diff options
-rw-r--r-- | manifests/certmonger/haproxy.pp | 14 | ||||
-rw-r--r-- | manifests/certmonger/httpd.pp | 14 | ||||
-rw-r--r-- | manifests/haproxy.pp | 44 | ||||
-rw-r--r-- | manifests/profile/base/ceilometer.pp | 18 | ||||
-rw-r--r-- | manifests/profile/base/ceilometer/collector.pp | 9 | ||||
-rw-r--r-- | manifests/profile/base/docker.pp | 9 | ||||
-rw-r--r-- | manifests/profile/base/gnocchi/api.pp | 12 | ||||
-rw-r--r-- | manifests/profile/base/neutron/plugins/ml2/bagpipe.pp | 37 | ||||
-rw-r--r-- | manifests/profile/base/neutron/plugins/nsx_v3.pp | 45 | ||||
-rw-r--r-- | manifests/profile/base/sshd.pp | 34 | ||||
-rw-r--r-- | manifests/ui.pp | 2 | ||||
-rw-r--r-- | releasenotes/notes/add-bagpipe-driver-9163f5b22096fde0.yaml | 1 | ||||
-rw-r--r-- | releasenotes/notes/move-ceilo-upgrade-out-3318df875de5cd00.yaml | 6 | ||||
-rw-r--r-- | spec/classes/tripleo_profile_base_ceilometer_collector_spec.rb | 26 | ||||
-rw-r--r-- | spec/classes/tripleo_profile_base_ceilometer_spec.rb | 25 | ||||
-rw-r--r-- | spec/classes/tripleo_profile_base_gnocchi_api_spec.rb | 109 | ||||
-rw-r--r-- | spec/classes/tripleo_profile_base_sshd_spec.rb | 118 | ||||
-rw-r--r-- | spec/fixtures/hieradata/default.yaml | 2 |
18 files changed, 438 insertions, 87 deletions
diff --git a/manifests/certmonger/haproxy.pp b/manifests/certmonger/haproxy.pp index 6668440..a5d1bf8 100644 --- a/manifests/certmonger/haproxy.pp +++ b/manifests/certmonger/haproxy.pp @@ -40,6 +40,11 @@ # (Optional) The CA that certmonger will use to generate the certificates. # Defaults to hiera('certmonger_ca', 'local'). # +# [*dnsnames*] +# (Optional) The DNS names that will be added for the SubjectAltNames entry +# in the certificate. If left unset, the value will be set to the $hostname. +# Defaults to undef +# # [*principal*] # The haproxy service principal that is set for HAProxy in kerberos. # @@ -50,6 +55,7 @@ define tripleo::certmonger::haproxy ( $hostname, $postsave_cmd, $certmonger_ca = hiera('certmonger_ca', 'local'), + $dnsnames = undef, $principal = undef, ){ include ::certmonger @@ -62,11 +68,17 @@ define tripleo::certmonger::haproxy ( } } + if $dnsnames { + $dnsnames_real = $dnsnames + } else { + $dnsnames_real = $hostname + } + certmonger_certificate { "${title}-cert": ensure => 'present', ca => $certmonger_ca, hostname => $hostname, - dnsname => $hostname, + dnsname => $dnsnames_real, certfile => $service_certificate, keyfile => $service_key, postsave_cmd => $postsave_cmd, diff --git a/manifests/certmonger/httpd.pp b/manifests/certmonger/httpd.pp index 74c0b5a..e9754f7 100644 --- a/manifests/certmonger/httpd.pp +++ b/manifests/certmonger/httpd.pp @@ -31,6 +31,11 @@ # (Optional) The CA that certmonger will use to generate the certificates. # Defaults to hiera('certmonger_ca', 'local'). # +# [*dnsnames*] +# (Optional) The DNS names that will be added for the SubjectAltNames entry +# in the certificate. If left unset, the value will be set to the $hostname. +# Defaults to undef +# # [*principal*] # The haproxy service principal that is set for HAProxy in kerberos. # @@ -39,18 +44,25 @@ define tripleo::certmonger::httpd ( $service_certificate, $service_key, $certmonger_ca = hiera('certmonger_ca', 'local'), + $dnsnames = undef, $principal = undef, ) { include ::certmonger include ::apache::params + if $dnsnames { + $dnsnames_real = $dnsnames + } else { + $dnsnames_real = $hostname + } + $postsave_cmd = "systemctl reload ${::apache::params::service_name}" certmonger_certificate { $name : ensure => 'present', certfile => $service_certificate, keyfile => $service_key, hostname => $hostname, - dnsname => $hostname, + dnsname => $dnsnames_real, principal => $principal, postsave_cmd => $postsave_cmd, ca => $certmonger_ca, diff --git a/manifests/haproxy.pp b/manifests/haproxy.pp index a6bd1eb..ad7b954 100644 --- a/manifests/haproxy.pp +++ b/manifests/haproxy.pp @@ -49,6 +49,10 @@ # The IPv4, IPv6 or filesystem socket path of the syslog server. # Defaults to '/dev/log' # +# [*haproxy_daemon*] +# Should haproxy run in daemon mode or not +# Defaults to true +# # [*controller_hosts*] # IPs of host or group of hosts to load-balance the services # Can be a string or an array. @@ -539,6 +543,7 @@ class tripleo::haproxy ( $haproxy_listen_bind_param = [ 'transparent' ], $haproxy_member_options = [ 'check', 'inter 2000', 'rise 2', 'fall 5' ], $haproxy_log_address = '/dev/log', + $haproxy_daemon = true, $haproxy_stats_user = 'admin', $haproxy_stats_password = undef, $controller_hosts = hiera('controller_node_ips'), @@ -718,6 +723,9 @@ class tripleo::haproxy ( if $enable_internal_tls { $internal_tls_member_options = ['ssl', 'verify required', "ca-file ${ca_bundle}"] + Haproxy::Balancermember { + verifyhost => true + } } else { $internal_tls_member_options = [] } @@ -797,22 +805,30 @@ class tripleo::haproxy ( "${redis_vip}:6379" => $haproxy_listen_bind_param, } + $haproxy_global_options = { + 'log' => "${haproxy_log_address} local0", + 'pidfile' => '/var/run/haproxy.pid', + 'user' => 'haproxy', + 'group' => 'haproxy', + 'maxconn' => $haproxy_global_maxconn, + 'ssl-default-bind-ciphers' => $ssl_cipher_suite, + 'ssl-default-bind-options' => $ssl_options, + 'stats' => [ + 'socket /var/lib/haproxy/stats mode 600 level user', + 'timeout 2m' + ], + } + if $haproxy_daemon == true { + $haproxy_daemonize = { + 'daemon' => '', + } + } else { + $haproxy_daemonize = {} + } + class { '::haproxy': service_manage => $haproxy_service_manage, - global_options => { - 'log' => "${haproxy_log_address} local0", - 'pidfile' => '/var/run/haproxy.pid', - 'user' => 'haproxy', - 'group' => 'haproxy', - 'daemon' => '', - 'maxconn' => $haproxy_global_maxconn, - 'ssl-default-bind-ciphers' => $ssl_cipher_suite, - 'ssl-default-bind-options' => $ssl_options, - 'stats' => [ - 'socket /var/lib/haproxy/stats mode 600 level user', - 'timeout 2m' - ], - }, + global_options => merge($haproxy_global_options, $haproxy_daemonize), defaults_options => { 'mode' => 'tcp', 'log' => 'global', diff --git a/manifests/profile/base/ceilometer.pp b/manifests/profile/base/ceilometer.pp index 2855bd2..e6a2f11 100644 --- a/manifests/profile/base/ceilometer.pp +++ b/manifests/profile/base/ceilometer.pp @@ -18,6 +18,10 @@ # # === Parameters # +# [*bootstrap_node*] +# (Optional) The hostname of the node responsible for bootstrapping tasks +# Defaults to hiera('bootstrap_nodeid') +# # [*step*] # (Optional) The current step in deployment. See tripleo-heat-templates # for more