openstack
/
cookbook-openstack-common
Code Issues Proposed changes

Retire openstack-chef: remove repo content 

OpenStack-chef project is retiring
- https://review.opendev.org/c/openstack/governance/+/905279

this commit remove the content of this project repo

Depends-On: https://review.opendev.org/c/openstack/project-config/+/909134
Change-Id: I07e16dd10769a13ae587b94f1387efacda01fdb2
This commit is contained in:
Ghanshyam Mann 2024-02-15 14:15:58 -08:00
parent cf9da3b474
commit fb7c035bf3
56 changed files with 8 additions and 4493 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
.delivery/project.toml
View File

@ -1,9 +0,0 @@
[local_phases]
unit = 'rspec spec/'
lint = 'cookstyle --display-cop-names --extra-details'
syntax = "berks install -e integration"
provision = "echo skipping"
deploy = "echo skipping"
smoke = "echo skipping"
functional = "echo skipping"
cleanup = "echo skipping"

9
.gitignore vendored
View File

@ -1,9 +0,0 @@
.bundle/
berks-cookbooks/
.kitchen
.vagrant
.coverage/
*.swp
Berksfile.lock
Vagrantfile
Gemfile.lock

6
.rubocop.yml
View File

@ -1,6 +0,0 @@
inherit_from: .rubocop_todo.yml
Chef/Modernize/FoodcriticComments:
Enabled: true
Chef/Style/CopyrightCommentFormat:
Enabled: true

20
.rubocop_todo.yml
View File

@ -1,20 +0,0 @@
# This configuration was generated by
# `rubocop --auto-gen-config`
# on 2021-10-14 06:25:41 UTC using RuboCop version 1.22.0.
# The point is for the user to remove these configuration records
# one by one as the offenses are removed from the code base.
# Note that changes in the inspected code, or installation of new
# versions of RuboCop, may require this file to be generated again.
# Offense count: 1
# Cop supports --auto-correct.
# Configuration parameters: Include.
# Include: **/libraries/*.rb
Chef/Modernize/DefinesChefSpecMatchers:
Exclude:
- 'libraries/matchers.rb'
# Offense count: 2
Lint/NestedMethodDefinition:
Exclude:
- 'libraries/matchers.rb'

3
.zuul.yaml
View File

@ -1,3 +0,0 @@
- project:
templates:
- openstack-chef-jobs

8
Berksfile
View File

@ -1,8 +0,0 @@
source 'https://supermarket.chef.io'
solver :ruby, :required
metadata
# cookbook for testing database provider:
cookbook 'test-openstack-common-database', path: 'spec/cookbooks/test-openstack-common-database'

36
CONTRIBUTING.md
View File

@ -1,36 +0,0 @@
Contributing
============
How To Get Started
------------------
If you would like to contribute to the development of OpenStack Chef Cookbooks,
you must follow the steps in this page:
http://docs.openstack.org/infra/manual/developers.html
Gerrit Workflow
---------------
Once those steps have been completed, changes to OpenStack
should be submitted for review via the Gerrit tool, following
the workflow documented at:
http://docs.openstack.org/infra/manual/developers.html#development-workflow
Pull requests submitted through GitHub will be ignored.
Bugs
----
Bugs should be filed on Launchpad, not GitHub:
https://bugs.launchpad.net/openstack-chef
Contacts
--------
Mailing list: groups.google.com/group/opscode-chef-openstack
IRC: #openstack-chef is our channel on irc.freenode.net
Wiki: https://wiki.openstack.org/wiki/Chef/GettingStarted and https://docs.getchef.com/openstack.html
Twitter: @chefopenstack

176
LICENSE
View File

@ -1,176 +0,0 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.

342
README.rst
View File

@ -1,336 +1,10 @@
OpenStack Chef Cookbook - common
================================
This project is no longer maintained.
.. image:: https://governance.openstack.org/badges/cookbook-openstack-common.svg
:target: https://governance.openstack.org/reference/tags/index.html
The contents of this repository are still available in the Git
source code management system. To see the contents of this
repository before it reached its end of life, please check out the
previous commit with "git checkout HEAD^1".
.. Change things from this point on
Description
===========
This cookbook provides common setup recipes, helper methods and
attributes that describe an OpenStack deployment as part of the
OpenStack reference deployment Chef for OpenStack.
Please relate to the official OpenStack Configuration and Installation
Guides for a more detailed documentation on operating and administration
of an OpenStack cluster:
https://docs.openstack.org/latest/configuration/
https://docs.openstack.org/latest/install/
Requirements
============
- Chef 16 or higher
- Chef Workstation 21.10.640 for testing (also includes berkshelf for
cookbook dependency resolution)
Platform
========
- ubuntu
- redhat
- centos
Cookbooks
=========
The following cookbooks are dependencies:
- 'etcd', '~> 7.0'
- 'mariadb', '~> 5.0'
- 'memcached', '~> 7.0'
- 'selinux'
- 'yum-centos', '>= 3.2.0'
- 'yum-epel'
Attributes
==========
Please see the extensive inline documentation in ``attributes/*.rb`` for
descriptions of all the settable attributes for this cookbook.
Note that all attributes are in the ``default["openstack"]`` "namespace"
Attributes to generate OpenStack service configuration files
------------------------------------------------------------
Since the mitaka release, we moved to a completely new way to generate
all OpenStack service configuration files. The base template is the
``openstack-service.conf.erb`` included in the templates of this
cookbook. In each of the service cookbook (e.g. openstack-network,
openstack-identity or openstack-compute), the service configuration file
(e.g neutron.conf, keystone.conf or nova.conf) gets generated directly
from attributes set inside the cookbook. To merge all the configuration
options (including the secrets) properly, before handing them over as
``@service_config`` to the mentioned template above, we use the methods
defined in ``libraries/config_helpers``.
For examples how to use these attributes, please refer to the attribute
files included in the service cookbooks (e.g.
``attributes/neutron_conf.rb`` in openstack-network or
``attributes/keystone_conf.rb`` in openstack-identity). The basic
structure of all these attributes always follows this model:
.. code-block:: ruby
# usual config option that should eventually be saved to the node object
default['openstack'][service]['conf'][section][key][value]
# configuration options like passwords that should not be saved in the node
# object
default['openstack'][service]['conf_secrets'][section][key][value]
Recipes
=======
openstack-common::client
------------------------
- Install the common python openstack client package
openstack-common::completions
-----------------------------
- Install bash completions for openstack client
openstack-common::default
-------------------------
- Installs/Configures common recipes
openstack-common::etcd
----------------------
- Installs and starts etcd
openstack-common::logging
-------------------------
- Installs/Configures common logging
openstack-common::sysctl
------------------------
- Iterates over the contents of the ``node['openstack']['sysctl']``
hash and executes the ``sysctl`` resource.
Data Bags
=========
This cookbook contains Libraries to work with passwords and secrets in
databags. Databags can be unencrypted (for dev) or encrypted (for prod).
In addition to traditionally encrypted data bags they can also be
created as chef-vault items. To read more about chef-vault and how to
use it, go to https://docs.chef.io/chef_vault.html.
Documentation for Attributes for selecting databag format can be found
in the attributes section of this cookbook.
Documentation for format of these Databags can be found in the
`Openstack Chef
Repo <https://opendev.org/openstack/openstack-chef#data-bags>`__
repository.
Resources
=========
This cookbook provides the ``openstack_database`` custom resource. When
this cookbook is included as dependency, this custom resource can be
used to create databases needed by the OpenStack services.
.. code-block:: ruby
depends 'openstack-common'
.. code-block:: ruby
openstack_database 'compute' do
user 'nova'
pass 'supersecret'
end
An example of the usage can be seen here
https://opendev.org/openstack/cookbook-openstack-ops-database/src/branch/master/recipes/openstack-db.rb
.
Libraries
=========
This cookbook exposes a set of default library routines:
- ``cli`` -- Used to call openstack CLIs
- ``endpoint`` -- Used to return a ``::URI`` object representing the
named OpenStack endpoint
- ``internal_endpoint`` -- Used to return a ``::URI`` object
representing the named OpenStack internal endpoint if one was
specified. Otherwise, it will return the same value as ``endpoint``.
- ``public_endpoint`` -- Used to return a ``::URI`` object representing
the named OpenStack public endpoint if one was specified. Otherwise,
it will return the same value as ``endpoint``.
- ``endpoints`` -- Useful for operating on all OpenStack endpoints
- ``db`` -- Returns a Hash of information about a named OpenStack
database
- ``db_uri`` -- Returns the SQLAlchemy RFC-1738 DB URI (see:
http://rfc.net/rfc1738.html) for a named OpenStack database
- ``secret`` -- Returns the value of an encrypted data bag for a named
OpenStack secret key and key-section
- ``get_password`` -- Ease-of-use helper that returns the decrypted
password for a named database, service or keystone user.
- ``matchers`` -- A custom matcher(``render_config_file``) for testing
ini format file section content by ``with_section_content``.
Examples
========
The following are code examples showing the above library routines in
action. Remember when using the library routines exposed by this library
to include the Openstack routines in your recipe's ``::Chef::Recipe``
namespace, like so:
.. code-block:: ruby
class ::Chef::Recipe
include ::Openstack
end
Example of using the ``endpoint`` routine:
.. code-block:: ruby
nova_api_ep = endpoint "compute-api"
::Chef::Log.info("Using Openstack Compute API endpoint at #{nova_api_ep.to_s}")
# Note that endpoint URIs may contain variable interpolation markers such
# as `%(tenant_id)s`, so you may need to decode them. Do so like this:
require "uri"
puts ::URI.decode nova_api_ap.to_s
Example of using the ``get_password`` and ``db_uri`` routine:
.. code-block:: ruby
db_pass = get_password "db" "cinder"
db_user = node["cinder"]["db"]["user"]
sql_connection = db_uri "volume", db_user, db_pass
template "/etc/cinder/cinder.conf" do
source "cinder.conf.erb"
owner node["cinder"]["user"]
group node["cinder"]["group"]
mode 00644
variables(
"sql_connection" => sql_connection
)
end
URI Operations
--------------
Use the ``Openstack::uri_from_hash`` routine to helpfully return a
``::URI::Generic`` object for a hash that contains any of the following
keys:
- ``host``
- ``uri``
- ``port``
- ``path``
- ``scheme``
If the ``uri`` key is in the hash, that will be used as the URI,
otherwise the URI will be constructed from the various parts of the hash
corresponding to the keys above.
.. code-block:: ruby
# Suppose node hash contains the following subhash in the :identity_service key:
# {
# :host => 'identity.example.com',
# :port => 5000,
# :scheme => 'https'
# }
uri = ::Openstack::uri_from_hash(node[:identity_service])
# uri.to_s would == "https://identity.example.com:5000"
The routine will return nil if neither a ``uri`` or ``host`` key exists
in the supplied hash.
Using the library without prefixing with ::Openstack
----------------------------------------------------
Don't like prefixing calls to the library's routines with
``::Openstack``? Do this:
.. code-block:: ruby
class ::Chef::Recipe
include ::Openstack
end
in your recipe.
License and Author
==================
+-----------------+-------------------------------------------------+
| **Author** | Jay Pipes (jaypipes@att.com) |
+-----------------+-------------------------------------------------+
| **Author** | John Dewey (jdewey@att.com) |
+-----------------+-------------------------------------------------+
| **Author** | Matt Ray (matt@opscode.com) |
+-----------------+-------------------------------------------------+
| **Author** | Craig Tracey (craigtracey@gmail.com) |
+-----------------+-------------------------------------------------+
| **Author** | Sean Gallagher (sean.gallagher@att.com) |
+-----------------+-------------------------------------------------+
| **Author** | Ionut Artarisi (iartarisi@suse.cz) |
+-----------------+-------------------------------------------------+
| **Author** | Chen Zhiwei (zhiwchen@cn.ibm.com) |
+-----------------+-------------------------------------------------+
| **Author** | Brett Campbell (brett.campbell@rackspace.com) |
+-----------------+-------------------------------------------------+
| **Author** | Mark Vanderwiel (vanderwl@us.ibm.com) |
+-----------------+-------------------------------------------------+
| **Author** | Jan Klare (j.klare@cloudbau.de) |
+-----------------+-------------------------------------------------+
| **Author** | Christoph Albers (c.albers@x-ion.de) |
+-----------------+-------------------------------------------------+
| **Author** | Jens Harbott (j.harbott@x-ion.de) |
+-----------------+-------------------------------------------------+
| **Author** | Lance Albertson (lance@osuosl.org) |
+-----------------+-------------------------------------------------+
+-----------------+--------------------------------------------------+
| **Copyright** | Copyright (c) 2012-2013, AT&T Services, Inc. |
+-----------------+--------------------------------------------------+
| **Copyright** | Copyright (c) 2013, Opscode, Inc. |
+-----------------+--------------------------------------------------+
| **Copyright** | Copyright (c) 2013, Craig Tracey |
+-----------------+--------------------------------------------------+
| **Copyright** | Copyright (c) 2013-2014, SUSE Linux GmbH |
+-----------------+--------------------------------------------------+
| **Copyright** | Copyright (c) 2013-2015, IBM, Corp. |
+-----------------+--------------------------------------------------+
| **Copyright** | Copyright (c) 2013-2014, Rackspace US, Inc. |
+-----------------+--------------------------------------------------+
| **Copyright** | Copyright (c) 2016-2019, x-ion GmbH |
+-----------------+--------------------------------------------------+
| **Copyright** | Copyright (c) 2016-2021, Oregon State University |
+-----------------+--------------------------------------------------+
Licensed under the Apache License, Version 2.0 (the "License"); you may
not use this file except in compliance with the License. You may obtain
a copy of the License at
::
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
For any further questions, please email
openstack-discuss@lists.openstack.org or join #openstack-dev on
OFTC.

51
Rakefile
View File

@ -1,51 +0,0 @@
task default: ['test']
task test: [:syntax, :unit]
desc 'Vendor the cookbooks in the Berksfile'
task :berks_prep do
sh %(chef exec berks vendor)
end
desc 'Run CookStyle (syntax & lint) tests'
task :syntax do
sh %(delivery local lint)
end
desc 'Run RSpec (unit) tests'
task unit: :berks_prep do
sh %(delivery local unit)
end
desc 'Remove the berks-cookbooks directory and the Berksfile.lock'
task :clean do
rm_rf [
'berks-cookbooks',
'Berksfile.lock',
]
end
desc 'All-in-One Neutron build'
task integration: :common_integration do
# Noop
end
desc 'Common task used by all cookbooks for integration test'
task :common_integration do
# Use the berksfile support to make use of the existing patch clones.
# Make a sym link from workspace/gate-cookbook-openstack-common-chef-rake-integration
# to workspace/cookbook-openstack-common
patch_dir = Dir.pwd
patch_dir_berks = ENV['ZUUL_PROJECT'].split('/')[1]
sh %(ls -la ..)
sh %(ls -la ../..)
sh %(sudo ln -s #{patch_dir} ../#{patch_dir_berks})
unless Dir.exist?('../openstack-chef')
sh %(git clone --depth 1 https://opendev.org/openstack/openstack-chef ../openstack-chef)
end
Dir.chdir('../openstack-chef') do
sh %(chef exec rake integration)
end
end

30
TESTING.md
View File

@ -1,30 +0,0 @@
# Testing the Cookbook #
This cookbook uses [chefdk](https://downloads.chef.io/chef-dk/) and [berkshelf](http://berkshelf.com/) to isolate dependencies. Make sure you have chefdk and the header files for `gecode` installed before continuing. Make sure that you're using gecode version 3. More info [here](https://github.com/opscode/dep-selector-libgecode/tree/0bad63fea305ede624c58506423ced697dd2545e#using-a-system-gecode-instead). For more detailed information on what needs to be installed, you can have a quick look into the bootstrap.sh file in this repository, which does install all the needed things to get going on ubuntu trusty. The tests defined in the Rakefile include lint, style and unit. For integration testing please refere to the [openstack-chef-repo](https://github.com/openstack/openstack-chef-repo).
We have three test suites which you can run either, individually (there are three rake tasks):
$ chef exec rake lint
$ chef exec rake style
$ chef exec rake unit
or altogether:
$ chef exec rake
The `rake` tasks will take care of installing the needed cookbooks with `berkshelf`.
## Rubocop ##
[Rubocop](https://github.com/bbatsov/rubocop) is a static Ruby code analyzer, based on the community [Ruby style guide](https://github.com/bbatsov/ruby-style-guide). We are attempting to adhere to this where applicable, slowly cleaning up the cookbooks until we can turn on Rubocop for gating the commits.
## Foodcritic ##
[Foodcritic](http://acrmp.github.io/foodcritic/) is a lint tool for Chef cookbooks. We ignore the following rules:
* [FC003](http://acrmp.github.io/foodcritic/#FC003) These cookbooks are not intended for Chef Solo.
* [FC023](http://acrmp.github.io/foodcritic/#FC023) Prefer conditional attributes.
## Chefspec
[ChefSpec](https://github.com/sethvargo/chefspec) is a unit testing framework for testing Chef cookbooks. ChefSpec makes it easy to write examples and get fast feedback on cookbook changes without the need for virtual machines or cloud servers.

