Changes to Nova for Quantum

This patch removes Quantum as an option in network.pp. If using
Quantum, just directly use nova::network::quantum instead. This
patch also enables Nova to be configured to use Quantum security
groups.

Change-Id: I162f1c5153f10150ac4997d31d3b50b702daf013

manifests/network.pp

@@ -13,17 +13,17 @@
 #
 class nova::network(
   $private_interface = undef,
-  $fixed_range = '10.0.0.0/8',
-  $public_interface = undef,
-  $num_networks     = 1,
-  $network_size     = 255,
-  $floating_range   = false,
-  $enabled          = false,
-  $network_manager  = 'nova.network.manager.FlatDHCPManager',
-  $config_overrides = {},
-  $create_networks  = true,
-  $ensure_package   = 'present',
-  $install_service  = true
+  $fixed_range       = '10.0.0.0/8',
+  $public_interface  = undef,
+  $num_networks      = 1,
+  $network_size      = 255,
+  $floating_range    = false,
+  $enabled           = false,
+  $network_manager   = 'nova.network.manager.FlatDHCPManager',
+  $config_overrides  = {},
+  $create_networks   = true,
+  $ensure_package    = 'present',
+  $install_service   = true
 ) {
 
   include nova::params
@@ -103,16 +103,6 @@ class nova::network(
       $vlan_resource = { 'nova::network::vlan' => $resource_parameters }
       create_resources('class', $vlan_resource)
     }
-    # I don't think this is applicable to Folsom...
-    # If it is, the details will need changed. -jt
-    'nova.network.quantum.manager.QuantumManager': {
-      $parameters = { fixed_range      => $fixed_range,
-                      public_interface => $public_interface,
-                    }
-      $resource_parameters = merge($config_overrides, $parameters)
-      $quantum_resource = { 'nova::network::quantum' => $resource_parameters }
-      create_resources('class', $quantum_resource)
-    }
     default: {
       fail("Unsupported network manager: ${nova::network_manager} The supported network managers are nova.network.manager.FlatManager, nova.network.FlatDHCPManager and nova.network.manager.VlanManager")
     }

manifests/network/quantum.pp

@@ -33,6 +33,18 @@
 #   and not the Identity service API IP and port.
 #   Defaults to 'http://127.0.0.1:35357/v2.0'
 #
+# [*security_group_api*]
+#   (optional) The full class name of the security API class.
+#   Defaults to 'quantum' which configures Nova to use Quantum for
+#   security groups. Set to 'nova' to use standard Nova security groups.
+#
+# [*firewall_driver*]
+#   (optional) Firewall driver.
+#   Defaults to nova.virt.firewall.NoopFirewallDriver. This prevents Nova
+#   from maintaining a firewall so it does not interfere with Quantum's.
+#   Set to 'nova.virt.firewall.IptablesFirewallDriver'
+#   to re-enable the Nova firewall.
+#
 class nova::network::quantum (
   $quantum_admin_password,
   $quantum_auth_strategy     = 'keystone',
@@ -40,7 +52,9 @@ class nova::network::quantum (
   $quantum_admin_tenant_name = 'services',
   $quantum_region_name       = 'RegionOne',
   $quantum_admin_username    = 'quantum',
-  $quantum_admin_auth_url    = 'http://127.0.0.1:35357/v2.0'
+  $quantum_admin_auth_url    = 'http://127.0.0.1:35357/v2.0',
+  $security_group_api        = 'quantum',
+  $firewall_driver           = 'nova.virt.firewall.NoopFirewallDriver',
 ) {
 
   nova_config {
@@ -52,5 +66,8 @@ class nova::network::quantum (
     'DEFAULT/quantum_admin_username':    value => $quantum_admin_username;
     'DEFAULT/quantum_admin_password':    value => $quantum_admin_password;
     'DEFAULT/quantum_admin_auth_url':    value => $quantum_admin_auth_url;
+    'DEFAULT/security_group_api':        value => $security_group_api;
+    'DEFAULT/firewall_driver':           value => $firewall_driver;
   }
+
 }

spec/classes/nova_network_quantum_spec.rb

@@ -8,7 +8,9 @@ describe 'nova::network::quantum' do
       :quantum_admin_tenant_name => 'services',
       :quantum_region_name       => 'RegionOne',
       :quantum_admin_username    => 'quantum',
-      :quantum_admin_auth_url    => 'http://127.0.0.1:35357/v2.0'
+      :quantum_admin_auth_url    => 'http://127.0.0.1:35357/v2.0',
+      :security_group_api        => 'quantum',
+      :firewall_driver           => 'nova.virt.firewall.NoopFirewallDriver',
     }
   end
 
@@ -27,6 +29,10 @@ describe 'nova::network::quantum' do
       should contain_nova_config('DEFAULT/quantum_admin_username').with_value(default_params[:quantum_admin_username])
       should contain_nova_config('DEFAULT/quantum_admin_auth_url').with_value(default_params[:quantum_admin_auth_url])
     end
+    it 'configures Nova to use Quantum Security Groups and Firewall' do
+      should contain_nova_config('DEFAULT/firewall_driver').with_value(default_params[:firewall_driver])
+      should contain_nova_config('DEFAULT/security_group_api').with_value(default_params[:security_group_api])
+    end
   end
 
   context 'when overriding class parameters' do
@@ -36,7 +42,9 @@ describe 'nova::network::quantum' do
         :quantum_admin_tenant_name => 'openstack',
         :quantum_region_name       => 'RegionTwo',
         :quantum_admin_username    => 'quantum2',
-        :quantum_admin_auth_url    => 'http://10.0.0.1:35357/v2.0'
+        :quantum_admin_auth_url    => 'http://10.0.0.1:35357/v2.0',
+        :security_group_api        => 'nova',
+        :firewall_driver           => 'nova.virt.firewall.IptablesFirewallDriver'
       )
     end
 
@@ -50,5 +58,9 @@ describe 'nova::network::quantum' do
       should contain_nova_config('DEFAULT/quantum_admin_username').with_value(params[:quantum_admin_username])
       should contain_nova_config('DEFAULT/quantum_admin_auth_url').with_value(params[:quantum_admin_auth_url])
     end
+    it 'configures Nova to use Quantum Security Groups and Firewall' do
+      should contain_nova_config('DEFAULT/firewall_driver').with_value(params[:firewall_driver])
+      should contain_nova_config('DEFAULT/security_group_api').with_value(params[:security_group_api])
+    end
   end
 end