From 65fc70f4d84177e3d512bf930244174fe57f24c8 Mon Sep 17 00:00:00 2001
From: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
Date: Thu, 23 Oct 2014 12:36:48 +0200
Subject: [PATCH] Set force_snat_range parameter

Due to change 59ac254bf15bb059cca12a82c9d819c371ea5c6f merged in Juno
Nova-network checks whether network has external gateway and does
(which it has by default) and does not create SNAT rules for the instances
if list of force snat ranges is empty now.

This change sets force_snat_range to ANY network and thus
new code adds corresponding rules.

Change-Id: I339dd09543f2900cab3ba6164207e962229e4386
Closes-Bug: 1384661
Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
---
 manifests/compute/neutron.pp              | 26 ++++++++++++++--
 spec/classes/nova_compute_neutron_spec.rb | 38 ++++++++++++++++++++++-
 2 files changed, 61 insertions(+), 3 deletions(-)

diff --git a/manifests/compute/neutron.pp b/manifests/compute/neutron.pp
index 59623b00a..91ee91cfc 100644
--- a/manifests/compute/neutron.pp
+++ b/manifests/compute/neutron.pp
@@ -10,9 +10,14 @@
 #   (optional) The libvirt VIF driver to configure the VIFs.
 #   Defaults to 'nova.virt.libvirt.vif.LibvirtGenericVIFDriver'.
 #
-
+# [*force_snat_range*]
+#  (optional) Force SNAT rule to specified network for nova-network
+#  Default to 0.0.0.0/0
+#  Due to architecture constraints in nova_config, it's not possible to setup
+#  more than one SNAT rule though initial parameter is MultiStrOpt
 class nova::compute::neutron (
-  $libvirt_vif_driver = 'nova.virt.libvirt.vif.LibvirtGenericVIFDriver'
+  $libvirt_vif_driver = 'nova.virt.libvirt.vif.LibvirtGenericVIFDriver',
+  $force_snat_range   = '0.0.0.0/0',
 ) {
 
   if $libvirt_vif_driver == 'nova.virt.libvirt.vif.LibvirtOpenVswitchDriver' {
@@ -22,4 +27,21 @@ class nova::compute::neutron (
   nova_config {
     'libvirt/vif_driver': value => $libvirt_vif_driver;
   }
+
+  if $libvirt_vif_driver == 'nova.virt.libvirt.vif.LibvirtGenericVIFDriver' and $force_snat_range {
+    # Validate ip and mask for force_snat_range
+    $force_snat_range_array = split($force_snat_range, '/')
+    if is_ip_address($force_snat_range_array[0]) and is_integer($force_snat_range_array[1])  {
+      nova_config {
+        'DEFAULT/force_snat_range': value => $force_snat_range;
+      }
+    } else {
+      fail('force_snat_range should be IPv4 or IPv6 CIDR notation')
+    }
+  } else {
+    nova_config {
+      'DEFAULT/force_snat_range': ensure => absent;
+    }
+  }
+
 }
diff --git a/spec/classes/nova_compute_neutron_spec.rb b/spec/classes/nova_compute_neutron_spec.rb
index b67c9fc4b..030968fa8 100644
--- a/spec/classes/nova_compute_neutron_spec.rb
+++ b/spec/classes/nova_compute_neutron_spec.rb
@@ -1,13 +1,17 @@
 require 'spec_helper'
 describe 'nova::compute::neutron' do
 
-  it { should contain_nova_config('libvirt/vif_driver').with_value('nova.virt.libvirt.vif.LibvirtGenericVIFDriver')}
+  context 'with default parameters' do
+    it { should contain_nova_config('libvirt/vif_driver').with_value('nova.virt.libvirt.vif.LibvirtGenericVIFDriver')}
+    it { should contain_nova_config('DEFAULT/force_snat_range').with(:value => '0.0.0.0/0') }
+  end
 
   context 'when overriding params' do
     let :params do
       {:libvirt_vif_driver => 'foo' }
     end
     it { should contain_nova_config('libvirt/vif_driver').with_value('foo')}
+    it { should contain_nova_config('DEFAULT/force_snat_range').with_ensure(:absent) }
   end
 
   context 'when overriding with a removed libvirt_vif_driver param' do
@@ -19,4 +23,36 @@ describe 'nova::compute::neutron' do
     end
   end
 
+  context 'with force_snat_range parameter set to false' do
+    let :params do
+      { :force_snat_range => false, }
+    end
+    it { should contain_nova_config('DEFAULT/force_snat_range').with_ensure('absent') }
+  end
+
+  context 'with force_snat_range parameter set to 10.0.0.0/24' do
+    let :params do
+      { :force_snat_range => '10.0.0.0/24', }
+    end
+
+    it { should contain_nova_config('DEFAULT/force_snat_range').with_value('10.0.0.0/24') }
+  end
+
+  context 'with force_snat_range parameter set to fe80::/64' do
+    let :params do
+      { :force_snat_range => 'fe80::/64', }
+    end
+
+    it { should contain_nova_config('DEFAULT/force_snat_range').with_value('fe80::/64') }
+  end
+
+  context 'with force_snat_range parameter set ip without mask' do
+    let :params do
+      { :force_snat_range => '10.0.0.0', }
+    end
+
+    it { expect { should contain_nova_config('DEFAULT/force_snat_range') }.to \
+      raise_error(Puppet::Error, /force_snat_range should be IPv4 or IPv6/) }
+  end
+
 end