diff options
| -rw-r--r-- | .gitignore | 1 | ||||
| -rw-r--r-- | Puppetfile_extras | 2 | ||||
| -rw-r--r-- | manifests/profile/base/cinder/volume/netapp.pp | 2 | ||||
| -rw-r--r-- | manifests/profile/base/cinder/volume/nfs.pp | 33 | ||||
| -rw-r--r-- | manifests/profile/base/neutron/ovs.pp | 17 | ||||
| -rw-r--r-- | spec/classes/tripleo_profile_base_neutron_ovs_spec.rb | 73 | ||||
| -rw-r--r-- | spec/fixtures/hieradata/default.yaml | 2 |
7 files changed, 122 insertions, 8 deletions
@@ -4,6 +4,7 @@ vendor/ spec/fixtures/ .vagrant/ .bundle/ +.bundle*/ coverage/ .idea/ *.swp diff --git a/Puppetfile_extras b/Puppetfile_extras index 481a8ec..4bc9d3f 100644 --- a/Puppetfile_extras +++ b/Puppetfile_extras @@ -46,7 +46,7 @@ mod 'systemd', :ref => 'master' mod 'opendaylight', - :git => 'https://github.com/dfarrell07/puppet-opendaylight', + :git => 'https://git.opendaylight.org/gerrit/integration/packaging/puppet-opendaylight', :ref => 'master' mod 'ssh', diff --git a/manifests/profile/base/cinder/volume/netapp.pp b/manifests/profile/base/cinder/volume/netapp.pp index fc652c9..43978da 100644 --- a/manifests/profile/base/cinder/volume/netapp.pp +++ b/manifests/profile/base/cinder/volume/netapp.pp @@ -59,6 +59,8 @@ class tripleo::profile::base::cinder::volume::netapp ( netapp_storage_pools => hiera('cinder::backend::netapp::netapp_storage_pools', undef), netapp_eseries_host_type => hiera('cinder::backend::netapp::netapp_eseries_host_type', undef), netapp_webservice_path => hiera('cinder::backend::netapp::netapp_webservice_path', undef), + nas_secure_file_operations => hiera('cinder::backend::netapp::nas_secure_file_operations', undef), + nas_secure_file_permissions => hiera('cinder::backend::netapp::nas_secure_file_permissions', undef), } } diff --git a/manifests/profile/base/cinder/volume/nfs.pp b/manifests/profile/base/cinder/volume/nfs.pp index 7b1f1b9..e384a79 100644 --- a/manifests/profile/base/cinder/volume/nfs.pp +++ b/manifests/profile/base/cinder/volume/nfs.pp @@ -29,6 +29,23 @@ # (Optional) List of mount options for the NFS share # Defaults to '' # +# [*cinder_nas_secure_file_operations*] +# (Optional) Allow network-attached storage systems to operate in a secure +# environment where root level access is not permitted. If set to False, +# access is as the root user and insecure. If set to True, access is not as +# root. If set to auto, a check is done to determine if this is a new +# installation: True is used if so, otherwise False. Default is auto. +# Defaults to $::os_service_default +# +# [*cinder_nas_secure_file_permissions*] +# (Optional) Set more secure file permissions on network-attached storage +# volume files to restrict broad other/world access. If set to False, +# volumes are created with open permissions. If set to True, volumes are +# created with permissions for the cinder user and group (660). If set to +# auto, a check is done to determine if this is a new installation: True is +# used if so, otherwise False. Default is auto. +# Defaults to $::os_service_default +# # [*step*] # (Optional) The current step in deployment. See tripleo-heat-templates # for more details. @@ -36,9 +53,11 @@ # class tripleo::profile::base::cinder::volume::nfs ( $cinder_nfs_servers, - $backend_name = hiera('cinder::backend::nfs::volume_backend_name', 'tripleo_nfs'), - $cinder_nfs_mount_options = '', - $step = hiera('step'), + $backend_name = hiera('cinder::backend::nfs::volume_backend_name', 'tripleo_nfs'), + $cinder_nfs_mount_options = '', + $cinder_nas_secure_file_operations = $::os_service_default, + $cinder_nas_secure_file_permissions = $::os_service_default, + $step = hiera('step'), ) { include ::tripleo::profile::base::cinder::volume @@ -52,9 +71,11 @@ class tripleo::profile::base::cinder::volume::nfs ( package {'nfs-utils': } -> cinder::backend::nfs { $backend_name : - nfs_servers => $cinder_nfs_servers, - nfs_mount_options => $cinder_nfs_mount_options, - nfs_shares_config => '/etc/cinder/shares-nfs.conf', + nfs_servers => $cinder_nfs_servers, + nfs_mount_options => $cinder_nfs_mount_options, + nfs_shares_config => '/etc/cinder/shares-nfs.conf', + nas_secure_file_operations => $cinder_nas_secure_file_operations, + nas_secure_file_permissions => $cinder_nas_secure_file_permissions, } } diff --git a/manifests/profile/base/neutron/ovs.pp b/manifests/profile/base/neutron/ovs.pp index bec7e96..97eb8e9 100644 --- a/manifests/profile/base/neutron/ovs.pp +++ b/manifests/profile/base/neutron/ovs.pp @@ -23,12 +23,27 @@ # for more details. # Defaults to hiera('step') # +# [*vhostuser_socket_dir*] +# (Optional) vhostuser socket dir, The directory where $vhostuser_socket_dir +# will be created with correct permissions, inorder to support vhostuser +# client mode. + class tripleo::profile::base::neutron::ovs( - $step = hiera('step'), + $step = hiera('step'), + $vhostuser_socket_dir = hiera('neutron::agents::ml2::ovs::vhostuser_socket_dir', undef) ) { include ::tripleo::profile::base::neutron if $step >= 5 { + if $vhostuser_socket_dir { + file { $vhostuser_socket_dir: + ensure => directory, + owner => 'qemu', + group => 'qemu', + mode => '0775', + } + } + include ::neutron::agents::ml2::ovs # Optional since manage_service may be false and neutron server may not be colocated. diff --git a/spec/classes/tripleo_profile_base_neutron_ovs_spec.rb b/spec/classes/tripleo_profile_base_neutron_ovs_spec.rb new file mode 100644 index 0000000..14de7e1 --- /dev/null +++ b/spec/classes/tripleo_profile_base_neutron_ovs_spec.rb @@ -0,0 +1,73 @@ +# +# Copyright (C) 2017 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# + +require 'spec_helper' + +describe 'tripleo::profile::base::neutron::ovs' do + + shared_examples_for 'tripleo::profile::base::neutron::ovs with default params' do + + before :each do + facts.merge!({ :step => params[:step] }) + end + + context 'with defaults for all parameters' do + let(:params) { { :step => 5 } } + + it 'should do nothing' do + is_expected.to contain_class('tripleo::profile::base::neutron') + is_expected.to contain_class('neutron::agents::ml2::ovs') + is_expected.not_to contain_file('/var/lib/vhostuser_sockets') + end + end + end + + shared_examples_for 'tripleo::profile::base::neutron::ovs with vhostuser_socketdir' do + + before :each do + facts.merge!({ :step => params[:step], :vhostuser_socket_dir => params[:vhostuser_socket_dir] }) + end + + context 'with vhostuser_socketdir configured' do + let :params do + { + :step => 5, + :vhostuser_socket_dir => '/var/lib/vhostuser_sockets' + } + end + + it { is_expected.to contain_class('tripleo::profile::base::neutron') } + it { is_expected.to contain_class('neutron::agents::ml2::ovs') } + it { is_expected.to contain_file('/var/lib/vhostuser_sockets').with( + :ensure => 'directory', + :owner => 'qemu', + :group => 'qemu', + :mode => '0775', + ) } + end + end + + on_supported_os.each do |os, facts| + context "on #{os}" do + let(:facts) do + facts.merge({ :hostname => 'node.example.com' }) + end + + it_behaves_like 'tripleo::profile::base::neutron::ovs with default params' + it_behaves_like 'tripleo::profile::base::neutron::ovs with vhostuser_socketdir' + end + end +end diff --git a/spec/fixtures/hieradata/default.yaml b/spec/fixtures/hieradata/default.yaml index 3cf2693..ad2da39 100644 --- a/spec/fixtures/hieradata/default.yaml +++ b/spec/fixtures/hieradata/default.yaml @@ -45,3 +45,5 @@ memcached_node_ips: octavia::rabbit_password: 'password' horizon::secret_key: 'secrete' service_names: ['sshd'] +#Neutron related +neutron::rabbit_password: 'password' |