Update default Debian paths for Buster and newer

Since version 10 (Buster) the package openstack-dashboard installs its files to different directories than it used to. With version 11 (Bullseye) just about to reach stable status, it might be time to update the defaults - for Debian proper anyway, since judging from the contents of relevant Ubuntu 21.04 packages that distro has decided to go their own way here. Note that this also changes the handling of some of the paths for RHEL - there used to be two hard-coded paths in the recipes/horizon.rb which still work under RHEL and Ubuntu but not under modern Debian, requiring a switch to attribute-defined paths. PS. The permission change on dash_state_dir is part of this too, since without o+x Apache complains access to /static/foo denied (filesystem path '/var/lib/openstack-dashboard/static') because search permissions are missing on a component of the path whenever any static dashboard content is to be retrieved. Signed-off-by: Marek Szuba <m.szuba@gsi.de> Change-Id: I345b4894f1243db77856303d97538914dc6cf9be
2021-07-13 16:51:39 +01:00 · 2021-07-13 16:51:39 +01:00 · e2be8654b3
parent 89a99bc955
commit e2be8654b3
5 changed files with 38 additions and 20 deletions
--- a/attributes/default.rb
+++ b/attributes/default.rb
@ -98,12 +98,13 @@ when 'rhel'
  default['openstack']['dashboard']['key_group'] = 'root'
  default['openstack']['dashboard']['horizon_user'] = 'apache'
  default['openstack']['dashboard']['horizon_group'] = 'apache'
-  default['openstack']['dashboard']['secret_key_path'] =
-    '/usr/share/openstack-dashboard/openstack_dashboard/local/.secret_key_store'
+  default['openstack']['dashboard']['django_path'] = '/usr/share/openstack-dashboard'
+  default['openstack']['dashboard']['dash_path'] = "#{node['openstack']['dashboard']['django_path']}/openstack_dashboard"
+  default['openstack']['dashboard']['dash_state_path'] = "#{node['openstack']['dashboard']['dash_path']}/local"
+  default['openstack']['dashboard']['secret_key_path'] = "#{node['openstack']['dashboard']['dash_state_path']}/.secret_key_store"
  default['openstack']['dashboard']['ssl']['cert_dir'] = '/etc/pki/tls/certs/'
  default['openstack']['dashboard']['ssl']['key_dir'] = '/etc/pki/tls/private/'
  default['openstack']['dashboard']['local_settings_path'] = '/etc/openstack-dashboard/local_settings'
-  default['openstack']['dashboard']['django_path'] = '/usr/share/openstack-dashboard'
  default['openstack']['dashboard']['static_path'] = '/usr/share/openstack-dashboard/static'
  default['openstack']['dashboard']['policy_files_path'] = '/etc/openstack-dashboard'
  default['openstack']['dashboard']['login_url'] = "#{node['openstack']['dashboard']['webroot']}auth/login/"
@ -118,13 +119,10 @@ when 'debian'
  default['openstack']['dashboard']['key_group'] = 'ssl-cert'
  default['openstack']['dashboard']['horizon_user'] = 'horizon'
  default['openstack']['dashboard']['horizon_group'] = 'horizon'
-  default['openstack']['dashboard']['secret_key_path'] = '/var/lib/openstack-dashboard/secret_key'
+  default['openstack']['dashboard']['django_path'] = '/usr/share/openstack-dashboard'
  default['openstack']['dashboard']['ssl']['cert_dir'] = '/etc/ssl/certs/'
  default['openstack']['dashboard']['ssl']['key_dir'] = '/etc/ssl/private/'
  default['openstack']['dashboard']['local_settings_path'] = '/etc/openstack-dashboard/local_settings.py'
-  default['openstack']['dashboard']['django_path'] = '/usr/share/openstack-dashboard'
-  default['openstack']['dashboard']['static_path'] = '/var/lib/openstack-dashboard/static'
-  default['openstack']['dashboard']['policy_files_path'] = '/usr/share/openstack-dashboard/openstack_dashboard/conf'
  default['openstack']['dashboard']['login_url'] = nil
  default['openstack']['dashboard']['logout_url'] = nil
  default['openstack']['dashboard']['login_redirect_url'] = nil
@ -139,11 +137,24 @@ when 'debian'
      python3-django-horizon
      openstack-dashboard
    )
+  case node['platform']
+  when 'ubuntu'
+    default['openstack']['dashboard']['dash_path'] = "#{node['openstack']['dashboard']['django_path']}/openstack_dashboard"
+    default['openstack']['dashboard']['dash_state_path'] = "#{node['openstack']['dashboard']['dash_path']}/local"
+    default['openstack']['dashboard']['secret_key_path'] = '/var/lib/openstack-dashboard/secret_key'
+    default['openstack']['dashboard']['static_path'] = '/var/lib/openstack-dashboard/static'
+    default['openstack']['dashboard']['policy_files_path'] = '/usr/share/openstack-dashboard/openstack_dashboard/conf'
+  else
+    default['openstack']['dashboard']['dash_path'] = node['openstack']['dashboard']['django_path']
+    default['openstack']['dashboard']['dash_state_path'] = '/var/lib/openstack-dashboard'
+    default['openstack']['dashboard']['secret_key_path'] = "#{node['openstack']['dashboard']['dash_state_path']}/secret_key"
+    default['openstack']['dashboard']['static_path'] = "#{node['openstack']['dashboard']['dash_state_path']}/static"
+    default['openstack']['dashboard']['policy_files_path'] = '/etc/openstack-dashboard/policy'
+  end
 else
  default['openstack']['dashboard']['key_group'] = 'root'
 end

