vpnaas: Improve driver/distributions coverage

The libreswan package is available in recent versions of Ubuntu and
Debian thus we can use libreswan in these distributions.

This change also adds support for StrongSwan driver.

Change-Id: I961b7b0ecdcdab6fd4e8337bf83c831fc54b2acd
This commit is contained in:
Takashi Kajinami 2023-11-07 01:38:59 +09:00
parent ef0137f4a7
commit 74cbf81623
3 changed files with 72 additions and 82 deletions

View File

@ -57,20 +57,24 @@ class neutron::agents::vpnaas (
package { 'openswan': package { 'openswan':
ensure => present, ensure => present,
name => $::neutron::params::openswan_package, name => $::neutron::params::openswan_package,
tag => ['neutron-support-package', 'openstack'], tag => ['openstack', 'neutron-support-package'],
} }
} }
/\.LibreSwan/: { /\.LibreSwan/: {
if($facts['os']['family'] != 'Redhat') {
fail("LibreSwan is not supported on osfamily ${facts['os']['family']}")
} else {
Package['libreswan'] -> Package<| title == 'neutron-vpnaas-agent' |> Package['libreswan'] -> Package<| title == 'neutron-vpnaas-agent' |>
package { 'libreswan': package { 'libreswan':
ensure => present, ensure => present,
name => $::neutron::params::libreswan_package, name => $::neutron::params::libreswan_package,
tag => ['neutron-support-package', 'openstack'], tag => ['openstack', 'neutron-support-package'],
} }
} }
/\.StrongSwan/: {
Package['strongswan'] -> Package<| title == 'neutron-vpnaas-agent' |>
package { 'strongswan':
ensure => present,
name => $::neutron::params::strongswan_package,
tag => ['openstack', 'neutron-support-package'],
}
} }
default: { default: {
fail("Unsupported vpn_device_driver ${vpn_device_driver}") fail("Unsupported vpn_device_driver ${vpn_device_driver}")

View File

@ -56,6 +56,7 @@ class neutron::params {
$bgp_dragent_package = 'openstack-neutron-bgp-dragent' $bgp_dragent_package = 'openstack-neutron-bgp-dragent'
$openswan_package = 'libreswan' $openswan_package = 'libreswan'
$libreswan_package = 'libreswan' $libreswan_package = 'libreswan'
$strongswan_package = 'strongswan'
$metadata_agent_package = false $metadata_agent_package = false
$l3_agent_package = false $l3_agent_package = false
$neutron_wsgi_script_path = '/var/www/cgi-bin/neutron' $neutron_wsgi_script_path = '/var/www/cgi-bin/neutron'
@ -101,7 +102,8 @@ class neutron::params {
$metering_agent_package = 'neutron-metering-agent' $metering_agent_package = 'neutron-metering-agent'
$vpnaas_agent_package = 'python3-neutron-vpnaas' $vpnaas_agent_package = 'python3-neutron-vpnaas'
$openswan_package = 'strongswan' $openswan_package = 'strongswan'
$libreswan_package = false $libreswan_package = 'libreswan'
$strongswan_package = 'strongswan'
$metadata_agent_package = 'neutron-metadata-agent' $metadata_agent_package = 'neutron-metadata-agent'
$l3_agent_package = 'neutron-l3-agent' $l3_agent_package = 'neutron-l3-agent'
$l2gw_agent_package = 'neutron-l2gateway-agent' $l2gw_agent_package = 'neutron-l2gateway-agent'

