openstack
/
cookbook-openstack-orchestration
Code Issues Proposed changes

Stein fixes 

- Cookstyle fixes
- Refactor Berksfile to use groups so we can exclude integration testing
  cookbooks
- Update documentation
- Cleanup line wraps
- Enable sensitive resources for the template[/etc/heat/heat.conf] to
  resources improve security.
- Update delivery configuration to exclude integration cookbooks
- Fix ChefSpec output.
- Add missing ChefSpec tests
- Switch package installations to send packages as arrays instead of individual
  package resources. This generally speeds up chef runs.
- Cleanup array syntax using %w() instead of []

Depends-On: https://review.opendev.org/701027
Depends-On: https://review.opendev.org/706101
Depends-On: https://review.opendev.org/706151
Depends-On: https://review.opendev.org/706157
Depends-On: https://review.opendev.org/708059
Depends-On: https://review.opendev.org/713285

Change-Id: Ifb3a9de9eecc370e46f43a73ed77008a7b21594b
This commit is contained in:
Lance Albertson 2020-03-17 21:11:05 -07:00
parent dbf60084f5
commit 0d15f40999
21 changed files with 266 additions and 139 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
.delivery/project.toml
View File

@ -1 +1,9 @@
remote_file = "https://raw.githubusercontent.com/chef-cookbooks/community_cookbook_tools/master/delivery/project.toml"
[local_phases]
unit = 'rspec spec/'
lint = 'cookstyle --display-cop-names --extra-details'
syntax = "berks install -e integration"
provision = "echo skipping"
deploy = "echo skipping"
smoke = "echo skipping"
functional = "echo skipping"
cleanup = "echo skipping"

14
.rubocop.yml
View File

@ -14,17 +14,3 @@ AllCops:
- .cookbooks/**/*
- berks-cookbooks/**/*
- .bundle/**/*
Encoding:
Exclude:
- metadata.rb
- Gemfile
NumericLiterals:
Enabled: false
LineLength:
Enabled: false
WordArray:
MinSize: 3

28
Berksfile
View File

@ -2,22 +2,22 @@ source 'https://supermarket.chef.io'
solver :ruby, :required
%w(
client
-common
-compute
-dns
-identity
-image
-integration-test
-network
-ops-database
-ops-messaging
).each do |cookbook|
[
%w(client dep),
%w(-common dep),
%w(-compute integration),
%w(-dns integration),
%w(-identity dep),
%w(-image integration),
%w(-integration-test integration),
%w(-network integration),
%w(-ops-database integration),
%w(-ops-messaging integration),
].each do |cookbook, group|
if Dir.exist?("../cookbook-openstack#{cookbook}")
cookbook "openstack#{cookbook}", path: "../cookbook-openstack#{cookbook}"
cookbook "openstack#{cookbook}", path: "../cookbook-openstack#{cookbook}", group: group
else
cookbook "openstack#{cookbook}", git: "https://opendev.org/openstack/cookbook-openstack#{cookbook}"
cookbook "openstack#{cookbook}", git: "https://opendev.org/openstack/cookbook-openstack#{cookbook}", group: group
end
end

