From da1b0f9b673e2d99e3196f2b4240eb1dc760f1b0 Mon Sep 17 00:00:00 2001
From: Ian Wienand <iwienand@redhat.com>
Date: Tue, 27 Mar 2018 15:14:45 +1100
Subject: [PATCH] Don't assume nodepool.[private|public]_ipv4

Several places assume nodepool.[private|public]_ipv4 are set, which
may not be true in ipv6 environments like limestone.  Rework several
of the setup and checks to not assume they are there.

Depends-On: https://review.openstack.org/556784
Change-Id: I8cbe78bc127652229917d9e7f531a95f4b6fb0f7
---
 tests/multi-node-firewall-persistence.yaml | 16 +++++++++++++++-
 tests/multi-node-firewall.yaml             | 11 ++++++++++-
 tests/multi-node-known-hosts.yaml          |  8 ++++++--
 3 files changed, 31 insertions(+), 4 deletions(-)

diff --git a/tests/multi-node-firewall-persistence.yaml b/tests/multi-node-firewall-persistence.yaml
index cbbd4860..f3828666 100644
--- a/tests/multi-node-firewall-persistence.yaml
+++ b/tests/multi-node-firewall-persistence.yaml
@@ -41,11 +41,25 @@
       failed_when: false
       register: iptables_rules
 
-    - name: Validate ipv4 firewall configuration
+    - name: Validate ipv4 private firewall configuration
       assert:
         that:
           - "'-A INPUT -s {{ hostvars[item]['nodepool']['private_ipv4'] }}/32 -j ACCEPT' in iptables_rules.stdout"
+      with_items: "{{ groups['all'] }}"
+      when:
+        - hostvars[item]['nodepool']['private_ipv4']
+
+    - name: Validate ipv4 public firewall configuration
+      assert:
+        that:
           - "'-A INPUT -s {{ hostvars[item]['nodepool']['public_ipv4'] }}/32 -j ACCEPT' in iptables_rules.stdout"
+      with_items: "{{ groups['all'] }}"
+      when:
+        - hostvars[item]['nodepool']['public_ipv4']
+
+    - name: Validate ipv4 bridge firewall configuration
+      assert:
+        that:
           - "'-A INPUT -s {{ bridge_address_prefix }}.0/{{ bridge_address_subnet }} -d {{ bridge_address_prefix }}.0/{{ bridge_address_subnet }} -j ACCEPT' in iptables_rules.stdout"
       with_items: "{{ groups['all'] }}"
 
diff --git a/tests/multi-node-firewall.yaml b/tests/multi-node-firewall.yaml
index 6a19c060..fcb9c0d1 100644
--- a/tests/multi-node-firewall.yaml
+++ b/tests/multi-node-firewall.yaml
@@ -10,12 +10,21 @@
       failed_when: false
       register: iptables_rules
 
-    - name: Validate ipv4 firewall configuration
+    - name: Validate ipv4 private firewall configuration
       assert:
         that:
           - "'-A INPUT -s {{ hostvars[item]['nodepool']['private_ipv4'] }}/32 -j ACCEPT' in iptables_rules.stdout"
+      with_items: "{{ groups['all'] }}"
+      when:
+        - hostvars[item]['nodepool']['private_ipv4']
+
+    - name: Validate ipv4 public firewall configuration
+      assert:
+        that:
           - "'-A INPUT -s {{ hostvars[item]['nodepool']['public_ipv4'] }}/32 -j ACCEPT' in iptables_rules.stdout"
       with_items: "{{ groups['all'] }}"
+      when:
+        - hostvars[item]['nodepool']['public_ipv4']
 
     # ipv6_addresses is set by the multi-node-firewall role
     - when: ipv6_addresses | length > 0
diff --git a/tests/multi-node-known-hosts.yaml b/tests/multi-node-known-hosts.yaml
index f965329b..17cde4f8 100644
--- a/tests/multi-node-known-hosts.yaml
+++ b/tests/multi-node-known-hosts.yaml
@@ -12,8 +12,12 @@
         host_addresses: >
           {% set hosts = [] -%}
           {% for host, vars in hostvars.items() -%}
-          {% set _ = hosts.append(vars['nodepool']['private_ipv4']) -%}
-          {% set _ = hosts.append(vars['nodepool']['public_ipv4']) -%}
+          {% if vars['nodepool']['private_ipv4'] != '' -%}
+            {% set _ = hosts.append(vars['nodepool']['private_ipv4']) -%}
+          {% endif -%}
+          {% if vars['nodepool']['public_ipv4'] != '' -%}
+            {% set _ = hosts.append(vars['nodepool']['public_ipv4']) -%}
+          {% endif -%}
           {% if vars['nodepool']['public_ipv6'] != '' -%}
             {% set _ = hosts.append(vars['nodepool']['public_ipv6']) -%}
           {% endif -%}