diff --git a/Berksfile b/Berksfile index 7059c10..0a71871 100644 --- a/Berksfile +++ b/Berksfile @@ -1,6 +1,18 @@ source 'https://supermarket.chef.io' -%w(client -common -identity).each do |cookbook| +solver :ruby, :required + +%w( + client + -common + -dns + -identity + -image + -integration-test + -network + -ops-database + -ops-messaging +).each do |cookbook| if Dir.exist?("../cookbook-openstack#{cookbook}") cookbook "openstack#{cookbook}", path: "../cookbook-openstack#{cookbook}" else diff --git a/README.rst b/README.rst index b957f7a..96a9cff 100644 --- a/README.rst +++ b/README.rst @@ -36,7 +36,7 @@ Cookbooks The following cookbooks are dependencies: -- 'apache2', '~> 5.0.1' +- 'apache2', '~> 8.0' - 'openstack-common', '>= 18.0.0' - 'openstack-identity', '>= 18.0.0' - 'poise-python' diff --git a/attributes/default.rb b/attributes/default.rb index 1ec4c6f..3a11f70 100644 --- a/attributes/default.rb +++ b/attributes/default.rb @@ -48,6 +48,7 @@ default['openstack']['dashboard']['keystone_default_role'] = 'member' default['openstack']['dashboard']['server_hostname'] = nil default['openstack']['dashboard']['server_aliases'] = [] +default['openstack']['dashboard']['server_admin'] = 'root@localhost' default['openstack']['dashboard']['use_ssl'] = true # When using a remote certificate and key, the names of the actual installed certificate # and key in the file system are determined by the following two attributes. @@ -70,15 +71,13 @@ default['openstack']['dashboard']['ssl']['use_data_bag'] = true # allows everything default['openstack']['dashboard']['allowed_hosts'] = ['*'] -default['openstack']['dashboard']['apache']['sites-path'] = "#{node['apache']['dir']}/openstack-dashboard.conf" - # Allow TRACE method # # Set to "extended" to also reflect the request body (only for testing and # diagnostic purposes). # # Set to one of: On | Off | extended -default['openstack']['dashboard']['traceenable'] = node['apache']['traceenable'] +default['openstack']['dashboard']['traceenable'] = 'Off' default['openstack']['dashboard']['secret_key_content'] = nil @@ -110,11 +109,10 @@ when 'rhel' default['openstack']['dashboard']['logout_url'] = "#{node['openstack']['dashboard']['webroot']}auth/logout/" default['openstack']['dashboard']['login_redirect_url'] = node['openstack']['dashboard']['webroot'] default['openstack']['dashboard']['platform'] = { - 'horizon_packages' => ['openstack-dashboard'], + 'horizon_packages' => ['openstack-dashboard', 'mod_wsgi'], 'memcache_python_packages' => ['python-memcached'], 'package_overrides' => '', } - default['openstack']['dashboard']['apache']['sites-path'] = "#{node['apache']['dir']}/sites-available/openstack-dashboard.conf" when 'debian' default['openstack']['dashboard']['key_group'] = 'ssl-cert' default['openstack']['dashboard']['horizon_user'] = 'horizon' @@ -133,8 +131,8 @@ when 'debian' 'memcache_python_packages' => ['python3-memcache'], 'package_overrides' => '', } - default['openstack']['dashboard']['platform']['horizon_packages'] = ['node-less', 'libapache2-mod-wsgi-py3', 'python3-django-horizon', 'openstack-dashboard'] - default['openstack']['dashboard']['apache']['sites-path'] = "#{node['apache']['dir']}/sites-available/openstack-dashboard.conf" + default['openstack']['dashboard']['platform']['horizon_packages'] = + ['node-less', 'libapache2-mod-wsgi-py3', 'python3-django-horizon', 'openstack-dashboard'] else default['openstack']['dashboard']['key_group'] = 'root' end diff --git a/metadata.rb b/metadata.rb index 5eef80c..18315ef 100644 --- a/metadata.rb +++ b/metadata.rb @@ -14,9 +14,9 @@ recipe 