Stein fixes

- Cookstyle fixes - Refactor Berksfile to use groups so we can exclude integration testing cookbooks - Update documentation - Cleanup line wraps - Enable sensitive resources for the template[/etc/neutron/neutron.conf] and template[/etc/neutron/metadata_agent.ini] to resources improve security. - Update delivery configuration to exclude integration cookbooks - Fix ChefSpec output. - Update lbaas recipe to use v2 agent driver. - Add recommended configuration settings to neutron.conf based in Stein installation docs. - Remove any resources that define the default action. - Switch package installations to send packages as arrays instead of individual package resources. This generally speeds up chef runs. - Manage /etc/neutron/neutron_lbaas.conf so we can set service_provider properly. - Add some missing ChefSpec tests. - Configure neutron_lbaas.conf on Ubuntu in a manner that allows it to properly pull in the configuration via the --config-dir option. This is due to the fact we need to set an additional [service_providers] service_provider line and we can't do that with hashes. - Remove FWaaS as it's unmaintained upstream. Depends-On: https://review.opendev.org/701027 Depends-On: https://review.opendev.org/706151 Change-Id: Id29884766440d37fa18fd62f3f93eecc22224d51
2020-02-13 16:39:40 -08:00 · 2020-02-13 16:39:40 -08:00 · cb26946e73
parent 95e7167f78
commit cb26946e73
50 changed files with 937 additions and 705 deletions
--- a/.delivery/project.toml
+++ b/.delivery/project.toml
@ -1 +1,9 @@
-remote_file = "https://raw.githubusercontent.com/chef-cookbooks/community_cookbook_tools/master/delivery/project.toml"
+[local_phases]
 unit = 'rspec spec/'
 lint = 'cookstyle --display-cop-names --extra-details'
 syntax = "berks install -e integration"
 provision = "echo skipping"
 deploy = "echo skipping"
 smoke = "echo skipping"
 functional = "echo skipping"
 cleanup = "echo skipping"
--- a/.rubocop.yml
+++ b/.rubocop.yml
@ -1,5 +1,3 @@
 inherit_from: .rubocop_todo.yml
 AllCops:
  Include:
    - metadata.rb
@ -14,17 +12,3 @@ AllCops:
    - .cookbooks/**/*
    - berks-cookbooks/**/*
    - .bundle/**/*
 Encoding:
  Exclude:
    - metadata.rb
    - Gemfile
 NumericLiterals:
  Enabled: false
 LineLength:
  Enabled: false
 WordArray:
  MinSize: 3
--- a/.rubocop_todo.yml
+++ b/.rubocop_todo.yml
@ -1,21 +0,0 @@
 # This configuration was generated by
 # `rubocop --auto-gen-config`
 # on 2018-08-03 05:26:05 -0700 using RuboCop version 0.55.0.
 # The point is for the user to remove these configuration records
 # one by one as the offenses are removed from the code base.
 # Note that changes in the inspected code, or installation of new
 # versions of RuboCop, may require this file to be generated again.
 # Offense count: 5
 # Cop supports --auto-correct.
 Style/IfUnlessModifier:
  Exclude:
    - 'attributes/neutron_conf.rb'
    - 'recipes/default.rb'
    - 'recipes/l3_agent.rb'
 # Offense count: 135
 # Configuration parameters: AllowHeredoc, AllowURI, URISchemes, IgnoreCopDirectives, IgnoredPatterns.
 # URISchemes: http, https
 Metrics/LineLength:
  Max: 202
--- a/24
+++ b/24
@ -2,20 +2,20 @@ source 'https://supermarket.chef.io'
 solver :ruby, :required
-%w(
+[
-  client
+  %w(client dep),
-  -common
+  %w(-common dep),
-  -dns
+  %w(-dns integration),
-  -identity
+  %w(-identity dep),
-  -image
+  %w(-image integration),
-  -integration-test
+  %w(-integration-test integration),
-  -ops-database
+  %w(-ops-database integration),
-  -ops-messaging
+  %w(-ops-messaging integration),
-).each do |cookbook|
+].each do |cookbook, group|
  if Dir.exist?("../cookbook-openstack#{cookbook}")
-    cookbook "openstack#{cookbook}", path: "../cookbook-openstack#{cookbook}"
+    cookbook "openstack#{cookbook}", path: "../cookbook-openstack#{cookbook}", group: group
  else
-    cookbook "openstack#{cookbook}", git: "https://opendev.org/openstack/cookbook-openstack#{cookbook}"
+    cookbook "openstack#{cookbook}", git: "https://opendev.org/openstack/cookbook-openstack#{cookbook}", group: group
  end
 end
--- a/README.rst
+++ b/README.rst
@ -25,9 +25,9 @@ handle L2 and L3 networking for various hardware vendors and standards.
 Requirements
 ============
- Chef 14 or higher
+- Chef 15 or higher
- ChefDK 3.2.30 for testing (also includes Berkshelf for cookbook
+- Chef Workstation 0.15.18 for testing (also includes Berkshelf for
-  dependency resolution)
+  cookbook dependency resolution)
 Platform
 ========
@ -42,8 +42,8 @@ Cookbooks
 The following cookbooks are dependencies:
 - 'openstackclient'
- 'openstack-common', '>= 18.0.0'
+- 'openstack-common', '>= 19.0.0'
- 'openstack-identity', '>= 18.0.0'
+- 'openstack-identity', '>= 19.0.0'
 Attributes
 ==========
@ -87,13 +87,6 @@ attributes in using the same template as for the ``neutron.conf``
    node['openstack']['network_dhcp']['conf']
 openstack-network::fwaas
 ------------------------
 **This is a 'work in progress' recipe and is currently not tested**
 - Installs the Firewall as a Service
 openstack-network::identity_registration
 ----------------------------------------
@ -244,7 +237,7 @@ License and Author
 +-----------------+--------------------------------------------------+
 | **Copyright**   | Copyright (c) 2016, cloudbau GmbH                |
 +-----------------+--------------------------------------------------+
-| **Copyright**   | Copyright (c) 2016-2019, Oregon State University |
+| **Copyright**   | Copyright (c) 2016-2020, Oregon State University |
 +-----------------+--------------------------------------------------+
 Licensed under the Apache License, Version 2.0 (the "License"); you may
--- a/attributes/default.rb
+++ b/attributes/default.rb
@ -1,10 +1,11 @@
 # encoding: UTF-8
 #
-# Cookbook Name:: openstack-network
+# Cookbook:: openstack-network
 # Attributes:: default
 #
-# Copyright 2013, AT&T
+# Copyright:: 2013, AT&T
-# Copyright 2014, IBM Corp.
+# Copyright:: 2014, IBM Corp.
 # Copyright:: 2016-2020, Oregon State University
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@ -127,10 +128,8 @@ node.default['openstack']['network_metadata']['conf'] = {}
 default['openstack']['network_metering']['config_file'] = '/etc/neutron/metering_agent.ini'
 default['openstack']['network_metering']['conf'].tap do |conf|
-  conf['DEFAULT']['interface_driver'] =
+  conf['DEFAULT']['interface_driver'] = 'neutron.agent.linux.interface.OVSInterfaceDriver'
-    'neutron.agent.linux.interface.OVSInterfaceDriver'
+  conf['DEFAULT']['driver'] = 'neutron.services.metering.drivers.iptables.iptables_driver.IptablesMeteringDriver'
  conf['DEFAULT']['driver'] =
    'neutron.services.metering.drivers.iptables.iptables_driver.IptablesMeteringDriver'
 end
 # ============================= LBaaS Agent Configuration ==================
@ -138,12 +137,22 @@ end
 # ['default']['service_plugins']
 # Set to true to enable lbaas
 default['openstack']['network_lbaas']['enabled'] = false
-# Custom the lbaas config file path
+# Custom the lbaas neutron config file path
-default['openstack']['network_lbaas']['config_file'] = '/etc/neutron/lbaas_agent.ini'
+default['openstack']['network_lbaas']['config_file'] =
  case node['platform_family']
  when 'rhel'
    '/etc/neutron/neutron_lbaas.conf'
  when 'debian'
    '/etc/neutron/conf.d/neutron-server/neutron_lbaas.conf'
  end
 default['openstack']['network_lbaas']['conf'].tap do |conf|
-  conf['DEFAULT']['periodic_interval'] = 10
+  conf['service_providers']['service_provider'] =
-  conf['DEFAULT']['ovs_use_veth'] = false
+    'LOADBALANCERV2:Haproxy:neutron_lbaas.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default'
-  conf['DEFAULT']['interface_driver'] = 'neutron.agent.linux.interface.OVSInterfaceDriver'
+end
 # Custom the lbaas agent config file path
 default['openstack']['network_lbaas_agent']['config_file'] = '/etc/neutron/lbaas_agent.ini'
 default['openstack']['network_lbaas_agent']['conf'].tap do |conf|
  conf['DEFAULT']['interface_driver'] = 'openvswitch'
  conf['DEFAULT']['device_driver'] = 'neutron_lbaas.drivers.haproxy.namespace_driver.HaproxyNSDriver'
  case node['platform_family']
  when 'fedora', 'rhel'
@ -153,112 +162,93 @@ default['openstack']['network_lbaas']['conf'].tap do |conf|
  end
 end
 # ============================= FWaaS Configuration ==================
 # To enable 'firewall' as service_plugin, you need to add it to neutron.conf
 # ['default']['service_plugins']
 # Set to True to enable firewall service
 default['openstack']['network_fwaas']['enabled'] = false
 # Firewall service driver with linux iptables
 default['openstack']['network_fwaas']['conf'].tap do |conf|
  conf['fwaas']['driver'] = 'neutron_fwaas.services.firewall.service_drivers.agents.drivers.linux.iptables_fwaas.IptablesFwaasDriver'
 end
 # Customize the fwaas config file path
 default['openstack']['network_fwaas']['config_file'] = '/etc/neutron/fwaas_driver.ini'
 # ============================= platform-specific settings ===========
 default['openstack']['network']['platform'].tap do |platform|
  platform['user'] = 'neutron'
  platform['group'] = 'neutron'
-  platform['neutron_dhcp_agent_service'] =
+  platform['neutron_dhcp_agent_service'] = 'neutron-dhcp-agent'
-    'neutron-dhcp-agent'
+  platform['neutron_l3_agent_service'] = 'neutron-l3-agent'
-  platform['neutron_l3_agent_service'] =
+  platform['neutron_lb_agent_service'] = 'neutron-lbaasv2-agent'
-    'neutron-l3-agent'
+  platform['neutron_metadata_agent_service'] = 'neutron-metadata-agent'
-  platform['neutron_lb_agent_service'] =
+  platform['neutron_metering_agent_service'] = 'neutron-metering-agent'
-    'neutron-lbaasv2-agent'
+  platform['neutron_server_service'] = 'neutron-server'
-  platform['neutron_metadata_agent_service'] =
+  platform['neutron_rpc_server_service'] = 'neutron-rpc-server'
    'neutron-metadata-agent'
  platform['neutron_metering_agent_service'] =
    'neutron-metering-agent'
  platform['neutron_server_service'] =
    'neutron-server'
  platform['neutron_rpc_server_service'] =
    'neutron-rpc-server'
  case node['platform_family']
  when 'fedora', 'rhel' # :pragma-foodcritic: ~FC024 - won't fix this
    platform['neutron_packages'] =
-      %w(openstack-neutron openstack-neutron-ml2 iproute)
+      %w(
-    platform['neutron_dhcp_packages'] =
+        ebtables
-      %w(openstack-neutron iproute)
+        iproute
        openstack-neutron
        openstack-neutron-ml2
      )
    platform['neutron_dhcp_packages'] = %w(openstack-neutron iproute)
    platform['neutron_l3_packages'] =
-      %w(openstack-neutron iproute radvd keepalived)
+      %w(
-    platform['neutron_plugin_package'] =
+        iproute
-      'neutron-plugin-ml2'
+        keepalived
-    platform['neutron_fwaas_packages'] =
+        openstack-neutron
-      %w()
+        radvd
      )
    platform['neutron_plugin_package'] = 'neutron-plugin-ml2'
    platform['neutron_lbaas_packages'] =
-      %w(openstack-neutron-lbaas haproxy iproute)
+      %w(
-    platform['neutron_lbaas_python_dependencies'] =
+        haproxy
-      %w(python-neutron-lbaas)
+        iproute
-    platform['neutron_openvswitch_packages'] =
+        openstack-neutron-lbaas
-      %w(openvswitch)
+      )
-    platform['neutron_openvswitch_agent_packages'] =
+    platform['neutron_lbaas_python_dependencies'] = %w(python-neutron-lbaas)
-      %w(openstack-neutron-openvswitch iproute)
+    platform['neutron_openvswitch_packages'] = %w(openvswitch)
-    platform['neutron_linuxbridge_agent_packages'] =
+    platform['neutron_openvswitch_agent_packages'] = %w(openstack-neutron-openvswitch iproute)
-      %w(openstack-neutron-linuxbridge iproute)
+    platform['neutron_linuxbridge_agent_packages'] = %w(openstack-neutron-linuxbridge iproute)
-    platform['neutron_linuxbridge_agent_service'] =
+    platform['neutron_linuxbridge_agent_service'] = 'neutron-linuxbridge-agent'
-      'neutron-linuxbridge-agent'
+    platform['neutron_metadata_agent_packages'] = []
-    platform['neutron_metadata_agent_packages'] =
+    platform['neutron_metering_agent_packages'] = %w(openstack-neutron-metering-agent)
-      %w()
+    platform['neutron_server_packages'] = []
-    platform['neutron_metering_agent_packages'] =
