Commit Graph

173 Commits

Author SHA1 Message Date
Ghanshyam Mann d169cdecef Retire openstack-chef: remove repo content
OpenStack-chef project is retiring
- https://review.opendev.org/c/openstack/governance/+/905279

this commit remove the content of this project repo

Depends-On: https://review.opendev.org/c/openstack/project-config/+/909134
Change-Id: I8dc9f8845115a0b17d94a5910b9926d49039623a
2024-02-18 05:02:03 +00:00
Lance Albertson de8fb53dc0 CentOS 8 support
- Update package names
- Migrate to using apache2_mod_wsgi resource and require apache2 ~> 8.6
- Update ChefSpec

Depends-On: https://review.opendev.org/c/openstack/cookbook-openstack-identity/+/815147
Change-Id: Ie94c860bc056349262325d2e90c513b64dbb3107
Signed-off-by: Lance Albertson <lance@osuosl.org>
2021-10-22 17:12:12 -07:00
Lance Albertson ac44b062b6 Chef 17 support
- Remove bind from Berksfile
- Update copyright years
- Require Chef >= 16.0

Depends-On: https://review.opendev.org/c/openstack/cookbook-openstack-identity/+/814051
Change-Id: I5a75b2acdfdb35dd265e2f2fe9e4035fe3f51a29
Signed-off-by: Lance Albertson <lance@osuosl.org>
2021-10-14 12:59:51 -07:00
Marek Szuba 1e07ff58c7 Update default Debian paths for Buster and newer
Since version 10 (Buster) the package openstack-dashboard installs its
files to different directories than it used to. With version 11
(Bullseye) just about to reach stable status, it might be time to update
the defaults - for Debian proper anyway, since judging from the contents
of relevant Ubuntu 21.04 packages that distro has decided to go their
own way here.

Note that this also changes the handling of some of the paths for RHEL
- there used to be two hard-coded paths in the recipes/horizon.rb which
still work under RHEL and Ubuntu but not under modern Debian, requiring
a switch to attribute-defined paths.

PS. The permission change on dash_state_dir is part of this too,
since without o+x Apache complains

access to /static/foo denied (filesystem path '/var/lib/openstack-dashboard/static') because search permissions are missing on a component of the path

whenever any static dashboard content is to be retrieved.

Signed-off-by: Marek Szuba <m.szuba@gsi.de>
Change-Id: I345b4894f1243db77856303d97538914dc6cf9be
2021-07-19 15:35:56 +01:00
Lance Albertson 8612724097 Cookstyle 6.19.5 fixes
Depends-On: https://review.opendev.org/756168
Change-Id: I28467c053dec67a1a9b31d59267a61ce3b1072dc
Signed-off-by: Lance Albertson <lance@osuosl.org>
2020-10-05 23:14:59 -07:00
Lance Albertson 91c88364b2 Chef 16 updates
Depends-On: https://review.opendev.org/747556
Change-Id: Ia1d62b3d9e8843956831faa30436e2fdc6992c8d
Signed-off-by: Lance Albertson <lance@osuosl.org>
2020-08-27 17:45:50 -07:00
Lance Albertson 1ac136c63a Install openstack-neutron-lbaas-ui package on RHEL instead of from pip
RHEL finally includes a proper RPM package for the horizon LBaaS plugin in
Stein. This removes the dependency on poise.

Change-Id: If3d2729c013125bd75441c50fc7de5d5cc9c3221
2020-03-30 12:08:06 -07:00
Lance Albertson 57b9ab6138 Stein fixes
- Cookstyle fixes
- Refactor Berksfile to use groups so we can exclude integration testing
  cookbooks
- Update documentation
- Cleanup line wraps
- Update delivery configuration to exclude integration cookbooks
- Fix ChefSpec output.
- Add missing ChefSpec tests
- Switch package installations to send packages as arrays instead of individual
  package resources. This generally speeds up chef runs.
- Cleanup array syntax using %w() instead of []
- Remove FWaaS recipe as it's been unmaintained upstream.

