inspector: Add support for iptables PXE filter options
This introduces a new class to manage [pxe] options, which are used by the iptables PXE filter options. The configuration of [pxe] dnsmasq_interface option will be moved to the new class, following the existing implementation to configure the [dnsmasq_pxe_filter] dhcp_hostsdir option. Change-Id: If0ec9eecb70d9976de76899fc115fc9facc75fdd
This commit is contained in:
parent
d295fd035a
commit
0cd31ddc21
@ -342,6 +342,12 @@ class ironic::inspector (
|
|||||||
'port_physnet/cidr_map': value => $port_physnet_cidr_map_real;
|
'port_physnet/cidr_map': value => $port_physnet_cidr_map_real;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if $dnsmasq_interface != 'br-ctlplane' {
|
||||||
|
warning("The [pxe] dnsmasq_interface option may not be configured by this class \
|
||||||
|
in a future release. Make sure the ironic::inspector::pxe_filter::iptables class is \
|
||||||
|
included in the manifest")
|
||||||
|
}
|
||||||
|
|
||||||
# Install package
|
# Install package
|
||||||
package { 'ironic-inspector':
|
package { 'ironic-inspector':
|
||||||
ensure => $package_ensure,
|
ensure => $package_ensure,
|
||||||
|
50
manifests/inspector/pxe_filter/iptables.pp
Normal file
50
manifests/inspector/pxe_filter/iptables.pp
Normal file
@ -0,0 +1,50 @@
|
|||||||
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
# not use this file except in compliance with the License. You may obtain
|
||||||
|
# a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
# License for the specific language governing permissions and limitations
|
||||||
|
# under the License.
|
||||||
|
|
||||||
|
# Configure parameters related to the "iptables" PXE filter
|
||||||
|
#
|
||||||
|
# === Parameters
|
||||||
|
#
|
||||||
|
# [*firewall_chain*]
|
||||||
|
# (optional) iptables chain name to use.
|
||||||
|
# Defaults to $facts['os_service_default'].
|
||||||
|
#
|
||||||
|
# [*ethoib_interfaces*]
|
||||||
|
# (optional) List of Ethernet Over InfiniBand interfaces on the Inspector
|
||||||
|
# host which are used for physical access to the DHCP network.
|
||||||
|
# Defaults to $facts['os_service_default'].
|
||||||
|
#
|
||||||
|
# [*ip_version*]
|
||||||
|
# (optional) The IP version that will be used for iptables filter.
|
||||||
|
# Defaults to $facts['os_service_default'].
|
||||||
|
#
|
||||||
|
class ironic::inspector::pxe_filter::iptables (
|
||||||
|
$firewall_chain = $facts['os_service_default'],
|
||||||
|
$ethoib_interfaces = $facts['os_service_default'],
|
||||||
|
$ip_version = $facts['os_service_default'],
|
||||||
|
) {
|
||||||
|
|
||||||
|
include ironic::deps
|
||||||
|
include ironic::inspector
|
||||||
|
|
||||||
|
# TODO(tkajinam): Remove usage of ensure_resource once we drop the same
|
||||||
|
# option from ironic::inspector
|
||||||
|
ensure_resource('ironic_inspector_config', 'iptables/dnsmasq_interface', {
|
||||||
|
value => $::ironic::inspector::dnsmasq_interface
|
||||||
|
})
|
||||||
|
|
||||||
|
ironic_inspector_config {
|
||||||
|
'iptables/firewall_chain': value => $firewall_chain;
|
||||||
|
'iptables/ethoib_interfaces': value => join(any2array($ethoib_interfaces), ',');
|
||||||
|
'iptables/ip_version': value => $ip_version;
|
||||||
|
}
|
||||||
|
}
|
10
releasenotes/notes/iptables-pxe-filter-e4f0ce5fb8e55d09.yaml
Normal file
10
releasenotes/notes/iptables-pxe-filter-e4f0ce5fb8e55d09.yaml
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
---
|
||||||
|
features:
|
||||||
|
- |
|
||||||
|
The new ``ironic::inspector::pxe_filter::iptables`` class has been added.
|
||||||
|
|
||||||
|
deprecations:
|
||||||
|
- |
|
||||||
|
Configuration of the ``[pxe] dnsmasq_interface`` option by
|
||||||
|
the ``ironic::inspector`` class is deprecated. The option will be
|
||||||
|
managed by only the ``ironic::inspector::pxe_filter::iptables`` class.
