Update to apache2 ~> 8.0 cookbook
This brings us up to date with the latest apache2 cookbook which included a major refactor in 6.0.0 removing all of the definitions and recipe with proper resources. Instead of using the apache2_default_site resource, directly use a template and then enable the config file using the apache2_site resource. This gives us the most flexibility. Additional fixes: - Remove or replace references to node['apache'] attributes - Install mod_wsgi as a package on RHEL since there is no built-in resource for it. - Don't set SELinux to permissive on RHEL (I tested this works properly with it set to enforcing). - Remove hack for restarting apache. - Convert web_app to template and subscribe to restarting apache. - Remove resources to restore SELinux contexts since this taken care of by Chef now automatically. - Include additional cookbooks in Berksfile required for CI Depends-On: https://review.opendev.org/702772 Depends-On: https://review.opendev.org/701824 Change-Id: Ib82595c27f03a7b456d5d5bfecc466f5ac199a5c
This commit is contained in:
parent
71b91f5553
commit
4e4bed1eed
14
Berksfile
14
Berksfile
|
@ -1,6 +1,18 @@
|
|||
source 'https://supermarket.chef.io'
|
||||
|
||||
%w(client -common -identity).each do |cookbook|
|
||||
solver :ruby, :required
|
||||
|
||||
%w(
|
||||
client
|
||||
-common
|
||||
-dns
|
||||
-identity
|
||||
-image
|
||||
-integration-test
|
||||
-network
|
||||
-ops-database
|
||||
-ops-messaging
|
||||
).each do |cookbook|
|
||||
if Dir.exist?("../cookbook-openstack#{cookbook}")
|
||||
cookbook "openstack#{cookbook}", path: "../cookbook-openstack#{cookbook}"
|
||||
else
|
||||
|
|
|
@ -36,7 +36,7 @@ Cookbooks
|
|||
|
||||
The following cookbooks are dependencies:
|
||||
|
||||
- 'apache2', '~> 5.0.1'
|
||||
- 'apache2', '~> 8.0'
|
||||
- 'openstack-common', '>= 18.0.0'
|
||||
- 'openstack-identity', '>= 18.0.0'
|
||||
- 'poise-python'
|
||||
|
|
|
@ -48,6 +48,7 @@ default['openstack']['dashboard']['keystone_default_role'] = 'member'
|
|||
|
||||
default['openstack']['dashboard']['server_hostname'] = nil
|
||||
default['openstack']['dashboard']['server_aliases'] = []
|
||||
default['openstack']['dashboard']['server_admin'] = 'root@localhost'
|
||||
default['openstack']['dashboard']['use_ssl'] = true
|
||||
# When using a remote certificate and key, the names of the actual installed certificate
|
||||
# and key in the file system are determined by the following two attributes.
|
||||
|
@ -70,15 +71,13 @@ default['openstack']['dashboard']['ssl']['use_data_bag'] = true
|
|||
# allows everything
|
||||
default['openstack']['dashboard']['allowed_hosts'] = ['*']
|
||||
|
||||
default['openstack']['dashboard']['apache']['sites-path'] = "#{node['apache']['dir']}/openstack-dashboard.conf"
|
||||
|
||||
# Allow TRACE method
|
||||
#
|
||||
# Set to "extended" to also reflect the request body (only for testing and
|
||||
# diagnostic purposes).
|
||||
#
|
||||
# Set to one of: On | Off | extended
|
||||
default['openstack']['dashboard']['traceenable'] = node['apache']['traceenable']
|
||||
default['openstack']['dashboard']['traceenable'] = 'Off'
|
||||
|
||||
default['openstack']['dashboard']['secret_key_content'] = nil
|
||||
|
||||
|
@ -110,11 +109,10 @@ when 'rhel'
|
|||
default['openstack']['dashboard']['logout_url'] = "#{node['openstack']['dashboard']['webroot']}auth/logout/"
|
||||
default['openstack']['dashboard']['login_redirect_url'] = node['openstack']['dashboard']['webroot']
|
||||
default['openstack']['dashboard']['platform'] = {
|
||||
'horizon_packages' => ['openstack-dashboard'],
|
||||
'horizon_packages' => ['openstack-dashboard', 'mod_wsgi'],
|
||||
'memcache_python_packages' => ['python-memcached'],
|
||||
'package_overrides' => '',
|
||||
}
|
||||
default['openstack']['dashboard']['apache']['sites-path'] = "#{node['apache']['dir']}/sites-available/openstack-dashboard.conf"
|
||||
when 'debian'
|
||||
default['openstack']['dashboard']['key_group'] = 'ssl-cert'
|
||||
default['openstack']['dashboard']['horizon_user'] = 'horizon'
|
||||
|
@ -133,8 +131,8 @@ when 'debian'
|
|||
'memcache_python_packages' => ['python3-memcache'],
|
||||
'package_overrides' => '',
|
||||
}
|
||||
default['openstack']['dashboard']['platform']['horizon_packages'] = ['node-less', 'libapache2-mod-wsgi-py3', 'python3-django-horizon', 'openstack-dashboard']
