aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--manifests/profile/base/nova.pp160
-rw-r--r--manifests/profile/base/nova/compute/libvirt.pp1
-rw-r--r--manifests/profile/base/nova/libvirt.pp1
-rw-r--r--manifests/profile/base/nova/migration.pp35
-rw-r--r--manifests/profile/base/nova/migration/client.pp100
-rw-r--r--manifests/profile/base/nova/migration/target.pp120
-rw-r--r--manifests/profile/pacemaker/haproxy_bundle.pp21
-rw-r--r--spec/classes/tripleo_profile_base_nova_compute_libvirt_spec.rb6
-rw-r--r--spec/classes/tripleo_profile_base_nova_compute_spec.rb6
-rw-r--r--spec/classes/tripleo_profile_base_nova_libvirt_spec.rb6
-rw-r--r--spec/classes/tripleo_profile_base_nova_migration_client_spec.rb188
-rw-r--r--spec/classes/tripleo_profile_base_nova_migration_spec.rb40
-rw-r--r--spec/classes/tripleo_profile_base_nova_migration_target_spec.rb283
-rw-r--r--spec/classes/tripleo_profile_base_nova_spec.rb423
-rw-r--r--spec/fixtures/hieradata/default.yaml1
15 files changed, 816 insertions, 575 deletions
diff --git a/manifests/profile/base/nova.pp b/manifests/profile/base/nova.pp
index 65e8ebc..16ba7be 100644
--- a/manifests/profile/base/nova.pp
+++ b/manifests/profile/base/nova.pp
@@ -22,14 +22,6 @@
# (Optional) The hostname of the node responsible for bootstrapping tasks
# Defaults to hiera('bootstrap_nodeid')
#
-# [*libvirt_enabled*]
-# (Optional) Whether or not Libvirt is enabled.
-# Defaults to false
-#
-# [*manage_migration*]
-# (Optional) Whether or not manage Nova Live migration
-# Defaults to false
-#
# [*oslomsg_rpc_proto*]
# Protocol driver for the oslo messaging rpc service
# Defaults to hiera('messaging_rpc_service_name', rabbit)
@@ -74,49 +66,27 @@
# Enable ssl oslo messaging services
# Defaults to hiera('nova::rabbit_use_ssl', '0')
#
-# [*nova_compute_enabled*]
-# (Optional) Whether or not nova-compute is enabled.
-# Defaults to false
-#
# [*step*]
# (Optional) The current step of the deployment
# Defaults to hiera('step')
#
-# [*migration_ssh_key*]
-# (Optional) SSH key pair for migration SSH tunnel.
-# Expects a hash with keys 'private_key' and 'public_key'.
-# Defaults to {}
-#
-# [*migration_ssh_localaddrs*]
-# (Optional) Restrict ssh migration to clients connecting via this list of
-# IPs.
-# Defaults to [] (no restriction)
-#
-# [*libvirt_tls*]
-# (Optional) Whether or not libvird TLS service is enabled.
-# Defaults to false
class tripleo::profile::base::nova (
- $bootstrap_node = hiera('bootstrap_nodeid', undef),
- $libvirt_enabled = false,
- $manage_migration = false,
- $oslomsg_rpc_proto = hiera('messaging_rpc_service_name', 'rabbit'),
- $oslomsg_rpc_hosts = any2array(hiera('rabbitmq_node_names', undef)),
- $oslomsg_rpc_password = hiera('nova::rabbit_password'),
- $oslomsg_rpc_port = hiera('nova::rabbit_port', '5672'),
- $oslomsg_rpc_username = hiera('nova::rabbit_userid', 'guest'),
- $oslomsg_notify_proto = hiera('messaging_notify_service_name', 'rabbit'),
- $oslomsg_notify_hosts = any2array(hiera('rabbitmq_node_names', undef)),
- $oslomsg_notify_password = hiera('nova::rabbit_password'),
- $oslomsg_notify_port = hiera('nova::rabbit_port', '5672'),
- $oslomsg_notify_username = hiera('nova::rabbit_userid', 'guest'),
- $oslomsg_use_ssl = hiera('nova::rabbit_use_ssl', '0'),
- $nova_compute_enabled = false,
- $step = Integer(hiera('step')),
- $migration_ssh_key = {},
- $migration_ssh_localaddrs = [],
- $libvirt_tls = false
+ $bootstrap_node = hiera('bootstrap_nodeid', undef),
+ $oslomsg_rpc_proto = hiera('messaging_rpc_service_name', 'rabbit'),
+ $oslomsg_rpc_hosts = any2array(hiera('rabbitmq_node_names', undef)),
+ $oslomsg_rpc_password = hiera('nova::rabbit_password'),
+ $oslomsg_rpc_port = hiera('nova::rabbit_port', '5672'),
+ $oslomsg_rpc_username = hiera('nova::rabbit_userid', 'guest'),
+ $oslomsg_notify_proto = hiera('messaging_notify_service_name', 'rabbit'),
+ $oslomsg_notify_hosts = any2array(hiera('rabbitmq_node_names', undef)),
+ $oslomsg_notify_password = hiera('nova::rabbit_password'),
+ $oslomsg_notify_port = hiera('nova::rabbit_port', '5672'),
+ $oslomsg_notify_username = hiera('nova::rabbit_userid', 'guest'),
+ $oslomsg_use_ssl = hiera('nova::rabbit_use_ssl', '0'),
+ $step = Integer(hiera('step')),
) {
+
if $::hostname == downcase($bootstrap_node) {
$sync_db = true
} else {
@@ -129,10 +99,6 @@ class tripleo::profile::base::nova (
$memcache_servers = suffix(hiera('memcached_node_ips'), ':11211')
}
- validate_array($migration_ssh_localaddrs)
- $migration_ssh_localaddrs.each |$x| { validate_ip_address($x) }
- $migration_ssh_localaddrs_real = unique($migration_ssh_localaddrs)
-
if $step >= 4 or ($step >= 3 and $sync_db) {
$oslomsg_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_use_ssl)))
include ::nova::config
@@ -161,102 +127,4 @@ class tripleo::profile::base::nova (
}
include ::nova::placement
}
-
- if $step >= 4 {
- if $manage_migration {
- # Libvirt setup (live-migration)
- if $libvirt_tls {
- class { '::nova::migration::libvirt':
- transport => 'tls',
- configure_libvirt => $libvirt_enabled,
- configure_nova => $nova_compute_enabled,
- }
- } else {
- # Reuse the cold-migration SSH tunnel when TLS is not enabled
- class { '::nova::migration::libvirt':
- transport => 'ssh',
- configure_libvirt => $libvirt_enabled,
- configure_nova => $nova_compute_enabled,
- client_user => 'nova_migration',
- client_extraparams => {'keyfile' => '/etc/nova/migration/identity'}
- }
- }
-
- $services_enabled = hiera('service_names', [])
- if !empty($migration_ssh_key) and 'sshd' in $services_enabled {
- # Nova SSH tunnel setup (cold-migration)
-
- # Server side
- if !empty($migration_ssh_localaddrs_real) {
- $allow_type = sprintf('LocalAddress %s User', join($migration_ssh_localaddrs_real,','))
- $deny_type = 'LocalAddress'
- $deny_name = sprintf('!%s', join($migration_ssh_localaddrs_real,',!'))
