openstack
/
cookbook-openstack-network
Code Issues Proposed changes

Stein fixes 

- Cookstyle fixes
- Refactor Berksfile to use groups so we can exclude integration testing
  cookbooks
- Update documentation
- Cleanup line wraps
- Enable sensitive resources for the template[/etc/neutron/neutron.conf] and
  template[/etc/neutron/metadata_agent.ini] to resources improve security.
- Update delivery configuration to exclude integration cookbooks
- Fix ChefSpec output.
- Update lbaas recipe to use v2 agent driver.
- Add recommended configuration settings to neutron.conf based in Stein
  installation docs.
- Remove any resources that define the default action.
- Switch package installations to send packages as arrays instead of individual
  package resources. This generally speeds up chef runs.
- Manage /etc/neutron/neutron_lbaas.conf so we can set service_provider
  properly.
- Add some missing ChefSpec tests.
- Configure neutron_lbaas.conf on Ubuntu in a manner that allows it to properly
  pull in the configuration via the --config-dir option. This is due to the fact
  we need to set an additional [service_providers] service_provider line and we
  can't do that with hashes.
- Remove FWaaS as it's unmaintained upstream.

Depends-On: https://review.opendev.org/701027
Depends-On: https://review.opendev.org/706151
Change-Id: Id29884766440d37fa18fd62f3f93eecc22224d51
changes/59/708059/5
Lance Albertson 2020-02-13 16:39:40 -08:00
parent 95e7167f78
commit cb26946e73
50 changed files with 937 additions and 705 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
.delivery/project.toml
View File

@ -1 +1,9 @@
remote_file = "https://raw.githubusercontent.com/chef-cookbooks/community_cookbook_tools/master/delivery/project.toml"
[local_phases]
unit = 'rspec spec/'
lint = 'cookstyle --display-cop-names --extra-details'
syntax = "berks install -e integration"
provision = "echo skipping"
deploy = "echo skipping"
smoke = "echo skipping"
functional = "echo skipping"
cleanup = "echo skipping"

16
.rubocop.yml
View File

@ -1,5 +1,3 @@
inherit_from: .rubocop_todo.yml
AllCops:
Include:
- metadata.rb
@ -14,17 +12,3 @@ AllCops:
- .cookbooks/**/*
- berks-cookbooks/**/*
- .bundle/**/*
Encoding:
Exclude:
- metadata.rb
- Gemfile
NumericLiterals:
Enabled: false
LineLength:
Enabled: false
WordArray:
MinSize: 3

21
.rubocop_todo.yml
View File

@ -1,21 +0,0 @@
# This configuration was generated by
# `rubocop --auto-gen-config`
# on 2018-08-03 05:26:05 -0700 using RuboCop version 0.55.0.
# The point is for the user to remove these configuration records
# one by one as the offenses are removed from the code base.
# Note that changes in the inspected code, or installation of new
# versions of RuboCop, may require this file to be generated again.
# Offense count: 5
# Cop supports --auto-correct.
Style/IfUnlessModifier:
Exclude:
- 'attributes/neutron_conf.rb'
- 'recipes/default.rb'
- 'recipes/l3_agent.rb'
# Offense count: 135
# Configuration parameters: AllowHeredoc, AllowURI, URISchemes, IgnoreCopDirectives, IgnoredPatterns.
# URISchemes: http, https
Metrics/LineLength:
Max: 202

24
Berksfile
View File

@ -2,20 +2,20 @@ source 'https://supermarket.chef.io'
solver :ruby, :required
%w(
client
-common
-dns
-identity
-image
-integration-test
-ops-database
-ops-messaging
).each do |cookbook|
[
%w(client dep),
%w(-common dep),
%w(-dns integration),
%w(-identity dep),
%w(-image integration),
%w(-integration-test integration),
%w(-ops-database integration),
%w(-ops-messaging integration),
].each do |cookbook, group|
if Dir.exist?("../cookbook-openstack#{cookbook}")
cookbook "openstack#{cookbook}", path: "../cookbook-openstack#{cookbook}"
cookbook "openstack#{cookbook}", path: "../cookbook-openstack#{cookbook}", group: group
else
cookbook "openstack#{cookbook}", git: "https://opendev.org/openstack/cookbook-openstack#{cookbook}"
cookbook "openstack#{cookbook}", git: "https://opendev.org/openstack/cookbook-openstack#{cookbook}", group: group
end
end

19
README.rst
View File

@ -25,9 +25,9 @@ handle L2 and L3 networking for various hardware vendors and standards.
Requirements
============
- Chef 14 or higher
- ChefDK 3.2.30 for testing (also includes Berkshelf for cookbook
dependency resolution)
- Chef 15 or higher
- Chef Workstation 0.15.18 for testing (also includes Berkshelf for
cookbook dependency resolution)
Platform
========
@ -42,8 +42,8 @@ Cookbooks
The following cookbooks are dependencies:
- 'openstackclient'
- 'openstack-common', '>= 18.0.0'
- 'openstack-identity', '>= 18.0.0'
- 'openstack-common', '>= 19.0.0'
- 'openstack-identity', '>= 19.0.0'
Attributes
==========
@ -87,13 +87,6 @@ attributes in using the same template as for the ``neutron.conf``
node['openstack']['network_dhcp']['conf']
openstack-network::fwaas
------------------------
**This is a 'work in progress' recipe and is currently not tested**
- Installs the Firewall as a Service
openstack-network::identity_registration
----------------------------------------
@ -244,7 +237,7 @@ License and Author
+-----------------+--------------------------------------------------+
| **Copyright** | Copyright (c) 2016, cloudbau GmbH |
+-----------------+--------------------------------------------------+
| **Copyright** | Copyright (c) 2016-2019, Oregon State University |
| **Copyright** | Copyright (c) 2016-2020, Oregon State University |
+-----------------+--------------------------------------------------+
Licensed under the Apache License, Version 2.0 (the "License"); you may

