openstack/puppet-neutron
Code Issues Proposed changes

Support neutron-ovn-vpn-agent

Browse Source 
The neutron-ovn-vpn-agent service was added during 2024.1 cycle to
support VPNaaS features in deployment with ml2 ovn.

Add support for installing/managing the service to extend supported
deployment architecture.

Depends-on: https://review.opendev.org/765353
Change-Id: I3560b4e07ac214d8628f5642856b364a802a9d19
This commit is contained in:
Takashi Kajinami 2024-09-15 22:38:37 +09:00
parent 28d16299c0
commit 299e992b20
13 changed files with 492 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
lib/puppet/provider/neutron_ovn_vpn_agent_config/ini_setting.rb Normal file
View File

@ -0,0 +1,10 @@
Puppet::Type.type(:neutron_ovn_vpn_agent_config).provide(
:ini_setting,
:parent => Puppet::Type.type(:openstack_config).provider(:ini_setting)
) do
def self.file_path
'/etc/neutron/ovn_vpn_agent.ini'
end
end

28
lib/puppet/type/neutron_ovn_vpn_agent_config.rb Normal file
View File

@ -0,0 +1,28 @@
Puppet::Type.newtype(:neutron_ovn_vpn_agent_config) do
ensurable
newparam(:name, :namevar => true) do
desc 'Section/setting name to manage from ovn_vpn_agent.ini'
newvalues(/\S+\/\S+/)
end
newproperty(:value) do
desc 'The value of the setting to be defined.'
munge do |value|
value = value.to_s.strip
value.capitalize! if value =~ /^(true|false)$/i
value
end
end
newparam(:ensure_absent_val) do
desc 'A value that is specified as the value property will behave as if ensure => absent was specified'
defaultto('<SERVICE DEFAULT>')
end
autorequire(:anchor) do
['neutron::install::end']
end
end

4
manifests/agents/ml2/ovn.pp
View File

@ -5,10 +5,10 @@
# === Parameters # === Parameters
# #
# [*package_ensure*] # [*package_ensure*]
# Ensure state of the package. Defaults to 'present'. # (optional) Ensure state of the package. Defaults to 'present'.
# #
# [*enabled*] # [*enabled*]
# State of the service. Defaults to true. # (optional) State of the service. Defaults to true.
# #
# [*manage_service*] # [*manage_service*]
# (optional) Whether to start/stop the service # (optional) Whether to start/stop the service

20
manifests/agents/vpnaas.pp
View File

@ -58,19 +58,19 @@ openswan package in distributions")
} }
/\.LibreSwan/: { /\.LibreSwan/: {
Package['libreswan'] -> Package<| title == 'neutron-vpnaas-agent' |> Package['libreswan'] -> Package<| title == 'neutron-vpnaas-agent' |>
package { 'libreswan': ensure_packages( 'libreswan', {
ensure => present, 'ensure' => present,
name => $::neutron::params::libreswan_package, 'name' => $::neutron::params::libreswan_package,
tag => ['openstack', 'neutron-support-package'], 'tag' => ['openstack', 'neutron-support-package'],
} })
} }
/\.StrongSwan/: { /\.StrongSwan/: {
Package['strongswan'] -> Package<| title == 'neutron-vpnaas-agent' |> Package['strongswan'] -> Package<| title == 'neutron-vpnaas-agent' |>
package { 'strongswan': ensure_packages( 'strongswan', {
ensure => present, 'ensure' => present,
name => $::neutron::params::strongswan_package, 'name' => $::neutron::params::strongswan_package,
tag => ['openstack', 'neutron-support-package'], 'tag' => ['openstack', 'neutron-support-package'],
} })
} }
default: { default: {
fail("Unsupported vpn_device_driver ${vpn_device_driver}") fail("Unsupported vpn_device_driver ${vpn_device_driver}")

