opendev/puppet-apps_site
Code Issues Proposed changes

Glare support for app-catalog

Browse Source 
This commit should allow to deploy app-catalog with glare support
introduced by Ib5c6920c90f566d73a5f9e8ed545f0e082a0b20e

Change-Id: I9fbe756cfcc2456587c0395e88f14681a1e43ee4
This commit is contained in:
Bartosz Kupidura 2016-09-09 14:47:43 +00:00 committed by Maciej Relewicz
parent 389e331d6b
commit 8b72875d3c
10 changed files with 580 additions and 110 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
examples/app_site_with_glare_using_git.pp Normal file
View File

@ -0,0 +1,48 @@
#if you want to install app_site with glare support via git, memcache installed on localhost
$vhost_name = $::fqdn
$without_glare = false
$glare_server = "${vhost_name}:9494"
$memcache_server = '127.0.0.1:11211'
$repo_url = 'https://github.com/openstack/app-catalog.git'
$commit = 'master'
$use_ssl = false
if $use_ssl {
$glare_url = "https://${glare_server}"
}else{
$glare_url = "http://${glare_server}"
}
#installation with importing assets
$import_assets = true
class { '::apps_site':
without_glare => $without_glare,
use_pip => false,
use_git => true,
repo_url => $repo_url,
commit => $commit,
}
class { '::apps_site::plugins::glare':
use_ssl => $use_ssl,
memcache_server => $memcache_server,
vhost_name => $vhost_name,
}
class { '::apps_site::wsgi::apache':
use_ssl => $use_ssl,
servername => $vhost_name,
}
class { '::apps_site::catalog':
import_assets => $import_assets,
domain => $vhost_name,
glare_url => $glare_url,
memcache_server => $memcache_server,
}
Class['::apps_site'] ->
Class['::apps_site::plugins::glare'] ->
Class['::apps_site::wsgi::apache'] ->
Class['::apps_site::catalog']

42
examples/app_site_with_glare_using_pip.pp Normal file
View File

@ -0,0 +1,42 @@
#if you want to install app_site with glare support via pip, memcache installed on localhost
$vhost_name = $::fqdn
$without_glare = false
$glare_server = "${vhost_name}:9494"
$memcache_server = '127.0.0.1:11211'
$use_ssl = false
if $use_ssl {
$glare_url = "https://${glare_server}"
}else{
$glare_url = "http://${glare_server}"
}
#installation with importing assets
$import_assets = true
class { '::apps_site':
without_glare => $without_glare,
}
class { '::apps_site::plugins::glare':
use_ssl => $use_ssl,
memcache_server => $memcache_server,
vhost_name => $vhost_name,
}
class { '::apps_site::wsgi::apache':
use_ssl => $use_ssl,
servername => $vhost_name,
}
class { '::apps_site::catalog':
import_assets => $import_assets,
domain => $vhost_name,
glare_url => $glare_url,
memcache_server => $memcache_server,
}
Class['::apps_site'] ->
Class['::apps_site::plugins::glare'] ->
Class['::apps_site::wsgi::apache'] ->
Class['::apps_site::catalog']

8
examples/app_site_without_glare.pp Normal file
View File

@ -0,0 +1,8 @@
#if you want to install app_site without glare support
$vhost_name = $::fqdn
$without_glare = true
class { '::apps_site':
vhost_name => $vhost_name,
without_glare => $without_glare,
}

52
manifests/catalog.pp Normal file
View File

@ -0,0 +1,52 @@
# class: apps_site::catalog
#
class apps_site::catalog (
$settings_dir = '/etc/openstack-catalog',
$memcache_server = '127.0.0.1:11211',
$domain = $::fqdn,
$assets_file = undef,
$import_assets = true,
$glare_url = 'http://127.0.0.1:9494/'
) {
#settings_dir should be set /etc/openstack-catalog
#currently app-catalog will not use env variables properly
file { $settings_dir:
ensure => 'directory',
}
file { "${settings_dir}/local_settings.py":
ensure => 'present',
content => template('apps_site/local_settings_glare.erb'),
require => File[$settings_dir],
}
exec { 'app-catalog-collect-static' :
command => 'app-catalog-manage collectstatic --noinput',
path => ['/bin/', '/sbin/' , '/usr/bin/', '/usr/sbin/', '/usr/local/bin', '/usr/local/sbin'],
refreshonly => true,
subscribe => [Package['openstack-app-catalog'], File["${settings_dir}/local_settings.py"]],
}
exec { 'app-catalog-compress' :
command => 'app-catalog-manage compress --force',
path => ['/bin/', '/sbin/' , '/usr/bin/', '/usr/sbin/', '/usr/local/bin', '/usr/local/sbin'],
refreshonly => true,
subscribe => [Package['openstack-app-catalog'], File["${settings_dir}/local_settings.py"]],
}
if $import_assets {
$real_assets_file = $assets_file ? {
undef => "${apps_site::params::app_catalog_dir}/web/static/assets.yaml",
default => $assets_file,
}
exec { 'import-glare-assets' :
command => "app-catalog-import-assets --glare_url ${glare_url} --assets_file ${real_assets_file}",
path => ['/bin/', '/sbin/' , '/usr/bin/', '/usr/sbin/', '/usr/local/bin', '/usr/local/sbin'],
require => [Package['openstack-app-catalog'], Exec['app-catalog-compress']],
}
}
}

