diff --git a/manifests/profile/base/neutron/dhcp.pp b/manifests/profile/base/neutron/dhcp.pp index bc80d3e96..2bd4670dc 100644 --- a/manifests/profile/base/neutron/dhcp.pp +++ b/manifests/profile/base/neutron/dhcp.pp @@ -23,12 +23,29 @@ # for more details. # Defaults to hiera('step') # +# [*neutron_dns_integration*] +# (Optional) Configure neutron to use the supplied unbound resolver nodes. +# Defaults to false +# +# [*unbound_resolvers*] +# (Optional) Unbound resolvers if configured. +# Defaults to hiera('unbound_node_ips', undef) +# class tripleo::profile::base::neutron::dhcp ( - $step = Integer(hiera('step')), + $step = Integer(hiera('step')), + $neutron_dns_integration = false, + $unbound_resolvers = hiera('unbound_node_ips', undef), ) { if $step >= 4 { include tripleo::profile::base::neutron - include neutron::agents::dhcp + + if $neutron_dns_integration and $unbound_resolvers { + class{ 'neutron::agents::dhcp': + dnsmasq_dns_servers => $unbound_resolvers + } + } else { + include neutron::agents::dhcp + } Service<| title == 'neutron-server' |> -> Service <| title == 'neutron-dhcp' |> } diff --git a/manifests/profile/base/neutron/plugins/ml2/ovn.pp b/manifests/profile/base/neutron/plugins/ml2/ovn.pp index 0f3d5e0b1..36a86cdb4 100644 --- a/manifests/profile/base/neutron/plugins/ml2/ovn.pp +++ b/manifests/profile/base/neutron/plugins/ml2/ovn.pp @@ -74,6 +74,18 @@ # for more details. # Defaults to hiera('step') # +# [*neutron_dns_integration*] +# (Optional) Configure neutron to use the supplied unbound resolver nodes. +# Defaults to false +# +# [*unbound_resolvers*] +# (Optional) Unbound resolvers if configured. +# Defaults to hiera('unbound_node_ips', undef) +# +# [*dns_servers*] +# (Optional) Heat template defined dns servers if provided. +# Defaults to hiera('neutron::plugins::ml2::ovn', $::os_service_default) +# class tripleo::profile::base::neutron::plugins::ml2::ovn ( $ovn_db_host = hiera('ovn_dbs_vip', undef), $ovn_db_node_ips = hiera('ovn_dbs_node_ips', undef), @@ -87,7 +99,10 @@ class tripleo::profile::base::neutron::plugins::ml2::ovn ( $ovn_sb_certificate = $::os_service_default, $ovn_sb_ca_cert = $::os_service_default, $protocol = 'tcp', - $step = Integer(hiera('step')) + $step = Integer(hiera('step')), + $neutron_dns_integration = false, + $unbound_resolvers = hiera('unbound_node_ips', undef), + $dns_servers = hiera('neutron::plugins::ml2::ovn::dns_servers', $::os_service_default), ) { if $step >= 4 { @@ -99,6 +114,12 @@ class tripleo::profile::base::neutron::plugins::ml2::ovn ( $sb_conn = $db_hosts.map |$h| { join([$protocol, normalize_ip_for_uri($h), "${ovn_sb_port}"], ':') } $nb_conn = $db_hosts.map |$h| { join([$protocol, normalize_ip_for_uri($h), "${ovn_nb_port}"], ':') } + if $neutron_dns_integration and $unbound_resolvers { + $unbound_resolvers_real = $unbound_resolvers + } else { + $unbound_resolvers_real = $dns_servers + } + class { 'neutron::plugins::ml2::ovn': ovn_nb_connection => join(any2array($nb_conn), ','), ovn_sb_connection => join(any2array($sb_conn), ','), @@ -108,6 +129,7 @@ class tripleo::profile::base::neutron::plugins::ml2::ovn ( ovn_sb_private_key => $ovn_sb_private_key, ovn_sb_certificate => $ovn_sb_certificate, ovn_sb_ca_cert => $ovn_sb_ca_cert, + dns_servers => $unbound_resolvers_real } } } diff --git a/spec/classes/tripleo_profile_base_neutron_dhcp_spec.rb b/spec/classes/tripleo_profile_base_neutron_dhcp_spec.rb index 520da57b8..86e91ace3 100644 --- a/spec/classes/tripleo_profile_base_neutron_dhcp_spec.rb +++ b/spec/classes/tripleo_profile_base_neutron_dhcp_spec.rb @@ -38,7 +38,38 @@ describe 'tripleo::profile::base::neutron::dhcp' do it 'should trigger complete configuration' do is_expected.to contain_class('tripleo::profile::base::neutron::dhcp') is_expected.to contain_class('tripleo::profile::base::neutron') - is_expected.to contain_class('neutron::agents::dhcp') + is_expected.to contain_class('neutron::agents::dhcp').with({ + :dnsmasq_dns_servers => '' + }) + end + end + + context 'with step 4, dns integration enabled and resolvers' do + let(:params) { { + :step => 4, + :neutron_dns_integration => true, + :unbound_resolvers => ['192.168.111.111'] + } } + it 'should trigger configuration with dns integration' do + is_expected.to contain_class('tripleo::profile::base::neutron::dhcp') + is_expected.to contain_class('tripleo::profile::base::neutron') + is_expected.to contain_class('neutron::agents::dhcp').with({ + :dnsmasq_dns_servers => ['192.168.111.111'] + }) + end + end + + context 'with step 4, dns integration enabled but no resolvers' do + let(:params) { { + :step => 4, + :neutron_dns_integration => true, + } } + it 'should trigger configuration without dns integration' do + is_expected.to contain_class('tripleo::profile::base::neutron::dhcp') + is_expected.to contain_class('tripleo::profile::base::neutron') + is_expected.to contain_class('neutron::agents::dhcp').with({ + :dnsmasq_dns_servers => '' + }) end end end @@ -48,7 +79,6 @@ describe 'tripleo::profile::base::neutron::dhcp' do let(:facts) do facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) end - it_behaves_like 'tripleo::profile::base::neutron::dhcp' end end diff --git a/spec/classes/tripleo_profile_base_neutron_plugins_ml2_ovn_spec.rb b/spec/classes/tripleo_profile_base_neutron_plugins_ml2_ovn_spec.rb new file mode 100644 index 000000000..2cc8fc7ee --- /dev/null +++ b/spec/classes/tripleo_profile_base_neutron_plugins_ml2_ovn_spec.rb @@ -0,0 +1,258 @@ +# +# Copyright (C) 2022 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# + +require 'spec_helper' + +describe 'tripleo::profile::base::neutron::plugins::ml2::ovn' do + + shared_examples_for 'tripleo::profile::base::neutron::plugins::ml2::ovn' do + + before :each do + facts.merge!({ :step => params[:step] }) + end + + context 'with step less than 4' do + let(:params) { { + :step => 3, + :ovn_db_node_ips => ['192.168.111.10', '192.168.111.11'], + :ovn_db_clustered => true, + :ovn_sb_port => 999, + :ovn_nb_port => 998, + } } + it 'should do nothing' do + is_expected.to contain_class('tripleo::profile::base::neutron::plugins::ml2::ovn') + is_expected.to_not contain_class('neutron::plugins::ml2::ovn') + end + end + + context 'with step 4 and later and clustered ovn dbs' do + let(:params) { { + :step => 4, + :ovn_db_node_ips => ['192.168.111.10', '192.168.111.11'], + :ovn_db_clustered => true, + :ovn_sb_port => 999, + :ovn_nb_port => 998, + } } + it 'should configure ovn ML2 plugin with clustered node ips' do + is_expected.to contain_class('neutron::plugins::ml2::ovn').with({ + :ovn_nb_connection => ['tcp:192.168.111.10:998,tcp:192.168.111.11:998'], + :ovn_sb_connection => ['tcp:192.168.111.10:999,tcp:192.168.111.11:999'], + :ovn_nb_private_key => '', + :ovn_nb_certificate => '', + :ovn_nb_ca_cert => '', + :ovn_sb_private_key => '', + :ovn_sb_certificate => '', + :ovn_sb_ca_cert => '', + :dns_servers => '' + }) + end + end + + context 'with step 4 and later and clustered ovn dbs, ssl connections' do + let(:params) { { + :step => 4, + :ovn_db_node_ips => ['192.168.111.10', '192.168.111.11'], + :ovn_db_clustered => true, + :ovn_sb_port => 999, + :ovn_nb_port => 998, + :protocol => 'ssl', + :ovn_nb_private_key => 'nb private key', + :ovn_nb_certificate => 'nb certificate', + :ovn_sb_private_key => 'sb private key', + :ovn_sb_certificate => 'sb certificate', + :ovn_sb_ca_cert => 'sb ca cert', + :ovn_nb_ca_cert => 'nb ca cert', + } } + it 'should configure ovn ML2 plugin with clustered node ips and ssl connections' do + is_expected.to contain_class('neutron::plugins::ml2::ovn').with({ + :ovn_nb_connection => ['ssl:192.168.111.10:998,ssl:192.168.111.11:998'], + :ovn_sb_connection => ['ssl:192.168.111.10:999,ssl:192.168.111.11:999'], + :ovn_nb_private_key => 'nb private key', + :ovn_nb_certificate => 'nb certificate', + :ovn_sb_private_key => 'sb private key', + :ovn_sb_certificate => 'sb certificate', + :ovn_sb_ca_cert => 'sb ca cert', + :ovn_nb_ca_cert => 'nb ca cert', + :dns_servers => '' + }) + end + end + + context 'with step 4 and later and non clustered ovn dbs' do + let(:params) { { + :step => 4, + :ovn_db_node_ips => ['192.168.111.10', '192.168.111.11'], + :ovn_db_host => ['192.168.100.99'], + :ovn_db_clustered => false, + :ovn_sb_port => 999, + :ovn_nb_port => 998, + } } + it 'should configure ovn ML2 plugin with non-clustered node ips' do + is_expected.to contain_class('neutron::plugins::ml2::ovn').with({ + :ovn_nb_connection => ['tcp:192.168.100.99:998'], + :ovn_sb_connection => ['tcp:192.168.100.99:999'], + :ovn_nb_private_key => '', + :ovn_nb_certificate => '', + :ovn_nb_ca_cert => '', + :ovn_sb_private_key => '', + :ovn_sb_certificate => '', + :ovn_sb_ca_cert => '', + :dns_servers => '' + }) + end + end + + context 'with step 4 and dns integration enabled, unbound resolvers present' do + let(:params) { { + :step => 4, + :ovn_db_node_ips => ['192.168.111.10', '192.168.111.11'], + :ovn_db_host => ['192.168.100.99'], + :ovn_db_clustered => false, + :ovn_sb_port => 999, + :ovn_nb_port => 998, + :neutron_dns_integration => true, + :unbound_resolvers => ['10.0.0.50', '10.0.3.20'] + } } + it 'should configure ovn ML2 plugin with non-clustered node ips' do + is_expected.to contain_class('neutron::plugins::ml2::ovn').with({ + :ovn_nb_connection => ['tcp:192.168.100.99:998'], + :ovn_sb_connection => ['tcp:192.168.100.99:999'], + :ovn_nb_private_key => '', + :ovn_nb_certificate => '', + :ovn_nb_ca_cert => '', + :ovn_sb_private_key => '', + :ovn_sb_certificate => '', + :ovn_sb_ca_cert => '', + :dns_servers => ['10.0.0.50', '10.0.3.20'] + }) + end + end + + context 'with step 4 and dns integration enabled, unbound resolvers missing' do + let(:params) { { + :step => 4, + :ovn_db_node_ips => ['192.168.111.10', '192.168.111.11'], + :ovn_db_host => ['192.168.100.99'], + :ovn_db_clustered => false, + :ovn_sb_port => 999, + :ovn_nb_port => 998, + :neutron_dns_integration => true, + } } + it 'should configure ovn ML2 plugin with non-clustered node ips' do + is_expected.to contain_class('neutron::plugins::ml2::ovn').with({ + :ovn_nb_connection => ['tcp:192.168.100.99:998'], + :ovn_sb_connection => ['tcp:192.168.100.99:999'], + :ovn_nb_private_key => '', + :ovn_nb_certificate => '', + :ovn_nb_ca_cert => '', + :ovn_sb_private_key => '', + :ovn_sb_certificate => '', + :ovn_sb_ca_cert => '', + :dns_servers => '' + }) + end + end + + context 'with step 4 and dns integration disabled, unbound resolvers present' do + let(:params) { { + :step => 4, + :ovn_db_node_ips => ['192.168.111.10', '192.168.111.11'], + :ovn_db_host => ['192.168.100.99'], + :ovn_db_clustered => false, + :ovn_sb_port => 999, + :ovn_nb_port => 998, + :neutron_dns_integration => false, + :unbound_resolvers => ['10.0.0.50', '10.0.3.20'] + } } + it 'should configure ovn ML2 plugin with non-clustered node ips' do + is_expected.to contain_class('neutron::plugins::ml2::ovn').with({ + :ovn_nb_connection => ['tcp:192.168.100.99:998'], + :ovn_sb_connection => ['tcp:192.168.100.99:999'], + :ovn_nb_private_key => '', + :ovn_nb_certificate => '', + :ovn_nb_ca_cert => '', + :ovn_sb_private_key => '', + :ovn_sb_certificate => '', + :ovn_sb_ca_cert => '', + :dns_servers => '' + }) + end + end + + context 'with step 4 and dns integration enabled, unbound resolvers missing, but user def DNS present' do + let(:params) { { + :step => 4, + :ovn_db_node_ips => ['192.168.111.10', '192.168.111.11'], + :ovn_db_host => ['192.168.100.99'], + :ovn_db_clustered => false, + :ovn_sb_port => 999, + :ovn_nb_port => 998, + :neutron_dns_integration => true, + :dns_servers => ['10.0.0.99'] + } } + it 'should configure ovn ML2 plugin with non-clustered node ips' do + is_expected.to contain_class('neutron::plugins::ml2::ovn').with({ + :ovn_nb_connection => ['tcp:192.168.100.99:998'], + :ovn_sb_connection => ['tcp:192.168.100.99:999'], + :ovn_nb_private_key => '', + :ovn_nb_certificate => '', + :ovn_nb_ca_cert => '', + :ovn_sb_private_key => '', + :ovn_sb_certificate => '', + :ovn_sb_ca_cert => '', + :dns_servers => ['10.0.0.99'] + }) + end + end + + context 'with step 4 and dns integration disabled, but user def DNS present' do + let(:params) { { + :step => 4, + :ovn_db_node_ips => ['192.168.111.10', '192.168.111.11'], + :ovn_db_host => ['192.168.100.99'], + :ovn_db_clustered => false, + :ovn_sb_port => 999, + :ovn_nb_port => 998, + :neutron_dns_integration => false, + :dns_servers => ['10.0.0.99'] + } } + it 'should configure ovn ML2 plugin with non-clustered node ips' do + is_expected.to contain_class('neutron::plugins::ml2::ovn').with({ + :ovn_nb_connection => ['tcp:192.168.100.99:998'], + :ovn_sb_connection => ['tcp:192.168.100.99:999'], + :ovn_nb_private_key => '', + :ovn_nb_certificate => '', + :ovn_nb_ca_cert => '', + :ovn_sb_private_key => '', + :ovn_sb_certificate => '', + :ovn_sb_ca_cert => '', + :dns_servers => ['10.0.0.99'] + }) + end + end + + end + + on_supported_os.each do |os, facts| + context "on #{os}" do + let(:facts) do + facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com'})) + end + it_behaves_like 'tripleo::profile::base::neutron::plugins::ml2::ovn' + end + end + +end