Remove deprecated parameters

Change-Id: I7f093413d2c2b258b25508419a0ab58a85f8778f Closes-Bug: #1390099
2016-06-30 18:02:19 +03:00 · 2016-06-30 18:02:19 +03:00 · eb0ae0e597
parent bc75c4d457
commit eb0ae0e597
32 changed files with 150 additions and 179 deletions
--- a/deployment/puppet/haproxy/manifests/balancermember.pp
+++ b/deployment/puppet/haproxy/manifests/balancermember.pp
@ -95,7 +95,6 @@ define haproxy::balancermember (
  $ports          = undef,
  $server_names   = $::hostname,
  $ipaddresses    = $::ipaddress,
  $ensure         = 'present',
  $order          = '20',
  $options        = '',
  $define_cookies = false,
@ -105,7 +104,6 @@ define haproxy::balancermember (
  # Template uses $ipaddresses, $server_name, $ports, $option
  concat::fragment { "${listening_service}_balancermember_${name}":
    ensure  => $ensure,
    order   => $use_include ? {
      true  => "01-${name}",
      false => "${order}-${listening_service}-01-${name}",
--- a/deployment/puppet/haproxy/spec/defines/balancermember_spec.rb
+++ b/deployment/puppet/haproxy/spec/defines/balancermember_spec.rb
@ -35,14 +35,12 @@ describe 'haproxy::balancermember' do
        :name              => 'tyler',
        :listening_service => 'croy',
        :ports             => '18140',
        :ensure            => 'absent'
      }
    end
    it { should contain_concat__fragment('croy_balancermember_tyler').with(
      'order'   => '20-croy-01-tyler',
      'target'  => '/etc/haproxy/haproxy.cfg',
      'ensure'  => 'absent',
      'content' => "  server dero 1.1.1.1:18140  \n"
    ) }
  end
--- a/deployment/puppet/l23network/manifests/l2/port.pp
+++ b/deployment/puppet/l23network/manifests/l2/port.pp
@ -130,12 +130,16 @@ define l23network::l2::port (
    }
    # Merge offloading data with rings rx/tx
-    $netrings_maximums = try_get_value($::netrings, "${port_name}/maximums")
+    if is_hash($::netrings) {
      $netrings_maximums = dig($::netrings, [$port_name, 'maximums'])
      if $netrings_maximums {
        $ethtool_opts = deep_merge({ 'rings' => $netrings_maximums }, $ethtool)
      } else {
        $ethtool_opts = $ethtool
      }
    } else {
      $ethtool_opts = $ethtool
    }
    L23_stored_config <| title == $port_name |> {
      ensure          => $ensure,
--- a/deployment/puppet/openstack/lib/puppet/parser/functions/prepare_firewall_rules.rb
+++ b/deployment/puppet/openstack/lib/puppet/parser/functions/prepare_firewall_rules.rb
@ -41,7 +41,7 @@ prepare_firewall_rules(['10.20.0.0/24','10.20.0.1']','020 ssh', 'accept',
      # Add params only if nonempty
      fw_rules[name]['action'] = action unless [nil, ''].include?(action)
      fw_rules[name]['chain'] = chain unless [nil, ''].include?(chain)
-      fw_rules[name]['port'] = port unless [nil, ''].include?(port)
+      fw_rules[name]['dport'] = port unless [nil, ''].include?(port)
      fw_rules[name]['proto'] = proto unless [nil, ''].include?(proto)
      fw_rules[name]['source'] = source_net
    end
--- a/deployment/puppet/openstack/spec/defines/firewall_multi_net_spec.rb
+++ b/deployment/puppet/openstack/spec/defines/firewall_multi_net_spec.rb
@ -18,7 +18,7 @@ describe 'openstack::firewall::multi_net' do
    it 'contains ssh firewall rule' do
      should contain_firewall("020 ssh from 10.20.0.0/24").with(
        :action    => 'accept',
-        :port      => '22',
+        :dport      => '22',
        :proto     => 'tcp',
        :source    => '10.20.0.0/24',
      )
--- a/deployment/puppet/openstack/spec/functions/prepare_firewall_rules__spec.rb
+++ b/deployment/puppet/openstack/spec/functions/prepare_firewall_rules__spec.rb
@ -53,11 +53,11 @@ describe 'function to prepare hash of firewall rules for multiple networks' do
    it 'should be able to prepare an ssh rule' do
      result = {
        '020 ssh from 10.0.0.0/24' => {'action' => 'accept',
-                                      'port'   => '22',
+                                      'dport'   => '22',
                                      'proto'  => 'tcp',
                                      'source' => '10.0.0.0/24'},
        '020 ssh from 10.0.1.0/24' => {'action' => 'accept',
-                                      'port'   => '22',
+                                      'dport'   => '22',
                                      'proto'  => 'tcp',
                                      'source' => '10.0.1.0/24'},
      }
--- a/deployment/puppet/openstack_tasks/manifests/aodh/aodh.pp
+++ b/deployment/puppet/openstack_tasks/manifests/aodh/aodh.pp
@ -28,7 +28,6 @@ class openstack_tasks::aodh::aodh {
  $tenant               = pick($aodh_hash['tenant'], 'services')
  $debug   = pick($aodh_hash['debug'], hiera('debug', false))
  $verbose = pick($aodh_hash['verbose'], hiera('verbose', true))
  $database_vip = hiera('database_vip')
@ -97,7 +96,6 @@ class openstack_tasks::aodh::aodh {
  class { '::aodh':
    debug                      => $debug,
    verbose                    => $verbose,
    notification_topics        => $notification_topics,
    rpc_backend                => $rpc_backend,
    rabbit_userid              => $rabbit_userid,
--- a/deployment/puppet/openstack_tasks/manifests/ceilometer/compute.pp
+++ b/deployment/puppet/openstack_tasks/manifests/ceilometer/compute.pp
@ -17,7 +17,6 @@ class openstack_tasks::ceilometer::compute {
    'http_timeout'               => '600',
    'event_time_to_live'         => '604800',
    'metering_time_to_live'      => '604800',
    'alarm_history_time_to_live' => '604800',
  }
  $region                     = hiera('region', 'RegionOne')
@ -28,7 +27,6 @@ class openstack_tasks::ceilometer::compute {
  $amqp_user                  = $rabbit_hash['user']
  $kombu_compression          = hiera('kombu_compression', $::os_service_default)
  $ceilometer_metering_secret = $ceilometer_hash['metering_secret']
  $verbose                    = pick($ceilometer_hash['verbose'], hiera('verbose', true))
