From 8b72875d3c1f95767737c4d961f035e5782ff880 Mon Sep 17 00:00:00 2001 From: Bartosz Kupidura Date: Fri, 9 Sep 2016 14:47:43 +0000 Subject: [PATCH] Glare support for app-catalog This commit should allow to deploy app-catalog with glare support introduced by Ib5c6920c90f566d73a5f9e8ed545f0e082a0b20e Change-Id: I9fbe756cfcc2456587c0395e88f14681a1e43ee4 --- examples/app_site_with_glare_using_git.pp | 48 ++++ examples/app_site_with_glare_using_pip.pp | 42 ++++ examples/app_site_without_glare.pp | 8 + manifests/catalog.pp | 52 +++++ manifests/init.pp | 265 +++++++++++++--------- manifests/params.pp | 15 ++ manifests/plugins/glare.pp | 107 +++++++++ manifests/wsgi/apache.pp | 137 +++++++++++ metadata.json | 7 +- templates/local_settings_glare.erb | 9 + 10 files changed, 580 insertions(+), 110 deletions(-) create mode 100644 examples/app_site_with_glare_using_git.pp create mode 100644 examples/app_site_with_glare_using_pip.pp create mode 100644 examples/app_site_without_glare.pp create mode 100644 manifests/catalog.pp create mode 100644 manifests/params.pp create mode 100644 manifests/plugins/glare.pp create mode 100644 manifests/wsgi/apache.pp create mode 100644 templates/local_settings_glare.erb diff --git a/examples/app_site_with_glare_using_git.pp b/examples/app_site_with_glare_using_git.pp new file mode 100644 index 0000000..02113c7 --- /dev/null +++ b/examples/app_site_with_glare_using_git.pp @@ -0,0 +1,48 @@ +#if you want to install app_site with glare support via git, memcache installed on localhost +$vhost_name = $::fqdn +$without_glare = false +$glare_server = "${vhost_name}:9494" +$memcache_server = '127.0.0.1:11211' +$repo_url = 'https://github.com/openstack/app-catalog.git' +$commit = 'master' +$use_ssl = false + +if $use_ssl { + $glare_url = "https://${glare_server}" +}else{ + $glare_url = "http://${glare_server}" +} + +#installation with importing assets +$import_assets = true + +class { '::apps_site': + without_glare => $without_glare, + use_pip => false, + use_git => true, + repo_url => $repo_url, + commit => $commit, +} + +class { '::apps_site::plugins::glare': + use_ssl => $use_ssl, + memcache_server => $memcache_server, + vhost_name => $vhost_name, +} + +class { '::apps_site::wsgi::apache': + use_ssl => $use_ssl, + servername => $vhost_name, +} + +class { '::apps_site::catalog': + import_assets => $import_assets, + domain => $vhost_name, + glare_url => $glare_url, + memcache_server => $memcache_server, +} + +Class['::apps_site'] -> + Class['::apps_site::plugins::glare'] -> + Class['::apps_site::wsgi::apache'] -> + Class['::apps_site::catalog'] diff --git a/examples/app_site_with_glare_using_pip.pp b/examples/app_site_with_glare_using_pip.pp new file mode 100644 index 0000000..1914a23 --- /dev/null +++ b/examples/app_site_with_glare_using_pip.pp @@ -0,0 +1,42 @@ +#if you want to install app_site with glare support via pip, memcache installed on localhost +$vhost_name = $::fqdn +$without_glare = false +$glare_server = "${vhost_name}:9494" +$memcache_server = '127.0.0.1:11211' +$use_ssl = false + +if $use_ssl { + $glare_url = "https://${glare_server}" +}else{ + $glare_url = "http://${glare_server}" +} + +#installation with importing assets +$import_assets = true + +class { '::apps_site': + without_glare => $without_glare, +} + +class { '::apps_site::plugins::glare': + use_ssl => $use_ssl, + memcache_server => $memcache_server, + vhost_name => $vhost_name, +} + +class { '::apps_site::wsgi::apache': + use_ssl => $use_ssl, + servername => $vhost_name, +} + +class { '::apps_site::catalog': + import_assets => $import_assets, + domain => $vhost_name, + glare_url => $glare_url, + memcache_server => $memcache_server, +} + +Class['::apps_site'] -> + Class['::apps_site::plugins::glare'] -> + Class['::apps_site::wsgi::apache'] -> + Class['::apps_site::catalog'] diff --git a/examples/app_site_without_glare.pp b/examples/app_site_without_glare.pp new file mode 100644 index 0000000..88648c7 --- /dev/null +++ b/examples/app_site_without_glare.pp @@ -0,0 +1,8 @@ +#if you want to install app_site without glare support +$vhost_name = $::fqdn +$without_glare = true + +class { '::apps_site': + vhost_name => $vhost_name, + without_glare => $without_glare, +} diff --git a/manifests/catalog.pp b/manifests/catalog.pp new file mode 100644 index 0000000..dced94b --- /dev/null +++ b/manifests/catalog.pp @@ -0,0 +1,52 @@ +# class: apps_site::catalog +# + +class apps_site::catalog ( + $settings_dir = '/etc/openstack-catalog', + $memcache_server = '127.0.0.1:11211', + $domain = $::fqdn, + $assets_file = undef, + $import_assets = true, + $glare_url = 'http://127.0.0.1:9494/' +) { + + #settings_dir should be set /etc/openstack-catalog + #currently app-catalog will not use env variables properly + file { $settings_dir: + ensure => 'directory', + } + + file { "${settings_dir}/local_settings.py": + ensure => 'present', + content => template('apps_site/local_settings_glare.erb'), + require => File[$settings_dir], + } + + exec { 'app-catalog-collect-static' : + command => 'app-catalog-manage collectstatic --noinput', + path => ['/bin/', '/sbin/' , '/usr/bin/', '/usr/sbin/', '/usr/local/bin', '/usr/local/sbin'], + refreshonly => true, + subscribe => [Package['openstack-app-catalog'], File["${settings_dir}/local_settings.py"]], + } + + exec { 'app-catalog-compress' : + command => 'app-catalog-manage compress --force', + path => ['/bin/', '/sbin/' , '/usr/bin/', '/usr/sbin/', '/usr/local/bin', '/usr/local/sbin'], + refreshonly => true, + subscribe => [Package['openstack-app-catalog'], File["${settings_dir}/local_settings.py"]], + } + + if $import_assets { + + $real_assets_file = $assets_file ? { + undef => "${apps_site::params::app_catalog_dir}/web/static/assets.yaml", + default => $assets_file, + } + + exec { 'import-glare-assets' : + command => "app-catalog-import-assets --glare_url ${glare_url} --assets_file ${real_assets_file}", + path => ['/bin/', '/sbin/' , '/usr/bin/', '/usr/sbin/', '/usr/local/bin', '/usr/local/sbin'], + require => [Package['openstack-app-catalog'], Exec['app-catalog-compress']], + } + } +} diff --git a/manifests/init.pp b/manifests/init.pp index 76cbeee..5906f71 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -12,83 +12,169 @@ class apps_site ( $ssl_key_file = '/etc/ssl/private/ssl-cert-snakeoil.key', $ssl_chain_file = '/etc/ssl/certs/ca-certificates.crt', $vhost_name = $::fqdn, + $without_glare = true, + $use_pip = true, + $use_git = false, + $repo_url = 'https://git.openstack.org/openstack/app-catalog.git', ) { - include ::httpd::ssl - include ::httpd::mod::wsgi - if !defined(Package['git']) { - package { 'git': - ensure => present + if ($without_glare) { + include ::httpd::ssl + include ::httpd::mod::wsgi + + if !defined(Package['git']) { + package { 'git': + ensure => present + } } - } - vcsrepo { $root_dir: - ensure => latest, - provider => git, - revision => $commit, - source => 'https://git.openstack.org/openstack/app-catalog.git', - require => [ - Package['git'], - ] - } - - ::httpd::vhost { $vhost_name: - port => 443, - docroot => "${root_dir}/openstack_catalog/web", - priority => '50', - template => 'apps_site/vhost.erb', - vhost_name => $vhost_name, - ssl => true, - } - - httpd_mod { 'headers': - ensure => present, - notify => Service['httpd'] - } - - httpd_mod { 'rewrite': - ensure => present, - notify => Service['httpd'] - } - - httpd_mod { 'deflate': - ensure => present, - notify => Service['httpd'] - } - - if $ssl_cert_file_contents != undef { - file { $ssl_cert_file: - owner => 'root', - group => 'root', - mode => '0640', - content => $ssl_cert_file_contents, - before => Httpd::Vhost[$vhost_name], + vcsrepo { $root_dir: + ensure => latest, + provider => git, + revision => $commit, + source => 'https://git.openstack.org/openstack/app-catalog.git', + require => [ + Package['git'], + ] } - } - if $ssl_key_file_contents != undef { - file { $ssl_key_file: - owner => 'root', - group => 'ssl-cert', - mode => '0640', - content => $ssl_key_file_contents, - before => Httpd::Vhost[$vhost_name], + ::httpd::vhost { $vhost_name: + port => 443, + docroot => "${root_dir}/openstack_catalog/web", + priority => '50', + template => 'apps_site/vhost.erb', + vhost_name => $vhost_name, + ssl => true, } - } - if $ssl_chain_file_contents != undef { - file { $ssl_chain_file: - owner => 'root', - group => 'root', - mode => '0640', - content => $ssl_chain_file_contents, - before => Httpd::Vhost[$vhost_name], - } - } - - if ! defined(Package['python-yaml']) { - package { 'python-yaml': + httpd_mod { 'headers': ensure => present, + notify => Service['httpd'] + } + + httpd_mod { 'rewrite': + ensure => present, + notify => Service['httpd'] + } + + httpd_mod { 'deflate': + ensure => present, + notify => Service['httpd'] + } + + if $ssl_cert_file_contents != undef { + file { $ssl_cert_file: + owner => 'root', + group => 'root', + mode => '0640', + content => $ssl_cert_file_contents, + before => Httpd::Vhost[$vhost_name], + } + } + + if $ssl_key_file_contents != undef { + file { $ssl_key_file: + owner => 'root', + group => 'ssl-cert', + mode => '0640', + content => $ssl_key_file_contents, + before => Httpd::Vhost[$vhost_name], + } + } + + if $ssl_chain_file_contents != undef { + file { $ssl_chain_file: + owner => 'root', + group => 'root', + mode => '0640', + content => $ssl_chain_file_contents, + before => Httpd::Vhost[$vhost_name], + } + } + + if ! defined(Package['python-yaml']) { + package { 'python-yaml': + ensure => present, + } + } + + exec { 'install-app_catalog' : + command => "/usr/local/bin/pip install --upgrade ${root_dir}", + cwd => $root_dir, + refreshonly => true, + subscribe => Vcsrepo[$root_dir], + notify => Service['httpd'], + } + + file { "${install_dir}/local_settings.py": + ensure => present, + mode => '0644', + require => Exec['install-app_catalog'], + content => template('apps_site/local_settings.erb'), + } + + file { "${install_dir}/manage.py": + ensure => present, + source => "${root_dir}/manage.py", + require => Exec['install-app_catalog'], + } + + exec { 'collect-static' : + command => "/usr/bin/python ${install_dir}/manage.py collectstatic --noinput", + subscribe => File["${install_dir}/manage.py"], + } + + exec { 'python-compress' : + command => "/usr/bin/python ${install_dir}/manage.py compress --force", + subscribe => File["${install_dir}/manage.py"], + } + + exec { 'make_assets_json' : + command => "${root_dir}/tools/update_assets.sh", + path => '/usr/local/bin:/usr/bin:/bin', + refreshonly => true, + subscribe => Vcsrepo[$root_dir], + } + } else { + + $deps = [ 'python-pip', 'python-dev', 'libffi-dev', 'libpq-dev' ] + + package { $deps: + ensure => 'present', + before => Package['pipinpip'], + } + + package { 'pipinpip': + ensure => latest, + name => 'pip', + provider => 'pip', + before => Package['openstack-app-catalog'], + } + + if $use_pip { + if ! defined(Package['openstack-app-catalog']) { + package {'openstack-app-catalog': + ensure => 'latest', + provider => pip, + } + } + } + + if $use_git { + + if !defined(Package['git']) { + package { 'git': + ensure => present + } + } + + if ! defined(Package['openstack-app-catalog']) { + package {'openstack-app-catalog': + ensure => 'latest', + provider => pip, + source => "git+${repo_url}@${commit}", + } + } } } @@ -100,48 +186,13 @@ class apps_site ( if ($::lsbdistcodename == 'trusty') { if ! defined(Package['zopfli']) { + if (!