|
@ -28,8 +28,8 @@ describe 'ironic::inspector::pxe_filter::dnsmasq' do
|
|||||||
}"
|
}"
|
||||||
end
|
end
|
||||||
|
|
||||||
shared_examples_for 'ironic inspector pxe_filter dnsmasq' do
|
shared_examples_for 'ironic::inspector::pxe_filter::dnsmasq' do
|
||||||
it 'configure pxe_filter default params' do
|
it 'configure dnsmasq pxe filter default params' do
|
||||||
is_expected.to contain_ironic_inspector_config('dnsmasq_pxe_filter/dhcp_hostsdir').with_value('/etc/ironic-inspector/dhcp-hostsdir')
|
is_expected.to contain_ironic_inspector_config('dnsmasq_pxe_filter/dhcp_hostsdir').with_value('/etc/ironic-inspector/dhcp-hostsdir')
|
||||||
is_expected.to contain_ironic_inspector_config('dnsmasq_pxe_filter/dnsmasq_start_command').with_value('<SERVICE DEFAULT>')
|
is_expected.to contain_ironic_inspector_config('dnsmasq_pxe_filter/dnsmasq_start_command').with_value('<SERVICE DEFAULT>')
|
||||||
is_expected.to contain_ironic_inspector_config('dnsmasq_pxe_filter/dnsmasq_stop_command').with_value('<SERVICE DEFAULT>')
|
is_expected.to contain_ironic_inspector_config('dnsmasq_pxe_filter/dnsmasq_stop_command').with_value('<SERVICE DEFAULT>')
|
||||||
@ -51,7 +51,7 @@ describe 'ironic::inspector::pxe_filter::dnsmasq' do
|
|||||||
params
|
params
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'configure pxe_filter dnsmasq specific params' do
|
it 'configure dnsmasq pxe filter specific params' do
|
||||||
is_expected.to contain_ironic_inspector_config('dnsmasq_pxe_filter/dhcp_hostsdir').with_value('/etc/ironic-inspector/dhcp-hostsdir')
|
is_expected.to contain_ironic_inspector_config('dnsmasq_pxe_filter/dhcp_hostsdir').with_value('/etc/ironic-inspector/dhcp-hostsdir')
|
||||||
is_expected.to contain_ironic_inspector_config('dnsmasq_pxe_filter/dnsmasq_start_command').with_value(p[:dnsmasq_start_command])
|
is_expected.to contain_ironic_inspector_config('dnsmasq_pxe_filter/dnsmasq_start_command').with_value(p[:dnsmasq_start_command])
|
||||||
is_expected.to contain_ironic_inspector_config('dnsmasq_pxe_filter/dnsmasq_stop_command').with_value(p[:dnsmasq_stop_command])
|
is_expected.to contain_ironic_inspector_config('dnsmasq_pxe_filter/dnsmasq_stop_command').with_value(p[:dnsmasq_stop_command])
|
||||||
@ -71,7 +71,7 @@ describe 'ironic::inspector::pxe_filter::dnsmasq' do
|
|||||||
facts.merge!(OSDefaults.get_facts())
|
facts.merge!(OSDefaults.get_facts())
|
||||||
end
|
end
|
||||||
|
|
||||||
it_behaves_like 'ironic inspector pxe_filter dnsmasq'
|
it_behaves_like 'ironic::inspector::pxe_filter::dnsmasq'
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
65
spec/classes/ironic_inspector_pxe_filter_iptables_spec.rb
Normal file
65
spec/classes/ironic_inspector_pxe_filter_iptables_spec.rb
Normal file
@ -0,0 +1,65 @@
|
|||||||
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
# not use this file except in compliance with the License. You may obtain
|
||||||
|
# a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
# License for the specific language governing permissions and limitations
|
||||||
|
# under the License.
|
||||||
|
#
|
||||||
|
# Unit tests for ironic::inspector::pxe_filter::iptables class
|
||||||
|
#
|
||||||
|
|
||||||
|
require 'spec_helper'
|
||||||
|
|
||||||
|
describe 'ironic::inspector::pxe_filter::iptables' do
|
||||||
|
let :pre_condition do
|
||||||
|
"class { 'ironic::inspector::authtoken':
|
||||||
|
password => 'password',
|
||||||
|
}
|
||||||
|
class { 'ironic::inspector':
|
||||||
|
}"
|
||||||
|
end
|
||||||
|
|
||||||
|
shared_examples_for 'ironic::inspector::pxe_filter::iptables' do
|
||||||
|
it 'configure iptables pxe filter default params' do
|
||||||
|
is_expected.to contain_ironic_inspector_config('iptables/dnsmasq_interface').with_value('br-ctlplane')
|
||||||
|
is_expected.to contain_ironic_inspector_config('iptables/firewall_chain').with_value('<SERVICE DEFAULT>')
|
||||||
|
is_expected.to contain_ironic_inspector_config('iptables/ethoib_interfaces').with_value('<SERVICE DEFAULT>')
|
||||||
|
is_expected.to contain_ironic_inspector_config('iptables/ip_version').with_value('<SERVICE DEFAULT>')
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'with specific parameters' do
|
||||||
|
let :params do
|
||||||
|
{
|
||||||
|
:firewall_chain => 'ironic-inspector',
|
||||||
|
:ethoib_interfaces => ['interface0', 'interface1'],
|
||||||
|
:ip_version => 4,
|
||||||
|
}
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'configure iptables pxe filter specific params' do
|
||||||
|
is_expected.to contain_ironic_inspector_config('iptables/dnsmasq_interface').with_value('br-ctlplane')
|
||||||
|
is_expected.to contain_ironic_inspector_config('iptables/firewall_chain').with_value('ironic-inspector')
|
||||||
|
is_expected.to contain_ironic_inspector_config('iptables/ethoib_interfaces').with_value('interface0,interface1')
|
||||||
|
is_expected.to contain_ironic_inspector_config('iptables/ip_version').with_value(4)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
on_supported_os({
|
||||||
|
:supported_os => OSDefaults.get_supported_os
|
||||||
|
}).each do |os,facts|
|
||||||
|
context "on #{os}" do
|
||||||
|
let (:facts) do
|
||||||
|
facts.merge!(OSDefaults.get_facts())
|
||||||
|
end
|
||||||
|
|
||||||
|
it_behaves_like 'ironic::inspector::pxe_filter::iptables'
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
end
|
Loading…
Reference in New Issue
Block a user