Merge "Configure ovn sb connection for the ovn provider" into stable/wallaby
This commit is contained in:
commit
91d0339066
|
@ -42,7 +42,11 @@
|
||||||
#
|
#
|
||||||
# [*ovn_nb_port*]
|
# [*ovn_nb_port*]
|
||||||
# (Optional) Port number on which northbound database is listening
|
# (Optional) Port number on which northbound database is listening
|
||||||
# Defaults to hiera('ovn::northbound::port')
|
# Defaults to hiera('ovn::northbound::port', undef)
|
||||||
|
#
|
||||||
|
# [*ovn_sb_port*]
|
||||||
|
# (Optional) Port number on which southbound database is listening
|
||||||
|
# Defaults to hiera('ovn::southbound::port', undef)
|
||||||
#
|
#
|
||||||
# [*ovn_nb_private_key*]
|
# [*ovn_nb_private_key*]
|
||||||
# (optional) The PEM file with private key for SSL connection to OVN-NB-DB
|
# (optional) The PEM file with private key for SSL connection to OVN-NB-DB
|
||||||
|
@ -58,6 +62,20 @@
|
||||||
# verify certificates presented to it by SSL peers
|
# verify certificates presented to it by SSL peers
|
||||||
# Defaults to $::os_service_default
|
# Defaults to $::os_service_default
|
||||||
#
|
#
|
||||||
|
# [*ovn_sb_private_key*]
|
||||||
|
# (optional) The PEM file with private key for SSL connection to OVN-SB-DB
|
||||||
|
# Defaults to $::os_service_default
|
||||||
|
#
|
||||||
|
# [*ovn_sb_certificate*]
|
||||||
|
# (optional) The PEM file with certificate that certifies the
|
||||||
|
# private key specified in ovn_sb_private_key
|
||||||
|
# Defaults to $::os_service_default
|
||||||
|
#
|
||||||
|
# [*ovn_sb_ca_cert*]
|
||||||
|
# (optional) The PEM file with CA certificate that OVN should use to
|
||||||
|
# verify certificates presented to it by SSL peers
|
||||||
|
# Defaults to $::os_service_default
|
||||||
|
#
|
||||||
class tripleo::profile::base::octavia::provider::ovn (
|
class tripleo::profile::base::octavia::provider::ovn (
|
||||||
$step = Integer(hiera('step')),
|
$step = Integer(hiera('step')),
|
||||||
$protocol = hiera('ovn_nb_connection_protocol', 'tcp'),
|
$protocol = hiera('ovn_nb_connection_protocol', 'tcp'),
|
||||||
|
@ -65,9 +83,13 @@ class tripleo::profile::base::octavia::provider::ovn (
|
||||||
$ovn_db_node_ips = hiera('ovn_dbs_node_ips', undef),
|
$ovn_db_node_ips = hiera('ovn_dbs_node_ips', undef),
|
||||||
$ovn_db_clustered = hiera('ovn_db_clustered', false),
|
$ovn_db_clustered = hiera('ovn_db_clustered', false),
|
||||||
$ovn_nb_port = hiera('ovn::northbound::port', undef),
|
$ovn_nb_port = hiera('ovn::northbound::port', undef),
|
||||||
|
$ovn_sb_port = hiera('ovn::southbound::port', undef),
|
||||||
$ovn_nb_private_key = $::os_service_default,
|
$ovn_nb_private_key = $::os_service_default,
|
||||||
$ovn_nb_certificate = $::os_service_default,
|
$ovn_nb_certificate = $::os_service_default,
|
||||||
$ovn_nb_ca_cert = $::os_service_default
|
$ovn_nb_ca_cert = $::os_service_default,
|
||||||
|
$ovn_sb_private_key = $::os_service_default,
|
||||||
|
$ovn_sb_certificate = $::os_service_default,
|
||||||
|
$ovn_sb_ca_cert = $::os_service_default,
|
||||||
) {
|
) {
|
||||||
|
|
||||||
include tripleo::profile::base::octavia::api
|
include tripleo::profile::base::octavia::api
|
||||||
|
@ -78,23 +100,35 @@ class tripleo::profile::base::octavia::provider::ovn (
|
||||||
if $::tripleo::profile::base::octavia::api::ovn_db_host and !is_service_default(::tripleo::profile::base::octavia::api::ovn_db_host) {
|
if $::tripleo::profile::base::octavia::api::ovn_db_host and !is_service_default(::tripleo::profile::base::octavia::api::ovn_db_host) {
|
||||||
$ovn_db_hosts_real = any2array($::tripleo::profile::base::octavia::api::ovn_db_host)
|
$ovn_db_hosts_real = any2array($::tripleo::profile::base::octavia::api::ovn_db_host)