  $debug                      = pick($ceilometer_hash['debug'], hiera('debug', false))
  $ssl_hash                   = hiera_hash('use_ssl', {})
@ -62,12 +60,10 @@ class openstack_tasks::ceilometer::compute {
      http_timeout                       => $ceilometer_hash['http_timeout'],
      event_time_to_live                 => $ceilometer_hash['event_time_to_live'],
      metering_time_to_live              => $ceilometer_hash['metering_time_to_live'],
      alarm_history_time_to_live         => $ceilometer_hash['alarm_history_time_to_live'],
      rabbit_hosts                       => split(hiera('amqp_hosts',''), ','),
      rabbit_userid                      => $amqp_user,
      rabbit_password                    => $amqp_password,
      metering_secret                    => $ceilometer_metering_secret,
      verbose                            => $verbose,
      debug                              => $debug,
      use_syslog                         => $use_syslog,
      use_stderr                         => $use_stderr,
--- a/deployment/puppet/openstack_tasks/manifests/ceilometer/controller.pp
+++ b/deployment/puppet/openstack_tasks/manifests/ceilometer/controller.pp
@ -10,11 +10,9 @@ class openstack_tasks::ceilometer::controller {
    'http_timeout'               => '600',
    'event_time_to_live'         => '604800',
    'metering_time_to_live'      => '604800',
    'alarm_history_time_to_live' => '604800',
  }
  $ceilometer_hash          = hiera_hash('ceilometer', $default_ceilometer_hash)
  $verbose                  = pick($ceilometer_hash['verbose'], hiera('verbose', true))
  $debug                    = pick($ceilometer_hash['debug'], hiera('debug', false))
  $use_syslog               = hiera('use_syslog', true)
  $use_stderr               = hiera('use_stderr', false)
@ -141,12 +139,10 @@ class openstack_tasks::ceilometer::controller {
      http_timeout                       => $ceilometer_hash['http_timeout'],
      event_time_to_live                 => $ceilometer_hash['event_time_to_live'],
      metering_time_to_live              => $ceilometer_hash['metering_time_to_live'],
      alarm_history_time_to_live         => $ceilometer_hash['alarm_history_time_to_live'],
      rabbit_hosts                       => split(hiera('amqp_hosts',''), ','),
      rabbit_userid                      => $amqp_user,
      rabbit_password                    => $amqp_password,
      metering_secret                    => $ceilometer_metering_secret,
      verbose                            => $verbose,
      debug                              => $debug,
      use_syslog                         => $use_syslog,
      use_stderr                         => $use_stderr,
--- a/deployment/puppet/openstack_tasks/manifests/glance/glance.pp
+++ b/deployment/puppet/openstack_tasks/manifests/glance/glance.pp
@ -8,7 +8,6 @@ class openstack_tasks::glance::glance {
  $glance_hash           = hiera_hash('glance', {})
  $glance_glare_hash     = hiera_hash('glance_glare', {})
  $verbose               = pick($glance_hash['verbose'], hiera('verbose', true))
  $debug                 = pick($glance_hash['debug'], hiera('debug', false))
  $management_vip        = hiera('management_vip')
  $database_vip          = hiera('database_vip')
@ -145,7 +144,6 @@ class openstack_tasks::glance::glance {
  # Install and configure glance-api
  class { '::glance::api':
    verbose                => $verbose,
    debug                  => $debug,
    bind_host              => $api_bind_host,
    auth_type              => 'keystone',
@ -167,7 +165,7 @@ class openstack_tasks::glance::glance {
    database_max_overflow  => $max_overflow,
    show_image_direct_url  => $show_image_direct_url,
    pipeline               => $pipeline,
-    known_stores           => $known_stores,
+    stores                 => $known_stores,
    os_region_name         => $region,
    delayed_delete         => false,
    scrub_time             => '43200',
@ -191,7 +189,6 @@ class openstack_tasks::glance::glance {
    use_syslog             => $use_syslog,
    use_stderr             => $use_stderr,
    log_facility           => $syslog_log_facility,
    verbose                => $verbose,
    debug                  => $debug,
    default_log_levels     => hiera('default_log_levels'),
  }
@ -232,7 +229,6 @@ class openstack_tasks::glance::glance {
  # Install and configure glance-registry
  class { '::glance::registry':
    verbose                => $verbose,
    debug                  => $debug,
    bind_host              => $api_bind_host,
    auth_uri               => $auth_uri,
--- a/deployment/puppet/openstack_tasks/manifests/horizon/horizon.pp
+++ b/deployment/puppet/openstack_tasks/manifests/horizon/horizon.pp
@ -36,12 +36,12 @@ class openstack_tasks::horizon::horizon {
  # of the MOS package set. This should be contributed upstream and then we can
  # use this as the default.
  #if !$::os_package_type or $::os_package_type == 'debian' {
-  #  $cache_backend = try_get_value($horizon_hash, 'cache_backend', 'horizon.backends.memcached.HorizonMemcached')
+  #  $cache_backend = dig($horizon_hash, ['cache_backend'], 'horizon.backends.memcached.HorizonMemcached')
  #} else {
-  #  $cache_backend = try_get_value($horizon_hash, 'cache_backend', 'django.core.cache.backends.memcached.MemcachedCache')
+  #  $cache_backend = dig($horizon_hash, ['cache_backend'], 'django.core.cache.backends.memcached.MemcachedCache')
  #}
  # Don't use custom backend until its code lands to MOS 9.0.
-  $cache_backend = try_get_value($horizon_hash, 'cache_backend', 'django.core.cache.backends.memcached.MemcachedCache')
+  $cache_backend = dig($horizon_hash, ['cache_backend'], 'django.core.cache.backends.memcached.MemcachedCache')
  #Changing from internal addressing to public should resolve any security concerns about exposing 'internal' to public facing login.
  #However, this should eventually be removed altogether from Horizon.
