openstack
/
puppet-tripleo
Code Issues Proposed changes

Merge "Configure ovn sb connection for the ovn provider" into stable/wallaby

This commit is contained in:
Zuul 2022-07-26 23:26:02 +00:00 committed by Gerrit Code Review
parent 688354081b 7c1c783b93
commit 91d0339066
2 changed files with 50 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
manifests/profile/base/octavia/provider/ovn.pp
View File

@ -42,7 +42,11 @@
# #
# [*ovn_nb_port*] # [*ovn_nb_port*]
# (Optional) Port number on which northbound database is listening # (Optional) Port number on which northbound database is listening
# Defaults to hiera('ovn::northbound::port') # Defaults to hiera('ovn::northbound::port', undef)
#
# [*ovn_sb_port*]
# (Optional) Port number on which southbound database is listening
# Defaults to hiera('ovn::southbound::port', undef)
# #
# [*ovn_nb_private_key*] # [*ovn_nb_private_key*]
# (optional) The PEM file with private key for SSL connection to OVN-NB-DB # (optional) The PEM file with private key for SSL connection to OVN-NB-DB
@ -58,6 +62,20 @@
# verify certificates presented to it by SSL peers # verify certificates presented to it by SSL peers
# Defaults to $::os_service_default # Defaults to $::os_service_default
# #
# [*ovn_sb_private_key*]
# (optional) The PEM file with private key for SSL connection to OVN-SB-DB
# Defaults to $::os_service_default
#
# [*ovn_sb_certificate*]
# (optional) The PEM file with certificate that certifies the
# private key specified in ovn_sb_private_key
# Defaults to $::os_service_default
#
# [*ovn_sb_ca_cert*]
# (optional) The PEM file with CA certificate that OVN should use to
# verify certificates presented to it by SSL peers
# Defaults to $::os_service_default
#
class tripleo::profile::base::octavia::provider::ovn ( class tripleo::profile::base::octavia::provider::ovn (
$step = Integer(hiera('step')), $step = Integer(hiera('step')),
$protocol = hiera('ovn_nb_connection_protocol', 'tcp'), $protocol = hiera('ovn_nb_connection_protocol', 'tcp'),
@ -65,9 +83,13 @@ class tripleo::profile::base::octavia::provider::ovn (
$ovn_db_node_ips = hiera('ovn_dbs_node_ips', undef), $ovn_db_node_ips = hiera('ovn_dbs_node_ips', undef),
$ovn_db_clustered = hiera('ovn_db_clustered', false), $ovn_db_clustered = hiera('ovn_db_clustered', false),
$ovn_nb_port = hiera('ovn::northbound::port', undef), $ovn_nb_port = hiera('ovn::northbound::port', undef),
$ovn_sb_port = hiera('ovn::southbound::port', undef),
$ovn_nb_private_key = $::os_service_default, $ovn_nb_private_key = $::os_service_default,
$ovn_nb_certificate = $::os_service_default, $ovn_nb_certificate = $::os_service_default,
$ovn_nb_ca_cert = $::os_service_default $ovn_nb_ca_cert = $::os_service_default,
$ovn_sb_private_key = $::os_service_default,
$ovn_sb_certificate = $::os_service_default,
$ovn_sb_ca_cert = $::os_service_default,
) { ) {
include tripleo::profile::base::octavia::api include tripleo::profile::base::octavia::api
@ -78,23 +100,35 @@ class tripleo::profile::base::octavia::provider::ovn (
if $::tripleo::profile::base::octavia::api::ovn_db_host and !is_service_default(::tripleo::profile::base::octavia::api::ovn_db_host) { if $::tripleo::profile::base::octavia::api::ovn_db_host and !is_service_default(::tripleo::profile::base::octavia::api::ovn_db_host) {
$ovn_db_hosts_real = any2array($::tripleo::profile::base::octavia::api::ovn_db_host) $ovn_db_hosts_real = any2array($::tripleo::profile::base::octavia::api::ovn_db_host)
$ovn_nb_port_real = $::tripleo::profile::base::octavia::api::ovn_nb_port $ovn_nb_port_real = $::tripleo::profile::base::octavia::api::ovn_nb_port
# NOTE(beagles): there is no backwards compatible case for the sb_port but I'm
# adding this line for consistency.
$ovn_sb_port_real = $ovn_sb_port
} elsif $ovn_db_clustered { } elsif $ovn_db_clustered {
$ovn_db_hosts_real = any2array($ovn_db_node_ips) $ovn_db_hosts_real = any2array($ovn_db_node_ips)
$ovn_nb_port_real = $ovn_nb_port $ovn_nb_port_real = $ovn_nb_port
$ovn_sb_port_real = $ovn_sb_port
} else { } else {
$ovn_db_hosts_real = any2array($ovn_db_host) $ovn_db_hosts_real = any2array($ovn_db_host)
$ovn_nb_port_real = $ovn_nb_port $ovn_nb_port_real = $ovn_nb_port
$ovn_sb_port_real = $ovn_sb_port
} }
if ! empty($ovn_db_hosts_real) { if ! empty($ovn_db_hosts_real) {
$nb_conn = $ovn_db_hosts_real.map |$h| { $nb_conn = $ovn_db_hosts_real.map |$h| {
join([$protocol, normalize_ip_for_uri($h), "${ovn_nb_port_real}"].filter |$c| { !$c.empty() }, ':') join([$protocol, normalize_ip_for_uri($h), "${ovn_nb_port_real}"].filter |$c| { !$c.empty() }, ':')
} }
$sb_conn = $ovn_db_hosts_real.map |$h| {
join([$protocol, normalize_ip_for_uri($h), "${ovn_sb_port_real}"].filter |$c| { !$c.empty() }, ':')
}
class { 'octavia::provider::ovn': class { 'octavia::provider::ovn':
ovn_nb_connection => join(any2array($nb_conn), ','), ovn_nb_connection => join(any2array($nb_conn), ','),
ovn_sb_connection => join(any2array($sb_conn), ','),
ovn_nb_private_key => $ovn_nb_private_key, ovn_nb_private_key => $ovn_nb_private_key,
ovn_nb_certificate => $ovn_nb_certificate, ovn_nb_certificate => $ovn_nb_certificate,
ovn_nb_ca_cert => $ovn_nb_ca_cert, ovn_nb_ca_cert => $ovn_nb_ca_cert,
ovn_sb_private_key => $ovn_sb_private_key,
ovn_sb_certificate => $ovn_sb_certificate,
ovn_sb_ca_cert => $ovn_sb_ca_cert,
} }
} }
} }