+    platform['neutron_openvswitch_service'] = 'openvswitch'
-      %w(openstack-neutron-metering-agent)
+    platform['neutron_openvswitch_agent_service'] = 'neutron-openvswitch-agent'
-    platform['neutron_server_packages'] =
+    platform['package_overrides'] = ''
      %w()
    platform['neutron_openvswitch_service'] =
      'openvswitch'
    platform['neutron_openvswitch_agent_service'] =
      'neutron-openvswitch-agent'
    platform['package_overrides'] =
      ''
  when 'debian'
-    platform['neutron_packages'] =
+    platform['neutron_packages'] = %w(neutron-common python3-neutron)
-      %w(neutron-common python3-neutron)
+    platform['neutron_dhcp_packages'] = %w(neutron-dhcp-agent)
    platform['neutron_dhcp_packages'] =
      %w(neutron-dhcp-agent)
    platform['neutron_l3_packages'] =
-      %w(python3-neutron-fwaas neutron-l3-agent radvd keepalived)
+      %w(
-    platform['neutron_fwaas_packages'] =
+        keepalived
-      %w(python3-neutron-fwaas)
+        neutron-l3-agent
        radvd
      )
    platform['neutron_lbaas_packages'] =
-      %w(python3-neutron-lbaas neutron-lbaas-common neutron-lbaasv2-agent haproxy)
+      %w(
-    platform['neutron_lbaas_python_dependencies'] =
+        haproxy
-      %w(python3-neutron-lbaas)
+        neutron-lbaas-common
-    platform['neutron_openvswitch_packages'] =
+        neutron-lbaasv2-agent
-      %w(openvswitch-switch bridge-utils)
+        python3-neutron-lbaas
      )
    platform['neutron_lbaas_python_dependencies'] = %w(python3-neutron-lbaas)
    platform['neutron_openvswitch_packages'] = %w(openvswitch-switch bridge-utils)
    platform['neutron_openvswitch_build_packages'] =
      %w(
-        build-essential pkg-config fakeroot
+        autoconf
-        libssl-dev openssl debhelper
+        build-essential
-        autoconf dkms python-all
+        debhelper
-        python-qt4 python-zopeinterface
+        dkms
        fakeroot
        libssl-dev
        openssl
        pkg-config
        python-all
        python-qt4
        python-twisted-conch
        python-zopeinterface
      )
-    platform['neutron_openvswitch_agent_packages'] =
+    platform['neutron_openvswitch_agent_packages'] = %w(neutron-openvswitch-agent)
-      %w(neutron-openvswitch-agent)
+    platform['neutron_linuxbridge_agent_packages'] = %w(neutron-plugin-linuxbridge neutron-plugin-linuxbridge-agent)
-    platform['neutron_linuxbridge_agent_packages'] =
+    platform['neutron_linuxbridge_agent_service'] = 'neutron-plugin-linuxbridge-agent'
-      %w(neutron-plugin-linuxbridge neutron-plugin-linuxbridge-agent)
+    platform['neutron_metadata_agent_packages'] = %w(neutron-metadata-agent)
-    platform['neutron_linuxbridge_agent_service'] =
+    platform['neutron_metering_agent_packages'] = %w(neutron-metering-agent)
-      'neutron-plugin-linuxbridge-agent'
+    platform['neutron_server_packages'] = %w(neutron-server)
-    platform['neutron_metadata_agent_packages'] =
+    platform['neutron_openvswitch_service'] = 'openvswitch-switch'
-      %w(neutron-metadata-agent)
+    platform['neutron_openvswitch_agent_service'] = 'neutron-openvswitch-agent'
-    platform['neutron_metering_agent_packages'] =
+    platform['package_overrides'] = ''
      %w(neutron-metering-agent)
    platform['neutron_server_packages'] =
      %w(neutron-server)
    platform['neutron_openvswitch_service'] =
      'openvswitch-switch'
    platform['neutron_openvswitch_agent_service'] =
      'neutron-openvswitch-agent'
    platform['package_overrides'] =
      ''
  end
 end
--- a/attributes/neutron_conf.rb
+++ b/attributes/neutron_conf.rb
@ -11,6 +11,17 @@ default['openstack']['network']['conf'].tap do |conf|
  end
  conf['DEFAULT']['control_exchange'] = 'neutron'
  conf['DEFAULT']['core_plugin'] = 'ml2'
  if node['openstack']['network_lbaas']['enabled']
    conf['DEFAULT']['service_plugins'] =
      if conf['DEFAULT']['service_plugins'].empty?
        'neutron_lbaas.services.loadbalancer.plugin.LoadBalancerPluginv2'
      else
        [
          'neutron_lbaas.services.loadbalancer.plugin.LoadBalancerPluginv2',
          conf['DEFAULT']['service_plugins'],
        ].flatten.sort.join(',')
      end
  end
  # [agent] section
  if node['openstack']['network']['use_rootwrap']
@ -18,7 +29,7 @@ default['openstack']['network']['conf'].tap do |conf|
  end
  # [keystone_authtoken] section
-  conf['keystone_authtoken']['auth_type'] = 'v3password'
+  conf['keystone_authtoken']['auth_type'] = 'password'
  conf['keystone_authtoken']['region_name'] = node['openstack']['region']
  conf['keystone_authtoken']['username'] = 'neutron'
  conf['keystone_authtoken']['user_domain_name'] = 'Default'
@ -26,7 +37,7 @@ default['openstack']['network']['conf'].tap do |conf|
  conf['keystone_authtoken']['project_name'] = 'service'
  conf['keystone_authtoken']['auth_version'] = 'v3'
  # [nova] section
-  conf['nova']['auth_type'] = 'v3password'
+  conf['nova']['auth_type'] = 'password'
  conf['nova']['region_name'] = node['openstack']['region']
  conf['nova']['username'] = 'nova'
  conf['nova']['user_domain_name'] = 'Default'
--- a/metadata.rb
+++ b/metadata.rb
@ -3,33 +3,16 @@ maintainer       'openstack-chef'
 maintainer_email 'openstack-discuss@lists.openstack.org'
 license          'Apache-2.0'
 description      'Installs and configures the OpenStack Network API Service and various agents and plugins'
-version          '18.0.0'
+version          '19.0.0'
 recipe 'openstack-network::_bridge_config_example', 'Example bridge recipe used in kitchen tests'
 recipe 'openstack-network::db_migration', 'Migrates the neutron database'
 recipe 'openstack-network::default', 'Configures common pieces needed for all neutron services and create the neutron.conf'
 recipe 'openstack-network::dhcp_agent', 'Installs the DHCP agent'
 recipe 'openstack-network::fwaas', 'Installs the Firewall as a Service'
 recipe 'openstack-network::identity_registration', 'Registers the OpenStack Network API endpoint and service user with Keystone'
 recipe 'openstack-network::l3_agent', 'Installs the L3 agent'
 recipe 'openstack-network::lbaas', 'Installs the Loadbalancer as a Service'
 recipe 'openstack-network::metadata_agent', 'Installs the metadata agent'
 recipe 'openstack-network::metering_agent', 'Installs the metering agent'
 recipe 'openstack-network::ml2_core_plugin', 'Configure the ml2_core_plugin'
 recipe 'openstack-network::ml2_linuxbridge', 'Configure the ml2 linuxbridge plugin'
 recipe 'openstack-network::ml2_openvswitch', 'Configure the ml2 openvswitch plugin'
 recipe 'openstack-network::openvswitch', 'Installs openvswitch'
 recipe 'openstack-network::openvswitch_agent', 'Installs the openvswitch agent'
 recipe 'openstack-network::plugin_config', 'Generates all the needed plugin configurations directly from the attributes'
 %w(ubuntu redhat centos).each do |os|
  supports os
 end
 depends 'openstackclient'
-depends 'openstack-common', '>= 18.0.0'
+depends 'openstack-common', '>= 19.0.0'
-depends 'openstack-identity', '>= 18.0.0'
+depends 'openstack-identity', '>= 19.0.0'
 issues_url 'https://launchpad.net/openstack-chef'
 source_url 'https://opendev.org/openstack/cookbook-openstack-network'
-chef_version '>= 14.0'
+chef_version '>= 15.0'
--- a/recipes/_bridge_config_example.rb
+++ b/recipes/_bridge_config_example.rb
@ -1,8 +1,10 @@
 # Encoding: utf-8
 #
-# Cookbook Name:: openstack-network
+# Cookbook:: openstack-network
 # Recipe:: _bridge_config_example
 #
 # Copyright:: 2020, Oregon State University
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
@ -41,21 +43,27 @@ tun_interface = node['openstack']['network']['tun_network_bridge_interface']
 # This needs to be done during compile time to ensure that the address_for
 # method used lateron works
 execute 'create eth-ext dummy interface' do
-  command 'ip link add eth-ext type dummy;'\
+  command <<-EOF
-    'ip link set dev eth-ext up'
+    ip link add eth-ext type dummy
    ip link set dev eth-ext up
  EOF
  not_if 'ip link show | grep eth-ext'
 end.run_action(:run)
 execute 'create eth-vlan dummy interface' do
-  command 'ip link add eth-vlan type dummy;'\
+  command <<-EOF
-    'ip link set dev eth-vlan up'
+    ip link add eth-vlan type dummy
    ip link set dev eth-vlan up
  EOF
  not_if 'ip link show | grep eth-vlan'
 end.run_action(:run)
 execute "create #{tun_interface} dummy interface" do
-  command "ip link add #{tun_interface} type dummy;"\
+  command <<-EOF
-    "ip link set dev #{tun_interface} up;"\
+    ip link add #{tun_interface} type dummy
-    "ip addr add 10.0.0.201/24 dev #{tun_interface}"
+    ip link set dev #{tun_interface} up
    ip addr add 10.0.0.201/24 dev #{tun_interface}
  EOF
  not_if "ip link show | grep #{tun_interface}"
 end.run_action(:run)
@ -65,59 +73,48 @@ ohai('reload').run_action(:reload)
 # set all the needed attributes according to the dummy interfaces added above
 # vlan bridge
 node.default['openstack']['network']['vlan_network_bridge_interface'] = 'eth-vlan'
-node.default['openstack']['network']['plugins']['openvswitch']['conf']
+node.default['openstack']['network']['plugins']['openvswitch']['conf'].[]('OVS')['bridge_mappings'] =
-.[]('OVS')['bridge_mappings'] = 'vlan:br-vlan,external:br-ex'
+  'vlan:br-vlan,external:br-ex'
 # external bridge
 node.default['openstack']['network_l3']['external_network_bridge_interface'] = 'eth-ext'
 # tunnel bridge
-node.default['openstack']['network']['plugins']['openvswitch']['conf']
+node.default['openstack']['network']['plugins']['openvswitch']['conf'].[]('OVS')['tunnel_bridge'] = 'br-tun'
-.[]('OVS')['tunnel_bridge'] = 'br-tun'
+node.default['openstack']['network']['plugins']['openvswitch']['conf'].[]('OVS')['local_ip'] =
 node.default['openstack']['network']['plugins']['openvswitch']['conf']
 .[]('OVS')['local_ip'] =
  address_for(tun_interface)
-node.default['openstack']['network']['plugins']['openvswitch']['conf']
+node.default['openstack']['network']['plugins']['openvswitch']['conf'].[]('AGENT')['tunnel_types'] = 'gre,vxlan'
 .[]('AGENT')['tunnel_types'] = 'gre,vxlan'
 # ovs security groups
-node.default['openstack']['network']['plugins']['openvswitch']['conf']
+node.default['openstack']['network']['plugins']['openvswitch']['conf'].[]('SECURITYGROUP')['firewall_driver'] =
 .[]('SECURITYGROUP')['firewall_driver'] =
  'neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver'
 # define variables for bridge definitions below
 ex_bridge_iface = node['openstack']['network_l3']['external_network_bridge_interface']
 vlan_bridge_iface = node['openstack']['network']['vlan_network_bridge_interface']
-tun_bridge = node['openstack']['network']['plugins']['openvswitch']['conf']
+tun_bridge = node['openstack']['network']['plugins']['openvswitch']['conf'].[]('OVS')['tunnel_bridge']
 .[]('OVS')['tunnel_bridge']
 # get the bridge names from the ovs bridge_mappings
-mappings = node['openstack']['network']['plugins']['openvswitch']['conf']
+mappings = node['openstack']['network']['plugins']['openvswitch']['conf'].[]('OVS')['bridge_mappings'].split(',')
 .[]('OVS')['bridge_mappings'].split(',')
 vlan_bridge = mappings.find { |mapping| mapping.split(':').first == 'vlan' }.split(':').last
 ex_bridge = mappings.find { |mapping| mapping.split(':').first == 'external' }.split(':').last
 execute 'create external network bridge' do
  command "ovs-vsctl --may-exist add-br #{ex_bridge}"
  action :run
 end
 execute 'create external network bridge port' do
  command "ovs-vsctl --may-exist add-port #{ex_bridge} #{ex_bridge_iface}"
  action :run
 end
 execute 'create vlan network bridge' do
  command "ovs-vsctl --may-exist add-br #{vlan_bridge}"
  action :run
 end
 execute 'create vlan network bridge port' do
  command "ovs-vsctl --may-exist add-port #{vlan_bridge} #{vlan_bridge_iface}"
  action :run
 end
 execute 'create tunnel network bridge' do
  command "ovs-vsctl --may-exist add-br #{tun_bridge}"
  action :run
 end
--- a/recipes/db_migration.rb
+++ b/recipes/db_migration.rb
@ -1,9 +1,10 @@
 # encoding: UTF-8
 #
-# Cookbook Name:: openstack-network
+# Cookbook:: openstack-network
 # Recipe:: db_migration
 #
-# Copyright 2015, IBM Corp.
