From 2928ffc921af0ec26ccfda1b973f7eebbc64d88f Mon Sep 17 00:00:00 2001 From: blsaws Date: Wed, 11 May 2016 21:22:03 -0700 Subject: Add baseline puppet module JIRA: COPPER-2 Change-Id: Ieb773594917aeca48ceca4250de9b4aede9961a8 Signed-off-by: blsaws --- .../puppet/provider/congress_config/ini_setting.rb | 27 ++ .../puppet/lib/puppet/type/congress_config.rb | 42 +++ components/congress/puppet/manifests/client.pp | 27 ++ components/congress/puppet/manifests/config.pp | 30 ++ components/congress/puppet/manifests/db.pp | 97 +++++ components/congress/puppet/manifests/db/mysql.pp | 69 ++++ .../congress/puppet/manifests/db/postgresql.pp | 55 +++ components/congress/puppet/manifests/db/sync.pp | 14 + components/congress/puppet/manifests/init.pp | 410 +++++++++++++++++++++ .../congress/puppet/manifests/keystone/auth.pp | 93 +++++ components/congress/puppet/manifests/logging.pp | 251 +++++++++++++ components/congress/puppet/manifests/params.pp | 31 ++ components/congress/puppet/manifests/policy.pp | 39 ++ components/congress/puppet/manifests/service.pp | 55 +++ components/congress/puppet/metadata.json | 34 ++ .../puppet/spec/classes/congress_db_mysql_spec.rb | 62 ++++ .../spec/classes/congress_db_postgresql_spec.rb | 58 +++ .../puppet/spec/classes/congress_db_spec.rb | 78 ++++ .../spec/classes/congress_keystone_auth_spec.rb | 123 +++++++ .../puppet/spec/classes/congress_logging_spec.rb | 144 ++++++++ .../puppet/spec/classes/congress_policy_spec.rb | 41 +++ components/congress/puppet/spec/shared_examples.rb | 5 + .../provider/congress_config/ini_setting_spec.rb | 68 ++++ .../puppet/spec/unit/type/congress_config_spec.rb | 64 ++++ components/congress/puppet/tests/init.pp | 12 + 25 files changed, 1929 insertions(+) create mode 100644 components/congress/puppet/lib/puppet/provider/congress_config/ini_setting.rb create mode 100644 components/congress/puppet/lib/puppet/type/congress_config.rb create mode 100644 components/congress/puppet/manifests/client.pp create mode 100644 components/congress/puppet/manifests/config.pp create mode 100644 components/congress/puppet/manifests/db.pp create mode 100644 components/congress/puppet/manifests/db/mysql.pp create mode 100644 components/congress/puppet/manifests/db/postgresql.pp create mode 100644 components/congress/puppet/manifests/db/sync.pp create mode 100644 components/congress/puppet/manifests/init.pp create mode 100644 components/congress/puppet/manifests/keystone/auth.pp create mode 100644 components/congress/puppet/manifests/logging.pp create mode 100644 components/congress/puppet/manifests/params.pp create mode 100644 components/congress/puppet/manifests/policy.pp create mode 100644 components/congress/puppet/manifests/service.pp create mode 100644 components/congress/puppet/metadata.json create mode 100644 components/congress/puppet/spec/classes/congress_db_mysql_spec.rb create mode 100644 components/congress/puppet/spec/classes/congress_db_postgresql_spec.rb create mode 100644 components/congress/puppet/spec/classes/congress_db_spec.rb create mode 100644 components/congress/puppet/spec/classes/congress_keystone_auth_spec.rb create mode 100644 components/congress/puppet/spec/classes/congress_logging_spec.rb create mode 100644 components/congress/puppet/spec/classes/congress_policy_spec.rb create mode 100644 components/congress/puppet/spec/shared_examples.rb create mode 100644 components/congress/puppet/spec/unit/provider/congress_config/ini_setting_spec.rb create mode 100644 components/congress/puppet/spec/unit/type/congress_config_spec.rb create mode 100644 components/congress/puppet/tests/init.pp (limited to 'components/congress/puppet') diff --git a/components/congress/puppet/lib/puppet/provider/congress_config/ini_setting.rb b/components/congress/puppet/lib/puppet/provider/congress_config/ini_setting.rb new file mode 100644 index 0000000..3d324b6 --- /dev/null +++ b/components/congress/puppet/lib/puppet/provider/congress_config/ini_setting.rb @@ -0,0 +1,27 @@ +Puppet::Type.type(:congress_config).provide( + :ini_setting, + :parent => Puppet::Type.type(:ini_setting).provider(:ruby) +) do + + def section + resource[:name].split('/', 2).first + end + + def setting + resource[:name].split('/', 2).last + end + + def separator + '=' + end + + def self.file_path + '/etc/congress/congress.conf' + end + + # added for backwards compatibility with older versions of inifile + def file_path + self.class.file_path + end + +end diff --git a/components/congress/puppet/lib/puppet/type/congress_config.rb b/components/congress/puppet/lib/puppet/type/congress_config.rb new file mode 100644 index 0000000..3b76fc6 --- /dev/null +++ b/components/congress/puppet/lib/puppet/type/congress_config.rb @@ -0,0 +1,42 @@ +Puppet::Type.newtype(:congress_config) do + + ensurable + + newparam(:name, :namevar => true) do + desc 'Section/setting name to manage from /etc/congress/congress.conf' + newvalues(/\S+\/\S+/) + end + + newproperty(:value) do + desc 'The value of the setting to be defined.' + munge do |value| + value = value.to_s.strip + value.capitalize! if value =~ /^(true|false)$/i + value + end + + def is_to_s( currentvalue ) + if resource.secret? + return '[old secret redacted]' + else + return currentvalue + end + end + + def should_to_s( newvalue ) + if resource.secret? + return '[new secret redacted]' + else + return newvalue + end + end + end + + newparam(:secret, :boolean => true) do + desc 'Whether to hide the value from Puppet logs. Defaults to `false`.' + + newvalues(:true, :false) + + defaultto false + end +end diff --git a/components/congress/puppet/manifests/client.pp b/components/congress/puppet/manifests/client.pp new file mode 100644 index 0000000..bb016e4 --- /dev/null +++ b/components/congress/puppet/manifests/client.pp @@ -0,0 +1,27 @@ +# == Class: congress::client +# +# Installs congress client. +# +# === Parameters +# +# [*ensure*] +# (optional) Ensure state of the package. +# Defaults to 'present'. +# +class congress::client ( + $ensure = 'present' +) { + + package { 'python-congressclient': + ensure => $ensure, + tag => 'openstack', + } + + if $ensure == 'present' { + include '::openstacklib::openstackclient' + } else { + class { '::openstacklib::openstackclient': + package_ensure => $ensure, + } + } +} diff --git a/components/congress/puppet/manifests/config.pp b/components/congress/puppet/manifests/config.pp new file mode 100644 index 0000000..0a59d07 --- /dev/null +++ b/components/congress/puppet/manifests/config.pp @@ -0,0 +1,30 @@ +# == Class: congress::config +# +# This class is used to manage arbitrary congress configurations. +# +# === Parameters +# +# [*congress_config*] +# (optional) Allow configuration of arbitrary congress configurations. +# The value is an hash of congress_config resources. Example: +# { 'DEFAULT/foo' => { value => 'fooValue'}, +# 'DEFAULT/bar' => { value => 'barValue'} +# } +# In yaml format, Example: +# congress_config: +# DEFAULT/foo: +# value: fooValue +# DEFAULT/bar: +# value: barValue +# +# NOTE: The configuration MUST NOT be already handled by this module +# or Puppet catalog compilation will fail with duplicate resources. +# +class congress::config ( + $congress_config = {}, +) { + + validate_hash($congress_config) + + create_resources('congress_config', $congress_config) +} diff --git a/components/congress/puppet/manifests/db.pp b/components/congress/puppet/manifests/db.pp new file mode 100644 index 0000000..33dccc4 --- /dev/null +++ b/components/congress/puppet/manifests/db.pp @@ -0,0 +1,97 @@ +# == Class: congress::db +# +# Configure the congress database connection +# +# === Parameters +# +# [*database_connection*] +# Url used to connect to database. +# (Optional) Defaults to 'sqlite:////var/lib/congress/congress.sqlite'. +# +# [*database_idle_timeout*] +# Timeout when db connections should be reaped. +# (Optional) Defaults to 3600. +# +# [*database_max_retries*] +# Maximum