openstack/puppet-ironic
Code Issues Proposed changes

Remove ironic-inspector support

Browse Source 
Depends-on: https://review.opendev.org/964801
Change-Id: I01bae3d350e5d356868347b62d6ac286430b2c2b
Signed-off-by: Takashi Kajinami <kajinamit@oss.nttdata.com>
This commit is contained in:
Takashi Kajinami
2025-10-25 01:37:24 +09:00
parent ceb760c11f
commit badee8d328
55 changed files with 4 additions and 4946 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
lib/puppet/provider/ironic_inspector_config/openstackconfig.rb
View File

@@ -1,10 +0,0 @@
Puppet::Type.type(:ironic_inspector_config).provide(
:openstackconfig,
:parent => Puppet::Type.type(:openstack_config).provider(:ruby)
) do
def self.file_path
'/etc/ironic-inspector/inspector.conf'
end
end

61
lib/puppet/type/ironic_inspector_config.rb
View File

@@ -1,61 +0,0 @@
Puppet::Type.newtype(:ironic_inspector_config) do
ensurable
newparam(:name, :namevar => true) do
desc 'Section/setting name to manage from inspector.conf'
newvalues(/\S+\/\S+/)
end
newproperty(:value, :array_matching => :all) do
desc 'The value of the setting to be defined.'
def insync?(is)
return true if @should.empty?
return false unless is.is_a? Array
return false unless is.length == @should.length
return (
is & @should == is or
is & @should.map(&:to_s) == is
)
end
munge do |value|
value = value.to_s.strip
value.capitalize! if value =~ /^(true|false)$/i
value
end
def is_to_s( currentvalue )
if resource.secret?
return '[old secret redacted]'
else
return currentvalue
end
end
def should_to_s( newvalue )
if resource.secret?
return '[new secret redacted]'
else
return newvalue
end
end
end
newparam(:secret, :boolean => true) do
desc 'Whether to hide the value from Puppet logs. Defaults to `false`.'
newvalues(:true, :false)
defaultto false
end
newparam(:ensure_absent_val) do
desc 'A value that is specified as the value property will behave as if ensure => absent was specified'
defaultto('<SERVICE DEFAULT>')
end
autorequire(:anchor) do
['ironic::install::end']
end
end

28
manifests/deps.pp
View File

@@ -26,27 +26,6 @@ class ironic::deps {
~> Service<| tag == 'ironic-service' |>
~> anchor { 'ironic::service::end': }
# ironic-inspector is supported by this module. This service uses a
# specific conf file and uses it's own config provider. Split out install
# and configure of this service so that other services are not affected.
anchor { 'ironic-inspector::install::begin': }
-> Package<| tag == 'ironic-inspector-package'|>
~> anchor { 'ironic-inspector::install::end': }
-> anchor { 'ironic-inspector::config::begin': }
-> Ironic_inspector_config<||>
~> anchor { 'ironic-inspector::config::end': }
-> anchor { 'ironic-inspector::db::begin': }
-> anchor { 'ironic-inspector::db::end': }
~> anchor { 'ironic-inspector::dbsync::begin': }
-> anchor { 'ironic-inspector::dbsync::end': }
~> anchor { 'ironic-inspector::service::begin': }
~> Service<| tag == 'ironic-inspector-service' |>
~> anchor { 'ironic-inspector::service::end': }
Anchor['ironic-inspector::service::begin']
~> Service<| tag == 'ironic-inspector-dnsmasq-service' |>
~> Anchor['ironic-inspector::service::end']
Anchor['ironic::config::begin']
-> Ironic_api_uwsgi_config<||>
-> Anchor['ironic::config::end']
@@ -62,11 +41,6 @@ class ironic::deps {
-> Package<| tag == 'ironic-support-package'|>
-> Anchor['ironic::install::end']
# ironic-inspector depends on support packages in pxe.pp
Anchor['ironic-inspector::install::begin']
-> Package<| tag == 'ironic-support-package'|>
-> Anchor['ironic-inspector::install::end']
# openstackclient package is needed by transform
Package<| tag == 'openstackclient'|>
-> Anchor['ironic::config::begin']
@@ -74,6 +48,4 @@ class ironic::deps {
# Installation or config changes will always restart services.
Anchor['ironic::install::end'] ~> Anchor['ironic::service::begin']
Anchor['ironic::config::end'] ~> Anchor['ironic::service::begin']
Anchor['ironic-inspector::install::end'] ~> Anchor['ironic-inspector::service::begin']
Anchor['ironic-inspector::config::end'] ~> Anchor['ironic-inspector::service::begin']
}

642
manifests/inspector.pp
View File

@@ -1,642 +0,0 @@
#
# Copyright (C) 2015 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
# Configure the ironic-inspector auxiliary service to Ironic
#
# === Parameters
#
# [*package_ensure*]
# (optional) Control the ensure parameter for the package resource
# Defaults to 'present'
#
# [*manage_service*]
# (optional) Whether the service should be managed by Puppet.
# Defaults to true.
#
# [*enabled*]
# (optional) Define if the service must be enabled or not
# Defaults to true
#
# [*host*]
# (optional) Name of this node.
# Defaults to $facts['os_service_default'].
#
# [*listen_address*]
# (optional) The listen IP for the Ironic-inspector API server.
# Should be an valid IP address
# Defaults to $facts['os_service_default'].
#
# [*pxe_transfer_protocol*]
# (optional) Protocol preferred for transferring the ramdisk.
# Some architecture require tftp is used exclusively.
# Defaults to 'tftp'. Valid values are 'tftp' or 'http'.
#
# [*dhcp_debug*]
# (optional) Boolean to enable dnsmasq debug logging.
# Defaults to false
#
# [*auth_strategy*]
# (optional) API authentication strategy: keystone or noauth
# Defaults to 'keystone'
#
# [*timeout*]
# (optional) Timeout after which introspection is considered failed,
# set to 0 to disable.
# Defaults to $facts['os_service_default']
#
# [*api_max_limit*]
# (optional) Limit the number of elements an API list-call returns
# Defaults to $facts['os_service_default']
#
# [*dnsmasq_interface*]
# (optional) The interface for the ironic-inspector dnsmasq process
# to listen on
# Defaults to 'br-ctlplane'
#
# [*ramdisk_logs_dir*]
# (optional) Location to store logs retrieved from the ramdisk
# Defaults to '/var/log/ironic-inspector/ramdisk/'
#
# [*always_store_ramdisk_logs*]
# (optional) Whether to store ramdisk logs even for successful introspection.
# Defaults to $facts['os_service_default']
#
# [*add_ports*]
# (optional) Which MAC addresses to add as ports during introspection.
# Allowed values: all, active, pxe.
# Defaults to $facts['os_service_default']
#
# [*keep_ports*]
# (optional) Which ports to keep after introspection
# Defaults to $facts['os_service_default']
#
# [*store_data*]
# (optional) Method for storing introspection data
# Defaults to $facts['os_service_default']
#
# [*dnsmasq_ip_subnets*]
# (optional) List of hashes with keys: 'tag', 'ip_range', 'netmask',
# 'gateway' and 'classless_static_routes'. 'ip_range' is the only required
# key. Assigning multiple tagged subnets allow dnsmasq to serve dhcp request
# that came in via dhcp relay/helper.
# Example:
# [{'ip_range' => '192.168.0.100,192.168.0.120', 'mtu' => '1500'},
# {'tag' => 'subnet1',
# 'ip_range' => '192.168.1.100,192.168.1.200',
# 'netmask' => '255.255.255.0',
# 'gateway' => '192.168.1.254'},
# {'tag' => 'subnet2',
# 'ip_range' => '192.168.2.100,192.168.2.200',
# 'netmask' => '255.255.255.0',
# 'gateway' => '192.168.2.254',
# 'classless_static_routes' => [{'destination' => '1.2.3.0/24',
# 'nexthop' => '192.168.2.1'},
# {'destination' => '4.5.6.0/24',
# 'nexthop' => '192.168.2.1'}]}]
# Defaults to []
#
# [*dnsmasq_local_ip*]
# (optional) IP interface for the dnsmasq process
# Defaults to '192.168.0.1'
#
# [*dnsmasq_dhcp_sequential_ip*]
# (optional) When true enable the 'dhcp-sequential-ip' option for dnsmasq.
# Defaults to true
#
# [*dnsmasq_dhcp_hostsdir*]
# (optional) directory with DHCP hosts, only used with the "dnsmasq" PXE
# filter.
# Defaults to undef
#
# [*dnsmasq_log_facility*]
# (optional) Log facility of the dnsmasq process.
# Defaults to undef
#
# [*sync_db*]
# Enable dbsync
# Defaults to true
#
# [*ramdisk_collectors*]
# Comma-separated list of IPA inspection collectors
# Defaults to undef
#
# [*additional_processing_hooks*]
# Comma-separated list of processing hooks to append to the default list.
# Defaults to undef
#
# [*ramdisk_kernel_args*]
# String with kernel arguments to send to the ramdisk on boot.
# Defaults to ''
#
# [*ramdisk_filename*]
# The filename of ramdisk which is used in pxelinux_cfg/ipxelinux_cfg templates
# Defaults to 'agent.ramdisk'
#
# [*kernel_filename*]
# The filename of kernel which is used in pxelinux_cfg/ipxelinux_cfg templates
# Defaults to 'agent.kernel'
#
# [*ipxe_timeout*]
# (optional) ipxe timeout in second. Should be an integer.
# Defaults to 0
#
# [*http_port*]
# (optional) port used by the HTTP service serving introspection images.
# Defaults to 8088.
#
# [*tftp_root*]
# (optional) Folder location to deploy PXE boot files
# Defaults to '/tftpboot'
#
# [*http_root*]
# (optional) Folder location to deploy HTTP PXE boot
# Defaults to '/httpboot'
#
# [*detect_boot_mode*]
# (optional) Whether to store the boot mode (BIOS or UEFI).
# Defaults to $facts['os_service_default']
#
# [*node_not_found_hook*]
# (optional) Plugin to run when a node is not found during lookup.
# For example, "enroll" hook can be used for node auto-discovery.
# Defaults to $facts['os_service_default']
#
# [*discovery_default_driver*]
# (optional) The default driver to use for auto-discovered nodes.
# Requires node_not_found_hook set to "enroll".
# Defaults to $facts['os_service_default']
#
# [*enable_ppc64le*]
# (optional) Boolean value to determine if ppc64le support should be enabled
# Defaults to false (no ppc64le support)
#
# [*port_physnet_cidr_map*]
# (optional) Hash where key's are CIDR and values are physical network.
# Mapping of IP subnet CIDR to physical network. When the
# physnet_cidr_map processing hook is enabled the physical_network property
# of baremetal ports is populated based on this mapping.
# Example: {'10.10.10.0/24' => 'physnet_a', '2001:db8::/64' => 'physnet_b'}
# Defaults to {}
#
# [*uefi_ipxe_bootfile_name*]
# (optional) Name of efi file used to boot servers with iPXE + UEFI. This
# should be consistent with the uefi_ipxe_bootfile_name parameter in pxe
# driver.
# Defaults to $ironic::parmas::uefi_ipxe_bootfile_name
#
# [*executor_thread_pool_size*]
# (optional) Size of executor thread pool when executor is threading or eventlet.
# Defaults to $facts['os_service_default'].
#
# [*rpc_response_timeout*]
# (optional) Seconds to wait for a response from a call. (integer value)
# Defaults to $facts['os_service_default'].
#
# [*rpc_transport*]
# (optional) Defines a remote procedure call transport between conductor and
# API processes, such as using a messaging broker or JSON RPC.
# Defaults to $facts['os_service_default']
#
# [*control_exchange*]
# (optional) What RPC queue/exchange to use (string value)
# Defaults to $facts['os_service_default']
#
# [*default_transport_url*]
# (optional) A URL representing the messaging driver to use and its full
# configuration. Transport URLs take the form:
# transport://user:pass@host1:port[,hostN:portN]/virtual_host
# Defaults to 'fake://'
#
# [*rabbit_use_ssl*]
# (optional) Connect over SSL for RabbitMQ. (boolean value)
# Defaults to $facts['os_service_default']
#
# [*rabbit_ha_queues*]
# (optional) Use HA queues in RabbitMQ. (boolean value)
# Defaults to $facts['os_service_default']
#
# [*rabbit_heartbeat_timeout_threshold*]
# (optional) Number of seconds after which the RabbitMQ broker is considered
# down if the heartbeat keepalive fails. Any value >0 enables heartbeats.
# Heartbeating helps to ensure the TCP connection to RabbitMQ isn't silently
# closed, resulting in missed or lost messages from the queue.
# Requires kombu >= 3.0.7 and amqp >= 1.4.0. (integer value)
# Defaults to $facts['os_service_default']
#
# [*rabbit_heartbeat_rate*]
# (optional) How often during the rabbit_heartbeat_timeout_threshold period
# to check the heartbeat on RabbitMQ connection.
# i.e. rabbit_heartbeat_rate=2 when rabbit_heartbeat_timeout_threshold=60,
# the heartbeat will be checked every 30 seconds. (integer value)
# Defaults to $facts['os_service_default']
#
# [*rabbit_qos_prefetch_count*]
# (Optional) Specifies the number of messages to prefetch.
# Defaults to $facts['os_service_default']
#
# [*rabbit_quorum_queue*]
# (Optional) Use quorum queues in RabbitMQ.
# Defaults to $facts['os_service_default']
#
# [*rabbit_transient_quorum_queue*]
# (Optional) Use quorum queues for transients queues in RabbitMQ.
# Defaults to $facts['os_service_default']
#
# [*rabbit_transient_queues_ttl*]
# (Optional) Positive integer representing duration in seconds for
# queue TTL (x-expires). Queues which are unused for the duration
# of the TTL are automatically deleted.
# The parameter affects only reply and fanout queues. (integer value)
# Min to 1
# Defaults to $facts['os_service_default']
#
# [*rabbit_quorum_delivery_limit*]
# (Optional) Each time a message is rdelivered to a consumer, a counter is
# incremented. Once the redelivery count exceeds the delivery limit
# the message gets dropped or dead-lettered.
# Defaults to $facts['os_service_default']
#
# [*rabbit_quorum_max_memory_length*]
# (Optional) Limit the number of messages in the quorum queue.
# Defaults to $facts['os_service_default']
#
# [*rabbit_quorum_max_memory_bytes*]
# (Optional) Limit the number of memory bytes used by the quorum queue.
# Defaults to $facts['os_service_default']
#
# [*rabbit_enable_cancel_on_failover*]
# (Optional) Enable x-cancel-on-ha-failover flag so that rabbitmq server will
# cancel and notify consumers when queue is down.
# Defaults to $facts['os_service_default']
#
# [*kombu_ssl_ca_certs*]
# (optional) SSL certification authority file (valid only if SSL enabled).
# (string value)
# Defaults to $facts['os_service_default']
#
# [*kombu_ssl_certfile*]
# (optional) SSL cert file (valid only if SSL enabled). (string value)
# Defaults to $facts['os_service_default']
#
# [*kombu_ssl_keyfile*]
# (optional) SSL key file (valid only if SSL enabled). (string value)
# Defaults to $facts['os_service_default']
#
# [*kombu_ssl_version*]
# (optional) SSL version to use (valid only if SSL enabled).
# Valid values are TLSv1, SSLv23 and SSLv3. SSLv2 may be
# available on some distributions. (string value)
# Defaults to $facts['os_service_default']
#
# [*kombu_reconnect_delay*]
# (optional) How long to wait before reconnecting in response to an AMQP
# consumer cancel notification. (floating point value)
# Defaults to $facts['os_service_default']
#
# [*kombu_failover_strategy*]
# (Optional) Determines how the next RabbitMQ node is chosen in case the one
# we are currently connected to becomes unavailable. Takes effect only if
# more than one RabbitMQ node is provided in config. (string value)
# Defaults to $facts['os_service_default']
#
# [*kombu_compression*]
# (optional) Possible values are: gzip, bz2. If not set compression will not
# be used. This option may notbe available in future versions. EXPERIMENTAL.
# (string value)
# Defaults to $facts['os_service_default']
#
# [*amqp_durable_queues*]
# (optional) Define queues as "durable" to rabbitmq. (boolean value)
# Defaults to $facts['os_service_default']
#
# [*amqp_auto_delete*]
# (Optional) Define if transient queues should be auto-deleted (boolean value)
# Defaults to $facts['os_service_default']
#
# [*standalone*]
# (optional) Whether to run ironic-inspector as a standalone service.
# Defaults to true
#
class ironic::inspector (
Stdlib::Ensure::Package $package_ensure = 'present',
Boolean $manage_service = true,
Boolean $enabled = true,
$host = $facts['os_service_default'],
$listen_address = $facts['os_service_default'],
Enum['http', 'tftp'] $pxe_transfer_protocol = 'tftp',
Boolean $dhcp_debug = false,
$auth_strategy = 'keystone',
$timeout = $facts['os_service_default'],
$api_max_limit = $facts['os_service_default'],
$dnsmasq_interface = 'br-ctlplane',
$ramdisk_logs_dir = '/var/log/ironic-inspector/ramdisk/',
$always_store_ramdisk_logs = $facts['os_service_default'],
$add_ports = $facts['os_service_default'],
$keep_ports = $facts['os_service_default'],
$store_data = $facts['os_service_default'],
Array[Hash] $dnsmasq_ip_subnets = [],
$dnsmasq_local_ip = '192.168.0.1',
Boolean $dnsmasq_dhcp_sequential_ip = true,
Optional[Stdlib::Absolutepath] $dnsmasq_dhcp_hostsdir = undef,
$dnsmasq_log_facility = undef,
Boolean $sync_db = true,
Optional[String[1]] $ramdisk_collectors = undef,
String[1] $ramdisk_filename = 'agent.ramdisk',
String[1] $kernel_filename = 'agent.kernel',
$additional_processing_hooks = undef,
String $ramdisk_kernel_args = '',
Integer[0] $ipxe_timeout = 0,
$http_port = '8088',
$detect_boot_mode = $facts['os_service_default'],
Stdlib::Absolutepath $tftp_root = '/tftpboot',
Stdlib::Absolutepath $http_root = '/httpboot',
$node_not_found_hook = $facts['os_service_default'],
$discovery_default_driver = $facts['os_service_default'],
Boolean $enable_ppc64le = false,
Hash $port_physnet_cidr_map = {},
$uefi_ipxe_bootfile_name = $ironic::params::uefi_ipxe_bootfile_name,
$control_exchange = $facts['os_service_default'],
$executor_thread_pool_size = $facts['os_service_default'],
$rpc_response_timeout = $facts['os_service_default'],
$rpc_transport = $facts['os_service_default'],
$default_transport_url = 'fake://',
$rabbit_use_ssl = $facts['os_service_default'],
$rabbit_heartbeat_timeout_threshold = $facts['os_service_default'],
$rabbit_heartbeat_rate = $facts['os_service_default'],
$rabbit_qos_prefetch_count = $facts['os_service_default'],
$rabbit_ha_queues = $facts['os_service_default'],
$rabbit_quorum_queue = $facts['os_service_default'],
$rabbit_transient_queues_ttl = $facts['os_service_default'],
$rabbit_transient_quorum_queue = $facts['os_service_default'],
$rabbit_quorum_delivery_limit = $facts['os_service_default'],
$rabbit_quorum_max_memory_length = $facts['os_service_default'],
$rabbit_quorum_max_memory_bytes = $facts['os_service_default'],
$rabbit_enable_cancel_on_failover = $facts['os_service_default'],
$kombu_ssl_ca_certs = $facts['os_service_default'],
$kombu_ssl_certfile = $facts['os_service_default'],
$kombu_ssl_keyfile = $facts['os_service_default'],
$kombu_ssl_version = $facts['os_service_default'],
$kombu_reconnect_delay = $facts['os_service_default'],
$kombu_failover_strategy = $facts['os_service_default'],
$kombu_compression = $facts['os_service_default'],
$amqp_durable_queues = $facts['os_service_default'],
$amqp_auto_delete = $facts['os_service_default'],
Boolean $standalone = true,
) inherits ironic::params {
include ironic::deps
include ironic::pxe::common
include ironic::inspector::db
include ironic::inspector::policy
warning('Support for ironic-inspector is deprecated and will be removed in a future release')
if $auth_strategy == 'keystone' {
include ironic::inspector::authtoken
}
if !standalone and $facts['os']['family'] != 'RedHat' {
fail('Non-standalone mode configuration is not supported in this operating system')
}
$tftp_root_real = pick($ironic::pxe::common::tftp_root, $tftp_root)
$http_root_real = pick($ironic::pxe::common::http_root, $http_root)
$http_port_real = pick($ironic::pxe::common::http_port, $http_port)
$ipxe_timeout_real = pick($ironic::pxe::common::ipxe_timeout, $ipxe_timeout)
$uefi_ipxe_bootfile_name_real = pick($ironic::pxe::common::uefi_ipxe_bootfile_name, $uefi_ipxe_bootfile_name)
$dnsmasq_local_ip_real = normalize_ip_for_uri($dnsmasq_local_ip)
$dnsmasq_ip_subnets_real = ipv6_normalize_dnsmasq_ip_subnets($dnsmasq_ip_subnets)
if $pxe_transfer_protocol == 'tftp' {
file { '/etc/ironic-inspector/dnsmasq.conf':
ensure => 'file',
content => template('ironic/inspector_dnsmasq_tftp.erb'),
tag => 'ironic-inspector-dnsmasq-file',
}
file { "${tftp_root_real}/pxelinux.cfg/default":
ensure => 'file',
seltype => 'tftpdir_t',
owner => $ironic::params::inspector_user,
group => $ironic::params::inspector_group,
content => template('ironic/inspector_pxelinux_cfg.erb'),
tag => 'ironic-inspector-dnsmasq-file',
}
}
if $pxe_transfer_protocol == 'http' {
file { '/etc/ironic-inspector/dnsmasq.conf':
ensure => 'file',
content => template('ironic/inspector_dnsmasq_http.erb'),
tag => 'ironic-inspector-dnsmasq-file',
}
file { "${http_root_real}/inspector.ipxe":
ensure => 'file',
seltype => 'httpd_sys_content_t',
owner => $ironic::params::inspector_user,
group => $ironic::params::inspector_group,
content => template('ironic/inspector_ipxe.erb'),
tag => 'ironic-inspector-dnsmasq-file',
}
}
# NOTE: ppc64le hardware supports only tftp
if $enable_ppc64le {
file { "${tftp_root_real}/ppc64le":
ensure => 'directory',
seltype => 'tftpdir_t',
owner => $ironic::params::inspector_user,
group => $ironic::params::inspector_group,
tag => 'ironic-inspector-dnsmasq-file',
}
file { "${tftp_root_real}/ppc64le/default":
ensure => 'file',
seltype => 'tftpdir_t',
owner => $ironic::params::inspector_user,
group => $ironic::params::inspector_group,
content => template('ironic/inspector_pxelinux_cfg.erb'),
tag => 'ironic-inspector-dnsmasq-file',
}
}
Anchor['ironic-inspector::config::begin']
-> File<| tag == 'ironic-inspector-dnsmasq-file' |>
-> Anchor['ironic-inspector::config::end']
$p_hooks = $additional_processing_hooks ? {
undef => $facts['os_service_default'],
default => join(concat(['$default_processing_hooks'], any2array($additional_processing_hooks)), ',')
}
$port_physnet_cidr_map_real = empty($port_physnet_cidr_map) ? {
true => $facts['os_service_default'],
default => join(join_keys_to_values($port_physnet_cidr_map, ':'), ',')
}
ironic_inspector_config {
'DEFAULT/host': value => $host;
'DEFAULT/listen_address': value => $listen_address;
'DEFAULT/auth_strategy': value => $auth_strategy;
'DEFAULT/timeout': value => $timeout;
'DEFAULT/api_max_limit': value => $api_max_limit;
'capabilities/boot_mode': value => $detect_boot_mode;
'processing/ramdisk_logs_dir': value => $ramdisk_logs_dir;
'processing/always_store_ramdisk_logs': value => $always_store_ramdisk_logs;
'processing/add_ports': value => $add_ports;
'processing/keep_ports': value => $keep_ports;
'processing/store_data': value => $store_data;
# Here we use oslo.config interpolation with another option default_processing_hooks,
# which we don't change as it might break introspection completely.
'processing/processing_hooks': value => $p_hooks;
'processing/node_not_found_hook': value => $node_not_found_hook;
'discovery/enroll_node_driver': value => $discovery_default_driver;
'port_physnet/cidr_map': value => $port_physnet_cidr_map_real;
'DEFAULT/standalone': value => $standalone;
}
oslo::messaging::default { 'ironic_inspector_config':
executor_thread_pool_size => $executor_thread_pool_size,
transport_url => $default_transport_url,
rpc_response_timeout => $rpc_response_timeout,
control_exchange => $control_exchange,
}
oslo::messaging::rabbit { 'ironic_inspector_config':
rabbit_use_ssl => $rabbit_use_ssl,
heartbeat_timeout_threshold => $rabbit_heartbeat_timeout_threshold,
heartbeat_rate => $rabbit_heartbeat_rate,
rabbit_qos_prefetch_count => $rabbit_qos_prefetch_count,
kombu_reconnect_delay => $kombu_reconnect_delay,
kombu_failover_strategy => $kombu_failover_strategy,
amqp_durable_queues => $amqp_durable_queues,
amqp_auto_delete => $amqp_auto_delete,
kombu_compression => $kombu_compression,
kombu_ssl_ca_certs => $kombu_ssl_ca_certs,
kombu_ssl_certfile => $kombu_ssl_certfile,
kombu_ssl_keyfile => $kombu_ssl_keyfile,
kombu_ssl_version => $kombu_ssl_version,
rabbit_ha_queues => $rabbit_ha_queues,
rabbit_quorum_queue => $rabbit_quorum_queue,
rabbit_transient_quorum_queue => $rabbit_transient_quorum_queue,
rabbit_transient_queues_ttl => $rabbit_transient_queues_ttl,
rabbit_quorum_delivery_limit => $rabbit_quorum_delivery_limit,
rabbit_quorum_max_memory_length => $rabbit_quorum_max_memory_length,
rabbit_quorum_max_memory_bytes => $rabbit_quorum_max_memory_bytes,
enable_cancel_on_failover => $rabbit_enable_cancel_on_failover,
}
# Install package
package { 'ironic-inspector':
ensure => $package_ensure,
name => $ironic::params::inspector_package,
tag => ['openstack', 'ironic-inspector-package'],
}
if ! $standalone {
file { '/etc/ironic-inspector/ironic-inspector.conf':
ensure => 'link',
target => '/etc/ironic-inspector/inspector.conf',
require => Anchor['ironic-inspector::install::end'],
before => Anchor['ironic-inspector::service::begin'],
}
package { 'ironic-inspector-api':
ensure => $package_ensure,
name => $ironic::params::inspector_api_package,
tag => ['openstack', 'ironic-inspector-package'],
}
package { 'ironic-inspector-conductor':
ensure => $package_ensure,
name => $ironic::params::inspector_conductor_package,
tag => ['openstack', 'ironic-inspector-package'],
}
}
if $ironic::params::inspector_dnsmasq_package {
package { 'ironic-inspector-dnsmasq':
ensure => $package_ensure,
name => $ironic::params::inspector_dnsmasq_package,
tag => ['openstack', 'ironic-inspector-package'],
}
}
if $sync_db {
include ironic::inspector::db::sync
}
if $dnsmasq_dhcp_hostsdir {
file { 'ironic-inspector-dnsmasq-dhcp-hostsdir':
ensure => directory,
path => $dnsmasq_dhcp_hostsdir,
owner => $ironic::params::inspector_user,
group => $ironic::params::inspector_group,
mode => '0750',
require => Anchor['ironic-inspector::config::begin'],
before => Anchor['ironic-inspector::config::end'],
}
}
if $manage_service {
if $enabled {
$ensure = 'running'
} else {
$ensure = 'stopped'
}
if $standalone {
service { 'ironic-inspector':
ensure => $ensure,
name => $ironic::params::inspector_service,
enable => $enabled,
hasstatus => true,
tag => 'ironic-inspector-service',
}
Keystone_endpoint<||> -> Service['ironic-inspector']
} else {
# NOTE(tkajinam): Ensure ironic-inspector is stopped before starting
# -api and -conductor.
service { 'ironic-inspector':
ensure => 'stopped',
name => $ironic::params::inspector_service,
enable => false,
hasstatus => true,
tag => 'ironic-inspector-service',
}
Service['ironic-inspector'] -> Service['ironic-inspector-conductor']
Service <| title == 'httpd' |> { tag +> 'ironic-inspector-service' }
service { 'ironic-inspector-conductor':
ensure => $ensure,
name => $ironic::params::inspector_conductor_service,
enable => $enabled,
hasstatus => true,
tag => 'ironic-inspector-service',
}
Keystone_endpoint<||> -> Service['ironic-inspector-conductor']
}
if $ironic::params::inspector_dnsmasq_service {
service { 'ironic-inspector-dnsmasq':
ensure => $ensure,
name => $ironic::params::inspector_dnsmasq_service,
enable => $enabled,
hasstatus => true,
tag => 'ironic-inspector-dnsmasq-service',
subscribe => File['/etc/ironic-inspector/dnsmasq.conf'],
}
} else {
warning("The ironic-inspector-dnsmasq service is not available. \
Please set up the dnsmasq service additionally.")
}
}
}

