From 299e992b20c8d10fd5315b061d9f82b376aa80d4 Mon Sep 17 00:00:00 2001 From: Takashi Kajinami Date: Sun, 15 Sep 2024 22:38:37 +0900 Subject: [PATCH] Support neutron-ovn-vpn-agent The neutron-ovn-vpn-agent service was added during 2024.1 cycle to support VPNaaS features in deployment with ml2 ovn. Add support for installing/managing the service to extend supported deployment architecture. Depends-on: https://review.opendev.org/765353 Change-Id: I3560b4e07ac214d8628f5642856b364a802a9d19 --- .../ini_setting.rb | 10 + .../type/neutron_ovn_vpn_agent_config.rb | 28 +++ manifests/agents/ml2/ovn.pp | 4 +- manifests/agents/vpnaas.pp | 20 +- manifests/agents/vpnaas/ovn.pp | 202 ++++++++++++++++++ manifests/config.pp | 5 + manifests/params.pp | 4 + spec/acceptance/99_neutron_config_spec.rb | 23 ++ .../classes/neutron_agents_vpnaas_ovn_spec.rb | 128 +++++++++++ spec/classes/neutron_agents_vpnaas_spec.rb | 8 +- spec/classes/neutron_config_spec.rb | 7 + .../ini_setting_spec.rb | 51 +++++ .../type/neutron_ovn_vpn_agent_config_spec.rb | 20 ++ 13 files changed, 492 insertions(+), 18 deletions(-) create mode 100644 lib/puppet/provider/neutron_ovn_vpn_agent_config/ini_setting.rb create mode 100644 lib/puppet/type/neutron_ovn_vpn_agent_config.rb create mode 100644 manifests/agents/vpnaas/ovn.pp create mode 100644 spec/classes/neutron_agents_vpnaas_ovn_spec.rb create mode 100644 spec/unit/provider/neutron_ovn_vpn_agent_config/ini_setting_spec.rb create mode 100644 spec/unit/type/neutron_ovn_vpn_agent_config_spec.rb diff --git a/lib/puppet/provider/neutron_ovn_vpn_agent_config/ini_setting.rb b/lib/puppet/provider/neutron_ovn_vpn_agent_config/ini_setting.rb new file mode 100644 index 000000000..6342d6d53 --- /dev/null +++ b/lib/puppet/provider/neutron_ovn_vpn_agent_config/ini_setting.rb @@ -0,0 +1,10 @@ +Puppet::Type.type(:neutron_ovn_vpn_agent_config).provide( + :ini_setting, + :parent => Puppet::Type.type(:openstack_config).provider(:ini_setting) +) do + + def self.file_path + '/etc/neutron/ovn_vpn_agent.ini' + end + +end diff --git a/lib/puppet/type/neutron_ovn_vpn_agent_config.rb b/lib/puppet/type/neutron_ovn_vpn_agent_config.rb new file mode 100644 index 000000000..28f33ac8b --- /dev/null +++ b/lib/puppet/type/neutron_ovn_vpn_agent_config.rb @@ -0,0 +1,28 @@ +Puppet::Type.newtype(:neutron_ovn_vpn_agent_config) do + + ensurable + + newparam(:name, :namevar => true) do + desc 'Section/setting name to manage from ovn_vpn_agent.ini' + newvalues(/\S+\/\S+/) + end + + newproperty(:value) do + desc 'The value of the setting to be defined.' + munge do |value| + value = value.to_s.strip + value.capitalize! if value =~ /^(true|false)$/i + value + end + end + + newparam(:ensure_absent_val) do + desc 'A value that is specified as the value property will behave as if ensure => absent was specified' + defaultto('') + end + + autorequire(:anchor) do + ['neutron::install::end'] + end + +end diff --git a/manifests/agents/ml2/ovn.pp b/manifests/agents/ml2/ovn.pp index f9bf4d8d6..44e62f927 100644 --- a/manifests/agents/ml2/ovn.pp +++ b/manifests/agents/ml2/ovn.pp @@ -5,10 +5,10 @@ # === Parameters # # [*package_ensure*] -# Ensure state of the package. Defaults to 'present'. +# (optional) Ensure state of the package. Defaults to 