Add neutron database config, better compat for supporting both names. Adds templates, fixes HAProxy context.

config.yaml

@@ -30,6 +30,14 @@ options:
     default: nova
     type: string
     description: Database name
+  neutron-database-user:
+    default: neutron
+    type: string
+    description: Username for Neutron database access (if enabled)
+  neutron-database:
+    default: neutron
+    type: string
+    description: Database name for Neutron (if enabled)
   network-manager:
     default: FlatDHCPManager
     type: string

hooks/charmhelpers/contrib/openstack/context.py

@@ -37,7 +37,6 @@ from charmhelpers.contrib.hahelpers.apache import (
 )
 
 from charmhelpers.contrib.openstack.neutron import (
-    network_manager,
     neutron_plugin_attribute,
 )
 
@@ -332,7 +331,8 @@ class NeutronContext(object):
 
     @property
     def packages(self):
-        return neutron_plugin_attribute(self.plugin, 'packages')
+        return neutron_plugin_attribute(
+            self.plugin, 'packages', self.network_manager)
 
     @property
     def neutron_security_groups(self):
@@ -353,10 +353,13 @@ class NeutronContext(object):
             out.write(self.plugin + '\n')
 
     def ovs_ctxt(self):
+        driver = neutron_plugin_attribute(self.plugin, 'driver',
+                                          self.network_manager),
+
         ovs_ctxt = {
             'neutron_plugin': 'ovs',
             # quantum.conf
-            'core_plugin': neutron_plugin_attribute(self.plugin, 'driver'),
+            'core_plugin': driver,
             # NOTE: network api class in template for each release.
             # nova.conf
             #'libvirt_vif_driver': n_driver,
@@ -396,5 +399,5 @@ class NeutronContext(object):
         if self.plugin == 'ovs':
             ctxt.update(self.ovs_ctxt())
 
-        self._save_flagfile()
+        self._save_flag_file()
         return ctxt

hooks/charmhelpers/contrib/openstack/neutron.py

@@ -0,0 +1,109 @@
+# Various utilies for dealing with Neutron and the renaming from Quantum.
+
+from charmhelpers.core.hookenv import (
+    config,
+    log,
+    ERROR,
+)
+
+from charmhelpers.contrib.openstack.utils import os_release
+
+
+# legacy
+def quantum_plugins():
+    from charmhelpers.contrib.openstack import context
+    return {
+        'ovs': {
+            'config': '/etc/quantum/plugins/openvswitch/'
+                      'ovs_quantum_plugin.ini',
+            'driver': 'quantum.plugins.openvswitch.ovs_quantum_plugin.'
+                      'OVSQuantumPluginV2',
+            'contexts': [
+                context.NeutronContext(),
+                context.SharedDBContext(user=config('neutron-database-user'),
+                                        database=config('neutron-database'),
+                                        relation_prefix='neutron')],
+            'services': ['quantum-plugin-openvswitch-agent'],
+            'packages': ['quantum-plugin-openvswitch-agent',
+                         'openvswitch-datapath-dkms'],
+        },
+        'nvp': {
+            'config': '/etc/quantum/plugins/nicira/nvp.ini',
+            'driver': 'quantum.plugins.nicira.nicira_nvp_plugin.'
+                      'QuantumPlugin.NvpPluginV2',
+            'services': [],
+            'packages': ['quantum-plugin-nicira'],
+        }
+    }
+
+
+def neutron_plugins():
+    from charmhelpers.contrib.openstack import context
+    return {
+        'ovs': {
+            'config': '/etc/neutron/plugins/openvswitch/'
+                      'ovs_neutron_plugin.ini',
+            'driver': 'neutron.plugins.openvswitch.ovs_neutron_plugin.'
+                      'OVSNeutronPluginV2',
+            'contexts': [
+                context.SharedDBContext(user=config('neutron-database-user'),
+                                        database=config('neutron-database'),
+                                        relation_prefix='neutron')],
+            'services': ['neutron-plugin-openvswitch-agent'],
+            'packages': ['neutron-plugin-openvswitch-agent',
+                         'openvswitch-datapath-dkms'],
+        },
+        'nvp': {
+            'config': '/etc/neutron/plugins/nicira/nvp.ini',
+            'driver': 'neutron.plugins.nicira.nicira_nvp_plugin.'
+                      'NeutronPlugin.NvpPluginV2',
+            'services': [],
+            'packages': ['neutron-plugin-nicira'],
+        }
+    }
+
+
+def neutron_plugin_attribute(plugin, attr, net_manager=None):
+    manager = net_manager or network_manager()
+    if manager == 'quantum':
+        plugins = quantum_plugins()
+    elif manager == 'neutron':
+        plugins = neutron_plugins()
+    else:
+        log('Error: Network manager does not support plugins.')
+        raise Exception
+
+    try:
+        _plugin = plugins[plugin]
+    except KeyError:
+        log('Unrecognised plugin for %s: %s' % (manager, plugin), level=ERROR)
+        raise
+
+    try:
+        return _plugin[attr]
+    except KeyError:
+        return None
+
+
+def network_manager():
+    '''
+    Deals with the renaming of Quantum to Neutron in H and any situations
+    that require compatability (eg, deploying H with network-manager=quantum,
+    upgrading from G).
+    '''
+    release = os_release('nova-common')
+    manager = config('network-manager').lower()
+
+    if manager not in ['quantum', 'neutron']:
+        return manager
+
+    if release in ['essex']:
+        # E does not support neutron
+        log('Neutron networking not supported in Essex.', level=ERROR)
+        raise
+    elif release in ['folsom', 'grizzly']:
+        # neutron is named quantum in F and G
+        return 'quantum'
+    else:
+        # ensure accurate naming for all releases post-H
+        return 'neutron'

hooks/nova_cc_context.py

@@ -58,23 +58,33 @@ class HAProxyContext(context.HAProxyContext):
             # we do not have any other peers, do not load balance yet.
             return {}
 
