commit 7ec60eb0cec991cae1a04f6fba78b5b03db87001 Author: Dan Radez Date: Sun Mar 13 11:48:15 2016 -0400 Initial Commit Signed-off-by: Dan Radez diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..12b6e4d --- /dev/null +++ b/.gitignore @@ -0,0 +1,7 @@ +Gemfile.lock +spec/fixtures/modules/* +spec/fixtures/manifests/site.pp +*.swp +pkg +vendor/ +openstack/ diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..8c06f5e --- /dev/null +++ b/LICENSE @@ -0,0 +1,13 @@ +Copyright 2015 OpenStack Foundation + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/README.md b/README.md new file mode 100644 index 0000000..1851ad3 --- /dev/null +++ b/README.md @@ -0,0 +1,78 @@ +congress +======= + +#### Table of Contents + +1. [Overview - What is the congress module?](#overview) +2. [Module Description - What does the module do?](#module-description) +3. [Setup - The basics of getting started with congress](#setup) +4. [Implementation - An under-the-hood peek at what the module is doing](#implementation) +5. [Limitations - OS compatibility, etc.](#limitations) +6. [Development - Guide for contributing to the module](#development) +7. [Contributors - Those with commits](#contributors) + +Overview +-------- + +The congress module is a part of [OpenStack](https://github.com/openstack), an effort by the Openstack infrastructure team to provide continuous integration testing and code review for Openstack and Openstack community projects not part of the core software. The module its self is used to flexibly configure and manage the FIXME service for Openstack. + +Module Description +------------------ + +The congress module is a thorough attempt to make Puppet capable of managing the entirety of congress. This includes manifests to provision region specific endpoint and database connections. Types are shipped as part of the congress module to assist in manipulation of configuration files. + +Setup +----- + +**What the congress module affects** + +* [congress](https://wiki.openstack.org/wiki/congress), the FIXME service for Openstack. + +### Installing congress + + congress is not currently in Puppet Forge, but is anticipated to be added soon. Once that happens, you'll be able to install congress with: + puppet module install openstack/congress + +### Beginning with congress + +To utilize the congress module's functionality you will need to declare multiple resources. The following is a modified excerpt from the [openstack module](https://github.com/stackfoge/puppet-openstack). This is not an exhaustive list of all the components needed, we recommend you consult and understand the [openstack module](https://github.com/stackforge/puppet-openstack) and the [core openstack](http://docs.openstack.org) documentation. + +Implementation +-------------- + +### congress + +congress is a combination of Puppet manifest and ruby code to delivery configuration and extra functionality through types and providers. + +Limitations +------------ + +* All the congress types use the CLI tools and so need to be ran on the congress node. + +Beaker-Rspec +------------ + +This module has beaker-rspec tests + +To run the tests on the default vagrant node: + +```shell +bundle install +bundle exec rake acceptance +``` + +For more information on writing and running beaker-rspec tests visit the documentation: + +* https://github.com/puppetlabs/beaker/wiki/How-to-Write-a-Beaker-Test-for-a-Module + +Development +----------- + +Developer documentation for the entire puppet-openstack project. + +* https://wiki.openstack.org/wiki/Puppet + +Contributors +------------ + +* https://github.com/openstack/puppet-congress/graphs/contributors diff --git a/lib/puppet/provider/congress_config/ini_setting.rb b/lib/puppet/provider/congress_config/ini_setting.rb new file mode 100644 index 0000000..3d324b6 --- /dev/null +++ b/lib/puppet/provider/congress_config/ini_setting.rb @@ -0,0 +1,27 @@ +Puppet::Type.type(:congress_config).provide( + :ini_setting, + :parent => Puppet::Type.type(:ini_setting).provider(:ruby) +) do + + def section + resource[:name].split('/', 2).first + end + + def setting + resource[:name].split('/', 2).last + end + + def separator + '=' + end + + def self.file_path + '/etc/congress/congress.conf' + end + + # added for backwards compatibility with older versions of inifile + def file_path + self.class.file_path + end + +end diff --git a/lib/puppet/type/congress_config.rb b/lib/puppet/type/congress_config.rb new file mode 100644 index 0000000..3b76fc6 --- /dev/null +++ b/lib/puppet/type/congress_config.rb @@ -0,0 +1,42 @@ +Puppet::Type.newtype(:congress_config) do + + ensurable + + newparam(:name, :namevar => true) do + desc 'Section/setting name to manage from /etc/congress/congress.conf' + newvalues(/\S+\/\S+/) + end + + newproperty(:value) do + desc 'The value of the setting to be defined.' + munge do |value| + value = value.to_s.strip + value.capitalize! if value =~ /^(true|false)$/i + value + end + + def is_to_s( currentvalue ) + if resource.secret? + return '[old secret redacted]' + else + return currentvalue + end + end + + def should_to_s( newvalue ) + if resource.secret? + return '[new secret redacted]' + else + return newvalue + end + end + end + + newparam(:secret, :boolean => true) do + desc 'Whether to hide the value from Puppet logs. Defaults to `false`.' + + newvalues(:true, :false) + + defaultto false + end +end diff --git a/manifests/client.pp b/manifests/client.pp new file mode 100644 index 0000000..bb016e4 --- /dev/null +++ b/manifests/client.pp @@ -0,0 +1,27 @@ +# == Class: congress::client +# +# Installs congress client. +# +# === Parameters +# +# [*ensure*] +# (optional) Ensure state of the package. +# Defaults to 'present'. +# +class congress::client ( + $ensure = 'present' +) { + + package { 'python-congressclient': + ensure => $ensure, + tag => 'openstack', + } + + if $ensure == 'present' { + include '::openstacklib::openstackclient' + } else { + class { '::openstacklib::openstackclient': + package_ensure => $ensure, + } + } +} diff --git a/manifests/config.pp b/manifests/config.pp new file mode 100644 index 0000000..0a59d07 --- /dev/null +++ b/manifests/config.pp @@ -0,0 +1,30 @@ +# == Class: congress::config +# +# This class is used to manage arbitrary congress configurations. +# +# === Parameters +# +# [*congress_config*] +# (optional) Allow configuration of arbitrary congress configurations. +# The value is an hash of congress_config resources. Example: +# { 'DEFAULT/foo' => { value => 'fooValue'}, +# 'DEFAULT/bar' => { value => 'barValue'} +# } +# In yaml format, Example: +# congress_config: +# DEFAULT/foo: +# value: fooValue +# DEFAULT/bar: +# value: barValue +# +# NOTE: The configuration MUST NOT be already handled by this module +# or Puppet catalog compilation will fail with duplicate resources. +# +class congress::config ( + $congress_config = {}, +) { + + validate_hash($congress_config) + + create_resources('congress_config', $congress_config) +} diff --git a/manifests/db.pp b/manifests/db.pp new file mode 100644 index 0000000..33dccc4 --- /dev/null +++ b/manifests/db.pp @@ -0,0 +1,97 @@ +# == Class: congress::db +# +# Configure the congress database connection +# +# === Parameters +# +# [*database_connection*] +# Url used to connect to database. +# (Optional) Defaults to 'sqlite:////var/lib/congress/congress.sqlite'. +# +# [*database_idle_timeout*] +# Timeout when db connections should be reaped. +# (Optional) Defaults to 3600. +# +# [*database_max_retries*] +# Maximum number of database connection retries during startup. +# Setting -1 implies an infinite retry count. +# (Optional) Defaults to 