summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorCédric Jeanneret <cedric.jeanneret@camptocamp.com>2017-10-19 08:32:09 +0200
committerCédric Jeanneret <cedric.jeanneret@camptocamp.com>2017-11-13 12:03:28 +0000
commit8eafd014a8c01826d50c12444271973aace8961b (patch)
treec9a7182b76a06f1ca485487bd3e53c933f12f83c
parentf2b1ec7ee9c70563ed682c314910c8fd4c6871aa (diff)
Create dedicated "apache" base profile
This profile has multiple purposes: - group common httpd configurations/instructions - correct a small issue with the "status" mod Until now, only Horizon was specifically including this mode, and as httpd wasn't listening on localhost, it wasn't in use at all. With this commit, all API using apache will be able to provide the httpd server status on 127.0.0.1/server-status. Change-Id: If6d64f807c244d7e56852a67ac7dbad26c4c002f Closes-Bug: 1724751 (cherry picked from commit 0933bc5fd896ac2474872bb1b4b217ad8f430885)
-rw-r--r--manifests/profile/base/aodh/api.pp2
-rw-r--r--manifests/profile/base/apache.pp43
-rw-r--r--manifests/profile/base/barbican/api.pp2
-rw-r--r--manifests/profile/base/ceilometer/api.pp2
-rw-r--r--manifests/profile/base/cinder/api.pp2
-rw-r--r--manifests/profile/base/gnocchi/api.pp2
-rw-r--r--manifests/profile/base/heat/api.pp2
-rw-r--r--manifests/profile/base/heat/api_cfn.pp2
-rw-r--r--manifests/profile/base/heat/api_cloudwatch.pp2
-rw-r--r--manifests/profile/base/horizon.pp3
-rw-r--r--manifests/profile/base/ironic/api.pp2
-rw-r--r--manifests/profile/base/keystone.pp2
-rw-r--r--manifests/profile/base/mistral/api.pp2
-rw-r--r--manifests/profile/base/nova/api.pp2
-rw-r--r--manifests/profile/base/nova/placement.pp2
-rw-r--r--manifests/profile/base/panko/api.pp2
-rw-r--r--manifests/profile/base/zaqar.pp2
-rw-r--r--spec/classes/tripleo_profile_base_apache_spec.rb73
18 files changed, 133 insertions, 16 deletions
diff --git a/manifests/profile/base/aodh/api.pp b/manifests/profile/base/aodh/api.pp
index d6ec32b..354490a 100644
--- a/manifests/profile/base/aodh/api.pp
+++ b/manifests/profile/base/aodh/api.pp
@@ -78,7 +78,7 @@ class tripleo::profile::base::aodh::api (
if $step >= 4 or ( $step >= 3 and $is_bootstrap ) {
include ::aodh::api
- include ::apache::mod::ssl
+ include ::tripleo::profile::base::apache
class { '::aodh::wsgi::apache':
ssl_cert => $tls_certfile,
ssl_key => $tls_keyfile,
diff --git a/manifests/profile/base/apache.pp b/manifests/profile/base/apache.pp
new file mode 100644
index 0000000..b3ae1ff
--- /dev/null
+++ b/manifests/profile/base/apache.pp
@@ -0,0 +1,43 @@
+# Copyright 2017 Camptocamp SA.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# == Class tripleo::profile::base::apache
+#
+# Common apache modules and configurationfor API listeners
+#
+# === Parameters
+#
+# [*enable_status_listener*]
+# Enable or not the localhost listener in httpd.
+# Accepted values: Boolean.
+# Default to false.
