openstack/puppet-nova
Code Issues Proposed changes

Align nova-neutron configuration for keystone v3

Browse Source 
A recent change in Nova enforced end-users to configure neutron
notifications using Keystone v3 API.

This patch:

* deprecates neutron_default_tenant_id.
  Switch default to 'undef' but still allow to configure the value
  for backward compatibility.
* rename neutron_tenant_name to neutron_project_name. This is not
  backward compatible within Mitaka cycle, but it is between Liberty &
  Mitaka.
* Add 2 new domain-related parameters: neutron_user_domain_name and
  neutron_project_domain_name, both defaults to 'Default'.
* Add /v3 for neutron_auth_url parameter. It's now required in Nova.
  The parameter can still be changed if users want to run v2 (before
  Mitaka) but it will break at some point.

Co-Authored-By: David Moreau Simard <dms@redhat.com>
Co-Authored-By: Emilien Macchi <emilien@redhat.com>

Change-Id: I1a99a050ba70399f045930e26e52719bb53a75b3
Related-Bug: #1542486
This commit is contained in:
David Moreau Simard
2016-02-05 17:04:36 -05:00
committed by Emilien Macchi
parent e64bc9a57b
commit d09868a59c
2 changed files with 62 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

57
manifests/network/neutron.pp
View File

@@ -10,7 +10,7 @@
#
# [*neutron_auth_plugin*]
# Name of the plugin to load (string value)
# Defaults to 'password'
# Defaults to 'v3password'
#
# [*neutron_url*]
# (optional) URL for connecting to the Neutron networking service.
@@ -20,14 +20,20 @@
# (optional) Timeout value for connecting to neutron in seconds.
# Defaults to '30'
#
# [*neutron_tenant_name*]
# (optional) Tenant name for connecting to Neutron network services in
# [*neutron_project_name*]
# (optional) Project name for connecting to Neutron network services in
# admin context through the OpenStack Identity service.
# Defaults to 'services'
#
# [*neutron_default_tenant_id*]
# (optional) Default tenant id when creating neutron networks
# Defaults to 'default'
# [*neutron_project_domain_name*]
# (optional) Project Domain name for connecting to Neutron network services in
# admin context through the OpenStack Identity service.
# Defaults to 'Default'
#
# [*neutron_user_domain_name*]
# (optional) User Domain name for connecting to Neutron network services in
# admin context through the OpenStack Identity service.
# Defaults to 'Default'
#
# [*neutron_region_name*]
# (optional) Region name for connecting to neutron in admin context
@@ -55,7 +61,7 @@
# (optional) Points to the OpenStack Identity server IP and port.
# This is the Identity (keystone) admin API server IP and port value,
# and not the Identity service API IP and port.
# Defaults to 'http://127.0.0.1:35357'
# Defaults to 'http://127.0.0.1:35357/v3'
#
# [*network_api_class*]
# (optional) The full class name of the network API class.
@@ -116,15 +122,19 @@