+# Copyright:: 2015, IBM Corp.
 # Copyright:: 2020, Oregon State University
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@ -21,30 +22,18 @@
 plugin_config_file = node['openstack']['network']['core_plugin_config_file']
 timeout = node['openstack']['network']['dbsync_timeout']
 # The node['openstack']['network']['plugin_config_file'] attribute is set in the default.rb recipe
-bash 'migrate network database' do
+execute 'migrate network database' do
  timeout timeout
-  migrate_command = 'neutron-db-manage --config-file /etc/neutron/neutron.conf'
+  command <<-EOF.gsub(/^ {4}/, '')
-  code <<-EOF
+    neutron-db-manage --config-file /etc/neutron/neutron.conf upgrade head
-#{migrate_command} upgrade head
+  EOF
 EOF
 end
 # Only if the fwaas is enabled, migrate the database.
 bash 'migrate fwaas database' do
  only_if { node['openstack']['network_fwaas']['enabled'] }
  timeout timeout
  migrate_command = "neutron-db-manage --subproject neutron-fwaas --config-file /etc/neutron/neutron.conf --config-file #{plugin_config_file}"
  code <<-EOF
 #{migrate_command} upgrade head
 EOF
 end
 # Only if the lbaas is enabled, migrate the database.
-bash 'migrate lbaas database' do
+execute 'migrate lbaas database' do
  only_if { node['openstack']['network_lbaas']['enabled'] }
  timeout timeout
-  migrate_command = "neutron-db-manage --subproject neutron-lbaas --config-file /etc/neutron/neutron.conf --config-file #{plugin_config_file}"
+  command <<-EOF.gsub(/^ {4}/, '')
-  code <<-EOF
+    neutron-db-manage --subproject neutron-lbaas --config-file /etc/neutron/neutron.conf --config-file #{plugin_config_file} upgrade head
-#{migrate_command} upgrade head
+  EOF
-EOF
+  only_if { node['openstack']['network_lbaas']['enabled'] }
 end
--- a/recipes/default.rb
+++ b/recipes/default.rb
@ -1,11 +1,12 @@
 # Encoding: utf-8
 #
-# Cookbook Name:: openstack-network
+# Cookbook:: openstack-network
 # Recipe:: default
 #
-# Copyright 2013, AT&T
+# Copyright:: 2013, AT&T
-# Copyright 2013-2014, SUSE Linux GmbH
+# Copyright:: 2013-2014, SUSE Linux GmbH
-# Copyright 2013-2014, IBM Corp.
+# Copyright:: 2013-2014, IBM Corp.
 # Copyright:: 2020, Oregon State University
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@ -33,19 +34,16 @@ if node['openstack']['network']['syslog']['use']
  include_recipe 'openstack-common::logging'
 end
-platform_options['neutron_packages'].each do |pkg|
+package platform_options['neutron_packages'] do
-  package pkg do
+  options platform_options['package_overrides']
-    options platform_options['package_overrides']
+  action :upgrade
    action :upgrade
  end
 end
 db_type = node['openstack']['db']['network']['service_type']
-node['openstack']['db']['python_packages'][db_type].each do |pkg|
+
-  package pkg do
+package node['openstack']['db']['python_packages'][db_type] do
-    options platform_options['package_overrides']
+  options platform_options['package_overrides']
-    action :upgrade
+  action :upgrade
  end
 end
 template '/etc/neutron/rootwrap.conf' do
@ -53,7 +51,7 @@ template '/etc/neutron/rootwrap.conf' do
  cookbook 'openstack-common'
  owner node['openstack']['network']['platform']['user']
  group node['openstack']['network']['platform']['group']
-  mode 0o0644
+  mode '644'
  variables(
    service_config: node['openstack']['network']['rootwrap']['conf']
  )
@ -64,8 +62,7 @@ cookbook_file '/usr/bin/neutron-enable-bridge-firewall.sh' do
  owner 'root'
  group 'wheel'
  mode '0755'
-  action :create
+  only_if { platform_family?('rhel') }
  only_if { node['platform_family'] == 'rhel' }
 end
 if node['openstack']['mq']['service_type'] == 'rabbit'
@ -80,31 +77,21 @@ db_pass = get_password 'db', 'neutron'
 bind_service = node['openstack']['bind_service']['all']['network']
 bind_service_address = bind_address bind_service
 # The auth_url in nova section follows auth_type
 nova_auth_url = nil
 case node['openstack']['network']['conf']['nova']['auth_type']
 when 'v3password'
  nova_auth_url = auth_url
 end
 node.default['openstack']['network']['conf'].tap do |conf|
  if node['openstack']['network']['syslog']['use']
    conf['DEFAULT']['log_config'] = '/etc/openstack/logging.conf'
  end
  conf['DEFAULT']['bind_host'] = bind_service_address
  conf['DEFAULT']['bind_port'] = bind_service['port']
-  conf['nova']['auth_url'] = nova_auth_url if nova_auth_url
+  conf['nova']['auth_url'] = auth_url
  conf['keystone_authtoken']['auth_url'] = auth_url
 end
 # define secrets that are needed in the neutron.conf.erb
 node.default['openstack']['network']['conf_secrets'].tap do |conf_secrets|
-  conf_secrets['database']['connection'] =
+  conf_secrets['database']['connection'] = db_uri('network', db_user, db_pass)
-    db_uri('network', db_user, db_pass)
+  conf_secrets['nova']['password'] = get_password 'service', 'openstack-compute'
-  conf_secrets['nova']['password'] =
+  conf_secrets['keystone_authtoken']['password'] = get_password 'service', 'openstack-network'
    get_password 'service', 'openstack-compute'
  conf_secrets['keystone_authtoken']['password'] =
    get_password 'service', 'openstack-network'
 end
 # merge all config options and secrets to be used in the neutron.conf.erb
@ -115,7 +102,8 @@ template '/etc/neutron/neutron.conf' do
  cookbook 'openstack-common'
  owner node['openstack']['network']['platform']['user']
  group node['openstack']['network']['platform']['group']
-  mode 0o0640
+  mode '640'
  sensitive true
  variables(
    service_config: neutron_conf_options
  )
--- a/recipes/dhcp_agent.rb
+++ b/recipes/dhcp_agent.rb
@ -1,9 +1,10 @@
 # Encoding: utf-8
 #
-# Cookbook Name:: openstack-network
+# Cookbook:: openstack-network
 # Recipe:: dhcp_agent
 #
-# Copyright 2013, AT&T
+# Copyright:: 2013, AT&T
 # Copyright:: 2020, Oregon State University
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@ -22,11 +23,9 @@ include_recipe 'openstack-network'
 platform_options = node['openstack']['network']['platform']
-platform_options['neutron_dhcp_packages'].each do |pkg|
+package platform_options['neutron_dhcp_packages'] do
-  package pkg do
+  options platform_options['package_overrides']
-    options platform_options['package_overrides']
+  action :upgrade
    action :upgrade
  end
 end
 # TODO: (jklare) this should be refactored and probably pull in the some dnsmasq
@ -35,7 +34,7 @@ template '/etc/neutron/dnsmasq.conf' do
  source 'dnsmasq.conf.erb'
  owner node['openstack']['network']['platform']['user']
  group node['openstack']['network']['platform']['group']
-  mode 0o0644
+  mode '644'
 end
 service_config = merge_config_options 'network_dhcp'
@ -44,7 +43,7 @@ template node['openstack']['network_dhcp']['config_file'] do
  cookbook 'openstack-common'
  owner node['openstack']['network']['platform']['user']
  group node['openstack']['network']['platform']['group']
-  mode 0o0644
+  mode '644'
  variables(
    service_config: service_config
  )
@ -52,8 +51,7 @@ end
 # TODO: (jklare) this should be refactored and probably pull in the some dnsmasq
 # cookbook to do the proper configuration
-case node['platform']
+if platform?('centos')
 when 'centos'
  rpm_package 'dnsmasq' do
    action :upgrade
  end
@ -65,7 +63,7 @@ service 'neutron-dhcp-agent' do
  action [:enable, :start]
  subscribes :restart, [
    'template[/etc/neutron/neutron.conf]',
-    'template [/etc/neutron/dnsmasq.conf]',
+    'template[/etc/neutron/dnsmasq.conf]',
    "template[#{node['openstack']['network_dhcp']['config_file']}]",
    'rpm_package[dnsmasq]',
  ]
--- a/recipes/fwaas.rb
+++ b/recipes/fwaas.rb
@ -1,53 +0,0 @@
 # Encoding: utf-8
 #
 # Cookbook Name:: openstack-network
 # Recipe:: fwaas
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 #     http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 include_recipe 'openstack-network'
 # Make Openstack object available in Chef::Recipe
 class ::Chef::Recipe
  include ::Openstack
 end
 platform_options = node['openstack']['network']['platform']
 platform_options['neutron_fwaas_packages'].each do |pkg|
  package pkg do
    options platform_options['package_overrides']
    action :upgrade
  end
 end
 node.default['openstack']['network_fwaas']['conf'].tap do |conf|
  conf['fwaas']['enabled'] = 'True'
 end
 node.default['openstack']['network_l3']['conf'].tap do |conf|
  conf['AGENT']['extensions'] = 'fwaas'