-        ctxt = {
-            'osapi_compute_listen_port': api_port('nova-api-os-compute'),
-            'ec2_listen_port': api_port('nova-api-ec2'),
-            's3_listen_port': api_port('nova-objectstore'),
+        # determine which port api processes should bind to, depending
+        # on existence of haproxy + apache frontends
+        compute_api = determine_api_port(api_port('nova-api-os-compute'))
+        ec2_api = determine_api_port(api_port('nova-api-ec2'))
+        s3_api = determine_api_port(api_port('nova-objectstore'))
+        nvol_api = determine_api_port(api_port('nova-api-os-volume'))
+        neutron_api = determine_api_port(api_port('neutron-server'))
+
+        # to be set in nova.conf accordingly.
+        listen_ports = {
+            'osapi_compute_listen_port': compute_api,
+            'ec2_listen_port': ec2_api,
+            's3_listen_port': s3_api,
         }
+
         port_mapping = {
             'nova-api-os-compute': [
                 determine_haproxy_port(api_port('nova-api-os-compute')),
-                determine_api_port(api_port('nova-api-os-compute'))
+                compute_api,
             ],
             'nova-api-ec2': [
                 determine_haproxy_port(api_port('nova-api-ec2')),
-                determine_api_port(api_port('nova-api-ec2'))
+                ec2_api,
             ],
             'nova-objectstore': [
                 determine_haproxy_port(api_port('nova-objectstore')),
-                determine_api_port(api_port('nova-objectstore'))
+                s3_api,
             ],
         }
 
@@ -82,18 +92,24 @@ class HAProxyContext(context.HAProxyContext):
             port_mapping.update({
                 'nova-api-ec2': [
                     determine_haproxy_port(api_port('nova-api-ec2')),
-                    determine_api_port(api_port('nova-api-ec2'))]
+                    nvol_api],
             })
-            ctxt['osapi_volume_listen_port'] = api_port('nova-api-os-volume')
+            listen_ports['osapi_volume_listen_port'] = nvol_api
 
         if neutron.network_manager() in ['neutron', 'quantum']:
             port_mapping.update({
                 'neutron-server': [
                     determine_haproxy_port(api_port('neutron-server')),
-                    determine_api_port(api_port('neutron-server'))]
+                    neutron_api]
             })
-            ctxt['bind_port'] = api_port('neutron-server')
+            # quantum/neutron.conf listening port, set separte from nova's.
+            ctxt['neutron_bind_port'] = neutron_api
+
+        # for haproxy.conf
         ctxt['service_ports'] = port_mapping
+        # for nova.conf
+        ctxt['listen_ports'] = listen_ports
+        return ctxt
 
 
 class NeutronCCContext(context.NeutronContext):
@@ -101,7 +117,8 @@ class NeutronCCContext(context.NeutronContext):
 
     @property
     def plugin(self):
-        return neutron.neutron_plugin()
+        from nova_cc_utils import neutron_plugin
+        return neutron_plugin()
 
     @property
     def network_manager(self):

hooks/nova_cc_hooks.py

@@ -26,13 +26,13 @@ from charmhelpers.contrib.openstack.utils import (
     openstack_upgrade_available,
 )
 
-from charmhelpers.contrib.openstack.utils import (
+from charmhelpers.contrib.openstack.neutron import (
     network_manager,
-    neutron_plugin,
     neutron_plugin_attribute,
 )
 
 from nova_cc_utils import (
+    api_port,
     auth_token_config,
     determine_endpoints,
     determine_packages,
@@ -40,6 +40,7 @@ from nova_cc_utils import (
     do_openstack_upgrade,
     keystone_ca_cert_b64,
     migrate_database,
+    neutron_plugin,
     save_script_rc,
     ssh_compute_add,
     ssh_compute_remove,
@@ -81,7 +82,6 @@ def config_changed():
 
 
 @hooks.hook('amqp-relation-joined')
-@restart_on_change(restart_map())
 def amqp_joined():
     relation_set(username=config('rabbit-user'), vhost=config('rabbit-vhost'))
 
@@ -139,10 +139,9 @@ def image_service_changed():
 
 
 @hooks.hook('identity-service-relation-joined')
-@restart_on_change(restart_map())
 def identity_joined(rid=None):
     base_url = canonical_url(CONFIGS)
-    relation_set(rid=rid, **determine_endpoints(base_url))
+    relation_set(relation_id=rid, **determine_endpoints(base_url))
 
