Merge "Configure ovn sb connection for the ovn provider" into stable/wallaby

2022-07-26 23:26:02 +00:00 · 2022-07-26 23:26:02 +00:00 · 91d0339066
commit 91d0339066
parent 688354081b 7c1c783b93
2 changed files with 50 additions and 2 deletions
--- a/manifests/profile/base/octavia/provider/ovn.pp
+++ b/manifests/profile/base/octavia/provider/ovn.pp
@ -42,7 +42,11 @@
 #
 # [*ovn_nb_port*]
 #   (Optional) Port number on which northbound database is listening
-#   Defaults to hiera('ovn::northbound::port')
+#   Defaults to hiera('ovn::northbound::port', undef)
+#
+# [*ovn_sb_port*]
+#   (Optional) Port number on which southbound database is listening
+#   Defaults to hiera('ovn::southbound::port', undef)
 #
 # [*ovn_nb_private_key*]
 #   (optional) The PEM file with private key for SSL connection to OVN-NB-DB
@ -58,6 +62,20 @@
 #   verify certificates presented to it by SSL peers
 #   Defaults to $::os_service_default
 #
+# [*ovn_sb_private_key*]
+#   (optional) The PEM file with private key for SSL connection to OVN-SB-DB
+#   Defaults to $::os_service_default
+#
+# [*ovn_sb_certificate*]
+#   (optional) The PEM file with certificate that certifies the
+#   private key specified in ovn_sb_private_key
+#   Defaults to $::os_service_default
+#
+# [*ovn_sb_ca_cert*]
+#   (optional) The PEM file with CA certificate that OVN should use to
+#   verify certificates presented to it by SSL peers
+#   Defaults to $::os_service_default
+#
 class tripleo::profile::base::octavia::provider::ovn (
  $step               = Integer(hiera('step')),
  $protocol           = hiera('ovn_nb_connection_protocol', 'tcp'),
@ -65,9 +83,13 @@ class tripleo::profile::base::octavia::provider::ovn (
  $ovn_db_node_ips    = hiera('ovn_dbs_node_ips', undef),
  $ovn_db_clustered   = hiera('ovn_db_clustered', false),
  $ovn_nb_port        = hiera('ovn::northbound::port', undef),
+  $ovn_sb_port        = hiera('ovn::southbound::port', undef),
  $ovn_nb_private_key = $::os_service_default,
  $ovn_nb_certificate = $::os_service_default,
-  $ovn_nb_ca_cert     = $::os_service_default
+  $ovn_nb_ca_cert     = $::os_service_default,
+  $ovn_sb_private_key = $::os_service_default,
+  $ovn_sb_certificate = $::os_service_default,
+  $ovn_sb_ca_cert     = $::os_service_default,
 ) {

  include tripleo::profile::base::octavia::api
@ -78,23 +100,35 @@ class tripleo::profile::base::octavia::provider::ovn (
    if $::tripleo::profile::base::octavia::api::ovn_db_host and !is_service_default(::tripleo::profile::base::octavia::api::ovn_db_host) {
      $ovn_db_hosts_real = any2array($::tripleo::profile::base::octavia::api::ovn_db_host)
      $ovn_nb_port_real  = $::tripleo::profile::base::octavia::api::ovn_nb_port
+      # NOTE(beagles): there is no backwards compatible case for the sb_port but I'm
+      # adding this line for consistency.
+      $ovn_sb_port_real  = $ovn_sb_port
    } elsif $ovn_db_clustered {
      $ovn_db_hosts_real = any2array($ovn_db_node_ips)
      $ovn_nb_port_real  = $ovn_nb_port
+      $ovn_sb_port_real  = $ovn_sb_port
    } else {
      $ovn_db_hosts_real = any2array($ovn_db_host)
      $ovn_nb_port_real  = $ovn_nb_port
+      $ovn_sb_port_real  = $ovn_sb_port
    }

