Added reconfigure neutron after add new vcenter cluster

* Added get vcenter cluster name from "Vmware" tab
* Added convert cluster name to morefid
* Added public/private key to controller/compute nodes
* Added script, what check and configure neutron, if need
* Added task for connect to controller from compute-vmware via ssh and
  execute neutron reconfigure script
* Update documentation

Change-Id: I0dbd6b15fc2cb1efd0de009ee79a27222fe4bab3

deployment_scripts/puppet/manifests/add-private-key-to-compute.pp

@@ -0,0 +1,3 @@
+notice('fuel-plugin-nsxv: add-private-key-to-compute.pp')
+
+class { '::nsxv::add_private_key_to_compute': }

deployment_scripts/puppet/manifests/add-public-key-to-controller.pp

@@ -0,0 +1,3 @@
+notice('fuel-plugin-nsxv: add-public-key-to-controller.pp')
+
+class { '::nsxv::add_public_key_to_controller': }

deployment_scripts/puppet/manifests/compute-vmware-nova-config.pp

@@ -1,7 +1,3 @@
 notice('fuel-plugin-nsxv: compute_vmware_nova_config.pp')
 
-$use_neutron = hiera('use_neutron', false)
-
-if $use_neutron {
-  class { '::nsxv::compute_vmware_nova_config': }
-}
+class { '::nsxv::compute_vmware_nova_config': }

deployment_scripts/puppet/manifests/gem-install.pp

@@ -0,0 +1,6 @@
+notice('fuel-plugin-nsxv: gem-install.pp')
+
+# ruby gem package must be pre installed before puppet module used
+package { 'ruby-rbvmomi':
+  ensure => latest,
+}

deployment_scripts/puppet/manifests/haproxy-nova-metadata-config.pp

@@ -1,7 +1,3 @@
 notice('fuel-plugin-nsxv: haproxy-nova-metadata-config.pp')
 
-$use_neutron = hiera('use_neutron', false)
-
-if $use_neutron {
-  class { 'nsxv::haproxy_nova_metadata_config': }
-}
+class { 'nsxv::haproxy_nova_metadata_config': }

deployment_scripts/puppet/manifests/hiera-override.pp

@@ -1,10 +1,5 @@
 notice('fuel-plugin-nsxv: hiera-override.pp')
 
-$use_neutron = hiera('use_neutron', false)
-
-if $use_neutron {
-  # Values are changed by pre_build_hook
-  class { '::nsxv::hiera_override':
-    plugin_name => 'NAME',
-  }
+class { '::nsxv::hiera_override':
+  plugin_name => 'NAME',
 }

deployment_scripts/puppet/manifests/horizon-enable-lbaas.pp

@@ -1,19 +1,15 @@
 notice('fuel-plugin-nsxv: horizon-enable-lbaas.pp')
 
-$use_neutron = hiera('use_neutron', false)
+$horizon_settings_file ='/etc/openstack-dashboard/local_settings.py'
+$apache_service        ='apache2'
 
-if $use_neutron {
-  $horizon_settings_file ='/etc/openstack-dashboard/local_settings.py'
-  $apache_service        ='apache2'
-
-  exec { 'enable_lbaas':
-    command  => "sed -ri \"s/^(\\s*)'enable_lb':.*/\\1'enable_lb': True,/g\" ${horizon_settings_file}",
-    unless   => "egrep \"^\\s*'enable_lb':\\s*True\" ${horizon_settings_file}",
-    path     => '/bin:/usr/bin',
-    provider => 'shell',
-  }
-  service{ $apache_service:
-    ensure => 'running',
-  }
-  Exec['enable_lbaas'] ~> Service[$apache_service]
+exec { 'enable_lbaas':
+  command  => "sed -ri \"s/^(\\s*)'enable_lb':.*/\\1'enable_lb': True,/g\" ${horizon_settings_file}",
+  unless   => "egrep \"^\\s*'enable_lb':\\s*True\" ${horizon_settings_file}",
+  path     => '/bin:/usr/bin',
+  provider => 'shell',
 }
+service{ $apache_service:
+  ensure => 'running',
+}
+Exec['enable_lbaas'] ~> Service[$apache_service]

deployment_scripts/puppet/manifests/neutron-haproxy-config.pp

@@ -1,7 +1,3 @@
 notice('fuel-plugin-nsxv: neutron-haproxy-config.pp')
 
