openstack
/
cookbook-openstack-dashboard
Code Issues Proposed changes

Update to apache2 ~> 8.0 cookbook 

This brings us up to date with the latest apache2 cookbook which
included a major refactor in 6.0.0 removing all of the definitions and
recipe with proper resources. Instead of using the apache2_default_site
resource, directly use a template and then enable the config file using
the apache2_site resource. This gives us the most flexibility.

Additional fixes:
- Remove or replace references to node['apache'] attributes
- Install mod_wsgi as a package on RHEL since there is no built-in
  resource for it.
- Don't set SELinux to permissive on RHEL (I tested this works properly
  with it set to enforcing).
- Remove hack for restarting apache.
- Convert web_app to template and subscribe to restarting apache.
- Remove resources to restore SELinux contexts since this taken care of
  by Chef now automatically.
- Include additional cookbooks in Berksfile required for CI

Depends-On: https://review.opendev.org/702772
Depends-On: https://review.opendev.org/701824
Change-Id: Ib82595c27f03a7b456d5d5bfecc466f5ac199a5c
This commit is contained in:
Lance Albertson 2020-01-10 11:01:26 -08:00
parent 71b91f5553
commit 4e4bed1eed
14 changed files with 161 additions and 191 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
Berksfile
View File

@ -1,6 +1,18 @@
source 'https://supermarket.chef.io'
%w(client -common -identity).each do |cookbook|
solver :ruby, :required
%w(
client
-common
-dns
-identity
-image
-integration-test
-network
-ops-database
-ops-messaging
).each do |cookbook|
if Dir.exist?("../cookbook-openstack#{cookbook}")
cookbook "openstack#{cookbook}", path: "../cookbook-openstack#{cookbook}"
else

2
README.rst
View File

@ -36,7 +36,7 @@ Cookbooks
The following cookbooks are dependencies:
- 'apache2', '~> 5.0.1'
- 'apache2', '~> 8.0'
- 'openstack-common', '>= 18.0.0'
- 'openstack-identity', '>= 18.0.0'
- 'poise-python'

12
attributes/default.rb
View File

@ -48,6 +48,7 @@ default['openstack']['dashboard']['keystone_default_role'] = 'member'
default['openstack']['dashboard']['server_hostname'] = nil
default['openstack']['dashboard']['server_aliases'] = []
default['openstack']['dashboard']['server_admin'] = 'root@localhost'
default['openstack']['dashboard']['use_ssl'] = true
# When using a remote certificate and key, the names of the actual installed certificate
# and key in the file system are determined by the following two attributes.
@ -70,15 +71,13 @@ default['openstack']['dashboard']['ssl']['use_data_bag'] = true
# allows everything
default['openstack']['dashboard']['allowed_hosts'] = ['*']
default['openstack']['dashboard']['apache']['sites-path'] = "#{node['apache']['dir']}/openstack-dashboard.conf"
# Allow TRACE method
#
# Set to "extended" to also reflect the request body (only for testing and
# diagnostic purposes).
#
# Set to one of: On | Off | extended
default['openstack']['dashboard']['traceenable'] = node['apache']['traceenable']
default['openstack']['dashboard']['traceenable'] = 'Off'
default['openstack']['dashboard']['secret_key_content'] = nil
@ -110,11 +109,10 @@ when 'rhel'
default['openstack']['dashboard']['logout_url'] = "#{node['openstack']['dashboard']['webroot']}auth/logout/"
default['openstack']['dashboard']['login_redirect_url'] = node['openstack']['dashboard']['webroot']
default['openstack']['dashboard']['platform'] = {
'horizon_packages' => ['openstack-dashboard'],
'horizon_packages' => ['openstack-dashboard', 'mod_wsgi'],
'memcache_python_packages' => ['python-memcached'],
'package_overrides' => '',
}
default['openstack']['dashboard']['apache']['sites-path'] = "#{node['apache']['dir']}/sites-available/openstack-dashboard.conf"
when 'debian'
default['openstack']['dashboard']['key_group'] = 'ssl-cert'
default['openstack']['dashboard']['horizon_user'] = 'horizon'
@ -133,8 +131,8 @@ when 'debian'
'memcache_python_packages' => ['python3-memcache'],
'package_overrides' => '',
}
default['openstack']['dashboard']['platform']['horizon_packages'] = ['node-less', 'libapache2-mod-wsgi-py3', 'python3-django-horizon', 'openstack-dashboard']
default['openstack']['dashboard']['apache']['sites-path'] = "#{node['apache']['dir']}/sites-available/openstack-dashboard.conf"
default['openstack']['dashboard']['platform']['horizon_packages'] =
['node-less', 'libapache2-mod-wsgi-py3', 'python3-django-horizon', 'openstack-dashboard']
else
default['openstack']['dashboard']['key_group'] = 'root'
end