'neutron-lbaas-dashboard', 'Installs the python neutron-lbaas-dashboard p supports os end +depends 'apache2', '~> 8.0' depends 'openstack-common', '>= 18.0.0' depends 'openstack-identity', '>= 18.0.0' -depends 'apache2', '5.0.1' depends 'poise-python' issues_url 'https://launchpad.net/openstack-chef' diff --git a/recipes/apache2-server.rb b/recipes/apache2-server.rb index 8ed7bab..d8f6a00 100644 --- a/recipes/apache2-server.rb +++ b/recipes/apache2-server.rb @@ -26,19 +26,7 @@ require 'uri' class ::Chef::Recipe include ::Openstack -end - -# -# Workaround to install apache2 on a fedora machine with selinux set to enforcing -# TODO(breu): this should move to a subscription of the template from the apache2 recipe -# and it should simply be a restorecon on the configuration file(s) and not -# change the selinux mode -# -execute 'set-selinux-permissive' do - command '/sbin/setenforce Permissive' - action :run - - only_if "[ ! -e /etc/httpd/conf/httpd.conf ] && [ -e /etc/redhat-release ] && [ $(/sbin/sestatus | grep -c '^Current mode:.*enforcing') -eq 1 ]" + include Apache2::Cookbook::Helpers end http_bind = node['openstack']['bind_service']['dashboard_http'] @@ -46,37 +34,43 @@ http_bind_address = bind_address http_bind https_bind = node['openstack']['bind_service']['dashboard_https'] https_bind_address = bind_address https_bind -# This allows the apache2/templates/default/ports.conf.erb to setup the correct listeners. -# Need to convert from Chef::Node::ImmutableArray in order to be able to modify -apache2_listen = Array(node['apache']['listen']) -# Remove the default apache2 cookbook port, as that is also the default for horizon, but with -# a different address syntax. *:80 vs 0.0.0.0:80 -apache2_listen -= ['*:80'] - -apache2_listen += ["#{http_bind['host']}:#{http_bind['port']}"] -if node['openstack']['dashboard']['use_ssl'] - apache2_listen += ["#{https_bind['host']}:#{https_bind['port']}"] +# service['apache2'] is defined in the apache2_default_install resource +# but other resources are currently unable to reference it. To work +# around this issue, define the following helper in your cookbook: +service 'apache2' do + extend Apache2::Cookbook::Helpers + service_name lazy { apache_platform_service_name } + supports restart: true, status: true, reload: true + action :nothing end -node.normal['apache']['listen'] = apache2_listen.uniq +# Finds and appends the listen port to the apache2_install[openstack] +# resource which is defined in openstack-identity::server-apache. +apache_resource = find_resource(:apache2_install, 'openstack') -include_recipe 'apache2' -include_recipe 'apache2::mod_headers' -# TODO(jh): recipe is hardcoded to include py2 mod-wsgi package -case node['platform_family'] -when 'debian' - package 'libapache2-mod-wsgi-py3' - apache_module 'wsgi' -when 'rhel' - include_recipe 'apache2::mod_wsgi' +apache_port = + if node['openstack']['dashboard']['use_ssl'] + ["#{http_bind_address}:#{http_bind['port']}", "#{https_bind_address}:#{https_bind['port']}"] + else + "#{http_bind_address}:#{http_bind['port']}" + end + +if apache_resource + apache_resource.listen = [apache_resource.listen, apache_port].flatten +else + apache2_install 'openstack' do + listen apache_port + end end -include_recipe 'apache2::mod_rewrite' -include_recipe 'apache2::mod_ssl' if node['openstack']['dashboard']['use_ssl'] +apache2_module 'wsgi' +apache2_module 'rewrite' +apache2_module 'headers' +apache2_module 'ssl' if node['openstack']['dashboard']['use_ssl'] # delete the openstack-dashboard.conf before reload apache2 service on redhat and centos # since this file is not valid on those platforms for the apache2 service. -file "#{node['apache']['dir']}/conf.d/openstack-dashboard.conf" do +file "#{apache_dir}/conf.d/openstack-dashboard.conf" do action :delete backup false only_if { platform_family?