openstack
/
puppet-manila
Code Issues Proposed changes

Support manila-api deployment with Apache 

Change-Id: Ib596f462592566683a5d84a8edf39ff7afe7fac0
This commit is contained in:
Goutham Pacha Ravi 2018-07-27 16:09:27 -07:00 committed by Tobias Urdin
parent 8c73c1864a
commit 0a2687ab87
9 changed files with 382 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
manifests/api.pp
View File

@ -29,6 +29,15 @@
# (optional) Run db sync on the node
# Defaults to true
#
# [*service_name*]
# (optional) Name of the service that will be providing the
# server functionality of manila-api.
# If the value is 'httpd', this means manila-api will be a web
# service, and you must use another class to configure that
# web service. For example, use class { 'manila::wsgi::apache'...}
# to make manila-api be a web app using apache mod_wsgi.
# Defaults to '$::manila::params::api_service'
#
# [*manage_service*]
# (optional) Whether to start/stop the service
# Defaults to true
@ -74,6 +83,7 @@ class manila::api (
$enabled = true,
$sync_db = true,
$manage_service = true,
$service_name = $::manila::params::api_service,
$ratelimits = undef,
$ratelimits_factory = 'manila.api.v1.limits:RateLimitingMiddleware.factory',
$enable_proxy_headers_parsing = $::os_service_default,
@ -82,7 +92,7 @@ class manila::api (
# Deprecated
$service_port = undef,
$os_region_name = undef,
) {
) inherits manila::params {
include ::manila::deps
include ::manila::params
@ -119,14 +129,33 @@ class manila::api (
}
}
service { 'manila-api':
ensure => $ensure,
name => $::manila::params::api_service,
enable => $enabled,
hasstatus => true,
tag => 'manila-service',
}
if $service_name == $::manila::params::api_service {
service { 'manila-api':
ensure => $ensure,
name => $::manila::params::api_service,
enable => $enabled,
hasstatus => true,
tag => 'manila-service',
}
} elsif $service_name == 'httpd' {
# We need to make sure manila-api/eventlet is stopped before trying to
# start apache
include ::apache::params
service { 'manila-api':
ensure => 'stopped',
name => $::manila::params::api_service,
enable => false,
tag => ['manila-service'],
}
Service <| title == 'httpd' |> { tag +> 'manila-service' }
Service['manila-api'] -> Service[$service_name]
} else {
fail("Invalid service_name. Either use manila-api/openstack-manila-api \
for running as a standalone service, or httpd for being run by a httpd \
server.")
}
manila_config {
'DEFAULT/osapi_share_listen': value => $bind_host;
'DEFAULT/enabled_share_protocols': value => $enabled_share_protocols;

3
manifests/keystone/auth.pp
View File

@ -123,9 +123,6 @@ class manila::keystone::auth (
$password_v2_real = $password_v2
}
Keystone_user_role["${auth_name}@${tenant}"] ~> Service <| name == 'manila-api' |>
Keystone_user_role["${auth_name_v2}@${tenant}"] ~> Service <| name == 'manila-api' |>
keystone::resource::service_identity { 'manila':
configure_user => true,
configure_user_role => true,

4
manifests/params.pp
View File

@ -27,6 +27,8 @@ class manila::params {
$share_service = 'manila-share'
$gluster_client_package_name = 'glusterfs-client'
$gluster_package_name = 'glusterfs-common'
$manila_wsgi_script_path = '/usr/lib/cgi-bin/manila'
$manila_wsgi_script_source = '/usr/bin/manila-wsgi'
}
'RedHat': {
$package_name = 'openstack-manila'
@ -38,6 +40,8 @@ class manila::params {
$share_service = 'openstack-manila-share'
$gluster_client_package_name = 'glusterfs-fuse'
$gluster_package_name = 'glusterfs'
$manila_wsgi_script_path = '/var/www/cgi-bin/manila'
$manila_wsgi_script_source = '/usr/bin/manila-wsgi'
}
default: {
fail("unsupported osfamily ${::osfamily}, currently Debian and Redhat are the only supported platforms")