2
metadata.rb
View File

@ -14,9 +14,9 @@ recipe 'neutron-lbaas-dashboard', 'Installs the python neutron-lbaas-dashboard p
supports os
end
depends 'apache2', '~> 8.0'
depends 'openstack-common', '>= 18.0.0'
depends 'openstack-identity', '>= 18.0.0'
depends 'apache2', '5.0.1'
depends 'poise-python'
issues_url 'https://launchpad.net/openstack-chef'

102
recipes/apache2-server.rb
View File

@ -26,19 +26,7 @@ require 'uri'
class ::Chef::Recipe
include ::Openstack
end
#
# Workaround to install apache2 on a fedora machine with selinux set to enforcing
# TODO(breu): this should move to a subscription of the template from the apache2 recipe
# and it should simply be a restorecon on the configuration file(s) and not
# change the selinux mode
#
execute 'set-selinux-permissive' do
command '/sbin/setenforce Permissive'
action :run
only_if "[ ! -e /etc/httpd/conf/httpd.conf ] && [ -e /etc/redhat-release ] && [ $(/sbin/sestatus | grep -c '^Current mode:.*enforcing') -eq 1 ]"
include Apache2::Cookbook::Helpers
end
http_bind = node['openstack']['bind_service']['dashboard_http']
@ -46,37 +34,43 @@ http_bind_address = bind_address http_bind
https_bind = node['openstack']['bind_service']['dashboard_https']
https_bind_address = bind_address https_bind
# This allows the apache2/templates/default/ports.conf.erb to setup the correct listeners.
# Need to convert from Chef::Node::ImmutableArray in order to be able to modify
apache2_listen = Array(node['apache']['listen'])
# Remove the default apache2 cookbook port, as that is also the default for horizon, but with
# a different address syntax. *:80 vs 0.0.0.0:80
apache2_listen -= ['*:80']
apache2_listen += ["#{http_bind['host']}:#{http_bind['port']}"]
if node['openstack']['dashboard']['use_ssl']
apache2_listen += ["#{https_bind['host']}:#{https_bind['port']}"]
# service['apache2'] is defined in the apache2_default_install resource
# but other resources are currently unable to reference it. To work
# around this issue, define the following helper in your cookbook:
service 'apache2' do
extend Apache2::Cookbook::Helpers
service_name lazy { apache_platform_service_name }
supports restart: true, status: true, reload: true
action :nothing
end
node.normal['apache']['listen'] = apache2_listen.uniq
# Finds and appends the listen port to the apache2_install[openstack]
# resource which is defined in openstack-identity::server-apache.
apache_resource = find_resource(:apache2_install, 'openstack')
include_recipe 'apache2'
include_recipe 'apache2::mod_headers'
# TODO(jh): recipe is hardcoded to include py2 mod-wsgi package
case node['platform_family']
when 'debian'
package 'libapache2-mod-wsgi-py3'
apache_module 'wsgi'
when 'rhel'
include_recipe 'apache2::mod_wsgi'
apache_port =
if node['openstack']['dashboard']['use_ssl']
["#{http_bind_address}:#{http_bind['port']}", "#{https_bind_address}:#{https_bind['port']}"]
else
"#{http_bind_address}:#{http_bind['port']}"
end
if apache_resource
apache_resource.listen = [apache_resource.listen, apache_port].flatten
else
apache2_install 'openstack' do
listen apache_port
end
end
include_recipe 'apache2::mod_rewrite'
include_recipe 'apache2::mod_ssl' if node['openstack']['dashboard']['use_ssl']