202
manifests/agents/vpnaas/ovn.pp Normal file
View File

@ -0,0 +1,202 @@
# == Class: neutron::agents:vpnaas::ovn
#
# Setups Neutron OVN VPN agent.
#
# === Parameters
#
# [*package_ensure*]
# (optional) Ensure state for package. Defaults to 'present'.
#
# [*enabled*]
# (optional) State of the service. Defaults to true.
#
# [*manage_service*]
# (optional) Whether to start/stop the service
# Defaults to true
#
# [*debug*]
# (optional) Debug. Defaults to $facts['os_service_default'].
#
# [*vpn_device_driver*]
# (optional) The vpn device drivers Neutron will us.
# Defaults to 'neutron_vpnaas.services.vpn.device_drivers.ipsec.OpenSwanDriver'.
#
# [*interface_driver*]
# (optional) The driver used to manage the virtual interface.
# Defaults to 'neutron.agent.linux.interface.OVSInterfaceDriver'.
#
# [*ipsec_status_check_interval*]
# (optional) Status check interval. Defaults to $facts['os_service_default'].
#
# [*purge_config*]
# (optional) Whether to set only the specified config options
# in the ovn vpn agent config.
# Defaults to false.
#
# [*ovsdb_connection*]
# (optional) The URI used to connect to the local OVSDB server.
# Defaults to 'tcp:127.0.0.1:6640'
#
# [*ovs_manager*]
# The manager target that will be set to OVS so that the metadata agent can
# connect to.
# Defaults to 'ptcp:6640:127.0.0.1'
#
# [*ovn_nb_connection*]
# (optional) The connection string for the OVN_Northbound OVSDB.
# Defaults to 'tcp:127.0.0.1:6641'
#
# [*ovn_sb_connection*]
# (optional) The connection string for the OVN_Southbound OVSDB
# Defaults to '$facts['os_service_default']'
#
# [*ovn_nb_private_key*]
# (optional) The PEM file with private key for SSL connection to OVN-NB-DB
# Defaults to $facts['os_service_default']
#
# [*ovn_nb_certificate*]
# (optional) The PEM file with certificate that certifies the private
# key specified in ovn_nb_private_key
# Defaults to $facts['os_service_default']
#
# [*ovn_nb_ca_cert*]
# (optional) The PEM file with CA certificate that OVN should use to
# verify certificates presented to it by SSL peers
# Defaults to $facts['os_service_default']
#
# [*ovn_sb_private_key*]
# (optional) TThe PEM file with private key for SSL connection to OVN-SB-DB
# Defaults to $facts['os_service_default']
#
# [*ovn_sb_certificate*]
# (optional) The PEM file with certificate that certifies the
# private key specified in ovn_sb_private_key
# Defaults to $facts['os_service_default']
#
# [*ovn_sb_ca_cert*]
# (optional) TThe PEM file with CA certificate that OVN should use to
# verify certificates presented to it by SSL peers
# Defaults to $facts['os_service_default']
#
# [*ovsdb_connection_timeout*]
# (optional) Timeout in seconds for the OVSDB connection transaction.
# Defaults to $facts['os_service_default']
#
# [*ovndb_connection_timeout*]
# (optional) Timeout in seconds for the OVNDB connection transaction. This
# is used for OVN DB connection.
# Defaults to $facts['os_service_default']
#
# [*ovsdb_retry_max_interval*]
# (optional) Max interval in seconds between each retry to get the OVN NB
# and SB IDLs.
# Defaults to $facts['os_service_default'].
#
# [*ovsdb_probe_interval*]
# (optional) The probe interval for the OVSDB session in milliseconds.
# Defaults to $facts['os_service_default'].
#
class neutron::agents::vpnaas::ovn (
$package_ensure = present,
Boolean $enabled = true,
Boolean $manage_service = true,
$debug = $facts['os_service_default'],
$vpn_device_driver = 'neutron_vpnaas.services.vpn.device_drivers.ipsec.OpenSwanDriver',