164
manifests/wsgi/apache.pp Normal file
View File

@ -0,0 +1,164 @@
# Copyright (C) 2018 Red Hat Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
# Class to serve neutron API with apache mod_wsgi in place of manila-api
# service.
#
# Serving manila API from apache is the recommended way to go for production
# because of limited performance for concurrent accesses when running eventlet.
#
# When using this class you should disable your eventlet based manila-api
# service.
#
# == Parameters
#
# [*servername*]
# The servername for the virtualhost.
# Optional. Defaults to $::fqdn
#
# [*port*]
# The port.
# Optional. Defaults to 8786
#
# [*bind_host*]
# The host/ip address Apache will listen on.
# Optional. Defaults to undef (listen on all ip addresses).
#
# [*path*]
# The prefix for the endpoint.
# Optional. Defaults to '/'
#
# [*ssl*]
# Use ssl ? (boolean)
# Optional. Defaults to true
#
# [*workers*]
# Number of WSGI workers to spawn.
# Optional. Defaults to $::os_workers
#
# [*priority*]
# (optional) The priority for the vhost.
# Defaults to '10'
#
# [*threads*]
# (optional) The number of threads for the vhost.
# Defaults to 1
#
# [*wsgi_process_display_name*]
# (optional) Name of the WSGI process display-name.
# Defaults to undef
#
# [*ssl_cert*]
# [*ssl_key*]
# [*ssl_chain*]
# [*ssl_ca*]
# [*ssl_crl_path*]
# [*ssl_crl*]
# [*ssl_certs_dir*]
# apache::vhost ssl parameters.
# Optional. Default to apache::vhost 'ssl_*' defaults.
#
# [*access_log_file*]
# The log file name for the virtualhost.
# Optional. Defaults to false.
#
# [*access_log_format*]
# The log format for the virtualhost.
# Optional. Defaults to false.
#
# [*error_log_file*]
# The error log file name for the virtualhost.
# Optional. Defaults to undef.
#
# [*custom_wsgi_process_options*]
# (optional) gives you the opportunity to add custom process options or to
# overwrite the default options for the WSGI main process.
# eg. to use a virtual python environment for the WSGI process
# you could set it to:
# { python-path => '/my/python/virtualenv' }
# Defaults to {}
#
# == Dependencies
#
# requires Class['apache'] & Class['manila']
#
# == Examples
#
# include apache
#
# class { 'manila::wsgi::apache': }
#
class manila::wsgi::apache (
$servername = $::fqdn,
$port = 8786,
$bind_host = undef,
$path = '/',
$ssl = true,
$workers = $::os_workers,
$ssl_cert = undef,
$ssl_key = undef,
$ssl_chain = undef,
$ssl_ca = undef,
$ssl_crl_path = undef,
$ssl_crl = undef,
$ssl_certs_dir = undef,
$wsgi_process_display_name = undef,
$threads = 1,
$priority = '10',
$access_log_file = false,
$access_log_format = false,
$error_log_file = undef,
$custom_wsgi_process_options = {},
) {
include ::manila::deps
include ::manila::params
include ::apache
include ::apache::mod::wsgi
if $ssl {
include ::apache::mod::ssl
}
::openstacklib::wsgi::apache { 'manila_wsgi':
bind_host => $bind_host,
bind_port => $port,
group => 'manila',
path => $path,
priority => $priority,
servername => $servername,
ssl => $ssl,
ssl_ca => $ssl_ca,
ssl_cert => $ssl_cert,
ssl_certs_dir => $ssl_certs_dir,
ssl_chain => $ssl_chain,
ssl_crl => $ssl_crl,
ssl_crl_path => $ssl_crl_path,
ssl_key => $ssl_key,
threads => $threads,
user => 'manila',
workers => $workers,
wsgi_daemon_process => 'manila-api',
wsgi_process_display_name => $wsgi_process_display_name,
wsgi_process_group => 'manila-api',
wsgi_script_dir => $::manila::params::manila_wsgi_script_path,
wsgi_script_file => 'manila-api',
wsgi_script_source => $::manila::params::manila_wsgi_script_source,
custom_wsgi_process_options => $custom_wsgi_process_options,
access_log_file => $access_log_file,
access_log_format => $access_log_format,
error_log_file => $error_log_file,
require => Anchor['manila::install::end'],
}
}

6
metadata.json
View File

@ -28,6 +28,10 @@
{
"name": "openstack/oslo",
"version_requirement": ">=13.3.0 <14.0.0"
},
{
"name": "puppetlabs/apache",
"version_requirement": ">=3.0.0"
}
],
"description": "Installs and configures OpenStack Manila (Shared Filesystems).",
@ -75,4 +79,4 @@
"source": "git://github.com/openstack/puppet-manila.git",
"summary": "Puppet module for OpenStack Manila",
"version": "13.3.0"
}
}

7
releasenotes/notes/manila-wsgi-893b66e84d4a9133.yaml Normal file
View File

@ -0,0 +1,7 @@
---
features:
- |
The manila API service can now be installed with Apache, instead of the
package-provided built-in eventlet based wsgi server. Set
$manila::api::service_name to 'httpd' to run the Manila API as
virtual host on an apache based web server.

10
spec/acceptance/basic_manila_spec.rb
View File

@ -47,7 +47,13 @@ describe 'basic manila' do
class { '::manila::keystone::authtoken':
password => 'a_big_secret',
}
class { '::manila::api': }
class { '::manila::api':
service_name => 'httpd',
}
include ::apache
class { '::manila::wsgi::apache':
ssl => false,
}
class { '::manila::scheduler': }
# missing: backends, share, service_instance
@ -60,7 +66,7 @@ describe 'basic manila' do
end
describe port(8786) do
it { is_expected.to be_listening.with('tcp') }
it { is_expected.to be_listening }
end
end

