diff options
| -rw-r--r-- | manifests/profile/base/cinder/volume.pp | 37 | ||||
| -rw-r--r-- | manifests/profile/base/cinder/volume/dellemc_unity.pp | 47 | ||||
| -rw-r--r-- | manifests/profile/base/docker.pp | 58 | ||||
| -rw-r--r-- | manifests/profile/base/nova/libvirt.pp | 17 | ||||
| -rw-r--r-- | spec/classes/tripleo_profile_base_cinder_unity_spec.rb | 57 | ||||
| -rw-r--r-- | spec/classes/tripleo_profile_base_docker_spec.rb | 79 | ||||
| -rw-r--r-- | spec/classes/tripleo_profile_base_nova_libvirt_spec.rb | 45 |
7 files changed, 191 insertions, 149 deletions
diff --git a/manifests/profile/base/cinder/volume.pp b/manifests/profile/base/cinder/volume.pp index bdfdd17..252bae1 100644 --- a/manifests/profile/base/cinder/volume.pp +++ b/manifests/profile/base/cinder/volume.pp @@ -26,6 +26,10 @@ # (Optional) Whether to enable the delsc backend # Defaults to false # +# [*cinder_enable_dellemc_unity_backend*] +# (Optional) Whether to enable the unity backend +# Defaults to false +# # [*cinder_enable_hpelefthand_backend*] # (Optional) Whether to enable the hpelefthand backend # Defaults to false @@ -68,18 +72,19 @@ # Defaults to hiera('step') # class tripleo::profile::base::cinder::volume ( - $cinder_enable_pure_backend = false, - $cinder_enable_dellsc_backend = false, - $cinder_enable_hpelefthand_backend = false, - $cinder_enable_dellps_backend = false, - $cinder_enable_iscsi_backend = true, - $cinder_enable_netapp_backend = false, - $cinder_enable_nfs_backend = false, - $cinder_enable_rbd_backend = false, - $cinder_enable_scaleio_backend = false, - $cinder_enable_vrts_hs_backend = false, - $cinder_user_enabled_backends = hiera('cinder_user_enabled_backends', undef), - $step = Integer(hiera('step')), + $cinder_enable_pure_backend = false, + $cinder_enable_dellsc_backend = false, + $cinder_enable_dellemc_unity_backend = false, + $cinder_enable_hpelefthand_backend = false, + $cinder_enable_dellps_backend = false, + $cinder_enable_iscsi_backend = true, + $cinder_enable_netapp_backend = false, + $cinder_enable_nfs_backend = false, + $cinder_enable_rbd_backend = false, + $cinder_enable_scaleio_backend = false, + $cinder_enable_vrts_hs_backend = false, + $cinder_user_enabled_backends = hiera('cinder_user_enabled_backends', undef), + $step = Integer(hiera('step')), ) { include ::tripleo::profile::base::cinder @@ -100,6 +105,13 @@ class tripleo::profile::base::cinder::volume ( $cinder_dellsc_backend_name = undef } + if $cinder_enable_dellemc_unity_backend { + include ::tripleo::profile::base::cinder::volume::dellemc_unity + $cinder_dellemc_unity_backend_name = hiera('cinder::backend::dellemc_unity::volume_backend_name', 'tripleo_dellemc_unity') + } else { + $cinder_dellemc_unity_backend_name = undef + } + if $cinder_enable_hpelefthand_backend { include ::tripleo::profile::base::cinder::volume::hpelefthand $cinder_hpelefthand_backend_name = hiera('cinder::backend::hpelefthand_iscsi::volume_backend_name', 'tripleo_hpelefthand') @@ -161,6 +173,7 @@ class tripleo::profile::base::cinder::volume ( $cinder_pure_backend_name, $cinder_dellps_backend_name, $cinder_dellsc_backend_name, + $cinder_dellemc_unity_backend_name, $cinder_hpelefthand_backend_name, $cinder_netapp_backend_name, $cinder_nfs_backend_name, diff --git a/manifests/profile/base/cinder/volume/dellemc_unity.pp b/manifests/profile/base/cinder/volume/dellemc_unity.pp new file mode 100644 index 0000000..fb9c36f --- /dev/null +++ b/manifests/profile/base/cinder/volume/dellemc_unity.pp @@ -0,0 +1,47 @@ +# Copyright (c) 2016-2017 Dell Inc, or its subsidiaries. