diff options
| author |   blsaws <bs3131@att.com> | 2016-05-16 07:40:31 -0700 |
|---|---|---|
| committer | blsaws <bs3131@att.com> | 2016-05-16 07:40:31 -0700 |
| commit | 8dcfe1a692815ee3a34dca32fd427471dfd0046a (patch) | |
| tree | 5619e2c7b7113fe6ec68c98064895f7d8723e5bb /components/congress/install | |
| parent | e50f20b9c29fd6282025b4ccb87fedacb013ef66 (diff) | |
Refactor installer code folders.
JIRA: COPPER-2
Add initial centos7 bash scripts in development.
Change-Id: I112aa43c231dac035f0d1bc2ae416fabf6b8b650
Signed-off-by: blsaws <bs3131@att.com>
Diffstat (limited to 'components/congress/install')
40 files changed, 3450 insertions, 0 deletions
diff --git a/components/congress/install/ansible/README.txt b/components/congress/install/ansible/README.txt new file mode 100644 index 0000000..e664217 --- /dev/null +++ b/components/congress/install/ansible/README.txt @@ -0,0 +1,200 @@ +# Copyright 2015-2016 AT&T Intellectual Property, Inc +# This file contains instructions for installing Congress on a Centos7 OPNFV jumphost using Ansible +# Details are sparse so far - a user guide will be written +# Some of these instructions may already have been completed in the copper git Ansible installer files + +# INSTALLING + +# update +sudo yum -y update + +# install ansible (likely already installed) +sudo yum install ansible + +# if you got a Dropbox-related error in ansible installation, disable dropbox and repeat ansible install +sudo yum-config-manager --disable Dropbox + +# install sshpass (needed for ansible-playbook call with password authentication) +sudo yum install sshpass + +# download https://launchpad.net/congress/kilo/2015.1.0/+download/congress-2015.1.0.tar.gz and save in /tmp/congress-2015.1.0.tar.gz +wget https://launchpad.net/congress/kilo/2015.1.0/+download/congress-2015.1.0.tar.gz -O /tmp/congress-2015.1.0.tar.gz + +# clone copper +mkdir ~/git +cd ~/git +git clone https://gerrit.opnfv.org/gerrit/copper + +# edit hosts.ini and add your controller IP address +gedit ~/git/copper/components/congress/ansible/hosts.ini +[congress_prod_host] +(your controller IP) + +# edit deploy_congress.yml and add your controller IP address +# note: this should not be needed, unless the "congress_prod_host" setting in hosts.ini is not picked up for some reason (?) +gedit ~/git/copper/components/congress/ansible/deploy_congress.yml +- hosts: (your controller IP) + +# edit config.yml and set authRegion per your openstack install, your controller IP address where needed, publicEndpoint = http:// (not https://) +gedit ~/git/copper/components/congress/ansible/config.yml +authRegion: RegionOne +publicEndpoint = http://(your controller IP):1789/ +internalEndpoint = http://(your controller IP):1789/ +adminEndpoint = http://(your controller IP):1789/ +mysqlDBIP: (your controller IP) + +# edit congress.conf and set +# bind_host to controller IP address +# "auth_strategy = noauth" for testing +# drivers per the list to test (leave out swift due to issues below) +# TODO: auth_strategy noauth is needed to overcome some issue with keystone auth (debug needed) +gedit ~/git/copper/components/congress/ansible/roles/deploy/templates/congress.conf +bind_host = (your controller IP) +auth_strategy = noauth +drivers = congress.datasources.neutronv2_driver.NeutronV2Driver,congress.datasources.glancev2_driver.GlanceV2Driver,congress.datasources.nova_driver.NovaDriver,congress.datasources.keystone_driver.KeystoneDriver,congress.datasources.ceilometer_driver.CeilometerDriver,congress.datasources.cinder_driver.CinderDriver,congress.datasources.swift_driver.SwiftDriver + +# add controller host IP to /etc/ansible/hosts +sudo vi /etc/ansible/hosts + +# run the ansible playbook +ansible-playbook -vvv -u root -k deploy_congress.yml + +# use --start-at-task="task" when restarting to avoid idempotency errors (steps which fail because they have already completed and can't be completed successfully twice) +ansible-playbook -vvv -u root -k deploy_congress.yml --start-at-task="install datasource drivers" + +# install congress API test driver +# install lamp server: see https://www.digitalocean.com/community/tutorials/how-to-install-linux-apache-mysql-php-lamp-stack-on-centos-7 +sudo yum -y install httpd +sudo yum -y install php +sudo cp -r ~/git/copper/test/congress/driver/www/html/ /var/www/ +sudo cp ~/git/copper/test/congress/driver/www/httpd.conf /etc/httpd/conf +sudo systemctl start httpd.service + +# UNINSTALLING +# Ansible uninstaller will be developed... for now manual uninstall +# On the controller +openstack endpoint list --os-username=admin --os-tenant-name=admin --os-password=octopus --os-auth-url=http://localhost:35357/v2.0 +openstack endpoint delete <id> --os-username=admin --os-tenant-name=admin --os-password=octopus --os-auth-url=http://localhost:35357/v2.0 +openstack service list --os-username=admin --os-tenant-name=admin --os-password=octopus --os-auth-url=http://localhost:35357/v2.0 +openstack service delete <id> --os-username=admin --os-tenant-name=admin --os-password=octopus --os-auth-url=http://localhost:35357/v2.0 +systemctl stop congress-api +sudo rm /etc/init/congress-api.conf +sudo rm -r /opt/congress +sudo rm -r /opt/congress-2015.1.0 +sudo rm -r /var/log/congress +sudo rm -r /usr/lib/python2.7/site-packages/python_congressclient-2015.1.0.dist-info +sudo rm -r /usr/lib/python2.7/site-packages/congressclient/ +sudo rm -r /usr/lib/python2.7/site-packages/congress-2015.1.0-py2.7.egg-info +sudo rm -r /etc/congress +sudo rm -r /tmp/congress-2015.1.0.tar.gz +sudo rm -r /tmp/congress.tar.gz +sudo rm -r /var/lib/mysql/congress +sudo rm -r /var/spool/mail/congress +sudo rm -r /usr/bin/congress-server +sudo rm -r /usr/bin/congress-db-manage +sudo rm -r /usr/lib/python2.7/site-packages/congress +sudo rm /usr/lib/systemd/system/congress-api.service +sudo userdel -r congress +find / | grep congress + +# find ID of the installed congress services, and remove +openstack service list --os-username=admin --os-tenant-name=admin --os-password=octopus --os-auth-url=http://localhost:35357/v2.0 +openstack service delete <id> --os-username=admin --os-tenant-name=admin --os-password=octopus --os-auth-url=http://localhost:35357/v2.0 + + +# DEBUGGING RAW NOTES + +# various attempts to get a auth token (failed) +# found SSL issues with creating datasources; set config.yml publicEndpoint to http:// to fix +# to remove endpoints (to cleanup from incorrectly provisoned endpoints) +keystone endpoint-list +keystone endpoint-delete <id> fa7c4b72faef402a919d50e5374705a9 + +# various issues resulted from trying to create the swift datasource driver. removed for now (see congress.conf notes above) +# server errors reading datasources +2015-11-20 20:02:59.398 17478 ERROR congress.api.application [-] Traceback (most recent call last): + File "/opt/congress/congress/api/application.py", line 47, in __call__ + response = handler.handle_request(request) + File "/opt/congress/congress/api/webservice.py", line 351, in handle_request + return self.list_members(request) + File "/opt/congress/congress/api/webservice.py", line 375, in list_members + context=self._get_context(request)) + File "/opt/congress/congress/api/datasource_model.py", line 52, in get_items + datasources = self.datasource_mgr.get_datasources(filter_secret=True) + File "/opt/congress/congress/managers/datasource.py", line 138, in get_datasources + hide_fields = cls.get_driver_info(result['driver'])['secret'] +KeyError: 'secret' + +vi /opt/congress/congress/managers/datasource.py +remove + if filter_secret: + hide_fields = cls.get_driver_info(result['driver'])['secret'] + for hide_field in hide_fields: + result['config'][hide_field] = "<hidden>" +(didn't help) + +2015-11-20 19:58:13.021 17478 ERROR congress.api.application [-] Traceback (most recent call last): + File "/opt/congress/congress/api/application.py", line 47, in __call__ + response = handler.handle_request(request) + File "/opt/congress/congress/api/webservice.py", line 351, in handle_request + return self.list_members(request) + File "/opt/congress/congress/api/webservice.py", line 375, in list_members + context=self._get_context(request)) + File "/opt/congress/congress/api/datasource_model.py", line 52, in get_items + datasources = self.datasource_mgr.get_datasources(filter_secret=True) + File "/opt/congress/congress/managers/datasource.py", line 138, in get_datasources + return results +KeyError: 'secret' + +openstack congress datasource create ceilometer "ceilometer" --debug --os-username=admin --os-tenant-name=admin --os-password=octopus --os-auth-url=http://localhost:35357/v2.0 --config username=admin --config tenant_name=admin --config password=octopus --config auth_url=http://localhost:35357/v2.0 + +openstack congress datasource create cinder "cinder" --debug --os-username=admin --os-tenant-name=admin --os-password=octopus --os-auth-url=http://localhost:35357/v2.0 --config username=admin --config tenant_name=admin --config password=octopus --config auth_url=http://localhost:35357/v2.0 + +openstack congress datasource create glancev2 "glancev2" --debug --os-username=admin --os-tenant-name=admin --os-password=octopus --os-auth-url=http://localhost:35357/v2.0 --config username=admin --config tenant_name=admin --config password=octopus --config auth_url=http://localhost:35357/v2.0 + +openstack congress datasource create keystone "keystone" --debug --os-username=admin --os-tenant-name=admin --os-password=octopus --os-auth-url=http://localhost:35357/v2.0 --config username=admin --config tenant_name=admin --config password=octopus --config auth_url=http://localhost:35357/v2.0 + +openstack congress datasource create neutronv2 "neutronv2" --debug --os-username=admin --os-tenant-name=admin --os-password=octopus --os-auth-url=http://localhost:35357/v2.0 --config username=admin --config tenant_name=admin --config password=octopus --config auth_url=http://localhost:35357/v2.0 + +openstack congress datasource create nova "nova" --debug --os-username=admin --os-tenant-name=admin --os-password=octopus --os-auth-url=http://localhost:35357/v2.0 --config username=admin --config tenant_name=admin --config password=octopus --config auth_url=http://localhost:35357/v2.0 + +openstack congress datasource create swift "swift" --debug --os-username=admin --os-tenant-name=admin --os-password=octopus --os-auth-url=http://localhost:35357/v2.0 --config username=admin --config tenant_name=admin --config password=octopus --config auth_url=http://localhost:35357/v2.0 + + ++++++++++++++++++++ +curl -s -X POST http://192.168.1.204:5000/v2.0/tokens \ + -H "Content-Type: application/json" \ + -d '{"auth": {"tenantName": "'"$OS_TENANT_NAME"'", "passwordCredentials": + {"username": "'"$OS_USERNAME"'", "password": "'"$OS_PASSWORD"'"}}}' \ + | python -m json.tool + +export OS_TOKEN=(token from the response) + +curl -d '{"auth":{"passwordCredentials":{"username": "admin", "password": "octopus"}}}' -H "Content-type: application/json" http://192.168.1.204:35357/v2.0/tokens | python -m json.tool + +curl -d '{"auth":{"passwordCredentials":{"username": "admin", "password": "octopus"}}}' -H "Content-type: application/json" http://192.168.1.204:5000/v2.0/tokens + +curl -v -s -X POST http://192.168.1.204:5000/v2.0/tokens -H "Content-Type: application/json" -d '{"auth":{"passwordCredentials":{"username": "admin", "password": "octopus"}}}' + +curl -v -d '{"auth":{"passwordCredentials":{"username": "admin", "password": "octopus"}}}' http://192.168.1.204:1789/v1/policies + +curl -v -d '{"auth": {"tenantName": "'"$OS_TENANT_NAME"'", "passwordCredentials": + {"username": "'"$OS_USERNAME"'", "password": "'"$OS_PASSWORD"'"}}}' http://192.168.1.204:1789/v1/policies + + +curl -i \ + -H "Content-Type: application/json" \ + -H "X-Auth-Token: $OS_TOKEN" \ + -d ' +{ "auth": { + "identity": { + "methods": ["token"], + "token": { + "id": "'$OS_TOKEN'" + } + } + } +}' \ +http://192.168.1.204:1789/v1/policies ; echo + + diff --git a/components/congress/install/ansible/build_congress.yml b/components/congress/install/ansible/build_congress.yml new file mode 100644 index 0000000..572f330 --- /dev/null +++ b/components/congress/install/ansible/build_congress.yml @@ -0,0 +1,12 @@ +--- + +- hosts: congress_build_host + sudo: true + + + vars_files: + - config.yml + + + roles: + - build diff --git a/components/congress/install/ansible/config.yml b/components/congress/install/ansible/config.yml new file mode 100644 index 0000000..cf94414 --- /dev/null +++ b/components/congress/install/ansible/config.yml @@ -0,0 +1,94 @@ +--- +# Copyright 2015-2016 AT&T Intellectual Property, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# What this is: An Ansible installer answer file for installing OpenStack Congress on Centos 7. +# Status: testing in progress +# + +# temp directory used to build congress dependencies +tempDir: /tmp + +# directory where the binary venv package will be built +virtualPackageDir: /var/tmp + +# package version +congressVersion: "2015.1.0" + +# directory where to install congress. This should only be the base directory and not the full path. We will create the congress folder automatically +installDir: /opt + +# If this is the first time you are installing then set init = True. For subsequent install or upgrades set init = False +# You can also use the --start-at-task="(name)" and --step options to re-run and skip non-idempotent steps +# (non-idempotent means the step will fail if already completed) +init: "True" + +# This section contains the answers for all "init" (initial install) steps to +# initialize congress services, keystone endpoint, congress user creation and database initialization. +#--------- start init --------- +#hostIP +hostIP: 192.168.10.6 + +#public endpoint +publicEndpoint: http://192.168.10.6:1789/ + +#internal endpoint +internalEndpoint: http://192.168.10.6:1789/ + +#admin endpoint +adminEndpoint: http://192.168.10.6:1789/ + +#keystone admin user +keystoneAdminUser: admin + +#keystone admin password +keystoneAdminPassword: octopus + +#keystone auth_url +#keystoneAuthURL: http://192.168.10.6:35357/v2.0 + +#keystone auth_host +keystoneAuthHost: localhost + +#keystone auth protocal (http or https) +keystoneAuthProto: http + +#openstack admin tenant name +adminTenantName: admin + +#region +authRegion: RegionOne + +#congress admin username +congressAdminUser: congress + +#congress admin password +congressAdminPassword: congress + +#mysql user ip address or hostname +# TODO: whether this needs to be localhost or the actual IP address +mysqlDBIP: localhost + +#mysql root password +mysqlDBPassword: octopus + +#mysql root username +mysqlDBUser: root + +#congress db user +dbUser: congress + +#congress db password +dbPassword: congress +#--------- end init --------- diff --git a/components/congress/install/ansible/deploy_congress.yml b/components/congress/install/ansible/deploy_congress.yml new file mode 100644 index 0000000..b3e311c --- /dev/null +++ b/components/congress/install/ansible/deploy_congress.yml @@ -0,0 +1,12 @@ +--- + +- hosts: 192.168.1.204 + sudo: true + + + vars_files: + - config.yml + + + roles: + - deploy diff --git a/components/congress/install/ansible/hosts.ini b/components/congress/install/ansible/hosts.ini new file mode 100644 index 0000000..341bf16 --- /dev/null +++ b/components/congress/install/ansible/hosts.ini @@ -0,0 +1,6 @@ +[congress_build_host] +127.0.0.1 ansible_connection=local + +[congress_prod_host] +192.168.1.204 + diff --git a/components/congress/install/ansible/roles/deploy/tasks/main.yml b/components/congress/install/ansible/roles/deploy/tasks/main.yml new file mode 100644 index 0000000..3806034 --- /dev/null +++ b/components/congress/install/ansible/roles/deploy/tasks/main.yml @@ -0,0 +1,295 @@ +--- +# Copyright 2015-2016 AT&T Intellectual Property, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# What this is: An Ansible playbook for installing OpenStack Congress on Centos 7. +# Status: this is a work in progress, under test +# +# How to use: +# ansible-playbook -vvv -u root -k -i hosts.ini deploy_congress.yml +# + +# Update packages +# yum update_cache=yes name=* +- name: updating package cache +# apt: update_cache=yes + yum: update_cache=yes name=* + +# Install dependencies +# Direct command: +# yum pkg=python-pip,mariadb-libs,MySQL-python,git,gcc,python-devel,libxml2,libxslt-devel,libzip-devel,mysql-server state=present +- name: installing dependancies + yum: pkg={{item}} state=present + with_items: + - python-pip + - mariadb-libs + - MySQL-python + - git + - gcc +# - python-dev +# - libxslt1-dev +# - libzip-dev + - python-devel + - libxml2 + - libxslt-devel + - libzip-devel + - mysql-server +# - libmysqlclient-dev +# - python-mysqldb + +# Upgrade pip +# Direct command: pip install --upgrade pip +#- name: upgrade pip +# shell: pip install --upgrade pip + +# Install python dependencies +# Direct command: pip name=virtualenv +- name: installing python dependancies +# pip: name={{item}} extra_args='--upgrade' + pip: name={{item}} + with_items: + - virtualenv + - oslo.middleware +# - MySQL-python + +# Create the congress user group +# Direct command: group name=congress state=present +- name: creating congress group + group: name=congress state=present + when: init == "True" + +# Create the congress user +# Direct command: user name=congress group=congress state=present createhome=no +- name: creating congress user + user: name=congress group=congress state=present createhome=no + +# Create the congress install directory +# Direct command: mkdir {{item}}; chown congress {{item}}; chgrp congress {{item}}; +- name: creating remote install directory + file: path={{item}} state=directory owner=congress group=congress + with_items: + - /etc/congress + - /etc/congress/snapshot +# - "{{installDir}}" + - /var/log/congress + +# Copying congress build to prod host +# Direct command: what direct command this maps to is TBD +- name: copying congress build to prod host + unarchive: src={{tempDir}}/congress-{{congressVersion}}.tar.gz dest={{installDir}} owner=congress group=congress + args: + creates: "{{installDir}}/congress-{{congressVersion}}" + +# Run the congress python setup +# Direct command: cd /opt/congress-{{congressVersion}}; python setup.py install +- name: run setup.py + shell: python setup.py install + args: + chdir: "{{installDir}}/congress-{{congressVersion}}" + creates: /usr/bin/congress-db-manage + +# Activate virtualenv (creates virtual python script library to avoid conflicts with other code on the server) +# TODO: clarify need or benefit from virtualenv +# Direct command: virtualenv /opt/congress-{{congressVersion}} +- name: activating virtualenv + shell: virtualenv {{installDir}}/congress-{{congressVersion}} + +# Install dependencies in virtualenv +# Direct command: pip install --upgrade {{item}} +# TODO: how to invoke virtualenv install in manual command +#- name: Install dependencies in virtualenv +# pip: name={{item}} virtualenv={{installDir}}/congress-{{congressVersion}} virtualenv_site_packages=yes extra_args='--upgrade' +# with_items: +# - pbr +# - oslo.middleware +# - i18n + +# Copy api-paste.ini to the config directory +# Direct command: cd /opt/congress-{{congressVersion}}; cp etc/api-paste.ini /etc/congress +- name: copy /etc/congress/api-paste.ini + shell: cp etc/api-paste.ini /etc/congress + args: + creates: /etc/congress/api-paste.ini + chdir: "{{installDir}}/congress-{{congressVersion}}" + +# Copy policy.json to the config directory +# Direct command: cd /opt/congress-{{congressVersion}}; cp etc/policy.json /etc/congress +- name: copy /etc/congress/policy.json + shell: cp etc/policy.json /etc/congress + args: + creates: /etc/congress/policy.json + chdir: "{{installDir}}/congress-{{congressVersion}}" + +# Copy congress.conf to the config directory +# Direct command: what direct command this maps to is TBD) +- name: updating congress.conf + template: src=congress.conf dest=/etc/congress/congress.conf owner=congress group=congress + +# Create the congress service +# Direct command: bin/keystone --os-auth-url=http://localhost:35357/v2.0 --os-username=admin --os-tenant-name=admin --os-password=octopus service-create --name congress --type "policy" --description "Congress Service" +- name: create congress service + shell: > + /bin/keystone \ + --os-auth-url={{keystoneAuthProto}}://{{keystoneAuthHost}}:35357/v2.0 \ + --os-username={{keystoneAdminUser}} \ + --os-tenant-name={{adminTenantName}} \ + --os-password={{keystoneAdminPassword}} \ + service-create --name congress --type "policy" --description "Congress Service" + +# Create the congress service endpoint +# Direct command: bin/keystone --os-auth-url=http://localhost:35357/v2.0 --os-username=admin --os-tenant-name=admin --os-password=octopus endpoint-create --service congress --region RegionOne --publicurl http://192.168.1.204:1789/ +- name: creating keystone endpoint + shell: > + /bin/keystone \ + --os-auth-url={{keystoneAuthProto}}://{{keystoneAuthHost}}:35357/v2.0 \ + --os-username={{keystoneAdminUser}} \ + --os-tenant-name={{adminTenantName}} \ + --os-password={{keystoneAdminPassword}} \ + endpoint-create --service congress \ + --region {{authRegion}} \ + --publicurl {{publicEndpoint}} \ + --adminurl {{adminEndpoint}} \ + --internalurl {{internalEndpoint}} + +# Create the congress database +# TODO: fix some bug resulting in "msg: unable to connect, check login credentials " +# Workaround: on controller +# mysql mysql +# update user set host = '%' where user = 'root'; +# exit +# Direct command: mysql_db name=congress state=present login_host=192.168.1.204 login_user=root login_password=VALUE_HIDDEN +- name: creating congress database + mysql_db: name=congress state=present login_host={{mysqlDBIP}} login_user={{mysqlDBUser}} login_password={{mysqlDBPassword}} + +# Create the congress database user and access +# Direct command: mysql_user name=congress password=VALUE_HIDDEN login_host=localhost login_user=root login_password=VALUE_HIDDEN priv=congress.*:ALL host=% +- name: creating and granting congress user access to database + mysql_user: name={{dbUser}} password={{dbPassword}} login_host={{mysqlDBIP}} login_user={{mysqlDBUser}} login_password={{mysqlDBPassword}} priv=congress.*:ALL host={{ item }} + with_items: + - "%" + - "localhost" + +# Fix bug with congress-db-manage failure to import i18n +# See https://bugs.launchpad.net/tripleo/+bug/1468028 +# It's unclear if this patch causes other problems... +# Direct command: pip install oslo.i18n==1.7.0 +#- name: pip install oslo.i18n==1.7.0 +# shell: > +# pip install oslo.i18n==1.7.0 + +# Create the congress database schema +# Direct command: /usr/bin/congress-db-manage --config-file /etc/congress/congress.conf upgrade head +- name: creating congress database schema + shell: > + /usr/bin/congress-db-manage --config-file /etc/congress/congress.conf upgrade head + +# Enable congress to start on system restart +# Direct command: what direct command this maps to is TBD +- name: copy and enable congress-api.service thru systemd + template: src=congress-api.service dest=/usr/lib/systemd/system/congress-api.service + +# Install clients +# Direct command: pip install {{item}} +# pip: name={{item}} virtualenv={{installDir}}/congress-{{congressVersion}} virtualenv_site_packages=yes extra_args='--upgrade' +- name: Install clients + pip: name={{item}} + with_items: + - python-openstackclient + - python-congressclient + +# stderr: Exception raised: (pbr 0.11.0 (/usr/lib/python2.7/site-packages), Requirement.parse('pbr>=1.6')) +# Install pbr-1.8.1 +# Direct command: pip install pbr==1.8.1 +- name: Install pbr-1.8.1 + shell: > + pip install pbr==1.8.1 + +# stderr: Exception raised: (pbr 1.8.1 (/usr/lib/python2.7/site-packages), Requirement.parse('pbr>=0.6,!=0.7,<1.0')) +# fix per https://ask.openstack.org/en/question/83174/whole-cli-doesnt-work-anymore-kilo/ +# pip install --upgrade python-openstackclient +- name: Upgrade python-openstackclient + shell: > + pip install --upgrade python-openstackclient + +# stderr: Unable to establish connection to http://192.168.10.6:1789/v1/data-sources +# systemctl | grep congress +# congress-api.service loaded failed failed OpenStack Congress Server +# https://wiki.archlinux.org/index.php/Systemd#Investigating_systemd_errors +# systemctl status congress-api -l +# oscontroller1.opnfv.com systemd[4175]: Failed at step EXEC spawning /opt/congress/bin/congress-server: No such file or directory +# error in congress-api.service, needed to completely remove from systemd and reinstall +# systemctl stop congress-api.service +# systemctl disable congress-api.service +# rm /etc/systemd/system/congress-api.service +# systemctl daemon-reload +# systemctl reset-failed +# restart at +# ansible-playbook -vvv -u root -k -i hosts.ini deploy_congress.yml --start-at-task="copy and enable congress-api.service thru systemd" + +# congress-server: Traceback (most recent call last): +# congress-server: File "/opt/congress-2015.1.0/bin/congress-server", line 33, in <module> +# congress-server: from congress.server import congress_server +# congress-server: File "/opt/congress-2015.1.0/congress/server/congress_server.py", line 26, in <module> +# congress-server: from congress.common import config +# congress-server: File "/opt/congress-2015.1.0/congress/common/config.py", line 20, in <module> +# congress-server: from congress.managers import datasource as datasource_mgr +# congress-server: File "/opt/congress-2015.1.0/congress/managers/datasource.py", line 19, in <module> +# congress-server: from oslo.db import exception as db_exc +# congress-server: File "/usr/lib/python2.7/site-packages/oslo/db/exception.py", line 48, in <module> +# congress-server: from oslo.db._i18n import _ +# congress-server: File "/usr/lib/python2.7/site-packages/oslo/db/_i18n.py", line 19, in <module> +# congress-server: from oslo import i18n +# congress-server: ImportError: cannot import name i18n +# systemd: congress-api.service: main process exited, code=exited, status=1/FAILURE +# systemd: Unit congress-api.service entered failed state. +# See https://bugs.launchpad.net/tripleo/+bug/1468028 +# It's unclear if this patch causes other problems... +# Direct command: pip install oslo.i18n==1.7.0 +- name: install oslo.i18n==1.7.0 + shell: > + pip install oslo.i18n==1.7.0 + +# congress-server: 2015-11-26 00:30:42.754 24988 TRACE congress from oslo.middleware import request_id +# congress-server: 2015-11-26 00:30:42.754 24988 TRACE congress ImportError: No module named middleware +- name: install oslo.middleware + pip: name={{item}} + with_items: + - oslo.middleware + +# Start the congress service +# Direct command: systemctl start congress-api +- name: start congress-api service + shell: systemctl start congress-api + +# Create congress datasources +# leave out swift for now, as it seems to break access to the other datasources +# Direct command: openstack congress datasource create {{item}} "{{item}}" --os-username=admin --os-tenant-name=admin --os-password=octopus --os-auth-url=http://localhost:35357/v2.0 +- name: install datasource drivers + shell: openstack congress datasource create {{item}} "{{item}}" \ + --os-username={{keystoneAdminUser}} \ + --os-tenant-name={{adminTenantName}} \ + --os-password={{keystoneAdminPassword}} \ + --os-auth-url={{keystoneAuthProto}}://{{keystoneAuthHost}}:35357/v2.0 + --config username={{keystoneAdminUser}} \ + --config tenant-name={{adminTenantName}} \ + --config password={{keystoneAdminPassword}} \ + --config auth-url={{keystoneAuthProto}}://{{keystoneAuthHost}}:35357/v2.0 + with_items: + - ceilometer + - cinder + - glancev2 + - keystone + - neutronv2 + - nova +# - swift diff --git a/components/congress/install/ansible/roles/deploy/templates/congress-api.conf b/components/congress/install/ansible/roles/deploy/templates/congress-api.conf new file mode 100644 index 0000000..4eae24d --- /dev/null +++ b/components/congress/install/ansible/roles/deploy/templates/congress-api.conf @@ -0,0 +1,7 @@ +description "Congress API server" + +env PYTHON_PATH={{installDir}}/congress +start on runlevel [2345] +stop on runlevel [!2345] + +exec {{installDir}}/congress/bin/congress-server --config-file /etc/congress/congress.conf diff --git a/components/congress/install/ansible/roles/deploy/templates/congress-api.service b/components/congress/install/ansible/roles/deploy/templates/congress-api.service new file mode 100644 index 0000000..224760b --- /dev/null +++ b/components/congress/install/ansible/roles/deploy/templates/congress-api.service @@ -0,0 +1,31 @@ +# Copyright 2015-2016 AT&T Intellectual Property, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# What this is: Ansible configuration for the OpenStack Congress service. +# Used to setup the Congress server to startup on host restart. +# +# Status: testing in progress +# + +[Unit] +Description=OpenStack Congress Server +After=syslog.target network.target + +[Service] +Type=simple +User=congress +ExecStart={{installDir}}/congress/bin/congress-server --config-file /etc/congress/congress.conf + +[Install] +WantedBy=multi-user.target diff --git a/components/congress/install/ansible/roles/deploy/templates/congress.conf b/components/congress/install/ansible/roles/deploy/templates/congress.conf new file mode 100644 index 0000000..86b78a9 --- /dev/null +++ b/components/congress/install/ansible/roles/deploy/templates/congress.conf @@ -0,0 +1,75 @@ +# Copyright 2015-2016 AT&T Intellectual Property, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# What this is: An template configuration file for OpenStack Congress +# Status: testing in progress +# + +[DEFAULT] +# Print more verbose output (set logging level to INFO instead of default WARNING level). +verbose = True + +# Print debugging output (set logging level to DEBUG instead of default WARNING level). +# debug = False + +# log_format = %(asctime)s %(levelname)8s [%(name)s] %(message)s +# log_date_format = %Y-%m-%d %H:%M:%S + +# use_syslog -> syslog +# log_file and log_dir -> log_dir/log_file +# (not log_file) and log_dir -> log_dir/{binary_name}.log +# use_stderr -> stderr +# (not user_stderr) and (not log_file) -> stdout +# publish_errors -> notification system + +# use_syslog = False +# syslog_log_facility = LOG_USER + +# use_stderr = True +log_file = congress.log +log_dir = /var/log/congress + +# publish_errors = False + +# Address to bind the API server to +bind_host = {{hostIP}} + +# Port the bind the API server to +# bind_port = 1789 + +# The path to the latest policy dump +policy_path = /etc/congress/snapshot + +# Paste configuration file +# api_paste_config = api-paste.ini + +# The strategy to be used for auth. +# Supported values are 'keystone'(default), 'noauth'. +auth_strategy = noauth + +# List of datasource driver class paths to import. +# For example: congress.datasources.neutronv2_driver.NeutronV2Driver, etc +# errors seen in log, removed congress.datasources.swift_driver.SwiftDriver +drivers = congress.datasources.neutronv2_driver.NeutronV2Driver,congress.datasources.glancev2_driver.GlanceV2Driver,congress.datasources.nova_driver.NovaDriver,congress.datasources.keystone_driver.KeystoneDriver,congress.datasources.ceilometer_driver.CeilometerDriver,congress.datasources.cinder_driver.CinderDriver,congress.datasources.swift_driver.SwiftDriver + +[keystone_authtoken] +auth_host = {{ keystoneAuthHost }} +auth_port = 35357 +auth_protocol = {{ keystoneAuthProto }} +admin_tenant_name = {{ adminTenantName }} +admin_user = {{ congressAdminUser }} +admin_password = {{ congressAdminPassword }} + +[database] +connection = mysql://{{dbUser}}:{{dbPassword}}@{{mysqlDBIP}}:3306/congress diff --git a/components/congress/install/bash/centos/clean_congress.sh b/components/congress/install/bash/centos/clean_congress.sh new file mode 100644 index 0000000..4ab21a4 --- /dev/null +++ b/components/congress/install/bash/centos/clean_congress.sh @@ -0,0 +1,46 @@ +#!