diff options
Diffstat (limited to 'spec/classes')
| -rw-r--r-- | spec/classes/tripleo_certmonger_etcd.rb | 60 | ||||
| -rw-r--r-- | spec/classes/tripleo_profile_base_ceilometer_collector_spec.rb | 26 | ||||
| -rw-r--r-- | spec/classes/tripleo_profile_base_ceilometer_spec.rb | 25 | ||||
| -rw-r--r-- | spec/classes/tripleo_profile_base_docker_spec.rb | 59 | ||||
| -rw-r--r-- | spec/classes/tripleo_profile_base_gnocchi_api_spec.rb | 109 | ||||
| -rw-r--r-- | spec/classes/tripleo_profile_base_neutron_agents_bigswitch_spec.rb | 48 | ||||
| -rw-r--r-- | spec/classes/tripleo_profile_base_neutron_ovs_spec.rb | 73 | ||||
| -rw-r--r-- | spec/classes/tripleo_profile_base_nova_spec.rb | 309 | ||||
| -rw-r--r-- | spec/classes/tripleo_profile_base_sshd_spec.rb | 118 |
9 files changed, 758 insertions, 69 deletions
diff --git a/spec/classes/tripleo_certmonger_etcd.rb b/spec/classes/tripleo_certmonger_etcd.rb new file mode 100644 index 0000000..fc0aad3 --- /dev/null +++ b/spec/classes/tripleo_certmonger_etcd.rb @@ -0,0 +1,60 @@ +# +# Copyright (C) 2017 Red Hat Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# Unit tests for tripleo +# + +require 'spec_helper' + +describe 'tripleo::certmonger::etcd' do + + shared_examples_for 'tripleo::certmonger::etcd' do + let :params do + { + :hostname => 'localhost', + :service_certificate => '/etc/pki/cert.crt', + :service_key => '/etc/pki/key.pem', + } + end + + it 'should include the base for using certmonger' do + is_expected.to contain_class('certmonger') + end + + it 'should request a certificate' do + is_expected.to contain_certmonger_certificate('etcd').with( + :ensure => 'present', + :certfile => '/etc/pki/cert.crt', + :keyfile => '/etc/pki/key.pem', + :hostname => 'localhost', + :dnsname => 'localhost', + :ca => 'local', + :wait => true, + ) + is_expected.to contain_file('/etc/pki/cert.crt') + is_expected.to contain_file('/etc/pki/key.pem') + end + end + + on_supported_os.each do |os, facts| + context "on #{os}" do + let(:facts) do + facts.merge({}) + end + + it_behaves_like 'tripleo::certmonger::etcd' + end + end +end diff --git a/spec/classes/tripleo_profile_base_ceilometer_collector_spec.rb b/spec/classes/tripleo_profile_base_ceilometer_collector_spec.rb index 0f9aad7..23b198a 100644 --- a/spec/classes/tripleo_profile_base_ceilometer_collector_spec.rb +++ b/spec/classes/tripleo_profile_base_ceilometer_collector_spec.rb @@ -128,32 +128,6 @@ describe 'tripleo::profile::base::ceilometer::collector' do is_expected.to contain_class('ceilometer::dispatcher::gnocchi') end end - - context 'with step 5 on bootstrap node' do - let(:params) { { - :step => 5, - :bootstrap_node => 'node.example.com', - :mongodb_node_ips => ['127.0.0.1',], - :mongodb_replset => 'replicaset' - } } - - it 'should trigger complete configuration' do - is_expected.to contain_exec('ceilometer-db-upgrade') - end - end - - context 'with step 5 not on bootstrap node' do - let(:params) { { - :step => 5, - :bootstrap_node => 'somethingelse.example.com', - :mongodb_node_ips => ['127.0.0.1',], - :mongodb_replset => 'replicaset' - } } - - it 'should trigger complete configuration' do - is_expected.to_not contain_exec('ceilometer-db-upgrade') - end - end end diff --git a/spec/classes/tripleo_profile_base_ceilometer_spec.rb b/spec/classes/tripleo_profile_base_ceilometer_spec.rb index 9173203..8c1d507 100644 --- a/spec/classes/tripleo_profile_base_ceilometer_spec.rb +++ b/spec/classes/tripleo_profile_base_ceilometer_spec.rb @@ -42,6 +42,31 @@ describe 'tripleo::profile::base::ceilometer' do is_expected.to contain_class('ceilometer::config') end end + + context 'with step 5 