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::base::cinder::volume::dellemc_unity +# +# Cinder Volume dellemc_unity profile for tripleo +# +# === Parameters +# +# [*backend_name*] +# (Optional) Name given to the Cinder backend stanza +# Defaults to 'tripleo_dellemc_unity' +# +# [*step*] +# (Optional) The current step in deployment. See tripleo-heat-templates +# for more details. +# Defaults to hiera('step') +# +class tripleo::profile::base::cinder::volume::dellemc_unity ( + $backend_name = hiera('cinder::backend::dellemc_unity::volume_backend_name', 'tripleo_dellemc_unity'), + $step = Integer(hiera('step')), +) { + include ::tripleo::profile::base::cinder::volume + + if $step >= 4 { + cinder::backend::dellemc_unity { $backend_name : + san_ip => hiera('cinder::backend::dellemc_unity::san_ip', undef), + san_login => hiera('cinder::backend::dellemc_unity::san_login', undef), + san_password => hiera('cinder::backend::dellemc_unity::san_password', undef), + storage_protocol => hiera('cinder::backend::dellemc_unity::storage_protocol', undef), + unity_io_ports => hiera('cinder::backend::dellemc_unity::unity_io_ports', undef), + unity_storage_pool_names => hiera('cinder::backend::dellemc_unity::unity_storage_pool_names', undef), + } + } + +} diff --git a/manifests/profile/base/docker.pp b/manifests/profile/base/docker.pp index e042947..5f6d97c 100644 --- a/manifests/profile/base/docker.pp +++ b/manifests/profile/base/docker.pp @@ -43,18 +43,6 @@ # [*step*] # step defaults to hiera('step') # -# [*configure_libvirt_polkit*] -# Configures libvirt polkit to grant the kolla nova user access to the libvirtd unix domain socket on the host. -# Defaults to true when nova_compute service is enabled, false when nova_compute is disabled -# -# [*docker_nova_uid*] -# When configure_libvirt_polkit = true, the uid/gid of the nova user within the docker container. -# Defaults to 42436 -# -# [*services_enabled*] -# List of TripleO services enabled on the role. -# Defaults to hiera('services_names') -# # DEPRECATED PARAMETERS # # [*docker_namespace*] @@ -73,20 +61,11 @@ class tripleo::profile::base::docker ( $configure_storage = true, $storage_options = '-s overlay2', $step = Integer(hiera('step')), - $configure_libvirt_polkit = undef, - $docker_nova_uid = 42436, - $services_enabled = hiera('service_names', []), # DEPRECATED PARAMETERS $docker_namespace = undef, $insecure_registry = false, ) { - if $configure_libvirt_polkit == undef { - $configure_libvirt_polkit_real = 'nova_compute' in $services_enabled - } else { - $configure_libvirt_polkit_real = $configure_libvirt_polkit - } - if $step >= 1 { package {'docker': ensure => installed, @@ -176,41 +155,4 @@ class tripleo::profile::base::docker ( } } - if ($step >= 4 and $configure_libvirt_polkit_real) { - # Workaround for polkit authorization for libvirtd socket on host - # - # This creates a local user with the kolla nova uid, and sets the polkit rule to - # allow both it and the nova user from the nova rpms, should it exist (uid 162). - - group { 'docker_nova_group': - name => 'docker_nova', - gid => $docker_nova_uid - } - -> user { 'docker_nova_user': - name => 'docker_nova', - uid => $docker_nova_uid, - gid => $docker_nova_uid, - shell => '/sbin/nologin', - comment => 'OpenStack Nova Daemons', - groups => ['nobody'] - } - - # Similar to the polkit rule in the openstack-nova rpm spec - # but allow both the 'docker_nova' and 'nova' user - $docker_nova_polkit_rule = '// openstack-nova libvirt management permissions -polkit.addRule(function(action, subject) { - if (action.id == "org.libvirt.unix.manage" && - /^(docker_)?nova$/.test(subject.user)) { - return polkit.Result.YES; - } -}); -' - package {'polkit': - ensure => installed, - } - -> file {'/etc/polkit-1/rules.d/50-nova.rules': - content => $docker_nova_polkit_rule, - mode => '0644' - } - } } diff --git a/manifests/profile/base/nova/libvirt.pp