-
- ssh::server::match_block { 'nova_migration deny':
- name => $deny_name,
- type => $deny_type,
- order => 2,
- options => {
- 'DenyUsers' => 'nova_migration'
- },
- notify => Service['sshd']
- }
- }
- else {
- $allow_type = 'User'
- }
- $allow_name = 'nova_migration'
-
- ssh::server::match_block { 'nova_migration allow':
- name => $allow_name,
- type => $allow_type,
- order => 1,
- options => {
- 'ForceCommand' => '/bin/nova-migration-wrapper',
- 'PasswordAuthentication' => 'no',
- 'AllowTcpForwarding' => 'no',
- 'X11Forwarding' => 'no',
- 'AuthorizedKeysFile' => '/etc/nova/migration/authorized_keys'
- },
- notify => Service['sshd']
- }
-
- $migration_authorized_keys = $migration_ssh_key['public_key']
- $migration_identity = $migration_ssh_key['private_key']
- $migration_user_shell = '/bin/bash'
- }
- else {
- # Remove the keys and prevent login when migration over SSH is not enabled
- $migration_authorized_keys = '# Migration over SSH disabled by TripleO'
- $migration_identity = '# Migration over SSH disabled by TripleO'
- $migration_user_shell = '/sbin/nologin'
- }
-
- package { 'openstack-nova-migration':
- ensure => present,
- tag => ['openstack', 'nova-package'],
- }
-
- file { '/etc/nova/migration/authorized_keys':
- content => $migration_authorized_keys,
- mode => '0640',
- owner => 'root',
- group => 'nova_migration',
- require => Package['openstack-nova-migration']
- }
-
- file { '/etc/nova/migration/identity':
- content => $migration_identity,
- mode => '0600',
- owner => 'nova',
- group => 'nova',
- require => Package['openstack-nova-migration']
- }
-
- user {'nova_migration':
- shell => $migration_user_shell,
- require => Package['openstack-nova-migration']
- }
- }
- }
}
diff --git a/manifests/profile/base/nova/compute/libvirt.pp b/manifests/profile/base/nova/compute/libvirt.pp
index 4097be3..8a7c4d6 100644
--- a/manifests/profile/base/nova/compute/libvirt.pp
+++ b/manifests/profile/base/nova/compute/libvirt.pp
@@ -28,6 +28,7 @@ class tripleo::profile::base::nova::compute::libvirt (
) {
if $step >= 4 {
include ::tripleo::profile::base::nova::compute
+ include ::tripleo::profile::base::nova::migration::client
# Ceph + Libvirt
$rbd_ephemeral_storage = hiera('nova::compute::rbd::ephemeral_storage', false)
diff --git a/manifests/profile/base/nova/libvirt.pp b/manifests/profile/base/nova/libvirt.pp
index b639858..06baa39 100644
--- a/manifests/profile/base/nova/libvirt.pp
+++ b/manifests/profile/base/nova/libvirt.pp
@@ -28,6 +28,7 @@ class tripleo::profile::base::nova::libvirt (
) {
if $step >= 4 {
include ::tripleo::profile::base::nova
+ include ::tripleo::profile::base::nova::migration::client
include ::nova::compute::libvirt::services
file { ['/etc/libvirt/qemu/networks/autostart/default.xml',
diff --git a/manifests/profile/base/nova/migration.pp b/manifests/profile/base/nova/migration.pp
new file mode 100644
index 0000000..0c4c844
--- /dev/null
+++ b/manifests/profile/base/nova/migration.pp
@@ -0,0 +1,35 @@
+# Copyright 2016 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# == Class: tripleo::profile::base::nova::migration
+#
+# Nova migration profile for tripleo, common to both client and target.
+#
+# === Parameters
+#
+# [*step*]
+# (Optional) The current step of the deployment
+# Defaults to hiera('step')
+#
+
+class tripleo::profile::base::nova::migration (
+ $step = Integer(hiera('step')),
+) {
+ if $step >= 3 {
+ package { 'openstack-nova-migration':
+ ensure => present,
+ tag => ['openstack', 'nova-package'],
+ }
+ }
+}
diff --git a/manifests/profile/base/nova/migration/client.pp b/manifests/profile/base/nova/migration/client.pp
new file mode 100644
index 0000000..12b83dc
--- /dev/null
+++ b/manifests/profile/base/nova/migration/client.pp
@@ -0,0 +1,100 @@
+# Copyright 2016 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# == Class: tripleo::profile::base::nova::migration
+#
+# Nova migration client profile for tripleo
+#
+# === Parameters
+#
+# [*libvirt_enabled*]
+# (Optional) Whether or not Libvirt is enabled.
+# Defaults to false
+#
+# [*nova_compute_enabled*]
+# (Optional) Whether or not nova-compute is enabled.
+# Defaults to false
+#
+# [*step*]
+# (Optional) The current step of the deployment
+# Defaults to hiera('step')
+#
+# [*ssh_private_key*]
+# (Optional) SSH private_key for migration SSH tunnel.
+# Defaults to ''
+#
+# [*ssh_port*]
+# (Optional) Port that SSH target services is listening on.
+# Defaults to 22
+#
+# [*libvirt_tls*]
+# (Optional) Whether or not libvird TLS service is enabled.
