diff --git a/Berksfile b/Berksfile index a603520..5d6fe13 100644 --- a/Berksfile +++ b/Berksfile @@ -1,13 +1,14 @@ -source "https://supermarket.chef.io" +source 'https://supermarket.chef.io' + +%w(image identity common).each do |cookbook| + if Dir.exist?("../cookbook-openstack-#{cookbook}") + cookbook "openstack-#{cookbook}", path: "../cookbook-openstack-#{cookbook}" + else + cookbook "openstack-#{cookbook}", github: "openstack/cookbook-openstack-#{cookbook}" + end +end + +cookbook 'openstackclient', + github: 'cloudbau/cookbook-openstackclient' metadata - -cookbook "openstack-image", - github: "openstack/cookbook-openstack-image" -cookbook "openstack-identity", - github: "openstack/cookbook-openstack-identity" -cookbook "openstack-common", - github: "openstack/cookbook-openstack-common" -cookbook "openstackclient", - github: "cloudbau/cookbook-openstackclient" - diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..68c771a --- /dev/null +++ b/LICENSE @@ -0,0 +1,176 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + diff --git a/Rakefile b/Rakefile index c9edb13..137cc2f 100644 --- a/Rakefile +++ b/Rakefile @@ -1,40 +1,39 @@ -task default: ["test"] +task default: ['test'] -task :test => [:syntax, :lint, :unit] +task test: [:syntax, :lint, :unit] -desc "Vendor the cookbooks in the Berksfile" +desc 'Vendor the cookbooks in the Berksfile' task :berks_prep do - sh %{chef exec berks vendor} + sh %(chef exec berks vendor) end -desc "Run FoodCritic (syntax) tests" +desc 'Run FoodCritic (syntax) tests' task :syntax do - sh %{chef exec foodcritic --exclude spec -f any .} + sh %(chef exec foodcritic --exclude spec -f any .) end -desc "Run RuboCop (lint) tests" +desc 'Run RuboCop (lint) tests' task :lint do - sh %{chef exec cookstyle} + sh %(chef exec cookstyle) end -desc "Run RSpec (unit) tests" -task :unit => :berks_prep do - sh %{chef exec rspec --format documentation} +desc 'Run RSpec (unit) tests' +task unit: :berks_prep do + sh %(chef exec rspec --format documentation) end -desc "Remove the berks-cookbooks directory and the Berksfile.lock" +desc 'Remove the berks-cookbooks directory and the Berksfile.lock' task :clean do rm_rf [ 'berks-cookbooks', - 'Berksfile.lock' + 'Berksfile.lock', ] end -desc "All-in-One Neutron build Infra using Common task" +desc 'All-in-One Neutron build Infra using Common task' task :integration do # Use the common integration task sh %(wget -nv -t 3 -O Rakefile-Common https://raw.githubusercontent.com/openstack/cookbook-openstack-common/master/Rakefile) load './Rakefile-Common' - Rake::Task["common_integration"].invoke + Rake::Task['common_integration'].invoke end - diff --git a/attributes/default.rb b/attributes/default.rb index e9d0c51..975bb8b 100644 --- a/attributes/default.rb +++ b/attributes/default.rb @@ -71,6 +71,16 @@ default['openstack']['block-storage']['volume']['block_devices'] = nil default['openstack']['block-storage']['user'] = 'cinder' default['openstack']['block-storage']['group'] = 'cinder' +# Cinder WSGI app SSL settings +default['openstack']['block-storage']['ssl']['enabled'] = false +default['openstack']['block-storage']['ssl']['certfile'] = '' +default['openstack']['block-storage']['ssl']['chainfile'] = '' +default['openstack']['block-storage']['ssl']['keyfile'] = '' +default['openstack']['block-storage']['ssl']['ca_certs_path'] = '' +default['openstack']['block-storage']['ssl']['cert_required'] = false +default['openstack']['block-storage']['ssl']['protocol'] = '' +default['openstack']['block-storage']['ssl']['ciphers'] = '' + case