 
 @hooks.hook('identity-service-relation-changed')
@@ -157,6 +156,7 @@ def identity_changed():
         CONFIGS.write('/etc/quantum/quantum.conf')
     if network_manager() == 'neutron':
         CONFIGS.write('/etc/neutron/neutron.conf')
+    [compute_joined(rid) for rid in relation_ids('cloud-compute')]
     # XXX configure quantum networking
 
 
@@ -190,10 +190,10 @@ def _auth_config():
 
 @hooks.hook('cloud-compute-relation-joined')
 def compute_joined(rid=None):
-    if not eligible_leader():
+    if not eligible_leader(CLUSTER_RES):
         return
     rel_settings = {
-        'network_manager': config('network-manager'),
+        'network_manager': network_manager(),
         'volume_service': volume_service(),
         # (comment from bash vers) XXX Should point to VIP if clustered, or
         # this may not even be needed.
@@ -205,17 +205,20 @@ def compute_joined(rid=None):
     if network_manager() in ['quantum', 'neutron']:
         if ks_auth_config:
             rel_settings.update(ks_auth_config)
-            rel_settings.update({
-                # XXX: Rename these relations settings?
-                'quantum_plugin': neutron_plugin(),
-                'region': config('region'),
-                'quantum_security_groups': config('quantum_security_groups'),
-            })
+
+        rel_settings.update({
+            # XXX: Rename these relations settings?
+            'quantum_plugin': neutron_plugin(),
+            'region': config('region'),
+            'quantum_security_groups': config('quantum_security_groups'),
+            'quantum_url': (canonical_url(CONFIGS) + ':' +
+                            str(api_port('neutron-server'))),
+        })
 
     ks_ca = keystone_ca_cert_b64()
     if ks_auth_config and ks_ca:
         rel_settings['ca_cert'] = ks_ca
-    relation_set(rid=rid, **rel_settings)
+    relation_set(relation_id=rid, **rel_settings)
 
 
 @hooks.hook('cloud-compute-relation-changed')
@@ -238,7 +241,7 @@ def compute_departed():
 @hooks.hook('neutron-network-service-relation-joined',
             'quantum-network-service-relation-joined')
 def quantum_joined(rid=None):
-    if not eligible_leader():
+    if not eligible_leader(CLUSTER_RES):
         return
 
     if network_manager() == 'quantum':

hooks/nova_cc_utils.py

@@ -7,7 +7,8 @@ from collections import OrderedDict
 from copy import deepcopy
 
 from charmhelpers.contrib.openstack import context, templating
-from charmhelpers.contrib.openstack.neutron import network_manager
+from charmhelpers.contrib.openstack.neutron import (
+    network_manager, neutron_plugin_attribute)
 
 from charmhelpers.contrib.openstack.utils import (
     os_release,
@@ -60,6 +61,7 @@ BASE_RESOURCE_MAP = OrderedDict([
         'contexts': [context.AMQPContext(),
                      context.SharedDBContext(relation_prefix='nova'),
                      context.ImageServiceContext(),
+                     nova_cc_context.HAProxyContext(),
                      nova_cc_context.NeutronCCContext(),
                      nova_cc_context.VolumeServiceContext()],
     }),
@@ -115,13 +117,31 @@ def resource_map():
         resource_map['/etc/nova/nova.conf']['services'].append(
             'nova-api-os-volume')
 
-    if network_manager() != 'quantum':
+    net_manager = network_manager()
+
+    # pop out irrelevant resources from the OrderedDict (easier than adding
+    # them late)
+    if net_manager != 'quantum':
         [resource_map.pop(k) for k in list(resource_map.iterkeys())
          if 'quantum' in k]
-    if network_manager() != 'neutron':
+    if net_manager != 'neutron':
         [resource_map.pop(k) for k in list(resource_map.iterkeys())
          if 'neutron' in k]
 
+    # add neutron plugin requirements.
+    if net_manager in ['quantum', 'neutron']:
+        plugin = neutron_plugin()
+        if plugin:
+            conf = neutron_plugin_attribute(plugin, 'config', net_manager)
+            svcs = neutron_plugin_attribute(plugin, 'services', net_manager)
+            ctxts = (neutron_plugin_attribute(plugin, 'contexts', net_manager)
+                     or [])
+            resource_map[conf] = {}
+            resource_map[conf]['services'] = svcs
+            resource_map[conf]['contexts'] = ctxts
+            resource_map[conf]['contexts'].append(
+                nova_cc_context.NeutronCCContext())
+
     return resource_map
 
 
@@ -199,7 +219,7 @@ def volume_service():
 
 def migrate_database():
     '''Runs nova-manage to initialize a new database or migrate existing'''
-    log('Migrating the nova database', level=INFO)
+    log('Migrating the nova database.', level=INFO)
     cmd = ['nova-manage', 'db', 'sync']
     subprocess.check_call(cmd)
 
@@ -331,10 +351,10 @@ def determine_endpoints(url):
     region = config('region')
 