$without_glare){ + Package['openstack-app-catalog'] -> Package['zopfli'] + } + package { 'zopfli': ensure => present, } } } - - exec { 'install-app_catalog' : - command => "/usr/local/bin/pip install --upgrade ${root_dir}", - cwd => $root_dir, - refreshonly => true, - subscribe => Vcsrepo[$root_dir], - notify => Service['httpd'], - } - - file { "${install_dir}/local_settings.py": - ensure => present, - mode => '0644', - require => Exec['install-app_catalog'], - content => template('apps_site/local_settings.erb'), - } - - file { "${install_dir}/manage.py": - ensure => present, - source => "${root_dir}/manage.py", - require => Exec['install-app_catalog'], - } - - exec { 'collect-static' : - command => "/usr/bin/python ${install_dir}/manage.py collectstatic --noinput", - subscribe => File["${install_dir}/manage.py"], - } - - exec { 'python-compress' : - command => "/usr/bin/python ${install_dir}/manage.py compress --force", - subscribe => File["${install_dir}/manage.py"], - } - - exec { 'make_assets_json' : - command => "${root_dir}/tools/update_assets.sh", - path => '/usr/local/bin:/usr/bin:/bin', - refreshonly => true, - subscribe => Vcsrepo[$root_dir], - } - } diff --git a/manifests/params.pp b/manifests/params.pp new file mode 100644 index 0000000..8b8e0f0 --- /dev/null +++ b/manifests/params.pp @@ -0,0 +1,15 @@ +class apps_site::params { + $wsgi_processes = 2 + $wsgi_threads = 4 + + case $::osfamily { + 'Debian': { + $wsgi_user = 'www-data' + $wsgi_group = 'www-data' + $app_catalog_dir = '/usr/local/lib/python2.7/dist-packages/openstack_catalog' + } + default: { + fail("Unsupported osfamily: ${::osfamily} operatingsystem: ${::operatingsystem} module: ${module_name}") + } + } +} diff --git a/manifests/plugins/glare.pp b/manifests/plugins/glare.pp new file mode 100644 index 0000000..61b0016 --- /dev/null +++ b/manifests/plugins/glare.pp @@ -0,0 +1,107 @@ +# class: apps_site::plugins::glare +# +class apps_site::plugins::glare ( + $vhost_name = $::fqdn, + $memcache_server = '127.0.0.1:11211', + $cookie_name = 's.aoo', + $use_ssl = false, + $ssl_cert_file_content = undef, + $ssl_key_file_content = undef, + $ssl_ca_file_content = undef, + $ssl_cert_file_location = '/etc/ssl/certs/ssl-cert-snakeoil.pem', + $ssl_key_file_location = '/etc/ssl/private/ssl-cert-snakeoil.key', + $ssl_ca_file_location = '/etc/ssl/certs/ca-certificates.crt', +) inherits ::apps_site::params { + + package { 'glare_dev': + ensure => present, + provider => 'pip', + } + + service { 'glare-api': + ensure => 'running', + provider => base, + start => 'nohup /usr/local/bin/glare-api --config-file /usr/local/etc/glare/glare.conf &', + restart => 'killall glare-api; nohup /usr/local/bin/glare-api --config-file /usr/local/etc/glare/glare.conf &', + stop => 'killall glare-api', + } + + Package['glare_dev'] -> Service['glare-api'] +# include ::glare::params +# include ::glare::db::sync +# +# if $use_ssl { +# if $ssl_cert_file_content != undef { +# file { $ssl_cert_file_location: +# owner => 'root', +# group => 'root', +# mode => '0640', +# content => $ssl_cert_file_content, +# } +# } +# +# if $ssl_key_file_content != undef { +# file { $ssl_key_file_location: +# owner => 