- Cookstyle fixes
- Refactor Berksfile to use groups so we can exclude integration testing
cookbooks
- Update documentation
- Cleanup line wraps
- Enable sensitive resources for the template[/etc/neutron/neutron.conf] and
template[/etc/neutron/metadata_agent.ini] to resources improve security.
- Update delivery configuration to exclude integration cookbooks
- Fix ChefSpec output.
- Update lbaas recipe to use v2 agent driver.
- Add recommended configuration settings to neutron.conf based in Stein
installation docs.
- Remove any resources that define the default action.
- Switch package installations to send packages as arrays instead of individual
package resources. This generally speeds up chef runs.
- Manage /etc/neutron/neutron_lbaas.conf so we can set service_provider
properly.
- Add some missing ChefSpec tests.
- Configure neutron_lbaas.conf on Ubuntu in a manner that allows it to properly
pull in the configuration via the --config-dir option. This is due to the fact
we need to set an additional [service_providers] service_provider line and we
can't do that with hashes.
- Remove FWaaS as it's unmaintained upstream.
Depends-On: https://review.opendev.org/701027
Depends-On: https://review.opendev.org/706151
Change-Id: Id29884766440d37fa18fd62f3f93eecc22224d51
With Mitaka, Neutron has learned to set proper MTU values for the DHCP
agent depending on the encapsulation type being used. So do not override
them any more from our side.
Change-Id: Ib3c14a828374d607c49257682d552159c72a13f9
Closes-Bug: 1567923
* added new logic to render plugin templates
* refactored recipe names to be more consistence
* moved version up to 13.0.0 for mitaka release
* removed suse as supported platform
* added verisionbumb for refactored os-identity and common
* adapted optimized endpoint logic
* added endpoint attributes to fit new endpoint logic
* adapted the specs (unit tests) to work again
* refactored attributes throughout all recipes that were connected to the
attributes used for the neutron.conf.erb template to adapt the new template
attribute syntax
* removed some attributes that were set to non default values, since the
defaults from neutron cloud and should be used instead
* moved all attributes form attributes/default.rb that were used in
neutron.conf.erb to attributes/neutron_conf.rb
* refactored attributes to fit new template logic
* refactored recipes/default.rb to fit new template logic
* removed all attributes set to default values in attribtues/default and
template
* replaced static plugin logic and templates with new config logic, following
the same principles as for neutron.conf
* renamed recipes to fit attributes and actual service names
* added recipes for ml2_core_plugin, ml2_openvswitch and ml2_linuxbridge as well
as a recipe for the creation of all plugin configs (plugin_conf) like plugin.ini
Change-Id: I9cc1b5cc069987ac83e064322c2291772505ff5f
Implements: blueprint cookbook-refactoring
Depends-On: I0547182085eed91d05384fdd7734408a839a9a2c
Depends-On: I3262b2e6f792f37c32a446e6567790b82bdd4613
- According to the bool attribute
node['openstack']['endpoints']['db']['enabled_slave'], enable/disable
neutron database slave_connection
- Add the slave_connection generated from db_uri function
Implements: blueprint sql-slave-connection-support
Change-Id: I19fc7fb4ab4a62fcdea77c9c4d18135fb2f49d41
In order to allow components to better handle and respond to mq failures,
oslo has some heartbeat options that are useful.
Change-Id: Ief96c7fce659376f476b11b527c60ce999777b81
Partial-Bug: #1462438
After the refact of nova authentication in neutron, it supports
three auth_plugin: password, v2password, v3password. Each
auth_plugin match a different auth_url. For example:
a) password
auth_plugin = password
auth_url = http://127.0.0.1:35357/
b) v2password
auth_plugin = v2password
auth_url = http://127.0.0.1:35357/v2.0
c) v3password
auth_plugin = v3password
auth_url = http://127.0.0.1:35357/v3
The auth_url should be set following the auth_plugin automatically.
Change-Id: Ia584a6c6a64fcaa92012c957da004ac029ca7db2
Closes-bug: #1459594
Closes-bug: #1461480
Authenticating to nova using nova_admin_* options is deprecated.
CONF.nova_admin_auth_url
CONF.nova_admin_username
CONF.nova_admin_password
CONF.nova_admin_tenant_id
CONF.nova_admin_tenant_name
This should be done using an auth plugin, like password:
[nova]
region_name = RegionOne
project_domain_id = default
project_name = service
user_domain_id = default
password = passw0rd
username = nova
auth_url = http://127.0.0.1:35357
auth_plugin = password
Reference: https://github.com/openstack/neutron/blob/master/neutron/notifiers/nova.py#L85-90
Change-Id: I8896af89f1b5fef39776a8aa1289cb9ee7645a08
Closes-bug: #1449058
For Kilo release, there are many deprecated group/name in conf files of openstack,
so we need to change the deprecated group/name to new group/name.
blueprint conf-section-update-for-kilo
Closes-bug: #1436170
Change-Id: Ibdd35e55ab79bc684782182d3e4341e672f04401
In my recent patch to move to identity_url, I mistakenly also
touched the nova_admin_auth_url which removed the v2.0 protocol
version from it. This prevents neutron from working properly
with nova.
Change-Id: Ib48a9a4be4478eb5f6fd1a07c8bd13d57af1c4db
Closes-Bug: #1446652
The default value of metadata_workers in metadata_agent.ini is half of the
number of CPU cores in the computer system. The value will be large only if
there are many CPU cores, which may not be necessary. It should be acceptable
to make this attribute configurable, which follows what has been done for
api_workers and rpc_workers in neutron.conf.
