Changes to the init manifest

This patch makes a few changes to the init manifest:

  * Adds a documentation header
  * Adds a root_helper parameter
  * Removes the rootwrap_conf option
  * Removes the rootwrap.conf file
  * Formatting fixes

Change-Id: I8c15a7227296aecd94174fce9df8c7067d673e3d

files/rootwrap.conf

@@ -1,4 +0,0 @@
-[DEFAULT]
-# List of directories to load filter definitions from (separated by ',').
-# These directories MUST all be only writeable by root !
-filters_path=/etc/quantum/rootwrap.d,/usr/share/quantum/rootwrap

manifests/init.pp

@@ -1,5 +1,96 @@
-class quantum (
+# == Class: quantum
+#
+# Installs the quantum package and configures
+# /etc/quantum/quantum.conf
+#
+# === Parameters:
+#
+# [*enabled*]
+#   (required) Whether or not to enable the quantum service
+#   true/false
+#
+# [*package_ensure*]
+#   (optional) The state of the package
+#   Defaults to 'present'
+#
+# [*verbose*]
+#   (optional) Verbose logging
+#   Defaults to False
+#
+# [*debug*]
+#   (optional) Print debug messages in the logs
+#   Defaults to False
+#
+# [*bind_host*]
+#   (optional) The IP/interface to bind to
+#   Defaults to 0.0.0.0 (all interfaces)
+#
+# [*bind_port*]
+#   (optional) The port to use
+#   Defaults to 9696
+#
+# [*core_plugin*]
+#   (optional) Quantum plugin provider
+#   Defaults to OVSQquantumPluginV2 (openvswitch)
+#
+# [*auth_strategy*]
+#   (optional) How to authenticate
+#   Defaults to 'keystone'. 'noauth' is the only other valid option
+#
+# [*base_mac*]
+#   (optional) The MAC address pattern to use.
+#   Defaults to fa:16:3e:00:00:00
+#
+# [*mac_generation_retries*]
+#   (optional) How many times to try to generate a unique mac
+#   Defaults to 16
+#
+# [*dhcp_lease_duration*]
+#   (optional) DHCP lease
+#   Defaults to 120 seconds
+#
+# [*allow_bulk*]
+#   (optional) Enable bulk crud operations
+#   Defaults to true
+#
+# [*allow_overlapping_ips*]
+#   (optional) Enables network namespaces
+#   Defaults to false
+#
+# [*control_exchange*]
+#   (optional) What RPC queue/exchange to use
+#   Defaults to quantum
 
+# [*rpc_backend*]
+#   (optional) what rpc/queuing service to use
+#   Defaults to impl_kombu (rabbitmq)
+#
+# [*rabbit_password*]
+# [*rabbit_host*]
+# [*rabbit_port*]
+# [*rabbit_user*]
+#   (optional) Various rabbitmq settings
+#
+# [*rabbit_hosts*]
+#   (optional) array of rabbitmq servers for HA
+#   Defaults to empty
+#
+# [*qpid_hostname*]
+# [*qpid_port*]
+# [*qpid_username*]
+# [*qpid_password*]
+# [*qpid_heartbeat*]
+# [*qpid_protocol*]
+# [*qpid_tcp_nodelay*]
+# [*qpid_reconnect*]
+# [*qpid_reconnect_timeout*]
+# [*qpid_reconnect_limit*]
+# [*qpid_reconnect_interval*]
+# [*qpid_reconnect_interval_min*]
+# [*qpid_reconnect_interval_max*]
+#   (optional) various QPID options
+#
+class quantum (
   $enabled                     = true,
   $package_ensure              = 'present',
   $verbose                     = 'False',
@@ -13,6 +104,7 @@ class quantum (
   $dhcp_lease_duration         = 120,
   $allow_bulk                  = 'True',
   $allow_overlapping_ips       = 'False',
+  $root_helper                 = 'sudo quantum-rootwrap /etc/quantum/rootwrap.conf',
   $control_exchange            = 'quantum',
   $rpc_backend                 = 'quantum.openstack.common.rpc.impl_kombu',
   $rabbit_password             = false,
@@ -34,9 +126,9 @@ class quantum (
   $qpid_reconnect_interval_min = 0,
   $qpid_reconnect_interval_max = 0,
   $qpid_reconnect_interval     = 0
-
 ) {
-  include 'quantum::params'
+
+  include quantum::params
 
