summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJenkins <jenkins@review.openstack.org>2017-06-01 20:14:18 +0000
committerGerrit Code Review <review@openstack.org>2017-06-01 20:14:18 +0000
commite9bd01e061d5ae4873628c8a9c9b37aef47d5078 (patch)
tree3b6cfda119463549a569a6ff24f9e0c182548f91
parenta1d685bec5e3fe17f2952512e2706a65a10aa872 (diff)
parente1f06331535416e0db554c174ebad985df9c23db (diff)
Merge "Configure migration SSH tunnel" into stable/newton
-rw-r--r--manifests/profile/base/nova.pp75
-rw-r--r--releasenotes/notes/cold_migration_setup-dc4ebd834920c27f.yaml4
-rw-r--r--spec/classes/tripleo_profile_base_nova_spec.rb230
-rw-r--r--spec/fixtures/hieradata/default.yaml5
-rw-r--r--spec/spec_helper.rb2
5 files changed, 305 insertions, 11 deletions
diff --git a/manifests/profile/base/nova.pp b/manifests/profile/base/nova.pp
index 4626465..b6c1910 100644
--- a/manifests/profile/base/nova.pp
+++ b/manifests/profile/base/nova.pp
@@ -45,6 +45,15 @@
45# [*rabbit_port*] 45# [*rabbit_port*]
46# IP port for rabbitmq service 46# IP port for rabbitmq service
47# Defaults to hiera('nova::rabbit_port', 5672) 47# Defaults to hiera('nova::rabbit_port', 5672)
48#
49# [*migration_ssh_key*]
50# (Optional) SSH key pair for migration SSH tunnel.
51# Expects a hash with keys 'private_key' and 'public_key'.
52# Defaults to {}
53#
54# [*libvirt_tls*]
55# (Optional) Whether or not libvird TLS service is enabled.
56# Defaults to false
48 57
49class tripleo::profile::base::nova ( 58class tripleo::profile::base::nova (
50 $bootstrap_node = hiera('bootstrap_nodeid', undef), 59 $bootstrap_node = hiera('bootstrap_nodeid', undef),
@@ -54,6 +63,8 @@ class tripleo::profile::base::nova (
54 $step = hiera('step'), 63 $step = hiera('step'),
55 $rabbit_hosts = hiera('rabbitmq_node_ips', undef), 64 $rabbit_hosts = hiera('rabbitmq_node_ips', undef),
56 $rabbit_port = hiera('nova::rabbit_port', 5672), 65 $rabbit_port = hiera('nova::rabbit_port', 5672),
66 $migration_ssh_key = {},
67 $libvirt_tls = false
57) { 68) {
58 if $::hostname == downcase($bootstrap_node) { 69 if $::hostname == downcase($bootstrap_node) {
59 $sync_db = true 70 $sync_db = true
@@ -67,26 +78,68 @@ class tripleo::profile::base::nova (
67 $memcache_servers = suffix(hiera('memcached_node_ips'), ':11211') 78 $memcache_servers = suffix(hiera('memcached_node_ips'), ':11211')
68 } 79 }
69 80
70 if hiera('step') >= 4 or (hiera('step') >= 3 and $sync_db) { 81 if $step >= 4 or ($step >= 3 and $sync_db) {
71 $rabbit_endpoints = suffix(any2array(normalize_ip_for_uri($rabbit_hosts)), ":${rabbit_port}") 82 $rabbit_endpoints = suffix(any2array(normalize_ip_for_uri($rabbit_hosts)), ":${rabbit_port}")
72 class { '::nova' :
73 rabbit_hosts => $rabbit_endpoints,
74 }
75 include ::nova::config 83 include ::nova::config
76 class { '::nova::cache': 84 class { '::nova::cache':
77 enabled => true, 85 enabled => true,
78 backend => 'oslo_cache.memcache_pool', 86 backend => 'oslo_cache.memcache_pool',