     # TODO: Configurable nova API version.
-    nova_url = ('%s:%s/v1.1/\$tenant_id)s' %
+    nova_url = ('%s:%s/v1.1/$(tenant_id)s' %
                 (url, api_port('nova-api-os-compute')))
     ec2_url = '%s:%s/services/Cloud' % (url, api_port('nova-api-ec2'))
-    nova_volume_url = ('%s:%s/v1/\$(tenant_id)s' %
+    nova_volume_url = ('%s:%s/v1/$(tenant_id)s' %
                        (url, api_port('nova-api-os-compute')))
     neutron_url = '%s:%s' % (url, api_port('neutron-server'))
     s3_url = '%s:%s' % (url, api_port('nova-objectstore'))
@@ -378,3 +398,9 @@ def determine_endpoints(url):
         })
 
     return endpoints
+
+
+def neutron_plugin():
+    # quantum-plugin config setting can be safely overriden
+    # as we only supported OVS in G/neutron
+    return config('neutron-plugin') or config('quantum-plugin')

revision

@@ -1 +1 @@
-279
+295

templates/essex/etc_nova_api-paste.ini

@@ -0,0 +1,162 @@
+# essex
+###############################################################################
+# [ WARNING ]
+# Configuration file maintained by Juju. Local changes may be overwritten.
+###############################################################################
+############
+# Metadata #
+############
+[composite:metadata]
+use = egg:Paste#urlmap
+/: metaversions
+/latest: meta
+/1.0: meta
+/2007-01-19: meta
+/2007-03-01: meta
+/2007-08-29: meta
+/2007-10-10: meta
+/2007-12-15: meta
+/2008-02-01: meta
+/2008-09-01: meta
+/2009-04-04: meta
+
+[pipeline:metaversions]
+pipeline = ec2faultwrap logrequest metaverapp
+
+[pipeline:meta]
+pipeline = ec2faultwrap logrequest metaapp
+
+[app:metaverapp]
+paste.app_factory = nova.api.metadata.handler:Versions.factory
+
+[app:metaapp]
+paste.app_factory = nova.api.metadata.handler:MetadataRequestHandler.factory
+
+#######
+# EC2 #
+#######
+
+[composite:ec2]
+use = egg:Paste#urlmap
+/services/Cloud: ec2cloud
+
+[composite:ec2cloud]
+use = call:nova.api.auth:pipeline_factory
+noauth = ec2faultwrap logrequest ec2noauth cloudrequest validator ec2executor
+deprecated = ec2faultwrap logrequest authenticate cloudrequest validator ec2executor
+keystone = ec2faultwrap logrequest ec2keystoneauth cloudrequest validator ec2executor
+
+[filter:ec2faultwrap]
+paste.filter_factory = nova.api.ec2:FaultWrapper.factory
+
+[filter:logrequest]
+paste.filter_factory = nova.api.ec2:RequestLogging.factory
+
+[filter:ec2lockout]
+paste.filter_factory = nova.api.ec2:Lockout.factory
+
+[filter:totoken]
+paste.filter_factory = nova.api.ec2:EC2Token.factory
+
+[filter:ec2keystoneauth]
+paste.filter_factory = nova.api.ec2:EC2KeystoneAuth.factory
+
+[filter:ec2noauth]
+paste.filter_factory = nova.api.ec2:NoAuth.factory
+
+[filter:authenticate]
+paste.filter_factory = nova.api.ec2:Authenticate.factory
+
+[filter:cloudrequest]
+controller = nova.api.ec2.cloud.CloudController
+paste.filter_factory = nova.api.ec2:Requestify.factory
+
+[filter:authorizer]
+paste.filter_factory = nova.api.ec2:Authorizer.factory
+
+[filter:validator]
+paste.filter_factory = nova.api.ec2:Validator.factory
+
+[app:ec2executor]
+paste.app_factory = nova.api.ec2:Executor.factory
+
+#############
+# Openstack #
+#############
+
+[composite:osapi_compute]
+use = call:nova.api.openstack.urlmap:urlmap_factory
+/: oscomputeversions
+/v1.1: openstack_compute_api_v2
+/v2: openstack_compute_api_v2
+
+[composite:osapi_volume]
+use = call:nova.api.openstack.urlmap:urlmap_factory
+/: osvolumeversions
+/v1: openstack_volume_api_v1
+
+[composite:openstack_compute_api_v2]
+use = call:nova.api.auth:pipeline_factory
+noauth = faultwrap noauth ratelimit osapi_compute_app_v2
+deprecated = faultwrap auth ratelimit osapi_compute_app_v2
+keystone = faultwrap authtoken keystonecontext ratelimit osapi_compute_app_v2
+keystone_nolimit = faultwrap authtoken keystonecontext osapi_compute_app_v2
+
+[composite:openstack_volume_api_v1]
+use = call:nova.api.auth:pipeline_factory
+noauth = faultwrap noauth ratelimit osapi_volume_app_v1
+deprecated = faultwrap auth ratelimit osapi_volume_app_v1
+keystone = faultwrap authtoken keystonecontext ratelimit osapi_volume_app_v1
+keystone_nolimit = faultwrap authtoken keystonecontext osapi_volume_app_v1
+
+[filter:faultwrap]
+paste.filter_factory = nova.api.openstack:FaultWrapper.factory
+
+[filter:auth]
+paste.filter_factory = nova.api.openstack.auth:AuthMiddleware.factory
+
+[filter:noauth]
+paste.filter_factory = nova.api.openstack.auth:NoAuthMiddleware.factory
+
+[filter:ratelimit]
+paste.filter_factory = nova.api.openstack.compute.limits:RateLimitingMiddleware.factory
+
+[app:osapi_compute_app_v2]
+paste.app_factory = nova.api.openstack.compute:APIRouter.factory
+
+[pipeline:oscomputeversions]
+pipeline = faultwrap oscomputeversionapp
+
+[app:osapi_volume_app_v1]
+paste.app_factory = nova.api.openstack.volume:APIRouter.factory
+
+[app:oscomputeversionapp]
+paste.app_factory = nova.api.openstack.compute.versions:Versions.factory
+
+[pipeline:osvolumeversions]
+pipeline = faultwrap osvolumeversionapp
+
+[app:osvolumeversionapp]
+paste.app_factory = nova.api.openstack.volume.versions:Versions.factory
+
+##########
+# Shared #
+##########
+
+[filter:keystonecontext]
+paste.filter_factory = nova.api.auth:NovaKeystoneContext.factory
+
+[filter:authtoken]
+paste.filter_factory = keystone.middleware.auth_token:filter_factory
+{% if service_host -%}
+service_protocol = {{ service_protocol }}
+service_host = {{ service_host }}
+service_port = {{ service_port }}
+auth_host = {{ auth_host }}
+auth_port = {{ auth_port }}
+auth_protocol =  {{ auth_protocol }}
+admin_tenant_name = {{ admin_tenant_name }}
+admin_user = {{ admin_user }}
+admin_password = {{ admin_password }}
+{% endif -%}
+