207
attributes/database.rb
View File

@ -1,207 +0,0 @@
#
# Cookbook:: openstack-common
# Attributes:: database
#
# Copyright:: 2012-2021, AT&T Services, Inc.
# Copyright:: 2013-2021, SUSE Linux GmbH
# Copyright:: 2020-2021, Oregon State University
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# ======================== OpenStack DB Support ================================
#
# This section of node attributes stores information about the database hosts
# used in an OpenStack deployment.
#
# There is no 'scheme' key. Instead, there is a 'service_type' key that should
# contain one of 'sqlite', 'mysql', or 'postgresql'
#
# The ::Openstack::db(<SERVICE_NAME>) library routine allows a lookup from any recipe
# to this array, returning the host information for the server that contains
# the database for <SERVICE_NAME>, where <SERVICE_NAME> is one of 'compute' (Nova),
# 'image' (Glance), 'identity' (Keystone), 'network' (Neutron), or 'volume' (Cinder)
#
# The ::Openstack::db_connection(<SERVICE_NAME>, <USER>, <PASSWORD>) library routine
# returns the SQLAlchemy DB URI for <SERVICE_NAME>, with the supplied user and password
# that a calling service might be using when connecting to the database.
#
# For example, let's assume that the database that is used by the OpenStack Identity
# service (Keystone) is configured as follows:
#
# host: 192.168.0.3
# port: 3306
# service_type: mysql
# db_name: keystone
#
# Further suppose that a node running the OpenStack Identity API service needs to
# connect to the above identity database server. It has the following in it's node
# attributes:
#
# node['openstack']['db']['identity']['username'] = 'keystone'
#
# In a 'keystone' recipe, you might find the following code:
#
# user = node['openstack']['db']['identity']['username']
# pass = get_password 'db', 'keystone'
#
# sql_connection = ::Openstack::db_uri('identity', user, pass)
#
# The sql_connection variable would then be set to "mysql://keystone:password@192.168.0.3:keystone"
# and could then be written to the keystone.conf file in a template.
#
# Database Migrations:
#
# node['openstack']['db'][<SERVICE_NAME>]['migrate']
#
# The above attribute causes database migrations to be executed for the given
# service. There are cases where migrations should not be executed. For
# example when upgrading a zone, and the image or identity database are replicated
# across many zones.
#
# ******************** Database Endpoint **************************************
%w(endpoints bind_service).each do |type|
default['openstack'][type]['db']['host'] = '127.0.0.1'
default['openstack'][type]['db']['port'] = '3306'
end
default['openstack']['bind_service']['db']['interface'] = nil
default['openstack']['endpoints']['db']['enabled_slave'] = false
default['openstack']['endpoints']['db']['slave_host'] = '127.0.0.1'
default['openstack']['endpoints']['db']['slave_port'] = '3316'
# If you bind the database to a specific ip-address (you can only choose one
# here for mysql, so 127.0.0.1 + external address is not an option), to allow
# the services and applications to access it via this one, you probably do not
# want to allow the db root user to access it via this external address. In this
# case you have the option to allow root access only via localhost, which
# will work for mysql databases, since it will use a direct connection via
# the socket, so the database does not have not to listen on 127.0.0.1.
# Set this to 'localhost' for mysql to connect via socket.
default['openstack']['endpoints']['db']['host_for_db_root_user'] = 'localhost'
# Default database attributes
default['openstack']['db']['server_role'] = 'os-ops-database'
# Database charset during create database
default['openstack']['db']['charset'] = {
mysql: 'utf8',
'percona-cluster' => 'utf8',
mariadb: 'utf8',
postgresql: nil,
pgsql: nil,
sqlite: nil,
nosql: nil,
galera: 'utf8',
}
# Database connection options. Should include starting '?'
default['openstack']['db']['options'] = {
mysql: "?charset=#{node['openstack']['db']['charset']['mysql']}",
'percona-cluster' => "?charset=#{node['openstack']['db']['charset']['percona-cluster']}",
mariadb: "?charset=#{node['openstack']['db']['charset']['mariadb']}",
sqlite: '',
nosql: '',
galera: "?charset=#{node['openstack']['db']['charset']['galera']}",
}
# platform and DBMS-specific python client packages
default['openstack']['db']['python_packages'] = {
postgresql: [],
sqlite: [],
}
case node['platform_family']
when 'rhel'
default['openstack']['db']['service_type'] = 'mariadb'
if node['platform_version'].to_i >= 8
default['openstack']['db']['python_packages']['mariadb'] = ['python3-PyMySQL']
default['openstack']['db']['python_packages']['percona-cluster'] = ['python3-PyMySQL']
default['openstack']['db']['python_packages']['galera'] = ['python3-PyMySQL']
else
default['openstack']['db']['python_packages']['mariadb'] = ['MySQL-python']
default['openstack']['db']['python_packages']['percona-cluster'] = ['MySQL-python']
default['openstack']['db']['python_packages']['galera'] = ['MySQL-python']
end
when 'debian'
default['openstack']['db']['service_type'] = 'mariadb'
default['openstack']['db']['python_packages']['mariadb'] = ['python3-mysqldb']
default['openstack']['db']['python_packages']['percona-cluster'] = ['python3-mysqldb']
default['openstack']['db']['python_packages']['galera'] = ['python3-mysqldb']
end
# database sockets, because different
case node['platform_family']
when 'rhel'
default['openstack']['db']['socket'] = '/var/lib/mysql/mysql.sock'
when 'debian'
default['openstack']['db']['socket'] = '/var/run/mysqld/mysqld.sock'
end
# Database used by the OpenStack services
node['openstack']['common']['services'].each do |service, project|
default['openstack']['db'][service]['service_type'] = node['openstack']['db']['service_type']
default['openstack']['db'][service]['host'] = node['openstack']['endpoints']['db']['host']
default['openstack']['db'][service]['port'] = node['openstack']['endpoints']['db']['port']
default['openstack']['db'][service]['db_name'] = project
default['openstack']['db'][service]['username'] = project
default['openstack']['db'][service]['options'] = node['openstack']['db']['options']
default['openstack']['db'][service]['slave_host'] = node['openstack']['endpoints']['db']['slave_host']
default['openstack']['db'][service]['slave_port'] = node['openstack']['endpoints']['db']['slave_port']
default['openstack']['db'][service]['socket'] = node['openstack']['db']['socket']
case service
when 'dashboard'
default['openstack']['db'][service]['migrate'] = true
when 'identity'
default['openstack']['db'][service]['migrate'] = true
when 'image'
default['openstack']['db'][service]['migrate'] = true
when 'network'
# The SQLAlchemy connection string used to connect to the slave database
default['openstack']['db'][service]['slave_connection'] = ''
# Database reconnection retry times - in event connectivity is lost
default['openstack']['db'][service]['max_retries'] = 10
# Database reconnection interval in seconds - if the initial connection to the database fails
default['openstack']['db'][service]['retry_interval'] = 10
# Minimum number of SQL connections to keep open in a pool
default['openstack']['db'][service]['min_pool_size'] = 1
# Maximum number of SQL connections to keep open in a pool
default['openstack']['db'][service]['max_pool_size'] = 10
# Timeout in seconds before idle sql connections are reaped
default['openstack']['db'][service]['idle_timeout'] = 3600
# If set, use this value for max_overflow with sqlalchemy
default['openstack']['db'][service]['max_overflow'] = 20
# Verbosity of SQL debugging information. 0=None, 100=Everything
default['openstack']['db'][service]['connection_debug'] = 0
# Add python stack traces to SQL as comment strings
default['openstack']['db'][service]['connection_trace'] = false
# If set, use this value for pool_timeout with sqlalchemy
default['openstack']['db'][service]['pool_timeout'] = 10
when 'telemetry'
default['openstack']['db'][service]['nosql']['used'] = false
default['openstack']['db'][service]['nosql']['port'] = '27017'
end
end
# DB key to the get_password library routine
default['openstack']['db']['root_user_key'] = 'mysqlroot'

357
attributes/default.rb
View File

@ -1,357 +0,0 @@
#
# Cookbook:: openstack-common
# Attributes:: default
#
# Copyright:: 2012-2021, AT&T Services, Inc.
# Copyright:: 2013-2021, SUSE Linux GmbH
# Copyright:: 2016-2021, Oregon State University
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# Release mode toggle for testing frameworks. Defaults to false.
# Override this to true at the environment level when you're ready.
default['openstack']['is_release'] = false
# Set to some text value if you want templated config files
# to contain a custom banner at the top of the written file
default['openstack']['common']['custom_template_banner'] = '
# This file is automatically generated by Chef
# Any changes will be overwritten
'
# OpenStack services and their project names
default['openstack']['common']['services'] = {
'aodh' => 'aodh',
'baremetal' => 'ironic',
'bare_metal' => 'ironic',
'block_storage' => 'cinder',
'block-storage' => 'cinder',
'compute' => 'nova',
'compute_api' => 'nova_api',
'compute_cell0' => 'nova_cell0',
'dashboard' => 'horizon',
'database' => 'trove',
'dns' => 'designate',
'identity' => 'keystone',
'image' => 'glance',
'load_balancer' => 'octavia',
'network' => 'neutron',
'object_storage' => 'swift',
'orchestration' => 'heat',
'placement' => 'placement',
'telemetry' => 'ceilometer',
'telemetry_metric' => 'gnocchi',
'application_catalog' => 'murano',
}
# Setting this to True means that database passwords and service user
# passwords for Keystone will be easy-to-remember values -- they will be
# the same value as the key. For instance, if a cookbook calls the
# ::Openstack::secret routine like so:
#
# pass = secret "passwords", "nova"
#
# The value of pass will be "nova"
#
# Use data bags for storing passwords
# Set this to false in order to get the passwords from attributes like:
# node['openstack']['secret'][key][type]
default['openstack']['use_databags'] = true
# Set databag type
# acceptable values 'encrypted', 'standard', 'vault'
# Set this to 'standard' in order to use regular databags.
# this is not recommended for anything other than dev/CI
# type environments. Storing real secrets in plaintext = craycray.
# In addition to the encrypted data_bags which are an included
# feature of the official chef project, you can use 'vault' to
# encrypt your secrets with the method provided in the chef-vault gem.
default['openstack']['databag_type'] = 'encrypted'
default['openstack']['vault_gem_version'] = '~> 3.2'
# Default attributes when not using data bags (use_databags = false)
node['openstack']['common']['services'].each_key do |service|
%w(user service db token).each do |type|
default['openstack']['secret'][service][type] = "#{service}-#{type}"
end
end
# The type of token signing to use (uuid or fernet)
default['openstack']['auth']['strategy'] = 'fernet'
# Set to true where using self-signed certs (in testing environments)
default['openstack']['auth']['validate_certs'] = true
# ========================= Encrypted Databag Setup ===========================
#
# The openstack-common cookbook's default library contains a `secret`
# routine that looks up the value of encrypted databag values. This routine
# uses the secret key file located at the following location to decrypt the
# values in the data bag.
default['openstack']['secret']['key_path'] = '/etc/chef/openstack_data_bag_secret'
# The name of the encrypted data bag that stores openstack secrets
default['openstack']['secret']['secrets_data_bag'] = 'secrets'
# The name of the encrypted data bag that stores service user passwords, with
# each key in the data bag corresponding to a named OpenStack service, like
# "nova", "cinder", etc.
default['openstack']['secret']['service_passwords_data_bag'] = 'service_passwords'
# The name of the encrypted data bag that stores DB passwords, with
# each key in the data bag corresponding to a named OpenStack database, like
# "nova", "cinder", etc.
default['openstack']['secret']['db_passwords_data_bag'] = 'db_passwords'
# The name of the encrypted data bag that stores Keystone user passwords, with
# each key in the data bag corresponding to a user (Keystone or otherwise).
default['openstack']['secret']['user_passwords_data_bag'] = 'user_passwords'
# ========================= Package and Repository Setup ======================
#
# Various Linux distributions provide OpenStack packages and repositories.
# The provide some sensible defaults, but feel free to override per your
# needs.
# The coordinated release of OpenStack codename
default['openstack']['release'] = 'train'
# The Ubuntu Cloud Archive has packages for multiple Ubuntu releases. For
# more information, see: https://wiki.ubuntu.com/ServerTeam/CloudArchive.
# In the component strings, %codename% will be replaced by the value of
# the node['lsb']['codename'] Ohai value and %release% will be replaced
# by the value of node['openstack']['release']
#
# Change ['openstack']['apt']['update_apt_cache'] to true if you would like
# have the cache automatically updated
default['openstack']['apt']['update_apt_cache'] = false
default['openstack']['apt']['live_updates_enabled'] = true
default['openstack']['apt']['uri'] = 'http://ubuntu-cloud.archive.canonical.com/ubuntu'
default['openstack']['apt']['components'] = ['main']
default['openstack']['yum']['update_yum_cache'] = false
default['openstack']['yum']['rdo_enabled'] = true
default['openstack']['yum']['uri'] =
if node['platform_version'].to_i >= 8
# TODO: Train has been archived to vault for RHEL 8
# "http://mirror.centos.org/centos/$releasever/cloud/$basearch/openstack-#{node['openstack']['release']}"
"https://vault.centos.org/8.5.2111/cloud/x86_64/openstack-#{node['openstack']['release']}/"
else
"http://mirror.centos.org/centos/$releasever/cloud/$basearch/openstack-#{node['openstack']['release']}"
end
default['openstack']['yum']['repo-key'] = "https://github.com/rdo-infra/rdo-release/raw/#{node['openstack']['release']}-rdo/RPM-GPG-KEY-CentOS-SIG-Cloud"
# Enforcing GnuPG signature check for RDO repo. Set this to false if you want to disable the check.
default['openstack']['yum']['gpgcheck'] = true
default['openstack']['endpoints']['family'] = 'inet'
# Set a default region that other regions are set to - such that changing the region for all services can be done in one place
default['openstack']['region'] = 'RegionOne'
# Allow configured loggers in logging.conf
default['openstack']['logging']['loggers'] = {
'root' => {
'level' => 'NOTSET',
'handlers' => 'devel',
},
'ceilometer' => {
'level' => 'DEBUG',
'handlers' => 'prod,debug',
'qualname' => 'ceilometer',
},
'cinder' => {
'level' => 'DEBUG',
'handlers' => 'prod,debug',
'qualname' => 'cinder',
},
'glance' => {
'level' => 'DEBUG',
'handlers' => 'prod,debug',
'qualname' => 'glance',
},
'horizon' => {
'level' => 'DEBUG',
'handlers' => 'prod,debug',
'qualname' => 'horizon',
},
'keystone' => {
'level' => 'DEBUG',
'handlers' => 'prod,debug',
'qualname' => 'keystone',
},
'nova' => {
'level' => 'DEBUG',
'handlers' => 'prod,debug',
'qualname' => 'nova',
},
'neutron' => {
'level' => 'DEBUG',
'handlers' => 'prod,debug',
'qualname' => 'neutron',
},
'trove' => {
'level' => 'DEBUG',
'handlers' => 'prod,debug',
'qualname' => 'trove',
},
'amqplib' => {
'level' => 'WARNING',
'handlers' => 'stderr',
'qualname' => 'amqplib',
},
'sqlalchemy' => {
'level' => 'WARNING',
# "level' => 'INFO" logs SQL queries.
# "level' => 'DEBUG" logs SQL queries and results.
# "level' => 'WARNING" logs neither. (Recommended for production systems.)
'handlers' => 'stderr',
'qualname' => 'sqlalchemy',
},
'boto' => {
'level' => 'WARNING',
'handlers' => 'stderr',
'qualname' => 'boto',
},
'suds' => {
'level' => 'INFO',
'handlers' => 'stderr',
'qualname' => 'suds',
},
'eventletwsgi' => {
'level' => 'WARNING',
'handlers' => 'stderr',
'qualname' => 'eventlet.wsgi.server',
},
'nova_api_openstack_wsgi' => {
'level' => 'WARNING',
'handlers' => 'prod,debug',
'qualname' => 'nova.api.openstack.wsgi',
},
'nova_osapi_compute_wsgi_server' => {
'level' => 'WARNING',
'handlers' => 'prod,debug',
'qualname' => 'nova.osapi_compute.wsgi.server',
},
}
# Allow configured formatters in logging.conf
default['openstack']['logging']['formatters'] = {
'normal' => {
'format' => '%(asctime)s %(levelname)s %(message)s',
},
'normal_with_name' => {
'format' => '[%(name)s]: %(asctime)s %(levelname)s %(message)s',
},
'debug' => {
'format' => '[%(name)s]: %(asctime)s %(levelname)s %(module)s.%(funcName)s %(message)s',
},
'syslog_with_name' => {
'format' => '%(name)s: %(levelname)s %(message)s',
},
'syslog_debug' => {
'format' => '%(name)s: %(levelname)s %(module)s.%(funcName)s %(message)s',
},
}
# Allow configured logging handlers in logging.conf
default['openstack']['logging']['handlers'] = {
'stderr' => {
'args' => '(sys.stderr,)',
'class' => 'StreamHandler',
'formatter' => 'debug',
},
'devel' => {
'args' => '(sys.stdout,)',
'class' => 'StreamHandler',
'formatter' => 'debug',
'level' => 'NOTSET',
},
'prod' => {
'args' => '((\'/dev/log\'), handlers.SysLogHandler.LOG_LOCAL0)',
'class' => 'handlers.SysLogHandler',
'formatter' => 'syslog_with_name',
'level' => 'INFO',
},
'debug' => {
'args' => '((\'/dev/log\'), handlers.SysLogHandler.LOG_LOCAL1)',
'class' => 'handlers.SysLogHandler',
'formatter' => 'syslog_debug',
'level' => 'DEBUG',
},
}
default['openstack']['memcached_servers'] = nil
# Default sysctl settings
default['openstack']['sysctl']['net.ipv4.conf.all.rp_filter'] = 0
default['openstack']['sysctl']['net.ipv4.conf.default.rp_filter'] = 0
case node['platform_family']
when 'rhel'
default['openstack']['common']['platform'] =
if node['platform_version'].to_i >= 8
{
'common_client_packages' => ['python3-openstackclient'],
'python_packages' => %w(
python3-pip
python3-setuptools
python3-virtualenv
python3-wheel
python36
python36-devel
),
'package_overrides' => '',
}
else
{
'common_client_packages' => ['python-openstackclient'],
'python_packages' => %w(
python
python2-pip
python2-setuptools
python-devel
python-virtualenv
python-wheel
),
'package_overrides' => '',
}
end
when 'debian'
default['openstack']['common']['platform'] = {
'common_client_packages' => ['python3-openstackclient'],
'python_packages' => %w(
python3
python3-dev
python3-pip
python3-setuptools
python3-virtualenv
python3-wheel
virtualenv
),
'package_overrides' => '',
}
end
# The location of the OSC bash completion file
default['openstack']['common']['bash_complete'] = '/etc/bash_completion.d/osc.bash_completion'
# Set maximum count for searches [1]
# [1] https://review.opendev.org/60126
default['openstack']['common']['search_count_max'] = 7
# The name of the Chef role that installs the Keystone Service API
default['openstack']['identity_service_chef_role'] = 'os-identity'
# The name of the Chef role that sets up the compute worker
default['openstack']['compute_worker_chef_role'] = 'os-compute-worker'