196
attributes/default.rb
View File

@ -1,10 +1,11 @@
# encoding: UTF-8
#
# Cookbook Name:: openstack-network
# Cookbook:: openstack-network
# Attributes:: default
#
# Copyright 2013, AT&T
# Copyright 2014, IBM Corp.
# Copyright:: 2013, AT&T
# Copyright:: 2014, IBM Corp.
# Copyright:: 2016-2020, Oregon State University
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@ -127,10 +128,8 @@ node.default['openstack']['network_metadata']['conf'] = {}
default['openstack']['network_metering']['config_file'] = '/etc/neutron/metering_agent.ini'
default['openstack']['network_metering']['conf'].tap do |conf|
conf['DEFAULT']['interface_driver'] =
'neutron.agent.linux.interface.OVSInterfaceDriver'
conf['DEFAULT']['driver'] =
'neutron.services.metering.drivers.iptables.iptables_driver.IptablesMeteringDriver'
conf['DEFAULT']['interface_driver'] = 'neutron.agent.linux.interface.OVSInterfaceDriver'
conf['DEFAULT']['driver'] = 'neutron.services.metering.drivers.iptables.iptables_driver.IptablesMeteringDriver'
end
# ============================= LBaaS Agent Configuration ==================
@ -138,12 +137,22 @@ end
# ['default']['service_plugins']
# Set to true to enable lbaas
default['openstack']['network_lbaas']['enabled'] = false
# Custom the lbaas config file path
default['openstack']['network_lbaas']['config_file'] = '/etc/neutron/lbaas_agent.ini'
# Custom the lbaas neutron config file path
default['openstack']['network_lbaas']['config_file'] =
case node['platform_family']
when 'rhel'
'/etc/neutron/neutron_lbaas.conf'
when 'debian'
'/etc/neutron/conf.d/neutron-server/neutron_lbaas.conf'
end
default['openstack']['network_lbaas']['conf'].tap do |conf|
conf['DEFAULT']['periodic_interval'] = 10
conf['DEFAULT']['ovs_use_veth'] = false
conf['DEFAULT']['interface_driver'] = 'neutron.agent.linux.interface.OVSInterfaceDriver'
conf['service_providers']['service_provider'] =
'LOADBALANCERV2:Haproxy:neutron_lbaas.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default'
end
# Custom the lbaas agent config file path
default['openstack']['network_lbaas_agent']['config_file'] = '/etc/neutron/lbaas_agent.ini'
default['openstack']['network_lbaas_agent']['conf'].tap do |conf|
conf['DEFAULT']['interface_driver'] = 'openvswitch'
conf['DEFAULT']['device_driver'] = 'neutron_lbaas.drivers.haproxy.namespace_driver.HaproxyNSDriver'
case node['platform_family']
when 'fedora', 'rhel'
@ -153,112 +162,93 @@ default['openstack']['network_lbaas']['conf'].tap do |conf|
end
end
# ============================= FWaaS Configuration ==================
# To enable 'firewall' as service_plugin, you need to add it to neutron.conf
# ['default']['service_plugins']
# Set to True to enable firewall service
default['openstack']['network_fwaas']['enabled'] = false
# Firewall service driver with linux iptables
default['openstack']['network_fwaas']['conf'].tap do |conf|
conf['fwaas']['driver'] = 'neutron_fwaas.services.firewall.service_drivers.agents.drivers.linux.iptables_fwaas.IptablesFwaasDriver'
end
# Customize the fwaas config file path
default['openstack']['network_fwaas']['config_file'] = '/etc/neutron/fwaas_driver.ini'
# ============================= platform-specific settings ===========
default['openstack']['network']['platform'].tap do |platform|
platform['user'] = 'neutron'
platform['group'] = 'neutron'
platform['neutron_dhcp_agent_service'] =
'neutron-dhcp-agent'
platform['neutron_l3_agent_service'] =
'neutron-l3-agent'
platform['neutron_lb_agent_service'] =
'neutron-lbaasv2-agent'
platform['neutron_metadata_agent_service'] =
'neutron-metadata-agent'
platform['neutron_metering_agent_service'] =
'neutron-metering-agent'
platform['neutron_server_service'] =
'neutron-server'
platform['neutron_rpc_server_service'] =
'neutron-rpc-server'
platform['neutron_dhcp_agent_service'] = 'neutron-dhcp-agent'
platform['neutron_l3_agent_service'] = 'neutron-l3-agent'
platform['neutron_lb_agent_service'] = 'neutron-lbaasv2-agent'
platform['neutron_metadata_agent_service'] = 'neutron-metadata-agent'
platform['neutron_metering_agent_service'] = 'neutron-metering-agent'
platform['neutron_server_service'] = 'neutron-server'
platform['neutron_rpc_server_service'] = 'neutron-rpc-server'
case node['platform_family']
when 'fedora', 'rhel' # :pragma-foodcritic: ~FC024 - won't fix this
platform['neutron_packages'] =
%w(openstack-neutron openstack-neutron-ml2 iproute)
platform['neutron_dhcp_packages'] =
%w(openstack-neutron iproute)
%w(
ebtables
iproute
openstack-neutron
openstack-neutron-ml2
)
platform['neutron_dhcp_packages'] = %w(openstack-neutron iproute)
platform['neutron_l3_packages'] =
%w(openstack-neutron iproute radvd keepalived)
platform['neutron_plugin_package'] =
'neutron-plugin-ml2'
platform['neutron_fwaas_packages'] =
%w()
%w(
iproute
keepalived
openstack-neutron
radvd
)
platform['neutron_plugin_package'] = 'neutron-plugin-ml2'
platform['neutron_lbaas_packages'] =
%w(openstack-neutron-lbaas haproxy iproute)
platform['neutron_lbaas_python_dependencies'] =
%w(python-neutron-lbaas)
platform['neutron_openvswitch_packages'] =
%w(openvswitch)
platform['neutron_openvswitch_agent_packages'] =
%w(openstack-neutron-openvswitch iproute)
platform['neutron_linuxbridge_agent_packages'] =
%w(openstack-neutron-linuxbridge iproute)
platform['neutron_linuxbridge_agent_service'] =
'neutron-linuxbridge-agent'
platform['neutron_metadata_agent_packages'] =
%w()
platform['neutron_metering_agent_packages'] =
%w(openstack-neutron-metering-agent)
platform['neutron_server_packages'] =
%w()
platform['neutron_openvswitch_service'] =
'openvswitch'
platform['neutron_openvswitch_agent_service'] =
'neutron-openvswitch-agent'
platform['package_overrides'] =
''
%w(
haproxy
iproute
openstack-neutron-lbaas
)
platform['neutron_lbaas_python_dependencies'] = %w(python-neutron-lbaas)
platform['neutron_openvswitch_packages'] = %w(openvswitch)
platform['neutron_openvswitch_agent_packages'] = %w(openstack-neutron-openvswitch iproute)
platform['neutron_linuxbridge_agent_packages'] = %w(openstack-neutron-linuxbridge iproute)
platform['neutron_linuxbridge_agent_service'] = 'neutron-linuxbridge-agent'
platform['neutron_metadata_agent_packages'] = []
platform['neutron_metering_agent_packages'] = %w(openstack-neutron-metering-agent)
platform['neutron_server_packages'] = []
platform['neutron_openvswitch_service'] = 'openvswitch'
platform['neutron_openvswitch_agent_service'] = 'neutron-openvswitch-agent'
platform['package_overrides'] = ''
when 'debian'
platform['neutron_packages'] =
%w(neutron-common python3-neutron)
platform['neutron_dhcp_packages'] =
%w(neutron-dhcp-agent)
platform['neutron_packages'] = %w(neutron-common python3-neutron)
platform['neutron_dhcp_packages'] = %w(neutron-dhcp-agent)
platform['neutron_l3_packages'] =
%w(python3-neutron-fwaas neutron-l3-agent radvd keepalived)
platform['neutron_fwaas_packages'] =
%w(python3-neutron-fwaas)
%w(
keepalived
neutron-l3-agent
radvd
)
platform['neutron_lbaas_packages'] =
%w(python3-neutron-lbaas neutron-lbaas-common neutron-lbaasv2-agent haproxy)
platform['neutron_lbaas_python_dependencies'] =
%w(python3-neutron-lbaas)
platform['neutron_openvswitch_packages'] =
%w(openvswitch-switch bridge-utils)
%w(
haproxy
neutron-lbaas-common
neutron-lbaasv2-agent
python3-neutron-lbaas
)
platform['neutron_lbaas_python_dependencies'] = %w(python3-neutron-lbaas)
platform['neutron_openvswitch_packages'] = %w(openvswitch-switch bridge-utils)
platform['neutron_openvswitch_build_packages'] =
%w(
build-essential pkg-config fakeroot
libssl-dev openssl debhelper
autoconf dkms python-all
python-qt4 python-zopeinterface
autoconf
build-essential
debhelper
dkms
fakeroot
libssl-dev
openssl
pkg-config
python-all
python-qt4
python-twisted-conch
python-zopeinterface
)
platform['neutron_openvswitch_agent_packages'] =
%w(neutron-openvswitch-agent)
platform['neutron_linuxbridge_agent_packages'] =
%w(neutron-plugin-linuxbridge neutron-plugin-linuxbridge-agent)
platform['neutron_linuxbridge_agent_service'] =
'neutron-plugin-linuxbridge-agent'
platform['neutron_metadata_agent_packages'] =
%w(neutron-metadata-agent)
platform['neutron_metering_agent_packages'] =
%w(neutron-metering-agent)
platform['neutron_server_packages'] =
%w(neutron-server)
platform['neutron_openvswitch_service'] =
'openvswitch-switch'
platform['neutron_openvswitch_agent_service'] =
'neutron-openvswitch-agent'
platform['package_overrides'] =
''
platform['neutron_openvswitch_agent_packages'] = %w(neutron-openvswitch-agent)
platform['neutron_linuxbridge_agent_packages'] = %w(neutron-plugin-linuxbridge neutron-plugin-linuxbridge-agent)
platform['neutron_linuxbridge_agent_service'] = 'neutron-plugin-linuxbridge-agent'
platform['neutron_metadata_agent_packages'] = %w(neutron-metadata-agent)
platform['neutron_metering_agent_packages'] = %w(neutron-metering-agent)
platform['neutron_server_packages'] = %w(neutron-server)
platform['neutron_openvswitch_service'] = 'openvswitch-switch'
platform['neutron_openvswitch_agent_service'] = 'neutron-openvswitch-agent'
platform['package_overrides'] = ''
end
end