--- a/deployment/puppet/openstack_tasks/manifests/keystone/keystone.pp
+++ b/deployment/puppet/openstack_tasks/manifests/keystone/keystone.pp
@ -13,7 +13,6 @@ class openstack_tasks::keystone::keystone {
  prepare_network_config($network_scheme)
  $keystone_hash         = hiera_hash('keystone', {})
  $verbose               = pick($keystone_hash['verbose'], hiera('verbose', true))
  $debug                 = pick($keystone_hash['debug'], hiera('debug', false))
  $use_syslog            = hiera('use_syslog', true)
  $use_stderr            = hiera('use_stderr', false)
@ -296,7 +295,6 @@ class openstack_tasks::keystone::keystone {
  if $enabled {
    class { '::keystone':
      enable_bootstrap             => true,
      verbose                      => $verbose,
      debug                        => $debug,
      catalog_type                 => 'sql',
      admin_token                  => $admin_token,
--- a/deployment/puppet/openstack_tasks/manifests/openstack_cinder/openstack_cinder.pp
+++ b/deployment/puppet/openstack_tasks/manifests/openstack_cinder/openstack_cinder.pp
@ -104,7 +104,6 @@ class openstack_tasks::openstack_cinder::openstack_cinder {
  $iscsi_bind_host = get_network_role_property('cinder/iscsi', 'ipaddr')
  $use_syslog      = hiera('use_syslog', true)
  $use_stderr      = hiera('use_stderr', false)
  $verbose         = pick($cinder_hash['verbose'], hiera('verbose', true))
  $debug           = pick($cinder_hash['debug'], hiera('debug', true))
  ######### Cinder Controller Services ########
@ -145,7 +144,6 @@ class openstack_tasks::openstack_cinder::openstack_cinder {
    rabbit_userid            => $rabbit_hash['user'],
    rabbit_password          => $rabbit_hash['password'],
    database_connection      => $db_connection,
    verbose                  => $verbose,
    use_syslog               => $use_syslog,
    use_stderr               => $use_stderr,
    log_facility             => hiera('syslog_log_facility_cinder', 'LOG_LOCAL3'),
--- a/deployment/puppet/openstack_tasks/manifests/openstack_network/agents/dhcp.pp
+++ b/deployment/puppet/openstack_tasks/manifests/openstack_network/agents/dhcp.pp
@ -10,10 +10,11 @@ class openstack_tasks::openstack_network::agents::dhcp {
  $debug                   = hiera('debug', true)
  $resync_interval         = '30'
-  $isolated_metadata       = try_get_value($neutron_config, 'metadata/isolated_metadata', true)
+  $neutron_config          = hiera_hash('neutron_config')
  $isolated_metadata       = dig($neutron_config, ['metadata', 'isolated_metadata'], true)
  $neutron_advanced_config = hiera_hash('neutron_advanced_configuration', { })
-  $ha_agent                = try_get_value($neutron_advanced_config, 'dhcp_agent_ha', true)
+  $ha_agent                = dig($neutron_advanced_config, ['dhcp_agent_ha'], true)
  class { '::neutron::agents::dhcp':
    debug                    => $debug,
--- a/deployment/puppet/openstack_tasks/manifests/openstack_network/agents/l3.pp
+++ b/deployment/puppet/openstack_tasks/manifests/openstack_network/agents/l3.pp
@ -36,7 +36,7 @@ class openstack_tasks::openstack_network::agents::l3 {
    prepare_network_config($network_scheme)
-    $ha_agent                = try_get_value($neutron_advanced_config, 'l3_agent_ha', true)
+    $ha_agent                = dig($neutron_advanced_config, ['l3_agent_ha'], true)
    class { '::neutron::agents::l3':
      debug                   => $debug,
--- a/deployment/puppet/openstack_tasks/manifests/openstack_network/agents/metadata.pp
+++ b/deployment/puppet/openstack_tasks/manifests/openstack_network/agents/metadata.pp
@ -29,10 +29,10 @@ class openstack_tasks::openstack_network::agents::metadata {
  if $controller or ($dvr and $compute) {
    $debug                  = hiera('debug', true)
-    $ha_agent               = try_get_value($neutron_advanced_config, 'metadata_agent_ha', true)
+    $ha_agent               = dig($neutron_advanced_config, ['metadata_agent_ha'], true)
    $service_endpoint       = hiera('service_endpoint')
    $management_vip         = hiera('management_vip')
-    $shared_secret          = try_get_value($neutron_config, 'metadata/metadata_proxy_shared_secret')
+    $shared_secret          = dig($neutron_config, ['metadata', 'metadata_proxy_shared_secret'])
    $nova_endpoint          = hiera('nova_endpoint', $management_vip)
    $nova_metadata_protocol = hiera('nova_metadata_protocol', 'http')
    $ssl_hash               = hiera_hash('use_ssl', {})
--- a/deployment/puppet/openstack_tasks/manifests/openstack_network/common_config.pp
+++ b/deployment/puppet/openstack_tasks/manifests/openstack_network/common_config.pp
@ -47,7 +47,7 @@ class openstack_tasks::openstack_network::common_config {
  $kombu_compression = hiera('kombu_compression', $::os_service_default)
-  $segmentation_type = try_get_value($neutron_config, 'L2/segmentation_type')
+  $segmentation_type = dig($neutron_config, ['L2', 'segmentation_type'])
  $nets = $neutron_config['predefined_networks']
@ -84,11 +84,10 @@ class openstack_tasks::openstack_network::common_config {
  }
  class { '::neutron::logging':
    verbose            => $verbose,
    debug               => $debug,
    use_syslog          => $use_syslog,
    use_stderr          => $use_stderr,
-    log_facility       => $log_facility,
+    syslog_log_facility => $log_facility,
    default_log_levels  => $default_log_levels,
  }
--- a/deployment/puppet/openstack_tasks/manifests/openstack_network/compute_nova.pp
+++ b/deployment/puppet/openstack_tasks/manifests/openstack_network/compute_nova.pp
@ -13,9 +13,9 @@ class openstack_tasks::openstack_network::compute_nova {
  $management_vip             = hiera('management_vip')
  $service_endpoint           = hiera('service_endpoint', $management_vip)
-  $admin_password             = try_get_value($neutron_config, 'keystone/admin_password')
+  $admin_password             = dig($neutron_config, ['keystone', 'admin_password'])
-  $admin_tenant_name          = try_get_value($neutron_config, 'keystone/admin_tenant', 'services')
+  $admin_tenant_name          = dig($neutron_config, ['keystone', 'admin_tenant'], 'services')
-  $admin_username             = try_get_value($neutron_config, 'keystone/admin_user', 'neutron')
+  $admin_username             = dig($neutron_config, ['keystone', 'admin_user'], 'neutron')
  $region_name                = hiera('region', 'RegionOne')
  $auth_api_version           = 'v3'
  $ssl_hash                   = hiera_hash('use_ssl', {})
--- a/deployment/puppet/openstack_tasks/manifests/openstack_network/networks.pp