125
attributes/messaging.rb
View File

@ -1,125 +0,0 @@
#
# Cookbook:: openstack-common
# Attributes:: messaging
#
# Copyright:: 2012-2021, AT&T Services, Inc.
# Copyright:: 2013-2021, SUSE Linux GmbH
# Copyright:: 2013-2021, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# The rabbitmq user's password is stored in an encrypted databag and accessed
# with openstack-common cookbook library's user_password routine. You are
# expected to create the user, pass, vhost in a wrapper rabbitmq cookbook.
#
# ******************** RabbitMQ Endpoint **************************************
%w(endpoints bind_service).each do |type|
default['openstack'][type]['mq']['host'] = '127.0.0.1'
default['openstack'][type]['mq']['port'] = '5672'
end
default['openstack']['bind_service']['mq']['interface'] = nil
###################################################################
# Services to assign mq attributes for
###################################################################
services =
%w(
aodh
bare_metal
baremetal
block-storage
block_storage
compute
database
dns
identity
image
load_balancer
network
orchestration
placement
telemetry
)
###################################################################
# Generic default attributes
###################################################################
default['openstack']['mq']['server_role'] = 'os-ops-messaging'
default['openstack']['mq']['service_type'] = 'rabbit'
default['openstack']['mq']['user'] = 'openstack'
default['openstack']['mq']['vhost'] = '/'
# defined in oslo/messaging/_drivers/amqp.py
default['openstack']['mq']['durable_queues'] = false
default['openstack']['mq']['auto_delete'] = false
###################################################################
# Default rabbit values (for attribute assignment below)
###################################################################
# global switch for handling rabbit ssl
default['openstack']['mq']['rabbitmq']['use_ssl'] = false
# SSL version to use (valid only if SSL enabled)
default['openstack']['mq']['rabbitmq']['kombu_ssl_version'] = nil
# SSL key file (valid only if SSL enabled)
default['openstack']['mq']['rabbitmq']['kombu_ssl_keyfile'] = nil
# SSL cert file (valid only if SSL enabled)
default['openstack']['mq']['rabbitmq']['kombu_ssl_certfile'] = nil
# SSL certification authority file (valid only if SSL enabled)
default['openstack']['mq']['rabbitmq']['kombu_ssl_ca_certs'] = nil
# How long to wait before reconnecting in response to an AMQP consumer cancel notification
default['openstack']['mq']['rabbitmq']['kombu_reconnect_delay'] = 1.0
# How long to wait before considering a reconnect attempt to have failed.
# This value should not be longer than rpc_response_timeout
default['openstack']['mq']['rabbitmq']['kombu_reconnect_timeout'] = 60
# global switch for handling rabbit ha
default['openstack']['mq']['rabbitmq']['ha'] = false
# global switch for number of seconds after which the Rabbit broker is considered down if heartbeat's keep-alive fails (0 disable the heartbeat)
default['openstack']['mq']['rabbitmq']['heartbeat_timeout_threshold'] = 0
# global switch for how often times during the heartbeat_timeout_threshold we check the heartbeat
default['openstack']['mq']['rabbitmq']['heartbeat_rate'] = 2
rabbit_defaults = {
rabbit_max_retries: 0,
rabbit_retry_interval: 1,
userid: node['openstack']['mq']['user'],
vhost: node['openstack']['mq']['vhost'],
port: node['openstack']['endpoints']['mq']['port'],
host: node['openstack']['endpoints']['mq']['host'],
ha: node['openstack']['mq']['rabbitmq']['ha'],
heartbeat_timeout_threshold: node['openstack']['mq']['rabbitmq']['heartbeat_timeout_threshold'],
heartbeat_rate: node['openstack']['mq']['rabbitmq']['heartbeat_rate'],
use_ssl: node['openstack']['mq']['rabbitmq']['use_ssl'],
kombu_ssl_version: node['openstack']['mq']['rabbitmq']['kombu_ssl_version'],
kombu_ssl_keyfile: node['openstack']['mq']['rabbitmq']['kombu_ssl_keyfile'],
kombu_ssl_certfile: node['openstack']['mq']['rabbitmq']['kombu_ssl_certfile'],
kombu_ssl_ca_certs: node['openstack']['mq']['rabbitmq']['kombu_ssl_ca_certs'],
kombu_reconnect_delay: node['openstack']['mq']['rabbitmq']['kombu_reconnect_delay'],
kombu_reconnect_timeout: node['openstack']['mq']['rabbitmq']['kombu_reconnect_timeout'],
}
###################################################################
# Assign default mq attributes for every service
###################################################################
services.each do |svc|
default['openstack']['mq'][svc]['service_type'] = node['openstack']['mq']['service_type']
default['openstack']['mq'][svc]['durable_queues'] =
node['openstack']['mq']['durable_queues']
default['openstack']['mq'][svc]['auto_delete'] =
node['openstack']['mq']['auto_delete']
rabbit_defaults.each do |key, val|
default['openstack']['mq'][svc]['rabbit'][key.to_s] = val
end
end

138
libraries/cli.rb
View File

@ -1,138 +0,0 @@
#
# Cookbook:: openstack-common
# library:: cli
#
# Copyright:: 2014-2021, IBM Corp.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
require 'chef/mixin/shell_out'
include Chef::Mixin::ShellOut
require 'uri'
# CLI methods
module ::Openstack
# return an environment suitable for calling openstack commands.
#
# @param [String] user name
# @param [String] tenant name
# @return [Hash] environment
def openstack_command_env(name, project, user_domain, project_domain)
identity_endpoint = public_endpoint 'identity'
auth_url = identity_endpoint.to_s
pass = get_password 'user', name
{
'OS_USERNAME' => name,
'OS_PASSWORD' => pass,
'OS_PROJECT_NAME' => project,
'OS_USER_DOMAIN_NAME' => user_domain,
'OS_PROJECT_DOMAIN_NAME' => project_domain,
'OS_IDENTITY_API_VERSION' => '3',
'OS_AUTH_URL' => auth_url,
}
end
# return stdout from calling an openstack command.
#
# @param [String] command to run
# @param [String] command options
# @param [Hash] environment to use
# @param [Hash] optional command argument/values pairs
# @return [String] stdout or fail
#
def openstack_command(cmd, options = '', env = {}, args = {})
# NOTE: Here we split options (which creates an array) and then merge that
# array into [cmd]. This is done to accomdate cmd + options like:
# keystone user-list
# glance image-show <id|name>
openstackcmd = [cmd]
args.each do |key, val|
openstackcmd << "--#{key}"
openstackcmd << val.to_s unless val.to_s.empty?
end
# If options is a string, split on whitespace into array; otherwise, assume
# it is an array already and leave it untouched.
options = options.split if options.instance_of? String
openstackcmd = openstackcmd.concat(options)
Chef::Log.debug("Running openstack command: #{openstackcmd} with environment: #{env}")
result = shell_out(openstackcmd, env: env)
Chef::Log.debug("Output for command: #{cmd}:\n#{result.stdout}\n#{result.stderr}")
raise "#{result.stderr} (#{result.exitstatus})" if result.exitstatus != 0
result.stdout
end
# return uuid for a resource.
#
# @param [String] client of resource (keystone, neutron, glance, ...)
# @param [String] type of resource (user, service, tenant, endpoint, role; net, subnet, router, ...)
# @param [String] key of resource to match
# @param [String] value of resource key to match
# @param [Hash] environment to use.
# @param [Hash] optional command argument/values pairs
# @param [String] optional uuid field to match
# @return [String] uuid or nil
#
def get_uuid(client, type, key, value, env, args = {}, uuid_field = 'id') # rubocop: disable Metrics/ParameterLists
begin
output = openstack_command(client, "#{type} list", env, args)
prettytable_to_array(output).each do |obj|
return obj[uuid_field] if obj.key?(uuid_field) && obj[key] == value
end
rescue RuntimeError => e
raise "Could not lookup uuid for #{type}:#{key}=>#{value}. Error was #{e.message}"
end
nil
end
# return uuid for an identity resource.
#
# @param [String] type of resource (user, service, tenant, endpoint, role)
# @param [String] key of resource to match
# @param [String] value of resource key to match
# @param [Hash] environment to use.
# @param [Hash] optional command argument/values pairs
# @param [String] optional uuid field to match
# @return [String] uuid or nil
#
# TODO: update openstack-identity register provider to use these functions.
#
def identity_uuid(*args)
get_uuid('openstack', *args)
end
# return id for a glance image.
#
# @param [String] name of image
# @param [Hash] environment to use.
# @param [Hash] optional command argument/values pairs
# @return [String] id or nil
def image_id(name, env, args = {})
get_uuid('openstack', 'image', 'Name', name, env, args, 'ID')
end
# return uuid for a network resource.
#
# @param [String] type of resource (net, subnet, router, port, ...)
# @param [String] key of resource to match
# @param [String] value of resource key to match
# @param [Hash] environment to use.
# @param [Hash] optional command argument/values pairs
# @param [String] optional uuid field to match
# @return [String] uuid or nil
#
def network_uuid(*args)
get_uuid('openstack', *args)
end
end

46
libraries/config_helpers.rb
View File

@ -1,46 +0,0 @@
#
# Cookbook:: openstack-common
# library:: config_helpers
#
# Copyright:: 2016-2021, cloudbau GmbH
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# config helper methods
module ::Openstack
# return a Mash with config options which can be used for the service config
# templates
# @param [String] service
def merge_config_options(service)
conf = deep_dup(node['openstack'][service]['conf'])
conf_secrets = if node['openstack'][service]['conf_secrets']
deep_dup(node['openstack'][service]['conf_secrets'])
else
{}
end
Chef::Mixin::DeepMerge.merge(conf, conf_secrets)
end
# return a full dup of the given Mash even if nested
# @param kind_of(Mash) can be a Chef::Node::ImmutableMash and will output a
# simple Mash on all layers
def deep_dup(mash)
duplicate = mash.dup
duplicate.each_pair do |k, v|
tv = duplicate[k]
duplicate[k] = tv.is_a?(Hash) && v.is_a?(Hash) ? deep_dup(tv) : v
end
duplicate
end
end

94
libraries/endpoints.rb
View File

@ -1,94 +0,0 @@
#
# Cookbook:: openstack-common
# library:: endpoints
#
# Copyright:: 2012-2021, AT&T Services, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# Endpoint methods
module ::Openstack
# Instead of specifying the verbose node['openstack']['db'][service],
# this shortcut allows the simpler and shorter db(service), where
# service can be: 'compute', 'image', 'identity', 'network', etc.
def db(service)
node['openstack']['db'][service]
rescue
nil
end
# Shortcut to get the transport_url for rabbitmq
def rabbit_transport_url(service)
mq_user = node['openstack']['mq'][service]['rabbit']['userid']
mq_password = get_password 'user', mq_user
mq_port = node['openstack']['endpoints']['mq']['port']
vhost = node['openstack']['mq']['vhost']
mq_host = node['openstack']['endpoints']['mq']['host']
url = 'rabbit://'
if node['openstack']['mq']['cluster']
node['openstack']['mq']['servers'].each do |server|
url += "#{mq_user}:#{mq_password}@#{server}:#{mq_port}"
url += ',' unless node['openstack']['mq']['servers'].last == server
end
else
url += "#{mq_user}:#{mq_password}@#{mq_host}:#{mq_port}"
end
url += vhost
url
end
# Shortcut to get the SQLAlchemy DB URI for a named service
def db_uri(service, user, pass, is_slave = false)
info = db(service)
return unless info
if is_slave
host = info['slave_host']
port = info['slave_port'].to_s
else
host = info['host']
port = info['port'].to_s
end
type = info['service_type']
name = info['db_name']
options = info['options'][type]
# Normalize to the SQLAlchemy standard db type identifier
case type
when 'mariadb', 'galera', 'percona-cluster'
type = 'mysql'
end
# Build uri
case type
when 'mysql'
"mysql+pymysql://#{user}:#{pass}@#{host}:#{port}/#{name}#{options}"
when 'sqlite'
# SQLite uses filepaths not db name
# README(galstrom): 3 slashes is a relative path, 4 slashes is an absolute path
# example: info['path'] = 'path/to/foo.db' -- will return sqlite:///foo.db
# example: info['path'] = '/path/to/foo.db' -- will return sqlite:////foo.db
path = info['path']
"#{type}:///#{path}#{options}"
end
end
# Find the specific endpoint type ('internal' or
# 'public') for the given service.
%w(public internal).each do |ep_type|
define_method("#{ep_type}_endpoint") do |service|
uri_from_hash(node['openstack']['endpoints'][ep_type][service])
end
end
end