+# Defaults to false
+
+class tripleo::profile::base::nova::migration::client (
+ $libvirt_enabled = false,
+ $nova_compute_enabled = false,
+ $step = Integer(hiera('step')),
+ $ssh_private_key = '',
+ $ssh_port = 22,
+ $libvirt_tls = false,
+) {
+
+ include ::tripleo::profile::base::nova::migration
+
+ if $step >= 4 {
+
+ # Libvirt setup (live-migration)
+ if $libvirt_tls {
+ class { '::nova::migration::libvirt':
+ transport => 'tls',
+ configure_libvirt => $libvirt_enabled,
+ configure_nova => $nova_compute_enabled,
+ }
+ } else {
+ # Reuse the cold-migration SSH tunnel when TLS is not enabled
+ class { '::nova::migration::libvirt':
+ transport => 'ssh',
+ configure_libvirt => $libvirt_enabled,
+ configure_nova => $nova_compute_enabled,
+ client_user => 'nova_migration',
+ client_extraparams => {'keyfile' => '/etc/nova/migration/identity'},
+ client_port => $ssh_port
+ }
+ }
+
+ if !empty($ssh_private_key) {
+ # Nova SSH tunnel setup (cold-migration)
+ $migration_identity = $ssh_private_key
+ }
+ else {
+ $migration_identity = '# Migration over SSH disabled by TripleO'
+ }
+
+ file { '/etc/nova/migration/identity':
+ content => $migration_identity,
+ mode => '0600',
+ owner => 'nova',
+ group => 'nova',
+ require => Package['openstack-nova-migration']
+ }
+
+ file_line { 'nova_ssh_port':
+ ensure => present,
+ path => '/var/lib/nova/.ssh/config',
+ after => '^Host \*$',
+ line => " Port ${ssh_port}",
+ }
+ }
+}
diff --git a/manifests/profile/base/nova/migration/target.pp b/manifests/profile/base/nova/migration/target.pp
new file mode 100644
index 0000000..7c21028
--- /dev/null
+++ b/manifests/profile/base/nova/migration/target.pp
@@ -0,0 +1,120 @@
+# Copyright 2016 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# == Class: tripleo::profile::base::nova::migration::target
+#
+# Nova migration target profile for tripleo
+#
+# === Parameters
+#
+# [*step*]
+# (Optional) The current step of the deployment
+# Defaults to hiera('step')
+#
+# [*ssh_authorized_keys*]
+# (Optional) List of SSH public keys authorized for migration.
+# If no keys are provided then migration over ssh will be disabled.
+# Defaults to []
+#
+# [*ssh_localaddrs*]
+# (Optional) Restrict ssh migration to clients connecting via this list of
+# IPs.
+# Defaults to [] (no restriction)
+#
+# [*services_enabled*]
+# (Optional) List of services enabled on the current role.
+# If the nova_migration_target service is not enabled then migration over
+# ssh will be disabled.
+# Defaults to hiera('service_names', [])
+
+class tripleo::profile::base::nova::migration::target (
+ $step = Integer(hiera('step')),
+ $ssh_authorized_keys = [],
+ $ssh_localaddrs = [],
+ $services_enabled = hiera('service_names', []),
+) {
+
+ include ::tripleo::profile::base::nova::migration
+
+ validate_array($ssh_localaddrs)
+ $ssh_localaddrs.each |$x| { validate_ip_address($x) }
+ $ssh_localaddrs_real = unique($ssh_localaddrs)
+ validate_array($ssh_authorized_keys)
+ $ssh_authorized_keys_real = join($ssh_authorized_keys, '\n')
+
+ if $step >= 4 {
+ if !empty($ssh_authorized_keys_real) {
+ if ('nova_migration_target' in $services_enabled) {
+ if !empty($ssh_localaddrs_real) {
+ $allow_type = sprintf('LocalAddress %s User', join($ssh_localaddrs_real,','))
+ $deny_type = 'LocalAddress'
+ $deny_name = sprintf('!%s', join($ssh_localaddrs_real,',!'))
+
+ ssh::server::match_block { 'nova_migration deny':
+ name => $deny_name,
+ type => $deny_type,
+ order => 2,
+ options => {
+ 'DenyUsers' => 'nova_migration'
+ },
+ notify => Service['sshd']
+ }
+ }
+ else {
+ $allow_type = 'User'
+ }
+ $allow_name = 'nova_migration'
+
+ ssh::server::match_block { 'nova_migration allow':
+ name => $allow_name,
+ type => $allow_type,
+ order => 1,
+ options => {
+ 'ForceCommand' => '/bin/nova-migration-wrapper',
+ 'PasswordAuthentication' => 'no',
+ 'AllowTcpForwarding' => 'no',
+ 'X11Forwarding' => 'no',
+ 'AuthorizedKeysFile' => '/etc/nova/migration/authorized_keys'
+ },
+ notify => Service['sshd']
+ }
+ $migration_authorized_keys = $ssh_authorized_keys_real
+ $migration_user_shell = '/bin/bash'
+ }
+ else {
+ # Remove the keys and prevent login when migration over SSH is not enabled
+ $migration_authorized_keys = '# Migration over SSH disabled by TripleO'
+ $migration_user_shell = '/sbin/nologin'
+ }
+ }
+ else {
+ # Remove the keys and prevent login when migration over SSH is not enabled
+ $migration_authorized_keys = '# Migration over SSH disabled by TripleO'
+ $migration_user_shell = '/sbin/nologin'
+ }
+
+ file { '/etc/nova/migration/authorized_keys':
+ content => $migration_authorized_keys,
+ mode => '0640',
+ owner => 'root',
+ group => 'nova_migration',
+ require => Package['openstack-nova-migration']
+ }
+
+ user {'nova_migration':
+ shell => $migration_user_shell,
+ require => Package['openstack-nova-migration']
+ }
+ }
+}
diff --git a/manifests/profile/pacemaker/haproxy_bundle.pp b/manifests/profile/pacemaker/haproxy_bundle.pp
index 0f71b82..afe6f77 100644
--- a/manifests/profile/pacemaker/haproxy_bundle.pp
+++ b/manifests/profile/pacemaker/haproxy_bundle.pp
@@ -30,6 +30,11 @@
# (Optional) Whether load balancing is enabled for this cluster
# Defaults to hiera('enable_load_balancer', true)
#
+# [*deployed_ssl_cert_path*]
+# (Optional) The filepath of the certificate as it will be stored in
+# the controller.
+# Defaults to '/etc/pki/tls/private/overcloud_endpoint.pem'
