openstack
/
cookbook-openstack-network
Code Issues Proposed changes

Stein fixes 

- Cookstyle fixes
- Refactor Berksfile to use groups so we can exclude integration testing
  cookbooks
- Update documentation
- Cleanup line wraps
- Enable sensitive resources for the template[/etc/neutron/neutron.conf] and
  template[/etc/neutron/metadata_agent.ini] to resources improve security.
- Update delivery configuration to exclude integration cookbooks
- Fix ChefSpec output.
- Update lbaas recipe to use v2 agent driver.
- Add recommended configuration settings to neutron.conf based in Stein
  installation docs.
- Remove any resources that define the default action.
- Switch package installations to send packages as arrays instead of individual
  package resources. This generally speeds up chef runs.
- Manage /etc/neutron/neutron_lbaas.conf so we can set service_provider
  properly.
- Add some missing ChefSpec tests.
- Configure neutron_lbaas.conf on Ubuntu in a manner that allows it to properly
  pull in the configuration via the --config-dir option. This is due to the fact
  we need to set an additional [service_providers] service_provider line and we
  can't do that with hashes.
- Remove FWaaS as it's unmaintained upstream.

Depends-On: https://review.opendev.org/701027
Depends-On: https://review.opendev.org/706151
Change-Id: Id29884766440d37fa18fd62f3f93eecc22224d51
This commit is contained in:
Lance Albertson 2020-02-13 16:39:40 -08:00
parent 95e7167f78
commit cb26946e73
50 changed files with 937 additions and 705 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
.delivery/project.toml
View File

@ -1 +1,9 @@
remote_file = "https://raw.githubusercontent.com/chef-cookbooks/community_cookbook_tools/master/delivery/project.toml"
[local_phases]
unit = 'rspec spec/'
lint = 'cookstyle --display-cop-names --extra-details'
syntax = "berks install -e integration"
provision = "echo skipping"
deploy = "echo skipping"
smoke = "echo skipping"
functional = "echo skipping"
cleanup = "echo skipping"

16
.rubocop.yml
View File

@ -1,5 +1,3 @@
inherit_from: .rubocop_todo.yml
AllCops:
Include:
- metadata.rb
@ -14,17 +12,3 @@ AllCops:
- .cookbooks/**/*
- berks-cookbooks/**/*
- .bundle/**/*
Encoding:
Exclude:
- metadata.rb
- Gemfile
NumericLiterals:
Enabled: false
LineLength:
Enabled: false
WordArray:
MinSize: 3

21
.rubocop_todo.yml
View File

@ -1,21 +0,0 @@
# This configuration was generated by
# `rubocop --auto-gen-config`
# on 2018-08-03 05:26:05 -0700 using RuboCop version 0.55.0.
# The point is for the user to remove these configuration records
# one by one as the offenses are removed from the code base.
# Note that changes in the inspected code, or installation of new
# versions of RuboCop, may require this file to be generated again.
# Offense count: 5
# Cop supports --auto-correct.
Style/IfUnlessModifier:
Exclude:
- 'attributes/neutron_conf.rb'
- 'recipes/default.rb'
- 'recipes/l3_agent.rb'
# Offense count: 135
# Configuration parameters: AllowHeredoc, AllowURI, URISchemes, IgnoreCopDirectives, IgnoredPatterns.
# URISchemes: http, https
Metrics/LineLength:
Max: 202

24
Berksfile
View File

@ -2,20 +2,20 @@ source 'https://supermarket.chef.io'
solver :ruby, :required
%w(
client
-common
-dns
-identity
-image
-integration-test
-ops-database
-ops-messaging
).each do |cookbook|
[
%w(client dep),
%w(-common dep),
%w(-dns integration),
%w(-identity dep),
%w(-image integration),
%w(-integration-test integration),
%w(-ops-database integration),
%w(-ops-messaging integration),
].each do |cookbook, group|
if Dir.exist?("../cookbook-openstack#{cookbook}")
cookbook "openstack#{cookbook}", path: "../cookbook-openstack#{cookbook}"
cookbook "openstack#{cookbook}", path: "../cookbook-openstack#{cookbook}", group: group
else
cookbook "openstack#{cookbook}", git: "https://opendev.org/openstack/cookbook-openstack#{cookbook}"
cookbook "openstack#{cookbook}", git: "https://opendev.org/openstack/cookbook-openstack#{cookbook}", group: group
end
end

19
README.rst
View File

@ -25,9 +25,9 @@ handle L2 and L3 networking for various hardware vendors and standards.
Requirements
============
- Chef 14 or higher
- ChefDK 3.2.30 for testing (also includes Berkshelf for cookbook
dependency resolution)
- Chef 15 or higher
- Chef Workstation 0.15.18 for testing (also includes Berkshelf for
cookbook dependency resolution)
Platform
========
@ -42,8 +42,8 @@ Cookbooks
The following cookbooks are dependencies:
- 'openstackclient'
- 'openstack-common', '>= 18.0.0'
- 'openstack-identity', '>= 18.0.0'
- 'openstack-common', '>= 19.0.0'
- 'openstack-identity', '>= 19.0.0'
Attributes
==========
@ -87,13 +87,6 @@ attributes in using the same template as for the ``neutron.conf``
node['openstack']['network_dhcp']['conf']
openstack-network::fwaas
------------------------
**This is a 'work in progress' recipe and is currently not tested**
- Installs the Firewall as a Service
openstack-network::identity_registration
----------------------------------------
@ -244,7 +237,7 @@ License and Author
+-----------------+--------------------------------------------------+
| **Copyright** | Copyright (c) 2016, cloudbau GmbH |
+-----------------+--------------------------------------------------+
| **Copyright** | Copyright (c) 2016-2019, Oregon State University |
| **Copyright** | Copyright (c) 2016-2020, Oregon State University |
+-----------------+--------------------------------------------------+
Licensed under the Apache License, Version 2.0 (the "License"); you may

196
attributes/default.rb
View File

@ -1,10 +1,11 @@
# encoding: UTF-8
#
# Cookbook Name:: openstack-network
# Cookbook:: openstack-network
# Attributes:: default
#
# Copyright 2013, AT&T
# Copyright 2014, IBM Corp.
# Copyright:: 2013, AT&T
# Copyright:: 2014, IBM Corp.
# Copyright:: 2016-2020, Oregon State University
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@ -127,10 +128,8 @@ node.default['openstack']['network_metadata']['conf'] = {}
default['openstack']['network_metering']['config_file'] = '/etc/neutron/metering_agent.ini'
default['openstack']['network_metering']['conf'].tap do |conf|
conf['DEFAULT']['interface_driver'] =
'neutron.agent.linux.interface.OVSInterfaceDriver'
conf['DEFAULT']['driver'] =
'neutron.services.metering.drivers.iptables.iptables_driver.IptablesMeteringDriver'
conf['DEFAULT']['interface_driver'] = 'neutron.agent.linux.interface.OVSInterfaceDriver'
conf['DEFAULT']['driver'] = 'neutron.services.metering.drivers.iptables.iptables_driver.IptablesMeteringDriver'
end
# ============================= LBaaS Agent Configuration ==================
@ -138,12 +137,22 @@ end
# ['default']['service_plugins']
# Set to true to enable lbaas
default['openstack']['network_lbaas']['enabled'] = false
# Custom the lbaas config file path
default['openstack']['network_lbaas']['config_file'] = '/etc/neutron/lbaas_agent.ini'
# Custom the lbaas neutron config file path
default['openstack']['network_lbaas']['config_file'] =
case node['platform_family']
when 'rhel'
'/etc/neutron/neutron_lbaas.conf'
when 'debian'
'/etc/neutron/conf.d/neutron-server/neutron_lbaas.conf'
end
default['openstack']['network_lbaas']['conf'].tap do |conf|
conf['DEFAULT']['periodic_interval'] = 10
conf['DEFAULT']['ovs_use_veth'] = false
conf['DEFAULT']['interface_driver'] = 'neutron.agent.linux.interface.OVSInterfaceDriver'
conf['service_providers']['service_provider'] =
'LOADBALANCERV2:Haproxy:neutron_lbaas.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default'
end
# Custom the lbaas agent config file path
default['openstack']['network_lbaas_agent']['config_file'] = '/etc/neutron/lbaas_agent.ini'
default['openstack']['network_lbaas_agent']['conf'].tap do |conf|
conf['DEFAULT']['interface_driver'] = 'openvswitch'
conf['DEFAULT']['device_driver'] = 'neutron_lbaas.drivers.haproxy.namespace_driver.HaproxyNSDriver'
case node['platform_family']
when 'fedora', 'rhel'
@ -153,112 +162,93 @@ default['openstack']['network_lbaas']['conf'].tap do |conf|
end
end
# ============================= FWaaS Configuration ==================
# To enable 'firewall' as service_plugin, you need to add it to neutron.conf
# ['default']['service_plugins']
# Set to True to enable firewall service
default['openstack']['network_fwaas']['enabled'] = false
# Firewall service driver with linux iptables
default['openstack']['network_fwaas']['conf'].tap do |conf|
conf['fwaas']['driver'] = 'neutron_fwaas.services.firewall.service_drivers.agents.drivers.linux.iptables_fwaas.IptablesFwaasDriver'
end
# Customize the fwaas config file path
default['openstack']['network_fwaas']['config_file'] = '/etc/neutron/fwaas_driver.ini'
# ============================= platform-specific settings ===========
default['openstack']['network']['platform'].tap do |platform|
platform['user'] = 'neutron'
platform['group'] = 'neutron'
platform['neutron_dhcp_agent_service'] =
'neutron-dhcp-agent'
platform['neutron_l3_agent_service'] =
'neutron-l3-agent'
platform['neutron_lb_agent_service'] =
'neutron-lbaasv2-agent'
platform['neutron_metadata_agent_service'] =
'neutron-metadata-agent'
platform['neutron_metering_agent_service'] =
'neutron-metering-agent'
platform['neutron_server_service'] =
'neutron-server'
platform['neutron_rpc_server_service'] =
'neutron-rpc-server'
platform['neutron_dhcp_agent_service'] = 'neutron-dhcp-agent'
platform['neutron_l3_agent_service'] = 'neutron-l3-agent'
platform['neutron_lb_agent_service'] = 'neutron-lbaasv2-agent'
platform['neutron_metadata_agent_service'] = 'neutron-metadata-agent'
platform['neutron_metering_agent_service'] = 'neutron-metering-agent'
platform['neutron_server_service'] = 'neutron-server'
platform['neutron_rpc_server_service'] = 'neutron-rpc-server'
case node['platform_family']
when 'fedora', 'rhel' # :pragma-foodcritic: ~FC024 - won't fix this
platform['neutron_packages'] =
%w(openstack-neutron openstack-neutron-ml2 iproute)
platform['neutron_dhcp_packages'] =
%w(openstack-neutron iproute)
%w(
ebtables
iproute
openstack-neutron
openstack-neutron-ml2
)
platform['neutron_dhcp_packages'] = %w(openstack-neutron iproute)
platform['neutron_l3_packages'] =
%w(openstack-neutron iproute radvd keepalived)
platform['neutron_plugin_package'] =
'neutron-plugin-ml2'
platform['neutron_fwaas_packages'] =
%w()
%w(
iproute
keepalived
openstack-neutron
radvd
)
platform['neutron_plugin_package'] = 'neutron-plugin-ml2'
platform['neutron_lbaas_packages'] =
%w(openstack-neutron-lbaas haproxy iproute)
platform['neutron_lbaas_python_dependencies'] =
%w(python-neutron-lbaas)
platform['neutron_openvswitch_packages'] =
%w(openvswitch)
platform['neutron_openvswitch_agent_packages'] =
%w(openstack-neutron-openvswitch iproute)
platform['neutron_linuxbridge_agent_packages'] =
%w(openstack-neutron-linuxbridge iproute)
platform['neutron_linuxbridge_agent_service'] =
'neutron-linuxbridge-agent'
platform['neutron_metadata_agent_packages'] =
%w()
platform['neutron_metering_agent_packages'] =
%w(openstack-neutron-metering-agent)
platform['neutron_server_packages'] =
%w()
platform['neutron_openvswitch_service'] =
'openvswitch'
platform['neutron_openvswitch_agent_service'] =
'neutron-openvswitch-agent'
platform['package_overrides'] =
''
%w(
haproxy
iproute
openstack-neutron-lbaas
)
platform['neutron_lbaas_python_dependencies'] = %w(python-neutron-lbaas)
platform['neutron_openvswitch_packages'] = %w(openvswitch)
platform['neutron_openvswitch_agent_packages'] = %w(openstack-neutron-openvswitch iproute)
platform['neutron_linuxbridge_agent_packages'] = %w(openstack-neutron-linuxbridge iproute)
platform['neutron_linuxbridge_agent_service'] = 'neutron-linuxbridge-agent'
platform['neutron_metadata_agent_packages'] = []
platform['neutron_metering_agent_packages'] = %w(openstack-neutron-metering-agent)
platform['neutron_server_packages'] = []
platform['neutron_openvswitch_service'] = 'openvswitch'
platform['neutron_openvswitch_agent_service'] = 'neutron-openvswitch-agent'
platform['package_overrides'] = ''
when 'debian'
platform['neutron_packages'] =
%w(neutron-common python3-neutron)
platform['neutron_dhcp_packages'] =
%w(neutron-dhcp-agent)
platform['neutron_packages'] = %w(neutron-common python3-neutron)
platform['neutron_dhcp_packages'] = %w(neutron-dhcp-agent)
platform['neutron_l3_packages'] =
%w(python3-neutron-fwaas neutron-l3-agent radvd keepalived)
platform['neutron_fwaas_packages'] =
%w(python3-neutron-fwaas)
%w(
keepalived
neutron-l3-agent
radvd
)
platform['neutron_lbaas_packages'] =
%w(python3-neutron-lbaas neutron-lbaas-common neutron-lbaasv2-agent haproxy)
platform['neutron_lbaas_python_dependencies'] =
%w(python3-neutron-lbaas)
platform['neutron_openvswitch_packages'] =
%w(openvswitch-switch bridge-utils)
%w(
haproxy
neutron-lbaas-common
neutron-lbaasv2-agent
python3-neutron-lbaas
)
platform['neutron_lbaas_python_dependencies'] = %w(python3-neutron-lbaas)
platform['neutron_openvswitch_packages'] = %w(openvswitch-switch bridge-utils)
platform['neutron_openvswitch_build_packages'] =
%w(
build-essential pkg-config fakeroot
libssl-dev openssl debhelper
autoconf dkms python-all
python-qt4 python-zopeinterface
autoconf
build-essential
debhelper
dkms
fakeroot
libssl-dev
openssl
pkg-config
python-all
python-qt4
python-twisted-conch
python-zopeinterface
)
platform['neutron_openvswitch_agent_packages'] =
%w(neutron-openvswitch-agent)
platform['neutron_linuxbridge_agent_packages'] =
%w(neutron-plugin-linuxbridge neutron-plugin-linuxbridge-agent)
platform['neutron_linuxbridge_agent_service'] =
'neutron-plugin-linuxbridge-agent'
platform['neutron_metadata_agent_packages'] =
%w(neutron-metadata-agent)
platform['neutron_metering_agent_packages'] =
%w(neutron-metering-agent)
platform['neutron_server_packages'] =
%w(neutron-server)
platform['neutron_openvswitch_service'] =
'openvswitch-switch'
platform['neutron_openvswitch_agent_service'] =
'neutron-openvswitch-agent'
platform['package_overrides'] =
''
platform['neutron_openvswitch_agent_packages'] = %w(neutron-openvswitch-agent)
platform['neutron_linuxbridge_agent_packages'] = %w(neutron-plugin-linuxbridge neutron-plugin-linuxbridge-agent)
platform['neutron_linuxbridge_agent_service'] = 'neutron-plugin-linuxbridge-agent'
platform['neutron_metadata_agent_packages'] = %w(neutron-metadata-agent)
platform['neutron_metering_agent_packages'] = %w(neutron-metering-agent)
platform['neutron_server_packages'] = %w(neutron-server)
platform['neutron_openvswitch_service'] = 'openvswitch-switch'
platform['neutron_openvswitch_agent_service'] = 'neutron-openvswitch-agent'
platform['package_overrides'] = ''
end
end