 end
 # As the fwaas package will be installed anyway, configure its config-file attributes following environment.
 service_conf = merge_config_options 'network_fwaas'
 template node['openstack']['network_fwaas']['config_file'] do
  source 'openstack-service.conf.erb'
  cookbook 'openstack-common'
  owner node['openstack']['network']['platform']['user']
  group node['openstack']['network']['platform']['group']
  mode 0o0640
  variables(
    service_config: service_conf
  )
 end
--- a/recipes/identity_registration.rb
+++ b/recipes/identity_registration.rb
@ -1,10 +1,11 @@
 # Encoding: utf-8
 #
-# Cookbook Name:: openstack-network
+# Cookbook:: openstack-network
 # Recipe:: identity_registration
 #
-# Copyright 2013, AT&T
+# Copyright:: 2013, AT&T
-# Copyright 2013, SUSE Linux GmbH
+# Copyright:: 2013, SUSE Linux GmbH
 # Copyright:: 2019-2020, Oregon State University
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@ -35,11 +36,9 @@ interfaces = {
 }
 service_pass = get_password 'service', 'openstack-network'
-service_tenant_name =
+service_tenant_name = node['openstack']['network']['conf']['keystone_authtoken']['project_name']
  node['openstack']['network']['conf']['keystone_authtoken']['project_name']
-service_user =
+service_user = node['openstack']['network']['conf']['keystone_authtoken']['username']
  node['openstack']['network']['conf']['keystone_authtoken']['username']
 service_role = node['openstack']['network']['service_role']
 service_domain_name = node['openstack']['network']['conf']['keystone_authtoken']['user_domain_name']
 admin_user = node['openstack']['identity']['admin_user']
@ -52,11 +51,11 @@ region = node['openstack']['region']
 # endpoint_type = node['openstack']['identity']['endpoint_type']
 connection_params = {
-  openstack_auth_url:      auth_url,
+  openstack_auth_url: auth_url,
-  openstack_username:      admin_user,
+  openstack_username: admin_user,
-  openstack_api_key:       admin_pass,
+  openstack_api_key: admin_pass,
-  openstack_project_name:  admin_project,
+  openstack_project_name: admin_project,
-  openstack_domain_name:   admin_domain,
+  openstack_domain_name: admin_domain,
  # openstack_endpoint_type: endpoint_type,
 }
--- a/recipes/l3_agent.rb
+++ b/recipes/l3_agent.rb
@ -1,9 +1,10 @@
 # Encoding: utf-8
 #
-# Cookbook Name:: openstack-network
+# Cookbook:: openstack-network
 # Recipe:: l3_agent
 #
-# Copyright 2013, AT&T
+# Copyright:: 2013, AT&T
 # Copyright:: 2020, Oregon State University
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@ -27,11 +28,9 @@ end
 platform_options = node['openstack']['network']['platform']
-platform_options['neutron_l3_packages'].each do |pkg|
+package platform_options['neutron_l3_packages'] do
-  package pkg do
+  options platform_options['package_overrides']
-    options platform_options['package_overrides']
+  action :upgrade
    action :upgrade
  end
 end
 service_config = merge_config_options 'network_l3'
@ -40,7 +39,7 @@ template node['openstack']['network_l3']['config_file'] do
  cookbook 'openstack-common'
  owner node['openstack']['network']['platform']['user']
  group node['openstack']['network']['platform']['group']
-  mode 0o0640
+  mode '640'
  variables(
    service_config: service_config
  )
@ -53,6 +52,5 @@ service 'neutron-l3-agent' do
  action [:enable, :start]
  subscribes :restart, [
    'template[/etc/neutron/neutron.conf]',
    "template[#{node['openstack']['network_fwaas']['config_file']}]",
  ]
 end
--- a/recipes/lbaas.rb
+++ b/recipes/lbaas.rb
@ -1,9 +1,10 @@
 # Encoding: utf-8
 #
-# Cookbook Name:: openstack-network
+# Cookbook:: openstack-network
 # Recipe:: lbaas
 #
-# Copyright 2013, Mirantis IT
+# Copyright:: 2013, Mirantis IT
 # Copyright:: 2020, Oregon State University
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@ -17,7 +18,6 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #
 # This recipe should be placed in the run_list of the node that
 # runs the network server or network controller server.
 include_recipe 'openstack-network'
@ -28,23 +28,39 @@ class ::Chef::Recipe
 end
 platform_options = node['openstack']['network']['platform']
-platform_options['neutron_lbaas_packages'].each do |pkg|
+package platform_options['neutron_lbaas_packages'] do
-  package pkg do
+  options platform_options['package_overrides']
-    options platform_options['package_overrides']
+  action :upgrade
    action :upgrade
  end
 end
-service_config = merge_config_options 'network_lbaas'
+neutron_config = merge_config_options 'network_lbaas'
 agent_config = merge_config_options 'network_lbaas_agent'
 directory '/etc/neutron/conf.d/neutron-server' do
  recursive true
  only_if { platform_family?('debian') }
 end
 template node['openstack']['network_lbaas']['config_file'] do
  source 'openstack-service.conf.erb'
  cookbook 'openstack-common'
  owner node['openstack']['network']['platform']['user']
  group node['openstack']['network']['platform']['group']
-  mode 0o0640
+  mode '640'
  variables(
-    service_config: service_config
+    service_config: neutron_config
  )
  notifies :restart, 'service[neutron-server]', :delayed
 end
 template node['openstack']['network_lbaas_agent']['config_file'] do
  source 'openstack-service.conf.erb'
  cookbook 'openstack-common'
  owner node['openstack']['network']['platform']['user']
  group node['openstack']['network']['platform']['group']
  mode '640'
  variables(
    service_config: agent_config
  )
  notifies :restart, 'service[neutron-lb-agent]', :delayed
 end
@ -54,4 +70,5 @@ service 'neutron-lb-agent' do
  supports status: true, restart: true
  action :enable
  subscribes :restart, 'template[/etc/neutron/neutron.conf]', :delayed
  subscribes :restart, "template[#{node['openstack']['network_lbaas']['config_file']}]", :delayed
 end
--- a/recipes/metadata_agent.rb
+++ b/recipes/metadata_agent.rb
@ -1,9 +1,10 @@
 # Encoding: utf-8
 #
-# Cookbook Name:: openstack-network
+# Cookbook:: openstack-network
 # Recipe:: metadata_agent
 #
-# Copyright 2013, AT&T
+# Copyright:: 2013, AT&T
 # Copyright:: 2020, Oregon State University
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@ -26,11 +27,9 @@ platform_options = node['openstack']['network']['platform']
 metadata_secret = get_password 'token', node['openstack']['network_metadata']['secret_name']
 # compute_metadata_api = internal_endpoint 'compute-metadata-api'
-platform_options['neutron_metadata_agent_packages'].each do |pkg|
+package platform_options['neutron_metadata_agent_packages'] do
-  package pkg do
+  action :upgrade
-    action :upgrade
+  options platform_options['package_overrides']
    options platform_options['package_overrides']
  end
 end
 node.default['openstack']['network_metadata']['conf_secrets'].tap do |conf|
@ -43,11 +42,11 @@ template node['openstack']['network_metadata']['config_file'] do
  cookbook 'openstack-common'
  owner node['openstack']['network']['platform']['user']
  group node['openstack']['network']['platform']['group']
-  mode 0o0644
+  mode '644'
  sensitive true
  variables(
    service_config: service_config
  )
  action :create
 end
 # delete all secrets saved in the attribute
--- a/recipes/metering_agent.rb
+++ b/recipes/metering_agent.rb
@ -1,8 +1,10 @@
 # Encoding: utf-8
 #
-# Cookbook Name:: openstack-network
+# Cookbook:: openstack-network
 # Recipe:: metering_agent
 #
 # Copyright:: 2020, Oregon State University
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
@ -20,11 +22,9 @@ include_recipe 'openstack-network'
 platform_options = node['openstack']['network']['platform']
-platform_options['neutron_metering_agent_packages'].each do |pkg|
+package platform_options['neutron_metering_agent_packages'] do
-  package pkg do
+  action :upgrade
-    action :upgrade
+  options platform_options['package_overrides']
    options platform_options['package_overrides']
  end
 end
 service_config = merge_config_options 'network_metering'
@ -33,11 +33,10 @@ template node['openstack']['network_metering']['config_file'] do
  cookbook 'openstack-common'
  owner node['openstack']['network']['platform']['user']
  group node['openstack']['network']['platform']['group']
-  mode 0o0640
+  mode '640'
  variables(
    service_config: service_config
  )
  action :create
 end
 service 'neutron-metering-agent' do
--- a/recipes/ml2_core_plugin.rb
+++ b/recipes/ml2_core_plugin.rb
@ -1,6 +1,6 @@
 # Encoding: utf-8
 #
-# Cookbook Name:: openstack-network
+# Cookbook:: openstack-network
 # Recipe:: ml2_core_plugin
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
--- a/recipes/ml2_linuxbridge.rb
+++ b/recipes/ml2_linuxbridge.rb
@ -1,9 +1,10 @@
 # Encoding: utf-8
 #
-# Cookbook Name:: openstack-network
+# Cookbook:: openstack-network
 # Recipe:: ml2_linuxbridge
 #
-# Copyright 2013, AT&T
+# Copyright:: 2013, AT&T
 # Copyright:: 2016-2020, Oregon State University
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@ -30,28 +31,22 @@ node.default['openstack']['network']['plugins']['ml2']['conf']['ml2']['mechanism
 node.default['openstack']['network']['plugins']['ml2']['conf']['ml2_type_vxlan']['vni_ranges'] = 'VNI_START:VNI_END'
 platform_options = node['openstack']['network']['platform']
-platform_options['neutron_linuxbridge_agent_packages'].each do |pkg|
+
-  package pkg do
+package platform_options['neutron_linuxbridge_agent_packages'] do
-    options platform_options['package_overrides']
+  options platform_options['package_overrides']
-    action :upgrade
+  action :upgrade
  end
 end
 node.default['openstack']['network']['plugins']['linuxbridge'].tap do |lb|
  case node['platform_family']
  when 'fedora', 'rhel'
-    lb['path'] =
+    lb['path'] = '/etc/neutron/plugins/ml2'
-      '/etc/neutron/plugins/ml2'
+    lb['filename'] = 'linuxbridge_agent.ini'
    lb['filename'] =
      'linuxbridge_agent.ini'
  when 'debian'
-    lb['path'] =
+    lb['path'] = '/etc/neutron/plugins/linuxbridge'
-      '/etc/neutron/plugins/linuxbridge'
+    lb['filename'] = 'linuxbridge_conf.ini'
    lb['filename'] =
      'linuxbridge_conf.ini'
  end
-  lb['conf']['securitygroup']['firewall_driver'] =
+  lb['conf']['securitygroup']['firewall_driver'] = 'neutron.agent.linux.iptables_firewall.IptablesFirewallDriver'
    'neutron.agent.linux.iptables_firewall.IptablesFirewallDriver'
 end
 include_recipe 'openstack-network::plugin_config'
@ -60,6 +55,9 @@ service 'neutron-plugin-linuxbridge-agent' do
  service_name platform_options['neutron_linuxbridge_agent_service']
  supports status: true, restart: true
  action [:enable, :start]
-  subscribes :restart, ['template[/etc/neutron/neutron.conf]',
+  subscribes :restart,
-                        'template[/etc/neutron/plugins/linuxbridge/linuxbridge_conf.ini]']
+    [
      'template[/etc/neutron/neutron.conf]',
      'template[/etc/neutron/plugins/linuxbridge/linuxbridge_conf.ini]',
    ]
 end
--- a/recipes/ml2_openvswitch.rb
+++ b/recipes/ml2_openvswitch.rb
@ -1,9 +1,9 @@
 # Encoding: utf-8
 #
-# Cookbook Name:: openstack-network
+# Cookbook:: openstack-network
 # Recipe:: ml2_opensvswitch
 #
-# Copyright 2013, AT&T
+# Copyright:: 2013, AT&T
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
--- a/recipes/openvswitch.rb
+++ b/recipes/openvswitch.rb
@ -1,8 +1,10 @@
 # Encoding: utf-8
 #
-# Cookbook Name:: openstack-network
+# Cookbook:: openstack-network
 # Recipe:: opensvswitch
 #
 # Copyright:: 2020, Oregon State University
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
@ -24,11 +26,9 @@ plugin_file_path = File.join(
 )
 platform_options = node['openstack']['network']['platform']
-platform_options['neutron_openvswitch_packages'].each do |pkg|
+package platform_options['neutron_openvswitch_packages'] do
-  package pkg do
+  options platform_options['package_overrides']
-    options platform_options['package_overrides']
+  action :upgrade
    action :upgrade
  end
 end
 service 'neutron-openvswitch-switch' do
--- a/recipes/openvswitch_agent.rb
+++ b/recipes/openvswitch_agent.rb
@ -1,8 +1,10 @@
 # Encoding: utf-8
 #
-# Cookbook Name:: openstack-network
+# Cookbook:: openstack-network
 # Recipe:: openvswitch_agent
 #
 # Copyright:: 2020, Oregon State University
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
@ -16,6 +18,7 @@
 # limitations under the License.
 #
 include_recipe 'openstack-network'
 include_recipe 'openstack-network::ml2_openvswitch'
 plugin_file_path = File.join(
@ -24,19 +27,14 @@ plugin_file_path = File.join(
 )
 platform_options = node['openstack']['network']['platform']
-platform_options['neutron_openvswitch_agent_packages'].each do |pkg|
+package platform_options['neutron_openvswitch_agent_packages'] do
-  package pkg do
+  action :upgrade
-    action :upgrade
+  options platform_options['package_overrides']
    options platform_options['package_overrides']
  end
 end
-int_bridge =
+int_bridge = node['openstack']['network']['plugins']['openvswitch']['conf'].[]('DEFAULT')['integration_bridge']
  node['openstack']['network']['plugins']['openvswitch']['conf']
 .[]('DEFAULT')['integration_bridge']
 execute 'create integration network bridge' do
  command "ovs-vsctl --may-exist add-br #{int_bridge}"
  action :run
 end
 service 'neutron-openvswitch-agent' do
--- a/recipes/plugin_config.rb
+++ b/recipes/plugin_config.rb
@ -1,8 +1,10 @@
 # Encoding: utf-8
 #
-# Cookbook Name:: openstack-network
+# Cookbook:: openstack-network
 # Recipe:: plugin_config
 #
 # Copyright:: 2020, Oregon State University
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
@ -22,7 +24,7 @@ node['openstack']['network']['plugins'].each_value do |plugin|
    recursive true
    owner node['openstack']['network']['platform']['user']
    group node['openstack']['network']['platform']['group']
-    mode 0o0700
+    mode '700'
  end
  template File.join(plugin['path'], plugin['filename']) do
@ -30,7 +32,7 @@ node['openstack']['network']['plugins'].each_value do |plugin|
    cookbook 'openstack-common'
    owner node['openstack']['network']['platform']['user']
    group node['openstack']['network']['platform']['group']
-    mode 0o0644
+    mode '644'
    variables(
      service_config: plugin['conf']
    )
--- a/recipes/server.rb
+++ b/recipes/server.rb
@ -1,10 +1,11 @@
 # Encoding: utf-8
 #
-# Cookbook Name:: openstack-network
+# Cookbook:: openstack-network
 # Recipe:: server
 #
-# Copyright 2013, AT&T
+# Copyright:: 2013, AT&T
-# Copyright 2013, SUSE Linux GmbH
+# Copyright:: 2013, SUSE Linux GmbH
 # Copyright:: 2020, Oregon State University
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@ -30,7 +31,7 @@ template '/etc/default/neutron-server' do
  source 'neutron-server.erb'
  owner 'root'
  group 'root'
-  mode 0o0644
+  mode '644'
  variables(
    core_plugin_config: node['openstack']['network']['core_plugin_config_file']
  )
@ -39,19 +40,15 @@ end
 platform_options = node['openstack']['network']['platform']
-platform_options['neutron_server_packages'].each do |pkg|
+package platform_options['neutron_server_packages'] do
-  package pkg do
+  options platform_options['package_overrides']
-    options platform_options['package_overrides']
+  action :upgrade
    action :upgrade
  end
 end
 db_type = node['openstack']['db']['network']['service_type']
-node['openstack']['db']['python_packages'][db_type].each do |pkg|
+package node['openstack']['db']['python_packages'][db_type] do
-  package pkg do
+  options platform_options['package_overrides']
-    options platform_options['package_overrides']
+  action :upgrade
    action :upgrade
  end
 end
 if node['openstack']['network']['policyfile_url']
@ -59,20 +56,22 @@ if node['openstack']['network']['policyfile_url']
    source node['openstack']['network']['policyfile_url']
    owner node['openstack']['network']['platform']['user']
    group node['openstack']['network']['platform']['group']
-    mode 0o0644
+    mode '644'
  end
 end
 if node['openstack']['network_lbaas']['enabled']
-  # neutron-lbaas-agent may not running on network node, but on network node, neutron-server still need neutron_lbaas module
+  # neutron-lbaas-agent may not running on network node, but on network
-  # when loading plugin if lbaas is list in service_plugins. In this case, we don't need include balance recipe for network node, but
+  # node, neutron-server still need neutron_lbaas module when loading
-  # we need make sure neutron lbaas python packages get installed on network node before neutron-server start/restart, when lbaas is enabled.
+  # plugin if lbaas is list in service_plugins. In this case, we don't
-  # Otherwise neutron-server will crash for couldn't find lbaas plugin when invoking plugins from service_plugins.
+  # need include balance recipe for network node, but we need make sure
-  platform_options['neutron_lbaas_python_dependencies'].each do |pkg|
+  # neutron lbaas python packages get installed on network node before
-    package pkg do
+  # neutron-server start/restart, when lbaas is enabled. Otherwise
-      options platform_options['package_overrides']
+  # neutron-server will crash for couldn't find lbaas plugin when
-      action :upgrade
+  # invoking plugins from service_plugins.
-    end
+  package platform_options['neutron_lbaas_python_dependencies'] do
    options platform_options['package_overrides']
    action :upgrade
  end
 end
--- a/spec/_bridge_config_example_spec.rb
+++ b/spec/_bridge_config_example_spec.rb
@ -24,12 +24,10 @@ describe 'openstack-network::_bridge_config_example' do
      let(:name) { 'create external network bridge' }
      it 'adds external network bridge' do
-        expect(chef_run).to run_execute(name)
+        expect(chef_run).to run_execute(name).with(command: cmd_br)
          .with(command: cmd_br)
      end
      it 'adds external network bridge port' do
-        expect(chef_run).to run_execute("#{name} port")
+        expect(chef_run).to run_execute("#{name} port").with(command: cmd_port)
          .with(command: cmd_port)
      end
    end
@ -39,12 +37,10 @@ describe 'openstack-network::_bridge_config_example' do
      let(:name) { 'create vlan network bridge' }
      it 'adds vlan network bridge' do
-        expect(chef_run).to run_execute(name)
+        expect(chef_run).to run_execute(name).with(command: cmd_br)
          .with(command: cmd_br)
      end
      it 'adds vlan network bridge port' do
-        expect(chef_run).to run_execute("#{name} port")
+        expect(chef_run).to run_execute("#{name} port").with(command: cmd_port)
          .with(command: cmd_port)
      end
    end
@ -53,8 +49,7 @@ describe 'openstack-network::_bridge_config_example' do
      let(:name) { 'create tunnel network bridge' }
      it 'adds tunnel network bridge' do
-        expect(chef_run).to run_execute(name)
+        expect(chef_run).to run_execute(name).with(command: cmd_br)
          .with(command: cmd_br)
      end
    end
  end
--- a/spec/db_migration_spec.rb
+++ b/spec/db_migration_spec.rb
@ -11,8 +11,8 @@ describe 'openstack-network::db_migration' do
    end
    it 'uses db upgrade head with default timeout for neutron-server' do
-      expect(chef_run).to run_bash('migrate network database').with(
+      expect(chef_run).to run_execute('migrate network database').with(
-        code: /upgrade head/,
+        command: "neutron-db-manage --config-file /etc/neutron/neutron.conf upgrade head\n",
        timeout: 3600
      )
    end
@ -23,32 +23,21 @@ describe 'openstack-network::db_migration' do
        runner.converge(described_recipe)
      end
      it do
-        expect(chef_run).to run_bash('migrate network database').with(
+        expect(chef_run).to run_execute('migrate network database').with(
-          code: /upgrade head/,
+          command: "neutron-db-manage --config-file /etc/neutron/neutron.conf upgrade head\n",
          timeout: 1234
        )
      end
    end
    context 'run db-migration when services are enabled' do
      cached(:chef_run) do
        node.override['openstack']['network_fwaas']['enabled'] = true
        node.override['openstack']['network_lbaas']['enabled'] = true
        node.override['openstack']['network']['core_plugin_config_file'] = '/etc/neutron/plugins/ml2/ml2_conf.ini'
        runner.converge(described_recipe)
      end
      it 'uses db upgrade head when lbaas is enabled' do
-        migrate_cmd = %r{neutron-db-manage --subproject neutron-lbaas --config-file /etc/neutron/neutron.conf|
+        expect(chef_run).to run_execute('migrate lbaas database').with(
-        --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head}
+          command: "neutron-db-manage --subproject neutron-lbaas --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head\n",
        expect(chef_run).to run_bash('migrate lbaas database').with(
          code: migrate_cmd,
          timeout: 3600
        )
      end
      it 'uses db upgrade head when fwaas is enabled' do
        migrate_cmd = %r{neutron-db-manage --subproject neutron-fwaas --config-file /etc/neutron/neutron.conf|
        --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head}
        expect(chef_run).to run_bash('migrate fwaas database').with(
          code: migrate_cmd,
          timeout: 3600
        )
      end
@ -59,22 +48,8 @@ describe 'openstack-network::db_migration' do
        runner.converge(described_recipe)
      end
      it 'does not use db upgrade head when fwaas is not enabled' do
        migrate_cmd = %r{neutron-db-manage --subproject neutron-fwaas --config-file /etc/neutron/neutron.conf|
          --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head}
        expect(chef_run).not_to run_bash('migrate fwaas database').with(
          code: migrate_cmd,
          timeout: 3600
        )
      end
      it 'does not use db upgrade head when lbaas is not enabled' do
-        migrate_cmd = %r{neutron-db-manage --subproject neutron-lbaas --config-file /etc/neutron/neutron.conf|
+        expect(chef_run).not_to run_execute('migrate lbaas database')
          --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head}
        expect(chef_run).not_to run_bash('migrate lbaas database').with(
          code: migrate_cmd,
          timeout: 3600
        )
      end
    end
  end
--- a/spec/default-redhat_spec.rb
+++ b/spec/default-redhat_spec.rb
@ -11,11 +11,26 @@ describe 'openstack-network' do
    include_context 'neutron-stubs'
-    it 'upgrades mysql python package' do
+    pkgs =
      %w(
        ebtables
        iproute
        openstack-neutron
        openstack-neutron-ml2
      )
    it do
      expect(chef_run).to upgrade_package(pkgs)
    end
    it do
      expect(chef_run).to upgrade_package('MySQL-python')
    end
-    it 'upgrades openstack-neutron-ml2 package' do
+    it do
-      expect(chef_run).to upgrade_package('openstack-neutron-ml2')
+      expect(chef_run).to create_cookbook_file('/usr/bin/neutron-enable-bridge-firewall.sh').with(
        source: 'neutron-enable-bridge-firewall.sh',
        owner: 'root',
        group: 'wheel',
        mode: '0755'
      )
    end
  end
 end
--- a/spec/default_spec.rb
+++ b/spec/default_spec.rb
@ -11,13 +11,29 @@ describe 'openstack-network' do
    include_context 'neutron-stubs'
-    %w(neutron-common python3-mysqldb).each do |package|
+    packages = %w(neutron-common python3-neutron)
-      it do
+    it do
-        expect(chef_run).to upgrade_package(package)
+      expect(chef_run).to upgrade_package(packages)
-      end
+    end
    it do
      expect(chef_run).to upgrade_package('python3-mysqldb')
    end
    it do
      expect(chef_run).to_not create_cookbook_file('/usr/bin/neutron-enable-bridge-firewall.sh')
    end
    describe '/etc/neutron/rootwrap.conf' do
      it do
        expect(chef_run).to create_template('/etc/neutron/rootwrap.conf').with(
          source: 'openstack-service.conf.erb',
          cookbook: 'openstack-common',
          owner: 'neutron',
          group: 'neutron',
          mode: '644'
        )
      end
      let(:file) { chef_run.template('/etc/neutron/rootwrap.conf') }
      [
        %r{^filters_path = /etc/neutron/rootwrap\.d,/usr/share/neutron/rootwrap$},
@ -34,60 +50,92 @@ describe 'openstack-network' do
    end
    describe '/etc/neutron/neutron.conf' do
      it do
        expect(chef_run).to create_template('/etc/neutron/neutron.conf').with(
