# encoding: UTF-8
#
# Cookbook Name:: openstack-network
# Attributes:: default
#
# Copyright 2013, AT&T
# Copyright 2014, IBM Corp.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#

# Set the endpoints for the network service to allow all other cookbooks to
# access and use them
%w(public internal admin).each do |ep_type|
  # openstack identity service endpoints (used by users and services)
  default['openstack']['endpoints'][ep_type]['network']['host'] = '127.0.0.1'
  default['openstack']['endpoints'][ep_type]['network']['scheme'] = 'http'
  default['openstack']['endpoints'][ep_type]['network']['path'] = ''
  default['openstack']['endpoints'][ep_type]['network']['port'] = 9696
  # web-service (e.g. apache) listen address (can be different from openstack
  # network endpoints)
end
default['openstack']['bind_service']['all']['network']['host'] = '127.0.0.1'
default['openstack']['bind_service']['all']['network']['port'] = 9696

# trigger the usage of syslog (will include the proper recipe to create a log
# config)
default['openstack']['network']['syslog']['use'] = false
# Name of the plugin to load
default['openstack']['network']['identity-api']['auth']['version'] = 'v3'
# Set dbsync command timeout value
default['openstack']['network']['dbsync_timeout'] = 3600
# Specify policy.json remote filwe to import
default['openstack']['network']['policyfile_url'] = nil
# Gets set in the Network Endpoint when registering with Keystone
default['openstack']['network']['region'] = node['openstack']['region']
default['openstack']['network']['service_role'] = 'admin'
default['openstack']['network']['service_name'] = 'neutron'
default['openstack']['network']['service_type'] = 'network'
default['openstack']['network']['description'] = 'OpenStack Networking service'
default['openstack']['network']['rabbit_server_chef_role'] = 'rabbitmq-server'
# Keystone PKI signing directory.
default['openstack']['network']['api']['auth']['cache_dir'] = '/var/cache/neutron/api'
# The bridging interface driver.
# This is used by the L3, DHCP and LBaaS agents.
# Options are:
#
#   - neutron.agent.linux.interface.OVSInterfaceDriver
#   - neutron.agent.linux.interface.BridgeInterfaceDriver
#
default['openstack']['network']['interface_driver'] = 'neutron.agent.linux.interface.OVSInterfaceDriver'
# The agent can use other DHCP drivers.  Dnsmasq is the simplest and requires
# no additional setup of the DHCP server.
default['openstack']['network']['dhcp_driver'] = 'neutron.agent.linux.dhcp.Dnsmasq'
# Version for connection to nova
# TODO: (MRV) Need to allow for this in Common.
default['openstack']['network']['nova']['url_version'] = '/v2'

#
# ============================= rootwrap Configuration ===================
# use neutron root wrap
default['openstack']['network']['use_rootwrap'] = true
# rootwrap.conf
default['openstack']['network']['rootwrap']['conf'].tap do |conf|
  conf['DEFAULT']['filters_path'] = '/etc/neutron/rootwrap.d,/usr/share/neutron/rootwrap'
  conf['DEFAULT']['exec_dirs'] = '/sbin,/usr/sbin,/bin,/usr/bin'
  conf['DEFAULT']['use_syslog'] = false
  conf['DEFAULT']['syslog_log_facility'] = 'syslog'
  conf['DEFAULT']['syslog_log_level'] = 'ERROR'
end

# ============================= dnsmasq Configuration ===================
# TODO: (jklare) this should be refactored and probably pull in the some dnsmasq
# cookbook to do the proper configuration
# Upstream resolver to use
# This will be used by dnsmasq to resolve recursively
# but will not be used if the tenant specifies a dns
# server in their subnet
#
# Defaults are spread out across multiple, presumably
# reliable, upstream providers. Deployers should replace these with their local
# resolvers when possible.
#
# 8.8.8.8 is Google
# 208.67.222.222 is OpenDNS
#
# May be a comma separated list of servers
default['openstack']['network']['dnsmasq']['upstream_dns_servers'] = %w(8.8.8.8 208.67.222.222)