265
manifests/init.pp
View File

@ -12,83 +12,169 @@ class apps_site (
$ssl_key_file = '/etc/ssl/private/ssl-cert-snakeoil.key',
$ssl_chain_file = '/etc/ssl/certs/ca-certificates.crt',
$vhost_name = $::fqdn,
$without_glare = true,
$use_pip = true,
$use_git = false,
$repo_url = 'https://git.openstack.org/openstack/app-catalog.git',
) {
include ::httpd::ssl
include ::httpd::mod::wsgi
if !defined(Package['git']) {
package { 'git':
ensure => present
if ($without_glare) {
include ::httpd::ssl
include ::httpd::mod::wsgi
if !defined(Package['git']) {
package { 'git':
ensure => present
}
}
}
vcsrepo { $root_dir:
ensure => latest,
provider => git,
revision => $commit,
source => 'https://git.openstack.org/openstack/app-catalog.git',
require => [
Package['git'],
]
}
::httpd::vhost { $vhost_name:
port => 443,
docroot => "${root_dir}/openstack_catalog/web",
priority => '50',
template => 'apps_site/vhost.erb',
vhost_name => $vhost_name,
ssl => true,
}
httpd_mod { 'headers':
ensure => present,
notify => Service['httpd']
}
httpd_mod { 'rewrite':
ensure => present,
notify => Service['httpd']
}
httpd_mod { 'deflate':
ensure => present,
notify => Service['httpd']
}
if $ssl_cert_file_contents != undef {
file { $ssl_cert_file:
owner => 'root',
group => 'root',
mode => '0640',
content => $ssl_cert_file_contents,
before => Httpd::Vhost[$vhost_name],
vcsrepo { $root_dir:
ensure => latest,
provider => git,
revision => $commit,
source => 'https://git.openstack.org/openstack/app-catalog.git',
require => [
Package['git'],
]
}
}
if $ssl_key_file_contents != undef {
file { $ssl_key_file:
owner => 'root',
group => 'ssl-cert',
mode => '0640',
content => $ssl_key_file_contents,
before => Httpd::Vhost[$vhost_name],
::httpd::vhost { $vhost_name:
port => 443,
docroot => "${root_dir}/openstack_catalog/web",
priority => '50',
template => 'apps_site/vhost.erb',
vhost_name => $vhost_name,
ssl => true,
}
}
if $ssl_chain_file_contents != undef {
file { $ssl_chain_file:
owner => 'root',
group => 'root',
mode => '0640',
content => $ssl_chain_file_contents,
before => Httpd::Vhost[$vhost_name],
}
}
if ! defined(Package['python-yaml']) {
package { 'python-yaml':
httpd_mod { 'headers':
ensure => present,
notify => Service['httpd']
}
httpd_mod { 'rewrite':
ensure => present,
notify => Service['httpd']
}
httpd_mod { 'deflate':
ensure => present,
notify => Service['httpd']
}
if $ssl_cert_file_contents != undef {
file { $ssl_cert_file:
owner => 'root',
group => 'root',
mode => '0640',
content => $ssl_cert_file_contents,
before => Httpd::Vhost[$vhost_name],
}
}
if $ssl_key_file_contents != undef {
file { $ssl_key_file:
owner => 'root',
group => 'ssl-cert',
mode => '0640',
content => $ssl_key_file_contents,
before => Httpd::Vhost[$vhost_name],
}
}
if $ssl_chain_file_contents != undef {
file { $ssl_chain_file:
owner => 'root',
group => 'root',
mode => '0640',
content => $ssl_chain_file_contents,
before => Httpd::Vhost[$vhost_name],
}