15
attributes/neutron_conf.rb
View File

@ -11,6 +11,17 @@ default['openstack']['network']['conf'].tap do |conf|
end
conf['DEFAULT']['control_exchange'] = 'neutron'
conf['DEFAULT']['core_plugin'] = 'ml2'
if node['openstack']['network_lbaas']['enabled']
conf['DEFAULT']['service_plugins'] =
if conf['DEFAULT']['service_plugins'].empty?
'neutron_lbaas.services.loadbalancer.plugin.LoadBalancerPluginv2'
else
[
'neutron_lbaas.services.loadbalancer.plugin.LoadBalancerPluginv2',
conf['DEFAULT']['service_plugins'],
].flatten.sort.join(',')
end
end
# [agent] section
if node['openstack']['network']['use_rootwrap']
@ -18,7 +29,7 @@ default['openstack']['network']['conf'].tap do |conf|
end
# [keystone_authtoken] section
conf['keystone_authtoken']['auth_type'] = 'v3password'
conf['keystone_authtoken']['auth_type'] = 'password'
conf['keystone_authtoken']['region_name'] = node['openstack']['region']
conf['keystone_authtoken']['username'] = 'neutron'
conf['keystone_authtoken']['user_domain_name'] = 'Default'
@ -26,7 +37,7 @@ default['openstack']['network']['conf'].tap do |conf|
conf['keystone_authtoken']['project_name'] = 'service'
conf['keystone_authtoken']['auth_version'] = 'v3'
# [nova] section
conf['nova']['auth_type'] = 'v3password'
conf['nova']['auth_type'] = 'password'
conf['nova']['region_name'] = node['openstack']['region']
conf['nova']['username'] = 'nova'
conf['nova']['user_domain_name'] = 'Default'

