Add the NoopFirewallDriver validation

When using Neutron for networking, the `firewall_driver` value in in nova.conf must be set to NoopFirewallDriver. Change-Id: I44e12d77a8e91bd7afab9acbae2080098a6799f4
2016-10-17 09:31:10 +02:00 · 2016-10-17 09:31:10 +02:00 · 8e311b6354
parent 77f12450ad
commit 8e311b6354
1 changed files with 22 additions and 0 deletions
--- a/validations/no-op-firewall-nova-driver.yaml
+++ b/validations/no-op-firewall-nova-driver.yaml
@ -0,0 +1,22 @@
+---
+- hosts: compute
+  vars:
+    metadata:
+      name: Verify NoOpFirewallDriver is set in Nova
+      description: >
+        When using Neutron, the `firewall_driver` option in Nova must be set to
+        `NoopFirewallDriver`.
+      groups:
+      - post-deployment
+  tasks:
+  - name: Read the `firewall_driver` value
+    become: true
+    ini: path=/etc/nova/nova.conf section=DEFAULT key=firewall_driver
+    register: nova_firewall_driver
+  - name: Verify `firewall_driver` is set to `NoopFirewallDriver`
+    fail:
+      msg: >
+        The firewall_driver value in /etc/nova/nova.conf is
+        {{ nova_firewall_driver.value or 'unset' }}, but it must be set to:
+        nova.virt.firewall.NoopFirewallDriver
+    failed_when: "{{ nova_firewall_driver.value != 'nova.virt.firewall.NoopFirewallDriver' }}"