vpnaas: Improve driver/distributions coverage

The libreswan package is available in recent versions of Ubuntu and Debian thus we can use libreswan in these distributions. This change also adds support for StrongSwan driver. Change-Id: I961b7b0ecdcdab6fd4e8337bf83c831fc54b2acd
2023-11-07 01:38:59 +09:00 · 2023-11-07 01:38:59 +09:00 · 74cbf81623
commit 74cbf81623
parent ef0137f4a7
3 changed files with 72 additions and 82 deletions
--- a/manifests/agents/vpnaas.pp
+++ b/manifests/agents/vpnaas.pp
@ -57,19 +57,23 @@ class neutron::agents::vpnaas (
      package { 'openswan':
        ensure => present,
        name   => $::neutron::params::openswan_package,
-        tag    => ['neutron-support-package', 'openstack'],
+        tag    => ['openstack', 'neutron-support-package'],
      }
    }
    /\.LibreSwan/: {
-      if($facts['os']['family'] != 'Redhat') {
+      Package['libreswan'] -> Package<| title == 'neutron-vpnaas-agent' |>
-        fail("LibreSwan is not supported on osfamily ${facts['os']['family']}")
+      package { 'libreswan':
-      } else {
+        ensure => present,
-        Package['libreswan'] -> Package<| title == 'neutron-vpnaas-agent' |>
+        name   => $::neutron::params::libreswan_package,
-        package { 'libreswan':
+        tag    => ['openstack', 'neutron-support-package'],
-          ensure => present,
+      }
-          name   => $::neutron::params::libreswan_package,
+    }
-          tag    => ['neutron-support-package', 'openstack'],
+    /\.StrongSwan/: {
-        }
+      Package['strongswan'] -> Package<| title == 'neutron-vpnaas-agent' |>
      package { 'strongswan':
        ensure => present,
        name   => $::neutron::params::strongswan_package,
        tag    => ['openstack', 'neutron-support-package'],
      }
    }
    default: {
--- a/manifests/params.pp
+++ b/manifests/params.pp
@ -56,6 +56,7 @@ class neutron::params {
      $bgp_dragent_package                = 'openstack-neutron-bgp-dragent'
      $openswan_package                   = 'libreswan'
      $libreswan_package                  = 'libreswan'
      $strongswan_package                 = 'strongswan'
      $metadata_agent_package             = false
      $l3_agent_package                   = false
      $neutron_wsgi_script_path           = '/var/www/cgi-bin/neutron'
@ -101,7 +102,8 @@ class neutron::params {
      $metering_agent_package             = 'neutron-metering-agent'
      $vpnaas_agent_package               = 'python3-neutron-vpnaas'
      $openswan_package                   = 'strongswan'
-      $libreswan_package                  = false
+      $libreswan_package                  = 'libreswan'
      $strongswan_package                 = 'strongswan'
      $metadata_agent_package             = 'neutron-metadata-agent'
      $l3_agent_package                   = 'neutron-l3-agent'
      $l2gw_agent_package                 = 'neutron-l2gateway-agent'
--- a/spec/classes/neutron_agents_vpnaas_spec.rb
+++ b/spec/classes/neutron_agents_vpnaas_spec.rb
@ -29,88 +29,73 @@ describe 'neutron::agents::vpnaas' do
    {}
  end
-  let :default_params do
+  shared_examples 'neutron::agents::vpnaas' do
-    {
+    context 'with defaults' do
-      :package_ensure    => 'present',
+      it { should contain_class('neutron::params') }
      :vpn_device_driver => 'neutron_vpnaas.services.vpn.device_drivers.ipsec.OpenSwanDriver',
      :interface_driver  => 'neutron.agent.linux.interface.OVSInterfaceDriver',
      :purge_config      => false,
    }
  end
-  shared_examples 'neutron vpnaas agent' do
+      it 'configures vpnaas_agent.ini' do
-    let :p do
+        should contain_neutron_vpnaas_agent_config('vpnagent/vpn_device_driver').with_value(
-      default_params.merge(params)
+          'neutron_vpnaas.services.vpn.device_drivers.ipsec.OpenSwanDriver')
-    end
+        should contain_neutron_vpnaas_agent_config('ipsec/ipsec_status_check_interval').with_value('<SERVICE DEFAULT>')
        should contain_neutron_vpnaas_agent_config('DEFAULT/interface_driver').with_value(
          'neutron.agent.linux.interface.OVSInterfaceDriver')
      end
-    it { should contain_class('neutron::params') }
+      it 'installs neutron vpnaas agent package' do
    it_behaves_like 'openswan vpnaas_driver'
    it 'passes purge to resource' do
      should contain_resources('neutron_vpnaas_agent_config').with({
        :purge => false
      })
    end
    it 'configures vpnaas_agent.ini' do
      should contain_neutron_vpnaas_agent_config('vpnagent/vpn_device_driver').with_value(p[:vpn_device_driver]);