25
metadata.rb
View File

@ -3,33 +3,16 @@ maintainer 'openstack-chef'
maintainer_email 'openstack-discuss@lists.openstack.org'
license 'Apache-2.0'
description 'Installs and configures the OpenStack Network API Service and various agents and plugins'
version '18.0.0'
recipe 'openstack-network::_bridge_config_example', 'Example bridge recipe used in kitchen tests'
recipe 'openstack-network::db_migration', 'Migrates the neutron database'
recipe 'openstack-network::default', 'Configures common pieces needed for all neutron services and create the neutron.conf'
recipe 'openstack-network::dhcp_agent', 'Installs the DHCP agent'
recipe 'openstack-network::fwaas', 'Installs the Firewall as a Service'
recipe 'openstack-network::identity_registration', 'Registers the OpenStack Network API endpoint and service user with Keystone'
recipe 'openstack-network::l3_agent', 'Installs the L3 agent'
recipe 'openstack-network::lbaas', 'Installs the Loadbalancer as a Service'
recipe 'openstack-network::metadata_agent', 'Installs the metadata agent'
recipe 'openstack-network::metering_agent', 'Installs the metering agent'
recipe 'openstack-network::ml2_core_plugin', 'Configure the ml2_core_plugin'
recipe 'openstack-network::ml2_linuxbridge', 'Configure the ml2 linuxbridge plugin'
recipe 'openstack-network::ml2_openvswitch', 'Configure the ml2 openvswitch plugin'
recipe 'openstack-network::openvswitch', 'Installs openvswitch'
recipe 'openstack-network::openvswitch_agent', 'Installs the openvswitch agent'
recipe 'openstack-network::plugin_config', 'Generates all the needed plugin configurations directly from the attributes'
version '19.0.0'
%w(ubuntu redhat centos).each do |os|
supports os
end
depends 'openstackclient'
depends 'openstack-common', '>= 18.0.0'
depends 'openstack-identity', '>= 18.0.0'
depends 'openstack-common', '>= 19.0.0'
depends 'openstack-identity', '>= 19.0.0'
issues_url 'https://launchpad.net/openstack-chef'
source_url 'https://opendev.org/openstack/cookbook-openstack-network'
chef_version '>= 14.0'
chef_version '>= 15.0'

51
recipes/_bridge_config_example.rb
View File

@ -1,8 +1,10 @@
# Encoding: utf-8
#
# Cookbook Name:: openstack-network
# Cookbook:: openstack-network
# Recipe:: _bridge_config_example
#
# Copyright:: 2020, Oregon State University
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
@ -41,21 +43,27 @@ tun_interface = node['openstack']['network']['tun_network_bridge_interface']
# This needs to be done during compile time to ensure that the address_for
# method used lateron works
execute 'create eth-ext dummy interface' do
command 'ip link add eth-ext type dummy;'\
'ip link set dev eth-ext up'
command <<-EOF
ip link add eth-ext type dummy
ip link set dev eth-ext up
EOF
not_if 'ip link show | grep eth-ext'
end.run_action(:run)
execute 'create eth-vlan dummy interface' do
command 'ip link add eth-vlan type dummy;'\
'ip link set dev eth-vlan up'
command <<-EOF
ip link add eth-vlan type dummy
ip link set dev eth-vlan up
EOF
not_if 'ip link show | grep eth-vlan'
end.run_action(:run)
execute "create #{tun_interface} dummy interface" do
command "ip link add #{tun_interface} type dummy;"\
"ip link set dev #{tun_interface} up;"\
"ip addr add 10.0.0.201/24 dev #{tun_interface}"
command <<-EOF
ip link add #{tun_interface} type dummy
ip link set dev #{tun_interface} up
ip addr add 10.0.0.201/24 dev #{tun_interface}
EOF
not_if "ip link show | grep #{tun_interface}"
end.run_action(:run)
@ -65,59 +73,48 @@ ohai('reload').run_action(:reload)
# set all the needed attributes according to the dummy interfaces added above
# vlan bridge
node.default['openstack']['network']['vlan_network_bridge_interface'] = 'eth-vlan'
node.default['openstack']['network']['plugins']['openvswitch']['conf']
.[]('OVS')['bridge_mappings'] = 'vlan:br-vlan,external:br-ex'
node.default['openstack']['network']['plugins']['openvswitch']['conf'].[]('OVS')['bridge_mappings'] =
'vlan:br-vlan,external:br-ex'
# external bridge
node.default['openstack']['network_l3']['external_network_bridge_interface'] = 'eth-ext'
# tunnel bridge
node.default['openstack']['network']['plugins']['openvswitch']['conf']
.[]('OVS')['tunnel_bridge'] = 'br-tun'
node.default['openstack']['network']['plugins']['openvswitch']['conf']
.[]('OVS')['local_ip'] =
node.default['openstack']['network']['plugins']['openvswitch']['conf'].[]('OVS')['tunnel_bridge'] = 'br-tun'
node.default['openstack']['network']['plugins']['openvswitch']['conf'].[]('OVS')['local_ip'] =
address_for(tun_interface)
node.default['openstack']['network']['plugins']['openvswitch']['conf']
.[]('AGENT')['tunnel_types'] = 'gre,vxlan'
node.default['openstack']['network']['plugins']['openvswitch']['conf'].[]('AGENT')['tunnel_types'] = 'gre,vxlan'
# ovs security groups
node.default['openstack']['network']['plugins']['openvswitch']['conf']
.[]('SECURITYGROUP')['firewall_driver'] =
node.default['openstack']['network']['plugins']['openvswitch']['conf'].[]('SECURITYGROUP')['firewall_driver'] =
'neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver'
# define variables for bridge definitions below
ex_bridge_iface = node['openstack']['network_l3']['external_network_bridge_interface']
vlan_bridge_iface = node['openstack']['network']['vlan_network_bridge_interface']
tun_bridge = node['openstack']['network']['plugins']['openvswitch']['conf']
.[]('OVS')['tunnel_bridge']
tun_bridge = node['openstack']['network']['plugins']['openvswitch']['conf'].[]('OVS')['tunnel_bridge']
# get the bridge names from the ovs bridge_mappings
mappings = node['openstack']['network']['plugins']['openvswitch']['conf']
.[]('OVS')['bridge_mappings'].split(',')
mappings = node['openstack']['network']['plugins']['openvswitch']['conf'].[]('OVS')['bridge_mappings'].split(',')
vlan_bridge = mappings.find { |mapping| mapping.split(':').first == 'vlan' }.split(':').last
ex_bridge = mappings.find { |mapping| mapping.split(':').first == 'external' }.split(':').last
execute 'create external network bridge' do
command "ovs-vsctl --may-exist add-br #{ex_bridge}"
action :run
end
execute 'create external network bridge port' do
command "ovs-vsctl --may-exist add-port #{ex_bridge} #{ex_bridge_iface}"
action :run
end
execute 'create vlan network bridge' do
command "ovs-vsctl --may-exist add-br #{vlan_bridge}"
action :run
end
execute 'create vlan network bridge port' do
command "ovs-vsctl --may-exist add-port #{vlan_bridge} #{vlan_bridge_iface}"
action :run
end
execute 'create tunnel network bridge' do
command "ovs-vsctl --may-exist add-br #{tun_bridge}"
action :run
end

