vpnaas: Improve driver/distributions coverage

The libreswan package is available in recent versions of Ubuntu and
Debian thus we can use libreswan in these distributions.

This change also adds support for StrongSwan driver.

Change-Id: I961b7b0ecdcdab6fd4e8337bf83c831fc54b2acd
This commit is contained in:
Takashi Kajinami 2023-11-07 01:38:59 +09:00
parent ef0137f4a7
commit 74cbf81623
3 changed files with 72 additions and 82 deletions

View File

@ -57,19 +57,23 @@ class neutron::agents::vpnaas (
package { 'openswan':
ensure => present,
name => $::neutron::params::openswan_package,
tag => ['neutron-support-package', 'openstack'],
tag => ['openstack', 'neutron-support-package'],
}
}
/\.LibreSwan/: {
if($facts['os']['family'] != 'Redhat') {
fail("LibreSwan is not supported on osfamily ${facts['os']['family']}")
} else {
Package['libreswan'] -> Package<| title == 'neutron-vpnaas-agent' |>
package { 'libreswan':
ensure => present,
name => $::neutron::params::libreswan_package,
tag => ['neutron-support-package', 'openstack'],
}
Package['libreswan'] -> Package<| title == 'neutron-vpnaas-agent' |>
package { 'libreswan':
ensure => present,
name => $::neutron::params::libreswan_package,
tag => ['openstack', 'neutron-support-package'],
}
}
/\.StrongSwan/: {
Package['strongswan'] -> Package<| title == 'neutron-vpnaas-agent' |>
package { 'strongswan':
ensure => present,
name => $::neutron::params::strongswan_package,
tag => ['openstack', 'neutron-support-package'],
}
}
default: {

View File

@ -56,6 +56,7 @@ class neutron::params {
$bgp_dragent_package = 'openstack-neutron-bgp-dragent'
$openswan_package = 'libreswan'
$libreswan_package = 'libreswan'
$strongswan_package = 'strongswan'
$metadata_agent_package = false
$l3_agent_package = false
$neutron_wsgi_script_path = '/var/www/cgi-bin/neutron'
@ -101,7 +102,8 @@ class neutron::params {
$metering_agent_package = 'neutron-metering-agent'
$vpnaas_agent_package = 'python3-neutron-vpnaas'
$openswan_package = 'strongswan'
$libreswan_package = false
$libreswan_package = 'libreswan'
$strongswan_package = 'strongswan'
$metadata_agent_package = 'neutron-metadata-agent'
$l3_agent_package = 'neutron-l3-agent'
$l2gw_agent_package = 'neutron-l2gateway-agent'

