From 0fe7de9b7710859c08428687ee6e35e1ef5fb822 Mon Sep 17 00:00:00 2001 From: Takashi Kajinami Date: Tue, 23 May 2023 11:39:14 +0900 Subject: [PATCH] Prohibit modular libvirt in non RedHat distributions Currently modular libvirt daemons are supported only by CentOS and RHEL. This makes sure the deployment fails in case the architecture is requested in distros which do not support it. Change-Id: I8eefc65e206bdb0532b6c5d08eee0d35d764a2b9 --- manifests/compute/libvirt/services.pp | 4 + manifests/migration/libvirt.pp | 5 +- manifests/params.pp | 5 +- .../nova_compute_libvirt_services_spec.rb | 7 +- spec/classes/nova_migration_libvirt_spec.rb | 244 +++++++++--------- 5 files changed, 140 insertions(+), 125 deletions(-) diff --git a/manifests/compute/libvirt/services.pp b/manifests/compute/libvirt/services.pp index 5f62c36c3..4509ede3e 100644 --- a/manifests/compute/libvirt/services.pp +++ b/manifests/compute/libvirt/services.pp @@ -66,6 +66,10 @@ class nova::compute::libvirt::services ( include nova::deps include nova::params + if $modular_libvirt and !$::nova::params::modular_libvirt_support { + fail('Modular libvirt daemons are not support in this distribution') + } + if $libvirt_service_name { # libvirt-nwfilter if $facts['os']['family'] == 'RedHat' { diff --git a/manifests/migration/libvirt.pp b/manifests/migration/libvirt.pp index fe7ce9e7a..60aec9ef2 100644 --- a/manifests/migration/libvirt.pp +++ b/manifests/migration/libvirt.pp @@ -184,8 +184,11 @@ class nova::migration::libvirt( $transport_real = 'tcp' } - $modular_libvirt_real = pick($modular_libvirt, $nova::params::modular_libvirt) + $modular_libvirt_real = pick($modular_libvirt, $::nova::params::modular_libvirt) + if $modular_libvirt_real and !$::nova::params::modular_libvirt_support { + fail('Modular libvirt daemons are not support in this distribution') + } validate_legacy(Enum['tcp', 'tls', 'ssh'], 'validate_re', $transport_real, [['^tcp$', '^tls$', '^ssh$'], 'Valid options for transport are tcp, tls, ssh.']) diff --git a/manifests/params.pp b/manifests/params.pp index 473768dfd..23941b3fc 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -55,6 +55,7 @@ class nova::params { $serialproxy_service_name = 'openstack-nova-serialproxy' $spicehtml5proxy_service_name = 'openstack-nova-spicehtml5proxy' $modular_libvirt = false + $modular_libvirt_support = true # redhat specific config defaults $root_helper = 'sudo nova-rootwrap' $lock_path = '/var/lib/nova/tmp' @@ -107,7 +108,6 @@ class nova::params { $virtqemu_service_name = 'virtqemud.socket' $virtproxy_service_name = 'virtproxyd.socket' $virtstorage_service_name = 'virtstoraged.socket' - $modular_libvirt = false } default: { $api_metadata_service_name = undef @@ -123,9 +123,10 @@ class nova::params { $virtqemu_service_name = 'virtqemud' $virtproxy_service_name = 'virtproxyd' $virtstorage_service_name = 'virtstoraged' - $modular_libvirt = false } } + $modular_libvirt = false + $modular_libvirt_support = false $libvirt_service_name = 'libvirtd' } default: { diff --git a/spec/classes/nova_compute_libvirt_services_spec.rb b/spec/classes/nova_compute_libvirt_services_spec.rb index f95346907..3725bb3d2 100644 --- a/spec/classes/nova_compute_libvirt_services_spec.rb +++ b/spec/classes/nova_compute_libvirt_services_spec.rb @@ -24,8 +24,10 @@ describe 'nova::compute::libvirt::services' do is_expected.not_to contain_service('libvirt') end end + end - context 'with default parameters and modular-libvirt true' do + shared_examples_for 'nova compute libvirt services with modular libvirt' do + context 'with default parameters' do let :params do { :modular_libvirt => true @@ -56,6 +58,9 @@ describe 'nova::compute::libvirt::services' do facts.merge!