35
recipes/db_migration.rb
View File

@ -1,9 +1,10 @@
# encoding: UTF-8
#
# Cookbook Name:: openstack-network
# Cookbook:: openstack-network
# Recipe:: db_migration
#
# Copyright 2015, IBM Corp.
# Copyright:: 2015, IBM Corp.
# Copyright:: 2020, Oregon State University
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@ -21,30 +22,18 @@
plugin_config_file = node['openstack']['network']['core_plugin_config_file']
timeout = node['openstack']['network']['dbsync_timeout']
# The node['openstack']['network']['plugin_config_file'] attribute is set in the default.rb recipe
bash 'migrate network database' do
execute 'migrate network database' do
timeout timeout
migrate_command = 'neutron-db-manage --config-file /etc/neutron/neutron.conf'
code <<-EOF
#{migrate_command} upgrade head
EOF
end
# Only if the fwaas is enabled, migrate the database.
bash 'migrate fwaas database' do
only_if { node['openstack']['network_fwaas']['enabled'] }
timeout timeout
migrate_command = "neutron-db-manage --subproject neutron-fwaas --config-file /etc/neutron/neutron.conf --config-file #{plugin_config_file}"
code <<-EOF
#{migrate_command} upgrade head
EOF
command <<-EOF.gsub(/^ {4}/, '')
neutron-db-manage --config-file /etc/neutron/neutron.conf upgrade head
EOF
end
# Only if the lbaas is enabled, migrate the database.
bash 'migrate lbaas database' do
only_if { node['openstack']['network_lbaas']['enabled'] }
execute 'migrate lbaas database' do
timeout timeout
migrate_command = "neutron-db-manage --subproject neutron-lbaas --config-file /etc/neutron/neutron.conf --config-file #{plugin_config_file}"
code <<-EOF
#{migrate_command} upgrade head
EOF
command <<-EOF.gsub(/^ {4}/, '')
neutron-db-manage --subproject neutron-lbaas --config-file /etc/neutron/neutron.conf --config-file #{plugin_config_file} upgrade head
EOF
only_if { node['openstack']['network_lbaas']['enabled'] }
end

52
recipes/default.rb
View File

@ -1,11 +1,12 @@
# Encoding: utf-8
#
# Cookbook Name:: openstack-network
# Cookbook:: openstack-network
# Recipe:: default
#
# Copyright 2013, AT&T
# Copyright 2013-2014, SUSE Linux GmbH
# Copyright 2013-2014, IBM Corp.
# Copyright:: 2013, AT&T
# Copyright:: 2013-2014, SUSE Linux GmbH
# Copyright:: 2013-2014, IBM Corp.
# Copyright:: 2020, Oregon State University
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@ -33,19 +34,16 @@ if node['openstack']['network']['syslog']['use']
include_recipe 'openstack-common::logging'
end
platform_options['neutron_packages'].each do |pkg|
package pkg do
options platform_options['package_overrides']
action :upgrade
end
package platform_options['neutron_packages'] do
options platform_options['package_overrides']
action :upgrade
end
db_type = node['openstack']['db']['network']['service_type']
node['openstack']['db']['python_packages'][db_type].each do |pkg|
package pkg do
options platform_options['package_overrides']
action :upgrade
end
package node['openstack']['db']['python_packages'][db_type] do
options platform_options['package_overrides']
action :upgrade
end
template '/etc/neutron/rootwrap.conf' do
@ -53,7 +51,7 @@ template '/etc/neutron/rootwrap.conf' do
cookbook 'openstack-common'
owner node['openstack']['network']['platform']['user']
group node['openstack']['network']['platform']['group']
mode 0o0644
mode '644'
variables(
service_config: node['openstack']['network']['rootwrap']['conf']
)
@ -64,8 +62,7 @@ cookbook_file '/usr/bin/neutron-enable-bridge-firewall.sh' do
owner 'root'
group 'wheel'
mode '0755'
action :create
only_if { node['platform_family'] == 'rhel' }
only_if { platform_family?('rhel') }
end
if node['openstack']['mq']['service_type'] == 'rabbit'
@ -80,31 +77,21 @@ db_pass = get_password 'db', 'neutron'
bind_service = node['openstack']['bind_service']['all']['network']
bind_service_address = bind_address bind_service
# The auth_url in nova section follows auth_type
nova_auth_url = nil
case node['openstack']['network']['conf']['nova']['auth_type']
when 'v3password'
nova_auth_url = auth_url
end
node.default['openstack']['network']['conf'].tap do |conf|
if node['openstack']['network']['syslog']['use']
conf['DEFAULT']['log_config'] = '/etc/openstack/logging.conf'
end
conf['DEFAULT']['bind_host'] = bind_service_address
conf['DEFAULT']['bind_port'] = bind_service['port']
conf['nova']['auth_url'] = nova_auth_url if nova_auth_url
conf['nova']['auth_url'] = auth_url
conf['keystone_authtoken']['auth_url'] = auth_url
end
# define secrets that are needed in the neutron.conf.erb
node.default['openstack']['network']['conf_secrets'].tap do |conf_secrets|
conf_secrets['database']['connection'] =
db_uri('network', db_user, db_pass)
conf_secrets['nova']['password'] =
get_password 'service', 'openstack-compute'
conf_secrets['keystone_authtoken']['password'] =
get_password 'service', 'openstack-network'
conf_secrets['database']['connection'] = db_uri('network', db_user, db_pass)
conf_secrets['nova']['password'] = get_password 'service', 'openstack-compute'
conf_secrets['keystone_authtoken']['password'] = get_password 'service', 'openstack-network'
end
# merge all config options and secrets to be used in the neutron.conf.erb
@ -115,7 +102,8 @@ template '/etc/neutron/neutron.conf' do
cookbook 'openstack-common'
owner node['openstack']['network']['platform']['user']
group node['openstack']['network']['platform']['group']
mode 0o0640
mode '640'
sensitive true
variables(
service_config: neutron_conf_options
)

