diff --git a/files/rootwrap.conf b/files/rootwrap.conf deleted file mode 100644 index 5f88a6ad6..000000000 --- a/files/rootwrap.conf +++ /dev/null @@ -1,4 +0,0 @@ -[DEFAULT] -# List of directories to load filter definitions from (separated by ','). -# These directories MUST all be only writeable by root ! -filters_path=/etc/quantum/rootwrap.d,/usr/share/quantum/rootwrap diff --git a/manifests/init.pp b/manifests/init.pp index 5cd313f02..2a7ca71f4 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -1,5 +1,96 @@ -class quantum ( +# == Class: quantum +# +# Installs the quantum package and configures +# /etc/quantum/quantum.conf +# +# === Parameters: +# +# [*enabled*] +# (required) Whether or not to enable the quantum service +# true/false +# +# [*package_ensure*] +# (optional) The state of the package +# Defaults to 'present' +# +# [*verbose*] +# (optional) Verbose logging +# Defaults to False +# +# [*debug*] +# (optional) Print debug messages in the logs +# Defaults to False +# +# [*bind_host*] +# (optional) The IP/interface to bind to +# Defaults to 0.0.0.0 (all interfaces) +# +# [*bind_port*] +# (optional) The port to use +# Defaults to 9696 +# +# [*core_plugin*] +# (optional) Quantum plugin provider +# Defaults to OVSQquantumPluginV2 (openvswitch) +# +# [*auth_strategy*] +# (optional) How to authenticate +# Defaults to 'keystone'. 'noauth' is the only other valid option +# +# [*base_mac*] +# (optional) The MAC address pattern to use. +# Defaults to fa:16:3e:00:00:00 +# +# [*mac_generation_retries*] +# (optional) How many times to try to generate a unique mac +# Defaults to 16 +# +# [*dhcp_lease_duration*] +# (optional) DHCP lease +# Defaults to 120 seconds +# +# [*allow_bulk*] +# (optional) Enable bulk crud operations +# Defaults to true +# +# [*allow_overlapping_ips*] +# (optional) Enables network namespaces +# Defaults to false +# +# [*control_exchange*] +# (optional) What RPC queue/exchange to use +# Defaults to quantum +# [*rpc_backend*] +# (optional) what rpc/queuing service to use +# Defaults to impl_kombu (rabbitmq) +# +# [*rabbit_password*] +# [*rabbit_host*] +# [*rabbit_port*] +# [*rabbit_user*] +# (optional) Various rabbitmq settings +# +# [*rabbit_hosts*] +# (optional) array of rabbitmq servers for HA +# Defaults to empty +# +# [*qpid_hostname*] +# [*qpid_port*] +# [*qpid_username*] +# [*qpid_password*] +# [*qpid_heartbeat*] +# [*qpid_protocol*] +# [*qpid_tcp_nodelay*] +# [*qpid_reconnect*] +# [*qpid_reconnect_timeout*] +# [*qpid_reconnect_limit*] +# [*qpid_reconnect_interval*] +# [*qpid_reconnect_interval_min*] +# [*qpid_reconnect_interval_max*] +# (optional) various QPID options +# +class quantum ( $enabled = true, $package_ensure = 'present', $verbose = 'False', @@ -13,6 +104,7 @@ class quantum ( $dhcp_lease_duration = 120, $allow_bulk = 'True', $allow_overlapping_ips = 'False', + $root_helper = 'sudo quantum-rootwrap /etc/quantum/rootwrap.conf', $control_exchange = 'quantum', $rpc_backend = 'quantum.openstack.common.rpc.impl_kombu', $rabbit_password = false, @@ -34,9 +126,9 @@ class quantum ( $qpid_reconnect_interval_min = 0, $qpid_reconnect_interval_max = 0, $qpid_reconnect_interval = 0 - ) { - include 'quantum::params' + + include quantum::params Package['quantum'] -> Quantum_config<||> @@ -44,29 +136,17 @@ class quantum ( require => Package['quantum'], owner => 'root', group => 'quantum', - mode => '0750', + mode => '0640', } file { '/etc/quantum': ensure => directory, - owner => 'root', - group => 'quantum', mode => '0750', - require => Package['quantum'] } - file { '/etc/quantum/quantum.conf': - owner => 'root', - mode => '0640', - } + file { '/etc/quantum/quantum.conf': } - file { '/etc/quantum/rootwrap.conf': - ensure => present, - source => "puppet:///modules/${module_name}/rootwrap.conf", - require => File['/etc/quantum'], - } - - package {'quantum': + package { 'quantum': name => $::quantum::params::package_name, ensure => $package_ensure } @@ -83,8 +163,8 @@ class quantum ( 'DEFAULT/dhcp_lease_duration': value => $dhcp_lease_duration; 'DEFAULT/allow_bulk': value => $allow_bulk; 'DEFAULT/allow_overlapping_ips': value => $allow_overlapping_ips; + 'DEFAULT/root_helper': value => $root_helper; 'DEFAULT/control_exchange': value => $control_exchange; - 'DEFAULT/rootwrap_conf': value => '/etc/quantum/rootwrap.conf'; 'DEFAULT/rpc_backend': value => $rpc_backend; } @@ -93,12 +173,12 @@ class quantum ( fail("When rpc_backend is rabbitmq, you must set rabbit password") } if $rabbit_hosts { - quantum_config { 'DEFAULT/rabbit_host': ensure => absent } - quantum_config { 'DEFAULT/rabbit_port': ensure => absent } + quantum_config { 'DEFAULT/rabbit_host': ensure => absent } + quantum_config { 'DEFAULT/rabbit_port': ensure => absent } quantum_config { 'DEFAULT/rabbit_hosts': value => join($rabbit_hosts, ',') } } else { - quantum_config { 'DEFAULT/rabbit_host': value => $rabbit_host } - quantum_config { 'DEFAULT/rabbit_port': value => $rabbit_port } + quantum_config { 'DEFAULT/rabbit_host': value => $rabbit_host } + quantum_config { 'DEFAULT/rabbit_port': value => $rabbit_port } quantum_config { 'DEFAULT/rabbit_hosts': value => "${rabbit_host}:${rabbit_port}" } } @@ -134,14 +214,16 @@ class quantum ( # Any machine using Quantum / OVS endpoints with certain nova networking configs will # have protetion issues writing unexpected files unless qemu is changed appropriately. + # See: https://bugs.launchpad.net/openstack-cisco/+bug/1086255 # TODO: this feels dirty. Maybe it should be moved elsewhere? - @file { "/etc/libvirt/qemu.conf": + @file { '/etc/libvirt/qemu.conf': ensure => present, notify => Exec[ '/etc/init.d/libvirt-bin restart'], source => 'puppet:///modules/quantum/qemu.conf', } - exec { '/etc/init.d/libvirt-bin restart': + @exec { '/etc/init.d/libvirt-bin restart': refreshonly => true, } + } diff --git a/spec/classes/quantum_init_spec.rb b/spec/classes/quantum_init_spec.rb index c973f51e9..0b92b5c01 100644 --- a/spec/classes/quantum_init_spec.rb +++ b/spec/classes/quantum_init_spec.rb @@ -65,13 +65,6 @@ describe 'quantum' do ) end - it 'creates rootwrap.conf' do - should contain_file('/etc/quantum/rootwrap.conf').with( - :ensure => 'present', - :source => 'puppet:///modules/quantum/rootwrap.conf' - ) - end - it 'installs quantum package' do should contain_package('quantum').with( :ensure => 'present', @@ -97,7 +90,7 @@ describe 'quantum' do should contain_quantum_config('DEFAULT/allow_bulk').with_value('True') should contain_quantum_config('DEFAULT/allow_overlapping_ips').with_value('False') should contain_quantum_config('DEFAULT/control_exchange').with_value('quantum') - should contain_quantum_config('DEFAULT/rootwrap_conf').with_value('/etc/quantum/rootwrap.conf') + should contain_quantum_config('DEFAULT/root_helper').with_value('sudo quantum-rootwrap /etc/quantum/rootwrap.conf') end end