$interface_driver = 'neutron.agent.linux.interface.OVSInterfaceDriver',
$ipsec_status_check_interval = $facts['os_service_default'],
$ovsdb_connection = 'tcp:127.0.0.1:6640',
$ovs_manager = 'ptcp:6640:127.0.0.1',
$ovn_nb_connection = $facts['os_service_default'],
$ovn_sb_connection = $facts['os_service_default'],
$ovn_nb_private_key = $facts['os_service_default'],
$ovn_nb_certificate = $facts['os_service_default'],
$ovn_nb_ca_cert = $facts['os_service_default'],
$ovn_sb_private_key = $facts['os_service_default'],
$ovn_sb_certificate = $facts['os_service_default'],
$ovn_sb_ca_cert = $facts['os_service_default'],
$ovsdb_connection_timeout = $facts['os_service_default'],
$ovndb_connection_timeout = $facts['os_service_default'],
$ovsdb_retry_max_interval = $facts['os_service_default'],
$ovsdb_probe_interval = $facts['os_service_default'],
Boolean $purge_config = false,
) {
include neutron::deps
include neutron::params
if $facts['os']['family'] != 'RedHat' {
fail('The OVN VPN agent service is now supported in Red Hat os family only.')
}
case $vpn_device_driver {
/\.OpenSwan/: {
warning("Support for OpenSwan has been deprecated, because of lack of \
openswan package in distributions")
}
/\.LibreSwan/: {
ensure_packages( 'libreswan', {
'ensure' => present,
'name' => $::neutron::params::libreswan_package,
'tag' => ['openstack', 'neutron-support-package'],
})
}
/\.StrongSwan/: {
ensure_packages( 'strongswan', {
'ensure' => present,
'name' => $::neutron::params::strongswan_package,
'tag' => ['openstack', 'neutron-support-package'],
})
}
default: {
fail("Unsupported vpn_device_driver ${vpn_device_driver}")
}
}
resources { 'neutron_ovn_vpn_agent_config':
purge => $purge_config,
}
# The OVN VPNaaS agent loads both neutron.conf and its own file.
# This only lists config specific to the agent. neutron.conf supplies
# the rest.
neutron_ovn_vpn_agent_config {
'DEFAULT/debug': value => $debug;
'vpnagent/vpn_device_driver': value => $vpn_device_driver;
'ipsec/ipsec_status_check_interval': value => $ipsec_status_check_interval;
'DEFAULT/interface_driver': value => $interface_driver;
'ovs/ovsdb_connection': value => $ovsdb_connection;
'ovs/ovsdb_connection_timeout': value => $ovsdb_connection_timeout;
'ovn/ovsdb_connection_timeout': value => $ovndb_connection_timeout;
'ovn/ovsdb_retry_max_interval': value => $ovsdb_retry_max_interval;
'ovn/ovsdb_probe_interval': value => $ovsdb_probe_interval;
'ovn/ovn_sb_connection': value => join(any2array($ovn_sb_connection), ',');
'ovn/ovn_nb_connection': value => join(any2array($ovn_nb_connection), ',');
'ovn/ovn_nb_private_key': value => $ovn_nb_private_key;
'ovn/ovn_nb_certificate': value => $ovn_nb_certificate;
'ovn/ovn_nb_ca_cert': value => $ovn_nb_ca_cert;
'ovn/ovn_sb_private_key': value => $ovn_sb_private_key;
'ovn/ovn_sb_certificate': value => $ovn_sb_certificate;
'ovn/ovn_sb_ca_cert': value => $ovn_sb_ca_cert;
}
ensure_packages( 'neutron-vpnaas-ovn-vpn-agent', {
'ensure' => $package_ensure,
'name' => $::neutron::params::vpnaas_ovn_vpn_agent_package,
'tag' => ['openstack', 'neutron-package'],
})
if $manage_service {
if $enabled {
$service_ensure = 'running'
} else {
$service_ensure = 'stopped'
}
service { 'neutron-vpnaas-ovn-vpn-agent':
ensure => $service_ensure,
name => $::neutron::params::vpnaas_ovn_vpn_agent_service,
enable => $enabled,
tag => 'neutron-service',
}
Neutron_ovn_vpn_agent_config<||> ~> Service['neutron-vpnaas-ovn-vpn-agent']
}
}