/bin/bash +# CCopyright 2015-2016 AT&T Intellectual Property, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# This is a cleanup script for installation of Congress on an Ubuntu 14.04 +# LXC container in the OPNFV Controller node. +# Presumably something has failed, and any record of the Congress feature +# in OpenStack needs to be removed, so you can try the install again. +# +# Prequisite: OPFNV install per https://wiki.opnfv.org/copper/academy/joid +# How to use: +# Install OPNFV per https://wiki.opnfv.org/copper/academy/joid +# $ source ~/git/copper/components/congress/joid/clean_congress.sh <controller_hostname> +# <controller_hostname> is the name of the controller node in MAAS. + +source ~/admin-openrc.sh <<EOF +openstack +EOF +source ~/env.sh +set -x echo on +juju ssh ubuntu@$1 "sudo lxc-stop --name juju-trusty-congress; sudo lxc-destroy --name juju-trusty-congress; exit" + +# Delete Congress user +export CONGRESS_USER=$(openstack user list | awk "/ congress / { print \$2 }") +if [ "$CONGRESS_USER" != "" ]; then + openstack user delete $CONGRESS_USER +fi + +# Delete Congress service +export CONGRESS_SERVICE=$(openstack service list | awk "/ congress / { print \$2 }") +if [ "$CONGRESS_SERVICE" != "" ]; then + openstack service delete $CONGRESS_SERVICE +fi +set -x echo off + diff --git a/components/congress/install/bash/centos/install_congress_1.sh b/components/congress/install/bash/centos/install_congress_1.sh new file mode 100644 index 0000000..47137ae --- /dev/null +++ b/components/congress/install/bash/centos/install_congress_1.sh @@ -0,0 +1,171 @@ +#!/bin/bash +# Copyright 2015-2016 AT&T Intellectual Property, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# This is script 1 of 2 for installation of Congress on the Centos 7 based +# OPNFV Controller node as installed per the OPNFV Apex project. +# Prequisites: +# OPFNV install per https://wiki.opnfv.org/display/copper/Apex +# On the jumphost, logged in as stack on the undercloud VM: +# su stack +# Clone the Copper repo and run the install script: +# git clone https://gerrit.opnfv.org/gerrit/copper +# source copper/components/install/bash/centos/install_congress_1.sh + +if [ $# -gt 1 ] && [ $2 == "debug" ]; then set -x #echo on +fi + +cd ~ +source ~/stackrc + +# Get addresses of Controller node(s) +export CONTROLLER_HOST1=$(openstack server list | awk "/overcloud-controller-0/ { print \$8 }" | sed 's/ctlplane=//g') +export CONTROLLER_HOST2=$(openstack server list | awk "/overcloud-controller-1/ { print \$8 }" | sed 's/ctlplane=//g') + +# puppet apply -e "user { 'congress': ensure => present, password => sha1('congress'), }" +# ssh -x -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no ssh heat-admin@$CONTROLLER_HOST1 "useradd congress; exit" + +echo "Create the environment file and copy to the congress server" +cat <<EOF >~/env.sh +export CONGRESS_HOST=$CONTROLLER_HOST1 +export KEYSTONE_HOST=$CONTROLLER_HOST1 +export CEILOMETER_HOST=$CONTROLLER_HOST1 +export CINDER_HOST=$CONTROLLER_HOST1 +export GLANCE_HOST=$CONTROLLER_HOST1 +export NEUTRON_HOST=$CONTROLLER_HOST1 +export NOVA_HOST=$CONTROLLER_HOST1 +EOF +source ~/env.sh +scp ~/stackrc heat-admin@$CONTROLLER_HOST1:/home/heat-admin/admin-openrc.sh +scp ~/env.sh heat-admin@$CONTROLLER_HOST1:/home/heat-admin + +echo "Copy install_congress_2.sh to the congress server and execute" +scp ~/git/copper/components/congress/joid/install_congress_2.sh heat-admin@$CONTROLLER_HOST1:/home/heat-admin +ssh -x -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no heat-admin@$CONTROLLER_HOST1 "source ~/install_congress_2.sh; exit" + +echo "Install jumphost dependencies" + +echo "Update package repos" +sudo apt-get update + +echo "install pip" +sudo apt-get install python-pip -y + +echo "install other dependencies" +sudo apt-get install apg git gcc python-dev libxml2 libxslt1-dev libzip-dev -y +sudo pip install --upgrade pip virtualenv setuptools pbr tox + +echo "Clone congress" +mkdir ~/git +cd ~/git +git clone https://github.com/openstack/congress.git +cd congress +git checkout stable/liberty + +echo "Create virtualenv" +virtualenv ~/git/congress +source bin/activate + +echo "Install and test OpenStack client" +cd ~/git +git clone https://github.com/openstack/python-openstackclient.git +cd python-openstackclient +git checkout stable/liberty +~/git/congress/bin/pip install -r requirements.txt +~/git/congress/bin/pip install . +openstack service list + +echo "Install and test Congress client" +cd ~/git +git clone https://github.com/openstack/python-congressclient.git +cd python-congressclient +git checkout stable/liberty +~/git/congress/bin/pip install -r requirements.txt +~/git/congress/bin/pip install . +openstack congress driver list + +echo "Install and test Keystone client" +cd ~/git +git clone https://github.com/openstack/python-keystoneclient.git +cd python-keystoneclient +git checkout stable/liberty +~/git/congress/bin/pip install -r requirements.txt +~/git/congress/bin/pip install . + +echo "setup Congress user. TODO: needs update in http://congress.readthedocs.org/en/latest/readme.html#installing-congress" +pip install cliff --upgrade +export ADMIN_ROLE=$(openstack role list | awk "/ admin / { print \$2 }") +export SERVICE_TENANT=$(openstack project list | awk "/ admin / { print \$2 }") +openstack user create --password congress --project admin --email "congress@example.com" congress +export CONGRESS_USER=$(openstack user list | awk "/ congress / { print \$2 }") +openstack role add --user $CONGRESS_USER --project $SERVICE_TENANT $ADMIN_ROLE + +echo "Create Congress service" +openstack service create congress --type "policy" --description "Congress Service" +export CONGRESS_SERVICE=$(openstack service list | awk "/ congress / { print \$2 }") + +echo "Create Congress endpoint" +openstack endpoint create $CONGRESS_SERVICE \ + --region $OS_REGION_NAME \ + --publicurl http://$CONGRESS_HOST:1789/ \ + --adminurl http://$CONGRESS_HOST:1789/ \ + --internalurl http://$CONGRESS_HOST:1789/ + +echo "Start the Congress service" +ssh -x -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no ubuntu@$CONGRESS_HOST "~/git/congress/bin/congress-server &>/dev/null &" + +echo "Wait 30 seconds for Congress service to startup" +sleep 30 + +echo "Create data sources" +# To remove datasources: openstack congress datasource delete <name> +openstack congress datasource create nova "nova" \ + --config username=$OS_USERNAME \ + --config tenant_name=$OS_TENANT_NAME \ + --config password=$OS_PASSWORD \ + --config auth_url=http://$KEYSTONE_HOST:5000/v2.0 +openstack congress datasource create neutronv2 "neutronv2" \ + --config username=$OS_USERNAME \ + --config tenant_name=$OS_TENANT_NAME \ + --config password=$OS_PASSWORD \ + --config auth_url=http://$KEYSTONE_HOST:5000/v2.0 +openstack congress datasource create ceilometer "ceilometer" \ + --config username=$OS_USERNAME \ + --config tenant_name=$OS_TENANT_NAME \ + --config password=$OS_PASSWORD \ + --config auth_url=http://$KEYSTONE_HOST:5000/v2.0 +openstack congress datasource create cinder "cinder" \ + --config username=$OS_USERNAME \ + --config tenant_name=$OS_TENANT_NAME \ + --config password=$OS_PASSWORD \ + --config auth_url=http://$KEYSTONE_HOST:5000/v2.0 +openstack congress datasource create glancev2 "glancev2" \ + --config username=$OS_USERNAME \ + --config tenant_name=$OS_TENANT_NAME \ + --config password=$OS_PASSWORD \ + --config auth_url=http://$KEYSTONE_HOST:5000/v2.0 +openstack congress datasource create keystone "keystone" \ + --config username=$OS_USERNAME \ + --config tenant_name=$OS_TENANT_NAME \ + --config password=$OS_PASSWORD \ + --config auth_url=http://$KEYSTONE_HOST:5000/v2.0 + +echo "Install tox test dependencies" +sudo apt-get install -y libffi-dev libssl-dev + +echo "Run Congress tox Tests" +cd ~/git/congress +tox -epy27 + +set +x #echo off diff --git a/components/congress/install/bash/centos/install_congress_2.sh b/components/congress/install/bash/centos/install_congress_2.sh new file mode 100644 index 0000000..588c780 --- /dev/null +++ b/components/congress/install/bash/centos/install_congress_2.sh @@ -0,0 +1,165 @@ +#!/bin/bash +# Copyright 2015-2016 AT&T Intellectual Property, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# This is script 2 of 2 for installation of Congress on the Centos 7 based +# OPNFV Controller node as installed per the OPNFV Apex project. +# Prequisites: +# OPFNV install per https://wiki.opnfv.org/display/copper/Apex +# On the jumphost, logged in as stack on the undercloud VM: +# su stack +# Clone the Copper repo and run the install script: +# git clone https://gerrit.opnfv.org/gerrit/copper +# source copper/components/install/bash/centos/install_congress_1.sh + +set -x +source ~/admin-openrc.sh +source ~/env.sh + +echo "install pip" +sudo yum install python-pip -y + +echo "install java" +sudo yum install default-jre -y +# No package default-jre available. + +echo "install other dependencies" +sudo yum install apg git gcc python-dev libxml2 libxslt1-dev libzip-dev -y +# No package python-dev available. +# No package libxslt1-dev available. +# No package libzip-dev available. +sudo pip install --upgrade pip virtualenv setuptools pbr tox + +echo "set mysql root user password and install mysql" +export MYSQL_PASSWORD=$(/usr/bin/apg -n 1 -m 16 -c cl_seed) +sudo debconf-set-selections <<< 'mysql-server mysql-server/root_password password '$MYSQL_PASSWORD +sudo debconf-set-selections <<< 'mysql-server mysql-server/root_password_again password '$MYSQL_PASSWORD +sudo -E yum -q -y install mysql-server python-mysqldb + +echo "Clone congress" +mkdir ~/git +cd ~/git +git clone https://github.com/openstack/congress.git +cd congress +git checkout stable/liberty + +echo "Create virtualenv" +virtualenv ~/git/congress +source bin/activate + +echo "Setup Congress" +sudo mkdir -p /etc/congress +sudo chown ubuntu /etc/congress +mkdir -p /etc/congress/snapshot +sudo mkdir /var/log/congress +sudo chown ubuntu /var/log/congress +cp etc/api-paste.ini /etc/congress +cp etc/policy.json /etc/congress + +echo "install requirements.txt and tox dependencies (detected by errors during 'tox -egenconfig')" +sudo yum install libffi-dev -y +sudo yum install openssl -y +sudo yum install libssl-dev -y + +echo "install dependencies of Congress" +cd ~/git/congress +bin/pip install -r requirements.txt +bin/pip install . + +echo "install tox" +bin/pip install tox + +echo "generate congress.conf.sample" +tox -egenconfig + +echo "edit congress.conf.sample as needed" +sed -i -- 's/#verbose = true/verbose = true/g' etc/congress.conf.sample +sed -i -- 's/#log_file = <None>/log_file = congress.log/g' etc/congress.conf.sample +sed -i -- 's/#log_dir = <None>/log_dir = \/var\/log\/congress/g' etc/congress.conf.sample +sed -i -- 's/#bind_host = 0.0.0.0/bind_host = '$CONGRESS_HOST'/g' etc/congress.conf.sample +sed -i -- 's/#policy_path = <None>/policy_path = \/etc\/congress\/snapshot/g' etc/congress.conf.sample +sed -i -- 's/#auth_strategy = keystone/auth_strategy = noauth/g' etc/congress.conf.sample +sed -i -- 's/#drivers =/drivers = congress.datasources.neutronv2_driver.NeutronV2Driver,congress.datasources.glancev2_driver.GlanceV2Driver,congress.datasources.nova_driver.NovaDriver,congress.datasources.keystone_driver.KeystoneDriver,congress.datasources.ceilometer_driver.CeilometerDriver,congress.datasources.cinder_driver.CinderDriver/g' etc/congress.conf.sample +sed -i -- 's/#auth_host = 127.0.0.1/auth_host = '$CONGRESS_HOST'/g' etc/congress.conf.sample +sed -i -- 's/#auth_port = 35357/auth_port = 35357/g' etc/congress.conf.sample +sed -i -- 's/#auth_protocol = https/auth_protocol = http/g' etc/congress.conf.sample +sed -i -- 's/#admin_tenant_name = admin/admin_tenant_name = admin/g' etc/congress.conf.sample +sed -i -- 's/#admin_user = <None>/admin_user = congress/g' etc/congress.conf.sample +sed -i -- 's/#admin_password = <None>/admin_password = congress/g' etc/congress.conf.sample +sed -i -- 's/#connection = <None>/connection = mysql:\/\/ubuntu:'$MYSQL_PASSWORD'@localhost:3306\/congress/g' etc/congress.conf.sample + +echo "copy congress.conf.sample to /etc/congress" +cp etc/congress.conf.sample /etc/congress/congress.conf + +echo "create congress database" +sudo mysql --user=root --password=$MYSQL_PASSWORD -e "CREATE DATABASE congress; GRANT ALL PRIVILEGES ON congress.* TO 'ubuntu@localhost' IDENTIFIED BY '"$MYSQL_PASSWORD"'; GRANT ALL PRIVILEGES ON congress.* TO 'ubuntu'@'%' IDENTIFIED BY '"$MYSQL_PASSWORD"';" + +echo "install congress-db-manage dependencies (detected by errors)" +sudo yum build-dep python-mysqldb -y +bin/pip install MySQL-python + +echo "create database schema" +congress-db-manage --config-file /etc/congress/congress.conf upgrade head + +echo "Install Congress client" +cd ~/git +git clone https://github.com/openstack/python-congressclient.git +cd python-congressclient +git checkout stable/liberty +../congress/bin/pip install -r requirements.txt +../congress/bin/pip install . + +function _congress_setup_horizon { + local HORIZON_DIR="/usr/share/openstack-dashboard" + local CONGRESS_HORIZON_DIR="/home/ubuntu/git/congress/contrib/horizon" + sudo cp -r $CONGRESS_HORIZON_DIR/datasources $HORIZON_DIR/openstack_dashboard/dashboards/admin/ + sudo cp -r $CONGRESS_HORIZON_DIR/policies $HORIZON_DIR/openstack_dashboard/dashboards/admin/ + sudo cp -r $CONGRESS_HORIZON_DIR/static $HORIZON_DIR/openstack_dashboard/dashboards/admin/ + sudo cp -r $CONGRESS_HORIZON_DIR/templates $HORIZON_DIR/openstack_dashboard/dashboards/admin/ + sudo cp $CONGRESS_HORIZON_DIR/congress.py $HORIZON_DIR/openstack_dashboard/api/ + sudo cp $CONGRESS_HORIZON_DIR/_50_policy.py $HORIZON_DIR/openstack_dashboard/local/enabled/ + sudo cp $CONGRESS_HORIZON_DIR/_60_policies.py $HORIZON_DIR/openstack_dashboard/local/enabled/ + sudo cp $CONGRESS_HORIZON_DIR/_70_datasources.py $HORIZON_DIR/openstack_dashboard/local/enabled/ + + # For unit tests + sudo sh -c 'echo "python-congressclient" >> '$HORIZON_DIR'/requirements.txt' + sudo sh -c 'echo -e \ +"\n# Load the pluggable dashboard settings"\ +"\nimport openstack_dashboard.local.enabled"\ +"\nfrom openstack_dashboard.utils import settings"\ +"\n\nINSTALLED_APPS = list(INSTALLED_APPS)"\ +"\nsettings.update_dashboards(["\ +"\n openstack_dashboard.local.enabled,"\ +"\n], HORIZON_CONFIG, INSTALLED_APPS)" >> '$HORIZON_DIR'/openstack_dashboard/test/settings.py' + + # Setup alias for django-admin which could be different depending on distro + local django_admin + if type -p django-admin > /dev/null; then + django_admin=django-admin + else + django_admin=django-admin.py + fi + + # Collect and compress static files (e.g., JavaScript, CSS) + DJANGO_SETTINGS_MODULE=openstack_dashboard.settings $django_admin collectstatic --noinput + DJANGO_SETTINGS_MODULE=openstack_dashboard.settings $django_admin compress --force + + # Restart Horizon + sudo service apache2 restart +} +# Commented out as the procedure is not yet working +#echo "Install Horizon Policy plugin" +#_congress_setup_horizon + +set +x #echo off diff --git a/components/congress/install/joid/clean_congress.sh b/components/congress/install/joid/clean_congress.sh new file mode 100644 index 0000000..4ab21a4 --- /dev/null +++ b/components/congress/install/joid/clean_congress.sh @@ -0,0 +1,46 @@ +#!