101
libraries/matchers.rb
View File

@ -1,101 +0,0 @@
if defined?(ChefSpec)
#
# Test method for ini format file
#
# Example file content:
#
# [section1]
# option1 = value1
# option2 = value2
# [section2]
# option3 = value3
#
# Example file content with dup sections:
#
# [section1]
# option1 = value1
# option2 = value2
# [section2]
# option3 = value3
# [section1]
# option4 = value4
#
# Example custom matcher that can be called in other
# cookbooks.
#
# render_config_file(path).with_section_content(
# 'section1', 'option1 = value1')
# render_config_file(path).with_section_content(
# 'section1', /^option2 = value2$/)
#
def render_config_file(path)
RenderConfigFileMatcher.new(path)
end
#
# Extend the RenderFileMatcher as RenderConfigFileMatcher,
# add a new method with_section_content for ini format file.
#
class RenderConfigFileMatcher < ChefSpec::Matchers::RenderFileMatcher
def with_section_content(section, expected_content)
@section = section
@expected_content << expected_content
self
end
def matches_content?
def section?(line, section = '.*')
return true if line =~ /^[ \t]*\[#{section}\]/
end
def get_section_content(content, section)
within_section = false
section_content = ''
content.split("\n").each do |line|
if section?(line, section)
within_section = true
next
end
start_of_new_section = section?(line)
section_content << "#{line}\n" if within_section && !start_of_new_section
within_section = false if start_of_new_section
end
section_content
end
return true if @expected_content.nil?
@actual_content = ChefSpec::Renderer.new(@runner, resource).content
unless @actual_content.nil?
unless @section.nil?
@actual_content = get_section_content(@actual_content, @section)
end
end
return false if @actual_content.nil?
# Knock out matches that pass. When we're done, we pass if the list is
# empty. Otherwise, @expected_content is the list of matchers that
# failed
@expected_content.delete_if do |expected|
if expected.is_a?(Regexp)
@actual_content =~ expected
elsif RSpec::Matchers.is_a_matcher?(expected)
expected.matches?(@actual_content)
elsif expected.is_a?(Proc)
expected.call(@actual_content)
# Weird RSpecish, but that block will return false for a negated check,
# so we always return true. The block will raise an exception if the
# assertion fails.
true
else
@actual_content.include?(expected)
end
end
@expected_content.empty?
end
end
end

72
libraries/network.rb
View File

@ -1,72 +0,0 @@
#
# Cookbook:: openstack-common
# library:: network
#
# Copyright:: 2012-2021, AT&T Services, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# Network methods
module ::Openstack
# return the IPv4 (default) address of the given interface.
#
# @param [String] interface The interface to query.
# @param [String] family The protocol family to use.
# @param [Mash] nodeish The node object to query.
# @param [Boolean] drop_vips Option to exclude virtual ips with netmask 32 (ipv4) or 128 (ipv6).
# @return [String] The address or log error when address is nil
def address_for(interface, family = node['openstack']['endpoints']['family'], nodeish = node, drop_vips = true)
Chef::Log.debug("address_for(#{interface}, #{family}, #{nodeish})")
if interface == 'all'
case family
when 'inet6'
return '::'
when 'inet'
return '0.0.0.0'
end
end
raise "Interface #{interface} does not exist" unless nodeish['network']['interfaces'][interface]
addresses = nodeish['network']['interfaces'][interface]['addresses']
raise "Interface #{interface} has no addresses assigned" if addresses.to_a.empty?
get_address addresses, family, drop_vips
end
# return the IPv4 (default) address for either interface
# via address_for method or [Hash] host
#
# @param [Hash] service_config pointed to the set Hash
def bind_address(service_config)
iface = service_config['interface']
if iface
address_for(iface)
else
service_config['host']
end
end
private
def get_address(addresses, family, drop_vips)
case family
when 'inet'
vip_prefixlen = '32'
when 'inet6'
vip_prefixlen = '128'
end
addresses.each do |addr, data|
return addr if data['family'] == family && (data['prefixlen'] != vip_prefixlen || !drop_vips)
end
raise "No address for family #{family} found"
end
end

56
libraries/parse.rb
View File

@ -1,56 +0,0 @@
#
# Cookbook:: openstack-common
# library:: parse
#
# Copyright:: 2013-2021, Craig Tracey <craigtracey@gmail.com>
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Parse methods
module ::Openstack
# The current state of (at least some) OpenStack CLI tools do not provide a
# mechanism for outputting data in formats other than PrettyTable output.
# Therefore this function is intended to parse PrettyTable output into a
# usable array of hashes. Similarly, it will flatten Property/Value tables
# into a single element array.
# table - the raw PrettyTable output of the CLI command
# output - array of hashes representing the data.
def prettytable_to_array(table)
ret = []
return ret if table.nil?
indicies = []
table.split(/$/).map(&:strip).each do |line|
next if line.start_with?('+--') || line.empty?
cols = line.split('|').map(&:strip)
cols.shift
if indicies == []
indicies = cols
next
end
newobj = {}
cols.each { |val| newobj[indicies[newobj.length]] = val }
ret.push(newobj)
end
# this kinda sucks, but some prettytable data comes
# as Property Value pairs. If this is the case, then
# flatten it as expected.
newobj = {}
if indicies == %w(Property Value)
ret.each { |x| newobj[x['Property']] = x['Value'] }
[newobj]
else
ret
end
end
end

86
libraries/passwords.rb
View File

@ -1,86 +0,0 @@
#
# Cookbook:: openstack-common
# library:: passwords
#
# Copyright:: 2012-2021, AT&T Services, Inc.
# Copyright:: 2014-2021, SUSE Linux, GmbH.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# Password methods
module ::Openstack
# Library routine that returns an encrypted data bag value
# for a supplied string. The key used in decrypting the
# encrypted value should be located at
# node['openstack']['secret']['key_path'].
#
def secret(bag_name, index)
case node['openstack']['databag_type']
when 'encrypted'
encrypted_secret(bag_name, index)
when 'standard'
standard_secret(bag_name, index)
when 'vault' # chef-vault, by convention use "vault_<bag_name>" as bag_name
vault_secret('vault_' + bag_name, index)
else
::Chef::Log.error("Unsupported value for node['openstack']['databag_type']")
end
end
def encrypted_secret(bag_name, index)
key_path = node['openstack']['secret']['key_path']
::Chef::Log.info "Loading encrypted databag #{bag_name}.#{index} using key at #{key_path}"
secret = ::Chef::EncryptedDataBagItem.load_secret key_path
::Chef::EncryptedDataBagItem.load(bag_name, index, secret)[index]
end
def standard_secret(bag_name, index)
::Chef::Log.info "Loading databag #{bag_name}.#{index}"
::Chef::DataBagItem.load(bag_name, index)[index]
end
def vault_secret(bag_name, index)
begin
require 'chef-vault'
rescue LoadError
Chef::Log.warn("Missing gem 'chef-vault'")
end
::Chef::Log.info "Loading vault secret #{index} from #{bag_name}"
::ChefVault::Item.load(bag_name, index)[index]
end
# Return a password using either data bags or attributes for
# storage. The storage mechanism used is determined by the
# node['openstack']['use_databags'] attribute.
# @param [String] type of password, one of 'user', 'service', 'db' or 'token'
# @param [String] the identifier of the password (usually the
# component name, but can also be a token name
# e.g. openstack_identity_bootstrap_token
def get_password(type, key)
unless %w(db user service token).include?(type)
::Chef::Log.error("Unsupported type for get_password: #{type}")
return
end
if node['openstack']['use_databags']
if type == 'token'
secret node['openstack']['secret']['secrets_data_bag'], key
else
secret node['openstack']['secret']["#{type}_passwords_data_bag"], key
end
else
node['openstack']['secret'][key][type]
end
end
end

87
libraries/search.rb
View File

@ -1,87 +0,0 @@
#
# Cookbook:: openstack-common
# library:: search
#
# Copyright:: 2013-2021, AT&T Services, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# Search methods
module ::Openstack
# Search the nodes environment for the given role or recipe.
#
# @param [String] The role or recipe to be found.
# @return [Array] The matching result or an empty list.
def search_for(r, &block)
role_query = "(chef_environment:#{node.chef_environment} AND roles:#{r})"
recipe_query = "(chef_environment:#{node.chef_environment} AND recipes:#{r})".sub('::', '\:\:')
query = "#{role_query} OR #{recipe_query}"
count = 1
sum = node['openstack']['common']['search_count_max']
while count < sum
resp = search(:node, query, &block)
break unless resp.nil?
sleep 2**count
count += 1
end
resp || []
end
# Returns the value for ['openstack']['memcached_servers'] when
# set, otherwise will perform a search.
#
# @param [String] role The role to be found (optional).
# @return [Array] A list of memcached servers in format
# '<ip>:<port>'.
def memcached_servers(role = 'infra-caching')
if node['openstack']['memcached_servers'].nil?
search_for(role).map do |n|
listen = n['memcached']['listen']
port = n['memcached']['port'] || '11211'
"#{listen}:#{port}"
end.sort
elsif node['openstack']['memcached_servers']
node['openstack']['memcached_servers']
else
[]
end
end
# Returns all rabbit servers.
# Uses the value for ['openstack']['mq']['servers'] when set, otherwise
# will perform a search.
#
# @return [String] Rabbit servers joined by a comma in
# the format of '<ip>:<port>'.
def rabbit_servers
if node['openstack']['mq']['servers']
servers = node['openstack']['mq']['servers']
port = node['openstack']['endpoints']['mq']['port']
servers.map { |s| "#{s}:#{port}" }.join ','
else
role = node['openstack']['mq']['server_role']
search_for(role).map do |n|
# The listen attribute should be saved to the node
# in the wrapper cookbook. See the reference cookbook
# openstack-ops-messaging.
address = n['openstack']['mq']['listen']
port = n['openstack']['endpoints']['mq']['port']
"#{address}:#{port}"
end.sort.join ','
end
end
end

53
libraries/uri.rb
View File

@ -1,53 +0,0 @@
#
# Cookbook:: openstack-common
# library:: uri
#
# Copyright:: 2012-2021, AT&T Services, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
require 'uri'
# TODO(ramereth): Workaround for this issue https://github.com/chef/chef/issues/10452
# require 'addressable/uri'
autoload :Addressable, 'addressable/uri'
# URI methods
module ::Openstack
# Returns a uri::URI from a hash. If the hash has a 'uri' key, the value
# of that is returned. If not, then the routine attempts to construct
# the URI from other parts of the hash. The values of the 'port' and 'path'
# keys are used directly from the hash.
def uri_from_hash(hash)
if hash['uri']
::URI.parse Addressable::URI.encode(hash['uri'])
else
host = hash['host']
scheme = hash['scheme'] || 'http'
port = hash['port'] # Returns nil if missing, which is fine.
path = hash['path'] # Returns nil if missing, which is fine.
::URI::Generic.new scheme, nil, host, port, nil, path, nil, nil, nil
end
end
# Helper for joining URI paths. The standard URI::join method is not
# intended for joining URI relative path segments. This function merely
# helps to accurately join supplied paths.
def uri_join_paths(*paths)
return if paths.empty?
leadingslash = paths[0][0] == '/' ? '/' : ''
trailingslash = paths[-1][-1] == '/' ? '/' : ''
paths.map! { |path| path.sub(%r{^\/+}, '').sub(%r{\/+$}, '') }
leadingslash + paths.join('/') + trailingslash
end
end

28
libraries/wrappers.rb
View File

@ -1,28 +0,0 @@
# Cookbook:: openstack-common
# library:: wrappers
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# Wrapper methods
module ::Openstack
# Wrapper method to allow to easier spec testing
def recipe_included?(recipe)
node['recipes'].include?(recipe)
end
# Wrapper method to allow to easier spec testing
def role_included?(role)
node.role?(role)
end
end

21
metadata.rb
View File

@ -1,21 +0,0 @@
name 'openstack-common'
maintainer 'openstack-chef'
maintainer_email 'openstack-discuss@lists.openstack.org'
license 'Apache-2.0'
description 'Common OpenStack attributes, libraries and recipes.'
version '20.0.0'
%w(ubuntu redhat centos).each do |os|
supports os
end
depends 'etcd', '~> 7.0'
depends 'mariadb', '~> 5.0'
depends 'memcached', '~> 7.0'
depends 'selinux'
depends 'yum-centos', '>= 3.2.0'
depends 'yum-epel'
issues_url 'https://launchpad.net/openstack-chef'
source_url 'https://opendev.org/openstack/cookbook-openstack-common'
chef_version '>= 16.0'

27
recipes/client.rb
View File

@ -1,27 +0,0 @@
#
# Cookbook:: openstack-common
# Recipe:: client
#
# Copyright:: 2014-2021, IBM Corp.
# Copyright:: 2017-2021, cloudbau GmbH
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
platform_options = node['openstack']['common']['platform']
platform_options['common_client_packages'].each do |pkg|
package pkg do
options platform_options['package_overrides']
action :upgrade
end
end

29
recipes/completions.rb
View File

@ -1,29 +0,0 @@
#
# Cookbook:: openstack-common
# Recipe:: completions
#
# Copyright:: 2019-2021, x-ion GmbH
# Copyright:: 2020-2021, Oregon State University
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
package 'bash-completion'
directory '/etc/bash_completion.d/' do
mode '755'
end
execute 'create OSC bash completions' do
command "openstack complete > #{node['openstack']['common']['bash_complete']}"
creates node['openstack']['common']['bash_complete']
end

139
recipes/default.rb
View File

@ -1,139 +0,0 @@
#
# Cookbook:: openstack-common
# library:: default
#
# Copyright:: 2012-2021, AT&T Services, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
platform_options = node['openstack']['common']['platform']
case node['platform_family']
when 'debian'
if node['openstack']['apt']['update_apt_cache']
# update the apt cache before installing anything
apt_update 'default' do
action :update
end
end
# populate the necessary apt options
# by default, do not overwrite existing configuration files
# this alleviates the need to populate package_overrides in every cookbook
file '/etc/apt/apt.conf.d/confdef' do
owner 'root'
group 'root'
mode '644'
content 'Dpkg::Options {
"--force-confdef";
"--force-confold";
}'
action :create
end
package 'ubuntu-cloud-keyring' do
options platform_options['package_overrides']
action :upgrade
end
if node['openstack']['apt']['live_updates_enabled']
apt_components = node['openstack']['apt']['components']
apt_repository 'openstack-ppa' do
uri node['openstack']['apt']['uri']
distribution "#{node['lsb']['codename']}-updates/#{node['openstack']['release']}"
components apt_components
cache_rebuild true # update the cache after a new repo is added
end
# add in the proposed repo, but only if we're in development
proposed_action = if node['openstack']['is_release']
:remove
else
:add
end
apt_repository 'openstack-ppa-proposed' do
uri node['openstack']['apt']['uri']
distribution "#{node['lsb']['codename']}-proposed/#{node['openstack']['release']}"
components apt_components
action proposed_action
cache_rebuild true # update the cache after a new repo is added
end
end
when 'rhel'
case node['platform_version'].to_i
when 7
# TODO(ramereth): These packages conflict with the RDO repo for Train
node.default['yum']['epel']['exclude'] = 'python2-qpid-proton python2-pyngus qpid-proton-c'
when 8
# Need PowerTools repo for some of the python deps
node.default['yum']['powertools']['enabled'] = true
node.default['yum']['powertools']['managed'] = true
# Need to use RabbitMQ repo on EL8
node.default['yum']['centos-rabbitmq']['enabled'] = true
node.default['yum']['centos-rabbitmq']['managed'] = true
include_recipe 'yum-centos'
end
include_recipe 'yum-epel'
repo_action = if node['openstack']['yum']['rdo_enabled']
:add
elsif FileTest.exist? "/etc/yum.repos.d/RDO-#{node['openstack']['release']}.repo"
:remove
else
:nothing
end
yum_repository "RDO-#{node['openstack']['release']}" do
description "OpenStack RDO repo for #{node['openstack']['release']}"
gpgkey node['openstack']['yum']['repo-key']
baseurl node['openstack']['yum']['uri']
gpgcheck node['openstack']['yum']['gpgcheck']
enabled true
action repo_action
end
# add in the RDO deps, but only if we're in development
deps_action = if node['openstack']['is_release']
:remove
else
:add
end
yum_repository "RDO-#{node['openstack']['release']}-deps" do
description "OpenStack RDO deps repo for #{node['openstack']['release']}"
baseurl "https://buildlogs.centos.org/centos/7/cloud/x86_64/openstack-#{node['openstack']['release']}"
gpgcheck false
enabled true
action deps_action
end
package 'centos-release-qemu-ev' do
action :upgrade
end if node['platform_version'].to_i < 8
end
# install a python
package node['openstack']['common']['platform']['python_packages'] do
options platform_options['package_overrides']
action :upgrade
end
if node['openstack']['databag_type'] == 'vault'
chef_gem 'chef-vault' do
version node['openstack']['vault_gem_version']
end
end