Depends-On: https://review.opendev.org/701027
Depends-On: https://review.opendev.org/706101
Depends-On: https://review.opendev.org/706151
Change-Id: Ie3b65b701235bae65a1797d63d6a55dd6fc9958e
2020-03-23 10:59:37 -07:00
Lance Albertson 4e4bed1eed Update to apache2 ~> 8.0 cookbook
This brings us up to date with the latest apache2 cookbook which
included a major refactor in 6.0.0 removing all of the definitions and
recipe with proper resources. Instead of using the apache2_default_site
resource, directly use a template and then enable the config file using
the apache2_site resource. This gives us the most flexibility.

Additional fixes:
- Remove or replace references to node['apache'] attributes
- Install mod_wsgi as a package on RHEL since there is no built-in
  resource for it.
- Don't set SELinux to permissive on RHEL (I tested this works properly
  with it set to enforcing).
- Remove hack for restarting apache.
- Convert web_app to template and subscribe to restarting apache.
- Remove resources to restore SELinux contexts since this taken care of
  by Chef now automatically.
- Include additional cookbooks in Berksfile required for CI

Depends-On: https://review.opendev.org/702772
Depends-On: https://review.opendev.org/701824
Change-Id: Ib82595c27f03a7b456d5d5bfecc466f5ac199a5c
2020-01-30 09:30:28 -08:00
Lance Albertson d7f36ea0ac Updates for rocky
- Replace git.openstack.org with opendev.org
- Update some documentation
- Move README.md to README.rst for better rendering
- Drop obsolete bootstrap.sh script
- Drop obsolete openstack-identity::default recipe

Change-Id: If98eef94a31bd0f082a869dc2278d21abcf47b59
2019-12-09 05:40:15 +00:00
Jens Harbott a152f7bbca Use python3 packages on Ubuntu
Python2.7 is going EOL soon, let us deploy python3 for Rocky from the
start, so we avoid having to switch later.

Add a workaround because the apache2::mod_wsgi recipe hardcodes python2 deployment.

Install neutron-*aas-dashboard plugins as distro packages and not from pypi.

Depends-On: https://review.opendev.org/682918
Change-Id: Ia994665c69b64725e7e5369ceb93ee9608620d2b
2019-10-02 12:29:05 +00:00
Jens Harbott c58f51a284 Update group for dashboard site template
The other apache2 site config files that are created via the ``web_app``
resource from the apache cookbook use a node attribute to determine the
the unix group that the template should belong to. Use the same
attribute in our local template so that all ownerships are consistent.

Change-Id: I4933f9dd5293b30c5b2597055debc2c9c659aca2
2019-08-20 11:02:41 +00:00
Jens Harbott 48e6fd88de Updates for Rocky
- Use role "member" for keystone_default_role instead of "_member_"
- Package "openstack-dashboard-ubuntu-theme" doesn't exist anymore
- Drop attributes that aren't used anymore

Change-Id: I5c6bc5b64d65e89ef599959015865661f92ee6e3
2019-08-15 11:52:50 +00:00
Samuel Cassiba 1852e73c10 Use internal identity endpoint for services
Depends-On: Id74966d9f1279f725bc41c08e434230a7845bbc1
Change-Id: I13570720f499220685415735be531a4d9b693ab8
2018-07-16 12:40:39 -07:00
Samuel Cassiba 5058033a1a Simplify identity endpoint
Per the Keystone Install Guide[1] the admin endpoint is superseded in
favor of a single public endpoint. As a result, the admin endpoint is no
longer deployed by default.

[1] https://docs.openstack.org/keystone/queens/install/keystone-install-ubuntu.html#install-and-configure-components

Change-Id: Iafb0db54b3589eea0402c0f18687344667d0208a
Implements: blueprint simplify-identity-endpoint
2018-06-14 19:16:41 -07:00
Samuel Cassiba 0064d8955e Remove python_runtime references
In Chef 13+, resource duplication behaves differently. By centralizing
python_runtime to openstack-common, the resource executes once in a
given Chef run, instead of attempting to reinstall python multiple
times.