apache2_module 'wsgi'
apache2_module 'rewrite'
apache2_module 'headers'
apache2_module 'ssl' if node['openstack']['dashboard']['use_ssl']
# delete the openstack-dashboard.conf before reload apache2 service on redhat and centos
# since this file is not valid on those platforms for the apache2 service.
file "#{node['apache']['dir']}/conf.d/openstack-dashboard.conf" do
file "#{apache_dir}/conf.d/openstack-dashboard.conf" do
action :delete
backup false
only_if { platform_family?('rhel') } # :pragma-foodcritic: ~FC024 - won't fix this
@ -107,7 +101,6 @@ if node['openstack']['dashboard']['use_ssl'] &&
mode cert_mode
owner cert_owner
group cert_group
notifies :run, 'execute[restore-selinux-context]', :immediately
end
end
@ -121,7 +114,6 @@ if node['openstack']['dashboard']['use_ssl'] &&
mode cert_mode
owner cert_owner
group cert_group
notifies :run, 'execute[restore-selinux-context]', :immediately
end
end
@ -134,7 +126,6 @@ if node['openstack']['dashboard']['use_ssl'] &&
mode key_mode
owner key_owner
group key_group
notifies :run, 'execute[restore-selinux-context]', :immediately
end
end
@ -160,13 +151,12 @@ directory "#{node['openstack']['dashboard']['dash_path']}/.blackhole" do
action :create
end
template node['openstack']['dashboard']['apache']['sites-path'] do
template "#{apache_dir}/sites-available/openstack-dashboard.conf" do
extend Apache2::Cookbook::Helpers
source 'dash-site.erb'
owner 'root'
group node['apache']['root_group']
mode 0o0644
variables(
apache_admin: node['openstack']['dashboard']['server_admin'],
log_dir: default_log_dir,
ssl_cert_file: ssl_cert_file.to_s,
ssl_key_file: ssl_key_file.to_s,
ssl_chain_file: ssl_chain_file.to_s,
@ -175,34 +165,20 @@ template node['openstack']['dashboard']['apache']['sites-path'] do
https_bind_address: https_bind_address,
https_bind_port: https_bind['port'].to_i
)
notifies :run, 'execute[restore-selinux-context]', :immediately
notifies :reload, 'service[apache2]', :immediately
end
# The `apache_site` provided by the apache2 cookbook
# is not an LWRP. Guards do not apply to definitions.
# http://tickets.opscode.com/browse/CHEF-778
case node['platform_family']
when 'debian'
apache_site '000-default' do
enable false
apache2_site '000-default' do
action :disable
end
when 'rhel'
apache_site 'default' do
enable false
notifies :run, 'execute[restore-selinux-context]', :immediately
apache2_site 'default' do
action :disable
end
end
apache_site 'openstack-dashboard' do
enable true
notifies :run, 'execute[restore-selinux-context]', :immediately
apache2_site 'openstack-dashboard' do
notifies :reload, 'service[apache2]', :immediately
end
execute 'restore-selinux-context' do
command 'restorecon -Rv /etc/httpd /etc/pki; chcon -R -t httpd_sys_content_t /usr/share/openstack-dashboard /var/www/html || :'
action :nothing
only_if { platform_family?('fedora') }
end

1
recipes/neutron-lbaas-dashboard.rb
View File

@ -25,7 +25,6 @@ when 'rhel'
python_package 'neutron-lbaas-dashboard' do
version node['openstack']['dashboard']['lbaas']['version']
notifies :run, 'execute[restore-selinux-context]', :immediately
notifies :run, 'execute[openstack-dashboard collectstatic]'
end