47
spec/classes/manila_api_spec.rb
View File

@ -12,7 +12,11 @@ describe 'manila::api' do
end
let :facts do
@default_facts.merge({:osfamily => 'Debian'})
@default_facts.merge({
:osfamily => 'Debian',
:operatingsystem => 'Debian',
:operatingsystemrelease => 'jessie'
})
end
describe 'with only required params' do
@ -20,12 +24,13 @@ describe 'manila::api' do
req_params
end
it { is_expected.to contain_class('manila::policy') }
it { is_expected.to contain_service('manila-api').with(
'hasstatus' => true,
'ensure' => 'running',
'tag' => 'manila-service',
)}
it { is_expected.to contain_class('manila::policy') }
it 'should configure manila api correctly' do
is_expected.to contain_manila_config('DEFAULT/auth_strategy').with(:value => 'keystone')
@ -135,4 +140,42 @@ describe 'manila::api' do
)}
end
describe 'when running manila-api in wsgi' do
let :params do
req_params.merge!({ :service_name => 'httpd' })
end
let :pre_condition do
"include ::apache
class { 'manila': }
class { '::manila::keystone::authtoken':
password => 'foo',
}"
end
it 'configures manila-api service with Apache' do
is_expected.to contain_service('manila-api').with(
:ensure => 'stopped',
:enable => false,
:tag => ['manila-service'],
)
end
end
describe 'when service_name is not valid' do
let :params do
req_params.merge!({ :service_name => 'foobar' })
end
let :pre_condition do
"include ::apache
class { 'manila': }
class { '::manila::keystone::authtoken':
password => 'foo',
}"
end
it_raises 'a Puppet::Error', /Invalid service_name/
end
end

112
spec/classes/manila_wsgi_apache_spec.rb Normal file
View File

@ -0,0 +1,112 @@
require 'spec_helper'
describe 'manila::wsgi::apache' do
shared_examples_for 'apache serving manila with mod_wsgi' do
context 'with default parameters' do
it { is_expected.to contain_class('manila::params') }
it { is_expected.to contain_class('apache') }
it { is_expected.to contain_class('apache::mod::wsgi') }
it { is_expected.to contain_class('apache::mod::ssl') }
it { is_expected.to contain_openstacklib__wsgi__apache('manila_wsgi').with(
:bind_port => 8786,
:group => 'manila',
:path => '/',
:servername => facts[:fqdn],
:ssl => true,
:threads => 1,
:user => 'manila',
:workers => facts[:os_workers],
:wsgi_daemon_process => 'manila-api',
:wsgi_process_group => 'manila-api',
:wsgi_script_dir => platform_params[:wsgi_script_path],
:wsgi_script_file => 'manila-api',
:wsgi_script_source => platform_params[:wsgi_script_source],
:custom_wsgi_process_options => {},
:access_log_file => false,
:access_log_format => false,
)}
end
context'when overriding parameters using different ports' do
let :params do
{
:servername => 'dummy.host',
:bind_host => '10.42.51.1',
:port => 12345,
:ssl => false,
:wsgi_process_display_name => 'manila-api',
:workers => 37,
:custom_wsgi_process_options => {
'python_path' => '/my/python/admin/path',
},
:access_log_file => '/var/log/httpd/access_log',
:access_log_format => 'some format',
:error_log_file => '/var/log/httpd/error_log'
}
end
it { is_expected.to contain_class('manila::params') }
it { is_expected.to contain_class('apache') }
it { is_expected.to contain_class('apache::mod::wsgi') }
it { is_expected.to_not contain_class('apache::mod::ssl') }
it { is_expected.to contain_openstacklib__wsgi__apache('manila_wsgi').with(
:bind_host => '10.42.51.1',
:bind_port => 12345,
:group => 'manila',
:path => '/',
:servername => 'dummy.host',
:ssl => false,
:threads => 1,
:user => 'manila',
:workers => 37,
:wsgi_daemon_process => 'manila-api',
:wsgi_process_display_name => 'manila-api',
:wsgi_process_group => 'manila-api',
:wsgi_script_dir => platform_params[:wsgi_script_path],
:wsgi_script_file => 'manila-api',
:wsgi_script_source => platform_params[:wsgi_script_source],
:custom_wsgi_process_options => {
'python_path' => '/my/python/admin/path',
},
:access_log_file => '/var/log/httpd/access_log',
:access_log_format => 'some format',
:error_log_file => '/var/log/httpd/error_log'
)}
end
end
on_supported_os({
:supported_os => OSDefaults.get_supported_os
}).each do |os,facts|
context "on #{os}" do
let (:facts) do
facts.merge!(OSDefaults.get_facts({
:os_workers => 42,
:concat_basedir => '/var/lib/puppet/concat',
:fqdn => 'some.host.tld',
}))
end
let(:platform_params) do
case facts[:osfamily]
when 'Debian'
{
:httpd_service_name => 'apache2',
:httpd_ports_file => '/etc/apache2/ports.conf',
:wsgi_script_path => '/usr/lib/cgi-bin/manila',
:wsgi_script_source => '/usr/bin/manila-wsgi'
}
when 'RedHat'
{
:httpd_service_name => 'httpd',
:httpd_ports_file => '/etc/httpd/conf/ports.conf',
:wsgi_script_path => '/var/www/cgi-bin/manila',
:wsgi_script_source => '/usr/bin/manila-wsgi'
}
end
end
it_behaves_like 'apache serving manila with mod_wsgi'
end
end
end