View File

@ -29,88 +29,73 @@ describe 'neutron::agents::vpnaas' do
{} {}
end end
let :default_params do shared_examples 'neutron::agents::vpnaas' do
{ context 'with defaults' do
:package_ensure => 'present',
:vpn_device_driver => 'neutron_vpnaas.services.vpn.device_drivers.ipsec.OpenSwanDriver',
:interface_driver => 'neutron.agent.linux.interface.OVSInterfaceDriver',
:purge_config => false,
}
end
shared_examples 'neutron vpnaas agent' do
let :p do
default_params.merge(params)
end
it { should contain_class('neutron::params') } it { should contain_class('neutron::params') }
it_behaves_like 'openswan vpnaas_driver'
it 'passes purge to resource' do
should contain_resources('neutron_vpnaas_agent_config').with({
:purge => false
})
end
it 'configures vpnaas_agent.ini' do it 'configures vpnaas_agent.ini' do
should contain_neutron_vpnaas_agent_config('vpnagent/vpn_device_driver').with_value(p[:vpn_device_driver]); should contain_neutron_vpnaas_agent_config('vpnagent/vpn_device_driver').with_value(
should contain_neutron_vpnaas_agent_config('ipsec/ipsec_status_check_interval').with_value('<SERVICE DEFAULT>'); 'neutron_vpnaas.services.vpn.device_drivers.ipsec.OpenSwanDriver')
should contain_neutron_vpnaas_agent_config('DEFAULT/interface_driver').with_value(p[:interface_driver]); should contain_neutron_vpnaas_agent_config('ipsec/ipsec_status_check_interval').with_value('<SERVICE DEFAULT>')
should contain_neutron_vpnaas_agent_config('DEFAULT/interface_driver').with_value(
'neutron.agent.linux.interface.OVSInterfaceDriver')
end end
it 'installs neutron vpnaas agent package' do it 'installs neutron vpnaas agent package' do
if platform_params.has_key?(:vpnaas_agent_package)
should contain_package('neutron-vpnaas-agent').with( should contain_package('neutron-vpnaas-agent').with(
:ensure => 'present',
:name => platform_params[:vpnaas_agent_package], :name => platform_params[:vpnaas_agent_package],
:ensure => p[:package_ensure],
:tag => ['openstack', 'neutron-package'], :tag => ['openstack', 'neutron-package'],
) )
should contain_package('neutron').that_requires('Anchor[neutron::install::begin]')
should contain_package('neutron').that_notifies('Anchor[neutron::install::end]')
end
end
end end
shared_examples 'openswan vpnaas_driver' do
it 'installs openswan packages' do it 'installs openswan packages' do
if platform_params.has_key?(:vpnaas_agent_package)
should contain_package('openswan')
end
should contain_package('openswan').with( should contain_package('openswan').with(
:ensure => 'present', :ensure => 'present',
:name => platform_params[:openswan_package] :name => platform_params[:openswan_package],
:tag => ['openstack', 'neutron-support-package'],
) )
end end
end end
shared_examples 'neutron::agents::vpnaas on Debian' do context 'with libreswan vpnaas driver' do
context 'when configuring the LibreSwan driver' do let :params do
before do {
params.merge!(
:vpn_device_driver => 'neutron_vpnaas.services.vpn.device_drivers.libreswan_ipsec.LibreSwanDriver' :vpn_device_driver => 'neutron_vpnaas.services.vpn.device_drivers.libreswan_ipsec.LibreSwanDriver'
) }
end end
it 'fails when configuring LibreSwan on Debian' do it 'configures vpnaas_agent.ini' do
should raise_error(Puppet::Error, /LibreSwan is not supported on osfamily Debian/) should contain_neutron_vpnaas_agent_config('vpnagent/vpn_device_driver').with_value(
end 'neutron_vpnaas.services.vpn.device_drivers.libreswan_ipsec.LibreSwanDriver')
end
end end
shared_examples 'neutron::agents::vpnaas on RedHat' do it 'installs libreswan packages' do
context 'when configuring the LibreSwan driver' do
before do
params.merge!(
:vpn_device_driver => 'neutron_vpnaas.services.vpn.device_drivers.libreswan_ipsec.LibreSwanDriver'
)
end
it 'configures LibreSwan' do
should contain_neutron_vpnaas_agent_config('vpnagent/vpn_device_driver').with_value(params[:vpn_device_driver]);
should contain_package('libreswan').with( should contain_package('libreswan').with(
:ensure => 'present', :ensure => 'present',
:name => platform_params[:libreswan_package] :name => platform_params[:libreswan_package],
:tag => ['openstack', 'neutron-support-package'],
)
end
end
context 'with strongswan vpnaas driver' do
let :params do
{
:vpn_device_driver => 'neutron_vpnaas.services.vpn.device_drivers.strongswan_ipsec.StrongSwanDriver'
}
end
it 'configures vpnaas_agent.ini' do
should contain_neutron_vpnaas_agent_config('vpnagent/vpn_device_driver').with_value(
'neutron_vpnaas.services.vpn.device_drivers.strongswan_ipsec.StrongSwanDriver')
end
it 'installs strongswan packages' do
should contain_package('strongswan').with(
:ensure => 'present',
:name => platform_params[:strongswan_package],
:tag => ['openstack', 'neutron-support-package'],
) )
end end
end end
@ -129,22 +114,21 @@ describe 'neutron::agents::vpnaas' do
when 'Debian' when 'Debian'
{ {
:openswan_package => 'strongswan', :openswan_package => 'strongswan',
:vpnaas_agent_package => 'neutron-vpn-agent' :libreswan_package => 'libreswan',
:strongswan_package => 'strongswan',
:vpnaas_agent_package => 'python3-neutron-vpnaas'
} }
when 'RedHat' when 'RedHat'
{ {
:openswan_package => 'libreswan', :openswan_package => 'libreswan',
:libreswan_package => 'libreswan', :libreswan_package => 'libreswan',
:strongswan_package => 'strongswan',
:vpnaas_agent_package => 'openstack-neutron-vpnaas' :vpnaas_agent_package => 'openstack-neutron-vpnaas'
} }
end end
end end
it_behaves_like "neutron::agents::vpnaas on #{facts[:os]['family']}" it_behaves_like 'neutron::agents::vpnaas'
if facts[:os]['family'] == 'RedHat'
it_behaves_like 'neutron vpnaas agent'
end
end end
end end
end end