Commit Graph

127 Commits (master)

Author SHA1 Message Date
Lance Albertson dac0c7c8d4 Updates for Train
- LBaaS has been removed as it's been deprecated upstream [1]

- Update release to train

- Cookstyle

- Unused .rubocop.yml


Change-Id: I4c7f58ea60c02704877531fe3e7849c47aacf7ae
2020-05-29 17:18:15 -07:00
Lance Albertson cb26946e73 Stein fixes
- Cookstyle fixes
- Refactor Berksfile to use groups so we can exclude integration testing
- Update documentation
- Cleanup line wraps
- Enable sensitive resources for the template[/etc/neutron/neutron.conf] and
  template[/etc/neutron/metadata_agent.ini] to resources improve security.
- Update delivery configuration to exclude integration cookbooks
- Fix ChefSpec output.
- Update lbaas recipe to use v2 agent driver.
- Add recommended configuration settings to neutron.conf based in Stein
  installation docs.
- Remove any resources that define the default action.
- Switch package installations to send packages as arrays instead of individual
  package resources. This generally speeds up chef runs.
- Manage /etc/neutron/neutron_lbaas.conf so we can set service_provider
- Add some missing ChefSpec tests.
- Configure neutron_lbaas.conf on Ubuntu in a manner that allows it to properly
  pull in the configuration via the --config-dir option. This is due to the fact
  we need to set an additional [service_providers] service_provider line and we
  can't do that with hashes.
- Remove FWaaS as it's unmaintained upstream.

Change-Id: Id29884766440d37fa18fd62f3f93eecc22224d51
2020-03-23 14:23:34 -07:00
Roger Luethi 5bb0cf6aaa Allow overriding replies for specific domain names via dnsmasq.conf
backport: queens

Change-Id: I44d1d01b943167049e2f09fb251e1a54b6c43d47
2019-04-05 16:12:59 +02:00
Jens Rosenboom 4b0f4a49d0 Do not hardcode any DHCP options for Neutron
With Mitaka, Neutron has learned to set proper MTU values for the DHCP
agent depending on the encapsulation type being used. So do not override
them any more from our side.

Change-Id: Ib3c14a828374d607c49257682d552159c72a13f9
Closes-Bug: 1567923
2016-04-08 17:04:05 +02:00
Jan Klare 2ec770de11 refactoring final step
* added new logic to render plugin templates
* refactored recipe names to be more consistence
* moved version up to 13.0.0 for mitaka release
* removed suse as supported platform
* added verisionbumb for refactored os-identity and common
* adapted optimized endpoint logic
* added endpoint attributes to fit new endpoint logic
* adapted the specs (unit tests) to work again
* refactored attributes throughout all recipes that were connected to the
  attributes used for the neutron.conf.erb template to adapt the new template
  attribute syntax
* removed some attributes that were set to non default values, since the
  defaults from neutron cloud and should be used instead
* moved all attributes form attributes/default.rb that were used in
  neutron.conf.erb to attributes/neutron_conf.rb
* refactored attributes to fit new template logic
* refactored recipes/default.rb to fit new template logic
* removed all attributes set to default values in attribtues/default and
* replaced static plugin logic and templates with new config logic, following
  the same principles as for neutron.conf
* renamed recipes to fit attributes and actual service names
* added recipes for ml2_core_plugin, ml2_openvswitch and ml2_linuxbridge as well
  as a recipe for the creation of all plugin configs (plugin_conf) like plugin.ini

Change-Id: I9cc1b5cc069987ac83e064322c2291772505ff5f
Implements: blueprint cookbook-refactoring
Depends-On: I0547182085eed91d05384fdd7734408a839a9a2c
Depends-On: I3262b2e6f792f37c32a446e6567790b82bdd4613
2016-02-08 10:44:13 +01:00
Min Min Ren 94d875d7e1 Add database slave connection configure
- According to the bool attribute
   node['openstack']['endpoints']['db']['enabled_slave'], enable/disable
   neutron database slave_connection
 - Add the slave_connection generated from db_uri function

Implements: blueprint sql-slave-connection-support

Change-Id: I19fc7fb4ab4a62fcdea77c9c4d18135fb2f49d41
2015-08-26 00:09:35 -05:00
Mark Vanderwiel 78f3c0ba43 Allow rabbit mq kombu ssl configuration
Add the rest of the kombu ssl configuration options.

Change-Id: Ice44d4d401d7a03041257c61283ef0f6aed41dc3
Partial-Bug: 1464706
2015-06-16 10:45:15 -05:00
Mark Vanderwiel 4b0d6b1ec0 Allow oslo rabbit heartbeat configuration
In order to allow components to better handle and respond to mq failures,
oslo has some heartbeat options that are useful.