+++ b/deployment/puppet/openstack_tasks/manifests/openstack_network/networks.pp
@ -5,43 +5,43 @@ class openstack_tasks::openstack_network::networks {
  $access_hash           = hiera_hash('access', {})
  $keystone_admin_tenant = $access_hash['tenant']
  $neutron_config        = hiera_hash('neutron_config')
-  $floating_net          = try_get_value($neutron_config, 'default_floating_net', 'net04_ext')
+  $floating_net          = dig($neutron_config, ['default_floating_net'], 'net04_ext')
-  $private_net           = try_get_value($neutron_config, 'default_private_net', 'net04')
+  $private_net           = dig($neutron_config, ['default_private_net'], 'net04')
-  $default_router        = try_get_value($neutron_config, 'default_router', 'router04')
+  $default_router        = dig($neutron_config, ['default_router'], 'router04')
-  $segmentation_type     = try_get_value($neutron_config, 'L2/segmentation_type')
+  $segmentation_type     = dig($neutron_config, ['L2', 'segmentation_type'])
  $nets                  = $neutron_config['predefined_networks']
  if $segmentation_type == 'vlan' {
    $network_type = 'vlan'
-    $segmentation_id_range = split(try_get_value($neutron_config, 'L2/phys_nets/physnet2/vlan_range', ''), ':')
+    $segmentation_id_range = split(dig($neutron_config, ['L2', 'phys_nets', 'physnet2', 'vlan_range'], ''), ':')
  } elsif $segmentation_type == 'gre' {
    $network_type = 'gre'
-    $segmentation_id_range = split(try_get_value($neutron_config, 'L2/tunnel_id_ranges', ''), ':')
+    $segmentation_id_range = split(dig($neutron_config, ['L2', 'tunnel_id_ranges'], ''), ':')
  } else {
    $network_type = 'vxlan'
-    $segmentation_id_range = split(try_get_value($neutron_config, 'L2/tunnel_id_ranges', ''), ':')
+    $segmentation_id_range = split(dig($neutron_config, ['L2', 'tunnel_id_ranges'], ''), ':')
  }
  $fallback_segment_id          = $segmentation_id_range[0]
-  $private_net_segment_id       = try_get_value($nets, "${private_net}/L2/segment_id", $fallback_segment_id)
+  $private_net_segment_id       = dig($nets, [$private_net, 'L2', 'segment_id'], $fallback_segment_id)
-  $private_net_physnet          = try_get_value($nets, "${private_net}/L2/physnet", false)
+  $private_net_physnet          = dig($nets, [$private_net, 'L2', 'physnet'], false)
-  $private_net_shared           = try_get_value($nets, "${private_net}/shared", false)
+  $private_net_shared           = dig($nets, [$private_net, 'shared'], false)
  $private_net_router_external  = false
-  $floating_net_type            = try_get_value($nets, "${floating_net}/L2/network_type", 'local')
+  $floating_net_type            = dig($nets, [$floating_net, 'L2', 'network_type'], 'local')
  $floating_net_physnet         = $floating_net_type ? {
                                      'local' => false,
-                                      default => try_get_value($nets, "${floating_net}/L2/physnet", false),
+                                      default => dig($nets, [$floating_net, 'L2', 'physnet'], false),
                                  }
-  $floating_net_router_external = try_get_value($nets, "${floating_net}/L2/router_ext")
+  $floating_net_router_external = dig($nets, [$floating_net, 'L2', 'router_ext'])
-  $floating_net_floating_range  = try_get_value($nets, "${floating_net}/L3/floating", '')
+  $floating_net_floating_range  = dig($nets, [$floating_net, 'L3', 'floating'], '')
-  $floating_net_shared          = try_get_value($nets, "${floating_net}/shared", false)
+  $floating_net_shared          = dig($nets, [$floating_net, 'shared'], false)
  if !empty($floating_net_floating_range) {
-    $floating_cidr = try_get_value($nets, "${floating_net}/L3/subnet")
+    $floating_cidr = dig($nets, [$floating_net, 'L3', 'subnet'])
    $floating_net_allocation_pool = format_allocation_pools($floating_net_floating_range, $floating_cidr)
  }
-  $tenant_name         = try_get_value($access_hash, 'tenant', 'admin')
+  $tenant_name         = dig($access_hash, ['tenant'], 'admin')
  neutron_network { $floating_net :
    ensure                    => 'present',
@ -54,10 +54,10 @@ class openstack_tasks::openstack_network::networks {
  neutron_subnet { "${floating_net}__subnet" :
    ensure           => 'present',
-    cidr             => try_get_value($nets, "${floating_net}/L3/subnet"),
+    cidr             => dig($nets, [$floating_net, 'L3', 'subnet']),
    network_name     => $floating_net,
    tenant_name      => $tenant_name,
-    gateway_ip       => try_get_value($nets, "${floating_net}/L3/gateway"),
+    gateway_ip       => dig($nets, [$floating_net, 'L3', 'gateway']),
    enable_dhcp      => false,
    allocation_pools => $floating_net_allocation_pool,
  }
@ -74,19 +74,19 @@ class openstack_tasks::openstack_network::networks {
  neutron_subnet { "${private_net}__subnet" :
    ensure          => 'present',
-    cidr            => try_get_value($nets, "${private_net}/L3/subnet"),
+    cidr            => dig($nets, [$private_net, 'L3', 'subnet']),
    network_name    => $private_net,
    tenant_name     => $tenant_name,
-    gateway_ip      => try_get_value($nets, "${private_net}/L3/gateway"),
+    gateway_ip      => dig($nets, [$private_net, 'L3', 'gateway']),
    enable_dhcp     => true,
-    dns_nameservers => try_get_value($nets, "${private_net}/L3/nameservers"),
+    dns_nameservers => dig($nets, [$private_net, 'L3', 'nameservers']),
  }
  if has_key($nets, 'baremetal') {
-    $baremetal_physnet         = try_get_value($nets, 'baremetal/L2/physnet', false)
+    $baremetal_physnet         = dig($nets, ['baremetal', 'L2', 'physnet'], false)
-    $baremetal_segment_id      = try_get_value($nets, 'baremetal/L2/segment_id')
+    $baremetal_segment_id      = dig($nets, ['baremetal', 'L2', 'segment_id'])
-    $baremetal_router_external = try_get_value($nets, 'baremetal/L2/router_ext')
+    $baremetal_router_external = dig($nets, ['baremetal', 'L2', 'router_ext'])
-    $baremetal_shared          = try_get_value($nets, 'baremetal/shared', false)
+    $baremetal_shared          = dig($nets, ['baremetal', 'shared'], false)
    neutron_network { 'baremetal' :
      ensure                    => 'present',
@ -100,13 +100,13 @@ class openstack_tasks::openstack_network::networks {
    neutron_subnet { 'baremetal__subnet' :
      ensure           => 'present',
-      cidr             => try_get_value($nets, 'baremetal/L3/subnet'),
+      cidr             => dig($nets, ['baremetal', 'L3', 'subnet']),
      network_name     => 'baremetal',
      tenant_name      => $tenant_name,
-      gateway_ip       => try_get_value($nets, 'baremetal/L3/gateway'),
