost_name => '*', port => '80', @@ -1705,9 +2369,9 @@ Sets up a virtual host with a wildcard alias subdomain mapped to a directory wit docroot => '/var/www', serveraliases => ['*.loc',], } -``` +~~~ -#####`wsgi_daemon_process`, `wsgi_daemon_process_options`, `wsgi_process_group`, `wsgi_script_aliases`, & `wsgi_pass_authorization` +##### `wsgi_daemon_process`, `wsgi_daemon_process_options`, `wsgi_process_group`, `wsgi_script_aliases`, & `wsgi_pass_authorization` Set up a virtual host with [WSGI](https://code.google.com/p/modwsgi/). @@ -1725,7 +2389,7 @@ Set up a virtual host with [WSGI](https://code.google.com/p/modwsgi/). To set up a virtual host with WSGI -```puppet +~~~ puppet apache::vhost { 'wsgi.example.com': port => '80', docroot => '/var/www/pythonapp', @@ -1739,7 +2403,7 @@ To set up a virtual host with WSGI wsgi_script_aliases => { '/' => '/var/www/demo.wsgi' }, wsgi_chunked_request => 'On', } -``` +~~~ ####Parameter `directories` for `apache::vhost` @@ -1751,7 +2415,7 @@ The `provider` key is optional. If missing, this key defaults to 'directory'. Va General `directories` usage looks something like -```puppet +~~~ puppet apache::vhost { 'files.example.net': docroot => '/var/www/files', directories => [ @@ -1761,26 +2425,26 @@ General `directories` usage looks something like }, ], } -``` +~~~ *Note:* At least one directory should match the `docroot` parameter. After you start declaring directories, `apache::vhost` assumes that all required Directory blocks will be declared. If not defined, a single default Directory block is created that matches the `docroot` parameter. Available handlers, represented as keys, should be placed within the `directory`, `files`, or `location` hashes. This looks like -```puppet +~~~ puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', directories => [ { path => '/path/to/directory', handler => value } ], } -``` +~~~ Any handlers you do not set in these hashes are considered 'undefined' within Puppet and are not added to the virtual host, resulting in the module using their default values. Supported handlers are: -######`addhandlers` +###### `addhandlers` Sets [AddHandler](http://httpd.apache.org/docs/current/mod/mod_mime.html#addhandler) directives, which map filename extensions to the specified handler. Accepts a list of hashes, with `extensions` serving to list the extensions being managed by the handler, and takes the form: `{ handler => 'handler-name', extensions => ['extension']}`. -```puppet +~~~ puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', directories => [ @@ -1789,13 +2453,13 @@ Sets [AddHandler](http://httpd.apache.org/docs/current/mod/mod_mime.html#addhand }, ], } -``` +~~~ -######`allow` +###### `allow` Sets an [Allow](http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#allow) directive, which groups authorizations based on hostnames or IPs. **Deprecated:** This parameter is being deprecated due to a change in Apache. It only works with Apache 2.2 and lower. You can use it as a single string for one rule or as an array for more than one. -```puppet +~~~ puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', directories => [ @@ -1804,13 +2468,13 @@ Sets an [Allow](http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#allow) }, ], } -``` +~~~ -######`allow_override` +###### `allow_override` Sets the types of directives allowed in [.htaccess](http://httpd.apache.org/docs/current/mod/core.html#allowoverride) files. Accepts an array. -```puppet +~~~ puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', directories => [ @@ -1819,69 +2483,69 @@ Sets the types of directives allowed in [.htaccess](http://httpd.apache.org/docs }, ], } -``` +~~~ -######`auth_basic_authoritative` +###### `auth_basic_authoritative` Sets the value for [AuthBasicAuthoritative](https://httpd.apache.org/docs/current/mod/mod_auth_basic.html#authbasicauthoritative), which determines whether authorization and authentication are passed to lower level Apache modules. -######`auth_basic_fake` +###### `auth_basic_fake` Sets the value for [AuthBasicFake](http://httpd.apache.org/docs/current/mod/mod_auth_basic.html#authbasicfake), which statically configures authorization credentials for a given directive block. -######`auth_basic_provider` +###### `auth_basic_provider` Sets the value for [AuthBasicProvider] (http://httpd.apache.org/docs/current/mod/mod_auth_basic.html#authbasicprovider), which sets the authentication provider for a given location. -######`auth_digest_algorithm` +###### `auth_digest_algorithm` Sets the value for [AuthDigestAlgorithm](http://httpd.apache.org/docs/current/mod/mod_auth_digest.html#authdigestalgorithm), which selects the algorithm used to calculate the challenge and response hashes. -######`auth_digest_domain` +###### `auth_digest_domain` Sets the value for [AuthDigestDomain](http://httpd.apache.org/docs/current/mod/mod_auth_digest.html#authdigestdomain), which allows you to specify one or more URIs in the same protection space for digest authentication. -######`auth_digest_nonce_lifetime` +###### `auth_digest_nonce_lifetime` Sets the value for [AuthDigestNonceLifetime](http://httpd.apache.org/docs/current/mod/mod_auth_digest.html#authdigestnoncelifetime), which controls how long the server nonce is valid. -######`auth_digest_provider` +###### `auth_digest_provider` Sets the value for [AuthDigestProvider](http://httpd.apache.org/docs/current/mod/mod_auth_digest.html#authdigestprovider), which sets the authentication provider for a given location. -######`auth_digest_qop` +###### `auth_digest_qop` Sets the value for [AuthDigestQop](http://httpd.apache.org/docs/current/mod/mod_auth_digest.html#authdigestqop), which determines the quality-of-protection to use in digest authentication. -######`auth_digest_shmem_size` +###### `auth_digest_shmem_size` Sets the value for [AuthAuthDigestShmemSize](http://httpd.apache.org/docs/current/mod/mod_auth_digest.html#authdigestshmemsize), which defines the amount of shared memory allocated to the server for keeping track of clients. -######`auth_group_file` +###### `auth_group_file` Sets the value for [AuthGroupFile](https://httpd.apache.org/docs/current/mod/mod_authz_groupfile.html#authgroupfile), which sets the name of the text file containing the list of user groups for authorization. -######`auth_name` +###### `auth_name` Sets the value for [AuthName](http://httpd.apache.org/docs/current/mod/mod_authn_core.html#authname), which sets the name of the authorization realm. -######`auth_require` +###### `auth_require` Sets the entity name you're requiring to allow access. Read more about [Require](http://httpd.apache.org/docs/current/mod/mod_authz_host.html#requiredirectives). -######`auth_type` +###### `auth_type` Sets the value for [AuthType](http://httpd.apache.org/docs/current/mod/mod_authn_core.html#authtype), which guides the type of user authentication. -######`auth_user_file` +###### `auth_user_file` Sets the value for [AuthUserFile](http://httpd.apache.org/docs/current/mod/mod_authn_file.html#authuserfile), which sets the name of the text file containing the users/passwords for authentication. -######`custom_fragment` +###### `custom_fragment` Pass a string of custom configuration directives to be placed at the end of the directory configuration. -```puppet +~~~ puppet apache::vhost { 'monitor': … directories => [ @@ -1902,13 +2566,13 @@ Pass a string of custom configuration directives to be placed at the end of the }, ] } -``` +~~~ -######`deny` +###### `deny` Sets a [Deny](http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#deny) directive, specifying which hosts are denied access to the server. **Deprecated:** This parameter is being deprecated due to a change in Apache. It only works with Apache 2.2 and lower. You can use it as a single string for one rule or as an array for more than one. -```puppet +~~~ puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', directories => [ @@ -1917,13 +2581,13 @@ Sets a [Deny](http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#deny) dir }, ], } -``` +~~~ -######`error_documents` +###### `error_documents` An array of hashes used to override the [ErrorDocument](https://httpd.apache.org/docs/current/mod/core.html#errordocument) settings for the directory. -```puppet +~~~ puppet apache::vhost { 'sample.example.net': directories => [ { path => '/srv/www', @@ -1935,14 +2599,14 @@ An array of hashes used to override the [ErrorDocument](https://httpd.apache.org }, ], } -``` +~~~ -######`geoip_enable` +###### `geoip_enable` Sets the [GeoIPEnable](http://dev.maxmind.com/geoip/legacy/mod_geoip2/#Configuration) directive. Note that you must declare `class {'apache::mod::geoip': }` before using this directive. -```puppet +~~~ puppet apache::vhost { 'first.example.com': docroot => '/var/www/first', directories => [ @@ -1951,13 +2615,13 @@ Note that you must declare `class {'apache::mod::geoip': }` before using this di }, ], } -``` +~~~ -######`headers` +###### `headers` Adds lines for [Header](http://httpd.apache.org/docs/current/mod/mod_headers.html#header) directives. -```puppet +~~~ puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', directories => { @@ -1965,13 +2629,13 @@ Adds lines for [Header](http://httpd.apache.org/docs/current/mod/mod_headers.htm headers => 'Set X-Robots-Tag "noindex, noarchive, nosnippet"', }, } -``` +~~~ -######`index_options` +###### `index_options` Allows configuration settings for [directory indexing](http://httpd.apache.org/docs/current/mod/mod_autoindex.html#indexoptions). -```puppet +~~~ puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', directories => [ @@ -1982,13 +2646,13 @@ Allows configuration settings for [directory indexing](http://httpd.apache.org/d }, ], } -``` +~~~ -######`index_order_default` +###### `index_order_default` Sets the [default ordering](http://httpd.apache.org/docs/current/mod/mod_autoindex.html#indexorderdefault) of the directory index. -```puppet +~~~ puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', directories => [ @@ -1998,13 +2662,13 @@ Sets the [default ordering](http://httpd.apache.org/docs/current/mod/mod_autoind }, ], } -``` +~~~ -######`index_style_sheet` +###### `index_style_sheet` Sets the [IndexStyleSheet](http://httpd.apache.org/docs/current/mod/mod_autoindex.html#indexstylesheet) which adds a CSS stylesheet to the directory index. -```puppet +~~~ puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', directories => [ @@ -2015,13 +2679,76 @@ Sets the [IndexStyleSheet](http://httpd.apache.org/docs/current/mod/mod_autoinde }, ], } -``` +~~~ + +###### `mellon_enable` + +Sets the [MellonEnable](https://github.com/UNINETT/mod_auth_mellon) to enable auth_melon on a location. + +~~~ puppet +apache::vhost{'sample.example.net': + docroot => '/path/to/directory', + directories => [ + { path => '/', + provider => 'directory', + mellon_enable => 'info', + mellon_sp_private_key_file => '/etc/certs/${::fqdn}.key, + mellon_endpoint_path => '/mellon', + mellon_set_env_no_prefix => { 'ADFS_GROUP' => 'http://schemas.xmlsoap.org/claims/Group', + 'ADFS_EMAIL' => 'http://schemas.xmlsoap.org/claims/EmailAddress'}, + mellon_user => 'ADFS_LOGIN' + }, + { path => '/protected', + provider => 'location', + mellon_enable => 'auth', + auth_type => 'Mellon', + auth_require => 'valid-user', + mellon_cond => ['ADFS_LOGIN userA [MAP]','ADFS_LOGIN userB [MAP]'] + } + ] +} + +###### `mellon_cond` + +Sets the [MellonCond](https://github.com/UNINETT/mod_auth_mellon) is an array of mellon conditions that must +be met to grant access. + + +###### `mellon_endpoint_path` + +Sets the [MellonEndpointPath](https://github.com/UNINETT/mod_auth_mellon) to set melon endpoint path. + +###### `mellon_idp_metadata_file` + +Sets the [MellonIDPMetadataFile](https://github.com/UNINETT/mod_auth_mellon) location of idp metadata file. + +###### `mellon_saml_rsponse_dump` + +Sets the [MellonSamlRepsponseDump](https://github.com/UNINETT/mod_auth_mellon) to enable debug of SAML. + +###### `mellon_set_env_no_prefix` + +Sets the [MellonSetEnvNoPrefix](https://github.com/UNINETT/mod_auth_mellon) is a hash of attribute names to map +to environment variables. + + +###### `mellon_sp_private_key_file` + +Sets the [MellonSPPrivateKeyFile](https://github.com/UNINETT/mod_auth_mellon) private key location of service provider. + +###### `mellon_sp_cert_file` + +Sets the [MellonSPCertFile](https://github.com/UNINETT/mod_auth_mellon) public key location of service provider. + +###### `mellon_user` -######`options` +Sets the [MellonUser](https://github.com/UNINETT/mod_auth_mellon) attribute we should use for the username. + +###### `options` Lists the [Options](http://httpd.apache.org/docs/current/mod/core.html#options) for the given Directory block. -```puppet +~~~ puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', directories => [ @@ -2030,13 +2757,13 @@ Lists the [Options](http://httpd.apache.org/docs/current/mod/core.html#options) }, ], } -``` +~~~ -######`order` +###### `order` Sets the order of processing Allow and Deny statements as per [Apache core documentation](http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#order). **Deprecated:** This parameter is being deprecated due to a change in Apache. It only works with Apache 2.2 and lower. -```puppet +~~~ puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', directories => [ @@ -2045,13 +2772,13 @@ Sets the order of processing Allow and Deny statements as per [Apache core docum }, ], } -``` +~~~ -######`passenger_enabled` +###### `passenger_enabled` Sets the value for the [PassengerEnabled](http://www.modrails.com/documentation/Users%20guide%20Apache.html#PassengerEnabled) directory to 'on' or 'off'. Requires `apache::mod::passenger` to be included. -```puppet +~~~ puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', directories => [ @@ -2060,24 +2787,24 @@ Sets the value for the [PassengerEnabled](http://www.modrails.com/documentation/ }, ], } -``` +~~~ *Note:* Be aware that there is an [issue](http://www.conandalton.net/2010/06/passengerenabled-off-not-working.html) using the PassengerEnabled directive with the PassengerHighPerformance directive. -######`php_value` and `php_flag` +###### `php_value` and `php_flag` `php_value` sets the value of the directory, and `php_flag` uses a boolean to configure the directory. Further information can be found [here](http://php.net/manual/en/configuration.changes.php). -######`php_admin_value` and `php_admin_flag` +###### `php_admin_value` and `php_admin_flag` `php_admin_value` sets the value of the directory, and `php_admin_flag` uses a boolean to configure the directory. Further information can be found [here](http://php.net/manual/en/configuration.changes.php). -######`satisfy` +###### `satisfy` Sets a `Satisfy` directive as per the [Apache Core documentation](http://httpd.apache.org/docs/2.2/mod/core.html#satisfy). **Deprecated:** This parameter is being deprecated due to a change in Apache. It only works with Apache 2.2 and lower. -```puppet +~~~ puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', directories => [ @@ -2086,13 +2813,13 @@ Sets a `Satisfy` directive as per the [Apache Core documentation](http://httpd.a } ], } -``` +~~~ -######`sethandler` +###### `sethandler` Sets a `SetHandler` directive as per the [Apache Core documentation](http://httpd.apache.org/docs/2.2/mod/core.html#sethandler). An example: -```puppet +~~~ puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', directories => [ @@ -2101,13 +2828,13 @@ Sets a `SetHandler` directive as per the [Apache Core documentation](http://http } ], } -``` +~~~ -######`rewrites` +###### `rewrites` Creates URL [`rewrites`](#rewrites) rules in vhost directories. Expects an array of hashes, and the hash keys can be any of 'comment', 'rewrite_base', 'rewrite_cond', or 'rewrite_rule'. -```puppet +~~~ puppet apache::vhost { 'secure.example.net': docroot => '/path/to/directory', directories => [ @@ -2126,15 +2853,15 @@ Creates URL [`rewrites`](#rewrites) rules in vhost directories. Expects an array }, ], } -``` +~~~ ***Note*** If you include rewrites in your directories make sure you are also including `apache::mod::rewrite`. You may also want to consider setting the rewrites using the `rewrites` parameter in `apache::vhost` rather than setting the rewrites in the vhost directories. -######`shib_request_setting` +###### `shib_request_setting` Allows an valid content setting to be set or altered for the application request. This command takes two parameters, the name of the content setting, and the value to set it to.Check the Shibboleth [content setting documentation](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPContentSettings) for valid settings. This key is disabled if `apache::mod::shib` is not defined. Check the [`mod_shib` documentation](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig#NativeSPApacheConfig-Server/VirtualHostOptions) for more details. -```puppet +~~~ puppet apache::vhost { 'secure.example.net': docroot => '/path/to/directory', directories => [ @@ -2144,17 +2871,17 @@ Allows an valid content setting to be set or altered for the application request }, ], } -``` +~~~ -######`shib_use_headers` +###### `shib_use_headers` When set to 'On' this turns on the use of request headers to publish attributes to applications. Valid values for this key is 'On' or 'Off', and the default value is 'Off'. This key is disabled if `apache::mod::shib` is not defined. Check the [`mod_shib` documentation](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig#NativeSPApacheConfig-Server/VirtualHostOptions) for more details. -######`ssl_options` +###### `ssl_options` String or list of [SSLOptions](https://httpd.apache.org/docs/current/mod/mod_ssl.html#ssloptions), which configure SSL engine run-time options. This handler takes precedence over SSLOptions set in the parent block of the vhost. -```puppet +~~~ puppet apache::vhost { 'secure.example.net': docroot => '/path/to/directory', directories => [ @@ -2166,13 +2893,13 @@ String or list of [SSLOptions](https://httpd.apache.org/docs/current/mod/mod_ssl }, ], } -``` +~~~ -######`suphp` +###### `suphp` A hash containing the 'user' and 'group' keys for the [suPHP_UserGroup](http://www.suphp.org/DocumentationView.html?file=apache/CONFIG) setting. It must be used with `suphp_engine => on` in the vhost declaration, and can only be passed within `directories`. -```puppet +~~~ puppet apache::vhost { 'secure.example.net': docroot => '/path/to/directory', directories => [ @@ -2184,119 +2911,119 @@ A hash containing the 'user' and 'group' keys for the [suPHP_UserGroup](http://w }, ], } -``` +~~~ ####SSL parameters for `apache::vhost` All of the SSL parameters for `::vhost` default to whatever is set in the base `apache` class. Use the below parameters to tweak individual SSL settings for specific vhosts. -#####`ssl` +##### `ssl` Enables SSL for the virtual host. SSL vhosts only respond to HTTPS queries. Valid values are 'true' or 'false'. Defaults to 'false'. -#####`ssl_ca` +##### `ssl_ca` Specifies the SSL certificate authority. Defaults to 'undef'. -#####`ssl_cert` +##### `ssl_cert` Specifies the SSL certification. Defaults are based on your OS: '/etc/pki/tls/certs/localhost.crt' for RedHat, '/etc/ssl/certs/ssl-cert-snakeoil.pem' for Debian, '/usr/local/etc/apache22/server.crt' for FreeBSD, and '/etc/ssl/apache2/server.crt' on Gentoo. -#####`ssl_protocol` +##### `ssl_protocol` Specifies [SSLProtocol](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslprotocol). Expects an array of accepted protocols. Defaults to 'all', '-SSLv2', '-SSLv3'. -#####`ssl_cipher` +##### `ssl_cipher` Specifies [SSLCipherSuite](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslciphersuite). Defaults to 'HIGH:MEDIUM:!aNULL:!MD5'. -#####`ssl_honorcipherorder` +##### `ssl_honorcipherorder` Sets [SSLHonorCipherOrder](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslhonorcipherorder), which is used to prefer the server's cipher preference order. Defaults to 'On' in the base `apache` config. -#####`ssl_certs_dir` +##### `ssl_certs_dir` Specifies the location of the SSL certification directory. Defaults to '/etc/ssl/certs' on Debian, '/etc/pki/tls/certs' on RedHat, '/usr/local/etc/apache22' on FreeBSD, and '/etc/ssl/apache2' on Gentoo. -#####`ssl_chain` +##### `ssl_chain` Specifies the SSL chain. Defaults to 'undef'. (This default works out of the box, but it must be updated in the base `apache` class with your specific certificate information before being used in production.) -#####`ssl_crl` +##### `ssl_crl` Specifies the certificate revocation list to use. Defaults to 'undef'. (This default works out of the box but must be updated in the base `apache` class with your specific certificate information before being used in production.) -#####`ssl_crl_path` +##### `ssl_crl_path` Specifies the location of the certificate revocation list. Defaults to 'undef'. (This default works out of the box but must be updated in the base `apache` class with your specific certificate information before being used in production.) -#####`ssl_crl_check` +##### `ssl_crl_check` Sets the certificate revocation check level via the [SSLCARevocationCheck directive](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcarevocationcheck), defaults to 'undef'. This default works out of the box but must be specified when using CRLs in production. Only applicable to Apache 2.4 or higher; the value is ignored on older versions. -#####`ssl_key` +##### `ssl_key` Specifies the SSL key. Defaults are based on your operating system: '/etc/pki/tls/private/localhost.key' for RedHat, '/etc/ssl/private/ssl-cert-snakeoil.key' for Debian, '/usr/local/etc/apache22/server.key' for FreeBSD, and '/etc/ssl/apache2/server.key' on Gentoo. (This default works out of the box but must be updated in the base `apache` class with your specific certificate information before being used in production.) -#####`ssl_verify_client` +##### `ssl_verify_client` Sets the [SSLVerifyClient](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslverifyclient) directive, which sets the certificate verification level for client authentication. Valid values are: 'none', 'optional', 'require', and 'optional_no_ca'. Defaults to 'undef'. -```puppet +~~~ puppet apache::vhost { 'sample.example.net': … ssl_verify_client => 'optional', } -``` +~~~ -#####`ssl_verify_depth` +##### `ssl_verify_depth` Sets the [SSLVerifyDepth](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslverifydepth) directive, which specifies the maximum depth of CA certificates in client certificate verification. Defaults to 'undef'. -```puppet +~~~ puppet apache::vhost { 'sample.example.net': … ssl_verify_depth => 1, } -``` +~~~ -#####`ssl_options` +##### `ssl_options` Sets the [SSLOptions](http://httpd.apache.org/docs/current/mod/mod_ssl.html#ssloptions) directive, which configures various SSL engine run-time options. This is the global setting for the given vhost and can be a string or an array. Defaults to 'undef'. A string: -```puppet +~~~ puppet apache::vhost { 'sample.example.net': … ssl_options => '+ExportCertData', } -``` +~~~ An array: -```puppet +~~~ puppet apache::vhost { 'sample.example.net': … ssl_options => [ '+StrictRequire', '+ExportCertData' ], } -``` +~~~ -#####`ssl_openssl_conf_cmd` +##### `ssl_openssl_conf_cmd` Sets the [SSLOpenSSLConfCmd](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslopensslconfcmd) directive, which provides direct configuration of OpenSSL parameters. Defaults to 'undef'. -#####`ssl_proxyengine` +##### `ssl_proxyengine` Specifies whether or not to use [SSLProxyEngine](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyengine). Valid values are 'true' and 'false'. Defaults to 'false'. -####Defined Type: FastCGI Server +####Define: FastCGI Server This type is intended for use with mod_fastcgi. It allows you to define one or more external FastCGI servers to handle specific file types. Ex: -```puppet +~~~ puppet apache::fastcgi::server { 'php': host => '127.0.0.1:9000', timeout => 15, @@ -2305,426 +3032,168 @@ apache::fastcgi::server { 'php': fcgi_alias => '/php.fcgi', file_type => 'application/x-httpd-php' } -``` +~~~ Within your virtual host, you can then configure the specified file type to be handled by the fastcgi server specified above. -```puppet +~~~ puppet apache::vhost { 'www': ... custom_fragment => 'AddType application/x-httpd-php .php' ... } -``` +~~~ -#####`host` +##### `host` The hostname or IP address and TCP port number (1-65535) of the FastCGI server. -#####`timeout` +##### `timeout` The number of seconds of FastCGI application inactivity allowed before the request is aborted and the event is logged (at the error LogLevel). The inactivity timer applies only as long as a connection is pending with the FastCGI application. If a request is queued to an application, but the application doesn't respond (by writing and flushing) within this period, the request is aborted. If communication is complete with the application but incomplete with the client (the response is buffered), the timeout does not apply. -#####`flush` +##### `flush` Force a write to the client as data is received from the application. By default, mod_fastcgi buffers data in order to free the application as quickly as possible. -#####`faux_path` +##### `faux_path` `faux_path` does not have to exist in the local filesystem. URIs that Apache resolves to this filename are handled by this external FastCGI application. -#####`alias` +##### `alias` A unique alias. This is used internally to link the action with the FastCGI server. -#####`file_type` +##### `file_type` The MIME-type of the file to be processed by the FastCGI server. -###Virtual Host Examples - -The apache module allows you to set up pretty much any configuration of virtual host you might need. This section addresses some common configurations, but look at the [Tests section](https://github.com/puppetlabs/puppetlabs-apache/tree/master/tests) for even more examples. +### Private Defines -Configure a vhost with a server administrator +#### Define: `apache::peruser::multiplexer` -```puppet - apache::vhost { 'third.example.com': - port => '80', - docroot => '/var/www/third', - serveradmin => 'admin@example.com', - } -``` - -- - - - -Set up a vhost with aliased servers - -```puppet - apache::vhost { 'sixth.example.com': - serveraliases => [ - 'sixth.example.org', - 'sixth.example.net', - ], - port => '80', - docroot => '/var/www/fifth', - } -``` - -- - - - -Configure a vhost with a cgi-bin - -```puppet - apache::vhost { 'eleventh.example.com': - port => '80', - docroot => '/var/www/eleventh', - scriptalias => '/usr/lib/cgi-bin', - } -``` - -- - - - -Set up a vhost with a rack configuration - -```puppet - apache::vhost { 'fifteenth.example.com': - port => '80', - docroot => '/var/www/fifteenth', - rack_base_uris => ['/rackapp1', '/rackapp2'], - } -``` - -- - - - -Set up a mix of SSL and non-SSL vhosts at the same domain - -```puppet - #The non-ssl vhost - apache::vhost { 'first.example.com non-ssl': - servername => 'first.example.com', - port => '80', - docroot => '/var/www/first', - } - - #The SSL vhost at the same domain - apache::vhost { 'first.example.com ssl': - servername => 'first.example.com', - port => '443', - docroot => '/var/www/first', - ssl => true, - } -``` - -- - - - -Configure a vhost to redirect non-SSL connections to SSL - -```puppet - apache::vhost { 'sixteenth.example.com non-ssl': - servername => 'sixteenth.example.com', - port => '80', - docroot => '/var/www/sixteenth', - redirect_status => 'permanent', - redirect_dest => 'https://sixteenth.example.com/' - } - apache::vhost { 'sixteenth.example.com ssl': - servername => 'sixteenth.example.com', - port => '443', - docroot => '/var/www/sixteenth', - ssl => true, - } -``` - -- - - - -Set up IP-based vhosts on any listen port and have them respond to requests on specific IP addresses. In this example, we set listening on ports 80 and 81. This is required because the example vhosts are not declared with a port parameter. - -```puppet - apache::listen { '80': } - apache::listen { '81': } -``` - -Then we set up the IP-based vhosts - -```puppet - apache::vhost { 'first.example.com': - ip => '10.0.0.10', - docroot => '/var/www/first', - ip_based => true, - } - apache::vhost { 'second.example.com': - ip => '10.0.0.11', - docroot => '/var/www/second', - ip_based => true, - } -``` - -- - - - -Configure a mix of name-based and IP-based vhosts. First, we add two IP-based vhosts on 10.0.0.10, one SSL and one non-SSL - -```puppet - apache::vhost { 'The first IP-based vhost, non-ssl': - servername => 'first.example.com', - ip => '10.0.0.10', - port => '80', - ip_based => true, - docroot => '/var/www/first', - } - apache::vhost { 'The first IP-based vhost, ssl': - servername => 'first.example.com', - ip => '10.0.0.10', - port => '443', - ip_based => true, - docroot => '/var/www/first-ssl', - ssl => true, - } -``` - -Then, we add two name-based vhosts listening on 10.0.0.20 - -```puppet - apache::vhost { 'second.example.com': - ip => '10.0.0.20', - port => '80', - docroot => '/var/www/second', - } - apache::vhost { 'third.example.com': - ip => '10.0.0.20', - port => '80', - docroot => '/var/www/third', - } -``` - -If you want to add two name-based vhosts so that they answer on either 10.0.0.10 or 10.0.0.20, you **MUST** declare `add_listen => 'false'` to disable the otherwise automatic 'Listen 80', as it conflicts with the preceding IP-based vhosts. - -```puppet - apache::vhost { 'fourth.example.com': - port => '80', - docroot => '/var/www/fourth', - add_listen => false, - } - apache::vhost { 'fifth.example.com': - port => '80', - docroot => '/var/www/fifth', - add_listen => false, - } -``` - -###Load Balancing - -####Defined Type: `apache::balancer` - -`apache::balancer` creates an Apache balancer cluster. Each balancer cluster needs one or more balancer members, which are declared with [`apache::balancermember`](#defined-type-apachebalancermember). - -One `apache::balancer` defined resource should be defined for each Apache load balanced set of servers. The `apache::balancermember` resources for all balancer members can be exported and collected on a single Apache load balancer server using exported resources. - -**Parameters within `apache::balancer`:** - -#####`name` - -Sets the balancer cluster's title. This parameter also sets the title of the conf.d file. - -#####`proxy_set` - -Configures key-value pairs as [ProxySet](http://httpd.apache.org/docs/current/mod/mod_proxy.html#proxyset) lines. Accepts a hash, and defaults to '{}'. - -#####`collect_exported` - -Determines whether or not to use exported resources. Valid values 'true' and 'false', defaults to 'true'. - -If you statically declare all of your backend servers, you should set this to 'false' to rely on existing declared balancer member resources. Also make sure to use `apache::balancermember` with array arguments. - -If you wish to dynamically declare your backend servers via [exported resources](http://docs.puppetlabs.com/guides/exported_resources.html) collected on a central node, you must set this parameter to 'true' in order to collect the exported balancer member resources that were exported by the balancer member nodes. - -If you choose not to use exported resources, all balancer members will be configured in a single Puppet run. If you are using exported resources, Puppet has to run on the balanced nodes, then run on the balancer. - -####Defined Type: `apache::balancermember` - -Defines members of [mod_proxy_balancer](http://httpd.apache.org/docs/current/mod/mod_proxy_balancer.html), which sets up a balancer member inside a listening service configuration block in etc/apache/apache.cfg on the load balancer. - -**Parameters within `apache::balancermember`:** - -#####`name` - -Sets the title of the resource. This name also sets the name of the concat fragment. - -#####`balancer_cluster` - -Sets the Apache service's instance name. This must match the name of a declared `apache::balancer` resource. Required. - -#####`url` - -Specifies the URL used to contact the balancer member server. Defaults to 'http://${::fqdn}/'. - -#####`options` - -An array of [options](http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#balancermember) to be specified after the URL. Accepts any key-value pairs available to [ProxyPass](http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxypass). - -####Examples - -To load balance with exported resources, export the `balancermember` from the balancer member - -```puppet - @@apache::balancermember { "${::fqdn}-puppet00": - balancer_cluster => 'puppet00', - url => "ajp://${::fqdn}:8009" - options => ['ping=5', 'disablereuse=on', 'retry=5', 'ttl=120'], - } -``` - -Then, on the proxy server, create the balancer cluster - -```puppet - apache::balancer { 'puppet00': } -``` - -To load balance without exported resources, declare the following on the proxy +This define checks if an Apache module has a class. If it does, it includes that class. If it does not, it passes the module name to the [`apache::mod`][] define. -```puppet - apache::balancer { 'puppet00': } - apache::balancermember { "${::fqdn}-puppet00": - balancer_cluster => 'puppet00', - url => "ajp://${::fqdn}:8009" - options => ['ping=5', 'disablereuse=on', 'retry=5', 'ttl=120'], - } -``` - -Then declare `apache::balancer` and `apache::balancermember` on the proxy server. +#### Define: `apache::peruser::multiplexer` -If you need to use ProxySet in the balancer config - -```puppet - apache::balancer { 'puppet01': - proxy_set => {'stickysession' => 'JSESSIONID'}, - } -``` +Enables the [`Peruser`][] module for FreeBSD only. -##Reference +#### Define: `apache::peruser::processor` -###Classes +Enables the [`Peruser`][] module for FreeBSD only. -####Public Classes +#### Define: `apache::security::file_link` -* [`apache`](#class-apache): Guides the basic setup of Apache. -* `apache::dev`: Installs Apache development libraries. (*Note:* On FreeBSD, you must declare `apache::package` or `apache` before `apache::dev`.) -* [`apache::mod::[name]`](#classes-apachemodname): Enables specific Apache HTTPD modules. +Links the `activated_rules` from [`apache::mod::security`][] to the respective CRS rules on disk. -####Private Classes +### Templates -* `apache::confd::no_accf`: Creates the no-accf.conf configuration file in conf.d, required by FreeBSD's Apache 2.4. -* `apache::default_confd_files`: Includes conf.d files for FreeBSD. -* `apache::default_mods`: Installs the Apache modules required to run the default configuration. -* `apache::package`: Installs and configures basic Apache packages. -* `apache::params`: Manages Apache parameters. -* `apache::service`: Manages the Apache daemon. +The Apache module relies heavily on templates to enable the [`apache::vhost`][] and [`apache::mod`][] defines. These templates are built based on [Facter][] facts specific to your operating system. Unless explicitly called out, most templates are not meant for configuration. -###Defined Types +## Limitations -####Public Defined Types +### Ubuntu 10.04 -* `apache::balancer`: Creates an Apache balancer cluster. -* `apache::balancermember`: Defines members of [mod_proxy_balancer](http://httpd.apache.org/docs/current/mod/mod_proxy_balancer.html). -* `apache::listen`: Based on the title, controls which ports Apache binds to for listening. Adds [Listen](http://httpd.apache.org/docs/current/bind.html) directives to ports.conf in the Apache HTTPD configuration directory. Titles take the form '', ':', or ':'. -* `apache::mod`: Used to enable arbitrary Apache HTTPD modules for which there is no specific `apache::mod::[name]` class. -* `apache::namevirtualhost`: Enables name-based hosting of a virtual host. Adds all [NameVirtualHost](http://httpd.apache.org/docs/current/vhosts/name-based.html) directives to the `ports.conf` file in the Apache HTTPD configuration directory. Titles take the form '\*', '*:', '\_default_:, '', or ':'. -* `apache::vhost`: Allows specialized configurations for virtual hosts that have requirements outside the defaults. +The [`apache::vhost::WSGIImportScript`][] parameter creates a statement inside the virtual host that is unsupported on older versions of Apache, causing it to fail. This will be remedied in a future refactoring. -####Private Defined Types +### RHEL/CentOS 5 -* `apache::peruser::multiplexer`: Enables the [Peruser](http://www.freebsd.org/cgi/url.cgi?ports/www/apache22-peruser-mpm/pkg-descr) module for FreeBSD only. -* `apache::peruser::processor`: Enables the [Peruser](http://www.freebsd.org/cgi/url.cgi?ports/www/apache22-peruser-mpm/pkg-descr) module for FreeBSD only. -* `apache::security::file_link`: Links the activated_rules from apache::mod::security to the respective CRS rules on disk. +The [`apache::mod::passenger`][] and [`apache::mod::proxy_html`][] classes are untested since repositories are missing compatible packages. -###Templates +### RHEL/CentOS 7 -The Apache module relies heavily on templates to enable the `vhost` and `apache::mod` defined types. These templates are built based on Facter facts around your operating system. Unless explicitly called out, most templates are not meant for configuration. +The [`apache::mod::passenger`][] class is untested as the EL7 repository is missing compatible packages, which also blocks us from testing the [`apache::vhost`][] define's [`rack_base_uris`][] parameter. -##Limitations +### General -###Ubuntu 10.04 +This module is CI tested against both [open source Puppet][] and [Puppet Enterprise][] on: -The `apache::vhost::WSGIImportScript` parameter creates a statement inside the VirtualHost which is unsupported on older versions of Apache, causing this to fail. This will be remedied in a future refactoring. +- CentOS 5 and 6 +- Ubuntu 12.04 and 14.04 +- Debian 7 +- RHEL 5, 6, and 7 -###RHEL/CentOS 5 +This module also provides functions for other distributions and operating systems, such as FreeBSD, Gentoo, and Amazon Linux, but is not formally tested on them and are subject to regressions. -The `apache::mod::passenger` and `apache::mod::proxy_html` classes are untested since repositories are missing compatible packages. +### SELinux and custom paths -###RHEL/CentOS 7 +If [SELinux][] is in [enforcing mode][] and you want to use custom paths for `logroot`, `mod_dir`, `vhost_dir`, and `docroot`, you need to manage the files' context yourself. -The `apache::mod::passenger` class is untested as the repository does not have packages for EL7 yet. The fact that passenger packages aren't available also makes us unable to test the `rack_base_uri` parameter in `apache::vhost`. +You can do this with Puppet: -###General +~~~ puppet +exec { 'set_apache_defaults': + command => 'semanage fcontext -a -t httpd_sys_content_t "/custom/path(/.*)?"', + path => '/bin:/usr/bin/:/sbin:/usr/sbin', + require => Package['policycoreutils-python'], +} -This module is CI tested on Centos 5 & 6, Ubuntu 12.04 & 14.04, Debian 7, and RHEL 5, 6 & 7 platforms against both the OSS and Enterprise version of Puppet. +package { 'policycoreutils-python': + ensure => installed, +} -The module contains support for other distributions and operating systems, such as FreeBSD, Gentoo and Amazon Linux, but is not formally tested on those and regressions can occur. +exec { 'restorecon_apache': + command => 'restorecon -Rv /apache_spec', + path => '/bin:/usr/bin/:/sbin:/usr/sbin', + before => Class['Apache::Service'], + require => Class['apache'], +} -###SELinux and Custom Paths +class { 'apache': } -If you are running with SELinux in enforcing mode and want to use custom paths for your `logroot`, `mod_dir`, `vhost_dir`, and `docroot`, you need to manage the context for the files yourself. +host { 'test.server': + ip => '127.0.0.1', +} -Something along the lines of: +file { '/custom/path': + ensure => directory, +} -```puppet - exec { 'set_apache_defaults': - command => 'semanage fcontext -a -t httpd_sys_content_t "/custom/path(/.*)?"', - path => '/bin:/usr/bin/:/sbin:/usr/sbin', - require => Package['policycoreutils-python'], - } - package { 'policycoreutils-python': ensure => installed } - exec { 'restorecon_apache': - command => 'restorecon -Rv /apache_spec', - path => '/bin:/usr/bin/:/sbin:/usr/sbin', - before => Class['Apache::Service'], - require => Class['apache'], - } - class { 'apache': } - host { 'test.server': ip => '127.0.0.1' } - file { '/custom/path': ensure => directory, } - file { '/custom/path/include': ensure => present, content => '#additional_includes' } - apache::vhost { 'test.server': - docroot => '/custom/path', - additional_includes => '/custom/path/include', - } -``` +file { '/custom/path/include': + ensure => present, + content => '#additional_includes', +} -You need to set the contexts using `semanage fcontext` not `chcon` because `file {...}` resources reset the context to the values in the database if the resource isn't specifying the context. +apache::vhost { 'test.server': + docroot => '/custom/path', + additional_includes => '/custom/path/include', +} +~~~ -###FreeBSD +You need to set the contexts using `semanage fcontext` instead of `chcon` because Puppet's `file` resources reset the values' context in the database if the resource doesn't specify it. -In order to use this module on FreeBSD, you *must* use apache24-2.4.12 (www/apache24) or newer. +### FreeBSD -##Development +In order to use this module on FreeBSD, you _must_ use apache24-2.4.12 (www/apache24) or newer. -###Contributing +## Development -Puppet Labs modules on the Puppet Forge are open projects, and community contributions are essential for keeping them great. We can’t access the huge number of platforms and myriad of hardware, software, and deployment configurations that Puppet is intended to serve. +### Contributing -We want to keep it as easy as possible to contribute changes so that our modules work in your environment. There are a few guidelines that we need contributors to follow so that we can have a chance of keeping on top of things. +[Puppet Labs][] modules on the [Puppet Forge][] are open projects, and community contributions are essential for keeping them great. We can’t access the huge number of platforms and myriad hardware, software, and deployment configurations that Puppet is intended to serve. -Read the complete module [contribution guide](https://docs.puppetlabs.com/forge/contributing.html) +We want to make it as easy as possible to contribute changes so our modules work in your environment, but we also need contributors to follow a few guidelines to help us maintain and improve the modules' quality. -###Running tests +For more information, please read the complete [module contribution guide][]. -This project contains tests for both [rspec-puppet](http://rspec-puppet.com/) and [beaker-rspec](https://github.com/puppetlabs/beaker-rspec) to verify functionality. For in-depth information please see their respective documentation. +### Running tests -Quickstart: +This project contains tests for both [rspec-puppet][] and [beaker-rspec][] to verify functionality. For detailed information on using these tools, please see their respective documentation. -####Ruby > 1.8.7 +#### Testing quickstart: Ruby > 1.8.7 -``` - gem install bundler - bundle install - bundle exec rake spec - bundle exec rspec spec/acceptance - RS_DEBUG=yes bundle exec rspec spec/acceptance -``` +~~~ +gem install bundler +bundle install +bundle exec rake spec +bundle exec rspec spec/acceptance +RS_DEBUG=yes bundle exec rspec spec/acceptance +~~~ -####Ruby = 1.8.7 +#### Testing quickstart: Ruby = 1.8.7 -``` - gem install bundler - bundle install --without system_tests - bundle exec rake spec -``` +~~~ +gem install bundler +bundle install --without system_tests +bundle exec rake spec +~~~ diff --git a/apache/README.passenger.md b/apache/README.passenger.md index 5b33d2909..d50b3f489 100644 --- a/apache/README.passenger.md +++ b/apache/README.passenger.md @@ -13,7 +13,7 @@ Also, general apache module loading parameters can be supplied to enable using a customized passenger module in place of a default-package-based version of the module. -# Operating system support and Passenger versions +## Operating system support and Passenger versions The most important configuration directive for the Apache Passenger module is `PassengerRoot`. Its value depends on the Passenger version used (2.x, 3.x or @@ -35,7 +35,7 @@ RHEL with EPEL6 | 3.0.21 | /usr/lib/ruby/gems/1.8/gems/passenger-3. As mentioned in `README.md` there are no compatible packages available for RHEL/CentOS 5 or RHEL/CentOS 7. -## Configuration files and locations on RHEL/CentOS +### Configuration files and locations on RHEL/CentOS Notice two important points: @@ -55,7 +55,7 @@ directives as described in the remainder of this document are placed in This pertains *only* to RHEL/CentOS, *not* Debian and Ubuntu. -## Third-party and custom Passenger packages and versions +### Third-party and custom Passenger packages and versions The Passenger version distributed by the default OS packages may be too old to be useful. Newer versions may be installed via Gems, from source or from @@ -75,7 +75,7 @@ For Passenger 4.x packages on Debian and Ubuntu the `PassengerRoot` directive should almost universally be set to `/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini`. -# Parameters for `apache::mod::passenger` +## Parameters for `apache::mod::passenger` The following class parameters configure Passenger in a global, server-wide context. @@ -95,12 +95,12 @@ class { 'apache::mod::passenger': The general form is using the all lower-case version of the configuration directive, with underscores instead of CamelCase. -## Parameters used with passenger.conf +### Parameters used with passenger.conf If you pass a default value to `apache::mod::passenger` it will be ignored and not passed through to the configuration file. -### passenger_root +#### passenger_root The location to the Phusion Passenger root directory. This configuration option is essential to Phusion Passenger, and allows Phusion Passenger to locate its @@ -112,7 +112,7 @@ information. http://www.modrails.com/documentation/Users%20guide%20Apache.html#_passengerroot_lt_directory_gt -### passenger_default_ruby +#### passenger_default_ruby This option specifies the default Ruby interpreter to use for web apps as well as for all sorts of internal Phusion Passenger helper scripts, e.g. the one @@ -126,7 +126,7 @@ set to '/usr/bin/ruby'. http://www.modrails.com/documentation/Users%20guide%20Apache.html#PassengerDefaultRuby -### passenger_ruby +#### passenger_ruby This directive is the same as `passenger_default_ruby` for Passenger versions < 4.x and must be used instead of `passenger_default_ruby` for such versions. @@ -141,28 +141,28 @@ Defaults to `/usr/bin/ruby` for all supported operating systems except Ubuntu http://www.modrails.com/documentation/Users%20guide%20Apache.html#PassengerRuby -### passenger_high_performance +#### passenger_high_performance Default is `off`. When turned `on` Passenger runs in a higher performance mode that can be less compatible with other Apache modules. http://www.modrails.com/documentation/Users%20guide%20Apache.html#PassengerHighPerformance -### passenger_max_pool_size +#### passenger_max_pool_size Sets the maximum number of Passenger application processes that may simultaneously run. The default value is 6. http://www.modrails.com/documentation/Users%20guide%20Apache.html#_passengermaxpoolsize_lt_integer_gt -### passenger_pool_idle_time +#### passenger_pool_idle_time The maximum number of seconds a Passenger Application process will be allowed to remain idle before being shut down. The default value is 300. http://www.modrails.com/documentation/Users%20guide%20Apache.html#PassengerPoolIdleTime -### passenger_max_requests +#### passenger_max_requests The maximum number of request a Passenger application will process before being restarted. The default value is 0, which indicates that a process will only @@ -170,14 +170,23 @@ shut down if the Pool Idle Time (see above) expires. http://www.modrails.com/documentation/Users%20guide%20Apache.html#PassengerMaxRequests -### passenger_stat_throttle_rate +#### passenger_spawn_method + +Sets the method by which Ruby application processes are spawned. Default is `smart` +which caches code using the app preloader. + +Passenger >= 4.0 renamed `conservative` to `direct` and `smart-lv2` to `smart`. + +https://www.phusionpassenger.com/documentation/Users%20guide%20Apache.html#PassengerSpawnMethod + +#### passenger_stat_throttle_rate Sets how often Passenger performs file system checks, at most once every _x_ seconds. Default is 0, which means the checks are performed with every request. http://www.modrails.com/documentation/Users%20guide%20Apache.html#_passengerstatthrottlerate_lt_integer_gt -### rack_autodetect +#### rack_autodetect Should Passenger automatically detect if the document root of a virtual host is a Rack application. Not set by default (`undef`). Note that this directive has @@ -186,7 +195,7 @@ Use this directive only on Passenger < 4.x. http://www.modrails.com/documentation/Users%20guide%20Apache.html#_rackautodetect_lt_on_off_gt -### rails_autodetect +#### rails_autodetect Should Passenger automatically detect if the document root of a virtual host is a Rails application. Not set by default (`undef`). Note that this directive @@ -195,13 +204,13 @@ instead. Use this directive only on Passenger < 4.x. http://www.modrails.com/documentation/Users%20guide%20Apache.html#_railsautodetect_lt_on_off_gt -### passenger_use_global_queue +#### passenger_use_global_queue Allows toggling of PassengerUseGlobalQueue. NOTE: PassengerUseGlobalQueue is the default in Passenger 4.x and the versions >= 4.x have disabled this configuration option altogether. Use with caution. -### passenger_app_env +#### passenger_app_env Sets the global default `PassengerAppEnv` for Passenger applications. Not set by default (`undef`) and thus defaults to Passenger's built-in value of 'production'. @@ -209,43 +218,43 @@ This directive can be overridden in an `apache::vhost` resource. https://www.phusionpassenger.com/documentation/Users%20guide%20Apache.html#PassengerAppEnv -## Parameters used to load the module +### Parameters used to load the module Unlike the tuning parameters specified above, the following parameters are only used when loading customized passenger modules. -### mod_package +#### mod_package Allows overriding the default package name used for the passenger module package. -### mod_package_ensure +#### mod_package_ensure Allows overriding the package installation setting used by puppet when installing the passenger module. The default is 'present'. -### mod_id +#### mod_id Allows overriding the value used by apache to identify the passenger module. The default is 'passenger_module'. -### mod_lib_path +#### mod_lib_path Allows overriding the directory path used by apache when loading the passenger module. The default is the value of `$apache::params::lib_path`. -### mod_lib +#### mod_lib Allows overriding the library file name used by apache when loading the passenger module. The default is 'mod_passenger.so'. -### mod_path +#### mod_path Allows overriding the full path to the library file used by apache when loading the passenger module. The default is the concatenation of the `mod_lib_path` and `mod_lib` parameters. -# Dependencies +## Dependencies RedHat-based systems will need to configure additional package repositories in order to install Passenger, specifically: @@ -256,7 +265,7 @@ order to install Passenger, specifically: Configuration of these repositories is beyond the scope of this module and is left to the user. -# Attribution +## Attribution The Passenger tuning parameters for the `apache::mod::passenger` Puppet class was modified by Aaron Hicks (hicksa@landcareresearch.co.nz) for work on the @@ -268,7 +277,7 @@ PuppetLabs Apache module on GitHub. * http://www.nesi.org.nz// * https://tuakiri.ac.nz/confluence/display/Tuakiri/Home -# Copyright and License +## Copyright and License Copyright (C) 2012 [Puppet Labs](https://www.puppetlabs.com/) Inc diff --git a/apache/manifests/default_mods.pp b/apache/manifests/default_mods.pp index 9e3c2c69a..1c3820bf0 100644 --- a/apache/manifests/default_mods.pp +++ b/apache/manifests/default_mods.pp @@ -1,7 +1,8 @@ class apache::default_mods ( $all = true, $mods = undef, - $apache_version = $::apache::apache_version + $apache_version = $::apache::apache_version, + $use_systemd = $::apache::use_systemd, ) { # These are modules required to run the default configuration. # They are not configurable at this time, so we just include @@ -13,7 +14,9 @@ # Lets fork it # Do not try to load mod_systemd on RHEL/CentOS 6 SCL. if ( !($::osfamily == 'redhat' and versioncmp($::operatingsystemrelease, '7.0') == -1) and !($::operatingsystem == 'Amazon') ) { - ::apache::mod { 'systemd': } + if ($use_systemd) { + ::apache::mod { 'systemd': } + } } ::apache::mod { 'unixd': } } diff --git a/apache/manifests/init.pp b/apache/manifests/init.pp index 9e6da9813..5f02bfd61 100644 --- a/apache/manifests/init.pp +++ b/apache/manifests/init.pp @@ -52,6 +52,7 @@ $lib_path = $::apache::params::lib_path, $conf_template = $::apache::params::conf_template, $servername = $::apache::params::servername, + $pidfile = $::apache::params::pidfile, $manage_user = true, $manage_group = true, $user = $::apache::params::user, @@ -72,6 +73,7 @@ $allow_encoded_slashes = undef, $package_ensure = 'installed', $use_optional_includes = $::apache::params::use_optional_includes, + $use_systemd = $::apache::params::use_systemd, ) inherits ::apache::params { validate_bool($default_vhost) validate_bool($default_ssl_vhost) @@ -247,24 +249,20 @@ if $::apache::conf_dir and $::apache::params::conf_file { case $::osfamily { 'debian': { - $pidfile = "\${APACHE_PID_FILE}" $error_log = 'error.log' $scriptalias = '/usr/lib/cgi-bin' $access_log_file = 'access.log' } 'redhat': { - $pidfile = 'run/httpd.pid' $error_log = 'error_log' $scriptalias = '/var/www/cgi-bin' $access_log_file = 'access_log' } 'freebsd': { - $pidfile = '/var/run/httpd.pid' $error_log = 'httpd-error.log' $scriptalias = '/usr/local/www/apache24/cgi-bin' $access_log_file = 'httpd-access.log' } 'gentoo': { - $pidfile = '/run/apache2.pid' $error_log = 'error.log' $error_documents_path = '/usr/share/apache2/error' $scriptalias = '/var/www/localhost/cgi-bin' @@ -282,7 +280,6 @@ } } 'Suse': { - $pidfile = '/var/run/httpd2.pid' $error_log = 'error.log' $scriptalias = '/usr/lib/cgi-bin' $access_log_file = 'access.log' diff --git a/apache/manifests/mod/alias.pp b/apache/manifests/mod/alias.pp index 2f078f645..5b59baa01 100644 --- a/apache/manifests/mod/alias.pp +++ b/apache/manifests/mod/alias.pp @@ -1,27 +1,20 @@ class apache::mod::alias( $apache_version = $apache::apache_version, $icons_options = 'Indexes MultiViews', -) { - $ver24 = versioncmp($apache_version, '2.4') >= 0 + # set icons_path to false to disable the alias + $icons_path = $::apache::params::alias_icons_path, - $icons_path = $::osfamily ? { - 'debian' => '/usr/share/apache2/icons', - 'Suse' => '/usr/share/apache2/icons', - 'redhat' => $ver24 ? { - true => '/usr/share/httpd/icons', - default => '/var/www/icons', - }, - 'freebsd' => '/usr/local/www/apache24/icons', - 'gentoo' => '/usr/share/apache2/icons', - } +) { apache::mod { 'alias': } # Template uses $icons_path - file { 'alias.conf': - ensure => file, - path => "${::apache::mod_dir}/alias.conf", - content => template('apache/mod/alias.conf.erb'), - require => Exec["mkdir ${::apache::mod_dir}"], - before => File[$::apache::mod_dir], - notify => Class['apache::service'], + if $icons_path { + file { 'alias.conf': + ensure => file, + path => "${::apache::mod_dir}/alias.conf", + content => template('apache/mod/alias.conf.erb'), + require => Exec["mkdir ${::apache::mod_dir}"], + before => File[$::apache::mod_dir], + notify => Class['apache::service'], + } } } diff --git a/apache/manifests/mod/auth_mellon.pp b/apache/manifests/mod/auth_mellon.pp new file mode 100644 index 000000000..79f6ffebb --- /dev/null +++ b/apache/manifests/mod/auth_mellon.pp @@ -0,0 +1,24 @@ +class apache::mod::auth_mellon ( + $mellon_cache_size = $::apache::params::mellon_cache_size, + $mellon_lock_file = $::apache::params::mellon_lock_file, + $mellon_post_directory = $::apache::params::mellon_post_directory, + $mellon_cache_entry_size = undef, + $mellon_post_ttl = undef, + $mellon_post_size = undef, + $mellon_post_count = undef +) { + + ::apache::mod { 'auth_mellon': } + + # Template uses + # - All variables beginning with mellon_ + file { 'auth_mellon.conf': + ensure => file, + path => "${::apache::mod_dir}/auth_mellon.conf", + content => template('apache/mod/auth_mellon.conf.erb'), + require => [ Exec["mkdir ${::apache::mod_dir}"], ], + before => File[$::apache::mod_dir], + notify => Class['Apache::Service'], + } + +} diff --git a/apache/manifests/mod/cgid.pp b/apache/manifests/mod/cgid.pp index 8946f652b..4094c3281 100644 --- a/apache/manifests/mod/cgid.pp +++ b/apache/manifests/mod/cgid.pp @@ -2,7 +2,11 @@ case $::osfamily { 'FreeBSD': {} default: { - Class['::apache::mod::worker'] -> Class['::apache::mod::cgid'] + if defined(Class['::apache::mod::event']) { + Class['::apache::mod::event'] -> Class['::apache::mod::cgid'] + } else { + Class['::apache::mod::worker'] -> Class['::apache::mod::cgid'] + } } } diff --git a/apache/manifests/mod/disk_cache.pp b/apache/manifests/mod/disk_cache.pp index 2b9d8a910..2f0a476fa 100644 --- a/apache/manifests/mod/disk_cache.pp +++ b/apache/manifests/mod/disk_cache.pp @@ -1,25 +1,34 @@ -class apache::mod::disk_cache { - $cache_root = $::osfamily ? { - 'debian' => '/var/cache/apache2/mod_disk_cache', - 'redhat' => '/var/cache/mod_proxy', - 'freebsd' => '/var/cache/mod_disk_cache', - 'gentoo' => '/var/cache/apache2/mod_disk_cache', +class apache::mod::disk_cache ( + $cache_root = undef, +) { + if $cache_root { + $_cache_root = $cache_root } - - $mod_name = $::osfamily ? { - 'FreeBSD' => 'cache_disk', - default => 'disk_cache', + elsif versioncmp($::apache::apache_version, '2.4') >= 0 { + $_cache_root = $::osfamily ? { + 'debian' => '/var/cache/apache2/mod_cache_disk', + 'redhat' => '/var/cache/httpd/proxy', + 'freebsd' => '/var/cache/mod_cache_disk', + } + } + else { + $_cache_root = $::osfamily ? { + 'debian' => '/var/cache/apache2/mod_disk_cache', + 'redhat' => '/var/cache/mod_proxy', + 'freebsd' => '/var/cache/mod_disk_cache', + } } - if $::osfamily != 'FreeBSD' { - # FIXME: investigate why disk_cache was dependent on proxy - # NOTE: on FreeBSD disk_cache is compiled by default but proxy is not - Class['::apache::mod::proxy'] -> Class['::apache::mod::disk_cache'] + if versioncmp($::apache::apache_version, '2.4') >= 0 { + apache::mod { 'cache_disk': } } + else { + apache::mod { 'disk_cache': } + } + Class['::apache::mod::cache'] -> Class['::apache::mod::disk_cache'] - apache::mod { $mod_name: } - # Template uses $cache_proxy + # Template uses $_cache_root file { 'disk_cache.conf': ensure => file, path => "${::apache::mod_dir}/disk_cache.conf", diff --git a/apache/manifests/mod/fcgid.pp b/apache/manifests/mod/fcgid.pp index a143c2b43..978667033 100644 --- a/apache/manifests/mod/fcgid.pp +++ b/apache/manifests/mod/fcgid.pp @@ -1,22 +1,17 @@ class apache::mod::fcgid( $options = {}, ) { - if $::osfamily == 'RedHat' and $::operatingsystemmajrelease == '7' { - $loadfile_name = 'unixd_fcgid.load' - } else { - $loadfile_name = undef - } ::apache::mod { 'fcgid': - loadfile_name => $loadfile_name + loadfile_name => 'unixd_fcgid.load', } # Template uses: # - $options - file { 'fcgid.conf': + file { 'unixd_fcgid.conf': ensure => file, - path => "${::apache::mod_dir}/fcgid.conf", - content => template('apache/mod/fcgid.conf.erb'), + path => "${::apache::mod_dir}/unixd_fcgid.conf", + content => template('apache/mod/unixd_fcgid.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], notify => Class['apache::service'], diff --git a/apache/manifests/mod/passenger.pp b/apache/manifests/mod/passenger.pp index 03cce4d89..efd348689 100644 --- a/apache/manifests/mod/passenger.pp +++ b/apache/manifests/mod/passenger.pp @@ -4,6 +4,7 @@ $passenger_high_performance = undef, $passenger_pool_idle_time = undef, $passenger_max_requests = undef, + $passenger_spawn_method = undef, $passenger_stat_throttle_rate = undef, $rack_autodetect = undef, $rails_autodetect = undef, @@ -21,6 +22,11 @@ $mod_id = undef, $mod_path = undef, ) { + + if $passenger_spawn_method { + validate_re($passenger_spawn_method, '(^smart$|^direct$|^smart-lv2$|^conservative$)', "${passenger_spawn_method} is not permitted for passenger_spawn_method. Allowed values are 'smart', 'direct', 'smart-lv2', or 'conservative'.") + } + # Managed by the package, but declare it to avoid purging if $passenger_conf_package_file { file { 'passenger_package.conf': @@ -61,6 +67,7 @@ # - $passenger_min_instances # - $passenger_high_performance # - $passenger_max_requests + # - $passenger_spawn_method # - $passenger_stat_throttle_rate # - $passenger_use_global_queue # - $passenger_app_env diff --git a/apache/manifests/mod/security.pp b/apache/manifests/mod/security.pp index 84e55e292..050b1bd6f 100644 --- a/apache/manifests/mod/security.pp +++ b/apache/manifests/mod/security.pp @@ -2,6 +2,7 @@ $crs_package = $::apache::params::modsec_crs_package, $activated_rules = $::apache::params::modsec_default_rules, $modsec_dir = $::apache::params::modsec_dir, + $modsec_secruleengine = $::apache::params::modsec_secruleengine, $allowed_methods = 'GET HEAD POST OPTIONS', $content_types = 'application/x-www-form-urlencoded|multipart/form-data|text/xml|application/xml|application/x-amf', $restricted_extensions = '.asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/', diff --git a/apache/manifests/mod/worker.pp b/apache/manifests/mod/worker.pp index 25925f807..2e6a6421b 100644 --- a/apache/manifests/mod/worker.pp +++ b/apache/manifests/mod/worker.pp @@ -1,3 +1,57 @@ +# == Class: apache::mod::worker +# +# +# === Parameters +# +# [*startservers*] +# (optional) The number of child server processes created on startup +# Defaults is '2' +# +# [*maxclients*] +# (optional) The max number of simultaneous requests that will be served. +# This is the old name and is still supported. The new name is +# MaxRequestWorkers as of 2.3.13. +# Default is '150' +# +# [*minsparethreads*] +# (optional) Minimum number of idle threads to handle request spikes. +# Default is '25' +# +# [*maxsparethreads*] +# (optional) Maximum number of idle threads. +# Default is '75' +# +# [*threadsperchild*] +# (optional) The number of threads created by each child process. +# Default is '25' +# +# [*maxrequestsperchild*] +# (optional) Limit on the number of connectiojns an individual child server +# process will handle. This is the old name and is still supported. The new +# name is MaxConnectionsPerChild as of 2.3.9+. +# Default is '0' +# +# [*serverlimit*] +# (optional) With worker, use this directive only if your MaxRequestWorkers +# and ThreadsPerChild settings require more than 16 server processes +# (default). Do not set the value of this directive any higher than the +# number of server processes required by what you may want for +# MaxRequestWorkers and ThreadsPerChild. +# Default is '25' +# +# [*threadlimit*] +# (optional) This directive sets the maximum configured value for +# ThreadsPerChild for the lifetime of the Apache httpd process. +# Default is '64' +# +# [*listenbacklog*] +# (optional) Maximum length of the queue of pending connections. +# Defaults is '511' +# +# [*apache_version*] +# (optional) +# Default is $::apache::apache_version +# class apache::mod::worker ( $startservers = '2', $maxclients = '150', @@ -7,6 +61,7 @@ $maxrequestsperchild = '0', $serverlimit = '25', $threadlimit = '64', + $listenbacklog = '511', $apache_version = $::apache::apache_version, ) { if defined(Class['apache::mod::event']) { @@ -36,6 +91,7 @@ # - $maxrequestsperchild # - $serverlimit # - $threadLimit + # - $listenbacklog file { "${::apache::mod_dir}/worker.conf": ensure => file, content => template('apache/mod/worker.conf.erb'), diff --git a/apache/manifests/params.pp b/apache/manifests/params.pp index b5d142136..5c5233ccd 100644 --- a/apache/manifests/params.pp +++ b/apache/manifests/params.pp @@ -29,6 +29,9 @@ $log_level = 'warn' $use_optional_includes = false + # should we use systemd module? + $use_systemd = true + if $::operatingsystem == 'Ubuntu' and $::lsbdistrelease == '10.04' { $verify_command = '/usr/sbin/apache2ctl -t' } else { @@ -50,6 +53,7 @@ $vhost_enable_dir = undef $conf_file = 'httpd.conf' $ports_file = "${conf_dir}/ports.conf" + $pidfile = 'run/httpd.pid' $logroot = '/var/log/httpd' $logroot_mode = undef $lib_path = 'modules' @@ -71,6 +75,7 @@ $mod_packages = { 'auth_cas' => 'mod_auth_cas', 'auth_kerb' => 'mod_auth_kerb', + 'auth_mellon' => 'mod_auth_mellon', 'authnz_ldap' => $::apache::version::distrelease ? { '7' => 'mod_ldap', default => 'mod_authz_ldap', @@ -113,6 +118,10 @@ $mime_support_package = 'mailcap' $mime_types_config = '/etc/mime.types' $docroot = '/var/www/html' + $alias_icons_path = $::apache::version::distrelease ? { + '7' => '/usr/share/httpd/icons', + default => '/var/www/icons', + } $error_documents_path = $::apache::version::distrelease ? { '7' => '/usr/share/httpd/error', default => '/var/www/error' @@ -123,9 +132,13 @@ $wsgi_socket_prefix = undef } $cas_cookie_path = '/var/cache/mod_auth_cas/' + $mellon_lock_file = '/run/mod_auth_mellon/lock' + $mellon_cache_size = 100 + $mellon_post_directory = undef $modsec_crs_package = 'mod_security_crs' $modsec_crs_path = '/usr/lib/modsecurity.d' $modsec_dir = '/etc/httpd/modsecurity.d' + $modsec_secruleengine = 'On' $modsec_default_rules = [ 'base_rules/modsecurity_35_bad_robots.data', 'base_rules/modsecurity_35_scanners.data', @@ -165,6 +178,7 @@ $vhost_enable_dir = "${httpd_dir}/sites-enabled" $conf_file = 'apache2.conf' $ports_file = "${conf_dir}/ports.conf" + $pidfile = "\${APACHE_PID_FILE}" $logroot = '/var/log/apache2' $logroot_mode = undef $lib_path = '/usr/lib/apache2/modules' @@ -178,9 +192,11 @@ $mod_packages = { 'auth_cas' => 'libapache2-mod-auth-cas', 'auth_kerb' => 'libapache2-mod-auth-kerb', + 'auth_mellon' => 'libapache2-mod-auth-mellon', 'dav_svn' => 'libapache2-svn', 'fastcgi' => 'libapache2-mod-fastcgi', 'fcgid' => 'libapache2-mod-fcgid', + 'geoip' => 'libapache2-mod-geoip', 'nss' => 'libapache2-mod-nss', 'pagespeed' => 'mod-pagespeed-stable', 'passenger' => 'libapache2-mod-passenger', @@ -207,9 +223,13 @@ $mime_types_config = '/etc/mime.types' $docroot = '/var/www' $cas_cookie_path = '/var/cache/apache2/mod_auth_cas/' + $mellon_lock_file = undef + $mellon_cache_size = undef + $mellon_post_directory = '/var/cache/apache2/mod_auth_mellon/' $modsec_crs_package = 'modsecurity-crs' $modsec_crs_path = '/usr/share/modsecurity-crs' $modsec_dir = '/etc/modsecurity' + $modsec_secruleengine = 'On' $modsec_default_rules = [ 'base_rules/modsecurity_35_bad_robots.data', 'base_rules/modsecurity_35_scanners.data', @@ -233,6 +253,7 @@ 'base_rules/modsecurity_crs_59_outbound_blocking.conf', 'base_rules/modsecurity_crs_60_correlation.conf' ] + $alias_icons_path = '/usr/share/apache2/icons' $error_documents_path = '/usr/share/apache2/error' if ($::operatingsystem == 'Ubuntu' and versioncmp($::operatingsystemrelease, '13.10') >= 0) or ($::operatingsystem == 'Debian' and versioncmp($::operatingsystemrelease, '8') >= 0) { $dev_packages = ['libaprutil1-dev', 'libapr1-dev', 'apache2-dev'] @@ -308,6 +329,7 @@ $vhost_enable_dir = undef $conf_file = 'httpd.conf' $ports_file = "${conf_dir}/ports.conf" + $pidfile = '/var/run/httpd.pid' $logroot = '/var/log/apache24' $logroot_mode = undef $lib_path = '/usr/local/libexec/apache24' @@ -355,6 +377,7 @@ $mime_types_config = '/usr/local/etc/mime.types' $wsgi_socket_prefix = undef $docroot = '/usr/local/www/apache24/data' + $alias_icons_path = '/usr/local/www/apache24/icons' $error_documents_path = '/usr/local/www/apache24/error' } elsif $::osfamily == 'Gentoo' { $user = 'apache' @@ -416,6 +439,7 @@ $mime_types_config = '/etc/mime.types' $wsgi_socket_prefix = undef $docroot = '/var/www/localhost/htdocs' + $alias_icons_path = '/usr/share/apache2/icons' $error_documents_path = '/usr/share/apache2/error' } elsif $::osfamily == 'Suse' { $user = 'wwwrun' @@ -433,6 +457,7 @@ $vhost_enable_dir = "${httpd_dir}/sites-enabled" $conf_file = 'httpd.conf' $ports_file = "${conf_dir}/ports.conf" + $pidfile = '/var/run/httpd2.pid' $logroot = '/var/log/apache2' $logroot_mode = undef $lib_path = '/usr/lib64/apache2-prefork/' @@ -462,6 +487,10 @@ $mime_types_config = '/etc/mime.types' $docroot = '/srv/www' $cas_cookie_path = '/var/cache/apache2/mod_auth_cas/' + $mellon_lock_file = undef + $mellon_cache_size = undef + $mellon_post_directory = undef + $alias_icons_path = '/usr/share/apache2/icons' $error_documents_path = '/usr/share/apache2/error' $dev_packages = ['libapr-util1-devel', 'libapr1-devel'] diff --git a/apache/manifests/vhost.pp b/apache/manifests/vhost.pp index 976bd1f8b..20b1aa6b9 100644 --- a/apache/manifests/vhost.pp +++ b/apache/manifests/vhost.pp @@ -82,6 +82,7 @@ $rack_base_uris = undef, $headers = undef, $request_headers = undef, + $filters = undef, $rewrites = undef, $rewrite_base = undef, $rewrite_rule = undef, @@ -106,6 +107,7 @@ $fastcgi_socket = undef, $fastcgi_dir = undef, $additional_includes = [], + $use_optional_includes = $::apache::use_optional_includes, $apache_version = $::apache::apache_version, $allow_encoded_slashes = undef, $suexec_user_group = undef, @@ -148,7 +150,7 @@ # Input validation begins if $suexec_user_group { - validate_re($suexec_user_group, '^\w+ \w+$', + validate_re($suexec_user_group, '^[\w-]+ [\w-]+$', "${suexec_user_group} is not supported for suexec_user_group. Must be 'user group'.") } @@ -361,7 +363,7 @@ } # Load mod_alias if needed and not yet loaded - if ($scriptalias or $scriptaliases != []) or ($redirect_source and $redirect_dest) { + if ($scriptalias or $scriptaliases != []) or ($aliases and $aliases != []) or ($redirect_source and $redirect_dest) { if ! defined(Class['apache::mod::alias']) and ($ensure == 'present') { include ::apache::mod::alias } @@ -398,6 +400,13 @@ } } + # Check if mod_filter is required to process $filters + if $filters { + if ! defined(Class['apache::mod::filter']) { + include ::apache::mod::filter + } + } + if ($setenv and ! empty($setenv)) or ($setenvif and ! empty($setenvif)) { if ! defined(Class['apache::mod::setenvif']) { include ::apache::mod::setenvif @@ -882,6 +891,16 @@ } } + # Template uses: + # - $filters + if $filters and ! empty($filters) { + concat::fragment { "${name}-filters": + target => "${priority_real}${filename}.conf", + order => 330, + content => template('apache/vhost/_filters.erb'), + } + } + # Template uses no variables concat::fragment { "${name}-file_footer": target => "${priority_real}${filename}.conf", diff --git a/apache/metadata.json b/apache/metadata.json index 71bad1d35..a0e3fc2fa 100644 --- a/apache/metadata.json +++ b/apache/metadata.json @@ -1,12 +1,16 @@ { "name": "puppetlabs-apache", - "version": "1.5.0", + "version": "1.6.0", "author": "puppetlabs", "summary": "Installs, configures, and manages Apache virtual hosts, web services, and modules.", "license": "Apache-2.0", "source": "git://github.com/puppetlabs/puppetlabs-apache.git", "project_page": "https://github.com/puppetlabs/puppetlabs-apache", "issues_url": "https://tickets.puppetlabs.com/browse/MODULES", + "dependencies": [ + {"name":"puppetlabs/stdlib","version_requirement":">= 2.4.0 < 5.0.0"}, + {"name":"puppetlabs/concat","version_requirement":">= 1.1.1 < 2.0.0"} + ], "operatingsystem_support": [ { "operatingsystem": "RedHat", @@ -64,16 +68,12 @@ "requirements": [ { "name": "pe", - "version_requirement": ">= 3.7.0 < 4.0.0" + "version_requirement": ">= 3.7.0 < 2015.3.0" }, { "name": "puppet", - "version_requirement": "3.x" + "version_requirement": ">= 3.0.0 < 5.0.0" } ], - "description": "Module for Apache configuration", - "dependencies": [ - {"name":"puppetlabs/stdlib","version_requirement":">= 2.4.0 < 5.0.0"}, - {"name":"puppetlabs/concat","version_requirement":">= 1.1.1 < 2.0.0"} - ] + "description": "Module for Apache configuration" } diff --git a/apache/spec/acceptance/mod_security_spec.rb b/apache/spec/acceptance/mod_security_spec.rb index 18de2804e..67ad7d5b8 100644 --- a/apache/spec/acceptance/mod_security_spec.rb +++ b/apache/spec/acceptance/mod_security_spec.rb @@ -1,6 +1,6 @@ require 'spec_helper_acceptance' -describe 'apache::mod::security class', :unless => (UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) or (fact('osfamily') == 'Debian' and (fact('lsbdistcodename') == 'squeeze' or fact('lsbdistcodename') == 'lucid' or fact('lsbdistcodename') == 'precise'))) do +describe 'apache::mod::security class', :unless => (UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) or (fact('osfamily') == 'Debian' and (fact('lsbdistcodename') == 'squeeze' or fact('lsbdistcodename') == 'lucid' or fact('lsbdistcodename') == 'precise' or fact('lsbdistcodename') == 'wheezy'))) do case fact('osfamily') when 'Debian' mod_dir = '/etc/apache2/mods-available' @@ -47,6 +47,11 @@ class { 'apache::mod::security': } } EOS apply_manifest(pp, :catch_failures => true) + + #Need to add a short sleep here because on RHEL6 the service takes a bit longer to init + if fact('osfamily') == 'RedHat' and fact('operatingsystemmajrelease') =~ /(5|6)/ + sleep 5 + end end describe service(service_name) do @@ -62,15 +67,17 @@ class { 'apache::mod::security': } it { is_expected.to contain "mod_security2.c" } end - it 'should return index page' do - shell('/usr/bin/curl -A beaker modsec.example.com:80') do |r| - expect(r.stdout).to match(/Index page/) - expect(r.exit_code).to eq(0) + describe 'should be listening on port 80' do + it 'should return index page' do + shell('/usr/bin/curl -A beaker modsec.example.com:80') do |r| + expect(r.stdout).to match(/Index page/) + expect(r.exit_code).to eq(0) + end end - end - it 'should block query with SQL' do - shell '/usr/bin/curl -A beaker -f modsec.example.com:80?SELECT%20*FROM%20mysql.users', :acceptable_exit_codes => [22] + it 'should block query with SQL' do + shell '/usr/bin/curl -A beaker -f modsec.example.com:80?SELECT%20*FROM%20mysql.users', :acceptable_exit_codes => [22] + end end end #default mod_security config diff --git a/apache/spec/classes/mod/auth_mellon_spec.rb b/apache/spec/classes/mod/auth_mellon_spec.rb new file mode 100644 index 000000000..f022e4810 --- /dev/null +++ b/apache/spec/classes/mod/auth_mellon_spec.rb @@ -0,0 +1,87 @@ +describe 'apache::mod::auth_mellon', :type => :class do + let :pre_condition do + 'include apache' + end + context "on a Debian OS" do + let :facts do + { + :osfamily => 'Debian', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + :lsbdistcodename => 'squeeze', + :operatingsystem => 'Debian', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :fqdn => 'test.example.com', + :is_pe => false, + } + end + describe 'with no parameters' do + it { should contain_apache__mod('auth_mellon') } + it { should contain_package('libapache2-mod-auth-mellon') } + it { should contain_file('auth_mellon.conf').with_path('/etc/apache2/mods-available/auth_mellon.conf') } + it { should contain_file('auth_mellon.conf').with_content("MellonPostDirectory \"\/var\/cache\/apache2\/mod_auth_mellon\/\"\n") } + end + describe 'with parameters' do + let :params do + { :mellon_cache_size => '200', + :mellon_cache_entry_size => '2010', + :mellon_lock_file => '/tmp/junk', + :mellon_post_directory => '/tmp/post', + :mellon_post_ttl => '5', + :mellon_post_size => '8', + :mellon_post_count => '10' + } + end + it { should contain_file('auth_mellon.conf').with_content(/^MellonCacheSize\s+200$/) } + it { should contain_file('auth_mellon.conf').with_content(/^MellonCacheEntrySize\s+2010$/) } + it { should contain_file('auth_mellon.conf').with_content(/^MellonLockFile\s+"\/tmp\/junk"$/) } + it { should contain_file('auth_mellon.conf').with_content(/^MellonPostDirectory\s+"\/tmp\/post"$/) } + it { should contain_file('auth_mellon.conf').with_content(/^MellonPostTTL\s+5$/) } + it { should contain_file('auth_mellon.conf').with_content(/^MellonPostSize\s+8$/) } + it { should contain_file('auth_mellon.conf').with_content(/^MellonPostCount\s+10$/) } + end + + end + context "on a RedHat OS" do + let :facts do + { + :osfamily => 'RedHat', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + :operatingsystem => 'RedHat', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :fqdn => 'test.example.com', + :is_pe => false, + } + end + describe 'with no parameters' do + it { should contain_apache__mod('auth_mellon') } + it { should contain_package('mod_auth_mellon') } + it { should contain_file('auth_mellon.conf').with_path('/etc/httpd/conf.d/auth_mellon.conf') } + it { should contain_file('auth_mellon.conf').with_content("MellonCacheSize 100\nMellonLockFile \"/run/mod_auth_mellon/lock\"\n") } + end + describe 'with parameters' do + let :params do + { :mellon_cache_size => '200', + :mellon_cache_entry_size => '2010', + :mellon_lock_file => '/tmp/junk', + :mellon_post_directory => '/tmp/post', + :mellon_post_ttl => '5', + :mellon_post_size => '8', + :mellon_post_count => '10' + } + end + it { should contain_file('auth_mellon.conf').with_content(/^MellonCacheSize\s+200$/) } + it { should contain_file('auth_mellon.conf').with_content(/^MellonCacheEntrySize\s+2010$/) } + it { should contain_file('auth_mellon.conf').with_content(/^MellonLockFile\s+"\/tmp\/junk"$/) } + it { should contain_file('auth_mellon.conf').with_content(/^MellonPostDirectory\s+"\/tmp\/post"$/) } + it { should contain_file('auth_mellon.conf').with_content(/^MellonPostTTL\s+5$/) } + it { should contain_file('auth_mellon.conf').with_content(/^MellonPostSize\s+8$/) } + it { should contain_file('auth_mellon.conf').with_content(/^MellonPostCount\s+10$/) } + end + end +end diff --git a/apache/spec/classes/mod/disk_cache.rb b/apache/spec/classes/mod/disk_cache.rb new file mode 100644 index 000000000..263b4cac6 --- /dev/null +++ b/apache/spec/classes/mod/disk_cache.rb @@ -0,0 +1,111 @@ +require 'spec_helper' + +describe 'apache::mod::disk_cache', :type => :class do + let :pre_condition do + 'include apache' + end + context "on a Debian OS", :compile do + let :facts do + { + :id => 'root', + :kernel => 'Linux', + :lsbdistcodename => 'squeeze', + :osfamily => 'Debian', + :operatingsystem => 'Debian', + :operatingsystemrelease => '6', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :concat_basedir => '/dne', + :is_pe => false, + } + end + context "with Apache version < 2.4" do + let :params do + { + :apache_version => '2.2', + } + end + + it { is_expected.to contain_apache__mod("disk_cache") } + it { is_expected.to contain_file("disk_cache.conf").with(:content => /CacheEnable disk /\nCacheRoot \"\/var\/cache\/apache2\/mod_disk_cache\"\nCacheDirLevels 2\nCacheDirLength 1/) } + end + context "with Apache version >= 2.4" do + let :params do + { + :apache_version => '2.4', + } + end + + it { is_expected.to contain_apache__mod("cache_disk") } + it { is_expected.to contain_file("disk_cache.conf").with(:content => /CacheEnable disk /\nCacheRoot \"\/var\/cache\/apache2\/mod_cache_disk\"\nCacheDirLevels 2\nCacheDirLength 1/) } + end + end + + context "on a RedHat 6-based OS", :compile do + let :facts do + { + :id => 'root', + :kernel => 'Linux', + :osfamily => 'RedHat', + :operatingsystem => 'RedHat', + :operatingsystemrelease => '6', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :concat_basedir => '/dne', + :is_pe => false, + } + end + context "with Apache version < 2.4" do + let :params do + { + :apache_version => '2.2', + } + end + + it { is_expected.to contain_apache__mod("disk_cache") } + it { is_expected.to contain_file("disk_cache.conf").with(:content => /CacheEnable disk /\nCacheRoot \"\/var\/cache\/httpd\/proxy\"\nCacheDirLevels 2\nCacheDirLength 1/) } + end + context "with Apache version >= 2.4" do + let :params do + { + :apache_version => '2.4', + } + end + + it { is_expected.to contain_apache__mod("cache_disk") } + it { is_expected.to contain_file("disk_cache.conf").with(:content => /CacheEnable disk /\nCacheRoot \"\/var\/cache\/httpd\/proxy\"\nCacheDirLevels 2\nCacheDirLength 1/) } + end + end + context "on a FreeBSD OS", :compile do + let :facts do + { + :id => 'root', + :kernel => 'FreeBSD', + :osfamily => 'FreeBSD', + :operatingsystem => 'FreeBSD', + :operatingsystemrelease => '10', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :concat_basedir => '/dne', + :is_pe => false, + } + end + context "with Apache version < 2.4" do + let :params do + { + :apache_version => '2.2', + } + end + + it { is_expected.to contain_apache__mod("disk_cache") } + it { is_expected.to contain_file("disk_cache.conf").with(:content => /CacheEnable disk /\nCacheRoot \"\/var\/cache\/mod_cache_disk\"\nCacheDirLevels 2\nCacheDirLength 1/) } + end + context "with Apache version >= 2.4" do + let :params do + { + :apache_version => '2.4', + } + end + + it { is_expected.to contain_apache__mod("cache_disk") } + it { is_expected.to contain_file("disk_cache.conf").with(:content => /CacheEnable disk /\nCacheRoot \"\/var\/cache\/mod_cache_disk\"\nCacheDirLevels 2\nCacheDirLength 1/) } + end + end +end diff --git a/apache/spec/classes/mod/fcgid_spec.rb b/apache/spec/classes/mod/fcgid_spec.rb index 096717d35..98953625a 100644 --- a/apache/spec/classes/mod/fcgid_spec.rb +++ b/apache/spec/classes/mod/fcgid_spec.rb @@ -21,7 +21,9 @@ } end it { is_expected.to contain_class("apache::params") } - it { is_expected.to contain_apache__mod('fcgid') } + it { is_expected.to contain_apache__mod('fcgid').with({ + 'loadfile_name' => 'unixd_fcgid.load' + }) } it { is_expected.to contain_package("libapache2-mod-fcgid") } end @@ -36,13 +38,15 @@ :id => 'root', :kernel => 'Linux', :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - :is_pe => false, + :is_pe => false, } end describe 'without parameters' do it { is_expected.to contain_class("apache::params") } - it { is_expected.to contain_apache__mod('fcgid') } + it { is_expected.to contain_apache__mod('fcgid').with({ + 'loadfile_name' => 'unixd_fcgid.load' + }) } it { is_expected.to contain_package("mod_fcgid") } end @@ -57,7 +61,7 @@ } end it 'should contain the correct config' do - content = catalogue.resource('file', 'fcgid.conf').send(:parameters)[:content] + content = catalogue.resource('file', 'unixd_fcgid.conf').send(:parameters)[:content] expect(content.split("\n").reject { |c| c =~ /(^#|^$)/ }).to eq([ '', ' AddHandler fcgid-script .fcgi', @@ -89,8 +93,7 @@ it { is_expected.to contain_class("apache::params") } it { is_expected.to contain_apache__mod('fcgid').with({ 'loadfile_name' => 'unixd_fcgid.load' - }) - } + }) } it { is_expected.to contain_package("mod_fcgid") } end end @@ -99,8 +102,8 @@ let :facts do { :osfamily => 'FreeBSD', - :operatingsystemrelease => '9', - :operatingsystemmajrelease => '9', + :operatingsystemrelease => '10', + :operatingsystemmajrelease => '10', :concat_basedir => '/dne', :operatingsystem => 'FreeBSD', :id => 'root', @@ -111,7 +114,9 @@ end it { is_expected.to contain_class("apache::params") } - it { is_expected.to contain_apache__mod('fcgid') } + it { is_expected.to contain_apache__mod('fcgid').with({ + 'loadfile_name' => 'unixd_fcgid.load' + }) } it { is_expected.to contain_package("www/mod_fcgid") } end @@ -130,7 +135,9 @@ end it { is_expected.to contain_class("apache::params") } - it { is_expected.to contain_apache__mod('fcgid') } + it { is_expected.to contain_apache__mod('fcgid').with({ + 'loadfile_name' => 'unixd_fcgid.load' + }) } it { is_expected.to contain_package("www-apache/mod_fcgid") } end end diff --git a/apache/spec/classes/mod/passenger_spec.rb b/apache/spec/classes/mod/passenger_spec.rb index 07ce358fe..40ac749f6 100644 --- a/apache/spec/classes/mod/passenger_spec.rb +++ b/apache/spec/classes/mod/passenger_spec.rb @@ -64,6 +64,18 @@ end it { is_expected.to contain_file('passenger.conf').with_content(/^ PassengerMaxRequests 20$/) } end + describe "with passenger_spawn_method => bogus" do + let :params do + { :passenger_spawn_method => 'bogus' } + end + it { is_expected.to raise_error(Puppet::Error, /not permitted for passenger_spawn_method/) } + end + describe "with passenger_spawn_method => direct" do + let :params do + { :passenger_spawn_method => 'direct' } + end + it { is_expected.to contain_file('passenger.conf').with_content(/^ PassengerSpawnMethod direct$/) } + end describe "with passenger_stat_throttle_rate => 10" do let :params do { :passenger_stat_throttle_rate => 10 } diff --git a/apache/spec/classes/mod/worker_spec.rb b/apache/spec/classes/mod/worker_spec.rb index 38a79aeb2..9d0d8e5e0 100644 --- a/apache/spec/classes/mod/worker_spec.rb +++ b/apache/spec/classes/mod/worker_spec.rb @@ -157,6 +157,7 @@ it { should contain_file('/etc/httpd/conf.d/worker.conf').with(:content => /^\s+ThreadsPerChild\s+25$/) } it { should contain_file('/etc/httpd/conf.d/worker.conf').with(:content => /^\s+MaxRequestsPerChild\s+0$/) } it { should contain_file('/etc/httpd/conf.d/worker.conf').with(:content => /^\s+ThreadLimit\s+64$/) } + it { should contain_file("/etc/httpd/conf.d/worker.conf").with(:content => /^\s*ListenBacklog\s*511/) } end context 'setting params' do @@ -169,7 +170,8 @@ :maxsparethreads => 14, :threadsperchild => 15, :maxrequestsperchild => 16, - :threadlimit => 17 + :threadlimit => 17, + :listenbacklog => 8, } end it { should contain_file('/etc/httpd/conf.d/worker.conf').with(:content => /^$/) } @@ -181,6 +183,7 @@ it { should contain_file('/etc/httpd/conf.d/worker.conf').with(:content => /^\s+ThreadsPerChild\s+15$/) } it { should contain_file('/etc/httpd/conf.d/worker.conf').with(:content => /^\s+MaxRequestsPerChild\s+16$/) } it { should contain_file('/etc/httpd/conf.d/worker.conf').with(:content => /^\s+ThreadLimit\s+17$/) } + it { should contain_file("/etc/httpd/conf.d/worker.conf").with(:content => /^\s*ListenBacklog\s*8/) } end end end diff --git a/apache/spec/defines/vhost_spec.rb b/apache/spec/defines/vhost_spec.rb index 325a06333..3b9a6fdbd 100644 --- a/apache/spec/defines/vhost_spec.rb +++ b/apache/spec/defines/vhost_spec.rb @@ -210,10 +210,14 @@ 'proxy_dest' => '/', 'proxy_pass' => [ { - 'path' => '/a', - 'url' => 'http://backend-a/', - 'keywords' => ['noquery', 'interpolate'], - 'params' => { + 'path' => '/a', + 'url' => 'http://backend-a/', + 'keywords' => ['noquery', 'interpolate'], + 'reverse_cookies' => [{ + 'path' => '/a', + 'url' => 'http://backend-a/', + }], + 'params' => { 'retry' => '0', 'timeout' => '5' }, @@ -255,6 +259,15 @@ 'rewrite_rule' => ['^index\.html$ welcome.html'] } ], + 'filters' => [ + 'FilterDeclare COMPRESS', + 'FilterProvider COMPRESS DEFLATE resp=Content-Type $text/html', + 'FilterProvider COMPRESS DEFLATE resp=Content-Type $text/css', + 'FilterProvider COMPRESS DEFLATE resp=Content-Type $text/plain', + 'FilterProvider COMPRESS DEFLATE resp=Content-Type $text/xml', + 'FilterChain COMPRESS', + 'FilterProtocol COMPRESS DEFLATE change=yes;byteranges=no', + ], 'rewrite_base' => '/', 'rewrite_rule' => '^index\.html$ welcome.html', 'rewrite_cond' => '%{HTTP_USER_AGENT} ^MSIE', @@ -290,6 +303,7 @@ 'fastcgi_dir' => '/tmp', 'additional_includes' => '/custom/path/includes', 'apache_version' => '2.4', + 'use_optional_includes' => true, 'suexec_user_group' => 'root root', 'allow_encoded_slashes' => 'nodecode', 'passenger_app_root' => '/usr/share/myapp', @@ -342,6 +356,7 @@ it { is_expected.to contain_class('apache::mod::passenger') } it { is_expected.to contain_class('apache::mod::fastcgi') } it { is_expected.to contain_class('apache::mod::headers') } + it { is_expected.to contain_class('apache::mod::filter') } it { is_expected.to contain_class('apache::mod::setenvif') } it { is_expected.to contain_concat('30-rspec.example.com.conf').with({ 'owner' => 'root', @@ -392,6 +407,8 @@ /SetEnv proxy-nokeepalive 1/) } it { is_expected.to contain_concat__fragment('rspec.example.com-proxy').with_content( /noquery interpolate/) } + it { is_expected.to contain_concat__fragment('rspec.example.com-proxy').with_content( + /ProxyPassReverseCookiePath\s+\/a\s+http:\/\//) } it { is_expected.to contain_concat__fragment('rspec.example.com-rack') } it { is_expected.to contain_concat__fragment('rspec.example.com-redirect') } it { is_expected.to contain_concat__fragment('rspec.example.com-rewrite') } @@ -404,6 +421,8 @@ it { is_expected.to contain_concat__fragment('rspec.example.com-suphp') } it { is_expected.to contain_concat__fragment('rspec.example.com-php_admin') } it { is_expected.to contain_concat__fragment('rspec.example.com-header') } + it { is_expected.to contain_concat__fragment('rspec.example.com-filters').with( + :content => /^\s+FilterDeclare COMPRESS$/ ) } it { is_expected.to contain_concat__fragment('rspec.example.com-requestheader') } it { is_expected.to contain_concat__fragment('rspec.example.com-wsgi') } it { is_expected.to contain_concat__fragment('rspec.example.com-custom_fragment') } @@ -414,6 +433,20 @@ it { is_expected.to contain_concat__fragment('rspec.example.com-charsets') } it { is_expected.to contain_concat__fragment('rspec.example.com-file_footer') } end + context 'set only aliases' do + let :params do + { + 'docroot' => '/rspec/docroot', + 'aliases' => [ + { + 'alias' => '/alias', + 'path' => '/rspec/docroot', + }, + ] + } + end + it { is_expected.to contain_class('apache::mod::alias')} + end context 'proxy_pass_match' do let :params do { @@ -422,12 +455,13 @@ { 'path' => '.*', 'url' => 'http://backend-a/', + 'params' => { 'timeout' => 300 }, } ], } end it { is_expected.to contain_concat__fragment('rspec.example.com-proxy').with_content( - /ProxyPassMatch .* http:\/\/backend-a\//).with_content(/## Proxy rules/) } + /ProxyPassMatch .* http:\/\/backend-a\/ timeout=300/).with_content(/## Proxy rules/) } end context 'proxy_dest_match' do let :params do diff --git a/apache/spec/spec_helper_acceptance.rb b/apache/spec/spec_helper_acceptance.rb index 6304c222b..d767b1e60 100644 --- a/apache/spec/spec_helper_acceptance.rb +++ b/apache/spec/spec_helper_acceptance.rb @@ -15,6 +15,15 @@ # Configure all nodes in nodeset c.before :suite do + # net-tools required for netstat utility being used by be_listening + if fact('osfamily') == 'RedHat' && fact('operatingsystemmajrelease') == '7' + pp = <<-EOS + package { 'net-tools': ensure => installed } + EOS + + apply_manifest_on(agents, pp, :catch_failures => false) + end + # Install module and dependencies hosts.each do |host| copy_module_to(host, :source => proj_root, :module_name => 'apache') diff --git a/apache/templates/mod/auth_mellon.conf.erb b/apache/templates/mod/auth_mellon.conf.erb new file mode 100644 index 000000000..e36a73390 --- /dev/null +++ b/apache/templates/mod/auth_mellon.conf.erb @@ -0,0 +1,21 @@ +<%- if @mellon_cache_size -%> +MellonCacheSize <%= @mellon_cache_size %> +<%- end -%> +<%- if @mellon_cache_entry_size -%> +MellonCacheEntrySize <%= @mellon_cache_entry_size %> +<%- end -%> +<%- if @mellon_lock_file -%> +MellonLockFile "<%= @mellon_lock_file %>" +<%- end -%> +<%- if @mellon_post_directory -%> +MellonPostDirectory "<%= @mellon_post_directory %>" +<%- end -%> +<%- if @mellon_post_ttl -%> +MellonPostTTL <%= @mellon_post_ttl %> +<%- end -%> +<%- if @mellon_post_size -%> +MellonPostSize <%= @mellon_post_size %> +<%- end -%> +<%- if @mellon_post_count -%> +MellonPostCount <%= @mellon_post_count %> +<%- end -%> diff --git a/apache/templates/mod/disk_cache.conf.erb b/apache/templates/mod/disk_cache.conf.erb index 0c7e2c4b7..b1b460e52 100644 --- a/apache/templates/mod/disk_cache.conf.erb +++ b/apache/templates/mod/disk_cache.conf.erb @@ -1,8 +1,4 @@ - - - CacheEnable disk / - CacheRoot "<%= @cache_root %>" - CacheDirLevels 2 - CacheDirLength 1 - - +CacheEnable disk / +CacheRoot "<%= @_cache_root %>" +CacheDirLevels 2 +CacheDirLength 1 diff --git a/apache/templates/mod/passenger.conf.erb b/apache/templates/mod/passenger.conf.erb index e50a2d636..1af4eaaa4 100644 --- a/apache/templates/mod/passenger.conf.erb +++ b/apache/templates/mod/passenger.conf.erb @@ -25,6 +25,9 @@ <%- if @passenger_max_requests -%> PassengerMaxRequests <%= @passenger_max_requests %> <%- end -%> + <%- if @passenger_spawn_method -%> + PassengerSpawnMethod <%= @passenger_spawn_method %> + <%- end -%> <%- if @passenger_stat_throttle_rate -%> PassengerStatThrottleRate <%= @passenger_stat_throttle_rate %> <%- end -%> diff --git a/apache/templates/mod/security.conf.erb b/apache/templates/mod/security.conf.erb index 7597c461f..ac28402c6 100644 --- a/apache/templates/mod/security.conf.erb +++ b/apache/templates/mod/security.conf.erb @@ -9,7 +9,7 @@ <%- end -%> # Default recommended configuration - SecRuleEngine On + SecRuleEngine <%= @modsec_secruleengine %> SecRequestBodyAccess On SecRule REQUEST_HEADERS:Content-Type "text/xml" \ "id:'200000',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=XML" diff --git a/apache/templates/mod/fcgid.conf.erb b/apache/templates/mod/unixd_fcgid.conf.erb similarity index 100% rename from apache/templates/mod/fcgid.conf.erb rename to apache/templates/mod/unixd_fcgid.conf.erb diff --git a/apache/templates/mod/userdir.conf.erb b/apache/templates/mod/userdir.conf.erb index 9032a3acc..83263c3d0 100644 --- a/apache/templates/mod/userdir.conf.erb +++ b/apache/templates/mod/userdir.conf.erb @@ -2,7 +2,7 @@ <% if @disable_root -%> UserDir disabled root <% end -%> - UserDir <%= @dir %> + UserDir <%= @home %>/*/<%= @dir %> /*/<%= @dir %>"> AllowOverride FileInfo AuthConfig Limit Indexes diff --git a/apache/templates/mod/worker.conf.erb b/apache/templates/mod/worker.conf.erb index 597e05f8d..ad2bc4461 100644 --- a/apache/templates/mod/worker.conf.erb +++ b/apache/templates/mod/worker.conf.erb @@ -7,4 +7,5 @@ ThreadsPerChild <%= @threadsperchild %> MaxRequestsPerChild <%= @maxrequestsperchild %> ThreadLimit <%= @threadlimit %> + ListenBacklog <%= @listenbacklog %> diff --git a/apache/templates/vhost/_directories.erb b/apache/templates/vhost/_directories.erb index 529d9bdff..189bd5770 100644 --- a/apache/templates/vhost/_directories.erb +++ b/apache/templates/vhost/_directories.erb @@ -252,6 +252,37 @@ ShibUseHeaders <%= directory['shib_use_headers'] %> <%- end -%> <%- end -%> + <%- if directory['mellon_enable'] -%> + MellonEnable "<%= directory['mellon_enable'] %>" + <%- if directory['mellon_endpoint_path'] -%> + MellonEndpointPath "<%= directory['mellon_endpoint_path'] %>" + <%- end -%> + <%- if directory['mellon_sp_private_key_file'] -%> + MellonSPPrivateKeyFile "<%= directory['mellon_sp_private_key_file'] %>" + <%- end -%> + <%- if directory['mellon_sp_cert_file'] -%> + MellonSPCertFile "<%= directory['mellon_sp_cert_file'] %>" + <%- end -%> + <%- if directory['mellon_idp_metadata_file'] -%> + MellonIDPMetadataFile "<%= directory['mellon_idp_metadata_file'] %>" + <%- end -%> + <%- if directory['mellon_set_env_no_prefix'] -%> + <%- directory['mellon_set_env_no_prefix'].each do |key, value| -%> + MellonSetEnvNoPrefix "<%= key %>" "<%= value %>" + <%- end -%> + <%- end -%> + <%- if directory['mellon_user'] -%> + MellonUser "<%= directory['mellon_user'] %>" + <%- end -%> + <%- if directory['mellon_saml_response_dump'] -%> + MellonSamlResponseDump "<%= directory['mellon_saml_response_dump'] %>" + <%- end -%> + <%- if directory['mellon_cond'] -%> + <%- Array(directory['mellon_cond']).each do |cond| -%> + MellonCond <%= cond %> + <%- end -%> + <%- end -%> + <%- end -%> <%- if directory['custom_fragment'] -%> <%= directory['custom_fragment'] %> <%- end -%> diff --git a/apache/templates/vhost/_filters.erb b/apache/templates/vhost/_filters.erb new file mode 100644 index 000000000..b86259734 --- /dev/null +++ b/apache/templates/vhost/_filters.erb @@ -0,0 +1,10 @@ +<% if @filters and ! @filters.empty? -%> + + ## Filter module rules + ## as per http://httpd.apache.org/docs/2.2/mod/mod_filter.html + <%- Array(@filters).each do |filter| -%> + <%- if filter != '' -%> + <%= filter %> + <%- end -%> + <%- end -%> +<% end -%> diff --git a/apache/templates/vhost/_proxy.erb b/apache/templates/vhost/_proxy.erb index 157e2ef40..3f94af911 100644 --- a/apache/templates/vhost/_proxy.erb +++ b/apache/templates/vhost/_proxy.erb @@ -18,6 +18,11 @@ <%- if proxy['keywords'] %> <%= proxy['keywords'].join(' ') -%> <%- end %> > + <%- if not proxy['reverse_cookies'].nil? -%> + <%- Array(proxy['reverse_cookies']).each do |reverse_cookies| -%> + ProxyPassReverseCookiePath <%= reverse_cookies['path'] %> <%= reverse_cookies['url'] %> + <%- end -%> + <%- end -%> <%- if proxy['reverse_urls'].nil? -%> ProxyPassReverse <%= proxy['url'] %> <%- else -%> @@ -33,7 +38,7 @@ <% end -%> <% [@proxy_pass_match].flatten.compact.each do |proxy| %> - ProxyPassMatch <%= proxy['path'] %> <%= proxy['url'] %> + ProxyPassMatch <%= proxy['path'] %> <%= proxy['url'] -%> <%- if proxy['params'] -%> <%- proxy['params'].each_pair do |key, value| -%> <%= key %>=<%= value -%> <%- end -%> @@ -50,7 +55,7 @@ <%- end -%> <%- if proxy['setenv'] -%> <%- Array(proxy['setenv']).each do |setenv_var| -%> - SetEnv <%= setenv_var -%> + SetEnv <%= setenv_var %> <%- end -%> <%- end -%> diff --git a/apache/tests/vhost_filter.pp b/apache/tests/vhost_filter.pp new file mode 100644 index 000000000..ab339737f --- /dev/null +++ b/apache/tests/vhost_filter.pp @@ -0,0 +1,17 @@ +# Base class. Declares default vhost on port 80 with filters. +class { 'apache': } + +# Example from README adapted. +apache::vhost { 'readme.example.net': + docroot => '/var/www/html', + filters => [ + 'FilterDeclare COMPRESS', + 'FilterProvider COMPRESS DEFLATE resp=Content-Type $text/html', + 'FilterProvider COMPRESS DEFLATE resp=Content-Type $text/css', + 'FilterProvider COMPRESS DEFLATE resp=Content-Type $text/plain', + 'FilterProvider COMPRESS DEFLATE resp=Content-Type $text/xml', + 'FilterChain COMPRESS', + 'FilterProtocol COMPRESS DEFLATE change=yes;byteranges=no', + ], +} + diff --git a/ceilometer/.fixtures.yml b/ceilometer/.fixtures.yml index 5e57356ff..7f0c8e399 100644 --- a/ceilometer/.fixtures.yml +++ b/ceilometer/.fixtures.yml @@ -5,10 +5,10 @@ fixtures: 'repo': 'git://github.com/puppetlabs/puppetlabs-concat.git' 'ref': '1.2.1' 'inifile': 'git://github.com/puppetlabs/puppetlabs-inifile' - 'keystone': 'git://github.com/stackforge/puppet-keystone.git' + 'keystone': 'git://github.com/openstack/puppet-keystone.git' 'mysql': 'git://github.com/puppetlabs/puppetlabs-mysql.git' - 'nova': 'git://github.com/stackforge/puppet-nova.git' - 'openstacklib': 'git://github.com/stackforge/puppet-openstacklib.git' + 'nova': 'git://github.com/openstack/puppet-nova.git' + 'openstacklib': 'git://github.com/openstack/puppet-openstacklib.git' 'postgresql': 'git://github.com/puppetlabs/puppet-postgresql.git' 'stdlib': 'git://github.com/puppetlabs/puppetlabs-stdlib.git' symlinks: diff --git a/ceilometer/.gitignore b/ceilometer/.gitignore index d4a93a066..4dd84f06e 100644 --- a/ceilometer/.gitignore +++ b/ceilometer/.gitignore @@ -1,4 +1,10 @@ -*.swp -spec/fixtures/modules/* -pkg +pkg/ Gemfile.lock +vendor/ +spec/fixtures/ +.vagrant/ +.bundle/ +coverage/ +.idea/ +*.swp +*.iml diff --git a/ceilometer/Gemfile b/ceilometer/Gemfile index 9ea211333..6d4ce9a07 100644 --- a/ceilometer/Gemfile +++ b/ceilometer/Gemfile @@ -1,25 +1,30 @@ -source 'https://rubygems.org' +source ENV['GEM_SOURCE'] || "https://rubygems.org" group :development, :test do - gem 'puppetlabs_spec_helper', :require => false - gem 'rspec-puppet', '~> 2.1.0', :require => false - - gem 'metadata-json-lint' - gem 'puppet-lint-param-docs' - gem 'puppet-lint-absolute_classname-check' - gem 'puppet-lint-absolute_template_path' - gem 'puppet-lint-trailing_newline-check' + gem 'puppetlabs_spec_helper', :require => 'false' + gem 'rspec-puppet', '~> 2.2.0', :require => 'false' + gem 'metadata-json-lint', :require => 'false' + gem 'puppet-lint-param-docs', :require => 'false' + gem 'puppet-lint-absolute_classname-check', :require => 'false' + gem 'puppet-lint-absolute_template_path', :require => 'false' + gem 'puppet-lint-trailing_newline-check', :require => 'false' + gem 'puppet-lint-unquoted_string-check', :require => 'false' + gem 'puppet-lint-leading_zero-check', :require => 'false' + gem 'puppet-lint-variable_contains_upcase', :require => 'false' + gem 'puppet-lint-numericvariable', :require => 'false' + gem 'json', :require => 'false' + gem 'webmock', :require => 'false' +end - # Puppet 4.x related lint checks - gem 'puppet-lint-unquoted_string-check' - gem 'puppet-lint-leading_zero-check' - gem 'puppet-lint-variable_contains_upcase' - gem 'puppet-lint-numericvariable' +group :system_tests do + gem 'beaker-rspec', :require => 'false' + gem 'beaker-puppet_install_helper', :require => 'false' +end - gem 'beaker-rspec', :require => false - gem 'beaker-puppet_install_helper', :require => false - gem 'json' - gem 'webmock' +if facterversion = ENV['FACTER_GEM_VERSION'] + gem 'facter', facterversion, :require => false +else + gem 'facter', :require => false end if puppetversion = ENV['PUPPET_GEM_VERSION'] diff --git a/ceilometer/README.md b/ceilometer/README.md index 2bee1c330..f94759b8a 100644 --- a/ceilometer/README.md +++ b/ceilometer/README.md @@ -33,14 +33,42 @@ Setup **What the ceilometer module affects** -* ceilometer, the metering service for OpenStack +* [Ceilometer](https://wiki.openstack.org/wiki/Ceilometer), the metering service for OpenStack ### Installing ceilometer - example% puppet module install openstack/ceilometer + puppet module install openstack/ceilometer ### Beginning with ceilometer +To utilize the ceilometer module's functionality you will need to declare multiple resources. +The following is a modified excerpt from the [openstack module](httpd://github.com/stackforge/puppet +-openstack). +This is not an exhaustive list of all the components needed. We recommend that you consult and under +stand the [openstack module](https://github.com/stackforge/puppet-openstack) and the [core](http://d +ocs.openstack.org) documentation to assist you in understanding the available deployment options. + +```puppet +class { '::ceilometer': + metering_secret => 'secrete', + rabbit_userid => 'ceilometer', + rabbit_password => 'an_even_bigger_secret', + rabbit_host => '127.0.0.1', +} +class { '::ceilometer::client': } +class { '::ceilometer::collector': } +class { '::ceilometer::expirer': } +class { '::ceilometer::alarm::evaluator': } +class { '::ceilometer::alarm::notifier': } +class { '::ceilometer::agent::central': } +class { '::ceilometer::agent::notification': } +class { '::ceilometer::api': + enabled => true, + keystone_password => 'a_big_secret', + keystone_identity_uri => 'http://127.0.0.1:35357/', +} +``` + Implementation -------------- @@ -49,6 +77,36 @@ Implementation ceilometer is a combination of Puppet manifests and Ruby code to deliver configuration and extra functionality through types and providers. +### Types + +#### ceilometer_config + +The `ceilometer_config` provider is a children of the ini_setting provider. It allows one to write an entry in the `/etc/ceilometer/ceilometer.conf` file. + +```puppet +ceilometer_config { 'DEFAULT/verbose' : + value => true, +} +``` + +This will write `verbose=true` in the `[DEFAULT]` section. + +##### name + +Section/setting name to manage from `ceilometer.conf` + +##### value + +The value of the setting to be defined. + +##### secret + +Whether to hide the value from Puppet logs. Defaults to `false`. + +##### ensure_absent_val + +If value is equal to ensure_absent_val then the resource will behave as if `ensure => absent` was specified. Defaults to `` + Limitations ----------- diff --git a/ceilometer/Rakefile b/ceilometer/Rakefile index bb3e2bbf2..bc08f437c 100644 --- a/ceilometer/Rakefile +++ b/ceilometer/Rakefile @@ -2,11 +2,20 @@ require 'puppetlabs_spec_helper/rake_tasks' require 'puppet-lint/tasks/puppet-lint' require 'puppet-syntax/tasks/puppet-syntax' -PuppetLint.configuration.fail_on_warnings = true -PuppetLint.configuration.send('disable_80chars') -PuppetLint.configuration.send('disable_class_parameter_defaults') -PuppetLint.configuration.send('disable_only_variable_string') +PuppetSyntax.exclude_paths ||= [] +PuppetSyntax.exclude_paths << "spec/fixtures/**/*" +PuppetSyntax.exclude_paths << "pkg/**/*" +PuppetSyntax.exclude_paths << "vendor/**/*" -exclude_tests_paths = ['pkg/**/*','vendor/**/*'] -PuppetLint.configuration.ignore_paths = exclude_tests_paths -PuppetSyntax.exclude_paths = exclude_tests_paths +Rake::Task[:lint].clear +PuppetLint::RakeTask.new :lint do |config| + config.ignore_paths = ["spec/**/*.pp", "vendor/**/*.pp"] + config.fail_on_warnings = true + config.log_format = '%{path}:%{linenumber}:%{KIND}: %{message}' + config.disable_checks = ["80chars", "class_inherits_from_params_class", "class_parameter_defaults", "only_variable_string"] +end + +desc "Run acceptance tests" +RSpec::Core::RakeTask.new(:acceptance) do |t| + t.pattern = 'spec/acceptance' +end diff --git a/ceilometer/lib/puppet/provider/ceilometer_config/ini_setting.rb b/ceilometer/lib/puppet/provider/ceilometer_config/ini_setting.rb index 10ae8fb0b..db180a144 100644 --- a/ceilometer/lib/puppet/provider/ceilometer_config/ini_setting.rb +++ b/ceilometer/lib/puppet/provider/ceilometer_config/ini_setting.rb @@ -1,20 +1,8 @@ Puppet::Type.type(:ceilometer_config).provide( :ini_setting, - :parent => Puppet::Type.type(:ini_setting).provider(:ruby) + :parent => Puppet::Type.type(:openstack_config).provider(:ini_setting) ) do - def section - resource[:name].split('/', 2).first - end - - def setting - resource[:name].split('/', 2).last - end - - def separator - '=' - end - def self.file_path '/etc/ceilometer/ceilometer.conf' end diff --git a/ceilometer/lib/puppet/type/ceilometer_config.rb b/ceilometer/lib/puppet/type/ceilometer_config.rb index 77215b251..88607734b 100644 --- a/ceilometer/lib/puppet/type/ceilometer_config.rb +++ b/ceilometer/lib/puppet/type/ceilometer_config.rb @@ -41,4 +41,13 @@ def should_to_s( newvalue ) defaultto false end + newparam(:ensure_absent_val) do + desc 'A value that is specified as the value property will behave as if ensure => absent was specified' + defaultto('') + end + + autorequire(:package) do + 'ceilometer-common' + end + end diff --git a/ceilometer/manifests/api.pp b/ceilometer/manifests/api.pp index b6ea6728a..b188db777 100644 --- a/ceilometer/manifests/api.pp +++ b/ceilometer/manifests/api.pp @@ -64,6 +64,15 @@ # (optional) ensure state for package. # Defaults to 'present' # +# [*service_name*] +# (optional) Name of the service that will be providing the +# server functionality of ceilometer-api. +# If the value is 'httpd', this means ceilometer-api will be a web +# service, and you must use another class to configure that +# web service. For example, use class { 'ceilometer::wsgi::apache'...} +# to make ceilometer-api be a web app using apache mod_wsgi. +# Defaults to '$::ceilometer::params::api_service_name' +# class ceilometer::api ( $manage_service = true, $enabled = true, @@ -75,23 +84,23 @@ $keystone_identity_uri = false, $host = '0.0.0.0', $port = '8777', + $service_name = $::ceilometer::params::api_service_name, # DEPRECATED PARAMETERS $keystone_host = '127.0.0.1', $keystone_port = '35357', $keystone_auth_admin_prefix = false, $keystone_protocol = 'http', -) { +) inherits ceilometer::params { include ::ceilometer::params include ::ceilometer::policy validate_string($keystone_password) - Ceilometer_config<||> ~> Service['ceilometer-api'] - Class['ceilometer::policy'] ~> Service['ceilometer-api'] + Ceilometer_config<||> ~> Service[$service_name] + Class['ceilometer::policy'] ~> Service[$service_name] - Package['ceilometer-api'] -> Ceilometer_config<||> - Package['ceilometer-api'] -> Service['ceilometer-api'] + Package['ceilometer-api'] -> Service[$service_name] Package['ceilometer-api'] -> Class['ceilometer::policy'] package { 'ceilometer-api': ensure => $package_ensure, @@ -106,17 +115,30 @@ $service_ensure = 'stopped' } } - - Package['ceilometer-common'] -> Service['ceilometer-api'] - service { 'ceilometer-api': - ensure => $service_ensure, - name => $::ceilometer::params::api_service_name, - enable => $enabled, - hasstatus => true, - hasrestart => true, - require => Class['ceilometer::db'], - subscribe => Exec['ceilometer-dbsync'], - tag => 'ceilometer-service', + Package['ceilometer-common'] -> Service[$service_name] + + if $service_name == $::ceilometer::params::api_service_name { + service { 'ceilometer-api': + ensure => $service_ensure, + name => $::ceilometer::params::api_service_name, + enable => $enabled, + hasstatus => true, + hasrestart => true, + require => Class['ceilometer::db'], + subscribe => Exec['ceilometer-dbsync'], + tag => 'ceilometer-service', + } + } elsif $service_name == 'httpd' { + include ::apache::params + service { 'ceilometer-api': + ensure => 'stopped', + name => $::ceilometer::params::api_service_name, + enable => false, + tag => 'ceilometer-service', + } + Class['ceilometer::db'] -> Service[$service_name] + } else { + fail('Invalid service_name. Either ceilometer/openstack-ceilometer-api for running as a standalone service, or httpd for being run by a httpd server') } ceilometer_config { diff --git a/ceilometer/manifests/init.pp b/ceilometer/manifests/init.pp index c4a84140b..7d65717c7 100644 --- a/ceilometer/manifests/init.pp +++ b/ceilometer/manifests/init.pp @@ -4,6 +4,17 @@ # # == parameters # +# [*http_timeout*] +# timeout seconds for HTTP requests +# Defaults to 600 +# [*event_time_to_live*] +# number of seconds that events are kept in the database for +# (<= 0 means forever) +# Defaults to -1 +# [*metering_time_to_live*] +# number of seconds that samples are kept in the database for +# (<= 0 means forever) +# Defaults to -1 # [*metering_secret*] # secret key for signing messages. Mandatory. # [*notification_topics*] @@ -22,6 +33,9 @@ # [*use_syslog*] # (optional) Use syslog for logging # Defaults to false +# [*use_stderr*] +# (optional) Use stderr for logging +# Defaults to true # [*log_facility*] # (optional) Syslog facility to receive log lines. # Defaults to 'LOG_USER' @@ -94,6 +108,9 @@ # (optional) various QPID options # class ceilometer( + $http_timeout = '600', + $event_time_to_live = '-1', + $metering_time_to_live = '-1', $metering_secret = false, $notification_topics = ['notifications'], $package_ensure = 'present', @@ -101,6 +118,7 @@ $log_dir = '/var/log/ceilometer', $verbose = false, $use_syslog = false, + $use_stderr = true, $log_facility = 'LOG_USER', $rpc_backend = 'rabbit', $rabbit_host = '127.0.0.1', @@ -184,8 +202,6 @@ tag => ['openstack', 'ceilometer-package'], } - Package['ceilometer-common'] -> Ceilometer_config<||> - # we keep "ceilometer.openstack.common.rpc.impl_kombu" for backward compatibility if $rpc_backend == 'ceilometer.openstack.common.rpc.impl_kombu' or $rpc_backend == 'rabbit' { @@ -278,11 +294,15 @@ # Once we got here, we can act as an honey badger on the rpc used. ceilometer_config { + 'DEFAULT/http_timeout' : value => $http_timeout; 'DEFAULT/rpc_backend' : value => $rpc_backend; 'publisher/metering_secret' : value => $metering_secret, secret => true; 'DEFAULT/debug' : value => $debug; 'DEFAULT/verbose' : value => $verbose; + 'DEFAULT/use_stderr' : value => $use_stderr; 'DEFAULT/notification_topics' : value => join($notification_topics, ','); + 'database/event_time_to_live' : value => $event_time_to_live; + 'database/metering_time_to_live' : value => $metering_time_to_live; } # Log configuration diff --git a/ceilometer/manifests/params.pp b/ceilometer/manifests/params.pp index 524c2f902..a1923230b 100644 --- a/ceilometer/manifests/params.pp +++ b/ceilometer/manifests/params.pp @@ -68,7 +68,7 @@ } } $ceilometer_wsgi_script_path = '/usr/lib/cgi-bin/ceilometer' - $ceilometer_wsgi_script_source = '/usr/share/ceilometer/app.wsgi' + $ceilometer_wsgi_script_source = '/usr/lib/python2.7/dist-packages/ceilometer/api/app.wsgi' } default: { fail("Unsupported osfamily: ${::osfamily} operatingsystem: \ diff --git a/ceilometer/manifests/wsgi/apache.pp b/ceilometer/manifests/wsgi/apache.pp index 8ddba112c..ad0a3a5bf 100644 --- a/ceilometer/manifests/wsgi/apache.pp +++ b/ceilometer/manifests/wsgi/apache.pp @@ -18,8 +18,7 @@ # Class to serve Ceilometer API with apache mod_wsgi in place of ceilometer-api service. # # Serving Ceilometer API from apache is the recommended way to go for production -# systems as the current keystone implementation is not multi-processor aware, -# thus limiting the performance for concurrent accesses. +# because of limited performance for concurrent accesses when running eventlet. # # When using this class you should disable your ceilometer-api service. # diff --git a/ceilometer/spec/acceptance/ceilometer_with_mysql_spec.rb b/ceilometer/spec/acceptance/ceilometer_with_mysql_spec.rb index 706f0effd..155ac9ba3 100644 --- a/ceilometer/spec/acceptance/ceilometer_with_mysql_spec.rb +++ b/ceilometer/spec/acceptance/ceilometer_with_mysql_spec.rb @@ -12,15 +12,29 @@ case $::osfamily { 'Debian': { include ::apt - class { '::openstack_extras::repo::debian::ubuntu': - release => 'kilo', - package_require => true, + apt::ppa { 'ppa:ubuntu-cloud-archive/liberty-staging': + # it's false by default in 2.x series but true in 1.8.x + package_manage => false, } + Exec['apt_update'] -> Package<||> $package_provider = 'apt' } 'RedHat': { class { '::openstack_extras::repo::redhat::redhat': - release => 'kilo', + manage_rdo => false, + repo_hash => { + # we need kilo repo to be installed for dependencies + 'rdo-kilo' => { + 'baseurl' => 'https://repos.fedorapeople.org/repos/openstack/openstack-kilo/el7/', + 'descr' => 'RDO kilo', + 'gpgcheck' => 'no', + }, + 'rdo-liberty' => { + 'baseurl' => 'http://trunk.rdoproject.org/centos7/current/', + 'descr' => 'RDO trunk', + 'gpgcheck' => 'no', + }, + }, } package { 'openstack-selinux': ensure => 'latest' } $package_provider = 'yum' @@ -84,9 +98,9 @@ class { '::ceilometer': rabbit_userid => 'ceilometer', rabbit_password => 'an_even_bigger_secret', rabbit_host => '127.0.0.1', + debug => true, + verbose => true, } - # Until https://review.openstack.org/177593 is merged: - Package<| title == 'python-mysqldb' |> -> Class['ceilometer::db'] class { '::ceilometer::db::mysql': password => 'a_big_secret', } diff --git a/ceilometer/spec/acceptance/ceilometer_wsgi_apache_spec.rb b/ceilometer/spec/acceptance/ceilometer_wsgi_apache_spec.rb new file mode 100644 index 000000000..d731de218 --- /dev/null +++ b/ceilometer/spec/acceptance/ceilometer_wsgi_apache_spec.rb @@ -0,0 +1,133 @@ +require 'spec_helper_acceptance' + +describe 'ceilometer with mysql' do + + context 'default parameters' do + + it 'should work with no errors' do + pp= <<-EOS + Exec { logoutput => 'on_failure' } + + # Common resources + case $::osfamily { + 'Debian': { + include ::apt + class { '::openstack_extras::repo::debian::ubuntu': + release => 'kilo', + package_require => true, + } + $package_provider = 'apt' + } + 'RedHat': { + class { '::openstack_extras::repo::redhat::redhat': + release => 'kilo', + } + package { 'openstack-selinux': ensure => 'latest' } + $package_provider = 'yum' + } + default: { + fail("Unsupported osfamily (${::osfamily})") + } + } + + class { '::mysql::server': } + + class { '::rabbitmq': + delete_guest_user => true, + package_provider => $package_provider, + } + + rabbitmq_vhost { '/': + provider => 'rabbitmqctl', + require => Class['rabbitmq'], + } + + rabbitmq_user { 'ceilometer': + admin => true, + password => 'an_even_bigger_secret', + provider => 'rabbitmqctl', + require => Class['rabbitmq'], + } + + rabbitmq_user_permissions { 'ceilometer@/': + configure_permission => '.*', + write_permission => '.*', + read_permission => '.*', + provider => 'rabbitmqctl', + require => Class['rabbitmq'], + } + + + # Keystone resources, needed by Ceilometer to run + class { '::keystone::db::mysql': + password => 'keystone', + } + class { '::keystone': + verbose => true, + debug => true, + database_connection => 'mysql://keystone:keystone@127.0.0.1/keystone', + admin_token => 'admin_token', + enabled => true, + } + class { '::keystone::roles::admin': + email => 'test@example.tld', + password => 'a_big_secret', + } + class { '::keystone::endpoint': + public_url => "https://${::fqdn}:5000/", + admin_url => "https://${::fqdn}:35357/", + } + + # Ceilometer resources + class { '::ceilometer': + metering_secret => 'secrete', + rabbit_userid => 'ceilometer', + rabbit_password => 'an_even_bigger_secret', + rabbit_host => '127.0.0.1', + } + # Until https://review.openstack.org/177593 is merged: + Package<| title == 'python-mysqldb' |> -> Class['ceilometer::db'] + class { '::ceilometer::db::mysql': + password => 'a_big_secret', + } + class { '::ceilometer::db': + database_connection => 'mysql://ceilometer:a_big_secret@127.0.0.1/ceilometer?charset=utf8', + } + class { '::ceilometer::keystone::auth': + password => 'a_big_secret', + } + class { '::ceilometer::client': } + class { '::ceilometer::collector': } + class { '::ceilometer::expirer': } + class { '::ceilometer::alarm::evaluator': } + class { '::ceilometer::alarm::notifier': } + class { '::ceilometer::agent::central': } + class { '::ceilometer::agent::notification': } + class { '::ceilometer::api': + enabled => true, + keystone_password => 'a_big_secret', + keystone_identity_uri => 'http://127.0.0.1:35357/', + service_name => 'httpd', + } + include ::apache + class { '::ceilometer::wsgi::apache': + ssl => false, + } + EOS + + + # Run it twice and test for idempotency + apply_manifest(pp, :catch_failures => true) + apply_manifest(pp, :catch_changes => true) + end + + describe port(8777) do + it { is_expected.to be_listening } + end + + describe cron do + it { is_expected.to have_entry('1 0 * * * ceilometer-expirer').with_user('ceilometer') } + end + + end +end diff --git a/ceilometer/spec/acceptance/nodesets/centos-70-x64.yml b/ceilometer/spec/acceptance/nodesets/centos-70-x64.yml new file mode 100644 index 000000000..5f097e9fe --- /dev/null +++ b/ceilometer/spec/acceptance/nodesets/centos-70-x64.yml @@ -0,0 +1,11 @@ +HOSTS: + centos-server-70-x64: + roles: + - master + platform: el-7-x86_64 + box: puppetlabs/centos-7.0-64-nocm + box_url: https://vagrantcloud.com/puppetlabs/centos-7.0-64-nocm + hypervisor: vagrant +CONFIG: + log_level: debug + type: foss diff --git a/ceilometer/spec/acceptance/nodesets/default.yml b/ceilometer/spec/acceptance/nodesets/default.yml index a2c1ecc63..486b6a34e 100644 --- a/ceilometer/spec/acceptance/nodesets/default.yml +++ b/ceilometer/spec/acceptance/nodesets/default.yml @@ -1,9 +1,10 @@ HOSTS: - ubuntu-14.04-amd64: + ubuntu-server-14.04-amd64: roles: - master platform: ubuntu-14.04-amd64 - hypervisor : none - ip: 127.0.0.1 + box: puppetlabs/ubuntu-14.04-64-nocm + box_url: https://vagrantcloud.com/puppetlabs/ubuntu-14.04-64-nocm + hypervisor: vagrant CONFIG: type: foss diff --git a/ceilometer/spec/acceptance/nodesets/nodepool-centos7.yml b/ceilometer/spec/acceptance/nodesets/nodepool-centos7.yml index 575ae6732..c55287420 100644 --- a/ceilometer/spec/acceptance/nodesets/nodepool-centos7.yml +++ b/ceilometer/spec/acceptance/nodesets/nodepool-centos7.yml @@ -3,7 +3,7 @@ HOSTS: roles: - master platform: el-7-x86_64 - hypervisor : none + hypervisor: none ip: 127.0.0.1 CONFIG: type: foss diff --git a/ceilometer/spec/acceptance/nodesets/nodepool-trusty.yml b/ceilometer/spec/acceptance/nodesets/nodepool-trusty.yml index a95d9f38d..9fc624e24 100644 --- a/ceilometer/spec/acceptance/nodesets/nodepool-trusty.yml +++ b/ceilometer/spec/acceptance/nodesets/nodepool-trusty.yml @@ -3,7 +3,7 @@ HOSTS: roles: - master platform: ubuntu-14.04-amd64 - hypervisor : none + hypervisor: none ip: 127.0.0.1 CONFIG: type: foss diff --git a/ceilometer/spec/acceptance/nodesets/ubuntu-server-1404-x64.yml b/ceilometer/spec/acceptance/nodesets/ubuntu-server-1404-x64.yml new file mode 100644 index 000000000..8001929b2 --- /dev/null +++ b/ceilometer/spec/acceptance/nodesets/ubuntu-server-1404-x64.yml @@ -0,0 +1,11 @@ +HOSTS: + ubuntu-server-14.04-amd64: + roles: + - master + platform: ubuntu-14.04-amd64 + box: puppetlabs/ubuntu-14.04-64-nocm + box_url: https://vagrantcloud.com/puppetlabs/ubuntu-14.04-64-nocm + hypervisor: vagrant +CONFIG: + log_level: debug + type: foss diff --git a/ceilometer/spec/classes/ceilometer_api_spec.rb b/ceilometer/spec/classes/ceilometer_api_spec.rb index e0d0b3687..e9f7f3d13 100644 --- a/ceilometer/spec/classes/ceilometer_api_spec.rb +++ b/ceilometer/spec/classes/ceilometer_api_spec.rb @@ -3,7 +3,8 @@ describe 'ceilometer::api' do let :pre_condition do - "class { 'ceilometer': metering_secret => 's3cr3t' }" + "class { 'ceilometer': metering_secret => 's3cr3t' } + include ::ceilometer::db" end let :params do @@ -115,11 +116,51 @@ ) end end + + context 'when running ceilometer-api in wsgi' do + before do + params.merge!({ :service_name => 'httpd' }) + end + + let :pre_condition do + "include ::apache + include ::ceilometer::db + class { 'ceilometer': metering_secret => 's3cr3t' }" + end + + it 'configures ceilometer-api service with Apache' do + is_expected.to contain_service('ceilometer-api').with( + :ensure => 'stopped', + :name => platform_params[:api_service_name], + :enable => false, + :tag => 'ceilometer-service', + ) + end + end + + context 'when service_name is not valid' do + before do + params.merge!({ :service_name => 'foobar' }) + end + + let :pre_condition do + "include ::apache + include ::ceilometer::db + class { 'ceilometer': metering_secret => 's3cr3t' }" + end + + it_raises 'a Puppet::Error', /Invalid service_name/ + end end context 'on Debian platforms' do let :facts do - { :osfamily => 'Debian' } + { :osfamily => 'Debian', + :operatingsystem => 'Debian', + :operatingsystemrelease => '8.0', + :concat_basedir => '/var/lib/puppet/concat', + :fqdn => 'some.host.tld', + :processorcount => 2 } end let :platform_params do @@ -132,7 +173,12 @@ context 'on RedHat platforms' do let :facts do - { :osfamily => 'RedHat' } + { :osfamily => 'RedHat', + :operatingsystem => 'RedHat', + :operatingsystemrelease => '7.1', + :fqdn => 'some.host.tld', + :concat_basedir => '/var/lib/puppet/concat', + :processorcount => 2 } end let :platform_params do diff --git a/ceilometer/spec/classes/ceilometer_init_spec.rb b/ceilometer/spec/classes/ceilometer_init_spec.rb index c582fa13f..ceb1bbe5f 100644 --- a/ceilometer/spec/classes/ceilometer_init_spec.rb +++ b/ceilometer/spec/classes/ceilometer_init_spec.rb @@ -4,11 +4,15 @@ let :params do { - :metering_secret => 'metering-s3cr3t', - :package_ensure => 'present', - :debug => 'False', - :log_dir => '/var/log/ceilometer', - :verbose => 'False', + :http_timeout => '600', + :event_time_to_live => '604800', + :metering_time_to_live => '604800', + :metering_secret => 'metering-s3cr3t', + :package_ensure => 'present', + :debug => 'False', + :log_dir => '/var/log/ceilometer', + :verbose => 'False', + :use_stderr => 'True', } end @@ -34,6 +38,15 @@ shared_examples_for 'ceilometer' do + it 'configures time to live for events and meters' do + is_expected.to contain_ceilometer_config('database/event_time_to_live').with_value( params[:event_time_to_live] ) + is_expected.to contain_ceilometer_config('database/metering_time_to_live').with_value( params[:metering_time_to_live] ) + end + + it 'configures timeout for HTTP requests' do + is_expected.to contain_ceilometer_config('DEFAULT/http_timeout').with_value(params[:http_timeout]) + end + context 'with rabbit_host parameter' do before { params.merge!( rabbit_params ) } it_configures 'a ceilometer base installation' @@ -133,6 +146,10 @@ is_expected.to contain_ceilometer_config('DEFAULT/verbose').with_value( params[:verbose] ) end + it 'configures use_stderr option' do + is_expected.to contain_ceilometer_config('DEFAULT/use_stderr').with_value( params[:use_stderr] ) + end + it 'configures logging directory by default' do is_expected.to contain_ceilometer_config('DEFAULT/log_dir').with_value( params[:log_dir] ) end diff --git a/ceilometer/spec/classes/ceilometer_wsgi_apache_spec.rb b/ceilometer/spec/classes/ceilometer_wsgi_apache_spec.rb index b7c689900..ad4c07654 100644 --- a/ceilometer/spec/classes/ceilometer_wsgi_apache_spec.rb +++ b/ceilometer/spec/classes/ceilometer_wsgi_apache_spec.rb @@ -119,7 +119,7 @@ :httpd_service_name => 'apache2', :httpd_ports_file => '/etc/apache2/ports.conf', :wsgi_script_path => '/usr/lib/cgi-bin/ceilometer', - :wsgi_script_source => '/usr/share/ceilometer/app.wsgi' + :wsgi_script_source => '/usr/lib/python2.7/dist-packages/ceilometer/api/app.wsgi' } end diff --git a/ceilometer/spec/spec_helper.rb b/ceilometer/spec/spec_helper.rb index 53d4dd02d..3df4cede1 100644 --- a/ceilometer/spec/spec_helper.rb +++ b/ceilometer/spec/spec_helper.rb @@ -1,7 +1,10 @@ require 'puppetlabs_spec_helper/module_spec_helper' require 'shared_examples' +require 'webmock/rspec' RSpec.configure do |c| c.alias_it_should_behave_like_to :it_configures, 'configures' c.alias_it_should_behave_like_to :it_raises, 'raises' end + +at_exit { RSpec::Puppet::Coverage.report! } diff --git a/ceilometer/spec/unit/provider/ceilometer_config/ini_setting_spec.rb b/ceilometer/spec/unit/provider/ceilometer_config/ini_setting_spec.rb index 172766dc2..e69a3a919 100644 --- a/ceilometer/spec/unit/provider/ceilometer_config/ini_setting_spec.rb +++ b/ceilometer/spec/unit/provider/ceilometer_config/ini_setting_spec.rb @@ -9,6 +9,17 @@ 'inifile', 'lib') ) +$LOAD_PATH.push( + File.join( + File.dirname(__FILE__), + '..', + '..', + '..', + 'fixtures', + 'modules', + 'openstacklib', + 'lib') +) require 'spec_helper' @@ -39,4 +50,23 @@ expect(provider.section).to eq('dude') expect(provider.setting).to eq('foo') end + + it 'should ensure absent when is specified as a value' do + resource = Puppet::Type::Ceilometer_config.new( + {:name => 'dude/foo', :value => ''} + ) + provider = provider_class.new(resource) + provider.exists? + expect(resource[:ensure]).to eq :absent + end + + it 'should ensure absent when value matches ensure_absent_val' do + resource = Puppet::Type::Ceilometer_config.new( + {:name => 'dude/foo', :value => 'foo', :ensure_absent_val => 'foo' } + ) + provider = provider_class.new(resource) + provider.exists? + expect(resource[:ensure]).to eq :absent + end + end diff --git a/ceilometer/spec/unit/type/ceilometer_config_spec.rb b/ceilometer/spec/unit/type/ceilometer_config_spec.rb index 226507eb9..368347904 100644 --- a/ceilometer/spec/unit/type/ceilometer_config_spec.rb +++ b/ceilometer/spec/unit/type/ceilometer_config_spec.rb @@ -50,4 +50,15 @@ @ceilometer_config[:ensure] = :latest }.to raise_error(Puppet::Error, /Invalid value/) end + + it 'should autorequire the package that install the file' do + catalog = Puppet::Resource::Catalog.new + package = Puppet::Type.type(:package).new(:name => 'ceilometer-common') + catalog.add_resource package, @ceilometer_config + dependency = @ceilometer_config.autorequire + expect(dependency.size).to eq(1) + expect(dependency[0].target).to eq(@ceilometer_config) + expect(dependency[0].source).to eq(package) + end + end diff --git a/cinder/.fixtures.yml b/cinder/.fixtures.yml index 257dcf62a..7c78c9392 100644 --- a/cinder/.fixtures.yml +++ b/cinder/.fixtures.yml @@ -5,9 +5,9 @@ fixtures: 'repo': 'git://github.com/puppetlabs/puppetlabs-concat.git' 'ref': '1.2.1' 'inifile': 'git://github.com/puppetlabs/puppetlabs-inifile' - 'keystone': 'git://github.com/stackforge/puppet-keystone.git' + 'keystone': 'git://github.com/openstack/puppet-keystone.git' 'mysql': 'git://github.com/puppetlabs/puppetlabs-mysql.git' - 'openstacklib': 'git://github.com/stackforge/puppet-openstacklib.git' + 'openstacklib': 'git://github.com/openstack/puppet-openstacklib.git' 'postgresql': 'git://github.com/puppetlabs/puppet-postgresql.git' 'qpid': 'git://github.com/dprince/puppet-qpid.git' 'rabbitmq': diff --git a/cinder/.gitignore b/cinder/.gitignore index cf70f8d19..4dd84f06e 100644 --- a/cinder/.gitignore +++ b/cinder/.gitignore @@ -1,6 +1,10 @@ +pkg/ Gemfile.lock -spec/fixtures/modules/* -spec/fixtures/manifests/site.pp -*.swp -pkg vendor/ +spec/fixtures/ +.vagrant/ +.bundle/ +coverage/ +.idea/ +*.swp +*.iml diff --git a/cinder/Gemfile b/cinder/Gemfile index 77f6ac87f..6d4ce9a07 100644 --- a/cinder/Gemfile +++ b/cinder/Gemfile @@ -1,24 +1,30 @@ -source 'https://rubygems.org' +source ENV['GEM_SOURCE'] || "https://rubygems.org" group :development, :test do - gem 'puppetlabs_spec_helper', :require => false - gem 'rspec-puppet', '~> 2.1.0', :require => false + gem 'puppetlabs_spec_helper', :require => 'false' + gem 'rspec-puppet', '~> 2.2.0', :require => 'false' + gem 'metadata-json-lint', :require => 'false' + gem 'puppet-lint-param-docs', :require => 'false' + gem 'puppet-lint-absolute_classname-check', :require => 'false' + gem 'puppet-lint-absolute_template_path', :require => 'false' + gem 'puppet-lint-trailing_newline-check', :require => 'false' + gem 'puppet-lint-unquoted_string-check', :require => 'false' + gem 'puppet-lint-leading_zero-check', :require => 'false' + gem 'puppet-lint-variable_contains_upcase', :require => 'false' + gem 'puppet-lint-numericvariable', :require => 'false' + gem 'json', :require => 'false' + gem 'webmock', :require => 'false' +end - gem 'puppet-lint', '~> 1.1' - gem 'puppet-lint-param-docs', '1.1.0' - gem 'puppet-lint-absolute_classname-check' - gem 'puppet-lint-absolute_template_path' - gem 'puppet-lint-trailing_newline-check' - # Puppet 4.x related lint checks - gem 'puppet-lint-unquoted_string-check' - gem 'puppet-lint-leading_zero-check' - gem 'puppet-lint-variable_contains_upcase' - gem 'puppet-lint-numericvariable' +group :system_tests do + gem 'beaker-rspec', :require => 'false' + gem 'beaker-puppet_install_helper', :require => 'false' +end - gem 'beaker-rspec', :require => false - gem 'beaker-puppet_install_helper', :require => false - gem 'json' - gem 'webmock' +if facterversion = ENV['FACTER_GEM_VERSION'] + gem 'facter', facterversion, :require => false +else + gem 'facter', :require => false end if puppetversion = ENV['PUPPET_GEM_VERSION'] diff --git a/cinder/README.md b/cinder/README.md index d96970ea6..559bebbc3 100644 --- a/cinder/README.md +++ b/cinder/README.md @@ -157,6 +157,36 @@ Implementation cinder is a combination of Puppet manifest and ruby code to delivery configuration and extra functionality through types and providers. +### Types + +#### cinder_config + +The `cinder_config` provider is a children of the ini_setting provider. It allows one to write an entry in the `/etc/cinder/cinder.conf` file. + +```puppet +cinder_config { 'DEFAULT/verbose' : + value => true, +} +``` + +This will write `verbose=true` in the `[DEFAULT]` section. + +##### name + +Section/setting name to manage from `cinder.conf` + +##### value + +The value of the setting to be defined. + +##### secret + +Whether to hide the value from Puppet logs. Defaults to `false`. + +##### ensure_absent_val + +If value is equal to ensure_absent_val then the resource will behave as if `ensure => absent` was specified. Defaults to `` + Limitations ------------ diff --git a/cinder/Rakefile b/cinder/Rakefile index 4c2b2ed07..bc08f437c 100644 --- a/cinder/Rakefile +++ b/cinder/Rakefile @@ -1,6 +1,21 @@ require 'puppetlabs_spec_helper/rake_tasks' require 'puppet-lint/tasks/puppet-lint' +require 'puppet-syntax/tasks/puppet-syntax' -PuppetLint.configuration.fail_on_warnings = true -PuppetLint.configuration.send('disable_80chars') -PuppetLint.configuration.send('disable_class_parameter_defaults') +PuppetSyntax.exclude_paths ||= [] +PuppetSyntax.exclude_paths << "spec/fixtures/**/*" +PuppetSyntax.exclude_paths << "pkg/**/*" +PuppetSyntax.exclude_paths << "vendor/**/*" + +Rake::Task[:lint].clear +PuppetLint::RakeTask.new :lint do |config| + config.ignore_paths = ["spec/**/*.pp", "vendor/**/*.pp"] + config.fail_on_warnings = true + config.log_format = '%{path}:%{linenumber}:%{KIND}: %{message}' + config.disable_checks = ["80chars", "class_inherits_from_params_class", "class_parameter_defaults", "only_variable_string"] +end + +desc "Run acceptance tests" +RSpec::Core::RakeTask.new(:acceptance) do |t| + t.pattern = 'spec/acceptance' +end diff --git a/cinder/lib/puppet/provider/cinder_config/ini_setting.rb b/cinder/lib/puppet/provider/cinder_config/ini_setting.rb index 6dcd95597..749fb16ed 100644 --- a/cinder/lib/puppet/provider/cinder_config/ini_setting.rb +++ b/cinder/lib/puppet/provider/cinder_config/ini_setting.rb @@ -1,27 +1,10 @@ Puppet::Type.type(:cinder_config).provide( :ini_setting, - :parent => Puppet::Type.type(:ini_setting).provider(:ruby) + :parent => Puppet::Type.type(:openstack_config).provider(:ini_setting) ) do - def section - resource[:name].split('/', 2).first - end - - def setting - resource[:name].split('/', 2).last - end - - def separator - '=' - end - def self.file_path '/etc/cinder/cinder.conf' end - # added for backwards compatibility with older versions of inifile - def file_path - self.class.file_path - end - end diff --git a/cinder/lib/puppet/type/cinder_api_paste_ini.rb b/cinder/lib/puppet/type/cinder_api_paste_ini.rb index d895b4a3c..c923389f5 100644 --- a/cinder/lib/puppet/type/cinder_api_paste_ini.rb +++ b/cinder/lib/puppet/type/cinder_api_paste_ini.rb @@ -39,4 +39,9 @@ def should_to_s( newvalue ) defaultto false end + + autorequire(:package) do + 'cinder' + end + end diff --git a/cinder/lib/puppet/type/cinder_config.rb b/cinder/lib/puppet/type/cinder_config.rb index 62d38256b..3eb3a1f93 100644 --- a/cinder/lib/puppet/type/cinder_config.rb +++ b/cinder/lib/puppet/type/cinder_config.rb @@ -3,7 +3,7 @@ ensurable newparam(:name, :namevar => true) do - desc 'Section/setting name to manage from /etc/cinder/cinder.conf' + desc 'Section/setting name to manage from cinder.conf' newvalues(/\S+\/\S+/) end @@ -14,6 +14,7 @@ value.capitalize! if value =~ /^(true|false)$/i value end + newvalues(/^[\S ]*$/) def is_to_s( currentvalue ) if resource.secret? @@ -39,4 +40,14 @@ def should_to_s( newvalue ) defaultto false end + + newparam(:ensure_absent_val) do + desc 'A value that is specified as the value property will behave as if ensure => absent was specified' + defaultto('') + end + + autorequire(:package) do + 'cinder' + end + end diff --git a/cinder/manifests/api.pp b/cinder/manifests/api.pp index 2ff12b256..08a9ef994 100644 --- a/cinder/manifests/api.pp +++ b/cinder/manifests/api.pp @@ -161,8 +161,6 @@ if $::cinder::params::api_package { Package['cinder-api'] -> Class['cinder::policy'] - Package['cinder-api'] -> Cinder_config<||> - Package['cinder-api'] -> Cinder_api_paste_ini<||> Package['cinder-api'] -> Service['cinder-api'] Package['cinder-api'] ~> Exec<| title == 'cinder-manage db_sync' |> package { 'cinder-api': @@ -173,17 +171,7 @@ } if $sync_db { - Cinder_config<||> ~> Exec['cinder-manage db_sync'] - - exec { 'cinder-manage db_sync': - command => $::cinder::params::db_sync_command, - path => '/usr/bin', - user => 'cinder', - refreshonly => true, - logoutput => 'on_failure', - subscribe => Package['cinder'], - before => Service['cinder-api'], - } + include ::cinder::db::sync } if $enabled { diff --git a/cinder/manifests/backend/rbd.pp b/cinder/manifests/backend/rbd.pp index 444f99846..d6fcf3865 100644 --- a/cinder/manifests/backend/rbd.pp +++ b/cinder/manifests/backend/rbd.pp @@ -66,6 +66,7 @@ "${name}/rbd_pool": value => $rbd_pool; "${name}/rbd_max_clone_depth": value => $rbd_max_clone_depth; "${name}/rbd_flatten_volume_from_snapshot": value => $rbd_flatten_volume_from_snapshot; + "${name}/host": value => "rbd:${rbd_pool}"; } if $rbd_secret_uuid { diff --git a/cinder/manifests/backend/vmdk.pp b/cinder/manifests/backend/vmdk.pp index b86ed2a0b..5b5205488 100644 --- a/cinder/manifests/backend/vmdk.pp +++ b/cinder/manifests/backend/vmdk.pp @@ -80,6 +80,7 @@ "${name}/vmware_max_object_retrieval": value => $max_object_retrieval; "${name}/vmware_task_poll_interval": value => $task_poll_interval; "${name}/vmware_image_transfer_timeout_secs": value => $image_transfer_timeout_secs; + "${name}/host": value => "vmdk:${host_ip}-${volume_folder}"; } if $wsdl_location { diff --git a/cinder/manifests/backup.pp b/cinder/manifests/backup.pp index 12bd7bf89..50dd0b9eb 100644 --- a/cinder/manifests/backup.pp +++ b/cinder/manifests/backup.pp @@ -64,7 +64,6 @@ Exec<| title == 'cinder-manage db_sync' |> ~> Service['cinder-backup'] if $::cinder::params::backup_package { - Package['cinder-backup'] -> Cinder_config<||> Package['cinder-backup'] -> Service['cinder-backup'] Package['cinder-backup'] ~> Exec<| title == 'cinder-manage db_sync' |> package { 'cinder-backup': diff --git a/cinder/manifests/cron/db_purge.pp b/cinder/manifests/cron/db_purge.pp new file mode 100644 index 000000000..559f7848e --- /dev/null +++ b/cinder/manifests/cron/db_purge.pp @@ -0,0 +1,76 @@ +# +# Copyright (C) 2015 Red Hat Inc. +# +# Author: Martin Magr +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: cinder::cron::db_purge +# +# Move deleted instances to another table that you don't have to backup +# unless you have data retention policies. +# +# === Parameters +# +# [*minute*] +# (optional) Defaults to '1'. +# +# [*hour*] +# (optional) Defaults to '0'. +# +# [*monthday*] +# (optional) Defaults to '*'. +# +# [*month*] +# (optional) Defaults to '*'. +# +# [*weekday*] +# (optional) Defaults to '*'. +# +# [*user*] +# (optional) User with access to cinder files. +# Defaults to 'cinder'. +# +# [*age*] +# (optional) Number of days prior to today for deletion, +# e.g. value 60 means to purge deleted rows that have the "deleted_at" +# column greater than 60 days ago. +# Defaults to 30 +# +# [*destination*] +# (optional) Path to file to which rows should be archived +# Defaults to '/var/log/cinder/cinder-rowsflush.log'. +# +class cinder::cron::db_purge ( + $minute = 1, + $hour = 0, + $monthday = '*', + $month = '*', + $weekday = '*', + $user = 'cinder', + $age = 30, + $destination = '/var/log/cinder/cinder-rowsflush.log' +) { + + cron { 'cinder-manage db purge': + command => "cinder-manage db purge ${age} >>${destination} 2>&1", + environment => 'PATH=/bin:/usr/bin:/usr/sbin SHELL=/bin/sh', + user => $user, + minute => $minute, + hour => $hour, + monthday => $monthday, + month => $month, + weekday => $weekday, + require => Package['cinder'], + } +} diff --git a/cinder/manifests/db/sync.pp b/cinder/manifests/db/sync.pp index e9fff1428..586442431 100644 --- a/cinder/manifests/db/sync.pp +++ b/cinder/manifests/db/sync.pp @@ -1,14 +1,22 @@ # +# Class to execute cinder dbsync +# class cinder::db::sync { include ::cinder::params + Package <| tag == 'cinder-package' |> ~> Exec['cinder-manage db_sync'] + Exec['cinder-manage db_sync'] ~> Service <| tag == 'cinder-service' |> + + Cinder_config <||> ~> Exec['cinder-manage db_sync'] + Cinder_config <| title == 'database/connection' |> ~> Exec['cinder-manage db_sync'] + exec { 'cinder-manage db_sync': command => $::cinder::params::db_sync_command, path => '/usr/bin', user => 'cinder', refreshonly => true, - require => Class['cinder'], logoutput => 'on_failure', } + } diff --git a/cinder/manifests/init.pp b/cinder/manifests/init.pp index 8f8209be4..518d3b530 100644 --- a/cinder/manifests/init.pp +++ b/cinder/manifests/init.pp @@ -173,6 +173,10 @@ # Use syslog for logging. # (Optional) Defaults to false. # +# [*use_stderr*] +# (optional) Use stderr for logging +# Defaults to true +# # [*log_facility*] # Syslog facility to receive log lines. # (Optional) Defaults to LOG_USER. @@ -221,6 +225,11 @@ # (Optional) Whether to enable the v1 API (true/false). # Defaults to 'true'. # +# [*lock_path*] +# (optional) Where to store lock files. This directory must be writeable +# by the user executing the agent +# Defaults to: $::cinder::params::lock_path +# # === Deprecated Parameters # # [*mysql_module*] @@ -271,6 +280,7 @@ $key_file = false, $api_paste_config = '/etc/cinder/api-paste.ini', $use_syslog = false, + $use_stderr = true, $log_facility = 'LOG_USER', $log_dir = '/var/log/cinder', $verbose = false, @@ -279,15 +289,13 @@ $default_availability_zone = false, $enable_v1_api = true, $enable_v2_api = true, + $lock_path = $::cinder::params::lock_path, # DEPRECATED PARAMETERS $mysql_module = undef, ) { include ::cinder::params - Package['cinder'] -> Cinder_config<||> - Package['cinder'] -> Cinder_api_paste_ini<||> - if $mysql_module { warning('The mysql_module parameter is deprecated. The latest 2.x mysql module will be used.') } @@ -424,6 +432,7 @@ 'database/retry_interval': value => $database_retry_interval; 'DEFAULT/verbose': value => $verbose; 'DEFAULT/debug': value => $debug; + 'DEFAULT/use_stderr': value => $use_stderr; 'DEFAULT/api_paste_config': value => $api_paste_config; 'DEFAULT/rpc_backend': value => $rpc_backend; 'DEFAULT/storage_availability_zone': value => $storage_availability_zone; @@ -509,6 +518,7 @@ cinder_config { 'DEFAULT/enable_v1_api': value => $enable_v1_api; 'DEFAULT/enable_v2_api': value => $enable_v2_api; + 'DEFAULT/lock_path': value => $lock_path; } } diff --git a/cinder/manifests/params.pp b/cinder/manifests/params.pp index 6ee7dd996..1052352bd 100644 --- a/cinder/manifests/params.pp +++ b/cinder/manifests/params.pp @@ -19,6 +19,7 @@ $ceph_init_override = '/etc/init/cinder-volume.override' $iscsi_helper = 'tgtadm' $lio_package_name = 'targetcli' + $lock_path = '/var/lock/cinder' } elsif($::osfamily == 'RedHat') { @@ -37,6 +38,7 @@ $tgt_service_name = 'tgtd' $ceph_init_override = '/etc/sysconfig/openstack-cinder-volume' $lio_package_name = 'targetcli' + $lock_path = '/var/lib/cinder/tmp' case $::operatingsystem { 'RedHat', 'CentOS', 'Scientific', 'OracleLinux': { diff --git a/cinder/manifests/scheduler.pp b/cinder/manifests/scheduler.pp index aed0d4972..f72969d2c 100644 --- a/cinder/manifests/scheduler.pp +++ b/cinder/manifests/scheduler.pp @@ -45,8 +45,6 @@ } if $::cinder::params::scheduler_package { - Package['cinder-scheduler'] -> Cinder_config<||> - Package['cinder-scheduler'] -> Cinder_api_paste_ini<||> Package['cinder-scheduler'] -> Service['cinder-scheduler'] package { 'cinder-scheduler': ensure => $package_ensure, diff --git a/cinder/manifests/setup_test_volume.pp b/cinder/manifests/setup_test_volume.pp index e747e101b..b710e8f01 100644 --- a/cinder/manifests/setup_test_volume.pp +++ b/cinder/manifests/setup_test_volume.pp @@ -41,6 +41,7 @@ exec { "losetup ${loopback_device} ${volume_path}/${volume_name}": path => ['/bin','/usr/bin','/sbin','/usr/sbin'], + unless => "losetup ${loopback_device}", refreshonly => true, } ~> @@ -52,6 +53,7 @@ exec { "vgcreate ${volume_name} ${loopback_device}": path => ['/bin','/usr/bin','/sbin','/usr/sbin'], + unless => "vgdisplay | grep ${volume_name}", refreshonly => true, } diff --git a/cinder/manifests/volume.pp b/cinder/manifests/volume.pp index 207c3fe81..cb6fd65ea 100644 --- a/cinder/manifests/volume.pp +++ b/cinder/manifests/volume.pp @@ -27,8 +27,6 @@ Exec<| title == 'cinder-manage db_sync' |> ~> Service['cinder-volume'] if $::cinder::params::volume_package { - Package['cinder-volume'] -> Cinder_config<||> - Package['cinder-volume'] -> Cinder_api_paste_ini<||> Package['cinder'] -> Package['cinder-volume'] Package['cinder-volume'] -> Service['cinder-volume'] package { 'cinder-volume': diff --git a/cinder/spec/acceptance/basic_cinder_spec.rb b/cinder/spec/acceptance/basic_cinder_spec.rb index f12c9e03d..8f94a605e 100644 --- a/cinder/spec/acceptance/basic_cinder_spec.rb +++ b/cinder/spec/acceptance/basic_cinder_spec.rb @@ -12,15 +12,29 @@ case $::osfamily { 'Debian': { include ::apt - class { '::openstack_extras::repo::debian::ubuntu': - release => 'kilo', - package_require => true, + apt::ppa { 'ppa:ubuntu-cloud-archive/liberty-staging': + # it's false by default in 2.x series but true in 1.8.x + package_manage => false, } + Exec['apt_update'] -> Package<||> $package_provider = 'apt' } 'RedHat': { class { '::openstack_extras::repo::redhat::redhat': - release => 'kilo', + manage_rdo => false, + repo_hash => { + # we need kilo repo to be installed for dependencies + 'rdo-kilo' => { + 'baseurl' => 'https://repos.fedorapeople.org/repos/openstack/openstack-kilo/el7/', + 'descr' => 'RDO kilo', + 'gpgcheck' => 'no', + }, + 'rdo-liberty' => { + 'baseurl' => 'http://trunk.rdoproject.org/centos7/current/', + 'descr' => 'RDO trunk', + 'gpgcheck' => 'no', + }, + }, } package { 'openstack-selinux': ensure => 'latest' } $package_provider = 'yum' @@ -83,6 +97,8 @@ class { '::cinder': rabbit_userid => 'cinder', rabbit_password => 'an_even_bigger_secret', rabbit_host => '127.0.0.1', + debug => true, + verbose => true, } class { '::cinder::keystone::auth': password => 'a_big_secret', @@ -102,6 +118,7 @@ class { '::cinder::quota': } class { '::cinder::scheduler': } class { '::cinder::scheduler::filter': } class { '::cinder::volume': } + class { '::cinder::cron::db_purge': } # TODO: create a backend and spawn a volume EOS @@ -115,5 +132,10 @@ class { '::cinder::volume': } it { is_expected.to be_listening.with('tcp') } end + describe cron do + it { is_expected.to have_entry('1 0 * * * cinder-manage db purge 30 >>/var/log/cinder/cinder-rowsflush.log 2>&1').with_user('cinder') } + end + + end end diff --git a/cinder/spec/acceptance/nodesets/centos-70-x64.yml b/cinder/spec/acceptance/nodesets/centos-70-x64.yml new file mode 100644 index 000000000..5f097e9fe --- /dev/null +++ b/cinder/spec/acceptance/nodesets/centos-70-x64.yml @@ -0,0 +1,11 @@ +HOSTS: + centos-server-70-x64: + roles: + - master + platform: el-7-x86_64 + box: puppetlabs/centos-7.0-64-nocm + box_url: https://vagrantcloud.com/puppetlabs/centos-7.0-64-nocm + hypervisor: vagrant +CONFIG: + log_level: debug + type: foss diff --git a/cinder/spec/acceptance/nodesets/default.yml b/cinder/spec/acceptance/nodesets/default.yml index a2c1ecc63..486b6a34e 100644 --- a/cinder/spec/acceptance/nodesets/default.yml +++ b/cinder/spec/acceptance/nodesets/default.yml @@ -1,9 +1,10 @@ HOSTS: - ubuntu-14.04-amd64: + ubuntu-server-14.04-amd64: roles: - master platform: ubuntu-14.04-amd64 - hypervisor : none - ip: 127.0.0.1 + box: puppetlabs/ubuntu-14.04-64-nocm + box_url: https://vagrantcloud.com/puppetlabs/ubuntu-14.04-64-nocm + hypervisor: vagrant CONFIG: type: foss diff --git a/cinder/spec/acceptance/nodesets/nodepool-centos7.yml b/cinder/spec/acceptance/nodesets/nodepool-centos7.yml index 575ae6732..c55287420 100644 --- a/cinder/spec/acceptance/nodesets/nodepool-centos7.yml +++ b/cinder/spec/acceptance/nodesets/nodepool-centos7.yml @@ -3,7 +3,7 @@ HOSTS: roles: - master platform: el-7-x86_64 - hypervisor : none + hypervisor: none ip: 127.0.0.1 CONFIG: type: foss diff --git a/cinder/spec/acceptance/nodesets/nodepool-trusty.yml b/cinder/spec/acceptance/nodesets/nodepool-trusty.yml index a95d9f38d..9fc624e24 100644 --- a/cinder/spec/acceptance/nodesets/nodepool-trusty.yml +++ b/cinder/spec/acceptance/nodesets/nodepool-trusty.yml @@ -3,7 +3,7 @@ HOSTS: roles: - master platform: ubuntu-14.04-amd64 - hypervisor : none + hypervisor: none ip: 127.0.0.1 CONFIG: type: foss diff --git a/cinder/spec/acceptance/nodesets/ubuntu-server-1404-x64.yml b/cinder/spec/acceptance/nodesets/ubuntu-server-1404-x64.yml new file mode 100644 index 000000000..8001929b2 --- /dev/null +++ b/cinder/spec/acceptance/nodesets/ubuntu-server-1404-x64.yml @@ -0,0 +1,11 @@ +HOSTS: + ubuntu-server-14.04-amd64: + roles: + - master + platform: ubuntu-14.04-amd64 + box: puppetlabs/ubuntu-14.04-64-nocm + box_url: https://vagrantcloud.com/puppetlabs/ubuntu-14.04-64-nocm + hypervisor: vagrant +CONFIG: + log_level: debug + type: foss diff --git a/cinder/spec/classes/cinder_api_spec.rb b/cinder/spec/classes/cinder_api_spec.rb index 8a1f324fe..5db81d3ce 100644 --- a/cinder/spec/classes/cinder_api_spec.rb +++ b/cinder/spec/classes/cinder_api_spec.rb @@ -126,7 +126,7 @@ :sync_db => false, } end - it { is_expected.not_to contain_exec('cinder-manage db_sync') } + it { is_expected.not_to contain_class('cinder::db::sync') } end [ '/keystone', '/keystone/admin' ].each do |keystone_auth_admin_prefix| @@ -183,8 +183,8 @@ it 'should stop the service' do is_expected.to contain_service('cinder-api').with_ensure('stopped') end - it 'should contain db_sync exec' do - is_expected.to contain_exec('cinder-manage db_sync') + it 'includes cinder::db::sync' do + is_expected.to contain_class('cinder::db::sync') end end @@ -195,8 +195,8 @@ it 'should not change the state of the service' do is_expected.to contain_service('cinder-api').without_ensure end - it 'should contain db_sync exec' do - is_expected.to contain_exec('cinder-manage db_sync') + it 'includes cinder::db::sync' do + is_expected.to contain_class('cinder::db::sync') end end diff --git a/cinder/spec/classes/cinder_backup_spec.rb b/cinder/spec/classes/cinder_backup_spec.rb index c175751ad..7a12cc5f9 100644 --- a/cinder/spec/classes/cinder_backup_spec.rb +++ b/cinder/spec/classes/cinder_backup_spec.rb @@ -48,7 +48,6 @@ :ensure => 'present', :tag => ['openstack', 'cinder-package'], ) - is_expected.to contain_package('cinder-backup').with_before(/Cinder_config\[.+\]/) is_expected.to contain_package('cinder-backup').with_before(/Service\[cinder-backup\]/) end end diff --git a/cinder/spec/classes/cinder_cron_db_purge_spec.rb b/cinder/spec/classes/cinder_cron_db_purge_spec.rb new file mode 100644 index 000000000..f78e9a7bc --- /dev/null +++ b/cinder/spec/classes/cinder_cron_db_purge_spec.rb @@ -0,0 +1,33 @@ +require 'spec_helper' + +describe 'cinder::cron::db_purge' do + + let :facts do + { :osfamily => 'RedHat' } + end + + let :params do + { :minute => 1, + :hour => 0, + :monthday => '*', + :month => '*', + :weekday => '*', + :user => 'cinder', + :age => '30', + :destination => '/var/log/cinder/cinder-rowsflush.log' } + end + + it 'configures a cron' do + is_expected.to contain_cron('cinder-manage db purge').with( + :command => "cinder-manage db purge #{params[:age]} >>#{params[:destination]} 2>&1", + :environment => 'PATH=/bin:/usr/bin:/usr/sbin SHELL=/bin/sh', + :user => params[:user], + :minute => params[:minute], + :hour => params[:hour], + :monthday => params[:monthday], + :month => params[:month], + :weekday => params[:weekday], + :require => 'Package[cinder]', + ) + end +end diff --git a/cinder/spec/classes/cinder_db_sync_spec.rb b/cinder/spec/classes/cinder_db_sync_spec.rb index f45350f11..98761d4ad 100644 --- a/cinder/spec/classes/cinder_db_sync_spec.rb +++ b/cinder/spec/classes/cinder_db_sync_spec.rb @@ -2,15 +2,43 @@ describe 'cinder::db::sync' do - let :facts do - {:osfamily => 'Debian'} + shared_examples_for 'cinder-dbsync' do + + it 'runs cinder-manage db_sync' do + is_expected.to contain_exec('cinder-manage db_sync').with( + :command => 'cinder-manage db sync', + :user => 'cinder', + :path => '/usr/bin', + :refreshonly => 'true', + :logoutput => 'on_failure' + ) + end + + end + + context 'on a RedHat osfamily' do + let :facts do + { + :osfamily => 'RedHat', + :operatingsystemrelease => '7.0', + :concat_basedir => '/var/lib/puppet/concat' + } + end + + it_configures 'cinder-dbsync' + end + + context 'on a Debian osfamily' do + let :facts do + { + :operatingsystemrelease => '7.8', + :operatingsystem => 'Debian', + :osfamily => 'Debian', + :concat_basedir => '/var/lib/puppet/concat' + } + end + + it_configures 'cinder-dbsync' end - it { is_expected.to contain_exec('cinder-manage db_sync').with( - :command => 'cinder-manage db sync', - :path => '/usr/bin', - :user => 'cinder', - :refreshonly => true, - :logoutput => 'on_failure' - ) } end diff --git a/cinder/spec/classes/cinder_scheduler_spec.rb b/cinder/spec/classes/cinder_scheduler_spec.rb index f0290ce46..d4505741c 100644 --- a/cinder/spec/classes/cinder_scheduler_spec.rb +++ b/cinder/spec/classes/cinder_scheduler_spec.rb @@ -16,7 +16,7 @@ it { is_expected.to contain_package('cinder-scheduler').with( :name => 'cinder-scheduler', :ensure => 'present', - :before => ['Cinder_config[DEFAULT/scheduler_driver]','Service[cinder-scheduler]'], + :before => ['Service[cinder-scheduler]'], :tag => ['openstack', 'cinder-package'], ) } diff --git a/cinder/spec/classes/cinder_spec.rb b/cinder/spec/classes/cinder_spec.rb index fe465053f..4f2af3769 100644 --- a/cinder/spec/classes/cinder_spec.rb +++ b/cinder/spec/classes/cinder_spec.rb @@ -1,7 +1,11 @@ require 'spec_helper' describe 'cinder' do let :req_params do - {:rabbit_password => 'guest', :database_connection => 'mysql://user:password@host/database'} + { + :rabbit_password => 'guest', + :database_connection => 'mysql://user:password@host/database', + :lock_path => '/var/lock/cinder', + } end let :facts do @@ -37,10 +41,12 @@ is_expected.to contain_cinder_config('database/max_overflow').with_ensure('absent') is_expected.to contain_cinder_config('DEFAULT/verbose').with(:value => false) is_expected.to contain_cinder_config('DEFAULT/debug').with(:value => false) + is_expected.to contain_cinder_config('DEFAULT/use_stderr').with(:value => true) is_expected.to contain_cinder_config('DEFAULT/storage_availability_zone').with(:value => 'nova') is_expected.to contain_cinder_config('DEFAULT/default_availability_zone').with(:value => 'nova') is_expected.to contain_cinder_config('DEFAULT/api_paste_config').with(:value => '/etc/cinder/api-paste.ini') is_expected.to contain_cinder_config('DEFAULT/log_dir').with(:value => '/var/log/cinder') + is_expected.to contain_cinder_config('DEFAULT/lock_path').with(:value => '/var/lock/cinder') end end @@ -238,6 +244,11 @@ it { is_expected.to contain_cinder_config('DEFAULT/log_dir').with_ensure('absent') } end + describe 'with different lock_path' do + let(:params) { req_params.merge!