}
if ! defined(Package['python-yaml']) {
package { 'python-yaml':
ensure => present,
}
}
exec { 'install-app_catalog' :
command => "/usr/local/bin/pip install --upgrade ${root_dir}",
cwd => $root_dir,
refreshonly => true,
subscribe => Vcsrepo[$root_dir],
notify => Service['httpd'],
}
file { "${install_dir}/local_settings.py":
ensure => present,
mode => '0644',
require => Exec['install-app_catalog'],
content => template('apps_site/local_settings.erb'),
}
file { "${install_dir}/manage.py":
ensure => present,
source => "${root_dir}/manage.py",
require => Exec['install-app_catalog'],
}
exec { 'collect-static' :
command => "/usr/bin/python ${install_dir}/manage.py collectstatic --noinput",
subscribe => File["${install_dir}/manage.py"],
}
exec { 'python-compress' :
command => "/usr/bin/python ${install_dir}/manage.py compress --force",
subscribe => File["${install_dir}/manage.py"],
}
exec { 'make_assets_json' :
command => "${root_dir}/tools/update_assets.sh",
path => '/usr/local/bin:/usr/bin:/bin',
refreshonly => true,
subscribe => Vcsrepo[$root_dir],
}
} else {
$deps = [ 'python-pip', 'python-dev', 'libffi-dev', 'libpq-dev' ]
package { $deps:
ensure => 'present',
before => Package['pipinpip'],
}
package { 'pipinpip':
ensure => latest,
name => 'pip',
provider => 'pip',
before => Package['openstack-app-catalog'],
}
if $use_pip {
if ! defined(Package['openstack-app-catalog']) {
package {'openstack-app-catalog':
ensure => 'latest',
provider => pip,
}
}
}
if $use_git {
if !defined(Package['git']) {
package { 'git':
ensure => present
}
}
if ! defined(Package['openstack-app-catalog']) {
package {'openstack-app-catalog':
ensure => 'latest',
provider => pip,
source => "git+${repo_url}@${commit}",
}
}
}
}
@ -100,48 +186,13 @@ class apps_site (
if ($::lsbdistcodename == 'trusty') {
if ! defined(Package['zopfli']) {
if (!$without_glare){
Package['openstack-app-catalog'] -> Package['zopfli']
}
package { 'zopfli':
ensure => present,
}
}
}
exec { 'install-app_catalog' :
command => "/usr/local/bin/pip install --upgrade ${root_dir}",
cwd => $root_dir,
refreshonly => true,
subscribe => Vcsrepo[$root_dir],
notify => Service['httpd'],
}
file { "${install_dir}/local_settings.py":
ensure => present,
mode => '0644',
require => Exec['install-app_catalog'],
content => template('apps_site/local_settings.erb'),
}
file { "${install_dir}/manage.py":
ensure => present,
source => "${root_dir}/manage.py",
require => Exec['install-app_catalog'],
}
exec { 'collect-static' :
command => "/usr/bin/python ${install_dir}/manage.py collectstatic --noinput",
subscribe => File["${install_dir}/manage.py"],
}
exec { 'python-compress' :
command => "/usr/bin/python ${install_dir}/manage.py compress --force",
subscribe => File["${install_dir}/manage.py"],
}
exec { 'make_assets_json' :
command => "${root_dir}/tools/update_assets.sh",
path => '/usr/local/bin:/usr/bin:/bin',
refreshonly => true,
subscribe => Vcsrepo[$root_dir],
}
}