+      gateway_ip       => dig($nets, ['baremetal', 'L3', 'gateway']),
      enable_dhcp      => true,
-      dns_nameservers  => try_get_value($nets, 'baremetal/L3/nameservers'),
+      dns_nameservers  => dig($nets, ['baremetal', 'L3', 'nameservers']),
-      allocation_pools => format_allocation_pools(try_get_value($nets, 'baremetal/L3/floating')),
+      allocation_pools => format_allocation_pools(dig($nets, ['baremetal', 'L3', 'floating'])),
    }
  }
 }
--- a/deployment/puppet/openstack_tasks/manifests/openstack_network/plugins/ml2.pp
+++ b/deployment/puppet/openstack_tasks/manifests/openstack_network/plugins/ml2.pp
@ -42,10 +42,10 @@ class openstack_tasks::openstack_network::plugins::ml2 {
  prepare_network_config($network_scheme)
  $neutron_advanced_config = hiera_hash('neutron_advanced_configuration', { })
-  $l2_population     = try_get_value($neutron_advanced_config, 'neutron_l2_pop', false)
+  $l2_population     = dig($neutron_advanced_config, ['neutron_l2_pop'], false)
-  $dvr               = try_get_value($neutron_advanced_config, 'neutron_dvr', false)
+  $dvr               = dig($neutron_advanced_config, ['neutron_dvr'], false)
  $enable_qos        = pick($neutron_advanced_config['neutron_qos'], false)
-  $segmentation_type = try_get_value($neutron_config, 'L2/segmentation_type')
+  $segmentation_type = dig($neutron_config, ['L2', 'segmentation_type'])
  if $compute and ! $dvr {
    $do_floating = false
@ -160,7 +160,7 @@ class openstack_tasks::openstack_network::plugins::ml2 {
      refreshonly => true,
    }
-    $ha_agent = try_get_value($neutron_advanced_config, 'l2_agent_ha', true)
+    $ha_agent = dig($neutron_advanced_config, ['l2_agent_ha'], true)
    if $ha_agent {
      #Exec<| title == 'waiting-for-neutron-api' |> ->
      class { '::cluster::neutron::ovs' :
--- a/deployment/puppet/openstack_tasks/manifests/openstack_network/routers.pp
+++ b/deployment/puppet/openstack_tasks/manifests/openstack_network/routers.pp
@ -13,10 +13,10 @@ class openstack_tasks::openstack_network::routers {
  $access_hash           = hiera_hash('access', {})
  $keystone_admin_tenant = pick($access_hash['tenant'], 'admin')
  $neutron_config        = hiera_hash('neutron_config')
-  $floating_net          = try_get_value($neutron_config, 'default_floating_net', 'net04_ext')
+  $floating_net          = dig($neutron_config, ['default_floating_net'], 'net04_ext')
-  $private_net           = try_get_value($neutron_config, 'default_private_net', 'net04')
+  $private_net           = dig($neutron_config, ['default_private_net'], 'net04')
-  $default_router        = try_get_value($neutron_config, 'default_router', 'router04')
+  $default_router        = dig($neutron_config, ['default_router'], 'router04')
-  $baremetal_router      = try_get_value($neutron_config, 'baremetal_router', 'baremetal')
+  $baremetal_router      = dig($neutron_config, ['baremetal_router'], 'baremetal')
  $nets                  = $neutron_config['predefined_networks']
  if ($l3_ha) and ($controllers_num < 2) {
--- a/deployment/puppet/openstack_tasks/manifests/openstack_network/server_config.pp
+++ b/deployment/puppet/openstack_tasks/manifests/openstack_network/server_config.pp
@ -30,9 +30,9 @@ class openstack_tasks::openstack_network::server_config {
  $db_type     = 'mysql'
  $db_password = $neutron_config['database']['passwd']
-  $db_user     = try_get_value($neutron_config, 'database/user', 'neutron')
+  $db_user     = dig($neutron_config, ['database', 'user'], 'neutron')
-  $db_name     = try_get_value($neutron_config, 'database/name', 'neutron')
+  $db_name     = dig($neutron_config, ['database', 'name'], 'neutron')
-  $db_host     = try_get_value($neutron_config, 'database/host', $database_vip)
+  $db_host     = dig($neutron_config, ['database', 'host'], $database_vip)
  # LP#1526938 - python-mysqldb supports this, python-pymysql does not
  if $::os_package_type == 'debian' {
    $extra_params = { 'charset' => 'utf8', 'read_timeout' => 60 }
@ -72,20 +72,16 @@ class openstack_tasks::openstack_network::server_config {
  $admin_auth_protocol     = get_ssl_property($ssl_hash, {}, 'keystone', 'admin', 'protocol', 'http')
  $admin_auth_endpoint     = get_ssl_property($ssl_hash, {}, 'keystone', 'admin', 'hostname', [$service_endpoint, $management_vip])
  $nova_internal_protocol  = get_ssl_property($ssl_hash, {}, 'nova', 'internal', 'protocol', 'http')
  $nova_internal_endpoint  = get_ssl_property($ssl_hash, {}, 'nova', 'internal', 'hostname', [$nova_endpoint])
  $auth_api_version        = 'v2.0'
  $auth_uri                = "${internal_auth_protocol}://${internal_auth_endpoint}:5000/"
  $auth_url                = "${internal_auth_protocol}://${internal_auth_endpoint}:35357/"
  $nova_admin_auth_url     = "${admin_auth_protocol}://${admin_auth_endpoint}:35357/"
  $nova_url                = "${nova_internal_protocol}://${nova_internal_endpoint}:8774/v2"
  $workers_max             = hiera('workers_max', 16)
  $service_workers         = pick($neutron_config['workers'], min(max($::processorcount, 1), $workers_max))
  $neutron_advanced_config = hiera_hash('neutron_advanced_configuration', { })
-  $l2_population           = try_get_value($neutron_advanced_config, 'neutron_l2_pop', false)
+  $l2_population           = dig($neutron_advanced_config, ['neutron_l2_pop'], false)
  $dvr                     = pick($neutron_advanced_config['neutron_dvr'], false)
  $l3_ha                   = pick($neutron_advanced_config['neutron_l3_ha'], false)
  $l3agent_failover        = $l3_ha ? { true => false, default => true}
@ -107,9 +103,9 @@ class openstack_tasks::openstack_network::server_config {
  $default_mechanism_drivers = ['openvswitch']
  $l2_population_mech_driver = $l2_population ? { true => ['l2population'], default => []}
  $sriov_mech_driver         = $use_sriov ? { true => ['sriovnicswitch'], default => []}
-  $mechanism_drivers         = delete(try_get_value($neutron_config, 'L2/mechanism_drivers', concat($default_mechanism_drivers,$l2_population_mech_driver,$sriov_mech_driver)), '')
+  $mechanism_drivers         = delete(dig($neutron_config, ['L2', 'mechanism_drivers'], concat($default_mechanism_drivers,$l2_population_mech_driver,$sriov_mech_driver)), '')
  $flat_networks             = ['*']
-  $segmentation_type         = try_get_value($neutron_config, 'L2/segmentation_type')
+  $segmentation_type         = dig($neutron_config, ['L2', 'segmentation_type'])
  $network_scheme = hiera_hash('network_scheme', {})
  prepare_network_config($network_scheme)