283
manifests/inspector/authtoken.pp
View File

@@ -1,283 +0,0 @@
# class: ironic::inspector::authtoken
#
# Configure the keystone_authtoken section in the configuration file
#
# === Parameters
#
# [*password*]
# (Required) Password to create for the service user
#
# [*username*]
# (Optional) The name of the service user
# Defaults to 'ironic-inspector'
#
# [*auth_url*]
# (Optional) The URL to use for authentication.
# Defaults to 'http://127.0.0.1:5000'.
#
# [*project_name*]
# (Optional) Service project name
# Defaults to 'services'
#
# [*user_domain_name*]
# (Optional) Name of domain for $username
# Defaults to 'Default'
#
# [*project_domain_name*]
# (Optional) Name of domain for $project_name
# Defaults to 'Default'
#
# [*system_scope*]
# (Optional) Scope for system operations
# Defaults to $facts['os_service_default']
#
# [*insecure*]
# (Optional) If true, explicitly allow TLS without checking server cert
# against any certificate authorities. WARNING: not recommended. Use with
# caution.
# Defaults to $facts['os_service_default']
#
# [*auth_section*]
# (Optional) Config Section from which to load plugin specific options
# Defaults to $facts['os_service_default'].
#
# [*auth_type*]
# (Optional) Authentication type to load
# Defaults to 'password'.
#
# [*www_authenticate_uri*]
# (Optional) Complete public Identity API endpoint.
# Defaults to 'http://127.0.0.1:5000'.
#
# [*auth_version*]
# (Optional) API version of the admin Identity API endpoint.
# Defaults to $facts['os_service_default'].
#
# [*cache*]
# (Optional) Env key for the swift cache.
# Defaults to $facts['os_service_default'].
#
# [*cafile*]
# (Optional) A PEM encoded Certificate Authority to use when verifying HTTPs
# connections.
# Defaults to $facts['os_service_default'].
#
# [*certfile*]
# (Optional) Required if identity server requires client certificate
# Defaults to $facts['os_service_default'].
#
# [*delay_auth_decision*]
# (Optional) Do not handle authorization requests within the middleware, but
# delegate the authorization decision to downstream WSGI components. Boolean
# value
# Defaults to $facts['os_service_default'].
#
# [*enforce_token_bind*]
# (Optional) Used to control the use and type of token binding. Can be set
# to: "disabled" to not check token binding. "permissive" (default) to
# validate binding information if the bind type is of a form known to the
# server and ignore it if not. "strict" like "permissive" but if the bind
# type is unknown the token will be rejected. "required" any form of token
# binding is needed to be allowed. Finally the name of a binding method that
# must be present in tokens. String value.
# Defaults to $facts['os_service_default'].
#
# [*http_connect_timeout*]
# (Optional) Request timeout value for communicating with Identity API
# server.
# Defaults to $facts['os_service_default'].
#
# [*http_request_max_retries*]
# (Optional) How many times are we trying to reconnect when communicating
# with Identity API Server. Integer value
# Defaults to $facts['os_service_default'].
#
# [*include_service_catalog*]
# (Optional) Indicate whether to set the X-Service-Catalog header. If False,
# middleware will not ask for service catalog on token validation and will
# not set the X-Service-Catalog header. Boolean value.
# Defaults to $facts['os_service_default'].
#
# [*keyfile*]
# (Optional) Required if identity server requires client certificate
# Defaults to $facts['os_service_default'].
#
# [*memcache_pool_conn_get_timeout*]
# (Optional) Number of seconds that an operation will wait to get a memcached
# client connection from the pool. Integer value
# Defaults to $facts['os_service_default'].
#
# [*memcache_pool_dead_retry*]
# (Optional) Number of seconds memcached server is considered dead before it
# is tried again. Integer value
# Defaults to $facts['os_service_default'].
#
# [*memcache_pool_maxsize*]
# (Optional) Maximum total number of open connections to every memcached
# server. Integer value
# Defaults to $facts['os_service_default'].
#
# [*memcache_pool_socket_timeout*]
# (Optional) Number of seconds a connection to memcached is held unused in
# the pool before it is closed. Integer value
# Defaults to $facts['os_service_default'].
#
# [*memcache_pool_unused_timeout*]
# (Optional) Number of seconds a connection to memcached is held unused in
# the pool before it is closed. Integer value
# Defaults to $facts['os_service_default'].
#
# [*memcache_secret_key*]
# (Optional, mandatory if memcache_security_strategy is defined) This string
# is used for key derivation.
# Defaults to $facts['os_service_default'].
#
# [*memcache_security_strategy*]
# (Optional) If defined, indicate whether token data should be authenticated
# or authenticated and encrypted. If MAC, token data is authenticated (with
# HMAC) in the cache. If ENCRYPT, token data is encrypted and authenticated in the
# cache. If the value is not one of these options or empty, auth_token will
# raise an exception on initialization.
# Defaults to $facts['os_service_default'].
#
# [*memcache_use_advanced_pool*]
# (Optional) Use the advanced (eventlet safe) memcached client pool. The
# advanced pool will only work under python 2.x Boolean value
# Defaults to $facts['os_service_default'].
#
# [*memcached_servers*]
# (Optional) Optionally specify a list of memcached server(s) to use for
# caching. If left undefined, tokens will instead be cached in-process.
# Defaults to $facts['os_service_default'].
#
# [*manage_memcache_package*]
# (Optional) Whether to install the python-memcache package.
# Defaults to false.
#
# [*region_name*]
# (Optional) The region in which the identity server can be found.
# Defaults to $facts['os_service_default'].
#
# [*token_cache_time*]
# (Optional) In order to prevent excessive effort spent validating tokens,
# the middleware caches previously-seen tokens for a configurable duration
# (in seconds). Set to -1 to disable caching completely. Integer value
# Defaults to $facts['os_service_default'].
#
# [*service_token_roles*]
# (Optional) A choice of roles that must be present in a service token.
# Service tokens are allowed to request that an expired token
# can be used and so this check should tightly control that
# only actual services should be sending this token. Roles
# here are applied as an ANY check so any role in this list
# must be present. For backwards compatibility reasons this
# currently only affects the allow_expired check. (list value)
# Defaults to $facts['os_service_default'].
#
# [*service_token_roles_required*]
# (optional) backwards compatibility to ensure that the service tokens are
# compared against a list of possible roles for validity
# true/false
# Defaults to $facts['os_service_default'].
#
# [*service_type*]
# (Optional) The name or type of the service as it appears in the service
# catalog. This is used to validate tokens that have restricted access rules.
# Defaults to $facts['os_service_default'].
#
# [*interface*]
# (Optional) Interface to use for the Identity API endpoint. Valid values are
# "public", "internal" or "admin".
# Defaults to $facts['os_service_default'].
#
# [*params*]
# (Optional) Hash of additional parameters to pass through to the keystone
# authtoken class. Values set here override the individual parameters above.
#
class ironic::inspector::authtoken (
String[1] $password,
$username = 'ironic-inspector',
$auth_url = 'http://127.0.0.1:5000',
$project_name = 'services',
$user_domain_name = 'Default',
$project_domain_name = 'Default',
$system_scope = $facts['os_service_default'],
$insecure = $facts['os_service_default'],
$auth_section = $facts['os_service_default'],
$auth_type = 'password',
$www_authenticate_uri = 'http://127.0.0.1:5000',
$auth_version = $facts['os_service_default'],
$cache = $facts['os_service_default'],
$cafile = $facts['os_service_default'],
$certfile = $facts['os_service_default'],
$delay_auth_decision = $facts['os_service_default'],
$enforce_token_bind = $facts['os_service_default'],
$http_connect_timeout = $facts['os_service_default'],
$http_request_max_retries = $facts['os_service_default'],
$include_service_catalog = $facts['os_service_default'],
$keyfile = $facts['os_service_default'],
$memcache_pool_conn_get_timeout = $facts['os_service_default'],
$memcache_pool_dead_retry = $facts['os_service_default'],
$memcache_pool_maxsize = $facts['os_service_default'],
$memcache_pool_socket_timeout = $facts['os_service_default'],
$memcache_pool_unused_timeout = $facts['os_service_default'],
$memcache_secret_key = $facts['os_service_default'],
$memcache_security_strategy = $facts['os_service_default'],
$memcache_use_advanced_pool = $facts['os_service_default'],
$memcached_servers = $facts['os_service_default'],
$manage_memcache_package = false,
$region_name = $facts['os_service_default'],
$token_cache_time = $facts['os_service_default'],
$service_token_roles = $facts['os_service_default'],
$service_token_roles_required = $facts['os_service_default'],
$service_type = $facts['os_service_default'],
$interface = $facts['os_service_default'],
$params = {}
) {
include ironic::deps
keystone::resource::authtoken {
'ironic_inspector_config':
* => $params;
default:
username => $username,
password => $password,
project_name => $project_name,
auth_url => $auth_url,
www_authenticate_uri => $www_authenticate_uri,
auth_version => $auth_version,
auth_type => $auth_type,
auth_section => $auth_section,
user_domain_name => $user_domain_name,
project_domain_name => $project_domain_name,
system_scope => $system_scope,
insecure => $insecure,
cache => $cache,
cafile => $cafile,
certfile => $certfile,
delay_auth_decision => $delay_auth_decision,
enforce_token_bind => $enforce_token_bind,
http_connect_timeout => $http_connect_timeout,
http_request_max_retries => $http_request_max_retries,
include_service_catalog => $include_service_catalog,
keyfile => $keyfile,
memcache_pool_conn_get_timeout => $memcache_pool_conn_get_timeout,
memcache_pool_dead_retry => $memcache_pool_dead_retry,
memcache_pool_maxsize => $memcache_pool_maxsize,
memcache_pool_socket_timeout => $memcache_pool_socket_timeout,
memcache_secret_key => $memcache_secret_key,
memcache_security_strategy => $memcache_security_strategy,
memcache_use_advanced_pool => $memcache_use_advanced_pool,
memcache_pool_unused_timeout => $memcache_pool_unused_timeout,
memcached_servers => $memcached_servers,
manage_memcache_package => $manage_memcache_package,
region_name => $region_name,
token_cache_time => $token_cache_time,
service_token_roles => $service_token_roles,
service_token_roles_required => $service_token_roles_required,
service_type => $service_type,
interface => $interface;
}
Keystone::Resource::Authtoken['ironic_inspector_config'] -> Anchor['ironic-inspector::config::end']
}

24
manifests/inspector/client.pp
View File

@@ -1,24 +0,0 @@
# Class ironic::inspector::client
#
# Manages the ironic inspector client package on systems
#
# === Parameters:
#
# [*package_ensure*]
# (optional) The state of the package
# Defaults to present
#
class ironic::inspector::client (
Stdlib::Ensure::Package $package_ensure = present,
) {
include ironic::deps
include ironic::params
package { 'python-ironic-inspector-client':
ensure => $package_ensure,
name => $ironic::params::inspector_client_package,
tag => ['openstack', 'openstackclient'],
}
include openstacklib::openstackclient
}

29
manifests/inspector/config.pp
View File

@@ -1,29 +0,0 @@
# == Class: ironic::inspector::config
#
# This class is used to manage arbitrary Ironic-inspector configurations.
#
# === Parameters
#
# [*ironic_inspector_config*]
# (optional) Allow configuration of arbitrary Ironic-inspector configurations.
# The value is an hash of ironic_config resources. Example:
# { 'DEFAULT/foo' => { value => 'fooValue'},
# 'DEFAULT/bar' => { value => 'barValue'}
# }
# In yaml format, Example:
# ironic_config:
# DEFAULT/foo:
# value: fooValue
# DEFAULT/bar:
# value: barValue
#
# NOTE: The configuration MUST NOT be already handled by this module
# or Puppet catalog compilation will fail with duplicate resources.
#
class ironic::inspector::config (
Hash $ironic_inspector_config = {},
) {
include ironic::deps
create_resources('ironic_inspector_config', $ironic_inspector_config)
}

23
manifests/inspector/coordination.pp
View File

@@ -1,23 +0,0 @@
# == Class: ironic::inspector::coordination
#
# Setup and configure ironic-inspector coordination settings.
#
# === Parameters
#
# [*backend_url*]
# (Optional) Coordination backend URL.
# Defaults to $facts['os_service_default']
#
class ironic::inspector::coordination (
$backend_url = $facts['os_service_default'],
) {
include ironic::deps
oslo::coordination { 'ironic_inspector_config':
backend_url => $backend_url,
}
# all coordination settings should be applied and all packages should be
# installed before service startup
Oslo::Coordination['ironic_inspector_config'] -> Anchor['ironic-inspector::service::begin']
}

57
manifests/inspector/cors.pp
View File

@@ -1,57 +0,0 @@
# == Class: ironic::inspector::cors
#
# Configure the ironic inspector cors
#
# === Parameters
#
# [*allowed_origin*]
# (Optional) Indicate whether this resource may be shared with the domain
# received in the requests "origin" header.
# (string value)
# Defaults to $facts['os_service_default'].
#
# [*allow_credentials*]
# (Optional) Indicate that the actual request can include user credentials.
# (boolean value)
# Defaults to $facts['os_service_default'].
#
# [*expose_headers*]
# (Optional) Indicate which headers are safe to expose to the API.
# (list value)
# Defaults to $facts['os_service_default'].
#
# [*max_age*]
# (Optional) Maximum cache age of CORS preflight requests.
# (integer value)
# Defaults to $facts['os_service_default'].
#
# [*allow_methods*]
# (Optional) Indicate which methods can be used during the actual request.
# (list value)
# Defaults to $facts['os_service_default'].
#
# [*allow_headers*]
# (Optional) Indicate which header field names may be used during the actual
# request.
# (list value)
# Defaults to $facts['os_service_default'].
#
class ironic::inspector::cors (
$allowed_origin = $facts['os_service_default'],
$allow_credentials = $facts['os_service_default'],
$expose_headers = $facts['os_service_default'],
$max_age = $facts['os_service_default'],
$allow_methods = $facts['os_service_default'],
$allow_headers = $facts['os_service_default'],
) {
include ironic::deps
oslo::cors { 'ironic_inspector_config':
allowed_origin => $allowed_origin,
allow_credentials => $allow_credentials,
expose_headers => $expose_headers,
max_age => $max_age,
allow_methods => $allow_methods,
allow_headers => $allow_headers,
}
}

