diff --git a/deployment/puppet/openstack/manifests/ha/glance.pp b/deployment/puppet/openstack/manifests/ha/glance.pp index ed52f460fd..6575122057 100644 --- a/deployment/puppet/openstack/manifests/ha/glance.pp +++ b/deployment/puppet/openstack/manifests/ha/glance.pp @@ -74,6 +74,25 @@ class openstack::ha::glance ( balancermember_options => 'check inter 10s fastinter 2s downinter 3s rise 3 fall 3', } + openstack::ha::haproxy_service { 'glance-glare': + # before neutron + order => '081', + listen_port => 9494, + public => true, + public_ssl => $public_ssl, + public_ssl_path => $public_ssl_path, + internal_ssl => $internal_ssl, + internal_ssl_path => $internal_ssl_path, + require_service => 'glance-glare', + haproxy_config_options => { + # TODO degorenko: check for ability for 'httpchk GET /healthcheck' for Glare + 'option' => ['httpchk /versions', 'httplog', 'httpclose'], + 'http-request' => 'set-header X-Forwarded-Proto https if { ssl_fc }', + 'timeout server' => '11m', + }, + balancermember_options => 'check inter 10s fastinter 2s downinter 3s rise 3 fall 3', + } + openstack::ha::haproxy_service { 'glance-registry': # after neutron order => '090', diff --git a/deployment/puppet/openstack/spec/classes/openstack_ha_glance_spec.rb b/deployment/puppet/openstack/spec/classes/openstack_ha_glance_spec.rb index f5e9f6eb1d..329795b64b 100644 --- a/deployment/puppet/openstack/spec/classes/openstack_ha_glance_spec.rb +++ b/deployment/puppet/openstack/spec/classes/openstack_ha_glance_spec.rb @@ -29,6 +29,22 @@ require 'spec_helper' 'balancermember_options' => 'check inter 10s fastinter 2s downinter 3s rise 3 fall 3', ) end + it "should properly configure glance haproxy based on ssl" do + should contain_openstack__ha__haproxy_service('glance-glare').with( + 'order' => '081', + 'listen_port' => 9494, + 'public' => true, + 'public_ssl' => true, + 'public_ssl_path' => '/var/lib/fuel/haproxy/public_glance.pem', + 'require_service' => 'glance-glare', + 'haproxy_config_options' => { + 'option' => ['httpchk /versions', 'httplog','httpclose'], + 'http-request' => 'set-header X-Forwarded-Proto https if { ssl_fc }', + 'timeout server' => '11m', + }, + 'balancermember_options' => 'check inter 10s fastinter 2s downinter 3s rise 3 fall 3', + ) + end it "should properly configure glance-registry" do should contain_openstack__ha__haproxy_service('glance-registry').with( 'order' => '090', diff --git a/deployment/puppet/openstack_tasks/examples/glance/glance_post.rb b/deployment/puppet/openstack_tasks/examples/glance/glance_post.rb index 564942b994..1b4eeadf01 100644 --- a/deployment/puppet/openstack_tasks/examples/glance/glance_post.rb +++ b/deployment/puppet/openstack_tasks/examples/glance/glance_post.rb @@ -1,6 +1,6 @@ require File.join File.dirname(__FILE__), '../test_common.rb' -PORT = 9292 +PORT = [9292,9494] class GlancePostTest < Test::Unit::TestCase @@ -12,14 +12,22 @@ class GlancePostTest < Test::Unit::TestCase assert TestCommon::Process.running?('/usr/bin/glance-registry'), 'Glance Registry is not running!' end + def test_glance_glare_is_running + assert TestCommon::Process.running?('/usr/bin/glance-glare'), 'Glance Glare is not running!' + end + def test_glance_public_url_accessible - url = "https://#{TestCommon::Settings.public_vip}:#{PORT}" - assert TestCommon::Network.url_accessible?(url), "Public Glance URL '#{url}' is not accessible!" + PORTS.each do |PORT| + url = "https://#{TestCommon::Settings.public_vip}:#{PORT}" + assert TestCommon::Network.url_accessible?(url), "Public Glance URL '#{url}' is not accessible!" + end end def test_glance_admin_url_accessible - url = "http://#{TestCommon::Settings.management_vip}:#{PORT}" - assert TestCommon::Network.url_accessible?