|
||||
default['openstack']['dashboard']['apache']['sites-path'] = "#{node['apache']['dir']}/sites-available/openstack-dashboard.conf"
|
||||
default['openstack']['dashboard']['platform']['horizon_packages'] =
|
||||
['node-less', 'libapache2-mod-wsgi-py3', 'python3-django-horizon', 'openstack-dashboard']
|
||||
else
|
||||
default['openstack']['dashboard']['key_group'] = 'root'
|
||||
end
|
||||
|
|
|
@ -14,9 +14,9 @@ recipe 'neutron-lbaas-dashboard', 'Installs the python neutron-lbaas-dashboard p
|
|||
supports os
|
||||
end
|
||||
|
||||
depends 'apache2', '~> 8.0'
|
||||
depends 'openstack-common', '>= 18.0.0'
|
||||
depends 'openstack-identity', '>= 18.0.0'
|
||||
depends 'apache2', '5.0.1'
|
||||
depends 'poise-python'
|
||||
|
||||
issues_url 'https://launchpad.net/openstack-chef'
|
||||
|
|
|
@ -26,19 +26,7 @@ require 'uri'
|
|||
|
||||
class ::Chef::Recipe
|
||||
include ::Openstack
|
||||
end
|
||||
|
||||
#
|
||||
# Workaround to install apache2 on a fedora machine with selinux set to enforcing
|
||||
# TODO(breu): this should move to a subscription of the template from the apache2 recipe
|
||||
# and it should simply be a restorecon on the configuration file(s) and not
|
||||
# change the selinux mode
|
||||
#
|
||||
execute 'set-selinux-permissive' do
|
||||
command '/sbin/setenforce Permissive'
|
||||
action :run
|
||||
|
||||
only_if "[ ! -e /etc/httpd/conf/httpd.conf ] && [ -e /etc/redhat-release ] && [ $(/sbin/sestatus | grep -c '^Current mode:.*enforcing') -eq 1 ]"
|
||||
include Apache2::Cookbook::Helpers
|
||||
end
|
||||
|
||||
http_bind = node['openstack']['bind_service']['dashboard_http']
|
||||
|
@ -46,37 +34,43 @@ http_bind_address = bind_address http_bind
|
|||
https_bind = node['openstack']['bind_service']['dashboard_https']
|
||||
https_bind_address = bind_address https_bind
|
||||
|
||||
# This allows the apache2/templates/default/ports.conf.erb to setup the correct listeners.
|
||||
# Need to convert from Chef::Node::ImmutableArray in order to be able to modify
|
||||
apache2_listen = Array(node['apache']['listen'])
|
||||
# Remove the default apache2 cookbook port, as that is also the default for horizon, but with
|
||||
# a different address syntax. *:80 vs 0.0.0.0:80
|
||||
apache2_listen -= ['*:80']
|
||||
|
||||
apache2_listen += ["#{http_bind['host']}:#{http_bind['port']}"]
|
||||
if node['openstack']['dashboard']['use_ssl']
|
||||
apache2_listen += ["#{https_bind['host']}:#{https_bind['port']}"]
|
||||
# service['apache2'] is defined in the apache2_default_install resource
|
||||
# but other resources are currently unable to reference it. To work
|
||||
# around this issue, define the following helper in your cookbook:
|
||||
service 'apache2' do
|
||||
extend Apache2::Cookbook::Helpers
|
||||
service_name lazy { apache_platform_service_name }
|
||||
supports restart: true, status: true, reload: true
|
||||
action :nothing
|
||||
end
|
||||
|
||||
node.normal['apache']['listen'] = apache2_listen.uniq
|
||||
# Finds and appends the listen port to the apache2_install[openstack]
|
||||
# resource which is defined in openstack-identity::server-apache.
|
||||
apache_resource = find_resource(:apache2_install, 'openstack')
|
||||
|
||||
include_recipe 'apache2'
|
||||
include_recipe 'apache2::mod_headers'
|
||||
# TODO(jh): recipe is hardcoded to include py2 mod-wsgi package
|
||||
case node['platform_family']
|
||||
when 'debian'
|
||||
package 'libapache2-mod-wsgi-py3'
|
||||
apache_module 'wsgi'
|
||||
when 'rhel'
|
||||
include_recipe 'apache2::mod_wsgi'
|
||||
apache_port =
|
||||
if node['openstack']['dashboard']['use_ssl']
|
||||
["#{http_bind_address}:#{http_bind['port']}", "#{https_bind_address}:#{https_bind['port']}"]
|
||||
else
|
||||
"#{http_bind_address}:#{http_bind['port']}"
|
||||
end
|
||||
|
||||
if apache_resource
|
||||
apache_resource.listen = [apache_resource.listen, apache_port].flatten
|
||||
else
|
||||
apache2_install 'openstack' do
|
||||
listen apache_port
|
||||
end
|
||||
end
|
||||
|
||||
include_recipe 'apache2::mod_rewrite'
|
||||
include_recipe 'apache2::mod_ssl' if node['openstack']['dashboard']['use_ssl']
|
||||
apache2_module 'wsgi'
|
||||
apache2_module 'rewrite'
|
||||
apache2_module 'headers'
|
||||
apache2_module 'ssl' if node['openstack']['dashboard']['use_ssl']