templates/folsom/etc_nova_api-paste.ini

@@ -0,0 +1,141 @@
+# folsom
+###############################################################################
+# [ WARNING ]
+# Configuration file maintained by Juju. Local changes may be overwritten.
+###############################################################################
+############
+# Metadata #
+############
+[composite:metadata]
+use = egg:Paste#urlmap
+/: meta
+
+[pipeline:meta]
+pipeline = ec2faultwrap logrequest metaapp
+
+[app:metaapp]
+paste.app_factory = nova.api.metadata.handler:MetadataRequestHandler.factory
+
+#######
+# EC2 #
+#######
+
+[composite:ec2]
+use = egg:Paste#urlmap
+/services/Cloud: ec2cloud
+
+[composite:ec2cloud]
+use = call:nova.api.auth:pipeline_factory
+noauth = ec2faultwrap logrequest ec2noauth cloudrequest validator ec2executor
+keystone = ec2faultwrap logrequest ec2keystoneauth cloudrequest validator ec2executor
+
+[filter:ec2faultwrap]
+paste.filter_factory = nova.api.ec2:FaultWrapper.factory
+
+[filter:logrequest]
+paste.filter_factory = nova.api.ec2:RequestLogging.factory
+
+[filter:ec2lockout]
+paste.filter_factory = nova.api.ec2:Lockout.factory
+
+[filter:ec2keystoneauth]
+paste.filter_factory = nova.api.ec2:EC2KeystoneAuth.factory
+
+[filter:ec2noauth]
+paste.filter_factory = nova.api.ec2:NoAuth.factory
+
+[filter:cloudrequest]
+controller = nova.api.ec2.cloud.CloudController
+paste.filter_factory = nova.api.ec2:Requestify.factory
+
+[filter:authorizer]
+paste.filter_factory = nova.api.ec2:Authorizer.factory
+
+[filter:validator]
+paste.filter_factory = nova.api.ec2:Validator.factory
+
+[app:ec2executor]
+paste.app_factory = nova.api.ec2:Executor.factory
+
+#############
+# Openstack #
+#############
+
+[composite:osapi_compute]
+use = call:nova.api.openstack.urlmap:urlmap_factory
+/: oscomputeversions
+/v1.1: openstack_compute_api_v2
+/v2: openstack_compute_api_v2
+
+[composite:osapi_volume]
+use = call:nova.api.openstack.urlmap:urlmap_factory
+/: osvolumeversions
+/v1: openstack_volume_api_v1
+
+[composite:openstack_compute_api_v2]
+use = call:nova.api.auth:pipeline_factory
+noauth = faultwrap sizelimit noauth ratelimit osapi_compute_app_v2
+keystone = faultwrap sizelimit authtoken keystonecontext ratelimit osapi_compute_app_v2
+keystone_nolimit = faultwrap sizelimit authtoken keystonecontext osapi_compute_app_v2
+
+[composite:openstack_volume_api_v1]
+use = call:nova.api.auth:pipeline_factory
+noauth = faultwrap sizelimit noauth ratelimit osapi_volume_app_v1
+keystone = faultwrap sizelimit authtoken keystonecontext ratelimit osapi_volume_app_v1
+keystone_nolimit = faultwrap sizelimit authtoken keystonecontext osapi_volume_app_v1
+
+[filter:faultwrap]
+paste.filter_factory = nova.api.openstack:FaultWrapper.factory
+
+[filter:noauth]
+paste.filter_factory = nova.api.openstack.auth:NoAuthMiddleware.factory
+
+[filter:ratelimit]
+paste.filter_factory = nova.api.openstack.compute.limits:RateLimitingMiddleware.factory
+
+[filter:sizelimit]
+paste.filter_factory = nova.api.sizelimit:RequestBodySizeLimiter.factory
+
+[app:osapi_compute_app_v2]
+paste.app_factory = nova.api.openstack.compute:APIRouter.factory
+
+[pipeline:oscomputeversions]
+pipeline = faultwrap oscomputeversionapp
+
+[app:osapi_volume_app_v1]
+paste.app_factory = nova.api.openstack.volume:APIRouter.factory
+
+[app:oscomputeversionapp]
+paste.app_factory = nova.api.openstack.compute.versions:Versions.factory
+
+[pipeline:osvolumeversions]
+pipeline = faultwrap osvolumeversionapp
+
+[app:osvolumeversionapp]
+paste.app_factory = nova.api.openstack.volume.versions:Versions.factory
+
+##########
+# Shared #
+##########
+
+[filter:keystonecontext]
+paste.filter_factory = nova.api.auth:NovaKeystoneContext.factory
+
+[filter:authtoken]
+paste.filter_factory = keystone.middleware.auth_token:filter_factory
+{% if service_host -%}
+service_protocol = {{ service_protocol }}
+service_host = {{ service_host }}
+service_port = {{ service_port }}
+auth_host = {{ auth_host }}
+auth_port = {{ auth_port }}
+auth_protocol =  {{ auth_protocol }}
+admin_tenant_name = {{ admin_tenant_name }}
+admin_user = {{ admin_user }}
+admin_password = {{ admin_password }}
+{% endif -%}
+# signing_dir is configurable, but the default behavior of the authtoken
+# middleware should be sufficient.  It will create a temporary directory
+# in the home directory for the user the nova process is running as.
+#signing_dir = /var/lib/nova/keystone-signing
+

