Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Automatic update #193

Merged
merged 1 commit into from
Dec 17, 2014
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Automatic update
This module update commit was generated by Bade.
For more info please check https://github.com/paramite/bade

This commit is setting modules to following state:
keystone
 - old commit: e61e4c2
 - new commit: bab7304

Needed for this patch:
https://review.openstack.org/#/c/136415
imcsk8 committed Dec 12, 2014
commit 98a8f7688e83200aa6350d25d46a108467b02aa2
3 changes: 2 additions & 1 deletion Puppetfile
Original file line number Diff line number Diff line change
@@ -55,7 +55,7 @@ mod 'inifile',
:git => 'https://github.com/puppetlabs/puppetlabs-inifile.git'

mod 'keystone',
:commit => 'e61e4c2ab5c67150237e59dab25679ec739d3ebf',
:commit => 'bab7304c88a065aa3f4d3a970d82abdb65cb9169',
:git => 'https://github.com/stackforge/puppet-keystone.git'

mod 'memcached',
@@ -157,3 +157,4 @@ mod 'vswitch',
mod 'xinetd',
:commit => '6b02de8d4f30a819eb404048e4258e3a5e8023c8',
:git => 'https://github.com/puppetlabs/puppetlabs-xinetd.git'

2 changes: 1 addition & 1 deletion keystone/Modulefile
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
name 'puppetlabs-keystone'
version '4.0.0'
version '4.2.0'
source 'https://github.com/stackforge/puppet-keystone'
author 'Puppet Labs'
license 'Apache License 2.0'
16 changes: 15 additions & 1 deletion keystone/README.md
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
keystone
=======

4.0.0 - 2014.1.0 - Icehouse
4.2.0 - 2014.1.0 - Icehouse

#### Table of Contents

@@ -165,6 +165,20 @@ Contributors
Release Notes
-------------

**4.2.0**

* Added class for extended logging options
* Fixed rabbit password leaking
* Added parameters to set tenant descriptions
* Fixed keystone user authorization error handling

**4.1.0**

* Added token flushing with cron.
* Updated database api for consistency with other projects.
* Fixed admin_token with secret parameter.
* Fixed deprecated catalog driver.

**4.0.0**

* Stable Icehouse release.
2 changes: 1 addition & 1 deletion keystone/lib/puppet/provider/keystone_user/keystone.rb
Original file line number Diff line number Diff line change
@@ -88,7 +88,7 @@ def password
begin
token_out = creds_keystone(resource[:name], resource[:tenant], resource[:password], "token-get")
rescue Exception => e
return nil if e.message =~ /Not Authorized/
return nil if e.message =~ /Not Authorized/ or e.message =~ /HTTP 401/
raise e
end
return resource[:password]
126 changes: 93 additions & 33 deletions keystone/manifests/init.pp
Original file line number Diff line number Diff line change
@@ -39,8 +39,21 @@
# [memcache_servers] List of memcache servers/ports. Optional. Used with
# token_driver keystone.token.backends.memcache.Token. Defaults to false.
# [enabled] If the keystone services should be enabled. Optional. Default to true.
# [sql_connection] Url used to connect to database.
# [idle_timeout] Timeout when db connections should be reaped.
#
# [*database_connection*]
# (optional) Url used to connect to database.
# Defaults to sqlite:////var/lib/keystone/keystone.db
#
# [*sql_connection*]
# (optional) Deprecated. Use database_connection instead.
#
# [*database_idle_timeout*]
# (optional) Timeout when db connections should be reaped.
# Defaults to 200.
#
# [*idle_timeout*]
# (optional) Deprecated. Use database_idle_timeout instead.
#
# [enable_pki_setup] Enable call to pki_setup.
# [rabbit_host] Location of rabbitmq installation. Optional. Defaults to localhost.
# [rabbit_port] Port for rabbitmq instance. Optional. Defaults to 5672.
@@ -118,6 +131,22 @@
# Tested versions include 0.9 and 2.2
# Default to '0.9'
#
# [*service_name*]
# (optional) Name of the service that will be providing the
# server functionality of keystone. For example, the default
# is just 'keystone', which means keystone will be run as a
# standalone eventlet service, and will able to be managed
# separately by the operating system's service manager. For
# example, you will be able to use
# service openstack-keystone restart
# to restart the service.
# If the value is 'httpd', this means keystone will be a web
# service, and you must use another class to configure that
# web service. For example, after calling class {'keystone'...}
# use class { 'keystone::wsgi::apache'...} to make keystone be
# a web app using apache mod_wsgi.
# Defaults to 'keystone'
#
# == Dependencies
# None
#
@@ -128,6 +157,17 @@
# admin_token => 'my_special_token',
# }
#
# OR
#
# class { 'keystone':
# ...
# service_name => 'httpd',
# ...
# }
# class { 'keystone::wsgi::apache':
# ...
# }
#
# == Authors
#
# Dan Bode dan@puppetlabs.com
@@ -169,8 +209,8 @@
$cache_dir = '/var/cache/keystone',
$memcache_servers = false,
$enabled = true,
$sql_connection = 'sqlite:////var/lib/keystone/keystone.db',
$idle_timeout = '200',
$database_connection = 'sqlite:////var/lib/keystone/keystone.db',
$database_idle_timeout = '200',
$enable_pki_setup = true,
$mysql_module = '0.9',
$rabbit_host = 'localhost',
@@ -181,27 +221,36 @@
$rabbit_virtual_host = '/',
$notification_driver = false,
$notification_topics = false,
$control_exchange = false
$control_exchange = false,
$service_name = 'keystone',
# DEPRECATED PARAMETERS
$sql_connection = undef,
$idle_timeout = undef,
) {

if ! $catalog_driver {
validate_re($catalog_type, 'template|sql')
}

File['/etc/keystone/keystone.conf'] -> Keystone_config<||> ~> Service['keystone']
Keystone_config<||> ~> Exec<| title == 'keystone-manage db_sync'|>
Keystone_config<||> ~> Exec<| title == 'keystone-manage pki_setup'|>

include keystone::params
if $sql_connection {
warning('The sql_connection parameter is deprecated, use database_connection instead.')
$database_connection_real = $sql_connection
} else {
$database_connection_real = $database_connection
}