Change-Id: Ief96c7fce659376f476b11b527c60ce999777b81
Partial-Bug: #1462438
2015-06-15 03:05:00 +00:00
Song Li aea5f5ac7b Auth_url changes following auth_plugin in nova section
After the refact of nova authentication in neutron, it supports
three auth_plugin: password, v2password, v3password. Each
auth_plugin match a different auth_url. For example:
a) password
auth_plugin = password
auth_url =
b) v2password
auth_plugin = v2password
auth_url =
c) v3password
auth_plugin = v3password
auth_url =

The auth_url should be set following the auth_plugin automatically.

Change-Id: Ia584a6c6a64fcaa92012c957da004ac029ca7db2
Closes-bug: #1459594
Closes-bug: #1461480
2015-06-07 23:53:02 -04:00
wenchma 38758fbb14 Refactor nova section to enable auth strategy
Authenticating to nova using nova_admin_* options is deprecated.


This should be done using an auth plugin, like password:

  region_name = RegionOne
  project_domain_id = default
  project_name = service
  user_domain_id = default
  password = passw0rd
  username = nova
  auth_url =
  auth_plugin = password


Change-Id: I8896af89f1b5fef39776a8aa1289cb9ee7645a08
Closes-bug: #1449058
2015-05-27 10:51:46 +08:00
wenchma 2a1a38b542 Update the deprecated group/name to Kilo release
For Kilo release, there are many deprecated group/name in conf files of openstack,
so we need to change the deprecated group/name to new group/name.

blueprint conf-section-update-for-kilo
Closes-bug: #1436170

Change-Id: Ibdd35e55ab79bc684782182d3e4341e672f04401
2015-04-22 17:53:49 +08:00
Jenkins f12809d382 Merge "Make the metadata_workers attribute in metadata_agent.ini configurable." 2015-04-22 09:46:02 +00:00
Mark Vanderwiel adc1a82c52 neutron nova_admin_auth_url requires a protocol version
In my recent patch to move to identity_url, I mistakenly also
touched the nova_admin_auth_url which removed the v2.0 protocol
version from it.  This prevents neutron from working properly
with nova.

Change-Id: Ib48a9a4be4478eb5f6fd1a07c8bd13d57af1c4db
Closes-Bug: #1446652
2015-04-22 02:53:48 +00:00
gekun e7761b347f Make the metadata_workers attribute in metadata_agent.ini configurable.
The default value of metadata_workers in metadata_agent.ini is half of the
number of CPU cores in the computer system. The value will be large only if
there are many CPU cores, which may not be necessary. It should be acceptable
to make this attribute configurable, which follows what has been done for
api_workers and rpc_workers in neutron.conf.

Change-Id: I823b485d72fb74c13e4bce221a256cfed6770d65
2015-04-22 02:04:36 +00:00
Wei Hu 0becd08722 Add rabbitmq max_retries and retry_interval in neutron.conf.erb
Oslo.message using rabbit_max_retries and rabbit_retry_interval to
define reconnect rabbitmq server times and interval when can not
connect to rabbitmq server.

Partial-bug: #1439968

Change-Id: I8e19c3343627d4e2316f91b4fb084c5b6486dd84
2015-04-17 03:01:26 +00:00
Jenkins 3d677e5190 Merge "Use identity_uri_transform for identiry_uri support" 2015-04-16 21:53:10 +00:00
Mark Vanderwiel 53366aac19 Use identity_uri_transform for identiry_uri support
Remove deprecated keys and use identity_uri via the new transform
helper method.

Also, cleanup specs for endpoint testing to make sure Common is
fully tested.

Change-Id: Iad3da2be74823b8d706eb9b4e12311cbf655ab7f
Implements: blueprint identity-uri
2015-04-07 01:30:23 +00:00
Mark Vanderwiel 0712addc7a Remove api-paste.ini as it provided by package
Since we have no attribute overrides for api-paste.ini, no
need to have a template resource for it.  Until we need to
have some attribute, removing this will take away burden of
keeping in sync with base openstack code.

Change-Id: I918b3dfc3d17fe122300d32d678addbf828df771
Related-Bug: #1433152
2015-04-02 16:08:45 -05:00
Mark Vanderwiel 7963c596c9 Fix ubuntu ml2_conf missing ovs section
Used the existing ovs conf as a partial template to simply include
in the ml2 conf.  This keeps all the attributes the same.
A more detailed spec will have to be done after some refactoring
to allow for sections to be tested.

Please give this idea a try, it seems to allow me to setup neutron
on ubuntu with ml2. I'm working toward using this as a basis for
getting the repo aio_neutron test working.

