# Encoding: utf-8 # # Cookbook Name:: openstack-network # Recipe:: default # # Copyright 2013, AT&T # Copyright 2013-2014, SUSE Linux GmbH # Copyright 2013-2014, IBM Corp. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # ['quantum', 'neutron'].include?(node['openstack']['compute']['network']['service_type']) || return # this is needed for querying the tenant_uuid of admin below include_recipe 'openstack-identity::client' require 'uri' # Make Openstack object available in Chef::Recipe class ::Chef::Recipe include ::Openstack include ::Utils end # Make Openstack object available in Chef::Resource::RubyBlock class ::Chef::Resource::RubyBlock include ::Openstack end platform_options = node['openstack']['network']['platform'] core_plugin = node['openstack']['network']['core_plugin'] main_plugin = node['openstack']['network']['core_plugin_map'][core_plugin.split('.').last.downcase] role_match = role_included? 'os-network-server' if node['openstack']['network']['syslog']['use'] include_recipe 'openstack-common::logging' end platform_options['nova_network_packages'].each do |pkg| package pkg do action :purge end end platform_options['neutron_packages'].each do |pkg| package pkg do options platform_options['package_overrides'] action :upgrade end end db_type = node['openstack']['db']['network']['service_type'] node['openstack']['db']['python_packages'][db_type].each do |pkg| package pkg do options platform_options['package_overrides'] action :upgrade end end directory '/etc/neutron/plugins' do recursive true owner node['openstack']['network']['platform']['user'] group node['openstack']['network']['platform']['group'] mode 00700 action :create end directory '/var/cache/neutron' do owner node['openstack']['network']['platform']['user'] group node['openstack']['network']['platform']['group'] mode 00700 action :create end directory ::File.dirname node['openstack']['network']['api']['auth']['cache_dir'] do owner node['openstack']['network']['platform']['user'] group node['openstack']['network']['platform']['group'] mode 00700 only_if { node['openstack']['auth']['strategy'] == 'pki' } end template '/etc/neutron/rootwrap.conf' do source 'rootwrap.conf.erb' owner node['openstack']['network']['platform']['user'] group node['openstack']['network']['platform']['group'] mode 00644 end if node['openstack']['network']['policyfile_url'] remote_file '/etc/neutron/policy.json' do source node['openstack']['network']['policyfile_url'] owner node['openstack']['network']['platform']['user'] group node['openstack']['network']['platform']['group'] mode 00644 notifies :restart, 'service[neutron-server]', :delayed if role_match end end mq_service_type = node['openstack']['mq']['network']['service_type'] if mq_service_type == 'rabbitmq' rabbit_hosts = rabbit_servers if node['openstack']['mq']['network']['rabbit']['ha'] mq_password = get_password 'user', node['openstack']['mq']['network']['rabbit']['userid'] elsif mq_service_type == 'qpid' mq_password = get_password 'user', node['openstack']['mq']['network']['qpid']['username'] end identity_endpoint = internal_endpoint 'identity-internal' identity_admin_endpoint = admin_endpoint 'identity-admin' auth_uri = ::URI.decode identity_endpoint.to_s auth_uri = auth_uri_transform identity_endpoint.to_s, node['openstack']['network']['api']['auth']['version'] identity_uri = identity_uri_transform(identity_admin_endpoint) db_user = node['openstack']['db']['network']['username'] db_pass = get_password 'db', 'neutron' sql_connection = db_uri('network', db_user, db_pass) network_api_bind = endpoint 'network-api-bind' service_pass = get_password 'service', 'openstack-network' platform_options['neutron_client_packages'].each do |pkg| package pkg do action :upgrade options platform_options['package_overrides'] end end # all recipes include default.rb, and some servers # may just be running a subset of agents (like l3_agent) # and not the api server components, so we add logic to # check whether current node is network node or not. If # not, we won't notify this service to restart. service 'neutron-server' do service_name platform_options['neutron_server_service'] supports status: true, restart: true action :nothing end # Nova interactions nova_endpoint = internal_endpoint 'compute-api' # TODO(MRV): Need to allow for this in common. # Neutron will append the admin_tenant_id for these nova interaction calls, # remove the tenant_id so we don't end up with two of them on the url. # Need to also allow for