diff --git a/lib/puppet/provider/libvirtd_config/ini_setting.rb b/lib/puppet/provider/libvirtd_config/ini_setting.rb new file mode 100644 index 000000000..9120e0f3b --- /dev/null +++ b/lib/puppet/provider/libvirtd_config/ini_setting.rb @@ -0,0 +1,27 @@ +Puppet::Type.type(:libvirtd_config).provide( + :ini_setting, + :parent => Puppet::Type.type(:ini_setting).provider(:ruby) +) do + + def section + '' + end + + def setting + resource[:name] + end + + def separator + '=' + end + + def self.file_path + '/etc/libvirt/libvirtd.conf' + end + + # this needs to be removed. This has been replaced with the class method + def file_path + self.class.file_path + end + +end diff --git a/lib/puppet/type/libvirtd_config.rb b/lib/puppet/type/libvirtd_config.rb new file mode 100644 index 000000000..7097873a3 --- /dev/null +++ b/lib/puppet/type/libvirtd_config.rb @@ -0,0 +1,46 @@ +Puppet::Type.newtype(:libvirtd_config) do + + ensurable + + newparam(:name, :namevar => true) do + desc 'setting name to manage from libvirtd.conf' + newvalues(/\S+/) + end + + newproperty(:value) do + desc 'The value of the setting to be defined.' + munge do |value| + value = value.to_s.strip + value + end + + def is_to_s( currentvalue ) + if resource.secret? + return '[old secret redacted]' + else + return currentvalue + end + end + + def should_to_s( newvalue ) + if resource.secret? + return '[new secret redacted]' + else + return newvalue + end + end + end + + newparam(:secret, :boolean => true) do + desc 'Whether to hide the value from Puppet logs. Defaults to `false`.' + + newvalues(:true, :false) + + defaultto false + end + + autorequire(:package) do + 'libvirt-daemon' + end + +end diff --git a/manifests/compute/libvirt/config.pp b/manifests/compute/libvirt/config.pp new file mode 100644 index 000000000..597e8a21f --- /dev/null +++ b/manifests/compute/libvirt/config.pp @@ -0,0 +1,30 @@ +# == Class: nova::compute::libvirt::config +# +# This class is used to manage arbitrary libvirtd configurations. +# +# === Parameters +# +# [*libvirtd_config*] +# (optional) Allow configuration of arbitrary libvirtd configurations. +# The value is an hash of libvirtd_config resources. Example: +# { 'foo' => { value => 'fooValue'}, +# 'bar' => { value => 'barValue'} +# } +# In yaml format, Example: +# libvirtd_config: +# foo: +# value: fooValue +# bar: +# value: barValue +# +# NOTE: The configuration MUST NOT be already handled by this module +# or Puppet catalog compilation will fail with duplicate resources. +# +class nova::compute::libvirt::config ( + $libvirtd_config = {}, +) { + + validate_hash($libvirtd_config) + + create_resources('libvirtd_config', $libvirtd_config) +} diff --git a/manifests/migration/libvirt.pp b/manifests/migration/libvirt.pp index 44ef20a4a..2a1d6e0d9 100644 --- a/manifests/migration/libvirt.pp +++ b/manifests/migration/libvirt.pp @@ -176,9 +176,13 @@ class nova::migration::libvirt( if $configure_libvirt { Anchor['nova::config::begin'] + -> Libvirtd_config<||> -> File_line<| tag == 'libvirt-file_line'|> -> Anchor['nova::config::end'] + Libvirtd_config<||> + ~> Service['libvirt'] + File_line<| tag == 'libvirt-file_line' |> ~> Service['libvirt'] @@ -203,47 +207,29 @@ class nova::migration::libvirt( } } + libvirtd_config { + 'listen_tls': value => $listen_tls; + 'listen_tcp': value => $listen_tcp; + } + + if $transport_real == 'tls' { + libvirtd_config { + 'auth_tls': value => "\"${auth}\""; + } + } elsif $transport_real == 'tcp' { + libvirtd_config { + 'auth_tcp': value => "\"${auth}\""; + } + } + + if $listen_address { + libvirtd_config { + 'listen_addr': value => "\"${listen_address}\""; + } + } + case $::osfamily { 'RedHat': { - file_line { '/etc/libvirt/libvirtd.conf listen_tls': - path => '/etc/libvirt/libvirtd.conf', - line => "listen_tls = ${listen_tls}", - match => 'listen_tls =', - tag => 'libvirt-file_line', - } - - file_line { '/etc/libvirt/libvirtd.conf listen_tcp': - path => '/etc/libvirt/libvirtd.conf', - line => "listen_tcp = ${listen_tcp}", - match => 'listen_tcp =', - tag => 'libvirt-file_line', - } - - if $transport_real == 'tls' { - file_line { '/etc/libvirt/libvirtd.conf auth_tls': - path => '/etc/libvirt/libvirtd.conf', - line => "auth_tls = \"${auth}\"", - match => 'auth_tls =', - tag => 'libvirt-file_line', - } - } elsif $transport_real == 'tcp' { - file_line { '/etc/libvirt/libvirtd.conf auth_tcp': - path => '/etc/libvirt/libvirtd.conf', - line => "auth_tcp = \"${auth}\"", - match => 'auth_tcp =', - tag => 'libvirt-file_line', - } - } - - if $listen_address { - file_line { '/etc/libvirt/libvirtd.conf listen_address': - path => '/etc/libvirt/libvirtd.conf', - line => "listen_addr = \"${listen_address}\"", - match => 'listen_addr =', - tag => 'libvirt-file_line', - } - } - if $transport_real != 'ssh' { file_line { '/etc/sysconfig/libvirtd libvirtd args': path => '/etc/sysconfig/libvirtd', @@ -255,45 +241,6 @@ class nova::migration::libvirt( } 'Debian': { - file_line { '/etc/libvirt/libvirtd.conf listen_tls': - path => '/etc/libvirt/libvirtd.conf', - line => "listen_tls = ${listen_tls}", - match => 'listen_tls =', - tag => 'libvirt-file_line', - } - - file_line { '/etc/libvirt/libvirtd.conf listen_tcp': - path => '/etc/libvirt/libvirtd.conf', - line => "listen_tcp = ${listen_tcp}", - match => 'listen_tcp =', - tag => 'libvirt-file_line', - } - - if $transport_real == 'tls' { - file_line { '/etc/libvirt/libvirtd.conf auth_tls': - path => '/etc/libvirt/libvirtd.conf', - line => "auth_tls = \"${auth}\"", - match => 'auth_tls =', - tag => 'libvirt-file_line', - } - } elsif $transport_real == 'tcp' { - file_line { '/etc/libvirt/libvirtd.conf auth_tcp': - path => '/etc/libvirt/libvirtd.conf', - line => "auth_tcp = \"${auth}\"", - match => 'auth_tcp =', - tag => 'libvirt-file_line', - } - } - - if $listen_address { - file_line { '/etc/libvirt/libvirtd.conf listen_address': - path => '/etc/libvirt/libvirtd.conf', - line => "listen_addr = \"${listen_address}\"", - match => 'listen_addr =', - tag => 'libvirt-file_line', - } - } - if $transport_real != 'ssh' { if $::operatingsystem == 'Ubuntu' and versioncmp($::operatingsystemmajrelease, '16') >= 0 { # If systemd is being used then libvirtd is already being launched correctly and diff --git a/releasenotes/notes/add-libvirtd-config-resource-d8b75e542769c138.yaml b/releasenotes/notes/add-libvirtd-config-resource-d8b75e542769c138.yaml new file mode 100644 index 000000000..dc4327bb9 --- /dev/null +++ b/releasenotes/notes/add-libvirtd-config-resource-d8b75e542769c138.yaml @@ -0,0 +1,5 @@ +--- +features: + - Add libvirtd_config resource and + nova::compute::libvirt::config class for managing + /etc/libvirt/libvirtd.conf. diff --git a/spec/classes/nova_migration_libvirt_spec.rb b/spec/classes/nova_migration_libvirt_spec.rb index 1fcd5c0e5..a4546dd13 100644 --- a/spec/classes/nova_migration_libvirt_spec.rb +++ b/spec/classes/nova_migration_libvirt_spec.rb @@ -40,10 +40,10 @@ describe 'nova::migration::libvirt' do shared_examples_for 'nova migration with libvirt' do context 'with default params' do - it { is_expected.to contain_file_line('/etc/libvirt/libvirtd.conf listen_tls').with(:line => "listen_tls = 0") } - it { is_expected.to contain_file_line('/etc/libvirt/libvirtd.conf listen_tcp').with(:line => "listen_tcp = 1") } - it { is_expected.not_to contain_file_line('/etc/libvirt/libvirtd.conf auth_tls')} - it { is_expected.to contain_file_line('/etc/libvirt/libvirtd.conf auth_tcp').with(:line => "auth_tcp = \"none\"") } + it { is_expected.to contain_libvirtd_config('listen_tls').with_value('0') } + it { is_expected.to contain_libvirtd_config('listen_tcp').with_value('1') } + it { is_expected.not_to contain_libvirtd_config('auth_tls') } + it { is_expected.to