Change-Id: Ia988f3d7ef1c280c40b55cea4f455710f673dd32
Closes-Bug: #1314751
2015-03-30 09:57:13 -05:00
wenchma 29447d06a8 Enable kombu_ssl_version configuration for Rabbitmq SSL
Change-Id: Ibc8e8314907e2b42d9faee73fe17ba319887ea54
Closes-bug: #1433405
2015-03-23 17:38:02 +08:00
Jenkins 285bfbf3b9 Merge "Support strongswan driver on neutron-vpnaas" 2015-03-19 20:16:13 +00:00
Jenkins 0d9a47e146 Merge "Support fwaas on kilo release" 2015-03-19 20:16:05 +00:00
leejian0612 25b72df852 Support strongswan driver on neutron-vpnaas
Change-Id: Idfe122e19f2e3766a34b94f4caa88d6a90d61b12
2015-03-19 16:33:32 +08:00
Song Li ce2ae14df0 Support fwaas on kilo release
Change-Id: I6dc0658f6ba0bd6d7a1f456e3e155435d5ebb25d
Closes-Bug: #1427553
Partial-Bug: #1407874
2015-03-18 14:44:52 -04:00
Jenkins 99cdcb65fd Merge "Use new nova_admin_tenant_name" 2015-03-16 14:32:43 +00:00
Akash V Gunjal 275aeccc50 Add custom interface_driver to lbaas_agent.ini template with the help of
a new attribute

A new attribute will be added which can used to set the custom
interface_driver in case if the plugin is neither ovs nor linuxbridge.
An additional attribute is added to set the ovs_use_veth value present
in case of ovs plugin to 'True' or 'False'.

Change-Id: Iba95c216ca46b9ed0927758b9645525ca7d5e3c9
Closes-Bug: #1429189
2015-03-12 11:48:40 +05:30
Jenkins 09410efea6 Merge "Enable Distributed Virtual Router" 2015-03-07 00:17:17 +00:00
lzklibj 409abee58c Enable Distributed Virtual Router
blueprint enable-dvr-chef-cookbook

Change-Id: I5521cf73fb3eecabc2a63eb9b32f62073ad2bd57
2015-03-06 05:20:15 -08:00
Jenkins 756cf8c4ad Merge "Support vpnaas on kilo release" 2015-03-05 18:33:22 +00:00
leejian0612 83a532ad51 Support vpnaas on kilo release
Partial-Bug: #1425633
Closes-Bug: #1427954

Change-Id: I789d550fb4df8e51824f4108aab90d3f7958cf5f
2015-03-05 14:21:37 +08:00
leejian0612 bed9932cda Support lbaas on kilo release
Closes-Bug: #1427142
Partial-Bug: #1407874

Change-Id: I5b3c0602cf06290dc17d67d82cc7ea7533fecdec
2015-03-05 13:58:51 +08:00
Mark Vanderwiel 48d3cafe4f Use new nova_admin_tenant_name
Patches in base neutron allow for use of just the nova tenant name
instead of having to make an ugly cli call into keystone to get the
uuid.   This is much much cleaner way to do it.
Kept the old admin_tenant_id attribute, added a new
admin_tenant_name one.  This should come directly from the Compute
cookbook attribute, service_tenant_name, but since Network does
not depend upon Compute cookbook, I simply added the default here.
I don't think we want to introduce a depends between Network and
Compute, that would be a circular dependency.

Change-Id: I88948b6ad300192cb00b07f10d29dc7ec19d4ba2
Closes-Bug: #1427817
2015-03-04 12:35:14 -06:00
Mark Vanderwiel 6ec0caf181 Add compute metadata api to common endpoints
Nova metadata api endpoint was missing from common endpoints.
This patch will be follow by one for compute and network to
make use of these new endpoint.

Change-Id: Ie3e9f27f7d6eec4f4ebb0b1dbebd0b12a03a0b65
Partial-Bug: #1425633
2015-02-25 17:25:35 -06:00
Hong Hui Xiao e4766fb2b6 Allow customize l3 agent HA parameters
Parameterize l3_ha, max_l3_agents_per_router,
ha_vrrp_advert_int setting, so that user can deploy
 a topology with neutron l3 agent HA enabled.

Change-Id: Iab159efcc30349e6481c944a5afb16293fbb0826
Closes-Bug: #1417913
2015-02-11 09:47:10 +08:00
Hong Hui Xiao e99affcf6a Allow customize dhcp_agents_per_network
Parameterize dhcp_agents_per_network setting, so that
user can deploy a topology with multiple dhcp agent

Change-Id: I22d584f077e7cbc64bdf53522166352a512e84a5
Closes-Bug: #1414908
2015-02-09 13:06:49 +08:00
lijianlj 31f6606586 Fix user_group configuration in lbaas_agent.ini.erb
when using haproxy, user_group should be nobody on rhel,fedora and suse, and nogroup on debian

Change-Id: If875bdbecf9867a20afd5264a2fdb814a7729896
2015-01-13 10:27:41 +08:00
Mark Vanderwiel 0695636cd1 rabbit ha cleanups
allow rabbit ssl to be enabled when ha is used.