number of database connection retries during startup. +# Setting -1 implies an infinite retry count. +# (Optional) Defaults to 10. +# +# [*database_retry_interval*] +# Interval between retries of opening a database connection. +# (Optional) Defaults to 10. +# +# [*database_min_pool_size*] +# Minimum number of SQL connections to keep open in a pool. +# (Optional) Defaults to 1. +# +# [*database_max_pool_size*] +# Maximum number of SQL connections to keep open in a pool. +# (Optional) Defaults to 10. +# +# [*database_max_overflow*] +# If set, use this value for max_overflow with sqlalchemy. +# (Optional) Defaults to 20. +# +class congress::db ( + $database_connection = 'sqlite:////var/lib/congress/congress.sqlite', + $database_idle_timeout = 3600, + $database_min_pool_size = 1, + $database_max_pool_size = 10, + $database_max_retries = 10, + $database_retry_interval = 10, + $database_max_overflow = 20, +) { + + # NOTE(spredzy): In order to keep backward compatibility we rely on the pick function + # to use congress:: if congress::db:: isn't specified. + $database_connection_real = pick($::congress::database_connection, $database_connection) + $database_idle_timeout_real = pick($::congress::database_idle_timeout, $database_idle_timeout) + $database_min_pool_size_real = pick($::congress::database_min_pool_size, $database_min_pool_size) + $database_max_pool_size_real = pick($::congress::database_max_pool_size, $database_max_pool_size) + $database_max_retries_real = pick($::congress::database_max_retries, $database_max_retries) + $database_retry_interval_real = pick($::congress::database_retry_interval, $database_retry_interval) + $database_max_overflow_real = pick($::congress::database_max_overflow, $database_max_overflow) + + validate_re($database_connection_real, + '(sqlite|mysql|postgresql):\/\/(\S+:\S+@\S+\/\S+)?') + + if $database_connection_real { + case $database_connection_real { + /^mysql:\/\//: { + $backend_package = false + require 'mysql::bindings' + require 'mysql::bindings::python' + } + /^postgresql:\/\//: { + $backend_package = false + require 'postgresql::lib::python' + } + /^sqlite:\/\//: { + $backend_package = $::congress::params::sqlite_package_name + } + default: { + fail('Unsupported backend configured') + } + } + + if $backend_package and !defined(Package[$backend_package]) { + package {'congress-backend-package': + ensure => present, + name => $backend_package, + tag => 'openstack', + } + } + + congress_config { + 'database/connection': value => $database_connection_real, secret => true; + 'database/idle_timeout': value => $database_idle_timeout_real; + 'database/min_pool_size': value => $database_min_pool_size_real; + 'database/max_retries': value => $database_max_retries_real; + 'database/retry_interval': value => $database_retry_interval_real; + 'database/max_pool_size': value => $database_max_pool_size_real; + 'database/max_overflow': value => $database_max_overflow_real; + } + } + +} diff --git a/components/congress/puppet/manifests/db/mysql.pp b/components/congress/puppet/manifests/db/mysql.pp new file mode 100644 index 0000000..456b812 --- /dev/null +++ b/components/congress/puppet/manifests/db/mysql.pp @@ -0,0 +1,69 @@ +# The congress::db::mysql class implements mysql backend for congress +# +# This class can be used to create tables, users and grant +# privelege for a mysql congress database. +# +# == parameters +# +# [*password*] +# (Mandatory) Password to connect to the database. +# Defaults to 'false'. +# +# [*dbname*] +# (Optional) Name of the database. +# Defaults to 'congress'. +# +# [*user*] +# (Optional) User to connect to the database. +# Defaults to 'congress'. +# +# [*host*] +# (Optional) The default source host user is allowed to connect from. +# Defaults to '127.0.0.1' +# +# [*allowed_hosts*] +# (Optional) Other hosts the user is allowed to connect from. +# Defaults to 'undef'. +# +# [*charset*] +# (Optional) The database charset. +# Defaults to 'utf8' +# +# [*collate*] +# (Optional) The database collate. +# Only used with mysql modules >= 2.2. +# Defaults to 'utf8_general_ci' +# +# == Dependencies +# Class['mysql::server'] +# +# == Examples +# +# == Authors +# +# == Copyright +# +class congress::db::mysql( + $password, + $dbname = 'congress', + $user = 'congress', + $host = '127.0.0.1', + $charset = 'utf8', + $collate = 'utf8_general_ci', + $allowed_hosts = undef +) { + + validate_string($password) + + ::openstacklib::db::mysql { 'congress': + user => $user, + password_hash => mysql_password($password), + dbname => $dbname, + host => $host, + charset => $charset, + collate => $collate, + allowed_hosts => $allowed_hosts, + } + + ::Openstacklib::Db::Mysql['congress'] ~> Exec<| title == 'congress-manage db_sync' |> +} diff --git a/components/congress/puppet/manifests/db/postgresql.pp b/components/congress/puppet/manifests/db/postgresql.pp new file mode 100644 index 0000000..4766eca --- /dev/null +++ b/components/congress/puppet/manifests/db/postgresql.pp @@ -0,0 +1,55 @@ +# == Class: congress::db::postgresql +# +# Class that configures postgresql for congress +# Requires the Puppetlabs postgresql module. +# +# === Parameters +# +# [*password*] +# (Required) Password to connect to the database. +# +# [*dbname*] +# (Optional) Name of the database. +# Defaults to 'congress'. +# +# [*user*] +# (Optional) User to connect to the database. +# Defaults to 'congress'. +# +# [*encoding*] +# (Optional) The charset to use for the database. +# Default to undef. +# +# [*privileges*] +# (Optional) Privileges given to the database user. +# Default to 'ALL' +# +# == Dependencies +# +# == Examples +# +# == Authors +# +# == Copyright +# +class congress::db::postgresql( + $password, + $dbname = 'congress', + $user = 'congress', + $encoding = undef, + $privileges = 'ALL', +) { + + Class['congress::db::postgresql'] -> Service<| title == 'congress' |> + + ::openstacklib::db::postgresql { 'congress': + password_hash => postgresql_password($user, $password), + dbname => $dbname, + user => $user, + encoding => $encoding, + privileges => $privileges, + } + + ::Openstacklib::Db::Postgresql['congress'] ~> Exec<| title == 'congress-manage db_sync' |> + +} diff --git a/components/congress/puppet/manifests/db/sync.pp b/components/congress/puppet/manifests/db/sync.pp new file mode 100644 index 0000000..bb07f7e --- /dev/null +++ b/components/congress/puppet/manifests/db/sync.pp @@ -0,0 +1,14 @@ +# +# Class to execute "congress-manage db_sync +# +class congress::db::sync { + exec { 'congress-manage db_sync': + path => '/usr/bin', + user => 'congress', + refreshonly => true, + subscribe => [Package['congress'], congress_config['database/connection']], + require => User['congress'], + } + + Exec['congress-manage db_sync'] ~> Service<| title == 'congress' |> +} diff --git a/components/congress/puppet/manifests/init.pp b/components/congress/puppet/manifests/init.pp new file mode 100644 index 0000000..a1367c3 --- /dev/null +++ b/components/congress/puppet/manifests/init.pp @@ -0,0 +1,410 @@ +# == Class: congress +# +# Module for managing congress config +# +# === Parameters +# +# [*keystone_password*] +# (required) Password used to authentication. +# +# [*package_ensure*] +# (optional) Desired ensure state of packages. +# accepts latest or specific versions. +# Defaults to present. +# +# [*client_package_ensure*] +# (optional) Desired ensure state of the client package. +# accepts latest or specific versions. +# Defaults to present. +# +# [*bind_host*] +# (optional) The IP address that congress binds to. +# Default to '0.0.0.0'. +# +# [*bind_port*] +# (optional) Port that congress binds to. +# Defaults to '1789' +# +# [*verbose*] +# (optional) Rather congress should log at verbose level. +# Defaults to undef. +# +# [*debug*] +# (optional) Rather congress should log at debug level. +# Defaults to undef. +# +# [*auth_type*] +# (optional) Type