10. +# +# [*database_retry_interval*] +# Interval between retries of opening a database connection. +# (Optional) Defaults to 10. +# +# [*database_min_pool_size*] +# Minimum number of SQL connections to keep open in a pool. +# (Optional) Defaults to 1. +# +# [*database_max_pool_size*] +# Maximum number of SQL connections to keep open in a pool. +# (Optional) Defaults to 10. +# +# [*database_max_overflow*] +# If set, use this value for max_overflow with sqlalchemy. +# (Optional) Defaults to 20. +# +class congress::db ( + $database_connection = 'sqlite:////var/lib/congress/congress.sqlite', + $database_idle_timeout = 3600, + $database_min_pool_size = 1, + $database_max_pool_size = 10, + $database_max_retries = 10, + $database_retry_interval = 10, + $database_max_overflow = 20, +) { + + # NOTE(spredzy): In order to keep backward compatibility we rely on the pick function + # to use congress:: if congress::db:: isn't specified. + $database_connection_real = pick($::congress::database_connection, $database_connection) + $database_idle_timeout_real = pick($::congress::database_idle_timeout, $database_idle_timeout) + $database_min_pool_size_real = pick($::congress::database_min_pool_size, $database_min_pool_size) + $database_max_pool_size_real = pick($::congress::database_max_pool_size, $database_max_pool_size) + $database_max_retries_real = pick($::congress::database_max_retries, $database_max_retries) + $database_retry_interval_real = pick($::congress::database_retry_interval, $database_retry_interval) + $database_max_overflow_real = pick($::congress::database_max_overflow, $database_max_overflow) + + validate_re($database_connection_real, + '(sqlite|mysql|postgresql):\/\/(\S+:\S+@\S+\/\S+)?') + + if $database_connection_real { + case $database_connection_real { + /^mysql:\/\//: { + $backend_package = false + require 'mysql::bindings' + require 'mysql::bindings::python' + } + /^postgresql:\/\//: { + $backend_package = false + require 'postgresql::lib::python' + } + /^sqlite:\/\//: { + $backend_package = $::congress::params::sqlite_package_name + } + default: { + fail('Unsupported backend configured') + } + } + + if $backend_package and !defined(Package[$backend_package]) { + package {'congress-backend-package': + ensure => present, + name => $backend_package, + tag => 'openstack', + } + } + + congress_config { + 'database/connection': value => $database_connection_real, secret => true; + 'database/idle_timeout': value => $database_idle_timeout_real; + 'database/min_pool_size': value => $database_min_pool_size_real; + 'database/max_retries': value => $database_max_retries_real; + 'database/retry_interval': value => $database_retry_interval_real; + 'database/max_pool_size': value => $database_max_pool_size_real; + 'database/max_overflow': value => $database_max_overflow_real; + } + } + +} diff --git a/manifests/db/mysql.pp b/manifests/db/mysql.pp new file mode 100644 index 0000000..456b812 --- /dev/null +++ b/manifests/db/mysql.pp @@ -0,0 +1,69 @@ +# The congress::db::mysql class implements mysql backend for congress +# +# This class can be used to create tables, users and grant +# privelege for a mysql congress database. +# +# == parameters +# +# [*password*] +# (Mandatory) Password to connect to the database. +# Defaults to 'false'. +# +# [*dbname*] +# (Optional) Name of the database. +# Defaults to 'congress'. +# +# [*user*] +# (Optional) User to connect to the database. +# Defaults to 'congress'. +# +# [*host*] +# (Optional) The default source host user is allowed to connect from. +# Defaults to '127.0.0.1' +# +# [*allowed_hosts*] +# (Optional) Other hosts the user is allowed to connect from. +# Defaults to 'undef'. +# +# [*charset*] +# (Optional) The database charset. +# Defaults to 'utf8' +# +# [*collate*] +# (Optional) The database collate. +# Only used with mysql modules >= 2.2. +# Defaults to 'utf8_general_ci' +# +# == Dependencies +# Class['mysql::server'] +# +# == Examples +# +# == Authors +# +# == Copyright +# +class congress::db::mysql( + $password, + $dbname = 'congress', + $user = 'congress', + $host = '127.0.0.1', + $charset = 'utf8', + $collate = 'utf8_general_ci', + $allowed_hosts = undef +) { + + validate_string($password) + + ::openstacklib::db::mysql { 'congress': + user => $user, + password_hash => mysql_password($password), + dbname => $dbname, + host => $host, + charset => $charset, + collate => $collate, + allowed_hosts => $allowed_hosts, + } + + ::Openstacklib::Db::Mysql['congress'] ~> Exec<| title == 'congress-manage db_sync' |> +} diff --git a/manifests/db/postgresql.pp b/manifests/db/postgresql.pp new file mode 100644 index 0000000..4766eca --- /dev/null +++ b/manifests/db/postgresql.pp @@ -0,0 +1,55 @@ +# == Class: congress::db::postgresql +# +# Class that configures postgresql for congress +# Requires the Puppetlabs postgresql module. +# +# === Parameters +# +# [*password*] +# (Required) Password to connect to the database. +# +# [*dbname*] +# (Optional) Name of the database. +# Defaults to 'congress'. +# +# [*user*] +# (Optional) User to connect to the database. +# Defaults to 'congress'. +# +# [*encoding*] +# (Optional) The charset to use for the database. +# Default to undef. +# +# [*privileges*] +# (Optional) Privileges given to the database user. +# Default to 'ALL' +# +# == Dependencies +# +# == Examples +# +# == Authors +# +# == Copyright +# +class congress::db::postgresql( + $password, + $dbname = 'congress', + $user = 'congress', + $encoding = undef, + $privileges = 'ALL', +) { + + Class['congress::db::postgresql'] -> Service<| title == 'congress' |> + + ::openstacklib::db::postgresql { 'congress': + password_hash => postgresql_password($user, $password), + dbname => $dbname, + user => $user, + encoding => $encoding, + privileges => $privileges, + } + + ::Openstacklib::Db::Postgresql['congress'] ~> Exec<| title == 'congress-manage db_sync' |> + +} diff --git a/manifests/db/sync.pp b/manifests/db/sync.pp new file mode 100644 index 0000000..bb07f7e --- /dev/null +++ b/manifests/db/sync.pp @@ -0,0 +1,14 @@ +# +# Class to execute "congress-manage db_sync +# +class congress::db::sync { + exec { 'congress-manage db_sync': + path => '/usr/bin', + user => 'congress', + refreshonly => true, + subscribe => [Package['congress'], congress_config['database/connection']], + require => User['congress'], + } + + Exec['congress-manage db_sync'] ~> Service<| title == 'congress' |> +} diff --git a/manifests/init.pp b/manifests/init.pp new file mode 100644 index 0000000..a1367c3 --- /dev/null +++ b/manifests/init.pp @@ -0,0 +1,410 @@ +# == Class: congress +# +# Module for managing congress config +# +# === Parameters +# +# [*keystone_password*] +# (required) Password used to authentication. +# +# [*package_ensure*] +# (optional) Desired ensure state of packages. +# accepts latest or specific versions. +# Defaults to present. +# +# [*client_package_ensure*] +# (optional) Desired ensure state of the client package. +# accepts latest or specific versions. +# Defaults to present. +# +# [*bind_host*] +# (optional) The IP address that congress binds to. +# Default to '0.0.0.0'. +# +# [*bind_port*] +# (optional) Port that congress binds to. +# Defaults to '1789' +# +# [*verbose*] +# (optional) Rather congress should log at verbose level. +# Defaults to undef. +# +# [*debug*] +# (optional) Rather congress should log at debug level. +# Defaults to undef. +# +# [*auth_type*] +# (optional) Type is authorization being used. +# Defaults to 'keystone' +# +# [*auth_uri*] +# (optional) Complete public Identity API endpoint. +# Defaults to false. +# +# [*identity_uri*] +# (optional) Complete