-default['openstack']['dashboard']['dash_path'] = "#{node['openstack']['dashboard']['django_path']}/openstack_dashboard"
 default['openstack']['dashboard']['wsgi_path'] = node['openstack']['dashboard']['dash_path'] + '/wsgi.py'
 default['openstack']['dashboard']['wsgi_socket_prefix'] = nil
 default['openstack']['dashboard']['session_backend'] = 'memcached'
--- a/recipes/horizon.rb
+++ b/recipes/horizon.rb
@ -93,10 +93,10 @@ execute 'openstack-dashboard syncdb' do
  end
 end

-directory "#{node['openstack']['dashboard']['dash_path']}/local" do
+directory node['openstack']['dashboard']['dash_state_path'] do
  owner 'root'
  group node['openstack']['dashboard']['horizon_group']
-  mode '2770'
+  mode '2771'
 end

 # resource can be triggered from other recipes (e.g. in
@ -110,12 +110,7 @@ end

 # workaround for
 # https://bugs.launchpad.net/openstack-chef/+bug/1496158
-secret_file =
-  ::File.join(node['openstack']['dashboard']['django_path'],
-              'openstack_dashboard',
-              'local',
-              '.secret_key_store')
-
+secret_file = node['openstack']['dashboard']['secret_key_path']
 file secret_file do
  owner node['openstack']['dashboard']['horizon_user']
  group node['openstack']['dashboard']['horizon_user']
--- a/spec/apache2-server-redhat_spec.rb
+++ b/spec/apache2-server-redhat_spec.rb
@ -10,6 +10,12 @@ describe 'openstack-dashboard::apache2-server' do
    include_context 'dashboard_stubs'
    include_context 'redhat_stubs'

+    it 'creates .blackhole dir with proper owner' do
+      dir = '/usr/share/openstack-dashboard/openstack_dashboard/.blackhole'
+
+      expect(chef_run.directory(dir).owner).to eq('root')
+    end
+
    describe 'certs' do
      describe 'get secret' do
        let(:pem) { chef_run.file('/etc/pki/tls/certs/horizon.pem') }
@ -53,6 +59,12 @@ describe 'openstack-dashboard::apache2-server' do
      expect(chef_run).to disable_apache2_site('default')
    end

+    it 'sets the WSGI script alias defaults' do
+      file = chef_run.template('/etc/httpd/sites-available/openstack-dashboard.conf')
+      expect(chef_run).to render_file(file.name)
+        .with_content(%r{^\s*WSGIScriptAlias / /usr/share/openstack-dashboard/openstack_dashboard/wsgi.py$})
+    end
+
    it 'sets the WSGI daemon user to attribute default' do
      file = chef_run.template('/etc/httpd/sites-available/openstack-dashboard.conf')
      expect(chef_run).to render_file(file.name).with_content('WSGIDaemonProcess dashboard user=apache')
--- a/spec/apache2-server_spec.rb
+++ b/spec/apache2-server_spec.rb
@ -228,7 +228,7 @@ describe 'openstack-dashboard::apache2-server' do
    end

    it 'creates .blackhole dir with proper owner' do
-      dir = '/usr/share/openstack-dashboard/openstack_dashboard/.blackhole'
+      dir = '/usr/share/openstack-dashboard/.blackhole'

      expect(chef_run.directory(dir).owner).to eq('root')
    end
@ -456,7 +456,7 @@ describe 'openstack-dashboard::apache2-server' do

        it 'sets the WSGI script alias defaults' do
          expect(chef_run).to render_file(file.name)
-            .with_content(%r{^\s*WSGIScriptAlias / /usr/share/openstack-dashboard/openstack_dashboard/wsgi.py$})
+            .with_content(%r{^\s*WSGIScriptAlias / /usr/share/openstack-dashboard/wsgi.py$})
        end

        context 'sets the WSGI script alias' do
--- a/spec/horizon_spec.rb
+++ b/spec/horizon_spec.rb
@ -232,7 +232,7 @@ describe 'openstack-dashboard::horizon' do

        it 'has policy file path set' do
          expect(chef_run).to render_file(file.name)
-            .with_content(%r{^POLICY_FILES_PATH = '/usr/share/openstack-dashboard/openstack_dashboard/conf'$})
+            .with_content(%r{^POLICY_FILES_PATH = '/etc/openstack-dashboard/policy'$})
        end

        describe 'identity and volume api version setting' do
@ -548,7 +548,7 @@ describe 'openstack-dashboard::horizon' do
        .with(
          owner: 'root',
          group: 'horizon',
-          mode: '2770'
+          mode: '2771'
        )
    end
  end