24
recipes/etcd.rb
View File

@ -1,24 +0,0 @@
#
# Cookbook:: openstack-common
# library:: etcd
#
# Copyright:: 2017-2021, Workday Inc.
# Copyright:: 2020-2021, Oregon State University
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# create a new etcd installation named 'openstack'
etcd_service 'openstack' do
action [:create, :start]
end

37
recipes/logging.rb
View File

@ -1,37 +0,0 @@
#
# Cookbook:: openstack-common
# library:: logging
#
# Copyright:: 2012-2021, AT&T Services, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
directory '/etc/openstack' do
owner 'root'
group 'root'
mode '755'
action :create
end
template '/etc/openstack/logging.conf' do
source 'logging.conf.erb'
owner 'root'
group 'root'
mode '644'
variables(
loggers: node['openstack']['logging']['loggers'],
formatters: node['openstack']['logging']['formatters'],
handlers: node['openstack']['logging']['handlers']
)
end

24
recipes/sysctl.rb
View File

@ -1,24 +0,0 @@
#
# Cookbook:: openstack-common
# recipe:: sysctl
#
# Copyright:: 2013-2021, Chef Software, Inc.
# Copyright:: 2020-2021, Oregon State University
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
node['openstack']['sysctl'].each do |name, value|
sysctl name do
value value
end
end

57
resources/database.rb
View File

@ -1,57 +0,0 @@
#
# Author:: Lance Albertson (<lance@osuosl.org>)
# Cookbook:: openstack-common
# Resource:: openstack_database
#
# Copyright:: 2020-2021, Oregon State University
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# this file is originally from the database cookbook, preserved for legacy
# purposes until the functionality can be refactored into a custom resource.
# Original: https://github.com/chef-boneyard/database
resource_name :openstack_database
provides :openstack_database
unified_mode true
default_action :create
property :service, String, name_property: true
property :user, String, required: true
property :pass, String, required: true
action :create do
service_info = db new_resource.service
db_name = service_info['db_name']
db_type = service_info['service_type']
user_key = node['openstack']['db']['root_user_key']
super_password = get_password 'db', user_key
mariadb_database db_name do
encoding node['openstack']['db']['charset'][db_type]
password super_password
end
mariadb_user new_resource.user do
password new_resource.pass
database_name db_name
host '%'
privileges [:all]
ctrl_password super_password
action [:create, :grant]
end
end
action_class do
include ::Openstack
end

177
spec/cli_spec.rb
View File

@ -1,177 +0,0 @@
require_relative 'spec_helper'
require ::File.join ::File.dirname(__FILE__), '..', 'libraries', 'cli'
describe 'openstack-common::default' do
describe 'Openstack CLI' do
let(:runner) { ChefSpec::SoloRunner.new(CHEFSPEC_OPTS) }
let(:node) { runner.node }
cached(:chef_run) do
runner.converge(described_recipe)
end
let(:subject) { Object.new.extend(Openstack) }
include_context 'library-stubs'
describe 'openstack_command_env' do
before do
node.override['openstack']['endpoints']['public']['identity'] = {
host: '127.0.0.1',
scheme: 'http',
path: '/v3',
port: '5000',
}
end
it 'returns cli enviroment' do
allow(subject).to receive(:get_password).with(
'user', 'name').and_return('pass')
expect(
subject.openstack_command_env('name', 'project', 'default', 'default')
).to eq(
'OS_USERNAME' => 'name',
'OS_PASSWORD' => 'pass',
'OS_PROJECT_NAME' => 'project',
'OS_USER_DOMAIN_NAME' => 'default',
'OS_PROJECT_DOMAIN_NAME' => 'default',
'OS_AUTH_URL' => 'http://127.0.0.1:5000/v3',
'OS_IDENTITY_API_VERSION' => '3'
)
end
end
describe 'openstack_command' do
it 'runs openstack command' do
env =
{
'OS_USERNAME' => 'name',
'OS_PASSWORD' => 'pass',
'OS_PROJECT_NAME' => 'project',
'OS_USER_DOMAIN_NAME' => 'default',
'OS_PROJECT_DOMAIN_NAME' => 'default',
'OS_AUTH_URL' => 'http://127.0.0.1:5000/v3',
'OS_IDENTITY_API_VERSION' => 3,
}
allow(subject).to receive(:shell_out).with(
%w(openstack user list),
env: env
).and_return double('shell_out', exitstatus: 0, stdout: 'good', stderr: '')
result = subject.openstack_command('openstack', 'user list', env)
expect(result).to eq('good')
end
it 'runs openstack command with args' do
env =
{
'OS_USERNAME' => 'name',
'OS_PASSWORD' => 'pass',
'OS_PROJECT_NAME' => 'project',
'OS_USER_DOMAIN_NAME' => 'default',
'OS_PROJECT_DOMAIN_NAME' => 'default',
'OS_AUTH_URL' => 'http://127.0.0.1:5000/v3',
'OS_IDENTITY_API_VERSION' => 3,
}
allow(subject).to receive(:shell_out).with(
%w(openstack --key1 value1 --key2 value2 --key3 user list),
env: env
).and_return double('shell_out', exitstatus: 0, stdout: 'good', stderr: '')
result = subject.openstack_command('openstack', 'user list', env, 'key1' => 'value1', 'key2' => 'value2', 'key3' => '')
expect(result).to eq('good')
end
it 'runs openstack command with failure' do
env =
{
'OS_USERNAME' => 'name',
'OS_PASSWORD' => 'pass',
'OS_PROJECT_NAME' => 'project',
'OS_USER_DOMAIN_NAME' => 'default',
'OS_PROJECT_DOMAIN_NAME' => 'default',
'OS_AUTH_URL' => 'http://127.0.0.1:5000/v3',
'OS_IDENTITY_API_VERSION' => 3,
}
allow(subject).to receive(:shell_out).with(
%w(openstack user list),
env: env
).and_return double('shell_out', exitstatus: 123, stdout: 'fail', stderr: '')
end
end
describe 'identity_uuid' do
it 'runs identity command to query uuid' do
env =
{
'OS_USERNAME' => 'name',
'OS_PASSWORD' => 'pass',
'OS_PROJECT_NAME' => 'project',
'OS_USER_DOMAIN_NAME' => 'default',
'OS_PROJECT_DOMAIN_NAME' => 'default',
'OS_AUTH_URL' => 'http://127.0.0.1:5000/v3',
'OS_IDENTITY_API_VERSION' => 3,
}
allow(subject).to receive(:openstack_command).with(
'openstack', 'user list', env, {})
allow(subject).to receive(:prettytable_to_array).and_return(
[{ 'name' => 'user1', 'id' => '1234567890ABCDEFGH' }])
result = subject.identity_uuid('user', 'name', 'user1', env)
expect(result).to eq('1234567890ABCDEFGH')
end
end
describe 'image_id' do
let(:env) do
{
'OS_USERNAME' => 'name',
'OS_PASSWORD' => 'pass',
'OS_PROJECT_NAME' => 'project',
'OS_USER_DOMAIN_NAME' => 'default',
'OS_PROJECT_DOMAIN_NAME' => 'default',
'OS_AUTH_URL' => 'http://127.0.0.1:5000/v3',
'OS_IDENTITY_API_VERSION' => 3,
}
end
it 'runs glance command to query valid id' do
allow(subject).to receive(:openstack_command).with(
'openstack', 'image list', :env, {})
allow(subject).to receive(:prettytable_to_array).and_return(
[{ 'ID' => '87f38e15-9737-46cc-a612-7c67ee29a24f', 'Name' => 'cirros' }])
result = subject.image_id('cirros', :env)
expect(result).to eq('87f38e15-9737-46cc-a612-7c67ee29a24f')
end
it 'runs glance command to query invalid id' do
allow(subject).to receive(:openstack_command).with(
'openstack', 'image list', :env, {}).and_raise(
"No image with a name or ID of 'test' exists. (1)")
expect { subject.image_id('test', :env) }.to raise_error(RuntimeError)
end
end
describe 'network_uuid' do
it 'runs network command to query uuid' do
env =
{
'OS_USERNAME' => 'name',
'OS_PASSWORD' => 'pass',
'OS_PROJECT_NAME' => 'project',
'OS_USER_DOMAIN_NAME' => 'default',
'OS_PROJECT_DOMAIN_NAME' => 'default',
'OS_AUTH_URL' => 'http://127.0.0.1:5000/v3',
'OS_IDENTITY_API_VERSION' => 3,
}
allow(subject).to receive(:openstack_command).with(
'openstack', 'network list', env, {})
allow(subject).to receive(:prettytable_to_array).and_return(
[{ 'name' => 'net1', 'id' => '1234567890ABCDEFGH' }])
result = subject.network_uuid('network', 'name', 'net1', env)
expect(result).to eq('1234567890ABCDEFGH')
end
end
end
end

28
spec/client-redhat_spec.rb
View File

@ -1,28 +0,0 @@
require_relative 'spec_helper'
describe 'openstack-common::client' do
ALL_RHEL.each do |p|
context "redhat #{p[:version]}" do
let(:runner) { ChefSpec::SoloRunner.new(p) }
let(:node) { runner.node }
cached(:chef_run) do
runner.converge(described_recipe)
end
it 'converges successfully' do
expect { chef_run }.to_not raise_error
end
case p
when REDHAT_7
it do
expect(chef_run).to upgrade_package('python-openstackclient')
end
when REDHAT_8
it do
expect(chef_run).to upgrade_package('python3-openstackclient')
end
end
end
end
end

19
spec/client_spec.rb
View File

@ -1,19 +0,0 @@
require_relative 'spec_helper'
describe 'openstack-common::client' do
describe 'ubuntu' do
let(:runner) { ChefSpec::SoloRunner.new(UBUNTU_OPTS) }
let(:node) { runner.node }
cached(:chef_run) do
runner.converge(described_recipe)
end
it 'converges successfully' do
expect { chef_run }.to_not raise_error
end
it do
expect(chef_run).to upgrade_package('python3-openstackclient')
end
end
end

27
spec/completions_spec.rb
View File

@ -1,27 +0,0 @@
require_relative 'spec_helper'
describe 'openstack-common::completions' do
describe 'ubuntu' do
let(:runner) { ChefSpec::SoloRunner.new(UBUNTU_OPTS) }
let(:node) { runner.node }
cached(:chef_run) do
runner.converge(described_recipe)
end
it 'converges successfully' do
expect { chef_run }.to_not raise_error
end
it do
expect(chef_run).to install_package('bash-completion')
end
it do
expect(chef_run).to create_directory('/etc/bash_completion.d/').with(mode: '755')
end
it do
expect(chef_run).to run_execute('create OSC bash completions')
.with(
command: 'openstack complete > /etc/bash_completion.d/osc.bash_completion',
creates: '/etc/bash_completion.d/osc.bash_completion'
)
end
end
end

55
spec/config_helpers_spec.rb
View File

@ -1,55 +0,0 @@
require_relative 'spec_helper'
require ::File.join ::File.dirname(__FILE__), '..', 'libraries', 'config_helpers'
describe 'openstack-common::default' do
describe 'module Openstack config_helpers' do
let(:runner) { ChefSpec::SoloRunner.new(CHEFSPEC_OPTS) }
let(:node) { runner.node }
cached(:chef_run) do
runner.converge(described_recipe)
end
let(:subject) { Object.new.extend(Openstack) }
include_context 'library-stubs'
before do
node.override['openstack']['anyservice']['conf'] =
{
'Default' => { 'logfile' => 'file_to_log' },
'secret_section' => {},
'another_section' => { 'foo' => 'bar', 'baz' => 'yay' },
'deep_section' => {
'foo' => { key: 'bar', value: 'baz' },
'baz' => 'yay',
},
}
node.override['openstack']['anyservice']['conf_secrets'] =
{
'Default' => { 'secret_log' => 'secret_file_to_log' },
'secret_section' => { 'password' => '1234' },
'another_section' => { 'secret_foo' => 'secret_bar' },
'another_secret_section' => { 'secret_baz' => 'secret_yay' },
}
end
describe 'merge_config_options' do
it ' node objects should be duped and be kind of Mash afterwards' do
expect(
subject.merge_config_options('anyservice')
).to be_a(Mash)
end
it 'duped node objects should be merged correctly' do
expect(
subject.merge_config_options('anyservice')
).to eq(
'Default' => { 'logfile' => 'file_to_log', 'secret_log' => 'secret_file_to_log' },
'secret_section' => { 'password' => '1234' },
'another_section' => { 'foo' => 'bar', 'baz' => 'yay', 'secret_foo' => 'secret_bar' },
'another_secret_section' => { 'secret_baz' => 'secret_yay' },
'deep_section' => {
'foo' => { 'key' => 'bar', 'value' => 'baz' },
'baz' => 'yay',
}
)
end
end
end
end

8
spec/cookbooks/test-openstack-common-database/metadata.rb
View File

@ -1,8 +0,0 @@
name 'test-openstack-common-database'
maintainer 'openstack-chef'
maintainer_email 'opscode-chef-openstack@googlegroups.com'
license 'Apache-2.0'
description 'Test LWRP openstack_common_databse'
version '1.0.0'
depends 'openstack-common'

4
spec/cookbooks/test-openstack-common-database/recipes/default.rb
View File

@ -1,4 +0,0 @@
openstack_database('service') do
user 'db_user'
pass 'db_pass'
end

73
spec/database_provider_spec.rb
View File

@ -1,73 +0,0 @@
require_relative 'spec_helper'
describe 'test-openstack-common-database::default' do
let(:runner) do
ChefSpec::SoloRunner.new(CHEFSPEC_OPTS.dup.merge(step_into: %w(openstack_database)))
end
let(:node) { runner.node }
cached(:chef_run) do
node.override['openstack']['use_databags'] = false
node.override['openstack']['secret']['mysqlroot']['db'] = 'root_pass'
node.override['openstack']['db']['service'] = { service_type: 'mysql', port: 3306, db_name: 'service_db' }
runner.converge(described_recipe)
end
it 'uses the lwrp openstack_common_database' do
expect(chef_run).to create_openstack_database('service').with(user: 'db_user', pass: 'db_pass')
end
context 'specific root user db endpoint' do
cached(:chef_run) do
node.override['openstack']['endpoints']['db']['host_for_db_root_user'] = 'localhost123'
node.override['openstack']['use_databags'] = false
node.override['openstack']['secret']['mysqlroot']['db'] = 'root_pass'
node.override['openstack']['db']['service'] = { service_type: 'mysql', port: 3306, db_name: 'service_db' }
runner.converge(described_recipe)
end
it 'connects to the database via a specific endpoint for the root user' do
expect(chef_run).to create_mariadb_database('service_db')
.with(
database_name: 'service_db',
encoding: 'utf8',
password: 'root_pass'
)
end
end
it 'creates the database with the database resource' do
expect(chef_run).to create_mariadb_database('service_db')
.with(
database_name: 'service_db',
encoding: 'utf8',
password: 'root_pass'
)
end
it 'creates the database use with the database_user resource' do
expect(chef_run).to create_mariadb_user('db_user')
.with(
password: 'db_pass',
database_name: 'service_db',
host: '%',
privileges: [:all],
ctrl_password: 'root_pass'
)
end
it 'grants database privileges to the user with the database_user resource' do
expect(chef_run).to grant_mariadb_user('db_user')
.with(
password: 'db_pass',
database_name: 'service_db',
host: '%',
privileges: [:all],
ctrl_password: 'root_pass'
)
end
context 'galera' do
before do
node.override['openstack']['db']['service'] = { service_type: 'galera', port: 3306, db_name: 'service_db' }
end
end
end