5
manifests/config.pp
View File

@ -78,6 +78,9 @@
# [*vpnaas_service_config*] # [*vpnaas_service_config*]
# (optional) Manage configuration of neutron_vpnaas.conf # (optional) Manage configuration of neutron_vpnaas.conf
# #
# [*ovn_vpn_agent_config*]
# (optional) Manage configuration of ovn_vpn_agent.ini
#
# [*taas_service_config*] # [*taas_service_config*]
# (optional) Manage configuration of taas_plugin.ini # (optional) Manage configuration of taas_plugin.ini
# #
@ -115,6 +118,7 @@ class neutron::config (
Hash $metering_agent_config = {}, Hash $metering_agent_config = {},
Hash $vpnaas_agent_config = {}, Hash $vpnaas_agent_config = {},
Hash $vpnaas_service_config = {}, Hash $vpnaas_service_config = {},
Hash $ovn_vpn_agent_config = {},
Hash $taas_service_config = {}, Hash $taas_service_config = {},
Hash $bgp_dragent_config = {}, Hash $bgp_dragent_config = {},
Hash $plugin_ml2_config = {}, Hash $plugin_ml2_config = {},
@ -151,6 +155,7 @@ class neutron::config (
create_resources('neutron_metering_agent_config', $metering_agent_config) create_resources('neutron_metering_agent_config', $metering_agent_config)
create_resources('neutron_vpnaas_agent_config', $vpnaas_agent_config) create_resources('neutron_vpnaas_agent_config', $vpnaas_agent_config)
create_resources('neutron_vpnaas_service_config', $vpnaas_service_config) create_resources('neutron_vpnaas_service_config', $vpnaas_service_config)
create_resources('neutron_ovn_vpn_agent_config', $ovn_vpn_agent_config)
create_resources('neutron_taas_service_config', $taas_service_config) create_resources('neutron_taas_service_config', $taas_service_config)
create_resources('neutron_bgp_dragent_config', $bgp_dragent_config) create_resources('neutron_bgp_dragent_config', $bgp_dragent_config)
create_resources('neutron_plugin_ml2', $plugin_ml2_config) create_resources('neutron_plugin_ml2', $plugin_ml2_config)

4
manifests/params.pp
View File

@ -45,6 +45,8 @@ class neutron::params {
$dhcp_agent_package = undef $dhcp_agent_package = undef
$metering_agent_package = 'openstack-neutron-metering-agent' $metering_agent_package = 'openstack-neutron-metering-agent'
$vpnaas_agent_package = 'openstack-neutron-vpnaas' $vpnaas_agent_package = 'openstack-neutron-vpnaas'
$vpnaas_ovn_vpn_agent_package = 'openstack-neutron-vpnaas-ovn-vpn-agent'
$vpnaas_ovn_vpn_agent_service = 'neutron-vpnaas-ovn-vpn-agent'
$libreswan_package = 'libreswan' $libreswan_package = 'libreswan'
$strongswan_package = 'strongswan' $strongswan_package = 'strongswan'
$taas_package = 'python3-tap-as-a-service' $taas_package = 'python3-tap-as-a-service'
@ -105,6 +107,8 @@ class neutron::params {
$dhcp_agent_package = 'neutron-dhcp-agent' $dhcp_agent_package = 'neutron-dhcp-agent'
$metering_agent_package = 'neutron-metering-agent' $metering_agent_package = 'neutron-metering-agent'
$vpnaas_agent_package = 'python3-neutron-vpnaas' $vpnaas_agent_package = 'python3-neutron-vpnaas'
$vpnaas_ovn_vpn_agent_package = undef
$vpnaas_ovn_vpn_agent_service = undef
$libreswan_package = 'libreswan' $libreswan_package = 'libreswan'
$strongswan_package = 'strongswan' $strongswan_package = 'strongswan'
$taas_package = 'python3-neutron-taas' $taas_package = 'python3-neutron-taas'

