openstack
/
puppet-barbican
Code Issues Proposed changes

Update barbican for Debian based systems 

There are barbican packages available for debian based systems
but the current module is designed to work with redhat based
systems only right now.

Change-Id: I4ab2e6ecf6626f4c647299eeec3cd5b3d3fbdaa9
(cherry picked from commit d1764c670a)
This commit is contained in:
Matthew J. Black 2016-09-26 10:47:49 -04:00
parent 0b0dbcc7e7
commit 201e0d2dd8
16 changed files with 720 additions and 621 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
manifests/api.pp
View File

@ -303,12 +303,6 @@ class barbican::api (
warning('auth_url is deprecated, use barbican::keystone::authtoken::auth_url instead.')
}
file { ['/etc/barbican', '/var/log/barbican']:
ensure => directory,
require => Package['barbican-api'],
notify => Service['barbican-api'],
}
# TODO: Remove the posix users and permissions and merge this definition
# with the previous one, once the barbican package has been updated
# with the correct ownership for this directory.
@ -321,25 +315,17 @@ class barbican::api (
notify => Service[$service_name],
}
file { ['/etc/barbican/barbican.conf',
'/etc/barbican/barbican-api-paste.ini',
'/etc/barbican/gunicorn-config.py']:
ensure => present,
require => Package['barbican-api'],
notify => Service[$service_name],
}
package { 'barbican-api':
ensure => $ensure_package,
name => $::barbican::params::api_package_name,
tag => ['openstack', 'barbican-package'],
}
File['/etc/barbican/barbican.conf'] -> Barbican_config<||>
File['/etc/barbican/barbican-api-paste.ini'] -> Barbican_api_paste_ini<||>
Package['barbican-api'] ~> Service[$service_name]
Barbican_config<||> ~> Service[$service_name]
Barbican_api_paste_ini<||> ~> Service[$service_name]
Package<| tag == 'barbican-package' |> -> Barbican_config<||>
Package<| tag == 'barbican-package' |> -> Barbican_api_paste_ini<||>
# basic service config
if $host_href == undef {
@ -354,13 +340,6 @@ class barbican::api (
'DEFAULT/host_href': value => $host_href_real;
}
File['/etc/barbican/gunicorn-config.py'] ->
file_line { 'Modify bind_port in gunicorn-config.py':
path => '/etc/barbican/gunicorn-config.py',
line => "bind = '${bind_host}:${bind_port}'",
match => '.*bind = .*',
} -> Service[$service_name]
#rabbit config
if $rpc_backend in [$::os_service_default, 'rabbit'] {
oslo::messaging::rabbit {'barbican_config':
@ -471,6 +450,9 @@ class barbican::api (
}
if $service_name == 'barbican-api' {
if $::osfamily == 'Debian' {
fail('On Debian family the service_name must be set to httpd as there is no eventlet init script.')
}
service { 'barbican-api':
ensure => $service_ensure,
name => $::barbican::params::api_service_name,
@ -479,17 +461,27 @@ class barbican::api (
hasrestart => true,
tag => 'barbican-service',
}
file_line { 'Modify bind_port in gunicorn-config.py':
path => '/etc/barbican/gunicorn-config.py',
line => "bind = '${bind_host}:${bind_port}'",
match => '.*bind = .*',
}
Package<| tag == 'barbican-package' |> -> File_line['Modify bind_port in gunicorn-config.py'] ~> Service[$service_name]
} elsif $service_name == 'httpd' {
include ::apache::params
# Debian/Ubuntu do not have a barbican-api and this will error out on them.
if $::osfamily == 'RedHat' {
service { 'barbican-api':
ensure => 'stopped',
name => $::barbican::params::api_service_name,
enable => false,
tag => 'barbican-service',
}
# we need to make sure barbican-api is stopped before trying to start apache
Service['barbican-api'] -> Service[$service_name]
}
} else {
fail('Invalid service_name. Use barbican-api for stand-alone or httpd')
}