74
manifests/inspector/db.pp
View File

@@ -1,74 +0,0 @@
# == Class: ironic::inspector::db
#
# Configure the Ironic Inspector database
#
# === Parameters
#
# [*database_connection*]
# Url used to connect to database.
# (Optional) Defaults to 'sqlite:////var/lib/ironic-inspector/inspector.sqlite'.
#
# [*database_connection_recycle_time*]
# Timeout when db connections should be reaped.
# (Optional) Defaults to $facts['os_service_default']
#
# [*database_db_max_retries*]
# (Optional) Maximum retries in case of connection error or deadlock error
# before error is raised. Set to -1 to specify an infinite retry count.
# Defaults to $facts['os_service_default']
#
# [*database_max_retries*]
# Maximum db connection retries during startup.
# Setting -1 implies an infinite retry count.
# (Optional) Defaults to $facts['os_service_default']
#
# [*database_retry_interval*]
# Interval between retries of opening a sql connection.
# (Optional) Defaults to $facts['os_service_default']
#
# [*database_max_pool_size*]
# Maximum number of SQL connections to keep open in a pool.
# (Optional) Defaults to $facts['os_service_default']
#
# [*database_max_overflow*]
# If set, use this value for max_overflow with sqlalchemy.
# (Optional) Defaults to $facts['os_service_default']
#
# [*database_pool_timeout*]
# (Optional) If set, use this value for pool_timeout with SQLAlchemy.
# Defaults to $facts['os_service_default']
#
# [*mysql_enable_ndb*]
# (Optional) If True, transparently enables support for handling MySQL
# Cluster (NDB).
# Defaults to $facts['os_service_default']
#
class ironic::inspector::db (
$database_connection = 'sqlite:////var/lib/ironic-inspector/inspector.sqlite',
$database_connection_recycle_time = $facts['os_service_default'],
$database_max_retries = $facts['os_service_default'],
$database_db_max_retries = $facts['os_service_default'],
$database_retry_interval = $facts['os_service_default'],
$database_max_pool_size = $facts['os_service_default'],
$database_max_overflow = $facts['os_service_default'],
$database_pool_timeout = $facts['os_service_default'],
$mysql_enable_ndb = $facts['os_service_default'],
) {
include ironic::deps
oslo::db { 'ironic_inspector_config':
connection => $database_connection,
connection_recycle_time => $database_connection_recycle_time,
max_pool_size => $database_max_pool_size,
max_retries => $database_max_retries,
db_max_retries => $database_max_retries,
retry_interval => $database_retry_interval,
max_overflow => $database_max_overflow,
pool_timeout => $database_pool_timeout,
mysql_enable_ndb => $mysql_enable_ndb,
}
# all db settings should be applied and all packages should be installed
# before dbsync starts
Oslo::Db['ironic_inspector_config'] -> Anchor['ironic-inspector::dbsync::begin']
}

71
manifests/inspector/db/mysql.pp
View File

@@ -1,71 +0,0 @@
#
# Copyright (C) 2013 eNovance SAS <licensing@enovance.com>
#
# Author: Emilien Macchi <emilien.macchi@enovance.com>
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# ironic::inspector::db::mysql
#
# [*password*]
# (Required) Password to use for the ironic-inspector user
#
# [*dbname*]
# (Optional) The name of the database
# Defaults to 'ironic-inspector'
#
# [*user*]
# (Optional) The mysql user to create
# Defaults to 'ironic-inspector'
#
# [*host*]
# (Optional) The IP address of the mysql server
# Defaults to '127.0.0.1'
#
# [*charset*]
# (Optional) The charset to use for the ironic-inspector database
# Defaults to 'utf8'
#
# [*collate*]
# (Optional) The collate to use for the ironic-inspector database
# Defaults to 'utf8_general_ci'
#
# [*allowed_hosts*]
# (Optional) Additional hosts that are allowed to access this DB
# Defaults to undef
#
class ironic::inspector::db::mysql (
$password,
$dbname = 'ironic-inspector',
$user = 'ironic-inspector',
$host = '127.0.0.1',
$allowed_hosts = undef,
$charset = 'utf8',
$collate = 'utf8_general_ci',
) {
include ironic::deps
openstacklib::db::mysql { 'ironic-inspector':
user => $user,
password => $password,
dbname => $dbname,
host => $host,
charset => $charset,
collate => $collate,
allowed_hosts => $allowed_hosts,
}
Anchor['ironic-inspector::db::begin']
~> Class['ironic::inspector::db::mysql']
~> Anchor['ironic-inspector::db::end']
}

47
manifests/inspector/db/postgresql.pp
View File

@@ -1,47 +0,0 @@
# == Class: ironic::db::postgresql
#
# Class that configures postgresql for ironic-inspector
# Requires the Puppetlabs postgresql module.
#
# === Parameters
#
# [*password*]
# (Required) Password to connect to the database.
#
# [*dbname*]
# (Optional) Name of the database.
# Defaults to 'ironic-inspector'.
#
# [*user*]
# (Optional) User to connect to the database.
# Defaults to 'ironic-inspector'.
#
# [*encoding*]
# (Optional) The charset to use for the database.
# Default to undef.
#
# [*privileges*]
# (Optional) Privileges given to the database user.
# Default to 'ALL'
#
class ironic::inspector::db::postgresql (
$password,
$dbname = 'ironic-inspector',
$user = 'ironic-inspector',
$encoding = undef,
$privileges = 'ALL',
) {
include ironic::deps
openstacklib::db::postgresql { 'ironic-inspector':
password => $password,
dbname => $dbname,
user => $user,
encoding => $encoding,
privileges => $privileges,
}
Anchor['ironic-inspector::db::begin']
~> Class['ironic::inspector::db::postgresql']
~> Anchor['ironic-inspector::db::end']
}

31
manifests/inspector/db/sync.pp
View File

@@ -1,31 +0,0 @@
#
# Class to execute ironic-inspector dbsync
#
# == Parameters
#
# [*db_sync_timeout*]
# (Optional) Timeout for the execution of the db_sync
# Defaults to 300
#
class ironic::inspector::db::sync (
$db_sync_timeout = 300,
) {
include ironic::deps
include ironic::params
exec { 'ironic-inspector-dbsync':
command => $ironic::params::inspector_dbsync_command,
path => '/usr/bin',
user => $ironic::params::inspector_user,
refreshonly => true,
timeout => $db_sync_timeout,
logoutput => on_failure,
subscribe => [
Anchor['ironic-inspector::install::end'],
Anchor['ironic-inspector::config::end'],
Anchor['ironic-inspector::dbsync::begin']
],
notify => Anchor['ironic-inspector::dbsync::end'],
tag => 'openstack-db',
}
}

69
manifests/inspector/healthcheck.pp
View File

@@ -1,69 +0,0 @@
# == Class: ironic::inspector::healthcheck
#
# Configure oslo_middleware options in healthcheck section
#
# == Params
#
# [*enabled*]
# (Optional) Enable the healthcheck endpoint at /healthcheck.
# Defaults to $facts['os_service_default']
#
# [*detailed*]
# (Optional) Show more detailed information as part of the response.
# Defaults to $facts['os_service_default']
#
# [*backends*]
# (Optional) Additional backends that can perform health checks and report
# that information back as part of a request.
# Defaults to $facts['os_service_default']
#
# [*allowed_source_ranges*]
# (Optional) A list of network addresses to limit source ip allowed to access
# healthcheck information.
# Defaults to $facts['os_service_default']
#
# [*ignore_proxied_requests*]
# (Optional) Ignore requests with proxy headers
# Defaults to $facts['os_service_default']
#
# [*disable_by_file_path*]
# (Optional) Check the presence of a file to determine if an application
# is running on a port.
# Defaults to $facts['os_service_default']
#
# [*disable_by_file_paths*]
# (Optional) Check the presence of a file to determine if an application
# is running on a port. Expects a "port:path" list of strings.
# Defaults to $facts['os_service_default']
#
# [*enable_by_file_paths*]
# (Optional) Check the presence of files. Used by EnableByFilesHealthcheck
# plugin.
# Defaults to $facts['os_service_default']
#
class ironic::inspector::healthcheck (
$enabled = $facts['os_service_default'],
$detailed = $facts['os_service_default'],
$backends = $facts['os_service_default'],
$allowed_source_ranges = $facts['os_service_default'],
$ignore_proxied_requests = $facts['os_service_default'],
$disable_by_file_path = $facts['os_service_default'],
$disable_by_file_paths = $facts['os_service_default'],
$enable_by_file_paths = $facts['os_service_default'],
) {
include ironic::deps
ironic_inspector_config {
'healthcheck/enabled': value => $enabled;
}
oslo::healthcheck { 'ironic_inspector_config':
detailed => $detailed,
backends => $backends,
allowed_source_ranges => $allowed_source_ranges,
ignore_proxied_requests => $ignore_proxied_requests,
disable_by_file_path => $disable_by_file_path,
disable_by_file_paths => $disable_by_file_paths,
enable_by_file_paths => $enable_by_file_paths,
}
}

101
manifests/inspector/ironic.pp
View File

@@ -1,101 +0,0 @@
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: ironic::inspector::ironic
#
# [*password*]
# (Required) The admin password for ironic-inspector to connect to ironic.
#
# [*auth_type*]
# (Optional) The authentication plugin to use when connecting to ironic.
# Defaults to 'password'
#
# [*auth_url*]
# (Optional) The address of the keystone api endpoint.
# Defaults to 'http://127.0.0.1:5000'
#
# [*project_name*]
# (Optional) The Keystone project name.
# Defaults to 'services'
#
# [*username*]
# (Optional) The admin username for ironic-inspector to connect to ironic.
# Defaults to 'ironic-inspector'.
#
# [*user_domain_name*]
# (Optional) The name of user's domain.
# Defaults to 'Default'
#
# [*project_domain_name*]
# (Optional) The name of project's domain.
# Defaults to 'Default'
#
# [*system_scope*]
# (Optional) Scope for system operations
# Defaults to $facts['os_service_default']
#
# [*region_name*]
# (Optional) Region name for connecting to ironic in admin context
# through the OpenStack Identity service.
# Defaults to $facts['os_service_default']
#
# [*endpoint_override*]
# (Optional) The endpoint URL for requests for this client
# Defaults to $facts['os_service_default']
#
# [*max_retries*]
# (Optional) Maximum number of retries in case of conflict error
# Defaults to $facts['os_service_default']
#
# [*retry_interval*]
# (Optional) Interval between retries in case of conflict error
# Defaults to $facts['os_service_default']
#
class ironic::inspector::ironic (
$password,
$auth_type = 'password',
$auth_url = 'http://127.0.0.1:5000',
$project_name = 'services',
$username = 'ironic-inspector',
$user_domain_name = 'Default',
$project_domain_name = 'Default',
$system_scope = $facts['os_service_default'],
$region_name = $facts['os_service_default'],
$endpoint_override = $facts['os_service_default'],
$max_retries = $facts['os_service_default'],
$retry_interval = $facts['os_service_default'],
) {
include ironic::deps
if is_service_default($system_scope) {
$project_name_real = $project_name
$project_domain_name_real = $project_domain_name
} else {
$project_name_real = $facts['os_service_default']
$project_domain_name_real = $facts['os_service_default']
}
ironic_inspector_config {
'ironic/auth_type': value => $auth_type;
'ironic/username': value => $username;
'ironic/password': value => $password, secret => true;
'ironic/auth_url': value => $auth_url;
'ironic/project_name': value => $project_name_real;
'ironic/user_domain_name': value => $user_domain_name;
'ironic/project_domain_name': value => $project_domain_name_real;
'ironic/system_scope': value => $system_scope;
'ironic/region_name': value => $region_name;
'ironic/endpoint_override': value => $endpoint_override;
'ironic/max_retries': value => $max_retries;
'ironic/retry_interval': value => $retry_interval;
}
}

138
manifests/inspector/logging.pp
View File

@@ -1,138 +0,0 @@
# Class ironic::inspector::logging
#
# ironic-inspector logging configuration
#
# == parameters
#
# [*debug*]
# (Optional) Should the daemons log debug messages
# Defaults to $facts['os_service_default']
#
# [*use_syslog*]
# (Optional) Use syslog for logging.
# Defaults to $facts['os_service_default']
#
# [*use_json*]
# (Optional) Use json for logging.
# Defaults to $facts['os_service_default']
#
# [*use_stderr*]
# (optional) Use stderr for logging
# Defaults to $facts['os_service_default']
#
# [*log_facility*]
# (Optional) Syslog facility to receive log lines.
# Defaults to $facts['os_service_default']
#
# [*log_dir*]
# (optional) Directory where logs should be stored.
# If set to $facts['os_service_default'], it will not log to any directory.
# Defaults to '/var/log/ironic-inspector'
#
# [*log_file*]
# (Optional) File where logs should be stored.
# Defaults to $facts['os_service_default']
#
# [*logging_context_format_string*]
# (optional) Format string to use for log messages with context.
# Defaults to $facts['os_service_default']
# Example: '%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s\
# [%(request_id)s %(user_identity)s] %(instance)s%(message)s'
#
# [*logging_default_format_string*]
# (optional) Format string to use for log messages without context.
# Defaults to$facts['os_service_default']
# Example: '%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s\
# [-] %(instance)s%(message)s'
#
# [*logging_debug_format_suffix*]
# (optional) Formatted data to append to log format when level is DEBUG.
# Defaults to $facts['os_service_default']
# Example: '%(funcName)s %(pathname)s:%(lineno)d'
#
# [*logging_exception_prefix*]
# (optional) Prefix each line of exception output with this format.
# Defaults to $facts['os_service_default']
# Example: '%(asctime)s.%(msecs)03d %(process)d TRACE %(name)s %(instance)s'
#
# [*log_config_append*]
# The name of an additional logging configuration file.
# Defaults to $facts['os_service_default']
# See https://docs.python.org/2/howto/logging.html
#
# [*default_log_levels*]
# (optional) Hash of logger (keys) and level (values) pairs.
# Defaults to $facts['os_service_default']
# Example:
# { 'amqp' => 'WARN', 'amqplib' => 'WARN', 'boto' => 'WARN',
# 'sqlalchemy' => 'WARN', 'suds' => 'INFO', 'iso8601' => 'WARN',
# 'requests.packages.urllib3.connectionpool' => 'WARN' }
#
# [*publish_errors*]
# (optional) Publish error events (boolean value).
# Defaults to $facts['os_service_default']
#
# [*fatal_deprecations*]
# (optional) Make deprecations fatal (boolean value)
# Defaults to $facts['os_service_default']
#
# [*instance_format*]
# (optional) If an instance is passed with the log message, format it
# like this (string value).
# Defaults to $facts['os_service_default']
# Example: '[instance: %(uuid)s] '
#
# [*instance_uuid_format*]
# (optional) If an instance UUID is passed with the log message, format
# it like this (string value).
# Defaults to $facts['os_service_default']
# Example: instance_uuid_format='[instance: %(uuid)s] '
#
# [*log_date_format*]
# (optional) Format string for %%(asctime)s in log records.
# Defaults to $facts['os_service_default']
# Example: 'Y-%m-%d %H:%M:%S'
#
class ironic::inspector::logging (
$use_syslog = $facts['os_service_default'],
$use_json = $facts['os_service_default'],
$use_stderr = $facts['os_service_default'],
$log_facility = $facts['os_service_default'],
$log_dir = '/var/log/ironic-inspector',
$log_file = $facts['os_service_default'],
$debug = $facts['os_service_default'],
$logging_context_format_string = $facts['os_service_default'],
$logging_default_format_string = $facts['os_service_default'],
$logging_debug_format_suffix = $facts['os_service_default'],
$logging_exception_prefix = $facts['os_service_default'],
$log_config_append = $facts['os_service_default'],
$default_log_levels = $facts['os_service_default'],
$publish_errors = $facts['os_service_default'],
$fatal_deprecations = $facts['os_service_default'],
$instance_format = $facts['os_service_default'],
$instance_uuid_format = $facts['os_service_default'],
$log_date_format = $facts['os_service_default'],
) {
include ironic::deps
oslo::log { 'ironic_inspector_config':
debug => $debug,
use_stderr => $use_stderr,
use_syslog => $use_syslog,
use_json => $use_json,
log_dir => $log_dir,
log_file => $log_file,
syslog_log_facility => $log_facility,
logging_context_format_string => $logging_context_format_string,
logging_default_format_string => $logging_default_format_string,
logging_debug_format_suffix => $logging_debug_format_suffix,
logging_exception_prefix => $logging_exception_prefix,
log_config_append => $log_config_append,
default_log_levels => $default_log_levels,
publish_errors => $publish_errors,
fatal_deprecations => $fatal_deprecations,
instance_format => $instance_format,
instance_uuid_format => $instance_uuid_format,
log_date_format => $log_date_format,
}
}

83
manifests/inspector/policy.pp
View File

@@ -1,83 +0,0 @@
# == Class: ironic::inspector::policy
#
# Configure the ironic-inspector policies
#
# === Parameters
#
# [*enforce_scope*]
# (Optional) Whether or not to enforce scope when evaluating policies.
# Defaults to $facts['os_service_default'].
#
# [*enforce_new_defaults*]
# (Optional) Whether or not to use old deprecated defaults when evaluating
# policies.
# Defaults to $facts['os_service_default'].
#
# [*policies*]
# (Optional) Set of policies to configure for ironic-inspector
# Example :
# {
# 'ironic_inspector-context_is_admin' => {
# 'key' => 'context_is_admin',
# 'value' => 'true'
# },
# 'ironic_inspector-default' => {
# 'key' => 'default',
# 'value' => 'rule:admin_or_owner'
# }
# }
# Defaults to empty hash.
#
# [*policy_path*]
# (Optional) Path to the ironic-inspector policy.yaml file
# Defaults to /etc/ironic-inspector/policy.yaml
#
# [*policy_default_rule*]
# (Optional) Default rule. Enforced when a requested rule is not found.
# Defaults to $facts['os_service_default'].
#
# [*policy_dirs*]
# (Optional) Path to the ironic-inspector policy folder
# Defaults to $facts['os_service_default']
#
# [*purge_config*]
# (optional) Whether to set only the specified policy rules in the policy
# file.
# Defaults to false.
#
class ironic::inspector::policy (
$enforce_scope = $facts['os_service_default'],
$enforce_new_defaults = $facts['os_service_default'],
Openstacklib::Policies $policies = {},
Stdlib::Absolutepath $policy_path = '/etc/ironic-inspector/policy.yaml',
$policy_default_rule = $facts['os_service_default'],
$policy_dirs = $facts['os_service_default'],
Boolean $purge_config = false,
) {
include ironic::deps
include ironic::params
$policy_parameters = {
policies => $policies,
policy_path => $policy_path,
file_user => 'root',
file_group => $ironic::params::inspector_group,
file_format => 'yaml',
purge_config => $purge_config,
}
create_resources('openstacklib::policy', { $policy_path => $policy_parameters })
# policy config should occur in the config block also.
Anchor['ironic-inspector::config::begin']
-> Openstacklib::Policy[$policy_path]
-> Anchor['ironic-inspector::config::end']
oslo::policy { 'ironic_inspector_config':
enforce_scope => $enforce_scope,
enforce_new_defaults => $enforce_new_defaults,
policy_file => $policy_path,
policy_default_rule => $policy_default_rule,
policy_dirs => $policy_dirs,
}
}

36
manifests/inspector/pxe_filter.pp
View File

@@ -1,36 +0,0 @@
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
# Configure PXE filters for ironic-inspector
#
# === Parameters
#
# [*driver*]
# (optional) PXE filter driver to use.
# Defaults to $facts['os_service_default'].
#
# [*sync_period*]
# (optional) Number of seconds between periodic updates of filters.
# Should be a non-negative integer value.
# Defaults to $facts['os_service_default'].
#
class ironic::inspector::pxe_filter (
$driver = $facts['os_service_default'],
$sync_period = $facts['os_service_default'],
) {
include ironic::deps
ironic_inspector_config {
'pxe_filter/driver': value => $driver;
'pxe_filter/sync_period': value => $sync_period;
}
}

53
manifests/inspector/pxe_filter/dnsmasq.pp
View File

@@ -1,53 +0,0 @@
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
# Configure parameters related to the "dnsmasq" PXE filter
#
# === Parameters
#
# [*dnsmasq_start_command*]
# (optional) A (shell) command line to start the dnsmasq service.
# Defaults to $facts['os_service_default'].
#
# [*dnsmasq_stop_command*]
# (optional) A (shell) command line to stop the dnsmasq service.
# Defaults to $facts['os_service_default'].
#
# [*purge_dhcp_hostsdir*]
# (optional) Purge the hostsdir upon driver initialization. Setting to false
# should only be performed when the deployment of inspector is such that
# there are multiple processes executing inside of the same host and
# namespace. In this case, the Operator is responsible for setting up a
# custom cleaning facility.
# Defaults to $facts['os_service_default'].
#
class ironic::inspector::pxe_filter::dnsmasq (
$dnsmasq_start_command = $facts['os_service_default'],
$dnsmasq_stop_command = $facts['os_service_default'],
$purge_dhcp_hostsdir = $facts['os_service_default'],
) {
include ironic::deps
include ironic::inspector
if $ironic::inspector::dnsmasq_dhcp_hostsdir == undef {
warning("The ironic::inspector::dnsmasq_dhcp_hostsdir parameter should be \
configured properly to use dnsmasq PXE filter.")
}
$hostsdir = pick($ironic::inspector::dnsmasq_dhcp_hostsdir, $facts['os_service_default'])
ironic_inspector_config {
'dnsmasq_pxe_filter/dhcp_hostsdir': value => $hostsdir;
'dnsmasq_pxe_filter/dnsmasq_start_command': value => $dnsmasq_start_command;
'dnsmasq_pxe_filter/dnsmasq_stop_command': value => $dnsmasq_stop_command;
'dnsmasq_pxe_filter/purge_dhcp_hostsdir': value => $purge_dhcp_hostsdir;
}
}

