no-op-firewall-nova-driver

Role Documentation

Welcome to the “no_op_firewall_nova_driver” role documentation.

Role Defaults

This section highlights all of the defaults and variables set within the “no_op_firewall_nova_driver” role.

nova_conf_path: /var/lib/config-data/puppet-generated/nova_libvirt/etc/nova/nova.conf

Role Variables: main.yml

metadata:
  description: 'When using Neutron, the `firewall_driver` option in Nova must be set
    to `NoopFirewallDriver`.

    '
  groups:
  - post-deployment
  name: Verify NoOpFirewallDriver is set in Nova

Molecule Scenarios

Molecule is being used to test the “no_op_firewall_nova_driver” role. The following section highlights the drivers in service and provides an example playbook showing how the role is leveraged.

Scenario: default

Example default configuration
driver:
  name: podman
log: true
platforms:
- dockerfile: ../../../../.config/molecule/Dockerfile
  environment:
    http_proxy: '{{ lookup(''env'', ''http_proxy'') }}'
    https_proxy: '{{ lookup(''env'', ''https_proxy'') }}'
  hostname: centos
  image: centos/centos:stream8
  name: centos
  pkg_extras: python*-setuptools python*-pyyaml
  privileged: true
  registry:
    url: quay.io
  ulimits:
  - host
  volumes:
  - /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
provisioner:
  env:
    ANSIBLE_LIBRARY: ${ANSIBLE_LIBRARY:-/usr/share/ansible/plugins/modules}
    ANSIBLE_ROLES_PATH: ${ANSIBLE_ROLES_PATH}:${HOME}/zuul-jobs/roles
    ANSIBLE_STDOUT_CALLBACK: yaml
  inventory:
    hosts:
      all:
        hosts:
          centos:
            ansible_python_interpreter: /usr/bin/python3
  log: true
  name: ansible
  options:
    vvv: true
scenario:
  test_sequence:
  - destroy
  - create
  - prepare
  - converge
  - verify
  - destroy
verifier:
  name: ansible
Molecule Inventory
hosts:
  all:
    hosts:
      centos:
        ansible_python_interpreter: /usr/bin/python3
Example default playbook
- gather_facts: false
  hosts: all
  name: Converge
  tasks:
  - block:
    - copy:
        content: '[DEFAULT]

          firewall_driver = nova.virt.firewall.NoopFirewallDriver

          '
        dest: /nova.conf
      name: Create a correct Nova config file
    - include_role:
        name: no_op_firewall_nova_driver
      vars:
        nova_conf_path: /nova.conf
    - debug:
        msg: The validation works as expected!
    name: Successful Validation
  - block:
    - ini_file:
        backup: true
        dest: /nova.conf
        option: firewall_driver
        section: DEFAULT
        value: CHANGEME
      name: Modifying Nova config file
    - include_role:
        name: no_op_firewall_nova_driver
      vars:
        nova_conf_path: /nova.conf
    name: Failing Validation
    rescue:
    - meta: clear_host_errors
      name: Clear host errors
    - debug:
        msg: The validation fails as expected! End the playbook run
    - meta: end_play
      name: End play
  - fail:
      msg: 'No-op-firewall-nova-driver validation failed finding bad configuration!

        '
    name: Fail the test
  vars:
    nova_conf_path: /nova.conf