23
spec/acceptance/99_neutron_config_spec.rb
View File

@ -13,6 +13,7 @@ describe 'basic neutron_config resource' do
'/etc/neutron/plugins/ml2/ml2_conf.ini', '/etc/neutron/plugins/ml2/ml2_conf.ini',
'/etc/neutron/vpn_agent.ini', '/etc/neutron/vpn_agent.ini',
'/etc/neutron/neutron_vpnaas.conf', '/etc/neutron/neutron_vpnaas.conf',
'/etc/neutron/ovn_vpn_agent.ini',
'/etc/neutron/taas_plugin.ini', '/etc/neutron/taas_plugin.ini',
'/etc/neutron/plugins/ml2/linuxbridge_agent.ini', '/etc/neutron/plugins/ml2/linuxbridge_agent.ini',
'/etc/neutron/plugins/ml2/openvswitch_agent.ini', '/etc/neutron/plugins/ml2/openvswitch_agent.ini',
@ -33,6 +34,7 @@ describe 'basic neutron_config resource' do
File <||> -> Neutron_l2gw_service_config <||> File <||> -> Neutron_l2gw_service_config <||>
File <||> -> Neutron_vpnaas_agent_config <||> File <||> -> Neutron_vpnaas_agent_config <||>
File <||> -> Neutron_vpnaas_service_config <||> File <||> -> Neutron_vpnaas_service_config <||>
File <||> -> Neutron_ovn_vpn_agent_config <||>
File <||> -> Neutron_taas_service_config <||> File <||> -> Neutron_taas_service_config <||>
File <||> -> Neutron_agent_linuxbridge <||> File <||> -> Neutron_agent_linuxbridge <||>
File <||> -> Neutron_agent_ovs <||> File <||> -> Neutron_agent_ovs <||>
@ -57,6 +59,7 @@ describe 'basic neutron_config resource' do
'/etc/neutron/plugins/ml2/ml2_conf.ini', '/etc/neutron/plugins/ml2/ml2_conf.ini',
'/etc/neutron/vpn_agent.ini', '/etc/neutron/vpn_agent.ini',
'/etc/neutron/neutron_vpnaas.conf', '/etc/neutron/neutron_vpnaas.conf',
'/etc/neutron/ovn_vpn_agent.ini',
'/etc/neutron/taas_plugin.ini', '/etc/neutron/taas_plugin.ini',
'/etc/neutron/plugins/ml2/linuxbridge_agent.ini', '/etc/neutron/plugins/ml2/linuxbridge_agent.ini',
'/etc/neutron/plugins/ml2/openvswitch_agent.ini', '/etc/neutron/plugins/ml2/openvswitch_agent.ini',
@ -71,6 +74,7 @@ describe 'basic neutron_config resource' do
file { $neutron_files : file { $neutron_files :
ensure => file, ensure => file,
} }
neutron_api_paste_ini { 'DEFAULT/thisshouldexist' : neutron_api_paste_ini { 'DEFAULT/thisshouldexist' :
value => 'foo', value => 'foo',
} }
@ -233,6 +237,24 @@ describe 'basic neutron_config resource' do
ensure_absent_val => 'toto', ensure_absent_val => 'toto',
} }
neutron_ovn_vpn_agent_config { 'DEFAULT/thisshouldexist' :
value => 'foo',
}
neutron_ovn_vpn_agent_config { 'DEFAULT/thisshouldnotexist' :
value => '<SERVICE DEFAULT>',
}
neutron_ovn_vpn_agent_config { 'DEFAULT/thisshouldexist2' :
value => '<SERVICE DEFAULT>',
ensure_absent_val => 'toto',
}
neutron_ovn_vpn_agent_config { 'DEFAULT/thisshouldnotexist2' :
value => 'toto',
ensure_absent_val => 'toto',
}
neutron_taas_service_config { 'DEFAULT/thisshouldexist' : neutron_taas_service_config { 'DEFAULT/thisshouldexist' :
value => 'foo', value => 'foo',
} }
@ -388,6 +410,7 @@ describe 'basic neutron_config resource' do
'neutron_plugin_ml2', 'neutron_plugin_ml2',
'neutron_vpnaas_agent_config', 'neutron_vpnaas_agent_config',
'neutron_vpnaas_service_config', 'neutron_vpnaas_service_config',
'neutron_ovn_vpn_agent_config',
'neutron_taas_service_config', 'neutron_taas_service_config',
'neutron_agent_linuxbridge', 'neutron_agent_linuxbridge',
'neutron_agent_ovs', 'neutron_agent_ovs',