node['platform_family'] when 'rhel' # :pragma-foodcritic: ~FC024 - won't fix this # operating system user and group names @@ -79,14 +89,14 @@ when 'rhel' # :pragma-foodcritic: ~FC024 - won't fix this 'cinder_common_packages' => ['openstack-cinder'], 'cinder_api_packages' => ['openstack-cinder'], 'cinder_api_service' => 'openstack-cinder-api', - 'cinder_volume_packages' => ['qemu-img-ev'], + 'cinder_volume_packages' => ['qemu-img-ev', 'scsi-target-utils'], 'cinder_volume_service' => 'openstack-cinder-volume', 'cinder_scheduler_packages' => [], 'cinder_scheduler_service' => 'openstack-cinder-scheduler', 'cinder_backup_packages' => [], 'cinder_backup_service' => 'openstack-cinder-backup', - 'cinder_iscsitarget_packages' => ['targetcli'], - 'cinder_iscsitarget_service' => 'target', + 'cinder_iscsitarget_packages' => ['targetcli', 'dbus-python'], + 'cinder_iscsitarget_service' => 'tgtd', 'cinder_ceph_packages' => ['python-ceph', 'ceph-common'], 'cinder_nfs_packages' => ['nfs-utils', 'nfs-utils-lib'], 'cinder_emc_packages' => ['pywbem'], @@ -101,7 +111,7 @@ when 'debian' 'cinder_common_packages' => ['cinder-common'], 'cinder_api_packages' => ['cinder-api'], 'cinder_api_service' => 'cinder-api', - 'cinder_volume_packages' => ['cinder-volume', 'qemu-utils'], + 'cinder_volume_packages' => ['cinder-volume', 'qemu-utils', 'thin-provisioning-tools'], 'cinder_volume_service' => 'cinder-volume', 'cinder_scheduler_packages' => ['cinder-scheduler'], 'cinder_scheduler_service' => 'cinder-scheduler', @@ -115,7 +125,7 @@ when 'debian' 'cinder_svc_packages' => ['sysfsutils'], 'cinder_lvm_packages' => ['lvm2'], 'cinder_flashsystem_packages' => ['sysfsutils'], - 'package_overrides' => "-o Dpkg::Options::='--force-confold' -o Dpkg::Options::='--force-confdef'", + 'package_overrides' => '', } end diff --git a/files/default/cinder-group-active.service b/files/default/cinder-group-active.service deleted file mode 100644 index 37cc140..0000000 --- a/files/default/cinder-group-active.service +++ /dev/null @@ -1,18 +0,0 @@ -[Unit] -SourcePath=/etc/init.d/cinder-group-active -Description=LSB: cinder volume group active script -After=remote-fs.target -After=network-online.target -After=systemd-journald-dev-log.socket -Wants=network-online.target - -[Service] -Type=oneshot -Restart=no -TimeoutSec=5min -IgnoreSIGPIPE=no -KillMode=process -GuessMainPID=no -RemainAfterExit=true -ExecStart=/etc/init.d/cinder-group-active start -ExecStop=/etc/init.d/cinder-group-active stop diff --git a/files/default/cinder_tgt.conf b/files/default/cinder_tgt.conf new file mode 100644 index 0000000..444eb00 --- /dev/null +++ b/files/default/cinder_tgt.conf @@ -0,0 +1 @@ +include /var/lib/cinder/volumes/* diff --git a/metadata.rb b/metadata.rb index ae63c31..d10ceb0 100644 --- a/metadata.rb +++ b/metadata.rb @@ -1,7 +1,7 @@ name 'openstack-block-storage' maintainer 'Chef OpenStack' maintainer_email 'openstack-dev@lists.openstack.org' -license 'Apache 2.0' +license 'Apache-2.0' description 'The OpenStack Advanced Volume Management service Cinder.' long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) version '16.0.0' @@ -15,7 +15,8 @@ depends 'openstack-identity', '>= 16.0.0' depends 'openstack-image', '>= 16.0.0' depends 'openstackclient' -depends 'apt', '~> 5.0' +depends 'lvm' +depends 'selinux' issues_url 'https://launchpad.net/openstack-chef' if respond_to?(:issues_url) source_url 'https://github.com/openstack/cookbook-openstack-block-storage' if respond_to?