|
||||
|
||||
# delete the openstack-dashboard.conf before reload apache2 service on redhat and centos
|
||||
# since this file is not valid on those platforms for the apache2 service.
|
||||
file "#{node['apache']['dir']}/conf.d/openstack-dashboard.conf" do
|
||||
file "#{apache_dir}/conf.d/openstack-dashboard.conf" do
|
||||
action :delete
|
||||
backup false
|
||||
only_if { platform_family?('rhel') } # :pragma-foodcritic: ~FC024 - won't fix this
|
||||
|
@ -107,7 +101,6 @@ if node['openstack']['dashboard']['use_ssl'] &&
|
|||
mode cert_mode
|
||||
owner cert_owner
|
||||
group cert_group
|
||||
notifies :run, 'execute[restore-selinux-context]', :immediately
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -121,7 +114,6 @@ if node['openstack']['dashboard']['use_ssl'] &&
|
|||
mode cert_mode
|
||||
owner cert_owner
|
||||
group cert_group
|
||||
notifies :run, 'execute[restore-selinux-context]', :immediately
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -134,7 +126,6 @@ if node['openstack']['dashboard']['use_ssl'] &&
|
|||
mode key_mode
|
||||
owner key_owner
|
||||
group key_group
|
||||
notifies :run, 'execute[restore-selinux-context]', :immediately
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -160,13 +151,12 @@ directory "#{node['openstack']['dashboard']['dash_path']}/.blackhole" do
|
|||
action :create
|
||||
end
|
||||
|
||||
template node['openstack']['dashboard']['apache']['sites-path'] do
|
||||
template "#{apache_dir}/sites-available/openstack-dashboard.conf" do
|
||||
extend Apache2::Cookbook::Helpers
|
||||
source 'dash-site.erb'
|
||||
owner 'root'
|
||||
group node['apache']['root_group']
|
||||
mode 0o0644
|
||||
|
||||
variables(
|
||||
apache_admin: node['openstack']['dashboard']['server_admin'],
|
||||
log_dir: default_log_dir,
|
||||
ssl_cert_file: ssl_cert_file.to_s,
|
||||
ssl_key_file: ssl_key_file.to_s,
|
||||
ssl_chain_file: ssl_chain_file.to_s,
|
||||
|
@ -175,34 +165,20 @@ template node['openstack']['dashboard']['apache']['sites-path'] do
|
|||
https_bind_address: https_bind_address,
|
||||
https_bind_port: https_bind['port'].to_i
|
||||
)
|
||||
|
||||
notifies :run, 'execute[restore-selinux-context]', :immediately
|
||||
notifies :reload, 'service[apache2]', :immediately
|
||||
end
|
||||
|
||||
# The `apache_site` provided by the apache2 cookbook
|
||||
# is not an LWRP. Guards do not apply to definitions.
|
||||
# http://tickets.opscode.com/browse/CHEF-778
|
||||
case node['platform_family']
|
||||
when 'debian'
|
||||
apache_site '000-default' do
|
||||
enable false
|
||||
apache2_site '000-default' do
|
||||
action :disable
|
||||
end
|
||||
when 'rhel'
|
||||
apache_site 'default' do
|
||||
enable false
|
||||
notifies :run, 'execute[restore-selinux-context]', :immediately
|
||||
apache2_site 'default' do
|
||||
action :disable
|
||||
end
|
||||
end
|
||||
|
||||
apache_site 'openstack-dashboard' do
|
||||
enable true
|
||||
notifies :run, 'execute[restore-selinux-context]', :immediately
|
||||
apache2_site 'openstack-dashboard' do
|
||||
notifies :reload, 'service[apache2]', :immediately
|
||||
end
|
||||
|
||||
execute 'restore-selinux-context' do
|
||||
command 'restorecon -Rv /etc/httpd /etc/pki; chcon -R -t httpd_sys_content_t /usr/share/openstack-dashboard /var/www/html || :'
|
||||
action :nothing
|
||||
only_if { platform_family?('fedora') }
|
||||
end
|
||||
|
|
|
@ -25,7 +25,6 @@ when 'rhel'
|
|||
|
||||
python_package 'neutron-lbaas-dashboard' do
|
||||
version node['openstack']['dashboard']['lbaas']['version']
|
||||
notifies :run, 'execute[restore-selinux-context]', :immediately
|
||||
notifies :run, 'execute[openstack-dashboard collectstatic]'
|
||||
end
|
||||
|
||||
|
|
|
@ -11,12 +11,6 @@ describe 'openstack-dashboard::apache2-server' do
|
|||
include_context 'dashboard_stubs'
|
||||
include_context 'redhat_stubs'
|
||||
|
||||
it 'executes set-selinux-permissive' do
|
||||
cmd = '/sbin/setenforce Permissive'
|
