diff --git a/manifests/profile/base/iscsid.pp b/manifests/profile/base/iscsid.pp index 363709714..755152d36 100644 --- a/manifests/profile/base/iscsid.pp +++ b/manifests/profile/base/iscsid.pp @@ -14,23 +14,40 @@ # # == Class: tripleo::profile::base::iscsid # -# Nova Compute profile for tripleo +# Iscsid profile for tripleo # # === Parameters # +# [*chap_algs*] +# (Optional) Comma separated list of algorithms to use in CHAP protocol +# Defaults to 'SHA3-256,SHA256,SHA1,MD5' +# # [*step*] # (Optional) The current step in deployment. See tripleo-heat-templates # for more details. # Defaults to hiera('step') # class tripleo::profile::base::iscsid ( - $step = Integer(hiera('step')), + $chap_algs = 'SHA3-256,SHA256,SHA1,MD5', + $step = Integer(hiera('step')), ) { if $step >= 2 { # When utilising images for deployment, we need to reset the iSCSI initiator name to make it unique # https://bugzilla.redhat.com/show_bug.cgi?id=1244328 ensure_resource('package', 'iscsi-initiator-utils', { ensure => 'present' }) + + # THT supplies a volume mount to the host's /etc/iscsi directory (at + # /tmp/iscsi.host). If the sentinel file (.initiator_reset) exists on the + # host, then copy the IQN from the host. This ensures the IQN is reset + # once, and only once. + exec { 'sync-iqn-from-host': + command => '/bin/cp /tmp/iscsi.host/.initiator_reset /tmp/iscsi.host/initiatorname.iscsi /etc/iscsi/', + onlyif => '/usr/bin/test -f /tmp/iscsi.host/.initiator_reset', + before => Exec['reset-iscsi-initiator-name'], + tag => 'iscsid_config' + } + exec { 'reset-iscsi-initiator-name': command => '/bin/echo InitiatorName=$(/usr/sbin/iscsi-iname) > /etc/iscsi/initiatorname.iscsi', onlyif => '/usr/bin/test ! -f /etc/iscsi/.initiator_reset', @@ -38,8 +55,25 @@ class tripleo::profile::base::iscsid ( require => Package['iscsi-initiator-utils'], tag => 'iscsid_config' } + file { '/etc/iscsi/.initiator_reset': ensure => present, + before => Exec['sync-iqn-to-host'], + } + + exec { 'sync-iqn-to-host': + command => '/bin/cp /etc/iscsi/initiatorname.iscsi /etc/iscsi/.initiator_reset /tmp/iscsi.host/', + onlyif => [ + '/usr/bin/test -d /tmp/iscsi.host', + '/usr/bin/test ! -f /tmp/iscsi.host/iscsi/.initiator_reset', + ], + tag => 'iscsid_config', + } + + $chap_algs_real = join(any2array($chap_algs), ',') + augeas {'chap_algs in /etc/iscsi/iscsid.conf': + context => '/files/etc/iscsi/iscsid.conf', + changes => ["set node.session.auth.chap_algs ${chap_algs_real}"], } } } diff --git a/spec/classes/tripleo_profile_base_iscsid_spec.rb b/spec/classes/tripleo_profile_base_iscsid_spec.rb index 04f3c2c4e..f795a7922 100644 --- a/spec/classes/tripleo_profile_base_iscsid_spec.rb +++ b/spec/classes/tripleo_profile_base_iscsid_spec.rb @@ -18,18 +18,38 @@ require 'spec_helper' describe 'tripleo::profile::base::iscsid' do shared_examples_for 'tripleo::profile::base::iscsid' do - context 'default params' do - let(:params) { { :step => 2, } } + context 'with step less than 2' do + let(:params) { { :step => 1 } } - it { + it 'should do nothing' do + is_expected.to_not contain_package('iscsi-initiator-utils') + is_expected.to_not contain_exec('sync-iqn-from-host') + is_expected.to_not contain_exec('reset-iscsi-initiator-name') + is_expected.to_not contain_file('/etc/iscsi/.initiator_reset') + is_expected.to_not contain_exec('sync-iqn-to-host') + is_expected.to_not contain_augeas('chap_algs in /etc/iscsi/iscsid.conf') + end + end + + context 'with step 2' do + let(:params) { { + :step => 2, + :chap_algs => "SHA3-256,SHA256,SHA1", + } } + + it 'should trigger complete configuration' do is_expected.to contain_package('iscsi-initiator-utils') + is_expected.to contain_exec('sync-iqn-from-host') is_expected.to contain_exec('reset-iscsi-initiator-name') is_expected.to contain_file('/etc/iscsi/.initiator_reset') - } + is_expected.to contain_exec('sync-iqn-to-host') + is_expected.to contain_augeas('chap_algs in /etc/iscsi/iscsid.conf') + .with_changes( + ["set node.session.auth.chap_algs #{params[:chap_algs]}"]) + end end end - on_supported_os.each do |os, facts| context "on #{os}" do let(:facts) do