/bin/bash +# CCopyright 2015-2016 AT&T Intellectual Property, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# This is a cleanup script for installation of Congress on an Ubuntu 14.04 +# LXC container in the OPNFV Controller node. +# Presumably something has failed, and any record of the Congress feature +# in OpenStack needs to be removed, so you can try the install again. +# +# Prequisite: OPFNV install per https://wiki.opnfv.org/copper/academy/joid +# How to use: +# Install OPNFV per https://wiki.opnfv.org/copper/academy/joid +# $ source ~/git/copper/components/congress/joid/clean_congress.sh <controller_hostname> +# <controller_hostname> is the name of the controller node in MAAS. + +source ~/admin-openrc.sh <<EOF +openstack +EOF +source ~/env.sh +set -x echo on +juju ssh ubuntu@$1 "sudo lxc-stop --name juju-trusty-congress; sudo lxc-destroy --name juju-trusty-congress; exit" + +# Delete Congress user +export CONGRESS_USER=$(openstack user list | awk "/ congress / { print \$2 }") +if [ "$CONGRESS_USER" != "" ]; then + openstack user delete $CONGRESS_USER +fi + +# Delete Congress service +export CONGRESS_SERVICE=$(openstack service list | awk "/ congress / { print \$2 }") +if [ "$CONGRESS_SERVICE" != "" ]; then + openstack service delete $CONGRESS_SERVICE +fi +set -x echo off + diff --git a/components/congress/install/joid/install_congress_1.sh b/components/congress/install/joid/install_congress_1.sh new file mode 100644 index 0000000..61ac722 --- /dev/null +++ b/components/congress/install/joid/install_congress_1.sh @@ -0,0 +1,187 @@ +#!/bin/bash +# Copyright 2015-2016 AT&T Intellectual Property, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# This is script 1 of 2 for installation of Congress on an Ubuntu 14.04 +# LXC container in the OPNFV Controller node. +# Prequisite: OPFNV install per https://wiki.opnfv.org/copper/academy/joid +# +# On jumphost: +# Download admin-openrc.sh from Horizon and save in ~ +# source install_congress_1.sh <host> +# (copies install_congress_2.sh to <host> and executes it) +# <hostname> is the name of the host in which to install Congress. +# +# If "horizon", Congress will be installed in the same LXC as Horizon, +# as necessary for the OpenStack Dashboard Policy plugins to work. +# Otherwise provide the node name of the controller node, where Congress +# will be installed in an LXC (NOTE: Policy plugin for OpenStack dashboard +# does not currently get installed for the LXC-based Congress deploy) + +if [ $# -gt 1 ] && [ $2 == "debug" ]; then set -x #echo on +fi + +source ~/admin-openrc.sh <<EOF +openstack +EOF + +if [ $1 == "horizon" ]; then + echo "Set CONGRESS_HOST to HORIZON_HOST" + CONGRESS_HOST=$(juju status --format=short | awk "/openstack-dashboard/ { print \$3 }") +else + echo "Create the congress container" + juju ssh ubuntu@$1 "sudo lxc-clone -o juju-trusty-lxc-template -n juju-trusty-congress; sudo lxc-start -n juju-trusty-congress -d; exit" + + echo "Get the congress server address" + CONGRESS_HOST="" + while [ "$CONGRESS_HOST" == "" ]; do + sleep 5 + CONGRESS_HOST=$(juju ssh ubuntu@$1 "sudo lxc-info --name juju-trusty-congress | grep IP" | awk "/ / { print \$2 }" | tr -d '\r') + done +fi + +echo "Create the environment file and copy to the congress server" +cat <<EOF >~/env.sh +export CONGRESS_HOST=$CONGRESS_HOST +export HORIZON_HOST=$(juju status --format=short | awk "/openstack-dashboard/ { print \$3 }") +export KEYSTONE_HOST=$(juju status --format=short | awk "/keystone\/0/ { print \$3 }") +export CEILOMETER_HOST=$(juju status --format=short | awk "/ceilometer\/0/ { print \$3 }") +export CINDER_HOST=$(juju status --format=short | awk "/cinder\/0/ { print \$3 }") +export GLANCE_HOST=$(juju status --format=short | awk "/glance\/0/ { print \$3 }") +export NEUTRON_HOST=$(juju status --format=short | awk "/neutron-api\/0/ { print \$3 }") +export NOVA_HOST=$(juju status --format=short | awk "/nova-cloud-controller\/0/ { print \$3 }") +EOF +source ~/env.sh +juju scp ~/admin-openrc.sh ubuntu@$CONGRESS_HOST:/home/ubuntu +juju scp ~/env.sh ubuntu@$CONGRESS_HOST:/home/ubuntu + +echo "Copy install_congress_2.sh to the congress server and execute" +juju scp ~/git/copper/components/congress/joid/install_congress_2.sh ubuntu@$CONGRESS_HOST:/home/ubuntu +ssh -x -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no ubuntu@$CONGRESS_HOST "source ~/install_congress_2.sh; exit" + +echo "Install jumphost dependencies" + +echo "Update package repos" +sudo apt-get update + +echo "install pip" +sudo apt-get install python-pip -y + +echo "install other dependencies" +sudo apt-get install apg git gcc python-dev libxml2 libxslt1-dev libzip-dev -y +sudo pip install --upgrade pip virtualenv setuptools pbr tox + +echo "Clone congress" +mkdir ~/git +cd ~/git +git clone https://github.com/openstack/congress.git +cd congress +git checkout stable/liberty + +echo "Create virtualenv" +virtualenv ~/git/congress +source bin/activate + +echo "Install and test OpenStack client" +cd ~/git +git clone https://github.com/openstack/python-openstackclient.git +cd python-openstackclient +git checkout stable/liberty +~/git/congress/bin/pip install -r requirements.txt +~/git/congress/bin/pip install . +openstack service list + +echo "Install and test Congress client" +cd ~/git +git clone https://github.com/openstack/python-congressclient.git +cd python-congressclient +git checkout stable/liberty +~/git/congress/bin/pip install -r requirements.txt +~/git/congress/bin/pip install . +openstack congress driver list + +echo "Install and test Keystone client" +cd ~/git +git clone https://github.com/openstack/python-keystoneclient.git +cd python-keystoneclient +git checkout stable/liberty +~/git/congress/bin/pip install -r requirements.txt +~/git/congress/bin/pip install . + +echo "setup Congress user. TODO: needs update in http://congress.readthedocs.org/en/latest/readme.html#installing-congress" +pip install cliff --upgrade +export ADMIN_ROLE=$(openstack role list | awk "/ admin / { print \$2 }") +export SERVICE_TENANT=$(openstack project list | awk "/ admin / { print \$2 }") +openstack user create --password congress --project admin --email "congress@example.com" congress +export CONGRESS_USER=$(openstack user list | awk "/ congress / { print \$2 }") +openstack role add --user $CONGRESS_USER --project $SERVICE_TENANT $ADMIN_ROLE + +echo "Create Congress service" +openstack service create congress --type "policy" --description "Congress Service" +export CONGRESS_SERVICE=$(openstack service list | awk "/ congress / { print \$2 }") + +echo "Create Congress endpoint" +openstack endpoint create $CONGRESS_SERVICE \ + --region $OS_REGION_NAME \ + --publicurl http://$CONGRESS_HOST:1789/ \ + --adminurl http://$CONGRESS_HOST:1789/ \ + --internalurl http://$CONGRESS_HOST:1789/ + +echo "Start the Congress service" +ssh -x -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no ubuntu@$CONGRESS_HOST "~/git/congress/bin/congress-server &>/dev/null &" + +echo "Wait 30 seconds for Congress service to startup" +sleep 30 + +echo "Create data sources" +# To remove datasources: openstack congress datasource delete <name> +openstack congress datasource create nova "nova" \ + --config username=$OS_USERNAME \ + --config tenant_name=$OS_TENANT_NAME \ + --config password=$OS_PASSWORD \ + --config auth_url=http://$KEYSTONE_HOST:5000/v2.0 +openstack congress datasource create neutronv2 "neutronv2" \ + --config username=$OS_USERNAME \ + --config tenant_name=$OS_TENANT_NAME \ + --config password=$OS_PASSWORD \ + --config auth_url=http://$KEYSTONE_HOST:5000/v2.0 +openstack congress datasource create ceilometer "ceilometer" \ + --config username=$OS_USERNAME \ + --config tenant_name=$OS_TENANT_NAME \ + --config password=$OS_PASSWORD \ + --config auth_url=http://$KEYSTONE_HOST:5000/v2.0 +openstack congress datasource create cinder "cinder" \ + --config username=$OS_USERNAME \ + --config tenant_name=$OS_TENANT_NAME \ + --config password=$OS_PASSWORD \ + --config auth_url=http://$KEYSTONE_HOST:5000/v2.0 +openstack congress datasource create glancev2 "glancev2" \ + --config username=$OS_USERNAME \ + --config tenant_name=$OS_TENANT_NAME \ + --config password=$OS_PASSWORD \ + --config auth_url=http://$KEYSTONE_HOST:5000/v2.0 +openstack congress datasource create keystone "keystone" \ + --config username=$OS_USERNAME \ + --config tenant_name=$OS_TENANT_NAME \ + --config password=$OS_PASSWORD \ + --config auth_url=http://$KEYSTONE_HOST:5000/v2.0 + +echo "Install tox test dependencies" +sudo apt-get install -y libffi-dev libssl-dev + +echo "Run Congress tox Tests" +cd ~/git/congress +tox -epy27 + +set +x #echo off diff --git a/components/congress/install/joid/install_congress_2.sh b/components/congress/install/joid/install_congress_2.sh new file mode 100644 index 0000000..312a0c3 --- /dev/null +++ b/components/congress/install/joid/install_congress_2.sh @@ -0,0 +1,174 @@ +#!/bin/bash +# Copyright 2015-2016 AT&T Intellectual Property, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +# This is script 2 of 2 for installation of Congress on an Ubuntu 14.04 +# LXC container (same as Horizon) in the OPNFV Controller node. +# Prequisite: OPFNV install per https://wiki.opnfv.org/copper/academy/joid +# +# On jumphost: +# Download admin-openrc.sh from Horizon and save in ~ +# source install_congress_1.sh <host> +# (copies install_congress_2.sh to <host> and executes it) +# <hostname> is the name of the host in which to install Congress. +# +# If "horizon", Congress will be installed in the same LXC as Horizon, +# as necessary for the OpenStack Dashboard Policy plugins to work. +# Otherwise provide the node name of the controller node, where Congress +# will be installed in an LXC (NOTE: Policy plugin for OpenStack dashboard +# does not currently get installed for the LXC-based Congress deploy) + +set -x +source ~/admin-openrc.sh <<EOF +openstack +EOF +source ~/env.sh + +echo "Update/upgrade package repos" +sudo apt-get update +#sudo apt-get upgrade -y + +echo "install pip" +sudo apt-get install python-pip -y + +echo "install java" +sudo apt-get install default-jre -y + +echo "install other dependencies" +sudo apt-get install apg git gcc python-dev libxml2 libxslt1-dev libzip-dev -y +sudo pip install --upgrade pip virtualenv setuptools pbr tox + +echo "set mysql root user password and install mysql" +export MYSQL_PASSWORD=$(/usr/bin/apg -n 1 -m 16 -c cl_seed) +sudo debconf-set-selections <<< 'mysql-server mysql-server/root_password password '$MYSQL_PASSWORD +sudo debconf-set-selections <<< 'mysql-server mysql-server/root_password_again password '$MYSQL_PASSWORD +sudo -E apt-get -q -y install mysql-server python-mysqldb + +echo "Clone congress" +mkdir ~/git +cd ~/git +git clone https://github.com/openstack/congress.git +cd congress +git checkout stable/liberty + +echo "Create virtualenv" +virtualenv ~/git/congress +source bin/activate + +echo "Setup Congress" +sudo mkdir -p /etc/congress +sudo chown ubuntu /etc/congress +mkdir -p /etc/congress/snapshot +sudo mkdir /var/log/congress +sudo chown ubuntu /var/log/congress +cp etc/api-paste.ini /etc/congress +cp etc/policy.json /etc/congress + +echo "install requirements.txt and tox dependencies (detected by errors during 'tox -egenconfig')" +sudo apt-get install libffi-dev -y +sudo apt-get install openssl -y +sudo apt-get install libssl-dev -y + +echo "install dependencies of Congress" +cd ~/git/congress +bin/pip install -r requirements.txt +bin/pip install . + +echo "install tox" +bin/pip install tox + +echo "generate congress.conf.sample" +tox -egenconfig + +echo "edit congress.conf.sample as needed" +sed -i -- 's/#verbose = true/verbose = true/g' etc/congress.conf.sample +sed -i -- 's/#log_file = <None>/log_file = congress.log/g' etc/congress.conf.sample +sed -i -- 's/#log_dir = <None>/log_dir = \/var\/log\/congress/g' etc/congress.conf.sample +sed -i -- 's/#bind_host = 0.0.0.0/bind_host = '$CONGRESS_HOST'/g' etc/congress.conf.sample +sed -i -- 's/#policy_path = <None>/policy_path = \/etc\/congress\/snapshot/g' etc/congress.conf.sample +sed -i -- 's/#auth_strategy = keystone/auth_strategy = noauth/g' etc/congress.conf.sample +sed -i -- 's/#drivers =/drivers = congress.datasources.neutronv2_driver.NeutronV2Driver,congress.datasources.glancev2_driver.GlanceV2Driver,congress.datasources.nova_driver.NovaDriver,congress.datasources.keystone_driver.KeystoneDriver,congress.datasources.ceilometer_driver.CeilometerDriver,congress.datasources.cinder_driver.CinderDriver/g' etc/congress.conf.sample +sed -i -- 's/#auth_host = 127.0.0.1/auth_host = '$CONGRESS_HOST'/g' etc/congress.conf.sample +sed -i -- 's/#auth_port = 35357/auth_port = 35357/g' etc/congress.conf.sample +sed -i -- 's/#auth_protocol = https/auth_protocol = http/g' etc/congress.conf.sample +sed -i -- 's/#admin_tenant_name = admin/admin_tenant_name = admin/g' etc/congress.conf.sample +sed -i -- 's/#admin_user = <None>/admin_user = congress/g' etc/congress.conf.sample +sed -i -- 's/#admin_password = <None>/admin_password = congress/g' etc/congress.conf.sample +sed -i -- 's/#connection = <None>/connection = mysql:\/\/ubuntu:'$MYSQL_PASSWORD'@localhost:3306\/congress/g' etc/congress.conf.sample + +echo "copy congress.conf.sample to /etc/congress" +cp etc/congress.conf.sample /etc/congress/congress.conf + +echo "create congress database" +sudo mysql --user=root --password=$MYSQL_PASSWORD -e "CREATE DATABASE congress; GRANT ALL PRIVILEGES ON congress.* TO 'ubuntu@localhost' IDENTIFIED BY '"$MYSQL_PASSWORD"'; GRANT ALL PRIVILEGES ON congress.