+#
+# [*status_listener*]
+# Where should apache listen for status page
+# Default to 127.0.0.1:80
+
+
+class tripleo::profile::base::apache(
+ Boolean $enable_status_listener = false,
+ String $status_listener = '127.0.0.1:80',
+) {
+ include ::apache::mod::status
+ include ::apache::mod::ssl
+
+ if $enable_status_listener {
+ if !defined(Apache::Listen[$status_listener]) {
+ ::apache::listen {$status_listener: }
+ }
+ }
+}
diff --git a/manifests/profile/base/barbican/api.pp b/manifests/profile/base/barbican/api.pp
index 48bf4b8..788bb5c 100644
--- a/manifests/profile/base/barbican/api.pp
+++ b/manifests/profile/base/barbican/api.pp
@@ -154,7 +154,7 @@ class tripleo::profile::base::barbican::api (
include ::barbican::api::logging
include ::barbican::keystone::notification
include ::barbican::quota
- include ::apache::mod::ssl
+ include ::tripleo::profile::base::apache
class { '::barbican::wsgi::apache':
ssl_cert => $tls_certfile,
ssl_key => $tls_keyfile,
diff --git a/manifests/profile/base/ceilometer/api.pp b/manifests/profile/base/ceilometer/api.pp
index 11c1da3..cd20507 100644
--- a/manifests/profile/base/ceilometer/api.pp
+++ b/manifests/profile/base/ceilometer/api.pp
@@ -76,7 +76,7 @@ class tripleo::profile::base::ceilometer::api (
if $step >= 4 or ( $step >= 3 and $is_bootstrap ) {
include ::ceilometer::api
- include ::apache::mod::ssl
+ include ::tripleo::profile::base::apache
class { '::ceilometer::wsgi::apache':
ssl_cert => $tls_certfile,
ssl_key => $tls_keyfile,
diff --git a/manifests/profile/base/cinder/api.pp b/manifests/profile/base/cinder/api.pp
index 892e4ed..5461a40 100644
--- a/manifests/profile/base/cinder/api.pp
+++ b/manifests/profile/base/cinder/api.pp
@@ -85,7 +85,7 @@ class tripleo::profile::base::cinder::api (
class { '::cinder::api':
keymgr_api_class => $keymgr_api_class,
}
- include ::apache::mod::ssl
+ include ::tripleo::profile::base::apache
class { '::cinder::wsgi::apache':
ssl_cert => $tls_certfile,
ssl_key => $tls_keyfile,
diff --git a/manifests/profile/base/gnocchi/api.pp b/manifests/profile/base/gnocchi/api.pp
index c958359..fdd0517 100644
--- a/manifests/profile/base/gnocchi/api.pp
+++ b/manifests/profile/base/gnocchi/api.pp
@@ -97,7 +97,7 @@ class tripleo::profile::base::gnocchi::api (
if $step >= 4 or ($step >= 3 and $sync_db) {
include ::gnocchi::api
- include ::apache::mod::ssl
+ include ::tripleo::profile::base::apache
class { '::gnocchi::wsgi::apache':
ssl_cert => $tls_certfile,
ssl_key => $tls_keyfile,
diff --git a/manifests/profile/base/heat/api.pp b/manifests/profile/base/heat/api.pp
index 2221b37..46435bf 100644
--- a/manifests/profile/base/heat/api.pp
+++ b/manifests/profile/base/heat/api.pp
@@ -76,7 +76,7 @@ class tripleo::profile::base::heat::api (
if $step >= 4 or ( $step >= 3 and $is_bootstrap ) {
include ::heat::api
- include ::apache::mod::ssl
+ include ::tripleo::profile::base::apache
class { '::heat::wsgi::apache_api':
ssl_cert => $tls_certfile,
ssl_key => $tls_keyfile,
diff --git a/manifests/profile/base/heat/api_cfn.pp b/manifests/profile/base/heat/api_cfn.pp
index 1014b04..a2f3287 100644
--- a/manifests/profile/base/heat/api_cfn.pp
+++ b/manifests/profile/base/heat/api_cfn.pp
@@ -77,7 +77,7 @@ class tripleo::profile::base::heat::api_cfn (
if $step >= 4 or ( $step >= 3 and $is_bootstrap ) {