File {
ensure => present,
owner => 'keystone',
group => 'keystone',
require => Package['keystone'],
notify => Service['keystone'],
if $idle_timeout {
warning('The idle_timeout parameter is deprecated, use database_idle_timeout instead.')
$database_idle_timeout_real = $idle_timeout
} else {
$database_idle_timeout_real = $database_idle_timeout
}

File['/etc/keystone/keystone.conf'] -> Keystone_config<||> ~> Service[$service_name]
Keystone_config<||> ~> Exec<| title == 'keystone-manage db_sync'|>
Keystone_config<||> ~> Exec<| title == 'keystone-manage pki_setup'|>
include ::keystone::params

package { 'keystone':
ensure => $package_ensure,
name => $::keystone::params::package_name,
@@ -223,10 +272,19 @@
file { ['/etc/keystone', '/var/log/keystone', '/var/lib/keystone']:
ensure => directory,
mode => '0750',
owner => 'keystone',
group => 'keystone',
require => Package['keystone'],
notify => Service[$service_name],
}

file { '/etc/keystone/keystone.conf':
ensure => present,
mode => '0600',
owner => 'keystone',
group => 'keystone',
require => Package['keystone'],
notify => Service[$service_name],
}

if $bind_host {
@@ -292,19 +350,19 @@
}
}

if($sql_connection =~ /mysql:\/\/\S+:\S+@\S+\/\S+/) {
if($database_connection_real =~ /mysql:\/\/\S+:\S+@\S+\/\S+/) {
if ($mysql_module >= 2.2) {
require 'mysql::bindings'
require 'mysql::bindings::python'
} else {
require 'mysql::python'
}
} elsif($sql_connection =~ /postgresql:\/\/\S+:\S+@\S+\/\S+/) {
} elsif($database_connection_real =~ /postgresql:\/\/\S+:\S+@\S+\/\S+/) {

} elsif($sql_connection =~ /sqlite:\/\//) {
} elsif($database_connection_real =~ /sqlite:\/\//) {

} else {
fail("Invalid db connection ${sql_connection}")
fail("Invalid db connection ${database_connection_real}")
}

# memcache connection config
@@ -321,8 +379,8 @@

# db connection config
keystone_config {
'database/connection': value => $sql_connection, secret => true;
'database/idle_timeout': value => $idle_timeout;
'database/connection': value => $database_connection_real, secret => true;
'database/idle_timeout': value => $database_idle_timeout_real;
}

# configure based on the catalog backend
@@ -360,7 +418,7 @@
user => 'keystone',
refreshonly => true,
creates => '/etc/keystone/ssl/private/signing_key.pem',
notify => Service['keystone'],
notify => Service[$service_name],
subscribe => Package['keystone'],
require => User['keystone'],
}
@@ -388,7 +446,7 @@
}

keystone_config {
'DEFAULT/rabbit_password': value => $rabbit_password;
'DEFAULT/rabbit_password': value => $rabbit_password, secret => true;
'DEFAULT/rabbit_userid': value => $rabbit_userid;
'DEFAULT/rabbit_virtual_host': value => $rabbit_virtual_host;
}
@@ -409,18 +467,20 @@
$service_ensure = 'stopped'
}

service { 'keystone':
ensure => $service_ensure,
name => $::keystone::params::service_name,
enable => $enabled,
hasstatus => true,
hasrestart => true,
provider => $::keystone::params::service_provider,
if $service_name == 'keystone' {
service { 'keystone':
ensure => $service_ensure,
name => $::keystone::params::service_name,
enable => $enabled,
hasstatus => true,
hasrestart => true,
provider => $::keystone::params::service_provider,
}
}

if $enabled {
include keystone::db::sync
Class['keystone::db::sync'] ~> Service['keystone']
include ::keystone::db::sync
Class['::keystone::db::sync'] ~> Service[$service_name]
}

# Syslog configuration
208 changes: 208 additions & 0 deletions keystone/manifests/logging.pp
Original file line number Diff line number Diff line change
@@ -0,0 +1,208 @@
# Class keystone::logging
#
# keystone extended logging configuration
#
# == parameters
#
# [*logging_context_format_string*]
# (optional) Format string to use for log messages with context.
# Defaults to undef.
# Example: '%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s\
# [%(request_id)s %(user_identity)s] %(instance)s%(message)s'
#
# [*logging_default_format_string*]
# (optional) Format string to use for log messages without context.
# Defaults to undef.
# Example: '%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s\
# [-] %(instance)s%(message)s'
#
# [*logging_debug_format_suffix*]
# (optional) Formatted data to append to log format when level is DEBUG.
# Defaults to undef.
# Example: '%(funcName)s %(pathname)s:%(lineno)d'
#
# [*logging_exception_prefix*]
# (optional) Prefix each line of exception output with this format.
# Defaults to undef.
# Example: '%(asctime)s.%(msecs)03d %(process)d TRACE %(name)s %(instance)s'
#
# [*log_config_append*]
# The name of an additional logging configuration file.
# Defaults to undef.
# See https://docs.python.org/2/howto/logging.html
#
# [*default_log_levels*]
# (optional) Hash of logger (keys) and level (values) pairs.
# Defaults to undef.
# Example:
# { 'amqp' => 'WARN', 'amqplib' => 'WARN', 'boto' => 'WARN',
# 'qpid' => 'WARN', 'sqlalchemy' => 'WARN', 'suds' => 'INFO',
# 'iso8601' => 'WARN',
# 'requests.packages.urllib3.connectionpool' => 'WARN' }
#
# [*publish_errors*]
# (optional) Publish error events (boolean value).
# Defaults to undef (false if unconfigured).
#
# [*fatal_deprecations*]
# (optional) Make deprecations fatal (boolean value)
# Defaults to undef (false if unconfigured).
#
# [*instance_format*]
# (optional) If an instance is passed with the log message, format it
# like this (string value).
# Defaults to undef.
# Example: '[instance: %(uuid)s] '
#
# [*instance_uuid_format*]
# (optional) If an instance UUID is passed with the log message, format
# it like this (string value).
# Defaults to undef.
# Example: instance_uuid_format='[instance: %(uuid)s] '

