From 879f87270a8fbc861d55b8e31388c2c97028711a Mon Sep 17 00:00:00 2001 From: Rich Megginson Date: Thu, 17 Jul 2014 16:22:34 -0600 Subject: [PATCH] setup keystone using apache mod_wsgi Allow keystone to be set up to use apache mod_wsgi as the server instead of a standalone eventlet service. There is a new keystone class parameter: service_name. The default is 'keystone', which will set up the standalone eventlet service. If 'httpd' is used, the keystone class will skip creating the keystone service, which also means no 'openstack-keystone' service. The class 'keystone::wsgi::apache' is then used to configure apache mod_wsgi to serve keystone. Had to remove the File resource default in the keystone class. When using wsgi::apache, the apache class and other classes are included. Since puppet uses dynamic scoping, this overrides the file resources in those classes as well. keystone now explicitly sets all of the parameters in files/directory resources. Change-Id: Ib05ac81381e169845b44b2ef7cb810a4d5db17de Closes-Bug: #1348728 --- manifests/init.pp | 118 +++++++----- manifests/params.pp | 5 +- manifests/wsgi/apache.pp | 71 ++++--- spec/classes/keystone_spec.rb | 217 +++++++++++++--------- spec/classes/keystone_wsgi_apache_spec.rb | 100 ++++++---- 5 files changed, 313 insertions(+), 198 deletions(-) diff --git a/manifests/init.pp b/manifests/init.pp index e4353af35..a24e5f1ea 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -195,6 +195,23 @@ # custom service provider for changing start/stop/status behavior of service, # and set it here. # +# [*service_name*] +# (optional) Name of the service that will be providing the +# server functionality of keystone. For example, the default +# is just 'keystone', which means keystone will be run as a +# standalone eventlet service, and will able to be managed +# separately by the operating system's service manager. For +# example, you will be able to use +# service openstack-keystone restart +# to restart the service. +# If the value is 'httpd', this means keystone will be a web +# service, and you must use another class to configure that +# web service. For example, after calling class {'keystone'...} +# use class { 'keystone::wsgi::apache'...} to make keystone be +# a web app using apache mod_wsgi. +# Defaults to 'keystone' +# NOTE: validate_service only applies if the value is 'keystone' +# # == Dependencies # None # @@ -205,6 +222,17 @@ # admin_token => 'my_special_token', # } # +# OR +# +# class { 'keystone': +# ... +# service_name => 'httpd', +# ... +# } +# class { 'keystone::wsgi::apache': +# ... +# } +# # == Authors # # Dan Bode dan@puppetlabs.com @@ -272,6 +300,7 @@ $validate_auth_url = false, $validate_cacert = undef, $service_provider = $::keystone::params::service_provider, + $service_name = 'keystone', # DEPRECATED PARAMETERS $mysql_module = undef, $sql_connection = undef, @@ -308,12 +337,6 @@ warning('Version string /v2.0/ should not be included in keystone::public_endpoint') } - File['/etc/keystone/keystone.conf'] -> Keystone_config<||> ~> Service['keystone'] - Keystone_config<||> ~> Exec<| title == 'keystone-manage db_sync'|> - Keystone_config<||> ~> Exec<| title == 'keystone-manage pki_setup'|> - - include keystone::params - if $rabbit_use_ssl { if !