Update default Debian paths for Buster and newer
Since version 10 (Buster) the package openstack-dashboard installs its files to different directories than it used to. With version 11 (Bullseye) just about to reach stable status, it might be time to update the defaults - for Debian proper anyway, since judging from the contents of relevant Ubuntu 21.04 packages that distro has decided to go their own way here. Note that this also changes the handling of some of the paths for RHEL - there used to be two hard-coded paths in the recipes/horizon.rb which still work under RHEL and Ubuntu but not under modern Debian, requiring a switch to attribute-defined paths. PS. The permission change on dash_state_dir is part of this too, since without o+x Apache complains access to /static/foo denied (filesystem path '/var/lib/openstack-dashboard/static') because search permissions are missing on a component of the path whenever any static dashboard content is to be retrieved. Signed-off-by: Marek Szuba <m.szuba@gsi.de> Change-Id: I345b4894f1243db77856303d97538914dc6cf9be
This commit is contained in:
parent
89a99bc955
commit
e2be8654b3
|
@ -98,12 +98,13 @@ when 'rhel'
|
|||
default['openstack']['dashboard']['key_group'] = 'root'
|
||||
default['openstack']['dashboard']['horizon_user'] = 'apache'
|
||||
default['openstack']['dashboard']['horizon_group'] = 'apache'
|
||||
default['openstack']['dashboard']['secret_key_path'] =
|
||||
'/usr/share/openstack-dashboard/openstack_dashboard/local/.secret_key_store'
|
||||
default['openstack']['dashboard']['django_path'] = '/usr/share/openstack-dashboard'
|
||||
default['openstack']['dashboard']['dash_path'] = "#{node['openstack']['dashboard']['django_path']}/openstack_dashboard"
|
||||
default['openstack']['dashboard']['dash_state_path'] = "#{node['openstack']['dashboard']['dash_path']}/local"
|
||||
default['openstack']['dashboard']['secret_key_path'] = "#{node['openstack']['dashboard']['dash_state_path']}/.secret_key_store"
|
||||
default['openstack']['dashboard']['ssl']['cert_dir'] = '/etc/pki/tls/certs/'
|
||||
default['openstack']['dashboard']['ssl']['key_dir'] = '/etc/pki/tls/private/'
|
||||
default['openstack']['dashboard']['local_settings_path'] = '/etc/openstack-dashboard/local_settings'
|
||||
default['openstack']['dashboard']['django_path'] = '/usr/share/openstack-dashboard'
|
||||
default['openstack']['dashboard']['static_path'] = '/usr/share/openstack-dashboard/static'
|
||||
default['openstack']['dashboard']['policy_files_path'] = '/etc/openstack-dashboard'
|
||||
default['openstack']['dashboard']['login_url'] = "#{node['openstack']['dashboard']['webroot']}auth/login/"
|
||||
|
@ -118,13 +119,10 @@ when 'debian'
|
|||
default['openstack']['dashboard']['key_group'] = 'ssl-cert'
|
||||
default['openstack']['dashboard']['horizon_user'] = 'horizon'
|
||||
default['openstack']['dashboard']['horizon_group'] = 'horizon'
|
||||
default['openstack']['dashboard']['secret_key_path'] = '/var/lib/openstack-dashboard/secret_key'
|
||||
default['openstack']['dashboard']['django_path'] = '/usr/share/openstack-dashboard'
|
||||
default['openstack']['dashboard']['ssl']['cert_dir'] = '/etc/ssl/certs/'
|
||||
default['openstack']['dashboard']['ssl']['key_dir'] = '/etc/ssl/private/'
|
||||
default['openstack']['dashboard']['local_settings_path'] = '/etc/openstack-dashboard/local_settings.py'
|
||||
default['openstack']['dashboard']['django_path'] = '/usr/share/openstack-dashboard'
|
||||
default['openstack']['dashboard']['static_path'] = '/var/lib/openstack-dashboard/static'
|
||||
default['openstack']['dashboard']['policy_files_path'] = '/usr/share/openstack-dashboard/openstack_dashboard/conf'
|
||||
default['openstack']['dashboard']['login_url'] = nil
|
||||
default['openstack']['dashboard']['logout_url'] = nil
|
||||
default['openstack']['dashboard']['login_redirect_url'] = nil
|
||||
|
@ -139,11 +137,24 @@ when 'debian'
|
|||
python3-django-horizon
|
||||
openstack-dashboard
|
||||
)
|
||||
case node['platform']
|
||||
when 'ubuntu'
|
||||
default['openstack']['dashboard']['dash_path'] = "#{node['openstack']['dashboard']['django_path']}/openstack_dashboard"
|
||||
default['openstack']['dashboard']['dash_state_path'] = "#{node['openstack']['dashboard']['dash_path']}/local"
|
||||
default['openstack']['dashboard']['secret_key_path'] = '/var/lib/openstack-dashboard/secret_key'
|
||||
default['openstack']['dashboard']['static_path'] = '/var/lib/openstack-dashboard/static'
|
||||
default['openstack']['dashboard']['policy_files_path'] = '/usr/share/openstack-dashboard/openstack_dashboard/conf'
|
||||
else
|
||||