136
spec/default-redhat_spec.rb
View File

@ -1,136 +0,0 @@
require_relative 'spec_helper'
describe 'openstack-common::default' do
ALL_RHEL.each do |p|
context "redhat #{p[:version]}" do
let(:runner) { ChefSpec::SoloRunner.new(p) }
let(:node) { runner.node }
cached(:chef_run) do
node.override['openstack']['release'] = 'testrelease'
runner.converge(described_recipe)
end
it 'converges successfully' do
expect { chef_run }.to_not raise_error
end
case p
when REDHAT_7
pkgs = %w(python python2-pip python2-setuptools python-devel python-virtualenv python-wheel)
it do
expect(chef_run).to upgrade_package('centos-release-qemu-ev')
end
it do
expect(chef_run).to include_recipe('yum-epel')
end
it do
expect(chef_run).to_not include_recipe('yum-centos')
end
it do
expect(chef_run).to create_yum_repository('epel').with(
exclude: 'python2-qpid-proton python2-pyngus qpid-proton-c'
)
end
when REDHAT_8
pkgs = %w(python3-pip python3-setuptools python3-virtualenv python3-wheel python36 python36-devel)
it do
expect(chef_run).to_not upgrade_package('centos-release-qemu-ev')
end
%w(yum-epel yum-centos).each do |r|
it do
expect(chef_run).to include_recipe(r)
end
end
it do
expect(chef_run).to create_yum_repository('epel').with(exclude: nil)
end
%w(powertools centos-rabbitmq).each do |repo|
it do
expect(chef_run).to create_yum_repository(repo).with(enabled: true)
end
end
end
it do
expect(chef_run).to upgrade_package(pkgs)
end
context 'enabling RDO with gpgcheck enabled' do
cached(:chef_run) do
node.override['openstack']['release'] = 'testrelease'
node.override['openstack']['yum']['rdo_enabled'] = true
node.override['openstack']['yum']['gpgcheck'] = true
runner.converge(described_recipe)
end
it do
expect(chef_run).to add_yum_repository('RDO-testrelease').with(gpgcheck: true)
end
end
context 'enabling RDO with gpgcheck disabled' do
cached(:chef_run) do
node.override['openstack']['release'] = 'testrelease'
node.override['openstack']['yum']['rdo_enabled'] = true
node.override['openstack']['yum']['gpgcheck'] = false
runner.converge(described_recipe)
end
it do
expect(chef_run).to add_yum_repository('RDO-testrelease').with(gpgcheck: false)
end
end
context 'disabling RDO deps repo with is_release true' do
cached(:chef_run) do
node.override['openstack']['release'] = 'testrelease'
node.override['openstack']['is_release'] = true
runner.converge(described_recipe)
end
it 'does not add the RDO deps yum repository' do
expect(chef_run).to_not add_yum_repository('RDO-testrelease-deps')
end
end
context 'disabling RDO' do
cached(:chef_run) do
node.override['openstack']['release'] = 'testrelease'
node.override['openstack']['yum']['rdo_enabled'] = false
runner.converge(described_recipe)
end
it 'removes RDO yum repository' do
allow(FileTest).to receive(:exist?).and_call_original
allow(FileTest).to receive(:exist?).with('/etc/yum.repos.d/RDO-testrelease.repo').and_return(true)
expect(chef_run).to remove_yum_repository('RDO-testrelease')
end
it 'does not create RDO-Manager yum repositories' do
expect(chef_run).to_not create_remote_file('/etc/yum.repos.d/rdo-manager-release.repo')
end
end
context 'disabling RDO and repo file does not exist' do
cached(:chef_run) do
node.override['openstack']['release'] = 'testrelease'
node.override['openstack']['yum']['rdo_enabled'] = false
runner.converge(described_recipe)
end
it 'does nothing when RDO yum repository does not exist' do
allow(FileTest).to receive(:exist?).and_call_original
allow(FileTest).to receive(:exist?).with('/etc/yum.repos.d/RDO-testrelease.repo').and_return(false)
expect(chef_run).to nothing_yum_repository('RDO-testrelease')
end
end
end
end
end

158
spec/default_spec.rb
View File

@ -1,158 +0,0 @@
require_relative 'spec_helper'
describe 'openstack-common::default' do
describe 'ubuntu' do
let(:runner) { ChefSpec::SoloRunner.new(UBUNTU_OPTS) }
let(:mq_services) { %w(bare_metal block_storage compute database image telemetry network orchestration) }
let(:node) { runner.node }
cached(:chef_run) do
runner.converge(described_recipe)
end
it 'converges successfully' do
expect { chef_run }.to_not raise_error
end
context 'update_apt_cache true' do
cached(:chef_run) do
node.override['openstack']['apt']['update_apt_cache'] = true
runner.converge(described_recipe)
end
it 'updates apt cache before installing packages' do
expect(chef_run).to update_apt_update 'default'
end
end
it do
expect(chef_run).to create_file('/etc/apt/apt.conf.d/confdef')
.with(
owner: 'root',
group: 'root',
mode: '644',
content: "Dpkg::Options {\n \"--force-confdef\";\n \"--force-confold\";\n }"
)
end
it 'upgrades ubuntu-cloud-keyring package' do
expect(chef_run).to upgrade_package 'ubuntu-cloud-keyring'
end
context 'live_updates_enabled true' do
cached(:chef_run) do
node.override['openstack']['apt']['live_updates_enabled'] = true
runner.converge(described_recipe)
end
it 'configures openstack repository' do
# Using cookbook(apt) LWRP custom matcher
# https://github.com/sethvargo/chefspec#packaging-custom-matchers
expect(chef_run).to add_apt_repository('openstack-ppa').with(
uri: 'http://ubuntu-cloud.archive.canonical.com/ubuntu',
distribution: 'bionic-updates/train',
components: ['main'],
cache_rebuild: true
)
end
end
context 'live_updates_enabled false' do
cached(:chef_run) do
node.override['openstack']['apt']['live_updates_enabled'] = false
runner.converge(described_recipe)
end
it 'disables openstack live updates' do
expect(chef_run).to_not add_apt_repository('openstack-ppa').with(
uri: 'http://ubuntu-cloud.archive.canonical.com/ubuntu',
distribution: 'bionic-updates/train',
components: ['main']
)
end
end
it 'configures openstack proposed repository' do
expect(chef_run).to add_apt_repository('openstack-ppa-proposed').with(
uri: 'http://ubuntu-cloud.archive.canonical.com/ubuntu',
distribution: 'bionic-proposed/train',
components: ['main'],
cache_rebuild: true
)
end
context 'is_release true' do
cached(:chef_run) do
node.override['openstack']['is_release'] = true
runner.converge(described_recipe)
end
it 'disables openstack proposed repository' do
expect(chef_run).to_not add_apt_repository('openstack-ppa-proposed').with(
uri: 'http://ubuntu-cloud.archive.canonical.com/ubuntu',
distribution: 'bionic-proposed/train',
components: ['main']
)
end
end
pkgs = %w(python3 python3-dev python3-pip python3-setuptools python3-virtualenv python3-wheel virtualenv)
it 'installs python packages' do
expect(chef_run).to upgrade_package(pkgs)
end
it 'does not install the gem chef-vault by default' do
expect(chef_run).to_not install_chef_gem('chef-vault')
end
context 'databag_type vault' do
cached(:chef_run) do
node.override['openstack']['databag_type'] = 'vault'
runner.converge(described_recipe)
end
it 'installs the gem chef-vault if databag_type is vault' do
expect(chef_run).to install_chef_gem('chef-vault').with(version: '~> 3.2')
end
end
context 'rabbit mq' do
rabbit_opts = {
'userid' => 'openstack',
'vhost' => '/',
'port' => '5672',
'host' => '127.0.0.1',
'ha' => true,
'heartbeat_timeout_threshold' => 123,
'heartbeat_rate' => 123,
'kombu_ssl_version' => 'TLSv1.2',
'kombu_ssl_keyfile' => 'key_file',
'kombu_ssl_certfile' => 'cert_file',
'kombu_ssl_ca_certs' => 'ca_certs_file',
'kombu_reconnect_delay' => 123.456,
'kombu_reconnect_timeout' => 123,
}
cached(:chef_run) do
rabbit_opts.each do |key, value|
node.override['openstack']['mq']['rabbitmq'][key] = value
end
runner.converge(described_recipe)
end
rabbit_opts.each do |key, value|
it "configures rabbit mq #{key}" do
node.override['openstack']['mq']['rabbitmq'][key] = value
mq_services.each do |service|
expect(chef_run.node['openstack']['mq'][service]['rabbit'][key]).to eq(value)
end
end
end
it 'set rabbit_max_retries to 0 for all services' do
mq_services.each do |svc|
expect(chef_run.node['openstack']['mq'][svc]['rabbit']['rabbit_max_retries']).to eq(0)
end
end
it 'set rabbit_retry_interval to 1 for all services' do
mq_services.each do |svc|
expect(chef_run.node['openstack']['mq'][svc]['rabbit']['rabbit_retry_interval']).to eq(1)
end
end
end
end
end

241
spec/endpoints_spec.rb
View File

@ -1,241 +0,0 @@
require_relative 'spec_helper'
require ::File.join ::File.dirname(__FILE__), '..', 'libraries', 'uri'
require ::File.join ::File.dirname(__FILE__), '..', 'libraries', 'endpoints'
describe 'openstack-common::default' do
describe 'Openstack endpoints' do
let(:runner) { ChefSpec::SoloRunner.new(CHEFSPEC_OPTS) }
let(:node) { runner.node }
cached(:chef_run) do
runner.converge(described_recipe)
end
let(:subject) { Object.new.extend(Openstack) }
%w(public internal).each do |ep_type|
describe "#{ep_type}_endpoint" do
it 'fails with a NoMethodError when no openstack.endpoints in node attrs' do
allow(subject).to receive(:node).and_return({})
expect do
subject.send("#{ep_type}_endpoint", 'someservice')
end.to raise_error(NoMethodError)
end
it 'fails with a NoMethodError when no endpoint was found' do
allow(subject).to receive(:node).and_return(node)
expect do
subject.send("#{ep_type}_endpoint", 'someservice')
end.to raise_error(NoMethodError)
end
it 'handles a URI needing escaped' do
uri_hash = {
'openstack' => {
'endpoints' => {
ep_type => {
'compute-api' => {
'uri' => 'http://localhost:8080/v2/%(tenant_id)s',
},
},
},
},
}
allow(subject).to receive(:node).and_return(uri_hash)
expect(
subject.send("#{ep_type}_endpoint", 'compute-api').path
).to eq('/v2/%25(tenant_id)s')
end
it 'returns endpoint URI object when uri key in endpoint hash' do
uri_hash = {
'openstack' => {
'endpoints' => {
ep_type => {
'compute-api' => {
'uri' => 'http://localhost:1234/path',
},
},
},
},
}
allow(subject).to receive(:node).and_return(uri_hash)
expect(
subject.send("#{ep_type}_endpoint", 'compute-api').port
).to eq(1234)
end
it 'returns endpoint URI string when uri key in endpoint hash and host also in hash' do
uri_hash = {
'openstack' => {
'endpoints' => {
ep_type => {
'compute-api' => {
'uri' => 'http://localhost',
'host' => 'ignored',
},
},
},
},
}
allow(subject).to receive(:node).and_return(uri_hash)
expect(subject.send("#{ep_type}_endpoint", 'compute-api').to_s).to eq('http://localhost')
end
it 'returns endpoint URI object when uri key not in endpoint hash but host is in hash' do
expect(subject).to receive(:uri_from_hash).with('host' => 'localhost', 'port' => '1234')
uri_hash = {
'openstack' => {
'endpoints' => {
ep_type => {
'compute-api' => {
'host' => 'localhost',
'port' => '1234',
},
},
},
},
}
allow(subject).to receive(:node).and_return(uri_hash)
subject.send("#{ep_type}_endpoint", 'compute-api')
end
end
end
describe 'transport_url' do
it do
allow(subject).to receive(:node).and_return(chef_run.node)
allow(subject).to receive(:get_password)
.with('user', 'openstack')
.and_return('mypass')
expected = 'rabbit://openstack:mypass@127.0.0.1:5672/'
expect(subject.rabbit_transport_url('compute')).to eq(expected)
end
context 'non-default mq attributes' do
cached(:chef_run) do
node.override['openstack']['mq']['service_type'] = 'rabbit'
node.override['openstack']['mq']['cluster'] = true
node.override['openstack']['mq']['compute']['rabbit']['userid'] = 'rabbit2'
node.override['openstack']['endpoints']['mq']['port'] = 1234
node.override['openstack']['mq']['servers'] = %w(10.0.0.1 10.0.0.2 10.0.0.3)
node.override['openstack']['mq']['vhost'] = '/anyhost'
runner.converge(described_recipe)
end
it do
allow(subject).to receive(:node).and_return(chef_run.node)
allow(subject).to receive(:get_password)
.with('user', 'rabbit2')
.and_return('mypass2')
expected = 'rabbit://rabbit2:mypass2@10.0.0.1:1234,rabbit2:mypass2@10.0.0.2:1234,rabbit2:mypass2@10.0.0.3:1234/anyhost'
expect(subject.rabbit_transport_url('compute')).to eq(expected)
end
end
end
describe '#db' do
it 'returns nil when no openstack.db not in node attrs' do
allow(subject).to receive(:node).and_return({})
expect(subject.db('nonexisting')).to be_nil
end
it 'returns nil when no such service was found' do
allow(subject).to receive(:node).and_return(chef_run.node)
expect(subject.db('nonexisting')).to be_nil
end
it 'returns db info hash when service found' do
allow(subject).to receive(:node).and_return(chef_run.node)
expect(subject.db('compute')['host']).to eq('127.0.0.1')
expect(subject.db('compute').key?('uri')).to be_falsey
end
end
describe '#db_uri' do
it 'returns nil when no openstack.db not in node attrs' do
allow(subject).to receive(:node).and_return({})
expect(subject.db_uri('nonexisting', 'user', 'pass')).to be_nil
end
it 'returns nil when no such service was found' do
allow(subject).to receive(:node).and_return(chef_run.node)
expect(
subject.db_uri('nonexisting', 'user', 'pass')
).to be_nil
end
it 'returns compute db info hash when service found for default mysql' do
allow(subject).to receive(:node).and_return(chef_run.node)
expected = 'mysql+pymysql://user:pass@127.0.0.1:3306/nova?charset=utf8'
expect(
subject.db_uri('compute', 'user', 'pass')
).to eq(expected)
end
context 'sqlite' do
cached(:chef_run) do
node.override['openstack']['db']['service_type'] = 'sqlite'
node.override['openstack']['db']['options'] = { 'sqlite' => '?options' }
node.override['openstack']['db']['network']['path'] = 'path'
runner.converge(described_recipe)
end
it 'returns network db info hash when service found for sqlite with options' do
allow(subject).to receive(:node).and_return(chef_run.node)
expected = 'sqlite:///path?options'
expect(
subject.db_uri('network', 'user', 'pass')
).to eq(expected)
end
end
it 'returns compute db info hash when service found for mariadb' do
node.override['openstack']['db']['service_type'] = 'mariadb'
allow(subject).to receive(:node).and_return(chef_run.node)
expected = 'mysql+pymysql://user:pass@127.0.0.1:3306/nova?charset=utf8'
expect(
subject.db_uri('compute', 'user', 'pass')
).to eq(expected)
end
%w(galera percona-cluster).each do |db|
it "returns compute db info hash when service found for #{db}" do
node.override['openstack']['db']['service_type'] = db
allow(subject).to receive(:node).and_return(chef_run.node)
expected = 'mysql+pymysql://user:pass@127.0.0.1:3306/nova?charset=utf8'
expect(
subject.db_uri('compute', 'user', 'pass')
).to eq(expected)
end
end
it 'returns compute slave db info hash when service found for default mysql' do
node.override['openstack']['endpoints']['db']['enabled_slave'] = true
allow(subject).to receive(:node).and_return(chef_run.node)
expected = 'mysql+pymysql://user:pass@127.0.0.1:3316/nova?charset=utf8'
expect(
subject.db_uri('compute', 'user', 'pass', true)
).to eq(expected)
end
it 'returns image slave db info hash when service found for mariadb' do
node.override['openstack']['db']['service_type'] = 'mariadb'
node.override['openstack']['endpoints']['db']['enabled_slave'] = true
allow(subject).to receive(:node).and_return(chef_run.node)
expected = 'mysql+pymysql://user:pass@127.0.0.1:3316/glance?charset=utf8'
expect(
subject.db_uri('image', 'user', 'pass', true)
).to eq(expected)
end
%w(galera percona-cluster).each do |db|
it "returns network slave db info hash when service found for #{db}" do
node.override['openstack']['db']['service_type'] = db
node.override['openstack']['endpoints']['db']['enabled_slave'] = true
allow(subject).to receive(:node).and_return(chef_run.node)
expected = 'mysql+pymysql://user:pass@127.0.0.1:3316/neutron?charset=utf8'
expect(
subject.db_uri('network', 'user', 'pass', true)
).to eq(expected)
end
end
end
end
end