14
spec/classes/tripleo_profile_base_octavia_provider_ovn_spec.rb
View File

@ -64,6 +64,7 @@ eos
:step => 4, :step => 4,
:protocol => 'tcp', :protocol => 'tcp',
:ovn_nb_port => '6641', :ovn_nb_port => '6641',
:ovn_sb_port => '6642',
}) })
end end
@ -78,14 +79,19 @@ eos
:step => 4, :step => 4,
:ovn_db_host => '127.0.0.1', :ovn_db_host => '127.0.0.1',
:ovn_nb_port => '6641', :ovn_nb_port => '6641',
:ovn_sb_port => '6642',
}) })
end end
it 'should set octavia provider ovn nb connection using tcp' do it 'should set octavia provider ovn nb connection using tcp' do
is_expected.to contain_class('octavia::provider::ovn').with(:ovn_nb_connection => 'tcp:127.0.0.1:6641') is_expected.to contain_class('octavia::provider::ovn').with(:ovn_nb_connection => 'tcp:127.0.0.1:6641')
is_expected.to contain_class('octavia::provider::ovn').with(:ovn_sb_connection => 'tcp:127.0.0.1:6642')
is_expected.to contain_class('octavia::provider::ovn').with(:ovn_nb_private_key => '<SERVICE DEFAULT>') is_expected.to contain_class('octavia::provider::ovn').with(:ovn_nb_private_key => '<SERVICE DEFAULT>')
is_expected.to contain_class('octavia::provider::ovn').with(:ovn_nb_certificate => '<SERVICE DEFAULT>') is_expected.to contain_class('octavia::provider::ovn').with(:ovn_nb_certificate => '<SERVICE DEFAULT>')
is_expected.to contain_class('octavia::provider::ovn').with(:ovn_nb_ca_cert => '<SERVICE DEFAULT>') is_expected.to contain_class('octavia::provider::ovn').with(:ovn_nb_ca_cert => '<SERVICE DEFAULT>')
is_expected.to contain_class('octavia::provider::ovn').with(:ovn_sb_private_key => '<SERVICE DEFAULT>')
is_expected.to contain_class('octavia::provider::ovn').with(:ovn_sb_certificate => '<SERVICE DEFAULT>')
is_expected.to contain_class('octavia::provider::ovn').with(:ovn_sb_ca_cert => '<SERVICE DEFAULT>')
end end
end end
@ -96,17 +102,25 @@ eos
:protocol => 'ssl', :protocol => 'ssl',
:ovn_db_host => '192.168.123.111', :ovn_db_host => '192.168.123.111',
:ovn_nb_port => '6641', :ovn_nb_port => '6641',
:ovn_sb_port => '6642',
:ovn_nb_private_key => '/foo.key', :ovn_nb_private_key => '/foo.key',
:ovn_nb_certificate => '/foo.pem', :ovn_nb_certificate => '/foo.pem',
:ovn_nb_ca_cert => '/ca_foo.pem', :ovn_nb_ca_cert => '/ca_foo.pem',
:ovn_sb_private_key => '/bar.key',
:ovn_sb_certificate => '/bar.pem',
:ovn_sb_ca_cert => '/ca_bar.pem',
}) })
end end
it 'should set octavia provider ovn nb connection using ssl' do it 'should set octavia provider ovn nb connection using ssl' do
is_expected.to contain_class('octavia::provider::ovn').with(:ovn_nb_connection => 'ssl:192.168.123.111:6641') is_expected.to contain_class('octavia::provider::ovn').with(:ovn_nb_connection => 'ssl:192.168.123.111:6641')
is_expected.to contain_class('octavia::provider::ovn').with(:ovn_sb_connection => 'ssl:192.168.123.111:6642')
is_expected.to contain_class('octavia::provider::ovn').with(:ovn_nb_private_key => '/foo.key') is_expected.to contain_class('octavia::provider::ovn').with(:ovn_nb_private_key => '/foo.key')
is_expected.to contain_class('octavia::provider::ovn').with(:ovn_nb_certificate => '/foo.pem') is_expected.to contain_class('octavia::provider::ovn').with(:ovn_nb_certificate => '/foo.pem')
is_expected.to contain_class('octavia::provider::ovn').with(:ovn_nb_ca_cert => '/ca_foo.pem') is_expected.to contain_class('octavia::provider::ovn').with(:ovn_nb_ca_cert => '/ca_foo.pem')
is_expected.to contain_class('octavia::provider::ovn').with(:ovn_sb_private_key => '/bar.key')
is_expected.to contain_class('octavia::provider::ovn').with(:ovn_sb_certificate => '/bar.pem')
is_expected.to contain_class('octavia::provider::ovn').with(:ovn_sb_ca_cert => '/ca_bar.pem')
end end
end end