- Cookstyle fixes
- Refactor Berksfile to use groups so we can exclude integration testing
cookbooks
- Update documentation
- Cleanup line wraps
- Enable sensitive resources for the template[/etc/neutron/neutron.conf] and
template[/etc/neutron/metadata_agent.ini] to resources improve security.
- Update delivery configuration to exclude integration cookbooks
- Fix ChefSpec output.
- Update lbaas recipe to use v2 agent driver.
- Add recommended configuration settings to neutron.conf based in Stein
installation docs.
- Remove any resources that define the default action.
- Switch package installations to send packages as arrays instead of individual
package resources. This generally speeds up chef runs.
- Manage /etc/neutron/neutron_lbaas.conf so we can set service_provider
properly.
- Add some missing ChefSpec tests.
- Configure neutron_lbaas.conf on Ubuntu in a manner that allows it to properly
pull in the configuration via the --config-dir option. This is due to the fact
we need to set an additional [service_providers] service_provider line and we
can't do that with hashes.
- Remove FWaaS as it's unmaintained upstream.
Depends-On: https://review.opendev.org/701027
Depends-On: https://review.opendev.org/706151
Change-Id: Id29884766440d37fa18fd62f3f93eecc22224d51
Customer testing has show fwaas v2 to be rather buggy, revert to running
with fwaas v1 now. The fwaas project seems to be lacking maintainers
currently, see whether that situation improves until the next cycle.
Otherwise we may need to drop the service completely, as fwaas v1 has
been removed for Train.
Change-Id: I5d1af49a56a86a66a1d2509b4ca306b6e0cdf77c
Python2.7 is going EOL soon, let us deploy python3 for Rocky from the
start, so we avoid having to switch later.
Depends-On: https://review.opendev.org/682918
Change-Id: I3be10959888870cec8774c2729465a0785eb837f
- Change fwaas attributes to default to v2 instead of deprecated v1
- Drop the deprecated external_network_bridge attribute
- Fix some wordings in comments
Change-Id: Ib4e8c93356ce67d5a77b1260c1b6b9c2082ecbec
In earlier releases python-neutron-fwaas was pulled in as a dependency
of neutron-common automatically, now we need to install that package
explicitly.
Note that this requires the fwaas recipe to be executed also on the
controllers, while previously it only needed to be run on the network
nodes.
Change-Id: I84659e62ae110d79eb486eef7f86869584aba4ee
platform_family method is not working on latest Chef versions
Change-Id: I364ba316dd91cf11cc813f0c642708fd46cd6caf
Depends-On: Ibfc34ec195950e844c6e5b939708bb0ef7411029
Partial-Bug: #1724987
The Level3 public DNS server is responding with fake answers instead of
NXDOMAIN, replace with OpenDNS.
Change-Id: I908d15a56f39f9a2b1de639570493c07346e8b43
- Now use cookbook-openstackclient to create endpoints role service and
user
- added domain creation and access granting
- added values to work with identity_v3
- rewrote specs to work again
- updated readme
- updated neutron-package dependencies for debian
Change-Id: I2d404a424bd79a6e9b282304e21591fa33a48981
Depends-On: I0f8955f05de9b33711c54b9a198f45018cceb8e1
* use StrongSwan driver instead of OpenSwan since xenial does not even provide
openswan packages anymore
* start and enable strongswan service (needs to be verified for centos)
* do not include ::l3_agent recipe in vpnaas recipe, since neutron-vpn-agent
fully replaces neutron-l3-agent
Change-Id: I81cd2e05273402e8db57f3ca5029fb4938bbfe29
This fixes an error when running where its looking for a string not an array.
Change-Id: Ic9aa44cdb553b5f695d54e9d86d7cda1165136f0
Signed-off-by: Lance Albertson <lance@osuosl.org>
With Mitaka, Neutron has learned to set proper MTU values for the DHCP
agent depending on the encapsulation type being used. So do not override
them any more from our side.
Change-Id: Ib3c14a828374d607c49257682d552159c72a13f9
Closes-Bug: 1567923
* added recipe metering_agent following the structure of the other neutron
agents recipes
* added minimal viable config options to default attributes
* added specs
Change-Id: I5f7d8b8a650497b4bcfff5f2b02b0669df656732
* currently if lbaas or vpnaas is enable, the neutron-server recipe will
install the same packages as the node where lbaas-agent or vpnaas-agent is
running on, while it just needs the python modules
* added attributes for definiton of python_dependencies for lbaas and vpnaas
to allow neutron-server to have the modules without installing the full
agent/service-packages
Change-Id: I1be325b7f246fa0628aed2d2a360acd604dd864a
* removed the creation of ovs bridges (except br-int) from all recipes,
since this can not be done in a sufficient generic way or only with a lot of
case switches to cope with all possible network setups
* added an example recipe to create all default ovs bridges from the
networking guide for legacy ovs setups (we should also create one for dvr later)
* splittet recipe ml2_openvswitch into seperate recipes for ml2_openvswitch config,
openvswitch_agent and openvswitch to allow bridge creation from wrapper recipe inbetween
and seperate configs from package installation
Change-Id: I6383575862ba110b3f3b5cba227288dc026fce77
* endpoint type (admin, internal, public) and service (identitiy, network etc.)