-$use_neutron = hiera('use_neutron', false)
-
-if $use_neutron {
-  class { '::nsxv::neutron_haproxy_config': }
-}
+class { '::nsxv::neutron_haproxy_config': }

deployment_scripts/puppet/manifests/neutron-network-create.pp

@@ -1,68 +1,64 @@
 notice('fuel-plugin-nsxv: neutron-network-create.pp')
 
-# NOT enabled by default
 $plugin_name = 'NAME'
-$use_neutron = hiera('use_neutron', false)
 
-if ($use_neutron) {
-  $access_hash     = hiera_hash('access',{})
-  $controller_node = hiera('service_endpoint')
-  $neutron_config  = hiera_hash('neutron_config')
-  $floating_net    = try_get_value($neutron_config, 'default_floating_net', 'net04_ext')
-  $internal_net    = try_get_value($neutron_config, 'default_private_net', 'net04')
-  $os_tenant_name  = $access_hash['tenant']
-  $settings        = hiera($plugin_name)
+$access_hash     = hiera_hash('access',{})
+$controller_node = hiera('service_endpoint')
+$neutron_config  = hiera_hash('neutron_config')
+$floating_net    = try_get_value($neutron_config, 'default_floating_net', 'net04_ext')
+$internal_net    = try_get_value($neutron_config, 'default_private_net', 'net04')
+$os_tenant_name  = $access_hash['tenant']
+$settings        = hiera($plugin_name)
 
-  if !empty($settings['nsxv_floating_ip_range']) and !empty($settings['nsxv_floating_net_cidr']) {
-    $floating_ip_range = split($settings['nsxv_floating_ip_range'], '-')
-    $floating_ip_range_start = $floating_ip_range[0]
-    $floating_ip_range_end   = $floating_ip_range[1]
-    $floating_net_allocation_pool = "start=${floating_ip_range_start},end=${floating_ip_range_end}"
+if !empty($settings['nsxv_floating_ip_range']) and !empty($settings['nsxv_floating_net_cidr']) {
+  $floating_ip_range = split($settings['nsxv_floating_ip_range'], '-')
+  $floating_ip_range_start = $floating_ip_range[0]
+  $floating_ip_range_end   = $floating_ip_range[1]
+  $floating_net_allocation_pool = "start=${floating_ip_range_start},end=${floating_ip_range_end}"
 
-    $floating_net_cidr = $settings['nsxv_floating_net_cidr']
-    $floating_net_gw = $settings['nsxv_floating_net_gw']
-    $default_floating_net_gw = regsubst($floating_net_cidr,'^(\d+\.\d+\.\d+)\.\d+/\d+$','\1.1')
+  $floating_net_cidr = $settings['nsxv_floating_net_cidr']
+  $floating_net_gw = $settings['nsxv_floating_net_gw']
+  $default_floating_net_gw = regsubst($floating_net_cidr,'^(\d+\.\d+\.\d+)\.\d+/\d+$','\1.1')
 