15
manifests/params.pp Normal file
View File

@ -0,0 +1,15 @@
class apps_site::params {
$wsgi_processes = 2
$wsgi_threads = 4
case $::osfamily {
'Debian': {
$wsgi_user = 'www-data'
$wsgi_group = 'www-data'
$app_catalog_dir = '/usr/local/lib/python2.7/dist-packages/openstack_catalog'
}
default: {
fail("Unsupported osfamily: ${::osfamily} operatingsystem: ${::operatingsystem} module: ${module_name}")
}
}
}

107
manifests/plugins/glare.pp Normal file
View File

@ -0,0 +1,107 @@
# class: apps_site::plugins::glare
#
class apps_site::plugins::glare (
$vhost_name = $::fqdn,
$memcache_server = '127.0.0.1:11211',
$cookie_name = 's.aoo',
$use_ssl = false,
$ssl_cert_file_content = undef,
$ssl_key_file_content = undef,
$ssl_ca_file_content = undef,
$ssl_cert_file_location = '/etc/ssl/certs/ssl-cert-snakeoil.pem',
$ssl_key_file_location = '/etc/ssl/private/ssl-cert-snakeoil.key',
$ssl_ca_file_location = '/etc/ssl/certs/ca-certificates.crt',
) inherits ::apps_site::params {
package { 'glare_dev':
ensure => present,
provider => 'pip',
}
service { 'glare-api':
ensure => 'running',
provider => base,
start => 'nohup /usr/local/bin/glare-api --config-file /usr/local/etc/glare/glare.conf &',
restart => 'killall glare-api; nohup /usr/local/bin/glare-api --config-file /usr/local/etc/glare/glare.conf &',
stop => 'killall glare-api',
}
Package['glare_dev'] -> Service['glare-api']
# include ::glare::params
# include ::glare::db::sync
#
# if $use_ssl {
# if $ssl_cert_file_content != undef {
# file { $ssl_cert_file_location:
# owner => 'root',
# group => 'root',
# mode => '0640',
# content => $ssl_cert_file_content,
# }
# }
#
# if $ssl_key_file_content != undef {
# file { $ssl_key_file_location:
# owner => 'root',
# group => 'ssl-cert',
# mode => '0640',
# content => $ssl_key_file_content,
# }
# }
#
# if $ssl_ca_file_content != undef {
# file { $ssl_ca_file_location:
# owner => 'root',
# group => 'root',
# mode => '0640',
# content => $ssl_ca_file_content,
# }
# }
# }
#
# #at the moment the package is located in the experimental repository
# #for debian, should be removed when it will be switched to stable
# if $::os_package_type == 'debian'{
# Package<|title == 'glare'|> {
# name => 'glare-api',
# install_options => ['-t', 'experimental'],
# }
# }
#
# glare_paste_ini {
# 'filter:session/paste.filter_factory':
# value => 'openstack_app_catalog.middlewares:SessionMiddleware.factory';
# 'filter:session/memcached_server':
# value => $memcache_server;
# 'filter:session/session_cookie_name':
# value => $cookie_name;
# 'filter:cors/allowed_origin':
# value => "http://${vhost_name}";
# }
#
# file { '/etc/glare/glare-policy.json':
# content => "{\n \"context_is_admin\": \"role:app-catalog-core\" \n}",
# require => Package[ 'glare' ],
# }
#
# glare_config {
# 'oslo_policy/policy_file': value => 'glare-policy.json';
# }
#
# if $use_ssl {
# class { '::glare':
# pipeline => 'session',
# allow_anonymous_access => true,
# auth_strategy => 'none',
# cert_file => $ssl_cert_file_location,
# key_file => $ssl_key_file_location,
# ca_file => $ssl_ca_file_location,
# }
# }else{
# class { '::glare':
# pipeline => 'session',
# allow_anonymous_access => true,
# auth_strategy => 'none',
# }
# }
}