10
manifests/params.pp
View File

@ -5,7 +5,6 @@ class barbican::params {
case $::osfamily {
'RedHat': {
$package_name = 'openstack-barbican'
$api_package_name = 'openstack-barbican-api'
$api_service_name = 'openstack-barbican-api'
$worker_package_name = 'openstack-barbican-worker'
@ -16,11 +15,12 @@ class barbican::params {
$dogtag_client_package = 'pki-base'
}
'Debian': {
$package_name = 'openstack-barbican'
$service_name = 'openstack-barbican'
$api_package_name = 'barbican-api'
$worker_package_name = 'barbican-worker'
$worker_service_name = 'barbican-worker'
$client_package_name = 'python-barbicanclient'
$barbican_wsgi_script_path = '/var/www/cgi-bin/barbican'
$barbican_wsgi_script_source = '/usr/lib/python2.7/site-packages/barbican/api/app.wsgi'
$barbican_wsgi_script_path = '/usr/lib/cgi-bin/barbican'
$barbican_wsgi_script_source = '/usr/lib/python2.7/dist-packages/barbican/api/app.wsgi'
$dogtag_client_package = 'pki-base'
}
default: {

2
manifests/wsgi/apache.pp
View File

@ -164,6 +164,8 @@ class barbican::wsgi::apache (
require => Package['httpd'],
}
Package<| tag == 'barbican-api' |> -> File[$::barbican::params::barbican_wsgi_script_path]
$wsgi_files = {
'barbican_wsgi_main' => {
'path' => "${::barbican::params::barbican_wsgi_script_path}/main",

11
releasenotes/notes/fix_ubuntu_install-20a799586184762a.yaml Normal file
View File

@ -0,0 +1,11 @@
---
issues:
- Fix for wsgi app locations for Ubuntu/Debian, was previously using RedHat packaging locations.
- Add conditional to prevent puppet from trying to manage barbican-api service on Ubuntu/Debian
as the packaging contains no init script for the eventlet.
- Add api_package_name for Ubuntu/Debian. This worked because the title is the same as the
package name on Ubuntu/Debian and api_package_name was undefined.
- Add worker_package_name and worker_service_name for Ubuntu/Debian.
- Remove unused variable package_name from params for both Ubuntu/Debian and RedHat.
- Remove service_name for Ubuntu/Debian as there is no init script for Ubuntu/Debian and apache
must be used.

19
spec/acceptance/basic_barbican_spec.rb
View File

@ -25,27 +25,17 @@ describe 'barbican::api basic test class' do
include ::openstack_integration::repos
include ::openstack_integration::mysql
include ::openstack_integration::keystone
case $::osfamily {
'Debian': {
warning('Barbican is not yet packaged on Ubuntu systems.')
}
'RedHat': {
# Barbican resources
include ::barbican
class { '::barbican::keystone::auth':
password => 'a_big_secret',
}
class { '::barbican::api::logging':
}
class { '::barbican::api::logging': }
class { '::barbican::quota':
}
class { '::barbican::quota': }
class { '::barbican::keystone::notification':
}
class { '::barbican::keystone::notification': }
class { '::barbican::db::mysql':
password => 'a_big_secret',
@ -71,8 +61,7 @@ describe 'barbican::api basic test class' do
class { '::barbican::wsgi::apache':
ssl => false,
}
}
}
EOS
it 'should work with no errors' do

20
spec/classes/barbican_api_logging_spec.rb
View File

@ -106,20 +106,20 @@ describe 'barbican::api::logging' do
}
end
context 'on Debian platforms' do
let :facts do
@default_facts.merge({ :osfamily => 'Debian' })
on_supported_os({
:supported_os => OSDefaults.get_supported_os
}).each do |os,facts|
context "on #{os}" do
let (:facts) do
facts.merge(OSDefaults.get_facts({
:processorcount => 8,
:fqdn => 'some.host.tld',
:concat_basedir => '/var/lib/puppet/concat',
}))
end
it_configures 'barbican-logging'
end
context 'on RedHat platforms' do
let :facts do
@default_facts.merge({ :osfamily => 'RedHat' })
end
it_configures 'barbican-logging'
end
end