22
recipes/dhcp_agent.rb
View File

@ -1,9 +1,10 @@
# Encoding: utf-8
#
# Cookbook Name:: openstack-network
# Cookbook:: openstack-network
# Recipe:: dhcp_agent
#
# Copyright 2013, AT&T
# Copyright:: 2013, AT&T
# Copyright:: 2020, Oregon State University
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@ -22,11 +23,9 @@ include_recipe 'openstack-network'
platform_options = node['openstack']['network']['platform']
platform_options['neutron_dhcp_packages'].each do |pkg|
package pkg do
options platform_options['package_overrides']
action :upgrade
end
package platform_options['neutron_dhcp_packages'] do
options platform_options['package_overrides']
action :upgrade
end
# TODO: (jklare) this should be refactored and probably pull in the some dnsmasq
@ -35,7 +34,7 @@ template '/etc/neutron/dnsmasq.conf' do
source 'dnsmasq.conf.erb'
owner node['openstack']['network']['platform']['user']
group node['openstack']['network']['platform']['group']
mode 0o0644
mode '644'
end
service_config = merge_config_options 'network_dhcp'
@ -44,7 +43,7 @@ template node['openstack']['network_dhcp']['config_file'] do
cookbook 'openstack-common'
owner node['openstack']['network']['platform']['user']
group node['openstack']['network']['platform']['group']
mode 0o0644
mode '644'
variables(
service_config: service_config
)
@ -52,8 +51,7 @@ end
# TODO: (jklare) this should be refactored and probably pull in the some dnsmasq
# cookbook to do the proper configuration
case node['platform']
when 'centos'
if platform?('centos')
rpm_package 'dnsmasq' do
action :upgrade
end
@ -65,7 +63,7 @@ service 'neutron-dhcp-agent' do
action [:enable, :start]
subscribes :restart, [
'template[/etc/neutron/neutron.conf]',
'template [/etc/neutron/dnsmasq.conf]',
'template[/etc/neutron/dnsmasq.conf]',
"template[#{node['openstack']['network_dhcp']['config_file']}]",
'rpm_package[dnsmasq]',
]

53
recipes/fwaas.rb
View File

@ -1,53 +0,0 @@
# Encoding: utf-8
#
# Cookbook Name:: openstack-network
# Recipe:: fwaas
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
include_recipe 'openstack-network'
# Make Openstack object available in Chef::Recipe
class ::Chef::Recipe
include ::Openstack
end
platform_options = node['openstack']['network']['platform']
platform_options['neutron_fwaas_packages'].each do |pkg|
package pkg do
options platform_options['package_overrides']
action :upgrade
end
end
node.default['openstack']['network_fwaas']['conf'].tap do |conf|
conf['fwaas']['enabled'] = 'True'
end
node.default['openstack']['network_l3']['conf'].tap do |conf|
conf['AGENT']['extensions'] = 'fwaas'
end
# As the fwaas package will be installed anyway, configure its config-file attributes following environment.
service_conf = merge_config_options 'network_fwaas'
template node['openstack']['network_fwaas']['config_file'] do
source 'openstack-service.conf.erb'
cookbook 'openstack-common'
owner node['openstack']['network']['platform']['user']
group node['openstack']['network']['platform']['group']
mode 0o0640
variables(
service_config: service_conf
)
end

23
recipes/identity_registration.rb
View File

@ -1,10 +1,11 @@
# Encoding: utf-8
#
# Cookbook Name:: openstack-network
# Cookbook:: openstack-network
# Recipe:: identity_registration
#
# Copyright 2013, AT&T
# Copyright 2013, SUSE Linux GmbH
# Copyright:: 2013, AT&T
# Copyright:: 2013, SUSE Linux GmbH
# Copyright:: 2019-2020, Oregon State University
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@ -35,11 +36,9 @@ interfaces = {
}
service_pass = get_password 'service', 'openstack-network'
service_tenant_name =
node['openstack']['network']['conf']['keystone_authtoken']['project_name']
service_tenant_name = node['openstack']['network']['conf']['keystone_authtoken']['project_name']
service_user =
node['openstack']['network']['conf']['keystone_authtoken']['username']
service_user = node['openstack']['network']['conf']['keystone_authtoken']['username']
service_role = node['openstack']['network']['service_role']
service_domain_name = node['openstack']['network']['conf']['keystone_authtoken']['user_domain_name']
admin_user = node['openstack']['identity']['admin_user']
@ -52,11 +51,11 @@ region = node['openstack']['region']
# endpoint_type = node['openstack']['identity']['endpoint_type']
connection_params = {
openstack_auth_url: auth_url,
openstack_username: admin_user,
openstack_api_key: admin_pass,
openstack_project_name: admin_project,
openstack_domain_name: admin_domain,
openstack_auth_url: auth_url,
openstack_username: admin_user,
openstack_api_key: admin_pass,
openstack_project_name: admin_project,
openstack_domain_name: admin_domain,
# openstack_endpoint_type: endpoint_type,
}

16
recipes/l3_agent.rb
View File

@ -1,9 +1,10 @@
# Encoding: utf-8
#
# Cookbook Name:: openstack-network
# Cookbook:: openstack-network
# Recipe:: l3_agent
#
# Copyright 2013, AT&T
# Copyright:: 2013, AT&T
# Copyright:: 2020, Oregon State University
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@ -27,11 +28,9 @@ end
platform_options = node['openstack']['network']['platform']
platform_options['neutron_l3_packages'].each do |pkg|
package pkg do
options platform_options['package_overrides']
action :upgrade
end
package platform_options['neutron_l3_packages'] do
options platform_options['package_overrides']
action :upgrade
end
service_config = merge_config_options 'network_l3'
@ -40,7 +39,7 @@ template node['openstack']['network_l3']['config_file'] do
cookbook 'openstack-common'
owner node['openstack']['network']['platform']['user']
group node['openstack']['network']['platform']['group']
mode 0o0640
mode '640'
variables(
service_config: service_config
)
@ -53,6 +52,5 @@ service 'neutron-l3-agent' do
action [:enable, :start]
subscribes :restart, [
'template[/etc/neutron/neutron.conf]',
"template[#{node['openstack']['network_fwaas']['config_file']}]",
]
end