is authorization being used. +# Defaults to 'keystone' +# +# [*auth_uri*] +# (optional) Complete public Identity API endpoint. +# Defaults to false. +# +# [*identity_uri*] +# (optional) Complete admin Identity API endpoint. +# Defaults to: false +# +# [*keystone_tenant*] +# (optional) Tenant to authenticate to. +# Defaults to services. +# +# [*keystone_user*] +# (optional) User to authenticate as with keystone. +# Defaults to 'congress'. +# +# [*manage_service*] +# (Optional) If Puppet should manage service startup / shutdown. +# Defaults to true. +# +# [*enabled*] +# (optional) If the congress services should be enabled. +# Default to true. +# +# [*database_connection*] +# (optional) Url used to connect to database. +# Defaults to undef. +# +# [*database_idle_timeout*] +# (optional) Timeout when db connections should be reaped. +# Defaults to undef. +# +# [*database_max_retries*] +# (optional) Maximum number of database connection retries during startup. +# Setting -1 implies an infinite retry count. +# (Defaults to undef) +# +# [*database_retry_interval*] +# (optional) Interval between retries of opening a database connection. +# (Defaults to undef) +# +# [*database_min_pool_size*] +# (optional) Minimum number of SQL connections to keep open in a pool. +# Defaults to: undef +# +# [*database_max_pool_size*] +# (optional) Maximum number of SQL connections to keep open in a pool. +# Defaults to: undef +# +# [*database_max_overflow*] +# (optional) If set, use this value for max_overflow with sqlalchemy. +# Defaults to: undef +# +# [*rpc_backend*] +# (Optional) Use these options to configure the RabbitMQ message system. +# Defaults to 'rabbit' +# +# [*control_exchange*] +# (Optional) +# Defaults to 'openstack'. +# +# [*rabbit_host*] +# (Optional) IP or hostname of the rabbit server. +# Defaults to '127.0.0.1' +# +# [*rabbit_port*] +# (Optional) Port of the rabbit server. +# Defaults to 5672. +# +# [*rabbit_hosts*] +# (Optional) Array of host:port (used with HA queues). +# If defined, will remove rabbit_host & rabbit_port parameters from config +# Defaults to undef. +# +# [*rabbit_userid*] +# (Optional) User to connect to the rabbit server. +# Defaults to 'guest' +# +# [*rabbit_password*] +# (Required) Password to connect to the rabbit_server. +# Defaults to empty. Required if using the Rabbit (kombu) +# backend. +# +# [*rabbit_virtual_host*] +# (Optional) Virtual_host to use. +# Defaults to '/' +# +# [*rabbit_heartbeat_timeout_threshold*] +# (optional) Number of seconds after which the RabbitMQ broker is considered +# down if the heartbeat keepalive fails. Any value >0 enables heartbeats. +# Heartbeating helps to ensure the TCP connection to RabbitMQ isn't silently +# closed, resulting in missed or lost messages from the queue. +# (Requires kombu >= 3.0.7 and amqp >= 1.4.0) +# Defaults to 0 +# +# [*rabbit_heartbeat_rate*] +# (optional) How often during the rabbit_heartbeat_timeout_threshold period to +# check the heartbeat on RabbitMQ connection. (i.e. rabbit_heartbeat_rate=2 +# when rabbit_heartbeat_timeout_threshold=60, the heartbeat will be checked +# every 30 seconds. +# Defaults to 2 +# +# [*rabbit_use_ssl*] +# (optional) Connect over SSL for RabbitMQ +# Defaults to false +# +# [*kombu_ssl_ca_certs*] +# (optional) SSL certification authority file (valid only if SSL enabled). +# Defaults to $::os_service_default +# +# [*kombu_ssl_certfile*] +# (optional) SSL cert file (valid only if SSL enabled). +# Defaults to $::os_service_default +# +# [*kombu_ssl_keyfile*] +# (optional) SSL key file (valid only if SSL enabled). +# Defaults to $::os_service_default +# +# [*kombu_ssl_version*] +# (optional) SSL version to use (valid only if SSL enabled). +# Valid values are TLSv1, SSLv23 and SSLv3. SSLv2 may be +# available on some distributions. +# Defaults to $::os_service_default +# +# [*kombu_reconnect_delay*] +# (optional) How long to wait before reconnecting in response to an AMQP +# consumer cancel notification. +# Defaults to $::os_service_default +# +# [*amqp_durable_queues*] +# Use durable queues in amqp. +# (Optional) Defaults to false. +# +# [*service_provider*] +# (optional) Provider, that can be used for congress service. +# Default value defined in congress::params for given operation system. +# If you use Pacemaker or another Cluster Resource Manager, you can make +# custom service provider for changing start/stop/status behavior of service, +# and set it here. +# +# [*service_name*] +# (optional) Name of the service that will be providing the +# server functionality of congress. +# Defaults to '$::congress::params::service_name' +# +# [*sync_db*] +# (Optional) Run db sync on the node. +# Defaults to true +# +# == Dependencies +# None +# +# == Examples +# +# class { 'congress': +# keystone_password => 'congress', +# keystone_tenant => 'service', +# auth_uri => 'http://192.168.122.6:5000/', +# identity_uri => 'http://192.168.122.6:35357/', +# database_connection => 'mysql://congress:password@192.168.122.6/congress', +# rabbit_host => '192.168.122.6', +# rabbit_password => 'guest', +# } +# +# class { 'congress::db::mysql': +# password => 'password', +# host => '192.168.122.6', +# } +# +# class { 'congress::keystone::auth': +# password => 'congress', +# tenant => 'service', +# admin_url => 'http://192.168.122.6:1789', +# internal_url => 'http://192.168.122.6:1789', +# public_url => 'http://192.168.122.6:1789', +# region => 'regionOne', +# } +# +# == Authors +# +# Dan Radez +# +# == Copyright +# +# Copyright 2015 Red Hat Inc, unless otherwise noted. +# + +class congress( + $keystone_password, + $package_ensure = 'present', + $client_package_ensure = 'present', + $bind_host = '0.0.0.0', + $bind_port = '1789', + $verbose = undef, + $debug = undef, + $auth_type = 'keystone', + $auth_uri = false, + $identity_uri = false, + $keystone_tenant = 'services', + $keystone_user = 'congress', + $manage_service = true, + $enabled = true, + $database_connection = undef, + $database_idle_timeout = undef, + $database_max_retries = undef, + $database_retry_interval = undef, + $database_min_pool_size = undef, + $database_max_pool_size = undef, + $database_max_overflow = undef, + $rpc_backend = 'rabbit', + $control_exchange = 'congress', + $rabbit_host = '127.0.0.1', + $rabbit_port = 5672, + $rabbit_hosts = false, + $rabbit_virtual_host = '/', + $rabbit_heartbeat_timeout_threshold = 0, + $rabbit_heartbeat_rate = 2, + $rabbit_userid = 'guest', + $rabbit_password = false, + $rabbit_use_ssl = false, + $kombu_ssl_ca_certs = $::os_service_default, + $kombu_ssl_certfile = $::os_service_default, + $kombu_ssl_keyfile = $::os_service_default, + $kombu_ssl_version = $::os_service_default, + $kombu_reconnect_delay = $::os_service_default, + $amqp_durable_queues = false, + $service_provider = $::congress::params::service_provider, + $service_name = $::congress::params::service_name, +) inherits congress::params { + congress_config { + 'DEFAULT/drivers' : value => 'congress.datasources.neutronv2_driver.NeutronV2Driver,congress.datasources.glancev2_driver.GlanceV2Driver,congress.datasources.nova_driver.NovaDriver,congress.datasources. keystone_driver.KeystoneDriver,congress.datasources.ceilometer_driver.CeilometerDriver,congress.datasources.cinder_driver.CinderDriver'; + } + + if $identity_uri { + congress_config { 'keystone_authtoken/identity_uri': value => $identity_uri; } + congress_config { 'keystone_authtoken/auth_url' : value => $identity_uri; } + } else { + congress_config { 'keystone_authtoken/identity_uri': ensure => absent; } + } + + if $auth_uri { + congress_config { 'keystone_authtoken/auth_uri': value => $auth_uri; } + } else { + congress_config { 'keystone_authtoken/auth_uri': ensure => absent; } + } + + if $auth_type == 'keystone' { + congress_config { + 'keystone_authtoken/project_name' : value => $keystone_tenant; + 