From cb26946e73e4b85a9d4a23c5fa0fd6bbf361e351 Mon Sep 17 00:00:00 2001 From: Lance Albertson Date: Thu, 13 Feb 2020 16:39:40 -0800 Subject: [PATCH] Stein fixes - Cookstyle fixes - Refactor Berksfile to use groups so we can exclude integration testing cookbooks - Update documentation - Cleanup line wraps - Enable sensitive resources for the template[/etc/neutron/neutron.conf] and template[/etc/neutron/metadata_agent.ini] to resources improve security. - Update delivery configuration to exclude integration cookbooks - Fix ChefSpec output. - Update lbaas recipe to use v2 agent driver. - Add recommended configuration settings to neutron.conf based in Stein installation docs. - Remove any resources that define the default action. - Switch package installations to send packages as arrays instead of individual package resources. This generally speeds up chef runs. - Manage /etc/neutron/neutron_lbaas.conf so we can set service_provider properly. - Add some missing ChefSpec tests. - Configure neutron_lbaas.conf on Ubuntu in a manner that allows it to properly pull in the configuration via the --config-dir option. This is due to the fact we need to set an additional [service_providers] service_provider line and we can't do that with hashes. - Remove FWaaS as it's unmaintained upstream. Depends-On: https://review.opendev.org/701027 Depends-On: https://review.opendev.org/706151 Change-Id: Id29884766440d37fa18fd62f3f93eecc22224d51 --- .delivery/project.toml | 10 +- .rubocop.yml | 16 --- .rubocop_todo.yml | 21 --- Berksfile | 24 ++-- README.rst | 19 +-- attributes/default.rb | 196 +++++++++++++-------------- attributes/neutron_conf.rb | 15 +- metadata.rb | 25 +--- recipes/_bridge_config_example.rb | 51 ++++--- recipes/db_migration.rb | 35 ++--- recipes/default.rb | 52 +++---- recipes/dhcp_agent.rb | 22 ++- recipes/fwaas.rb | 53 -------- recipes/identity_registration.rb | 23 ++-- recipes/l3_agent.rb | 16 +-- recipes/lbaas.rb | 39 ++++-- recipes/metadata_agent.rb | 17 ++- recipes/metering_agent.rb | 15 +- recipes/ml2_core_plugin.rb | 2 +- recipes/ml2_linuxbridge.rb | 36 +++-- recipes/ml2_openvswitch.rb | 4 +- recipes/openvswitch.rb | 12 +- recipes/openvswitch_agent.rb | 18 ++- recipes/plugin_config.rb | 8 +- recipes/server.rb | 47 ++++--- spec/_bridge_config_example_spec.rb | 15 +- spec/db_migration_spec.rb | 39 +----- spec/default-redhat_spec.rb | 21 ++- spec/default_spec.rb | 86 +++++++++--- spec/dhcp_agent-centos_spec.rb | 43 +----- spec/dhcp_agent_spec.rb | 53 +++++++- spec/l3_agent-redhat_spec.rb | 13 +- spec/l3_agent_spec.rb | 51 +++++-- spec/lbaas-redhat_spec.rb | 40 +++--- spec/lbaas_spec.rb | 87 ++++++++++-- spec/metadata_agent-rhel_spec.rb | 29 ++++ spec/metadata_agent_spec.rb | 39 ++++-- spec/metering_agent-rhel_spec.rb | 28 ++++ spec/metering_agent_spec.rb | 27 +++- spec/ml2_linuxbridge-redhat_spec.rb | 6 +- spec/ml2_linuxbridge_spec.rb | 42 ++++-- spec/ml2_openvswitch_spec.rb | 36 +++++ spec/openvswitch-rhel_spec.rb | 26 ++++ spec/openvswitch_agent-rhel_spec.rb | 33 +++++ spec/openvswitch_agent_spec.rb | 37 +++-- spec/openvswitch_spec.rb | 25 ++-- spec/plugin_config_spec.rb | 5 +- spec/server-redhat_spec.rb | 6 +- spec/server_spec.rb | 73 +++++----- templates/default/neutron-server.erb | 6 +- 50 files changed, 937 insertions(+), 705 deletions(-) delete mode 100644 .rubocop_todo.yml delete mode 100644 recipes/fwaas.rb create mode 100644 spec/metadata_agent-rhel_spec.rb create mode 100644 spec/metering_agent-rhel_spec.rb create mode 100644 spec/ml2_openvswitch_spec.rb create mode 100644 spec/openvswitch-rhel_spec.rb create mode 100644 spec/openvswitch_agent-rhel_spec.rb diff --git a/.delivery/project.toml b/.delivery/project.toml index 6d5e3617..4066e559 100644 --- a/.delivery/project.toml +++ b/.delivery/project.toml @@ -1 +1,9 @@ -remote_file = "https://raw.githubusercontent.com/chef-cookbooks/community_cookbook_tools/master/delivery/project.toml" +[local_phases] +unit = 'rspec spec/' +lint = 'cookstyle --display-cop-names --extra-details' +syntax = "berks install -e integration" +provision = "echo skipping" +deploy = "echo skipping" +smoke = "echo skipping" +functional = "echo skipping" +cleanup = "echo skipping" diff --git a/.rubocop.yml b/.rubocop.yml index 5e0be9fb..8d19f135 100644 --- a/.rubocop.yml +++ b/.rubocop.yml @@ -1,5 +1,3 @@ -inherit_from: .rubocop_todo.yml - AllCops: Include: - metadata.rb @@ -14,17 +12,3 @@ AllCops: - .cookbooks/**/* - berks-cookbooks/**/* - .bundle/**/* - -Encoding: - Exclude: - - metadata.rb - - Gemfile - -NumericLiterals: - Enabled: false - -LineLength: - Enabled: false - -WordArray: - MinSize: 3 diff --git a/.rubocop_todo.yml b/.rubocop_todo.yml deleted file mode 100644 index e12bee3d..00000000 --- a/.rubocop_todo.yml +++ /dev/null @@ -1,21 +0,0 @@ -# This configuration was generated by -# `rubocop --auto-gen-config` -# on 2018-08-03 05:26:05 -0700 using RuboCop version 0.55.0. -# The point is for the user to remove these configuration records -# one by one as the offenses are removed from the code base. -# Note that changes in the inspected code, or installation of new -# versions of RuboCop, may require this file to be generated again. - -# Offense count: 5 -# Cop supports --auto-correct. -Style/IfUnlessModifier: - Exclude: - - 'attributes/neutron_conf.rb' - - 'recipes/default.rb' - - 'recipes/l3_agent.rb' - -# Offense count: 135 -# Configuration parameters: AllowHeredoc, AllowURI, URISchemes, IgnoreCopDirectives, IgnoredPatterns. -# URISchemes: http, https -Metrics/LineLength: - Max: 202 diff --git a/Berksfile b/Berksfile index 0b301115..5a774206 100644 --- a/Berksfile +++ b/Berksfile @@ -2,20 +2,20 @@ source 'https://supermarket.chef.io' solver :ruby, :required -%w( - client - -common - -dns - -identity - -image - -integration-test - -ops-database - -ops-messaging -).each do |cookbook| +[ + %w(client dep), + %w(-common dep), + %w(-dns integration), + %w(-identity dep), + %w(-image integration), + %w(-integration-test integration), + %w(-ops-database integration), + %w(-ops-messaging integration), +].each do |cookbook, group| if Dir.exist?("../cookbook-openstack#{cookbook}") - cookbook "openstack#{cookbook}", path: "../cookbook-openstack#{cookbook}" + cookbook "openstack#{cookbook}", path: "../cookbook-openstack#{cookbook}", group: group else - cookbook "openstack#{cookbook}", git: "https://opendev.org/openstack/cookbook-openstack#{cookbook}" + cookbook "openstack#{cookbook}", git: "https://opendev.org/openstack/cookbook-openstack#{cookbook}", group: group end end diff --git a/README.rst b/README.rst index 576b69a7..49f7f02f 100644 --- a/README.rst +++ b/README.rst @@ -25,9 +25,9 @@ handle L2 and L3 networking for various hardware vendors and standards. Requirements ============ -- Chef 14 or higher -- ChefDK 3.2.30 for testing (also includes Berkshelf for cookbook - dependency resolution) +- Chef 15 or higher +- Chef Workstation 0.15.18 for testing (also includes Berkshelf for + cookbook dependency resolution) Platform ======== @@ -42,8 +42,8 @@ Cookbooks The following cookbooks are dependencies: - 'openstackclient' -- 'openstack-common', '>= 18.0.0' -- 'openstack-identity', '>= 18.0.0' +- 'openstack-common', '>= 19.0.0' +- 'openstack-identity', '>= 19.0.0' Attributes ========== @@ -87,13 +87,6 @@ attributes in using the same template as for the ``neutron.conf`` node['openstack']['network_dhcp']['conf'] -openstack-network::fwaas ------------------------- - -**This is a 'work in progress' recipe and is currently not tested** - -- Installs the Firewall as a Service - openstack-network::identity_registration ---------------------------------------- @@ -244,7 +237,7 @@ License and Author +-----------------+--------------------------------------------------+ | **Copyright** | Copyright (c) 2016, cloudbau GmbH | +-----------------+--------------------------------------------------+ -| **Copyright** | Copyright (c) 2016-2019, Oregon State University | +| **Copyright** | Copyright (c) 2016-2020, Oregon State University | +-----------------+--------------------------------------------------+ Licensed under the Apache License, Version 2.0 (the "License"); you may diff --git a/attributes/default.rb b/attributes/default.rb index eb34e0d6..bb2f163e 100644 --- a/attributes/default.rb +++ b/attributes/default.rb @@ -1,10 +1,11 @@ # encoding: UTF-8 # -# Cookbook Name:: openstack-network +# Cookbook:: openstack-network # Attributes:: default # -# Copyright 2013, AT&T -# Copyright 2014, IBM Corp. +# Copyright:: 2013, AT&T +# Copyright:: 2014, IBM Corp. +# Copyright:: 2016-2020, Oregon State University # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -127,10 +128,8 @@ node.default['openstack']['network_metadata']['conf'] = {} default['openstack']['network_metering']['config_file'] = '/etc/neutron/metering_agent.ini' default['openstack']['network_metering']['conf'].tap do |conf| - conf['DEFAULT']['interface_driver'] = - 'neutron.agent.linux.interface.OVSInterfaceDriver' - conf['DEFAULT']['driver'] = - 'neutron.services.metering.drivers.iptables.iptables_driver.IptablesMeteringDriver' + conf['DEFAULT']['interface_driver'] = 'neutron.agent.linux.interface.OVSInterfaceDriver' + conf['DEFAULT']['driver'] = 'neutron.services.metering.drivers.iptables.iptables_driver.IptablesMeteringDriver' end # ============================= LBaaS Agent Configuration ================== @@ -138,12 +137,22 @@ end # ['default']['service_plugins'] # Set to true to enable lbaas default['openstack']['network_lbaas']['enabled'] = false -# Custom the lbaas config file path -default['openstack']['network_lbaas']['config_file'] = '/etc/neutron/lbaas_agent.ini' +# Custom the lbaas neutron config file path +default['openstack']['network_lbaas']['config_file'] = + case node['platform_family'] + when 'rhel' + '/etc/neutron/neutron_lbaas.conf' + when 'debian' + '/etc/neutron/conf.d/neutron-server/neutron_lbaas.conf' + end default['openstack']['network_lbaas']['conf'].tap do |conf| - conf['DEFAULT']['periodic_interval'] = 10 - conf['DEFAULT']['ovs_use_veth'] = false - conf['DEFAULT']['interface_driver'] = 'neutron.agent.linux.interface.OVSInterfaceDriver' + conf['service_providers']['service_provider'] = + 'LOADBALANCERV2:Haproxy:neutron_lbaas.