+#
# [*step*]
# (Optional) The current step in deployment. See tripleo-heat-templates
# for more details.
@@ -40,11 +45,12 @@
# Defaults to hiera('pcs_tries', 20)
#
class tripleo::profile::pacemaker::haproxy_bundle (
- $haproxy_docker_image = hiera('tripleo::profile::pacemaker::haproxy::haproxy_docker_image', undef),
- $bootstrap_node = hiera('haproxy_short_bootstrap_node_name'),
- $enable_load_balancer = hiera('enable_load_balancer', true),
- $step = Integer(hiera('step')),
- $pcs_tries = hiera('pcs_tries', 20),
+ $haproxy_docker_image = hiera('tripleo::profile::pacemaker::haproxy::haproxy_docker_image', undef),
+ $bootstrap_node = hiera('haproxy_short_bootstrap_node_name'),
+ $enable_load_balancer = hiera('enable_load_balancer', true),
+ $deployed_ssl_cert_path = '/etc/pki/tls/private/overcloud_endpoint.pem',
+ $step = Integer(hiera('step')),
+ $pcs_tries = hiera('pcs_tries', 20),
) {
include ::tripleo::profile::base::haproxy
@@ -137,6 +143,11 @@ class tripleo::profile::pacemaker::haproxy_bundle (
'target-dir' => '/dev/log',
'options' => 'rw',
},
+ 'haproxy-cert' => {
+ 'source-dir' => deployed_ssl_cert_path,
+ 'target-dir' => deployed_ssl_cert_path,
+ 'options' => 'ro',
+ },
},
}
$control_vip = hiera('controller_virtual_ip')
diff --git a/spec/classes/tripleo_profile_base_nova_compute_libvirt_spec.rb b/spec/classes/tripleo_profile_base_nova_compute_libvirt_spec.rb
index 32482a9..db9e77e 100644
--- a/spec/classes/tripleo_profile_base_nova_compute_libvirt_spec.rb
+++ b/spec/classes/tripleo_profile_base_nova_compute_libvirt_spec.rb
@@ -41,6 +41,12 @@ describe 'tripleo::profile::base::nova::compute::libvirt' do
class { '::tripleo::profile::base::nova::compute':
step => #{params[:step]},
}
+ class { '::tripleo::profile::base::nova::migration':
+ step => #{params[:step]}
+ }
+ class { '::tripleo::profile::base::nova::migration::client':
+ step => #{params[:step]}
+ }
eos
end
diff --git a/spec/classes/tripleo_profile_base_nova_compute_spec.rb b/spec/classes/tripleo_profile_base_nova_compute_spec.rb
index 545a1fa..9082075 100644
--- a/spec/classes/tripleo_profile_base_nova_compute_spec.rb
+++ b/spec/classes/tripleo_profile_base_nova_compute_spec.rb
@@ -40,6 +40,12 @@ describe 'tripleo::profile::base::nova::compute' do
step => #{params[:step]},
oslomsg_rpc_hosts => [ '127.0.0.1' ],
}
+ class { '::tripleo::profile::base::nova::migration':
+ step => #{params[:step]}
+ }
+ class { '::tripleo::profile::base::nova::migration::client':
+ step => #{params[:step]}
+ }
eos
end
diff --git a/spec/classes/tripleo_profile_base_nova_libvirt_spec.rb b/spec/classes/tripleo_profile_base_nova_libvirt_spec.rb
index 36a6110..d9a06b2 100644
--- a/spec/classes/tripleo_profile_base_nova_libvirt_spec.rb
+++ b/spec/classes/tripleo_profile_base_nova_libvirt_spec.rb
@@ -39,6 +39,12 @@ describe 'tripleo::profile::base::nova::libvirt' do
step => #{params[:step]},
oslomsg_rpc_hosts => [ '127.0.0.1' ],
}
+ class { '::tripleo::profile::base::nova::migration':
+ step => #{params[:step]}
+ }
+ class { '::tripleo::profile::base::nova::migration::client':
+ step => #{params[:step]}
+ }
eos
end
diff --git a/spec/classes/tripleo_profile_base_nova_migration_client_spec.rb b/spec/classes/tripleo_profile_base_nova_migration_client_spec.rb
new file mode 100644
index 0000000..91294dd
--- /dev/null
+++ b/spec/classes/tripleo_profile_base_nova_migration_client_spec.rb
@@ -0,0 +1,188 @@
+#
+# Copyright (C) 2017 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+
+require 'spec_helper'
+
+describe 'tripleo::profile::base::nova::migration::client' do
+ shared_examples_for 'tripleo::profile::base::nova::migration::client' do
+
+ context 'with step 4' do
+ let(:pre_condition) {
+ <<-eos
+ include ::nova::compute::libvirt::services
+ class { '::tripleo::profile::base::nova::migration':
+ step => #{params[:step]}
+ }
+eos
+ }
+ let(:params) { {
+ :step => 4,
+ } }
+
+ it {
+ is_expected.to contain_class('tripleo::profile::base::nova::migration')
+ is_expected.to contain_class('nova::migration::libvirt').with(
+ :transport => 'ssh',
+ :configure_libvirt => false,
+ :configure_nova => false
+ )
+ is_expected.to contain_file('/etc/nova/migration/identity').with(
+ :content => '# Migration over SSH disabled by TripleO',
+ :mode => '0600',
+ :owner => 'nova',
+ :group => 'nova',
+ )
+ }
+ end
+
+ context 'with step 4 with libvirt' do
+ let(:pre_condition) {
+ <<-eos
+ include ::nova::compute::libvirt::services
+ class { '::tripleo::profile::base::nova::migration':
+ step => #{params[:step]}
+ }
+eos
+ }
+ let(:params) { {
+ :step => 4,
+ :libvirt_enabled => true,
+ :nova_compute_enabled => true,
+ } }
+
+ it {
+ is_expected.to contain_class('tripleo::profile::base::nova::migration')
+ is_expected.to contain_class('nova::migration::libvirt').with(
+ :transport => 'ssh',
+ :configure_libvirt => params[:libvirt_enabled],
+ :configure_nova => params[:nova_compute_enabled]
+ )
+ is_expected.to contain_file('/etc/nova/migration/identity').with(
+ :content => '# Migration over SSH disabled by TripleO',
+ :mode => '0600',
+ :owner => 'nova',
+ :group => 'nova',
+ )
+ }
+ end
+
+ context 'with step 4 with libvirt TLS' do
+ let(:pre_condition) {
+ <<-eos
+ include ::nova::compute::libvirt::services
+ class { '::tripleo::profile::base::nova::migration':
+ step => #{params[:step]}
+ }
+eos
+ }
+ let(:params) { {
+ :step => 4,
+ :libvirt_enabled => true,
+ :nova_compute_enabled => true,
+ :libvirt_tls => true,
+ } }
+
+ it {
+ is_expected.to contain_class('tripleo::profile::base::nova::migration')
+ is_expected.to contain_class('nova::migration::libvirt').with(
+ :transport => 'tls',
+ :configure_libvirt => params[:libvirt_enabled],
+ :configure_nova => params[:nova_compute_enabled],
+ )
+ is_expected.to contain_file('/etc/nova/migration/identity').with(
+ :content => '# Migration over SSH disabled by TripleO',