||||
|
||||
expect(chef_run).to run_execute(cmd)
|
||||
end
|
||||
|
||||
describe 'certs' do
|
||||
describe 'get secret' do
|
||||
let(:pem) { chef_run.file('/etc/pki/tls/certs/horizon.pem') }
|
||||
|
@ -33,8 +27,6 @@ describe 'openstack-dashboard::apache2-server' do
|
|||
group: 'root',
|
||||
mode: 0o640
|
||||
)
|
||||
expect(pem).to notify('execute[restore-selinux-context]').to(:run)
|
||||
expect(key).to notify('execute[restore-selinux-context]').to(:run)
|
||||
end
|
||||
|
||||
context 'does not mess with certs if ssl not enabled' do
|
||||
|
@ -51,14 +43,15 @@ describe 'openstack-dashboard::apache2-server' do
|
|||
end
|
||||
it 'deletes openstack-dashboard.conf' do
|
||||
file = '/etc/httpd/conf.d/openstack-dashboard.conf'
|
||||
|
||||
expect(chef_run).to delete_file(file)
|
||||
end
|
||||
|
||||
it 'does not execute restore-selinux-context' do
|
||||
cmd = 'restorecon -Rv /etc/httpd /etc/pki; chcon -R -t httpd_sys_content_t /usr/share/openstack-dashboard || :'
|
||||
it do
|
||||
expect(chef_run).to_not disable_apache2_site('000-default')
|
||||
end
|
||||
|
||||
expect(chef_run).not_to run_execute(cmd)
|
||||
it do
|
||||
expect(chef_run).to disable_apache2_site('default')
|
||||
end
|
||||
|
||||
it 'sets the WSGI daemon user to attribute default' do
|
||||
|
|
|
@ -56,8 +56,6 @@ describe 'openstack-dashboard::apache2-server' do
|
|||
cached(:chef_run) do
|
||||
node.override['openstack']['dashboard']['custom_template_banner'] = 'custom_template_banner_value'
|
||||
node.override['openstack']['dashboard']['traceenable'] = 'value'
|
||||
node.override['apache']['log_dir'] = 'log_dir_value'
|
||||
node.override['apache']['contact'] = 'apache_contact_value'
|
||||
node.override['openstack']['dashboard']['error_log'] = 'error_log_value'
|
||||
node.override['openstack']['dashboard']['access_log'] = 'access_log_value'
|
||||
runner.converge(described_recipe)
|
||||
|
@ -77,33 +75,18 @@ describe 'openstack-dashboard::apache2-server' do
|
|||
include_context 'non_redhat_stubs'
|
||||
include_context 'dashboard_stubs'
|
||||
|
||||
it 'does not execute set-selinux-permissive' do
|
||||
cmd = '/sbin/setenforce Permissive'
|
||||
expect(chef_run).not_to run_execute(cmd)
|
||||
it do
|
||||
expect(chef_run).to install_apache2_install('openstack').with(listen: %w(0.0.0.0:80 0.0.0.0:443))
|
||||
end
|
||||
|
||||
it 'set apache addresses and ports' do
|
||||
expect(chef_run.node['apache']['listen']).to eq %w(0.0.0.0:80 0.0.0.0:443)
|
||||
end
|
||||
|
||||
it 'includes apache packages' do
|
||||
%w(
|
||||
apache2
|
||||
apache2::mod_headers
|
||||
apache2::mod_rewrite
|
||||
apache2::mod_ssl
|
||||
).each do |recipe|
|
||||
expect(chef_run).to include_recipe(recipe)
|
||||
end
|
||||
it 'enables apache modules' do
|
||||
expect(chef_run).to enable_apache2_module('wsgi')
|
||||
expect(chef_run).to enable_apache2_module('rewrite')
|
||||
expect(chef_run).to enable_apache2_module('headers')
|
||||
end
|
||||
|
||||
it 'does not include the apache mod_ssl package when ssl disabled' do
|
||||
expect(chef_run_no_ssl).not_to include_recipe('apache2::mod_ssl')
|
||||
end
|
||||
|
||||
it 'does not execute set-selinux-enforcing' do
|
||||
cmd = '/sbin/setenforce Enforcing ; restorecon -R /etc/httpd'
|
||||
expect(chef_run).not_to run_execute(cmd)
|
||||
expect(chef_run_no_ssl).not_to enable_apache2_module('ssl')
|
||||
end
|
||||
|
||||
describe 'certs' do
|
||||
|
@ -124,8 +107,6 @@ describe 'openstack-dashboard::apache2-server' do
|
|||
group: 'ssl-cert',
|
||||
mode: 0o640
|
||||
)
|
||||
expect(pem).to notify('execute[restore-selinux-context]').to(:run)
|
||||
expect(key).to notify('execute[restore-selinux-context]').to(:run)
|
||||
end
|
||||
end
|
||||
describe 'set ssl chain' do
|
||||
|
@ -138,7 +119,6 @@ describe 'openstack-dashboard::apache2-server' do
|
|||
group: 'root',
|
||||
mode: 0o644
|
||||
)
|
||||
expect(chain).to notify('execute[restore-selinux-context]').to(:run)