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default' +end +# Custom the lbaas agent config file path +default['openstack']['network_lbaas_agent']['config_file'] = '/etc/neutron/lbaas_agent.ini' +default['openstack']['network_lbaas_agent']['conf'].tap do |conf| + conf['DEFAULT']['interface_driver'] = 'openvswitch' conf['DEFAULT']['device_driver'] = 'neutron_lbaas.drivers.haproxy.namespace_driver.HaproxyNSDriver' case node['platform_family'] when 'fedora', 'rhel' @@ -153,112 +162,93 @@ default['openstack']['network_lbaas']['conf'].tap do |conf| end end -# ============================= FWaaS Configuration ================== -# To enable 'firewall' as service_plugin, you need to add it to neutron.conf -# ['default']['service_plugins'] -# Set to True to enable firewall service -default['openstack']['network_fwaas']['enabled'] = false -# Firewall service driver with linux iptables -default['openstack']['network_fwaas']['conf'].tap do |conf| - conf['fwaas']['driver'] = 'neutron_fwaas.services.firewall.service_drivers.agents.drivers.linux.iptables_fwaas.IptablesFwaasDriver' -end -# Customize the fwaas config file path -default['openstack']['network_fwaas']['config_file'] = '/etc/neutron/fwaas_driver.ini' - # ============================= platform-specific settings =========== default['openstack']['network']['platform'].tap do |platform| platform['user'] = 'neutron' platform['group'] = 'neutron' - platform['neutron_dhcp_agent_service'] = - 'neutron-dhcp-agent' - platform['neutron_l3_agent_service'] = - 'neutron-l3-agent' - platform['neutron_lb_agent_service'] = - 'neutron-lbaasv2-agent' - platform['neutron_metadata_agent_service'] = - 'neutron-metadata-agent' - platform['neutron_metering_agent_service'] = - 'neutron-metering-agent' - platform['neutron_server_service'] = - 'neutron-server' - platform['neutron_rpc_server_service'] = - 'neutron-rpc-server' + platform['neutron_dhcp_agent_service'] = 'neutron-dhcp-agent' + platform['neutron_l3_agent_service'] = 'neutron-l3-agent' + platform['neutron_lb_agent_service'] = 'neutron-lbaasv2-agent' + platform['neutron_metadata_agent_service'] = 'neutron-metadata-agent' + platform['neutron_metering_agent_service'] = 'neutron-metering-agent' + platform['neutron_server_service'] = 'neutron-server' + platform['neutron_rpc_server_service'] = 'neutron-rpc-server' case node['platform_family'] when 'fedora', 'rhel' # :pragma-foodcritic: ~FC024 - won't fix this platform['neutron_packages'] = - %w(openstack-neutron openstack-neutron-ml2 iproute) - platform['neutron_dhcp_packages'] = - %w(openstack-neutron iproute) + %w( + ebtables + iproute + openstack-neutron + openstack-neutron-ml2 + ) + platform['neutron_dhcp_packages'] = %w(openstack-neutron iproute) platform['neutron_l3_packages'] = - %w(openstack-neutron iproute radvd keepalived) - platform['neutron_plugin_package'] = - 'neutron-plugin-ml2' - platform['neutron_fwaas_packages'] = - %w() + %w( + iproute + keepalived + openstack-neutron + radvd + ) + platform['neutron_plugin_package'] = 'neutron-plugin-ml2' platform['neutron_lbaas_packages'] = - %w(openstack-neutron-lbaas haproxy iproute) - platform['neutron_lbaas_python_dependencies'] = - %w(python-neutron-lbaas) - platform['neutron_openvswitch_packages'] = - %w(openvswitch) - platform['neutron_openvswitch_agent_packages'] = - %w(openstack-neutron-openvswitch iproute) - platform['neutron_linuxbridge_agent_packages'] = - %w(openstack-neutron-linuxbridge iproute) - platform['neutron_linuxbridge_agent_service'] = - 'neutron-linuxbridge-agent' - platform['neutron_metadata_agent_packages'] = - %w() - platform['neutron_metering_agent_packages'] = - %w(openstack-neutron-metering-agent) - platform['neutron_server_packages'] = - %w() - platform['neutron_openvswitch_service'] = - 'openvswitch' - platform['neutron_openvswitch_agent_service'] = - 'neutron-openvswitch-agent' - platform['package_overrides'] = - '' + %w( + haproxy + iproute + openstack-neutron-lbaas + ) + platform['neutron_lbaas_python_dependencies'] = %w(python-neutron-lbaas) + platform['neutron_openvswitch_packages'] = %w(openvswitch) + platform['neutron_openvswitch_agent_packages'] = %w(openstack-neutron-openvswitch iproute) + platform['neutron_linuxbridge_agent_packages'] = %w(openstack-neutron-linuxbridge iproute) + platform['neutron_linuxbridge_agent_service'] = 'neutron-linuxbridge-agent' + platform['neutron_metadata_agent_packages'] = [] + platform['neutron_metering_agent_packages'] = %w(openstack-neutron-metering-agent) + platform['neutron_server_packages'] = [] + platform['neutron_openvswitch_service'] = 'openvswitch' + platform['neutron_openvswitch_agent_service'] = 'neutron-openvswitch-agent' + platform['package_overrides'] = '' when 'debian' - platform['neutron_packages'] = - %w(neutron-common python3-neutron) - platform['neutron_dhcp_packages'] = - %w(neutron-dhcp-agent) + platform['neutron_packages'] = %w(neutron-common python3-neutron) + platform['neutron_dhcp_packages'] = %w(neutron-dhcp-agent) platform['neutron_l3_packages'] = - %w(python3-neutron-fwaas neutron-l3-agent radvd keepalived) - platform['neutron_fwaas_packages'] = - %w(python3-neutron-fwaas) + %w( + keepalived + neutron-l3-agent + radvd + ) platform['neutron_lbaas_packages'] = - %w(python3-neutron-lbaas neutron-lbaas-common neutron-lbaasv2-agent haproxy) - platform['neutron_lbaas_python_dependencies'] = - %w(python3-neutron-lbaas) - platform['neutron_openvswitch_packages'] = - %w(openvswitch-switch bridge-utils) + %w( + haproxy + neutron-lbaas-common + neutron-lbaasv2-agent + python3-neutron-lbaas + ) + platform['neutron_lbaas_python_dependencies'] = %w(python3-neutron-lbaas) + platform['neutron_openvswitch_packages'] = %w(openvswitch-switch bridge-utils) platform['neutron_openvswitch_build_packages'] = %w( - build-essential pkg-config fakeroot - libssl-dev openssl debhelper - autoconf dkms python-all - python-qt4 python-zopeinterface + autoconf + build-essential + debhelper + dkms + fakeroot + libssl-dev + openssl + pkg-config + python-all + python-qt4 python-twisted-conch + python-zopeinterface ) - platform['neutron_openvswitch_agent_packages'] = - %w(neutron-openvswitch-agent) - platform['neutron_linuxbridge_agent_packages'] = - %w(neutron-plugin-linuxbridge neutron-plugin-linuxbridge-agent) - platform['neutron_linuxbridge_agent_service'] = - 'neutron-plugin-linuxbridge-agent' - platform['neutron_metadata_agent_packages'] = - %w(neutron-metadata-agent) - platform['neutron_metering_agent_packages'] = - %w(neutron-metering-agent) - platform['neutron_server_packages'] = - %w(neutron-server) - platform['neutron_openvswitch_service'] = - 'openvswitch-switch' - platform['neutron_openvswitch_agent_service'] = - 'neutron-openvswitch-agent' - platform['package_overrides'] = - '' + platform['neutron_openvswitch_agent_packages'] = %w(neutron-openvswitch-agent) + platform['neutron_linuxbridge_agent_packages'] = %w(neutron-plugin-linuxbridge neutron-plugin-linuxbridge-agent) + platform['neutron_linuxbridge_agent_service'] = 'neutron-plugin-linuxbridge-agent' + platform['neutron_metadata_agent_packages'] = %w(neutron-metadata-agent) + platform['neutron_metering_agent_packages'] = %w(neutron-metering-agent) + platform['neutron_server_packages'] = %w(neutron-server) + platform['neutron_openvswitch_service'] = 'openvswitch-switch' + platform['neutron_openvswitch_agent_service'] = 'neutron-openvswitch-agent' + platform['package_overrides'] = '' end end diff --git a/attributes/neutron_conf.rb b/attributes/neutron_conf.rb index 890cec6e..e087956e 100644 --- a/attributes/neutron_conf.rb +++ b/attributes/neutron_conf.rb @@ -11,6 +11,17 @@ default['openstack']['network']['conf'].tap do |conf| end conf['DEFAULT']['control_exchange'] = 'neutron' conf['DEFAULT']['core_plugin'] = 'ml2' + if node['openstack']['network_lbaas']['enabled'] + conf['DEFAULT']['service_plugins'] = + if conf['DEFAULT']['service_plugins'].empty? + 'neutron_lbaas.services.loadbalancer.plugin.LoadBalancerPluginv2' + else + [ + 'neutron_lbaas.services.loadbalancer.plugin.LoadBalancerPluginv2', + conf['DEFAULT']['service_plugins'], + ].flatten.sort.join(',') + end + end # [agent] section if node['openstack']['network']['use_rootwrap'] @@ -18,7 +29,7 @@ default['openstack']['network']['conf'].tap do |conf| end # [keystone_authtoken] section - conf['keystone_authtoken']['auth_type'] = 'v3password' + conf['keystone_authtoken']['auth_type'] = 'password' conf['keystone_authtoken']['region_name'] = node['openstack']['region'] conf['keystone_authtoken']['username'] = 'neutron' conf['keystone_authtoken']['user_domain_name'] = 'Default' @@ -26,7 +37,7 @@ default['openstack']['network']['conf'].tap do |conf| conf['keystone_authtoken']['project_name'] = 'service' conf['keystone_authtoken']['auth_version'] = 'v3' # [nova] section - conf['nova']['auth_type'] = 'v3password' + conf['nova']['auth_type'] = 'password' conf['nova']['region_name'] = node['openstack']['region'] conf['nova']['username'] = 'nova' conf['nova']['user_domain_name'] = 'Default' diff --git a/metadata.rb b/metadata.rb index 86fe12fd..a4234737 100644 --- a/metadata.rb +++ b/metadata.rb @@ -3,33 +3,16 @@ maintainer 'openstack-chef' maintainer_email 'openstack-discuss@lists.openstack.org' license 'Apache-2.0' description 'Installs and configures the OpenStack Network API Service and various agents and plugins' -version '18.0.0' - -recipe 'openstack-network::_bridge_config_example', 'Example bridge recipe used in kitchen tests' -recipe 'openstack-network::db_migration', 'Migrates the neutron database' -recipe 'openstack-network::default', 'Configures common pieces needed for all neutron services and create the neutron.conf' -recipe 'openstack-network::dhcp_agent', 'Installs the DHCP agent' -recipe 'openstack-network::fwaas', 'Installs the Firewall as a Service' -recipe 'openstack-network::identity_registration', 'Registers the OpenStack Network API endpoint and service user with Keystone' -recipe 'openstack-network::l3_agent', 'Installs the L3 agent' -recipe 'openstack-network::lbaas', 'Installs the Loadbalancer as a Service' -recipe 'openstack-network::metadata_agent', 'Installs the metadata agent' -recipe 'openstack-network::metering_agent', 'Installs the metering agent' -recipe 'openstack-network::ml2_core_plugin', 'Configure the ml2_core_plugin' -recipe 'openstack-network::ml2_linuxbridge', 'Configure the ml2 linuxbridge plugin' -recipe 'openstack-network::ml2_openvswitch', 'Configure the ml2 openvswitch plugin' -recipe 'openstack-network::openvswitch', 'Installs openvswitch' -recipe 'openstack-network::openvswitch_agent', 'Installs the openvswitch agent' -recipe 'openstack-network::plugin_config', 'Generates all the needed plugin configurations directly from the attributes' +version '19.0.0' %w(ubuntu redhat centos).each do |os| supports os end depends 'openstackclient' -depends 'openstack-common', '>= 18.0.0' -depends 'openstack-identity', '>= 18.0.0' +depends 'openstack-common', '>= 19.0.0' +depends 'openstack-identity', '>= 19.0.0' issues_url 'https://launchpad.net/openstack-chef' source_url 'https://opendev.org/openstack/cookbook-openstack-network' -chef_version '>= 14.0' +chef_version '>= 15.0' diff --git a/recipes/_bridge_config_example.rb b/recipes/_bridge_config_example.rb index e601ddfc..06aa5285 100644 --- a/recipes/_bridge_config_example.rb +++ b/recipes/_bridge_config_example.rb @@ -1,8 +1,10 @@ # Encoding: utf-8 # -# Cookbook Name:: openstack-network +# Cookbook:: openstack-network # Recipe:: _bridge_config_example # +# Copyright:: 2020, Oregon State University +# # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -41,21 +43,27 @@ tun_interface = node['openstack']['network']['tun_network_bridge_interface'] # This needs to be done during compile time to ensure that the address_for # method used lateron works execute 'create eth-ext dummy interface' do - command 'ip link add eth-ext type dummy;'\ - 'ip link set dev eth-ext up' + command <<-EOF + ip link add eth-ext type dummy + ip link set dev eth-ext up + EOF not_if 'ip link show | grep eth-ext' end.run_action(:run) execute 'create eth-vlan dummy interface' do - command 'ip link add eth-vlan type dummy;'\ - 'ip link set dev eth-vlan up' + command <<-EOF + ip link add eth-vlan type dummy + ip link set dev eth-vlan up + EOF not_if 'ip link show | grep eth-vlan' end.run_action(:run) execute "create #{tun_interface} dummy interface" do - command "ip link add #{tun_interface} type dummy;"\ - "ip link set dev #{tun_interface} up;"\ - "ip addr add 10.0.0.201/24 dev #{tun_interface}" + command <<-EOF + ip link add #{tun_interface} type dummy + ip link set dev #{tun_interface} up + ip addr add 10.0.0.201/24 dev #{tun_interface} + EOF not_if "ip link show | grep #{tun_interface}" end.run_action(:run) @@ -65,59 +73,48 @@ ohai('reload').run_action(:reload) # set all the needed attributes according to the dummy interfaces added above # vlan bridge node.default['openstack']['network']['vlan_network_bridge_interface'] = 'eth-vlan' -node.default['openstack']['network']['plugins']['openvswitch']['conf'] -.