128
spec/classes/neutron_agents_vpnaas_ovn_spec.rb Normal file
View File

@ -0,0 +1,128 @@
#
# Unit tests for neutron::agents::vpnaas::ovn class
#
require 'spec_helper'
describe 'neutron::agents::vpnaas::ovn' do
let :params do
{}
end
shared_examples 'neutron::agents::vpnaas::ovn' do
context 'with defaults' do
it { should contain_class('neutron::params') }
it 'configures ovn_vpn_agent.ini' do
should contain_neutron_ovn_vpn_agent_config('DEFAULT/debug').with_value('<SERVICE DEFAULT>')
should contain_neutron_ovn_vpn_agent_config('vpnagent/vpn_device_driver').with_value(
'neutron_vpnaas.services.vpn.device_drivers.ipsec.OpenSwanDriver')
should contain_neutron_ovn_vpn_agent_config('ipsec/ipsec_status_check_interval').with_value('<SERVICE DEFAULT>')
should contain_neutron_ovn_vpn_agent_config('DEFAULT/interface_driver').with_value(
'neutron.agent.linux.interface.OVSInterfaceDriver')
should contain_neutron_ovn_vpn_agent_config('ovs/ovsdb_connection').with_value('tcp:127.0.0.1:6640')
should contain_neutron_ovn_vpn_agent_config('ovs/ovsdb_connection_timeout').with_value('<SERVICE DEFAULT>')
should contain_neutron_ovn_vpn_agent_config('ovn/ovsdb_connection_timeout').with_value('<SERVICE DEFAULT>')
should contain_neutron_ovn_vpn_agent_config('ovn/ovn_nb_connection').with_value('<SERVICE DEFAULT>')
should contain_neutron_ovn_vpn_agent_config('ovn/ovn_nb_private_key').with_value('<SERVICE DEFAULT>')
should contain_neutron_ovn_vpn_agent_config('ovn/ovn_nb_certificate').with_value('<SERVICE DEFAULT>')
should contain_neutron_ovn_vpn_agent_config('ovn/ovn_nb_ca_cert').with_value('<SERVICE DEFAULT>')
should contain_neutron_ovn_vpn_agent_config('ovn/ovn_sb_connection').with_value('<SERVICE DEFAULT>')
should contain_neutron_ovn_vpn_agent_config('ovn/ovn_sb_private_key').with_value('<SERVICE DEFAULT>')
should contain_neutron_ovn_vpn_agent_config('ovn/ovn_sb_certificate').with_value('<SERVICE DEFAULT>')
should contain_neutron_ovn_vpn_agent_config('ovn/ovn_sb_ca_cert').with_value('<SERVICE DEFAULT>')
should contain_neutron_ovn_vpn_agent_config('ovn/ovsdb_retry_max_interval').with_value('<SERVICE DEFAULT>')
should contain_neutron_ovn_vpn_agent_config('ovn/ovsdb_probe_interval').with_value('<SERVICE DEFAULT>')
end
it 'installs neutron vpnaas ovn vpn agent package' do
should contain_package('neutron-vpnaas-ovn-vpn-agent').with(
:ensure => 'installed',
:name => platform_params[:vpnaas_ovn_vpn_agent_package],
:tag => ['openstack', 'neutron-package'],
)
end
it 'enables neutron vpnaas ovn vpn agent service' do
should contain_package('neutron-vpnaas-ovn-vpn-agent').with(
:ensure => 'running',
:name => platform_params[:vpnaas_ovn_vpn_service_package],
:enable => true,
:tag => ['neutron-service'],
)
end
end
context 'with libreswan vpnaas driver' do
let :params do
{
:vpn_device_driver => 'neutron_vpnaas.services.vpn.device_drivers.libreswan_ipsec.LibreSwanDriver'
}
end
it 'configures ovn_vpn_agent.ini' do
should contain_neutron_ovn_vpn_agent_config('vpnagent/vpn_device_driver').with_value(
'neutron_vpnaas.services.vpn.device_drivers.libreswan_ipsec.LibreSwanDriver')
end
it 'installs libreswan packages' do
should contain_package('libreswan').with(
:ensure => 'installed',
:name => platform_params[:libreswan_package],
:tag => ['openstack', 'neutron-support-package'],
)
end
end
context 'with strongswan vpnaas driver' do
let :params do
{
:vpn_device_driver => 'neutron_vpnaas.services.vpn.device_drivers.strongswan_ipsec.StrongSwanDriver'
}
end
it 'configures ovn_vpn_agent.ini' do
should contain_neutron_ovn_vpn_agent_config('vpnagent/vpn_device_driver').with_value(
'neutron_vpnaas.services.vpn.device_drivers.strongswan_ipsec.StrongSwanDriver')
end
it 'installs strongswan packages' do
should contain_package('strongswan').with(
:ensure => 'installed',
:name => platform_params[:strongswan_package],
:tag => ['openstack', 'neutron-support-package'],
)
end
end
end
on_supported_os({
:supported_os => OSDefaults.get_supported_os
}).each do |os,facts|
context "on #{os}" do
let (:facts) do
facts.merge!(OSDefaults.get_facts())
end
let (:platform_params) do
case facts[:os]['family']
when 'Debian'
{
:libreswan_package => 'libreswan',
:strongswan_package => 'strongswan',
}
when 'RedHat'
{
:libreswan_package => 'libreswan',
:strongswan_package => 'strongswan',
:vpnaas_ovn_vpn_agent_package => 'openstack-neutron-vpnaas-ovn-vpn-agent',
:vpnaas_ovn_vpn_agent_service => 'neutron-vpnaas-ovn-vpn-agent',
}
end
end
if facts[:os][:family] == 'RedHat'
it_behaves_like 'neutron::agents::vpnaas::ovn'
end
end
end
end