('rhel') } # :pragma-foodcritic: ~FC024 - won't fix this @@ -107,7 +101,6 @@ if node['openstack']['dashboard']['use_ssl'] && mode cert_mode owner cert_owner group cert_group - notifies :run, 'execute[restore-selinux-context]', :immediately end end @@ -121,7 +114,6 @@ if node['openstack']['dashboard']['use_ssl'] && mode cert_mode owner cert_owner group cert_group - notifies :run, 'execute[restore-selinux-context]', :immediately end end @@ -134,7 +126,6 @@ if node['openstack']['dashboard']['use_ssl'] && mode key_mode owner key_owner group key_group - notifies :run, 'execute[restore-selinux-context]', :immediately end end @@ -160,13 +151,12 @@ directory "#{node['openstack']['dashboard']['dash_path']}/.blackhole" do action :create end -template node['openstack']['dashboard']['apache']['sites-path'] do +template "#{apache_dir}/sites-available/openstack-dashboard.conf" do + extend Apache2::Cookbook::Helpers source 'dash-site.erb' - owner 'root' - group node['apache']['root_group'] - mode 0o0644 - variables( + apache_admin: node['openstack']['dashboard']['server_admin'], + log_dir: default_log_dir, ssl_cert_file: ssl_cert_file.to_s, ssl_key_file: ssl_key_file.to_s, ssl_chain_file: ssl_chain_file.to_s, @@ -175,34 +165,20 @@ template node['openstack']['dashboard']['apache']['sites-path'] do https_bind_address: https_bind_address, https_bind_port: https_bind['port'].to_i ) - - notifies :run, 'execute[restore-selinux-context]', :immediately notifies :reload, 'service[apache2]', :immediately end -# The `apache_site` provided by the apache2 cookbook -# is not an LWRP. Guards do not apply to definitions. -# http://tickets.opscode.com/browse/CHEF-778 case node['platform_family'] when 'debian' - apache_site '000-default' do - enable false + apache2_site '000-default' do + action :disable end when 'rhel' - apache_site 'default' do - enable false - notifies :run, 'execute[restore-selinux-context]', :immediately + apache2_site 'default' do + action :disable end end -apache_site 'openstack-dashboard' do - enable true - notifies :run, 'execute[restore-selinux-context]', :immediately +apache2_site 'openstack-dashboard' do notifies :reload, 'service[apache2]', :immediately end - -execute 'restore-selinux-context' do - command 'restorecon -Rv /etc/httpd /etc/pki; chcon -R -t httpd_sys_content_t /usr/share/openstack-dashboard /var/www/html || :' - action :nothing - only_if { platform_family?('fedora') } -end diff --git a/recipes/neutron-lbaas-dashboard.rb b/recipes/neutron-lbaas-dashboard.rb index 4af7288..c4140f6 100644 --- a/recipes/neutron-lbaas-dashboard.rb +++ b/recipes/neutron-lbaas-dashboard.rb @@ -25,7 +25,6 @@ when 'rhel' python_package 'neutron-lbaas-dashboard' do version node['openstack']['dashboard']['lbaas']['version'] - notifies :run, 'execute[restore-selinux-context]', :immediately notifies :run, 'execute[openstack-dashboard collectstatic]' end diff --git a/spec/apache2-server-redhat_spec.rb b/spec/apache2-server-redhat_spec.rb index 5c11ee5..d497b22 100644 --- a/spec/apache2-server-redhat_spec.rb +++ b/spec/apache2-server-redhat_spec.rb @@ -11,12 +11,6 @@ describe 'openstack-dashboard::apache2-server' do include_context 'dashboard_stubs' include_context 'redhat_stubs' - it 'executes set-selinux-permissive' do - cmd = '/sbin/setenforce Permissive' - - expect(chef_run).to