Don't assume nodepool.[private|public]_ipv4

Several places assume nodepool.[private|public]_ipv4 are set, which may not be true in ipv6 environments like limestone. Rework several of the setup and checks to not assume they are there. Depends-On: https://review.openstack.org/556784 Change-Id: I8cbe78bc127652229917d9e7f531a95f4b6fb0f7
2018-03-27 15:14:45 +11:00 · 2018-03-27 15:14:45 +11:00 · da1b0f9b67
commit da1b0f9b67
parent 7387784bc6
3 changed files with 31 additions and 4 deletions
--- a/tests/multi-node-firewall-persistence.yaml
+++ b/tests/multi-node-firewall-persistence.yaml
@ -41,11 +41,25 @@
      failed_when: false
      register: iptables_rules

-    - name: Validate ipv4 firewall configuration
+    - name: Validate ipv4 private firewall configuration
      assert:
        that:
          - "'-A INPUT -s {{ hostvars[item]['nodepool']['private_ipv4'] }}/32 -j ACCEPT' in iptables_rules.stdout"
+      with_items: "{{ groups['all'] }}"
+      when:
+        - hostvars[item]['nodepool']['private_ipv4']
+
+    - name: Validate ipv4 public firewall configuration
+      assert:
+        that:
          - "'-A INPUT -s {{ hostvars[item]['nodepool']['public_ipv4'] }}/32 -j ACCEPT' in iptables_rules.stdout"
+      with_items: "{{ groups['all'] }}"
+      when:
+        - hostvars[item]['nodepool']['public_ipv4']
+
+    - name: Validate ipv4 bridge firewall configuration
+      assert:
+        that:
          - "'-A INPUT -s {{ bridge_address_prefix }}.0/{{ bridge_address_subnet }} -d {{ bridge_address_prefix }}.0/{{ bridge_address_subnet }} -j ACCEPT' in iptables_rules.stdout"
      with_items: "{{ groups['all'] }}"

--- a/tests/multi-node-firewall.yaml
+++ b/tests/multi-node-firewall.yaml
@ -10,12 +10,21 @@
      failed_when: false
      register: iptables_rules

-    - name: Validate ipv4 firewall configuration
+    - name: Validate ipv4 private firewall configuration
      assert:
        that:
          - "'-A INPUT -s {{ hostvars[item]['nodepool']['private_ipv4'] }}/32 -j ACCEPT' in iptables_rules.stdout"
+      with_items: "{{ groups['all'] }}"
+      when:
+        - hostvars[item]['nodepool']['private_ipv4']
+
+    - name: Validate ipv4 public firewall configuration
+      assert:
+        that:
          - "'-A INPUT -s {{ hostvars[item]['nodepool']['public_ipv4'] }}/32 -j ACCEPT' in iptables_rules.stdout"
      with_items: "{{ groups['all'] }}"
+      when:
+        - hostvars[item]['nodepool']['public_ipv4']

    # ipv6_addresses is set by the multi-node-firewall role
    - when: ipv6_addresses | length > 0
--- a/tests/multi-node-known-hosts.yaml
+++ b/tests/multi-node-known-hosts.yaml
@ -12,8 +12,12 @@
        host_addresses: >
          {% set hosts = [] -%}
          {% for host, vars in hostvars.items() -%}
-          {% set _ = hosts.append(vars['nodepool']['private_ipv4']) -%}
-          {% set _ = hosts.append(vars['nodepool']['public_ipv4']) -%}
+          {% if vars['nodepool']['private_ipv4'] != '' -%}
+            {% set _ = hosts.append(vars['nodepool']['private_ipv4']) -%}
+          {% endif -%}
+          {% if vars['nodepool']['public_ipv4'] != '' -%}
+            {% set _ = hosts.append(vars['nodepool']['public_ipv4']) -%}
+          {% endif -%}
          {% if vars['nodepool']['public_ipv6'] != '' -%}
            {% set _ = hosts.append(vars['nodepool']['public_ipv6']) -%}
          {% endif -%}