({:lock_path => '/var/run/cinder.locks'}) } + it { is_expected.to contain_cinder_config('DEFAULT/lock_path').with_value('/var/run/cinder.locks') } + end + describe 'with amqp_durable_queues disabled' do let :params do req_params diff --git a/cinder/spec/classes/cinder_volume_rbd_spec.rb b/cinder/spec/classes/cinder_volume_rbd_spec.rb index 3296c027a..2a70b8f1d 100644 --- a/cinder/spec/classes/cinder_volume_rbd_spec.rb +++ b/cinder/spec/classes/cinder_volume_rbd_spec.rb @@ -9,7 +9,7 @@ :rbd_ceph_conf => '/foo/boo/zoo/ceph.conf', :rbd_flatten_volume_from_snapshot => true, :volume_tmp_dir => '/foo/tmp', - :rbd_max_clone_depth => '0' + :rbd_max_clone_depth => '0', } end @@ -34,6 +34,7 @@ is_expected.to contain_cinder_config('DEFAULT/rbd_pool').with_value(req_params[:rbd_pool]) is_expected.to contain_cinder_config('DEFAULT/rbd_user').with_value(req_params[:rbd_user]) is_expected.to contain_cinder_config('DEFAULT/rbd_secret_uuid').with_value(req_params[:rbd_secret_uuid]) + is_expected.to contain_cinder_config('DEFAULT/host').with_value('rbd:'"#{req_params[:rbd_pool]}") is_expected.to contain_file('/etc/init/cinder-volume.override').with(:ensure => 'present') is_expected.to contain_file_line('set initscript env').with( :line => /env CEPH_ARGS=\"--id test\"/, diff --git a/cinder/spec/defines/cinder_backend_vmdk_spec.rb b/cinder/spec/defines/cinder_backend_vmdk_spec.rb index 4356f50d9..317af91c7 100644 --- a/cinder/spec/defines/cinder_backend_vmdk_spec.rb +++ b/cinder/spec/defines/cinder_backend_vmdk_spec.rb @@ -54,6 +54,7 @@ is_expected.to contain_cinder_config('hippo/vmware_task_poll_interval').with_value(params[:task_poll_interval]) is_expected.to contain_cinder_config('hippo/vmware_image_transfer_timeout_secs').with_value(params[:image_transfer_timeout_secs]) is_expected.to contain_cinder_config('hippo/vmware_wsdl_location').with_value(params[:wsdl_location]) + is_expected.to contain_cinder_config('hippo/host').with_value("vmdk:#{params[:host_ip]}-#{params[:volume_folder]}") end end diff --git a/cinder/spec/spec_helper.rb b/cinder/spec/spec_helper.rb index 53d4dd02d..3df4cede1 100644 --- a/cinder/spec/spec_helper.rb +++ b/cinder/spec/spec_helper.rb @@ -1,7 +1,10 @@ require 'puppetlabs_spec_helper/module_spec_helper' require 'shared_examples' +require 'webmock/rspec' RSpec.configure do |c| c.alias_it_should_behave_like_to :it_configures, 'configures' c.alias_it_should_behave_like_to :it_raises, 'raises' end + +at_exit { RSpec::Puppet::Coverage.report! } diff --git a/cinder/spec/unit/provider/cinder_config/ini_setting_spec.rb b/cinder/spec/unit/provider/cinder_config/ini_setting_spec.rb new file mode 100644 index 000000000..b4ebf99d7 --- /dev/null +++ b/cinder/spec/unit/provider/cinder_config/ini_setting_spec.rb @@ -0,0 +1,72 @@ +$LOAD_PATH.push( + File.join( + File.dirname(__FILE__), + '..', + '..', + '..', + 'fixtures', + 'modules', + 'inifile', + 'lib') +) +$LOAD_PATH.push( + File.join( + File.dirname(__FILE__), + '..', + '..', + '..', + 'fixtures', + 'modules', + 'openstacklib', + 'lib') +) + +require 'spec_helper' + +provider_class = Puppet::Type.type(:cinder_config).provider(:ini_setting) + +describe provider_class do + + it 'should default to the default setting when no other one is specified' do + resource = Puppet::Type::Cinder_config.new( + { + :name => 'DEFAULT/foo', + :value => 'bar' + } + ) + provider = provider_class.new(resource) + expect(provider.section).to eq('DEFAULT') + expect(provider.setting).to eq('foo') + end + + it 'should allow setting to be set explicitly' do + resource = Puppet::Type::Cinder_config.new( + { + :name => 'dude/foo', + :value => 'bar' + } + ) + provider = provider_class.new(resource) + expect(provider.section).to eq('dude') + expect(provider.setting).to eq('foo') + end + + it 'should ensure absent when is specified as a value' do + resource = Puppet::Type::Cinder_config.new( + {:name => 'dude/foo', :value => ''} + ) + provider = provider_class.new(resource) + provider.exists? + expect(resource[:ensure]).to eq :absent + end + + it 'should ensure absent when value matches ensure_absent_val' do + resource = Puppet::Type::Cinder_config.new( + {:name => 'dude/foo', :value => 'foo', :ensure_absent_val => 'foo' } + ) + provider = provider_class.new(resource) + provider.exists? + expect(resource[:ensure]).to eq :absent + end + +end diff --git a/cinder/spec/unit/type/cinder_config_spec.rb b/cinder/spec/unit/type/cinder_config_spec.rb new file mode 100644 index 000000000..615898905 --- /dev/null +++ b/cinder/spec/unit/type/cinder_config_spec.rb @@ -0,0 +1,19 @@ +require 'puppet' +require 'puppet/type/cinder_config' + +describe 'Puppet::Type.type(:cinder_config)' do + before :each do + @cinder_config = Puppet::Type.type(:cinder_config).new(:name => 'DEFAULT/foo', :value => 'bar') + end + + it 'should autorequire the package that install the file' do + catalog = Puppet::Resource::Catalog.new + package = Puppet::Type.type(:package).new(:name => 'cinder') + catalog.add_resource package, @cinder_config + dependency = @cinder_config.autorequire + expect(dependency.size).to eq(1) + expect(dependency[0].target).to eq(@cinder_config) + expect(dependency[0].source).to eq(package) + end + +end diff --git a/firewall/CHANGELOG.md b/firewall/CHANGELOG.md index 974262fb6..7de1bb151 100644 --- a/firewall/CHANGELOG.md +++ b/firewall/CHANGELOG.md @@ -1,3 +1,36 @@ +##2015-08-25 - Supported Release 1.7.1 +###Summary + +This is a bugfix release to deprecate the port parameter. Using the unspecific 'port' parameter can lead to firewall rules that are unexpectedly too lax. It is recommended to always use the specific dport and sport parameters to avoid this ambiguity. + +####Bugfixes +- Deprecate the port parameter + +##2015-07-28 - Supported Release 1.7.0 +###Summary + +This release includes numerous features, bugfixes and other improvements including Puppet 4 & PE 2015.2 support as well as ClusterIP and DSCP jump target support. + +####Features +- Puppet 4 and PE 2015.2 official support +- ClusterIP jump target (including options) now supported +- DSCP jump target (including options) now supported +- SLES 10 now compatible (but not supported) + +####Bugfixes +- (MODULES-1967) Parse escape sequences from iptables +- (MODULES-1592) Allow src_type and dst_type prefixed with '!' to pass validation +- (MODULES-2186) - iptables rules with -A in comment now supported +- (MODULES-1976) Revise rule name validation for ruby 1.9 +- Fix installation hang on Debian Jessie +- Fix for physdev idempotency on EL5 + +####Improvements +- Documentation improvements +- Enforce the seluser on selinux systems +- All the relevent services are now autorequired by the firewall and firewallchain types +- Replace Facter.fact().value() calls with Facter.value() to support Facter 3 + ##2015-05-19 - Supported Release 1.6.0 ###Summary diff --git a/firewall/README.markdown b/firewall/README.markdown index 5132d2582..0a0807f23 100644 --- a/firewall/README.markdown +++ b/firewall/README.markdown @@ -132,11 +132,9 @@ Rules are persisted automatically between reboots, although there are known issu 1.) In site.pp or another top-scope file, add the following code to set up a metatype to purge unmanaged firewall resources. This will clear any existing rules and make sure that only rules defined in Puppet exist on the machine. - **Note** - This only purges IPv4 rules. - ~~~puppet resources { 'firewall': - purge => true + purge => true, } ~~~ @@ -144,7 +142,7 @@ Rules are persisted automatically between reboots, although there are known issu ~~~puppet resources { 'firewallchain': - purge => true + purge => true, } ~~~ @@ -198,17 +196,17 @@ In iptables, the title of the rule is stored using the comment feature of the un Basic accept ICMP request example: ~~~puppet -firewall { "000 accept all icmp requests": - proto => "icmp", - action => "accept", +firewall { '000 accept all icmp requests': + proto => 'icmp', + action => 'accept', } ~~~ Drop all: ~~~puppet -firewall { "999 drop all other requests": - action => "drop", +firewall { '999 drop all other requests': + action => 'drop', } ~~~ @@ -217,8 +215,8 @@ firewall { "999 drop all other requests": IPv6 rules can be specified using the _ip6tables_ provider: ~~~puppet -firewall { "006 Allow inbound SSH (v6)": - port => 22, +firewall { '006 Allow inbound SSH (v6)': + dport => 22, proto => tcp, action => accept, provider => 'ip6tables', @@ -242,7 +240,7 @@ class profile::apache { apache::vhost { 'mysite': ensure => present } firewall { '100 allow http and https access': - port => [80, 443], + dport => [80, 443], proto => tcp, action => accept, } @@ -279,7 +277,7 @@ You can apply firewall rules to specific nodes. Usually, you will want to put th ~~~puppet node 'some.node.com' { firewall { '111 open port 111': - dport => 111 + dport => 111, } } ~~~ @@ -291,7 +289,7 @@ firewall { '100 snat for network foo2': chain => 'POSTROUTING', jump => 'MASQUERADE', proto => 'all', - outiface => "eth0", + outiface => 'eth0', source => '10.1.2.0/24', table => 'nat', } @@ -576,7 +574,7 @@ If Puppet is managing the iptables or iptables-persistent packages, and the prov * `islastfrag`: If true, matches when the packet is the last fragment of a fragmented ipv6 packet. Supported by ipv6 only. Valid values are 'true', 'false'. Requires the `islastfrag`. -* `jump`: The value for the iptables `--jump` parameter. Any valid chain name is allowed, but normal values are: 'QUEUE', 'RETURN', 'DNAT', 'SNAT', 'LOG', 'MASQUERADE', 'REDIRECT', 'MARK', 'TCPMSS'. +* `jump`: The value for the iptables `--jump` parameter. Any valid chain name is allowed, but normal values are: 'QUEUE', 'RETURN', 'DNAT', 'SNAT', 'LOG', 'MASQUERADE', 'REDIRECT', 'MARK', 'TCPMSS', 'DSCP'. For the values 'ACCEPT', 'DROP', and 'REJECT', you must use the generic `action` parameter. This is to enforce the use of generic parameters where possible for maximum cross-platform modeling. @@ -623,7 +621,7 @@ firewall { '999 this runs last': * `pkttype`: Sets the packet type to match. Valid values are: 'unicast', 'broadcast', and'multicast'. Requires the `pkttype` feature. -* `port`: The destination or source port to match for this filter (if the protocol supports ports). Will accept a single element or an array. For some firewall providers you can pass a range of ports in the format: 'start number-end number'. For example, '1-1024' would cover ports 1 to 1024. +* `port`: *DEPRECATED* Using the unspecific 'port' parameter can lead to firewall rules that are unexpectedly too lax. It is recommended to always use the specific dport and sport parameters to avoid this ambiguity. The destination or source port to match for this filter (if the protocol supports ports). Will accept a single element or an array. For some firewall providers you can pass a range of ports in the format: 'start number-end number'. For example, '1-1024' would cover ports 1 to 1024. * `proto`: The specific protocol to match for this rule. This is 'tcp' by default. Valid values are: * 'tcp' @@ -689,6 +687,10 @@ firewall { '101 blacklist strange traffic': * `rttl`: May only be used in conjunction with `recent => 'rcheck'` or `recent => 'update'`. If boolean 'true', this will narrow the match to happen only when the address is in the list and the TTL of the current packet matches that of the packet that hit the `recent => 'set'` rule. If you have problems with DoS attacks via bogus packets from fake source addresses, this parameter may help. Valid values are 'true', 'false'. Requires the `recent_limiting` feature and the `recent` parameter. +* `set_dscp`: When combined with `jump => 'DSCP'` specifies the dscp marking associated with the packet. + +* `set_dscp_class`: When combined with `jump => 'DSCP'` specifies the class associated with the packet (valid values found here: http://www.cisco.com/c/en/us/support/docs/quality-of-service-qos/qos-packet-marking/10103-dscpvalues.html#packetclassification). + * `set_mark`: Set the Netfilter mark value associated with the packet. Accepts either 'mark/mask' or 'mark'. These will be converted to hex if they are not already. Requires the `mark` feature. * `set_mss`: When combined with `jump => 'TCPMSS'` specifies the value of the MSS field. @@ -812,7 +814,7 @@ firewallchain { 'INPUT:filter:IPv4': ~~~puppet resources { 'firewallchain': - purge => true + purge => true, } ~~~ diff --git a/firewall/lib/puppet/provider/firewall/ip6tables.rb b/firewall/lib/puppet/provider/firewall/ip6tables.rb index 2a05dcf69..51d0399d3 100644 --- a/firewall/lib/puppet/provider/firewall/ip6tables.rb +++ b/firewall/lib/puppet/provider/firewall/ip6tables.rb @@ -37,7 +37,7 @@ confine :kernel => :linux - ip6tables_version = Facter.fact('ip6tables_version').value + ip6tables_version = Facter.value('ip6tables_version') if (ip6tables_version and Puppet::Util::Package.versioncmp(ip6tables_version, '1.4.1') < 0) mark_flag = '--set-mark' else @@ -109,6 +109,8 @@ def self.iptables_save(*args) :rseconds => "--seconds", :rsource => "--rsource", :rttl => "--rttl", + :set_dscp => '--set-dscp', + :set_dscp_class => '--set-dscp-class', :set_mark => mark_flag, :set_mss => '--set-mss', :socket => "-m socket", @@ -218,7 +220,7 @@ def self.iptables_save(*args) :dst_type, :socket, :pkttype, :name, :ipsec_dir, :ipsec_policy, :state, :ctstate, :icmp, :hop_limit, :limit, :burst, :recent, :rseconds, :reap, :rhitcount, :rttl, :rname, :mask, :rsource, :rdest, :ipset, :jump, :clamp_mss_to_pmtu, :gateway, :todest, - :tosource, :toports, :checksum_fill, :log_level, :log_prefix, :reject, :set_mss, :mss, + :tosource, :toports, :checksum_fill, :log_level, :log_prefix, :reject, :set_mss, :set_dscp, :set_dscp_class, :mss, :set_mark, :match_mark, :connlimit_above, :connlimit_mask, :connmark, :time_start, :time_stop, :month_days, :week_days, :date_start, :date_stop, :time_contiguous, :kernel_timezone] end diff --git a/firewall/lib/puppet/provider/firewall/iptables.rb b/firewall/lib/puppet/provider/firewall/iptables.rb index 4bcf4c4fb..27c0b362e 100644 --- a/firewall/lib/puppet/provider/firewall/iptables.rb +++ b/firewall/lib/puppet/provider/firewall/iptables.rb @@ -42,7 +42,7 @@ defaultfor :kernel => :linux confine :kernel => :linux - iptables_version = Facter.fact('iptables_version').value + iptables_version = Facter.value('iptables_version') if (iptables_version and Puppet::Util::Package.versioncmp(iptables_version, '1.4.1') < 0) mark_flag = '--set-mark' else @@ -94,6 +94,8 @@ :rseconds => "--seconds", :rsource => "--rsource", :rttl => "--rttl", + :set_dscp => '--set-dscp', + :set_dscp_class => '--set-dscp-class', :set_mark => mark_flag, :set_mss => '--set-mss', :socket => "-m socket", @@ -252,7 +254,7 @@ def munge_resource_map_from_resource(resource_map_original, compare) :state, :ctstate, :icmp, :limit, :burst, :recent, :rseconds, :reap, :rhitcount, :rttl, :rname, :mask, :rsource, :rdest, :ipset, :jump, :clusterip_new, :clusterip_hashmode, :clusterip_clustermac, :clusterip_total_nodes, :clusterip_local_node, :clusterip_hash_init, - :clamp_mss_to_pmtu, :gateway, :set_mss, :todest, :tosource, :toports, :to, :checksum_fill, :random, :log_prefix, + :clamp_mss_to_pmtu, :gateway, :set_mss, :set_dscp, :set_dscp_class, :todest, :tosource, :toports, :to, :checksum_fill, :random, :log_prefix, :log_level, :reject, :set_mark, :match_mark, :mss, :connlimit_above, :connlimit_mask, :connmark, :time_start, :time_stop, :month_days, :week_days, :date_start, :date_stop, :time_contiguous, :kernel_timezone ] @@ -329,6 +331,8 @@ def self.rule_to_hash(line, table, counter) values = values.gsub(/(!)\s*(-\S+)\s*(\S*)/, '\2 "\1 \3"') # The match extension for tcp & udp are optional and throws off the @resource_map. values = values.gsub(/(?!-m tcp --tcp-flags)-m (tcp|udp) /, '') + # There is a bug in EL5 which puts 2 spaces before physdev, so we fix it + values = values.gsub(/\s{2}--physdev/, ' --physdev') # '--pol ipsec' takes many optional arguments; we cheat again by adding " around them values = values.sub(/ --pol\sipsec @@ -410,6 +414,37 @@ def self.rule_to_hash(line, table, counter) [:dport, :sport, :port, :state, :ctstate].each do |prop| hash[prop] = hash[prop].split(',') if ! hash[prop].nil? end + + ## clean up DSCP class to HEX mappings + valid_dscp_classes = { + '0x0a' => 'af11', + '0x0c' => 'af12', + '0x0e' => 'af13', + '0x12' => 'af21', + '0x14' => 'af22', + '0x16' => 'af23', + '0x1a' => 'af31', + '0x1c' => 'af32', + '0x1e' => 'af33', + '0x22' => 'af41', + '0x24' => 'af42', + '0x26' => 'af43', + '0x08' => 'cs1', + '0x10' => 'cs2', + '0x18' => 'cs3', + '0x20' => 'cs4', + '0x28' => 'cs5', + '0x30' => 'cs6', + '0x38' => 'cs7', + '0x2e' => 'ef' + } + [:set_dscp_class].each do |prop| + [:set_dscp].each do |dmark| + next unless hash[dmark] + hash[prop] = valid_dscp_classes[hash[dmark]] + end + end + # Convert booleans removing the previous cludge we did @known_booleans.each do |bool| @@ -513,7 +548,6 @@ def self.rule_to_hash(line, table, counter) hash[:action] = hash[:jump].downcase hash.delete(:jump) end - hash end @@ -533,7 +567,7 @@ def update_args def delete_args # Split into arguments - line = properties[:line].gsub(/\-A /, '-D ').split(/\s(?=(?:[^"]|"[^"]*")*$)/).map{|v| v.gsub(/"/, '')} + line = properties[:line].gsub(/^\-A /, '-D ').split(/\s(?=(?:[^"]|"[^"]*")*$)/).map{|v| v.gsub(/"/, '')} line.unshift("-t", properties[:table]) end diff --git a/firewall/lib/puppet/type/firewall.rb b/firewall/lib/puppet/type/firewall.rb index 56c6c0c77..72a67f971 100644 --- a/firewall/lib/puppet/type/firewall.rb +++ b/firewall/lib/puppet/type/firewall.rb @@ -272,6 +272,8 @@ def should_to_s(value) newproperty(:port, :array_matching => :all) do desc <<-EOS + DEPRECATED + The destination or source port to match for this filter (if the protocol supports ports). Will accept a single element or an array. @@ -286,6 +288,10 @@ def should_to_s(value) This would cover ports 1 to 1024. EOS + validate do |value| + Puppet.warning('Passing port to firewall is deprecated and will be removed. Use dport and/or sport instead.') + end + munge do |value| @resource.string_to_port(value, :proto) end @@ -841,7 +847,7 @@ def insync?(is) end # Old iptables does not support a mask. New iptables will expect one. - iptables_version = Facter.fact('iptables_version').value + iptables_version = Facter.value('iptables_version') mask_required = (iptables_version and Puppet::Util::Package.versioncmp(iptables_version, '1.4.1') >= 0) if mask_required @@ -873,6 +879,30 @@ def insync?(is) newvalues(:true, :false) end + newproperty(:set_dscp, :required_features => :iptables) do + desc <<-EOS + Set DSCP Markings. + EOS + end + + newproperty(:set_dscp_class, :required_features => :iptables) do + desc <<-EOS + This sets the DSCP field according to a predefined DiffServ class. + EOS + # iptables uses the cisco DSCP classes as the basis for this flag. Values may be found here: + # 'http://www.cisco.com/c/en/us/support/docs/quality-of-service-qos/qos-packet-marking/10103-dscpvalues.html' + valid_codes = [ + 'af11','af12','af13','af21','af22','af23','af31','af32','af33','af41', + 'af42','af43','cs1','cs2','cs3','cs4','cs5','cs6','cs7','ef' + ] + munge do |value| + unless valid_codes.include? value.downcase + raise ArgumentError, "#{value} is not a valid DSCP Class" + end + value.downcase + end + end + newproperty(:set_mss, :required_features => :iptables) do desc <<-EOS Sets the TCP MSS value for packets. @@ -1339,7 +1369,16 @@ def insync?(is) autorequire(:package) do case value(:provider) when :iptables, :ip6tables - %w{iptables iptables-persistent netfilter-persistent iptables-services} + %w{iptables iptables-persistent iptables-services} + else + [] + end + end + + autorequire(:service) do + case value(:provider) + when :iptables, :ip6tables + %w{firewalld iptables ip6tables iptables-persistent netfilter-persistent} else [] end @@ -1405,6 +1444,12 @@ def insync?(is) end end + if value(:jump).to_s == "DSCP" + unless value(:set_dscp) || value(:set_dscp_class) + self.fail "When using jump => DSCP, the set_dscp or set_dscp_class property is required" + end + end + if value(:jump).to_s == "TCPMSS" unless value(:set_mss) || value(:clamp_mss_to_pmtu) self.fail "When using jump => TCPMSS, the set_mss or clamp_mss_to_pmtu property is required" diff --git a/firewall/lib/puppet/type/firewallchain.rb b/firewall/lib/puppet/type/firewallchain.rb index b962a0a36..cb2c61412 100644 --- a/firewall/lib/puppet/type/firewallchain.rb +++ b/firewall/lib/puppet/type/firewallchain.rb @@ -157,6 +157,15 @@ end end + autorequire(:service) do + case value(:provider) + when :iptables, :ip6tables + %w{firewalld iptables ip6tables iptables-persistent netfilter-persistent} + else + [] + end + end + validate do debug("[validate]") diff --git a/firewall/manifests/linux/redhat.pp b/firewall/manifests/linux/redhat.pp index 95e137fbe..54b591c56 100644 --- a/firewall/manifests/linux/redhat.pp +++ b/firewall/manifests/linux/redhat.pp @@ -58,10 +58,19 @@ require => File['/etc/sysconfig/iptables'], } + # Redhat 7 selinux user context for /etc/sysconfig/iptables is set to unconfined_u + case $::selinux { + #lint:ignore:quoted_booleans + 'true',true: { $seluser = 'unconfined_u' } + #lint:endignore + default: { $seluser = undef } + } + file { '/etc/sysconfig/iptables': - ensure => present, - owner => 'root', - group => 'root', - mode => '0600', + ensure => present, + owner => 'root', + group => 'root', + mode => '0600', + seluser => $seluser, } } diff --git a/firewall/metadata.json b/firewall/metadata.json index da9b29713..e1ac5e0fc 100644 --- a/firewall/metadata.json +++ b/firewall/metadata.json @@ -1,6 +1,6 @@ { "name": "puppetlabs-firewall", - "version": "1.6.0", + "version": "1.7.1", "author": "Puppet Labs", "summary": "Manages Firewalls such as iptables", "license": "Apache-2.0", @@ -72,11 +72,11 @@ "requirements": [ { "name": "pe", - "version_requirement": "3.x" + "version_requirement": ">= 3.0.0 < 2015.3.0" }, { "name": "puppet", - "version_requirement": "3.x" + "version_requirement": ">= 3.0.0 < 5.0.0" } ], "dependencies": [ diff --git a/firewall/spec/acceptance/class_spec.rb b/firewall/spec/acceptance/class_spec.rb index 4a9751a6c..0c74f9779 100644 --- a/firewall/spec/acceptance/class_spec.rb +++ b/firewall/spec/acceptance/class_spec.rb @@ -6,7 +6,9 @@ # Run it twice and test for idempotency apply_manifest(pp, :catch_failures => true) - expect(apply_manifest(pp, :catch_failures => true).exit_code).to be_zero + if do_catch_changes + expect(apply_manifest(pp, :catch_failures => true).exit_code).to be_zero + end end it 'ensure => stopped:' do @@ -14,7 +16,9 @@ # Run it twice and test for idempotency apply_manifest(pp, :catch_failures => true) - expect(apply_manifest(pp, :catch_failures => true).exit_code).to be_zero + if do_catch_changes + expect(apply_manifest(pp, :catch_failures => true).exit_code).to be_zero + end end it 'ensure => running:' do @@ -22,6 +26,8 @@ # Run it twice and test for idempotency apply_manifest(pp, :catch_failures => true) - expect(apply_manifest(pp, :catch_failures => true).exit_code).to be_zero + if do_catch_changes + expect(apply_manifest(pp, :catch_failures => true).exit_code).to be_zero + end end end diff --git a/firewall/spec/acceptance/connlimit_spec.rb b/firewall/spec/acceptance/connlimit_spec.rb index bb049a9e0..8fff32931 100644 --- a/firewall/spec/acceptance/connlimit_spec.rb +++ b/firewall/spec/acceptance/connlimit_spec.rb @@ -2,52 +2,63 @@ describe 'firewall type', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do - describe 'connlimit_above' do - context '10' do - it 'applies' do - pp = <<-EOS - class { '::firewall': } - firewall { '500 - test': - proto => tcp, - dport => '22', - connlimit_above => '10', - action => reject, - } - EOS - - apply_manifest(pp, :catch_failures => true) - end + describe 'reset' do + it 'deletes all iptables rules' do + shell('iptables --flush; iptables -t nat --flush; iptables -t mangle --flush') + end + it 'deletes all ip6tables rules' do + shell('ip6tables --flush; ip6tables -t nat --flush; ip6tables -t mangle --flush') + end + end + + if default['platform'] !~ /sles-10/ + describe 'connlimit_above' do + context '10' do + it 'applies' do + pp = <<-EOS + class { '::firewall': } + firewall { '500 - test': + proto => tcp, + dport => '2222', + connlimit_above => '10', + action => reject, + } + EOS - it 'should contain the rule' do - shell('iptables-save') do |r| - #connlimit-saddr is added in Ubuntu 14.04. - expect(r.stdout).to match(/-A INPUT -p tcp -m multiport --dports 22 -m comment --comment "500 - test" -m connlimit --connlimit-above 10 --connlimit-mask 32 (--connlimit-saddr )?-j REJECT --reject-with icmp-port-unreachable/) + apply_manifest(pp, :catch_failures => true) + end + + it 'should contain the rule' do + shell('iptables-save') do |r| + #connlimit-saddr is added in Ubuntu 14.04. + expect(r.stdout).to match(/-A INPUT -p tcp -m multiport --dports 2222 -m comment --comment "500 - test" -m connlimit --connlimit-above 10 --connlimit-mask 32 (--connlimit-saddr )?-j REJECT --reject-with icmp-port-unreachable/) + end end end end - end - describe 'connlimit_mask' do - context '24' do - it 'applies' do - pp = <<-EOS - class { '::firewall': } - firewall { '501 - test': - proto => tcp, - dport => '22', - connlimit_above => '10', - connlimit_mask => '24', - action => reject, - } - EOS - - apply_manifest(pp, :catch_failures => true) - end + describe 'connlimit_mask' do + context '24' do + it 'applies' do + pp = <<-EOS + class { '::firewall': } + firewall { '501 - test': + proto => tcp, + dport => '2222', + connlimit_above => '10', + connlimit_mask => '24', + action => reject, + } + EOS + + apply_manifest(pp, :catch_failures => true) + end - it 'should contain the rule' do - shell('iptables-save') do |r| - #connlimit-saddr is added in Ubuntu 14.04. - expect(r.stdout).to match(/-A INPUT -p tcp -m multiport --dports 22 -m comment --comment "501 - test" -m connlimit --connlimit-above 10 --connlimit-mask 24 (--connlimit-saddr )?-j REJECT --reject-with icmp-port-unreachable/) + it 'should contain the rule' do + shell('iptables-save') do |r| + #connlimit-saddr is added in Ubuntu 14.04. + expect(r.stdout).to match(/-A INPUT -p tcp -m multiport --dports 2222 -m comment --comment "501 - test" -m connlimit --connlimit-above 10 --connlimit-mask 24 (--connlimit-saddr )?-j REJECT --reject-with icmp-port-unreachable/) + end end end end diff --git a/firewall/spec/acceptance/firewall_bridging_spec.rb b/firewall/spec/acceptance/firewall_bridging_spec.rb index b3cf9b6bd..487f1512e 100644 --- a/firewall/spec/acceptance/firewall_bridging_spec.rb +++ b/firewall/spec/acceptance/firewall_bridging_spec.rb @@ -26,9 +26,7 @@ class { '::firewall': } EOS apply_manifest(pp, :catch_failures => true) - unless fact('selinux') == 'true' - apply_manifest(pp, :catch_changes => true) - end + apply_manifest(pp, :catch_changes => do_catch_changes) end it 'should contain the rule' do @@ -52,9 +50,7 @@ class { '::firewall': } EOS apply_manifest(pp, :catch_failures => true) - unless fact('selinux') == 'true' - apply_manifest(pp, :catch_changes => true) - end + apply_manifest(pp, :catch_changes => do_catch_changes) end it 'should contain the rule' do @@ -79,9 +75,7 @@ class { '::firewall': } EOS apply_manifest(pp, :catch_failures => true) - unless fact('selinux') == 'true' - apply_manifest(pp, :catch_changes => true) - end + apply_manifest(pp, :catch_changes => do_catch_changes) end it 'should contain the rule' do @@ -105,9 +99,7 @@ class { '::firewall': } EOS apply_manifest(pp, :catch_failures => true) - unless fact('selinux') == 'true' - apply_manifest(pp, :catch_changes => true) - end + apply_manifest(pp, :catch_changes => do_catch_changes) end it 'should contain the rule' do @@ -132,9 +124,7 @@ class { '::firewall': } EOS apply_manifest(pp, :catch_failures => true) - unless fact('selinux') == 'true' - apply_manifest(pp, :catch_changes => true) - end + apply_manifest(pp, :catch_changes => do_catch_changes) end it 'should contain the rule' do @@ -159,9 +149,7 @@ class { '::firewall': } EOS apply_manifest(pp, :catch_failures => true) - unless fact('selinux') == 'true' - apply_manifest(pp, :catch_changes => true) - end + apply_manifest(pp, :catch_changes => do_catch_changes) end it 'should contain the rule' do @@ -187,9 +175,7 @@ class { '::firewall': } EOS apply_manifest(pp, :catch_failures => true) - unless fact('selinux') == 'true' - apply_manifest(pp, :catch_changes => true) - end + apply_manifest(pp, :catch_changes => do_catch_changes) end it 'should contain the rule' do @@ -202,7 +188,7 @@ class { '::firewall': } end #iptables version 1.3.5 is not suppored by the ip6tables provider - if default['platform'] !~ /el-5/ + if default['platform'] !~ /el-5/ and default['platform'] !~ /sles-10/ describe 'ip6tables physdev tests' do context 'physdev_in eth0' do it 'applies' do @@ -219,9 +205,7 @@ class { '::firewall': } EOS apply_manifest(pp, :catch_failures => true) - unless fact('selinux') == 'true' - apply_manifest(pp, :catch_changes => true) - end + apply_manifest(pp, :catch_changes => do_catch_changes) end it 'should contain the rule' do @@ -246,9 +230,7 @@ class { '::firewall': } EOS apply_manifest(pp, :catch_failures => true) - unless fact('selinux') == 'true' - apply_manifest(pp, :catch_changes => true) - end + apply_manifest(pp, :catch_changes => do_catch_changes) end it 'should contain the rule' do @@ -274,9 +256,7 @@ class { '::firewall': } EOS apply_manifest(pp, :catch_failures => true) - unless fact('selinux') == 'true' - apply_manifest(pp, :catch_changes => true) - end + apply_manifest(pp, :catch_changes => do_catch_changes) end it 'should contain the rule' do @@ -301,9 +281,7 @@ class { '::firewall': } EOS apply_manifest(pp, :catch_failures => true) - unless fact('selinux') == 'true' - apply_manifest(pp, :catch_changes => true) - end + apply_manifest(pp, :catch_changes => do_catch_changes) end it 'should contain the rule' do @@ -329,9 +307,7 @@ class { '::firewall': } EOS apply_manifest(pp, :catch_failures => true) - unless fact('selinux') == 'true' - apply_manifest(pp, :catch_changes => true) - end + apply_manifest(pp, :catch_changes => do_catch_changes) end it 'should contain the rule' do @@ -357,9 +333,7 @@ class { '::firewall': } EOS apply_manifest(pp, :catch_failures => true) - unless fact('selinux') == 'true' - apply_manifest(pp, :catch_changes => true) - end + apply_manifest(pp, :catch_changes => do_catch_changes) end it 'should contain the rule' do @@ -386,9 +360,7 @@ class { '::firewall': } EOS apply_manifest(pp, :catch_failures => true) - unless fact('selinux') == 'true' - apply_manifest(pp, :catch_changes => true) - end + apply_manifest(pp, :catch_changes => do_catch_changes) end it 'should contain the rule' do @@ -400,4 +372,4 @@ class { '::firewall': } end end -end \ No newline at end of file +end diff --git a/firewall/spec/acceptance/firewall_dscp_spec.rb b/firewall/spec/acceptance/firewall_dscp_spec.rb new file mode 100644 index 000000000..a85100a05 --- /dev/null +++ b/firewall/spec/acceptance/firewall_dscp_spec.rb @@ -0,0 +1,118 @@ +require 'spec_helper_acceptance' + +describe 'firewall type', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do + + before(:all) do + shell('iptables --flush; iptables -t nat --flush; iptables -t mangle --flush') + shell('ip6tables --flush; ip6tables -t nat --flush; ip6tables -t mangle --flush') + end + + describe 'dscp ipv4 tests' do + context 'set_dscp 0x01' do + it 'applies' do + pp = <<-EOS + class { '::firewall': } + firewall { + '1000 - set_dscp': + proto => 'tcp', + jump => 'DSCP', + set_dscp => '0x01', + port => '997', + chain => 'OUTPUT', + table => 'mangle', + } + EOS + + apply_manifest(pp, :catch_failures => true) + end + + it 'should contain the rule' do + shell('iptables-save -t mangle') do |r| + expect(r.stdout).to match(/-A OUTPUT -p tcp -m multiport --ports 997 -m comment --comment "1000 - set_dscp" -j DSCP --set-dscp 0x01/) + end + end + end + + context 'set_dscp_class EF' do + it 'applies' do + pp = <<-EOS + class { '::firewall': } + firewall { + '1001 EF - set_dscp_class': + proto => 'tcp', + jump => 'DSCP', + port => '997', + set_dscp_class => 'EF', + chain => 'OUTPUT', + table => 'mangle', + } + EOS + + apply_manifest(pp, :catch_failures => true) + end + + it 'should contain the rule' do + shell('iptables-save') do |r| + expect(r.stdout).to match(/-A OUTPUT -p tcp -m multiport --ports 997 -m comment --comment "1001 EF - set_dscp_class" -j DSCP --set-dscp 0x2e/) + end + end + end + end + + if default['platform'] !~ /el-5/ and default['platform'] !~ /sles-10/ + describe 'dscp ipv6 tests' do + context 'set_dscp 0x01' do + it 'applies' do + pp = <<-EOS + class { '::firewall': } + firewall { + '1002 - set_dscp': + proto => 'tcp', + jump => 'DSCP', + set_dscp => '0x01', + port => '997', + chain => 'OUTPUT', + table => 'mangle', + provider => 'ip6tables', + } + EOS + + apply_manifest(pp, :catch_failures => true) + end + + it 'should contain the rule' do + shell('ip6tables-save -t mangle') do |r| + expect(r.stdout).to match(/-A OUTPUT -p tcp -m multiport --ports 997 -m comment --comment "1002 - set_dscp" -j DSCP --set-dscp 0x01/) + end + end + end + + context 'set_dscp_class EF' do + it 'applies' do + pp = <<-EOS + class { '::firewall': } + firewall { + '1003 EF - set_dscp_class': + proto => 'tcp', + jump => 'DSCP', + port => '997', + set_dscp_class => 'EF', + chain => 'OUTPUT', + table => 'mangle', + provider => 'ip6tables', + } + EOS + + apply_manifest(pp, :catch_failures => true) + end + + it 'should contain the rule' do + shell('ip6tables-save') do |r| + expect(r.stdout).to match(/-A OUTPUT -p tcp -m multiport --ports 997 -m comment --comment "1003 EF - set_dscp_class" -j DSCP --set-dscp 0x2e/) + end + end + end + end + end + +end diff --git a/firewall/spec/acceptance/firewall_iptmodules_spec.rb b/firewall/spec/acceptance/firewall_iptmodules_spec.rb index f0087634d..259a472f9 100644 --- a/firewall/spec/acceptance/firewall_iptmodules_spec.rb +++ b/firewall/spec/acceptance/firewall_iptmodules_spec.rb @@ -34,9 +34,7 @@ class { '::firewall': } EOS apply_manifest(pp, :catch_failures => true) - unless fact('selinux') == 'true' - apply_manifest(pp, :catch_changes => true) - end + apply_manifest(pp, :catch_changes => do_catch_changes) end it 'should contain the rule' do @@ -64,9 +62,7 @@ class { '::firewall': } EOS apply_manifest(pp, :catch_failures => true) - unless fact('selinux') == 'true' - apply_manifest(pp, :catch_changes => true) - end + apply_manifest(pp, :catch_changes => do_catch_changes) end it 'should contain the rule' do @@ -103,9 +99,7 @@ class { '::firewall': } EOS apply_manifest(pp, :catch_failures => true) - unless fact('selinux') == 'true' - apply_manifest(pp, :catch_changes => true) - end + apply_manifest(pp, :catch_changes => do_catch_changes) end it 'should contain the rule' do @@ -134,9 +128,7 @@ class { '::firewall': } EOS apply_manifest(pp, :catch_failures => true) - unless fact('selinux') == 'true' - apply_manifest(pp, :catch_changes => true) - end + apply_manifest(pp, :catch_changes => do_catch_changes) end it 'should contain the rule' do @@ -148,7 +140,7 @@ class { '::firewall': } end # Older OSes don't have addrtype so we leave those properties out. # el-5 doesn't support ipv6 by default - elsif default['platform'] !~ /el-5/ + elsif default['platform'] !~ /el-5/ and default['platform'] !~ /sles-10/ describe 'ip6tables ipt_modules tests' do context 'all the modules with multiple args' do it 'applies' do @@ -171,9 +163,7 @@ class { '::firewall': } EOS apply_manifest(pp, :catch_failures => true) - unless fact('selinux') == 'true' - apply_manifest(pp, :catch_changes => true) - end + apply_manifest(pp, :catch_changes => do_catch_changes) end it 'should contain the rule' do @@ -201,9 +191,7 @@ class { '::firewall': } EOS apply_manifest(pp, :catch_failures => true) - unless fact('selinux') == 'true' - apply_manifest(pp, :catch_changes => true) - end + apply_manifest(pp, :catch_changes => do_catch_changes) end it 'should contain the rule' do @@ -215,4 +203,4 @@ class { '::firewall': } end end -end \ No newline at end of file +end diff --git a/firewall/spec/acceptance/firewall_mss_spec.rb b/firewall/spec/acceptance/firewall_mss_spec.rb index 167c9586e..4a2125b29 100644 --- a/firewall/spec/acceptance/firewall_mss_spec.rb +++ b/firewall/spec/acceptance/firewall_mss_spec.rb @@ -59,7 +59,7 @@ class { '::firewall': } end end - if default['platform'] !~ /el-5/ + if default['platform'] !~ /el-5/ and default['platform'] !~ /sles-10/ describe 'mss ipv6 tests' do context '1360' do it 'applies' do diff --git a/firewall/spec/acceptance/firewall_spec.rb b/firewall/spec/acceptance/firewall_spec.rb index cc2483247..4b3a43887 100644 --- a/firewall/spec/acceptance/firewall_spec.rb +++ b/firewall/spec/acceptance/firewall_spec.rb @@ -116,9 +116,7 @@ class { '::firewall': } EOS apply_manifest(pp, :catch_failures => true) - unless fact('selinux') == 'true' - apply_manifest(pp, :catch_changes => true) - end + apply_manifest(pp, :catch_changes => do_catch_changes) end it 'should contain the rule' do @@ -141,9 +139,7 @@ class { '::firewall': } EOS apply_manifest(pp, :catch_failures => true) - unless fact('selinux') == 'true' - apply_manifest(pp, :catch_changes => true) - end + apply_manifest(pp, :catch_changes => do_catch_changes) end it 'should contain the rule' do @@ -193,9 +189,7 @@ class { '::firewall': } EOS apply_manifest(pp, :catch_failures => true) - unless fact('selinux') == 'true' - apply_manifest(pp, :catch_changes => true) - end + apply_manifest(pp, :catch_changes => do_catch_changes) end it 'should contain the rule' do @@ -245,9 +239,7 @@ class { '::firewall': } EOS apply_manifest(pp, :catch_failures => true) - unless fact('selinux') == 'true' - apply_manifest(pp, :catch_changes => true) - end + apply_manifest(pp, :catch_changes => do_catch_changes) end it 'should contain the rule' do @@ -270,9 +262,7 @@ class { '::firewall': } EOS apply_manifest(pp, :catch_failures => true) - unless fact('selinux') == 'true' - apply_manifest(pp, :catch_changes => true) - end + apply_manifest(pp, :catch_changes => do_catch_changes) end it 'should contain the rule' do @@ -322,9 +312,7 @@ class { '::firewall': } EOS apply_manifest(pp, :catch_failures => true) - unless fact('selinux') == 'true' - apply_manifest(pp, :catch_changes => true) - end + apply_manifest(pp, :catch_changes => do_catch_changes) end it 'should contain the rule' do @@ -596,9 +584,7 @@ class { '::firewall': } EOS apply_manifest(pp, :catch_failures => true) - unless fact('selinux') == 'true' - apply_manifest(pp, :catch_changes => true) - end + apply_manifest(pp, :catch_changes => do_catch_changes) end it 'should contain the rule' do @@ -917,7 +903,7 @@ class { '::firewall': } end # RHEL5 does not support --random - if default['platform'] !~ /el-5/ + if default['platform'] !~ /el-5/ and default['platform'] !~ /sles-10/ describe 'random' do context '192.168.1.1' do it 'applies' do @@ -934,9 +920,7 @@ class { '::firewall': } EOS apply_manifest(pp, :catch_failures => true) - unless fact('selinux') == 'true' - apply_manifest(pp, :catch_changes => true) - end + apply_manifest(pp, :catch_changes => do_catch_changes) end it 'should contain the rule' do @@ -973,7 +957,7 @@ class { '::firewall': } end #iptables version 1.3.5 is not suppored by the ip6tables provider - if default['platform'] !~ /el-5/ + if default['platform'] !~ /el-5/ and default['platform'] !~ /sles-10/ describe 'hop_limit' do context '5' do it 'applies' do @@ -1215,9 +1199,7 @@ class { '::firewall': } EOS apply_manifest(pp, :catch_failures => true) - unless fact('selinux') == 'true' - apply_manifest(pp, :catch_changes => true) - end + apply_manifest(pp, :catch_changes => do_catch_changes) end it 'should contain the rule' do @@ -1269,9 +1251,7 @@ class { '::firewall': } EOS apply_manifest(pp, :catch_failures => true) - unless fact('selinux') == 'true' - apply_manifest(pp, :catch_changes => true) - end + apply_manifest(pp, :catch_changes => do_catch_changes) end it 'should contain the rule' do @@ -1629,9 +1609,7 @@ class { '::firewall': } EOS apply_manifest(pp, :catch_failures => true) - unless fact('selinux') == 'true' - apply_manifest(pp, :catch_changes => true) - end + apply_manifest(pp, :catch_changes => do_catch_changes) end it 'should contain the rule' do @@ -1654,9 +1632,7 @@ class { '::firewall': } EOS apply_manifest(pp, :catch_failures => true) - unless fact('selinux') == 'true' - apply_manifest(pp, :catch_changes => true) - end + apply_manifest(pp, :catch_changes => do_catch_changes) end it 'should contain the rule' do @@ -1825,7 +1801,7 @@ class { '::firewall': } end #iptables version 1.3.5 does not support masks on MARK rules - if default['platform'] !~ /el-5/ + if default['platform'] !~ /el-5/ and default['platform'] !~ /sles-10/ describe 'set_mark' do context '0x3e8/0xffffffff' do it 'applies' do @@ -2241,7 +2217,7 @@ class { '::firewall': } it 'should contain the rule' do shell('iptables-save') do |r| - if (fact('osfamily') == 'RedHat' and fact('operatingsystemmajrelease') == '5') + if (fact('osfamily') == 'RedHat' and fact('operatingsystemmajrelease') == '5') or (default['platform'] =~ /sles-10/) expect(r.stdout).to match(/-A INPUT -s 10.1.5.28 -p tcp -m mac --mac-source 0A:1B:3C:4D:5E:6F -m comment --comment "610 - test"/) else expect(r.stdout).to match(/-A INPUT -s 10.1.5.28\/(32|255\.255\.255\.255) -p tcp -m mac --mac-source 0A:1B:3C:4D:5E:6F -m comment --comment "610 - test"/) @@ -2354,4 +2330,44 @@ class { '::firewall': } end end + context 'comment containing "-A "' do + it 'adds the rule' do + pp = <<-EOS + class { '::firewall': } + firewall { '700 - blah-A Test Rule': + jump => 'LOG', + log_prefix => 'FW-A-INPUT: ', + } + EOS + + apply_manifest(pp, :catch_failures => true) + end + + it 'should contain the rule' do + shell('iptables-save') do |r| + expect(r.stdout).to match(/-A INPUT -p tcp -m comment --comment "700 - blah-A Test Rule" -j LOG --log-prefix "FW-A-INPUT: "/) + end + end + + it 'removes the rule' do + pp = <<-EOS + class { '::firewall': } + firewall { '700 - blah-A Test Rule': + ensure => absent, + jump => 'LOG', + log_prefix => 'FW-A-INPUT: ', + } + EOS + + apply_manifest(pp, :catch_failures => true) + end + + it 'should not contain the rule' do + shell('iptables-save') do |r| + expect(r.stdout).to_not match(/-A INPUT -p tcp -m comment --comment "700 - blah-A Test Rule" -j LOG --log-prefix "FW-A-INPUT: "/) + end + end + end + + end diff --git a/firewall/spec/acceptance/firewall_time_spec.rb b/firewall/spec/acceptance/firewall_time_spec.rb index 589148e1f..e6ea34e3b 100644 --- a/firewall/spec/acceptance/firewall_time_spec.rb +++ b/firewall/spec/acceptance/firewall_time_spec.rb @@ -30,9 +30,7 @@ class { '::firewall': } EOS apply_manifest(pp, :catch_failures => true) - unless fact('selinux') == 'true' - apply_manifest(pp, :catch_changes => true) - end + apply_manifest(pp, :catch_changes => do_catch_changes) end it 'should contain the rule' do @@ -65,9 +63,7 @@ class { '::firewall': } EOS apply_manifest(pp, :catch_failures => true) - unless fact('selinux') == 'true' - apply_manifest(pp, :catch_changes => true) - end + apply_manifest(pp, :catch_changes => do_catch_changes) end it 'should contain the rule' do diff --git a/firewall/spec/acceptance/firewall_uid_spec.rb b/firewall/spec/acceptance/firewall_uid_spec.rb index 50728b45b..ce45333e9 100644 --- a/firewall/spec/acceptance/firewall_uid_spec.rb +++ b/firewall/spec/acceptance/firewall_uid_spec.rb @@ -25,9 +25,7 @@ class { '::firewall': } EOS apply_manifest(pp, :catch_failures => true) - unless fact('selinux') == 'true' - apply_manifest(pp, :catch_changes => true) - end + apply_manifest(pp, :catch_changes => do_catch_changes) end it 'should contain the rule' do @@ -50,9 +48,7 @@ class { '::firewall': } EOS apply_manifest(pp, :catch_failures => true) - unless fact('selinux') == 'true' - apply_manifest(pp, :catch_changes => true) - end + apply_manifest(pp, :catch_changes => do_catch_changes) end it 'should contain the rule' do @@ -75,9 +71,7 @@ class { '::firewall': } EOS apply_manifest(pp, :catch_failures => true) - unless fact('selinux') == 'true' - apply_manifest(pp, :catch_changes => true) - end + apply_manifest(pp, :catch_changes => do_catch_changes) end it 'should contain the rule' do @@ -100,9 +94,7 @@ class { '::firewall': } EOS apply_manifest(pp, :catch_failures => true) - unless fact('selinux') == 'true' - apply_manifest(pp, :catch_changes => true) - end + apply_manifest(pp, :catch_changes => do_catch_changes) end it 'should contain the rule' do diff --git a/firewall/spec/acceptance/firewallchain_spec.rb b/firewall/spec/acceptance/firewallchain_spec.rb index fab20b3ab..eaf71ccd3 100644 --- a/firewall/spec/acceptance/firewallchain_spec.rb +++ b/firewall/spec/acceptance/firewallchain_spec.rb @@ -14,9 +14,7 @@ EOS # Run it twice and test for idempotency apply_manifest(pp, :catch_failures => true) - unless fact('selinux') == 'true' - apply_manifest(pp, :catch_changes => true) - end + apply_manifest(pp, :catch_changes => do_catch_changes) end it 'finds the chain' do @@ -35,9 +33,7 @@ EOS # Run it twice and test for idempotency apply_manifest(pp, :catch_failures => true) - unless fact('selinux') == 'true' - apply_manifest(pp, :catch_changes => true) - end + apply_manifest(pp, :catch_changes => do_catch_changes) end it 'fails to find the chain' do @@ -64,7 +60,7 @@ # EOS # # Run it twice and test for idempotency # apply_manifest(pp, :catch_failures => true) - # apply_manifest(pp, :catch_changes => true) + # apply_manifest(pp, :catch_changes => do_catch_changes) # end #end @@ -85,7 +81,7 @@ # expect(r.stdout).to_not match(/removed/) # expect(r.stderr).to eq('') # end - # apply_manifest(pp, :catch_changes => true) + # apply_manifest(pp, :catch_changes => do_catch_changes) # end # it 'still has the rule' do @@ -98,7 +94,7 @@ # } # EOS # # Run it twice and test for idempotency - # apply_manifest(pp, :catch_changes => true) + # apply_manifest(pp, :catch_changes => do_catch_changes) # end #end @@ -116,9 +112,7 @@ EOS # Run it twice and test for idempotency apply_manifest(pp, :catch_failures => true) - unless fact('selinux') == 'true' - apply_manifest(pp, :catch_changes => true) - end + apply_manifest(pp, :catch_changes => do_catch_changes) end it 'finds the chain' do diff --git a/firewall/spec/acceptance/invert_spec.rb b/firewall/spec/acceptance/invert_spec.rb index 16af9b8ba..07d698a66 100644 --- a/firewall/spec/acceptance/invert_spec.rb +++ b/firewall/spec/acceptance/invert_spec.rb @@ -25,14 +25,12 @@ class { '::firewall': } EOS apply_manifest(pp, :catch_failures => true) - unless fact('selinux') == 'true' - apply_manifest(pp, :catch_changes => true) - end + apply_manifest(pp, :catch_changes => do_catch_changes) end it 'should contain the rules' do shell('iptables-save') do |r| - if (fact('osfamily') == 'RedHat' and fact('operatingsystemmajrelease') == '5') + if (fact('osfamily') == 'RedHat' and fact('operatingsystemmajrelease') == '5') or (default['platform'] =~ /sles-10/) expect(r.stdout).to match(/-A INPUT -p ! esp -m comment --comment "601 disallow esp protocol" -j ACCEPT/) expect(r.stdout).to match(/-A INPUT -s ! 10\.0\.0\.0\/255\.0\.0\.0 -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m multiport --sports ! 80,443 -m comment --comment "602 drop NEW external website packets with FIN\/RST\/ACK set and SYN unset" -m state --state NEW -j DROP/) else diff --git a/firewall/spec/acceptance/ip6_fragment_spec.rb b/firewall/spec/acceptance/ip6_fragment_spec.rb index 61e79cef3..64728ed40 100644 --- a/firewall/spec/acceptance/ip6_fragment_spec.rb +++ b/firewall/spec/acceptance/ip6_fragment_spec.rb @@ -1,6 +1,6 @@ require 'spec_helper_acceptance' -if default['platform'] =~ /el-5/ +if default['platform'] =~ /el-5/ or default['platform'] =~ /sles-10/ describe "firewall ip6tables doesn't work on 1.3.5 because --comment is missing", :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do before :all do ip6tables_flush_all_tables @@ -37,9 +37,7 @@ class { '::firewall': } EOS apply_manifest(pp, :catch_failures => true) - unless fact('selinux') == 'true' - apply_manifest(pp, :catch_changes => true) - end + apply_manifest(pp, :catch_changes => do_catch_changes) shell('ip6tables-save') do |r| expect(r.stdout).to match(/#{line_match}/) @@ -58,11 +56,7 @@ class { '::firewall': } } EOS - if fact('selinux') == 'true' - apply_manifest(pp, :catch_failures => true) - else - apply_manifest(pp, :catch_changes => true) - end + apply_manifest(pp, :catch_changes => do_catch_changes) shell('ip6tables-save') do |r| expect(r.stdout).to match(/#{line_match}/) diff --git a/firewall/spec/acceptance/isfragment_spec.rb b/firewall/spec/acceptance/isfragment_spec.rb index 772f9493e..f48f27234 100644 --- a/firewall/spec/acceptance/isfragment_spec.rb +++ b/firewall/spec/acceptance/isfragment_spec.rb @@ -17,9 +17,7 @@ class { '::firewall': } EOS apply_manifest(pp, :catch_failures => true) - unless fact('selinux') == 'true' - apply_manifest(pp, :catch_changes => true) - end + apply_manifest(pp, :catch_changes => do_catch_changes) shell('iptables-save') do |r| expect(r.stdout).to match(/#{line_match}/) @@ -37,11 +35,7 @@ class { '::firewall': } } EOS - if fact('selinux') == 'true' - apply_manifest(pp, :catch_failures => true) - else - apply_manifest(pp, :catch_changes => true) - end + apply_manifest(pp, :catch_changes => do_catch_changes) shell('iptables-save') do |r| expect(r.stdout).to match(/#{line_match}/) diff --git a/firewall/spec/acceptance/match_mark_spec.rb b/firewall/spec/acceptance/match_mark_spec.rb index a2fff4930..cf5858db0 100644 --- a/firewall/spec/acceptance/match_mark_spec.rb +++ b/firewall/spec/acceptance/match_mark_spec.rb @@ -7,7 +7,7 @@ shell('ip6tables --flush; ip6tables -t nat --flush; ip6tables -t mangle --flush') end - if default['platform'] !~ /el-5/ + if default['platform'] !~ /el-5/ and default['platform'] !~ /sles-10/ describe 'match_mark' do context '0x1' do it 'applies' do diff --git a/firewall/spec/acceptance/purge_spec.rb b/firewall/spec/acceptance/purge_spec.rb index 73582b878..e191c12b4 100644 --- a/firewall/spec/acceptance/purge_spec.rb +++ b/firewall/spec/acceptance/purge_spec.rb @@ -71,9 +71,7 @@ class { 'firewall': } } EOS - unless fact('selinux') == 'true' - apply_manifest(pp, :catch_changes => true) - end + apply_manifest(pp, :catch_changes => do_catch_changes) end it 'ignores specified rules' do @@ -87,11 +85,7 @@ class { 'firewall': } } EOS - if fact('selinux') == 'true' - apply_manifest(pp, :catch_failures => true) - else - apply_manifest(pp, :catch_changes => true) - end + apply_manifest(pp, :catch_changes => do_catch_changes) end it 'adds managed rules with ignored rules' do @@ -130,110 +124,107 @@ class { 'firewall': } expect(shell('iptables-save').stdout).to match(/-A INPUT -s 1\.2\.1\.1(\/32)? -p tcp\s?\n-A INPUT -s 1\.2\.1\.1(\/32)? -p udp/) end end - context 'ipv6 chain purge', :unless => (fact('osfamily') == 'RedHat' and fact('operatingsystemmajrelease') == '5') do - after(:all) do - ip6tables_flush_all_tables - end - before(:each) do - ip6tables_flush_all_tables - - shell('ip6tables -A INPUT -p tcp -s 1::42') - shell('ip6tables -A INPUT -p udp -s 1::42') - shell('ip6tables -A OUTPUT -s 1::50 -m comment --comment "010 output-1::50"') - end - it 'purges only the specified chain' do - pp = <<-EOS - class { 'firewall': } - firewallchain { 'INPUT:filter:IPv6': - purge => true, - } - EOS - - apply_manifest(pp, :expect_changes => true) - - shell('ip6tables-save') do |r| - expect(r.stdout).to match(/010 output-1::50/) - expect(r.stdout).to_not match(/1::42/) - expect(r.stderr).to eq("") + if default['platform'] !~ /el-5/ and default['platform'] !~ /sles-10/ + context 'ipv6 chain purge' do + after(:all) do + ip6tables_flush_all_tables end - end + before(:each) do + ip6tables_flush_all_tables - it 'ignores managed rules' do - pp = <<-EOS - class { 'firewall': } - firewallchain { 'OUTPUT:filter:IPv6': - purge => true, - } - firewall { '010 output-1::50': - chain => 'OUTPUT', - proto => 'all', - source => '1::50', - provider => 'ip6tables', - } - EOS + shell('ip6tables -A INPUT -p tcp -s 1::42') + shell('ip6tables -A INPUT -p udp -s 1::42') + shell('ip6tables -A OUTPUT -s 1::50 -m comment --comment "010 output-1::50"') + end - unless fact('selinux') == 'true' - apply_manifest(pp, :catch_changes => true) + it 'purges only the specified chain' do + pp = <<-EOS + class { 'firewall': } + firewallchain { 'INPUT:filter:IPv6': + purge => true, + } + EOS + + apply_manifest(pp, :expect_changes => true) + + shell('ip6tables-save') do |r| + expect(r.stdout).to match(/010 output-1::50/) + expect(r.stdout).to_not match(/1::42/) + expect(r.stderr).to eq("") + end end - end - it 'ignores specified rules' do - pp = <<-EOS - class { 'firewall': } - firewallchain { 'INPUT:filter:IPv6': - purge => true, - ignore => [ - '-s 1::42', - ], - } - EOS + it 'ignores managed rules' do + pp = <<-EOS + class { 'firewall': } + firewallchain { 'OUTPUT:filter:IPv6': + purge => true, + } + firewall { '010 output-1::50': + chain => 'OUTPUT', + proto => 'all', + source => '1::50', + provider => 'ip6tables', + } + EOS + + apply_manifest(pp, :catch_changes => do_catch_changes) + end - if fact('selinux') == 'true' - apply_manifest(pp, :catch_failures => true) - else - apply_manifest(pp, :catch_changes => true) + it 'ignores specified rules' do + pp = <<-EOS + class { 'firewall': } + firewallchain { 'INPUT:filter:IPv6': + purge => true, + ignore => [ + '-s 1::42', + ], + } + EOS + + apply_manifest(pp, :catch_changes => do_catch_changes) end - end - it 'adds managed rules with ignored rules' do - pp = <<-EOS - class { 'firewall': } - firewallchain { 'INPUT:filter:IPv6': - purge => true, - ignore => [ - '-s 1::42', - ], - } - firewall { '014 input-1::46': - chain => 'INPUT', - proto => 'all', - source => '1::46', - provider => 'ip6tables', - } - -> firewall { '013 input-1::45': - chain => 'INPUT', - proto => 'all', - source => '1::45', - provider => 'ip6tables', - } - -> firewall { '012 input-1::44': - chain => 'INPUT', - proto => 'all', - source => '1::44', - provider => 'ip6tables', - } - -> firewall { '011 input-1::43': - chain => 'INPUT', - proto => 'all', - source => '1::43', - provider => 'ip6tables', - } - EOS + it 'adds managed rules with ignored rules' do + pp = <<-EOS + class { 'firewall': } + firewallchain { 'INPUT:filter:IPv6': + purge => true, + ignore => [ + '-s 1::42', + ], + } + firewall { '014 input-1::46': + chain => 'INPUT', + proto => 'all', + source => '1::46', + provider => 'ip6tables', + } + -> firewall { '013 input-1::45': + chain => 'INPUT', + proto => 'all', + source => '1::45', + provider => 'ip6tables', + } + -> firewall { '012 input-1::44': + chain => 'INPUT', + proto => 'all', + source => '1::44', + provider => 'ip6tables', + } + -> firewall { '011 input-1::43': + chain => 'INPUT', + proto => 'all', + source => '1::43', + provider => 'ip6tables', + } + EOS - apply_manifest(pp, :catch_failures => true) + apply_manifest(pp, :catch_failures => true) - expect(shell('ip6tables-save').stdout).to match(/-A INPUT -s 1::42(\/128)? -p tcp\s?\n-A INPUT -s 1::42(\/128)? -p udp/) + expect(shell('ip6tables-save').stdout).to match(/-A INPUT -s 1::42(\/128)? -p tcp\s?\n-A INPUT -s 1::42(\/128)? -p udp/) + end end end end diff --git a/firewall/spec/acceptance/resource_cmd_spec.rb b/firewall/spec/acceptance/resource_cmd_spec.rb index f2b0141ce..76a106e2e 100644 --- a/firewall/spec/acceptance/resource_cmd_spec.rb +++ b/firewall/spec/acceptance/resource_cmd_spec.rb @@ -96,20 +96,22 @@ end end - context 'accepts rules utilizing the statistic module' do - before :all do - iptables_flush_all_tables - # This command doesn't work with all versions/oses, so let it fail - shell('iptables -t nat -A POSTROUTING -d 1.2.3.4/32 -o eth0 -m statistic --mode nth --every 2 -j SNAT --to-source 2.3.4.5', :acceptable_exit_codes => [0,1,2] ) - shell('iptables -t nat -A POSTROUTING -d 1.2.3.4/32 -o eth0 -m statistic --mode nth --every 1 --packet 0 -j SNAT --to-source 2.3.4.6') - shell('iptables -t nat -A POSTROUTING -d 1.2.3.4/32 -o eth0 -m statistic --mode random --probability 0.99 -j SNAT --to-source 2.3.4.7') - end + if default['platform'] !~ /sles-10/ + context 'accepts rules utilizing the statistic module' do + before :all do + iptables_flush_all_tables + # This command doesn't work with all versions/oses, so let it fail + shell('iptables -t nat -A POSTROUTING -d 1.2.3.4/32 -o eth0 -m statistic --mode nth --every 2 -j SNAT --to-source 2.3.4.5', :acceptable_exit_codes => [0,1,2] ) + shell('iptables -t nat -A POSTROUTING -d 1.2.3.4/32 -o eth0 -m statistic --mode nth --every 1 --packet 0 -j SNAT --to-source 2.3.4.6') + shell('iptables -t nat -A POSTROUTING -d 1.2.3.4/32 -o eth0 -m statistic --mode random --probability 0.99 -j SNAT --to-source 2.3.4.7') + end - it do - shell('puppet resource firewall') do |r| - r.exit_code.should be_zero - # don't check stdout, testing preexisting rules, output is normal - r.stderr.should be_empty + it do + shell('puppet resource firewall') do |r| + r.exit_code.should be_zero + # don't check stdout, testing preexisting rules, output is normal + r.stderr.should be_empty + end end end end @@ -150,7 +152,7 @@ # version of iptables that ships with el5 doesn't work with the # ip6tables provider - if default['platform'] !~ /el-5/ + if default['platform'] !~ /el-5/ and default['platform'] !~ /sles-10/ context 'dport/sport with ip6tables' do before :all do if fact('osfamily') == 'Debian' diff --git a/firewall/spec/acceptance/rules_spec.rb b/firewall/spec/acceptance/rules_spec.rb index c2acb8b82..fee12dd7d 100644 --- a/firewall/spec/acceptance/rules_spec.rb +++ b/firewall/spec/acceptance/rules_spec.rb @@ -140,12 +140,20 @@ class { '::firewall': } ], } + firewall { '001 ssh needed for beaker testing': + proto => 'tcp', + dport => '22', + action => 'accept', + before => Firewallchain['INPUT:filter:IPv4'], + } + firewall { '010 INPUT allow established and related': proto => 'all', state => ['ESTABLISHED', 'RELATED'], action => 'accept', before => Firewallchain['INPUT:filter:IPv4'], } + firewall { "011 reject local traffic not on loopback interface": iniface => '! lo', proto => 'all', @@ -164,6 +172,7 @@ class { '::firewall': } action => 'accept', before => Firewallchain['INPUT:filter:IPv4'], } + firewall { '025 smtp': outiface => '! eth0:2', chain => 'OUTPUT', @@ -195,10 +204,6 @@ class { '::firewall': } action => 'accept', iniface => 'eth0:3', } - firewall { '999 reject': - action => 'reject', - reject => 'icmp-host-prohibited', - } firewallchain { 'LOCAL_INPUT_PRE:filter:IPv4': } firewall { '001 LOCAL_INPUT_PRE': @@ -242,9 +247,7 @@ class { '::firewall': } # Run it twice and test for idempotency apply_manifest(pp, :catch_failures => true) - unless fact('selinux') == 'true' - apply_manifest(pp, :catch_changes => true) - end + apply_manifest(pp, :catch_changes => do_catch_changes) end it 'contains appropriate rules' do @@ -263,10 +266,10 @@ class { '::firewall': } /-A INPUT -s 10.0.0.0\/(8|255\.0\.0\.0) -p icmp -m comment --comment \"013 icmp echo-request\" -m icmp --icmp-type 8 -j ACCEPT/, /-A INPUT -p icmp -m comment --comment \"013 icmp time-exceeded\" -m icmp --icmp-type 11 -j ACCEPT/, /-A INPUT -p tcp -m multiport --dports 22 -m comment --comment \"020 ssh\" -m state --state NEW -j ACCEPT/, + /-A INPUT -p tcp -m multiport --dports 22 -m comment --comment \"001 ssh needed for beaker testing\" -j ACCEPT/, /-A OUTPUT (! -o|-o !) eth0:2 -p tcp -m multiport --dports 25 -m comment --comment \"025 smtp\" -m state --state NEW -j ACCEPT/, /-A INPUT -i eth0:3 -p tcp -m multiport --dports 443 -m comment --comment \"443 ssl on aliased interface\" -m state --state NEW -j ACCEPT/, /-A INPUT -m comment --comment \"900 LOCAL_INPUT\" -j LOCAL_INPUT/, - /-A INPUT -m comment --comment \"999 reject\" -j REJECT --reject-with icmp-host-prohibited/, /-A FORWARD -m comment --comment \"010 allow established and related\" -m state --state RELATED,ESTABLISHED -j ACCEPT/ ].each do |line| expect(r.stdout).to match(line) diff --git a/firewall/spec/acceptance/socket_spec.rb b/firewall/spec/acceptance/socket_spec.rb index 2a21066c0..5503a9a07 100644 --- a/firewall/spec/acceptance/socket_spec.rb +++ b/firewall/spec/acceptance/socket_spec.rb @@ -20,9 +20,7 @@ class { '::firewall': } EOS apply_manifest(pp, :catch_failures => true) - unless fact('selinux') == 'true' - apply_manifest(pp, :catch_changes => true) - end + apply_manifest(pp, :catch_changes => true) shell('iptables-save -t raw') do |r| expect(r.stdout).to match(/#{line_match}/) @@ -42,11 +40,7 @@ class { '::firewall': } } EOS - if fact('selinux') == 'true' - apply_manifest(pp, :catch_failures => true) - else - apply_manifest(pp, :catch_changes => true) - end + apply_manifest(pp, :catch_changes => true) shell('iptables-save -t raw') do |r| expect(r.stdout).to match(/#{line_match}/) diff --git a/firewall/spec/acceptance/standard_usage_spec.rb b/firewall/spec/acceptance/standard_usage_spec.rb index 753f6e1e5..afc0c42ad 100644 --- a/firewall/spec/acceptance/standard_usage_spec.rb +++ b/firewall/spec/acceptance/standard_usage_spec.rb @@ -55,8 +55,6 @@ class { 'firewall': } # Run it twice and test for idempotency apply_manifest(pp, :catch_failures => true) - unless fact('selinux') == 'true' - apply_manifest(pp, :catch_changes => true) - end + apply_manifest(pp, :catch_changes => do_catch_changes) end end diff --git a/firewall/spec/fixtures/iptables/conversion_hash.rb b/firewall/spec/fixtures/iptables/conversion_hash.rb index 28858eba1..ac9ba9a96 100644 --- a/firewall/spec/fixtures/iptables/conversion_hash.rb +++ b/firewall/spec/fixtures/iptables/conversion_hash.rb @@ -775,14 +775,6 @@ }, :args => ['-t', :filter, '-p', :tcp, '-m', 'comment', '--comment', '000 allow symbols ( $+<=>^`|~ ) in ruby >= 1.9'], }, - 'port_property' => { - :params => { - :name => '001 port property', - :table => 'filter', - :port => '80', - }, - :args => ['-t', :filter, '-p', :tcp, '-m', 'multiport', '--ports', '80', '-m', 'comment', '--comment', '001 port property'], - }, 'log_level_debug' => { :params => { :name => '956 INPUT log-level', @@ -1106,4 +1098,15 @@ }, :args => ["-t", :filter, "-p", :tcp, "-m", "tcp", "--tcp-flags", "SYN,RST", "SYN", "-m", "comment", "--comment", "067 change max segment size", "-j", "TCPMSS", "--clamp-mss-to-pmtu"], }, + 'set_dscp_class' => { + :params => { + :name => '068 set dscp class to EF', + :table => 'mangle', + :proto => 'tcp', + :port => '997', + :jump => 'DSCP', + :set_dscp_class => 'ef', + }, + :args => ["-t", :mangle, "-p", :tcp, "-m", "multiport", '--ports', '997', "-m", "comment", "--comment", "068 set dscp class to EF", "-j", "DSCP", "--set-dscp-class", "ef"], + }, } diff --git a/firewall/spec/spec_helper_acceptance.rb b/firewall/spec/spec_helper_acceptance.rb index 383e34bf7..44b5f8da5 100644 --- a/firewall/spec/spec_helper_acceptance.rb +++ b/firewall/spec/spec_helper_acceptance.rb @@ -13,6 +13,14 @@ def ip6tables_flush_all_tables end end +def do_catch_changes + if default['platform'] =~ /el-5/ + return false + else + return true + end +end + run_puppet_install_helper UNSUPPORTED_PLATFORMS = ['windows','Solaris','Darwin'] diff --git a/firewall/spec/unit/puppet/provider/iptables_spec.rb b/firewall/spec/unit/puppet/provider/iptables_spec.rb index e73bf84ad..055707196 100644 --- a/firewall/spec/unit/puppet/provider/iptables_spec.rb +++ b/firewall/spec/unit/puppet/provider/iptables_spec.rb @@ -215,7 +215,6 @@ ARGS_TO_HASH.each do |test_name,data| describe "for test data '#{test_name}'" do let(:resource) { provider.rule_to_hash(data[:line], data[:table], 0) } - # If this option is enabled, make sure the parameters exactly match if data[:compare_all] then it "the parameter hash keys should be the same as returned by rules_to_hash" do diff --git a/firewall/spec/unit/puppet/type/firewall_spec.rb b/firewall/spec/unit/puppet/type/firewall_spec.rb index 8107e1e5e..38859f6a2 100755 --- a/firewall/spec/unit/puppet/type/firewall_spec.rb +++ b/firewall/spec/unit/puppet/type/firewall_spec.rb @@ -181,6 +181,13 @@ end end + describe 'port deprecated' do + it "raises a warning" do + expect(Puppet).to receive(:warning).with /port to firewall is deprecated/ + @resource[:port] = "22" + end + end + [:dst_type, :src_type].each do |addrtype| describe addrtype do it "should have no default" do diff --git a/glance/manifests/api.pp b/glance/manifests/api.pp index 4e8e335b9..bca7b8496 100644 --- a/glance/manifests/api.pp +++ b/glance/manifests/api.pp @@ -125,6 +125,10 @@ # (optional) Use syslog for logging. # Defaults to false. # +# [*use_stderr*] +# (optional) Use stderr for logging +# Defaults to true +# # [*log_facility*] # (optional) Syslog facility to receive log lines. # Defaults to 'LOG_USER'. @@ -210,6 +214,7 @@ $manage_service = true, $enabled = true, $use_syslog = false, + $use_stderr = true, $log_facility = 'LOG_USER', $show_image_direct_url = false, $purge_config = false, @@ -293,6 +298,7 @@ glance_api_config { 'DEFAULT/verbose': value => $verbose; 'DEFAULT/debug': value => $debug; + 'DEFAULT/use_stderr': value => $use_stderr; 'DEFAULT/bind_host': value => $bind_host; 'DEFAULT/bind_port': value => $bind_port; 'DEFAULT/backlog': value => $backlog; diff --git a/glance/manifests/keystone/auth.pp b/glance/manifests/keystone/auth.pp index 68bc2a0b4..52028c841 100644 --- a/glance/manifests/keystone/auth.pp +++ b/glance/manifests/keystone/auth.pp @@ -183,6 +183,7 @@ if $configure_endpoint { Keystone_endpoint["${region}/${real_service_name}"] ~> Service <| name == 'glance-api' |> + Keystone_endpoint["${region}/${real_service_name}"] -> Glance_image<||> } keystone::resource::service_identity { $auth_name: diff --git a/glance/manifests/registry.pp b/glance/manifests/registry.pp index 36e8f6688..4ab86ccba 100644 --- a/glance/manifests/registry.pp +++ b/glance/manifests/registry.pp @@ -91,6 +91,10 @@ # (optional) Use syslog for logging. # Defaults to false. # +# [*use_stderr*] +# (optional) Use stderr for logging +# Defaults to true +# # [*log_facility*] # (optional) Syslog facility to receive log lines. # Defaults to LOG_USER. @@ -146,6 +150,7 @@ $keystone_user = 'glance', $pipeline = 'keystone', $use_syslog = false, + $use_stderr = true, $log_facility = 'LOG_USER', $manage_service = true, $enabled = true, @@ -210,11 +215,12 @@ } glance_registry_config { - 'DEFAULT/verbose': value => $verbose; - 'DEFAULT/debug': value => $debug; - 'DEFAULT/workers': value => $workers; - 'DEFAULT/bind_host': value => $bind_host; - 'DEFAULT/bind_port': value => $bind_port; + 'DEFAULT/verbose': value => $verbose; + 'DEFAULT/debug': value => $debug; + 'DEFAULT/workers': value => $workers; + 'DEFAULT/bind_host': value => $bind_host; + 'DEFAULT/bind_port': value => $bind_port; + 'DEFAULT/use_stderr': value => $use_stderr; } if $identity_uri { diff --git a/glance/spec/classes/glance_api_spec.rb b/glance/spec/classes/glance_api_spec.rb index 5ba400193..739c26e8b 100644 --- a/glance/spec/classes/glance_api_spec.rb +++ b/glance/spec/classes/glance_api_spec.rb @@ -13,6 +13,7 @@ { :verbose => false, :debug => false, + :use_stderr => true, :bind_host => '0.0.0.0', :bind_port => '9292', :registry_host => '0.0.0.0', @@ -98,6 +99,7 @@ [ 'verbose', 'debug', + 'use_stderr', 'bind_host', 'bind_port', 'registry_host', diff --git a/glance/spec/classes/glance_registry_spec.rb b/glance/spec/classes/glance_registry_spec.rb index fa9aee349..639dfe5a7 100644 --- a/glance/spec/classes/glance_registry_spec.rb +++ b/glance/spec/classes/glance_registry_spec.rb @@ -12,6 +12,7 @@ { :verbose => false, :debug => false, + :use_stderr => true, :bind_host => '0.0.0.0', :bind_port => '9191', :workers => facts[:processorcount], @@ -291,6 +292,12 @@ it { is_expected.to contain_glance_registry_config('DEFAULT/key_file').with_ensure('absent')} end + describe 'with use_stderr enabled (default)' do + let(:params) { default_params } + + it { is_expected.to contain_glance_registry_config('DEFAULT/use_stderr').with_value('true')} + end + describe 'with ssl options' do let :params do default_params.merge({ diff --git a/gluster/.travis.yml b/gluster/.travis.yml index 3fc216c31..9bdf8c690 100644 --- a/gluster/.travis.yml +++ b/gluster/.travis.yml @@ -23,4 +23,3 @@ env: - PUPPET_VERSION=3.2.4 - PUPPET_VERSION=3.3.2 - PUPPET_VERSION=3.4.3 - diff --git a/gluster/COPYRIGHT b/gluster/COPYRIGHT index 480149fb7..5b9cd0b99 100644 --- a/gluster/COPYRIGHT +++ b/gluster/COPYRIGHT @@ -13,4 +13,3 @@ GNU Affero General Public License for more details. You should have received a copy of the GNU Affero General Public License along with this program. If not, see . - diff --git a/gluster/DOCUMENTATION.md b/gluster/DOCUMENTATION.md index 0cc7ec79c..dba005947 100644 --- a/gluster/DOCUMENTATION.md +++ b/gluster/DOCUMENTATION.md @@ -1053,4 +1053,3 @@ Copyright (C) 2010-2013+ James Shubin * [github](https://github.com/purpleidea/) * [@purpleidea](https://twitter.com/#!/purpleidea) * [https://ttboj.wordpress.com/](https://ttboj.wordpress.com/) - diff --git a/gluster/Gemfile b/gluster/Gemfile index 07dd7f4c2..4211d6870 100644 --- a/gluster/Gemfile +++ b/gluster/Gemfile @@ -8,4 +8,3 @@ gem 'puppet-lint' # style things, eg: tabs vs. spaces gem 'rspec-puppet', :git => 'https://github.com/rodjek/rspec-puppet.git' gem 'puppet-syntax' # syntax checking gem 'puppetlabs_spec_helper' - diff --git a/gluster/INSTALL b/gluster/INSTALL index f497841f7..7ce8c28f6 100644 --- a/gluster/INSTALL +++ b/gluster/INSTALL @@ -15,4 +15,3 @@ puppet- You must remove the 'puppet-' prefix from the directory name for it to work! Happy hacking! - diff --git a/gluster/Makefile b/gluster/Makefile index 914f3e242..8adcf4425 100644 --- a/gluster/Makefile +++ b/gluster/Makefile @@ -25,8 +25,9 @@ SPEC = rpmbuild/SPECS/puppet-gluster.spec SOURCE = rpmbuild/SOURCES/puppet-gluster-$(VERSION).tar.bz2 SRPM = rpmbuild/SRPMS/puppet-gluster-$(VERSION)-$(RELEASE).src.rpm RPM = rpmbuild/RPMS/puppet-gluster-$(VERSION)-$(RELEASE).rpm +USERNAME := $(shell cat ~/.config/copr | grep username | awk -F '=' '{print $$2}' | tr -d ' ') SERVER = 'dl.fedoraproject.org' -REMOTE_PATH = 'pub/puppet-gluster' +REMOTE_PATH = 'pub/alt/$(USERNAME)/puppet-gluster' all: docs rpm diff --git a/gluster/README b/gluster/README index 91bb599b8..1c3c6ec0f 100644 --- a/gluster/README +++ b/gluster/README @@ -1,2 +1 @@ Please see README.md - diff --git a/gluster/README.md b/gluster/README.md index 08aa40e0a..5ba33c00d 100644 --- a/gluster/README.md +++ b/gluster/README.md @@ -40,4 +40,3 @@ Please ping me if you have big changes in mind, before you write a giant patch. ## Happy hacking! - diff --git a/gluster/Rakefile b/gluster/Rakefile index 72ce0318e..d590f1fdc 100644 --- a/gluster/Rakefile +++ b/gluster/Rakefile @@ -45,4 +45,3 @@ task :test => [ :lint, :spec, ] - diff --git a/gluster/builder/README b/gluster/builder/README index 2bffb7126..528614a07 100644 --- a/gluster/builder/README +++ b/gluster/builder/README @@ -7,4 +7,3 @@ The new git repository is now located at: Happy hacking! James / @purpleidea - diff --git a/gluster/data/versions/3.7/3.7.2.yaml b/gluster/data/versions/3.7/3.7.2.yaml new file mode 100644 index 000000000..848befba3 --- /dev/null +++ b/gluster/data/versions/3.7/3.7.2.yaml @@ -0,0 +1,4 @@ +# gluster/data/versions/3.7/3.7.2.yaml +--- +gluster::versions::operating_version: '30702' # v3.7.2 +# vim: ts=8 diff --git a/gluster/examples/filesystem-backed-bricks-arbiter-example.pp b/gluster/examples/filesystem-backed-bricks-arbiter-example.pp new file mode 100644 index 000000000..29e7dcbb4 --- /dev/null +++ b/gluster/examples/filesystem-backed-bricks-arbiter-example.pp @@ -0,0 +1,86 @@ +# +# example of a simple replicate with 2 hosts and 1 arbiter, +# and filesystem path bricks +# NOTE: this should be put on *every* gluster host +# +# +# layout: +# +# annex1.example.com (192.168.123.101) = regular node +# annex2.example.com (192.168.123.102) = regular node +# annex3.example.com (192.168.123.103) = arbiter +# +# NOTE: An arbiter is always the last brick in the variable +# $brick_list which is passed to volume::gluster define +# + + +class gluster_base { + + $ips = [ + '192.168.123.101', + '192.168.123.102', + '192.168.123.103', + ] + + class { '::gluster::server': + ips => $ips, + shorewall => true, + } + + gluster::host { 'annex1.example.com': + # use uuidgen to make these + uuid => '1f660ca2-2c78-4aa0-8f4d-21608218c69c', + } + + # note that this is using a folder on your existing filesystem... + # this can be useful for prototyping gluster using virtual machines + # if this isn't a separate partition, remember that your root fs will + # run out of space when your gluster volume does! + gluster::brick { 'annex1.example.com:/data/gluster-storage1': + areyousure => true, + } + + gluster::host { 'annex2.example.com': + # NOTE: specifying a host uuid is now optional! + # if you don't choose one, one will be assigned + #uuid => '2fbe6e2f-f6bc-4c2d-a301-62fa90c459f8', + } + + gluster::brick { 'annex2.example.com:/data/gluster-storage2': + areyousure => true, + } + + gluster::host { 'annex3.example.com': + # NOTE: specifying a host uuid is now optional! + # if you don't choose one, one will be assigned + #uuid => '512f9f6c-8be8-489c-995b-9826e27e6146', + } + + gluster::brick { 'annex3.example.com:/data/gluster-storage3': + # NOTE: this is the brick on the arbiter, files and + # directories will be created in the same way as on + # regular node but they will be empty + areyousure => true, + } + + # NOTE: The last brick from the $brick_list will be used + # as an arbiter. This order is crucial for Gluster. + $brick_list = [ + 'annex1.example.com:/data/gluster-storage1', + 'annex2.example.com:/data/gluster-storage2', + 'annex3.example.com:/data/gluster-storage3', # arbiter + ] + + gluster::volume { 'examplevol': + replica => 3, + arbiter => 1, + bricks => $brick_list, + start => undef, # i'll start this myself + } + + # namevar must be: # + gluster::volume::property { 'examplevol#auth.reject': + value => ['192.0.2.13', '198.51.100.42', '203.0.113.69'], + } +} diff --git a/gluster/examples/filesystem-backed-bricks-example.pp b/gluster/examples/filesystem-backed-bricks-example.pp index 89b77719d..8f1c9ef2c 100644 --- a/gluster/examples/filesystem-backed-bricks-example.pp +++ b/gluster/examples/filesystem-backed-bricks-example.pp @@ -49,4 +49,3 @@ value => ['192.0.2.13', '198.51.100.42', '203.0.113.69'], } } - diff --git a/gluster/examples/gluster-nfs-ipa-example.pp b/gluster/examples/gluster-nfs-ipa-example.pp index b08c7f2c4..7bb51d74b 100644 --- a/gluster/examples/gluster-nfs-ipa-example.pp +++ b/gluster/examples/gluster-nfs-ipa-example.pp @@ -44,4 +44,3 @@ #suid => false, #clientaddr => "${::ipaddress}", # use this if you want! } - diff --git a/gluster/examples/gluster-simple-example.pp b/gluster/examples/gluster-simple-example.pp index 02e59f3ab..8a553b38a 100644 --- a/gluster/examples/gluster-simple-example.pp +++ b/gluster/examples/gluster-simple-example.pp @@ -14,4 +14,3 @@ } } - diff --git a/gluster/examples/gluster-simple-physical-example-best.pp b/gluster/examples/gluster-simple-physical-example-best.pp index 63f7f2942..220c12bc1 100644 --- a/gluster/examples/gluster-simple-physical-example-best.pp +++ b/gluster/examples/gluster-simple-physical-example-best.pp @@ -25,4 +25,3 @@ # override a particular fqdn with the options that you need to! } } - diff --git a/gluster/examples/gluster-simple-physical-example.pp b/gluster/examples/gluster-simple-physical-example.pp index 46a8647d3..2abc92dfa 100644 --- a/gluster/examples/gluster-simple-physical-example.pp +++ b/gluster/examples/gluster-simple-physical-example.pp @@ -37,4 +37,3 @@ }, } } - diff --git a/gluster/examples/mount-example.pp b/gluster/examples/mount-example.pp index 90930e32a..4ebec9ee2 100644 --- a/gluster/examples/mount-example.pp +++ b/gluster/examples/mount-example.pp @@ -18,4 +18,3 @@ rw => true, mounted => true, } - diff --git a/gluster/examples/wrapper-example.pp b/gluster/examples/wrapper-example.pp index bae6614a9..c0861ebc2 100644 --- a/gluster/examples/wrapper-example.pp +++ b/gluster/examples/wrapper-example.pp @@ -149,4 +149,3 @@ #'bricks' => [], } } - diff --git a/gluster/lib/facter/gluster_fsm.rb b/gluster/lib/facter/gluster_fsm.rb index fae84cca9..b2cc88459 100644 --- a/gluster/lib/facter/gluster_fsm.rb +++ b/gluster/lib/facter/gluster_fsm.rb @@ -159,4 +159,3 @@ def brick_match(l) 'Oh cool, james added fsm support to puppet-gluster. Sweet!' } end - diff --git a/gluster/lib/facter/gluster_fsuuid.rb b/gluster/lib/facter/gluster_fsuuid.rb index 1f340750c..bd16eb685 100644 --- a/gluster/lib/facter/gluster_fsuuid.rb +++ b/gluster/lib/facter/gluster_fsuuid.rb @@ -110,7 +110,11 @@ # create an fsuuid for each brick and store it # in our vardir if it doesn't already exist... if not File.exist?(uuidfile) - result = system("/usr/bin/uuidgen > '" + uuidfile + "'") + uuidgen = `which uuidgen 2> /dev/null`.chomp + if uuidgen = '' + uuidgen = '/usr/bin/uuidgen' + end + result = system(uuidgen + " > '" + uuidfile + "'") if not(result) # TODO: print warning end diff --git a/gluster/lib/facter/gluster_uuid.rb b/gluster/lib/facter/gluster_uuid.rb index fa99a4026..f8de610f5 100644 --- a/gluster/lib/facter/gluster_uuid.rb +++ b/gluster/lib/facter/gluster_uuid.rb @@ -82,7 +82,11 @@ # create a uuid and store it in our vardir if it doesn't already exist! if create - result = system("/usr/bin/uuidgen > '" + uuidfile + "'") + uuidgen = `which uuidgen 2> /dev/null`.chomp + if uuidgen = '' + uuidgen = '/usr/bin/uuidgen' + end + result = system(uuidgen + " > '" + uuidfile + "'") if not(result) # TODO: print warning end diff --git a/gluster/lib/facter/gluster_vrrp.rb b/gluster/lib/facter/gluster_vrrp.rb index 79676e671..7d3be6386 100644 --- a/gluster/lib/facter/gluster_vrrp.rb +++ b/gluster/lib/facter/gluster_vrrp.rb @@ -172,7 +172,7 @@ end # lookup from fact - netmask = Facter.value('netmask_'+interface) + netmask = Facter.value('netmask_'+interface.gsub('-','_')) if netmaskregexp.match(netmask) Facter.add('gluster_vrrp_netmask') do diff --git a/gluster/manifests/mount.pp b/gluster/manifests/mount.pp index ae066f898..f76538666 100644 --- a/gluster/manifests/mount.pp +++ b/gluster/manifests/mount.pp @@ -182,6 +182,10 @@ # XXX: or something... consider adding the notify => Poke[] functionality mount { "${short_name}": atboot => true, + remounts => "${valid_type}" ? { + 'glusterfs' => false, + default => true, + }, ensure => $mounted_bool, device => "${server}", fstype => "${valid_type}", diff --git a/gluster/manifests/volume.pp b/gluster/manifests/volume.pp index 06f795c37..c5292e372 100644 --- a/gluster/manifests/volume.pp +++ b/gluster/manifests/volume.pp @@ -20,6 +20,7 @@ $group = 'default', # use this bricks group name if we auto collect $transport = 'tcp', $replica = 1, + $arbiter = '', # use '1' to add the last host as an arbiter $stripe = 1, # TODO: maybe this should be called 'chained' => true/false, and maybe, # we can also specify an offset count for chaining, or other parameters @@ -155,6 +156,12 @@ default => "replica ${replica} ", } + $valid_arbiter = $arbiter ? { + '' => '', + '0' => '', + default => "arbiter ${arbiter} ", + } + $valid_stripe = $stripe ? { '1' => '', default => "stripe ${stripe} ", @@ -253,7 +260,7 @@ # FIXME: it would be create to have an --allow-root-storage type option # instead, so that we don't inadvertently force some other bad thing... file { "${vardir}/volume/create-${name}.sh": - content => inline_template("#!/bin/bash\n/bin/sleep 5s && ${::gluster::params::program_gluster} volume create ${name} ${valid_replica}${valid_stripe}transport ${valid_transport} ${brick_spec} force > >(/usr/bin/tee '/tmp/gluster-volume-create-${name}.stdout') 2> >(/usr/bin/tee '/tmp/gluster-volume-create-${name}.stderr' >&2) || (${rmdir_volume_dirs} && /bin/false)\nexit \$?