@ -123,7 +119,7 @@ class openstack_tasks::openstack_network::server_config {
    Class['::neutron::plugins::ml2'] -> Augeas['/etc/default/neutron-server:ml2_sriov_config']
  }
-  $_path_mtu = try_get_value($neutron_config, 'L2/path_mtu', undef)
+  $_path_mtu = dig($neutron_config, ['L2', 'path_mtu'], undef)
  if $segmentation_type == 'vlan' {
    $net_role_property    = 'neutron/private'
@ -150,7 +146,7 @@ class openstack_tasks::openstack_network::server_config {
    $net_role_property = 'neutron/mesh'
    $tunneling_ip      = get_network_role_property($net_role_property, 'ipaddr')
    $iface             = get_network_role_property($net_role_property, 'phys_dev')
-    $tunnel_id_ranges  = [try_get_value($neutron_config, 'L2/tunnel_id_ranges')]
+    $tunnel_id_ranges  = [dig($neutron_config, ['L2', 'tunnel_id_ranges'])]
    $physical_network_mtus = generate_physnet_mtus($neutron_config, $network_scheme, {
      'do_floating' => $do_floating,
      'do_tenant'   => false,
@ -241,7 +237,6 @@ class openstack_tasks::openstack_network::server_config {
  }
  class { '::neutron::server::notifications':
    nova_url     => $nova_url,
    auth_url     => $nova_admin_auth_url,
    username     => $nova_auth_user,
    project_name => $nova_auth_tenant,
--- a/deployment/puppet/openstack_tasks/manifests/openstack_network/server_nova.pp
+++ b/deployment/puppet/openstack_tasks/manifests/openstack_network/server_nova.pp
@ -6,9 +6,9 @@ class openstack_tasks::openstack_network::server_nova {
  $management_vip            = hiera('management_vip')
  $service_endpoint          = hiera('service_endpoint', $management_vip)
  $neutron_endpoint          = hiera('neutron_endpoint', $management_vip)
-  $admin_password            = try_get_value($neutron_config, 'keystone/admin_password')
+  $admin_password            = dig($neutron_config, ['keystone', 'admin_password'])
-  $admin_tenant_name         = try_get_value($neutron_config, 'keystone/admin_tenant', 'services')
+  $admin_tenant_name         = dig($neutron_config, ['keystone', 'admin_tenant'], 'services')
-  $admin_username            = try_get_value($neutron_config, 'keystone/admin_user', 'neutron')
+  $admin_username            = dig($neutron_config, ['keystone', 'admin_user'], 'neutron')
  $region_name               = hiera('region', 'RegionOne')
  $auth_api_version          = 'v3'
  $ssl_hash                  = hiera_hash('use_ssl', {})
--- a/deployment/puppet/osnailyfacter/manifests/firewall/firewall.pp
+++ b/deployment/puppet/osnailyfacter/manifests/firewall/firewall.pp
@ -200,7 +200,7 @@ class osnailyfacter::firewall::firewall {
  }
  firewall {'340 vxlan_udp_port':
-    port   => $vxlan_udp_port,
+    dport  => $vxlan_udp_port,
    proto  => 'udp',
    action => 'accept',
  }
@ -245,7 +245,7 @@ class osnailyfacter::firewall::firewall {
    }
    firewall { '100 http':
-      port   => [$http_port, $https_port],
+      dport  => [$http_port, $https_port],
      proto  => 'tcp',
      action => 'accept',
    }
@ -265,19 +265,19 @@ class osnailyfacter::firewall::firewall {
    }
    firewall {'103 swift':
-      port   => [$swift_proxy_port, $swift_object_port, $swift_container_port, $swift_account_port, $swift_proxy_check_port],
+      dport  => [$swift_proxy_port, $swift_object_port, $swift_container_port, $swift_account_port, $swift_proxy_check_port],
      proto  => 'tcp',
      action => 'accept',
    }
    firewall {'104 glance':
-      port   => [$glance_api_port, $glance_glare_port, $glance_reg_port, $glance_nova_api_ec2_port,],
+      dport  => [$glance_api_port, $glance_glare_port, $glance_reg_port, $glance_nova_api_ec2_port,],
      proto  => 'tcp',
      action => 'accept',
    }
    firewall {'105 nova':
-      port   => [$nova_api_compute_port, $nova_api_volume_port, $nova_vncproxy_port],
+      dport  => [$nova_api_compute_port, $nova_api_volume_port, $nova_vncproxy_port],
      proto  => 'tcp',
      action => 'accept',
    }
@ -339,7 +339,7 @@ class osnailyfacter::firewall::firewall {
    }
    firewall {'111 dhcp-server':
-      port   => $dhcp_server_port,
+      dport  => $dhcp_server_port,
      proto  => 'udp',
      action => 'accept',
    }
@ -373,13 +373,13 @@ class osnailyfacter::firewall::firewall {
    }
    firewall {'121 ceilometer':
-      port   => $ceilometer_port,
+      dport  => $ceilometer_port,
      proto  => 'tcp',
      action => 'accept',
    }
    firewall {'122 aodh':
-      port   => $aodh_port,
+      dport  => $aodh_port,
      proto  => 'tcp',
      action => 'accept',
    }
@ -391,19 +391,19 @@ class osnailyfacter::firewall::firewall {
    }
    firewall {'204 heat-api':
-      port   => $heat_api_port,
+      dport  => $heat_api_port,
      proto  => 'tcp',
      action => 'accept',
    }
    firewall {'205 heat-api-cfn':
-      port   => $heat_api_cfn_port,
+      dport  => $heat_api_cfn_port,
      proto  => 'tcp',
      action => 'accept',
    }
    firewall {'206 heat-api-cloudwatch':
-      port   => $heat_api_cloudwatch_port,
+      dport  => $heat_api_cloudwatch_port,
      proto  => 'tcp',
      action => 'accept',
    }
@ -436,7 +436,7 @@ class osnailyfacter::firewall::firewall {
  if member($roles, 'primary-mongo') or member($roles, 'mongo') {
    firewall {'120 mongodb':
-      port   => $mongodb_port,
+      dport  => $mongodb_port,
      proto  => 'tcp',
      action => 'accept',
    }
--- a/deployment/puppet/osnailyfacter/manifests/globals/globals.pp
+++ b/deployment/puppet/osnailyfacter/manifests/globals/globals.pp
@ -236,18 +236,16 @@ class osnailyfacter::globals::globals {
  $vips = $network_metadata['vips']
-  # TODO(mpolenchuk): try_get_value() is deprecated,
+  $public_vip             = dig($vips, ['public', 'ipaddr'],
  # replace with dig() once stdlib 4.12 will be available
  $public_vip             = try_get_value($vips, 'public/ipaddr',
                              get_network_role_property('public/vip', 'ipaddr')
                            )
-  $management_vip         = try_get_value($vips, 'management/ipaddr',
+  $management_vip         = dig($vips, ['management', 'ipaddr'],
                              get_network_role_property('mgmt/vip', 'ipaddr')
                            )
-  $public_vrouter_vip     = try_get_value($vips, 'vrouter_pub/ipaddr', undef)
+  $public_vrouter_vip     = dig($vips, ['vrouter_pub', 'ipaddr'], undef)
-  $management_vrouter_vip = try_get_value($vips, 'vrouter/ipaddr', undef)
+  $management_vrouter_vip = dig($vips, ['vrouter', 'ipaddr'], undef)
-  $database_vip           = try_get_value($vips, 'database/ipaddr', $management_vip)