* TO 'ubuntu'@'%' IDENTIFIED BY '"$MYSQL_PASSWORD"';" + +echo "install congress-db-manage dependencies (detected by errors)" +sudo apt-get build-dep python-mysqldb -y +bin/pip install MySQL-python + +echo "create database schema" +congress-db-manage --config-file /etc/congress/congress.conf upgrade head + +echo "Install Congress client" +cd ~/git +git clone https://github.com/openstack/python-congressclient.git +cd python-congressclient +git checkout stable/liberty +../congress/bin/pip install -r requirements.txt +../congress/bin/pip install . + +function _congress_setup_horizon { + local HORIZON_DIR="/usr/share/openstack-dashboard" + local CONGRESS_HORIZON_DIR="/home/ubuntu/git/congress/contrib/horizon" + sudo cp -r $CONGRESS_HORIZON_DIR/datasources $HORIZON_DIR/openstack_dashboard/dashboards/admin/ + sudo cp -r $CONGRESS_HORIZON_DIR/policies $HORIZON_DIR/openstack_dashboard/dashboards/admin/ + sudo cp -r $CONGRESS_HORIZON_DIR/static $HORIZON_DIR/openstack_dashboard/dashboards/admin/ + sudo cp -r $CONGRESS_HORIZON_DIR/templates $HORIZON_DIR/openstack_dashboard/dashboards/admin/ + sudo cp $CONGRESS_HORIZON_DIR/congress.py $HORIZON_DIR/openstack_dashboard/api/ + sudo cp $CONGRESS_HORIZON_DIR/_50_policy.py $HORIZON_DIR/openstack_dashboard/local/enabled/ + sudo cp $CONGRESS_HORIZON_DIR/_60_policies.py $HORIZON_DIR/openstack_dashboard/local/enabled/ + sudo cp $CONGRESS_HORIZON_DIR/_70_datasources.py $HORIZON_DIR/openstack_dashboard/local/enabled/ + + # For unit tests + sudo sh -c 'echo "python-congressclient" >> '$HORIZON_DIR'/requirements.txt' + sudo sh -c 'echo -e \ +"\n# Load the pluggable dashboard settings"\ +"\nimport openstack_dashboard.local.enabled"\ +"\nfrom openstack_dashboard.utils import settings"\ +"\n\nINSTALLED_APPS = list(INSTALLED_APPS)"\ +"\nsettings.update_dashboards(["\ +"\n openstack_dashboard.local.enabled,"\ +"\n], HORIZON_CONFIG, INSTALLED_APPS)" >> '$HORIZON_DIR'/openstack_dashboard/test/settings.py' + + # Setup alias for django-admin which could be different depending on distro + local django_admin + if type -p django-admin > /dev/null; then + django_admin=django-admin + else + django_admin=django-admin.py + fi + + # Collect and compress static files (e.g., JavaScript, CSS) + DJANGO_SETTINGS_MODULE=openstack_dashboard.settings $django_admin collectstatic --noinput + DJANGO_SETTINGS_MODULE=openstack_dashboard.settings $django_admin compress --force + + # Restart Horizon + sudo service apache2 restart +} +# Commented out as the procedure is not yet working +#echo "Install Horizon Policy plugin" +#_congress_setup_horizon + +set +x #echo off diff --git a/components/congress/install/puppet/lib/puppet/provider/congress_config/ini_setting.rb b/components/congress/install/puppet/lib/puppet/provider/congress_config/ini_setting.rb new file mode 100644 index 0000000..3d324b6 --- /dev/null +++ b/components/congress/install/puppet/lib/puppet/provider/congress_config/ini_setting.rb @@ -0,0 +1,27 @@ +Puppet::Type.type(:congress_config).provide( + :ini_setting, + :parent => Puppet::Type.type(:ini_setting).provider(:ruby) +) do + + def section + resource[:name].split('/', 2).first + end + + def setting + resource[:name].split('/', 2).last + end + + def separator + '=' + end + + def self.file_path + '/etc/congress/congress.conf' + end + + # added for backwards compatibility with older versions of inifile + def file_path + self.class.file_path + end + +end diff --git a/components/congress/install/puppet/lib/puppet/type/congress_config.rb b/components/congress/install/puppet/lib/puppet/type/congress_config.rb new file mode 100644 index 0000000..3b76fc6 --- /dev/null +++ b/components/congress/install/puppet/lib/puppet/type/congress_config.rb @@ -0,0 +1,42 @@ +Puppet::Type.newtype(:congress_config) do + + ensurable + + newparam(:name, :namevar => true) do + desc 'Section/setting name to manage from /etc/congress/congress.conf' + newvalues(/\S+\/\S+/) + end + + newproperty(:value) do + desc 'The value of the setting to be defined.' + munge do |value| + value = value.to_s.strip + value.capitalize! if value =~ /^(true|false)$/i + value + end + + def is_to_s( currentvalue ) + if resource.secret? + return '[old secret redacted]' + else + return currentvalue + end + end + + def should_to_s( newvalue ) + if resource.secret? + return '[new secret redacted]' + else + return newvalue + end + end + end + + newparam(:secret, :boolean => true) do + desc 'Whether to hide the value from Puppet logs. Defaults to `false`.' + + newvalues(:true, :false) + + defaultto false + end +end diff --git a/components/congress/install/puppet/manifests/client.pp b/components/congress/install/puppet/manifests/client.pp new file mode 100644 index 0000000..bb016e4 --- /dev/null +++ b/components/congress/install/puppet/manifests/client.pp @@ -0,0 +1,27 @@ +# == Class: congress::client +# +# Installs congress client. +# +# === Parameters +# +# [*ensure*] +# (optional) Ensure state of the package. +# Defaults to 'present'. +# +class congress::client ( + $ensure = 'present' +) { + + package { 'python-congressclient': + ensure => $ensure, + tag => 'openstack', + } + + if $ensure == 'present' { + include '::openstacklib::openstackclient' + } else { + class { '::openstacklib::openstackclient': + package_ensure => $ensure, + } + } +} diff --git a/components/congress/install/puppet/manifests/config.pp b/components/congress/install/puppet/manifests/config.pp new file mode 100644 index 0000000..0a59d07 --- /dev/null +++ b/components/congress/install/puppet/manifests/config.pp @@ -0,0 +1,30 @@ +# == Class: congress::config +# +# This class is used to manage arbitrary congress configurations. +# +# === Parameters +# +# [*congress_config*] +# (optional) Allow configuration of arbitrary congress configurations. +# The value is an hash of congress_config resources. Example: +# { 'DEFAULT/foo' => { value => 'fooValue'}, +# 'DEFAULT/bar' => { value => 'barValue'} +# } +# In yaml format, Example: +# congress_config: +# DEFAULT/foo: +# value: fooValue +# DEFAULT/bar: +# value: barValue +# +# NOTE: The configuration MUST NOT be already handled by this module +# or Puppet catalog compilation will fail with duplicate resources. +# +class congress::config ( + $congress_config = {}, +) { + + validate_hash($congress_config) + + create_resources('congress_config', $congress_config) +} diff --git a/components/congress/install/puppet/manifests/db.pp b/components/congress/install/puppet/manifests/db.pp new file mode 100644 index 0000000..33dccc4 --- /dev/null +++ b/components/congress/install/puppet/manifests/db.pp @@ -0,0 +1,97 @@ +# == Class: congress::db +# +# Configure the congress database connection +# +# === Parameters +# +# [*database_connection*] +# Url used to connect to database. +# (Optional) Defaults to 'sqlite:////var/lib/congress/congress.sqlite'. +# +# [*database_idle_timeout*] +# Timeout when db connections should be reaped. +# (Optional) Defaults to 3600. +# +# [*database_max_retries*] +# Maximum number of database connection retries during startup. +# Setting -1 implies an infinite retry count. +# (Optional) Defaults to 10. +# +# [*database_retry_interval*] +# Interval between retries of opening a database connection. +# (Optional) Defaults to 10. +# +# [*database_min_pool_size*] +# Minimum number of SQL connections to keep open in a pool. +# (Optional) Defaults to 1. +# +# [*database_max_pool_size*] +# Maximum number of SQL connections to keep open in a pool. +# (Optional) Defaults to 10. +# +# [*database_max_overflow*] +# If set, use this value for max_overflow with sqlalchemy. +# (Optional) Defaults to 20. +# +class congress::db ( + $database_connection = 'sqlite:////var/lib/congress/congress.sqlite', + $database_idle_timeout = 3600, + $database_min_pool_size = 1, + $database_max_pool_size = 10, + $database_max_retries = 10, + $database_retry_interval = 10, + $database_max_overflow = 20, +) { + + # NOTE(spredzy): In order to keep backward compatibility we rely on the pick function + # to use congress::<myparam> if congress::db::<myparam> isn't specified. + $database_connection_real = pick($::congress::database_connection, $database_connection) + $database_idle_timeout_real = pick($::congress::database_idle_timeout, $database_idle_timeout) + $database_min_pool_size_real = pick($::congress::database_min_pool_size, $database_min_pool_size) + $database_max_pool_size_real = pick($::congress::database_max_pool_size, $database_max_pool_size) + $database_max_retries_real = pick($::congress::database_max_retries, $database_max_retries) + $database_retry_interval_real = pick($::congress::database_retry_interval, $database_retry_interval) + $database_max_overflow_real = pick($::congress::database_max_overflow, $database_max_overflow) + + validate_re($database_connection_real, + '(sqlite|mysql|postgresql):\/\/(\S+:\S+@\S+\/\S+)?') + + if $database_connection_real { + case $database_connection_real { + /^mysql:\/\//: { + $backend_package = false + require 'mysql::bindings' + require 'mysql::bindings::python' + } + /^postgresql:\/\//: { + $backend_package = false + require 'postgresql::lib::python' + } + /^sqlite:\/\//: { + $backend_package = $::congress::params::sqlite_package_name + } + default: { + fail('Unsupported backend configured') + } + } + + if $backend_package and !defined(Package[$backend_package]) { + package {'congress-backend-package': + ensure => present, + name => $backend_package, + tag => 'openstack', + } + } + + congress_config { + 'database/connection': value => $database_connection_real, secret => true; + 'database/idle_timeout': value => $database_idle_timeout_real; + 'database/min_pool_size': value => $database_min_pool_size_real; + 'database/max_retries': value => $database_max_retries_real; + 'database/retry_interval': value => $database_retry_interval_real; + 'database/max_pool_size': value => $database_max_pool_size_real; + 'database/max_overflow': value => $database_max_overflow_real; + } + } + +} diff --git a/components/congress/install/puppet/manifests/db/mysql.pp b/components/congress/install/puppet/manifests/db/mysql.pp new file mode 100644 index 0000000..456b812 --- /dev/null +++ b/components/congress/install/puppet/manifests/db/mysql.pp @@ -0,0 +1,69 @@ +# The congress::db::mysql class implements mysql backend for congress +# +# This class can be used to create tables, users and grant +# privelege for a mysql congress database. +# +# == parameters +# +# [*password*] +# (Mandatory) Password to connect to the database. +# Defaults to 'false'. +# +# [*dbname*] +# (Optional) Name of the database. +# Defaults to 'congress'. +# +# [*user*] +# (Optional) User to connect to the database. +# Defaults to 'congress'. +# +# [*host*] +# (Optional) The default source host user is allowed to connect from. +# Defaults to '127.0.0.1' +# +# [*allowed_hosts*] +# (Optional) Other hosts the user is allowed to connect from. +# Defaults to 'undef'. +# +# [*charset*] +# (Optional) The database charset. +# Defaults to 'utf8' +# +# [*collate*] +# (Optional) The database collate. +# Only used with mysql modules >= 2.2. +# Defaults to 'utf8_general_ci' +# +# == Dependencies +# Class['mysql::server'] +# +# == Examples +# +# == Authors +# +# == Copyright +# +class congress::db::mysql( + $password, + $dbname = 'congress', + $user = 'congress', + $host = '127.0.0.1', + $charset = 'utf8', + $collate = 'utf8_general_ci', + $allowed_hosts = undef +) { + + validate_string($password) + + ::openstacklib::db::mysql { 'congress': + user => $user, + password_hash => mysql_password($password), + dbname => $dbname, + host => $host, + charset => $charset, + collate => $collate, + allowed_hosts => $allowed_hosts, + } + + ::Openstacklib::Db::Mysql['congress'] ~> Exec<| title == 'congress-manage db_sync' |> +} diff --git a/components/congress/install/puppet/manifests/db/postgresql.pp b/components/congress/install/puppet/manifests/db/postgresql.pp new file mode 100644 index 0000000..4766eca --- /dev/null +++ b/components/congress/install/puppet/manifests/db/postgresql.pp @@ -0,0 +1,55 @@ +# == Class: congress::db::postgresql +# +# Class that configures postgresql for congress +# Requires the Puppetlabs postgresql module. +# +# === Parameters +# +# [*password*] +# (Required) Password to connect to the database. +# +# [*dbname*] +# (Optional) Name of the database. +# Defaults to 'congress'. +# +# [*user*] +# (Optional) User to connect to the database. +# Defaults to 'congress'. +# +# [*encoding*] +# (Optional) The charset to use for the database. +# Default to undef. +# +# [*privileges*] +# (Optional) Privileges given to the database user. +# Default to 'ALL' +# +# == Dependencies +# +# == Examples +# +# == Authors +# +# == Copyright +# +class congress::db::postgresql( + $password, + $dbname = 'congress', + $user = 'congress', + $encoding = undef, + $privileges = 'ALL', +) { + + Class['congress::db::postgresql'] -> Service<| title == 'congress' |> + + ::openstacklib::db::postgresql { 'congress': + password_hash => postgresql_password($user, $password), + dbname => $dbname, + user => $user, + encoding => $encoding, + privileges => $privileges, + } + + ::Openstacklib::Db::Postgresql['congress'] ~> Exec<| title == 'congress-manage db_sync' |> + +} diff --git a/components/congress/install/puppet/manifests/db/sync.pp b/components/congress/install/puppet/manifests/db/sync.pp new file mode 100644 index 0000000..bb07f7e --- /dev/null +++ b/components/congress/install/puppet/manifests/db/sync.pp @@ -0,0 +1,14 @@ +# +# Class to execute "congress-manage db_sync +# +class congress::db::sync { + exec { 'congress-manage db_sync': + path => '/usr/bin', + user => 'congress', + refreshonly => true, + subscribe => [Package['congress'], congress_config['database/connection']], + require => User['congress'], + } + + Exec['congress-manage db_sync'] ~> Service<| title == 'congress' |> +} diff --git a/components/congress/install/puppet/manifests/init.pp b/components/congress/install/puppet/manifests/init.pp new file mode 100644 index 0000000..a1367c3 --- /dev/null +++ b/components/congress/install/puppet/manifests/init.pp @@ -0,0 +1,410 @@ +# == Class: congress +# +# Module for managing congress config +# +# === Parameters +# +# [*keystone_password*] +# (required) Password used to authentication. +# +# [*package_ensure*] +# (optional) Desired ensure state of packages. +# accepts latest or specific versions. +# Defaults to present. +# +# [*client_package_ensure*] +# (optional) Desired ensure state of the client package. +# accepts latest or specific versions. +# Defaults to present. +# +# [*bind_host*] +# (optional) The IP address that congress binds to. +# Default to '0.0.0.0'. +# +# [*bind_port*] +# (optional) Port that congress binds to. +# Defaults to '1789' +# +# [*verbose*] +# (optional) Rather congress should log at verbose level. +# Defaults to undef. +# +# [*debug*] +# (optional) Rather congress should log at debug level. +# Defaults to undef. +# +# [*auth_type*] +# (optional) Type is authorization being used. +# Defaults to 'keystone' +# +# [*auth_uri*] +# (optional) Complete public Identity API endpoint. +# Defaults to false. +# +# [*identity_uri*] +# (optional) Complete admin Identity API endpoint. +# Defaults to: false +# +# [*keystone_tenant*] +# (optional) Tenant to authenticate to. +# Defaults to services. +# +# [*keystone_user*] +# (optional) User to authenticate as with keystone. +# Defaults to 'congress'. +# +# [*manage_service*] +# (Optional) If Puppet should manage service startup / shutdown. +# Defaults to true. +# +# [*enabled*] +# (optional) If the congress services should be enabled. +# Default to true. +# +# [*database_connection*] +# (optional) Url used to connect to database. +# Defaults to undef. +# +# [*database_idle_timeout*] +# (optional) Timeout when db connections should be reaped. +# Defaults to undef. +# +# [*database_max_retries*] +# (optional) Maximum number of database connection retries during startup. +# Setting -1 implies an infinite retry count. +# (Defaults to undef) +# +# [*database_retry_interval*] +# (optional) Interval between retries of opening a database connection. +# (Defaults to undef) +# +# [*database_min_pool_size*] +# (optional) Minimum number of SQL connections to keep open in a pool. +# Defaults to: undef +# +# [*database_max_pool_size*] +# (optional) Maximum number of SQL connections to keep open