getting at nova endpoint version. # https://github.com/openstack/neutron/blob/master/neutron/common/config.py#L94 # https://github.com/openstack/neutron/blob/master/neutron/notifiers/nova.py#L44 nova_version = node['openstack']['network']['nova']['url_version'] nova_endpoint = uri_from_hash('scheme' => nova_endpoint.scheme.to_s, 'host' => nova_endpoint.host.to_s, 'port' => nova_endpoint.port.to_s, 'path' => nova_version) nova_admin_pass = get_password 'service', 'openstack-compute' if node['openstack']['network']['l3']['router_distributed'] == 'auto' if node['openstack']['network']['interface_driver'].split('.').last != 'OVSInterfaceDriver' node.set['openstack']['network']['l3']['router_distributed'] = 'false' Chef::Log.warn('OVSInterfaceDirver is not used as interface_driver, DVR is not supported without OVS') end end router_distributed = 'False' if ['auto', 'true', true].include?(node['openstack']['network']['l3']['router_distributed']) if recipe_included? 'openstack-network::server' router_distributed = 'True' else router_distributed = 'False' end end template '/etc/neutron/neutron.conf' do source 'neutron.conf.erb' owner node['openstack']['network']['platform']['user'] group node['openstack']['network']['platform']['group'] mode 00640 variables( bind_address: network_api_bind.host, bind_port: network_api_bind.port, rabbit_hosts: rabbit_hosts, mq_service_type: mq_service_type, mq_password: mq_password, core_plugin: core_plugin, auth_uri: auth_uri, identity_uri: identity_uri, identity_admin_endpoint: identity_admin_endpoint, service_pass: service_pass, sql_connection: sql_connection, nova_endpoint: nova_endpoint, nova_admin_pass: nova_admin_pass, router_distributed: router_distributed ) notifies :restart, 'service[neutron-server]', :delayed if role_match end directory "/etc/neutron/plugins/#{main_plugin}" do recursive true owner node['openstack']['network']['platform']['user'] group node['openstack']['network']['platform']['group'] mode 00700 end # For several plugins, the plugin configuration # is required by both the neutron-server and # ancillary services that may be on different # physical servers like the l3 agent, so we assume # the plugin configuration is a "common" file template_file = nil # Common template values (between ML2 and Openvswitch) tunnel_types = node['openstack']['network']['openvswitch']['tunnel_types'] l2_population = 'False' enable_distributed_routing = 'False' if ['auto', 'true', true].include?(node['openstack']['network']['l3']['router_distributed']) tunnel_types = 'gre, vxlan' l2_population = 'True' enable_distributed_routing = 'True' end case main_plugin when 'bigswitch' template_file = '/etc/neutron/plugins/bigswitch/restproxy.ini' template template_file do source 'plugins/bigswitch/restproxy.ini.erb' owner node['openstack']['network']['platform']['user'] group node['openstack']['network']['platform']['group'] mode 00644 notifies :restart, 'service[neutron-server]', :delayed if role_match end when 'brocade' template_file = '/etc/neutron/plugins/brocade/brocade.ini' template template_file do source 'plugins/brocade/brocade.ini.erb' owner node['openstack']['network']['platform']['user'] group node['openstack']['network']['platform']['group'] mode 00644 notifies :restart, 'service[neutron-server]', :delayed if role_match end when 'cisco' template_file = '/etc/neutron/plugins/cisco/cisco_plugins.ini' template template_file do source 'plugins/cisco/cisco_plugins.ini.erb' owner node['openstack']['network']['platform']['user'] group node['openstack']['network']['platform']['group'] mode 00644 notifies :restart, 'service[neutron-server]', :delayed if role_match end when 'hyperv' template_file = '/etc/neutron/plugins/hyperv/hyperv_neutron_plugin.ini.erb' template template_file do source 'plugins/hyperv/hyperv_neutron_plugin.ini.erb' owner node['openstack']['network']['platform']['user'] group node['openstack']['network']['platform']['group'] mode 00644 notifies :restart, 'service[neutron-server]', :delayed if role_match end when 'linuxbridge' linuxbridge_endpoint = endpoint 'network-linuxbridge' template_file = '/etc/neutron/plugins/linuxbridge/linuxbridge_conf.ini' template template_file do source 'plugins/linuxbridge/linuxbridge_conf.ini.erb' owner node['openstack']['network']['platform']['user'] group node['openstack']['network']['platform']['group'] mode 00644 variables( local_ip: linuxbridge_endpoint.host ) notifies :restart, 'service[neutron-server]', :delayed if role_match if node.run_list.expand(node.chef_environment).recipes.include?('openstack-network::linuxbridge') notifies :restart, 'service[neutron-plugin-linuxbridge-agent]', :delayed end end when 'metaplugin' template_file = '/etc/neutron/plugins/metaplugin/metaplugin.ini' template template_file do source 'plugins/metaplugin/metaplugin.ini.erb' owner node['openstack']['network']['platform']['user'] group node['openstack']['network']['platform']['group'] mode 00644 notifies :restart, 'service[neutron-server]', :delayed if role_match end when 'midonet' template_file = '/etc/neutron/plugins/midonet/midonet.ini' template template_file do source 'plugins/midonet/midonet.ini.erb' owner node['openstack']['network']['platform']['user'] group node['openstack']['network']['platform']['group'] mode 00644 notifies :restart, 'service[neutron-server]', :delayed if role_match end when 'ml2' openvswitch_endpoint = endpoint 'network-openvswitch' template_file = '/etc/neutron/plugins/ml2/ml2_conf.ini' mechanism_drivers = node['openstack']['network']['ml2']['mechanism_drivers'] if node['openstack']['network']['l3']['router_distributed'] == 'auto' mechanism_drivers = 'openvswitch,l2population' end template template_file do source 'plugins/ml2/ml2_conf.ini.erb' owner node['openstack']['network']['platform']['user'] group node['openstack']['network']['platform']['group'] mode 00644 variables( mechanism_drivers: mechanism_drivers, local_ip: openvswitch_endpoint.host, tunnel_types: tunnel_types, l2_population: l2_population, enable_distributed_routing: enable_distributed_routing ) notifies :restart, 'service[neutron-server]', :delayed if role_match if node['recipes'].include?('openstack-network::openvswitch') notifies :restart, 'service[neutron-plugin-openvswitch-agent]', :delayed end end when 'nec' template_file = '/etc/neutron/plugins/nec/nec.ini' template template_file do source 'plugins/nec/nec.ini.erb' owner node['openstack']['network']['platform']['user'] group node['openstack']['network']['platform']['group'] mode 00644 notifies :restart, 'service[neutron-server]', :delayed if role_match end when 'nicira' template_file = '/etc/neutron/plugins/nicira/nvp.ini' template template_file do source 'plugins/nicira/nvp.ini.erb' owner node['openstack']['network']['platform']['user'] group node['openstack']['network']['platform']['group'] mode 00644 notifies :restart, 'service[neutron-server]', :delayed if role_match end when 'openvswitch' openvswitch_endpoint = endpoint 'network-openvswitch' template_file = '/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini' template template_file do source 'plugins/openvswitch/ovs_neutron_plugin.ini.erb' owner node['openstack']['network']['platform']['user'] group node['openstack']['network']['platform']['group'] mode 00644 variables( local_ip: openvswitch_endpoint.host, tunnel_types: tunnel_types, l2_population: l2_population, enable_distributed_routing: enable_distributed_routing ) notifies :restart, 'service[neutron-server]', :delayed if role_match if node.run_list.expand(node.chef_environment).recipes.include?('openstack-network::openvswitch') notifies :restart, 'service[neutron-plugin-openvswitch-agent]', :delayed end end when 'plumgrid' template_file = '/etc/neutron/plugins/plumgrid/plumgrid.ini' template template_file do source 'plugins/plumgrid/plumgrid.ini.erb' owner node['openstack']['network']['platform']['user'] group node['openstack']['network']['platform']['group'] mode 00644 notifies :restart, 'service[neutron-server]', :delayed if role_match end when 'ryu' template_file = '/etc/neutron/plugins/ryu/ryu.ini' template template_file do source 'plugins/ryu/ryu.ini.erb' owner node['openstack']['network']['platform']['user'] group node['openstack']['network']['platform']['group'] mode 00644 notifies :restart, 'service[neutron-server]', :delayed if role_match end else Chef::Log.fatal("Main plugin #{main_plugin}is not supported") end link '/etc/neutron/plugin.ini' do to template_file owner node['openstack']['network']['platform']['user'] group node['openstack']['network']['platform']['group'] action :create only_if { platform_family? %w(fedora rhel) } end node.set['openstack']['network']['plugin_config_file'] = template_file template '/etc/default/neutron-server' do source 'neutron-server.erb' owner 'root' group 'root' mode 00644 variables( plugin_config: template_file ) only_if do node.run_list.expand(node.chef_environment).recipes.include?('openstack-network::server') platform_family?('debian') end end