15
attributes/neutron_conf.rb
View File

@ -11,6 +11,17 @@ default['openstack']['network']['conf'].tap do |conf|
end
conf['DEFAULT']['control_exchange'] = 'neutron'
conf['DEFAULT']['core_plugin'] = 'ml2'
if node['openstack']['network_lbaas']['enabled']
conf['DEFAULT']['service_plugins'] =
if conf['DEFAULT']['service_plugins'].empty?
'neutron_lbaas.services.loadbalancer.plugin.LoadBalancerPluginv2'
else
[
'neutron_lbaas.services.loadbalancer.plugin.LoadBalancerPluginv2',
conf['DEFAULT']['service_plugins'],
].flatten.sort.join(',')
end
end
# [agent] section
if node['openstack']['network']['use_rootwrap']
@ -18,7 +29,7 @@ default['openstack']['network']['conf'].tap do |conf|
end
# [keystone_authtoken] section
conf['keystone_authtoken']['auth_type'] = 'v3password'
conf['keystone_authtoken']['auth_type'] = 'password'
conf['keystone_authtoken']['region_name'] = node['openstack']['region']
conf['keystone_authtoken']['username'] = 'neutron'
conf['keystone_authtoken']['user_domain_name'] = 'Default'
@ -26,7 +37,7 @@ default['openstack']['network']['conf'].tap do |conf|
conf['keystone_authtoken']['project_name'] = 'service'
conf['keystone_authtoken']['auth_version'] = 'v3'
# [nova] section
conf['nova']['auth_type'] = 'v3password'
conf['nova']['auth_type'] = 'password'
conf['nova']['region_name'] = node['openstack']['region']
conf['nova']['username'] = 'nova'
conf['nova']['user_domain_name'] = 'Default'

25
metadata.rb
View File

@ -3,33 +3,16 @@ maintainer 'openstack-chef'
maintainer_email 'openstack-discuss@lists.openstack.org'
license 'Apache-2.0'
description 'Installs and configures the OpenStack Network API Service and various agents and plugins'
version '18.0.0'
recipe 'openstack-network::_bridge_config_example', 'Example bridge recipe used in kitchen tests'
recipe 'openstack-network::db_migration', 'Migrates the neutron database'
recipe 'openstack-network::default', 'Configures common pieces needed for all neutron services and create the neutron.conf'
recipe 'openstack-network::dhcp_agent', 'Installs the DHCP agent'
recipe 'openstack-network::fwaas', 'Installs the Firewall as a Service'
recipe 'openstack-network::identity_registration', 'Registers the OpenStack Network API endpoint and service user with Keystone'
recipe 'openstack-network::l3_agent', 'Installs the L3 agent'
recipe 'openstack-network::lbaas', 'Installs the Loadbalancer as a Service'
recipe 'openstack-network::metadata_agent', 'Installs the metadata agent'
recipe 'openstack-network::metering_agent', 'Installs the metering agent'
recipe 'openstack-network::ml2_core_plugin', 'Configure the ml2_core_plugin'
recipe 'openstack-network::ml2_linuxbridge', 'Configure the ml2 linuxbridge plugin'
recipe 'openstack-network::ml2_openvswitch', 'Configure the ml2 openvswitch plugin'
recipe 'openstack-network::openvswitch', 'Installs openvswitch'
recipe 'openstack-network::openvswitch_agent', 'Installs the openvswitch agent'
recipe 'openstack-network::plugin_config', 'Generates all the needed plugin configurations directly from the attributes'
version '19.0.0'
%w(ubuntu redhat centos).each do |os|
supports os
end
depends 'openstackclient'
depends 'openstack-common', '>= 18.0.0'
depends 'openstack-identity', '>= 18.0.0'
depends 'openstack-common', '>= 19.0.0'
depends 'openstack-identity', '>= 19.0.0'
issues_url 'https://launchpad.net/openstack-chef'
source_url 'https://opendev.org/openstack/cookbook-openstack-network'
chef_version '>= 14.0'
chef_version '>= 15.0'

51
recipes/_bridge_config_example.rb
View File

@ -1,8 +1,10 @@
# Encoding: utf-8
#
# Cookbook Name:: openstack-network
# Cookbook:: openstack-network
# Recipe:: _bridge_config_example
#
# Copyright:: 2020, Oregon State University
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
@ -41,21 +43,27 @@ tun_interface = node['openstack']['network']['tun_network_bridge_interface']
# This needs to be done during compile time to ensure that the address_for
# method used lateron works
execute 'create eth-ext dummy interface' do
command 'ip link add eth-ext type dummy;'\
'ip link set dev eth-ext up'
command <<-EOF
ip link add eth-ext type dummy
ip link set dev eth-ext up
EOF
not_if 'ip link show | grep eth-ext'
end.run_action(:run)
execute 'create eth-vlan dummy interface' do
command 'ip link add eth-vlan type dummy;'\
'ip link set dev eth-vlan up'
command <<-EOF
ip link add eth-vlan type dummy
ip link set dev eth-vlan up
EOF
not_if 'ip link show | grep eth-vlan'
end.run_action(:run)
execute "create #{tun_interface} dummy interface" do
command "ip link add #{tun_interface} type dummy;"\
"ip link set dev #{tun_interface} up;"\
"ip addr add 10.0.0.201/24 dev #{tun_interface}"
command <<-EOF
ip link add #{tun_interface} type dummy
ip link set dev #{tun_interface} up
ip addr add 10.0.0.201/24 dev #{tun_interface}
EOF
not_if "ip link show | grep #{tun_interface}"
end.run_action(:run)
@ -65,59 +73,48 @@ ohai('reload').run_action(:reload)
# set all the needed attributes according to the dummy interfaces added above
# vlan bridge
node.default['openstack']['network']['vlan_network_bridge_interface'] = 'eth-vlan'
node.default['openstack']['network']['plugins']['openvswitch']['conf']
.[]('OVS')['bridge_mappings'] = 'vlan:br-vlan,external:br-ex'
node.default['openstack']['network']['plugins']['openvswitch']['conf'].[]('OVS')['bridge_mappings'] =
'vlan:br-vlan,external:br-ex'
# external bridge
node.default['openstack']['network_l3']['external_network_bridge_interface'] = 'eth-ext'
# tunnel bridge
node.default['openstack']['network']['plugins']['openvswitch']['conf']
.[]('OVS')['tunnel_bridge'] = 'br-tun'
node.default['openstack']['network']['plugins']['openvswitch']['conf']
.[]('OVS')['local_ip'] =
node.default['openstack']['network']['plugins']['openvswitch']['conf'].[]('OVS')['tunnel_bridge'] = 'br-tun'
node.default['openstack']['network']['plugins']['openvswitch']['conf'].[]('OVS')['local_ip'] =
address_for(tun_interface)
node.default['openstack']['network']['plugins']['openvswitch']['conf']
.[]('AGENT')['tunnel_types'] = 'gre,vxlan'
node.default['openstack']['network']['plugins']['openvswitch']['conf'].[]('AGENT')['tunnel_types'] = 'gre,vxlan'
# ovs security groups
node.default['openstack']['network']['plugins']['openvswitch']['conf']
.[]('SECURITYGROUP')['firewall_driver'] =
node.default['openstack']['network']['plugins']['openvswitch']['conf'].[]('SECURITYGROUP')['firewall_driver'] =
'neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver'
# define variables for bridge definitions below
ex_bridge_iface = node['openstack']['network_l3']['external_network_bridge_interface']
vlan_bridge_iface = node['openstack']['network']['vlan_network_bridge_interface']
tun_bridge = node['openstack']['network']['plugins']['openvswitch']['conf']
.[]('OVS')['tunnel_bridge']
tun_bridge = node['openstack']['network']['plugins']['openvswitch']['conf'].[]('OVS')['tunnel_bridge']
# get the bridge names from the ovs bridge_mappings
mappings = node['openstack']['network']['plugins']['openvswitch']['conf']
.[]('OVS')['bridge_mappings'].split(',')
mappings = node['openstack']['network']['plugins']['openvswitch']['conf'].[]('OVS')['bridge_mappings'].split(',')
vlan_bridge = mappings.find { |mapping| mapping.split(':').first == 'vlan' }.split(':').last
ex_bridge = mappings.find { |mapping| mapping.split(':').first == 'external' }.split(':').last
execute 'create external network bridge' do
command "ovs-vsctl --may-exist add-br #{ex_bridge}"
action :run
end
execute 'create external network bridge port' do
command "ovs-vsctl --may-exist add-port #{ex_bridge} #{ex_bridge_iface}"
action :run
end
execute 'create vlan network bridge' do
command "ovs-vsctl --may-exist add-br #{vlan_bridge}"
action :run
end
execute 'create vlan network bridge port' do
command "ovs-vsctl --may-exist add-port #{vlan_bridge} #{vlan_bridge_iface}"
action :run
end
execute 'create tunnel network bridge' do
command "ovs-vsctl --may-exist add-br #{tun_bridge}"
action :run
end