      should contain_neutron_vpnaas_agent_config('ipsec/ipsec_status_check_interval').with_value('<SERVICE DEFAULT>');
      should contain_neutron_vpnaas_agent_config('DEFAULT/interface_driver').with_value(p[:interface_driver]);
    end
    it 'installs neutron vpnaas agent package' do
      if platform_params.has_key?(:vpnaas_agent_package)
        should contain_package('neutron-vpnaas-agent').with(
          :ensure => 'present',
          :name   => platform_params[:vpnaas_agent_package],
          :ensure => p[:package_ensure],
          :tag    => ['openstack', 'neutron-package'],
        )
        should contain_package('neutron').that_requires('Anchor[neutron::install::begin]')
        should contain_package('neutron').that_notifies('Anchor[neutron::install::end]')
      end
    end
  end
-  shared_examples 'openswan vpnaas_driver' do
+      it 'installs openswan packages' do
-    it 'installs openswan packages' do
+        should contain_package('openswan').with(
-      if platform_params.has_key?(:vpnaas_agent_package)
+          :ensure => 'present',
-        should contain_package('openswan')
+          :name   => platform_params[:openswan_package],
-      end
+          :tag    => ['openstack', 'neutron-support-package'],
      should contain_package('openswan').with(
        :ensure => 'present',
        :name   => platform_params[:openswan_package]
      )
    end
  end
  shared_examples 'neutron::agents::vpnaas on Debian' do
    context 'when configuring the LibreSwan driver' do
      before do
        params.merge!(
          :vpn_device_driver => 'neutron_vpnaas.services.vpn.device_drivers.libreswan_ipsec.LibreSwanDriver'
        )
      end
      it 'fails when configuring LibreSwan on Debian' do
        should raise_error(Puppet::Error, /LibreSwan is not supported on osfamily Debian/)
      end
    end
  end
-  shared_examples 'neutron::agents::vpnaas on RedHat' do
+    context 'with libreswan vpnaas driver' do
-    context 'when configuring the LibreSwan driver' do
+      let :params do
-      before do
+        {
        params.merge!(
          :vpn_device_driver => 'neutron_vpnaas.services.vpn.device_drivers.libreswan_ipsec.LibreSwanDriver'
-        )
+        }
      end
-      it 'configures LibreSwan' do
+      it 'configures vpnaas_agent.ini' do
-        should contain_neutron_vpnaas_agent_config('vpnagent/vpn_device_driver').with_value(params[:vpn_device_driver]);
+        should contain_neutron_vpnaas_agent_config('vpnagent/vpn_device_driver').with_value(
          'neutron_vpnaas.services.vpn.device_drivers.libreswan_ipsec.LibreSwanDriver')
      end
      it 'installs libreswan packages' do
        should contain_package('libreswan').with(
          :ensure => 'present',
-          :name   => platform_params[:libreswan_package]
+          :name   => platform_params[:libreswan_package],
          :tag    => ['openstack', 'neutron-support-package'],
        )
      end
    end
    context 'with strongswan vpnaas driver' do
      let :params do
        {
          :vpn_device_driver => 'neutron_vpnaas.services.vpn.device_drivers.strongswan_ipsec.StrongSwanDriver'
        }
      end
      it 'configures vpnaas_agent.ini' do
        should contain_neutron_vpnaas_agent_config('vpnagent/vpn_device_driver').with_value(
          'neutron_vpnaas.services.vpn.device_drivers.strongswan_ipsec.StrongSwanDriver')
      end
      it 'installs strongswan packages' do
        should contain_package('strongswan').with(
          :ensure => 'present',
          :name   => platform_params[:strongswan_package],
          :tag    => ['openstack', 'neutron-support-package'],
        )
      end
    end
@ -129,22 +114,21 @@ describe 'neutron::agents::vpnaas' do
        when 'Debian'
          {
            :openswan_package     => 'strongswan',
-            :vpnaas_agent_package => 'neutron-vpn-agent'
+            :libreswan_package    => 'libreswan',
            :strongswan_package   => 'strongswan',
            :vpnaas_agent_package => 'python3-neutron-vpnaas'
          }
        when 'RedHat'
          {
            :openswan_package     => 'libreswan',
            :libreswan_package    => 'libreswan',
            :strongswan_package   => 'strongswan',
            :vpnaas_agent_package => 'openstack-neutron-vpnaas'
          }
        end
      end
-      it_behaves_like "neutron::agents::vpnaas on #{facts[:os]['family']}"
+      it_behaves_like 'neutron::agents::vpnaas'
      if facts[:os]['family'] == 'RedHat'
        it_behaves_like 'neutron vpnaas agent'
      end
    end
  end
 end