-    neutron_network { $floating_net :
-      ensure                    => 'present',
-      provider_physical_network => $settings['nsxv_external_network'],
-      provider_network_type     => 'flat',
-      router_external           => true,
-      tenant_name               => $os_tenant_name,
-      shared                    => true,
-    }
-    neutron_subnet { "${floating_net}__subnet" :
-      ensure           => 'present',
-      cidr             => $floating_net_cidr,
-      network_name     => $floating_net,
-      tenant_name      => $os_tenant_name,
-      gateway_ip       => pick($floating_net_gw,$default_floating_net_gw),
-      enable_dhcp      => false,
-      allocation_pools => $floating_net_allocation_pool,
-      require          => Neutron_network[$floating_net],
-    }
+  neutron_network { $floating_net :
+    ensure                    => 'present',
+    provider_physical_network => $settings['nsxv_external_network'],
+    provider_network_type     => 'flat',
+    router_external           => true,
+    tenant_name               => $os_tenant_name,
+    shared                    => true,
   }
-
-  if !empty($settings['nsxv_internal_net_cidr']) {
-    $internal_net_dns = split($settings['nsxv_internal_net_dns'], ',')
-    $internal_net_cidr = $settings['nsxv_internal_net_cidr']
-
-    neutron_network { $internal_net :
-      ensure                    => 'present',
-      provider_physical_network => false,
-      router_external           => false,
-      tenant_name               => $os_tenant_name,
-      shared                    => true,
-    }
-    neutron_subnet { "${internal_net}__subnet" :
-      ensure          => 'present',
-      cidr            => $internal_net_cidr,
-      network_name    => $internal_net,
-      tenant_name     => $os_tenant_name,
-      gateway_ip      => regsubst($internal_net_cidr,'^(\d+\.\d+\.\d+)\.\d+/\d+$','\1.1'),
-      enable_dhcp     => true,
-      dns_nameservers => pick($internal_net_dns,[]),
-      require         => Neutron_network[$internal_net],
-    }
+  neutron_subnet { "${floating_net}__subnet" :
+    ensure           => 'present',
+    cidr             => $floating_net_cidr,
+    network_name     => $floating_net,
+    tenant_name      => $os_tenant_name,
+    gateway_ip       => pick($floating_net_gw,$default_floating_net_gw),
+    enable_dhcp      => false,
+    allocation_pools => $floating_net_allocation_pool,
+    require          => Neutron_network[$floating_net],
+  }
+}
+
+if !empty($settings['nsxv_internal_net_cidr']) {
+  $internal_net_dns = split($settings['nsxv_internal_net_dns'], ',')
+  $internal_net_cidr = $settings['nsxv_internal_net_cidr']
+
+  neutron_network { $internal_net :
+    ensure                    => 'present',
+    provider_physical_network => false,
+    router_external           => false,
+    tenant_name               => $os_tenant_name,
+    shared                    => true,
+  }
+  neutron_subnet { "${internal_net}__subnet" :
+    ensure          => 'present',
+    cidr            => $internal_net_cidr,
+    network_name    => $internal_net,
+    tenant_name     => $os_tenant_name,
+    gateway_ip      => regsubst($internal_net_cidr,'^(\d+\.\d+\.\d+)\.\d+/\d+$','\1.1'),
+    enable_dhcp     => true,
+    dns_nameservers => pick($internal_net_dns,[]),
+    require         => Neutron_network[$internal_net],
   }
 }

deployment_scripts/puppet/manifests/neutron-reconf-add-compute.pp

@@ -0,0 +1,22 @@
+notice('fuel-plugin-nsxv: neutron-reconf-add-compute.pp')
+
+$controllers = get_controllers_ip(hiera('nodes'))
+exec { 'random_wait':
+  command  => "/bin/bash -c 'sleep  $((RANDOM%30))'",
+  provider => 'posix',
+}
+ssh_to_controller { $controllers:
+  require => Exec['random_wait'],
+}
+
+# workaround for use $name, else not work
+define ssh_to_controller() {
+  exec { $name:
+    command   => "ssh -l root -i /root/.ssh/compute_vmware_key -T -o 'StrictHostKeyChecking no' -o 'UserKnownHostsFile /dev/null' ${name}",
+    path      => '/usr/bin:/usr/sbin:/bin',
+    provider  => shell,
+    tries     => 3,
+    try_sleep => 10,
+    logoutput => on_failure,
+  }
+}

deployment_scripts/puppet/manifests/neutron-server-policy.pp

@@ -1,7 +1,3 @@
 notice('fuel-plugin-nsxv: neutron-server-policy.pp')
 
-$use_neutron = hiera('use_neutron', false)
-
-if $use_neutron {
-  class { '::nsxv::neutron_server_policy': }
-}
+class { '::nsxv::neutron_server_policy': }

deployment_scripts/puppet/manifests/neutron-server-start.pp

@@ -1,66 +1,62 @@
 notice('fuel-plugin-nsxv: neutron-server-start.pp')
 