   Package['quantum'] -> Quantum_config<||>
 
@@ -44,29 +136,17 @@ class quantum (
     require => Package['quantum'],
     owner   => 'root',
     group   => 'quantum',
-    mode    => '0750',
+    mode    => '0640',
   }
 
   file { '/etc/quantum':
     ensure  => directory,
-    owner   => 'root',
-    group   => 'quantum',
     mode    => '0750',
-    require => Package['quantum']
   }
 
-  file { '/etc/quantum/quantum.conf':
+  file { '/etc/quantum/quantum.conf': }
-    owner => 'root',
-    mode  => '0640',
-  }
 
-  file { '/etc/quantum/rootwrap.conf':
+  package { 'quantum':
-    ensure  => present,
-    source  => "puppet:///modules/${module_name}/rootwrap.conf",
-    require => File['/etc/quantum'],
-  }
-
-  package {'quantum':
     name   => $::quantum::params::package_name,
     ensure => $package_ensure
   }
@@ -83,8 +163,8 @@ class quantum (
     'DEFAULT/dhcp_lease_duration':    value => $dhcp_lease_duration;
     'DEFAULT/allow_bulk':             value => $allow_bulk;
     'DEFAULT/allow_overlapping_ips':  value => $allow_overlapping_ips;
+    'DEFAULT/root_helper':            value => $root_helper;
     'DEFAULT/control_exchange':       value => $control_exchange;
-    'DEFAULT/rootwrap_conf':          value => '/etc/quantum/rootwrap.conf';
     'DEFAULT/rpc_backend':            value => $rpc_backend;
   }
 
@@ -93,12 +173,12 @@ class quantum (
       fail("When rpc_backend is rabbitmq, you must set rabbit password")
     }
     if $rabbit_hosts {
-      quantum_config { 'DEFAULT/rabbit_host': ensure => absent }
+      quantum_config { 'DEFAULT/rabbit_host':  ensure => absent }
-      quantum_config { 'DEFAULT/rabbit_port': ensure => absent }
+      quantum_config { 'DEFAULT/rabbit_port':  ensure => absent }
       quantum_config { 'DEFAULT/rabbit_hosts': value => join($rabbit_hosts, ',') }
     } else {
-      quantum_config { 'DEFAULT/rabbit_host': value => $rabbit_host }
+      quantum_config { 'DEFAULT/rabbit_host':  value => $rabbit_host }
-      quantum_config { 'DEFAULT/rabbit_port': value => $rabbit_port }
+      quantum_config { 'DEFAULT/rabbit_port':  value => $rabbit_port }
       quantum_config { 'DEFAULT/rabbit_hosts': value => "${rabbit_host}:${rabbit_port}" }
     }
 
@@ -134,14 +214,16 @@ class quantum (
 
   # Any machine using Quantum / OVS endpoints with certain nova networking configs will
   # have protetion issues writing unexpected files unless qemu is changed appropriately.
+  # See: https://bugs.launchpad.net/openstack-cisco/+bug/1086255
   # TODO: this feels dirty. Maybe it should be moved elsewhere?
-  @file { "/etc/libvirt/qemu.conf":
+  @file { '/etc/libvirt/qemu.conf':
     ensure => present,
     notify => Exec[ '/etc/init.d/libvirt-bin restart'],
     source => 'puppet:///modules/quantum/qemu.conf',
   }
 
-  exec { '/etc/init.d/libvirt-bin restart':
+  @exec { '/etc/init.d/libvirt-bin restart':
     refreshonly => true,
   }
+
 }

spec/classes/quantum_init_spec.rb

@@ -65,13 +65,6 @@ describe 'quantum' do
       )
     end
 
-    it 'creates rootwrap.conf' do
-      should contain_file('/etc/quantum/rootwrap.conf').with(
-        :ensure => 'present',
-        :source => 'puppet:///modules/quantum/rootwrap.conf'
-      )
-    end
-
     it 'installs quantum package' do
       should contain_package('quantum').with(
         :ensure => 'present',
@@ -97,7 +90,7 @@ describe 'quantum' do
       should contain_quantum_config('DEFAULT/allow_bulk').with_value('True')
       should contain_quantum_config('DEFAULT/allow_overlapping_ips').with_value('False')
       should contain_quantum_config('DEFAULT/control_exchange').with_value('quantum')
-      should contain_quantum_config('DEFAULT/rootwrap_conf').with_value('/etc/quantum/rootwrap.conf')
+      should contain_quantum_config('DEFAULT/root_helper').with_value('sudo quantum-rootwrap /etc/quantum/rootwrap.conf')
     end
   end