# ============================= DHCP Agent Configuration ===================
default['openstack']['network_dhcp']['config_file'] = '/etc/neutron/dhcp_agent.ini'
default['openstack']['network_dhcp']['conf'].tap do |conf|
  conf['DEFAULT']['interface_driver'] = 'openvswitch'
  conf['DEFAULT']['dnsmasq_config_file '] = '/etc/neutron/dnsmasq.conf'
end

# ============================= L3 Agent Configuration =====================
default['openstack']['network_l3']['external_network_bridge_interface'] = 'enp0s8'

# Customize the l3 config file path
default['openstack']['network_l3']['config_file'] = '/etc/neutron/l3_agent.ini'
default['openstack']['network_l3']['conf'].tap do |conf|
  conf['DEFAULT']['interface_driver'] = 'neutron.agent.linux.interface.OVSInterfaceDriver'
  # Name of bridge used for external network traffic. This should be set to
  # empty value for the linux bridge. When external_network_bridge is empty or nil,
  # creation of external bridge will be skipped in the recipe.
  # Interface to use for external bridge.
  conf['DEFAULT']['external_network_bridge'] = 'br-ex'
end

# ============================= Metadata Agent Configuration ===============

default['openstack']['network_metadata']['config_file'] = '/etc/neutron/metadata_agent.ini'
# The name of the secret databag containing the metadata secret
default['openstack']['network_metadata']['secret_name'] = 'neutron_metadata_secret'
node.default['openstack']['network_metadata']['conf'] = {}

# ============================= Metering Agent Configuration ===============

default['openstack']['network_metering']['config_file'] = '/etc/neutron/metering_agent.ini'
default['openstack']['network_metering']['conf'].tap do |conf|
  conf['DEFAULT']['interface_driver'] =
    'neutron.agent.linux.interface.OVSInterfaceDriver'
  conf['DEFAULT']['driver'] =
    'neutron.services.metering.drivers.iptables.iptables_driver.IptablesMeteringDriver'
end

# ============================= LBaaS Agent Configuration ==================
# To enable 'lbaas' as service_plugin, you need to add it to neutron.conf
# ['Default']['service_plugins']
# Set to true to enable lbaas
default['openstack']['network_lbaas']['enabled'] = false
# Custom the lbaas config file path
default['openstack']['network_lbaas']['config_file'] = '/etc/neutron/lbaas_agent.ini'
default['openstack']['network_lbaas']['conf'].tap do |conf|
  conf['DEFAULT']['periodic_interval'] = 10
  conf['DEFAULT']['ovs_use_veth'] = false
  conf['DEFAULT']['interface_driver'] = 'neutron.agent.linux.interface.OVSInterfaceDriver'
  conf['DEFAULT']['device_driver'] = 'neutron_lbaas.drivers.haproxy.namespace_driver.HaproxyNSDriver'
  case node['platform_family']
  when 'fedora', 'rhel'
    conf['haproxy']['user_group'] = 'nobody'
  when 'debian'
    conf['haproxy']['user_group'] = 'nogroup'
  end
end