|
||||||
$ovn_nb_port_real = $::tripleo::profile::base::octavia::api::ovn_nb_port
|
$ovn_nb_port_real = $::tripleo::profile::base::octavia::api::ovn_nb_port
|
||||||
|
# NOTE(beagles): there is no backwards compatible case for the sb_port but I'm
|
||||||
|
# adding this line for consistency.
|
||||||
|
$ovn_sb_port_real = $ovn_sb_port
|
||||||
} elsif $ovn_db_clustered {
|
} elsif $ovn_db_clustered {
|
||||||
$ovn_db_hosts_real = any2array($ovn_db_node_ips)
|
$ovn_db_hosts_real = any2array($ovn_db_node_ips)
|
||||||
$ovn_nb_port_real = $ovn_nb_port
|
$ovn_nb_port_real = $ovn_nb_port
|
||||||
|
$ovn_sb_port_real = $ovn_sb_port
|
||||||
} else {
|
} else {
|
||||||
$ovn_db_hosts_real = any2array($ovn_db_host)
|
$ovn_db_hosts_real = any2array($ovn_db_host)
|
||||||
$ovn_nb_port_real = $ovn_nb_port
|
$ovn_nb_port_real = $ovn_nb_port
|
||||||
|
$ovn_sb_port_real = $ovn_sb_port
|
||||||
}
|
}
|
||||||
|
|
||||||
if ! empty($ovn_db_hosts_real) {
|
if ! empty($ovn_db_hosts_real) {
|
||||||
$nb_conn = $ovn_db_hosts_real.map |$h| {
|
$nb_conn = $ovn_db_hosts_real.map |$h| {
|
||||||
join([$protocol, normalize_ip_for_uri($h), "${ovn_nb_port_real}"].filter |$c| { !$c.empty() }, ':')
|
join([$protocol, normalize_ip_for_uri($h), "${ovn_nb_port_real}"].filter |$c| { !$c.empty() }, ':')
|
||||||
}
|
}
|
||||||
|
$sb_conn = $ovn_db_hosts_real.map |$h| {
|
||||||
|
join([$protocol, normalize_ip_for_uri($h), "${ovn_sb_port_real}"].filter |$c| { !$c.empty() }, ':')
|
||||||
|
}
|
||||||
class { 'octavia::provider::ovn':
|
class { 'octavia::provider::ovn':
|
||||||
ovn_nb_connection => join(any2array($nb_conn), ','),
|
ovn_nb_connection => join(any2array($nb_conn), ','),
|
||||||
|
ovn_sb_connection => join(any2array($sb_conn), ','),
|
||||||
ovn_nb_private_key => $ovn_nb_private_key,
|
ovn_nb_private_key => $ovn_nb_private_key,
|
||||||
ovn_nb_certificate => $ovn_nb_certificate,
|
ovn_nb_certificate => $ovn_nb_certificate,
|
||||||
ovn_nb_ca_cert => $ovn_nb_ca_cert,
|
ovn_nb_ca_cert => $ovn_nb_ca_cert,
|
||||||
|
ovn_sb_private_key => $ovn_sb_private_key,
|
||||||
|
ovn_sb_certificate => $ovn_sb_certificate,
|
||||||
|
ovn_sb_ca_cert => $ovn_sb_ca_cert,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -64,6 +64,7 @@ eos
|
||||||
:step => 4,
|
:step => 4,
|
||||||
:protocol => 'tcp',
|
:protocol => 'tcp',
|
||||||
:ovn_nb_port => '6641',
|
:ovn_nb_port => '6641',
|
||||||
|
:ovn_sb_port => '6642',
|
||||||
})
|
})
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -78,14 +79,19 @@ eos
|
||||||
:step => 4,
|
:step => 4,
|
||||||
:ovn_db_host => '127.0.0.1',
|
:ovn_db_host => '127.0.0.1',
|
||||||
:ovn_nb_port => '6641',
|
:ovn_nb_port => '6641',
|
||||||
|
:ovn_sb_port => '6642',
|
||||||
})
|
})
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'should set octavia provider ovn nb connection using tcp' do
|
it 'should set octavia provider ovn nb connection using tcp' do
|
||||||
is_expected.to contain_class('octavia::provider::ovn').with(:ovn_nb_connection => 'tcp:127.0.0.1:6641')
|
is_expected.to contain_class('octavia::provider::ovn').with(:ovn_nb_connection => 'tcp:127.0.0.1:6641')
|
||||||
|
is_expected.to contain_class('octavia::provider::ovn').with(:ovn_sb_connection => 'tcp:127.0.0.1:6642')
