From 8b60d6ba8325cdc6447f91ce3a4231b0698dbeea Mon Sep 17 00:00:00 2001 From: Takashi Kajinami Date: Tue, 23 May 2023 11:39:14 +0900 Subject: [PATCH] Prohibit modular libvirt in non RedHat distributions Currently modular libvirt daemons are supported only by CentOS and RHEL. This makes sure the deployment fails in case the architecture is requested in distros which do not support it. Conflicts: spec/classes/nova_migration_libvirt_spec.rb Change-Id: I8eefc65e206bdb0532b6c5d08eee0d35d764a2b9 (cherry picked from commit 0fe7de9b7710859c08428687ee6e35e1ef5fb822) (cherry picked from commit 861bef82b554f0d1003af2e26cbc49a7b33ac333) --- manifests/compute/libvirt/services.pp | 4 + manifests/migration/libvirt.pp | 5 +- manifests/params.pp | 5 +- .../nova_compute_libvirt_services_spec.rb | 7 +- spec/classes/nova_migration_libvirt_spec.rb | 312 ++++++++---------- 5 files changed, 150 insertions(+), 183 deletions(-) diff --git a/manifests/compute/libvirt/services.pp b/manifests/compute/libvirt/services.pp index 03383a7ba..ad661eef3 100644 --- a/manifests/compute/libvirt/services.pp +++ b/manifests/compute/libvirt/services.pp @@ -61,6 +61,10 @@ class nova::compute::libvirt::services ( include nova::deps include nova::params + if $modular_libvirt and !$::nova::params::modular_libvirt_support { + fail('Modular libvirt daemons are not support in this distribution') + } + if $libvirt_service_name { # libvirt-nwfilter if $::osfamily == 'RedHat' { diff --git a/manifests/migration/libvirt.pp b/manifests/migration/libvirt.pp index a63bf0fc4..518510e01 100644 --- a/manifests/migration/libvirt.pp +++ b/manifests/migration/libvirt.pp @@ -166,8 +166,11 @@ class nova::migration::libvirt( $transport_real = 'tcp' } - $modular_libvirt_real = pick($modular_libvirt, $nova::params::modular_libvirt) + $modular_libvirt_real = pick($modular_libvirt, $::nova::params::modular_libvirt) + if $modular_libvirt_real and !$::nova::params::modular_libvirt_support { + fail('Modular libvirt daemons are not support in this distribution') + } validate_legacy(Enum['tcp', 'tls', 'ssh'], 'validate_re', $transport_real, [['^tcp$', '^tls$', '^ssh$'], 'Valid options for transport are tcp, tls, ssh.']) diff --git a/manifests/params.pp b/manifests/params.pp index 288b30e01..76b9aeef6 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -53,6 +53,7 @@ class nova::params { $serialproxy_service_name = 'openstack-nova-serialproxy' $spicehtml5proxy_service_name = 'openstack-nova-spicehtml5proxy' $modular_libvirt = false + $modular_libvirt_support = true # redhat specific config defaults $root_helper = 'sudo nova-rootwrap' $lock_path = '/var/lib/nova/tmp' @@ -111,7 +112,6 @@ class nova::params { $virtqemu_service_name = 'virtqemud.socket' $virtproxy_service_name = 'virtproxyd.socket' $virtstorage_service_name = 'virtstoraged.socket' - $modular_libvirt = false } default: { $api_metadata_service_name = undef @@ -127,9 +127,10 @@ class nova::params { $virtqemu_service_name = 'virtqemud' $virtproxy_service_name = 'virtproxyd' $virtstorage_service_name = 'virtstoraged' - $modular_libvirt = false } } + $modular_libvirt = false + $modular_libvirt_support = false $libvirt_service_name = 'libvirtd' } default: { diff --git a/spec/classes/nova_compute_libvirt_services_spec.rb b/spec/classes/nova_compute_libvirt_services_spec.rb index f95346907..3725bb3d2 100644 --- a/spec/classes/nova_compute_libvirt_services_spec.rb +++ b/spec/classes/nova_compute_libvirt_services_spec.rb @@ -24,8 +24,10 @@ describe 'nova::compute::libvirt::services' do is_expected.not_to contain_service('libvirt') end end + end - context 'with default parameters and modular-libvirt true' do + shared_examples_for 'nova compute libvirt services with modular libvirt' do + context 'with default parameters' do let :params do { :modular_libvirt => true @@ -56,6 +58,9 @@ describe 'nova::compute::libvirt::services' do facts.merge!(OSDefaults.get_facts()) end it_configures 'nova compute libvirt services' + if facts['osfamily'] == 'RedHat' + it_configures 'nova compute libvirt services with modular libvirt' + end end end end diff --git a/spec/classes/nova_migration_libvirt_spec.rb b/spec/classes/nova_migration_libvirt_spec.rb index 5f07509c7..e476802e3 100644 --- a/spec/classes/nova_migration_libvirt_spec.rb +++ b/spec/classes/nova_migration_libvirt_spec.rb @@ -49,25 +49,6 @@ describe 'nova::migration::libvirt' do it { is_expected.to contain_nova_config('libvirt/live_migration_permit_auto_converge').with_value('')} end - context 'with modular_libvirt set to true' do - let(:params) { { :modular_libvirt => true} } - - it { is_expected.to contain_virtproxyd_config('listen_tls').with_value('0') } - it { is_expected.to contain_virtproxyd_config('listen_tcp').with_value('1') } - it { is_expected.to contain_virtproxyd_config('auth_tls').with_value('').with_quote(true) } - it { is_expected.to contain_virtproxyd_config('auth_tcp').with_value('none').with_quote(true) } - it { is_expected.to contain_virtproxyd_config('ca_file').with_value('').with_quote(true) } - it { is_expected.to contain_virtproxyd_config('crl_file').with_value('').with_quote(true) } - it { is_expected.to contain_nova_config('libvirt/live_migration_tunnelled').with_value('') } - it { is_expected.to contain_nova_config('libvirt/live_migration_with_native_tls').with_value('') } - it { is_expected.to contain_nova_config('libvirt/live_migration_completion_timeout').with_value('') } - it { is_expected.to contain_nova_config('libvirt/live_migration_timeout_action').with_value('') } - it { is_expected.to contain_nova_config('libvirt/live_migration_uri').with_value('qemu+tcp://%s/system') } - it { is_expected.to contain_nova_config('libvirt/live_migration_inbound_addr').with_value('')} - it { is_expected.to contain_nova_config('libvirt/live_migration_permit_post_copy').with_value('')} - it { is_expected.to contain_nova_config('libvirt/live_migration_permit_auto_converge').with_value('')} - end - context 'with override_uuid enabled' do let :params do { @@ -118,23 +99,6 @@ describe 'nova::migration::libvirt' do it { is_expected.to contain_nova_config('libvirt/live_migration_uri').with_value('qemu+tls://%s/system')} end - context 'with tls enabled and modular-libvirt set to true' do - let :params do - { - :transport => 'tls', - :modular_libvirt => true, - } - end - it { is_expected.to contain_virtproxyd_config('listen_tls').with_value('1') } - it { is_expected.to contain_virtproxyd_config('listen_tcp').with_value('0') } - it { is_expected.to contain_virtproxyd_config('auth_tls').with_value('none').with_quote(true) } - it { is_expected.to contain_virtproxyd_config('auth_tcp').with_value('').with_quote(true) } - it { is_expected.to contain_virtproxyd_config('ca_file').with_value('').with_quote(true) } - it { is_expected.to contain_virtproxyd_config('crl_file').with_value('').with_quote(true) } - it { is_expected.to contain_nova_config('libvirt/live_migration_uri').with_value('qemu+tls://%s/system')} - end - - context 'with tls enabled and inbound addr set' do let :params do { @@ -197,20 +161,6 @@ describe 'nova::migration::libvirt' do it { is_expected.to contain_libvirtd_config('crl_file').with_value('').with_quote(true) } end - context 'with auth set to sasl and modular_libvirt is true' do - let :params do - { - :auth => 'sasl', - :modular_libvirt => true, - } - end - it { is_expected.to contain_virtproxyd_config('auth_tls').with_value('').with_quote(true) } - it { is_expected.to contain_virtproxyd_config('auth_tcp').with_value('sasl').with_quote(true) } - it { is_expected.to contain_virtproxyd_config('ca_file').with_value('').with_quote(true) } - it { is_expected.to contain_virtproxyd_config('crl_file').with_value('').with_quote(true) } - end - - context 'with auth set to sasl and tls enabled' do let :params do { @@ -224,21 +174,6 @@ describe 'nova::migration::libvirt' do it { is_expected.to contain_libvirtd_config('crl_file').with_value('').with_quote(true) } end - context 'with auth set to sasl and tls enabled and modular_libvirt set to true' do - let :params do - { - :auth => 'sasl', - :transport => 'tls', - :modular_libvirt => true, - } - end - it { is_expected.to contain_virtproxyd_config('auth_tls').with_value('sasl').with_quote(true) } - it { is_expected.to contain_virtproxyd_config('auth_tcp').with_value('').with_quote(true) } - it { is_expected.to contain_virtproxyd_config('ca_file').with_value('').with_quote(true) } - it { is_expected.to contain_virtproxyd_config('crl_file').with_value('').with_quote(true) } - end - - context 'with certificates set and tls enabled' do let :params do { @@ -253,21 +188,6 @@ describe 'nova::migration::libvirt' do it { is_expected.to contain_libvirtd_config('crl_file').with_value('/crl').with_quote(true) } end - context 'with certificates set and tls enabled and modular_libvirt set to true' do - let :params do - { - :transport => 'tls', - :ca_file => '/ca', - :crl_file => '/crl', - :modular_libvirt => true, - } - end - it { is_expected.to contain_virtproxyd_config('auth_tls').with_value('none').with_quote(true) } - it { is_expected.to contain_virtproxyd_config('auth_tcp').with_value('').with_quote(true) } - it { is_expected.to contain_virtproxyd_config('ca_file').with_value('/ca').with_quote(true) } - it { is_expected.to contain_virtproxyd_config('crl_file').with_value('/crl').with_quote(true) } - end - context 'with auth set to an invalid setting' do let :params do { @@ -307,16 +227,6 @@ describe 'nova::migration::libvirt' do it { is_expected.to contain_libvirtd_config('listen_addr').with_value('127.0.0.1').with_quote(true) } end - context 'with listen_address set and modular_libvirt set to true' do - let :params do - { - :listen_address => "127.0.0.1", - :modular_libvirt => true, - } - end - it { is_expected.to contain_virtproxyd_config('listen_addr').with_value('127.0.0.1').with_quote(true) } - end - context 'with ssh transport' do let :params do { @@ -328,18 +238,6 @@ describe 'nova::migration::libvirt' do it { is_expected.to contain_libvirtd_config('listen_tcp').with_value('0') } end - context 'with ssh transport and modular_libvirt set to true' do - let :params do - { - :transport => 'ssh', - :modular_libvirt => true, - } - end - it { is_expected.to contain_nova_config('libvirt/live_migration_uri').with_value('qemu+ssh://%s/system')} - it { is_expected.to contain_virtproxyd_config('listen_tls').with_value('0') } - it { is_expected.to contain_virtproxyd_config('listen_tcp').with_value('0') } - end - context 'with ssh transport with user' do let :params do { @@ -352,19 +250,6 @@ describe 'nova::migration::libvirt' do it { is_expected.to contain_libvirtd_config('listen_tcp').with_value('0') } end - context 'with ssh transport with user and modular_libvirt set to true' do - let :params do - { - :transport => 'ssh', - :client_user => 'foobar', - :modular_libvirt => true, - } - end - it { is_expected.to contain_nova_config('libvirt/live_migration_uri').with_value('qemu+ssh://foobar@%s/system')} - it { is_expected.to contain_virtproxyd_config('listen_tls').with_value('0') } - it { is_expected.to contain_virtproxyd_config('listen_tcp').with_value('0') } - end - context 'with ssh transport with port' do let :params do { @@ -377,19 +262,6 @@ describe 'nova::migration::libvirt' do it { is_expected.to contain_libvirtd_config('listen_tcp').with_value('0') } end - context 'with ssh transport with port and modular_libvirt set to true' do - let :params do - { - :transport => 'ssh', - :client_port => 1234, - :modular_libvirt => true, - } - end - it { is_expected.to contain_nova_config('libvirt/live_migration_uri').with_value('qemu+ssh://%s:1234/system')} - it { is_expected.to contain_virtproxyd_config('listen_tls').with_value('0') } - it { is_expected.to contain_virtproxyd_config('listen_tcp').with_value('0') } - end - context 'with ssh transport with extraparams' do let :params do { @@ -401,20 +273,6 @@ describe 'nova::migration::libvirt' do it { is_expected.to contain_libvirtd_config('listen_tls').with_value('0') } it { is_expected.to contain_libvirtd_config('listen_tcp').with_value('0') } end - - context 'with ssh transport with extraparams and modular_libvirt set to true' do - let :params do - { - :transport => 'ssh', - :client_extraparams => {'foo' => '%', 'bar' => 'baz'}, - :modular_libvirt => true, - } - end - it { is_expected.to contain_nova_config('libvirt/live_migration_uri').with_value('qemu+ssh://%s/system?foo=%%25&bar=baz')} - it { is_expected.to contain_virtproxyd_config('listen_tls').with_value('0') } - it { is_expected.to contain_virtproxyd_config('listen_tcp').with_value('0') } - end - end shared_examples_for 'nova migration with libvirt in Debian' do @@ -453,36 +311,6 @@ describe 'nova::migration::libvirt' do :enable => true, )} end - - context 'with tls transport and modular daemons' do - let :params do - { - :transport => 'tls', - :modular_libvirt => true, - } - end - - it { is_expected.to contain_service('virtproxyd-tls').with( - :name => 'virtproxyd-tls.socket', - :ensure => 'running', - :enable => true, - )} - end - - context 'with tcp transport and modular daemons' do - let :params do - { - :transport => 'tcp', - :modular_libvirt => true, - } - end - - it { is_expected.to contain_service('virtproxyd-tcp').with( - :name => 'virtproxyd-tcp.socket', - :ensure => 'running', - :enable => true, - )} - end end shared_examples_for 'nova migration with libvirt in RedHat' do @@ -531,8 +359,126 @@ describe 'nova::migration::libvirt' do :enable => true, )} end + end - context 'with tls transport and modular daemons' do + shared_examples_for 'nova migration with modular libvirt' do + context 'with modular_libvirt set to true' do + let(:params) { { :modular_libvirt => true} } + + it { is_expected.to contain_virtproxyd_config('auth_tls').with_value('').with_quote(true) } + it { is_expected.to contain_virtproxyd_config('auth_tcp').with_value('none').with_quote(true) } + it { is_expected.to contain_virtproxyd_config('ca_file').with_value('').with_quote(true) } + it { is_expected.to contain_virtproxyd_config('crl_file').with_value('').with_quote(true) } + it { is_expected.to contain_nova_config('libvirt/live_migration_tunnelled').with_value('') } + it { is_expected.to contain_nova_config('libvirt/live_migration_with_native_tls').with_value('') } + it { is_expected.to contain_nova_config('libvirt/live_migration_completion_timeout').with_value('') } + it { is_expected.to contain_nova_config('libvirt/live_migration_timeout_action').with_value('') } + it { is_expected.to contain_nova_config('libvirt/live_migration_uri').with_value('qemu+tcp://%s/system') } + it { is_expected.to contain_nova_config('libvirt/live_migration_inbound_addr').with_value('')} + it { is_expected.to contain_nova_config('libvirt/live_migration_permit_post_copy').with_value('')} + it { is_expected.to contain_nova_config('libvirt/live_migration_permit_auto_converge').with_value('')} + end + + context 'with tls enabled' do + let :params do + { + :transport => 'tls', + :modular_libvirt => true, + } + end + it { is_expected.to contain_virtproxyd_config('auth_tls').with_value('none').with_quote(true) } + it { is_expected.to contain_virtproxyd_config('auth_tcp').with_value('').with_quote(true) } + it { is_expected.to contain_virtproxyd_config('ca_file').with_value('').with_quote(true) } + it { is_expected.to contain_virtproxyd_config('crl_file').with_value('').with_quote(true) } + it { is_expected.to