35
recipes/db_migration.rb
View File

@ -1,9 +1,10 @@
# encoding: UTF-8
#
# Cookbook Name:: openstack-network
# Cookbook:: openstack-network
# Recipe:: db_migration
#
# Copyright 2015, IBM Corp.
# Copyright:: 2015, IBM Corp.
# Copyright:: 2020, Oregon State University
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@ -21,30 +22,18 @@
plugin_config_file = node['openstack']['network']['core_plugin_config_file']
timeout = node['openstack']['network']['dbsync_timeout']
# The node['openstack']['network']['plugin_config_file'] attribute is set in the default.rb recipe
bash 'migrate network database' do
execute 'migrate network database' do
timeout timeout
migrate_command = 'neutron-db-manage --config-file /etc/neutron/neutron.conf'
code <<-EOF
#{migrate_command} upgrade head
EOF
end
# Only if the fwaas is enabled, migrate the database.
bash 'migrate fwaas database' do
only_if { node['openstack']['network_fwaas']['enabled'] }
timeout timeout
migrate_command = "neutron-db-manage --subproject neutron-fwaas --config-file /etc/neutron/neutron.conf --config-file #{plugin_config_file}"
code <<-EOF
#{migrate_command} upgrade head
EOF
command <<-EOF.gsub(/^ {4}/, '')
neutron-db-manage --config-file /etc/neutron/neutron.conf upgrade head
EOF
end
# Only if the lbaas is enabled, migrate the database.
bash 'migrate lbaas database' do
only_if { node['openstack']['network_lbaas']['enabled'] }
execute 'migrate lbaas database' do
timeout timeout
migrate_command = "neutron-db-manage --subproject neutron-lbaas --config-file /etc/neutron/neutron.conf --config-file #{plugin_config_file}"
code <<-EOF
#{migrate_command} upgrade head
EOF
command <<-EOF.gsub(/^ {4}/, '')
neutron-db-manage --subproject neutron-lbaas --config-file /etc/neutron/neutron.conf --config-file #{plugin_config_file} upgrade head
EOF
only_if { node['openstack']['network_lbaas']['enabled'] }
end

52
recipes/default.rb
View File

@ -1,11 +1,12 @@
# Encoding: utf-8
#
# Cookbook Name:: openstack-network
# Cookbook:: openstack-network
# Recipe:: default
#
# Copyright 2013, AT&T
# Copyright 2013-2014, SUSE Linux GmbH
# Copyright 2013-2014, IBM Corp.
# Copyright:: 2013, AT&T
# Copyright:: 2013-2014, SUSE Linux GmbH
# Copyright:: 2013-2014, IBM Corp.
# Copyright:: 2020, Oregon State University
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@ -33,19 +34,16 @@ if node['openstack']['network']['syslog']['use']
include_recipe 'openstack-common::logging'
end
platform_options['neutron_packages'].each do |pkg|
package pkg do
options platform_options['package_overrides']
action :upgrade
end
package platform_options['neutron_packages'] do
options platform_options['package_overrides']
action :upgrade
end
db_type = node['openstack']['db']['network']['service_type']
node['openstack']['db']['python_packages'][db_type].each do |pkg|
package pkg do
options platform_options['package_overrides']
action :upgrade
end
package node['openstack']['db']['python_packages'][db_type] do
options platform_options['package_overrides']
action :upgrade
end
template '/etc/neutron/rootwrap.conf' do
@ -53,7 +51,7 @@ template '/etc/neutron/rootwrap.conf' do
cookbook 'openstack-common'
owner node['openstack']['network']['platform']['user']
group node['openstack']['network']['platform']['group']
mode 0o0644
mode '644'
variables(
service_config: node['openstack']['network']['rootwrap']['conf']
)
@ -64,8 +62,7 @@ cookbook_file '/usr/bin/neutron-enable-bridge-firewall.sh' do
owner 'root'
group 'wheel'
mode '0755'
action :create
only_if { node['platform_family'] == 'rhel' }
only_if { platform_family?('rhel') }
end
if node['openstack']['mq']['service_type'] == 'rabbit'
@ -80,31 +77,21 @@ db_pass = get_password 'db', 'neutron'
bind_service = node['openstack']['bind_service']['all']['network']
bind_service_address = bind_address bind_service
# The auth_url in nova section follows auth_type
nova_auth_url = nil
case node['openstack']['network']['conf']['nova']['auth_type']
when 'v3password'
nova_auth_url = auth_url
end
node.default['openstack']['network']['conf'].tap do |conf|
if node['openstack']['network']['syslog']['use']
conf['DEFAULT']['log_config'] = '/etc/openstack/logging.conf'
end
conf['DEFAULT']['bind_host'] = bind_service_address
conf['DEFAULT']['bind_port'] = bind_service['port']
conf['nova']['auth_url'] = nova_auth_url if nova_auth_url
conf['nova']['auth_url'] = auth_url
conf['keystone_authtoken']['auth_url'] = auth_url
end
# define secrets that are needed in the neutron.conf.erb
node.default['openstack']['network']['conf_secrets'].tap do |conf_secrets|
conf_secrets['database']['connection'] =
db_uri('network', db_user, db_pass)
conf_secrets['nova']['password'] =
get_password 'service', 'openstack-compute'
conf_secrets['keystone_authtoken']['password'] =
get_password 'service', 'openstack-network'
conf_secrets['database']['connection'] = db_uri('network', db_user, db_pass)
conf_secrets['nova']['password'] = get_password 'service', 'openstack-compute'
conf_secrets['keystone_authtoken']['password'] = get_password 'service', 'openstack-network'
end
# merge all config options and secrets to be used in the neutron.conf.erb
@ -115,7 +102,8 @@ template '/etc/neutron/neutron.conf' do
cookbook 'openstack-common'
owner node['openstack']['network']['platform']['user']
group node['openstack']['network']['platform']['group']
mode 0o0640
mode '640'
sensitive true
variables(
service_config: neutron_conf_options
)

22
recipes/dhcp_agent.rb
View File

@ -1,9 +1,10 @@
# Encoding: utf-8
#
# Cookbook Name:: openstack-network
# Cookbook:: openstack-network
# Recipe:: dhcp_agent
#
# Copyright 2013, AT&T
# Copyright:: 2013, AT&T
# Copyright:: 2020, Oregon State University
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@ -22,11 +23,9 @@ include_recipe 'openstack-network'
platform_options = node['openstack']['network']['platform']
platform_options['neutron_dhcp_packages'].each do |pkg|
package pkg do
options platform_options['package_overrides']
action :upgrade
end
package platform_options['neutron_dhcp_packages'] do
options platform_options['package_overrides']
action :upgrade
end
# TODO: (jklare) this should be refactored and probably pull in the some dnsmasq
@ -35,7 +34,7 @@ template '/etc/neutron/dnsmasq.conf' do
source 'dnsmasq.conf.erb'
owner node['openstack']['network']['platform']['user']
group node['openstack']['network']['platform']['group']
mode 0o0644
mode '644'
end
service_config = merge_config_options 'network_dhcp'
@ -44,7 +43,7 @@ template node['openstack']['network_dhcp']['config_file'] do
cookbook 'openstack-common'
owner node['openstack']['network']['platform']['user']
group node['openstack']['network']['platform']['group']
mode 0o0644
mode '644'
variables(
service_config: service_config
)
@ -52,8 +51,7 @@ end
# TODO: (jklare) this should be refactored and probably pull in the some dnsmasq
# cookbook to do the proper configuration
case node['platform']
when 'centos'
if platform?('centos')
rpm_package 'dnsmasq' do
action :upgrade
end
@ -65,7 +63,7 @@ service 'neutron-dhcp-agent' do
action [:enable, :start]
subscribes :restart, [
'template[/etc/neutron/neutron.conf]',
'template [/etc/neutron/dnsmasq.conf]',
'template[/etc/neutron/dnsmasq.conf]',
"template[#{node['openstack']['network_dhcp']['config_file']}]",
'rpm_package[dnsmasq]',
]

53
recipes/fwaas.rb
View File

@ -1,53 +0,0 @@
# Encoding: utf-8
#
# Cookbook Name:: openstack-network
# Recipe:: fwaas
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
include_recipe 'openstack-network'
# Make Openstack object available in Chef::Recipe
class ::Chef::Recipe
include ::Openstack
end
platform_options = node['openstack']['network']['platform']
platform_options['neutron_fwaas_packages'].each do |pkg|
package pkg do
options platform_options['package_overrides']
action :upgrade
end
end
node.default['openstack']['network_fwaas']['conf'].tap do |conf|
conf['fwaas']['enabled'] = 'True'
end
node.default['openstack']['network_l3']['conf'].tap do |conf|
conf['AGENT']['extensions'] = 'fwaas'
end
# As the fwaas package will be installed anyway, configure its config-file attributes following environment.
service_conf = merge_config_options 'network_fwaas'
template node['openstack']['network_fwaas']['config_file'] do
source 'openstack-service.conf.erb'
cookbook 'openstack-common'
owner node['openstack']['network']['platform']['user']
group node['openstack']['network']['platform']['group']
mode 0o0640
variables(
service_config: service_conf
)
end