[]('OVS')['bridge_mappings'] = 'vlan:br-vlan,external:br-ex' +node.default['openstack']['network']['plugins']['openvswitch']['conf'].[]('OVS')['bridge_mappings'] = + 'vlan:br-vlan,external:br-ex' # external bridge node.default['openstack']['network_l3']['external_network_bridge_interface'] = 'eth-ext' # tunnel bridge -node.default['openstack']['network']['plugins']['openvswitch']['conf'] -.[]('OVS')['tunnel_bridge'] = 'br-tun' -node.default['openstack']['network']['plugins']['openvswitch']['conf'] -.[]('OVS')['local_ip'] = +node.default['openstack']['network']['plugins']['openvswitch']['conf'].[]('OVS')['tunnel_bridge'] = 'br-tun' +node.default['openstack']['network']['plugins']['openvswitch']['conf'].[]('OVS')['local_ip'] = address_for(tun_interface) -node.default['openstack']['network']['plugins']['openvswitch']['conf'] -.[]('AGENT')['tunnel_types'] = 'gre,vxlan' +node.default['openstack']['network']['plugins']['openvswitch']['conf'].[]('AGENT')['tunnel_types'] = 'gre,vxlan' # ovs security groups -node.default['openstack']['network']['plugins']['openvswitch']['conf'] -.[]('SECURITYGROUP')['firewall_driver'] = +node.default['openstack']['network']['plugins']['openvswitch']['conf'].[]('SECURITYGROUP')['firewall_driver'] = 'neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver' # define variables for bridge definitions below ex_bridge_iface = node['openstack']['network_l3']['external_network_bridge_interface'] vlan_bridge_iface = node['openstack']['network']['vlan_network_bridge_interface'] -tun_bridge = node['openstack']['network']['plugins']['openvswitch']['conf'] -.[]('OVS')['tunnel_bridge'] +tun_bridge = node['openstack']['network']['plugins']['openvswitch']['conf'].[]('OVS')['tunnel_bridge'] # get the bridge names from the ovs bridge_mappings -mappings = node['openstack']['network']['plugins']['openvswitch']['conf'] -.[]('OVS')['bridge_mappings'].split(',') +mappings = node['openstack']['network']['plugins']['openvswitch']['conf'].[]('OVS')['bridge_mappings'].split(',') vlan_bridge = mappings.find { |mapping| mapping.split(':').first == 'vlan' }.split(':').last ex_bridge = mappings.find { |mapping| mapping.split(':').first == 'external' }.split(':').last execute 'create external network bridge' do command "ovs-vsctl --may-exist add-br #{ex_bridge}" - action :run end execute 'create external network bridge port' do command "ovs-vsctl --may-exist add-port #{ex_bridge} #{ex_bridge_iface}" - action :run end execute 'create vlan network bridge' do command "ovs-vsctl --may-exist add-br #{vlan_bridge}" - action :run end execute 'create vlan network bridge port' do command "ovs-vsctl --may-exist add-port #{vlan_bridge} #{vlan_bridge_iface}" - action :run end execute 'create tunnel network bridge' do command "ovs-vsctl --may-exist add-br #{tun_bridge}" - action :run end diff --git a/recipes/db_migration.rb b/recipes/db_migration.rb index e3f2cf87..f9910296 100644 --- a/recipes/db_migration.rb +++ b/recipes/db_migration.rb @@ -1,9 +1,10 @@ # encoding: UTF-8 # -# Cookbook Name:: openstack-network +# Cookbook:: openstack-network # Recipe:: db_migration # -# Copyright 2015, IBM Corp. +# Copyright:: 2015, IBM Corp. +# Copyright:: 2020, Oregon State University # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -21,30 +22,18 @@ plugin_config_file = node['openstack']['network']['core_plugin_config_file'] timeout = node['openstack']['network']['dbsync_timeout'] # The node['openstack']['network']['plugin_config_file'] attribute is set in the default.rb recipe -bash 'migrate network database' do +execute 'migrate network database' do timeout timeout - migrate_command = 'neutron-db-manage --config-file /etc/neutron/neutron.conf' - code <<-EOF -#{migrate_command} upgrade head -EOF -end - -# Only if the fwaas is enabled, migrate the database. -bash 'migrate fwaas database' do - only_if { node['openstack']['network_fwaas']['enabled'] } - timeout timeout - migrate_command = "neutron-db-manage --subproject neutron-fwaas --config-file /etc/neutron/neutron.conf --config-file #{plugin_config_file}" - code <<-EOF -#{migrate_command} upgrade head -EOF + command <<-EOF.gsub(/^ {4}/, '') + neutron-db-manage --config-file /etc/neutron/neutron.conf upgrade head + EOF end # Only if the lbaas is enabled, migrate the database. -bash 'migrate lbaas database' do - only_if { node['openstack']['network_lbaas']['enabled'] } +execute 'migrate lbaas database' do timeout timeout - migrate_command = "neutron-db-manage --subproject neutron-lbaas --config-file /etc/neutron/neutron.conf --config-file #{plugin_config_file}" - code <<-EOF -#{migrate_command} upgrade head -EOF + command <<-EOF.gsub(/^ {4}/, '') + neutron-db-manage --subproject neutron-lbaas --config-file /etc/neutron/neutron.conf --config-file #{plugin_config_file} upgrade head + EOF + only_if { node['openstack']['network_lbaas']['enabled'] } end diff --git a/recipes/default.rb b/recipes/default.rb index 02b33c74..a64a3b72 100644 --- a/recipes/default.rb +++ b/recipes/default.rb @@ -1,11 +1,12 @@ # Encoding: utf-8 # -# Cookbook Name:: openstack-network +# Cookbook:: openstack-network # Recipe:: default # -# Copyright 2013, AT&T -# Copyright 2013-2014, SUSE Linux GmbH -# Copyright 2013-2014, IBM Corp. +# Copyright:: 2013, AT&T +# Copyright:: 2013-2014, SUSE Linux GmbH +# Copyright:: 2013-2014, IBM Corp. +# Copyright:: 2020, Oregon State University # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -33,19 +34,16 @@ if node['openstack']['network']['syslog']['use'] include_recipe 'openstack-common::logging' end -platform_options['neutron_packages'].each do |pkg| - package pkg do - options platform_options['package_overrides'] - action :upgrade - end +package platform_options['neutron_packages'] do + options platform_options['package_overrides'] + action :upgrade end db_type = node['openstack']['db']['network']['service_type'] -node['openstack']['db']['python_packages'][db_type].each do |pkg| - package pkg do - options platform_options['package_overrides'] - action :upgrade - end + +package node['openstack']['db']['python_packages'][db_type] do + options platform_options['package_overrides'] + action :upgrade end template '/etc/neutron/rootwrap.conf' do @@ -53,7 +51,7 @@ template '/etc/neutron/rootwrap.conf' do cookbook 'openstack-common' owner node['openstack']['network']['platform']['user'] group node['openstack']['network']['platform']['group'] - mode 0o0644 + mode '644' variables( service_config: node['openstack']['network']['rootwrap']['conf'] ) @@ -64,8 +62,7 @@ cookbook_file '/usr/bin/neutron-enable-bridge-firewall.sh' do owner 'root' group 'wheel' mode '0755' - action :create - only_if { node['platform_family'] == 'rhel' } + only_if { platform_family?('rhel') } end if node['openstack']['mq']['service_type'] == 'rabbit' @@ -80,31 +77,21 @@ db_pass = get_password 'db', 'neutron' bind_service = node['openstack']['bind_service']['all']['network'] bind_service_address = bind_address bind_service -# The auth_url in nova section follows auth_type -nova_auth_url = nil -case node['openstack']['network']['conf']['nova']['auth_type'] -when 'v3password' - nova_auth_url = auth_url -end - node.default['openstack']['network']['conf'].tap do |conf| if node['openstack']['network']['syslog']['use'] conf['DEFAULT']['log_config'] = '/etc/openstack/logging.conf' end conf['DEFAULT']['bind_host'] = bind_service_address conf['DEFAULT']['bind_port'] = bind_service['port'] - conf['nova']['auth_url'] = nova_auth_url if nova_auth_url + conf['nova']['auth_url'] = auth_url conf['keystone_authtoken']['auth_url'] = auth_url end # define secrets that are needed in the neutron.conf.erb node.default['openstack']['network']['conf_secrets'].tap do |conf_secrets| - conf_secrets['database']['connection'] = - db_uri('network', db_user, db_pass) - conf_secrets['nova']['password'] = - get_password 'service', 'openstack-compute' - conf_secrets['keystone_authtoken']['password'] = - get_password 'service', 'openstack-network' + conf_secrets['database']['connection'] = db_uri('network', db_user, db_pass) + conf_secrets['nova']['password'] = get_password 'service', 'openstack-compute' + conf_secrets['keystone_authtoken']['password'] = get_password 'service', 'openstack-network' end # merge all config options and secrets to be used in the neutron.conf.erb @@ -115,7 +102,8 @@ template '/etc/neutron/neutron.conf' do cookbook 'openstack-common' owner node['openstack']['network']['platform']['user'] group node['openstack']['network']['platform']['group'] - mode 0o0640 + mode '640' + sensitive true variables( service_config: neutron_conf_options ) diff --git a/recipes/dhcp_agent.rb b/recipes/dhcp_agent.rb index 088e628f..2cae0ee9 100644 --- a/recipes/dhcp_agent.rb +++ b/recipes/dhcp_agent.rb @@ -1,9 +1,10 @@ # Encoding: utf-8 # -# Cookbook Name:: openstack-network +# Cookbook:: openstack-network # Recipe:: dhcp_agent # -# Copyright 2013, AT&T +# Copyright:: 2013, AT&T +# Copyright:: 2020, Oregon State University # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -22,11 +23,9 @@ include_recipe 'openstack-network' platform_options = node['openstack']['network']['platform'] -platform_options['neutron_dhcp_packages'].each do |pkg| - package pkg do - options platform_options['package_overrides'] - action :upgrade - end +package platform_options['neutron_dhcp_packages'] do + options platform_options['package_overrides'] + action :upgrade end # TODO: (jklare) this should be refactored and probably pull in the some dnsmasq @@ -35,7 +34,7 @@ template '/etc/neutron/dnsmasq.conf' do source 'dnsmasq.conf.erb' owner node['openstack']['network']['platform']['user'] group node['openstack']['network']['platform']['group'] - mode 0o0644 + mode '644' end service_config = merge_config_options 'network_dhcp' @@ -44,7 +43,7 @@ template node['openstack']['network_dhcp']['config_file'] do cookbook 'openstack-common' owner node['openstack']['network']['platform']['user'] group node['openstack']['network']['platform']['group'] - mode 0o0644 + mode '644' variables( service_config: service_config ) @@ -52,8 +51,7 @@ end # TODO: (jklare) this should be refactored and probably pull in the some dnsmasq # cookbook to do the proper configuration -case node['platform'] -when 'centos' +if platform?