stackforge/puppet-openstack-cloud
Code Issues Proposed changes

Merge pull request #657 from enovance/keepalived-auth

Browse Source 
Add support for keepalived authentication
This commit is contained in:
Emilien Macchi 2014-10-07 16:19:26 -04:00
commit 0a6a6f76bf
2 changed files with 53 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
manifests/loadbalancer.pp
View File

@ -52,6 +52,16 @@
# Should be an array. # Should be an array.
# Defaults to false (disabled) # Defaults to false (disabled)
# #
# [*keepalived_auth_type*]
# (optional) Authentication method.
# Supported methods are simple Passwd (PASS) or IPSEC AH (AH).
# Defaults to undef
#
# [*keepalived_auth_pass*]
# (optional) Authentication password.
# Password string (up to 8 characters).
# Defaults to undef
#
# [*swift_api*] # [*swift_api*]
# (optional) Enable or not Swift public binding. # (optional) Enable or not Swift public binding.
# If true, both public and internal will attempt to be created except if vip_internal_ip is set to false (backward compatibility). # If true, both public and internal will attempt to be created except if vip_internal_ip is set to false (backward compatibility).
@ -193,6 +203,8 @@ class cloud::loadbalancer(
$keepalived_public_ipvs = ['127.0.0.1'], $keepalived_public_ipvs = ['127.0.0.1'],
$keepalived_internal_interface = 'eth1', $keepalived_internal_interface = 'eth1',
$keepalived_internal_ipvs = [], $keepalived_internal_ipvs = [],
$keepalived_auth_type = undef,
$keepalived_auth_pass = undef,
$ceilometer_bind_options = [], $ceilometer_bind_options = [],
$cinder_bind_options = [], $cinder_bind_options = [],
$ec2_bind_options = [], $ec2_bind_options = [],
@ -286,6 +298,8 @@ class cloud::loadbalancer(
state => $keepalived_state, state => $keepalived_state,
track_script => ['haproxy'], track_script => ['haproxy'],
priority => $keepalived_priority, priority => $keepalived_priority,
auth_type => $keepalived_auth_type,
auth_pass => $keepalived_auth_pass,
notify_master => '"/etc/init.d/haproxy start"', notify_master => '"/etc/init.d/haproxy start"',
notify_backup => '"/etc/init.d/haproxy stop"', notify_backup => '"/etc/init.d/haproxy stop"',
} }
@ -302,6 +316,8 @@ class cloud::loadbalancer(
state => $keepalived_state, state => $keepalived_state,
track_script => ['haproxy'], track_script => ['haproxy'],
priority => $keepalived_priority, priority => $keepalived_priority,
auth_type => $keepalived_auth_type,
auth_pass => $keepalived_auth_pass,
notify_master => '"/etc/init.d/haproxy start"', notify_master => '"/etc/init.d/haproxy start"',
notify_backup => '"/etc/init.d/haproxy stop"', notify_backup => '"/etc/init.d/haproxy stop"',
} }