$kombu_ssl_ca_certs { fail('The kombu_ssl_ca_certs parameter is required when rabbit_use_ssl is set to true') @@ -326,13 +349,10 @@ } } - File { - ensure => present, - owner => 'keystone', - group => 'keystone', - require => Package['keystone'], - notify => Service['keystone'], - } + File['/etc/keystone/keystone.conf'] -> Keystone_config<||> ~> Service[$service_name] + Keystone_config<||> ~> Exec<| title == 'keystone-manage db_sync'|> + Keystone_config<||> ~> Exec<| title == 'keystone-manage pki_setup'|> + include ::keystone::params package { 'keystone': ensure => $package_ensure, @@ -355,10 +375,19 @@ file { ['/etc/keystone', '/var/log/keystone', '/var/lib/keystone']: ensure => directory, mode => '0750', + owner => 'keystone', + group => 'keystone', + require => Package['keystone'], + notify => Service[$service_name], } file { '/etc/keystone/keystone.conf': + ensure => present, mode => '0600', + owner => 'keystone', + group => 'keystone', + require => Package['keystone'], + notify => Service[$service_name], } if $bind_host { @@ -505,7 +534,7 @@ user => 'keystone', refreshonly => true, creates => $signing_keyfile, - notify => Service['keystone'], + notify => Service[$service_name], subscribe => Package['keystone'], require => User['keystone'], } @@ -574,42 +603,43 @@ $service_ensure = 'stopped' } - if $validate_service { + if $service_name == 'keystone' { + if $validate_service { + if $validate_auth_url { + $v_auth_url = $validate_auth_url + } else { + $v_auth_url = $admin_endpoint + } - if $validate_auth_url { - $v_auth_url = $validate_auth_url + class { 'keystone::service': + ensure => $service_ensure, + service_name => $::keystone::params::service_name, + enable => $enabled, + hasstatus => true, + hasrestart => true, + provider => $service_provider, + validate => true, + admin_endpoint => $v_auth_url, + admin_token => $admin_token, + insecure => $validate_insecure, + cacert => $validate_cacert, + } } else { - $v_auth_url = $admin_endpoint - } - - class { 'keystone::service': - ensure => $service_ensure, - service_name => $::keystone::params::service_name, - enable => $enabled, - hasstatus => true, - hasrestart => true, - provider => $service_provider, - validate => true, - admin_endpoint => $v_auth_url, - admin_token => $admin_token, - insecure => $validate_insecure, - cacert => $validate_cacert, - } - } else { - class { 'keystone::service': - ensure => $service_ensure, - service_name => $::keystone::params::service_name, - enable => $enabled, - hasstatus => true, - hasrestart => true, - provider => $service_provider, - validate => false, + class { 'keystone::service': + ensure => $service_ensure, + service_name => $::keystone::params::service_name, + enable => $enabled, + hasstatus => true, + hasrestart => true, + provider => $service_provider, + validate => false, + } } } if $enabled { - include keystone::db::sync - Class['keystone::db::sync'] ~> Service['keystone'] + include ::keystone::db::sync + Class['::keystone::db::sync'] ~> Service[$service_name] } # Syslog configuration diff --git a/manifests/params.pp b/manifests/params.pp index 4b8fe8762..f3f0f4d26 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -16,6 +16,9 @@ $keystone_wsgi_script_source = '/usr/share/keystone/wsgi.py' } default: { + # NOTE: Ubuntu does not currently provide the keystone wsgi script in the + # keystone packages. When Ubuntu does provide the script, change this + # to use the correct path (which I'm assuming will be the same as Debian). $service_provider = 'upstart' $keystone_wsgi_script_source = 'puppet:///modules/keystone/httpd/keystone.py' } @@ -27,7 +30,7 @@ $keystone_wsgi_script_path = '/var/www/cgi-bin/keystone' $python_memcache_package_name = 'python-memcached' $service_provider = undef - $keystone_wsgi_script_source = 'puppet:///modules/keystone/httpd/keystone.py' + $keystone_wsgi_script_source = '/usr/share/keystone/keystone.wsgi' } } } diff --git a/manifests/wsgi/apache.pp b/manifests/wsgi/apache.pp index 967b9d540..b2a3b10c3 100644 --- a/manifests/wsgi/apache.pp +++ b/manifests/wsgi/apache.pp @@ -93,16 +93,19 @@ $ssl_ca = undef, $ssl_crl_path = undef, $ssl_crl = undef, - $ssl_certs_dir = undef + $ssl_certs_dir = undef, + $threads = $::processorcount, + $priority = '10', ) { - include keystone::params + include ::keystone::params include ::apache include ::apache::mod::wsgi - include keystone::db::sync + if $ssl { + include ::apache::mod::ssl + } - Exec <| title == 'keystone-manage pki_setup' |> ~> Service['httpd'] - Exec <| title == 'keystone-manage db_sync' |> ~> Service['httpd'] + Package['keystone'] -> Package['httpd'] Package['keystone'] ~> Service['httpd'] Keystone_config <| |> ~> Service['httpd'] Service['httpd'] -> Keystone_endpoint <| |> @@ -137,7 +140,8 @@ owner => 'keystone', group => 'keystone', mode => '0644', - require => File[$::keystone::params::keystone_wsgi_script_path], + # source file provided by keystone package + require => [File[$::keystone::params::keystone_wsgi_script_path], Package['keystone']], } file { 'keystone_wsgi_main': @@ -147,14 +151,15 @@ owner => 'keystone', group => 'keystone', mode => '0644', - require => File[$::keystone::params::keystone_wsgi_script_path], + # source file provided by keystone package + require => [File[$::keystone::params::keystone_wsgi_script_path], Package['keystone']], } $wsgi_daemon_process_options = { user => 'keystone', group => 'keystone', processes => $workers, - threads => '1' + threads => $threads, } $wsgi_script_aliases_main = hash([$public_path_real,"${::keystone::params::keystone_wsgi_script_path}/main"]) $wsgi_script_aliases_admin = hash([$admin_path_real, "${::keystone::params::keystone_wsgi_script_path}/admin"]) @@ -165,13 +170,15 @@ $wsgi_script_aliases_main_real = $wsgi_script_aliases_main } - apache::vhost { 'keystone_wsgi_main': + ::apache::vhost { 'keystone_wsgi_main': + ensure => 'present', servername => $servername, ip => $bind_host, port => $public_port, docroot => $::keystone::params::keystone_wsgi_script_path, docroot_owner => 'keystone', docroot_group => 'keystone', + priority => $priority, ssl => $ssl, ssl_cert => $ssl_cert, ssl_key => $ssl_key, @@ -180,32 +187,36 @@ ssl_crl_path => $ssl_crl_path, ssl_crl => $ssl_crl, ssl_certs_dir => $ssl_certs_dir, - wsgi_daemon_process => 'keystone', + wsgi_daemon_process => 'keystone_main', wsgi_daemon_process_options => $wsgi_daemon_process_options, - wsgi_process_group => 'keystone', + wsgi_process_group => 'keystone_main', wsgi_script_aliases => $wsgi_script_aliases_main_real, - require => [Class['apache::mod::wsgi'], File['keystone_wsgi_main']], + require => File['keystone_wsgi_main'], } if $public_port != $admin_port { - apache::vhost { 'keystone_wsgi_admin': - servername => $servername, - ip => $bind_host, - port => $admin_port, - docroot => $::keystone::params::keystone_wsgi_script_path, - docroot_owner => 'keystone', - docroot_group => 'keystone', - ssl => $ssl, - ssl_cert => $ssl_cert, - ssl_key => $ssl_key, - ssl_chain => $ssl_chain, - ssl_ca => $ssl_ca, - ssl_crl_path => $ssl_crl_path, - ssl_crl => $ssl_crl, - ssl_certs_dir => $ssl_certs_dir, - wsgi_process_group => 'keystone', - wsgi_script_aliases => $wsgi_script_aliases_admin, - require => [Class['apache::mod::wsgi'], File['keystone_wsgi_admin']], + ::apache::vhost { 'keystone_wsgi_admin': + ensure => 'present', + servername => $servername, + ip => $bind_host, + port => $admin_port, + docroot => $::keystone::params::keystone_wsgi_script_path, + docroot_owner => 'keystone', + docroot_group => 'keystone', + priority => $priority, + ssl => $ssl, + ssl_cert => $ssl_cert, + ssl_key => $ssl_key, + ssl_chain => $ssl_chain, + ssl_ca => $ssl_ca, + ssl_crl_path => $ssl_crl_path, + ssl_crl => $ssl_crl, + ssl_certs_dir => $ssl_certs_dir, + wsgi_daemon_process => 'keystone_admin', + wsgi_daemon_process_options => $wsgi_daemon_process_options, + wsgi_process_group => 'keystone_admin', + wsgi_script_aliases => $wsgi_script_aliases_admin, + require => File['keystone_wsgi_admin'], } } } diff --git a/spec/classes/keystone_spec.rb b/spec/classes/keystone_spec.rb index 847d8ac44..c2e97b74e 100644 --- a/spec/classes/keystone_spec.rb +++ b/spec/classes/keystone_spec.rb @@ -2,12 +2,24 @@ describe 'keystone' do + let :global_facts do + { + :processorcount => 42, + :concat_basedir => '/var/lib/puppet/concat', + :fqdn => 'some.host.tld' + } + end + let :facts do - {:osfamily => 'Debian'} + global_facts.merge({ + :osfamily => 'Debian', + :operatingsystem => 'Debian', + :operatingsystemrelease => '7.0' + }) end - let :default_params do - { + default_params = { + 'admin_token' => 'service_token', 'package_ensure' => 'present', 'public_bind_host' => '0.0.0.0', 'admin_bind_host' => '0.0.0.0', @@ -40,10 +52,8 @@ 'rabbit_password' => 'guest', 'rabbit_userid' => 'guest', } - end - [{'admin_token' => 'service_token'}, - { + override_params = { 'package_ensure' => 'latest', 'public_bind_host' => '0.0.0.0', 'admin_bind_host' => '0.0.0.0', @@ -76,44 +86,107 @@ 'rabbit_password' => 'openstack', 'rabbit_userid' => 'admin', } - ].each do |param_set| - describe "when #{param_set == {} ? "using default" : "specifying"} class parameters" do - let :param_hash do - default_params.merge(param_set) + httpd_params = {'service_name' => 'httpd'}.merge(default_params) + + shared_examples_for 'core keystone examples' do |param_hash| + it { should contain_class('keystone::params') } + + it { should contain_package('keystone').with( + 'ensure' => param_hash['package_ensure'] + ) } + + it { should contain_group('keystone').with( + 'ensure' => 'present', + 'system' => true + ) } + + it { should contain_user('keystone').with( + 'ensure' => 'present', + 'gid' => 'keystone', + 'system' => true + ) } + + it 'should contain the expected directories' do + ['/etc/keystone', '/var/log/keystone', '/var/lib/keystone'].each do |d| + should contain_file(d).with( + 'ensure' => 'directory', + 'owner' => 'keystone', + 'group' => 'keystone', + 'mode' => '0750', + 'require' => 'Package[keystone]' + ) + end + end + + it 'should only synchronize the db if $enabled is true' do + if param_hash['enabled'] + should contain_exec('keystone-manage db_sync').with( + :user => 'keystone', + :refreshonly => true, + :subscribe => ['Package[keystone]', 'Keystone_config[database/connection]'], + :require => 'User[keystone]' + ) end + end - let :params do - param_set + it 'should contain correct config' do + [ + 'public_bind_host', + 'admin_bind_host', + 'public_port', + 'admin_port', + 'compute_port', + 'verbose', + 'debug' + ].each do |config| + should contain_keystone_config("DEFAULT/#{config}").with_value(param_hash[config]) end + end - it { should contain_class('keystone::params') } + it 'should contain correct admin_token config' do + should contain_keystone_config('DEFAULT/admin_token').with_value(param_hash['admin_token']).with_secret(true) + end - it { should contain_package('keystone').with( - 'ensure' => param_hash['package_ensure'] - ) } + it 'should contain correct mysql config' do + should contain_keystone_config('database/idle_timeout').with_value(param_hash['database_idle_timeout']) + should contain_keystone_config('database/connection').with_value(param_hash['database_connection']).with_secret(true) + end - it { should contain_group('keystone').with( - 'ensure' => 'present', - 'system' => true - ) } - it { should contain_user('keystone').with( - 'ensure' => 'present', - 'gid' => 'keystone', - 'system' => true - ) } + it { should contain_keystone_config('token/provider').with_value( + param_hash['token_provider'] + ) } - it 'should contain the expected directories' do - ['/etc/keystone', '/var/log/keystone', '/var/lib/keystone'].each do |d| - should contain_file(d).with( - 'ensure' => 'directory', - 'owner' => 'keystone', - 'group' => 'keystone', - 'mode' => '0750', - 'require' => 'Package[keystone]' - ) - end + it 'should contain correct token driver' do + should contain_keystone_config('token/driver').with_value(param_hash['token_driver']) + end + + it 'should ensure proper setting of admin_endpoint and public_endpoint' do + if param_hash['admin_endpoint'] + should contain_keystone_config('DEFAULT/admin_endpoint').with_value(param_hash['admin_endpoint']) + else + should contain_keystone_config('DEFAULT/admin_endpoint').with_ensure('absent') end + if param_hash['public_endpoint'] + should contain_keystone_config('DEFAULT/public_endpoint').with_value(param_hash['public_endpoint']) + else + should contain_keystone_config('DEFAULT/public_endpoint').with_ensure('absent') + end + end + + it 'should contain correct rabbit_password' do + should contain_keystone_config('DEFAULT/rabbit_password').with_value(param_hash['rabbit_password']).with_secret(true) + end + end + + [default_params, override_params].each do |param_hash| + describe "when #{param_hash == default_params ? "using default" : "specifying"} class parameters for service" do + + let :params do + param_hash + end + + it_configures 'core keystone examples', param_hash it { should contain_service('keystone').with( 'ensure' => param_hash['enabled'] ? 'running' : 'stopped', @@ -122,65 +195,26 @@ 'hasrestart' => true ) } - it 'should only migrate the db if $enabled is true' do - if param_hash['enabled'] - should contain_exec('keystone-manage db_sync').with( - :user => 'keystone', - :refreshonly => true, - :subscribe => ['Package[keystone]', 'Keystone_config[database/connection]'], - :require => 'User[keystone]' - ) - end - end - - it 'should contain correct config' do - [ - 'public_bind_host', - 'admin_bind_host', - 'public_port', - 'admin_port', - 'compute_port', - 'verbose', - 'debug' - ].each do |config| - should contain_keystone_config("DEFAULT/#{config}").with_value(param_hash[config]) - end - end - - it 'should contain correct admin_token config' do - should contain_keystone_config('DEFAULT/admin_token').with_value(param_hash['admin_token']).with_secret(true) - end - - it 'should contain correct mysql config' do - should contain_keystone_config('database/idle_timeout').with_value(param_hash['database_idle_timeout']) - should contain_keystone_config('database/connection').with_value(param_hash['database_connection']).with_secret(true) - end + end + end - it { should contain_keystone_config('token/provider').with_value( - param_hash['token_provider'] - ) } + describe "when using default class parameters for httpd" do + let :params do + httpd_params + end - it 'should contain correct token driver' do - should contain_keystone_config('token/driver').with_value(param_hash['token_driver']) - end + let :pre_condition do + 'include ::apache' + end - it 'should ensure proper setting of admin_endpoint and public_endpoint' do - if param_hash['admin_endpoint'] - should contain_keystone_config('DEFAULT/admin_endpoint').with_value(param_hash['admin_endpoint']) - else - should contain_keystone_config('DEFAULT/admin_endpoint').with_ensure('absent') - end - if param_hash['public_endpoint'] - should contain_keystone_config('DEFAULT/public_endpoint').with_value(param_hash['public_endpoint']) - else - should contain_keystone_config('DEFAULT/public_endpoint').with_ensure('absent') - end - end + it_configures 'core keystone examples', httpd_params - it 'should contain correct rabbit_password' do - should contain_keystone_config('DEFAULT/rabbit_password').with_value(param_hash['rabbit_password']).with_secret(true) - end + it do + expect { + should contain_service('keystone') + }.to raise_error(RSpec::Expectations::ExpectationNotMetError, /expected that the catalogue would contain Service\[keystone\]/) end + end describe 'with deprecated sql_connection parameter' do @@ -719,7 +753,10 @@ describe 'setting service_provider' do let :facts do - {:osfamily => 'RedHat'} + global_facts.merge({ + :osfamily => 