44
manifests/inspector/pxe_filter/iptables.pp
View File

@@ -1,44 +0,0 @@
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
# Configure parameters related to the "iptables" PXE filter
#
# === Parameters
#
# [*firewall_chain*]
# (optional) iptables chain name to use.
# Defaults to $facts['os_service_default'].
#
# [*ethoib_interfaces*]
# (optional) List of Ethernet Over InfiniBand interfaces on the Inspector
# host which are used for physical access to the DHCP network.
# Defaults to $facts['os_service_default'].
#
# [*ip_version*]
# (optional) The IP version that will be used for iptables filter.
# Defaults to $facts['os_service_default'].
#
class ironic::inspector::pxe_filter::iptables (
$firewall_chain = $facts['os_service_default'],
$ethoib_interfaces = $facts['os_service_default'],
$ip_version = $facts['os_service_default'],
) {
include ironic::deps
include ironic::inspector
ironic_inspector_config {
'iptables/dnsmasq_interface': value => $ironic::inspector::dnsmasq_interface;
'iptables/firewall_chain': value => $firewall_chain;
'iptables/ethoib_interfaces': value => join(any2array($ethoib_interfaces), ',');
'iptables/ip_version': value => $ip_version;
}
}

92
manifests/inspector/service_catalog.pp
View File

@@ -1,92 +0,0 @@
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: ironic::inspector::service_catalog
#
# [*password*]
# (Required) The admin password for ironic-inspector to connect to the
# service catalog.
#
# [*auth_type*]
# (Optional) The authentication plugin to use when connecting to the service
# catalog.
# Defaults to 'password'
#
# [*auth_url*]
# (Optional) The address of the keystone api endpoint.
# Defaults to 'http://127.0.0.1:5000'
#
# [*project_name*]
# (Optional) The Keystone project name.
# Defaults to 'services'
#
# [*username*]
# (Optional) The admin username for ironic-inspector to connect to
# the service catalog.
# Defaults to 'ironic-inspector'.
#
# [*user_domain_name*]
# (Optional) The name of user's domain.
# Defaults to 'Default'
#
# [*project_domain_name*]
# (Optional) The name of project's domain.
# Defaults to 'Default'
#
# [*system_scope*]
# (Optional) Scope for system operations
# Defaults to $facts['os_service_default']
#
# [*region_name*]
# (Optional) Region name for accessing Keystone catalog
# through the OpenStack Identity service.
# Defaults to $facts['os_service_default']
#
# [*endpoint_override*]
# (Optional) The endpoint URL for requests for this client
# Defaults to $facts['os_service_default']
#
class ironic::inspector::service_catalog (
$password,
$auth_type = 'password',
$auth_url = 'http://127.0.0.1:5000',
$project_name = 'services',
$username = 'ironic-inspector',
$user_domain_name = 'Default',
$project_domain_name = 'Default',
$system_scope = $facts['os_service_default'],
$region_name = $facts['os_service_default'],
$endpoint_override = $facts['os_service_default'],
) {
include ironic::deps
if is_service_default($system_scope) {
$project_name_real = $project_name
$project_domain_name_real = $project_domain_name
} else {
$project_name_real = $facts['os_service_default']
$project_domain_name_real = $facts['os_service_default']
}
ironic_inspector_config {
'service_catalog/auth_type': value => $auth_type;
'service_catalog/username': value => $username;
'service_catalog/password': value => $password, secret => true;
'service_catalog/auth_url': value => $auth_url;
'service_catalog/project_name': value => $project_name_real;
'service_catalog/user_domain_name': value => $user_domain_name;
'service_catalog/project_domain_name': value => $project_domain_name_real;
'service_catalog/system_scope': value => $system_scope;
'service_catalog/region_name': value => $region_name;
'service_catalog/endpoint_override': value => $endpoint_override;
}
}

104
manifests/inspector/swift.pp
View File

@@ -1,104 +0,0 @@
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: ironic::inspector::swift
#
# [*password*]
# (Required) The admin password for ironic-inspector to connect to swift.
# Defaults to $facts['os_service_default']
#
# [*auth_type*]
# (Optional) The authentication plugin to use when connecting to swift.
# Defaults to 'password'
#
# [*auth_url*]
# (Optional) The address of the keystone api endpoint.
# Defaults to 'http://127.0.0.1:5000'
#
# [*project_name*]
# (Optional) The Keystone project name.
# Defaults to 'services'
#
# [*username*]
# (Optional) The admin username for ironic-inspector to connect to swift.
# Defaults to 'ironic-inspector'.
#
# [*user_domain_name*]
# (Optional) The name of user's domain.
# Defaults to 'Default'
#
# [*project_domain_name*]
# (Optional) The name of project's domain.
# Defaults to 'Default'
#
# [*system_scope*]
# (Optional) Scope for system operations
# Defaults to $facts['os_service_default']
#
# [*region_name*]
# (Optional) Region name for connecting to swift in admin context
# through the OpenStack Identity service.
# Defaults to $facts['os_service_default']
#
# [*endpoint_override*]
# (Optional) The endpoint URL for requests for this client
# Defaults to $facts['os_service_default']
#
# [*container*]
# (Optional) Default Swift container name to use when creating objects.
# String value
# Defaults to $facts['os_service_default']
#
# [*delete_after*]
# (Optional) Number of seconds that the Swift object will last before being
# deleted.
# Defaults to $facts['os_service_default']
#
class ironic::inspector::swift (
$password,
$auth_type = 'password',
$auth_url = 'http://127.0.0.1:5000',
$project_name = 'services',
$username = 'ironic-inspector',
$user_domain_name = 'Default',
$project_domain_name = 'Default',
$system_scope = $facts['os_service_default'],
$region_name = $facts['os_service_default'],
$endpoint_override = $facts['os_service_default'],
$container = $facts['os_service_default'],
$delete_after = $facts['os_service_default'],
) {
include ironic::deps
if is_service_default($system_scope) {
$project_name_real = $project_name
$project_domain_name_real = $project_domain_name
} else {
$project_name_real = $facts['os_service_default']
$project_domain_name_real = $facts['os_service_default']
}
ironic_inspector_config {
'swift/auth_type': value => $auth_type;
'swift/username': value => $username;
'swift/password': value => $password, secret => true;
'swift/auth_url': value => $auth_url;
'swift/project_name': value => $project_name_real;
'swift/user_domain_name': value => $user_domain_name;
'swift/project_domain_name': value => $project_domain_name_real;
'swift/system_scope': value => $system_scope;
'swift/region_name': value => $region_name;
'swift/endpoint_override': value => $endpoint_override;
'swift/container': value => $container;
'swift/delete_after': value => $delete_after;
}
}

200
manifests/inspector/wsgi/apache.pp
View File

@@ -1,200 +0,0 @@
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# Class to serve ironic API with apache mod_wsgi in place of
# ironic-inspector-api service.
#
# == Parameters
#
# [*servername*]
# (Optional) The servername for the virtualhost.
# Defaults to $facts['networking']['fqdn']
#
# [*port*]
# (Optional) The port.
# Defaults to 5050
#
# [*bind_host*]
# (Optional) The host/ip address Apache will listen on.
# Defaults to undef (listen on all ip addresses).
#
# [*path*]
# (Optional) The prefix for the endpoint.
# Defaults to '/'
#
# [*ssl*]
# (Optional) Use ssl ? (boolean)
# Defaults to false
#
# [*workers*]
# (Optional) Number of WSGI workers to spawn.
# Defaults to $facts['os_workers']
#
# [*priority*]
# (Optional) The priority for the vhost.
# Defaults to 10
#
# [*threads*]
# (Optional) The number of threads for the vhost.
# Defaults to 15
#
# [*wsgi_process_display_name*]
# (Optional) Name of the WSGI process display-name.
# Defaults to undef
#
# [*ssl_cert*]
# [*ssl_key*]
# [*ssl_chain*]
# [*ssl_ca*]
# [*ssl_crl_path*]
# [*ssl_crl*]
# [*ssl_certs_dir*]
# (Optional) apache::vhost ssl parameters.
# Default to apache::vhost 'ssl_*' defaults.
#
# [*access_log_file*]
# (Optional) The log file name for the virtualhost.
# Defaults to undef.
#
# [*access_log_pipe*]
# (Optional) Specifies a pipe where Apache sends access logs for
# the virtualhost.
# Defaults to undef.
#
# [*access_log_syslog*]
# (Optional) Sends the virtualhost access log messages to syslog.
# Defaults to undef.
#
# [*access_log_format*]
# (Optional) The log format for the virtualhost.
# Defaults to undef.
#
# [*error_log_file*]
# (Optional) The error log file name for the virtualhost.
# Defaults to undef.
#
# [*error_log_pipe*]
# (Optional) Specifies a pipe where Apache sends error logs for
# the virtualhost.
# Defaults to undef.
#
# [*error_log_syslog*]
# (Optional) Sends the virtualhost error log messages to syslog.
# Defaults to undef.
#
# [*custom_wsgi_process_options*]
# (Optional) gives you the opportunity to add custom process options or to
# overwrite the default options for the WSGI main process.
# eg. to use a virtual python environment for the WSGI process
# you could set it to:
# { python-path => '/my/python/virtualenv' }
# Defaults to {}
#
# [*headers*]
# (Optional) Headers for the vhost.
# Defaults to undef
#
# [*request_headers*]
# (Optional) Modifies collected request headers in various ways.
# Defaults to undef
#
# [*vhost_custom_fragment*]
# (Optional) Passes a string of custom configuration
# directives to be placed at the end of the vhost configuration.
# Defaults to undef.
#
# == Dependencies
#
# requires Class['apache'] & Class['ironic::inspector']
#
# == Examples
#
# include apache
#
# class { 'ironic::inspector::wsgi::apache': }
#
#
class ironic::inspector::wsgi::apache (
$servername = $facts['networking']['fqdn'],
$port = 5050,
$bind_host = undef,
$path = '/',
$ssl = false,
$workers = $facts['os_workers'],
$ssl_cert = undef,
$ssl_key = undef,
$ssl_chain = undef,
$ssl_ca = undef,
$ssl_crl_path = undef,
$ssl_crl = undef,
$ssl_certs_dir = undef,
$wsgi_process_display_name = undef,
$threads = 15,
$priority = 10,
$access_log_file = undef,
$access_log_pipe = undef,
$access_log_syslog = undef,
$access_log_format = undef,
$error_log_file = undef,
$error_log_pipe = undef,
$error_log_syslog = undef,
$custom_wsgi_process_options = {},
$headers = undef,
$request_headers = undef,
$vhost_custom_fragment = undef,
) {
include ironic::deps
include ironic::params
if $facts['os']['family'] != 'RedHat' {
fail('Non-standalone mode configuration is not supported in this operating system')
}
Anchor['ironic-inspector::install::end'] -> Class['apache']
openstacklib::wsgi::apache { 'ironic_inspector_wsgi':
bind_host => $bind_host,
bind_port => $port,
group => $ironic::params::inspector_group,
path => $path,
priority => $priority,
servername => $servername,
ssl => $ssl,
ssl_ca => $ssl_ca,
ssl_cert => $ssl_cert,
ssl_certs_dir => $ssl_certs_dir,
ssl_chain => $ssl_chain,
ssl_crl => $ssl_crl,
ssl_crl_path => $ssl_crl_path,
ssl_key => $ssl_key,
threads => $threads,
user => $ironic::params::inspector_user,
vhost_custom_fragment => $vhost_custom_fragment,
workers => $workers,
wsgi_daemon_process => 'ironic-inspector',
wsgi_process_display_name => $wsgi_process_display_name,
wsgi_process_group => 'ironic-inspector',
wsgi_script_dir => $ironic::params::inspector_wsgi_script_path,
wsgi_script_file => 'app',
wsgi_script_source => $ironic::params::inspector_wsgi_script_source,
headers => $headers,
request_headers => $request_headers,
custom_wsgi_process_options => $custom_wsgi_process_options,
access_log_file => $access_log_file,
access_log_pipe => $access_log_pipe,
access_log_syslog => $access_log_syslog,
access_log_format => $access_log_format,
error_log_file => $error_log_file,
error_log_pipe => $error_log_pipe,
error_log_syslog => $error_log_syslog,
}
}

143
manifests/keystone/auth_inspector.pp
View File

@@ -1,143 +0,0 @@
#
# Copyright (C) 2015 Red Hat Inc.
#
# Author: Dan Prince <dprince@redhat.com>
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# ironic::keystone::auth_inspector
#
# Configures Baremetal Introspection user, service and endpoint in Keystone.
#
# === Parameters
#
# [*password*]
# (required) Password for Baremetal Introspection user.
#
# [*auth_name*]
# Username for Bare Metal Introspection Service. Defaults to 'ironic-inspector'.
#
# [*email*]
# Email for Baremetal Introspection user. Defaults to 'baremetal-introspection@localhost'.
#
# [*tenant*]
# Tenant for Baremetal Introspection user. Defaults to 'services'.
#
# [*roles*]
# (Optional) List of roles assigned to ironic user.
# Defaults to ['admin', 'service']
#
# [*system_scope*]
# (Optional) Scope for system operations.
# Defaults to 'all'
#
# [*system_roles*]
# (Optional) List of system roles assigned to ironic user.
# Defaults to []
#
# [*configure_endpoint*]
# Should Baremetal Introspection endpoint be configured? Defaults to 'true'.
#
# [*configure_user*]
# (Optional) Should the service user be configured?
# Defaults to 'true'.
#
# [*configure_user_role*]
# (Optional) Should the admin role be configured for the service user?
# Defaults to 'true'.
#
# [*configure_service*]
# (Optional) Should the service be configurd?
# Defaults to True
#
# [*service_name*]
# (Optional) Name of the service.
# Defaults to the value of auth_name, but must differ from the value.
#
# [*service_type*]
# Type of service. Defaults to 'baremetal-introspection'.
#
# [*service_description*]
# (Optional) Description for keystone service.
# Defaults to 'Bare Metal Introspection Service'.
#
# [*region*]
# Region for endpoint. Defaults to 'RegionOne'.
#
# [*public_url*]
# (optional) The endpoint's public url. (Defaults to 'http://127.0.0.1:5050')
# This url should *not* contain any trailing '/'.
#
# [*admin_url*]
# (optional) The endpoint's admin url. (Defaults to 'http://127.0.0.1:5050')
# This url should *not* contain any trailing '/'.
#
# [*internal_url*]
# (optional) The endpoint's internal url. (Defaults to 'http://127.0.0.1:5050')
# This url should *not* contain any trailing '/'.
#
# === Examples
#
# class { 'ironic::keystone::auth_inspector':
# public_url => 'https://10.0.0.10:5050',
# internal_url => 'https://10.0.0.11:5050',
# admin_url => 'https://10.0.0.11:5050',
# }
#
class ironic::keystone::auth_inspector (
String[1] $password,
String[1] $auth_name = 'ironic-inspector',
String[1] $email = 'ironic-inspector@localhost',
String[1] $tenant = 'services',
Array[String[1]] $roles = ['admin', 'service'],
String[1] $system_scope = 'all',
Array[String[1]] $system_roles = [],
Boolean $configure_endpoint = true,
Boolean $configure_user = true,
Boolean $configure_user_role = true,
Boolean $configure_service = true,
Optional[String[1]] $service_name = undef,
String[1] $service_type = 'baremetal-introspection',
String[1] $service_description = 'Bare Metal Introspection Service',
String[1] $region = 'RegionOne',
Keystone::PublicEndpointUrl $public_url = 'http://127.0.0.1:5050',
Keystone::EndpointUrl $admin_url = 'http://127.0.0.1:5050',
Keystone::EndpointUrl $internal_url = 'http://127.0.0.1:5050',
) {
include ironic::deps
$real_service_name = pick($service_name, $auth_name)
Keystone::Resource::Service_identity['ironic-inspector'] -> Service <| name == 'ironic-inspector' |>
keystone::resource::service_identity { 'ironic-inspector':
configure_user => $configure_user,
configure_user_role => $configure_user_role,
configure_endpoint => $configure_endpoint,
configure_service => $configure_service,
service_name => $real_service_name,
service_type => $service_type,
auth_name => $auth_name,
service_description => $service_description,
region => $region,
password => $password,
email => $email,
tenant => $tenant,
roles => $roles,
system_scope => $system_scope,
system_roles => $system_roles,
public_url => $public_url,
internal_url => $internal_url,
admin_url => $admin_url,
}
}

25
manifests/params.pp
View File

@@ -25,14 +25,9 @@ class ironic::params {
$pyver3 = $openstacklib::defaults::pyver3
$dbsync_command = 'ironic-dbsync'
$inspector_dbsync_command =
'ironic-inspector-dbsync --config-file /etc/ironic-inspector/inspector.conf upgrade'
$client_package = 'python3-ironicclient'
$inspector_client_package = 'python3-ironic-inspector-client'
$user = 'ironic'
$group = 'ironic'
$inspector_user = 'ironic-inspector'
$inspector_group = 'ironic-inspector'
$sushy_package_name = 'python3-sushy'
$proliantutils_package_name = 'python3-proliantutils'
$sushy_oem_idrac_package_name = 'python3-sushy-oem-idrac'
@@ -48,14 +43,6 @@ class ironic::params {
$novncproxy_service = 'openstack-ironic-novncproxy'
$dnsmasq_tftp_package = 'openstack-ironic-dnsmasq-tftp-server'
$dnsmasq_tftp_service = 'openstack-ironic-dnsmasq-tftp-server'
$inspector_package = 'openstack-ironic-inspector'
$inspector_service = 'openstack-ironic-inspector'
$inspector_dnsmasq_package = 'openstack-ironic-inspector-dnsmasq'
$inspector_dnsmasq_service = 'openstack-ironic-inspector-dnsmasq'
$inspector_api_package = 'openstack-ironic-inspector-api'
$inspector_api_service = undef
$inspector_conductor_package = 'openstack-ironic-inspector-conductor'
$inspector_conductor_service = 'openstack-ironic-inspector-conductor'
$systemd_python_package = 'systemd-python'
$ipxe_rom_dir = '/usr/share/ipxe'
$ipxe_name_base = 'ipxe-snponly'
@@ -63,8 +50,6 @@ class ironic::params {
$uefi_ipxe_bootfile_name = 'snponly.efi'
$ironic_wsgi_script_path = '/var/www/cgi-bin/ironic'
$ironic_wsgi_script_source = "/usr/lib/python${pyver3}/site-packages/ironic/wsgi/__init__.py"
$inspector_wsgi_script_path = '/var/www/cgi-bin/ironic-inspector'
$inspector_wsgi_script_source = '/usr/bin/ironic-inspector-api-wsgi'
$xinetd_available = false
$tftpd_package = undef
$ipxe_package = 'ipxe-bootimgs'
@@ -88,14 +73,6 @@ class ironic::params {
$novncproxy_service = undef
$dnsmasq_tftp_package = undef
$dnsmasq_tftp_service = undef
$inspector_package = 'ironic-inspector'
$inspector_service = 'ironic-inspector'
$inspector_dnsmasq_package = undef
$inspector_dnsmasq_service = undef
$inspector_api_package = undef
$inspector_api_service = undef
$inspector_conductor_package = undef
$inspector_conductor_service = undef
$systemd_python_package = 'python3-systemd'
$ipxe_rom_dir = '/usr/lib/ipxe'
$ipxe_name_base = 'snponly'
@@ -103,8 +80,6 @@ class ironic::params {
$uefi_ipxe_bootfile_name = 'snponly.efi'
$ironic_wsgi_script_path = '/usr/lib/cgi-bin/ironic'
$ironic_wsgi_script_source = '/usr/bin/ironic-api-wsgi'
$inspector_wsgi_script_path = '/usr/lib/cgi-bin/ironic-inspector'
$inspector_wsgi_script_source = '/usr/bin/ironic-inspector-api-wsgi'
$xinetd_available = true
$tftpd_package = 'tftpd-hpa'
$ipxe_package = 'ipxe'

4
releasenotes/notes/remove-inspector-3845d6ebec125d4b.yaml Normal file
View File

@@ -0,0 +1,4 @@
---
upgrade:
- |
Support for ironic-inspector has been removed.

