refactoring final step

* added new logic to render plugin templates
* refactored recipe names to be more consistence
* moved version up to 13.0.0 for mitaka release
* removed suse as supported platform
* added verisionbumb for refactored os-identity and common
* adapted optimized endpoint logic
* added endpoint attributes to fit new endpoint logic
* adapted the specs (unit tests) to work again
* refactored attributes throughout all recipes that were connected to the
  attributes used for the neutron.conf.erb template to adapt the new template
  attribute syntax
* removed some attributes that were set to non default values, since the
  defaults from neutron cloud and should be used instead
* moved all attributes form attributes/default.rb that were used in
  neutron.conf.erb to attributes/neutron_conf.rb
* refactored attributes to fit new template logic
* refactored recipes/default.rb to fit new template logic
* removed all attributes set to default values in attribtues/default and
  template
* replaced static plugin logic and templates with new config logic, following
  the same principles as for neutron.conf
* renamed recipes to fit attributes and actual service names
* added recipes for ml2_core_plugin, ml2_openvswitch and ml2_linuxbridge as well
  as a recipe for the creation of all plugin configs (plugin_conf) like plugin.ini

Change-Id: I9cc1b5cc069987ac83e064322c2291772505ff5f
Implements: blueprint cookbook-refactoring
Depends-On: I0547182085eed91d05384fdd7734408a839a9a2c
Depends-On: I3262b2e6f792f37c32a446e6567790b82bdd4613
This commit is contained in:
Jan Klare 2015-11-17 11:49:52 +01:00
parent 56c95b6ce3
commit 2ec770de11
93 changed files with 1450 additions and 6291 deletions

View File

@ -1,5 +1,6 @@
# This configuration was generated by `rubocop --auto-gen-config`
# on 2015-05-29 10:47:45 -0500 using RuboCop version 0.29.1.
# This configuration was generated by
# `rubocop --auto-gen-config`
# on 2016-02-04 14:25:45 +0100 using RuboCop version 0.35.1.
# The point is for the user to remove these configuration records
# one by one as the offenses are removed from the code base.
# Note that changes in the inspected code, or installation of new
@ -8,4 +9,12 @@
# Offense count: 8
# Configuration parameters: EnforcedStyle, SupportedStyles.
Style/ClassAndModuleChildren:
Enabled: false
Exclude:
- 'recipes/client.rb'
- 'recipes/default.rb'
- 'recipes/identity_registration.rb'
- 'recipes/l3_agent.rb'
- 'recipes/lbaas.rb'
- 'recipes/ml2_openvswitch.rb'
- 'recipes/server.rb'
- 'recipes/vpnaas.rb'

14
Gemfile
View File

@ -1,14 +0,0 @@
## THIS GEMFILE IS DEPRECATED AND WILL BE REMOVED AFTER THE NEXT RELEASE
## THERE WON'T BE ANY UPDATES TO THIS FILE DURING THIS RELEASE CYCLE
## WE SWITCHED TO CHEFDK AS THE BUNDLE FOR THE NEEDED GEMS
source 'https://rubygems.org'
gem 'chef', '~> 11.18.6'
gem 'json', '<= 1.7.7' # chef 11 dependency
gem 'berkshelf', '~> 3.2.1'
gem 'hashie', '~> 2.0'
gem 'chefspec', '~> 4.0.0'
gem 'rspec', '~> 3.0.0'
gem 'foodcritic', '~> 4.0'
gem 'rubocop', '~> 0.29.1'

View File

@ -1,6 +1,8 @@
Description
===========
TODO: (jklare) needs refactoring too
This cookbook installs the **OpenStack Network** service (formerly project-named Quantum, current name is Neutron)
as part of a Chef reference deployment of OpenStack.
@ -212,6 +214,7 @@ License and Author
| | Copyright (c) 2013-2014, SUSE Linux GmbH |
| | Copyright (c) 2012, Rackspace US, Inc. |
| | Copyright (c) 2013-2014, IBM Corp. |
| | Copyright (c) 2016, cloudbau GmbH |
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.

File diff suppressed because it is too large Load Diff

View File

@ -0,0 +1,35 @@
# attribute can be used in wrapper cookbooks to handover secrets (will not be
# saved after successfull chef run)
default['openstack']['network']['conf_secrets'] = {}
default['openstack']['network']['conf'].tap do |conf|
# [DEFAULT] section
if node['openstack']['network']['syslog']['use']
conf['DEFAULT']['log_config_append'] = '/etc/openstack/logging.conf'
else
conf['DEFAULT']['log_dir'] = '/var/log/neutron'
end
conf['DEFAULT']['control_exchange'] = node['openstack']['mq']['network']['control_exchange']
conf['DEFAULT']['core_plugin'] = 'ml2'
conf['DEFAULT']['rpc_backend'] = node['openstack']['mq']['service_type']
# [agent] section
if node['openstack']['network']['use_rootwrap']
conf['agent']['root_helper'] = 'sudo neutron-rootwrap /etc/neutron/rootwrap.conf'
end
# [keystone_authtoken] section
conf['keystone_authtoken']['auth_plugin'] = 'v2password'
conf['keystone_authtoken']['region_name'] = node['openstack']['region']
conf['keystone_authtoken']['username'] = 'neutron'
conf['keystone_authtoken']['tenant_name'] = 'service'
# [nova] section
conf['nova']['auth_plugin'] = 'v2password'
conf['nova']['region_name'] = node['openstack']['region']
conf['nova']['username'] = 'nova'
conf['nova']['tenant_name'] = 'service'
# [oslo_concurrency] section
conf['oslo_concurrency']['lock_path'] = '/var/lib/neutron/lock'
end

View File

@ -1,13 +0,0 @@
# encoding: UTF-8
#
# Library:: utils
module ::Utils
def recipe_included?(recipe)
node['recipes'].include?(recipe)
end
def role_included?(role)
node['roles'].include?(role)
end
end

View File

@ -5,7 +5,7 @@ maintainer_email 'openstack-dev@lists.openstack.org'
license 'Apache 2.0'
description 'Installs and configures the OpenStack Network API Service and various agents and plugins'
long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
version '12.0.0'
version '13.0.0'
recipe 'openstack-network::client', 'Install packages required for network client'
recipe 'openstack-network::server', 'Installs packages required for a OpenStack Network server'
recipe 'openstack-network::openvswitch', 'Installs packages required for OVS'
@ -14,9 +14,9 @@ recipe 'openstack-network::identity_registration', 'Registers OpenStack Network
recipe 'openstack-network::vpn_agent', 'Installs packages required for Network VPN Agent'
recipe 'openstack-network::hyperv', 'Installs packages required for OpenStack Network Hyperv drivers'
%w(ubuntu fedora redhat centos suse).each do |os|
%w(ubuntu redhat centos).each do |os|
supports os
end
depends 'openstack-common', '>= 12.0.0'
depends 'openstack-identity', '>= 12.0.0'
depends 'openstack-common', '>= 13.0.0'
depends 'openstack-identity', '>= 13.0.0'

View File

@ -1,23 +0,0 @@
# Encoding: utf-8
#
# Cookbook Name:: openstack-network
# Recipe:: bigswitch
#
# Copyright 2013, AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
['quantum', 'neutron'].include?(node['openstack']['compute']['network']['service_type']) || return
include_recipe 'openstack-network'

View File

@ -1,23 +0,0 @@
# Encoding: utf-8
#
# Cookbook Name:: openstack-network
# Recipe:: brocade
#
# Copyright 2013, AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
['quantum', 'neutron'].include?(node['openstack']['compute']['network']['service_type']) || return
include_recipe 'openstack-network'

View File

@ -1,99 +0,0 @@
# Encoding: utf-8
#
# Cookbook Name:: openstack-network
# Recipe:: build_openvswitch_source
#
# Copyright 2013, AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
['quantum', 'neutron'].include?(node['openstack']['compute']['network']['service_type']) || return
platform_options = node['openstack']['network']['platform']
platform_options['neutron_openvswitch_build_packages'].each do |pkg|
package pkg do
action :install
end
end
ovs_options = node['openstack']['network']['openvswitch']
src_filename = ovs_options['openvswitch_filename']
src_filepath = "#{Chef::Config['file_cache_path']}/#{src_filename}"
extract_path = "#{Chef::Config['file_cache_path']}/#{ovs_options['openvswitch_checksum']}"
remote_file src_filepath do
source ovs_options['openvswitch_url']
checksum ovs_options['openvswitch_checksum']
owner 'root'
group 'root'
mode 00644
not_if { ::File.exist?("#{Chef::Config['file_cache_path']}/#{ovs_options['openvswitch_filename']}") }
end
bash 'disable_openvswitch_before_upgrade' do
cwd '/tmp'
not_if "dpkg -l | grep openvswitch-switch | grep #{ovs_options['openvswitch_dpkgversion']}"
code <<-EOH
# Politely stop OVS
service openvswitch-switch stop || exit 0
sleep 2;
# After stopping it, ensure it's down
killall -9 ovs-vswitchd || exit 0
killall -9 ovsdb-server || exit 0
fi
EOH
end
bash 'extract_package' do
cwd ::File.dirname(src_filepath)
code <<-EOH
rm -rf #{extract_path}
mkdir -p #{extract_path}
tar xzf #{src_filename} -C #{extract_path}
cd #{extract_path}/#{ovs_options['openvswitch_base_filename']}
DEB_BUILD_OPTIONS='parallel=8' fakeroot debian/rules binary
EOH
not_if "dpkg -l | grep openvswitch-switch | grep #{ovs_options['openvswitch_dpkgversion']}"
notifies :install, 'dpkg_package[openvswitch-common]', :immediately
notifies :install, 'dpkg_package[openvswitch-datapath-dkms]', :immediately
notifies :install, 'dpkg_package[openvswitch-pki]', :immediately
notifies :install, 'dpkg_package[openvswitch-switch]', :immediately
end
dpkg_package 'openvswitch-common' do
source "#{extract_path}/openvswitch-common_#{ovs_options['openvswitch_dpkgversion']}_#{ovs_options['openvswitch_architecture']}.deb"
action :nothing
end
dpkg_package 'openvswitch-common' do
source "#{extract_path}/openvswitch-common_#{ovs_options['openvswitch_dpkgversion']}_#{ovs_options['openvswitch_architecture']}.deb"
action :nothing
end
dpkg_package 'openvswitch-datapath-dkms' do
source "#{extract_path}/openvswitch-datapath-dkms_#{ovs_options['openvswitch_dpkgversion']}_all.deb"
action :nothing
end
dpkg_package 'openvswitch-pki' do
source "#{extract_path}/openvswitch-pki_#{ovs_options['openvswitch_dpkgversion']}_all.deb"
action :nothing
end
dpkg_package 'openvswitch-switch' do
source "#{extract_path}/openvswitch-switch_#{ovs_options['openvswitch_dpkgversion']}_#{ovs_options['openvswitch_architecture']}.deb"
action :nothing
end

View File

@ -1,23 +0,0 @@
# Encoding: utf-8
#
# Cookbook Name:: openstack-network
# Recipe:: cisco
#
# Copyright 2013, AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
['quantum', 'neutron'].include?(node['openstack']['compute']['network']['service_type']) || return
include_recipe 'openstack-network'

View File

@ -17,8 +17,8 @@
# See the License for the specific language governing permissions and
# limitations under the License.
#
class ::Chef::Recipe # rubocop:disable Documentation
# Make Openstack object available in Chef::Recipe
class ::Chef::Recipe
include ::Openstack
end
@ -26,7 +26,6 @@ platform_options = node['openstack']['network']['platform']
platform_options['neutron_client_packages'].each do |pkg|
package pkg do
options platform_options['package_overrides']
action :upgrade
end
end

View File

@ -18,12 +18,11 @@
# limitations under the License.
#
['quantum', 'neutron'].include?(node['openstack']['compute']['network']['service_type']) || return
plugin_config_file = node['openstack']['network']['core_plugin_config_file']
timeout = node['openstack']['network']['dbsync_timeout']
# The node['openstack']['network']['plugin_config_file'] attribute is set in the default.rb recipe
bash 'migrate network database' do
timeout node['openstack']['network']['dbsync_timeout']
plugin_config_file = node['openstack']['network']['plugin_config_file']
timeout timeout
migrate_command = "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file #{plugin_config_file}"
code <<-EOF
#{migrate_command} upgrade head
@ -32,9 +31,8 @@ end
# Only if the vpnaas is enabled, migrate the database.
bash 'migrate vpnaas database' do
only_if { [true, 'true', 'True'].include?(node['openstack']['network']['enable_vpn']) }
timeout node['openstack']['network']['dbsync_timeout']
plugin_config_file = node['openstack']['network']['plugin_config_file']
only_if { node['openstack']['network_vpnaas']['enabled'] }
timeout timeout
migrate_command = "neutron-db-manage --service vpnaas --config-file /etc/neutron/neutron.conf --config-file #{plugin_config_file}"
code <<-EOF
#{migrate_command} upgrade head
@ -43,9 +41,8 @@ end
# Only if the fwaas is enabled, migrate the database.
bash 'migrate fwaas database' do
only_if { [true, 'true', 'True'].include?(node['openstack']['network']['fwaas']['enabled']) }
timeout node['openstack']['network']['dbsync_timeout']
plugin_config_file = node['openstack']['network']['plugin_config_file']
only_if { node['openstack']['network_fwaas']['enabled'] }
timeout timeout
migrate_command = "neutron-db-manage --service fwaas --config-file /etc/neutron/neutron.conf --config-file #{plugin_config_file}"
code <<-EOF
#{migrate_command} upgrade head
@ -54,9 +51,8 @@ end
# Only if the lbaas is enabled, migrate the database.
bash 'migrate lbaas database' do
only_if { [true, 'true', 'True'].include?(node['openstack']['network']['lbaas']['enabled']) }
timeout node['openstack']['network']['dbsync_timeout']
plugin_config_file = node['openstack']['network']['plugin_config_file']
only_if { node['openstack']['network_lbaas']['enabled'] }
timeout timeout
migrate_command = "neutron-db-manage --service lbaas --config-file /etc/neutron/neutron.conf --config-file #{plugin_config_file}"
code <<-EOF
#{migrate_command} upgrade head

View File

@ -20,41 +20,21 @@
# limitations under the License.
#
['quantum', 'neutron'].include?(node['openstack']['compute']['network']['service_type']) || return
# this is needed for querying the tenant_uuid of admin below
include_recipe 'openstack-identity::client'
include_recipe 'openstack-network::client'
require 'uri'
# Make Openstack object available in Chef::Recipe
class ::Chef::Recipe
include ::Openstack
include ::Utils
end
# Make Openstack object available in Chef::Resource::RubyBlock
class ::Chef::Resource::RubyBlock
include ::Openstack
end
platform_options = node['openstack']['network']['platform']
core_plugin = node['openstack']['network']['core_plugin']
main_plugin = node['openstack']['network']['core_plugin_map'][core_plugin.split('.').last.downcase]
role_match = role_included? 'os-network-server'
if node['openstack']['network']['syslog']['use']
include_recipe 'openstack-common::logging'
end
platform_options['nova_network_packages'].each do |pkg|
package pkg do
action :purge
end
end
platform_options['neutron_packages'].each do |pkg|
package pkg do
options platform_options['package_overrides']
@ -70,40 +50,6 @@ node['openstack']['db']['python_packages'][db_type].each do |pkg|
end
end
# neutron-lbaas-agent may not running on network node, but on network node, neutron-server still need neutron_lbaas module
# when loading plugin if lbaas is list in service_plugins. In this case, we don't need include balance recipe for network node, but
# we need make sure neutron lbaas packages get installed on network ndoe before neutron-server start/restart, when lbaas is enabled.
# Otherwise neutron-server will crash for couldn't find lbaas plugin when invoking plugins from service_plugins.
platform_options['neutron_lb_packages'].each do |pkg|
package pkg do
options platform_options['package_overrides']
action :upgrade
only_if { [true, 'true', 'True'].include?(node['openstack']['network']['lbaas']['enabled']) && role_match }
end
end
# neutron-vpnaas-agent may not running on network node, but on network node, neutron-server still need neutron_vpnaas module
# when loading plugin if vpnaas is list in service_plugins. In this case, we don't need include vpn_agent recipe for network node, but
# we need make sure neutron vpnaas packages get installed on network node before neutron-server start/restart, when vpnaas is enabled.
# Otherwise neutron-server will crash for couldn't find vpnaas plugin when invoking plugins from service_plugins.
platform_options['neutron_vpn_packages'].each do |pkg|
package pkg do
options platform_options['package_overrides']
action :upgrade
# The vpn agent depends on l3_agent, and providers nicira, plumgrid, bigswitch, will not use the generic l3_agent. So if we are using
# these providers, vpn agent will not get supported, and we should not install related packages here.
only_if { node['openstack']['network']['enable_vpn'] && role_match && !['nicira', 'plumgrid', 'bigswitch'].include?(main_plugin) }
end
end
directory '/etc/neutron/plugins' do
recursive true
owner node['openstack']['network']['platform']['user']
group node['openstack']['network']['platform']['group']
mode 00700
action :create
end
directory '/var/cache/neutron' do
owner node['openstack']['network']['platform']['user']
group node['openstack']['network']['platform']['group']
@ -111,391 +57,93 @@ directory '/var/cache/neutron' do
action :create
end
directory ::File.dirname node['openstack']['network']['api']['auth']['cache_dir'] do
directory node['openstack']['network']['api']['auth']['cache_dir'] do
owner node['openstack']['network']['platform']['user']
group node['openstack']['network']['platform']['group']
mode 00700
only_if { node['openstack']['auth']['strategy'] == 'pki' }
end
template '/etc/neutron/rootwrap.conf' do
source 'rootwrap.conf.erb'
source 'openstack-service.conf.erb'
cookbook 'openstack-common'
owner node['openstack']['network']['platform']['user']
group node['openstack']['network']['platform']['group']
mode 00644
variables(
service_config: node['openstack']['network']['rootwrap']['conf']
)
end
if node['openstack']['network']['policyfile_url']
remote_file '/etc/neutron/policy.json' do
source node['openstack']['network']['policyfile_url']
owner node['openstack']['network']['platform']['user']
group node['openstack']['network']['platform']['group']
mode 00644
notifies :restart, 'service[neutron-server]', :delayed if role_match
end
if node['openstack']['network']['conf']['DEFAULT']['rpc_backend'] == 'rabbit'
user = node['openstack']['mq']['network']['rabbit']['userid']
node.default['openstack']['network']['conf']
.[]('oslo_messaging_rabbit')['rabbit_userid'] = user
node.default['openstack']['network']['conf_secrets']
.[]('oslo_messaging_rabbit')['rabbit_password'] =
get_password 'user', user
end
mq_service_type = node['openstack']['mq']['network']['service_type']
if mq_service_type == 'rabbitmq'
rabbit_hosts = rabbit_servers if node['openstack']['mq']['network']['rabbit']['ha']
mq_password = get_password 'user', node['openstack']['mq']['network']['rabbit']['userid']
elsif mq_service_type == 'qpid'
mq_password = get_password 'user', node['openstack']['mq']['network']['qpid']['username']
end
identity_endpoint = internal_endpoint 'identity-internal'
identity_admin_endpoint = admin_endpoint 'identity-admin'
auth_uri = ::URI.decode identity_endpoint.to_s
auth_uri = auth_uri_transform identity_endpoint.to_s, node['openstack']['network']['api']['auth']['version']
identity_uri = identity_uri_transform(identity_admin_endpoint)
identity_public_endpoint = public_endpoint 'identity'
auth_url =
auth_uri_transform(
identity_public_endpoint.to_s,
node['openstack']['network']['identity-api']['auth']['version']
)
db_user = node['openstack']['db']['network']['username']
db_pass = get_password 'db', 'neutron'
sql_connection = db_uri('network', db_user, db_pass)
if node['openstack']['endpoints']['db']['enabled_slave']
slave_connection = db_uri('network', db_user, db_pass, true)
end
network_api_bind = endpoint 'network-api-bind'
service_pass = get_password 'service', 'openstack-network'
platform_options['neutron_client_packages'].each do |pkg|
package pkg do
action :upgrade
options platform_options['package_overrides']
end
end
# all recipes include default.rb, and some servers
# may just be running a subset of agents (like l3_agent)
# and not the api server components, so we add logic to
# check whether current node is network node or not. If
# not, we won't notify this service to restart.
service 'neutron-server' do
service_name platform_options['neutron_server_service']
supports status: true, restart: true
action :nothing
end
# Nova interactions
nova_endpoint = internal_endpoint 'compute-api'
# TODO(MRV): Need to allow for this in common.
# Neutron will append the admin_tenant_id for these nova interaction calls,
# remove the tenant_id so we don't end up with two of them on the url.
# Need to also allow for getting at nova endpoint version.
# https://github.com/openstack/neutron/blob/master/neutron/common/config.py#L94
# https://github.com/openstack/neutron/blob/master/neutron/notifiers/nova.py#L44
nova_version = node['openstack']['network']['nova']['url_version']
nova_endpoint = uri_from_hash('scheme' => nova_endpoint.scheme.to_s, 'host' => nova_endpoint.host.to_s, 'port' => nova_endpoint.port.to_s, 'path' => nova_version)
nova_admin_pass = get_password 'service', 'openstack-compute'
public_bind_service = node['openstack']['bind_service']['network']['public']
# The auth_url in nova section follows auth_plugin
nova_auth_url = nil
case node['openstack']['network']['nova']['auth_plugin'].downcase
case node['openstack']['network']['conf']['nova']['auth_plugin']
when 'password'
nova_auth_url = identity_uri
nova_auth_url = auth_uri
when 'v2password'
nova_auth_url = auth_uri_transform(identity_admin_endpoint.to_s, 'v2.0')
nova_auth_url = auth_uri_transform(identity_public_endpoint.to_s, 'v2.0')
when 'v3password'
nova_auth_url = auth_uri_transform(identity_admin_endpoint.to_s, 'v3.0')
nova_auth_url = auth_uri_transform(identity_public_endpoint.to_s, 'v3.0')
end
if node['openstack']['network']['l3']['router_distributed'] == 'auto'
if node['openstack']['network']['interface_driver'].split('.').last != 'OVSInterfaceDriver'
node.set['openstack']['network']['l3']['router_distributed'] = 'false'
Chef::Log.warn('OVSInterfaceDirver is not used as interface_driver, DVR is not supported without OVS')
node.default['openstack']['network']['conf'].tap do |conf|
if node['openstack']['network']['syslog']['use']
conf['DEFAULT']['log_config'] = '/etc/openstack/logging.conf'
end
conf['DEFAULT']['bind_host'] = public_bind_service.host
conf['DEFAULT']['bind_port'] = public_bind_service.port
conf['nova']['auth_url'] = nova_auth_url
conf['keystone_authtoken']['auth_url'] = auth_url
end
router_distributed = 'False'
if ['auto', 'true', true].include?(node['openstack']['network']['l3']['router_distributed'])
if recipe_included? 'openstack-network::server'
router_distributed = 'True'
else
router_distributed = 'False'
end
# define secrets that are needed in the neutron.conf.erb
node.default['openstack']['network']['conf_secrets'].tap do |conf_secrets|
conf_secrets['database']['connection'] =
db_uri('network', db_user, db_pass)
conf_secrets['nova']['password'] =
get_password 'service', 'openstack-compute'
conf_secrets['keystone_authtoken']['password'] =
get_password 'service', 'openstack-network'
end
# merge all config options and secrets to be used in the neutron.conf.erb
neutron_conf_options = merge_config_options 'network'
template '/etc/neutron/neutron.conf' do
source 'neutron.conf.erb'
source 'openstack-service.conf.erb'
cookbook 'openstack-common'
owner node['openstack']['network']['platform']['user']
group node['openstack']['network']['platform']['group']
mode 00640
variables(
bind_address: network_api_bind.host,
bind_port: network_api_bind.port,
rabbit_hosts: rabbit_hosts,
mq_service_type: mq_service_type,
mq_password: mq_password,
core_plugin: core_plugin,
auth_uri: auth_uri,
identity_uri: identity_uri,
identity_admin_endpoint: identity_admin_endpoint,
service_pass: service_pass,
sql_connection: sql_connection,
slave_connection: slave_connection,
nova_endpoint: nova_endpoint,
nova_admin_pass: nova_admin_pass,
nova_auth_url: nova_auth_url,
router_distributed: router_distributed
service_config: neutron_conf_options
)
notifies :restart, 'service[neutron-server]', :delayed if role_match
end
directory "/etc/neutron/plugins/#{main_plugin}" do
recursive true
owner node['openstack']['network']['platform']['user']
group node['openstack']['network']['platform']['group']
mode 00700
end
# For several plugins, the plugin configuration
# is required by both the neutron-server and
# ancillary services that may be on different
# physical servers like the l3 agent, so we assume
# the plugin configuration is a "common" file
template_file = nil
# Common template values (between ML2 and Openvswitch)
tunnel_types = node['openstack']['network']['openvswitch']['tunnel_types']
l2_population = 'False'
enable_distributed_routing = 'False'
if ['auto', 'true', true].include?(node['openstack']['network']['l3']['router_distributed'])
tunnel_types = 'gre, vxlan'
l2_population = 'True'
enable_distributed_routing = 'True'
end
case main_plugin
when 'bigswitch'
template_file = '/etc/neutron/plugins/bigswitch/restproxy.ini'
template template_file do
source 'plugins/bigswitch/restproxy.ini.erb'
owner node['openstack']['network']['platform']['user']
group node['openstack']['network']['platform']['group']
mode 00644
notifies :restart, 'service[neutron-server]', :delayed if role_match
end
when 'brocade'
template_file = '/etc/neutron/plugins/brocade/brocade.ini'
template template_file do
source 'plugins/brocade/brocade.ini.erb'
owner node['openstack']['network']['platform']['user']
group node['openstack']['network']['platform']['group']
mode 00644
notifies :restart, 'service[neutron-server]', :delayed if role_match
end
when 'cisco'
template_file = '/etc/neutron/plugins/cisco/cisco_plugins.ini'
template template_file do
source 'plugins/cisco/cisco_plugins.ini.erb'
owner node['openstack']['network']['platform']['user']
group node['openstack']['network']['platform']['group']
mode 00644
notifies :restart, 'service[neutron-server]', :delayed if role_match
end
when 'hyperv'
template_file = '/etc/neutron/plugins/hyperv/hyperv_neutron_plugin.ini.erb'
template template_file do
source 'plugins/hyperv/hyperv_neutron_plugin.ini.erb'
owner node['openstack']['network']['platform']['user']
group node['openstack']['network']['platform']['group']
mode 00644
notifies :restart, 'service[neutron-server]', :delayed if role_match
end
when 'linuxbridge'
linuxbridge_endpoint = endpoint 'network-linuxbridge'
template_file = '/etc/neutron/plugins/linuxbridge/linuxbridge_conf.ini'
template template_file do
source 'plugins/linuxbridge/linuxbridge_conf.ini.erb'
owner node['openstack']['network']['platform']['user']
group node['openstack']['network']['platform']['group']
mode 00644
variables(
local_ip: linuxbridge_endpoint.host
)
notifies :restart, 'service[neutron-server]', :delayed if role_match
if node.run_list.expand(node.chef_environment).recipes.include?('openstack-network::linuxbridge')
notifies :restart, 'service[neutron-plugin-linuxbridge-agent]', :delayed
end
end
when 'metaplugin'
template_file = '/etc/neutron/plugins/metaplugin/metaplugin.ini'
template template_file do
source 'plugins/metaplugin/metaplugin.ini.erb'
owner node['openstack']['network']['platform']['user']
group node['openstack']['network']['platform']['group']
mode 00644
notifies :restart, 'service[neutron-server]', :delayed if role_match
end
when 'midonet'
template_file = '/etc/neutron/plugins/midonet/midonet.ini'
template template_file do
source 'plugins/midonet/midonet.ini.erb'
owner node['openstack']['network']['platform']['user']
group node['openstack']['network']['platform']['group']
mode 00644
notifies :restart, 'service[neutron-server]', :delayed if role_match
end
when 'ml2'
openvswitch_endpoint = endpoint 'network-openvswitch'
template_file = '/etc/neutron/plugins/ml2/ml2_conf.ini'
mechanism_drivers = node['openstack']['network']['ml2']['mechanism_drivers']
if node['openstack']['network']['l3']['router_distributed'] == 'auto'
mechanism_drivers = 'openvswitch,l2population'
end
template template_file do
source 'plugins/ml2/ml2_conf.ini.erb'
owner node['openstack']['network']['platform']['user']
group node['openstack']['network']['platform']['group']
mode 00644
variables(
mechanism_drivers: mechanism_drivers,
local_ip: openvswitch_endpoint.host,
tunnel_types: tunnel_types,
l2_population: l2_population,
enable_distributed_routing: enable_distributed_routing
)
notifies :restart, 'service[neutron-server]', :delayed if role_match
if node['recipes'].include?('openstack-network::openvswitch')
notifies :restart, 'service[neutron-plugin-openvswitch-agent]', :delayed
end
end
when 'nec'
template_file = '/etc/neutron/plugins/nec/nec.ini'
template template_file do
source 'plugins/nec/nec.ini.erb'
owner node['openstack']['network']['platform']['user']
group node['openstack']['network']['platform']['group']
mode 00644
notifies :restart, 'service[neutron-server]', :delayed if role_match
end
when 'nicira'
template_file = '/etc/neutron/plugins/nicira/nvp.ini'
template template_file do
source 'plugins/nicira/nvp.ini.erb'
owner node['openstack']['network']['platform']['user']
group node['openstack']['network']['platform']['group']
mode 00644
notifies :restart, 'service[neutron-server]', :delayed if role_match
end
when 'openvswitch'
openvswitch_endpoint = endpoint 'network-openvswitch'
template_file = '/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini'
template template_file do
source 'plugins/openvswitch/ovs_neutron_plugin.ini.erb'
owner node['openstack']['network']['platform']['user']
group node['openstack']['network']['platform']['group']
mode 00644
variables(
local_ip: openvswitch_endpoint.host,
tunnel_types: tunnel_types,
l2_population: l2_population,
enable_distributed_routing: enable_distributed_routing
)
notifies :restart, 'service[neutron-server]', :delayed if role_match
if node.run_list.expand(node.chef_environment).recipes.include?('openstack-network::openvswitch')
notifies :restart, 'service[neutron-plugin-openvswitch-agent]', :delayed
end
end
when 'plumgrid'
template_file = '/etc/neutron/plugins/plumgrid/plumgrid.ini'
template template_file do
source 'plugins/plumgrid/plumgrid.ini.erb'
owner node['openstack']['network']['platform']['user']
group node['openstack']['network']['platform']['group']
mode 00644
notifies :restart, 'service[neutron-server]', :delayed if role_match
end
when 'ryu'
template_file = '/etc/neutron/plugins/ryu/ryu.ini'
template template_file do
source 'plugins/ryu/ryu.ini.erb'
owner node['openstack']['network']['platform']['user']
group node['openstack']['network']['platform']['group']
mode 00644
notifies :restart, 'service[neutron-server]', :delayed if role_match
end
else
Chef::Log.fatal("Main plugin #{main_plugin}is not supported")
end
link '/etc/neutron/plugin.ini' do
to template_file
owner node['openstack']['network']['platform']['user']
group node['openstack']['network']['platform']['group']
action :create
only_if { platform_family? %w(fedora rhel) }
end
node.set['openstack']['network']['plugin_config_file'] = template_file
template '/etc/default/neutron-server' do
source 'neutron-server.erb'
owner 'root'
group 'root'
mode 00644
variables(
plugin_config: template_file
)
only_if do
node.run_list.expand(node.chef_environment).recipes.include?('openstack-network::server')
platform_family?('debian')
# delete all secrets saved in the attribute
# node['openstack']['network']['conf_secrets'] after creating the neutron.conf
ruby_block "delete all attributes in node['openstack']['network']['conf_secrets']" do
block do
node.rm(:openstack, :network, :conf_secrets)
end
end