79 memcache_servers => $memcache_servers, 87 memcache_servers => $memcache_servers,
80 } 88 }
81 }
82 89
83 if $step >= 4 { 90 if $step >= 4 and $manage_migration {
84 if $manage_migration { 91
85 class { '::nova::migration::libvirt': 92 # Libvirt setup (live-migration)
86 configure_libvirt => $libvirt_enabled, 93 if $libvirt_tls {
87 configure_nova => $nova_compute_enabled, 94 class { '::nova::migration::libvirt':
95 transport => 'tls',
96 configure_libvirt => $libvirt_enabled,
97 configure_nova => $nova_compute_enabled,
98 }
99 } else {
100 # Reuse the cold-migration SSH tunnel when TLS is not enabled
101 class { '::nova::migration::libvirt':
102 transport => 'ssh',
103 configure_libvirt => $libvirt_enabled,
104 configure_nova => $nova_compute_enabled,
105 client_user => 'nova',
106 client_extraparams => {
107 'keyfile' => '/var/lib/nova/.ssh/id_rsa'
108 }
109 }
88 } 110 }
111
112 if $migration_ssh_key != {} {
113 # Nova SSH tunnel setup (cold-migration)
114
115 #TODO: Remove me when https://review.rdoproject.org/r/#/c/4008 lands
116 user { 'nova':
117 ensure => present,
118 shell => '/bin/bash',
119 }
120
121 $private_key_parts = split($migration_ssh_key['public_key'], ' ')
122 $nova_public_key = {
123 'type' => $private_key_parts[0],
124 key => $private_key_parts[1]
125 }
126 $nova_private_key = {
127 'type' => $private_key_parts[0],
128 key => $migration_ssh_key['private_key']
129 }
130 } else {
131 $nova_public_key = undef
132 $nova_private_key = undef
133 }
134 } else {
135 $nova_public_key = undef
136 $nova_private_key = undef
89 } 137 }
90 }
91 138
139 class { '::nova' :
140 rabbit_hosts => $rabbit_endpoints,
141 nova_public_key => $nova_public_key,
142 nova_private_key => $nova_private_key,
143 }
144 }
92} 145}
diff --git a/releasenotes/notes/cold_migration_setup-dc4ebd834920c27f.yaml b/releasenotes/notes/cold_migration_setup-dc4ebd834920c27f.yaml
new file mode 100644
index 0000000..00b7799
--- /dev/null
+++ b/releasenotes/notes/cold_migration_setup-dc4ebd834920c27f.yaml
@@ -0,0 +1,4 @@
1---
2features:
3 - Configure ssh tunneling for nova cold-migration. Re-use the tunnel for
4 libvirt live-migration unless TLS is enabled.
diff --git a/spec/classes/tripleo_profile_base_nova_spec.rb b/spec/classes/tripleo_profile_base_nova_spec.rb
new file mode 100644
index 0000000..92511fb
--- /dev/null
+++ b/spec/classes/tripleo_profile_base_nova_spec.rb
@@ -0,0 +1,230 @@
1#
2# Copyright (C) 2017 Red Hat, Inc.
3#
4# Licensed under the Apache License, Version 2.0 (the "License"); you may
5# not use this file except in compliance with the License. You may obtain
6# a copy of the License at
7#
8# http://www.apache.org/licenses/LICENSE-2.0
9#
10# Unless required by applicable law or agreed to in writing, software
11# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
12# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
13# License for the specific language governing permissions and limitations
14# under the License.