-$use_neutron = hiera('use_neutron', false)
+include ::neutron::params
 
-if $use_neutron {
-  include ::neutron::params
+$nsxv_config_file = '/etc/neutron/plugins/vmware/nsx.ini'
 
-  $nsxv_config_file = '/etc/neutron/plugins/vmware/nsx.ini'
+service { 'neutron-server':
+  ensure     => 'running',
+  name       => $::neutron::params::server_service,
+  enable     => true,
+  hasstatus  => true,
+  hasrestart => true,
+}
 
-  service { 'neutron-server':
-    ensure     => 'running',
-    name       => $::neutron::params::server_service,
-    enable     => true,
-    hasstatus  => true,
-    hasrestart => true,
+neutron_config {
+  'DEFAULT/core_plugin': value => 'vmware_nsx.plugin.NsxVPlugin';
+  'DEFAULT/service_plugins': value => 'neutron_lbaas.services.loadbalancer.plugin.LoadBalancerPlugin';
+  'service_providers/service_provider': value => 'LOADBALANCER:VMWareEdge:neutron_lbaas.services.loadbalancer.drivers.vmware.edge_driver.EdgeLoadbalancerDriver:default';
+}
+Neutron_config<||> ~> Service['neutron-server']
+
+if 'primary-controller' in hiera('role') {
+  Exec['neutron-db-sync'] ~> Service['neutron-server']
+  Neutron_config<||> ~> Exec['neutron-db-sync']
+
+  $neutron_config = hiera_hash('neutron_config')
+  $management_vip     = hiera('management_vip')
+  $service_endpoint   = hiera('service_endpoint', $management_vip)
+  $auth_api_version   = 'v2.0'
+  $identity_uri       = "http://${service_endpoint}:5000"
+  $auth_url           = "${identity_uri}/${auth_api_version}"
+  $auth_password      = $neutron_config['keystone']['admin_password']
+  $auth_user          = pick($neutron_config['keystone']['admin_user'], 'neutron')
+  $auth_tenant        = pick($neutron_config['keystone']['admin_tenant'], 'services')
+  $auth_region        = hiera('region', 'RegionOne')
+  $auth_endpoint_type = 'internalURL'
+
+  exec { 'neutron-db-sync':
+    command     => "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file ${nsxv_config_file} upgrade head",
+    path        => '/usr/bin',
+    refreshonly => true,
+    logoutput   => on_failure,
+    provider    => 'shell',
   }
 
-  neutron_config {
-    'DEFAULT/core_plugin': value => 'vmware_nsx.plugin.NsxVPlugin';
-    'DEFAULT/service_plugins': value => 'neutron_lbaas.services.loadbalancer.plugin.LoadBalancerPlugin';
-    'service_providers/service_provider': value => 'LOADBALANCER:VMWareEdge:neutron_lbaas.services.loadbalancer.drivers.vmware.edge_driver.EdgeLoadbalancerDriver:default';
-  }
-  Neutron_config<||> ~> Service['neutron-server']
-
-  if 'primary-controller' in hiera('role') {
-    Exec['neutron-db-sync'] ~> Service['neutron-server']
-    Neutron_config<||> ~> Exec['neutron-db-sync']
-
-    $neutron_config = hiera_hash('neutron_config')
-    $management_vip     = hiera('management_vip')
-    $service_endpoint   = hiera('service_endpoint', $management_vip)
-    $auth_api_version   = 'v2.0'
-    $identity_uri       = "http://${service_endpoint}:5000"
-    $auth_url           = "${identity_uri}/${auth_api_version}"
-    $auth_password      = $neutron_config['keystone']['admin_password']
-    $auth_user          = pick($neutron_config['keystone']['admin_user'], 'neutron')
-    $auth_tenant        = pick($neutron_config['keystone']['admin_tenant'], 'services')
-    $auth_region        = hiera('region', 'RegionOne')
-    $auth_endpoint_type = 'internalURL'
-
-    exec { 'neutron-db-sync':
-      command     => "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file ${nsxv_config_file} upgrade head",
-      path        => '/usr/bin',
-      refreshonly => true,
-      logoutput   => on_failure,
-      provider    => 'shell',
-    }
-
-    exec { 'waiting-for-neutron-api':
-      environment => [
-        "OS_TENANT_NAME=${auth_tenant}",
-        "OS_USERNAME=${auth_user}",
-        "OS_PASSWORD=${auth_password}",
-        "OS_AUTH_URL=${auth_url}",
-        "OS_REGION_NAME=${auth_region}",
-        "OS_ENDPOINT_TYPE=${auth_endpoint_type}",
-      ],
-      path      => '/usr/sbin:/usr/bin:/sbin:/bin',
-      tries     => '30',
-      try_sleep => '4',
-      command   => 'neutron net-list --http-timeout=4 2>&1 > /dev/null',
-      provider  => 'shell',
-      require   => Service['neutron-server'],
-    }
+  exec { 'waiting-for-neutron-api':
+    environment => [
+      "OS_TENANT_NAME=${auth_tenant}",
+      "OS_USERNAME=${auth_user}",
+      "OS_PASSWORD=${auth_password}",
+      "OS_AUTH_URL=${auth_url}",
+      "OS_REGION_NAME=${auth_region}",
+      "OS_ENDPOINT_TYPE=${auth_endpoint_type}",
+    ],
+    path      => '/usr/sbin:/usr/bin:/sbin:/bin',
+    tries     => '30',
+    try_sleep => '4',
+    command   => 'neutron net-list --http-timeout=4 2>&1 > /dev/null',
+    provider  => 'shell',
+    require   => Service['neutron-server'],
   }
 }

