From Carbon and beyond, only supported sg mode is stateful.
Hence all of the related configs can be removed.
Change-Id: Id11ce69233c1a0d6982f53cf6a1c0f47bda2e679
Signed-Off-By: Janki Chhatbar <jchhatba@redhat.com>
- Add log size/rotate config params
2017-08-14 Release 4.2.0
- Add param to config SNAT mechanism
+2017-10-11 Release 5.0.0
+- Only support stateful security mode. Remove all related configs
\ No newline at end of file
This parameter is now deprecated and is no longer used.
-##### `security_group_mode`
-
-Specifies the mode to use for security groups.
-
-Default: `stateful`
-
-Valid options: `transparent`, `learn`, `stateless`
-
##### `snat_mechanism`
Specifies the mechanism to be used for SNAT.
}
if ('odl-netvirt-openstack' in $opendaylight::features or 'odl-netvirt-sfc' in $opendaylight::features) {
- # Configure ACL security group
- # Requires at least CentOS 7.3 for RHEL/CentOS systems
- if $opendaylight::security_group_mode == 'stateful' {
- if defined('$opendaylight::stateful_unsupported') and $opendaylight::stateful_unsupported {
- warning("Stateful is unsupported in ${::operatingsystemrelease} setting to 'learn'")
- $sg_mode = 'learn'
- } else {
- $sg_mode = 'stateful'
- }
- } else {
- $sg_mode = $opendaylight::security_group_mode
- }
-
+ # Configure SNAT
$odl_datastore = [
'/opt/opendaylight/etc/opendaylight',
'/opt/opendaylight/etc/opendaylight/datastore',
owner => 'odl',
group => 'odl',
}
- -> file { 'netvirt-aclservice-config.xml':
- ensure => file,
- path => '/opt/opendaylight/etc/opendaylight/datastore/initial/config/netvirt-aclservice-config.xml',
- owner => 'odl',
- group => 'odl',
- content => template('opendaylight/netvirt-aclservice-config.xml.erb'),
- }
-
- # Configure SNAT
- file { 'netvirt-natservice-config.xml':
+ -> file { 'netvirt-natservice-config.xml':
ensure => file,
path => '/opt/opendaylight/etc/opendaylight/datastore/initial/config/netvirt-natservice-config.xml',
owner => 'odl',
# [*ha_db_modules*]
# Hash of modules and Yang namespaces to create database shards. Defaults to
# { 'default' => false }. "default" module does not need a namespace.
-# [*security_group_mode*]
-# Sets the mode to use for security groups (stateful, learn, stateless, transparent)
# [*vpp_routing_node*]
# Sets routing node for VPP deployments. Defaults to ''.
# [*java_opts*]
$ha_node_ips = $::opendaylight::params::ha_node_ips,
$ha_node_index = $::opendaylight::params::ha_node_index,
$ha_db_modules = $::opendaylight::params::ha_db_modules,
- $security_group_mode = $::opendaylight::params::security_group_mode,
$vpp_routing_node = $::opendaylight::params::vpp_routing_node,
$java_opts = $::opendaylight::params::java_opts,
$manage_repositories = $::opendaylight::params::manage_repositories,
if $::operatingsystemmajrelease != '7' {
# RHEL/CentOS versions < 7 not supported as they lack systemd
fail("Unsupported OS: ${::operatingsystem} ${::operatingsystemmajrelease}")
- } elsif defined('$::operatingsystemrelease') {
- if (versioncmp($::operatingsystemrelease, '7.3') < 0) {
- # Versions < 7.3 do not support stateful security groups
- $stateful_unsupported = true
- }
- }
+ }
}
fedora: {
# Fedora distros < 24 are EOL as of 2016-12-20
$ha_node_ips = []
$ha_node_index = 0
$ha_db_modules = { 'default' => false }
- $security_group_mode = 'stateful'
$vpp_routing_node = ''
$java_opts = '-Djava.net.preferIPv4Stack=true'
$manage_repositories = true
{
"name": "opendaylight-opendaylight",
- "version": "4.2.0",
+ "version": "5.0.0",
"author": "Daniel Farrell",
"summary": "Puppet module that installs and configures the OpenDaylight SDN controller",
"license": "BSD-2-Clause",
deb_install_tests(deb_repo: deb_repo)
end
end
-
- end
-
- # Security Group Tests
- describe 'security group tests' do
- # Non-OS-type tests assume CentOS 7
- # See issue #43 for reasoning:
