Allow rootwrap configuration via attributes
Change-Id: I48174db291512cded9b371eaf5699e97af6a0ca0 Partial-Bug: #1347861
This commit is contained in:
parent
6eebbbabff
commit
3442ec6376
|
@ -8,6 +8,7 @@ This file is used to list changes made in each version of cookbook-openstack-net
|
|||
* Allow dhcp_delete_namespaces and router_dhcp_namespaces to be overridden.
|
||||
* Add support for openvswitch agent MTU size of veth interfaces
|
||||
* fix fauxhai version for suse and redhat
|
||||
* Allow rootwrap.conf attributes
|
||||
|
||||
## 9.1.0
|
||||
* python_packages database client attributes have been migrated to
|
||||
|
|
|
@ -178,6 +178,12 @@ default['openstack']['network']['allow_overlapping_ips'] = 'False'
|
|||
|
||||
# use neutron root wrap
|
||||
default['openstack']['network']['use_rootwrap'] = true
|
||||
# rootwrap.conf
|
||||
default['openstack']['network']['rootwrap']['filters_path'] = '/etc/neutron/rootwrap.d,/usr/share/neutron/rootwrap'
|
||||
default['openstack']['network']['rootwrap']['exec_dirs'] = '/sbin,/usr/sbin,/bin,/usr/bin'
|
||||
default['openstack']['network']['rootwrap']['use_syslog'] = false
|
||||
default['openstack']['network']['rootwrap']['syslog_log_facility'] = 'syslog'
|
||||
default['openstack']['network']['rootwrap']['syslog_log_level'] = 'ERROR'
|
||||
|
||||
# DHCP lease duration
|
||||
default['openstack']['network']['dhcp_lease_duration'] = 86400
|
||||
|
|
|
@ -660,5 +660,37 @@ describe 'openstack-network::server' do
|
|||
end
|
||||
end
|
||||
end
|
||||
|
||||
describe 'rootwrap.conf' do
|
||||
let(:file) { chef_run.template('/etc/neutron/rootwrap.conf') }
|
||||
|
||||
it 'creates the /etc/neutron/rootwrap.conf file' do
|
||||
expect(chef_run).to create_template(file.name).with(
|
||||
user: 'neutron',
|
||||
group: 'neutron',
|
||||
mode: 0644
|
||||
)
|
||||
end
|
||||
|
||||
context 'template contents' do
|
||||
it 'shows the custom banner' do
|
||||
node.set['openstack']['network']['custom_template_banner'] = 'banner'
|
||||
|
||||
expect(chef_run).to render_file(file.name).with_content(/^banner$/)
|
||||
end
|
||||
|
||||
it 'sets the default attributes' do
|
||||
[
|
||||
%r(^filters_path=/etc/neutron/rootwrap.d,/usr/share/neutron/rootwrap$),
|
||||
%r(^exec_dirs=/sbin,/usr/sbin,/bin,/usr/bin$),
|
||||
/^use_syslog=false$/,
|
||||
/^syslog_log_facility=syslog$/,
|
||||
/^syslog_log_level=ERROR$/
|
||||
].each do |line|
|
||||
expect(chef_run).to render_file(file.name).with_content(line)
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -50,38 +50,38 @@ MOCK_NODE_NETWORK_DATA =
|
|||
|
||||
shared_context 'neutron-stubs' do
|
||||
before do
|
||||
Chef::Recipe.any_instance.stub(:rabbit_servers)
|
||||
allow_any_instance_of(Chef::Recipe).to receive(:rabbit_servers)
|
||||
.and_return('1.1.1.1:5672,2.2.2.2:5672')
|
||||
Chef::Recipe.any_instance.stub(:config_by_role)
|
||||
allow_any_instance_of(Chef::Recipe).to receive(:config_by_role)
|
||||
.with('rabbitmq-server', 'queue').and_return(
|
||||
host: 'rabbit-host',
|
||||
port: 'rabbit-port'
|
||||
)
|
||||
Chef::Recipe.any_instance.stub(:config_by_role)
|
||||
allow_any_instance_of(Chef::Recipe).to receive(:config_by_role)
|
||||
.with('glance-api', 'glance').and_return []
|
||||
Chef::Recipe.any_instance.stub(:secret)
|
||||
allow_any_instance_of(Chef::Recipe).to receive(:secret)
|
||||
.with('secrets', 'openstack_identity_bootstrap_token')
|
||||
.and_return('bootstrap-token')
|
||||
Chef::Recipe.any_instance.stub(:secret)
|
||||
allow_any_instance_of(Chef::Recipe).to receive(:secret)
|
||||
.with('secrets', 'neutron_metadata_secret')
|
||||
.and_return('metadata-secret')
|
||||
Chef::Recipe.any_instance.stub(:get_password)
|
||||
allow_any_instance_of(Chef::Recipe).to receive(:get_password)
|
||||
.with('db', anything)
|
||||
.and_return('neutron')
|
||||
Chef::Recipe.any_instance.stub(:get_password)
|
||||
allow_any_instance_of(Chef::Recipe).to receive(:get_password)
|
||||
.with('service', 'openstack-network')
|
||||
.and_return('neutron-pass')
|
||||
Chef::Recipe.any_instance.stub(:get_password)
|
||||
allow_any_instance_of(Chef::Recipe).to receive(:get_password)
|
||||
.with('user', 'guest')
|
||||
.and_return('mq-pass')
|
||||
Chef::Application.stub(:fatal!)