contain_libvirtd_config('auth_tcp').with_value("\"none\"") } it { is_expected.to contain_nova_config('libvirt/live_migration_tunnelled').with_value('') } it { is_expected.to contain_nova_config('libvirt/live_migration_completion_timeout').with_value('') } it { is_expected.to contain_nova_config('libvirt/live_migration_uri').with_value('qemu+tcp://%s/system') } @@ -74,10 +74,10 @@ describe 'nova::migration::libvirt' do :use_tls => true, } end - it { is_expected.to contain_file_line('/etc/libvirt/libvirtd.conf listen_tls').with(:line => "listen_tls = 1") } - it { is_expected.to contain_file_line('/etc/libvirt/libvirtd.conf listen_tcp').with(:line => "listen_tcp = 0") } - it { is_expected.to contain_file_line('/etc/libvirt/libvirtd.conf auth_tls').with(:line => "auth_tls = \"none\"") } - it { is_expected.not_to contain_file_line('/etc/libvirt/libvirtd.conf auth_tcp')} + it { is_expected.to contain_libvirtd_config('listen_tls').with_value('1') } + it { is_expected.to contain_libvirtd_config('listen_tcp').with_value('0') } + it { is_expected.to contain_libvirtd_config('auth_tls').with_value("\"none\"") } + it { is_expected.not_to contain_libvirtd_config('auth_tcp') } it { is_expected.to contain_nova_config('libvirt/live_migration_uri').with_value('qemu+tls://%s/system')} it { is_expected.to contain_nova_config('libvirt/live_migration_inbound_addr').with_value('')} it { is_expected.to contain_nova_config('libvirt/live_migration_scheme').with_value('')} @@ -89,10 +89,10 @@ describe 'nova::migration::libvirt' do :transport => 'tls', } end - it { is_expected.to contain_file_line('/etc/libvirt/libvirtd.conf listen_tls').with(:line => "listen_tls = 1") } - it { is_expected.to contain_file_line('/etc/libvirt/libvirtd.conf listen_tcp').with(:line => "listen_tcp = 0") } - it { is_expected.to contain_file_line('/etc/libvirt/libvirtd.conf auth_tls').with(:line => "auth_tls = \"none\"") } - it { is_expected.not_to contain_file_line('/etc/libvirt/libvirtd.conf auth_tcp')} + it { is_expected.to contain_libvirtd_config('listen_tls').with_value('1') } + it { is_expected.to contain_libvirtd_config('listen_tcp').with_value('0') } + it { is_expected.to contain_libvirtd_config('auth_tls').with_value("\"none\"") } + it { is_expected.not_to contain_libvirtd_config('auth_tcp') } it { is_expected.to contain_nova_config('libvirt/live_migration_uri').with_value('qemu+tls://%s/system')} end @@ -103,10 +103,10 @@ describe 'nova::migration::libvirt' do :live_migration_inbound_addr => 'host1.example.com', } end - it { is_expected.to contain_file_line('/etc/libvirt/libvirtd.conf listen_tls').with(:line => "listen_tls = 1") } - it { is_expected.to contain_file_line('/etc/libvirt/libvirtd.conf listen_tcp').with(:line => "listen_tcp = 0") } - it { is_expected.to contain_file_line('/etc/libvirt/libvirtd.conf auth_tls').with(:line => "auth_tls = \"none\"") } - it { is_expected.not_to contain_file_line('/etc/libvirt/libvirtd.conf auth_tcp')} + it { is_expected.to contain_libvirtd_config('listen_tls').with_value('1') } + it { is_expected.to contain_libvirtd_config('listen_tcp').with_value('0') } + it { is_expected.to contain_libvirtd_config('auth_tls').with_value("\"none\"") } + it { is_expected.not_to contain_libvirtd_config('auth_tcp') } it { is_expected.to contain_nova_config('libvirt/live_migration_uri').with_value('')} it { is_expected.to contain_nova_config('libvirt/live_migration_inbound_addr').with_value('host1.example.com')} it { is_expected.to contain_nova_config('libvirt/live_migration_scheme').with_value('tls')} @@ -129,8 +129,8 @@ describe 'nova::migration::libvirt' do :auth => 'sasl', } end - it { is_expected.not_to contain_file_line('/etc/libvirt/libvirtd.conf auth_tls')} - it { is_expected.to contain_file_line('/etc/libvirt/libvirtd.conf auth_tcp').with(:line => "auth_tcp = \"sasl\"") } + it { is_expected.not_to