details. @@ -68,6 +72,7 @@ # Defaults to hiera('ceilometer::rabbit_use_ssl', '0') class tripleo::profile::base::ceilometer ( + $bootstrap_node = hiera('bootstrap_nodeid', undef), $step = hiera('step'), $oslomsg_rpc_proto = hiera('messaging_rpc_service_name', 'rabbit'), $oslomsg_rpc_hosts = any2array(hiera('rabbitmq_node_names', undef)), @@ -81,6 +86,11 @@ class tripleo::profile::base::ceilometer ( $oslomsg_notify_username = hiera('ceilometer::rabbit_userid', 'guest'), $oslomsg_use_ssl = hiera('ceilometer::rabbit_use_ssl', '0'), ) { + if $::hostname == downcase($bootstrap_node) { + $sync_db = true + } else { + $sync_db = false + } if $step >= 3 { $oslomsg_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_use_ssl))) @@ -105,4 +115,12 @@ class tripleo::profile::base::ceilometer ( include ::ceilometer::config } + # Run ceilometer-upgrade in step 5 so gnocchi resource types + # are created safely. + if $step >= 5 and $sync_db { + exec {'ceilometer-db-upgrade': + command => 'ceilometer-upgrade --skip-metering-database', + path => ['/usr/bin', '/usr/sbin'], + } + } } diff --git a/manifests/profile/base/ceilometer/collector.pp b/manifests/profile/base/ceilometer/collector.pp index 6b58286..a2c1e29 100644 --- a/manifests/profile/base/ceilometer/collector.pp +++ b/manifests/profile/base/ceilometer/collector.pp @@ -84,13 +84,4 @@ class tripleo::profile::base::ceilometer::collector ( include ::ceilometer::collector include ::ceilometer::dispatcher::gnocchi } - - # Re-run ceilometer-upgrade again in step 5 so gnocchi resource types - # are created safely. - if $step >= 5 and $sync_db { - exec {'ceilometer-db-upgrade': - command => 'ceilometer-upgrade --skip-metering-database', - path => ['/usr/bin', '/usr/sbin'], - } - } } diff --git a/manifests/profile/base/docker.pp b/manifests/profile/base/docker.pp index 4797d86..d035f6a 100644 --- a/manifests/profile/base/docker.pp +++ b/manifests/profile/base/docker.pp @@ -79,12 +79,21 @@ class tripleo::profile::base::docker ( $mirror_changes = [ 'rm dict/entry[. = "registry-mirrors"]', ] } + file { '/etc/docker/daemon.json': + ensure => 'present', + content => '{}', + mode => '0644', + replace => false, + require => Package['docker'] + } + augeas { 'docker-daemon.json': lens => 'Json.lns', incl => '/etc/docker/daemon.json', changes => $mirror_changes, subscribe => Package['docker'], notify => Service['docker'], + require => File['/etc/docker/daemon.json'], } } diff --git a/manifests/profile/base/gnocchi/api.pp b/manifests/profile/base/gnocchi/api.pp index 4a47184..a4e9a30 100644 --- a/manifests/profile/base/gnocchi/api.pp +++ b/manifests/profile/base/gnocchi/api.pp @@ -47,6 +47,14 @@ # This is set by t-h-t. # Defaults to hiera('gnocchi_api_network', undef) # +# [*gnocchi_redis_password*] +# (Required) Password for the gnocchi redis user for the coordination url +# Defaults to hiera('gnocchi_redis_password') +# +# [*redis_vip*] +# (Required) Redis ip address for the coordination url +# Defaults to hiera('redis_vip') +# # [*step*] # (Optional) The current step in deployment. See tripleo-heat-templates # for more details. @@ -58,6 +66,8 @@ class tripleo::profile::base::gnocchi::api ( $enable_internal_tls = hiera('enable_internal_tls', false), $gnocchi_backend = downcase(hiera('gnocchi_backend', 'swift')), $gnocchi_network = hiera('gnocchi_api_network', undef), + $gnocchi_redis_password = hiera('gnocchi_redis_password'), + $redis_vip = hiera('redis_vip'), $step = hiera('step'), ) { if $::hostname == downcase($bootstrap_node) { @@ -94,7 +104,7 @@ class tripleo::profile::base::gnocchi::api ( if $step >= 4 { class { '::gnocchi::storage': - coordination_url => join(['redis://:', hiera('gnocchi_redis_password'), '@', normalize_ip_for_uri(hiera('redis_vip')), ':6379/']), + coordination_url => join(['redis://:', $gnocchi_redis_password, '@', normalize_ip_for_uri($redis_vip), ':6379/']), } case $gnocchi_backend { 'swift': { include ::gnocchi::storage::swift } diff --git a/manifests/profile/base/neutron/plugins/ml2/bagpipe.pp b/manifests/profile/base/neutron/plugins/ml2/bagpipe.pp new file mode 100644 index 0000000..161cd75 --- /dev/null +++ b/manifests/profile/base/neutron/plugins/ml2/bagpipe.pp @@ -0,0 +1,37 @@ +# +# Copyright (C) 2017 Red Hat Inc. +# +# Author: Ricardo Noriega <rnoriega@redhat.com> +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::base::neutron::plugins::ml2::bagpipe +# +# Neutron Bagpipe ML2 profile for TripleO +# +# === Parameters +# +# [*step*] +# (Optional) The current step in deployment. See tripleo-heat-templates +# for more details. +# Defaults to hiera('step') +# +class tripleo::profile::base::neutron::plugins::ml2::bagpipe ( + $step = hiera('step'), +) { + include ::tripleo::profile::base::neutron + + if $step >= 4 { + include ::neutron::plugins::ml2::bagpipe + } +} diff --git a/manifests/profile/base/neutron/plugins/nsx_v3.pp b/manifests/profile/base/neutron/plugins/nsx_v3.pp new file mode 100644 index 0000000..33fa0cf --- /dev/null +++ b/manifests/profile/base/neutron/plugins/nsx_v3.pp @@ -0,0 +1,45 @@ +# Copyright 2017 VMware, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::base::neutron::plugins::nsx_v3 +# +# VMware NSXv3 Neutron profile for tripleo +# +# === Parameters +# +# [*bootstrap_node*] +# (Optional) The hostname of the node responsible for bootstrapping tasks +# Defaults to hiera('bootstrap_nodeid') +# +# [*step*] +# (Optional) The current step in deployment. See tripleo-heat-templates +# for more details. +# Defaults to hiera('step') +# +class tripleo::profile::base::neutron::plugins::nsx_v3 ( + $bootstrap_node = hiera('bootstrap_nodeid', undef), + $step = hiera('step'), +) { + if $::hostname == downcase($bootstrap_node) { + $sync_db = true + } else { + $sync_db = false + } + + include ::tripleo::profile::base::neutron + + if $step >= 4 or ( $step >= 3 and $sync_db ) { + include ::neutron::plugins::nsx_v3 + } +} diff --git a/manifests/profile/base/sshd.pp b/manifests/profile/base/sshd.pp index 2b86032..3f0245d 100644 --- a/manifests/profile/base/sshd.pp +++ b/manifests/profile/base/sshd.pp @@ -27,14 +27,19 @@ # The text used within SSH Banner # Defaults to hiera('MOTD') # +# [*options*] +# Hash of SSHD options to set. See the puppet-ssh module documentation for +# details. +# Defaults to {} + class tripleo::profile::base::sshd ( $bannertext = hiera('BannerText', undef), $motd = hiera('MOTD', undef), + $options = {} ) { - include ::ssh::server - - if $bannertext { + if $bannertext and $bannertext != '' { + $sshd_options_banner = {'Banner' => '/etc/issue.net'} $filelist = [ '/etc/issue', '/etc/issue.net', ] file { $filelist: ensure => file, @@ -44,9 +49,12 @@ class tripleo::profile::base::sshd ( group => 'root', mode => '0644' } + } else { + $sshd_options_banner = {} } - if $motd { + if $motd and $motd != '' { + $sshd_options_motd = {'PrintMotd' => 'yes'} file { '/etc/motd': ensure => file, backup => false, @@ -55,5 +63,23 @@ class tripleo::profile::base::sshd ( group => 'root', mode => '0644' } + } else { + $sshd_options_motd = {} + } + + $sshd_options = merge( + $options, + $sshd_options_banner, + $sshd_options_motd + ) + + # NB (owalsh) in puppet-ssh hiera takes precedence over the class param + # we need to control this, so error if it's set in hiera + if hiera('ssh:server::options', undef) { + err('ssh:server::options must not be set, use tripleo::profile::base::sshd::options') + } + class { '::ssh::server': + storeconfigs_enabled => false, + options => $sshd_options } } diff --git a/manifests/ui.pp b/manifests/ui.pp index b2ed178..1745535 100644 --- a/manifests/ui.pp +++ b/manifests/ui.pp @@ -39,6 +39,7 @@ # 'de' => 'German', # 'en' => 'English', # 'es' => 'Spanish', +# 'id' => 'Indonesian', # 'ja' => 'Japanese', # 'ko-KR' => 'Korean', # 'zh-CN' => 'Simplified Chinese' @@ -106,6 +107,7 @@ class tripleo::ui ( 'de' => 'German', 'en' => 'English', 'es' => 'Spanish', + 'id' => 'Indonesian', 'ja' => 'Japanese', 'ko-KR' => 'Korean', 'zh-CN' => 'Simplified Chinese' diff --git a/releasenotes/notes/add-bagpipe-driver-9163f5b22096fde0.yaml b/releasenotes/notes/add-bagpipe-driver-9163f5b22096fde0.yaml index df6b232..3b9f189 100644 --- a/releasenotes/notes/add-bagpipe-driver-9163f5b22096fde0.yaml +++ b/releasenotes/notes/add-bagpipe-driver-9163f5b22096fde0.yaml @@ -1,3 +1,4 @@ --- features: - Add support for Bagpipe Neutron driver as backend in BGPVPN scenarios + - Add ML2 plugin configuration for Bagpipe BGPVPN extension diff --git a/releasenotes/notes/move-ceilo-upgrade-out-3318df875de5cd00.yaml b/releasenotes/notes/move-ceilo-upgrade-out-3318df875de5cd00.yaml new file mode 100644 index 0000000..1899db9 --- /dev/null +++ b/releasenotes/notes/move-ceilo-upgrade-out-3318df875de5cd00.yaml @@ -0,0 +1,6 @@ +--- +fixes: + - Since collector is deprecated, move the ceilo upgrade in step5 + out of collector profile and into cielometer base. This way + ceilo upgrade can run even when collector is disabled which is + the default in pike. diff --git a/spec/classes/tripleo_profile_base_ceilometer_collector_spec.rb b/spec/classes/tripleo_profile_base_ceilometer_collector_spec.rb index 0f9aad7..23b198a 100644 --- a/spec/classes/tripleo_profile_base_ceilometer_collector_spec.rb +++ b/spec/classes/tripleo_profile_base_ceilometer_collector_spec.rb @@ -128,32 +128,6 @@ describe 'tripleo::profile::base::ceilometer::collector' do is_expected.to contain_class('ceilometer::dispatcher::gnocchi') end end - - context 'with step 5 on bootstrap node' do - let(:params) { { - :step => 5, - :bootstrap_node => 'node.example.com', - :mongodb_node_ips => ['127.0.0.1',], - :mongodb_replset => 'replicaset' - } } - - it 'should trigger complete configuration' do - is_expected.to contain_exec('ceilometer-db-upgrade') - end - end - - context 'with step 5 not on bootstrap node' do - let(:params) { { - :step => 5, - :bootstrap_node => 'somethingelse.example.com', - :mongodb_node_ips => ['127.0.0.1',], - :mongodb_replset => 'replicaset' - } } - - it 'should trigger complete configuration' do - is_expected.to_not contain_exec('ceilometer-db-upgrade') - end - end end diff --git a/spec/classes/tripleo_profile_base_ceilometer_spec.rb b/spec/classes/tripleo_profile_base_ceilometer_spec.rb index 9173203..8c1d507 100644 --- a/spec/classes/tripleo_profile_base_ceilometer_spec.rb +++ b/spec/classes/tripleo_profile_base_ceilometer_spec.rb @@ -42,6 +42,31 @@ describe 'tripleo::profile::base::ceilometer' do is_expected.to contain_class('ceilometer::config') end end + + context 'with step 5 with bootstrap node' do + let(:params) { { + :bootstrap_node => 'node.example.com', + :step => 5, + :oslomsg_rpc_hosts => [ '127.0.0.1' ], + :oslomsg_rpc_username => 'ceilometer', + :oslomsg_rpc_password => 'foo', + } } + + it 'should trigger complete configuration' do + is_expected.to contain_exec('ceilometer-db-upgrade') + end + end + + context 'with step 5 without bootstrap node' do + let(:params) { { + :bootstrap_node => 'somethingelse.example.com', + :step => 5, + } } + + it 'should trigger complete configuration' do + is_expected.to_not contain_exec('ceilometer-db-upgrade') + end + end end diff --git a/spec/classes/tripleo_profile_base_gnocchi_api_spec.rb b/spec/classes/tripleo_profile_base_gnocchi_api_spec.rb index 805a28e..6c04e9d 100644 --- a/spec/classes/tripleo_profile_base_gnocchi_api_spec.rb +++ b/spec/classes/tripleo_profile_base_gnocchi_api_spec.rb @@ -23,7 +23,11 @@ describe 'tripleo::profile::base::gnocchi::api' do end context 'with step less than 3' do - let(:params) { { :step => 2 } } + let(:params) { { + :step => 2, + :gnocchi_redis_password => 'gnocchi', + :redis_vip => '127.0.0.1' + } } it { is_expected.to contain_class('tripleo::profile::base::gnocchi::api') @@ -36,6 +40,8 @@ describe 'tripleo::profile::base::gnocchi::api' do let(:params) { { :step => 3, :bootstrap_node => 'node.example.com', + :gnocchi_redis_password => 'gnocchi', + :redis_vip => '127.0.0.1' } } it { @@ -48,6 +54,8 @@ describe 'tripleo::profile::base::gnocchi::api' do context 'with step 3' do let(:params) { { :step => 3, + :gnocchi_redis_password => 'gnocchi', + :redis_vip => '127.0.0.1' } } it { @@ -57,35 +65,76 @@ describe 'tripleo::profile::base::gnocchi::api' do } end - # TODO(aschultz): fix profile class to not include hiera look ups in the - # step 4 so we can properly test it - #context 'with step 4' do - # let(:params) { { - # :step => 4, - # } } - # - # it { - # is_expected.to contain_class('gnocchi::api') - # is_expected.to contain_class('gnocchi::wsgi::apache') - # is_expected.to contain_class('gnocchi::storage') - # } - #end - # - #context 'with step 5 on bootstrap' do - # let(:params) { { - # :step => 5, - # :bootstrap_node => 'node.example.com' - # } } - # - # it { - # is_expected.to contain_class('gnocchi::api') - # is_expected.to contain_class('gnocchi::wsgi::apache') - # is_expected.to contain_exec('run gnocchi upgrade with storage').with( - # :command => 'gnocchi-upgrade --config-file=/etc/gnocchi/gnocchi.conf', - # :path => ['/usr/bin', '/usr/sbin'] - # ) - # } - #end + context 'with step 4' do + let(:params) { { + :step => 4, + :gnocchi_redis_password => 'gnocchi', + :redis_vip => '127.0.0.1' + } } + + it { + is_expected.to contain_class('gnocchi::api') + is_expected.to contain_class('gnocchi::wsgi::apache') + is_expected.to contain_class('gnocchi::storage').with( + :coordination_url => 'redis://:gnocchi@127.0.0.1:6379/' + ) + is_expected.to contain_class('gnocchi::storage::swift') + } + end + + context 'with step 4 with file backend' do + let(:params) { { + :step => 4, + :gnocchi_backend => 'file', + :gnocchi_redis_password => 'gnocchi', + :redis_vip => '127.0.0.1' + } } + + it { + is_expected.to contain_class('gnocchi::api') + is_expected.to contain_class('gnocchi::wsgi::apache') + is_expected.to contain_class('gnocchi::storage').with( + :coordination_url => 'redis://:gnocchi@127.0.0.1:6379/' + ) + is_expected.to contain_class('gnocchi::storage::file') + } + end + + context 'with step 4 with ceph backend' do + let(:params) { { + :step => 4, + :gnocchi_backend => 'rbd', + :gnocchi_redis_password => 'gnocchi', + :redis_vip => '127.0.0.1' + } } + + it { + is_expected.to contain_class('gnocchi::api') + is_expected.to contain_class('gnocchi::wsgi::apache') + is_expected.to contain_class('gnocchi::storage').with( + :coordination_url => 'redis://:gnocchi@127.0.0.1:6379/' + ) + is_expected.to contain_class('gnocchi::storage::ceph') + } + end + + context 'with step 5 on bootstrap' do + let(:params) { { + :step => 5, + :bootstrap_node => 'node.example.com', + :gnocchi_redis_password => 'gnocchi', + :redis_vip => '127.0.0.1' + } } + + it { + is_expected.to contain_class('gnocchi::api') + is_expected.to contain_class('gnocchi::wsgi::apache') + is_expected.to contain_exec('run gnocchi upgrade with storage').with( + :command => 'gnocchi-upgrade --config-file=/etc/gnocchi/gnocchi.conf', + :path => ['/usr/bin', '/usr/sbin'] + ) + } + end end diff --git a/spec/classes/tripleo_profile_base_sshd_spec.rb b/spec/classes/tripleo_profile_base_sshd_spec.rb index e84a1f5..58b271f 100644 --- a/spec/classes/tripleo_profile_base_sshd_spec.rb +++ b/spec/classes/tripleo_profile_base_sshd_spec.rb @@ -24,7 +24,23 @@ describe 'tripleo::profile::base::sshd' do context 'it should do nothing' do it do - is_expected.to contain_class('ssh::server') + is_expected.to contain_class('ssh::server').with({ + 'storeconfigs_enabled' => false, + 'options' => {} + }) + is_expected.to_not contain_file('/etc/issue') + is_expected.to_not contain_file('/etc/issue.net') + is_expected.to_not contain_file('/etc/motd') + end + end + + context 'it should do nothing with empty strings' do + let(:params) {{ :bannertext => '', :motd => '' }} + it do + is_expected.to contain_class('ssh::server').with({ + 'storeconfigs_enabled' => false, + 'options' => {} + }) is_expected.to_not contain_file('/etc/issue') is_expected.to_not contain_file('/etc/issue.net') is_expected.to_not contain_file('/etc/motd') @@ -34,6 +50,12 @@ describe 'tripleo::profile::base::sshd' do context 'with issue and issue.net configured' do let(:params) {{ :bannertext => 'foo' }} it do + is_expected.to contain_class('ssh::server').with({ + 'storeconfigs_enabled' => false, + 