contain_nova_config('libvirt/live_migration_uri').with_value('qemu+tls://%s/system')} + end + + context 'with auth set to sasl' do + let :params do + { + :auth => 'sasl', + :modular_libvirt => true, + } + end + it { is_expected.to contain_virtproxyd_config('auth_tls').with_value('').with_quote(true) } + it { is_expected.to contain_virtproxyd_config('auth_tcp').with_value('sasl').with_quote(true) } + it { is_expected.to contain_virtproxyd_config('ca_file').with_value('').with_quote(true) } + it { is_expected.to contain_virtproxyd_config('crl_file').with_value('').with_quote(true) } + end + + context 'with auth set to sasl and tls enabled' do + let :params do + { + :auth => 'sasl', + :transport => 'tls', + :modular_libvirt => true, + } + end + it { is_expected.to contain_virtproxyd_config('auth_tls').with_value('sasl').with_quote(true) } + it { is_expected.to contain_virtproxyd_config('auth_tcp').with_value('').with_quote(true) } + it { is_expected.to contain_virtproxyd_config('ca_file').with_value('').with_quote(true) } + it { is_expected.to contain_virtproxyd_config('crl_file').with_value('').with_quote(true) } + end + + context 'with certificates set and tls enabled' do + let :params do + { + :transport => 'tls', + :ca_file => '/ca', + :crl_file => '/crl', + :modular_libvirt => true, + } + end + it { is_expected.to contain_virtproxyd_config('auth_tls').with_value('none').with_quote(true) } + it { is_expected.to contain_virtproxyd_config('auth_tcp').with_value('').with_quote(true) } + it { is_expected.to contain_virtproxyd_config('ca_file').with_value('/ca').with_quote(true) } + it { is_expected.to contain_virtproxyd_config('crl_file').with_value('/crl').with_quote(true) } + end + + context 'with ssh transport' do + let :params do + { + :transport => 'ssh', + :modular_libvirt => true, + } + end + it { is_expected.to contain_nova_config('libvirt/live_migration_uri').with_value('qemu+ssh://%s/system')} + end + + context 'with ssh transport with user' do + let :params do + { + :transport => 'ssh', + :client_user => 'foobar', + :modular_libvirt => true, + } + end + it { is_expected.to contain_nova_config('libvirt/live_migration_uri').with_value('qemu+ssh://foobar@%s/system')} + end + + context 'with ssh transport with port' do + let :params do + { + :transport => 'ssh', + :client_port => 1234, + :modular_libvirt => true, + } + end + it { is_expected.to contain_nova_config('libvirt/live_migration_uri').with_value('qemu+ssh://%s:1234/system')} + end + + context 'with ssh transport with extraparams' do + let :params do + { + :transport => 'ssh', + :client_extraparams => {'foo' => '%', 'bar' => 'baz'}, + :modular_libvirt => true, + } + end + it { is_expected.to contain_nova_config('libvirt/live_migration_uri').with_value('qemu+ssh://%s/system?foo=%%25&bar=baz')} + end + + context 'with tls transport' do let :params do { :transport => 'tls', @@ -547,7 +493,7 @@ describe 'nova::migration::libvirt' do )} end - context 'with tcp transport and modular daemons' do + context 'with tcp transport' do let :params do { :transport => 'tcp', @@ -561,6 +507,16 @@ describe 'nova::migration::libvirt' do :enable => true, )} end + + context 'with listen_address set' do + let :params do + { + :listen_address => "127.0.0.1", + :modular_libvirt => true, + } + end + it { is_expected.to contain_virtproxyd_config('listen_addr').with_value('127.0.0.1').with_quote(true) } + end end on_supported_os({ @@ -572,11 +528,9 @@ describe 'nova::migration::libvirt' do end it_behaves_like 'nova migration with libvirt' - case facts[:osfamily] - when 'Debian' - it_behaves_like 'nova migration with libvirt in Debian' - when 'RedHat' - it_behaves_like 'nova migration with libvirt in RedHat' + it_behaves_like "nova migration with libvirt in #{facts[:os]['family']}" + if facts['osfamily'] == 'RedHat' + it_behaves_like 'nova migration with modular libvirt' end end end