admin Identity API endpoint. +# Defaults to: false +# +# [*keystone_tenant*] +# (optional) Tenant to authenticate to. +# Defaults to services. +# +# [*keystone_user*] +# (optional) User to authenticate as with keystone. +# Defaults to 'congress'. +# +# [*manage_service*] +# (Optional) If Puppet should manage service startup / shutdown. +# Defaults to true. +# +# [*enabled*] +# (optional) If the congress services should be enabled. +# Default to true. +# +# [*database_connection*] +# (optional) Url used to connect to database. +# Defaults to undef. +# +# [*database_idle_timeout*] +# (optional) Timeout when db connections should be reaped. +# Defaults to undef. +# +# [*database_max_retries*] +# (optional) Maximum number of database connection retries during startup. +# Setting -1 implies an infinite retry count. +# (Defaults to undef) +# +# [*database_retry_interval*] +# (optional) Interval between retries of opening a database connection. +# (Defaults to undef) +# +# [*database_min_pool_size*] +# (optional) Minimum number of SQL connections to keep open in a pool. +# Defaults to: undef +# +# [*database_max_pool_size*] +# (optional) Maximum number of SQL connections to keep open in a pool. +# Defaults to: undef +# +# [*database_max_overflow*] +# (optional) If set, use this value for max_overflow with sqlalchemy. +# Defaults to: undef +# +# [*rpc_backend*] +# (Optional) Use these options to configure the RabbitMQ message system. +# Defaults to 'rabbit' +# +# [*control_exchange*] +# (Optional) +# Defaults to 'openstack'. +# +# [*rabbit_host*] +# (Optional) IP or hostname of the rabbit server. +# Defaults to '127.0.0.1' +# +# [*rabbit_port*] +# (Optional) Port of the rabbit server. +# Defaults to 5672. +# +# [*rabbit_hosts*] +# (Optional) Array of host:port (used with HA queues). +# If defined, will remove rabbit_host & rabbit_port parameters from config +# Defaults to undef. +# +# [*rabbit_userid*] +# (Optional) User to connect to the rabbit server. +# Defaults to 'guest' +# +# [*rabbit_password*] +# (Required) Password to connect to the rabbit_server. +# Defaults to empty. Required if using the Rabbit (kombu) +# backend. +# +# [*rabbit_virtual_host*] +# (Optional) Virtual_host to use. +# Defaults to '/' +# +# [*rabbit_heartbeat_timeout_threshold*] +# (optional) Number of seconds after which the RabbitMQ broker is considered +# down if the heartbeat keepalive fails. Any value >0 enables heartbeats. +# Heartbeating helps to ensure the TCP connection to RabbitMQ isn't silently +# closed, resulting in missed or lost messages from the queue. +# (Requires kombu >= 3.0.7 and amqp >= 1.4.0) +# Defaults to 0 +# +# [*rabbit_heartbeat_rate*] +# (optional) How often during the rabbit_heartbeat_timeout_threshold period to +# check the heartbeat on RabbitMQ connection. (i.e. rabbit_heartbeat_rate=2 +# when rabbit_heartbeat_timeout_threshold=60, the heartbeat will be checked +# every 30 seconds. +# Defaults to 2 +# +# [*rabbit_use_ssl*] +# (optional) Connect over SSL for RabbitMQ +# Defaults to false +# +# [*kombu_ssl_ca_certs*] +# (optional) SSL certification authority file (valid only if SSL enabled). +# Defaults to $::os_service_default +# +# [*kombu_ssl_certfile*] +# (optional) SSL cert file (valid only if SSL enabled). +# Defaults to $::os_service_default +# +# [*kombu_ssl_keyfile*] +# (optional) SSL key file (valid only if SSL enabled). +# Defaults to $::os_service_default +# +# [*kombu_ssl_version*] +# (optional) SSL version to use (valid only if SSL enabled). +# Valid values are TLSv1, SSLv23 and SSLv3. SSLv2 may be +# available on some distributions. +# Defaults to $::os_service_default +# +# [*kombu_reconnect_delay*] +# (optional) How long to wait before reconnecting in response to an AMQP +# consumer cancel notification. +# Defaults to $::os_service_default +# +# [*amqp_durable_queues*] +# Use durable queues in amqp. +# (Optional) Defaults to false. +# +# [*service_provider*] +# (optional) Provider, that can be used for congress service. +# Default value defined in congress::params for given operation system. +# If you use Pacemaker or another Cluster Resource Manager, you can make +# custom service provider for changing start/stop/status behavior of service, +# and set it here. +# +# [*service_name*] +# (optional) Name of the service that will be providing the +# server functionality of congress. +# Defaults to '$::congress::params::service_name' +# +# [*sync_db*] +# (Optional) Run db sync on the node. +# Defaults to true +# +# == Dependencies +# None +# +# == Examples +# +# class { 'congress': +# keystone_password => 'congress', +# keystone_tenant => 'service', +# auth_uri => 'http://192.168.122.6:5000/', +# identity_uri => 'http://192.168.122.6:35357/', +# database_connection => 'mysql://congress:password@192.168.122.6/congress', +# rabbit_host => '192.168.122.6', +# rabbit_password => 'guest', +# } +# +# class { 'congress::db::mysql': +# password => 'password', +# host => '192.168.122.6', +# } +# +# class { 'congress::keystone::auth': +# password => 'congress', +# tenant => 'service', +# admin_url => 'http://192.168.122.6:1789', +# internal_url => 'http://192.168.122.6:1789', +# public_url => 'http://192.168.122.6:1789', +# region => 'regionOne', +# } +# +# == Authors +# +# Dan Radez +# +# == Copyright +# +# Copyright 2015 Red Hat Inc, unless otherwise noted. +# + +class congress( + $keystone_password, + $package_ensure = 'present', + $client_package_ensure = 'present', + $bind_host = '0.0.0.0', + $bind_port = '1789', + $verbose = undef, + $debug = undef, + $auth_type = 'keystone', + $auth_uri = false, + $identity_uri = false, + $keystone_tenant = 'services', + $keystone_user = 'congress', + $manage_service = true, + $enabled = true, + $database_connection = undef, + $database_idle_timeout = undef, + $database_max_retries = undef, + $database_retry_interval = undef, + $database_min_pool_size = undef, + $database_max_pool_size = undef, + $database_max_overflow = undef, + $rpc_backend = 'rabbit', + $control_exchange = 'congress', + $rabbit_host = '127.0.0.1', + $rabbit_port = 5672, + $rabbit_hosts = false, + $rabbit_virtual_host = '/', + $rabbit_heartbeat_timeout_threshold = 0, + $rabbit_heartbeat_rate = 2, + $rabbit_userid = 'guest', + $rabbit_password = false, + $rabbit_use_ssl = false, + $kombu_ssl_ca_certs = $::os_service_default, + $kombu_ssl_certfile = $::os_service_default, + $kombu_ssl_keyfile = $::os_service_default, + $kombu_ssl_version = $::os_service_default, + $kombu_reconnect_delay = $::os_service_default, + $amqp_durable_queues = false, + $service_provider = $::congress::params::service_provider, + $service_name = $::congress::params::service_name, +) inherits congress::params { + congress_config { + 'DEFAULT/drivers' : value => 'congress.datasources.neutronv2_driver.NeutronV2Driver,congress.datasources.glancev2_driver.GlanceV2Driver,congress.datasources.nova_driver.NovaDriver,congress.datasources. keystone_driver.KeystoneDriver,congress.datasources.ceilometer_driver.CeilometerDriver,congress.datasources.cinder_driver.CinderDriver'; + } + + if $identity_uri { + congress_config { 'keystone_authtoken/identity_uri': value => $identity_uri; } + congress_config { 'keystone_authtoken/auth_url' : value => $identity_uri; } + } else { + congress_config { 'keystone_authtoken/identity_uri': ensure => absent; } + } + + if $auth_uri { + congress_config { 'keystone_authtoken/auth_uri': value => $auth_uri; } + } else { + congress_config { 'keystone_authtoken/auth_uri': ensure => absent; } + } + + if $auth_type == 'keystone' { + congress_config { + 'keystone_authtoken/project_name' : value => $keystone_tenant; + 'keystone_authtoken/username' : value => $keystone_user; + 'keystone_authtoken/password' : value => $keystone_password, secret => true; + } + } + + congress_config<||> ~> Service[$service_name] + congress_config<||> ~> Exec<| title == 'congress-manage db_sync'|> + + include ::congress::db + include ::congress::params + + if $sync_db { + include ::congress::db::sync + Class['::congress::db::sync'] ~> Service[$service_name] + } + if $rpc_backend == 'rabbit' { + + if ! $rabbit_password { + fail('Please specify a rabbit_password parameter.') + } + + congress_config { + 'DEFAULT/rabbit_password': value => $rabbit_password, secret => true; + 'DEFAULT/rabbit_userid': value => $rabbit_userid; + 'DEFAULT/rabbit_virtual_host': value => $rabbit_virtual_host; + 'DEFAULT/control_exchange': value => $control_exchange; + #'DEFAULT/rabbit_use_ssl': value => $rabbit_use_ssl; + #'DEFAULT/kombu_reconnect_delay': value => $kombu_reconnect_delay; + #'DEFAULT/heartbeat_timeout_threshold': value => $rabbit_heartbeat_timeout_threshold; + #'DEFAULT/heartbeat_rate': value => $rabbit_heartbeat_rate; + #'DEFAULT/amqp_durable_queues': value => $amqp_durable_queues; + } + + if $rabbit_use_ssl { + congress_config { + 'DEFAULT/kombu_ssl_version' : value => $kombu_ssl_version; + 'DEFAULT/kombu_ssl_ca_certs' : value => $kombu_ssl_ca_certs; + 'DEFAULT/kombu_ssl_certfile' : value => $kombu_ssl_certfile; + 'DEFAULT/kombu_ssl_keyfile' : value => $kombu_ssl_keyfile; + } + } + + if $rabbit_hosts { + congress_config { 'DEFAULT/rabbit_hosts': value => join($rabbit_hosts, ',') } + congress_config { 'DEFAULT/rabbit_ha_queues': value => true } + congress_config { 'DEFAULT/rabbit_host': ensure => absent } + congress_config { 'DEFAULT/rabbit_port': ensure => absent } + } else { + congress_config { 'DEFAULT/rabbit_host': value => $rabbit_host } + congress_config { 'DEFAULT/rabbit_port': value => $rabbit_port } + congress_config { 'DEFAULT/rabbit_hosts': value => "${rabbit_host}:${rabbit_port}" } + congress_config { 'DEFAULT/rabbit_ha_queues': value => false } + } + + } + + package { 'congress': + ensure => $package_ensure, + name => $::congress::params::package_name, + tag => ['openstack', 'congress-package'], + } + if $client_package_ensure == 'present' { + include '::congress::client' + } else { + class { '::congress::client': + ensure => $client_package_ensure, + } + } + + group { 'congress': + ensure => present, + system => true, + require => Package['congress'], + } + + user { 'congress': + ensure => 'present', + gid => 'congress', + system => true, + require => Package['congress'], + } + + file { ['/etc/congress', '/var/log/congress', '/var/lib/congress']: + ensure => directory, + mode => '0750', + owner => 'congress', + group => 'congress', + require => Package['congress'], + notify => Service[$service_name], + } + + file { '/etc/congress/congress.conf': + ensure => present, + mode => '0600', + owner => 'congress', + group => 'congress', + require => Package['congress'], + notify => Service[$service_name], + } + + congress_config { + 'DEFAULT/bind_host': value => $bind_host; + 'DEFAULT/bind_port': value => $bind_port; + } + + if $manage_service { + if $enabled { + $service_ensure = 'running' + } else { + $service_ensure = 'stopped' + } + } + + class { '::congress::service': + ensure => $service_ensure, + service_name => $service_name, + enable => $enabled, + hasstatus => true, + hasrestart => true, + provider => $service_provider, + } +} diff --git a/manifests/keystone/auth.pp b/manifests/keystone/auth.pp new file mode 100644 index 0000000..13be1f0 --- /dev/null +++ b/manifests/keystone/auth.pp @@ -0,0 +1,93 @@ +# == Class: congress::keystone::auth +# +# Configures congress user, service and endpoint in Keystone. +# +# === Parameters +# +# [*password*] +# (required) Password for congress user. +# +# [*auth_name*] +# Username for congress service. Defaults to 'congress'. +# +# [*email*] +# Email for congress user. Defaults to 'congress@localhost'. +# +# [*tenant*] +# Tenant for congress user. Defaults to 'services'. +# +# [*configure_endpoint*] +# Should congress endpoint be configured? Defaults to 'true'. +# +# [*configure_user*] +# (Optional) Should the service user be configured? +# Defaults to 'true'. +# +# [*configure_user_role*] +# (Optional) Should the admin role be configured for the service user? +# Defaults to 'true'. +# +# [*service_type*] +# Type of service. Defaults to 'NFV'. +# +# [*admin_url*] +# (optional) The endpoint's admin url. (Defaults to 'http://127.0.0.1:1789') +# This url should *not* contain any version or trailing '/'. +# +# [*internal_url*] +# (optional) The endpoint's internal url. (Defaults to 'http://127.0.0.1:1789') +# This url should *not* contain any version or trailing '/'. +# +# [*public_url*] +# (optional) The endpoint's public url. (Defaults to 'http://127.0.0.1:1789') +# This url should *not* contain any version or trailing '/'. +# +# [*region*] +# Region for endpoint. Defaults to 'RegionOne'. +# +# [*service_name*] +# (optional) Name of the service. +# Defaults to the value of auth_name. +# +# +class congress::keystone::auth ( + $password, + $auth_name = 'congress', + $email = 'congress@localhost', + $tenant = 'services', + $configure_endpoint = true, + $configure_user = true, + $configure_user_role = true, + $service_name = undef, + $service_type = 'servicevm', + $admin_url = 'http://127.0.0.1:1789', + $internal_url = 'http://127.0.0.1:1789', + $public_url = 'http://127.0.0.1:1789', + $region = 'RegionOne' +) { + + $real_service_name = pick($service_name, $auth_name) + + if $configure_user_role { + Keystone_user_role["${auth_name}@${tenant}"] ~> Service <| name == 'congress-server' |> + } + Keystone_endpoint["${region}/${real_service_name}"] ~> Service <| name == 'congress-server' |> + + keystone::resource::service_identity { 'congress': + configure_user => $configure_user, + configure_user_role => $configure_user_role, + configure_endpoint => $configure_endpoint, + service_name => $real_service_name, + service_type => $service_type, + service_description => 'congress VNF Manager service', + region => $region, + auth_name => $auth_name, + password => $password, + email => $email, + tenant => $tenant, + admin_url => "${admin_url}/", + internal_url => "${internal_url}/", + public_url => "${public_url}/", + } + +} diff --git a/manifests/logging.pp b/manifests/logging.pp new file mode 100644 index 0000000..7bcdc00 --- /dev/null +++ b/manifests/logging.pp @@ -0,0 +1,251 @@ +# Class congress::logging +# +# congress logging configuration +# +# == parameters +# +# [*verbose*] +# (Optional) Should the daemons log verbose messages +# Defaults to false. +# +# [*debug*] +# (Optional) Should the daemons log debug messages +# Defaults to false. +# +# [*use_syslog*] +# (Optional) Use syslog for logging. +# Defaults to false. +# +# [*use_stderr*] +# (optional) Use stderr for logging +# Defaults to true. +# +# [*log_facility*] +# (Optional) Syslog facility to receive log lines. +# Defaults to 'LOG_USER'. +# +# [*log_dir*] +# (optional) Directory where logs should be stored. +# If set to boolean false, it will not log to any directory. +# Defaults to '/var/log/congress'. +# +# [*logging_context_format_string*] +# (optional) Format string to use for log messages with context. +# Defaults to undef. +# Example: '%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s\ +# [%(request_id)s %(user_identity)s] %(instance)s%(message)s' +# +# [*logging_default_format_string*] +# (optional) Format string to use for log messages without context. +# Defaults to undef. +# Example: '%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s\ +# [-] %(instance)s%(message)s' +# +# [*logging_debug_format_suffix*] +# (optional) Formatted data to append to log format when level is DEBUG. +# Defaults to undef. +# Example: '%(funcName)s %(pathname)s:%(lineno)d' +# +# [*logging_exception_prefix*] +# (optional) Prefix each line of exception output with this format. +# Defaults to undef. +# Example: '%(asctime)s.