17
spec/apache2-server-redhat_spec.rb
View File

@ -11,12 +11,6 @@ describe 'openstack-dashboard::apache2-server' do
include_context 'dashboard_stubs'
include_context 'redhat_stubs'
it 'executes set-selinux-permissive' do
cmd = '/sbin/setenforce Permissive'
expect(chef_run).to run_execute(cmd)
end
describe 'certs' do
describe 'get secret' do
let(:pem) { chef_run.file('/etc/pki/tls/certs/horizon.pem') }
@ -33,8 +27,6 @@ describe 'openstack-dashboard::apache2-server' do
group: 'root',
mode: 0o640
)
expect(pem).to notify('execute[restore-selinux-context]').to(:run)
expect(key).to notify('execute[restore-selinux-context]').to(:run)
end
context 'does not mess with certs if ssl not enabled' do
@ -51,14 +43,15 @@ describe 'openstack-dashboard::apache2-server' do
end
it 'deletes openstack-dashboard.conf' do
file = '/etc/httpd/conf.d/openstack-dashboard.conf'
expect(chef_run).to delete_file(file)
end
it 'does not execute restore-selinux-context' do
cmd = 'restorecon -Rv /etc/httpd /etc/pki; chcon -R -t httpd_sys_content_t /usr/share/openstack-dashboard || :'
it do
expect(chef_run).to_not disable_apache2_site('000-default')
end
expect(chef_run).not_to run_execute(cmd)
it do
expect(chef_run).to disable_apache2_site('default')
end
it 'sets the WSGI daemon user to attribute default' do