run_execute(cmd) - end - describe 'certs' do describe 'get secret' do let(:pem) { chef_run.file('/etc/pki/tls/certs/horizon.pem') } @@ -33,8 +27,6 @@ describe 'openstack-dashboard::apache2-server' do group: 'root', mode: 0o640 ) - expect(pem).to notify('execute[restore-selinux-context]').to(:run) - expect(key).to notify('execute[restore-selinux-context]').to(:run) end context 'does not mess with certs if ssl not enabled' do @@ -51,14 +43,15 @@ describe 'openstack-dashboard::apache2-server' do end it 'deletes openstack-dashboard.conf' do file = '/etc/httpd/conf.d/openstack-dashboard.conf' - expect(chef_run).to delete_file(file) end - it 'does not execute restore-selinux-context' do - cmd = 'restorecon -Rv /etc/httpd /etc/pki; chcon -R -t httpd_sys_content_t /usr/share/openstack-dashboard || :' + it do + expect(chef_run).to_not disable_apache2_site('000-default') + end - expect(chef_run).not_to run_execute(cmd) + it do + expect(chef_run).to disable_apache2_site('default') end it 'sets the WSGI daemon user to attribute default' do diff --git a/spec/apache2-server_spec.rb b/spec/apache2-server_spec.rb index ac4b23d..73fc475 100644 --- a/spec/apache2-server_spec.rb +++ b/spec/apache2-server_spec.rb @@ -56,8 +56,6 @@ describe 'openstack-dashboard::apache2-server' do cached(:chef_run) do node.override['openstack']['dashboard']['custom_template_banner'] = 'custom_template_banner_value' node.override['openstack']['dashboard']['traceenable'] = 'value' - node.override['apache']['log_dir'] = 'log_dir_value' - node.override['apache']['contact'] = 'apache_contact_value' node.override['openstack']['dashboard']['error_log'] = 'error_log_value' node.override['openstack']['dashboard']['access_log'] = 'access_log_value' runner.converge(described_recipe) @@ -77,33 +75,18 @@ describe 'openstack-dashboard::apache2-server' do include_context 'non_redhat_stubs' include_context 'dashboard_stubs' - it 'does not execute set-selinux-permissive' do - cmd = '/sbin/setenforce Permissive' - expect(chef_run).not_to run_execute(cmd) + it do + expect(chef_run).to install_apache2_install('openstack').with(listen: %w(0.0.0.0:80 0.0.0.0:443)) end - it 'set apache addresses and ports' do - expect(chef_run.node['apache']['listen']).to eq %w(0.0.0.0:80 0.0.0.0:443) - end - - it 'includes apache packages' do - %w( - apache2 - apache2::mod_headers - apache2::mod_rewrite - apache2::mod_ssl - ).each do |recipe| - expect(chef_run).to include_recipe(recipe) - end + it 'enables apache modules' do + expect(chef_run).to enable_apache2_module('wsgi') + expect(chef_run).to enable_apache2_module('rewrite') + expect(chef_run).to enable_apache2_module('headers') end it 'does not include the apache mod_ssl package when ssl disabled' do - expect(chef_run_no_ssl).not_to include_recipe('apache2::mod_ssl') - end - - it 'does not execute set-selinux-enforcing' do - cmd = '/sbin/setenforce Enforcing ; restorecon -R /etc/httpd' - expect(chef_run).not_to run_execute(cmd) + expect(chef_run_no_ssl).not_to enable_apache2_module('ssl') end describe 'certs' do @@ -124,8 +107,6 @@ describe 'openstack-dashboard::apache2-server' do group: 'ssl-cert', mode: 0o640 ) - expect(pem).to notify('execute[restore-selinux-context]').to(:run) - expect(key).to notify('execute[restore-selinux-context]').to(:run) end end describe 'set ssl chain' do @@ -138,7 +119,6 @@ describe 'openstack-dashboard::apache2-server' do group: 'root', mode: 0o644 ) - expect(chain).to notify('execute[restore-selinux-context]').to(:run) end end describe 'get secret with only one pem' do @@ -169,7 +149,6 @@ describe 