'present'. # # [*enabled*] -# State of the service. Defaults to true. +# (optional) State of the service. Defaults to true. # # [*manage_service*] # (optional) Whether to start/stop the service diff --git a/manifests/agents/vpnaas.pp b/manifests/agents/vpnaas.pp index b2661847d..e2c1db251 100644 --- a/manifests/agents/vpnaas.pp +++ b/manifests/agents/vpnaas.pp @@ -58,19 +58,19 @@ openswan package in distributions") } /\.LibreSwan/: { Package['libreswan'] -> Package<| title == 'neutron-vpnaas-agent' |> - package { 'libreswan': - ensure => present, - name => $::neutron::params::libreswan_package, - tag => ['openstack', 'neutron-support-package'], - } + ensure_packages( 'libreswan', { + 'ensure' => present, + 'name' => $::neutron::params::libreswan_package, + 'tag' => ['openstack', 'neutron-support-package'], + }) } /\.StrongSwan/: { Package['strongswan'] -> Package<| title == 'neutron-vpnaas-agent' |> - package { 'strongswan': - ensure => present, - name => $::neutron::params::strongswan_package, - tag => ['openstack', 'neutron-support-package'], - } + ensure_packages( 'strongswan', { + 'ensure' => present, + 'name' => $::neutron::params::strongswan_package, + 'tag' => ['openstack', 'neutron-support-package'], + }) } default: { fail("Unsupported vpn_device_driver ${vpn_device_driver}") diff --git a/manifests/agents/vpnaas/ovn.pp b/manifests/agents/vpnaas/ovn.pp new file mode 100644 index 000000000..1e2f2c485 --- /dev/null +++ b/manifests/agents/vpnaas/ovn.pp @@ -0,0 +1,202 @@ +# == Class: neutron::agents:vpnaas::ovn +# +# Setups Neutron OVN VPN agent. +# +# === Parameters +# +# [*package_ensure*] +# (optional) Ensure state for package. Defaults to 'present'. +# +# [*enabled*] +# (optional) State of the service. Defaults to true. +# +# [*manage_service*] +# (optional) Whether to start/stop the service +# Defaults to true +# +# [*debug*] +# (optional) Debug. Defaults to $facts['os_service_default']. +# +# [*vpn_device_driver*] +# (optional) The vpn device drivers Neutron will us. +# Defaults to 'neutron_vpnaas.services.vpn.device_drivers.ipsec.OpenSwanDriver'. +# +# [*interface_driver*] +# (optional) The driver used to manage the virtual interface. +# Defaults to 'neutron.agent.linux.interface.OVSInterfaceDriver'. +# +# [*ipsec_status_check_interval*] +# (optional) Status check interval. Defaults to $facts['os_service_default']. +# +# [*purge_config*] +# (optional) Whether to set only the specified config options +# in the ovn vpn agent config. +# Defaults to false. +# +# [*ovsdb_connection*] +# (optional) The URI used to connect to the local OVSDB server. +# Defaults to 'tcp:127.0.0.1:6640' +# +# [*ovs_manager*] +# The manager target that will be set to OVS so that the metadata agent can +# connect to. +# Defaults to 'ptcp:6640:127.0.0.1' +# +# [*ovn_nb_connection*] +# (optional) The connection string for the OVN_Northbound OVSDB. +# Defaults to 'tcp:127.0.0.1:6641' +# +# [*ovn_sb_connection*] +# (optional) The connection string for the OVN_Southbound OVSDB +# Defaults to '$facts['os_service_default']' +# +# [*ovn_nb_private_key*] +# (optional) The PEM file with private key for SSL connection to OVN-NB-DB +# Defaults to $facts['os_service_default'] +# +# [*ovn_nb_certificate*] +# (optional) The PEM