|
||||
end
|
||||
end
|
||||
describe 'get secret with only one pem' do
|
||||
|
@ -169,7 +149,6 @@ describe 'openstack-dashboard::apache2-server' do
|
|||
group: 'ssl-cert',
|
||||
mode: 0o640
|
||||
)
|
||||
expect(key).to notify('execute[restore-selinux-context]').to(:run)
|
||||
end
|
||||
|
||||
it 'does not mess with certs if ssl not enabled' do
|
||||
|
@ -217,8 +196,6 @@ describe 'openstack-dashboard::apache2-server' do
|
|||
group: 'ssl-cert',
|
||||
mode: 0o640
|
||||
)
|
||||
expect(key).to notify('execute[restore-selinux-context]').to(:run)
|
||||
expect(pem).to notify('execute[restore-selinux-context]').to(:run)
|
||||
end
|
||||
describe 'set ssl chain' do
|
||||
let(:chain) { chef_run.file('/etc/anypath/any-chain.pem') }
|
||||
|
@ -229,7 +206,6 @@ describe 'openstack-dashboard::apache2-server' do
|
|||
group: 'root',
|
||||
mode: 0o644
|
||||
)
|
||||
expect(chain).to notify('execute[restore-selinux-context]').to(:run)
|
||||
end
|
||||
end
|
||||
it 'does not mess with certs if ssl not enabled' do
|
||||
|
@ -262,13 +238,27 @@ describe 'openstack-dashboard::apache2-server' do
|
|||
let(:file) { chef_run.template('/etc/apache2/sites-available/openstack-dashboard.conf') }
|
||||
|
||||
it 'creates openstack-dashboard.conf' do
|
||||
expect(chef_run).to create_template(file.name).with(
|
||||
user: 'root',
|
||||
group: 'root',
|
||||
mode: 0o644
|
||||
expect(chef_run).to create_template('/etc/apache2/sites-available/openstack-dashboard.conf').with(
|
||||
source: 'dash-site.erb',
|
||||
variables: {
|
||||
apache_admin: 'root@localhost',
|
||||
http_bind_address: '0.0.0.0',
|
||||
http_bind_port: 80,
|
||||
https_bind_address: '0.0.0.0',
|
||||
https_bind_port: 443,
|
||||
log_dir: '/var/log/apache2',
|
||||
ssl_cert_file: '/etc/ssl/certs/horizon.pem',
|
||||
ssl_chain_file: '',
|
||||
ssl_key_file: '/etc/ssl/private/horizon.key',
|
||||
}
|
||||
)
|
||||
end
|
||||
|
||||
it do
|
||||
expect(chef_run.template('/etc/apache2/sites-available/openstack-dashboard.conf')).to \
|
||||
notify('service[apache2]').to(:reload).immediately
|
||||
end
|
||||
|
||||
describe 'template content' do
|
||||
let(:rewrite_ssl_directive) { /^\s*RewriteEngine On\s*RewriteCond \%\{HTTPS\} off$/ }
|
||||
let(:default_rewrite_rule) { %r(^\s*RewriteRule \^\(\.\*\)\$ https\://%\{HTTP_HOST\}%\{REQUEST_URI\} \[L,R\]$) }
|
||||
|
@ -462,7 +452,7 @@ describe 'openstack-dashboard::apache2-server' do
|
|||
end
|
||||
|
||||
it 'shows the ServerAdmin' do
|
||||
expect(chef_run).to render_file(file.name).with_content(/\s*ServerAdmin apache_contact_value$/)
|
||||
expect(chef_run).to render_file(file.name).with_content(/\s*ServerAdmin root@localhost$/)
|
||||
end
|
||||
|
||||
it 'sets the WSGI script alias defaults' do
|
||||
|
@ -539,17 +529,6 @@ describe 'openstack-dashboard::apache2-server' do
|
|||
end
|
||||
end
|
||||
|
||||
describe 'log directives' do
|
||||
it 'sets the ErrorLog directive' do
|
||||
expect(chef_run).to render_file(file.name).with_content(%r{^\s*ErrorLog log_dir_value/error_log_value$})
|
||||
end
|
||||
|
||||
it 'sets the CustomLog directive' do
|
||||
expect(chef_run).to render_file(file.name)
|
||||
.with_content(%r{^\s*CustomLog log_dir_value/access_log_value combined$})
|
||||
end
|
||||
end
|
||||
|
||||
context 'sets wsgi socket prefix if wsgi_socket_prefix attribute is preset' do
|
||||
cached(:chef_run) do
|
||||
node.override['openstack']['dashboard']['wsgi_socket_prefix'] = '/var/run/wsgi'
|
||||
|
@ -564,10 +543,6 @@ describe 'openstack-dashboard::apache2-server' do
|
|||
expect(chef_run).not_to render_file(file.name).with_content(/^WSGISocketPrefix $/)
|
||||
end
|
||||
end
|
||||
|
||||
it 'notifies restore-selinux-context' do
|
||||
expect(file).to notify('execute[restore-selinux-context]').to(:run)
|
||||
end
|
||||
end
|
||||
|
||||
describe 'secret_key_path file' do
|
||||
|
@ -619,38 +594,20 @@ describe 'openstack-dashboard::apache2-server' do
|
|||