15#
16
17require 'spec_helper'
18
19describe 'tripleo::profile::base::nova' do
20 shared_examples_for 'tripleo::profile::base::nova' do
21
22 context 'with step less than 3' do
23 let(:params) { {
24 :step => 1,
25 :rabbit_hosts => [ '127.0.0.1' ],
26 } }
27
28 it {
29 is_expected.to contain_class('tripleo::profile::base::nova')
30 is_expected.to_not contain_class('nova')
31 is_expected.to_not contain_class('nova::config')
32 is_expected.to_not contain_class('nova::cache')
33 }
34 end
35
36 context 'with step 3 on bootstrap node' do
37 let(:params) { {
38 :step => 3,
39 :bootstrap_node => 'node.example.com',
40 :rabbit_hosts => [ '127.0.0.1' ],
41 } }
42
43 it {
44 is_expected.to contain_class('tripleo::profile::base::nova')
45 is_expected.to contain_class('nova').with(
46 :rabbit_hosts => ['127.0.0.1:5672']
47
48 )
49 is_expected.to contain_class('nova::config')
50 is_expected.to contain_class('nova::cache').with(
51 :enabled => true,
52 :backend => 'oslo_cache.memcache_pool',
53 :memcache_servers => ['127.0.0.1:11211']
54 )
55 }
56 end
57
58 context 'with step 3 not on bootstrap node' do
59 let(:params) { {
60 :step => 3,
61 :bootstrap_node => 'other.example.com',
62 :rabbit_hosts => [ '127.0.0.1' ],
63 } }
64
65 it {
66 is_expected.to contain_class('tripleo::profile::base::nova')
67 is_expected.to_not contain_class('nova')
68 is_expected.to_not contain_class('nova::config')
69 is_expected.to_not contain_class('nova::cache')
70 }
71 end
72
73 context 'with step 4' do
74 let(:params) { {
75 :step => 4,
76 :bootstrap_node => 'other.example.com',
77 :rabbit_hosts => [ '127.0.0.1' ],
78 } }
79
80 it {
81 is_expected.to contain_class('tripleo::profile::base::nova')
82 is_expected.to contain_class('nova').with(
83 :rabbit_hosts => /.+/,
84 :nova_public_key => nil,
85 :nova_private_key => nil,
86 )
87 is_expected.to contain_class('nova::config')
88 is_expected.to contain_class('nova::cache')
89 is_expected.to_not contain_class('nova::migration::libvirt')
90 }
91 end
92
93 context 'with step 4 with libvirt' do
94 let(:pre_condition) {
95 'include ::nova::compute::libvirt::services'
96 }
97 let(:params) { {
98 :step => 4,
99 :libvirt_enabled => true,
100 :manage_migration => true,
101 :nova_compute_enabled => true,
102 :bootstrap_node => 'node.example.com',
103 :rabbit_hosts => [ '127.0.0.1' ],
104 } }
105
106 it {
107 is_expected.to contain_class('tripleo::profile::base::nova')
108 is_expected.to contain_class('nova').with(
109 :rabbit_hosts => /.+/,
110 :nova_public_key => nil,
111 :nova_private_key => nil,
112 )
113 is_expected.to contain_class('nova::config')
114 is_expected.to contain_class('nova::cache')
115 is_expected.to contain_class('nova::migration::libvirt').with(
116 :transport => 'ssh',
117 :configure_libvirt => params[:libvirt_enabled],
118 :configure_nova => params[:nova_compute_enabled]
119 )
120 }
121 end
122
123 context 'with step 4 with libvirt TLS' do
124 let(:pre_condition) {
125 'include ::nova::compute::libvirt::services'
126 }
127 let(:params) { {
128 :step => 4,
129 :libvirt_enabled => true,
130 :manage_migration => true,
131 :nova_compute_enabled => true,
132 :bootstrap_node => 'node.example.com',
133 :rabbit_hosts => [ '127.0.0.1' ],
134 :libvirt_tls => true,
135 } }
136
137 it {
138 is_expected.to contain_class('tripleo::profile::base::nova')
139 is_expected.to contain_class('nova').with(
140 :rabbit_hosts => /.+/,
141 :nova_public_key => nil,
142 :nova_private_key => nil,
143 )
144 is_expected.to contain_class('nova::config')
145 is_expected.to contain_class('nova::cache')
146 is_expected.to contain_class('nova::migration::libvirt').with(
147 :transport => 'tls',