'keystone_authtoken/username' : value => $keystone_user; + 'keystone_authtoken/password' : value => $keystone_password, secret => true; + } + } + + congress_config<||> ~> Service[$service_name] + congress_config<||> ~> Exec<| title == 'congress-manage db_sync'|> + + include ::congress::db + include ::congress::params + + if $sync_db { + include ::congress::db::sync + Class['::congress::db::sync'] ~> Service[$service_name] + } + if $rpc_backend == 'rabbit' { + + if ! $rabbit_password { + fail('Please specify a rabbit_password parameter.') + } + + congress_config { + 'DEFAULT/rabbit_password': value => $rabbit_password, secret => true; + 'DEFAULT/rabbit_userid': value => $rabbit_userid; + 'DEFAULT/rabbit_virtual_host': value => $rabbit_virtual_host; + 'DEFAULT/control_exchange': value => $control_exchange; + #'DEFAULT/rabbit_use_ssl': value => $rabbit_use_ssl; + #'DEFAULT/kombu_reconnect_delay': value => $kombu_reconnect_delay; + #'DEFAULT/heartbeat_timeout_threshold': value => $rabbit_heartbeat_timeout_threshold; + #'DEFAULT/heartbeat_rate': value => $rabbit_heartbeat_rate; + #'DEFAULT/amqp_durable_queues': value => $amqp_durable_queues; + } + + if $rabbit_use_ssl { + congress_config { + 'DEFAULT/kombu_ssl_version' : value => $kombu_ssl_version; + 'DEFAULT/kombu_ssl_ca_certs' : value => $kombu_ssl_ca_certs; + 'DEFAULT/kombu_ssl_certfile' : value => $kombu_ssl_certfile; + 'DEFAULT/kombu_ssl_keyfile' : value => $kombu_ssl_keyfile; + } + } + + if $rabbit_hosts { + congress_config { 'DEFAULT/rabbit_hosts': value => join($rabbit_hosts, ',') } + congress_config { 'DEFAULT/rabbit_ha_queues': value => true } + congress_config { 'DEFAULT/rabbit_host': ensure => absent } + congress_config { 'DEFAULT/rabbit_port': ensure => absent } + } else { + congress_config { 'DEFAULT/rabbit_host': value => $rabbit_host } + congress_config { 'DEFAULT/rabbit_port': value => $rabbit_port } + congress_config { 'DEFAULT/rabbit_hosts': value => "${rabbit_host}:${rabbit_port}" } + congress_config { 'DEFAULT/rabbit_ha_queues': value => false } + } + + } + + package { 'congress': + ensure => $package_ensure, + name => $::congress::params::package_name, + tag => ['openstack', 'congress-package'], + } + if $client_package_ensure == 'present' { + include '::congress::client' + } else { + class { '::congress::client': + ensure => $client_package_ensure, + } + } + + group { 'congress': + ensure => present, + system => true, + require => Package['congress'], + } + + user { 'congress': + ensure => 'present', + gid => 'congress', + system => true, + require => Package['congress'], + } + + file { ['/etc/congress', '/var/log/congress', '/var/lib/congress']: + ensure => directory, + mode => '0750', + owner => 'congress', + group => 'congress', + require => Package['congress'], + notify => Service[$service_name], + } + + file { '/etc/congress/congress.conf': + ensure => present, + mode => '0600', + owner => 'congress', + group => 'congress', + require => Package['congress'], + notify => Service[$service_name], + } + + congress_config { + 'DEFAULT/bind_host': value => $bind_host; + 'DEFAULT/bind_port': value => $bind_port; + } + + if $manage_service { + if $enabled { + $service_ensure = 'running' + } else { + $service_ensure = 'stopped' + } + } + + class { '::congress::service': + ensure => $service_ensure, + service_name => $service_name, + enable => $enabled, + hasstatus => true, + hasrestart => true, + provider => $service_provider, + } +} diff --git a/components/congress/puppet/manifests/keystone/auth.pp b/components/congress/puppet/manifests/keystone/auth.pp new file mode 100644 index 0000000..13be1f0 --- /dev/null +++ b/components/congress/puppet/manifests/keystone/auth.pp @@ -0,0 +1,93 @@ +# == Class: congress::keystone::auth +# +# Configures congress user, service and endpoint in Keystone. +# +# === Parameters +# +# [*password*] +# (required) Password for congress user. +# +# [*auth_name*] +# Username for congress service. Defaults to 'congress'. +# +# [*email*] +# Email for congress user. Defaults to 'congress@localhost'. +# +# [*tenant*] +# Tenant for congress user. Defaults to 'services'. +# +# [*configure_endpoint*] +# Should congress endpoint be configured? Defaults to 'true'. +# +# [*configure_user*] +# (Optional) Should the service user be configured? +# Defaults to 'true'. +# +# [*configure_user_role*] +# (Optional) Should the admin role be configured for the service user? +# Defaults to 'true'. +# +# [*service_type*] +# Type of service. Defaults to 'NFV'. +# +# [*admin_url*] +# (optional) The endpoint's admin url. (Defaults to 'http://127.0.0.1:1789') +# This url should *not* contain any version or trailing '/'. +# +# [*internal_url*] +# (optional) The endpoint's internal url. (Defaults to 'http://127.0.0.1:1789') +# This url should *not* contain any version or trailing '/'. +# +# [*public_url*] +# (optional) The endpoint's public url. (Defaults to 'http://127.0.0.1:1789') +# This url should *not* contain any version or trailing '/'. +# +# [*region*] +# Region for endpoint. Defaults to 'RegionOne'. +# +# [*service_name*] +# (optional) Name of the service. +# Defaults to the value of auth_name. +# +# +class congress::keystone::auth ( + $password, + $auth_name = 'congress', + $email = 'congress@localhost', + $tenant = 'services', + $configure_endpoint = true, + $configure_user = true, + $configure_user_role = true, + $service_name = undef, + $service_type = 'servicevm', + $admin_url = 'http://127.0.0.1:1789', + $internal_url = 'http://127.0.0.1:1789', + $public_url = 'http://127.0.0.1:1789', + $region = 'RegionOne' +) { + + $real_service_name = pick($service_name, $auth_name) + + if $configure_user_role { + Keystone_user_role["${auth_name}@${tenant}"] ~> Service <| name == 'congress-server' |> + } + Keystone_endpoint["${region}/${real_service_name}"] ~> Service <| name == 'congress-server' |> + + keystone::resource::service_identity { 'congress': + configure_user => $configure_user, + configure_user_role => $configure_user_role, + configure_endpoint => $configure_endpoint, + service_name => $real_service_name, + service_type => $service_type, + service_description => 'congress VNF Manager service', + region => $region, + auth_name => $auth_name, + password => $password, + email => $email, + tenant => $tenant, + admin_url => "${admin_url}/", + internal_url => "${internal_url}/", + public_url => "${public_url}/", + } + +} diff --git a/components/congress/puppet/manifests/logging.pp b/components/congress/puppet/manifests/logging.pp new file mode 100644 index 0000000..7bcdc00 --- /dev/null +++ b/components/congress/puppet/manifests/logging.pp @@ -0,0 +1,251 @@ +# Class congress::logging +# +# congress logging configuration +# +# == parameters +# +# [*verbose*] +# (Optional) Should the daemons log verbose messages +# Defaults to false. +# +# [*debug*] +# (Optional) Should the daemons log debug messages +# Defaults to false. +# +# [*use_syslog*] +# (Optional) Use syslog for logging. +# Defaults to false. +# +# [*use_stderr*] +# (optional) Use stderr for logging +# Defaults to true. +# +# [*log_facility*] +# (Optional) Syslog facility to receive log lines. +# Defaults to 'LOG_USER'. +# +# [*log_dir*] +# (optional) Directory where logs should be stored. +# If set to boolean false, it will not log to any directory. +# Defaults to '/var/log/congress'. +# +# [*logging_context_format_string*] +# (optional) Format string to use for log messages with context. +# Defaults to undef. +# Example: '%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s\ +# [%(request_id)s %(user_identity)s] %(instance)s%(message)s' +# +# [*logging_default_format_string*] +# (optional) Format string to use for log messages without context. +# Defaults to undef. +# Example: '%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s\ +# [-] %(instance)s%(message)s' +# +# [*logging_debug_format_suffix*] +# (optional) Formatted data to append to log format when level is DEBUG. +# Defaults to undef. +# Example: '%(funcName)s %(pathname)s:%(lineno)d' +# +# [*logging_exception_prefix*] +# (optional) Prefix each line of exception output with this format. +# Defaults to undef. +# Example: '%(asctime)s.