diff --git a/manifests/loadbalancer.pp b/manifests/loadbalancer.pp index f1f4592e..09b4954e 100644 --- a/manifests/loadbalancer.pp +++ b/manifests/loadbalancer.pp @@ -52,6 +52,16 @@ # Should be an array. # Defaults to false (disabled) # +# [*keepalived_auth_type*] +# (optional) Authentication method. +# Supported methods are simple Passwd (PASS) or IPSEC AH (AH). +# Defaults to undef +# +# [*keepalived_auth_pass*] +# (optional) Authentication password. +# Password string (up to 8 characters). +# Defaults to undef +# # [*swift_api*] # (optional) Enable or not Swift public binding. # If true, both public and internal will attempt to be created except if vip_internal_ip is set to false (backward compatibility). @@ -193,6 +203,8 @@ class cloud::loadbalancer( $keepalived_public_ipvs = ['127.0.0.1'], $keepalived_internal_interface = 'eth1', $keepalived_internal_ipvs = [], + $keepalived_auth_type = undef, + $keepalived_auth_pass = undef, $ceilometer_bind_options = [], $cinder_bind_options = [], $ec2_bind_options = [], @@ -286,6 +298,8 @@ class cloud::loadbalancer( state => $keepalived_state, track_script => ['haproxy'], priority => $keepalived_priority, + auth_type => $keepalived_auth_type, + auth_pass => $keepalived_auth_pass, notify_master => '"/etc/init.d/haproxy start"', notify_backup => '"/etc/init.d/haproxy stop"', } @@ -302,6 +316,8 @@ class cloud::loadbalancer( state => $keepalived_state, track_script => ['haproxy'], priority => $keepalived_priority, + auth_type => $keepalived_auth_type, + auth_pass => $keepalived_auth_pass, notify_master => '"/etc/init.d/haproxy start"', notify_backup => '"/etc/init.d/haproxy stop"', } diff --git a/spec/classes/cloud_loadbalancer_spec.rb b/spec/classes/cloud_loadbalancer_spec.rb index 4d4ad4d6..695de2f5 100644 --- a/spec/classes/cloud_loadbalancer_spec.rb +++ b/spec/classes/cloud_loadbalancer_spec.rb @@ -62,6 +62,8 @@ describe 'cloud::loadbalancer' do :keepalived_vrrp_interface => false, :keepalived_public_interface => 'eth0', :keepalived_public_ipvs => ['10.0.0.1', '10.0.0.2'], + :keepalived_auth_type => 'PASS', + :keepalived_auth_pass => 'secret', :horizon_port => '80', :spice_port => '6082', :vip_public_ip => '10.0.0.1', @@ -106,13 +108,15 @@ describe 'cloud::loadbalancer' do end it 'configure an internal VRRP instance' do is_expected.to contain_keepalived__instance('2').with({ - 'interface' => 'eth1', - 'virtual_ips' => ['192.168.0.1 dev eth1'], - 'track_script' => ['haproxy'], - 'state' => 'BACKUP', - 'priority' => params[:keepalived_priority], - 'notify_master' => '"/etc/init.d/haproxy start"', - 'notify_backup' => '"/etc/init.d/haproxy stop"', + 'interface' => 'eth1', + 'virtual_ips' => ['192.168.0.1 dev eth1'], + 'track_script' => ['haproxy'], + 'state' => 'BACKUP', + 'priority' => params[:keepalived_priority], + 'auth_type' => 'PASS', + 'auth_pass' => 'secret', + 'notify_master' => '"/etc/init.d/haproxy start"', + 'notify_backup' => '"/etc/init.d/haproxy stop"', }) end end @@ -128,13 +132,15 @@ describe 'cloud::loadbalancer' do end it 'configure a public VRRP instance with deprecated parameters' do is_expected.to contain_keepalived__instance('1').with({ - 'interface' => 'eth3', - 'virtual_ips' => ['192.168.0.2 dev eth3'], - 'track_script' => ['haproxy'], - 'state' => 'BACKUP', - 'priority' => params[:keepalived_priority], - 'notify_master' => '"/etc/init.d/haproxy start"', - 'notify_backup' => '"/etc/init.d/haproxy stop"', + 'interface' => 'eth3', + 'virtual_ips' => ['192.168.0.2 dev eth3'], + 'track_script' => ['haproxy'], + 'state' => 'BACKUP', + 'priority' => params[:keepalived_priority], + 'auth_type' => 'PASS', + 'auth_pass' => 'secret', + 'notify_master' => '"/etc/init.d/haproxy start"', + 'notify_backup' => '"/etc/init.d/haproxy stop"', }) end end @@ -153,13 +159,15 @@ describe 'cloud::loadbalancer' do context 'when keepalived and HAproxy are in backup' do it 'configure vrrp_instance with BACKUP state' do is_expected.to contain_keepalived__instance('1').with({ - 'interface' => params[:keepalived_public_interface], - 'virtual_ips' => ['10.0.0.1 dev eth0', '10.0.0.2 dev eth0'], - 'track_script' => ['haproxy'], - 'state' => params[:keepalived_state], - 'priority' => params[:keepalived_priority], - 'notify_master' => '"/etc/init.d/haproxy start"', - 'notify_backup' => '"/etc/init.d/haproxy stop"', + 'interface' => params[:keepalived_public_interface], + 'virtual_ips' => ['10.0.0.1 dev eth0', '10.0.0.2 dev eth0'], + 'track_script' => ['haproxy'], + 'state' => params[:keepalived_state], + 'priority' => params[:keepalived_priority], + 'auth_type' => 'PASS', + 'auth_pass' => 'secret', + 'notify_master' => '"/etc/init.d/haproxy start"', + 'notify_backup' => '"/etc/init.d/haproxy stop"', }) end # configure vrrp_instance with BACKUP state it 'configure haproxy server without service managed' do @@ -173,12 +181,14 @@ describe 'cloud::loadbalancer' do end it 'configure vrrp_instance with MASTER state' do is_expected.to contain_keepalived__instance('1').with({ - 'interface' => params[:keepalived_public_interface], - 'track_script' => ['haproxy'], - 'state' => 'MASTER', - 'priority' => params[:keepalived_priority], - 'notify_master' => '"/etc/init.d/haproxy start"', - 'notify_backup' => '"/etc/init.d/haproxy stop"', + 'interface' => params[:keepalived_public_interface], + 'track_script' => ['haproxy'], + 'state' => 'MASTER', + 'priority' => params[:keepalived_priority], + 'auth_type' => 'PASS', + 'auth_pass' => 'secret', + 'notify_master' => '"/etc/init.d/haproxy start"', + 'notify_backup' => '"/etc/init.d/haproxy stop"', }) end it 'configure haproxy server with service managed' do