23
recipes/identity_registration.rb
View File

@ -1,10 +1,11 @@
# Encoding: utf-8
#
# Cookbook Name:: openstack-network
# Cookbook:: openstack-network
# Recipe:: identity_registration
#
# Copyright 2013, AT&T
# Copyright 2013, SUSE Linux GmbH
# Copyright:: 2013, AT&T
# Copyright:: 2013, SUSE Linux GmbH
# Copyright:: 2019-2020, Oregon State University
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@ -35,11 +36,9 @@ interfaces = {
}
service_pass = get_password 'service', 'openstack-network'
service_tenant_name =
node['openstack']['network']['conf']['keystone_authtoken']['project_name']
service_tenant_name = node['openstack']['network']['conf']['keystone_authtoken']['project_name']
service_user =
node['openstack']['network']['conf']['keystone_authtoken']['username']
service_user = node['openstack']['network']['conf']['keystone_authtoken']['username']
service_role = node['openstack']['network']['service_role']
service_domain_name = node['openstack']['network']['conf']['keystone_authtoken']['user_domain_name']
admin_user = node['openstack']['identity']['admin_user']
@ -52,11 +51,11 @@ region = node['openstack']['region']
# endpoint_type = node['openstack']['identity']['endpoint_type']
connection_params = {
openstack_auth_url: auth_url,
openstack_username: admin_user,
openstack_api_key: admin_pass,
openstack_project_name: admin_project,
openstack_domain_name: admin_domain,
openstack_auth_url: auth_url,
openstack_username: admin_user,
openstack_api_key: admin_pass,
openstack_project_name: admin_project,
openstack_domain_name: admin_domain,
# openstack_endpoint_type: endpoint_type,
}

16
recipes/l3_agent.rb
View File

@ -1,9 +1,10 @@
# Encoding: utf-8
#
# Cookbook Name:: openstack-network
# Cookbook:: openstack-network
# Recipe:: l3_agent
#
# Copyright 2013, AT&T
# Copyright:: 2013, AT&T
# Copyright:: 2020, Oregon State University
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@ -27,11 +28,9 @@ end
platform_options = node['openstack']['network']['platform']
platform_options['neutron_l3_packages'].each do |pkg|
package pkg do
options platform_options['package_overrides']
action :upgrade
end
package platform_options['neutron_l3_packages'] do
options platform_options['package_overrides']
action :upgrade
end
service_config = merge_config_options 'network_l3'
@ -40,7 +39,7 @@ template node['openstack']['network_l3']['config_file'] do
cookbook 'openstack-common'
owner node['openstack']['network']['platform']['user']
group node['openstack']['network']['platform']['group']
mode 0o0640
mode '640'
variables(
service_config: service_config
)
@ -53,6 +52,5 @@ service 'neutron-l3-agent' do
action [:enable, :start]
subscribes :restart, [
'template[/etc/neutron/neutron.conf]',
"template[#{node['openstack']['network_fwaas']['config_file']}]",
]
end

39
recipes/lbaas.rb
View File

@ -1,9 +1,10 @@
# Encoding: utf-8
#
# Cookbook Name:: openstack-network
# Cookbook:: openstack-network
# Recipe:: lbaas
#
# Copyright 2013, Mirantis IT
# Copyright:: 2013, Mirantis IT
# Copyright:: 2020, Oregon State University
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@ -17,7 +18,6 @@
# See the License for the specific language governing permissions and
# limitations under the License.
#
# This recipe should be placed in the run_list of the node that
# runs the network server or network controller server.
include_recipe 'openstack-network'
@ -28,23 +28,39 @@ class ::Chef::Recipe
end
platform_options = node['openstack']['network']['platform']
platform_options['neutron_lbaas_packages'].each do |pkg|
package pkg do
options platform_options['package_overrides']
action :upgrade
end
package platform_options['neutron_lbaas_packages'] do
options platform_options['package_overrides']
action :upgrade
end
service_config = merge_config_options 'network_lbaas'
neutron_config = merge_config_options 'network_lbaas'
agent_config = merge_config_options 'network_lbaas_agent'
directory '/etc/neutron/conf.d/neutron-server' do
recursive true
only_if { platform_family?('debian') }
end
template node['openstack']['network_lbaas']['config_file'] do
source 'openstack-service.conf.erb'
cookbook 'openstack-common'
owner node['openstack']['network']['platform']['user']
group node['openstack']['network']['platform']['group']
mode 0o0640
mode '640'
variables(
service_config: service_config
service_config: neutron_config
)
notifies :restart, 'service[neutron-server]', :delayed
end
template node['openstack']['network_lbaas_agent']['config_file'] do
source 'openstack-service.conf.erb'
cookbook 'openstack-common'
owner node['openstack']['network']['platform']['user']
group node['openstack']['network']['platform']['group']
mode '640'
variables(
service_config: agent_config
)
notifies :restart, 'service[neutron-lb-agent]', :delayed
end
@ -54,4 +70,5 @@ service 'neutron-lb-agent' do
supports status: true, restart: true
action :enable
subscribes :restart, 'template[/etc/neutron/neutron.conf]', :delayed
subscribes :restart, "template[#{node['openstack']['network_lbaas']['config_file']}]", :delayed
end

17
recipes/metadata_agent.rb
View File

@ -1,9 +1,10 @@
# Encoding: utf-8
#
# Cookbook Name:: openstack-network
# Cookbook:: openstack-network
# Recipe:: metadata_agent
#
# Copyright 2013, AT&T
# Copyright:: 2013, AT&T
# Copyright:: 2020, Oregon State University
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@ -26,11 +27,9 @@ platform_options = node['openstack']['network']['platform']
metadata_secret = get_password 'token', node['openstack']['network_metadata']['secret_name']
# compute_metadata_api = internal_endpoint 'compute-metadata-api'
platform_options['neutron_metadata_agent_packages'].each do |pkg|
package pkg do
action :upgrade
options platform_options['package_overrides']
end
package platform_options['neutron_metadata_agent_packages'] do
action :upgrade
options platform_options['package_overrides']
end
node.default['openstack']['network_metadata']['conf_secrets'].tap do |conf|
@ -43,11 +42,11 @@ template node['openstack']['network_metadata']['config_file'] do
cookbook 'openstack-common'
owner node['openstack']['network']['platform']['user']
group node['openstack']['network']['platform']['group']
mode 0o0644
mode '644'
sensitive true
variables(
service_config: service_config
)
action :create
end
# delete all secrets saved in the attribute

15
recipes/metering_agent.rb
View File

@ -1,8 +1,10 @@
# Encoding: utf-8
#
# Cookbook Name:: openstack-network
# Cookbook:: openstack-network
# Recipe:: metering_agent
#
# Copyright:: 2020, Oregon State University
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
@ -20,11 +22,9 @@ include_recipe 'openstack-network'
platform_options = node['openstack']['network']['platform']
platform_options['neutron_metering_agent_packages'].each do |pkg|
package pkg do
action :upgrade
options platform_options['package_overrides']
end
package platform_options['neutron_metering_agent_packages'] do
action :upgrade
options platform_options['package_overrides']
end
service_config = merge_config_options 'network_metering'
@ -33,11 +33,10 @@ template node['openstack']['network_metering']['config_file'] do
cookbook 'openstack-common'
owner node['openstack']['network']['platform']['user']
group node['openstack']['network']['platform']['group']
mode 0o0640
mode '640'
variables(
service_config: service_config
)
action :create
end
service 'neutron-metering-agent' do

2
recipes/ml2_core_plugin.rb
View File

@ -1,6 +1,6 @@
# Encoding: utf-8
#
# Cookbook Name:: openstack-network
# Cookbook:: openstack-network
# Recipe:: ml2_core_plugin
#
# Licensed under the Apache License, Version 2.0 (the "License");

36
recipes/ml2_linuxbridge.rb
View File

@ -1,9 +1,10 @@
# Encoding: utf-8
#
# Cookbook Name:: openstack-network
# Cookbook:: openstack-network
# Recipe:: ml2_linuxbridge
#
# Copyright 2013, AT&T
# Copyright:: 2013, AT&T
# Copyright:: 2016-2020, Oregon State University
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@ -30,28 +31,22 @@ node.default['openstack']['network']['plugins']['ml2']['conf']['ml2']['mechanism
node.default['openstack']['network']['plugins']['ml2']['conf']['ml2_type_vxlan']['vni_ranges'] = 'VNI_START:VNI_END'
platform_options = node['openstack']['network']['platform']
platform_options['neutron_linuxbridge_agent_packages'].each do |pkg|
package pkg do
options platform_options['package_overrides']
action :upgrade
end
package platform_options['neutron_linuxbridge_agent_packages'] do
options platform_options['package_overrides']
action :upgrade
end
node.default['openstack']['network']['plugins']['linuxbridge'].tap do |lb|
case node['platform_family']
when 'fedora', 'rhel'
lb['path'] =
'/etc/neutron/plugins/ml2'
lb['filename'] =
'linuxbridge_agent.ini'
lb['path'] = '/etc/neutron/plugins/ml2'
lb['filename'] = 'linuxbridge_agent.ini'
when 'debian'
lb['path'] =
'/etc/neutron/plugins/linuxbridge'
lb['filename'] =
'linuxbridge_conf.ini'
lb['path'] = '/etc/neutron/plugins/linuxbridge'
lb['filename'] = 'linuxbridge_conf.ini'
end
lb['conf']['securitygroup']['firewall_driver'] =
'neutron.agent.linux.iptables_firewall.IptablesFirewallDriver'
lb['conf']['securitygroup']['firewall_driver'] = 'neutron.agent.linux.iptables_firewall.IptablesFirewallDriver'
end
include_recipe 'openstack-network::plugin_config'
@ -60,6 +55,9 @@ service 'neutron-plugin-linuxbridge-agent' do
service_name platform_options['neutron_linuxbridge_agent_service']
supports status: true, restart: true
action [:enable, :start]
subscribes :restart, ['template[/etc/neutron/neutron.conf]',
'template[/etc/neutron/plugins/linuxbridge/linuxbridge_conf.ini]']
subscribes :restart,
[
'template[/etc/neutron/neutron.conf]',
'template[/etc/neutron/plugins/linuxbridge/linuxbridge_conf.ini]',
]
end

4
recipes/ml2_openvswitch.rb
View File

@ -1,9 +1,9 @@
# Encoding: utf-8
#
# Cookbook Name:: openstack-network
# Cookbook:: openstack-network
# Recipe:: ml2_opensvswitch
#
# Copyright 2013, AT&T
# Copyright:: 2013, AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.