templates/folsom/etc_quantum_api-paste.ini

@@ -0,0 +1,40 @@
+# folsom
+###############################################################################
+# [ WARNING ]
+# Configuration file maintained by Juju. Local changes may be overwritten.
+###############################################################################
+[composite:quantum]
+use = egg:Paste#urlmap
+/: quantumversions
+/v2.0: quantumapi_v2_0
+
+[composite:quantumapi_v2_0]
+use = call:quantum.auth:pipeline_factory
+noauth = extensions quantumapiapp_v2_0
+keystone = authtoken keystonecontext extensions quantumapiapp_v2_0
+
+[filter:keystonecontext]
+paste.filter_factory = quantum.auth:QuantumKeystoneContext.factory
+
+[filter:authtoken]
+paste.filter_factory = keystone.middleware.auth_token:filter_factory
+{% if service_host -%}
+service_protocol = {{ service_protocol }}
+service_host = {{ service_host }}
+service_port = {{ service_port }}
+auth_host = {{ auth_host }}
+auth_port = {{ auth_port }}
+auth_protocol =  {{ auth_protocol }}
+admin_tenant_name = {{ admin_tenant_name }}
+admin_user = {{ admin_user }}
+admin_password = {{ admin_password }}
+{% endif -%}
+
+[filter:extensions]
+paste.filter_factory = quantum.extensions.extensions:plugin_aware_extension_middleware_factory
+
+[app:quantumversions]
+paste.app_factory = quantum.api.versions:Versions.factory
+
+[app:quantumapiapp_v2_0]
+paste.app_factory = quantum.api.v2.router:APIRouter.factory

templates/folsom/etc_quantum_quantum.conf

@@ -0,0 +1,31 @@
+# folsom
+###############################################################################
+# [ WARNING ]
+# Configuration file maintained by Juju. Local changes may be overwritten.
+###############################################################################
+[DEFAULT]
+verbose = True
+debug = True
+bind_host = 0.0.0.0
+bind_port = 9696
+api_paste_config = /etc/quantum/api-paste.ini
+auth_strategy = keystone
+control_exchange = quantum
+notification_driver = quantum.openstack.common.notifier.rpc_notifier
+{% if rabbitmq_host -%}
+rabbit_host = {{ rabbitmq_host }}
+rabbit_userid = {{ rabbitmq_user }}
+rabbit_password = {{ rabbitmq_password }}
+rabbit_virtual_host = {{ rabbitmq_virtual_host }}
+{% endif -%}
+
+{% if core_plugin -%}
+# Quantum plugin provider module
+core_plugin =  {{ core_plugin }}
+{% endif -%}
+
+[QUOTAS]
+quota_driver = neutron.db.quota_db.DbQuotaDriver
+{% if neutron_security_groups -%}
+quota_items = network,subnet,port,security_group,security_group_rule
+{% endif -%}