# ============================= FWaaS Configuration ==================
# To enable 'firewall' as service_plugin, you need to add it to neutron.conf
# ['Default']['service_plugins']
# Set to True to enable firewall service
default['openstack']['network_fwaas']['enabled'] = false
# Firewall service driver with linux iptables
default['openstack']['network_fwaas']['conf'].tap do |conf|
  conf['fwaas']['driver'] =
    'neutron_fwaas.services.firewall.drivers.linux.iptables_fwaas.IptablesFwaasDriver'
end
# Custom the fwaas config file path
default['openstack']['network_fwaas']['config_file'] = '/etc/neutron/fwaas_driver.ini'
# ============================= platform-specific settings ===========
default['openstack']['network']['platform'].tap do |platform|
  platform['user'] = 'neutron'
  platform['group'] = 'neutron'
  platform['neutron_dhcp_agent_service'] =
    'neutron-dhcp-agent'
  platform['neutron_l3_agent_service'] =
    'neutron-l3-agent'
  platform['neutron_lb_agent_service'] =
    'neutron-lbaasv2-agent'
  platform['neutron_metadata_agent_service'] =
    'neutron-metadata-agent'
  platform['neutron_metering_agent_service'] =
    'neutron-metering-agent'
  platform['neutron_server_service'] =
    'neutron-server'
  platform['neutron_lbaas_python_dependencies'] =
    %w(python-neutron-lbaas)
  case node['platform_family']
  when 'fedora', 'rhel' # :pragma-foodcritic: ~FC024 - won't fix this
    platform['neutron_packages'] =
      %w(openstack-neutron openstack-neutron-ml2 iproute)
    platform['neutron_dhcp_packages'] =
      %w(openstack-neutron iproute)
    platform['neutron_l3_packages'] =
      %w(openstack-neutron iproute radvd keepalived)
    platform['neutron_plugin_package'] =
      'neutron-plugin-ml2'
    # openstack-neutron-fwaas
    platform['neutron_lbaas_packages'] =
      %w(openstack-neutron-lbaas haproxy iproute)
    platform['neutron_openvswitch_packages'] =
      %w(openvswitch)
    platform['neutron_openvswitch_agent_packages'] =
      %w(openstack-neutron-openvswitch iproute)
    platform['neutron_linuxbridge_agent_packages'] =
      %w(openstack-neutron-linuxbridge iproute)
    platform['neutron_linuxbridge_agent_service'] =
      'neutron-linuxbridge-agent'
    platform['neutron_metadata_agent_packages'] =
      %w()
    platform['neutron_metering_agent_packages'] =
      %w(openstack-neutron-metering-agent)
    platform['neutron_server_packages'] =
      %w()
    platform['neutron_openvswitch_service'] =
      'openvswitch'
    platform['neutron_openvswitch_agent_service'] =
      'neutron-openvswitch-agent'
    platform['package_overrides'] =
      ''
  when 'debian'
    platform['neutron_packages'] =
      %w(neutron-common)
    platform['neutron_dhcp_packages'] =
      %w(neutron-dhcp-agent)
    platform['neutron_l3_packages'] =
      %w(neutron-l3-agent radvd keepalived)
    # python-neutron-fwaas
    platform['neutron_lbaas_packages'] =
      %w(python-neutron-lbaas neutron-lbaas-common neutron-lbaasv2-agent haproxy)
    platform['neutron_openvswitch_packages'] =
      %w(openvswitch-switch bridge-utils)
    platform['neutron_openvswitch_build_packages'] =
      %w(
        build-essential pkg-config fakeroot
        libssl-dev openssl debhelper
        autoconf dkms python-all
        python-qt4 python-zopeinterface
        python-twisted-conch
      )
    platform['neutron_openvswitch_agent_packages'] =
      %w(neutron-openvswitch-agent)
    platform['neutron_linuxbridge_agent_packages'] =
      %w(neutron-plugin-linuxbridge neutron-plugin-linuxbridge-agent)
    platform['neutron_linuxbridge_agent_service'] =
      'neutron-plugin-linuxbridge-agent'
    platform['neutron_metadata_agent_packages'] =
      %w(neutron-metadata-agent)
    platform['neutron_metering_agent_packages'] =
      %w(neutron-metering-agent)
    platform['neutron_server_packages'] =
      %w(neutron-server)
    platform['neutron_openvswitch_service'] =
      'openvswitch-switch'
    platform['neutron_openvswitch_agent_service'] =
      'neutron-openvswitch-agent'
    platform['package_overrides'] =
      ''
  end
end