6
spec/acceptance/10_basic_ironic_spec.rb
View File

@@ -16,7 +16,6 @@ describe 'basic ironic' do
include openstack_integration::ironic
EOS
# Run it twice and test for idempotency
apply_manifest(pp, :catch_failures => true)
apply_manifest(pp, :catch_changes => true)
@@ -26,10 +25,5 @@ describe 'basic ironic' do
describe port(6385) do
it { is_expected.to be_listening }
end
# Inspector API port
describe port(5050) do
it { is_expected.to be_listening.with('tcp') }
end
end
end

42
spec/acceptance/99_ironic_config_spec.rb
View File

@@ -9,20 +9,13 @@ describe 'basic ironic_config resource' do
Exec { logoutput => 'on_failure' }
File <||> -> Ironic_config <||>
File <||> -> Ironic_inspector_config <||>
file { '/etc/ironic' :
ensure => directory,
}
file { '/etc/ironic-inspector' :
ensure => directory,
}
file { '/etc/ironic/ironic.conf' :
ensure => file,
}
file { '/etc/ironic-inspector/inspector.conf' :
ensure => file,
}
ironic_config { 'DEFAULT/thisshouldexist' :
value => 'foo',
@@ -45,28 +38,6 @@ describe 'basic ironic_config resource' do
ironic_config { 'DEFAULT/thisshouldexist3' :
value => ['foo', 'bar'],
}
ironic_inspector_config { 'DEFAULT/thisshouldexist' :
value => 'foo',
}
ironic_inspector_config { 'DEFAULT/thisshouldnotexist' :
value => '<SERVICE DEFAULT>',
}
ironic_inspector_config { 'DEFAULT/thisshouldexist2' :
value => '<SERVICE DEFAULT>',
ensure_absent_val => 'toto',
}
ironic_inspector_config { 'DEFAULT/thisshouldnotexist2' :
value => 'toto',
ensure_absent_val => 'toto',
}
ironic_inspector_config { 'DEFAULT/thisshouldexist3' :
value => ['foo', 'bar'],
}
EOS
@@ -75,19 +46,6 @@ describe 'basic ironic_config resource' do
apply_manifest(pp, :catch_changes => true)
end
describe file('/etc/ironic-inspector/inspector.conf') do
it { is_expected.to exist }
it { is_expected.to contain('thisshouldexist=foo') }
it { is_expected.to contain('thisshouldexist2=<SERVICE DEFAULT>') }
it { is_expected.to contain('thisshouldexist3=foo') }
it { is_expected.to contain('thisshouldexist3=bar') }
describe '#content' do
subject { super().content }
it { is_expected.to_not match /thisshouldnotexist/ }
end
end
describe file('/etc/ironic/ironic.conf') do
it { is_expected.to exist }
it { is_expected.to contain('thisshouldexist=foo') }

170
spec/classes/ironic_inspector_authtoken_spec.rb
View File

@@ -1,170 +0,0 @@
require 'spec_helper'
describe 'ironic::inspector::authtoken' do
let :params do
{ :password => 'ironic_password', }
end
shared_examples 'ironic::inspector::authtoken' do
context 'with default parameters' do
it 'configure keystone_authtoken' do
is_expected.to contain_keystone__resource__authtoken('ironic_inspector_config').with(
:username => 'ironic-inspector',
:password => 'ironic_password',
:auth_url => 'http://127.0.0.1:5000',
:project_name => 'services',
:user_domain_name => 'Default',
:project_domain_name => 'Default',
:system_scope => '<SERVICE DEFAULT>',
:insecure => '<SERVICE DEFAULT>',
:auth_section => '<SERVICE DEFAULT>',
:auth_type => 'password',
:www_authenticate_uri => 'http://127.0.0.1:5000',
:auth_version => '<SERVICE DEFAULT>',
:cache => '<SERVICE DEFAULT>',
:cafile => '<SERVICE DEFAULT>',
:certfile => '<SERVICE DEFAULT>',
:delay_auth_decision => '<SERVICE DEFAULT>',
:enforce_token_bind => '<SERVICE DEFAULT>',
:http_connect_timeout => '<SERVICE DEFAULT>',
:http_request_max_retries => '<SERVICE DEFAULT>',
:include_service_catalog => '<SERVICE DEFAULT>',
:keyfile => '<SERVICE DEFAULT>',
:memcache_pool_conn_get_timeout => '<SERVICE DEFAULT>',
:memcache_pool_dead_retry => '<SERVICE DEFAULT>',
:memcache_pool_maxsize => '<SERVICE DEFAULT>',
:memcache_pool_socket_timeout => '<SERVICE DEFAULT>',
:memcache_pool_unused_timeout => '<SERVICE DEFAULT>',
:memcache_secret_key => '<SERVICE DEFAULT>',
:memcache_security_strategy => '<SERVICE DEFAULT>',
:memcache_use_advanced_pool => '<SERVICE DEFAULT>',
:memcached_servers => '<SERVICE DEFAULT>',
:manage_memcache_package => false,
:region_name => '<SERVICE DEFAULT>',
:token_cache_time => '<SERVICE DEFAULT>',
:service_token_roles => '<SERVICE DEFAULT>',
:service_token_roles_required => '<SERVICE DEFAULT>',
:service_type => '<SERVICE DEFAULT>',
:interface => '<SERVICE DEFAULT>',
)
end
end
context 'when overriding parameters' do
before do
params.merge!({
:www_authenticate_uri => 'https://10.0.0.1:9999/',
:username => 'myuser',
:password => 'mypasswd',
:auth_url => 'http://127.0.0.1:5000',
:project_name => 'service_project',
:user_domain_name => 'domainX',
:project_domain_name => 'domainX',
:system_scope => 'all',
:insecure => false,
:auth_section => 'new_section',
:auth_type => 'password',
:auth_version => 'v3',
:cache => 'somevalue',
:cafile => '/opt/stack/data/cafile.pem',
:certfile => 'certfile.crt',
:delay_auth_decision => false,
:enforce_token_bind => 'permissive',
:http_connect_timeout => '300',
:http_request_max_retries => '3',
:include_service_catalog => true,
:keyfile => 'keyfile',
:memcache_pool_conn_get_timeout => '9',
:memcache_pool_dead_retry => '302',
:memcache_pool_maxsize => '11',
:memcache_pool_socket_timeout => '2',
:memcache_pool_unused_timeout => '61',
:memcache_secret_key => 'secret_key',
:memcache_security_strategy => 'ENCRYPT',
:memcache_use_advanced_pool => true,
:memcached_servers => ['memcached01:11211','memcached02:11211'],
:manage_memcache_package => true,
:region_name => 'region2',
:token_cache_time => '301',
:service_token_roles => ['service'],
:service_token_roles_required => false,
:service_type => 'identity',
:interface => 'internal',
})
end
it 'configure keystone_authtoken' do
is_expected.to contain_keystone__resource__authtoken('ironic_inspector_config').with(
:www_authenticate_uri => 'https://10.0.0.1:9999/',
:username => 'myuser',
:password => 'mypasswd',
:auth_url => 'http://127.0.0.1:5000',
:project_name => 'service_project',
:user_domain_name => 'domainX',
:project_domain_name => 'domainX',
:system_scope => 'all',
:insecure => false,
:auth_section => 'new_section',
:auth_type => 'password',
:auth_version => 'v3',
:cache => 'somevalue',
:cafile => '/opt/stack/data/cafile.pem',
:certfile => 'certfile.crt',
:delay_auth_decision => false,
:enforce_token_bind => 'permissive',
:http_connect_timeout => '300',
:http_request_max_retries => '3',
:include_service_catalog => true,
:keyfile => 'keyfile',
:memcache_pool_conn_get_timeout => '9',
:memcache_pool_dead_retry => '302',
:memcache_pool_maxsize => '11',
:memcache_pool_socket_timeout => '2',
:memcache_pool_unused_timeout => '61',
:memcache_secret_key => 'secret_key',
:memcache_security_strategy => 'ENCRYPT',
:memcache_use_advanced_pool => true,
:memcached_servers => ['memcached01:11211','memcached02:11211'],
:manage_memcache_package => true,
:region_name => 'region2',
:token_cache_time => '301',
:service_token_roles => ['service'],
:service_token_roles_required => false,
:service_type => 'identity',
:interface => 'internal',
)
end
end
context 'when overriding parameters via params hash' do
before do
params.merge!({
:username => 'myuser',
:params => { 'username' => 'myotheruser' },
})
end
it 'configure keystone_authtoken' do
is_expected.to contain_keystone__resource__authtoken('ironic_inspector_config').with(
:username => 'myotheruser',
)
end
end
end
on_supported_os({
:supported_os => OSDefaults.get_supported_os
}).each do |os,facts|
context "on #{os}" do
let (:facts) do
facts.merge!(OSDefaults.get_facts())
end
it_configures 'ironic::inspector::authtoken'
end
end
end

54
spec/classes/ironic_inspector_client_spec.rb
View File

@@ -1,54 +0,0 @@
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# Unit tests for ironic::inspector::client
#
require 'spec_helper'
describe 'ironic::inspector::client' do
shared_examples_for 'inspector client' do
it { is_expected.to contain_class('ironic::deps') }
it { is_expected.to contain_class('ironic::params') }
it 'installs ironic inspector client package' do
is_expected.to contain_package('python-ironic-inspector-client').with(
:ensure => 'present',
:name => platform_params[:inspector_client_package],
:tag => ['openstack', 'openstackclient'],
)
end
it { is_expected.to contain_class('openstacklib::openstackclient') }
end
on_supported_os({
:supported_os => OSDefaults.get_supported_os
}).each do |os,facts|
context "on #{os}" do
let (:facts) do
facts.merge!(OSDefaults.get_facts())
end
let (:platform_params) do
case facts[:os]['family']
when 'Debian'
{ :inspector_client_package => 'python3-ironic-inspector-client' }
when 'RedHat'
{ :inspector_client_package => 'python3-ironic-inspector-client' }
end
end
it_configures 'inspector client'
end
end
end

35
spec/classes/ironic_inspector_config_spec.rb
View File

@@ -1,35 +0,0 @@
require 'spec_helper'
describe 'ironic::inspector::config' do
let :params do
{
:ironic_inspector_config => {
'DEFAULT/foo' => { 'value' => 'fooValue' },
'DEFAULT/bar' => { 'value' => 'barValue' },
'DEFAULT/baz' => { 'ensure' => 'absent' }
}
}
end
shared_examples 'ironic::inspector::config' do
it { should contain_class('ironic::deps') }
it {
should contain_ironic_inspector_config('DEFAULT/foo').with_value('fooValue')
should contain_ironic_inspector_config('DEFAULT/bar').with_value('barValue')
should contain_ironic_inspector_config('DEFAULT/baz').with_ensure('absent')
}
end
on_supported_os({
:supported_os => OSDefaults.get_supported_os
}).each do |os,facts|
context "on #{os}" do
let (:facts) do
facts.merge!(OSDefaults.get_facts())
end
it_behaves_like 'ironic::inspector::config'
end
end
end

39
spec/classes/ironic_inspector_coordination_spec.rb
View File

@@ -1,39 +0,0 @@
require 'spec_helper'
describe 'ironic::inspector::coordination' do
shared_examples 'ironic::inspector::coordination' do
context 'with default parameters' do
it {
is_expected.to contain_oslo__coordination('ironic_inspector_config').with(
:backend_url => '<SERVICE DEFAULT>'
)
}
end
context 'with specified parameters' do
let :params do
{
:backend_url => 'etcd3+http://127.0.0.1:2379',
}
end
it {
is_expected.to contain_oslo__coordination('ironic_inspector_config').with(
:backend_url => 'etcd3+http://127.0.0.1:2379'
)
}
end
end
on_supported_os({
:supported_os => OSDefaults.get_supported_os
}).each do |os,facts|
context "on #{os}" do
let (:facts) do
facts.merge(OSDefaults.get_facts())
end
it_behaves_like 'ironic::inspector::coordination'
end
end
end

53
spec/classes/ironic_inspector_cors_spec.rb
View File

@@ -1,53 +0,0 @@
require 'spec_helper'
describe 'ironic::inspector::cors' do
shared_examples_for 'ironic::inspector::cors' do
it 'configure cors default params' do
is_expected.to contain_oslo__cors('ironic_inspector_config').with(
:allowed_origin => '<SERVICE DEFAULT>',
:allow_credentials => '<SERVICE DEFAULT>',
:expose_headers => '<SERVICE DEFAULT>',
:max_age => '<SERVICE DEFAULT>',
:allow_methods => '<SERVICE DEFAULT>',
:allow_headers => '<SERVICE DEFAULT>',
)
end
context 'with specific parameters' do
let :params do
{ :allowed_origin => '*',
:allow_credentials => true,
:expose_headers => 'Content-Language,Expires',
:max_age => 3600,
:allow_methods => 'GET,POST,PUT,DELETE,OPTIONS',
:allow_headers => 'Content-Type,Cache-Control',
}
end
it 'configure cors params' do
is_expected.to contain_oslo__cors('ironic_inspector_config').with(
:allowed_origin => '*',
:allow_credentials => true,
:expose_headers => 'Content-Language,Expires',
:max_age => 3600,
:allow_methods => 'GET,POST,PUT,DELETE,OPTIONS',
:allow_headers => 'Content-Type,Cache-Control',
)
end
end
end
on_supported_os({
:supported_os => OSDefaults.get_supported_os
}).each do |os,facts|
context "on #{os}" do
let (:facts) do
facts.merge!(OSDefaults.get_facts())
end
it_behaves_like 'ironic::inspector::cors'
end
end
end

61
spec/classes/ironic_inspector_db_mysql_spec.rb
View File

@@ -1,61 +0,0 @@
#
# Copyright (C) 2013 eNovance SAS <licensing@enovance.com>
#
# Author: Emilien Macchi <emilien.macchi@enovance.com>
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# Unit tests for ironic::inspector::db::mysql
#
require 'spec_helper'
describe 'ironic::inspector::db::mysql' do
shared_examples_for 'ironic::inspector::db::mysql' do
let :req_params do
{ :password => 'ironicpass' }
end
let :pre_condition do
'include mysql::server'
end
context 'with only required parameters' do
let :params do
req_params
end
it { is_expected.to contain_openstacklib__db__mysql('ironic-inspector').with(
:user => 'ironic-inspector',
:password => 'ironicpass',
:charset => 'utf8',
:collate => 'utf8_general_ci',
)}
end
end
on_supported_os({
:supported_os => OSDefaults.get_supported_os
}).each do |os,facts|
context "on #{os}" do
let (:facts) do
facts.merge(OSDefaults.get_facts())
end
it_behaves_like 'ironic::inspector::db::mysql'
end
end
end

45
spec/classes/ironic_inspector_db_postgresql_spec.rb
View File

@@ -1,45 +0,0 @@
require 'spec_helper'
describe 'ironic::inspector::db::postgresql' do
shared_examples_for 'ironic::inspector::db::postgresql' do
let :req_params do
{ :password => 'ironicpass' }
end
let :pre_condition do
'include postgresql::server'
end
context 'with only required parameters' do
let :params do
req_params
end
it { is_expected.to contain_openstacklib__db__postgresql('ironic-inspector').with(
:user => 'ironic-inspector',
:password => 'ironicpass',
:dbname => 'ironic-inspector',
:encoding => nil,
:privileges => 'ALL',
)}
end
end
on_supported_os({
:supported_os => OSDefaults.get_supported_os
}).each do |os,facts|
context "on #{os}" do
let (:facts) do
facts.merge(OSDefaults.get_facts({
# puppet-postgresql requires the service_provider fact provided by
# puppetlabs-postgresql.
:service_provider => 'systemd'
}))
end
it_behaves_like 'ironic::inspector::db::postgresql'
end
end
end

63
spec/classes/ironic_inspector_db_spec.rb
View File

@@ -1,63 +0,0 @@
require 'spec_helper'
describe 'ironic::inspector::db' do
shared_examples 'ironic::inspector::db' do
context 'with default parameters' do
it { should contain_oslo__db('ironic_inspector_config').with(
:connection => 'sqlite:////var/lib/ironic-inspector/inspector.sqlite',
:connection_recycle_time => '<SERVICE DEFAULT>',
:max_pool_size => '<SERVICE DEFAULT>',
:max_retries => '<SERVICE DEFAULT>',
:db_max_retries => '<SERVICE DEFAULT>',
:pool_timeout => '<SERVICE DEFAULT>',
:mysql_enable_ndb => '<SERVICE DEFAULT>',
:retry_interval => '<SERVICE DEFAULT>',
:max_overflow => '<SERVICE DEFAULT>',
)}
end
context 'with specific parameters' do
let :params do
{ :database_connection => 'mysql+pymysql://ironic:ironic@localhost/ironic',
:database_connection_recycle_time => '3601',
:database_max_pool_size => '21',
:database_max_retries => '11',
:database_db_max_retries => '11',
:database_max_overflow => '21',
:database_pool_timeout => '21',
:mysql_enable_ndb => true,
:database_retry_interval => '11', }
end
it { should contain_oslo__db('ironic_inspector_config').with(
:connection => 'mysql+pymysql://ironic:ironic@localhost/ironic',
:connection_recycle_time => '3601',
:max_pool_size => '21',
:max_retries => '11',
:db_max_retries => '11',
:pool_timeout => '21',
:mysql_enable_ndb => true,
:retry_interval => '11',
:max_overflow => '21',
)}
end
end
on_supported_os({
:supported_os => OSDefaults.get_supported_os
}).each do |os,facts|
context "on #{os}" do
let (:facts) do
facts.merge!(OSDefaults.get_facts())
end
it_behaves_like 'ironic::inspector::db'
end
end
end

34
spec/classes/ironic_inspector_db_sync_spec.rb
View File

@@ -1,34 +0,0 @@
require 'spec_helper'
describe 'ironic::inspector::db::sync' do
shared_examples_for 'inspector-dbsync' do
it { is_expected.to contain_class('ironic::deps') }
it 'runs ironic-inspector-db_sync' do
is_expected.to contain_exec('ironic-inspector-dbsync').with(
:command => 'ironic-inspector-dbsync --config-file /etc/ironic-inspector/inspector.conf upgrade',
:path => '/usr/bin',
:user => 'ironic-inspector',
:timeout => 300,
:refreshonly => 'true',
:logoutput => 'on_failure',
:tag => 'openstack-db',
)
end
end
on_supported_os({
:supported_os => OSDefaults.get_supported_os
}).each do |os,facts|
context "on #{os}" do
let (:facts) do
facts.merge(OSDefaults.get_facts())
end
it_behaves_like 'inspector-dbsync'
end
end
end

69
spec/classes/ironic_inspector_healthcheck_spec.rb
View File

@@ -1,69 +0,0 @@
require 'spec_helper'
describe 'ironic::inspector::healthcheck' do
shared_examples_for 'ironic::inspector::healthcheck' do
context 'with default parameters' do
let :params do
{}
end
it 'configures default values' do
is_expected.to contain_ironic_inspector_config('healthcheck/enabled').with_value('<SERVICE DEFAULT>')
is_expected.to contain_oslo__healthcheck('ironic_inspector_config').with(
:detailed => '<SERVICE DEFAULT>',
:backends => '<SERVICE DEFAULT>',
:allowed_source_ranges => '<SERVICE DEFAULT>',
:ignore_proxied_requests => '<SERVICE DEFAULT>',
:disable_by_file_path => '<SERVICE DEFAULT>',
:disable_by_file_paths => '<SERVICE DEFAULT>',
:enable_by_file_paths => '<SERVICE DEFAULT>',
)
end
end
context 'with specific parameters' do
let :params do
{
:enabled => true,
:detailed => true,
:backends => ['disable_by_file'],
:allowed_source_ranges => ['10.0.0.0/24', '10.0.1.0/24'],
:ignore_proxied_requests => false,
:disable_by_file_path => '/etc/ironic-inspector/healthcheck/disabled',
:disable_by_file_paths => ['5050:/etc/ironic-inspector/healthcheck/disabled'],
:enable_by_file_paths => ['/etc/ironic-inspector/healthcheck/enabled'],
}
end
it 'configures specified values' do
is_expected.to contain_ironic_inspector_config('healthcheck/enabled').with_value(true)
is_expected.to contain_oslo__healthcheck('ironic_inspector_config').with(
:detailed => true,
:backends => ['disable_by_file'],
:allowed_source_ranges => ['10.0.0.0/24', '10.0.1.0/24'],
:ignore_proxied_requests => false,
:disable_by_file_path => '/etc/ironic-inspector/healthcheck/disabled',
:disable_by_file_paths => ['5050:/etc/ironic-inspector/healthcheck/disabled'],
:enable_by_file_paths => ['/etc/ironic-inspector/healthcheck/enabled'],
)
end
end
end
on_supported_os({
:supported_os => OSDefaults.get_supported_os
}).each do |os,facts|
context "on #{os}" do
let (:facts) do
facts.merge!(OSDefaults.get_facts())
end
it_configures 'ironic::inspector::healthcheck'
end
end
end

97
spec/classes/ironic_inspector_ironic_spec.rb
View File

@@ -1,97 +0,0 @@
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# Unit tests for ironic::inspector::ironic
#
require 'spec_helper'
describe 'ironic::inspector::ironic' do
let :params do
{ :password => 'secret' }
end
shared_examples_for 'ironic-inspector ironic configuration' do
it 'configures ironic.conf' do
is_expected.to contain_ironic_inspector_config('ironic/auth_type').with_value('password')
is_expected.to contain_ironic_inspector_config('ironic/auth_url').with_value('http://127.0.0.1:5000')
is_expected.to contain_ironic_inspector_config('ironic/project_name').with_value('services')
is_expected.to contain_ironic_inspector_config('ironic/username').with_value('ironic-inspector')
is_expected.to contain_ironic_inspector_config('ironic/password').with_value('secret').with_secret(true)
is_expected.to contain_ironic_inspector_config('ironic/user_domain_name').with_value('Default')
is_expected.to contain_ironic_inspector_config('ironic/project_domain_name').with_value('Default')
is_expected.to contain_ironic_inspector_config('ironic/system_scope').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_inspector_config('ironic/region_name').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_inspector_config('ironic/endpoint_override').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_inspector_config('ironic/max_retries').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_inspector_config('ironic/retry_interval').with_value('<SERVICE DEFAULT>')
end
context 'when overriding parameters' do
before :each do
params.merge!(
:auth_type => 'noauth',
:auth_url => 'http://example.com',
:project_name => 'project1',
:username => 'admin',
:user_domain_name => 'NonDefault',
:project_domain_name => 'NonDefault',
:region_name => 'regionTwo',
:endpoint_override => 'http://example2.com',
:max_retries => 30,
:retry_interval => 2,
)
end
it 'should replace default parameter with new value' do
is_expected.to contain_ironic_inspector_config('ironic/auth_type').with_value(params[:auth_type])
is_expected.to contain_ironic_inspector_config('ironic/auth_url').with_value(params[:auth_url])
is_expected.to contain_ironic_inspector_config('ironic/project_name').with_value(params[:project_name])
is_expected.to contain_ironic_inspector_config('ironic/username').with_value(params[:username])
is_expected.to contain_ironic_inspector_config('ironic/user_domain_name').with_value(params[:user_domain_name])
is_expected.to contain_ironic_inspector_config('ironic/project_domain_name').with_value(params[:project_domain_name])
is_expected.to contain_ironic_inspector_config('ironic/system_scope').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_inspector_config('ironic/region_name').with_value(params[:region_name])
is_expected.to contain_ironic_inspector_config('ironic/endpoint_override').with_value(params[:endpoint_override])
is_expected.to contain_ironic_inspector_config('ironic/max_retries').with_value(params[:max_retries])
is_expected.to contain_ironic_inspector_config('ironic/retry_interval').with_value(params[:retry_interval])
end
end
context 'when system_scope is set' do
before do
params.merge!(
:system_scope => 'all'
)
end
it 'configures system-scoped credential' do
is_expected.to contain_ironic_inspector_config('ironic/project_domain_name').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_inspector_config('ironic/project_name').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_inspector_config('ironic/system_scope').with_value('all')
end
end
end
on_supported_os({
:supported_os => OSDefaults.get_supported_os
}).each do |os,facts|
context "on #{os}" do
let (:facts) do
facts.merge!(OSDefaults.get_facts())
end
it_behaves_like 'ironic-inspector ironic configuration'
end
end
end