'RedHat', + :operatingsystemrelease => '6.0' + }) end describe 'with default service_provider' do diff --git a/spec/classes/keystone_wsgi_apache_spec.rb b/spec/classes/keystone_wsgi_apache_spec.rb index 9deaaa038..5745d6b85 100644 --- a/spec/classes/keystone_wsgi_apache_spec.rb +++ b/spec/classes/keystone_wsgi_apache_spec.rb @@ -11,8 +11,30 @@ end let :pre_condition do - 'include apache - class { keystone: admin_token => "dummy" }' + [ + 'class { keystone: admin_token => "dummy", service_name => "httpd", enable_ssl => true }' + ] + end + + # concat::fragment { "${name}-wsgi": + # $filename = regsubst($name, ' ', '_', 'G') + # target => "${priority_real}-${filename}.conf", + # $safe_name = regsubst($name, '[/:\n]', '_', 'GM') + # $safe_target_name = regsubst($target, '[/:\n]', '_', 'GM') + # $concatdir = $concat::setup::concatdir + # $fragdir = "${concatdir}/${safe_target_name}" + # file { "${fragdir}/fragments/${order}_${safe_name}": + def get_concat_name(base_name) +# pp subject.resources + priority = 10 + order = 250 + base_dir = facts[:concat_basedir] + safe_name = base_name.gsub(/[\/:\n]/m, '_') + '-wsgi' + target = "#{priority}-#{base_name}.conf" + safe_target_name = target.gsub(/[\/:\n]/m, '_') + frag_dir = "#{base_dir}/#{safe_target_name}" + full_name = "#{frag_dir}/fragments/#{order}_#{safe_name}" + return full_name end shared_examples_for 'apache serving keystone with mod_wsgi' do @@ -38,7 +60,7 @@ class { keystone: admin_token => "dummy" }' 'owner' => 'keystone', 'group' => 'keystone', 'mode' => '0644', - 'require' => "File[#{platform_parameters[:wsgi_script_path]}]" + 'require' => ["File[#{platform_parameters[:wsgi_script_path]}]", "Package[keystone]"] )} it { should contain_file('keystone_wsgi_main').with( @@ -48,7 +70,7 @@ class { keystone: admin_token => "dummy" }' 'owner' => 'keystone', 'group' => 'keystone', 'mode' => '0644', - 'require' => "File[#{platform_parameters[:wsgi_script_path]}]" + 'require' => ["File[#{platform_parameters[:wsgi_script_path]}]", "Package[keystone]"] )} it { should contain_apache__vhost('keystone_wsgi_admin').with( @@ -59,9 +81,10 @@ class { keystone: admin_token => "dummy" }' 'docroot_owner' => 'keystone', 'docroot_group' => 'keystone', 'ssl' => 'true', - 'wsgi_process_group' => 'keystone', + 'wsgi_daemon_process' => 'keystone_admin', + 'wsgi_process_group' => 'keystone_admin', 'wsgi_script_aliases' => { '/' => "#{platform_parameters[:wsgi_script_path]}/admin" }, - 'require' => ['Class[Apache::Mod::Wsgi]', 'File[keystone_wsgi_admin]'] + 'require' => 'File[keystone_wsgi_admin]' )} it { should contain_apache__vhost('keystone_wsgi_main').with( @@ -72,16 +95,18 @@ class { keystone: admin_token => "dummy" }' 'docroot_owner' => 'keystone', 'docroot_group' => 'keystone', 'ssl' => 'true', - 'wsgi_daemon_process' => 'keystone', - 'wsgi_process_group' => 'keystone', + 'wsgi_daemon_process' => 'keystone_main', + 'wsgi_process_group' => 'keystone_main', 'wsgi_script_aliases' => { '/' => "#{platform_parameters[:wsgi_script_path]}/main" }, - 'require' => ['Class[Apache::Mod::Wsgi]', 'File[keystone_wsgi_main]'] + 'require' => 'File[keystone_wsgi_main]' )} - it "should set keystone wsgi options" do - contain_file('25-keystone_wsgi_main.conf').with_content( - /^ WSGIDaemonProcess keystone group=keystone processes=1 threads=1 user=keystone$/ - ) - end + it { should contain_file(get_concat_name('keystone_wsgi_main')).with_content( + /^ WSGIDaemonProcess keystone_main group=keystone processes=1 threads=#{facts[:processorcount]} user=keystone$/ + )} + it { should contain_file(get_concat_name('keystone_wsgi_admin')).with_content( + /^ WSGIDaemonProcess keystone_admin group=keystone processes=1 threads=#{facts[:processorcount]} user=keystone$/ + )} + it { should contain_file("#{platform_parameters[:httpd_ports_file]}") } end