          source: 'openstack-service.conf.erb',
          cookbook: 'openstack-common',
          owner: 'neutron',
          group: 'neutron',
          mode: '640',
          sensitive: true
        )
      end
      let(:file) { chef_run.template('/etc/neutron/neutron.conf') }
      [
        %r{^log_dir = /var/log/neutron$},
        /^control_exchange = neutron$/,
        /^core_plugin = ml2$/,
        %r{^transport_url = rabbit://guest:mypass@127.0.0.1:5672$},
        /^bind_host = 127\.0\.0\.1$/,
        /^bind_port = 9696$/,
        %r{^transport_url = rabbit://guest:mypass@127.0.0.1:5672$},
      ].each do |line|
        it do
-          expect(chef_run).to render_config_file(file.name)
+          expect(chef_run).to render_config_file(file.name).with_section_content('DEFAULT', line)
            .with_section_content('DEFAULT', line)
        end
      end
      context 'lbaas enabled' do
        cached(:chef_run) do
          node.override['openstack']['network_lbaas']['enabled'] = true
          runner.converge(described_recipe)
        end
        [
          /^service_plugins = neutron_lbaas.services.loadbalancer.plugin.LoadBalancerPluginv2$/,
        ].each do |line|
          it do
            expect(chef_run).to render_config_file(file.name).with_section_content('DEFAULT', line)
          end
        end
      end
      [
        %r{^root_helper = sudo neutron-rootwrap /etc/neutron/rootwrap.conf$},
      ].each do |line|
        it do
-          expect(chef_run).to render_config_file(file.name)
+          expect(chef_run).to render_config_file(file.name).with_section_content('agent', line)
            .with_section_content('agent', line)
        end
      end
      [
-        /^project_name = service$/,
+        /^auth_type = password$/,
        /^region_name = RegionOne$/,
        /^username = neutron$/,
        /^user_domain_name = Default/,
        /^project_domain_name = Default/,
        /^project_name = service$/,
        /^auth_version = v3$/,
        %r{^auth_url = http://127.0.0.1:5000/v3$},
        /^password = neutron-pass$/,
        /^auth_type = v3password$/,
      ].each do |line|
        it do
-          expect(chef_run).to render_config_file(file.name)
+          expect(chef_run).to render_config_file(file.name).with_section_content('keystone_authtoken', line)
            .with_section_content('keystone_authtoken', line)
        end
      end
      [
        /^auth_type = password$/,
        /^region_name = RegionOne$/,
        /^auth_type = v3password$/,
        /^username = nova$/,
        /^user_domain_name = Default/,
        /^project_domain_name = Default/,
        /^project_name = service$/,
        /^project_domain_name = Default/,
        %r{^auth_url = http://127.0.0.1:5000/v3$},
        /^password = nova-pass$/,
      ].each do |line|
        it do
-          expect(chef_run).to render_config_file(file.name)
+          expect(chef_run).to render_config_file(file.name).with_section_content('nova', line)
-            .with_section_content('nova', line)
+        end
      end
      [
        %r{^lock_path = /var/lib/neutron/lock$},
      ].each do |line|
        it do
          expect(chef_run).to render_config_file(file.name).with_section_content('oslo_concurrency', line)
        end
      end
      [
        %(connection = mysql+pymysql://neutron:neutron@127.0.0.1:3306/neutron?charset=utf8),
      ].each do |line|
        it do
-          expect(chef_run).to render_config_file(file.name)
+          expect(chef_run).to render_config_file(file.name).with_section_content('database', line)
            .with_section_content('database', line)
        end
      end
    end
--- a/spec/dhcp_agent-centos_spec.rb
+++ b/spec/dhcp_agent-centos_spec.rb
@ -14,49 +14,12 @@ describe 'openstack-network::dhcp_agent' do
    include_context 'neutron-stubs'
-    it 'upgrades neutron dhcp package' do
+    it do
-      expect(chef_run).to upgrade_package('openstack-neutron')
+      expect(chef_run).to upgrade_package(%w(openstack-neutron iproute))
    end
-    it 'upgrades plugin packages' do
+    it do
      expect(chef_run).not_to upgrade_package(/openvswitch/)
      expect(chef_run).not_to upgrade_package(/plugin/)
    end
    it 'starts the dhcp agent on boot' do
      expect(chef_run).to enable_service('neutron-dhcp-agent')
    end
    it 'should install the dnsmasq rpm' do
      expect(chef_run).to upgrade_rpm_package('dnsmasq')
    end
    it 'should notify dhcp agent to restart immediately' do
      expect(chef_run.rpm_package('dnsmasq')).to notify('service[neutron-dhcp-agent]').to(:restart).delayed
    end
    describe '/etc/neutron/dhcp_agent.ini' do
      let(:file) { chef_run.template('/etc/neutron/dhcp_agent.ini') }
      it 'creates dhcp_agent.ini' do
        expect(chef_run).to create_template(file.name).with(
          user: 'neutron',
          group: 'neutron',
          mode: 0o644
        )
      end
    end
    describe '/etc/neutron/dnsmasq.conf' do
      let(:file) { chef_run.template('/etc/neutron/dnsmasq.conf') }
      it 'creates dnsmasq.conf' do
        expect(chef_run).to create_template(file.name).with(
          user: 'neutron',
          group: 'neutron',
          mode: 0o644
        )
      end
    end
  end
 end
--- a/spec/dhcp_agent_spec.rb
+++ b/spec/dhcp_agent_spec.rb
@ -15,38 +15,77 @@ describe 'openstack-network::dhcp_agent' do
      expect(chef_run).to include_recipe('openstack-network')
    end
-    it 'subscribes the agent service to neutron.conf' do
+    %w(
-      expect(chef_run.service('neutron-dhcp-agent')).to subscribe_to('template[/etc/neutron/neutron.conf]').delayed
+      template[/etc/neutron/neutron.conf]
      template[/etc/neutron/dnsmasq.conf]
      template[/etc/neutron/dhcp_agent.ini]
    ).each do |resource|
      it do
        expect(chef_run.service('neutron-dhcp-agent')).to subscribe_to(resource).delayed
      end
    end
-    it 'upgrades neutron dhcp package' do
+    it do
      expect(chef_run).to_not upgrade_rpm_package('dnsmasq')
    end
    it do
      expect(chef_run).to upgrade_package 'neutron-dhcp-agent'
    end
-    it 'starts the dhcp agent on boot' do
+    it do
-      expect(chef_run).to enable_service 'neutron-dhcp-agent'
+      expect(chef_run).to enable_service('neutron-dhcp-agent').with(
        service_name: 'neutron-dhcp-agent',
        supports: {
          restart: true,
          status: true,
        }
      )
    end
    it do
      expect(chef_run).to start_service 'neutron-dhcp-agent'
    end
    describe 'dhcp_agent.ini' do
      let(:file) { chef_run.template('/etc/neutron/dhcp_agent.ini') }
      it 'creates dhcp_agent.ini' do
        expect(chef_run).to create_template(file.name).with(
          source: 'openstack-service.conf.erb',
          cookbook: 'openstack-common',
          user: 'neutron',
          group: 'neutron',
-          mode: 0o644
+          mode: '644'
        )
      end
      [
        /^interface_driver = openvswitch$/,
        %r{^dnsmasq_config_file  = /etc/neutron/dnsmasq.conf$},
      ].each do |line|
        it do
          expect(chef_run).to render_config_file('/etc/neutron/dhcp_agent.ini').with_section_content('DEFAULT', line)
        end
      end
    end
    describe '/etc/neutron/dnsmasq.conf' do
      let(:file) { chef_run.template('/etc/neutron/dnsmasq.conf') }
      it 'creates dnsmasq.conf' do
        expect(chef_run).to create_template(file.name).with(
          source: 'dnsmasq.conf.erb',
          user: 'neutron',
          group: 'neutron',
-          mode: 0o644
+          mode: '644'
        )
      end
      [
        /^server=8.8.8.8$/,
        /^server=208.67.222.222$/,
      ].each do |line|
        it do
          expect(chef_run).to render_file('/etc/neutron/dnsmasq.conf').with_content(line)
        end
      end
    end
  end
 end
--- a/spec/l3_agent-redhat_spec.rb
+++ b/spec/l3_agent-redhat_spec.rb
@ -13,10 +13,15 @@ describe 'openstack-network::l3_agent' do
    include_context 'neutron-stubs'
-    it 'upgrades neutron ml2_ovs packages' do
+    pkgs =
-      %w(openstack-neutron iproute radvd keepalived).each do |pkg|
+      %w(
-        expect(chef_run).to upgrade_package(pkg)
+        iproute
-      end
+        keepalived
        openstack-neutron
        radvd
      )
    it do
      expect(chef_run).to upgrade_package(pkgs)
    end
  end
 end
--- a/spec/l3_agent_spec.rb
+++ b/spec/l3_agent_spec.rb
@ -12,18 +12,33 @@ describe 'openstack-network::l3_agent' do
    describe 'recipe' do
      include_context 'neutron-stubs'
-      it 'starts the l3 agent on boot' do
+      it do
-        expect(chef_run).to enable_service('neutron-l3-agent')
+        expect(chef_run).to enable_service('neutron-l3-agent').with(
          service_name: 'neutron-l3-agent',
          supports: {
            status: true,
            restart: true,
          }
        )
      end
-      it 'subscribes the l3 agent service to neutron.conf' do
+      it do
-        expect(chef_run.service('neutron-l3-agent')).to subscribe_to('template[/etc/neutron/neutron.conf]').delayed
+        expect(chef_run).to start_service('neutron-l3-agent')
      end
-      %w(neutron-l3-agent radvd keepalived).each do |pkg|
+      it do
-        it "upgrades #{pkg} package" do
+        expect(chef_run.service('neutron-l3-agent')).to \
-          expect(chef_run).to upgrade_package(pkg)
+          subscribe_to('template[/etc/neutron/neutron.conf]').on(:restart)
-        end
+      end
      pkgs =
        %w(
          keepalived
          neutron-l3-agent
          radvd
        )
      it do
        expect(chef_run).to upgrade_package(pkgs)
      end
      describe 'l3_agent.ini' do
@ -31,12 +46,22 @@ describe 'openstack-network::l3_agent' do
        it 'creates l3_agent.ini' do
          expect(chef_run).to create_template(file.name).with(
            source: 'openstack-service.conf.erb',
            cookbook: 'openstack-common',
            user: 'neutron',
            group: 'neutron',
-            mode: 0o640
+            mode: '640'
          )
        end
        [
          /^interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver$/,
        ].each do |line|
          it do
            expect(chef_run).to render_config_file('/etc/neutron/l3_agent.ini').with_section_content('DEFAULT', line)
          end
        end
        context 'template contents' do
          cached(:chef_run) do
            node.override['openstack']['network_l3']['conf']['DEFAULT']['external_network_bridge'] = 'network_l3_external_network_bridge_value'
@ -48,11 +73,15 @@ describe 'openstack-network::l3_agent' do
          it 'displays the external_network_bridge l3 attribute' do
            stub_command('ovs-vsctl br-exists network_l3_external_network_bridge_value').and_return(false)
-            expect(chef_run).to render_file(file.name).with_content(/^external_network_bridge = network_l3_external_network_bridge_value$/)
+            expect(chef_run).to render_config_file(file.name)
              .with_section_content(
                'DEFAULT',
                /^external_network_bridge = network_l3_external_network_bridge_value$/
              )
          end
        end
-        it 'notifies the l3 agent service' do
+        it do
          expect(file).to notify('service[neutron-l3-agent]').to(:restart).delayed
        end
      end
--- a/spec/lbaas-redhat_spec.rb
+++ b/spec/lbaas-redhat_spec.rb
@ -8,35 +8,41 @@ describe 'openstack-network::lbaas' do
    cached(:chef_run) do
      node.override['openstack']['compute']['network']['service_type'] = 'neutron'
      node.override['openstack']['network']['lbaas']['enabled'] = 'True'
-      runner.converge(described_recipe)
+      runner.converge(described_recipe, 'openstack-network::ml2_core_plugin', 'openstack-network::server')
    end
    include_context 'neutron-stubs'
    it do
      expect(chef_run).to_not create_directory('/etc/neutron/conf.d/neutron-server')
    end
    describe 'lbaas_agent.ini' do
      let(:file) { chef_run.template('/etc/neutron/lbaas_agent.ini') }
-      it 'creates lbaas_agent.ini' do
+      it do
-        expect(chef_run).to create_template(file.name).with(
+        expect(chef_run).to render_config_file(file.name).with_section_content('haproxy', /^user_group = nobody$/)
          user: 'neutron',
          group: 'neutron',
          mode: 0o640
        )
      end
      it 'displays user_group as nobody' do