8
spec/classes/neutron_agents_vpnaas_spec.rb
View File

@ -21,10 +21,6 @@
require 'spec_helper' require 'spec_helper'
describe 'neutron::agents::vpnaas' do describe 'neutron::agents::vpnaas' do
let :pre_condition do
"class { 'neutron': }"
end
let :params do let :params do
{} {}
end end
@ -64,7 +60,7 @@ describe 'neutron::agents::vpnaas' do
it 'installs libreswan packages' do it 'installs libreswan packages' do
should contain_package('libreswan').with( should contain_package('libreswan').with(
:ensure => 'present', :ensure => 'installed',
:name => platform_params[:libreswan_package], :name => platform_params[:libreswan_package],
:tag => ['openstack', 'neutron-support-package'], :tag => ['openstack', 'neutron-support-package'],
) )
@ -85,7 +81,7 @@ describe 'neutron::agents::vpnaas' do
it 'installs strongswan packages' do it 'installs strongswan packages' do
should contain_package('strongswan').with( should contain_package('strongswan').with(
:ensure => 'present', :ensure => 'installed',
:name => platform_params[:strongswan_package], :name => platform_params[:strongswan_package],
:tag => ['openstack', 'neutron-support-package'], :tag => ['openstack', 'neutron-support-package'],
) )