Change-Id: I2e17d655c86fac63e02aaadf5321bc95e2c7aa0b
2018-04-11 22:44:34 -07:00
Zuul d828493fad Merge "Update lbaas url for Queens, logging handler" 2018-03-23 09:55:40 +00:00
Christoph Albers babed9fcf5 FWaaS Dashboard fix
- FWaaS Dashboard has been moved to a seperate project since Pike

Change-Id: Ic24b4a611f35ffe47c3847abd0ab164694265a00
2018-03-20 16:32:48 +01:00
Samuel Cassiba 09d7658e42 Update lbaas url for Queens, logging handler
* remove postgres references
* update lbaas url to stable/queens
* update logging handler to reflect the current state of things

Change-Id: Ie298fec4dc1ed35119ffe844f356d1c72cfaa6f8
2018-03-08 10:52:58 -08:00
Samuel Cassiba 48732d65cd Update dashboard reference to Pike branch
Change-Id: I7d9ae42be64e79ac95675a2506c4adebb643b135
Implements: blueprint modern-chef
2018-02-16 16:09:45 -08:00
Samuel Cassiba 1b4d4f8259 dashboard refactor for Pike and Chef 13
- implemented foodcritic and cookstyle corrections
- deprecated node.foo.bar method access for node['foo']['bar'] bracket access
- added workaround for bug #1616265
- deprecated postgresql support
- moved package_overrides to common cookbook

Implements blueprint modern-chef

Change-Id: I1e0be7d59414897adf82ac21d2430df2525a61d9
2017-12-13 07:02:15 -08:00
Jenkins 1f3ed2d4fd Merge "Corrected Python runtime for neutron-lbaas-dashboard" 2017-09-13 14:24:05 +00:00
Samuel Cassiba 8b31c8ddf2 Corrected Python runtime for neutron-lbaas-dashboard
- poise does things in Strange Ways. it works better for package-based
  applications when it's not constrained

Change-Id: I311bccb06f8a3b89dd29a78ca259ab85cfe23d3c
2017-08-29 22:46:01 +00:00
Samuel Cassiba d7773b69b6 Initial dashboard Pike updates
- Switched default linter to cookstyle
- Renamed rake tasks to better conform with Chef conventions
- Normalized the template banner

Change-Id: I80d825722a3218b34a5dee38b60017492e3768e0
2017-08-25 09:29:15 -04:00
Samuel Cassiba 5c5d37fe55 Style and lint fixes for the Ocata release
- Style and lint fixes to support newer chefdk
- Rewrote metadata.rb for readability
- Removed ancient Gemfile

Change-Id: I63e6680cec8b66e2ece2d2627c0b413f5d401317
2017-08-02 02:17:14 -04:00
Christoph Albers 943c3a6aeb Updated lbaasv2 remote path for Ocata Release
- now using stable/ocata branch to pull file

Change-Id: I6a656b7ecf01e026b80fc322282a2e284ea141ed
2017-07-21 15:57:03 +02:00
Samuel Cassiba 766cc54a50 Corrects SELinux enablement, lbaasv2 dashboard installation
- corrects SELinux enablement on RHEL platform families.
- switches lbaasv2 dashboard to use system Python, so that it gets
  picked up correctly.