131
spec/classes/ironic_inspector_logging_spec.rb
View File

@@ -1,131 +0,0 @@
require 'spec_helper'
describe 'ironic::inspector::logging' do
let :params do
{
}
end
let :log_params do
{
:logging_context_format_string => '%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s',
:logging_default_format_string => '%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s',
:logging_debug_format_suffix => '%(funcName)s %(pathname)s:%(lineno)d',
:logging_exception_prefix => '%(asctime)s.%(msecs)03d %(process)d TRACE %(name)s %(instance)s',
:log_config_append => '/etc/ironic-inspector/logging.conf',
:publish_errors => true,
:default_log_levels => {
'amqp' => 'WARN', 'amqplib' => 'WARN', 'boto' => 'WARN',
'sqlalchemy' => 'WARN', 'suds' => 'INFO', 'iso8601' => 'WARN',
'requests.packages.urllib3.connectionpool' => 'WARN' },
:fatal_deprecations => true,
:instance_format => '[instance: %(uuid)s] ',
:instance_uuid_format => '[instance: %(uuid)s] ',
:log_date_format => '%Y-%m-%d %H:%M:%S',
:use_syslog => true,
:use_json => true,
:use_stderr => false,
:log_facility => 'LOG_FOO',
:log_dir => '/var/log',
:log_file => '/var/log/ironic/ironic-inspector.log',
:debug => true,
}
end
shared_examples_for 'ironic-inspector-logging' do
context 'with basic logging options and default settings' do
it_configures 'basic default logging settings'
end
context 'with basic logging options and non-default settings' do
before { params.merge!( log_params ) }
it_configures 'basic non-default logging settings'
end
context 'with extended logging options' do
before { params.merge!( log_params ) }
it_configures 'logging params set'
end
context 'without extended logging options' do
it_configures 'logging params unset'
end
end
shared_examples 'basic default logging settings' do
it 'configures ironic-inspector logging settings with default values' do
is_expected.to contain_oslo__log('ironic_inspector_config').with(
:use_syslog => '<SERVICE DEFAULT>',
:use_json => '<SERVICE DEFAULT>',
:use_stderr => '<SERVICE DEFAULT>',
:syslog_log_facility => '<SERVICE DEFAULT>',
:log_dir => '/var/log/ironic-inspector',
:log_file => '<SERVICE DEFAULT>',
:debug => '<SERVICE DEFAULT>',
)
end
end
shared_examples 'basic non-default logging settings' do
it 'configures ironic-inspector logging settings with non-default values' do
is_expected.to contain_oslo__log('ironic_inspector_config').with(
:use_syslog => true,
:use_json => true,
:use_stderr => false,
:syslog_log_facility => 'LOG_FOO',
:log_dir => '/var/log',
:log_file => '/var/log/ironic/ironic-inspector.log',
:debug => true,
)
end
end
shared_examples_for 'logging params set' do
it 'enables logging params' do
is_expected.to contain_oslo__log('ironic_inspector_config').with(
:logging_context_format_string =>
'%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s',
:logging_default_format_string => '%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s',
:logging_debug_format_suffix => '%(funcName)s %(pathname)s:%(lineno)d',
:logging_exception_prefix => '%(asctime)s.%(msecs)03d %(process)d TRACE %(name)s %(instance)s',
:log_config_append => '/etc/ironic-inspector/logging.conf',
:publish_errors => true,
:default_log_levels => {
'amqp' => 'WARN', 'amqplib' => 'WARN', 'boto' => 'WARN',
'sqlalchemy' => 'WARN', 'suds' => 'INFO', 'iso8601' => 'WARN',
'requests.packages.urllib3.connectionpool' => 'WARN' },
:fatal_deprecations => true,
:instance_format => '[instance: %(uuid)s] ',
:instance_uuid_format => '[instance: %(uuid)s] ',
:log_date_format => '%Y-%m-%d %H:%M:%S',
)
end
end
shared_examples_for 'logging params unset' do
[ :logging_context_format_string, :logging_default_format_string,
:logging_debug_format_suffix, :logging_exception_prefix,
:log_config_append, :publish_errors,
:default_log_levels, :fatal_deprecations,
:instance_format, :instance_uuid_format,
:log_date_format, ].each { |param|
it { is_expected.to contain_oslo__log('ironic_inspector_config').with("#{param}" => '<SERVICE DEFAULT>') }
}
end
on_supported_os({
:supported_os => OSDefaults.get_supported_os
}).each do |os,facts|
context "on #{os}" do
let (:facts) do
facts.merge!(OSDefaults.get_facts())
end
it_behaves_like 'ironic-inspector-logging'
end
end
end

87
spec/classes/ironic_inspector_policy_spec.rb
View File

@@ -1,87 +0,0 @@
require 'spec_helper'
describe 'ironic::inspector::policy' do
shared_examples 'ironic::inspector::policy' do
context 'setup policy with parameters' do
let :params do
{
:enforce_scope => false,
:enforce_new_defaults => false,
:policy_path => '/etc/ironic-inspector/policy.yaml',
:policy_default_rule => 'default',
:policy_dirs => '/etc/ironic-inspector/policy.d',
:policies => {
'context_is_admin' => {
'key' => 'context_is_admin',
'value' => 'foo:bar'
}
}
}
end
it 'set up the policies' do
is_expected.to contain_openstacklib__policy('/etc/ironic-inspector/policy.yaml').with(
:policies => {
'context_is_admin' => {
'key' => 'context_is_admin',
'value' => 'foo:bar'
}
},
:policy_path => '/etc/ironic-inspector/policy.yaml',
:file_user => 'root',
:file_group => 'ironic-inspector',
:file_format => 'yaml',
:purge_config => false,
)
is_expected.to contain_oslo__policy('ironic_inspector_config').with(
:enforce_scope => false,
:enforce_new_defaults => false,
:policy_file => '/etc/ironic-inspector/policy.yaml',
:policy_default_rule => 'default',
:policy_dirs => '/etc/ironic-inspector/policy.d',
)
end
end
context 'with empty policies and purge_config enabled' do
let :params do
{
:enforce_scope => false,
:enforce_new_defaults => false,
:policy_path => '/etc/ironic-inspector/policy.yaml',
:policies => {},
:purge_config => true,
}
end
it 'set up the policies' do
is_expected.to contain_openstacklib__policy('/etc/ironic-inspector/policy.yaml').with(
:policies => {},
:policy_path => '/etc/ironic-inspector/policy.yaml',
:file_user => 'root',
:file_group => 'ironic-inspector',
:file_format => 'yaml',
:purge_config => true,
)
is_expected.to contain_oslo__policy('ironic_inspector_config').with(
:enforce_scope => false,
:enforce_new_defaults => false,
:policy_file => '/etc/ironic-inspector/policy.yaml',
)
end
end
end
on_supported_os({
:supported_os => OSDefaults.get_supported_os
}).each do |os,facts|
context "on #{os}" do
let (:facts) do
facts.merge!(OSDefaults.get_facts())
end
it_behaves_like 'ironic::inspector::policy'
end
end
end

78
spec/classes/ironic_inspector_pxe_filter_dnsmasq_spec.rb
View File

@@ -1,78 +0,0 @@
#
# Copyright (C) 2018 Red Hat, Inc
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# Unit tests for ironic::inspector::pxe_filter::dnsmasq class
#
require 'spec_helper'
describe 'ironic::inspector::pxe_filter::dnsmasq' do
let :pre_condition do
"class { 'ironic::inspector::authtoken':
password => 'password',
}
class { 'ironic::inspector':
dnsmasq_dhcp_hostsdir => '/etc/ironic-inspector/dhcp-hostsdir',
}"
end
shared_examples_for 'ironic::inspector::pxe_filter::dnsmasq' do
it 'configure dnsmasq pxe filter default params' do
is_expected.to contain_ironic_inspector_config('dnsmasq_pxe_filter/dhcp_hostsdir').with_value('/etc/ironic-inspector/dhcp-hostsdir')
is_expected.to contain_ironic_inspector_config('dnsmasq_pxe_filter/dnsmasq_start_command').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_inspector_config('dnsmasq_pxe_filter/dnsmasq_stop_command').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_inspector_config('dnsmasq_pxe_filter/purge_dhcp_hostsdir').with_value('<SERVICE DEFAULT>')
is_expected.to contain_file('/etc/ironic-inspector/dnsmasq.conf').with_content(
/dhcp-hostsdir=\/etc\/ironic-inspector\/dhcp-hostsdir/
)
end
context 'with specific parameters' do
let :params do
{ :dnsmasq_start_command => 'dnsmasq --conf-file /etc/ironic-inspector/dnsmasq.conf',
:dnsmasq_stop_command => 'kill $(cat /var/run/dnsmasq.pid)',
:purge_dhcp_hostsdir => false,
}
end
let :p do
params
end
it 'configure dnsmasq pxe filter specific params' do
is_expected.to contain_ironic_inspector_config('dnsmasq_pxe_filter/dhcp_hostsdir').with_value('/etc/ironic-inspector/dhcp-hostsdir')
is_expected.to contain_ironic_inspector_config('dnsmasq_pxe_filter/dnsmasq_start_command').with_value(p[:dnsmasq_start_command])
is_expected.to contain_ironic_inspector_config('dnsmasq_pxe_filter/dnsmasq_stop_command').with_value(p[:dnsmasq_stop_command])
is_expected.to contain_ironic_inspector_config('dnsmasq_pxe_filter/purge_dhcp_hostsdir').with_value(p[:purge_dhcp_hostsdir])
is_expected.to contain_file('/etc/ironic-inspector/dnsmasq.conf').with_content(
/dhcp-hostsdir=\/etc\/ironic-inspector\/dhcp-hostsdir/
)
end
end
end
on_supported_os({
:supported_os => OSDefaults.get_supported_os
}).each do |os,facts|
context "on #{os}" do
let (:facts) do
facts.merge!(OSDefaults.get_facts())
end
it_behaves_like 'ironic::inspector::pxe_filter::dnsmasq'
end
end
end

65
spec/classes/ironic_inspector_pxe_filter_iptables_spec.rb
View File

@@ -1,65 +0,0 @@
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# Unit tests for ironic::inspector::pxe_filter::iptables class
#
require 'spec_helper'
describe 'ironic::inspector::pxe_filter::iptables' do
let :pre_condition do
"class { 'ironic::inspector::authtoken':
password => 'password',
}
class { 'ironic::inspector':
}"
end
shared_examples_for 'ironic::inspector::pxe_filter::iptables' do
it 'configure iptables pxe filter default params' do
is_expected.to contain_ironic_inspector_config('iptables/dnsmasq_interface').with_value('br-ctlplane')
is_expected.to contain_ironic_inspector_config('iptables/firewall_chain').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_inspector_config('iptables/ethoib_interfaces').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_inspector_config('iptables/ip_version').with_value('<SERVICE DEFAULT>')
end
context 'with specific parameters' do
let :params do
{
:firewall_chain => 'ironic-inspector',
:ethoib_interfaces => ['interface0', 'interface1'],
:ip_version => 4,
}
end
it 'configure iptables pxe filter specific params' do
is_expected.to contain_ironic_inspector_config('iptables/dnsmasq_interface').with_value('br-ctlplane')
is_expected.to contain_ironic_inspector_config('iptables/firewall_chain').with_value('ironic-inspector')
is_expected.to contain_ironic_inspector_config('iptables/ethoib_interfaces').with_value('interface0,interface1')
is_expected.to contain_ironic_inspector_config('iptables/ip_version').with_value(4)
end
end
end
on_supported_os({
:supported_os => OSDefaults.get_supported_os
}).each do |os,facts|
context "on #{os}" do
let (:facts) do
facts.merge!(OSDefaults.get_facts())
end
it_behaves_like 'ironic::inspector::pxe_filter::iptables'
end
end
end

64
spec/classes/ironic_inspector_pxe_filter_spec.rb
View File

@@ -1,64 +0,0 @@
#
# Copyright (C) 2018 Red Hat, Inc
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# Unit tests for ironic::inspector::pxe_filter class
#
require 'spec_helper'
describe 'ironic::inspector::pxe_filter' do
let :pre_condition do
"class { 'ironic::inspector::authtoken':
password => 'password',
}"
end
shared_examples_for 'ironic inspector pxe_filter' do
it 'configure pxe_filter default params' do
is_expected.to contain_ironic_inspector_config('pxe_filter/driver').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_inspector_config('pxe_filter/sync_period').with_value('<SERVICE DEFAULT>')
end
context 'with specific parameters' do
let :params do
{ :driver => 'dnsmasq',
:sync_period => '30',
}
end
let :p do
params
end
it 'configure pxe_filter specific params' do
is_expected.to contain_ironic_inspector_config('pxe_filter/driver').with_value(p[:driver])
is_expected.to contain_ironic_inspector_config('pxe_filter/sync_period').with_value(p[:sync_period])
end
end
end
on_supported_os({
:supported_os => OSDefaults.get_supported_os
}).each do |os,facts|
context "on #{os}" do
let (:facts) do
facts.merge!(OSDefaults.get_facts())
end
it_behaves_like 'ironic inspector pxe_filter'
end
end
end

91
spec/classes/ironic_inspector_service_catalog_spec.rb
View File

@@ -1,91 +0,0 @@
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# Unit tests for ironic::inspector::service_catalog
#
require 'spec_helper'
describe 'ironic::inspector::service_catalog' do
let :params do
{ :password => 'secret' }
end
shared_examples_for 'ironic-inspector service catalog access configuration' do
it 'configures ironic-inspector.conf' do
is_expected.to contain_ironic_inspector_config('service_catalog/auth_type').with_value('password')
is_expected.to contain_ironic_inspector_config('service_catalog/auth_url').with_value('http://127.0.0.1:5000')
is_expected.to contain_ironic_inspector_config('service_catalog/project_name').with_value('services')
is_expected.to contain_ironic_inspector_config('service_catalog/username').with_value('ironic-inspector')
is_expected.to contain_ironic_inspector_config('service_catalog/password').with_value('secret').with_secret(true)
is_expected.to contain_ironic_inspector_config('service_catalog/user_domain_name').with_value('Default')
is_expected.to contain_ironic_inspector_config('service_catalog/project_domain_name').with_value('Default')
is_expected.to contain_ironic_inspector_config('service_catalog/system_scope').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_inspector_config('service_catalog/region_name').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_inspector_config('service_catalog/endpoint_override').with_value('<SERVICE DEFAULT>')
end
context 'when overriding parameters' do
before :each do
params.merge!(
:auth_type => 'noauth',
:auth_url => 'http://example.com',
:project_name => 'project1',
:username => 'admin',
:user_domain_name => 'NonDefault',
:project_domain_name => 'NonDefault',
:region_name => 'regionTwo',
:endpoint_override => 'http://example2.com',
)
end
it 'should replace default parameter with new value' do
is_expected.to contain_ironic_inspector_config('service_catalog/auth_type').with_value(params[:auth_type])
is_expected.to contain_ironic_inspector_config('service_catalog/auth_url').with_value(params[:auth_url])
is_expected.to contain_ironic_inspector_config('service_catalog/project_name').with_value(params[:project_name])
is_expected.to contain_ironic_inspector_config('service_catalog/username').with_value(params[:username])
is_expected.to contain_ironic_inspector_config('service_catalog/user_domain_name').with_value(params[:user_domain_name])
is_expected.to contain_ironic_inspector_config('service_catalog/project_domain_name').with_value(params[:project_domain_name])
is_expected.to contain_ironic_inspector_config('service_catalog/system_scope').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_inspector_config('service_catalog/region_name').with_value(params[:region_name])
is_expected.to contain_ironic_inspector_config('service_catalog/endpoint_override').with_value(params[:endpoint_override])
end
end
context 'when system_scope is set' do
before do
params.merge!(
:system_scope => 'all'
)
end
it 'configures system-scoped credential' do
is_expected.to contain_ironic_inspector_config('service_catalog/project_domain_name').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_inspector_config('service_catalog/project_name').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_inspector_config('service_catalog/system_scope').with_value('all')
end
end
end
on_supported_os({
:supported_os => OSDefaults.get_supported_os
}).each do |os,facts|
context "on #{os}" do
let (:facts) do
facts.merge!(OSDefaults.get_facts())
end
it_behaves_like 'ironic-inspector service catalog access configuration'
end
end
end