expect(chef_run).not_to delete_file(file)
|
||||
end
|
||||
|
||||
it 'calls apache_site to disable 000-default virtualhost' do
|
||||
resource = chef_run.find_resource('execute',
|
||||
'a2dissite 000-default.conf').to_hash
|
||||
expect(resource).to include(
|
||||
action: [:run],
|
||||
params: {
|
||||
enable: false,
|
||||
name: '000-default',
|
||||
}
|
||||
)
|
||||
it do
|
||||
expect(chef_run).to disable_apache2_site('000-default')
|
||||
end
|
||||
|
||||
it 'calls apache_site to enable openstack-dashboard virtualhost' do
|
||||
resource = chef_run.find_resource('execute',
|
||||
'a2ensite openstack-dashboard.conf').to_hash
|
||||
expect(resource).to include(
|
||||
action: [:run],
|
||||
params: {
|
||||
enable: true,
|
||||
notifies: [:reload, 'service[apache2]', :immediately],
|
||||
name: 'openstack-dashboard',
|
||||
}
|
||||
)
|
||||
it do
|
||||
expect(chef_run).to_not disable_apache2_site('default')
|
||||
end
|
||||
|
||||
it 'notifies apache2 restart' do
|
||||
skip 'TODO: how to test when tied to an LWRP'
|
||||
it do
|
||||
expect(chef_run).to enable_apache2_site('openstack-dashboard')
|
||||
end
|
||||
|
||||
it 'does not execute restore-selinux-context' do
|
||||
cmd = 'restorecon -Rv /etc/httpd /etc/pki; chcon -R -t httpd_sys_content_t /usr/share/openstack-dashboard || :'
|
||||
expect(chef_run).not_to run_execute(cmd)
|
||||
it do
|
||||
expect(chef_run.apache2_site('openstack-dashboard')).to notify('service[apache2]').to(:reload).immediately
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -6,7 +6,7 @@ describe 'openstack-dashboard::horizon' do
|
|||
let(:runner) { ChefSpec::SoloRunner.new(REDHAT_OPTS) }
|
||||
let(:node) { runner.node }
|
||||
cached(:chef_run) do
|
||||
runner.converge(described_recipe)
|
||||
runner.converge('openstack-identity::server-apache', described_recipe)
|
||||
end
|
||||
|
||||
include_context 'dashboard_stubs'
|
||||
|
@ -14,6 +14,7 @@ describe 'openstack-dashboard::horizon' do
|
|||
|
||||
it 'installs packages' do
|
||||
expect(chef_run).to upgrade_package('openstack-dashboard')
|
||||
expect(chef_run).to upgrade_package('mod_wsgi')
|
||||
expect(chef_run).to upgrade_package('MySQL-python')
|
||||
end
|
||||
|
||||
|
|
|
@ -28,7 +28,7 @@ describe 'openstack-dashboard::horizon' do
|
|||
'variable2' => 'value2',
|
||||
},
|
||||
}
|
||||
runner.converge(described_recipe)
|
||||
runner.converge('openstack-identity::server-apache', described_recipe)
|
||||
end
|
||||
|
||||
cached(:chef_run2) do
|
||||
|
@ -46,12 +46,12 @@ describe 'openstack-dashboard::horizon' do
|
|||
node.override['openstack']['dashboard']['neutron']['enable_lb'] = true
|
||||
node.override['openstack']['dashboard']['plugins'] = %w(testPlugin1 testPlugin2)
|
||||
node.override['openstack']['db']['dashboard']['migrate'] = false
|
||||
runner.converge(described_recipe)
|
||||
runner.converge('openstack-identity::server-apache', described_recipe)
|
||||
end
|
||||
|
||||
cached(:chef_run_sql) do
|
||||
node.override['openstack']['dashboard']['session_backend'] = 'sql'
|
||||
runner.converge(described_recipe)
|
||||
runner.converge('openstack-identity::server-apache', described_recipe)
|
||||
end
|
||||
|
||||
include_context 'non_redhat_stubs'
|
||||
|
@ -136,7 +136,7 @@ describe 'openstack-dashboard::horizon' do
|
|||
cached(:chef_run) do
|
||||
node.override['openstack']['dashboard']['use_ssl'] = true
|
||||
node.override['openstack']['dashboard']['ssl_no_verify'] = 'False'
|
||||
runner.converge(described_recipe)
|
||||
runner.converge('openstack-identity::server-apache', described_recipe)
|
||||
end
|
||||
it 'has a False value for the OPENSTACK_SSL_NO_VERIFY attribute' do
|
||||
expect(chef_run).to render_file(file.name).with_content(/^OPENSTACK_SSL_NO_VERIFY = False$/)
|
||||
|
@ -200,7 +200,7 @@ describe 'openstack-dashboard::horizon' do
|
|||
cached(:chef_run) do
|
||||
node.override['openstack']['dashboard']['csrf_cookie_secure'] = false
|
||||