View File

@ -29,88 +29,73 @@ describe 'neutron::agents::vpnaas' do
{}
end
let :default_params do
{
:package_ensure => 'present',
:vpn_device_driver => 'neutron_vpnaas.services.vpn.device_drivers.ipsec.OpenSwanDriver',
:interface_driver => 'neutron.agent.linux.interface.OVSInterfaceDriver',
:purge_config => false,
}
end
shared_examples 'neutron::agents::vpnaas' do
context 'with defaults' do
it { should contain_class('neutron::params') }
shared_examples 'neutron vpnaas agent' do
let :p do
default_params.merge(params)
end
it 'configures vpnaas_agent.ini' do
should contain_neutron_vpnaas_agent_config('vpnagent/vpn_device_driver').with_value(
'neutron_vpnaas.services.vpn.device_drivers.ipsec.OpenSwanDriver')
should contain_neutron_vpnaas_agent_config('ipsec/ipsec_status_check_interval').with_value('<SERVICE DEFAULT>')
should contain_neutron_vpnaas_agent_config('DEFAULT/interface_driver').with_value(
'neutron.agent.linux.interface.OVSInterfaceDriver')
end
it { should contain_class('neutron::params') }
it_behaves_like 'openswan vpnaas_driver'
it 'passes purge to resource' do
should contain_resources('neutron_vpnaas_agent_config').with({
:purge => false
})
end
it 'configures vpnaas_agent.ini' do
should contain_neutron_vpnaas_agent_config('vpnagent/vpn_device_driver').with_value(p[:vpn_device_driver]);
should contain_neutron_vpnaas_agent_config('ipsec/ipsec_status_check_interval').with_value('<SERVICE DEFAULT>');
should contain_neutron_vpnaas_agent_config('DEFAULT/interface_driver').with_value(p[:interface_driver]);
end
it 'installs neutron vpnaas agent package' do
if platform_params.has_key?(:vpnaas_agent_package)
it 'installs neutron vpnaas agent package' do
should contain_package('neutron-vpnaas-agent').with(
:ensure => 'present',
:name => platform_params[:vpnaas_agent_package],
:ensure => p[:package_ensure],
:tag => ['openstack', 'neutron-package'],
)
should contain_package('neutron').that_requires('Anchor[neutron::install::begin]')
should contain_package('neutron').that_notifies('Anchor[neutron::install::end]')
end
end
end
shared_examples 'openswan vpnaas_driver' do
it 'installs openswan packages' do
if platform_params.has_key?(:vpnaas_agent_package)
should contain_package('openswan')
end
should contain_package('openswan').with(
:ensure => 'present',
:name => platform_params[:openswan_package]
)
end
end
shared_examples 'neutron::agents::vpnaas on Debian' do
context 'when configuring the LibreSwan driver' do
before do
params.merge!(
:vpn_device_driver => 'neutron_vpnaas.services.vpn.device_drivers.libreswan_ipsec.LibreSwanDriver'
it 'installs openswan packages' do
should contain_package('openswan').with(
:ensure => 'present',
:name => platform_params[:openswan_package],
:tag => ['openstack', 'neutron-support-package'],
)
end
it 'fails when configuring LibreSwan on Debian' do
should raise_error(Puppet::Error, /LibreSwan is not supported on osfamily Debian/)
end
end
end
shared_examples 'neutron::agents::vpnaas on RedHat' do
context 'when configuring the LibreSwan driver' do
before do
params.merge!(
context 'with libreswan vpnaas driver' do
let :params do
{
:vpn_device_driver => 'neutron_vpnaas.services.vpn.device_drivers.libreswan_ipsec.LibreSwanDriver'
)
}
end
it 'configures LibreSwan' do
should contain_neutron_vpnaas_agent_config('vpnagent/vpn_device_driver').with_value(params[:vpn_device_driver]);
it 'configures vpnaas_agent.ini' do
should contain_neutron_vpnaas_agent_config('vpnagent/vpn_device_driver').with_value(
'neutron_vpnaas.services.vpn.device_drivers.libreswan_ipsec.LibreSwanDriver')
end
it 'installs libreswan packages' do
should contain_package('libreswan').with(
:ensure => 'present',
:name => platform_params[:libreswan_package]
:name => platform_params[:libreswan_package],
:tag => ['openstack', 'neutron-support-package'],
)
end
end
context 'with strongswan vpnaas driver' do
let :params do
{
:vpn_device_driver => 'neutron_vpnaas.services.vpn.device_drivers.strongswan_ipsec.StrongSwanDriver'
}
end
it 'configures vpnaas_agent.ini' do
should contain_neutron_vpnaas_agent_config('vpnagent/vpn_device_driver').with_value(
'neutron_vpnaas.services.vpn.device_drivers.strongswan_ipsec.StrongSwanDriver')
end
it 'installs strongswan packages' do
should contain_package('strongswan').with(
:ensure => 'present',
:name => platform_params[:strongswan_package],
:tag => ['openstack', 'neutron-support-package'],
)
end
end
@ -129,22 +114,21 @@ describe 'neutron::agents::vpnaas' do
when 'Debian'
{
:openswan_package => 'strongswan',
:vpnaas_agent_package => 'neutron-vpn-agent'
:libreswan_package => 'libreswan',
:strongswan_package => 'strongswan',
:vpnaas_agent_package => 'python3-neutron-vpnaas'
}
when 'RedHat'
{
:openswan_package => 'libreswan',
:libreswan_package => 'libreswan',
:strongswan_package => 'strongswan',
:vpnaas_agent_package => 'openstack-neutron-vpnaas'
}
end
end
it_behaves_like "neutron::agents::vpnaas on #{facts[:os]['family']}"
if facts[:os]['family'] == 'RedHat'
it_behaves_like 'neutron vpnaas agent'
end
it_behaves_like 'neutron::agents::vpnaas'
end
end
end