Change-Id: I8b10381b169e8dd56c9cee990f1e3c7d3283d1b0
2017-03-06 19:52:50 -08:00
Christoph Albers 3548100c1b Multiple dashboard fixes and refactoring
* added recipe neutron-lbaas-dashboard to install the dashboard plugin
  according to the current docs
* removed server.rb recipe and server_type attribute since the only
  available option is apache2
* adapted specs and README accordingly

Change-Id: I4f407598acccd2d21d4204b936122963ebd4f7c8
2017-02-17 16:05:30 +01:00
Christoph Albers a8e6c9857d Fixes for Newton / Identity v3
- added needed values to local_settings.py to work with Newton and v3
- added openstackclient to berksfile

Change-Id: I3c31b6431c3e3b6bcfd08d46195a041696ec91f8
2016-12-09 14:42:10 +00:00
Lance Albertson 796945e658 Properly set SSL cert paths when disabling certs databag
This fixes an oversight in a previous patch when disabling the certs databag. It
would improperly not set the cert paths at all in the apache vhost config. This
fixes it and also adds an addition test that should have caught it originally.

Change-Id: I7726c949791658a750b9c382107f01e0a112247c
2016-08-02 08:54:25 -07:00
Lance Albertson 2685178b69 Make certs databag optional
This provides an attribute which allows users to optionally disable using the
internal certs databag for SSL certificates. The use case is for people who are
using other external methods (such as the certificates cookbook) to manage
certificates.

Change-Id: Ib7c578135db74675bd4c5a0da13f053f6474e0f1
2016-07-25 08:43:04 -07:00
Lance Albertson 648da86777 Add ability to use option SSL chain certificate
Some organizations use an SSL certificate which requires an intermediate chain
cert. This provides support for that via a new attribute and is optional.

Change-Id: I1b31ca64378ff8c6f5367b75b4b7b210a650d676
2016-07-21 08:31:52 -07:00
Jan Klare 99ef0ca301 update the README after refactoring and align it with other cookbooks
* also removed the empty default recipe

Change-Id: I17784d1e6fd79b083243590cbedd532bdc36e895
2016-04-28 14:58:03 -05:00
Jenkins c96631c992 Merge "ssl_cert and ssl_key file can be one big .pem file" 2016-04-21 15:16:59 +00:00
Jan Klare f08b7c3b8d ssl_cert and ssl_key file can be one big .pem file
* added condition for the case that ssl_cert_file and ssl_key_file are shipped
  toghether in one .pem file (the .pem file should only be touched once)

Change-Id: I7d4d593249bda2701b29a4a8585f8267cb815190
2016-04-11 09:40:37 +02:00
Mark Vanderwiel 654533a79d Remove default apache port
The default apache port overlaps with horizon, but
uses a different address syntax, *:80  vs 0.0.0.0:80.
This causes apache2 to sometimes fail on startup with
Address already in use: AH00072: make_sock: could not bind to address [::]:80

Change-Id: I7aa178878a6d283c4e5e0334a8bdcba30c8f242a
2016-04-08 10:48:02 -05:00
Samuel Cassiba 08170eb356 Remove Fedora workaround for SELinux
Change-Id: Iefe0cd8037c20627d326e0922476f8499b477d77
2016-03-18 12:37:36 -07:00
Christoph Albers f794a7ef0c Refactored get SSL Certificate method
* removed old remote_file and file method to get certs
  now uses the "secret" method from common to use data_bags
* removed now unused / obsolete attributes
* now uses new bind_address method from common
* edited specs to work with the new method

Change-Id: I296ae2241f38da51a07e52b913b86932153120e6
Depends-On: I7a4279aa6b3cbcc60a334900cd8442fd76792896
2016-03-07 10:34:25 +01:00
Jan Klare 14ce391e1b use Array for apache2 listen attributes
* the apache2 cookbook got patched recently and now uses an array of
  "ipaddress:port" to define where apache2 should listen

Change-Id: I7304932c19398c2bd245bbb7cbad6df4f487047e
2016-03-03 14:19:27 +01:00
Jan Klare 75e51698ad WIP first few fixes to work with refactored cookbooks
* removed fedora and suse support
* added os-identity dependency
* added versionbumb for refactored os-identity and common
* moved version up to 13.0.0 for mitaka release

Depends-On: I0547182085eed91d05384fdd7734408a839a9a2c
Depends-On: I3262b2e6f792f37c32a446e6567790b82bdd4613
Change-Id: Ida408a025f1a3e6a632108a9a32877026e286116
2016-02-08 11:53:22 +01:00
Mark Vanderwiel 8e7ac18b06 Headers module missing from enabled list
Our openstack-dashboard sites config is using the Headers directive
to prevent html caching by default for security.  Need to make sure
this module is always enabled under apache.