View File

@ -18,13 +18,9 @@
# limitations under the License.
#
['quantum', 'neutron'].include?(node['openstack']['compute']['network']['service_type']) || return
include_recipe 'openstack-network'
platform_options = node['openstack']['network']['platform']
core_plugin = node['openstack']['network']['core_plugin']
main_plugin = node['openstack']['network']['core_plugin_map'][core_plugin.split('.').last.downcase]
platform_options['neutron_dhcp_packages'].each do |pkg|
package pkg do
@ -33,55 +29,53 @@ platform_options['neutron_dhcp_packages'].each do |pkg|
end
end
service 'neutron-dhcp-agent' do
service_name platform_options['neutron_dhcp_agent_service']
supports status: true, restart: true
action :enable
subscribes :restart, 'template[/etc/neutron/neutron.conf]'
end
# Some plugins have DHCP functionality, so we install the plugin
# Python package and include the plugin-specific recipe here...
package platform_options['neutron_plugin_package'].gsub('%plugin%', main_plugin) do
options platform_options['package_overrides']
action :upgrade
# plugins are installed by the main openstack-neutron package on SUSE
not_if { platform_family? 'suse' }
end
# TODO: (jklare) this should be refactored and probably pull in the some dnsmasq
# cookbook to do the proper configuration
template '/etc/neutron/dnsmasq.conf' do
source 'dnsmasq.conf.erb'
owner node['openstack']['network']['platform']['user']
group node['openstack']['network']['platform']['group']
mode 00644
notifies :restart, 'service[neutron-dhcp-agent]', :delayed
end
template '/etc/neutron/dhcp_agent.ini' do
source 'dhcp_agent.ini.erb'
service_config = merge_config_options 'network_dhcp'
template node['openstack']['network_dhcp']['config_file'] do
source 'openstack-service.conf.erb'
cookbook 'openstack-common'
owner node['openstack']['network']['platform']['user']
group node['openstack']['network']['platform']['group']
mode 00644
notifies :restart, 'service[neutron-dhcp-agent]', :immediately
variables(
service_config: service_config
)
end
# TODO: (jklare) this should be refactored and probably pull in the some dnsmasq
# cookbook to do the proper configuration
case node['platform']
when 'centos'
if node['platform_version'].to_f < 7.1
dnsmasq_file = "#{Chef::Config[:file_cache_path]}/#{node['openstack']['network']['dhcp']['dnsmasq_rpm_version']}"
dnsmasq_file = "#{Chef::Config[:file_cache_path]}/#{node['openstack']['network']['dnsmasq']['rpm_version']}"
remote_file dnsmasq_file do
source node['openstack']['network']['dhcp']['dnsmasq_rpm_source']
not_if { ::File.exist?(dnsmasq_file) || node['openstack']['network']['dhcp']['dnsmasq_rpm_version'].to_s.empty? }
source node['openstack']['network']['dnsmasq']['rpm_source']
not_if { ::File.exist?(dnsmasq_file) || node['openstack']['network']['dnsmasq']['rpm_version'].to_s.empty? }
end
rpm_package 'dnsmasq' do
source dnsmasq_file
action :install
notifies :restart, 'service[neutron-dhcp-agent]', :immediately
not_if { node['openstack']['network']['dhcp']['dnsmasq_rpm_version'].to_s.empty? }
not_if { node['openstack']['network']['dnsmasq']['rpm_version'].to_s.empty? }
end
end
end
service 'neutron-dhcp-agent' do
service_name platform_options['neutron_dhcp_agent_service']
supports status: true, restart: true
action [:enable, :start]
subscribes :restart, [
'template[/etc/neutron/neutron.conf]',
'template [/etc/neutron/dnsmasq.conf]',
"template[#{node['openstack']['network_dhcp']['config_file']}]",
'rpm_package[dnsmasq]'
]
end

24
recipes/fwaas.rb Normal file
View File

@ -0,0 +1,24 @@
# TODO(jklare) : check why the package is installed and if the configuration
# works at all (if so, this needs refactoring parallel to the lbaas and vpnaas
# recipes and attributes)
# ---- moved from templates/default/services/neutron-fwaas/fwaas_driver.ini.erb----
# <%= node["openstack"]["network"]["custom_template_banner"] %>
# [fwaas]
# driver = <%= node['openstack']['network']['fwaas']['driver'] %>
# enabled = <%= node['openstack']['network']['fwaas']['enabled'] %>
# ---- moved from templates/default/services/neutron-fwaas/fwaas_driver.ini.erb----
# ---- moved from recipes/l3_agent----
# As the fwaas package will be installed anyway, configure its config-file attributes following environment.
# template node['openstack']['network']['fwaas']['config_file'] do
# source 'services/neutron-fwaas/fwaas_driver.ini.erb'
# user node['openstack']['network']['platform']['user']
# group node['openstack']['network']['platform']['group']
# mode 00640
# # Only restart vpn agent to avoid synchronization problem, when vpn agent is enabled.
# if node['openstack']['network']['enable_vpn']
# notifies :restart, 'service[neutron-vpn-agent]', :delayed
# else
# notifies :restart, 'service[neutron-l3-agent]', :immediately
# end
# end
# ---- moved from recipes/l3_agent----

View File

@ -1,33 +0,0 @@
# Encoding: utf-8
#
# Cookbook Name:: openstack-network
# Recipe:: hyperv
#
# Copyright 2013, AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
['quantum', 'neutron'].include?(node['openstack']['compute']['network']['service_type']) || return
node['openstack']['network']['ml2']['mechanism_drivers'].downcase.include?('hyperv') || return
platform_options = node['openstack']['network']['platform']
platform_options['neutron_hyperv_packages'].each do |pkg|
package pkg do
options platform_options['package_overrides']
action :upgrade
end
end
include_recipe 'openstack-network'

View File

@ -19,8 +19,6 @@
# limitations under the License.
#
['quantum', 'neutron'].include?(node['openstack']['compute']['network']['service_type']) || return
require 'uri'
# Make Openstack object available in Chef::Recipe
@ -28,18 +26,21 @@ class ::Chef::Recipe
include ::Openstack
end
identity_admin_endpoint = admin_endpoint 'identity-admin'
identity_admin_endpoint = admin_endpoint 'identity'
bootstrap_token = get_password 'token', 'openstack_identity_bootstrap_token'
auth_uri = ::URI.decode identity_admin_endpoint.to_s
admin_api_endpoint = admin_endpoint 'network-api'
public_api_endpoint = public_endpoint 'network-api'
internal_api_endpoint = internal_endpoint 'network-api'
admin_api_endpoint = admin_endpoint 'network'
public_api_endpoint = public_endpoint 'network'
internal_api_endpoint = internal_endpoint 'network'
service_pass = get_password 'service', 'openstack-network'
service_tenant_name = node['openstack']['network']['service_tenant_name']
service_user = node['openstack']['network']['service_user']
service_tenant_name =
node['openstack']['network']['conf']['keystone_authtoken']['tenant_name']
service_user =
node['openstack']['network']['conf']['keystone_authtoken']['username']
service_role = node['openstack']['network']['service_role']
openstack_identity_register 'Register Network API Service' do

View File

@ -18,48 +18,54 @@
# limitations under the License.
#
['quantum', 'neutron'].include?(node['openstack']['compute']['network']['service_type']) || return
include_recipe 'openstack-network'
# Make Openstack object available in Chef::Recipe
class ::Chef::Recipe
include ::Openstack
include ::Utils
end
ruby_block 'query gateway external network uuid' do
block do
begin
external_name = node['openstack']['network']['l3']['gateway_external_network_name']
admin_user = node['openstack']['identity']['admin_user']
admin_tenant = node['openstack']['identity']['admin_tenant_name']
env = openstack_command_env admin_user, admin_tenant
external_id = network_uuid 'net-external', 'name', external_name, env
Chef::Log.error("gateway external network UUID for #{external_name} not found.") if external_id.nil?
node.set['openstack']['network']['l3']['gateway_external_network_id'] = external_id
rescue RuntimeError => e
Chef::Log.error("Could not query UUID for network #{external_name}. Error was #{e.message}") unless external_id
end
end
action :run
only_if do
(node['openstack']['network']['l3']['gateway_external_network_id'].nil? &&
node['openstack']['network']['l3']['gateway_external_network_name'])
end
end
platform_options = node['openstack']['network']['platform']
core_plugin = node['openstack']['network']['core_plugin']
main_plugin = node['openstack']['network']['core_plugin_map'][core_plugin.split('.').last.downcase]
platform_options['neutron_l3_packages'].each do |pkg|
package pkg do
options platform_options['package_overrides']
action :upgrade
# The providers below do not use the generic L3 agent...
not_if { ['nicira', 'plumgrid', 'bigswitch'].include?(main_plugin) }
end
end
service_config = merge_config_options 'network_l3'
template node['openstack']['network_l3']['config_file'] do
source 'openstack-service.conf.erb'
cookbook 'openstack-common'
owner node['openstack']['network']['platform']['user']
group node['openstack']['network']['platform']['group']
mode 00640
variables(
service_config: service_config
)
# Not restart l3 agent to avoid synchronization problem, when vpn agent is enabled.
unless node['openstack']['network_vpnaas']['enabled']
notifies :restart, 'service[neutron-l3-agent]'
end
end
# See http://docs.openstack.org/admin-guide-cloud/content/section_adv_cfg_l3_agent.html
if node['openstack']['network_l3']['conf']['DEFAULT']['interface_driver'] ==
'neutron.agent.linux.interface.OVSInterfaceDriver'
ext_bridge = node['openstack']['network_l3']['conf']['DEFAULT']['external_network_bridge']
ext_bridge_iface = node['openstack']['network_l3']['external_network_bridge_interface']
if ext_bridge && ext_bridge_iface
execute 'create external network bridge' do
command "ovs-vsctl add-br #{ext_bridge}"
action :run
not_if "ovs-vsctl br-exists #{ext_bridge}"
end
execute 'enable external_network_bridge_interface' do
command "ip link set #{ext_bridge_iface} up && ovs-vsctl --may-exist add-port #{ext_bridge} #{ext_bridge_iface}"
action :run
only_if "ip link show #{ext_bridge_iface}"
end
end
end
@ -69,68 +75,10 @@ service 'neutron-l3-agent' do
# As l3 and vpn agents are both working based on l3 bisic strategy, and there will be
# potential synchronization problems when vpn and l3 agents both running in network node.
# So if the vpn agent is enabled, we should stop and disable the l3 agent.
if node['openstack']['network']['enable_vpn']
if node['openstack']['network_vpnaas']['enabled']
action [:stop, :disable]
else
action :enable
action [:enable, :start]
subscribes :restart, 'template[/etc/neutron/neutron.conf]'
end
end
agent_mode = 'legacy'
if [true, 'true', 'auto'].include?(node['openstack']['network']['l3']['router_distributed'])
if recipe_included? 'openstack-network::server'
agent_mode = 'dvr_snat'
elsif recipe_included? 'openstack-compute::compute'
agent_mode = 'dvr'
end
end
template '/etc/neutron/l3_agent.ini' do
source 'l3_agent.ini.erb'
owner node['openstack']['network']['platform']['user']
group node['openstack']['network']['platform']['group']
mode 00640
variables(
agent_mode: agent_mode
)
# Not restart l3 agent to avoid synchronization problem, when vpn agent is enabled.
unless node['openstack']['network']['enable_vpn']
notifies :restart, 'service[neutron-l3-agent]', :immediately
end
end
# As the fwaas package will be installed anyway, configure its config-file attributes following environment.
template node['openstack']['network']['fwaas']['config_file'] do
source 'services/neutron-fwaas/fwaas_driver.ini.erb'
user node['openstack']['network']['platform']['user']
group node['openstack']['network']['platform']['group']
mode 00640
# Only restart vpn agent to avoid synchronization problem, when vpn agent is enabled.
if node['openstack']['network']['enable_vpn']
notifies :restart, 'service[neutron-vpn-agent]', :delayed
else
notifies :restart, 'service[neutron-l3-agent]', :immediately
end
end
driver_name = node['openstack']['network']['interface_driver'].split('.').last
# See http://docs.openstack.org/admin-guide-cloud/content/section_adv_cfg_l3_agent.html
case driver_name
when 'OVSInterfaceDriver'
ext_bridge = node['openstack']['network']['l3']['external_network_bridge']
ext_bridge_iface = node['openstack']['network']['l3']['external_network_bridge_interface']
unless ext_bridge.to_s.empty?
execute 'create external network bridge' do
command "ovs-vsctl add-br #{ext_bridge}"
action :run
not_if "ovs-vsctl br-exists #{ext_bridge}"
end
execute 'enable external_network_bridge_interface' do
command "ip link set #{ext_bridge_iface} up && ovs-vsctl --may-exist add-port #{ext_bridge} #{ext_bridge_iface}"
only_if "ip link show #{ext_bridge_iface}"
end
end
when 'BridgeInterfaceDriver'
# TODO: Handle linuxbridge case
end

View File

@ -20,27 +20,32 @@
# This recipe should be placed in the run_list of the node that
# runs the network server or network controller server.
['quantum', 'neutron'].include?(node['openstack']['compute']['network']['service_type']) || return
[true, 'true', 'True'].include?(node['openstack']['network']['lbaas']['enabled']) || return
include_recipe 'openstack-network'
platform_options = node['openstack']['network']['platform']
# Make Openstack object available in Chef::Recipe
class ::Chef::Recipe
include ::Openstack
end
platform_options['neutron_lb_packages'].each do |pkg|
platform_options = node['openstack']['network']['platform']
platform_options['neutron_lbaas_packages'].each do |pkg|
package pkg do
options platform_options['package_overrides']
action :upgrade
end
end
template node['openstack']['network']['lbaas']['config_file'] do
source 'services/neutron-lbaas/lbaas_agent.ini.erb'
service_config = merge_config_options 'network_lbaas'
template node['openstack']['network_lbaas']['config_file'] do
source 'openstack-service.conf.erb'
cookbook 'openstack-common'
owner node['openstack']['network']['platform']['user']
group node['openstack']['network']['platform']['group']
mode 00640
variables(
service_config: service_config
)
notifies :restart, 'service[neutron-lb-agent]', :delayed
end

View File

@ -18,16 +18,13 @@
# limitations under the License.
#
['quantum', 'neutron'].include?(node['openstack']['compute']['network']['service_type']) || return
include_recipe 'openstack-network'
platform_options = node['openstack']['network']['platform']
identity_endpoint = internal_endpoint 'identity-internal'
service_pass = get_password 'service', 'openstack-network'
metadata_secret = get_password 'token', node['openstack']['network']['metadata']['secret_name']
compute_metadata_api = internal_endpoint 'compute-metadata-api'
# identity_endpoint = admin_endpoint 'identity'
metadata_secret = get_password 'token', node['openstack']['network_metadata']['secret_name']
# compute_metadata_api = internal_endpoint 'compute-metadata-api'
platform_options['neutron_metadata_agent_packages'].each do |pkg|
package pkg do
@ -36,25 +33,38 @@ platform_options['neutron_metadata_agent_packages'].each do |pkg|
end
end
template '/etc/neutron/metadata_agent.ini' do
source 'metadata_agent.ini.erb'
node.default['openstack']['network_metadata']['conf_secrets'].tap do |conf|
conf['DEFAULT']['metadata_proxy_shared_secret'] = metadata_secret
end
service_config = merge_config_options 'network_metadata'
template node['openstack']['network_metadata']['config_file'] do
source 'openstack-service.conf.erb'
cookbook 'openstack-common'
owner node['openstack']['network']['platform']['user']
group node['openstack']['network']['platform']['group']
mode 00644
variables(
identity_endpoint: identity_endpoint,
metadata_secret: metadata_secret,
service_pass: service_pass,
compute_metadata_ip: compute_metadata_api.host,
compute_metadata_port: compute_metadata_api.port
service_config: service_config
)
notifies :restart, 'service[neutron-metadata-agent]', :immediately
action :create
end
# delete all secrets saved in the attribute
# node['openstack']['network_metadata']['conf_secrets'] after creating the neutron.conf
ruby_block 'delete all attributes in '\
"node['openstack']['network_metadata']['conf_secrets']" do
block do
node.rm(:openstack, :network_metadata, :conf_secrets)
end
end
service 'neutron-metadata-agent' do
service_name platform_options['neutron_metadata_agent_service']
supports status: true, restart: true
action :enable
subscribes :restart, 'template[/etc/neutron/neutron.conf]'
action [:enable, :start]
subscribes :restart, [
'template[/etc/neutron/neutron.conf]',
"template[#{node['openstack']['network_metadata']['config_file']}]"
]
end

View File

@ -1,23 +0,0 @@
# Encoding: utf-8
#
# Cookbook Name:: openstack-network
# Recipe:: metaplugin
#
# Copyright 2013, AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
['quantum', 'neutron'].include?(node['openstack']['compute']['network']['service_type']) || return
include_recipe 'openstack-network'

View File

@ -1,23 +0,0 @@
# Encoding: utf-8
#
# Cookbook Name:: openstack-network
# Recipe:: midonet
#
# Copyright 2013, AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
['quantum', 'neutron'].include?(node['openstack']['compute']['network']['service_type']) || return
include_recipe 'openstack-network'

View File

@ -0,0 +1,39 @@
# Encoding: utf-8
#
# Cookbook Name:: openstack-network
# Recipe:: ml2_core_plugin
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
case node['platform_family']
when 'fedora', 'rhel'
node.default['openstack']['network']['plugins']['ml2']['path'] = '/etc/neutron'
node.default['openstack']['network']['plugins']['ml2']['filename'] = 'plugin.ini'
when 'debian'
node.default['openstack']['network']['plugins']['ml2']['path'] = '/etc/neutron/plugins/ml2'
node.default['openstack']['network']['plugins']['ml2']['filename'] = 'ml2_conf.ini'
end
# Per default the ml2 conf will be empty, since there is no need to add
# configuration without a mechanism_driver defined. The proper mechanism_drivers
# configuration will be included automatically when selecting a fitting
# ml2_plugin like ml2_openvswitch or ml2_linuxbridge
node.default['openstack']['network']['plugins']['ml2']['conf'] = {}
core_plugin = node['openstack']['network']['conf']['DEFAULT']['core_plugin']
node.default['openstack']['network']['core_plugin_config_file'] =
File.join(
node['openstack']['network']['plugins'][core_plugin]['path'],
node['openstack']['network']['plugins'][core_plugin]['filename']
)

View File

@ -1,7 +1,7 @@
# Encoding: utf-8
#
# Cookbook Name:: openstack-network
# Recipe:: linuxbridge
# Recipe:: ml2_linuxbridge
#
# Copyright 2013, AT&T
#
@ -18,12 +18,16 @@
# limitations under the License.
#
['quantum', 'neutron'].include?(node['openstack']['compute']['network']['service_type']) || return
# TODO: (jklare) This recipe is a WIP one, since we probably want to support
# ml2_linuxbridge, but are not testing it right now. It will install the needed
# packages on debian and rhel/fedora, set the proper ml2 mechanism_drivers and
# set the proper attributes to create an empty linuxbridge_conf.ini in the
# proper directory when including the plugin_conf recipe in this cookbook. The
# config can be filled via attributes (e.g. like done for the ml2_openvswitch).
include_recipe 'openstack-network'
node.default['openstack']['network']['plugins']['ml2']['conf']['ml2']['mechanism_drivers'] = 'linuxbridge'
platform_options = node['openstack']['network']['platform']
platform_options['neutron_linuxbridge_agent_packages'].each do |pkg|
package pkg do
options platform_options['package_overrides']
@ -31,28 +35,19 @@ platform_options['neutron_linuxbridge_agent_packages'].each do |pkg|
end
end
directory '/etc/neutron/plugins/linuxbridge' do
recursive true
owner node['openstack']['network']['platform']['user']
group node['openstack']['network']['platform']['group']
mode 00700
node.default['openstack']['network']['plugins']['linuxbridge'].tap do |lb|
lb['path'] =
'/etc/neutron/plugins/linuxbridge'
lb['filename'] =
'linuxbridge_conf.ini'
end
linuxbridge_endpoint = endpoint 'network-linuxbridge'
template '/etc/neutron/plugins/linuxbridge/linuxbridge_conf.ini' do
source 'plugins/linuxbridge/linuxbridge_conf.ini.erb'
owner node['openstack']['network']['platform']['user']
group node['openstack']['network']['platform']['group']
mode 00644
variables(
local_ip: linuxbridge_endpoint.host
)
end
include_recipe 'openstack-network::plugin_config'
service 'neutron-plugin-linuxbridge-agent' do
service_name platform_options['neutron_linuxbridge_agent_service']
supports status: true, restart: true
action :enable
subscribes :restart, 'template[/etc/neutron/neutron.conf]'
subscribes :restart, 'template[/etc/neutron/plugins/linuxbridge/linuxbridge_conf.ini]'
action [:enable, :start]
subscribes :restart, ['template[/etc/neutron/neutron.conf]',
'template[/etc/neutron/plugins/linuxbridge/linuxbridge_conf.ini]']
end

118
recipes/ml2_openvswitch.rb Normal file
View File

@ -0,0 +1,118 @@
# Encoding: utf-8
#
# Cookbook Name:: openstack-network
# Recipe:: ml2_opensvswitch
#
# Copyright 2013, AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
require 'uri'
# Make Openstack object available in Chef::Recipe
class ::Chef::Recipe
include ::Openstack
end
node.default['openstack']['network']['plugins']['ml2']['conf']['ml2']['mechanism_drivers'] = 'openvswitch'
platform_options = node['openstack']['network']['platform']
node.default['openstack']['network']['plugins']['openvswitch'].tap do |ovs|
case node['platform_family']
when 'fedora', 'rhel'
ovs['path'] =
'/etc/neutron/plugins/openvswitch'
ovs['filename'] =
'ovs_neutron_plugin.ini'
when 'debian'
ovs['path'] =
'/etc/neutron/plugins/ml2'
ovs['filename'] =
'openvswitch_agent.ini'
end
ovs['conf']['DEFAULT']['integration_bridge'] = 'br-int'
ovs['conf']['OVS']['tunnel_bridge'] = 'br-tun'
end
platform_options['neutron_openvswitch_packages'].each do |pkg|
package pkg do
options platform_options['package_overrides']
action :upgrade
end
end
plugin_file_path = File.join(
node['openstack']['network']['plugins']['openvswitch']['path'],
node['openstack']['network']['plugins']['openvswitch']['filename']
)
platform_options['neutron_openvswitch_agent_packages'].each do |pkg|
package pkg do
action :upgrade
options platform_options['package_overrides']
end
end
int_bridge =
node['openstack']['network']['plugins']['openvswitch']['conf']
.[]('DEFAULT')['integration_bridge']
tun_bridge =
node['openstack']['network']['plugins']['openvswitch']['conf']
.[]('OVS')['tunnel_bridge']
execute 'create internal network bridge' do
ignore_failure true
command "ovs-vsctl add-br #{int_bridge}"
action :run
not_if "ovs-vsctl br-exists #{int_bridge}"
end
include_recipe 'openstack-network::plugin_config'
service 'neutron-openvswitch-switch' do
service_name platform_options['neutron_openvswitch_service']
supports status: true, restart: true
action [:enable, :start]
subscribes :restart, "template[#{plugin_file_path}]"
end
service 'neutron-plugin-openvswitch-agent' do
service_name platform_options['neutron_openvswitch_agent_service']
supports status: true, restart: true
action [:enable, :start]
subscribes :restart, [
'template[/etc/neutron/neutron.conf]',
"template[#{plugin_file_path}]",
'execute[create internal network bridge]',
'execute[create tunnel network bridge]',
'execute[create data network bridge]'
]
end
execute 'create tunnel network bridge' do
ignore_failure true
command "ovs-vsctl add-br #{tun_bridge}"
action :run
not_if "ovs-vsctl br-exists #{tun_bridge}"
end
if node['openstack']['network']['openvswitch']['bridge_mapping_interface']
ext_bridge_mapping = node['openstack']['network']['openvswitch']['bridge_mapping_interface']
ext_bridge, ext_bridge_iface = ext_bridge_mapping.split(':')
execute 'create data network bridge' do
command "ovs-vsctl add-br #{ext_bridge} -- add-port #{ext_bridge} #{ext_bridge_iface}"
action :run
not_if "ovs-vsctl br-exists #{ext_bridge}"
only_if "ip link show #{ext_bridge_iface}"
end
end

View File

@ -1,23 +0,0 @@
# Encoding: utf-8
#
# Cookbook Name:: openstack-network
# Recipe:: nec
#
# Copyright 2013, AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
['quantum', 'neutron'].include?(node['openstack']['compute']['network']['service_type']) || return
include_recipe 'openstack-network'

View File

@ -1,23 +0,0 @@
# Encoding: utf-8
#
# Cookbook Name:: openstack-network
# Recipe:: nicira
#
# Copyright 2013, AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
['quantum', 'neutron'].include?(node['openstack']['compute']['network']['service_type']) || return
include_recipe 'openstack-network'