with bootstrap node' do + let(:params) { { + :bootstrap_node => 'node.example.com', + :step => 5, + :oslomsg_rpc_hosts => [ '127.0.0.1' ], + :oslomsg_rpc_username => 'ceilometer', + :oslomsg_rpc_password => 'foo', + } } + + it 'should trigger complete configuration' do + is_expected.to contain_exec('ceilometer-db-upgrade') + end + end + + context 'with step 5 without bootstrap node' do + let(:params) { { + :bootstrap_node => 'somethingelse.example.com', + :step => 5, + } } + + it 'should trigger complete configuration' do + is_expected.to_not contain_exec('ceilometer-db-upgrade') + end + end end diff --git a/spec/classes/tripleo_profile_base_docker_spec.rb b/spec/classes/tripleo_profile_base_docker_spec.rb index b52fe24..0b988f6 100644 --- a/spec/classes/tripleo_profile_base_docker_spec.rb +++ b/spec/classes/tripleo_profile_base_docker_spec.rb @@ -27,7 +27,10 @@ describe 'tripleo::profile::base::docker' do it { is_expected.to contain_package('docker') } it { is_expected.to contain_service('docker') } it { - is_expected.to contain_augeas('docker-sysconfig').with_changes(['rm INSECURE_REGISTRY']) + is_expected.to contain_augeas('docker-sysconfig').with_changes([ + 'rm INSECURE_REGISTRY', + "set OPTIONS '\"--log-driver=journald --signature-verification=false\"'", + ]) } end @@ -42,7 +45,10 @@ describe 'tripleo::profile::base::docker' do it { is_expected.to contain_package('docker') } it { is_expected.to contain_service('docker') } it { - is_expected.to contain_augeas('docker-sysconfig').with_changes(["set INSECURE_REGISTRY '\"--insecure-registry foo:8787\"'"]) + is_expected.to contain_augeas('docker-sysconfig').with_changes([ + "set INSECURE_REGISTRY '\"--insecure-registry foo:8787\"'", + "set OPTIONS '\"--log-driver=journald --signature-verification=false\"'", + ]) } end @@ -69,6 +75,55 @@ describe 'tripleo::profile::base::docker' do } end + context 'with step 1 and docker_options configured' do + let(:params) { { + :docker_options => '--log-driver=syslog', + :step => 1, + } } + + it { is_expected.to contain_class('tripleo::profile::base::docker') } + it { is_expected.to contain_package('docker') } + it { is_expected.to contain_service('docker') } + it { + is_expected.to contain_augeas('docker-sysconfig').with_changes([ + "rm INSECURE_REGISTRY", + "set OPTIONS '\"--log-driver=syslog\"'", + ]) + } + end + + context 'with step 1 and storage_options configured' do + let(:params) { { + :step => 1, + :storage_options => '-s devicemapper', + } } + + it { is_expected.to contain_class('tripleo::profile::base::docker') } + it { is_expected.to contain_package('docker') } + it { is_expected.to contain_service('docker') } + it { + is_expected.to contain_augeas('docker-sysconfig-storage').with_changes([ + "set DOCKER_STORAGE_OPTIONS '\" #{params[:storage_options]}\"'", + ]) + } + end + + context 'with step 1 and configure_storage disabled' do + let(:params) { { + :step => 1, + :configure_storage => false, + } } + + it { is_expected.to contain_class('tripleo::profile::base::docker') } + it { is_expected.to contain_package('docker') } + it { is_expected.to contain_service('docker') } + it { + is_expected.to contain_augeas('docker-sysconfig-storage').with_changes([ + "rm DOCKER_STORAGE_OPTIONS", + ]) + } + end + end on_supported_os.each do |os, facts| diff --git a/spec/classes/tripleo_profile_base_gnocchi_api_spec.rb b/spec/classes/tripleo_profile_base_gnocchi_api_spec.rb index 805a28e..6c04e9d 100644 --- a/spec/classes/tripleo_profile_base_gnocchi_api_spec.rb +++ b/spec/classes/tripleo_profile_base_gnocchi_api_spec.rb @@ -23,7 +23,11 @@ describe 'tripleo::profile::base::gnocchi::api' do