# [*log_date_format*]
# (optional) Format string for %%(asctime)s in log records.
# Defaults to undef.
# Example: 'Y-%m-%d %H:%M:%S'

class keystone::logging(
$logging_context_format_string = undef,
$logging_default_format_string = undef,
$logging_debug_format_suffix = undef,
$logging_exception_prefix = undef,
$log_config_append = undef,
$default_log_levels = undef,
$publish_errors = undef,
$fatal_deprecations = undef,
$instance_format = undef,
$instance_uuid_format = undef,
$log_date_format = undef,
) {

if $logging_context_format_string {
keystone_config {
'DEFAULT/logging_context_format_string' :
value => $logging_context_format_string;
}
}
else {
keystone_config {
'DEFAULT/logging_context_format_string' : ensure => absent;
}
}

if $logging_default_format_string {
keystone_config {
'DEFAULT/logging_default_format_string' :
value => $logging_default_format_string;
}
}
else {
keystone_config {
'DEFAULT/logging_default_format_string' : ensure => absent;
}
}

if $logging_debug_format_suffix {
keystone_config {
'DEFAULT/logging_debug_format_suffix' :
value => $logging_debug_format_suffix;
}
}
else {
keystone_config {
'DEFAULT/logging_debug_format_suffix' : ensure => absent;
}
}

if $logging_exception_prefix {
keystone_config {
'DEFAULT/logging_exception_prefix' : value => $logging_exception_prefix;
}
}
else {
keystone_config {
'DEFAULT/logging_exception_prefix' : ensure => absent;
}
}

if $log_config_append {
keystone_config {
'DEFAULT/log_config_append' : value => $log_config_append;
}
}
else {
keystone_config {
'DEFAULT/log_config_append' : ensure => absent;
}
}

if $default_log_levels {
keystone_config {
'DEFAULT/default_log_levels' :
value => join(sort(join_keys_to_values($default_log_levels, '=')), ',');
}
}
else {
keystone_config {
'DEFAULT/default_log_levels' : ensure => absent;
}
}

if $publish_errors {
keystone_config {
'DEFAULT/publish_errors' : value => $publish_errors;
}
}
else {
keystone_config {
'DEFAULT/publish_errors' : ensure => absent;
}
}

if $fatal_deprecations {
keystone_config {
'DEFAULT/fatal_deprecations' : value => $fatal_deprecations;
}
}
else {
keystone_config {
'DEFAULT/fatal_deprecations' : ensure => absent;
}
}

if $instance_format {
keystone_config {
'DEFAULT/instance_format' : value => $instance_format;
}
}
else {
keystone_config {
'DEFAULT/instance_format' : ensure => absent;
}
}

if $instance_uuid_format {
keystone_config {
'DEFAULT/instance_uuid_format' : value => $instance_uuid_format;
}
}
else {
keystone_config {
'DEFAULT/instance_uuid_format' : ensure => absent;
}
}

if $log_date_format {
keystone_config {
'DEFAULT/log_date_format' : value => $log_date_format;
}
}
else {
keystone_config {
'DEFAULT/log_date_format' : ensure => absent;
}
}


}
5 changes: 4 additions & 1 deletion keystone/manifests/params.pp
Original file line number Diff line number Diff line change
@@ -15,6 +15,9 @@
$keystone_wsgi_script_source = '/usr/share/keystone/wsgi.py'
}
default: {
# NOTE: Ubuntu does not currently provide the keystone wsgi script in the
# keystone packages. When Ubuntu does provide the script, change this
# to use the correct path (which I'm assuming will be the same as Debian).
$service_provider = 'upstart'
$keystone_wsgi_script_source = 'puppet:///modules/keystone/httpd/keystone.py'
}
@@ -25,7 +28,7 @@
$service_name = 'openstack-keystone'
$keystone_wsgi_script_path = '/var/www/cgi-bin/keystone'
$service_provider = undef
$keystone_wsgi_script_source = 'puppet:///modules/keystone/httpd/keystone.py'
$keystone_wsgi_script_source = '/usr/share/keystone/keystone.wsgi'
}
}
}
14 changes: 9 additions & 5 deletions keystone/manifests/roles/admin.pp
Original file line number Diff line number Diff line change
@@ -15,6 +15,8 @@
# [password] The admin password. Required.
# [admin_tenant] The name of the tenant to be used for admin privileges. Optional. Defaults to openstack.
# [admin] Admin user. Optional. Defaults to admin.
# [admin_tenant_desc] Optional. Description for admin tenant, defaults to 'admin tenant'
# [service_tenant_desc] Optional. Description for admin tenant, defaults to 'Tenant for the openstack services'
#
# == Dependencies
# == Examples
@@ -29,20 +31,22 @@
class keystone::roles::admin(
$email,
$password,
$admin = 'admin',
$admin_tenant = 'openstack',
$service_tenant = 'services'
$admin = 'admin',
$admin_tenant = 'openstack',
$service_tenant = 'services',
$admin_tenant_desc = 'admin tenant',
$service_tenant_desc = 'Tenant for the openstack services',
) {

