Allow ctlplane subnets in undercloud chrony acl rules

At present chronyd runs as client and can't be used as NTP server by the overcloud nodes. It would be good to allow the ctlplane subnets for it to be used by the overcloud. Change-Id: If5911de750a284ae513b343daa4886bb2f547b29 Closes-Bug: #1858096 (cherry picked from commit 9e5c1103ef)
2020-01-02 15:58:21 +05:30 · 2020-01-02 15:58:21 +05:30 · 13e24cdc42
parent be999f122f
commit 13e24cdc42
2 changed files with 26 additions and 2 deletions
--- a/tripleoclient/tests/v1/undercloud/test_config.py
+++ b/tripleoclient/tests/v1/undercloud/test_config.py
@ -121,9 +121,9 @@ class TestProcessDriversAndHardwareTypes(base.TestCase):
        }, env)


-class TestNetworkSettings(base.TestCase):
+class TestBaseNetworkSettings(base.TestCase):
    def setUp(self):
-        super(TestNetworkSettings, self).setUp()
+        super(TestBaseNetworkSettings, self).setUp()
        self.conf = self.useFixture(oslo_fixture.Config(cfg.CONF))
        # don't actually load config from ~/undercloud.conf
        self.mock_config_load = self.useFixture(
@ -160,6 +160,8 @@ class TestNetworkSettings(base.TestCase):
                         dns_nameservers=[],
                         group='ctlplane-subnet')

+
+class TestNetworkSettings(TestBaseNetworkSettings):
    def test_default(self):
        env = {}
        undercloud_config._process_network_args(env)
@ -895,6 +897,16 @@ class TestNetworkSettings(base.TestCase):
                          undercloud_config._generate_inspection_subnets)


+class TestChronySettings(TestBaseNetworkSettings):
+    def test_default(self):
+        env = {}
+        undercloud_config._process_chrony_acls(env)
+        expected = {
+            'ChronyAclRules': ['allow 192.168.24.0/24'],
+        }
+        self.assertEqual(expected, env)
+
+
 class TestTLSSettings(base.TestCase):
    def test_public_host_with_ip_should_give_ip_endpoint_environment(self):
        expected_env_file = os.path.join(
--- a/tripleoclient/v1/undercloud_config.py
+++ b/tripleoclient/v1/undercloud_config.py
@ -401,6 +401,15 @@ def _process_network_args(env):
            raise exceptions.InvalidConfiguration(msg)


+def _process_chrony_acls(env):
+    """Populate ACL rules for chrony to allow ctlplane subnets"""
+    acl_rules = []
+    for subnet in CONF.subnets:
+        s = CONF.get(subnet)
+        acl_rules.append('allow ' + s.get('cidr'))
+    env['ChronyAclRules'] = acl_rules
+
+
 def prepare_undercloud_deploy(upgrade=False, no_validations=True,
                              verbose_level=1, yes=False,
                              force_stack_update=False, dry_run=False,
@ -448,6 +457,9 @@ def prepare_undercloud_deploy(upgrade=False, no_validations=True,
    # Set up parameters for undercloud networking
    _process_network_args(env_data)

+    # Setup parameter for Chrony ACL rules
+    _process_chrony_acls(env_data)
+
    # Parse the undercloud.conf options to include necessary args and
    # yaml files for undercloud deploy command