39
recipes/lbaas.rb
View File

@ -1,9 +1,10 @@
# Encoding: utf-8
#
# Cookbook Name:: openstack-network
# Cookbook:: openstack-network
# Recipe:: lbaas
#
# Copyright 2013, Mirantis IT
# Copyright:: 2013, Mirantis IT
# Copyright:: 2020, Oregon State University
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@ -17,7 +18,6 @@
# See the License for the specific language governing permissions and
# limitations under the License.
#
# This recipe should be placed in the run_list of the node that
# runs the network server or network controller server.
include_recipe 'openstack-network'
@ -28,23 +28,39 @@ class ::Chef::Recipe
end
platform_options = node['openstack']['network']['platform']
platform_options['neutron_lbaas_packages'].each do |pkg|
package pkg do
options platform_options['package_overrides']
action :upgrade
end
package platform_options['neutron_lbaas_packages'] do
options platform_options['package_overrides']
action :upgrade
end
service_config = merge_config_options 'network_lbaas'
neutron_config = merge_config_options 'network_lbaas'
agent_config = merge_config_options 'network_lbaas_agent'
directory '/etc/neutron/conf.d/neutron-server' do
recursive true
only_if { platform_family?('debian') }
end
template node['openstack']['network_lbaas']['config_file'] do
source 'openstack-service.conf.erb'
cookbook 'openstack-common'
owner node['openstack']['network']['platform']['user']
group node['openstack']['network']['platform']['group']
mode 0o0640
mode '640'
variables(
service_config: service_config
service_config: neutron_config
)
notifies :restart, 'service[neutron-server]', :delayed
end
template node['openstack']['network_lbaas_agent']['config_file'] do
source 'openstack-service.conf.erb'
cookbook 'openstack-common'
owner node['openstack']['network']['platform']['user']
group node['openstack']['network']['platform']['group']
mode '640'
variables(
service_config: agent_config
)
notifies :restart, 'service[neutron-lb-agent]', :delayed
end
@ -54,4 +70,5 @@ service 'neutron-lb-agent' do
supports status: true, restart: true
action :enable
subscribes :restart, 'template[/etc/neutron/neutron.conf]', :delayed
subscribes :restart, "template[#{node['openstack']['network_lbaas']['config_file']}]", :delayed
end

17
recipes/metadata_agent.rb
View File

@ -1,9 +1,10 @@
# Encoding: utf-8
#
# Cookbook Name:: openstack-network
# Cookbook:: openstack-network
# Recipe:: metadata_agent
#
# Copyright 2013, AT&T
# Copyright:: 2013, AT&T
# Copyright:: 2020, Oregon State University
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@ -26,11 +27,9 @@ platform_options = node['openstack']['network']['platform']
metadata_secret = get_password 'token', node['openstack']['network_metadata']['secret_name']
# compute_metadata_api = internal_endpoint 'compute-metadata-api'
platform_options['neutron_metadata_agent_packages'].each do |pkg|
package pkg do
action :upgrade
options platform_options['package_overrides']
end
package platform_options['neutron_metadata_agent_packages'] do
action :upgrade
options platform_options['package_overrides']
end
node.default['openstack']['network_metadata']['conf_secrets'].tap do |conf|
@ -43,11 +42,11 @@ template node['openstack']['network_metadata']['config_file'] do
cookbook 'openstack-common'
owner node['openstack']['network']['platform']['user']
group node['openstack']['network']['platform']['group']
mode 0o0644
mode '644'
sensitive true
variables(
service_config: service_config
)
action :create
end
# delete all secrets saved in the attribute

15
recipes/metering_agent.rb
View File

@ -1,8 +1,10 @@
# Encoding: utf-8
#
# Cookbook Name:: openstack-network
# Cookbook:: openstack-network
# Recipe:: metering_agent
#
# Copyright:: 2020, Oregon State University
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
@ -20,11 +22,9 @@ include_recipe 'openstack-network'
platform_options = node['openstack']['network']['platform']
platform_options['neutron_metering_agent_packages'].each do |pkg|
package pkg do
action :upgrade
options platform_options['package_overrides']
end
package platform_options['neutron_metering_agent_packages'] do
action :upgrade
options platform_options['package_overrides']
end
service_config = merge_config_options 'network_metering'
@ -33,11 +33,10 @@ template node['openstack']['network_metering']['config_file'] do
cookbook 'openstack-common'
owner node['openstack']['network']['platform']['user']
group node['openstack']['network']['platform']['group']
mode 0o0640
mode '640'
variables(
service_config: service_config
)
action :create
end
service 'neutron-metering-agent' do

2
recipes/ml2_core_plugin.rb
View File

@ -1,6 +1,6 @@
# Encoding: utf-8
#
# Cookbook Name:: openstack-network
# Cookbook:: openstack-network
# Recipe:: ml2_core_plugin
#
# Licensed under the Apache License, Version 2.0 (the "License");

