openstack
/
puppet-aodh
Code Issues Proposed changes

Implement API service 

* Manifests to deploy Aodh API service
* WSGI support
* unit tests
* acceptance tests
* example manifest

Change-Id: I648310ae05bae37b1790514d0e7fe0bbc5a7bdde
This commit is contained in:
Emilien Macchi 2015-10-20 09:11:14 -04:00
parent 5a2607a7d1
commit 54f857d36b
7 changed files with 654 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
examples/aodh.pp
View File

@ -1 +1,11 @@
class { '::aodh': }
class { '::aodh::api':
enabled => true,
keystone_password => 'a_big_secret',
keystone_identity_uri => 'http://127.0.0.1:35357/',
service_name => 'httpd',
}
include ::apache
class { '::aodh::wsgi::apache':
ssl => false,
}

138
manifests/api.pp Normal file
View File

@ -0,0 +1,138 @@
# Installs & configure the aodh api service
#
# == Parameters
#
# [*enabled*]
# (optional) Should the service be enabled.
# Defaults to true
#
# [*manage_service*]
# (optional) Whether the service should be managed by Puppet.
# Defaults to true.
#
# [*keystone_user*]
# (optional) The name of the auth user
# Defaults to aodh
#
# [*keystone_tenant*]
# (optional) Tenant to authenticate with.
# Defaults to 'services'.
#
# [*keystone_password*]
# Password to authenticate with.
# Mandatory.
#
# [*keystone_auth_uri*]
# (optional) Public Identity API endpoint.
# Defaults to 'false'.
#
# [*keystone_identity_uri*]
# (optional) Complete admin Identity API endpoint.
# Defaults to: false
#
# [*host*]
# (optional) The aodh api bind address.
# Defaults to 0.0.0.0
#
# [*port*]
# (optional) The aodh api port.
# Defaults to 8777
#
# [*package_ensure*]
# (optional) ensure state for package.
# Defaults to 'present'
#
# [*service_name*]
# (optional) Name of the service that will be providing the
# server functionality of aodh-api.
# If the value is 'httpd', this means aodh-api will be a web
# service, and you must use another class to configure that
# web service. For example, use class { 'aodh::wsgi::apache'...}
# to make aodh-api be a web app using apache mod_wsgi.
# Defaults to '$::aodh::params::api_service_name'
#
class aodh::api (
$manage_service = true,
$enabled = true,
$package_ensure = 'present',
$keystone_user = 'aodh',
$keystone_tenant = 'services',
$keystone_password = false,
$keystone_auth_uri = false,
$keystone_identity_uri = false,
$host = '0.0.0.0',
$port = '8777',
$service_name = $::aodh::params::api_service_name,
) inherits aodh::params {
include ::aodh::params
include ::aodh::policy
validate_string($keystone_password)
Aodh_config<||> ~> Service[$service_name]
Class['aodh::policy'] ~> Service[$service_name]
Package['aodh-api'] -> Service[$service_name]
Package['aodh-api'] -> Service['aodh-api']
Package['aodh-api'] -> Class['aodh::policy']
package { 'aodh-api':
ensure => $package_ensure,
name => $::aodh::params::api_package_name,
tag => ['openstack', 'aodh-package'],
}
if $manage_service {
if $enabled {
$service_ensure = 'running'
} else {
$service_ensure = 'stopped'
}
}
if $service_name == $::aodh::params::api_service_name {
service { 'aodh-api':
ensure => $service_ensure,
name => $::aodh::params::api_service_name,
enable => $enabled,
hasstatus => true,
hasrestart => true,
require => Class['aodh::db'],
tag => 'aodh-service',
}
} elsif $service_name == 'httpd' {
include ::apache::params
service { 'aodh-api':
ensure => 'stopped',
name => $::aodh::params::api_service_name,
enable => false,
tag => 'aodh-service',
}
Class['aodh::db'] -> Service[$service_name]
# we need to make sure aodh-api/eventlet is stopped before trying to start apache
Service['aodh-api'] -> Service[$service_name]
} else {
fail('Invalid service_name. Either aodh/openstack-aodh-api for running as a standalone service, or httpd for being run by a httpd server')
}
aodh_config {
'keystone_authtoken/auth_uri' : value => $keystone_auth_uri;
'keystone_authtoken/admin_tenant_name' : value => $keystone_tenant;
'keystone_authtoken/admin_user' : value => $keystone_user;
'keystone_authtoken/admin_password' : value => $keystone_password, secret => true;
'api/host' : value => $host;
'api/port' : value => $port;
}
if $keystone_identity_uri {
aodh_config {
'keystone_authtoken/identity_uri': value => $keystone_identity_uri;
}
} else {
aodh_config {
'keystone_authtoken/identity_uri': ensure => absent;
}
}
}