+ :mode => '0600',
+ :owner => 'nova',
+ :group => 'nova',
+ )
+ }
+ end
+
+ context 'with step 4 with libvirt and migration ssh key' do
+ let(:pre_condition) {
+ <<-eos
+ include ::nova::compute::libvirt::services
+ class { '::tripleo::profile::base::nova::migration':
+ step => #{params[:step]}
+ }
+eos
+ }
+ let(:params) { {
+ :step => 4,
+ :libvirt_enabled => true,
+ :nova_compute_enabled => true,
+ :ssh_private_key => 'foo'
+ } }
+
+ it {
+ is_expected.to contain_class('nova::migration::libvirt').with(
+ :transport => 'ssh',
+ :configure_libvirt => params[:libvirt_enabled],
+ :configure_nova => params[:nova_compute_enabled]
+ )
+ is_expected.to contain_file('/etc/nova/migration/identity').with(
+ :content => 'foo',
+ :mode => '0600',
+ :owner => 'nova',
+ :group => 'nova',
+ )
+ }
+ end
+
+ context 'with step 4 with libvirt TLS and migration ssh key' do
+ let(:pre_condition) {
+ <<-eos
+ include ::nova::compute::libvirt::services
+ class { '::tripleo::profile::base::nova::migration':
+ step => #{params[:step]}
+ }
+eos
+ }
+ let(:params) { {
+ :step => 4,
+ :libvirt_enabled => true,
+ :nova_compute_enabled => true,
+ :libvirt_tls => true,
+ :ssh_private_key => 'foo'
+ } }
+
+ it {
+ is_expected.to contain_class('nova::migration::libvirt').with(
+ :transport => 'tls',
+ :configure_libvirt => params[:libvirt_enabled],
+ :configure_nova => params[:nova_compute_enabled]
+ )
+ is_expected.to contain_file('/etc/nova/migration/identity').with(
+ :content => 'foo',
+ :mode => '0600',
+ :owner => 'nova',
+ :group => 'nova',
+ )
+ }
+ end
+
+ end
+
+
+ on_supported_os.each do |os, facts|
+ context "on #{os}" do
+ let(:facts) do
+ facts.merge({ :hostname => 'node.example.com' })
+ end
+ it_behaves_like 'tripleo::profile::base::nova::migration::client'
+ end
+ end
+end
diff --git a/spec/classes/tripleo_profile_base_nova_migration_spec.rb b/spec/classes/tripleo_profile_base_nova_migration_spec.rb
new file mode 100644
index 0000000..86c790e
--- /dev/null
+++ b/spec/classes/tripleo_profile_base_nova_migration_spec.rb
@@ -0,0 +1,40 @@
+#
+# Copyright (C) 2017 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+
+require 'spec_helper'
+
+describe 'tripleo::profile::base::nova::migration' do
+ shared_examples_for 'tripleo::profile::base::nova::migration' do
+
+ context 'with step 3' do
+ let(:params) { {
+ :step => 3,
+ } }
+
+ it {
+ is_expected.to contain_package('openstack-nova-migration')
+ }
+ end
+
+ end
+
+
+ on_supported_os.each do |os, facts|
+ context "on #{os}" do
+ it_behaves_like 'tripleo::profile::base::nova::migration'
+ end
+ end
+end
diff --git a/spec/classes/tripleo_profile_base_nova_migration_target_spec.rb b/spec/classes/tripleo_profile_base_nova_migration_target_spec.rb
new file mode 100644
index 0000000..a14b89a
--- /dev/null
+++ b/spec/classes/tripleo_profile_base_nova_migration_target_spec.rb
@@ -0,0 +1,283 @@
+#
+# Copyright (C) 2017 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+
+require 'spec_helper'
+
+describe 'tripleo::profile::base::nova::migration::target' do
+ shared_examples_for 'tripleo::profile::base::nova::migration::target' do
+
+ context 'with step 4 without authorized_keys' do
+ let(:pre_condition) {
+ <<-eos
+ class { '::tripleo::profile::base::nova::migration':
+ step => #{params[:step]}
+ }
+ class { '::ssh::server':
+ storeconfigs_enabled => false,
+ options => {}
+ }
+eos
+ }
+ let(:params) { {
+ :step => 4,
+ :services_enabled => ['docker', 'nova_migration_target']
+ } }
+
+ it {
+ is_expected.to contain_class('tripleo::profile::base::nova::migration')
+ is_expected.to contain_file('/etc/nova/migration/authorized_keys').with(
+ :content => '# Migration over SSH disabled by TripleO',
+ :mode => '0640',
+ :owner => 'root',
+ :group => 'nova_migration',
+ )
+ is_expected.to contain_user('nova_migration').with(
+ :shell => '/sbin/nologin'
+ )
+ }
+ end
+
+ context 'with step 4 without nova_migration_target service enabled' do
+ let(:pre_condition) {
+ <<-eos
+ class { '::tripleo::profile::base::nova::migration':
+ step => #{params[:step]}
+ }
+ class { '::ssh::server':
+ storeconfigs_enabled => false,
+ options => {}
+ }
+eos
+ }
+ let(:params) { {
+ :step => 4,
+ :ssh_authorized_keys => ['bar', 'baz'],
+ } }
+
+ it {
+ is_expected.to contain_class('tripleo::profile::base::nova::migration')
+ is_expected.to contain_file('/etc/nova/migration/authorized_keys').with(
+ :content => '# Migration over SSH disabled by TripleO',
+ :mode => '0640',
+ :owner => 'root',
+ :group => 'nova_migration',
+ )
+ is_expected.to contain_user('nova_migration').with(
+ :shell => '/sbin/nologin'
+ )
+ }
+ end
+
+ context 'with step 4 with invalid ssh_authorized_keys' do
+ let(:pre_condition) {
+ <<-eos
+ class { '::tripleo::profile::base::nova::migration':
+ step => #{params[:step]}
+ }
+ class { '::ssh::server':
+ storeconfigs_enabled => false,
+ options => {}
+ }
+eos
+ }
+ let(:params) { {
+ :step => 4,
+ :ssh_authorized_keys => 'ssh-rsa bar',
+ } }
+
+ it { is_expected.to_not compile }
+ end
+
+ context 'with step 4 with nova_migration_target services enabled' do
+ let(:pre_condition) {
+ <<-eos
+ class { '::tripleo::profile::base::nova::migration':
+ step => #{params[:step]}
+ }
+ class { '::ssh::server':
+ storeconfigs_enabled => false,
+ options => {}
+ }
+eos
+ }
+ let(:params) { {
+ :step => 4,
+ :ssh_authorized_keys => ['ssh-rsa bar', 'ssh-rsa baz'],
+ :services_enabled => ['docker', 'nova_migration_target']
+ } }
+
+ it {
+ is_expected.to contain_class('tripleo::profile::base::nova::migration')
+ is_expected.to contain_ssh__server__match_block('nova_migration allow').with(
+ :type => 'User',
+ :name => 'nova_migration',
+ :options => {
+ 'ForceCommand' => '/bin/nova-migration-wrapper',
+ 'PasswordAuthentication' => 'no',
+ 'AllowTcpForwarding' => 'no',