\n"), + content => inline_template("#!/bin/bash\n/bin/sleep 5s && ${::gluster::params::program_gluster} volume create ${name} ${valid_replica}${valid_arbiter}${valid_stripe}transport ${valid_transport} ${brick_spec} force > >(/usr/bin/tee '/tmp/gluster-volume-create-${name}.stdout') 2> >(/usr/bin/tee '/tmp/gluster-volume-create-${name}.stderr' >&2) || (${rmdir_volume_dirs} && /bin/false)\nexit \$?\n"), owner => "${::gluster::params::misc_owner_root}", group => "${::gluster::params::misc_group_root}", mode => 755, diff --git a/gluster/metadata.json b/gluster/metadata.json index e98d9a70f..cad49afd6 100644 --- a/gluster/metadata.json +++ b/gluster/metadata.json @@ -12,4 +12,3 @@ { "name": "puppetlabs/stdlib", "version_requirement": ">= 4.6.0" } ] } - diff --git a/gluster/spec/spec_helper.rb b/gluster/spec/spec_helper.rb index b51de3a7e..ae8dc51da 100644 --- a/gluster/spec/spec_helper.rb +++ b/gluster/spec/spec_helper.rb @@ -15,4 +15,3 @@ class Object alias :must :should end - diff --git a/gluster/vagrant/README b/gluster/vagrant/README index 7918d1160..a0e80d60a 100644 --- a/gluster/vagrant/README +++ b/gluster/vagrant/README @@ -28,4 +28,3 @@ Once your volume is started, you can build a few clients: Happy hacking, James - diff --git a/gluster/vagrant/Vagrantfile b/gluster/vagrant/Vagrantfile index c583068e2..492ff1eb8 100644 --- a/gluster/vagrant/Vagrantfile +++ b/gluster/vagrant/Vagrantfile @@ -596,4 +596,3 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config| end end - diff --git a/gluster/vagrant/puppet/files/README b/gluster/vagrant/puppet/files/README index 3f5a63aa7..a5f952810 100644 --- a/gluster/vagrant/puppet/files/README +++ b/gluster/vagrant/puppet/files/README @@ -1,2 +1 @@ This is Puppet-Gluster+Vagrant! (https://ttboj.wordpress.com/) - diff --git a/gluster/vagrant/puppet/manifests/site.pp b/gluster/vagrant/puppet/manifests/site.pp index e0decc3ad..763a90bc9 100644 --- a/gluster/vagrant/puppet/manifests/site.pp +++ b/gluster/vagrant/puppet/manifests/site.pp @@ -194,4 +194,3 @@ ACCEPT $FW man icmp ", comment => 'Allow icmp from the firewall zone'} } - diff --git a/gluster/vagrant/puppet/modules/Makefile b/gluster/vagrant/puppet/modules/Makefile index c6507733a..233165984 100644 --- a/gluster/vagrant/puppet/modules/Makefile +++ b/gluster/vagrant/puppet/modules/Makefile @@ -64,4 +64,3 @@ gluster: j=`echo $$i | awk -F '-' '{print $$2}'`; \ [ -d "$$j" ] || git clone ../../../. $$j; \ [ -d "$$j" ] && cd $$j && git checkout master && git pull && git checkout $(SHA1SUM); cd .. - diff --git a/gluster/vagrant/puppet/modules/README b/gluster/vagrant/puppet/modules/README index c1837a538..ad95afa6e 100644 --- a/gluster/vagrant/puppet/modules/README +++ b/gluster/vagrant/puppet/modules/README @@ -19,4 +19,3 @@ Hope this gives you some helpful background, and thanks to #git for consulting. Happy hacking, James - diff --git a/gnocchi/.fixtures.yml b/gnocchi/.fixtures.yml index 2561c2fce..d358a9749 100644 --- a/gnocchi/.fixtures.yml +++ b/gnocchi/.fixtures.yml @@ -4,9 +4,9 @@ fixtures: 'concat': 'repo': 'git://github.com/puppetlabs/puppetlabs-concat.git' 'ref': '1.2.1' - 'keystone': 'git://github.com/stackforge/puppet-keystone.git' + 'keystone': 'git://github.com/openstack/puppet-keystone.git' 'mysql': 'git://github.com/puppetlabs/puppetlabs-mysql.git' - 'openstacklib': 'git://github.com/stackforge/puppet-openstacklib.git' + 'openstacklib': 'git://github.com/openstack/puppet-openstacklib.git' 'postgresql': 'git://github.com/puppetlabs/puppet-postgresql.git' 'stdlib': 'git://github.com/puppetlabs/puppetlabs-stdlib.git' symlinks: diff --git a/gnocchi/.gitignore b/gnocchi/.gitignore index da4238187..4dd84f06e 100644 --- a/gnocchi/.gitignore +++ b/gnocchi/.gitignore @@ -1,7 +1,10 @@ -*.swp -spec/fixtures/modules/* -spec/fixtures/manifests/site.pp +pkg/ Gemfile.lock -.vendor -.bundle/ vendor/ +spec/fixtures/ +.vagrant/ +.bundle/ +coverage/ +.idea/ +*.swp +*.iml diff --git a/gnocchi/Gemfile b/gnocchi/Gemfile index 9ea211333..6d4ce9a07 100644 --- a/gnocchi/Gemfile +++ b/gnocchi/Gemfile @@ -1,25 +1,30 @@ -source 'https://rubygems.org' +source ENV['GEM_SOURCE'] || "https://rubygems.org" group :development, :test do - gem 'puppetlabs_spec_helper', :require => false - gem 'rspec-puppet', '~> 2.1.0', :require => false - - gem 'metadata-json-lint' - gem 'puppet-lint-param-docs' - gem 'puppet-lint-absolute_classname-check' - gem 'puppet-lint-absolute_template_path' - gem 'puppet-lint-trailing_newline-check' + gem 'puppetlabs_spec_helper', :require => 'false' + gem 'rspec-puppet', '~> 2.2.0', :require => 'false' + gem 'metadata-json-lint', :require => 'false' + gem 'puppet-lint-param-docs', :require => 'false' + gem 'puppet-lint-absolute_classname-check', :require => 'false' + gem 'puppet-lint-absolute_template_path', :require => 'false' + gem 'puppet-lint-trailing_newline-check', :require => 'false' + gem 'puppet-lint-unquoted_string-check', :require => 'false' + gem 'puppet-lint-leading_zero-check', :require => 'false' + gem 'puppet-lint-variable_contains_upcase', :require => 'false' + gem 'puppet-lint-numericvariable', :require => 'false' + gem 'json', :require => 'false' + gem 'webmock', :require => 'false' +end - # Puppet 4.x related lint checks - gem 'puppet-lint-unquoted_string-check' - gem 'puppet-lint-leading_zero-check' - gem 'puppet-lint-variable_contains_upcase' - gem 'puppet-lint-numericvariable' +group :system_tests do + gem 'beaker-rspec', :require => 'false' + gem 'beaker-puppet_install_helper', :require => 'false' +end - gem 'beaker-rspec', :require => false - gem 'beaker-puppet_install_helper', :require => false - gem 'json' - gem 'webmock' +if facterversion = ENV['FACTER_GEM_VERSION'] + gem 'facter', facterversion, :require => false +else + gem 'facter', :require => false end if puppetversion = ENV['PUPPET_GEM_VERSION'] diff --git a/gnocchi/README.md b/gnocchi/README.md index 5a00b70be..00ac0ed86 100644 --- a/gnocchi/README.md +++ b/gnocchi/README.md @@ -34,6 +34,36 @@ Implementation gnocchi is a combination of Puppet manifest and ruby code to delivery configuration and extra functionality through types and providers. +### Types + +#### gnocchi_config + +The `gnocchi_config` provider is a children of the ini_setting provider. It allows one to write an entry in the `/etc/gnocchi/gnocchi.conf` file. + +```puppet +gnocchi_config { 'DEFAULT/verbose' : + value => true, +} +``` + +This will write `verbose=true` in the `[DEFAULT]` section. + +##### name + +Section/setting name to manage from `gnocchi.conf` + +##### value + +The value of the setting to be defined. + +##### secret + +Whether to hide the value from Puppet logs. Defaults to `false`. + +##### ensure_absent_val + +If value is equal to ensure_absent_val then the resource will behave as if `ensure => absent` was specified. Defaults to `` + Limitations ----------- diff --git a/gnocchi/Rakefile b/gnocchi/Rakefile index 84c9a7046..bc08f437c 100644 --- a/gnocchi/Rakefile +++ b/gnocchi/Rakefile @@ -1,9 +1,21 @@ require 'puppetlabs_spec_helper/rake_tasks' require 'puppet-lint/tasks/puppet-lint' +require 'puppet-syntax/tasks/puppet-syntax' -PuppetLint.configuration.fail_on_warnings = true -PuppetLint.configuration.send('disable_80chars') -PuppetLint.configuration.send('disable_class_parameter_defaults') +PuppetSyntax.exclude_paths ||= [] +PuppetSyntax.exclude_paths << "spec/fixtures/**/*" +PuppetSyntax.exclude_paths << "pkg/**/*" +PuppetSyntax.exclude_paths << "vendor/**/*" -task(:default).clear -task :default => [:spec, :lint] +Rake::Task[:lint].clear +PuppetLint::RakeTask.new :lint do |config| + config.ignore_paths = ["spec/**/*.pp", "vendor/**/*.pp"] + config.fail_on_warnings = true + config.log_format = '%{path}:%{linenumber}:%{KIND}: %{message}' + config.disable_checks = ["80chars", "class_inherits_from_params_class", "class_parameter_defaults", "only_variable_string"] +end + +desc "Run acceptance tests" +RSpec::Core::RakeTask.new(:acceptance) do |t| + t.pattern = 'spec/acceptance' +end diff --git a/gnocchi/lib/puppet/provider/gnocchi_config/ini_setting.rb b/gnocchi/lib/puppet/provider/gnocchi_config/ini_setting.rb index 0fee4b125..e4f5888aa 100644 --- a/gnocchi/lib/puppet/provider/gnocchi_config/ini_setting.rb +++ b/gnocchi/lib/puppet/provider/gnocchi_config/ini_setting.rb @@ -1,27 +1,10 @@ Puppet::Type.type(:gnocchi_config).provide( :ini_setting, - :parent => Puppet::Type.type(:ini_setting).provider(:ruby) + :parent => Puppet::Type.type(:openstack_config).provider(:ini_setting) ) do - def section - resource[:name].split('/', 2).first - end - - def setting - resource[:name].split('/', 2).last - end - - def separator - '=' - end - def self.file_path '/etc/gnocchi/gnocchi.conf' end - # added for backwards compatibility with older versions of inifile - def file_path - self.class.file_path - end - end diff --git a/gnocchi/lib/puppet/type/gnocchi_config.rb b/gnocchi/lib/puppet/type/gnocchi_config.rb index 9fbf10c0f..7c32cf25c 100644 --- a/gnocchi/lib/puppet/type/gnocchi_config.rb +++ b/gnocchi/lib/puppet/type/gnocchi_config.rb @@ -14,6 +14,7 @@ value.capitalize! if value =~ /^(true|false)$/i value end + newvalues(/^[\S ]*$/) def is_to_s( currentvalue ) if resource.secret? @@ -39,4 +40,14 @@ def should_to_s( newvalue ) defaultto false end + + newparam(:ensure_absent_val) do + desc 'A value that is specified as the value property will behave as if ensure => absent was specified' + defaultto('') + end + + autorequire(:package) do + 'gnocchi-api' + end + end diff --git a/gnocchi/manifests/api.pp b/gnocchi/manifests/api.pp index 86be53de3..f21b611ff 100644 --- a/gnocchi/manifests/api.pp +++ b/gnocchi/manifests/api.pp @@ -101,7 +101,6 @@ Gnocchi_config<||> ~> Exec['post-gnocchi_config'] Gnocchi_config<||> ~> Service['gnocchi-api'] - Package['gnocchi-api'] -> Gnocchi_config<||> if $::gnocchi::database_connection { if($::gnocchi::database_connection =~ /mysql:\/\/\S+:\S+@\S+\/\S+/) { diff --git a/gnocchi/manifests/generic_service.pp b/gnocchi/manifests/generic_service.pp index 9530cc151..9e0e898a0 100644 --- a/gnocchi/manifests/generic_service.pp +++ b/gnocchi/manifests/generic_service.pp @@ -68,6 +68,7 @@ ensure => $ensure_package, name => $package_name, notify => Service[$gnocchi_title], + tag => ['openstack', 'gnocchi-package'], } } } @@ -86,6 +87,7 @@ name => $service_name, enable => $enabled, hasstatus => true, + tag => 'gnocchi-service', } } } diff --git a/gnocchi/manifests/keystone/auth.pp b/gnocchi/manifests/keystone/auth.pp index cb010d9d6..129b0e253 100644 --- a/gnocchi/manifests/keystone/auth.pp +++ b/gnocchi/manifests/keystone/auth.pp @@ -45,6 +45,9 @@ # [*service_type*] # Type of service. Defaults to 'gnocchi'. # +# [*service_description*] +# Description for keystone service. Optional. Defaults to 'OpenStack Datapoint Service'. +# # [*public_protocol*] # Protocol for public endpoint. Defaults to 'http'. # @@ -88,6 +91,7 @@ $configure_user = true, $configure_user_role = true, $service_type = 'gnocchi', + $service_description = 'OpenStack Datapoint Service', $public_protocol = 'http', $public_address = '127.0.0.1', $public_port = '8041', @@ -108,7 +112,7 @@ configure_user_role => true, configure_endpoint => $configure_endpoint, service_type => $service_type, - service_description => 'OpenStack Datapoint Service', + service_description => $service_description, region => $region, password => $password, email => $email, diff --git a/gnocchi/spec/acceptance/nodesets/centos-70-x64.yml b/gnocchi/spec/acceptance/nodesets/centos-70-x64.yml new file mode 100644 index 000000000..5f097e9fe --- /dev/null +++ b/gnocchi/spec/acceptance/nodesets/centos-70-x64.yml @@ -0,0 +1,11 @@ +HOSTS: + centos-server-70-x64: + roles: + - master + platform: el-7-x86_64 + box: puppetlabs/centos-7.0-64-nocm + box_url: https://vagrantcloud.com/puppetlabs/centos-7.0-64-nocm + hypervisor: vagrant +CONFIG: + log_level: debug + type: foss diff --git a/gnocchi/spec/acceptance/nodesets/default.yml b/gnocchi/spec/acceptance/nodesets/default.yml index cba1cd04c..486b6a34e 100644 --- a/gnocchi/spec/acceptance/nodesets/default.yml +++ b/gnocchi/spec/acceptance/nodesets/default.yml @@ -1,11 +1,10 @@ HOSTS: - ubuntu-server-1404-x64: + ubuntu-server-14.04-amd64: roles: - master platform: ubuntu-14.04-amd64 - box : puppetlabs/ubuntu-14.04-64-nocm - box_url : https://vagrantcloud.com/puppetlabs/ubuntu-14.04-64-nocm - hypervisor : vagrant + box: puppetlabs/ubuntu-14.04-64-nocm + box_url: https://vagrantcloud.com/puppetlabs/ubuntu-14.04-64-nocm + hypervisor: vagrant CONFIG: - log_level : debug - type: git + type: foss diff --git a/gnocchi/spec/acceptance/nodesets/nodepool-centos7.yml b/gnocchi/spec/acceptance/nodesets/nodepool-centos7.yml index 575ae6732..c55287420 100644 --- a/gnocchi/spec/acceptance/nodesets/nodepool-centos7.yml +++ b/gnocchi/spec/acceptance/nodesets/nodepool-centos7.yml @@ -3,7 +3,7 @@ HOSTS: roles: - master platform: el-7-x86_64 - hypervisor : none + hypervisor: none ip: 127.0.0.1 CONFIG: type: foss diff --git a/gnocchi/spec/acceptance/nodesets/nodepool-trusty.yml b/gnocchi/spec/acceptance/nodesets/nodepool-trusty.yml index a95d9f38d..9fc624e24 100644 --- a/gnocchi/spec/acceptance/nodesets/nodepool-trusty.yml +++ b/gnocchi/spec/acceptance/nodesets/nodepool-trusty.yml @@ -3,7 +3,7 @@ HOSTS: roles: - master platform: ubuntu-14.04-amd64 - hypervisor : none + hypervisor: none ip: 127.0.0.1 CONFIG: type: foss diff --git a/gnocchi/spec/acceptance/nodesets/ubuntu-server-1404-x64.yml b/gnocchi/spec/acceptance/nodesets/ubuntu-server-1404-x64.yml index cba1cd04c..8001929b2 100644 --- a/gnocchi/spec/acceptance/nodesets/ubuntu-server-1404-x64.yml +++ b/gnocchi/spec/acceptance/nodesets/ubuntu-server-1404-x64.yml @@ -1,11 +1,11 @@ HOSTS: - ubuntu-server-1404-x64: + ubuntu-server-14.04-amd64: roles: - master platform: ubuntu-14.04-amd64 - box : puppetlabs/ubuntu-14.04-64-nocm - box_url : https://vagrantcloud.com/puppetlabs/ubuntu-14.04-64-nocm - hypervisor : vagrant + box: puppetlabs/ubuntu-14.04-64-nocm + box_url: https://vagrantcloud.com/puppetlabs/ubuntu-14.04-64-nocm + hypervisor: vagrant CONFIG: - log_level : debug - type: git + log_level: debug + type: foss diff --git a/gnocchi/spec/shared_examples.rb b/gnocchi/spec/shared_examples.rb index 4bc52a928..a888e4622 100644 --- a/gnocchi/spec/shared_examples.rb +++ b/gnocchi/spec/shared_examples.rb @@ -11,13 +11,15 @@ is_expected.to contain_package(service[:name]).with({ :name => service[:package_name], :ensure => 'present', - :notify => "Service[#{service[:name]}]" + :notify => "Service[#{service[:name]}]", + :tag => ['openstack', 'gnocchi-package'], }) is_expected.to contain_service(service[:name]).with({ :name => service[:service_name], :ensure => 'stopped', :hasstatus => true, - :enable => false + :enable => false, + :tag => 'gnocchi-service', }) end end @@ -32,13 +34,15 @@ is_expected.to contain_package(service[:name]).with({ :name => service[:package_name], :ensure => '2014.1-1', - :notify => "Service[#{service[:name]}]" + :notify => "Service[#{service[:name]}]", + :tag => ['openstack', 'gnocchi-package'], }) is_expected.to contain_service(service[:name]).with({ :name => service[:service_name], :ensure => 'running', :hasstatus => true, - :enable => true + :enable => true, + :tag => 'gnocchi-service', }) end end diff --git a/gnocchi/spec/spec_helper.rb b/gnocchi/spec/spec_helper.rb index 53d4dd02d..3df4cede1 100644 --- a/gnocchi/spec/spec_helper.rb +++ b/gnocchi/spec/spec_helper.rb @@ -1,7 +1,10 @@ require 'puppetlabs_spec_helper/module_spec_helper' require 'shared_examples' +require 'webmock/rspec' RSpec.configure do |c| c.alias_it_should_behave_like_to :it_configures, 'configures' c.alias_it_should_behave_like_to :it_raises, 'raises' end + +at_exit { RSpec::Puppet::Coverage.report! } diff --git a/gnocchi/spec/unit/provider/gnocchi_config/ini_setting_spec.rb b/gnocchi/spec/unit/provider/gnocchi_config/ini_setting_spec.rb index 059a5a2f5..a3fbe1cbb 100644 --- a/gnocchi/spec/unit/provider/gnocchi_config/ini_setting_spec.rb +++ b/gnocchi/spec/unit/provider/gnocchi_config/ini_setting_spec.rb @@ -13,6 +13,17 @@ 'inifile', 'lib') ) +$LOAD_PATH.push( + File.join( + File.dirname(__FILE__), + '..', + '..', + '..', + 'fixtures', + 'modules', + 'openstacklib', + 'lib') +) require 'spec_helper' provider_class = Puppet::Type.type(:gnocchi_config).provider(:ini_setting) describe provider_class do @@ -34,4 +45,22 @@ expect(provider.section).to eq('dude') expect(provider.setting).to eq('foo') end + + it 'should ensure absent when is specified as a value' do + resource = Puppet::Type::Gnocchi_config.new( + {:name => 'dude/foo', :value => ''} + ) + provider = provider_class.new(resource) + provider.exists? + expect(resource[:ensure]).to eq :absent + end + + it 'should ensure absent when value matches ensure_absent_val' do + resource = Puppet::Type::Gnocchi_config.new( + {:name => 'dude/foo', :value => 'foo', :ensure_absent_val => 'foo' } + ) + provider = provider_class.new(resource) + provider.exists? + expect(resource[:ensure]).to eq :absent + end end diff --git a/gnocchi/spec/unit/type/gnocchi_config_spec.rb b/gnocchi/spec/unit/type/gnocchi_config_spec.rb index d711b0345..64580fe4c 100644 --- a/gnocchi/spec/unit/type/gnocchi_config_spec.rb +++ b/gnocchi/spec/unit/type/gnocchi_config_spec.rb @@ -49,4 +49,15 @@ @gnocchi_config[:ensure] = :latest }.to raise_error(Puppet::Error, /Invalid value/) end + + it 'should autorequire the package that install the file' do + catalog = Puppet::Resource::Catalog.new + package = Puppet::Type.type(:package).new(:name => 'gnocchi-api') + catalog.add_resource package, @gnocchi_config + dependency = @gnocchi_config.autorequire + expect(dependency.size).to eq(1) + expect(dependency[0].target).to eq(@gnocchi_config) + expect(dependency[0].source).to eq(package) + end + end diff --git a/haproxy/README.md b/haproxy/README.md index 54052f3c9..79b8430e9 100644 --- a/haproxy/README.md +++ b/haproxy/README.md @@ -209,7 +209,7 @@ haproxy::frontend { 'puppet00': bind_options => 'accept-proxy', options => { 'default_backend' => 'puppet_backend00', - 'timeout client' => '30', + 'timeout client' => '30s', 'option' => [ 'tcplog', 'accept-invalid-http-request', @@ -228,7 +228,7 @@ haproxy::frontend { 'puppet00': bind_options => 'accept-proxy', options => [ { 'default_backend' => 'puppet_backend00' }, - { 'timeout client' => '30' }, + { 'timeout client' => '30s' }, { 'option' => [ 'tcplog', 'accept-invalid-http-request', @@ -357,6 +357,8 @@ Main class, includes all other classes. * `service_manage`: Specifies whether the state of the HAProxy service should be managed by Puppet. Valid options: 'true' and 'false'. Default: 'true'. +* `service_options`: Contents for the `/etc/defaults/haproxy` file on Debian. Defaults to "ENABLED=1\n" on Debian, and is ignored on other systems. + #### Define: `haproxy::balancermember` Configures a service inside a listening or backend service configuration block in haproxy.cfg. @@ -401,7 +403,7 @@ Sets up a backend service configuration block inside haproxy.cfg. Each backend s #### Define: `haproxy::frontend` -Sets up a backend service configuration block inside haproxy.cfg. Each backend service needs one or more balancermember services (declared with the [`haproxy::balancermember` define](#define-haproxybalancermember)). +Sets up a frontend service configuration block inside haproxy.cfg. Each frontend service needs one or more balancermember services (declared with the [`haproxy::balancermember` define](#define-haproxybalancermember)). ##### Parameters @@ -529,4 +531,4 @@ Puppet Labs modules on the Puppet Forge are open projects, and community contrib For more information, see our [module contribution guide.](https://docs.puppetlabs.com/forge/contributing.html) -To see who's already involved, see the [list of contributors.](https://github.com/puppetlabs/puppetlabs-haproxy/graphs/contributors) \ No newline at end of file +To see who's already involved, see the [list of contributors.](https://github.com/puppetlabs/puppetlabs-haproxy/graphs/contributors) diff --git a/haproxy/manifests/frontend.pp b/haproxy/manifests/frontend.pp index 5943f5889..b803c476d 100644 --- a/haproxy/manifests/frontend.pp +++ b/haproxy/manifests/frontend.pp @@ -56,7 +56,7 @@ # 'tcplog', # 'accept-invalid-http-request', # ], -# 'timeout client' => '30', +# 'timeout client' => '30s', # 'balance' => 'roundrobin' # }, # } @@ -77,7 +77,7 @@ ], }, # Deprecated - $bind_options = '', + $bind_options = undef, ) { if $ports and $bind { diff --git a/haproxy/manifests/init.pp b/haproxy/manifests/init.pp index 3c4c261b6..74a624929 100644 --- a/haproxy/manifests/init.pp +++ b/haproxy/manifests/init.pp @@ -24,6 +24,9 @@ # [*service_manage*] # Chooses whether the haproxy service state should be managed by puppet at all. Defaults to true # +# [*service_options*] +# Contents for the `/etc/defaults/haproxy` file on Debian. Defaults to "ENABLED=1\n" on Debian, and is ignored on other systems. +# # [*global_options*] # A hash of all the haproxy global options. If you want to specify more # than one option (i.e. multiple timeout or stats options), pass those @@ -83,6 +86,7 @@ $package_name = $haproxy::params::package_name, $service_ensure = 'running', $service_manage = true, + $service_options = "ENABLED=1\n", $global_options = $haproxy::params::global_options, $defaults_options = $haproxy::params::defaults_options, $restart_command = undef, @@ -101,6 +105,7 @@ } validate_string($package_name,$package_ensure) validate_bool($service_manage) + validate_string($service_options) # To support deprecating $enable if $enable != undef { diff --git a/haproxy/manifests/service.pp b/haproxy/manifests/service.pp index 8a6b9c144..2f52206cc 100644 --- a/haproxy/manifests/service.pp +++ b/haproxy/manifests/service.pp @@ -7,7 +7,7 @@ if $haproxy::_service_manage { if ($::osfamily == 'Debian') { file { '/etc/default/haproxy': - content => 'ENABLED=1', + content => $haproxy::service_options, before => Service['haproxy'], } } diff --git a/heat/.fixtures.yml b/heat/.fixtures.yml index d31679dfa..345c8cd3a 100644 --- a/heat/.fixtures.yml +++ b/heat/.fixtures.yml @@ -4,10 +4,10 @@ fixtures: 'concat': 'repo': 'git://github.com/puppetlabs/puppetlabs-concat.git' 'ref': '1.2.1' - 'keystone': 'git://github.com/stackforge/puppet-keystone.git' + 'keystone': 'git://github.com/openstack/puppet-keystone.git' 'mysql': 'git://github.com/puppetlabs/puppetlabs-mysql.git' - 'nova': 'git://github.com/stackforge/puppet-nova.git' - 'openstacklib': 'git://github.com/stackforge/puppet-openstacklib.git' + 'nova': 'git://github.com/openstack/puppet-nova.git' + 'openstacklib': 'git://github.com/openstack/puppet-openstacklib.git' 'postgresql': 'git://github.com/puppetlabs/puppet-postgresql.git' 'stdlib': 'git://github.com/puppetlabs/puppetlabs-stdlib.git' symlinks: diff --git a/heat/.gitignore b/heat/.gitignore index 1fc755c8f..4dd84f06e 100644 --- a/heat/.gitignore +++ b/heat/.gitignore @@ -1,5 +1,10 @@ +pkg/ Gemfile.lock -spec/fixtures/modules/* -spec/fixtures/manifests/site.pp +vendor/ +spec/fixtures/ +.vagrant/ +.bundle/ +coverage/ +.idea/ *.swp -pkg +*.iml diff --git a/heat/Gemfile b/heat/Gemfile index 9ea211333..6d4ce9a07 100644 --- a/heat/Gemfile +++ b/heat/Gemfile @@ -1,25 +1,30 @@ -source 'https://rubygems.org' +source ENV['GEM_SOURCE'] || "https://rubygems.org" group :development, :test do - gem 'puppetlabs_spec_helper', :require => false - gem 'rspec-puppet', '~> 2.1.0', :require => false - - gem 'metadata-json-lint' - gem 'puppet-lint-param-docs' - gem 'puppet-lint-absolute_classname-check' - gem 'puppet-lint-absolute_template_path' - gem 'puppet-lint-trailing_newline-check' + gem 'puppetlabs_spec_helper', :require => 'false' + gem 'rspec-puppet', '~> 2.2.0', :require => 'false' + gem 'metadata-json-lint', :require => 'false' + gem 'puppet-lint-param-docs', :require => 'false' + gem 'puppet-lint-absolute_classname-check', :require => 'false' + gem 'puppet-lint-absolute_template_path', :require => 'false' + gem 'puppet-lint-trailing_newline-check', :require => 'false' + gem 'puppet-lint-unquoted_string-check', :require => 'false' + gem 'puppet-lint-leading_zero-check', :require => 'false' + gem 'puppet-lint-variable_contains_upcase', :require => 'false' + gem 'puppet-lint-numericvariable', :require => 'false' + gem 'json', :require => 'false' + gem 'webmock', :require => 'false' +end - # Puppet 4.x related lint checks - gem 'puppet-lint-unquoted_string-check' - gem 'puppet-lint-leading_zero-check' - gem 'puppet-lint-variable_contains_upcase' - gem 'puppet-lint-numericvariable' +group :system_tests do + gem 'beaker-rspec', :require => 'false' + gem 'beaker-puppet_install_helper', :require => 'false' +end - gem 'beaker-rspec', :require => false - gem 'beaker-puppet_install_helper', :require => false - gem 'json' - gem 'webmock' +if facterversion = ENV['FACTER_GEM_VERSION'] + gem 'facter', facterversion, :require => false +else + gem 'facter', :require => false end if puppetversion = ENV['PUPPET_GEM_VERSION'] diff --git a/heat/README.md b/heat/README.md index 246c4b6d7..e205fcded 100644 --- a/heat/README.md +++ b/heat/README.md @@ -31,14 +31,42 @@ Setup **What the heat module affects** -* heat, the orchestration service for OpenStack +* [Heat](https://wiki.openstack.org/wiki/Heat), the orchestration service for OpenStack -### Installing heat +### Installing heat - example% puppet module install puppetlabs/heat + puppet module install openstack/heat ### Beginning with heat +To utilize the heat module's functionality you will need to declare multiple resources. +The following is a modified excerpt from the [openstack module](httpd://github.com/stackforge/puppet-openstack). +This is not an exhaustive list of all the components needed. We recommend that you consult and understand the +[openstack module](https://github.com/stackforge/puppet-openstack) and the [core openstack](http://docs.openstack.org) +documentation to assist you in understanding the available deployment options. + +```puppet +# enable heat resources +class { '::heat': + rabbit_userid => 'heat', + rabbit_password => 'an_even_bigger_secret', + rabbit_host => '127.0.0.1', + database_connection => 'mysql://heat:a_big_secret@127.0.0.1/heat?charset=utf8', + identity_uri => 'http://127.0.0.1:35357/', + keystone_password => 'a_big_secret', +} + +class { '::heat::api': } + +class { '::heat::engine': + auth_encryption_key => '1234567890AZERTYUIOPMLKJHGFDSQ12', +} + +class { '::heat::api_cloudwatch': } + +class { '::heat::api_cfn': } +``` + Implementation -------------- @@ -47,6 +75,36 @@ Implementation heat is a combination of Puppet manifests and Ruby code to deliver configuration and extra functionality through types and providers. +### Types + +#### heat_config + +The `heat_config` provider is a children of the ini_setting provider. It allows one to write an entry in the `/etc/heat/heat.conf` file. + +```puppet +heat_config { 'DEFAULT/verbose' : + value => true, +} +``` + +This will write `verbose=true` in the `[DEFAULT]` section. + +##### name + +Section/setting name to manage from `heat.conf` + +##### value + +The value of the setting to be defined. + +##### secret + +Whether to hide the value from Puppet logs. Defaults to `false`. + +##### ensure_absent_val + +If value is equal to ensure_absent_val then the resource will behave as if `ensure => absent` was specified. Defaults to `` + Limitations ----------- diff --git a/heat/Rakefile b/heat/Rakefile index 4c2b2ed07..bc08f437c 100644 --- a/heat/Rakefile +++ b/heat/Rakefile @@ -1,6 +1,21 @@ require 'puppetlabs_spec_helper/rake_tasks' require 'puppet-lint/tasks/puppet-lint' +require 'puppet-syntax/tasks/puppet-syntax' -PuppetLint.configuration.fail_on_warnings = true -PuppetLint.configuration.send('disable_80chars') -PuppetLint.configuration.send('disable_class_parameter_defaults') +PuppetSyntax.exclude_paths ||= [] +PuppetSyntax.exclude_paths << "spec/fixtures/**/*" +PuppetSyntax.exclude_paths << "pkg/**/*" +PuppetSyntax.exclude_paths << "vendor/**/*" + +Rake::Task[:lint].clear +PuppetLint::RakeTask.new :lint do |config| + config.ignore_paths = ["spec/**/*.pp", "vendor/**/*.pp"] + config.fail_on_warnings = true + config.log_format = '%{path}:%{linenumber}:%{KIND}: %{message}' + config.disable_checks = ["80chars", "class_inherits_from_params_class", "class_parameter_defaults", "only_variable_string"] +end + +desc "Run acceptance tests" +RSpec::Core::RakeTask.new(:acceptance) do |t| + t.pattern = 'spec/acceptance' +end diff --git a/heat/lib/puppet/provider/heat_config/ini_setting.rb b/heat/lib/puppet/provider/heat_config/ini_setting.rb index 2c3ab5fff..73985ffb4 100644 --- a/heat/lib/puppet/provider/heat_config/ini_setting.rb +++ b/heat/lib/puppet/provider/heat_config/ini_setting.rb @@ -1,21 +1,9 @@ Puppet::Type.type(:heat_config).provide( :ini_setting, - :parent => Puppet::Type.type(:ini_setting).provider(:ruby) + :parent => Puppet::Type.type(:openstack_config).provider(:ini_setting) ) do - def section - resource[:name].split('/', 2).first - end - - def setting - resource[:name].split('/', 2).last - end - - def separator - '=' - end - - def file_path + def self.file_path '/etc/heat/heat.conf' end diff --git a/heat/lib/puppet/provider/heat_domain_id_setter/ruby.rb b/heat/lib/puppet/provider/heat_domain_id_setter/ruby.rb deleted file mode 100644 index 12ce71acf..000000000 --- a/heat/lib/puppet/provider/heat_domain_id_setter/ruby.rb +++ /dev/null @@ -1,189 +0,0 @@ -## NB: This must work with Ruby 1.8! - -# This provider permits the stack_user_domain parameter in heat.conf -# to be set by providing a domain_name to the Puppet module and -# using the Keystone REST API to translate the name into the corresponding -# UUID. -# -# This requires that tenant names be unique. If there are multiple matches -# for a given tenant name, this provider will raise an exception. - -require 'rubygems' -require 'net/http' -require 'json' - -class KeystoneError < Puppet::Error -end - -class KeystoneConnectionError < KeystoneError -end - -class KeystoneAPIError < KeystoneError -end - -# Provides common request handling semantics to the other methods in -# this module. -# -# +req+:: -# An HTTPRequest object -# +url+:: -# A parsed URL (returned from URI.parse) -def handle_request(req, url) - begin - # There is issue with ipv6 where address has to be in brackets, this causes the - # underlying ruby TCPSocket to fail. Net::HTTP.new will fail without brackets on - # joining the ipv6 address with :port or passing brackets to TCPSocket. It was - # found that if we use Net::HTTP.start with url.hostname the incriminated code - # won't be hit. - use_ssl = url.scheme == "https" ? true : false - res = Net::HTTP.start(url.hostname, url.port, {:use_ssl => use_ssl}) {|http| - http.request(req) - } - - if res.code != '200' - raise KeystoneAPIError, "Received error response from Keystone server at #{url}: #{res.message}" - end - rescue Errno::ECONNREFUSED => detail - raise KeystoneConnectionError, "Failed to connect to Keystone server at #{url}: #{detail}" - rescue SocketError => detail - raise KeystoneConnectionError, "Failed to connect to Keystone server at #{url}: #{detail}" - end - - res -end - -# Authenticates to a Keystone server and obtains an authentication token. -# It returns a 2-element +[token, authinfo]+, where +token+ is a token -# suitable for passing to openstack apis in the +X-Auth-Token+ header, and -# +authinfo+ is the complete response from Keystone, including the service -# catalog (if available). -# -# +auth_url+:: -# Keystone endpoint URL. This function assumes API version -# 2.0 and an administrative endpoint, so this will typically look like -# +http://somehost:35357/v2.0+. -# -# +username+:: -# Username for authentication. -# -# +password+:: -# Password for authentication -# -# +tenantID+:: -# Tenant UUID -# -# +tenantName+:: -# Tenant name -# -def heat_handle_requests(auth_url, - username, - password, - tenantId=nil, - tenantName=nil) - - post_args = { - 'auth' => { - 'passwordCredentials' => { - 'username' => username, - 'password' => password - }, - }} - - if tenantId - post_args['auth']['tenantId'] = tenantId - end - - if tenantName - post_args['auth']['tenantName'] = tenantName - end - - url = URI.parse("#{auth_url}/tokens") - req = Net::HTTP::Post.new url.path - req['content-type'] = 'application/json' - req.body = post_args.to_json - - res = handle_request(req, url) - data = JSON.parse res.body - return data['access']['token']['id'], data -end - -# Queries a Keystone server to a list of all tenants. -# -# +auth_url+:: -# Keystone endpoint. See the notes for +auth_url+ in -# +heat_handle_requests+. -# -# +token+:: -# A Keystone token that will be passed in requests as the value of the -# +X-Auth-Token+ header. -# -def keystone_v3_domains(auth_url, - token) - - auth_url.sub!('v2.0', 'v3') - url = URI.parse("#{auth_url}/domains") - req = Net::HTTP::Get.new url.path - req['content-type'] = 'application/json' - req['x-auth-token'] = token - - res = handle_request(req, url) - data = JSON.parse res.body - data['domains'] -end - -Puppet::Type.type(:heat_domain_id_setter).provide(:ruby) do - def authenticate - token, authinfo = heat_handle_requests( - @resource[:auth_url], - @resource[:auth_username], - @resource[:auth_password], - nil, - @resource[:auth_tenant_name]) - - return token - end - - def find_domain_by_name(token) - domains = keystone_v3_domains( - @resource[:auth_url], - token) - domains.select{|domain| domain['name'] == @resource[:domain_name]} - end - - def exists? - false - end - - def create - config - end - - # This looks for the domain specified by the 'domain_name' parameter to - # the resource and returns the corresponding UUID if there is a single - # match. - # - # Raises a KeystoneAPIError if: - # - # - There are multiple matches, or - # - There are zero matches - def get_domain_id - token = authenticate - domains = find_domain_by_name(token) - - if domains.length == 1 - return domains[0]['id'] - elsif domains.length > 1 - name = domains[0]['name'] - raise KeystoneAPIError, 'Found multiple matches for domain name "#{name}"' - else - raise KeystoneAPIError, 'Unable to find matching domain' - end - end - - def config - Puppet::Type.type(:heat_config).new( - {:name => 'DEFAULT/stack_user_domain', :value => "#{get_domain_id}"} - ).create - end - -end diff --git a/heat/lib/puppet/type/heat_config.rb b/heat/lib/puppet/type/heat_config.rb index 75613a937..ff127c0ad 100644 --- a/heat/lib/puppet/type/heat_config.rb +++ b/heat/lib/puppet/type/heat_config.rb @@ -14,6 +14,7 @@ value.capitalize! if value =~ /^(true|false)$/i value end + newvalues(/^[\S ]*$/) def is_to_s( currentvalue ) if resource.secret? @@ -40,8 +41,13 @@ def should_to_s( newvalue ) defaultto false end - def create - provider.create + newparam(:ensure_absent_val) do + desc 'A value that is specified as the value property will behave as if ensure => absent was specified' + defaultto('') + end + + autorequire(:package) do + 'heat-common' end end diff --git a/heat/lib/puppet/type/heat_domain_id_setter.rb b/heat/lib/puppet/type/heat_domain_id_setter.rb deleted file mode 100644 index d6e1eeef0..000000000 --- a/heat/lib/puppet/type/heat_domain_id_setter.rb +++ /dev/null @@ -1,31 +0,0 @@ -Puppet::Type.newtype(:heat_domain_id_setter) do - - ensurable - - newparam(:name, :namevar => true) do - desc 'The name of the setting to update' - end - - newparam(:domain_name) do - desc 'The heat domain name' - end - - newparam(:auth_url) do - desc 'The Keystone endpoint URL' - defaultto 'http://localhost:35357/v2.0' - end - - newparam(:auth_username) do - desc 'Username with which to authenticate' - defaultto 'admin' - end - - newparam(:auth_password) do - desc 'Password with which to authenticate' - end - - newparam(:auth_tenant_name) do - desc 'Tenant name with which to authenticate' - defaultto 'admin' - end -end diff --git a/heat/manifests/api.pp b/heat/manifests/api.pp index 1986bc086..a60544a3f 100644 --- a/heat/manifests/api.pp +++ b/heat/manifests/api.pp @@ -65,7 +65,6 @@ Heat_config<||> ~> Service['heat-api'] Class['heat::policy'] -> Service['heat-api'] - Package['heat-api'] -> Heat_config<||> Package['heat-api'] -> Class['heat::policy'] Package['heat-api'] -> Service['heat-api'] diff --git a/heat/manifests/api_cfn.pp b/heat/manifests/api_cfn.pp index 9c9409fda..43bf0e9bf 100644 --- a/heat/manifests/api_cfn.pp +++ b/heat/manifests/api_cfn.pp @@ -68,7 +68,6 @@ Heat_config<||> ~> Service['heat-api-cfn'] Class['heat::policy'] -> Service['heat-api-cfn'] - Package['heat-api-cfn'] -> Heat_config<||> Package['heat-api-cfn'] -> Class['heat::policy'] Package['heat-api-cfn'] -> Service['heat-api-cfn'] diff --git a/heat/manifests/api_cloudwatch.pp b/heat/manifests/api_cloudwatch.pp index b4889199c..4bedeeae5 100644 --- a/heat/manifests/api_cloudwatch.pp +++ b/heat/manifests/api_cloudwatch.pp @@ -67,7 +67,6 @@ Heat_config<||> ~> Service['heat-api-cloudwatch'] Class['heat::policy'] -> Service['heat-api-cloudwatch'] - Package['heat-api-cloudwatch'] -> Heat_config<||> Package['heat-api-cloudwatch'] -> Class['heat::policy'] Package['heat-api-cloudwatch'] -> Service['heat-api-cloudwatch'] diff --git a/heat/manifests/db/sync.pp b/heat/manifests/db/sync.pp new file mode 100644 index 000000000..0be4b7c26 --- /dev/null +++ b/heat/manifests/db/sync.pp @@ -0,0 +1,22 @@ +# +# Class to execute heat dbsync +# +class heat::db::sync { + + include ::heat::params + + Package <| tag == 'heat-package' |> ~> Exec['heat-dbsync'] + Exec['heat-dbsync'] ~> Service <| tag == 'heat-service' |> + + Heat_config<||> -> Exec['heat-dbsync'] + Heat_config<| title == 'database/connection' |> ~> Exec['heat-dbsync'] + + exec { 'heat-dbsync': + command => $::heat::params::dbsync_command, + path => '/usr/bin', + user => 'heat', + refreshonly => true, + logoutput => on_failure, + } + +} diff --git a/heat/manifests/engine.pp b/heat/manifests/engine.pp index b046aa8d6..e16123431 100644 --- a/heat/manifests/engine.pp +++ b/heat/manifests/engine.pp @@ -111,13 +111,11 @@ Heat_config<||> ~> Service['heat-engine'] - Package['heat-engine'] -> Heat_config<||> Package['heat-engine'] -> Service['heat-engine'] package { 'heat-engine': ensure => $package_ensure, name => $::heat::params::engine_package_name, tag => ['openstack', 'heat-package'], - notify => $::heat::subscribe_sync_db, } if $manage_service { @@ -144,7 +142,6 @@ require => [ File['/etc/heat/heat.conf'], Package['heat-common'], Package['heat-engine']], - subscribe => $::heat::subscribe_sync_db, tag => 'heat-service', } diff --git a/heat/manifests/init.pp b/heat/manifests/init.pp index f15fc7378..f3dfe9884 100644 --- a/heat/manifests/init.pp +++ b/heat/manifests/init.pp @@ -155,6 +155,10 @@ # (Optional) Use syslog for logging. # Defaults to false. # +# [*use_stderr*] +# (optional) Use stderr for logging +# Defaults to true +# # [*log_facility*] # (Optional) Syslog facility to receive log lines. # Defaults to LOG_USER. @@ -252,6 +256,7 @@ $database_connection = 'sqlite:////var/lib/heat/heat.sqlite', $database_idle_timeout = 3600, $use_syslog = false, + $use_stderr = true, $log_facility = 'LOG_USER', $flavor = undef, $region_name = undef, @@ -321,8 +326,6 @@ tag => ['openstack', 'heat-package'], } - Package['heat-common'] -> Heat_config<||> - if $rpc_backend == 'heat.openstack.common.rpc.impl_kombu' { if $rabbit_hosts { @@ -477,6 +480,7 @@ 'DEFAULT/rpc_response_timeout' : value => $rpc_response_timeout; 'DEFAULT/debug' : value => $debug; 'DEFAULT/verbose' : value => $verbose; + 'DEFAULT/use_stderr' : value => $use_stderr; 'ec2authtoken/auth_uri' : value => $keystone_ec2_uri; 'keystone_authtoken/admin_tenant_name' : value => $keystone_tenant; 'keystone_authtoken/admin_user' : value => $keystone_user; @@ -539,17 +543,7 @@ } if $sync_db { - $subscribe_sync_db = Exec['heat-dbsync'] - Heat_config['database/connection'] ~> Exec['heat-dbsync'] - - exec { 'heat-dbsync': - command => $::heat::params::dbsync_command, - path => '/usr/bin', - user => 'heat', - refreshonly => true, - logoutput => on_failure, - subscribe => Package['heat-common'], - } + include ::heat::db::sync } } diff --git a/heat/manifests/keystone/auth.pp b/heat/manifests/keystone/auth.pp index b18ea8abe..077babf0b 100644 --- a/heat/manifests/keystone/auth.pp +++ b/heat/manifests/keystone/auth.pp @@ -38,6 +38,10 @@ # (Optional) Type of service. # Defaults to 'orchestration'. # +# [*service_description*] +# (Optional) Description for keystone service. +# Defaults to 'Openstack Orchestration Service'. +# # [*region*] # (Optional) Region for endpoint. # Defaults to 'RegionOne'. @@ -126,6 +130,7 @@ $auth_name = 'heat', $service_name = undef, $service_type = 'orchestration', + $service_description = 'Openstack Orchestration Service', $region = 'RegionOne', $tenant = 'services', $configure_endpoint = true, @@ -220,7 +225,7 @@ configure_endpoint => $configure_endpoint, configure_service => $configure_service, service_type => $service_type, - service_description => 'Openstack Orchestration Service', + service_description => $service_description, service_name => $real_service_name, region => $region, password => $password, diff --git a/heat/manifests/keystone/domain.pp b/heat/manifests/keystone/domain.pp index 35f675ff8..19b26703c 100644 --- a/heat/manifests/keystone/domain.pp +++ b/heat/manifests/keystone/domain.pp @@ -1,12 +1,23 @@ # == Class: heat::keystone::domain # -# Configures heat domain in Keystone. -# -# Note: Implementation is done by heat-keystone-setup-domain script temporarily -# because currently puppet-keystone does not support v3 API +# Configures Heat domain in Keystone. # # === Parameters # +# [*domain_name*] +# Heat domain name. Defaults to 'heat'. +# +# [*domain_admin*] +# Keystone domain admin user which will be created. Defaults to 'heat_admin'. +# +# [*domain_admin_email*] +# Keystone domain admin user email address. Defaults to 'heat_admin@localhost'. + +# [*domain_password*] +# Keystone domain admin user password. Defaults to 'changeme'. +# +# === Deprecated Parameters +# # [*auth_url*] # Keystone auth url # @@ -19,57 +30,54 @@ # [*keystone_tenant*] # Keystone admin tenant name # -# [*domain_name*] -# Heat domain name. Defaults to 'heat'. -# -# [*domain_admin*] -# Keystone domain admin user which will be created. Defaults to 'heat_admin'. -# -# [*domain_password*] -# Keystone domain admin user password. Defaults to 'changeme'. -# class heat::keystone::domain ( - $auth_url = undef, - $keystone_admin = undef, - $keystone_password = undef, - $keystone_tenant = undef, - $domain_name = 'heat', - $domain_admin = 'heat_admin', - $domain_password = 'changeme', + $domain_name = 'heat', + $domain_admin = 'heat_admin', + $domain_admin_email = 'heat_admin@localhost', + $domain_password = 'changeme', + + # DEPRECATED PARAMETERS + $auth_url = undef, + $keystone_admin = undef, + $keystone_password = undef, + $keystone_tenant = undef, ) { include ::heat::params - $cmd_evn = [ - "OS_TENANT_NAME=${keystone_tenant}", - "OS_USERNAME=${keystone_admin}", - "OS_PASSWORD=${keystone_password}", - "OS_AUTH_URL=${auth_url}", - "HEAT_DOMAIN=${domain_name}", - "HEAT_DOMAIN_ADMIN=${domain_admin}", - "HEAT_DOMAIN_PASSWORD=${domain_password}" - ] - exec { 'heat_domain_create': - path => '/usr/bin', - command => 'heat-keystone-setup-domain', - environment => $cmd_evn, - require => Package['heat-common'], - logoutput => 'on_failure' + if $auth_url { + warning('The auth_url parameter is deprecated and will be removed in future releases') } - - heat_domain_id_setter { 'heat_domain_id': - ensure => present, - domain_name => $domain_name, - auth_url => $auth_url, - auth_username => $keystone_admin, - auth_password => $keystone_password, - auth_tenant_name => $keystone_tenant, - require => Exec['heat_domain_create'], + if $keystone_admin { + warning('The keystone_admin parameter is deprecated and will be removed in future releases') + } + if $keystone_password { + warning('The keystone_password parameter is deprecated and will be removed in future releases') } + if $keystone_tenant { + warning('The keystone_tenant parameter is deprecated and will be removed in future releases') + } + + ensure_resource('keystone_domain', 'heat_domain', { + 'ensure' => 'present', + 'enabled' => true, + 'name' => $domain_name + }) + ensure_resource('keystone_user', 'heat_domain_admin', { + 'ensure' => 'present', + 'enabled' => true, + 'name' => $domain_admin, + 'email' => $domain_admin_email, + 'password' => $domain_password, + 'domain' => $domain_name, + }) + ensure_resource('keystone_user_role', "${domain_admin}@::${domain_name}", { + 'roles' => ['admin'], + }) heat_config { - 'DEFAULT/stack_domain_admin': value => $domain_admin; + 'DEFAULT/stack_domain_admin': value => $domain_admin; 'DEFAULT/stack_domain_admin_password': value => $domain_password, secret => true; + 'DEFAULT/stack_user_domain_name': value => $domain_name; } - } diff --git a/heat/spec/acceptance/basic_heat_spec.rb b/heat/spec/acceptance/basic_heat_spec.rb index 1f78e4833..fd2f2f8cb 100644 --- a/heat/spec/acceptance/basic_heat_spec.rb +++ b/heat/spec/acceptance/basic_heat_spec.rb @@ -70,8 +70,9 @@ class { '::keystone': enabled => true, } class { '::keystone::roles::admin': - email => 'test@example.tld', - password => 'a_big_secret', + email => 'test@example.tld', + password => 'a_big_secret', + admin_roles => ['admin', '_member_', 'heat_stack_owner'] } class { '::keystone::endpoint': public_url => "https://${::fqdn}:5000/", @@ -86,6 +87,8 @@ class { '::heat': database_connection => 'mysql://heat:a_big_secret@127.0.0.1/heat?charset=utf8', identity_uri => 'http://127.0.0.1:35357/', keystone_password => 'a_big_secret', + debug => true, + verbose => true, } class { '::heat::db::mysql': password => 'a_big_secret', @@ -93,6 +96,9 @@ class { '::heat::db::mysql': class { '::heat::keystone::auth': password => 'a_big_secret', } + class { '::heat::keystone::domain': + domain_password => 'oh_my_no_secret', + } class { '::heat::client': } class { '::heat::api': } class { '::heat::engine': diff --git a/heat/spec/acceptance/nodesets/centos-70-x64.yml b/heat/spec/acceptance/nodesets/centos-70-x64.yml new file mode 100644 index 000000000..5f097e9fe --- /dev/null +++ b/heat/spec/acceptance/nodesets/centos-70-x64.yml @@ -0,0 +1,11 @@ +HOSTS: + centos-server-70-x64: + roles: + - master + platform: el-7-x86_64 + box: puppetlabs/centos-7.0-64-nocm + box_url: https://vagrantcloud.com/puppetlabs/centos-7.0-64-nocm + hypervisor: vagrant +CONFIG: + log_level: debug + type: foss diff --git a/heat/spec/acceptance/nodesets/default.yml b/heat/spec/acceptance/nodesets/default.yml index a2c1ecc63..486b6a34e 100644 --- a/heat/spec/acceptance/nodesets/default.yml +++ b/heat/spec/acceptance/nodesets/default.yml @@ -1,9 +1,10 @@ HOSTS: - ubuntu-14.04-amd64: + ubuntu-server-14.04-amd64: roles: - master platform: ubuntu-14.04-amd64 - hypervisor : none - ip: 127.0.0.1 + box: puppetlabs/ubuntu-14.04-64-nocm + box_url: https://vagrantcloud.com/puppetlabs/ubuntu-14.04-64-nocm + hypervisor: vagrant CONFIG: type: foss diff --git a/heat/spec/acceptance/nodesets/nodepool-centos7.yml b/heat/spec/acceptance/nodesets/nodepool-centos7.yml index 575ae6732..c55287420 100644 --- a/heat/spec/acceptance/nodesets/nodepool-centos7.yml +++ b/heat/spec/acceptance/nodesets/nodepool-centos7.yml @@ -3,7 +3,7 @@ HOSTS: roles: - master platform: el-7-x86_64 - hypervisor : none + hypervisor: none ip: 127.0.0.1 CONFIG: type: foss diff --git a/heat/spec/acceptance/nodesets/nodepool-trusty.yml b/heat/spec/acceptance/nodesets/nodepool-trusty.yml index a95d9f38d..9fc624e24 100644 --- a/heat/spec/acceptance/nodesets/nodepool-trusty.yml +++ b/heat/spec/acceptance/nodesets/nodepool-trusty.yml @@ -3,7 +3,7 @@ HOSTS: roles: - master platform: ubuntu-14.04-amd64 - hypervisor : none + hypervisor: none ip: 127.0.0.1 CONFIG: type: foss diff --git a/heat/spec/acceptance/nodesets/ubuntu-server-1404-x64.yml b/heat/spec/acceptance/nodesets/ubuntu-server-1404-x64.yml new file mode 100644 index 000000000..8001929b2 --- /dev/null +++ b/heat/spec/acceptance/nodesets/ubuntu-server-1404-x64.yml @@ -0,0 +1,11 @@ +HOSTS: + ubuntu-server-14.04-amd64: + roles: + - master + platform: ubuntu-14.04-amd64 + box: puppetlabs/ubuntu-14.04-64-nocm + box_url: https://vagrantcloud.com/puppetlabs/ubuntu-14.04-64-nocm + hypervisor: vagrant +CONFIG: + log_level: debug + type: foss diff --git a/heat/spec/classes/heat_db_sync_spec.rb b/heat/spec/classes/heat_db_sync_spec.rb new file mode 100644 index 000000000..e88da8064 --- /dev/null +++ b/heat/spec/classes/heat_db_sync_spec.rb @@ -0,0 +1,44 @@ +require 'spec_helper' + +describe 'heat::db::sync' do + + shared_examples_for 'heat-dbsync' do + + it 'runs heat-manage db_sync' do + is_expected.to contain_exec('heat-dbsync').with( + :command => 'heat-manage --config-file /etc/heat/heat.conf db_sync', + :path => '/usr/bin', + :user => 'heat', + :refreshonly => 'true', + :logoutput => 'on_failure' + ) + end + + end + + context 'on a RedHat osfamily' do + let :facts do + { + :osfamily => 'RedHat', + :operatingsystemrelease => '7.0', + :concat_basedir => '/var/lib/puppet/concat' + } + end + + it_configures 'heat-dbsync' + end + + context 'on a Debian osfamily' do + let :facts do + { + :operatingsystemrelease => '7.8', + :operatingsystem => 'Debian', + :osfamily => 'Debian', + :concat_basedir => '/var/lib/puppet/concat' + } + end + + it_configures 'heat-dbsync' + end + +end diff --git a/heat/spec/classes/heat_engine_spec.rb b/heat/spec/classes/heat_engine_spec.rb index b011720d4..db49e7d59 100644 --- a/heat/spec/classes/heat_engine_spec.rb +++ b/heat/spec/classes/heat_engine_spec.rb @@ -50,7 +50,6 @@ :ensure => 'present', :name => os_params[:package_name], :tag => ['openstack', 'heat-package'], - :notify => 'Exec[heat-dbsync]' ) } it { is_expected.to contain_service('heat-engine').with( @@ -62,7 +61,6 @@ :require => [ 'File[/etc/heat/heat.conf]', 'Package[heat-common]', 'Package[heat-engine]'], - :subscribe => 'Exec[heat-dbsync]', :tag => 'heat-service', ) } @@ -103,25 +101,9 @@ :require => [ 'File[/etc/heat/heat.conf]', 'Package[heat-common]', 'Package[heat-engine]'], - :subscribe => 'Exec[heat-dbsync]', :tag => 'heat-service', ) } end - context 'with $sync_db set to false in ::heat' do - let :pre_condition do - "class {'heat': sync_db => false}" - end - - it 'configures heat-engine service to not subscribe to the dbsync resource' do - is_expected.to contain_service('heat-engine').that_subscribes_to(nil) - end - - it 'configures the heat-engine package to not be notified by the dbsync resource ' do - is_expected.to contain_package('heat-engine').with( - :notify => nil, - ) - end - end context 'with wrong auth_encryption_key parameter size' do before do params.merge!({ diff --git a/heat/spec/classes/heat_init_spec.rb b/heat/spec/classes/heat_init_spec.rb index 81c39fba1..176fddaa2 100644 --- a/heat/spec/classes/heat_init_spec.rb +++ b/heat/spec/classes/heat_init_spec.rb @@ -7,6 +7,7 @@ :package_ensure => 'present', :verbose => 'False', :debug => 'False', + :use_stderr => 'True', :log_dir => '/var/log/heat', :rabbit_host => '127.0.0.1', :rabbit_port => 5672, @@ -131,9 +132,7 @@ end it 'has db_sync enabled' do - is_expected.to contain_exec('heat-dbsync').with( - :subscribe => 'Package[heat-common]', - ) + is_expected.to contain_class('heat::db::sync') end it 'configures debug and verbose' do @@ -141,6 +140,10 @@ is_expected.to contain_heat_config('DEFAULT/verbose').with_value( params[:verbose] ) end + it 'configures use_stderr option' do + is_expected.to contain_heat_config('DEFAULT/use_stderr').with_value( params[:use_stderr] ) + end + it 'configures auth_uri' do is_expected.to contain_heat_config('keystone_authtoken/auth_uri').with_value( params[:auth_uri] ) end diff --git a/heat/spec/classes/heat_keystone_domain_spec.rb b/heat/spec/classes/heat_keystone_domain_spec.rb index 0eba85d82..c8d77911d 100644 --- a/heat/spec/classes/heat_keystone_domain_spec.rb +++ b/heat/spec/classes/heat_keystone_domain_spec.rb @@ -3,13 +3,10 @@ describe 'heat::keystone::domain' do let :params do { - :auth_url => 'http://127.0.0.1:35357/v2.0', - :keystone_admin => 'admin', - :keystone_password => 'admin_passwd', - :keystone_tenant => 'admin', - :domain_name => 'heat', - :domain_admin => 'heat_admin', - :domain_password => 'domain_passwd' + :domain_name => 'heat', + :domain_admin => 'heat_admin', + :domain_admin_email => 'heat_admin@localhost', + :domain_password => 'domain_passwd' } end @@ -18,34 +15,26 @@ is_expected.to contain_heat_config('DEFAULT/stack_domain_admin').with_value(params[:domain_admin]) is_expected.to contain_heat_config('DEFAULT/stack_domain_admin_password').with_value(params[:domain_password]) is_expected.to contain_heat_config('DEFAULT/stack_domain_admin_password').with_secret(true) + is_expected.to contain_heat_config('DEFAULT/stack_user_domain_name').with_value(params[:domain_name]) end - it 'should configure heat domain id' do - is_expected.to contain_heat_domain_id_setter('heat_domain_id').with( - :ensure => 'present', - :domain_name => params[:domain_name], - :auth_url => params[:auth_url], - :auth_username => params[:keystone_admin], - :auth_password => params[:keystone_password], - :auth_tenant_name => params[:keystone_tenant] + it 'should create keystone domain' do + is_expected.to contain_keystone_domain('heat_domain').with( + :ensure => 'present', + :enabled => 'true', + :name => params[:domain_name] ) - end - it 'should exec helper script' do - is_expected.to contain_exec('heat_domain_create').with( - :command => 'heat-keystone-setup-domain', - :path => '/usr/bin', - :require => 'Package[heat-common]', - :logoutput => 'on_failure', - :environment => [ - "OS_TENANT_NAME=#{params[:keystone_tenant]}", - "OS_USERNAME=#{params[:keystone_admin]}", - "OS_PASSWORD=#{params[:keystone_password]}", - "OS_AUTH_URL=#{params[:auth_url]}", - "HEAT_DOMAIN=#{params[:domain_name]}", - "HEAT_DOMAIN_ADMIN=#{params[:domain_admin]}", - "HEAT_DOMAIN_PASSWORD=#{params[:domain_password]}" - ] + is_expected.to contain_keystone_user('heat_domain_admin').with( + :ensure => 'present', + :enabled => 'true', + :name => params[:domain_admin], + :email => params[:domain_admin_email], + :password => params[:domain_password], + :domain => params[:domain_name], + ) + is_expected.to contain_keystone_user_role('heat_admin@::heat').with( + :roles => ['admin'], ) end end diff --git a/heat/spec/spec_helper.rb b/heat/spec/spec_helper.rb index 27f3351dd..3df4cede1 100644 --- a/heat/spec/spec_helper.rb +++ b/heat/spec/spec_helper.rb @@ -1,9 +1,10 @@ require 'puppetlabs_spec_helper/module_spec_helper' require 'shared_examples' require 'webmock/rspec' -require 'json' RSpec.configure do |c| c.alias_it_should_behave_like_to :it_configures, 'configures' c.alias_it_should_behave_like_to :it_raises, 'raises' end + +at_exit { RSpec::Puppet::Coverage.report! } diff --git a/heat/spec/unit/provider/heat_config/ini_setting_spec.rb b/heat/spec/unit/provider/heat_config/ini_setting_spec.rb new file mode 100644 index 000000000..d011d3cbf --- /dev/null +++ b/heat/spec/unit/provider/heat_config/ini_setting_spec.rb @@ -0,0 +1,71 @@ +$LOAD_PATH.push( + File.join( + File.dirname(__FILE__), + '..', + '..', + '..', + 'fixtures', + 'modules', + 'inifile', + 'lib') +) +$LOAD_PATH.push( + File.join( + File.dirname(__FILE__), + '..', + '..', + '..', + 'fixtures', + 'modules', + 'openstacklib', + 'lib') +) + +require 'spec_helper' + +provider_class = Puppet::Type.type(:heat_config).provider(:ini_setting) + +describe provider_class do + + it 'should default to the default setting when no other one is specified' do + resource = Puppet::Type::Heat_config.new( + { + :name => 'DEFAULT/foo', + :value => 'bar' + } + ) + provider = provider_class.new(resource) + expect(provider.section).to eq('DEFAULT') + expect(provider.setting).to eq('foo') + end + + it 'should allow setting to be set explicitly' do + resource = Puppet::Type::Heat_config.new( + { + :name => 'dude/foo', + :value => 'bar' + } + ) + provider = provider_class.new(resource) + expect(provider.section).to eq('dude') + expect(provider.setting).to eq('foo') + end + + it 'should ensure absent when is specified as a value' do + resource = Puppet::Type::Heat_config.new( + {:name => 'dude/foo', :value => ''} + ) + provider = provider_class.new(resource) + provider.exists? + expect(resource[:ensure]).to eq :absent + end + + it 'should ensure absent when value matches ensure_absent_val' do + resource = Puppet::Type::Heat_config.new( + {:name => 'dude/foo', :value => 'foo', :ensure_absent_val => 'foo' } + ) + provider = provider_class.new(resource) + provider.exists? + expect(resource[:ensure]).to eq :absent + end +end diff --git a/heat/spec/unit/provider/heat_domain_id_setter/heat_spec.rb b/heat/spec/unit/provider/heat_domain_id_setter/heat_spec.rb deleted file mode 100644 index a6bc4d9c0..000000000 --- a/heat/spec/unit/provider/heat_domain_id_setter/heat_spec.rb +++ /dev/null @@ -1,177 +0,0 @@ -require 'spec_helper' -require 'puppet' -require 'puppet/type/heat_domain_id_setter' - -provider_class = Puppet::Type.type(:heat_domain_id_setter).provider(:ruby) - -# used to simulate an authentication response from Keystone -# (POST v2.0/tokens) -auth_response = { - 'access' => { - 'token' => { - 'id' => 'TOKEN', - } - } -} - -# used to simulate a response to GET v3/domains -domains_response = { - 'domains' => [ - { - 'name' => 'heat', - 'id' => 'UUID_HEAT' - }, - { - 'name' => 'multiple_matches_domain', - 'id' => 'UUID1' - }, - { - 'name' => 'multiple_matches_domain', - 'id' => 'UUID2' - }, - ] -} - -# Stub for ini_setting resource -Puppet::Type.newtype(:ini_setting) do -end - -# Stub for ini_setting provider -Puppet::Type.newtype(:ini_setting).provide(:ruby) do - def create - end -end - -describe 'Puppet::Type.type(:heat_keystone_domain_id_setter)' do - let :params do - { - :name => 'heat_domain_id', - :ensure => 'present', - :domain_name => 'heat', - :auth_url => 'http://127.0.0.1:35357/v2.0', - :auth_username => 'admin', - :auth_password => 'admin_passwd', - :auth_tenant_name => 'admin', - } - end - - it 'should have a non-nil provider' do - expect(provider_class).not_to be_nil - end - - context 'when url is correct' do - before :each do - stub_request(:post, "http://127.0.0.1:35357/v2.0/tokens"). - to_return(:status => 200, - :body => auth_response.to_json, - :headers => {}) - stub_request(:get, "http://127.0.0.1:35357/v3/domains"). - with(:headers => {'X-Auth-Token'=>'TOKEN'}). - to_return(:status => 200, - :body => domains_response.to_json, - :headers => {}) - end - - it 'should create a resource' do - resource = Puppet::Type::Heat_domain_id_setter.new(params) - provider = provider_class.new(resource) - expect(provider.exists?).to be_falsey - expect(provider.create).to be_nil - end - end - - # What happens if we ask for a domain that does not exist? - context 'when domain cannot be found' do - before :each do - stub_request(:post, "http://127.0.0.1:35357/v2.0/tokens"). - to_return(:status => 200, - :body => auth_response.to_json, - :headers => {}) - stub_request(:get, "http://127.0.0.1:35357/v3/domains"). - with(:headers => {'X-Auth-Token'=>'TOKEN'}). - to_return(:status => 200, - :body => domains_response.to_json, - :headers => {}) - - params.merge!(:domain_name => 'bad_domain_name') - end - - it 'should receive an api error' do - resource = Puppet::Type::Heat_domain_id_setter.new(params) - provider = provider_class.new(resource) - expect(provider.exists?).to be_falsey - expect { provider.create }.to raise_error KeystoneAPIError, /Unable to find matching domain/ - end - end - - # What happens if we ask for a domain name that results in multiple - # matches? - context 'when there are multiple matching domains' do - before :each do - stub_request(:post, "http://127.0.0.1:35357/v2.0/tokens"). - to_return(:status => 200, - :body => auth_response.to_json, - :headers => {}) - stub_request(:get, "http://127.0.0.1:35357/v3/domains"). - with(:headers => {'X-Auth-Token'=>'TOKEN'}). - to_return(:status => 200, - :body => domains_response.to_json, - :headers => {}) - - params.merge!(:domain_name => 'multiple_matches_domain') - end - - it 'should receive an api error' do - resource = Puppet::Type::Heat_domain_id_setter.new(params) - provider = provider_class.new(resource) - expect(provider.exists?).to be_falsey - expect { provider.create }.to raise_error KeystoneAPIError, /Found multiple matches for domain name/ - end - end - - # What happens if we pass a bad password? - context 'when password is incorrect' do - before :each do - stub_request(:post, "http://127.0.0.1:35357/v2.0/tokens"). - to_return(:status => 401, - :body => auth_response.to_json, - :headers => {}) - end - - it 'should receive an authentication error' do - resource = Puppet::Type::Heat_domain_id_setter.new(params) - provider = provider_class.new(resource) - expect(provider.exists?).to be_falsey - expect { provider.create }.to raise_error KeystoneAPIError - end - end - - # What happens if the server is not listening? - context 'when keystone server is unavailable' do - before :each do - stub_request(:post, "http://127.0.0.1:35357/v2.0/tokens").to_raise Errno::ECONNREFUSED - end - - it 'should receive a connection error' do - resource = Puppet::Type::Heat_domain_id_setter.new(params) - provider = provider_class.new(resource) - expect(provider.exists?).to be_falsey - expect { provider.create }.to raise_error KeystoneConnectionError - end - end - - # What happens if we mistype the hostname? - context 'when keystone server is unknown' do - before :each do - stub_request(:post, "http://127.0.0.1:35357/v2.0/tokens").to_raise SocketError, 'getaddrinfo: Name or service not known' - end - - it 'should receive a connection error' do - resource = Puppet::Type::Heat_domain_id_setter.new(params) - provider = provider_class.new(resource) - expect(provider.exists?).to be_falsey - expect { provider.create }.to raise_error KeystoneConnectionError - end - end - -end diff --git a/heat/spec/unit/type/heat_config_spec.rb b/heat/spec/unit/type/heat_config_spec.rb new file mode 100644 index 000000000..8c7677fcf --- /dev/null +++ b/heat/spec/unit/type/heat_config_spec.rb @@ -0,0 +1,20 @@ +require 'puppet' +require 'puppet/type/heat_config' + +describe 'Puppet::Type.type(:heat_config)' do + before :each do + @heat_config = Puppet::Type.type(:heat_config).new(:name => 'DEFAULT/foo', :value => 'bar') + end + + + it 'should autorequire the package that install the file' do + catalog = Puppet::Resource::Catalog.new + package = Puppet::Type.type(:package).new(:name => 'heat-common') + catalog.add_resource package, @heat_config + dependency = @heat_config.autorequire + expect(dependency.size).to eq(1) + expect(dependency[0].target).to eq(@heat_config) + expect(dependency[0].source).to eq(package) + end + +end diff --git a/horizon/.gitignore b/horizon/.gitignore index 1fc755c8f..4dd84f06e 100644 --- a/horizon/.gitignore +++ b/horizon/.gitignore @@ -1,5 +1,10 @@ +pkg/ Gemfile.lock -spec/fixtures/modules/* -spec/fixtures/manifests/site.pp +vendor/ +spec/fixtures/ +.vagrant/ +.bundle/ +coverage/ +.idea/ *.swp -pkg +*.iml diff --git a/horizon/.sync.yml b/horizon/.sync.yml new file mode 100644 index 000000000..66a03c649 --- /dev/null +++ b/horizon/.sync.yml @@ -0,0 +1,3 @@ +--- +spec/spec_helper.rb: + unmanaged: true diff --git a/horizon/Gemfile b/horizon/Gemfile index 6bd28529d..6d4ce9a07 100644 --- a/horizon/Gemfile +++ b/horizon/Gemfile @@ -1,26 +1,30 @@ -source 'https://rubygems.org' +source ENV['GEM_SOURCE'] || "https://rubygems.org" group :development, :test do - gem 'puppetlabs_spec_helper', :require => false - gem 'rspec-puppet', '~> 2.1.0', :require => false - - gem 'puppet-lint', '~> 1.1.0' - gem 'metadata-json-lint' - gem 'puppet-lint-param-docs' - gem 'puppet-lint-absolute_classname-check' - gem 'puppet-lint-absolute_template_path' - gem 'puppet-lint-trailing_newline-check' + gem 'puppetlabs_spec_helper', :require => 'false' + gem 'rspec-puppet', '~> 2.2.0', :require => 'false' + gem 'metadata-json-lint', :require => 'false' + gem 'puppet-lint-param-docs', :require => 'false' + gem 'puppet-lint-absolute_classname-check', :require => 'false' + gem 'puppet-lint-absolute_template_path', :require => 'false' + gem 'puppet-lint-trailing_newline-check', :require => 'false' + gem 'puppet-lint-unquoted_string-check', :require => 'false' + gem 'puppet-lint-leading_zero-check', :require => 'false' + gem 'puppet-lint-variable_contains_upcase', :require => 'false' + gem 'puppet-lint-numericvariable', :require => 'false' + gem 'json', :require => 'false' + gem 'webmock', :require => 'false' +end - # Puppet 4.x related lint checks - gem 'puppet-lint-unquoted_string-check' - gem 'puppet-lint-leading_zero-check' - gem 'puppet-lint-variable_contains_upcase' - gem 'puppet-lint-numericvariable' +group :system_tests do + gem 'beaker-rspec', :require => 'false' + gem 'beaker-puppet_install_helper', :require => 'false' +end - gem 'beaker-rspec', :require => false - gem 'beaker-puppet_install_helper', :require => false - gem 'json' - gem 'webmock' +if facterversion = ENV['FACTER_GEM_VERSION'] + gem 'facter', facterversion, :require => false +else + gem 'facter', :require => false end if puppetversion = ENV['PUPPET_GEM_VERSION'] diff --git a/horizon/Rakefile b/horizon/Rakefile index df1d7897d..bc08f437c 100644 --- a/horizon/Rakefile +++ b/horizon/Rakefile @@ -2,10 +2,20 @@ require 'puppetlabs_spec_helper/rake_tasks' require 'puppet-lint/tasks/puppet-lint' require 'puppet-syntax/tasks/puppet-syntax' -PuppetLint.configuration.fail_on_warnings = true -PuppetLint.configuration.send('disable_80chars') -PuppetLint.configuration.send('disable_class_parameter_defaults') +PuppetSyntax.exclude_paths ||= [] +PuppetSyntax.exclude_paths << "spec/fixtures/**/*" +PuppetSyntax.exclude_paths << "pkg/**/*" +PuppetSyntax.exclude_paths << "vendor/**/*" -exclude_tests_paths = ['pkg/**/*','vendor/**/*'] -PuppetLint.configuration.ignore_paths = exclude_tests_paths -PuppetSyntax.exclude_paths = exclude_tests_paths +Rake::Task[:lint].clear +PuppetLint::RakeTask.new :lint do |config| + config.ignore_paths = ["spec/**/*.pp", "vendor/**/*.pp"] + config.fail_on_warnings = true + config.log_format = '%{path}:%{linenumber}:%{KIND}: %{message}' + config.disable_checks = ["80chars", "class_inherits_from_params_class", "class_parameter_defaults", "only_variable_string"] +end + +desc "Run acceptance tests" +RSpec::Core::RakeTask.new(:acceptance) do |t| + t.pattern = 'spec/acceptance' +end diff --git a/horizon/manifests/init.pp b/horizon/manifests/init.pp index a623cadaf..37abe80ab 100644 --- a/horizon/manifests/init.pp +++ b/horizon/manifests/init.pp @@ -209,6 +209,20 @@ # (optional) Tuskar-UI - Deployment mode ('poc' or 'scale') # Defaults to 'scale' # +# [*custom_theme_path*] +# (optional) The directory location for the theme (e.g., "static/themes/blue") +# Default to undefined +# +# [*redirect_type*] +# (optional) What type of redirect to use when redirecting an http request +# for a user. This should be either 'temp' or 'permanent'. Setting this value +# to 'permanent' will result in the use of a 301 redirect which may be cached +# by a user's browser. Setting this value to 'temp' will result in the use +# of a 302 redirect which is not cached by browsers and may solve issues if +# users report errors accessing horizon. Only used if configure_apache is +# set to true. +# Defaults to 'permanent' +# # === Examples # # class { 'horizon': @@ -261,6 +275,8 @@ $tuskar_ui_ironic_discoverd_url = 'http://127.0.0.1:5050', $tuskar_ui_undercloud_admin_password = undef, $tuskar_ui_deployment_mode = 'scale', + $custom_theme_path = undef, + $redirect_type = 'permanent', # DEPRECATED PARAMETERS $can_set_mount_point = undef, $vhost_extra_params = undef, @@ -310,7 +326,7 @@ package { 'horizon': ensure => $package_ensure, name => $::horizon::params::package_name, - tag => 'openstack', + tag => ['openstack', 'horizon-package'], } concat { $::horizon::params::config_file: @@ -349,6 +365,7 @@ horizon_key => $horizon_key, horizon_ca => $horizon_ca, extra_params => $vhost_extra_params, + redirect_type => $redirect_type, } } diff --git a/horizon/manifests/wsgi/apache.pp b/horizon/manifests/wsgi/apache.pp index 51e688b08..67b34dfa3 100644 --- a/horizon/manifests/wsgi/apache.pp +++ b/horizon/manifests/wsgi/apache.pp @@ -59,6 +59,16 @@ # [*extra_params*] # (optional) A hash of extra paramaters for apache::wsgi class. # Defaults to {} +# +# [*redirect_type*] +# (optional) What type of redirect to use when redirecting an http request +# for a user. This should be either 'temp' or 'permanent'. Setting this value +# to 'permanent' will result in the use of a 301 redirect which may be cached +# by a user's browser. Setting this value to 'temp' will result in the use +# of a 302 redirect which is not cached by browsers and may solve issues if +# users report errors accessing horizon. +# Defaults to 'permanent' +# class horizon::wsgi::apache ( $bind_address = undef, $fqdn = undef, @@ -75,6 +85,7 @@ $vhost_conf_name = 'horizon_vhost', $vhost_ssl_conf_name = 'horizon_ssl_vhost', $extra_params = {}, + $redirect_type = 'permanent', ) { include ::horizon::params @@ -132,6 +143,10 @@ $redirect_url = $::horizon::params::root_url } + if !($redirect_type in ['temp', 'permanent']) { + fail("Invalid redirect type '${redirect_type} provided.") + } + Package['horizon'] -> Package[$::horizon::params::http_service] File[$::horizon::params::config_file] ~> Service[$::horizon::params::http_service] @@ -187,7 +202,7 @@ }, wsgi_import_script => $::horizon::params::django_wsgi, wsgi_process_group => $::horizon::params::wsgi_group, - redirectmatch_status => 'permanent', + redirectmatch_status => $redirect_type, } # Only add the 'ip' element to the $default_vhost_conf hash if it was explicitly diff --git a/horizon/spec/acceptance/horizon_with_apache_spec.rb b/horizon/spec/acceptance/horizon_with_apache_spec.rb index 783ef3a5f..069d06e73 100644 --- a/horizon/spec/acceptance/horizon_with_apache_spec.rb +++ b/horizon/spec/acceptance/horizon_with_apache_spec.rb @@ -11,14 +11,28 @@ case $::osfamily { 'Debian': { include ::apt - class { '::openstack_extras::repo::debian::ubuntu': - release => 'kilo', - package_require => true, + apt::ppa { 'ppa:ubuntu-cloud-archive/liberty-staging': + # it's false by default in 2.x series but true in 1.8.x + package_manage => false, } + Exec['apt_update'] -> Package<||> } 'RedHat': { class { '::openstack_extras::repo::redhat::redhat': - release => 'kilo', + manage_rdo => false, + repo_hash => { + # we need kilo repo to be installed for dependencies + 'rdo-kilo' => { + 'baseurl' => 'https://repos.fedorapeople.org/repos/openstack/openstack-kilo/el7/', + 'descr' => 'RDO kilo', + 'gpgcheck' => 'no', + }, + 'rdo-liberty' => { + 'baseurl' => 'http://trunk.rdoproject.org/centos7/current/', + 'descr' => 'RDO trunk', + 'gpgcheck' => 'no', + }, + }, } package { 'openstack-selinux': ensure => 'latest' } } diff --git a/horizon/spec/acceptance/nodesets/centos-70-x64.yml b/horizon/spec/acceptance/nodesets/centos-70-x64.yml new file mode 100644 index 000000000..5f097e9fe --- /dev/null +++ b/horizon/spec/acceptance/nodesets/centos-70-x64.yml @@ -0,0 +1,11 @@ +HOSTS: + centos-server-70-x64: + roles: + - master + platform: el-7-x86_64 + box: puppetlabs/centos-7.0-64-nocm + box_url: https://vagrantcloud.com/puppetlabs/centos-7.0-64-nocm + hypervisor: vagrant +CONFIG: + log_level: debug + type: foss diff --git a/horizon/spec/acceptance/nodesets/default.yml b/horizon/spec/acceptance/nodesets/default.yml index a2c1ecc63..486b6a34e 100644 --- a/horizon/spec/acceptance/nodesets/default.yml +++ b/horizon/spec/acceptance/nodesets/default.yml @@ -1,9 +1,10 @@ HOSTS: - ubuntu-14.04-amd64: + ubuntu-server-14.04-amd64: roles: - master platform: ubuntu-14.04-amd64 - hypervisor : none - ip: 127.0.0.1 + box: puppetlabs/ubuntu-14.04-64-nocm + box_url: https://vagrantcloud.com/puppetlabs/ubuntu-14.04-64-nocm + hypervisor: vagrant CONFIG: type: foss diff --git a/horizon/spec/acceptance/nodesets/nodepool-centos7.yml b/horizon/spec/acceptance/nodesets/nodepool-centos7.yml index 575ae6732..c55287420 100644 --- a/horizon/spec/acceptance/nodesets/nodepool-centos7.yml +++ b/horizon/spec/acceptance/nodesets/nodepool-centos7.yml @@ -3,7 +3,7 @@ HOSTS: roles: - master platform: el-7-x86_64 - hypervisor : none + hypervisor: none ip: 127.0.0.1 CONFIG: type: foss diff --git a/horizon/spec/acceptance/nodesets/nodepool-trusty.yml b/horizon/spec/acceptance/nodesets/nodepool-trusty.yml index a95d9f38d..9fc624e24 100644 --- a/horizon/spec/acceptance/nodesets/nodepool-trusty.yml +++ b/horizon/spec/acceptance/nodesets/nodepool-trusty.yml @@ -3,7 +3,7 @@ HOSTS: roles: - master platform: ubuntu-14.04-amd64 - hypervisor : none + hypervisor: none ip: 127.0.0.1 CONFIG: type: foss diff --git a/horizon/spec/acceptance/nodesets/ubuntu-server-1404-x64.yml b/horizon/spec/acceptance/nodesets/ubuntu-server-1404-x64.yml new file mode 100644 index 000000000..8001929b2 --- /dev/null +++ b/horizon/spec/acceptance/nodesets/ubuntu-server-1404-x64.yml @@ -0,0 +1,11 @@ +HOSTS: + ubuntu-server-14.04-amd64: + roles: + - master + platform: ubuntu-14.04-amd64 + box: puppetlabs/ubuntu-14.04-64-nocm + box_url: https://vagrantcloud.com/puppetlabs/ubuntu-14.04-64-nocm + hypervisor: vagrant +CONFIG: + log_level: debug + type: foss diff --git a/horizon/spec/classes/horizon_init_spec.rb b/horizon/spec/classes/horizon_init_spec.rb index 665923fbd..519afd759 100644 --- a/horizon/spec/classes/horizon_init_spec.rb +++ b/horizon/spec/classes/horizon_init_spec.rb @@ -28,7 +28,7 @@ is_expected.to contain_package('python-lesscpy').with_ensure('present') is_expected.to contain_package('horizon').with( :ensure => 'present', - :tag => 'openstack' + :tag => ['openstack', 'horizon-package'], ) } it { is_expected.to contain_exec('refresh_horizon_django_cache').with({ @@ -39,10 +39,11 @@ it 'configures apache' do is_expected.to contain_class('horizon::wsgi::apache').with({ - :servername => 'some.host.tld', - :listen_ssl => false, - :servername => 'some.host.tld', - :extra_params => {}, + :servername => 'some.host.tld', + :listen_ssl => false, + :servername => 'some.host.tld', + :extra_params => {}, + :redirect_type => 'permanent', }) end @@ -101,7 +102,8 @@ :neutron_options => {'enable_lb' => true, 'enable_firewall' => true, 'enable_quotas' => false, 'enable_security_group' => false, 'enable_vpn' => true, 'enable_distributed_router' => false, 'enable_ha_router' => false, 'profile_support' => 'cisco', }, :file_upload_temp_dir => '/var/spool/horizon', - :secure_cookies => true + :secure_cookies => true, + :custom_theme_path => 'static/themes/green' }) end @@ -132,6 +134,7 @@ 'OPENSTACK_ENDPOINT_TYPE = "internalURL"', 'SECONDARY_ENDPOINT_TYPE = "ANY-VALUE"', 'API_RESULT_LIMIT = 4682', + "CUSTOM_THEME_PATH = 'static/themes/green'", " 'level': 'DEBUG',", " 'handlers': ['syslog'],", 'COMPRESS_OFFLINE = False', @@ -191,13 +194,15 @@ context 'with vhost_extra_params' do before do params.merge!({ - :vhost_extra_params => { 'add_listen' => false }, + :vhost_extra_params => { 'add_listen' => false }, + :redirect_type => 'temp', }) end it 'configures apache' do is_expected.to contain_class('horizon::wsgi::apache').with({ - :extra_params => { 'add_listen' => false }, + :extra_params => { 'add_listen' => false }, + :redirect_type => 'temp', }) end end diff --git a/horizon/spec/classes/horizon_wsgi_apache_spec.rb b/horizon/spec/classes/horizon_wsgi_apache_spec.rb index 467a426eb..ea7bedd61 100644 --- a/horizon/spec/classes/horizon_wsgi_apache_spec.rb +++ b/horizon/spec/classes/horizon_wsgi_apache_spec.rb @@ -57,7 +57,8 @@ context 'with overriden parameters' do before do params.merge!