563
spec/classes/ironic_inspector_spec.rb
View File

@@ -1,563 +0,0 @@
#
# Copyright (C) 2015 Red Hat, Inc
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# Unit tests for ironic::inspector class
#
require 'spec_helper'
describe 'ironic::inspector' do
let :pre_condition do
"class { 'ironic::inspector::authtoken':
password => 'password',
}"
end
let :params do
{
:pxe_transfer_protocol => 'tftp',
:auth_strategy => 'keystone',
:dnsmasq_interface => 'br-ctlplane',
:ramdisk_logs_dir => '/var/log/ironic-inspector/ramdisk/',
:store_data => 'none',
:dnsmasq_ip_subnets => [{ 'ip_range' =>
'192.168.0.100,192.168.0.120',
'mtu' => '1350'},
{ 'tag' => 'subnet1',
'ip_range' => '192.168.1.100,192.168.1.200',
'netmask' => '255.255.255.0',
'gateway' => '192.168.1.254',
'mtu' => '1350'},
{ 'tag' => 'subnet2',
'ip_range' => '192.168.2.100,192.168.2.200',
'netmask' => '255.255.255.0',
'gateway' => '192.168.2.254',
'classless_static_routes' => [{'destination' => '1.2.3.0/24',
'nexthop' => '192.168.2.1'},
{'destination' => '4.5.6.0/24',
'nexthop' => '192.168.2.1'}]},
{ 'tag' => 'subnet3',
'ip_range' => '2001:4888:a03:313a:c0:fe0:0:c200,2001:4888:a03:313a:c0:fe0:0:c2ff',
'netmask' => 'ffff:ffff:ffff:ffff::',
'gateway' => '2001:4888:a03:313a:c0:fe0:0:c000' }],
:dnsmasq_local_ip => '192.168.0.1',
:ipxe_timeout => 0,
:http_port => 8088,
:tftp_root => '/tftpboot',
:http_root => '/httpboot',
}
end
shared_examples_for 'ironic inspector' do
let :p do
params
end
it { is_expected.to contain_class('ironic::params') }
it 'installs ironic inspector package' do
is_expected.to contain_package('ironic-inspector').with(
:ensure => 'present',
:name => platform_params[:inspector_package],
:tag => ['openstack', 'ironic-inspector-package'],
)
if platform_params.has_key?(:inspector_dnsmasq_package)
is_expected.to contain_package('ironic-inspector-dnsmasq').with(
:ensure => 'present',
:name => platform_params[:inspector_dnsmasq_package],
:tag => ['openstack', 'ironic-inspector-package'],
)
end
end
it 'ensure ironic inspector service is running' do
is_expected.to contain_service('ironic-inspector').with(
:ensure => 'running',
:name => platform_params[:inspector_service],
:enable => true,
:hasstatus => true,
:tag => 'ironic-inspector-service',
)
end
it 'ensure ironic inspector dnsmasq service is running' do
if platform_params.has_key?(:inspector_dnsmasq_service)
is_expected.to contain_service('ironic-inspector-dnsmasq').with(
:ensure => 'running',
:name => platform_params[:inspector_dnsmasq_service],
:enable => true,
:hasstatus => true,
:tag => 'ironic-inspector-dnsmasq-service',
)
end
end
it 'configures inspector.conf' do
is_expected.to contain_ironic_inspector_config('DEFAULT/host').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_inspector_config('DEFAULT/listen_address').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_inspector_config('DEFAULT/auth_strategy').with_value(p[:auth_strategy])
is_expected.to contain_ironic_inspector_config('DEFAULT/timeout').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_inspector_config('DEFAULT/api_max_limit').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_inspector_config('capabilities/boot_mode').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_inspector_config('processing/ramdisk_logs_dir').with_value(p[:ramdisk_logs_dir])
is_expected.to contain_ironic_inspector_config('processing/always_store_ramdisk_logs').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_inspector_config('processing/add_ports').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_inspector_config('processing/keep_ports').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_inspector_config('processing/store_data').with_value(p[:store_data])
is_expected.to contain_ironic_inspector_config('processing/processing_hooks').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_inspector_config('processing/node_not_found_hook').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_inspector_config('discovery/enroll_node_driver').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_inspector_config('port_physnet/cidr_map').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_inspector_config('DEFAULT/standalone').with_value(true)
is_expected.to contain_oslo__messaging__default('ironic_inspector_config').with(
:executor_thread_pool_size => '<SERVICE DEFAULT>',
:transport_url => 'fake://',
:rpc_response_timeout => '<SERVICE DEFAULT>',
:control_exchange => '<SERVICE DEFAULT>'
)
is_expected.to contain_oslo__messaging__rabbit('ironic_inspector_config').with(
:rabbit_use_ssl => '<SERVICE DEFAULT>',
:heartbeat_timeout_threshold => '<SERVICE DEFAULT>',
:heartbeat_rate => '<SERVICE DEFAULT>',
:rabbit_qos_prefetch_count => '<SERVICE DEFAULT>',
:kombu_reconnect_delay => '<SERVICE DEFAULT>',
:kombu_failover_strategy => '<SERVICE DEFAULT>',
:amqp_durable_queues => '<SERVICE DEFAULT>',
:amqp_auto_delete => '<SERVICE DEFAULT>',
:kombu_compression => '<SERVICE DEFAULT>',
:kombu_ssl_ca_certs => '<SERVICE DEFAULT>',
:kombu_ssl_certfile => '<SERVICE DEFAULT>',
:kombu_ssl_keyfile => '<SERVICE DEFAULT>',
:kombu_ssl_version => '<SERVICE DEFAULT>',
:rabbit_ha_queues => '<SERVICE DEFAULT>',
:rabbit_quorum_queue => '<SERVICE DEFAULT>',
:rabbit_transient_queues_ttl => '<SERVICE DEFAULT>',
:rabbit_quorum_delivery_limit => '<SERVICE DEFAULT>',
:rabbit_quorum_max_memory_length => '<SERVICE DEFAULT>',
:rabbit_quorum_max_memory_bytes => '<SERVICE DEFAULT>',
:enable_cancel_on_failover => '<SERVICE DEFAULT>',
)
end
it 'should not contain dhcp hostsdir' do
is_expected.not_to contain_file('ironic-inspector-dnsmasq-dhcp-hostsdir')
end
it 'should contain file /etc/ironic-inspector/dnsmasq.conf' do
is_expected.to contain_file('/etc/ironic-inspector/dnsmasq.conf').with(
'ensure' => 'file',
'content' => /pxelinux/,
'tag' => 'ironic-inspector-dnsmasq-file',
)
is_expected.to contain_file('/etc/ironic-inspector/dnsmasq.conf').with_content(
/^dhcp-range=192.168.0.100,192.168.0.120,10m$/
)
is_expected.to contain_file('/etc/ironic-inspector/dnsmasq.conf').with_content(
/^dhcp-option-force=option:mtu,1350$/
)
is_expected.to contain_file('/etc/ironic-inspector/dnsmasq.conf').with_content(
/^dhcp-range=set:subnet1,192.168.1.100,192.168.1.200,255.255.255.0,10m$/
)
is_expected.to contain_file('/etc/ironic-inspector/dnsmasq.conf').with_content(
/^dhcp-option=tag:subnet1,option:router,192.168.1.254$/
)
is_expected.to contain_file('/etc/ironic-inspector/dnsmasq.conf').with_content(
/^dhcp-option-force=tag:subnet1,option:mtu,1350$/
)
is_expected.to contain_file('/etc/ironic-inspector/dnsmasq.conf').with_content(
/^dhcp-range=set:subnet2,192.168.2.100,192.168.2.200,255.255.255.0,10m$/
)
is_expected.to contain_file('/etc/ironic-inspector/dnsmasq.conf').with_content(
/^dhcp-option=tag:subnet2,option:router,192.168.2.254$/
)
is_expected.to contain_file('/etc/ironic-inspector/dnsmasq.conf').with_content(
/^dhcp-option=tag:subnet2,option:classless-static-route,1.2.3.0\/24,192.168.2.1,4.5.6.0\/24,192.168.2.1$/
)
is_expected.to contain_file('/etc/ironic-inspector/dnsmasq.conf').with_content(
/^dhcp-range=set:subnet3,2001:4888:a03:313a:c0:fe0:0:c200,2001:4888:a03:313a:c0:fe0:0:c2ff,64,10m$/
)
is_expected.not_to contain_file('/etc/ironic-inspector/dnsmasq.conf').with_content(
/^dhcp-option=tag:subnet3,option:router,2001:4888:a03:313a:c0:fe0:0:c000$/
)
is_expected.to contain_file('/etc/ironic-inspector/dnsmasq.conf').with_content(
/^dhcp-sequential-ip$/
)
is_expected.not_to contain_file('/etc/ironic-inspector/dnsmasq.conf').with_content(
/^log-facility=.*$/
)
is_expected.not_to contain_file('/etc/ironic-inspector/dnsmasq.conf').with_content(
/^dhcp-hostsdir=.*$/
)
end
it 'should contain file /tftpboot/pxelinux.cfg/default' do
is_expected.to contain_file('/tftpboot/pxelinux.cfg/default').with(
'ensure' => 'file',
'owner' => 'ironic-inspector',
'group' => 'ironic-inspector',
'seltype' => 'tftpdir_t',
'content' => /default/,
'tag' => 'ironic-inspector-dnsmasq-file',
)
is_expected.to contain_file('/tftpboot/pxelinux.cfg/default').with_content(
/^append initrd=agent.ramdisk ipa-inspection-callback-url=http:\/\/192.168.0.1:5050\/v1\/continue /
)
end
context 'when overriding parameters' do
before :each do
params.merge!(
:dhcp_debug => true,
:host => 'localhost',
:listen_address => '127.0.0.1',
:api_max_limit => 100,
:pxe_transfer_protocol => 'http',
:additional_processing_hooks => 'hook1,hook2',
:ramdisk_collectors => 'default',
:ramdisk_kernel_args => 'foo=bar',
:http_port => 3816,
:tftp_root => '/var/lib/tftpboot',
:http_root => '/var/www/httpboot',
:detect_boot_mode => true,
:node_not_found_hook => 'enroll',
:discovery_default_driver => 'pxe_ipmitool',
:dnsmasq_ip_subnets => [{'ip_range' => '192.168.0.100,192.168.0.120'}],
:dnsmasq_dhcp_sequential_ip => false,
:dnsmasq_dhcp_hostsdir => '/etc/ironic-inspector/dhcp-hostsdir',
:dnsmasq_log_facility => '/var/log/ironic-inspector/dnsmasq.log',
:add_ports => 'all',
:keep_ports => 'all',
:always_store_ramdisk_logs => true,
:port_physnet_cidr_map => {'192.168.20.0/24' => 'physnet_a',
'2001:db8::/64' => 'physnet_b'},
:uefi_ipxe_bootfile_name => 'otherpxe.efi',
:executor_thread_pool_size => '128',
:default_transport_url => 'rabbit://rabbit_user:password@localhost:5673',
:rpc_response_timeout => '30',
:control_exchange => 'inspector',
:rabbit_use_ssl => true,
:rabbit_heartbeat_timeout_threshold => '60',
:rabbit_heartbeat_rate => '10',
:rabbit_qos_prefetch_count => 0,
:kombu_reconnect_delay => '5.0',
:amqp_durable_queues => true,
:amqp_auto_delete => true,
:kombu_compression => 'gzip',
:kombu_ssl_ca_certs => '/etc/ca.cert',
:kombu_ssl_certfile => '/etc/certfile',
:kombu_ssl_keyfile => '/etc/key',
:kombu_ssl_version => 'TLSv1',
:rabbit_ha_queues => true,
:rabbit_quorum_queue => true,
:rabbit_transient_queues_ttl => 60,
:rabbit_quorum_delivery_limit => 3,
:rabbit_quorum_max_memory_length => 5,
:rabbit_quorum_max_memory_bytes => 1073741824,
:rabbit_enable_cancel_on_failover => false,
)
end
it 'should replace default parameter with new value' do
is_expected.to contain_ironic_inspector_config('DEFAULT/host').with_value(p[:host])
is_expected.to contain_ironic_inspector_config('DEFAULT/listen_address').with_value(p[:listen_address])
is_expected.to contain_ironic_inspector_config('DEFAULT/api_max_limit').with_value(100)
is_expected.to contain_ironic_inspector_config('capabilities/boot_mode').with_value(p[:detect_boot_mode])
is_expected.to contain_ironic_inspector_config('processing/processing_hooks').with_value('$default_processing_hooks,hook1,hook2')
is_expected.to contain_ironic_inspector_config('processing/node_not_found_hook').with_value('enroll')
is_expected.to contain_ironic_inspector_config('processing/add_ports').with_value('all')
is_expected.to contain_ironic_inspector_config('processing/keep_ports').with_value('all')
is_expected.to contain_ironic_inspector_config('discovery/enroll_node_driver').with_value('pxe_ipmitool')
is_expected.to contain_ironic_inspector_config('processing/always_store_ramdisk_logs').with_value(true)
is_expected.to contain_ironic_inspector_config('port_physnet/cidr_map').with_value('192.168.20.0/24:physnet_a,2001:db8::/64:physnet_b')
is_expected.to contain_oslo__messaging__default('ironic_inspector_config').with(
:executor_thread_pool_size => '128',
:transport_url => 'rabbit://rabbit_user:password@localhost:5673',
:rpc_response_timeout => '30',
:control_exchange => 'inspector',
)
is_expected.to contain_oslo__messaging__rabbit('ironic_inspector_config').with(
:rabbit_use_ssl => true,
:heartbeat_timeout_threshold => '60',
:heartbeat_rate => '10',
:rabbit_qos_prefetch_count => 0,
:kombu_reconnect_delay => '5.0',
:amqp_durable_queues => true,
:amqp_auto_delete => true,
:kombu_compression => 'gzip',
:kombu_ssl_ca_certs => '/etc/ca.cert',
:kombu_ssl_certfile => '/etc/certfile',
:kombu_ssl_keyfile => '/etc/key',
:kombu_ssl_version => 'TLSv1',
:rabbit_ha_queues => true,
:rabbit_quorum_queue => true,
:rabbit_transient_queues_ttl => 60,
:rabbit_quorum_delivery_limit => 3,
:rabbit_quorum_max_memory_length => 5,
:rabbit_quorum_max_memory_bytes => 1073741824,
:enable_cancel_on_failover => false,
)
end
it 'should contain dhcp hostsdir' do
is_expected.to contain_file('ironic-inspector-dnsmasq-dhcp-hostsdir').with(
:ensure => 'directory',
:path => '/etc/ironic-inspector/dhcp-hostsdir',
:owner => 'ironic-inspector',
:group => 'ironic-inspector',
)
end
it 'should contain file /etc/ironic-inspector/dnsmasq.conf' do
is_expected.to contain_file('/etc/ironic-inspector/dnsmasq.conf').with(
'ensure' => 'file',
'content' => /ipxe/,
'tag' => 'ironic-inspector-dnsmasq-file',
)
is_expected.to contain_file('/etc/ironic-inspector/dnsmasq.conf').with_content(
/^dhcp-boot=tag:ipxe,http:\/\/192.168.0.1:3816\/inspector.ipxe$/
)
is_expected.to contain_file('/etc/ironic-inspector/dnsmasq.conf').with_content(
/^dhcp-range=192.168.0.100,192.168.0.120,10m$/
)
is_expected.to contain_file('/etc/ironic-inspector/dnsmasq.conf').with_content(
/^log-dhcp$/
)
is_expected.to contain_file('/etc/ironic-inspector/dnsmasq.conf').with_content(
/^log-queries$/
)
is_expected.to contain_file('/etc/ironic-inspector/dnsmasq.conf').with_content(
/^dhcp-userclass=set:ipxe6,iPXE$/
)
is_expected.to contain_file('/etc/ironic-inspector/dnsmasq.conf').with_content(
/^dhcp-option=tag:ipxe6,option6:bootfile-url,http:\/\/.*:3816\/inspector.ipxe$/
)
is_expected.not_to contain_file('/etc/ironic-inspector/dnsmasq.conf').with_content(
/^dhcp-sequential-ip$/
)
is_expected.to contain_file('/etc/ironic-inspector/dnsmasq.conf').with_content(
/^log-facility=\/var\/log\/ironic-inspector\/dnsmasq.log$/
)
is_expected.to contain_file('/etc/ironic-inspector/dnsmasq.conf').with_content(
/^dhcp-boot=tag:efi,tag:!ipxe,otherpxe.efi$/
)
is_expected.to contain_file('/etc/ironic-inspector/dnsmasq.conf').with_content(
/^dhcp-option=tag:efi6,tag:!ipxe6,option6:bootfile-url,tftp:\/\/.*\/otherpxe.efi$/
)
is_expected.to contain_file('/etc/ironic-inspector/dnsmasq.conf').with_content(
/^dhcp-hostsdir=\/etc\/ironic-inspector\/dhcp-hostsdir$/
)
end
it 'should contain file /var/www/httpboot/inspector.ipxe' do
is_expected.to contain_file('/var/www/httpboot/inspector.ipxe').with(
'ensure' => 'file',
'owner' => 'ironic-inspector',
'group' => 'ironic-inspector',
'seltype' => 'httpd_sys_content_t',
'content' => /ipxe/,
)
is_expected.to contain_file('/var/www/httpboot/inspector.ipxe').with_content(
/^kernel http:\/\/192.168.0.1:3816\/agent.kernel ipa-inspection-callback-url=http:\/\/192.168.0.1:5050\/v1\/continue ipa-inspection-collectors=default .* foo=bar || goto retry_boot$/
)
is_expected.to contain_file('/var/www/httpboot/inspector.ipxe').with_content(
/^initrd http:\/\/192.168.0.1:3816\/agent.ramdisk || goto retry_boot$/
)
end
context 'when ipxe_timeout is set' do
before :each do
params.merge!(
:ipxe_timeout => 30,
)
end
it 'should contain file /var/www/httpboot/inspector.ipxe' do
is_expected.to contain_file('/var/www/httpboot/inspector.ipxe').with_content(
/^kernel --timeout 30000 /
)
is_expected.to contain_file('/var/www/httpboot/inspector.ipxe').with_content(
/^initrd --timeout 30000 /
)
end
end
context 'when using ipv6' do
before :each do
params.merge!(
:listen_address => 'fd00::1',
)
end
it 'should contain file /var/www/httpboot/inspector.ipxe' do
is_expected.to contain_file('/var/www/httpboot/inspector.ipxe').with_content(
/^kernel http:\/\/\[fd00::1\]:3816\/agent.kernel ipa-inspection-callback-url=http:\/\/\[fd00::1\]:5050\/v1\/continue .* foo=bar || goto retry_boot$/
)
is_expected.to contain_file('/var/www/httpboot/inspector.ipxe').with_content(
/^initrd http:\/\/\[fd00::1\]:3816\/agent.ramdisk || goto retry_boot$/
)
end
end
end
context 'when enabling ppc64le support' do
before do
params.merge!(
:enable_ppc64le => true,
)
end
it 'should contain file /etc/ironic-inspector/dnsmasq.conf' do
is_expected.to contain_file('/etc/ironic-inspector/dnsmasq.conf').with_content(
/^dhcp-match=set:ppc64le,option:client-arch,14$/)
end
it 'should contain directory /tftpboot/ppc64le with selinux type tftpdir_t' do
is_expected.to contain_file('/tftpboot/ppc64le').with(
'ensure' => 'directory',
'owner' => 'ironic-inspector',
'group' => 'ironic-inspector',
'seltype' => 'tftpdir_t',
)
end
it 'should contain file /tftpboot/ppc64le/default' do
is_expected.to contain_file('/tftpboot/ppc64le/default').with(
'ensure' => 'file',
'owner' => 'ironic-inspector',
'group' => 'ironic-inspector',
'seltype' => 'tftpdir_t',
'content' => /default/,
)
is_expected.to contain_file('/tftpboot/ppc64le/default').with_content(
/^append initrd=agent.ramdisk ipa-inspection-callback-url=http:\/\/192.168.0.1:5050\/v1\/continue /
)
end
end
context 'when enabling ppc64le support with http default transport' do
before do
params.merge!(
:enable_ppc64le => true,
:pxe_transfer_protocol => 'http',
)
end
it 'should contain file /etc/ironic-inspector/dnsmasq.conf' do
is_expected.to contain_file('/etc/ironic-inspector/dnsmasq.conf').with_content(
/^dhcp-match=set:ppc64le,option:client-arch,14$/)
end
it 'should contain file /tftpboot/ppc64le/default' do
is_expected.to contain_file('/tftpboot/ppc64le/default').with(
'ensure' => 'file',
'owner' => 'ironic-inspector',
'group' => 'ironic-inspector',
'seltype' => 'tftpdir_t',
'content' => /default/,
'tag' => 'ironic-inspector-dnsmasq-file',
)
is_expected.to contain_file('/tftpboot/ppc64le/default').with_content(
/^append initrd=agent.ramdisk ipa-inspection-callback-url=http:\/\/192.168.0.1:5050\/v1\/continue /
)
end
end
end
shared_examples_for 'ironic inspector with non-standalone services' do
before do
params.merge!(
:standalone => false
)
end
it 'configures ironic-inspector.conf' do
is_expected.to contain_ironic_inspector_config('DEFAULT/standalone').with_value(false)
end
it 'ensure ironic inspector packages are installed' do
is_expected.to contain_package('ironic-inspector').with(
:ensure => 'present',
:name => platform_params[:inspector_package],
:tag => ['openstack', 'ironic-inspector-package'],
)
is_expected.to contain_package('ironic-inspector-api').with(
:ensure => 'present',
:name => platform_params[:inspector_api_package],
:tag => ['openstack', 'ironic-inspector-package'],
)
is_expected.to contain_package('ironic-inspector-conductor').with(
:ensure => 'present',
:name => platform_params[:inspector_conductor_package],
:tag => ['openstack', 'ironic-inspector-package'],
)
end
it 'ensure ironic inspector service is stopped' do
is_expected.to contain_service('ironic-inspector').with(
:ensure => 'stopped',
:name => platform_params[:inspector_service],
:enable => false,
:hasstatus => true,
:tag => 'ironic-inspector-service',
)
end
it 'ensure ironic inspector conductor service is running' do
is_expected.to contain_service('ironic-inspector-conductor').with(
:ensure => 'running',
:name => platform_params[:inspector_conductor_service],
:enable => true,
:hasstatus => true,
:tag => 'ironic-inspector-service',
)
end
end
on_supported_os({
:supported_os => OSDefaults.get_supported_os
}).each do |os,facts|
context "on #{os}" do
let (:facts) do
facts.merge!(OSDefaults.get_facts())
end
let :platform_params do
case facts[:os]['family']
when 'Debian'
{
:inspector_package => 'ironic-inspector',
:inspector_service => 'ironic-inspector'
}
when 'RedHat'
{
:inspector_package => 'openstack-ironic-inspector',
:inspector_dnsmasq_package => 'openstack-ironic-inspector-dnsmasq',
:inspector_dnsmasq_service => 'openstack-ironic-inspector-dnsmasq',
:inspector_service => 'openstack-ironic-inspector',
:inspector_api_package => 'openstack-ironic-inspector-api',
:inspector_conductor_package => 'openstack-ironic-inspector-conductor',
:inspector_conductor_service => 'openstack-ironic-inspector-conductor'
}
end
end
it_behaves_like 'ironic inspector'
if facts[:os]['family'] == 'RedHat'
it_behaves_like 'ironic inspector with non-standalone services'
end
end
end
end

97
spec/classes/ironic_inspector_swift_spec.rb
View File

@@ -1,97 +0,0 @@
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# Unit tests for ironic::inspector::swift
#
require 'spec_helper'
describe 'ironic::inspector::swift' do
let :params do
{ :password => 'secret' }
end
shared_examples_for 'ironic-inspector swift configuration' do
it 'configures ironic-inspector.conf' do
is_expected.to contain_ironic_inspector_config('swift/auth_type').with_value('password')
is_expected.to contain_ironic_inspector_config('swift/auth_url').with_value('http://127.0.0.1:5000')
is_expected.to contain_ironic_inspector_config('swift/project_name').with_value('services')
is_expected.to contain_ironic_inspector_config('swift/username').with_value('ironic-inspector')
is_expected.to contain_ironic_inspector_config('swift/password').with_value('secret').with_secret(true)
is_expected.to contain_ironic_inspector_config('swift/user_domain_name').with_value('Default')
is_expected.to contain_ironic_inspector_config('swift/project_domain_name').with_value('Default')
is_expected.to contain_ironic_inspector_config('swift/region_name').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_inspector_config('swift/system_scope').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_inspector_config('swift/endpoint_override').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_inspector_config('swift/container').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_inspector_config('swift/delete_after').with_value('<SERVICE DEFAULT>')
end
context 'when overriding parameters' do
before :each do
params.merge!(
:auth_type => 'noauth',
:auth_url => 'http://example.com',
:project_name => 'project1',
:username => 'admin',
:user_domain_name => 'NonDefault',
:project_domain_name => 'NonDefault',
:region_name => 'regionTwo',
:endpoint_override => 'http://example2.com',
:container => 'mycontainer',
:delete_after => 0,
)
end
it 'should replace default parameter with new value' do
is_expected.to contain_ironic_inspector_config('swift/auth_type').with_value(params[:auth_type])
is_expected.to contain_ironic_inspector_config('swift/auth_url').with_value(params[:auth_url])
is_expected.to contain_ironic_inspector_config('swift/project_name').with_value(params[:project_name])
is_expected.to contain_ironic_inspector_config('swift/username').with_value(params[:username])
is_expected.to contain_ironic_inspector_config('swift/user_domain_name').with_value(params[:user_domain_name])
is_expected.to contain_ironic_inspector_config('swift/project_domain_name').with_value(params[:project_domain_name])
is_expected.to contain_ironic_inspector_config('swift/region_name').with_value(params[:region_name])
is_expected.to contain_ironic_inspector_config('swift/system_scope').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_inspector_config('swift/endpoint_override').with_value(params[:endpoint_override])
is_expected.to contain_ironic_inspector_config('swift/container').with_value(params[:container])
is_expected.to contain_ironic_inspector_config('swift/delete_after').with_value(0)
end
end
context 'when system_scope is set' do
before do
params.merge!(
:system_scope => 'all'
)
end
it 'configures system-scoped credential' do
is_expected.to contain_ironic_inspector_config('swift/project_domain_name').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_inspector_config('swift/project_name').with_value('<SERVICE DEFAULT>')
is_expected.to contain_ironic_inspector_config('swift/system_scope').with_value('all')
end
end
end
on_supported_os({
:supported_os => OSDefaults.get_supported_os
}).each do |os,facts|
context "on #{os}" do
let (:facts) do
facts.merge!(OSDefaults.get_facts())
end
it_behaves_like 'ironic-inspector swift configuration'
end
end
end