end context 'with step less than 3' do - let(:params) { { :step => 2 } } + let(:params) { { + :step => 2, + :gnocchi_redis_password => 'gnocchi', + :redis_vip => '127.0.0.1' + } } it { is_expected.to contain_class('tripleo::profile::base::gnocchi::api') @@ -36,6 +40,8 @@ describe 'tripleo::profile::base::gnocchi::api' do let(:params) { { :step => 3, :bootstrap_node => 'node.example.com', + :gnocchi_redis_password => 'gnocchi', + :redis_vip => '127.0.0.1' } } it { @@ -48,6 +54,8 @@ describe 'tripleo::profile::base::gnocchi::api' do context 'with step 3' do let(:params) { { :step => 3, + :gnocchi_redis_password => 'gnocchi', + :redis_vip => '127.0.0.1' } } it { @@ -57,35 +65,76 @@ describe 'tripleo::profile::base::gnocchi::api' do } end - # TODO(aschultz): fix profile class to not include hiera look ups in the - # step 4 so we can properly test it - #context 'with step 4' do - # let(:params) { { - # :step => 4, - # } } - # - # it { - # is_expected.to contain_class('gnocchi::api') - # is_expected.to contain_class('gnocchi::wsgi::apache') - # is_expected.to contain_class('gnocchi::storage') - # } - #end - # - #context 'with step 5 on bootstrap' do - # let(:params) { { - # :step => 5, - # :bootstrap_node => 'node.example.com' - # } } - # - # it { - # is_expected.to contain_class('gnocchi::api') - # is_expected.to contain_class('gnocchi::wsgi::apache') - # is_expected.to contain_exec('run gnocchi upgrade with storage').with( - # :command => 'gnocchi-upgrade --config-file=/etc/gnocchi/gnocchi.conf', - # :path => ['/usr/bin', '/usr/sbin'] - # ) - # } - #end + context 'with step 4' do + let(:params) { { + :step => 4, + :gnocchi_redis_password => 'gnocchi', + :redis_vip => '127.0.0.1' + } } + + it { + is_expected.to contain_class('gnocchi::api') + is_expected.to contain_class('gnocchi::wsgi::apache') + is_expected.to contain_class('gnocchi::storage').with( + :coordination_url => 'redis://:gnocchi@127.0.0.1:6379/' + ) + is_expected.to contain_class('gnocchi::storage::swift') + } + end + + context 'with step 4 with file backend' do + let(:params) { { + :step => 4, + :gnocchi_backend => 'file', + :gnocchi_redis_password => 'gnocchi', + :redis_vip => '127.0.0.1' + } } + + it { + is_expected.to contain_class('gnocchi::api') + is_expected.to contain_class('gnocchi::wsgi::apache') + is_expected.to contain_class('gnocchi::storage').with( + :coordination_url => 'redis://:gnocchi@127.0.0.1:6379/' + ) + is_expected.to contain_class('gnocchi::storage::file') + } + end + + context 'with step 4 with ceph backend' do + let(:params) { { + :step => 4, + :gnocchi_backend => 'rbd', + :gnocchi_redis_password => 'gnocchi', + :redis_vip => '127.0.0.1' + } } + + it { + is_expected.to contain_class('gnocchi::api') + is_expected.to contain_class('gnocchi::wsgi::apache') + is_expected.to contain_class('gnocchi::storage').with( + :coordination_url => 'redis://:gnocchi@127.0.0.1:6379/' + ) + is_expected.to contain_class('gnocchi::storage::ceph') + } + end + + context 'with step 5 on bootstrap' do + let(:params) { { + :step => 5, + :bootstrap_node => 'node.example.com', + :gnocchi_redis_password => 'gnocchi', + :redis_vip => '127.0.0.1' + } } + + it { + is_expected.to contain_class('gnocchi::api') + is_expected.to contain_class('gnocchi::wsgi::apache') + is_expected.to contain_exec('run gnocchi upgrade with storage').with( + :command => 'gnocchi-upgrade --config-file=/etc/gnocchi/gnocchi.conf', + :path => ['/usr/bin', '/usr/sbin'] + ) + } + end end diff --git a/spec/classes/tripleo_profile_base_neutron_agents_bigswitch_spec.rb b/spec/classes/tripleo_profile_base_neutron_agents_bigswitch_spec.rb