|
||||
Chef::Recipe.any_instance.stub(:get_password)
|
||||
allow(Chef::Application).to receive(:fatal!)
|
||||
allow_any_instance_of(Chef::Recipe).to receive(:get_password)
|
||||
.with('service', 'openstack-compute')
|
||||
.and_return('nova-pass')
|
||||
Chef::Resource::RubyBlock.any_instance.stub(:openstack_command_env)
|
||||
allow_any_instance_of(Chef::Resource::RubyBlock).to receive(:openstack_command_env)
|
||||
.with('admin', 'admin')
|
||||
.and_return({})
|
||||
Chef::Resource::RubyBlock.any_instance.stub(:identity_uuid)
|
||||
allow_any_instance_of(Chef::Resource::RubyBlock).to receive(:identity_uuid)
|
||||
.with('tenant', 'name', 'service', {})
|
||||
.and_return('000-UUID-FROM-CLI')
|
||||
|
||||
|
|
|
@ -1,6 +1,36 @@
|
|||
<%= node["openstack"]["network"]["custom_template_banner"] %>
|
||||
|
||||
# Configuration for neutron-rootwrap
|
||||
# This file should be owned by (and only-writeable by) the root user
|
||||
|
||||
[DEFAULT]
|
||||
# List of directories to load filter definitions from (separated by ',').
|
||||
# These directories MUST all be only writeable by root !
|
||||
filters_path=/etc/neutron/rootwrap.d,/usr/share/neutron/rootwrap
|
||||
filters_path=<%= node['openstack']['network']['rootwrap']['filters_path'] %>
|
||||
|
||||
# List of directories to search executables in, in case filters do not
|
||||
# explicitely specify a full path (separated by ',')
|
||||
# If not specified, defaults to system PATH environment variable.
|
||||
# These directories MUST all be only writeable by root !
|
||||
exec_dirs=<%= node['openstack']['network']['rootwrap']['exec_dirs'] %>
|
||||
|
||||
# Enable logging to syslog
|
||||
# Default value is False
|
||||
use_syslog=<%= node['openstack']['network']['rootwrap']['use_syslog'] %>
|
||||
|
||||
# Which syslog facility to use.
|
||||
# Valid values include auth, authpriv, syslog, local0, local1...
|
||||
# Default value is 'syslog'
|
||||
syslog_log_facility=<%= node['openstack']['network']['rootwrap']['syslog_log_facility'] %>
|
||||
|
||||
# Which messages to log.
|
||||
# INFO means log all usage
|
||||
# ERROR means only log unsuccessful attempts
|
||||
syslog_log_level=<%= node['openstack']['network']['rootwrap']['syslog_log_level'] %>
|
||||
|
||||
[xenapi]
|
||||
# XenAPI configuration is only required by the L2 agent if it is to
|
||||
# target a XenServer/XCP compute host's dom0.
|
||||
xenapi_connection_url=<None>
|
||||
xenapi_connection_username=root
|
||||
xenapi_connection_password=<None>
|
||||
|
|
Loading…
Reference in New Issue