keystone_tenant { $service_tenant:
ensure => present,
enabled => true,
description => 'Tenant for the openstack services',
description => $service_tenant_desc,
}
keystone_tenant { $admin_tenant:
ensure => present,
enabled => true,
description => 'admin tenant',
description => $admin_tenant_desc,
}
keystone_user { $admin:
ensure => present,
71 changes: 41 additions & 30 deletions keystone/manifests/wsgi/apache.pp
Original file line number Diff line number Diff line change
@@ -93,16 +93,19 @@
$ssl_ca = undef,
$ssl_crl_path = undef,
$ssl_crl = undef,
$ssl_certs_dir = undef
$ssl_certs_dir = undef,
$threads = $::processorcount,
$priority = '10',
) {

include keystone::params
include ::keystone::params
include ::apache
include ::apache::mod::wsgi
include keystone::db::sync
if $ssl {
include ::apache::mod::ssl
}

Exec <| title == 'keystone-manage pki_setup' |> ~> Service['httpd']
Exec <| title == 'keystone-manage db_sync' |> ~> Service['httpd']
Package['keystone'] -> Package['httpd']
Package['keystone'] ~> Service['httpd']
Keystone_config <| |> ~> Service['httpd']
Service['httpd'] -> Keystone_endpoint <| |>
@@ -137,7 +140,8 @@
owner => 'keystone',
group => 'keystone',
mode => '0644',
require => File[$::keystone::params::keystone_wsgi_script_path],
# source file provided by keystone package
require => [File[$::keystone::params::keystone_wsgi_script_path], Package['keystone']],
}

file { 'keystone_wsgi_main':
@@ -147,14 +151,15 @@
owner => 'keystone',
group => 'keystone',
mode => '0644',
require => File[$::keystone::params::keystone_wsgi_script_path],
# source file provided by keystone package
require => [File[$::keystone::params::keystone_wsgi_script_path], Package['keystone']],
}

$wsgi_daemon_process_options = {
user => 'keystone',
group => 'keystone',
processes => $workers,
threads => '1'
threads => $threads,
}
$wsgi_script_aliases_main = hash([$public_path_real,"${::keystone::params::keystone_wsgi_script_path}/main"])
$wsgi_script_aliases_admin = hash([$admin_path_real, "${::keystone::params::keystone_wsgi_script_path}/admin"])
@@ -165,13 +170,15 @@
$wsgi_script_aliases_main_real = $wsgi_script_aliases_main
}

apache::vhost { 'keystone_wsgi_main':
::apache::vhost { 'keystone_wsgi_main':
ensure => 'present',
servername => $servername,
ip => $bind_host,
port => $public_port,
docroot => $::keystone::params::keystone_wsgi_script_path,
docroot_owner => 'keystone',
docroot_group => 'keystone',
priority => $priority,
ssl => $ssl,
ssl_cert => $ssl_cert,
ssl_key => $ssl_key,
@@ -180,32 +187,36 @@
ssl_crl_path => $ssl_crl_path,
ssl_crl => $ssl_crl,
ssl_certs_dir => $ssl_certs_dir,
wsgi_daemon_process => 'keystone',
wsgi_daemon_process => 'keystone_main',
wsgi_daemon_process_options => $wsgi_daemon_process_options,
wsgi_process_group => 'keystone',
wsgi_process_group => 'keystone_main',
wsgi_script_aliases => $wsgi_script_aliases_main_real,
require => [Class['apache::mod::wsgi'], File['keystone_wsgi_main']],
require => File['keystone_wsgi_main'],
}

if $public_port != $admin_port {
apache::vhost { 'keystone_wsgi_admin':
servername => $servername,
ip => $bind_host,
port => $admin_port,
docroot => $::keystone::params::keystone_wsgi_script_path,
docroot_owner => 'keystone',
docroot_group => 'keystone',
ssl => $ssl,
ssl_cert => $ssl_cert,
ssl_key => $ssl_key,
ssl_chain => $ssl_chain,
ssl_ca => $ssl_ca,
ssl_crl_path => $ssl_crl_path,
ssl_crl => $ssl_crl,
ssl_certs_dir => $ssl_certs_dir,
wsgi_process_group => 'keystone',
wsgi_script_aliases => $wsgi_script_aliases_admin,
require => [Class['apache::mod::wsgi'], File['keystone_wsgi_admin']],
::apache::vhost { 'keystone_wsgi_admin':
ensure => 'present',
servername => $servername,
ip => $bind_host,
port => $admin_port,
docroot => $::keystone::params::keystone_wsgi_script_path,
docroot_owner => 'keystone',
docroot_group => 'keystone',
priority => $priority,
ssl => $ssl,
ssl_cert => $ssl_cert,
ssl_key => $ssl_key,
ssl_chain => $ssl_chain,
ssl_ca => $ssl_ca,
ssl_crl_path => $ssl_crl_path,
ssl_crl => $ssl_crl,
ssl_certs_dir => $ssl_certs_dir,
wsgi_daemon_process => 'keystone_admin',
wsgi_daemon_process_options => $wsgi_daemon_process_options,
wsgi_process_group => 'keystone_admin',
wsgi_script_aliases => $wsgi_script_aliases_admin,
require => File['keystone_wsgi_admin'],
}
}
}
107 changes: 107 additions & 0 deletions keystone/spec/classes/keystone_logging_spec.rb
Original file line number Diff line number Diff line change
@@ -0,0 +1,107 @@
require 'spec_helper'

