Rename keystone-main service

* rename keystone-main to keystone-public to better align with Keystone
  conventions[0]

[0] https://review.openstack.org/194442

Change-Id: I98a5d41b4de3a3d7ef680d00ac898c93c5bc2a41

attributes/default.rb

@@ -7,6 +7,7 @@
 # Copyright 2013, Opscode, Inc.
 # Copyright 2013, IBM Corp.
 # Copyright 2017, x-ion GmbH
+# Copyright 2018, Workday, Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -22,8 +23,10 @@
 
 # Set to some text value if you want templated config files
 # to contain a custom banner at the top of the written file
-default['openstack']['identity']['custom_template_banner'] =
-  '# This file is autogenerated by Chef, changes will be overwritten'
+default['openstack']['identity']['custom_template_banner'] = '
+# This file is automatically generated by Chef
+# Any changes will be overwritten
+'
 
 %w(admin internal public).each do |ep_type|
   # host for openstack admin/internal/public identity endpoint
@@ -42,9 +45,9 @@ default['openstack']['endpoints']['internal']['identity']['port'] = 5000
 default['openstack']['endpoints']['admin']['identity']['port'] = 35357
 
 # address for openstack identity service main endpoint to bind to
-default['openstack']['bind_service']['main']['identity']['host'] = '127.0.0.1'
+default['openstack']['bind_service']['public']['identity']['host'] = '127.0.0.1'
 # port for openstack identity service main endpoint to bind to
-default['openstack']['bind_service']['main']['identity']['port'] = 5000
+default['openstack']['bind_service']['public']['identity']['port'] = 5000
 # address for openstack identity service admin endpoint to bind to
 default['openstack']['bind_service']['admin']['identity']['host'] = '127.0.0.1'
 # port for openstack identity service admin endpoint to bind to

recipes/server-apache.rb

@@ -143,9 +143,9 @@ execute 'credential setup' do
   EOH
 end
 
-# define the address to bind the keystone apache main service to
-main_bind_service = node['openstack']['bind_service']['main']['identity']
-main_bind_address = bind_address main_bind_service
+# define the address to bind the keystone apache public service to
+public_bind_service = node['openstack']['bind_service']['public']['identity']
+public_bind_address = bind_address public_bind_service
 # define the address to bind the keystone apache admin service to
 admin_bind_service = node['openstack']['bind_service']['admin']['identity']
 admin_bind_address = bind_address admin_bind_service
@@ -167,10 +167,10 @@ memcache_servers = memcached_servers.join ','
 identity_public_endpoint = public_endpoint 'identity'
 ie = identity_public_endpoint
 # define the keystone public endpoint full path
-public_endpoint = "#{ie.scheme}://#{ie.host}:#{ie.port}/"
+api_public_endpoint = "#{ie.scheme}://#{ie.host}:#{ie.port}/"
 ae = identity_admin_endpoint
 # define the keystone admin endpoint full path
-admin_endpoint = "#{ae.scheme}://#{ae.host}:#{ae.port}/"
+api_admin_endpoint = "#{ae.scheme}://#{ae.host}:#{ae.port}/"
 
 # If a keystone-paste.ini is specified use it.
 # If platform_family is RHEL and we do not specify keystone-paste.ini,
@@ -200,8 +200,8 @@ end
 
 # set keystone config parameters for admin_token, endpoints and memcache
 node.default['openstack']['identity']['conf'].tap do |conf|
-  conf['DEFAULT']['public_endpoint'] = public_endpoint
-  conf['DEFAULT']['admin_endpoint'] = admin_endpoint
+  conf['DEFAULT']['public_endpoint'] = api_public_endpoint
+  conf['DEFAULT']['admin_endpoint'] = api_admin_endpoint
   conf['memcache']['servers'] = memcache_servers if memcache_servers
 end
 
@@ -293,7 +293,7 @@ apache_listen = Array(node['apache']['listen']) # include already defined listen
 # Remove the default apache2 cookbook port, as that is also the default for horizon, but with
 # a different address syntax.  *:80   vs  0.0.0.0:80
 apache_listen -= ['*:80']
-apache_listen += ["#{main_bind_address}:#{main_bind_service['port']}"]
+apache_listen += ["#{public_bind_address}:#{public_bind_service['port']}"]
 apache_listen += ["#{admin_bind_address}:#{admin_bind_service['port']}"]
 node.normal['apache']['listen'] = apache_listen.uniq
 
@@ -312,15 +312,17 @@ directory keystone_apache_dir do
 end
 
 wsgi_apps = {
-  'main' => {
-    server_host: main_bind_address,
-    server_port: main_bind_service['port'],
+  'public' => {
+    server_host: public_bind_address,
+    server_port: public_bind_service['port'],
     server_entry: '/usr/bin/keystone-wsgi-public',
+    server_alias: 'identity',
   },
   'admin' => {
     server_host: admin_bind_address,
     server_port: admin_bind_service['port'],
     server_entry: '/usr/bin/keystone-wsgi-admin',
+    server_alias: 'identity_admin',
   },
 }
 