'openstack-dashboard::apache2-server' do group: 'ssl-cert', mode: 0o640 ) - expect(key).to notify('execute[restore-selinux-context]').to(:run) end it 'does not mess with certs if ssl not enabled' do @@ -217,8 +196,6 @@ describe 'openstack-dashboard::apache2-server' do group: 'ssl-cert', mode: 0o640 ) - expect(key).to notify('execute[restore-selinux-context]').to(:run) - expect(pem).to notify('execute[restore-selinux-context]').to(:run) end describe 'set ssl chain' do let(:chain) { chef_run.file('/etc/anypath/any-chain.pem') } @@ -229,7 +206,6 @@ describe 'openstack-dashboard::apache2-server' do group: 'root', mode: 0o644 ) - expect(chain).to notify('execute[restore-selinux-context]').to(:run) end end it 'does not mess with certs if ssl not enabled' do @@ -262,13 +238,27 @@ describe 'openstack-dashboard::apache2-server' do let(:file) { chef_run.template('/etc/apache2/sites-available/openstack-dashboard.conf') } it 'creates openstack-dashboard.conf' do - expect(chef_run).to create_template(file.name).with( - user: 'root', - group: 'root', - mode: 0o644 + expect(chef_run).to create_template('/etc/apache2/sites-available/openstack-dashboard.conf').with( + source: 'dash-site.erb', + variables: { + apache_admin: 'root@localhost', + http_bind_address: '0.0.0.0', + http_bind_port: 80, + https_bind_address: '0.0.0.0', + https_bind_port: 443, + log_dir: '/var/log/apache2', + ssl_cert_file: '/etc/ssl/certs/horizon.pem', + ssl_chain_file: '', + ssl_key_file: '/etc/ssl/private/horizon.key', + } ) end + it do + expect(chef_run.template('/etc/apache2/sites-available/openstack-dashboard.conf')).to \ + notify('service[apache2]').to(:reload).immediately + end + describe 'template content' do let(:rewrite_ssl_directive) { /^\s*RewriteEngine On\s*RewriteCond \%\{HTTPS\} off$/ } let(:default_rewrite_rule) { %r(^\s*RewriteRule \^\(\.\*\)\$ https\://%\{HTTP_HOST\}%\{REQUEST_URI\} \[L,R\]$) } @@ -462,7 +452,7 @@ describe 'openstack-dashboard::apache2-server' do end it 'shows the ServerAdmin' do - expect(chef_run).to render_file(file.name).with_content(/\s*ServerAdmin apache_contact_value$/) + expect(chef_run).to render_file(file.name).with_content(/\s*ServerAdmin root@localhost$/) end it 'sets the WSGI script alias defaults' do @@ -539,17 +529,6 @@ describe 'openstack-dashboard::apache2-server' do end end - describe 'log directives' do - it 'sets the ErrorLog directive' do - expect(chef_run).to render_file(file.name).with_content(%r{^\s*ErrorLog log_dir_value/error_log_value$}) - end - - it 'sets the CustomLog directive' do - expect(chef_run).to render_file(file.name) - .with_content(%r{^\s*CustomLog log_dir_value/access_log_value combined$}) - end - end - context 'sets wsgi socket prefix if wsgi_socket_prefix attribute is preset' do cached(:chef_run) do node.override['openstack']['dashboard']['wsgi_socket_prefix'] = '/var/run/wsgi' @@ -564,10 +543,6 @@ describe 'openstack-dashboard::apache2-server' do expect(chef_run).not_to render_file(file.name).with_content(/^WSGISocketPrefix $/) end end - - it 'notifies restore-selinux-context' do - expect(file).to notify('execute[restore-selinux-context]').to(:run) - end end describe 'secret_key_path file' do @@ -619,38 +594,20 @@ describe 'openstack-dashboard::apache2-server' do expect(chef_run).not_to delete_file(file) end - it 'calls apache_site to disable 000-default virtualhost' do - resource = chef_run.find_resource('execute', - 'a2dissite 000-default.conf').to_hash - expect(resource).to include( - action: [:run], - params: { - enable: false, - name: '000-default', - } - ) + it do + expect(chef_run).to