Allow ctlplane subnets in undercloud chrony acl rules
At present chronyd runs as client and can't be used as NTP server by the overcloud nodes. It would be good to allow the ctlplane subnets for it to be used by the overcloud. Change-Id: If5911de750a284ae513b343daa4886bb2f547b29 Closes-Bug: #1858096
This commit is contained in:
parent
a7aac7ca5f
commit
9e5c1103ef
|
@ -121,9 +121,9 @@ class TestProcessDriversAndHardwareTypes(base.TestCase):
|
|||
}, env)
|
||||
|
||||
|
||||
class TestNetworkSettings(base.TestCase):
|
||||
class TestBaseNetworkSettings(base.TestCase):
|
||||
def setUp(self):
|
||||
super(TestNetworkSettings, self).setUp()
|
||||
super(TestBaseNetworkSettings, self).setUp()
|
||||
self.conf = self.useFixture(oslo_fixture.Config(cfg.CONF))
|
||||
# don't actually load config from ~/undercloud.conf
|
||||
self.mock_config_load = self.useFixture(
|
||||
|
@ -160,6 +160,8 @@ class TestNetworkSettings(base.TestCase):
|
|||
dns_nameservers=[],
|
||||
group='ctlplane-subnet')
|
||||
|
||||
|
||||
class TestNetworkSettings(TestBaseNetworkSettings):
|
||||
def test_default(self):
|
||||
env = {}
|
||||
undercloud_config._process_network_args(env)
|
||||
|
@ -875,6 +877,16 @@ class TestNetworkSettings(base.TestCase):
|
|||
self.assertEqual(expected, env)
|
||||
|
||||
|
||||
class TestChronySettings(TestBaseNetworkSettings):
|
||||
def test_default(self):
|
||||
env = {}
|
||||
undercloud_config._process_chrony_acls(env)
|
||||
expected = {
|
||||
'ChronyAclRules': ['allow 192.168.24.0/24'],
|
||||
}
|
||||
self.assertEqual(expected, env)
|
||||
|
||||
|
||||
class TestTLSSettings(base.TestCase):
|
||||
def test_public_host_with_ip_should_give_ip_endpoint_environment(self):
|
||||
expected_env_file = os.path.join(
|
||||
|
|
|
@ -394,6 +394,15 @@ def _process_network_args(env):
|
|||
raise exceptions.InvalidConfiguration(msg)
|
||||
|
||||
|
||||
def _process_chrony_acls(env):
|
||||
"""Populate ACL rules for chrony to allow ctlplane subnets"""
|
||||
acl_rules = []
|
||||
for subnet in CONF.subnets:
|
||||
s = CONF.get(subnet)
|
||||
acl_rules.append('allow ' + s.get('cidr'))
|
||||
env['ChronyAclRules'] = acl_rules
|
||||
|
||||
|
||||
def prepare_undercloud_deploy(upgrade=False, no_validations=True,
|
||||
verbose_level=1, yes=False,
|
||||
force_stack_update=False, dry_run=False,
|
||||
|
@ -440,6 +449,9 @@ def prepare_undercloud_deploy(upgrade=False, no_validations=True,
|
|||
# Set up parameters for undercloud networking
|
||||
_process_network_args(env_data)
|
||||
|
||||
# Setup parameter for Chrony ACL rules
|
||||
_process_chrony_acls(env_data)
|
||||
|
||||
# Parse the undercloud.conf options to include necessary args and
|
||||
# yaml files for undercloud deploy command
|
||||
|
||||
|
|
Loading…
Reference in New Issue