%(msecs)03d %(process)d TRACE %(name)s %(instance)s' +# +# [*log_config_append*] +# The name of an additional logging configuration file. +# Defaults to undef. +# See https://docs.python.org/2/howto/logging.html +# +# [*default_log_levels*] +# (optional) Hash of logger (keys) and level (values) pairs. +# Defaults to undef. +# Example: +# { 'amqp' => 'WARN', 'amqplib' => 'WARN', 'boto' => 'WARN', +# 'qpid' => 'WARN', 'sqlalchemy' => 'WARN', 'suds' => 'INFO', +# 'oslo.messaging' => 'INFO', 'iso8601' => 'WARN', +# 'requests.packages.urllib3.connectionpool' => 'WARN', +# 'urllib3.connectionpool' => 'WARN', +# 'websocket' => 'WARN', 'congressmiddleware' => 'WARN', +# 'routes.middleware' => 'WARN', stevedore => 'WARN' } +# +# [*publish_errors*] +# (optional) Publish error events (boolean value). +# Defaults to undef (false if unconfigured). +# +# [*fatal_deprecations*] +# (optional) Make deprecations fatal (boolean value) +# Defaults to undef (false if unconfigured). +# +# [*instance_format*] +# (optional) If an instance is passed with the log message, format it +# like this (string value). +# Defaults to undef. +# Example: '[instance: %(uuid)s] ' +# +# [*instance_uuid_format*] +# (optional) If an instance UUID is passed with the log message, format +# it like this (string value). +# Defaults to undef. +# Example: instance_uuid_format='[instance: %(uuid)s] ' +# +# [*log_date_format*] +# (optional) Format string for %%(asctime)s in log records. +# Defaults to undef. +# Example: 'Y-%m-%d %H:%M:%S' + +class congress::logging( + $use_syslog = false, + $use_stderr = true, + $log_facility = 'LOG_USER', + $log_dir = '/var/log/congress', + $verbose = false, + $debug = false, + $logging_context_format_string = undef, + $logging_default_format_string = undef, + $logging_debug_format_suffix = undef, + $logging_exception_prefix = undef, + $log_config_append = undef, + $default_log_levels = undef, + $publish_errors = undef, + $fatal_deprecations = undef, + $instance_format = undef, + $instance_uuid_format = undef, + $log_date_format = undef, +) { + + congress_config { + 'DEFAULT/use_syslog' : value => $use_syslog; + 'DEFAULT/use_stderr' : value => $use_stderr; + 'DEFAULT/log_dir' : value => $log_dir; + 'DEFAULT/verbose' : value => $verbose; + 'DEFAULT/debug' : value => $debug; + 'DEFAULT/syslog_log_facility' : value => $log_facility; + } + + if $logging_context_format_string { + congress_config { + 'DEFAULT/logging_context_format_string' : + value => $logging_context_format_string; + } + } + else { + congress_config { + 'DEFAULT/logging_context_format_string' : ensure => absent; + } + } + + if $logging_default_format_string { + congress_config { + 'DEFAULT/logging_default_format_string' : + value => $logging_default_format_string; + } + } + else { + congress_config { + 'DEFAULT/logging_default_format_string' : ensure => absent; + } + } + + if $logging_debug_format_suffix { + congress_config { + 'DEFAULT/logging_debug_format_suffix' : + value => $logging_debug_format_suffix; + } + } + else { + congress_config { + 'DEFAULT/logging_debug_format_suffix' : ensure => absent; + } + } + + if $logging_exception_prefix { + congress_config { + 'DEFAULT/logging_exception_prefix' : value => $logging_exception_prefix; + } + } + else { + congress_config { + 'DEFAULT/logging_exception_prefix' : ensure => absent; + } + } + + if $log_config_append { + congress_config { + 'DEFAULT/log_config_append' : value => $log_config_append; + } + } + else { + congress_config { + 'DEFAULT/log_config_append' : ensure => absent; + } + } + + if $default_log_levels { + congress_config { + 'DEFAULT/default_log_levels' : + value => join(sort(join_keys_to_values($default_log_levels, '=')), ','); + } + } + else { + congress_config { + 'DEFAULT/default_log_levels' : ensure => absent; + } + } + + if $publish_errors { + congress_config { + 'DEFAULT/publish_errors' : value => $publish_errors; + } + } + else { + congress_config { + 'DEFAULT/publish_errors' : ensure => absent; + } + } + + if $fatal_deprecations { + congress_config { + 'DEFAULT/fatal_deprecations' : value => $fatal_deprecations; + } + } + else { + congress_config { + 'DEFAULT/fatal_deprecations' : ensure => absent; + } + } + + if $instance_format { + congress_config { + 'DEFAULT/instance_format' : value => $instance_format; + } + } + else { + congress_config { + 'DEFAULT/instance_format' : ensure => absent; + } + } + + if $instance_uuid_format { + congress_config { + 'DEFAULT/instance_uuid_format' : value => $instance_uuid_format; + } + } + else { + congress_config { + 'DEFAULT/instance_uuid_format' : ensure => absent; + } + } + + if $log_date_format { + congress_config { + 'DEFAULT/log_date_format' : value => $log_date_format; + } + } + else { + congress_config { + 'DEFAULT/log_date_format' : ensure => absent; + } + } + + +} diff --git a/manifests/params.pp b/manifests/params.pp new file mode 100644 index 0000000..f2ceed0 --- /dev/null +++ b/manifests/params.pp @@ -0,0 +1,31 @@ +# +# This class contains the platform differences for congress +# +class congress::params { + $client_package_name = 'python-congressclient' + + case $::osfamily { + 'Debian': { + $package_name = 'congress' + $service_name = 'congress' + $python_memcache_package_name = 'python-memcache' + $sqlite_package_name = 'python-pysqlite2' + $paste_config = undef + case $::operatingsystem { + 'Debian': { + $service_provider = undef + } + default: { + $service_provider = 'upstart' + } + } + } + 'RedHat': { + $package_name = 'openstack-congress' + $service_name = 'openstack-congress' + $python_memcache_package_name = 'python-memcached' + $sqlite_package_name = undef + $service_provider = undef + } + } +} diff --git a/manifests/policy.pp b/manifests/policy.pp new file mode 100644 index 0000000..cdca472 --- /dev/null +++ b/manifests/policy.pp @@ -0,0 +1,39 @@ +# == Class: congress::policy +# +# Configure the congress policies +# +# === Parameters +# +# [*policies*] +# (optional) Set of policies to configure for congress +# Example : +# { +# 'congress-context_is_admin' => { +# 'key' => 'context_is_admin', +# 'value' => 'true' +# }, +# 'congress-default' => { +# 'key' => 'default', +# 'value' => 'rule:admin_or_owner' +# } +# } +# Defaults to empty hash. +# +# [*policy_path*] +# (optional) Path to the nova policy.json file +# Defaults to /etc/congress/policy.json +# +class congress::policy ( + $policies = {}, + $policy_path = '/etc/congress/policy.json', +) { + + validate_hash($policies) + + Openstacklib::Policy::Base { + file_path => $policy_path, + } + + create_resources('openstacklib::policy::base', $policies) + +} diff --git a/manifests/service.pp b/manifests/service.pp new file mode 100644 index 0000000..f802e9a --- /dev/null +++ b/manifests/service.pp @@ -0,0 +1,55 @@ +# == Class congress::service +# +# Encapsulates the congress service to a class. +# This allows resources that require congress to +# require this class, which can optionally +# validate that the service can actually accept +# connections. +# +# === Parameters +# +# [*ensure*] +# (optional) The desired state of the congress service +# Defaults to undef +# +# [*service_name*] +# (optional) The name of the congress service +# Defaults to $::congress::params::service_name +# +# [*enable*] +# (optional) Whether to enable the congress service +# Defaults to true +# +# [*hasstatus*] +# (optional) Whether the congress service has status +# Defaults to true +# +# [*hasrestart*] +# (optional) Whether the congress service has restart +# Defaults to true +# +# [*provider*] +# (optional) Provider for congress service +# Defaults to $::congress::params::service_provider +# +class congress::service( + $ensure = undef, + $service_name = $::congress::params::service_name, + $enable = true, + $hasstatus = true, + $hasrestart = true, + $provider = $::congress::params::service_provider, +) { + include ::congress::params + + service { 'congress': + ensure => $ensure, + name => $service_name, + enable => $enable, + hasstatus => $hasstatus, + hasrestart => $hasrestart, + provider => $provider, + tag => 'congress-service', + } + +} diff --git a/metadata.json b/metadata.json new file mode 100644 index 0000000..e94dd68 --- /dev/null +++ b/metadata.json @@ -0,0 +1,34 @@ +{ + "name": "puppet-congress", + "version": "0.0.1", + "author": "OpenStack Contributors", + "summary": "Puppet module for OpenStack congress", + "license": "Apache-2.0", + "source": "git://github.com/openstack/puppet-congress.git", + "project_page": "https://launchpad.net/puppet-congress", + "issues_url": "https://bugs.launchpad.net/puppet-congress", + "description": "Installs and configures OpenStack congress.", + "operatingsystem_support": [ + { + "operatingsystem": "Debian", + "operatingsystemrelease": ["8"] + }, + { + "operatingsystem": "Fedora", + "operatingsystemrelease": ["21","22"] + }, + { + "operatingsystem": "RedHat", + "operatingsystemrelease": ["7"] + }, + { + "operatingsystem": "Ubuntu", + "operatingsystemrelease": ["14.04"] + } + ], + "dependencies": [ + { "name": "puppetlabs/inifile", "version_requirement": ">=1.0.0 <2.0.0" }, + { "name": "puppetlabs/stdlib", "version_requirement": ">= 4.2.0 <5.0.0" }, + { "name": "stackforge/openstacklib", "version_requirement": ">=5.0.0 <6.0.0" } + ] +} diff --git a/spec/classes/congress_db_mysql_spec.rb b/spec/classes/congress_db_mysql_spec.rb new file mode 100644 index 0000000..6370bac --- /dev/null +++ b/spec/classes/congress_db_mysql_spec.rb @@ -0,0 +1,62 @@ +require 'spec_helper' + +describe 'congress::db::mysql' do + + let :pre_condition do + [ + 'include mysql::server', + 'include congress::db::sync' + ] + end + + let :facts do + { :osfamily => 'Debian' } + end + + let :params do + { + 'password' => 'fooboozoo_default_password', + } + end + + describe 'with only required params' do + it { is_expected.to contain_openstacklib__db__mysql('congress').with( + 'user' => 'congress', + 'password_hash' => '*3DDF34A86854A312A8E2C65B506E21C91800D206', + 'dbname' => 'congress', + 'host' => '127.0.0.1', + 'charset' => 'utf8', + :collate => 'utf8_general_ci', + )} + end + + describe "overriding allowed_hosts param to array" do + let :params do + { + :password => 'congresspass', + :allowed_hosts => ['127.0.0.1','%'] + } + end + + end + describe "overriding allowed_hosts param to string" do + let :params do + { + :password => 'congresspass2', + :allowed_hosts => '192.168.1.1' + } + end + + end + + describe "overriding allowed_hosts param equals to host param " do + let :params do + { + :password => 'congresspass2', + :allowed_hosts => '127.0.0.1' + } + end + + end + +end diff --git a/spec/classes/congress_db_postgresql_spec.rb b/spec/classes/congress_db_postgresql_spec.rb new file mode 100644 index 0000000..74abbdb --- /dev/null +++ b/spec/classes/congress_db_postgresql_spec.rb @@ -0,0 +1,58 @@ +require 'spec_helper' + +describe 'congress::db::postgresql' do + + let :req_params do + { :password => 'pw' } + end + + let :pre_condition do + 'include postgresql::server' + end + + context 'on a RedHat osfamily' do + let :facts do + { + :osfamily => 'RedHat', + :operatingsystemrelease => '7.0', + :concat_basedir => '/var/lib/puppet/concat' + } + end + + context 'with only required parameters' do + let :params do + req_params + end + + it { is_expected.to contain_postgresql__server__db('congress').with( + :user => 'congress', + :password => 'md5c530c33636c58ae83ca933f39319273e' + )} + end + + end + + context 'on a Debian osfamily' do + let :facts do + { + :operatingsystemrelease => '7.8', + :operatingsystem => 'Debian', + :osfamily => 'Debian', + :concat_basedir => '/var/lib/puppet/concat' + } + end + + context 'with only required parameters' do + let :params do + req_params + end + + it { is_expected.to contain_postgresql__server__db('congress').with( + :user => 'congress', + :password => 'md5c530c33636c58ae83ca933f39319273e' + )} + end + + end + +end diff --git a/spec/classes/congress_db_spec.rb b/spec/classes/congress_db_spec.rb new file mode 100644 index 0000000..3b84993 --- /dev/null +++ b/spec/classes/congress_db_spec.rb @@ -0,0 +1,78 @@ +require 'spec_helper' + +describe 'congress::db' do + + shared_examples 'congress::db' do + context 'with default parameters' do + it { is_expected.to contain_congress_config('database/connection').with_value('mysql://congress:secrete@localhost:3306/congress') } + it { is_expected.to contain_congress_config('database/idle_timeout').with_value('3600') } + it { is_expected.to contain_congress_config('database/min_pool_size').with_value('1') } + it { is_expected.to contain_congress_config('database/max_retries').with_value('10') } + it { is_expected.to contain_congress_config('database/retry_interval').with_value('10') } + it { is_expected.to contain_congress_config('database/max_pool_size').with_value('10') } + it { is_expected.to contain_congress_config('database/max_overflow').with_value('20') } + end + + context 'with specific parameters' do + let :params do + { :database_connection => 'mysql://congress:congress@localhost/congress', + :database_idle_timeout => '3601', + :database_min_pool_size => '2', + :database_max_retries => '11', + :database_retry_interval => '11', + :database_max_pool_size => '11', + :database_max_overflow => '21', + } + end + + it { is_expected.to contain_congress_config('database/connection').with_value('mysql://congress:congress@localhost/congress') } + it { is_expected.to contain_congress_config('database/idle_timeout').with_value('3601') } + it { is_expected.to contain_congress_config('database/min_pool_size').with_value('2') } + it { is_expected.to contain_congress_config('database/max_retries').with_value('11') } + it { is_expected.to contain_congress_config('database/retry_interval').with_value('11') } + it { is_expected.to contain_congress_config('database/max_pool_size').with_value('11') } + it { is_expected.to contain_congress_config('database/max_overflow').with_value('21') } + end + + context 'with postgresql backend' do + let :params do + { :database_connection => 'postgresql://congress:congress@localhost/congress', } + end + + it 'install the proper backend package' do + is_expected.to contain_package('python-psycopg2').with(:ensure => 'present') + end + + end + + context 'with incorrect database_connection string' do + let :params do + { :database_connection => 'sqlite://congress:congress@localhost/congress', } + end + + it_raises 'a Puppet::Error', /validate_re/ + end + end + + context 'on Debian platforms' do + let :facts do + { :osfamily => 'Debian', + :operatingsystem => 'Debian', + :operatingsystemrelease => 'jessie', + } + end + + it_configures 'congress::db' + end + + context 'on Redhat platforms' do + let :facts do + { :osfamily => 'RedHat', + :operatingsystemrelease => '7.1', + } + end + + it_configures 'congress::db' + end + +end diff --git