        expect(chef_run).to render_file(file.name).with_content(/^user_group = nobody$/)
      end
    end
-    ['haproxy', 'openstack-neutron-lbaas'].each do |pack|
+    pkgs =
-      it "upgrades #{pack} package" do
+      %w(
-        expect(chef_run).to upgrade_package(pack)
+        haproxy
-      end
+        iproute
        openstack-neutron-lbaas
      )
    it do
      expect(chef_run).to upgrade_package(pkgs)
    end
-    it 'enables agent service' do
+    it do
-      expect(chef_run).to enable_service('neutron-lb-agent')
+      expect(chef_run).to enable_service('neutron-lb-agent').with(
        service_name: 'neutron-lbaasv2-agent',
        supports: {
          status: true,
          restart: true,
        }
      )
    end
  end
 end
--- a/spec/lbaas_spec.rb
+++ b/spec/lbaas_spec.rb
@ -6,40 +6,97 @@ describe 'openstack-network::lbaas' do
    let(:runner) { ChefSpec::SoloRunner.new(UBUNTU_OPTS) }
    let(:node) { runner.node }
    cached(:chef_run) do
-      runner.converge(described_recipe)
+      runner.converge(described_recipe, 'openstack-network::ml2_core_plugin', 'openstack-network::server')
    end
    include_context 'neutron-stubs'
    pkgs =
      %w(
        haproxy
        neutron-lbaas-common
        neutron-lbaasv2-agent
        python3-neutron-lbaas
      )
    it do
-      %w(python3-neutron-lbaas neutron-lbaasv2-agent haproxy)
+      expect(chef_run).to upgrade_package(pkgs)
        .each do |pkg|
        expect(chef_run).to upgrade_package(pkg)
      end
    end
-    describe 'lbaas.conf' do
+    it do
      expect(chef_run).to create_directory('/etc/neutron/conf.d/neutron-server').with(recursive: true)
    end
    describe '/etc/neutron/lbaas_agent.ini' do
      let(:file) { chef_run.template('/etc/neutron/lbaas_agent.ini') }
      it do
        expect(chef_run).to create_template(file.name).with(
          source: 'openstack-service.conf.erb',
          cookbook: 'openstack-common',
          user: 'neutron',
          group: 'neutron',
-          mode: 0o0640
+          mode: '640'
        )
      end
      it do
-        [
+        expect(file).to notify('service[neutron-lb-agent]').to(:restart)
-          /^periodic_interval = 10$/,
+      end
-          /^ovs_use_veth = false$/,
+
-          /^interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver$/,
+      [
-          /^device_driver = neutron_lbaas.drivers.haproxy.namespace_driver.HaproxyNSDriver$/,
+        /^interface_driver = openvswitch$/,
-        ].each do |line|
+        /^device_driver = neutron_lbaas.drivers.haproxy.namespace_driver.HaproxyNSDriver$/,
-          expect(chef_run).to render_file(file.name).with_content(line)
+      ].each do |line|
        it do
          expect(chef_run).to render_config_file(file.name).with_section_content('DEFAULT', line)
        end
      end
      [
        /^user_group = nogroup$/,
      ].each do |line|
        it do
          expect(chef_run).to render_config_file(file.name).with_section_content('haproxy', line)
        end
      end
      it do
-        expect(chef_run).to enable_service('neutron-lb-agent')
+        expect(chef_run).to enable_service('neutron-lb-agent').with(
          service_name: 'neutron-lbaasv2-agent',
          supports: {
            status: true,
            restart: true,
          }
        )
      end
      %w(
        template[/etc/neutron/neutron.conf]
        template[/etc/neutron/conf.d/neutron-server/neutron_lbaas.conf]
      ).each do |resource|
        it do
          expect(chef_run.service('neutron-lb-agent')).to subscribe_to(resource).on(:restart)
        end
      end
    end
    describe '/etc/neutron/conf.d/neutron-server/neutron_lbaas.conf' do
      let(:file) { chef_run.template('/etc/neutron/conf.d/neutron-server/neutron_lbaas.conf') }
      it do
        expect(chef_run).to create_template(file.name).with(
          source: 'openstack-service.conf.erb',
          cookbook: 'openstack-common',
          user: 'neutron',
          group: 'neutron',
          mode: '640'
        )
      end
      it do
        expect(file).to notify('service[neutron-server]').to(:restart)
      end
      [
        /^service_provider = LOADBALANCERV2:Haproxy:neutron_lbaas.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default$/,
      ].each do |line|
        it do
          expect(chef_run).to render_config_file(file.name).with_section_content('service_providers', line)
        end
      end
    end
  end
--- a/spec/metadata_agent-rhel_spec.rb
+++ b/spec/metadata_agent-rhel_spec.rb
@ -0,0 +1,29 @@
 # Encoding: utf-8
 require_relative 'spec_helper'
 describe 'openstack-network::metadata_agent' do
  describe 'redhat' do
    let(:runner) { ChefSpec::SoloRunner.new(REDHAT_OPTS) }
    let(:node) { runner.node }
    cached(:chef_run) do
      node.override['openstack']['compute']['network']['service_type'] = 'neutron'
      runner.converge(described_recipe)
    end
    include_context 'neutron-stubs'
    it do
      expect(chef_run).to enable_service('neutron-metadata-agent').with(
        service_name: 'neutron-metadata-agent',
        supports: {
          status: true,
          restart: true,
        }
      )
    end
    it do
      expect(chef_run).to start_service('neutron-metadata-agent')
    end
  end
 end
--- a/spec/metadata_agent_spec.rb
+++ b/spec/metadata_agent_spec.rb
@ -12,14 +12,28 @@ describe 'openstack-network::metadata_agent' do
    include_context 'neutron-stubs'
-    it 'upgrades neutron metadata agent' do
+    it do
      expect(chef_run).to upgrade_package 'neutron-metadata-agent'
    end
    it do
-      expect(chef_run).to enable_service('neutron-metadata-agent')
+      expect(chef_run).to enable_service('neutron-metadata-agent').with(
        service_name: 'neutron-metadata-agent',
        supports: {
          status: true,
          restart: true,
        }
      )
    end
-    it 'subscribes the metadata agent service to neutron.conf' do
+
-      expect(chef_run.service('neutron-metadata-agent')).to subscribe_to('template[/etc/neutron/neutron.conf]').delayed
+    it do
      expect(chef_run).to start_service('neutron-metadata-agent')
    end
    %w(template[/etc/neutron/neutron.conf] template[/etc/neutron/metadata_agent.ini]).each do |resource|
      it do
        expect(chef_run.service('neutron-metadata-agent')).to subscribe_to(resource).delayed
      end
    end
    describe 'metadata_agent.ini' do
@ -27,21 +41,24 @@ describe 'openstack-network::metadata_agent' do
      it 'creates metadata_agent.ini' do
        expect(chef_run).to create_template(file.name).with(
          source: 'openstack-service.conf.erb',
          cookbook: 'openstack-common',
          user: 'neutron',
          group: 'neutron',
-          mode: 0o644
+          mode: '644',
          sensitive: true
        )
      end
      context 'template contents' do
-        it 'sets the metadata_proxy_shared_secret attribute' do
+        [
-          expect(chef_run).to render_file(file.name).with_content(/^metadata_proxy_shared_secret = metadata-secret$/)
+          /^metadata_proxy_shared_secret = metadata-secret$/,
        ].each do |line|
          it do
            expect(chef_run).to render_config_file(file.name).with_section_content('DEFAULT', line)
          end
        end
      end
      it 'notifies the metadata agent service' do
        expect(file).to notify('service[neutron-metadata-agent]').to(:restart).delayed
      end
    end
    it do
      expect(chef_run).to run_ruby_block('delete all attributes in '\
--- a/spec/metering_agent-rhel_spec.rb
+++ b/spec/metering_agent-rhel_spec.rb
@ -0,0 +1,28 @@
 # Encoding: utf-8
 require_relative 'spec_helper'
 describe 'openstack-network::metering_agent' do
  describe 'ubuntu' do
    let(:runner) { ChefSpec::SoloRunner.new(UBUNTU_OPTS) }
    let(:node) { runner.node }
    cached(:chef_run) do
      runner.converge(described_recipe)
    end
    include_context 'neutron-stubs'
    it do
      expect(chef_run).to upgrade_package('neutron-metering-agent')
    end
    it do
      expect(chef_run).to enable_service('neutron-metering-agent').with(
        service_name: 'neutron-metering-agent',
        supports: {
          status: true,
          restart: true,
        }
      )
    end
  end
 end
--- a/spec/metering_agent_spec.rb
+++ b/spec/metering_agent_spec.rb
@ -12,19 +12,18 @@ describe 'openstack-network::metering_agent' do
    include_context 'neutron-stubs'
    it do
-      %w(neutron-metering-agent)
+      expect(chef_run).to upgrade_package('neutron-metering-agent')
        .each do |pkg|
        expect(chef_run).to upgrade_package(pkg)
      end
    end
    describe 'metering_agent.ini' do
      let(:file) { chef_run.template('/etc/neutron/metering_agent.ini') }
      it do
        expect(chef_run).to create_template(file.name).with(
          source: 'openstack-service.conf.erb',
          cookbook: 'openstack-common',
          user: 'neutron',
          group: 'neutron',
-          mode: 0o0640
+          mode: '640'
        )
      end
@ -33,11 +32,25 @@ describe 'openstack-network::metering_agent' do
          /^interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver$/,
          /^driver = neutron.services.metering.drivers.iptables.iptables_driver.IptablesMeteringDriver$/,
        ].each do |line|
-          expect(chef_run).to render_file(file.name).with_content(line)
+          expect(chef_run).to render_config_file(file.name).with_section_content('DEFAULT', line)
        end
      end
    end
    it do
      expect(chef_run).to enable_service('neutron-metering-agent').with(
        service_name: 'neutron-metering-agent',
        supports: {
          status: true,
          restart: true,
        }
      )
    end
    it do
      expect(chef_run).to start_service('neutron-metering-agent')
    end
    %w(template[/etc/neutron/neutron.conf] template[/etc/neutron/metering_agent.ini]).each do |resource|
      it do
-        expect(chef_run).to enable_service('neutron-metering-agent')
+        expect(chef_run.service('neutron-metering-agent')).to subscribe_to(resource).delayed
      end
    end
  end
--- a/spec/ml2_linuxbridge-redhat_spec.rb
+++ b/spec/ml2_linuxbridge-redhat_spec.rb
@ -21,7 +21,7 @@ describe 'openstack-network::ml2_linuxbridge' do
      expect(chef_run).to create_directory('/etc/neutron/plugins/ml2').with(
        owner: 'neutron',
        group: 'neutron',
-        mode: 0o700
+        mode: '700'
      )
    end
    it do
@ -43,9 +43,7 @@ describe 'openstack-network::ml2_linuxbridge' do
    end
    it do
-      %w(openstack-neutron-linuxbridge iproute).each do |pkg|
+      expect(chef_run).to upgrade_package(%w(openstack-neutron-linuxbridge iproute))
        expect(chef_run).to upgrade_package(pkg)
      end
    end
    it do
--- a/spec/ml2_linuxbridge_spec.rb
+++ b/spec/ml2_linuxbridge_spec.rb
@ -18,13 +18,14 @@ describe 'openstack-network::ml2_linuxbridge' do
    include_context 'neutron-stubs'
-    it 'creates the /etc/neutron/plugins/linuxbridge agent directory' do
+    it do
      expect(chef_run).to create_directory('/etc/neutron/plugins/linuxbridge').with(
        owner: 'neutron',
        group: 'neutron',
-        mode: 0o700
+        mode: '700'
      )
    end
    it do
      expect(chef_run).to include_recipe('openstack-network::plugin_config')
    end
@ -33,28 +34,47 @@ describe 'openstack-network::ml2_linuxbridge' do
      let(:file) do
        chef_run.template('/etc/neutron/plugins/linuxbridge/linuxbridge_conf.ini')
      end
      [
        /^firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver$/,
      ].each do |line|
-        it do
+        it "[securitygroup] #{line}" do
-          expect(chef_run).to render_config_file(file.name)
+          expect(chef_run).to render_config_file(file.name).with_section_content('securitygroup', line)
            .with_section_content('securitygroup', line)
        end
      end
    end
    pkgs =
      %w(
        neutron-plugin-linuxbridge
        neutron-plugin-linuxbridge-agent
      )
    it do
-      %w(neutron-plugin-linuxbridge neutron-plugin-linuxbridge-agent).each do |pkg|
+      expect(chef_run).to upgrade_package(pkgs)
        expect(chef_run).to upgrade_package(pkg)
      end
    end
    it do
-      expect(chef_run).to enable_service('neutron-plugin-linuxbridge-agent')
+      expect(chef_run).to enable_service('neutron-plugin-linuxbridge-agent').with(
        service_name: 'neutron-plugin-linuxbridge-agent',
