diff --git a/manifests/agents/dhcp/metadata_rate_limiting.pp b/manifests/agents/dhcp/metadata_rate_limiting.pp new file mode 100644 index 000000000..fd287ca8a --- /dev/null +++ b/manifests/agents/dhcp/metadata_rate_limiting.pp @@ -0,0 +1,62 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: neutron::agents:dhcp::metadata_rate_limiting +# +# Setups metadata ratelimit options for dhcp agent +# +# === Parameters +# +# [*rate_limit_enabled*] +# (Optional) Enable rate limiting on the metadata API. +# Defaults to $facts['os_service_default']. +# +# [*ip_versions*] +# (Optional) List of the metadata address IP versions for which rate limiting +# will be enabled. +# Defaults to $facts['os_service_default']. +# +# [*base_window_duration*] +# (Optional) Duration (seconds) of the base window on the metadata API. +# Defaults to $facts['os_service_default']. +# +# [*base_query_rate_limit*] +# (Optional) Max number of queries to accept during the base window. +# Defaults to $facts['os_service_default']. +# +# [*burst_window_duration*] +# (Optional) Duration (seconds) of the burst window on the metadata API. +# Defaults to $facts['os_service_default']. +# +# [*burst_query_rate_limit*] +# (Optional) Max number of queries to accept during the burst window. +# Defaults to $facts['os_service_default']. +# +class neutron::agents::dhcp::metadata_rate_limiting ( + $rate_limit_enabled = $facts['os_service_default'], + $ip_versions = $facts['os_service_default'], + $base_window_duration = $facts['os_service_default'], + $base_query_rate_limit = $facts['os_service_default'], + $burst_window_duration = $facts['os_service_default'], + $burst_query_rate_limit = $facts['os_service_default'], +) { + include neutron::deps + + neutron_dhcp_agent_config { + 'metadata_rate_limiting/rate_limit_enabled': value => $rate_limit_enabled; + 'metadata_rate_limiting/ip_versions': value => join(any2array($ip_versions), ','); + 'metadata_rate_limiting/base_window_duration': value => $base_window_duration; + 'metadata_rate_limiting/base_query_rate_limit': value => $base_query_rate_limit; + 'metadata_rate_limiting/burst_window_duration': value => $burst_window_duration; + 'metadata_rate_limiting/burst_query_rate_limit': value => $burst_query_rate_limit; + } +} diff --git a/manifests/agents/l3/metadata_rate_limiting.pp b/manifests/agents/l3/metadata_rate_limiting.pp new file mode 100644 index 000000000..e748326bc --- /dev/null +++ b/manifests/agents/l3/metadata_rate_limiting.pp @@ -0,0 +1,62 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: neutron::agents:l3::metadata_rate_limiting +# +# Setups metadata ratelimit options for l3 agent +# +# === Parameters +# +# [*rate_limit_enabled*] +# (Optional) Enable rate limiting on the metadata API. +# Defaults to $facts['os_service_default']. +# +# [*ip_versions*] +# (Optional) List of the metadata address IP versions for which rate limiting +# will be enabled. +# Defaults to $facts['os_service_default']. +# +# [*base_window_duration*] +# (Optional) Duration (seconds) of the base window on the metadata API. +# Defaults to $facts['os_service_default']. +# +# [*base_query_rate_limit*] +# (Optional) Max number of queries to accept during the base window. +# Defaults to $facts['os_service_default']. +# +# [*burst_window_duration*] +# (Optional) Duration (seconds) of the burst window on the metadata API. +# Defaults to $facts['os_service_default']. +# +# [*burst_query_rate_limit*] +# (Optional) Max number of queries to accept during the burst window. +# Defaults to $facts['os_service_default']. +# +class neutron::agents::l3::metadata_rate_limiting ( + $rate_limit_enabled = $facts['os_service_default'], + $ip_versions = $facts['os_service_default'], + $base_window_duration = $facts['os_service_default'], + $base_query_rate_limit = $facts['os_service_default'], + $burst_window_duration = $facts['os_service_default'], + $burst_query_rate_limit = $facts['os_service_default'], +) { + include neutron::deps + + neutron_l3_agent_config { + 'metadata_rate_limiting/rate_limit_enabled': value => $rate_limit_enabled; + 'metadata_rate_limiting/ip_versions': value => join(any2array($ip_versions), ','); + 'metadata_rate_limiting/base_window_duration': value => $base_window_duration; + 'metadata_rate_limiting/base_query_rate_limit': value => $base_query_rate_limit; + 'metadata_rate_limiting/burst_window_duration': value => $burst_window_duration; + 'metadata_rate_limiting/burst_query_rate_limit': value => $burst_query_rate_limit; + } +} diff --git a/manifests/agents/ovn_metadata/metadata_rate_limiting.pp b/manifests/agents/ovn_metadata/metadata_rate_limiting.pp new file mode 100644 index 000000000..555c64880 --- /dev/null +++ b/manifests/agents/ovn_metadata/metadata_rate_limiting.pp @@ -0,0 +1,62 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: neutron::agents:ovn_metadata::metadata_rate_limiting +# +# Setups metadata ratelimit options for ovn metadata agent +# +# === Parameters +# +# [*rate_limit_enabled*] +# (Optional) Enable rate limiting on the metadata API. +# Defaults to $facts['os_service_default']. +# +# [*ip_versions*] +# (Optional) List of the metadata address IP versions for which rate limiting +# will be enabled. +# Defaults to $facts['os_service_default']. +# +# [*base_window_duration*] +# (Optional) Duration (seconds) of the base window on the metadata API. +# Defaults to $facts['os_service_default']. +# +# [*base_query_rate_limit*] +# (Optional) Max number of queries to accept during the base window. +# Defaults to $facts['os_service_default']. +# +# [*burst_window_duration*] +# (Optional) Duration (seconds) of the burst window on the metadata API. +# Defaults to $facts['os_service_default']. +# +# [*burst_query_rate_limit*] +# (Optional) Max number of queries to accept during the burst window. +# Defaults to $facts['os_service_default']. +# +class neutron::agents::ovn_metadata::metadata_rate_limiting ( + $rate_limit_enabled = $facts['os_service_default'], + $ip_versions = $facts['os_service_default'], + $base_window_duration = $facts['os_service_default'], + $base_query_rate_limit = $facts['os_service_default'], + $burst_window_duration = $facts['os_service_default'], + $burst_query_rate_limit = $facts['os_service_default'], +) { + include neutron::deps + + ovn_metadata_agent_config { + 'metadata_rate_limiting/rate_limit_enabled': value => $rate_limit_enabled; + 'metadata_rate_limiting/ip_versions': value => join(any2array($ip_versions), ','); + 'metadata_rate_limiting/base_window_duration': value => $base_window_duration; + 'metadata_rate_limiting/base_query_rate_limit': value => $base_query_rate_limit; + 'metadata_rate_limiting/burst_window_duration': value => $burst_window_duration; + 'metadata_rate_limiting/burst_query_rate_limit': value => $burst_query_rate_limit; + } +} diff --git a/releasenotes/notes/metadata_rate_limiting-cac7b863fc99acc0.yaml b/releasenotes/notes/metadata_rate_limiting-cac7b863fc99acc0.yaml new file mode 100644 index 000000000..b82a92f08 --- /dev/null +++ b/releasenotes/notes/metadata_rate_limiting-cac7b863fc99acc0.yaml @@ -0,0 +1,9 @@ +--- +features: + - | + The following three classes have been added, to support configuration of + ``[metadata_rate_limiting]`` options. + + - ``neutron::agents::dhcp::metadata_rate_limiting`` + - ``neutron::agents::l3::metadata_rate_limiting`` + - ``neutron::agents::ovn_metadata::metadata_rate_limiting`` diff --git a/spec/classes/neutron_agents_dhcp_metadata_rate_limiting_spec.rb b/spec/classes/neutron_agents_dhcp_metadata_rate_limiting_spec.rb new file mode 100644 index 000000000..7375ff004 --- /dev/null +++ b/spec/classes/neutron_agents_dhcp_metadata_rate_limiting_spec.rb @@ -0,0 +1,49 @@ +require 'spec_helper' + +describe 'neutron::agents::dhcp::metadata_rate_limiting' do + shared_examples 'neutron::agents::dhcp::metadata_rate_limiting' do + context 'with defaults' do + it 'configures the default values' do + should contain_neutron_dhcp_agent_config('metadata_rate_limiting/rate_limit_enabled').with_value(''); + should contain_neutron_dhcp_agent_config('metadata_rate_limiting/ip_versions').with_value(''); + should contain_neutron_dhcp_agent_config('metadata_rate_limiting/base_window_duration').with_value(''); + should contain_neutron_dhcp_agent_config('metadata_rate_limiting/base_query_rate_limit').with_value(''); + should contain_neutron_dhcp_agent_config('metadata_rate_limiting/burst_window_duration').with_value(''); + should contain_neutron_dhcp_agent_config('metadata_rate_limiting/burst_query_rate_limit').with_value(''); + end + end + + context 'with parameters' do + let :params do + { + :rate_limit_enabled => false, + :ip_versions => [4], + :base_window_duration => 10, + :base_query_rate_limit => 11, + :burst_window_duration => 12, + :burst_query_rate_limit => 13, + } + end + it 'configures the given values' do + should contain_neutron_dhcp_agent_config('metadata_rate_limiting/rate_limit_enabled').with_value(false); + should contain_neutron_dhcp_agent_config('metadata_rate_limiting/ip_versions').with_value(4); + should contain_neutron_dhcp_agent_config('metadata_rate_limiting/base_window_duration').with_value(10); + should contain_neutron_dhcp_agent_config('metadata_rate_limiting/base_query_rate_limit').with_value(11); + should contain_neutron_dhcp_agent_config('metadata_rate_limiting/burst_window_duration').with_value(12); + should contain_neutron_dhcp_agent_config('metadata_rate_limiting/burst_query_rate_limit').with_value(13); + end + end + end + + on_supported_os({ + :supported_os => OSDefaults.get_supported_os + }).each do |os,facts| + context "on #{os}" do + let (:facts) do + facts.merge!(OSDefaults.get_facts()) + end + + it_behaves_like 'neutron::agents::dhcp::metadata_rate_limiting' + end + end +end diff --git a/spec/classes/neutron_agents_l3_metadata_rate_limiting_spec.rb b/spec/classes/neutron_agents_l3_metadata_rate_limiting_spec.rb new file mode 100644 index 000000000..de1639d7b --- /dev/null +++ b/spec/classes/neutron_agents_l3_metadata_rate_limiting_spec.rb @@ -0,0 +1,49 @@ +require 'spec_helper' + +describe 'neutron::agents::l3::metadata_rate_limiting' do + shared_examples 'neutron::agents::l3::metadata_rate_limiting' do + context 'with defaults' do + it 'configures the default values' do + should contain_neutron_l3_agent_config('metadata_rate_limiting/rate_limit_enabled').with_value(''); + should contain_neutron_l3_agent_config('metadata_rate_limiting/ip_versions').with_value(''); + should contain_neutron_l3_agent_config('metadata_rate_limiting/base_window_duration').with_value(''); + should contain_neutron_l3_agent_config('metadata_rate_limiting/base_query_rate_limit').with_value(''); + should contain_neutron_l3_agent_config('metadata_rate_limiting/burst_window_duration').with_value(''); + should contain_neutron_l3_agent_config('metadata_rate_limiting/burst_query_rate_limit').with_value(''); + end + end + + context 'with parameters' do + let :params do + { + :rate_limit_enabled => false, + :ip_versions => [4], + :base_window_duration => 10, + :base_query_rate_limit => 11, + :burst_window_duration => 12, + :burst_query_rate_limit => 13, + } + end + it 'configures the given values' do + should contain_neutron_l3_agent_config('metadata_rate_limiting/rate_limit_enabled').with_value(false); + should contain_neutron_l3_agent_config('metadata_rate_limiting/ip_versions').with_value(4); + should contain_neutron_l3_agent_config('metadata_rate_limiting/base_window_duration').with_value(10); + should contain_neutron_l3_agent_config('metadata_rate_limiting/base_query_rate_limit').with_value(11); + should contain_neutron_l3_agent_config('metadata_rate_limiting/burst_window_duration').with_value(12); + should contain_neutron_l3_agent_config('metadata_rate_limiting/burst_query_rate_limit').with_value(13); + end + end + end + + on_supported_os({ + :supported_os => OSDefaults.get_supported_os + }).each do |os,facts| + context "on #{os}" do + let (:facts) do + facts.merge!(OSDefaults.get_facts()) + end + + it_behaves_like 'neutron::agents::l3::metadata_rate_limiting' + end + end +end diff --git a/spec/classes/neutron_agents_ovn_metadata_metadara_rate_limiting_spec.rb b/spec/classes/neutron_agents_ovn_metadata_metadara_rate_limiting_spec.rb new file mode 100644 index 000000000..0525d4a56 --- /dev/null +++ b/spec/classes/neutron_agents_ovn_metadata_metadara_rate_limiting_spec.rb @@ -0,0 +1,49 @@ +require 'spec_helper' + +describe 'neutron::agents::ovn_metadata::metadata_rate_limiting' do + shared_examples 'neutron::agents::ovn_metadata::metadata_rate_limiting' do + context 'with defaults' do + it 'configures the default values' do + should contain_ovn_metadata_agent_config('metadata_rate_limiting/rate_limit_enabled').with_value(''); + should contain_ovn_metadata_agent_config('metadata_rate_limiting/ip_versions').with_value(''); + should contain_ovn_metadata_agent_config('metadata_rate_limiting/base_window_duration').with_value(''); + should contain_ovn_metadata_agent_config('metadata_rate_limiting/base_query_rate_limit').with_value(''); + should contain_ovn_metadata_agent_config('metadata_rate_limiting/burst_window_duration').with_value(''); + should contain_ovn_metadata_agent_config('metadata_rate_limiting/burst_query_rate_limit').with_value(''); + end + end + + context 'with parameters' do + let :params do + { + :rate_limit_enabled => false, + :ip_versions => [4], + :base_window_duration => 10, + :base_query_rate_limit => 11, + :burst_window_duration => 12, + :burst_query_rate_limit => 13, + } + end + it 'configures the given values' do + should contain_ovn_metadata_agent_config('metadata_rate_limiting/rate_limit_enabled').with_value(false); + should contain_ovn_metadata_agent_config('metadata_rate_limiting/ip_versions').with_value(4); + should contain_ovn_metadata_agent_config('metadata_rate_limiting/base_window_duration').with_value(10); + should contain_ovn_metadata_agent_config('metadata_rate_limiting/base_query_rate_limit').with_value(11); + should contain_ovn_metadata_agent_config('metadata_rate_limiting/burst_window_duration').with_value(12); + should contain_ovn_metadata_agent_config('metadata_rate_limiting/burst_query_rate_limit').with_value(13); + end + end + end + + on_supported_os({ + :supported_os => OSDefaults.get_supported_os + }).each do |os,facts| + context "on #{os}" do + let (:facts) do + facts.merge!(OSDefaults.get_facts()) + end + + it_behaves_like 'neutron::agents::ovn_metadata::metadata_rate_limiting' + end + end +end