7
spec/classes/neutron_config_spec.rb
View File

@ -82,6 +82,7 @@ describe 'neutron::config' do
:metering_agent_config => config_hash, :metering_agent_config => config_hash,
:vpnaas_agent_config => config_hash, :vpnaas_agent_config => config_hash,
:vpnaas_service_config => config_hash, :vpnaas_service_config => config_hash,
:ovn_vpn_agent_config => config_hash,
:taas_service_config => config_hash, :taas_service_config => config_hash,
:l2gw_agent_config => config_hash, :l2gw_agent_config => config_hash,
:bgp_dragent_config => config_hash, :bgp_dragent_config => config_hash,
@ -154,6 +155,12 @@ describe 'neutron::config' do
should contain_neutron_vpnaas_service_config('DEFAULT/baz').with_ensure('absent') should contain_neutron_vpnaas_service_config('DEFAULT/baz').with_ensure('absent')
end end
it 'configures arbitrary ovn_vpn_agent_config configurations' do
should contain_neutron_ovn_vpn_agent_config('DEFAULT/foo').with_value('fooValue')
should contain_neutron_ovn_vpn_agent_config('DEFAULT/bar').with_value('barValue')
should contain_neutron_ovn_vpn_agent_config('DEFAULT/baz').with_ensure('absent')
end
it 'configures arbitrary taas_service_config configurations' do it 'configures arbitrary taas_service_config configurations' do
should contain_neutron_taas_service_config('DEFAULT/foo').with_value('fooValue') should contain_neutron_taas_service_config('DEFAULT/foo').with_value('fooValue')
should contain_neutron_taas_service_config('DEFAULT/bar').with_value('barValue') should contain_neutron_taas_service_config('DEFAULT/bar').with_value('barValue')

51
spec/unit/provider/neutron_ovn_vpn_agent_config/ini_setting_spec.rb Normal file
View File

@ -0,0 +1,51 @@
require 'spec_helper'
provider_class = Puppet::Type.type(:neutron_ovn_vpn_agent_config).provider(:ini_setting)
describe provider_class do
it 'should default to the default setting when no other one is specified' do
resource = Puppet::Type::Neutron_ovn_vpn_agent_config.new(
{
:name => 'DEFAULT/foo',
:value => 'bar'
}
)
provider = provider_class.new(resource)
expect(provider.section).to eq('DEFAULT')
expect(provider.setting).to eq('foo')
expect(provider.file_path).to eq('/etc/neutron/ovn_vpn_agent.ini')
end
it 'should allow setting to be set explicitly' do
resource = Puppet::Type::Neutron_ovn_vpn_agent_config.new(
{
:name => 'dude/foo',
:value => 'bar'
}
)
provider = provider_class.new(resource)
expect(provider.section).to eq('dude')
expect(provider.setting).to eq('foo')
expect(provider.file_path).to eq('/etc/neutron/ovn_vpn_agent.ini')
end
it 'should ensure absent when <SERVICE DEFAULT> is specified as a value' do
resource = Puppet::Type::Neutron_ovn_vpn_agent_config.new(
{:name => 'dude/foo', :value => '<SERVICE DEFAULT>'}
)
provider = provider_class.new(resource)
provider.exists?
expect(resource[:ensure]).to eq :absent
end
it 'should ensure absent when value matches ensure_absent_val' do
resource = Puppet::Type::Neutron_ovn_vpn_agent_config.new(
{:name => 'dude/foo', :value => 'foo', :ensure_absent_val => 'foo' }
)
provider = provider_class.new(resource)
provider.exists?
expect(resource[:ensure]).to eq :absent
end
end

20
spec/unit/type/neutron_ovn_vpn_agent_config_spec.rb Normal file
View File

@ -0,0 +1,20 @@
require 'puppet'
require 'puppet/type/neutron_ovn_vpn_agent_config'
describe 'Puppet::Type.type(:neutron_ovn_vpn_agent_config)' do
before :each do
@neutron_ovn_vpn_agent_config = Puppet::Type.type(:neutron_ovn_vpn_agent_config).new(:name => 'DEFAULT/foo', :value => 'bar')
end
it 'should autorequire the package that install the file' do
catalog = Puppet::Resource::Catalog.new
anchor = Puppet::Type.type(:anchor).new(:name => 'neutron::install::end')
catalog.add_resource anchor, @neutron_ovn_vpn_agent_config
dependency = @neutron_ovn_vpn_agent_config.autorequire
expect(dependency.size).to eq(1)
expect(dependency[0].target).to eq(@neutron_ovn_vpn_agent_config)
expect(dependency[0].source).to eq(anchor)
end
end