new file mode 100644 index 0000000..228b2f8 --- /dev/null +++ b/spec/classes/tripleo_profile_base_neutron_agents_bigswitch_spec.rb @@ -0,0 +1,48 @@ +# +# Copyright (C) 2017 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# + +require 'spec_helper' + +describe 'tripleo::profile::base::neutron::agents::bigswitch' do + + shared_examples_for 'tripleo::profile::base::neutron::agents::bigswitch' do + + context 'when step less than 4' do + let(:params) { { :step => 3 } } + it { + is_expected.to_not contain_class('neutron::agents::bigswitch') + } + end + + context 'when step 4' do + let(:params) { { :step => 4 } } + it { + is_expected.to contain_class('neutron::agents::bigswitch') + } + end + + end + + on_supported_os.each do |os, facts| + context "on #{os}" do + let(:facts) do + facts.merge({ :hostname => 'node.example.com' }) + end + + it_behaves_like 'tripleo::profile::base::neutron::agents::bigswitch' + end + end +end diff --git a/spec/classes/tripleo_profile_base_neutron_ovs_spec.rb b/spec/classes/tripleo_profile_base_neutron_ovs_spec.rb new file mode 100644 index 0000000..14de7e1 --- /dev/null +++ b/spec/classes/tripleo_profile_base_neutron_ovs_spec.rb @@ -0,0 +1,73 @@ +# +# Copyright (C) 2017 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# + +require 'spec_helper' + +describe 'tripleo::profile::base::neutron::ovs' do + + shared_examples_for 'tripleo::profile::base::neutron::ovs with default params' do + + before :each do + facts.merge!({ :step => params[:step] }) + end + + context 'with defaults for all parameters' do + let(:params) { { :step => 5 } } + + it 'should do nothing' do + is_expected.to contain_class('tripleo::profile::base::neutron') + is_expected.to contain_class('neutron::agents::ml2::ovs') + is_expected.not_to contain_file('/var/lib/vhostuser_sockets') + end + end + end + + shared_examples_for 'tripleo::profile::base::neutron::ovs with vhostuser_socketdir' do + + before :each do + facts.merge!({ :step => params[:step], :vhostuser_socket_dir => params[:vhostuser_socket_dir] }) + end + + context 'with vhostuser_socketdir configured' do + let :params do + { + :step => 5, + :vhostuser_socket_dir => '/var/lib/vhostuser_sockets' + } + end + + it { is_expected.to contain_class('tripleo::profile::base::neutron') } + it { is_expected.to contain_class('neutron::agents::ml2::ovs') } + it { is_expected.to contain_file('/var/lib/vhostuser_sockets').with( + :ensure => 'directory', + :owner => 'qemu', + :group => 'qemu', + :mode => '0775', + ) } + end + end + + on_supported_os.each do |os, facts| + context "on #{os}" do + let(:facts) do + facts.merge({ :hostname => 'node.example.com' }) + end + + it_behaves_like 'tripleo::profile::base::neutron::ovs with default params' + it_behaves_like 'tripleo::profile::base::neutron::ovs with vhostuser_socketdir' + end + end +end diff --git a/spec/classes/tripleo_profile_base_nova_spec.rb b/spec/classes/tripleo_profile_base_nova_spec.rb index 8f7bfdc..a7f1cce 100644 --- a/spec/classes/tripleo_profile_base_nova_spec.rb +++ b/spec/classes/tripleo_profile_base_nova_spec.rb @@ -95,6 +95,8 @@ describe 'tripleo::profile::base::nova' do is_expected.to contain_class('nova::cache') is_expected.to contain_class('nova::placement') is_expected.to_not contain_class('nova::migration::libvirt') + is_expected.to_not contain_file('/etc/nova/migration/authorized_keys') + is_expected.to_not contain_file('/etc/nova/migration/identity') } end @@ -128,6 +130,24 @@ describe 'tripleo::profile::base::nova' do :configure_libvirt => params[:libvirt_enabled], :configure_nova => params[:nova_compute_enabled] ) + is_expected.to contain_package('openstack-nova-migration').with( + :ensure => 'present' + ) + is_expected.to contain_file('/etc/nova/migration/authorized_keys').with( + :content => '# Migration over SSH disabled by TripleO', + :mode => '0640', + :owner => 'root', + :group => 'nova_migration', + ) + is_expected.to contain_file('/etc/nova/migration/identity').with( + :content => '# Migration over SSH disabled by TripleO', + :mode => '0600', + :owner => 'nova', + :group => 'nova', + ) + is_expected.to contain_user('nova_migration').with( + :shell => '/sbin/nologin' + ) } end @@ -162,13 +182,37 @@ describe 'tripleo::profile::base::nova' do :configure_libvirt => params[:libvirt_enabled], :configure_nova => params[:nova_compute_enabled], ) + is_expected.to contain_package('openstack-nova-migration').with( + :ensure => 'present' + ) + is_expected.to contain_file('/etc/nova/migration/authorized_keys').with( + :content => '# Migration over SSH disabled by TripleO', + :mode => '0640', + :owner => 'root', + :group => 'nova_migration', + ) + is_expected.to contain_file('/etc/nova/migration/identity').with( + :content => '# Migration over SSH disabled by TripleO', + :mode => '0600', + :owner => 'nova', + :group => 'nova', + ) + is_expected.to contain_user('nova_migration').with( + :shell => '/sbin/nologin' + ) } end context 'with step 4 with libvirt and migration ssh key' do - let(:pre_condition) { - 'include ::nova::compute::libvirt::services' - } + let(:pre_condition) do + <<-eof + include ::nova::compute::libvirt::services + class { '::ssh::server': + storeconfigs_enabled => false, + options => {} + } + eof + end let(:params) { { :step => 4, :libvirt_enabled => true, @@ -185,8 +229,8 @@ describe 'tripleo::profile::base::nova' do is_expected.to contain_class('nova').with( :default_transport_url => /.+/, :notification_transport_url => /.+/, - :nova_public_key => {'key' => 'bar', 'type' => 'ssh-rsa'}, - :nova_private_key => {'key' => 'foo', 'type' => 'ssh-rsa'} + :nova_public_key => nil, + :nova_private_key => nil, ) is_expected.to contain_class('nova::config') is_expected.to contain_class('nova::placement') @@ -196,13 +240,228 @@ describe 'tripleo::profile::base::nova' do :configure_libvirt => params[:libvirt_enabled], :configure_nova => params[:nova_compute_enabled] ) + is_expected.to contain_ssh__server__match_block('nova_migration allow').with( + :type => 'User', + :name => 'nova_migration', + :options => { + 'ForceCommand' => '/bin/nova-migration-wrapper', + 'PasswordAuthentication' => 'no', + 'AllowTcpForwarding' => 'no', + 'X11Forwarding' => 'no', + 'AuthorizedKeysFile' => '/etc/nova/migration/authorized_keys' + } + ) + is_expected.to_not contain_ssh__server__match_block('nova_migration deny') + is_expected.to contain_package('openstack-nova-migration').with( + :ensure => 'present' + ) + is_expected.to contain_file('/etc/nova/migration/authorized_keys').with( + :content => 'ssh-rsa bar', + :mode => '0640', + :owner => 'root', + :group => 'nova_migration', + ) + is_expected.to contain_file('/etc/nova/migration/identity').with( + :content => 'foo', + :mode => '0600', + :owner => 'nova', + :group => 'nova', + ) + is_expected.to contain_user('nova_migration').with( + :shell => '/bin/bash' + ) } end - context 'with step 4 with libvirt TLS and migration ssh key' do - let(:pre_condition) { - 'include ::nova::compute::libvirt::services' + context 'with step 4 with libvirt and migration ssh key and migration_ssh_localaddrs' do + let(:pre_condition) do + <<-eof + include ::nova::compute::libvirt::services + class { '::ssh::server': + storeconfigs_enabled => false, + options => {} + } + eof + end + let(:params) { { + :step => 4, + :libvirt_enabled => true, + :manage_migration => true, + :nova_compute_enabled => true, + :bootstrap_node => 'node.example.com', + :oslomsg_rpc_hosts => [ 'localhost' ], + :oslomsg_rpc_password => 'foo', + :migration_ssh_key => { 'private_key' => 'foo', 'public_key' => 'ssh-rsa bar'}, + :migration_ssh_localaddrs => ['127.0.0.1', '127.0.0.2'] + } } + + it { + is_expected.to contain_class('tripleo::profile::base::nova') + is_expected.to contain_class('nova').with( + :default_transport_url => /.+/, + :notification_transport_url => /.+/, + :nova_public_key => nil, + :nova_private_key => nil, + ) + is_expected.to contain_class('nova::config') + is_expected.to contain_class('nova::placement') + is_expected.to contain_class('nova::cache') + is_expected.to contain_class('nova::migration::libvirt').with( + :transport => 'ssh', + :configure_libvirt => params[:libvirt_enabled], + :configure_nova => params[:nova_compute_enabled] + ) + is_expected.to contain_ssh__server__match_block('nova_migration allow').with( + :type => 'LocalAddress 127.0.0.1,127.0.0.2 User', + :name => 'nova_migration', + :options => { + 'ForceCommand' => '/bin/nova-migration-wrapper', + 'PasswordAuthentication' => 'no', + 'AllowTcpForwarding' => 'no', + 'X11Forwarding' => 'no', + 'AuthorizedKeysFile' => '/etc/nova/migration/authorized_keys' + } + ) + is_expected.to contain_ssh__server__match_block('nova_migration deny').with( + :type => 'LocalAddress', + :name => '!127.0.0.1,!127.0.0.2', + :options => { + 'DenyUsers' => 'nova_migration' + } + ) + is_expected.to contain_package('openstack-nova-migration').with( + :ensure => 'present' + ) + is_expected.to contain_file('/etc/nova/migration/authorized_keys').with( + :content => 'ssh-rsa bar', + :mode => '0640', + :owner => 'root', + :group => 'nova_migration', + ) + is_expected.to contain_file('/etc/nova/migration/identity').with( + :content => 'foo', + :mode => '0600', + :owner => 'nova', + :group => 'nova', + ) + is_expected.to contain_user('nova_migration').with( + :shell => '/bin/bash' + ) } + end + + context 'with step 4 with libvirt and migration ssh key and invalid migration_ssh_localaddrs' do + let(:pre_condition) do + <<-eof + include ::nova::compute::libvirt::services + class { '::ssh::server': + storeconfigs_enabled => false, + options => {} + } + eof + end + let(:params) { { + :step => 4, + :libvirt_enabled => true, + :manage_migration => true, + :nova_compute_enabled => true, + :bootstrap_node => 'node.example.com', + :oslomsg_rpc_hosts => [ 'localhost' ], + :oslomsg_rpc_password => 'foo', + :migration_ssh_key => { 'private_key' => 'foo', 'public_key' => 'ssh-rsa bar'}, + :migration_ssh_localaddrs => ['127.0.0.1', ''] + } } + + it { is_expected.to_not compile } + end + + context 'with step 4 with libvirt and migration ssh key and duplicate migration_ssh_localaddrs' do + let(:pre_condition) do + <<-eof + include ::nova::compute::libvirt::services + class { '::ssh::server': + storeconfigs_enabled => false, + options => {} + } + eof + end + let(:params) { { + :step => 4, + :libvirt_enabled => true, + :manage_migration => true, + :nova_compute_enabled => true, + :bootstrap_node => 'node.example.com', + :oslomsg_rpc_hosts => [ 'localhost' ], + :oslomsg_rpc_password => 'foo', + :migration_ssh_key => { 'private_key' => 'foo', 'public_key' => 'ssh-rsa bar'}, + :migration_ssh_localaddrs => ['127.0.0.1', '127.0.0.1'] + } } + + it { + is_expected.to contain_class('tripleo::profile::base::nova') + is_expected.to contain_class('nova').with( + :default_transport_url => /.+/, + :notification_transport_url => /.+/, + :nova_public_key => nil, + :nova_private_key => nil, + ) + is_expected.to contain_class('nova::config') + is_expected.to contain_class('nova::placement') + is_expected.to contain_class('nova::cache') + is_expected.to contain_class('nova::migration::libvirt').with( + :transport => 'ssh', + :configure_libvirt => params[:libvirt_enabled], + :configure_nova => params[:nova_compute_enabled] + ) + is_expected.to contain_ssh__server__match_block('nova_migration allow').with( + :type => 'LocalAddress 127.0.0.1 User', + :name => 'nova_migration', + :options => { + 'ForceCommand' => '/bin/nova-migration-wrapper', + 'PasswordAuthentication' => 'no', + 'AllowTcpForwarding' => 'no', + 'X11Forwarding' => 'no', + 'AuthorizedKeysFile' => '/etc/nova/migration/authorized_keys' + } + ) + is_expected.to contain_ssh__server__match_block('nova_migration deny').with( + :type => 'LocalAddress', + :name => '!127.0.0.1', + :options => { + 'DenyUsers' => 'nova_migration' + } + ) + is_expected.to contain_package('openstack-nova-migration').with( + :ensure => 'present' + ) + is_expected.to contain_file('/etc/nova/migration/authorized_keys').with( + :content => 'ssh-rsa bar', + :mode => '0640', + :owner => 'root', + :group => 'nova_migration', + ) + is_expected.to contain_file('/etc/nova/migration/identity').with( + :content => 'foo', + :mode => '0600', + :owner => 'nova', + :group => 'nova', + ) + is_expected.to contain_user('nova_migration').with( + :shell => '/bin/bash' + ) + } + end + + context 'with step 4 with libvirt TLS and migration ssh key' do + let(:pre_condition) do + <<-eof + include ::nova::compute::libvirt::services + class { '::ssh::server': + storeconfigs_enabled => false, + options => {} + } + eof + end let(:params) { { :step => 4, :libvirt_enabled => true, @@ -220,8 +479,8 @@ describe 'tripleo::profile::base::nova' do is_expected.to contain_class('nova').with( :default_transport_url => /.+/, :notification_transport_url => /.+/, - :nova_public_key => {'key' => 'bar', 'type' => 'ssh-rsa'}, - :nova_private_key => {'key' => 'foo', 'type' => 'ssh-rsa'} + :nova_public_key => nil, + :nova_private_key => nil, ) is_expected.to contain_class('nova::config') is_expected.to contain_class('nova::placement') @@ -231,6 +490,36 @@ describe 'tripleo::profile::base::nova' do :configure_libvirt => params[:libvirt_enabled], :configure_nova => params[:nova_compute_enabled] ) + is_expected.to contain_ssh__server__match_block('nova_migration allow').with( + :type => 'User', + :name => 'nova_migration', + :options => { + 'ForceCommand' => '/bin/nova-migration-wrapper', + 'PasswordAuthentication' => 'no', + 'AllowTcpForwarding' => 'no', + 'X11Forwarding' => 'no', + 'AuthorizedKeysFile' => '/etc/nova/migration/authorized_keys' + } + ) + is_expected.to_not contain_ssh__server__match_block('nova_migration deny') + is_expected.to contain_package('openstack-nova-migration').with( + :ensure => 'present' + ) + is_expected.to contain_file('/etc/nova/migration/authorized_keys').with( + :content => 'ssh-rsa bar', + :mode => '0640', + :owner => 'root', + :group => 'nova_migration', + ) + is_expected.to contain_file('/etc/nova/migration/identity').with( + :content => 'foo', + :mode => '0600', + :owner => 'nova', + :group => 'nova', + ) + is_expected.to contain_user('nova_migration').with( + :shell => '/bin/bash' + ) } end diff --git a/spec/classes/tripleo_profile_base_sshd_spec.rb b/spec/classes/tripleo_profile_base_sshd_spec.rb index e84a1f5..58b271f 100644 --- a/spec/classes/tripleo_profile_base_sshd_spec.rb +++ b/spec/classes/tripleo_profile_base_sshd_spec.rb @@ -24,7 +24,23 @@ describe 'tripleo::profile::base::sshd' do