127
spec/classes/barbican_api_spec.rb
View File

@ -21,14 +21,7 @@ require 'spec_helper'
describe 'barbican::api' do
let :facts do
@default_facts.merge(
OSDefaults.get_facts({
:osfamily => 'RedHat',
:processorcount => '7',
})
)
end
shared_examples_for 'barbican api' do
let :default_params do
{
@ -67,6 +60,7 @@ describe 'barbican::api' do
:auth_strategy => 'keystone',
:retry_scheduler_initial_delay_seconds => '<SERVICE DEFAULT>',
:retry_scheduler_periodic_interval_max_seconds => '<SERVICE DEFAULT>',
:service_name => platform_params[:service_name],
}
end
@ -107,10 +101,10 @@ describe 'barbican::api' do
:max_allowed_request_size_in_bytes => 2000000,
}
].each do |param_set|
describe "when #{param_set == {} ? "using default" : "specifying"} class parameters" do
let :pre_condition do
'class { "barbican::keystone::authtoken": password => "secret", }'
'class { "barbican::keystone::authtoken": password => "secret", }
include ::apache'
end
let :param_hash do
@ -118,7 +112,7 @@ describe 'barbican::api' do
end
let :params do
param_set
default_params.merge(param_set)
end
let :host_ref do
@ -128,12 +122,8 @@ describe 'barbican::api' do
it { is_expected.to contain_class 'barbican::api::logging' }
it { is_expected.to contain_class 'barbican::db' }
it { is_expected.to contain_service('barbican-api').with(
'ensure' => (param_hash[:manage_service] && param_hash[:enabled]) ? 'running': 'stopped',
'enable' => param_hash[:enabled],
'hasstatus' => true,
'hasrestart' => true,
'tag' => 'barbican-service',
it { is_expected.to contain_package('barbican-api').with(
:tag => ['openstack', 'barbican-package'],
)}
it 'is_expected.to set default parameters' do
@ -188,16 +178,17 @@ describe 'barbican::api' do
describe 'with SSL socket options set' do
let :pre_condition do
'class { "barbican::keystone::authtoken": password => "secret", }'
'class { "barbican::keystone::authtoken": password => "secret", }
include ::apache'
end
let :params do
{
default_params.merge({
:use_ssl => true,
:cert_file => '/path/to/cert',
:ca_file => '/path/to/ca',
:key_file => '/path/to/key',
}
})
end
it { is_expected.to contain_barbican_config('DEFAULT/ca_file').with_value('/path/to/ca') }
@ -207,13 +198,14 @@ describe 'barbican::api' do
describe 'with SSL socket options left by default' do
let :pre_condition do
'class { "barbican::keystone::authtoken": password => "secret", }'
'class { "barbican::keystone::authtoken": password => "secret", }
include ::apache'
end
let :params do
{
default_params.merge({
:use_ssl => false,
}
})
end
it { is_expected.to contain_barbican_config('DEFAULT/ca_file').with_value('<SERVICE DEFAULT>') }
@ -223,15 +215,16 @@ describe 'barbican::api' do
describe 'with SSL socket options set wrongly configured' do
let :pre_condition do
'class { "barbican::keystone::authtoken": password => "secret", }'
'class { "barbican::keystone::authtoken": password => "secret", }
include ::apache'
end
let :params do
{
default_params.merge({
:use_ssl => true,
:ca_file => '/path/to/ca',
:key_file => '/path/to/key',
}
})
end
it_raises 'a Puppet::Error', /The cert_file parameter is required when use_ssl is set to true/
@ -239,13 +232,14 @@ describe 'barbican::api' do
describe 'with keystone auth' do
let :pre_condition do
'class { "barbican::keystone::authtoken": password => "secret", }'
'class { "barbican::keystone::authtoken": password => "secret", }
include ::apache'
end
let :params do
{
default_params.merge({
:auth_strategy => 'keystone',
}
})
end
it 'is_expected.to set keystone params correctly' do
@ -254,13 +248,37 @@ describe 'barbican::api' do
is_expected.to contain_class('barbican::keystone::authtoken')
end
end
end
shared_examples_for 'barbican api redhat' do
let :param_hash do
{
:manage_service => true,
:enabled => true,
:auth_strategy => 'keystone',
}
end
let :pre_condition do
'class { "barbican::keystone::authtoken": password => "secret", }'
end
context 'redhat systems eventlet service enabled' do
describe 'should contain eventlet service' do
it { is_expected.to contain_service('barbican-api').with(
'ensure' => (param_hash[:manage_service] && param_hash[:enabled]) ? 'running': 'stopped',
'enable' => param_hash[:enabled],
'hasstatus' => true,
'hasrestart' => true,
'tag' => 'barbican-service',
) }
end
end
context 'on redhat systems eventlet service disabled' do
describe 'with disabled service managing' do
let :params do
{
:manage_service => false,
:enabled => false,
:auth_strategy => 'None',
:auth_strategy => 'keystone',
}
end
@ -272,32 +290,37 @@ describe 'barbican::api' do
'tag' => 'barbican-service',
)}
end
end
end
describe 'on RedHat platforms' do
on_supported_os({
:supported_os => OSDefaults.get_supported_os
}).each do |os,facts|
context "on #{os}" do
let (:facts) do
facts.merge(OSDefaults.get_facts({
:processorcount => 7,
:fqdn => 'some.host.tld',
:concat_basedir => '/var/lib/puppet/concat',
}))
end
case facts[:osfamily]
when 'RedHat'
let (:platform_params) do
{ :service_name => 'barbican-api' }
end
it_behaves_like 'barbican api redhat'
when 'Debian'
let :pre_condition do
'class { "barbican::keystone::authtoken": password => "secret", }'
'include ::apache'
end
let (:platform_params) do
{ :service_name => 'httpd' }
end
end
let :facts do
OSDefaults.get_facts({
:osfamily => 'RedHat',
:operatingsystemrelease => '7',
})
it_behaves_like 'barbican api'
end
let(:params) { default_params }
it { is_expected.to contain_package('barbican-api').with(
:tag => ['openstack', 'barbican-package'],
)}
end
describe 'on unknown platforms' do
let :facts do
OSDefaults.get_facts({ :osfamily => 'unknown' })
end
let(:params) { default_params }
it_raises 'a Puppet::Error', /Unsupported osfamily/
end
end