12
recipes/openvswitch.rb
View File

@ -1,8 +1,10 @@
# Encoding: utf-8
#
# Cookbook Name:: openstack-network
# Cookbook:: openstack-network
# Recipe:: opensvswitch
#
# Copyright:: 2020, Oregon State University
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
@ -24,11 +26,9 @@ plugin_file_path = File.join(
)
platform_options = node['openstack']['network']['platform']
platform_options['neutron_openvswitch_packages'].each do |pkg|
package pkg do
options platform_options['package_overrides']
action :upgrade
end
package platform_options['neutron_openvswitch_packages'] do
options platform_options['package_overrides']
action :upgrade
end
service 'neutron-openvswitch-switch' do

18
recipes/openvswitch_agent.rb
View File

@ -1,8 +1,10 @@
# Encoding: utf-8
#
# Cookbook Name:: openstack-network
# Cookbook:: openstack-network
# Recipe:: openvswitch_agent
#
# Copyright:: 2020, Oregon State University
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
@ -16,6 +18,7 @@
# limitations under the License.
#
include_recipe 'openstack-network'
include_recipe 'openstack-network::ml2_openvswitch'
plugin_file_path = File.join(
@ -24,19 +27,14 @@ plugin_file_path = File.join(
)
platform_options = node['openstack']['network']['platform']
platform_options['neutron_openvswitch_agent_packages'].each do |pkg|
package pkg do
action :upgrade
options platform_options['package_overrides']
end
package platform_options['neutron_openvswitch_agent_packages'] do
action :upgrade
options platform_options['package_overrides']
end
int_bridge =
node['openstack']['network']['plugins']['openvswitch']['conf']
.[]('DEFAULT')['integration_bridge']
int_bridge = node['openstack']['network']['plugins']['openvswitch']['conf'].[]('DEFAULT')['integration_bridge']
execute 'create integration network bridge' do
command "ovs-vsctl --may-exist add-br #{int_bridge}"
action :run
end
service 'neutron-openvswitch-agent' do

8
recipes/plugin_config.rb
View File

@ -1,8 +1,10 @@
# Encoding: utf-8
#
# Cookbook Name:: openstack-network
# Cookbook:: openstack-network
# Recipe:: plugin_config
#
# Copyright:: 2020, Oregon State University
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
@ -22,7 +24,7 @@ node['openstack']['network']['plugins'].each_value do |plugin|
recursive true
owner node['openstack']['network']['platform']['user']
group node['openstack']['network']['platform']['group']
mode 0o0700
mode '700'
end
template File.join(plugin['path'], plugin['filename']) do
@ -30,7 +32,7 @@ node['openstack']['network']['plugins'].each_value do |plugin|
cookbook 'openstack-common'
owner node['openstack']['network']['platform']['user']
group node['openstack']['network']['platform']['group']
mode 0o0644
mode '644'
variables(
service_config: plugin['conf']
)

47
recipes/server.rb
View File

@ -1,10 +1,11 @@
# Encoding: utf-8
#
# Cookbook Name:: openstack-network
# Cookbook:: openstack-network
# Recipe:: server
#
# Copyright 2013, AT&T
# Copyright 2013, SUSE Linux GmbH
# Copyright:: 2013, AT&T
# Copyright:: 2013, SUSE Linux GmbH
# Copyright:: 2020, Oregon State University
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@ -30,7 +31,7 @@ template '/etc/default/neutron-server' do
source 'neutron-server.erb'
owner 'root'
group 'root'
mode 0o0644
mode '644'
variables(
core_plugin_config: node['openstack']['network']['core_plugin_config_file']
)
@ -39,19 +40,15 @@ end
platform_options = node['openstack']['network']['platform']
platform_options['neutron_server_packages'].each do |pkg|
package pkg do
options platform_options['package_overrides']
action :upgrade
end
package platform_options['neutron_server_packages'] do
options platform_options['package_overrides']
action :upgrade
end
db_type = node['openstack']['db']['network']['service_type']
node['openstack']['db']['python_packages'][db_type].each do |pkg|
package pkg do
options platform_options['package_overrides']
action :upgrade
end
package node['openstack']['db']['python_packages'][db_type] do
options platform_options['package_overrides']
action :upgrade
end
if node['openstack']['network']['policyfile_url']
@ -59,20 +56,22 @@ if node['openstack']['network']['policyfile_url']
source node['openstack']['network']['policyfile_url']
owner node['openstack']['network']['platform']['user']
group node['openstack']['network']['platform']['group']
mode 0o0644
mode '644'
end
end
if node['openstack']['network_lbaas']['enabled']
# neutron-lbaas-agent may not running on network node, but on network node, neutron-server still need neutron_lbaas module
# when loading plugin if lbaas is list in service_plugins. In this case, we don't need include balance recipe for network node, but
# we need make sure neutron lbaas python packages get installed on network node before neutron-server start/restart, when lbaas is enabled.
# Otherwise neutron-server will crash for couldn't find lbaas plugin when invoking plugins from service_plugins.
platform_options['neutron_lbaas_python_dependencies'].each do |pkg|
package pkg do
options platform_options['package_overrides']
action :upgrade
end
# neutron-lbaas-agent may not running on network node, but on network
# node, neutron-server still need neutron_lbaas module when loading
# plugin if lbaas is list in service_plugins. In this case, we don't
# need include balance recipe for network node, but we need make sure
# neutron lbaas python packages get installed on network node before
# neutron-server start/restart, when lbaas is enabled. Otherwise
# neutron-server will crash for couldn't find lbaas plugin when
# invoking plugins from service_plugins.
package platform_options['neutron_lbaas_python_dependencies'] do
options platform_options['package_overrides']
action :upgrade
end
end

15
spec/_bridge_config_example_spec.rb
View File

@ -24,12 +24,10 @@ describe 'openstack-network::_bridge_config_example' do
let(:name) { 'create external network bridge' }
it 'adds external network bridge' do
expect(chef_run).to run_execute(name)
.with(command: cmd_br)
expect(chef_run).to run_execute(name).with(command: cmd_br)
end
it 'adds external network bridge port' do
expect(chef_run).to run_execute("#{name} port")
.with(command: cmd_port)
expect(chef_run).to run_execute("#{name} port").with(command: cmd_port)
end
end
@ -39,12 +37,10 @@ describe 'openstack-network::_bridge_config_example' do
let(:name) { 'create vlan network bridge' }
it 'adds vlan network bridge' do
expect(chef_run).to run_execute(name)
.with(command: cmd_br)
expect(chef_run).to run_execute(name).with(command: cmd_br)
end
it 'adds vlan network bridge port' do
expect(chef_run).to run_execute("#{name} port")
.with(command: cmd_port)
expect(chef_run).to run_execute("#{name} port").with(command: cmd_port)
end
end
@ -53,8 +49,7 @@ describe 'openstack-network::_bridge_config_example' do
let(:name) { 'create tunnel network bridge' }
it 'adds tunnel network bridge' do
expect(chef_run).to run_execute(name)
.with(command: cmd_br)
expect(chef_run).to run_execute(name).with(command: cmd_br)
end
end
end

39
spec/db_migration_spec.rb
View File

@ -11,8 +11,8 @@ describe 'openstack-network::db_migration' do
end
it 'uses db upgrade head with default timeout for neutron-server' do
expect(chef_run).to run_bash('migrate network database').with(
code: /upgrade head/,
expect(chef_run).to run_execute('migrate network database').with(
command: "neutron-db-manage --config-file /etc/neutron/neutron.conf upgrade head\n",
timeout: 3600
)
end
@ -23,32 +23,21 @@ describe 'openstack-network::db_migration' do
runner.converge(described_recipe)
end
it do
expect(chef_run).to run_bash('migrate network database').with(
code: /upgrade head/,
expect(chef_run).to run_execute('migrate network database').with(
command: "neutron-db-manage --config-file /etc/neutron/neutron.conf upgrade head\n",
timeout: 1234
)
end
end
context 'run db-migration when services are enabled' do
cached(:chef_run) do
node.override['openstack']['network_fwaas']['enabled'] = true
node.override['openstack']['network_lbaas']['enabled'] = true
node.override['openstack']['network']['core_plugin_config_file'] = '/etc/neutron/plugins/ml2/ml2_conf.ini'
runner.converge(described_recipe)
end
it 'uses db upgrade head when lbaas is enabled' do
migrate_cmd = %r{neutron-db-manage --subproject neutron-lbaas --config-file /etc/neutron/neutron.conf|
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head}
expect(chef_run).to run_bash('migrate lbaas database').with(
code: migrate_cmd,
timeout: 3600
)
end
it 'uses db upgrade head when fwaas is enabled' do
migrate_cmd = %r{neutron-db-manage --subproject neutron-fwaas --config-file /etc/neutron/neutron.conf|
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head}
expect(chef_run).to run_bash('migrate fwaas database').with(
code: migrate_cmd,
expect(chef_run).to run_execute('migrate lbaas database').with(
command: "neutron-db-manage --subproject neutron-lbaas --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head\n",
timeout: 3600
)
end
@ -59,22 +48,8 @@ describe 'openstack-network::db_migration' do
runner.converge(described_recipe)
end
it 'does not use db upgrade head when fwaas is not enabled' do
migrate_cmd = %r{neutron-db-manage --subproject neutron-fwaas --config-file /etc/neutron/neutron.conf|
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head}
expect(chef_run).not_to run_bash('migrate fwaas database').with(
code: migrate_cmd,
timeout: 3600
)
end
it 'does not use db upgrade head when lbaas is not enabled' do
migrate_cmd = %r{neutron-db-manage --subproject neutron-lbaas --config-file /etc/neutron/neutron.conf|
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head}
expect(chef_run).not_to run_bash('migrate lbaas database').with(
code: migrate_cmd,
timeout: 3600
)
expect(chef_run).not_to run_execute('migrate lbaas database')
end
end
end

21
spec/default-redhat_spec.rb
View File

@ -11,11 +11,26 @@ describe 'openstack-network' do
include_context 'neutron-stubs'
it 'upgrades mysql python package' do
pkgs =
%w(
ebtables
iproute
openstack-neutron
openstack-neutron-ml2
)
it do
expect(chef_run).to upgrade_package(pkgs)
end
it do
expect(chef_run).to upgrade_package('MySQL-python')
end
it 'upgrades openstack-neutron-ml2 package' do
expect(chef_run).to upgrade_package('openstack-neutron-ml2')
it do
expect(chef_run).to create_cookbook_file('/usr/bin/neutron-enable-bridge-firewall.sh').with(
source: 'neutron-enable-bridge-firewall.sh',
owner: 'root',
group: 'wheel',
mode: '0755'
)
end
end
end