Change-Id: I6f204f194a80b58e608a0a04afc19442d0444598
Related-Bug: #1446701
2015-06-30 10:05:48 -05:00
Mark Vanderwiel 0fbe6fe7af Allow keystone under apache
In order for keystone to get working under apache, we need a
later level of the apache cookbook, 3.1, which contains many
fixes.  This does not effect dashboard functionality.

Also, fix up the dashboard cookbook to remove the default apache
listen address (*) and port (80), else these will leak thru.

Change-Id: I619b581f640bb64f3d44374d7c555eaf3f83a3e2
Implements: blueprint keystone-apache
2015-06-19 14:41:45 -05:00
Mark Vanderwiel 13cb93ff88 Cleanup minor rubocop offenses
Cleaned up all the minor rubocop issues, the ones left relate to
complex logic and what I think is a bug in rubocop for nested
vs compact modules/class definitions.

Change-Id: I17b4f23f6e7cb71e84c74996a98d04f3782be479
2015-05-28 17:05:31 -05:00
Mark Vanderwiel 3d4d7bc49d Allow non-ssl to work correctly
when use_ssl is false, several ssl related items are still
in play, notably including mod_ssl.

Closes-Bug: #1445047

Change-Id: Iafd26f8eddfd74a90b6a8bde579bf53af57b5893
2015-04-21 09:08:26 -05:00
Mark Vanderwiel 40b59919d6 Use new bind endpoints for dashboard
Use the new http and https bind endpoints for dashboard that are
defined in the Common cookbook.  These will allow more control and
consistency with the other bind endpoints for openstack services.

Change-Id: I15c0c2c40a88e18ff9805d48c4da83890b7f4da7
Partial-Bug: #1430422
2015-04-03 10:18:46 -05:00
Mark Vanderwiel abeea277ea Fix horizon restarts apache2 before setup
The horizon recipe attempts to restart apache2 before that recipe
has had a chance to define the service resource.

Change-Id: Ied27dc2b2d2355092141ddbd57a64f9c0f975f39
Closes-Bug: #1418714
2015-02-09 10:22:47 -06:00
Ken Thomas 9ce8d9d5a7 Use new common specific_endpoint routines
Now that admin_endpoint, public_endpoint, and internal_endpoint
in the common library are working, these are the changes to use
them in the openstack-dashboard recipes.

Change-Id: I389476158d72107bf7079756518aba12fab7f52b
Partial-Bug: 1412919
2015-02-03 19:57:10 +00:00
Jens Rosenboom 97404520bc Split the dashboard and webserver recipes
In order to be able to use alternative webservers, split the parts
relating to setting up the dashboard itself and setting up the webserver
into two new recipes.

Also introduce a new configuration variable, defaulting to `apache2`,
which will be used in the `server` recipe to select the type of
webserver being installed.

Change-Id: I70dcb820239547b0059ad15d19d5e1689ddff3d3
blueprint: dashboard-split-horizon-apache
2014-11-18 20:55:48 +01:00
Jenkins 65498fe6bd Merge "Add sensitive flag to local_settings template resource" 2014-10-09 17:08:42 +00:00
leileiz f032bfdbd6 Update local_settings user group from root to apache
local_settings is set as "root:root" and mode "0640". However
horizon service is running with user "apache" and it needs to read
this file. Hence set its group as "apache".

Fix bug 1370888
Change-Id: I003bef81b7d6b3229af7791dbd4e71936559c5e8
2014-10-08 02:28:34 -04:00