deployment_scripts/puppet/manifests/nsxv-config.pp

@@ -1,9 +1,5 @@
 notice('fuel-plugin-nsxv: nsxv-config.pp')
 
-$use_neutron = hiera('use_neutron', false)
-
-if $use_neutron {
-  class { '::nsxv': 
-    plugin_name => 'NAME',
-  }
+class { '::nsxv':
+  plugin_name => 'NAME',
 }

deployment_scripts/puppet/modules/nsxv/files/reconf_neutron_with_new_compute.sh

@@ -0,0 +1,63 @@
+#!/bin/bash -e
+pluginConfFile='/etc/neutron/plugin.ini'
+lockFile='/tmp/nsxv_lock'
+
+#check lockFile modified above 5 min ago(task timeout)
+if [ -n "$(find `dirname $lockFile` -name `basename $lockFile` -mmin +5)" -o ! -e $lockFile ]; then
+  #create lock
+  touch $lockFile
+
+  configuredClusters=$(sed -rn 's/^\s*cluster_moid\s*=\s*([^ ]+)\s*$/\1/p' $pluginConfFile)
+
+  newConfiguredClusters=$(ruby -e "
+
+  require 'hiera'
+  require 'hiera/util'
+  require 'rbvmomi'
+
+  plugin_scope='NAME'
+
+  def hiera(key,type=:priority)
+    hiera = Hiera.new(:config => File.join(Hiera::Util.config_dir, 'hiera.yaml'))
+    hiera.lookup(key, nil, {}, nil, type)
+  end
+
+  datacenter_id=hiera(plugin_scope)['nsxv_datacenter_moid']
+  vcenter_hash = hiera('vcenter',':hash')
+  clusters_id=[]
+  retry_count = 4
+
+  vcenter_hash['computes'].each do |cluster_settings|
+    vc_cluster = cluster_settings['vc_cluster']
+    vc_host = cluster_settings['vc_host']
+    vc_password =  cluster_settings['vc_password']
+    vc_user = cluster_settings['vc_user']
+
+    begin
+      vim = RbVmomi::VIM.connect(host: vc_host, ssl: true, insecure: true, user: vc_user, password: vc_password)
+      rootFolder = vim.serviceInstance.content.rootFolder
+      dc = rootFolder.childEntity.grep(RbVmomi::VIM::Datacenter).find { |x| x.to_s == 'Datacenter(\"'+datacenter_id+'\")' } or fail 'Can not search datacenter with id: ' + datacenter_id
+      cluster = dc.find_compute_resource(vc_cluster) or fail 'Can not search cluster: ' + vc_cluster
+      cluster_id = cluster.to_s.gsub!(/^[^\"]+\"([^\"]+)\"[^\"]*/, '\1')
+      clusters_id.push(cluster_id)
+    rescue
+      retry_count -= 1
+      if retry_count > 0
+        sleep 5
+        retry
+      else
+        raise
+      end
+    end
+  end
+
+  puts clusters_id.sort.join(',')")
+
+  if [ "$configuredClusters" != "$newConfiguredClusters" ]; then
+    sed --follow-symlinks -ri "s|^\s*cluster_moid.*|cluster_moid = $newConfiguredClusters|" $pluginConfFile
+    $(which service) neutron-server restart
+  fi
+
+  #delete lock
+  rm -f $lockFile
+fi