86
spec/default_spec.rb
View File

@ -11,13 +11,29 @@ describe 'openstack-network' do
include_context 'neutron-stubs'
%w(neutron-common python3-mysqldb).each do |package|
it do
expect(chef_run).to upgrade_package(package)
end
packages = %w(neutron-common python3-neutron)
it do
expect(chef_run).to upgrade_package(packages)
end
it do
expect(chef_run).to upgrade_package('python3-mysqldb')
end
it do
expect(chef_run).to_not create_cookbook_file('/usr/bin/neutron-enable-bridge-firewall.sh')
end
describe '/etc/neutron/rootwrap.conf' do
it do
expect(chef_run).to create_template('/etc/neutron/rootwrap.conf').with(
source: 'openstack-service.conf.erb',
cookbook: 'openstack-common',
owner: 'neutron',
group: 'neutron',
mode: '644'
)
end
let(:file) { chef_run.template('/etc/neutron/rootwrap.conf') }
[
%r{^filters_path = /etc/neutron/rootwrap\.d,/usr/share/neutron/rootwrap$},
@ -34,60 +50,92 @@ describe 'openstack-network' do
end
describe '/etc/neutron/neutron.conf' do
it do
expect(chef_run).to create_template('/etc/neutron/neutron.conf').with(
source: 'openstack-service.conf.erb',
cookbook: 'openstack-common',
owner: 'neutron',
group: 'neutron',
mode: '640',
sensitive: true
)
end
let(:file) { chef_run.template('/etc/neutron/neutron.conf') }
[
%r{^log_dir = /var/log/neutron$},
/^control_exchange = neutron$/,
/^core_plugin = ml2$/,
%r{^transport_url = rabbit://guest:mypass@127.0.0.1:5672$},
/^bind_host = 127\.0\.0\.1$/,
/^bind_port = 9696$/,
%r{^transport_url = rabbit://guest:mypass@127.0.0.1:5672$},
].each do |line|
it do
expect(chef_run).to render_config_file(file.name)
.with_section_content('DEFAULT', line)
expect(chef_run).to render_config_file(file.name).with_section_content('DEFAULT', line)
end
end
context 'lbaas enabled' do
cached(:chef_run) do
node.override['openstack']['network_lbaas']['enabled'] = true
runner.converge(described_recipe)
end
[
/^service_plugins = neutron_lbaas.services.loadbalancer.plugin.LoadBalancerPluginv2$/,
].each do |line|
it do
expect(chef_run).to render_config_file(file.name).with_section_content('DEFAULT', line)
end
end
end
[
%r{^root_helper = sudo neutron-rootwrap /etc/neutron/rootwrap.conf$},
].each do |line|
it do
expect(chef_run).to render_config_file(file.name)
.with_section_content('agent', line)
expect(chef_run).to render_config_file(file.name).with_section_content('agent', line)
end
end
[
/^project_name = service$/,
/^auth_type = password$/,
/^region_name = RegionOne$/,
/^username = neutron$/,
/^user_domain_name = Default/,
/^project_domain_name = Default/,
/^project_name = service$/,
/^auth_version = v3$/,
%r{^auth_url = http://127.0.0.1:5000/v3$},
/^password = neutron-pass$/,
/^auth_type = v3password$/,
].each do |line|
it do
expect(chef_run).to render_config_file(file.name)
.with_section_content('keystone_authtoken', line)
expect(chef_run).to render_config_file(file.name).with_section_content('keystone_authtoken', line)
end
end
[
/^auth_type = password$/,
/^region_name = RegionOne$/,
/^auth_type = v3password$/,
/^username = nova$/,
/^user_domain_name = Default/,
/^project_domain_name = Default/,
/^project_name = service$/,
/^project_domain_name = Default/,
%r{^auth_url = http://127.0.0.1:5000/v3$},
/^password = nova-pass$/,
].each do |line|
it do
expect(chef_run).to render_config_file(file.name)
.with_section_content('nova', line)
expect(chef_run).to render_config_file(file.name).with_section_content('nova', line)
end
end
[
%r{^lock_path = /var/lib/neutron/lock$},
].each do |line|
it do
expect(chef_run).to render_config_file(file.name).with_section_content('oslo_concurrency', line)
end
end
[
%(connection = mysql+pymysql://neutron:neutron@127.0.0.1:3306/neutron?charset=utf8),
].each do |line|
it do
expect(chef_run).to render_config_file(file.name)
.with_section_content('database', line)
expect(chef_run).to render_config_file(file.name).with_section_content('database', line)
end
end
end

43
spec/dhcp_agent-centos_spec.rb
View File

@ -14,49 +14,12 @@ describe 'openstack-network::dhcp_agent' do
include_context 'neutron-stubs'
it 'upgrades neutron dhcp package' do
expect(chef_run).to upgrade_package('openstack-neutron')
it do
expect(chef_run).to upgrade_package(%w(openstack-neutron iproute))
end
it 'upgrades plugin packages' do
expect(chef_run).not_to upgrade_package(/openvswitch/)
expect(chef_run).not_to upgrade_package(/plugin/)
end
it 'starts the dhcp agent on boot' do
expect(chef_run).to enable_service('neutron-dhcp-agent')
end
it 'should install the dnsmasq rpm' do
it do
expect(chef_run).to upgrade_rpm_package('dnsmasq')
end
it 'should notify dhcp agent to restart immediately' do
expect(chef_run.rpm_package('dnsmasq')).to notify('service[neutron-dhcp-agent]').to(:restart).delayed
end
describe '/etc/neutron/dhcp_agent.ini' do
let(:file) { chef_run.template('/etc/neutron/dhcp_agent.ini') }
it 'creates dhcp_agent.ini' do
expect(chef_run).to create_template(file.name).with(
user: 'neutron',
group: 'neutron',
mode: 0o644
)
end
end
describe '/etc/neutron/dnsmasq.conf' do
let(:file) { chef_run.template('/etc/neutron/dnsmasq.conf') }
it 'creates dnsmasq.conf' do
expect(chef_run).to create_template(file.name).with(
user: 'neutron',
group: 'neutron',
mode: 0o644
)
end
end
end
end

53
spec/dhcp_agent_spec.rb
View File

@ -15,38 +15,77 @@ describe 'openstack-network::dhcp_agent' do
expect(chef_run).to include_recipe('openstack-network')
end
it 'subscribes the agent service to neutron.conf' do
expect(chef_run.service('neutron-dhcp-agent')).to subscribe_to('template[/etc/neutron/neutron.conf]').delayed
%w(
template[/etc/neutron/neutron.conf]
template[/etc/neutron/dnsmasq.conf]
template[/etc/neutron/dhcp_agent.ini]
).each do |resource|
it do
expect(chef_run.service('neutron-dhcp-agent')).to subscribe_to(resource).delayed
end
end
it 'upgrades neutron dhcp package' do
it do
expect(chef_run).to_not upgrade_rpm_package('dnsmasq')
end
it do
expect(chef_run).to upgrade_package 'neutron-dhcp-agent'
end
it 'starts the dhcp agent on boot' do
expect(chef_run).to enable_service 'neutron-dhcp-agent'
it do
expect(chef_run).to enable_service('neutron-dhcp-agent').with(
service_name: 'neutron-dhcp-agent',
supports: {
restart: true,
status: true,
}
)
end
it do
expect(chef_run).to start_service 'neutron-dhcp-agent'
end
describe 'dhcp_agent.ini' do
let(:file) { chef_run.template('/etc/neutron/dhcp_agent.ini') }
it 'creates dhcp_agent.ini' do
expect(chef_run).to create_template(file.name).with(
source: 'openstack-service.conf.erb',
cookbook: 'openstack-common',
user: 'neutron',
group: 'neutron',
mode: 0o644
mode: '644'
)
end
[
/^interface_driver = openvswitch$/,
%r{^dnsmasq_config_file = /etc/neutron/dnsmasq.conf$},
].each do |line|
it do
expect(chef_run).to render_config_file('/etc/neutron/dhcp_agent.ini').with_section_content('DEFAULT', line)
end
end
end
describe '/etc/neutron/dnsmasq.conf' do
let(:file) { chef_run.template('/etc/neutron/dnsmasq.conf') }
it 'creates dnsmasq.conf' do
expect(chef_run).to create_template(file.name).with(
source: 'dnsmasq.conf.erb',
user: 'neutron',
group: 'neutron',
mode: 0o644
mode: '644'
)
end
[
/^server=8.8.8.8$/,
/^server=208.67.222.222$/,
].each do |line|
it do
expect(chef_run).to render_file('/etc/neutron/dnsmasq.conf').with_content(line)
end
end
end
end
end

13
spec/l3_agent-redhat_spec.rb
View File

@ -13,10 +13,15 @@ describe 'openstack-network::l3_agent' do
include_context 'neutron-stubs'
it 'upgrades neutron ml2_ovs packages' do
%w(openstack-neutron iproute radvd keepalived).each do |pkg|
expect(chef_run).to upgrade_package(pkg)
end
pkgs =
%w(
iproute
keepalived
openstack-neutron
radvd
)
it do
expect(chef_run).to upgrade_package(pkgs)
end
end
end

51
spec/l3_agent_spec.rb
View File

@ -12,18 +12,33 @@ describe 'openstack-network::l3_agent' do
describe 'recipe' do
include_context 'neutron-stubs'
it 'starts the l3 agent on boot' do
expect(chef_run).to enable_service('neutron-l3-agent')
it do
expect(chef_run).to enable_service('neutron-l3-agent').with(
service_name: 'neutron-l3-agent',
supports: {
status: true,
restart: true,
}
)
end
it 'subscribes the l3 agent service to neutron.conf' do
expect(chef_run.service('neutron-l3-agent')).to subscribe_to('template[/etc/neutron/neutron.conf]').delayed
it do
expect(chef_run).to start_service('neutron-l3-agent')
end
%w(neutron-l3-agent radvd keepalived).each do |pkg|
it "upgrades #{pkg} package" do
expect(chef_run).to upgrade_package(pkg)
end
it do
expect(chef_run.service('neutron-l3-agent')).to \
subscribe_to('template[/etc/neutron/neutron.conf]').on(:restart)
end
pkgs =
%w(
keepalived
neutron-l3-agent
radvd
)
it do
expect(chef_run).to upgrade_package(pkgs)
end
describe 'l3_agent.ini' do
@ -31,12 +46,22 @@ describe 'openstack-network::l3_agent' do
it 'creates l3_agent.ini' do
expect(chef_run).to create_template(file.name).with(
source: 'openstack-service.conf.erb',
cookbook: 'openstack-common',
user: 'neutron',
group: 'neutron',
mode: 0o640
mode: '640'
)
end
[
/^interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver$/,
].each do |line|
it do
expect(chef_run).to render_config_file('/etc/neutron/l3_agent.ini').with_section_content('DEFAULT', line)
end
end
context 'template contents' do
cached(:chef_run) do
node.override['openstack']['network_l3']['conf']['DEFAULT']['external_network_bridge'] = 'network_l3_external_network_bridge_value'
@ -48,11 +73,15 @@ describe 'openstack-network::l3_agent' do
it 'displays the external_network_bridge l3 attribute' do
stub_command('ovs-vsctl br-exists network_l3_external_network_bridge_value').and_return(false)
expect(chef_run).to render_file(file.name).with_content(/^external_network_bridge = network_l3_external_network_bridge_value$/)
expect(chef_run).to render_config_file(file.name)
.with_section_content(
'DEFAULT',
/^external_network_bridge = network_l3_external_network_bridge_value$/
)
end
end
it 'notifies the l3 agent service' do
it do
expect(file).to notify('service[neutron-l3-agent]').to(:restart).delayed
end
end

40
spec/lbaas-redhat_spec.rb
View File

@ -8,35 +8,41 @@ describe 'openstack-network::lbaas' do
cached(:chef_run) do
node.override['openstack']['compute']['network']['service_type'] = 'neutron'
node.override['openstack']['network']['lbaas']['enabled'] = 'True'
runner.converge(described_recipe)
runner.converge(described_recipe, 'openstack-network::ml2_core_plugin', 'openstack-network::server')
end
include_context 'neutron-stubs'
it do
expect(chef_run).to_not create_directory('/etc/neutron/conf.d/neutron-server')
end
describe 'lbaas_agent.ini' do
let(:file) { chef_run.template('/etc/neutron/lbaas_agent.ini') }
it 'creates lbaas_agent.ini' do
expect(chef_run).to create_template(file.name).with(
user: 'neutron',
group: 'neutron',
mode: 0o640
)
end
it 'displays user_group as nobody' do
expect(chef_run).to render_file(file.name).with_content(/^user_group = nobody$/)
it do
expect(chef_run).to render_config_file(file.name).with_section_content('haproxy', /^user_group = nobody$/)
end
end
['haproxy', 'openstack-neutron-lbaas'].each do |pack|
it "upgrades #{pack} package" do
expect(chef_run).to upgrade_package(pack)
end
pkgs =
%w(
haproxy
iproute
openstack-neutron-lbaas
)
it do
expect(chef_run).to upgrade_package(pkgs)
end
it 'enables agent service' do
expect(chef_run).to enable_service('neutron-lb-agent')
it do
expect(chef_run).to enable_service('neutron-lb-agent').with(
service_name: 'neutron-lbaasv2-agent',
supports: {
status: true,
restart: true,
}
)
end
end
end