node.override['openstack']['dashboard']['session_cookie_secure'] = false
|
||||
runner.converge(described_recipe)
|
||||
runner.converge('openstack-identity::server-apache', described_recipe)
|
||||
end
|
||||
it do
|
||||
expect(chef_run).to render_file(file.name).with_content(/^CSRF_COOKIE_SECURE = False$/)
|
||||
|
@ -321,16 +321,14 @@ describe 'openstack-dashboard::horizon' do
|
|||
end
|
||||
end
|
||||
|
||||
[nil, []].each do |empty_value|
|
||||
context 'without memcache servers' do
|
||||
cached(:chef_run) do
|
||||
allow_any_instance_of(Chef::Recipe).to receive(:memcached_servers).and_return(empty_value)
|
||||
runner.converge(described_recipe)
|
||||
end
|
||||
it "does not configure caching when backend == memcache and #{empty_value} provided as memcache servers" do
|
||||
expect(chef_run).to_not render_file(file.name)
|
||||
.with_content(/^\s*'LOCATION': \[\s*'hostA:port',\s*'hostB:port',\s*\]$/)
|
||||
end
|
||||
context 'without memcache servers' do
|
||||
cached(:chef_run) do
|
||||
allow_any_instance_of(Chef::Recipe).to receive(:memcached_servers).and_return([])
|
||||
runner.converge('openstack-identity::server-apache', described_recipe)
|
||||
end
|
||||
it 'does not configure caching when backend == memcache and memcached_servers == []' do
|
||||
expect(chef_run).to_not render_file(file.name)
|
||||
.with_content(/^\s*'LOCATION': \[\s*'hostA:port',\s*'hostB:port',\s*\]$/)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
@ -365,7 +363,7 @@ describe 'openstack-dashboard::horizon' do
|
|||
keystone_settings.each do |keystone_setting|
|
||||
node.override['openstack']['dashboard']['keystone_backend'][keystone_setting] = true
|
||||
end
|
||||
runner.converge(described_recipe)
|
||||
runner.converge('openstack-identity::server-apache', described_recipe)
|
||||
end
|
||||
keystone_settings.each do |keystone_setting|
|
||||
it do
|
||||
|
@ -379,7 +377,7 @@ describe 'openstack-dashboard::horizon' do
|
|||
keystone_settings.each do |keystone_setting|
|
||||
node.override['openstack']['dashboard']['keystone_backend'][keystone_setting] = false
|
||||
end
|
||||
runner.converge(described_recipe)
|
||||
runner.converge('openstack-identity::server-apache', described_recipe)
|
||||
end
|
||||
keystone_settings.each do |keystone_setting|
|
||||
it do
|
||||
|
@ -428,7 +426,7 @@ describe 'openstack-dashboard::horizon' do
|
|||
components.each do |component|
|
||||
node.override['openstack']['dashboard']['log_level'][component] = "#{component}_log_level_value"
|
||||
end
|
||||
runner.converge(described_recipe)
|
||||
runner.converge('openstack-identity::server-apache', described_recipe)
|
||||
end
|
||||
components.each do |component|
|
||||
it do
|
||||
|
@ -447,7 +445,7 @@ describe 'openstack-dashboard::horizon' do
|
|||
cached(:chef_run) do
|
||||
node.override['openstack']['db']['dashboard']['username'] = "#{service_type}_user"
|
||||
node.override['openstack']['db']['python_packages'][service_type] = ['pkg1', 'pkg2']
|
||||
runner.converge(described_recipe)
|
||||
runner.converge('openstack-identity::server-apache', described_recipe)
|
||||
end
|
||||
before do
|
||||
allow_any_instance_of(Chef::Recipe).to receive(:db)
|
||||
|
@ -539,7 +537,7 @@ describe 'openstack-dashboard::horizon' do
|
|||
context 'executes when database backend is sqlite' do
|
||||
cached(:chef_run) do
|
||||
node.override['openstack']['db']['dashboard']['service_type'] = 'sqlite'
|
||||
runner.converge(described_recipe)
|
||||
runner.converge('openstack-identity::server-apache', described_recipe)
|
||||
end
|
||||
it do
|
||||
expect(chef_run).to run_execute(sync_db_cmd).with(
|
||||
|
|
|
@ -6,7 +6,7 @@ describe 'openstack-dashboard::neutron-fwaas-dashboard' do
|
|||
cached(:runner) { ChefSpec::SoloRunner.new(UBUNTU_OPTS) }
|
||||
cached(:node) { runner.node }
|
||||
cached(:chef_run) do
|
||||
runner.converge(described_recipe)
|
||||
runner.converge('openstack-identity::server-apache', described_recipe)