+ 'X11Forwarding' => 'no',
+ 'AuthorizedKeysFile' => '/etc/nova/migration/authorized_keys'
+ }
+ )
+ is_expected.to_not contain_ssh__server__match_block('nova_migration deny')
+ is_expected.to contain_file('/etc/nova/migration/authorized_keys').with(
+ :content => 'ssh-rsa bar\nssh-rsa baz',
+ :mode => '0640',
+ :owner => 'root',
+ :group => 'nova_migration',
+ )
+ is_expected.to contain_user('nova_migration').with(
+ :shell => '/bin/bash'
+ )
+ }
+ end
+
+ context 'with step 4 with ssh_localaddrs' do
+ let(:pre_condition) {
+ <<-eos
+ class { '::tripleo::profile::base::nova::migration':
+ step => #{params[:step]}
+ }
+ class { '::ssh::server':
+ storeconfigs_enabled => false,
+ options => {}
+ }
+eos
+ }
+ let(:params) { {
+ :step => 4,
+ :ssh_authorized_keys => ['ssh-rsa bar', 'ssh-rsa baz'],
+ :services_enabled => ['docker', 'nova_migration_target'],
+ :ssh_localaddrs => ['127.0.0.1', '127.0.0.2']
+ } }
+
+ it {
+ is_expected.to contain_class('tripleo::profile::base::nova::migration')
+ is_expected.to contain_ssh__server__match_block('nova_migration allow').with(
+ :type => 'LocalAddress 127.0.0.1,127.0.0.2 User',
+ :name => 'nova_migration',
+ :options => {
+ 'ForceCommand' => '/bin/nova-migration-wrapper',
+ 'PasswordAuthentication' => 'no',
+ 'AllowTcpForwarding' => 'no',
+ 'X11Forwarding' => 'no',
+ 'AuthorizedKeysFile' => '/etc/nova/migration/authorized_keys'
+ }
+ )
+ is_expected.to contain_ssh__server__match_block('nova_migration deny').with(
+ :type => 'LocalAddress',
+ :name => '!127.0.0.1,!127.0.0.2',
+ :options => {
+ 'DenyUsers' => 'nova_migration'
+ }
+ )
+ is_expected.to contain_file('/etc/nova/migration/authorized_keys').with(
+ :content => 'ssh-rsa bar\nssh-rsa baz',
+ :mode => '0640',
+ :owner => 'root',
+ :group => 'nova_migration',
+ )
+ is_expected.to contain_user('nova_migration').with(
+ :shell => '/bin/bash'
+ )
+ }
+ end
+
+ context 'with step 4 with duplicate ssh_localaddrs' do
+ let(:pre_condition) {
+ <<-eos
+ class { '::tripleo::profile::base::nova::migration':
+ step => #{params[:step]}
+ }
+ class { '::ssh::server':
+ storeconfigs_enabled => false,
+ options => {}
+ }
+eos
+ }
+ let(:params) { {
+ :step => 4,
+ :ssh_authorized_keys => ['ssh-rsa bar', 'ssh-rsa baz'],
+ :services_enabled => ['docker', 'nova_migration_target'],
+ :ssh_localaddrs => ['127.0.0.1', '127.0.0.1']
+ } }
+
+ it {
+ is_expected.to contain_class('tripleo::profile::base::nova::migration')
+ is_expected.to contain_ssh__server__match_block('nova_migration allow').with(
+ :type => 'LocalAddress 127.0.0.1 User',
+ :name => 'nova_migration',
+ :options => {
+ 'ForceCommand' => '/bin/nova-migration-wrapper',
+ 'PasswordAuthentication' => 'no',
+ 'AllowTcpForwarding' => 'no',
+ 'X11Forwarding' => 'no',
+ 'AuthorizedKeysFile' => '/etc/nova/migration/authorized_keys'
+ }
+ )
+ is_expected.to contain_ssh__server__match_block('nova_migration deny').with(
+ :type => 'LocalAddress',
+ :name => '!127.0.0.1',
+ :options => {
+ 'DenyUsers' => 'nova_migration'
+ }
+ )
+ is_expected.to contain_file('/etc/nova/migration/authorized_keys').with(
+ :content => 'ssh-rsa bar\nssh-rsa baz',
+ :mode => '0640',
+ :owner => 'root',
+ :group => 'nova_migration',
+ )
+ is_expected.to contain_user('nova_migration').with(
+ :shell => '/bin/bash'
+ )
+ }
+ end
+
+ context 'with step 4 with invalid ssh_localaddrs' do
+ let(:pre_condition) {
+ <<-eos
+ class { '::tripleo::profile::base::nova::migration':
+ step => #{params[:step]}
+ }
+ class { '::ssh::server':
+ storeconfigs_enabled => false,
+ options => {}
+ }
+eos
+ }
+ let(:params) { {
+ :step => 4,
+ :ssh_authorized_keys => ['ssh-rsa bar', 'ssh-rsa baz'],
+ :services_enabled => ['docker', 'nova_migration_target'],
+ :ssh_localaddrs => ['127.0.0.1', '']
+ } }
+
+ it { is_expected.to_not compile }
+ end
+
+ end
+
+
+ on_supported_os.each do |os, facts|
+ context "on #{os}" do
+ let(:facts) do
+ facts.merge({ :hostname => 'node.example.com' })
+ end
+ it_behaves_like 'tripleo::profile::base::nova::migration::target'
+ end
+ end
+end \ No newline at end of file
diff --git a/spec/classes/tripleo_profile_base_nova_spec.rb b/spec/classes/tripleo_profile_base_nova_spec.rb
index a7f1cce..c6878c6 100644
--- a/spec/classes/tripleo_profile_base_nova_spec.rb
+++ b/spec/classes/tripleo_profile_base_nova_spec.rb
@@ -100,429 +100,6 @@ describe 'tripleo::profile::base::nova' do
}
end
- context 'with step 4 with libvirt' do
- let(:pre_condition) {
- 'include ::nova::compute::libvirt::services'
- }
- let(:params) { {
- :step => 4,
- :libvirt_enabled => true,
- :manage_migration => true,
- :nova_compute_enabled => true,
- :bootstrap_node => 'node.example.com',
- :oslomsg_rpc_hosts => [ 'localhost' ],
- :oslomsg_rpc_password => 'foo',
- } }
-
- it {
- is_expected.to contain_class('tripleo::profile::base::nova')
- is_expected.to contain_class('nova').with(
- :default_transport_url => /.+/,
- :notification_transport_url => /.+/,
- :nova_public_key => nil,
- :nova_private_key => nil,
- )
- is_expected.to contain_class('nova::config')
- is_expected.to contain_class('nova::placement')
- is_expected.to contain_class('nova::cache')
- is_expected.to contain_class('nova::migration::libvirt').with(
- :transport => 'ssh',
- :configure_libvirt => params[:libvirt_enabled],
- :configure_nova => params[:nova_compute_enabled]
- )
- is_expected.to contain_package('openstack-nova-migration').with(
- :ensure => 'present'
- )
- is_expected.to contain_file('/etc/nova/migration/authorized_keys').with(
- :content => '# Migration over SSH disabled by TripleO',
- :mode => '0640',
- :owner => 'root',
- :group => 'nova_migration',
- )
- is_expected.to contain_file('/etc/nova/migration/identity').with(
- :content => '# Migration over SSH disabled by TripleO',
- :mode => '0600',
- :owner => 'nova',
- :group => 'nova',
- )