('centos') rpm_package 'dnsmasq' do action :upgrade end @@ -65,7 +63,7 @@ service 'neutron-dhcp-agent' do action [:enable, :start] subscribes :restart, [ 'template[/etc/neutron/neutron.conf]', - 'template [/etc/neutron/dnsmasq.conf]', + 'template[/etc/neutron/dnsmasq.conf]', "template[#{node['openstack']['network_dhcp']['config_file']}]", 'rpm_package[dnsmasq]', ] diff --git a/recipes/fwaas.rb b/recipes/fwaas.rb deleted file mode 100644 index ce0d7ff1..00000000 --- a/recipes/fwaas.rb +++ /dev/null @@ -1,53 +0,0 @@ -# Encoding: utf-8 -# -# Cookbook Name:: openstack-network -# Recipe:: fwaas -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -include_recipe 'openstack-network' - -# Make Openstack object available in Chef::Recipe -class ::Chef::Recipe - include ::Openstack -end - -platform_options = node['openstack']['network']['platform'] - -platform_options['neutron_fwaas_packages'].each do |pkg| - package pkg do - options platform_options['package_overrides'] - action :upgrade - end -end - -node.default['openstack']['network_fwaas']['conf'].tap do |conf| - conf['fwaas']['enabled'] = 'True' -end - -node.default['openstack']['network_l3']['conf'].tap do |conf| - conf['AGENT']['extensions'] = 'fwaas' -end - -# As the fwaas package will be installed anyway, configure its config-file attributes following environment. -service_conf = merge_config_options 'network_fwaas' -template node['openstack']['network_fwaas']['config_file'] do - source 'openstack-service.conf.erb' - cookbook 'openstack-common' - owner node['openstack']['network']['platform']['user'] - group node['openstack']['network']['platform']['group'] - mode 0o0640 - variables( - service_config: service_conf - ) -end diff --git a/recipes/identity_registration.rb b/recipes/identity_registration.rb index ef0bca67..3c77bbac 100644 --- a/recipes/identity_registration.rb +++ b/recipes/identity_registration.rb @@ -1,10 +1,11 @@ # Encoding: utf-8 # -# Cookbook Name:: openstack-network +# Cookbook:: openstack-network # Recipe:: identity_registration # -# Copyright 2013, AT&T -# Copyright 2013, SUSE Linux GmbH +# Copyright:: 2013, AT&T +# Copyright:: 2013, SUSE Linux GmbH +# Copyright:: 2019-2020, Oregon State University # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -35,11 +36,9 @@ interfaces = { } service_pass = get_password 'service', 'openstack-network' -service_tenant_name = - node['openstack']['network']['conf']['keystone_authtoken']['project_name'] +service_tenant_name = node['openstack']['network']['conf']['keystone_authtoken']['project_name'] -service_user = - node['openstack']['network']['conf']['keystone_authtoken']['username'] +service_user = node['openstack']['network']['conf']['keystone_authtoken']['username'] service_role = node['openstack']['network']['service_role'] service_domain_name = node['openstack']['network']['conf']['keystone_authtoken']['user_domain_name'] admin_user = node['openstack']['identity']['admin_user'] @@ -52,11 +51,11 @@ region = node['openstack']['region'] # endpoint_type = node['openstack']['identity']['endpoint_type'] connection_params = { - openstack_auth_url: auth_url, - openstack_username: admin_user, - openstack_api_key: admin_pass, - openstack_project_name: admin_project, - openstack_domain_name: admin_domain, + openstack_auth_url: auth_url, + openstack_username: admin_user, + openstack_api_key: admin_pass, + openstack_project_name: admin_project, + openstack_domain_name: admin_domain, # openstack_endpoint_type: endpoint_type, } diff --git a/recipes/l3_agent.rb b/recipes/l3_agent.rb index 2e1c9f71..65b9f42a 100644 --- a/recipes/l3_agent.rb +++ b/recipes/l3_agent.rb @@ -1,9 +1,10 @@ # Encoding: utf-8 # -# Cookbook Name:: openstack-network +# Cookbook:: openstack-network # Recipe:: l3_agent # -# Copyright 2013, AT&T +# Copyright:: 2013, AT&T +# Copyright:: 2020, Oregon State University # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -27,11 +28,9 @@ end platform_options = node['openstack']['network']['platform'] -platform_options['neutron_l3_packages'].each do |pkg| - package pkg do - options platform_options['package_overrides'] - action :upgrade - end +package platform_options['neutron_l3_packages'] do + options platform_options['package_overrides'] + action :upgrade end service_config = merge_config_options 'network_l3' @@ -40,7 +39,7 @@ template node['openstack']['network_l3']['config_file'] do cookbook 'openstack-common' owner node['openstack']['network']['platform']['user'] group node['openstack']['network']['platform']['group'] - mode 0o0640 + mode '640' variables( service_config: service_config ) @@ -53,6 +52,5 @@ service 'neutron-l3-agent' do action [:enable, :start] subscribes :restart, [ 'template[/etc/neutron/neutron.conf]', - "template[#{node['openstack']['network_fwaas']['config_file']}]", ] end diff --git a/recipes/lbaas.rb b/recipes/lbaas.rb index 83fa3790..b5e3c841 100644 --- a/recipes/lbaas.rb +++ b/recipes/lbaas.rb @@ -1,9 +1,10 @@ # Encoding: utf-8 # -# Cookbook Name:: openstack-network +# Cookbook:: openstack-network # Recipe:: lbaas # -# Copyright 2013, Mirantis IT +# Copyright:: 2013, Mirantis IT +# Copyright:: 2020, Oregon State University # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -17,7 +18,6 @@ # See the License for the specific language governing permissions and # limitations under the License. # - # This recipe should be placed in the run_list of the node that # runs the network server or network controller server. include_recipe 'openstack-network' @@ -28,23 +28,39 @@ class ::Chef::Recipe end platform_options = node['openstack']['network']['platform'] -platform_options['neutron_lbaas_packages'].each do |pkg| - package pkg do - options platform_options['package_overrides'] - action :upgrade - end +package platform_options['neutron_lbaas_packages'] do + options platform_options['package_overrides'] + action :upgrade end -service_config = merge_config_options 'network_lbaas' +neutron_config = merge_config_options 'network_lbaas' +agent_config = merge_config_options 'network_lbaas_agent' + +directory '/etc/neutron/conf.d/neutron-server' do + recursive true + only_if { platform_family?('debian') } +end template node['openstack']['network_lbaas']['config_file'] do source 'openstack-service.conf.erb' cookbook 'openstack-common' owner node['openstack']['network']['platform']['user'] group node['openstack']['network']['platform']['group'] - mode 0o0640 + mode '640' variables( - service_config: service_config + service_config: neutron_config + ) + notifies :restart, 'service[neutron-server]', :delayed +end + +template node['openstack']['network_lbaas_agent']['config_file'] do + source 'openstack-service.conf.erb' + cookbook 'openstack-common' + owner node['openstack']['network']['platform']['user'] + group node['openstack']['network']['platform']['group'] + mode '640' + variables( + service_config: agent_config ) notifies :restart, 'service[neutron-lb-agent]', :delayed end @@ -54,4 +70,5 @@ service 'neutron-lb-agent' do supports status: true, restart: true action :enable subscribes :restart, 'template[/etc/neutron/neutron.conf]', :delayed + subscribes :restart, "template[#{node['openstack']['network_lbaas']['config_file']}]", :delayed end diff --git a/recipes/metadata_agent.rb b/recipes/metadata_agent.rb index d29d8dac..a5e1f2be 100644 --- a/recipes/metadata_agent.rb +++ b/recipes/metadata_agent.rb @@ -1,9 +1,10 @@ # Encoding: utf-8 # -# Cookbook Name:: openstack-network +# Cookbook:: openstack-network # Recipe:: metadata_agent # -# Copyright 2013, AT&T +# Copyright:: 2013, AT&T +# Copyright:: 2020, Oregon State University # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -26,11 +27,9 @@ platform_options = node['openstack']['network']['platform'] metadata_secret = get_password 'token', node['openstack']['network_metadata']['secret_name'] # compute_metadata_api = internal_endpoint 'compute-metadata-api' -platform_options['neutron_metadata_agent_packages'].each do |pkg| - package pkg do - action :upgrade - options platform_options['package_overrides'] - end +package platform_options['neutron_metadata_agent_packages'] do + action :upgrade + options platform_options['package_overrides'] end node.default['openstack']['network_metadata']['conf_secrets'].tap do |conf| @@ -43,11 +42,11 @@ template node['openstack']['network_metadata']['config_file'] do cookbook 'openstack-common' owner node['openstack']['network']['platform']['user'] group node['openstack']['network']['platform']['group'] - mode 0o0644 + mode '644' + sensitive true variables( service_config: service_config ) - action :create end # delete all secrets saved in the attribute diff --git a/recipes/metering_agent.rb b/recipes/metering_agent.rb index 8e20d52a..9ed72041 100644 --- a/recipes/metering_agent.rb +++ b/recipes/metering_agent.rb @@ -1,8 +1,10 @@ # Encoding: utf-8 # -# Cookbook Name:: openstack-network +# Cookbook:: openstack-network # Recipe:: metering_agent # +# Copyright:: 2020, Oregon State University +# # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -20,11 +22,9 @@ include_recipe 'openstack-network' platform_options = node['openstack']['network']['platform'] -platform_options['neutron_metering_agent_packages'].each do |pkg| - package pkg do - action :upgrade - options platform_options['package_overrides'] - end +package platform_options['neutron_metering_agent_packages'] do + action :upgrade + options platform_options['package_overrides'] end service_config = merge_config_options 'network_metering' @@ -33,11 +33,10 @@ template node['openstack']['network_metering']['config_file'] do cookbook 'openstack-common' owner node['openstack']['network']['platform']['user'] group node['openstack']['network']['platform']['group'] - mode 0o0640 + mode '640' variables( service_config: service_config ) - action :create end service 'neutron-metering-agent' do diff --git a/recipes/ml2_core_plugin.rb b/recipes/ml2_core_plugin.rb index c22d2262..2d4ef9e6 100644 --- a/recipes/ml2_core_plugin.rb +++ b/recipes/ml2_core_plugin.rb @@ -1,6 +1,6 @@ # Encoding: utf-8 # -# Cookbook Name:: openstack-network +# Cookbook:: openstack-network # Recipe:: ml2_core_plugin # # Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/recipes/ml2_linuxbridge.rb b/recipes/ml2_linuxbridge.rb index 9153f0ef..558b8b19 100644 --- a/recipes/ml2_linuxbridge.rb +++ b/recipes/ml2_linuxbridge.rb @@ -1,9 +1,10 @@ # Encoding: utf-8 # -# Cookbook Name:: openstack-network +# Cookbook:: openstack-network # Recipe:: ml2_linuxbridge # -# Copyright 2013, AT&T +# Copyright:: 2013, AT&T +# Copyright:: 2016-2020, Oregon State University # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -30,28 +31,22 @@ node.default['openstack']['network']['plugins']['ml2']['conf']['ml2']['mechanism node.default['openstack']['network']['plugins']['ml2']['conf']['ml2_type_vxlan']['vni_ranges'] = 'VNI_START:VNI_END' platform_options = node['openstack']['network']['platform'] -platform_options['neutron_linuxbridge_agent_packages'].each do |pkg| - package pkg do - options platform_options['package_overrides'] - action :upgrade - end + +package platform_options['neutron_linuxbridge_agent_packages'] do + options platform_options['package_overrides'] + action :upgrade end node.default['openstack']['network']['plugins']['linuxbridge'].tap do |lb| case node['platform_family'] when 'fedora', 'rhel' - lb['path'] = - '/etc/neutron/plugins/ml2' - lb['filename'] = - 'linuxbridge_agent.ini' + lb['path'] = '/etc/neutron/plugins/ml2' + lb['filename'] = 'linuxbridge_agent.ini' when 'debian' - lb['path'] = - '/etc/neutron/plugins/linuxbridge' - lb['filename'] = - 'linuxbridge_conf.ini' + lb['path'] = '/etc/neutron/plugins/linuxbridge' + lb['filename'] = 'linuxbridge_conf.ini' end - lb['conf']['securitygroup']['firewall_driver'] = - 'neutron.agent.linux.iptables_firewall.IptablesFirewallDriver' + lb['conf']['securitygroup']['firewall_driver'] = 'neutron.agent.linux.iptables_firewall.IptablesFirewallDriver' end include_recipe 'openstack-network::plugin_config' @@ -60,6 +55,9 @@ service 'neutron-plugin-linuxbridge-agent' do service_name platform_options['neutron_linuxbridge_agent_service'] supports status: true, restart: true action [:enable, :start] - subscribes :restart, ['template[/etc/neutron/neutron.conf]', - 'template[/etc/neutron/plugins/linuxbridge/linuxbridge_conf.ini]'] + subscribes :restart, + [ + 'template[/etc/neutron/neutron.conf]', + 'template[/etc/neutron/plugins/linuxbridge/linuxbridge_conf.ini]', + ] end diff --git a/recipes/ml2_openvswitch.rb b/recipes/ml2_openvswitch.rb index f6bab636..0d934610 100644 --- a/recipes/ml2_openvswitch.rb +++ b/recipes/ml2_openvswitch.rb @@ -1,9 +1,9 @@ # Encoding: utf-8 # -# Cookbook Name:: openstack-network +# Cookbook:: openstack-network # Recipe:: ml2_opensvswitch # -# Copyright 2013, AT&T +# Copyright:: 2013, AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/recipes/openvswitch.rb b/recipes/openvswitch.rb index de2d6882..01960934 100644 --- a/recipes/openvswitch.rb +++ b/recipes/openvswitch.rb @@ -1,8 +1,10 @@ # Encoding: utf-8 # -# Cookbook Name:: openstack-network +# Cookbook:: openstack-network # Recipe:: opensvswitch # +# Copyright:: 2020, Oregon State University +# # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -24,11 +26,9 @@ plugin_file_path = File.join( ) platform_options = node['openstack']['network']['platform'] -platform_options['neutron_openvswitch_packages'].each do |pkg| - package pkg do - options platform_options['package_overrides'] - action :upgrade - end +package platform_options['neutron_openvswitch_packages'] do + options platform_options['package_overrides'] + action :upgrade end service 'neutron-openvswitch-switch' do diff --git a/recipes/openvswitch_agent.rb b/recipes/openvswitch_agent.rb index 9fbce523..cadb51b1 100644 --- a/recipes/openvswitch_agent.rb +++ b/recipes/openvswitch_agent.rb @@ -1,8 +1,10 @@ # Encoding: utf-8 # -# Cookbook Name:: openstack-network +# Cookbook:: openstack-network # Recipe:: openvswitch_agent # +# Copyright:: 2020, Oregon State University +# # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -16,6 +18,7 @@ # limitations under the License. # +include_recipe 'openstack-network' include_recipe 'openstack-network::ml2_openvswitch' plugin_file_path = File.join( @@ -24,19 +27,14 @@ plugin_file_path = File.join( ) platform_options = node['openstack']['network']['platform'] -platform_options['neutron_openvswitch_agent_packages'].each do |pkg| - package pkg do - action :upgrade - options platform_options['package_overrides'] - end +package platform_options['neutron_openvswitch_agent_packages'] do + action :upgrade + options platform_options['package_overrides'] end -int_bridge = - node['openstack']['network']['plugins']['openvswitch']['conf'] -.