(:source_url) diff --git a/recipes/api.rb b/recipes/api.rb index 726c5ce..287ae5f 100644 --- a/recipes/api.rb +++ b/recipes/api.rb @@ -27,6 +27,7 @@ end include_recipe 'openstack-block-storage::cinder-common' +bind_service = node['openstack']['bind_service']['all']['block-storage'] platform_options = node['openstack']['block-storage']['platform'] platform_options['cinder_api_packages'].each do |pkg| @@ -43,10 +44,6 @@ node['openstack']['db']['python_packages'][db_type].each do |pkg| end end -# Todo(jr): Runs via wsgi in apache2 now, need to find a nice way to -# trigger apache2 restart. Also disable the default installed wsgi -# service and use our template based setup - execute 'cinder-manage db sync' do user node['openstack']['block-storage']['user'] group node['openstack']['block-storage']['group'] @@ -60,3 +57,28 @@ if node['openstack']['block-storage']['policyfile_url'] mode 0o0644 end end + +# remove the cinder-wsgi.conf automatically generated from package +apache_config 'cinder-wsgi' do + enable false +end + +web_app 'cinder-api' do + template 'wsgi-template.conf.erb' + daemon_process 'cinder-wsgi' + server_host bind_service['host'] + server_port bind_service['port'] + server_entry '/usr/bin/cinder-wsgi' + log_dir node['apache']['log_dir'] + run_dir node['apache']['run_dir'] + user node['openstack']['block-storage']['user'] + group node['openstack']['block-storage']['group'] + use_ssl node['openstack']['block-storage']['ssl']['enabled'] + cert_file node['openstack']['block-storage']['ssl']['certfile'] + chain_file node['openstack']['block-storage']['ssl']['chainfile'] + key_file node['openstack']['block-storage']['ssl']['keyfile'] + ca_certs_path node['openstack']['block-storage']['ssl']['ca_certs_path'] + cert_required node['openstack']['block-storage']['ssl']['cert_required'] + protocol node['openstack']['block-storage']['ssl']['protocol'] + ciphers node['openstack']['block-storage']['ssl']['ciphers'] +end diff --git a/recipes/cinder-common.rb b/recipes/cinder-common.rb index 57edc9c..6d5b860 100644 --- a/recipes/cinder-common.rb +++ b/recipes/cinder-common.rb @@ -67,7 +67,7 @@ node.default['openstack']['block-storage']['conf'].tap do |conf| conf['DEFAULT']['my_ip'] = cinder_api_bind_address conf['DEFAULT']['glance_api_servers'] = glance_api_endpoint.to_s conf['DEFAULT']['osapi_volume_listen'] = cinder_api_bind_address - conf['DEFAULT']['osapi_volume_listen_port'] = cinder_api_bind.port + conf['DEFAULT']['osapi_volume_listen_port'] = cinder_api_bind['port'] conf['keystone_authtoken']['auth_uri'] = auth_uri conf['keystone_authtoken']['auth_url'] = auth_url end diff --git a/recipes/identity_registration.rb b/recipes/identity_registration.rb index 6e90f64..20862a6 100644 --- a/recipes/identity_registration.rb +++ b/recipes/identity_registration.rb @@ -55,14 +55,14 @@ connection_params = { openstack_domain_name: admin_domain, } -# Register VolumeV2 Service +# Register Volume Service openstack_service service_name do type service_type connection_params connection_params end interfaces.each do |interface, res| - # Register VolumeV2 Endpoints + # Register Volume Endpoints openstack_endpoint service_type do service_name service_name interface interface.to_s @@ -72,6 +72,23 @@ interfaces.each do |interface, res| end end +# Workaround to enable Volume support in Horizon +# this may break in future releases of chef-client +openstack_service 'cinderv3' do + type 'volumev3' + connection_params connection_params +end + +interfaces.each do |interface, res| + openstack_endpoint 'volumev3' do + service_name 'cinderv3' + interface