View File

@ -1,181 +0,0 @@
# Encoding: utf-8
#
# Cookbook Name:: openstack-network
# Recipe:: opensvswitch
#
# Copyright 2013, AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
['quantum', 'neutron'].include?(node['openstack']['compute']['network']['service_type']) || return
require 'uri'
# Make Openstack object available in Chef::Recipe
class ::Chef::Recipe
include ::Openstack
end
include_recipe 'openstack-network'
platform_options = node['openstack']['network']['platform']
core_plugin = node['openstack']['network']['core_plugin']
main_plugin = node['openstack']['network']['core_plugin_map'][core_plugin.split('.').last.downcase]
if platform_family?('debian')
# obtain kernel version for kernel header
# installation on ubuntu and debian
kernel_ver = node['kernel']['release']
package "linux-headers-#{kernel_ver}" do
options platform_options['package_overrides']
action :upgrade
end
end
if node['openstack']['network']['openvswitch']['use_source_version']
if node['lsb'] && node['lsb']['codename'] == 'precise'
include_recipe 'openstack-network::build_openvswitch_source'
end
else
platform_options['neutron_openvswitch_packages'].each do |pkg|
package pkg do
options platform_options['package_overrides']
action :upgrade
end
end
end
if platform_family?('debian')
# NOTE:(mancdaz):sometimes the openvswitch module does not get reloaded
# properly when openvswitch-datapath-dkms recompiles it. This ensures
# that it does
begin
if resources('package[openvswitch-datapath-dkms]')
execute '/usr/share/openvswitch/scripts/ovs-ctl force-reload-kmod' do
action :nothing
subscribes :run, resources('package[openvswitch-datapath-dkms]'), :immediately
end
end
rescue Chef::Exceptions::ResourceNotFound # rubocop:disable HandleExceptions
end
end
service 'neutron-openvswitch-switch' do
service_name platform_options['neutron_openvswitch_service']
supports status: true, restart: true
action [:enable, :start]
end
if node.run_list.expand(node.chef_environment).recipes.include?('openstack-network::server')
service 'neutron-server' do
service_name platform_options['neutron_server_service']
supports status: true, restart: true
action :nothing
end
end
platform_options['neutron_openvswitch_agent_packages'].each do |pkg|
package pkg do
action :upgrade
options platform_options['package_overrides']
end
end
directory '/etc/neutron/plugins/openvswitch' do
recursive true
owner node['openstack']['network']['platform']['user']
group node['openstack']['network']['platform']['group']
mode 00700
only_if { platform_family?('rhel') }
end
openvswitch_endpoint = endpoint 'network-openvswitch'
tunnel_types = node['openstack']['network']['openvswitch']['tunnel_types']
l2_population = 'False'
enable_distributed_routing = 'False'
if ['auto', 'true', true].include?(node['openstack']['network']['l3']['router_distributed'])
tunnel_types = 'gre, vxlan'
l2_population = 'True'
enable_distributed_routing = 'True'
end
template '/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini' do
source 'plugins/openvswitch/ovs_neutron_plugin.ini.erb'
owner node['openstack']['network']['platform']['user']
group node['openstack']['network']['platform']['group']
mode 00644
variables(
local_ip: openvswitch_endpoint.host,
tunnel_types: tunnel_types,
l2_population: l2_population,
enable_distributed_routing: enable_distributed_routing
)
only_if { platform_family?('rhel') }
end
service 'neutron-plugin-openvswitch-agent' do
service_name platform_options['neutron_openvswitch_agent_service']
supports status: true, restart: true
action :enable
subscribes :restart, 'template[/etc/neutron/neutron.conf]'
if platform_family?('rhel')
subscribes :restart, 'template[/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini]'
end
end
unless ['nicira', 'plumgrid', 'bigswitch'].include?(main_plugin)
int_bridge = node['openstack']['network']['openvswitch']['integration_bridge']
execute 'create internal network bridge' do
ignore_failure true
command "ovs-vsctl add-br #{int_bridge}"
action :run
not_if "ovs-vsctl br-exists #{int_bridge}"
notifies :restart, 'service[neutron-plugin-openvswitch-agent]', :delayed
end
end
unless ['nicira', 'plumgrid', 'bigswitch'].include?(main_plugin)
tun_bridge = node['openstack']['network']['openvswitch']['tunnel_bridge']
execute 'create tunnel network bridge' do
ignore_failure true
command "ovs-vsctl add-br #{tun_bridge}"
action :run
not_if "ovs-vsctl br-exists #{tun_bridge}"
notifies :restart, 'service[neutron-plugin-openvswitch-agent]', :delayed
end
end
unless ['nicira', 'plumgrid', 'bigswitch'].include?(main_plugin)
unless node['openstack']['network']['openvswitch']['bridge_mapping_interface'].to_s.empty?
ext_bridge_mapping = node['openstack']['network']['openvswitch']['bridge_mapping_interface']
ext_bridge, ext_bridge_iface = ext_bridge_mapping.split(':')
execute 'create data network bridge' do
command "ovs-vsctl add-br #{ext_bridge} -- add-port #{ext_bridge} #{ext_bridge_iface}"
action :run
not_if "ovs-vsctl br-exists #{ext_bridge}"
only_if "ip link show #{ext_bridge_iface}"
notifies :restart, 'service[neutron-plugin-openvswitch-agent]', :delayed
end
end
end
if [true, 'true', 'auto'].include?(node['openstack']['network']['l3']['router_distributed'])
if !node['recipes'].include?('openstack-network::server') && node['recipes'].include?('openstack-compute::compute')
include_recipe 'openstack-network::l3_agent'
end
end

38
recipes/plugin_config.rb Normal file
View File

@ -0,0 +1,38 @@
# Encoding: utf-8
#
# Cookbook Name:: openstack-network
# Recipe:: plugin_config
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
node['openstack']['network']['plugins'].each_value do |plugin|
next if plugin['path'].nil?
directory plugin['path'] do
recursive true
owner node['openstack']['network']['platform']['user']
group node['openstack']['network']['platform']['group']
mode 00700
end
template File.join(plugin['path'], plugin['filename']) do
source 'openstack-service.conf.erb'
cookbook 'openstack-common'
owner node['openstack']['network']['platform']['user']
group node['openstack']['network']['platform']['group']
mode 00644
variables(
service_config: plugin['conf']
)
end
end

View File

@ -1,23 +0,0 @@
# Encoding: utf-8
#
# Cookbook Name:: openstack-network
# Recipe:: plumgrid
#
# Copyright 2013, AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
['quantum', 'neutron'].include?(node['openstack']['compute']['network']['service_type']) || return
include_recipe 'openstack-network'

View File

@ -1,23 +0,0 @@
# Encoding: utf-8
#
# Cookbook Name:: openstack-network
# Recipe:: ryu
#
# Copyright 2013, AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
['quantum', 'neutron'].include?(node['openstack']['compute']['network']['service_type']) || return
include_recipe 'openstack-network'

View File

@ -19,17 +19,25 @@
# limitations under the License.
#
['quantum', 'neutron'].include?(node['openstack']['compute']['network']['service_type']) || return
include_recipe 'openstack-network'
# Make Openstack object available in Chef::Recipe
class ::Chef::Recipe
include ::Openstack
end
include_recipe 'openstack-network'
template '/etc/default/neutron-server' do
source 'neutron-server.erb'
owner 'root'
group 'root'
mode 00644
variables(
core_plugin_config: node['openstack']['network']['core_plugin_config_file']
)
only_if { platform_family?('debian') }
end
platform_options = node['openstack']['network']['platform']
core_plugin = node['openstack']['network']['core_plugin']
platform_options['neutron_server_packages'].each do |pkg|
package pkg do
@ -38,25 +46,65 @@ platform_options['neutron_server_packages'].each do |pkg|
end
end
db_type = node['openstack']['db']['network']['service_type']
node['openstack']['db']['python_packages'][db_type].each do |pkg|
package pkg do
options platform_options['package_overrides']
action :upgrade
end
end
if node['openstack']['network']['policyfile_url']
remote_file '/etc/neutron/policy.json' do
source node['openstack']['network']['policyfile_url']
owner node['openstack']['network']['platform']['user']
group node['openstack']['network']['platform']['group']
mode 00644
end
end
if node['openstack']['network_lbaas']['enabled']
# neutron-lbaas-agent may not running on network node, but on network node, neutron-server still need neutron_lbaas module
# when loading plugin if lbaas is list in service_plugins. In this case, we don't need include balance recipe for network node, but
# we need make sure neutron lbaas packages get installed on network ndoe before neutron-server start/restart, when lbaas is enabled.
# Otherwise neutron-server will crash for couldn't find lbaas plugin when invoking plugins from service_plugins.
platform_options['neutron_lbaas_packages'].each do |pkg|
package pkg do
options platform_options['package_overrides']
action :upgrade
end
end
end
if node['openstack']['network_vpnaas']['enabled']
# neutron-vpnaas-agent may not running on network node, but on network node, neutron-server still need neutron_vpnaas module
# when loading plugin if vpnaas is list in service_plugins. In this case, we don't need include vpn_agent recipe for network node, but
# we need make sure neutron vpnaas packages get installed on network node before neutron-server start/restart, when vpnaas is enabled.
# Otherwise neutron-server will crash for couldn't find vpnaas plugin when invoking plugins from service_plugins.
platform_options['neutron_vpnaas_packages'].each do |pkg|
package pkg do
options platform_options['package_overrides']
action :upgrade
end
end
end
# Migrate network database to latest version
include_recipe 'openstack-network::db_migration'
plugin_templates = []
node['openstack']['network']['plugins'].each_value do |plugin|
plugin_templates << "template[#{File.join(plugin['path'], plugin['filename'])}"
end
service 'neutron-server' do
service_name platform_options['neutron_server_service']
supports status: true, restart: true
action [:enable, :start]
subscribes :restart, [
plugin_templates,
'template[/etc/neutron/neutron.conf]',
'remote_file[/etc/neutron/policy.json]'
]
end
# the default SUSE initfile uses this sysconfig file to determine the
# neutron plugin to use
template '/etc/sysconfig/neutron' do
only_if { platform_family? 'suse' }
source 'neutron.sysconfig.erb'
owner 'root'
group 'root'
mode 00644
variables(
plugin_conf: node['openstack']['network']['plugin_conf_map'][core_plugin.split('.').last.downcase]
)
notifies :restart, 'service[neutron-server]'
end
include_recipe 'openstack-network::identity_registration'

View File

@ -18,36 +18,28 @@
# limitations under the License.
#
['quantum', 'neutron'].include?(node['openstack']['compute']['network']['service_type']) || return
return unless node['openstack']['network']['enable_vpn']
use_namespaces = node['openstack']['network']['use_namespaces']
unless use_namespaces.downcase == 'true'
fail "use_namespaces is #{use_namespaces}, and it must be True when using vpn agent"
end
# VPN agent is based on L3 agent
include_recipe 'openstack-network::l3_agent'
# Make Openstack object available in Chef::Recipe
class ::Chef::Recipe
include ::Openstack
end
platform_options = node['openstack']['network']['platform']
core_plugin = node['openstack']['network']['core_plugin']
main_plugin = node['openstack']['network']['core_plugin_map'][core_plugin.split('.').last.downcase]
# Install package dependencies according node's vpn_device_driver.
platform_options['vpn_device_driver_packages'].each do |pkg|
package pkg do
options platform_options['package_overrides']
action :upgrade
only_if { node['openstack']['network']['vpn']['vpn_device_driver'].any? }
end
end
platform_options['neutron_vpn_packages'].each do |pkg|
platform_options['neutron_vpnaas_packages'].each do |pkg|
package pkg do
options platform_options['package_overrides']
action :upgrade
# The vpn agent is depends on l3_agent and the providers below do not use the generic L3 agent.
not_if { ['nicira', 'plumgrid', 'bigswitch'].include?(main_plugin) }
end
end
@ -59,17 +51,24 @@ platform_options['vpn_device_driver_services'].each do |svc|
end
end
service 'neutron-vpn-agent' do
service_name platform_options['neutron_vpn_agent_service']
supports status: true, restart: true
action :enable
subscribes :restart, 'template[/etc/neutron/neutron.conf]'
end
template node['openstack']['network']['vpn']['config_file'] do
source 'services/neutron-vpnaas/vpn_agent.ini.erb'
service_conf = merge_config_options 'network_vpnaas'
template node['openstack']['network_vpnaas']['config_file'] do
source 'openstack-service.conf.erb'
cookbook 'openstack-common'
owner node['openstack']['network']['platform']['user']
group node['openstack']['network']['platform']['group']
mode 00640
notifies :restart, 'service[neutron-vpn-agent]', :immediately
variables(
service_config: service_conf
)
end
service 'neutron-vpn-agent' do
service_name platform_options['neutron_vpn_agent_service']
supports status: true, restart: true
action [:enable, :start]
subscribes :restart, [
'template[/etc/neutron/neutron.conf]',
"template[#{node['openstack']['network_vpnaas']['config_file']}]"
]
end

View File

@ -1,26 +0,0 @@
# Encoding: utf-8
require_relative 'spec_helper'
describe 'openstack-network::balancer' do
describe 'suse' do
let(:runner) { ChefSpec::SoloRunner.new(SUSE_OPTS) }
let(:node) { runner.node }
let(:chef_run) do
node.set['openstack']['compute']['network']['service_type'] = 'neutron'
node.set['openstack']['network']['lbaas']['enabled'] = 'True'
runner.converge(described_recipe)
end
include_context 'neutron-stubs'
['openstack-neutron-lbaas-agent'].each do |pack|
it "upgrades #{pack} package" do
expect(chef_run).to upgrade_package(pack)
end
end
it 'enables agent service' do
expect(chef_run).to enable_service('neutron-lb-agent')
end
end
end

View File

@ -1,90 +0,0 @@
# Encoding: utf-8
require_relative 'spec_helper'
describe 'openstack-network::balancer' do
describe 'ubuntu' do
let(:runner) { ChefSpec::SoloRunner.new(UBUNTU_OPTS) }
let(:node) { runner.node }
let(:chef_run) do
node.set['openstack']['compute']['network']['service_type'] = 'neutron'
node.set['openstack']['network']['lbaas']['enabled'] = 'True'
runner.converge(described_recipe)
end
include_context 'neutron-stubs'
it 'subscribes the agent service to its relevant config files' do
expect(chef_run.service('neutron-lb-agent')).to subscribe_to('template[/etc/neutron/neutron.conf]').delayed
end
it 'does not upgrade neutron-lbaas-agent when nova networking.' do
node.override['openstack']['compute']['network']['service_type'] = 'nova'
expect(chef_run).to_not upgrade_package('neutron-lbaas-agent')
end
['haproxy', 'neutron-lbaas-agent'].each do |pack|
it "upgrades #{pack} package" do
expect(chef_run).to upgrade_package(pack)
end
end
it 'enables agent service' do
expect(chef_run).to enable_service('neutron-lb-agent')
end
describe 'lbaas_agent.ini' do
let(:file) { chef_run.template('/etc/neutron/lbaas_agent.ini') }
it 'creates lbaas_agent.ini' do
expect(chef_run).to create_template(file.name).with(
user: 'neutron',
group: 'neutron',
mode: 0640
)
end
context 'template contents' do
it_behaves_like 'custom template banner displayer' do
let(:file_name) { file.name }
end
it 'displays the debug setting' do
node.set['openstack']['network']['debug'] = 'debug_value'
expect(chef_run).to render_file(file.name).with_content(/^debug = debug_value$/)
end
it 'displays the lbaas device_driver setting' do
node.set['openstack']['network']['lbaas']['device_driver'] = 'device_driver_value'
expect(chef_run).to render_file(file.name).with_content(/^device_driver = device_driver_value$/)
end
it 'displays the interface driver setting for ovs lbaas plugin' do
node.set['openstack']['network']['lbaas_plugin'] = 'ovs'
node.set['openstack']['network']['lbaas']['ovs_use_veth'] = 'True'
expect(chef_run).to render_file(file.name).with_content(/^interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver$/)
expect(chef_run).to render_file(file.name).with_content(/^ovs_use_veth = True$/)
end
it 'displays the interface driver setting for linuxbridge lbaas plugin' do
node.set['openstack']['network']['lbaas_plugin'] = 'linuxbridge'
expect(chef_run).to render_file(file.name).with_content(/^interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver$/)
end
it 'displays a null interface driver setting for other lbaas plugins' do
node.set['openstack']['network']['lbaas_plugin'] = 'another_lbaas-plugin'
node.set['openstack']['network']['lbaas']['custom_interface_driver'] = 'custom_driver'
expect(chef_run).to render_file(file.name).with_content(/^interface_driver = custom_driver$/)
end
it 'displays user_group as nogroup' do
expect(chef_run).to render_file(file.name).with_content(/^user_group = nogroup$/)
end
end
it 'notifies the lb agent service' do
expect(file).to notify('service[neutron-lb-agent]').to(:restart).delayed
end
end
end
end

View File

@ -1,61 +0,0 @@
# Encoding: utf-8
require_relative 'spec_helper'
describe 'openstack-network::build_openvswitch_source' do
describe 'ubuntu' do
let(:runner) { ChefSpec::SoloRunner.new(UBUNTU_OPTS) }
let(:node) { runner.node }
let(:chef_run) do
node.set['openstack']['compute']['network']['service_type'] = 'neutron'
runner.converge('openstack-network::openvswitch')
runner.converge(described_recipe)
end
let(:ovs_switch) { chef_run.dpkg_package('openvswitch-switch') }
let(:ovs_dkms) { chef_run.dpkg_package('openvswitch-datapath-dkms') }
let(:ovs_pki) { chef_run.dpkg_package('openvswitch-pki') }
let(:ovs_common) { chef_run.dpkg_package('openvswitch-common') }
include_context 'neutron-stubs'
it 'does not install openvswitch build dependencies when nova networking' do
node.override['openstack']['compute']['network']['service_type'] = 'nova'
%w(build-essential pkg-config fakeroot libssl-dev openssl debhelper autoconf).each do |pkg|
expect(chef_run).to_not install_package(pkg)
end
end
# since our mocked version of ubuntu is precise, our compile
# utilities should be installed to build OVS from source
it 'installs openvswitch build dependencies' do
%w(build-essential pkg-config fakeroot libssl-dev openssl debhelper autoconf dkms python-all python-qt4 python-zopeinterface python-twisted-conch).each do |pkg|
expect(chef_run).to install_package(pkg)
end
end
it 'installs openvswitch switch dpkg' do
ovs_switch.source.should include 'openvswitch-switch_1.10.2-1_amd64.deb'
ovs_switch.action.should eq [:nothing]
expect(chef_run).to_not install_dpkg_package(ovs_switch.name)
end
it 'installs openvswitch datapath dkms dpkg' do
ovs_dkms.source.should include 'openvswitch-datapath-dkms_1.10.2-1_all.deb'
ovs_dkms.action.should eq [:nothing]
expect(chef_run).to_not install_dpkg_package(ovs_dkms.name)
end
it 'installs openvswitch pki dpkg' do
ovs_pki.source.should include 'openvswitch-pki_1.10.2-1_all.deb'
ovs_pki.action.should eq [:nothing]
expect(chef_run).to_not install_dpkg_package(ovs_pki.name)
end
it 'installs openvswitch common dpkg' do
ovs_common.source.should include 'openvswitch-common_1.10.2-1_amd64.deb'
ovs_common.action.should eq [:nothing]
expect(chef_run).to_not install_dpkg_package(ovs_common.name)
end
end
end

View File

@ -1,4 +1,3 @@
# encoding: UTF-8
require_relative 'spec_helper'
describe 'openstack-network::client' do

View File

@ -24,44 +24,69 @@ describe 'openstack-network::db_migration' do
timeout: 1234
)
end
it 'uses db upgrade head when vpnaas is enabled' do
node.set['openstack']['network']['enable_vpn'] = true
migrate_cmd = %r{neutron-db-manage --service vpnaas --config-file /etc/neutron/neutron.conf|
describe 'run db-migration when services are enabled' do
before do
node.set['openstack']['network_vpnaas']['enabled'] = true
node.set['openstack']['network_fwaas']['enabled'] = true
node.set['openstack']['network_lbaas']['enabled'] = true
node.set['openstack']['network']['core_plugin_config_file'] = '/etc/neutron/plugins/ml2/ml2_conf.ini'
end
it 'uses db upgrade head when vpnaas is enabled' do
migrate_cmd = %r{neutron-db-manage --service vpnaas --config-file /etc/neutron/neutron.conf|
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head}
expect(chef_run).to run_bash('migrate vpnaas database').with(
code: migrate_cmd,
timeout: 3600
)
end
it 'uses db upgrade head when lbaas is enabled' do
migrate_cmd = %r{neutron-db-manage --service lbaas --config-file /etc/neutron/neutron.conf|
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head}
expect(chef_run).to run_bash('migrate vpnaas database').with(code: migrate_cmd)
expect(chef_run).to run_bash('migrate lbaas database').with(
code: migrate_cmd,
timeout: 3600
)
end
it 'uses db upgrade head when fwaas is enabled' do
migrate_cmd = %r{neutron-db-manage --service fwaas --config-file /etc/neutron/neutron.conf|
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head}
expect(chef_run).to run_bash('migrate fwaas database').with(
code: migrate_cmd,
timeout: 3600
)
end
end
describe 'run db-migration when services are enabled' do
before do
node.set['openstack']['network']['core_plugin_config_file'] = '/etc/neutron/plugins/ml2/ml2_conf.ini'
end
it 'does not use db upgrade head when vpnaas is not enabled' do
migrate_cmd = %r{neutron-db-manage --service vpnaas --config-file /etc/neutron/neutron.conf|
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head}
expect(chef_run).not_to run_bash('migrate vpnaas database').with(code: migrate_cmd)
end
it 'does not use db upgrade head when vpnaas is not enabled' do
migrate_cmd = %r{neutron-db-manage --service vpnaas --config-file /etc/neutron/neutron.conf|
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head}
expect(chef_run).not_to run_bash('migrate vpnaas database').with(
code: migrate_cmd,
timeout: 3600
)
end
it 'uses db upgrade head when fwaas is enabled' do
node.set['openstack']['network']['fwaas']['enabled'] = 'True'
migrate_cmd = %r{neutron-db-manage --service fwaas --config-file /etc/neutron/neutron.conf|
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head}
expect(chef_run).to run_bash('migrate fwaas database').with(code: migrate_cmd)
end
it 'does not use db upgrade head when fwaas is not enabled' do
migrate_cmd = %r{neutron-db-manage --service fwaas --config-file /etc/neutron/neutron.conf|
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head}
expect(chef_run).not_to run_bash('migrate fwaas database').with(
code: migrate_cmd,
timeout: 3600
)
end
it 'does not use db upgrade head when fwaas is not enabled' do
migrate_cmd = %r{neutron-db-manage --service fwaas --config-file /etc/neutron/neutron.conf|
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head}
expect(chef_run).not_to run_bash('migrate fwaas database').with(code: migrate_cmd)
end
it 'uses db upgrade head when lbaas is enabled' do
node.set['openstack']['network']['lbaas']['enabled'] = 'True'
migrate_cmd = %r{neutron-db-manage --service lbaas --config-file /etc/neutron/neutron.conf|
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head}
expect(chef_run).to run_bash('migrate lbaas database').with(code: migrate_cmd)
end
it 'does not use db upgrade head when lbaas is not enabled' do
migrate_cmd = %r{neutron-db-manage --service lbaas --config-file /etc/neutron/neutron.conf|
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head}
expect(chef_run).not_to run_bash('migrate lbaas database').with(code: migrate_cmd)
it 'does not use db upgrade head when lbaas is not enabled' do
migrate_cmd = %r{neutron-db-manage --service lbaas --config-file /etc/neutron/neutron.conf|
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head}
expect(chef_run).not_to run_bash('migrate lbaas database').with(
code: migrate_cmd,
timeout: 3600
)
end
end
end
end

View File

@ -6,8 +6,6 @@ describe 'openstack-network' do
let(:runner) { ChefSpec::SoloRunner.new(REDHAT_OPTS) }
let(:node) { runner.node }
let(:chef_run) do
node.set['openstack']['compute']['network']['service_type'] = 'neutron'
runner.converge(described_recipe)
end
@ -16,20 +14,8 @@ describe 'openstack-network' do
it 'upgrades mysql python package' do
expect(chef_run).to upgrade_package('MySQL-python')
end
describe 'ml2_conf.ini' do
let(:file) { chef_run.template('/etc/neutron/plugins/ml2/ml2_conf.ini') }
it 'create plugin.ini symlink' do
expect(chef_run).to create_link('/etc/neutron/plugin.ini').with(
to: file.name,
owner: 'neutron',
group: 'neutron'
)
end
it 'does not include the ovs section' do
expect(chef_run).not_to render_file(file.name).with_content(/^[OVS]/)
end
it 'upgrades openstack-neutron-ml2 package' do
expect(chef_run).to upgrade_package('openstack-neutron-ml2')
end
end
end

File diff suppressed because it is too large Load Diff

View File

@ -5,7 +5,7 @@ describe 'openstack-network::dhcp_agent' do
describe 'centos' do
let(:runner) { ChefSpec::SoloRunner.new(CENTOS_OPTS) }
let(:node) { runner.node }
let(:chef_run) do
cached(:chef_run) do
node.set['openstack']['compute']['network']['service_type'] = 'neutron'
runner.converge(described_recipe)
end
@ -14,12 +14,6 @@ describe 'openstack-network::dhcp_agent' do
include_context 'neutron-stubs'
it 'does not install openstack-neutron-dhcp-agent when nova networking' do
node.override['openstack']['compute']['network']['service_type'] = 'nova'
expect(chef_run).to_not upgrade_package('neutron-dhcp-agent')
end
it 'upgrades neutron dhcp package' do
expect(chef_run).to upgrade_package('openstack-neutron')
end
@ -42,11 +36,11 @@ describe 'openstack-network::dhcp_agent' do
end
it 'should notify dhcp agent to restart immediately' do
expect(chef_run.rpm_package('dnsmasq')).to notify('service[neutron-dhcp-agent]').to(:restart).immediately
expect(chef_run.rpm_package('dnsmasq')).to notify('service[neutron-dhcp-agent]').to(:restart).delayed
end
it 'should not have the correct dnsmasq remote file when no version' do
node.set['openstack']['network']['dhcp']['dnsmasq_rpm_version'] = ''
node.set['openstack']['network']['dnsmasq']['rpm_version'] = ''
expect(chef_run).not_to create_remote_file("#{Chef::Config[:file_cache_path]}/2.65-1.el6.rfx.x86_64")
end
@ -60,10 +54,6 @@ describe 'openstack-network::dhcp_agent' do
mode: 0644
)
end
it_behaves_like 'dhcp agent template configurator' do
let(:file_name) { file.name }
end
end
describe '/etc/neutron/dnsmasq.conf' do
@ -76,10 +66,6 @@ describe 'openstack-network::dhcp_agent' do
mode: 0644
)
end
it_behaves_like 'dnsmasq template configurator' do
let(:file_name) { file.name }
end
end
end
end

View File

@ -1,66 +0,0 @@
# Encoding: utf-8
require_relative 'spec_helper'
describe 'openstack-network::dhcp_agent' do
describe 'suse' do
let(:runner) { ChefSpec::SoloRunner.new(SUSE_OPTS) }
let(:node) { runner.node }
let(:chef_run) do
node.set['openstack']['compute']['network']['service_type'] = 'neutron'
runner.converge(described_recipe)
end
include_context 'neutron-stubs'
it 'does not install openstack-neutron-dhcp-agent when nova networking' do
node.override['openstack']['compute']['network']['service_type'] = 'nova'
expect(chef_run).to_not upgrade_package('openstack-neutron-dhcp-agent')
end
it 'upgrades neutron dhcp package' do
expect(chef_run).to upgrade_package('openstack-neutron-dhcp-agent')
end
it 'upgrades plugin packages' do
expect(chef_run).not_to upgrade_package(/openvswitch/)
expect(chef_run).not_to upgrade_package(/plugin/)
end
it 'starts the dhcp agent on boot' do
expect(chef_run).to enable_service('openstack-neutron-dhcp-agent')
end
describe '/etc/neutron/dhcp_agent.ini' do
let(:file) { chef_run.template('/etc/neutron/dhcp_agent.ini') }
it 'creates dhcp_agent.ini' do
expect(chef_run).to create_template(file.name).with(
user: 'openstack-neutron',
group: 'openstack-neutron',
mode: 0644
)
end
it_behaves_like 'dhcp agent template configurator' do
let(:file_name) { file.name }
end
end
describe '/etc/neutron/dnsmasq.conf' do
let(:file) { chef_run.template('/etc/neutron/dnsmasq.conf') }
it 'creates dnsmasq.conf' do
expect(chef_run).to create_template(file.name).with(
user: 'openstack-neutron',
group: 'openstack-neutron',
mode: 0644
)
end
it_behaves_like 'dnsmasq template configurator' do
let(:file_name) { file.name }
end
end
end
end

View File

@ -9,13 +9,10 @@ describe 'openstack-network::dhcp_agent' do
node.set['openstack']['compute']['network']['service_type'] = 'neutron'
runner.converge(described_recipe)
end
include_context 'neutron-stubs'
it 'does not include recipe openstack-network::comon when nova networking' do
node.override['openstack']['compute']['network']['service_type'] = 'nova'
expect(chef_run).to_not include_recipe('openstack-network')
it do
expect(chef_run).to include_recipe('openstack-network')
end
it 'subscribes the agent service to neutron.conf' do
@ -26,27 +23,10 @@ describe 'openstack-network::dhcp_agent' do
expect(chef_run).to upgrade_package 'neutron-dhcp-agent'
end
it 'upgrades plugin package' do
expect(chef_run).to upgrade_package 'neutron-plugin-ml2'
end
it 'starts the dhcp agent on boot' do
expect(chef_run).to enable_service 'neutron-dhcp-agent'
end
describe '/etc/neutron/plugins' do
let(:dir) { chef_run.directory('/etc/neutron/plugins') }
it 'creates /etc/neutron/plugins' do
expect(chef_run).to create_directory(dir.name).with(
user: 'neutron',
group: 'neutron',
mode: 0700
)
end
end
describe '/etc/neutron/dhcp_agent.ini' do
describe 'dhcp_agent.ini' do
let(:file) { chef_run.template('/etc/neutron/dhcp_agent.ini') }
it 'creates dhcp_agent.ini' do
@ -56,16 +36,7 @@ describe 'openstack-network::dhcp_agent' do
mode: 0644
)
end
it_behaves_like 'dhcp agent template configurator' do
let(:file_name) { file.name }
end
it 'notifies the dhcp agent service' do
expect(file).to notify('service[neutron-dhcp-agent]').to(:restart).immediately
end
end
describe '/etc/neutron/dnsmasq.conf' do
let(:file) { chef_run.template('/etc/neutron/dnsmasq.conf') }
@ -76,14 +47,6 @@ describe 'openstack-network::dhcp_agent' do
mode: 0644
)
end
it_behaves_like 'dnsmasq template configurator' do
let(:file_name) { file.name }
end
it 'notifies the dhcp agent service' do
expect(file).to notify('service[neutron-dhcp-agent]').to(:restart).delayed
end
end
end
end

View File

@ -1,24 +0,0 @@
# Encoding: utf-8
require_relative 'spec_helper'
describe 'openstack-network::hyperv' do
describe 'redhat' do
let(:runner) { ChefSpec::SoloRunner.new(REDHAT_OPTS) }
let(:node) { runner.node }
let(:chef_run) do
node.set['openstack']['compute']['network']['service_type'] = 'neutron'
runner.converge(described_recipe)
end
include_context 'neutron-stubs'
it 'does not install neutron hyperv package when hyperv mech_driver is not included' do
expect(chef_run).not_to upgrade_package('networking-hyperv')
end
it 'install neutron hyperv package when hyperv mech_driver is included' do
node.set['openstack']['network']['ml2']['mechanism_drivers'] = 'hyperv'
expect(chef_run).to upgrade_package('networking-hyperv')
end
end
end

View File

@ -1,24 +0,0 @@
# Encoding: utf-8
require_relative 'spec_helper'
describe 'openstack-network::hyperv' do
describe 'suse' do
let(:runner) { ChefSpec::SoloRunner.new(SUSE_OPTS) }
let(:node) { runner.node }
let(:chef_run) do
node.set['openstack']['compute']['network']['service_type'] = 'neutron'
runner.converge(described_recipe)
end
include_context 'neutron-stubs'
it 'does not install neutron hyperv package when hyperv mech_driver is not included' do
expect(chef_run).not_to upgrade_package('networking-hyperv')
end
it 'install neutron hyperv package when hyperv mech_driver is included' do
node.set['openstack']['network']['ml2']['mechanism_drivers'] = 'hyperv'
expect(chef_run).to upgrade_package('networking-hyperv')
end
end
end

View File

@ -1,24 +0,0 @@
# Encoding: utf-8
require_relative 'spec_helper'
describe 'openstack-network::hyperv' do
describe 'ubuntu' do
let(:runner) { ChefSpec::SoloRunner.new(UBUNTU_OPTS) }
let(:node) { runner.node }
let(:chef_run) do
node.set['openstack']['compute']['network']['service_type'] = 'neutron'
runner.converge(described_recipe)
end
include_context 'neutron-stubs'
it 'does not install neutron hyperv package when hyperv mech_driver is not included' do
expect(chef_run).not_to upgrade_package('networking-hyperv')
end
it 'install neutron hyperv package when hyperv mech_driver is included' do
node.set['openstack']['network']['ml2']['mechanism_drivers'] = 'hyperv'
expect(chef_run).to upgrade_package('networking-hyperv')
end
end
end

View File

@ -13,14 +13,6 @@ describe 'openstack-network::identity_registration' do
include_context 'neutron-stubs'
it 'does not do network service registrations when nova networking' do
node.override['openstack']['compute']['network']['service_type'] = 'nova'
expect(chef_run).not_to create_service_openstack_identity_register(
'Register Network API Service'
)
end
it 'registers network service' do
expect(chef_run).to create_service_openstack_identity_register(
'Register Network API Service'
@ -52,9 +44,10 @@ describe 'openstack-network::identity_registration' do
general_url = 'http://general.host:456/general_path'
# Set the general endpoint
node.set['openstack']['endpoints']['network-api']['uri'] = general_url
node.set['openstack']['endpoints']['network']['internal']['uri'] = general_url
node.set['openstack']['endpoints']['network']['public']['uri'] = general_url
# Set the admin endpoint override
node.set['openstack']['endpoints']['admin']['network-api']['uri'] = admin_url
node.set['openstack']['endpoints']['network']['admin']['uri'] = admin_url
expect(chef_run).to create_endpoint_openstack_identity_register(
'Register Network Endpoint'
).with(
@ -73,9 +66,10 @@ describe 'openstack-network::identity_registration' do
general_url = 'http://general.host:456/general_path'
# Set the general endpoint
node.set['openstack']['endpoints']['network-api']['uri'] = general_url
node.set['openstack']['endpoints']['network']['internal']['uri'] = general_url
# Set the public endpoint override
node.set['openstack']['endpoints']['public']['network-api']['uri'] = public_url
node.set['openstack']['endpoints']['network']['public']['uri'] = public_url
node.set['openstack']['endpoints']['network']['admin']['uri'] = general_url
expect(chef_run).to create_endpoint_openstack_identity_register(
'Register Network Endpoint'
).with(
@ -94,9 +88,10 @@ describe 'openstack-network::identity_registration' do
general_url = 'http://general.host:456/general_path'
# Set the general endpoint
node.set['openstack']['endpoints']['network-api']['uri'] = general_url
node.set['openstack']['endpoints']['network']['admin']['uri'] = general_url
# Set the internal endpoint override
node.set['openstack']['endpoints']['internal']['network-api']['uri'] = internal_url
node.set['openstack']['endpoints']['network']['internal']['uri'] = internal_url
node.set['openstack']['endpoints']['network']['public']['uri'] = general_url
expect(chef_run).to create_endpoint_openstack_identity_register(
'Register Network Endpoint'
).with(
@ -115,9 +110,9 @@ describe 'openstack-network::identity_registration' do
internal_url = 'http://internal.host:456/internal_path'
public_url = 'https://public.host:789/public_path'
node.set['openstack']['endpoints']['internal']['network-api']['uri'] = internal_url
node.set['openstack']['endpoints']['public']['network-api']['uri'] = public_url
node.set['openstack']['endpoints']['admin']['network-api']['uri'] = admin_url
node.set['openstack']['endpoints']['network']['internal']['uri'] = internal_url
node.set['openstack']['endpoints']['network']['public']['uri'] = public_url
node.set['openstack']['endpoints']['network']['admin']['uri'] = admin_url
expect(chef_run).to create_endpoint_openstack_identity_register(
'Register Network Endpoint'

View File

@ -13,13 +13,10 @@ describe 'openstack-network::l3_agent' do
include_context 'neutron-stubs'
['openstack-neutron', 'iproute', 'radvd', 'openstack-neutron-fwaas', 'keepalived'].each do |pack|
it "upgrades #{pack} package" do
expect(chef_run).to upgrade_package(pack)
it 'upgrades neutron ml2_ovs packages' do
%w(openstack-neutron iproute radvd keepalived).each do |pkg|
expect(chef_run).to upgrade_package(pkg)
end
end
it 'upgrades neutron fwaas package' do
expect(chef_run).to upgrade_package('openstack-neutron-fwaas')
end
end
end

View File

@ -7,206 +7,115 @@ describe 'openstack-network::l3_agent' do
let(:node) { runner.node }
let(:chef_run) do
node.set['openstack']['compute']['network']['service_type'] = 'neutron'
node.set['openstack']['network']['l3']['external_network_bridge_interface'] = 'eth1'
node.set['openstack']['network_l3']['external_network_bridge_interface'] = 'eth1'
runner.converge(described_recipe)
end
describe 'recipe' do
include_context 'neutron-stubs'
before do
stub_command('ovs-vsctl br-exists br-ex').and_return(false)
end
include_context 'neutron-stubs'
it 'starts the l3 agent on boot' do
expect(chef_run).to enable_service('neutron-l3-agent')
end
it 'subscribes the l3 agent service to neutron.conf' do
expect(chef_run.service('neutron-l3-agent')).to subscribe_to('template[/etc/neutron/neutron.conf]').delayed
end
it 'does not install neutron l3 package when nova networking' do
node.override['openstack']['compute']['network']['service_type'] = 'nova'
expect(chef_run).to_not upgrade_package('neutron-l3-agent')
end
['neutron-l3-agent', 'radvd', 'keepalived'].each do |pack|
it "upgrades #{pack} package" do
expect(chef_run).to upgrade_package(pack)
end
end
describe 'gateway_external_network_id' do
before do
node.set['openstack']['network']['l3']['gateway_external_network_name'] = 'public'
it 'starts the l3 agent on boot' do
expect(chef_run).to enable_service('neutron-l3-agent')
end
it 'looks up and sets the id attribute if needed' do
node.set['openstack']['network']['l3']['gateway_external_network_id'] = nil
chef_run.ruby_block('query gateway external network uuid').old_run_action(:create)
expect(chef_run.node['openstack']['network']['l3']['gateway_external_network_id']).to eq '000-NET-UUID-FROM-CLI'
it 'subscribes the l3 agent service to neutron.conf' do
expect(chef_run.service('neutron-l3-agent')).to subscribe_to('template[/etc/neutron/neutron.conf]').delayed
end
%w(neutron-l3-agent radvd keepalived).each do |pkg|
it "upgrades #{pkg} package" do
expect(chef_run).to upgrade_package(pkg)
end
end
it 'uses the id attribute if it is already set' do
node.set['openstack']['network']['l3']['gateway_external_network_id'] = '000-NET-UUID-ALREADY-SET'
chef_run.ruby_block('query gateway external network uuid').old_run_action(:create)
expect(chef_run.node['openstack']['network']['l3']['gateway_external_network_id']).to eq '000-NET-UUID-ALREADY-SET'
end
end
describe 'l3_agent.ini' do
let(:file) { chef_run.template('/etc/neutron/l3_agent.ini') }
describe 'l3_agent.ini' do
let(:file) { chef_run.template('/etc/neutron/l3_agent.ini') }
it 'creates l3_agent.ini' do
expect(chef_run).to create_template(file.name).with(
user: 'neutron',
group: 'neutron',
mode: 0640
)
end
context 'template contents' do
it_behaves_like 'custom template banner displayer' do
let(:file_name) { file.name }
it 'creates l3_agent.ini' do
expect(chef_run).to create_template(file.name).with(
user: 'neutron',
group: 'neutron',
mode: 0640
)
end
it_behaves_like 'common network attributes displayer' do
let(:file_name) { file.name }
end
context 'template contents' do
it_behaves_like 'common network attributes displayer', 'l3' do
let(:file_name) { file.name }
end
%w(handle_internal_only_routers metadata_port send_arp_for_ha periodic_interval
periodic_fuzzy_delay router_delete_namespaces).each do |attr|
it "displays the #{attr} l3 attribute" do
node.set['openstack']['network']['l3'][attr] = "network_l3_#{attr}_value"
expect(chef_run).to render_file(file.name).with_content(/^#{attr} = network_l3_#{attr}_value$/)
it 'displays the external_network_bridge l3 attribute' do
node.set['openstack']['network_l3']['conf']['DEFAULT']['external_network_bridge'] = 'network_l3_external_network_bridge_value'
stub_command('ovs-vsctl br-exists network_l3_external_network_bridge_value').and_return(false)
expect(chef_run).to render_file(file.name).with_content(/^external_network_bridge = network_l3_external_network_bridge_value$/)
end
end
it 'displays the external_network_bridge l3 attribute' do
node.set['openstack']['network']['l3']['external_network_bridge'] = 'network_l3_external_network_bridge_value'
stub_command('ovs-vsctl br-exists network_l3_external_network_bridge_value').and_return(false)
expect(chef_run).to render_file(file.name).with_content(/^external_network_bridge = network_l3_external_network_bridge_value$/)
it 'notifies the l3 agent service' do
expect(file).to notify('service[neutron-l3-agent]').to(:restart).delayed
end
it 'sets the agent_mode attribute to dvr_snat' do
node.set['openstack']['network']['l3']['router_distributed'] = true
allow_any_instance_of(Chef::Recipe).to receive(:recipe_included?).with('openstack-network::server').and_return(true)
expect(chef_run).to render_config_file(file.name).with_section_content('DEFAULT', /^agent_mode = dvr_snat$/)
end
it 'sets the agent_mode attribute to dvr' do
node.set['openstack']['network']['l3']['router_distributed'] = true
allow_any_instance_of(Chef::Recipe).to receive(:recipe_included?).with('openstack-network::server').and_return(false)
allow_any_instance_of(Chef::Recipe).to receive(:recipe_included?).with('openstack-compute::compute').and_return(true)
expect(chef_run).to render_config_file(file.name).with_section_content('DEFAULT', /^agent_mode = dvr$/)
end
it 'sets the ha_vrrp_advert_int attribute' do
node.set['openstack']['network']['l3']['ha']['ha_vrrp_advert_int'] = 'ha_vrrp_advert_int_value'
expect(chef_run).to render_config_file(file.name).with_section_content('DEFAULT', /^ha_vrrp_advert_int = ha_vrrp_advert_int_value$/)
end
%w(router_id gateway_external_network_id).each do |conditional_attr|
it "displays the #{conditional_attr} attribute when present" do
node.set['openstack']['network']['l3'][conditional_attr] = "network_l3_#{conditional_attr}_value"
expect(chef_run).to render_file(file.name).with_content(/^#{conditional_attr} = network_l3_#{conditional_attr}_value$/)
end
it "does not display the #{conditional_attr} attribute if not set" do
node.set['openstack']['network']['l3'][conditional_attr] = nil
expect(chef_run).not_to render_file(file.name).with_content(/^#{conditional_attr} = /)
end
end
end
it 'notifies the l3 agent service' do
expect(file).to notify('service[neutron-l3-agent]').to(:restart).immediately
end
end
describe 'fwaas_driver.ini' do
let(:file) { chef_run.template('/etc/neutron/fwaas_driver.ini') }
it 'creates fwaas_driver.ini' do
expect(chef_run).to create_template(file.name).with(
user: 'neutron',
group: 'neutron',
mode: 0640
)
end
context 'template contents' do
it_behaves_like 'custom template banner displayer' do
let(:file_name) { file.name }
end
it 'displays the fwaas section attributes when fwaas is enabled' do
node.set['openstack']['network']['fwaas']['enabled'] = 'True'
[/^driver = neutron_fwaas.services.firewall.drivers.linux.iptables_fwaas.IptablesFwaasDriver$/, /^enabled = True$/].each do |line|
expect(chef_run).to render_config_file(file.name).with_section_content('fwaas', line)
end
end
it 'displays the fwaas section attributes when fwaas is not enabled' do
[/^driver = neutron_fwaas.services.firewall.drivers.linux.iptables_fwaas.IptablesFwaasDriver$/, /^enabled = False$/].each do |line|
expect(chef_run).to render_config_file(file.name).with_section_content('fwaas', line)
end
end
end
it 'upgrades neutron fwaas package' do
expect(chef_run).to upgrade_package('python-neutron-fwaas')
end
it 'notifies the l3 agent service when vpn is not enabled' do
node.set['openstack']['network']['enable_vpn'] = false
expect(file).to notify('service[neutron-l3-agent]').to(:restart).immediately
end
end
describe 'create ovs bridges' do
let(:cmd) { 'ovs-vsctl add-br br-ex' }
let(:create_ex_br_name) { 'create external network bridge' }
let(:enable_ex_br_int_name) { 'enable external_network_bridge_interface' }
let(:iplink) { 'ip link set eth1 up && ovs-vsctl --may-exist add-port br-ex eth1' }
it 'does not add the external bridge and disable external_network_bridge_interface if external_network_bridge is empty' do
node.set['openstack']['network']['l3']['external_network_bridge'] = ''
expect(chef_run).not_to run_execute(cmd)
expect(chef_run).not_to run_execute(iplink)
include_context 'neutron-stubs'
context 'interface driver unset' do
before do
node.set['openstack']['network_l3']['conf']['DEFAULT']['interface_driver'] = nil
end
end
it 'does not add the external bridge if it already exists' do
stub_command(/ovs-vsctl br-exists br-ex/).and_return(true)
stub_command(/ip link show eth1/).and_return(true)
expect(chef_run).not_to run_execute(cmd)
expect(chef_run).to run_execute(iplink)
end
it 'disable external_network_bridge_interface if the physical interface does not exist' do
stub_command(/ovs-vsctl br-exists br-ex/).and_return(false)
stub_command(/ip link show eth1/).and_return(false)
expect(chef_run).to run_execute(cmd)
expect(chef_run).not_to run_execute(iplink)
end
it 'adds the external bridge if it does not yet exist' do
stub_command(/ovs-vsctl br-exists br-ex/).and_return(false)
stub_command(/ip link show eth1/).and_return(true)
expect(chef_run).to run_execute(cmd)
expect(chef_run).to run_execute(iplink)
end
it 'enable external_network_bridge_interface if the physical interface exists' do
stub_command(/ovs-vsctl br-exists br-ex/).and_return(false)
stub_command(/ip link show eth1/).and_return(true)
expect(chef_run).to run_execute(cmd)
expect(chef_run).to run_execute(iplink)
context 'interface driver set' do
before do
node.set['openstack']['network_l3']['conf']['DEFAULT']['interface_driver'] =
'neutron.agent.linux.interface.OVSInterfaceDriver'
end
context 'ext_bridge and ext_bridge_iface unset' do
before do
node.set['openstack']['network_l3']['conf']['DEFAULT']['external_network_bridge'] = nil
node.set['openstack']['network_l3']['external_network_bridge_interface'] = nil
end
end
context 'ext_bridge and ext_bridge_iface are set' do
before do
node.set['openstack']['network_l3']['conf']['DEFAULT']['external_network_bridge'] = 'br-ex'
node.set['openstack']['network_l3']['external_network_bridge_interface'] = 'eth1'
stub_command(/ovs-vsctl add-br br-ex/)
end
context 'ext_bridge exists' do
before do
stub_command(/ovs-vsctl br-exists br-ex/).and_return(true)
end
it 'does not add ext_bridge' do
expect(chef_run).not_to run_execute(create_ex_br_name)
end
end
context 'ext_bridge doesnt exists' do
before do
stub_command(/ovs-vsctl br-exists br-ex/).and_return(false)
end
it 'does add ext_bridge' do
expect(chef_run).to run_execute(create_ex_br_name)
end
end
context 'ext_bridge_iface exists' do
before do
stub_command(/ip link show eth1/).and_return(true)
end
it 'does enable ext_bridge_iface' do
expect(chef_run).to run_execute(enable_ex_br_int_name)
end
end
context 'ext_bridge_iface doesnt exists' do
before do
stub_command(/ip link show eth1/).and_return(false)
end
it 'does not enable ext_bridge_iface' do
expect(chef_run).not_to run_execute(enable_ex_br_int_name)
end
end
end
end
end
end

View File

@ -1,7 +1,7 @@
# Encoding: utf-8
require_relative 'spec_helper'
describe 'openstack-network::balancer' do
describe 'openstack-network::lbaas' do
describe 'redhat' do
let(:runner) { ChefSpec::SoloRunner.new(REDHAT_OPTS) }
let(:node) { runner.node }

46
spec/lbaas_spec.rb Normal file
View File

@ -0,0 +1,46 @@
# Encoding: utf-8
require_relative 'spec_helper'
describe 'openstack-network::lbaas' do
describe 'ubuntu' do
let(:runner) { ChefSpec::SoloRunner.new(UBUNTU_OPTS) }
let(:node) { runner.node }
let(:chef_run) do
runner.converge(described_recipe)
end
include_context 'neutron-stubs'
it do
%w(python-neutron-lbaas neutron-lbaas-agent haproxy)
.each do |pkg|
expect(chef_run).to upgrade_package(pkg)
end
end
describe 'lbaas.conf' do
let(:file) { chef_run.template('/etc/neutron/lbaas_agent.ini') }
it do
expect(chef_run).to create_template(file.name).with(
user: 'neutron',
group: 'neutron',
mode: 00640
)
end
it 'blabla' do
[
/^periodic_interval = 10$/,
/^ovs_use_veth = false$/,
/^interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver$/,
/^device_driver = neutron_lbaas.services.loadbalancer.drivers.haproxy.namespace_driver.HaproxyNSDriver$/
].each do |line|
expect(chef_run).to render_file(file.name).with_content(line)
end
end
it do
expect(chef_run).to enable_service('neutron-lb-agent')
end
end
end
end

View File

@ -1,60 +0,0 @@
# Encoding: utf-8
require_relative 'spec_helper'
describe 'openstack-network::linuxbridge' do
describe 'redhat' do
let(:runner) { ChefSpec::SoloRunner.new(REDHAT_OPTS) }
let(:node) { runner.node }
let(:chef_run) do
node.set['openstack']['compute']['network']['service_type'] = 'neutron'
node.set['openstack']['network']['interface_driver'] = 'neutron.agent.linux.interface.BridgeInterfaceDriver'
node.set['openstack']['network']['core_plugin'] = 'neutron.plugins.linuxbridge.lb_neutron_plugin.LinuxBridgePluginV2'
runner.converge(described_recipe)
end
include_context 'neutron-stubs'
it 'does not install linuxbridge agent package when nova networking' do
node.override['openstack']['compute']['network']['service_type'] = 'nova'
expect(chef_run).to_not upgrade_package('openstack-neutron-linuxbridge')
end
it 'upgrades linuxbridge agent' do
expect(chef_run).to upgrade_package('openstack-neutron-linuxbridge')
end
it 'creates the /etc/neutron/plugins/linuxbridge agent directory' do
expect(chef_run).to create_directory('/etc/neutron/plugins/linuxbridge').with(
owner: 'neutron',
group: 'neutron',
mode: 0700
)
end
it 'sets the linuxbridge service to start on boot' do
expect(chef_run).to enable_service('neutron-linuxbridge-agent')
end
describe '/etc/neutron/plugins/linuxbridge/linuxbridge_conf.ini' do
let(:file) { chef_run.template('/etc/neutron/plugins/linuxbridge/linuxbridge_conf.ini') }
it 'creates linuxbridge_conf.ini' do
expect(chef_run).to create_template(file.name).with(
user: 'neutron',
group: 'neutron',
mode: 0644
)
end
it 'create plugin.ini symlink' do
expect(chef_run).to create_link('/etc/neutron/plugin.ini').with(
to: file.name,
owner: 'neutron',
group: 'neutron'
)
end
end
end
end

View File

@ -1,32 +0,0 @@
# Encoding: utf-8
require_relative 'spec_helper'
describe 'openstack-network::linuxbridge' do
describe 'suse' do
let(:runner) { ChefSpec::SoloRunner.new(SUSE_OPTS) }
let(:node) { runner.node }
let(:chef_run) do
node.set['openstack']['compute']['network']['service_type'] = 'neutron'
node.set['openstack']['network']['interface_driver'] = 'neutron.agent.linux.interface.BridgeInterfaceDriver'
node.set['openstack']['network']['core_plugin'] = 'neutron.plugins.linuxbridge.lb_neutron_plugin.LinuxBridgePluginV2'
runner.converge(described_recipe)
end
include_context 'neutron-stubs'
it 'does not install linuxbridge agent package when nova networking' do
node.override['openstack']['compute']['network']['service_type'] = 'nova'
expect(chef_run).to_not upgrade_package('openstack-neutron-linuxbridge-agent')
end
it 'upgrades linuxbridge agent' do
expect(chef_run).to upgrade_package('openstack-neutron-linuxbridge-agent')
end
it 'sets the linuxbridge service to start on boot' do
expect(chef_run).to enable_service('openstack-neutron-linuxbridge-agent')
end
end
end

View File

@ -1,44 +0,0 @@
# Encoding: utf-8
require_relative 'spec_helper'
describe 'openstack-network::linuxbridge' do
describe 'ubuntu' do
let(:runner) { ChefSpec::SoloRunner.new(UBUNTU_OPTS) }
let(:node) { runner.node }
let(:chef_run) do
node.set['openstack']['compute']['network']['service_type'] = 'neutron'
node.set['openstack']['network']['interface_driver'] = 'neutron.agent.linux.interface.BridgeInterfaceDriver'
node.set['openstack']['network']['core_plugin'] = 'neutron.plugins.linuxbridge.lb_neutron_plugin.LinuxBridgePluginV2'
runner.converge(described_recipe)
end
include_context 'neutron-stubs'
it 'does not install linuxbridge agent package when nova networking' do
node.override['openstack']['compute']['network']['service_type'] = 'nova'
expect(chef_run).to_not upgrade_package('neutron-plugin-linuxbridge-agent')
end
it 'upgrades linuxbridge agent' do
expect(chef_run).to upgrade_package('neutron-plugin-linuxbridge-agent')
end
it 'creates the /etc/neutron/plugins/linuxbridge agent directory' do
expect(chef_run).to create_directory('/etc/neutron/plugins/linuxbridge').with(
owner: 'neutron',
group: 'neutron',
mode: 0700
)
end
it 'sets the linuxbridge service to start on boot' do
expect(chef_run).to enable_service('neutron-plugin-linuxbridge-agent')
end
it 'subscribes the linuxbridge agent service to neutron.conf' do
expect(chef_run.service('neutron-plugin-linuxbridge-agent')).to subscribe_to('template[/etc/neutron/neutron.conf]').delayed
end
end
end

View File

@ -12,16 +12,12 @@ describe 'openstack-network::metadata_agent' do
include_context 'neutron-stubs'
it 'does not install neutron metadata agent when nova networking' do
node.override['openstack']['compute']['network']['service_type'] = 'nova'
expect(chef_run).to_not upgrade_package 'neutron-metadata-agent'
end
it 'upgrades neutron metadata agent' do
expect(chef_run).to upgrade_package 'neutron-metadata-agent'
end
it do
expect(chef_run).to enable_service('neutron-metadata-agent')
end
it 'subscribes the metadata agent service to neutron.conf' do
expect(chef_run.service('neutron-metadata-agent')).to subscribe_to('template[/etc/neutron/neutron.conf]').delayed
end
@ -38,62 +34,18 @@ describe 'openstack-network::metadata_agent' do
end
context 'template contents' do
it_behaves_like 'custom template banner displayer' do
let(:file_name) { file.name }
end
it 'sets the debug attribute' do
node.set['openstack']['network']['debug'] = 'debug_value'
expect(chef_run).to render_file(file.name).with_content(/^debug = debug_value$/)
end
context 'endpoint related attributes' do
it 'sets the auth_url attribute' do
expect(chef_run).to render_file(file.name).with_content(%r{^auth_url = http://127.0.0.1:5000/v2.0$})
end
end
it 'sets the auth_region attribute' do
node.set['openstack']['network']['region'] = 'auth_region_value'
expect(chef_run).to render_file(file.name).with_content(/^auth_region = auth_region_value$/)
end
it 'sets the admin_tenant_name attribute' do
node.set['openstack']['network']['service_tenant_name'] = 'admin_tenant_name_value'
expect(chef_run).to render_file(file.name).with_content(/^admin_tenant_name = admin_tenant_name_value$/)
end
it 'sets the admin_password attribute' do
allow_any_instance_of(Chef::Recipe).to receive(:get_password)
.with('service', 'openstack-network')
.and_return('admin_password_value')
expect(chef_run).to render_file(file.name).with_content(/^admin_password = admin_password_value$/)
end
it 'has default metadata ip and port options set' do
[/^nova_metadata_ip = 127.0.0.1$/,
/^nova_metadata_port = 8775$/].each do |line|
expect(chef_run).to render_file(file.name).with_content(line)
end
end
it 'sets the metadata_proxy_shared_secret attribute' do
node.set['openstack']['network']['metadata']['secret_name'] = 'network_metadata_secret'
allow_any_instance_of(Chef::Recipe).to receive(:get_password)
.with('token', 'network_metadata_secret')
.and_return('network_metadata_secret_value')
expect(chef_run).to render_file(file.name).with_content(/^metadata_proxy_shared_secret = network_metadata_secret_value$/)
end
it 'sets the metadata_workers attribute' do
node.set['openstack']['network']['metadata']['metadata_workers'] = 4
expect(chef_run).to render_config_file(file.name).with_section_content('DEFAULT', /^metadata_workers = 4$/)
expect(chef_run).to render_file(file.name).with_content(/^metadata_proxy_shared_secret = metadata-secret$/)
end
end
it 'notifies the metadata agent service' do
expect(file).to notify('service[neutron-metadata-agent]').to(:restart).immediately
expect(file).to notify('service[neutron-metadata-agent]').to(:restart).delayed
end
end
it do
expect(chef_run).to run_ruby_block('delete all attributes in '\
"node['openstack']['network_metadata']['conf_secrets']")
end
end
end