default['openstack']['dashboard']['dash_path'] = node['openstack']['dashboard']['django_path']
|
||||
default['openstack']['dashboard']['dash_state_path'] = '/var/lib/openstack-dashboard'
|
||||
default['openstack']['dashboard']['secret_key_path'] = "#{node['openstack']['dashboard']['dash_state_path']}/secret_key"
|
||||
default['openstack']['dashboard']['static_path'] = "#{node['openstack']['dashboard']['dash_state_path']}/static"
|
||||
default['openstack']['dashboard']['policy_files_path'] = '/etc/openstack-dashboard/policy'
|
||||
end
|
||||
else
|
||||
default['openstack']['dashboard']['key_group'] = 'root'
|
||||
end
|
||||
|
||||
default['openstack']['dashboard']['dash_path'] = "#{node['openstack']['dashboard']['django_path']}/openstack_dashboard"
|
||||
default['openstack']['dashboard']['wsgi_path'] = node['openstack']['dashboard']['dash_path'] + '/wsgi.py'
|
||||
default['openstack']['dashboard']['wsgi_socket_prefix'] = nil
|
||||
default['openstack']['dashboard']['session_backend'] = 'memcached'
|
||||
|
|
|
@ -93,10 +93,10 @@ execute 'openstack-dashboard syncdb' do
|
|||
end
|
||||
end
|
||||
|
||||
directory "#{node['openstack']['dashboard']['dash_path']}/local" do
|
||||
directory node['openstack']['dashboard']['dash_state_path'] do
|
||||
owner 'root'
|
||||
group node['openstack']['dashboard']['horizon_group']
|
||||
mode '2770'
|
||||
mode '2771'
|
||||
end
|
||||
|
||||
# resource can be triggered from other recipes (e.g. in
|
||||
|
@ -110,12 +110,7 @@ end
|
|||
|
||||
# workaround for
|
||||
# https://bugs.launchpad.net/openstack-chef/+bug/1496158
|
||||
secret_file =
|
||||
::File.join(node['openstack']['dashboard']['django_path'],
|
||||
'openstack_dashboard',
|
||||
'local',
|
||||
'.secret_key_store')
|
||||
|
||||
secret_file = node['openstack']['dashboard']['secret_key_path']
|
||||
file secret_file do
|
||||
owner node['openstack']['dashboard']['horizon_user']
|
||||
group node['openstack']['dashboard']['horizon_user']
|
||||
|
|
|
@ -10,6 +10,12 @@ describe 'openstack-dashboard::apache2-server' do
|
|||
include_context 'dashboard_stubs'
|
||||
include_context 'redhat_stubs'
|
||||
|
||||
it 'creates .blackhole dir with proper owner' do
|
||||
dir = '/usr/share/openstack-dashboard/openstack_dashboard/.blackhole'
|
||||
|
||||
expect(chef_run.directory(dir).owner).to eq('root')
|
||||
end
|
||||
|
||||
describe 'certs' do
|
||||
describe 'get secret' do
|
||||
let(:pem) { chef_run.file('/etc/pki/tls/certs/horizon.pem') }
|
||||
|
@ -53,6 +59,12 @@ describe 'openstack-dashboard::apache2-server' do
|
|||
expect(chef_run).to disable_apache2_site('default')
|
||||
end
|
||||
|
||||
it 'sets the WSGI script alias defaults' do
|
||||
file = chef_run.template('/etc/httpd/sites-available/openstack-dashboard.conf')
|
||||
expect(chef_run).to render_file(file.name)
|
||||
.with_content(%r{^\s*WSGIScriptAlias / /usr/share/openstack-dashboard/openstack_dashboard/wsgi.py$})
|
||||
end
|
||||
|
||||
it 'sets the WSGI daemon user to attribute default' do
|
||||
file = chef_run.template('/etc/httpd/sites-available/openstack-dashboard.conf')
|
||||
expect(chef_run).to render_file(file.name).with_content('WSGIDaemonProcess dashboard user=apache')
|
||||
|
|
|
@ -228,7 +228,7 @@ describe 'openstack-dashboard::apache2-server' do
|
|||
end
|
||||
|
||||
it 'creates .blackhole dir with proper owner' do
|
||||
dir = '/usr/share/openstack-dashboard/openstack_dashboard/.blackhole'
|
||||
dir = '/usr/share/openstack-dashboard/.blackhole'
|
||||
|
||||
expect(chef_run.directory(dir).owner).to eq('root')
|
||||
end
|
||||
|
@ -456,7 +456,7 @@ describe 'openstack-dashboard::apache2-server' do
|
|||
|
||||
it 'sets the WSGI script alias defaults' do
|
||||
expect(chef_run).to render_file(file.name)
|
||||
.with_content(%r{^\s*WSGIScriptAlias / /usr/share/openstack-dashboard/openstack_dashboard/wsgi.py$})
|
||||
.with_content(%r{^\s*WSGIScriptAlias / /usr/share/openstack-dashboard/wsgi.py$})
|
||||
end
|
||||
|
||||
context 'sets the WSGI script alias' do
|
||||
|
|
|
@ -232,7 +232,7 @@ describe 'openstack-dashboard::horizon' do
|
|||
|
||||
it 'has policy file path set' do
|
||||
expect(chef_run).to render_file(file.name)
|
||||
.with_content(%r{^POLICY_FILES_PATH = '/usr/share/openstack-dashboard/openstack_dashboard/conf'$})
|
||||
.with_content(%r{^POLICY_FILES_PATH = '/etc/openstack-dashboard/policy'$})
|
||||
end
|
||||
|
||||
describe 'identity and volume api version setting' do
|
||||
|
@ -548,7 +548,7 @@ describe 'openstack-dashboard::horizon' do
|
|||
.with(
|
||||
owner: 'root',
|
||||
group: 'horizon',
|
||||
mode: '2770'
|
||||
mode: '2771'
|
||||
)
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue