aboutsummaryrefslogtreecommitdiffstats
path: root/spec
diff options
context:
space:
mode:
Diffstat (limited to 'spec')
-rw-r--r--spec/classes/tripleo_profile_base_nova_spec.rb160
-rw-r--r--spec/spec_helper_acceptance.rb57
2 files changed, 151 insertions, 66 deletions
diff --git a/spec/classes/tripleo_profile_base_nova_spec.rb b/spec/classes/tripleo_profile_base_nova_spec.rb
index d77ba1b..a7f1cce 100644
--- a/spec/classes/tripleo_profile_base_nova_spec.rb
+++ b/spec/classes/tripleo_profile_base_nova_spec.rb
@@ -95,9 +95,8 @@ describe 'tripleo::profile::base::nova' do
is_expected.to contain_class('nova::cache')
is_expected.to contain_class('nova::placement')
is_expected.to_not contain_class('nova::migration::libvirt')
- is_expected.to contain_package('openstack-nova-migration').with(
- :ensure => 'absent'
- )
+ is_expected.to_not contain_file('/etc/nova/migration/authorized_keys')
+ is_expected.to_not contain_file('/etc/nova/migration/identity')
}
end
@@ -132,7 +131,22 @@ describe 'tripleo::profile::base::nova' do
:configure_nova => params[:nova_compute_enabled]
)
is_expected.to contain_package('openstack-nova-migration').with(
- :ensure => 'absent'
+ :ensure => 'present'
+ )
+ is_expected.to contain_file('/etc/nova/migration/authorized_keys').with(
+ :content => '# Migration over SSH disabled by TripleO',
+ :mode => '0640',
+ :owner => 'root',
+ :group => 'nova_migration',
+ )
+ is_expected.to contain_file('/etc/nova/migration/identity').with(
+ :content => '# Migration over SSH disabled by TripleO',
+ :mode => '0600',
+ :owner => 'nova',
+ :group => 'nova',
+ )
+ is_expected.to contain_user('nova_migration').with(
+ :shell => '/sbin/nologin'
)
}
end
@@ -169,7 +183,22 @@ describe 'tripleo::profile::base::nova' do
:configure_nova => params[:nova_compute_enabled],
)
is_expected.to contain_package('openstack-nova-migration').with(
- :ensure => 'absent'
+ :ensure => 'present'
+ )
+ is_expected.to contain_file('/etc/nova/migration/authorized_keys').with(
+ :content => '# Migration over SSH disabled by TripleO',
+ :mode => '0640',
+ :owner => 'root',
+ :group => 'nova_migration',
+ )
+ is_expected.to contain_file('/etc/nova/migration/identity').with(
+ :content => '# Migration over SSH disabled by TripleO',
+ :mode => '0600',
+ :owner => 'nova',
+ :group => 'nova',
+ )
+ is_expected.to contain_user('nova_migration').with(
+ :shell => '/sbin/nologin'
)
}
end
@@ -223,6 +252,9 @@ describe 'tripleo::profile::base::nova' do
}
)
is_expected.to_not contain_ssh__server__match_block('nova_migration deny')
+ is_expected.to contain_package('openstack-nova-migration').with(
+ :ensure => 'present'
+ )
is_expected.to contain_file('/etc/nova/migration/authorized_keys').with(
:content => 'ssh-rsa bar',
:mode => '0640',
@@ -235,8 +267,8 @@ describe 'tripleo::profile::base::nova' do
:owner => 'nova',
:group => 'nova',
)
- is_expected.to contain_package('openstack-nova-migration').with(
- :ensure => 'installed'
+ is_expected.to contain_user('nova_migration').with(
+ :shell => '/bin/bash'
)
}
end
@@ -297,6 +329,9 @@ describe 'tripleo::profile::base::nova' do
'DenyUsers' => 'nova_migration'
}
)
+ is_expected.to contain_package('openstack-nova-migration').with(
+ :ensure => 'present'
+ )
is_expected.to contain_file('/etc/nova/migration/authorized_keys').with(
:content => 'ssh-rsa bar',
:mode => '0640',
@@ -309,8 +344,110 @@ describe 'tripleo::profile::base::nova' do
:owner => 'nova',
:group => 'nova',
)
+ is_expected.to contain_user('nova_migration').with(
+ :shell => '/bin/bash'
+ )
+ }
+ end
+
+ context 'with step 4 with libvirt and migration ssh key and invalid migration_ssh_localaddrs' do
+ let(:pre_condition) do
+ <<-eof
+ include ::nova::compute::libvirt::services
+ class { '::ssh::server':
+ storeconfigs_enabled => false,
+ options => {}
+ }
+ eof
+ end
+ let(:params) { {
+ :step => 4,
+ :libvirt_enabled => true,
+ :manage_migration => true,
+ :nova_compute_enabled => true,
+ :bootstrap_node => 'node.example.com',
+ :oslomsg_rpc_hosts => [ 'localhost' ],
+ :oslomsg_rpc_password => 'foo',
+ :migration_ssh_key => { 'private_key' => 'foo', 'public_key' => 'ssh-rsa bar'},
+ :migration_ssh_localaddrs => ['127.0.0.1', '']
+ } }
+
+ it { is_expected.to_not compile }
+ end
+
+ context 'with step 4 with libvirt and migration ssh key and duplicate migration_ssh_localaddrs' do
+ let(:pre_condition) do
+ <<-eof
+ include ::nova::compute::libvirt::services
+ class { '::ssh::server':
+ storeconfigs_enabled => false,
+ options => {}
+ }
+ eof
+ end
+ let(:params) { {
+ :step => 4,
+ :libvirt_enabled => true,
+ :manage_migration => true,
+ :nova_compute_enabled => true,
+ :bootstrap_node => 'node.example.com',
+ :oslomsg_rpc_hosts => [ 'localhost' ],
+ :oslomsg_rpc_password => 'foo',
+ :migration_ssh_key => { 'private_key' => 'foo', 'public_key' => 'ssh-rsa bar'},
+ :migration_ssh_localaddrs => ['127.0.0.1', '127.0.0.1']
+ } }
+
+ it {
+ is_expected.to contain_class('tripleo::profile::base::nova')
+ is_expected.to contain_class('nova').with(
+ :default_transport_url => /.+/,
+ :notification_transport_url => /.+/,
+ :nova_public_key => nil,
+ :nova_private_key => nil,
+ )
+ is_expected.to contain_class('nova::config')
+ is_expected.to contain_class('nova::placement')
+ is_expected.to contain_class('nova::cache')
+ is_expected.to contain_class('nova::migration::libvirt').with(
+ :transport => 'ssh',
+ :configure_libvirt => params[:libvirt_enabled],
+ :configure_nova => params[:nova_compute_enabled]
+ )
+ is_expected.to contain_ssh__server__match_block('nova_migration allow').with(
+ :type => 'LocalAddress 127.0.0.1 User',
+ :name => 'nova_migration',
+ :options => {
+ 'ForceCommand' => '/bin/nova-migration-wrapper',
+ 'PasswordAuthentication' => 'no',
+ 'AllowTcpForwarding' => 'no',
+ 'X11Forwarding' => 'no',
+ 'AuthorizedKeysFile' => '/etc/nova/migration/authorized_keys'
+ }
+ )
+ is_expected.to contain_ssh__server__match_block('nova_migration deny').with(
+ :type => 'LocalAddress',
+ :name => '!127.0.0.1',
+ :options => {
+ 'DenyUsers' => 'nova_migration'
+ }
+ )
is_expected.to contain_package('openstack-nova-migration').with(
- :ensure => 'installed'
+ :ensure => 'present'