137
manifests/wsgi/apache.pp Normal file
View File

@ -0,0 +1,137 @@
# == Class: apps_site::wsgi::apache
#
class apps_site::wsgi::apache (
$servername = $::fqdn,
$http_port = 80,
$https_port = 443,
$ssl_cert_file_content = undef,
$ssl_key_file_content = undef,
$ssl_ca_file_content = undef,
$ssl_cert_file_location = '/etc/ssl/certs/ssl-cert-snakeoil.pem',
$ssl_key_file_location = '/etc/ssl/private/ssl-cert-snakeoil.key',
$ssl_ca_file_location = '/etc/ssl/certs/ca-certificates.crt',
$use_ssl = false,
$bind_ip = undef,
$settings_dir = '/etc/openstack-catalog',
) inherits ::apps_site::params {
class { '::apache':
mpm_module => false,
default_vhost => false,
purge_configs => false,
}
if $use_ssl {
include ::apache::mod::ssl
if $ssl_cert_file_content != undef {
file { $ssl_cert_file_location:
owner => 'root',
group => 'root',
mode => '0640',
content => $ssl_cert_file_content,
before => Apache::Vhost['openstack-app-catalog-ssl'],
}
}
if $ssl_key_file_content != undef {
file { $ssl_key_file_location:
owner => 'root',
group => 'ssl-cert',
mode => '0640',
content => $ssl_key_file_content,
before => Apache::Vhost['openstack-app-catalog-ssl'],
}
}
if $ssl_ca_file_content != undef {
file { $ssl_ca_file_location:
owner => 'root',
group => 'root',
mode => '0640',
content => $ssl_ca_file_content,
before => Apache::Vhost['openstack-app-catalog-ssl'],
}
}
::apache::vhost { 'openstack-app-catalog-ssl':
ensure => 'present',
ssl => true,
servername => $servername,
port => $https_port,
ip => $bind_ip,
docroot => '/var/www',
priority => '50',
access_log_file => 'app_catalog_ssl_access.log',
error_log_file => 'app_catalog_ssl_error.log',
ssl_cert => $ssl_cert_file_location,
ssl_key => $ssl_key_file_location,
ssl_ca => $ssl_ca_file_location,
setenv => ["LOCAL_SETTINGS_PATH ${settings_dir}"],
aliases => [{
alias => '/static',
path => "${apps_site::params::app_catalog_dir}/web/static",
}],
wsgi_script_aliases => hash(['/', "${apps_site::params::app_catalog_dir}/wsgi.py"]),
wsgi_daemon_process => "${apps_site::params::wsgi_group}-ssl",
wsgi_process_group => "${apps_site::params::wsgi_group}-ssl",
wsgi_daemon_process_options => {
processes => $apps_site::params::wsgi_processes,
threads => $apps_site::params::wsgi_threads,
user => $apps_site::params::wsgi_user,
group => $apps_site::params::wsgi_group,
},
}
::apache::vhost { 'openstack-app-catalog':
servername => $servername,
port => $http_port,
ip => $bind_ip,
redirect_status => 'permanent',
redirect_dest => "https://${servername}/",
docroot => '/var/www',
priority => '50',
access_log_file => 'app_catalog_access.log',
error_log_file => 'app_catalog_error.log',
setenv => ["LOCAL_SETTINGS_PATH ${settings_dir}"],
aliases => [{
alias => '/static',
path => "${apps_site::params::app_catalog_dir}/web/static",
}],
wsgi_script_aliases => hash(['/', "${apps_site::params::app_catalog_dir}/wsgi.py"]),
wsgi_daemon_process => $apps_site::params::wsgi_group,
wsgi_process_group => $apps_site::params::wsgi_group,
wsgi_daemon_process_options => {
processes => $apps_site::params::wsgi_processes,
threads => $apps_site::params::wsgi_threads,
user => $apps_site::params::wsgi_user,
group => $apps_site::params::wsgi_group,
},
}
}else{
::apache::vhost { 'openstack-app-catalog':
servername => $servername,
port => $http_port,
ip => $bind_ip,
docroot => '/var/www',
priority => '50',
access_log_file => 'app_catalog_access.log',
error_log_file => 'app_catalog_error.log',
setenv => ["LOCAL_SETTINGS_PATH ${settings_dir}"],
aliases => [{
alias => '/static',
path => "${apps_site::params::app_catalog_dir}/web/static",
}],
wsgi_script_aliases => hash(['/', "${apps_site::params::app_catalog_dir}/wsgi.py"]),
wsgi_daemon_process => $apps_site::params::wsgi_group,
wsgi_process_group => $apps_site::params::wsgi_group,
wsgi_daemon_process_options => {
processes => $apps_site::params::wsgi_processes,
threads => $apps_site::params::wsgi_threads,
user => $apps_site::params::wsgi_user,
group => $apps_site::params::wsgi_group,
},
}
}
}

7
metadata.json
View File

@ -1,14 +1,15 @@
{
"name": "openstackci-app_site",
"name": "openstackci-apps_site",
"version": "0.0.1",
"author": "OpenStack CI",
"summary": "Puppet module for OpenStack App Catalog",
"license": "Apache 2.0",
"source": "git://git.openstack.org/openstack-infra/puppet-app_site.git",
"source": "git://git.openstack.org/openstack-infra/puppet-apps_site.git",
"project_page": "http://docs.openstack.org/infra/system-config",
"issues_url": "https://storyboard.openstack.org/#!/project/817",
"dependencies": [
{ "name": "openstackinfra/vcsrepo","version_requirement":">= 0.0.8"},
{ "name": "openstackinfra/httpd", "version_requirement": "0.x" }
{ "name": "openstackinfra/httpd", "version_requirement": "0.x" },
{ "name": "puppetlabs/apache", "version_requirement": ">=1.6.0" }
]
}

9
templates/local_settings_glare.erb Normal file
View File

@ -0,0 +1,9 @@
DEBUG = False
COMPRESS_ENABLED = True
COMPRESS_OFFLINE = True
ALLOWED_HOSTS = ['*']
DOMAIN = '<%= @domain %>'
BASE_URL = 'http://<%= @domain %>'
OPENID_RETURN_URL = 'http://<%= @domain %>/auth/process'
MEMCACHED_SERVER = '<%= @memcache_server %>'
GLARE_URL = '<%= @glare_url %>'