diff options
24 files changed, 359 insertions, 36 deletions
diff --git a/manifests/haproxy.pp b/manifests/haproxy.pp index 9ac0aa3..ad7b954 100644 --- a/manifests/haproxy.pp +++ b/manifests/haproxy.pp @@ -723,6 +723,9 @@ class tripleo::haproxy ( if $enable_internal_tls { $internal_tls_member_options = ['ssl', 'verify required', "ca-file ${ca_bundle}"] + Haproxy::Balancermember { + verifyhost => true + } } else { $internal_tls_member_options = [] } diff --git a/manifests/profile/base/aodh/api.pp b/manifests/profile/base/aodh/api.pp index 22fc000..5c539fc 100644 --- a/manifests/profile/base/aodh/api.pp +++ b/manifests/profile/base/aodh/api.pp @@ -68,6 +68,7 @@ class tripleo::profile::base::aodh::api ( if $step >= 3 { include ::aodh::api + include ::apache::mod::ssl class { '::aodh::wsgi::apache': ssl_cert => $tls_certfile, ssl_key => $tls_keyfile, diff --git a/manifests/profile/base/barbican/api.pp b/manifests/profile/base/barbican/api.pp index 71e4ea1..211e442 100644 --- a/manifests/profile/base/barbican/api.pp +++ b/manifests/profile/base/barbican/api.pp @@ -158,6 +158,7 @@ class tripleo::profile::base::barbican::api ( include ::barbican::api::logging include ::barbican::keystone::notification include ::barbican::quota + include ::apache::mod::ssl class { '::barbican::wsgi::apache': ssl_cert => $tls_certfile, ssl_key => $tls_keyfile, diff --git a/manifests/profile/base/ceilometer/api.pp b/manifests/profile/base/ceilometer/api.pp index 1080355..0176380 100644 --- a/manifests/profile/base/ceilometer/api.pp +++ b/manifests/profile/base/ceilometer/api.pp @@ -65,6 +65,7 @@ class tripleo::profile::base::ceilometer::api ( if $step >= 3 { include ::ceilometer::api + include ::apache::mod::ssl class { '::ceilometer::wsgi::apache': ssl_cert => $tls_certfile, ssl_key => $tls_keyfile, diff --git a/manifests/profile/base/cinder/api.pp b/manifests/profile/base/cinder/api.pp index c432fd6..2fd9a65 100644 --- a/manifests/profile/base/cinder/api.pp +++ b/manifests/profile/base/cinder/api.pp @@ -76,6 +76,7 @@ class tripleo::profile::base::cinder::api ( if $step >= 4 or ($step >= 3 and $sync_db) { include ::cinder::api + include ::apache::mod::ssl class { '::cinder::wsgi::apache': ssl_cert => $tls_certfile, ssl_key => $tls_keyfile, diff --git a/manifests/profile/base/docker.pp b/manifests/profile/base/docker.pp index 4797d86..d035f6a 100644 --- a/manifests/profile/base/docker.pp +++ b/manifests/profile/base/docker.pp @@ -79,12 +79,21 @@ class tripleo::profile::base::docker ( $mirror_changes = [ 'rm dict/entry[. = "registry-mirrors"]', ] } + file { '/etc/docker/daemon.json': + ensure => 'present', + content => '{}', + mode => '0644', + replace => false, + require => Package['docker'] + } + augeas { 'docker-daemon.json': lens => 'Json.lns', incl => '/etc/docker/daemon.json', changes => $mirror_changes, subscribe => Package['docker'], notify => Service['docker'], + require => File['/etc/docker/daemon.json'], } } diff --git a/manifests/profile/base/gnocchi/api.pp b/manifests/profile/base/gnocchi/api.pp index ce04abf..a4e9a30 100644 --- a/manifests/profile/base/gnocchi/api.pp +++ b/manifests/profile/base/gnocchi/api.pp @@ -47,6 +47,14 @@ # This is set by t-h-t. # Defaults to hiera('gnocchi_api_network', undef) # +# [*gnocchi_redis_password*] +# (Required) Password for the gnocchi redis user for the coordination url +# Defaults to hiera('gnocchi_redis_password') +# +# [*redis_vip*] +# (Required) Redis ip address for the coordination url +# Defaults to hiera('redis_vip') +# # [*step*] # (Optional) The current step in deployment. See tripleo-heat-templates # for more details. @@ -58,6 +66,8 @@ class tripleo::profile::base::gnocchi::api ( $enable_internal_tls = hiera('enable_internal_tls', false), $gnocchi_backend = downcase(hiera('gnocchi_backend', 'swift')), $gnocchi_network = hiera('gnocchi_api_network', undef), + $gnocchi_redis_password = hiera('gnocchi_redis_password'), + $redis_vip = hiera('redis_vip'), $step = hiera('step'), ) { if $::hostname == downcase($bootstrap_node) { @@ -85,6 +95,7 @@ class tripleo::profile::base::gnocchi::api ( if $step >= 3 { include ::gnocchi::api + include ::apache::mod::ssl class { '::gnocchi::wsgi::apache': ssl_cert => $tls_certfile, ssl_key => $tls_keyfile, @@ -93,7 +104,7 @@ class tripleo::profile::base::gnocchi::api ( if $step >= 4 { class { '::gnocchi::storage': - coordination_url => join(['redis://:', hiera('gnocchi_redis_password'), '@', normalize_ip_for_uri(hiera('redis_vip')), ':6379/']), + coordination_url => join(['redis://:', $gnocchi_redis_password, '@', normalize_ip_for_uri($redis_vip), ':6379/']), } case $gnocchi_backend { 'swift': { include ::gnocchi::storage::swift } diff --git a/manifests/profile/base/heat/api.pp b/manifests/profile/base/heat/api.pp index 8e2da7e..79eb77e 100644 --- a/manifests/profile/base/heat/api.pp +++ b/manifests/profile/base/heat/api.pp @@ -65,6 +65,7 @@ class tripleo::profile::base::heat::api ( if $step >= 3 { include ::heat::api + include ::apache::mod::ssl class { '::heat::wsgi::apache_api': ssl_cert => $tls_certfile, ssl_key => $tls_keyfile, diff --git a/manifests/profile/base/heat/api_cfn.pp b/manifests/profile/base/heat/api_cfn.pp index 02eb82a..dad7b76 100644 --- a/manifests/profile/base/heat/api_cfn.pp +++ b/manifests/profile/base/heat/api_cfn.pp @@ -66,6 +66,7 @@ class tripleo::profile::base::heat::api_cfn ( if $step >= 3 { include ::heat::api_cfn + include ::apache::mod::ssl class { '::heat::wsgi::apache_api_cfn': ssl_cert => $tls_certfile, ssl_key => $tls_keyfile, diff --git a/manifests/profile/base/heat/api_cloudwatch.pp b/manifests/profile/base/heat/api_cloudwatch.pp index 558d247..428bcf2 100644 --- a/manifests/profile/base/heat/api_cloudwatch.pp +++ b/manifests/profile/base/heat/api_cloudwatch.pp @@ -66,6 +66,7 @@ class tripleo::profile::base::heat::api_cloudwatch ( if $step >= 3 { include ::heat::api_cloudwatch + include ::apache::mod::ssl class { '::heat::wsgi::apache_api_cloudwatch': ssl_cert => $tls_certfile, ssl_key => $tls_keyfile, diff --git a/manifests/profile/base/keystone.pp b/manifests/profile/base/keystone.pp index 290abee..31f5c93 100644 --- a/manifests/profile/base/keystone.pp +++ b/manifests/profile/base/keystone.pp @@ -211,6 +211,7 @@ class tripleo::profile::base::keystone ( } include ::keystone::config + include ::apache::mod::ssl class { '::keystone::wsgi::apache': ssl_cert => $tls_certfile, ssl_key => $tls_keyfile, diff --git a/manifests/profile/base/neutron/plugins/ml2/bagpipe.pp b/manifests/profile/base/neutron/plugins/ml2/bagpipe.pp new file mode 100644 index 0000000..161cd75 --- /dev/null +++ b/manifests/profile/base/neutron/plugins/ml2/bagpipe.pp @@ -0,0 +1,37 @@ +# +# Copyright (C) 2017 Red Hat Inc. +# +# Author: Ricardo Noriega <rnoriega@redhat.com> +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::base::neutron::plugins::ml2::bagpipe +# +# Neutron Bagpipe ML2 profile for TripleO +# +# === Parameters +# +# [*step*] +# (Optional) The current step in deployment. See tripleo-heat-templates +# for more details. +# Defaults to hiera('step') +# +class tripleo::profile::base::neutron::plugins::ml2::bagpipe ( + $step = hiera('step'), +) { + include ::tripleo::profile::base::neutron + + if $step >= 4 { + include ::neutron::plugins::ml2::bagpipe + } +} diff --git a/manifests/profile/base/neutron/plugins/nsx_v3.pp b/manifests/profile/base/neutron/plugins/nsx_v3.pp new file mode 100644 index 0000000..33fa0cf --- /dev/null +++ b/manifests/profile/base/neutron/plugins/nsx_v3.pp @@ -0,0 +1,45 @@ +# Copyright 2017 VMware, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::base::neutron::plugins::nsx_v3 +# +# VMware NSXv3 Neutron profile for tripleo +# +# === Parameters +# +# [*bootstrap_node*] +# (Optional) The hostname of the node responsible for bootstrapping tasks +# Defaults to hiera('bootstrap_nodeid') +# +# [*step*] +# (Optional) The current step in deployment. See tripleo-heat-templates +# for more details. +# Defaults to hiera('step') +# +class tripleo::profile::base::neutron::plugins::nsx_v3 ( + $bootstrap_node = hiera('bootstrap_nodeid', undef), + $step = hiera('step'), +) { + if $::hostname == downcase($bootstrap_node) { + $sync_db = true + } else { + $sync_db = false + } + + include ::tripleo::profile::base::neutron + + if $step >= 4 or ( $step >= 3 and $sync_db ) { + include ::neutron::plugins::nsx_v3 + } +} diff --git a/manifests/profile/base/nova/api.pp b/manifests/profile/base/nova/api.pp index 95a1721..bdb3007 100644 --- a/manifests/profile/base/nova/api.pp +++ b/manifests/profile/base/nova/api.pp @@ -94,6 +94,7 @@ class tripleo::profile::base::nova::api ( $tls_keyfile = undef } if $step >= 4 or ($step >= 3 and $sync_db) { + include ::apache::mod::ssl class { '::nova::wsgi::apache_api': ssl_cert => $tls_certfile, ssl_key => $tls_keyfile, diff --git a/manifests/profile/base/nova/placement.pp b/manifests/profile/base/nova/placement.pp index 16bfe17..c78b3c2 100644 --- a/manifests/profile/base/nova/placement.pp +++ b/manifests/profile/base/nova/placement.pp @@ -74,6 +74,7 @@ class tripleo::profile::base::nova::placement ( } if $step >= 3 { + include ::apache::mod::ssl class { '::nova::wsgi::apache_placement': ssl_cert => $tls_certfile, ssl_key => $tls_keyfile, diff --git a/manifests/profile/base/panko/api.pp b/manifests/profile/base/panko/api.pp index 90e80a2..165969f 100644 --- a/manifests/profile/base/panko/api.pp +++ b/manifests/profile/base/panko/api.pp @@ -79,6 +79,7 @@ class tripleo::profile::base::panko::api ( class { '::panko::api': sync_db => $sync_db, } + include ::apache::mod::ssl class { '::panko::wsgi::apache': ssl_cert => $tls_certfile, ssl_key => $tls_keyfile, diff --git a/manifests/profile/base/sshd.pp b/manifests/profile/base/sshd.pp index 2b86032..3f0245d 100644 --- a/manifests/profile/base/sshd.pp +++ b/manifests/profile/base/sshd.pp @@ -27,14 +27,19 @@ # The text used within SSH Banner # Defaults to hiera('MOTD') # +# [*options*] +# Hash of SSHD options to set. See the puppet-ssh module documentation for +# details. +# Defaults to {} + class tripleo::profile::base::sshd ( $bannertext = hiera('BannerText', undef), $motd = hiera('MOTD', undef), + $options = {} ) { - include ::ssh::server - - if $bannertext { + if $bannertext and $bannertext != '' { + $sshd_options_banner = {'Banner' => '/etc/issue.net'} $filelist = [ '/etc/issue', '/etc/issue.net', ] file { $filelist: ensure => file, @@ -44,9 +49,12 @@ class tripleo::profile::base::sshd ( group => 'root', mode => '0644' } + } else { + $sshd_options_banner = {} } - if $motd { + if $motd and $motd != '' { + $sshd_options_motd = {'PrintMotd' => 'yes'} file { '/etc/motd': ensure => file, backup => false, @@ -55,5 +63,23 @@ class tripleo::profile::base::sshd ( group => 'root', mode => '0644' } + } else { + $sshd_options_motd = {} + } + + $sshd_options = merge( + $options, + $sshd_options_banner, + $sshd_options_motd + ) + + # NB (owalsh) in puppet-ssh hiera takes precedence over the class param + # we need to control this, so error if it's set in hiera + if hiera('ssh:server::options', undef) { + err('ssh:server::options must not be set, use tripleo::profile::base::sshd::options') + } + class { '::ssh::server': + storeconfigs_enabled => false, + options => $sshd_options } } diff --git a/manifests/profile/base/zaqar.pp b/manifests/profile/base/zaqar.pp index 89a03ad..7fbcd34 100644 --- a/manifests/profile/base/zaqar.pp +++ b/manifests/profile/base/zaqar.pp @@ -50,6 +50,7 @@ class tripleo::profile::base::zaqar ( uri => $database_connection, } include ::zaqar::transport::websocket + include ::apache::mod::ssl include ::zaqar::transport::wsgi # TODO (bcrochet): At some point, the transports should be split out to diff --git a/manifests/ui.pp b/manifests/ui.pp index b2ed178..1745535 100644 --- a/manifests/ui.pp +++ b/manifests/ui.pp @@ -39,6 +39,7 @@ # 'de' => 'German', # 'en' => 'English', # 'es' => 'Spanish', +# 'id' => 'Indonesian', # 'ja' => 'Japanese', # 'ko-KR' => 'Korean', # 'zh-CN' => 'Simplified Chinese' @@ -106,6 +107,7 @@ class tripleo::ui ( 'de' => 'German', 'en' => 'English', 'es' => 'Spanish', + 'id' => 'Indonesian', 'ja' => 'Japanese', 'ko-KR' => 'Korean', 'zh-CN' => 'Simplified Chinese' diff --git a/releasenotes/notes/add-bagpipe-driver-9163f5b22096fde0.yaml b/releasenotes/notes/add-bagpipe-driver-9163f5b22096fde0.yaml index df6b232..3b9f189 100644 --- a/releasenotes/notes/add-bagpipe-driver-9163f5b22096fde0.yaml +++ b/releasenotes/notes/add-bagpipe-driver-9163f5b22096fde0.yaml @@ -1,3 +1,4 @@ --- features: - Add support for Bagpipe Neutron driver as backend in BGPVPN scenarios + - Add ML2 plugin configuration for Bagpipe BGPVPN extension diff --git a/releasenotes/notes/ensure-ssl-conf-2f32c6ead6f3bb0e.yaml b/releasenotes/notes/ensure-ssl-conf-2f32c6ead6f3bb0e.yaml new file mode 100644 index 0000000..92f2360 --- /dev/null +++ b/releasenotes/notes/ensure-ssl-conf-2f32c6ead6f3bb0e.yaml @@ -0,0 +1,10 @@ +--- +fixes: + - | + With having package mod_ssl by default installed in images we introduced + issue with mod_ssl package update. In case of SSL not being used or + provided by HAproxy the puppet-apache module by default purges the + ssl.conf file. The package update then recreates the file with default + Listen 443 option. This causes conflict on 443 port during httpd restart. + If we include ::apache::mod::ssl the ssl.conf file will be configured and + the Listen option will be used only if there is vhost set to use SSL. diff --git a/spec/classes/tripleo_profile_base_gnocchi_api_spec.rb b/spec/classes/tripleo_profile_base_gnocchi_api_spec.rb index 805a28e..6c04e9d 100644 --- a/spec/classes/tripleo_profile_base_gnocchi_api_spec.rb +++ b/spec/classes/tripleo_profile_base_gnocchi_api_spec.rb @@ -23,7 +23,11 @@ describe 'tripleo::profile::base::gnocchi::api' do end context 'with step less than 3' do - let(:params) { { :step => 2 } } + let(:params) { { + :step => 2, + :gnocchi_redis_password => 'gnocchi', + :redis_vip => '127.0.0.1' + } } it { is_expected.to contain_class('tripleo::profile::base::gnocchi::api') @@ -36,6 +40,8 @@ describe 'tripleo::profile::base::gnocchi::api' do let(:params) { { :step => 3, :bootstrap_node => 'node.example.com', + :gnocchi_redis_password => 'gnocchi', + :redis_vip => '127.0.0.1' } } it { @@ -48,6 +54,8 @@ describe 'tripleo::profile::base::gnocchi::api' do context 'with step 3' do let(:params) { { :step => 3, + :gnocchi_redis_password => 'gnocchi', + :redis_vip => '127.0.0.1' } } it { @@ -57,35 +65,76 @@ describe 'tripleo::profile::base::gnocchi::api' do } end - # TODO(aschultz): fix profile class to not include hiera look ups in the - # step 4 so we can properly test it - #context 'with step 4' do - # let(:params) { { - # :step => 4, - # } } - # - # it { - # is_expected.to contain_class('gnocchi::api') - # is_expected.to contain_class('gnocchi::wsgi::apache') - # is_expected.to contain_class('gnocchi::storage') - # } - #end - # - #context 'with step 5 on bootstrap' do - # let(:params) { { - # :step => 5, - # :bootstrap_node => 'node.example.com' - # } } - # - # it { - # is_expected.to contain_class('gnocchi::api') - # is_expected.to contain_class('gnocchi::wsgi::apache') - # is_expected.to contain_exec('run gnocchi upgrade with storage').with( - # :command => 'gnocchi-upgrade --config-file=/etc/gnocchi/gnocchi.conf', - # :path => ['/usr/bin', '/usr/sbin'] - # ) - # } - #end + context 'with step 4' do + let(:params) { { + :step => 4, + :gnocchi_redis_password => 'gnocchi', + :redis_vip => '127.0.0.1' + } } + + it { + is_expected.to contain_class('gnocchi::api') + is_expected.to contain_class('gnocchi::wsgi::apache') + is_expected.to contain_class('gnocchi::storage').with( + :coordination_url => 'redis://:gnocchi@127.0.0.1:6379/' + ) + is_expected.to contain_class('gnocchi::storage::swift') + } + end + + context 'with step 4 with file backend' do + let(:params) { { + :step => 4, + :gnocchi_backend => 'file', + :gnocchi_redis_password => 'gnocchi', + :redis_vip => '127.0.0.1' + } } + + it { + is_expected.to contain_class('gnocchi::api') + is_expected.to contain_class('gnocchi::wsgi::apache') + is_expected.to contain_class('gnocchi::storage').with( + :coordination_url => 'redis://:gnocchi@127.0.0.1:6379/' + ) + is_expected.to contain_class('gnocchi::storage::file') + } + end + + context 'with step 4 with ceph backend' do + let(:params) { { + :step => 4, + :gnocchi_backend => 'rbd', + :gnocchi_redis_password => 'gnocchi', + :redis_vip => '127.0.0.1' + } } + + it { + is_expected.to contain_class('gnocchi::api') + is_expected.to contain_class('gnocchi::wsgi::apache') + is_expected.to contain_class('gnocchi::storage').with( + :coordination_url => 'redis://:gnocchi@127.0.0.1:6379/' + ) + is_expected.to contain_class('gnocchi::storage::ceph') + } + end + + context 'with step 5 on bootstrap' do + let(:params) { { + :step => 5, + :bootstrap_node => 'node.example.com', + :gnocchi_redis_password => 'gnocchi', + :redis_vip => '127.0.0.1' + } } + + it { + is_expected.to contain_class('gnocchi::api') + is_expected.to contain_class('gnocchi::wsgi::apache') + is_expected.to contain_exec('run gnocchi upgrade with storage').with( + :command => 'gnocchi-upgrade --config-file=/etc/gnocchi/gnocchi.conf', + :path => ['/usr/bin', '/usr/sbin'] + ) + } + end end diff --git a/spec/classes/tripleo_profile_base_sshd_spec.rb b/spec/classes/tripleo_profile_base_sshd_spec.rb index e84a1f5..58b271f 100644 --- a/spec/classes/tripleo_profile_base_sshd_spec.rb +++ b/spec/classes/tripleo_profile_base_sshd_spec.rb @@ -24,7 +24,23 @@ describe 'tripleo::profile::base::sshd' do context 'it should do nothing' do it do - is_expected.to contain_class('ssh::server') + is_expected.to contain_class('ssh::server').with({ + 'storeconfigs_enabled' => false, + 'options' => {} + }) + is_expected.to_not contain_file('/etc/issue') + is_expected.to_not contain_file('/etc/issue.net') + is_expected.to_not contain_file('/etc/motd') + end + end + + context 'it should do nothing with empty strings' do + let(:params) {{ :bannertext => '', :motd => '' }} + it do + is_expected.to contain_class('ssh::server').with({ + 'storeconfigs_enabled' => false, + 