148 :configure_libvirt => params[:libvirt_enabled],
149 :configure_nova => params[:nova_compute_enabled],
150 )
151 }
152 end
153
154 context 'with step 4 with libvirt and migration ssh key' do
155 let(:pre_condition) {
156 'include ::nova::compute::libvirt::services'
157 }
158 let(:params) { {
159 :step => 4,
160 :libvirt_enabled => true,
161 :manage_migration => true,
162 :nova_compute_enabled => true,
163 :bootstrap_node => 'node.example.com',
164 :rabbit_hosts => [ '127.0.0.1' ],
165 :migration_ssh_key => { 'private_key' => 'foo', 'public_key' => 'ssh-rsa bar'}
166 } }
167
168 it {
169 is_expected.to contain_class('tripleo::profile::base::nova')
170 is_expected.to contain_class('nova').with(
171 :rabbit_hosts => /.+/,
172 :nova_public_key => {'key' => 'bar', 'type' => 'ssh-rsa'},
173 :nova_private_key => {'key' => 'foo', 'type' => 'ssh-rsa'}
174 )
175 is_expected.to contain_class('nova::config')
176 is_expected.to contain_class('nova::cache')
177 is_expected.to contain_class('nova::migration::libvirt').with(
178 :transport => 'ssh',
179 :configure_libvirt => params[:libvirt_enabled],
180 :configure_nova => params[:nova_compute_enabled]
181 )
182 }
183 end
184
185 context 'with step 4 with libvirt TLS and migration ssh key' do
186 let(:pre_condition) {
187 'include ::nova::compute::libvirt::services'
188 }
189 let(:params) { {
190 :step => 4,
191 :libvirt_enabled => true,
192 :manage_migration => true,
193 :nova_compute_enabled => true,
194 :bootstrap_node => 'node.example.com',
195 :rabbit_hosts => [ '127.0.0.1' ],
196 :libvirt_tls => true,
197 :migration_ssh_key => { 'private_key' => 'foo', 'public_key' => 'ssh-rsa bar'}
198 } }
199
200 it {
201 is_expected.to contain_class('tripleo::profile::base::nova')
202 is_expected.to contain_class('nova').with(
203 :rabbit_hosts => /.+/,
204 :notification_transport_url => /.+/,
205 :nova_public_key => {'key' => 'bar', 'type' => 'ssh-rsa'},
206 :nova_private_key => {'key' => 'foo', 'type' => 'ssh-rsa'}
207 )
208 is_expected.to contain_class('nova::config')
209 is_expected.to contain_class('nova::cache')
210 is_expected.to contain_class('nova::migration::libvirt').with(
211 :transport => 'tls',
212 :configure_libvirt => params[:libvirt_enabled],
213 :configure_nova => params[:nova_compute_enabled]
214 )
215 }
216 end
217
218 end
219
220
221 on_supported_os.each do |os, facts|
222 context "on #{os}" do
223 let(:facts) do
224 facts.merge({ :hostname => 'node.example.com' })
225 end
226
227 it_behaves_like 'tripleo::profile::base::nova'
228 end
229 end
230end
diff --git a/spec/fixtures/hieradata/default.yaml b/spec/fixtures/hieradata/default.yaml
index bce55fb..5349425 100644
--- a/spec/fixtures/hieradata/default.yaml
+++ b/spec/fixtures/hieradata/default.yaml
@@ -2,3 +2,8 @@ my_hash:
2 network: '127.0.0.1' 2 network: '127.0.0.1'
3not_hash: string 3not_hash: string
4horizon::secret_key: 'secrete' 4horizon::secret_key: 'secrete'
5# memcache related items
6memcached_node_ips_v6:
7 - '::1'
8memcached_node_ips:
9 - '127.0.0.1'
diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb
index b06b436..4fa8cc3 100644
--- a/spec/spec_helper.rb
+++ b/spec/spec_helper.rb
@@ -19,6 +19,8 @@ RSpec.configure do |c|
19 19
20 # custom global facts for all rspec tests 20 # custom global facts for all rspec tests
21 add_custom_fact :concat_basedir, '/var/lib/puppet/concat' 21 add_custom_fact :concat_basedir, '/var/lib/puppet/concat'
22 # needed for testing Puppet Openstack modules
23 add_custom_fact :os_service_default, '<SERVICE DEFAULT>'
22end 24end
23 25
24at_exit { RSpec::Puppet::Coverage.report! } 26at_exit { RSpec::Puppet::Coverage.report! }