Change-Id: I823b485d72fb74c13e4bce221a256cfed6770d65
Oslo.message using rabbit_max_retries and rabbit_retry_interval to
define reconnect rabbitmq server times and interval when can not
connect to rabbitmq server.
Partial-bug: #1439968
Change-Id: I8e19c3343627d4e2316f91b4fb084c5b6486dd84
Remove deprecated keys and use identity_uri via the new transform
helper method.
Also, cleanup specs for endpoint testing to make sure Common is
fully tested.
Change-Id: Iad3da2be74823b8d706eb9b4e12311cbf655ab7f
Implements: blueprint identity-uri
Since we have no attribute overrides for api-paste.ini, no
need to have a template resource for it. Until we need to
have some attribute, removing this will take away burden of
keeping in sync with base openstack code.
Change-Id: I918b3dfc3d17fe122300d32d678addbf828df771
Related-Bug: #1433152
Used the existing ovs conf as a partial template to simply include
in the ml2 conf. This keeps all the attributes the same.
A more detailed spec will have to be done after some refactoring
to allow for sections to be tested.
Please give this idea a try, it seems to allow me to setup neutron
on ubuntu with ml2. I'm working toward using this as a basis for
getting the repo aio_neutron test working.
Change-Id: Ia988f3d7ef1c280c40b55cea4f455710f673dd32
Closes-Bug: #1314751
a new attribute
A new attribute will be added which can used to set the custom
interface_driver in case if the plugin is neither ovs nor linuxbridge.
An additional attribute is added to set the ovs_use_veth value present
in case of ovs plugin to 'True' or 'False'.
Change-Id: Iba95c216ca46b9ed0927758b9645525ca7d5e3c9
Closes-Bug: #1429189
Patches in base neutron allow for use of just the nova tenant name
instead of having to make an ugly cli call into keystone to get the
uuid. This is much much cleaner way to do it.
Kept the old admin_tenant_id attribute, added a new
admin_tenant_name one. This should come directly from the Compute
cookbook attribute, service_tenant_name, but since Network does
not depend upon Compute cookbook, I simply added the default here.
I don't think we want to introduce a depends between Network and
Compute, that would be a circular dependency.
Change-Id: I88948b6ad300192cb00b07f10d29dc7ec19d4ba2
Closes-Bug: #1427817
Nova metadata api endpoint was missing from common endpoints.
This patch will be follow by one for compute and network to
make use of these new endpoint.
Change-Id: Ie3e9f27f7d6eec4f4ebb0b1dbebd0b12a03a0b65
Partial-Bug: #1425633
Parameterize l3_ha, max_l3_agents_per_router,
ha_vrrp_advert_int setting, so that user can deploy
a topology with neutron l3 agent HA enabled.
Change-Id: Iab159efcc30349e6481c944a5afb16293fbb0826
Closes-Bug: #1417913
Parameterize dhcp_agents_per_network setting, so that
user can deploy a topology with multiple dhcp agent
working.
Change-Id: I22d584f077e7cbc64bdf53522166352a512e84a5
Closes-Bug: #1414908
when using haproxy, user_group should be nobody on rhel,fedora and suse, and nogroup on debian
Change-Id: If875bdbecf9867a20afd5264a2fdb814a7729896
Closes-Bug:#1406224
Add multi driver support to the recipe of vpn_agent,
by changing vpn_device_driver option from string to list.
And add a new option named vpn_device_driver_packages to
install package dependencies according vpn_device_driver.
DocImpact
Closes-Bug: #1386067
Closes-Bug: #1386070
Change-Id: If84827e421a2d94b5ae802a65b3d906670e28e90
When no auth_version value is provided, it still should explicitly
set auth_version to v2.0 as the default value.
This is also to be consistent with other components. The current
code does not have 'auth_version = v2.0' in the configuration file.
Change-Id: Ie8c23ec2eef0b0ad70b4937e7ae68ac66188f1f2
Closes-Bug: #1387016
This commit adds nova_ca_certificates_file and
nova_api_insecure so that they can be configured.
It also makes the nova_url use the right scheme.
Change-Id: I00a9f900e2d722529808e10e946beae8f374c4fa
Closes-Bug: #1383701
Covers all template plugins except midonet and metaplugin
(see https://bugs.launchpad.net/bugs/1380243). Obvious mistakes
have been corrected in some of the templates (trailing
whitespaces, cut&pasted attribute names, instance variables
instead of block variables and so on).
Change-Id: I2302cd4f0ef29be4f1d783de930af2abbf7c1a15
Closes-Bug: #1328999
Implements: blueprint add-template-tests
This change adds some attributes into the cookbook so
that they are configurable. It mainly includes:
cafile, memcached_servers, memcache_security_strategy,
memcache_secret_key, insecure and hash_algorithms.
Change-Id: Ic48bd7193815185f1c065c1bd689d67de325cd8e
Closes-Bug: #1371421
Add a recipe, related attribute/template, and unit tests to
to install, configure and start VPN service.
Stop L3 agent if VPN is enabled.
Change-Id: I63322e3c43e38444163371636cbab2c3bbdeaacf
Implements: Blueprint neutron-vpnaas-enablement
Nowadays, there is no tunnel_types item in ovs_
neutron_plugin.ini.erb template. And user can not
assign value to this item by environment. Therefore,
the vxlan enablement will failure because of the item
default value is '[]' which will disable tunneling
support in the agent.
Fixes bug #1355663
Change-Id: I21378cbc3fe021b6763dd9f560e027ddd704c982
Lance Albertson