diff options
| -rw-r--r-- | Puppetfile_extras | 4 | ||||
| -rw-r--r-- | manifests/profile/base/nova/api.pp | 11 | ||||
| -rw-r--r-- | manifests/profile/base/nova/authtoken.pp | 56 | ||||
| -rw-r--r-- | manifests/profile/base/nova/placement.pp | 1 | ||||
| -rw-r--r-- | spec/classes/tripleo_profile_base_nova_api_spec.rb | 3 | ||||
| -rw-r--r-- | spec/classes/tripleo_profile_base_nova_authtoken_spec.rb | 69 | ||||
| -rw-r--r-- | spec/classes/tripleo_profile_base_nova_placement_spec.rb | 124 |
7 files changed, 258 insertions, 10 deletions
diff --git a/Puppetfile_extras b/Puppetfile_extras index 80ab083..7339074 100644 --- a/Puppetfile_extras +++ b/Puppetfile_extras @@ -32,3 +32,7 @@ mod 'etcd', mod 'fdio', :git => 'https://git.fd.io/puppet-fdio', :ref => 'master' + +mod 'certmonger', + :git => 'https://github.com/earsdown/puppet-certmonger', + :ref => 'v1.1.1' diff --git a/manifests/profile/base/nova/api.pp b/manifests/profile/base/nova/api.pp index 287d14c..cda2b66 100644 --- a/manifests/profile/base/nova/api.pp +++ b/manifests/profile/base/nova/api.pp @@ -75,6 +75,7 @@ class tripleo::profile::base::nova::api ( } include ::tripleo::profile::base::nova + include ::tripleo::profile::base::nova::authtoken if $step >= 3 and $sync_db { include ::nova::cell_v2::simple_setup @@ -82,16 +83,6 @@ class tripleo::profile::base::nova::api ( if $step >= 4 or ($step >= 3 and $sync_db) { - if hiera('nova::use_ipv6', false) { - $memcache_servers = suffix(any2array(normalize_ip_for_uri(hiera('memcached_node_ips_v6'))), ':11211') - } else { - $memcache_servers = suffix(any2array(normalize_ip_for_uri(hiera('memcached_node_ips'))), ':11211') - } - - class { '::nova::keystone::authtoken': - memcached_servers => $memcache_servers - } - class { '::nova::api': sync_db => $sync_db, sync_db_api => $sync_db, diff --git a/manifests/profile/base/nova/authtoken.pp b/manifests/profile/base/nova/authtoken.pp new file mode 100644 index 0000000..ee6c331 --- /dev/null +++ b/manifests/profile/base/nova/authtoken.pp @@ -0,0 +1,56 @@ +# Copyright 2017 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::base::nova::authtoken +# +# Nova authtoken profile for TripleO +# +# [*step*] +# (Optional) The current step in deployment. See tripleo-heat-templates +# for more details. +# Defaults to hiera('step') +# +# [*use_ipv6*] +# (Optional) Flag indicating if ipv6 should be used for caching +# Defaults to hiera('nova::use_ipv6', false) +# +# [*memcache_nodes_ipv6*] +# (Optional) Array of ipv6 addresses for memcache. Used if use_ipv6 is true. +# Defaults to hiera('memcached_node_ipvs_v6', ['::1']) +# +# [*memcache_nodes_ipv4*] +# (Optional) Array of ipv4 addresses for memcache. Used by default unless +# use_ipv6 is set to true. +# Defaults to hiera('memcached_node_ips', ['127.0.0.1']) +# +class tripleo::profile::base::nova::authtoken ( + $step = hiera('step'), + $use_ipv6 = hiera('nova::use_ipv6', false), + $memcache_nodes_ipv6 = hiera('memcached_node_ips_v6', ['::1']), + $memcache_nodes_ipv4 = hiera('memcached_node_ips', ['127.0.0.1']), +) { + + if $step >= 3 { + $memcached_ips = $use_ipv6 ? { + true => $memcache_nodes_ipv6, + default => $memcache_nodes_ipv4 + } + + $memcache_servers = suffix(any2array(normalize_ip_for_uri($memcached_ips)), ':11211') + + class { '::nova::keystone::authtoken': + memcached_servers => $memcache_servers + } + } +} diff --git a/manifests/profile/base/nova/placement.pp b/manifests/profile/base/nova/placement.pp index c429373..46658b8 100644 --- a/manifests/profile/base/nova/placement.pp +++ b/manifests/profile/base/nova/placement.pp @@ -69,6 +69,7 @@ class tripleo::profile::base::nova::placement ( } include ::tripleo::profile::base::nova + include ::tripleo::profile::base::nova::authtoken if $enable_internal_tls { if $generate_service_certificates { diff --git a/spec/classes/tripleo_profile_base_nova_api_spec.rb b/spec/classes/tripleo_profile_base_nova_api_spec.rb index 070a1f1..3a2a685 100644 --- a/spec/classes/tripleo_profile_base_nova_api_spec.rb +++ b/spec/classes/tripleo_profile_base_nova_api_spec.rb @@ -26,6 +26,9 @@ describe 'tripleo::profile::base::nova::api' do oslomsg_rpc_username => 'nova', oslomsg_rpc_password => 'foo' } + class { '::tripleo::profile::base::nova::authtoken': + step => #{params[:step]}, + } eos end diff --git a/spec/classes/tripleo_profile_base_nova_authtoken_spec.rb b/spec/classes/tripleo_profile_base_nova_authtoken_spec.rb new file mode 100644 index 0000000..f910729 --- /dev/null +++ b/spec/classes/tripleo_profile_base_nova_authtoken_spec.rb @@ -0,0 +1,69 @@ +# +# Copyright (C) 2017 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# + +require 'spec_helper' + +describe 'tripleo::profile::base::nova::authtoken' do + shared_examples_for 'tripleo::profile::base::nova::authtoken' do + context 'with step less than 3' do + let(:params) { { + :step => 1, + } } + + it { + is_expected.to contain_class('tripleo::profile::base::nova::authtoken') + is_expected.to_not contain_class('nova::keystone::authtoken') + } + end + + context 'with step 3' do + let(:params) { { + :step => 3, + } } + + it { + is_expected.to contain_class('tripleo::profile::base::nova::authtoken') + is_expected.to contain_class('nova::keystone::authtoken').with( + :memcached_servers => ['127.0.0.1:11211']) + } + end + + context 'with step 3 with ipv6' do + let(:params) { { + :step => 3, + :use_ipv6 => true, + } } + + it { + is_expected.to contain_class('tripleo::profile::base::nova::authtoken') + is_expected.to contain_class('nova::keystone::authtoken').with( + :memcached_servers => ['[::1]:11211']) + } + end + + end + + + on_supported_os.each do |os, facts| + context "on #{os}" do + let(:facts) do + facts.merge({ :hostname => 'node.example.com' }) + end + + it_behaves_like 'tripleo::profile::base::nova::authtoken' + end + end +end diff --git a/spec/classes/tripleo_profile_base_nova_placement_spec.rb b/spec/classes/tripleo_profile_base_nova_placement_spec.rb new file mode 100644 index 0000000..2a18320 --- /dev/null +++ b/spec/classes/tripleo_profile_base_nova_placement_spec.rb @@ -0,0 +1,124 @@ +# +# Copyright (C) 2017 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# + +require 'spec_helper' + +describe 'tripleo::profile::base::nova::placement' do + shared_examples_for 'tripleo::profile::base::nova::placement' do + let(:pre_condition) do + <<-eos + class { '::tripleo::profile::base::nova': + step => #{params[:step]}, + oslomsg_rpc_hosts => [ 'localhost' ], + oslomsg_rpc_username => 'nova', + oslomsg_rpc_password => 'foo' + } + class { '::tripleo::profile::base::nova::authtoken': + step => #{params[:step]}, + } +eos + end + + context 'with step less than 3' do + let(:params) { { + :step => 1, + } } + + it { + is_expected.to contain_class('tripleo::profile::base::nova::placement') + is_expected.to contain_class('tripleo::profile::base::nova') + is_expected.to_not contain_class('nova::keystone::authtoken') + is_expected.to_not contain_class('nova::wsgi::apache_placement') + } + end + + context 'with step less than 3 and internal tls and generate certs' do + let(:params) { { + :step => 1, + :enable_internal_tls => true, + :generate_service_certificates => true, + :nova_placement_network => 'bar', + :certificates_specs => { + 'httpd-bar' => { + 'hostname' => 'foo', + 'service_certificate' => '/foo.pem', + 'service_key' => '/foo.key', + }, + } + } } + + it { + is_expected.to contain_class('tripleo::profile::base::nova::placement') + is_expected.to contain_class('tripleo::profile::base::nova') + is_expected.to contain_tripleo__certmonger__httpd('httpd-bar') + is_expected.to_not contain_class('nova::keystone::authtoken') + is_expected.to_not contain_class('nova::wsgi::apache_placement') + } + end + + + context 'with step 3' do + let(:params) { { + :step => 3, + } } + + it { + is_expected.to contain_class('tripleo::profile::base::nova::placement') + is_expected.to contain_class('tripleo::profile::base::nova') + is_expected.to contain_class('nova::keystone::authtoken') + is_expected.to contain_class('nova::wsgi::apache_placement') + } + end + + context 'with step 3 with enable_internal_tls and skip generate certs' do + let(:params) { { + :step => 3, + :enable_internal_tls => true, + :generate_service_certificates => false, + :nova_placement_network => 'bar', + :certificates_specs => { + 'httpd-bar' => { + 'hostname' => 'foo', + 'service_certificate' => '/foo.pem', + 'service_key' => '/foo.key', + }, + } + + } } + + it { + is_expected.to contain_class('tripleo::profile::base::nova::placement') + is_expected.to contain_class('tripleo::profile::base::nova') + is_expected.to_not contain_tripleo__certmonger__httpd('foo') + is_expected.to contain_class('nova::keystone::authtoken') + is_expected.to contain_class('nova::wsgi::apache_placement').with( + :ssl_cert => '/foo.pem', + :ssl_key => '/foo.key') + } + end + end + + + on_supported_os.each do |os, facts| + context "on #{os}" do + let(:facts) do + facts.merge({ :hostname => 'node.example.com' }) + end + + it_behaves_like 'tripleo::profile::base::nova::placement' + end + end +end |