28
README.rst
View File

@ -20,9 +20,9 @@ https://docs.openstack.org/heat/latest/
Requirements
============
- Chef 14 or higher
- ChefDK 3.2.30 for testing (also includes Berkshelf for cookbook
dependency resolution)
- Chef 15 or higher
- Chef Workstation 0.15.18 for testing (also includes Berkshelf for
cookbook dependency resolution)
Platform
========
@ -36,8 +36,8 @@ Cookbooks
The following cookbooks are dependencies:
- 'openstack-common', '>= 18.0.0'
- 'openstack-identity', '>= 18.0.0'
- 'openstack-common', '>= 19.0.0'
- 'openstack-identity', '>= 19.0.0'
- 'openstackclient'
Attributes
@ -100,15 +100,15 @@ License and Author
| **Author** | Lance Albertson (lance@osuosl.org) |
+-----------------+---------------------------------------------+
+-----------------+---------------------------------------------+
| **Copyright** | Copyright (c) 2013-2014, IBM Corp. |
+-----------------+---------------------------------------------+
| **Copyright** | Copyright (c) 2014, SUSE Linux, GmbH. |
+-----------------+---------------------------------------------+
| **Copyright** | Copyright (c) 2016, x-ion GmbH. |
+-----------------+---------------------------------------------+
| **Copyright** | Copyright (c) 2019, Oregon State University |
+-----------------+---------------------------------------------+
+-----------------+--------------------------------------------------+
| **Copyright** | Copyright (c) 2013-2014, IBM Corp. |
+-----------------+--------------------------------------------------+
| **Copyright** | Copyright (c) 2014, SUSE Linux, GmbH. |
+-----------------+--------------------------------------------------+
| **Copyright** | Copyright (c) 2016, x-ion GmbH. |
+-----------------+--------------------------------------------------+
| **Copyright** | Copyright (c) 2019-2020, Oregon State University |
+-----------------+--------------------------------------------------+
Licensed under the Apache License, Version 2.0 (the "License"); you may
not use this file except in compliance with the License. You may obtain

26
attributes/default.rb
View File

@ -1,9 +1,11 @@
# encoding: UTF-8
#
# Cookbook Name:: openstack-orchestration
# Cookbook:: openstack-orchestration
# Attributes:: default
#
# Copyright 2013, IBM Corp.
# Copyright:: 2013, IBM Corp.
# Copyright:: 2019-2020, Oregon State University
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
@ -60,13 +62,13 @@ when 'rhel'
default['openstack']['orchestration']['user'] = 'heat'
default['openstack']['orchestration']['group'] = 'heat'
default['openstack']['orchestration']['platform'] = {
'heat_common_packages' => ['openstack-heat-common'],
'heat_api_packages' => ['openstack-heat-api'],
'heat_dashboard_packages' => ['openstack-heat-ui'],
'heat_common_packages' => %w(openstack-heat-common),
'heat_api_packages' => %w(openstack-heat-api),
'heat_dashboard_packages' => %w(openstack-heat-ui),
'heat_api_service' => 'openstack-heat-api',
'heat_api_cfn_packages' => ['openstack-heat-api-cfn'],
'heat_api_cfn_packages' => %w(openstack-heat-api-cfn),
'heat_api_cfn_service' => 'openstack-heat-api-cfn',
'heat_engine_packages' => ['openstack-heat-engine'],
'heat_engine_packages' => %w(openstack-heat-engine),
'heat_engine_service' => 'openstack-heat-engine',
'heat_api_process_name' => 'heat-api',
'package_overrides' => '',
@ -75,13 +77,13 @@ when 'debian'
default['openstack']['orchestration']['user'] = 'heat'
default['openstack']['orchestration']['group'] = 'heat'
default['openstack']['orchestration']['platform'] = {
'heat_common_packages' => ['heat-common', 'python3-heat'],
'heat_api_packages' => ['heat-api'],
'heat_dashboard_packages' => ['python3-heat-dashboard'],
'heat_common_packages' => %w(heat-common python3-heat),
'heat_api_packages' => %w(heat-api),
'heat_dashboard_packages' => %w(python3-heat-dashboard),
'heat_api_service' => 'heat-api',
'heat_api_cfn_packages' => ['heat-api-cfn'],
'heat_api_cfn_packages' => %w(heat-api-cfn),
'heat_api_cfn_service' => 'heat-api-cfn',
'heat_engine_packages' => ['heat-engine'],
'heat_engine_packages' => %w(heat-engine),
'heat_engine_service' => 'heat-engine',
'package_overrides' => '',
}