175
spec/classes/ironic_inspector_wsgi_apache_spec.rb
View File

@@ -1,175 +0,0 @@
require 'spec_helper'
describe 'ironic::inspector::wsgi::apache' do
shared_examples_for 'apache serving ironic-inspector with mod_wsgi' do
context 'with default parameters' do
it { is_expected.to contain_class('ironic::params') }
it { is_expected.to contain_openstacklib__wsgi__apache('ironic_inspector_wsgi').with(
:bind_port => 5050,
:group => 'ironic-inspector',
:path => '/',
:priority => 10,
:servername => 'foo.example.com',
:ssl => false,
:threads => 15,
:user => 'ironic-inspector',
:workers => facts[:os_workers],
:wsgi_daemon_process => 'ironic-inspector',
:wsgi_process_group => 'ironic-inspector',
:wsgi_script_dir => platform_params[:wsgi_script_path],
:wsgi_script_file => 'app',
:wsgi_script_source => platform_params[:wsgi_script_source],
:headers => nil,
:request_headers => nil,
:custom_wsgi_process_options => {},
:access_log_file => nil,
:access_log_pipe => nil,
:access_log_syslog => nil,
:access_log_format => nil,
:error_log_file => nil,
:error_log_pipe => nil,
:error_log_syslog => nil,
)}
end
context 'when overriding parameters' do
let :params do
{
:servername => 'dummy.host',
:bind_host => '10.42.51.1',
:port => 12345,
:ssl => true,
:vhost_custom_fragment => 'Timeout 99',
:wsgi_process_display_name => 'ironic-inspector',
:workers => 37,
:custom_wsgi_process_options => {
'python_path' => '/my/python/path',
},
:headers => ['set X-XSS-Protection "1; mode=block"'],
:request_headers => ['set Content-Type "application/json"'],
}
end
it { is_expected.to contain_class('ironic::params') }
it { is_expected.to contain_openstacklib__wsgi__apache('ironic_inspector_wsgi').with(
:bind_host => '10.42.51.1',
:bind_port => 12345,
:group => 'ironic-inspector',
:path => '/',
:servername => 'dummy.host',
:ssl => true,
:threads => 15,
:user => 'ironic-inspector',
:vhost_custom_fragment => 'Timeout 99',
:workers => 37,
:wsgi_daemon_process => 'ironic-inspector',
:wsgi_process_display_name => 'ironic-inspector',
:wsgi_process_group => 'ironic-inspector',
:wsgi_script_dir => platform_params[:wsgi_script_path],
:wsgi_script_file => 'app',
:wsgi_script_source => platform_params[:wsgi_script_source],
:headers => ['set X-XSS-Protection "1; mode=block"'],
:request_headers => ['set Content-Type "application/json"'],
:custom_wsgi_process_options => {
'python_path' => '/my/python/path',
},
)}
end
context 'with custom access logging' do
let :params do
{
:access_log_format => 'foo',
:access_log_syslog => 'syslog:local0',
:error_log_syslog => 'syslog:local1',
}
end
it { should contain_openstacklib__wsgi__apache('ironic_inspector_wsgi').with(
:access_log_format => params[:access_log_format],
:access_log_syslog => params[:access_log_syslog],
:error_log_syslog => params[:error_log_syslog],
)}
end
context 'with access_log_file' do
let :params do
{
:access_log_file => '/path/to/file',
}
end
it { should contain_openstacklib__wsgi__apache('ironic_inspector_wsgi').with(
:access_log_file => params[:access_log_file],
)}
end
context 'with access_log_pipe' do
let :params do
{
:access_log_pipe => 'pipe',
}
end
it { should contain_openstacklib__wsgi__apache('ironic_inspector_wsgi').with(
:access_log_pipe => params[:access_log_pipe],
)}
end
context 'with error_log_file' do
let :params do
{
:error_log_file => '/path/to/file',
}
end
it { should contain_openstacklib__wsgi__apache('ironic_inspector_wsgi').with(
:error_log_file => params[:error_log_file],
)}
end
context 'with error_log_pipe' do
let :params do
{
:error_log_pipe => 'pipe',
}
end
it { should contain_openstacklib__wsgi__apache('ironic_inspector_wsgi').with(
:error_log_pipe => params[:error_log_pipe],
)}
end
end
on_supported_os({
:supported_os => OSDefaults.get_supported_os
}).each do |os,facts|
context "on #{os}" do
let (:facts) do
facts.merge(OSDefaults.get_facts({
:os_workers => 8,
}))
end
let :platform_params do
case facts[:os]['family']
when 'Debian'
{
:wsgi_script_path => '/usr/lib/cgi-bin/ironic-inspector',
:wsgi_script_source => '/usr/bin/ironic-inspector-api-wsgi',
}
when 'RedHat'
{
:wsgi_script_path => '/var/www/cgi-bin/ironic-inspector',
:wsgi_script_source => '/usr/bin/ironic-inspector-api-wsgi',
}
end
end
if facts[:os]['family'] == 'RedHat'
it_behaves_like 'apache serving ironic-inspector with mod_wsgi'
end
end
end
end

109
spec/classes/ironic_keystone_auth_inspector_spec.rb
View File

@@ -1,109 +0,0 @@
#
# Copyright (C) 2015 Red Hat Inc.
#
# Author: Dan Prince <dprince@eredhat.com>
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
#
# Unit tests for ironic::keystone::auth_inspector
#
require 'spec_helper'
describe 'ironic::keystone::auth_inspector' do
shared_examples_for 'ironic::keystone::auth_inspector' do
context 'with default class parameters' do
let :params do
{ :password => 'ironic-inspector_password' }
end
it { is_expected.to contain_keystone__resource__service_identity('ironic-inspector').with(
:configure_user => true,
:configure_user_role => true,
:configure_endpoint => true,
:configure_service => true,
:service_name => 'ironic-inspector',
:service_type => 'baremetal-introspection',
:auth_name => 'ironic-inspector',
:service_description => 'Bare Metal Introspection Service',
:region => 'RegionOne',
:password => 'ironic-inspector_password',
:email => 'ironic-inspector@localhost',
:tenant => 'services',
:roles => ['admin', 'service'],
:system_scope => 'all',
:system_roles => [],
:public_url => 'http://127.0.0.1:5050',
:internal_url => 'http://127.0.0.1:5050',
:admin_url => 'http://127.0.0.1:5050',
) }
end
context 'when overriding parameters' do
let :params do
{ :password => 'ironic-inspector_password',
:auth_name => 'alt_ironic-inspector',
:email => 'alt_ironic-inspector@alt_localhost',
:tenant => 'alt_service',
:roles => ['admin'],
:system_scope => 'alt_all',
:system_roles => ['admin', 'member', 'reader'],
:configure_endpoint => false,
:configure_user => false,
:configure_user_role => false,
:configure_service => false,
:service_description => 'Alternative Bare Metal Introspection Service',
:service_name => 'alt_service',
:service_type => 'alt_baremetal-introspection',
:region => 'RegionTwo',
:public_url => 'https://10.10.10.10:80',
:internal_url => 'http://10.10.10.11:81',
:admin_url => 'http://10.10.10.12:81' }
end
it { is_expected.to contain_keystone__resource__service_identity('ironic-inspector').with(
:configure_user => false,
:configure_user_role => false,
:configure_endpoint => false,
:configure_service => false,
:service_name => 'alt_service',
:service_type => 'alt_baremetal-introspection',
:auth_name => 'alt_ironic-inspector',
:service_description => 'Alternative Bare Metal Introspection Service',
:region => 'RegionTwo',
:password => 'ironic-inspector_password',
:email => 'alt_ironic-inspector@alt_localhost',
:tenant => 'alt_service',
:roles => ['admin'],
:system_scope => 'alt_all',
:system_roles => ['admin', 'member', 'reader'],
:public_url => 'https://10.10.10.10:80',
:internal_url => 'http://10.10.10.11:81',
:admin_url => 'http://10.10.10.12:81',
) }
end
end
on_supported_os({
:supported_os => OSDefaults.get_supported_os
}).each do |os,facts|
context "on #{os}" do
let (:facts) do
facts.merge!(OSDefaults.get_facts())
end
it_behaves_like 'ironic::keystone::auth_inspector'
end
end
end

43
spec/unit/provider/ironic_inspector_config/openstackconfig_spec.rb
View File

@@ -1,43 +0,0 @@
require 'spec_helper'
provider_class = Puppet::Type.type(:ironic_inspector_config).provider(:openstackconfig)
describe provider_class do
it 'should default to the default setting when no other one is specified' do
resource = Puppet::Type::Ironic_inspector_config.new(
{:name => 'DEFAULT/foo', :value => 'bar'}
)
provider = provider_class.new(resource)
expect(provider.section).to eq('DEFAULT')
expect(provider.setting).to eq('foo')
end
it 'should allow setting to be set explicitly' do
resource = Puppet::Type::Ironic_inspector_config.new(
{:name => 'dude/foo', :value => 'bar'}
)
provider = provider_class.new(resource)
expect(provider.section).to eq('dude')
expect(provider.setting).to eq('foo')
end
it 'should ensure absent when <SERVICE DEFAULT> is specified as a value' do
resource = Puppet::Type::Ironic_inspector_config.new(
{:name => 'dude/foo', :value => '<SERVICE DEFAULT>'}
)
provider = provider_class.new(resource)
provider.exists?
expect(resource[:ensure]).to eq :absent
end
it 'should ensure absent when value matches ensure_absent_val' do
resource = Puppet::Type::Ironic_inspector_config.new(
{:name => 'dude/foo', :value => 'foo', :ensure_absent_val => 'foo' }
)
provider = provider_class.new(resource)
provider.exists?
expect(resource[:ensure]).to eq :absent
end
end

64
spec/unit/type/ironic_inspector_config_spec.rb
View File

@@ -1,64 +0,0 @@
require 'puppet'
require 'puppet/type/ironic_inspector_config'
describe 'Puppet::Type.type(:ironic_inspector_config)' do
before :each do
@ironic_inspector_config = Puppet::Type.type(:ironic_inspector_config).new(:name => 'DEFAULT/foo', :value => 'bar')
end
it 'should require a name' do
expect {
Puppet::Type.type(:ironic_inspector_config).new({})
}.to raise_error(Puppet::Error, 'Title or name must be provided')
end
it 'should not expect a name with whitespace' do
expect {
Puppet::Type.type(:ironic_inspector_config).new(:name => 'f oo')
}.to raise_error(Puppet::Error, /Parameter name failed/)
end
it 'should fail when there is no section' do
expect {
Puppet::Type.type(:ironic_inspector_config).new(:name => 'foo')
}.to raise_error(Puppet::Error, /Parameter name failed/)
end
it 'should not require a value when ensure is absent' do
Puppet::Type.type(:ironic_inspector_config).new(:name => 'DEFAULT/foo', :ensure => :absent)
end
it 'should accept a valid value' do
@ironic_inspector_config[:value] = 'bar'
expect(@ironic_inspector_config[:value]).to eq(['bar'])
end
it 'should accept a value with whitespace' do
@ironic_inspector_config[:value] = 'b ar'
expect(@ironic_inspector_config[:value]).to eq(['b ar'])
end
it 'should accept valid ensure values' do
@ironic_inspector_config[:ensure] = :present
expect(@ironic_inspector_config[:ensure]).to eq(:present)
@ironic_inspector_config[:ensure] = :absent
expect(@ironic_inspector_config[:ensure]).to eq(:absent)
end
it 'should not accept invalid ensure values' do
expect {
@ironic_inspector_config[:ensure] = :latest
}.to raise_error(Puppet::Error, /Invalid value/)
end
it 'should autorequire the package that install the file' do
catalog = Puppet::Resource::Catalog.new
anchor = Puppet::Type.type(:anchor).new(:name => 'ironic::install::end')
catalog.add_resource anchor, @ironic_inspector_config
dependency = @ironic_inspector_config.autorequire
expect(dependency.size).to eq(1)
expect(dependency[0].target).to eq(@ironic_inspector_config)
expect(dependency[0].source).to eq(anchor)
end
end

73
templates/inspector_dnsmasq_http.erb
View File

@@ -1,73 +0,0 @@
port=0
interface=<%= @dnsmasq_interface %>
<% if @dhcp_debug %>
log-dhcp
log-queries
<% end %>
<% if ! @dnsmasq_log_facility.nil? %>
log-facility=<%= @dnsmasq_log_facility %>
<% end -%>
<% @dnsmasq_ip_subnets_real.each do |s| -%>
<% if s['tag'] and s['netmask'] -%>
dhcp-range=set:<%= s['tag'] -%>,<%= s['ip_range'] -%>,<%= s['netmask'] -%>,10m
<% elsif s['tag'] -%>
dhcp-range=set:<%= s['tag'] -%>,<%= s['ip_range'] -%>,10m
<% else -%>
dhcp-range=<%= s['ip_range'] -%>,10m
<% end -%>
<% if s['gateway'] -%>
<% if s['tag'] -%>
dhcp-option=tag:<%= s['tag'] -%>,option:router,<%= s['gateway'] %>
<% else -%>
dhcp-option=option:router,<%= s['gateway'] %>
<% end -%>
<% end -%>
<% if s['mtu'] -%>
<% if s['tag'] -%>
dhcp-option-force=tag:<%= s['tag'] -%>,option:mtu,<%= s['mtu'] %>
<% else -%>
dhcp-option-force=option:mtu,<%= s['mtu'] %>
<% end -%>
<% end -%>
<% if s['classless_static_routes'] -%>
<%- @_routes = [] -%>
<%- s['classless_static_routes'].each do |route| -%>
<%- @_routes << route['destination'] + ',' + route['nexthop'] -%>
<% end -%>
<% if s['tag'] -%>
dhcp-option=tag:<%= s['tag'] -%>,option:classless-static-route,<%= @_routes.join(',') %>
<% else -%>
dhcp-option=option:classless-static-route,<%= @_routes.join(',') %>
<% end -%>
<% end -%>
<% end -%>
<% if @dnsmasq_dhcp_sequential_ip -%>
dhcp-sequential-ip
<% end -%>
dhcp-match=ipxe,175
dhcp-match=set:efi,option:client-arch,7
dhcp-match=set:efi,option:client-arch,9
dhcp-match=set:efi,option:client-arch,11
# dhcpv6s for Client System Architecture Type (61)
dhcp-match=set:efi6,option6:61,0007
dhcp-match=set:efi6,option6:61,0009
dhcp-match=set:efi6,option6:61,0011
dhcp-userclass=set:ipxe6,iPXE
# Client is already running iPXE; move to next stage of chainloading
dhcp-boot=tag:ipxe,http://<%= @dnsmasq_local_ip_real %>:<%= @http_port_real %>/inspector.ipxe
dhcp-option=tag:ipxe6,option6:bootfile-url,http://<%= @dnsmasq_local_ip_real %>:<%= @http_port_real %>/inspector.ipxe
# Client is PXE booting over EFI without iPXE ROM; send EFI version of iPXE chainloader
dhcp-boot=tag:efi,tag:!ipxe,<%= @uefi_ipxe_bootfile_name_real %>
dhcp-option=tag:efi6,tag:!ipxe6,option6:bootfile-url,tftp://<%= @dnsmasq_local_ip_real %>/<%= @uefi_ipxe_bootfile_name_real %>
# Client is running PXE over BIOS; send BIOS version of iPXE chainloader
dhcp-boot=undionly.kpxe,localhost.localdomain,<%= @dnsmasq_local_ip %>
<% if @dnsmasq_dhcp_hostsdir %>
dhcp-hostsdir=<%= @dnsmasq_dhcp_hostsdir %>
<% end %>
<% if @enable_ppc64le -%>
# Client is ppc64le (OPAL) box and doesn't need a chain loader, but does need a custom config
dhcp-match=set:ppc64le,option:client-arch,14
dhcp-boot=tag:ppc64le,
dhcp-option=tag:ppc64le, 210,<%= @tftp_root_real %>/ppc64le/
dhcp-option=tag:ppc64le, 209,default
<% end -%>

57
templates/inspector_dnsmasq_tftp.erb
View File

@@ -1,57 +0,0 @@
port=0
interface=<%= @dnsmasq_interface %>
<% if @dhcp_debug %>
log-dhcp
log-queries
<% end %>
<% if ! @dnsmasq_log_facility.nil? %>
log-facility=<%= @dnsmasq_log_facility %>
<% end -%>
<% @dnsmasq_ip_subnets_real.each do |s| -%>
<% if s['tag'] and s['netmask'] -%>
dhcp-range=set:<%= s['tag'] -%>,<%= s['ip_range'] -%>,<%= s['netmask'] -%>,10m
<% elsif s['tag'] -%>
dhcp-range=set:<%= s['tag'] -%>,<%= s['ip_range'] -%>,10m
<% else -%>
dhcp-range=<%= s['ip_range'] -%>,10m
<% end -%>
<% if s['gateway'] -%>
<% if s['tag'] -%>
dhcp-option=tag:<%= s['tag'] -%>,option:router,<%= s['gateway'] %>
<% else -%>
dhcp-option=option:router,<%= s['gateway'] %>
<% end -%>
<% end -%>
<% if s['mtu'] -%>
<% if s['tag'] -%>
dhcp-option-force=tag:<%= s['tag'] -%>,option:mtu,<%= s['mtu'] %>
<% else -%>
dhcp-option-force=option:mtu,<%= s['mtu'] %>
<% end -%>
<% end -%>
<% if s['classless_static_routes'] -%>
<%- @_routes = [] -%>
<%- s['classless_static_routes'].each do |route| -%>
<%- @_routes << route['destination'] + ',' + route['nexthop'] -%>
<% end -%>
<% if s['tag'] -%>
dhcp-option=tag:<%= s['tag'] -%>,option:classless-static-route,<%= @_routes.join(',') %>
<% else -%>
dhcp-option=option:classless-static-route,<%= @_routes.join(',') %>
<% end -%>
<% end -%>
<% end -%>
dhcp-boot=pxelinux.0,localhost.localdomain,<%= @dnsmasq_local_ip %>
<% if @dnsmasq_dhcp_sequential_ip -%>
dhcp-sequential-ip
<% end -%>
<% if @dnsmasq_dhcp_hostsdir %>
dhcp-hostsdir=<%= @dnsmasq_dhcp_hostsdir %>
<% end %>
<% if @enable_ppc64le -%>
# Client is ppc64le (OPAL) box and doesn't need a chain loader, but does need a custom config
dhcp-match=set:ppc64le,option:client-arch,14
dhcp-boot=tag:ppc64le,
dhcp-option=tag:ppc64le, 210,<%= @tftp_root_real %>/ppc64le/
dhcp-option=tag:ppc64le, 209,default
<% end -%>

7
templates/inspector_ipxe.erb
View File

@@ -1,7 +0,0 @@
#!ipxe
:retry_boot
imgfree
kernel <% if Integer(@ipxe_timeout_real) != 0 %>--timeout <%= Integer(@ipxe_timeout_real) * 1000 %> <% end %>http://<%= @dnsmasq_local_ip_real %>:<%= @http_port_real %>/<%= @kernel_filename %> ipa-inspection-callback-url=http://<%= @dnsmasq_local_ip_real %>:5050/v1/continue <%if !@ramdisk_collectors.nil? %>ipa-inspection-collectors=<%= @ramdisk_collectors %> <% end %>systemd.journald.forward_to_console=yes BOOTIF=${mac} <%= @ramdisk_kernel_args %> initrd=<%= @ramdisk_filename %> || goto retry_boot
initrd <% if Integer(@ipxe_timeout_real) != 0 %>--timeout <%= Integer(@ipxe_timeout_real) * 1000 %> <% end %>http://<%= @dnsmasq_local_ip_real %>:<%= @http_port_real %>/<%= @ramdisk_filename %> || goto retry_boot
boot

6
templates/inspector_pxelinux_cfg.erb
View File

@@ -1,6 +0,0 @@
default inspector
label inspector
kernel <%= @kernel_filename %>
append initrd=<%= @ramdisk_filename %> ipa-inspection-callback-url=http://<%= @dnsmasq_local_ip %>:5050/v1/continue <%if !@ramdisk_collectors.nil? %>ipa-inspection-collectors=<%= @ramdisk_collectors %> <% end %>systemd.journald.forward_to_console=yes <%= @ramdisk_kernel_args %>
ipappend 3