87
spec/lbaas_spec.rb
View File

@ -6,40 +6,97 @@ describe 'openstack-network::lbaas' do
let(:runner) { ChefSpec::SoloRunner.new(UBUNTU_OPTS) }
let(:node) { runner.node }
cached(:chef_run) do
runner.converge(described_recipe)
runner.converge(described_recipe, 'openstack-network::ml2_core_plugin', 'openstack-network::server')
end
include_context 'neutron-stubs'
pkgs =
%w(
haproxy
neutron-lbaas-common
neutron-lbaasv2-agent
python3-neutron-lbaas
)
it do
%w(python3-neutron-lbaas neutron-lbaasv2-agent haproxy)
.each do |pkg|
expect(chef_run).to upgrade_package(pkg)
end
expect(chef_run).to upgrade_package(pkgs)
end
describe 'lbaas.conf' do
it do
expect(chef_run).to create_directory('/etc/neutron/conf.d/neutron-server').with(recursive: true)
end
describe '/etc/neutron/lbaas_agent.ini' do
let(:file) { chef_run.template('/etc/neutron/lbaas_agent.ini') }
it do
expect(chef_run).to create_template(file.name).with(
source: 'openstack-service.conf.erb',
cookbook: 'openstack-common',
user: 'neutron',
group: 'neutron',
mode: 0o0640
mode: '640'
)
end
it do
[
/^periodic_interval = 10$/,
/^ovs_use_veth = false$/,
/^interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver$/,
/^device_driver = neutron_lbaas.drivers.haproxy.namespace_driver.HaproxyNSDriver$/,
].each do |line|
expect(chef_run).to render_file(file.name).with_content(line)
expect(file).to notify('service[neutron-lb-agent]').to(:restart)
end
[
/^interface_driver = openvswitch$/,
/^device_driver = neutron_lbaas.drivers.haproxy.namespace_driver.HaproxyNSDriver$/,
].each do |line|
it do
expect(chef_run).to render_config_file(file.name).with_section_content('DEFAULT', line)
end
end
[
/^user_group = nogroup$/,
].each do |line|
it do
expect(chef_run).to render_config_file(file.name).with_section_content('haproxy', line)
end
end
it do
expect(chef_run).to enable_service('neutron-lb-agent')
expect(chef_run).to enable_service('neutron-lb-agent').with(
service_name: 'neutron-lbaasv2-agent',
supports: {
status: true,
restart: true,
}
)
end
%w(
template[/etc/neutron/neutron.conf]
template[/etc/neutron/conf.d/neutron-server/neutron_lbaas.conf]
).each do |resource|
it do
expect(chef_run.service('neutron-lb-agent')).to subscribe_to(resource).on(:restart)
end
end
end
describe '/etc/neutron/conf.d/neutron-server/neutron_lbaas.conf' do
let(:file) { chef_run.template('/etc/neutron/conf.d/neutron-server/neutron_lbaas.conf') }
it do
expect(chef_run).to create_template(file.name).with(
source: 'openstack-service.conf.erb',
cookbook: 'openstack-common',
user: 'neutron',
group: 'neutron',
mode: '640'
)
end
it do
expect(file).to notify('service[neutron-server]').to(:restart)
end
[
/^service_provider = LOADBALANCERV2:Haproxy:neutron_lbaas.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default$/,
].each do |line|
it do
expect(chef_run).to render_config_file(file.name).with_section_content('service_providers', line)
end
end
end
end

29
spec/metadata_agent-rhel_spec.rb Normal file
View File

@ -0,0 +1,29 @@
# Encoding: utf-8
require_relative 'spec_helper'
describe 'openstack-network::metadata_agent' do
describe 'redhat' do
let(:runner) { ChefSpec::SoloRunner.new(REDHAT_OPTS) }
let(:node) { runner.node }
cached(:chef_run) do
node.override['openstack']['compute']['network']['service_type'] = 'neutron'
runner.converge(described_recipe)
end
include_context 'neutron-stubs'
it do
expect(chef_run).to enable_service('neutron-metadata-agent').with(
service_name: 'neutron-metadata-agent',
supports: {
status: true,
restart: true,
}
)
end
it do
expect(chef_run).to start_service('neutron-metadata-agent')
end
end
end

39
spec/metadata_agent_spec.rb
View File

@ -12,14 +12,28 @@ describe 'openstack-network::metadata_agent' do
include_context 'neutron-stubs'
it 'upgrades neutron metadata agent' do
it do
expect(chef_run).to upgrade_package 'neutron-metadata-agent'
end
it do
expect(chef_run).to enable_service('neutron-metadata-agent')
expect(chef_run).to enable_service('neutron-metadata-agent').with(
service_name: 'neutron-metadata-agent',
supports: {
status: true,
restart: true,
}
)
end
it 'subscribes the metadata agent service to neutron.conf' do
expect(chef_run.service('neutron-metadata-agent')).to subscribe_to('template[/etc/neutron/neutron.conf]').delayed
it do
expect(chef_run).to start_service('neutron-metadata-agent')
end
%w(template[/etc/neutron/neutron.conf] template[/etc/neutron/metadata_agent.ini]).each do |resource|
it do
expect(chef_run.service('neutron-metadata-agent')).to subscribe_to(resource).delayed
end
end
describe 'metadata_agent.ini' do
@ -27,21 +41,24 @@ describe 'openstack-network::metadata_agent' do
it 'creates metadata_agent.ini' do
expect(chef_run).to create_template(file.name).with(
source: 'openstack-service.conf.erb',
cookbook: 'openstack-common',
user: 'neutron',
group: 'neutron',
mode: 0o644
mode: '644',
sensitive: true
)
end
context 'template contents' do
it 'sets the metadata_proxy_shared_secret attribute' do
expect(chef_run).to render_file(file.name).with_content(/^metadata_proxy_shared_secret = metadata-secret$/)
[
/^metadata_proxy_shared_secret = metadata-secret$/,
].each do |line|
it do
expect(chef_run).to render_config_file(file.name).with_section_content('DEFAULT', line)
end
end
end
it 'notifies the metadata agent service' do
expect(file).to notify('service[neutron-metadata-agent]').to(:restart).delayed
end
end
it do
expect(chef_run).to run_ruby_block('delete all attributes in '\

28
spec/metering_agent-rhel_spec.rb Normal file
View File

@ -0,0 +1,28 @@
# Encoding: utf-8
require_relative 'spec_helper'
describe 'openstack-network::metering_agent' do
describe 'ubuntu' do
let(:runner) { ChefSpec::SoloRunner.new(UBUNTU_OPTS) }
let(:node) { runner.node }
cached(:chef_run) do
runner.converge(described_recipe)
end
include_context 'neutron-stubs'
it do
expect(chef_run).to upgrade_package('neutron-metering-agent')
end
it do
expect(chef_run).to enable_service('neutron-metering-agent').with(
service_name: 'neutron-metering-agent',
supports: {
status: true,
restart: true,
}
)
end
end
end

27
spec/metering_agent_spec.rb
View File

@ -12,19 +12,18 @@ describe 'openstack-network::metering_agent' do
include_context 'neutron-stubs'
it do
%w(neutron-metering-agent)
.each do |pkg|
expect(chef_run).to upgrade_package(pkg)
end
expect(chef_run).to upgrade_package('neutron-metering-agent')
end
describe 'metering_agent.ini' do
let(:file) { chef_run.template('/etc/neutron/metering_agent.ini') }
it do
expect(chef_run).to create_template(file.name).with(
source: 'openstack-service.conf.erb',
cookbook: 'openstack-common',
user: 'neutron',
group: 'neutron',
mode: 0o0640
mode: '640'
)
end
@ -33,11 +32,25 @@ describe 'openstack-network::metering_agent' do
/^interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver$/,
/^driver = neutron.services.metering.drivers.iptables.iptables_driver.IptablesMeteringDriver$/,
].each do |line|
expect(chef_run).to render_file(file.name).with_content(line)
expect(chef_run).to render_config_file(file.name).with_section_content('DEFAULT', line)
end
end
end
it do
expect(chef_run).to enable_service('neutron-metering-agent').with(
service_name: 'neutron-metering-agent',
supports: {
status: true,
restart: true,
}
)
end
it do
expect(chef_run).to start_service('neutron-metering-agent')
end
%w(template[/etc/neutron/neutron.conf] template[/etc/neutron/metering_agent.ini]).each do |resource|
it do
expect(chef_run).to enable_service('neutron-metering-agent')
expect(chef_run.service('neutron-metering-agent')).to subscribe_to(resource).delayed
end
end
end

6
spec/ml2_linuxbridge-redhat_spec.rb
View File

@ -21,7 +21,7 @@ describe 'openstack-network::ml2_linuxbridge' do
expect(chef_run).to create_directory('/etc/neutron/plugins/ml2').with(
owner: 'neutron',
group: 'neutron',
mode: 0o700
mode: '700'
)
end
it do
@ -43,9 +43,7 @@ describe 'openstack-network::ml2_linuxbridge' do
end
it do
%w(openstack-neutron-linuxbridge iproute).each do |pkg|
expect(chef_run).to upgrade_package(pkg)
end
expect(chef_run).to upgrade_package(%w(openstack-neutron-linuxbridge iproute))
end
it do

42
spec/ml2_linuxbridge_spec.rb
View File

@ -18,13 +18,14 @@ describe 'openstack-network::ml2_linuxbridge' do
include_context 'neutron-stubs'
it 'creates the /etc/neutron/plugins/linuxbridge agent directory' do
it do
expect(chef_run).to create_directory('/etc/neutron/plugins/linuxbridge').with(
owner: 'neutron',
group: 'neutron',
mode: 0o700
mode: '700'
)
end
it do
expect(chef_run).to include_recipe('openstack-network::plugin_config')
end
@ -33,28 +34,47 @@ describe 'openstack-network::ml2_linuxbridge' do
let(:file) do
chef_run.template('/etc/neutron/plugins/linuxbridge/linuxbridge_conf.ini')
end
[
/^firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver$/,
].each do |line|
it do
expect(chef_run).to render_config_file(file.name)
.with_section_content('securitygroup', line)
it "[securitygroup] #{line}" do
expect(chef_run).to render_config_file(file.name).with_section_content('securitygroup', line)
end
end
end
pkgs =
%w(
neutron-plugin-linuxbridge
neutron-plugin-linuxbridge-agent
)
it do
%w(neutron-plugin-linuxbridge neutron-plugin-linuxbridge-agent).each do |pkg|
expect(chef_run).to upgrade_package(pkg)
end
expect(chef_run).to upgrade_package(pkgs)
end
it do
expect(chef_run).to enable_service('neutron-plugin-linuxbridge-agent')
expect(chef_run).to enable_service('neutron-plugin-linuxbridge-agent').with(
service_name: 'neutron-plugin-linuxbridge-agent',
supports: {
status: true,
restart: true,
}
)
end
it do
service = chef_run.service('neutron-plugin-linuxbridge-agent')
expect(service).to(subscribe_to('template[/etc/neutron/neutron.conf]').on(:restart).delayed) && subscribe_to('template[/etc/neutron/plugins/linuxbridge/linuxbridge_conf.ini]').on(:restart).delayed
expect(chef_run).to start_service('neutron-plugin-linuxbridge-agent')
end
%w(
template[/etc/neutron/neutron.conf]
template[/etc/neutron/plugins/linuxbridge/linuxbridge_conf.ini]
).each do |resource|
it do
expect(chef_run.service('neutron-plugin-linuxbridge-agent')).to subscribe_to(resource).delayed
end
end
end
end