deployment_scripts/puppet/modules/nsxv/lib/puppet/parser/functions/get_controllers_ip.rb

@@ -0,0 +1,17 @@
+module Puppet::Parser::Functions
+  newfunction(:get_controllers_ip, :type => :rvalue, :doc => <<-EOS
+Return a list of ip nodes with 'primary-controller', 'controller' roles.
+The first argument - list of the nodes, ex:
+  get_controllers_ip(hiera('nodes'))
+EOS
+  ) do |args|
+    nodes = args[0]
+    controllers = []
+    nodes.each do |node|
+      if node['role'].include?('controller') or node['role'].include?('primary-controller')
+        controllers.push(node['internal_address'])
+      end
+    end
+    return controllers
+  end
+end

deployment_scripts/puppet/modules/nsxv/lib/puppet/parser/functions/get_vcenter_cluster_id.rb

@@ -0,0 +1,44 @@
+require 'rbvmomi'
+
+module Puppet::Parser::Functions
+  newfunction(:get_vcenter_cluster_id, :type => :rvalue, :doc => <<-EOS
+Return a string of vcenter cluster moref id, clusters names get from hiera
+vcenter hash. The first argument - vcenter datacenter moref id, where
+search clusters, ex:
+  get_vcenter_cluster_id('datacenter-126')
+EOS
+  ) do |args|
+
+    datacenter_id=args[0]
+    vcenter_hash = function_hiera_hash(['vcenter'])
+    clusters_id=[]
+    retry_count = 4
+
+    vcenter_hash['computes'].each do |cluster_settings|
+      vc_cluster = cluster_settings['vc_cluster']
+      vc_host = cluster_settings['vc_host']
+      vc_password =  cluster_settings['vc_password']
+      vc_user = cluster_settings['vc_user']
+
+      begin
+        vim = RbVmomi::VIM.connect(host: vc_host, ssl: true, insecure: true, user: vc_user, password: vc_password)
+        rootFolder = vim.serviceInstance.content.rootFolder
+        dc = rootFolder.childEntity.grep(RbVmomi::VIM::Datacenter).find { |x| x.to_s == 'Datacenter("'+datacenter_id+'")' } or fail 'Can not search datacenter with id: ' + datacenter_id
+        cluster = dc.find_compute_resource(vc_cluster) or fail 'Can not search cluster: ' + vc_cluster
+        cluster_id = cluster.to_s.gsub!(/^[^"]+"([^"]+)"[^"]*/, '\1')
+        clusters_id.push(cluster_id)
+      rescue
+        retry_count -= 1
+        if retry_count > 0
+          sleep 5
+          retry
+        else
+          warning('Can not get moRefId for ' + vc_cluster + ' cluster')
+          raise
+        end
+      end
+    end
+
+    return clusters_id.sort.join(',')
+  end
+end

deployment_scripts/puppet/modules/nsxv/lib/puppet/parser/functions/hiera_overrides.rb