111
spec/apache2-server_spec.rb
View File

@ -56,8 +56,6 @@ describe 'openstack-dashboard::apache2-server' do
cached(:chef_run) do
node.override['openstack']['dashboard']['custom_template_banner'] = 'custom_template_banner_value'
node.override['openstack']['dashboard']['traceenable'] = 'value'
node.override['apache']['log_dir'] = 'log_dir_value'
node.override['apache']['contact'] = 'apache_contact_value'
node.override['openstack']['dashboard']['error_log'] = 'error_log_value'
node.override['openstack']['dashboard']['access_log'] = 'access_log_value'
runner.converge(described_recipe)
@ -77,33 +75,18 @@ describe 'openstack-dashboard::apache2-server' do
include_context 'non_redhat_stubs'
include_context 'dashboard_stubs'
it 'does not execute set-selinux-permissive' do
cmd = '/sbin/setenforce Permissive'
expect(chef_run).not_to run_execute(cmd)
it do
expect(chef_run).to install_apache2_install('openstack').with(listen: %w(0.0.0.0:80 0.0.0.0:443))
end
it 'set apache addresses and ports' do
expect(chef_run.node['apache']['listen']).to eq %w(0.0.0.0:80 0.0.0.0:443)
end
it 'includes apache packages' do
%w(
apache2
apache2::mod_headers
apache2::mod_rewrite
apache2::mod_ssl
).each do |recipe|
expect(chef_run).to include_recipe(recipe)
end
it 'enables apache modules' do
expect(chef_run).to enable_apache2_module('wsgi')
expect(chef_run).to enable_apache2_module('rewrite')
expect(chef_run).to enable_apache2_module('headers')
end
it 'does not include the apache mod_ssl package when ssl disabled' do
expect(chef_run_no_ssl).not_to include_recipe('apache2::mod_ssl')
end
it 'does not execute set-selinux-enforcing' do
cmd = '/sbin/setenforce Enforcing ; restorecon -R /etc/httpd'
expect(chef_run).not_to run_execute(cmd)
expect(chef_run_no_ssl).not_to enable_apache2_module('ssl')
end
describe 'certs' do
@ -124,8 +107,6 @@ describe 'openstack-dashboard::apache2-server' do
group: 'ssl-cert',
mode: 0o640
)
expect(pem).to notify('execute[restore-selinux-context]').to(:run)
expect(key).to notify('execute[restore-selinux-context]').to(:run)
end
end
describe 'set ssl chain' do
@ -138,7 +119,6 @@ describe 'openstack-dashboard::apache2-server' do
group: 'root',
mode: 0o644
)
expect(chain).to notify('execute[restore-selinux-context]').to(:run)
end
end
describe 'get secret with only one pem' do
@ -169,7 +149,6 @@ describe 'openstack-dashboard::apache2-server' do
group: 'ssl-cert',
mode: 0o640
)
expect(key).to notify('execute[restore-selinux-context]').to(:run)
end
it 'does not mess with certs if ssl not enabled' do
@ -217,8 +196,6 @@ describe 'openstack-dashboard::apache2-server' do
group: 'ssl-cert',
mode: 0o640
)
expect(key).to notify('execute[restore-selinux-context]').to(:run)
expect(pem).to notify('execute[restore-selinux-context]').to(:run)
end
describe 'set ssl chain' do
let(:chain) { chef_run.file('/etc/anypath/any-chain.pem') }
@ -229,7 +206,6 @@ describe 'openstack-dashboard::apache2-server' do
group: 'root',
mode: 0o644
)
expect(chain).to notify('execute[restore-selinux-context]').to(:run)
end
end
it 'does not mess with certs if ssl not enabled' do
@ -262,13 +238,27 @@ describe 'openstack-dashboard::apache2-server' do
let(:file) { chef_run.template('/etc/apache2/sites-available/openstack-dashboard.conf') }
it 'creates openstack-dashboard.conf' do
expect(chef_run).to create_template(file.name).with(
user: 'root',