36
spec/ml2_openvswitch_spec.rb Normal file
View File

@ -0,0 +1,36 @@
# pkg upgrade
# service
# Encoding: utf-8
require_relative 'spec_helper'
describe 'openstack-network::ml2_openvswitch' do
describe 'ubuntu' do
let(:runner) { ChefSpec::SoloRunner.new(UBUNTU_OPTS) }
let(:node) { runner.node }
cached(:chef_run) do
runner.converge(described_recipe, 'openstack-network::plugin_config')
end
include_context 'neutron-stubs'
it do
expect(chef_run).to include_recipe('openstack-network::ml2_core_plugin')
end
describe '/etc/neutron/plugins/ml2/openvswitch_agent.ini' do
let(:file) do
chef_run.template('/etc/neutron/plugins/ml2/openvswitch_agent.ini')
end
[
/^integration_bridge = br-int$/,
].each do |line|
it do
expect(chef_run).to render_config_file(file.name).with_section_content('DEFAULT', line)
end
end
end
end
end

26
spec/openvswitch-rhel_spec.rb Normal file
View File

@ -0,0 +1,26 @@
# Encoding: utf-8
require_relative 'spec_helper'
describe 'openstack-network::openvswitch' do
describe 'redhat' do
let(:runner) { ChefSpec::SoloRunner.new(REDHAT_OPTS) }
let(:node) { runner.node }
cached(:chef_run) do
runner.converge(described_recipe)
end
it do
expect(chef_run).to upgrade_package 'openvswitch'
end
it do
expect(chef_run).to enable_service('neutron-openvswitch-switch').with(
service_name: 'openvswitch',
supports: {
status: true,
restart: true,
}
)
end
end
end

33
spec/openvswitch_agent-rhel_spec.rb Normal file
View File

@ -0,0 +1,33 @@
# Encoding: utf-8
require_relative 'spec_helper'
describe 'openstack-network::openvswitch_agent' do
describe 'redhat' do
let(:runner) { ChefSpec::SoloRunner.new(REDHAT_OPTS) }
let(:node) { runner.node }
cached(:chef_run) do
node.override['openstack']['network']['openvswitch']['integration_bridge'] = 'br-int'
runner.converge(described_recipe)
end
include_context 'neutron-stubs'
before do
stub_command('ovs-vsctl --may-exist add-br br-int')
end
it do
expect(chef_run).to upgrade_package %w(openstack-neutron-openvswitch iproute)
end
it do
expect(chef_run).to enable_service('neutron-openvswitch-agent').with(
service_name: 'neutron-openvswitch-agent',
supports: {
status: true,
restart: true,
}
)
end
end
end

37
spec/openvswitch_agent_spec.rb
View File

@ -7,31 +7,44 @@ describe 'openstack-network::openvswitch_agent' do
let(:node) { runner.node }
cached(:chef_run) do
node.override['openstack']['network']['openvswitch']['integration_bridge'] = 'br-int'
runner.converge(described_recipe)
runner.converge(described_recipe, 'openstack-network::plugin_config')
end
include_context 'neutron-stubs'
before do
stub_command('ovs-vsctl --may-exist add-br br-int')
end
it 'upgrades openvswitch agent' do
it do
expect(chef_run).to upgrade_package 'neutron-openvswitch-agent'
end
describe 'create integration network bridget' do
let(:cmd_br) { 'ovs-vsctl --may-exist add-br br-int' }
let(:name) { 'create integration network bridge' }
it 'adds integration network bridge' do
expect(chef_run).to run_execute(name)
.with(command: cmd_br)
end
it do
expect(chef_run).to run_execute('create integration network bridge')
.with(command: 'ovs-vsctl --may-exist add-br br-int')
end
it 'sets the openvswitch_agent service to start on boot' do
expect(chef_run).to enable_service 'neutron-openvswitch-agent'
it do
expect(chef_run).to enable_service('neutron-openvswitch-agent').with(
service_name: 'neutron-openvswitch-agent',
supports: {
status: true,
restart: true,
}
)
end
it 'starts the openvswitch_agent service' do
it do
expect(chef_run).to start_service 'neutron-openvswitch-agent'
end
%w(
template[/etc/neutron/neutron.conf]
template[/etc/neutron/plugins/ml2/openvswitch_agent.ini]
).each do |t|
it t do
expect(chef_run.service('neutron-openvswitch-agent')).to subscribe_to(t).on(:restart)
end
end
end
end

25
spec/openvswitch_spec.rb
View File

@ -6,23 +6,30 @@ describe 'openstack-network::openvswitch' do
let(:runner) { ChefSpec::SoloRunner.new(UBUNTU_OPTS) }
let(:node) { runner.node }
cached(:chef_run) do
runner.converge(described_recipe)
runner.converge(described_recipe, 'openstack-network::plugin_config')
end
it 'upgrades openvswitch switch' do
expect(chef_run).to upgrade_package 'openvswitch-switch'
it do
expect(chef_run).to upgrade_package %w(openvswitch-switch bridge-utils)
end
it 'upgrades linux bridge utils' do
expect(chef_run).to upgrade_package 'bridge-utils'
it do
expect(chef_run).to enable_service('neutron-openvswitch-switch').with(
service_name: 'openvswitch-switch',
supports: {
status: true,
restart: true,
}
)
end
it 'sets the openvswitch service to start on boot' do
expect(chef_run).to enable_service 'openvswitch-switch'
it do
expect(chef_run).to start_service 'neutron-openvswitch-switch'
end
it 'start the openvswitch service' do
expect(chef_run).to start_service 'openvswitch-switch'
it do
expect(chef_run.service('neutron-openvswitch-switch')).to \
subscribe_to('template[/etc/neutron/plugins/ml2/openvswitch_agent.ini]').on(:restart)
end
end
end

5
spec/plugin_config_spec.rb
View File

@ -30,15 +30,14 @@ describe 'openstack-network::plugin_config' do
recursive: true,
owner: 'neutron',
group: 'neutron',
mode: 0o0700
mode: '700'
)
end
%w(ml2_conf.ini openvswitch_conf.ini).each do |conf|
let(:file) { chef_run.template(File.join(dir, conf)) }
it do
expect(chef_run).to render_config_file(file.name)
.with_section_content('section', 'key = value')
expect(chef_run).to render_config_file(file.name).with_section_content('section', 'key = value')
end
end
end

6
spec/server-redhat_spec.rb
View File

@ -13,11 +13,11 @@ describe 'openstack-network::server' do
end
include_context 'neutron-stubs'
it 'upgrades openstack-neutron packages' do
expect(chef_run).to upgrade_package 'openstack-neutron'
it do
expect(chef_run).to upgrade_package %w(ebtables iproute openstack-neutron openstack-neutron-ml2)
end
it 'enables openstack-neutron server service' do
it do
expect(chef_run).to enable_service 'neutron-server'
end

73
spec/server_spec.rb
View File

@ -11,8 +11,8 @@ describe 'openstack-network::server' do
include_context 'neutron-stubs'
describe 'package and services' do
it 'upgrades neutron-server packages' do
expect(chef_run).to upgrade_package 'neutron-server'
it do
expect(chef_run).to upgrade_package %w(neutron-server)
end
context 'allows overriding package names' do
@ -22,25 +22,32 @@ describe 'openstack-network::server' do
runner.converge('openstack-network::ml2_core_plugin', described_recipe)
end
it do
cust_pkgs.each do |pkg|
expect(chef_run).to upgrade_package(pkg)
end
expect(chef_run).to upgrade_package(cust_pkgs)
end
end
it 'sets the neutron server service to start on boot' do
expect(chef_run).to enable_service 'neutron-server'
it do
expect(chef_run).to enable_service('neutron-server').with(
service_name: 'neutron-server',
supports: {
status: true,
restart: true,
}
)
end
it 'starts the neutron server service' do
it do
expect(chef_run).to start_service 'neutron-server'
end
let(:neutron_service) { chef_run.service('neutron-server') }
it do
expect(neutron_service)
.to subscribe_to('template[/etc/neutron/neutron.conf]').on(:restart).delayed
expect(neutron_service).to subscribe_to('template[/etc/neutron/neutron.conf]').on(:restart).delayed
end
it do
expect(neutron_service).to_not subscribe_to('remote_file[/etc/neutron/policy.json]').on(:restart).delayed
end
context 'set policyfile_url' do
@ -49,8 +56,7 @@ describe 'openstack-network::server' do
runner.converge('openstack-network::ml2_core_plugin', described_recipe)
end
it do
expect(neutron_service)
.to subscribe_to('remote_file[/etc/neutron/policy.json]').on(:restart).delayed
expect(neutron_service).to subscribe_to('remote_file[/etc/neutron/policy.json]').on(:restart).delayed
end
end
@ -89,35 +95,30 @@ describe 'openstack-network::server' do
it 'creates /etc/default/neutron-server' do
expect(chef_run).to create_template(file.name).with(
source: 'neutron-server.erb',
user: 'root',
group: 'root',
mode: 0o644
)
end
end
describe 'rootwrap.conf' do
let(:file) { chef_run.template('/etc/neutron/rootwrap.conf') }
it 'creates the /etc/neutron/rootwrap.conf file' do
expect(chef_run).to create_template(file.name).with(
user: 'neutron',
group: 'neutron',
mode: 0o644
mode: '644',
variables: {
core_plugin_config: '/etc/neutron/plugins/ml2/ml2_conf.ini',
}
)
end
context 'template contents' do
it 'sets the default attributes' do
[
%r{^filters_path = /etc/neutron/rootwrap.d,/usr/share/neutron/rootwrap$},
%r{^exec_dirs = /sbin,/usr/sbin,/bin,/usr/bin$},
/^use_syslog = false$/,
/^syslog_log_facility = syslog$/,
/^syslog_log_level = ERROR$/,
].each do |line|
expect(chef_run).to render_file(file.name).with_content(line)
end
it do
expect(chef_run).to render_file(file.name).with_content(
%r{^NEUTRON_PLUGIN_CONFIG="/etc/neutron/plugins/ml2/ml2_conf.ini"$}
)
end
context 'enable lbaas' do
cached(:chef_run) do
node.override['openstack']['network_lbaas']['enabled'] = true
runner.converge('openstack-network::ml2_core_plugin', described_recipe)
end
it do
expect(chef_run).to render_file(file.name).with_content(
%r{^NEUTRON_PLUGIN_CONFIG="/etc/neutron/plugins/ml2/ml2_conf.ini --config-dir /etc/neutron/conf.d/neutron-server"$}
)
end
end
end

6
templates/default/neutron-server.erb
View File

@ -3,4 +3,8 @@
# path to config file corresponding to the core_plugin specified in
# neutron.conf
NEUTRON_PLUGIN_CONFIG=<%=@core_plugin_config%>
<% if node['openstack']['network_lbaas']['enabled'] -%>
NEUTRON_PLUGIN_CONFIG="<%=@core_plugin_config%> --config-dir /etc/neutron/conf.d/neutron-server"
<% else -%>
NEUTRON_PLUGIN_CONFIG="<%=@core_plugin_config%>"
<% end -%>