include ::heat::api_cfn
- include ::apache::mod::ssl
+ include ::tripleo::profile::base::apache
class { '::heat::wsgi::apache_api_cfn':
ssl_cert => $tls_certfile,
ssl_key => $tls_keyfile,
diff --git a/manifests/profile/base/heat/api_cloudwatch.pp b/manifests/profile/base/heat/api_cloudwatch.pp
index 4caac9d..7e39028 100644
--- a/manifests/profile/base/heat/api_cloudwatch.pp
+++ b/manifests/profile/base/heat/api_cloudwatch.pp
@@ -77,7 +77,7 @@ class tripleo::profile::base::heat::api_cloudwatch (
if $step >= 4 or ( $step >= 3 and $is_bootstrap ) {
include ::heat::api_cloudwatch
- include ::apache::mod::ssl
+ include ::tripleo::profile::base::apache
class { '::heat::wsgi::apache_api_cloudwatch':
ssl_cert => $tls_certfile,
ssl_key => $tls_keyfile,
diff --git a/manifests/profile/base/horizon.pp b/manifests/profile/base/horizon.pp
index 9441329..157d0c0 100644
--- a/manifests/profile/base/horizon.pp
+++ b/manifests/profile/base/horizon.pp
@@ -85,7 +85,8 @@ class tripleo::profile::base::horizon (
if $step >= 4 or ( $step >= 3 and $is_bootstrap ) {
# Horizon
include ::apache::mod::remoteip
- include ::apache::mod::status
+ include ::tripleo::profile::base::apache
+
if 'cisco_n1kv' in hiera('neutron::plugins::ml2::mechanism_drivers', undef) {
$_profile_support = 'cisco'
} else {
diff --git a/manifests/profile/base/ironic/api.pp b/manifests/profile/base/ironic/api.pp
index bbc91f5..78bf9db 100644
--- a/manifests/profile/base/ironic/api.pp
+++ b/manifests/profile/base/ironic/api.pp
@@ -75,7 +75,7 @@ class tripleo::profile::base::ironic::api (
if $step >= 4 or ( $step >= 3 and $is_bootstrap ) {
include ::ironic::api
- include ::apache::mod::ssl
+ include ::tripleo::profile::base::apache
class { '::ironic::wsgi::apache':
ssl_cert => $tls_certfile,
ssl_key => $tls_keyfile,
diff --git a/manifests/profile/base/keystone.pp b/manifests/profile/base/keystone.pp
index 6ce655e..ef91f1d 100644
--- a/manifests/profile/base/keystone.pp
+++ b/manifests/profile/base/keystone.pp
@@ -211,7 +211,7 @@ class tripleo::profile::base::keystone (
}
include ::keystone::config
- include ::apache::mod::ssl
+ include ::tripleo::profile::base::apache
class { '::keystone::wsgi::apache':
ssl_cert => $tls_certfile,
ssl_key => $tls_keyfile,
diff --git a/manifests/profile/base/mistral/api.pp b/manifests/profile/base/mistral/api.pp
index 2ab2d96..f13a44f 100644
--- a/manifests/profile/base/mistral/api.pp
+++ b/manifests/profile/base/mistral/api.pp
@@ -84,7 +84,7 @@ class tripleo::profile::base::mistral::api (
# Temporarily disable Mistral API deployed in WSGI
# https://bugs.launchpad.net/tripleo/+bug/1724607
if $mistral_api_wsgi_enabled {
- include ::apache::mod::ssl
+ include ::tripleo::profile::base::apache
class { '::mistral::wsgi::apache':
ssl_cert => $tls_certfile,
ssl_key => $tls_keyfile,
diff --git a/manifests/profile/base/nova/api.pp b/manifests/profile/base/nova/api.pp
index 2ff1add..d7764a5 100644
--- a/manifests/profile/base/nova/api.pp
+++ b/manifests/profile/base/nova/api.pp
@@ -134,7 +134,7 @@ class tripleo::profile::base::nova::api (
$tls_keyfile = undef
}
if $step >= 4 or ($step >= 3 and $sync_db) {
- include ::apache::mod::ssl
+ include ::tripleo::profile::base::apache
class { '::nova::wsgi::apache_api':
ssl_cert => $tls_certfile,