'options' => { + 'Banner' => '/etc/issue.net' + } + }) is_expected.to contain_file('/etc/issue').with({ 'content' => 'foo', 'owner' => 'root', @@ -53,6 +75,12 @@ describe 'tripleo::profile::base::sshd' do context 'with motd configured' do let(:params) {{ :motd => 'foo' }} it do + is_expected.to contain_class('ssh::server').with({ + 'storeconfigs_enabled' => false, + 'options' => { + 'PrintMotd' => 'yes' + } + }) is_expected.to contain_file('/etc/motd').with({ 'content' => 'foo', 'owner' => 'root', @@ -63,6 +91,94 @@ describe 'tripleo::profile::base::sshd' do is_expected.to_not contain_file('/etc/issue.net') end end + + context 'with options configured' do + let(:params) {{ :options => {'X11Forwarding' => 'no'} }} + it do + is_expected.to contain_class('ssh::server').with({ + 'storeconfigs_enabled' => false, + 'options' => { + 'X11Forwarding' => 'no' + } + }) + is_expected.to_not contain_file('/etc/motd') + is_expected.to_not contain_file('/etc/issue') + is_expected.to_not contain_file('/etc/issue.net') + end + end + + context 'with motd and issue configured' do + let(:params) {{ + :bannertext => 'foo', + :motd => 'foo' + }} + it do + is_expected.to contain_class('ssh::server').with({ + 'storeconfigs_enabled' => false, + 'options' => { + 'Banner' => '/etc/issue.net', + 'PrintMotd' => 'yes' + } + }) + is_expected.to contain_file('/etc/motd').with({ + 'content' => 'foo', + 'owner' => 'root', + 'group' => 'root', + 'mode' => '0644', + }) + is_expected.to contain_file('/etc/issue').with({ + 'content' => 'foo', + 'owner' => 'root', + 'group' => 'root', + 'mode' => '0644', + }) + is_expected.to contain_file('/etc/issue.net').with({ + 'content' => 'foo', + 'owner' => 'root', + 'group' => 'root', + 'mode' => '0644', + }) + end + end + + context 'with motd and issue and options configured' do + let(:params) {{ + :bannertext => 'foo', + :motd => 'foo', + :options => { + 'PrintMotd' => 'no', # this should be overridden + 'X11Forwarding' => 'no' + } + }} + it do + is_expected.to contain_class('ssh::server').with({ + 'storeconfigs_enabled' => false, + 'options' => { + 'Banner' => '/etc/issue.net', + 'PrintMotd' => 'yes', + 'X11Forwarding' => 'no' + } + }) + is_expected.to contain_file('/etc/motd').with({ + 'content' => 'foo', + 'owner' => 'root', + 'group' => 'root', + 'mode' => '0644', + }) + is_expected.to contain_file('/etc/issue').with({ + 'content' => 'foo', + 'owner' => 'root', + 'group' => 'root', + 'mode' => '0644', + }) + is_expected.to contain_file('/etc/issue.net').with({ + 'content' => 'foo', + 'owner' => 'root', + 'group' => 'root', + 'mode' => '0644', + }) + end + end end on_supported_os.each do |os, facts| diff --git a/spec/fixtures/hieradata/default.yaml b/spec/fixtures/hieradata/default.yaml index 16f39a5..873a49e 100644 --- a/spec/fixtures/hieradata/default.yaml +++ b/spec/fixtures/hieradata/default.yaml @@ -30,6 +30,8 @@ cinder::rabbit_password: 'password' cinder::keystone::authtoken::password: 'password' # gnocchi related items gnocchi::keystone::authtoken::password: 'password' +gnocchi::storage::ceph::ceph_username: 'gnocchi' +gnocchi::storage::ceph::ceph_secret: 'password' # nova related items nova::rabbit_password: 'password' nova::keystone::authtoken::password: 'password' |