context 'it should do nothing' do it do - is_expected.to contain_class('ssh::server') + is_expected.to contain_class('ssh::server').with({ + 'storeconfigs_enabled' => false, + 'options' => {} + }) + is_expected.to_not contain_file('/etc/issue') + is_expected.to_not contain_file('/etc/issue.net') + is_expected.to_not contain_file('/etc/motd') + end + end + + context 'it should do nothing with empty strings' do + let(:params) {{ :bannertext => '', :motd => '' }} + it do + is_expected.to contain_class('ssh::server').with({ + 'storeconfigs_enabled' => false, + 'options' => {} + }) is_expected.to_not contain_file('/etc/issue') is_expected.to_not contain_file('/etc/issue.net') is_expected.to_not contain_file('/etc/motd') @@ -34,6 +50,12 @@ describe 'tripleo::profile::base::sshd' do context 'with issue and issue.net configured' do let(:params) {{ :bannertext => 'foo' }} it do + is_expected.to contain_class('ssh::server').with({ + 'storeconfigs_enabled' => false, + 'options' => { + 'Banner' => '/etc/issue.net' + } + }) is_expected.to contain_file('/etc/issue').with({ 'content' => 'foo', 'owner' => 'root', @@ -53,6 +75,12 @@ describe 'tripleo::profile::base::sshd' do context 'with motd configured' do let(:params) {{ :motd => 'foo' }} it do + is_expected.to contain_class('ssh::server').with({ + 'storeconfigs_enabled' => false, + 'options' => { + 'PrintMotd' => 'yes' + } + }) is_expected.to contain_file('/etc/motd').with({ 'content' => 'foo', 'owner' => 'root', @@ -63,6 +91,94 @@ describe 'tripleo::profile::base::sshd' do is_expected.to_not contain_file('/etc/issue.net') end end + + context 'with options configured' do + let(:params) {{ :options => {'X11Forwarding' => 'no'} }} + it do + is_expected.to contain_class('ssh::server').with({ + 'storeconfigs_enabled' => false, + 'options' => { + 'X11Forwarding' => 'no' + } + }) + is_expected.to_not contain_file('/etc/motd') + is_expected.to_not contain_file('/etc/issue') + is_expected.to_not contain_file('/etc/issue.net') + end + end + + context 'with motd and issue configured' do + let(:params) {{ + :bannertext => 'foo', + :motd => 'foo' + }} + it do + is_expected.to contain_class('ssh::server').with({ + 'storeconfigs_enabled' => false, + 'options' => { + 'Banner' => '/etc/issue.net', + 'PrintMotd' => 'yes' + } + }) + is_expected.to contain_file('/etc/motd').with({ + 'content' => 'foo', + 'owner' => 'root', + 'group' => 'root', + 'mode' => '0644', + }) + is_expected.to contain_file('/etc/issue').with({ + 'content' => 'foo', + 'owner' => 'root', + 'group' => 'root', + 'mode' => '0644', + }) + is_expected.to contain_file('/etc/issue.net').with({ + 'content' => 'foo', + 'owner' => 'root', + 'group' => 'root', + 'mode' => '0644', + }) + end + end + + context 'with motd and issue and options configured' do + let(:params) {{ + :bannertext => 'foo', + :motd => 'foo', + :options => { + 'PrintMotd' => 'no', # this should be overridden + 'X11Forwarding' => 'no' + } + }} + it do + is_expected.to contain_class('ssh::server').with({ + 'storeconfigs_enabled' => false, + 'options' => { + 'Banner' => '/etc/issue.net', + 'PrintMotd' => 'yes', + 'X11Forwarding' => 'no' + } + }) + is_expected.to contain_file('/etc/motd').with({ + 'content' => 'foo', + 'owner' => 'root', + 'group' => 'root', + 'mode' => '0644', + }) + is_expected.to contain_file('/etc/issue').with({ + 'content' => 'foo', + 'owner' => 'root', + 'group' => 'root', + 'mode' => '0644', + }) + is_expected.to contain_file('/etc/issue.net').with({ + 'content' => 'foo', + 'owner' => 'root', + 'group' => 'root', + 'mode' => '0644', + }) + end + end end on_supported_os.each do |os, facts| |