openstack/puppet-neutron
Code Issues Proposed changes

Adds configuration for SSL OVSDB connections

Browse Source 
Exposes new parameters to configure SSL key, certificate, and CA
certificate files.  This allows DHCP agent to connect to OVSDB using
SSL.  Also the OVS/ovsdb_connection configuration was previously in ODL
ML2 class, which should have been in the DHCP agent to begin with as it
is not ML2 configuration.  This patch deprecates the previous behavior
and adds ovsdb_connection into DHCP agent to use its normal service
default.

Partial-Bug: 1746762

Depends-On: I19fd9dd0c72260835eb91e557a6029ec9d652179

Change-Id: I82281eefa1aa81207ccd8ea565cffc6ca0ec48de
Signed-off-by: Tim Rozet <trozet@redhat.com>
This commit is contained in:
Tim Rozet
2018-02-01 12:49:14 -05:00
committed by Alex Schultz
parent 1a59f72dfc
commit 094e594d40
4 changed files with 120 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
spec/classes/neutron_agents_dhcp_spec.rb
View File

@@ -50,6 +50,10 @@ describe 'neutron::agents::dhcp' do
is_expected.to contain_neutron_dhcp_agent_config('DEFAULT/ovs_integration_bridge').with_value('<SERVICE DEFAULT>');
is_expected.to contain_neutron_dhcp_agent_config('DEFAULT/dnsmasq_local_resolv').with_value('<SERVICE DEFAULT>');
is_expected.to contain_neutron_dhcp_agent_config('AGENT/availability_zone').with_value('<SERVICE DEFAULT>');
is_expected.to contain_neutron_dhcp_agent_config('OVS/ovsdb_connection').with_value('<SERVICE DEFAULT>');
is_expected.to contain_neutron_dhcp_agent_config('OVS/ssl_key_file').with_value('<SERVICE DEFAULT>');
is_expected.to contain_neutron_dhcp_agent_config('OVS/ssl_cert_file').with_value('<SERVICE DEFAULT>');
is_expected.to contain_neutron_dhcp_agent_config('OVS/ssl_ca_cert_file').with_value('<SERVICE DEFAULT>');
end
it 'installs neutron dhcp agent package' do
@@ -151,6 +155,34 @@ describe 'neutron::agents::dhcp' do
is_expected.to contain_neutron_dhcp_agent_config('AGENT/availability_zone').with_value(p[:availability_zone]);
end
end
context 'with SSL configuration' do
before do
params.merge!({
:ovsdb_connection => 'ssl:127.0.0.1:6639',
:ovsdb_agent_ssl_key_file => '/tmp/dummy.pem',
:ovsdb_agent_ssl_cert_file => '/tmp/dummy.crt',
:ovsdb_agent_ssl_ca_file => '/tmp/ca.crt'
})
end
it 'configures neutron SSL settings' do
is_expected.to contain_neutron_dhcp_agent_config('OVS/ovsdb_connection').with_value(params[:ovsdb_connection])
is_expected.to contain_neutron_dhcp_agent_config('OVS/ssl_key_file').with_value(params[:ovsdb_agent_ssl_key_file])
is_expected.to contain_neutron_dhcp_agent_config('OVS/ssl_cert_file').with_value(params[:ovsdb_agent_ssl_cert_file])
is_expected.to contain_neutron_dhcp_agent_config('OVS/ssl_ca_cert_file').with_value(params[:ovsdb_agent_ssl_ca_file])
end
end
context 'with SSL enabled, but missing file config' do
before do
params.merge!({
:ovsdb_connection => 'ssl:127.0.0.1:6639'
})
end
it 'fails to configure' do
is_expected.to raise_error(Puppet::Error)
end
end
end
shared_examples_for 'neutron dhcp agent with dnsmasq_config_file specified' do