describe 'keystone::logging' do

let :params do
{
}
end

let :log_params do
{
:logging_context_format_string => '%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s',
:logging_default_format_string => '%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s',
:logging_debug_format_suffix => '%(funcName)s %(pathname)s:%(lineno)d',
:logging_exception_prefix => '%(asctime)s.%(msecs)03d %(process)d TRACE %(name)s %(instance)s',
:log_config_append => '/etc/keystone/logging.conf',
:publish_errors => true,
:default_log_levels => {
'amqp' => 'WARN', 'amqplib' => 'WARN', 'boto' => 'WARN',
'qpid' => 'WARN', 'sqlalchemy' => 'WARN', 'suds' => 'INFO',
'iso8601' => 'WARN',
'requests.packages.urllib3.connectionpool' => 'WARN' },
:fatal_deprecations => true,
:instance_format => '[instance: %(uuid)s] ',
:instance_uuid_format => '[instance: %(uuid)s] ',
:log_date_format => '%Y-%m-%d %H:%M:%S',
}
end

shared_examples_for 'keystone-logging' do

context 'with extended logging options' do
before { params.merge!( log_params ) }
it_configures 'logging params set'
end

context 'without extended logging options' do
it_configures 'logging params unset'
end

end

shared_examples_for 'logging params set' do
it 'enables logging params' do
should contain_keystone_config('DEFAULT/logging_context_format_string').with_value(
'%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s')

should contain_keystone_config('DEFAULT/logging_default_format_string').with_value(
'%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s')

should contain_keystone_config('DEFAULT/logging_debug_format_suffix').with_value(
'%(funcName)s %(pathname)s:%(lineno)d')

should contain_keystone_config('DEFAULT/logging_exception_prefix').with_value(
'%(asctime)s.%(msecs)03d %(process)d TRACE %(name)s %(instance)s')

should contain_keystone_config('DEFAULT/log_config_append').with_value(
'/etc/keystone/logging.conf')
should contain_keystone_config('DEFAULT/publish_errors').with_value(
true)

should contain_keystone_config('DEFAULT/default_log_levels').with_value(
'amqp=WARN,amqplib=WARN,boto=WARN,iso8601=WARN,qpid=WARN,requests.packages.urllib3.connectionpool=WARN,sqlalchemy=WARN,suds=INFO')

should contain_keystone_config('DEFAULT/fatal_deprecations').with_value(
true)

should contain_keystone_config('DEFAULT/instance_format').with_value(
'[instance: %(uuid)s] ')

should contain_keystone_config('DEFAULT/instance_uuid_format').with_value(
'[instance: %(uuid)s] ')

should contain_keystone_config('DEFAULT/log_date_format').with_value(
'%Y-%m-%d %H:%M:%S')
end
end


shared_examples_for 'logging params unset' do
[ :logging_context_format_string, :logging_default_format_string,
:logging_debug_format_suffix, :logging_exception_prefix,
:log_config_append, :publish_errors,
:default_log_levels, :fatal_deprecations,
:instance_format, :instance_uuid_format,
:log_date_format, ].each { |param|
it { should contain_keystone_config("DEFAULT/#{param}").with_ensure('absent') }
}
end

context 'on Debian platforms' do
let :facts do
{ :osfamily => 'Debian' }
end

it_configures 'keystone-logging'
end

context 'on RedHat platforms' do
let :facts do
{ :osfamily => 'RedHat' }
end

it_configures 'keystone-logging'
end

end
16 changes: 9 additions & 7 deletions keystone/spec/classes/keystone_roles_admin_spec.rb
Original file line number Diff line number Diff line change
@@ -42,23 +42,25 @@

let :params do
{
:admin => 'admin',
:email => 'foo@baz',
:password => 'foo',
:admin_tenant => 'admin',
:service_tenant => 'foobar'
:admin => 'admin',
:email => 'foo@baz',
:password => 'foo',
:admin_tenant => 'admin',
:service_tenant => 'foobar',
:admin_tenant_desc => 'admin something else',
:service_tenant_desc => 'foobar description',
}
end

it { should contain_keystone_tenant('foobar').with(
:ensure => 'present',
:enabled => true,
:description => 'Tenant for the openstack services'
:description => 'foobar description'
)}
it { should contain_keystone_tenant('admin').with(
:ensure => 'present',
:enabled => true,
:description => 'admin tenant'
:description => 'admin something else'
)}
it { should contain_keystone_user('admin').with(
:ensure => 'present',
329 changes: 193 additions & 136 deletions keystone/spec/classes/keystone_spec.rb
Original file line number Diff line number Diff line change
@@ -2,109 +2,182 @@

describe 'keystone' do

let :global_facts do
{
:processorcount => 42,
:concat_basedir => '/var/lib/puppet/concat',
:fqdn => 'some.host.tld'
}
end

let :facts do
{:osfamily => 'Debian'}
global_facts.merge({
:osfamily => 'Debian',
:operatingsystem => 'Debian',
:operatingsystemrelease => '7.0'
})
end