206
spec/logging_spec.rb
View File

@ -1,206 +0,0 @@
require_relative 'spec_helper'
describe 'openstack-common::logging' do
describe 'ubuntu' do
let(:runner) { ChefSpec::SoloRunner.new(UBUNTU_OPTS) }
let(:node) { runner.node }
cached(:chef_run) { runner.converge(described_recipe) }
describe '/etc/openstack' do
let(:dir) { chef_run.directory('/etc/openstack') }
it 'should create /etc/openstack' do
expect(chef_run).to create_directory('/etc/openstack').with(
owner: 'root',
group: 'root',
mode: '755'
)
end
end
describe 'logging.conf' do
let(:file) { chef_run.template('/etc/openstack/logging.conf') }
it 'should create /etc/openstack/logging.conf' do
expect(chef_run).to create_template(file.name).with(
owner: 'root',
group: 'root',
mode: '644'
)
end
context 'loggers' do
it 'adds default loggers' do
{
'loggers' =>
[
'keys=root,ceilometer,cinder,glance,horizon,keystone,nova,'\
'neutron,trove,amqplib,sqlalchemy,boto,suds,eventletwsgi,'\
'nova_api_openstack_wsgi,nova_osapi_compute_wsgi_server',
],
'logger_root' =>
[
'level=NOTSET',
'handlers=devel',
],
'logger_ceilometer' =>
[
'level=DEBUG',
'handlers=prod,debug',
'qualname=ceilometer',
],
'logger_cinder' =>
[
'level=DEBUG',
'handlers=prod,debug',
'qualname=cinder',
],
'logger_glance' =>
[
'level=DEBUG',
'handlers=prod,debug',
'qualname=glance',
],
'logger_horizon' =>
[
'level=DEBUG',
'handlers=prod,debug',
'qualname=horizon',
],
'logger_keystone' =>
[
'level=DEBUG',
'handlers=prod,debug',
'qualname=keystone',
],
'logger_nova' =>
[
'level=DEBUG',
'handlers=prod,debug',
'qualname=nova',
],
'logger_neutron' =>
[
'level=DEBUG',
'handlers=prod,debug',
'qualname=neutron',
],
'logger_trove' =>
[
'level=DEBUG',
'handlers=prod,debug',
'qualname=trove',
],
'logger_amqplib' =>
[
'level=WARNING',
'handlers=stderr',
'qualname=amqplib',
],
'logger_sqlalchemy' =>
[
'level=WARNING',
'handlers=stderr',
'qualname=sqlalchemy',
],
'logger_boto' =>
[
'level=WARNING',
'handlers=stderr',
'qualname=boto',
],
'logger_suds' =>
[
'level=INFO',
'handlers=stderr',
'qualname=suds',
],
'logger_eventletwsgi' =>
[
'level=WARNING',
'handlers=stderr',
'qualname=eventlet.wsgi.server',
],
'logger_nova_api_openstack_wsgi' =>
[
'level=WARNING',
'handlers=prod,debug',
'qualname=nova.api.openstack.wsgi',
],
'logger_nova_osapi_compute_wsgi_server' =>
[
'level=WARNING',
'handlers=prod,debug',
'qualname=nova.osapi_compute.wsgi.server',
],
}.each do |section, content|
content.each do |line|
expect(chef_run).to render_config_file(file.name).with_section_content(section, line)
end
end
end
end
context 'formatters' do
it 'adds default formatters' do
{
'formatters' =>
'keys=normal,normal_with_name,debug,syslog_with_name,syslog_debug',
'formatter_normal' =>
'format=%(asctime)s %(levelname)s %(message)s',
'formatter_normal_with_name' =>
'format=[%(name)s]: %(asctime)s %(levelname)s %(message)s',
'formatter_debug' =>
'format=[%(name)s]: %(asctime)s %(levelname)s %(module)s.%(funcName)s %(message)s',
'formatter_syslog_with_name' =>
'format=%(name)s: %(levelname)s %(message)s',
'formatter_syslog_debug' =>
'format=%(name)s: %(levelname)s %(module)s.%(funcName)s %(message)s',
}.each do |section, content|
expect(chef_run).to render_config_file(file.name).with_section_content(section, content)
end
end
end
context 'handlers' do
it 'adds default handlers' do
{
'handlers' =>
['keys=stderr,devel,prod,debug'],
'handler_stderr' =>
[
'args=(sys.stderr,)',
'class=StreamHandler',
'formatter=debug',
],
'handler_devel' =>
[
'args=(sys.stdout,)',
'class=StreamHandler',
'formatter=debug',
'level=NOTSET',
],
'handler_prod' =>
[
"args=(('/dev/log'), handlers.SysLogHandler.LOG_LOCAL0)",
'class=handlers.SysLogHandler',
'formatter=syslog_with_name',
'level=INFO',
],
'handler_debug' =>
[
"args=(('/dev/log'), handlers.SysLogHandler.LOG_LOCAL1)",
'class=handlers.SysLogHandler',
'formatter=syslog_debug',
'level=DEBUG',
],
}.each do |section, content|
content.each do |line|
expect(chef_run).to render_config_file(file.name).with_section_content(section, line)
end
end
end
end
end
end
end

218
spec/network_spec.rb
View File

@ -1,218 +0,0 @@
require_relative 'spec_helper'
require ::File.join ::File.dirname(__FILE__), '..', 'libraries', 'network'
describe 'openstack-common::default' do
describe 'Openstack address_for and bind_address' do
interfaces = {
'lo' => {
'addresses' => {
'127.0.0.1' => {
'family' => 'inet',
'prefixlen' => '8',
'netmask' => '255.0.0.0',
'scope' => 'Node',
},
'::1' => {
'family' => 'inet6',
'prefixlen' => '128',
'scope' => 'Node',
},
'2001:db8::1' => {
'family' => 'inet6',
'prefixlen' => '64',
'scope' => 'Node',
},
},
},
'eth0' => {
'addresses' => {
'10.0.0.2' => {
'family' => 'inet',
'prefixlen' => '32',
'netmask' => '255.255.255.255',
'scope' => 'Node',
},
'10.0.0.3' => {
'family' => 'inet',
'prefixlen' => '24',
'netmask' => '255.255.255.0',
'scope' => 'Node',
},
},
},
}
cached(:runner) { ChefSpec::SoloRunner.new(CHEFSPEC_OPTS) }
cached(:node) { runner.node }
cached(:chef_run) do
node.automatic['network']['interfaces'] = interfaces
runner.converge(described_recipe)
end
let(:subject) { Object.new.extend(Openstack) }
include_context 'library-stubs'
describe '#address_for ipv4' do
it 'returns ipv4 address' do
expect(
subject.address_for('lo')
).to eq('127.0.0.1')
end
it 'returns first ipv4 address but no virtual ips with prefixlen 32' do
expect(
subject.address_for('eth0', 'inet', node, true)
).to eq('10.0.0.3')
end
it 'returns first ipv4 address even if virtual and with prefixlen 32' do
expect(
subject.address_for('eth0', 'inet', node, false)
).to eq('10.0.0.2')
end
it 'returns 0.0.0.0 for interface "all"' do
expect(
subject.address_for('all')
).to eq('0.0.0.0')
end
end
context '#address_for ipv6' do
cached(:chef_run) do
node.automatic['network']['interfaces'] = interfaces
node.override['openstack']['endpoints']['family'] = 'inet6'
runner.converge(described_recipe)
end
it 'returns ipv6 address' do
expect(
subject.address_for('lo')
).to eq('2001:db8::1')
end
it 'returns ipv6 address' do
expect(
subject.address_for('lo', 'inet6')
).to eq('2001:db8::1')
end
it 'returns first ipv6 address and also virtual ips with prefixlen 128' do
expect(
subject.address_for('lo', 'inet6', node, false)
).to eq('::1')
end
it 'returns :: for interface "all"' do
expect(
subject.address_for('all', 'inet6')
).to eq('::')
end
end
describe 'bind_address' do
describe 'mq' do
it 'returns the host' do
expect(
subject.bind_address(node['openstack']['bind_service']['mq'])
).to eq('127.0.0.1')
end
context 'mq interface set' do
cached(:chef_run) do
node.automatic['network']['interfaces'] = interfaces
node.override['openstack']['endpoints']['family'] = 'inet'
node.override['openstack']['bind_service']['mq']['interface'] = 'eth0'
runner.converge(described_recipe)
end
it 'returns the interface address' do
expect(
subject.bind_address(node['openstack']['bind_service']['mq'])
).to eq('10.0.0.3')
end
end
end
describe 'db' do
it 'returns the host' do
expect(
subject.bind_address(node['openstack']['bind_service']['db'])
).to eq('127.0.0.1')
end
context 'interface set' do
cached(:chef_run) do
node.automatic['network']['interfaces'] = interfaces
node.override['openstack']['endpoints']['family'] = 'inet'
node.override['openstack']['bind_service']['db']['interface'] = 'eth0'
runner.converge(described_recipe)
end
it 'returns the interface address' do
expect(
subject.bind_address(node['openstack']['bind_service']['db'])
).to eq('10.0.0.3')
end
end
end
end
describe '#address_for failures' do
it 'fails when addresses for interface is nil' do
node.automatic['network'] = {
'interfaces' => {
'lo' => {
'addresses' => nil,
},
},
}
expect { subject.address_for('lo') }
.to raise_error(RuntimeError, 'Interface lo has no addresses assigned')
end
it 'fails when no addresses are avaiable for interface' do
node.automatic['network'] = {
'interfaces' => {
'lo' => {
'addresses' => {},
},
},
}
expect { subject.address_for('lo') }
.to raise_error(RuntimeError, 'Interface lo has no addresses assigned')
end
it 'fails when no address is available for interface family' do
node.automatic['network'] = {
'interfaces' => {
'lo' => {
'addresses' => {
'127.0.0.1' => {
'family' => 'inet',
'prefixlen' => '8',
'netmask' => '255.0.0.0',
'scope' => 'Node',
},
},
},
},
}
expect { subject.address_for('lo', 'inet6') }
.to raise_error(RuntimeError, 'No address for family inet6 found')
end
it 'fails when no address is available after dropping virtual ips' do
node.automatic['network'] = {
'interfaces' => {
'lo' => {
'addresses' => {
'127.0.0.1' => {
'family' => 'inet',
'prefixlen' => '32',
'netmask' => '255.255.255.255',
'scope' => 'Node',
},
},
},
},
}
expect { subject.address_for('lo', 'inet') }
.to raise_error(RuntimeError, 'No address for family inet found')
end
end
end
end

91
spec/parse_spec.rb
View File

@ -1,91 +0,0 @@
require_relative 'spec_helper'
require 'uri'
require ::File.join ::File.dirname(__FILE__), '..', 'libraries', 'parse'
describe 'Openstack parse' do
let(:subject) { Object.new.extend(Openstack) }
describe '#prettytable_to_array' do
it 'returns [] when no table provided' do
expect(
subject.prettytable_to_array(nil)
).to eq([])
end
it 'returns [] when table provided is empty' do
expect(
subject.prettytable_to_array('')
).to eq([])
end
it 'returns proper array of hashes when proper table provided' do
table =
'+---------+----------------------------------+----------------------------------+
| tenant | access | secret |
+---------+----------------------------------+----------------------------------+
| service | 91af731b3be244beb8f30fc59b7bc96d | ce811442cfb549c39390a203778a4bf5 |
+---------+----------------------------------+----------------------------------+'
expect(
subject.prettytable_to_array(table)
).to eq(
[{ 'tenant' => 'service',
'access' => '91af731b3be244beb8f30fc59b7bc96d',
'secret' => 'ce811442cfb549c39390a203778a4bf5' }]
)
end
it 'returns proper array of hashes when proper table provided including whitespace' do
table =
'+---------+----------------------------------+----------------------------------+
| tenant | access | secret |
+---------+----------------------------------+----------------------------------+
| service | 91af731b3be244beb8f30fc59b7bc96d | ce811442cfb549c39390a203778a4bf5 |
+---------+----------------------------------+----------------------------------+
'
expect(
subject.prettytable_to_array(table)
).to eq(
[{ 'tenant' => 'service',
'access' => '91af731b3be244beb8f30fc59b7bc96d',
'secret' => 'ce811442cfb549c39390a203778a4bf5' }]
)
end
it 'returns a flatten hash when provided a Property/Value table' do
table =
'+-----------+----------------------------------+
| Property | Value |
+-----------+----------------------------------+
| access | 91af731b3be244beb8f30fc59b7bc96d |
| secret | ce811442cfb549c39390a203778a4bf5 |
| tenant_id | 429271dd1cf54b7ca921a0017524d8ea |
| user_id | 1c4fc229560f40689c490c5d0838fd84 |
+-----------+----------------------------------+'
expect(
subject.prettytable_to_array(table)
).to eq(
[{ 'tenant_id' => '429271dd1cf54b7ca921a0017524d8ea',
'access' => '91af731b3be244beb8f30fc59b7bc96d',
'secret' => 'ce811442cfb549c39390a203778a4bf5',
'user_id' => '1c4fc229560f40689c490c5d0838fd84' }]
)
end
it 'returns a flatten hash when provided a Property/Value table including whitespace' do
table =
'+-----------+----------------------------------+
| Property | Value |
+-----------+----------------------------------+
| access | 91af731b3be244beb8f30fc59b7bc96d |
| secret | ce811442cfb549c39390a203778a4bf5 |
| tenant_id | 429271dd1cf54b7ca921a0017524d8ea |
| user_id | 1c4fc229560f40689c490c5d0838fd84 |
+-----------+----------------------------------+'
expect(
subject.prettytable_to_array(table)
).to eq(
[{ 'tenant_id' => '429271dd1cf54b7ca921a0017524d8ea',
'access' => '91af731b3be244beb8f30fc59b7bc96d',
'secret' => 'ce811442cfb549c39390a203778a4bf5',
'user_id' => '1c4fc229560f40689c490c5d0838fd84' }]
)
end
end
end