# and not the Identity service API IP and port.
# Use neutron_auth_url instead.
#
# [*neutron_default_tenant_id*]
# (optional) DEPRECATED. Default tenant id when creating neutron networks
#
class nova::network::neutron (
$neutron_password = false,
$neutron_auth_plugin = 'password',
$neutron_tenant_name = 'services',
$neutron_auth_plugin = 'v3password',
$neutron_project_name = 'services',
$neutron_project_domain_name = 'Default',
$neutron_username = 'neutron',
$neutron_auth_url = 'http://127.0.0.1:35357',
$neutron_user_domain_name = 'Default',
$neutron_auth_url = 'http://127.0.0.1:35357/v3',
$neutron_url = 'http://127.0.0.1:9696',
$neutron_url_timeout = '30',
$neutron_default_tenant_id = 'default',
$neutron_region_name = 'RegionOne',
$neutron_ovs_bridge = 'br-int',
$neutron_extension_sync_interval = '600',
@@ -141,6 +151,7 @@ class nova::network::neutron (
$neutron_admin_tenant_name = undef,
$neutron_admin_username = undef,
$neutron_admin_auth_url = undef,
$neutron_default_tenant_id = undef,
) {
include ::nova::deps
@@ -158,10 +169,10 @@ class nova::network::neutron (
}
if $neutron_admin_tenant_name {
warning('neutron_admin_tenant_name is deprecated. Use neutron_tenant_name')
$neutron_tenant_name_real = $neutron_admin_tenant_name
warning('neutron_admin_tenant_name is deprecated. Use neutron_project_name')
$neutron_project_name_real = $neutron_admin_tenant_name
} else {
$neutron_tenant_name_real = $neutron_tenant_name
$neutron_project_name_real = $neutron_project_name
}
if $neutron_admin_username {
@@ -186,6 +197,19 @@ class nova::network::neutron (
'neutron/auth_strategy': ensure => absent;
}
# neutron_default_tenant_id removed in Mitaka
# the parameter is deprecated but still can be used if needed
if $neutron_default_tenant_id {
warning('neutron_default_tenant_id is deprecated')
nova_config {
'neutron/default_tenant_id': value => $neutron_default_tenant_id;
}
} else {
nova_config {
'neutron/default_tenant_id': ensure => absent;
}
}
nova_config {
'DEFAULT/dhcp_domain': value => $dhcp_domain;
'DEFAULT/firewall_driver': value => $firewall_driver;
@@ -195,10 +219,11 @@ class nova::network::neutron (
'DEFAULT/vif_plugging_timeout': value => $vif_plugging_timeout;
'neutron/url': value => $neutron_url;
'neutron/timeout': value => $neutron_url_timeout;
'neutron/tenant_name': value => $neutron_tenant_name_real;
'neutron/default_tenant_id': value => $neutron_default_tenant_id;
'neutron/project_name': value => $neutron_project_name_real;
'neutron/project_domain_name': value => $neutron_project_domain_name;
'neutron/region_name': value => $neutron_region_name;
'neutron/username': value => $neutron_username_real;
'neutron/user_domain_name': value => $neutron_user_domain_name;
'neutron/password': value => $neutron_password_real, secret => true;
'neutron/auth_url': value => $neutron_auth_url_real;
'neutron/ovs_bridge': value => $neutron_ovs_bridge;