group: 'root',
mode: 0o644
expect(chef_run).to create_template('/etc/apache2/sites-available/openstack-dashboard.conf').with(
source: 'dash-site.erb',
variables: {
apache_admin: 'root@localhost',
http_bind_address: '0.0.0.0',
http_bind_port: 80,
https_bind_address: '0.0.0.0',
https_bind_port: 443,
log_dir: '/var/log/apache2',
ssl_cert_file: '/etc/ssl/certs/horizon.pem',
ssl_chain_file: '',
ssl_key_file: '/etc/ssl/private/horizon.key',
}
)
end
it do
expect(chef_run.template('/etc/apache2/sites-available/openstack-dashboard.conf')).to \
notify('service[apache2]').to(:reload).immediately
end
describe 'template content' do
let(:rewrite_ssl_directive) { /^\s*RewriteEngine On\s*RewriteCond \%\{HTTPS\} off$/ }
let(:default_rewrite_rule) { %r(^\s*RewriteRule \^\(\.\*\)\$ https\://%\{HTTP_HOST\}%\{REQUEST_URI\} \[L,R\]$) }
@ -462,7 +452,7 @@ describe 'openstack-dashboard::apache2-server' do
end
it 'shows the ServerAdmin' do
expect(chef_run).to render_file(file.name).with_content(/\s*ServerAdmin apache_contact_value$/)
expect(chef_run).to render_file(file.name).with_content(/\s*ServerAdmin root@localhost$/)
end
it 'sets the WSGI script alias defaults' do
@ -539,17 +529,6 @@ describe 'openstack-dashboard::apache2-server' do
end
end
describe 'log directives' do
it 'sets the ErrorLog directive' do
expect(chef_run).to render_file(file.name).with_content(%r{^\s*ErrorLog log_dir_value/error_log_value$})
end
it 'sets the CustomLog directive' do
expect(chef_run).to render_file(file.name)
.with_content(%r{^\s*CustomLog log_dir_value/access_log_value combined$})
end
end
context 'sets wsgi socket prefix if wsgi_socket_prefix attribute is preset' do
cached(:chef_run) do
node.override['openstack']['dashboard']['wsgi_socket_prefix'] = '/var/run/wsgi'
@ -564,10 +543,6 @@ describe 'openstack-dashboard::apache2-server' do
expect(chef_run).not_to render_file(file.name).with_content(/^WSGISocketPrefix $/)
end
end
it 'notifies restore-selinux-context' do
expect(file).to notify('execute[restore-selinux-context]').to(:run)
end
end
describe 'secret_key_path file' do
@ -619,38 +594,20 @@ describe 'openstack-dashboard::apache2-server' do
expect(chef_run).not_to delete_file(file)
end
it 'calls apache_site to disable 000-default virtualhost' do
resource = chef_run.find_resource('execute',
'a2dissite 000-default.conf').to_hash
expect(resource).to include(
action: [:run],
params: {
enable: false,
name: '000-default',
}
)
it do
expect(chef_run).to disable_apache2_site('000-default')
end
it 'calls apache_site to enable openstack-dashboard virtualhost' do
resource = chef_run.find_resource('execute',
'a2ensite openstack-dashboard.conf').to_hash
expect(resource).to include(
action: [:run],
params: {
enable: true,
notifies: [:reload, 'service[apache2]', :immediately],
name: 'openstack-dashboard',
}
)
it do
expect(chef_run).to_not disable_apache2_site('default')
end
it 'notifies apache2 restart' do
skip 'TODO: how to test when tied to an LWRP'
it do
expect(chef_run).to enable_apache2_site('openstack-dashboard')
end
it 'does not execute restore-selinux-context' do
cmd = 'restorecon -Rv /etc/httpd /etc/pki; chcon -R -t httpd_sys_content_t /usr/share/openstack-dashboard || :'
expect(chef_run).not_to run_execute(cmd)
it do
expect(chef_run.apache2_site('openstack-dashboard')).to notify('service[apache2]').to(:reload).immediately
end
end
end