interface.to_s + url res[:url].to_s.gsub('/v2', '/v3') + region region + connection_params connection_params + end +end + # Register Service Project openstack_project service_project_name do connection_params connection_params @@ -81,14 +98,8 @@ end openstack_user service_user do project_name service_project_name domain_name service_domain_name + role_name service_role password service_pass connection_params connection_params -end - -## Grant Service role to Service User for Service Tenant ## -openstack_user service_user do - role_name service_role - project_name service_project_name - connection_params connection_params - action :grant_role + action [:create, :grant_role] end diff --git a/recipes/volume.rb b/recipes/volume.rb index 6132f3e..01d81f5 100644 --- a/recipes/volume.rb +++ b/recipes/volume.rb @@ -65,10 +65,9 @@ service 'iscsitarget' do action :enable end -# RHEL7 doesn't need targets.conf file template '/etc/tgt/targets.conf' do source 'targets.conf.erb' mode 0o0600 notifies :restart, 'service[iscsitarget]', :immediately - not_if { node['platform_family'] == 'rhel' && node['platform_version'].to_i == 7 } + notifies :restart, 'service[cinder-volume]', :immediately end diff --git a/recipes/volume_driver_lvm.rb b/recipes/volume_driver_lvm.rb index f12afae..db9dd2b 100644 --- a/recipes/volume_driver_lvm.rb +++ b/recipes/volume_driver_lvm.rb @@ -35,38 +35,22 @@ when 'file' vg_file = "#{node['openstack']['block-storage']['conf']['DEFAULT']['state_path']}/#{vg_name}.img" # create volume group - execute 'Create Cinder volume group' do + execute 'Create Cinder loopback file' do command "dd if=/dev/zero of=#{vg_file} bs=1M seek=#{seek_count} count=0; vgcreate #{vg_name} $(losetup --show -f #{vg_file})" action :run - not_if "vgs #{vg_name}" + not_if "pvs | grep -c #{vg_name}" end - - cookbook_file '/etc/systemd/system/cinder-group-active.service' do - source 'cinder-group-active.service' - mode '0644' - action :create_if_missing - end - - template '/etc/init.d/cinder-group-active' do - source 'cinder-group-active.erb' - mode '0755' - variables( - volume_name: vg_name, - volume_file: vg_file - ) - notifies :start, 'service[cinder-group-active]', :immediately - end - - service 'cinder-group-active' do - service_name 'cinder-group-active' - action [:enable, :start] - end - when 'block_devices' block_devices = node['openstack']['block-storage']['volume']['block_devices'] - execute 'Create Cinder volume group with block devices' do - command "pvcreate #{block_devices}; vgcreate #{vg_name} #{block_devices}" - action :run + + lvm_physical_volume block_devices do + action :create + not_if "pvs | grep -c #{block_devices}" + end + + lvm_volume_group vg_name do + physical_volumes [block_devices] + wipe_signatures true not_if "vgs #{vg_name}" end end diff --git a/spec/api-redhat_spec.rb b/spec/api-redhat_spec.rb index d0ef802..11f73b6 100644 --- a/spec/api-redhat_spec.rb +++ b/spec/api-redhat_spec.rb @@ -19,12 +19,5 @@ describe 'openstack-block-storage::api' do it 'upgrades mysql python package' do expect(chef_run).to upgrade_package 'MySQL-python' end - - it 'upgrades postgresql python packages if explicitly told' do - node.set['openstack']['db']['block-storage']['service_type'] = 'postgresql' - - expect(chef_run).to upgrade_package 'python-psycopg2' - expect(chef_run).not_to upgrade_package 'MySQL-python' - end end end diff --git a/spec/api_spec.rb b/spec/api_spec.rb index 366a2bb..13f9897 100644 --- a/spec/api_spec.rb +++ b/spec/api_spec.rb @@ -22,13 +22,6 @@ describe 