Change-Id: I7e3ed77383917dda97ac69cf6152ad90fe5ad30c
Partial-Bug: # 1408705
2015-01-08 11:55:50 -06:00
leejian0612 de6ca4a702 Multi driver support to VPN agent
Add multi driver support to the recipe of vpn_agent,
by changing vpn_device_driver option from string to list.
And add a new option named vpn_device_driver_packages to
install package dependencies according vpn_device_driver.

Closes-Bug: #1386067
Closes-Bug: #1386070
Change-Id: If84827e421a2d94b5ae802a65b3d906670e28e90
2014-11-04 09:47:09 +08:00
jun xie 5067a2afa2 Set auth_version to v2.0
When no auth_version value is provided, it still should explicitly
set auth_version to v2.0 as the default value.
This is also to be consistent with other components. The current
code does not have 'auth_version = v2.0' in the configuration file.

Change-Id: Ie8c23ec2eef0b0ad70b4937e7ae68ac66188f1f2
Closes-Bug: #1387016
2014-10-29 23:20:09 +08:00
jun xie 2fe862cd0e Add 2 attributes and make nova_url use right scheme
This commit adds nova_ca_certificates_file and
nova_api_insecure so that they can be configured.
It also makes the nova_url use the right scheme.

Change-Id: I00a9f900e2d722529808e10e946beae8f374c4fa
Closes-Bug: #1383701
2014-10-22 12:05:42 -05:00
Jenkins 3a4e94e3ca Merge "Added missing template tests and checked existing ones (III)" 2014-10-14 16:36:07 +00:00
Federico Gimenez Nieto 7865a50b36 Added missing template tests and checked existing ones (III)
Covers all template plugins except midonet and metaplugin
(see Obvious mistakes
have been corrected in some of the templates (trailing
whitespaces, cut&pasted attribute names, instance variables
instead of block variables and so on).

Change-Id: I2302cd4f0ef29be4f1d783de930af2abbf7c1a15
Closes-Bug: #1328999
Implements: blueprint add-template-tests
2014-10-14 09:38:43 +02:00
Jenkins 3caeb5f632 Merge "Add attributes for quota_router and quota_floatingip" 2014-10-10 19:03:24 +00:00
Mark Vanderwiel 58b6b31a6d Add attribute for api_workers and rpc_workers
Change-Id: I758a4ca1c5551a2bb13cdf6e7da9ab62e23a5663
Closes-Bug: #1365005
2014-10-09 13:12:34 -05:00
Mark Vanderwiel 5fea9a66be Add attributes for quota_router and quota_floatingip
A couple more quota attributes
* Added eol markers in quota spec tests

Change-Id: Ide8763d8ad90176b93c0907522db669d4823f23c
Closes-Bug: #1367395
2014-09-29 10:12:53 -05:00
Mark Vanderwiel 2a71aac70c Add attribute for ML2 enable_ipset
Add enable_ipset within securitygroup section for
ml2_conf.ini template.

Change-Id: I04956a15faa3bc72c71bc27908675d2e30239e86
Closes-Bug: #1371684
2014-09-24 10:33:44 -05:00
Jenkins 478f0a103c Merge "Enable Neutron VPN as Service" 2014-09-22 19:25:23 +00:00
jun xie bd28d5ff57 Add some authtoken related attributes
This change adds some attributes into the cookbook so
that they are configurable. It mainly includes:
cafile, memcached_servers, memcache_security_strategy,
memcache_secret_key, insecure and hash_algorithms.

Change-Id: Ic48bd7193815185f1c065c1bd689d67de325cd8e
Closes-Bug: #1371421
2014-09-22 23:37:51 +08:00
Xu Han Peng 1dd7be7ee4 Enable Neutron VPN as Service
Add a recipe, related attribute/template, and unit tests to
to install, configure and start VPN service.
Stop L3 agent if VPN is enabled.

Change-Id: I63322e3c43e38444163371636cbab2c3bbdeaacf
Implements: Blueprint neutron-vpnaas-enablement
2014-09-19 11:10:13 +08:00
Hu 802685281c Add tunnel_types in ovs_neutron_plugin.ini.erb
Nowadays, there is no tunnel_types item in ovs_
neutron_plugin.ini.erb template. And user can not
assign value to this item by environment. Therefore,
the vxlan enablement will failure because of the item
default value is '[]' which will disable tunneling
support in the agent.

Fixes bug #1355663

Change-Id: I21378cbc3fe021b6763dd9f560e027ddd704c982
2014-08-18 09:56:56 +08:00