|
||||||
is_expected.to contain_class('octavia::provider::ovn').with(:ovn_nb_private_key => '<SERVICE DEFAULT>')
|
is_expected.to contain_class('octavia::provider::ovn').with(:ovn_nb_private_key => '<SERVICE DEFAULT>')
|
||||||
is_expected.to contain_class('octavia::provider::ovn').with(:ovn_nb_certificate => '<SERVICE DEFAULT>')
|
is_expected.to contain_class('octavia::provider::ovn').with(:ovn_nb_certificate => '<SERVICE DEFAULT>')
|
||||||
is_expected.to contain_class('octavia::provider::ovn').with(:ovn_nb_ca_cert => '<SERVICE DEFAULT>')
|
is_expected.to contain_class('octavia::provider::ovn').with(:ovn_nb_ca_cert => '<SERVICE DEFAULT>')
|
||||||
|
is_expected.to contain_class('octavia::provider::ovn').with(:ovn_sb_private_key => '<SERVICE DEFAULT>')
|
||||||
|
is_expected.to contain_class('octavia::provider::ovn').with(:ovn_sb_certificate => '<SERVICE DEFAULT>')
|
||||||
|
is_expected.to contain_class('octavia::provider::ovn').with(:ovn_sb_ca_cert => '<SERVICE DEFAULT>')
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -96,17 +102,25 @@ eos
|
||||||
:protocol => 'ssl',
|
:protocol => 'ssl',
|
||||||
:ovn_db_host => '192.168.123.111',
|
:ovn_db_host => '192.168.123.111',
|
||||||
:ovn_nb_port => '6641',
|
:ovn_nb_port => '6641',
|
||||||
|
:ovn_sb_port => '6642',
|
||||||
:ovn_nb_private_key => '/foo.key',
|
:ovn_nb_private_key => '/foo.key',
|
||||||
:ovn_nb_certificate => '/foo.pem',
|
:ovn_nb_certificate => '/foo.pem',
|
||||||
:ovn_nb_ca_cert => '/ca_foo.pem',
|
:ovn_nb_ca_cert => '/ca_foo.pem',
|
||||||
|
:ovn_sb_private_key => '/bar.key',
|
||||||
|
:ovn_sb_certificate => '/bar.pem',
|
||||||
|
:ovn_sb_ca_cert => '/ca_bar.pem',
|
||||||
})
|
})
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'should set octavia provider ovn nb connection using ssl' do
|
it 'should set octavia provider ovn nb connection using ssl' do
|
||||||
is_expected.to contain_class('octavia::provider::ovn').with(:ovn_nb_connection => 'ssl:192.168.123.111:6641')
|
is_expected.to contain_class('octavia::provider::ovn').with(:ovn_nb_connection => 'ssl:192.168.123.111:6641')
|
||||||
|
is_expected.to contain_class('octavia::provider::ovn').with(:ovn_sb_connection => 'ssl:192.168.123.111:6642')
|
||||||
is_expected.to contain_class('octavia::provider::ovn').with(:ovn_nb_private_key => '/foo.key')
|
is_expected.to contain_class('octavia::provider::ovn').with(:ovn_nb_private_key => '/foo.key')
|
||||||
is_expected.to contain_class('octavia::provider::ovn').with(:ovn_nb_certificate => '/foo.pem')
|
is_expected.to contain_class('octavia::provider::ovn').with(:ovn_nb_certificate => '/foo.pem')
|
||||||
is_expected.to contain_class('octavia::provider::ovn').with(:ovn_nb_ca_cert => '/ca_foo.pem')
|
is_expected.to contain_class('octavia::provider::ovn').with(:ovn_nb_ca_cert => '/ca_foo.pem')
|
||||||
|
is_expected.to contain_class('octavia::provider::ovn').with(:ovn_sb_private_key => '/bar.key')
|
||||||
|
is_expected.to contain_class('octavia::provider::ovn').with(:ovn_sb_certificate => '/bar.pem')
|
||||||
|
is_expected.to contain_class('octavia::provider::ovn').with(:ovn_sb_ca_cert => '/ca_bar.pem')
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue