openstack
/
puppet-tripleo
Code Issues Proposed changes

Designate: configure unbound resolvers as dns servers 

Configure dns related config in neutron with the IPs for the unbound
resolvers if they are available.

Change-Id: I2f161e7247c696a75fc53af5043d94bc85d4ec0f
This commit is contained in:
Brent Eagles 2022-03-28 19:07:17 +00:00 committed by Takashi Kajinami
parent ec26d49c25
commit f736d081bf
4 changed files with 332 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
manifests/profile/base/neutron/dhcp.pp
View File

@ -23,12 +23,29 @@
# for more details.
# Defaults to hiera('step')
#
# [*neutron_dns_integration*]
# (Optional) Configure neutron to use the supplied unbound resolver nodes.
# Defaults to false
#
# [*unbound_resolvers*]
# (Optional) Unbound resolvers if configured.
# Defaults to hiera('unbound_node_ips', undef)
#
class tripleo::profile::base::neutron::dhcp (
$step = Integer(hiera('step')),
$step = Integer(hiera('step')),
$neutron_dns_integration = false,
$unbound_resolvers = hiera('unbound_node_ips', undef),
) {
if $step >= 4 {
include tripleo::profile::base::neutron
include neutron::agents::dhcp
if $neutron_dns_integration and $unbound_resolvers {
class{ 'neutron::agents::dhcp':
dnsmasq_dns_servers => $unbound_resolvers
}
} else {
include neutron::agents::dhcp
}
Service<| title == 'neutron-server' |> -> Service <| title == 'neutron-dhcp' |>
}

24
manifests/profile/base/neutron/plugins/ml2/ovn.pp
View File

@ -74,6 +74,18 @@
# for more details.
# Defaults to hiera('step')
#
# [*neutron_dns_integration*]
# (Optional) Configure neutron to use the supplied unbound resolver nodes.
# Defaults to false
#
# [*unbound_resolvers*]
# (Optional) Unbound resolvers if configured.
# Defaults to hiera('unbound_node_ips', undef)
#
# [*dns_servers*]
# (Optional) Heat template defined dns servers if provided.
# Defaults to hiera('neutron::plugins::ml2::ovn', $::os_service_default)
#
class tripleo::profile::base::neutron::plugins::ml2::ovn (
$ovn_db_host = hiera('ovn_dbs_vip', undef),
$ovn_db_node_ips = hiera('ovn_dbs_node_ips', undef),
@ -87,7 +99,10 @@ class tripleo::profile::base::neutron::plugins::ml2::ovn (
$ovn_sb_certificate = $::os_service_default,
$ovn_sb_ca_cert = $::os_service_default,
$protocol = 'tcp',
$step = Integer(hiera('step'))
$step = Integer(hiera('step')),
$neutron_dns_integration = false,
$unbound_resolvers = hiera('unbound_node_ips', undef),
$dns_servers = hiera('neutron::plugins::ml2::ovn::dns_servers', $::os_service_default),
) {
if $step >= 4 {
@ -99,6 +114,12 @@ class tripleo::profile::base::neutron::plugins::ml2::ovn (
$sb_conn = $db_hosts.map |$h| { join([$protocol, normalize_ip_for_uri($h), "${ovn_sb_port}"], ':') }
$nb_conn = $db_hosts.map |$h| { join([$protocol, normalize_ip_for_uri($h), "${ovn_nb_port}"], ':') }
if $neutron_dns_integration and $unbound_resolvers {
$unbound_resolvers_real = $unbound_resolvers
} else {
$unbound_resolvers_real = $dns_servers
}
class { 'neutron::plugins::ml2::ovn':
ovn_nb_connection => join(any2array($nb_conn), ','),
ovn_sb_connection => join(any2array($sb_conn), ','),
@ -108,6 +129,7 @@ class tripleo::profile::base::neutron::plugins::ml2::ovn (
ovn_sb_private_key => $ovn_sb_private_key,
ovn_sb_certificate => $ovn_sb_certificate,
ovn_sb_ca_cert => $ovn_sb_ca_cert,
dns_servers => $unbound_resolvers_real
}
}
}

34
spec/classes/tripleo_profile_base_neutron_dhcp_spec.rb
View File

@ -38,7 +38,38 @@ describe 'tripleo::profile::base::neutron::dhcp' do
it 'should trigger complete configuration' do
is_expected.to contain_class('tripleo::profile::base::neutron::dhcp')
is_expected.to contain_class('tripleo::profile::base::neutron')
is_expected.to contain_class('neutron::agents::dhcp')
is_expected.to contain_class('neutron::agents::dhcp').with({
:dnsmasq_dns_servers => '<SERVICE DEFAULT>'
})
end
end
context 'with step 4, dns integration enabled and resolvers' do
let(:params) { {
:step => 4,
:neutron_dns_integration => true,
:unbound_resolvers => ['192.168.111.111']
} }
it 'should trigger configuration with dns integration' do
is_expected.to contain_class('tripleo::profile::base::neutron::dhcp')
is_expected.to contain_class('tripleo::profile::base::neutron')
is_expected.to contain_class('neutron::agents::dhcp').with({
:dnsmasq_dns_servers => ['192.168.111.111']
})
end
end
context 'with step 4, dns integration enabled but no resolvers' do
let(:params) { {
:step => 4,
:neutron_dns_integration => true,
} }
it 'should trigger configuration without dns integration' do
is_expected.to contain_class('tripleo::profile::base::neutron::dhcp')
is_expected.to contain_class('tripleo::profile::base::neutron')
is_expected.to contain_class('neutron::agents::dhcp').with({
:dnsmasq_dns_servers => '<SERVICE DEFAULT>'
})
end
end
end
@ -48,7 +79,6 @@ describe 'tripleo::profile::base::neutron::dhcp' do
let(:facts) do
facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' }))
end
it_behaves_like 'tripleo::profile::base::neutron::dhcp'
end
end

258
spec/classes/tripleo_profile_base_neutron_plugins_ml2_ovn_spec.rb Normal file
View File

@ -0,0 +1,258 @@
#
# Copyright (C) 2022 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
require 'spec_helper'
describe 'tripleo::profile::base::neutron::plugins::ml2::ovn' do
shared_examples_for 'tripleo::profile::base::neutron::plugins::ml2::ovn' do
before :each do
facts.merge!({ :step => params[:step] })
end
context 'with step less than 4' do
let(:params) { {
:step => 3,
:ovn_db_node_ips => ['192.168.111.10', '192.168.111.11'],
:ovn_db_clustered => true,
:ovn_sb_port => 999,
:ovn_nb_port => 998,
} }
it 'should do nothing' do
is_expected.to contain_class('tripleo::profile::base::neutron::plugins::ml2::ovn')
is_expected.to_not contain_class('neutron::plugins::ml2::ovn')
end
end
context 'with step 4 and later and clustered ovn dbs' do
let(:params) { {
:step => 4,
:ovn_db_node_ips => ['192.168.111.10', '192.168.111.11'],
:ovn_db_clustered => true,
:ovn_sb_port => 999,
:ovn_nb_port => 998,
} }
it 'should configure ovn ML2 plugin with clustered node ips' do
is_expected.to contain_class('neutron::plugins::ml2::ovn').with({
:ovn_nb_connection => ['tcp:192.168.111.10:998,tcp:192.168.111.11:998'],
:ovn_sb_connection => ['tcp:192.168.111.10:999,tcp:192.168.111.11:999'],
:ovn_nb_private_key => '<SERVICE DEFAULT>',
:ovn_nb_certificate => '<SERVICE DEFAULT>',
:ovn_nb_ca_cert => '<SERVICE DEFAULT>',
:ovn_sb_private_key => '<SERVICE DEFAULT>',
:ovn_sb_certificate => '<SERVICE DEFAULT>',
:ovn_sb_ca_cert => '<SERVICE DEFAULT>',
:dns_servers => '<SERVICE DEFAULT>'
})
end
end
context 'with step 4 and later and clustered ovn dbs, ssl connections' do
let(:params) { {
:step => 4,
:ovn_db_node_ips => ['192.168.111.10', '192.168.111.11'],
:ovn_db_clustered => true,
:ovn_sb_port => 999,
:ovn_nb_port => 998,
:protocol => 'ssl',
:ovn_nb_private_key => 'nb private key',
:ovn_nb_certificate => 'nb certificate',
:ovn_sb_private_key => 'sb private key',
:ovn_sb_certificate => 'sb certificate',
:ovn_sb_ca_cert => 'sb ca cert',
:ovn_nb_ca_cert => 'nb ca cert',
} }
it 'should configure ovn ML2 plugin with clustered node ips and ssl connections' do
is_expected.to contain_class('neutron::plugins::ml2::ovn').with({
:ovn_nb_connection => ['ssl:192.168.111.10:998,ssl:192.168.111.11:998'],
:ovn_sb_connection => ['ssl:192.168.111.10:999,ssl:192.168.111.11:999'],
:ovn_nb_private_key => 'nb private key',
:ovn_nb_certificate => 'nb certificate',
:ovn_sb_private_key => 'sb private key',
:ovn_sb_certificate => 'sb certificate',
:ovn_sb_ca_cert => 'sb ca cert',
:ovn_nb_ca_cert => 'nb ca cert',
:dns_servers => '<SERVICE DEFAULT>'
})
end
end
context 'with step 4 and later and non clustered ovn dbs' do
let(:params) { {
:step => 4,
:ovn_db_node_ips => ['192.168.111.10', '192.168.111.11'],
:ovn_db_host => ['192.168.100.99'],
:ovn_db_clustered => false,
:ovn_sb_port => 999,
:ovn_nb_port => 998,
} }
it 'should configure ovn ML2 plugin with non-clustered node ips' do
is_expected.to contain_class('neutron::plugins::ml2::ovn').with({
:ovn_nb_connection => ['tcp:192.168.100.99:998'],
:ovn_sb_connection => ['tcp:192.168.100.99:999'],
:ovn_nb_private_key => '<SERVICE DEFAULT>',
:ovn_nb_certificate => '<SERVICE DEFAULT>',
:ovn_nb_ca_cert => '<SERVICE DEFAULT>',
:ovn_sb_private_key => '<SERVICE DEFAULT>',
:ovn_sb_certificate => '<SERVICE DEFAULT>',
:ovn_sb_ca_cert => '<SERVICE DEFAULT>',
:dns_servers => '<SERVICE DEFAULT>'
})
end
end
context 'with step 4 and dns integration enabled, unbound resolvers present' do
let(:params) { {
:step => 4,
:ovn_db_node_ips => ['192.168.111.10', '192.168.111.11'],
:ovn_db_host => ['192.168.100.99'],
:ovn_db_clustered => false,
:ovn_sb_port => 999,
:ovn_nb_port => 998,
:neutron_dns_integration => true,
:unbound_resolvers => ['10.0.0.50', '10.0.3.20']
} }
it 'should configure ovn ML2 plugin with non-clustered node ips' do
is_expected.to contain_class('neutron::plugins::ml2::ovn').with({
:ovn_nb_connection => ['tcp:192.168.100.99:998'],
:ovn_sb_connection => ['tcp:192.168.100.99:999'],
:ovn_nb_private_key => '<SERVICE DEFAULT>',
:ovn_nb_certificate => '<SERVICE DEFAULT>',
:ovn_nb_ca_cert => '<SERVICE DEFAULT>',
:ovn_sb_private_key => '<SERVICE DEFAULT>',
:ovn_sb_certificate => '<SERVICE DEFAULT>',
:ovn_sb_ca_cert => '<SERVICE DEFAULT>',
:dns_servers => ['10.0.0.50', '10.0.3.20']
})
end
end
context 'with step 4 and dns integration enabled, unbound resolvers missing' do
let(:params) { {
:step => 4,
:ovn_db_node_ips => ['192.168.111.10', '192.168.111.11'],
:ovn_db_host => ['192.168.100.99'],
:ovn_db_clustered => false,
:ovn_sb_port => 999,
:ovn_nb_port => 998,
:neutron_dns_integration => true,
} }
it 'should configure ovn ML2 plugin with non-clustered node ips' do
is_expected.to contain_class('neutron::plugins::ml2::ovn').with({
:ovn_nb_connection => ['tcp:192.168.100.99:998'],
:ovn_sb_connection => ['tcp:192.168.100.99:999'],
:ovn_nb_private_key => '<SERVICE DEFAULT>',
:ovn_nb_certificate => '<SERVICE DEFAULT>',
:ovn_nb_ca_cert => '<SERVICE DEFAULT>',
:ovn_sb_private_key => '<SERVICE DEFAULT>',
:ovn_sb_certificate => '<SERVICE DEFAULT>',
:ovn_sb_ca_cert => '<SERVICE DEFAULT>',
:dns_servers => '<SERVICE DEFAULT>'
})
end
end
context 'with step 4 and dns integration disabled, unbound resolvers present' do
let(:params) { {
:step => 4,
:ovn_db_node_ips => ['192.168.111.10', '192.168.111.11'],
:ovn_db_host => ['192.168.100.99'],
:ovn_db_clustered => false,
:ovn_sb_port => 999,
:ovn_nb_port => 998,
:neutron_dns_integration => false,
:unbound_resolvers => ['10.0.0.50', '10.0.3.20']
} }
it 'should configure ovn ML2 plugin with non-clustered node ips' do
is_expected.to contain_class('neutron::plugins::ml2::ovn').with({
:ovn_nb_connection => ['tcp:192.168.100.99:998'],
:ovn_sb_connection => ['tcp:192.168.100.99:999'],
:ovn_nb_private_key => '<SERVICE DEFAULT>',
:ovn_nb_certificate => '<SERVICE DEFAULT>',
:ovn_nb_ca_cert => '<SERVICE DEFAULT>',
:ovn_sb_private_key => '<SERVICE DEFAULT>',
:ovn_sb_certificate => '<SERVICE DEFAULT>',
:ovn_sb_ca_cert => '<SERVICE DEFAULT>',
:dns_servers => '<SERVICE DEFAULT>'
})
end
end
context 'with step 4 and dns integration enabled, unbound resolvers missing, but user def DNS present' do
let(:params) { {
:step => 4,
:ovn_db_node_ips => ['192.168.111.10', '192.168.111.11'],
:ovn_db_host => ['192.168.100.99'],
:ovn_db_clustered => false,
:ovn_sb_port => 999,
:ovn_nb_port => 998,
:neutron_dns_integration => true,
:dns_servers => ['10.0.0.99']
} }
it 'should configure ovn ML2 plugin with non-clustered node ips' do
is_expected.to contain_class('neutron::plugins::ml2::ovn').with({
:ovn_nb_connection => ['tcp:192.168.100.99:998'],
:ovn_sb_connection => ['tcp:192.168.100.99:999'],
:ovn_nb_private_key => '<SERVICE DEFAULT>',
:ovn_nb_certificate => '<SERVICE DEFAULT>',
:ovn_nb_ca_cert => '<SERVICE DEFAULT>',
:ovn_sb_private_key => '<SERVICE DEFAULT>',
:ovn_sb_certificate => '<SERVICE DEFAULT>',
:ovn_sb_ca_cert => '<SERVICE DEFAULT>',
:dns_servers => ['10.0.0.99']
})
end
end
context 'with step 4 and dns integration disabled, but user def DNS present' do
let(:params) { {
:step => 4,
:ovn_db_node_ips => ['192.168.111.10', '192.168.111.11'],
:ovn_db_host => ['192.168.100.99'],
:ovn_db_clustered => false,
:ovn_sb_port => 999,
:ovn_nb_port => 998,
:neutron_dns_integration => false,
:dns_servers => ['10.0.0.99']
} }
it 'should configure ovn ML2 plugin with non-clustered node ips' do
is_expected.to contain_class('neutron::plugins::ml2::ovn').with({
:ovn_nb_connection => ['tcp:192.168.100.99:998'],
:ovn_sb_connection => ['tcp:192.168.100.99:999'],
:ovn_nb_private_key => '<SERVICE DEFAULT>',
:ovn_nb_certificate => '<SERVICE DEFAULT>',
:ovn_nb_ca_cert => '<SERVICE DEFAULT>',
:ovn_sb_private_key => '<SERVICE DEFAULT>',
:ovn_sb_certificate => '<SERVICE DEFAULT>',
:ovn_sb_ca_cert => '<SERVICE DEFAULT>',
:dns_servers => ['10.0.0.99']
})
end
end
end
on_supported_os.each do |os, facts|
context "on #{os}" do
let(:facts) do
facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com'}))
end
it_behaves_like 'tripleo::profile::base::neutron::plugins::ml2::ovn'
end
end
end