+ )
+ is_expected.to contain_file('/etc/nova/migration/authorized_keys').with(
+ :content => 'ssh-rsa bar',
+ :mode => '0640',
+ :owner => 'root',
+ :group => 'nova_migration',
+ )
+ is_expected.to contain_file('/etc/nova/migration/identity').with(
+ :content => 'foo',
+ :mode => '0600',
+ :owner => 'nova',
+ :group => 'nova',
+ )
+ is_expected.to contain_user('nova_migration').with(
+ :shell => '/bin/bash'
)
}
end
@@ -365,6 +502,9 @@ describe 'tripleo::profile::base::nova' do
}
)
is_expected.to_not contain_ssh__server__match_block('nova_migration deny')
+ is_expected.to contain_package('openstack-nova-migration').with(
+ :ensure => 'present'
+ )
is_expected.to contain_file('/etc/nova/migration/authorized_keys').with(
:content => 'ssh-rsa bar',
:mode => '0640',
@@ -377,8 +517,8 @@ describe 'tripleo::profile::base::nova' do
:owner => 'nova',
:group => 'nova',
)
- is_expected.to contain_package('openstack-nova-migration').with(
- :ensure => 'installed'
+ is_expected.to contain_user('nova_migration').with(
+ :shell => '/bin/bash'
)
}
end
diff --git a/spec/spec_helper_acceptance.rb b/spec/spec_helper_acceptance.rb
index 429e807..9196bc9 100644
--- a/spec/spec_helper_acceptance.rb
+++ b/spec/spec_helper_acceptance.rb
@@ -1,56 +1 @@
-require 'beaker-rspec'
-require 'beaker/puppet_install_helper'
-
-run_puppet_install_helper
-
-RSpec.configure do |c|
- # Project root
- proj_root = File.expand_path(File.join(File.dirname(__FILE__), '..'))
- modname = JSON.parse(open('metadata.json').read)['name'].split('-')[1]
-
- # Readable test descriptions
- c.formatter = :documentation
-
- # Configure all nodes in nodeset
- c.before :suite do
- # Install module and dependencies
- hosts.each do |host|
-
- # install git
- install_package host, 'git'
-
- zuul_ref = ENV['ZUUL_REF']
- zuul_branch = ENV['ZUUL_BRANCH']
- zuul_url = ENV['ZUUL_URL']
-
- repo = 'openstack/puppet-openstack-integration'
-
- # Start out with clean moduledir, don't trust r10k to purge it
- on host, "rm -rf /etc/puppet/modules/*"
- # Install dependent modules via git or zuul
- r = on host, "test -e /usr/zuul-env/bin/zuul-cloner", { :acceptable_exit_codes => [0,1] }
- if r.exit_code == 0
- zuul_clone_cmd = '/usr/zuul-env/bin/zuul-cloner '
- zuul_clone_cmd += '--cache-dir /opt/git '
- zuul_clone_cmd += "--zuul-ref #{zuul_ref} "
- zuul_clone_cmd += "--zuul-branch #{zuul_branch} "
- zuul_clone_cmd += "--zuul-url #{zuul_url} "
- zuul_clone_cmd += "git://git.openstack.org #{repo}"
- on host, zuul_clone_cmd
- else
- on host, "git clone https://git.openstack.org/#{repo} #{repo}"
- end
-
- on host, "ZUUL_REF=#{zuul_ref} ZUUL_BRANCH=#{zuul_branch} ZUUL_URL=#{zuul_url} bash #{repo}/install_modules.sh"
-
- # Install the module being tested
- on host, "rm -fr /etc/puppet/modules/#{modname}"
- puppet_module_install(:source => proj_root, :module_name => modname)
-
- on host, "rm -fr #{repo}"
-
- # List modules installed to help with debugging
- on host, puppet('module','list'), { :acceptable_exit_codes => 0 }
- end
- end
-end
+require 'puppet-openstack_spec_helper/beaker_spec_helper'