56
manifests/params.pp
View File

@ -4,34 +4,38 @@ class aodh::params {
case $::osfamily {
'RedHat': {
$common_package_name = 'openstack-aodh-common'
$psycopg_package_name = 'python-psycopg2'
$sqlite_package_name = undef
$api_package_name = 'openstack-aodh-api'
$api_service_name = 'openstack-aodh-api'
$notifier_package_name = 'openstack-aodh-notifier'
$notifier_service_name = 'openstack-aodh-notifier'
$evaluator_package_name = 'openstack-aodh-evaluator'
$evaluator_service_name = 'openstack-aodh-evaluator'
$expirer_package_name = 'openstack-aodh-expirer'
$expirer_package_serice = 'openstack-aodh-expirer'
$listener_package_name = 'openstack-aodh-listener'
$listener_service_name = 'openstack-aodh-listener'
$common_package_name = 'openstack-aodh-common'
$psycopg_package_name = 'python-psycopg2'
$sqlite_package_name = undef
$api_package_name = 'openstack-aodh-api'
$api_service_name = 'openstack-aodh-api'
$notifier_package_name = 'openstack-aodh-notifier'
$notifier_service_name = 'openstack-aodh-notifier'
$evaluator_package_name = 'openstack-aodh-evaluator'
$evaluator_service_name = 'openstack-aodh-evaluator'
$expirer_package_name = 'openstack-aodh-expirer'
$expirer_package_serice = 'openstack-aodh-expirer'
$listener_package_name = 'openstack-aodh-listener'
$listener_service_name = 'openstack-aodh-listener'
$aodh_wsgi_script_path = '/var/www/cgi-bin/aodh'
$aodh_wsgi_script_source = '/usr/lib/python2.7/site-packages/aodh/api/app.wsgi'
}
'Debian': {
$common_package_name = 'aodh-common'
$psycopg_package_name = 'python-psycopg2'
$sqlite_package_name = 'python-pysqlite2'
$api_package_name = 'aodh-api'
$api_service_name = 'aodh-api'
$notifier_package_name = 'aodh-notifier'
$notifier_service_name = 'aodh-notifier'
$evaluator_package_name = 'aodh-evaluator'
$evaluator_service_name = 'aodh-evaluator'
$expirer_package_name = 'aodh-expirer'
$expirer_package_serice = 'aodh-expirer'
$listener_package_name = 'aodh-listener'
$listener_service_name = 'aodh-listener'
$common_package_name = 'aodh-common'
$psycopg_package_name = 'python-psycopg2'
$sqlite_package_name = 'python-pysqlite2'
$api_package_name = 'aodh-api'
$api_service_name = 'aodh-api'
$notifier_package_name = 'aodh-notifier'
$notifier_service_name = 'aodh-notifier'
$evaluator_package_name = 'aodh-evaluator'
$evaluator_service_name = 'aodh-evaluator'
$expirer_package_name = 'aodh-expirer'
$expirer_package_serice = 'aodh-expirer'
$listener_package_name = 'aodh-listener'
$listener_service_name = 'aodh-listener'
$aodh_wsgi_script_path = '/usr/lib/cgi-bin/aodh'
$aodh_wsgi_script_source = '/usr/share/aodh-common/app.wsgi'
}
default: {
fail("Unsupported osfamily: ${::osfamily} operatingsystem")