3
spec/horizon-redhat_spec.rb
View File

@ -6,7 +6,7 @@ describe 'openstack-dashboard::horizon' do
let(:runner) { ChefSpec::SoloRunner.new(REDHAT_OPTS) }
let(:node) { runner.node }
cached(:chef_run) do
runner.converge(described_recipe)
runner.converge('openstack-identity::server-apache', described_recipe)
end
include_context 'dashboard_stubs'
@ -14,6 +14,7 @@ describe 'openstack-dashboard::horizon' do
it 'installs packages' do
expect(chef_run).to upgrade_package('openstack-dashboard')
expect(chef_run).to upgrade_package('mod_wsgi')
expect(chef_run).to upgrade_package('MySQL-python')
end

38
spec/horizon_spec.rb
View File

@ -28,7 +28,7 @@ describe 'openstack-dashboard::horizon' do
'variable2' => 'value2',
},
}
runner.converge(described_recipe)
runner.converge('openstack-identity::server-apache', described_recipe)
end
cached(:chef_run2) do
@ -46,12 +46,12 @@ describe 'openstack-dashboard::horizon' do
node.override['openstack']['dashboard']['neutron']['enable_lb'] = true
node.override['openstack']['dashboard']['plugins'] = %w(testPlugin1 testPlugin2)
node.override['openstack']['db']['dashboard']['migrate'] = false
runner.converge(described_recipe)
runner.converge('openstack-identity::server-apache', described_recipe)
end
cached(:chef_run_sql) do
node.override['openstack']['dashboard']['session_backend'] = 'sql'
runner.converge(described_recipe)
runner.converge('openstack-identity::server-apache', described_recipe)
end
include_context 'non_redhat_stubs'
@ -136,7 +136,7 @@ describe 'openstack-dashboard::horizon' do
cached(:chef_run) do
node.override['openstack']['dashboard']['use_ssl'] = true
node.override['openstack']['dashboard']['ssl_no_verify'] = 'False'
runner.converge(described_recipe)
runner.converge('openstack-identity::server-apache', described_recipe)
end
it 'has a False value for the OPENSTACK_SSL_NO_VERIFY attribute' do
expect(chef_run).to render_file(file.name).with_content(/^OPENSTACK_SSL_NO_VERIFY = False$/)
@ -200,7 +200,7 @@ describe 'openstack-dashboard::horizon' do
cached(:chef_run) do
node.override['openstack']['dashboard']['csrf_cookie_secure'] = false
node.override['openstack']['dashboard']['session_cookie_secure'] = false
runner.converge(described_recipe)
runner.converge('openstack-identity::server-apache', described_recipe)
end
it do
expect(chef_run).to render_file(file.name).with_content(/^CSRF_COOKIE_SECURE = False$/)
@ -321,16 +321,14 @@ describe 'openstack-dashboard::horizon' do
end
end
[nil, []].each do |empty_value|
context 'without memcache servers' do
cached(:chef_run) do
allow_any_instance_of(Chef::Recipe).to receive(:memcached_servers).and_return(empty_value)
runner.converge(described_recipe)
end
it "does not configure caching when backend == memcache and #{empty_value} provided as memcache servers" do
expect(chef_run).to_not render_file(file.name)
.with_content(/^\s*'LOCATION': \[\s*'hostA:port',\s*'hostB:port',\s*\]$/)
end
context 'without memcache servers' do
cached(:chef_run) do
allow_any_instance_of(Chef::Recipe).to receive(:memcached_servers).and_return([])
runner.converge('openstack-identity::server-apache', described_recipe)
end
it 'does not configure caching when backend == memcache and memcached_servers == []' do
expect(chef_run).to_not render_file(file.name)
.with_content(/^\s*'LOCATION': \[\s*'hostA:port',\s*'hostB:port',\s*\]$/)
end
end
end
@ -365,7 +363,7 @@ describe 'openstack-dashboard::horizon' do
keystone_settings.each do |keystone_setting|
node.override['openstack']['dashboard']['keystone_backend'][keystone_setting] = true
end
runner.converge(described_recipe)
runner.converge('openstack-identity::server-apache', described_recipe)
end
keystone_settings.each do |keystone_setting|
it do
@ -379,7 +377,7 @@ describe 'openstack-dashboard::horizon' do
keystone_settings.each do |keystone_setting|
node.override['openstack']['dashboard']['keystone_backend'][keystone_setting] = false
end
runner.converge(described_recipe)
runner.converge('openstack-identity::server-apache', described_recipe)
end
keystone_settings.each do |keystone_setting|
it do
@ -428,7 +426,7 @@ describe 'openstack-dashboard::horizon' do
components.each do |component|
node.override['openstack']['dashboard']['log_level'][component] = "#{component}_log_level_value"
end
runner.converge(described_recipe)
runner.converge('openstack-identity::server-apache', described_recipe)
end
components.each do |component|
it do
@ -447,7 +445,7 @@ describe 'openstack-dashboard::horizon' do
cached(:chef_run) do
node.override['openstack']['db']['dashboard']['username'] = "#{service_type}_user"
node.override['openstack']['db']['python_packages'][service_type] = ['pkg1', 'pkg2']
runner.converge(described_recipe)
runner.converge('openstack-identity::server-apache', described_recipe)
end
before do
allow_any_instance_of(Chef::Recipe).to receive(:db)
@ -539,7 +537,7 @@ describe 'openstack-dashboard::horizon' do
context 'executes when database backend is sqlite' do
cached(:chef_run) do
node.override['openstack']['db']['dashboard']['service_type'] = 'sqlite'
runner.converge(described_recipe)
runner.converge('openstack-identity::server-apache', described_recipe)
end
it do
expect(chef_run).to run_execute(sync_db_cmd).with(

2
spec/neutron-fwaas-dashboard_spec.rb
View File

@ -6,7 +6,7 @@ describe 'openstack-dashboard::neutron-fwaas-dashboard' do
cached(:runner) { ChefSpec::SoloRunner.new(UBUNTU_OPTS) }
cached(:node) { runner.node }
cached(:chef_run) do
runner.converge(described_recipe)
runner.converge('openstack-identity::server-apache', described_recipe)
end
include_context 'non_redhat_stubs'

2
spec/neutron-lbaas-dashboard_spec.rb
View File

@ -6,7 +6,7 @@ describe 'openstack-dashboard::neutron-lbaas-dashboard' do
cached(:runner) { ChefSpec::SoloRunner.new(UBUNTU_OPTS) }
cached(:node) { runner.node }
cached(:chef_run) do
runner.converge(described_recipe)
runner.converge('openstack-identity::server-apache', described_recipe)
end
include_context 'non_redhat_stubs'