ssl_key => $tls_keyfile,
diff --git a/manifests/profile/base/nova/placement.pp b/manifests/profile/base/nova/placement.pp
index 48af39a..33e40b2 100644
--- a/manifests/profile/base/nova/placement.pp
+++ b/manifests/profile/base/nova/placement.pp
@@ -74,7 +74,7 @@ class tripleo::profile::base::nova::placement (
}
if $step >= 4 or ( $step >= 3 and $is_bootstrap ) {
- include ::apache::mod::ssl
+ include ::tripleo::profile::base::apache
class { '::nova::wsgi::apache_placement':
ssl_cert => $tls_certfile,
ssl_key => $tls_keyfile,
diff --git a/manifests/profile/base/panko/api.pp b/manifests/profile/base/panko/api.pp
index 3b1b8d9..a5f9ed0 100644
--- a/manifests/profile/base/panko/api.pp
+++ b/manifests/profile/base/panko/api.pp
@@ -79,7 +79,7 @@ class tripleo::profile::base::panko::api (
class { '::panko::api':
sync_db => $sync_db,
}
- include ::apache::mod::ssl
+ include ::tripleo::profile::base::apache
class { '::panko::wsgi::apache':
ssl_cert => $tls_certfile,
ssl_key => $tls_keyfile,
diff --git a/manifests/profile/base/zaqar.pp b/manifests/profile/base/zaqar.pp
index 573984d..8429c85 100644
--- a/manifests/profile/base/zaqar.pp
+++ b/manifests/profile/base/zaqar.pp
@@ -119,7 +119,7 @@ class tripleo::profile::base::zaqar (
}
include ::zaqar::transport::websocket
- include ::apache::mod::ssl
+ include ::tripleo::profile::base::apache
include ::zaqar::transport::wsgi
# TODO (bcrochet): At some point, the transports should be split out to
diff --git a/spec/classes/tripleo_profile_base_apache_spec.rb b/spec/classes/tripleo_profile_base_apache_spec.rb
new file mode 100644
index 0000000..8b3244f
--- /dev/null
+++ b/spec/classes/tripleo_profile_base_apache_spec.rb
@@ -0,0 +1,73 @@
+#
+# Copyright (C) 2017 Camptocamp SA.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+
+require 'spec_helper'
+
+describe 'tripleo::profile::base::apache' do
+ shared_examples_for 'tripleo::profile::base::apache' do
+
+ context 'with default params' do
+ it 'should trigger complete configuration' do
+ is_expected.to contain_class('apache::mod::status')
+ is_expected.to contain_class('apache::mod::ssl')
+ is_expected.to_not contain_apache__listen('127.0.0.1:80')
+ end
+ end
+
+ context 'Activate listener' do
+ let(:params) { {
+ :enable_status_listener => true,
+ } }
+
+ it 'should trigger complete configuration' do
+ is_expected.to contain_class('apache::mod::status')
+ is_expected.to contain_class('apache::mod::ssl')
+ is_expected.to contain_apache__listen('127.0.0.1:80')
+ end
+ end
+
+ context 'Change listener' do
+ let(:params) {{
+ :enable_status_listener => true,
+ :status_listener => '10.10.0.10:80',
+ }}
+ it 'should trigger complete configuration' do
+ is_expected.to contain_class('apache::mod::status')
+ is_expected.to contain_class('apache::mod::ssl')
+ is_expected.to contain_apache__listen('10.10.0.10:80')
+ end
+ end
+
+
+ context 'Provide wrong value for ensure_status_listener' do
+ let(:params) {{
+ :enable_status_listener => 'fooo',
+ }}
+ it { is_expected.to compile.and_raise_error(/expects a Boolean value/) }
+ end
+ end
+
+
+ on_supported_os.each do |os, facts|
+ context "on #{os}" do
+ let(:facts) do
+ facts.merge({ :hostname => 'node.example.com' })
+ end
+
+ it_behaves_like 'tripleo::profile::base::apache'
+ end
+ end
+end