summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--Puppetfile_extras4
-rw-r--r--manifests/profile/base/nova/api.pp11
-rw-r--r--manifests/profile/base/nova/authtoken.pp56
-rw-r--r--manifests/profile/base/nova/placement.pp1
-rw-r--r--spec/classes/tripleo_profile_base_nova_api_spec.rb3
-rw-r--r--spec/classes/tripleo_profile_base_nova_authtoken_spec.rb69
-rw-r--r--spec/classes/tripleo_profile_base_nova_placement_spec.rb124
7 files changed, 258 insertions, 10 deletions
diff --git a/Puppetfile_extras b/Puppetfile_extras
index 80ab083..7339074 100644
--- a/Puppetfile_extras
+++ b/Puppetfile_extras
@@ -32,3 +32,7 @@ mod 'etcd',
mod 'fdio',
:git => 'https://git.fd.io/puppet-fdio',
:ref => 'master'
+
+mod 'certmonger',
+ :git => 'https://github.com/earsdown/puppet-certmonger',
+ :ref => 'v1.1.1'
diff --git a/manifests/profile/base/nova/api.pp b/manifests/profile/base/nova/api.pp
index 287d14c..cda2b66 100644
--- a/manifests/profile/base/nova/api.pp
+++ b/manifests/profile/base/nova/api.pp
@@ -75,6 +75,7 @@ class tripleo::profile::base::nova::api (
}
include ::tripleo::profile::base::nova
+ include ::tripleo::profile::base::nova::authtoken
if $step >= 3 and $sync_db {
include ::nova::cell_v2::simple_setup
@@ -82,16 +83,6 @@ class tripleo::profile::base::nova::api (
if $step >= 4 or ($step >= 3 and $sync_db) {
- if hiera('nova::use_ipv6', false) {
- $memcache_servers = suffix(any2array(normalize_ip_for_uri(hiera('memcached_node_ips_v6'))), ':11211')
- } else {
- $memcache_servers = suffix(any2array(normalize_ip_for_uri(hiera('memcached_node_ips'))), ':11211')
- }
-
- class { '::nova::keystone::authtoken':
- memcached_servers => $memcache_servers
- }
-
class { '::nova::api':
sync_db => $sync_db,
sync_db_api => $sync_db,
diff --git a/manifests/profile/base/nova/authtoken.pp b/manifests/profile/base/nova/authtoken.pp
new file mode 100644
index 0000000..ee6c331
--- /dev/null
+++ b/manifests/profile/base/nova/authtoken.pp
@@ -0,0 +1,56 @@
+# Copyright 2017 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# == Class: tripleo::profile::base::nova::authtoken
+#
+# Nova authtoken profile for TripleO
+#
+# [*step*]
+# (Optional) The current step in deployment. See tripleo-heat-templates
+# for more details.
+# Defaults to hiera('step')
+#
+# [*use_ipv6*]
+# (Optional) Flag indicating if ipv6 should be used for caching
+# Defaults to hiera('nova::use_ipv6', false)
+#
+# [*memcache_nodes_ipv6*]
+# (Optional) Array of ipv6 addresses for memcache. Used if use_ipv6 is true.
+# Defaults to hiera('memcached_node_ipvs_v6', ['::1'])
+#
+# [*memcache_nodes_ipv4*]
+# (Optional) Array of ipv4 addresses for memcache. Used by default unless
+# use_ipv6 is set to true.
+# Defaults to hiera('memcached_node_ips', ['127.0.0.1'])
+#
+class tripleo::profile::base::nova::authtoken (
+ $step = hiera('step'),
+ $use_ipv6 = hiera('nova::use_ipv6', false),
+ $memcache_nodes_ipv6 = hiera('memcached_node_ips_v6', ['::1']),
+ $memcache_nodes_ipv4 = hiera('memcached_node_ips', ['127.0.0.1']),
+) {
+
+ if $step >= 3 {
+ $memcached_ips = $use_ipv6 ? {
+ true => $memcache_nodes_ipv6,
+ default => $memcache_nodes_ipv4
+ }
+
+ $memcache_servers = suffix(any2array(normalize_ip_for_uri($memcached_ips)), ':11211')
+
+ class { '::nova::keystone::authtoken':
+ memcached_servers => $memcache_servers
+ }
+ }
+}
diff --git a/manifests/profile/base/nova/placement.pp b/manifests/profile/base/nova/placement.pp
index c429373..46658b8 100644
--- a/manifests/profile/base/nova/placement.pp
+++ b/manifests/profile/base/nova/placement.pp
@@ -69,6 +69,7 @@ class tripleo::profile::base::nova::placement (
}
include ::tripleo::profile::base::nova
+ include ::tripleo::profile::base::nova::authtoken
if $enable_internal_tls {
if $generate_service_certificates {
diff --git a/spec/classes/tripleo_profile_base_nova_api_spec.rb b/spec/classes/tripleo_profile_base_nova_api_spec.rb
index 070a1f1..3a2a685 100644
--- a/spec/classes/tripleo_profile_base_nova_api_spec.rb
+++ b/spec/classes/tripleo_profile_base_nova_api_spec.rb
@@ -26,6 +26,9 @@ describe 'tripleo::profile::base::nova::api' do
oslomsg_rpc_username => 'nova',
oslomsg_rpc_password => 'foo'
}
+ class { '::tripleo::profile::base::nova::authtoken':
+ step => #{params[:step]},
+ }
eos
end
diff --git a/spec/classes/tripleo_profile_base_nova_authtoken_spec.rb b/spec/classes/tripleo_profile_base_nova_authtoken_spec.rb
new file mode 100644
index 0000000..f910729
--- /dev/null
+++ b/spec/classes/tripleo_profile_base_nova_authtoken_spec.rb
@@ -0,0 +1,69 @@