36
spec/spec_helper.rb
View File

@ -39,6 +39,42 @@ shared_context 'dashboard_stubs' do
allow_any_instance_of(Chef::Recipe).to receive(:secret)
.with('certs', 'horizon.key')
.and_return('horizon_key_value')
# identity stubs
allow_any_instance_of(Chef::Recipe).to receive(:secret)
.with('secrets', 'credential_key0')
.and_return('thisiscredentialkey0')
allow_any_instance_of(Chef::Recipe).to receive(:secret)
.with('secrets', 'credential_key1')
.and_return('thisiscredentialkey1')
allow_any_instance_of(Chef::Recipe).to receive(:secret)
.with('secrets', 'fernet_key0')
.and_return('thisisfernetkey0')
allow_any_instance_of(Chef::Recipe).to receive(:secret)
.with('secrets', 'fernet_key1')
.and_return('thisisfernetkey1')
allow_any_instance_of(Chef::Recipe).to receive(:search_for)
.with('os-identity').and_return(
[{
'openstack' => {
'identity' => {
'admin_tenant_name' => 'admin',
'admin_user' => 'admin',
},
},
}]
)
allow_any_instance_of(Chef::Recipe).to receive(:rabbit_transport_url)
.with('identity')
.and_return('rabbit://openstack:mypass@127.0.0.1:5672')
allow_any_instance_of(Chef::Recipe).to receive(:get_password)
.with('user', anything)
.and_return('')
allow_any_instance_of(Chef::Recipe).to receive(:get_password)
.with('db', anything)
.and_return('test-passes')
allow_any_instance_of(Chef::Recipe).to receive(:db_uri)
.with(anything, anything, anything)
.and_return('')
end
end

10
templates/default/dash-site.erb
View File

@ -26,7 +26,7 @@
ServerAlias <%= node["openstack"]["dashboard"]["server_aliases"].join(" ") %>
<% end -%>
<% end %>
ServerAdmin <%= node["apache"]["contact"] %>
ServerAdmin <%= @apache_admin %>
# Note(jr): This is needed when SSL is used for the services, see
# https://bugs.launchpad.net/openstack-ansible/+bug/1624791/comments/17
WSGIApplicationGroup %{GLOBAL}
@ -53,8 +53,8 @@
AllowOverride None
Require all granted
</Directory>
<% if node["openstack"]["dashboard"]["use_ssl"] -%>
SSLEngine on
SSLCertificateFile <%= @ssl_cert_file %>
SSLCertificateKeyFile <%= @ssl_key_file %>
@ -72,9 +72,9 @@
RewriteCond /opt/dash/site_overlay%{REQUEST_FILENAME} -s
RewriteRule ^/(.+) /opt/dash/site_overlay/$1 [L]
ErrorLog <%= node["apache"]["log_dir"] %>/<%= node["openstack"]["dashboard"]["error_log"] %>
ErrorLog <%= @log_dir %>/<%= node["openstack"]["dashboard"]["error_log"] %>
LogLevel warn
CustomLog <%= node["apache"]["log_dir"] %>/<%= node["openstack"]["dashboard"]["access_log"] %> combined
CustomLog <%= @log_dir %>/<%= node["openstack"]["dashboard"]["access_log"] %> combined
TraceEnable <%= node['openstack']['dashboard']['traceenable'] %>
<% unless node["openstack"]["dashboard"]["cache_html"] %>
SetEnvIfExpr "req('accept') =~/html/" NO_CACHE
@ -82,7 +82,7 @@
Header merge Cache-Control no-store env=NO_CACHE
<% end -%>
</VirtualHost>
<% unless node["openstack"]["dashboard"]["wsgi_socket_prefix"].nil? %>
WSGISocketPrefix <%= node["openstack"]["dashboard"]["wsgi_socket_prefix"] %>
<% end %>