12
attributes/heat_conf.rb
View File

@ -1,9 +1,11 @@
# encoding: UTF-8
#
# Cookbook Name:: openstack-orchestration
# Cookbook:: openstack-orchestration
# Attributes:: default
#
# Copyright 2013, IBM Corp.
# Copyright:: 2013, IBM Corp.
# Copyright:: 2020, Oregon State University
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
@ -20,7 +22,8 @@
default['openstack']['orchestration']['conf']['DEFAULT']['log_dir'] = '/var/log/heat'
default['openstack']['orchestration']['conf']['DEFAULT']['stack_domain_admin'] = 'heat_domain_admin'
default['openstack']['orchestration']['conf']['DEFAULT']['stack_user_domain_name'] = 'heat'
default['openstack']['orchestration']['conf']['oslo_messaging_notifications']['driver'] = 'heat.openstack.common.notifier.rpc_notifier'
default['openstack']['orchestration']['conf']['oslo_messaging_notifications']['driver'] =
'heat.openstack.common.notifier.rpc_notifier'
default['openstack']['orchestration']['conf']['keystone_authtoken']['auth_type'] = 'v3password'
default['openstack']['orchestration']['conf']['keystone_authtoken']['username'] = 'heat'
default['openstack']['orchestration']['conf']['keystone_authtoken']['project_name'] = 'service'
@ -28,4 +31,5 @@ default['openstack']['orchestration']['conf']['keystone_authtoken']['project_dom
default['openstack']['orchestration']['conf']['keystone_authtoken']['user_domain_name'] = 'Default'
default['openstack']['orchestration']['conf']['trustee']['auth_type'] = 'v3password'
default['openstack']['orchestration']['conf']['trustee']['username'] = 'heat'
default['openstack']['orchestration']['conf']['trustee']['user_domain_name'] = node['openstack']['orchestration']['conf']['keystone_authtoken']['user_domain_name']
default['openstack']['orchestration']['conf']['trustee']['user_domain_name'] =
node['openstack']['orchestration']['conf']['keystone_authtoken']['user_domain_name']

14
metadata.rb
View File

@ -3,22 +3,16 @@ maintainer 'openstack-chef'
maintainer_email 'openstack-discuss@lists.openstack.org'
license 'Apache-2.0'
description 'Installs and configures the Heat Service'
version '18.0.0'
recipe 'openstack-orchestration::api-cfn', 'Configure and start heat-api-cfn service'
recipe 'openstack-orchestration::api', 'Configure and start heat-api service'
recipe 'openstack-orchestration::common', 'Installs the heat packages and setup configuration for Heat.'
recipe 'openstack-orchestration::engine', 'Setup the heat database and start heat-engine service'
recipe 'openstack-orchestration::identity_registration', 'Registers the Heat API endpoint, heat service and user'
version '19.0.0'
%w(ubuntu redhat centos).each do |os|
supports os
end
depends 'openstackclient'
depends 'openstack-common', '>= 18.0.0'
depends 'openstack-identity', '>= 18.0.0'
depends 'openstack-common', '>= 19.0.0'
depends 'openstack-identity', '>= 19.0.0'
issues_url 'https://launchpad.net/openstack-chef'
source_url 'https://opendev.org/openstack/cookbook-openstack-orchestration'
chef_version '>= 14.0'
chef_version '>= 15.0'

14
recipes/api-cfn.rb
View File

@ -1,9 +1,10 @@
# encoding: UTF-8
#
# Cookbook Name:: openstack-orchestration
# Cookbook:: openstack-orchestration
# Recipe:: api-cfn
#
# Copyright 2013, IBM Corp.
# Copyright:: 2013, IBM Corp.
# Copyright:: 2019-2020, Oregon State University
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@ -22,12 +23,9 @@ include_recipe 'openstack-orchestration::common'
platform_options = node['openstack']['orchestration']['platform']
platform_options['heat_api_cfn_packages'].each do |pkg|
package pkg do
options platform_options['package_overrides']
action :upgrade
end
package platform_options['heat_api_cfn_packages'] do
options platform_options['package_overrides']
action :upgrade
end
service 'heat-api-cfn' do

