openstack
/
openstack-zuul-jobs
Code Issues Proposed changes

Merge "Don't assume nodepool.[private|public]_ipv4"

This commit is contained in:
Zuul 2018-03-27 21:18:56 +00:00 committed by Gerrit Code Review
parent 4022628db3 da1b0f9b67
commit 7beda537c0
3 changed files with 31 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
tests/multi-node-firewall-persistence.yaml
View File

@ -41,11 +41,25 @@
failed_when: false
register: iptables_rules
- name: Validate ipv4 firewall configuration
- name: Validate ipv4 private firewall configuration
assert:
that:
- "'-A INPUT -s {{ hostvars[item]['nodepool']['private_ipv4'] }}/32 -j ACCEPT' in iptables_rules.stdout"
with_items: "{{ groups['all'] }}"
when:
- hostvars[item]['nodepool']['private_ipv4']
- name: Validate ipv4 public firewall configuration
assert:
that:
- "'-A INPUT -s {{ hostvars[item]['nodepool']['public_ipv4'] }}/32 -j ACCEPT' in iptables_rules.stdout"
with_items: "{{ groups['all'] }}"
when:
- hostvars[item]['nodepool']['public_ipv4']
- name: Validate ipv4 bridge firewall configuration
assert:
that:
- "'-A INPUT -s {{ bridge_address_prefix }}.0/{{ bridge_address_subnet }} -d {{ bridge_address_prefix }}.0/{{ bridge_address_subnet }} -j ACCEPT' in iptables_rules.stdout"
with_items: "{{ groups['all'] }}"

11
tests/multi-node-firewall.yaml
View File

@ -10,12 +10,21 @@
failed_when: false
register: iptables_rules
- name: Validate ipv4 firewall configuration
- name: Validate ipv4 private firewall configuration
assert:
that:
- "'-A INPUT -s {{ hostvars[item]['nodepool']['private_ipv4'] }}/32 -j ACCEPT' in iptables_rules.stdout"
with_items: "{{ groups['all'] }}"
when:
- hostvars[item]['nodepool']['private_ipv4']
- name: Validate ipv4 public firewall configuration
assert:
that:
- "'-A INPUT -s {{ hostvars[item]['nodepool']['public_ipv4'] }}/32 -j ACCEPT' in iptables_rules.stdout"
with_items: "{{ groups['all'] }}"
when:
- hostvars[item]['nodepool']['public_ipv4']
# ipv6_addresses is set by the multi-node-firewall role
- when: ipv6_addresses | length > 0

8
tests/multi-node-known-hosts.yaml
View File

@ -12,8 +12,12 @@
host_addresses: >
{% set hosts = [] -%}
{% for host, vars in hostvars.items() -%}
{% set _ = hosts.append(vars['nodepool']['private_ipv4']) -%}
{% set _ = hosts.append(vars['nodepool']['public_ipv4']) -%}
{% if vars['nodepool']['private_ipv4'] != '' -%}
{% set _ = hosts.append(vars['nodepool']['private_ipv4']) -%}
{% endif -%}
{% if vars['nodepool']['public_ipv4'] != '' -%}
{% set _ = hosts.append(vars['nodepool']['public_ipv4']) -%}
{% endif -%}
{% if vars['nodepool']['public_ipv6'] != '' -%}
{% set _ = hosts.append(vars['nodepool']['public_ipv6']) -%}
{% endif -%}