let :default_params do
{
'package_ensure' => 'present',
'public_bind_host' => '0.0.0.0',
'admin_bind_host' => '0.0.0.0',
'public_port' => '5000',
'admin_port' => '35357',
'admin_token' => 'service_token',
'compute_port' => '8774',
'verbose' => false,
'debug' => false,
'catalog_type' => 'sql',
'catalog_driver' => false,
'token_provider' => 'keystone.token.providers.pki.Provider',
'token_driver' => 'keystone.token.backends.sql.Token',
'cache_dir' => '/var/cache/keystone',
'enable_ssl' => false,
'ssl_certfile' => '/etc/keystone/ssl/certs/keystone.pem',
'ssl_keyfile' => '/etc/keystone/ssl/private/keystonekey.pem',
'ssl_ca_certs' => '/etc/keystone/ssl/certs/ca.pem',
'ssl_ca_key' => '/etc/keystone/ssl/private/cakey.pem',
'ssl_cert_subject' => '/C=US/ST=Unset/L=Unset/O=Unset/CN=localhost',
'enabled' => true,
'sql_connection' => 'sqlite:////var/lib/keystone/keystone.db',
'idle_timeout' => '200',
'mysql_module' => '0.9',
'rabbit_host' => 'localhost',
'rabbit_password' => 'guest',
'rabbit_userid' => 'guest',
default_params = {
'admin_token' => 'service_token',
'package_ensure' => 'present',
'public_bind_host' => '0.0.0.0',
'admin_bind_host' => '0.0.0.0',
'public_port' => '5000',
'admin_port' => '35357',
'admin_token' => 'service_token',
'compute_port' => '8774',
'verbose' => false,
'debug' => false,
'catalog_type' => 'sql',
'catalog_driver' => false,
'token_provider' => 'keystone.token.providers.pki.Provider',
'token_driver' => 'keystone.token.backends.sql.Token',
'cache_dir' => '/var/cache/keystone',
'enable_ssl' => false,
'ssl_certfile' => '/etc/keystone/ssl/certs/keystone.pem',
'ssl_keyfile' => '/etc/keystone/ssl/private/keystonekey.pem',
'ssl_ca_certs' => '/etc/keystone/ssl/certs/ca.pem',
'ssl_ca_key' => '/etc/keystone/ssl/private/cakey.pem',
'ssl_cert_subject' => '/C=US/ST=Unset/L=Unset/O=Unset/CN=localhost',
'enabled' => true,
'database_connection' => 'sqlite:////var/lib/keystone/keystone.db',
'database_idle_timeout' => '200',
'mysql_module' => '0.9',
'rabbit_host' => 'localhost',
'rabbit_password' => 'guest',
'rabbit_userid' => 'guest',
}
end

[{'admin_token' => 'service_token'},
{
'package_ensure' => 'latest',
'public_bind_host' => '0.0.0.0',
'admin_bind_host' => '0.0.0.0',
'public_port' => '5001',
'admin_port' => '35358',
'admin_token' => 'service_token_override',
'compute_port' => '8778',
'verbose' => true,
'debug' => true,
'catalog_type' => 'template',
'token_provider' => 'keystone.token.providers.uuid.Provider',
'token_driver' => 'keystone.token.backends.kvs.Token',
'public_endpoint' => 'https://localhost:5000/v2.0/',
'admin_endpoint' => 'https://localhost:35357/v2.0/',
'enable_ssl' => true,
'ssl_certfile' => '/etc/keystone/ssl/certs/keystone.pem',
'ssl_keyfile' => '/etc/keystone/ssl/private/keystonekey.pem',
'ssl_ca_certs' => '/etc/keystone/ssl/certs/ca.pem',
'ssl_ca_key' => '/etc/keystone/ssl/private/cakey.pem',
'ssl_cert_subject' => '/C=US/ST=Unset/L=Unset/O=Unset/CN=localhost',
'enabled' => false,
'sql_connection' => 'mysql://a:b@c/d',
'idle_timeout' => '300',
'rabbit_host' => '127.0.0.1',
'rabbit_password' => 'openstack',
'rabbit_userid' => 'admin',
override_params = {
'package_ensure' => 'latest',
'public_bind_host' => '0.0.0.0',
'admin_bind_host' => '0.0.0.0',
'public_port' => '5001',
'admin_port' => '35358',
'admin_token' => 'service_token_override',
'compute_port' => '8778',
'verbose' => true,
'debug' => true,
'catalog_type' => 'template',
'token_provider' => 'keystone.token.providers.uuid.Provider',
'token_driver' => 'keystone.token.backends.kvs.Token',
'public_endpoint' => 'https://localhost:5000/v2.0/',
'admin_endpoint' => 'https://localhost:35357/v2.0/',
'enable_ssl' => true,
'ssl_certfile' => '/etc/keystone/ssl/certs/keystone.pem',
'ssl_keyfile' => '/etc/keystone/ssl/private/keystonekey.pem',
'ssl_ca_certs' => '/etc/keystone/ssl/certs/ca.pem',
'ssl_ca_key' => '/etc/keystone/ssl/private/cakey.pem',
'ssl_cert_subject' => '/C=US/ST=Unset/L=Unset/O=Unset/CN=localhost',
'enabled' => false,
'database_connection' => 'mysql://a:b@c/d',
'database_idle_timeout' => '300',
'rabbit_host' => '127.0.0.1',
'rabbit_password' => 'openstack',
'rabbit_userid' => 'admin',
}
].each do |param_set|

describe "when #{param_set == {} ? "using default" : "specifying"} class parameters" do
let :param_hash do
default_params.merge(param_set)
httpd_params = {'service_name' => 'httpd'}.merge(default_params)

shared_examples_for 'core keystone examples' do |param_hash|
it { should contain_class('keystone::params') }

it { should contain_package('keystone').with(
'ensure' => param_hash['package_ensure']
) }

it { should contain_group('keystone').with(
'ensure' => 'present',
'system' => true
) }

it { should contain_user('keystone').with(
'ensure' => 'present',
'gid' => 'keystone',
'system' => true
) }

it 'should contain the expected directories' do
['/etc/keystone', '/var/log/keystone', '/var/lib/keystone'].each do |d|
should contain_file(d).with(
'ensure' => 'directory',
'owner' => 'keystone',
'group' => 'keystone',
'mode' => '0750',
'require' => 'Package[keystone]'
)
end
end

let :params do
param_set
it 'should only synchronize the db if $enabled is true' do
if param_hash['enabled']
should contain_exec('keystone-manage db_sync').with(
:user => 'keystone',
:refreshonly => true,
:subscribe => ['Package[keystone]', 'Keystone_config[database/connection]'],
:require => 'User[keystone]'
)
end
end

it { should contain_class('keystone::params') }
it 'should contain correct config' do
[
'public_bind_host',
'admin_bind_host',
'public_port',
'admin_port',
'compute_port',
'verbose',
'debug'
].each do |config|
should contain_keystone_config("DEFAULT/#{config}").with_value(param_hash[config])
end
end