describe 'when overriding parameters using different ports' do @@ -104,9 +129,10 @@ class { keystone: admin_token => "dummy" }' 'docroot_owner' => 'keystone', 'docroot_group' => 'keystone', 'ssl' => 'false', - 'wsgi_process_group' => 'keystone', + 'wsgi_daemon_process' => 'keystone_admin', + 'wsgi_process_group' => 'keystone_admin', 'wsgi_script_aliases' => { '/' => "#{platform_parameters[:wsgi_script_path]}/admin" }, - 'require' => ['Class[Apache::Mod::Wsgi]', 'File[keystone_wsgi_admin]'] + 'require' => 'File[keystone_wsgi_admin]' )} it { should contain_apache__vhost('keystone_wsgi_main').with( @@ -117,16 +143,18 @@ class { keystone: admin_token => "dummy" }' 'docroot_owner' => 'keystone', 'docroot_group' => 'keystone', 'ssl' => 'false', - 'wsgi_daemon_process' => 'keystone', - 'wsgi_process_group' => 'keystone', + 'wsgi_daemon_process' => 'keystone_main', + 'wsgi_process_group' => 'keystone_main', 'wsgi_script_aliases' => { '/' => "#{platform_parameters[:wsgi_script_path]}/main" }, - 'require' => ['Class[Apache::Mod::Wsgi]', 'File[keystone_wsgi_main]'] + 'require' => 'File[keystone_wsgi_main]' )} - it "should set keystone wsgi options" do - contain_file('25-keystone_wsgi_main.conf').with_content( - /^ WSGIDaemonProcess keystone group=keystone processes=37 threads=1 user=keystone$/ - ) - end + it { should contain_file(get_concat_name('keystone_wsgi_main')).with_content( + /^ WSGIDaemonProcess keystone_main group=keystone processes=#{params[:workers]} threads=#{facts[:processorcount]} user=keystone$/ + )} + it { should contain_file(get_concat_name('keystone_wsgi_admin')).with_content( + /^ WSGIDaemonProcess keystone_admin group=keystone processes=#{params[:workers]} threads=#{facts[:processorcount]} user=keystone$/ + )} + it { should contain_file("#{platform_parameters[:httpd_ports_file]}") } end describe 'when overriding parameters using same port' do @@ -152,18 +180,22 @@ class { keystone: admin_token => "dummy" }' 'docroot_owner' => 'keystone', 'docroot_group' => 'keystone', 'ssl' => 'true', - 'wsgi_daemon_process' => 'keystone', - 'wsgi_process_group' => 'keystone', + 'wsgi_daemon_process' => 'keystone_main', + 'wsgi_process_group' => 'keystone_main', 'wsgi_script_aliases' => { '/main/endpoint' => "#{platform_parameters[:wsgi_script_path]}/main", '/admin/endpoint' => "#{platform_parameters[:wsgi_script_path]}/admin" - }, - 'require' => ['Class[Apache::Mod::Wsgi]', 'File[keystone_wsgi_main]'] + }, + 'require' => 'File[keystone_wsgi_main]' + )} + it { should contain_file(get_concat_name('keystone_wsgi_main')).with_content( + /^ WSGIDaemonProcess keystone_main group=keystone processes=#{params[:workers]} threads=#{facts[:processorcount]} user=keystone$/ )} - it "should set keystone wsgi options" do - contain_file('25-keystone_wsgi_main.conf').with_content( - /^ WSGIDaemonProcess keystone group=keystone processes=37 threads=1 user=keystone$/ - ) + it do + expect_file = get_concat_name('keystone_wsgi_admin') + expect { + should contain_file(expect_file) + }.to raise_error(RSpec::Expectations::ExpectationNotMetError, /expected that the catalogue would contain File\[#{expect_file}\]/) end end @@ -195,8 +227,9 @@ class { keystone: admin_token => "dummy" }' let :platform_parameters do { :httpd_service_name => 'httpd', + :httpd_ports_file => '/etc/httpd/conf/ports.conf', :wsgi_script_path => '/var/www/cgi-bin/keystone', - :wsgi_script_source => 'puppet:///modules/keystone/httpd/keystone.py' + :wsgi_script_source => '/usr/share/keystone/keystone.wsgi' } end @@ -215,6 +248,7 @@ class { keystone: admin_token => "dummy" }' let :platform_parameters do { :httpd_service_name => 'apache2', + :httpd_ports_file => '/etc/apache2/ports.conf', :wsgi_script_path => '/usr/lib/cgi-bin/keystone', :wsgi_script_source => '/usr/share/keystone/wsgi.py' }