128
manifests/wsgi/apache.pp Normal file
View File

@ -0,0 +1,128 @@
#
# Copyright (C) 2015 eNovance SAS <licensing@enovance.com>
#
# Author: Emilien Macchi <emilien.macchi@enovance.com>
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# Class to serve aodh API with apache mod_wsgi in place of aodh-api service.
#
# Serving aodh API from apache is the recommended way to go for production
# because of limited performance for concurrent accesses when running eventlet.
#
# When using this class you should disable your aodh-api service.
#
# == Parameters
#
# [*servername*]
# The servername for the virtualhost.
# Optional. Defaults to $::fqdn
#
# [*port*]
# The port.
# Optional. Defaults to 8042
#
# [*bind_host*]
# The host/ip address Apache will listen on.
# Optional. Defaults to undef (listen on all ip addresses).
#
# [*path*]
# The prefix for the endpoint.
# Optional. Defaults to '/'
#
# [*ssl*]
# Use ssl ? (boolean)
# Optional. Defaults to true
#
# [*workers*]
# Number of WSGI workers to spawn.
# Optional. Defaults to 1
#
# [*priority*]
# (optional) The priority for the vhost.
# Defaults to '10'
#
# [*threads*]
# (optional) The number of threads for the vhost.
# Defaults to $::processorcount
#
# [*ssl_cert*]
# [*ssl_key*]
# [*ssl_chain*]
# [*ssl_ca*]
# [*ssl_crl_path*]
# [*ssl_crl*]
# [*ssl_certs_dir*]
# apache::vhost ssl parameters.
# Optional. Default to apache::vhost 'ssl_*' defaults.
#
# == Dependencies
#
# requires Class['apache'] & Class['aodh']
#
# == Examples
#
# include apache
#
# class { 'aodh::wsgi::apache': }
#
class aodh::wsgi::apache (
$servername = $::fqdn,
$port = 8042,
$bind_host = undef,
$path = '/',
$ssl = true,
$workers = 1,
$ssl_cert = undef,
$ssl_key = undef,
$ssl_chain = undef,
$ssl_ca = undef,
$ssl_crl_path = undef,
$ssl_crl = undef,
$ssl_certs_dir = undef,
$threads = $::processorcount,
$priority = '10',
) {
include ::aodh::params
include ::apache
include ::apache::mod::wsgi
if $ssl {
include ::apache::mod::ssl
}
::openstacklib::wsgi::apache { 'aodh_wsgi':
bind_host => $bind_host,
bind_port => $port,
group => 'aodh',
path => $path,
priority => $priority,
servername => $servername,
ssl => $ssl,
ssl_ca => $ssl_ca,
ssl_cert => $ssl_cert,
ssl_certs_dir => $ssl_certs_dir,
ssl_chain => $ssl_chain,
ssl_crl => $ssl_crl,
ssl_crl_path => $ssl_crl_path,
ssl_key => $ssl_key,
threads => $threads,
user => 'aodh',
workers => $workers,
wsgi_daemon_process => 'aodh',
wsgi_process_group => 'aodh',
wsgi_script_dir => $::aodh::params::aodh_wsgi_script_path,
wsgi_script_file => 'app',
wsgi_script_source => $::aodh::params::aodh_wsgi_script_source,
}
}

25
spec/acceptance/basic_aodh_spec.rb → spec/acceptance/aodh_wsgi_apache_spec.rb
View File

@ -96,11 +96,12 @@ describe 'basic aodh' do
admin_url => "https://${::fqdn}:35357/",
}
class { '::aodh':
rabbit_userid => 'aodh',
rabbit_password => 'an_even_bigger_secret',
verbose => true,
debug => true,
rabbit_host => '127.0.0.1',
rabbit_userid => 'aodh',
rabbit_password => 'an_even_bigger_secret',
verbose => true,
debug => true,
rabbit_host => '127.0.0.1',
database_connection => 'mysql://aodh:a_big_secret@127.0.0.1/aodh?charset=utf8',
}
class { '::aodh::db::mysql':
password => 'a_big_secret',
@ -108,6 +109,16 @@ describe 'basic aodh' do
class { '::aodh::keystone::auth':
password => 'a_big_secret',
}
class { '::aodh::api':
enabled => true,
keystone_password => 'a_big_secret',
keystone_identity_uri => 'http://127.0.0.1:35357/',
service_name => 'httpd',
}
include ::apache
class { '::aodh::wsgi::apache':
ssl => false,
}
EOS
@ -116,5 +127,9 @@ describe 'basic aodh' do
apply_manifest(pp, :catch_changes => true)
end
describe port(8042) do
it { is_expected.to be_listening }
end
end
end