contain_libvirtd_config('auth_tls') } + it { is_expected.to contain_libvirtd_config('auth_tcp').with_value("\"sasl\"") } end context 'with auth set to sasl and tls enabled' do @@ -140,8 +140,8 @@ describe 'nova::migration::libvirt' do :transport => 'tls' } end - it { is_expected.to contain_file_line('/etc/libvirt/libvirtd.conf auth_tls').with(:line => "auth_tls = \"sasl\"") } - it { is_expected.not_to contain_file_line('/etc/libvirt/libvirtd.conf auth_tcp')} + it { is_expected.to contain_libvirtd_config('auth_tls').with_value("\"sasl\"") } + it { is_expected.not_to contain_libvirtd_config('auth_tcp') } end context 'with auth set to an invalid setting' do @@ -160,8 +160,8 @@ describe 'nova::migration::libvirt' do :configure_libvirt => false } end - it { is_expected.not_to contain_file_line('/etc/libvirt/libvirtd.conf listen_tls') } - it { is_expected.not_to contain_file_line('/etc/libvirt/libvirtd.conf listen_tcp') } + it { is_expected.not_to contain_libvirtd_config('listen_tls') } + it { is_expected.not_to contain_libvirtd_config('listen_tcp') } end context 'when not configuring nova and tls enabled' do @@ -180,7 +180,7 @@ describe 'nova::migration::libvirt' do :listen_address => "127.0.0.1" } end - it { is_expected.to contain_file_line('/etc/libvirt/libvirtd.conf listen_address').with(:line => "listen_addr = \"127.0.0.1\"") } + it { is_expected.to contain_libvirtd_config('listen_addr').with_value("\"127.0.0.1\"") } end context 'with ssh transport' do @@ -190,8 +190,8 @@ describe 'nova::migration::libvirt' do } end it { is_expected.to contain_nova_config('libvirt/live_migration_uri').with_value('qemu+ssh://%s/system')} - it { is_expected.to contain_file_line('/etc/libvirt/libvirtd.conf listen_tls').with(:line => "listen_tls = 0") } - it { is_expected.to contain_file_line('/etc/libvirt/libvirtd.conf listen_tcp').with(:line => "listen_tcp = 0") } + it { is_expected.to contain_libvirtd_config('listen_tls').with_value('0') } + it { is_expected.to contain_libvirtd_config('listen_tcp').with_value('0') } end context 'with ssh transport with user' do @@ -202,8 +202,8 @@ describe 'nova::migration::libvirt' do } end it { is_expected.to contain_nova_config('libvirt/live_migration_uri').with_value('qemu+ssh://foobar@%s/system')} - it { is_expected.to contain_file_line('/etc/libvirt/libvirtd.conf listen_tls').with(:line => "listen_tls = 0") } - it { is_expected.to contain_file_line('/etc/libvirt/libvirtd.conf listen_tcp').with(:line => "listen_tcp = 0") } + it { is_expected.to contain_libvirtd_config('listen_tls').with_value('0') } + it { is_expected.to contain_libvirtd_config('listen_tcp').with_value('0') } end context 'with ssh transport with port' do @@ -214,8 +214,8 @@ describe 'nova::migration::libvirt' do } end it { is_expected.to contain_nova_config('libvirt/live_migration_uri').with_value('qemu+ssh://%s:1234/system')} - it { is_expected.to contain_file_line('/etc/libvirt/libvirtd.conf listen_tls').with(:line => "listen_tls = 0") } - it { is_expected.to contain_file_line('/etc/libvirt/libvirtd.conf listen_tcp').with(:line => "listen_tcp = 0") } + it { is_expected.to contain_libvirtd_config('listen_tls').with_value('0') } + it { is_expected.to contain_libvirtd_config('listen_tcp').with_value('0') } end context 'with ssh transport with extraparams' do @@ -226,8 +226,8 @@ describe 'nova::migration::libvirt' do } end it { is_expected.to contain_nova_config('libvirt/live_migration_uri').with_value('qemu+ssh://%s/system?foo=%%25&bar=baz')} - it { is_expected.to contain_file_line('/etc/libvirt/libvirtd.conf listen_tls').with(:line => "listen_tls = 0") } - it { is_expected.to contain_file_line('/etc/libvirt/libvirtd.conf listen_tcp').with(:line => "listen_tcp = 0") } + it { is_expected.to contain_libvirtd_config('listen_tls').with_value('0') } + it { is_expected.to contain_libvirtd_config('listen_tcp').with_value('0') } end end