file with certificate that certifies the private +# key specified in ovn_nb_private_key +# Defaults to $facts['os_service_default'] +# +# [*ovn_nb_ca_cert*] +# (optional) The PEM file with CA certificate that OVN should use to +# verify certificates presented to it by SSL peers +# Defaults to $facts['os_service_default'] +# +# [*ovn_sb_private_key*] +# (optional) TThe PEM file with private key for SSL connection to OVN-SB-DB +# Defaults to $facts['os_service_default'] +# +# [*ovn_sb_certificate*] +# (optional) The PEM file with certificate that certifies the +# private key specified in ovn_sb_private_key +# Defaults to $facts['os_service_default'] +# +# [*ovn_sb_ca_cert*] +# (optional) TThe PEM file with CA certificate that OVN should use to +# verify certificates presented to it by SSL peers +# Defaults to $facts['os_service_default'] +# +# [*ovsdb_connection_timeout*] +# (optional) Timeout in seconds for the OVSDB connection transaction. +# Defaults to $facts['os_service_default'] +# +# [*ovndb_connection_timeout*] +# (optional) Timeout in seconds for the OVNDB connection transaction. This +# is used for OVN DB connection. +# Defaults to $facts['os_service_default'] +# +# [*ovsdb_retry_max_interval*] +# (optional) Max interval in seconds between each retry to get the OVN NB +# and SB IDLs. +# Defaults to $facts['os_service_default']. +# +# [*ovsdb_probe_interval*] +# (optional) The probe interval for the OVSDB session in milliseconds. +# Defaults to $facts['os_service_default']. +# +class neutron::agents::vpnaas::ovn ( + $package_ensure = present, + Boolean $enabled = true, + Boolean $manage_service = true, + $debug = $facts['os_service_default'], + $vpn_device_driver = 'neutron_vpnaas.services.vpn.device_drivers.ipsec.OpenSwanDriver', + $interface_driver = 'neutron.agent.linux.interface.OVSInterfaceDriver', + $ipsec_status_check_interval = $facts['os_service_default'], + $ovsdb_connection = 'tcp:127.0.0.1:6640', + $ovs_manager = 'ptcp:6640:127.0.0.1', + $ovn_nb_connection = $facts['os_service_default'], + $ovn_sb_connection = $facts['os_service_default'], + $ovn_nb_private_key = $facts['os_service_default'], + $ovn_nb_certificate = $facts['os_service_default'], + $ovn_nb_ca_cert = $facts['os_service_default'], + $ovn_sb_private_key = $facts['os_service_default'], + $ovn_sb_certificate = $facts['os_service_default'], + $ovn_sb_ca_cert = $facts['os_service_default'], + $ovsdb_connection_timeout = $facts['os_service_default'], + $ovndb_connection_timeout = $facts['os_service_default'], + $ovsdb_retry_max_interval = $facts['os_service_default'], + $ovsdb_probe_interval = $facts['os_service_default'], + Boolean $purge_config = false, +) { + + include neutron::deps + include neutron::params + + if $facts['os']['family'] != 'RedHat' { + fail('The OVN VPN agent service is now supported in Red Hat os family only.') + } + + case $vpn_device_driver { + /\.OpenSwan/: { + warning("Support for OpenSwan has been deprecated, because of lack of \ +openswan package in distributions") + } + /\.LibreSwan/: { + ensure_packages( 'libreswan', { + 'ensure' => present, + 'name' => $::neutron::params::libreswan_package, + 'tag' => ['openstack', 'neutron-support-package'], + }) + } + /\.StrongSwan/: { + ensure_packages( 