    if ! empty($ovn_db_hosts_real) {
      $nb_conn = $ovn_db_hosts_real.map |$h| {
        join([$protocol, normalize_ip_for_uri($h), "${ovn_nb_port_real}"].filter |$c| { !$c.empty() }, ':')
      }
+      $sb_conn = $ovn_db_hosts_real.map |$h| {
+        join([$protocol, normalize_ip_for_uri($h), "${ovn_sb_port_real}"].filter |$c| { !$c.empty() }, ':')
+      }
      class { 'octavia::provider::ovn':
        ovn_nb_connection  => join(any2array($nb_conn), ','),
+        ovn_sb_connection  => join(any2array($sb_conn), ','),
        ovn_nb_private_key => $ovn_nb_private_key,
        ovn_nb_certificate => $ovn_nb_certificate,
        ovn_nb_ca_cert     => $ovn_nb_ca_cert,
+        ovn_sb_private_key => $ovn_sb_private_key,
+        ovn_sb_certificate => $ovn_sb_certificate,
+        ovn_sb_ca_cert     => $ovn_sb_ca_cert,
      }
    }
  }
--- a/spec/classes/tripleo_profile_base_octavia_provider_ovn_spec.rb
+++ b/spec/classes/tripleo_profile_base_octavia_provider_ovn_spec.rb
@ -64,6 +64,7 @@ eos
          :step        => 4,
          :protocol    => 'tcp',
          :ovn_nb_port => '6641',
+          :ovn_sb_port => '6642',
        })
      end

@ -78,14 +79,19 @@ eos
          :step        => 4,
          :ovn_db_host => '127.0.0.1',
          :ovn_nb_port => '6641',
+          :ovn_sb_port => '6642',
        })
      end

      it 'should set octavia provider ovn nb connection using tcp' do
        is_expected.to contain_class('octavia::provider::ovn').with(:ovn_nb_connection  => 'tcp:127.0.0.1:6641')
+        is_expected.to contain_class('octavia::provider::ovn').with(:ovn_sb_connection  => 'tcp:127.0.0.1:6642')
        is_expected.to contain_class('octavia::provider::ovn').with(:ovn_nb_private_key => '<SERVICE DEFAULT>')
        is_expected.to contain_class('octavia::provider::ovn').with(:ovn_nb_certificate => '<SERVICE DEFAULT>')
        is_expected.to contain_class('octavia::provider::ovn').with(:ovn_nb_ca_cert     => '<SERVICE DEFAULT>')
+        is_expected.to contain_class('octavia::provider::ovn').with(:ovn_sb_private_key => '<SERVICE DEFAULT>')
+        is_expected.to contain_class('octavia::provider::ovn').with(:ovn_sb_certificate => '<SERVICE DEFAULT>')
+        is_expected.to contain_class('octavia::provider::ovn').with(:ovn_sb_ca_cert     => '<SERVICE DEFAULT>')
      end
    end

@ -96,17 +102,25 @@ eos
          :protocol           => 'ssl',
          :ovn_db_host        => '192.168.123.111',
          :ovn_nb_port        => '6641',
+          :ovn_sb_port        => '6642',
          :ovn_nb_private_key => '/foo.key',
          :ovn_nb_certificate => '/foo.pem',
          :ovn_nb_ca_cert     => '/ca_foo.pem',
+          :ovn_sb_private_key => '/bar.key',
+          :ovn_sb_certificate => '/bar.pem',
+          :ovn_sb_ca_cert     => '/ca_bar.pem',
        })
      end

      it 'should set octavia provider ovn nb connection using ssl' do
        is_expected.to contain_class('octavia::provider::ovn').with(:ovn_nb_connection  => 'ssl:192.168.123.111:6641')
+        is_expected.to contain_class('octavia::provider::ovn').with(:ovn_sb_connection  => 'ssl:192.168.123.111:6642')
        is_expected.to contain_class('octavia::provider::ovn').with(:ovn_nb_private_key => '/foo.key')
        is_expected.to contain_class('octavia::provider::ovn').with(:ovn_nb_certificate => '/foo.pem')
        is_expected.to contain_class('octavia::provider::ovn').with(:ovn_nb_ca_cert     => '/ca_foo.pem')
+        is_expected.to contain_class('octavia::provider::ovn').with(:ovn_sb_private_key => '/bar.key')
+        is_expected.to contain_class('octavia::provider::ovn').with(:ovn_sb_certificate => '/bar.pem')
+        is_expected.to contain_class('octavia::provider::ovn').with(:ovn_sb_ca_cert     => '/ca_bar.pem')
      end
    end