({ - :priority => '10', + :priority => '10', + :redirect_type => 'temp', }) end @@ -76,7 +77,7 @@ 'serveraliases' => ['*'], 'docroot' => '/var/www/', 'ssl' => 'false', - 'redirectmatch_status' => 'permanent', + 'redirectmatch_status' => 'temp', 'redirectmatch_regexp' => '^/$', 'redirectmatch_dest' => platforms_params[:root_url], 'wsgi_script_aliases' => { platforms_params[:root_url] => '/usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi' }, diff --git a/horizon/spec/spec_helper.rb b/horizon/spec/spec_helper.rb index 605a8ad05..b3ef99e93 100644 --- a/horizon/spec/spec_helper.rb +++ b/horizon/spec/spec_helper.rb @@ -1,5 +1,6 @@ require 'puppetlabs_spec_helper/module_spec_helper' require 'shared_examples' +require 'webmock/rspec' RSpec.configure do |c| c.alias_it_should_behave_like_to :it_configures, 'configures' @@ -10,3 +11,5 @@ def verify_concat_fragment_contents(subject, title, expected_lines) content = subject.resource('concat::fragment', title).send(:parameters)[:content] expect(content.split("\n") & expected_lines).to eq(expected_lines) end + +at_exit { RSpec::Puppet::Coverage.report! } diff --git a/horizon/templates/local_settings.py.erb b/horizon/templates/local_settings.py.erb index 006a3647e..051c844de 100644 --- a/horizon/templates/local_settings.py.erb +++ b/horizon/templates/local_settings.py.erb @@ -281,6 +281,16 @@ EXTERNAL_MONITORING = <%= @horizon_app_links %> # 'reverse': False, # } +# CUSTOM_THEME_PATH allows to set to the directory location for the +# theme (e.g., "static/themes/blue"). The path can either be +# relative to the openstack_dashboard directory or an absolute path +# to an accessible location on the file system. +# If not specified, the default CUSTOM_THEME_PATH is +# static/themes/default. +<% if @custom_theme_path %> +CUSTOM_THEME_PATH = '<%= @custom_theme_path %>' +<% end %> + # The Horizon Policy Enforcement engine uses these values to load per service # policy rule files. The content of these files should match the files the # OpenStack services are using to determine role based access control in the diff --git a/inifile/CHANGELOG.md b/inifile/CHANGELOG.md index 375e910f0..4b354f80e 100644 --- a/inifile/CHANGELOG.md +++ b/inifile/CHANGELOG.md @@ -1,3 +1,28 @@ +## 2015-09-01 - Supported Release 1.4.2 +### Summary +This release adds some bugfixes. + +####Bugfixes +- MODULES-2212 Add use_exact_match parameter for subsettings +- MODULES-1908 Munge the setting to ensure we always strip the whitespace +- MODULES-2369 Support a space as a key_val_separator + +## 2015-07-15 - Supported Release 1.4.1 +### Summary +This release bumps the metadata for PE up. + +##2015-07-07 - Supported Releases 1.4.0 +###Summary + +This is primarily a release which includes acceptance tests updates, but also includes some minor bug fixes and improvements + +####Features +- Solaris 12 Support +- Acceptance testing improvements + +####Bugfixes +- MODULES-1599 Match only on space and tab whitespace after k/v separator + ##2015-06-09 - Supported Releases 1.3.0 ###Summary diff --git a/inifile/README.markdown b/inifile/README.markdown index 80e8743c2..c1493c1d7 100644 --- a/inifile/README.markdown +++ b/inifile/README.markdown @@ -25,10 +25,9 @@ Many applications use INI-style configuration files to store their settings. Thi ###Beginning with inifile - To manage a single setting in an INI file, add the `ini_setting` type to a class: -~~~ +~~~puppet ini_setting { "sample setting": ensure => present, path => '/tmp/foo.ini', @@ -51,9 +50,7 @@ The inifile module tries hard not to manipulate your file any more than it needs Use the `ini_subsetting` type: -~~~ -JAVA_ARGS="-Xmx192m -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/var/log/pe-puppetdb/puppetdb-oom.hprof " - +~~~puppet ini_subsetting {'sample subsetting': ensure => present, section => '', @@ -65,13 +62,16 @@ ini_subsetting {'sample subsetting': } ~~~ -###Use a non-standard section header +Results in managing this `-Xmx` subsetting: +~~~puppet +JAVA_ARGS="-Xmx512m -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/var/log/pe-puppetdb/puppetdb-oom.hprof" ~~~ -default: - minage = 1 - maxage = 13 + +###Use a non-standard section header + +~~~puppet ini_setting { 'default minage': ensure => present, path => '/etc/security/users', @@ -83,8 +83,14 @@ ini_setting { 'default minage': } ~~~ -###Implement child providers +Results in: +~~~puppet +default: + minage = 1 +~~~ + +###Implement child providers You might want to create child providers that inherit the `ini_setting` provider, for one or both of these purposes: @@ -94,7 +100,7 @@ You might want to create child providers that inherit the `ini_setting` provider To implement child providers, first specify a custom type. Have it implement a namevar called `name` and a property called `value`: -~~~ +~~~ruby #my_module/lib/puppet/type/glance_api_config.rb Puppet::Type.newtype(:glance_api_config) do ensurable @@ -114,7 +120,7 @@ end Your type also needs a provider that uses the `ini_setting` provider as its parent: -~~~ +~~~ruby # my_module/lib/puppet/provider/glance_api_config/ini_setting.rb Puppet::Type.type(:glance_api_config).provide( :ini_setting, @@ -138,7 +144,7 @@ end Now the settings in /etc/glance/glance-api.conf file can be managed as individual resources: -~~~ +~~~puppet glance_api_config { 'HEADER/important_config': value => 'secret_value', } @@ -146,12 +152,120 @@ glance_api_config { 'HEADER/important_config': If you've implemented self.file_path, you can have Puppet purge the file of all lines that aren't implemented as Puppet resources: -~~~ +~~~puppet resources { 'glance_api_config' purge => true, } ~~~ +### Manage multiple ini_settings + +To manage multiple ini_settings, use the [`create_ini_settings`](#function-create_ini_settings) function. + +~~~puppet +$defaults = { 'path' => '/tmp/foo.ini' } +$example = { 'section1' => { 'setting1' => 'value1' } } +create_ini_settings($example, $defaults) +~~~ + +results in: + +~~~puppet +ini_setting { '[section1] setting1': + ensure => present, + section => 'section1', + setting => 'setting1', + value => 'value1', + path => '/tmp/foo.ini', +} +~~~ + +To include special parameters, the following code: + +~~~puppet +$defaults = { 'path' => '/tmp/foo.ini' } +$example = { + 'section1' => { + 'setting1' => 'value1', + 'settings2' => { + 'ensure' => 'absent' + } + } +} +create_ini_settings($example, $defaults) +~~~ + +results in: + +~~~puppet +ini_setting { '[section1] setting1': + ensure => present, + section => 'section1', + setting => 'setting1', + value => 'value1', + path => '/tmp/foo.ini', +} +ini_setting { '[section1] setting2': + ensure => absent, + section => 'section1', + setting => 'setting2', + path => '/tmp/foo.ini', +} +~~~ + +#### Manage multiple ini_settings with Hiera + +This example requires Puppet 3.x/4.x, as it uses automatic retrieval of Hiera data for class parameters and `puppetlabs/stdlib`. + +For the profile `example`: + +~~~puppet +class profile::example ( + $settings, +) { + validate_hash($settings) + $defaults = { 'path' => '/tmp/foo.ini' } + create_ini_settings($settings, $defaults) +} +~~~ + +Provide this in your Hiera data: + +~~~puppet +profile::example::settings: + section1: + setting1: value1 + setting2: value2 + setting3: + ensure: absent +~~~ + +Results in: + +~~~puppet +ini_setting { '[section1] setting1': + ensure => present, + section => 'section1', + setting => 'setting1', + value => 'value1', + path => '/tmp/foo.ini', +} +ini_setting { '[section1] setting2': + ensure => present, + section => 'section1', + setting => 'setting2', + value => 'value2', + path => '/tmp/foo.ini', +} +ini_setting { '[section1] setting3': + ensure => absent, + section => 'section1', + setting => 'setting3', + path => '/tmp/foo.ini', +} +~~~ + + ##Reference ###Public Types @@ -160,6 +274,10 @@ resources { 'glance_api_config' * [`ini_subsetting`](#type-ini_subsetting) +###Public Functions + + * [`create_ini_settings`](#function-create_ini_settings) + ### Type: ini_setting Manages a setting within an INI file. @@ -184,11 +302,11 @@ Determines whether the specified setting should exist. Valid options: 'present' ##### `section` -*Required.* Designates a section of the specified INI file containing the setting to manage. To manage a global setting (at the beginning of the file, before any named sections) enter "". Valid options: a string. +*Optional.* Designates a section of the specified INI file containing the setting to manage. To manage a global setting (at the beginning of the file, before any named sections) enter "". Defaults to "". Valid options: a string. ##### `setting` -*Optional.* Designates a section of the specified INI file containing the setting to manage. To manage a global setting (at the beginning of the file, before any named sections) enter "". Defaults to "". Valid options: a string. +*Required.* Designates a setting to manage within the specified INI file and section. Valid options: a string. ##### `value` @@ -200,13 +318,12 @@ Determines whether the specified setting should exist. Valid options: 'present' ##### `section_suffix` -*Optional.* Designates the string that will appear after the section's name. Default value: "]" +*Optional.* Designates the string that will appear after the section's name. Default value: "]". -**NOTE:** The way this type finds all sections in the file is by looking for lines like `${section_prefix}${title}${section_suffix}` +**NOTE:** This type finds all sections in the file by looking for lines like `${section_prefix}${title}${section_suffix}`. ### Type: ini_subsetting - Manages multiple values within the same INI setting. #### Parameters @@ -217,7 +334,7 @@ Specifies whether the subsetting should be present. Valid options: 'present' and ##### `key_val_separator` -*Optional.* Specifies a string to use between subsetting name and value (e.g., to determine whether the separator includes whitespace). Valid options: a string. Default value: ' = '. +*Optional.* Specifies a string to use between setting name and value (e.g., to determine whether the separator includes whitespace). Valid options: a string. Default value: ' = '. ##### `path` @@ -239,23 +356,52 @@ Specifies whether the subsetting should be present. Valid options: 'present' and *Required.* Designates a subsetting to manage within the specified setting. Valid options: a string. - ##### `subsetting_separator` *Optional.* Specifies a string to use between subsettings. Valid options: a string. Default value: " ". +##### `use_exact_match` + +*Optional.* Whether to use partial or exact matching for subsetting. Should be set to true if the subsettings do not have values. Valid options: true, false. Default value: false. + ##### `value` *Optional.* Supplies a value for the specified subsetting. Valid options: a string. Default value: undefined. +### Function: create_ini_settings + +Manages multiple `ini_setting` resources from a hash. Note that this cannot be used with ini_subsettings. + +`create_ini_settings($settings, $defaults)` + +#### Arguments + +##### First argument: `settings` + +*Required.* Specify a hash representing the `ini_setting` resources you want to create. + +##### Second argument: `defaults` + +*Optional.* Accepts a hash to be used as the values for any attributes not defined in the first argument. + +~~~puppet +$example = { + 'section1' => { + 'setting1' => { + 'value' => 'value1', 'path' => '/tmp/foo.ini' + } + } +} +~~~ + +Default value: '{}'. + ##Limitations -This module has been tested on [all PE-supported platforms](https://forge.puppetlabs.com/supported#compat-matrix), and no issues have been identified. Additionally, it is tested (but not supported) on Windows 7 and Mac OS X 10.9. +This module has been tested on [all PE-supported platforms](https://forge.puppetlabs.com/supported#compat-matrix), and no issues have been identified. Additionally, it is tested (but not supported) on Windows 7, Mac OS X 10.9, and Solaris 12. ##Development -#Development - Puppet Labs modules on the Puppet Forge are open projects, and community contributions are essential for keeping them great. We can't access the huge number of platforms and myriad of hardware, software, and deployment configurations that Puppet is intended to serve. We want to keep it as easy as possible to contribute changes so that our modules work in your environment. There are a few guidelines that we need contributors to follow so that we can have a chance of keeping on top of things. diff --git a/inifile/tests/ini_setting.pp b/inifile/examples/ini_setting.pp similarity index 100% rename from inifile/tests/ini_setting.pp rename to inifile/examples/ini_setting.pp diff --git a/inifile/tests/ini_subsetting.pp b/inifile/examples/ini_subsetting.pp similarity index 100% rename from inifile/tests/ini_subsetting.pp rename to inifile/examples/ini_subsetting.pp diff --git a/inifile/lib/puppet/parser/functions/create_ini_settings.rb b/inifile/lib/puppet/parser/functions/create_ini_settings.rb index 8e14591f1..f0eff6d53 100644 --- a/inifile/lib/puppet/parser/functions/create_ini_settings.rb +++ b/inifile/lib/puppet/parser/functions/create_ini_settings.rb @@ -24,21 +24,21 @@ module Puppet::Parser::Functions Will create the following resources - ini_setting{'[section1] setting1': + ini_setting{'/tmp/foo.ini [section1] setting1': ensure => present, section => 'section1', setting => 'setting1', value => 'val1', path => '/tmp/foo.ini', } - ini_setting{'[section2] setting2': + ini_setting{'/tmp/foo.ini [section2] setting2': ensure => present, section => 'section2', setting => 'setting2', value => 'val2', path => '/tmp/foo.ini', } - ini_setting{'[section2] setting3': + ini_setting{'/tmp/foo.ini [section2] setting3': ensure => absent, section => 'section2', setting => 'setting3', @@ -64,8 +64,12 @@ module Puppet::Parser::Functions "create_ini_settings(): Section #{section} must contain a Hash") \ unless settings[section].is_a?(Hash) + unless path = defaults.merge(settings)['path'] + raise Puppet::ParseError, 'create_ini_settings(): must pass the path parameter to the Ini_setting resource!' + end + settings[section].each do |setting, value| - res["[#{section}] #{setting}"] = { + res["#{path} [#{section}] #{setting}"] = { 'ensure' => 'present', 'section' => section, 'setting' => setting, diff --git a/inifile/lib/puppet/provider/ini_subsetting/ruby.rb b/inifile/lib/puppet/provider/ini_subsetting/ruby.rb index 764124dda..dbe9961c5 100644 --- a/inifile/lib/puppet/provider/ini_subsetting/ruby.rb +++ b/inifile/lib/puppet/provider/ini_subsetting/ruby.rb @@ -4,11 +4,11 @@ Puppet::Type.type(:ini_subsetting).provide(:ruby) do def exists? - setting_value.get_subsetting_value(subsetting) + setting_value.get_subsetting_value(subsetting, resource[:use_exact_match]) end def create - setting_value.add_subsetting(subsetting, resource[:value]) + setting_value.add_subsetting(subsetting, resource[:value], resource[:use_exact_match]) ini_file.set_value(section, setting, setting_value.get_value) ini_file.save @ini_file = nil @@ -16,7 +16,7 @@ def create end def destroy - setting_value.remove_subsetting(subsetting) + setting_value.remove_subsetting(subsetting, resource[:use_exact_match]) ini_file.set_value(section, setting, setting_value.get_value) ini_file.save @ini_file = nil @@ -28,7 +28,7 @@ def value end def value=(value) - setting_value.add_subsetting(subsetting, resource[:value]) + setting_value.add_subsetting(subsetting, resource[:value], resource[:use_exact_match]) ini_file.set_value(section, setting, setting_value.get_value) ini_file.save end diff --git a/inifile/lib/puppet/type/ini_setting.rb b/inifile/lib/puppet/type/ini_setting.rb index 15ae2418c..0ec223ced 100644 --- a/inifile/lib/puppet/type/ini_setting.rb +++ b/inifile/lib/puppet/type/ini_setting.rb @@ -17,6 +17,12 @@ newparam(:setting) do desc 'The name of the setting to be defined.' + munge do |value| + if value =~ /(^\s|\s$)/ + Puppet.warn("Settings should not have spaces in the value, we are going to strip the whitespace") + end + value.lstrip.rstrip + end end newparam(:path) do diff --git a/inifile/lib/puppet/type/ini_subsetting.rb b/inifile/lib/puppet/type/ini_subsetting.rb index c1d6f08ba..88a7c60c6 100644 --- a/inifile/lib/puppet/type/ini_subsetting.rb +++ b/inifile/lib/puppet/type/ini_subsetting.rb @@ -56,6 +56,12 @@ end end + newparam(:use_exact_match) do + desc 'Set to true if your subsettings don\'t have values and you want to use exact matches to determine if the subsetting exists. See MODULES-2212' + newvalues(:true, :false) + defaultto(:false) + end + newproperty(:value) do desc 'The value of the subsetting to be defined.' end diff --git a/inifile/lib/puppet/util/ini_file.rb b/inifile/lib/puppet/util/ini_file.rb index 857b12dc4..63057805c 100644 --- a/inifile/lib/puppet/util/ini_file.rb +++ b/inifile/lib/puppet/util/ini_file.rb @@ -7,7 +7,7 @@ class IniFile def initialize(path, key_val_separator = ' = ', section_prefix = '[', section_suffix = ']') - k_v_s = key_val_separator.strip + k_v_s = key_val_separator =~ /^\s+$/ ? ' ' : key_val_separator.strip @section_prefix = section_prefix @section_suffix = section_suffix diff --git a/inifile/lib/puppet/util/setting_value.rb b/inifile/lib/puppet/util/setting_value.rb index d44330a9a..5ccd3ca0d 100644 --- a/inifile/lib/puppet/util/setting_value.rb +++ b/inifile/lib/puppet/util/setting_value.rb @@ -1,95 +1,103 @@ module Puppet -module Util + module Util - class SettingValue + class SettingValue - def initialize(setting_value, subsetting_separator = ' ', default_quote_char = nil) - @setting_value = setting_value - @subsetting_separator = subsetting_separator + def initialize(setting_value, subsetting_separator = ' ', default_quote_char = nil) + @setting_value = setting_value + @subsetting_separator = subsetting_separator - default_quote_char ||= '' + default_quote_char ||= '' - if @setting_value - unquoted, @quote_char = unquote_setting_value(setting_value) - @subsetting_items = unquoted.scan(Regexp.new("(?:(?:[^\\#{@subsetting_separator}]|\\.)+)")) # an item can contain escaped separator - @subsetting_items.map! { |item| item.strip } - @quote_char = default_quote_char if @quote_char.empty? - else - @subsetting_items = [] - @quote_char = default_quote_char - end - end + if @setting_value + unquoted, @quote_char = unquote_setting_value(setting_value) + @subsetting_items = unquoted.scan(Regexp.new("(?:(?:[^\\#{@subsetting_separator}]|\\.)+)")) # an item can contain escaped separator + @subsetting_items.map! { |item| item.strip } + @quote_char = default_quote_char if @quote_char.empty? + else + @subsetting_items = [] + @quote_char = default_quote_char + end + end + + def unquote_setting_value(setting_value) + quote_char = "" + if (setting_value.start_with?('"') and setting_value.end_with?('"')) + quote_char = '"' + elsif (setting_value.start_with?("'") and setting_value.end_with?("'")) + quote_char = "'" + end + + unquoted = setting_value - def unquote_setting_value(setting_value) - quote_char = "" - if (setting_value.start_with?('"') and setting_value.end_with?('"')) - quote_char = '"' - elsif (setting_value.start_with?("'") and setting_value.end_with?("'")) - quote_char = "'" + if (quote_char != "") + unquoted = setting_value[1, setting_value.length - 2] + end + + [unquoted, quote_char] end - unquoted = setting_value + def get_value + + result = "" + first = true + + @subsetting_items.each { |item| + result << @subsetting_separator unless first + result << item + first = false + } - if (quote_char != "") - unquoted = setting_value[1, setting_value.length - 2] + @quote_char + result + @quote_char end - [unquoted, quote_char] - end + def get_subsetting_value(subsetting, use_exact_match=:false) - def get_value - - result = "" - first = true - - @subsetting_items.each { |item| - result << @subsetting_separator unless first - result << item - first = false - } - - @quote_char + result + @quote_char - end + value = nil + + @subsetting_items.each { |item| + if(use_exact_match == :false and item.start_with?(subsetting)) + value = item[subsetting.length, item.length - subsetting.length] + break + elsif(use_exact_match == :true and item.eql?(subsetting)) + return true + end + } - def get_subsetting_value(subsetting) - - value = nil - - @subsetting_items.each { |item| - if(item.start_with?(subsetting)) - value = item[subsetting.length, item.length - subsetting.length] - break + value + end + + def add_subsetting(subsetting, subsetting_value, use_exact_match=:false) + + new_item = subsetting + (subsetting_value || '') + found = false + + @subsetting_items.map! { |item| + if use_exact_match == :false and item.start_with?(subsetting) + value = new_item + found = true + elsif use_exact_match == :true and item.eql?(subsetting) + value = new_item + found = true + else + value = item + end + + value + } + + unless found + @subsetting_items.push(new_item) end - } - - value - end - - def add_subsetting(subsetting, subsetting_value) - - new_item = subsetting + (subsetting_value || '') - found = false - - @subsetting_items.map! { |item| - if item.start_with?(subsetting) - value = new_item - found = true + end + + def remove_subsetting(subsetting, use_exact_match=:false) + if use_exact_match == :false + @subsetting_items = @subsetting_items.map { |item| item.start_with?(subsetting) ? nil : item }.compact else - value = item + @subsetting_items = @subsetting_items.map { |item| item.eql?(subsetting) ? nil : item }.compact end - - value - } - - unless found - @subsetting_items.push(new_item) end end - - def remove_subsetting(subsetting) - @subsetting_items = @subsetting_items.map { |item| item.start_with?(subsetting) ? nil : item }.compact - end - end end -end diff --git a/inifile/metadata.json b/inifile/metadata.json index b4bff409c..4f121fff0 100644 --- a/inifile/metadata.json +++ b/inifile/metadata.json @@ -1,6 +1,6 @@ { "name": "puppetlabs-inifile", - "version": "1.3.0", + "version": "1.4.2", "author": "Puppet Labs", "summary": "Resource types for managing settings in INI files", "license": "Apache-2.0", @@ -70,7 +70,8 @@ "operatingsystem": "Solaris", "operatingsystemrelease": [ "10", - "11" + "11", + "12" ] }, { @@ -94,11 +95,11 @@ "requirements": [ { "name": "pe", - "version_requirement": "3.x" + "version_requirement": ">= 3.0.0 < 2015.3.0" }, { "name": "puppet", - "version_requirement": "3.x" + "version_requirement": ">= 3.0.0 < 5.0.0" } ] } diff --git a/inifile/spec/acceptance/ini_setting_spec.rb b/inifile/spec/acceptance/ini_setting_spec.rb index 1a829db89..669679c50 100644 --- a/inifile/spec/acceptance/ini_setting_spec.rb +++ b/inifile/spec/acceptance/ini_setting_spec.rb @@ -262,6 +262,8 @@ "" => /two = three/, "key_val_separator => '='," => /two=three/, "key_val_separator => ' = '," => /two = three/, + "key_val_separator => ' '," => /two three/, + "key_val_separator => ' '," => /two three/, }.each do |parameter, content| context "with \"#{parameter}\" makes \"#{content}\"" do pp = <<-EOS diff --git a/inifile/spec/classes/create_ini_settings_test_spec.rb b/inifile/spec/classes/create_ini_settings_test_spec.rb index 4e6683aa0..c81f93fa0 100644 --- a/inifile/spec/classes/create_ini_settings_test_spec.rb +++ b/inifile/spec/classes/create_ini_settings_test_spec.rb @@ -2,21 +2,21 @@ # end-to-end test of the create_init_settings function describe 'create_ini_settings_test' do it { should have_ini_setting_resource_count(3) } - it { should contain_ini_setting('[section1] setting1').with( + it { should contain_ini_setting('/tmp/foo.ini [section1] setting1').with( :ensure => 'present', :section => 'section1', :setting => 'setting1', :value => 'val1', :path => '/tmp/foo.ini' )} - it { should contain_ini_setting('[section2] setting2').with( + it { should contain_ini_setting('/tmp/foo.ini [section2] setting2').with( :ensure => 'present', :section => 'section2', :setting => 'setting2', :value => 'val2', :path => '/tmp/foo.ini' )} - it { should contain_ini_setting('[section2] setting3').with( + it { should contain_ini_setting('/tmp/foo.ini [section2] setting3').with( :ensure => 'absent', :section => 'section2', :setting => 'setting3', diff --git a/inifile/spec/functions/create_ini_settings_spec.rb b/inifile/spec/functions/create_ini_settings_spec.rb index e40fb09aa..4fe817fa0 100644 --- a/inifile/spec/functions/create_ini_settings_spec.rb +++ b/inifile/spec/functions/create_ini_settings_spec.rb @@ -10,14 +10,15 @@ end describe 'argument handling' do - it { should run.with_params.and_raise_error(Puppet::ParseError, /0 for 1 or 2/) } - it { should run.with_params(1,2,3).and_raise_error(Puppet::ParseError, /3 for 1 or 2/) } - it { should run.with_params('foo').and_raise_error(Puppet::ParseError, /Requires all arguments/) } - it { should run.with_params({},'foo').and_raise_error(Puppet::ParseError, /Requires all arguments/) } + it { is_expected.to run.with_params.and_raise_error(Puppet::ParseError, /0 for 1 or 2/) } + it { is_expected.to run.with_params(1,2,3).and_raise_error(Puppet::ParseError, /3 for 1 or 2/) } + it { is_expected.to run.with_params('foo').and_raise_error(Puppet::ParseError, /Requires all arguments/) } + it { is_expected.to run.with_params({},'foo').and_raise_error(Puppet::ParseError, /Requires all arguments/) } - it { should run.with_params({}) } - it { should run.with_params({},{}) } + it { is_expected.to run.with_params({}) } + it { is_expected.to run.with_params({},{}) } - it { should run.with_params({ 1 => 2 }).and_raise_error(Puppet::ParseError, /Section 1 must contain a Hash/) } + it { is_expected.to run.with_params({ 'section' => { 'setting' => 'value' }}).and_raise_error(Puppet::ParseError, /must pass the path parameter/) } + it { is_expected.to run.with_params({ 1 => 2 }).and_raise_error(Puppet::ParseError, /Section 1 must contain a Hash/) } end end diff --git a/inifile/spec/unit/puppet/provider/ini_setting/ruby_spec.rb b/inifile/spec/unit/puppet/provider/ini_setting/ruby_spec.rb index c3f5ccfb6..3b6c5030e 100644 --- a/inifile/spec/unit/puppet/provider/ini_setting/ruby_spec.rb +++ b/inifile/spec/unit/puppet/provider/ini_setting/ruby_spec.rb @@ -783,6 +783,49 @@ def self.file_path end + context "when overriding the separator to a space" do + let(:orig_content) { + <<-EOS +[section2] +foo bar + EOS + } + + it "should modify an existing setting" do + resource = Puppet::Type::Ini_setting.new(common_params.merge( + :section => 'section2', + :setting => 'foo', + :value => 'yippee', + :key_val_separator => ' ')) + provider = described_class.new(resource) + provider.exists?.should be true + provider.value.should == 'bar' + provider.value=('yippee') + validate_file(<<-EOS +[section2] +foo yippee + EOS + ) + end + + it "should add a new setting" do + resource = Puppet::Type::Ini_setting.new(common_params.merge( + :section => 'section2', + :setting => 'bar', + :value => 'baz', + :key_val_separator => ' ')) + provider = described_class.new(resource) + provider.exists?.should be false + provider.create + validate_file(<<-EOS +[section2] +foo bar +bar baz + EOS + ) + end + end + context "when ensuring that a setting is absent" do let(:orig_content) { <<-EOS diff --git a/inifile/spec/unit/puppet/provider/ini_subsetting/ruby_spec.rb b/inifile/spec/unit/puppet/provider/ini_subsetting/ruby_spec.rb index ebe55c09c..ca9b07a46 100644 --- a/inifile/spec/unit/puppet/provider/ini_subsetting/ruby_spec.rb +++ b/inifile/spec/unit/puppet/provider/ini_subsetting/ruby_spec.rb @@ -132,4 +132,50 @@ def validate_file(expected_content,tmpfile = tmpfile) end end + + context "when working with subsettings in files with use_exact_match" do + let(:common_params) { { + :title => 'ini_setting_ensure_present_test', + :path => tmpfile, + :section => 'master', + :setting => 'reports', + :use_exact_match => true, + } } + + let(:orig_content) { + <<-EOS +[master] + +reports = http,foo + EOS + } + + it "should add a new subsetting when the 'parent' setting already exists" do + resource = Puppet::Type::Ini_subsetting.new(common_params.merge( + :subsetting => 'fo', :subsetting_separator => ',')) + provider = described_class.new(resource) + provider.value=('') + validate_file(<<-eos +[master] + +reports = http,foo,fo + eos + ) + end + + it "should not remove substring subsettings" do + resource = Puppet::Type::Ini_subsetting.new(common_params.merge( + :subsetting => 'fo', :subsetting_separator => ',')) + provider = described_class.new(resource) + provider.value=('') + provider.destroy + validate_file(<<-EOS +[master] + +reports = http,foo + EOS + ) + end + end + end diff --git a/ironic/.fixtures.yml b/ironic/.fixtures.yml index 718df5723..a39ce4d3c 100644 --- a/ironic/.fixtures.yml +++ b/ironic/.fixtures.yml @@ -4,10 +4,11 @@ fixtures: 'concat': 'repo': 'git://github.com/puppetlabs/puppetlabs-concat.git' 'ref': '1.2.1' - 'keystone': 'git://github.com/stackforge/puppet-keystone.git' + 'keystone': 'git://github.com/openstack/puppet-keystone.git' 'mysql': 'git://github.com/puppetlabs/puppetlabs-mysql.git' - 'openstacklib': 'git://github.com/stackforge/puppet-openstacklib.git' + 'openstacklib': 'git://github.com/openstack/puppet-openstacklib.git' 'postgresql': 'git://github.com/puppetlabs/puppet-postgresql.git' 'stdlib': 'git://github.com/puppetlabs/puppetlabs-stdlib.git' + 'vcsrepo': 'git://github.com/puppetlabs/puppetlabs-vcsrepo.git' symlinks: 'ironic': "#{source_dir}" diff --git a/ironic/.gitignore b/ironic/.gitignore index 923be4922..4dd84f06e 100644 --- a/ironic/.gitignore +++ b/ironic/.gitignore @@ -1,5 +1,10 @@ -*.swp -spec/fixtures/modules/* -spec/fixtures/manifests/site.pp +pkg/ Gemfile.lock -.vendor +vendor/ +spec/fixtures/ +.vagrant/ +.bundle/ +coverage/ +.idea/ +*.swp +*.iml diff --git a/ironic/Gemfile b/ironic/Gemfile index e284b8b5f..6d4ce9a07 100644 --- a/ironic/Gemfile +++ b/ironic/Gemfile @@ -1,24 +1,30 @@ -source 'https://rubygems.org' +source ENV['GEM_SOURCE'] || "https://rubygems.org" group :development, :test do - gem 'puppetlabs_spec_helper', :require => false - gem 'rspec-puppet', '~> 2.1.0', :require => false - - gem 'metadata-json-lint' - gem 'puppet-lint-absolute_classname-check' - gem 'puppet-lint-absolute_template_path' - gem 'puppet-lint-trailing_newline-check' + gem 'puppetlabs_spec_helper', :require => 'false' + gem 'rspec-puppet', '~> 2.2.0', :require => 'false' + gem 'metadata-json-lint', :require => 'false' + gem 'puppet-lint-param-docs', :require => 'false' + gem 'puppet-lint-absolute_classname-check', :require => 'false' + gem 'puppet-lint-absolute_template_path', :require => 'false' + gem 'puppet-lint-trailing_newline-check', :require => 'false' + gem 'puppet-lint-unquoted_string-check', :require => 'false' + gem 'puppet-lint-leading_zero-check', :require => 'false' + gem 'puppet-lint-variable_contains_upcase', :require => 'false' + gem 'puppet-lint-numericvariable', :require => 'false' + gem 'json', :require => 'false' + gem 'webmock', :require => 'false' +end - # Puppet 4.x related lint checks - gem 'puppet-lint-unquoted_string-check' - gem 'puppet-lint-leading_zero-check' - gem 'puppet-lint-variable_contains_upcase' - gem 'puppet-lint-numericvariable' +group :system_tests do + gem 'beaker-rspec', :require => 'false' + gem 'beaker-puppet_install_helper', :require => 'false' +end - gem 'beaker-rspec', :require => false - gem 'beaker-puppet_install_helper', :require => false - gem 'json' - gem 'webmock' +if facterversion = ENV['FACTER_GEM_VERSION'] + gem 'facter', facterversion, :require => false +else + gem 'facter', :require => false end if puppetversion = ENV['PUPPET_GEM_VERSION'] diff --git a/ironic/README.md b/ironic/README.md index 15198183d..6f4ecb5e7 100644 --- a/ironic/README.md +++ b/ironic/README.md @@ -26,7 +26,57 @@ Setup **What the ironic module affects:** -* ironic, the baremetal service for Openstack. +* [Ironic](https://wiki.openstack.org/wiki/Ironic), the baremetal service for Openstack. + +### Installing Ironic + + puppet module install openstack/ironic + +### Beginning with ironic + +To utilize the ironic module's functionality you will need to declare multiple resources. +The following is a modified excerpt from the [openstack module](httpd://github.com/stackforge/puppet-openstack). +This is not an exhaustive list of all the components needed. We recommend that you consult and understand the +[openstack module](https://github.com/stackforge/puppet-openstack) and the [core openstack](http://docs.openstack.org) +documentation to assist you in understanding the available deployment options. + +```puppet +# enable Ironic resources +class { '::ironic': + rabbit_userid => 'ironic', + rabbit_password => 'an_even_bigger_secret', + rabbit_host => '127.0.0.1', + database_connection => 'mysql://ironic:a_big_secret@127.0.0.1/ironic?charset=utf8', +} + +class { '::ironic::db::mysql': + password => 'a_big_secret', +} + +class { '::ironic::keystone::auth': + password => 'a_big_secret', +} + +class { '::ironic::client': } + +class { '::ironic::conductor': } + +class { '::ironic::api': + admin_password => 'a_big_secret', +} + +class { '::ironic::drivers::ipmi': } + +# alternatively, you can deploy Ironic with Bifrost. It's a collection of Ansible playbooks to configure +# and install Ironic in a stand-alone fashion (for more information visit http://git.openstack.org/openstack/bifrost) +class { 'ironic::bifrost': + ironic_db_password => 'a_big_secret', + mysql_password => 'yet_another_big_secret', + baremetal_json_hosts => hiera('your_hiera_var_containing_bm_json_hosts'), +} +``` + +Examples of usage also can be found in the *examples* directory. Implementation -------------- @@ -35,6 +85,36 @@ Implementation puppet-ironic is a combination of Puppet manifest and ruby code to delivery configuration and extra functionality through types and providers. +### Types + +#### ironic_config + +The `ironic_config` provider is a children of the ini_setting provider. It allows one to write an entry in the `/etc/ironic/ironic.conf` file. + +```puppet +ironic_config { 'DEFAULT/verbose' : + value => true, +} +``` + +This will write `verbose=true` in the `[DEFAULT]` section. + +##### name + +Section/setting name to manage from `ironic.conf` + +##### value + +The value of the setting to be defined. + +##### secret + +Whether to hide the value from Puppet logs. Defaults to `false`. + +##### ensure_absent_val + +If value is equal to ensure_absent_val then the resource will behave as if `ensure => absent` was specified. Defaults to `` + Limitations ----------- diff --git a/ironic/Rakefile b/ironic/Rakefile index 84c9a7046..bc08f437c 100644 --- a/ironic/Rakefile +++ b/ironic/Rakefile @@ -1,9 +1,21 @@ require 'puppetlabs_spec_helper/rake_tasks' require 'puppet-lint/tasks/puppet-lint' +require 'puppet-syntax/tasks/puppet-syntax' -PuppetLint.configuration.fail_on_warnings = true -PuppetLint.configuration.send('disable_80chars') -PuppetLint.configuration.send('disable_class_parameter_defaults') +PuppetSyntax.exclude_paths ||= [] +PuppetSyntax.exclude_paths << "spec/fixtures/**/*" +PuppetSyntax.exclude_paths << "pkg/**/*" +PuppetSyntax.exclude_paths << "vendor/**/*" -task(:default).clear -task :default => [:spec, :lint] +Rake::Task[:lint].clear +PuppetLint::RakeTask.new :lint do |config| + config.ignore_paths = ["spec/**/*.pp", "vendor/**/*.pp"] + config.fail_on_warnings = true + config.log_format = '%{path}:%{linenumber}:%{KIND}: %{message}' + config.disable_checks = ["80chars", "class_inherits_from_params_class", "class_parameter_defaults", "only_variable_string"] +end + +desc "Run acceptance tests" +RSpec::Core::RakeTask.new(:acceptance) do |t| + t.pattern = 'spec/acceptance' +end diff --git a/ironic/examples/ironic.pp b/ironic/examples/ironic.pp index 71d5c2689..1ced6e6e2 100644 --- a/ironic/examples/ironic.pp +++ b/ironic/examples/ironic.pp @@ -30,6 +30,33 @@ $glance_api_servers = 'glance:9292' $deploy_kernel = 'glance://deploy_kernel_uuid' $deploy_ramdisk = 'glance://deploy_ramdisk_uuid' +$baremetal_json_hosts = ' + "ironic-bm-test.bifrost.example": { + "ansible_ssh_host": "1.1.1.1", + "uuid": "11111111-1111-1111-1111-111111111111", + "driver_info": { + "power": { + "ipmi_address": "10.0.0.1", + "ipmi_username": "admin", + "ipmi_password": "pass" + }, + }, + "nics": [ + { + "mac": "ff:ff:ff:ff:ff:ff" + } + ], + "driver": "agent_ipmitool", + "ipv4_address": "1.1.1.1", + "properties": { + "cpu_arch": "x86_64", + "ram": null, + "disk_size": null, + "cpus": null + }, + "name": "ironic-bm-test.bifrost.example" + } +' node 'db' { @@ -79,3 +106,14 @@ } } + +node bifrost-controller { + + class { '::ironic::bifrost': + network_interface => 'eth1', + ironic_db_password => 'changeme', + mysql_password => 'changemetoo', + baremetal_json_hosts => $baremetal_json_hosts, + } + +} diff --git a/ironic/lib/puppet/provider/ironic_config/ini_setting.rb b/ironic/lib/puppet/provider/ironic_config/ini_setting.rb index 28b819d14..8f6272a18 100644 --- a/ironic/lib/puppet/provider/ironic_config/ini_setting.rb +++ b/ironic/lib/puppet/provider/ironic_config/ini_setting.rb @@ -1,27 +1,10 @@ Puppet::Type.type(:ironic_config).provide( :ini_setting, - :parent => Puppet::Type.type(:ini_setting).provider(:ruby) + :parent => Puppet::Type.type(:openstack_config).provider(:ini_setting) ) do - def section - resource[:name].split('/', 2).first - end - - def setting - resource[:name].split('/', 2).last - end - - def separator - '=' - end - def self.file_path '/etc/ironic/ironic.conf' end - # added for backwards compatibility with older versions of inifile - def file_path - self.class.file_path - end - end diff --git a/ironic/lib/puppet/type/ironic_config.rb b/ironic/lib/puppet/type/ironic_config.rb index c5ea8eb05..2a454ab45 100644 --- a/ironic/lib/puppet/type/ironic_config.rb +++ b/ironic/lib/puppet/type/ironic_config.rb @@ -3,7 +3,7 @@ ensurable newparam(:name, :namevar => true) do - desc 'Section/setting name to manage from /etc/ironic/ironic.conf' + desc 'Section/setting name to manage from ironic.conf' newvalues(/\S+\/\S+/) end @@ -14,6 +14,7 @@ value.capitalize! if value =~ /^(true|false)$/i value end + newvalues(/^[\S ]*$/) def is_to_s( currentvalue ) if resource.secret? @@ -39,4 +40,14 @@ def should_to_s( newvalue ) defaultto false end + + newparam(:ensure_absent_val) do + desc 'A value that is specified as the value property will behave as if ensure => absent was specified' + defaultto('') + end + + autorequire(:package) do + 'ironic-common' + end + end diff --git a/ironic/manifests/api.pp b/ironic/manifests/api.pp index 0107eef4f..ccf1cfe80 100644 --- a/ironic/manifests/api.pp +++ b/ironic/manifests/api.pp @@ -35,7 +35,7 @@ # [*port*] # (optional) The port for the Ironic API server. # Should be an valid port -# Defaults to '0.0.0.0'. +# Defaults to '6385'. # # [*max_limit*] # (optional) The maximum number of items returned in a single response @@ -119,11 +119,10 @@ if $::ironic::params::api_package { Package['ironic-api'] -> Class['ironic::policy'] Package['ironic-api'] -> Service['ironic-api'] - Package['ironic-api'] -> Ironic_config<||> package { 'ironic-api': ensure => $package_ensure, name => $::ironic::params::api_package, - tag => 'openstack', + tag => ['openstack', 'ironic-package'], } } @@ -139,6 +138,7 @@ name => $::ironic::params::api_service, enable => $enabled, hasstatus => true, + tag => 'ironic-service', } if $neutron_url { diff --git a/ironic/manifests/bifrost.pp b/ironic/manifests/bifrost.pp new file mode 100644 index 000000000..bda15ebee --- /dev/null +++ b/ironic/manifests/bifrost.pp @@ -0,0 +1,216 @@ +# Copyright 2015 Hewlett-Packard Development Company, L.P. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +# == Class: ironic::bifrost +# +# Installs and configures Bifrost +# Bifrost is a set of Ansible playbooks that automates the task of deploying a +# base image onto a set of known hardware using Ironic. It provides modular +# utility for one-off operating system deployment with as few operational requirements +# as reasonably possible. +# Bifrost also allows to install Ironic in a stand-alone fashion. In this kind of setup, +# neither Keystone nor Neutron is installed, and dnsmasq is used to provide PXE booting. +# +# [*ironic_db_password*] +# (required) The Ironic DB password +# +# [*mysql_password*] +# (required) The mysql server password +# +# [*baremetal_json_hosts*] +# (required) Baremetal hosts in JSON format, will be included in baremetal.json +# +# [*git_source_repo*] +# (optional) Git repository location for pulling Bifrost +# Defaults to 'https://git.openstack.org/openstack/bifrost' +# +# [*revision*] +# (optional) The branch or commit to checkout on Bifrost repository +# Defaults to 'master' +# +# [*ensure*] +# (optional) Ensure value for cloning the Bifrost repository. +# This is a pass-thru variable for vcsrepo, acceptable values are +# present/bare/absent/latest +# Typically, you may want to set this value to either present or absent and use +# revision for setting the branch or commit to clone. +# Defaults to 'present' +# +# [*revision*] +# (optional) The branch or commit to checkout on Bifrost repository +# Defaults to 'master' +# +# [*git_dest_repo_folder*] +# (optional) Folder to clone the Bifrost git repository +# Defaults to '/opt/stack/bifrost' +# +# [*bifrost_config_folder*] +# (optional) Folder to keep the configuration files, namely the global vars file +# and baremetal.json +# Defaults to '/etc/bifrost' +# Note that due to how Ansible handles the directory layout of playbooks and roles, +# you will need to pass '-e "@/etc/bifrost/bifrost_global_vars' switch to 'ansible-playbook' +# to load the variables at execution time. +# For more information, check http://docs.ansible.com/ansible/playbooks_variables.html +# +# [*ironic_url*] +# (optional) The URL of the Ironic server +# Defaults to '"http://localhost:6385"' +# +# [*network_interface*] +# (optional) The network interface DHCP will serve requests on +# Defaults to '"virbr0"' +# +# [*testing*] +# (optional) If true, Ironic will provision libvirt and VMs instead of baremetal +# Defaults to 'false' +# +# [*testing_user*] +# (optional) VM default user in case testing is enabled +# Defaults to 'ubuntu' +# +# [*http_boot_folder*] +# (optional) gPXE folder location for HTTP PXE boot +# Defaults to '/httpboot' +# +# [*nginx_port*] +# (optional) NGINX HTTP port +# Defaults to 8080 + +# [*ssh_public_key_path*] +# (optional) SSH public key location, this will be injected in provisioned servers +# Defaults to '"{{ ansible_env.HOME }}/.ssh/id_rsa.pub"' +# +# [*deploy_kernel*] +# (optional) Kernel to PXE boot from +# Defaults to '"{{http_boot_folder}}/coreos_production_pxe.vmlinuz"' +# +# [*deploy_ramdisk*] +# (optional) Ramdisk to load after kernel boot +# Defaults to '"{{http_boot_folder}}/coreos_production_pxe_image-oem.cpio.gz"' +# +# [*deploy_kernel_url*] +# (optional) Kernel URL +# Defaults to '"http://{{ hostvars[inventory_hostname][\'ansible_\' + network_interface][\'ipv4\'][\'address\'] }}:{{nginx_port}}/coreos_production_pxe.vmlinuz"' +# +# [*deploy_ramdisk_url*] +# (optional) Ramdisk URL +# Defaults to '"http://{{ hostvars[inventory_hostname][\'ansible_\' + network_interface][\'ipv4\'][\'address\'] }}:{{nginx_port}}/coreos_production_pxe_image-oem.cpio.gz"' +# +# [*deploy_image_filename*] +# (optional) Deploy image filename +# Defaults to '"deployment_image.qcow2"' +# +# [*deploy_image*] +# (optional) URL for the deployment image +# Defaults to '"{{http_boot_folder}}/{{deploy_image_filename}}"' +# +# [*create_image_via_dib*] +# (optional) Flag to enable/disable image creation with diskimage-builder +# Defaults to 'true' +# +# [*transform_boot_image*] +# (optional) Flag to prepend a partition image with boot sector and partition table +# Defaults to 'false' +# +# [*node_default_network_interface*] +# (optional) Default network interface to configure with configdrive settings +# Defaults to 'eth0' +# +# [*ipv4_subnet_mask*] +# (optional) Subnet mask for configured NIC +# Defaults to '255.255.255.0' +# +# [*ipv4_gateway*] +# (optional) Gateway for configured NIC +# Defaults to '192.168.1.1' +# +# [*ipv4_nameserver*] +# (optional) Nameserver for DNS configuration +# Defaults to '8.8.8.8' +# +# [*network_mtu*] +# (optional) MTU for configured NIC +# Defaults to '1500' +# +# [*dhcp_pool_start*] +# (optional) Dnsmasq DHCP pool start +# Defaults to '192.168.1.200' +# +# [*dhcp_pool_end*] +# (optional) Dnsmasq DHCP pool end +# Defaults to '192.168.1.250' +# +# [*ipmi_bridging*] +# (optional) Flag to enable/disable IPMI bridging +# Defaults to 'no' + +class ironic::bifrost ( + $ironic_db_password, + $mysql_password, + $baremetal_json_hosts, + $git_source_repo = 'https://git.openstack.org/openstack/bifrost', + $ensure = present, + $revision = 'master', + $git_dest_repo_folder = '/opt/stack/bifrost', + $bifrost_config_folder = '/etc/bifrost', + $ironic_url = '"http://localhost:6385/"', + $network_interface = '"virbr0"', + $testing = false, + $testing_user = 'ubuntu', + $http_boot_folder = '/httpboot', + $nginx_port = 8080, + $ssh_public_key_path = '"{{ ansible_env.HOME }}/.ssh/id_rsa.pub"', + $deploy_kernel = '"{{http_boot_folder}}/coreos_production_pxe.vmlinuz"', + $deploy_ramdisk = '"{{http_boot_folder}}/coreos_production_pxe_image-oem.cpio.gz"', + $deploy_kernel_url = '"http://{{ hostvars[inventory_hostname][\'ansible_\' + network_interface][\'ipv4\'][\'address\'] }}:{{nginx_port}}/coreos_production_pxe.vmlinuz"', + $deploy_ramdisk_url = '"http://{{ hostvars[inventory_hostname][\'ansible_\' + network_interface][\'ipv4\'][\'address\'] }}:{{nginx_port}}/coreos_production_pxe_image-oem.cpio.gz"', + $deploy_image_filename = '"deployment_image.qcow2"', + $deploy_image = '"{{http_boot_folder}}/{{deploy_image_filename}}"', + $create_image_via_dib = true, + $transform_boot_image = false, + $node_default_network_interface = 'eth0', + $ipv4_subnet_mask = '255.255.255.0', + $ipv4_gateway = '192.168.1.1', + $ipv4_nameserver = '8.8.8.8', + $network_mtu = '1500', + $dhcp_pool_start = '192.168.1.200', + $dhcp_pool_end = '192.168.1.250', + $ipmi_bridging = 'no', +) { + + vcsrepo { $git_dest_repo_folder: + ensure => $ensure, + provider => git, + revision => $revision, + source => $git_source_repo, + } + + file { $bifrost_config_folder: + ensure => directory + } + + file { "${bifrost_config_folder}/bifrost_global_vars": + ensure => present, + content => template('ironic/bifrost_global_vars.erb'), + require => File[$bifrost_config_folder], + } + + file { "${bifrost_config_folder}/baremetal.json": + ensure => present, + content => template('ironic/baremetal.json.erb'), + require => File[$bifrost_config_folder], + } +} + diff --git a/ironic/manifests/conductor.pp b/ironic/manifests/conductor.pp index c52c480e3..313446403 100644 --- a/ironic/manifests/conductor.pp +++ b/ironic/manifests/conductor.pp @@ -58,11 +58,10 @@ # Install package if $::ironic::params::conductor_package { Package['ironic-conductor'] -> Service['ironic-conductor'] - Package['ironic-conductor'] -> Ironic_config<||> package { 'ironic-conductor': ensure => $package_ensure, name => $::ironic::params::conductor_package, - tag => 'openstack', + tag => ['openstack', 'ironic-package'], } } @@ -78,6 +77,7 @@ name => $::ironic::params::conductor_service, enable => $enabled, hasstatus => true, + tag => 'ironic-service', } } diff --git a/ironic/manifests/db/mysql.pp b/ironic/manifests/db/mysql.pp index bb930b2a4..e9ffa7b30 100644 --- a/ironic/manifests/db/mysql.pp +++ b/ironic/manifests/db/mysql.pp @@ -72,4 +72,6 @@ allowed_hosts => $allowed_hosts, } + ::Openstacklib::Db::Mysql['ironic'] ~> Exec<| title == 'ironic-dbsync' |> + } diff --git a/ironic/manifests/db/sync.pp b/ironic/manifests/db/sync.pp new file mode 100644 index 000000000..dad9515b7 --- /dev/null +++ b/ironic/manifests/db/sync.pp @@ -0,0 +1,26 @@ +# +# Class to execute ironic dbsync +# +class ironic::db::sync { + + include ::ironic::params + + Package<| tag == 'ironic-package' |> ~> Exec['ironic-dbsync'] + Exec['ironic-dbsync'] ~> Service <| tag == 'ironic-service' |> + + Ironic_config<||> -> Exec['ironic-dbsync'] + Ironic_config<| title == 'database/connection' |> ~> Exec['ironic-dbsync'] + + exec { 'ironic-dbsync': + command => $::ironic::params::dbsync_command, + path => '/usr/bin', + # Ubuntu packaging is running dbsync command as root during ironic-common + # postinstall script so when Puppet tries to run dbsync again, it fails + # because it is run with ironic user. + # This is a temporary patch until it's changed in Packaging + # https://bugs.launchpad.net/cloud-archive/+bug/1450942 + user => 'root', + refreshonly => true, + logoutput => on_failure, + } +} diff --git a/ironic/manifests/init.pp b/ironic/manifests/init.pp index 33b71cf98..e7a4daeb8 100644 --- a/ironic/manifests/init.pp +++ b/ironic/manifests/init.pp @@ -175,7 +175,10 @@ # (optional) Allow to perform insecure SSL (https) requests to glance. # Defaults to false # - +# [*sync_db*] +# Enable dbsync +# Defaults to true +# class ironic ( $enabled = true, $package_ensure = 'present', @@ -222,6 +225,7 @@ $glance_api_servers = undef, $glance_num_retries = '0', $glance_api_insecure = false, + $sync_db = true, # DEPRECATED PARAMETERS $rabbit_user = undef, ) { @@ -235,8 +239,6 @@ $rabbit_user_real = $rabbit_userid } - Package['ironic-common'] -> Ironic_config<||> - file { '/etc/ironic': ensure => directory, require => Package['ironic-common'], @@ -251,7 +253,7 @@ package { 'ironic-common': ensure => $package_ensure, name => $::ironic::params::common_package_name, - tag => 'openstack', + tag => ['openstack', 'ironic-package'], notify => Exec['ironic-dbsync'], } @@ -307,19 +309,8 @@ 'glance/glance_api_insecure': value => $glance_api_insecure; } - Ironic_config['database/connection'] ~> Exec['ironic-dbsync'] - - exec { 'ironic-dbsync': - command => $::ironic::params::dbsync_command, - path => '/usr/bin', - # Ubuntu packaging is running dbsync command as root during ironic-common - # postinstall script so when Puppet tries to run dbsync again, it fails - # because it is run with ironic user. - # This is a temporary patch until it's changed in Packaging - # https://bugs.launchpad.net/cloud-archive/+bug/1450942 - user => 'root', - refreshonly => true, - logoutput => on_failure, + if $sync_db { + include ::ironic::db::sync } if $rpc_backend == 'ironic.openstack.common.rpc.impl_kombu' { diff --git a/ironic/metadata.json b/ironic/metadata.json index 61dc596dd..8e9291d17 100644 --- a/ironic/metadata.json +++ b/ironic/metadata.json @@ -34,6 +34,7 @@ { "name": "puppetlabs/inifile", "version_requirement": ">=1.0.0 <2.0.0" }, { "name": "openstack/keystone", "version_requirement": ">=6.0.0 <7.0.0" }, { "name": "puppetlabs/stdlib", "version_requirement": ">=4.0.0 <5.0.0" }, - { "name": "openstack/openstacklib", "version_requirement": ">=6.0.0 <7.0.0" } + { "name": "openstack/openstacklib", "version_requirement": ">=6.0.0 <7.0.0" }, + { "name": "puppetlabs/vcsrepo", "version_requirement": ">=1.3.0 <2.0.0"} ] } diff --git a/ironic/spec/acceptance/basic_ironic_spec.rb b/ironic/spec/acceptance/basic_ironic_spec.rb index 619cf34dd..4d4494964 100644 --- a/ironic/spec/acceptance/basic_ironic_spec.rb +++ b/ironic/spec/acceptance/basic_ironic_spec.rb @@ -32,6 +32,7 @@ class { '::openstack_extras::repo::redhat::redhat': }, } $package_provider = 'yum' + package { 'openstack-selinux': ensure => 'latest' } } default: { fail("Unsupported osfamily (${::osfamily})") @@ -94,6 +95,8 @@ class { '::ironic': rabbit_password => 'an_even_bigger_secret', rabbit_host => '127.0.0.1', database_connection => 'mysql://ironic:a_big_secret@127.0.0.1/ironic?charset=utf8', + debug => true, + verbose => true, } class { '::ironic::db::mysql': password => 'a_big_secret', diff --git a/ironic/spec/acceptance/nodesets/centos-70-x64.yml b/ironic/spec/acceptance/nodesets/centos-70-x64.yml new file mode 100644 index 000000000..5f097e9fe --- /dev/null +++ b/ironic/spec/acceptance/nodesets/centos-70-x64.yml @@ -0,0 +1,11 @@ +HOSTS: + centos-server-70-x64: + roles: + - master + platform: el-7-x86_64 + box: puppetlabs/centos-7.0-64-nocm + box_url: https://vagrantcloud.com/puppetlabs/centos-7.0-64-nocm + hypervisor: vagrant +CONFIG: + log_level: debug + type: foss diff --git a/ironic/spec/acceptance/nodesets/default.yml b/ironic/spec/acceptance/nodesets/default.yml index a2c1ecc63..486b6a34e 100644 --- a/ironic/spec/acceptance/nodesets/default.yml +++ b/ironic/spec/acceptance/nodesets/default.yml @@ -1,9 +1,10 @@ HOSTS: - ubuntu-14.04-amd64: + ubuntu-server-14.04-amd64: roles: - master platform: ubuntu-14.04-amd64 - hypervisor : none - ip: 127.0.0.1 + box: puppetlabs/ubuntu-14.04-64-nocm + box_url: https://vagrantcloud.com/puppetlabs/ubuntu-14.04-64-nocm + hypervisor: vagrant CONFIG: type: foss diff --git a/ironic/spec/acceptance/nodesets/nodepool-centos7.yml b/ironic/spec/acceptance/nodesets/nodepool-centos7.yml index 575ae6732..c55287420 100644 --- a/ironic/spec/acceptance/nodesets/nodepool-centos7.yml +++ b/ironic/spec/acceptance/nodesets/nodepool-centos7.yml @@ -3,7 +3,7 @@ HOSTS: roles: - master platform: el-7-x86_64 - hypervisor : none + hypervisor: none ip: 127.0.0.1 CONFIG: type: foss diff --git a/ironic/spec/acceptance/nodesets/nodepool-trusty.yml b/ironic/spec/acceptance/nodesets/nodepool-trusty.yml index a95d9f38d..9fc624e24 100644 --- a/ironic/spec/acceptance/nodesets/nodepool-trusty.yml +++ b/ironic/spec/acceptance/nodesets/nodepool-trusty.yml @@ -3,7 +3,7 @@ HOSTS: roles: - master platform: ubuntu-14.04-amd64 - hypervisor : none + hypervisor: none ip: 127.0.0.1 CONFIG: type: foss diff --git a/ironic/spec/acceptance/nodesets/ubuntu-server-1404-x64.yml b/ironic/spec/acceptance/nodesets/ubuntu-server-1404-x64.yml new file mode 100644 index 000000000..8001929b2 --- /dev/null +++ b/ironic/spec/acceptance/nodesets/ubuntu-server-1404-x64.yml @@ -0,0 +1,11 @@ +HOSTS: + ubuntu-server-14.04-amd64: + roles: + - master + platform: ubuntu-14.04-amd64 + box: puppetlabs/ubuntu-14.04-64-nocm + box_url: https://vagrantcloud.com/puppetlabs/ubuntu-14.04-64-nocm + hypervisor: vagrant +CONFIG: + log_level: debug + type: foss diff --git a/ironic/spec/classes/ironic_api_spec.rb b/ironic/spec/classes/ironic_api_spec.rb index 9f314e085..0c256f020 100644 --- a/ironic/spec/classes/ironic_api_spec.rb +++ b/ironic/spec/classes/ironic_api_spec.rb @@ -49,15 +49,17 @@ is_expected.to contain_package('ironic-api').with( :name => platform_params[:api_package], :ensure => p[:package_ensure], - :tag => 'openstack' + :tag => ['openstack', 'ironic-package'], ) - is_expected.to contain_package('ironic-api').with_before(/Ironic_config\[.+\]/) is_expected.to contain_package('ironic-api').with_before(/Service\[ironic-api\]/) end end it 'ensure ironic api service is running' do - is_expected.to contain_service('ironic-api').with('hasstatus' => true) + is_expected.to contain_service('ironic-api').with( + 'hasstatus' => true, + 'tag' => 'ironic-service', + ) end it 'configures ironic.conf' do diff --git a/ironic/spec/classes/ironic_bifrost_spec.rb b/ironic/spec/classes/ironic_bifrost_spec.rb new file mode 100644 index 000000000..3355cb357 --- /dev/null +++ b/ironic/spec/classes/ironic_bifrost_spec.rb @@ -0,0 +1,91 @@ +# Copyright 2015 Hewlett-Packard Development Company, L.P. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# Unit tests for ironic::bifrost class +# + +require 'spec_helper' + +describe 'ironic::bifrost' do + + let :default_params do + { :git_source_repo => 'https://git.openstack.org/openstack/bifrost', + :revision => master, + :git_dest_repo_folder => '/opt/stack/bifrost', + :bifrost_config_folder => '/etc/bifrost', + :ironic_url => '"http://localhost:6385/"', + :network_interface => '"virbr0"', + :testing => false, + :testing_user => 'ubuntu', + :http_boot_folder => '/httpboot', + :nginx_port => 8080, + :ssh_public_key_path => '"{{ ansible_env.HOME }}/.ssh/id_rsa.pub"', + :deploy_kernel => '"{{http_boot_folder}}/coreos_production_pxe.vmlinuz"', + :deploy_ramdisk => '"{{http_boot_folder}}/coreos_production_pxe_image-oem.cpio.gz"', + :deploy_kernel_url => '"http://{{ hostvars[inventory_hostname][\'ansible_\' + network_interface][\'ipv4\'][\'address\'] }}:{{nginx_port}}/coreos_production_pxe.vmlinuz"', + :deploy_ramdisk_url => '"http://{{ hostvars[inventory_hostname][\'ansible_\' + network_interface][\'ipv4\'][\'address\'] }}:{{nginx_port}}/coreos_production_pxe_image-oem.cpio.gz"', + :deploy_image_filename => '"deployment_image.qcow2"', + :deploy_image => '"{{http_boot_folder}}/{{deploy_image_filename}}"', + :create_image_via_dib => true, + :transform_boot_image => false, + :node_default_network_interface => 'eth0', + :ipv4_subnet_mask => '255.255.255.0', + :ipv4_gateway => '192.168.1.1', + :ipv4_nameserver => '8.8.8.8', + :network_mtu => '1500', + :dhcp_pool_start => '192.168.1.200', + :dhcp_pool_end => '192.168.1.250', + :ipmi_bridging => 'no', + } + end + + let :params do + { :mysql_password => 'changeme', + :ironic_db_password => 'changeme', + :baremetal_json_hosts => 'test', + } + end + + it 'should clone with vcsrepo bifrost repo with master branch' do + should contain_vcsrepo('/opt/stack/bifrost').with( + 'ensure' => 'present', + 'provider' => 'git', + 'revision' => 'master', + 'source' => 'https://git.openstack.org/openstack/bifrost', + ) + end + + it 'should contain folder /etc/bifrost' do + should contain_file('/etc/bifrost').with( + 'ensure' => 'directory', + ) + end + + it 'should contain file /etc/bifrost/bifrost_global_vars' do + should contain_file('/etc/bifrost/bifrost_global_vars').with( + 'ensure' => 'present', + 'require' => 'File[/etc/bifrost]', + 'content' => /ironic_url/, + ) + end + + it 'should contain file /etc/bifrost/baremetal.json' do + should contain_file('/etc/bifrost/baremetal.json').with( + 'ensure' => 'present', + 'require' => 'File[/etc/bifrost]', + 'content' => /test/, + ) + end + +end diff --git a/ironic/spec/classes/ironic_conductor_spec.rb b/ironic/spec/classes/ironic_conductor_spec.rb index 8d0d1df08..f93bf4878 100644 --- a/ironic/spec/classes/ironic_conductor_spec.rb +++ b/ironic/spec/classes/ironic_conductor_spec.rb @@ -45,15 +45,17 @@ is_expected.to contain_package('ironic-conductor').with( :name => platform_params[:conductor_package], :ensure => p[:package_ensure], - :tag => 'openstack' + :tag => ['openstack', 'ironic-package'], ) - is_expected.to contain_package('ironic-conductor').with_before(/Ironic_config\[.+\]/) is_expected.to contain_package('ironic-conductor').with_before(/Service\[ironic-conductor\]/) end end it 'ensure ironic conductor service is running' do - is_expected.to contain_service('ironic-conductor').with('hasstatus' => true) + is_expected.to contain_service('ironic-conductor').with( + 'hasstatus' => true, + 'tag' => 'ironic-service', + ) end it 'configures ironic.conf' do diff --git a/ironic/spec/classes/ironic_db_sync_spec.rb b/ironic/spec/classes/ironic_db_sync_spec.rb new file mode 100644 index 000000000..328db9149 --- /dev/null +++ b/ironic/spec/classes/ironic_db_sync_spec.rb @@ -0,0 +1,44 @@ +require 'spec_helper' + +describe 'ironic::db::sync' do + + shared_examples_for 'ironic-dbsync' do + + it 'runs ironic-manage db_sync' do + is_expected.to contain_exec('ironic-dbsync').with( + :command => 'ironic-dbsync --config-file /etc/ironic/ironic.conf', + :path => '/usr/bin', + :user => 'root', + :refreshonly => 'true', + :logoutput => 'on_failure' + ) + end + + end + + context 'on a RedHat osfamily' do + let :facts do + { + :osfamily => 'RedHat', + :operatingsystemrelease => '7.0', + :concat_basedir => '/var/lib/puppet/concat' + } + end + + it_configures 'ironic-dbsync' + end + + context 'on a Debian osfamily' do + let :facts do + { + :operatingsystemrelease => '7.8', + :operatingsystem => 'Debian', + :osfamily => 'Debian', + :concat_basedir => '/var/lib/puppet/concat' + } + end + + it_configures 'ironic-dbsync' + end + +end diff --git a/ironic/spec/classes/ironic_init_spec.rb b/ironic/spec/classes/ironic_init_spec.rb index 1f5a037ad..343760e8d 100644 --- a/ironic/spec/classes/ironic_init_spec.rb +++ b/ironic/spec/classes/ironic_init_spec.rb @@ -119,7 +119,7 @@ is_expected.to contain_package('ironic-common').with( :ensure => 'present', :name => platform_params[:common_package_name], - :tag => 'openstack', + :tag => ['openstack', 'ironic-package'], ) end diff --git a/ironic/spec/spec_helper.rb b/ironic/spec/spec_helper.rb index 53d4dd02d..3df4cede1 100644 --- a/ironic/spec/spec_helper.rb +++ b/ironic/spec/spec_helper.rb @@ -1,7 +1,10 @@ require 'puppetlabs_spec_helper/module_spec_helper' require 'shared_examples' +require 'webmock/rspec' RSpec.configure do |c| c.alias_it_should_behave_like_to :it_configures, 'configures' c.alias_it_should_behave_like_to :it_raises, 'raises' end + +at_exit { RSpec::Puppet::Coverage.report! } diff --git a/ironic/spec/unit/provider/ironic_config/ini_setting_spec.rb b/ironic/spec/unit/provider/ironic_config/ini_setting_spec.rb new file mode 100644 index 000000000..5ea779a58 --- /dev/null +++ b/ironic/spec/unit/provider/ironic_config/ini_setting_spec.rb @@ -0,0 +1,71 @@ +$LOAD_PATH.push( + File.join( + File.dirname(__FILE__), + '..', + '..', + '..', + 'fixtures', + 'modules', + 'inifile', + 'lib') +) +$LOAD_PATH.push( + File.join( + File.dirname(__FILE__), + '..', + '..', + '..', + 'fixtures', + 'modules', + 'openstacklib', + 'lib') +) + +require 'spec_helper' + +provider_class = Puppet::Type.type(:ironic_config).provider(:ini_setting) + +describe provider_class do + + it 'should default to the default setting when no other one is specified' do + resource = Puppet::Type::Ironic_config.new( + { + :name => 'DEFAULT/foo', + :value => 'bar' + } + ) + provider = provider_class.new(resource) + expect(provider.section).to eq('DEFAULT') + expect(provider.setting).to eq('foo') + end + + it 'should allow setting to be set explicitly' do + resource = Puppet::Type::Ironic_config.new( + { + :name => 'dude/foo', + :value => 'bar' + } + ) + provider = provider_class.new(resource) + expect(provider.section).to eq('dude') + expect(provider.setting).to eq('foo') + end + + it 'should ensure absent when is specified as a value' do + resource = Puppet::Type::Ironic_config.new( + {:name => 'dude/foo', :value => ''} + ) + provider = provider_class.new(resource) + provider.exists? + expect(resource[:ensure]).to eq :absent + end + + it 'should ensure absent when value matches ensure_absent_val' do + resource = Puppet::Type::Ironic_config.new( + {:name => 'dude/foo', :value => 'foo', :ensure_absent_val => 'foo' } + ) + provider = provider_class.new(resource) + provider.exists? + expect(resource[:ensure]).to eq :absent + end +end diff --git a/ironic/spec/unit/type/ironic_config_spec.rb b/ironic/spec/unit/type/ironic_config_spec.rb new file mode 100644 index 000000000..7b7a3737b --- /dev/null +++ b/ironic/spec/unit/type/ironic_config_spec.rb @@ -0,0 +1,19 @@ +require 'puppet' +require 'puppet/type/ironic_config' + +describe 'Puppet::Type.type(:ironic_config)' do + before :each do + @ironic_config = Puppet::Type.type(:ironic_config).new(:name => 'DEFAULT/foo', :value => 'bar') + end + + it 'should autorequire the package that install the file' do + catalog = Puppet::Resource::Catalog.new + package = Puppet::Type.type(:package).new(:name => 'ironic-common') + catalog.add_resource package, @ironic_config + dependency = @ironic_config.autorequire + expect(dependency.size).to eq(1) + expect(dependency[0].target).to eq(@ironic_config) + expect(dependency[0].source).to eq(package) + end + +end diff --git a/ironic/templates/baremetal.json.erb b/ironic/templates/baremetal.json.erb new file mode 100644 index 000000000..9f5bd9c3d --- /dev/null +++ b/ironic/templates/baremetal.json.erb @@ -0,0 +1,3 @@ +{ +<%= @baremetal_json_hosts %> +} diff --git a/ironic/templates/bifrost_global_vars.erb b/ironic/templates/bifrost_global_vars.erb new file mode 100644 index 000000000..0284ca5a7 --- /dev/null +++ b/ironic/templates/bifrost_global_vars.erb @@ -0,0 +1,44 @@ +--- +ironic_url: <%= @ironic_url %> +network_interface: <%= @network_interface %> +# ironic_db_password ironic user password for rabbit +ironic_db_password: <%= @ironic_db_password %> +# mysql_password: mysql root user password +mysql_password: <%= @mysql_password %> +# If testing is true, then the environment is setup for using libvirt +# virtual machines for the hardware instead of real hardware. +# testing: true +# +# Normally this user should be ubuntu, however if cirros is used, +# a user may wish to define a specific user for testing VM +# connectivity during atest sequence +testing: <%= @testing %> +testing_user: <%= @testing_user %> +http_boot_folder: <%= @http_boot_folder %> +nginx_port: <%= @nginx_port %> +ssh_public_key_path: <%= @ssh_public_key_path %> +deploy_kernel: <%= @deploy_kernel %> +deploy_ramdisk: <%= @deploy_ramdisk %> +deploy_kernel_url: <%= @deploy_kernel_url %> +deploy_ramdisk_url: <%= @deploy_ramdisk_url %> +# When using disk image builder based image generation, which is the +# default at this time, the deploy_image_filename must end with .qcow2 +# due to the image creation process. +deploy_image_filename: <%= @deploy_image_filename %> +deploy_image: <%= @deploy_image %> +# Setting to utilize diskimage-builder to create a bootable image. +create_image_via_dib: <%= @create_image_via_dib %> +# Transform boot image is intended for use with the Ubuntu trusty image. It makes the image bootable by installing Grub. +# Setting to prepend a partition image with a boot sector and partition table. +transform_boot_image: <%= @transform_boot_image %> +node_default_network_interface: <%= @node_default_network_interface %> +# ipv4_subnet_mask is intended for the static ipv4 address assignments. +ipv4_subnet_mask: <%= @ipv4_subnet_mask %> +ipv4_gateway: <%= @ipv4_gateway %> +ipv4_nameserver: <%= @ipv4_nameserver %> +network_mtu: <%= @network_mtu %> +dhcp_pool_start: <%= @dhcp_pool_start %> +dhcp_pool_end: <%= @dhcp_pool_end %> +# ipmi_bridging: Default undefined. Valid values: "no", "single", and "dual" +# See http://docs.openstack.org/developer/ironic/_modules/ironic/drivers/modules/ipmitool.html +ipmi_bridging: <%= @ipmi_bridging %> diff --git a/keystone/.fixtures.yml b/keystone/.fixtures.yml index 73f11ff6c..4d15eb902 100644 --- a/keystone/.fixtures.yml +++ b/keystone/.fixtures.yml @@ -6,7 +6,7 @@ fixtures: 'ref': '1.2.1' 'apt': 'git://github.com/puppetlabs/puppetlabs-apt.git' 'mysql': 'git://github.com/puppetlabs/puppetlabs-mysql.git' - 'openstacklib': 'git://github.com/stackforge/puppet-openstacklib.git' + 'openstacklib': 'git://github.com/openstack/puppet-openstacklib.git' 'stdlib': 'git://github.com/puppetlabs/puppetlabs-stdlib.git' 'inifile': 'git://github.com/puppetlabs/puppetlabs-inifile' 'postgresql': 'git://github.com/puppetlabs/puppetlabs-postgresql.git' diff --git a/keystone/.gitignore b/keystone/.gitignore index f67fd0665..4dd84f06e 100644 --- a/keystone/.gitignore +++ b/keystone/.gitignore @@ -1,5 +1,10 @@ -spec/fixtures/modules/* -spec/fixtures/manifests/* -pkg +pkg/ Gemfile.lock +vendor/ +spec/fixtures/ +.vagrant/ +.bundle/ +coverage/ +.idea/ *.swp +*.iml diff --git a/keystone/.sync.yml b/keystone/.sync.yml new file mode 100644 index 000000000..0912631ba --- /dev/null +++ b/keystone/.sync.yml @@ -0,0 +1,3 @@ +--- +spec/spec_helper.rb: + unmanaged: true diff --git a/keystone/Gemfile b/keystone/Gemfile index 23c74a880..6d4ce9a07 100644 --- a/keystone/Gemfile +++ b/keystone/Gemfile @@ -1,25 +1,30 @@ -source 'https://rubygems.org' +source ENV['GEM_SOURCE'] || "https://rubygems.org" group :development, :test do - gem 'puppetlabs_spec_helper', :require => false - gem 'rspec-puppet', '~> 2.1.0', :require => false - - gem 'metadata-json-lint' - gem 'puppet-lint-param-docs' - gem 'puppet-lint-absolute_classname-check' - gem 'puppet-lint-absolute_template_path' - gem 'puppet-lint-trailing_newline-check' + gem 'puppetlabs_spec_helper', :require => 'false' + gem 'rspec-puppet', '~> 2.2.0', :require => 'false' + gem 'metadata-json-lint', :require => 'false' + gem 'puppet-lint-param-docs', :require => 'false' + gem 'puppet-lint-absolute_classname-check', :require => 'false' + gem 'puppet-lint-absolute_template_path', :require => 'false' + gem 'puppet-lint-trailing_newline-check', :require => 'false' + gem 'puppet-lint-unquoted_string-check', :require => 'false' + gem 'puppet-lint-leading_zero-check', :require => 'false' + gem 'puppet-lint-variable_contains_upcase', :require => 'false' + gem 'puppet-lint-numericvariable', :require => 'false' + gem 'json', :require => 'false' + gem 'webmock', :require => 'false' +end - # Puppet 4.x related lint checks - gem 'puppet-lint-unquoted_string-check' - gem 'puppet-lint-leading_zero-check' - gem 'puppet-lint-variable_contains_upcase' - gem 'puppet-lint-numericvariable' +group :system_tests do + gem 'beaker-rspec', :require => 'false' + gem 'beaker-puppet_install_helper', :require => 'false' +end - gem 'json' - gem 'webmock' - gem 'beaker-rspec', :require => false - gem 'beaker-puppet_install_helper', :require => false +if facterversion = ENV['FACTER_GEM_VERSION'] + gem 'facter', facterversion, :require => false +else + gem 'facter', :require => false end if puppetversion = ENV['PUPPET_GEM_VERSION'] diff --git a/keystone/README.md b/keystone/README.md index 78fc04dec..28e53a790 100644 --- a/keystone/README.md +++ b/keystone/README.md @@ -138,6 +138,36 @@ Implementation keystone is a combination of Puppet manifest and ruby code to delivery configuration and extra functionality through types and providers. +### Types + +#### keystone_config + +The `keystone_config` provider is a children of the ini_setting provider. It allows one to write an entry in the `/etc/keystone/keystone.conf` file. + +```puppet +keystone_config { 'DEFAULT/verbose' : + value => true, +} +``` + +This will write `verbose=true` in the `[DEFAULT]` section. + +##### name + +Section/setting name to manage from `keystone.conf` + +##### value + +The value of the setting to be defined. + +##### secret + +Whether to hide the value from Puppet logs. Defaults to `false`. + +##### ensure_absent_val + +If value is equal to ensure_absent_val then the resource will behave as if `ensure => absent` was specified. Defaults to `` + Limitations ------------ diff --git a/keystone/Rakefile b/keystone/Rakefile index b07ed10b2..bc08f437c 100644 --- a/keystone/Rakefile +++ b/keystone/Rakefile @@ -1,7 +1,21 @@ require 'puppetlabs_spec_helper/rake_tasks' require 'puppet-lint/tasks/puppet-lint' +require 'puppet-syntax/tasks/puppet-syntax' -PuppetLint.configuration.fail_on_warnings = true -PuppetLint.configuration.send('disable_80chars') -PuppetLint.configuration.send('disable_class_inherits_from_params_class') -PuppetLint.configuration.send('disable_class_parameter_defaults') +PuppetSyntax.exclude_paths ||= [] +PuppetSyntax.exclude_paths << "spec/fixtures/**/*" +PuppetSyntax.exclude_paths << "pkg/**/*" +PuppetSyntax.exclude_paths << "vendor/**/*" + +Rake::Task[:lint].clear +PuppetLint::RakeTask.new :lint do |config| + config.ignore_paths = ["spec/**/*.pp", "vendor/**/*.pp"] + config.fail_on_warnings = true + config.log_format = '%{path}:%{linenumber}:%{KIND}: %{message}' + config.disable_checks = ["80chars", "class_inherits_from_params_class", "class_parameter_defaults", "only_variable_string"] +end + +desc "Run acceptance tests" +RSpec::Core::RakeTask.new(:acceptance) do |t| + t.pattern = 'spec/acceptance' +end diff --git a/keystone/lib/puppet/provider/keystone.rb b/keystone/lib/puppet/provider/keystone.rb index 849868bcb..bf1ebe6ee 100644 --- a/keystone/lib/puppet/provider/keystone.rb +++ b/keystone/lib/puppet/provider/keystone.rb @@ -10,25 +10,110 @@ class Puppet::Provider::Keystone < Puppet::Provider::Openstack INI_FILENAME = '/etc/keystone/keystone.conf' - def self.get_endpoint + def self.admin_endpoint + @admin_endpoint ||= get_admin_endpoint + end + + def self.admin_token + @admin_token ||= get_admin_token + end + + def self.clean_host(host) + host ||= '127.0.0.1' + case host + when '0.0.0.0' + return '127.0.0.1' + when '::0' + return '[::1]' + else + return host + end + end + + def self.default_domain + domain_hash[default_domain_id] + end + + def self.default_domain_id + return @default_domain_id if @default_domain_id + if keystone_file and keystone_file['identity'] and keystone_file['identity']['default_domain_id'] + @default_domain_id = "#{keystone_file['identity']['default_domain_id'].strip}" + else + @default_domain_id = 'default' + end + @default_domain_id + end + + def self.domain_hash + return @domain_hash if @domain_hash + list = request('domain', 'list') + @domain_hash = Hash[list.collect{|domain| [domain[:id], domain[:name]]}] + @domain_hash + end + + def self.domain_name_from_id(id) + domain_hash[id] + end + + def self.get_admin_endpoint endpoint = nil + if keystone_file + if url = get_section('DEFAULT', 'admin_endpoint') + endpoint = url.chomp('/') + else + admin_port = get_section('DEFAULT', 'admin_port') || '35357' + host = clean_host(get_section('DEFAULT', 'admin_bind_host')) + protocol = ssl? ? 'https' : 'http' + endpoint = "#{protocol}://#{host}:#{admin_port}" + end + end + return endpoint + end + + def self.get_admin_token + get_section('DEFAULT', 'admin_token') + end + + def self.get_auth_url + auth_url = nil if ENV['OS_AUTH_URL'] - endpoint = ENV['OS_AUTH_URL'] + auth_url = ENV['OS_AUTH_URL'].dup + elsif auth_url = get_os_vars_from_rcfile(rc_filename)['OS_AUTH_URL'] else - endpoint = get_os_vars_from_rcfile(rc_filename)['OS_AUTH_URL'] - unless endpoint - # This is from legacy but seems wrong, we want auth_url not url! - endpoint = get_admin_endpoint - end + auth_url = admin_endpoint end - unless endpoint - raise(Puppet::Error::OpenstackAuthInputError, 'Could not find auth url to check user password.') + return auth_url + end + + def self.get_section(group, name) + if keystone_file && keystone_file[group] && keystone_file['DEFAULT'][name] + return keystone_file[group][name].strip end - endpoint + return nil end - def self.admin_endpoint - @admin_endpoint ||= get_admin_endpoint + def self.get_service_url + service_url = nil + if ENV['OS_URL'] + service_url = ENV['OS_URL'].dup + elsif admin_endpoint + service_url = admin_endpoint + service_url << "/v#{@credentials.version}" + end + return service_url + end + + def self.ini_filename + INI_FILENAME + end + + def self.keystone_file + return @keystone_file if @keystone_file + if File.exists?(ini_filename) + @keystone_file = Puppet::Util::IniConfig::File.new + @keystone_file.read(ini_filename) + @keystone_file + end end # use the domain in this order: @@ -56,54 +141,6 @@ def self.name_and_domain(namedomstr, domain_from_resource=nil, default_domain_na ret end - def self.admin_token - @admin_token ||= get_admin_token - end - - def self.get_admin_token - if keystone_file and keystone_file['DEFAULT'] and keystone_file['DEFAULT']['admin_token'] - return "#{keystone_file['DEFAULT']['admin_token'].strip}" - else - return nil - end - end - - def self.get_admin_endpoint - if keystone_file - if keystone_file['DEFAULT'] - if keystone_file['DEFAULT']['admin_endpoint'] - auth_url = keystone_file['DEFAULT']['admin_endpoint'].strip.chomp('/') - return "#{auth_url}/v#{@credentials.version}/" - end - - if keystone_file['DEFAULT']['admin_port'] - admin_port = keystone_file['DEFAULT']['admin_port'].strip - else - admin_port = '35357' - end - - if keystone_file['DEFAULT']['admin_bind_host'] - host = keystone_file['DEFAULT']['admin_bind_host'].strip - if host == "0.0.0.0" - host = "127.0.0.1" - elsif host == '::0' - host = '[::1]' - end - else - host = "127.0.0.1" - end - end - - if keystone_file['ssl'] && keystone_file['ssl']['enable'] && keystone_file['ssl']['enable'].strip.downcase == 'true' - protocol = 'https' - else - protocol = 'http' - end - end - - "#{protocol}://#{host}:#{admin_port}/v#{@credentials.version}/" - end - def self.request(service, action, properties=nil) super rescue Puppet::Error::OpenstackAuthInputError => error @@ -112,48 +149,21 @@ def self.request(service, action, properties=nil) def self.request_by_service_token(service, action, error, properties=nil) properties ||= [] - @credentials.token = get_admin_token - @credentials.url = get_admin_endpoint + @credentials.token = admin_token + @credentials.url = service_url raise error unless @credentials.service_token_set? Puppet::Provider::Openstack.request(service, action, properties, @credentials) end - def self.ini_filename - INI_FILENAME + def self.service_url + @service_url ||= get_service_url end - def self.default_domain - domain_hash[default_domain_id] - end - - def self.domain_hash - return @domain_hash if @domain_hash - list = request('domain', 'list') - @domain_hash = Hash[list.collect{|domain| [domain[:id], domain[:name]]}] - @domain_hash - end - - def self.domain_name_from_id(id) - domain_hash[id] - end - - def self.default_domain_id - return @default_domain_id if @default_domain_id - if keystone_file and keystone_file['identity'] and keystone_file['identity']['default_domain_id'] - @default_domain_id = "#{keystone_file['identity']['default_domain_id'].strip}" - else - @default_domain_id = 'default' - end - @default_domain_id - end - - def self.keystone_file - return @keystone_file if @keystone_file - if File.exists?(ini_filename) - @keystone_file = Puppet::Util::IniConfig::File.new - @keystone_file.read(ini_filename) - @keystone_file + def self.ssl? + if keystone_file && keystone_file['ssl'] && keystone_file['ssl']['enable'] && keystone_file['ssl']['enable'].strip.downcase == 'true' + return true end + return false end # Helper functions to use on the pre-validated enabled field diff --git a/keystone/lib/puppet/provider/keystone_config/ini_setting.rb b/keystone/lib/puppet/provider/keystone_config/ini_setting.rb index 4d7b5cbdb..3c2b1d272 100644 --- a/keystone/lib/puppet/provider/keystone_config/ini_setting.rb +++ b/keystone/lib/puppet/provider/keystone_config/ini_setting.rb @@ -1,27 +1,10 @@ Puppet::Type.type(:keystone_config).provide( :ini_setting, - :parent => Puppet::Type.type(:ini_setting).provider(:ruby) + :parent => Puppet::Type.type(:openstack_config).provider(:ini_setting) ) do - def section - resource[:name].split('/', 2).first - end - - def setting - resource[:name].split('/', 2).last - end - - def separator - '=' - end - def self.file_path '/etc/keystone/keystone.conf' end - # added for backwards compatibility with older versions of inifile - def file_path - self.class.file_path - end - end diff --git a/keystone/lib/puppet/provider/keystone_user/openstack.rb b/keystone/lib/puppet/provider/keystone_user/openstack.rb index eb1e303fd..afc11cb45 100644 --- a/keystone/lib/puppet/provider/keystone_user/openstack.rb +++ b/keystone/lib/puppet/provider/keystone_user/openstack.rb @@ -92,17 +92,22 @@ def id end def password - res = nil - return res if resource[:password] == nil + passwd = nil + return passwd if resource[:password] == nil if resource[:enabled] == :false || resource[:replace_password] == :false # Unchanged password - res = resource[:password] + passwd = resource[:password] else # Password validation - credentials = Puppet::Provider::Openstack::CredentialsV3.new - credentials.auth_url = self.class.get_endpoint - credentials.password = resource[:password] - credentials.user_id = id + credentials = Puppet::Provider::Openstack::CredentialsV3.new + unless auth_url = self.class.get_auth_url + raise(Puppet::Error::OpenstackAuthInputError, "Could not find authentication url to validate user's password.") + end + auth_url << "/v#{credentials.version}" unless auth_url =~ /\/v\d(\.\d)?