|
||||
end
|
||||
|
||||
include_context 'non_redhat_stubs'
|
||||
|
|
|
@ -6,7 +6,7 @@ describe 'openstack-dashboard::neutron-lbaas-dashboard' do
|
|||
cached(:runner) { ChefSpec::SoloRunner.new(UBUNTU_OPTS) }
|
||||
cached(:node) { runner.node }
|
||||
cached(:chef_run) do
|
||||
runner.converge(described_recipe)
|
||||
runner.converge('openstack-identity::server-apache', described_recipe)
|
||||
end
|
||||
|
||||
include_context 'non_redhat_stubs'
|
||||
|
|
|
@ -39,6 +39,42 @@ shared_context 'dashboard_stubs' do
|
|||
allow_any_instance_of(Chef::Recipe).to receive(:secret)
|
||||
.with('certs', 'horizon.key')
|
||||
.and_return('horizon_key_value')
|
||||
# identity stubs
|
||||
allow_any_instance_of(Chef::Recipe).to receive(:secret)
|
||||
.with('secrets', 'credential_key0')
|
||||
.and_return('thisiscredentialkey0')
|
||||
allow_any_instance_of(Chef::Recipe).to receive(:secret)
|
||||
.with('secrets', 'credential_key1')
|
||||
.and_return('thisiscredentialkey1')
|
||||
allow_any_instance_of(Chef::Recipe).to receive(:secret)
|
||||
.with('secrets', 'fernet_key0')
|
||||
.and_return('thisisfernetkey0')
|
||||
allow_any_instance_of(Chef::Recipe).to receive(:secret)
|
||||
.with('secrets', 'fernet_key1')
|
||||
.and_return('thisisfernetkey1')
|
||||
allow_any_instance_of(Chef::Recipe).to receive(:search_for)
|
||||
.with('os-identity').and_return(
|
||||
[{
|
||||
'openstack' => {
|
||||
'identity' => {
|
||||
'admin_tenant_name' => 'admin',
|
||||
'admin_user' => 'admin',
|
||||
},
|
||||
},
|
||||
}]
|
||||
)
|
||||
allow_any_instance_of(Chef::Recipe).to receive(:rabbit_transport_url)
|
||||
.with('identity')
|
||||
.and_return('rabbit://openstack:mypass@127.0.0.1:5672')
|
||||
allow_any_instance_of(Chef::Recipe).to receive(:get_password)
|
||||
.with('user', anything)
|
||||
.and_return('')
|
||||
allow_any_instance_of(Chef::Recipe).to receive(:get_password)
|
||||
.with('db', anything)
|
||||
.and_return('test-passes')
|
||||
allow_any_instance_of(Chef::Recipe).to receive(:db_uri)
|
||||
.with(anything, anything, anything)
|
||||
.and_return('')
|
||||
end
|
||||
end
|
||||
|
||||
|
|
|
@ -26,7 +26,7 @@
|
|||
ServerAlias <%= node["openstack"]["dashboard"]["server_aliases"].join(" ") %>
|
||||
<% end -%>
|
||||
<% end %>
|
||||
ServerAdmin <%= node["apache"]["contact"] %>
|
||||
ServerAdmin <%= @apache_admin %>
|
||||
# Note(jr): This is needed when SSL is used for the services, see
|
||||
# https://bugs.launchpad.net/openstack-ansible/+bug/1624791/comments/17
|
||||
WSGIApplicationGroup %{GLOBAL}
|
||||
|
@ -53,8 +53,8 @@
|
|||
AllowOverride None
|
||||
Require all granted
|
||||
</Directory>
|
||||
|
||||
<% if node["openstack"]["dashboard"]["use_ssl"] -%>
|
||||
|
||||
SSLEngine on
|
||||
SSLCertificateFile <%= @ssl_cert_file %>
|
||||
SSLCertificateKeyFile <%= @ssl_key_file %>
|
||||
|
@ -72,9 +72,9 @@
|
|||
RewriteCond /opt/dash/site_overlay%{REQUEST_FILENAME} -s
|
||||
RewriteRule ^/(.+) /opt/dash/site_overlay/$1 [L]
|
||||
|
||||
ErrorLog <%= node["apache"]["log_dir"] %>/<%= node["openstack"]["dashboard"]["error_log"] %>
|
||||
ErrorLog <%= @log_dir %>/<%= node["openstack"]["dashboard"]["error_log"] %>
|
||||
LogLevel warn
|
||||
CustomLog <%= node["apache"]["log_dir"] %>/<%= node["openstack"]["dashboard"]["access_log"] %> combined
|
||||
CustomLog <%= @log_dir %>/<%= node["openstack"]["dashboard"]["access_log"] %> combined
|
||||
TraceEnable <%= node['openstack']['dashboard']['traceenable'] %>
|
||||
<% unless node["openstack"]["dashboard"]["cache_html"] %>
|
||||
SetEnvIfExpr "req('accept') =~/html/" NO_CACHE
|
||||
|
@ -82,7 +82,7 @@
|
|||
Header merge Cache-Control no-store env=NO_CACHE
|
||||
<% end -%>
|
||||
</VirtualHost>
|
||||
|
||||
<% unless node["openstack"]["dashboard"]["wsgi_socket_prefix"].nil? %>
|
||||
|
||||
WSGISocketPrefix <%= node["openstack"]["dashboard"]["wsgi_socket_prefix"] %>
|
||||
<% end %>
|
||||
|
|
Loading…
Reference in New Issue