'options' => {} + }) is_expected.to_not contain_file('/etc/issue') is_expected.to_not contain_file('/etc/issue.net') is_expected.to_not contain_file('/etc/motd') @@ -34,6 +50,12 @@ describe 'tripleo::profile::base::sshd' do context 'with issue and issue.net configured' do let(:params) {{ :bannertext => 'foo' }} it do + is_expected.to contain_class('ssh::server').with({ + 'storeconfigs_enabled' => false, + 'options' => { + 'Banner' => '/etc/issue.net' + } + }) is_expected.to contain_file('/etc/issue').with({ 'content' => 'foo', 'owner' => 'root', @@ -53,6 +75,12 @@ describe 'tripleo::profile::base::sshd' do context 'with motd configured' do let(:params) {{ :motd => 'foo' }} it do + is_expected.to contain_class('ssh::server').with({ + 'storeconfigs_enabled' => false, + 'options' => { + 'PrintMotd' => 'yes' + } + }) is_expected.to contain_file('/etc/motd').with({ 'content' => 'foo', 'owner' => 'root', @@ -63,6 +91,94 @@ describe 'tripleo::profile::base::sshd' do is_expected.to_not contain_file('/etc/issue.net') end end + + context 'with options configured' do + let(:params) {{ :options => {'X11Forwarding' => 'no'} }} + it do + is_expected.to contain_class('ssh::server').with({ + 'storeconfigs_enabled' => false, + 'options' => { + 'X11Forwarding' => 'no' + } + }) + is_expected.to_not contain_file('/etc/motd') + is_expected.to_not contain_file('/etc/issue') + is_expected.to_not contain_file('/etc/issue.net') + end + end + + context 'with motd and issue configured' do + let(:params) {{ + :bannertext => 'foo', + :motd => 'foo' + }} + it do + is_expected.to contain_class('ssh::server').with({ + 'storeconfigs_enabled' => false, + 'options' => { + 'Banner' => '/etc/issue.net', + 'PrintMotd' => 'yes' + } + }) + is_expected.to contain_file('/etc/motd').with({ + 'content' => 'foo', + 'owner' => 'root', + 'group' => 'root', + 'mode' => '0644', + }) + is_expected.to contain_file('/etc/issue').with({ + 'content' => 'foo', + 'owner' => 'root', + 'group' => 'root', + 'mode' => '0644', + }) + is_expected.to contain_file('/etc/issue.net').with({ + 'content' => 'foo', + 'owner' => 'root', + 'group' => 'root', + 'mode' => '0644', + }) + end + end + + context 'with motd and issue and options configured' do + let(:params) {{ + :bannertext => 'foo', + :motd => 'foo', + :options => { + 'PrintMotd' => 'no', # this should be overridden + 'X11Forwarding' => 'no' + } + }} + it do + is_expected.to contain_class('ssh::server').with({ + 'storeconfigs_enabled' => false, + 'options' => { + 'Banner' => '/etc/issue.net', + 'PrintMotd' => 'yes', + 'X11Forwarding' => 'no' + } + }) + is_expected.to contain_file('/etc/motd').with({ + 'content' => 'foo', + 'owner' => 'root', + 'group' => 'root', + 'mode' => '0644', + }) + is_expected.to contain_file('/etc/issue').with({ + 'content' => 'foo', + 'owner' => 'root', + 'group' => 'root', + 'mode' => '0644', + }) + is_expected.to contain_file('/etc/issue.net').with({ + 'content' => 'foo', + 'owner' => 'root', + 'group' => 'root', + 'mode' => '0644', + }) + end + end end on_supported_os.each do |os, facts| diff --git a/spec/fixtures/hieradata/default.yaml b/spec/fixtures/hieradata/default.yaml index 16f39a5..873a49e 100644 --- a/spec/fixtures/hieradata/default.yaml +++ b/spec/fixtures/hieradata/default.yaml @@ -30,6 +30,8 @@ cinder::rabbit_password: 'password' cinder::keystone::authtoken::password: 'password' # gnocchi related items gnocchi::keystone::authtoken::password: 'password' +gnocchi::storage::ceph::ceph_username: 'gnocchi' +gnocchi::storage::ceph::ceph_secret: 'password' # nova related items nova::rabbit_password: 'password' nova::keystone::authtoken::password: 'password' |