- Cookstyle fixes
- Refactor Berksfile to use groups so we can exclude integration testing
cookbooks
- Update documentation
- Cleanup line wraps
- Enable sensitive resources for the template[/etc/neutron/neutron.conf] and
template[/etc/neutron/metadata_agent.ini] to resources improve security.
- Update delivery configuration to exclude integration cookbooks
- Fix ChefSpec output.
- Update lbaas recipe to use v2 agent driver.
- Add recommended configuration settings to neutron.conf based in Stein
installation docs.
- Remove any resources that define the default action.
- Switch package installations to send packages as arrays instead of individual
package resources. This generally speeds up chef runs.
- Manage /etc/neutron/neutron_lbaas.conf so we can set service_provider
properly.
- Add some missing ChefSpec tests.
- Configure neutron_lbaas.conf on Ubuntu in a manner that allows it to properly
pull in the configuration via the --config-dir option. This is due to the fact
we need to set an additional [service_providers] service_provider line and we
can't do that with hashes.
- Remove FWaaS as it's unmaintained upstream.
Depends-On: https://review.opendev.org/701027
Depends-On: https://review.opendev.org/706151
Change-Id: Id29884766440d37fa18fd62f3f93eecc22224d51
This updates all references of let(:chef_run) to cached(:chef_run) to
speed up tests. By doing this, we have to create a new cached(:chef_run)
block whenever we need to adjust node attributes for testing.
Additional fixes:
- Pull in openstack-network::ml2_core_plugin in server spec so that we get the
default attributes set
- Remove unused shared_examples
Speed was improved from 4 minutes 18.7 seconds to 1 minute 2.73 seconds
Change-Id: Ib10a6828e6886a57527a5e5a506cc57364ec0c2a
Python2.7 is going EOL soon, let us deploy python3 for Rocky from the
start, so we avoid having to switch later.
Depends-On: https://review.opendev.org/682918
Change-Id: I3be10959888870cec8774c2729465a0785eb837f
fog-openstack-1.x already appends "auth/tokens" so we no longer need to
do that. In addition, comment out endpoint type until this PR [1] gets
merged and released.
[1] https://github.com/fog/fog-openstack/pull/494
Depends-On: https://review.opendev.org/666176
Change-Id: Icc92d6c8eb868efbde904e6aeb9d36891ea8457a
Signed-off-by: Lance Albertson <lance@osuosl.org>
This patch removes the openstack_user resource with :grant_domain
action. A user is always created within a specific domain; such a
membership cannot be tacked on later. This resource gave the user the
role intended for their project for the domain (i.e., for the Default
domain instead of for the service project).
We add the domain_name attribute that creates the neutron user in the
desired domain. Note that this change needs a sufficiently recent
openstackclient cookbook -- otherwise the domain_name attribute is
ignored (which does not matter as long as the neutron user is to be
created in the Default domain).
Change-Id: I4b67565c9408c758acefc681dd756a1dca836ec3
This patch removes the role_name when using openstack_user's :create
action (it gets ignored by the target method).
Note that the spec test would still pass if only the line in
identity_registration.rb (but not the test) were changed, because the
code that actually does grant the role to the resource is executed right
after user creation and before any tests check the resource for the
existence of the role_name attribute. In other words: if the argument
were required in a call but only supplied in another call, the spec
tests would not catch it. Something to watch out for.
Change-Id: I9061b748281910bef3927757bdf22edfd36b7448
- Switched default linter to cookstyle
- Renamed rake tasks to better conform with Chef conventions
Change-Id: I5dd1971392fdf282d0f214dfce9dcbecc18542a8
- Corrections made to db_migration for Ocata
- Style and lint fixes for newer chefdk
- Rewrote metadata.rb for readability
- Added some defaults from the linuxbridge documentation for Ocata
in an attempt to get virtual networking functional out of the box
https://docs.openstack.org/ocata/install-guide-ubuntu/neutron-controller-install-option2.html
Change-Id: I16d6f892f325a80eb3eabd10110177246b63663f
- Now use cookbook-openstackclient to create endpoints role service and
user
- added domain creation and access granting
- added values to work with identity_v3
- rewrote specs to work again
- updated readme
- updated neutron-package dependencies for debian
Change-Id: I2d404a424bd79a6e9b282304e21591fa33a48981
Depends-On: I0f8955f05de9b33711c54b9a198f45018cceb8e1
* use StrongSwan driver instead of OpenSwan since xenial does not even provide
openswan packages anymore
* start and enable strongswan service (needs to be verified for centos)
* do not include ::l3_agent recipe in vpnaas recipe, since neutron-vpn-agent
fully replaces neutron-l3-agent
Change-Id: I81cd2e05273402e8db57f3ca5029fb4938bbfe29
This was incorrectly assuming the path used on Ubuntu/Debian. This correctly
points to the correct location that systemd uses.
Change-Id: I425f4dc565f7c6d5b27422f1023b428e91f71d7a
Signed-off-by: Lance Albertson <lance@osuosl.org>
These defaults are based on upstream documentation [1] and should work in most
environments. In addition, add RHEL chefspec tests and also test the config file
contents.
Without a default config of any kind, the plugin_config recipe fails due to an
empty attribute.
[1] http://docs.openstack.org/mitaka/install-guide-rdo/neutron.html
Change-Id: I037e51f40db5f73c8b9a3f6289287e82fb73f8a6
Signed-off-by: Lance Albertson <lance@osuosl.org>
The --service option to neutron-db-manage is deprecated and will be
removed soon. Use --subproject instead.