'root', +# group => 'ssl-cert', +# mode => '0640', +# content => $ssl_key_file_content, +# } +# } +# +# if $ssl_ca_file_content != undef { +# file { $ssl_ca_file_location: +# owner => 'root', +# group => 'root', +# mode => '0640', +# content => $ssl_ca_file_content, +# } +# } +# } +# +# #at the moment the package is located in the experimental repository +# #for debian, should be removed when it will be switched to stable +# if $::os_package_type == 'debian'{ +# Package<|title == 'glare'|> { +# name => 'glare-api', +# install_options => ['-t', 'experimental'], +# } +# } +# +# glare_paste_ini { +# 'filter:session/paste.filter_factory': +# value => 'openstack_app_catalog.middlewares:SessionMiddleware.factory'; +# 'filter:session/memcached_server': +# value => $memcache_server; +# 'filter:session/session_cookie_name': +# value => $cookie_name; +# 'filter:cors/allowed_origin': +# value => "http://${vhost_name}"; +# } +# +# file { '/etc/glare/glare-policy.json': +# content => "{\n \"context_is_admin\": \"role:app-catalog-core\" \n}", +# require => Package[ 'glare' ], +# } +# +# glare_config { +# 'oslo_policy/policy_file': value => 'glare-policy.json'; +# } +# +# if $use_ssl { +# class { '::glare': +# pipeline => 'session', +# allow_anonymous_access => true, +# auth_strategy => 'none', +# cert_file => $ssl_cert_file_location, +# key_file => $ssl_key_file_location, +# ca_file => $ssl_ca_file_location, +# } +# }else{ +# class { '::glare': +# pipeline => 'session', +# allow_anonymous_access => true, +# auth_strategy => 'none', +# } +# } +} diff --git a/manifests/wsgi/apache.pp b/manifests/wsgi/apache.pp new file mode 100644 index 0000000..c15e4ac --- /dev/null +++ b/manifests/wsgi/apache.pp @@ -0,0 +1,137 @@ +# == Class: apps_site::wsgi::apache +# +class apps_site::wsgi::apache ( + $servername = $::fqdn, + $http_port = 80, + $https_port = 443, + $ssl_cert_file_content = undef, + $ssl_key_file_content = undef, + $ssl_ca_file_content = undef, + $ssl_cert_file_location = '/etc/ssl/certs/ssl-cert-snakeoil.pem', + $ssl_key_file_location = '/etc/ssl/private/ssl-cert-snakeoil.key', + $ssl_ca_file_location = '/etc/ssl/certs/ca-certificates.crt', + $use_ssl = false, + $bind_ip = undef, + $settings_dir = '/etc/openstack-catalog', +) inherits ::apps_site::params { + + class { '::apache': + mpm_module => false, + default_vhost => false, + purge_configs => false, + } + + if $use_ssl { + include ::apache::mod::ssl + + if $ssl_cert_file_content != undef { + file { $ssl_cert_file_location: + owner => 'root', + group => 'root', + mode => '0640', + content => $ssl_cert_file_content, + before => Apache::Vhost['openstack-app-catalog-ssl'], + } + } + + if $ssl_key_file_content != undef { + file { $ssl_key_file_location: + owner => 'root', + group => 'ssl-cert', + mode => '0640', + content => $ssl_key_file_content, + before => Apache::Vhost['openstack-app-catalog-ssl'], + } + } + + if $ssl_ca_file_content != undef { + file { $ssl_ca_file_location: + owner => 'root', + group => 'root', + mode => '0640', + content => $ssl_ca_file_content, + before => Apache::Vhost['openstack-app-catalog-ssl'], + } + } + + ::apache::vhost { 'openstack-app-catalog-ssl': + ensure => 'present', + ssl => true, + servername => $servername, + port => $https_port, + ip => $bind_ip, + docroot => '/var/www', + priority => '50', + access_log_file => 'app_catalog_ssl_access.log', + error_log_file => 'app_catalog_ssl_error.log', + ssl_cert => $ssl_cert_file_location, + ssl_key => $ssl_key_file_location, + ssl_ca => $ssl_ca_file_location, + setenv => ["LOCAL_SETTINGS_PATH ${settings_dir}"], + aliases => [{ + alias => '/static', + path => "${apps_site::params::app_catalog_dir}/web/static", + }], + wsgi_script_aliases => hash(['/', "${apps_site::params::app_catalog_dir}/wsgi.py"]), + wsgi_daemon_process => "${apps_site::params::wsgi_group}-ssl", + wsgi_process_group => "${apps_site::params::wsgi_group}-ssl", + wsgi_daemon_process_options => { + processes => $apps_site::params::wsgi_processes, + threads => $apps_site::params::wsgi_threads, + user => $apps_site::params::wsgi_user, + group => $apps_site::params::wsgi_group, + }, + } + + ::apache::vhost { 'openstack-app-catalog': + servername => $servername, + port => $http_port, + ip => $bind_ip, + redirect_status => 'permanent', + redirect_dest => "https://${servername}/", + docroot => '/var/www', + priority => '50', + access_log_file => 'app_catalog_access.log', + error_log_file => 'app_catalog_error.log', + setenv => ["LOCAL_SETTINGS_PATH ${settings_dir}"], + aliases => [{ + alias => '/static', + path => "${apps_site::params::app_catalog_dir}/web/static", + }], + wsgi_script_aliases => hash(['/', "${apps_site::params::app_catalog_dir}/wsgi.py"]), + wsgi_daemon_process => $apps_site::params::wsgi_group, + wsgi_process_group => $apps_site::params::wsgi_group, + wsgi_daemon_process_options => { + processes => $apps_site::params::wsgi_processes, + threads => $apps_site::params::wsgi_threads, + user => $apps_site::params::wsgi_user, + group => $apps_site::params::wsgi_group, + }, + } + }else{ + + ::apache::vhost { 'openstack-app-catalog': + servername => $servername, + port => $http_port, + ip => $bind_ip, + docroot => '/var/www', + priority => '50', + access_log_file => 'app_catalog_access.log', + error_log_file => 'app_catalog_error.log', + setenv => ["LOCAL_SETTINGS_PATH ${settings_dir}"], + aliases => [{ + alias => '/static', + path => "${apps_site::params::app_catalog_dir}/web/static", + }], + wsgi_script_aliases => hash(['/', "${apps_site::params::app_catalog_dir}/wsgi.py"]), + wsgi_daemon_process => $apps_site::params::wsgi_group, + wsgi_process_group => $apps_site::params::wsgi_group, + wsgi_daemon_process_options => { + processes => $apps_site::params::wsgi_processes, + threads => $apps_site::params::wsgi_threads, + user => $apps_site::params::wsgi_user, + group => $apps_site::params::wsgi_group, + }, + } + } +} diff --git a/metadata.json b/metadata.json index f441fa0..b5e677c 100644 --- a/metadata.json +++ b/metadata.json @@ -1,14 +1,15 @@ { - "name": "openstackci-app_site", + "name": "openstackci-apps_site", "version": "0.0.1", "author": "OpenStack CI", "summary": "Puppet module for OpenStack App Catalog", "license": "Apache 2.0", - "source": "git://git.openstack.org/openstack-infra/puppet-app_site.git", + "source": "git://git.openstack.org/openstack-infra/puppet-apps_site.git", "project_page": "http://docs.openstack.org/infra/system-config", "issues_url": "https://storyboard.openstack.org/#!/project/817", "dependencies": [ { "name": "openstackinfra/vcsrepo","version_requirement":">= 0.0.8"}, - { "name": "openstackinfra/httpd", "version_requirement": "0.x" } + { "name": "openstackinfra/httpd", "version_requirement": "0.x" }, + { "name": "puppetlabs/apache", "version_requirement": ">=1.6.0" } ] } diff --git a/templates/local_settings_glare.erb b/templates/local_settings_glare.erb new file mode 100644 index 0000000..0d362ae --- /dev/null +++ b/templates/local_settings_glare.erb @@ -0,0 +1,9 @@ +DEBUG = False +COMPRESS_ENABLED = True +COMPRESS_OFFLINE = True +ALLOWED_HOSTS = ['*'] +DOMAIN = '<%= @domain %>' +BASE_URL = 'http://<%= @domain %>' +OPENID_RETURN_URL = 'http://<%= @domain %>/auth/process' +MEMCACHED_SERVER = '<%= @memcache_server %>' +GLARE_URL = '<%= @glare_url %>'