'strongswan', { + 'ensure' => present, + 'name' => $::neutron::params::strongswan_package, + 'tag' => ['openstack', 'neutron-support-package'], + }) + } + default: { + fail("Unsupported vpn_device_driver ${vpn_device_driver}") + } + } + + resources { 'neutron_ovn_vpn_agent_config': + purge => $purge_config, + } + + # The OVN VPNaaS agent loads both neutron.conf and its own file. + # This only lists config specific to the agent. neutron.conf supplies + # the rest. + neutron_ovn_vpn_agent_config { + 'DEFAULT/debug': value => $debug; + 'vpnagent/vpn_device_driver': value => $vpn_device_driver; + 'ipsec/ipsec_status_check_interval': value => $ipsec_status_check_interval; + 'DEFAULT/interface_driver': value => $interface_driver; + 'ovs/ovsdb_connection': value => $ovsdb_connection; + 'ovs/ovsdb_connection_timeout': value => $ovsdb_connection_timeout; + 'ovn/ovsdb_connection_timeout': value => $ovndb_connection_timeout; + 'ovn/ovsdb_retry_max_interval': value => $ovsdb_retry_max_interval; + 'ovn/ovsdb_probe_interval': value => $ovsdb_probe_interval; + 'ovn/ovn_sb_connection': value => join(any2array($ovn_sb_connection), ','); + 'ovn/ovn_nb_connection': value => join(any2array($ovn_nb_connection), ','); + 'ovn/ovn_nb_private_key': value => $ovn_nb_private_key; + 'ovn/ovn_nb_certificate': value => $ovn_nb_certificate; + 'ovn/ovn_nb_ca_cert': value => $ovn_nb_ca_cert; + 'ovn/ovn_sb_private_key': value => $ovn_sb_private_key; + 'ovn/ovn_sb_certificate': value => $ovn_sb_certificate; + 'ovn/ovn_sb_ca_cert': value => $ovn_sb_ca_cert; + } + + ensure_packages( 'neutron-vpnaas-ovn-vpn-agent', { + 'ensure' => $package_ensure, + 'name' => $::neutron::params::vpnaas_ovn_vpn_agent_package, + 'tag' => ['openstack', 'neutron-package'], + }) + + if $manage_service { + if $enabled { + $service_ensure = 'running' + } else { + $service_ensure = 'stopped' + } + service { 'neutron-vpnaas-ovn-vpn-agent': + ensure => $service_ensure, + name => $::neutron::params::vpnaas_ovn_vpn_agent_service, + enable => $enabled, + tag => 'neutron-service', + } + Neutron_ovn_vpn_agent_config<||> ~> Service['neutron-vpnaas-ovn-vpn-agent'] + } +} diff --git a/manifests/config.pp b/manifests/config.pp index 2b06aedc0..7d805ef0b 100644 --- a/manifests/config.pp +++ b/manifests/config.pp @@ -78,6 +78,9 @@ # [*vpnaas_service_config*] # (optional) Manage configuration of neutron_vpnaas.conf # +# [*ovn_vpn_agent_config*] +# (optional) Manage configuration of ovn_vpn_agent.ini +# # [*taas_service_config*] # (optional) Manage configuration of taas_plugin.ini # @@ -115,6 +118,7 @@ class neutron::config ( Hash $metering_agent_config = {}, Hash $vpnaas_agent_config = {}, Hash $vpnaas_service_config = {}, + Hash $ovn_vpn_agent_config = {}, Hash $taas_service_config = {}, Hash $bgp_dragent_config = {}, Hash $plugin_ml2_config = {}, @@ -151,6 +155,7 @@ class neutron::config ( create_resources('neutron_metering_agent_config', $metering_agent_config) create_resources('neutron_vpnaas_agent_config', $vpnaas_agent_config) create_resources('neutron_vpnaas_service_config', $vpnaas_service_config) + create_resources('neutron_ovn_vpn_agent_config', $ovn_vpn_agent_config) create_resources('neutron_taas_service_config', $taas_service_config) create_resources('neutron_bgp_dragent_config', $bgp_dragent_config) create_resources('neutron_plugin_ml2', $plugin_ml2_config) diff --git a/manifests/params.pp b/manifests/params.pp index 8b3dbc2be..6a2c7cf0d 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -45,6 +45,8 @@ class neutron::params { $dhcp_agent_package = undef $metering_agent_package = 'openstack-neutron-metering-agent' $vpnaas_agent_package = 'openstack-neutron-vpnaas' + $vpnaas_ovn_vpn_agent_package = 'openstack-neutron-vpnaas-ovn-vpn-agent' + $vpnaas_ovn_vpn_agent_service = 'neutron-vpnaas-ovn-vpn-agent' $libreswan_package = 'libreswan' $strongswan_package = 'strongswan' $taas_package = 'python3-tap-as-a-service' @@ -105,6 +107,8 @@ class neutron::params { $dhcp_agent_package = 'neutron-dhcp-agent' $metering_agent_package = 'neutron-metering-agent' $vpnaas_agent_package = 'python3-neutron-vpnaas' + $vpnaas_ovn_vpn_agent_package = undef + $vpnaas_ovn_vpn_agent_service = undef $libreswan_package = 'libreswan' $strongswan_package = 'strongswan' $taas_package = 'python3-neutron-taas' diff --git a/spec/acceptance/99_neutron_config_spec.rb b/spec/acceptance/99_neutron_config_spec.rb index dbe40a481..fa08fd002 100644 --- a/spec/acceptance/99_neutron_config_spec.rb +++ b/spec/acceptance/99_neutron_config_spec.rb @@ -13,6 +13,7 @@ describe 'basic neutron_config resource' do '/etc/neutron/plugins/ml2/ml2_conf.ini', '/etc/neutron/vpn_agent.ini', '/etc/neutron/neutron_vpnaas.conf', + '/etc/neutron/ovn_vpn_agent.ini', '/etc/neutron/taas_plugin.ini', '/etc/neutron/plugins/ml2/linuxbridge_agent.ini', '/etc/neutron/plugins/ml2/openvswitch_agent.ini', @@ -33,6 +34,7 @@ describe 'basic neutron_config resource' do File <||> -> Neutron_l2gw_service_config <||> File <||> -> Neutron_vpnaas_agent_config <||> File <||> -> Neutron_vpnaas_service_config <||> + File <||> -> Neutron_ovn_vpn_agent_config <||> File <||> -> Neutron_taas_service_config <||> File <||> -> Neutron_agent_linuxbridge <||> File <||> -> Neutron_agent_ovs <||> @@ -57,6 +59,7 @@ describe 'basic neutron_config resource' do '/etc/neutron/plugins/ml2/ml2_conf.ini', '/etc/neutron/vpn_agent.ini', '/etc/neutron/neutron_vpnaas.conf', + '/etc/neutron/ovn_vpn_agent.ini', '/etc/neutron/taas_plugin.ini', '/etc/neutron/plugins/ml2/linuxbridge_agent.ini', '/etc/neutron/plugins/ml2/openvswitch_agent.ini', @@ -71,6 +74,7 @@ describe 'basic neutron_config resource' do file { $neutron_files : ensure => file, } + neutron_api_paste_ini { 'DEFAULT/thisshouldexist' : value => 'foo', } @@ -233,6 +237,24 @@ describe 'basic neutron_config resource' do ensure_absent_val => 'toto', } + neutron_ovn_vpn_agent_config { 'DEFAULT/thisshouldexist' : + value => 'foo', + } + + neutron_ovn_vpn_agent_config { 'DEFAULT/thisshouldnotexist' : + value => '', + } + + neutron_ovn_vpn_agent_config { 'DEFAULT/thisshouldexist2' : + value => '', + ensure_absent_val => 'toto', + } + + neutron_ovn_vpn_agent_config { 'DEFAULT/thisshouldnotexist2' : + value => 'toto', + ensure_absent_val => 'toto', + } + neutron_taas_service_config { 'DEFAULT/thisshouldexist' : value => 'foo', } @@ -388,6 +410,7 @@ describe 'basic neutron_config resource' do 'neutron_plugin_ml2', 'neutron_vpnaas_agent_config', 'neutron_vpnaas_service_config', + 'neutron_ovn_vpn_agent_config', 