Related-Bug: #1501380
Change-Id: Idf3cbd65a49c676a0f90c0e49684e738e16e659b
Change Id350abd82df48c1e00e4b2bb8bc944658ddd85e6 replaced auth_plugin
with auth_type but missed one occurance in the default receipe.
Change-Id: I395b48616ea57167558df7c6a0dda30c01d724b1
* added recipe metering_agent following the structure of the other neutron
agents recipes
* added minimal viable config options to default attributes
* added specs
Change-Id: I5f7d8b8a650497b4bcfff5f2b02b0669df656732
* removed the creation of ovs bridges (except br-int) from all recipes,
since this can not be done in a sufficient generic way or only with a lot of
case switches to cope with all possible network setups
* added an example recipe to create all default ovs bridges from the
networking guide for legacy ovs setups (we should also create one for dvr later)
* splittet recipe ml2_openvswitch into seperate recipes for ml2_openvswitch config,
openvswitch_agent and openvswitch to allow bridge creation from wrapper recipe inbetween
and seperate configs from package installation
Change-Id: I6383575862ba110b3f3b5cba227288dc026fce77
* endpoint type (admin, internal, public) and service (identitiy, network etc.)
was switched during refactoring, this patch reverts this unintended switching
* edited bind_service service type from public,internal,admin to 'all'
for default binding to just one service
Change-Id: I9bf230ba53d23ce11a32acaea2410572eaeb6123
Depends-On: Iec485deaf415e4187a323435cce2b6bbadfc5d42
Depends-On: Ia5bddfc5e2fd77cd6e9e855c680b079f78fc1c3f
* added new logic to render plugin templates
* refactored recipe names to be more consistence
* moved version up to 13.0.0 for mitaka release
* removed suse as supported platform
* added verisionbumb for refactored os-identity and common
* adapted optimized endpoint logic
* added endpoint attributes to fit new endpoint logic
* adapted the specs (unit tests) to work again
* refactored attributes throughout all recipes that were connected to the
attributes used for the neutron.conf.erb template to adapt the new template
attribute syntax
* removed some attributes that were set to non default values, since the
defaults from neutron cloud and should be used instead
* moved all attributes form attributes/default.rb that were used in
neutron.conf.erb to attributes/neutron_conf.rb
* refactored attributes to fit new template logic
* refactored recipes/default.rb to fit new template logic
* removed all attributes set to default values in attribtues/default and
template
* replaced static plugin logic and templates with new config logic, following
the same principles as for neutron.conf
* renamed recipes to fit attributes and actual service names
* added recipes for ml2_core_plugin, ml2_openvswitch and ml2_linuxbridge as well
as a recipe for the creation of all plugin configs (plugin_conf) like plugin.ini
Change-Id: I9cc1b5cc069987ac83e064322c2291772505ff5f
Implements: blueprint cookbook-refactoring
Depends-On: I0547182085eed91d05384fdd7734408a839a9a2c
Depends-On: I3262b2e6f792f37c32a446e6567790b82bdd4613
Remove dup in attributes
Incorrect service resource name reference
iproute package in wrong spec
White space cleanup
Change-Id: I269012e141bee21d1122dec300ba2a80b3d31780
- According to the bool attribute
node['openstack']['endpoints']['db']['enabled_slave'], enable/disable
neutron database slave_connection
- Add the slave_connection generated from db_uri function
Implements: blueprint sql-slave-connection-support
Change-Id: I19fc7fb4ab4a62fcdea77c9c4d18135fb2f49d41
When lbaas or vpnaas is enabled, we should make sure related
packages are installed before neutron-server start, otherwise
neutron-server will crash for could find plugin list in
service_plugins.
Change-Id: I8d5939dacd74496158932b658c3aec4d78ad1fe9
Closes-Bug: #1486390
when external_network_bridge is not empty, and has been created in formal
deployment operation, at this time the external_network_interface should has
been added to the external_network_bridge, so if we run a update operation
on l3 agent recipe, it will try to add the interface to the bridge again,
that will return an error, add --may-exist to avoid it.
Change-Id: I40dabc862ae12dc4be81b196987b692a34c0c6c9
Partial-Bug: 1483994
external_network_bridge could be empty to support multiple external
networks, update l3_agent recipe to support this situation.
Change-Id: Idca94b9d40df750f89e70567e641fe96b6f4a4b1
Closes-Bug: #1483994
Hyperv mech_driver has been moved out of neutron core code, and it
became a stand alone package. Current network cookbook did not
install the hyperv mech_driver, so add the logic in hyperv recipe
to intall the hyperv mech_driver when the hyperv is configured in
mechanism_drivers of environment.
Currently there is no package for hyperv mech_driver in all linux
distribution, as the hyperv mech_driver code has been moved out of
neutron code. So here names the package networking-hyperv by
default, overwrite the package name when other users generate the
packages themselves.
Change-Id: I0d27f41e2dc068fc0dd2a67fef5999a006f685dd
Closes-Bug: 1475151
In order to allow components to better handle and respond to mq failures,
oslo has some heartbeat options that are useful.
Change-Id: Ief96c7fce659376f476b11b527c60ce999777b81
Partial-Bug: #1462438
After the refact of nova authentication in neutron, it supports
three auth_plugin: password, v2password, v3password. Each
auth_plugin match a different auth_url. For example:
a) password
auth_plugin = password
auth_url = http://127.0.0.1:35357/
b) v2password
auth_plugin = v2password
auth_url = http://127.0.0.1:35357/v2.0
c) v3password
auth_plugin = v3password
auth_url = http://127.0.0.1:35357/v3
The auth_url should be set following the auth_plugin automatically.
Change-Id: Ia584a6c6a64fcaa92012c957da004ac029ca7db2
Closes-bug: #1459594
Closes-bug: #1461480