+  $database_vip           = dig($vips, ['database', 'ipaddr'], $management_vip)
-  $service_endpoint       = try_get_value($vips, 'service_endpoint/ipaddr', $management_vip)
+  $service_endpoint       = dig($vips, ['service_endpoint', 'ipaddr'], $management_vip)
  $neutron_config                = hiera_hash('quantum_settings')
  $network_provider              = 'neutron'
--- a/deployment/puppet/osnailyfacter/manifests/rabbitmq/rabbitmq.pp
+++ b/deployment/puppet/osnailyfacter/manifests/rabbitmq/rabbitmq.pp
@ -183,22 +183,30 @@ class osnailyfacter::rabbitmq::rabbitmq {
      Class['::rabbitmq::install'] -> Exec['epmd_daemon']
        -> Rabbitmq_plugin<| |> -> Rabbitmq_exchange<| |>
      rabbitmq_user { $rabbit_hash['user']:
        admin    => true,
        password => $rabbit_hash['password'],
        provider => 'rabbitmqctl',
      }
      rabbitmq_user_permissions { "${rabbit_hash['user']}@/":
        configure_permission => '.*',
        write_permission     => '.*',
        read_permission      => '.*',
        provider             => 'rabbitmqctl',
      }
      rabbitmq_vhost { $virtual_host:
        provider => 'rabbitmqctl',
      }
      if ($use_pacemaker) {
        # Install rabbit-fence daemon
        class { '::cluster::rabbitmq_fence':
          enabled => $enabled,
          require => Class['::rabbitmq']
        }
      }
      class { '::nova::rabbitmq':
        enabled  => $enabled,
        userid   => $rabbit_hash['user'],
        password => $rabbit_hash['password'],
        require  => Class['::rabbitmq'],
      }
      if ($use_pacemaker) {
        class { '::cluster::rabbitmq_ocf':
          command_timeout         => $command_timeout,
          debug                   => $debug,
@ -206,7 +214,6 @@ class osnailyfacter::rabbitmq::rabbitmq {
          admin_user              => $rabbit_hash['user'],
          admin_pass              => $rabbit_hash['password'],
          host_ip                 => $rabbitmq_bind_ip_address,
          before                  => Class['::nova::rabbitmq'],
          enable_rpc_ha           => $enable_rpc_ha,
          enable_notifications_ha => $enable_notifications_ha,
          fqdn_prefix             => $fqdn_prefix,
--- a/deployment/puppet/osnailyfacter/manifests/ssl/ssl_dns_setup.pp
+++ b/deployment/puppet/osnailyfacter/manifests/ssl/ssl_dns_setup.pp
@ -19,25 +19,25 @@ class osnailyfacter::ssl::ssl_dns_setup {
    $public_vip = hiera('public_vip')
    $management_vip = hiera('management_vip')
-    $public_hostname = try_get_value($ssl_hash, "${service}_public_hostname", '')
+    $public_hostname = dig($ssl_hash, ["${service}_public_hostname"], '')
-    $internal_hostname = try_get_value($ssl_hash, "${service}_internal_hostname", '')
+    $internal_hostname = dig($ssl_hash, ["${service}_internal_hostname"], '')
-    $admin_hostname = try_get_value($ssl_hash, "${service}_admin_hostname", $internal_hostname)
+    $admin_hostname = dig($ssl_hash, ["${service}_admin_hostname"], $internal_hostname)
-    $service_public_ip = try_get_value($ssl_hash, "${service}_public_ip", '')
+    $service_public_ip = dig($ssl_hash, ["${service}_public_ip"], '')
    if !empty($service_public_ip) {
      $public_ip = $service_public_ip
    } else {
      $public_ip = $public_vip
    }
-    $service_internal_ip = try_get_value($ssl_hash, "${service}_internal_ip", '')
+    $service_internal_ip = dig($ssl_hash, ["${service}_internal_ip"], '')
    if !empty($service_internal_ip) {
      $internal_ip = $service_internal_ip
    } else {
      $internal_ip = $management_vip
    }
-    $service_admin_ip = try_get_value($ssl_hash, "${service}_admin_ip", '')
+    $service_admin_ip = dig($ssl_hash, ["${service}_admin_ip"], '')
    if !empty($service_admin_ip) {
      $admin_ip = $service_admin_ip
    } else {
--- a/deployment/puppet/osnailyfacter/manifests/ssl/ssl_keys_saving.pp
+++ b/deployment/puppet/osnailyfacter/manifests/ssl/ssl_keys_saving.pp
@ -4,7 +4,7 @@ class osnailyfacter::ssl::ssl_keys_saving {
  $public_ssl_hash = hiera_hash('public_ssl')
  $ssl_hash = hiera_hash('use_ssl', {})
-  $pub_certificate_content = try_get_value($public_ssl_hash, 'cert_data/content', '')
+  $pub_certificate_content = dig($public_ssl_hash, ['cert_data', 'content'], '')
  $base_path = '/etc/pki/tls/certs'
  $pki_path = [ '/etc/pki', '/etc/pki/tls' ]
  $astute_base_path = '/var/lib/astute/haproxy'
@ -28,15 +28,15 @@ class osnailyfacter::ssl::ssl_keys_saving {
    ){
    $service = $name
-    $public_service = try_get_value($ssl_hash, "${service}_public", false)
+    $public_service = dig($ssl_hash, ["${service}_public"], false)
-    $public_usercert = try_get_value($ssl_hash, "${service}_public_usercert", false)
+    $public_usercert = dig($ssl_hash, ["${service}_public_usercert"], false)
-    $public_certdata = try_get_value($ssl_hash, "${service}_public_certdata/content", '')
+    $public_certdata = dig($ssl_hash, ["${service}_public_certdata", 'content'], '')
-    $internal_service = try_get_value($ssl_hash, "${service}_internal", false)
+    $internal_service = dig($ssl_hash, ["${service}_internal"], false)
-    $internal_usercert = try_get_value($ssl_hash, "${service}_internal_usercert", false)
+    $internal_usercert = dig($ssl_hash, ["${service}_internal_usercert"], false)
-    $internal_certdata = try_get_value($ssl_hash, "${service}_internal_certdata/content", '')
+    $internal_certdata = dig($ssl_hash, ["${service}_internal_certdata", 'content'], '')
-    $admin_service = try_get_value($ssl_hash, "${service}_admin", false)
+    $admin_service = dig($ssl_hash, ["${service}_admin"], false)
-    $admin_usercert = try_get_value($ssl_hash, "${service}_admin_usercert", false)
+    $admin_usercert = dig($ssl_hash, ["${service}_admin_usercert"], false)
-    $admin_certdata = try_get_value($ssl_hash, "${service}_admin_certdata/content", '')
+    $admin_certdata = dig($ssl_hash, ["${service}_admin_certdata", 'content'], '')
    if $ssl_hash["${service}"] {
      if $public_service and $public_usercert and !empty($public_certdata) {
--- a/tests/noop/spec/hosts/firewall/firewall_spec.rb
+++ b/tests/noop/spec/hosts/firewall/firewall_spec.rb
@ -126,7 +126,7 @@ describe manifest do
      it 'should accept connections to nova' do
        should contain_firewall('105 nova').with(
-          'port'        => [ 8774, 8776, 6080 ],
+          'dport'        => [ 8774, 8776, 6080 ],
          'proto'       => 'tcp',
          'action'      => 'accept',
        )
@ -135,7 +135,7 @@ describe manifest do
      it 'should accept connections to nova without ssl' do