- # https://github.com/dfarrell07/puppet-opendaylight/issues/43#issue-57343159
- osfamily = 'RedHat'
- operatingsystem = 'CentOS'
- operatingsystemmajrelease = '7'
- context 'using supported stateful' do
- let(:facts) {{
- :osfamily => osfamily,
- :operatingsystem => operatingsystem,
- :operatingsystemmajrelease => operatingsystemmajrelease,
- :operatingsystemrelease => '7.3',
- }}
-
- let(:params) {{
- :security_group_mode => 'stateful',
- :extra_features => ['odl-netvirt-openstack'],
- }}
-
- # Run shared tests applicable to all supported OSs
- # Note that this function is defined in spec_helper
- generic_tests
-
- # Run test that specialize in checking security groups
- # Note that this function is defined in spec_helper
- enable_sg_tests('stateful', '7.3')
- end
-
- context 'using unsupported stateful' do
- let(:facts) {{
- :osfamily => osfamily,
- :operatingsystem => operatingsystem,
- :operatingsystemmajrelease => operatingsystemmajrelease,
- :operatingsystemrelease => '7.2.1511',
- }}
-
- let(:params) {{
- :security_group_mode => 'stateful',
- :extra_features => ['odl-netvirt-openstack'],
- }}
-
- # Run shared tests applicable to all supported OSs
- # Note that this function is defined in spec_helper
- generic_tests
-
- # Run test that specialize in checking security groups
- # Note that this function is defined in spec_helper
- enable_sg_tests('stateful', '7.2.1511')
- end
-
- context 'using transparent with unsupported stateful' do
- let(:facts) {{
- :osfamily => osfamily,
- :operatingsystem => operatingsystem,
- :operatingsystemmajrelease => operatingsystemmajrelease,
- :operatingsystemrelease => '7.2.1511',
- }}
-
- let(:params) {{
- :security_group_mode => 'transparent',
- :extra_features => ['odl-netvirt-openstack'],
- }}
-
- # Run shared tests applicable to all supported OSs
- # Note that this function is defined in spec_helper
- generic_tests
-
- # Run test that specialize in checking security groups
- # Note that this function is defined in spec_helper
- enable_sg_tests('transparent', '7.2.1511')
- end
end
# SNAT Mechanism tests
it { expect { should contain_file('org.apache.karaf.features.cfg') }.to raise_error(Puppet::Error, /#{expected_msg}/) }
end
-# Shared tests that specialize in testing security group mode
-def enable_sg_tests(sg_mode='stateful', os_release)
- # Extract params
- # NB: This default value should be the same as one in opendaylight::params
- # TODO: Remove this possible source of bugs^^
-
- it { should contain_file('/opt/opendaylight/etc/opendaylight') }
- it { should contain_file('/opt/opendaylight/etc/opendaylight/datastore')}
- it { should contain_file('/opt/opendaylight/etc/opendaylight/datastore/initial')}
- it { should contain_file('/opt/opendaylight/etc/opendaylight/datastore/initial/config')}
-
- if os_release != '7.3' and sg_mode == 'stateful'
- # Confirm sg_mode becomes learn
- it {
- should contain_file('netvirt-aclservice-config.xml').with(
- 'ensure' => 'file',
- 'path' => '/opt/opendaylight/etc/opendaylight/datastore/initial/config/netvirt-aclservice-config.xml',
- 'owner' => 'odl',
- 'group' => 'odl',
- 'content' => /learn/
- )
- }
- else
- # Confirm other sg_mode is passed correctly
- it {
- should contain_file('netvirt-aclservice-config.xml').with(
- 'ensure' => 'file',
- 'path' => '/opt/opendaylight/etc/opendaylight/datastore/initial/config/netvirt-aclservice-config.xml',
- 'owner' => 'odl',
- 'group' => 'odl',
- 'content' => /#{sg_mode}/
- )
- }
- end
-end
-
# Shared tests that specialize in testing SNAT mechanism
def snat_mechanism_tests(snat_mechanism='controller')
it { should contain_file('/opt/opendaylight/etc/opendaylight') }
+++ /dev/null
-<aclservice-config xmlns="urn:opendaylight:netvirt:aclservice-config">
- <security-group-mode><%= scope.lookupvar('opendaylight::config::sg_mode') %></security-group-mode>
-</aclservice-config>