15
recipes/api.rb
View File

@ -1,9 +1,10 @@
# encoding: UTF-8
#
# Cookbook Name:: openstack-orchestration
# Cookbook:: openstack-orchestration
# Recipe:: api
#
# Copyright 2013, IBM Corp.
# Copyright:: 2013, IBM Corp.
# Copyright:: 2019-2020, Oregon State University
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@ -22,18 +23,14 @@ include_recipe 'openstack-orchestration::common'
platform_options = node['openstack']['orchestration']['platform']
platform_options['heat_api_packages'].each do |pkg|
package pkg do
options platform_options['package_overrides']
action :upgrade
end
package platform_options['heat_api_packages'] do
options platform_options['package_overrides']
action :upgrade
end
service 'heat-api' do
service_name platform_options['heat_api_service']
supports status: true, restart: true
action [:enable, :start]
subscribes :restart, 'template[/etc/heat/heat.conf]'
end

38
recipes/common.rb
View File

@ -1,10 +1,11 @@
# encoding: UTF-8
#
# Cookbook Name:: openstack-orchestration
# Cookbook:: openstack-orchestration
# Recipe:: engine
#
# Copyright 2013, IBM Corp.
# Copyright 2014, SUSE Linux, GmbH.
# Copyright:: 2013, IBM Corp.
# Copyright:: 2014, SUSE Linux, GmbH.
# Copyright:: 2019-2020, Oregon State University
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@ -29,23 +30,19 @@ end
platform_options = node['openstack']['orchestration']['platform']
platform_options['heat_common_packages'].each do |pkg|
package pkg do
options platform_options['package_overrides']
action :upgrade
end
package platform_options['heat_common_packages'] do
options platform_options['package_overrides']
action :upgrade
end
db_type = node['openstack']['db']['orchestration']['service_type']
node['openstack']['db']['python_packages'][db_type].each do |pkg|
package pkg do
action :upgrade
end
package node['openstack']['db']['python_packages'][db_type] do
action :upgrade
end
if node['openstack']['mq']['service_type'] == 'rabbit'
node.default['openstack']['orchestration']['conf_secrets']['DEFAULT']['transport_url'] = rabbit_transport_url 'orchestration'
node.default['openstack']['orchestration']['conf_secrets']['DEFAULT']['transport_url'] =
rabbit_transport_url 'orchestration'
end
db_user = node['openstack']['db']['orchestration']['username']
@ -102,15 +99,13 @@ heat_conf_options = merge_config_options 'orchestration'
directory '/etc/heat' do
owner node['openstack']['orchestration']['user']
group node['openstack']['orchestration']['group']
mode 0o0750
action :create
mode '750'
end
directory '/etc/heat/environment.d' do
owner node['openstack']['orchestration']['user']
group node['openstack']['orchestration']['group']
mode 0o0750
action :create
mode '750'
end
template '/etc/heat/heat.conf' do
@ -118,7 +113,8 @@ template '/etc/heat/heat.conf' do
cookbook 'openstack-common'
owner node['openstack']['orchestration']['user']
group node['openstack']['orchestration']['group']
mode 0o0640
mode '640'
sensitive true
variables(
service_config: heat_conf_options
)
@ -128,12 +124,10 @@ template '/etc/heat/environment.d/default.yaml' do
source 'default.yaml.erb'
owner node['openstack']['orchestration']['user']
group node['openstack']['orchestration']['group']
mode 0o0644
mode '644'
end
execute 'heat-manage db_sync' do
user node['openstack']['orchestration']['user']
group node['openstack']['orchestration']['group']
command 'heat-manage db_sync'
action :run
end

13
recipes/dashboard.rb
View File

@ -1,9 +1,10 @@
# encoding: UTF-8
#
# Cookbook Name:: openstack-orchestration
# Cookbook:: openstack-orchestration
# Recipe:: dashboard
#
# Copyright 2018, x-ion Gmbh
# Copyright:: 2018, x-ion Gmbh
# Copyright:: 2020, Oregon State University
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@ -24,9 +25,7 @@ end
platform_options = node['openstack']['orchestration']['platform']
platform_options['heat_dashboard_packages'].each do |pkg|
package pkg do
options platform_options['package_overrides']
action :upgrade
end
package platform_options['heat_dashboard_packages'] do
options platform_options['package_overrides']
action :upgrade
end