[]('DEFAULT')['integration_bridge'] +int_bridge = node['openstack']['network']['plugins']['openvswitch']['conf'].[]('DEFAULT')['integration_bridge'] execute 'create integration network bridge' do command "ovs-vsctl --may-exist add-br #{int_bridge}" - action :run end service 'neutron-openvswitch-agent' do diff --git a/recipes/plugin_config.rb b/recipes/plugin_config.rb index bcb4aeff..e4bbf5d5 100644 --- a/recipes/plugin_config.rb +++ b/recipes/plugin_config.rb @@ -1,8 +1,10 @@ # Encoding: utf-8 # -# Cookbook Name:: openstack-network +# Cookbook:: openstack-network # Recipe:: plugin_config # +# Copyright:: 2020, Oregon State University +# # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -22,7 +24,7 @@ node['openstack']['network']['plugins'].each_value do |plugin| recursive true owner node['openstack']['network']['platform']['user'] group node['openstack']['network']['platform']['group'] - mode 0o0700 + mode '700' end template File.join(plugin['path'], plugin['filename']) do @@ -30,7 +32,7 @@ node['openstack']['network']['plugins'].each_value do |plugin| cookbook 'openstack-common' owner node['openstack']['network']['platform']['user'] group node['openstack']['network']['platform']['group'] - mode 0o0644 + mode '644' variables( service_config: plugin['conf'] ) diff --git a/recipes/server.rb b/recipes/server.rb index 602a361f..ac4afa44 100644 --- a/recipes/server.rb +++ b/recipes/server.rb @@ -1,10 +1,11 @@ # Encoding: utf-8 # -# Cookbook Name:: openstack-network +# Cookbook:: openstack-network # Recipe:: server # -# Copyright 2013, AT&T -# Copyright 2013, SUSE Linux GmbH +# Copyright:: 2013, AT&T +# Copyright:: 2013, SUSE Linux GmbH +# Copyright:: 2020, Oregon State University # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -30,7 +31,7 @@ template '/etc/default/neutron-server' do source 'neutron-server.erb' owner 'root' group 'root' - mode 0o0644 + mode '644' variables( core_plugin_config: node['openstack']['network']['core_plugin_config_file'] ) @@ -39,19 +40,15 @@ end platform_options = node['openstack']['network']['platform'] -platform_options['neutron_server_packages'].each do |pkg| - package pkg do - options platform_options['package_overrides'] - action :upgrade - end +package platform_options['neutron_server_packages'] do + options platform_options['package_overrides'] + action :upgrade end db_type = node['openstack']['db']['network']['service_type'] -node['openstack']['db']['python_packages'][db_type].each do |pkg| - package pkg do - options platform_options['package_overrides'] - action :upgrade - end +package node['openstack']['db']['python_packages'][db_type] do + options platform_options['package_overrides'] + action :upgrade end if node['openstack']['network']['policyfile_url'] @@ -59,20 +56,22 @@ if node['openstack']['network']['policyfile_url'] source node['openstack']['network']['policyfile_url'] owner node['openstack']['network']['platform']['user'] group node['openstack']['network']['platform']['group'] - mode 0o0644 + mode '644' end end if node['openstack']['network_lbaas']['enabled'] - # neutron-lbaas-agent may not running on network node, but on network node, neutron-server still need neutron_lbaas module - # when loading plugin if lbaas is list in service_plugins. In this case, we don't need include balance recipe for network node, but - # we need make sure neutron lbaas python packages get installed on network node before neutron-server start/restart, when lbaas is enabled. - # Otherwise neutron-server will crash for couldn't find lbaas plugin when invoking plugins from service_plugins. - platform_options['neutron_lbaas_python_dependencies'].each do |pkg| - package pkg do - options platform_options['package_overrides'] - action :upgrade - end + # neutron-lbaas-agent may not running on network node, but on network + # node, neutron-server still need neutron_lbaas module when loading + # plugin if lbaas is list in service_plugins. In this case, we don't + # need include balance recipe for network node, but we need make sure + # neutron lbaas python packages get installed on network node before + # neutron-server start/restart, when lbaas is enabled. Otherwise + # neutron-server will crash for couldn't find lbaas plugin when + # invoking plugins from service_plugins. + package platform_options['neutron_lbaas_python_dependencies'] do + options platform_options['package_overrides'] + action :upgrade end end diff --git a/spec/_bridge_config_example_spec.rb b/spec/_bridge_config_example_spec.rb index 3c0cbb0f..0af86965 100644 --- a/spec/_bridge_config_example_spec.rb +++ b/spec/_bridge_config_example_spec.rb @@ -24,12 +24,10 @@ describe 'openstack-network::_bridge_config_example' do let(:name) { 'create external network bridge' } it 'adds external network bridge' do - expect(chef_run).to run_execute(name) - .with(command: cmd_br) + expect(chef_run).to run_execute(name).with(command: cmd_br) end it 'adds external network bridge port' do - expect(chef_run).to run_execute("#{name} port") - .with(command: cmd_port) + expect(chef_run).to run_execute("#{name} port").with(command: cmd_port) end end @@ -39,12 +37,10 @@ describe 'openstack-network::_bridge_config_example' do let(:name) { 'create vlan network bridge' } it 'adds vlan network bridge' do - expect(chef_run).to run_execute(name) - .with(command: cmd_br) + expect(chef_run).to run_execute(name).with(command: cmd_br) end it 'adds vlan network bridge port' do - expect(chef_run).to run_execute("#{name} port") - .with(command: cmd_port) + expect(chef_run).to run_execute("#{name} port").with(command: cmd_port) end end @@ -53,8 +49,7 @@ describe 'openstack-network::_bridge_config_example' do let(:name) { 'create tunnel network bridge' } it 'adds tunnel network bridge' do - expect(chef_run).to run_execute(name) - .with(command: cmd_br) + expect(chef_run).to run_execute(name).with(command: cmd_br) end end end diff --git a/spec/db_migration_spec.rb b/spec/db_migration_spec.rb index 6d66898c..ac07164e 100644 --- a/spec/db_migration_spec.rb +++ b/spec/db_migration_spec.rb @@ -11,8 +11,8 @@ describe 'openstack-network::db_migration' do end it 'uses db upgrade head with default timeout for neutron-server' do - expect(chef_run).to run_bash('migrate network database').with( - code: /upgrade head/, + expect(chef_run).to run_execute('migrate network database').with( + command: "neutron-db-manage --config-file /etc/neutron/neutron.conf upgrade head\n", timeout: 3600 ) end @@ -23,32 +23,21 @@ describe 'openstack-network::db_migration' do runner.converge(described_recipe) end it do - expect(chef_run).to run_bash('migrate network database').with( - code: /upgrade head/, + expect(chef_run).to run_execute('migrate network database').with( + command: "neutron-db-manage --config-file /etc/neutron/neutron.conf upgrade head\n", timeout: 1234 ) end end context 'run db-migration when services are enabled' do cached(:chef_run) do - node.override['openstack']['network_fwaas']['enabled'] = true node.override['openstack']['network_lbaas']['enabled'] = true node.override['openstack']['network']['core_plugin_config_file'] = '/etc/neutron/plugins/ml2/ml2_conf.ini' runner.converge(described_recipe) end it 'uses db upgrade head when lbaas is enabled' do - migrate_cmd = %r{neutron-db-manage --subproject neutron-lbaas --config-file /etc/neutron/neutron.conf| - --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head} - expect(chef_run).to run_bash('migrate lbaas database').with( - code: migrate_cmd, - timeout: 3600 - ) - end - it 'uses db upgrade head when fwaas is enabled' do - migrate_cmd = %r{neutron-db-manage --subproject neutron-fwaas --config-file /etc/neutron/neutron.conf| - --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head} - expect(chef_run).to run_bash('migrate fwaas database').with( - code: migrate_cmd, + expect(chef_run).to run_execute('migrate lbaas database').with( + command: "neutron-db-manage --subproject neutron-lbaas --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head\n", timeout: 3600 ) end @@ -59,22 +48,8 @@ describe 'openstack-network::db_migration' do runner.converge(described_recipe) end - it 'does not use db upgrade head when fwaas is not enabled' do - migrate_cmd = %r{neutron-db-manage --subproject neutron-fwaas --config-file /etc/neutron/neutron.conf| - --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head} - expect(chef_run).not_to run_bash('migrate fwaas database').with( - code: migrate_cmd, - timeout: 3600 - ) - end - it 'does not use db upgrade head when lbaas is not enabled' do - migrate_cmd = %r{neutron-db-manage --subproject neutron-lbaas --config-file /etc/neutron/neutron.conf| - --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head} - expect(chef_run).not_to run_bash('migrate lbaas database').with( - code: migrate_cmd, - timeout: 3600 - ) + expect(chef_run).not_to run_execute('migrate lbaas database') end end end diff --git a/spec/default-redhat_spec.rb b/spec/default-redhat_spec.rb index 56ea1a88..50815da4 100644 --- a/spec/default-redhat_spec.rb +++ b/spec/default-redhat_spec.rb @@ -11,11 +11,26 @@ describe 'openstack-network' do include_context 'neutron-stubs' - it 'upgrades mysql python package' do + pkgs = + %w( + ebtables + iproute + openstack-neutron + openstack-neutron-ml2 + ) + it do + expect(chef_run).to upgrade_package(pkgs) + end + it do expect(chef_run).to upgrade_package('MySQL-python') end - it 'upgrades openstack-neutron-ml2 package' do - expect(chef_run).to upgrade_package('openstack-neutron-ml2') + it do + expect(chef_run).to create_cookbook_file('/usr/bin/neutron-enable-bridge-firewall.sh').with( + source: 'neutron-enable-bridge-firewall.sh', + owner: 'root', + group: 'wheel', + mode: '0755' + ) end end end diff --git a/spec/default_spec.rb b/spec/default_spec.rb index 8e8a7e41..83d806b6 100644 --- a/spec/default_spec.rb +++ b/spec/default_spec.rb @@ -11,13 +11,29 @@ describe 'openstack-network' do include_context 'neutron-stubs' - %w(neutron-common python3-mysqldb).each do |package| - it do - expect(chef_run).to