a/spec/classes/congress_keystone_auth_spec.rb b/spec/classes/congress_keystone_auth_spec.rb new file mode 100644 index 0000000..3cb7e59 --- /dev/null +++ b/spec/classes/congress_keystone_auth_spec.rb @@ -0,0 +1,123 @@ +# +# Unit tests for congress::keystone::auth +# + +require 'spec_helper' + +describe 'congress::keystone::auth' do + + let :facts do + { :osfamily => 'Debian' } + end + + describe 'with default class parameters' do + let :params do + { :password => 'congress_password', + :tenant => 'foobar' } + end + + it { is_expected.to contain_keystone_user('congress').with( + :ensure => 'present', + :password => 'congress_password', + ) } + + it { is_expected.to contain_keystone_user_role('congress@foobar').with( + :ensure => 'present', + :roles => ['admin'] + )} + + it { is_expected.to contain_keystone_service('congress').with( + :ensure => 'present', + :type => 'FIXME', + :description => 'congress FIXME Service' + ) } + + it { is_expected.to contain_keystone_endpoint('RegionOne/congress').with( + :ensure => 'present', + :public_url => 'http://127.0.0.1:FIXME', + :admin_url => 'http://127.0.0.1:FIXME', + :internal_url => 'http://127.0.0.1:FIXME', + ) } + end + + describe 'when overriding URL paramaters' do + let :params do + { :password => 'congress_password', + :public_url => 'https://10.10.10.10:80', + :internal_url => 'http://10.10.10.11:81', + :admin_url => 'http://10.10.10.12:81', } + end + + it { is_expected.to contain_keystone_endpoint('RegionOne/congress').with( + :ensure => 'present', + :public_url => 'https://10.10.10.10:80', + :internal_url => 'http://10.10.10.11:81', + :admin_url => 'http://10.10.10.12:81', + ) } + end + + describe 'when overriding auth name' do + let :params do + { :password => 'foo', + :auth_name => 'congressy' } + end + + it { is_expected.to contain_keystone_user('congressy') } + it { is_expected.to contain_keystone_user_role('congressy@services') } + it { is_expected.to contain_keystone_service('congressy') } + it { is_expected.to contain_keystone_endpoint('RegionOne/congressy') } + end + + describe 'when overriding service name' do + let :params do + { :service_name => 'congress_service', + :auth_name => 'congress', + :password => 'congress_password' } + end + + it { is_expected.to contain_keystone_user('congress') } + it { is_expected.to contain_keystone_user_role('congress@services') } + it { is_expected.to contain_keystone_service('congress_service') } + it { is_expected.to contain_keystone_endpoint('RegionOne/congress_service') } + end + + describe 'when disabling user configuration' do + + let :params do + { + :password => 'congress_password', + :configure_user => false + } + end + + it { is_expected.not_to contain_keystone_user('congress') } + it { is_expected.to contain_keystone_user_role('congress@services') } + it { is_expected.to contain_keystone_service('congress').with( + :ensure => 'present', + :type => 'FIXME', + :description => 'congress FIXME Service' + ) } + + end + + describe 'when disabling user and user role configuration' do + + let :params do + { + :password => 'congress_password', + :configure_user => false, + :configure_user_role => false + } + end + + it { is_expected.not_to contain_keystone_user('congress') } + it { is_expected.not_to contain_keystone_user_role('congress@services') } + it { is_expected.to contain_keystone_service('congress').with( + :ensure => 'present', + :type => 'FIXME', + :description => 'congress FIXME Service' + ) } + + end + +end diff --git a/spec/classes/congress_logging_spec.rb b/spec/classes/congress_logging_spec.rb new file mode 100644 index 0000000..0bfb994 --- /dev/null +++ b/spec/classes/congress_logging_spec.rb @@ -0,0 +1,144 @@ +require 'spec_helper' + +describe 'congress::logging' do + + let :params do + { + } + end + + let :log_params do + { + :logging_context_format_string => '%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s', + :logging_default_format_string => '%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s', + :logging_debug_format_suffix => '%(funcName)s %(pathname)s:%(lineno)d', + :logging_exception_prefix => '%(asctime)s.%(msecs)03d %(process)d TRACE %(name)s %(instance)s', + :log_config_append => '/etc/congress/logging.conf', + :publish_errors => true, + :default_log_levels => { + 'amqp' => 'WARN', 'amqplib' => 'WARN', 'boto' => 'WARN', + 'qpid' => 'WARN', 'sqlalchemy' => 'WARN', 'suds' => 'INFO', + 'iso8601' => 'WARN', + 'requests.packages.urllib3.connectionpool' => 'WARN' }, + :fatal_deprecations => true, + :instance_format => '[instance: %(uuid)s] ', + :instance_uuid_format => '[instance: %(uuid)s] ', + :log_date_format => '%Y-%m-%d %H:%M:%S', + :use_syslog => true, + :use_stderr => false, + :log_facility => 'LOG_FOO', + :log_dir => '/var/log', + :verbose => true, + :debug => true, + } + end + + shared_examples_for 'congress-logging' do + + context 'with basic logging options and default settings' do + it_configures 'basic default logging settings' + end + + context 'with basic logging options and non-default settings' do + before { params.merge!( log_params ) } + it_configures 'basic non-default logging settings' + end + + context 'with extended logging options' do + before { params.merge!( log_params ) } + it_configures 'logging params set' + end + + context 'without extended logging options' do + it_configures 'logging params unset' + end + + end + + shared_examples 'basic default logging settings' do + it 'configures ceilometer logging settins with default values' do + is_expected.to contain_ceilometer_config('DEFAULT/use_syslog').with(:value => 'false') + is_expected.to contain_ceilometer_config('DEFAULT/use_stderr').with(:value => 'true') + is_expected.to contain_ceilometer_config('DEFAULT/syslog_log_facility').with(:value => 'LOG_USER') + is_expected.to contain_ceilometer_config('DEFAULT/log_dir').with(:value => '/var/log/congress') + is_expected.to contain_ceilometer_config('DEFAULT/verbose').with(:value => 'false') + is_expected.to contain_ceilometer_config('DEFAULT/debug').with(:value => 'false') + end + end + + shared_examples 'basic non-default logging settings' do + it 'configures ceilometer logging settins with non-default values' do + is_expected.to contain_ceilometer_config('DEFAULT/use_syslog').with(:value => 'true') + is_expected.to contain_ceilometer_config('DEFAULT/use_stderr').with(:value => 'false') + is_expected.to contain_ceilometer_config('DEFAULT/syslog_log_facility').with(:value => 'LOG_FOO') + is_expected.to contain_ceilometer_config('DEFAULT/log_dir').with(:value => '/var/log') + is_expected.to contain_ceilometer_config('DEFAULT/verbose').with(:value => 'true') + is_expected.to contain_ceilometer_config('DEFAULT/debug').with(:value => 'true') + end + end + + shared_examples_for 'logging params set' do + it 'enables logging params' do + is_expected.to contain_congress_config('DEFAULT/logging_context_format_string').with_value( + '%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s') + + is_expected.to contain_congress_config('DEFAULT/logging_default_format_string').with_value( + '%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s') + + is_expected.to contain_congress_config('DEFAULT/logging_debug_format_suffix').with_value( + '%(funcName)s %(pathname)s:%(lineno)d') + + is_expected.to contain_congress_config('DEFAULT/logging_exception_prefix').with_value( + '%(asctime)s.