        supports: {
          status: true,
          restart: true,
        }
      )
    end
    it do
-      service = chef_run.service('neutron-plugin-linuxbridge-agent')
+      expect(chef_run).to start_service('neutron-plugin-linuxbridge-agent')
-      expect(service).to(subscribe_to('template[/etc/neutron/neutron.conf]').on(:restart).delayed) && subscribe_to('template[/etc/neutron/plugins/linuxbridge/linuxbridge_conf.ini]').on(:restart).delayed
+    end
    %w(
      template[/etc/neutron/neutron.conf]
      template[/etc/neutron/plugins/linuxbridge/linuxbridge_conf.ini]
    ).each do |resource|
      it do
        expect(chef_run.service('neutron-plugin-linuxbridge-agent')).to subscribe_to(resource).delayed
      end
    end
  end
 end
--- a/spec/ml2_openvswitch_spec.rb
+++ b/spec/ml2_openvswitch_spec.rb
@ -0,0 +1,36 @@
 # pkg upgrade
 # service
 # Encoding: utf-8
 require_relative 'spec_helper'
 describe 'openstack-network::ml2_openvswitch' do
  describe 'ubuntu' do
    let(:runner) { ChefSpec::SoloRunner.new(UBUNTU_OPTS) }
    let(:node) { runner.node }
    cached(:chef_run) do
      runner.converge(described_recipe, 'openstack-network::plugin_config')
    end
    include_context 'neutron-stubs'
    it do
      expect(chef_run).to include_recipe('openstack-network::ml2_core_plugin')
    end
    describe '/etc/neutron/plugins/ml2/openvswitch_agent.ini' do
      let(:file) do
        chef_run.template('/etc/neutron/plugins/ml2/openvswitch_agent.ini')
      end
      [
        /^integration_bridge = br-int$/,
      ].each do |line|
        it do
          expect(chef_run).to render_config_file(file.name).with_section_content('DEFAULT', line)
        end
      end
    end
  end
 end
--- a/spec/openvswitch-rhel_spec.rb
+++ b/spec/openvswitch-rhel_spec.rb
@ -0,0 +1,26 @@
 # Encoding: utf-8
 require_relative 'spec_helper'
 describe 'openstack-network::openvswitch' do
  describe 'redhat' do
    let(:runner) { ChefSpec::SoloRunner.new(REDHAT_OPTS) }
    let(:node) { runner.node }
    cached(:chef_run) do
      runner.converge(described_recipe)
    end
    it do
      expect(chef_run).to upgrade_package 'openvswitch'
    end
    it do
      expect(chef_run).to enable_service('neutron-openvswitch-switch').with(
        service_name: 'openvswitch',
        supports: {
          status: true,
          restart: true,
        }
      )
    end
  end
 end
--- a/spec/openvswitch_agent-rhel_spec.rb
+++ b/spec/openvswitch_agent-rhel_spec.rb
@ -0,0 +1,33 @@
 # Encoding: utf-8
 require_relative 'spec_helper'
 describe 'openstack-network::openvswitch_agent' do
  describe 'redhat' do
    let(:runner) { ChefSpec::SoloRunner.new(REDHAT_OPTS) }
    let(:node) { runner.node }
    cached(:chef_run) do
      node.override['openstack']['network']['openvswitch']['integration_bridge'] = 'br-int'
      runner.converge(described_recipe)
    end
    include_context 'neutron-stubs'
    before do
      stub_command('ovs-vsctl --may-exist add-br br-int')
    end
    it do
      expect(chef_run).to upgrade_package %w(openstack-neutron-openvswitch iproute)
    end
    it do
      expect(chef_run).to enable_service('neutron-openvswitch-agent').with(
        service_name: 'neutron-openvswitch-agent',
        supports: {
          status: true,
          restart: true,
        }
      )
    end
  end
 end
--- a/spec/openvswitch_agent_spec.rb
+++ b/spec/openvswitch_agent_spec.rb
@ -7,31 +7,44 @@ describe 'openstack-network::openvswitch_agent' do
    let(:node) { runner.node }
    cached(:chef_run) do
      node.override['openstack']['network']['openvswitch']['integration_bridge'] = 'br-int'
-      runner.converge(described_recipe)
+      runner.converge(described_recipe, 'openstack-network::plugin_config')
    end
    include_context 'neutron-stubs'
    before do
      stub_command('ovs-vsctl --may-exist add-br br-int')
    end
-    it 'upgrades openvswitch agent' do
+    it do
      expect(chef_run).to upgrade_package 'neutron-openvswitch-agent'
    end
-    describe 'create integration network bridget' do
+    it do
-      let(:cmd_br) { 'ovs-vsctl --may-exist add-br br-int' }
+      expect(chef_run).to run_execute('create integration network bridge')
-      let(:name) { 'create integration network bridge' }
+        .with(command: 'ovs-vsctl --may-exist add-br br-int')
      it 'adds integration network bridge' do
        expect(chef_run).to run_execute(name)
          .with(command: cmd_br)
      end
    end
-    it 'sets the openvswitch_agent service to start on boot' do
+    it do
-      expect(chef_run).to enable_service 'neutron-openvswitch-agent'
+      expect(chef_run).to enable_service('neutron-openvswitch-agent').with(
        service_name: 'neutron-openvswitch-agent',
        supports: {
          status: true,
          restart: true,
        }
      )
    end
-    it 'starts the openvswitch_agent service' do
+    it do
      expect(chef_run).to start_service 'neutron-openvswitch-agent'
    end
    %w(
      template[/etc/neutron/neutron.conf]
      template[/etc/neutron/plugins/ml2/openvswitch_agent.ini]
    ).each do |t|
      it t do
        expect(chef_run.service('neutron-openvswitch-agent')).to subscribe_to(t).on(:restart)
      end
    end
  end
 end
--- a/spec/openvswitch_spec.rb
+++ b/spec/openvswitch_spec.rb
@ -6,23 +6,30 @@ describe 'openstack-network::openvswitch' do
    let(:runner) { ChefSpec::SoloRunner.new(UBUNTU_OPTS) }
    let(:node) { runner.node }
    cached(:chef_run) do
-      runner.converge(described_recipe)
+      runner.converge(described_recipe, 'openstack-network::plugin_config')
    end
-    it 'upgrades openvswitch switch' do
+    it do
-      expect(chef_run).to upgrade_package 'openvswitch-switch'
+      expect(chef_run).to upgrade_package %w(openvswitch-switch bridge-utils)
    end
-    it 'upgrades linux bridge utils' do
+    it do
-      expect(chef_run).to upgrade_package 'bridge-utils'
+      expect(chef_run).to enable_service('neutron-openvswitch-switch').with(
        service_name: 'openvswitch-switch',
        supports: {
          status: true,
          restart: true,
        }
      )
    end
-    it 'sets the openvswitch service to start on boot' do
+    it do
-      expect(chef_run).to enable_service 'openvswitch-switch'
+      expect(chef_run).to start_service 'neutron-openvswitch-switch'
    end
-    it 'start the openvswitch service' do
+    it do
-      expect(chef_run).to start_service 'openvswitch-switch'
+      expect(chef_run.service('neutron-openvswitch-switch')).to \
        subscribe_to('template[/etc/neutron/plugins/ml2/openvswitch_agent.ini]').on(:restart)
    end
  end
 end
--- a/spec/plugin_config_spec.rb
+++ b/spec/plugin_config_spec.rb
@ -30,15 +30,14 @@ describe 'openstack-network::plugin_config' do
            recursive: true,
            owner: 'neutron',
            group: 'neutron',
-            mode: 0o0700
+            mode: '700'
          )
      end
      %w(ml2_conf.ini openvswitch_conf.ini).each do |conf|
        let(:file) { chef_run.template(File.join(dir, conf)) }
        it do
-          expect(chef_run).to render_config_file(file.name)
+          expect(chef_run).to render_config_file(file.name).with_section_content('section', 'key = value')
            .with_section_content('section', 'key = value')
        end
      end
    end
--- a/spec/server-redhat_spec.rb
+++ b/spec/server-redhat_spec.rb
@ -13,11 +13,11 @@ describe 'openstack-network::server' do
    end
    include_context 'neutron-stubs'
-    it 'upgrades openstack-neutron packages' do
+    it do
-      expect(chef_run).to upgrade_package 'openstack-neutron'
+      expect(chef_run).to upgrade_package %w(ebtables iproute openstack-neutron openstack-neutron-ml2)
    end
-    it 'enables openstack-neutron server service' do
+    it do
      expect(chef_run).to enable_service 'neutron-server'
    end
--- a/spec/server_spec.rb
+++ b/spec/server_spec.rb
@ -11,8 +11,8 @@ describe 'openstack-network::server' do
    include_context 'neutron-stubs'
    describe 'package and services' do
-      it 'upgrades neutron-server packages' do
+      it do
-        expect(chef_run).to upgrade_package 'neutron-server'
+        expect(chef_run).to upgrade_package %w(neutron-server)
      end
      context 'allows overriding package names' do
@ -22,25 +22,32 @@ describe 'openstack-network::server' do
          runner.converge('openstack-network::ml2_core_plugin', described_recipe)
        end
        it do
-          cust_pkgs.each do |pkg|
+          expect(chef_run).to upgrade_package(cust_pkgs)
            expect(chef_run).to upgrade_package(pkg)
          end
        end
      end
-      it 'sets the neutron server service to start on boot' do
+      it do
-        expect(chef_run).to enable_service 'neutron-server'
+        expect(chef_run).to enable_service('neutron-server').with(
          service_name: 'neutron-server',
          supports: {
            status: true,
            restart: true,
          }
        )
      end
-      it 'starts the neutron server service' do
+      it do
        expect(chef_run).to start_service 'neutron-server'
      end
      let(:neutron_service) { chef_run.service('neutron-server') }
      it do
-        expect(neutron_service)
+        expect(neutron_service).to subscribe_to('template[/etc/neutron/neutron.conf]').on(:restart).delayed
-          .to subscribe_to('template[/etc/neutron/neutron.conf]').on(:restart).delayed
+      end
      it do
        expect(neutron_service).to_not subscribe_to('remote_file[/etc/neutron/policy.json]').on(:restart).delayed
      end
      context 'set policyfile_url' do
@ -49,8 +56,7 @@ describe 'openstack-network::server' do
          runner.converge('openstack-network::ml2_core_plugin', described_recipe)
        end
        it do
-          expect(neutron_service)
+          expect(neutron_service).to subscribe_to('remote_file[/etc/neutron/policy.json]').on(:restart).delayed
            .to subscribe_to('remote_file[/etc/neutron/policy.json]').on(:restart).delayed
        end
      end
@ -89,35 +95,30 @@ describe 'openstack-network::server' do
      it 'creates /etc/default/neutron-server' do
        expect(chef_run).to create_template(file.name).with(
          source: 'neutron-server.erb',
          user: 'root',
          group: 'root',
-          mode: 0o644
+          mode: '644',
-        )
+          variables: {
-      end
+            core_plugin_config: '/etc/neutron/plugins/ml2/ml2_conf.ini',
-    end
+          }
    describe 'rootwrap.conf' do
      let(:file) { chef_run.template('/etc/neutron/rootwrap.conf') }
      it 'creates the /etc/neutron/rootwrap.conf file' do
        expect(chef_run).to create_template(file.name).with(
          user: 'neutron',
          group: 'neutron',
          mode: 0o644
        )
      end
-      context 'template contents' do
+      it do
-        it 'sets the default attributes' do
+        expect(chef_run).to render_file(file.name).with_content(
-          [
+          %r{^NEUTRON_PLUGIN_CONFIG="/etc/neutron/plugins/ml2/ml2_conf.ini"$}
-            %r{^filters_path = /etc/neutron/rootwrap.d,/usr/share/neutron/rootwrap$},
+        )
-            %r{^exec_dirs = /sbin,/usr/sbin,/bin,/usr/bin$},
+      end
-            /^use_syslog = false$/,
+      context 'enable lbaas' do
-            /^syslog_log_facility = syslog$/,
+        cached(:chef_run) do
-            /^syslog_log_level = ERROR$/,
+          node.override['openstack']['network_lbaas']['enabled'] = true
-          ].each do |line|
+          runner.converge('openstack-network::ml2_core_plugin', described_recipe)
-            expect(chef_run).to render_file(file.name).with_content(line)
+        end
-          end
+        it do
          expect(chef_run).to render_file(file.name).with_content(
            %r{^NEUTRON_PLUGIN_CONFIG="/etc/neutron/plugins/ml2/ml2_conf.ini --config-dir /etc/neutron/conf.d/neutron-server"$}
          )
        end
      end
    end
--- a/templates/default/neutron-server.erb
+++ b/templates/default/neutron-server.erb
@ -3,4 +3,8 @@
 # path to config file corresponding to the core_plugin specified in
 # neutron.conf
-NEUTRON_PLUGIN_CONFIG=<%=@core_plugin_config%>
+<% if node['openstack']['network_lbaas']['enabled'] -%>
 NEUTRON_PLUGIN_CONFIG="<%=@core_plugin_config%> --config-dir /etc/neutron/conf.d/neutron-server"
 <% else -%>
 NEUTRON_PLUGIN_CONFIG="<%=@core_plugin_config%>"
 <% end -%>