'openstack-block-storage::api' do expect(chef_run).to upgrade_package('python-mysqldb') end - it 'upgrades postgresql python packages if explicitly told' do - node.set['openstack']['db']['block-storage']['service_type'] = 'postgresql' - - expect(chef_run).to upgrade_package('python-psycopg2') - expect(chef_run).not_to upgrade_package('python-mysqldb') - end - it 'runs db migrations' do expect(chef_run).to run_execute('cinder-manage db sync').with(user: 'cinder', group: 'cinder') end diff --git a/spec/backup-redhat_spec.rb b/spec/backup-redhat_spec.rb index 3e46c41..7fc940b 100644 --- a/spec/backup-redhat_spec.rb +++ b/spec/backup-redhat_spec.rb @@ -28,13 +28,6 @@ describe 'openstack-block-storage::backup' do it 'upgrades mysql python package' do expect(chef_run).to upgrade_package 'MySQL-python' end - - it 'upgrades postgresql python packages if explicitly told' do - node.set['openstack']['db']['block-storage']['service_type'] = 'postgresql' - - expect(chef_run).to upgrade_package 'python-psycopg2' - expect(chef_run).not_to upgrade_package 'MySQL-python' - end end end end diff --git a/spec/backup_spec.rb b/spec/backup_spec.rb index d8ff358..ed44776 100644 --- a/spec/backup_spec.rb +++ b/spec/backup_spec.rb @@ -32,13 +32,6 @@ describe 'openstack-block-storage::backup' do it 'upgrades mysql python package' do expect(chef_run).to upgrade_package 'python-mysqldb' end - - it 'upgrades postgresql python packages if explicitly told' do - node.set['openstack']['db']['block-storage']['service_type'] = 'postgresql' - - expect(chef_run).to upgrade_package 'python-psycopg2' - expect(chef_run).not_to upgrade_package 'python-mysqldb' - end end end end diff --git a/spec/identity_registration_spec.rb b/spec/identity_registration_spec.rb index 95e2315..c0cdfec 100644 --- a/spec/identity_registration_spec.rb +++ b/spec/identity_registration_spec.rb @@ -23,6 +23,7 @@ describe 'openstack-block-storage::identity_registration' do service_type = 'volumev2' service_user = 'cinder' url = 'http://127.0.0.1:8776/v2/%(tenant_id)s' + url_v3 = 'http://127.0.0.1:8776/v3/%(tenant_id)s' region = 'RegionOne' project_name = 'service' role_name = 'service' @@ -46,6 +47,15 @@ describe 'openstack-block-storage::identity_registration' do ) end + it 'registers cinderv3 service' do + expect(chef_run).to create_openstack_service( + 'cinderv3' + ).with( + connection_params: connection_params, + type: 'volumev3' + ) + end + context "registers #{service_name} endpoint" do %w(admin internal public).each do |interface| it "#{interface} endpoint with default values" do @@ -59,6 +69,18 @@ describe 'openstack-block-storage::identity_registration' do connection_params: connection_params ) end + + it "volumev3 #{interface} endpoint with default values" do + expect(chef_run).to create_openstack_endpoint( + 'volumev3' + ).with( + service_name: 'cinderv3', + # interface: interface, + url: url_v3, + region: region, + connection_params: connection_params + ) + end end it 'with custom region override' do @@ -74,16 +96,6 @@ describe 'openstack-block-storage::identity_registration' do service_user ).with( domain_name: domain_name, - project_name: project_name, - password: password, - connection_params: connection_params - ) - end - - it do - expect(chef_run).to grant_role_openstack_user( - service_user - ).with( project_name: project_name, role_name: role_name, password: password, diff --git a/spec/scheduler-redhat_spec.rb b/spec/scheduler-redhat_spec.rb index edd0c00..0c2ff2f 100644 --- a/spec/scheduler-redhat_spec.rb +++ b/spec/scheduler-redhat_spec.rb @@ -27,12 +27,5 @@ describe 'openstack-block-storage::scheduler' do it 'upgrades mysql python package' do expect(chef_run).to upgrade_package 'MySQL-python' end - - it 'upgrades postgresql python packages if explicitly told' do - node.set['openstack']['db']['block-storage']['service_type'] = 'postgresql' - - expect(chef_run).to upgrade_package 'python-psycopg2' - expect(chef_run).not_to upgrade_package 'MySQL-python' - end end end diff --git a/spec/scheduler_spec.rb b/spec/scheduler_spec.rb index 3b60a7c..2cefe34 100644 --- a/spec/scheduler_spec.rb +++ b/spec/scheduler_spec.rb @@ -29,12 +29,5 @@ describe 'openstack-block-storage::scheduler' do it 'upgrades mysql python package' do expect(chef_run).to upgrade_package 'python-mysqldb' end - - it 'upgrades postgresql python packages if explicitly told' do - node.set['openstack']['db']['block-storage']['service_type'] = 'postgresql' - - expect(chef_run).to upgrade_package 'python-psycopg2' - expect(chef_run).not_to upgrade_package 'python-mysqldb' - end end end diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index eb82788..cb91497 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -12,7 +12,7 @@ require 'chef/application' LOG_LEVEL = :fatal REDHAT_OPTS = { platform: 'redhat', - version: '7.1', + version: '7.3', log_level: LOG_LEVEL, }.freeze UBUNTU_OPTS = { @@ -58,6 +58,8 @@ shared_context 'block-storage-stubs' do allow_any_instance_of(Chef::Recipe).to receive(:rabbit_transport_url) .with('block-storage') .and_return('rabbit://guest:mypass@127.0.0.1:5672') + stub_command('/usr/sbin/httpd -t').and_return(true) + stub_command('/usr/sbin/apache2 -t').and_return(true) allow(Chef::Application).to receive(:fatal!) end end diff --git a/spec/volume-redhat_spec.rb b/spec/volume-redhat_spec.rb index 1830442..7e3e1a4 100644 --- a/spec/volume-redhat_spec.rb +++ b/spec/volume-redhat_spec.rb @@ -16,13 +16,6 @@ describe 'openstack-block-storage::volume' do expect(chef_run).to upgrade_package('MySQL-python') end - it 'upgrades postgresql python packages if explicitly told' do - node.set['openstack']['db']['block-storage']['service_type'] = 'postgresql' - - expect(chef_run).to upgrade_package('python-psycopg2') - expect(chef_run).not_to upgrade_package('MySQL-python') - end - it 'upgrades qemu-img-ev package' do expect(chef_run).to upgrade_package('qemu-img-ev') end @@ -41,7 +34,7 @@ describe 'openstack-block-storage::volume' do context 'ISCSI' do it 'starts iscsi target on boot' do - expect(chef_run).to enable_service('target') + expect(chef_run).to enable_service('iscsitarget') end end end diff --git a/spec/volume_spec.rb b/spec/volume_spec.rb index 5c6b3b2..b5efa33 100644 --- a/spec/volume_spec.rb +++ b/spec/volume_spec.rb @@ -22,6 +22,10 @@ describe 'openstack-block-storage::volume' do expect(chef_run).to upgrade_package 'qemu-utils' end + it 'upgrades thin provisioning tools package' do + expect(chef_run).to upgrade_package 'thin-provisioning-tools' + end + it 'starts cinder volume' do expect(chef_run).to start_service 'cinder-volume' end @@ -38,13 +42,6 @@ describe 'openstack-block-storage::volume' do expect(chef_run).to upgrade_package 'python-mysqldb' end - it 'upgrades postgresql python packages if explicitly told' do - node.set['openstack']['db']['block-storage']['service_type'] = 'postgresql' - - expect(chef_run).to upgrade_package 'python-psycopg2' - expect(chef_run).not_to upgrade_package 'python-mysqldb' - end - it 'upgrades cinder iscsi package' do expect(chef_run).to upgrade_package 'tgt' end diff --git a/templates/default/cinder-group-active.erb b/templates/default/cinder-group-active.erb deleted file mode 100644 index 098703f..0000000 --- a/templates/default/cinder-group-active.erb +++ /dev/null @@ -1,48 +0,0 @@ -#!