'neutron_taas_service_config', 'neutron_agent_linuxbridge', 'neutron_agent_ovs', diff --git a/spec/classes/neutron_agents_vpnaas_ovn_spec.rb b/spec/classes/neutron_agents_vpnaas_ovn_spec.rb new file mode 100644 index 000000000..12c77e544 --- /dev/null +++ b/spec/classes/neutron_agents_vpnaas_ovn_spec.rb @@ -0,0 +1,128 @@ +# +# Unit tests for neutron::agents::vpnaas::ovn class +# +require 'spec_helper' + +describe 'neutron::agents::vpnaas::ovn' do + let :params do + {} + end + + shared_examples 'neutron::agents::vpnaas::ovn' do + context 'with defaults' do + it { should contain_class('neutron::params') } + + it 'configures ovn_vpn_agent.ini' do + should contain_neutron_ovn_vpn_agent_config('DEFAULT/debug').with_value('') + should contain_neutron_ovn_vpn_agent_config('vpnagent/vpn_device_driver').with_value( + 'neutron_vpnaas.services.vpn.device_drivers.ipsec.OpenSwanDriver') + should contain_neutron_ovn_vpn_agent_config('ipsec/ipsec_status_check_interval').with_value('') + should contain_neutron_ovn_vpn_agent_config('DEFAULT/interface_driver').with_value( + 'neutron.agent.linux.interface.OVSInterfaceDriver') + should contain_neutron_ovn_vpn_agent_config('ovs/ovsdb_connection').with_value('tcp:127.0.0.1:6640') + should contain_neutron_ovn_vpn_agent_config('ovs/ovsdb_connection_timeout').with_value('') + should contain_neutron_ovn_vpn_agent_config('ovn/ovsdb_connection_timeout').with_value('') + should contain_neutron_ovn_vpn_agent_config('ovn/ovn_nb_connection').with_value('') + should contain_neutron_ovn_vpn_agent_config('ovn/ovn_nb_private_key').with_value('') + should contain_neutron_ovn_vpn_agent_config('ovn/ovn_nb_certificate').with_value('') + should contain_neutron_ovn_vpn_agent_config('ovn/ovn_nb_ca_cert').with_value('') + should contain_neutron_ovn_vpn_agent_config('ovn/ovn_sb_connection').with_value('') + should contain_neutron_ovn_vpn_agent_config('ovn/ovn_sb_private_key').with_value('') + should contain_neutron_ovn_vpn_agent_config('ovn/ovn_sb_certificate').with_value('') + should contain_neutron_ovn_vpn_agent_config('ovn/ovn_sb_ca_cert').with_value('') + should contain_neutron_ovn_vpn_agent_config('ovn/ovsdb_retry_max_interval').with_value('') + should contain_neutron_ovn_vpn_agent_config('ovn/ovsdb_probe_interval').with_value('') + end + + it 'installs neutron vpnaas ovn vpn agent package' do + should contain_package('neutron-vpnaas-ovn-vpn-agent').with( + :ensure => 'installed', + :name => platform_params[:vpnaas_ovn_vpn_agent_package], + :tag => ['openstack', 'neutron-package'], + ) + end + + it 'enables neutron vpnaas ovn vpn agent service' do + should contain_package('neutron-vpnaas-ovn-vpn-agent').with( + :ensure => 'running', + :name => platform_params[:vpnaas_ovn_vpn_service_package], + :enable => true, + :tag => ['neutron-service'], + ) + end + end + + context 'with libreswan vpnaas driver' do + let :params do + { + :vpn_device_driver => 'neutron_vpnaas.services.vpn.device_drivers.libreswan_ipsec.LibreSwanDriver' + } + end + + it 'configures ovn_vpn_agent.ini' do + should contain_neutron_ovn_vpn_agent_config('vpnagent/vpn_device_driver').with_value( + 'neutron_vpnaas.services.vpn.device_drivers.libreswan_ipsec.LibreSwanDriver') + end + + it 'installs libreswan packages' do + should contain_package('libreswan').with( + :ensure => 'installed', + :name => platform_params[:libreswan_package], + :tag => ['openstack', 'neutron-support-package'], + ) + end + end + + context 'with strongswan vpnaas driver' do + let :params do + { + :vpn_device_driver => 'neutron_vpnaas.services.vpn.device_drivers.strongswan_ipsec.StrongSwanDriver' + } + end + + it 'configures ovn_vpn_agent.ini' do + should contain_neutron_ovn_vpn_agent_config('vpnagent/vpn_device_driver').with_value( + 'neutron_vpnaas.services.vpn.device_drivers.strongswan_ipsec.StrongSwanDriver') + end + + it 'installs strongswan packages' do + should contain_package('strongswan').with( + :ensure => 'installed', + :name => platform_params[:strongswan_package], + :tag => ['openstack', 'neutron-support-package'], + ) + end + end + end + + on_supported_os({ + :supported_os => OSDefaults.get_supported_os + }).each do |os,facts| + context "on #{os}" do + let (:facts) do + facts.merge!(OSDefaults.get_facts()) + end + + let (:platform_params) do + case facts[:os]['family'] + when 'Debian' + { + :libreswan_package => 'libreswan', + :strongswan_package => 'strongswan', + } + when 'RedHat' + { + :libreswan_package => 'libreswan', + :strongswan_package => 'strongswan', + :vpnaas_ovn_vpn_agent_package => 'openstack-neutron-vpnaas-ovn-vpn-agent', + :vpnaas_ovn_vpn_agent_service => 'neutron-vpnaas-ovn-vpn-agent', + } + end + end + + if facts[:os][:family] == 'RedHat' + it_behaves_like 'neutron::agents::vpnaas::ovn' + end + end + end +end diff --git a/spec/classes/neutron_agents_vpnaas_spec.rb b/spec/classes/neutron_agents_vpnaas_spec.rb index 16c514c24..cfa85ddc4 100644 --- a/spec/classes/neutron_agents_vpnaas_spec.rb +++ b/spec/classes/neutron_agents_vpnaas_spec.rb @@ -21,10 +21,6 @@ require 'spec_helper' describe 'neutron::agents::vpnaas' do - let :pre_condition do - "class { 'neutron': }" - end - let :params do {} end @@ -64,7 +60,7 @@ describe 'neutron::agents::vpnaas' do it 'installs libreswan packages' do should contain_package('libreswan').with( - :ensure => 'present', + :ensure => 'installed', :name => platform_params[:libreswan_package], :tag => ['openstack', 'neutron-support-package'], ) @@ -85,7 +81,7 @@ describe 'neutron::agents::vpnaas' do it 'installs strongswan packages' do should contain_package('strongswan').with( - :ensure => 'present', + :ensure => 'installed', :name => platform_params[:strongswan_package], :tag => ['openstack', 'neutron-support-package'], ) diff --git a/spec/classes/neutron_config_spec.rb b/spec/classes/neutron_config_spec.rb index be996833a..ea355623b 100644 --- a/spec/classes/neutron_config_spec.rb +++ b/spec/classes/neutron_config_spec.rb @@ -82,6 +82,7 @@ describe 'neutron::config' do :metering_agent_config => config_hash, :vpnaas_agent_config => config_hash, :vpnaas_service_config => config_hash, + :ovn_vpn_agent_config => config_hash, :taas_service_config => config_hash, :l2gw_agent_config => config_hash, :bgp_dragent_config => config_hash, @@ -154,6 +155,12 @@ describe 'neutron::config' do should contain_neutron_vpnaas_service_config('DEFAULT/baz').with_ensure('absent') end + it 'configures arbitrary ovn_vpn_agent_config configurations' do + should