14
recipes/engine.rb
View File

@ -1,9 +1,10 @@
# encoding: UTF-8
#
# Cookbook Name:: openstack-orchestration
# Cookbook:: openstack-orchestration
# Recipe:: engine
#
# Copyright 2013, IBM Corp.
# Copyright:: 2013, IBM Corp.
# Copyright:: 2019-2020, Oregon State University
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@ -22,12 +23,9 @@ include_recipe 'openstack-orchestration::common'
platform_options = node['openstack']['orchestration']['platform']
platform_options['heat_engine_packages'].each do |pkg|
package pkg do
options platform_options['package_overrides']
action :upgrade
end
package platform_options['heat_engine_packages'] do
options platform_options['package_overrides']
action :upgrade
end
service 'heat_engine' do

13
recipes/identity_registration.rb
View File

@ -1,9 +1,10 @@
# encoding: UTF-8
#
# Cookbook Name:: openstack-orchestration
# Cookbook:: openstack-orchestration
# Recipe:: identity_registration
#
# Copyright 2013, IBM Corp.
# Copyright:: 2013, IBM Corp.
# Copyright:: 2019-2020, Oregon State University
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@ -49,11 +50,11 @@ admin_domain = node['openstack']['identity']['admin_domain_name']
region = node['openstack']['region']
connection_params = {
openstack_auth_url: auth_url,
openstack_username: admin_user,
openstack_api_key: admin_pass,
openstack_auth_url: auth_url,
openstack_username: admin_user,
openstack_api_key: admin_pass,
openstack_project_name: admin_project,
openstack_domain_name: admin_domain,
openstack_domain_name: admin_domain,
}
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

25
spec/api-cfn_spec.rb Normal file
View File

@ -0,0 +1,25 @@
# encoding: UTF-8
require_relative 'spec_helper'
describe 'openstack-orchestration::api-cfn' do
describe 'ubuntu' do
let(:runner) { ChefSpec::SoloRunner.new(UBUNTU_OPTS) }
let(:node) { runner.node }
cached(:chef_run) { runner.converge(described_recipe) }
include_context 'orchestration_stubs'
include_examples 'expect runs openstack orchestration common recipe'
it 'installs heat cfn packages' do
expect(chef_run).to upgrade_package 'heat-api-cfn'
end
it 'enables heat api-cfn on boot' do
expect(chef_run).to enable_service('heat-api-cfn')
end
it 'starts heat api-cfn on boot' do
expect(chef_run).to start_service('heat-api-cfn')
end
end
end

25
spec/api_spec.rb Normal file
View File

@ -0,0 +1,25 @@
# encoding: UTF-8
require_relative 'spec_helper'
describe 'openstack-orchestration::api' do
describe 'ubuntu' do
let(:runner) { ChefSpec::SoloRunner.new(UBUNTU_OPTS) }
let(:node) { runner.node }
cached(:chef_run) { runner.converge(described_recipe) }
include_context 'orchestration_stubs'
include_examples 'expect runs openstack orchestration common recipe'
it 'installs heat api packages' do
expect(chef_run).to upgrade_package 'heat-api'
end
it 'enables heat api on boot' do
expect(chef_run).to enable_service('heat-api')
end
it 'starts heat api on boot' do
expect(chef_run).to start_service('heat-api')
end
end
end

6
spec/common-redhat_spec.rb
View File

@ -15,5 +15,11 @@ describe 'openstack-orchestration::common' do
include_examples 'expect installs common heat package'
include_examples 'expect installs mysql package'
include_examples 'expect runs db migrations'
it do
expect(chef_run).to upgrade_package 'openstack-heat-common'
end
it do
expect(chef_run).to upgrade_package 'MySQL-python'
end
end
end