in a pool. +# Defaults to: undef +# +# [*database_max_overflow*] +# (optional) If set, use this value for max_overflow with sqlalchemy. +# Defaults to: undef +# +# [*rpc_backend*] +# (Optional) Use these options to configure the RabbitMQ message system. +# Defaults to 'rabbit' +# +# [*control_exchange*] +# (Optional) +# Defaults to 'openstack'. +# +# [*rabbit_host*] +# (Optional) IP or hostname of the rabbit server. +# Defaults to '127.0.0.1' +# +# [*rabbit_port*] +# (Optional) Port of the rabbit server. +# Defaults to 5672. +# +# [*rabbit_hosts*] +# (Optional) Array of host:port (used with HA queues). +# If defined, will remove rabbit_host & rabbit_port parameters from config +# Defaults to undef. +# +# [*rabbit_userid*] +# (Optional) User to connect to the rabbit server. +# Defaults to 'guest' +# +# [*rabbit_password*] +# (Required) Password to connect to the rabbit_server. +# Defaults to empty. Required if using the Rabbit (kombu) +# backend. +# +# [*rabbit_virtual_host*] +# (Optional) Virtual_host to use. +# Defaults to '/' +# +# [*rabbit_heartbeat_timeout_threshold*] +# (optional) Number of seconds after which the RabbitMQ broker is considered +# down if the heartbeat keepalive fails. Any value >0 enables heartbeats. +# Heartbeating helps to ensure the TCP connection to RabbitMQ isn't silently +# closed, resulting in missed or lost messages from the queue. +# (Requires kombu >= 3.0.7 and amqp >= 1.4.0) +# Defaults to 0 +# +# [*rabbit_heartbeat_rate*] +# (optional) How often during the rabbit_heartbeat_timeout_threshold period to +# check the heartbeat on RabbitMQ connection. (i.e. rabbit_heartbeat_rate=2 +# when rabbit_heartbeat_timeout_threshold=60, the heartbeat will be checked +# every 30 seconds. +# Defaults to 2 +# +# [*rabbit_use_ssl*] +# (optional) Connect over SSL for RabbitMQ +# Defaults to false +# +# [*kombu_ssl_ca_certs*] +# (optional) SSL certification authority file (valid only if SSL enabled). +# Defaults to $::os_service_default +# +# [*kombu_ssl_certfile*] +# (optional) SSL cert file (valid only if SSL enabled). +# Defaults to $::os_service_default +# +# [*kombu_ssl_keyfile*] +# (optional) SSL key file (valid only if SSL enabled). +# Defaults to $::os_service_default +# +# [*kombu_ssl_version*] +# (optional) SSL version to use (valid only if SSL enabled). +# Valid values are TLSv1, SSLv23 and SSLv3. SSLv2 may be +# available on some distributions. +# Defaults to $::os_service_default +# +# [*kombu_reconnect_delay*] +# (optional) How long to wait before reconnecting in response to an AMQP +# consumer cancel notification. +# Defaults to $::os_service_default +# +# [*amqp_durable_queues*] +# Use durable queues in amqp. +# (Optional) Defaults to false. +# +# [*service_provider*] +# (optional) Provider, that can be used for congress service. +# Default value defined in congress::params for given operation system. +# If you use Pacemaker or another Cluster Resource Manager, you can make +# custom service provider for changing start/stop/status behavior of service, +# and set it here. +# +# [*service_name*] +# (optional) Name of the service that will be providing the +# server functionality of congress. +# Defaults to '$::congress::params::service_name' +# +# [*sync_db*] +# (Optional) Run db sync on the node. +# Defaults to true +# +# == Dependencies +# None +# +# == Examples +# +# class { 'congress': +# keystone_password => 'congress', +# keystone_tenant => 'service', +# auth_uri => 'http://192.168.122.6:5000/', +# identity_uri => 'http://192.168.122.6:35357/', +# database_connection => 'mysql://congress:password@192.168.122.6/congress', +# rabbit_host => '192.168.122.6', +# rabbit_password => 'guest', +# } +# +# class { 'congress::db::mysql': +# password => 'password', +# host => '192.168.122.6', +# } +# +# class { 'congress::keystone::auth': +# password => 'congress', +# tenant => 'service', +# admin_url => 'http://192.168.122.6:1789', +# internal_url => 'http://192.168.122.6:1789', +# public_url => 'http://192.168.122.6:1789', +# region => 'regionOne', +# } +# +# == Authors +# +# Dan Radez <dradez@redhat.com> +# +# == Copyright +# +# Copyright 2015 Red Hat Inc, unless otherwise noted. +# + +class congress( + $keystone_password, + $package_ensure = 'present', + $client_package_ensure = 'present', + $bind_host = '0.0.0.0', + $bind_port = '1789', + $verbose = undef, + $debug = undef, + $auth_type = 'keystone', + $auth_uri = false, + $identity_uri = false, + $keystone_tenant = 'services', + $keystone_user = 'congress', + $manage_service = true, + $enabled = true, + $database_connection = undef, + $database_idle_timeout = undef, + $database_max_retries = undef, + $database_retry_interval = undef, + $database_min_pool_size = undef, + $database_max_pool_size = undef, + $database_max_overflow = undef, + $rpc_backend = 'rabbit', + $control_exchange = 'congress', + $rabbit_host = '127.0.0.1', + $rabbit_port = 5672, + $rabbit_hosts = false, + $rabbit_virtual_host = '/', + $rabbit_heartbeat_timeout_threshold = 0, + $rabbit_heartbeat_rate = 2, + $rabbit_userid = 'guest', + $rabbit_password = false, + $rabbit_use_ssl = false, + $kombu_ssl_ca_certs = $::os_service_default, + $kombu_ssl_certfile = $::os_service_default, + $kombu_ssl_keyfile = $::os_service_default, + $kombu_ssl_version = $::os_service_default, + $kombu_reconnect_delay = $::os_service_default, + $amqp_durable_queues = false, + $service_provider = $::congress::params::service_provider, + $service_name = $::congress::params::service_name, +) inherits congress::params { + congress_config { + 'DEFAULT/drivers' : value => 'congress.datasources.neutronv2_driver.NeutronV2Driver,congress.datasources.glancev2_driver.GlanceV2Driver,congress.datasources.nova_driver.NovaDriver,congress.datasources. keystone_driver.KeystoneDriver,congress.datasources.ceilometer_driver.CeilometerDriver,congress.datasources.cinder_driver.CinderDriver'; + } + + if $identity_uri { + congress_config { 'keystone_authtoken/identity_uri': value => $identity_uri; } + congress_config { 'keystone_authtoken/auth_url' : value => $identity_uri; } + } else { + congress_config { 'keystone_authtoken/identity_uri': ensure => absent; } + } + + if $auth_uri { + congress_config { 'keystone_authtoken/auth_uri': value => $auth_uri; } + } else { + congress_config { 'keystone_authtoken/auth_uri': ensure => absent; } + } + + if $auth_type == 'keystone' { + congress_config { + 'keystone_authtoken/project_name' : value => $keystone_tenant; + 'keystone_authtoken/username' : value => $keystone_user; + 'keystone_authtoken/password' : value => $keystone_password, secret => true; + } + } + + congress_config<||> ~> Service[$service_name] + congress_config<||> ~> Exec<| title == 'congress-manage db_sync'|> + + include ::congress::db + include ::congress::params + + if $sync_db { + include ::congress::db::sync + Class['::congress::db::sync'] ~> Service[$service_name] + } + if $rpc_backend == 'rabbit' { + + if ! $rabbit_password { + fail('Please specify a rabbit_password parameter.') + } + + congress_config { + 'DEFAULT/rabbit_password': value => $rabbit_password, secret => true; + 'DEFAULT/rabbit_userid': value => $rabbit_userid; + 'DEFAULT/rabbit_virtual_host': value => $rabbit_virtual_host; + 'DEFAULT/control_exchange': value => $control_exchange; + #'DEFAULT/rabbit_use_ssl': value => $rabbit_use_ssl; + #'DEFAULT/kombu_reconnect_delay': value => $kombu_reconnect_delay; + #'DEFAULT/heartbeat_timeout_threshold': value => $rabbit_heartbeat_timeout_threshold; + #'DEFAULT/heartbeat_rate': value => $rabbit_heartbeat_rate; + #'DEFAULT/amqp_durable_queues': value => $amqp_durable_queues; + } + + if $rabbit_use_ssl { + congress_config { + 'DEFAULT/kombu_ssl_version' : value => $kombu_ssl_version; + 'DEFAULT/kombu_ssl_ca_certs' : value => $kombu_ssl_ca_certs; + 'DEFAULT/kombu_ssl_certfile' : value => $kombu_ssl_certfile; + 'DEFAULT/kombu_ssl_keyfile' : value => $kombu_ssl_keyfile; + } + } + + if $rabbit_hosts { + congress_config { 'DEFAULT/rabbit_hosts': value => join($rabbit_hosts, ',') } + congress_config { 'DEFAULT/rabbit_ha_queues': value => true } + congress_config { 'DEFAULT/rabbit_host': ensure => absent } + congress_config { 'DEFAULT/rabbit_port': ensure => absent } + } else { + congress_config { 'DEFAULT/rabbit_host': value => $rabbit_host } + congress_config { 'DEFAULT/rabbit_port': value => $rabbit_port } + congress_config { 'DEFAULT/rabbit_hosts': value => "${rabbit_host}:${rabbit_port}" } + congress_config { 'DEFAULT/rabbit_ha_queues': value => false } + } + + } + + package { 'congress': + ensure => $package_ensure, + name => $::congress::params::package_name, + tag => ['openstack', 'congress-package'], + } + if $client_package_ensure == 'present' { + include '::congress::client' + } else { + class { '::congress::client': + ensure => $client_package_ensure, + } + } + + group { 'congress': + ensure => present, + system => true, + require => Package['congress'], + } + + user { 'congress': + ensure => 'present', + gid => 'congress', + system => true, + require => Package['congress'], + } + + file { ['/etc/congress', '/var/log/congress', '/var/lib/congress']: + ensure => directory, + mode => '0750', + owner => 'congress', + group => 'congress', + require => Package['congress'], + notify => Service[$service_name], + } + + file { '/etc/congress/congress.conf': + ensure => present, + mode => '0600', + owner => 'congress', + group => 'congress', + require => Package['congress'], + notify => Service[$service_name], + } + + congress_config { + 'DEFAULT/bind_host': value => $bind_host; + 'DEFAULT/bind_port': value => $bind_port; + } + + if $manage_service { + if $enabled { + $service_ensure = 'running' + } else { + $service_ensure = 'stopped' + } + } + + class { '::congress::service': + ensure => $service_ensure, + service_name => $service_name, + enable => $enabled, + hasstatus => true, + hasrestart => true, + provider => $service_provider, + } +} diff --git a/components/congress/install/puppet/manifests/keystone/auth.pp b/components/congress/install/puppet/manifests/keystone/auth.pp new file mode 100644 index 0000000..13be1f0 --- /dev/null +++ b/components/congress/install/puppet/manifests/keystone/auth.pp @@ -0,0 +1,93 @@ +# == Class: congress::keystone::auth +# +# Configures congress user, service and endpoint in Keystone. +# +# === Parameters +# +# [*password*] +# (required) Password for congress user. +# +# [*auth_name*] +# Username for congress service. Defaults to 'congress'. +# +# [*email*] +# Email for congress user. Defaults to 'congress@localhost'. +# +# [*tenant*] +# Tenant for congress user. Defaults to 'services'. +# +# [*configure_endpoint*] +# Should congress endpoint be configured? Defaults to 'true'. +# +# [*configure_user*] +# (Optional) Should the service user be configured? +# Defaults to 'true'. +# +# [*configure_user_role*] +# (Optional) Should the admin role be configured for the service user? +# Defaults to 'true'. +# +# [*service_type*] +# Type of service. Defaults to 'NFV'. +# +# [*admin_url*] +# (optional) The endpoint's admin url. (Defaults to 'http://127.0.0.1:1789') +# This url should *not* contain any version or trailing '/'. +# +# [*internal_url*] +# (optional) The endpoint's internal url. (Defaults to 'http://127.0.0.1:1789') +# This url should *not* contain any version or trailing '/'. +# +# [*public_url*] +# (optional) The endpoint's public url. (Defaults to 'http://127.0.0.1:1789') +# This url should *not* contain any version or trailing '/'. +# +# [*region*] +# Region for endpoint. Defaults to 'RegionOne'. +# +# [*service_name*] +# (optional) Name of the service. +# Defaults to the value of auth_name. +# +# +class congress::keystone::auth ( + $password, + $auth_name = 'congress', + $email = 'congress@localhost', + $tenant = 'services', + $configure_endpoint = true, + $configure_user = true, + $configure_user_role = true, + $service_name = undef, + $service_type = 'servicevm', + $admin_url = 'http://127.0.0.1:1789', + $internal_url = 'http://127.0.0.1:1789', + $public_url = 'http://127.0.0.1:1789', + $region = 'RegionOne' +) { + + $real_service_name = pick($service_name, $auth_name) + + if $configure_user_role { + Keystone_user_role["${auth_name}@${tenant}"] ~> Service <| name == 'congress-server' |> + } + Keystone_endpoint["${region}/${real_service_name}"] ~> Service <| name == 'congress-server' |> + + keystone::resource::service_identity { 'congress': + configure_user => $configure_user, + configure_user_role => $configure_user_role, + configure_endpoint => $configure_endpoint, + service_name => $real_service_name, + service_type => $service_type, + service_description => 'congress VNF Manager service', + region => $region, + auth_name => $auth_name, + password => $password, + email => $email, + tenant => $tenant, + admin_url => "${admin_url}/", + internal_url => "${internal_url}/", + public_url => "${public_url}/", + } + +} diff --git a/components/congress/install/puppet/manifests/logging.pp b/components/congress/install/puppet/manifests/logging.pp new file mode 100644 index 0000000..7bcdc00 --- /dev/null +++ b/components/congress/install/puppet/manifests/logging.pp @@ -0,0 +1,251 @@ +# Class congress::logging +# +# congress logging configuration +# +# == parameters +# +# [*verbose*] +# (Optional) Should the daemons log verbose messages +# Defaults to false. +# +# [*debug*] +# (Optional) Should the daemons log debug messages +# Defaults to false. +# +# [*use_syslog*] +# (Optional) Use syslog for logging. +# Defaults to false. +# +# [*use_stderr*] +# (optional) Use stderr for logging +# Defaults to true. +# +# [*log_facility*] +# (Optional) Syslog facility to receive log lines. +# Defaults to 'LOG_USER'. +# +# [*log_dir*] +# (optional) Directory where logs should be stored. +# If set to boolean false, it will not log to any directory. +# Defaults to '/var/log/congress'. +# +# [*logging_context_format_string*] +# (optional) Format string to use for log messages with context. +# Defaults to undef. +# Example: '%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s\ +# [%(request_id)s %(user_identity)s] %(instance)s%(message)s' +# +# [*logging_default_format_string*] +# (optional) Format string to use for log messages without context. +# Defaults to undef. +# Example: '%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s\ +# [-] %(instance)s%(message)s' +# +# [*logging_debug_format_suffix*] +# (optional) Formatted data to append to log format when level is DEBUG. +# Defaults to undef. +# Example: '%(funcName)s %(pathname)s:%(lineno)d' +# +# [*logging_exception_prefix*] +# (optional) Prefix each line of exception output with this format. +# Defaults to undef. +# Example: '%(asctime)s.