$/ + credentials.auth_url = auth_url + credentials.password = resource[:password] + credentials.user_id = id + # NOTE: The only reason we use username is so that the openstack provider # will know we are doing v3password auth - otherwise, it is not used. The # user_id uniquely identifies the user including domain. @@ -121,10 +126,10 @@ def password rescue Puppet::Error::OpenstackUnauthorizedError # password is invalid else - res = resource[:password] unless token.empty? + passwd = resource[:password] unless token.empty? end end - return res + return passwd end def password=(value) diff --git a/keystone/lib/puppet/type/keystone_config.rb b/keystone/lib/puppet/type/keystone_config.rb index fc6b82040..bc416ef0f 100644 --- a/keystone/lib/puppet/type/keystone_config.rb +++ b/keystone/lib/puppet/type/keystone_config.rb @@ -41,4 +41,13 @@ def should_to_s( newvalue ) defaultto false end + newparam(:ensure_absent_val) do + desc 'A value that is specified as the value property will behave as if ensure => absent was specified' + defaultto('') + end + + autorequire(:package) do + 'keystone' + end + end diff --git a/keystone/lib/puppet/type/keystone_paste_ini.rb b/keystone/lib/puppet/type/keystone_paste_ini.rb index e315a9570..f2fc81eb2 100644 --- a/keystone/lib/puppet/type/keystone_paste_ini.rb +++ b/keystone/lib/puppet/type/keystone_paste_ini.rb @@ -40,4 +40,8 @@ def should_to_s( newvalue ) defaultto false end + autorequire(:package) do + 'keystone' + end + end diff --git a/keystone/lib/puppet/type/keystone_tenant.rb b/keystone/lib/puppet/type/keystone_tenant.rb index 705c29173..4e21a0381 100644 --- a/keystone/lib/puppet/type/keystone_tenant.rb +++ b/keystone/lib/puppet/type/keystone_tenant.rb @@ -39,7 +39,7 @@ desc 'Domain for tenant.' newvalues(nil, /\S+/) def insync?(is) - raise(Puppet::Error, "The domain cannot be changed from #{self.should} to #{is}") unless self.should == is + raise(Puppet::Error, "[keystone_tenant]: The domain cannot be changed from #{self.should} to #{is}") unless self.should == is true end end @@ -54,6 +54,6 @@ def insync?(is) # If there is no keystone config, authentication credentials # need to come from another source. autorequire(:anchor) do - ['keystone_started'] + ['keystone_started','default_domain_created'] end end diff --git a/keystone/lib/puppet/type/keystone_user.rb b/keystone/lib/puppet/type/keystone_user.rb index e80eb195c..778249560 100644 --- a/keystone/lib/puppet/type/keystone_user.rb +++ b/keystone/lib/puppet/type/keystone_user.rb @@ -18,7 +18,7 @@ # DEPRECATED - To be removed in next release (Liberty) # https://bugs.launchpad.net/puppet-keystone/+bug/1472437 validate do |v| - Puppet.warning('The ignore_default_tenant parameter is deprecated and will be removed in the future.') + Puppet.warning('([keystone_user]: The ignore_default_tenant parameter is deprecated and will be removed in the future.') end newvalues(/(t|T)rue/, /(f|F)alse/, true, false) defaultto(false) @@ -58,7 +58,7 @@ def should_to_s( newvalue ) # DEPRECATED - To be removed in next release (Liberty) # https://bugs.launchpad.net/puppet-keystone/+bug/1472437 validate do |v| - Puppet.warning('The tenant parameter is deprecated and will be removed in the future. Please use keystone_user_role to assign a user to a project.') + Puppet.warning('([keystone_user]: The tenant parameter is deprecated and will be removed in the future. Please use keystone_user_role to assign a user to a project.') end newvalues(/\S+/) end @@ -84,7 +84,7 @@ def should_to_s( newvalue ) newproperty(:domain) do newvalues(nil, /\S+/) def insync?(is) - raise(Puppet::Error, "The domain cannot be changed from #{self.should} to #{is}") unless self.should == is + raise(Puppet::Error, "[keystone_user]: The domain cannot be changed from #{self.should} to #{is}") unless self.should == is true end end @@ -102,6 +102,6 @@ def insync?(is) # we should not do anything until the keystone service is started autorequire(:anchor) do - ['keystone_started'] + ['keystone_started','default_domain_created'] end end diff --git a/keystone/manifests/client.pp b/keystone/manifests/client.pp index 84a6e08ce..ddf3d6ae6 100644 --- a/keystone/manifests/client.pp +++ b/keystone/manifests/client.pp @@ -16,4 +16,12 @@ ensure => $ensure, tag => 'openstack', } + + if $ensure == 'present' { + include '::openstacklib::openstackclient' + } else { + class { '::openstacklib::openstackclient': + package_ensure => $ensure, + } + } } diff --git a/keystone/manifests/cron/token_flush.pp b/keystone/manifests/cron/token_flush.pp index 331eeba56..6dba32b47 100644 --- a/keystone/manifests/cron/token_flush.pp +++ b/keystone/manifests/cron/token_flush.pp @@ -45,14 +45,19 @@ # Induces a random delay before running the cronjob to avoid running all # cron jobs at the same time on all hosts this job is configured. # +# [*destination*] +# (optional) Path to file to which rows should be archived +# Defaults to '/var/log/keystone/keystone-tokenflush.log'. +# class keystone::cron::token_flush ( - $ensure = present, - $minute = 1, - $hour = 0, - $monthday = '*', - $month = '*', - $weekday = '*', - $maxdelay = 0, + $ensure = present, + $minute = 1, + $hour = 0, + $monthday = '*', + $month = '*', + $weekday = '*', + $maxdelay = 0, + $destination = '/var/log/keystone/keystone-tokenflush.log' ) { if $maxdelay == 0 { @@ -63,7 +68,7 @@ cron { 'keystone-manage token_flush': ensure => $ensure, - command => "${sleep}keystone-manage token_flush >>/var/log/keystone/keystone-tokenflush.log 2>&1", + command => "${sleep}keystone-manage token_flush >>${destination} 2>&1", environment => 'PATH=/bin:/usr/bin:/usr/sbin SHELL=/bin/sh', user => 'keystone', minute => $minute, diff --git a/keystone/manifests/init.pp b/keystone/manifests/init.pp index b527873ff..8d36b18ef 100644 --- a/keystone/manifests/init.pp +++ b/keystone/manifests/init.pp @@ -41,6 +41,10 @@ # (optional) Use syslog for logging. # Defaults to false. # +# [*use_stderr*] +# (optional) Use stderr for logging +# Defaults to true +# # [*log_facility*] # (optional) Syslog facility to receive log lines. # Defaults to 'LOG_USER'. @@ -428,6 +432,7 @@ $log_dir = '/var/log/keystone', $log_file = false, $use_syslog = false, + $use_stderr = true, $log_facility = 'LOG_USER', $catalog_type = 'sql', $catalog_driver = false, @@ -526,7 +531,7 @@ } } - File['/etc/keystone/keystone.conf'] -> Keystone_config<||> ~> Service[$service_name] + Keystone_config<||> ~> Service[$service_name] Keystone_config<||> ~> Exec<| title == 'keystone-manage db_sync'|> Keystone_config<||> ~> Exec<| title == 'keystone-manage pki_setup'|> Keystone_config<||> ~> Exec<| title == 'keystone-manage fernet_setup'|> @@ -539,10 +544,10 @@ tag => ['openstack', 'keystone-package'], } if $client_package_ensure == 'present' { - include '::openstacklib::openstackclient' + include '::keystone::client' } else { - class { '::openstacklib::openstackclient': - package_ensure => $client_package_ensure, + class { '::keystone::client': + ensure => $client_package_ensure, } } @@ -585,6 +590,7 @@ 'DEFAULT/admin_port': value => $admin_port; 'DEFAULT/verbose': value => $verbose; 'DEFAULT/debug': value => $debug; + 'DEFAULT/use_stderr': value => $use_stderr; } if $compute_port { @@ -832,6 +838,7 @@ } if $service_name == $::keystone::params::service_name { + $service_name_real = $::keystone::params::service_name if $validate_service { if $validate_auth_url { $v_auth_url = $validate_auth_url @@ -863,7 +870,9 @@ validate => false, } } + warning('Keystone under Eventlet has been drepecated during the Kilo cycle. Support for deploying under eventlet will be dropped as of the M-release of OpenStack.') } elsif $service_name == 'httpd' { + include ::apache::params class { '::keystone::service': ensure => 'stopped', service_name => $::keystone::params::service_name, @@ -871,6 +880,7 @@ provider => $service_provider, validate => false, } + $service_name_real = $::apache::params::service_name } else { fail('Invalid service_name. Either keystone/openstack-keystone for running as a standalone service, or httpd for being run by a httpd server') } @@ -963,6 +973,9 @@ require => File['/etc/keystone/keystone.conf'], notify => Exec['restart_keystone'], } + anchor { 'default_domain_created': + require => Keystone_domain[$default_domain], + } # Update this code when https://bugs.launchpad.net/keystone/+bug/1472285 is addressed. # 1/ Keystone needs to be started before creating the default domain # 2/ Once the default domain is created, we can query Keystone to get the default domain ID @@ -973,7 +986,7 @@ if $manage_service and $enabled { exec { 'restart_keystone': path => ['/usr/sbin', '/usr/bin', '/sbin', '/bin/'], - command => "service ${service_name} restart", + command => "service ${service_name_real} restart", refreshonly => true, } } diff --git a/keystone/manifests/resource/service_identity.pp b/keystone/manifests/resource/service_identity.pp index 4ac132205..172b95af6 100644 --- a/keystone/manifests/resource/service_identity.pp +++ b/keystone/manifests/resource/service_identity.pp @@ -156,6 +156,9 @@ 'ignore_default_tenant' => $ignore_default_tenant, 'domain' => $user_domain_real, }) + if ! $password { + warning("No password had been set for ${auth_name} user.") + } } if $configure_user_role { @@ -166,19 +169,27 @@ } if $configure_service { - ensure_resource('keystone_service', $service_name_real, { - 'ensure' => 'present', - 'type' => $service_type, - 'description' => $service_description, - }) + if $service_type { + ensure_resource('keystone_service', $service_name_real, { + 'ensure' => 'present', + 'type' => $service_type, + 'description' => $service_description, + }) + } else { + fail ('When configuring a service, you need to set the service_type parameter.') + } } if $configure_endpoint { - ensure_resource('keystone_endpoint', "${region}/${service_name_real}", { - 'ensure' => 'present', - 'public_url' => $public_url, - 'admin_url' => $admin_url, - 'internal_url' => $internal_url, - }) + if $public_url and $admin_url and $internal_url { + ensure_resource('keystone_endpoint', "${region}/${service_name_real}", { + 'ensure' => 'present', + 'public_url' => $public_url, + 'admin_url' => $admin_url, + 'internal_url' => $internal_url, + }) + } else { + fail ('When configuring an endpoint, you need to set the _url parameters.') + } } } diff --git a/keystone/manifests/roles/admin.pp b/keystone/manifests/roles/admin.pp index fe43a0fe2..37758c812 100644 --- a/keystone/manifests/roles/admin.pp +++ b/keystone/manifests/roles/admin.pp @@ -92,37 +92,10 @@ $service_project_domain = undef, ) { - if $service_project_domain { - if $service_project_domain != $admin_user_domain { - if $service_project_domain != $admin_project_domain { - keystone_domain { $service_project_domain: - ensure => present, - enabled => true, - } - } - } - } - - if $admin_project_domain { - if $admin_project_domain != $admin_user_domain { - if $service_project_domain != $admin_project_domain { - keystone_domain { $admin_project_domain: - ensure => present, - enabled => true, - } - } - } - } - - if $admin_user_domain { - if $admin_project_domain != $admin_user_domain { - if $service_project_domain != $admin_user_domain { - keystone_domain { $admin_user_domain: - ensure => present, - enabled => true, - } - } - } + $domains = unique(delete_undef_values([ $admin_user_domain, $admin_project_domain, $service_project_domain])) + keystone_domain { $domains: + ensure => present, + enabled => true, } keystone_tenant { $service_tenant: diff --git a/keystone/manifests/wsgi/apache.pp b/keystone/manifests/wsgi/apache.pp index 66e28aacc..05a66c379 100644 --- a/keystone/manifests/wsgi/apache.pp +++ b/keystone/manifests/wsgi/apache.pp @@ -89,6 +89,15 @@ # (optional) Wsgi script source. # Defaults to undef. # +# [*access_log_format*] +# The log format for the virtualhost. +# Optional. Defaults to false. +# +# [*vhost_custom_fragment*] +# (optional) Passes a string of custom configuration +# directives to be placed at the end of the vhost configuration. +# Defaults to undef. +# # == Dependencies # # requires Class['apache'] & Class['keystone'] @@ -113,25 +122,27 @@ # Copyright 2013 eNovance # class keystone::wsgi::apache ( - $servername = $::fqdn, - $public_port = 5000, - $admin_port = 35357, - $bind_host = undef, - $public_path = '/', - $admin_path = '/', - $ssl = true, - $workers = 1, - $ssl_cert = undef, - $ssl_key = undef, - $ssl_chain = undef, - $ssl_ca = undef, - $ssl_crl_path = undef, - $ssl_crl = undef, - $ssl_certs_dir = undef, - $threads = $::processorcount, - $priority = '10', - $wsgi_script_ensure = 'file', - $wsgi_script_source = undef, + $servername = $::fqdn, + $public_port = 5000, + $admin_port = 35357, + $bind_host = undef, + $public_path = '/', + $admin_path = '/', + $ssl = true, + $workers = 1, + $ssl_cert = undef, + $ssl_key = undef, + $ssl_chain = undef, + $ssl_ca = undef, + $ssl_crl_path = undef, + $ssl_crl = undef, + $ssl_certs_dir = undef, + $threads = $::processorcount, + $priority = '10', + $wsgi_script_ensure = 'file', + $wsgi_script_source = undef, + $access_log_format = false, + $vhost_custom_fragment = undef, ) { include ::keystone::params @@ -244,7 +255,9 @@ wsgi_daemon_process_options => $wsgi_daemon_process_options_main, wsgi_process_group => 'keystone_main', wsgi_script_aliases => $wsgi_script_aliases_main_real, + custom_fragment => $vhost_custom_fragment, require => File['keystone_wsgi_main'], + access_log_format => $access_log_format, } if $public_port != $admin_port { @@ -269,7 +282,9 @@ wsgi_daemon_process_options => $wsgi_daemon_process_options_admin, wsgi_process_group => 'keystone_admin', wsgi_script_aliases => $wsgi_script_aliases_admin, + custom_fragment => $vhost_custom_fragment, require => File['keystone_wsgi_admin'], + access_log_format => $access_log_format, } } } diff --git a/keystone/spec/acceptance/basic_keystone_spec.rb b/keystone/spec/acceptance/basic_keystone_spec.rb index 3cba11dba..3a937d3cb 100644 --- a/keystone/spec/acceptance/basic_keystone_spec.rb +++ b/keystone/spec/acceptance/basic_keystone_spec.rb @@ -8,18 +8,39 @@ pp= <<-EOS Exec { logoutput => 'on_failure' } + # make sure apache is stopped before keystone eventlet + # in case of wsgi was run before + class { '::apache': + service_ensure => 'stopped', + } + Service['httpd'] -> Service['keystone'] + # Common resources case $::osfamily { 'Debian': { include ::apt - class { '::openstack_extras::repo::debian::ubuntu': - release => 'kilo', - package_require => true, + apt::ppa { 'ppa:ubuntu-cloud-archive/liberty-staging': + # it's false by default in 2.x series but true in 1.8.x + package_manage => false, } + Exec['apt_update'] -> Package<||> } 'RedHat': { class { '::openstack_extras::repo::redhat::redhat': - release => 'kilo', + manage_rdo => false, + repo_hash => { + # we need kilo repo to be installed for dependencies + 'rdo-kilo' => { + 'baseurl' => 'https://repos.fedorapeople.org/repos/openstack/openstack-kilo/el7/', + 'descr' => 'RDO kilo', + 'gpgcheck' => 'no', + }, + 'rdo-liberty' => { + 'baseurl' => 'http://trunk.rdoproject.org/centos7/current/', + 'descr' => 'RDO trunk', + 'gpgcheck' => 'no', + }, + }, } package { 'openstack-selinux': ensure => 'latest' } } @@ -42,6 +63,7 @@ class { '::keystone': database_connection => 'mysql://keystone:keystone@127.0.0.1/keystone', admin_token => 'admin_token', enabled => true, + default_domain => 'default_domain', } # "v2" admin and service class { '::keystone::roles::admin': @@ -206,11 +228,11 @@ class { '::keystone::endpoint': end describe 'with v2 admin with v3 credentials' do include_examples 'keystone user/tenant/service/role/endpoint resources using v3 API', - '--os-username admin --os-password a_big_secret --os-project-name openstack --os-user-domain-name Default --os-project-domain-name Default' + '--os-username admin --os-password a_big_secret --os-project-name openstack --os-user-domain-name default_domain --os-project-domain-name default_domain' end describe "with v2 service with v3 credentials" do include_examples 'keystone user/tenant/service/role/endpoint resources using v3 API', - '--os-username beaker-ci --os-password secret --os-project-name services --os-user-domain-name Default --os-project-domain-name Default' + '--os-username beaker-ci --os-password secret --os-project-name services --os-user-domain-name default_domain --os-project-domain-name default_domain' end describe 'with v3 admin with v3 credentials' do include_examples 'keystone user/tenant/service/role/endpoint resources using v3 API', diff --git a/keystone/spec/acceptance/keystone_wsgi_apache_spec.rb b/keystone/spec/acceptance/keystone_wsgi_apache_spec.rb index c88e58401..8ddc973fc 100644 --- a/keystone/spec/acceptance/keystone_wsgi_apache_spec.rb +++ b/keystone/spec/acceptance/keystone_wsgi_apache_spec.rb @@ -12,14 +12,28 @@ case $::osfamily { 'Debian': { include ::apt - class { '::openstack_extras::repo::debian::ubuntu': - release => 'kilo', - package_require => true, + apt::ppa { 'ppa:ubuntu-cloud-archive/liberty-staging': + # it's false by default in 2.x series but true in 1.8.x + package_manage => false, } + Exec['apt_update'] -> Package<||> } 'RedHat': { class { '::openstack_extras::repo::redhat::redhat': - release => 'kilo', + manage_rdo => false, + repo_hash => { + # we need kilo repo to be installed for dependencies + 'rdo-kilo' => { + 'baseurl' => 'https://repos.fedorapeople.org/repos/openstack/openstack-kilo/el7/', + 'descr' => 'RDO kilo', + 'gpgcheck' => 'no', + }, + 'rdo-liberty' => { + 'baseurl' => 'http://trunk.rdoproject.org/centos7/current/', + 'descr' => 'RDO trunk', + 'gpgcheck' => 'no', + }, + }, } package { 'openstack-selinux': ensure => 'latest' } } @@ -43,6 +57,7 @@ class { '::keystone': admin_token => 'admin_token', enabled => true, service_name => 'httpd', + default_domain => 'default_domain', } include ::apache class { '::keystone::wsgi::apache': @@ -212,11 +227,11 @@ class { '::keystone::endpoint': end describe 'with v2 admin with v3 credentials' do include_examples 'keystone user/tenant/service/role/endpoint resources using v3 API', - '--os-username admin --os-password a_big_secret --os-project-name openstack --os-user-domain-name Default --os-project-domain-name Default' + '--os-username admin --os-password a_big_secret --os-project-name openstack --os-user-domain-name default_domain --os-project-domain-name default_domain' end describe "with v2 service with v3 credentials" do include_examples 'keystone user/tenant/service/role/endpoint resources using v3 API', - '--os-username beaker-ci --os-password secret --os-project-name services --os-user-domain-name Default --os-project-domain-name Default' + '--os-username beaker-ci --os-password secret --os-project-name services --os-user-domain-name default_domain --os-project-domain-name default_domain' end describe 'with v3 admin with v3 credentials' do include_examples 'keystone user/tenant/service/role/endpoint resources using v3 API', diff --git a/keystone/spec/acceptance/nodesets/centos-70-x64.yml b/keystone/spec/acceptance/nodesets/centos-70-x64.yml new file mode 100644 index 000000000..5f097e9fe --- /dev/null +++ b/keystone/spec/acceptance/nodesets/centos-70-x64.yml @@ -0,0 +1,11 @@ +HOSTS: + centos-server-70-x64: + roles: + - master + platform: el-7-x86_64 + box: puppetlabs/centos-7.0-64-nocm + box_url: https://vagrantcloud.com/puppetlabs/centos-7.0-64-nocm + hypervisor: vagrant +CONFIG: + log_level: debug + type: foss diff --git a/keystone/spec/acceptance/nodesets/default.yml b/keystone/spec/acceptance/nodesets/default.yml index a2c1ecc63..486b6a34e 100644 --- a/keystone/spec/acceptance/nodesets/default.yml +++ b/keystone/spec/acceptance/nodesets/default.yml @@ -1,9 +1,10 @@ HOSTS: - ubuntu-14.04-amd64: + ubuntu-server-14.04-amd64: roles: - master platform: ubuntu-14.04-amd64 - hypervisor : none - ip: 127.0.0.1 + box: puppetlabs/ubuntu-14.04-64-nocm + box_url: https://vagrantcloud.com/puppetlabs/ubuntu-14.04-64-nocm + hypervisor: vagrant CONFIG: type: foss diff --git a/keystone/spec/acceptance/nodesets/nodepool-centos7.yml b/keystone/spec/acceptance/nodesets/nodepool-centos7.yml index 575ae6732..c55287420 100644 --- a/keystone/spec/acceptance/nodesets/nodepool-centos7.yml +++ b/keystone/spec/acceptance/nodesets/nodepool-centos7.yml @@ -3,7 +3,7 @@ HOSTS: roles: - master platform: el-7-x86_64 - hypervisor : none + hypervisor: none ip: 127.0.0.1 CONFIG: type: foss diff --git a/keystone/spec/acceptance/nodesets/nodepool-trusty.yml b/keystone/spec/acceptance/nodesets/nodepool-trusty.yml index a95d9f38d..9fc624e24 100644 --- a/keystone/spec/acceptance/nodesets/nodepool-trusty.yml +++ b/keystone/spec/acceptance/nodesets/nodepool-trusty.yml @@ -3,7 +3,7 @@ HOSTS: roles: - master platform: ubuntu-14.04-amd64 - hypervisor : none + hypervisor: none ip: 127.0.0.1 CONFIG: type: foss diff --git a/keystone/spec/acceptance/nodesets/ubuntu-server-1404-x64.yml b/keystone/spec/acceptance/nodesets/ubuntu-server-1404-x64.yml new file mode 100644 index 000000000..8001929b2 --- /dev/null +++ b/keystone/spec/acceptance/nodesets/ubuntu-server-1404-x64.yml @@ -0,0 +1,11 @@ +HOSTS: + ubuntu-server-14.04-amd64: + roles: + - master + platform: ubuntu-14.04-amd64 + box: puppetlabs/ubuntu-14.04-64-nocm + box_url: https://vagrantcloud.com/puppetlabs/ubuntu-14.04-64-nocm + hypervisor: vagrant +CONFIG: + log_level: debug + type: foss diff --git a/keystone/spec/classes/keystone_client_spec.rb b/keystone/spec/classes/keystone_client_spec.rb index 2e58fad52..0b24b2c2c 100644 --- a/keystone/spec/classes/keystone_client_spec.rb +++ b/keystone/spec/classes/keystone_client_spec.rb @@ -7,6 +7,10 @@ 'ensure' => 'present', 'tag' => 'openstack' ) } + it { is_expected.to contain_package('python-openstackclient').with( + 'ensure' => 'present', + 'tag' => 'openstack', + ) } end describe "with specified version" do diff --git a/keystone/spec/classes/keystone_cron_token_flush_spec.rb b/keystone/spec/classes/keystone_cron_token_flush_spec.rb index 88e1fd519..24ebcd8aa 100644 --- a/keystone/spec/classes/keystone_cron_token_flush_spec.rb +++ b/keystone/spec/classes/keystone_cron_token_flush_spec.rb @@ -6,62 +6,73 @@ { :osfamily => 'Debian' } end + let :params do + { :ensure => 'present', + :minute => 1, + :hour => 0, + :monthday => '*', + :month => '*', + :weekday => '*', + :maxdelay => 0, + :destination => '/var/log/keystone/keystone-tokenflush.log' } + end + describe 'with default parameters' do it 'configures a cron' do is_expected.to contain_cron('keystone-manage token_flush').with( - :ensure => 'present', - :command => 'keystone-manage token_flush >>/var/log/keystone/keystone-tokenflush.log 2>&1', + :ensure => params[:ensure], + :command => "keystone-manage token_flush >>#{params[:destination]} 2>&1", :environment => 'PATH=/bin:/usr/bin:/usr/sbin SHELL=/bin/sh', :user => 'keystone', - :minute => 1, - :hour => 0, - :monthday => '*', - :month => '*', - :weekday => '*' + :minute => params[:minute], + :hour => params[:hour], + :monthday => params[:monthday], + :month => params[:month], + :weekday => params[:weekday] ) end end describe 'when specifying a maxdelay param' do - let :params do - { + before :each do + params.merge!( :maxdelay => 600 - } + ) end it 'configures a cron with delay' do is_expected.to contain_cron('keystone-manage token_flush').with( - :ensure => 'present', - :command => 'sleep `expr ${RANDOM} \\% 600`; keystone-manage token_flush >>/var/log/keystone/keystone-tokenflush.log 2>&1', + :ensure => params[:ensure], + :command => "sleep `expr ${RANDOM} \\% #{params[:maxdelay]}`; keystone-manage token_flush >>#{params[:destination]} 2>&1", :environment => 'PATH=/bin:/usr/bin:/usr/sbin SHELL=/bin/sh', :user => 'keystone', - :minute => 1, - :hour => 0, - :monthday => '*', - :month => '*', - :weekday => '*' + :minute => params[:minute], + :hour => params[:hour], + :monthday => params[:monthday], + :month => params[:month], + :weekday => params[:weekday] ) end end - describe 'when specifying a maxdelay param' do - let :params do - { + describe 'when disabling cron job' do + before :each do + params.merge!( :ensure => 'absent' - } + ) end it 'configures a cron with delay' do is_expected.to contain_cron('keystone-manage token_flush').with( - :ensure => 'absent', - :command => 'keystone-manage token_flush >>/var/log/keystone/keystone-tokenflush.log 2>&1', + :ensure => params[:ensure], + :command => "keystone-manage token_flush >>#{params[:destination]} 2>&1", :environment => 'PATH=/bin:/usr/bin:/usr/sbin SHELL=/bin/sh', :user => 'keystone', - :minute => 1, - :hour => 0, - :monthday => '*', - :month => '*', - :weekday => '*' + :minute => params[:minute], + :hour => params[:hour], + :monthday => params[:monthday], + :month => params[:month], + :weekday => params[:weekday] ) end end diff --git a/keystone/spec/classes/keystone_roles_admin_spec.rb b/keystone/spec/classes/keystone_roles_admin_spec.rb index f134d43dc..10f2a3850 100644 --- a/keystone/spec/classes/keystone_roles_admin_spec.rb +++ b/keystone/spec/classes/keystone_roles_admin_spec.rb @@ -173,4 +173,15 @@ end + describe 'when admin_user_domain and admin_project_domain are equal' do + let :params do + { + :email => 'foo@bar', + :password => 'ChangeMe', + :admin_user_domain => 'admin_domain', + :admin_project_domain => 'admin_domain', + } + end + it { is_expected.to contain_keystone_domain('admin_domain') } + end end diff --git a/keystone/spec/classes/keystone_spec.rb b/keystone/spec/classes/keystone_spec.rb index 6d43f0899..1ad965a46 100644 --- a/keystone/spec/classes/keystone_spec.rb +++ b/keystone/spec/classes/keystone_spec.rb @@ -27,9 +27,9 @@ 'admin_bind_host' => '0.0.0.0', 'public_port' => '5000', 'admin_port' => '35357', - 'admin_token' => 'service_token', 'verbose' => false, 'debug' => false, + 'use_stderr' => true, 'catalog_type' => 'sql', 'catalog_driver' => false, 'token_provider' => 'keystone.token.providers.uuid.Provider', @@ -71,6 +71,7 @@ 'admin_token' => 'service_token_override', 'verbose' => true, 'debug' => true, + 'use_stderr' => false, 'catalog_type' => 'template', 'token_provider' => 'keystone.token.providers.uuid.Provider', 'token_driver' => 'keystone.token.backends.kvs.Token', @@ -110,9 +111,8 @@ 'tag' => ['openstack', 'keystone-package'], ) } - it { is_expected.to contain_package('python-openstackclient').with( + it { is_expected.to contain_class('keystone::client').with( 'ensure' => param_hash['client_package_ensure'], - 'tag' => 'openstack', ) } it { is_expected.to contain_group('keystone').with( @@ -156,7 +156,8 @@ 'public_port', 'admin_port', 'verbose', - 'debug' + 'debug', + 'use_stderr' ].each do |config| is_expected.to contain_keystone_config("DEFAULT/#{config}").with_value(param_hash[config]) end @@ -224,6 +225,7 @@ if param_hash['default_domain'] it { is_expected.to contain_keystone_domain(param_hash['default_domain']).with(:is_default => true) } + it { is_expected.to contain_anchor('default_domain_created') } end end @@ -863,20 +865,38 @@ end end - describe 'when configuring default domain' do + shared_examples_for "when configuring default domain" do describe 'with default config' do let :params do default_params end it { is_expected.to_not contain_exec('restart_keystone') } end - describe 'with default domain and service is managed and enabled' do + describe 'with default domain and eventlet service is managed and enabled' do + let :params do + default_params.merge({ + 'default_domain'=> 'test', + }) + end + it { is_expected.to contain_exec('restart_keystone').with( + 'command' => "service #{platform_parameters[:service_name]} restart", + ) } + it { is_expected.to contain_anchor('default_domain_created') } + end + describe 'with default domain and wsgi service is managed and enabled' do + let :pre_condition do + 'include ::apache' + end let :params do default_params.merge({ 'default_domain'=> 'test', + 'service_name' => 'httpd', }) end - it { is_expected.to contain_exec('restart_keystone') } + it { is_expected.to contain_exec('restart_keystone').with( + 'command' => "service #{platform_parameters[:httpd_service_name]} restart", + ) } + it { is_expected.to contain_anchor('default_domain_created') } end describe 'with default domain and service is not managed' do let :params do @@ -886,6 +906,7 @@ }) end it { is_expected.to_not contain_exec('restart_keystone') } + it { is_expected.to contain_anchor('default_domain_created') } end end @@ -899,11 +920,13 @@ let :platform_parameters do { - :service_name => 'openstack-keystone' + :service_name => 'openstack-keystone', + :httpd_service_name => 'httpd', } end it_configures 'when using default class parameters for httpd' + it_configures 'when configuring default domain' end context 'on Debian platforms' do @@ -917,10 +940,12 @@ let :platform_parameters do { - :service_name => 'keystone' + :service_name => 'keystone', + :httpd_service_name => 'apache2', } end it_configures 'when using default class parameters for httpd' + it_configures 'when configuring default domain' end end diff --git a/keystone/spec/classes/keystone_wsgi_apache_spec.rb b/keystone/spec/classes/keystone_wsgi_apache_spec.rb index 194239545..60aaeadbc 100644 --- a/keystone/spec/classes/keystone_wsgi_apache_spec.rb +++ b/keystone/spec/classes/keystone_wsgi_apache_spec.rb @@ -70,7 +70,8 @@ }, 'wsgi_process_group' => 'keystone_admin', 'wsgi_script_aliases' => { '/' => "#{platform_parameters[:wsgi_script_path]}/admin" }, - 'require' => 'File[keystone_wsgi_admin]' + 'require' => 'File[keystone_wsgi_admin]', + 'access_log_format' => false, )} it { is_expected.to contain_apache__vhost('keystone_wsgi_main').with( @@ -91,7 +92,8 @@ }, 'wsgi_process_group' => 'keystone_main', 'wsgi_script_aliases' => { '/' => "#{platform_parameters[:wsgi_script_path]}/main" }, - 'require' => 'File[keystone_wsgi_main]' + 'require' => 'File[keystone_wsgi_main]', + 'access_log_format' => false, )} it { is_expected.to contain_file("#{platform_parameters[:httpd_ports_file]}") } end @@ -99,12 +101,13 @@ describe 'when overriding parameters using different ports' do let :params do { - :servername => 'dummy.host', - :bind_host => '10.42.51.1', - :public_port => 12345, - :admin_port => 4142, - :ssl => false, - :workers => 37, + :servername => 'dummy.host', + :bind_host => '10.42.51.1', + :public_port => 12345, + :admin_port => 4142, + :ssl => false, + :workers => 37, + :vhost_custom_fragment => 'LimitRequestFieldSize 81900' } end @@ -126,7 +129,8 @@ }, 'wsgi_process_group' => 'keystone_admin', 'wsgi_script_aliases' => { '/' => "#{platform_parameters[:wsgi_script_path]}/admin" }, - 'require' => 'File[keystone_wsgi_admin]' + 'require' => 'File[keystone_wsgi_admin]', + 'custom_fragment' => 'LimitRequestFieldSize 81900' )} it { is_expected.to contain_apache__vhost('keystone_wsgi_main').with( @@ -147,7 +151,8 @@ }, 'wsgi_process_group' => 'keystone_main', 'wsgi_script_aliases' => { '/' => "#{platform_parameters[:wsgi_script_path]}/main" }, - 'require' => 'File[keystone_wsgi_main]' + 'require' => 'File[keystone_wsgi_main]', + 'custom_fragment' => 'LimitRequestFieldSize 81900' )} it { is_expected.to contain_file("#{platform_parameters[:httpd_ports_file]}") } @@ -209,6 +214,19 @@ it_raises 'a Puppet::Error', /When using the same port for public & private endpoints, public_path and admin_path should be different\./ end + describe 'when overriding default apache logging' do + let :params do + { + :servername => 'dummy.host', + :access_log_format => 'foo', + } + end + it { is_expected.to contain_apache__vhost('keystone_wsgi_main').with( + 'servername' => 'dummy.host', + 'access_log_format' => 'foo', + )} + end + describe 'when overriding parameters using symlink and custom file source' do let :params do { diff --git a/keystone/spec/defines/keystone_resource_service_identity_spec.rb b/keystone/spec/defines/keystone_resource_service_identity_spec.rb index 63ef98ad9..2df4f00a6 100644 --- a/keystone/spec/defines/keystone_resource_service_identity_spec.rb +++ b/keystone/spec/defines/keystone_resource_service_identity_spec.rb @@ -62,11 +62,20 @@ )} end - context 'when omitting a required parameter password' do + context 'when trying to create a service without service_type' do let :params do - required_params.delete(:password) + required_params.delete(:service_type) + required_params + end + it_raises 'a Puppet::Error', /When configuring a service, you need to set the service_type parameter/ + end + + context 'when trying to create an endpoint without url' do + let :params do + required_params.delete(:public_url) + required_params end - it { expect { is_expected.to raise_error(Puppet::Error) } } + it_raises 'a Puppet::Error', /When configuring an endpoint, you need to set the _url parameters/ end context 'with user domain' do diff --git a/keystone/spec/spec_helper.rb b/keystone/spec/spec_helper.rb index 78594f8ae..3be0498d1 100644 --- a/keystone/spec/spec_helper.rb +++ b/keystone/spec/spec_helper.rb @@ -2,8 +2,11 @@ $LOAD_PATH.push(File.join(File.dirname(__FILE__), 'fixtures', 'modules', 'openstacklib', 'lib')) require 'puppetlabs_spec_helper/module_spec_helper' require 'shared_examples' +require 'webmock/rspec' RSpec.configure do |c| c.alias_it_should_behave_like_to :it_configures, 'configures' c.alias_it_should_behave_like_to :it_raises, 'raises' end + +at_exit { RSpec::Puppet::Coverage.report! } diff --git a/keystone/spec/unit/provider/keystone_config/ini_setting_spec.rb b/keystone/spec/unit/provider/keystone_config/ini_setting_spec.rb new file mode 100644 index 000000000..8a9e32ee8 --- /dev/null +++ b/keystone/spec/unit/provider/keystone_config/ini_setting_spec.rb @@ -0,0 +1,57 @@ +# +# these tests are a little concerning b/c they are hacking around the +# modulepath, so these tests will not catch issues that may eventually arise +# related to loading these plugins. +# I could not, for the life of me, figure out how to programatcally set the modulepath +$LOAD_PATH.push( + File.join( + File.dirname(__FILE__), + '..', + '..', + '..', + 'fixtures', + 'modules', + 'inifile', + 'lib') +) +require 'spec_helper' +provider_class = Puppet::Type.type(:keystone_config).provider(:ini_setting) +describe provider_class do + + it 'should default to the default setting when no other one is specified' do + resource = Puppet::Type::Keystone_config.new( + {:name => 'DEFAULT/foo', :value => 'bar'} + ) + provider = provider_class.new(resource) + expect(provider.section).to eq('DEFAULT') + expect(provider.setting).to eq('foo') + end + + it 'should allow setting to be set explicitly' do + resource = Puppet::Type::Keystone_config.new( + {:name => 'dude/foo', :value => 'bar'} + ) + provider = provider_class.new(resource) + expect(provider.section).to eq('dude') + expect(provider.setting).to eq('foo') + end + + it 'should ensure absent when is specified as a value' do + resource = Puppet::Type::Keystone_config.new( + {:name => 'dude/foo', :value => ''} + ) + provider = provider_class.new(resource) + provider.exists? + expect(resource[:ensure]).to eq :absent + end + + it 'should ensure absent when value matches ensure_absent_val' do + resource = Puppet::Type::Keystone_config.new( + {:name => 'dude/foo', :value => 'foo', :ensure_absent_val => 'foo' } + ) + provider = provider_class.new(resource) + provider.exists? + expect(resource[:ensure]).to eq :absent + end + +end diff --git a/keystone/spec/unit/provider/keystone_spec.rb b/keystone/spec/unit/provider/keystone_spec.rb index 44d265f52..7efc00c65 100644 --- a/keystone/spec/unit/provider/keystone_spec.rb +++ b/keystone/spec/unit/provider/keystone_spec.rb @@ -25,100 +25,178 @@ def self.reset klass.reset end - describe 'when retrieving the security token' do - it 'should return nothing if there is no keystone config file' do + describe '#ssl?' do + it 'should be false if there is no keystone file' do File.expects(:exists?).with("/etc/keystone/keystone.conf").returns(false) - expect(klass.get_admin_token).to be_nil + expect(klass.ssl?).to be_falsey end - it 'should return nothing if the keystone config file does not have a DEFAULT section' do + it 'should be false if ssl is not configured in keystone file' do mock = {} File.expects(:exists?).with("/etc/keystone/keystone.conf").returns(true) Puppet::Util::IniConfig::File.expects(:new).returns(mock) mock.expects(:read).with('/etc/keystone/keystone.conf') - expect(klass.get_admin_token).to be_nil + expect(klass.ssl?).to be_falsey end - it 'should fail if the keystone config file does not contain an admin token' do - mock = {'DEFAULT' => {'not_a_token' => 'foo'}} + it 'should be false if ssl is configured and disable in keystone file' do + mock = {'ssl' => {'enable' => 'False'}} File.expects(:exists?).with("/etc/keystone/keystone.conf").returns(true) Puppet::Util::IniConfig::File.expects(:new).returns(mock) mock.expects(:read).with('/etc/keystone/keystone.conf') - expect(klass.get_admin_token).to be_nil + expect(klass.ssl?).to be_falsey end - it 'should parse the admin token if it is in the config file' do - mock = {'DEFAULT' => {'admin_token' => 'foo'}} + it 'should be true if ssl is configured and enabled in keystone file' do + mock = {'ssl' => {'enable' => 'True'}} File.expects(:exists?).with("/etc/keystone/keystone.conf").returns(true) Puppet::Util::IniConfig::File.expects(:new).returns(mock) mock.expects(:read).with('/etc/keystone/keystone.conf') - expect(klass.get_admin_token).to eq('foo') + expect(klass.ssl?).to be_truthy + end + end + + describe '#get_admin_endpoint' do + it 'should return nothing if there is no keystone config file' do + expect(klass.get_admin_endpoint).to be_nil + end + + it 'should use the admin_endpoint from keystone config file with no trailing slash' do + mock = {'DEFAULT' => {'admin_endpoint' => 'https://keystone.example.com/'}} + File.expects(:exists?).with("/etc/keystone/keystone.conf").returns(true) + Puppet::Util::IniConfig::File.expects(:new).returns(mock) + mock.expects(:read).with('/etc/keystone/keystone.conf') + expect(klass.get_admin_endpoint).to eq('https://keystone.example.com') end it 'should use the specified bind_host in the admin endpoint' do - mock = {'DEFAULT' => {'admin_bind_host' => '192.168.56.210', 'admin_port' => '35357' }} + mock = {'DEFAULT' => {'admin_bind_host' => '192.168.56.210', 'admin_port' => '5001' }} File.expects(:exists?).with("/etc/keystone/keystone.conf").returns(true) Puppet::Util::IniConfig::File.expects(:new).returns(mock) mock.expects(:read).with('/etc/keystone/keystone.conf') - expect(klass.get_admin_endpoint).to eq('http://192.168.56.210:35357/v3/') + expect(klass.get_admin_endpoint).to eq('http://192.168.56.210:5001') end it 'should use localhost in the admin endpoint if bind_host is 0.0.0.0' do - mock = {'DEFAULT' => { 'admin_bind_host' => '0.0.0.0', 'admin_port' => '35357' }} + mock = {'DEFAULT' => { 'admin_bind_host' => '0.0.0.0', 'admin_port' => '5001' }} File.expects(:exists?).with("/etc/keystone/keystone.conf").returns(true) Puppet::Util::IniConfig::File.expects(:new).returns(mock) mock.expects(:read).with('/etc/keystone/keystone.conf') - expect(klass.get_admin_endpoint).to eq('http://127.0.0.1:35357/v3/') + expect(klass.get_admin_endpoint).to eq('http://127.0.0.1:5001') end it 'should use [::1] in the admin endpoint if bind_host is ::0' do - mock = {'DEFAULT' => { 'admin_bind_host' => '::0', 'admin_port' => '35357' }} + mock = {'DEFAULT' => { 'admin_bind_host' => '::0', 'admin_port' => '5001' }} File.expects(:exists?).with("/etc/keystone/keystone.conf").returns(true) Puppet::Util::IniConfig::File.expects(:new).returns(mock) mock.expects(:read).with('/etc/keystone/keystone.conf') - expect(klass.get_admin_endpoint).to eq('http://[::1]:35357/v3/') + expect(klass.get_admin_endpoint).to eq('http://[::1]:5001') end it 'should use localhost in the admin endpoint if bind_host is unspecified' do - mock = {'DEFAULT' => { 'admin_port' => '35357' }} + mock = {'DEFAULT' => { 'admin_port' => '5001' }} File.expects(:exists?).with("/etc/keystone/keystone.conf").returns(true) Puppet::Util::IniConfig::File.expects(:new).returns(mock) mock.expects(:read).with('/etc/keystone/keystone.conf') - expect(klass.get_admin_endpoint).to eq('http://127.0.0.1:35357/v3/') + expect(klass.get_admin_endpoint).to eq('http://127.0.0.1:5001') end it 'should use https if ssl is enabled' do - mock = {'DEFAULT' => {'admin_bind_host' => '192.168.56.210', 'admin_port' => '35357' }, 'ssl' => {'enable' => 'True'}} + mock = {'DEFAULT' => {'admin_bind_host' => '192.168.56.210', 'admin_port' => '5001' }, 'ssl' => {'enable' => 'True'}} File.expects(:exists?).with("/etc/keystone/keystone.conf").returns(true) Puppet::Util::IniConfig::File.expects(:new).returns(mock) mock.expects(:read).with('/etc/keystone/keystone.conf') - expect(klass.get_admin_endpoint).to eq('https://192.168.56.210:35357/v3/') + expect(klass.get_admin_endpoint).to eq('https://192.168.56.210:5001') end it 'should use http if ssl is disabled' do - mock = {'DEFAULT' => {'admin_bind_host' => '192.168.56.210', 'admin_port' => '35357' }, 'ssl' => {'enable' => 'False'}} + mock = {'DEFAULT' => {'admin_bind_host' => '192.168.56.210', 'admin_port' => '5001' }, 'ssl' => {'enable' => 'False'}} File.expects(:exists?).with("/etc/keystone/keystone.conf").returns(true) Puppet::Util::IniConfig::File.expects(:new).returns(mock) mock.expects(:read).with('/etc/keystone/keystone.conf') - expect(klass.get_admin_endpoint).to eq('http://192.168.56.210:35357/v3/') + expect(klass.get_admin_endpoint).to eq('http://192.168.56.210:5001') + end + end + + describe '#get_auth_url' do + it 'should return nothing when OS_AUTH_URL is no defined in either the environment or the openrc file and there is no keystone configuration file' do + home = ENV['HOME'] + ENV.clear + File.expects(:exists?).with("#{home}/openrc").returns(false) + File.expects(:exists?).with("/etc/keystone/keystone.conf").returns(false) + expect(klass.get_auth_url).to be_nil + end + + it 'should return the OS_AUTH_URL from the environment' do + ENV.clear + ENV['OS_AUTH_URL'] = 'http://127.0.0.1:5001' + expect(klass.get_auth_url).to eq('http://127.0.0.1:5001') end - it 'should use the defined admin_endpoint if available' do - mock = {'DEFAULT' => {'admin_endpoint' => 'https://keystone.example.com' }, 'ssl' => {'enable' => 'False'}} + it 'should return the OS_AUTH_URL from the openrc file when there is no OS_AUTH_URL in the environment' do + home = ENV['HOME'] + ENV.clear + mock = {'OS_AUTH_URL' => 'http://127.0.0.1:5001'} + klass.expects(:get_os_vars_from_rcfile).with("#{home}/openrc").returns(mock) + expect(klass.get_auth_url).to eq('http://127.0.0.1:5001') + end + + it 'should use admin_endpoint when nothing else is available' do + ENV.clear + mock = 'http://127.0.0.1:5001' + klass.expects(:admin_endpoint).returns(mock) + expect(klass.get_auth_url).to eq('http://127.0.0.1:5001') + end + end + + describe '#get_service_url when retrieving the security token' do + it 'should return nothing when OS_URL is not defined in environment' do + ENV.clear + expect(klass.get_service_url).to be_nil + end + + it 'should return the OS_URL from the environment' do + ENV['OS_URL'] = 'http://127.0.0.1:5001/v3' + expect(klass.get_service_url).to eq('http://127.0.0.1:5001/v3') + end + + it 'should use admin_endpoint with the API version number' do + ENV.clear + mock = 'http://127.0.0.1:5001' + klass.expects(:admin_endpoint).twice.returns(mock) + expect(klass.get_service_url).to eq('http://127.0.0.1:5001/v3') + end + end + + describe 'when retrieving the security token' do + it 'should return nothing if there is no keystone config file' do + File.expects(:exists?).with("/etc/keystone/keystone.conf").returns(false) + expect(klass.get_admin_token).to be_nil + end + + it 'should return nothing if the keystone config file does not have a DEFAULT section' do + mock = {} File.expects(:exists?).with("/etc/keystone/keystone.conf").returns(true) Puppet::Util::IniConfig::File.expects(:new).returns(mock) mock.expects(:read).with('/etc/keystone/keystone.conf') - expect(klass.get_admin_endpoint).to eq('https://keystone.example.com/v3/') + expect(klass.get_admin_token).to be_nil end - it 'should handle an admin_endpoint with a trailing slash' do - mock = {'DEFAULT' => {'admin_endpoint' => 'https://keystone.example.com/' }, 'ssl' => {'enable' => 'False'}} + it 'should fail if the keystone config file does not contain an admin token' do + mock = {'DEFAULT' => {'not_a_token' => 'foo'}} File.expects(:exists?).with("/etc/keystone/keystone.conf").returns(true) Puppet::Util::IniConfig::File.expects(:new).returns(mock) mock.expects(:read).with('/etc/keystone/keystone.conf') - expect(klass.get_admin_endpoint).to eq('https://keystone.example.com/v3/') + expect(klass.get_admin_token).to be_nil end + it 'should parse the admin token if it is in the config file' do + mock = {'DEFAULT' => {'admin_token' => 'foo'}} + File.expects(:exists?).with("/etc/keystone/keystone.conf").returns(true) + Puppet::Util::IniConfig::File.expects(:new).returns(mock) + mock.expects(:read).with('/etc/keystone/keystone.conf') + expect(klass.get_admin_token).to eq('foo') + end end describe 'when using domains' do diff --git a/keystone/spec/unit/provider/keystone_user/openstack_spec.rb b/keystone/spec/unit/provider/keystone_user/openstack_spec.rb index d7de008c7..f74a1ac7d 100644 --- a/keystone/spec/unit/provider/keystone_user/openstack_spec.rb +++ b/keystone/spec/unit/provider/keystone_user/openstack_spec.rb @@ -309,14 +309,13 @@ def before_hook(delete, missing, noproject, user_cached) it_behaves_like 'with auth-url environment variable' do it 'checks the password' do provider.instance_variable_get('@property_hash')[:id] = '1cb05cfed7c24279be884ba4f6520262' - mockcreds = {} - Puppet::Provider::Openstack::CredentialsV3.expects(:new).returns(mockcreds) - mockcreds.expects(:auth_url=).with('http://127.0.0.1:5000') - mockcreds.expects(:password=).with('foo') - mockcreds.expects(:username=).with('foo') - mockcreds.expects(:user_id=).with('1cb05cfed7c24279be884ba4f6520262') - mockcreds.expects(:project_id=).with('project-id-1') - mockcreds.expects(:to_env).returns(mockcreds) + mock_creds = Puppet::Provider::Openstack::CredentialsV3.new + mock_creds.auth_url='http://127.0.0.1:5000' + mock_creds.password='foo' + mock_creds.username='foo' + mock_creds.user_id='1cb05cfed7c24279be884ba4f6520262' + mock_creds.project_id='project-id-1' + Puppet::Provider::Openstack::CredentialsV3.expects(:new).returns(mock_creds) Puppet::Provider::Openstack.expects(:openstack) .with('project', 'list', '--quiet', '--format', 'csv', ['--user', '1cb05cfed7c24279be884ba4f6520262', '--long']) .returns('"ID","Name","Domain ID","Description","Enabled" @@ -350,14 +349,13 @@ def before_hook(delete, missing, noproject, user_cached) it 'checks the password with domain scoped token' do provider.instance_variable_get('@property_hash')[:id] = '1cb05cfed7c24279be884ba4f6520262' provider.instance_variable_get('@property_hash')[:domain] = 'foo_domain' - mockcreds = {} - Puppet::Provider::Openstack::CredentialsV3.expects(:new).returns(mockcreds) - mockcreds.expects(:auth_url=).with('http://127.0.0.1:5000') - mockcreds.expects(:password=).with('foo') - mockcreds.expects(:username=).with('foo') - mockcreds.expects(:user_id=).with('1cb05cfed7c24279be884ba4f6520262') - mockcreds.expects(:domain_name=).with('foo_domain') - mockcreds.expects(:to_env).returns(mockcreds) + mock_creds = Puppet::Provider::Openstack::CredentialsV3.new + mock_creds.auth_url='http://127.0.0.1:5000' + mock_creds.password='foo' + mock_creds.username='foo' + mock_creds.user_id='1cb05cfed7c24279be884ba4f6520262' + mock_creds.domain_name='foo_domain' + Puppet::Provider::Openstack::CredentialsV3.expects(:new).returns(mock_creds) Puppet::Provider::Openstack.expects(:openstack) .with('project', 'list', '--quiet', '--format', 'csv', ['--user', '1cb05cfed7c24279be884ba4f6520262', '--long']) .returns('"ID","Name","Domain ID","Description","Enabled" diff --git a/keystone/spec/unit/type/keystone_config_spec.rb b/keystone/spec/unit/type/keystone_config_spec.rb new file mode 100644 index 000000000..4955a29dc --- /dev/null +++ b/keystone/spec/unit/type/keystone_config_spec.rb @@ -0,0 +1,19 @@ +require 'puppet' +require 'puppet/type/keystone_config' + +describe 'Puppet::Type.type(:keystone_config)' do + before :each do + @keystone_config = Puppet::Type.type(:keystone_config).new(:name => 'DEFAULT/foo', :value => 'bar') + end + + it 'should autorequire the package that install the file' do + catalog = Puppet::Resource::Catalog.new + package = Puppet::Type.type(:package).new(:name => 'keystone') + catalog.add_resource package, @keystone_config + dependency = @keystone_config.autorequire + expect(dependency.size).to eq(1) + expect(dependency[0].target).to eq(@keystone_config) + expect(dependency[0].source).to eq(package) + end + +end diff --git a/keystone/spec/unit/type/keystone_paste_ini_spec.rb b/keystone/spec/unit/type/keystone_paste_ini_spec.rb index 2eae98a04..0cf8b6c1a 100644 --- a/keystone/spec/unit/type/keystone_paste_ini_spec.rb +++ b/keystone/spec/unit/type/keystone_paste_ini_spec.rb @@ -20,4 +20,15 @@ @keystone_paste_ini[:value] = 'bar' expect(@keystone_paste_ini[:value]).to eq('bar') end + + it 'should autorequire the package that install the file' do + catalog = Puppet::Resource::Catalog.new + package = Puppet::Type.type(:package).new(:name => 'keystone') + catalog.add_resource package, @keystone_paste_ini + dependency = @keystone_paste_ini.autorequire + expect(dependency.size).to eq(1) + expect(dependency[0].target).to eq(@keystone_paste_ini) + expect(dependency[0].source).to eq(package) + end + end diff --git a/manila/.fixtures.yml b/manila/.fixtures.yml index 1faf718fa..2eedd2c3b 100644 --- a/manila/.fixtures.yml +++ b/manila/.fixtures.yml @@ -5,10 +5,10 @@ fixtures: 'repo': 'git://github.com/puppetlabs/puppetlabs-concat.git' 'ref': '1.2.1' 'inifile': 'git://github.com/puppetlabs/puppetlabs-inifile' - 'keystone': 'git://github.com/stackforge/puppet-keystone.git' - 'glance': 'git://github.com/stackforge/puppet-glance.git' + 'keystone': 'git://github.com/openstack/puppet-keystone.git' + 'glance': 'git://github.com/openstack/puppet-glance.git' 'mysql': 'git://github.com/puppetlabs/puppetlabs-mysql.git' - 'openstacklib': 'git://github.com/stackforge/puppet-openstacklib.git' + 'openstacklib': 'git://github.com/openstack/puppet-openstacklib.git' 'postgresql': 'git://github.com/puppetlabs/puppet-postgresql.git' 'qpid': 'git://github.com/dprince/puppet-qpid.git' 'rabbitmq': diff --git a/manila/Gemfile b/manila/Gemfile index aeb0bd71e..d9d4651e7 100644 --- a/manila/Gemfile +++ b/manila/Gemfile @@ -2,7 +2,7 @@ source 'https://rubygems.org' group :development, :test do gem 'puppetlabs_spec_helper', :require => false - gem 'rspec-puppet', '~> 2.1.0', :require => false + gem 'rspec-puppet', '~> 2.2.0', :require => false gem 'puppet-lint', '~> 1.1' gem 'metadata-json-lint' diff --git a/manila/README.md b/manila/README.md index 95b28f269..0fc8effc5 100644 --- a/manila/README.md +++ b/manila/README.md @@ -47,6 +47,36 @@ Implementation manila is a combination of Puppet manifests and ruby code to delivery configuration and extra functionality through types and providers. +### Types + +#### manila_config + +The `manila_config` provider is a children of the ini_setting provider. It allows one to write an entry in the `/etc/manila/manila.conf` file. + +```puppet +manila_config { 'DEFAULT/verbose' : + value => true, +} +``` + +This will write `verbose=true` in the `[DEFAULT]` section. + +##### name + +Section/setting name to manage from `manila.conf` + +##### value + +The value of the setting to be defined. + +##### secret + +Whether to hide the value from Puppet logs. Defaults to `false`. + +##### ensure_absent_val + +If value is equal to ensure_absent_val then the resource will behave as if `ensure => absent` was specified. Defaults to `` + Beaker-Rspec ------------ diff --git a/manila/lib/puppet/provider/manila_api_paste_ini/ini_setting.rb b/manila/lib/puppet/provider/manila_api_paste_ini/ini_setting.rb index 0998a2038..de4c35c86 100644 --- a/manila/lib/puppet/provider/manila_api_paste_ini/ini_setting.rb +++ b/manila/lib/puppet/provider/manila_api_paste_ini/ini_setting.rb @@ -1,27 +1,10 @@ Puppet::Type.type(:manila_api_paste_ini).provide( :ini_setting, - :parent => Puppet::Type.type(:ini_setting).provider(:ruby) + :parent => Puppet::Type.type(:openstack_config).provider(:ini_setting) ) do - def section - resource[:name].split('/', 2).first - end - - def setting - resource[:name].split('/', 2).last - end - - def separator - '=' - end - def self.file_path '/etc/manila/api-paste.ini' end - # added for backwards compatibility with older versions of inifile - def file_path - self.class.file_path - end - end diff --git a/manila/lib/puppet/provider/manila_config/ini_setting.rb b/manila/lib/puppet/provider/manila_config/ini_setting.rb index de54844aa..988966861 100644 --- a/manila/lib/puppet/provider/manila_config/ini_setting.rb +++ b/manila/lib/puppet/provider/manila_config/ini_setting.rb @@ -1,27 +1,10 @@ Puppet::Type.type(:manila_config).provide( :ini_setting, - :parent => Puppet::Type.type(:ini_setting).provider(:ruby) + :parent => Puppet::Type.type(:openstack_config).provider(:ini_setting) ) do - def section - resource[:name].split('/', 2).first - end - - def setting - resource[:name].split('/', 2).last - end - - def separator - '=' - end - def self.file_path '/etc/manila/manila.conf' end - # added for backwards compatibility with older versions of inifile - def file_path - self.class.file_path - end - end diff --git a/manila/lib/puppet/type/manila_api_paste_ini.rb b/manila/lib/puppet/type/manila_api_paste_ini.rb index 0b8b78b83..85c5db985 100644 --- a/manila/lib/puppet/type/manila_api_paste_ini.rb +++ b/manila/lib/puppet/type/manila_api_paste_ini.rb @@ -39,4 +39,14 @@ def should_to_s( newvalue ) defaultto false end + + newparam(:ensure_absent_val) do + desc 'A value that is specified as the value property will behave as if ensure => absent was specified' + defaultto('') + end + + autorequire(:package) do + 'manila' + end + end diff --git a/manila/lib/puppet/type/manila_config.rb b/manila/lib/puppet/type/manila_config.rb index 8ea614bb0..8fa8d0895 100644 --- a/manila/lib/puppet/type/manila_config.rb +++ b/manila/lib/puppet/type/manila_config.rb @@ -3,7 +3,7 @@ ensurable newparam(:name, :namevar => true) do - desc 'Section/setting name to manage from /etc/manila/manila.conf' + desc 'Section/setting name to manage from manila.conf' newvalues(/\S+\/\S+/) end @@ -14,6 +14,7 @@ value.capitalize! if value =~ /^(true|false)$/i value end + newvalues(/^[\S ]*$/) def is_to_s( currentvalue ) if resource.secret? @@ -39,4 +40,14 @@ def should_to_s( newvalue ) defaultto false end + + newparam(:ensure_absent_val) do + desc 'A value that is specified as the value property will behave as if ensure => absent was specified' + defaultto('') + end + + autorequire(:package) do + 'manila' + end + end diff --git a/manila/manifests/api.pp b/manila/manifests/api.pp index 2ed0650ec..68a021506 100644 --- a/manila/manifests/api.pp +++ b/manila/manifests/api.pp @@ -98,17 +98,17 @@ ) { include ::manila::params + require ::keystone::python Manila_config<||> ~> Service['manila-api'] Manila_api_paste_ini<||> ~> Service['manila-api'] if $::manila::params::api_package { - Package['manila-api'] -> Manila_config<||> - Package['manila-api'] -> Manila_api_paste_ini<||> Package['manila-api'] -> Service['manila-api'] package { 'manila-api': ensure => $package_ensure, name => $::manila::params::api_package, + tag => ['openstack', 'manila-package'], } } @@ -139,6 +139,7 @@ enable => $enabled, hasstatus => true, require => Package['manila'], + tag => 'manila-service', } manila_config { diff --git a/manila/manifests/init.pp b/manila/manifests/init.pp index 6d9bd7d63..63f550255 100644 --- a/manila/manifests/init.pp +++ b/manila/manifests/init.pp @@ -197,6 +197,52 @@ # (optional) Location to store Manila locks # Defaults to '/tmp/manila/manila_locks' # +# [*amqp_server_request_prefix*] +# address prefix used when sending to a specific server +# Defaults to 'exclusive' +# +# [*amqp_broadcast_prefix*] +# address prefix used when broadcasting to all servers +# Defaults to 'broadcast' +# +# [*amqp_group_request_prefix*] +# address prefix when sending to any server in group +# Defaults to 'unicast' +# +# [*amqp_container_name*] +# Name for the AMQP container +# Defaults to guest +# +# [*amqp_idle_timeout*] +# Timeout for inactive connections (in seconds) +# Defaults to 0 +# +# [*amqp_trace*] +# Debug: dump AMQP frames to stdout +# Defaults to false +# +# [*amqp_ssl_ca_file*] +# (optional) CA certificate PEM file to verify server certificate +# Defaults to undef +# +# [*amqp_ssl_cert_file*] +# (optional) Identifying certificate PEM file to present to clients +# Defaults to undef +# +# [*amqp_ssl_key_file*] +# (optional) Private key PEM file used to sign cert_file certificate +# Defaults to undef +# +# [*amqp_ssl_key_password*] +# (optional) Password for decrypting ssl_key_file (if encrypted) +# Defaults to undef +# +# [*amqp_allow_insecure_clients*] +# (optional) Accept clients using either SSL or plain TCP +# Defaults to false +# + + class manila ( $sql_connection = 'sqlite:////var/lib/manila/manila.sqlite', $sql_idle_timeout = '3600', @@ -244,13 +290,21 @@ $rootwrap_config = '/etc/manila/rootwrap.conf', $state_path = '/var/lib/manila', $lock_path = '/tmp/manila/manila_locks', + $amqp_server_request_prefix = 'exclusive', + $amqp_broadcast_prefix = 'broadcast', + $amqp_group_request_prefix = 'unicast', + $amqp_container_name = 'guest', + $amqp_idle_timeout = '0', + $amqp_trace = false, + $amqp_allow_insecure_clients = false, + $amqp_ssl_ca_file = undef, + $amqp_ssl_cert_file = undef, + $amqp_ssl_key_file = undef, + $amqp_ssl_key_password = undef, ) { include ::manila::params - Package['manila'] -> Manila_config<||> - Package['manila'] -> Manila_api_paste_ini<||> - if $use_ssl { if !$cert_file { fail('The cert_file parameter is required when use_ssl is set to true') @@ -281,6 +335,7 @@ ensure => $package_ensure, name => $::manila::params::package_name, require => Anchor['manila-start'], + tag => ['openstack', 'manila-package'], } file { $::manila::params::manila_conf: @@ -399,6 +454,43 @@ } } + + manila_config { + 'oslo_messaging_amqp/server_request_prefix': value => $amqp_server_request_prefix; + 'oslo_messaging_amqp/broadcast_prefix': value => $amqp_broadcast_prefix; + 'oslo_messaging_amqp/group_request_prefix': value => $amqp_group_request_prefix; + 'oslo_messaging_amqp/container_name': value => $amqp_container_name; + 'oslo_messaging_amqp/idle_timeout': value => $amqp_idle_timeout; + 'oslo_messaging_amqp/trace': value => $amqp_trace; + 'oslo_messaging_amqp/allow_insecure_clients': value => $amqp_allow_insecure_clients, + } + + + if $amqp_ssl_ca_file { + manila_config { 'oslo_messaging_amqp/ssl_ca_file': value => $amqp_ssl_ca_file; } + } else { + manila_config { 'oslo_messaging_amqp/ssl_ca_file': ensure => absent; } + } + + if $amqp_ssl_key_password { + manila_config { 'oslo_messaging_amqp/ssl_key_password': value => $amqp_ssl_key_password; } + } else { + manila_config { 'oslo_messaging_amqp/ssl_key_password': ensure => absent; } + } + + if $amqp_ssl_cert_file { + manila_config { 'oslo_messaging_amqp/ssl_cert_file': value => $amqp_ssl_cert_file; } + } else { + manila_config { 'oslo_messaging_amqp/ssl_cert_file': ensure => absent; } + } + + if $amqp_ssl_key_file { + manila_config { 'oslo_messaging_amqp/ssl_key_file': value => $amqp_ssl_key_file; } + } else { + manila_config { 'oslo_messaging_amqp/ssl_key_file': ensure => absent; } + } + + manila_config { 'DEFAULT/sql_connection': value => $sql_connection, secret => true; 'DEFAULT/sql_idle_timeout': value => $sql_idle_timeout; diff --git a/manila/manifests/keystone/auth.pp b/manila/manifests/keystone/auth.pp index 43fd8ab87..dcc4be1cf 100644 --- a/manila/manifests/keystone/auth.pp +++ b/manila/manifests/keystone/auth.pp @@ -20,6 +20,9 @@ # [*service_type*] # Type of service. Optional. Defaults to 'share'. # +# [*service_description*] +# Description for keystone service. Optional. Defaults to 'Manila Service'. +# # [*region*] # Region for endpoint. Optional. Defaults to 'RegionOne'. # @@ -98,6 +101,7 @@ $tenant = 'services', $configure_endpoint = true, $service_type = 'share', + $service_description = 'Manila Service', $region = 'RegionOne', $public_url = 'http://127.0.0.1:8786/v1/%(tenant_id)s', $admin_url = 'http://127.0.0.1:8786/v1/%(tenant_id)s', @@ -182,7 +186,7 @@ configure_user_role => true, configure_endpoint => $configure_endpoint, service_type => $service_type, - service_description => 'Manila Service', + service_description => $service_description, region => $region, password => $password, email => $email, diff --git a/manila/manifests/scheduler.pp b/manila/manifests/scheduler.pp index 532977264..58c1dfed7 100644 --- a/manila/manifests/scheduler.pp +++ b/manila/manifests/scheduler.pp @@ -40,12 +40,11 @@ } if $::manila::params::scheduler_package { - Package['manila-scheduler'] -> Manila_config<||> - Package['manila-scheduler'] -> Manila_api_paste_ini<||> Package['manila-scheduler'] -> Service['manila-scheduler'] package { 'manila-scheduler': ensure => $package_ensure, name => $::manila::params::scheduler_package, + tag => ['openstack', 'manila-package'], } } @@ -63,5 +62,6 @@ enable => $enabled, hasstatus => true, require => Package['manila'], + tag => 'manila-service', } } diff --git a/manila/manifests/share.pp b/manila/manifests/share.pp index 897121f8f..46b15cf77 100644 --- a/manila/manifests/share.pp +++ b/manila/manifests/share.pp @@ -28,13 +28,12 @@ Exec<| title == 'manila-manage db_sync' |> ~> Service['manila-share'] if $::manila::params::share_package { - Package['manila-share'] -> Manila_config<||> - Package['manila-share'] -> Manila_api_paste_ini<||> Package['manila'] -> Package['manila-share'] Package['manila-share'] -> Service['manila-share'] package { 'manila-share': ensure => $package_ensure, name => $::manila::params::share_package, + tag => ['openstack', 'manila-package'], } } @@ -52,5 +51,6 @@ enable => $enabled, hasstatus => true, require => Package['manila'], + tag => 'manila-service', } } diff --git a/manila/spec/acceptance/basic_manila_spec.rb b/manila/spec/acceptance/basic_manila_spec.rb index b387c005e..0e99d5a2d 100644 --- a/manila/spec/acceptance/basic_manila_spec.rb +++ b/manila/spec/acceptance/basic_manila_spec.rb @@ -12,15 +12,29 @@ case $::osfamily { 'Debian': { include ::apt - class { '::openstack_extras::repo::debian::ubuntu': - release => 'kilo', - package_require => true, + apt::ppa { 'ppa:ubuntu-cloud-archive/liberty-staging': + # it's false by default in 2.x series but true in 1.8.x + package_manage => false, } + Exec['apt_update'] -> Package<||> $package_provider = 'apt' } 'RedHat': { class { '::openstack_extras::repo::redhat::redhat': - release => 'kilo', + manage_rdo => false, + repo_hash => { + # we need kilo repo to be installed for dependencies + 'rdo-kilo' => { + 'baseurl' => 'https://repos.fedorapeople.org/repos/openstack/openstack-kilo/el7/', + 'descr' => 'RDO kilo', + 'gpgcheck' => 'no', + }, + 'rdo-liberty' => { + 'baseurl' => 'http://trunk.rdoproject.org/centos7/current/', + 'descr' => 'RDO trunk', + 'gpgcheck' => 'no', + }, + }, } package { 'openstack-selinux': ensure => 'latest' } $package_provider = 'yum' diff --git a/manila/spec/acceptance/manila_config_spec.rb b/manila/spec/acceptance/manila_config_spec.rb new file mode 100644 index 000000000..12488fdf5 --- /dev/null +++ b/manila/spec/acceptance/manila_config_spec.rb @@ -0,0 +1,55 @@ +require 'spec_helper_acceptance' + +describe 'basic manila_config resource' do + + context 'default parameters' do + + it 'should work with no errors' do + pp= <<-EOS + Exec { logoutput => 'on_failure' } + + File <||> -> Manila_config <||> + + file { '/etc/manila' : + ensure => directory, + } + file { '/etc/manila/manila.conf' : + ensure => file, + } + + manila_config { 'DEFAULT/thisshouldexist' : + value => 'foo', + } + + manila_config { 'DEFAULT/thisshouldnotexist' : + value => '', + } + + manila_config { 'DEFAULT/thisshouldexist2' : + value => '', + ensure_absent_val => 'toto', + } + + manila_config { 'DEFAULT/thisshouldnotexist2' : + value => 'toto', + ensure_absent_val => 'toto', + } + EOS + + + # Run it twice and test for idempotency + apply_manifest(pp, :catch_failures => true) + apply_manifest(pp, :catch_changes => true) + end + + describe file('/etc/manila/manila.conf') do + it { should exist } + it { should contain('thisshouldexist=foo') } + it { should contain('thisshouldexist2=') } + + its(:content) { should_not match /thisshouldnotexist/ } + end + + + end +end diff --git a/manila/spec/classes/manila_api_spec.rb b/manila/spec/classes/manila_api_spec.rb index ae687e9ea..086ec4b0a 100644 --- a/manila/spec/classes/manila_api_spec.rb +++ b/manila/spec/classes/manila_api_spec.rb @@ -16,7 +16,8 @@ it { is_expected.to contain_service('manila-api').with( 'hasstatus' => true, - 'ensure' => 'running' + 'ensure' => 'running', + 'tag' => 'manila-service', )} it 'should configure manila api correctly' do diff --git a/manila/spec/classes/manila_scheduler_spec.rb b/manila/spec/classes/manila_scheduler_spec.rb index 578ae8c6b..9d3080be3 100644 --- a/manila/spec/classes/manila_scheduler_spec.rb +++ b/manila/spec/classes/manila_scheduler_spec.rb @@ -15,7 +15,8 @@ it { is_expected.to contain_package('manila-scheduler').with( :name => 'manila-scheduler', :ensure => 'present', - :before => ["Service[manila-scheduler]"] + :before => ["Service[manila-scheduler]"], + :tag => ['openstack', 'manila-package'], ) } it { is_expected.to contain_service('manila-scheduler').with( @@ -23,7 +24,8 @@ :enable => true, :ensure => 'running', :require => 'Package[manila]', - :hasstatus => true + :hasstatus => true, + :tag => 'manila-service', ) } end @@ -65,7 +67,8 @@ :name => 'openstack-manila-scheduler', :enable => true, :ensure => 'running', - :require => 'Package[manila]' + :require => 'Package[manila]', + :tag => 'manila-service', ) } end diff --git a/manila/spec/classes/manila_share_spec.rb b/manila/spec/classes/manila_share_spec.rb index 952cad830..c25f52ec1 100644 --- a/manila/spec/classes/manila_share_spec.rb +++ b/manila/spec/classes/manila_share_spec.rb @@ -9,10 +9,12 @@ it { is_expected.to contain_package('manila-share').with( :name => platform_params[:package_name], - :ensure => 'present' + :ensure => 'present', + :tag => ['openstack', 'manila-package'], ) } it { is_expected.to contain_service('manila-share').with( - 'hasstatus' => true + 'hasstatus' => true, + 'tag' => 'manila-service', )} describe 'with manage_service false' do diff --git a/manila/spec/classes/manila_spec.rb b/manila/spec/classes/manila_spec.rb index 95ecc8873..bfdbd4992 100644 --- a/manila/spec/classes/manila_spec.rb +++ b/manila/spec/classes/manila_spec.rb @@ -362,4 +362,76 @@ it_raises 'a Puppet::Error', /The cert_file parameter is required when use_ssl is set to true/ end + describe 'with amqp rpc supplied' do + + let :params do + { + :sql_connection => 'mysql://user:password@host/database', + :rpc_backend => 'manila.openstack.common.rpc.impl_zmq', + } + end + + it { is_expected.to contain_manila_config('DEFAULT/sql_connection').with_value('mysql://user:password@host/database') } + it { is_expected.to contain_manila_config('DEFAULT/rpc_backend').with_value('manila.openstack.common.rpc.impl_zmq') } + it { is_expected.to contain_manila_config('oslo_messaging_amqp/server_request_prefix').with_value('exclusive') } + it { is_expected.to contain_manila_config('oslo_messaging_amqp/broadcast_prefix').with_value('broadcast') } + it { is_expected.to contain_manila_config('oslo_messaging_amqp/group_request_prefix').with_value('unicast') } + it { is_expected.to contain_manila_config('oslo_messaging_amqp/container_name').with_value('guest') } + it { is_expected.to contain_manila_config('oslo_messaging_amqp/idle_timeout').with_value('0') } + it { is_expected.to contain_manila_config('oslo_messaging_amqp/trace').with_value(false) } + it { is_expected.to contain_manila_config('oslo_messaging_amqp/allow_insecure_clients').with_value(false) } + end + + describe 'with amqp SSL disable' do + let :params do + { + :rabbit_password => 'guest', + } + end + + it do + is_expected.to contain_manila_config('oslo_messaging_amqp/ssl_key_password').with_ensure('absent') + is_expected.to contain_manila_config('oslo_messaging_amqp/ssl_ca_file').with_ensure('absent') + is_expected.to contain_manila_config('oslo_messaging_amqp/ssl_cert_file').with_ensure('absent') + is_expected.to contain_manila_config('oslo_messaging_amqp/ssl_key_file').with_ensure('absent') + end + end + + describe 'with amqp SSL enabled' do + let :params do + { + :rabbit_password => 'guest', + :amqp_ssl_ca_file => '/path/to/ssl/ca/certs', + :amqp_ssl_cert_file => '/path/to/ssl/cert/file', + :amqp_ssl_key_file => '/path/to/ssl/keyfile', + :amqp_ssl_key_password => 'guest', + } + end + + it do + is_expected.to contain_manila_config('oslo_messaging_amqp/ssl_key_password').with_value('guest') + is_expected.to contain_manila_config('oslo_messaging_amqp/ssl_ca_file').with_value('/path/to/ssl/ca/certs') + is_expected.to contain_manila_config('oslo_messaging_amqp/ssl_cert_file').with_value('/path/to/ssl/cert/file') + is_expected.to contain_manila_config('oslo_messaging_amqp/ssl_key_file').with_value('/path/to/ssl/keyfile') + end + end + + describe 'with amqp SSL enabled without amqp_ssl_key_password' do + let :params do + { + :rabbit_password => 'guest', + :amqp_ssl_ca_file => '/path/to/ssl/ca/certs', + :amqp_ssl_cert_file => '/path/to/ssl/cert/file', + :amqp_ssl_key_file => '/path/to/ssl/keyfile', + } + end + + it do + is_expected.to contain_manila_config('oslo_messaging_amqp/ssl_key_password').with_ensure('absent') + is_expected.to contain_manila_config('oslo_messaging_amqp/ssl_ca_file').with_value('/path/to/ssl/ca/certs') + is_expected.to contain_manila_config('oslo_messaging_amqp/ssl_cert_file').with_value('/path/to/ssl/cert/file') + is_expected.to contain_manila_config('oslo_messaging_amqp/ssl_key_file').with_value('/path/to/ssl/keyfile') + end + end + end diff --git a/manila/spec/unit/provider/manila_config/ini_setting_spec.rb b/manila/spec/unit/provider/manila_config/ini_setting_spec.rb new file mode 100644 index 000000000..117bf1635 --- /dev/null +++ b/manila/spec/unit/provider/manila_config/ini_setting_spec.rb @@ -0,0 +1,72 @@ +$LOAD_PATH.push( + File.join( + File.dirname(__FILE__), + '..', + '..', + '..', + 'fixtures', + 'modules', + 'inifile', + 'lib') +) +$LOAD_PATH.push( + File.join( + File.dirname(__FILE__), + '..', + '..', + '..', + 'fixtures', + 'modules', + 'openstacklib', + 'lib') +) + +require 'spec_helper' + +provider_class = Puppet::Type.type(:manila_config).provider(:ini_setting) + +describe provider_class do + + it 'should default to the default setting when no other one is specified' do + resource = Puppet::Type::Manila_config.new( + { + :name => 'DEFAULT/foo', + :value => 'bar' + } + ) + provider = provider_class.new(resource) + expect(provider.section).to eq('DEFAULT') + expect(provider.setting).to eq('foo') + end + + it 'should allow setting to be set explicitly' do + resource = Puppet::Type::Manila_config.new( + { + :name => 'dude/foo', + :value => 'bar' + } + ) + provider = provider_class.new(resource) + expect(provider.section).to eq('dude') + expect(provider.setting).to eq('foo') + end + + it 'should ensure absent when is specified as a value' do + resource = Puppet::Type::Manila_config.new( + {:name => 'dude/foo', :value => ''} + ) + provider = provider_class.new(resource) + provider.exists? + expect(resource[:ensure]).to eq :absent + end + + it 'should ensure absent when value matches ensure_absent_val' do + resource = Puppet::Type::Manila_config.new( + {:name => 'dude/foo', :value => 'foo', :ensure_absent_val => 'foo' } + ) + provider = provider_class.new(resource) + provider.exists? + expect(resource[:ensure]).to eq :absent + end + +end diff --git a/manila/spec/unit/type/manila_config_spec.rb b/manila/spec/unit/type/manila_config_spec.rb new file mode 100644 index 000000000..5c24eebe0 --- /dev/null +++ b/manila/spec/unit/type/manila_config_spec.rb @@ -0,0 +1,19 @@ +require 'puppet' +require 'puppet/type/manila_config' + +describe 'Puppet::Type.type(:manila_config)' do + before :each do + @manila_config = Puppet::Type.type(:manila_config).new(:name => 'DEFAULT/foo', :value => 'bar') + end + + it 'should autorequire the package that install the file' do + catalog = Puppet::Resource::Catalog.new + package = Puppet::Type.type(:package).new(:name => 'manila') + catalog.add_resource package, @manila_config + dependency = @manila_config.autorequire + expect(dependency.size).to eq(1) + expect(dependency[0].target).to eq(@manila_config) + expect(dependency[0].source).to eq(package) + end + +end diff --git a/module-collectd/.travis.yml b/module-collectd/.travis.yml index e904792d0..9a0889eb9 100644 --- a/module-collectd/.travis.yml +++ b/module-collectd/.travis.yml @@ -2,21 +2,30 @@ sudo: false language: ruby bundler_args: --without system_tests +before_install: rm Gemfile.lock || true script: - - 'puppet --version' - - 'bundle exec rake validate' - - 'bundle exec rake lint' - - "bundle exec rake spec SPEC_OPTS='--format documentation'" + - 'bundle exec rake test' matrix: fast_finish: true include: - rvm: 1.9.3 - env: PUPPET_GEM_VERSION="~> 3.0" STRICT_VARIABLES="yes" + env: PUPPET_VERSION="~> 3.0" STRICT_VARIABLES="yes" - rvm: 2.1.6 - env: PUPPET_GEM_VERSION="~> 3.0" STRICT_VARIABLES="yes" + env: PUPPET_VERSION="~> 3.0" STRICT_VARIABLES="yes" - rvm: 2.1.6 - env: PUPPET_GEM_VERSION="~> 4.0" STRICT_VARIABLES="yes" + env: PUPPET_VERSION="~> 4.0" STRICT_VARIABLES="yes" - rvm: 2.2.0 - env: PUPPET_GEM_VERSION="~> 4.0" STRICT_VARIABLES="yes" + env: PUPPET_VERSION="~> 4.0" STRICT_VARIABLES="yes" notifications: email: false +deploy: + provider: puppetforge + user: puppet + password: + secure: "FAK3Izs5bSZyblGvcFnGWm0exZV5+v9pbwfRDD2oihWxX3U3pArGW+3XcwcJfLQgrUYBsOTmHC8yPjlgTBYeIt/5pvg9X+3jwNgeto6kozpI/nvAq4NtcHhzxRejuPELhFYeXZ3hEw0w+v/ZRo2cNLwI0LLpiWEDvCMZN1CJ2RY=" + on: + tags: true + # all_branches is required to use tags + all_branches: true + # Only publish if our main Ruby target builds + rvm: 1.9.3 diff --git a/module-collectd/CHANGELOG.md b/module-collectd/CHANGELOG.md index 3ccf0acde..24220e640 100644 --- a/module-collectd/CHANGELOG.md +++ b/module-collectd/CHANGELOG.md @@ -1,3 +1,39 @@ +## 2015-08-05 Release 4.1.2 + +Fix .travis.yml so that deploys work, better + +## 2015-08-05 Release 4.1.1 + +Fix .travis.yml so that deploys work + +## 2015-08-05 Release 4.1.0 + +This module now lives on the puppet community github organization. + +### New features + +* Add option to not install collectd-iptables on centos 6 +* Allow iptables chains parameter to be an array +* Support UdevNameAttr attribute on disk plugin (fixes #300) + +## 2015-07-26 Release 4.0.0 + +### Backwards-incompatible changes: + +* Exec plugin was renamed from collectd::plugin::exec to collectd::plugin::exec::cmd to support multiple execs +* Write_graphite was renamed from collectd::plugin::write_graphite to collectd::plugin::write_graphite::carbon to supports multiple carbon backends + +### New features + +* Support for the aggregation, chain, and protocols plugins +* Swap and Memory plugins now support ValuesAbsolute and ValuesPercentage +* OpenVPN plugin now supports multiple statusfiles + +### Bug fixes + +* Fixed bug preventing multiple instances of curl_json +* Fixed write_http plugin on RedHat + ## 2015-06-16 Release 3.4.0 ### Backwards-incompatible changes: diff --git a/module-collectd/Gemfile b/module-collectd/Gemfile index 4d302c2c5..ef295091d 100644 --- a/module-collectd/Gemfile +++ b/module-collectd/Gemfile @@ -1,31 +1,37 @@ -source ENV['GEM_SOURCE'] || "https://rubygems.org" +# Copyright 2014 Puppet Community +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. -group :development, :unit_tests do - gem 'rake', :require => false - gem 'rspec-puppet', :require => false - gem 'puppetlabs_spec_helper', :require => false - gem 'puppet-lint', :require => false - gem 'simplecov', :require => false - gem 'puppet_facts', :require => false - gem 'json', :require => false - gem 'metadata-json-lint', :require => false -end +source "https://rubygems.org" -group :system_tests do - gem 'beaker-rspec', :require => false - gem 'serverspec', :require => false +group :test do + gem "rake" + gem "puppet", ENV['PUPPET_VERSION'] || '~> 3.8.0' + gem "rspec-puppet", :git => 'https://github.com/rodjek/rspec-puppet.git' + gem "puppetlabs_spec_helper" + gem "metadata-json-lint" + gem "rspec-puppet-facts" + gem "rspec" + gem "puppet-blacksmith", "> 3.3.0", :platforms => [:ruby_19, :ruby_20, :ruby_21] end -if facterversion = ENV['FACTER_GEM_VERSION'] - gem 'facter', facterversion, :require => false -else - gem 'facter', :require => false +group :development do + gem "travis" + gem "travis-lint" + gem "guard-rake" end -if puppetversion = ENV['PUPPET_GEM_VERSION'] - gem 'puppet', puppetversion, :require => false -else - gem 'puppet', :require => false +group :system_tests do + gem "beaker" + gem "beaker-rspec" end - -# vim:ft=ruby diff --git a/module-collectd/Gemfile.lock b/module-collectd/Gemfile.lock index f06159581..a718ed81b 100644 --- a/module-collectd/Gemfile.lock +++ b/module-collectd/Gemfile.lock @@ -1,8 +1,15 @@ +GIT + remote: https://github.com/rodjek/rspec-puppet.git + revision: 369d729a36ee99232d8fe5586d3a3803ee4e7318 + specs: + rspec-puppet (2.2.1.pre) + rspec + GEM remote: https://rubygems.org/ specs: CFPropertyList (2.2.8) - activesupport (4.2.2) + activesupport (4.2.3) i18n (~> 0.7) json (~> 1.7, >= 1.7.7) minitest (~> 5.1) @@ -18,7 +25,8 @@ GEM aws-sdk-v1 (1.64.0) json (~> 1.4) nokogiri (>= 1.4.4) - beaker (2.14.1) + backports (3.6.6) + beaker (2.18.3) aws-sdk (~> 1.57) docker-api fission (~> 0.4) @@ -30,34 +38,42 @@ GEM minitest (~> 5.4) net-scp (~> 1.2) net-ssh (~> 2.9) + open_uri_redirections (~> 0.2.1) rbvmomi (~> 1.8) rsync (~> 1.0.9) unf (~> 0.1) - beaker-rspec (5.1.0) + beaker-rspec (5.2.0) beaker (~> 2.0) rspec serverspec (~> 2) specinfra (~> 2) builder (3.2.2) + coderay (1.1.0) diff-lcs (1.2.5) - docile (1.1.5) - docker-api (1.21.4) + docker-api (1.22.2) excon (>= 0.38.0) json - excon (0.45.3) + domain_name (0.5.24) + unf (>= 0.0.5, < 1.0.0) + ethon (0.7.4) + ffi (>= 1.3.0) + excon (0.45.4) extlib (0.9.16) facter (2.4.4) CFPropertyList (~> 2.2.6) faraday (0.9.1) multipart-post (>= 1.2, < 3) + faraday_middleware (0.10.0) + faraday (>= 0.7.4, < 0.10) + ffi (1.9.10) fission (0.5.0) CFPropertyList (~> 2.2) - fog (1.31.0) + fog (1.32.0) fog-atmos - fog-aws (~> 0.0) + fog-aws (>= 0.6.0) fog-brightbox (~> 0.4) - fog-core (~> 1.30) - fog-ecloud + fog-core (~> 1.32) + fog-ecloud (= 0.1.1) fog-google (>= 0.0.2) fog-json fog-local @@ -78,26 +94,26 @@ GEM fog-atmos (0.1.0) fog-core fog-xml - fog-aws (0.4.1) + fog-aws (0.7.4) fog-core (~> 1.27) fog-json (~> 1.0) fog-xml (~> 0.1) ipaddress (~> 0.8) - fog-brightbox (0.7.1) + fog-brightbox (0.8.0) fog-core (~> 1.22) fog-json inflecto (~> 0.0.2) - fog-core (1.30.0) + fog-core (1.32.0) builder excon (~> 0.45) formatador (~> 0.2) mime-types net-scp (~> 1.1) net-ssh (>= 2.1.3) - fog-ecloud (0.1.3) + fog-ecloud (0.1.1) fog-core fog-xml - fog-google (0.0.5) + fog-google (0.0.7) fog-core fog-json fog-xml @@ -110,7 +126,7 @@ GEM fog-core (~> 1.27) fog-json (~> 1.0) fog-xml (~> 0.1) - fog-profitbricks (0.0.3) + fog-profitbricks (0.0.5) fog-core fog-xml nokogiri @@ -128,7 +144,7 @@ GEM fog-serverlove (0.1.2) fog-core fog-json - fog-softlayer (0.4.6) + fog-softlayer (0.4.7) fog-core fog-json fog-storm_on_demand (0.1.1) @@ -147,6 +163,13 @@ GEM fog-core nokogiri (~> 1.5, >= 1.5.11) formatador (0.2.5) + gh (0.14.0) + addressable + backports + faraday (~> 0.8) + multi_json (~> 1.0) + net-http-persistent (>= 2.7) + net-http-pipeline google-api-client (0.8.6) activesupport (>= 3.2) addressable (~> 2.3) @@ -165,27 +188,47 @@ GEM memoist (~> 0.12) multi_json (= 1.11) signet (~> 0.6) - hiera (2.0.0) + guard (2.13.0) + formatador (>= 0.2.4) + listen (>= 2.7, <= 4.0) + lumberjack (~> 1.0) + nenv (~> 0.1) + notiffany (~> 0.0) + pry (>= 0.9.12) + shellany (~> 0.0) + thor (>= 0.18.1) + guard-rake (1.0.0) + guard + rake + hiera (1.3.4) json_pure - hocon (0.9.0) + highline (1.7.3) + hocon (0.9.3) + http-cookie (1.0.2) + domain_name (~> 0.5) i18n (0.7.0) inflecto (0.0.2) inifile (2.0.2) ipaddress (0.8.0) json (1.8.3) json_pure (1.8.2) - jwt (1.5.0) + jwt (1.5.1) launchy (2.4.3) addressable (~> 2.3) + listen (3.0.3) + rb-fsevent (>= 0.9.3) + rb-inotify (>= 0.9) little-plugger (1.1.3) logging (2.0.0) little-plugger (~> 1.1) multi_json (~> 1.10) + lumberjack (1.0.9) memoist (0.12.0) metaclass (0.0.4) metadata-json-lint (0.0.6) json spdx-licenses (~> 1.0) + method_source (0.8.2) mime-types (2.6.1) mini_portile (0.6.2) minitest (5.7.0) @@ -193,95 +236,139 @@ GEM metaclass (~> 0.0.1) multi_json (1.11.0) multipart-post (2.0.0) + nenv (0.2.0) + net-http-persistent (2.9.4) + net-http-pipeline (1.0.1) net-scp (1.2.1) net-ssh (>= 2.6.5) net-ssh (2.9.2) + net-telnet (0.1.1) + netrc (0.10.3) nokogiri (1.6.6.2) mini_portile (~> 0.6.0) - puppet (4.1.0) - facter (> 2.0, < 4) - hiera (>= 2.0, < 3) + notiffany (0.0.7) + nenv (~> 0.1) + shellany (~> 0.0) + open_uri_redirections (0.2.1) + pry (0.9.12.6) + coderay (~> 1.0) + method_source (~> 0.8) + slop (~> 3.4) + puppet (3.8.1) + facter (> 1.6, < 3) + hiera (~> 1.0) json_pure + puppet-blacksmith (3.3.1) + puppet (>= 2.7.16) + rest-client puppet-lint (1.1.0) puppet-syntax (2.0.0) rake - puppet_facts (0.2.1) puppetlabs_spec_helper (0.10.3) mocha puppet-lint puppet-syntax rake rspec-puppet + pusher-client (0.6.2) + json + websocket (~> 1.0) rake (10.4.2) + rb-fsevent (0.9.5) + rb-inotify (0.9.5) + ffi (>= 0.5.0) rbvmomi (1.8.2) builder nokogiri (>= 1.4.1) trollop + rest-client (1.8.0) + http-cookie (>= 1.0.2, < 2.0) + mime-types (>= 1.16, < 3.0) + netrc (~> 0.7) retriable (1.4.1) rspec (3.3.0) rspec-core (~> 3.3.0) rspec-expectations (~> 3.3.0) rspec-mocks (~> 3.3.0) - rspec-core (3.3.0) + rspec-core (3.3.2) rspec-support (~> 3.3.0) - rspec-expectations (3.3.0) + rspec-expectations (3.3.1) diff-lcs (>= 1.2.0, < 2.0) rspec-support (~> 3.3.0) rspec-its (1.2.0) rspec-core (>= 3.0.0) rspec-expectations (>= 3.0.0) - rspec-mocks (3.3.0) + rspec-mocks (3.3.2) diff-lcs (>= 1.2.0, < 2.0) rspec-support (~> 3.3.0) - rspec-puppet (2.2.0) - rspec + rspec-puppet-facts (0.11.0) + facter + json rspec-support (3.3.0) rsync (1.0.9) - serverspec (2.18.0) + serverspec (2.20.0) multi_json rspec (~> 3.0) rspec-its - specinfra (~> 2.35) + specinfra (~> 2.38) + sfl (2.2) + shellany (0.0.1) signet (0.6.1) addressable (~> 2.3) extlib (~> 0.9) faraday (~> 0.9) jwt (~> 1.5) multi_json (~> 1.10) - simplecov (0.10.0) - docile (~> 1.1.0) - json (~> 1.8) - simplecov-html (~> 0.10.0) - simplecov-html (0.10.0) + slop (3.6.0) spdx-licenses (1.0.0) json - specinfra (2.36.0) + specinfra (2.40.0) net-scp - net-ssh + net-ssh (~> 2.7) + net-telnet + sfl + thor (0.19.1) thread_safe (0.3.5) + travis (1.8.0) + addressable (~> 2.3) + backports + faraday (~> 0.9) + faraday_middleware (~> 0.9, >= 0.9.1) + gh (~> 0.13) + highline (~> 1.6) + launchy (~> 2.1) + pry (~> 0.9, < 0.10) + pusher-client (~> 0.4) + typhoeus (~> 0.6, >= 0.6.8) + travis-lint (2.0.0) + json trollop (2.1.2) + typhoeus (0.7.2) + ethon (>= 0.7.4) tzinfo (1.2.2) thread_safe (~> 0.1) unf (0.1.4) unf_ext unf_ext (0.0.7.1) + websocket (1.2.2) PLATFORMS ruby DEPENDENCIES + beaker beaker-rspec - facter - json + guard-rake metadata-json-lint - puppet - puppet-lint - puppet_facts + puppet (~> 3.8.0) + puppet-blacksmith (> 3.3.0) puppetlabs_spec_helper rake - rspec-puppet - serverspec - simplecov + rspec + rspec-puppet! + rspec-puppet-facts + travis + travis-lint BUNDLED WITH - 1.10.3 + 1.10.6 diff --git a/module-collectd/README.md b/module-collectd/README.md index 008f184aa..3ae238916 100644 --- a/module-collectd/README.md +++ b/module-collectd/README.md @@ -1,7 +1,7 @@ Collectd module for Puppet ========================== -[![Puppet Forge](http://img.shields.io/puppetforge/v/pdxcat/collectd.svg)](https://forge.puppetlabs.com/pdxcat/collectd) [![Build Status](https://travis-ci.org/pdxcat/puppet-module-collectd.png?branch=master)](https://travis-ci.org/pdxcat/puppet-module-collectd) +[![Puppet Forge](http://img.shields.io/puppetforge/v/puppet/collectd.svg)](https://forge.puppetlabs.com/puppet/collectd) [![Build Status](https://travis-ci.org/puppet-community/puppet-collectd.png?branch=master)](https://travis-ci.org/puppet-community/puppet-collectd) Description ----------- @@ -55,9 +55,12 @@ Configurable Plugins Parameters will vary widely between plugins. See the collectd documentation for each plugin for configurable attributes. +* `aggregation` (see [collectd::plugin::aggregation](#class-collectdpluginaggregation) below) * `amqp` (see [collectd::plugin::amqp](#class-collectdpluginamqp) below) * `apache` (see [collectd::plugin::apache](#class-collectdpluginapache) below) * `bind` (see [collectd::plugin::bind](#class-collectdpluginbind) below) +* `ceph` (see [collectd::plugin::ceph](#class-ceph) below) +* `chain` (see [collectd::plugin::chain](#class-chain) below) * `conntrack` (see [collectd::plugin::conntrack](#class-conntrack) below) * `cpu` (see [collectd::plugin::cpu](#class-collectdplugincpu) below) * `cpufreq` (see [collectd::plugin::cpufreq](#class-collectdplugincpufreq) below) @@ -81,6 +84,7 @@ documentation for each plugin for configurable attributes. * `memcached`(see [collectd::plugin::memcached](#class-collectdpluginmemcached) below ) * `memory`(see [collectd::plugin::memory](#class-collectdpluginmemory) below ) * `mysql` (see [collectd::plugin::mysql](#class-collectdpluginmysql) below) +* `netlink` (see [collectd::plugin::netlink](#class-collectdpluginnetlink) below) * `network` (see [collectd::plugin::network](#class-collectdpluginnetwork) below) * `nfs` (see [collectd::plugin::nfs](#class-collectdpluginnfs) below) * `nginx` (see [collectd::plugin::nginx](#class-collectdpluginnginx) below) @@ -114,6 +118,33 @@ documentation for each plugin for configurable attributes. * `write_riemann` (see [collectd::plugin::write_riemann](#class-collectdpluginwrite_riemann) below) * `zfs_arc` (see [collectd::plugin::zfs_arc](#class-collectdpluginzfs_arc) below) +####Class: `collectd::plugin::aggregation` + +```puppet +collectd::plugin::aggregation::aggregator { + cpu': + plugin => 'cpu', + type => 'cpu', + groupby => ["Host", "TypeInstance",], + calculateaverage => true, +} +``` + +You can as well configure this plugin with a parameterized class : + +```puppet +class { 'collectd::plugin::aggregation': + aggregators => { + cpu' => { + plugin => 'cpu', + type => 'cpu', + groupby => ["Host", "TypeInstance",], + calculateaverage => true, + }, + }, +} +``` + ####Class: `collectd::plugin::amqp` ```puppet @@ -148,6 +179,45 @@ class { 'collectd::plugin::bind': } ``` +####Class: `collectd::plugin::ceph` + +```puppet +class { 'collectd::plugin::ceph': + osds => [ 'osd.0', 'osd.1', 'osd.2'], +} +``` + +####Class: `collectd::plugin::chain` + +```puppet +class { 'collectd::plugin::chain': + chainname => "PostCache", + defaulttarget => "write", + rules => [ + { + 'match' => { + 'type' => 'regex', + 'matches' => { + 'Plugin' => "^cpu$", + 'PluginInstance' => "^[0-9]+$", + }, + }, + 'targets' => [ + { + 'type' => "write", + 'attributes' => { + "Plugin" => "aggregation", + }, + }, + { + 'type' => "stop", + }, + ], + }, + ], + } +``` + ####Class: `collectd::plugin::conntrack` ```puppet @@ -258,7 +328,8 @@ class { 'collectd::plugin::df': ```puppet class { 'collectd::plugin::disk': disks => ['/^dm/'], - ignoreselected => true + ignoreselected => true, + udevnameattr => 'DM_NAME', } ``` @@ -272,12 +343,30 @@ class { 'collectd::plugin::entropy': ####Class: `collectd::plugin::exec` ```puppet -collectd::plugin::exec { +collectd::plugin::exec::cmd { 'dummy': user => nobody, group => nogroup, exec => ["/bin/echo", "PUTVAL myhost/foo/gauge-flat N:1"], } + +``` +You can also configure this plugin with a parameterized class: +```puppet +class { 'collectd::plugin::exec': + commands => { + 'dummy1' => { + user => nobody, + group => nogroup, + exec => ["/bin/echo", "PUTVAL myhost/foo/gauge-flat1 N:1"], + }, + 'dummy2' => { + user => nobody, + group => nogroup, + exec => ["/bin/echo", "PUTVAL myhost/foo/gauge-flat2 N:1"], + }, + } +} ``` ####Class: `collectd::plugin::filecount` @@ -447,6 +536,19 @@ collectd::plugin::mysql::database { 'betadase': } ``` +####Class: `collectd::plugin::netlink` + +```puppet +class { 'collectd::plugin::netlink': + interfaces => ['eth0', 'eth1'], + verboseinterfaces => ['ppp0'], + qdiscs => ['"eth0" "pfifo_fast-1:0"', '"ppp0"'], + classes => ['"ppp0" "htb-1:10"'], + filters => ['"ppp0" "u32-1:0"'], + ignoreselected => false, +} +``` + ####Class: `collectd::plugin::network` ```puppet @@ -513,13 +615,32 @@ class { 'collectd::plugin::ntpd': ####Class: `collectd::plugin::openvpn` + * `statusfile` (String or Array) Status file(s) to collect data from. (Default `/etc/openvpn/openvpn-status.log`) + * `improvednamingschema` (Bool) When enabled, the filename of the status file will be used as plugin instance and the client's "common name" will be used as type instance. This is required when reading multiple status files. (Default: `false`) + * `collectcompression` Sets whether or not statistics about the compression used by OpenVPN should be collected. This information is only available in single mode. (Default `true`) + * `collectindividualusers` Sets whether or not traffic information is collected for each connected client individually. If set to false, currently no traffic data is collected at all because aggregating this data in a save manner is tricky. (Default `true`) + * `collectusercount` When enabled, the number of currently connected clients or users is collected. This is especially interesting when CollectIndividualUsers is disabled, but can be configured independently from that option. (Default `false`) + +Watch multiple `statusfile`s: + ```puppet class { 'collectd::plugin::openvpn': + statusfile => [ '/etc/openvpn/openvpn-status-tcp.log', '/etc/openvpn/openvpn-status-udp.log' ], collectindividualusers => false, collectusercount => true, } ``` +Watch the single default `statusfile`: + +```puppet +class { 'collectd::plugin::openvpn': + collectindividualusers => false, + collectusercount => true, +} +``` + + ####Class: `collectd::plugin::perl` This class has no parameters and will load the actual perl plugin. @@ -649,6 +770,8 @@ class { 'collectd::plugin::postgresql': ####Class: `collectd::plugin::processes` +You can either specify processes / process matches at once: + ```puppet class { 'collectd::plugin::processes': processes => ['process1', 'process2'], @@ -657,6 +780,18 @@ class { 'collectd::plugin::processes': ], } ``` + +Or define single processes / process matches: +```puppet +collectd::plugin::processes::process { 'collectd' : } +``` + +```puppet +collectd::plugin::processes::processmatch { 'elasticsearch' : + regex => '.*java.*org.elasticsearch.bootstrap.Elasticsearch' +} +``` + ####Class: `collectd::plugin::protocols` * `values` is an array of `Protocol` names, `Protocol:ValueName` pairs, or a regex @@ -687,11 +822,11 @@ NOTE: Since `v3.4.0` the syntax of this plugin has changed. Make sure to update class { 'collectd::plugin::python': modulepaths => ['/usr/share/collectd/python'], modules => { - 'elasticsearch': { + 'elasticsearch' => { 'script_source' => 'puppet:///modules/myorg/elasticsearch_collectd_python.py', 'config' => {'Cluster' => 'elasticsearch'}, }, - 'another-module': { + 'another-module' => { 'config' => {'Verbose' => 'true'}, } } @@ -921,9 +1056,29 @@ class { 'collectd::plugin::vmem': ####Class: `collectd::plugin::write_graphite` +The `write_graphite` plugin writes data to Graphite, an open-source metrics storage and graphing project. +```puppet +collectd::plugin::write_graphite::carbon {'my_graphite': + graphitehost => 'graphite.example.org', + graphiteport => 2003, + graphiteprefix => '', + protocol => 'tcp' +} +``` + +You can define multiple Graphite backends where will be metrics send. Each backend should have unique title: + ```puppet -class { 'collectd::plugin::write_graphite': - graphitehost => 'graphite.example.org', +collectd::plugin::write_graphite::carbon {'secondary_graphite': + graphitehost => 'graphite.example.org', + graphiteport => 2004, + graphiteprefix => '', + protocol => 'udp', + escapecharacter => '_', + alwaysappendds => true, + storerates => true, + separateinstances => false, + logsenderrors => true } ``` @@ -974,7 +1129,7 @@ See metadata.json for supported platforms ##Known issues -Some plugins will need two runs of Puppet to fully generate the configuration for collectd. See [this issue](https://github.com/pdxcat/puppet-module-collectd/issues/162). +Some plugins will need two runs of Puppet to fully generate the configuration for collectd. See [this issue](https://github.com/puppet-community/puppet-collectd/issues/162). ##Development @@ -996,7 +1151,7 @@ bundle exec rake spec SPEC_OPTS='--format documentation' Some plugins or some options in plugins are only available for recent versions of collectd. -This module shall not use unsupported configuration directives. Look at [templates/loadplugin.conf.erb](https://github.com/pdxcat/puppet-module-collectd/blob/master/templates/loadplugin.conf.erb) for a hands-on example. +This module shall not use unsupported configuration directives. Look at [templates/loadplugin.conf.erb](https://github.com/puppet-community/puppet-collectd/blob/master/templates/loadplugin.conf.erb) for a hands-on example. Please make use of the search by branch/tags on the collectd github to see when a function has been first released. diff --git a/module-collectd/Rakefile b/module-collectd/Rakefile index a64429cae..e19767193 100644 --- a/module-collectd/Rakefile +++ b/module-collectd/Rakefile @@ -1,9 +1,60 @@ require 'puppetlabs_spec_helper/rake_tasks' require 'puppet-lint/tasks/puppet-lint' +require 'puppet-syntax/tasks/puppet-syntax' +require 'metadata-json-lint/rake_task' PuppetLint.configuration.fail_on_warnings = true PuppetLint.configuration.send('disable_80chars') PuppetLint.configuration.send('disable_class_inherits_from_params_class') PuppetLint.configuration.send('disable_class_parameter_defaults') PuppetLint.configuration.send('disable_documentation') -PuppetLint.configuration.ignore_paths = ["spec/**/*.pp", "pkg/**/*.pp"] + +# These two gems aren't always present, for instance +# on Travis with --without development +begin + require 'puppet_blacksmith/rake_tasks' +rescue LoadError +end + +exclude_paths = [ + "pkg/**/*", + "vendor/**/*", + "spec/**/*", +] +PuppetLint.configuration.ignore_paths = exclude_paths +PuppetSyntax.exclude_paths = exclude_paths + +desc "Run acceptance tests" +RSpec::Core::RakeTask.new(:acceptance) do |t| + t.pattern = 'spec/acceptance' +end + +desc "Run metadata_lint, lint, syntax, and spec tests." +task :test => [ + :metadata_lint, + :lint, + :syntax, + :spec, +] + +if RUBY_VERSION >= "1.9.0" and RUBY_VERSION < "2.2.0" then + Blacksmith::RakeTask.new do |t| + t.build = false # do not build the module nor push it to the Forge + # just do the tagging [:clean, :tag, :bump_commit] + end + + + desc "Offload release process to Travis." + task :travis_release => [ + :check_changelog, # check that the changelog contains an entry for the current release + :"module:release", # do everything except build / push to forge, travis will do that for us + ] + + desc "Check Changelog." + task :check_changelog do + v = Blacksmith::Modulefile.new.version + if File.readlines('CHANGELOG.md').grep("Releasing #{v}").size == 0 then + fail "Unable to find a CHANGELOG.md entry for the #{v} release." + end + end +end diff --git a/module-collectd/lib/puppet/parser/functions/collectd_convert_processmatch.rb b/module-collectd/lib/puppet/parser/functions/collectd_convert_processmatch.rb new file mode 100644 index 000000000..76dda7e3b --- /dev/null +++ b/module-collectd/lib/puppet/parser/functions/collectd_convert_processmatch.rb @@ -0,0 +1,32 @@ +module Puppet::Parser::Functions + + newfunction(:collectd_convert_processmatch, :type => :rvalue, :arity => 1, :doc => <<-ENDDOC + Converts the array from the old style to define process matches in the + processes plugin into a create_resources compatible hash which + can be used with the new style define. + + Example: + [ { 'name' => 'foo', 'regex' => '.*' } , { 'name' => 'bar', 'regex' => '[0-9]+' } ] + will be converted to + { 'foo' => { 'regex' => '.*' } , 'bar' => { 'regex' => '[0-9]+' } } + ENDDOC + ) do |args| + if args.size != 1 then + raise(Puppet::ParseError, "convert_process_match_array(): Needs exactly one argument") + end + + parray = args[0] + unless parray.is_a?(Array) + raise(Puppet::ParseError, "convert_process_match_array(): Needs an array as argument") + end + + phash = Hash.new + + parray.each do |p| + phash[p['name']] = { 'regex' => p['regex'] } + end + + return phash + end +end + diff --git a/module-collectd/manifests/plugin/aggregation.pp b/module-collectd/manifests/plugin/aggregation.pp new file mode 100644 index 000000000..953bebdc8 --- /dev/null +++ b/module-collectd/manifests/plugin/aggregation.pp @@ -0,0 +1,16 @@ +# +class collectd::plugin::aggregation ( + $ensure = present, + $interval = undef, + $aggregators = { }, +) { + + collectd::plugin {'aggregation': + ensure => $ensure, + interval => $interval, + } + $defaults = { + 'ensure' => $ensure + } + create_resources(collectd::plugin::aggregation::aggregator, $aggregators, $defaults) +} diff --git a/module-collectd/manifests/plugin/aggregation/aggregator.pp b/module-collectd/manifests/plugin/aggregation/aggregator.pp new file mode 100644 index 000000000..2fd087953 --- /dev/null +++ b/module-collectd/manifests/plugin/aggregation/aggregator.pp @@ -0,0 +1,34 @@ +# +define collectd::plugin::aggregation::aggregator ( + $ensure = 'present', + $host = undef, + $plugin = undef, + $plugininstance = undef, + $type = undef, + $typeinstance = undef, + $sethost = undef, + $setplugin = undef, + $setplugininstance = undef, + $settypeinstance = undef, + $groupby = [], + $calculatesum = undef, + $calculatenum = undef, + $calculateaverage = undef, + $calculateminimum = undef, + $calculatemaximum = undef, + $calculatestddev = undef, +) { + include collectd::params + include collectd::plugin::aggregation + + $conf_dir = $collectd::params::plugin_conf_dir + + file { "${conf_dir}/aggregator-${name}.conf": + ensure => $ensure, + mode => '0640', + owner => 'root', + group => $collectd::params::root_group, + content => template('collectd/plugin/aggregation-aggregator.conf.erb'), + notify => Service['collectd'], + } +} diff --git a/module-collectd/manifests/plugin/ceph.pp b/module-collectd/manifests/plugin/ceph.pp new file mode 100644 index 000000000..0d944ed10 --- /dev/null +++ b/module-collectd/manifests/plugin/ceph.pp @@ -0,0 +1,35 @@ +#== Class: collectd::plugin::ceph +# +# Class to manage ceph plugin for collectd +# === Parameters +# [*ensure*] +# ensure param for collectd::plugin type +# +# [*osds*] +# array of osds to create config for +# example: ['osd.1', 'osd.2', 'osd.3'] +# +# [*longrunavglatency*] +# If enabled, latency values(sum,count pairs) are calculated as the long run average - average since the ceph daemon was started = (sum / count). i +# When disabled, latency values are calculated as the average since the last collection = (sum_now - sum_last) / (count_now - count_last). +# +# [*convertspecialmetrictypes*} +# If enabled, special metrics (metrics that differ in type from similar counters) are converted to the type of those similar counters. +# This currently only applies to filestore.journal_wr_bytes which is a counter for OSD daemons. The ceph schema reports this metric type as a sum,count pair i +# while similar counters are treated as derive types. When converted, the sum is used as the counter value and is treated as a derive type. When disabled, +# all metrics are treated as the types received from the ceph schema. +# +class collectd::plugin::ceph ( + $ensure = present, + $longrunavglatency = false, + $convertspecialmetrictypes = true, + $osds, +) { + + validate_array($osds) + + collectd::plugin {'ceph': + ensure => $ensure, + content => template('collectd/plugin/ceph.conf.erb'), + } +} diff --git a/module-collectd/manifests/plugin/chain.pp b/module-collectd/manifests/plugin/chain.pp new file mode 100644 index 000000000..0024acb92 --- /dev/null +++ b/module-collectd/manifests/plugin/chain.pp @@ -0,0 +1,20 @@ +# +class collectd::plugin::chain ( + $chainname = 'Main', + $ensure = 'present', + $defaulttarget = 'write', + $rules = [] +) { + include collectd::params + + $conf_dir = $collectd::params::plugin_conf_dir + + file { "${conf_dir}/99-chain-${chainname}.conf": + ensure => $ensure, + mode => '0640', + owner => 'root', + group => $collectd::params::root_group, + content => template('collectd/plugin/chain.conf.erb'), + notify => Service['collectd'], + } +} diff --git a/module-collectd/manifests/plugin/curl_json.pp b/module-collectd/manifests/plugin/curl_json.pp index f571bb9c4..db7bf2c15 100644 --- a/module-collectd/manifests/plugin/curl_json.pp +++ b/module-collectd/manifests/plugin/curl_json.pp @@ -13,9 +13,7 @@ validate_hash($keys) if $::osfamily == 'Redhat' { - package { 'collectd-curl_json': - ensure => $ensure, - } + ensure_packages('collectd-curl_json') } $conf_dir = $collectd::params::plugin_conf_dir diff --git a/module-collectd/manifests/plugin/disk.pp b/module-collectd/manifests/plugin/disk.pp index 4f69530ff..c805c0c21 100644 --- a/module-collectd/manifests/plugin/disk.pp +++ b/module-collectd/manifests/plugin/disk.pp @@ -4,6 +4,7 @@ $disks = [], $ignoreselected = false, $interval = undef, + $udevnameattr = undef, ) { validate_array($disks) diff --git a/module-collectd/manifests/plugin/exec.pp b/module-collectd/manifests/plugin/exec.pp index f9317db79..d3fa4eb87 100644 --- a/module-collectd/manifests/plugin/exec.pp +++ b/module-collectd/manifests/plugin/exec.pp @@ -1,35 +1,44 @@ # See http://collectd.org/documentation/manpages/collectd.conf.5.shtml#plugin_exec -define collectd::plugin::exec ( - $user, - $group, - $exec = [], - $notification_exec = [], - $ensure = present, - $order = '10', +class collectd::plugin::exec ( + $commands = {}, + $interval = undef, + $ensure = present, + $globals = false, ) { include collectd::params - validate_array($exec) - validate_array($notification_exec) + validate_hash($commands) + validate_bool($globals) - $conf_dir = $collectd::params::plugin_conf_dir + collectd::plugin {'exec': + ensure => $ensure, + globals => $globals, + interval => $interval, + } + + # should be loaded after global plugin configuration + $exec_conf = "${collectd::params::plugin_conf_dir}/exec-config.conf" + + concat{ $exec_conf: + ensure => $ensure, + mode => '0640', + owner => 'root', + group => $collectd::params::root_group, + notify => Service['collectd'], + ensure_newline => true, + } - # This is deprecated file naming ensuring old style file removed, and should be removed in next major relese - file { "${name}.load-deprecated": - ensure => absent, - path => "${conf_dir}/${name}.conf", + concat::fragment{'collectd_plugin_exec_conf_header': + order => '00', + content => '', + target => $exec_conf, } - # End deprecation - file { - "${name}.load": - ensure => $ensure, - path => "${conf_dir}/${order}-${name}.conf", - owner => 'root', - group => $collectd::params::root_group, - mode => '0644', - content => template('collectd/exec.conf.erb'), - notify => Service['collectd'], + concat::fragment{'collectd_plugin_exec_conf_footer': + order => '99', + content => '', + target => $exec_conf, } -} + create_resources(collectd::plugin::exec::cmd, $commands) +} \ No newline at end of file diff --git a/module-collectd/manifests/plugin/exec/cmd.pp b/module-collectd/manifests/plugin/exec/cmd.pp new file mode 100644 index 000000000..cd44113fe --- /dev/null +++ b/module-collectd/manifests/plugin/exec/cmd.pp @@ -0,0 +1,29 @@ +define collectd::plugin::exec::cmd ( + $user, + $group, + $exec = [], + $notification_exec = [], + $ensure = present, +) { + include collectd::params + include collectd::plugin::exec + + validate_array($exec) + validate_array($notification_exec) + + $conf_dir = $collectd::params::plugin_conf_dir + + # This is deprecated file naming ensuring old style file removed, and should be removed in next major relese + file { "${name}.load-deprecated": + ensure => absent, + path => "${conf_dir}/${name}.conf", + } + # End deprecation + + concat::fragment{"collectd_plugin_exec_conf_${title}": + ensure => $ensure, + order => '50', # somewhere between header and footer + target => $collectd::plugin::exec::exec_conf, + content => template('collectd/plugin/exec/cmd.conf.erb'), + } +} diff --git a/module-collectd/manifests/plugin/iptables.pp b/module-collectd/manifests/plugin/iptables.pp index 8e0dd76a0..6446c8f19 100644 --- a/module-collectd/manifests/plugin/iptables.pp +++ b/module-collectd/manifests/plugin/iptables.pp @@ -1,6 +1,7 @@ # https://collectd.org/wiki/index.php/Plugin:IPTables class collectd::plugin::iptables ( $ensure = present, + $ensure_package = present, $chains = {}, $interval = undef, ) { @@ -8,7 +9,7 @@ if $::osfamily == 'Redhat' { package { 'collectd-iptables': - ensure => $ensure, + ensure => $ensure_package, } } diff --git a/module-collectd/manifests/plugin/logfile.pp b/module-collectd/manifests/plugin/logfile.pp index b58afe8b6..e0e19fe6f 100644 --- a/module-collectd/manifests/plugin/logfile.pp +++ b/module-collectd/manifests/plugin/logfile.pp @@ -1,17 +1,18 @@ # https://collectd.org/wiki/index.php/Plugin:LogFile class collectd::plugin::logfile ( - $ensure = present, - $interval = undef, - $log_level = 'info', - $log_file = '/var/log/collectd.log', - $log_timestamp = true + $ensure = present, + $interval = undef, + $log_level = 'info', + $log_file = '/var/log/collectd.log', + $log_timestamp = true, + $print_severity = false ) { collectd::plugin { 'logfile': ensure => $ensure, content => template('collectd/plugin/logfile.conf.erb'), interval => $interval, # Load logging plugin first - # https://github.com/pdxcat/puppet-module-collectd/pull/166#issuecomment-50591413 + # https://github.com/puppet-community/puppet-collectd/pull/166#issuecomment-50591413 order => '05', } } diff --git a/module-collectd/manifests/plugin/memory.pp b/module-collectd/manifests/plugin/memory.pp index 23e5a7891..0e083dc15 100644 --- a/module-collectd/manifests/plugin/memory.pp +++ b/module-collectd/manifests/plugin/memory.pp @@ -1,10 +1,19 @@ # https://collectd.org/wiki/index.php/Plugin:Memory class collectd::plugin::memory ( - $ensure = present, - $interval = undef, + $ensure = present, + $valuesabsolute = true, + $valuespercentage = false, + $interval = undef, ) { + + validate_bool( + $valuesabsolute, + $valuespercentage, + ) + collectd::plugin {'memory': ensure => $ensure, + content => template('collectd/plugin/memory.conf.erb'), interval => $interval, } } diff --git a/module-collectd/manifests/plugin/netlink.pp b/module-collectd/manifests/plugin/netlink.pp new file mode 100644 index 000000000..8ee6664c1 --- /dev/null +++ b/module-collectd/manifests/plugin/netlink.pp @@ -0,0 +1,27 @@ +# https://collectd.org/wiki/index.php/Plugin:Netlink +class collectd::plugin::netlink ( + $ensure = present, + $interfaces = [], + $verboseinterfaces = [], + $qdiscs = [], + $classes = [], + $filters = [], + $ignoreselected = false, + $interval = undef, +) { + + validate_array($interfaces, $verboseinterfaces, $qdiscs, $classes, $filters) + validate_bool($ignoreselected) + + if $::osfamily == 'Redhat' { + package { 'collectd-netlink': + ensure => $ensure, + } + } + + collectd::plugin {'netlink': + ensure => $ensure, + content => template('collectd/plugin/netlink.conf.erb'), + interval => $interval, + } +} diff --git a/module-collectd/manifests/plugin/openvpn.pp b/module-collectd/manifests/plugin/openvpn.pp index a572d098d..41c7d17d1 100644 --- a/module-collectd/manifests/plugin/openvpn.pp +++ b/module-collectd/manifests/plugin/openvpn.pp @@ -8,7 +8,15 @@ $collectusercount = false, $interval = undef, ) { - validate_absolute_path($statusfile) + if is_string($statusfile) { + validate_absolute_path($statusfile) + $statusfiles = [ $statusfile ] + } elsif is_array($statusfile) { + $statusfiles = $statusfile + } else { + fail("statusfile must be either array or string: ${statusfile}") + } + validate_bool( $improvednamingschema, $collectcompression, diff --git a/module-collectd/manifests/plugin/processes.pp b/module-collectd/manifests/plugin/processes.pp index 113d6e69a..9241f2bb6 100644 --- a/module-collectd/manifests/plugin/processes.pp +++ b/module-collectd/manifests/plugin/processes.pp @@ -1,6 +1,7 @@ # See http://collectd.org/documentation/manpages/collectd.conf.5.shtml#plugin_processes class collectd::plugin::processes ( $ensure = present, + $order = 10, $interval = undef, $processes = undef, $process_matches = undef, @@ -8,9 +9,47 @@ if $processes { validate_array($processes) } if $process_matches { validate_array($process_matches) } + include collectd::params + collectd::plugin {'processes': ensure => $ensure, - content => template('collectd/plugin/processes.conf.erb'), + order => $order, interval => $interval, } + + concat{"${collectd::params::plugin_conf_dir}/processes-config.conf": + ensure => $ensure, + mode => '0640', + owner => 'root', + group => $collectd::params::root_group, + notify => Service['collectd'], + ensure_newline => true, + } + concat::fragment{'collectd_plugin_processes_conf_header': + ensure => $ensure, + order => '00', + content => '', + target => "${collectd::params::plugin_conf_dir}/processes-config.conf", + } + concat::fragment{'collectd_plugin_processes_conf_footer': + ensure => $ensure, + order => '99', + content => '', + target => "${collectd::params::plugin_conf_dir}/processes-config.conf", + } + + + if $processes { + collectd::plugin::processes::process { $processes : } + } + if $process_matches { + $process_matches_resources = collectd_convert_processmatch($process_matches) + $defaults = { 'ensure' => $ensure } + create_resources( + collectd::plugin::processes::processmatch, + $process_matches_resources, + $defaults + ) + } + } diff --git a/module-collectd/manifests/plugin/processes/process.pp b/module-collectd/manifests/plugin/processes/process.pp new file mode 100644 index 000000000..f2cac9035 --- /dev/null +++ b/module-collectd/manifests/plugin/processes/process.pp @@ -0,0 +1,16 @@ +define collectd::plugin::processes::process ( + $process = $name, + $ensure = 'present' +){ + + include collectd::plugin::processes + include collectd::params + + concat::fragment{"collectd_plugin_processes_conf_process_${process}": + ensure => $ensure, + order => '50', + content => "Process \"${process}\"\n", + target => "${collectd::params::plugin_conf_dir}/processes-config.conf" + } + +} diff --git a/module-collectd/manifests/plugin/processes/processmatch.pp b/module-collectd/manifests/plugin/processes/processmatch.pp new file mode 100644 index 000000000..d524091ea --- /dev/null +++ b/module-collectd/manifests/plugin/processes/processmatch.pp @@ -0,0 +1,17 @@ +define collectd::plugin::processes::processmatch ( + $regex, + $ensure = 'present', + $matchname = $name +){ + + include collectd::plugin::processes + include collectd::params + + concat::fragment{"collectd_plugin_processes_conf_processmatch_${matchname}": + ensure => $ensure, + order => '51', + content => "ProcessMatch \"${matchname}\" \"${regex}\"\n", + target => "${collectd::params::plugin_conf_dir}/processes-config.conf" + } + +} diff --git a/module-collectd/manifests/plugin/snmp/data.pp b/module-collectd/manifests/plugin/snmp/data.pp index 097e17255..be1691be8 100644 --- a/module-collectd/manifests/plugin/snmp/data.pp +++ b/module-collectd/manifests/plugin/snmp/data.pp @@ -4,6 +4,9 @@ $type, $values, $ensure = present, + $instanceprefix = undef, + $scale = undef, + $shift = undef, $table = false, ) { include collectd diff --git a/module-collectd/manifests/plugin/swap.pp b/module-collectd/manifests/plugin/swap.pp index aa04f1ada..60c0ae48f 100644 --- a/module-collectd/manifests/plugin/swap.pp +++ b/module-collectd/manifests/plugin/swap.pp @@ -1,13 +1,17 @@ # https://collectd.org/wiki/index.php/Plugin:Swap class collectd::plugin::swap ( - $ensure = present, - $interval = undef, - $reportbydevice = false, - $reportbytes = true, + $ensure = present, + $interval = undef, + $reportbydevice = false, + $reportbytes = true, + $valuesabsolute = true, + $valuespercentage = false, ) { validate_bool( $reportbydevice, - $reportbytes + $reportbytes, + $valuesabsolute, + $valuespercentage ) collectd::plugin {'swap': diff --git a/module-collectd/manifests/plugin/syslog.pp b/module-collectd/manifests/plugin/syslog.pp index 5a6e7e50d..494c29a92 100644 --- a/module-collectd/manifests/plugin/syslog.pp +++ b/module-collectd/manifests/plugin/syslog.pp @@ -10,7 +10,7 @@ content => template('collectd/plugin/syslog.conf.erb'), interval => $interval, # Load logging plugin first - # https://github.com/pdxcat/puppet-module-collectd/pull/166#issuecomment-50591413 + # https://github.com/puppet-community/puppet-collectd/pull/166#issuecomment-50591413 order => '05', } } diff --git a/module-collectd/manifests/plugin/tcpconns.pp b/module-collectd/manifests/plugin/tcpconns.pp index 7ff6db997..77e691e08 100644 --- a/module-collectd/manifests/plugin/tcpconns.pp +++ b/module-collectd/manifests/plugin/tcpconns.pp @@ -1,10 +1,11 @@ # https://collectd.org/wiki/index.php/Plugin:TCPConns class collectd::plugin::tcpconns ( - $localports = undef, - $remoteports = undef, - $listening = undef, - $interval = undef, - $ensure = present + $localports = undef, + $remoteports = undef, + $listening = undef, + $interval = undef, + $allportssummary = undef, + $ensure = present ) { if $localports { @@ -15,6 +16,10 @@ validate_array($remoteports) } + if $allportssummary { + validate_bool($allportssummary) + } + collectd::plugin {'tcpconns': ensure => $ensure, content => template('collectd/plugin/tcpconns.conf.erb'), diff --git a/module-collectd/manifests/plugin/write_graphite.pp b/module-collectd/manifests/plugin/write_graphite.pp index 045e25a01..a87f56dec 100644 --- a/module-collectd/manifests/plugin/write_graphite.pp +++ b/module-collectd/manifests/plugin/write_graphite.pp @@ -1,25 +1,44 @@ # https://collectd.org/wiki/index.php/Graphite class collectd::plugin::write_graphite ( - $ensure = present, - $graphitehost = 'localhost', - $graphiteport = 2003, - $storerates = true, - $graphiteprefix = 'collectd.', - $graphitepostfix = undef, + $carbons = {}, + $carbon_defaults = {}, $interval = undef, - $escapecharacter = '_', - $alwaysappendds = false, - $protocol = 'tcp', - $separateinstances = false, - $logsenderrors = true, + $ensure = present, + $globals = false, ) { - validate_bool($storerates) - validate_bool($separateinstances) - validate_bool($logsenderrors) + include collectd::params + + validate_hash($carbons) collectd::plugin {'write_graphite': ensure => $ensure, - content => template('collectd/plugin/write_graphite.conf.erb'), + globals => $globals, interval => $interval, } + + # should be loaded after global plugin configuration + $graphite_conf = "${collectd::params::plugin_conf_dir}/write_graphite-config.conf" + + concat{ $graphite_conf: + ensure => $ensure, + mode => '0640', + owner => 'root', + group => $collectd::params::root_group, + notify => Service['collectd'], + ensure_newline => true, + } + + concat::fragment{'collectd_plugin_write_graphite_conf_header': + order => '00', + content => '', + target => $graphite_conf, + } + + concat::fragment{'collectd_plugin_write_graphite_conf_footer': + order => '99', + content => '', + target => $graphite_conf, + } + + create_resources(collectd::plugin::write_graphite::carbon, $carbons, $carbon_defaults) } diff --git a/module-collectd/manifests/plugin/write_graphite/carbon.pp b/module-collectd/manifests/plugin/write_graphite/carbon.pp new file mode 100644 index 000000000..78d46d2ad --- /dev/null +++ b/module-collectd/manifests/plugin/write_graphite/carbon.pp @@ -0,0 +1,30 @@ +# a single graphite backend +define collectd::plugin::write_graphite::carbon ( + $ensure = present, + $graphitehost = 'localhost', + $graphiteport = 2003, + $storerates = true, + $graphiteprefix = 'collectd.', + $graphitepostfix = undef, + $interval = undef, + $escapecharacter = '_', + $alwaysappendds = false, + $protocol = 'tcp', + $separateinstances = false, + $logsenderrors = true, +){ + include collectd::params + include collectd::plugin::write_graphite + + validate_bool($storerates) + validate_bool($alwaysappendds) + validate_bool($separateinstances) + validate_bool($logsenderrors) + + concat::fragment{"collectd_plugin_write_graphite_conf_${title}_${protocol}_${graphiteport}": + ensure => $ensure, + order => '50', # somewhere between header and footer + target => $collectd::plugin::write_graphite::graphite_conf, + content => template('collectd/plugin/write_graphite/carbon.conf.erb'), + } +} diff --git a/module-collectd/metadata.json b/module-collectd/metadata.json index 70eb423a5..f76d52202 100644 --- a/module-collectd/metadata.json +++ b/module-collectd/metadata.json @@ -69,17 +69,19 @@ "version_requirement": ">= 3.2.0" } ], - "name": "pdxcat-collectd", - "version": "3.4.0", - "source": "https://github.com/pdxcat/puppet-module-collectd", - "author": "Computer Action Team", + "name": "puppet-collectd", + "version": "4.1.2", + "source": "https://github.com/puppet-community/puppet-collectd", + "author": "puppetcommunity", "license": "Apache-2.0", "summary": "Puppet module for Collectd", - "project_page": "https://github.com/pdxcat/puppet-module-collectd", + "project_page": "https://github.com/puppet-community/puppet-collectd", + "issues_url": "https://github.com/puppet-community/puppet-collectd/issues", + "tags": ["collectd", "puppet-community"], "dependencies": [ { "name": "puppetlabs/stdlib", - "version_requirement": ">= 3.0.0" + "version_requirement": ">= 3.2.0" }, { "name": "puppetlabs/concat", diff --git a/module-collectd/spec/classes/collectd_plugin_ceph_spec.rb b/module-collectd/spec/classes/collectd_plugin_ceph_spec.rb new file mode 100644 index 000000000..67ab0ddfd --- /dev/null +++ b/module-collectd/spec/classes/collectd_plugin_ceph_spec.rb @@ -0,0 +1,56 @@ +require 'spec_helper' + + +describe 'collectd::plugin::ceph', :type => :class do + let :facts do + {:osfamily => 'RedHat'} + end + + context ':ensure => present and :osds => [ \'osd.0\, \osd.1\, \osd.2\]' do + let :params do + {:osds => [ 'osd.0', 'osd.1', 'osd.2']} + end +content = < + LongRunAvgLatency + ConvertSpecialMetricTypes + + + SocketPath "/var/run/ceph/ceph-osd.0.asok" + + + SocketPath "/var/run/ceph/ceph-osd.1.asok" + + + SocketPath "/var/run/ceph/ceph-osd.2.asok" + + + +EOS + it 'Will create /etc/collectd.d/10-ceph.conf' do + should contain_collectd__plugin('ceph').with_content(content) + end + end + + context ':ensure => absent' do + let :params do + {:osds => [ 'osd.0', 'osd.1', 'osd.2' ], :ensure => 'absent'} + end + it 'Will not create /etc/collectd.d/10-ceph.conf' do + should contain_file('ceph.load').with({ + :ensure => 'absent', + :path => '/etc/collectd.d/10-ceph.conf', + }) + end + end + + context ':ceph is not an array' do + let :params do + {:osds => 'osd.0'} + end + it 'Will raise an error about :osds being a String' do + should compile.and_raise_error(/String/) + end + end + +end diff --git a/module-collectd/spec/classes/collectd_plugin_disk_spec.rb b/module-collectd/spec/classes/collectd_plugin_disk_spec.rb index d9d2089bb..44cfe69ee 100644 --- a/module-collectd/spec/classes/collectd_plugin_disk_spec.rb +++ b/module-collectd/spec/classes/collectd_plugin_disk_spec.rb @@ -38,5 +38,39 @@ should compile.and_raise_error(/String/) end end -end + context ':udevnameattr on collectd < 5.5' do + let :params do + {:udevnameattr => 'DM_NAME'} + end + let :facts do + { :osfamily => 'RedHat', + :collectd_version => '5.4', + } + end + it 'Will not include the setting' do + should contain_file('disk.load').with({ + :ensure => 'present', + :path => '/etc/collectd.d/10-disk.conf', + }).without_content(/UdevNameAttr DM_NAME/) + end + end + + context ':udevnameattr on collectd >= 5.5' do + let :params do + {:udevnameattr => 'DM_NAME'} + end + let :facts do + { :osfamily => 'RedHat', + :collectd_version => '5.5', + } + end + it 'Will include the setting' do + should contain_file('disk.load').with({ + :ensure => 'present', + :path => '/etc/collectd.d/10-disk.conf', + :content => /UdevNameAttr DM_NAME/, + }) + end + end +end diff --git a/module-collectd/spec/classes/collectd_plugin_exec_spec.rb b/module-collectd/spec/classes/collectd_plugin_exec_spec.rb new file mode 100644 index 000000000..d3cf96638 --- /dev/null +++ b/module-collectd/spec/classes/collectd_plugin_exec_spec.rb @@ -0,0 +1,78 @@ +require 'spec_helper' + +describe 'collectd::plugin::exec', :type => :class do + + let :facts do + { + :osfamily => 'Debian', + :concat_basedir => tmpfilename('collectd-exec'), + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :collectd_version => '5.0' + } + end + + context 'single command' do + let :params do + { + :commands => { 'hello' => + {'user' => 'nobody', 'group' => 'users', 'exec' => ['/bin/echo', 'hello world']} + }, + } + end + + it 'Will create /etc/collectd.d/conf.d/exec-config.conf' do + should contain_concat__fragment('collectd_plugin_exec_conf_header').with({ + :content => //, + :target => '/etc/collectd/conf.d/exec-config.conf', + :order => '00' + }) + end + + it 'Will create /etc/collectd.d/conf.d/exec-config' do + should contain_concat__fragment('collectd_plugin_exec_conf_footer').with({ + :content => /<\/Plugin>/, + :target => '/etc/collectd/conf.d/exec-config.conf', + :order => '99' + }) + end + + it 'includes exec statement' do + should contain_concat__fragment('collectd_plugin_exec_conf_hello').with({ + :content => /Exec \"nobody:users\" \"\/bin\/echo\" \"hello world\"/, + :target => '/etc/collectd/conf.d/exec-config.conf', + }) + end + end + + context 'multiple commands' do + let :params do + { + :commands => { + 'hello' => { 'user' => 'nobody', 'group' => 'users', + 'exec' => ['/bin/echo', 'hello world'] + }, + 'my_date' => { 'user' => 'nobody', 'group' => 'users', + 'exec' => ['/bin/date'] + } + }, + } + end + + it 'includes echo statement' do + should contain_concat__fragment('collectd_plugin_exec_conf_hello').with({ + :content => /Exec \"nobody:users\" \"\/bin\/echo\" \"hello world\"/, + :target => '/etc/collectd/conf.d/exec-config.conf', + }) + end + + it 'includes date statement' do + should contain_concat__fragment('collectd_plugin_exec_conf_my_date').with({ + :content => /Exec \"nobody:users\" \"\/bin\/date\"/, + :target => '/etc/collectd/conf.d/exec-config.conf', + }) + end + end + +end \ No newline at end of file diff --git a/module-collectd/spec/classes/collectd_plugin_iptables_spec.rb b/module-collectd/spec/classes/collectd_plugin_iptables_spec.rb index c6f854f1d..e8585cb5e 100644 --- a/module-collectd/spec/classes/collectd_plugin_iptables_spec.rb +++ b/module-collectd/spec/classes/collectd_plugin_iptables_spec.rb @@ -18,6 +18,26 @@ end end + context ':ensure => present and :chains has two chains from the same table' do + let :params do + { :chains => { + 'filter' => ['INPUT','OUTPUT'], + } } + end + it 'Will create /etc/collectd.d/10-iptables.conf' do + should contain_file('iptables.load').with({ + :ensure => 'present', + :path => '/etc/collectd.d/10-iptables.conf', + :content => /Chain filter INPUT/, + }) + should contain_file('iptables.load').with({ + :ensure => 'present', + :path => '/etc/collectd.d/10-iptables.conf', + :content => /Chain filter OUTPUT/, + }) + end + end + context ':ensure => absent' do let :params do {:chains => { 'nat' => 'In_SSH' }, :ensure => 'absent'} diff --git a/module-collectd/spec/classes/collectd_plugin_logfile_spec.rb b/module-collectd/spec/classes/collectd_plugin_logfile_spec.rb new file mode 100644 index 000000000..0c1ac72c9 --- /dev/null +++ b/module-collectd/spec/classes/collectd_plugin_logfile_spec.rb @@ -0,0 +1,87 @@ +require 'spec_helper' + +describe 'collectd::plugin::logfile', :type => :class do + + context ':ensure => present, default params' do + let :facts do + {:osfamily => 'RedHat'} + end + + it 'Will create /etc/collectd.d/05-logfile.conf' do + should contain_file('logfile.load').with({ + :ensure => 'present', + :path => '/etc/collectd.d/05-logfile.conf', + }).without_content(/PrintSeverity/) + end + end + + context ':ensure => present, specific params, collectd version 4.9' do + let :facts do + { :osfamily => 'Redhat', + :collectd_version => '4.9.0' + } + end + let :params do + { :print_severity => true } + end + + it 'Will create /etc/collectd.d/05-logfile.conf for collectd < 4.10' do + should contain_file('logfile.load').with({ + :ensure => 'present', + :path => '/etc/collectd.d/05-logfile.conf', + }).without_content(/PrintSeverity/) + end + end + + context ':ensure => present, default params, collectd version 4.10' do + let :facts do + { :osfamily => 'Redhat', + :collectd_version => '4.10.0' + } + end + + it 'Will create /etc/collectd.d/05-logfile.conf for collectd >= 4.10' do + should contain_file('logfile.load').with({ + :ensure => 'present', + :path => '/etc/collectd.d/05-logfile.conf', + :content => /PrintSeverity false/ + }) + end + end + + context ':ensure => present, specific params, collectd version 4.10' do + let :facts do + { :osfamily => 'Redhat', + :collectd_version => '4.10.0' + } + end + let :params do + { :print_severity => true } + end + + it 'Will create /etc/collectd.d/05-logfile.conf for collectd >= 4.10' do + should contain_file('logfile.load').with({ + :ensure => 'present', + :path => '/etc/collectd.d/05-logfile.conf', + :content => /PrintSeverity true/ + }) + end + end + + context ':ensure => absent' do + let :facts do + {:osfamily => 'RedHat'} + end + let :params do + {:ensure => 'absent'} + end + + it 'Will not create /etc/collectd.d/05-logfile.conf' do + should contain_file('logfile.load').with({ + :ensure => 'absent', + :path => '/etc/collectd.d/05-logfile.conf', + }) + end + end +end + diff --git a/module-collectd/spec/classes/collectd_plugin_memory_spec.rb b/module-collectd/spec/classes/collectd_plugin_memory_spec.rb new file mode 100644 index 000000000..5b7d1df19 --- /dev/null +++ b/module-collectd/spec/classes/collectd_plugin_memory_spec.rb @@ -0,0 +1,70 @@ +require 'spec_helper' + +describe 'collectd::plugin::memory', :type => :class do + + context ':ensure => present, default params' do + let :facts do + {:osfamily => 'RedHat'} + end + it 'Will create /etc/collectd.d/10-memory.conf' do + should contain_file('memory.load').with({ + :ensure => 'present', + :path => '/etc/collectd.d/10-memory.conf', + :content => /LoadPlugin memory/, + }) + end + end + + context ':ensure => present, specific params, collectd version 5.4.2' do + let :facts do + { :osfamily => 'Redhat', + :collectd_version => '5.4.2' + } + end + + it 'Will create /etc/collectd.d/10-memory.conf for collectd < 5.5' do + should contain_file('memory.load').with({ + :ensure => 'present', + :path => '/etc/collectd.d/10-memory.conf', + :content => /LoadPlugin memory/, + }) + end + + it 'Will not include ValuesPercentage in /etc/collectd.d/10-memory.conf' do + should_not contain_file('memory.load').with_content(/ValuesPercentage/) + end + end + + context ':ensure => present, specific params, collectd version 5.5.0' do + let :facts do + { :osfamily => 'Redhat', + :collectd_version => '5.5.0' + } + end + + it 'Will create /etc/collectd.d/10-memory.conf for collectd >= 5.5' do + should contain_file('memory.load').with({ + :ensure => 'present', + :path => '/etc/collectd.d/10-memory.conf', + :content => "# Generated by Puppet\n\n Globals false\n\n\n\n ValuesAbsolute = true\n ValuesPercentage = false\n\n\n", + }) + end + end + + context ':ensure => absent' do + let :facts do + {:osfamily => 'RedHat'} + end + let :params do + {:ensure => 'absent'} + end + + it 'Will not create /etc/collectd.d/10-memory.conf' do + should contain_file('memory.load').with({ + :ensure => 'absent', + :path => '/etc/collectd.d/10-memory.conf', + }) + end + end +end + diff --git a/module-collectd/spec/classes/collectd_plugin_netlink_spec.rb b/module-collectd/spec/classes/collectd_plugin_netlink_spec.rb new file mode 100644 index 000000000..95f6cd036 --- /dev/null +++ b/module-collectd/spec/classes/collectd_plugin_netlink_spec.rb @@ -0,0 +1,64 @@ +require 'spec_helper' + +describe 'collectd::plugin::netlink', :type => :class do + let :facts do + {:osfamily => 'RedHat'} + end + + context ':ensure => present, specific params' do + let :params do + { + :interfaces => ['eth0', 'eth1'], + :verboseinterfaces => ['ppp0'], + :qdiscs => ['"eth0" "pfifo_fast-1:0"', '"ppp0"'], + :classes => ['"ppp0" "htb-1:10"'], + :filters => ['"ppp0" "u32-1:0"'], + :ignoreselected => false, + + } + end + it 'Will create /etc/collectd.d/10-netlink.conf' do + should contain_file('netlink.load').with({ + :ensure => 'present', + :path => '/etc/collectd.d/10-netlink.conf', + }) + end + it { should contain_file('netlink.load').with_content(/^$/) } + it { should contain_file('netlink.load').with_content(/^ Interface "eth0"$/) } + it { should contain_file('netlink.load').with_content(/^ Interface "eth1"$/) } + it { should contain_file('netlink.load').with_content(/^ VerboseInterface "ppp0"$/) } + it { should contain_file('netlink.load').with_content(/^ QDisc "eth0" "pfifo_fast-1:0"$/) } + it { should contain_file('netlink.load').with_content(/^ QDisc "ppp0"$/) } + it { should contain_file('netlink.load').with_content(/^ Class "ppp0" "htb-1:10"$/) } + it { should contain_file('netlink.load').with_content(/^ Filter "ppp0" "u32-1:0"$/) } + it { should contain_file('netlink.load').with_content(/^ IgnoreSelected false$/) } + it { should contain_package('collectd-netlink').with( + :ensure => 'present' + )} + end + + context ':ensure => absent' do + let :params do + {:interfaces => ['eth0'], :ensure => 'absent'} + end + it 'Will not create /etc/collectd.d/10-netlink.conf' do + should contain_file('netlink.load').with({ + :ensure => 'absent', + :path => '/etc/collectd.d/10-netlink.conf', + }) + end + it { should contain_package('collectd-netlink').with( + :ensure => 'absent' + )} + end + + context ':interfaces is not an array' do + let :params do + {:interfaces => 'eth0'} + end + it 'Will raise an error about :interfaces being a String' do + should compile.and_raise_error(/String/) + end + end +end + diff --git a/module-collectd/spec/classes/collectd_plugin_openvpn_spec.rb b/module-collectd/spec/classes/collectd_plugin_openvpn_spec.rb new file mode 100644 index 000000000..97e71a8d2 --- /dev/null +++ b/module-collectd/spec/classes/collectd_plugin_openvpn_spec.rb @@ -0,0 +1,171 @@ +require 'spec_helper' + +describe 'collectd::plugin::openvpn', :type => :class do + + ###################################################################### + # Default param validation, compilation succeeds + + context ':ensure => present, default params' do + let :facts do + { :osfamily => 'RedHat', + :collectd_version => '5.4', + } + end + + it 'Will create /etc/collectd.d/10-openvpn.conf' do + should contain_file('openvpn.load').with({ + :ensure => 'present', + :path => '/etc/collectd.d/10-openvpn.conf', + :content => "#\ Generated by Puppet\n\n Globals false\n\n\n\n StatusFile \"/etc/openvpn/openvpn-status.log\"\n ImprovedNamingSchema false\n CollectCompression true\n CollectIndividualUsers true\n CollectUserCount false\n\n\n", + }) + end + end + + context ':statusfile param is an array' do + let :facts do + { :osfamily => 'RedHat', + :collectd_version => '5.4', + } + end + + let :params do + {:statusfile => ['/etc/openvpn/openvpn-tcp.status', '/etc/openvpn/openvpn-udp.status']} + end + + it 'Will create /etc/collectd.d/10-openvpn.conf with two :statusfile params' do + should contain_file('openvpn.load').with({ + :ensure => 'present', + :path => '/etc/collectd.d/10-openvpn.conf', + :content => "#\ Generated by Puppet\n\n Globals false\n\n\n\n StatusFile \"/etc/openvpn/openvpn-tcp.status\"\n StatusFile \"/etc/openvpn/openvpn-udp.status\"\n ImprovedNamingSchema false\n CollectCompression true\n CollectIndividualUsers true\n CollectUserCount false\n\n\n", + }) + end + end + + ###################################################################### + # Remaining parameter validation, compilation fails + + context ':statusfile is a string but not an absolute path' do + let :facts do + { :osfamily => 'RedHat', + :collectd_version => '5.4', + } + end + + let :params do + {:statusfile => 'megafrobber'} + end + + it 'Will raise an error about :statusfile not being an absolute path' do + should compile.and_raise_error(/"megafrobber" is not an absolute path./) + end + end + + + context ':statusfile param is not a string or array' do + let :facts do + { :osfamily => 'RedHat', + :collectd_version => '5.4', + } + end + + let :params do + {:statusfile => true} + end + + it 'Will raise an error about :statusfile not being a string or array' do + should compile.and_raise_error(/array or string:/) + end + end + + context ':improvednamingschema is not a bool' do + let :facts do + { :osfamily => 'RedHat', + :collectd_version => '5.4'} + end + let :params do + {:improvednamingschema => "true"} + end + + it 'Will raise an error about :improvednamingschema not being a boolean' do + should compile.and_raise_error(/"true" is not a boolean. It looks to be a String/) + end + end + + context ':collectcompression is not a bool' do + let :facts do + { :osfamily => 'RedHat', + :collectd_version => '5.4'} + end + let :params do + {:collectcompression => "true"} + end + + it 'Will raise an error about :collectcompression not being a boolean' do + should compile.and_raise_error(/"true" is not a boolean. It looks to be a String/) + end + end + + context ':collectindividualusers is not a bool' do + let :facts do + { :osfamily => 'RedHat', + :collectd_version => '5.4'} + end + let :params do + {:collectindividualusers => "true"} + end + + it 'Will raise an error about :collectindividualusers not being a boolean' do + should compile.and_raise_error(/"true" is not a boolean. It looks to be a String/) + end + end + + context ':collectusercount is not a bool' do + let :facts do + { :osfamily => 'RedHat', + :collectd_version => '5.4'} + end + let :params do + {:collectusercount => "true"} + end + + it 'Will raise an error about :collectusercount not being a boolean' do + should compile.and_raise_error(/"true" is not a boolean. It looks to be a String/) + end + end + + context ':interval is not default and is an integer' do + let :facts do + { :osfamily => 'RedHat', + :collectd_version => '5.4'} + end + let :params do + {:interval => 15} + end + + it 'Will create /etc/collectd.d/10-openvpn.conf' do + should contain_file('openvpn.load').with({ + :ensure => 'present', + :path => '/etc/collectd.d/10-openvpn.conf', + :content => /^ Interval 15/, + }) + end + end + + context ':ensure => absent' do + let :facts do + { :osfamily => 'RedHat', + :collectd_version => '5.4', + } + end + let :params do + {:ensure => 'absent'} + end + + it 'Will not create /etc/collectd.d/10-openvpn.conf' do + should contain_file('openvpn.load').with({ + :ensure => 'absent', + :path => '/etc/collectd.d/10-openvpn.conf', + }) + end + end +end diff --git a/module-collectd/spec/classes/collectd_plugin_processes_spec.rb b/module-collectd/spec/classes/collectd_plugin_processes_spec.rb index 74ffff7cf..31fc8ecbf 100644 --- a/module-collectd/spec/classes/collectd_plugin_processes_spec.rb +++ b/module-collectd/spec/classes/collectd_plugin_processes_spec.rb @@ -2,49 +2,44 @@ describe 'collectd::plugin::processes', :type => :class do let :facts do - {:osfamily => 'RedHat'} + { + :osfamily => 'Debian', + :concat_basedir => tmpfilename('collectd-processes'), + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :collectd_version => '5.0' + } end - context ':ensure => present, default params' do - it 'Will create /etc/collectd.d/10-processes.conf' do - should contain_file('processes.load').with({ - :ensure => 'present', - :path => '/etc/collectd.d/10-processes.conf', - :content => //, - }) - end - end + context ':ensure => present' do + context ':ensure => present and default parameters' do - context ':ensure => present, specific params' do - let :params do - { :processes => [ 'process1'], - :process_matches => [ - { 'name' => 'process-all', - 'regex' => 'process[0-9]' } - ], - } - end + it 'Will create /etc/collectd/conf.d/10-processes.conf to load the plugin' do + should contain_file('processes.load').with({ + :ensure => 'present', + :path => '/etc/collectd/conf.d/10-processes.conf', + :content => /LoadPlugin processes/, + }) + end - it 'Will create /etc/collectd.d/10-processes.conf' do - should contain_file('processes.load').with({ - :ensure => 'present', - :path => '/etc/collectd.d/10-processes.conf', - :content => /\n\s*Process "process1"\n\s*ProcessMatch "process-all" "process\[0-9\]"\n<\/Plugin>/, - }) - end - end + it 'Will create /etc/collectd.d/conf.d/processes-config.conf' do + should contain_concat__fragment('collectd_plugin_processes_conf_header').with({ + :content => //, + :target => '/etc/collectd/conf.d/processes-config.conf', + :order => '00' + }) + end - context ':ensure => absent' do - let :params do - {:ensure => 'absent'} + it 'Will create /etc/collectd.d/conf.d/processes-config.conf' do + should contain_concat__fragment('collectd_plugin_processes_conf_footer').with({ + :content => /<\/Plugin>/, + :target => '/etc/collectd/conf.d/processes-config.conf', + :order => '99' + }) + end end - it 'Will not create /etc/collectd.d/10-processes.conf' do - should contain_file('processes.load').with({ - :ensure => 'absent', - :path => '/etc/collectd.d/10-processes.conf', - }) - end end end diff --git a/module-collectd/spec/classes/collectd_plugin_swap_spec.rb b/module-collectd/spec/classes/collectd_plugin_swap_spec.rb index 3bb6f17e0..6451f1f83 100644 --- a/module-collectd/spec/classes/collectd_plugin_swap_spec.rb +++ b/module-collectd/spec/classes/collectd_plugin_swap_spec.rb @@ -47,6 +47,22 @@ end end + context ':ensure => present, specific params, collectd version 5.5.0' do + let :facts do + { :osfamily => 'Redhat', + :collectd_version => '5.5.0' + } + end + + it 'Will create /etc/collectd.d/10-swap.conf for collectd >= 5.5' do + should contain_file('swap.load').with({ + :ensure => 'present', + :path => '/etc/collectd.d/10-swap.conf', + :content => "# Generated by Puppet\n\n Globals false\n\n\n\n ReportByDevice false\n ReportBytes true\n ValuesAbsolute = true\n ValuesPercentage = false\n\n\n", + }) + end + end + context ':ensure => absent' do let :facts do {:osfamily => 'RedHat'} diff --git a/module-collectd/spec/classes/collectd_plugin_tcpconns_spec.rb b/module-collectd/spec/classes/collectd_plugin_tcpconns_spec.rb index db38c3052..7bef97856 100644 --- a/module-collectd/spec/classes/collectd_plugin_tcpconns_spec.rb +++ b/module-collectd/spec/classes/collectd_plugin_tcpconns_spec.rb @@ -60,5 +60,40 @@ should compile.and_raise_error(/String/) end end + + context ':allportssummary is not a boolean' do + let :params do + { :allportssummary => 'aString' } + end + it 'Will raise an error about :allportssummary being a String' do + expect { should.to raise_error(Puppet::Error,/String/) } + end + end + + context ':allportssummary => true with collectd_version < 5.5.0' do + let :facts do + { :osfamily => 'RedHat', :collectd_version => '5.4.1' } + end + let :params do + { :ensure => 'present', :allportssummary => true } + end + + it 'Should not include AllPortsSummary in /etc/collectd.d/10-tcpconns.conf' do + should contain_file('tcpconns.load').without_content(/AllPortsSummary/) + end + end + + context ':allportssummary => true with collectd_version = 5.5.0' do + let :facts do + { :osfamily => 'RedHat', :collectd_version => '5.5.0' } + end + let :params do + { :ensure => 'present', :allportssummary => true } + end + + it 'Should include AllPortsSummary in /etc/collectd.d/10-tcpconns.conf' do + should contain_file('tcpconns.load').with_content(/AllPortsSummary true/) + end + end end diff --git a/module-collectd/spec/classes/collectd_plugin_write_graphite_spec.rb b/module-collectd/spec/classes/collectd_plugin_write_graphite_spec.rb index 97b92a642..f763178c2 100644 --- a/module-collectd/spec/classes/collectd_plugin_write_graphite_spec.rb +++ b/module-collectd/spec/classes/collectd_plugin_write_graphite_spec.rb @@ -2,37 +2,120 @@ describe 'collectd::plugin::write_graphite', :type => :class do - context 'protocol should not be include with version < 5.4' do - let :facts do - { :osfamily => 'RedHat', - :collectd_version => '5.3', + let :facts do + { + :osfamily => 'Debian', + :concat_basedir => tmpfilename('collectd-write_graphite'), + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :collectd_version => '5.0' + } + end + + context 'single carbon writer' do + let :params do + { + :carbons => { 'graphite' => {} }, } end + + it 'Will create /etc/collectd.d/conf.d/write_graphite-config.conf' do + should contain_concat__fragment('collectd_plugin_write_graphite_conf_header').with({ + :content => //, + :target => '/etc/collectd/conf.d/write_graphite-config.conf', + :order => '00' + }) + end + + it 'Will create /etc/collectd.d/conf.d/write_graphite-config' do + should contain_concat__fragment('collectd_plugin_write_graphite_conf_footer').with({ + :content => /<\/Plugin>/, + :target => '/etc/collectd/conf.d/write_graphite-config.conf', + :order => '99' + }) + end + + it 'includes carbon configuration' do + should contain_concat__fragment('collectd_plugin_write_graphite_conf_graphite_tcp_2003').with({ + :content => //, + :target => '/etc/collectd/conf.d/write_graphite-config.conf', + }) + + should contain_concat__fragment('collectd_plugin_write_graphite_conf_graphite_tcp_2003').with({ + :content => /Host "localhost"/, + }) + + should contain_concat__fragment('collectd_plugin_write_graphite_conf_graphite_tcp_2003').with({ + :content => /Port "2003"/, + }) + end + end + + context 'multiple carbon writers, collectd <= 5.2' do let :params do - { :protocol => 'udp', + { + :carbons => { + 'graphite_one' => {'graphitehost' => '192.168.1.1', 'graphiteport' => 2004}, + 'graphite_two' => {'graphitehost' => '192.168.1.2', 'graphiteport' => 2005}, + }, } end - it 'Should not include protocol in /etc/collectd.d/write_graphite.conf for collectd < 5.4' do - should_not contain_file('write_graphite.conf').with_content(/.*Protocol \"udp\".*/) + it 'includes graphite_one configuration' do + should contain_concat__fragment('collectd_plugin_write_graphite_conf_graphite_one_tcp_2004').with({ + :content => //, + :target => '/etc/collectd/conf.d/write_graphite-config.conf', + }) + + should contain_concat__fragment('collectd_plugin_write_graphite_conf_graphite_one_tcp_2004').with({ + :content => /Host "192.168.1.1"/, + }) + + should contain_concat__fragment('collectd_plugin_write_graphite_conf_graphite_one_tcp_2004').with({ + :content => /Port "2004"/, + }) + end + + it 'includes graphite_two configuration' do + should contain_concat__fragment('collectd_plugin_write_graphite_conf_graphite_two_tcp_2005').with({ + :content => //, + :target => '/etc/collectd/conf.d/write_graphite-config.conf', + }) + + should contain_concat__fragment('collectd_plugin_write_graphite_conf_graphite_two_tcp_2005').with({ + :content => /Host "192.168.1.2"/, + }) + + should contain_concat__fragment('collectd_plugin_write_graphite_conf_graphite_two_tcp_2005').with({ + :content => /Port "2005"/, + }) end end - context 'protocol should be include with version >= 5.4' do + context 'collectd >= 5.3' do let :facts do - { :osfamily => 'RedHat', - :collectd_version => '5.4', + { + :osfamily => 'Debian', + :concat_basedir => tmpfilename('collectd-write_graphite'), + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :collectd_version => '5.3' } end let :params do - { :protocol => 'udp', + { + :carbons => { 'graphite' => {} }, } end - it 'Should include protocol in /etc/collectd.d/write_graphite.conf for collectd >= 5.4' do - should contain_file('write_graphite.load') \ - .with_content(/.*Protocol \"udp\".*/) + it 'includes syntax' do + should contain_concat__fragment('collectd_plugin_write_graphite_conf_graphite_tcp_2003').with({ + :content => //, + :target => '/etc/collectd/conf.d/write_graphite-config.conf', + }) end - end + end end diff --git a/module-collectd/spec/defines/collectd_plugin_exec_cmd_spec.rb b/module-collectd/spec/defines/collectd_plugin_exec_cmd_spec.rb new file mode 100644 index 000000000..93dc29f29 --- /dev/null +++ b/module-collectd/spec/defines/collectd_plugin_exec_cmd_spec.rb @@ -0,0 +1,49 @@ +require 'spec_helper' + +describe 'collectd::plugin::exec::cmd', :type => :define do + let :facts do + { + :osfamily => 'Debian', + :id => 'root', + :concat_basedir => tmpfilename('collectd-exec'), + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + } + end + + context 'define a command' do + let(:title) { 'whoami' } + let :params do + { + :user => 'www-data', + :group => 'users', + :exec => ['whoami', '--help'] + } + end + + it 'executes whoami command' do + should contain_concat__fragment('collectd_plugin_exec_conf_whoami').with({ + :content => /Exec "www-data:users" "whoami" "--help"/, + :target => '/etc/collectd/conf.d/exec-config.conf', + }) + end + end + + context 'define a notification' do + let(:title) { 'whoami' } + let :params do + { + :user => 'www-data', + :group => 'users', + :notification_exec => ['whoami', '--help'] + } + end + + it 'executes whoami command' do + should contain_concat__fragment('collectd_plugin_exec_conf_whoami').with({ + :content => /NotificationExec "www-data:users" "whoami" "--help"/, + :target => '/etc/collectd/conf.d/exec-config.conf', + }) + end + end + +end \ No newline at end of file diff --git a/module-collectd/spec/defines/collectd_plugin_write_graphite_spec.rb b/module-collectd/spec/defines/collectd_plugin_write_graphite_spec.rb new file mode 100644 index 000000000..882d37064 --- /dev/null +++ b/module-collectd/spec/defines/collectd_plugin_write_graphite_spec.rb @@ -0,0 +1,80 @@ +require 'spec_helper' + +describe 'collectd::plugin::write_graphite::carbon', :type => :define do + let :facts do + { + :osfamily => 'Debian', + :id => 'root', + :concat_basedir => tmpfilename('collectd-graphite'), + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + } + end + + context 'protocol should not be include with version < 5.4' do + let(:title) { 'graphite_udp' } + let :facts do + { :osfamily => 'RedHat', + :collectd_version => '5.3', + :concat_basedir => tmpfilename('collectd-graphite'), + } + end + let :params do + { :protocol => 'udp', + } + end + + it 'Should not include protocol in /etc/collectd.d/write_graphite.conf for collectd < 5.4' do + should_not contain_concat__fragment( + 'collectd_plugin_write_graphite_conf_localhost_2003' + ).with_content(/.*Protocol \"udp\".*/) + end + end + + context 'protocol should be include with version >= 5.4' do + let(:title) { 'wg' } + let :facts do + { :osfamily => 'RedHat', + :collectd_version => '5.4', + :concat_basedir => tmpfilename('collectd-graphite'), + } + end + let :params do + { + :protocol => 'udp', + } + end + + it 'Should include protocol in /etc/collectd.d/write_graphite.conf for collectd >= 5.4' do + should contain_concat__fragment( + 'collectd_plugin_write_graphite_conf_wg_udp_2003' + ).with_content(/.*Protocol \"udp\".*/) + end + + it 'uses Node definition' do + should contain_concat__fragment('collectd_plugin_write_graphite_conf_wg_udp_2003').with({ + :content => //, + :target => '/etc/collectd.d/write_graphite-config.conf', + }) + end + end + + context 'default configuration (undefined collectd version)' do + let(:title) { 'graphite_default' } + + it 'includes carbon configuration' do + should contain_concat__fragment('collectd_plugin_write_graphite_conf_graphite_default_tcp_2003').with({ + :content => //, + :target => '/etc/collectd/conf.d/write_graphite-config.conf', + }) + + should contain_concat__fragment('collectd_plugin_write_graphite_conf_graphite_default_tcp_2003').with({ + :content => /Host "localhost"/, + }) + + should contain_concat__fragment('collectd_plugin_write_graphite_conf_graphite_default_tcp_2003').with({ + :content => /Port "2003"/, + }) + end + end + +end \ No newline at end of file diff --git a/module-collectd/spec/spec_helper.rb b/module-collectd/spec/spec_helper.rb index 02cb7db66..cc5b7ef50 100644 --- a/module-collectd/spec/spec_helper.rb +++ b/module-collectd/spec/spec_helper.rb @@ -1,7 +1,6 @@ require 'puppetlabs_spec_helper/module_spec_helper' RSpec.configure do |c| - c.treat_symbols_as_metadata_keys_with_true_values = true c.include PuppetlabsSpec::Files c.before :each do diff --git a/module-collectd/spec/unit/collectd_version_spec.rb b/module-collectd/spec/unit/collectd_version_spec.rb index a1920dd54..c10bd67b6 100644 --- a/module-collectd/spec/unit/collectd_version_spec.rb +++ b/module-collectd/spec/unit/collectd_version_spec.rb @@ -8,14 +8,15 @@ Facter::Util::Resolution.stubs(:which).with("collectd").returns("/usr/sbin/collectd") sample_collectd_help = File.read(fixtures('facts','collectd_help')) Facter::Util::Resolution.stubs(:exec).with("collectd -h").returns(sample_collectd_help) - Facter.fact(:collectd_version).value.should == '5.1.0' + expect(Facter.fact(:collectd_version).value).to eq('5.1.0') + end it 'should be 5.1.0.git according to output' do Facter::Util::Resolution.stubs(:which).with("collectd").returns("/usr/sbin/collectd") sample_collectd_help_git = File.read(fixtures('facts','collectd_help_git')) Facter::Util::Resolution.stubs(:exec).with("collectd -h").returns(sample_collectd_help_git) - Facter.fact(:collectd_version).value.should == '5.1.0.git' + expect(Facter.fact(:collectd_version).value).to eq('5.1.0.git') end diff --git a/module-collectd/templates/exec.conf.erb b/module-collectd/templates/exec.conf.erb deleted file mode 100644 index 086d75656..000000000 --- a/module-collectd/templates/exec.conf.erb +++ /dev/null @@ -1,11 +0,0 @@ -# Generated by Puppet -LoadPlugin "exec" - - -<% if @exec %> - Exec "<%= @user %>:<%= @group %>" <% @exec.each do |exec| -%>"<%= exec %>"<% end -%> -<% end %> -<% if !@notification_exec.empty? %> - NotificationExec "<%= @user %>:<%= @group %>" <% @notification_exec.each do |exec| -%>"<%= exec %>"<% end -%> -<% end %> - diff --git a/module-collectd/templates/plugin/aggregation-aggregator.conf.erb b/module-collectd/templates/plugin/aggregation-aggregator.conf.erb new file mode 100644 index 000000000..bad586055 --- /dev/null +++ b/module-collectd/templates/plugin/aggregation-aggregator.conf.erb @@ -0,0 +1,55 @@ + + +<% unless @host.nil? -%> + Host "<%= @host %>" +<% end -%> +<% unless @plugin.nil? -%> + Plugin "<%= @plugin %>" +<% end -%> +<% unless @plugininstance.nil? -%> + PluginInstance "<%= @plugininstance %>" +<% end -%> +<% unless @type.nil? -%> + Type "<%= @type %>" +<% end -%> +<% unless @typeinstance.nil? -%> + TypeInstance "<%= @typeinstance %>" +<% end -%> + +<% unless @sethost.nil? -%> + SetHost "<%= @sethost %>" +<% end -%> +<% unless @setplugin.nil? -%> + SetPlugin "<%= @setplugin %>" +<% end -%> +<% unless @setplugininstance.nil? -%> + SetPluginInstance "<%= @setplugininstance %>" +<% end -%> +<% unless @settypeinstance.nil? -%> + SetTypeInstance "<%= @settypeinstance %>" +<% end -%> + +<% @groupby.each do |groupby| -%> + GroupBy "<%= groupby %>" +<% end -%> + +<% unless @calculatesum.nil? -%> + CalculateSum <%= @calculatesum %> +<% end -%> +<% unless @calculatenum.nil? -%> + CalculateNum <%= @calculatenum %> +<% end -%> +<% unless @calculateaverage.nil? -%> + CalculateAverage <%= @calculateaverage %> +<% end -%> +<% unless @calculateminimum.nil? -%> + CalculateMinimum <%= @calculateminimum %> +<% end -%> +<% unless @calculatemaximum.nil? -%> + CalculateMaximum <%= @calculatemaximum %> +<% end -%> +<% unless @calculatestddev.nil? -%> + CalculateStddev <%= @calculatestddev %> +<% end -%> + + diff --git a/module-collectd/templates/plugin/ceph.conf.erb b/module-collectd/templates/plugin/ceph.conf.erb new file mode 100644 index 000000000..55bdcd321 --- /dev/null +++ b/module-collectd/templates/plugin/ceph.conf.erb @@ -0,0 +1,11 @@ + + LongRunAvgLatency <% @longrunavglatency %> + ConvertSpecialMetricTypes <% @convertspecialmetrictypes %> + +<% @osds.each do |osd| -%> + "> + SocketPath "/var/run/ceph/ceph-<%= osd %>.asok" + +<% end -%> + + diff --git a/module-collectd/templates/plugin/chain.conf.erb b/module-collectd/templates/plugin/chain.conf.erb new file mode 100644 index 000000000..53f0956f2 --- /dev/null +++ b/module-collectd/templates/plugin/chain.conf.erb @@ -0,0 +1,23 @@ +"> +<% @rules.each do |rule| -%> + + "> +<% rule['match']["matches"].each do |key, value| -%> + <%= key %> "<%= value %>" +<% end -%> + +<% rule['targets'].each do |target| -%> +<% if target['attributes'].nil? -%> + Target "<%= target['type'] %>" +<% else -%> + "> +<% target['attributes'].each do |key, value| -%> + <%= key %> "<%= value %>" +<% end -%> + +<% end -%> +<% end -%> + +<% end -%> + Target "<%= @defaulttarget %>" + diff --git a/module-collectd/templates/plugin/cpu.conf.erb b/module-collectd/templates/plugin/cpu.conf.erb index afe04045f..68c3b5f53 100644 --- a/module-collectd/templates/plugin/cpu.conf.erb +++ b/module-collectd/templates/plugin/cpu.conf.erb @@ -1,7 +1,7 @@ - <% if @collectd_version and (scope.function_versioncmp([@collectd_version, '5.5']) >= 0) -%> + ReportByState = <%= @reportbystate %> ReportByCpu = <%= @reportbycpu %> ValuesPercentage = <%= @valuespercentage %> -<% end -%> +<% end -%> diff --git a/module-collectd/templates/plugin/disk.conf.erb b/module-collectd/templates/plugin/disk.conf.erb index 7b4836d7d..3d92ecf2a 100644 --- a/module-collectd/templates/plugin/disk.conf.erb +++ b/module-collectd/templates/plugin/disk.conf.erb @@ -3,4 +3,7 @@ Disk "<%=disk %>" <% end -%> IgnoreSelected <%= @ignoreselected %> +<% if @udevnameattr and @collectd_version and (scope.function_versioncmp([@collectd_version, '5.5']) >= 0) -%> + UdevNameAttr <%= @udevnameattr %> +<% end -%> diff --git a/module-collectd/templates/plugin/exec/cmd.conf.erb b/module-collectd/templates/plugin/exec/cmd.conf.erb new file mode 100644 index 000000000..80ee69f94 --- /dev/null +++ b/module-collectd/templates/plugin/exec/cmd.conf.erb @@ -0,0 +1,6 @@ +<%- unless @exec.empty? -%> + Exec "<%= @user %>:<%= @group %>" "<%= @exec.join('" "') %>" +<%- end -%> +<%- unless @notification_exec.empty? -%> + NotificationExec "<%= @user %>:<%= @group %>" "<%= @notification_exec.join('" "') %>" +<%- end -%> \ No newline at end of file diff --git a/module-collectd/templates/plugin/iptables.conf.erb b/module-collectd/templates/plugin/iptables.conf.erb index af0f47556..9aae7e3f2 100644 --- a/module-collectd/templates/plugin/iptables.conf.erb +++ b/module-collectd/templates/plugin/iptables.conf.erb @@ -1,7 +1,9 @@ <% if @chains -%> -<% @chains.each_pair do |table,chain| -%> +<% @chains.each_pair do |table,chains| + Array(chains).each do |chain| -%> Chain <%= table %> <%= chain %> +<% end -%> <% end -%> <% end -%> diff --git a/module-collectd/templates/plugin/logfile.conf.erb b/module-collectd/templates/plugin/logfile.conf.erb index 02d42344a..be00123c3 100644 --- a/module-collectd/templates/plugin/logfile.conf.erb +++ b/module-collectd/templates/plugin/logfile.conf.erb @@ -2,4 +2,7 @@ LogLevel <%= @log_level %> File "<%= @log_file %>" Timestamp <%= @log_timestamp %> +<% if @collectd_version and (scope.function_versioncmp([@collectd_version, '4.10']) >= 0) -%> + PrintSeverity <%= @print_severity %> +<% end -%> diff --git a/module-collectd/templates/plugin/memory.conf.erb b/module-collectd/templates/plugin/memory.conf.erb new file mode 100644 index 000000000..899e4e0c8 --- /dev/null +++ b/module-collectd/templates/plugin/memory.conf.erb @@ -0,0 +1,6 @@ +<% if @collectd_version and (scope.function_versioncmp([@collectd_version, '5.5']) >= 0) -%> + + ValuesAbsolute = <%= @valuesabsolute %> + ValuesPercentage = <%= @valuespercentage %> + +<% end -%> diff --git a/module-collectd/templates/plugin/netlink.conf.erb b/module-collectd/templates/plugin/netlink.conf.erb new file mode 100644 index 000000000..5021e6ca0 --- /dev/null +++ b/module-collectd/templates/plugin/netlink.conf.erb @@ -0,0 +1,18 @@ + +<% @interfaces.each do |interface| -%> + Interface "<%= interface %>" +<% end -%> +<% @verboseinterfaces.each do |verboseinterface| -%> + VerboseInterface "<%= verboseinterface %>" +<% end -%> +<% @qdiscs.each do |qdisc| -%> + QDisc <%= qdisc %> +<% end -%> +<% @classes.each do |c| -%> + Class <%= c %> +<% end -%> +<% @filters.each do |filter| -%> + Filter <%= filter %> +<% end -%> + IgnoreSelected <%= @ignoreselected %> + diff --git a/module-collectd/templates/plugin/openvpn.conf.erb b/module-collectd/templates/plugin/openvpn.conf.erb index 2735cab7b..ae416bc6d 100644 --- a/module-collectd/templates/plugin/openvpn.conf.erb +++ b/module-collectd/templates/plugin/openvpn.conf.erb @@ -1,5 +1,7 @@ - StatusFile "<%= @statusfile %>" +<% @statusfiles.each do |sf| -%> + StatusFile "<%= sf %>" +<% end -%> ImprovedNamingSchema <%= @improvednamingschema %> CollectCompression <%= @collectcompression %> CollectIndividualUsers <%= @collectindividualusers %> diff --git a/module-collectd/templates/plugin/processes.conf.erb b/module-collectd/templates/plugin/processes.conf.erb deleted file mode 100644 index b25c80470..000000000 --- a/module-collectd/templates/plugin/processes.conf.erb +++ /dev/null @@ -1,22 +0,0 @@ -<% if @processes or @process_matches -%> - -<% -if @processes - @processes.each do |process| --%> - Process "<%= process %>" -<% - end -end --%> -<% -if @process_matches - @process_matches.each do |match| --%> - ProcessMatch "<%= match['name'] %>" "<%= match['regex'] %>" -<% - end -end --%> - -<% end -%> diff --git a/module-collectd/templates/plugin/python/module.conf.erb b/module-collectd/templates/plugin/python/module.conf.erb index 51716b39d..fabcf895e 100644 --- a/module-collectd/templates/plugin/python/module.conf.erb +++ b/module-collectd/templates/plugin/python/module.conf.erb @@ -1,7 +1,7 @@ Import "<%= @module %>" "> - <% @config.sort.each do |key,value| -%> - <%= key -%> <%= value -%> - <% end %> + <%- @config.sort.each do |key,value| -%> + <%= key %> <%= value %> + <%- end -%> diff --git a/module-collectd/templates/plugin/snmp.conf.erb b/module-collectd/templates/plugin/snmp.conf.erb index 0d0511943..e92e3bfdd 100644 --- a/module-collectd/templates/plugin/snmp.conf.erb +++ b/module-collectd/templates/plugin/snmp.conf.erb @@ -3,9 +3,20 @@ <% @data.sort_by {|k,v| k}.each do |key,val| -%> "> Type "<%= val['Type'] %>" +<% if val['Table'] -%> Table <%= val['Table'] %> +<% end -%> Instance "<%= val['Instance'] %>" - Values <% Array(val['Values']).sort.each do |x| -%>"<%= x %>" <% end %> +<% if val['InstancePrefix'] -%> + InstancePrefix "<%= val['InstancePrefix'] %>" +<% end -%> + Values <% Array(val['Values']).each do |x| -%>"<%= x %>" <% end %> +<% if val['Scale'] -%> + Scale <%= val['Scale'] %> +<% end -%> +<% if val['Shitf'] -%> + Shitf <%= val['Shitf'] %> +<% end -%> <% end -%> <% @hosts.sort_by {|k,v| k}.each do |key,val| -%> diff --git a/module-collectd/templates/plugin/snmp/data.conf.erb b/module-collectd/templates/plugin/snmp/data.conf.erb index abea2f9de..ca2ba6d58 100644 --- a/module-collectd/templates/plugin/snmp/data.conf.erb +++ b/module-collectd/templates/plugin/snmp/data.conf.erb @@ -3,6 +3,15 @@ Type "<%= @type %>" Table <%= @table_bool ? 