47
spec/common_spec.rb
View File

@ -13,14 +13,49 @@ describe 'openstack-orchestration::common' do
include_examples 'expects to create heat conf'
include_examples 'expects to create heat default.yaml'
include_examples 'expect runs db migrations'
%w(heat-common python3-heat).each do |p|
it "installs the #{p} package" do
expect(chef_run).to upgrade_package p
end
it do
expect(chef_run).to upgrade_package %w(heat-common python3-heat)
end
it 'installs mysql python packages by default' do
it do
expect(chef_run).to upgrade_package 'python3-mysqldb'
end
it do
expect(chef_run).to create_directory('/etc/heat').with(
owner: 'heat',
group: 'heat',
mode: '750'
)
end
it do
expect(chef_run).to create_directory('/etc/heat/environment.d').with(
owner: 'heat',
group: 'heat',
mode: '750'
)
end
it do
expect(chef_run).to create_template('/etc/heat/heat.conf').with(
source: 'openstack-service.conf.erb',
cookbook: 'openstack-common',
owner: 'heat',
group: 'heat',
mode: '640',
sensitive: true
)
end
it do
expect(chef_run).to create_template('/etc/heat/environment.d/default.yaml').with(
source: 'default.yaml.erb',
owner: 'heat',
group: 'heat',
mode: '644'
)
end
it do
expect(chef_run).to run_execute('heat-manage db_sync').with(
user: 'heat',
group: 'heat'
)
end
end
end

15
spec/dashboard-redhat_spec.rb Normal file
View File

@ -0,0 +1,15 @@
# encoding: UTF-8
require_relative 'spec_helper'
describe 'openstack-orchestration::dashboard' do
describe 'redhat' do
let(:runner) { ChefSpec::SoloRunner.new(REDHAT_OPTS) }
let(:node) { runner.node }
cached(:chef_run) { runner.converge(described_recipe) }
include_context 'orchestration_stubs'
it do
expect(chef_run).to upgrade_package 'openstack-heat-ui'
end
end
end

15
spec/dashboard_spec.rb Normal file
View File

@ -0,0 +1,15 @@
# encoding: UTF-8
require_relative 'spec_helper'
describe 'openstack-orchestration::dashboard' do
describe 'ubuntu' do
let(:runner) { ChefSpec::SoloRunner.new(UBUNTU_OPTS) }
let(:node) { runner.node }
cached(:chef_run) { runner.converge(described_recipe) }
include_context 'orchestration_stubs'
it do
expect(chef_run).to upgrade_package 'python3-heat-dashboard'
end
end
end

25
spec/engine_spec.rb Normal file
View File

@ -0,0 +1,25 @@
# encoding: UTF-8
require_relative 'spec_helper'
describe 'openstack-orchestration::engine' do
describe 'ubuntu' do
let(:runner) { ChefSpec::SoloRunner.new(UBUNTU_OPTS) }
let(:node) { runner.node }
cached(:chef_run) { runner.converge(described_recipe) }
include_context 'orchestration_stubs'
include_examples 'expect runs openstack orchestration common recipe'
it 'installs heat engine package' do
expect(chef_run).to upgrade_package 'heat-engine'
end
it 'enables heat engine on boot' do
expect(chef_run).to enable_service('heat_engine')
end
it 'starts heat engine on boot' do
expect(chef_run).to start_service('heat_engine')
end
end
end

8
spec/spec_helper.rb
View File

@ -92,7 +92,7 @@ shared_examples 'expects to create heat directories' do
expect(chef_run).to create_directory('/etc/heat').with(
owner: 'heat',
group: 'heat',
mode: 0o750
mode: '750'
)
end
@ -100,7 +100,7 @@ shared_examples 'expects to create heat directories' do
expect(chef_run).to create_directory('/etc/heat/environment.d').with(
owner: 'heat',
group: 'heat',
mode: 0o750
mode: '750'
)
end
end
@ -113,7 +113,7 @@ shared_examples 'expects to create heat conf' do
expect(chef_run).to create_template(file.name).with(
owner: 'heat',
group: 'heat',
mode: 0o640
mode: '640'
)
end
@ -232,7 +232,7 @@ shared_examples 'expects to create heat default.yaml' do
expect(chef_run).to create_template(file.name).with(
owner: 'heat',
group: 'heat',
mode: 0o644
mode: '644'
)
end
end