- is_expected.to contain_user('nova_migration').with(
- :shell => '/sbin/nologin'
- )
- }
- end
-
- context 'with step 4 with libvirt TLS' do
- let(:pre_condition) {
- 'include ::nova::compute::libvirt::services'
- }
- let(:params) { {
- :step => 4,
- :libvirt_enabled => true,
- :manage_migration => true,
- :nova_compute_enabled => true,
- :bootstrap_node => 'node.example.com',
- :oslomsg_rpc_hosts => [ 'localhost' ],
- :oslomsg_rpc_password => 'foo',
- :libvirt_tls => true,
- } }
-
- it {
- is_expected.to contain_class('tripleo::profile::base::nova')
- is_expected.to contain_class('nova').with(
- :default_transport_url => /.+/,
- :notification_transport_url => /.+/,
- :nova_public_key => nil,
- :nova_private_key => nil,
- )
- is_expected.to contain_class('nova::config')
- is_expected.to contain_class('nova::placement')
- is_expected.to contain_class('nova::cache')
- is_expected.to contain_class('nova::migration::libvirt').with(
- :transport => 'tls',
- :configure_libvirt => params[:libvirt_enabled],
- :configure_nova => params[:nova_compute_enabled],
- )
- is_expected.to contain_package('openstack-nova-migration').with(
- :ensure => 'present'
- )
- is_expected.to contain_file('/etc/nova/migration/authorized_keys').with(
- :content => '# Migration over SSH disabled by TripleO',
- :mode => '0640',
- :owner => 'root',
- :group => 'nova_migration',
- )
- is_expected.to contain_file('/etc/nova/migration/identity').with(
- :content => '# Migration over SSH disabled by TripleO',
- :mode => '0600',
- :owner => 'nova',
- :group => 'nova',
- )
- is_expected.to contain_user('nova_migration').with(
- :shell => '/sbin/nologin'
- )
- }
- end
-
- context 'with step 4 with libvirt and migration ssh key' do
- let(:pre_condition) do
- <<-eof
- include ::nova::compute::libvirt::services
- class { '::ssh::server':
- storeconfigs_enabled => false,
- options => {}
- }
- eof
- end
- let(:params) { {
- :step => 4,
- :libvirt_enabled => true,
- :manage_migration => true,
- :nova_compute_enabled => true,
- :bootstrap_node => 'node.example.com',
- :oslomsg_rpc_hosts => [ 'localhost' ],
- :oslomsg_rpc_password => 'foo',
- :migration_ssh_key => { 'private_key' => 'foo', 'public_key' => 'ssh-rsa bar'}
- } }
-
- it {
- is_expected.to contain_class('tripleo::profile::base::nova')
- is_expected.to contain_class('nova').with(
- :default_transport_url => /.+/,
- :notification_transport_url => /.+/,
- :nova_public_key => nil,
- :nova_private_key => nil,
- )
- is_expected.to contain_class('nova::config')
- is_expected.to contain_class('nova::placement')
- is_expected.to contain_class('nova::cache')
- is_expected.to contain_class('nova::migration::libvirt').with(
- :transport => 'ssh',
- :configure_libvirt => params[:libvirt_enabled],
- :configure_nova => params[:nova_compute_enabled]
- )
- is_expected.to contain_ssh__server__match_block('nova_migration allow').with(
- :type => 'User',
- :name => 'nova_migration',
- :options => {
- 'ForceCommand' => '/bin/nova-migration-wrapper',
- 'PasswordAuthentication' => 'no',
- 'AllowTcpForwarding' => 'no',
- 'X11Forwarding' => 'no',
- 'AuthorizedKeysFile' => '/etc/nova/migration/authorized_keys'
- }
- )
- is_expected.to_not contain_ssh__server__match_block('nova_migration deny')
- is_expected.to contain_package('openstack-nova-migration').with(
- :ensure => 'present'
- )
- is_expected.to contain_file('/etc/nova/migration/authorized_keys').with(
- :content => 'ssh-rsa bar',
- :mode => '0640',
- :owner => 'root',
- :group => 'nova_migration',
- )
- is_expected.to contain_file('/etc/nova/migration/identity').with(
- :content => 'foo',
- :mode => '0600',
- :owner => 'nova',
- :group => 'nova',
- )
- is_expected.to contain_user('nova_migration').with(
- :shell => '/bin/bash'
- )
- }
- end
-
- context 'with step 4 with libvirt and migration ssh key and migration_ssh_localaddrs' do
- let(:pre_condition) do
- <<-eof
- include ::nova::compute::libvirt::services
- class { '::ssh::server':
- storeconfigs_enabled => false,
- options => {}
- }
- eof
- end
- let(:params) { {
- :step => 4,
- :libvirt_enabled => true,
- :manage_migration => true,
- :nova_compute_enabled => true,
- :bootstrap_node => 'node.example.com',
- :oslomsg_rpc_hosts => [ 'localhost' ],
- :oslomsg_rpc_password => 'foo',
- :migration_ssh_key => { 'private_key' => 'foo', 'public_key' => 'ssh-rsa bar'},
- :migration_ssh_localaddrs => ['127.0.0.1', '127.0.0.2']
- } }
-
- it {
- is_expected.to contain_class('tripleo::profile::base::nova')
- is_expected.to contain_class('nova').with(
- :default_transport_url => /.+/,
- :notification_transport_url => /.+/,
- :nova_public_key => nil,
- :nova_private_key => nil,
- )
- is_expected.to contain_class('nova::config')
- is_expected.to contain_class('nova::placement')
- is_expected.to contain_class('nova::cache')
- is_expected.to contain_class('nova::migration::libvirt').with(
- :transport => 'ssh',
- :configure_libvirt => params[:libvirt_enabled],
- :configure_nova => params[:nova_compute_enabled]
- )
- is_expected.to contain_ssh__server__match_block('nova_migration allow').with(
- :type => 'LocalAddress 127.0.0.1,127.0.0.2 User',
- :name => 'nova_migration',
- :options => {
- 'ForceCommand' => '/bin/nova-migration-wrapper',
- 'PasswordAuthentication' => 'no',
- 'AllowTcpForwarding' => 'no',
- 'X11Forwarding' => 'no',
- 'AuthorizedKeysFile' => '/etc/nova/migration/authorized_keys'
- }
- )
- is_expected.to contain_ssh__server__match_block('nova_migration deny').with(
- :type => 'LocalAddress',
- :name => '!127.0.0.1,!127.0.0.2',
- :options => {
- 'DenyUsers' => 'nova_migration'
- }
- )
- is_expected.to contain_package('openstack-nova-migration').with(
- :ensure => 'present'
- )
- is_expected.to contain_file('/etc/nova/migration/authorized_keys').with(
- :content => 'ssh-rsa bar',
- :mode => '0640',
- :owner => 'root',
- :group => 'nova_migration',