was switched during refactoring, this patch reverts this unintended switching
* edited bind_service service type from public,internal,admin to 'all'
for default binding to just one service
Change-Id: I9bf230ba53d23ce11a32acaea2410572eaeb6123
Depends-On: Iec485deaf415e4187a323435cce2b6bbadfc5d42
Depends-On: Ia5bddfc5e2fd77cd6e9e855c680b079f78fc1c3f
* added new logic to render plugin templates
* refactored recipe names to be more consistence
* moved version up to 13.0.0 for mitaka release
* removed suse as supported platform
* added verisionbumb for refactored os-identity and common
* adapted optimized endpoint logic
* added endpoint attributes to fit new endpoint logic
* adapted the specs (unit tests) to work again
* refactored attributes throughout all recipes that were connected to the
attributes used for the neutron.conf.erb template to adapt the new template
attribute syntax
* removed some attributes that were set to non default values, since the
defaults from neutron cloud and should be used instead
* moved all attributes form attributes/default.rb that were used in
neutron.conf.erb to attributes/neutron_conf.rb
* refactored attributes to fit new template logic
* refactored recipes/default.rb to fit new template logic
* removed all attributes set to default values in attribtues/default and
template
* replaced static plugin logic and templates with new config logic, following
the same principles as for neutron.conf
* renamed recipes to fit attributes and actual service names
* added recipes for ml2_core_plugin, ml2_openvswitch and ml2_linuxbridge as well
as a recipe for the creation of all plugin configs (plugin_conf) like plugin.ini
Change-Id: I9cc1b5cc069987ac83e064322c2291772505ff5f
Implements: blueprint cookbook-refactoring
Depends-On: I0547182085eed91d05384fdd7734408a839a9a2c
Depends-On: I3262b2e6f792f37c32a446e6567790b82bdd4613
Remove dup in attributes
Incorrect service resource name reference
iproute package in wrong spec
White space cleanup
Change-Id: I269012e141bee21d1122dec300ba2a80b3d31780
external_network_bridge could be empty to support multiple external
networks, update l3_agent recipe to support this situation.
Change-Id: Idca94b9d40df750f89e70567e641fe96b6f4a4b1
Closes-Bug: #1483994
Hyperv mech_driver has been moved out of neutron core code, and it
became a stand alone package. Current network cookbook did not
install the hyperv mech_driver, so add the logic in hyperv recipe
to intall the hyperv mech_driver when the hyperv is configured in
mechanism_drivers of environment.
Currently there is no package for hyperv mech_driver in all linux
distribution, as the hyperv mech_driver code has been moved out of
neutron code. So here names the package networking-hyperv by
default, overwrite the package name when other users generate the
packages themselves.
Change-Id: I0d27f41e2dc068fc0dd2a67fef5999a006f685dd
Closes-Bug: 1475151
After the refact of nova authentication in neutron, it supports
three auth_plugin: password, v2password, v3password. Each
auth_plugin match a different auth_url. For example:
a) password
auth_plugin = password
auth_url = http://127.0.0.1:35357/
b) v2password
auth_plugin = v2password
auth_url = http://127.0.0.1:35357/v2.0
c) v3password
auth_plugin = v3password
auth_url = http://127.0.0.1:35357/v3
The auth_url should be set following the auth_plugin automatically.
Change-Id: Ia584a6c6a64fcaa92012c957da004ac029ca7db2
Closes-bug: #1459594
Closes-bug: #1461480
Cleaned up all the minor rubocop issues, the ones left relate to
complex logic and what I think is a bug in rubocop for nested
vs compact modules/class definitions.
Change-Id: I6451b7593f36287d4efe4d7542f97d0a090fb1d1
Authenticating to nova using nova_admin_* options is deprecated.
CONF.nova_admin_auth_url
CONF.nova_admin_username
CONF.nova_admin_password
CONF.nova_admin_tenant_id
CONF.nova_admin_tenant_name
This should be done using an auth plugin, like password:
[nova]
region_name = RegionOne
project_domain_id = default
project_name = service
user_domain_id = default
password = passw0rd
username = nova
auth_url = http://127.0.0.1:35357
auth_plugin = password
Reference: https://github.com/openstack/neutron/blob/master/neutron/notifiers/nova.py#L85-90
Change-Id: I8896af89f1b5fef39776a8aa1289cb9ee7645a08
Closes-bug: #1449058
For Kilo release, there are many deprecated group/name in conf files of openstack,
so we need to change the deprecated group/name to new group/name.
blueprint conf-section-update-for-kilo
Closes-bug: #1436170
Change-Id: Ibdd35e55ab79bc684782182d3e4341e672f04401
The default value of metadata_workers in metadata_agent.ini is half of the
number of CPU cores in the computer system. The value will be large only if
there are many CPU cores, which may not be necessary. It should be acceptable
to make this attribute configurable, which follows what has been done for
api_workers and rpc_workers in neutron.conf.
Change-Id: I823b485d72fb74c13e4bce221a256cfed6770d65
Allow this to be skipped if version is nil. Some
repos provide their own version of dnsmasq package.
Change-Id: Ibeb847613b4dabbe5e8570302feb7d0bfc8935b2
Closes-Bug: #1441310