@@ -332,6 +334,7 @@ wsgi_apps.each do |app, opt|
     server_host opt[:server_host]
     server_port opt[:server_port]
     server_entry opt[:server_entry]
+    server_alias opt[:server_alias]
     server_suffix app
     log_dir node['apache']['log_dir']
     log_debug node['openstack']['identity']['debug']
@@ -348,9 +351,10 @@ wsgi_apps.each do |app, opt|
   end
 end
 
-# disable keystone-site since ubuntu autoenables this
+# disable default keystone config file from UCA package
 apache_site 'keystone' do
   enable false
+  only_if { platform_family?('debian') }
 end
 
 # Hack until Apache cookbook has lwrp's for proper use of notify

spec/server-apache_spec.rb

@@ -354,7 +354,7 @@ describe 'openstack-identity::server-apache' do
       end
 
       describe 'apache wsgi' do
-        ['/etc/apache2/sites-available/keystone-main.conf',
+        ['/etc/apache2/sites-available/keystone-public.conf',
          '/etc/apache2/sites-available/keystone-admin.conf'].each do |file|
           it "creates #{file}" do
             expect(chef_run).to create_template(file).with(
@@ -364,14 +364,25 @@ describe 'openstack-identity::server-apache' do
             )
           end
 
-          it "configures #{file} common lines" do
+          it 'configures keystone-admin.conf lines' do
             node.set['openstack']['identity']['custom_template_banner'] = 'custom_template_banner_value'
             [/^custom_template_banner_value$/,
              /user=keystone/,
              /group=keystone/,
-             %r{^    ErrorLog /var/log/apache2/keystone.log$},
-             %r{^    CustomLog /var/log/apache2/keystone_access.log combined$}].each do |line|
-              expect(chef_run).to render_file(file).with_content(line)
+             %r{^    ErrorLog /var/log/apache2/keystone-admin.log$},
+             %r{^    CustomLog /var/log/apache2/keystone-admin_access.log combined$}].each do |line|
+              expect(chef_run).to render_file('/etc/apache2/sites-available/keystone-admin.conf').with_content(line)
+            end
+          end
+
+          it 'configures keystone-public.conf lines' do
+            node.set['openstack']['identity']['custom_template_banner'] = 'custom_template_banner_value'
+            [/^custom_template_banner_value$/,
+             /user=keystone/,
+             /group=keystone/,
+             %r{^    ErrorLog /var/log/apache2/keystone-public.log$},
+             %r{^    CustomLog /var/log/apache2/keystone-public_access.log combined$}].each do |line|
+              expect(chef_run).to render_file('/etc/apache2/sites-available/keystone-public.conf').with_content(line)
             end
           end
 
@@ -381,6 +392,7 @@ describe 'openstack-identity::server-apache' do
               expect(chef_run).not_to render_file(file).with_content(line)
             end
           end
+
           context 'Enable SSL' do
             before do
               node.set['openstack']['identity']['ssl']['enabled'] = true
@@ -419,13 +431,13 @@ describe 'openstack-identity::server-apache' do
           end
         end
 
-        describe 'keystone-main.conf' do
+        describe 'keystone-public.conf' do
           it 'configures required lines' do
             [/^<VirtualHost 127.0.0.1:5000>$/,
-             /^    WSGIDaemonProcess keystone-main/,
-             /^    WSGIProcessGroup keystone-main$/,
+             /^    WSGIDaemonProcess keystone-public/,
+             /^    WSGIProcessGroup keystone-public$/,
              %r{^    WSGIScriptAlias / /usr/bin/keystone-wsgi-public$}].each do |line|
-              expect(chef_run).to render_file('/etc/apache2/sites-available/keystone-main.conf').with_content(line)
+              expect(chef_run).to render_file('/etc/apache2/sites-available/keystone-public.conf').with_content(line)
             end
           end
         end

spec/spec_helper.rb

@@ -7,7 +7,7 @@ ChefSpec::Coverage.start! { add_filter 'openstack-identity' }
 LOG_LEVEL = :fatal
 REDHAT_OPTS = {
   platform: 'redhat',
-  version: '7.1',
+  version: '7.3',
   log_level: LOG_LEVEL,
 }.freeze
 UBUNTU_OPTS = {

templates/default/wsgi-keystone.conf.erb

@@ -1,4 +1,4 @@
-<%= node["openstack"]["identity"]["custom_template_banner"] %>
+<%= node['openstack']['identity']['custom_template_banner'] %>
 
 <VirtualHost <%= @params[:server_host] %>:<%= @params[:server_port] %>>
     WSGIDaemonProcess keystone-<%= @params[:server_suffix] %> processes=5 threads=1 user=<%= @params[:user] %> group=<%= @params[:group] %> display-name=%{GROUP}
@@ -8,8 +8,8 @@
     WSGIPassAuthorization On
 
     ErrorLogFormat "%{cu}t %M"
-    ErrorLog <%= @params[:log_dir] %>/keystone.log
-    CustomLog <%= @params[:log_dir] %>/keystone_access.log combined
+    ErrorLog <%= @params[:log_dir] %>/keystone-<%= @params[:server_suffix] %>.log
+    CustomLog <%= @params[:log_dir] %>/keystone-<%= @params[:server_suffix] %>_access.log combined
     <% if [true, 'true', 'True'].include?(@params[:log_debug]) -%>
     LogLevel debug
     <% end -%>