36
recipes/ml2_linuxbridge.rb
View File

@ -1,9 +1,10 @@
# Encoding: utf-8
#
# Cookbook Name:: openstack-network
# Cookbook:: openstack-network
# Recipe:: ml2_linuxbridge
#
# Copyright 2013, AT&T
# Copyright:: 2013, AT&T
# Copyright:: 2016-2020, Oregon State University
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@ -30,28 +31,22 @@ node.default['openstack']['network']['plugins']['ml2']['conf']['ml2']['mechanism
node.default['openstack']['network']['plugins']['ml2']['conf']['ml2_type_vxlan']['vni_ranges'] = 'VNI_START:VNI_END'
platform_options = node['openstack']['network']['platform']
platform_options['neutron_linuxbridge_agent_packages'].each do |pkg|
package pkg do
options platform_options['package_overrides']
action :upgrade
end
package platform_options['neutron_linuxbridge_agent_packages'] do
options platform_options['package_overrides']
action :upgrade
end
node.default['openstack']['network']['plugins']['linuxbridge'].tap do |lb|
case node['platform_family']
when 'fedora', 'rhel'
lb['path'] =
'/etc/neutron/plugins/ml2'
lb['filename'] =
'linuxbridge_agent.ini'
lb['path'] = '/etc/neutron/plugins/ml2'
lb['filename'] = 'linuxbridge_agent.ini'
when 'debian'
lb['path'] =
'/etc/neutron/plugins/linuxbridge'
lb['filename'] =
'linuxbridge_conf.ini'
lb['path'] = '/etc/neutron/plugins/linuxbridge'
lb['filename'] = 'linuxbridge_conf.ini'
end
lb['conf']['securitygroup']['firewall_driver'] =
'neutron.agent.linux.iptables_firewall.IptablesFirewallDriver'
lb['conf']['securitygroup']['firewall_driver'] = 'neutron.agent.linux.iptables_firewall.IptablesFirewallDriver'
end
include_recipe 'openstack-network::plugin_config'
@ -60,6 +55,9 @@ service 'neutron-plugin-linuxbridge-agent' do
service_name platform_options['neutron_linuxbridge_agent_service']
supports status: true, restart: true
action [:enable, :start]
subscribes :restart, ['template[/etc/neutron/neutron.conf]',
'template[/etc/neutron/plugins/linuxbridge/linuxbridge_conf.ini]']
subscribes :restart,
[
'template[/etc/neutron/neutron.conf]',
'template[/etc/neutron/plugins/linuxbridge/linuxbridge_conf.ini]',
]
end

4
recipes/ml2_openvswitch.rb
View File

@ -1,9 +1,9 @@
# Encoding: utf-8
#
# Cookbook Name:: openstack-network
# Cookbook:: openstack-network
# Recipe:: ml2_opensvswitch
#
# Copyright 2013, AT&T
# Copyright:: 2013, AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.

12
recipes/openvswitch.rb
View File

@ -1,8 +1,10 @@
# Encoding: utf-8
#
# Cookbook Name:: openstack-network
# Cookbook:: openstack-network
# Recipe:: opensvswitch
#
# Copyright:: 2020, Oregon State University
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
@ -24,11 +26,9 @@ plugin_file_path = File.join(
)
platform_options = node['openstack']['network']['platform']
platform_options['neutron_openvswitch_packages'].each do |pkg|
package pkg do
options platform_options['package_overrides']
action :upgrade
end
package platform_options['neutron_openvswitch_packages'] do
options platform_options['package_overrides']
action :upgrade
end
service 'neutron-openvswitch-switch' do

18
recipes/openvswitch_agent.rb
View File

@ -1,8 +1,10 @@
# Encoding: utf-8
#
# Cookbook Name:: openstack-network
# Cookbook:: openstack-network
# Recipe:: openvswitch_agent
#
# Copyright:: 2020, Oregon State University
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
@ -16,6 +18,7 @@
# limitations under the License.
#
include_recipe 'openstack-network'
include_recipe 'openstack-network::ml2_openvswitch'
plugin_file_path = File.join(
@ -24,19 +27,14 @@ plugin_file_path = File.join(
)
platform_options = node['openstack']['network']['platform']
platform_options['neutron_openvswitch_agent_packages'].each do |pkg|
package pkg do
action :upgrade
options platform_options['package_overrides']
end
package platform_options['neutron_openvswitch_agent_packages'] do
action :upgrade
options platform_options['package_overrides']
end
int_bridge =
node['openstack']['network']['plugins']['openvswitch']['conf']
.[]('DEFAULT')['integration_bridge']
int_bridge = node['openstack']['network']['plugins']['openvswitch']['conf'].[]('DEFAULT')['integration_bridge']
execute 'create integration network bridge' do
command "ovs-vsctl --may-exist add-br #{int_bridge}"
action :run
end
service 'neutron-openvswitch-agent' do

8
recipes/plugin_config.rb
View File

@ -1,8 +1,10 @@
# Encoding: utf-8
#
# Cookbook Name:: openstack-network
# Cookbook:: openstack-network
# Recipe:: plugin_config
#
# Copyright:: 2020, Oregon State University
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
@ -22,7 +24,7 @@ node['openstack']['network']['plugins'].each_value do |plugin|
recursive true
owner node['openstack']['network']['platform']['user']
group node['openstack']['network']['platform']['group']
mode 0o0700
mode '700'
end
template File.join(plugin['path'], plugin['filename']) do
@ -30,7 +32,7 @@ node['openstack']['network']['plugins'].each_value do |plugin|
cookbook 'openstack-common'
owner node['openstack']['network']['platform']['user']
group node['openstack']['network']['platform']['group']
mode 0o0644
mode '644'
variables(
service_config: plugin['conf']
)

47
recipes/server.rb
View File

@ -1,10 +1,11 @@
# Encoding: utf-8
#
# Cookbook Name:: openstack-network
# Cookbook:: openstack-network
# Recipe:: server
#
# Copyright 2013, AT&T
# Copyright 2013, SUSE Linux GmbH
# Copyright:: 2013, AT&T
# Copyright:: 2013, SUSE Linux GmbH
# Copyright:: 2020, Oregon State University
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@ -30,7 +31,7 @@ template '/etc/default/neutron-server' do
source 'neutron-server.erb'
owner 'root'
group 'root'
mode 0o0644
mode '644'
variables(
core_plugin_config: node['openstack']['network']['core_plugin_config_file']
)
@ -39,19 +40,15 @@ end
platform_options = node['openstack']['network']['platform']
platform_options['neutron_server_packages'].each do |pkg|
package pkg do
options platform_options['package_overrides']
action :upgrade
end
package platform_options['neutron_server_packages'] do
options platform_options['package_overrides']
action :upgrade
end
db_type = node['openstack']['db']['network']['service_type']
node['openstack']['db']['python_packages'][db_type].each do |pkg|
package pkg do
options platform_options['package_overrides']
action :upgrade
end
package node['openstack']['db']['python_packages'][db_type] do
options platform_options['package_overrides']
action :upgrade
end
if node['openstack']['network']['policyfile_url']
@ -59,20 +56,22 @@ if node['openstack']['network']['policyfile_url']
source node['openstack']['network']['policyfile_url']
owner node['openstack']['network']['platform']['user']
group node['openstack']['network']['platform']['group']
mode 0o0644
mode '644'
end
end
</