(url), "Management Glance URL '#{url}' is not accessible!" + PORTS.each do |PORT| + url = "http://#{TestCommon::Settings.management_vip}:#{PORT}" + assert TestCommon::Network.url_accessible?(url), "Management Glance URL '#{url}' is not accessible!" + end end def test_keystone_endpoint_list_run diff --git a/deployment/puppet/openstack_tasks/examples/glance/glance_pre.rb b/deployment/puppet/openstack_tasks/examples/glance/glance_pre.rb index cab137d618..197a0e57bc 100644 --- a/deployment/puppet/openstack_tasks/examples/glance/glance_pre.rb +++ b/deployment/puppet/openstack_tasks/examples/glance/glance_pre.rb @@ -1,11 +1,13 @@ require File.join File.dirname(__FILE__), '../test_common.rb' -BACKEND = 'glance-api' +BACKENDS = ['glance-api', 'glance-glare'] class GlancePreTest < Test::Unit::TestCase def test_haproxy_glance_backend_present - assert TestCommon::HAProxy.backend_present?(BACKEND), "There is no '#{BACKEND}' HAProxy backend!" + BACKENDS.each do |BACKEND| + assert TestCommon::HAProxy.backend_present?(BACKEND), "There is no '#{BACKEND}' HAProxy backend!" + end end def test_amqp_accessible diff --git a/deployment/puppet/openstack_tasks/manifests/glance/glance.pp b/deployment/puppet/openstack_tasks/manifests/glance/glance.pp index 213f696213..dc686ade95 100644 --- a/deployment/puppet/openstack_tasks/manifests/glance/glance.pp +++ b/deployment/puppet/openstack_tasks/manifests/glance/glance.pp @@ -7,6 +7,7 @@ class openstack_tasks::glance::glance { prepare_network_config($network_scheme) $glance_hash = hiera_hash('glance', {}) + $glance_glare_hash = hiera_hash('glance_glare', {}) $verbose = pick($glance_hash['verbose'], hiera('verbose', true)) $debug = pick($glance_hash['debug'], hiera('debug', false)) $management_vip = hiera('management_vip') @@ -48,7 +49,8 @@ class openstack_tasks::glance::glance { 'extra' => $extra_params }) - $bind_host = get_network_role_property('glance/api', 'ipaddr') + $api_bind_host = get_network_role_property('glance/api', 'ipaddr') + $glare_bind_host = get_network_role_property('glance/glare', 'ipaddr') $enabled = true $max_retries = '-1' $idle_timeout = '3600' @@ -60,6 +62,9 @@ class openstack_tasks::glance::glance { $glance_user = pick($glance_hash['user'],'glance') $glance_user_password = $glance_hash['user_password'] $glance_tenant = pick($glance_hash['tenant'],'services') + $glance_glare_user = pick($glance_glare_hash['user'],'glare') + $glance_glare_user_password = $glance_glare_hash['user_password'] + $glance_glare_tenant = pick($glance_glare_hash['tenant'],'services') $glance_vcenter_host = $glance_hash['vc_host'] $glance_vcenter_user = $glance_hash['vc_user'] $glance_vcenter_password = $glance_hash['vc_password'] @@ -105,9 +110,6 @@ class openstack_tasks::glance::glance { package {'murano-glance-artifacts-plugin': ensure => installed, } - glance_api_config { - 'DEFAULT/enable_v3_api': value => true, - } } ####### Disable upstart startup on install ####### @@ -115,6 +117,9 @@ class openstack_tasks::glance::glance { tweaks::ubuntu_service_override { 'glance-api': package_name => 'glance-api', } + tweaks::ubuntu_service_override { 'glance-glare': + package_name => 'glance-glare', + } tweaks::ubuntu_service_override { 'glance-registry': package_name => 'glance-registry', } @@ -124,7 +129,7 @@ class openstack_tasks::glance::glance { class { '::glance::api': verbose => $verbose, debug => $debug, - bind_host => $bind_host, + bind_host => $api_bind_host, auth_type => 'keystone', auth_uri => $auth_uri, identity_uri => $identity_uri, @@ -155,6 +160,41 @@ class openstack_tasks::glance::glance { image_cache_max_size => $glance_image_cache_max_size, } + class { '::glance::glare::logging': + use_syslog => $use_syslog, + use_stderr => $use_stderr, + log_facility => $syslog_log_facility, + verbose => $verbose, + debug => $debug, + default_log_levels => hiera('default_log_levels'), + } + + class { '::glance::glare::db': + database_connection => $db_connection, + database_idle_timeout => $idle_timeout, + database_max_pool_size => $max_pool_size, + database_max_retries => $max_retries, + database_max_overflow => $max_overflow, + } + + class { '::glance::glare': + bind_host => $glare_bind_host, + auth_type => 'keystone', + auth_uri => $auth_uri, + identity_uri => $identity_uri, + keystone_user => $glance_glare_user, + keystone_password => $glance_glare_user_password, + keystone_tenant => $glance_glare_tenant, + enabled => $enabled, + stores => $known_stores, + workers => $service_workers, + pipeline => $pipeline, + os_region_name => $region, + auth_region => $region, + signing_dir => '/tmp/keystone-signing-glance', + token_cache_time => '-1', + } + glance_api_config { 'DEFAULT/scrubber_datadir': value => '/var/lib/glance/scrubber'; } @@ -171,7 +211,7 @@ class openstack_tasks::glance::glance { class { '::glance::registry': verbose => $verbose, debug => $debug, - bind_host => $bind_host, + bind_host => $api_bind_host, auth_uri => $auth_uri, identity_uri => $identity_uri, auth_type => 'keystone', @@ -206,6 +246,9 @@ class openstack_tasks::glance::glance { glance_api_config { 'DEFAULT/use_syslog_rfc_format': value => true; } + glance_glare_config { + 'DEFAULT/use_syslog_rfc_format': value => true; + } glance_cache_config { 'DEFAULT/use_syslog_rfc_format': value => true; } @@ -237,6 +280,7 @@ class openstack_tasks::glance::glance { swift_store_large_object_size => $swift_store_large_object_size, swift_store_auth_address => "${auth_uri}/v2.0/", swift_store_region => $region, + glare_enabled => true, } } 'rbd', 'ceph': { @@ -245,6 +289,7 @@ class openstack_tasks::glance::glance { rbd_store_user => 'images', rbd_store_pool => 'images', rados_connect_timeout => $rados_connect_timeout, + glare_enabled => true, } } 'vmware': { @@ -255,11 +300,14 @@ class openstack_tasks::glance::glance { vcenter_datacenter => $glance_vcenter_datacenter, vcenter_datastore => $glance_vcenter_datastore, vcenter_image_dir => $glance_vcenter_image_dir, - vcenter_api_retry_count => $glance_vcenter_api_retry_count + vcenter_api_retry_count => $glance_vcenter_api_retry_count, + glare_enabled => true, } } default: { - class { "glance::backend::${glance_backend}": } + class { "glance::backend::${glance_backend}": + glare_enabled => true, + } } } @@ -282,5 +330,11 @@ class openstack_tasks::glance::glance { } else { Glance_registry_config<| title == 'oslo_messaging_rabbit/kombu_compression' |> { value => $kombu_compression } } + + if !defined(Oslo::Messaging_rabbit['glance_registry_config']) and !defined(Glance_registry_config['oslo_messaging_rabbit/kombu_compression']) { + glance_glare_config { 'oslo_messaging_rabbit/kombu_compression': value => $kombu_compression; } + } else { + Glance_glare_config<| title == 'oslo_messaging_rabbit/kombu_compression' |> { value => $kombu_compression } + } } } diff --git a/deployment/puppet/openstack_tasks/manifests/glance/keystone.pp b/deployment/puppet/openstack_tasks/manifests/glance/keystone.pp index 5da673571f..22f504a237 100644 --- a/deployment/puppet/openstack_tasks/manifests/glance/keystone.pp +++ b/deployment/puppet/openstack_tasks/manifests/glance/keystone.pp @@ -2,21 +2,31 @@ class openstack_tasks::glance::keystone { notice('MODULAR: glance/keystone.pp') - $glance_hash = hiera_hash('glance', {}) - $public_vip = hiera('public_vip') - $public_ssl_hash = hiera_hash('public_ssl') - $management_vip = hiera('management_vip') - $region = pick($glance_hash['region'], hiera('region', 'RegionOne')) - $password = $glance_hash['user_password'] - $auth_name = pick($glance_hash['auth_name'], 'glance') - $configure_endpoint = pick($glance_hash['configure_endpoint'], true) - $configure_user = pick($glance_hash['configure_user'], true) - $configure_user_role = pick($glance_hash['configure_user_role'], true) - $service_name = pick($glance_hash['service_name'], 'glance') - $tenant = pick($glance_hash['tenant'], 'services') - $ssl_hash = hiera_hash('use_ssl', {}) + $glance_hash = hiera_hash('glance', {}) + $glance_glare_hash = hiera_hash('glance_glare', {}) + $public_vip = hiera('public_vip') + $public_ssl_hash = hiera_hash('public_ssl') + $management_vip = hiera('management_vip') + $region = pick($glance_hash['region'], hiera('region', 'RegionOne')) + $password = $glance_hash['user_password'] + $auth_name = pick($glance_hash['auth_name'], 'glance') + $configure_endpoint = pick($glance_hash['configure_endpoint'], true) + $configure_user = pick($glance_hash['configure_user'], true) + $configure_user_role = pick($glance_hash['configure_user_role'], true) + $service_name = pick($glance_hash['service_name'], 'glance') + $tenant = pick($glance_hash['tenant'], 'services') + $glare_password = $glance_glare_hash['user_password'] + $glare_auth_name = pick($glance_glare_hash['auth_name'], 'glare') + $glare_configure_endpoint = pick($glance_glare_hash['configure_endpoint'], true) + $glare_configure_user = pick($glance_glare_hash['configure_user'], true) + $glare_configure_user_role = pick($glance_glare_hash['configure_user_role'], true) + $glare_service_name = pick($glance_glare_hash['service_name'], 'glare') + $glare_tenant = pick($glance_glare_hash['tenant'], 'services') + $glare_region = pick($glance_glare_hash['region'], hiera('region', 'RegionOne')) + $ssl_hash = hiera_hash('use_ssl', {}) Class['::osnailyfacter::wait_for_keystone_backends'] -> Class['::glance::keystone::auth'] + Class['::osnailyfacter::wait_for_keystone_backends'] -> Class['::glance::keystone::glare_auth'] $public_protocol = get_ssl_property($ssl_hash, $public_ssl_hash, 'glance', 'public', 'protocol', 'http') $public_address = get_ssl_property($ssl_hash, $public_ssl_hash, 'glance', 'public', 'hostname', [$public_vip]) @@ -25,10 +35,21 @@ class openstack_tasks::glance::keystone { $admin_protocol = get_ssl_property($ssl_hash, {}, 'glance', 'admin', 'protocol', 'http') $admin_address = get_ssl_property($ssl_hash, {}, 'glance', 'admin', 'hostname', [$management_vip]) + $glare_public_protocol = get_ssl_property($ssl_hash, $public_ssl_hash, 'glare', 'public', 'protocol', 'http') + $glare_public_address = get_ssl_property($ssl_hash, $public_ssl_hash, 'glare', 'public', 'hostname', [$public_vip]) + $glare_internal_protocol = get_ssl_property($ssl_hash, {}, 'glare', 'internal', 'protocol', 'http') + $glare_internal_address = get_ssl_property($ssl_hash, {}, 'glare', 'internal', 'hostname', [$management_vip]) + $glare_admin_protocol = get_ssl_property($ssl_hash, {}, 'glare', 'admin', 'protocol', 'http') + $glare_admin_address = get_ssl_property($ssl_hash, {}, 'glare', 'admin', 'hostname', [$management_vip]) + $public_url = "${public_protocol}://${public_address}:9292" $internal_url = "${internal_protocol}://${internal_address}:9292" $admin_url = "${admin_protocol}://${admin_address}:9292" + $glare_public_url = "${glare_public_protocol}://${glare_public_address}:9494" + $glare_internal_url = "${glare_internal_protocol}://${glare_internal_address}:9494" + $glare_admin_url = "${glare_admin_protocol}://${glare_admin_address}:9494" + validate_string($public_address) validate_string($password) @@ -48,4 +69,18 @@ class openstack_tasks::glance::keystone { tenant => $tenant, } + class { '::glance::keystone::glare_auth': + password => $glare_password, + auth_name => $glare_auth_name, + configure_endpoint => $glare_configure_endpoint, + configure_user => $glare_configure_user, + configure_user_role => $glare_configure_user_role, + service_name => $glare_service_name, + public_url => $glare_public_url, + internal_url => $glare_internal_url, + admin_url => $glare_admin_url, + region => $glare_region, + tenant => $glare_tenant, + } + } diff --git a/deployment/puppet/osnailyfacter/manifests/firewall/firewall.pp b/deployment/puppet/osnailyfacter/manifests/firewall/firewall.pp index 6ce2fe4f4c..627b56ca71 100644 --- a/deployment/puppet/osnailyfacter/manifests/firewall/firewall.pp +++ b/deployment/puppet/osnailyfacter/manifests/firewall/firewall.pp @@ -21,6 +21,7 @@ class osnailyfacter::firewall::firewall { $galera_ist_port = 4568 $galera_sst_port = 4444 $glance_api_port = 9292 + $glance_glare_port = 9494 $glance_nova_api_ec2_port = 8773 $glance_reg_port = 9191 $heat_api_cfn_port = 8000 @@ -210,7 +211,7 @@ class osnailyfacter::firewall::firewall { } firewall {'104 glance': - port => [$glance_api_port, $glance_reg_port, $glance_nova_api_ec2_port,], + port => [$glance_api_port, $glance_glare_port, $glance_reg_port, $glance_nova_api_ec2_port,], proto => 'tcp', action => 'accept', } diff --git a/deployment/puppet/osnailyfacter/manifests/globals/globals.pp b/deployment/puppet/osnailyfacter/manifests/globals/globals.pp index 615e0a13b5..177cf8e048 100644 --- a/deployment/puppet/osnailyfacter/manifests/globals/globals.pp +++ b/deployment/puppet/osnailyfacter/manifests/globals/globals.pp @@ -78,6 +78,7 @@ class osnailyfacter::globals::globals { $mysql_hash = hiera('mysql', {}) $rabbit_hash = hiera_hash('rabbit', {}) $glance_hash = hiera_hash('glance', {}) + $glance_glare_hash = hiera_hash('glance_glare', {}) $swift_hash = hiera('swift', {}) $cinder_hash = hiera_hash('cinder', {}) $access_hash = hiera_hash('access', {}) diff --git a/deployment/puppet/osnailyfacter/templates/globals_yaml.erb b/deployment/puppet/osnailyfacter/templates/globals_yaml.erb index 2fcace64af..037a934070 100644 --- a/deployment/puppet/osnailyfacter/templates/globals_yaml.erb +++ b/deployment/puppet/osnailyfacter/templates/globals_yaml.erb @@ -27,6 +27,7 @@ <% globals.store "dns_nameservers", @dns_nameservers -%> <% globals.store "glance_backend", @glance_backend -%> <% globals.store "glance", @glance_hash -%> +<% globals.store "glance_glare", @glance_glare_hash -%> <% globals.store "glance_known_stores", @glance_known_stores -%> <% globals.store "glance_nodes", @glance_nodes -%> <% globals.store "heat", @heat_hash -%> diff --git a/tests/noop/spec/hosts/firewall/firewall_spec.rb b/tests/noop/spec/hosts/firewall/firewall_spec.rb index 912bdbc610..4a59bfa537 100644 --- a/tests/noop/spec/hosts/firewall/firewall_spec.rb +++ b/tests/noop/spec/hosts/firewall/firewall_spec.rb @@ -153,6 +153,14 @@ describe manifest do ) end + it 'should create rules for glance' do + should contain_firewall('104 glance').with( + 'port' => [ 9292, 9494, 9191, 8773 ], + 'proto' => 'tcp', + 'action' => 'accept', + ) + end + it 'should accept connections from 240.0.0.2' do should contain_firewall('030 allow connections from haproxy namespace').with( 'source' => '240.0.0.2', diff --git a/tests/noop/spec/hosts/glance/glance_spec.rb b/tests/noop/spec/hosts/glance/glance_spec.rb index 27c02405ab..4d14be8f6c 100644 --- a/tests/noop/spec/hosts/glance/glance_spec.rb +++ b/tests/noop/spec/hosts/glance/glance_spec.rb @@ -81,6 +81,7 @@ describe manifest do it 'should declare glance classes' do should contain_class('glance::api').with('pipeline' => pipeline) should contain_class('glance::registry').with('sync_db' => primary_controller) + should contain_class('glance::glare').with('pipeline' => pipeline) should contain_class('glance::notify::rabbitmq') end @@ -94,6 +95,7 @@ describe manifest do db_connection = "mysql://#{glance_db_user}:#{glance_db_password}@#{database_vip}/#{glance_db_name}#{extra_params}" should contain_class('glance::api').with(:database_connection => db_connection) should contain_class('glance::registry').with(:database_connection => db_connection) + should contain_class('glance::glare::db').with(:database_connection => db_connection) end it 'should configure glance api config' do @@ -110,6 +112,17 @@ describe manifest do should contain_glance_api_config('keystone_authtoken/token_cache_time').with_value('-1') end + it 'should configure glance glare config' do + should contain_glance_glare_config('database/max_pool_size').with_value(max_pool_size) + should contain_glance_glare_config('DEFAULT/use_stderr').with_value(use_stderr) + should contain_glance_glare_config('database/max_overflow').with_value(max_overflow) + should contain_glance_glare_config('database/max_retries').with_value(max_retries) + should contain_glance_glare_config('DEFAULT/auth_region').with_value(region) + should contain_glance_glare_config('glance_store/os_region_name').with_value(region) + should contain_glance_glare_config('keystone_authtoken/signing_dir').with_value('/tmp/keystone-signing-glance') + should contain_glance_glare_config('keystone_authtoken/token_cache_time').with_value('-1') + end + if $glance_backend == 'rbd' it 'should configure rados_connect_timeout' do should contain_glance_api_config('glance_store/rados_connect_timeout').with_value('30') @@ -143,21 +156,20 @@ describe manifest do should contain_glance_api_config('DEFAULT/use_syslog_rfc_format').with_value('true') should contain_glance_cache_config('DEFAULT/use_syslog_rfc_format').with_value('true') should contain_glance_registry_config('DEFAULT/use_syslog_rfc_format').with_value('true') + should contain_glance_glare_config('DEFAULT/use_syslog_rfc_format').with_value('true') end end it 'should configure default_log_levels' do should contain_glance_api_config('DEFAULT/default_log_levels').with_value(default_log_levels.sort.join(',')) should contain_glance_registry_config('DEFAULT/default_log_levels').with_value(default_log_levels.sort.join(',')) + should contain_glance_glare_config('DEFAULT/default_log_levels').with_value(default_log_levels.sort.join(',')) end if murano_glance_artifacts_plugin and murano_glance_artifacts_plugin['enabled'] it 'should install murano-glance-artifacts-plugin package' do should contain_package('murano-glance-artifacts-plugin').with(:ensure => 'installed') end - it 'should configure glance-api to use v3' do - should contain_glance_api_config('DEFAULT/enable_v3_api').with_value(true) - end end if storage_config && storage_config.has_key?('images_ceph') && storage_config['images_ceph'] @@ -168,12 +180,12 @@ describe manifest do end if ironic_enabled it 'should declare swift backend' do - should contain_class('glance::backend::swift') + should contain_class('glance::backend::swift').with(:glare_enabled => true) end end let :params do { :glance_backend => 'ceph', } end it 'should declare ceph backend' do - should contain_class('glance::backend::rbd') + should contain_class('glance::backend::rbd').with(:glare_enabled => true) end it 'should configure show_image_direct_url' do should contain_glance_api_config('DEFAULT/show_image_direct_url').with_value(show_image_direct_url) @@ -186,7 +198,7 @@ describe manifest do end let :params do { :glance_backend => 'vmware', } end it 'should declare vmware backend' do - should contain_class('glance::backend::vsphere') + should contain_class('glance::backend::vsphere').with(:glare_enabled => true) end it 'should configure show_image_direct_url' do should contain_glance_api_config('DEFAULT/show_image_direct_url').with_value(show_image_direct_url) @@ -210,6 +222,7 @@ describe manifest do it 'should configure kombu compression' do should contain_glance_api_config('oslo_messaging_rabbit/kombu_compression').with(:value => kombu_compression) should contain_glance_registry_config('oslo_messaging_rabbit/kombu_compression').with(:value => kombu_compression) + should contain_glance_glare_config('oslo_messaging_rabbit/kombu_compression').with(:value => kombu_compression) end end end diff --git a/tests/noop/spec/hosts/glance/keystone_spec.rb b/tests/noop/spec/hosts/glance/keystone_spec.rb index 7153ebd332..71d8ad5b6d 100644 --- a/tests/noop/spec/hosts/glance/keystone_spec.rb +++ b/tests/noop/spec/hosts/glance/keystone_spec.rb @@ -13,26 +13,22 @@ manifest = 'glance/keystone.pp' describe manifest do shared_examples 'catalog' do + management_vip = Noop.hiera('management_vip') + ssl_hash = Noop.hiera_structure('use_ssl', {}) + public_ssl_hash = Noop.hiera_structure('public_ssl', {}) + internal_protocol = Noop.puppet_function 'get_ssl_property',ssl_hash,{},'glance', 'internal','protocol','http' + internal_address = Noop.puppet_function 'get_ssl_property',ssl_hash,{},'glance', 'internal','hostname', [management_vip] + admin_protocol = Noop.puppet_function 'get_ssl_property',ssl_hash,{},'glance', 'admin', 'protocol','http' + admin_address = Noop.puppet_function 'get_ssl_property',ssl_hash,{},'glance','admin', 'hostname', [management_vip] + public_protocol = Noop.puppet_function 'get_ssl_property',ssl_hash,public_ssl_hash,'glance', 'public','protocol','http' + public_address = Noop.puppet_function 'get_ssl_property',ssl_hash,public_ssl_hash,'glance','public', 'hostname', [Noop.hiera('public_vip')] - internal_protocol = 'http' - internal_address = Noop.hiera('management_vip') - admin_protocol = 'http' - admin_address = internal_address - - if Noop.hiera_structure('use_ssl', false) - public_protocol = 'https' - public_address = Noop.hiera_structure('use_ssl/glance_public_hostname') - internal_protocol = 'https' - internal_address = Noop.hiera_structure('use_ssl/glance_internal_hostname') - admin_protocol = 'https' - admin_address = Noop.hiera_structure('use_ssl/glance_admin_hostname') - elsif Noop.hiera_structure('public_ssl/services') - public_address = Noop.hiera_structure('public_ssl/hostname') - public_protocol = 'https' - else - public_address = Noop.hiera('public_vip') - public_protocol = 'http' - end + glare_internal_protocol = Noop.puppet_function 'get_ssl_property',ssl_hash,{},'glare', 'internal','protocol','http' + glare_internal_address = Noop.puppet_function 'get_ssl_property',ssl_hash,{},'glare', 'internal','hostname', [management_vip] + glare_admin_protocol = Noop.puppet_function 'get_ssl_property',ssl_hash,{},'glare', 'admin', 'protocol','http' + glare_admin_address = Noop.puppet_function 'get_ssl_property',ssl_hash,{},'glare','admin', 'hostname', [management_vip] + glare_public_protocol = Noop.puppet_function 'get_ssl_property',ssl_hash,public_ssl_hash,'glare', 'public','protocol','http' + glare_public_address = Noop.puppet_function 'get_ssl_property',ssl_hash,public_ssl_hash,'glare','public', 'hostname', [Noop.hiera('public_vip')] auth_name = Noop.hiera_structure('glance/auth_name', 'glance') password = Noop.hiera_structure('glance/user_password') @@ -46,6 +42,18 @@ describe manifest do internal_url = "#{internal_protocol}://#{internal_address}:9292" admin_url = "#{admin_protocol}://#{admin_address}:9292" + glare_auth_name = Noop.hiera_structure('glance_glare/auth_name', 'glare') + glare_password = Noop.hiera_structure('glance_glare/user_password') + glare_configure_endpoint = Noop.hiera_structure('glance_glare/configure_endpoint', true) + glare_configure_user = Noop.hiera_structure('glance_glare/configure_user', true) + glare_configure_user_role = Noop.hiera_structure('glance_glare/configure_user_role', true) + glare_region = Noop.hiera_structure('glance_glare/region', 'RegionOne') + glare_tenant = Noop.hiera_structure('glance_glare/tenant', 'services') + glare_service_name = Noop.hiera_structure('glance_glare/service_name', 'glare') + glare_public_url = "#{glare_public_protocol}://#{glare_public_address}:9494" + glare_internal_url = "#{glare_internal_protocol}://#{glare_internal_address}:9494" + glare_admin_url = "#{glare_admin_protocol}://#{glare_admin_address}:9494" + it 'should declare glance::keystone::auth class correctly' do should contain_class('glance::keystone::auth').with( 'auth_name' => auth_name, @@ -61,6 +69,33 @@ describe manifest do 'tenant' => tenant, ) end + + it 'should declare glance::keystone::glare_auth class correctly' do + should contain_class('glance::keystone::glare_auth').with( + 'auth_name' => glare_auth_name, + 'password' => glare_password, + 'configure_endpoint' => glare_configure_endpoint, + 'configure_user' => glare_configure_user, + 'configure_user_role' => glare_configure_user_role, + 'service_name' => glare_service_name, + 'public_url' => glare_public_url, + 'internal_url' => glare_internal_url, + 'admin_url' => glare_admin_url, + 'region' => glare_region, + 'tenant' => glare_tenant, + ) + end + + it 'should have explicit ordering between LB classes and particular actions' do + expect(graph).to ensure_transitive_dependency("Haproxy_backend_status[keystone-public]", + "Class[glance::keystone::auth]") + expect(graph).to ensure_transitive_dependency("Haproxy_backend_status[keystone-admin]", + "Class[glance::keystone::auth]") + expect(graph).to ensure_transitive_dependency("Haproxy_backend_status[keystone-public]", + "Class[glance::keystone::glare_auth]") + expect(graph).to ensure_transitive_dependency("Haproxy_backend_status[keystone-admin]", + "Class[glance::keystone::glare_auth]") + end end test_ubuntu_and_centos manifest end diff --git a/tests/noop/spec/hosts/openstack-haproxy/openstack-haproxy-glance_spec.rb b/tests/noop/spec/hosts/openstack-haproxy/openstack-haproxy-glance_spec.rb index 6dda8c74d4..9910091745 100644 --- a/tests/noop/spec/hosts/openstack-haproxy/openstack-haproxy-glance_spec.rb +++ b/tests/noop/spec/hosts/openstack-haproxy/openstack-haproxy-glance_spec.rb @@ -58,6 +58,27 @@ describe manifest do 'balancermember_options' => 'check inter 10s fastinter 2s downinter 3s rise 3 fall 3' ) + should contain_openstack__ha__haproxy_service('glance-glare').with( + 'order' => '081', + 'listen_port' => 9494, + 'require_service' => 'glance-glare', + + # common parameters + 'internal_virtual_ip' => internal_virtual_ip, + 'ipaddresses' => ipaddresses, + 'public_virtual_ip' => public_virtual_ip, + 'server_names' => server_names, + 'public' => 'true', + 'public_ssl' => public_ssl, + 'require_service' => 'glance-glare', + 'haproxy_config_options' => { + 'option' => ['httpchk /versions', 'httplog', 'httpclose'], + 'http-request' => 'set-header X-Forwarded-Proto https if { ssl_fc }', + 'timeout server' => '11m', + }, + 'balancermember_options' => 'check inter 10s fastinter 2s downinter 3s rise 3 fall 3' + ) + should contain_openstack__ha__haproxy_service('glance-registry').with( 'order' => '090', 'listen_port' => 9191,