%(msecs)03d %(process)d TRACE %(name)s %(instance)s' +# +# [*log_config_append*] +# The name of an additional logging configuration file. +# Defaults to undef. +# See https://docs.python.org/2/howto/logging.html +# +# [*default_log_levels*] +# (optional) Hash of logger (keys) and level (values) pairs. +# Defaults to undef. +# Example: +# { 'amqp' => 'WARN', 'amqplib' => 'WARN', 'boto' => 'WARN', +# 'qpid' => 'WARN', 'sqlalchemy' => 'WARN', 'suds' => 'INFO', +# 'oslo.messaging' => 'INFO', 'iso8601' => 'WARN', +# 'requests.packages.urllib3.connectionpool' => 'WARN', +# 'urllib3.connectionpool' => 'WARN', +# 'websocket' => 'WARN', 'congressmiddleware' => 'WARN', +# 'routes.middleware' => 'WARN', stevedore => 'WARN' } +# +# [*publish_errors*] +# (optional) Publish error events (boolean value). +# Defaults to undef (false if unconfigured). +# +# [*fatal_deprecations*] +# (optional) Make deprecations fatal (boolean value) +# Defaults to undef (false if unconfigured). +# +# [*instance_format*] +# (optional) If an instance is passed with the log message, format it +# like this (string value). +# Defaults to undef. +# Example: '[instance: %(uuid)s] ' +# +# [*instance_uuid_format*] +# (optional) If an instance UUID is passed with the log message, format +# it like this (string value). +# Defaults to undef. +# Example: instance_uuid_format='[instance: %(uuid)s] ' +# +# [*log_date_format*] +# (optional) Format string for %%(asctime)s in log records. +# Defaults to undef. +# Example: 'Y-%m-%d %H:%M:%S' + +class congress::logging( + $use_syslog = false, + $use_stderr = true, + $log_facility = 'LOG_USER', + $log_dir = '/var/log/congress', + $verbose = false, + $debug = false, + $logging_context_format_string = undef, + $logging_default_format_string = undef, + $logging_debug_format_suffix = undef, + $logging_exception_prefix = undef, + $log_config_append = undef, + $default_log_levels = undef, + $publish_errors = undef, + $fatal_deprecations = undef, + $instance_format = undef, + $instance_uuid_format = undef, + $log_date_format = undef, +) { + + congress_config { + 'DEFAULT/use_syslog' : value => $use_syslog; + 'DEFAULT/use_stderr' : value => $use_stderr; + 'DEFAULT/log_dir' : value => $log_dir; + 'DEFAULT/verbose' : value => $verbose; + 'DEFAULT/debug' : value => $debug; + 'DEFAULT/syslog_log_facility' : value => $log_facility; + } + + if $logging_context_format_string { + congress_config { + 'DEFAULT/logging_context_format_string' : + value => $logging_context_format_string; + } + } + else { + congress_config { + 'DEFAULT/logging_context_format_string' : ensure => absent; + } + } + + if $logging_default_format_string { + congress_config { + 'DEFAULT/logging_default_format_string' : + value => $logging_default_format_string; + } + } + else { + congress_config { + 'DEFAULT/logging_default_format_string' : ensure => absent; + } + } + + if $logging_debug_format_suffix { + congress_config { + 'DEFAULT/logging_debug_format_suffix' : + value => $logging_debug_format_suffix; + } + } + else { + congress_config { + 'DEFAULT/logging_debug_format_suffix' : ensure => absent; + } + } + + if $logging_exception_prefix { + congress_config { + 'DEFAULT/logging_exception_prefix' : value => $logging_exception_prefix; + } + } + else { + congress_config { + 'DEFAULT/logging_exception_prefix' : ensure => absent; + } + } + + if $log_config_append { + congress_config { + 'DEFAULT/log_config_append' : value => $log_config_append; + } + } + else { + congress_config { + 'DEFAULT/log_config_append' : ensure => absent; + } + } + + if $default_log_levels { + congress_config { + 'DEFAULT/default_log_levels' : + value => join(sort(join_keys_to_values($default_log_levels, '=')), ','); + } + } + else { + congress_config { + 'DEFAULT/default_log_levels' : ensure => absent; + } + } + + if $publish_errors { + congress_config { + 'DEFAULT/publish_errors' : value => $publish_errors; + } + } + else { + congress_config { + 'DEFAULT/publish_errors' : ensure => absent; + } + } + + if $fatal_deprecations { + congress_config { + 'DEFAULT/fatal_deprecations' : value => $fatal_deprecations; + } + } + else { + congress_config { + 'DEFAULT/fatal_deprecations' : ensure => absent; + } + } + + if $instance_format { + congress_config { + 'DEFAULT/instance_format' : value => $instance_format; + } + } + else { + congress_config { + 'DEFAULT/instance_format' : ensure => absent; + } + } + + if $instance_uuid_format { + congress_config { + 'DEFAULT/instance_uuid_format' : value => $instance_uuid_format; + } + } + else { + congress_config { + 'DEFAULT/instance_uuid_format' : ensure => absent; + } + } + + if $log_date_format { + congress_config { + 'DEFAULT/log_date_format' : value => $log_date_format; + } + } + else { + congress_config { + 'DEFAULT/log_date_format' : ensure => absent; + } + } + + +} diff --git a/components/congress/install/puppet/manifests/params.pp b/components/congress/install/puppet/manifests/params.pp new file mode 100644 index 0000000..f2ceed0 --- /dev/null +++ b/components/congress/install/puppet/manifests/params.pp @@ -0,0 +1,31 @@ +# +# This class contains the platform differences for congress +# +class congress::params { + $client_package_name = 'python-congressclient' + + case $::osfamily { + 'Debian': { + $package_name = 'congress' + $service_name = 'congress' + $python_memcache_package_name = 'python-memcache' + $sqlite_package_name = 'python-pysqlite2' + $paste_config = undef + case $::operatingsystem { + 'Debian': { + $service_provider = undef + } + default: { + $service_provider = 'upstart' + } + } + } + 'RedHat': { + $package_name = 'openstack-congress' + $service_name = 'openstack-congress' + $python_memcache_package_name = 'python-memcached' + $sqlite_package_name = undef + $service_provider = undef + } + } +} diff --git a/components/congress/install/puppet/manifests/policy.pp b/components/congress/install/puppet/manifests/policy.pp new file mode 100644 index 0000000..cdca472 --- /dev/null +++ b/components/congress/install/puppet/manifests/policy.pp @@ -0,0 +1,39 @@ +# == Class: congress::policy +# +# Configure the congress policies +# +# === Parameters +# +# [*policies*] +# (optional) Set of policies to configure for congress +# Example : +# { +# 'congress-context_is_admin' => { +# 'key' => 'context_is_admin', +# 'value' => 'true' +# }, +# 'congress-default' => { +# 'key' => 'default', +# 'value' => 'rule:admin_or_owner' +# } +# } +# Defaults to empty hash. +# +# [*policy_path*] +# (optional) Path to the nova policy.json file +# Defaults to /etc/congress/policy.json +# +class congress::policy ( + $policies = {}, + $policy_path = '/etc/congress/policy.json', +) { + + validate_hash($policies) + + Openstacklib::Policy::Base { + file_path => $policy_path, + } + + create_resources('openstacklib::policy::base', $policies) + +} diff --git a/components/congress/install/puppet/manifests/service.pp b/components/congress/install/puppet/manifests/service.pp new file mode 100644 index 0000000..f802e9a --- /dev/null +++ b/components/congress/install/puppet/manifests/service.pp @@ -0,0 +1,55 @@ +# == Class congress::service +# +# Encapsulates the congress service to a class. +# This allows resources that require congress to +# require this class, which can optionally +# validate that the service can actually accept +# connections. +# +# === Parameters +# +# [*ensure*] +# (optional) The desired state of the congress service +# Defaults to undef +# +# [*service_name*] +# (optional) The name of the congress service +# Defaults to $::congress::params::service_name +# +# [*enable*] +# (optional) Whether to enable the congress service +# Defaults to true +# +# [*hasstatus*] +# (optional) Whether the congress service has status +# Defaults to true +# +# [*hasrestart*] +# (optional) Whether the congress service has restart +# Defaults to true +# +# [*provider*] +# (optional) Provider for congress service +# Defaults to $::congress::params::service_provider +# +class congress::service( + $ensure = undef, + $service_name = $::congress::params::service_name, + $enable = true, + $hasstatus = true, + $hasrestart = true, + $provider = $::congress::params::service_provider, +) { + include ::congress::params + + service { 'congress': + ensure => $ensure, + name => $service_name, + enable => $enable, + hasstatus => $hasstatus, + hasrestart => $hasrestart, + provider => $provider, + tag => 'congress-service', + } + +} diff --git a/components/congress/install/puppet/metadata.json b/components/congress/install/puppet/metadata.json new file mode 100644 index 0000000..e94dd68 --- /dev/null +++ b/components/congress/install/puppet/metadata.json @@ -0,0 +1,34 @@ +{ + "name": "puppet-congress", + "version": "0.0.1", + "author": "OpenStack Contributors", + "summary": "Puppet module for OpenStack congress", + "license": "Apache-2.0", + "source": "git://github.com/openstack/puppet-congress.git", + "project_page": "https://launchpad.net/puppet-congress", + "issues_url": "https://bugs.launchpad.net/puppet-congress", + "description": "Installs and configures OpenStack congress.", + "operatingsystem_support": [ + { + "operatingsystem": "Debian", + "operatingsystemrelease": ["8"] + }, + { + "operatingsystem": "Fedora", + "operatingsystemrelease": ["21","22"] + }, + { + "operatingsystem": "RedHat", + "operatingsystemrelease": ["7"] + }, + { + "operatingsystem": "Ubuntu", + "operatingsystemrelease": ["14.04"] + } + ], + "dependencies": [ + { "name": "puppetlabs/inifile", "version_requirement": ">=1.0.0 <2.0.0" }, + { "name": "puppetlabs/stdlib", "version_requirement": ">= 4.2.0 <5.0.0" }, + { "name": "stackforge/openstacklib", "version_requirement": ">=5.0.0 <6.0.0" } + ] +} diff --git a/components/congress/install/puppet/spec/classes/congress_db_mysql_spec.rb b/components/congress/install/puppet/spec/classes/congress_db_mysql_spec.rb new file mode 100644 index 0000000..6370bac --- /dev/null +++ b/components/congress/install/puppet/spec/classes/congress_db_mysql_spec.rb @@ -0,0 +1,62 @@ +require 'spec_helper' + +describe 'congress::db::mysql' do + + let :pre_condition do + [ + 'include mysql::server', + 'include congress::db::sync' + ] + end + + let :facts do + { :osfamily => 'Debian' } + end + + let :params do + { + 'password' => 'fooboozoo_default_password', + } + end + + describe 'with only required params' do + it { is_expected.to contain_openstacklib__db__mysql('congress').with( + 'user' => 'congress', + 'password_hash' => '*3DDF34A86854A312A8E2C65B506E21C91800D206', + 'dbname' => 'congress', + 'host' => '127.0.0.1', + 'charset' => 'utf8', + :collate => 'utf8_general_ci', + )} + end + + describe "overriding allowed_hosts param to array" do + let :params do + { + :password => 'congresspass', + :allowed_hosts => ['127.0.0.1','%'] + } + end + + end + describe "overriding allowed_hosts param to string" do + let :params do + { + :password => 'congresspass2', + :allowed_hosts => '192.168.1.1' + } + end + + end + + describe "overriding allowed_hosts param equals to host param " do + let :params do + { + :password => 'congresspass2', + :allowed_hosts => '127.0.0.1' + } + end + + end + +end diff --git a/components/congress/install/puppet/spec/classes/congress_db_postgresql_spec.rb b/components/congress/install/puppet/spec/classes/congress_db_postgresql_spec.rb new file mode 100644 index 0000000..74abbdb --- /dev/null +++ b/components/congress/install/puppet/spec/classes/congress_db_postgresql_spec.rb @@ -0,0 +1,58 @@ +require 'spec_helper' + +describe 'congress::db::postgresql' do + + let :req_params do + { :password => 'pw' } + end + + let :pre_condition do + 'include postgresql::server' + end + + context 'on a RedHat osfamily' do + let :facts do + { + :osfamily => 'RedHat', + :operatingsystemrelease => '7.0', + :concat_basedir => '/var/lib/puppet/concat' + } + end + + context 'with only required parameters' do + let :params do + req_params + end + + it { is_expected.to contain_postgresql__server__db('congress').with( + :user => 'congress', + :password => 'md5c530c33636c58ae83ca933f39319273e' + )} + end + + end + + context 'on a Debian osfamily' do + let :facts do + { + :operatingsystemrelease => '7.8', + :operatingsystem => 'Debian', + :osfamily => 'Debian', + :concat_basedir => '/var/lib/puppet/concat' + } + end + + context 'with only required parameters' do + let :params do + req_params + end + + it { is_expected.to contain_postgresql__server__db('congress').with( + :user => 'congress', + :password => 'md5c530c33636c58ae83ca933f39319273e' + )} + end + + end + +end diff --git a/components/congress/install/puppet/spec/classes/congress_db_spec.rb b/components/congress/install/puppet/spec/classes/congress_db_spec.rb new file mode 100644 index 0000000..3b84993 --- /dev/null +++ b/components/congress/install/puppet/spec/classes/congress_db_spec.rb @@ -0,0 +1,78 @@ +require 'spec_helper' + +describe 'congress::db' do + + shared_examples 'congress::db' do + context 'with default parameters' do + it { is_expected.to contain_congress_config('database/connection').with_value('mysql://congress:secrete@localhost:3306/congress') } + it { is_expected.to contain_congress_config('database/idle_timeout').with_value('3600') } + it { is_expected.to contain_congress_config('database/min_pool_size').with_value('1') } + it { is_expected.to contain_congress_config('database/max_retries').with_value('10') } + it { is_expected.to contain_congress_config('database/retry_interval').with_value('10') } + it { is_expected.to contain_congress_config('database/max_pool_size').with_value('10') } + it { is_expected.to contain_congress_config('database/max_overflow').with_value('20') } + end + + context 'with specific parameters' do + let :params do + { :database_connection => 'mysql://congress:congress@localhost/congress', + :database_idle_timeout => '3601', + :database_min_pool_size => '2', + :database_max_retries => '11', + :database_retry_interval => '11', + :database_max_pool_size => '11', + :database_max_overflow => '21', + } + end + + it { is_expected.to contain_congress_config('database/connection').with_value('mysql://congress:congress@localhost/congress') } + it { is_expected.to contain_congress_config('database/idle_timeout').with_value('3601') } + it { is_expected.to contain_congress_config('database/min_pool_size').with_value('2') } + it { is_expected.to contain_congress_config('database/max_retries').with_value('11') } + it { is_expected.to contain_congress_config('database/retry_interval').with_value('11') } + it { is_expected.to contain_congress_config('database/max_pool_size').with_value('11') } + it { is_expected.to contain_congress_config('database/max_overflow').with_value('21') } + end + + context 'with postgresql backend' do + let :params do + { :database_connection => 'postgresql://congress:congress@localhost/congress', } + end + + it 'install the proper backend package' do + is_expected.to contain_package('python-psycopg2').with(:ensure => 'present') + end + + end + + context 'with incorrect database_connection string' do + let :params do + { :database_connection => 'sqlite://congress:congress@localhost/congress', } + end + + it_raises 'a Puppet::Error', /validate_re/ + end + end + + context 'on Debian platforms' do + let :facts do + { :osfamily => 'Debian', + :operatingsystem => 'Debian', + :operatingsystemrelease => 'jessie', + } + end + + it_configures 'congress::db' + end + + context 'on Redhat platforms' do + let :facts do + { :osfamily => 'RedHat', + :operatingsystemrelease => '7.1', + } + end + + it_configures 'congress::db' + end + +end diff --git a/components/congress/install/puppet/spec/classes/congress_keystone_auth_spec.rb b/components/congress/install/puppet/spec/classes/congress_keystone_auth_spec.rb new file mode 100644 index 0000000..3cb7e59 --- /dev/null +++ b/components/congress/install/puppet/spec/classes/congress_keystone_auth_spec.rb @@ -0,0 +1,123 @@ +# +# Unit tests for congress::keystone::auth +# + +require 'spec_helper' + +describe 'congress::keystone::auth' do + + let :facts do + { :osfamily => 'Debian' } + end + + describe 'with default class parameters' do + let :params do + { :password => 'congress_password', + :tenant => 