From f6c48bb76c95fe09e05f24fc4437d20fdb5230d2 Mon Sep 17 00:00:00 2001 From: Javier Pena Date: Thu, 28 Jan 2016 12:24:17 +0100 Subject: [PATCH] Support the LibreSwan driver in Red Hat platforms Currently, the libreswan package is supported by puppet-neutron as part of the openswan driver. However, there is a specific libreswan driver, which is required when using it (see https://bugs.launchpad.net/neutron/+bug/1444017 for details). Adding support for the LibreSwan driver in puppet-neutron, only for Red Hat platforms as it does not seem to be supported in Debian/Ubuntu. Change-Id: I9628e485d301734f9d739c1d03d6da9f7887c61d --- manifests/agents/vpnaas.pp | 11 ++++++++ manifests/params.pp | 2 ++ spec/classes/neutron_agents_vpnaas_spec.rb | 29 ++++++++++++++++++++++ 3 files changed, 42 insertions(+) diff --git a/manifests/agents/vpnaas.pp b/manifests/agents/vpnaas.pp index 40fe110cd..0c83841eb 100644 --- a/manifests/agents/vpnaas.pp +++ b/manifests/agents/vpnaas.pp @@ -68,6 +68,17 @@ class neutron::agents::vpnaas ( name => $::neutron::params::openswan_package, } } + /\.LibreSwan/: { + if($::osfamily != 'Redhat') { + fail("LibreSwan is not supported on osfamily ${::osfamily}") + } else { + Package['libreswan'] -> Package<| title == 'neutron-vpnaas-agent' |> + package { 'libreswan': + ensure => present, + name => $::neutron::params::libreswan_package, + } + } + } default: { fail("Unsupported vpn_device_driver ${vpn_device_driver}") } diff --git a/manifests/params.pp b/manifests/params.pp index 260c16410..4b61b6d44 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -65,6 +65,7 @@ class neutron::params { } else { $openswan_package = 'openswan' } + $libreswan_package = 'libreswan' $l3_agent_package = false $l3_agent_service = 'neutron-l3-agent' @@ -151,6 +152,7 @@ class neutron::params { $vpnaas_agent_service = 'neutron-vpn-agent' $openswan_package = 'openswan' + $libreswan_package = false $metadata_agent_package = 'neutron-metadata-agent' $metadata_agent_service = 'neutron-metadata-agent' diff --git a/spec/classes/neutron_agents_vpnaas_spec.rb b/spec/classes/neutron_agents_vpnaas_spec.rb index 6983dde51..bf99c0e92 100644 --- a/spec/classes/neutron_agents_vpnaas_spec.rb +++ b/spec/classes/neutron_agents_vpnaas_spec.rb @@ -133,6 +133,18 @@ describe 'neutron::agents::vpnaas' do it 'configures subscription to neutron-vpnaas-agent package' do is_expected.to contain_service('neutron-vpnaas-service').that_subscribes_to('Package[neutron-vpnaas-agent]') end + + context 'when configuring the LibreSwan driver' do + before do + params.merge!( + :vpn_device_driver => 'neutron_vpnaas.services.vpn.device_drivers.libreswan_ipsec.LibreSwanDriver' + ) + end + + it 'fails when configuring LibreSwan on Debian' do + is_expected.to raise_error(Puppet::Error, /LibreSwan is not supported on osfamily Debian/) + end + end end context 'on RedHat 6 platforms' do @@ -162,10 +174,27 @@ describe 'neutron::agents::vpnaas' do let :platform_params do { :openswan_package => 'libreswan', + :libreswan_package => 'libreswan', :vpnaas_agent_package => 'openstack-neutron-vpnaas', :vpnaas_agent_service => 'neutron-vpn-agent'} end it_configures 'neutron vpnaas agent' + + context 'when configuring the LibreSwan driver' do + before do + params.merge!( + :vpn_device_driver => 'neutron_vpnaas.services.vpn.device_drivers.libreswan_ipsec.LibreSwanDriver' + ) + end + + it 'configures LibreSwan' do + is_expected.to contain_neutron_vpnaas_agent_config('vpnagent/vpn_device_driver').with_value(params[:vpn_device_driver]); + is_expected.to contain_package('libreswan').with( + :ensure => 'present', + :name => platform_params[:libreswan_package] + ) + end + end end end