121
spec/password_spec.rb
View File

@ -1,121 +0,0 @@
require_relative 'spec_helper'
require ::File.join ::File.dirname(__FILE__), '..', 'libraries', 'passwords'
require 'chef-vault'
describe 'openstack-common::default' do
describe 'Passwords' do
let(:runner) { ChefSpec::SoloRunner.new(CHEFSPEC_OPTS) }
let(:node) { runner.node }
cached(:chef_run) { runner.converge(described_recipe) }
let(:subject) { Object.new.extend(Openstack) }
include_context 'library-stubs'
context 'stored in encrypted data bags by default' do
describe '#secret' do
it 'returns databag' do
value = { 'nova' => 'this' }
allow(Chef::EncryptedDataBagItem).to receive(:load_secret).with(
'/etc/chef/openstack_data_bag_secret').and_return('secret')
allow(Chef::EncryptedDataBagItem).to receive(:load).with(
'passwords', 'nova', 'secret').and_return(value)
expect(subject.secret('passwords', 'nova')).to eq('this')
end
end
context 'using chef-vault' do
cached(:chef_run) do
node.override['openstack']['databag_type'] = 'vault'
runner.converge(described_recipe)
end
it 'returns the data from a chef vault item' do
allow(ChefVault::Item).to receive(:load)
.with('vault_passwords', 'nova')
.and_return('nova' => 'novapassword')
expect(subject.secret('passwords', 'nova')).to eq('novapassword')
end
end
describe '#get_password' do
%w(service db user).each do |type|
it "returns databag value for #{type}" do
value = { 'nova' => 'this' }
allow(Chef::EncryptedDataBagItem).to receive(:load_secret).with(
'/etc/chef/openstack_data_bag_secret').and_return('secret')
allow(Chef::EncryptedDataBagItem).to receive(:load).with(
"#{type}_passwords", 'nova', 'secret').and_return(value)
expect(subject.get_password(type, 'nova')).to eq('this')
end
end
it 'returns nil for an invalid type' do
expect(subject.get_password('invalid_type', 'nova')).to be_nil
end
it 'returns tokens from the secrets_data_bag' do
bag_content = { 'nova' => 'mysecret' }
allow(Chef::EncryptedDataBagItem).to receive(:load_secret).with(
'/etc/chef/openstack_data_bag_secret'
).and_return('secret')
allow(Chef::EncryptedDataBagItem).to receive(:load).with(
'secrets', 'nova', 'secret'
).and_return(bag_content)
expect(subject.get_password('token', 'nova')).to eq('mysecret')
end
end
end
context 'stored in standard data bags' do
cached(:chef_run) do
node.override['openstack']['databag_type'] = 'standard'
runner.converge(described_recipe)
end
describe '#secret' do
it 'returns databag' do
value = { 'nova' => 'this' }
allow(Chef::DataBagItem).to receive(:load)
.with('passwords', 'nova').and_return(value)
expect(subject.secret('passwords', 'nova')).to eq('this')
end
end
describe '#get_password' do
%w(service db user).each do |type|
it "returns databag value for #{type}" do
value = { 'nova' => 'this' }
allow(Chef::DataBagItem).to receive(:load).with(
"#{type}_passwords", 'nova').and_return(value)
expect(subject.get_password(type, 'nova')).to eq('this')
end
end
it 'returns nil for an invalid type' do
expect(subject.get_password('invalid_type', 'nova')).to be_nil
end
it 'returns tokens from the secrets_data_bag' do
bag_content = { 'nova' => 'mysecret' }
allow(Chef::DataBagItem).to receive(:load).with(
'secrets', 'nova'
).and_return(bag_content)
expect(subject.get_password('token', 'nova')).to eq('mysecret')
end
end
end
context 'stored in attributes as an alternative' do
cached(:chef_run) do
node.override['openstack']['use_databags'] = false
runner.converge(described_recipe)
end
describe '#get_password' do
%w(service db user token).each do |type|
it "returns the set attribute for #{type}" do
expect(subject.get_password(type, 'compute')).to eq("compute-#{type}")
end
end
end
end
end
end

140
spec/search_spec.rb
View File

@ -1,140 +0,0 @@
require_relative 'spec_helper'
require ::File.join ::File.dirname(__FILE__), '..', 'libraries', 'search'
describe 'openstack-common::default' do
describe 'Openstack Search' do
let(:runner) { ChefSpec::SoloRunner.new(CHEFSPEC_OPTS) }
let(:node) { runner.node }
cached(:chef_run) do
node.override['openstack']['mq']['server_role'] = 'openstack-ops-mq'
node.override['openstack']['endpoints']['mq']['port'] = 5672
# speed up tests
node.override['openstack']['common']['search_count_max'] = 2
runner.converge(described_recipe)
end
cached(:subject) { Object.new.extend(Openstack) }
describe '#search_for' do
it 'returns results' do
allow(subject).to receive(:node).and_return(chef_run.node)
allow(subject).to receive(:search)
.with(:node, '(chef_environment:_default AND roles:role) OR (chef_environment:_default AND recipes:role)')
.and_return([chef_run.node])
resp = subject.search_for('role')
expect(resp[0]['fqdn']).to eq('fauxhai.local')
end
it 'returns empty results' do
allow(subject).to receive(:node).and_return(chef_run.node)
allow(subject).to receive(:search)
.with(:node, '(chef_environment:_default AND roles:empty-role) OR (chef_environment:_default AND recipes:empty-role)')
.and_return([])
expect(
subject.search_for('empty-role')
).to eq([])
end
it 'always returns empty results' do
allow(subject).to receive(:node).and_return(chef_run.node)
allow(subject).to receive(:search)
.with(:node, '(chef_environment:_default AND roles:empty-role) OR (chef_environment:_default AND recipes:empty-role)')
.and_return(nil)
expect(
subject.search_for('empty-role')
).to eq([])
end
end
describe '#memcached_servers' do
it 'returns memcached list' do
nodes = [
{ 'memcached' => { 'listen' => '1.1.1.1', 'port' => '11211' } },
{ 'memcached' => { 'listen' => '2.2.2.2', 'port' => '11211' } },
]
allow(subject).to receive(:node).and_return(chef_run.node)
allow(subject).to receive(:search_for)
.with('role')
.and_return(nodes)
expect(
subject.memcached_servers('role')
).to eq(['1.1.1.1:11211', '2.2.2.2:11211'])
end
it 'returns sorted memcached list' do
nodes = [
{ 'memcached' => { 'listen' => '3.3.3.3', 'port' => '11211' } },
{ 'memcached' => { 'listen' => '1.1.1.1', 'port' => '11211' } },
{ 'memcached' => { 'listen' => '2.2.2.2', 'port' => '11211' } },
]
allow(subject).to receive(:node).and_return(chef_run.node)
allow(subject).to receive(:search_for)
.with('role')
.and_return(nodes)
expect(
subject.memcached_servers('role')
).to eq(['1.1.1.1:11211', '2.2.2.2:11211', '3.3.3.3:11211'])
end
it 'returns memcached servers as defined by attributes' do
nodes = {
'openstack' => {
'memcached_servers' => ['1.1.1.1:11211', '2.2.2.2:11211'],
},
}
allow(subject).to receive(:node).and_return(chef_run.node.merge(nodes))
expect(
subject.memcached_servers('role')
).to eq(['1.1.1.1:11211', '2.2.2.2:11211'])
end
it 'returns empty memcached servers as defined by attributes' do
nodes = {
'openstack' => {
'memcached_servers' => [],
},
}
allow(subject).to receive(:node).and_return(chef_run.node.merge(nodes))
expect(
subject.memcached_servers('empty-role')
).to eq([])
end
end
describe '#rabbit_servers' do
it 'returns rabbit servers' do
nodes = [
{ 'openstack' => { 'mq' => { 'listen' => '1.1.1.1' }, 'endpoints' => { 'mq' => { 'port' => '5672' } } } },
{ 'openstack' => { 'mq' => { 'listen' => '2.2.2.2' }, 'endpoints' => { 'mq' => { 'port' => '5672' } } } },
]
allow(subject).to receive(:node).and_return(chef_run.node)
allow(subject).to receive(:search_for)
.and_return(nodes)
expect(
subject.rabbit_servers
).to eq('1.1.1.1:5672,2.2.2.2:5672')
end
it 'returns sorted rabbit servers' do
nodes = [
{ 'openstack' => { 'mq' => { 'listen' => '3.3.3.3' }, 'endpoints' => { 'mq' => { 'port' => '5672' } } } },
{ 'openstack' => { 'mq' => { 'listen' => '1.1.1.1' }, 'endpoints' => { 'mq' => { 'port' => '5672' } } } },
{ 'openstack' => { 'mq' => { 'listen' => '2.2.2.2' }, 'endpoints' => { 'mq' => { 'port' => '5672' } } } },
]
allow(subject).to receive(:node).and_return(chef_run.node)
allow(subject).to receive(:search_for)
.and_return(nodes)
expect(
subject.rabbit_servers
).to eq('1.1.1.1:5672,2.2.2.2:5672,3.3.3.3:5672')
end
it 'returns rabbit servers when not searching' do
chef_run.node.override['openstack']['mq']['servers'] = ['1.1.1.1', '2.2.2.2']
allow(subject).to receive(:node).and_return(chef_run.node)
expect(
subject.rabbit_servers
).to eq('1.1.1.1:5672,2.2.2.2:5672')
end
end
end
end

59
spec/spec_helper.rb
View File

@ -1,59 +0,0 @@
require 'chefspec'
require 'chefspec/berkshelf'
RSpec.configure do |config|
config.color = true
config.formatter = :documentation
config.log_level = :warn
end
UBUNTU_OPTS = {
platform: 'ubuntu',
version: '18.04',
}.freeze
REDHAT_7 = {
platform: 'redhat',
version: '7',
}.freeze
REDHAT_8 = {
platform: 'redhat',
version: '8',
}.freeze
ALL_RHEL = [
REDHAT_7,
REDHAT_8,
].freeze
# We set a default platform for non-platform specific test cases
CHEFSPEC_OPTS = UBUNTU_OPTS
shared_context 'library-stubs' do
before do
allow(subject).to receive(:node).and_return(chef_run.node)
end
end
shared_context 'common-stubs' do
before do
allow_any_instance_of(Chef::Recipe).to receive(:search_for)
.with('os-identity').and_return(
[{
'openstack' => {
'identity' => {
'admin_tenant_name' => 'admin',
'admin_user' => 'admin',
},
},
}]
)
allow_any_instance_of(Chef::Recipe).to receive(:get_password)
.with('user', 'admin')
.and_return('admin')
allow_any_instance_of(Chef::Recipe).to receive(:get_password)
.with('user', 'admin-user-override')
.and_return('admin-user-override')
end
end

22
spec/sysctl_spec.rb
View File

@ -1,22 +0,0 @@
require_relative 'spec_helper'
describe 'openstack-common::sysctl' do
describe 'ubuntu' do
sysctl_kv = {
'sysctl_key1' => 'sysctl_value1',
'sysctl_key2' => 'sysctl_value2',
}
let(:runner) { ChefSpec::SoloRunner.new(UBUNTU_OPTS) }
let(:node) { runner.node }
cached(:chef_run) do
node.override['openstack']['sysctl'] = sysctl_kv
runner.converge(described_recipe)
end
it do
expect(chef_run).to apply_sysctl('sysctl_key1').with(value: 'sysctl_value1')
end
it do
expect(chef_run).to apply_sysctl('sysctl_key2').with(value: 'sysctl_value2')
end
end
end

90
spec/uri_spec.rb
View File

@ -1,90 +0,0 @@
require_relative 'spec_helper'
require ::File.join ::File.dirname(__FILE__), '..', 'libraries', 'uri'
require 'uri'
describe 'Openstack uri' do
let(:subject) { Object.new.extend(Openstack) }
describe '#uri_from_hash' do
it 'returns uri when uri key found, ignoring other parts' do
uri = 'http://localhost/'
hash = {
'port' => 8888,
'path' => '/path',
'uri' => uri,
}
result = subject.uri_from_hash(hash)
expect(result).to be_a URI
expect(result.to_s).to eq(uri)
end
it 'constructs from host' do
uri = 'https://localhost:8888/path'
hash = {
'scheme' => 'https',
'port' => 8888,
'path' => '/path',
'host' => 'localhost',
}
expect(
subject.uri_from_hash(hash).to_s
).to eq(uri)
end
it 'constructs with defaults' do
uri = 'https://localhost'
hash = {
'scheme' => 'https',
'host' => 'localhost',
}
expect(
subject.uri_from_hash(hash).to_s
).to eq(uri)
end
it 'constructs with extraneous keys' do
uri = 'http://localhost'
hash = {
'host' => 'localhost',
'network' => 'public', # To emulate the osops-utils::ip_location way...
}
expect(
subject.uri_from_hash(hash).to_s
).to eq(uri)
end
end
describe '#uri_join_paths' do
it 'returns nil when no paths are passed in' do
expect(subject.uri_join_paths).to be_nil
end
it 'preserves absolute path when only absolute path passed in' do
path = '/abspath'
expect(
subject.uri_join_paths(path)
).to eq(path)
end
it 'preserves relative path when only relative path passed in' do
path = 'abspath/'
expect(
subject.uri_join_paths(path)
).to eq(path)
end
it 'preserves leadng and trailing slashes' do
expected = '/path/to/resource/'
expect(
subject.uri_join_paths('/path', 'to', 'resource/')
).to eq(expected)
end
it 'removes extraneous intermediate slashes' do
expected = '/path/to/resource'
expect(
subject.uri_join_paths('/path', '//to/', '/resource')
).to eq(expected)
end
end
end

37
spec/wrappers_spec.rb
View File

@ -1,37 +0,0 @@
require_relative 'spec_helper'
require ::File.join ::File.dirname(__FILE__), '..', 'libraries', 'wrappers'
describe 'openstack-common::default' do
describe 'Openstack wrappers' do
let(:runner) { ChefSpec::SoloRunner.new(CHEFSPEC_OPTS) }
let(:node) { runner.node }
cached(:chef_run) do
runner.converge(described_recipe)
end
let(:subject) { Object.new.extend(Openstack) }
include_context 'library-stubs'
describe '#recipe_included' do
it 'returns boolean for recipe list' do
node_hash = {
'recipes' => 'included_recipe',
}
allow(subject).to receive(:node).and_return(node_hash)
expect(subject.recipe_included?('included_recipe')).to be_truthy
expect(subject.recipe_included?('not_included_recipe')).to be_falsey
end
end
describe '#role_included' do
it 'returns boolean for role list' do
node_hash_true = double('node', automatic: { 'roles' => 'included_role' }, role?: true)
node_hash_false = double('node', automatic: { 'roles' => 'included_role' }, role?: false)
allow(subject).to receive(:node).and_return(node_hash_true)
expect(subject.role_included?('included_role')).to be_truthy
allow(subject).to receive(:node).and_return(node_hash_false)
expect(subject.role_included?('not_included_role')).to be_falsey
end
end
end
end

5
templates/default/60-openstack.conf.erb
View File

@ -1,5 +0,0 @@
# Managed by Chef
<% node['openstack']['sysctl'].sort.each do |k,v| -%>
<%= k %> = <%= v %>
<% end -%>

38
templates/default/logging.conf.erb
View File

@ -1,38 +0,0 @@
[loggers]
keys=<%= (@loggers.keys).join(',') %>
[formatters]
keys=<%= @formatters.keys.join(',') %>
[handlers]
keys=<%= @handlers.keys.join(',') %>
## LOGGERS ##
<% @loggers.each do |section, options| %>
[logger_<%= section %>]
<% options.each do |key, value| %>
<%= key %>=<%= value %>
<% end %>
<% end %>
## FORMATTERS ##
<% @formatters.each do |section, options| %>
[formatter_<%= section %>]
<% options.each do |key, value| %>
<%= key %>=<%= value %>
<% end %>
<% end %>
## HANDLERS ##
<% @handlers.each do |section, options| %>
[handler_<%= section %>]
<% options.each do |key, value| %>
<%= key %>=<%= value %>
<% end %>
<% end %>

13
templates/default/openstack-service.conf.erb
View File

@ -1,13 +0,0 @@
<%= node['openstack']['common']['custom_template_banner'] %>
<% @service_config.each do |section, values| -%>
[<%= section %>]
<% values.each do |key, value| -%>
<% if value.class == Hash -%>
<%= "# #{value['comment']}" -%>
<%= key %> = <%= value['set_to'] %>
<% else -%>
<%= key %> = <%= value %>
<% end -%>
<% end -%>
<% end -%>

37
templates/default/wsgi.conf.erb
View File

@ -1,37 +0,0 @@
<%= node["openstack"]["identity"]["custom_template_banner"] %>
<VirtualHost <%= @params[:server_host] %>:<%= @params[:server_port] %>>
WSGIDaemonProcess <%= @service %>-<%= @params[:server_suffix] %> processes=5 threads=1 user=<%= @params[:user] %> group=<%= @params[:group] %> display-name=%{GROUP}
WSGIProcessGroup <%= @service %>-<%= @params[:server_suffix] %>
WSGIScriptAlias / <%= @params[:server_entry] %>
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%{cu}t %M"
ErrorLog <%= @params[:log_dir] %>/<%= @service %>_error.log
CustomLog <%= @params[:log_dir] %>/<%= @service %>_access.log combined
<% if [true, 'true', 'True'].include?(@params[:log_debug]) -%>
LogLevel debug
<% end -%>
<Directory /usr/bin>
Require all granted
</Directory>
<% if @params[:use_ssl] -%>
SSLEngine On
SSLCertificateFile <%= @params[:cert_file] %>
SSLCertificateKeyFile <%= @params[:key_file] %>
SSLCACertificatePath <%= @params[:ca_certs_path] %>
<% if @params[:chain_file] %>
SSLCertificateChainFile <%= @params[:chain_file] %>
<% end -%>
SSLProtocol <%= @params[:protocol] %>
<% if @params[:ciphers] -%>
SSLCipherSuite <%= @params[:ciphers] %>
<% end -%>
<% if @params[:cert_required] -%>
SSLVerifyClient require
<% end -%>
<% end -%>
</VirtualHost>