        management_nets.each do |source|
          should contain_firewall("105 nova internal - no ssl from #{source}").with(
-            'port'        => [ 8775, '5900-6100' ],
+            'dport'        => [ 8775, '5900-6100' ],
            'proto'       => 'tcp',
            'action'      => 'accept',
            'source'      => source,
@ -146,7 +146,7 @@ describe manifest do
      it 'should accept connections to iscsi' do
        storage_nets.each do |source|
          should contain_firewall("109 iscsi from #{source}").with(
-            'port'        => [ 3260 ],
+            'dport'        => [ 3260 ],
            'proto'       => 'tcp',
            'action'      => 'accept',
            'source'      => source,
@ -164,17 +164,17 @@ describe manifest do
      it 'should create rules for heat' do
        should contain_firewall('204 heat-api').with(
-          'port'    => [ 8004 ],
+          'dport'    => [ 8004 ],
          'proto'   => 'tcp',
          'action'  => 'accept',
        )
        should contain_firewall('205 heat-api-cfn').with(
-          'port'    => [ 8000 ],
+          'dport'    => [ 8000 ],
          'proto'   => 'tcp',
          'action'  => 'accept',
        )
        should contain_firewall('206 heat-api-cloudwatch').with(
-          'port'    => [ 8003 ],
+          'dport'    => [ 8003 ],
          'proto'   => 'tcp',
          'action'  => 'accept',
        )
@ -182,7 +182,7 @@ describe manifest do
      it 'should create rules for glance' do
        should contain_firewall('104 glance').with(
-          'port'    => [ 9292, 9494, 9191, 8773 ],
+          'dport'    => [ 9292, 9494, 9191, 8773 ],
          'proto'   => 'tcp',
          'action'  => 'accept',
        )
@ -198,7 +198,7 @@ describe manifest do
      it 'should accept connections to nova without ssl' do
        management_nets.each do |source|
          should contain_firewall("105 nova vnc from #{source}").with(
-            'port'        => [ '5900-6100' ],
+            'dport'        => [ '5900-6100' ],
            'proto'       => 'tcp',
            'action'      => 'accept',
            'source'      => source,
@ -209,7 +209,7 @@ describe manifest do
      it 'should accept connections to libvirt' do
        management_nets.each do |source|
          should contain_firewall("118 libvirt from #{source}").with(
-            'port'        => [ 16509 ],
+            'dport'        => [ 16509 ],
            'proto'       => 'tcp',
            'action'      => 'accept',
            'source'      => source,
@ -220,7 +220,7 @@ describe manifest do
      it 'should allow libvirt vm migration' do
        management_nets.each do |source|
          should contain_firewall("119 libvirt-migration from #{source}").with(
-            'port'        => [ '49152-49215' ],
+            'dport'        => [ '49152-49215' ],
            'proto'       => 'tcp',
            'action'      => 'accept',
            'source'      => source,
@ -229,7 +229,7 @@ describe manifest do
      end
    elsif Noop.puppet_function 'member', roles, 'primary-mongo' or Noop.puppet_function 'member', roles, 'mongo'
      it 'should create firewall rules' do
-        should contain_firewall('120 mongodb').with('port' => mongodb_port)
+        should contain_firewall('120 mongodb').with('dport' => mongodb_port)
      end
    end
--- a/tests/noop/spec/hosts/openstack-network/common-config_spec.rb
+++ b/tests/noop/spec/hosts/openstack-network/common-config_spec.rb
@ -50,9 +50,8 @@ describe manifest do
      it { should contain_class('neutron::logging').with('use_syslog' => Noop.hiera('use_syslog', true))}
      it { should contain_class('neutron::logging').with('use_stderr' => Noop.hiera('use_stderr', false))}
-      it { should contain_class('neutron::logging').with('log_facility' => Noop.hiera('syslog_log_facility_neutron', 'LOG_LOCAL4'))}
+      it { should contain_class('neutron::logging').with('syslog_log_facility' => Noop.hiera('syslog_log_facility_neutron', 'LOG_LOCAL4'))}
      it { should contain_class('neutron::logging').with('default_log_levels' => Noop.hiera('default_log_levels'))}
      it { should contain_class('neutron::logging').with('verbose' => Noop.hiera('verbose', true))}
      it { should contain_class('neutron::logging').with('debug' => Noop.hiera('debug', true))}
      it {
--- a/tests/noop/spec/hosts/openstack-network/server-config_spec.rb
+++ b/tests/noop/spec/hosts/openstack-network/server-config_spec.rb
@ -116,7 +116,6 @@ describe manifest do
      auth_url            = "#{internal_auth_protocol}://#{internal_auth_endpoint}:35357/"
      auth_uri            = "#{internal_auth_protocol}://#{internal_auth_endpoint}:5000/"
      nova_admin_auth_url = "#{admin_auth_protocol}://#{admin_auth_endpoint}:35357/"
      nova_url            = "#{nova_internal_protocol}://#{nova_internal_endpoint}:8774/v2"
      workers_max = Noop.hiera('workers_max', '16')
@ -300,7 +299,6 @@ describe manifest do
      it 'should configure neutron::server::notifications' do
        should contain_class('neutron::server::notifications').with(
         'nova_url'     => nova_url,
         'auth_url'     => nova_admin_auth_url,
         'region_name'  => region_name,
         'username'     => nova_auth_user,
--- a/tests/noop/spec/hosts/rabbitmq/rabbitmq_spec.rb
+++ b/tests/noop/spec/hosts/rabbitmq/rabbitmq_spec.rb
@ -145,18 +145,10 @@ describe manifest do
    it 'should configure rabbit fence class' do
      if use_pacemaker
        should contain_class('cluster::rabbitmq_fence').with(
-          :enabled => enabled).that_requires('Class[rabbitmq]')
+          :enabled => enabled)
      end
    end
    it 'should configure rabbit for nova' do
      should contain_class('nova::rabbitmq').with(
        :enabled  => enabled,
        :userid   => rabbit_hash['user'],
        :password => rabbit_hash['password'],
      ).that_requires('Class[rabbitmq]')
    end
    it 'should configure pacemaker RA' do
      if use_pacemaker
        should contain_class('cluster::rabbitmq_ocf').with(
@ -180,7 +172,7 @@ describe manifest do
          :slave_mon_interval      => rabbit_ocf[:slave_mon_interval],
          :master_mon_interval     => rabbit_ocf[:master_mon_interval],
          :mon_interval            => rabbit_ocf[:mon_interval],
-        ).that_comes_before('Class[nova::rabbitmq]')
+        )
        should contain_class('cluster::rabbitmq_ocf').that_requires(
          'Class[rabbitmq::install]')
        should contain_service_status('rabbitmq').that_requires('Service[rabbitmq-server]')