diff --git a/deployment/puppet/openstack_tasks/manifests/openstack_network/agents/dhcp.pp b/deployment/puppet/openstack_tasks/manifests/openstack_network/agents/dhcp.pp index 22332c51ac..d1546edbb4 100644 --- a/deployment/puppet/openstack_tasks/manifests/openstack_network/agents/dhcp.pp +++ b/deployment/puppet/openstack_tasks/manifests/openstack_network/agents/dhcp.pp @@ -26,7 +26,6 @@ class openstack_tasks::openstack_network::agents::dhcp { resync_interval => $resync_interval, manage_service => true, enable_isolated_metadata => $isolated_metadata, - dhcp_delete_namespaces => true, enabled => true, } diff --git a/deployment/puppet/openstack_tasks/manifests/openstack_network/agents/l3.pp b/deployment/puppet/openstack_tasks/manifests/openstack_network/agents/l3.pp index 28cb37a31a..5c5e6f7f87 100644 --- a/deployment/puppet/openstack_tasks/manifests/openstack_network/agents/l3.pp +++ b/deployment/puppet/openstack_tasks/manifests/openstack_network/agents/l3.pp @@ -45,7 +45,6 @@ class openstack_tasks::openstack_network::agents::l3 { external_network_bridge => ' ', manage_service => true, enabled => true, - router_delete_namespaces => true, agent_mode => $agent_mode, } diff --git a/deployment/puppet/openstack_tasks/manifests/openstack_network/agents/metadata.pp b/deployment/puppet/openstack_tasks/manifests/openstack_network/agents/metadata.pp index 4385aa7cd3..a99c83a61d 100644 --- a/deployment/puppet/openstack_tasks/manifests/openstack_network/agents/metadata.pp +++ b/deployment/puppet/openstack_tasks/manifests/openstack_network/agents/metadata.pp @@ -21,34 +21,14 @@ class openstack_tasks::openstack_network::agents::metadata { if $use_neutron and ($controller or ($dvr and $compute)) { $debug = hiera('debug', true) $ha_agent = try_get_value($neutron_advanced_config, 'metadata_agent_ha', true) - - $auth_region = hiera('region', 'RegionOne') $service_endpoint = hiera('service_endpoint') $management_vip = hiera('management_vip') - $auth_api_version = 'v2.0' - $ssl_hash = hiera_hash('use_ssl', {}) - $admin_identity_protocol = get_ssl_property($ssl_hash, {}, 'keystone', 'admin', 'protocol', 'http') - $admin_identity_address = get_ssl_property($ssl_hash, {}, 'keystone', 'admin', 'hostname', [$service_endpoint, $management_vip]) - $admin_identity_uri = "${admin_identity_protocol}://${admin_identity_address}:35357" - $admin_auth_url = "${admin_identity_uri}/${auth_api_version}" - $neutron_config = hiera_hash('neutron_config') - - $keystone_user = try_get_value($neutron_config, 'keystone/admin_user', 'neutron') - $keystone_tenant = try_get_value($neutron_config, 'keystone/admin_tenant', 'services') - $neutron_user_password = try_get_value($neutron_config, 'keystone/admin_password') - $shared_secret = try_get_value($neutron_config, 'metadata/metadata_proxy_shared_secret') - $nova_endpoint = hiera('nova_endpoint', $management_vip) class { '::neutron::agents::metadata': debug => $debug, - auth_region => $auth_region, - auth_url => $admin_auth_url, - auth_user => $keystone_user, - auth_tenant => $keystone_tenant, - auth_password => $neutron_user_password, shared_secret => $shared_secret, metadata_ip => $nova_endpoint, manage_service => true, diff --git a/deployment/puppet/openstack_tasks/manifests/openstack_network/compute_nova.pp b/deployment/puppet/openstack_tasks/manifests/openstack_network/compute_nova.pp index b76c670858..6e85bef56d 100644 --- a/deployment/puppet/openstack_tasks/manifests/openstack_network/compute_nova.pp +++ b/deployment/puppet/openstack_tasks/manifests/openstack_network/compute_nova.pp @@ -27,11 +27,10 @@ class openstack_tasks::openstack_network::compute_nova { $admin_identity_address = get_ssl_property($ssl_hash, {}, 'keystone', 'admin', 'hostname', [$service_endpoint, $management_vip]) $neutron_internal_protocol = get_ssl_property($ssl_hash, {}, 'neutron', 'internal', 'protocol', 'http') - $neutron_endpoint = get_ssl_property($ssl_hash, {}, 'neutron', 'internal', 'hostname', [hiera('neutron_endpoint', ''), $management_vip]) + $neutron_internal_endpoint = get_ssl_property($ssl_hash, {}, 'neutron', 'internal', 'hostname', [hiera('neutron_endpoint', ''), $management_vip]) - $admin_identity_uri = "${admin_identity_protocol}://${admin_identity_address}:35357" - $admin_auth_url = "${admin_identity_uri}/${auth_api_version}" - $neutron_url = "${neutron_internal_protocol}://${neutron_endpoint}:9696" + $neutron_auth_url = "${admin_identity_protocol}://${admin_identity_address}:35357/${auth_api_version}" + $neutron_url = "${neutron_internal_protocol}://${neutron_internal_endpoint}:9696" $nova_migration_ip = get_network_role_property('nova/migration', 'ipaddr') @@ -78,13 +77,13 @@ class openstack_tasks::openstack_network::compute_nova { } class { '::nova::network::neutron' : - neutron_admin_password => $admin_password, - neutron_admin_tenant_name => $admin_tenant_name, - neutron_region_name => $region_name, - neutron_admin_username => $admin_username, - neutron_admin_auth_url => $admin_auth_url, - neutron_url => $neutron_url, - neutron_ovs_bridge => $neutron_integration_bridge, + neutron_password => $admin_password, + neutron_project_name => $admin_tenant_name, + neutron_region_name => $region_name, + neutron_username => $admin_username, + neutron_auth_url => $neutron_auth_url, + neutron_url => $neutron_url, + neutron_ovs_bridge => $neutron_integration_bridge, } augeas { 'sysctl-net.bridge.bridge-nf-call-arptables': diff --git a/deployment/puppet/openstack_tasks/manifests/openstack_network/server_config.pp b/deployment/puppet/openstack_tasks/manifests/openstack_network/server_config.pp index e8b289644c..681528d245 100644 --- a/deployment/puppet/openstack_tasks/manifests/openstack_network/server_config.pp +++ b/deployment/puppet/openstack_tasks/manifests/openstack_network/server_config.pp @@ -63,10 +63,10 @@ class openstack_tasks::openstack_network::server_config { $ml2_sriov_value = 'rm DAEMON_ARGS' } - $auth_password = $neutron_config['keystone']['admin_password'] - $auth_user = pick($neutron_config['keystone']['admin_user'], 'neutron') - $auth_tenant = pick($neutron_config['keystone']['admin_tenant'], 'services') - $auth_region = hiera('region', 'RegionOne') + $password = $neutron_config['keystone']['admin_password'] + $username = pick($neutron_config['keystone']['admin_user'], 'neutron') + $project_name = pick($neutron_config['keystone']['admin_tenant'], 'services') + $region_name = hiera('region', 'RegionOne') $auth_endpoint_type = 'internalURL' $ssl_hash = hiera_hash('use_ssl', {}) @@ -81,7 +81,8 @@ class openstack_tasks::openstack_network::server_config { $nova_internal_endpoint = get_ssl_property($ssl_hash, {}, 'nova', 'internal', 'hostname', [$nova_endpoint]) $auth_api_version = 'v2.0' - $identity_uri = "${internal_auth_protocol}://${internal_auth_endpoint}:5000/" + $auth_uri = "${internal_auth_protocol}://${internal_auth_endpoint}:5000/" + $auth_url = "${internal_auth_protocol}://${internal_auth_endpoint}:35357/" $nova_admin_auth_url = "${admin_auth_protocol}://${admin_auth_endpoint}:35357/" $nova_url = "${nova_internal_protocol}://${nova_internal_endpoint}:8774/v2" @@ -202,12 +203,12 @@ class openstack_tasks::openstack_network::server_config { class { '::neutron::server': sync_db => $primary_controller, - auth_password => $auth_password, - auth_tenant => $auth_tenant, - auth_region => $auth_region, - auth_user => $auth_user, - identity_uri => $identity_uri, - auth_uri => $identity_uri, + username => $username, + password => $password, + project_name => $project_name, + region_name => $region_name, + auth_url => $auth_url, + auth_uri => $auth_uri, database_retry_interval => '2', database_connection => $db_connection, @@ -237,12 +238,12 @@ class openstack_tasks::openstack_network::server_config { } class { '::neutron::server::notifications': - nova_url => $nova_url, - auth_url => $nova_admin_auth_url, - username => $nova_auth_user, - tenant_name => $nova_auth_tenant, - password => $nova_auth_password, - region_name => $auth_region, + nova_url => $nova_url, + auth_url => $nova_admin_auth_url, + username => $nova_auth_user, + project_name => $nova_auth_tenant, + password => $nova_auth_password, + region_name => $region_name, } # Stub for Nuetron package diff --git a/deployment/puppet/openstack_tasks/manifests/openstack_network/server_nova.pp b/deployment/puppet/openstack_tasks/manifests/openstack_network/server_nova.pp index 879241cc58..328ecca969 100644 --- a/deployment/puppet/openstack_tasks/manifests/openstack_network/server_nova.pp +++ b/deployment/puppet/openstack_tasks/manifests/openstack_network/server_nova.pp @@ -22,21 +22,20 @@ class openstack_tasks::openstack_network::server_nova { $neutron_internal_protocol = get_ssl_property($ssl_hash, {}, 'neutron', 'internal', 'protocol', 'http') $neutron_internal_endpoint = get_ssl_property($ssl_hash, {}, 'neutron', 'internal', 'hostname', [$neutron_endpoint]) - $admin_identity_uri = "${admin_auth_protocol}://${admin_auth_endpoint}:35357" - $admin_auth_url = "${admin_identity_uri}/${auth_api_version}" + $neutron_auth_url = "${admin_auth_protocol}://${admin_auth_endpoint}:35357/${auth_api_version}" $neutron_url = "${neutron_internal_protocol}://${neutron_internal_endpoint}:9696" $neutron_ovs_bridge = 'br-int' $conf_nova = pick($neutron_config['conf_nova'], true) $floating_net = pick($neutron_config['default_floating_net'], 'net04_ext') class { '::nova::network::neutron' : - neutron_admin_password => $admin_password, - neutron_admin_tenant_name => $admin_tenant_name, - neutron_region_name => $region_name, - neutron_admin_username => $admin_username, - neutron_admin_auth_url => $admin_auth_url, - neutron_url => $neutron_url, - neutron_ovs_bridge => $neutron_ovs_bridge, + neutron_password => $admin_password, + neutron_project_name => $admin_tenant_name, + neutron_region_name => $region_name, + neutron_username => $admin_username, + neutron_auth_url => $neutron_auth_url, + neutron_url => $neutron_url, + neutron_ovs_bridge => $neutron_ovs_bridge, } if $conf_nova { diff --git a/tests/noop/spec/hosts/openstack-network/agents/dhcp_spec.rb b/tests/noop/spec/hosts/openstack-network/agents/dhcp_spec.rb index 464e9c0541..78bd5cd313 100644 --- a/tests/noop/spec/hosts/openstack-network/agents/dhcp_spec.rb +++ b/tests/noop/spec/hosts/openstack-network/agents/dhcp_spec.rb @@ -50,9 +50,6 @@ describe manifest do it { should contain_class('neutron::agents::dhcp').with( 'manage_service' => true )} - it { should contain_class('neutron::agents::dhcp').with( - 'dhcp_delete_namespaces' => true - )} it { should contain_class('neutron::agents::dhcp').with( 'resync_interval' => 30 )} diff --git a/tests/noop/spec/hosts/openstack-network/agents/l3_spec.rb b/tests/noop/spec/hosts/openstack-network/agents/l3_spec.rb index 70d5f32f41..d87b090dd2 100644 --- a/tests/noop/spec/hosts/openstack-network/agents/l3_spec.rb +++ b/tests/noop/spec/hosts/openstack-network/agents/l3_spec.rb @@ -93,9 +93,6 @@ describe manifest do it { should contain_class('neutron::agents::l3').with( 'external_network_bridge' => ' ' # should be present and empty )} - it { should contain_class('neutron::agents::l3').with( - 'router_delete_namespaces' => true - )} it { should_not contain_cluster__neutron__l3('default-l3') } else it { should_not contain_class('neutron::agents::l3') } @@ -149,9 +146,6 @@ describe manifest do it { should contain_class('neutron::agents::l3').with( 'external_network_bridge' => ' ' # should be present and empty )} - it { should contain_class('neutron::agents::l3').with( - 'router_delete_namespaces' => true - )} if ha_agent it { should contain_cluster__neutron__l3('default-l3').with( @@ -166,4 +160,3 @@ describe manifest do end test_ubuntu_and_centos manifest end - diff --git a/tests/noop/spec/hosts/openstack-network/agents/metadata_spec.rb b/tests/noop/spec/hosts/openstack-network/agents/metadata_spec.rb index b112fed4c8..6b3ad8bc20 100644 --- a/tests/noop/spec/hosts/openstack-network/agents/metadata_spec.rb +++ b/tests/noop/spec/hosts/openstack-network/agents/metadata_spec.rb @@ -47,22 +47,10 @@ describe manifest do isolated_metadata = neutron_config.fetch('metadata',{}).fetch('isolated_metadata', true) ha_agent = na_config.fetch('dhcp_agent_ha', true) - ks = neutron_config.fetch('keystone',{}) - ks_user = ks.fetch('admin_user', 'neutron') - ks_tenant = ks.fetch('admin_tenant', 'services') - ks_password = ks.fetch('admin_password') - secret = neutron_config.fetch('metadata',{}).fetch('metadata_proxy_shared_secret') management_vip = Noop.hiera('management_vip') nova_endpoint = Noop.hiera('nova_endpoint', management_vip) - auth_region = Noop.hiera('region', 'RegionOne') - service_endpoint = Noop.hiera('service_endpoint') - auth_api_version = 'v2.0' - let(:ssl_hash) { Noop.hiera_hash 'use_ssl', {} } - let(:admin_auth_protocol) { Noop.puppet_function 'get_ssl_property',ssl_hash,{},'keystone', 'admin','protocol','http' } - let(:admin_auth_address) { Noop.puppet_function 'get_ssl_property',ssl_hash,{},'keystone','admin', 'hostname', [Noop.hiera('service_endpoint', Noop.hiera('management_vip'))]} - let(:admin_auth_url) { "#{admin_auth_protocol}://#{admin_auth_address}:35357/#{auth_api_version}" } if neutron_compute_roles.include?(Noop.hiera('role')) context 'neutron-metadata-agent on compute' do @@ -88,21 +76,6 @@ describe manifest do it { should contain_class('neutron::agents::metadata').with( 'shared_secret' => secret )} - it { should contain_class('neutron::agents::metadata').with( - 'auth_region' => auth_region - )} - it { should contain_class('neutron::agents::metadata').with( - 'auth_url' => admin_auth_url - )} - it { should contain_class('neutron::agents::metadata').with( - 'auth_user' => ks_user - )} - it { should contain_class('neutron::agents::metadata').with( - 'auth_tenant' => ks_tenant - )} - it { should contain_class('neutron::agents::metadata').with( - 'auth_password' => ks_password - )} it 'neutron metadata agent config should be modified by override_resources' do is_expected.to contain_override_resources('neutron_metadata_agent_config').with(:data => neutron_metadata_agent_config_override_resources) end @@ -151,22 +124,6 @@ describe manifest do it { should contain_class('neutron::agents::metadata').with( 'shared_secret' => secret )} - it { should contain_class('neutron::agents::metadata').with( - 'auth_region' => auth_region - )} - it { should contain_class('neutron::agents::metadata').with( - 'auth_url' => admin_auth_url - )} - it { should contain_class('neutron::agents::metadata').with( - 'auth_user' => ks_user - )} - it { should contain_class('neutron::agents::metadata').with( - 'auth_tenant' => ks_tenant - )} - it { should contain_class('neutron::agents::metadata').with( - 'auth_password' => ks_password - )} - if ha_agent it { should contain_class('cluster::neutron::metadata').with( 'primary' => (node_role == 'primary-controller') diff --git a/tests/noop/spec/hosts/openstack-network/compute-nova_spec.rb b/tests/noop/spec/hosts/openstack-network/compute-nova_spec.rb index 74cf6c2b46..d28fd38f6e 100644 --- a/tests/noop/spec/hosts/openstack-network/compute-nova_spec.rb +++ b/tests/noop/spec/hosts/openstack-network/compute-nova_spec.rb @@ -98,9 +98,8 @@ describe manifest do admin_username = ks.fetch('admin_user', 'neutron') region_name = Noop.hiera('region', 'RegionOne') auth_api_version = 'v3' - admin_identity_uri = "http://#{service_endpoint}:35357" - admin_auth_url = "#{admin_identity_uri}/#{auth_api_version}" - neutron_url = "http://#{neutron_endpoint}:9696" + neutron_auth_url = "http://#{service_endpoint}:35357/#{auth_api_version}" + neutron_url = "http://#{neutron_endpoint}:9696" it { expect(subject).to contain_service('libvirt').with( :ensure => 'running', @@ -148,22 +147,22 @@ describe manifest do it { expect(subject).to contain_nova_config('DEFAULT/linuxnet_ovs_integration_bridge') } # it { expect(subject).to contain_class('nova::network::neutron').with( - :neutron_admin_password => admin_password, - :neutron_admin_tenant_name => admin_tenant_name, + :neutron_password => admin_password, + :neutron_project_name => admin_tenant_name, :neutron_region_name => region_name, - :neutron_admin_username => admin_username, + :neutron_username => admin_username, :neutron_ovs_bridge => neutron_integration_bridge, )} if Noop.hiera_structure('use_ssl', false) admin_identity_address = Noop.hiera_structure('use_ssl/keystone_admin_hostname') neutron_internal_address = Noop.hiera_structure('use_ssl/neutron_internal_hostname') it { expect(subject).to contain_class('nova::network::neutron').with( - :neutron_admin_auth_url => "https://#{admin_identity_address}:35357/v3", + :neutron_auth_url => "https://#{admin_identity_address}:35357/v3", :neutron_url => "https://#{neutron_internal_address}:9696", )} else it { expect(subject).to contain_class('nova::network::neutron').with( - :neutron_admin_auth_url => admin_auth_url, + :neutron_auth_url => neutron_auth_url, :neutron_url => neutron_url, )} end diff --git a/tests/noop/spec/hosts/openstack-network/server-config_spec.rb b/tests/noop/spec/hosts/openstack-network/server-config_spec.rb index 1c97fc2149..5bdca7d41c 100644 --- a/tests/noop/spec/hosts/openstack-network/server-config_spec.rb +++ b/tests/noop/spec/hosts/openstack-network/server-config_spec.rb @@ -131,15 +131,16 @@ describe manifest do internal_auth_endpoint = Noop.hiera_structure('use_ssl/keystone_internal_hostname') it 'should have correct auth options' do - identity_uri = "#{internal_auth_protocol}://#{internal_auth_endpoint}:5000/" + auth_url = "#{internal_auth_protocol}://#{internal_auth_endpoint}:35357/" + auth_uri = "#{internal_auth_protocol}://#{internal_auth_endpoint}:5000/" ks = neutron_config['keystone'] should contain_class('neutron::server').with( - 'auth_password' => ks.fetch('admin_password'), - 'auth_tenant' => ks.fetch('admin_tenant', 'services'), - 'auth_region' => Noop.hiera('region', 'RegionOne'), - 'auth_user' => ks.fetch('admin_user', 'neutron'), - 'identity_uri' => identity_uri, - 'auth_uri' => identity_uri, + 'password' => ks.fetch('admin_password'), + 'project_name' => ks.fetch('admin_tenant', 'services'), + 'region_name' => Noop.hiera('region', 'RegionOne'), + 'username' => ks.fetch('admin_user', 'neutron'), + 'auth_url' => auth_url, + 'auth_uri' => auth_uri, ) end @@ -152,27 +153,28 @@ describe manifest do nova_url = "#{nova_auth_protocol}://#{internal_nova_endpoint}:8774/v2" nova_hash = Noop.hiera_hash('nova', {}) should contain_class('neutron::server::notifications').with( - 'nova_url' => nova_url, - 'auth_url' => nova_admin_auth_url, - 'region_name' => Noop.hiera('region', 'RegionOne'), - 'username' => nova_hash.fetch('user', 'nova'), - 'tenant_name' => nova_hash.fetch('tenant', 'services'), - 'password' => nova_hash.fetch('user_password'), + 'nova_url' => nova_url, + 