'true' : 'false' %> Instance "<%= @instance %>" +<% if @instanceprefix -%> + InstancePrefix "<%= @instanceprefix %>" +<% end -%> Values <%= Array(@values).map { |x| %Q{"#{x}"} }.join(' ') %> +<% if @scale -%> + Scale <%= @scale %> +<% end -%> +<% if @shift -%> + Shift <%= @shift %> +<% end -%> diff --git a/module-collectd/templates/plugin/swap.conf.erb b/module-collectd/templates/plugin/swap.conf.erb index b2ba41e86..ff1047535 100644 --- a/module-collectd/templates/plugin/swap.conf.erb +++ b/module-collectd/templates/plugin/swap.conf.erb @@ -3,4 +3,8 @@ <% if @collectd_version and scope.function_versioncmp([@collectd_version, '5.2']) > 0 -%> ReportBytes <%= @reportbytes %> <% end -%> +<% if @collectd_version and scope.function_versioncmp([@collectd_version, '5.5']) > 0 -%> + ValuesAbsolute = <%= @valuesabsolute %> + ValuesPercentage = <%= @valuespercentage %> +<% end -%> diff --git a/module-collectd/templates/plugin/tcpconns.conf.erb b/module-collectd/templates/plugin/tcpconns.conf.erb index 4a362a4e6..687bb63be 100644 --- a/module-collectd/templates/plugin/tcpconns.conf.erb +++ b/module-collectd/templates/plugin/tcpconns.conf.erb @@ -13,4 +13,7 @@ RemotePort "<%= remoteport %>" <% end -%> <% end -%> +<% if @allportssummary and @collectd_version and (scope.function_versioncmp([@collectd_version, '5.5.0']) >= 0) -%> + AllPortsSummary <%= @allportssummary %> +<% end -%> diff --git a/module-collectd/templates/plugin/write_graphite.conf.erb b/module-collectd/templates/plugin/write_graphite.conf.erb deleted file mode 100644 index 4ab3906ae..000000000 --- a/module-collectd/templates/plugin/write_graphite.conf.erb +++ /dev/null @@ -1,18 +0,0 @@ - - - Host "<%= @graphitehost %>" - Port "<%= @graphiteport %>" - Prefix "<%= @graphiteprefix %>" -<% if @graphitepostfix -%> - Postfix "<%= @graphitepostfix %>" -<% end -%> - EscapeCharacter "<%= @escapecharacter %>" - StoreRates <%= @storerates %> - AlwaysAppendDS <%= @alwaysappendds %> - SeparateInstances <%= @separateinstances %> -<% if @collectd_version and (scope.function_versioncmp([@collectd_version, '5.4']) >= 0) -%> - LogSendErrors <%= @logsenderrors %> - Protocol "<%= @protocol %>" -<% end -%> - - diff --git a/module-collectd/templates/plugin/write_graphite/carbon.conf.erb b/module-collectd/templates/plugin/write_graphite/carbon.conf.erb new file mode 100644 index 000000000..5094a1135 --- /dev/null +++ b/module-collectd/templates/plugin/write_graphite/carbon.conf.erb @@ -0,0 +1,24 @@ +<%- if @collectd_version and (scope.function_versioncmp([@collectd_version, '5.3']) >= 0) -%> +"> +<%- else -%> + +<%- end -%> + Host "<%= @graphitehost %>" + Port "<%= @graphiteport %>" + Prefix "<%= @graphiteprefix %>" +<%- if @graphitepostfix -%> + Postfix "<%= @graphitepostfix %>" +<%- end -%> + EscapeCharacter "<%= @escapecharacter %>" + StoreRates <%= @storerates %> + AlwaysAppendDS <%= @alwaysappendds %> + SeparateInstances <%= @separateinstances %> +<%- if @collectd_version and (scope.function_versioncmp([@collectd_version, '5.4']) >= 0) -%> + LogSendErrors <%= @logsenderrors %> + Protocol "<%= @protocol %>" +<%- end -%> +<%- if @collectd_version and (scope.function_versioncmp([@collectd_version, '5.3']) >= 0) -%> + +<%- else -%> + +<%- end -%> diff --git a/module-collectd/tests/plugins/ceph.pp b/module-collectd/tests/plugins/ceph.pp new file mode 100644 index 000000000..c0670ad0f --- /dev/null +++ b/module-collectd/tests/plugins/ceph.pp @@ -0,0 +1,7 @@ +include collectd + +class { 'collectd::plugin::ceph': + osds => [ 'osd.0', 'osd.1', 'osd.2'], +} + + diff --git a/module-collectd/tests/plugins/netlink.pp b/module-collectd/tests/plugins/netlink.pp new file mode 100644 index 000000000..4a397d5eb --- /dev/null +++ b/module-collectd/tests/plugins/netlink.pp @@ -0,0 +1,10 @@ +include collectd + +class { 'collectd::plugin::netlink': + interfaces => ['eth0', 'eth1'], + verboseinterfaces => ['ppp0'], + qdiscs => ['"eth0" "pfifo_fast-1:0"', '"ppp0"'], + classes => ['"ppp0" "htb-1:10"'], + filters => ['"ppp0" "u32-1:0"'], + ignoreselected => false, +} diff --git a/module-data/lib/hiera/backend/module_data_backend.rb b/module-data/lib/hiera/backend/module_data_backend.rb index 94f4b4761..4dabd02f4 100644 --- a/module-data/lib/hiera/backend/module_data_backend.rb +++ b/module-data/lib/hiera/backend/module_data_backend.rb @@ -13,7 +13,7 @@ def initialize(cache=nil) def load_module_config(module_name, environment) default_config = {:hierarchy => ["common"]} - mod = Puppet::Module.find(module_name) unless Puppet::Module.find(module_name, environment) + mod = Puppet::Module.find(module_name, environment) || Puppet::Module.find(module_name) return default_config unless mod @@ -36,7 +36,7 @@ def load_data(path) @cache.read(path, Hash, {}) do |data| if path.end_with? "/hiera.yaml" - YAML.load(data, deserialize_symbols: true) + YAML.load(data, :deserialize_symbols => true) else YAML.load(data) end diff --git a/mongodb/README.md b/mongodb/README.md index 6ce083e1b..9363b0b64 100644 --- a/mongodb/README.md +++ b/mongodb/README.md @@ -92,6 +92,19 @@ class {'::mongodb::server': }-> class {'::mongodb::client': } ``` +Having a local copy of MongoDB repository (that is managed by your private modules) +you can still enjoy the charms of `mongodb::params` that manage packages. +To disable managing of repository, but still enable managing packages: + +```puppet +class {'::mongodb::globals': + manage_package_repo => false, + manage_package => true, +}-> +class {'::mongodb::server': }-> +class {'::mongodb::client': } +``` + ## Usage Most of the interaction for the server is done via `mongodb::server`. For @@ -434,6 +447,12 @@ Default: <> Whether or not the MongoDB service resource should be part of the catalog. Default: true +#####`storage_engine` +Only needed for MongoDB 3.x versions, where it's possible to select the +'wiredTiger' engine in addition to the default 'mmapv1' engine. If not set, the +config is left out and mongo will default to 'mmapv1'. +You should not set this for MongoDB versions < 3.x + #####`restart` Specifies whether the service should be restarted on config changes. Default: 'true' @@ -531,7 +550,7 @@ The maximum amount of two second tries to wait MongoDB startup. Default: 10 ```puppet mongodb_user { testuser: - username => 'testuser', + name => 'testuser', ensure => present, password_hash => mongodb_password('testuser', 'p@ssw0rd'), database => testdb, diff --git a/mongodb/lib/puppet/provider/mongodb.rb b/mongodb/lib/puppet/provider/mongodb.rb index 101f3fd6a..8d0464679 100644 --- a/mongodb/lib/puppet/provider/mongodb.rb +++ b/mongodb/lib/puppet/provider/mongodb.rb @@ -76,11 +76,27 @@ def self.get_conn_string # Mongo Command Wrapper def self.mongo_eval(cmd, db = 'admin') + retry_count = 10 + retry_sleep = 3 if mongorc_file cmd = mongorc_file + cmd end - out = mongo([db, '--quiet', '--host', get_conn_string, '--eval', cmd]) + out = nil + retry_count.times do |n| + begin + out = mongo([db, '--quiet', '--host', get_conn_string, '--eval', cmd]) + rescue => e + debug "Request failed: '#{e.message}' Retry: '#{n}'" + sleep retry_sleep + next + end + break + end + + if !out + fail "Could not evalute MongoDB shell command: #{cmd}" + end out.gsub!(/ObjectId\(([^)]*)\)/, '\1') out diff --git a/mongodb/lib/puppet/provider/mongodb_replset/mongo.rb b/mongodb/lib/puppet/provider/mongodb_replset/mongo.rb index ca3fcf845..0889e4dd5 100644 --- a/mongodb/lib/puppet/provider/mongodb_replset/mongo.rb +++ b/mongodb/lib/puppet/provider/mongodb_replset/mongo.rb @@ -252,6 +252,7 @@ def self.mongo_command(command, host=nil, retries=4) # Dirty hack to remove JavaScript objects output.gsub!(/ISODate\((.+?)\)/, '\1 ') output.gsub!(/Timestamp\((.+?)\)/, '[\1]') + output.gsub!(/ObjectId\(([^)]*)\)/, '\1') #Hack to avoid non-json empty sets output = "{}" if output == "null\n" diff --git a/mongodb/manifests/client.pp b/mongodb/manifests/client.pp index c276a11f6..63a800c50 100644 --- a/mongodb/manifests/client.pp +++ b/mongodb/manifests/client.pp @@ -12,5 +12,7 @@ $ensure = $mongodb::params::package_ensure_client, $package_name = $mongodb::params::client_package_name, ) inherits mongodb::params { - class { '::mongodb::client::install': } + anchor { '::mongodb::client::start': } -> + class { '::mongodb::client::install': } -> + anchor { '::mongodb::client::end': } } diff --git a/mongodb/manifests/globals.pp b/mongodb/manifests/globals.pp index 6a7dd12e6..4706a3525 100644 --- a/mongodb/manifests/globals.pp +++ b/mongodb/manifests/globals.pp @@ -11,6 +11,9 @@ $service_ensure = undef, $service_name = undef, $mongos_service_manage = undef, + $mongos_service_enable = undef, + $mongos_service_ensure = undef, + $mongos_service_status = undef, $mongos_service_name = undef, $service_provider = undef, $service_status = undef, @@ -23,6 +26,7 @@ $version = undef, $manage_package_repo = undef, + $manage_package = undef, $use_enterprise_repo = undef, ) { diff --git a/mongodb/manifests/params.pp b/mongodb/manifests/params.pp index d4e0ad00b..7fe6bec99 100644 --- a/mongodb/manifests/params.pp +++ b/mongodb/manifests/params.pp @@ -16,11 +16,13 @@ $mongos_configdb = '127.0.0.1:27019' $mongos_restart = true + $manage_package = pick($mongodb::globals::manage_package, $mongodb::globals::manage_package_repo, false) + # Amazon Linux's OS Family is 'Linux', operating system 'Amazon'. case $::osfamily { 'RedHat', 'Linux': { - if $mongodb::globals::manage_package_repo { + if $manage_package { $user = pick($::mongodb::globals::user, 'mongod') $group = pick($::mongodb::globals::group, 'mongod') if ($::mongodb::globals::version == undef) { @@ -105,7 +107,7 @@ } } 'Debian': { - if $::mongodb::globals::manage_package_repo { + if $manage_package { $user = pick($::mongodb::globals::user, 'mongodb') $group = pick($::mongodb::globals::group, 'mongodb') if ($::mongodb::globals::version == undef) { @@ -142,6 +144,7 @@ $mongos_config = '/etc/mongodb-shard.conf' $dbpath = '/var/lib/mongodb' $logpath = '/var/log/mongodb/mongodb.log' + $pidfilepath = '/var/run/mongod.pid' $bind_ip = pick($::mongodb::globals::bind_ip, ['127.0.0.1']) } else { # although we are living in a free world, @@ -173,6 +176,7 @@ } # avoid using fork because of the init scripts design $fork = undef + $journal = undef $mongos_pidfilepath = undef $mongos_unixsocketprefix = undef $mongos_logpath = undef @@ -184,6 +188,16 @@ } case $::operatingsystem { + 'Debian': { + case $::operatingsystemmajrelease { + '8': { + $service_provider = pick($service_provider, 'systemd') + } + default: { + $service_provider = pick($service_provider, 'debian') + } + } + } 'Ubuntu': { $service_provider = pick($service_provider, 'upstart') } @@ -191,5 +205,4 @@ $service_provider = undef } } - } diff --git a/mongodb/manifests/server.pp b/mongodb/manifests/server.pp index a5affa792..555c7970e 100644 --- a/mongodb/manifests/server.pp +++ b/mongodb/manifests/server.pp @@ -65,6 +65,7 @@ $ssl_key = undef, $ssl_ca = undef, $restart = $mongodb::params::restart, + $storage_engine = undef, # Deprecated parameters $master = undef, diff --git a/mongodb/manifests/server/config.pp b/mongodb/manifests/server/config.pp index d95b99a9c..9a146b4eb 100644 --- a/mongodb/manifests/server/config.pp +++ b/mongodb/manifests/server/config.pp @@ -55,6 +55,8 @@ $ssl = $mongodb::server::ssl $ssl_key = $mongodb::server::ssl_key $ssl_ca = $mongodb::server::ssl_ca + $storage_engine = $mongodb::server::storage_engine + $version = $mongodb::server::version File { owner => $user, @@ -83,10 +85,17 @@ } } + if empty($storage_engine) { + $storage_engine_internal = undef + } else { + $storage_engine_internal = $storage_engine + } + + #Pick which config content to use if $config_content { $cfg_content = $config_content - } elsif (versioncmp($mongodb::globals::version, '2.6.0') >= 0) { + } elsif (versioncmp($version, '2.6.0') >= 0) { # Template uses: # - $auth # - $bind_ip @@ -123,6 +132,7 @@ # - $verbositylevel $cfg_content = template('mongodb/mongodb.conf.2.6.erb') } else { + # Fall back to oldest most basic config # Template uses: # - $auth # - $bind_ip @@ -170,6 +180,7 @@ # - $ssl # - $ssl_ca # - $ssl_key + # - storage_engine_internal # - $syslog # - $verbose # - $verbositylevel diff --git a/mongodb/spec/classes/server_config_spec.rb b/mongodb/spec/classes/server_config_spec.rb index 16b2bfac4..dbecb8707 100644 --- a/mongodb/spec/classes/server_config_spec.rb +++ b/mongodb/spec/classes/server_config_spec.rb @@ -39,6 +39,14 @@ end + describe 'when specifying storage_engine' do + let(:pre_condition) { ["class mongodb::server { $config = '/etc/mongod.conf' $dbpath = '/var/lib/mongo' $ensure = present $version='3.0.3' $storage_engine = 'SomeEngine' $storage_engine_internal = 'SomeEngine' $user = 'mongod' $group = 'mongod' $port = 29017 $bind_ip = ['0.0.0.0'] $fork = true $logpath ='/var/log/mongo/mongod.log' $logappend = true}", "include mongodb::server"]} + + it { + is_expected.to contain_file('/etc/mongod.conf').with_content(/storage.engine:\sSomeEngine/) + } + end + describe 'with specific bind_ip values and ipv6' do let(:pre_condition) { ["class mongodb::server { $config = '/etc/mongod.conf' $dbpath = '/var/lib/mongo' $ensure = present $bind_ip = ['127.0.0.1', 'fd00:beef:dead:55::143'] $ipv6 = true }", "include mongodb::server"]} diff --git a/mongodb/templates/mongodb.conf.2.6.erb b/mongodb/templates/mongodb.conf.2.6.erb index fc4246a41..293f8099a 100644 --- a/mongodb/templates/mongodb.conf.2.6.erb +++ b/mongodb/templates/mongodb.conf.2.6.erb @@ -44,7 +44,7 @@ storage.journal.enabled: false storage.journal.enabled: true <% end -%> <% if @noprealloc -%> -storage.preallocDataFiles: <%= @noprealloc %> +storage.preallocDataFiles: <%= !@noprealloc %> <% end -%> <% if @nssize -%> storage.nsSize: <%= @nssize %> @@ -61,6 +61,9 @@ storage.quota.enforced: <%= @quota %> storage.quota.maxFilesPerDB: <%= @quotafiles %> <% end -%> <% end -%> +<% if @storage_engine_internal -%> +storage.engine: <%= @storage_engine_internal %> +<% end -%> #Security diff --git a/mysql/.gitignore b/mysql/.gitignore index b5db85e05..874db461f 100644 --- a/mysql/.gitignore +++ b/mysql/.gitignore @@ -7,3 +7,4 @@ spec/fixtures/ coverage/ .idea/ *.iml +log/ diff --git a/mysql/.travis.yml b/mysql/.travis.yml index cbf6f11df..c667d4d2c 100644 --- a/mysql/.travis.yml +++ b/mysql/.travis.yml @@ -2,7 +2,7 @@ sudo: false language: ruby bundler_args: --without system_tests -script: "bundle exec rake validate && bundle exec rake lint && bundle exec rake spec SPEC_OPTS='--format documentation'" +script: "bundle exec rake validate lint spec SPEC_OPTS='--format documentation'" matrix: fast_finish: true include: @@ -20,8 +20,5 @@ matrix: env: PUPPET_GEM_VERSION="~> 2.7.0" FACTER_GEM_VERSION="~> 1.6.0" - rvm: 1.8.7 env: PUPPET_GEM_VERSION="~> 2.7.0" FACTER_GEM_VERSION="~> 1.7.0" - allow_failures: - - rvm: 2.1.6 - env: PUPPET_GEM_VERSION="~> 4.0" STRICT_VARIABLES="yes" notifications: email: false diff --git a/mysql/CHANGELOG.md b/mysql/CHANGELOG.md index 89d2fe836..872bf3bc0 100644 --- a/mysql/CHANGELOG.md +++ b/mysql/CHANGELOG.md @@ -1,3 +1,30 @@ +## 2015-08-10 - Supported Release 3.6.0 +### Summary +This release adds the ability to use mysql::db and `mysql_*` types against unmanaged or external mysql instances. + +#### Features +- Add ability to use mysql::db WITHOUT mysql::server (ie, externally) +- Add prescript attribute to mysql::server::backup for xtrabackup +- Add postscript ability to xtrabackup provider. + +#### Bugfixes +- Fix default root passwords blocking puppet on mysql 5.8 +- Fix service dependency when package_manage is false +- Fix selinux permissions on my.cnf + +##2015-07-23 - Supported Release 3.5.0 +###Summary +A small release to add explicit support to newer Puppet versions and accumulated patches. + +####Features/Improvements +- Start running tests against puppet 4 +- Support longer usernames on newer MariaDB versions +- Add parameters for Solaris 11 and 12 + +####Bugfixes +- Fix references to the mysql-server package +- mysql_server_id doesn't throw and error on machines without macaddress + ##2015-05-19 - Supported Release 3.4.0 ###Summary This release includes the addition of extra facts, OpenBSD compatibility, and a number of other features, improvements and bug fixes. @@ -104,7 +131,7 @@ Added several new features including MariaDB support and future parser * `mysql::db` now has an import\_timeout feature that defaults to 300 * The `mysql` class has been removed * `mysql::server` now takes an `override_options` hash that will affect the installation -* Ability to install both dev and client dev +* Ability to install both dev and client dev ####BugFix * `mysql::server::backup` now passes `ensure` param to the nested `mysql_grant` diff --git a/mysql/CONTRIBUTING.md b/mysql/CONTRIBUTING.md index f1cbde4bb..bfeaa701c 100644 --- a/mysql/CONTRIBUTING.md +++ b/mysql/CONTRIBUTING.md @@ -159,7 +159,7 @@ If you already have those gems installed, make sure they are up-to-date: With all dependencies in place and up-to-date we can now run the tests: ```shell -% rake spec +% bundle exec rake spec ``` This will execute all the [rspec tests](http://rspec-puppet.com/) tests @@ -178,8 +178,8 @@ installed on your system. You can run them by issuing the following command ```shell -% rake spec_clean -% rspec spec/acceptance +% bundle exec rake spec_clean +% bundle exec rspec spec/acceptance ``` This will now download a pre-fabricated image configured in the [default node-set](./spec/acceptance/nodesets/default.yml), diff --git a/mysql/Gemfile b/mysql/Gemfile index bfe64b186..1a88250e8 100644 --- a/mysql/Gemfile +++ b/mysql/Gemfile @@ -1,7 +1,7 @@ source ENV['GEM_SOURCE'] || "https://rubygems.org" def location_for(place, fake_version = nil) - if place =~ /^(git:[^#]*)#(.*)/ + if place =~ /^(git[:@][^#]*)#(.*)/ [fake_version, { :git => $1, :branch => $2, :require => false }].compact elsif place =~ /^file:\/\/(.*)/ ['>= 0', { :path => File.expand_path($1), :require => false }] @@ -16,6 +16,7 @@ group :development, :unit_tests do gem 'simplecov', :require => false gem 'puppet_facts', :require => false gem 'json', :require => false + gem 'metadata-json-lint', :require => false end group :system_tests do @@ -27,8 +28,8 @@ group :system_tests do else gem 'beaker-rspec', :require => false end - gem 'serverspec', :require => false - gem 'beaker-puppet_install_helper', :require => false + gem 'serverspec', :require => false + gem 'beaker-puppet_install_helper', :require => false end diff --git a/mysql/README.md b/mysql/README.md index 0202e05bd..99ac0f386 100644 --- a/mysql/README.md +++ b/mysql/README.md @@ -1,10 +1,9 @@ -#MySQL +# mysql -####Table of Contents +#### Table of Contents -1. [Overview](#overview) -2. [Module Description - What the module does and why it is useful](#module-description) -3. [Backwards compatibility information](#backwards-compatibility) +1. [Module Description - What the module does and why it is useful](#module-description) +2. [Backwards compatibility information](#backwards-compatibility) 3. [Setup - The basics of getting started with mysql](#setup) * [Beginning with mysql](#beginning-with-mysql) 4. [Usage - Configuration options and additional functionality](#usage) @@ -12,26 +11,18 @@ * [Creating a Database](#creating-a-database) * [Custom Configuration](#custom-configuration) 5. [Reference - An under-the-hood peek at what the module is doing and how](#reference) -5. [Limitations - OS compatibility, etc.](#limitations) -6. [Development - Guide for contributing to the module](#development) +6. [Limitations - OS compatibility, etc.](#limitations) +7. [Development - Guide for contributing to the module](#development) -##Overview +## Module Description The MySQL module installs, configures, and manages the MySQL service. -##Module Description - The MySQL module manages both the installation and configuration of MySQL, as well as extending Puppet to allow management of MySQL resources, such as databases, users, and grants. -##Setup - -###What MySQL affects +## Setup -* MySQL package -* MySQL configuration files -* MySQL service - -###Beginning with MySQL +### Beginning with MySQL If you want a server installed with the default options you can run `include '::mysql::server'`. @@ -49,11 +40,11 @@ class { '::mysql::server': See [**Customizing Server Options**](#customizing-server-options) below for examples of the hash structure for $override_options`. -##Usage +## Usage All interaction for the server is done via `mysql::server`. To install the client, use `mysql::client`. To install bindings, use `mysql::bindings`. -###Customizing Server Options +### Customizing Server Options The hash structure for overrides in `mysql::server` can be structured like a hash in the my.cnf file, so: @@ -141,25 +132,41 @@ mysql::db { 'mydb': } ~~~ -###Custom Configuration +### Custom Configuration To add custom MySQL configuration, drop additional files into `includedir`. Dropping files into `includedir` allows you to override settings or add additional ones, which is helpful if you choose not to use `override_options` in `mysql::server`. The `includedir` location is by default set to /etc/mysql/conf.d. -##Reference +### Working with an existing server -###Classes +You can use the MySQL module to instantiate databases and +users on an existing MySQL server. For this to work, you need an +appropriate `.my.cnf` in `root`'s home directory containing the remote +server address and credentials. For example: -####Public classes -* `mysql::server`: Installs and configures MySQL. -* `mysql::server::account_security`: Deletes default MySQL accounts. -* `mysql::server::monitor`: Sets up a monitoring user. -* `mysql::server::mysqltuner`: Installs MySQL tuner script. -* `mysql::server::backup`: Sets up MySQL backups via cron. -* `mysql::bindings`: Installs various MySQL language bindings. -* `mysql::client`: Installs MySQL client (for non-servers). + [client] + user=root + host=localhost + password=secret + +When working with a remote server, do *not* use the +`mysql::server` class in your Puppet manifests. + +## Reference + +### Classes + +#### Public classes + +* [`mysql::server`](#mysqlserver): Installs and configures MySQL. +* [`mysql::server::monitor`](#mysqlservermonitor): Sets up a monitoring user. +* [`mysql::server::mysqltuner`](#mysqlservermysqltuner): Installs MySQL tuner script. +* [`mysql::server::backup`](#mysqlserverbackup): Sets up MySQL backups via cron. +* [`mysql::bindings`](#mysqlbindings): Installs various MySQL language bindings. +* [`mysql::client`](#mysqlclient): Installs MySQL client (for non-servers). + +#### Private classes -####Private classes * `mysql::server::install`: Installs packages. * `mysql::server::config`: Configures MYSQL. * `mysql::server::service`: Manages service. @@ -178,11 +185,11 @@ To add custom MySQL configuration, drop additional files into * `mysql::backup::mysqlbackup`: Implements backups with Oracle MySQL Enterprise Backup. * `mysql::backup::xtrabackup`: Implements backups with XtraBackup from Percona. -###Parameters +### Parameters -####mysql::server +#### mysql::server -#####`create_root_user` +##### `create_root_user` Specify whether root user should be created. Valid values are 'true', 'false'. Defaults to 'true'. @@ -190,13 +197,13 @@ This is useful for a cluster setup with Galera. The root user has to be created only once. `create_root_user` can be set to 'true' on one node while it is set to 'false' on the remaining nodes. -#####`create_root_my_cnf` +##### `create_root_my_cnf` If set to 'true', creates `/root/.my.cnf`. Valid values are 'true', 'false'. Defaults to 'true'. `create_root_my_cnf` allows creation of `/root/.my.cnf` independently of `create_root_user`. This can be used for a cluster setup with Galera where you want `/root/.my.cnf` to exist on all nodes. -#####`root_password` +##### `root_password` The MySQL root password. Puppet attempts to set the root password and update `/root/.my.cnf` with it. @@ -204,11 +211,11 @@ This is required if `create_root_user` or `create_root_my_cnf` are 'true'. If `r Password changes are supported; however, the old password must be set in `/root/.my.cnf`. Effectively, Puppet uses the old password, configured in `/root/my.cnf`, to set the new password in MySQL, and then updates `/root/.my.cnf` with the new password. -####`old_root_password` +##### `old_root_password` This parameter no longer does anything. It exists only for backwards compatibility. See the `root_password` parameter above for details on changing the root password. -#####`override_options` +##### `override_options` The hash of override options to pass into MySQL. Structured like a hash in the my.cnf file: @@ -222,69 +229,69 @@ $override_options = { See [**Customizing Server Options**](#customizing-server-options) above for usage details. -#####`config_file` +##### `config_file` The location, as a path, of the MySQL configuration file. -#####`manage_config_file` +##### `manage_config_file` Whether the MySQL configuration file should be managed. Valid values are 'true', 'false'. Defaults to 'true'. -#####`includedir` +##### `includedir` The location, as a path, of !includedir for custom configuration overrides. -#####`install_options` +##### `install_options` Pass [install_options](https://docs.puppetlabs.com/references/latest/type.html#package-attribute-install_options) array to managed package resources. You must pass the appropriate options for the specified package manager. -#####`purge_conf_dir` +##### `purge_conf_dir` Whether the `includedir` directory should be purged. Valid values are 'true', 'false'. Defaults to 'false'. -#####`restart` +##### `restart` Whether the service should be restarted when things change. Valid values are 'true', 'false'. Defaults to 'false'. -#####`root_group` +##### `root_group` The name of the group used for root. Can be a group name or a group ID. See more about the [`group` file attribute](https://docs.puppetlabs.com/references/latest/type.html#file-attribute-group). -#####`mysql_group` +##### `mysql_group` The name of the group of the MySQL daemon user. Can be a group name or a group ID. See more about the [`group` file attribute](https://docs.puppetlabs.com/references/latest/type.html#file-attribute-group). -#####`package_ensure` +##### `package_ensure` Whether the package exists or should be a specific version. Valid values are 'present', 'absent', or 'x.y.z'. Defaults to 'present'. -#####`package_manage` +##### `package_manage` Whether to manage the MySQL server package. Defaults to true. -#####`package_name` +##### `package_name` The name of the MySQL server package to install. -#####`remove_default_accounts` +##### `remove_default_accounts` Specify whether to automatically include `mysql::server::account_security`. Valid values are 'true', 'false'. Defaults to 'false'. -#####`service_enabled` +##### `service_enabled` Specify whether the service should be enabled. Valid values are 'true', 'false'. Defaults to 'true'. -#####`service_manage` +##### `service_manage` Specify whether the service should be managed. Valid values are 'true', 'false'. Defaults to 'true'. -#####`service_name` +##### `service_name` The name of the MySQL server service. Defaults are OS dependent, defined in params.pp. -#####`service_provider` +##### `service_provider` The provider to use to manage the service. For Ubuntu, defaults to 'upstart'; otherwise, default is undefined. -#####`users` +##### `users` Optional hash of users to create, which are passed to [mysql_user](#mysql_user). @@ -301,7 +308,7 @@ users => { } ~~~ -#####`grants` +##### `grants` Optional hash of grants, which are passed to [mysql_grant](#mysql_grant). @@ -317,7 +324,7 @@ grants => { } ~~~ -#####`databases` +##### `databases` Optional hash of databases to create, which are passed to [mysql_database](#mysql_database). @@ -330,80 +337,84 @@ databases => { } ~~~ -####mysql::server::backup +#### mysql::server::backup -#####`backupuser` +##### `backupuser` MySQL user to create for backups. -#####`backuppassword` +##### `backuppassword` MySQL user password for backups. -#####`backupdir` +##### `backupdir` Directory in which to store backups. -#####`backupdirmode` +##### `backupdirmode` Permissions applied to the backup directory. This parameter is passed directly to the `file` resource. -#####`backupdirowner` +##### `backupdirowner` Owner for the backup directory. This parameter is passed directly to the `file` resource. -#####`backupdirgroup` +##### `backupdirgroup` Group owner for the backup directory. This parameter is passed directly to the `file` resource. -#####`backupcompress` +##### `backupcompress` Whether backups should be compressed. Valid values are 'true', 'false'. Defaults to 'true'. -#####`backuprotate` +##### `backuprotate` How many days to keep backups. Valid value is an integer. Defaults to '30'. -#####`delete_before_dump` +##### `delete_before_dump` Whether to delete old .sql files before backing up. Setting to 'true' deletes old files before backing up, while setting to 'false' deletes them after backup. Valid values are 'true', 'false'. Defaults to 'false'. -#####`backupdatabases` +##### `backupdatabases` Specify an array of databases to back up. -#####`file_per_database` +##### `file_per_database` Whether a separate file be used per database. Valid values are 'true', 'false'. Defaults to 'false'. -#####`include_routines` +##### `include_routines` Whether or not to include routines for each database when doing a `file_per_database` backup. Defaults to `false`. -#####`include_triggers` +##### `include_triggers` Whether or not to include triggers for each database when doing a `file_per_database` backup. Defaults to `false`. -#####`ensure` +##### `ensure` Allows you to remove the backup scripts. Valid values are 'present', 'absent'. Defaults to 'present'. -#####`execpath` +##### `execpath` Allows you to set a custom PATH should your MySQL installation be non-standard places. Defaults to `/usr/bin:/usr/sbin:/bin:/sbin`. -#####`time` +##### `time` An array of two elements to set the backup time. Allows ['23', '5'] (i.e., 23:05) or ['3', '45'] (i.e., 03:45) for HH:MM times. -#####`postscript` +##### `postscript` -A script that is executed at when the backup is finished. This could be used to (r)sync the backup to a central store. This script can be either a single line that is directly executed or a number of lines supplied as an array. It could also be one or more externally managed (executable) files. +A script that is executed when the backup is finished. This could be used to (r)sync the backup to a central store. This script can be either a single line that is directly executed or a number of lines supplied as an array. It could also be one or more externally managed (executable) files. -#####`provider` +##### `prescript` + +A script that is executed before the backup begins. + +##### `provider` Sets the server backup implementation. Valid values are: @@ -411,21 +422,21 @@ Sets the server backup implementation. Valid values are: * `mysqlbackup`: Implements backups with MySQL Enterprise Backup from Oracle. Backup type: Physical. To use this type of backup, you'll need the `meb` package, which is available in RPM and TAR formats from Oracle. For Ubuntu, you can use [meb-deb](https://github.com/dveeden/meb-deb) to create a package from an official tarball. * `xtrabackup`: Implements backups with XtraBackup from Percona. Backup type: Physical. -####mysql::server::monitor +#### mysql::server::monitor -#####`mysql_monitor_username` +##### `mysql_monitor_username` The username to create for MySQL monitoring. -#####`mysql_monitor_password` +##### `mysql_monitor_password` The password to create for MySQL monitoring. -#####`mysql_monitor_hostname` +##### `mysql_monitor_hostname` The hostname from which the monitoring user requests are allowed access. -####mysql::server::mysqltuner +#### mysql::server::mysqltuner **Note**: If you're using this class on a non-network-connected system, you must download the mysqltuner.pl script and have it hosted somewhere accessible via `http(s)://`, `puppet://`, `ftp://`, or a fully qualified file path. @@ -441,7 +452,7 @@ The version to install from the major/MySQLTuner-perl github repository. Must be Parameter to optionally specify the source. If not specified, defaults to `https://github.com/major/MySQLTuner-perl/raw/${version}/mysqltuner.pl` -####mysql::bindings +#### mysql::bindings ##### `client_dev` @@ -455,7 +466,7 @@ Specify whether `::mysql::bindings::daemon_dev` should be included. Valid values Specify whether `::mysql::bindings::java` should be included. Valid values are 'true', 'false'. Defaults to 'false'. -##### `perl_enable` +##### `perl_enable` Specify whether `mysql::bindings::perl` should be included. Valid values are 'true', 'false'. Defaults to 'false'. @@ -499,27 +510,27 @@ The name of the daemon_dev package to install. Only applies if `daemon_dev => tr The provider to use to install the daemon_dev package. Only applies if `daemon_dev => true`. -#####`java_package_ensure` +##### `java_package_ensure` Whether the package should be present, absent, or a specific version. Valid values are 'present', 'absent', or 'x.y.z'. Only applies if `java_enable => true`. -#####`java_package_name` +##### `java_package_name` The name of the Java package to install. Only applies if `java_enable => true`. -#####`java_package_provider` +##### `java_package_provider` The provider to use to install the Java package. Only applies if `java_enable => true`. -#####`perl_package_ensure` +##### `perl_package_ensure` Whether the package should be present, absent, or a specific version. Valid values are 'present', 'absent', or 'x.y.z'. Only applies if `perl_enable => true`. -#####`perl_package_name` +##### `perl_package_name` The name of the Perl package to install. Only applies if `perl_enable => true`. -#####`perl_package_provider` +##### `perl_package_provider` The provider to use to install the Perl package. Only applies if `perl_enable => true`. @@ -531,54 +542,54 @@ Whether the package should be present, absent, or a specific version. Valid valu The name of the PHP package to install. Only applies if `php_enable => true`. -#####`python_package_ensure` +##### `python_package_ensure` Whether the package should be present, absent, or a specific version. Valid values are 'present', 'absent', or 'x.y.z'. Only applies if `python_enable => true`. -#####`python_package_name` +##### `python_package_name` The name of the Python package to install. Only applies if `python_enable => true`. -#####`python_package_provider` +##### `python_package_provider` The provider to use to install the PHP package. Only applies if `python_enable => true`. -#####`ruby_package_ensure` +##### `ruby_package_ensure` Whether the package should be present, absent, or a specific version. Valid values are 'present', 'absent', or 'x.y.z'. Only applies if `ruby_enable => true`. -#####`ruby_package_name` +##### `ruby_package_name` The name of the Ruby package to install. Only applies if `ruby_enable => true`. -#####`ruby_package_provider` +##### `ruby_package_provider` What provider should be used to install the package. -####mysql::client +#### mysql::client -#####`bindings_enable` +##### `bindings_enable` Whether to automatically install all bindings. Valid values are 'true', 'false'. Default to 'false'. -#####`install_options` +##### `install_options` Array of install options for managed package resources. You must pass the appropriate options for the package manager. -#####`package_ensure` +##### `package_ensure` Whether the MySQL package should be present, absent, or a specific version. Valid values are 'present', 'absent', or 'x.y.z'. -#####`package_manage` +##### `package_manage` Whether to manage the MySQL client package. Defaults to true. -#####`package_name` +##### `package_name` The name of the MySQL client package to install. -###Defined Types +### Defines -####mysql::db +#### mysql::db ~~~ mysql_database { 'information_schema': @@ -637,10 +648,9 @@ Specify whether to create the database. Valid values are 'present', 'absent'. De Timeout, in seconds, for loading the sqlfiles. Defaults to '300'. +### Types -###Types - -####mysql_database +#### mysql_database `mysql_database` creates and manages databases within MySQL. @@ -660,7 +670,7 @@ The CHARACTER SET setting for the database. Defaults to ':utf8'. The COLLATE setting for the database. Defaults to ':utf8_general_ci'. -####mysql_user +#### mysql_user Creates and manages user grants within MySQL. @@ -708,10 +718,10 @@ Maximum queries per hour for the user. Must be an integer value. A value of '0' Maximum updates per hour for the user. Must be an integer value. A value of '0' specifies no (or global) limit. -####mysql_grant +#### mysql_grant `mysql_grant` creates grant permissions to access databases within -MySQL. To use it you must create the title of the resource as shown below, +MySQL. To create grant permissions to access databases with MySQL, use it you must create the title of the resource as shown below, following the pattern of `username@hostname/database.table`: ~~~ @@ -759,7 +769,7 @@ User to whom privileges are granted. MySQL options to grant. Optional. -####mysql_plugin +#### mysql_plugin `mysql_plugin` can be used to load plugins into the MySQL Server. @@ -778,11 +788,11 @@ Whether the resource is present. Valid values are 'present', 'absent'. Defaults The name of the MySQL plugin to manage. -##### `soname` +##### `soname` The library file name. -###Facts +### Facts #### `mysql_version` @@ -794,7 +804,7 @@ Generates a unique id, based on the node's MAC address, which can be used as `server_id`. This fact will *always* return `0` on nodes that have only loopback interfaces. Because those nodes aren't connected to the outside world, this shouldn't cause any conflicts. -##Limitations +## Limitations This module has been tested on: @@ -807,7 +817,7 @@ This module has been tested on: Testing on other platforms has been minimal and cannot be guaranteed. -#Development +## Development Puppet Labs modules on the Puppet Forge are open projects, and community contributions are essential for keeping them great. We can't access the diff --git a/mysql/lib/facter/mysql_server_id.rb b/mysql/lib/facter/mysql_server_id.rb index e7196b25f..3d2959293 100644 --- a/mysql/lib/facter/mysql_server_id.rb +++ b/mysql/lib/facter/mysql_server_id.rb @@ -4,6 +4,6 @@ def get_mysql_id Facter.add("mysql_server_id") do setcode do - get_mysql_id + get_mysql_id rescue nil end end diff --git a/mysql/lib/puppet/type/mysql_database.rb b/mysql/lib/puppet/type/mysql_database.rb index 5df43218f..1f94d5f88 100644 --- a/mysql/lib/puppet/type/mysql_database.rb +++ b/mysql/lib/puppet/type/mysql_database.rb @@ -4,6 +4,7 @@ ensurable autorequire(:file) { '/root/.my.cnf' } + autorequire(:class) { 'mysql::server' } newparam(:name, :namevar => true) do desc 'The name of the MySQL database to manage.' diff --git a/mysql/lib/puppet/type/mysql_grant.rb b/mysql/lib/puppet/type/mysql_grant.rb index 1de0697ed..e64e5d813 100644 --- a/mysql/lib/puppet/type/mysql_grant.rb +++ b/mysql/lib/puppet/type/mysql_grant.rb @@ -78,7 +78,14 @@ def initialize(*args) raise(ArgumentError, "Invalid database user #{value}") end - raise(ArgumentError, 'MySQL usernames are limited to a maximum of 16 characters') unless user_part.size <= 16 + mysql_version = Facter.value(:mysql_version) + unless mysql_version.nil? + if Puppet::Util::Package.versioncmp(mysql_version, '10.0.0') < 0 and user_part.size > 16 + raise(ArgumentError, 'MySQL usernames are limited to a maximum of 16 characters') + elsif Puppet::Util::Package.versioncmp(mysql_version, '10.0.0') > 0 and user_part.size > 80 + raise(ArgumentError, 'MySQL usernames are limited to a maximum of 80 characters') + end + end end end diff --git a/mysql/lib/puppet/type/mysql_user.rb b/mysql/lib/puppet/type/mysql_user.rb index 87e15ff5b..7f2f56e4e 100644 --- a/mysql/lib/puppet/type/mysql_user.rb +++ b/mysql/lib/puppet/type/mysql_user.rb @@ -5,6 +5,7 @@ ensurable autorequire(:file) { '/root/.my.cnf' } + autorequire(:class) { 'mysql::server' } newparam(:name, :namevar => true) do desc "The name of the user. This uses the 'username@hostname' or username@hostname." @@ -26,7 +27,14 @@ raise(ArgumentError, "Invalid database user #{value}") end - raise(ArgumentError, 'MySQL usernames are limited to a maximum of 16 characters') if user_part.size > 16 + mysql_version = Facter.value(:mysql_version) + unless mysql_version.nil? + if Puppet::Util::Package.versioncmp(mysql_version, '10.0.0') < 0 and user_part.size > 16 + raise(ArgumentError, 'MySQL usernames are limited to a maximum of 16 characters') + elsif Puppet::Util::Package.versioncmp(mysql_version, '10.0.0') > 0 and user_part.size > 80 + raise(ArgumentError, 'MySQL usernames are limited to a maximum of 80 characters') + end + end end munge do |value| diff --git a/mysql/manifests/backup/mysqlbackup.pp b/mysql/manifests/backup/mysqlbackup.pp index e7bb4d94a..3b0d94dfb 100644 --- a/mysql/manifests/backup/mysqlbackup.pp +++ b/mysql/manifests/backup/mysqlbackup.pp @@ -16,6 +16,7 @@ $include_routines = false, $ensure = 'present', $time = ['23', '5'], + $prescript = false, $postscript = false, $execpath = '/usr/bin:/usr/sbin:/bin:/sbin', ) { diff --git a/mysql/manifests/backup/mysqldump.pp b/mysql/manifests/backup/mysqldump.pp index 77d5e39f4..543476d8b 100644 --- a/mysql/manifests/backup/mysqldump.pp +++ b/mysql/manifests/backup/mysqldump.pp @@ -16,6 +16,7 @@ $include_routines = false, $ensure = 'present', $time = ['23', '5'], + $prescript = false, $postscript = false, $execpath = '/usr/bin:/usr/sbin:/bin:/sbin', ) { diff --git a/mysql/manifests/backup/xtrabackup.pp b/mysql/manifests/backup/xtrabackup.pp index a9c76bae1..4dc31f9cd 100644 --- a/mysql/manifests/backup/xtrabackup.pp +++ b/mysql/manifests/backup/xtrabackup.pp @@ -17,6 +17,7 @@ $include_routines = false, $ensure = 'present', $time = ['23', '5'], + $prescript = false, $postscript = false, $execpath = '/usr/bin:/usr/sbin:/bin:/sbin', ) { @@ -27,7 +28,7 @@ cron { 'xtrabackup-weekly': ensure => $ensure, - command => "innobackupex ${backupdir}", + command => "/usr/local/sbin/xtrabackup.sh ${backupdir}", user => 'root', hour => $time[0], minute => $time[1], @@ -37,7 +38,7 @@ cron { 'xtrabackup-daily': ensure => $ensure, - command => "innobackupex --incremental ${backupdir}", + command => "/usr/local/sbin/xtrabackup.sh --incremental ${backupdir}", user => 'root', hour => $time[0], minute => $time[1], @@ -52,4 +53,13 @@ owner => $backupdirowner, group => $backupdirgroup, } + + file { 'xtrabackup.sh': + ensure => $ensure, + path => '/usr/local/sbin/xtrabackup.sh', + mode => '0700', + owner => 'root', + group => $mysql::params::root_group, + content => template('mysql/xtrabackup.sh.erb'), + } } diff --git a/mysql/manifests/db.pp b/mysql/manifests/db.pp index 804c2acba..c74b64d58 100644 --- a/mysql/manifests/db.pp +++ b/mysql/manifests/db.pp @@ -34,7 +34,7 @@ charset => $charset, collate => $collate, provider => 'mysql', - require => [ Class['mysql::server'], Class['mysql::client'] ], + require => [ Class['mysql::client'] ], } ensure_resource('mysql_database', $dbname, $db_resource) @@ -42,7 +42,6 @@ ensure => $ensure, password_hash => mysql_password($password), provider => 'mysql', - require => Class['mysql::server'], } ensure_resource('mysql_user', "${user}@${host}", $user_resource) @@ -52,7 +51,10 @@ provider => 'mysql', user => "${user}@${host}", table => $table, - require => [Mysql_database[$dbname], Mysql_user["${user}@${host}"], Class['mysql::server'] ], + require => [ + Mysql_database[$dbname], + Mysql_user["${user}@${host}"], + ], } $refresh = ! $enforce_sql diff --git a/mysql/manifests/params.pp b/mysql/manifests/params.pp index 65c344773..261f61623 100644 --- a/mysql/manifests/params.pp +++ b/mysql/manifests/params.pp @@ -5,6 +5,7 @@ $purge_conf_dir = false $restart = false $root_password = 'UNSET' + $install_secret_file = '/.mysql_secret' $server_package_ensure = 'present' $server_package_manage = true $server_service_manage = true @@ -284,6 +285,32 @@ $daemon_dev_package_name = undef } + 'Solaris': { + $client_package_name = 'database/mysql-55/client' + $server_package_name = 'database/mysql-55' + $basedir = undef + $config_file = '/etc/mysql/5.5/my.cnf' + $datadir = '/var/mysql/5.5/data' + $log_error = "/var/mysql/5.5/data/${::hostname}.err" + $pidfile = "/var/mysql/5.5/data/${::hostname}.pid" + $root_group = 'bin' + $server_service_name = 'application/database/mysql:version_55' + $socket = '/tmp/mysql.sock' + $ssl_ca = undef + $ssl_cert = undef + $ssl_key = undef + $tmpdir = '/tmp' + # mysql::bindings + $java_package_name = undef + $perl_package_name = undef + $php_package_name = 'web/php-53/extension/php-mysql' + $python_package_name = 'library/python/python-mysql' + $ruby_package_name = undef + # The libraries installed by these packages are included in client and server packages, no installation required. + $client_dev_package_name = undef + $daemon_dev_package_name = undef + } + default: { case $::operatingsystem { 'Amazon': { diff --git a/mysql/manifests/server.pp b/mysql/manifests/server.pp index 992e8c990..2016bb1e0 100644 --- a/mysql/manifests/server.pp +++ b/mysql/manifests/server.pp @@ -3,6 +3,7 @@ $config_file = $mysql::params::config_file, $includedir = $mysql::params::includedir, $install_options = undef, + $install_secret_file = $mysql::params::install_secret_file, $manage_config_file = $mysql::params::manage_config_file, $override_options = {}, $package_ensure = $mysql::params::server_package_ensure, diff --git a/mysql/manifests/server/backup.pp b/mysql/manifests/server/backup.pp index 94e7732e5..2c98284a9 100644 --- a/mysql/manifests/server/backup.pp +++ b/mysql/manifests/server/backup.pp @@ -16,11 +16,16 @@ $include_triggers = false, $ensure = 'present', $time = ['23', '5'], + $prescript = false, $postscript = false, $execpath = '/usr/bin:/usr/sbin:/bin:/sbin', $provider = 'mysqldump', ) { + if $prescript and $provider =~ /(mysqldump|mysqlbackup)/ { + warning("The \$prescript option is not currently implemented for the ${provider} backup provider.") + } + create_resources('class', { "mysql::backup::${provider}" => { 'backupuser' => $backupuser, @@ -39,6 +44,7 @@ 'include_triggers' => $include_triggers, 'ensure' => $ensure, 'time' => $time, + 'prescript' => $prescript, 'postscript' => $postscript, 'execpath' => $execpath, } diff --git a/mysql/manifests/server/config.pp b/mysql/manifests/server/config.pp index c1ab21e9c..d6c0c8395 100644 --- a/mysql/manifests/server/config.pp +++ b/mysql/manifests/server/config.pp @@ -37,9 +37,10 @@ if $mysql::server::manage_config_file { file { 'mysql-config-file': - path => $mysql::server::config_file, - content => template('mysql/my.cnf.erb'), - mode => '0644', + path => $mysql::server::config_file, + content => template('mysql/my.cnf.erb'), + mode => '0644', + selinux_ignore_defaults => true, } } diff --git a/mysql/manifests/server/mysqltuner.pp b/mysql/manifests/server/mysqltuner.pp index 830711067..bc5fcadc0 100644 --- a/mysql/manifests/server/mysqltuner.pp +++ b/mysql/manifests/server/mysqltuner.pp @@ -14,14 +14,35 @@ } if $ensure == 'present' { - class { 'staging': } + # $::puppetversion doesn't exist in puppet 4.x so would break strict + # variables + if ! $::settings::strict_variables { + $_puppetversion = $::puppetversion + } else { + # defined only works with puppet >= 3.5.0, so don't use it unless we're + # actually using strict variables + $_puppetversion = defined('$puppetversion') ? { + true => $::puppetversion, + default => undef, + } + } + # see https://tickets.puppetlabs.com/browse/ENTERPRISE-258 + if $_puppetversion and $_puppetversion =~ /Puppet Enterprise/ and versioncmp($_puppetversion, '3.8.0') < 0 { + class { 'staging': + path => '/opt/mysql_staging', + } + } else { + class { 'staging': } + } + staging::file { "mysqltuner-${_version}": source => $_source, } file { '/usr/local/bin/mysqltuner': - ensure => $ensure, - mode => '0550', - source => "${::staging::path}/mysql/mysqltuner-${_version}", + ensure => $ensure, + mode => '0550', + source => "${::staging::path}/mysql/mysqltuner-${_version}", + require => Staging::File["mysqltuner-${_version}"], } } else { file { '/usr/local/bin/mysqltuner': diff --git a/mysql/manifests/server/root_password.pp b/mysql/manifests/server/root_password.pp index 845857056..58aaf495f 100644 --- a/mysql/manifests/server/root_password.pp +++ b/mysql/manifests/server/root_password.pp @@ -2,12 +2,28 @@ class mysql::server::root_password { $options = $mysql::server::options + $secret_file = $mysql::server::install_secret_file + + # New installations of MySQL will configure a default random password for the root user + # with an expiration. No actions can be performed until this password is changed. The + # below exec will remove this default password. If the user has supplied a root + # password it will be set further down with the mysql_user resource. + $rm_pass_cmd = join([ + "mysqladmin -u root --password=\$(grep -o '[^ ]\\+\$' ${secret_file}) password ''", + "rm -f ${secret_file}" + ], ' && ') + exec { 'remove install pass': + command => $rm_pass_cmd, + onlyif => "test -f ${secret_file}", + path => '/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin' + } # manage root password if it is set if $mysql::server::create_root_user == true and $mysql::server::root_password != 'UNSET' { mysql_user { 'root@localhost': ensure => present, password_hash => mysql_password($mysql::server::root_password), + require => Exec['remove install pass'] } } @@ -17,6 +33,11 @@ owner => 'root', mode => '0600', } + + # show_diff was added with puppet 3.0 + if versioncmp($::puppetversion, '3.0') <= 0 { + File["${::root_home}/.my.cnf"] { show_diff => false } + } if $mysql::server::create_root_user == true { Mysql_user['root@localhost'] -> File["${::root_home}/.my.cnf"] } diff --git a/mysql/manifests/server/service.pp b/mysql/manifests/server/service.pp index 4d33def68..6b9a05395 100644 --- a/mysql/manifests/server/service.pp +++ b/mysql/manifests/server/service.pp @@ -12,7 +12,7 @@ $service_ensure = undef } - if $mysql::server::override_options['mysqld'] and $mysql::server::override_options['mysqld']['user'] { + if $mysql::server::override_options and $mysql::server::override_options['mysqld'] and $mysql::server::override_options['mysqld']['user'] { $mysqluser = $mysql::server::override_options['mysqld']['user'] } else { $mysqluser = $options['mysqld']['user'] @@ -31,7 +31,14 @@ name => $mysql::server::service_name, enable => $mysql::server::real_service_enabled, provider => $mysql::server::service_provider, - require => Package['mysql-server'], + } + + # only establish ordering between service and package if + # we're managing the package. + if $mysql::server::package_manage { + Service['mysqld'] { + require => Package['mysql-server'], + } } # only establish ordering between config file and service if diff --git a/mysql/metadata.json b/mysql/metadata.json index 6573b4bc9..a077391fc 100644 --- a/mysql/metadata.json +++ b/mysql/metadata.json @@ -1,6 +1,6 @@ { "name": "puppetlabs-mysql", - "version": "3.4.0", + "version": "3.6.0", "author": "Puppet Labs", "summary": "Installs, configures, and manages the MySQL service.", "license": "Apache-2.0", @@ -43,7 +43,6 @@ { "operatingsystem": "SLES", "operatingsystemrelease": [ - "10 SP4", "11 SP1", "12" ] @@ -62,21 +61,29 @@ "12.04", "14.04" ] + }, + { + "operatingsystem": "Solaris", + "operatingsystemrelease": [ + "11.2", + "11.3", + "12.0" + ] } ], "requirements": [ { "name": "pe", - "version_requirement": "3.x" + "version_requirement": ">= 3.0.0 < 2015.3.0" }, { "name": "puppet", - "version_requirement": "3.x" + "version_requirement": ">= 3.0.0 < 5.0.0" } ], "description": "Mysql module", "dependencies": [ {"name":"puppetlabs/stdlib","version_requirement":">= 3.2.0 < 5.0.0"}, - {"name":"nanliu/staging","version_requirement":"1.x"} + {"name":"nanliu/staging","version_requirement":">= 1.0.1 < 2.0.0"} ] } diff --git a/mysql/spec/classes/mycnf_template_spec.rb b/mysql/spec/classes/mycnf_template_spec.rb index c0607fb0a..e6f3c16d4 100644 --- a/mysql/spec/classes/mycnf_template_spec.rb +++ b/mysql/spec/classes/mycnf_template_spec.rb @@ -11,7 +11,8 @@ let(:params) {{ :override_options => { 'mysqld' => { 'socket' => '/var/lib/mysql/mysql.sock' } } }} it do is_expected.to contain_file('mysql-config-file').with({ - :mode => '0644', + :mode => '0644', + :selinux_ignore_defaults => true, }).with_content(/socket = \/var\/lib\/mysql\/mysql.sock/) end end diff --git a/mysql/spec/classes/mysql_server_backup_spec.rb b/mysql/spec/classes/mysql_server_backup_spec.rb index ce88ae376..8d199432c 100644 --- a/mysql/spec/classes/mysql_server_backup_spec.rb +++ b/mysql/spec/classes/mysql_server_backup_spec.rb @@ -349,6 +349,54 @@ ) end end + + context 'with the xtrabackup provider' do + let(:params) do + default_params.merge({:provider => 'xtrabackup'}) + end + + it 'should contain the wrapper script' do + is_expected.to contain_file('xtrabackup.sh').with_content( + /^innobackupex\s+"\$@"/ + ) + end + + context 'with prescript defined' do + let(:params) do + default_params.merge({ + :provider => 'xtrabackup', + :prescript => [ + 'rsync -a /tmp backup01.local-lan:', + 'rsync -a /tmp backup02.local-lan:', + ] + }) + end + + it 'should contain the prescript' do + is_expected.to contain_file('xtrabackup.sh').with_content( + /.*rsync -a \/tmp backup01.local-lan:\n\nrsync -a \/tmp backup02.local-lan:.*/ + ) + end + end + + context 'with postscript defined' do + let(:params) do + default_params.merge({ + :provider => 'xtrabackup', + :postscript => [ + 'rsync -a /tmp backup01.local-lan:', + 'rsync -a /tmp backup02.local-lan:', + ] + }) + end + + it 'should contain the prostscript' do + is_expected.to contain_file('xtrabackup.sh').with_content( + /.*rsync -a \/tmp backup01.local-lan:\n\nrsync -a \/tmp backup02.local-lan:.*/ + ) + end + end + end end end end diff --git a/mysql/spec/classes/mysql_server_spec.rb b/mysql/spec/classes/mysql_server_spec.rb index bc36fe07d..6442d82c8 100644 --- a/mysql/spec/classes/mysql_server_spec.rb +++ b/mysql/spec/classes/mysql_server_spec.rb @@ -43,7 +43,15 @@ context 'with defaults' do it { is_expected.to contain_service('mysqld') } end - + context 'with package_manage set to true' do + let(:params) {{ :package_manage => true }} + it { is_expected.to contain_service('mysqld').that_requires('Package[mysql-server]') } + end + context 'with package_manage set to false' do + let(:params) {{ :package_manage => false }} + it { is_expected.to contain_service('mysqld') } + it { is_expected.not_to contain_service('mysqld').that_requires('Package[mysql-server]') } + end context 'service_enabled set to false' do let(:params) {{ :service_enabled => false }} @@ -61,6 +69,13 @@ context 'mysql::server::root_password' do describe 'when defaults' do + it { + is_expected.to contain_exec('remove install pass').with( + :command => 'mysqladmin -u root --password=$(grep -o \'[^ ]\\+$\' /.mysql_secret) password \'\' && rm -f /.mysql_secret', + :onlyif => 'test -f /.mysql_secret', + :path => '/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin' + ) + } it { is_expected.not_to contain_mysql_user('root@localhost') } it { is_expected.not_to contain_file('/root/.my.cnf') } end @@ -84,6 +99,15 @@ it { is_expected.not_to contain_mysql_user('root@localhost') } it { is_expected.not_to contain_file('/root/.my.cnf') } end + describe 'when install_secret_file set to /root/.mysql_secret' do + let(:params) {{ :install_secret_file => '/root/.mysql_secret' }} + it { + is_expected.to contain_exec('remove install pass').with( + :command => 'mysqladmin -u root --password=$(grep -o \'[^ ]\\+$\' /root/.mysql_secret) password \'\' && rm -f /root/.mysql_secret', + :onlyif => 'test -f /root/.mysql_secret' + ) + } + end end context 'mysql::server::providers' do diff --git a/mysql/spec/spec_helper.rb b/mysql/spec/spec_helper.rb index f3a260acb..be79afe8a 100644 --- a/mysql/spec/spec_helper.rb +++ b/mysql/spec/spec_helper.rb @@ -1,9 +1,6 @@ require 'puppetlabs_spec_helper/module_spec_helper' require 'puppet_facts' include PuppetFacts -RSpec.configure do |c| - c.formatter = :documentation -end # The default set of platforms to test again. ENV['UNIT_TEST_PLATFORMS'] = 'centos-6-x86_64 ubuntu-1404-x86_64' diff --git a/mysql/spec/spec_helper_acceptance.rb b/mysql/spec/spec_helper_acceptance.rb index b45889eb0..d23201381 100644 --- a/mysql/spec/spec_helper_acceptance.rb +++ b/mysql/spec/spec_helper_acceptance.rb @@ -25,8 +25,25 @@ end end - on host, puppet('module install puppetlabs-stdlib --version 3.2.0'), { :acceptable_exit_codes => [0,1] } - on host, puppet('module','install','stahnma/epel'), { :acceptable_exit_codes => [0,1] } + # Solaris 11 doesn't ship the SSL CA root for the forgeapi server + # therefore we need to use a different way to deploy the module to + # the host + if host['platform'] =~ /solaris-11/i + apply_manifest_on(host, 'package { "git": }') + # PE 3.x and 2015.2 require different locations to install modules + modulepath = host.puppet['modulepath'] + modulepath = modulepath.split(':').first if modulepath + + environmentpath = host.puppet['environmentpath'] + environmentpath = environmentpath.split(':').first if environmentpath + + destdir = modulepath || "#{environmentpath}/production/modules" + on host, "git clone https://github.com/puppetlabs/puppetlabs-stdlib #{destdir}/stdlib && cd #{destdir}/stdlib && git checkout 3.2.0" + on host, "git clone https://github.com/stahnma/puppet-module-epel.git #{destdir}/epel && cd #{destdir}/epel && git checkout 1.0.2" + else + on host, puppet('module','install','puppetlabs-stdlib','--version','3.2.0') + on host, puppet('module','install','stahnma/epel') + end end end end diff --git a/mysql/spec/unit/puppet/provider/mysql_user/mysql_spec.rb b/mysql/spec/unit/puppet/provider/mysql_user/mysql_spec.rb index a76ce701d..022654da9 100644 --- a/mysql/spec/unit/puppet/provider/mysql_user/mysql_spec.rb +++ b/mysql/spec/unit/puppet/provider/mysql_user/mysql_spec.rb @@ -34,6 +34,7 @@ before :each do # Set up the stubs for an instances call. Facter.stubs(:value).with(:root_home).returns('/root') + Facter.stubs(:value).with(:mysql_version).returns('5.6.24') Puppet::Util.stubs(:which).with('mysql').returns('/usr/bin/mysql') File.stubs(:file?).with('/root/.my.cnf').returns(true) provider.class.stubs(:mysql).with([defaults_file, '-NBe', "SELECT CONCAT(User, '@',Host) AS User FROM mysql.user"]).returns('joe@localhost') diff --git a/mysql/spec/unit/puppet/type/mysql_user_spec.rb b/mysql/spec/unit/puppet/type/mysql_user_spec.rb index be0a9b33a..49bd13f9c 100644 --- a/mysql/spec/unit/puppet/type/mysql_user_spec.rb +++ b/mysql/spec/unit/puppet/type/mysql_user_spec.rb @@ -2,10 +2,22 @@ require 'puppet/type/mysql_user' describe Puppet::Type.type(:mysql_user) do - it 'should fail with a long user name' do - expect { - Puppet::Type.type(:mysql_user).new({:name => '12345678901234567@localhost', :password_hash => 'pass'}) - }.to raise_error /MySQL usernames are limited to a maximum of 16 characters/ + context "On MySQL 5.x" do + let(:facts) {{ :mysql_version => '5.6.24' }} + it 'should fail with a long user name' do + expect { + Puppet::Type.type(:mysql_user).new({:name => '12345678901234567@localhost', :password_hash => 'pass'}) + }.to raise_error /MySQL usernames are limited to a maximum of 16 characters/ + end + end + + context "On MariaDB 10.0.0+" do + let(:facts) {{ :mysql_version => '10.0.19' }} + it 'should succeed with a long user name on MariaDB' do + expect { + Puppet::Type.type(:mysql_user).new({:name => '12345678901234567@localhost', :password_hash => 'pass'}) + }.to raise_error /MySQL usernames are limited to a maximum of 16 characters/ + end end it 'should require a name' do @@ -60,6 +72,7 @@ end context 'using a quoted 16 char username' do + let(:facts) {{ :mysql_version => '5.6.24' }} before :each do @user = Puppet::Type.type(:mysql_user).new(:name => '"debian-sys-maint"@localhost', :password_hash => 'pass') end @@ -70,6 +83,7 @@ end context 'using a quoted username that is too long ' do + let(:facts) {{ :mysql_version => '5.6.24' }} it 'should fail with a size error' do expect { Puppet::Type.type(:mysql_user).new(:name => '"debian-sys-maint2"@localhost', :password_hash => 'pass') diff --git a/mysql/templates/xtrabackup.sh.erb b/mysql/templates/xtrabackup.sh.erb new file mode 100644 index 000000000..14493983e --- /dev/null +++ b/mysql/templates/xtrabackup.sh.erb @@ -0,0 +1,21 @@ +<%- if @kernel == 'Linux' -%> +#!/bin/bash +<%- else -%> +#!/bin/sh +<%- end -%> +# +# A wrapper for Xtrabackup +# +<% if @prescript -%> + <%- [@prescript].flatten.compact.each do |script| %> +<%= script %> + <%- end -%> +<% end -%> + +innobackupex "$@" + +<% if @postscript -%> + <%- [@postscript].flatten.compact.each do |script| %> +<%= script %> + <%- end -%> +<% end -%> diff --git a/n1k_vsm/manifests/deploy.pp b/n1k_vsm/manifests/deploy.pp index b39afe6cb..d03d68e25 100644 --- a/n1k_vsm/manifests/deploy.pp +++ b/n1k_vsm/manifests/deploy.pp @@ -5,14 +5,31 @@ # class n1k_vsm::deploy { + require n1k_vsm + include n1k_vsm + #ensure tap interfaces and deploy the vsm $ctrltap = 'vsm-ctrl0' $mgmttap = 'vsm-mgmt0' $pkttap = 'vsm-pkt0' + # Validate and get the array of digits for the vsm_mac_base (or use default) + # Using _vmb as the name for the final string to increase readability + $tmp_mac_base = regsubst($n1k_vsm::vsm_mac_base, '[^0-9a-fA-F]+', '') + if (inline_template('<%= @tmp_mac_base.length %>') < 7) { + $vmb = split('005dc79', '') + } else { + $vmb = split($tmp_mac_base, '') + } + + # Generate MACs for VSM + $ctrlmac = "52:54:${vmb[0]}${vmb[1]}:${vmb[2]}${vmb[3]}:${vmb[4]}${vmb[5]}:${vmb[6]}1" + $mgmtmac = "52:54:${vmb[0]}${vmb[1]}:${vmb[2]}${vmb[3]}:${vmb[4]}${vmb[5]}:${vmb[6]}2" + $pktmac = "52:54:${vmb[0]}${vmb[1]}:${vmb[2]}${vmb[3]}:${vmb[4]}${vmb[5]}:${vmb[6]}3" + exec { 'Exec_create_disk': command => "/usr/bin/qemu-img create -f raw ${n1k_vsm::diskfile} ${n1k_vsm::disksize}G", - unless => "/usr/bin/virsh list --all | grep -c ${n1k_vsm::vsmname}", + creates => $n1k_vsm::diskfile, } $targetxmlfile = "/var/spool/cisco/vsm/vsm_${n1k_vsm::vsm_role}_deploy.xml" @@ -21,19 +38,49 @@ owner => 'root', group => 'root', mode => '0666', + seltype => 'virt_content_t', content => template('n1k_vsm/vsm_vm.xml.erb'), require => Exec['Exec_create_disk'], } - exec { 'Exec_Define_VSM': - command => "/usr/bin/virsh define ${targetxmlfile}", - unless => "/usr/bin/virsh list --all | grep -c ${n1k_vsm::vsmname}", - } + # Don't start VSM if this is pacemaker controlled deployment + if !($n1k_vsm::pacemaker_control) { + exec { 'Exec_Define_VSM': + command => "/usr/bin/virsh define ${targetxmlfile}", + unless => "/usr/bin/virsh list --all | grep -c ${n1k_vsm::vsmname}", + require => File['File_Target_XML_File'], + } - exec { 'Exec_Launch_VSM': - command => "/usr/bin/virsh start ${n1k_vsm::vsmname}", - unless => "/usr/bin/virsh list --all | grep ${n1k_vsm::vsmname} | grep -c running", - } + exec { 'Exec_Launch_VSM': + command => "/usr/bin/virsh start ${n1k_vsm::vsmname}", + unless => ("/usr/bin/virsh list --all | grep ${n1k_vsm::vsmname} | grep -c running"), + require => Exec['Exec_Define_VSM'], + } + } else { + # For pacemker controlled deployment, set up the secondary VSM as well + # ensure tap interfaces and deploy the vsm + $ctrltap_s = 'vsm-ctrl1' + $mgmttap_s = 'vsm-mgmt1' + $pkttap_s = 'vsm-pkt1' + # Generate MACs + $ctrlmac_s = "52:54:${vmb[0]}${vmb[1]}:${vmb[2]}${vmb[3]}:${vmb[4]}${vmb[5]}:${vmb[6]}4" + $mgmtmac_s = "52:54:${vmb[0]}${vmb[1]}:${vmb[2]}${vmb[3]}:${vmb[4]}${vmb[5]}:${vmb[6]}5" + $pktmac_s = "52:54:${vmb[0]}${vmb[1]}:${vmb[2]}${vmb[3]}:${vmb[4]}${vmb[5]}:${vmb[6]}6" - Exec['Exec_create_disk'] -> File['File_Target_XML_File'] -> Exec['Exec_Define_VSM'] -> Exec['Exec_Launch_VSM'] + exec { 'Exec_create_disk_Secondary': + command => "/usr/bin/qemu-img create -f raw ${n1k_vsm::diskfile_s} ${n1k_vsm::disksize}G", + creates => $n1k_vsm::diskfile_s, + } + + $targetxmlfile_s = "/var/spool/cisco/vsm/vsm_${n1k_vsm::vsm_role_s}_deploy.xml" + file { 'File_Target_XML_File_Secondary': + path => $targetxmlfile_s, + owner => 'root', + group => 'root', + mode => '0666', + seltype => 'virt_content_t', + content => template('n1k_vsm/vsm_vm_secondary.xml.erb'), + require => Exec['Exec_create_disk_Secondary'], + } + } } diff --git a/n1k_vsm/manifests/init.pp b/n1k_vsm/manifests/init.pp index 13307a44e..261b30c19 100644 --- a/n1k_vsm/manifests/init.pp +++ b/n1k_vsm/manifests/init.pp @@ -36,6 +36,19 @@ # [*n1kv_version*] # (required) Version of the Nexus1000v VSM # +# [*pacemaker_control*] +# (optional) Set to determine if pacemaker will control the VSM. If true will deploy both +# primary and secondary VSMs on all nodes and will not start VSM. Defaults to false and +# thus is optional unless this functionality is being used. +# +# [*existing_bridge*] +# (required) If VSM should be installed behind an existing bridge, this should be set to +# true and the bridge name should be provided in phy_if_bridge. +# +# [*vsm_mac_base*] +# (optional) If set, provides randomization for the MAC addresses for the VSM VM(s). +# Should be a (random) hexadecimal number of at least 7 digits (more is fine). +# class n1k_vsm( $n1kv_source = '', $n1kv_version = 'latest', @@ -47,6 +60,9 @@ $vsm_mgmt_ip, $vsm_mgmt_netmask, $vsm_mgmt_gateway, + $pacemaker_control = false, + $existing_bridge = false, + $vsm_mac_base = '' ) { if($::osfamily != 'Redhat') { @@ -55,6 +71,15 @@ fail("Unsupported osfamily ${::osfamily}") } + # Ensure role is set to primary for pacemaker controlled deployment + # Additionally setup the extra variables for the secondary VSM + if ($n1k_vsm::pacemaker_control) { + $vsm_role_s = 'secondary' + $vsmname_s = 'vsm-s' + $imgfile_s = "/var/spool/cisco/vsm/${vsm_role_s}_repacked.iso" + $diskfile_s = "/var/spool/cisco/vsm/${vsm_role_s}_disk" + } + if ($n1k_vsm::vsm_role == 'primary') or ($n1k_vsm::vsm_role == 'standalone') { $vsmname = 'vsm-p' $mgmtip = $vsm_mgmt_ip @@ -73,7 +98,9 @@ $disksize = 4 $imgfile = "/var/spool/cisco/vsm/${n1k_vsm::vsm_role}_repacked.iso" $diskfile = "/var/spool/cisco/vsm/${n1k_vsm::vsm_role}_disk" - $ovsbridge = 'vsm-br' + + #Set bridge name properly + $ovsbridge = 'vsm-br' #VSM installation will be done only once. Will not respond to puppet sync $_phy_if_bridge = regsubst($n1k_vsm::phy_if_bridge, '[.:-]+', '_', 'G') diff --git a/n1k_vsm/manifests/pkgprep_ovscfg.pp b/n1k_vsm/manifests/pkgprep_ovscfg.pp index 073fd985f..5705a3dc1 100644 --- a/n1k_vsm/manifests/pkgprep_ovscfg.pp +++ b/n1k_vsm/manifests/pkgprep_ovscfg.pp @@ -19,7 +19,7 @@ # VSM dependent packages installation section package { 'Package_qemu-kvm': ensure => installed, - name => 'qemu-kvm', + name => 'qemu-kvm-rhev', } package {'Package_libvirt': @@ -64,8 +64,11 @@ notify { "Debug br ${n1k_vsm::ovsbridge} intf ${n1k_vsm::phy_if_bridge} ." : withpath => true } notify { "Debug ${n1k_vsm::vsmname} ip ${n1k_vsm::phy_ip_addr} mask ${n1k_vsm::phy_ip_mask} gw_intf ${n1k_vsm::gw_intf}" : withpath => true } - # Check if we've already configured the ovs - if $n1k_vsm::gw_intf != $n1k_vsm::ovsbridge { + $_ovsbridge = regsubst($n1k_vsm::ovsbridge, '[.:-]+', '_', 'G') + $_ovsbridge_mac = inline_template("<%= scope.lookupvar('::macaddress_${_ovsbridge}') %>") + + # Check if we've already configured the vsm bridge, skip configuration if so + if ($_ovsbridge_mac == '') { # Modify Ovs bridge inteface configuation file augeas { 'Augeas_modify_ifcfg-ovsbridge': name => $n1k_vsm::ovsbridge, @@ -87,47 +90,50 @@ 'set USERCTL no', ], } - - # Modify Physical Interface config file - augeas { 'Augeas_modify_ifcfg-phy_if_bridge': - name => $n1k_vsm::phy_if_bridge, - context => "/files/etc/sysconfig/network-scripts/ifcfg-${n1k_vsm::phy_if_bridge}", - changes => [ - 'set TYPE OVSPort', - "set DEVICE ${n1k_vsm::phy_if_bridge}", - 'set DEVICETYPE ovs', - "set OVS_BRIDGE ${n1k_vsm::ovsbridge}", - 'set NM_CONTROLLED no', - 'set BOOTPROTO none', - 'set ONBOOT yes', - "set NAME ${n1k_vsm::phy_if_bridge}", - 'set DEFROUTE no', - 'set IPADDR ""', - 'rm NETMASK', - 'rm GATEWAY', - 'set USERCTL no', - ], - } - exec { 'Flap_n1kv_phy_if': - command => "/sbin/ifdown ${n1k_vsm::phy_if_bridge} && /sbin/ifup ${n1k_vsm::phy_if_bridge}", - require => augeas['Augeas_modify_ifcfg-phy_if_bridge'], - } exec { 'Flap_n1kv_bridge': command => "/sbin/ifdown ${n1k_vsm::ovsbridge} && /sbin/ifup ${n1k_vsm::ovsbridge}", - require => augeas['Augeas_modify_ifcfg-ovsbridge'], + require => Augeas['Augeas_modify_ifcfg-ovsbridge'], } - # Make sure that networking comes fine after reboot- add init file and restart networking - file { 'Create_Init_File': - replace => 'yes', - path => '/etc/init.d/n1kv', - owner => 'root', - group => 'root', - mode => '0775', - source => 'puppet:///modules/n1k_vsm/n1kv', - require => exec['Flap_n1kv_phy_if', 'Flap_n1kv_bridge'], - notify => Service['Service_network'], + + if !($n1k_vsm::existing_bridge) { + # If there isn't an existing bridge, the interface is a port, and we + # need to add it to vsm-br + # Modify Physical Interface config file + augeas { 'Augeas_modify_ifcfg-phy_if_bridge': + name => $n1k_vsm::phy_if_bridge, + context => "/files/etc/sysconfig/network-scripts/ifcfg-${n1k_vsm::phy_if_bridge}", + changes => [ + 'set TYPE OVSPort', + "set DEVICE ${n1k_vsm::phy_if_bridge}", + 'set DEVICETYPE ovs', + "set OVS_BRIDGE ${n1k_vsm::ovsbridge}", + 'set NM_CONTROLLED no', + 'set BOOTPROTO none', + 'set ONBOOT yes', + "set NAME ${n1k_vsm::phy_if_bridge}", + 'set DEFROUTE no', + 'set IPADDR ""', + 'rm NETMASK', + 'rm GATEWAY', + 'set USERCTL no', + ], + } + exec { 'Flap_n1kv_phy_if': + command => "/sbin/ifdown ${n1k_vsm::phy_if_bridge} && /sbin/ifup ${n1k_vsm::phy_if_bridge}", + require => Augeas['Augeas_modify_ifcfg-phy_if_bridge'], + } + } else { + # If there is an existing bridge- create patch ports to connect vsm-br to it + exec { 'Create_patch_port_on_existing_bridge': + command => "/bin/ovs-vsctl --may-exist add-port ${n1k_vsm::phy_if_bridge} ${n1k_vsm::phy_if_bridge}-${n1k_vsm::ovsbridge} -- set Interface ${n1k_vsm::phy_if_bridge}-${n1k_vsm::ovsbridge} type=patch options:peer=${n1k_vsm::ovsbridge}-${n1k_vsm::phy_if_bridge}", + require => Exec['Flap_n1kv_bridge'], + } + exec { 'Create_patch_port_on_vsm_bridge': + command => "/bin/ovs-vsctl --may-exist add-port ${n1k_vsm::ovsbridge} ${n1k_vsm::ovsbridge}-${n1k_vsm::phy_if_bridge} -- set Interface ${n1k_vsm::ovsbridge}-${n1k_vsm::phy_if_bridge} type=patch options:peer=${n1k_vsm::phy_if_bridge}-${n1k_vsm::ovsbridge}", + require => Exec['Flap_n1kv_bridge'], + } } - } # endif of if "${n1k_vsm::gw_intf}" != "${n1k_vsm::ovsbridge}" + } # endif of if "${n1k_vsm::gw_intf}" != "${n1k_vsm::ovsbridge}" or ($n1k_vsm::existing_bridge == 'true') } 'Ubuntu': { } diff --git a/n1k_vsm/manifests/vsmprep.pp b/n1k_vsm/manifests/vsmprep.pp index f7046662a..d356a06a3 100644 --- a/n1k_vsm/manifests/vsmprep.pp +++ b/n1k_vsm/manifests/vsmprep.pp @@ -35,12 +35,9 @@ } } else { $vsmimage_uri = 'unspec' + $vsm_path = '/opt/cisco/vsm' } -# exec { 'Prev_VSM': -# command => "/bin/rm -f /var/spool/cisco/vsm/* || /bin/true", -# } - if $vsmimage_uri == 'file' { #specify location on target-host where image file will be downloaded to. file { $vsmtgtimg: @@ -63,8 +60,9 @@ } } package {'nexus-1000v-iso': - ensure => $n1k_vsm::n1kv_version, - name => 'nexus-1000v-iso' + ensure => $n1k_vsm::n1kv_version, + name => 'nexus-1000v-iso', + provider => 'yum', } } @@ -80,8 +78,15 @@ # Now generate ovf xml file and repackage the iso exec { 'Exec_VSM_Repackage_Script': - command => "/tmp/repackiso.py -i${vsm_path}/n1000v-dk9.${n1k_vsm::n1kv_version}.iso -d${n1k_vsm::vsm_domain_id} -n${n1k_vsm::vsmname} -m${n1k_vsm::mgmtip} -s${n1k_vsm::mgmtnetmask} -g${n1k_vsm::mgmtgateway} -p${n1k_vsm::vsm_admin_passwd} -r${n1k_vsm::vsm_role} -f/var/spool/cisco/vsm/${n1k_vsm::vsm_role}_repacked.iso ", - unless => "/usr/bin/virsh list --all | grep -c ${n1k_vsm::vsmname}", + command => "/tmp/repackiso.py -i${vsm_path}/n1000v-dk9.${n1k_vsm::n1kv_version}.iso -d${n1k_vsm::vsm_domain_id} -n${n1k_vsm::vsmname} -m${n1k_vsm::mgmtip} -s${n1k_vsm::mgmtnetmask} -g${n1k_vsm::mgmtgateway} -p${n1k_vsm::vsm_admin_passwd} -r${n1k_vsm::vsm_role} -f/var/spool/cisco/vsm/${n1k_vsm::vsm_role}_repacked.iso", + creates => "/var/spool/cisco/vsm/${n1k_vsm::vsm_role}_repacked.iso", } + # If we're under pacemaker_control, create a secondary VSM iso as well + if ($n1k_vsm::pacemaker_control) { + exec { 'Exec_VSM_Repackage_Script_secondary': + command => "/tmp/repackiso.py -i${vsm_path}/n1000v-dk9.${n1k_vsm::n1kv_version}.iso -d${n1k_vsm::vsm_domain_id} -n${n1k_vsm::vsmname_s} -m${n1k_vsm::mgmtip} -s${n1k_vsm::mgmtnetmask} -g${n1k_vsm::mgmtgateway} -p${n1k_vsm::vsm_admin_passwd} -r${n1k_vsm::vsm_role_s} -f/var/spool/cisco/vsm/${n1k_vsm::vsm_role_s}_repacked.iso", + creates => "/var/spool/cisco/vsm/${n1k_vsm::vsm_role_s}_repacked.iso", + } + } } diff --git a/n1k_vsm/templates/vsm_vm.xml.erb b/n1k_vsm/templates/vsm_vm.xml.erb index 82a2a013e..7096724b6 100644 --- a/n1k_vsm/templates/vsm_vm.xml.erb +++ b/n1k_vsm/templates/vsm_vm.xml.erb @@ -41,6 +41,9 @@ + <% if scope.lookupvar('n1k_vsm::pacemaker_control') == true %> + + <% end %>
@@ -49,6 +52,9 @@ + <% if scope.lookupvar('n1k_vsm::pacemaker_control') == true %> + + <% end %>
@@ -57,6 +63,9 @@ + <% if scope.lookupvar('n1k_vsm::pacemaker_control') == true %> + + <% end %>
diff --git a/n1k_vsm/templates/vsm_vm_secondary.xml.erb b/n1k_vsm/templates/vsm_vm_secondary.xml.erb new file mode 100644 index 000000000..cbd237bfa --- /dev/null +++ b/n1k_vsm/templates/vsm_vm_secondary.xml.erb @@ -0,0 +1,92 @@ + + <%= scope.lookupvar('n1k_vsm::vsmname_s') %> + <%= scope.lookupvar('n1k_vsm::memory') %> + <%= scope.lookupvar('n1k_vsm::vcpu') %> + + + hvm + + + + + + + + destroy + restart + restart + + + /usr/libexec/qemu-kvm + + + '/> + + + + + + '/> + + + + + + +
+ + + + '/> + + + + <% if scope.lookupvar('n1k_vsm::pacemaker_control') == true %> + + <% end %> +
+ + + + '/> + + + + <% if scope.lookupvar('n1k_vsm::pacemaker_control') == true %> + + <% end %> +
+ + + + '/> + + + + <% if scope.lookupvar('n1k_vsm::pacemaker_control') == true %> + + <% end %> +
+ + + + + + + + +