204
spec/classes/aodh_api_spec.rb Normal file
View File

@ -0,0 +1,204 @@
require 'spec_helper'
describe 'aodh::api' do
let :pre_condition do
"class { 'aodh': }
include ::aodh::db"
end
let :params do
{ :enabled => true,
:manage_service => true,
:keystone_password => 'aodh-passw0rd',
:keystone_tenant => 'services',
:keystone_user => 'aodh',
:package_ensure => 'latest',
:port => '8777',
:host => '0.0.0.0',
}
end
shared_examples_for 'aodh-api' do
context 'without required parameter keystone_password' do
before { params.delete(:keystone_password) }
it { expect { is_expected.to raise_error(Puppet::Error) } }
end
it { is_expected.to contain_class('aodh::params') }
it { is_expected.to contain_class('aodh::policy') }
it 'installs aodh-api package' do
is_expected.to contain_package('aodh-api').with(
:ensure => 'latest',
:name => platform_params[:api_package_name],
:tag => ['openstack', 'aodh-package'],
)
end
it 'configures keystone authentication middleware' do
is_expected.to contain_aodh_config('keystone_authtoken/admin_tenant_name').with_value( params[:keystone_tenant] )
is_expected.to contain_aodh_config('keystone_authtoken/admin_user').with_value( params[:keystone_user] )
is_expected.to contain_aodh_config('keystone_authtoken/admin_password').with_value( params[:keystone_password] )
is_expected.to contain_aodh_config('keystone_authtoken/admin_password').with_value( params[:keystone_password] ).with_secret(true)
is_expected.to contain_aodh_config('api/host').with_value( params[:host] )
is_expected.to contain_aodh_config('api/port').with_value( params[:port] )
end
[{:enabled => true}, {:enabled => false}].each do |param_hash|
context "when service should be #{param_hash[:enabled] ? 'enabled' : 'disabled'}" do
before do
params.merge!(param_hash)
end
it 'configures aodh-api service' do
is_expected.to contain_service('aodh-api').with(
:ensure => (params[:manage_service] && params[:enabled]) ? 'running' : 'stopped',
:name => platform_params[:api_service_name],
:enable => params[:enabled],
:hasstatus => true,
:hasrestart => true,
:require => 'Class[Aodh::Db]',
:tag => 'aodh-service',
)
end
end
end
context 'with disabled service managing' do
before do
params.merge!({
:manage_service => false,
:enabled => false })
end
it 'configures aodh-api service' do
is_expected.to contain_service('aodh-api').with(
:ensure => nil,
:name => platform_params[:api_service_name],
:enable => false,
:hasstatus => true,
:hasrestart => true,
:tag => 'aodh-service',
)
end
end
context 'when running aodh-api in wsgi' do
before do
params.merge!({ :service_name => 'httpd' })
end
let :pre_condition do
"include ::apache
include ::aodh::db
class { 'aodh': }"
end
it 'configures aodh-api service with Apache' do
is_expected.to contain_service('aodh-api').with(
:ensure => 'stopped',
:name => platform_params[:api_service_name],
:enable => false,
:tag => 'aodh-service',
)
end
end
context 'when service_name is not valid' do
before do
params.merge!({ :service_name => 'foobar' })
end
let :pre_condition do
"include ::apache
include ::aodh::db
class { 'aodh': }"
end
it_raises 'a Puppet::Error', /Invalid service_name/
end
end
context 'on Debian platforms' do
let :facts do
{ :osfamily => 'Debian',
:operatingsystem => 'Debian',
:operatingsystemrelease => '8.0',
:concat_basedir => '/var/lib/puppet/concat',
:fqdn => 'some.host.tld',
:processorcount => 2 }
end
let :platform_params do
{ :api_package_name => 'aodh-api',
:api_service_name => 'aodh-api' }
end
it_configures 'aodh-api'
end
context 'on RedHat platforms' do
let :facts do
{ :osfamily => 'RedHat',
:operatingsystem => 'RedHat',
:operatingsystemrelease => '7.1',
:fqdn => 'some.host.tld',
:concat_basedir => '/var/lib/puppet/concat',
:processorcount => 2 }
end
let :platform_params do
{ :api_package_name => 'openstack-aodh-api',
:api_service_name => 'openstack-aodh-api' }
end
it_configures 'aodh-api'
end
describe 'with custom auth_uri' do
let :facts do
{ :osfamily => 'RedHat' }
end
before do
params.merge!({
:keystone_auth_uri => 'https://foo.bar:1234/',
})
end
it 'should configure custom auth_uri correctly' do
is_expected.to contain_aodh_config('keystone_authtoken/auth_uri').with_value( 'https://foo.bar:1234/' )
end
end
describe "with custom keystone identity_uri" do
let :facts do
{ :osfamily => 'RedHat' }
end
before do
params.merge!({
:keystone_identity_uri => 'https://foo.bar:1234/',
})
end
it 'configures identity_uri' do
is_expected.to contain_aodh_config('keystone_authtoken/identity_uri').with_value("https://foo.bar:1234/");
end
end
describe "with custom keystone identity_uri and auth_uri" do
let :facts do
{ :osfamily => 'RedHat' }
end
before do
params.merge!({
:keystone_identity_uri => 'https://foo.bar:35357/',
:keystone_auth_uri => 'https://foo.bar:5000/v2.0/',
})
end
it 'configures identity_uri and auth_uri but deprecates old auth settings' do
is_expected.to contain_aodh_config('keystone_authtoken/identity_uri').with_value("https://foo.bar:35357/");
is_expected.to contain_aodh_config('keystone_authtoken/auth_uri').with_value("https://foo.bar:5000/v2.0/");
end
end
end