it { should contain_package('keystone').with(
'ensure' => param_hash['package_ensure']
) }
it 'should contain correct admin_token config' do
should contain_keystone_config('DEFAULT/admin_token').with_value(param_hash['admin_token']).with_secret(true)
end

it { should contain_group('keystone').with(
'ensure' => 'present',
'system' => true
) }
it { should contain_user('keystone').with(
'ensure' => 'present',
'gid' => 'keystone',
'system' => true
) }
it 'should contain correct mysql config' do
should contain_keystone_config('database/idle_timeout').with_value(param_hash['database_idle_timeout'])
should contain_keystone_config('database/connection').with_value(param_hash['database_connection']).with_secret(true)
end

it 'should contain the expected directories' do
['/etc/keystone', '/var/log/keystone', '/var/lib/keystone'].each do |d|
should contain_file(d).with(
'ensure' => 'directory',
'owner' => 'keystone',
'group' => 'keystone',
'mode' => '0750',
'require' => 'Package[keystone]'
)
end
it { should contain_keystone_config('token/provider').with_value(
param_hash['token_provider']
) }

it 'should contain correct token driver' do
should contain_keystone_config('token/driver').with_value(param_hash['token_driver'])
end

it 'should ensure proper setting of admin_endpoint and public_endpoint' do
if param_hash['admin_endpoint']
should contain_keystone_config('DEFAULT/admin_endpoint').with_value(param_hash['admin_endpoint'])
else
should contain_keystone_config('DEFAULT/admin_endpoint').with_ensure('absent')
end
if param_hash['public_endpoint']
should contain_keystone_config('DEFAULT/public_endpoint').with_value(param_hash['public_endpoint'])
else
should contain_keystone_config('DEFAULT/public_endpoint').with_ensure('absent')
end
end

it 'should contain correct rabbit_password' do
should contain_keystone_config('DEFAULT/rabbit_password').with_value(param_hash['rabbit_password']).with_secret(true)
end
end

[default_params, override_params].each do |param_hash|
describe "when #{param_hash == default_params ? "using default" : "specifying"} class parameters for service" do

let :params do
param_hash
end

it_configures 'core keystone examples', param_hash

it { should contain_service('keystone').with(
'ensure' => param_hash['enabled'] ? 'running' : 'stopped',
@@ -113,61 +186,44 @@
'hasrestart' => true
) }

it 'should only migrate the db if $enabled is true' do
if param_hash['enabled']
should contain_exec('keystone-manage db_sync').with(
:user => 'keystone',
:refreshonly => true,
:subscribe => ['Package[keystone]', 'Keystone_config[database/connection]'],
:require => 'User[keystone]'
)
end
end
end
end

it 'should contain correct config' do
[
'public_bind_host',
'admin_bind_host',
'public_port',
'admin_port',
'compute_port',
'verbose',
'debug'
].each do |config|
should contain_keystone_config("DEFAULT/#{config}").with_value(param_hash[config])
end
end
describe "when using default class parameters for httpd" do
let :params do
httpd_params
end

it 'should contain correct admin_token config' do
should contain_keystone_config('DEFAULT/admin_token').with_value(param_hash['admin_token']).with_secret(true)
end
let :pre_condition do
'include ::apache'
end

it 'should contain correct mysql config' do
should contain_keystone_config('database/idle_timeout').with_value(param_hash['idle_timeout'])
should contain_keystone_config('database/connection').with_value(param_hash['sql_connection']).with_secret(true)
end
it_configures 'core keystone examples', httpd_params

it { should contain_keystone_config('token/provider').with_value(
param_hash['token_provider']
) }
it do
expect {
should contain_service('keystone')
}.to raise_error(RSpec::Expectations::ExpectationNotMetError, /expected that the catalogue would contain Service\[keystone\]/)
end

it 'should contain correct token driver' do
should contain_keystone_config('token/driver').with_value(param_hash['token_driver'])
end
end

it 'should ensure proper setting of admin_endpoint and public_endpoint' do
if param_hash['admin_endpoint']
should contain_keystone_config('DEFAULT/admin_endpoint').with_value(param_hash['admin_endpoint'])
else
should contain_keystone_config('DEFAULT/admin_endpoint').with_ensure('absent')
end
if param_hash['public_endpoint']
should contain_keystone_config('DEFAULT/public_endpoint').with_value(param_hash['public_endpoint'])
else
should contain_keystone_config('DEFAULT/public_endpoint').with_ensure('absent')
end
end
describe 'with deprecated sql_connection parameter' do
let :params do
{ :admin_token => 'service_token',
:sql_connection => 'mysql://a:b@c/d' }
end

it { should contain_keystone_config('database/connection').with_value(params[:sql_connection]) }
end

describe 'with deprecated idle_timeout parameter' do
let :params do
{ :admin_token => 'service_token',
:idle_timeout => 365 }
end

it { should contain_keystone_config('database/idle_timeout').with_value(params[:idle_timeout]) }
end

describe 'when configuring signing token provider' do
@@ -493,4 +549,5 @@
it { should contain_keystone_config('catalog/driver').with_value('keystone.catalog.backends.templated.Catalog') }
it { should contain_keystone_config('catalog/template_file').with_value('/some/template_file') }
end

end
58 changes: 24 additions & 34 deletions keystone/spec/classes/keystone_wsgi_apache_spec.rb
Original file line number Diff line number Diff line change
@@ -11,8 +11,9 @@
end

let :pre_condition do
'include apache
class { keystone: admin_token => "dummy" }'
[
'class { keystone: admin_token => "dummy", service_name => "httpd", enable_ssl => true }'
]
end

shared_examples_for 'apache serving keystone with mod_wsgi' do
@@ -38,7 +39,7 @@ class { keystone: admin_token => "dummy" }'
'owner' => 'keystone',
'group' => 'keystone',
'mode' => '0644',
'require' => "File[#{platform_parameters[:wsgi_script_path]}]"
'require' => ["File[#{platform_parameters[:wsgi_script_path]}]", "Package[keystone]"]
)}