+#
+# Copyright (C) 2017 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+
+require 'spec_helper'
+
+describe 'tripleo::profile::base::nova::authtoken' do
+ shared_examples_for 'tripleo::profile::base::nova::authtoken' do
+ context 'with step less than 3' do
+ let(:params) { {
+ :step => 1,
+ } }
+
+ it {
+ is_expected.to contain_class('tripleo::profile::base::nova::authtoken')
+ is_expected.to_not contain_class('nova::keystone::authtoken')
+ }
+ end
+
+ context 'with step 3' do
+ let(:params) { {
+ :step => 3,
+ } }
+
+ it {
+ is_expected.to contain_class('tripleo::profile::base::nova::authtoken')
+ is_expected.to contain_class('nova::keystone::authtoken').with(
+ :memcached_servers => ['127.0.0.1:11211'])
+ }
+ end
+
+ context 'with step 3 with ipv6' do
+ let(:params) { {
+ :step => 3,
+ :use_ipv6 => true,
+ } }
+
+ it {
+ is_expected.to contain_class('tripleo::profile::base::nova::authtoken')
+ is_expected.to contain_class('nova::keystone::authtoken').with(
+ :memcached_servers => ['[::1]:11211'])
+ }
+ end
+
+ end
+
+
+ on_supported_os.each do |os, facts|
+ context "on #{os}" do
+ let(:facts) do
+ facts.merge({ :hostname => 'node.example.com' })
+ end
+
+ it_behaves_like 'tripleo::profile::base::nova::authtoken'
+ end
+ end
+end
diff --git a/spec/classes/tripleo_profile_base_nova_placement_spec.rb b/spec/classes/tripleo_profile_base_nova_placement_spec.rb
new file mode 100644
index 0000000..2a18320
--- /dev/null
+++ b/spec/classes/tripleo_profile_base_nova_placement_spec.rb
@@ -0,0 +1,124 @@
+#
+# Copyright (C) 2017 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+
+require 'spec_helper'
+
+describe 'tripleo::profile::base::nova::placement' do
+ shared_examples_for 'tripleo::profile::base::nova::placement' do
+ let(:pre_condition) do
+ <<-eos
+ class { '::tripleo::profile::base::nova':
+ step => #{params[:step]},
+ oslomsg_rpc_hosts => [ 'localhost' ],
+ oslomsg_rpc_username => 'nova',
+ oslomsg_rpc_password => 'foo'
+ }
+ class { '::tripleo::profile::base::nova::authtoken':
+ step => #{params[:step]},
+ }
+eos
+ end
+
+ context 'with step less than 3' do
+ let(:params) { {
+ :step => 1,
+ } }
+
+ it {
+ is_expected.to contain_class('tripleo::profile::base::nova::placement')
+ is_expected.to contain_class('tripleo::profile::base::nova')
+ is_expected.to_not contain_class('nova::keystone::authtoken')
+ is_expected.to_not contain_class('nova::wsgi::apache_placement')
+ }
+ end
+
+ context 'with step less than 3 and internal tls and generate certs' do
+ let(:params) { {
+ :step => 1,
+ :enable_internal_tls => true,
+ :generate_service_certificates => true,
+ :nova_placement_network => 'bar',
+ :certificates_specs => {
+ 'httpd-bar' => {
+ 'hostname' => 'foo',
+ 'service_certificate' => '/foo.pem',
+ 'service_key' => '/foo.key',
+ },
+ }
+ } }
+
+ it {
+ is_expected.to contain_class('tripleo::profile::base::nova::placement')
+ is_expected.to contain_class('tripleo::profile::base::nova')
+ is_expected.to contain_tripleo__certmonger__httpd('httpd-bar')
+ is_expected.to_not contain_class('nova::keystone::authtoken')
+ is_expected.to_not contain_class('nova::wsgi::apache_placement')
+ }
+ end
+
+
+ context 'with step 3' do
+ let(:params) { {
+ :step => 3,
+ } }
+
+ it {
+ is_expected.to contain_class('tripleo::profile::base::nova::placement')
+ is_expected.to contain_class('tripleo::profile::base::nova')
+ is_expected.to contain_class('nova::keystone::authtoken')
+ is_expected.to contain_class('nova::wsgi::apache_placement')
+ }
+ end
+
+ context 'with step 3 with enable_internal_tls and skip generate certs' do
+ let(:params) { {
+ :step => 3,
+ :enable_internal_tls => true,
+ :generate_service_certificates => false,
+ :nova_placement_network => 'bar',
+ :certificates_specs => {
+ 'httpd-bar' => {
+ 'hostname' => 'foo',
+ 'service_certificate' => '/foo.pem',
+ 'service_key' => '/foo.key',
+ },
+ }
+
+ } }
+
+ it {
+ is_expected.to contain_class('tripleo::profile::base::nova::placement')
+ is_expected.to contain_class('tripleo::profile::base::nova')
+ is_expected.to_not contain_tripleo__certmonger__httpd('foo')
+ is_expected.to contain_class('nova::keystone::authtoken')
+ is_expected.to contain_class('nova::wsgi::apache_placement').with(
+ :ssl_cert => '/foo.pem',
+ :ssl_key => '/foo.key')
+ }
+ end
+ end
+
+
+ on_supported_os.each do |os, facts|
+ context "on #{os}" do
+ let(:facts) do
+ facts.merge({ :hostname => 'node.example.com' })
+ end
+
+ it_behaves_like 'tripleo::profile::base::nova::placement'
+ end
+ end
+end