'auth_url' => nova_admin_auth_url, + 'region_name' => Noop.hiera('region', 'RegionOne'), + 'username' => nova_hash.fetch('user', 'nova'), + 'project_name' => nova_hash.fetch('tenant', 'services'), + 'password' => nova_hash.fetch('user_password'), ) end end else context 'without overridden TLS for internal endpoints' do it 'should have correct auth options' do - identity_uri = "http://#{service_endpoint}:5000/" + auth_url = "http://#{service_endpoint}:35357/" + auth_uri = "http://#{service_endpoint}:5000/" ks = neutron_config['keystone'] should contain_class('neutron::server').with( - 'auth_password' => ks.fetch('admin_password'), - 'auth_tenant' => ks.fetch('admin_tenant', 'services'), - 'auth_region' => Noop.hiera('region', 'RegionOne'), - 'auth_user' => ks.fetch('admin_user', 'neutron'), - 'identity_uri' => identity_uri, - 'auth_uri' => identity_uri, + 'password' => ks.fetch('admin_password'), + 'project_name' => ks.fetch('admin_tenant', 'services'), + 'region_name' => Noop.hiera('region', 'RegionOne'), + 'username' => ks.fetch('admin_user', 'neutron'), + 'auth_url' => auth_url, + 'auth_uri' => auth_uri, ) end @@ -182,12 +184,12 @@ describe manifest do nova_url = "http://#{nova_endpoint}:8774/v2" nova_hash = Noop.hiera_hash('nova', {}) should contain_class('neutron::server::notifications').with( - 'nova_url' => nova_url, - 'auth_url' => nova_admin_auth_url, - 'region_name' => Noop.hiera('region', 'RegionOne'), - 'username' => nova_hash.fetch('user', 'nova'), - 'tenant_name' => nova_hash.fetch('tenant', 'services'), - 'password' => nova_hash.fetch('user_password'), + 'nova_url' => nova_url, + 'auth_url' => nova_admin_auth_url, + 'region_name' => Noop.hiera('region', 'RegionOne'), + 'username' => nova_hash.fetch('user', 'nova'), + 'project_name' => nova_hash.fetch('tenant', 'services'), + 'password' => nova_hash.fetch('user_password'), ) end end diff --git a/tests/noop/spec/hosts/openstack-network/server-nova_spec.rb b/tests/noop/spec/hosts/openstack-network/server-nova_spec.rb index 5601d02731..2d3773acb7 100644 --- a/tests/noop/spec/hosts/openstack-network/server-nova_spec.rb +++ b/tests/noop/spec/hosts/openstack-network/server-nova_spec.rb @@ -38,16 +38,16 @@ describe manifest do 'value' => floating_net ).that_notifies('Service[nova-api]')} it { should contain_class('nova::network::neutron').with( - 'neutron_admin_password' => admin_password + 'neutron_password' => admin_password )} it { should contain_class('nova::network::neutron').with( - 'neutron_admin_tenant_name' => admin_tenant_name + 'neutron_project_name' => admin_tenant_name )} it { should contain_class('nova::network::neutron').with( 'neutron_region_name' => region_name )} it { should contain_class('nova::network::neutron').with( - 'neutron_admin_username' => admin_username + 'neutron_username' => admin_username )} it { should contain_class('nova::network::neutron').with( 'neutron_ovs_bridge' => 'br-int' @@ -58,7 +58,7 @@ describe manifest do admin_auth_protocol = 'https' admin_auth_endpoint = Noop.hiera_structure('use_ssl/keystone_admin_hostname') it { should contain_class('nova::network::neutron').with( - 'neutron_admin_auth_url' => "#{admin_auth_protocol}://#{admin_auth_endpoint}:35357/#{auth_api_version}" + 'neutron_auth_url' => "#{admin_auth_protocol}://#{admin_auth_endpoint}:35357/#{auth_api_version}" )} neutron_internal_protocol = 'https' @@ -70,7 +70,7 @@ describe manifest do else context 'without overridden TLS' do it { should contain_class('nova::network::neutron').with( - 'neutron_admin_auth_url' => admin_auth_url + 'neutron_auth_url' => admin_auth_url )} it { should contain_class('nova::network::neutron').with( 'neutron_url' => neutron_url @@ -157,4 +157,3 @@ describe manifest do end test_ubuntu_and_centos manifest end -