@@ -1,7 +1,12 @@
 require 'yaml'
 
 module Puppet::Parser::Functions
-  newfunction(:hiera_overrides) do |args|
+  newfunction(:hiera_overrides, :doc => <<-EOS
+Custom function to override hiera parameters, the first argument -
+file name, where write new parameters in yaml format, ex:
+   hiera_overrides('/etc/hiera/test.yaml')
+EOS
+  ) do |args|
     filename = args[0]
     hiera_overrides = {}
 

deployment_scripts/puppet/modules/nsxv/manifests/add_private_key_to_compute.pp

@@ -0,0 +1,8 @@
+class nsxv::add_private_key_to_compute {
+  file { '/root/.ssh/compute_vmware_key':
+    ensure  => file,
+    mode    => '0600',
+    source  => "puppet:///modules/${module_name}/compute_vmware_key",
+    replace => true,
+  }
+}

deployment_scripts/puppet/modules/nsxv/manifests/add_public_key_to_controller.pp

@@ -0,0 +1,20 @@
+class nsxv::add_public_key_to_controller {
+  $script_path = '/usr/local/sbin/reconf_neutron_with_new_compute.sh'
+  $script_name = basename($script_path)
+  $ssh_key = file("${module_name}/compute_vmware_key.pub")
+
+  file_line { 'add_private_key':
+    ensure  => present,
+    path    => '/root/.ssh/authorized_keys',
+    line    => "command=\"${script_path}\",no-agent-forwarding,no-port-forwarding,no-pty,no-user-rc,no-X11-forwarding ${ssh_key}",
+    match   => "^command=\"${script_path}\"",
+    replace => true,
+  }
+
+  file { $script_path:
+    ensure  => file,
+    mode    => '0755',
+    source  => "puppet:///modules/${module_name}/${script_name}",
+    replace => true,
+  }
+}

deployment_scripts/puppet/modules/nsxv/manifests/init.pp

@@ -14,6 +14,7 @@ class nsxv (
   $nova_metadata_port = '8775'
   $metadata_shared_secret = $neutron_config['metadata']['metadata_proxy_shared_secret']
   $nsxv_config_dirs = [ '/etc/neutron', '/etc/neutron/plugins', '/etc/neutron/plugins/vmware' ]
+  $cluster_moid = get_vcenter_cluster_id($settings['nsxv_datacenter_moid'])
 
   if ! $settings['nsxv_insecure'] {
     $ca_certificate_content = $settings['nsxv_ca_file']['content']

deployment_scripts/puppet/modules/nsxv/templates/nsx.ini.erb

@@ -24,7 +24,7 @@ password = <%= settings['nsxv_password'] %>
 datacenter_moid = <%= settings['nsxv_datacenter_moid'] %>
 
 # (Required) Cluster IDs for clusters containing OpenStack hosts, comma separated
-cluster_moid = <%= settings['nsxv_cluster_moid'] %>
+cluster_moid = <%= scope.lookupvar('cluster_moid') %>
 
 # (Optional) Resource pool ID for NSX Edge deployment
 resource_pool_id = <%= settings['nsxv_resource_pool_id'] %>

deployment_tasks.yaml

@@ -7,6 +7,15 @@
     puppet_manifest: puppet/manifests/hiera-override.pp
     puppet_modules: puppet/modules:/etc/puppet/modules
     timeout: 120
+- id: gem-install
+  type: puppet
+  groups: [primary-controller,controller]
+  required_for: [nsxv-install]
+  requires: [globals]
+  parameters:
+    puppet_manifest: puppet/manifests/gem-install.pp
+    puppet_modules: puppet/modules
+    timeout: 300
 - id: compute-vmware-nova-config
   type: puppet
   groups: [compute-vmware]

doc/user/source/configuration.rst

@@ -26,15 +26,11 @@ Plugin contains the following settings:
 #. Datacenter MoRef ID -- ID of Datacenter where NSX Edge nodes will be
    deployed.
 
-#. Cluster MoRef IDs for OpenStack VMs -- list of comma separated IDs of
-   cluster where OpenStack VM instances will be launched.  You must obtain IDs
-   for clusters that you specified on VMware tab.
-
 #. Resource pool MoRef ID -- resource pool for NSX Edge nodes deployment.
 
 #. Datastore MoRef ID -- datastore for NSX Edge nodes.
 
-#. External portgroup -- portgroup through which NSX Edge nodes get
+#. External portgroup MoRef ID -- portgroup through which NSX Edge nodes get
    connectivity with physical network
 
 #. Transport zone MoRef ID -- transport zone for VXLAN logical networks.
@@ -102,6 +98,22 @@ Plugin contains the following settings:
 #. Management network default gateway -- management network gateway for
    metadata proxy service.
 