%(msecs)03d %(process)d TRACE %(name)s %(instance)s' +# +# [*log_config_append*] +# The name of an additional logging configuration file. +# Defaults to undef. +# See https://docs.python.org/2/howto/logging.html +# +# [*default_log_levels*] +# (optional) Hash of logger (keys) and level (values) pairs. +# Defaults to undef. +# Example: +# { 'amqp' => 'WARN', 'amqplib' => 'WARN', 'boto' => 'WARN', +# 'qpid' => 'WARN', 'sqlalchemy' => 'WARN', 'suds' => 'INFO', +# 'oslo.messaging' => 'INFO', 'iso8601' => 'WARN', +# 'requests.packages.urllib3.connectionpool' => 'WARN', +# 'urllib3.connectionpool' => 'WARN', +# 'websocket' => 'WARN', 'congressmiddleware' => 'WARN', +# 'routes.middleware' => 'WARN', stevedore => 'WARN' } +# +# [*publish_errors*] +# (optional) Publish error events (boolean value). +# Defaults to undef (false if unconfigured). +# +# [*fatal_deprecations*] +# (optional) Make deprecations fatal (boolean value) +# Defaults to undef (false if unconfigured). +# +# [*instance_format*] +# (optional) If an instance is passed with the log message, format it +# like this (string value). +# Defaults to undef. +# Example: '[instance: %(uuid)s] ' +# +# [*instance_uuid_format*] +# (optional) If an instance UUID is passed with the log message, format +# it like this (string value). +# Defaults to undef. +# Example: instance_uuid_format='[instance: %(uuid)s] ' +# +# [*log_date_format*] +# (optional) Format string for %%(asctime)s in log records. +# Defaults to undef. +# Example: 'Y-%m-%d %H:%M:%S' + +class congress::logging( + $use_syslog = false, + $use_stderr = true, + $log_facility = 'LOG_USER', + $log_dir = '/var/log/congress', + $verbose = false, + $debug = false, + $logging_context_format_string = undef, + $logging_default_format_string = undef, + $logging_debug_format_suffix = undef, + $logging_exception_prefix = undef, + $log_config_append = undef, + $default_log_levels = undef, + $publish_errors = undef, + $fatal_deprecations = undef, + $instance_format = undef, + $instance_uuid_format = undef, + $log_date_format = undef, +) { + + congress_config { + 'DEFAULT/use_syslog' : value => $use_syslog; + 'DEFAULT/use_stderr' : value => $use_stderr; + 'DEFAULT/log_dir' : value => $log_dir; + 'DEFAULT/verbose' : value => $verbose; + 'DEFAULT/debug' : value => $debug; + 'DEFAULT/syslog_log_facility' : value => $log_facility; + } + + if $logging_context_format_string { + congress_config { + 'DEFAULT/logging_context_format_string' : + value => $logging_context_format_string; + } + } + else { + congress_config { + 'DEFAULT/logging_context_format_string' : ensure => absent; + } + } + + if $logging_default_format_string { + congress_config { + 'DEFAULT/logging_default_format_string' : + value => $logging_default_format_string; + } + } + else { + congress_config { + 'DEFAULT/logging_default_format_string' : ensure => absent; + } + } + + if $logging_debug_format_suffix { + congress_config { + 'DEFAULT/logging_debug_format_suffix' : + value => $logging_debug_format_suffix; + } + } + else { + congress_config { + 'DEFAULT/logging_debug_format_suffix' : ensure => absent; + } + } + + if $logging_exception_prefix { + congress_config { + 'DEFAULT/logging_exception_prefix' : value => $logging_exception_prefix; + } + } + else { + congress_config { + 'DEFAULT/logging_exception_prefix' : ensure => absent; + } + } + + if $log_config_append { + congress_config { + 'DEFAULT/log_config_append' : value => $log_config_append; + } + } + else { + congress_config { + 'DEFAULT/log_config_append' : ensure => absent; + } + } + + if $default_log_levels { + congress_config { + 'DEFAULT/default_log_levels' : + value => join(sort(join_keys_to_values($default_log_levels, '=')), ','); + } + } + else { + congress_config { + 'DEFAULT/default_log_levels' : ensure => absent; + } + } + + if $publish_errors { + congress_config { + 'DEFAULT/publish_errors' : value => $publish_errors; + } + } + else { + congress_config { + 'DEFAULT/publish_errors' : ensure => absent; + } + } + + if $fatal_deprecations { + congress_config { + 'DEFAULT/fatal_deprecations' : value => $fatal_deprecations; + } + } + else { + congress_config { + 'DEFAULT/fatal_deprecations' : ensure => absent; + } + } + + if $instance_format { + congress_config { + 'DEFAULT/instance_format' : value => $instance_format; + } + } + else { + congress_config { + 'DEFAULT/instance_format' : ensure => absent; + } + } + + if $instance_uuid_format { + congress_config { + 'DEFAULT/instance_uuid_format' : value => $instance_uuid_format; + } + } + else { + congress_config { + 'DEFAULT/instance_uuid_format' : ensure => absent; + } + } + + if $log_date_format { + congress_config { + 'DEFAULT/log_date_format' : value => $log_date_format; + } + } + else { + congress_config { + 'DEFAULT/log_date_format' : ensure => absent; + } + } + + +} diff --git a/components/congress/puppet/manifests/params.pp b/components/congress/puppet/manifests/params.pp new file mode 100644 index 0000000..f2ceed0 --- /dev/null +++ b/components/congress/puppet/manifests/params.pp @@ -0,0 +1,31 @@ +# +# This class contains the platform differences for congress +# +class congress::params { + $client_package_name = 'python-congressclient' + + case $::osfamily { + 'Debian': { + $package_name = 'congress' + $service_name = 'congress' + $python_memcache_package_name = 'python-memcache' + $sqlite_package_name = 'python-pysqlite2' + $paste_config = undef + case $::operatingsystem { + 'Debian': { + $service_provider = undef + } + default: { + $service_provider = 'upstart' + } + } + } + 'RedHat': { + $package_name = 'openstack-congress' + $service_name = 'openstack-congress' + $python_memcache_package_name = 'python-memcached' + $sqlite_package_name = undef + $service_provider = undef + } + } +} diff --git a/components/congress/puppet/manifests/policy.pp b/components/congress/puppet/manifests/policy.pp new file mode 100644 index 0000000..cdca472 --- /dev/null +++ b/components/congress/puppet/manifests/policy.pp @@ -0,0 +1,39 @@ +# == Class: congress::policy +# +# Configure the congress policies +# +# === Parameters +# +# [*policies*] +# (optional) Set of policies to configure for congress +# Example : +# { +# 'congress-context_is_admin' => { +# 'key' => 'context_is_admin', +# 'value' => 'true' +# }, +# 'congress-default' => { +# 'key' => 'default', +# 'value' => 'rule:admin_or_owner' +# } +# } +# Defaults to empty hash. +# +# [*policy_path*] +# (optional) Path to the nova policy.json file +# Defaults to /etc/congress/policy.json +# +class congress::policy ( + $policies = {}, + $policy_path = '/etc/congress/policy.json', +) { + + validate_hash($policies) + + Openstacklib::Policy::Base { + file_path => $policy_path, + } + + create_resources('openstacklib::policy::base', $policies) + +} diff --git a/components/congress/puppet/manifests/service.pp b/components/congress/puppet/manifests/service.pp new file mode 100644 index 0000000..f802e9a --- /dev/null +++ b/components/congress/puppet/manifests/service.pp @@ -0,0 +1,55 @@ +# == Class congress::service +# +# Encapsulates the congress service to a class. +# This allows resources that require congress to +# require this class, which can optionally +# validate that the service can actually accept +# connections. +# +# === Parameters +# +# [*ensure*] +# (optional) The desired state of the congress service +# Defaults to undef +# +# [*service_name*] +# (optional) The name of the congress service +# Defaults to $::congress::params::service_name +# +# [*enable*] +# (optional) Whether to enable the congress service +# Defaults to true +# +# [*hasstatus*] +# (optional) Whether