24
spec/classes/barbican_client_spec.rb
View File

@ -21,14 +21,7 @@ require 'spec_helper'
describe 'barbican::client' do
let :facts do
@default_facts.merge(
{
:osfamily => 'RedHat',
}
)
end
shared_examples_for 'barbican client' do
describe "with default parameters" do
it { is_expected.to contain_package('python-barbicanclient').with(
'ensure' => 'present',
@ -51,3 +44,18 @@ describe 'barbican::client' do
)}
end
end
on_supported_os({
:supported_os => OSDefaults.get_supported_os
}).each do |os,facts|
context "on #{os}" do
let (:facts) do
facts.merge(OSDefaults.get_facts({
:fqdn => 'some.host.tld',
}))
end
it_configures 'barbican client'
end
end
end

22
spec/classes/barbican_db_mysql_spec.rb
View File

@ -21,6 +21,7 @@ require 'spec_helper'
describe 'barbican::db::mysql' do
shared_examples_for 'barbican db mysql' do
let :pre_condition do
[
'include mysql::server',
@ -28,10 +29,6 @@ describe 'barbican::db::mysql' do
]
end
let :facts do
@default_facts.merge({ :osfamily => 'Debian' })
end
let :params do
{
'password' => 'fooboozoo_default_password',
@ -77,5 +74,22 @@ describe 'barbican::db::mysql' do
end
end
end
on_supported_os({
:supported_os => OSDefaults.get_supported_os
}).each do |os,facts|
context "on #{os}" do
let (:facts) do
facts.merge(OSDefaults.get_facts({
:processorcount => 8,
:fqdn => 'some.host.tld',
:concat_basedir => '/var/lib/puppet/concat',
}))
end
it_configures 'barbican db mysql'
end
end
end

32
spec/classes/barbican_db_spec.rb
View File

@ -141,17 +141,10 @@ describe 'barbican::db' do
)
end
end
end
context 'on Redhat platforms' do
let :facts do
@default_facts.merge({ :osfamily => 'RedHat',
:operatingsystemrelease => '7.1',
})
end
it_configures 'barbican::db'
shared_examples_for 'barbican db on redhat' do
context 'using pymysql driver' do
let :params do
{ :database_connection => 'mysql+pymysql://barbican:barbican@localhost/barbican', }
@ -161,5 +154,26 @@ describe 'barbican::db' do
end
end
on_supported_os({
:supported_os => OSDefaults.get_supported_os
}).each do |os,facts|
context "on #{os}" do
let (:facts) do
facts.merge(OSDefaults.get_facts({
:processorcount => 8,
:fqdn => 'some.host.tld',
:concat_basedir => '/var/lib/puppet/concat',
}))
end
it_configures 'barbican::db'
case facts[:osfamily]
when 'RedHat'
it_configures 'barbican db on redhat'
end
end
end
end

26
spec/classes/barbican_keystone_notification_spec.rb
View File

@ -21,14 +21,7 @@ require 'spec_helper'
describe 'barbican::keystone::notification' do
let :facts do
@default_facts.merge(
{
:osfamily => 'RedHat',
:processorcount => '7',
}
)
end
shared_examples_for 'barbican keystone notification' do
let :default_params do
{
@ -75,3 +68,20 @@ describe 'barbican::keystone::notification' do
end
end
end
on_supported_os({
:supported_os => OSDefaults.get_supported_os
}).each do |os,facts|
context "on #{os}" do
let (:facts) do
facts.merge(OSDefaults.get_facts({
:processorcount => 8,
:fqdn => 'some.host.tld',
:concat_basedir => '/var/lib/puppet/concat',
}))
end
it_configures 'barbican keystone notification'
end
end
end