View File

@ -0,0 +1,51 @@
# pkg upgrade
# service
# Encoding: utf-8
require_relative 'spec_helper'
describe 'openstack-network::ml2_linuxbridge' do
describe 'ubuntu' do
let(:runner) { ChefSpec::SoloRunner.new(UBUNTU_OPTS) }
let(:node) { runner.node }
let(:chef_run) do
node.set['openstack']['compute']['network']['service_type'] = 'neutron'
runner.converge(described_recipe)
end
include_context 'neutron-stubs'
before do
node.set['openstack']['network']['plugins']['linuxbridge']['path'] =
'/etc/neutron/plugins/linuxbridge'
node.set['openstack']['network']['plugins']['linuxbridge']['filename'] =
'linuxbridge_conf.ini'
end
it 'creates the /etc/neutron/plugins/linuxbridge agent directory' do
expect(chef_run).to create_directory('/etc/neutron/plugins/linuxbridge').with(
owner: 'neutron',
group: 'neutron',
mode: 0700
)
end
it do
expect(chef_run).to include_recipe('openstack-network::plugin_config')
end
it_behaves_like 'plugin_config builder', 'linuxbridge'
it do
%w(neutron-plugin-linuxbridge neutron-plugin-linuxbridge-agent).each do |pkg|
expect(chef_run).to upgrade_package(pkg)
end
end
it do
expect(chef_run).to enable_service('neutron-plugin-linuxbridge-agent')
end
it do
service = chef_run.service('neutron-plugin-linuxbridge-agent')
expect(service).to(subscribe_to('template[/etc/neutron/neutron.conf]').on(:restart).delayed) && subscribe_to('template[/etc/neutron/plugins/linuxbridge/linuxbridge_conf.ini]').on(:restart).delayed
end
end
end

View File

@ -0,0 +1,27 @@
# Encoding: utf-8
require_relative 'spec_helper'
describe 'openstack-network::ml2_openvswitch' do
describe 'redhat' do
let(:runner) { ChefSpec::SoloRunner.new(REDHAT_OPTS) }
let(:node) { runner.node }
let(:chef_run) do
node.set['openstack']['compute']['network']['service_type'] = 'neutron'
node.set['openstack']['network']['core_plugin'] = 'neutron.plugins.openvswitch.ovs_neutron_plugin.OVSNeutronPluginV2'
runner.converge(described_recipe)
end
before do
node.set['openstack']['network']['plugins']['openvswitch']['path'] = '/etc/neutron/plugins/openvswitch'
node.set['openstack']['network']['plugins']['openvswitch']['filename'] = 'openvswitch_plugin.ini'
end
include_context 'neutron-stubs'
it 'upgrades neutron ml2_ovs packages' do
%w(openstack-neutron-openvswitch openvswitch).each do |pkg|
expect(chef_run).to upgrade_package(pkg)
end
end
it_behaves_like 'plugin_config builder', 'openvswitch'
end
end

View File

@ -0,0 +1,189 @@
# upgrade platform options
# upgrade platform options
# int bridge cmmd
# include recipe plugin_config
# service restart
# service restart
# execute cmd
# execute cmd
# Encoding: utf-8
require_relative 'spec_helper'
describe 'openstack-network::ml2_openvswitch' do
describe 'ubuntu' do
let(:runner) { ChefSpec::SoloRunner.new(UBUNTU_OPTS) }
let(:node) { runner.node }
let(:kmod_command) { '/usr/share/openvswitch/scripts/ovs-ctl force-reload-kmod' }
let(:chef_run) do
node.set['openstack']['compute']['network']['service_type'] = 'neutron'
node.set['openstack']['endpoints']['network-openvswitch']['bind_interface'] = 'eth0'
node.set['openstack']['network']['openvswitch']['integration_bridge'] = 'br-int'
node.set['openstack']['network']['core_plugin'] = 'neutron.plugins.openvswitch.ovs_neutron_plugin.OVSNeutronPluginV2'
node.automatic_attrs['kernel']['release'] = '1.2.3'
runner.converge(described_recipe)
end
describe 'recipe' do
include_context 'neutron-stubs'
before do
stub_command(/ip link show/)
stub_command('ovs-vsctl add-br br-eth1 -- add-port br-eth1 eth1')
stub_command('ovs-vsctl add-br br-int')
stub_command('ovs-vsctl add-br br-tun')
node.set['openstack']['network']['plugins']['ml2']['path'] = '/etc/neutron/plugins/ml2'
node.set['openstack']['network']['plugins']['ml2']['filename'] = 'openvswitch_agent.ini'
end
it 'upgrades openvswitch switch' do
expect(chef_run).to upgrade_package 'openvswitch-switch'
end
it 'upgrades openvswitch datapath dkms' do
expect(chef_run).to upgrade_package 'openvswitch-datapath-dkms'
end
it 'upgrades linux bridge utils' do
expect(chef_run).to upgrade_package 'bridge-utils'
end
it 'sets the openvswitch service to start on boot' do
expect(chef_run).to enable_service 'openvswitch-switch'
end
it 'start the openvswitch service' do
expect(chef_run).to start_service 'openvswitch-switch'
end
it 'upgrades openvswitch agent' do
expect(chef_run).to upgrade_package 'neutron-plugin-openvswitch-agent'
end
it 'sets the openvswitch service to start on boot' do
expect(chef_run).to enable_service 'neutron-plugin-openvswitch-agent'
end
it_behaves_like 'plugin_config builder', 'ml2'
it 'allows overriding the service names' do
node.set['openstack']['network']['platform']['neutron_openvswitch_service'] = 'my-ovs-server'
node.set['openstack']['network']['platform']['neutron_openvswitch_agent_service'] = 'my-ovs-agent'
%w(my-ovs-server my-ovs-agent).each do |service|
expect(chef_run).to enable_service service
end
end
it 'allows overriding package options' do
node.set['openstack']['network']['platform']['package_overrides'] = '--my-override1 --my-override2'
%w(openvswitch-switch openvswitch-datapath-dkms neutron-plugin-openvswitch neutron-plugin-openvswitch-agent).each do |pkg|
expect(chef_run).to upgrade_package(pkg).with(options: '--my-override1 --my-override2')
end
end
it 'allows overriding package names' do
node.set['openstack']['network']['platform']['neutron_openvswitch_packages'] = ['my-openvswitch', 'my-other-openvswitch']
node.set['openstack']['network']['platform']['neutron_openvswitch_agent_packages'] = ['my-openvswitch-agent', 'my-other-openvswitch-agent']
%w(my-openvswitch my-other-openvswitch my-openvswitch-agent my-other-openvswitch-agent).each do |pkg|
expect(chef_run).to upgrade_package(pkg)
end
end
it 'does not create execute resource when openvswitch-datasource-dkms package is not being installed' do
node.set['openstack']['network']['platform']['neutron_openvswitch_packages'] = ['my-openvswitch', 'my-other-openvswitch']
chef_run.converge 'openstack-network::ml2_openvswitch'
resource = chef_run.find_resource('execute', kmod_command)
expect(resource).to eq(nil)
end
end
describe 'create ovs data network bridge' do
let(:cmd) { 'ovs-vsctl add-br br-eth1 -- add-port br-eth1 eth1' }
let(:name) { 'create data network bridge' }
before do
stub_command('ovs-vsctl add-br br-int')
stub_command('ovs-vsctl add-br br-tun')
end
include_context 'neutron-stubs'
context 'bridge mapping interface unset' do
before do
node.set['openstack']['network']['openvswitch']['bridge_mapping_interface'] = nil
end
end
context 'bridge mapping interface set' do
before do
node.set['openstack']['network']['openvswitch']['bridge_mapping_interface'] = 'br-eth1:eth1'
end
context 'ext_bridge exists' do
before do
stub_command(/ovs-vsctl br-exists br-eth1/).and_return(true)
end
it 'does not add data network bridge' do
expect(chef_run).not_to run_execute(name)
end
end
context 'ext_bridge doesnt exist' do
before do
stub_command(/ovs-vsctl br-exists br-eth1/).and_return(false)
end
context 'ext_bridge_iface exists' do
before do
stub_command(/ip link show eth1/).and_return(true)
end
it 'adds data network bridge' do
expect(chef_run).to run_execute(name)
end
end
context 'ext_bridge_iface doesnt exists' do
before do
stub_command(/ip link show eth1/).and_return(false)
end
it 'does not add data network bridge' do
expect(chef_run).not_to run_execute(name)
end
end
end
end
describe 'create ovs internal network bridge' do
let(:cmd) { 'ovs-vsctl add-br br-int' }
let(:name) { 'create internal network bridge' }
context 'int_bridge exists' do
before do
stub_command('ovs-vsctl br-exists br-int').and_return(false)
end
it 'add internal network bridge' do
expect(chef_run).to run_execute(name)
end
end
context 'int_bridge doesnt exists' do
before do
stub_command('ovs-vsctl br-exists br-int').and_return(true)
end
it 'does not add internal network bridge' do
expect(chef_run).not_to run_execute(name)
end
end
end
describe 'create ovs tunnel network bridge' do
let(:cmd) { 'ovs-vsctl add-br br-tun' }
let(:name) { 'create tunnel network bridge' }
context 'tun_bridge exists' do
before do
stub_command('ovs-vsctl br-exists br-tun').and_return(false)
end
it 'add tunnel network bridge' do
expect(chef_run).to run_execute(name)
end
end
context 'tun_bridge doesnt exists' do
before do
stub_command('ovs-vsctl br-exists br-tun').and_return(true)
end
it 'does not add tunnel network bridge' do
expect(chef_run).not_to run_execute(name)
end
end
end
end
end
end

View File

@ -1,37 +0,0 @@
# Encoding: utf-8
require_relative 'spec_helper'
describe 'openstack-network::openvswitch' do
describe 'redhat' do
let(:runner) { ChefSpec::SoloRunner.new(REDHAT_OPTS) }
let(:node) { runner.node }
let(:chef_run) do
node.set['openstack']['compute']['network']['service_type'] = 'neutron'
node.set['openstack']['network']['core_plugin'] = 'neutron.plugins.openvswitch.ovs_neutron_plugin.OVSNeutronPluginV2'
runner.converge(described_recipe)
end
include_context 'neutron-stubs'
it 'creates the /etc/neutron/plugins/openvswitch agent directory' do
expect(chef_run).to create_directory('/etc/neutron/plugins/openvswitch').with(
owner: 'neutron',
group: 'neutron',
mode: 0700
)
end
describe 'ovs_neutron_plugin.ini' do
let(:file) { chef_run.template('/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini') }
it 'create plugin.ini symlink' do
expect(chef_run).to create_link('/etc/neutron/plugin.ini').with(
to: file.name,
owner: 'neutron',
group: 'neutron'
)
end
end
end
end

View File

@ -1,34 +0,0 @@
# Encoding: utf-8
require_relative 'spec_helper'
describe 'openstack-network::openvswitch' do
describe 'suse' do
let(:runner) { ChefSpec::SoloRunner.new(SUSE_OPTS) }
let(:node) { runner.node }
let(:chef_run) do
node.set['openstack']['compute']['network']['service_type'] = 'neutron'
runner.converge(described_recipe)
end
include_context 'neutron-stubs'
it 'does not install openvswitch package when nova networking' do
node.override['openstack']['compute']['network']['service_type'] = 'nova'
expect(chef_run).to_not upgrade_package 'openvswitch-switch'
end
it 'upgrades the openvswitch package' do
expect(chef_run).to upgrade_package 'openvswitch-switch'
end
it 'upgrades the openvswitch-agent package' do
expect(chef_run).to upgrade_package 'openstack-neutron-openvswitch-agent'
end
it 'starts the openvswitch-switch service' do
expect(chef_run).to enable_service 'openvswitch-switch'
end
end
end

View File

@ -1,149 +0,0 @@
# Encoding: utf-8
require_relative 'spec_helper'
describe 'openstack-network::openvswitch' do
describe 'ubuntu' do
let(:runner) { ChefSpec::SoloRunner.new(UBUNTU_OPTS) }
let(:node) { runner.node }
let(:kmod_command) { '/usr/share/openvswitch/scripts/ovs-ctl force-reload-kmod' }
let(:chef_run) do
node.set['openstack']['compute']['network']['service_type'] = 'neutron'
node.set['openstack']['endpoints']['network-openvswitch']['bind_interface'] = 'eth0'
node.set['openstack']['network']['openvswitch']['integration_bridge'] = 'br-int'
node.set['openstack']['network']['core_plugin'] = 'neutron.plugins.openvswitch.ovs_neutron_plugin.OVSNeutronPluginV2'
node.automatic_attrs['kernel']['release'] = '1.2.3'
runner.converge(described_recipe)
end
include_context 'neutron-stubs'
it 'does not install openvswitch switch when nova networking' do
node.override['openstack']['compute']['network']['service_type'] = 'nova'
expect(chef_run).to_not upgrade_package 'openvswitch-switch'
end
it 'upgrades openvswitch switch' do
expect(chef_run).to upgrade_package 'openvswitch-switch'
end
it 'upgrades openvswitch datapath dkms' do
expect(chef_run).to upgrade_package 'openvswitch-datapath-dkms'
end
it 'upgrades linux bridge utils' do
expect(chef_run).to upgrade_package 'bridge-utils'
end
it 'upgrades linux linux headers' do
expect(chef_run).to upgrade_package 'linux-headers-1.2.3'
end
it 'sets the openvswitch service to start on boot' do
expect(chef_run).to enable_service 'openvswitch-switch'
end
it 'start the openvswitch service' do
expect(chef_run).to start_service 'openvswitch-switch'
end
it 'subscribes the openvswitch agent service to neutron.conf' do
expect(chef_run.service('neutron-plugin-openvswitch-agent')).to subscribe_to('template[/etc/neutron/neutron.conf]').delayed
end
it 'upgrades openvswitch agent' do
expect(chef_run).to upgrade_package 'neutron-plugin-openvswitch-agent'
end
it 'sets the openvswitch service to start on boot' do
expect(chef_run).to enable_service 'neutron-plugin-openvswitch-agent'
end
it 'allows overriding the service names' do
node.set['openstack']['network']['platform']['neutron_openvswitch_service'] = 'my-ovs-server'
node.set['openstack']['network']['platform']['neutron_openvswitch_agent_service'] = 'my-ovs-agent'
%w(my-ovs-server my-ovs-agent).each do |service|
expect(chef_run).to enable_service service
end
end
it 'allows overriding package options' do
node.set['openstack']['network']['platform']['package_overrides'] = '--my-override1 --my-override2'
%w(openvswitch-switch openvswitch-datapath-dkms neutron-plugin-openvswitch neutron-plugin-openvswitch-agent).each do |pkg|
expect(chef_run).to upgrade_package(pkg).with(options: '--my-override1 --my-override2')
end
end
it 'allows overriding package names' do
node.set['openstack']['network']['platform']['neutron_openvswitch_packages'] = ['my-openvswitch', 'my-other-openvswitch']
node.set['openstack']['network']['platform']['neutron_openvswitch_agent_packages'] = ['my-openvswitch-agent', 'my-other-openvswitch-agent']
%w(my-openvswitch my-other-openvswitch my-openvswitch-agent my-other-openvswitch-agent).each do |pkg|
expect(chef_run).to upgrade_package(pkg)
end
end
it 'creates execute resource when openvswitch-datasource-dkms package is being installed' do
resource = chef_run.find_resource('execute', kmod_command).to_hash
expect(resource).to include(
action: [:nothing],
command: kmod_command
)
end
it 'does not create execute resource when openvswitch-datasource-dkms package is not being installed' do
node.set['openstack']['network']['platform']['neutron_openvswitch_packages'] = ['my-openvswitch', 'my-other-openvswitch']
chef_run.converge 'openstack-network::openvswitch'
resource = chef_run.find_resource('execute', kmod_command)
expect(resource).to eq(nil)
end
it 'notifies :run to the force-reload-kmod execute resource when openvswitch-datapath-dkms is installed' do
expect(chef_run.package('openvswitch-datapath-dkms')).to notify("execute[#{kmod_command}]").to(:run).immediately
end
describe 'create ovs data network bridge' do
let(:cmd) { 'ovs-vsctl add-br br-eth1 -- add-port br-eth1 eth1' }
it 'does not add data network bridge if it already exists' do
node.set['openstack']['network']['openvswitch']['bridge_mapping_interface'] = 'br-eth1:eth1'
stub_command(/ovs-vsctl br-exists br-eth1/).and_return(true)
stub_command(/ip link show eth1/).and_return(true)
expect(chef_run).not_to run_execute(cmd)
end
it 'does not add data network bridge if the physical interface does not exist' do
node.set['openstack']['network']['openvswitch']['bridge_mapping_interface'] = 'br-eth1:eth1'
stub_command(/ovs-vsctl br-exists br-eth1/).and_return(false)
stub_command(/ip link show eth1/).and_return(false)
expect(chef_run).not_to run_execute(cmd)
end
it 'adds data network bridge if it does not yet exist and physical interface exists' do
node.set['openstack']['network']['openvswitch']['bridge_mapping_interface'] = 'br-eth1:eth1'
stub_command(/ovs-vsctl br-exists br-eth1/).and_return(false)
stub_command(/ip link show eth1/).and_return(true)
expect(chef_run).to run_execute(cmd)
end
it 'does not add data network bridge if nil specified for bridge mapping' do
node.set['openstack']['network']['openvswitch']['bridge_mapping_interface'] = nil
stub_command(/ovs-vsctl br-exists br-eth1/).and_return(false)
stub_command(/ip link show eth1/).and_return(true)
expect(chef_run).not_to run_execute(cmd)
end
it 'does not add data network bridge if emtpy string specified for bridge mapping' do
node.set['openstack']['network']['openvswitch']['bridge_mapping_interface'] = ''
stub_command(/ovs-vsctl br-exists br-eth1/).and_return(false)
stub_command(/ip link show eth1/).and_return(true)
expect(chef_run).not_to run_execute(cmd)
end
end
end
end

View File

@ -0,0 +1,15 @@
# Encoding: utf-8
require_relative 'spec_helper'
describe 'openstack-network::plugin_config' do
describe 'ubuntu' do
let(:runner) { ChefSpec::SoloRunner.new(UBUNTU_OPTS) }
let(:node) { runner.node }
let(:chef_run) do
node.set['openstack']['compute']['network']['service_type'] = 'neutron'
runner.converge(described_recipe)
end
include_context 'neutron-stubs'
end
end

View File

@ -9,14 +9,11 @@ describe 'openstack-network::server' do
node.set['openstack']['compute']['network']['service_type'] = 'neutron'
runner.converge(described_recipe)
end
include_context 'neutron-stubs'
it 'does not install openstack-neutron when nova networking' do
node.override['openstack']['compute']['network']['service_type'] = 'nova'
expect(chef_run).to_not upgrade_package 'openstack-neutron'
before do
node.set['openstack']['network']['plugins']['ml2']['path'] = '/etc/neutron/plugins/ml2'
node.set['openstack']['network']['plugins']['ml2']['filename'] = 'openvswitch_agent.ini'
end
include_context 'neutron-stubs'
it 'upgrades openstack-neutron packages' do
expect(chef_run).to upgrade_package 'openstack-neutron'

View File

@ -1,55 +0,0 @@
# Encoding: utf-8
require_relative 'spec_helper'
describe 'openstack-network::server' do
describe 'suse' do
let(:runner) { ChefSpec::SoloRunner.new(SUSE_OPTS) }
let(:node) { runner.node }
let(:chef_run) do
node.set['openstack']['compute']['network']['service_type'] = 'neutron'
runner.converge(described_recipe)
end
include_context 'neutron-stubs'
it 'does not install openstack-neutron when nova networking' do
node.override['openstack']['compute']['network']['service_type'] = 'nova'
expect(chef_run).to_not upgrade_package 'openstack-neutron'
end
it 'upgrades openstack-neutron packages' do
expect(chef_run).to upgrade_package 'openstack-neutron'
end
it 'enables openstack-neutron service' do
expect(chef_run).to enable_service('neutron-server').with(
service_name: 'openstack-neutron')
end
it 'does not upgrade openvswitch package' do
expect(chef_run).not_to upgrade_package 'openstack-neutron-openvswitch'
end
describe '/etc/sysconfig/neutron' do
let(:file) { chef_run.template('/etc/sysconfig/neutron') }
it 'creates /etc/sysconfig/neutron' do
expect(chef_run).to create_template(file.name).with(
user: 'root',
group: 'root',
mode: 0644
)
end
PLUGIN_MAP.each do |plugin_name, plugin_cfg|
it "sets the path to the #{plugin_name} plugin config" do
node.set['openstack']['network']['core_plugin'] = plugin_name
node.set['openstack']['network']['plugin_conf_map'][plugin_name] = plugin_cfg
node.set['openstack']['network']['core_plugin_map'][plugin_name] = plugin_name
expect(chef_run).to render_file(file.name).with_content(%r{^NEUTRON_PLUGIN_CONF="/etc/neutron/plugins/#{plugin_cfg}"$})
end
end
end
end
end

View File

@ -9,13 +9,11 @@ describe 'openstack-network::server' do
node.set['openstack']['compute']['network']['service_type'] = 'neutron'
runner.converge(described_recipe)
end
include_context 'neutron-stubs'
it 'does not install neutron-server when nova networking' do
node.override['openstack']['compute']['network']['service_type'] = 'nova'
expect(chef_run).to_not upgrade_package 'neutron-server'
before do
node.set['openstack']['network']['plugins']['ml2']['path'] = '/etc/neutron/plugins/ml2'
node.set['openstack']['network']['plugins']['ml2']['filename'] = 'ml2_conf.ini'
end
include_context 'neutron-stubs'
describe 'package and services' do
it 'upgrades neutron-server packages' do
@ -70,44 +68,6 @@ describe 'openstack-network::server' do
mode: 0644
)
end
it 'has a correct plugin config path' do
expect(chef_run).to render_file(file.name).with_content(
'/etc/neutron/plugins/ml2/ml2_conf.ini')
end
end
describe '/etc/neutron/plugins/ml2/ml2_conf.ini' do
let(:file) { chef_run.template('/etc/neutron/plugins/ml2/ml2_conf.ini') }
before do
node.set['openstack']['network']['interface_driver'] = 'neutron.agent.linux.interface.Ml2InterfaceDriver'
end
it 'creates ml2_conf.ini' do
expect(chef_run).to create_template(file.name).with(
user: 'neutron',
group: 'neutron',
mode: 0644
)
end
[
/^type_drivers = local,flat,vlan,gre,vxlan$/,
/^tenant_network_types = local$/,
/^mechanism_drivers = openvswitch$/,
/^flat_networks = $/,
/^network_vlan_ranges = $/,
/^tunnel_id_ranges = $/,
/^vni_ranges = $/,
/^vxlan_group = $/,
/^enable_security_group = True$/,
/^enable_ipset = True$/
].each do |content|
it "has a #{content.source[1...-1]} line" do
expect(chef_run).to render_file(file.name).with_content(content)
end
end
end
describe 'rootwrap.conf' do
@ -122,19 +82,13 @@ describe 'openstack-network::server' do
end
context 'template contents' do
it 'shows the custom banner' do
node.set['openstack']['network']['custom_template_banner'] = 'banner'
expect(chef_run).to render_file(file.name).with_content(/^banner$/)
end
it 'sets the default attributes' do
[
%r{^filters_path=/etc/neutron/rootwrap.d,/usr/share/neutron/rootwrap$},
%r{^exec_dirs=/sbin,/usr/sbin,/bin,/usr/bin$},
/^use_syslog=false$/,
/^syslog_log_facility=syslog$/,
/^syslog_log_level=ERROR$/
%r{^filters_path = /etc/neutron/rootwrap.d,/usr/share/neutron/rootwrap$},
%r{^exec_dirs = /sbin,/usr/sbin,/bin,/usr/bin$},
/^use_syslog = false$/,
/^syslog_log_facility = syslog$/,
/^syslog_log_level = ERROR$/
].each do |line|
expect(chef_run).to render_file(file.name).with_content(line)
end

View File

@ -1,5 +1,6 @@
# Encoding: utf-8
require 'chefspec'
require 'pry'
require 'chefspec/berkshelf'
ChefSpec::Coverage.start! { add_filter 'openstack-network' }
@ -7,11 +8,6 @@ ChefSpec::Coverage.start! { add_filter 'openstack-network' }
require 'chef/application'
LOG_LEVEL = :fatal
SUSE_OPTS = {
platform: 'suse',
version: '11.3',
log_level: LOG_LEVEL
}
REDHAT_OPTS = {
platform: 'redhat',
version: '7.1',
@ -28,58 +24,8 @@ CENTOS_OPTS = {
log_level: LOG_LEVEL
}
MOCK_NODE_NETWORK_DATA =
{
'ipaddress' => '10.0.0.2',
'fqdn' => 'localhost.localdomain',
'hostname' => 'localhost',
'network' => {
'default_interface' => 'eth0',
'interfaces' => {
'eth0' => {
'addresses' => {
'fe80::a00:27ff:feca:ab08' => { 'scope' => 'Link', 'prefixlen' => '64', 'family' => 'inet6' },
'10.0.0.2' => { 'netmask' => '255.255.255.0', 'broadcast' => '10.0.0.255', 'family' => 'inet' },
'08:00:27:CA:AB:08' => { 'family' => 'lladdr' }
}
},
'lo' => {
'addresses' => {
'::1' => { 'scope' => 'Node', 'prefixlen' => '128', 'family' => 'inet6' },
'127.0.0.1' => { 'netmask' => '255.0.0.0', 'family' => 'inet' }
}
}
}
}
}
PLUGIN_MAP = {
'bigswitch' => 'restproxy.ini',
'brocade' => 'brocade.ini',
'cisco' => 'cisco_plugins.ini',
'hyperv' => 'hyperv_neutron_plugin.ini.erb',
'linuxbridge' => 'linuxbridge_conf.ini',
'midonet' => 'midonet.ini',
'metaplugin' => 'metaplugin.ini',
'ml2' => 'ml2_conf.ini',
'nec' => 'nec.ini',
'nicira' => 'nvp.ini',
'openvswitch' => 'ovs_neutron_plugin.ini',
'plumgrid' => 'plumgrid.ini',
'ryu' => 'ryu.ini'
}
shared_context 'neutron-stubs' do
before do
allow_any_instance_of(Chef::Recipe).to receive(:rabbit_servers)
.and_return('1.1.1.1:5672,2.2.2.2:5672')
allow_any_instance_of(Chef::Recipe).to receive(:config_by_role)
.with('rabbitmq-server', 'queue').and_return(
host: 'rabbit-host',
port: 'rabbit-port'
)
allow_any_instance_of(Chef::Recipe).to receive(:config_by_role)
.with('glance-api', 'glance').and_return []
allow_any_instance_of(Chef::Recipe).to receive(:get_password)
.with('token', 'openstack_identity_bootstrap_token')
.and_return('bootstrap-token')
@ -99,75 +45,62 @@ shared_context 'neutron-stubs' do
allow_any_instance_of(Chef::Recipe).to receive(:get_password)
.with('service', 'openstack-compute')
.and_return('nova-pass')
allow_any_instance_of(Chef::Resource::RubyBlock).to receive(:openstack_command_env)
.with('admin', 'admin')
.and_return({})
allow_any_instance_of(Chef::Resource::RubyBlock).to receive(:identity_uuid)
.with('tenant', 'name', 'service', {}, {})
.and_return('000-UUID-FROM-CLI')
allow_any_instance_of(Chef::Resource::RubyBlock).to receive(:network_uuid)
.with('net-external', 'name', 'public', {})
.and_return('000-NET-UUID-FROM-CLI')
# allow_any_instance_of(Chef::Resource::RubyBlock).to receive(:openstack_command_env)
# .with('admin', 'admin')
# .and_return({})
stub_command('dpkg -l | grep openvswitch-switch | grep 1.10.2-1').and_return(true)
stub_command('ovs-vsctl br-exists br-int').and_return(false)
stub_command('ovs-vsctl br-exists br-tun').and_return(false)
# stub_command('ovs-vsctl add-br br-ex').and_return(false)
stub_command('ip link show eth1').and_return(false)
stub_command('ovs-vsctl add-br br-eth1 -- add-port br-eth1 eth1').and_return(true)
stub_command('ovs-vsctl br-exists ').and_return(false)
stub_command('ovs-vsctl br-exists br-ex').and_return(false)
stub_command('ovs-vsctl br-exists eth1').and_return(false)
end
end
shared_examples 'custom template banner displayer' do
it 'shows the custom banner' do
node.set['openstack']['network']['custom_template_banner'] = 'custom_template_banner_value'
expect(chef_run).to render_file(file_name).with_content(/^custom_template_banner_value$/)
end
end
shared_examples 'common network attributes displayer' do
%w(debug interface_driver use_namespaces).each do |attr|
it "displays the #{attr} common attribute" do
node.set['openstack']['network'][attr] = "network_#{attr}_value"
expect(chef_run).to render_file(file_name).with_content(/^#{attr} = network_#{attr}_value$/)
shared_examples 'custom template banner displayer' do
it 'shows the custom banner' do
node.set['openstack']['network']['custom_template_banner'] = 'custom_template_banner_value'
expect(chef_run).to render_file(file_name).with_content(/^custom_template_banner_value$/)
end
end
end
shared_examples 'dhcp agent template configurator' do
it_behaves_like 'custom template banner displayer'
it_behaves_like 'common network attributes displayer'
it 'displays the dhcp driver attribute' do
node.set['openstack']['network']['dhcp_driver'] = 'network_dhcp_driver_value'
expect(chef_run).to render_file(file_name).with_content(/^dhcp_driver = network_dhcp_driver_value$/)
end
%w(resync_interval ovs_use_veth enable_isolated_metadata
enable_metadata_network dnsmasq_lease_max dhcp_delete_namespaces).each do |attr|
it "displays the #{attr} dhcp attribute" do
node.set['openstack']['network']['dhcp'][attr] = "network_dhcp_#{attr}_value"
expect(chef_run).to render_file(file_name).with_content(/^#{attr} = network_dhcp_#{attr}_value$/)
shared_examples 'common network attributes displayer' do |plugin|
it 'displays the interface_driver common attribute' do
node.set['openstack']["network_#{plugin}"]['conf']['DEFAULT']['interface_driver'] = 'network_interface_driver_value'
expect(chef_run).to render_file(file_name).with_content(/^interface_driver = network_interface_driver_value$/)
end
end
it 'displays the dhcp_domain attribute' do
node.set['openstack']['network']['dhcp']['default_domain'] = 'network_dhcp_domain_value'
expect(chef_run).to render_file(file_name).with_content(/^dhcp_domain = network_dhcp_domain_value$/)
shared_examples 'dhcp agent template configurator' do
it_behaves_like 'custom template banner displayer'
it_behaves_like 'common network attributes displayer', 'dhcp'
%w(resync_interval ovs_use_veth enable_isolated_metadata
enable_metadata_network dnsmasq_lease_max dhcp_delete_namespaces).each do |attr|
it "displays the #{attr} dhcp attribute" do
node.set['openstack']['network_dhcp']['conf']['DEFAULT'][attr] = "network_dhcp_#{attr}_value"
expect(chef_run).to render_file(file_name).with_content(/^#{attr} = network_dhcp_#{attr}_value$/)
end
end
end
end
shared_examples 'plugin_config builder' do |plugin|
it do
expect(chef_run).to create_directory(node['openstack']['network']['plugins'][plugin]['path']).with(
recursive: true,
owner: 'neutron',
group: 'neutron',
mode: 00700
)
end
let(:file) { chef_run.template(File.join(node['openstack']['network']['plugins'][plugin]['path'], node['openstack']['network']['plugins'][plugin]['filename'])) }
shared_examples 'dnsmasq template configurator' do
it_behaves_like 'custom template banner displayer'
it 'displays the dhcp-option attribute' do
node.set['openstack']['network']['dhcp']['dhcp-option'] = 'dhcp-option_value'
expect(chef_run).to render_file(file_name).with_content(/^dhcp-option=dhcp-option_value$/)
end
it 'displays the upstream dns servers setting' do
node.set['openstack']['network']['dhcp']['upstream_dns_servers'] = %w(server0 server1)
node['openstack']['network']['dhcp']['upstream_dns_servers'].each do |dns_server|
expect(chef_run).to render_file(file_name).with_content(/^server=#{dns_server}$/)
it do
expect(chef_run).to create_template(file.name).with(
user: 'neutron',
group: 'neutron',
mode: 00644
)
end
end
end

View File

@ -1,7 +1,7 @@
# Encoding: utf-8
require_relative 'spec_helper'
describe 'openstack-network::vpn_agent' do
describe 'openstack-network::vpnaas' do
describe 'redhat' do
let(:runner) { ChefSpec::SoloRunner.new(REDHAT_OPTS) }
let(:node) { runner.node }
@ -15,8 +15,9 @@ describe 'openstack-network::vpn_agent' do
include_context 'neutron-stubs'
it 'upgrades neutron vpn packages' do
expect(chef_run).to upgrade_package('openstack-neutron-vpnaas')
expect(chef_run).to upgrade_package('iproute')
%w(iproute openstack-neutron-vpnaas openswan).each do |pkg|
expect(chef_run).to upgrade_package(pkg)
end
end
end
end

View File

@ -1,28 +1,20 @@
# Encoding: utf-8
require_relative 'spec_helper'
describe 'openstack-network::vpn_agent' do
describe 'openstack-network::vpnaas' do
describe 'ubuntu' do
let(:runner) { ChefSpec::SoloRunner.new(UBUNTU_OPTS) }
let(:node) { runner.node }
let(:chef_run) do
node.set['openstack']['compute']['network']['service_type'] = 'neutron'
node.set['openstack']['network']['enable_vpn'] = true
stub_command('ovs-vsctl br-exists br-ex').and_return(false)
runner.converge(described_recipe)
end
include_context 'neutron-stubs'
it 'include the recipe openstack-network::l3_agent' do
expect(chef_run).to include_recipe('openstack-network::l3_agent')
end
it 'verify l3 agent is stoped and disabled' do
expect(chef_run).to stop_service('neutron-l3-agent')
expect(chef_run).to disable_service('neutron-l3-agent')
end
it 'upgrades vpn device driver packages' do
expect(chef_run).to upgrade_package('openswan')
end
@ -57,34 +49,24 @@ describe 'openstack-network::vpn_agent' do
describe 'vpn_device_driver' do
it 'renders one vpn_device_driver entry in vpn_agent.ini for default vpn_device_driver' do
[/^vpn_device_driver=neutron_vpnaas.services.vpn.device_drivers.ipsec.OpenSwanDriver$/].each do |line|
expect(chef_run).to render_config_file(file.name).with_section_content('vpnagent', line)
end
end
it 'renders multi vpn_device_driver entries in vpn_agent.ini, when multi vpn_device_driver set' do
chef_run.node.set['openstack']['network']['vpn']['vpn_device_driver'] = ['neutron_vpnaas.services.vpn.device_drivers.ipsec.OpenSwanDriver',
'neutron_vpnaas.services.vpn.device_drivers.cisco_ipsec.CiscoCsrIPsecDriver']
chef_run.converge(described_recipe)
[/^vpn_device_driver=neutron_vpnaas.services.vpn.device_drivers.ipsec.OpenSwanDriver$/,
/^vpn_device_driver=neutron_vpnaas.services.vpn.device_drivers.cisco_ipsec.CiscoCsrIPsecDriver$/].each do |line|
[/^vpn_device_driver = neutron_vpnaas.services.vpn.device_drivers.ipsec.OpenSwanDriver$/].each do |line|
expect(chef_run).to render_config_file(file.name).with_section_content('vpnagent', line)
end
end
it 'renders no setted vpn_device_driver entry in vpn_agent.ini, when no vpn_device_driver set' do
chef_run.node.set['openstack']['network']['vpn']['vpn_device_driver'] = []
chef_run.node.set['openstack']['network_vpnaas']['conf']['vpnagent']['vpn_device_driver'] = ''
chef_run.converge(described_recipe)
expect(chef_run).to render_config_file(file.name).with_section_content('vpnagent', /^(?!vpn_device_driver)(.*)$/)
expect(chef_run).to render_config_file(file.name).with_section_content('vpnagent', /^vpn_device_driver = $/)
end
end
it 'renders default_config_area for strongswan driver' do
expect(chef_run).to render_config_file(file.name).with_section_content('strongswan', %r{^default_config_area=/etc/strongswan.d$})
expect(chef_run).to render_config_file(file.name).with_section_content('strongswan', %r{^default_config_area = /etc/strongswan.d$})
end
it 'notifies the vpn agent service' do
expect(file).to notify('service[neutron-vpn-agent]').to(:restart).immediately
expect(file).to notify('service[neutron-vpn-agent]').to(:restart).delayed
end
end
end

View File

@ -1,86 +0,0 @@
<%= node["openstack"]["network"]["custom_template_banner"] %>
[DEFAULT]
# Show debugging output in log (sets DEBUG log level output)
debug = <%= node["openstack"]["network"]["debug"] %>
# The DHCP agent will resync its state with Neutron to recover from any
# transient notification or rpc errors. The interval is number of
# seconds between attempts.
resync_interval = <%= node["openstack"]["network"]["dhcp"]["resync_interval"] %>
# The DHCP agent requires an interface driver be set. Choose the one that best
# matches your plugin.
# Example of interface_driver option for OVS based plugins(OVS, Ryu, NEC, NVP,
# BigSwitch/Floodlight)
interface_driver = <%= node["openstack"]["network"]["interface_driver"] %>
# Name of Open vSwitch bridge to use
# ovs_integration_bridge = br-int
# Use veth for an OVS interface or not.
# Support kernels with limited namespace support
# (e.g. RHEL 6.5) so long as ovs_use_veth is set to True.
ovs_use_veth = <%= node["openstack"]["network"]["dhcp"]["ovs_use_veth"] %>
# The agent can use other DHCP drivers. Dnsmasq is the simplest and requires
# no additional setup of the DHCP server.
dhcp_driver = <%= node["openstack"]["network"]["dhcp_driver"] %>
# Allow overlapping IP (Must have kernel build with CONFIG_NET_NS=y and
# iproute2 package that supports namespaces).
use_namespaces = <%= node["openstack"]["network"]["use_namespaces"] %>
# The DHCP server can assist with providing metadata support on isolated
# networks. Setting this value to True will cause the DHCP server to append
# specific host routes to the DHCP request. The metadata service will only
# be activated when the subnet does not contain any router port. The guest
# instance must be configured to request host routes via DHCP (Option 121).
enable_isolated_metadata = <%= node["openstack"]["network"]["dhcp"]["enable_isolated_metadata"] %>
# Allows for serving metadata requests coming from a dedicated metadata
# access network whose cidr is 169.254.169.254/16 (or larger prefix), and
# is connected to a Neutron router from which the VMs send metadata
# request. In this case DHCP Option 121 will not be injected in VMs, as
# they will be able to reach 169.254.169.254 through a router.
# This option requires enable_isolated_metadata = True
enable_metadata_network = <%= node["openstack"]["network"]["dhcp"]["enable_metadata_network"] %>
# Number of threads to use during sync process. Should not exceed connection
# pool size configured on server.
# num_sync_threads = 4
# Location to store DHCP server config files
# dhcp_confs = $state_path/dhcp
# Domain to use for building the hostnames
dhcp_domain = <%= node["openstack"]["network"]["dhcp"]["default_domain"] %>
# Override the default dnsmasq settings with this file
dnsmasq_config_file = /etc/neutron/dnsmasq.conf
# Comma-separated list of DNS servers which will be used by dnsmasq
# as forwarders.
# dnsmasq_dns_servers =
# Limit number of leases to prevent a denial-of-service.
dnsmasq_lease_max = <%= node["openstack"]["network"]["dhcp"]["dnsmasq_lease_max"] %>
# Location to DHCP lease relay UNIX domain socket
# dhcp_lease_relay_socket = $state_path/dhcp/lease_relay
# Location of Metadata Proxy UNIX domain socket
# metadata_proxy_socket = $state_path/metadata_proxy
# dhcp_delete_namespaces, which is false by default, can be set to True if
# namespaces can be deleted cleanly on the host running the dhcp agent.
# Do not enable this until you understand the problem with the Linux iproute
# utility mentioned in https://bugs.launchpad.net/neutron/+bug/1052535 and
# you are sure that your version of iproute does not suffer from the problem.
# If True, namespaces will be deleted when a dhcp server is disabled.
dhcp_delete_namespaces = <%= node['openstack']['network']['dhcp']['dhcp_delete_namespaces'] %>
# Timeout for ovs-vsctl commands.
# If the timeout expires, ovs commands will fail with ALARMCLOCK error.
# ovs_vsctl_timeout = 10

View File

@ -1,7 +1,4 @@
<%= node["openstack"]["network"]["custom_template_banner"] %>
dhcp-option=<%= node["openstack"]["network"]["dhcp"]["dhcp-option"] %>
<% node["openstack"]["network"]["dhcp"]["upstream_dns_servers"].each do |dns_server| -%>
dhcp-option=<%= node['openstack']['network']['dnsmasq']['dhcp-option'] %>
<% node['openstack']['network']['dnsmasq']['upstream_dns_servers'].each do |dns_server| -%>
server=<%= dns_server %>
<% end -%>

View File

@ -1,105 +0,0 @@
<%= node["openstack"]["network"]["custom_template_banner"] %>
[DEFAULT]
# Show debugging output in log (sets DEBUG log level output)
debug = <%= node["openstack"]["network"]["debug"] %>
# L3 requires that an interface driver be set. Choose the one that best
# matches your plugin.
# Example of interface_driver option for OVS based plugins (OVS, Ryu, NEC)
# that supports L3 agent
interface_driver = <%= node["openstack"]["network"]["interface_driver"] %>
# Use veth for an OVS interface or not.
# Support kernels with limited namespace support
# (e.g. RHEL 6.5) so long as ovs_use_veth is set to True.
# ovs_use_veth = False
# Allow overlapping IP (Must have kernel build with CONFIG_NET_NS=y and
# iproute2 package that supports namespaces).
use_namespaces = <%= node["openstack"]["network"]["use_namespaces"] %>
# If use_namespaces is set as False then the agent can only configure one router.
# This is done by setting the specific router_id.
# Default: router_id =
<% if node["openstack"]["network"]["l3"]["router_id"] -%>
router_id = <%= node["openstack"]["network"]["l3"]["router_id"] %>
<% end -%>
# When external_network_bridge is set, each L3 agent can be associated
# with no more than one external network. This value should be set to the UUID
# of that external network. To allow L3 agent support multiple external
# networks, both the external_network_bridge and gateway_external_network_id
# must be left empty.
<% if node["openstack"]["network"]["l3"]["gateway_external_network_id"] -%>
gateway_external_network_id = <%= node["openstack"]["network"]["l3"]["gateway_external_network_id"] %>
<% end -%>
# Indicates that this L3 agent should also handle routers that do not have
# an external network gateway configured. This option should be True only
# for a single agent in a Neutron deployment, and may be False for all agents
# if all routers must have an external network gateway
handle_internal_only_routers = <%= node["openstack"]["network"]["l3"]["handle_internal_only_routers"] %>
# Name of bridge used for external network traffic. This should be set to
# empty value for the linux bridge. when this parameter is set, each L3 agent
# can be associated with no more than one external network.
external_network_bridge = <%= node["openstack"]["network"]["l3"]["external_network_bridge"] %>
# TCP Port used by Neutron metadata server
metadata_port = <%= node["openstack"]["network"]["l3"]["metadata_port"] %>
# Send this many gratuitous ARPs for HA setup. Set it below or equal to 0
# to disable this feature.
send_arp_for_ha = <%= node["openstack"]["network"]["l3"]["send_arp_for_ha"] %>
# seconds between re-sync routers' data if needed
periodic_interval = <%= node["openstack"]["network"]["l3"]["periodic_interval"] %>
# seconds to start to sync routers' data after
# starting agent
periodic_fuzzy_delay = <%= node["openstack"]["network"]["l3"]["periodic_fuzzy_delay"] %>
# enable_metadata_proxy, which is true by default, can be set to False
# if the Nova metadata server is not available
# enable_metadata_proxy = True
# Location of Metadata Proxy UNIX domain socket
# metadata_proxy_socket = $state_path/metadata_proxy
# router_delete_namespaces, which is false by default, can be set to True if
# namespaces can be deleted cleanly on the host running the L3 agent.
# Do not enable this until you understand the problem with the Linux iproute
# utility mentioned in https://bugs.launchpad.net/neutron/+bug/1052535 and
# you are sure that your version of iproute does not suffer from the problem.
# If True, namespaces will be deleted when a router is destroyed.
router_delete_namespaces = <%= node['openstack']['network']['l3']['router_delete_namespaces'] %>
# Timeout for ovs-vsctl commands.
# If the timeout expires, ovs commands will fail with ALARMCLOCK error.
# ovs_vsctl_timeout = 10
# The working mode for the agent. Allowed values are:
# - legacy: this preserves the existing behavior where the L3 agent is
# deployed on a centralized networking node to provide L3 services
# like DNAT, and SNAT. Use this mode if you do not want to adopt DVR.
# - dvr: this mode enables DVR functionality, and must be used for an L3
# agent that runs on a compute host.
# - dvr_snat: this enables centralized SNAT support in conjunction with
# DVR. This mode must be used for an L3 agent running on a centralized
# node (or in single-host deployments, e.g. devstack).
agent_mode = <%= @agent_mode %>
# Location to store keepalived and all HA configurations
# ha_confs_path = $state_path/ha_confs
# VRRP authentication type AH/PASS
# ha_vrrp_auth_type = PASS
# VRRP authentication password
# ha_vrrp_auth_password =
# The advertisement interval in seconds
ha_vrrp_advert_int = <%= node['openstack']['network']['l3']['ha']['ha_vrrp_advert_int'] %>

View File

@ -1,56 +0,0 @@
<%= node["openstack"]["network"]["custom_template_banner"] %>
[DEFAULT]
# Show debugging output in log (sets DEBUG log level output)
debug = <%= node["openstack"]["network"]["debug"] %>
# The Neutron user information for accessing the Neutron API.
auth_url = <%= @identity_endpoint.to_s %>
auth_region = <%= node["openstack"]["network"]["region"] %>
admin_tenant_name = <%= node["openstack"]["network"]["service_tenant_name"] %>
admin_user = <%= node["openstack"]["network"]["service_user"] %>
admin_password = <%= @service_pass %>
# IP address used by Nova metadata server
nova_metadata_ip = <%= @compute_metadata_ip %>
# TCP Port used by Nova metadata server
nova_metadata_port = <%= @compute_metadata_port %>
# Which protocol to use for requests to Nova metadata server, http or https
# nova_metadata_protocol = http
# Whether insecure SSL connection should be accepted for Nova metadata server
# requests
# nova_metadata_insecure = False
# Client certificate for nova api, needed when nova api requires client
# certificates
# nova_client_cert =
# Private key for nova client certificate
# nova_client_priv_key =
# When proxying metadata requests, Neutron signs the Instance-ID header with a
# shared secret to prevent spoofing. You may select any string for a secret,
# but it must match here and in the configuration used by the Nova Metadata
# Server. NOTE: Nova uses a different key: neutron_metadata_proxy_shared_secret
metadata_proxy_shared_secret = <%= @metadata_secret %>
# Location of Metadata Proxy UNIX domain socket
# metadata_proxy_socket = $state_path/metadata_proxy
# Number of separate worker processes for metadata server. Defaults to
# half the number of CPU cores
<% if node['openstack']['network']['metadata']['metadata_workers'] %>
metadata_workers = <%= node['openstack']['network']['metadata']['metadata_workers'] %>
<% end %>
# Number of backlog requests to configure the metadata server socket with
# metadata_backlog = 4096
# URL to connect to the cache backend.
# default_ttl=0 parameter will cause cache entries to never expire.
# Otherwise default_ttl specifies time in seconds a cache entry is valid for.
# No cache is used in case no value is passed.
# cache_url = memory://?default_ttl=5

View File

@ -3,4 +3,4 @@
# path to config file corresponding to the core_plugin specified in
# neutron.conf
NEUTRON_PLUGIN_CONFIG=<%= @plugin_config %>
NEUTRON_PLUGIN_CONFIG=<%=@core_plugin_config%>