the congress service has status +# Defaults to true +# +# [*hasrestart*] +# (optional) Whether the congress service has restart +# Defaults to true +# +# [*provider*] +# (optional) Provider for congress service +# Defaults to $::congress::params::service_provider +# +class congress::service( + $ensure = undef, + $service_name = $::congress::params::service_name, + $enable = true, + $hasstatus = true, + $hasrestart = true, + $provider = $::congress::params::service_provider, +) { + include ::congress::params + + service { 'congress': + ensure => $ensure, + name => $service_name, + enable => $enable, + hasstatus => $hasstatus, + hasrestart => $hasrestart, + provider => $provider, + tag => 'congress-service', + } + +} diff --git a/components/congress/puppet/metadata.json b/components/congress/puppet/metadata.json new file mode 100644 index 0000000..e94dd68 --- /dev/null +++ b/components/congress/puppet/metadata.json @@ -0,0 +1,34 @@ +{ + "name": "puppet-congress", + "version": "0.0.1", + "author": "OpenStack Contributors", + "summary": "Puppet module for OpenStack congress", + "license": "Apache-2.0", + "source": "git://github.com/openstack/puppet-congress.git", + "project_page": "https://launchpad.net/puppet-congress", + "issues_url": "https://bugs.launchpad.net/puppet-congress", + "description": "Installs and configures OpenStack congress.", + "operatingsystem_support": [ + { + "operatingsystem": "Debian", + "operatingsystemrelease": ["8"] + }, + { + "operatingsystem": "Fedora", + "operatingsystemrelease": ["21","22"] + }, + { + "operatingsystem": "RedHat", + "operatingsystemrelease": ["7"] + }, + { + "operatingsystem": "Ubuntu", + "operatingsystemrelease": ["14.04"] + } + ], + "dependencies": [ + { "name": "puppetlabs/inifile", "version_requirement": ">=1.0.0 <2.0.0" }, + { "name": "puppetlabs/stdlib", "version_requirement": ">= 4.2.0 <5.0.0" }, + { "name": "stackforge/openstacklib", "version_requirement": ">=5.0.0 <6.0.0" } + ] +} diff --git a/components/congress/puppet/spec/classes/congress_db_mysql_spec.rb b/components/congress/puppet/spec/classes/congress_db_mysql_spec.rb new file mode 100644 index 0000000..6370bac --- /dev/null +++ b/components/congress/puppet/spec/classes/congress_db_mysql_spec.rb @@ -0,0 +1,62 @@ +require 'spec_helper' + +describe 'congress::db::mysql' do + + let :pre_condition do + [ + 'include mysql::server', + 'include congress::db::sync' + ] + end + + let :facts do + { :osfamily => 'Debian' } + end + + let :params do + { + 'password' => 'fooboozoo_default_password', + } + end + + describe 'with only required params' do + it { is_expected.to contain_openstacklib__db__mysql('congress').with( + 'user' => 'congress', + 'password_hash' => '*3DDF34A86854A312A8E2C65B506E21C91800D206', + 'dbname' => 'congress', + 'host' => '127.0.0.1', + 'charset' => 'utf8', + :collate => 'utf8_general_ci', + )} + end + + describe "overriding allowed_hosts param to array" do + let :params do + { + :password => 'congresspass', + :allowed_hosts => ['127.0.0.1','%'] + } + end + + end + describe "overriding allowed_hosts param to string" do + let :params do + { + :password => 'congresspass2', + :allowed_hosts => '192.168.1.1' + } + end + + end + + describe "overriding allowed_hosts param equals to host param " do + let :params do + { + :password => 'congresspass2', + :allowed_hosts => '127.0.0.1' + } + end + + end + +end diff --git a/components/congress/puppet/spec/classes/congress_db_postgresql_spec.rb b/components/congress/puppet/spec/classes/congress_db_postgresql_spec.rb new file mode 100644 index 0000000..74abbdb --- /dev/null +++ b/components/congress/puppet/spec/classes/congress_db_postgresql_spec.rb @@ -0,0 +1,58 @@ +require 'spec_helper' + +describe 'congress::db::postgresql' do + + let :req_params do + { :password => 'pw' } + end + + let :pre_condition do + 'include postgresql::server' + end + + context 'on a RedHat osfamily' do + let :facts do + { + :osfamily => 'RedHat', + :operatingsystemrelease => '7.0', + :concat_basedir => '/var/lib/puppet/concat' + } + end + + context 'with only required parameters' do + let :params do + req_params + end + + it { is_expected.to contain_postgresql__server__db('congress').with( + :user => 'congress', + :password => 'md5c530c33636c58ae83ca933f39319273e' + )} + end + + end + + context 'on a Debian osfamily' do + let :facts do + { + :operatingsystemrelease => '7.8', + :operatingsystem => 'Debian', + :osfamily => 'Debian', + :concat_basedir => '/var/lib/puppet/concat' + } + end + + context 'with only required parameters' do + let :params do + req_params + end + + it { is_expected.to contain_postgresql__server__db('congress').with( + :user => 'congress', + :password => 'md5c530c33636c58ae83ca933f39319273e' + )} + end + + end + +end diff --git a/components/congress/puppet/spec/classes/congress_db_spec.rb b/components/congress/puppet/spec/classes/congress_db_spec.rb new file mode 100644 index 0000000..3b84993 --- /dev/null +++ b/components/congress/puppet/spec/classes/congress_db_spec.rb @@ -0,0 +1,78 @@ +require 'spec_helper' + +describe 'congress::db' do + + shared_examples 'congress::db' do + context 'with default parameters' do + it { is_expected.to contain_congress_config('database/connection').with_value('mysql://congress:secrete@localhost:3306/congress') } + it { is_expected.to contain_congress_config('database/idle_timeout').with_value('3600') } + it { is_expected.to contain_congress_config('database/min_pool_size').with_value('1') } + it { is_expected.to contain_congress_config('database/max_retries').with_value('10') } + it { is_expected.to contain_congress_config('database/retry_interval').with_value('10') } + it { is_expected.to contain_congress_config('database/max_pool_size').with_value('10') } + it { is_expected.to contain_congress_config('database/max_overflow').with_value('20') } + end + + context 'with specific parameters' do + let :params do + { :database_connection => 'mysql://congress:congress@localhost/congress', + :database_idle_timeout => '3601', + :database_min_pool_size => '2', + :database_max_retries => '11', + :database_retry_interval => '11', + :database_max_pool_size => '11', + :database_max_overflow => '21', + } + end + + it { is_expected.to contain_congress_config('database/connection').with_value('mysql://congress:congress@localhost/congress') } + it { is_expected.to contain_congress_config('database/idle_timeout').with_value('3601') } + it { is_expected.to contain_congress_config('database/min_pool_size').with_value('2') } + it { is_expected.to contain_congress_config('database/max_retries').with_value('11') } + it { is_expected.to contain_congress_config('database/retry_interval').with_value('11') } + it { is_expected.to contain_congress_config('database/max_pool_size').with_value('11') } + it { is_expected.to contain_congress_config('database/max_overflow').with_value('21') } + end + + context 'with postgresql backend' do + let :params do + { :database_connection => 'postgresql://congress:congress@localhost/congress', } + end + + it 'install the proper backend package' do + is_expected.to contain_package('python-psycopg2').with(:ensure => 'present') + end + + end + + context 'with incorrect database_connection string' do + let :params do + { :database_connection => 'sqlite://congress:congress@localhost/congress', } + end + + it_raises 'a Puppet::Error', /validate_re/ + end + end + + context 'on Debian platforms' do + let :facts do + { :osfamily => 'Debian', + :operatingsystem => 'Debian', + :operatingsystemrelease => 'jessie', + } + end + + it_configures 'congress::db' + end + + context 'on Redhat platforms' do + let :facts do + { :osfamily => 'RedHat', + :operatingsystemrelease => '7.1', + } + end + + it_configures 'congress::db' + end + +end diff --git a/components/congress/puppet/spec/classes/congress_keystone_auth_spec.rb