31
spec/classes/nova_network_neutron_spec.rb
View File

@@ -3,14 +3,15 @@ require 'spec_helper'
describe 'nova::network::neutron' do
let :default_params do
{ :neutron_auth_plugin => 'password',
{ :neutron_auth_plugin => 'v3password',
:neutron_url => 'http://127.0.0.1:9696',
:neutron_url_timeout => '30',
:neutron_tenant_name => 'services',
:neutron_default_tenant_id => 'default',
:neutron_project_name => 'services',
:neutron_project_domain_name => 'Default',
:neutron_region_name => 'RegionOne',
:neutron_username => 'neutron',
:neutron_auth_url => 'http://127.0.0.1:35357',
:neutron_user_domain_name => 'Default',
:neutron_auth_url => 'http://127.0.0.1:35357/v3',
:neutron_ovs_bridge => 'br-int',
:neutron_extension_sync_interval => '600',
:security_group_api => 'neutron',
@@ -25,7 +26,6 @@ describe 'nova::network::neutron' do
{ :neutron_password => 's3cr3t' }
end
context 'with required parameters' do
it 'configures neutron endpoint in nova.conf' do
is_expected.to contain_nova_config('neutron/password').with_value(params[:neutron_password]).with_secret(true)
@@ -34,12 +34,14 @@ describe 'nova::network::neutron' do
is_expected.to contain_nova_config('neutron/auth_plugin').with_value(default_params[:neutron_auth_plugin])
is_expected.to contain_nova_config('neutron/url').with_value(default_params[:neutron_url])
is_expected.to contain_nova_config('neutron/timeout').with_value(default_params[:neutron_url_timeout])
is_expected.to contain_nova_config('neutron/tenant_name').with_value(default_params[:neutron_tenant_name])
is_expected.to contain_nova_config('neutron/default_tenant_id').with_value(default_params[:neutron_default_tenant_id])
is_expected.to contain_nova_config('neutron/project_name').with_value(default_params[:neutron_project_name])
is_expected.to contain_nova_config('neutron/project_domain_name').with_value(default_params[:neutron_project_domain_name])
is_expected.to contain_nova_config('neutron/region_name').with_value(default_params[:neutron_region_name])
is_expected.to contain_nova_config('neutron/username').with_value(default_params[:neutron_username])
is_expected.to contain_nova_config('neutron/user_domain_name').with_value(default_params[:neutron_user_domain_name])
is_expected.to contain_nova_config('neutron/auth_url').with_value(default_params[:neutron_auth_url])
is_expected.to contain_nova_config('neutron/extension_sync_interval').with_value(default_params[:neutron_extension_sync_interval])
is_expected.to contain_nova_config('neutron/default_tenant_id').with_ensure('absent')
end
it 'configures Nova to use Neutron Bridge Security Groups and Firewall' do
is_expected.to contain_nova_config('DEFAULT/firewall_driver').with_value(default_params[:firewall_driver])
@@ -57,11 +59,12 @@ describe 'nova::network::neutron' do
params.merge!(
:neutron_url => 'http://10.0.0.1:9696',
:neutron_url_timeout => '30',
:neutron_tenant_name => 'openstack',
:neutron_default_tenant_id => 'default',
:neutron_project_name => 'openstack',
:neutron_project_domain_name => 'openstack_domain',
:neutron_region_name => 'RegionTwo',
:neutron_username => 'neutron2',
:neutron_auth_url => 'http://10.0.0.1:35357',
:neutron_user_domain_name => 'neutron_domain',
:neutron_auth_url => 'http://10.0.0.1:35357/v2',
:network_api_class => 'network.api.class',
:security_group_api => 'nova',
:firewall_driver => 'nova.virt.firewall.IptablesFirewallDriver',
@@ -80,12 +83,14 @@ describe 'nova::network::neutron' do
is_expected.to contain_nova_config('DEFAULT/dhcp_domain').with_value(params[:dhcp_domain])
is_expected.to contain_nova_config('neutron/url').with_value(params[:neutron_url])
is_expected.to contain_nova_config('neutron/timeout').with_value(params[:neutron_url_timeout])
is_expected.to contain_nova_config('neutron/tenant_name').with_value(params[:neutron_tenant_name])
is_expected.to contain_nova_config('neutron/default_tenant_id').with_value(params[:neutron_default_tenant_id])
is_expected.to contain_nova_config('neutron/project_name').with_value(params[:neutron_project_name])
is_expected.to contain_nova_config('neutron/project_domain_name').with_value(params[:neutron_project_domain_name])
is_expected.to contain_nova_config('neutron/region_name').with_value(params[:neutron_region_name])
is_expected.to contain_nova_config('neutron/username').with_value(params[:neutron_username])
is_expected.to contain_nova_config('neutron/user_domain_name').with_value(params[:neutron_user_domain_name])
is_expected.to contain_nova_config('neutron/auth_url').with_value(params[:neutron_auth_url])
is_expected.to contain_nova_config('neutron/extension_sync_interval').with_value(params[:neutron_extension_sync_interval])
is_expected.to contain_nova_config('neutron/default_tenant_id').with_ensure('absent')
end
it 'configures Nova to use Neutron Security Groups and Firewall' do
is_expected.to contain_nova_config('DEFAULT/firewall_driver').with_value(params[:firewall_driver])
@@ -126,7 +131,7 @@ describe 'nova::network::neutron' do
is_expected.to contain_nova_config('DEFAULT/dhcp_domain').with_value(params[:dhcp_domain])
is_expected.to contain_nova_config('neutron/url').with_value(params[:neutron_url])
is_expected.to contain_nova_config('neutron/timeout').with_value(params[:neutron_url_timeout])
is_expected.to contain_nova_config('neutron/tenant_name').with_value(params[:neutron_admin_tenant_name])
is_expected.to contain_nova_config('neutron/project_name').with_value(params[:neutron_admin_tenant_name])
is_expected.to contain_nova_config('neutron/default_tenant_id').with_value(params[:neutron_default_tenant_id])
is_expected.to contain_nova_config('neutron/region_name').with_value(params[:neutron_region_name])
is_expected.to contain_nova_config('neutron/username').with_value(params[:neutron_admin_username])