View File

@ -1,659 +0,0 @@
<%= node["openstack"]["network"]["custom_template_banner"] %>
[DEFAULT]
# Print more verbose output (set logging level to INFO instead of default WARNING level).
verbose = <%= node["openstack"]["network"]["verbose"] %>
# =========Start Global Config Option for Distributed L3 Router===============
# Setting the "router_distributed" flag to "True" will default to the creation
# of distributed tenant routers. The admin can override this flag by specifying
# the type of the router on the create request (admin-only attribute). Default
# value is "False" to support legacy mode (centralized) routers.
#
router_distributed = <%= @router_distributed %>
#
# ===========End Global Config Option for Distributed L3 Router===============
# Print debugging output (set logging level to DEBUG instead of default WARNING level).
debug = <%= node["openstack"]["network"]["debug"] %>
# Where to store Neutron state files. This directory must be writable by the
# user executing the agent.
state_path = <%= node["openstack"]["network"]["state_path"] %>
# log_format = %(asctime)s %(levelname)8s [%(name)s] %(message)s
# log_date_format = %Y-%m-%d %H:%M:%S
# use_syslog -> syslog
# log_file and log_dir -> log_dir/log_file
<% if node["openstack"]["network"]["syslog"]["use"] %>
log_config = /etc/openstack/logging.conf
<% end %>
# (not log_file) and log_dir -> log_dir/{binary_name}.log
# use_stderr -> stderr
# (not user_stderr) and (not log_file) -> stdout
# publish_errors -> notification system
# use_syslog = False
# syslog_log_facility = LOG_USER
# use_stderr = True
# log_file =
log_dir = <%= node['openstack']['network']['log_dir'] %>
# publish_errors = False
# Address to bind the API server
bind_host = <%= @bind_address %>
# Port the bind the API server to
bind_port = <%= @bind_port %>
# Path to the extensions. Note that this can be a colon-separated list of
# paths. For example:
# api_extensions_path = extensions:/path/to/more/extensions:/even/more/extensions
# The __path__ of neutron.extensions is appended to this, so if your
# extensions are in there you don't need to specify them here
# api_extensions_path =
# (StrOpt) Neutron core plugin entrypoint to be loaded from the
# neutron.core_plugins namespace. See setup.cfg for the entrypoint names of the
# plugins included in the neutron source distribution. For compatibility with
# previous versions, the class name of a plugin can be specified instead of its
# entrypoint name.
#
core_plugin = <%= @core_plugin %>
# (ListOpt) List of service plugin entrypoints to be loaded from the
# neutron.service_plugins namespace. See setup.cfg for the entrypoint names of
# the plugins included in the neutron source distribution. For compatibility
# with previous versions, the class name of a plugin can be specified instead
# of its entrypoint name.
<% if node['openstack']['network']['service_plugins'].any? %>
service_plugins = <%= node['openstack']['network']['service_plugins'].join(',') %>
<% end %>
# Paste configuration file
api_paste_config = api-paste.ini
# The strategy to be used for auth.
# Supported values are 'keystone'(default), 'noauth'.
# auth_strategy = keystone
auth_strategy = <%= node["openstack"]["network"]['auth_strategy'] %>
# Base MAC address. The first 3 octets will remain unchanged. If the
# 4h octet is not 00, it will also be used. The others will be
# randomly generated.
# 3 octet
# base_mac = fa:16:3e:00:00:00
# 4 octet
# base_mac = fa:16:3e:4f:00:00
# DVR Base MAC address. The first 3 octets will remain unchanged. If the
# 4th octet is not 00, it will also be used. The others will be randomly
# generated. The 'dvr_base_mac' *must* be different from 'base_mac' to
# avoid mixing them up with MAC's allocated for tenant ports.
# A 4 octet example would be dvr_base_mac = fa:16:3f:4f:00:00
# The default is 3 octet
# dvr_base_mac = fa:16:3f:00:00:00
# Maximum amount of retries to generate a unique MAC address
# mac_generation_retries = 16
# DHCP Lease duration (in seconds). Use -1 to
# tell dnsmasq to use infinite lease times.
dhcp_lease_duration = <%= node["openstack"]["network"]["dhcp_lease_duration"] %>
# Allow sending resource operation notification to DHCP agent
# dhcp_agent_notification = True
# Enable or disable bulk create/update/delete operations
# allow_bulk = True
# Enable or disable pagination
# allow_pagination = False
# Enable or disable sorting
# allow_sorting = False
# Enable or disable overlapping IPs for subnets
# Attention: the following parameter MUST be set to False if Neutron is
# being used in conjunction with nova security groups
# allow_overlapping_ips = False
# Ensure that configured gateway is on subnet
# force_gateway_on_subnet = False
# RPC configuration options. Defined in rpc __init__
# The messaging module to use, defaults to kombu.
# rpc_backend = neutron.openstack.common.rpc.impl_kombu
# Size of RPC thread pool
rpc_thread_pool_size = <%= node['openstack']['network']['rpc_thread_pool_size'] %>
# Size of RPC connection pool
rpc_conn_pool_size = <%= node['openstack']['network']['rpc_conn_pool_size'] %>
# Seconds to wait for a response from call or multicall
rpc_response_timeout = <%= node['openstack']['network']['rpc_response_timeout'] %>
# Seconds to wait before a cast expires (TTL). Only supported by impl_zmq.
# rpc_cast_timeout = 30
# Modules of exceptions that are permitted to be recreated
# upon receiving exception data from an rpc call.
# allowed_rpc_exception_modules = neutron.openstack.common.exception, nova.exception
# AMQP exchange to connect to if using RabbitMQ or QPID
control_exchange = <%= node["openstack"]["network"]["control_exchange"] %>
# allow_overlapping_ips = False
allow_overlapping_ips = <%= node["openstack"]["network"]["allow_overlapping_ips"] %>
# ZMQ
# rpc_backend=neutron.openstack.common.rpc.impl_zmq
# ZeroMQ bind address. Should be a wildcard (*), an ethernet interface, or IP.
# The "host" option should point or resolve to this address.
# rpc_zmq_bind_address = *
# ============ Notification System Options =====================
# Notifications can be sent when network/subnet/port are create, updated or deleted.
# There are three methods of sending notifications: logging (via the
# log_file directive), rpc (via a message queue) and
# noop (no notifications sent, the default)
# Notification_driver can be defined multiple times
# Do nothing driver
# notification_driver = neutron.openstack.common.notifier.no_op_notifier
# Logging driver
# notification_driver = neutron.openstack.common.notifier.log_notifier
# RPC driver. DHCP agents needs it.
#notification_driver = neutron.openstack.common.notifier.rpc_notifier
notification_driver = <%= node["openstack"]["network"]["notification_driver"] %>
# default_notification_level is used to form actual topic name(s) or to set logging level
default_notification_level = INFO
# default_publisher_id is a part of the notification payload
# host = myhost.com
# default_publisher_id = $host
# Defined in rpc_notifier, can be comma separated values.
# The actual topic names will be %s.%(default_notification_level)s
notification_topics = <%= node["openstack"]["mq"]["network"]["notification_topics"] %>
# Default maximum number of items returned in a single response,
# value == infinite and value < 0 means no max limit, and value must
# be greater than 0. If the number of items requested is greater than
# pagination_max_limit, server will just return pagination_max_limit
# of number of items.
# pagination_max_limit = -1
# Maximum number of DNS nameservers per subnet
# max_dns_nameservers = 5
# Maximum number of host routes per subnet
# max_subnet_host_routes = 20
# Maximum number of fixed ips per port
# max_fixed_ips_per_port = 5
# Maximum number of routes per router
# max_routes = 30
# =========== items for agent management extension =============
# Seconds to regard the agent as down; should be at least twice
# report_interval, to be sure the agent is down for good
agent_down_time = <%= node["openstack"]["network"]["api"]["agent"]["agent_down_time"] %>
# =========== end of items for agent management extension =====
# =========== items for agent scheduler extension =============
# Driver to use for scheduling network to DHCP agent
network_scheduler_driver = <%= node["openstack"]["network"]["dhcp"]["scheduler"] %>
# Driver to use for scheduling router to a default L3 agent
router_scheduler_driver = <%= node["openstack"]["network"]["l3"]["scheduler"] %>
# Driver to use for scheduling a loadbalancer pool to an lbaas agent
# loadbalancer_pool_scheduler_driver = neutron.services.loadbalancer.agent_scheduler.ChanceScheduler
# Allow auto scheduling networks to DHCP agent. It will schedule non-hosted
# networks to first DHCP agent which sends get_active_networks message to
# neutron server
# network_auto_schedule = True
# Allow auto scheduling routers to L3 agent. It will schedule non-hosted
# routers to first L3 agent which sends sync_routers message to neutron server
# router_auto_schedule = True
# Number of DHCP agents scheduled to host a network. This enables redundant
# DHCP agents for configured networks.
dhcp_agents_per_network = <%= node['openstack']['network']['dhcp']['dhcp_agents_per_network'] %>
# =========== end of items for agent scheduler extension =====
# =========== items for l3 extension ==============
# Enable high availability for virtual routers.
l3_ha = <%= node['openstack']['network']['l3']['ha']['l3_ha'] %>
# Maximum number of l3 agents which a HA router will be scheduled on. If it
# is set to 0 the router will be scheduled on every agent.
max_l3_agents_per_router = <%= node['openstack']['network']['l3']['ha']['max_l3_agents_per_router'] %>
# Minimum number of l3 agents which a HA router will be scheduled on. The
# default value is 2.
# min_l3_agents_per_router = 2
# CIDR of the administrative network if HA mode is enabled
# l3_ha_net_cidr = 169.254.192.0/18
# =========== end of items for l3 extension =======
# =========== WSGI parameters related to the API server ==============
# Number of separate worker processes to spawn. The default, 0, runs the
# worker thread in the current process. Greater than 0 launches that number of
# child processes as workers. The parent process manages them.
api_workers = <%= node["openstack"]["network"]["api_workers"] %>
# Number of separate RPC worker processes to spawn. The default, 0, runs the
# worker thread in the current process. Greater than 0 launches that number of
# child processes as RPC workers. The parent process manages them.
# This feature is experimental until issues are addressed and testing has been
# enabled for various plugins for compatibility.
rpc_workers = <%= node["openstack"]["network"]["rpc_workers"] %>
# Sets the value of TCP_KEEPIDLE in seconds to use for each server socket when
# starting API server. Not supported on OS X.
# tcp_keepidle = 600
# Number of seconds to keep retrying to listen
# retry_until_window = 30
# Number of backlog requests to configure the socket with.
# backlog = 4096
# Max header line to accommodate large tokens
# max_header_line = 16384
# Enable SSL on the API server
# use_ssl = False
# Certificate file to use when starting API server securely
# ssl_cert_file = /path/to/certfile
# Private key file to use when starting API server securely
# ssl_key_file = /path/to/keyfile
# CA certificate file to use when starting API server securely to
# verify connecting clients. This is an optional parameter only required if
# API clients need to authenticate to the API server using SSL certificates
# signed by a trusted CA
# ssl_ca_file = /path/to/cafile
# ======== end of WSGI parameters related to the API server ==========
# ======== neutron nova interactions ==========
# Send notification to nova when port status is active.
notify_nova_on_port_status_changes = <%= node["openstack"]["network"]["nova"]["notify_nova_on_port_status_changes"] %>
# Send notifications to nova when port data (fixed_ips/floatingips) change
# so nova can update it's cache.
notify_nova_on_port_data_changes = <%= node["openstack"]["network"]["nova"]["notify_nova_on_port_data_changes"] %>
# Number of seconds between sending events to nova if there are any events to send
send_events_interval = <%= node["openstack"]["network"]["nova"]["send_events_interval"] %>
# ======== end of neutron nova interactions ==========
# Misc options
<% if node["openstack"]["network"]["misc_neutron"] %>
<% node["openstack"]["network"]["misc_neutron"].each do |m| %>
<%= m %>
<% end %>
<% end %>
[matchmaker_redis]
#
# Options defined in oslo.messaging
#
# Host to locate redis. (string value)
#host=127.0.0.1
# Use this port to connect to redis host. (integer value)
#port=6379
# Password for Redis server (optional). (string value)
#password=<None>
[matchmaker_ring]
#
# Options defined in oslo.messaging
#
# Matchmaker ring file (JSON). (string value)
# Deprecated group/name - [DEFAULT]/matchmaker_ringfile
#ringfile=/etc/oslo/matchmaker_ring.json
[oslo_concurrency]
# Directory to use for lock files. For security, the specified directory should
# only be writable by the user running the processes that need locking.
# Defaults to environment variable OSLO_LOCK_PATH. If external locks are used,
# a lock path must be set.
lock_path = <%= node["openstack"]["network"]["lock_path"] %>
# Enables or disables inter-process locks.
# disable_process_locking = False
<% if @mq_service_type == "qpid" %>
[oslo_messaging_qpid]
#
# From oslo.messaging
#
# AMQP queue config options
amqp_durable_queues=<%= node['openstack']['mq']['network']['durable_queues'] %>
amqp_auto_delete=<%= node['openstack']['mq']['network']['auto_delete'] %>
##### QPID #####
rpc_backend=neutron.openstack.common.rpc.impl_qpid
qpid_hostname=<%= node["openstack"]["mq"]["network"]["qpid"]["host"] %>
qpid_port=<%= node["openstack"]["mq"]["network"]["qpid"]["port"] %>
qpid_password=<%= @mq_password %>
qpid_username=<%= node["openstack"]["mq"]["network"]["qpid"]["username"] %>
qpid_sasl_mechanisms=<%= node["openstack"]["mq"]["network"]["qpid"]["sasl_mechanisms"] %>
qpid_reconnect=<%= node["openstack"]["mq"]["network"]["qpid"]["reconnect"] %>
qpid_reconnect_timeout=<%= node["openstack"]["mq"]["network"]["qpid"]["reconnect_timeout"] %>
qpid_reconnect_limit=<%= node["openstack"]["mq"]["network"]["qpid"]["reconnect_limit"] %>
qpid_reconnect_interval_min=<%= node["openstack"]["mq"]["network"]["qpid"]["reconnect_interval_min"] %>
qpid_reconnect_interval_max=<%= node["openstack"]["mq"]["network"]["qpid"]["reconnect_interval_max"] %>
qpid_reconnect_interval=<%= node["openstack"]["mq"]["network"]["qpid"]["reconnect_interval"] %>
qpid_heartbeat=<%= node["openstack"]["mq"]["network"]["qpid"]["heartbeat"] %>
# qpid protocol. default 'tcp'. set to 'ssl' to enable SSL
qpid_protocol=<%= node["openstack"]["mq"]["network"]["qpid"]["protocol"] %>
qpid_tcp_nodelay=<%= node["openstack"]["mq"]["network"]["qpid"]["tcp_nodelay"] %>
qpid_topology_version=<%= node['openstack']['mq']['network']['qpid']['topology_version'] %>
<% end %>
<% if @mq_service_type == "rabbitmq" %>
[oslo_messaging_rabbit]
#
# From oslo.messaging
#
# Number of seconds after which the Rabbit broker is considered down if heartbeat's keep-alive fails (0 disable the heartbeat)
heartbeat_timeout_threshold=<%= node['openstack']['mq']['network']['rabbit']['heartbeat_timeout_threshold'] %>
# How often times during the heartbeat_timeout_threshold we check the heartbeat
heartbeat_rate=<%= node['openstack']['mq']['network']['rabbit']['heartbeat_rate'] %>
# AMQP queue config options
amqp_durable_queues=<%= node['openstack']['mq']['network']['durable_queues'] %>
amqp_auto_delete=<%= node['openstack']['mq']['network']['auto_delete'] %>
<% if node['openstack']['mq']['network']['rabbit']['use_ssl'] -%>
# Connect over SSL for RabbitMQ. (boolean value)
rabbit_use_ssl=true
<% if node['openstack']['mq']['network']['rabbit']['kombu_ssl_version'] -%>
# SSL version to use (valid only if SSL enabled). valid values
# are TLSv1 and SSLv23. SSLv2 and SSLv3 may be available on
# some distributions. (string value)
kombu_ssl_version=<%= node['openstack']['mq']['network']['rabbit']['kombu_ssl_version'] %>
<% end -%>
<% if node['openstack']['mq']['network']['rabbit']['kombu_ssl_keyfile'] -%>
# SSL key file (valid only if SSL enabled)
kombu_ssl_keyfile=<%= node['openstack']['mq']['network']['rabbit']['kombu_ssl_keyfile'] %>
<% end -%>
<% if node['openstack']['mq']['network']['rabbit']['kombu_ssl_certfile'] -%>
# SSL cert file (valid only if SSL enabled)
kombu_ssl_certfile=<%= node['openstack']['mq']['network']['rabbit']['kombu_ssl_certfile'] %>
<% end -%>
<% if node['openstack']['mq']['network']['rabbit']['kombu_ssl_ca_certs'] -%>
# SSL certification authority file (valid only if SSL enabled)
kombu_ssl_ca_certs=<%= node['openstack']['mq']['network']['rabbit']['kombu_ssl_ca_certs'] %>
<% end -%>
# How long to wait before reconnecting in response to an AMQP consumer cancel notification
kombu_reconnect_delay=<%= node['openstack']['mq']['network']['rabbit']['kombu_reconnect_delay'] %>
# How long to wait before considering a reconnect attempt to have failed.
# This value should not be longer than rpc_response_timeout
kombu_reconnect_timeout=<%= node['openstack']['mq']['network']['rabbit']['kombu_reconnect_timeout'] %>
<% end -%>
##### RABBITMQ #####
rpc_backend=neutron.openstack.common.rpc.impl_kombu
rabbit_userid=<%= node["openstack"]["mq"]["network"]["rabbit"]["userid"] %>
rabbit_password=<%= @mq_password %>
rabbit_virtual_host=<%= node["openstack"]["mq"]["network"]["rabbit"]["vhost"] %>
<% if node["openstack"]["mq"]["network"]["rabbit"]["ha"] %>
# Use HA queues in RabbitMQ (x-ha-policy: all).You need to
# wipe RabbitMQ database when changing this option. (boolean value)
rabbit_hosts=<%= @rabbit_hosts %>
rabbit_ha_queues=True
<% else %>
rabbit_host=<%= node["openstack"]["mq"]["network"]["rabbit"]["host"] %>
rabbit_port=<%= node["openstack"]["mq"]["network"]["rabbit"]["port"] %>
<% end %>
# Maximum retries with trying to connect to RabbitMQ
# (the default of 0 implies an infinite retry count)
rabbit_max_retries=<%= node["openstack"]["mq"]["network"]["rabbit"]["rabbit_max_retries"] %>
# RabbitMQ connection retry interval
rabbit_retry_interval=<%= node["openstack"]["mq"]["network"]["rabbit"]["rabbit_retry_interval"] %>
<% end %>
[quotas]
# Default driver to use for quota checks
# quota_driver = neutron.db.quota_db.DbQuotaDriver
# Resource name(s) that are supported in quota features
quota_items = <%= node["openstack"]["network"]["quota"]["items"] %>
# Default number of resource allowed per tenant. A negative value means
# unlimited.
default_quota = <%= node["openstack"]["network"]["quota"]["default"] %>
# Number of networks allowed per tenant. A negative value means unlimited.
quota_network = <%= node["openstack"]["network"]["quota"]["network"] %>
# Number of subnets allowed per tenant. A negative value means unlimited.
quota_subnet = <%= node["openstack"]["network"]["quota"]["subnet"] %>
# Number of ports allowed per tenant. A negative value means unlimited.
quota_port = <%= node["openstack"]["network"]["quota"]["port"] %>
# Number of security groups allowed per tenant. A negative value means
# unlimited.
quota_security_group = <%= node["openstack"]["network"]["quota"]["security_group"] %>
# Number of security group rules allowed per tenant. A negative value means
# unlimited.
quota_security_group_rule = <%= node["openstack"]["network"]["quota"]["security_group_rule"] %>
# Number of vips allowed per tenant. A negative value means unlimited.
quota_driver = <%= node["openstack"]["network"]["quota"]["driver"] %>
# Number of pools allowed per tenant. A negative value means unlimited.
# quota_pool = 10
# Number of pool members allowed per tenant. A negative value means unlimited.
# The default is unlimited because a member is not a real resource consumer
# on Openstack. However, on back-end, a member is a resource consumer
# and that is the reason why quota is possible.
# quota_member = -1
# Number of health monitors allowed per tenant. A negative value means
# unlimited.
# The default is unlimited because a health monitor is not a real resource
# consumer on Openstack. However, on back-end, a member is a resource consumer
# and that is the reason why quota is possible.
# quota_health_monitor = -1
# Number of routers allowed per tenant. A negative value means unlimited.
quota_router = <%= node["openstack"]["network"]["quota"]["router"] %>
# Number of floating IPs allowed per tenant. A negative value means unlimited.
quota_floatingip = <%= node["openstack"]["network"]["quota"]["floatingip"] %>
# Number of firewalls allowed per tenant. A negative value means unlimited.
# quota_firewall = 1
# Number of firewall policies allowed per tenant. A negative value means
# unlimited.
# quota_firewall_policy = 1
# Number of firewall rules allowed per tenant. A negative value means
# unlimited.
# quota_firewall_rule = 100
[agent]
# Use "sudo neutron-rootwrap /etc/neutron/rootwrap.conf" to use the real
# root filter facility.
# Change to "sudo" to skip the filtering and just run the comand directly
# root_helper = sudo
<% if node["openstack"]["network"]["use_rootwrap"] %>
root_helper = "sudo neutron-rootwrap /etc/neutron/rootwrap.conf"
<% end %>
# =========== items for agent management extension =============
# seconds between nodes reporting state to server; should be less than
# agent_down_time, best if it is half or less than agent_down_time
report_interval = <%= node["openstack"]["network"]["api"]["agent"]["agent_report_interval"] %>
# =========== end of items for agent management extension =====
[keystone_authtoken]
auth_uri = <%= @auth_uri %>
identity_uri = <%= @identity_uri %>
auth_version = <%= node['openstack']['network']['api']['auth']['version'] %>
admin_tenant_name = <%= node["openstack"]["network"]["service_tenant_name"] %>
admin_user = <%= node["openstack"]["network"]["service_user"] %>
admin_password = <%= @service_pass %>
signing_dir = <%= node["openstack"]["network"]["api"]["agent"]["signing_dir"] %>
<% unless node['openstack']['network']['api']['auth']['cafile'].nil? %>
cafile = <%= node['openstack']['network']['api']['auth']['cafile'] %>
<% end %>
<% unless node['openstack']['network']['api']['auth']['memcached_servers'].nil? %>
memcached_servers = <%= node['openstack']['network']['api']['auth']['memcached_servers'] %>
<% end %>
<% unless node['openstack']['network']['api']['auth']['memcache_security_strategy'].nil? %>
memcache_security_strategy = <%= node['openstack']['network']['api']['auth']['memcache_security_strategy'] %>
<% end %>
<% unless node['openstack']['network']['api']['auth']['memcache_secret_key'].nil? %>
memcache_secret_key = <%= node['openstack']['network']['api']['auth']['memcache_secret_key'] %>
<% end %>
hash_algorithms = <%= node['openstack']['network']['api']['auth']['hash_algorithms'] %>
insecure = <%= node['openstack']['network']['api']['auth']['insecure'] %>
[database]
# This line MUST be changed to actually run the plugin.
# Example:
# connection = mysql://root:pass@127.0.0.1:3306/neutron
# Replace 127.0.0.1 above with the IP address of the database used by the
# main neutron server. (Leave it as is if the database runs on this host.)
connection = <%= @sql_connection %>
# NOTE: In deployment the [database] section and its connection attribute may
# be set in the corresponding core plugin '.ini' file. However, it is suggested
# to put the [database] section and its connection attribute in this
# configuration file.
# Database engine for which script will be generated when using offline
# migration
# engine =
# The SQLAlchemy connection string used to connect to the slave database
<% if node['openstack']['endpoints']['db']['enabled_slave'] %>
slave_connection = <%= @slave_connection %>
<% else %>
slave_connection = <%= node['openstack']['db']['network']['slave_connection'] %>
<% end %>
# Database reconnection retry times - in event connectivity is lost
# set to -1 implies an infinite retry count
max_retries = <%= node['openstack']['db']['network']['max_retries'] %>
# Database reconnection interval in seconds - if the initial connection to the
# database fails
retry_interval = <%= node['openstack']['db']['network']['retry_interval'] %>
# Minimum number of SQL connections to keep open in a pool
min_pool_size = <%= node['openstack']['db']['network']['min_pool_size'] %>
# Maximum number of SQL connections to keep open in a pool
max_pool_size = <%= node['openstack']['db']['network']['max_pool_size'] %>
# Timeout in seconds before idle sql connections are reaped
idle_timeout = <%= node['openstack']['db']['network']['idle_timeout'] %>
# If set, use this value for max_overflow with sqlalchemy
max_overflow = <%= node['openstack']['db']['network']['max_overflow'] %>
# Verbosity of SQL debugging information. 0=None, 100=Everything
connection_debug = <%= node['openstack']['db']['network']['connection_debug'] %>
# Add python stack traces to SQL as comment strings
connection_trace = <%= node['openstack']['db']['network']['connection_trace'] %>
# If set, use this value for pool_timeout with sqlalchemy
pool_timeout = <%= node['openstack']['db']['network']['pool_timeout'] %>
[nova]
# Name of the plugin to load
auth_plugin = <%= node['openstack']['network']['nova']['auth_plugin'] %>
# Authorization URL for connection to nova in admin context.
auth_url = <%= @nova_auth_url %>
# Username for connection to nova in admin context
username = <%= node["openstack"]["network"]["nova"]["admin_username"] %>
user_domain_id = <%= node["openstack"]["network"]["nova"]["user_domain_id"] %>
# Password for connection to nova in admin context.
password = <%= @nova_admin_pass %>
# Project/tenant name. Keystone client v2 requires using tenant_name while v3 requires using project_name.
# The value for both of them is the same. Adding both of them to handle both situations.
tenant_name = <%= node["openstack"]["network"]["nova"]["project_name"] %>
project_name = <%= node["openstack"]["network"]["nova"]["project_name"] %>
# Project's domain ID for project.
project_domain_id = <%= node["openstack"]["network"]["nova"]["project_domain_id"] %>
# Boolean to control ignoring SSL errors on the nova url
# insecure = False
insecure = <%= node['openstack']['network']['nova']['insecure'] %>
<% if node['openstack']['network']['nova']['admin_tenant_id'] -%>
# The uuid of the admin nova tenant
admin_tenant_id = <%= node["openstack"]["network"]["nova"]["admin_tenant_id"] %>
<% end -%>
# Name of nova region to use. Useful if keystone manages more than one region
region_name = <%= node["openstack"]["network"]["nova"]["region_name"] %>
# CA file for novaclient to verify server certificates
<% if node['openstack']['network']['nova']['cafile'] -%>
cafile = <%= node['openstack']['network']['nova']['cafile'] %>
<% else -%>
# cafile =
<% end -%>
[service_providers]
# Specify service providers (drivers) for advanced services like loadbalancer, VPN, Firewall.
# Must be in form:
# service_provider=<service_type>:<name>:<driver>[:default]
# List of allowed service types includes LOADBALANCER, FIREWALL, VPN
# Combination of <service type> and <name> must be unique; <driver> must also be unique
# This is multiline option, example for default provider:
# service_provider=LOADBALANCER:name:lbaas_plugin_driver_path:default
# example of non-default provider:
# service_provider=FIREWALL:name2:firewall_driver_path
# --- Reference implementations ---
<% if node['openstack']['network']['service_provider'].any? %>
<% node['openstack']['network']['service_provider'].each do |provider| %>
service_provider = <%= provider %>
<% end %>
<% end %>
# =========== end of items for agent management extension =====

View File

@ -1,5 +0,0 @@
## Type: string
#
# location of the plugin configuration file
NEUTRON_PLUGIN_CONF="/etc/neutron/plugins/<%= @plugin_conf %>"

View File

@ -1,16 +0,0 @@
<%= node["openstack"]["network"]["custom_template_banner"] %>
[RESTPROXY]
# All configuration for this plugin is in section '[restproxy]'
#
# The following parameters are supported:
# servers : <host:port>[,<host:port>]* (Error if not set)
# server_auth : <username:password> (default: no auth)
# server_ssl : True | False (default: False)
# sync_data : True | False (default: False)
# server_timeout : 10 (default: 10 seconds)
#
servers = <%= node["openstack"]["network"]["bigswitch"]["servers"] %>
#server_auth=username:password
#server_ssl=True
#sync_data=True
#server_timeout=10

View File

@ -1,41 +0,0 @@
<%= node["openstack"]["network"]["custom_template_banner"] %>
[SWITCH]
# username = <mgmt admin username>
username = <%= node["openstack"]["network"]["brocade"]["switch_username"] %>
# password = <mgmt admin password>
password = <%= node["openstack"]["network"]["brocade"]["switch_password"] %>
# address = <switch mgmt ip address>
address = <%= node["openstack"]["network"]["brocade"]["switch_address"] %>
# ostype = NOS
ostype = <%= node["openstack"]["network"]["brocade"]["switch_ostype"] %>
# Example:
# username = admin
# password = password
# address = 10.24.84.38
# ostype = NOS
[PHYSICAL_INTERFACE]
# physical_interface = <physical network name>
#
# Example:
# physical_interface = physnet1
physical_interface = <%= node["openstack"]["network"]["brocade"]["physical_interface"] %>
[VLANS]
# network_vlan_ranges = <physical network name>:nnnn:mmmm
#
# Example:
# network_vlan_ranges = physnet1:1000:2999
network_vlan_ranges = <%= node["openstack"]["network"]["brocade"]["network_vlan_ranges"] %>
[AGENT]
# Example:
# root_helper = sudo /usr/local/bin/neutron-rootwrap /etc/neutron/rootwrap.conf
[LINUX_BRIDGE]
# physical_interface_mappings = <physical network name>:<local interface>
#
# Example:
# physical_interface_mappings = physnet1:em1
physical_interface_mappings = <%= node["openstack"]["network"]["brocade"]["physical_interface_mappings"] %>

View File

@ -1,26 +0,0 @@
<%= node["openstack"]["network"]["custom_template_banner"] %>
[CISCO_PLUGINS]
nexus_plugin = <%= node["openstack"]["network"]["cisco"]["nexus_plugin"] %>
vswitch_plugin = <%= node["openstack"]["network"]["cisco"]["vswitch_plugin"] %>
[CISCO]
vlan_start = <%= node["openstack"]["network"]["cisco"]["vlan_start"] %>
vlan_end = <%= node["openstack"]["network"]["cisco"]["vlan_end"] %>
vlan_name_prefix = <%= node["openstack"]["network"]["cisco"]["vlan_name_prefix"] %>
max_ports = <%= node["openstack"]["network"]["cisco"]["max_ports"] %>
max_port_profiles = <%= node["openstack"]["network"]["cisco"]["max_port_profiles"] %>
max_networks = <%= node["openstack"]["network"]["cisco"]["max_networks"] %>
model_class = <%= node["openstack"]["network"]["cisco"]["model_class"] %>
manager_class = <%= node["openstack"]["network"]["cisco"]["manager_class"] %>
nexus_driver = <%= node["openstack"]["network"]["cisco"]["nexus_driver"] %>
<%- node["openstack"]["network"]["cisco"]["nexus_switch"].each_pair do | ip, info | -%>
[NEXUS_SWITCH:<%= ip %>]
<%- info["hosts"].each do | host_info | -%>
<%= host_info[0] %> = <%= host_info[1] %>
<%- end -%>
ssh_port = <%= info["ssh_port"] %>
username = <%= info["username"] %>
password = <%= info["password"] %>
<%- end -%>

View File

@ -1,49 +0,0 @@
<%= node["openstack"]["network"]["custom_template_banner"] %>
[HYPERV]
# (StrOpt) Type of network to allocate for tenant networks. The
# default value 'local' is useful only for single-box testing and
# provides no connectivity between hosts. You MUST either change this
# to 'vlan' and configure network_vlan_ranges below or to 'flat'.
# Set to 'none' to disable creation of tenant networks.
#
# Default: tenant_network_type = local
# Example: tenant_network_type = vlan
tenant_network_type = <%= node["openstack"]["network"]["hyperv"]["tenant_network_type"] %>
# (ListOpt) Comma-separated list of
# <physical_network>[:<vlan_min>:<vlan_max>] tuples enumerating ranges
# of VLAN IDs on named physical networks that are available for
# allocation. All physical networks listed are available for flat and
# VLAN provider network creation. Specified ranges of VLAN IDs are
# available for tenant network allocation if tenant_network_type is
# 'vlan'. If empty, only gre and local networks may be created.
#
# Default: network_vlan_ranges =
# Example: network_vlan_ranges = physnet1:1000:2999
network_vlan_ranges = <%= node["openstack"]["network"]["hyperv"]["network_vlan_ranges"] %>
[AGENT]
# Agent's polling interval in seconds
polling_interval = <%= node["openstack"]["network"]["hyperv"]["polling_interval"] %>
# (ListOpt) Comma separated list of <physical_network>:<vswitch>
# where the physical networks can be expressed with wildcards,
# e.g.: ."*:external".
# The referred external virtual switches need to be already present on
# the Hyper-V server.
# If a given physical network name will not match any value in the list
# the plugin will look for a virtual switch with the same name.
#
# Default: physical_network_vswitch_mappings = *:external
# Example: physical_network_vswitch_mappings = net1:external1,net2:external2
physical_network_vswitch_mappings = <%= node["openstack"]["network"]["hyperv"]["physical_network_vswitch_mappings"] %>
# (StrOpt) Private virtual switch name used for local networking.
#
# Default: local_network_vswitch = private
# Example: local_network_vswitch = custom_vswitch
local_network_vswitch = <%= node["openstack"]["network"]["hyperv"]["local_network_vswitch"] %>
[SECURITYGROUP]
# Firewall driver for realizing neutron security group function
firewall_driver = <%= node["openstack"]["network"]["hyperv"]["firewall_driver"] %>

View File

@ -1,81 +0,0 @@
<%= node["openstack"]["network"]["custom_template_banner"] %>
[vlans]
# (StrOpt) Type of network to allocate for tenant networks. The
# default value 'local' is useful only for single-box testing and
# provides no connectivity between hosts. You MUST change this to
# 'vlan' and configure network_vlan_ranges below in order for tenant
# networks to provide connectivity between hosts. Set to 'none' to
# disable creation of tenant networks.
#
# Default: tenant_network_type = local
# Example: tenant_network_type = vlan
tenant_network_type = <%= node["openstack"]["network"]["linuxbridge"]["tenant_network_type"] %>
# (ListOpt) Comma-separated list of
# <physical_network>[:<vlan_min>:<vlan_max>] tuples enumerating ranges
# of VLAN IDs on named physical networks that are available for
# allocation. All physical networks listed are available for flat and
# VLAN provider network creation. Specified ranges of VLAN IDs are
# available for tenant network allocation if tenant_network_type is
# 'vlan'. If empty, only local networks may be created.
#
# Default: network_vlan_ranges =
# Example: network_vlan_ranges = physnet1:1000:2999
network_vlan_ranges = <%= node["openstack"]["network"]["linuxbridge"]["network_vlan_ranges"] %>
[linux_bridge]
# (ListOpt) Comma-separated list of
# <physical_network>:<physical_interface> tuples mapping physical
# network names to the agent's node-specific physical network
# interfaces to be used for flat and VLAN networks. All physical
# networks listed in network_vlan_ranges on the server should have
# mappings to appropriate interfaces on each agent.
#
# Default: physical_interface_mappings =
# Example: physical_interface_mappings = physnet1:eth1
physical_interface_mappings = <%= node['openstack']['network']['linuxbridge']['physical_interface_mappings'] %>
[vxlan]
# (BoolOpt) enable VXLAN on the agent
# VXLAN support can be enabled when agent is managed by ml2 plugin using
# linuxbridge mechanism driver. Useless if set while using linuxbridge plugin.
enable_vxlan = <%= node['openstack']['network']['linuxbridge']['enable_vxlan'] %>
# (IntOpt) use specific TTL for vxlan interface protocol packets
ttl = <%= node['openstack']['network']['linuxbridge']['ttl'] %>
# (IntOpt) use specific TOS for vxlan interface protocol packets
tos = <%= node['openstack']['network']['linuxbridge']['tos'] %>
# (StrOpt) multicast group to use for broadcast emulation.
# This group must be the same on all the agents.
vxlan_group = <%= node['openstack']['network']['linuxbridge']['vxlan_group'] %>
# (StrOpt) Local IP address to use for VXLAN endpoints (required)
local_ip = <%= @local_ip %>
# (BoolOpt) Flag to enable l2population extension. This option should be used
# in conjunction with ml2 plugin l2population mechanism driver (in that case,
# both linuxbridge and l2population mechanism drivers should be loaded).
# It enables plugin to populate VXLAN forwarding table, in order to limit
# the use of broadcast emulation (multicast will be turned off if kernel and
# iproute2 supports unicast flooding - requires 3.11 kernel and iproute2 3.10)
l2_population = <%= node['openstack']['network']['linuxbridge']['l2_population'] %>
[agent]
# Agent's polling interval in seconds
polling_interval = <%= node['openstack']['network']['linuxbridge']['polling_interval'] %>
# (BoolOpt) Enable server RPC compatibility with old (pre-havana)
# agents.
#
# rpc_support_old_agents = False
# Example: rpc_support_old_agents = True
rpc_support_old_agents = <%= node['openstack']['network']['linuxbridge']['rpc_support_old_agents'] %>
[securitygroup]
# Firewall driver for realizing neutron security group function
firewall_driver = <%= node['openstack']['network']['linuxbridge']['firewall_driver'] %>
# It should be false when you use nova security group.
enable_security_group = <%= node['openstack']['network']['linuxbridge']['enable_security_group'] %>