templates/grizzly/etc_nova_api-paste.ini

@@ -0,0 +1,124 @@
+# grizzly
+###############################################################################
+# [ WARNING ]
+# Configuration file maintained by Juju. Local changes may be overwritten.
+###############################################################################
+############
+# Metadata #
+############
+[composite:metadata]
+use = egg:Paste#urlmap
+/: meta
+
+[pipeline:meta]
+pipeline = ec2faultwrap logrequest metaapp
+
+[app:metaapp]
+paste.app_factory = nova.api.metadata.handler:MetadataRequestHandler.factory
+
+#######
+# EC2 #
+#######
+
+[composite:ec2]
+use = egg:Paste#urlmap
+/services/Cloud: ec2cloud
+
+[composite:ec2cloud]
+use = call:nova.api.auth:pipeline_factory
+noauth = ec2faultwrap logrequest ec2noauth cloudrequest validator ec2executor
+keystone = ec2faultwrap logrequest ec2keystoneauth cloudrequest validator ec2executor
+
+[filter:ec2faultwrap]
+paste.filter_factory = nova.api.ec2:FaultWrapper.factory
+
+[filter:logrequest]
+paste.filter_factory = nova.api.ec2:RequestLogging.factory
+
+[filter:ec2lockout]
+paste.filter_factory = nova.api.ec2:Lockout.factory
+
+[filter:ec2keystoneauth]
+paste.filter_factory = nova.api.ec2:EC2KeystoneAuth.factory
+
+[filter:ec2noauth]
+paste.filter_factory = nova.api.ec2:NoAuth.factory
+
+[filter:cloudrequest]
+controller = nova.api.ec2.cloud.CloudController
+paste.filter_factory = nova.api.ec2:Requestify.factory
+
+[filter:authorizer]
+paste.filter_factory = nova.api.ec2:Authorizer.factory
+
+[filter:validator]
+paste.filter_factory = nova.api.ec2:Validator.factory
+
+[app:ec2executor]
+paste.app_factory = nova.api.ec2:Executor.factory
+
+#############
+# Openstack #
+#############
+
+[composite:osapi_compute]
+use = call:nova.api.openstack.urlmap:urlmap_factory
+/: oscomputeversions
+/v1.1: openstack_compute_api_v2
+/v2: openstack_compute_api_v2
+
+[composite:openstack_compute_api_v2]
+use = call:nova.api.auth:pipeline_factory
+noauth = faultwrap sizelimit noauth ratelimit osapi_compute_app_v2
+keystone = faultwrap sizelimit authtoken keystonecontext ratelimit osapi_compute_app_v2
+keystone_nolimit = faultwrap sizelimit authtoken keystonecontext osapi_compute_app_v2
+
+[filter:faultwrap]
+paste.filter_factory = nova.api.openstack:FaultWrapper.factory
+
+[filter:noauth]
+paste.filter_factory = nova.api.openstack.auth:NoAuthMiddleware.factory
+
+[filter:ratelimit]
+paste.filter_factory = nova.api.openstack.compute.limits:RateLimitingMiddleware.factory
+
+[filter:sizelimit]
+paste.filter_factory = nova.api.sizelimit:RequestBodySizeLimiter.factory
+
+[app:osapi_compute_app_v2]
+paste.app_factory = nova.api.openstack.compute:APIRouter.factory
+
+[pipeline:oscomputeversions]
+pipeline = faultwrap oscomputeversionapp
+
+[app:oscomputeversionapp]
+paste.app_factory = nova.api.openstack.compute.versions:Versions.factory
+
+##########
+# Shared #
+##########
+
+[filter:keystonecontext]
+paste.filter_factory = nova.api.auth:NovaKeystoneContext.factory
+
+[filter:authtoken]
+paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
+{% if service_host -%}
+service_protocol = {{ service_protocol }}
+service_host = {{ service_host }}
+service_port = {{ service_port }}
+auth_host = {{ auth_host }}
+auth_port = {{ auth_port }}
+auth_protocol =  {{ auth_protocol }}
+admin_tenant_name = {{ admin_tenant_name }}
+admin_user = {{ admin_user }}
+admin_password = {{ admin_password }}
+{% endif -%}
+# signing_dir is configurable, but the default behavior of the authtoken
+# middleware should be sufficient.  It will create a temporary directory
+# in the home directory for the user the nova process is running as.
+#signing_dir = /var/lib/nova/keystone-signing
+# Workaround for https://bugs.launchpad.net/nova/+bug/1154809
+auth_version = v2.0
+
+

templates/grizzly/etc_quantum_api-paste.ini

@@ -0,0 +1,36 @@
+###############################################################################
+# [ WARNING ]
+# Configuration file maintained by Juju. Local changes may be overwritten.
+###############################################################################
+[composite:quantum]
+use = egg:Paste#urlmap
+/: quantumversions
+/v2.0: quantumapi_v2_0
+
+[composite:quantumapi_v2_0]
+use = call:quantum.auth:pipeline_factory
+noauth = extensions quantumapiapp_v2_0
+keystone = authtoken keystonecontext extensions quantumapiapp_v2_0
+
+[filter:keystonecontext]
+paste.filter_factory = quantum.auth:QuantumKeystoneContext.factory
+
+[filter:authtoken]
+paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
+{% if service_host -%}
+admin_tenant_name = {{ admin_tenant_name }}
+admin_user = {{ admin_user }}
+admin_password = {{ admin_password }}
+auth_host = {{ auth_host }}
+auth_port = {{ auth_port }}
+{% endif -%}
+
+[filter:extensions]
+paste.filter_factory = quantum.api.extensions:plugin_aware_extension_middleware_factory
+
+[app:quantumversions]
+paste.app_factory = quantum.api.versions:Versions.factory
+
+[app:quantumapiapp_v2_0]
+paste.app_factory = quantum.api.v2.router:APIRouter.factory
+

templates/grizzly/ovs_quantum_plugin.ini

@@ -0,0 +1,23 @@
+# grizzly
+###############################################################################
+# [ WARNING ]
+# Configuration file maintained by Juju. Local changes may be overwritten.
+###############################################################################
+[OVS]
+tunnel_id_ranges = 1:1000
+tenant_network_type = gre
+enable_tunneling = True
+local_ip = {{ local_ip }}
+
+[DATABASE]
+{% if database_host -%}
+sql_connection = mysql://{{ database_user }}:{{ database_password }}@{{ database_host }}/{{ database }}?quantum?charset=utf8
+reconnect_interval = 2
+{% else -%}
+connection = sqlite:////var/lib/quantum/quantum.sqlite
+{% endif -%}
+
+[SECURITYGROUP]
+{% if neutron_security_groups -%}
+firewall_driver = quantum.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
+{% endif -%}