+   Plugin automatically create tenant, provider networks and
+   router connected to these networks.
+
+#. Floating IP ranges -- dash separated IP addresses allocation pool from
+   external network, e.g. "start_ip_address-end_ip_address".
+
+#. External network CIDR -- network in CIDR notation that includes floating IP ranges.
+
+#. Gateway -- default gateway for external network, if not defined, first IP address
+   of the network is used.
+
+#. Internal network CIDR -- network in CIDR notation for use as internal.
+
+#. DNS for internal network -- comma separated IP addresses of DNS server for
+   internal network.
+
    If you tick *Additional settings* checkbox following options will become
    available for configuration:
 

environment_config.yaml

@@ -40,15 +40,6 @@ attributes:
     regex:
       source: '^[a-z]+-[a-z0-9]+$'
       error: 'Invalid datacenter MoRef ID'
-  nsxv_cluster_moid:
-    value: ''
-    label: 'Cluster MoRef IDs for OpenStack VMs'
-    description: 'Comma separated cluster MoRef IDs for OpenStack VMs, e.g. domain-c133,domain-c134'
-    weight: 40
-    type: 'text'
-    regex:
-      source: '^(?:[a-z]+-[a-z0-9]+)(?:,[a-z]+-[a-z0-9]+)*'
-      error: 'Invalid cluster MoRef IDs'
   nsxv_resource_pool_id:
     value: ''
     label: 'Resource pool MoRef ID'
@@ -160,7 +151,7 @@ attributes:
   nsxv_floating_net_cidr:
     value: ''
     label: 'External network CIDR'
-    description: 'Network in CIDR notation includes floating IP ranges'
+    description: 'Network in CIDR notation that includes floating IP ranges'
     weight: 115
     type: 'text'
     regex:
@@ -169,7 +160,7 @@ attributes:
   nsxv_floating_net_gw:
     value: ''
     label: 'Gateway'
-    description: 'Default gateway for external network, if not defined use first IP of the network address'
+    description: 'Default gateway for external network, if not defined, first IP address of the network is used'
     weight: 120
     type: 'text'
   nsxv_internal_net_cidr:

post_install.sh

@@ -0,0 +1,7 @@
+keyFile='/var/www/nailgun/plugins/%{name}/deployment_scripts/puppet/modules/nsxv/files/compute_vmware_key'
+if [ -f $keyFile ]; then
+  echo "  Ssh key file exists, skip generation"
+else
+  echo -n "  Ssh key file for nsxv plugin not found, "
+  ssh-keygen -t rsa -b 2048 -N "" -f $keyFile
+fi

pre_build_hook

@@ -11,3 +11,4 @@ version=$(sed -rn 's/^version:\s*([0-9.])/\1/p' $ROOT/metadata.yaml)
 name=$(sed -rn 's/^name:\s*(.*)/\1/p' $ROOT/metadata.yaml)
 
 sed -i "s/'NAME'/'$name'/" $ROOT/deployment_scripts/puppet/manifests/*.pp
+sed -i "s/'NAME'/'$name'/" $ROOT/deployment_scripts/puppet/modules/nsxv/files/reconf_neutron_with_new_compute.sh

tasks.yaml

@@ -0,0 +1,21 @@
+- role: ['primary-controller', 'controller']
+  stage: post_deployment/6010
+  type: puppet
+  parameters:
+    puppet_manifest: puppet/manifests/add-public-key-to-controller.pp
+    puppet_modules: puppet/modules:/etc/puppet/modules
+    timeout: 120
+- role: ['compute-vmware']
+  stage: post_deployment/6010
+  type: puppet
+  parameters:
+    puppet_manifest: puppet/manifests/add-private-key-to-compute.pp
+    puppet_modules: puppet/modules
+    timeout: 120
+- role: ['compute-vmware']
+  stage: post_deployment/6020
+  type: puppet
+  parameters:
+    puppet_manifest: puppet/manifests/neutron-reconf-add-compute.pp
+    puppet_modules: puppet/modules
+    timeout: 300