View File

@ -1,15 +0,0 @@
<%= node["openstack"]["network"]["custom_template_banner"] %>
[META]
## This is list of flavor:neutron_plugins
# extension method is used in the order of this list
plugin_list = <%= node["openstack"]["network"]["metaplugin"]["plugin_list"] %>
l3_plugin_list = <%= node["openstack"]["network"]["metaplugin"]["l3_plugin_list"] %>
# Default value of flavor
default_flavor = <%= node["openstack"]["network"]["metaplugin"]["default_flavor"] %>
default_l3_flavor = <%= node["openstack"]["network"]["metaplugin"]["default_l3_flavor"] %>
# supported extentions
supported_extension_aliases = providernet
# specific method map for each flavor to extensions
extension_map = get_port_stats:nvp

View File

@ -1,20 +0,0 @@
<%= node["openstack"]["network"]["custom_template_banner"] %>
[MIDONET]
# MidoNet API server URI
# midonet_uri = http://localhost:8080/midonet-api
midonet_uri = <%= node["openstack"]["network"]["midonet"]["midonet_uri"] %>
# MidoNet admin username
username = <%= node["openstack"]["network"]["midonet"]["username"] %>
# MidoNet admin password
password = <%= node["openstack"]["network"]["midonet"]["password"] %>
# ID of the project that MidoNet admin user belongs to
project_id = <%= node["openstack"]["network"]["midonet"]["project_id"] %>
# Virtual provider router ID
provider_router_id = <%= node["openstack"]["network"]["midonet"]["provider_router_id"] %>
# Virtual metadata router ID
metadata_router_id = <%= node["openstack"]["network"]["midonet"]["metadata_router_id"] %>

View File

@ -1,77 +0,0 @@
<%= node['openstack']['network']['custom_template_banner'] %>
[ml2]
# (ListOpt) List of network type driver entrypoints to be loaded from
# the neutron.ml2.type_drivers namespace.
#
# type_drivers = local,flat,vlan,gre,vxlan
# Example: type_drivers = flat,vlan,gre,vxlan
type_drivers = <%= node['openstack']['network']['ml2']['type_drivers'] %>
# (ListOpt) Ordered list of network_types to allocate as tenant
# networks. The default value 'local' is useful for single-box testing
# but provides no connectivity between hosts.
#
# tenant_network_types = local
# Example: tenant_network_types = vlan,gre,vxlan
tenant_network_types = <%= node['openstack']['network']['ml2']['tenant_network_types'] %>
# (ListOpt) Ordered list of networking mechanism driver entrypoints
# to be loaded from the neutron.ml2.mechanism_drivers namespace.
# mechanism_drivers =
# Example: mechanism_drivers = openvswitch,mlnx
# Example: mechanism_drivers = arista
# Example: mechanism_drivers = cisco,logger
# Example: mechanism_drivers = openvswitch,brocade
# Example: mechanism_drivers = linuxbridge,brocade
mechanism_drivers = <%= @mechanism_drivers %>
[ml2_type_flat]
# (ListOpt) List of physical_network names with which flat networks
# can be created. Use * to allow flat networks with arbitrary
# physical_network names.
#
# flat_networks =
# Example:flat_networks = physnet1,physnet2
# Example:flat_networks = *
flat_networks = <%= node['openstack']['network']['ml2']['flat_networks'] %>
[ml2_type_vlan]
# (ListOpt) List of <physical_network>[:<vlan_min>:<vlan_max>] tuples
# specifying physical_network names usable for VLAN provider and
# tenant networks, as well as ranges of VLAN tags on each
# physical_network available for allocation as tenant networks.
#
# network_vlan_ranges =
# Example: network_vlan_ranges = physnet1:1000:2999,physnet2
network_vlan_ranges = <%= node['openstack']['network']['ml2']['network_vlan_ranges'] %>
[ml2_type_gre]
# (ListOpt) Comma-separated list of <tun_min>:<tun_max> tuples enumerating ranges of GRE tunnel IDs that are available for tenant network allocation
tunnel_id_ranges = <%= node['openstack']['network']['ml2']['tunnel_id_ranges'] %>
[ml2_type_vxlan]
# (ListOpt) Comma-separated list of <vni_min>:<vni_max> tuples enumerating
# ranges of VXLAN VNI IDs that are available for tenant network allocation.
vni_ranges = <%= node['openstack']['network']['ml2']['vni_ranges'] %>
# (StrOpt) Multicast group for the VXLAN interface. When configured, will
# enable sending all broadcast traffic to this multicast group. When left
# unconfigured, will disable multicast VXLAN mode.
#
# vxlan_group =
# Example: vxlan_group = 239.1.1.1
vxlan_group = <%= node['openstack']['network']['ml2']['vxlan_group'] %>
[securitygroup]
# Controls if neutron security group is enabled or not.
# It should be false when you use nova security group.
enable_security_group = <%= node['openstack']['network']['ml2']['enable_security_group'] %>
# Use ipset to speed-up the iptables security groups. Enabling ipset support
# requires that ipset is installed on L2 agent node.
enable_ipset = <%= node['openstack']['network']['ml2']['enable_ipset'] %>
<% if node['platform_family'] == 'debian' -%>
# For ubuntu, pull in the openvswitch configuration
<%= render 'plugins/openvswitch/ovs_neutron_plugin.ini.erb' -%>
<% end -%>

View File

@ -1,33 +0,0 @@
<%= node["openstack"]["network"]["custom_template_banner"] %>
[OVS]
# Do not change this parameter unless you have a good reason to.
# This is the name of the OVS integration bridge. There is one per hypervisor.
# The integration bridge acts as a virtual "patch port". All VM VIFs are
# attached to this bridge and then "patched" according to their network
# connectivity.
integration_bridge = <%= node["openstack"]["network"]["nec"]["integration_bridge"] %>
[AGENT]
# Agent's polling interval in seconds
polling_interval = <%= node["openstack"]["network"]["nec"]["polling_interval"] %>
# Use "sudo neutron-rootwrap /etc/neutron/rootwrap.conf" to use the real
# root filter facility.
# Change to "sudo" to skip the filtering and just run the comand directly
root_helper = sudo
[SECURITYGROUP]
# Firewall driver for realizing neutron security group function
firewall_driver = <%= node["openstack"]["network"]["nec"]["firewall_driver"] %>
[OFC]
# Specify OpenFlow Controller Host, Port and Driver to connect.
host = <%= node["openstack"]["network"]["nec"]["ofc_host"] %>
port = <%= node["openstack"]["network"]["nec"]["ofc_port"] %>
# Drivers are in neutron/plugins/nec/drivers/ .
driver = <%= node["openstack"]["network"]["nec"]["ofc_driver"] %>
# PacketFilter is available when it's enabled in this configuration
# and supported by the driver.
enable_packet_filter = <%= node["openstack"]["network"]["nec"]["ofc_enable_packet_filter"] %>

View File

@ -1,87 +0,0 @@
<%= node["openstack"]["network"]["custom_template_banner"] %>
# #############################################################
# WARNINGS: The following deprecations have been made in the
# Havana release. Support for the options below will be removed
# in Ixxx.
#
# Section: [DEFAULT], Option: 'metadata_dhcp_host_route'
# Remarks: Use 'enable_isolated_metadata' in dhcp_agent.ini.
#
#
# Section: [CLUSTER:name], Option: 'nvp_controller_connection'
# Remarks: The configuration will allow the specification of
# a single cluster, therefore [CLUSTER:name] is no
# longer used. Use 'nvp_*', options, 'req_timeout',
# 'retries', etc. as indicated in the DEFAULT section.
# Support for multiple clusters will be added through
# an API extension.
# ##############################################################
[DEFAULT]
# User name for NVP controller
nvp_user = <%= node["openstack"]["network"]["nicira"]["nvp_user"] %>
# Password for NVP controller
nvp_password = <%= node["openstack"]["network"]["nicira"]["nvp_password"] %>
# Total time limit for a cluster request
# (including retries across different controllers)
req_timeout = <%= node["openstack"]["network"]["nicira"]["req_timeout"] %>
# Time before aborting a request on an unresponsive controller
http_timeout = <%= node["openstack"]["network"]["nicira"]["http_timeout"] %>
# Maximum number of times a particular request should be retried
retries = <%= node["openstack"]["network"]["nicira"]["retries"] %>
# Maximum number of times a redirect response should be followed
redirects = <%= node["openstack"]["network"]["nicira"]["redirects"] %>
# Comma-separated list of NVP controller endpoints (<ip>:<port>). When port
# is omitted, 443 is assumed. This option MUST be specified, e.g.:
nvp_controllers = <%= node["openstack"]["network"]["nicira"]["nvp_controllers"] %>
# UUID of the pre-existing default NVP Transport zone to be used for creating
# tunneled isolated "Neutron" networks. This option MUST be specified, e.g.:
default_tz_uuid = <%= node["openstack"]["network"]["nicira"]["default_tz_uuid"] %>
# (Optional) UUID of the cluster in NVP. It can be retrieved from NVP management
# console "admin" section.
nvp_cluster_uuid = <%= node["openstack"]["network"]["nicira"]["nvp_cluster_uuid"] %>
# (Optional) UUID for the default l3 gateway service to use with this cluster.
# To be specified if planning to use logical routers with external gateways.
default_l3_gw_service_uuid = <%= node["openstack"]["network"]["nicira"]["default_l3_gateway_service_uuid"] %>
# (Optional) UUID for the default l2 gateway service to use with this cluster.
# To be specified for providing a predefined gateway tenant for connecting their networks.
default_l2_gw_service_uuid = <%= node["openstack"]["network"]["nicira"]["default_l2_gateway_service_uuid"] %>
# Name of the default interface name to be used on network-gateway. This value
# will be used for any device associated with a network gateway for which an
# interface name was not specified
default_iface_name = <%= node["openstack"]["network"]["nicira"]["default_iface_name"] %>
[QUOTAS]
# number of network gateways allowed per tenant, -1 means unlimited
quota_network_gateway = <%= node["openstack"]["network"]["nicira"]["quota_network_gateway"] %>
[NVP]
# Maximum number of ports for each bridged logical switch
max_lp_per_bridged_ls = <%= node["openstack"]["network"]["nicira"]["max_lp_per_bridged_ls"] %>
# Maximum number of ports for each overlay (stt, gre) logical switch
max_lp_per_overlay_ls = <%= node["openstack"]["network"]["nicira"]["max_lp_per_overlay_ls"] %>
# Number of connects to each controller node.
concurrent_connections = <%= node["openstack"]["network"]["nicira"]["concurrent_connections"] %>
# Acceptable values for 'metadata_mode' are:
# - 'access_network': this enables a dedicated connection to the metadata
# proxy for metadata server access via Neutron router.
# - 'dhcp_host_route': this enables host route injection via the dhcp agent.
# This option is only useful if running on a host that does not support
# namespaces otherwise access_network should be used.
metadata_mode = <%= node["openstack"]["network"]["nicira"]["metadata_mode"] %>

View File

@ -1,209 +0,0 @@
<%= node["openstack"]["network"]["custom_template_banner"] %>
[OVS]
# (StrOpt) Type of network to allocate for tenant networks. The
# default value 'local' is useful only for single-box testing and
# provides no connectivity between hosts. You MUST either change this
# to 'vlan' and configure network_vlan_ranges below or change this to
# 'gre' or 'vxlan' and configure tunnel_id_ranges below in order for
# tenant networks to provide connectivity between hosts. Set to 'none'
# to disable creation of tenant networks.
#
# Default: tenant_network_type = local
# Example: tenant_network_type = gre
tenant_network_type = <%= node["openstack"]["network"]["openvswitch"]["tenant_network_type"] %>
# (ListOpt) Comma-separated list of
# <physical_network>[:<vlan_min>:<vlan_max>] tuples enumerating ranges
# of VLAN IDs on named physical networks that are available for
# allocation. All physical networks listed are available for flat and
# VLAN provider network creation. Specified ranges of VLAN IDs are
# available for tenant network allocation if tenant_network_type is
# 'vlan'. If empty, only gre, vxlan and local networks may be created.
#
# Default: network_vlan_ranges =
# Example: network_vlan_ranges = physnet1:1000:2999
<% if node["openstack"]["network"]["openvswitch"]["network_vlan_ranges"] -%>
network_vlan_ranges = <%= node["openstack"]["network"]["openvswitch"]["network_vlan_ranges"] %>
<% end -%>
# (BoolOpt) Set to True in the server and the agents to enable support
# for GRE or VXLAN networks. Requires kernel support for OVS patch ports and
# GRE or VXLAN tunneling.
#
# WARNING: This option will be deprecated in the Icehouse release, at which
# point setting tunnel_type below will be required to enable
# tunneling.
#
# Default: enable_tunneling = False
enable_tunneling = <%= node["openstack"]["network"]["openvswitch"]["enable_tunneling"] %>
# (StrOpt) The type of tunnel network, if any, supported by the plugin. If
# this is set, it will cause tunneling to be enabled. If this is not set and
# the option enable_tunneling is set, this will default to 'gre'.
# 'gre' or 'vxlan'
tunnel_type = <%= node["openstack"]["network"]["openvswitch"]["tunnel_type"] %>
# (ListOpt) Comma-separated list of <tun_min>:<tun_max> tuples
# enumerating ranges of GRE or VXLAN tunnel IDs that are available for
# tenant network allocation if tenant_network_type is 'gre' or 'vxlan'.
#
# Default: tunnel_id_ranges =
# Example: tunnel_id_ranges = 1:1000
<% if node["openstack"]["network"]["openvswitch"]["tunnel_id_ranges"] -%>
tunnel_id_ranges = <%= node["openstack"]["network"]["openvswitch"]["tunnel_id_ranges"] %>
<% end -%>
# Do not change this parameter unless you have a good reason to.
# This is the name of the OVS integration bridge. There is one per hypervisor.
# The integration bridge acts as a virtual "patch bay". All VM VIFs are
# attached to this bridge and then "patched" according to their network
# connectivity.
#
# Default: integration_bridge = br-int
<% if node["openstack"]["network"]["openvswitch"]["integration_bridge"] -%>
integration_bridge = <%= node["openstack"]["network"]["openvswitch"]["integration_bridge"] %>
<% end -%>
# Only used for the agent if tunnel_id_ranges (above) is not empty for
# the server. In most cases, the default value should be fine.
#
# Default: tunnel_bridge = br-tun
<% if node["openstack"]["network"]["openvswitch"]["tunnel_bridge"] -%>
tunnel_bridge = <%= node["openstack"]["network"]["openvswitch"]["tunnel_bridge"] %>
<% end -%>
# Peer patch port in integration bridge for tunnel bridge
# Default: int_peer_patch_port = patch-tun
<% if node["openstack"]["network"]["openvswitch"]["int_peer_patch_port"] -%>
int_peer_patch_port = <%= node["openstack"]["network"]["openvswitch"]["int_peer_patch_port"] %>
<% end -%>
# Peer patch port in tunnel bridge for integration bridge
# Default: tun_peer_patch_port = patch-int
<% if node["openstack"]["network"]["openvswitch"]["tun_peer_patch_port"] -%>
tun_peer_patch_port = <%= node["openstack"]["network"]["openvswitch"]["tun_peer_patch_port"] %>
<% end -%>
# Uncomment this line for the agent if tunnel_id_ranges (above) is not
# empty for the server. Set local-ip to be the local IP address of
# this hypervisor.
local_ip = <%= @local_ip %>
# (ListOpt) Comma-separated list of <physical_network>:<bridge> tuples
# mapping physical network names to the agent's node-specific OVS
# bridge names to be used for flat and VLAN networks. The length of
# bridge names should be no more than 11. Each bridge must
# exist, and should have a physical network interface configured as a
# port. All physical networks listed in network_vlan_ranges on the
# server should have mappings to appropriate bridges on each agent.
#
# Default: bridge_mappings =
# Example: bridge_mappings = physnet1:br-eth1
<% if node["openstack"]["network"]["openvswitch"]["bridge_mappings"] -%>
bridge_mappings = <%= node["openstack"]["network"]["openvswitch"]["bridge_mappings"] %>
<% end -%>
# (BoolOpt) Use veths instead of patch ports to interconnect the integration
# bridge to physical networks. Support kernel without ovs patch port support
# so long as it is set to True.
# use_veth_interconnection = False
[agent]
# Agent's polling interval in seconds
polling_interval = <%= node['openstack']['network']['openvswitch']['polling_interval'] %>
# Minimize polling by monitoring ovsdb for interface changes
# minimize_polling = True
# When minimize_polling = True, the number of seconds to wait before
# respawning the ovsdb monitor after losing communication with it
# ovsdb_monitor_respawn_interval = 30
# (ListOpt) The types of tenant network tunnels supported by the agent.
# Setting this will enable tunneling support in the agent. This can be set to
# either 'gre' or 'vxlan'. If this is unset, it will default to [] and
# disable tunneling support in the agent. When running the agent with the OVS
# plugin, this value must be the same as "tunnel_type" in the "[ovs]" section.
# When running the agent with ML2, you can specify as many values here as
# your compute hosts supports.
#
# tunnel_types =
# Example: tunnel_types = gre
# Example: tunnel_types = vxlan
# Example: tunnel_types = vxlan, gre
tunnel_types = <%= @tunnel_types %>
# (IntOpt) The port number to utilize if tunnel_types includes 'vxlan'. By
# default, this will make use of the Open vSwitch default value of '4789' if
# not specified.
#
# vxlan_udp_port =
# Example: vxlan_udp_port = 8472
# (IntOpt) This is the MTU size of veth interfaces.
# Do not change unless you have a good reason to.
# The default MTU size of veth interfaces is 1500.
# This option has no effect if use_veth_interconnection is False
# Example: veth_mtu = 1504
veth_mtu = <%= node["openstack"]["network"]["openvswitch"]["veth_mtu"] %>
# (BoolOpt) Flag to enable l2-population extension. This option should only be
# used in conjunction with ml2 plugin and l2population mechanism driver. It'll
# enable plugin to populate remote ports macs and IPs (using fdb_add/remove
# RPC calbbacks instead of tunnel_sync/update) on OVS agents in order to
# optimize tunnel management.
l2_population = <%= @l2_population %>
# Enable local ARP responder. Requires OVS 2.1. This is only used by the l2
# population ML2 MechanismDriver.
#
# arp_responder = False
# (BoolOpt) Set or un-set the don't fragment (DF) bit on outgoing IP packet
# carrying GRE/VXLAN tunnel. The default value is True.
#
# dont_fragment = True
# (BoolOpt) Set to True on L2 agents to enable support
# for distributed virtual routing.
enable_distributed_routing = <%= @enable_distributed_routing %>
[securitygroup]
# Firewall driver for realizing neutron security group function.
# Default: firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
firewall_driver = <%= node["openstack"]["network"]["openvswitch"]["fw_driver"] %>
# Controls if neutron security group is enabled or not.
# It should be false when you use nova security group.
enable_security_group = <%= node['openstack']['network']['openvswitch']['enable_security_group'] %>
#-----------------------------------------------------------------------------
# Sample Configurations.
#-----------------------------------------------------------------------------
#
# 1. With VLANs on eth1.
# [ovs]
# network_vlan_ranges = default:2000:3999
# tunnel_id_ranges =
# integration_bridge = br-int
# bridge_mappings = default:br-eth1
#
# 2. With GRE tunneling.
# [ovs]
# network_vlan_ranges =
# tunnel_id_ranges = 1:1000
# integration_bridge = br-int
# tunnel_bridge = br-tun
# local_ip = 10.0.0.3
#
# 3. With VXLAN tunneling.
# [ovs]
# network_vlan_ranges =
# tenant_network_type = vxlan
# tunnel_type = vxlan
# tunnel_id_ranges = 1:1000
# integration_bridge = br-int
# tunnel_bridge = br-tun
# local_ip = 10.0.0.3
# [agent]
# tunnel_types = vxlan

View File

@ -1,15 +0,0 @@
<%= node["openstack"]["network"]["custom_template_banner"] %>
[PLUMgridNOS]
# This line should be pointing to the NOS server,
# for the PLUMgrid platform. In other deployments,
# this is known as controller
nos_server = <%= node["openstack"]["network"]["plumgrid"]["nos_server"] %>
nos_server_port = <%= node["openstack"]["network"]["plumgrid"]["nos_server_port"] %>
# Authentification parameters for the NOS server.
# These are the admin credentials to manage and control
# the NOS server.
username = <%= node["openstack"]["network"]["plumgrid"]["username"] %>
password = <%= node["openstack"]["network"]["plumgrid"]["password"] %>
servertimeout = <%= node["openstack"]["network"]["plumgrid"]["servertimeout"] %>
# Name of the network topology to be deployed by NOS
topologyname = <%= node["openstack"]["network"]["plumgrid"]["topologyname"] %>

View File

@ -1,44 +0,0 @@
<%= node["openstack"]["network"]["custom_template_banner"] %>
[OVS]
# Do not change this parameter unless you have a good reason to.
# This is the name of the OVS integration bridge. There is one per hypervisor.
# The integration bridge acts as a virtual "patch port". All VM VIFs are
# attached to this bridge and then "patched" according to their network
# connectivity.
integration_bridge = <%= node["openstack"]["network"]["ryu"]["integration_bridge"] %>
# openflow_rest_api = <host IP address of ofp rest api service>:<port: 8080>
openflow_rest_api = <%= node["openstack"]["network"]["ryu"]["openflow_rest_api"] %>
# tunnel key range: 0 < tunnel_key_min < tunnel_key_max
# VLAN: 12bits, GRE, VXLAN: 24bits
tunnel_key_min = <%= node["openstack"]["network"]["ryu"]["tunnel_key_min"] %>
tunnel_key_max = <%= node["openstack"]["network"]["ryu"]["tunnel_key_max"] %>
# tunnel_ip = <ip address for tunneling>
# tunnel_interface = interface for tunneling
# when tunnel_ip is NOT specified, ip address is read
# from this interface
tunnel_ip = <%= node["openstack"]["network"]["ryu"]["tunnel_ip"] %>
tunnel_interface = <%= node["openstack"]["network"]["ryu"]["tunnel_interface"] %>
# ovsdb_port = port number on which ovsdb is listening
# ryu-agent uses this parameter to setup ovsdb.
# ovs-vsctl set-manager ptcp:<ovsdb_port>
# See set-manager section of man ovs-vsctl for details.
# currently ptcp is only supported.
# ovsdb_ip = <host IP address on which ovsdb is listening>
# ovsdb_interface = interface for ovsdb
# when ovsdb_addr NOT specifiied, ip address is gotten
# from this interface
ovsdb_port = <%= node["openstack"]["network"]["ryu"]["ovsdb_port"] %>
ovsdb_ip = <%= node["openstack"]["network"]["ryu"]["ovsdb_ip"] %>
ovsdb_interface = <%= node["openstack"]["network"]["ryu"]["ovsdb_interface"] %>
[SECURITYGROUP]
# Firewall driver for realizing neutron security group function
firewall_driver = <%= node["openstack"]["network"]["ryu"]["firewall_driver"] %>
[AGENT]
# Agent's polling interval in seconds
polling_interval = <%= node["openstack"]["network"]["ryu"]["polling_interval"] %>

View File

@ -1,36 +0,0 @@
<%= node["openstack"]["network"]["custom_template_banner"] %>
# Configuration for neutron-rootwrap
# This file should be owned by (and only-writeable by) the root user
[DEFAULT]
# List of directories to load filter definitions from (separated by ',').
# These directories MUST all be only writeable by root !
filters_path=<%= node['openstack']['network']['rootwrap']['filters_path'] %>
# List of directories to search executables in, in case filters do not
# explicitely specify a full path (separated by ',')
# If not specified, defaults to system PATH environment variable.
# These directories MUST all be only writeable by root !
exec_dirs=<%= node['openstack']['network']['rootwrap']['exec_dirs'] %>
# Enable logging to syslog
# Default value is False
use_syslog=<%= node['openstack']['network']['rootwrap']['use_syslog'] %>
# Which syslog facility to use.
# Valid values include auth, authpriv, syslog, local0, local1...
# Default value is 'syslog'
syslog_log_facility=<%= node['openstack']['network']['rootwrap']['syslog_log_facility'] %>
# Which messages to log.
# INFO means log all usage
# ERROR means only log unsuccessful attempts
syslog_log_level=<%= node['openstack']['network']['rootwrap']['syslog_log_level'] %>
[xenapi]
# XenAPI configuration is only required by the L2 agent if it is to
# target a XenServer/XCP compute host's dom0.
xenapi_connection_url=<None>
xenapi_connection_username=root
xenapi_connection_password=<None>

View File

@ -1,5 +0,0 @@
<%= node["openstack"]["network"]["custom_template_banner"] %>
[fwaas]
driver = <%= node['openstack']['network']['fwaas']['driver'] %>
enabled = <%= node['openstack']['network']['fwaas']['enabled'] %>

View File

@ -1,48 +0,0 @@
<%= node["openstack"]["network"]["custom_template_banner"] %>
[DEFAULT]
# Show debugging output in log (sets DEBUG log level output)
debug = <%= node["openstack"]["network"]["debug"] %>
# The LBaaS agent will resync its state with Neutron to recover from any
# transient notification or rpc errors. The interval is number of
# seconds between attempts.
periodic_interval = <%= node["openstack"]["network"]["lbaas"]["periodic_interval"] %>
# LBaas requires an interface driver be set. Choose the one that best
# matches your plugin.
<% case node["openstack"]["network"]["lbaas_plugin"]
when "ovs" %>
# OVS based plugins(OVS, Ryu, NEC, NVP, BigSwitch/Floodlight)
interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
# Use veth for an OVS interface or not.
# Support kernels with limited namespace support
# (e.g. RHEL 6.5) so long as ovs_use_veth is set to True.
ovs_use_veth = <%= node['openstack']['network']['lbaas']['ovs_use_veth'] %>
<% when "linuxbridge" %>
# LinuxBridge
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
<% else %>
# LBaaS currently supports openvswitch and linuxbridge drivers only.
# Custom driver can be set here if not using openvswitch or linuxbridge.
interface_driver = <%= node['openstack']['network']['lbaas']['custom_interface_driver'] %>
<% end %>
# The agent requires drivers to manage the loadbalancer. HAProxy is the opensource version.
# Multiple device drivers reflecting different service providers could be specified:
device_driver = <%= node['openstack']['network']['lbaas']['device_driver'] %>
[haproxy]
# Location to store config and state files
# loadbalancer_state_path = $state_path/lbaas
# The user group
<% if node['platform_family'] == 'debian' %>
user_group = nogroup
<% else %>
user_group = nobody
<% end %>
# When delete and re-add the same vip, send this many gratuitous ARPs to flush
# the ARP cache in the Router. Set it below or equal to 0 to disable this feature.
# send_gratuitous_arp = 3

View File

@ -1,35 +0,0 @@
<%= node["openstack"]["network"]["custom_template_banner"] %>
[DEFAULT]
# VPN-Agent configuration file
# Note vpn-agent inherits l3-agent, so you can use configs on l3-agent also
debug = <%= node["openstack"]["network"]["debug"] %>
interface_driver = <%= node["openstack"]["network"]["interface_driver"] %>
[vpnagent]
# vpn device drivers which vpn agent will use
# If we want to use multiple drivers, we need to define this option multiple times.
# NOTE: StrongSwan and openSwan cannot be installed at the same time. Thus, both cannot
# be enabled for use. In the future when flavors/STF support is available,
# this will still constrain the flavors which can be used together.
# vpn_device_driver=neutron_vpnaas.services.vpn.device_drivers.ipsec.OpenSwanDriver
# vpn_device_driver=neutron_vpnaas.services.vpn.device_drivers.cisco_ipsec.CiscoCsrIPsecDriver
# vpn_device_driver=neutron_vpnaas.services.vpn.device_drivers.vyatta_ipsec.VyattaIPSecDriver
# vpn_device_driver=neutron_vpnaas.services.vpn.device_drivers.strongswan_ipsec.StrongSwanDriver
# vpn_device_driver=another_driver
<% if node['openstack']['network']['vpn']['vpn_device_driver'].any? %>
<% node['openstack']['network']['vpn']['vpn_device_driver'].each do |driver| %>
vpn_device_driver=<%= driver %>
<% end %>
<% end %>
[ipsec]
# Status check interval
ipsec_status_check_interval = <%= node['openstack']['network']['vpn']['ipsec_status_check_interval'] %>
[strongswan]
# For fedora use:
# default_config_area=/usr/share/strongswan/templates/config/strongswan.d
# Default is for ubuntu use, /etc/strongswan.d
# default_config_area=/etc/strongswan.d
default_config_area=<%= node['openstack']['network']['platform']['default_config_area'] %>