upgrade_package(package) - end + packages = %w(neutron-common python3-neutron) + it do + expect(chef_run).to upgrade_package(packages) + end + + it do + expect(chef_run).to upgrade_package('python3-mysqldb') + end + + it do + expect(chef_run).to_not create_cookbook_file('/usr/bin/neutron-enable-bridge-firewall.sh') end describe '/etc/neutron/rootwrap.conf' do + it do + expect(chef_run).to create_template('/etc/neutron/rootwrap.conf').with( + source: 'openstack-service.conf.erb', + cookbook: 'openstack-common', + owner: 'neutron', + group: 'neutron', + mode: '644' + ) + end let(:file) { chef_run.template('/etc/neutron/rootwrap.conf') } [ %r{^filters_path = /etc/neutron/rootwrap\.d,/usr/share/neutron/rootwrap$}, @@ -34,60 +50,92 @@ describe 'openstack-network' do end describe '/etc/neutron/neutron.conf' do + it do + expect(chef_run).to create_template('/etc/neutron/neutron.conf').with( + source: 'openstack-service.conf.erb', + cookbook: 'openstack-common', + owner: 'neutron', + group: 'neutron', + mode: '640', + sensitive: true + ) + end let(:file) { chef_run.template('/etc/neutron/neutron.conf') } [ %r{^log_dir = /var/log/neutron$}, /^control_exchange = neutron$/, /^core_plugin = ml2$/, - %r{^transport_url = rabbit://guest:mypass@127.0.0.1:5672$}, /^bind_host = 127\.0\.0\.1$/, /^bind_port = 9696$/, + %r{^transport_url = rabbit://guest:mypass@127.0.0.1:5672$}, ].each do |line| it do - expect(chef_run).to render_config_file(file.name) - .with_section_content('DEFAULT', line) + expect(chef_run).to render_config_file(file.name).with_section_content('DEFAULT', line) end end + + context 'lbaas enabled' do + cached(:chef_run) do + node.override['openstack']['network_lbaas']['enabled'] = true + runner.converge(described_recipe) + end + [ + /^service_plugins = neutron_lbaas.services.loadbalancer.plugin.LoadBalancerPluginv2$/, + ].each do |line| + it do + expect(chef_run).to render_config_file(file.name).with_section_content('DEFAULT', line) + end + end + end + [ %r{^root_helper = sudo neutron-rootwrap /etc/neutron/rootwrap.conf$}, ].each do |line| it do - expect(chef_run).to render_config_file(file.name) - .with_section_content('agent', line) + expect(chef_run).to render_config_file(file.name).with_section_content('agent', line) end end [ - /^project_name = service$/, + /^auth_type = password$/, + /^region_name = RegionOne$/, /^username = neutron$/, /^user_domain_name = Default/, /^project_domain_name = Default/, + /^project_name = service$/, + /^auth_version = v3$/, + %r{^auth_url = http://127.0.0.1:5000/v3$}, /^password = neutron-pass$/, - /^auth_type = v3password$/, ].each do |line| it do - expect(chef_run).to render_config_file(file.name) - .with_section_content('keystone_authtoken', line) + expect(chef_run).to render_config_file(file.name).with_section_content('keystone_authtoken', line) end end [ + /^auth_type = password$/, /^region_name = RegionOne$/, - /^auth_type = v3password$/, /^username = nova$/, /^user_domain_name = Default/, - /^project_domain_name = Default/, /^project_name = service$/, + /^project_domain_name = Default/, + %r{^auth_url = http://127.0.0.1:5000/v3$}, + /^password = nova-pass$/, ].each do |line| it do - expect(chef_run).to render_config_file(file.name) - .with_section_content('nova', line) + expect(chef_run).to render_config_file(file.name).with_section_content('nova', line) + end + end + [ + %r{^lock_path = /var/lib/neutron/lock$}, + ].each do |line| + it do + expect(chef_run).to render_config_file(file.name).with_section_content('oslo_concurrency', line) end end [ %(connection = mysql+pymysql://neutron:neutron@127.0.0.1:3306/neutron?charset=utf8), ].each do |line| it do - expect(chef_run).to render_config_file(file.name) - .with_section_content('database', line) + expect(chef_run).to render_config_file(file.name).with_section_content('database', line) end end end diff --git a/spec/dhcp_agent-centos_spec.rb b/spec/dhcp_agent-centos_spec.rb index 8f5967cf..36cacb2d 100644 --- a/spec/dhcp_agent-centos_spec.rb +++ b/spec/dhcp_agent-centos_spec.rb @@ -14,49 +14,12 @@ describe 'openstack-network::dhcp_agent' do include_context 'neutron-stubs' - it 'upgrades neutron dhcp package' do - expect(chef_run).to upgrade_package('openstack-neutron') + it do + expect(chef_run).to upgrade_package(%w(openstack-neutron iproute)) end - it 'upgrades plugin packages' do - expect(chef_run).not_to upgrade_package(/openvswitch/) - expect(chef_run).not_to upgrade_package(/plugin/) - end - - it 'starts the dhcp agent on boot' do - expect(chef_run).to enable_service('neutron-dhcp-agent') - end - - it 'should install the dnsmasq rpm' do + it do expect(chef_run).to upgrade_rpm_package('dnsmasq') end - - it 'should notify dhcp agent to restart immediately' do - expect(chef_run.rpm_package('dnsmasq')).to notify('service[neutron-dhcp-agent]').to(:restart).delayed - end - - describe '/etc/neutron/dhcp_agent.ini' do - let(:file) { chef_run.template('/etc/neutron/dhcp_agent.ini') } - - it 'creates dhcp_agent.ini' do - expect(chef_run).to create_template(file.name).with( - user: 'neutron', - group: 'neutron', - mode: 0o644 - ) - end - end - - describe '/etc/neutron/dnsmasq.conf' do - let(:file) { chef_run.template('/etc/neutron/dnsmasq.conf') } - - it 'creates dnsmasq.conf' do - expect(chef_run).to create_template(file.name).with( - user: 'neutron', - group: 'neutron', - mode: 0o644 - ) - end - end end end diff --git a/spec/dhcp_agent_spec.rb b/spec/dhcp_agent_spec.rb index 4bc5a0eb..f0ae8218 100644 --- a/spec/dhcp_agent_spec.rb +++ b/spec/dhcp_agent_spec.rb @@ -15,38 +15,77 @@ describe 'openstack-network::dhcp_agent' do expect(chef_run).to include_recipe('openstack-network') end - it 'subscribes the agent service to neutron.conf' do - expect(chef_run.service('neutron-dhcp-agent')).to subscribe_to('template[/etc/neutron/neutron.conf]').delayed + %w( + template[/etc/neutron/neutron.conf] + template[/etc/neutron/dnsmasq.conf] + template[/etc/neutron/dhcp_agent.ini] + ).each do |resource| + it do + expect(chef_run.service('neutron-dhcp-agent')).to subscribe_to(resource).delayed + end end - it 'upgrades neutron dhcp package' do + it do + expect(chef_run).to_not upgrade_rpm_package('dnsmasq') + end + + it do expect(chef_run).to upgrade_package 'neutron-dhcp-agent' end - it 'starts the dhcp agent on boot' do - expect(chef_run).to enable_service 'neutron-dhcp-agent' + it do + expect(chef_run).to enable_service('neutron-dhcp-agent').with( + service_name: 'neutron-dhcp-agent', + supports: { + restart: true, + status: true, + } + ) + end + + it do + expect(chef_run).to start_service 'neutron-dhcp-agent' end describe 'dhcp_agent.ini' do let(:file) { chef_run.template('/etc/neutron/dhcp_agent.ini') } it 'creates dhcp_agent.ini' do expect(chef_run).to create_template(file.name).with( + source: 'openstack-service.conf.erb', + cookbook: 'openstack-common', user: 'neutron', group: 'neutron', - mode: 0o644 + mode: '644' ) end + [ + /^interface_driver = openvswitch$/, + %r{^dnsmasq_config_file = /etc/neutron/dnsmasq.conf$}, + ].each do |line| + it do + expect(chef_run).to render_config_file('/etc/neutron/dhcp_agent.ini').with_section_content('DEFAULT', line) + end + end end describe '/etc/neutron/dnsmasq.conf' do let(:file) { chef_run.template('/etc/neutron/dnsmasq.conf') } it 'creates dnsmasq.conf' do expect(chef_run).to create_template(file.name).with( + source: 'dnsmasq.conf.erb', user: 'neutron', group: 'neutron', - mode: 0o644 + mode: '644' ) end + [ + /^server=8.8.8.8$/, + /^server=208.67.222.222$/, + ].each do |line| + it do + expect(chef_run).to render_file('/etc/neutron/dnsmasq.conf').with_content(line) + end + end end end end diff --git a/spec/l3_agent-redhat_spec.rb b/spec/l3_agent-redhat_spec.rb index 7415c3db..604185e1 100644 --- a/spec/l3_agent-redhat_spec.rb +++ b/spec/l3_agent-redhat_spec.rb @@ -13,10 +13,15 @@ describe 'openstack-network::l3_agent' do include_context 'neutron-stubs' - it 'upgrades neutron ml2_ovs packages' do - %w(openstack-neutron iproute radvd keepalived).each do |pkg| - expect(chef_run).to upgrade_package(pkg) - end + pkgs = + %w( + iproute + keepalived + openstack-neutron + radvd + ) + it do + expect(chef_run).to upgrade_package(pkgs) end end end diff --git a/spec/l3_agent_spec.rb b/spec/l3_agent_spec.rb index 633ec65f..e03b2d35 100644 --- a/spec/l3_agent_spec.rb +++ b/spec/l3_agent_spec.rb @@ -12,18 +12,33 @@ describe 'openstack-network::l3_agent' do describe 'recipe' do include_context 'neutron-stubs' - it 'starts the l3 agent on boot' do - expect(chef_run).to enable_service('neutron-l3-agent') + it do + expect(chef_run).to enable_service('neutron-l3-agent').with( + service_name: 'neutron-l3-agent', + supports: { + status: true, + restart: true, + } + ) end - it 'subscribes the l3 agent service to neutron.conf' do - expect(chef_run.service('neutron-l3-agent')).to subscribe_to('template[/etc/neutron/neutron.conf]').delayed + it do + expect(chef_run).to start_service('neutron-l3-agent') end - %w(neutron-l3-agent radvd keepalived).each do |pkg| - it "upgrades #{pkg} package" do - expect(chef_run).to upgrade_package(pkg) - end + it do + expect(chef_run.service('neutron-l3-agent')).to \ + subscribe_to('template[/etc/neutron/neutron.conf]').on(:restart) + end + + pkgs = + %w( + keepalived + neutron-l3-agent + radvd + ) + it do + expect(chef_run).to upgrade_package(pkgs) end describe 'l3_agent.ini' do @@ -31,12 +46,22 @@ describe 'openstack-network::l3_agent' do it 'creates l3_agent.ini' do expect(chef_run).to create_template(file.name).with( + source: 'openstack-service.conf.erb', + cookbook: 'openstack-common', user: 'neutron', group: 'neutron', - mode: 0o640 + mode: '640' ) end + [ + /^interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver$/, + ].each do |line| + it do + expect(chef_run).to render_config_file('/etc/neutron/l3_agent.ini').with_section_content('DEFAULT', line) + end + end + context 'template contents' do cached(:chef_run) do node.override['openstack']['network_l3']['conf']['DEFAULT']['external_network_bridge'] = 'network_l3_external_network_bridge_value' @@ -48,11 +73,15 @@ describe 'openstack-network::l3_agent' do it 'displays the external_network_bridge l3 attribute' do stub_command('ovs-vsctl br-exists network_l3_external_network_bridge_value').and_return(false) - expect(chef_run).to render_file(file.name).with_content(/^external_network_bridge = network_l3_external_network_bridge_value$/) + expect(chef_run).to render_config_file(file.name) + .with_section_content( + 'DEFAULT', + /^external_network_bridge = network_l3_external_network_bridge_value$/ + ) end end - it 'notifies the l3 agent service' do + it do expect(file).to notify('service[neutron-l3-agent]').to(:restart).delayed end end diff --git a/spec/lbaas-redhat_spec.rb b/spec/lbaas-redhat_spec.rb index 1a8da181..89bc751d 100644 --- a/spec/lbaas-redhat_spec.rb +++ b/spec/lbaas-redhat_spec.rb @@ -8,35 +8,41 @@ describe 'openstack-network::lbaas' do cached(:chef_run) do node.override['openstack']['compute']['network']['service_type'] = 'neutron' node.override['openstack']['network']['lbaas']['enabled'] = 'True' - runner.converge(described_recipe) + runner.converge(described_recipe, 'openstack-network::ml2_core_plugin', 'openstack-network::server') end include_context 'neutron-stubs' + it do + expect(chef_run).to_not create_directory('/etc/neutron/conf.d/neutron-server') + end + describe 'lbaas_agent.ini' do let(:file) { chef_run.template('/etc/neutron/lbaas_agent.ini') } - it 'creates lbaas_agent.ini' do - expect(chef_run).to create_template(file.name).with( - user: 'neutron', - group: 'neutron', - mode: 0o640 - ) - end - - it 'displays user_group as nobody' do - expect(chef_run).to render_file(file.name).with_content(/^user_group = nobody$/) + it do + expect(chef_run).to render_config_file(file.name).with_section_content('haproxy', /^user_group = nobody$/) end end - ['haproxy', 'openstack-neutron-lbaas'].each do |pack| - it "upgrades #{pack} package" do - expect(chef_run).to upgrade_package(pack) - end + pkgs = + %w( + haproxy + iproute + openstack-neutron-lbaas + ) + it do + expect(chef_run).to upgrade_package(pkgs) end - it 'enables agent service' do - expect(chef_run).to enable_service('neutron-lb-agent') + it do + expect(chef_run).to enable_service('neutron-lb-agent').with( + service_name: 'neutron-lbaasv2-agent', + supports: { + status: true, + restart: true, + } + ) end end end diff --git a/spec/lbaas_spec.rb b/spec/lbaas_spec.rb index 30e45329..ecdaa418 100644 --- a/spec/lbaas_spec.rb +++ b/spec/lbaas_spec.rb @@ -6,40 +6,97 @@ describe 'openstack-network::lbaas' do let(:runner) { ChefSpec::SoloRunner.new(UBUNTU_OPTS) } let(:node) { runner.node } cached(:chef_run) do - runner.converge(described_recipe) + runner.converge(described_recipe, 'openstack-network::ml2_core_plugin', 'openstack-network::server') end include_context 'neutron-stubs' + pkgs = + %w( + haproxy + neutron-lbaas-common + neutron-lbaasv2-agent + python3-neutron-lbaas + ) it do - %w(python3-neutron-lbaas neutron-lbaasv2-agent haproxy) - .each do |pkg| - expect(chef_run).to upgrade_package(pkg) - end + expect(chef_run).to upgrade_package(pkgs) end - describe 'lbaas.conf' do + it do + expect(chef_run).to create_directory('/etc/neutron/conf.d/neutron-server').with(recursive: true) + end + + describe '/etc/neutron/lbaas_agent.ini' do let(:file) { chef_run.template('/etc/neutron/lbaas_agent.ini') } it do expect(chef_run).to create_template(file.name).with( + source: 'openstack-service.conf.erb', + cookbook: 'openstack-common', user: 'neutron', group: 'neutron', - mode: 0o0640 + mode: '640' ) end it do - [ - /^periodic_interval = 10$/, - /^ovs_use_veth = false$/, - /^interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver$/, - /^device_driver = neutron_lbaas.drivers.haproxy.namespace_driver.HaproxyNSDriver$/, - ].each do |line| - expect(chef_run).to render_file(file.name).with_content(line) + expect(file).to notify('service[neutron-lb-agent]').to(:restart) + end + + [ + /^interface_driver = openvswitch$/, + /^device_driver = neutron_lbaas.drivers.haproxy.namespace_driver.HaproxyNSDriver$/, + ].each do |line| + it do + expect(chef_run).to render_config_file(file.name).with_section_content('DEFAULT', line) + end + end + [ + /^user_group = nogroup$/, + ].each do |line| + it do + expect(chef_run).to render_config_file(file.name).with_section_content('haproxy', line) end end it do - expect(chef_run).to enable_service('neutron-lb-agent') + expect(chef_run).to enable_service('neutron-lb-agent').with( + service_name: 'neutron-lbaasv2-agent', + supports: { + status: true, + restart: true, + } + ) + end + %w( + template[/etc/neutron/neutron.conf] + template[/etc/neutron/conf.d/neutron-server/neutron_lbaas.conf] + ).each do |resource| + it do + expect(chef_run.service('neutron-lb-agent')).to subscribe_to(resource).on(:restart) + end + end + end + describe '/etc/neutron/conf.d/neutron-server/neutron_lbaas.conf' do + let(:file) { chef_run.template('/etc/neutron/conf.d/neutron-server/neutron_lbaas.conf') } + it do + expect(chef_run).to create_template(file.name).with( + source: 'openstack-service.conf.erb', + cookbook: 'openstack-common', + user: 'neutron', + group: 'neutron', + mode: '640' + ) + end + + it do + expect(file).to notify('service[neutron-server]').to(:restart) + end + + [ + /^service_provider = LOADBALANCERV2:Haproxy:neutron_lbaas.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default$/, + ].each do |line| + it do + expect(chef_run).to render_config_file(file.name).with_section_content('service_providers', line) + end end end end diff --git a/spec/metadata_agent-rhel_spec.rb b/spec/metadata_agent-rhel_spec.rb new file mode 100644 index 00000000..1d98d898 --- /dev/null +++ b/spec/metadata_agent-rhel_spec.rb @@ -0,0 +1,29 @@ +# Encoding: utf-8 +require_relative 'spec_helper' + +describe 'openstack-network::metadata_agent' do + describe 'redhat' do + let(:runner) { ChefSpec::SoloRunner.new(REDHAT_OPTS) } + let(:node) { runner.node } + cached(:chef_run) do + node.override['openstack']['compute']['network']['service_type'] = 'neutron' + runner.converge(described_recipe) + end + + include_context 'neutron-stubs' + + it do + expect(chef_run).to enable_service('neutron-metadata-agent').with( + service_name: 'neutron-metadata-agent', + supports: { + status: true, + restart: true, + } + ) + end + + it do + expect(chef_run).to start_service('neutron-metadata-agent') + end + end +end diff --git a/spec/metadata_agent_spec.rb b/spec/metadata_agent_spec.rb index 29e45caf..7badea17 100644 --- a/spec/metadata_agent_spec.rb +++ b/spec/metadata_agent_spec.rb @@ -12,14 +12,28 @@ describe 'openstack-network::metadata_agent' do include_context 'neutron-stubs' - it 'upgrades neutron metadata agent' do + it do expect(chef_run).to upgrade_package 'neutron-metadata-agent' end + it do - expect(chef_run).to enable_service('neutron-metadata-agent') + expect(chef_run).to enable_service('neutron-metadata-agent').with( + service_name: 'neutron-metadata-agent', + supports: { + status: true, + restart: true, + } + ) end - it 'subscribes the metadata agent service to neutron.conf' do - expect(chef_run.service('neutron-metadata-agent')).to subscribe_to('template[/etc/neutron/neutron.conf]').delayed + + it do + expect(chef_run).to start_service('neutron-metadata-agent') + end + + %w(template[/etc/neutron/neutron.conf] template[/etc/neutron/metadata_agent.ini]).each do |resource| + it do + expect(chef_run.service('neutron-metadata-agent')).to subscribe_to(resource).delayed + end end describe 'metadata_agent.ini' do @@ -27,21 +41,24 @@ describe 'openstack-network::metadata_agent' do it 'creates metadata_agent.ini' do expect(chef_run).to create_template(file.name).with( + source: 'openstack-service.conf.erb', + cookbook: 'openstack-common', user: 'neutron', group: 'neutron', - mode: 0o644 + mode: '644', + sensitive: true ) end context 'template contents' do - it 'sets the metadata_proxy_shared_secret attribute' do - expect(chef_run).to render_file(file.name).with_content(/^metadata_proxy_shared_secret = metadata-secret$/) + [ + /^metadata_proxy_shared_secret = metadata-secret$/, + ].each do |line| + it do + expect(chef_run).to render_config_file(file.name).with_section_content('DEFAULT', line) + end end end - - it 'notifies the metadata agent service' do - expect(file).to notify('service[neutron-metadata-agent]').to(:restart).delayed - end end it do expect(chef_run).to run_ruby_block('delete all attributes in '\ diff --git a/spec/metering_agent-rhel_spec.rb b/spec/metering_agent-rhel_spec.rb new file mode 100644 index 00000000..b98fc859 --- /dev/null +++ b/spec/metering_agent-rhel_spec.rb @@ -0,0 +1,28 @@ +# Encoding: utf-8 +require_relative 'spec_helper' + +describe 'openstack-network::metering_agent' do + describe 'ubuntu' do + let(:runner) { ChefSpec::SoloRunner.new(UBUNTU_OPTS) } + let(:node) { runner.node } + cached(:chef_run) do + runner.converge(described_recipe) + end + + include_context 'neutron-stubs' + + it do + expect(chef_run).to upgrade_package('neutron-metering-agent') + end + + it do + expect(chef_run).to enable_service('neutron-metering-agent').with( + service_name: 'neutron-metering-agent', + supports: { + status: true, + restart: true, + } + ) + end + end +end diff --git a/spec/metering_agent_spec.rb b/spec/metering_agent_spec.rb index e405f8f7..fd0f2773 100644 --- a/spec/metering_agent_spec.rb +++ b/spec/metering_agent_spec.rb @@ -12,19 +12,18 @@ describe 'openstack-network::metering_agent' do include_context 'neutron-stubs' it do - %w(neutron-metering-agent) - .each do |pkg| - expect(chef_run).to upgrade_package(pkg) - end + expect(chef_run).to upgrade_package('neutron-metering-agent') end describe 'metering_agent.ini' do let(:file) { chef_run.template('/etc/neutron/metering_agent.ini') } it do expect(chef_run).to create_template(file.name).with( + source: 'openstack-service.conf.erb', + cookbook: 'openstack-common', user: 'neutron', group: 'neutron', - mode: 0o0640 + mode: '640' ) end @@ -33,11 +32,25 @@ describe 'openstack-network::metering_agent' do /^interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver$/, /^driver = neutron.services.metering.drivers.iptables.iptables_driver.IptablesMeteringDriver$/, ].each do |line| - expect(chef_run).to render_file(file.name).with_content(line) + expect(chef_run).to render_config_file(file.name).with_section_content('DEFAULT', line) end end + end + it do + expect(chef_run).to enable_service('neutron-metering-agent').with( + service_name: 'neutron-metering-agent', + supports: { + status: true, + restart: true, + } + ) + end + it do + expect(chef_run).to start_service('neutron-metering-agent') + end + %w(template[/etc/neutron/neutron.conf] template[/etc/neutron/metering_agent.ini]).each do |resource| it do - expect(chef_run).to enable_service('neutron-metering-agent') + expect(chef_run.service('neutron-metering-agent')).to subscribe_to(resource).delayed end end end diff --git a/spec/ml2_linuxbridge-redhat_spec.rb b/spec/ml2_linuxbridge-redhat_spec.rb index 2a2762a9..6b80f772 100644 --- a/spec/ml2_linuxbridge-redhat_spec.rb +++ b/spec/ml2_linuxbridge-redhat_spec.rb @@ -21,7 +21,7 @@ describe 'openstack-network::ml2_linuxbridge' do expect(chef_run).to create_directory('/etc/neutron/plugins/ml2').with( owner: 'neutron', group: 'neutron', - mode: 0o700 + mode: '700' ) end it do @@ -43,9 +43,7 @@ describe 'openstack-network::ml2_linuxbridge' do end it do - %w(openstack-neutron-linuxbridge iproute).each do |pkg| - expect(chef_run).to upgrade_package(pkg) - end + expect(chef_run).to upgrade_package(%w(openstack-neutron-linuxbridge iproute)) end it do diff --git a/spec/ml2_linuxbridge_spec.rb b/spec/ml2_linuxbridge_spec.rb index 71de20ea..0047faaa 100644 --- a/spec/ml2_linuxbridge_spec.rb +++ b/spec/ml2_linuxbridge_spec.rb @@ -18,13 +18,14 @@ describe 'openstack-network::ml2_linuxbridge' do include_context 'neutron-stubs' - it 'creates the /etc/neutron/plugins/linuxbridge agent directory' do + it do expect(chef_run).to create_directory('/etc/neutron/plugins/linuxbridge').with( owner: 'neutron', group: 'neutron', - mode: 0o700 + mode: '700' ) end + it do expect(chef_run).to include_recipe('openstack-network::plugin_config') end @@ -33,28 +34,47 @@ describe 'openstack-network::ml2_linuxbridge' do let(:file) do chef_run.template('/etc/neutron/plugins/linuxbridge/linuxbridge_conf.ini') end + [ /^firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver$/, ].each do |line| - it do - expect(chef_run).to render_config_file(file.name) - .with_section_content('securitygroup', line) + it "[securitygroup] #{line}" do + expect(chef_run).to render_config_file(file.name).with_section_content('securitygroup', line) end end end + pkgs = + %w( + neutron-plugin-linuxbridge + neutron-plugin-linuxbridge-agent + ) + it do - %w(neutron-plugin-linuxbridge neutron-plugin-linuxbridge-agent).each do |pkg| - expect(chef_run).to upgrade_package(pkg) - end + expect(chef_run).to upgrade_package(pkgs) end it do - expect(chef_run).to enable_service('neutron-plugin-linuxbridge-agent') + expect(chef_run).to enable_service('neutron-plugin-linuxbridge-agent').with( + service_name: 'neutron-plugin-linuxbridge-agent', + supports: { + status: true, + restart: true, + } + ) end + it do - service = chef_run.service('neutron-plugin-linuxbridge-agent') - expect(service).to(subscribe_to('template[/etc/neutron/neutron.conf]').on(:restart).delayed) && subscribe_to('template[/etc/neutron/plugins/linuxbridge/linuxbridge_conf.ini]').on(:restart).delayed + expect(chef_run).to start_service('neutron-plugin-linuxbridge-agent') + end + + %w( + template[/etc/neutron/neutron.conf] + template[/etc/neutron/plugins/linuxbridge/linuxbridge_conf.ini] + ).each do |resource| + it do + expect(chef_run.service('neutron-plugin-linuxbridge-agent')).to subscribe_to(resource).delayed + end end end end diff --git a/spec/ml2_openvswitch_spec.rb b/spec/ml2_openvswitch_spec.rb new file mode 100644 index 00000000..99127cd7 --- /dev/null +++ b/spec/ml2_openvswitch_spec.rb @@ -0,0 +1,36 @@ +# pkg upgrade + +# service + +# Encoding: utf-8 +require_relative 'spec_helper' + +describe 'openstack-network::ml2_openvswitch' do + describe 'ubuntu' do + let(:runner) { ChefSpec::SoloRunner.new(UBUNTU_OPTS) } + let(:node) { runner.node } + cached(:chef_run) do + runner.converge(described_recipe, 'openstack-network::plugin_config') + end + + include_context 'neutron-stubs' + + it do + expect(chef_run).to include_recipe('openstack-network::ml2_core_plugin') + end + + describe '/etc/neutron/plugins/ml2/openvswitch_agent.ini' do + let(:file) do + chef_run.template('/etc/neutron/plugins/ml2/openvswitch_agent.ini') + end + + [ + /^integration_bridge = br-int$/, + ].each do |line| + it do + expect(chef_run).to render_config_file(file.name).with_section_content('DEFAULT', line) + end + end + end + end +end diff --git a/spec/openvswitch-rhel_spec.rb b/spec/openvswitch-rhel_spec.rb new file mode 100644 index 00000000..2b8513b9 --- /dev/null +++ b/spec/openvswitch-rhel_spec.rb @@ -0,0 +1,26 @@ +# Encoding: utf-8 +require_relative 'spec_helper' + +describe 'openstack-network::openvswitch' do + describe 'redhat' do + let(:runner) { ChefSpec::SoloRunner.new(REDHAT_OPTS) } + let(:node) { runner.node } + cached(:chef_run) do + runner.converge(described_recipe) + end + + it do + expect(chef_run).to upgrade_package 'openvswitch' + end + + it do + expect(chef_run).to enable_service('neutron-openvswitch-switch').with( + service_name: 'openvswitch', + supports: { + status: true, + restart: true, + } + ) + end + end +end diff --git a/spec/openvswitch_agent-rhel_spec.rb b/spec/openvswitch_agent-rhel_spec.rb new file mode 100644 index 00000000..1f88d38a --- /dev/null +++ b/spec/openvswitch_agent-rhel_spec.rb @@ -0,0 +1,33 @@ +# Encoding: utf-8 +require_relative 'spec_helper' + +describe 'openstack-network::openvswitch_agent' do + describe 'redhat' do + let(:runner) { ChefSpec::SoloRunner.new(REDHAT_OPTS) } + let(:node) { runner.node } + cached(:chef_run) do + node.override['openstack']['network']['openvswitch']['integration_bridge'] = 'br-int' + runner.converge(described_recipe) + end + + include_context 'neutron-stubs' + + before do + stub_command('ovs-vsctl --may-exist add-br br-int') + end + + it do + expect(chef_run).to upgrade_package %w(openstack-neutron-openvswitch iproute) + end + + it do + expect(chef_run).to enable_service('neutron-openvswitch-agent').with( + service_name: 'neutron-openvswitch-agent', + supports: { + status: true, + restart: true, + } + ) + end + end +end diff --git a/spec/openvswitch_agent_spec.rb b/spec/openvswitch_agent_spec.rb index 50a85d00..fbcce84f 100644 --- a/spec/openvswitch_agent_spec.rb +++ b/spec/openvswitch_agent_spec.rb @@ -7,31 +7,44 @@ describe 'openstack-network::openvswitch_agent' do let(:node) { runner.node } cached(:chef_run) do node.override['openstack']['network']['openvswitch']['integration_bridge'] = 'br-int' - runner.converge(described_recipe) + runner.converge(described_recipe, 'openstack-network::plugin_config') end + + include_context 'neutron-stubs' + before do stub_command('ovs-vsctl --may-exist add-br br-int') end - it 'upgrades openvswitch agent' do + it do expect(chef_run).to upgrade_package 'neutron-openvswitch-agent' end - describe 'create integration network bridget' do - let(:cmd_br) { 'ovs-vsctl --may-exist add-br br-int' } - let(:name) { 'create integration network bridge' } - it 'adds integration network bridge' do - expect(chef_run).to run_execute(name) - .with(command: cmd_br) - end + it do + expect(chef_run).to run_execute('create integration network bridge') + .with(command: 'ovs-vsctl --may-exist add-br br-int') end - it 'sets the openvswitch_agent service to start on boot' do - expect(chef_run).to enable_service 'neutron-openvswitch-agent' + it do + expect(chef_run).to enable_service('neutron-openvswitch-agent').with( + service_name: 'neutron-openvswitch-agent', + supports: { + status: true, + restart: true, + } + ) end - it 'starts the openvswitch_agent service' do + it do expect(chef_run).to start_service 'neutron-openvswitch-agent' end + %w( + template[/etc/neutron/neutron.conf] + template[/etc/neutron/plugins/ml2/openvswitch_agent.ini] + ).each do |t| + it t do + expect(chef_run.service('neutron-openvswitch-agent')).to subscribe_to(t).on(:restart) + end + end end end diff --git a/spec/openvswitch_spec.rb b/spec/openvswitch_spec.rb index 45052aa8..eb19407e 100644 --- a/spec/openvswitch_spec.rb +++ b/spec/openvswitch_spec.rb @@ -6,23 +6,30 @@ describe 'openstack-network::openvswitch' do let(:runner) { ChefSpec::SoloRunner.new(UBUNTU_OPTS) } let(:node) { runner.node } cached(:chef_run) do - runner.converge(described_recipe) + runner.converge(described_recipe, 'openstack-network::plugin_config') end - it 'upgrades openvswitch switch' do - expect(chef_run).to upgrade_package 'openvswitch-switch' + it do + expect(chef_run).to upgrade_package %w(openvswitch-switch bridge-utils) end - it 'upgrades linux bridge utils' do - expect(chef_run).to upgrade_package 'bridge-utils' + it do + expect(chef_run).to enable_service('neutron-openvswitch-switch').with( + service_name: 'openvswitch-switch', + supports: { + status: true, + restart: true, + } + ) end - it 'sets the openvswitch service to start on boot' do - expect(chef_run).to enable_service 'openvswitch-switch' + it do + expect(chef_run).to start_service 'neutron-openvswitch-switch' end - it 'start the openvswitch service' do - expect(chef_run).to start_service 'openvswitch-switch' + it do + expect(chef_run.service('neutron-openvswitch-switch')).to \ + subscribe_to('template[/etc/neutron/plugins/ml2/openvswitch_agent.ini]').on(:restart) end end end diff --git a/spec/plugin_config_spec.rb b/spec/plugin_config_spec.rb index 2be9bba7..df3f5b00 100644 --- a/spec/plugin_config_spec.rb +++ b/spec/plugin_config_spec.rb @@ -30,15 +30,14 @@ describe 'openstack-network::plugin_config' do recursive: true, owner: 'neutron', group: 'neutron', - mode: 0o0700 + mode: '700' ) end %w(ml2_conf.ini openvswitch_conf.ini).each do |conf| let(:file) { chef_run.template(File.join(dir, conf)) } it do - expect(chef_run).to render_config_file(file.name) - .with_section_content('section', 'key = value') + expect(chef_run).to render_config_file(file.name).with_section_content('section', 'key = value') end end end diff --git a/spec/server-redhat_spec.rb b/spec/server-redhat_spec.rb index e663db1b..8e59a1f5 100644 --- a/spec/server-redhat_spec.rb +++ b/spec/server-redhat_spec.rb @@ -13,11 +13,11 @@ describe 'openstack-network::server' do end include_context 'neutron-stubs' - it 'upgrades openstack-neutron packages' do - expect(chef_run).to upgrade_package 'openstack-neutron' + it do + expect(chef_run).to upgrade_package %w(ebtables iproute openstack-neutron openstack-neutron-ml2) end - it 'enables openstack-neutron server service' do + it do expect(chef_run).to enable_service 'neutron-server' end diff --git a/spec/server_spec.rb b/spec/server_spec.rb index 2fbc583b..c28a7b07 100644 --- a/spec/server_spec.rb +++ b/spec/server_spec.rb @@ -11,8 +11,8 @@ describe 'openstack-network::server' do include_context 'neutron-stubs' describe 'package and services' do - it 'upgrades neutron-server packages' do - expect(chef_run).to upgrade_package 'neutron-server' + it do + expect(chef_run).to upgrade_package %w(neutron-server) end context 'allows overriding package names' do @@ -22,25 +22,32 @@ describe 'openstack-network::server' do runner.converge('openstack-network::ml2_core_plugin', described_recipe) end it do - cust_pkgs.each do |pkg| - expect(chef_run).to upgrade_package(pkg) - end + expect(chef_run).to upgrade_package(cust_pkgs) end end - it 'sets the neutron server service to start on boot' do - expect(chef_run).to enable_service 'neutron-server' + it do + expect(chef_run).to enable_service('neutron-server').with( + service_name: 'neutron-server', + supports: { + status: true, + restart: true, + } + ) end - it 'starts the neutron server service' do + it do expect(chef_run).to start_service 'neutron-server' end let(:neutron_service) { chef_run.service('neutron-server') } it do - expect(neutron_service) - .to subscribe_to('template[/etc/neutron/neutron.conf]').on(:restart).delayed + expect(neutron_service).to subscribe_to('template[/etc/neutron/neutron.conf]').on(:restart).delayed + end + + it do + expect(neutron_service).to_not subscribe_to('remote_file[/etc/neutron/policy.json]').on(:restart).delayed end context 'set policyfile_url' do @@ -49,8 +56,7 @@ describe 'openstack-network::server' do runner.converge('openstack-network::ml2_core_plugin', described_recipe) end it do - expect(neutron_service) - .to subscribe_to('remote_file[/etc/neutron/policy.json]').on(:restart).delayed + expect(neutron_service).to subscribe_to('remote_file[/etc/neutron/policy.json]').on(:restart).delayed end end @@ -89,35 +95,30 @@ describe 'openstack-network::server' do it 'creates /etc/default/neutron-server' do expect(chef_run).to create_template(file.name).with( + source: 'neutron-server.erb', user: 'root', group: 'root', - mode: 0o644 - ) - end - end - - describe 'rootwrap.conf' do - let(:file) { chef_run.template('/etc/neutron/rootwrap.conf') } - - it 'creates the /etc/neutron/rootwrap.conf file' do - expect(chef_run).to create_template(file.name).with( - user: 'neutron', - group: 'neutron', - mode: 0o644 + mode: '644', + variables: { + core_plugin_config: '/etc/neutron/plugins/ml2/ml2_conf.ini', + } ) end - context 'template contents' do - it 'sets the default attributes' do - [ - %r{^filters_path = /etc/neutron/rootwrap.d,/usr/share/neutron/rootwrap$}, - %r{^exec_dirs = /sbin,/usr/sbin,/bin,/usr/bin$}, - /^use_syslog = false$/, - /^syslog_log_facility = syslog$/, - /^syslog_log_level = ERROR$/, - ].each do |line| - expect(chef_run).to render_file(file.name).with_content(line) - end + it do + expect(chef_run).to render_file(file.name).with_content( + %r{^NEUTRON_PLUGIN_CONFIG="/etc/neutron/plugins/ml2/ml2_conf.ini"$} + ) + end + context 'enable lbaas' do + cached(:chef_run) do + node.override['openstack']['network_lbaas']['enabled'] = true + runner.converge('openstack-network::ml2_core_plugin', described_recipe) + end + it do + expect(chef_run).to render_file(file.name).with_content( + %r{^NEUTRON_PLUGIN_CONFIG="/etc/neutron/plugins/ml2/ml2_conf.ini --config-dir /etc/neutron/conf.d/neutron-server"$} + ) end end end diff --git a/templates/default/neutron-server.erb b/templates/default/neutron-server.erb index b4b2193e..bc92ca8f 100644 --- a/templates/default/neutron-server.erb +++ b/templates/default/neutron-server.erb @@ -3,4 +3,8 @@ # path to config file corresponding to the core_plugin specified in # neutron.conf -NEUTRON_PLUGIN_CONFIG=<%=@core_plugin_config%> +<% if node['openstack']['network_lbaas']['enabled'] -%> +NEUTRON_PLUGIN_CONFIG="<%=@core_plugin_config%> --config-dir /etc/neutron/conf.d/neutron-server" +<% else -%> +NEUTRON_PLUGIN_CONFIG="<%=@core_plugin_config%>" +<% end -%>