contain_neutron_ovn_vpn_agent_config('DEFAULT/foo').with_value('fooValue') + should contain_neutron_ovn_vpn_agent_config('DEFAULT/bar').with_value('barValue') + should contain_neutron_ovn_vpn_agent_config('DEFAULT/baz').with_ensure('absent') + end + it 'configures arbitrary taas_service_config configurations' do should contain_neutron_taas_service_config('DEFAULT/foo').with_value('fooValue') should contain_neutron_taas_service_config('DEFAULT/bar').with_value('barValue') diff --git a/spec/unit/provider/neutron_ovn_vpn_agent_config/ini_setting_spec.rb b/spec/unit/provider/neutron_ovn_vpn_agent_config/ini_setting_spec.rb new file mode 100644 index 000000000..544491ff2 --- /dev/null +++ b/spec/unit/provider/neutron_ovn_vpn_agent_config/ini_setting_spec.rb @@ -0,0 +1,51 @@ +require 'spec_helper' + +provider_class = Puppet::Type.type(:neutron_ovn_vpn_agent_config).provider(:ini_setting) + +describe provider_class do + + it 'should default to the default setting when no other one is specified' do + resource = Puppet::Type::Neutron_ovn_vpn_agent_config.new( + { + :name => 'DEFAULT/foo', + :value => 'bar' + } + ) + provider = provider_class.new(resource) + expect(provider.section).to eq('DEFAULT') + expect(provider.setting).to eq('foo') + expect(provider.file_path).to eq('/etc/neutron/ovn_vpn_agent.ini') + end + + it 'should allow setting to be set explicitly' do + resource = Puppet::Type::Neutron_ovn_vpn_agent_config.new( + { + :name => 'dude/foo', + :value => 'bar' + } + ) + provider = provider_class.new(resource) + expect(provider.section).to eq('dude') + expect(provider.setting).to eq('foo') + expect(provider.file_path).to eq('/etc/neutron/ovn_vpn_agent.ini') + end + + it 'should ensure absent when is specified as a value' do + resource = Puppet::Type::Neutron_ovn_vpn_agent_config.new( + {:name => 'dude/foo', :value => ''} + ) + provider = provider_class.new(resource) + provider.exists? + expect(resource[:ensure]).to eq :absent + end + + it 'should ensure absent when value matches ensure_absent_val' do + resource = Puppet::Type::Neutron_ovn_vpn_agent_config.new( + {:name => 'dude/foo', :value => 'foo', :ensure_absent_val => 'foo' } + ) + provider = provider_class.new(resource) + provider.exists? + expect(resource[:ensure]).to eq :absent + end + +end diff --git a/spec/unit/type/neutron_ovn_vpn_agent_config_spec.rb b/spec/unit/type/neutron_ovn_vpn_agent_config_spec.rb new file mode 100644 index 000000000..f266b1917 --- /dev/null +++ b/spec/unit/type/neutron_ovn_vpn_agent_config_spec.rb @@ -0,0 +1,20 @@ +require 'puppet' +require 'puppet/type/neutron_ovn_vpn_agent_config' + +describe 'Puppet::Type.type(:neutron_ovn_vpn_agent_config)' do + + before :each do + @neutron_ovn_vpn_agent_config = Puppet::Type.type(:neutron_ovn_vpn_agent_config).new(:name => 'DEFAULT/foo', :value => 'bar') + end + + it 'should autorequire the package that install the file' do + catalog = Puppet::Resource::Catalog.new + anchor = Puppet::Type.type(:anchor).new(:name => 'neutron::install::end') + catalog.add_resource anchor, @neutron_ovn_vpn_agent_config + dependency = @neutron_ovn_vpn_agent_config.autorequire + expect(dependency.size).to eq(1) + expect(dependency[0].target).to eq(@neutron_ovn_vpn_agent_config) + expect(dependency[0].source).to eq(anchor) + end + +end