Allow ctlplane subnets in undercloud chrony acl rules
At present chronyd runs as client and can't be used as NTP server
by the overcloud nodes. It would be good to allow the ctlplane
subnets for it to be used by the overcloud.
Change-Id: If5911de750a284ae513b343daa4886bb2f547b29
Closes-Bug: #1858096
(cherry picked from commit 9e5c1103ef
)
This commit is contained in:
parent
be999f122f
commit
13e24cdc42
|
@ -121,9 +121,9 @@ class TestProcessDriversAndHardwareTypes(base.TestCase):
|
|||
}, env)
|
||||
|
||||
|
||||
class TestNetworkSettings(base.TestCase):
|
||||
class TestBaseNetworkSettings(base.TestCase):
|
||||
def setUp(self):
|
||||
super(TestNetworkSettings, self).setUp()
|
||||
super(TestBaseNetworkSettings, self).setUp()
|
||||
self.conf = self.useFixture(oslo_fixture.Config(cfg.CONF))
|
||||
# don't actually load config from ~/undercloud.conf
|
||||
self.mock_config_load = self.useFixture(
|
||||
|
@ -160,6 +160,8 @@ class TestNetworkSettings(base.TestCase):
|
|||
dns_nameservers=[],
|
||||
group='ctlplane-subnet')
|
||||
|
||||
|
||||
class TestNetworkSettings(TestBaseNetworkSettings):
|
||||
def test_default(self):
|
||||
env = {}
|
||||
undercloud_config._process_network_args(env)
|
||||
|
@ -895,6 +897,16 @@ class TestNetworkSettings(base.TestCase):
|
|||
undercloud_config._generate_inspection_subnets)
|
||||
|
||||
|
||||
class TestChronySettings(TestBaseNetworkSettings):
|
||||
def test_default(self):
|
||||
env = {}
|
||||
undercloud_config._process_chrony_acls(env)
|
||||
expected = {
|
||||
'ChronyAclRules': ['allow 192.168.24.0/24'],
|
||||
}
|
||||
self.assertEqual(expected, env)
|
||||
|
||||
|
||||
class TestTLSSettings(base.TestCase):
|
||||
def test_public_host_with_ip_should_give_ip_endpoint_environment(self):
|
||||
expected_env_file = os.path.join(
|
||||
|
|
|
@ -401,6 +401,15 @@ def _process_network_args(env):
|
|||
raise exceptions.InvalidConfiguration(msg)
|
||||
|
||||
|
||||
def _process_chrony_acls(env):
|
||||
"""Populate ACL rules for chrony to allow ctlplane subnets"""
|
||||
acl_rules = []
|
||||
for subnet in CONF.subnets:
|
||||
s = CONF.get(subnet)
|
||||
acl_rules.append('allow ' + s.get('cidr'))
|
||||
env['ChronyAclRules'] = acl_rules
|
||||
|
||||
|
||||
def prepare_undercloud_deploy(upgrade=False, no_validations=True,
|
||||
verbose_level=1, yes=False,
|
||||
force_stack_update=False, dry_run=False,
|
||||
|
@ -448,6 +457,9 @@ def prepare_undercloud_deploy(upgrade=False, no_validations=True,
|
|||
# Set up parameters for undercloud networking
|
||||
_process_network_args(env_data)
|
||||
|
||||
# Setup parameter for Chrony ACL rules
|
||||
_process_chrony_acls(env_data)
|
||||
|
||||
# Parse the undercloud.conf options to include necessary args and
|
||||
# yaml files for undercloud deploy command
|
||||
|
||||
|
|
Loading…
Reference in New Issue