it { should contain_file('keystone_wsgi_main').with(
@@ -48,7 +49,7 @@ class { keystone: admin_token => "dummy" }'
'owner' => 'keystone',
'group' => 'keystone',
'mode' => '0644',
'require' => "File[#{platform_parameters[:wsgi_script_path]}]"
'require' => ["File[#{platform_parameters[:wsgi_script_path]}]", "Package[keystone]"]
)}

it { should contain_apache__vhost('keystone_wsgi_admin').with(
@@ -59,9 +60,10 @@ class { keystone: admin_token => "dummy" }'
'docroot_owner' => 'keystone',
'docroot_group' => 'keystone',
'ssl' => 'true',
'wsgi_process_group' => 'keystone',
'wsgi_daemon_process' => 'keystone_admin',
'wsgi_process_group' => 'keystone_admin',
'wsgi_script_aliases' => { '/' => "#{platform_parameters[:wsgi_script_path]}/admin" },
'require' => ['Class[Apache::Mod::Wsgi]', 'File[keystone_wsgi_admin]']
'require' => 'File[keystone_wsgi_admin]'
)}

it { should contain_apache__vhost('keystone_wsgi_main').with(
@@ -72,16 +74,11 @@ class { keystone: admin_token => "dummy" }'
'docroot_owner' => 'keystone',
'docroot_group' => 'keystone',
'ssl' => 'true',
'wsgi_daemon_process' => 'keystone',
'wsgi_process_group' => 'keystone',
'wsgi_daemon_process' => 'keystone_main',
'wsgi_process_group' => 'keystone_main',
'wsgi_script_aliases' => { '/' => "#{platform_parameters[:wsgi_script_path]}/main" },
'require' => ['Class[Apache::Mod::Wsgi]', 'File[keystone_wsgi_main]']
'require' => 'File[keystone_wsgi_main]'
)}
it "should set keystone wsgi options" do
contain_file('25-keystone_wsgi_main.conf').with_content(
/^ WSGIDaemonProcess keystone group=keystone processes=1 threads=1 user=keystone$/
)
end
end

describe 'when overriding parameters using different ports' do
@@ -104,9 +101,10 @@ class { keystone: admin_token => "dummy" }'
'docroot_owner' => 'keystone',
'docroot_group' => 'keystone',
'ssl' => 'false',
'wsgi_process_group' => 'keystone',
'wsgi_daemon_process' => 'keystone_admin',
'wsgi_process_group' => 'keystone_admin',
'wsgi_script_aliases' => { '/' => "#{platform_parameters[:wsgi_script_path]}/admin" },
'require' => ['Class[Apache::Mod::Wsgi]', 'File[keystone_wsgi_admin]']
'require' => 'File[keystone_wsgi_admin]'
)}

it { should contain_apache__vhost('keystone_wsgi_main').with(
@@ -117,16 +115,11 @@ class { keystone: admin_token => "dummy" }'
'docroot_owner' => 'keystone',
'docroot_group' => 'keystone',
'ssl' => 'false',
'wsgi_daemon_process' => 'keystone',
'wsgi_process_group' => 'keystone',
'wsgi_daemon_process' => 'keystone_main',
'wsgi_process_group' => 'keystone_main',
'wsgi_script_aliases' => { '/' => "#{platform_parameters[:wsgi_script_path]}/main" },
'require' => ['Class[Apache::Mod::Wsgi]', 'File[keystone_wsgi_main]']
'require' => 'File[keystone_wsgi_main]'
)}
it "should set keystone wsgi options" do
contain_file('25-keystone_wsgi_main.conf').with_content(
/^ WSGIDaemonProcess keystone group=keystone processes=37 threads=1 user=keystone$/
)
end
end

describe 'when overriding parameters using same port' do
@@ -152,19 +145,14 @@ class { keystone: admin_token => "dummy" }'
'docroot_owner' => 'keystone',
'docroot_group' => 'keystone',
'ssl' => 'true',
'wsgi_daemon_process' => 'keystone',
'wsgi_process_group' => 'keystone',
'wsgi_daemon_process' => 'keystone_main',
'wsgi_process_group' => 'keystone_main',
'wsgi_script_aliases' => {
'/main/endpoint' => "#{platform_parameters[:wsgi_script_path]}/main",
'/admin/endpoint' => "#{platform_parameters[:wsgi_script_path]}/admin"
},
'require' => ['Class[Apache::Mod::Wsgi]', 'File[keystone_wsgi_main]']
},
'require' => 'File[keystone_wsgi_main]'
)}
it "should set keystone wsgi options" do
contain_file('25-keystone_wsgi_main.conf').with_content(
/^ WSGIDaemonProcess keystone group=keystone processes=37 threads=1 user=keystone$/
)
end
end

describe 'when overriding parameters using same port and same path' do
@@ -195,8 +183,9 @@ class { keystone: admin_token => "dummy" }'
let :platform_parameters do
{
:httpd_service_name => 'httpd',
:httpd_ports_file => '/etc/httpd/conf/ports.conf',
:wsgi_script_path => '/var/www/cgi-bin/keystone',
:wsgi_script_source => 'puppet:///modules/keystone/httpd/keystone.py'
:wsgi_script_source => '/usr/share/keystone/keystone.wsgi'
}
end

@@ -215,6 +204,7 @@ class { keystone: admin_token => "dummy" }'
let :platform_parameters do
{
:httpd_service_name => 'apache2',
:httpd_ports_file => '/etc/apache2/ports.conf',
:wsgi_script_path => '/usr/lib/cgi-bin/keystone',
:wsgi_script_source => '/usr/share/keystone/wsgi.py'
}