b/components/congress/puppet/spec/classes/congress_keystone_auth_spec.rb new file mode 100644 index 0000000..3cb7e59 --- /dev/null +++ b/components/congress/puppet/spec/classes/congress_keystone_auth_spec.rb @@ -0,0 +1,123 @@ +# +# Unit tests for congress::keystone::auth +# + +require 'spec_helper' + +describe 'congress::keystone::auth' do + + let :facts do + { :osfamily => 'Debian' } + end + + describe 'with default class parameters' do + let :params do + { :password => 'congress_password', + :tenant => 'foobar' } + end + + it { is_expected.to contain_keystone_user('congress').with( + :ensure => 'present', + :password => 'congress_password', + ) } + + it { is_expected.to contain_keystone_user_role('congress@foobar').with( + :ensure => 'present', + :roles => ['admin'] + )} + + it { is_expected.to contain_keystone_service('congress').with( + :ensure => 'present', + :type => 'FIXME', + :description => 'congress FIXME Service' + ) } + + it { is_expected.to contain_keystone_endpoint('RegionOne/congress').with( + :ensure => 'present', + :public_url => 'http://127.0.0.1:FIXME', + :admin_url => 'http://127.0.0.1:FIXME', + :internal_url => 'http://127.0.0.1:FIXME', + ) } + end + + describe 'when overriding URL paramaters' do + let :params do + { :password => 'congress_password', + :public_url => 'https://10.10.10.10:80', + :internal_url => 'http://10.10.10.11:81', + :admin_url => 'http://10.10.10.12:81', } + end + + it { is_expected.to contain_keystone_endpoint('RegionOne/congress').with( + :ensure => 'present', + :public_url => 'https://10.10.10.10:80', + :internal_url => 'http://10.10.10.11:81', + :admin_url => 'http://10.10.10.12:81', + ) } + end + + describe 'when overriding auth name' do + let :params do + { :password => 'foo', + :auth_name => 'congressy' } + end + + it { is_expected.to contain_keystone_user('congressy') } + it { is_expected.to contain_keystone_user_role('congressy@services') } + it { is_expected.to contain_keystone_service('congressy') } + it { is_expected.to contain_keystone_endpoint('RegionOne/congressy') } + end + + describe 'when overriding service name' do + let :params do + { :service_name => 'congress_service', + :auth_name => 'congress', + :password => 'congress_password' } + end + + it { is_expected.to contain_keystone_user('congress') } + it { is_expected.to contain_keystone_user_role('congress@services') } + it { is_expected.to contain_keystone_service('congress_service') } + it { is_expected.to contain_keystone_endpoint('RegionOne/congress_service') } + end + + describe 'when disabling user configuration' do + + let :params do + { + :password => 'congress_password', + :configure_user => false + } + end + + it { is_expected.not_to contain_keystone_user('congress') } + it { is_expected.to contain_keystone_user_role('congress@services') } + it { is_expected.to contain_keystone_service('congress').with( + :ensure => 'present', + :type => 'FIXME', + :description => 'congress FIXME Service' + ) } + + end + + describe 'when disabling user and user role configuration' do + + let :params do + { + :password => 'congress_password', + :configure_user => false, + :configure_user_role => false + } + end + + it { is_expected.not_to contain_keystone_user('congress') } + it { is_expected.not_to contain_keystone_user_role('congress@services') } + it { is_expected.to contain_keystone_service('congress').with( + :ensure => 'present', + :type => 'FIXME', + :description => 'congress FIXME Service' + ) } + + end + +end diff --git a/components/congress/puppet/spec/classes/congress_logging_spec.rb b/components/congress/puppet/spec/classes/congress_logging_spec.rb new file mode 100644 index 0000000..0bfb994 --- /dev/null +++ b/components/congress/puppet/spec/classes/congress_logging_spec.rb @@ -0,0 +1,144 @@ +require 'spec_helper' + +describe 'congress::logging' do + + let :params do + { + } + end + + let :log_params do + { + :logging_context_format_string => '%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s', + :logging_default_format_string => '%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s', + :logging_debug_format_suffix => '%(funcName)s %(pathname)s:%(lineno)d', + :logging_exception_prefix => '%(asctime)s.%(msecs)03d %(process)d TRACE %(name)s %(instance)s', + :log_config_append => '/etc/congress/logging.conf', + :publish_errors => true, + :default_log_levels => { + 'amqp' => 'WARN', 'amqplib' => 'WARN', 'boto' => 'WARN', + 'qpid' => 'WARN', 'sqlalchemy' => 'WARN', 'suds' => 'INFO', + 'iso8601' => 'WARN', + 'requests.packages.urllib3.connectionpool' => 'WARN' }, + :fatal_deprecations => true, + :instance_format => '[instance: %(uuid)s] ', + :instance_uuid_format => '[instance: %(uuid)s] ', + :log_date_format => '%Y-%m-%d %H:%M:%S', + :use_syslog => true, + :use_stderr => false, + :log_facility => 'LOG_FOO', + :log_dir => '/var/log', + :verbose => true, + :debug => true, + } + end + + shared_examples_for 'congress-logging' do + + context 'with basic logging options and default settings' do + it_configures 'basic default logging settings' + end + + context 'with basic logging options and non-default settings' do + before { params.merge!( log_params ) } + it_configures 'basic non-default logging settings' + end + + context 'with extended logging options' do + before { params.merge!( log_params ) } + it_configures 'logging params set' + end + + context 'without extended logging options' do + it_configures 'logging params unset' + end + + end + + shared_examples 'basic default logging settings' do + it 'configures ceilometer logging settins with default values' do + is_expected.to contain_ceilometer_config('DEFAULT/use_syslog').with(:value => 'false') + is_expected.to contain_ceilometer_config('DEFAULT/use_stderr').with(:value => 'true') + is_expected.to contain_ceilometer_config('DEFAULT/syslog_log_facility').with(:value => 'LOG_USER') + is_expected.to contain_ceilometer_config('DEFAULT/log_dir').with(:value => '/var/log/congress') + is_expected.to contain_ceilometer_config('DEFAULT/verbose').with(:value => 'false') + is_expected.to contain_ceilometer_config('DEFAULT/debug').with(:value => 'false') + end + end + + shared_examples 'basic non-default logging settings' do + it 'configures ceilometer logging settins with non-default values' do + is_expected.to contain_ceilometer_config('DEFAULT/use_syslog').with(:value => 'true') + is_expected.to contain_ceilometer_config('DEFAULT/use_stderr').with(:value => 'false') + is_expected.to contain_ceilometer_config('DEFAULT/syslog_log_facility').with(:value => 'LOG_FOO') + is_expected.to contain_ceilometer_config('DEFAULT/log_dir').with(:value => '/var/log') + is_expected.to contain_ceilometer_config('DEFAULT/verbose').with(:value => 'true') + is_expected.to contain_ceilometer_config('DEFAULT/debug').with(:value => 'true') + end + end + + shared_examples_for 'logging params set' do + it 'enables logging params' do + is_expected.to contain_congress_config('DEFAULT/logging_context_format_string').with_value( + '%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s') + + is_expected.to contain_congress_config('DEFAULT/logging_default_format_string').with_value( + '%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s') + + is_expected.to contain_congress_config('DEFAULT/logging_debug_format_suffix').with_value( + '%(funcName)s %(pathname)s:%(lineno)d') + + is_expected.to contain_congress_config('DEFAULT/logging_exception_prefix').with_value( + '%(asctime)s.