b/manifests/profile/base/nova/libvirt.pp index 83f0c38..6c865dc 100644 --- a/manifests/profile/base/nova/libvirt.pp +++ b/manifests/profile/base/nova/libvirt.pp @@ -23,8 +23,13 @@ # for more details. # Defaults to hiera('step') # +# [*libvirtd_config*] +# (Optional) Overrides for libvirtd config options +# Default to {} +# class tripleo::profile::base::nova::libvirt ( $step = Integer(hiera('step')), + $libvirtd_config = {}, ) { include ::tripleo::profile::base::nova::compute_libvirt_shared @@ -33,6 +38,18 @@ class tripleo::profile::base::nova::libvirt ( include ::tripleo::profile::base::nova::migration::client include ::nova::compute::libvirt::services + $libvirtd_config_default = { + unix_sock_group => {value => '"libvirt"'}, + auth_unix_ro => {value => '"none"'}, + auth_unix_rw => {value => '"none"'}, + unix_sock_ro_perms => {value => '"0777"'}, + unix_sock_rw_perms => {value => '"0770"'} + } + + class { '::nova::compute::libvirt::config': + libvirtd_config => merge($libvirtd_config_default, $libvirtd_config) + } + file { ['/etc/libvirt/qemu/networks/autostart/default.xml', '/etc/libvirt/qemu/networks/default.xml']: ensure => absent, diff --git a/spec/classes/tripleo_profile_base_cinder_unity_spec.rb b/spec/classes/tripleo_profile_base_cinder_unity_spec.rb new file mode 100644 index 0000000..38f362b --- /dev/null +++ b/spec/classes/tripleo_profile_base_cinder_unity_spec.rb @@ -0,0 +1,57 @@ +# Copyright (c) 2016-2017 Dell Inc, or its subsidiaries +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# + +require 'spec_helper' + +describe 'tripleo::profile::base::cinder::volume::dellemc_unity' do + shared_examples_for 'tripleo::profile::base::cinder::volume::dellemc_unity' do + before :each do + facts.merge!({ :step => params[:step] }) + end + + context 'with step less than 4' do + let(:params) { { :step => 3 } } + + it 'should do nothing' do + is_expected.to contain_class('tripleo::profile::base::cinder::volume::dellemc_unity') + is_expected.to contain_class('tripleo::profile::base::cinder::volume') + is_expected.to contain_class('tripleo::profile::base::cinder') + is_expected.to_not contain_cinder__backend__dellemc_unity('tripleo_dellemc_unity') + end + end + + context 'with step 4' do + let(:params) { { + :step => 4, + } } + + it 'should trigger complete configuration' do + # TODO(aschultz): check hiera parameters + is_expected.to contain_cinder__backend__dellemc_unity('tripleo_dellemc_unity') + end + end + end + + + on_supported_os.each do |os, facts| + context "on #{os}" do + let(:facts) do + facts.merge({ :hostname => 'node.example.com' }) + end + + it_behaves_like 'tripleo::profile::base::cinder::volume::dellemc_unity' + end + end +end diff --git a/spec/classes/tripleo_profile_base_docker_spec.rb b/spec/classes/tripleo_profile_base_docker_spec.rb index dc5efa7..e0947dc 100644 --- a/spec/classes/tripleo_profile_base_docker_spec.rb +++ b/spec/classes/tripleo_profile_base_docker_spec.rb @@ -121,85 +121,6 @@ describe 'tripleo::profile::base::docker' do } end - context 'with step 4 and configure_libvirt_polkit disabled' do - let(:params) { { - :step => 4, - :configure_libvirt_polkit => false - } } - it { - is_expected.to_not contain_group('docker_nova_group') - is_expected.to_not contain_user('docker_nova_user') - is_expected.to_not contain_package('polkit') - is_expected.to_not contain_file('/etc/polkit-1/rules.d/50-nova.rules') - } - end - - context 'with step 4 and configure_libvirt_polkit enabled' do - let(:params) { { - :step => 4, - :configure_libvirt_polkit => true - } } - it { - is_expected.to contain_group('docker_nova_group').with( - :name => 'docker_nova', - :gid => 42436 - ) - is_expected.to contain_user('docker_nova_user').with( - :name => 'docker_nova', - :uid => 42436, - :gid => 42436, - :shell => '/sbin/nologin', - :groups => ['nobody'] - ) - is_expected.to contain_package('polkit') - is_expected.to contain_file('/etc/polkit-1/rules.d/50-nova.rules') - } - end - - context 'with step 4 and nova_compute service installed' do - let(:params) { { - :step => 4, - :services_enabled => ['docker', 'nova_compute'] - } } - it { - is_expected.to contain_group('docker_nova_group').with( - :name => 'docker_nova', - :gid => 42436 - ) - is_expected.to contain_user('docker_nova_user').with( - :name => 'docker_nova', - :uid => 42436, - :gid => 42436, - :shell => '/sbin/nologin', - :groups => ['nobody'] - ) - is_expected.to contain_package('polkit') - is_expected.to contain_file('/etc/polkit-1/rules.d/50-nova.rules') - } - end - - context 'with step 4 and configure_libvirt_polkit enabled and docker_nova uid' do - let(:params) { { - :step => 4, - :configure_libvirt_polkit => true, - :docker_nova_uid => 12345 - } } - it { - is_expected.to contain_group('docker_nova_group').with( - :name => 'docker_nova', - :gid => 12345 - ) - is_expected.to contain_user('docker_nova_user').with( - :name => 'docker_nova', - :uid => 12345, - :gid => 12345, - :shell => '/sbin/nologin', - :groups => ['nobody'] - ) - is_expected.to contain_package('polkit') - is_expected.to contain_file('/etc/polkit-1/rules.d/50-nova.rules') - } - end end on_supported_os.each do |os, facts| diff --git a/spec/classes/tripleo_profile_base_nova_libvirt_spec.rb b/spec/classes/tripleo_profile_base_nova_libvirt_spec.rb index 0734a0f..65aa8c1 100644 --- a/spec/classes/tripleo_profile_base_nova_libvirt_spec.rb +++ b/spec/classes/tripleo_profile_base_nova_libvirt_spec.rb @@ -69,6 +69,51 @@ eos is_expected.to contain_file('/etc/libvirt/qemu/networks/autostart/default.xml').with_ensure('absent') is_expected.to contain_file('/etc/libvirt/qemu/networks/default.xml').with_ensure('absent') is_expected.to contain_exec('libvirt-default-net-destroy') + is_expected.to contain_class('nova::compute::libvirt::config').with_libvirtd_config({ + "unix_sock_group" => {"value" => '"libvirt"'}, + "auth_unix_ro" => {"value" => '"none"'}, + "auth_unix_rw" => {"value" => '"none"'}, + "unix_sock_ro_perms" => {"value" => '"0777"'}, + "unix_sock_rw_perms" => {"value" => '"0770"'} + }) + } + end + + context 'with step 4 and libvirtd_config' do + let(:pre_condition) do + <<-eos + class { '::tripleo::profile::base::nova': + step => #{params[:step]}, + oslomsg_rpc_hosts => [ '127.0.0.1' ], + } + class { '::tripleo::profile::base::nova::migration': + step => #{params[:step]} + } + class { '::tripleo::profile::base::nova::migration::client': + step => #{params[:step]} + } + class { '::tripleo::profile::base::nova::compute_libvirt_shared': + step => #{params[:step]} + } +eos + end + + let(:params) { { :step => 4, :libvirtd_config => { "unix_sock_group" => {"value" => '"foobar"'}} } } + + it { + is_expected.to contain_class('tripleo::profile::base::nova::libvirt') + is_expected.to contain_class('tripleo::profile::base::nova') + is_expected.to contain_class('nova::compute::libvirt::services') + is_expected.to contain_file('/etc/libvirt/qemu/networks/autostart/default.xml').with_ensure('absent') + is_expected.to contain_file('/etc/libvirt/qemu/networks/default.xml').with_ensure('absent') + is_expected.to contain_exec('libvirt-default-net-destroy') + is_expected.to contain_class('nova::compute::libvirt::config').with_libvirtd_config({ + "unix_sock_group" => {"value" => '"foobar"'}, + "auth_unix_ro" => {"value" => '"none"'}, + "auth_unix_rw" => {"value" => '"none"'}, + "unix_sock_ro_perms" => {"value" => '"0777"'}, + "unix_sock_rw_perms" => {"value" => '"0770"'} + }) } end end |