'foobar' } + end + + it { is_expected.to contain_keystone_user('congress').with( + :ensure => 'present', + :password => 'congress_password', + ) } + + it { is_expected.to contain_keystone_user_role('congress@foobar').with( + :ensure => 'present', + :roles => ['admin'] + )} + + it { is_expected.to contain_keystone_service('congress').with( + :ensure => 'present', + :type => 'FIXME', + :description => 'congress FIXME Service' + ) } + + it { is_expected.to contain_keystone_endpoint('RegionOne/congress').with( + :ensure => 'present', + :public_url => 'http://127.0.0.1:FIXME', + :admin_url => 'http://127.0.0.1:FIXME', + :internal_url => 'http://127.0.0.1:FIXME', + ) } + end + + describe 'when overriding URL paramaters' do + let :params do + { :password => 'congress_password', + :public_url => 'https://10.10.10.10:80', + :internal_url => 'http://10.10.10.11:81', + :admin_url => 'http://10.10.10.12:81', } + end + + it { is_expected.to contain_keystone_endpoint('RegionOne/congress').with( + :ensure => 'present', + :public_url => 'https://10.10.10.10:80', + :internal_url => 'http://10.10.10.11:81', + :admin_url => 'http://10.10.10.12:81', + ) } + end + + describe 'when overriding auth name' do + let :params do + { :password => 'foo', + :auth_name => 'congressy' } + end + + it { is_expected.to contain_keystone_user('congressy') } + it { is_expected.to contain_keystone_user_role('congressy@services') } + it { is_expected.to contain_keystone_service('congressy') } + it { is_expected.to contain_keystone_endpoint('RegionOne/congressy') } + end + + describe 'when overriding service name' do + let :params do + { :service_name => 'congress_service', + :auth_name => 'congress', + :password => 'congress_password' } + end + + it { is_expected.to contain_keystone_user('congress') } + it { is_expected.to contain_keystone_user_role('congress@services') } + it { is_expected.to contain_keystone_service('congress_service') } + it { is_expected.to contain_keystone_endpoint('RegionOne/congress_service') } + end + + describe 'when disabling user configuration' do + + let :params do + { + :password => 'congress_password', + :configure_user => false + } + end + + it { is_expected.not_to contain_keystone_user('congress') } + it { is_expected.to contain_keystone_user_role('congress@services') } + it { is_expected.to contain_keystone_service('congress').with( + :ensure => 'present', + :type => 'FIXME', + :description => 'congress FIXME Service' + ) } + + end + + describe 'when disabling user and user role configuration' do + + let :params do + { + :password => 'congress_password', + :configure_user => false, + :configure_user_role => false + } + end + + it { is_expected.not_to contain_keystone_user('congress') } + it { is_expected.not_to contain_keystone_user_role('congress@services') } + it { is_expected.to contain_keystone_service('congress').with( + :ensure => 'present', + :type => 'FIXME', + :description => 'congress FIXME Service' + ) } + + end + +end diff --git a/components/congress/install/puppet/spec/classes/congress_logging_spec.rb b/components/congress/install/puppet/spec/classes/congress_logging_spec.rb new file mode 100644 index 0000000..0bfb994 --- /dev/null +++ b/components/congress/install/puppet/spec/classes/congress_logging_spec.rb @@ -0,0 +1,144 @@ +require 'spec_helper' + +describe 'congress::logging' do + + let :params do + { + } + end + + let :log_params do + { + :logging_context_format_string => '%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s', + :logging_default_format_string => '%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s', + :logging_debug_format_suffix => '%(funcName)s %(pathname)s:%(lineno)d', + :logging_exception_prefix => '%(asctime)s.%(msecs)03d %(process)d TRACE %(name)s %(instance)s', + :log_config_append => '/etc/congress/logging.conf', + :publish_errors => true, + :default_log_levels => { + 'amqp' => 'WARN', 'amqplib' => 'WARN', 'boto' => 'WARN', + 'qpid' => 'WARN', 'sqlalchemy' => 'WARN', 'suds' => 'INFO', + 'iso8601' => 'WARN', + 'requests.packages.urllib3.connectionpool' => 'WARN' }, + :fatal_deprecations => true, + :instance_format => '[instance: %(uuid)s] ', + :instance_uuid_format => '[instance: %(uuid)s] ', + :log_date_format => '%Y-%m-%d %H:%M:%S', + :use_syslog => true, + :use_stderr => false, + :log_facility => 'LOG_FOO', + :log_dir => '/var/log', + :verbose => true, + :debug => true, + } + end + + shared_examples_for 'congress-logging' do + + context 'with basic logging options and default settings' do + it_configures 'basic default logging settings' + end + + context 'with basic logging options and non-default settings' do + before { params.merge!( log_params ) } + it_configures 'basic non-default logging settings' + end + + context 'with extended logging options' do + before { params.merge!( log_params ) } + it_configures 'logging params set' + end + + context 'without extended logging options' do + it_configures 'logging params unset' + end + + end + + shared_examples 'basic default logging settings' do + it 'configures ceilometer logging settins with default values' do + is_expected.to contain_ceilometer_config('DEFAULT/use_syslog').with(:value => 'false') + is_expected.to contain_ceilometer_config('DEFAULT/use_stderr').with(:value => 'true') + is_expected.to contain_ceilometer_config('DEFAULT/syslog_log_facility').with(:value => 'LOG_USER') + is_expected.to contain_ceilometer_config('DEFAULT/log_dir').with(:value => '/var/log/congress') + is_expected.to contain_ceilometer_config('DEFAULT/verbose').with(:value => 'false') + is_expected.to contain_ceilometer_config('DEFAULT/debug').with(:value => 'false') + end + end + + shared_examples 'basic non-default logging settings' do + it 'configures ceilometer logging settins with non-default values' do + is_expected.to contain_ceilometer_config('DEFAULT/use_syslog').with(:value => 'true') + is_expected.to contain_ceilometer_config('DEFAULT/use_stderr').with(:value => 'false') + is_expected.to contain_ceilometer_config('DEFAULT/syslog_log_facility').with(:value => 'LOG_FOO') + is_expected.to contain_ceilometer_config('DEFAULT/log_dir').with(:value => '/var/log') + is_expected.to contain_ceilometer_config('DEFAULT/verbose').with(:value => 'true') + is_expected.to contain_ceilometer_config('DEFAULT/debug').with(:value => 'true') + end + end + + shared_examples_for 'logging params set' do + it 'enables logging params' do + is_expected.to contain_congress_config('DEFAULT/logging_context_format_string').with_value( + '%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s') + + is_expected.to contain_congress_config('DEFAULT/logging_default_format_string').with_value( + '%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s') + + is_expected.to contain_congress_config('DEFAULT/logging_debug_format_suffix').with_value( + '%(funcName)s %(pathname)s:%(lineno)d') + + is_expected.to contain_congress_config('DEFAULT/logging_exception_prefix').with_value( + '%(asctime)s.%(msecs)03d %(process)d TRACE %(name)s %(instance)s') + + is_expected.to contain_congress_config('DEFAULT/log_config_append').with_value( + '/etc/congress/logging.conf') + is_expected.to contain_congress_config('DEFAULT/publish_errors').with_value( + true) + + is_expected.to contain_congress_config('DEFAULT/default_log_levels').with_value( + 'amqp=WARN,amqplib=WARN,boto=WARN,iso8601=WARN,qpid=WARN,requests.packages.urllib3.connectionpool=WARN,sqlalchemy=WARN,suds=INFO') + + is_expected.to contain_congress_config('DEFAULT/fatal_deprecations').with_value( + true) + + is_expected.to contain_congress_config('DEFAULT/instance_format').with_value( + '[instance: %(uuid)s] ') + + is_expected.to contain_congress_config('DEFAULT/instance_uuid_format').with_value( + '[instance: %(uuid)s] ') + + is_expected.to contain_congress_config('DEFAULT/log_date_format').with_value( + '%Y-%m-%d %H:%M:%S') + end + end + + + shared_examples_for 'logging params unset' do + [ :logging_context_format_string, :logging_default_format_string, + :logging_debug_format_suffix, :logging_exception_prefix, + :log_config_append, :publish_errors, + :default_log_levels, :fatal_deprecations, + :instance_format, :instance_uuid_format, + :log_date_format, ].each { |param| + it { is_expected.to contain_congress_config("DEFAULT/#{param}").with_ensure('absent') } + } + end + + context 'on Debian platforms' do + let :facts do + { :osfamily => 'Debian' } + end + + it_configures 'congress-logging' + end + + context 'on RedHat platforms' do + let :facts do + { :osfamily => 'RedHat' } + end + + it_configures 'congress-logging' + end + +end diff --git a/components/congress/install/puppet/spec/classes/congress_policy_spec.rb b/components/congress/install/puppet/spec/classes/congress_policy_spec.rb new file mode 100644 index 0000000..d4e08ca --- /dev/null +++ b/components/congress/install/puppet/spec/classes/congress_policy_spec.rb @@ -0,0 +1,41 @@ +require 'spec_helper' + +describe 'congress::policy' do + + shared_examples_for 'congress policies' do + let :params do + { + :policy_path => '/etc/congress/policy.json', + :policies => { + 'context_is_admin' => { + 'key' => 'context_is_admin', + 'value' => 'foo:bar' + } + } + } + end + + it 'set up the policies' do + is_expected.to contain_openstacklib__policy__base('context_is_admin').with({ + :key => 'context_is_admin', + :value => 'foo:bar' + }) + end + end + + context 'on Debian platforms' do + let :facts do + { :osfamily => 'Debian' } + end + + it_configures 'congress policies' + end + + context 'on RedHat platforms' do + let :facts do + { :osfamily => 'RedHat' } + end + + it_configures 'congress policies' + end +end diff --git a/components/congress/install/puppet/spec/shared_examples.rb b/components/congress/install/puppet/spec/shared_examples.rb new file mode 100644 index 0000000..fec0eac --- /dev/null +++ b/components/congress/install/puppet/spec/shared_examples.rb @@ -0,0 +1,5 @@ +shared_examples_for "a Puppet::Error" do |description| + it "with message matching #{description.inspect}" do + expect { is_expected.to have_class_count(1) }.to raise_error(Puppet::Error, description) + end +end diff --git a/components/congress/install/puppet/spec/unit/provider/congress_config/ini_setting_spec.rb b/components/congress/install/puppet/spec/unit/provider/congress_config/ini_setting_spec.rb new file mode 100644 index 0000000..0c4b9fa --- /dev/null +++ b/components/congress/install/puppet/spec/unit/provider/congress_config/ini_setting_spec.rb @@ -0,0 +1,68 @@ +# +# these tests are a little concerning b/c they are hacking around the +# modulepath, so these tests will not catch issues that may eventually arise +# related to loading these plugins. +# I could not, for the life of me, figure out how to programatcally set the modulepath +$LOAD_PATH.push( + File.join( + File.dirname(__FILE__), + '..', + '..', + '..', + 'fixtures', + 'modules', + 'inifile', + 'lib') +) +$LOAD_PATH.push( + File.join( + File.dirname(__FILE__), + '..', + '..', + '..', + 'fixtures', + 'modules', + 'openstacklib', + 'lib') +) +require 'spec_helper' +provider_class = Puppet::Type.type(:congress_config).provider(:ini_setting) +describe provider_class do + + it 'should default to the default setting when no other one is specified' do + resource = Puppet::Type::congress_config.new( + {:name => 'DEFAULT/foo', :value => 'bar'} + ) + provider = provider_class.new(resource) + expect(provider.section).to eq('DEFAULT') + expect(provider.setting).to eq('foo') + end + + it 'should allow setting to be set explicitly' do + resource = Puppet::Type::congress_config.new( + {:name => 'dude/foo', :value => 'bar'} + ) + provider = provider_class.new(resource) + expect(provider.section).to eq('dude') + expect(provider.setting).to eq('foo') + end + + it 'should ensure absent when <SERVICE DEFAULT> is specified as a value' do + resource = Puppet::Type::congress_config.new( + {:name => 'dude/foo', :value => '<SERVICE DEFAULT>'} + ) + provider = provider_class.new(resource) + provider.exists? + expect(resource[:ensure]).to eq :absent + end + + it 'should ensure absent when value matches ensure_absent_val' do + resource = Puppet::Type::congress_config.new( + {:name => 'dude/foo', :value => 'foo', :ensure_absent_val => 'foo' } + ) + provider = provider_class.new(resource) + provider.exists? + expect(resource[:ensure]).to eq :absent + end + +end diff --git a/components/congress/install/puppet/spec/unit/type/congress_config_spec.rb b/components/congress/install/puppet/spec/unit/type/congress_config_spec.rb new file mode 100644 index 0000000..22a70a1 --- /dev/null +++ b/components/congress/install/puppet/spec/unit/type/congress_config_spec.rb @@ -0,0 +1,64 @@ +require 'puppet' +require 'puppet/type/congress_config' +describe 'Puppet::Type.type(:congress_config)' do + before :each do + @congress_config = Puppet::Type.type(:congress_config).new(:name => 'DEFAULT/foo', :value => 'bar') + end + + it 'should require a name' do + expect { + Puppet::Type.type(:congress_config).new({}) + }.to raise_error(Puppet::Error, 'Title or name must be provided') + end + + it 'should not expect a name with whitespace' do + expect { + Puppet::Type.type(:congress_config).new(:name => 'f oo') + }.to raise_error(Puppet::Error, /Parameter name failed/) + end + + it 'should fail when there is no section' do + expect { + Puppet::Type.type(:congress_config).new(:name => 'foo') + }.to raise_error(Puppet::Error, /Parameter name failed/) + end + + it 'should not require a value when ensure is absent' do + Puppet::Type.type(:congress_config).new(:name => 'DEFAULT/foo', :ensure => :absent) + end + + it 'should accept a valid value' do + @congress_config[:value] = 'bar' + expect(@congress_config[:value]).to eq('bar') + end + + it 'should not accept a value with whitespace' do + @congress_config[:value] = 'b ar' + expect(@congress_config[:value]).to eq('b ar') + end + + it 'should accept valid ensure values' do + @congress_config[:ensure] = :present + expect(@congress_config[:ensure]).to eq(:present) + @congress_config[:ensure] = :absent + expect(@congress_config[:ensure]).to eq(:absent) + end + + it 'should not accept invalid ensure values' do + expect { + @congress_config[:ensure] = :latest + }.to raise_error(Puppet::Error, /Invalid value/) + end + + it 'should autorequire the package that install the file' do + catalog = Puppet::Resource::Catalog.new + package = Puppet::Type.type(:package).new(:name => 'congress-common') + catalog.add_resource package, @congress_config + dependency = @congress_config.autorequire + expect(dependency.size).to eq(1) + expect(dependency[0].target).to eq(@congress_config) + expect(dependency[0].source).to eq(package) + end + + +end diff --git a/components/congress/install/puppet/tests/init.pp b/components/congress/install/puppet/tests/init.pp new file mode 100644 index 0000000..922b1cb --- /dev/null +++ b/components/congress/install/puppet/tests/init.pp @@ -0,0 +1,12 @@ +# The baseline for module testing used by Puppet Labs is that each manifest +# should have a corresponding test manifest that declares that class or defined +# type. +# +# Tests are then run by using puppet apply --noop (to check for compilation +# errors and view a log of events) or by fully applying the test in a virtual +# environment (to compare the resulting system state to the desired state). +# +# Learn more about module testing here: +# http://docs.puppetlabs.com/guides/tests_smoke.html +# +include ::congress |