%(msecs)03d %(process)d TRACE %(name)s %(instance)s') + + is_expected.to contain_congress_config('DEFAULT/log_config_append').with_value( + '/etc/congress/logging.conf') + is_expected.to contain_congress_config('DEFAULT/publish_errors').with_value( + true) + + is_expected.to contain_congress_config('DEFAULT/default_log_levels').with_value( + 'amqp=WARN,amqplib=WARN,boto=WARN,iso8601=WARN,qpid=WARN,requests.packages.urllib3.connectionpool=WARN,sqlalchemy=WARN,suds=INFO') + + is_expected.to contain_congress_config('DEFAULT/fatal_deprecations').with_value( + true) + + is_expected.to contain_congress_config('DEFAULT/instance_format').with_value( + '[instance: %(uuid)s] ') + + is_expected.to contain_congress_config('DEFAULT/instance_uuid_format').with_value( + '[instance: %(uuid)s] ') + + is_expected.to contain_congress_config('DEFAULT/log_date_format').with_value( + '%Y-%m-%d %H:%M:%S') + end + end + + + shared_examples_for 'logging params unset' do + [ :logging_context_format_string, :logging_default_format_string, + :logging_debug_format_suffix, :logging_exception_prefix, + :log_config_append, :publish_errors, + :default_log_levels, :fatal_deprecations, + :instance_format, :instance_uuid_format, + :log_date_format, ].each { |param| + it { is_expected.to contain_congress_config("DEFAULT/#{param}").with_ensure('absent') } + } + end + + context 'on Debian platforms' do + let :facts do + { :osfamily => 'Debian' } + end + + it_configures 'congress-logging' + end + + context 'on RedHat platforms' do + let :facts do + { :osfamily => 'RedHat' } + end + + it_configures 'congress-logging' + end + +end diff --git a/spec/classes/congress_policy_spec.rb b/spec/classes/congress_policy_spec.rb new file mode 100644 index 0000000..d4e08ca --- /dev/null +++ b/spec/classes/congress_policy_spec.rb @@ -0,0 +1,41 @@ +require 'spec_helper' + +describe 'congress::policy' do + + shared_examples_for 'congress policies' do + let :params do + { + :policy_path => '/etc/congress/policy.json', + :policies => { + 'context_is_admin' => { + 'key' => 'context_is_admin', + 'value' => 'foo:bar' + } + } + } + end + + it 'set up the policies' do + is_expected.to contain_openstacklib__policy__base('context_is_admin').with({ + :key => 'context_is_admin', + :value => 'foo:bar' + }) + end + end + + context 'on Debian platforms' do + let :facts do + { :osfamily => 'Debian' } + end + + it_configures 'congress policies' + end + + context 'on RedHat platforms' do + let :facts do + { :osfamily => 'RedHat' } + end + + it_configures 'congress policies' + end +end diff --git a/spec/shared_examples.rb b/spec/shared_examples.rb new file mode 100644 index 0000000..fec0eac --- /dev/null +++ b/spec/shared_examples.rb @@ -0,0 +1,5 @@ +shared_examples_for "a Puppet::Error" do |description| + it "with message matching #{description.inspect}" do + expect { is_expected.to have_class_count(1) }.to raise_error(Puppet::Error, description) + end +end diff --git a/spec/unit/provider/congress_config/ini_setting_spec.rb b/spec/unit/provider/congress_config/ini_setting_spec.rb new file mode 100644 index 0000000..0c4b9fa --- /dev/null +++ b/spec/unit/provider/congress_config/ini_setting_spec.rb @@ -0,0 +1,68 @@ +# +# these tests are a little concerning b/c they are hacking around the +# modulepath, so these tests will not catch issues that may eventually arise +# related to loading these plugins. +# I could not, for the life of me, figure out how to programatcally set the modulepath +$LOAD_PATH.push( + File.join( + File.dirname(__FILE__), + '..', + '..', + '..', + 'fixtures', + 'modules', + 'inifile', + 'lib') +) +$LOAD_PATH.push( + File.join( + File.dirname(__FILE__), + '..', + '..', + '..', + 'fixtures', + 'modules', + 'openstacklib', + 'lib') +) +require 'spec_helper' +provider_class = Puppet::Type.type(:congress_config).provider(:ini_setting) +describe provider_class do + + it 'should default to the default setting when no other one is specified' do + resource = Puppet::Type::congress_config.new( + {:name => 'DEFAULT/foo', :value => 'bar'} + ) + provider = provider_class.new(resource) + expect(provider.section).to eq('DEFAULT') + expect(provider.setting).to eq('foo') + end + + it 'should allow setting to be set explicitly' do + resource = Puppet::Type::congress_config.new( + {:name => 'dude/foo', :value => 'bar'} + ) + provider = provider_class.new(resource) + expect(provider.section).to eq('dude') + expect(provider.setting).to eq('foo') + end + + it 'should ensure absent when is specified as a value' do + resource = Puppet::Type::congress_config.new( + {:name => 'dude/foo', :value => ''} + ) + provider = provider_class.new(resource) + provider.exists? + expect(resource[:ensure]).to eq :absent + end + + it 'should ensure absent when value matches ensure_absent_val' do + resource = Puppet::Type::congress_config.new( + {:name => 'dude/foo', :value => 'foo', :ensure_absent_val => 'foo' } + ) + provider = provider_class.new(resource) + provider.exists? + expect(resource[:ensure]).to eq :absent + end + +end diff --git a/spec/unit/type/congress_config_spec.rb b/spec/unit/type/congress_config_spec.rb new file mode 100644 index 0000000..22a70a1 --- /dev/null +++ b/spec/unit/type/congress_config_spec.rb @@ -0,0 +1,64 @@ +require 'puppet' +require 'puppet/type/congress_config' +describe 'Puppet::Type.type(:congress_config)' do + before :each do + @congress_config = Puppet::Type.type(:congress_config).new(:name => 'DEFAULT/foo', :value => 'bar') + end + + it 'should require a name' do + expect { + Puppet::Type.type(:congress_config).new({}) + }.to raise_error(Puppet::Error, 'Title or name must be provided') + end + + it 'should not expect a name with whitespace' do + expect { + Puppet::Type.type(:congress_config).new(:name => 'f oo') + }.to raise_error(Puppet::Error, /Parameter name failed/) + end + + it 'should fail when there is no section' do + expect { + Puppet::Type.type(:congress_config).new(:name => 'foo') + }.to raise_error(Puppet::Error, /Parameter name failed/) + end + + it 'should not require a value when ensure is absent' do + Puppet::Type.type(:congress_config).new(:name => 'DEFAULT/foo', :ensure => :absent) + end + + it 'should accept a valid value' do + @congress_config[:value] = 'bar' + expect(@congress_config[:value]).to eq('bar') + end + + it 'should not accept a value with whitespace' do + @congress_config[:value] = 'b ar' + expect(@congress_config[:value]).to eq('b ar') + end + + it 'should accept valid ensure values' do + @congress_config[:ensure] = :present + expect(@congress_config[:ensure]).to eq(:present) + @congress_config[:ensure] = :absent + expect(@congress_config[:ensure]).to eq(:absent) + end + + it 'should not accept invalid ensure values' do + expect { + @congress_config[:ensure] = :latest + }.to raise_error(Puppet::Error, /Invalid value/) + end + + it 'should autorequire the package that install the file' do + catalog = Puppet::Resource::Catalog.new + package = Puppet::Type.type(:package).new(:name => 'congress-common') + catalog.add_resource package, @congress_config + dependency = @congress_config.autorequire + expect(dependency.size).to eq(1) + expect(dependency[0].target).to eq(@congress_config) + expect(dependency[0].source).to eq(package) + end + + +end diff --git a/tests/init.pp b/tests/init.pp new file mode 100644 index 0000000..922b1cb --- /dev/null +++ b/tests/init.pp @@ -0,0 +1,12 @@ +# The baseline for module testing used by Puppet Labs is that each manifest +# should have a corresponding test manifest that declares that class or defined +# type. +# +# Tests are then run by using puppet apply --noop (to check for compilation +# errors and view a log of events) or by fully applying the test in a virtual +# environment (to compare the resulting system state to the desired state). +# +# Learn more about module testing here: +# http://docs.puppetlabs.com/guides/tests_smoke.html +# +include ::congress