124
spec/classes/aodh_wsgi_apache_spec.rb Normal file
View File

@ -0,0 +1,124 @@
require 'spec_helper'
describe 'aodh::wsgi::apache' do
let :global_facts do
{
:processorcount => 42,
:concat_basedir => '/var/lib/puppet/concat',
:fqdn => 'some.host.tld'
}
end
shared_examples_for 'apache serving aodh with mod_wsgi' do
it { is_expected.to contain_service('httpd').with_name(platform_parameters[:httpd_service_name]) }
it { is_expected.to contain_class('aodh::params') }
it { is_expected.to contain_class('apache') }
it { is_expected.to contain_class('apache::mod::wsgi') }
describe 'with default parameters' do
it { is_expected.to contain_file("#{platform_parameters[:wsgi_script_path]}").with(
'ensure' => 'directory',
'owner' => 'aodh',
'group' => 'aodh',
'require' => 'Package[httpd]'
)}
it { is_expected.to contain_file('aodh_wsgi').with(
'ensure' => 'file',
'path' => "#{platform_parameters[:wsgi_script_path]}/app",
'source' => platform_parameters[:wsgi_script_source],
'owner' => 'aodh',
'group' => 'aodh',
'mode' => '0644'
)}
it { is_expected.to contain_file('aodh_wsgi').that_requires("File[#{platform_parameters[:wsgi_script_path]}]") }
it { is_expected.to contain_apache__vhost('aodh_wsgi').with(
'servername' => 'some.host.tld',
'ip' => nil,
'port' => '8042',
'docroot' => "#{platform_parameters[:wsgi_script_path]}",
'docroot_owner' => 'aodh',
'docroot_group' => 'aodh',
'ssl' => 'true',
'wsgi_daemon_process' => 'aodh',
'wsgi_process_group' => 'aodh',
'wsgi_script_aliases' => { '/' => "#{platform_parameters[:wsgi_script_path]}/app" },
'require' => 'File[aodh_wsgi]'
)}
it { is_expected.to contain_file("#{platform_parameters[:httpd_ports_file]}") }
end
describe 'when overriding parameters using different ports' do
let :params do
{
:servername => 'dummy.host',
:bind_host => '10.42.51.1',
:port => 12345,
:ssl => false,
:workers => 37,
}
end
it { is_expected.to contain_apache__vhost('aodh_wsgi').with(
'servername' => 'dummy.host',
'ip' => '10.42.51.1',
'port' => '12345',
'docroot' => "#{platform_parameters[:wsgi_script_path]}",
'docroot_owner' => 'aodh',
'docroot_group' => 'aodh',
'ssl' => 'false',
'wsgi_daemon_process' => 'aodh',
'wsgi_process_group' => 'aodh',
'wsgi_script_aliases' => { '/' => "#{platform_parameters[:wsgi_script_path]}/app" },
'require' => 'File[aodh_wsgi]'
)}
it { is_expected.to contain_file("#{platform_parameters[:httpd_ports_file]}") }
end
end
context 'on RedHat platforms' do
let :facts do
global_facts.merge({
:osfamily => 'RedHat',
:operatingsystemrelease => '7.0'
})
end
let :platform_parameters do
{
:httpd_service_name => 'httpd',
:httpd_ports_file => '/etc/httpd/conf/ports.conf',
:wsgi_script_path => '/var/www/cgi-bin/aodh',
:wsgi_script_source => '/usr/lib/python2.7/site-packages/aodh/api/app.wsgi'
}
end
it_configures 'apache serving aodh with mod_wsgi'
end
context 'on Debian platforms' do
let :facts do
global_facts.merge({
:osfamily => 'Debian',
:operatingsystem => 'Debian',
:operatingsystemrelease => '7.0'
})
end
let :platform_parameters do
{
:httpd_service_name => 'apache2',
:httpd_ports_file => '/etc/apache2/ports.conf',
:wsgi_script_path => '/usr/lib/cgi-bin/aodh',
:wsgi_script_source => '/usr/share/aodh-common/app.wsgi'
}
end
it_configures 'apache serving aodh with mod_wsgi'
end
end