- )
- is_expected.to contain_file('/etc/nova/migration/identity').with(
- :content => 'foo',
- :mode => '0600',
- :owner => 'nova',
- :group => 'nova',
- )
- is_expected.to contain_user('nova_migration').with(
- :shell => '/bin/bash'
- )
- }
- end
-
- context 'with step 4 with libvirt and migration ssh key and invalid migration_ssh_localaddrs' do
- let(:pre_condition) do
- <<-eof
- include ::nova::compute::libvirt::services
- class { '::ssh::server':
- storeconfigs_enabled => false,
- options => {}
- }
- eof
- end
- let(:params) { {
- :step => 4,
- :libvirt_enabled => true,
- :manage_migration => true,
- :nova_compute_enabled => true,
- :bootstrap_node => 'node.example.com',
- :oslomsg_rpc_hosts => [ 'localhost' ],
- :oslomsg_rpc_password => 'foo',
- :migration_ssh_key => { 'private_key' => 'foo', 'public_key' => 'ssh-rsa bar'},
- :migration_ssh_localaddrs => ['127.0.0.1', '']
- } }
-
- it { is_expected.to_not compile }
- end
-
- context 'with step 4 with libvirt and migration ssh key and duplicate migration_ssh_localaddrs' do
- let(:pre_condition) do
- <<-eof
- include ::nova::compute::libvirt::services
- class { '::ssh::server':
- storeconfigs_enabled => false,
- options => {}
- }
- eof
- end
- let(:params) { {
- :step => 4,
- :libvirt_enabled => true,
- :manage_migration => true,
- :nova_compute_enabled => true,
- :bootstrap_node => 'node.example.com',
- :oslomsg_rpc_hosts => [ 'localhost' ],
- :oslomsg_rpc_password => 'foo',
- :migration_ssh_key => { 'private_key' => 'foo', 'public_key' => 'ssh-rsa bar'},
- :migration_ssh_localaddrs => ['127.0.0.1', '127.0.0.1']
- } }
-
- it {
- is_expected.to contain_class('tripleo::profile::base::nova')
- is_expected.to contain_class('nova').with(
- :default_transport_url => /.+/,
- :notification_transport_url => /.+/,
- :nova_public_key => nil,
- :nova_private_key => nil,
- )
- is_expected.to contain_class('nova::config')
- is_expected.to contain_class('nova::placement')
- is_expected.to contain_class('nova::cache')
- is_expected.to contain_class('nova::migration::libvirt').with(
- :transport => 'ssh',
- :configure_libvirt => params[:libvirt_enabled],
- :configure_nova => params[:nova_compute_enabled]
- )
- is_expected.to contain_ssh__server__match_block('nova_migration allow').with(
- :type => 'LocalAddress 127.0.0.1 User',
- :name => 'nova_migration',
- :options => {
- 'ForceCommand' => '/bin/nova-migration-wrapper',
- 'PasswordAuthentication' => 'no',
- 'AllowTcpForwarding' => 'no',
- 'X11Forwarding' => 'no',
- 'AuthorizedKeysFile' => '/etc/nova/migration/authorized_keys'
- }
- )
- is_expected.to contain_ssh__server__match_block('nova_migration deny').with(
- :type => 'LocalAddress',
- :name => '!127.0.0.1',
- :options => {
- 'DenyUsers' => 'nova_migration'
- }
- )
- is_expected.to contain_package('openstack-nova-migration').with(
- :ensure => 'present'
- )
- is_expected.to contain_file('/etc/nova/migration/authorized_keys').with(
- :content => 'ssh-rsa bar',
- :mode => '0640',
- :owner => 'root',
- :group => 'nova_migration',
- )
- is_expected.to contain_file('/etc/nova/migration/identity').with(
- :content => 'foo',
- :mode => '0600',
- :owner => 'nova',
- :group => 'nova',
- )
- is_expected.to contain_user('nova_migration').with(
- :shell => '/bin/bash'
- )
- }
- end
-
- context 'with step 4 with libvirt TLS and migration ssh key' do
- let(:pre_condition) do
- <<-eof
- include ::nova::compute::libvirt::services
- class { '::ssh::server':
- storeconfigs_enabled => false,
- options => {}
- }
- eof
- end
- let(:params) { {
- :step => 4,
- :libvirt_enabled => true,
- :manage_migration => true,
- :nova_compute_enabled => true,
- :bootstrap_node => 'node.example.com',
- :oslomsg_rpc_hosts => [ 'localhost' ],
- :oslomsg_rpc_password => 'foo',
- :libvirt_tls => true,
- :migration_ssh_key => { 'private_key' => 'foo', 'public_key' => 'ssh-rsa bar'}
- } }
-
- it {
- is_expected.to contain_class('tripleo::profile::base::nova')
- is_expected.to contain_class('nova').with(
- :default_transport_url => /.+/,
- :notification_transport_url => /.+/,
- :nova_public_key => nil,
- :nova_private_key => nil,
- )
- is_expected.to contain_class('nova::config')
- is_expected.to contain_class('nova::placement')
- is_expected.to contain_class('nova::cache')
- is_expected.to contain_class('nova::migration::libvirt').with(
- :transport => 'tls',
- :configure_libvirt => params[:libvirt_enabled],
- :configure_nova => params[:nova_compute_enabled]
- )
- is_expected.to contain_ssh__server__match_block('nova_migration allow').with(
- :type => 'User',
- :name => 'nova_migration',
- :options => {
- 'ForceCommand' => '/bin/nova-migration-wrapper',
- 'PasswordAuthentication' => 'no',
- 'AllowTcpForwarding' => 'no',
- 'X11Forwarding' => 'no',
- 'AuthorizedKeysFile' => '/etc/nova/migration/authorized_keys'
- }
- )
- is_expected.to_not contain_ssh__server__match_block('nova_migration deny')
- is_expected.to contain_package('openstack-nova-migration').with(
- :ensure => 'present'
- )
- is_expected.to contain_file('/etc/nova/migration/authorized_keys').with(
- :content => 'ssh-rsa bar',
- :mode => '0640',
- :owner => 'root',
- :group => 'nova_migration',
- )
- is_expected.to contain_file('/etc/nova/migration/identity').with(
- :content => 'foo',
- :mode => '0600',
- :owner => 'nova',
- :group => 'nova',
- )
- is_expected.to contain_user('nova_migration').with(
- :shell => '/bin/bash'
- )
- }
- end
-
end
diff --git a/spec/fixtures/hieradata/default.yaml b/spec/fixtures/hieradata/default.yaml
index a0f4efc..1164448 100644
--- a/spec/fixtures/hieradata/default.yaml
+++ b/spec/fixtures/hieradata/default.yaml
@@ -48,6 +48,5 @@ memcached_node_ips:
# octavia related items
octavia::rabbit_password: 'password'
horizon::secret_key: 'secrete'
-service_names: ['sshd']
#Neutron related
neutron::rabbit_password: 'password'