/bin/sh -<%= node["openstack"]["block-storage"]["custom_template_banner"] %> -# -# cinder volume group active script -# -# only support start action -# chkconfig: - 98 02 -# -### BEGIN INIT INFO -# Provides: cinder-group-active -# Required-Start: $remote_fs $network $syslog -# Required-Stop: $remote_fs $syslog -# Default-Start: 2 3 4 5 -# Default-Stop: 0 1 6 -# Short-Description: cinder volume group active script -### END INIT INFO - -<% if %w{rhel}.include? node.platform_family %> -. /etc/rc.d/init.d/functions -<% end %> - -start() -{ - vgs <%= @volume_name %> > /dev/null 2>&1 - if [ $? -ne 0 ]; then - echo -n "Activating cinder volume group ..." - vgcreate <%= @volume_name %> $(losetup --show -f <%= @volume_file %>) - <% if %w{rhel}.include? node.platform_family %> - success - echo - <% elsif %w{debian}.include? node.platform_family %> - echo "SUCCESS" - <% end %> - fi -} - -RETVAL=0 - -case "$1" in - start) - start - ;; - *) - echo "Usage: $0 {start}" - RETVAL=1 -esac - -exit $RETVAL diff --git a/templates/default/targets.conf.erb b/templates/default/targets.conf.erb index ff029e1..27a4139 100644 --- a/templates/default/targets.conf.erb +++ b/templates/default/targets.conf.erb @@ -1,9 +1,9 @@ <%= node["openstack"]["block-storage"]["custom_template_banner"] %> -<% if %w(rhel).include?(node["platform_family"]) %> -include <%= node['openstack']['block-storage']['conf']['DEFAULT']['volumes_dir'] %>/* +<% if node['platform_family'].include?('rhel') %> +include <%= node['openstack']['block-storage']['conf']['DEFAULT']['state_path'] %>/volumes/* <% end %> -<% if %w(debian).include?(node["platform_family"]) %> +<% if node['platform_family'].include?('debian') %> include /etc/tgt/conf.d/*.conf <% end %> default-driver iscsi diff --git a/templates/default/wsgi-template.conf.erb b/templates/default/wsgi-template.conf.erb new file mode 100644 index 0000000..564bfc8 --- /dev/null +++ b/templates/default/wsgi-template.conf.erb @@ -0,0 +1,42 @@ +<%= node["openstack"]["compute"]["custom_template_banner"] %> + +Listen <%= @params[:server_host] %>:<%= @params[:server_port] %> + +:<%= @params[:server_port] %>> + WSGIDaemonProcess <%= @params[:daemon_process] %> processes=2 threads=10 user=<%= @params[:user] %> group=<%= @params[:group] %> display-name=%{GROUP} + WSGIProcessGroup <%= @params[:daemon_process] %> + WSGIScriptAlias / <%= @params[:server_entry] %> + WSGIApplicationGroup %{GLOBAL} + WSGIPassAuthorization On + + + Require all granted + + + ErrorLogFormat "%{cu}t %M" + ErrorLog <%= @params[:log_dir] %>/<%= @params[:daemon_process] %>_error.log + CustomLog <%= @params[:log_dir] %>/<%= @params[:daemon_process] %>_access.log combined +<% if [true, 'true', 'True'].include?(@params[:log_debug]) -%> + LogLevel debug +<% end -%> + +<% if @params[:use_ssl] -%> + SSLEngine On + SSLCertificateFile <%= @params[:cert_file] %> + SSLCertificateKeyFile <%= @params[:key_file] %> + SSLCACertificatePath <%= @params[:ca_certs_path] %> +<% if @params[:chain_file] %> + SSLCertificateChainFile <%= @params[:chain_file] %> +<% end -%> + SSLProtocol <%= @params[:protocol] %> +<% if @params[:ciphers] -%> + SSLCipherSuite <%= @params[:ciphers] %> +<% end -%> +<% if @params[:cert_required] -%> + SSLVerifyClient require +<% end -%> +<% end -%> + + +WSGISocketPrefix <%= @params[:run_dir] -%> +