disable_apache2_site('000-default') end - it 'calls apache_site to enable openstack-dashboard virtualhost' do - resource = chef_run.find_resource('execute', - 'a2ensite openstack-dashboard.conf').to_hash - expect(resource).to include( - action: [:run], - params: { - enable: true, - notifies: [:reload, 'service[apache2]', :immediately], - name: 'openstack-dashboard', - } - ) + it do + expect(chef_run).to_not disable_apache2_site('default') end - it 'notifies apache2 restart' do - skip 'TODO: how to test when tied to an LWRP' + it do + expect(chef_run).to enable_apache2_site('openstack-dashboard') end - it 'does not execute restore-selinux-context' do - cmd = 'restorecon -Rv /etc/httpd /etc/pki; chcon -R -t httpd_sys_content_t /usr/share/openstack-dashboard || :' - expect(chef_run).not_to run_execute(cmd) + it do + expect(chef_run.apache2_site('openstack-dashboard')).to notify('service[apache2]').to(:reload).immediately end end end diff --git a/spec/horizon-redhat_spec.rb b/spec/horizon-redhat_spec.rb index 1142ab5..1ce549f 100644 --- a/spec/horizon-redhat_spec.rb +++ b/spec/horizon-redhat_spec.rb @@ -6,7 +6,7 @@ describe 'openstack-dashboard::horizon' do let(:runner) { ChefSpec::SoloRunner.new(REDHAT_OPTS) } let(:node) { runner.node } cached(:chef_run) do - runner.converge(described_recipe) + runner.converge('openstack-identity::server-apache', described_recipe) end include_context 'dashboard_stubs' @@ -14,6 +14,7 @@ describe 'openstack-dashboard::horizon' do it 'installs packages' do expect(chef_run).to upgrade_package('openstack-dashboard') + expect(chef_run).to upgrade_package('mod_wsgi') expect(chef_run).to upgrade_package('MySQL-python') end diff --git a/spec/horizon_spec.rb b/spec/horizon_spec.rb index 7180e57..c22a96c 100644 --- a/spec/horizon_spec.rb +++ b/spec/horizon_spec.rb @@ -28,7 +28,7 @@ describe 'openstack-dashboard::horizon' do 'variable2' => 'value2', }, } - runner.converge(described_recipe) + runner.converge('openstack-identity::server-apache', described_recipe) end cached(:chef_run2) do @@ -46,12 +46,12 @@ describe 'openstack-dashboard::horizon' do node.override['openstack']['dashboard']['neutron']['enable_lb'] = true node.override['openstack']['dashboard']['plugins'] = %w(testPlugin1 testPlugin2) node.override['openstack']['db']['dashboard']['migrate'] = false - runner.converge(described_recipe) + runner.converge('openstack-identity::server-apache', described_recipe) end cached(:chef_run_sql) do node.override['openstack']['dashboard']['session_backend'] = 'sql' - runner.converge(described_recipe) + runner.converge('openstack-identity::server-apache', described_recipe) end include_context 'non_redhat_stubs' @@ -136,7 +136,7 @@ describe 'openstack-dashboard::horizon' do cached(:chef_run) do node.override['openstack']['dashboard']['use_ssl'] = true node.override['openstack']['dashboard']['ssl_no_verify'] = 'False' - runner.converge(described_recipe) + runner.converge('openstack-identity::server-apache', described_recipe) end it 'has a False value for the OPENSTACK_SSL_NO_VERIFY attribute' do expect(chef_run).to render_file(file.name).with_content(/^OPENSTACK_SSL_NO_VERIFY = False$/) @@ -200,7 +200,7 @@ describe 'openstack-dashboard::horizon' do cached(:chef_run) do node.override['openstack']['dashboard']['csrf_cookie_secure'] = false node.override['openstack']['dashboard']['session_cookie_secure'] = false - runner.converge(described_recipe) + runner.converge('openstack-identity::server-apache', described_recipe) end it do expect(chef_run).to render_file(file.name).with_content(/^CSRF_COOKIE_SECURE = False$/) @@ -321,16 +321,14 @@ describe 'openstack-dashboard::horizon' do end end - [nil, []].each do |empty_value| - context 'without memcache servers' do - cached(:chef_run) do - allow_any_instance_of(Chef::Recipe).to receive(:memcached_servers).and_return(empty_value) - runner.converge(described_recipe) - end - it "does not configure caching when backend == memcache and #{empty_value} provided as memcache servers" do - expect(chef_run).to_not render_file(file.name) - .with_content(/^\s*'LOCATION': \[\s*'hostA:port',\s*'hostB:port',\s*\]$/) - end + context 'without memcache servers' do + cached(:chef_run) do + allow_any_instance_of(Chef::Recipe).to receive(:memcached_servers).and_return([]) + runner.converge('openstack-identity::server-apache', described_recipe) + end + it 'does not configure caching when backend == memcache and memcached_servers == []' do + expect(chef_run).to_not render_file(file.name) + .with_content(/^\s*'LOCATION': \[\s*'hostA:port',\s*'hostB:port',\s*\]$/) end end end @@ -365,7 +363,7 @@ describe 'openstack-dashboard::horizon' do keystone_settings.each do |keystone_setting| node.override['openstack']['dashboard']['keystone_backend'][keystone_setting] = true end - runner.converge(described_recipe) + runner.converge('openstack-identity::server-apache', described_recipe) end keystone_settings.each do |keystone_setting| it do @@ -379,7 +377,7 @@ describe 'openstack-dashboard::horizon' do keystone_settings.each do |keystone_setting| node.override['openstack']['dashboard']['keystone_backend'][keystone_setting] = false end - runner.converge(described_recipe) + runner.converge('openstack-identity::server-apache', described_recipe) end keystone_settings.each do |keystone_setting| it do @@ -428,7 +426,7 @@ describe 'openstack-dashboard::horizon' do components.each do |component| node.override['openstack']['dashboard']['log_level'][component] = "#{component}_log_level_value" end - runner.converge(described_recipe) + runner.converge('openstack-identity::server-apache', described_recipe) end components.each do |component| it do @@ -447,7 +445,7 @@ describe 'openstack-dashboard::horizon' do cached(:chef_run) do node.override['openstack']['db']['dashboard']['username'] = "#{service_type}_user" node.override['openstack']['db']['python_packages'][service_type] = ['pkg1', 'pkg2'] - runner.converge(described_recipe) + runner.converge('openstack-identity::server-apache', described_recipe) end before do allow_any_instance_of(Chef::Recipe).to receive(:db) @@ -539,7 +537,7 @@ describe 'openstack-dashboard::horizon' do context 'executes when database backend is sqlite' do cached(:chef_run) do node.override['openstack']['db']['dashboard']['service_type'] = 'sqlite' - runner.converge(described_recipe) + runner.converge('openstack-identity::server-apache', described_recipe) end it do expect(chef_run).to run_execute(sync_db_cmd).with( diff --git a/spec/neutron-fwaas-dashboard_spec.rb b/spec/neutron-fwaas-dashboard_spec.rb index bed4e9d..b4886b2 100644 --- a/spec/neutron-fwaas-dashboard_spec.rb +++ b/spec/neutron-fwaas-dashboard_spec.rb @@ -6,7 +6,7 @@ describe 'openstack-dashboard::neutron-fwaas-dashboard' do cached(:runner) { ChefSpec::SoloRunner.new(UBUNTU_OPTS) } cached(:node) { runner.node } cached(:chef_run) do - runner.converge(described_recipe) + runner.converge('openstack-identity::server-apache', described_recipe) end include_context 'non_redhat_stubs' diff --git a/spec/neutron-lbaas-dashboard_spec.rb b/spec/neutron-lbaas-dashboard_spec.rb index 834c183..68e1e35 100644 --- a/spec/neutron-lbaas-dashboard_spec.rb +++ b/spec/neutron-lbaas-dashboard_spec.rb @@ -6,7 +6,7 @@ describe 'openstack-dashboard::neutron-lbaas-dashboard' do cached(:runner) { ChefSpec::SoloRunner.new(UBUNTU_OPTS) } cached(:node) { runner.node } cached(:chef_run) do - runner.converge(described_recipe) + runner.converge('openstack-identity::server-apache', described_recipe) end include_context 'non_redhat_stubs' diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index b71dba1..533a818 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -39,6 +39,42 @@ shared_context 'dashboard_stubs' do allow_any_instance_of(Chef::Recipe).to receive(:secret) .with('certs', 'horizon.key') .and_return('horizon_key_value') + # identity stubs + allow_any_instance_of(Chef::Recipe).to receive(:secret) + .with('secrets', 'credential_key0') + .and_return('thisiscredentialkey0') + allow_any_instance_of(Chef::Recipe).to receive(:secret) + .with('secrets', 'credential_key1') + .and_return('thisiscredentialkey1') + allow_any_instance_of(Chef::Recipe).to receive(:secret) + .with('secrets', 'fernet_key0') + .and_return('thisisfernetkey0') + allow_any_instance_of(Chef::Recipe).to receive(:secret) + .with('secrets', 'fernet_key1') + .and_return('thisisfernetkey1') + allow_any_instance_of(Chef::Recipe).to receive(:search_for) + .with('os-identity').and_return( + [{ + 'openstack' => { + 'identity' => { + 'admin_tenant_name' => 'admin', + 'admin_user' => 'admin', + }, + }, + }] + ) + allow_any_instance_of(Chef::Recipe).to receive(:rabbit_transport_url) + .with('identity') + .and_return('rabbit://openstack:mypass@127.0.0.1:5672') + allow_any_instance_of(Chef::Recipe).to receive(:get_password) + .with('user', anything) + .and_return('') + allow_any_instance_of(Chef::Recipe).to receive(:get_password) + .with('db', anything) + .and_return('test-passes') + allow_any_instance_of(Chef::Recipe).to receive(:db_uri) + .with(anything, anything, anything) + .and_return('') end end diff --git a/templates/default/dash-site.erb b/templates/default/dash-site.erb index 19a5926..bd60509 100644 --- a/templates/default/dash-site.erb +++ b/templates/default/dash-site.erb @@ -26,7 +26,7 @@ ServerAlias <%= node["openstack"]["dashboard"]["server_aliases"].join(" ") %> <% end -%> <% end %> - ServerAdmin <%= node["apache"]["contact"] %> + ServerAdmin <%= @apache_admin %> # Note(jr): This is needed when SSL is used for the services, see # https://bugs.launchpad.net/openstack-ansible/+bug/1624791/comments/17 WSGIApplicationGroup %{GLOBAL} @@ -53,8 +53,8 @@ AllowOverride None Require all granted - <% if node["openstack"]["dashboard"]["use_ssl"] -%> + SSLEngine on SSLCertificateFile <%= @ssl_cert_file %> SSLCertificateKeyFile <%= @ssl_key_file %> @@ -72,9 +72,9 @@ RewriteCond /opt/dash/site_overlay%{REQUEST_FILENAME} -s RewriteRule ^/(.+) /opt/dash/site_overlay/$1 [L] - ErrorLog <%= node["apache"]["log_dir"] %>/<%= node["openstack"]["dashboard"]["error_log"] %> + ErrorLog <%= @log_dir %>/<%= node["openstack"]["dashboard"]["error_log"] %> LogLevel warn - CustomLog <%= node["apache"]["log_dir"] %>/<%= node["openstack"]["dashboard"]["access_log"] %> combined + CustomLog <%= @log_dir %>/<%= node["openstack"]["dashboard"]["access_log"] %> combined TraceEnable <%= node['openstack']['dashboard']['traceenable'] %> <% unless node["openstack"]["dashboard"]["cache_html"] %> SetEnvIfExpr "req('accept') =~/html/" NO_CACHE @@ -82,7 +82,7 @@ Header merge Cache-Control no-store env=NO_CACHE <% end -%> - <% unless node["openstack"]["dashboard"]["wsgi_socket_prefix"].nil? %> + WSGISocketPrefix <%= node["openstack"]["dashboard"]["wsgi_socket_prefix"] %> <% end %>