templates/grizzly/quantum.conf

@@ -0,0 +1,47 @@
+# grizzly
+###############################################################################
+# [ WARNING ]
+# Configuration file maintained by Juju. Local changes may be overwritten.
+###############################################################################
+[DEFAULT]
+state_path = /var/lib/quantum
+lock_path = $state_path/lock
+bind_host = 0.0.0.0
+{% if neutron_bind_port -%}
+bind_port = {{ neutron_bind_port }}
+{% else -%}
+bind_port = 9696
+{% endif -%}
+{% if core_plugin -%}
+core_plugin =  {{ core_plugin }}
+{% endif -%}
+api_paste_config = /etc/quantum/api-paste.ini
+auth_strategy = keystone
+control_exchange = quantum
+notification_driver = quantum.openstack.common.notifier.rpc_notifier
+default_notification_level = INFO
+notification_topics = notifications
+{% if rabbitmq_host -%}
+rabbit_host = {{ rabbitmq_host }}
+rabbit_userid = {{ rabbitmq_user }}
+rabbit_password = {{ rabbitmq_password }}
+rabbit_virtual_host = {{ rabbitmq_virtual_host }}
+{% endif -%}
+{% if neutron_security_groups -%}
+allow_overlapping_ips = True
+{% endif -%}
+
+
+[QUOTAS]
+quota_driver = quantum.db.quota_db.DbQuotaDriver
+{% if neutron_security_groups -%}
+quota_items = network,subnet,port,security_group,security_group_rule
+{% endif -%}
+
+[DEFAULT_SERVICETYPE]
+
+[AGENT]
+root_helper = sudo quantum-rootwrap /etc/quantum/rootwrap.conf
+
+[keystone_authtoken]
+# auth_token middleware currently set in /etc/quantum/api-paste.ini

templates/havana/ovs_neutron_plugin.ini

@@ -23,5 +23,5 @@ auth_protocol =  {{ auth_protocol }}
 admin_tenant_name = {{ admin_tenant_name }}
 admin_user = {{ admin_user }}
 admin_password = {{ admin_password }}
-signing_dir = /var/lib/cinder
+signing_dir = /var/lib/neutron
 {% endif -%}

templates/nova.conf

@@ -57,3 +57,8 @@ nova_firewall_driver = nova.virt.firewall.NoopFirewallDriver
 {{ key }} = {{ value }}
 {% endfor -%}
 {% endif -%}
+{% if listen_ports -%}
+{% for key, value in listen_ports.iteritems() -%}
+{{ key }} = {{ value }}
+{% endfor -%}
+{% endif -%}

unit_tests/test_nova_cc_utils.py

@@ -14,8 +14,8 @@ hookenv.config = _conf
 TO_PATCH = [
     'config',
     'log',
-    'get_os_codename_package',
     'network_manager',
+    'os_release',
     'relation_ids',
     'remote_unit',
     '_save_script_rc',
@@ -145,16 +145,16 @@ class NovaCCUtilsTests(CharmTestCase):
         self._save_script_rc.called_with(**_ex)
 
     def test_determine_volume_service_essex(self):
-        self.get_os_codename_package.return_value = 'essex'
+        self.os_release.return_value = 'essex'
         self.assertEquals('nova-volume', utils.volume_service())
 
     def test_determine_volume_service_folsom_cinder(self):
-        self.get_os_codename_package.return_value = 'folsom'
+        self.os_release.return_value = 'folsom'
         self.relation_ids.return_value = ['cinder:0']
         self.assertEquals('cinder', utils.volume_service())
 
     def test_determine_volume_service_folsom_nova_vol(self):
-        self.get_os_codename_package.return_value = 'folsom'
+        self.os_release.return_value = 'folsom'
         self.relation_ids.return_value = []
         self.assertEquals('nova-volume', utils.volume_service())
 
@@ -203,8 +203,9 @@ class NovaCCUtilsTests(CharmTestCase):
     def test_ssh_directory_for_unit(self, isdir, mkdir):
         self.remote_unit.return_value = 'nova-compute/0'
         isdir.return_value = False
-        self.assertEquals(utils.ssh_directory_for_unit(),
-                          '/etc/nova/compute_ssh/nova-compute')
+        with patch_open() as (_open, _file):
+            self.assertEquals(utils.ssh_directory_for_unit(),
+                              '/etc/nova/compute_ssh/nova-compute')
 
     @patch.object(utils, 'ssh_directory_for_unit')
     def test_known_hosts(self, ssh_dir):
@@ -264,7 +265,7 @@ class NovaCCUtilsTests(CharmTestCase):
 
     def test_network_manager_untranslated(self):
         self.test_config.set('network-manager', 'foo')
-        self.get_os_codename_package.return_value = 'folsom'
+        self.os_release.return_value = 'folsom'
 
     def test_determine_endpoints_base(self):
         self.relation_ids.return_value = []