%(msecs)03d %(process)d TRACE %(name)s %(instance)s') + + is_expected.to contain_congress_config('DEFAULT/log_config_append').with_value( + '/etc/congress/logging.conf') + is_expected.to contain_congress_config('DEFAULT/publish_errors').with_value( + true) + + is_expected.to contain_congress_config('DEFAULT/default_log_levels').with_value( + 'amqp=WARN,amqplib=WARN,boto=WARN,iso8601=WARN,qpid=WARN,requests.packages.urllib3.connectionpool=WARN,sqlalchemy=WARN,suds=INFO') + + is_expected.to contain_congress_config('DEFAULT/fatal_deprecations').with_value( + true) + + is_expected.to contain_congress_config('DEFAULT/instance_format').with_value( + '[instance: %(uuid)s] ') + + is_expected.to contain_congress_config('DEFAULT/instance_uuid_format').with_value( + '[instance: %(uuid)s] ') + + is_expected.to contain_congress_config('DEFAULT/log_date_format').with_value( + '%Y-%m-%d %H:%M:%S') + end + end + + + shared_examples_for 'logging params unset' do + [ :logging_context_format_string, :logging_default_format_string, + :logging_debug_format_suffix, :logging_exception_prefix, + :log_config_append, :publish_errors, + :default_log_levels, :fatal_deprecations, + :instance_format, :instance_uuid_format, + :log_date_format, ].each { |param| + it { is_expected.to contain_congress_config("DEFAULT/#{param}").with_ensure('absent') } + } + end + + context 'on Debian platforms' do + let :facts do + { :osfamily => 'Debian' } + end + + it_configures 'congress-logging' + end + + context 'on RedHat platforms' do + let :facts do + { :osfamily => 'RedHat' } + end + + it_configures 'congress-logging' + end + +end diff --git a/components/congress/puppet/spec/classes/congress_policy_spec.rb b/components/congress/puppet/spec/classes/congress_policy_spec.rb new file mode 100644 index 0000000..d4e08ca --- /dev/null +++ b/components/congress/puppet/spec/classes/congress_policy_spec.rb @@ -0,0 +1,41 @@ +require 'spec_helper' + +describe 'congress::policy' do + + shared_examples_for 'congress policies' do + let :params do + { + :policy_path => '/etc/congress/policy.json', + :policies => { + 'context_is_admin' => { + 'key' => 'context_is_admin', + 'value' => 'foo:bar' + } + } + } + end + + it 'set up the policies' do + is_expected.to contain_openstacklib__policy__base('context_is_admin').with({ + :key => 'context_is_admin', + :value => 'foo:bar' + }) + end + end + + context 'on Debian platforms' do + let :facts do + { :osfamily => 'Debian' } + end + + it_configures 'congress policies' + end + + context 'on RedHat platforms' do + let :facts do + { :osfamily => 'RedHat' } + end + + it_configures 'congress policies' + end +end diff --git a/components/congress/puppet/spec/shared_examples.rb b/components/congress/puppet/spec/shared_examples.rb new file mode 100644 index 0000000..fec0eac --- /dev/null +++ b/components/congress/puppet/spec/shared_examples.rb @@ -0,0 +1,5 @@ +shared_examples_for "a Puppet::Error" do |description| + it "with message matching #{description.inspect}" do + expect { is_expected.to have_class_count(1) }.to raise_error(Puppet::Error, description) + end +end diff --git a/components/congress/puppet/spec/unit/provider/congress_config/ini_setting_spec.rb b/components/congress/puppet/spec/unit/provider/congress_config/ini_setting_spec.rb new file mode 100644 index 0000000..0c4b9fa --- /dev/null +++ b/components/congress/puppet/spec/unit/provider/congress_config/ini_setting_spec.rb @@ -0,0 +1,68 @@ +# +# these tests are a little concerning b/c they are hacking around the +# modulepath, so these tests will not catch issues that may eventually arise +# related to loading these plugins. +# I could not, for the life of me, figure out how to programatcally set the modulepath +$LOAD_PATH.push( + File.join( + File.dirname(__FILE__), + '..', + '..', + '..', + 'fixtures', + 'modules', + 'inifile', + 'lib') +) +$LOAD_PATH.push( + File.join( + File.dirname(__FILE__), + '..', + '..', + '..', + 'fixtures', + 'modules', + 'openstacklib', + 'lib') +) +require 'spec_helper' +provider_class = Puppet::Type.type(:congress_config).provider(:ini_setting) +describe provider_class do + + it 'should default to the default setting when no other one is specified' do + resource = Puppet::Type::congress_config.new( + {:name => 'DEFAULT/foo', :value => 'bar'} + ) + provider = provider_class.new(resource) + expect(provider.section).to eq('DEFAULT') + expect(provider.setting).to eq('foo') + end + + it 'should allow setting to be set explicitly' do + resource = Puppet::Type::congress_config.new( + {:name => 'dude/foo', :value => 'bar'} + ) + provider = provider_class.new(resource) + expect(provider.section).to eq('dude') + expect(provider.setting).to eq('foo') + end + + it 'should ensure absent when is specified as a value' do + resource = Puppet::Type::congress_config.new( + {:name => 'dude/foo', :value => ''} + ) + provider = provider_class.new(resource) + provider.exists? + expect(resource[:ensure]).to eq :absent + end + + it 'should ensure absent when value matches ensure_absent_val' do + resource = Puppet::Type::congress_config.new( + {:name => 'dude/foo', :value => 'foo', :ensure_absent_val => 'foo' } + ) + provider = provider_class.new(resource) + provider.exists? + expect(resource[:ensure]).to eq :absent + end + +end diff --git a/components/congress/puppet/spec/unit/type/congress_config_spec.rb b/components/congress/puppet/spec/unit/type/congress_config_spec.rb new file mode 100644 index 0000000..22a70a1 --- /dev/null +++ b/components/congress/puppet/spec/unit/type/congress_config_spec.rb @@ -0,0 +1,64 @@ +require 'puppet' +require 'puppet/type/congress_config' +describe 'Puppet::Type.type(:congress_config)' do + before :each do + @congress_config = Puppet::Type.type(:congress_config).new(:name => 'DEFAULT/foo', :value => 'bar') + end + + it 'should require a name' do + expect { + Puppet::Type.type(:congress_config).new({}) + }.to raise_error(Puppet::Error, 'Title or name must be provided') + end + + it 'should not expect a name with whitespace' do + expect { + Puppet::Type.type(:congress_config).new(:name => 'f oo') + }.to raise_error(Puppet::Error, /Parameter name failed/) + end + + it 'should fail when there is no section' do + expect { + Puppet::Type.type(:congress_config).new(:name => 'foo') + }.to raise_error(Puppet::Error, /Parameter name failed/) + end + + it 'should not require a value when ensure is absent' do + Puppet::Type.type(:congress_config).new(:name => 'DEFAULT/foo', :ensure => :absent) + end + + it 'should accept a valid value' do + @congress_config[:value] = 'bar' + expect(@congress_config[:value]).to eq('bar') + end + + it 'should not accept a value with whitespace' do + @congress_config[:value] = 'b ar' + expect(@congress_config[:value]).to eq('b ar') + end + + it 'should accept valid ensure values' do + @congress_config[:ensure] = :present + expect(@congress_config[:ensure]).to eq(:present) + @congress_config[:ensure] = :absent + expect(@congress_config[:ensure]).to eq(:absent) + end + + it 'should not accept invalid ensure values' do + expect { + @congress_config[:ensure] = :latest + }.to raise_error(Puppet::Error, /Invalid value/) + end + + it 'should autorequire the package that install the file' do + catalog = Puppet::Resource::Catalog.new + package = Puppet::Type.type(:package).new(:name => 'congress-common') + catalog.add_resource package, @congress_config + dependency = @congress_config.autorequire + expect(dependency.size).to eq(1) + expect(dependency[0].target).to eq(@congress_config) + expect(dependency[0].source).to eq(package) + end + + +end diff --git a/components/congress/puppet/tests/init.pp b/components/congress/puppet/tests/init.pp new file mode 100644 index 0000000..922b1cb --- /dev/null +++ b/components/congress/puppet/tests/init.pp @@ -0,0 +1,12 @@ +# The baseline for module testing used by Puppet Labs is that each manifest +# should have a corresponding test manifest that declares that class or defined +# type. +# +# Tests are then run by using puppet apply --noop (to check for compilation +# errors and view a log of events) or by fully applying the test in a virtual +# environment (to compare the resulting system state to the desired state). +# +# Learn more about module testing here: +# http://docs.puppetlabs.com/guides/tests_smoke.html +# +include ::congress -- cgit 1.2.3-korg