(OSDefaults.get_facts()) end it_configures 'nova compute libvirt services' + if facts['osfamily'] == 'RedHat' + it_configures 'nova compute libvirt services with modular libvirt' + end end end end diff --git a/spec/classes/nova_migration_libvirt_spec.rb b/spec/classes/nova_migration_libvirt_spec.rb index 3dd11a6a8..d67be9eaf 100644 --- a/spec/classes/nova_migration_libvirt_spec.rb +++ b/spec/classes/nova_migration_libvirt_spec.rb @@ -50,23 +50,6 @@ describe 'nova::migration::libvirt' do it { is_expected.to contain_nova_config('libvirt/live_migration_permit_auto_converge').with_value('')} end - context 'with modular_libvirt set to true' do - let(:params) { { :modular_libvirt => true} } - - it { is_expected.to contain_virtproxyd_config('auth_tls').with_value('').with_quote(true) } - it { is_expected.to contain_virtproxyd_config('auth_tcp').with_value('none').with_quote(true) } - it { is_expected.to contain_virtproxyd_config('ca_file').with_value('').with_quote(true) } - it { is_expected.to contain_virtproxyd_config('crl_file').with_value('').with_quote(true) } - it { is_expected.to contain_nova_config('libvirt/live_migration_tunnelled').with_value('') } - it { is_expected.to contain_nova_config('libvirt/live_migration_with_native_tls').with_value('') } - it { is_expected.to contain_nova_config('libvirt/live_migration_completion_timeout').with_value('') } - it { is_expected.to contain_nova_config('libvirt/live_migration_timeout_action').with_value('') } - it { is_expected.to contain_nova_config('libvirt/live_migration_uri').with_value('qemu+tcp://%s/system') } - it { is_expected.to contain_nova_config('libvirt/live_migration_inbound_addr').with_value('')} - it { is_expected.to contain_nova_config('libvirt/live_migration_permit_post_copy').with_value('')} - it { is_expected.to contain_nova_config('libvirt/live_migration_permit_auto_converge').with_value('')} - end - context 'with override_uuid enabled' do let :params do { @@ -115,21 +98,6 @@ describe 'nova::migration::libvirt' do it { is_expected.to contain_nova_config('libvirt/live_migration_uri').with_value('qemu+tls://%s/system')} end - context 'with tls enabled and modular-libvirt set to true' do - let :params do - { - :transport => 'tls', - :modular_libvirt => true, - } - end - it { is_expected.to contain_virtproxyd_config('auth_tls').with_value('none').with_quote(true) } - it { is_expected.to contain_virtproxyd_config('auth_tcp').with_value('').with_quote(true) } - it { is_expected.to contain_virtproxyd_config('ca_file').with_value('').with_quote(true) } - it { is_expected.to contain_virtproxyd_config('crl_file').with_value('').with_quote(true) } - it { is_expected.to contain_nova_config('libvirt/live_migration_uri').with_value('qemu+tls://%s/system')} - end - - context 'with tls enabled and inbound addr set' do let :params do { @@ -196,20 +164,6 @@ describe 'nova::migration::libvirt' do it { is_expected.to contain_libvirtd_config('crl_file').with_value('').with_quote(true) } end - context 'with auth set to sasl and modular_libvirt is true' do - let :params do - { - :auth => 'sasl', - :modular_libvirt => true, - } - end - it { is_expected.to contain_virtproxyd_config('auth_tls').with_value('').with_quote(true) } - it { is_expected.to contain_virtproxyd_config('auth_tcp').with_value('sasl').with_quote(true) } - it { is_expected.to contain_virtproxyd_config('ca_file').with_value('').with_quote(true) } - it { is_expected.to contain_virtproxyd_config('crl_file').with_value('').with_quote(true) } - end - - context 'with auth set to sasl and tls enabled' do let :params do { @@ -223,21 +177,6 @@ describe 'nova::migration::libvirt' do it { is_expected.to contain_libvirtd_config('crl_file').with_value('').with_quote(true) } end - context 'with auth set to sasl and tls enabled and modular_libvirt set to true' do - let :params do - { - :auth => 'sasl', - :transport => 'tls', - :modular_libvirt => true, - } - end - it { is_expected.to contain_virtproxyd_config('auth_tls').with_value('sasl').with_quote(true) } - it { is_expected.to contain_virtproxyd_config('auth_tcp').with_value('').with_quote(true) } - it { is_expected.to contain_virtproxyd_config('ca_file').with_value('').with_quote(true) } - it { is_expected.to contain_virtproxyd_config('crl_file').with_value('').with_quote(true) } - end - - context 'with certificates set and tls enabled' do let :params do { @@ -252,21 +191,6 @@ describe 'nova::migration::libvirt' do it { is_expected.to contain_libvirtd_config('crl_file').with_value('/crl').with_quote(true) } end - context 'with certificates set and tls enabled and modular_libvirt set to true' do - let :params do - { - :transport => 'tls', - :ca_file => '/ca', - :crl_file => '/crl', - :modular_libvirt => true, - } - end - it { is_expected.to contain_virtproxyd_config('auth_tls').with_value('none').with_quote(true) } - it { is_expected.to contain_virtproxyd_config('auth_tcp').with_value('').with_quote(true) } - it { is_expected.to contain_virtproxyd_config('ca_file').with_value('/ca').with_quote(true) } - it { is_expected.to contain_virtproxyd_config('crl_file').with_value('/crl').with_quote(true) } - end - context 'with auth set to an invalid setting' do let :params do { @@ -308,16 +232,6 @@ describe 'nova::migration::libvirt' do it { is_expected.to contain_nova_config('libvirt/live_migration_uri').with_value('qemu+ssh://%s/system')} end - context 'with ssh transport and modular_libvirt set to true' do - let :params do - { - :transport => 'ssh', - :modular_libvirt => true, - } - end - it { is_expected.to contain_nova_config('libvirt/live_migration_uri').with_value('qemu+ssh://%s/system')} - end - context 'with ssh transport with user' do let :params do { @@ -328,17 +242,6 @@ describe 'nova::migration::libvirt' do it { is_expected.to contain_nova_config('libvirt/live_migration_uri').with_value('qemu+ssh://foobar@%s/system')} end - context 'with ssh transport with user and modular_libvirt set to true' do - let :params do - { - :transport => 'ssh', - :client_user => 'foobar', - :modular_libvirt => true, - } - end - it { is_expected.to contain_nova_config('libvirt/live_migration_uri').with_value('qemu+ssh://foobar@%s/system')} - end - context 'with ssh transport with port' do let :params do { @@ -349,17 +252,6 @@ describe 'nova::migration::libvirt' do it { is_expected.to contain_nova_config('libvirt/live_migration_uri').with_value('qemu+ssh://%s:1234/system')} end - context 'with ssh transport with port and modular_libvirt set to true' do - let :params do - { - :transport => 'ssh', - :client_port => 1234, - :modular_libvirt => true, - } - end - it { is_expected.to contain_nova_config('libvirt/live_migration_uri').with_value('qemu+ssh://%s:1234/system')} - end - context 'with ssh transport with extraparams' do let :params do { @@ -370,17 +262,6 @@ describe 'nova::migration::libvirt' do it { is_expected.to contain_nova_config('libvirt/live_migration_uri').with_value('qemu+ssh://%s/system?foo=%%25&bar=baz')} end - context 'with ssh transport with extraparams and modular_libvirt set to true' do - let :params do - { - :transport => 'ssh', - :client_extraparams => {'foo' => '%', 'bar' => 'baz'}, - :modular_libvirt => true, - } - end - it { is_expected.to contain_nova_config('libvirt/live_migration_uri').with_value('qemu+ssh://%s/system?foo=%%25&bar=baz')} - end - context 'with tls transport' do let :params do { :transport => 'tls' } @@ -415,8 +296,126 @@ describe 'nova::migration::libvirt' do :match => '^ListenStream=.*', )} end + end - context 'with tls transport and modular daemons' do + shared_examples_for 'nova migration with modular libvirt' do + context 'with modular_libvirt set to true' do + let(:params) { { :modular_libvirt => true} } + + it { is_expected.to contain_virtproxyd_config('auth_tls').with_value('').with_quote(true) } + it { is_expected.to contain_virtproxyd_config('auth_tcp').with_value('none').with_quote(true) } + it { is_expected.to contain_virtproxyd_config('ca_file').with_value('').with_quote(true) } + it { is_expected.to contain_virtproxyd_config('crl_file').with_value('').with_quote(true) } + it { is_expected.to contain_nova_config('libvirt/live_migration_tunnelled').with_value('') } + it { is_expected.to contain_nova_config('libvirt/live_migration_with_native_tls').with_value('') } + it { is_expected.to contain_nova_config('libvirt/live_migration_completion_timeout').with_value('') } + it { is_expected.to contain_nova_config('libvirt/live_migration_timeout_action').with_value('') } + it { is_expected.to contain_nova_config('libvirt/live_migration_uri').with_value('qemu+tcp://%s/system') } + it { is_expected.to contain_nova_config('libvirt/live_migration_inbound_addr').with_value('')} + it { is_expected.to contain_nova_config('libvirt/live_migration_permit_post_copy').with_value('')} + it { is_expected.to contain_nova_config('libvirt/live_migration_permit_auto_converge').with_value('')} + end + + context 'with tls enabled' do + let :params do + { + :transport => 'tls', + :modular_libvirt => true, + } + end + it { is_expected.to contain_virtproxyd_config('auth_tls').with_value('none').with_quote(true) } + it { is_expected.to contain_virtproxyd_config('auth_tcp').with_value('').with_quote(true) } + it { is_expected.to contain_virtproxyd_config('ca_file').with_value('').with_quote(true) } + it { is_expected.to contain_virtproxyd_config('crl_file').with_value('').with_quote(true) } + it { is_expected.to contain_nova_config('libvirt/live_migration_uri').with_value('qemu+tls://%s/system')} + end + + context 'with auth set to sasl' do + let :params do + { + :auth => 'sasl', + :modular_libvirt => true, + } + end + it { is_expected.to contain_virtproxyd_config('auth_tls').with_value('').with_quote(true) } + it { is_expected.to contain_virtproxyd_config('auth_tcp').with_value('sasl').with_quote(true) } + it { is_expected.to contain_virtproxyd_config('ca_file').with_value('').with_quote(true) } + it { is_expected.to contain_virtproxyd_config('crl_file').with_value('').with_quote(true) } + end + + context 'with auth set to sasl and tls enabled' do + let :params do + { + :auth => 'sasl', + :transport => 'tls', + :modular_libvirt => true, + } + end + it { is_expected.to contain_virtproxyd_config('auth_tls').with_value('sasl').with_quote(true) } + it { is_expected.to contain_virtproxyd_config('auth_tcp').with_value('').with_quote(true) } + it { is_expected.to contain_virtproxyd_config('ca_file').with_value('').with_quote(true) } + it { is_expected.to contain_virtproxyd_config('crl_file').with_value('').with_quote(true) } + end + + context 'with certificates set and tls enabled' do + let :params do + { + :transport => 'tls', + :ca_file => '/ca', + :crl_file => '/crl', + :modular_libvirt => true, + } + end + it { is_expected.to contain_virtproxyd_config('auth_tls').with_value('none').with_quote(true) } + it { is_expected.to contain_virtproxyd_config('auth_tcp').with_value('').with_quote(true) } + it { is_expected.to contain_virtproxyd_config('ca_file').with_value('/ca').with_quote(true) } + it { is_expected.to contain_virtproxyd_config('crl_file').with_value('/crl').with_quote(true) } + end + + context 'with ssh transport' do + let :params do + { + :transport => 'ssh', + :modular_libvirt => true, + } + end + it { is_expected.to contain_nova_config('libvirt/live_migration_uri').with_value('qemu+ssh://%s/system')} + end + + context 'with ssh transport with user' do + let :params do + { + :transport => 'ssh', + :client_user => 'foobar', + :modular_libvirt => true, + } + end + it { is_expected.to contain_nova_config('libvirt/live_migration_uri').with_value('qemu+ssh://foobar@%s/system')} + end + + context 'with ssh transport with port' do + let :params do + { + :transport => 'ssh', + :client_port => 1234, + :modular_libvirt => true, + } + end + it { is_expected.to contain_nova_config('libvirt/live_migration_uri').with_value('qemu+ssh://%s:1234/system')} + end + + context 'with ssh transport with extraparams' do + let :params do + { + :transport => 'ssh', + :client_extraparams => {'foo' => '%', 'bar' => 'baz'}, + :modular_libvirt => true, + } + end + it { is_expected.to contain_nova_config('libvirt/live_migration_uri').with_value('qemu+ssh://%s/system?foo=%%25&bar=baz')} + end + + context 'with tls transport' do let :params do { :transport => 'tls', @@ -437,7 +436,7 @@ describe 'nova::migration::libvirt' do )} end - context 'with tcp transport and modular daemons' do + context 'with tcp transport' do let :params do { :transport => 'tcp', @@ -465,6 +464,9 @@ describe 'nova::migration::libvirt' do end it_behaves_like 'nova migration with libvirt' + if facts['osfamily'] == 'RedHat' + it_behaves_like 'nova migration with modulr libvirt' + end end end end