25
spec/classes/barbican_plugins_kmip_spec.rb
View File

@ -21,14 +21,7 @@ require 'spec_helper'
describe 'barbican::plugins::kmip' do
let :facts do
@default_facts.merge(
{
:osfamily => 'RedHat',
:processorcount => '7',
}
)
end
shared_examples_for 'barbican plugins kmip' do
describe 'with kmip plugin with username' do
let :params do
@ -77,4 +70,20 @@ describe 'barbican::plugins::kmip' do
end
end
end
on_supported_os({
:supported_os => OSDefaults.get_supported_os
}).each do |os,facts|
context "on #{os}" do
let (:facts) do
facts.merge(OSDefaults.get_facts({
:processorcount => 8,
:fqdn => 'some.host.tld',
:concat_basedir => '/var/lib/puppet/concat',
}))
end
it_configures 'barbican plugins kmip'
end
end
end

27
spec/classes/barbican_plugins_p11_crypto_spec.rb
View File

@ -21,15 +21,7 @@ require 'spec_helper'
describe 'barbican::plugins::p11_crypto' do
let :facts do
@default_facts.merge(
{
:osfamily => 'RedHat',
:processorcount => '7',
}
)
end
shared_examples_for 'barbican plugins p11_crypto' do
describe 'with pk11 plugin' do
let :params do
{
@ -58,3 +50,20 @@ describe 'barbican::plugins::p11_crypto' do
end
end
end
on_supported_os({
:supported_os => OSDefaults.get_supported_os
}).each do |os,facts|
context "on #{os}" do
let (:facts) do
facts.merge(OSDefaults.get_facts({
:processorcount => 8,
:fqdn => 'some.host.tld',
:concat_basedir => '/var/lib/puppet/concat',
}))
end
it_configures 'barbican plugins p11_crypto'
end
end
end

27
spec/classes/barbican_plugins_simple_crypto_spec.rb
View File

@ -21,15 +21,7 @@ require 'spec_helper'
describe 'barbican::plugins::simple_crypto' do
let :facts do
@default_facts.merge(
{
:osfamily => 'RedHat',
:processorcount => '7',
}
)
end
shared_examples_for 'barbican plugins simple_crypto' do
describe 'with parameter passed into pk11 plugin' do
let :params do
{
@ -54,3 +46,20 @@ describe 'barbican::plugins::simple_crypto' do
end
end
end
on_supported_os({
:supported_os => OSDefaults.get_supported_os
}).each do |os,facts|
context "on #{os}" do
let (:facts) do
facts.merge(OSDefaults.get_facts({
:processorcount => 8,
:fqdn => 'some.host.tld',
:concat_basedir => '/var/lib/puppet/concat',
}))
end
it_configures 'barbican plugins simple_crypto'
end
end
end

27
spec/classes/barbican_quota_spec.rb
View File

@ -21,15 +21,7 @@ require 'spec_helper'
describe 'barbican::quota' do
let :facts do
@default_facts.merge(
{
:osfamily => 'RedHat',
:processorcount => '7',
}
)
end
shared_examples_for 'barbican quota' do
let :default_params do
{
:quota_secrets => '<SERVICE DEFAULT>',
@ -74,3 +66,20 @@ describe 'barbican::quota' do
end
end
end
on_supported_os({
:supported_os => OSDefaults.get_supported_os
}).each do |os,facts|
context "on #{os}" do
let (:facts) do
facts.merge(OSDefaults.get_facts({
:processorcount => 8,
:fqdn => 'some.host.tld',
:concat_basedir => '/var/lib/puppet/concat',
}))
end
it_configures 'barbican quota'
end
end
end

2
spec/classes/barbican_wsgi_apache_spec.rb
View File

@ -121,7 +121,7 @@ describe 'barbican::wsgi::apache' do
{
:httpd_service_name => 'apache2',
:httpd_ports_file => '/etc/apache2/ports.conf',
:wsgi_script_path => '/var/www/cgi-bin/barbican',
:wsgi_script_path => '/usr/lib/cgi-bin/barbican',
}
when 'RedHat'
{