64
spec/classes/cloud_loadbalancer_spec.rb
View File

@ -62,6 +62,8 @@ describe 'cloud::loadbalancer' do
:keepalived_vrrp_interface => false, :keepalived_vrrp_interface => false,
:keepalived_public_interface => 'eth0', :keepalived_public_interface => 'eth0',
:keepalived_public_ipvs => ['10.0.0.1', '10.0.0.2'], :keepalived_public_ipvs => ['10.0.0.1', '10.0.0.2'],
:keepalived_auth_type => 'PASS',
:keepalived_auth_pass => 'secret',
:horizon_port => '80', :horizon_port => '80',
:spice_port => '6082', :spice_port => '6082',
:vip_public_ip => '10.0.0.1', :vip_public_ip => '10.0.0.1',
@ -106,13 +108,15 @@ describe 'cloud::loadbalancer' do
end end
it 'configure an internal VRRP instance' do it 'configure an internal VRRP instance' do
is_expected.to contain_keepalived__instance('2').with({ is_expected.to contain_keepalived__instance('2').with({
'interface' => 'eth1', 'interface' => 'eth1',
'virtual_ips' => ['192.168.0.1 dev eth1'], 'virtual_ips' => ['192.168.0.1 dev eth1'],
'track_script' => ['haproxy'], 'track_script' => ['haproxy'],
'state' => 'BACKUP', 'state' => 'BACKUP',
'priority' => params[:keepalived_priority], 'priority' => params[:keepalived_priority],
'notify_master' => '"/etc/init.d/haproxy start"', 'auth_type' => 'PASS',
'notify_backup' => '"/etc/init.d/haproxy stop"', 'auth_pass' => 'secret',
'notify_master' => '"/etc/init.d/haproxy start"',
'notify_backup' => '"/etc/init.d/haproxy stop"',
}) })
end end
end end
@ -128,13 +132,15 @@ describe 'cloud::loadbalancer' do
end end
it 'configure a public VRRP instance with deprecated parameters' do it 'configure a public VRRP instance with deprecated parameters' do
is_expected.to contain_keepalived__instance('1').with({ is_expected.to contain_keepalived__instance('1').with({
'interface' => 'eth3', 'interface' => 'eth3',
'virtual_ips' => ['192.168.0.2 dev eth3'], 'virtual_ips' => ['192.168.0.2 dev eth3'],
'track_script' => ['haproxy'], 'track_script' => ['haproxy'],
'state' => 'BACKUP', 'state' => 'BACKUP',
'priority' => params[:keepalived_priority], 'priority' => params[:keepalived_priority],
'notify_master' => '"/etc/init.d/haproxy start"', 'auth_type' => 'PASS',
'notify_backup' => '"/etc/init.d/haproxy stop"', 'auth_pass' => 'secret',
'notify_master' => '"/etc/init.d/haproxy start"',
'notify_backup' => '"/etc/init.d/haproxy stop"',
}) })
end end
end end
@ -153,13 +159,15 @@ describe 'cloud::loadbalancer' do
context 'when keepalived and HAproxy are in backup' do context 'when keepalived and HAproxy are in backup' do
it 'configure vrrp_instance with BACKUP state' do it 'configure vrrp_instance with BACKUP state' do
is_expected.to contain_keepalived__instance('1').with({ is_expected.to contain_keepalived__instance('1').with({
'interface' => params[:keepalived_public_interface], 'interface' => params[:keepalived_public_interface],
'virtual_ips' => ['10.0.0.1 dev eth0', '10.0.0.2 dev eth0'], 'virtual_ips' => ['10.0.0.1 dev eth0', '10.0.0.2 dev eth0'],
'track_script' => ['haproxy'], 'track_script' => ['haproxy'],
'state' => params[:keepalived_state], 'state' => params[:keepalived_state],
'priority' => params[:keepalived_priority], 'priority' => params[:keepalived_priority],
'notify_master' => '"/etc/init.d/haproxy start"', 'auth_type' => 'PASS',
'notify_backup' => '"/etc/init.d/haproxy stop"', 'auth_pass' => 'secret',
'notify_master' => '"/etc/init.d/haproxy start"',
'notify_backup' => '"/etc/init.d/haproxy stop"',
}) })
end # configure vrrp_instance with BACKUP state end # configure vrrp_instance with BACKUP state
it 'configure haproxy server without service managed' do it 'configure haproxy server without service managed' do
@ -173,12 +181,14 @@ describe 'cloud::loadbalancer' do
end end
it 'configure vrrp_instance with MASTER state' do it 'configure vrrp_instance with MASTER state' do
is_expected.to contain_keepalived__instance('1').with({ is_expected.to contain_keepalived__instance('1').with({
'interface' => params[:keepalived_public_interface], 'interface' => params[:keepalived_public_interface],
'track_script' => ['haproxy'], 'track_script' => ['haproxy'],
'state' => 'MASTER', 'state' => 'MASTER',
'priority' => params[:keepalived_priority], 'priority' => params[:keepalived_priority],
'notify_master' => '"/etc/init.d/haproxy start"', 'auth_type' => 'PASS',
'notify_backup' => '"/etc/init.d/haproxy stop"', 'auth_pass' => 'secret',
'notify_master' => '"/etc/init.d/haproxy start"',
'notify_backup' => '"/etc/init.d/haproxy stop"',
}) })
end end
it 'configure haproxy server with service managed' do it 'configure haproxy server with service managed' do