openstack/puppet-tripleo
Code Issues Proposed changes
Files
0933bc5fd896ac2474872bb1b4b217ad8f430885
puppet-tripleo/spec/classes/tripleo_profile_base_nova_libvirt_spec.rb
Oliver Walsh 1b82fe40fe Use normal socket file permissions instead of polkit 
The default (on RHEL/CentOS) is to use polkit but this is only useful
for GUI support or for fine grained API access control.  As we don't
require either we can achieve identical control using plain old unix
filesystem permissions.

I've merged Sven's changes from https://review.openstack.org/484979
and https://review.openstack.org/487150.

As we need to be careful with the libvirtd option quoting I think it's
best to do this in puppet-tripleo instead of t-h-t yaml.

The option to override the settings from t-h-t remains.

Co-Authored-By: Sven Anderson <sven@redhat.com>

Reverts I91be1f1eacf8eed9017bbfef393ee2d66771e8d6

Closes-bug: 1696504

Change-Id: I507bdd8e3a461091562177403a2a55fcaf6694d2
Depends-On: I17f6c9b5a6e2120a53bae296042ece492210597a
2017-08-02 18:08:38 +00:00

132 lines
5.0 KiB
Ruby
Raw Blame History

#
# Copyright (C) 2017 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
require 'spec_helper'
describe 'tripleo::profile::base::nova::libvirt' do
shared_examples_for 'tripleo::profile::base::nova::libvirt' do
context 'with step less than 4' do
let(:params) { { :step => 1, } }
let(:pre_condition) do
<<-eos
class { '::tripleo::profile::base::nova::compute_libvirt_shared':
step => #{params[:step]}
}
eos
end
it {
is_expected.to contain_class('tripleo::profile::base::nova::libvirt')
is_expected.to contain_class('tripleo::profile::base::nova::compute_libvirt_shared')
is_expected.to_not contain_class('tripleo::profile::base::nova')
is_expected.to_not contain_class('nova::compute::libvirt::services')
is_expected.to_not contain_file('/etclibvirt/qemu/networks/autostart/default.xml')
is_expected.to_not contain_file('/etclibvirt/qemu/networks/default.xml')
is_expected.to_not contain_exec('libvirt-default-net-destroy')
}
end
context 'with step 4' do
let(:pre_condition) do
<<-eos
class { '::tripleo::profile::base::nova':
step => #{params[:step]},
oslomsg_rpc_hosts => [ '127.0.0.1' ],
}
class { '::tripleo::profile::base::nova::migration':
step => #{params[:step]}
}
class { '::tripleo::profile::base::nova::migration::client':
step => #{params[:step]}
}
class { '::tripleo::profile::base::nova::compute_libvirt_shared':
step => #{params[:step]}
}
eos
end
let(:params) { { :step => 4, } }
it {
is_expected.to contain_class('tripleo::profile::base::nova::libvirt')
is_expected.to contain_class('tripleo::profile::base::nova::compute_libvirt_shared')
is_expected.to contain_class('tripleo::profile::base::nova')
is_expected.to contain_class('nova::compute::libvirt::services')
is_expected.to contain_class('nova::compute::libvirt::qemu')
is_expected.to contain_file('/etc/libvirt/qemu/networks/autostart/default.xml').with_ensure('absent')
is_expected.to contain_file('/etc/libvirt/qemu/networks/default.xml').with_ensure('absent')
is_expected.to contain_exec('libvirt-default-net-destroy')
is_expected.to contain_class('nova::compute::libvirt::config').with_libvirtd_config({
"unix_sock_group" => {"value" => '"libvirt"'},
"auth_unix_ro" => {"value" => '"none"'},
"auth_unix_rw" => {"value" => '"none"'},
"unix_sock_ro_perms" => {"value" => '"0777"'},
"unix_sock_rw_perms" => {"value" => '"0770"'}
})
}
end
context 'with step 4 and libvirtd_config' do
let(:pre_condition) do
<<-eos
class { '::tripleo::profile::base::nova':
step => #{params[:step]},
oslomsg_rpc_hosts => [ '127.0.0.1' ],
}
class { '::tripleo::profile::base::nova::migration':
step => #{params[:step]}
}
class { '::tripleo::profile::base::nova::migration::client':
step => #{params[:step]}
}
class { '::tripleo::profile::base::nova::compute_libvirt_shared':
step => #{params[:step]}
}
eos
end
let(:params) { { :step => 4, :libvirtd_config => { "unix_sock_group" => {"value" => '"foobar"'}} } }
it {
is_expected.to contain_class('tripleo::profile::base::nova::libvirt')
is_expected.to contain_class('tripleo::profile::base::nova')
is_expected.to contain_class('nova::compute::libvirt::services')
is_expected.to contain_file('/etc/libvirt/qemu/networks/autostart/default.xml').with_ensure('absent')
is_expected.to contain_file('/etc/libvirt/qemu/networks/default.xml').with_ensure('absent')
is_expected.to contain_exec('libvirt-default-net-destroy')
is_expected.to contain_class('nova::compute::libvirt::config').with_libvirtd_config({
"unix_sock_group" => {"value" => '"foobar"'},
"auth_unix_ro" => {"value" => '"none"'},
"auth_unix_rw" => {"value" => '"none"'},
"unix_sock_ro_perms" => {"value" => '"0777"'},
"unix_sock_rw_perms" => {"value" => '"0770"'}
})
}
end
end
on_supported_os.each do |os, facts|
context "on #{os}" do
let(:facts) do
facts.merge({ :hostname => 'node.example.com' })
end
it_behaves_like 'tripleo::profile::base::nova::libvirt'
end
end
end
View Git Blame Copy Permalink