diff --git a/manifests/plugins/ml2/cisco/nexus.pp b/manifests/plugins/ml2/cisco/nexus.pp index 7ab02d682..263b79434 100644 --- a/manifests/plugins/ml2/cisco/nexus.pp +++ b/manifests/plugins/ml2/cisco/nexus.pp @@ -1,13 +1,13 @@ # == Class: neutron::plugins::ml2::cisco::nexus # -# Configure the Mech Driver for cisco neutron plugin +# Configure the Cisco Nexus Mech Driver for neutron ML2 plugin # More info available here: -# https://wiki.openstack.org/wiki/Neutron/ML2/MechCiscoNexus +# http://networking-cisco.readthedocs.io # # === Parameters: # # [*nexus_config*] -# (required) Nexus switch configuration for ml2_cisco_conf.ini +# (required) Nexus switch configuration for neutron configuration file # Example nexus config format: # { 'switch_hostname' => {'username' => 'admin', # 'ssh_port' => 22, @@ -15,6 +15,11 @@ # 'ip_address' => "172.18.117.28", # 'nve_src_intf' => 1, # 'physnet' => "physnet1", +# 'vpc_pool' => "1001-1025,1028", +# 'intfcfg_portchannel' => "no lacp suspend-individual; +# spanning-tree port type edge trunk", +# 'https_verify' => True, +# 'https_local_certificate' => '/tmp/my_local_cert.crt', # 'servers' => { # 'control01' => {"ports" => "portchannel:20"}, # 'control02' => {"ports" => "portchannel:10"} @@ -25,46 +30,10 @@ # Nexus Switch. This string value must be present in the ml2_conf.ini # network_vlan_ranges variable. # -# [*vlan_name_prefix*] -# (optional) A short prefix to prepend to the VLAN number when creating a -# VLAN interface. For example, if an interface is being created for -# VLAN 2001 it will be named 'q-2001' using the default prefix. -# The total length allowed for the prefix name and VLAN is 32 characters, -# the prefix will be truncated if the total length is greater than 32. -# Defaults to 'q-' -# -# [*svi_round_robin*] -# (optional) A flag to enable round robin scheduling of routers for SVI. -# Defaults to false -# -# [*provider_vlan_name_prefix*] -# (optional) A short prefix to prepend to the VLAN number when creating a -# provider VLAN interface. For example, if an interface is being created -# for provider VLAN 3003 it will be named 'p-3003' using the default prefix. -# The total length allowed for the prefix name and VLAN is 32 characters, -# the prefix will be truncated if the total length is greater than 32. -# Defaults to 'p-' -# -# [*persistent_switch_config*] -# (optional) To make Nexus device persistent by running the Nexus -# CLI 'copy run start' after applying successful configurations. -# (default) This flag defaults to False keep consistent with -# existing functionality. -# Defaults to false -# # [*switch_heartbeat_time*] # (optional) Time interval to check the state of the Nexus device. -# (default) This value defaults to 0 seconds which disables this -# functionality. When enabled, 30 seconds is suggested. -# Defaults to 0 -# -# [*switch_replay_count*] -# (optional) This configuration item is OBSOLETE. The Nexus driver replay -# behavior is to continue to attempt to connect to the down Nexus device -# with a period equal to the heartbeat time interval. This was previously: -# Number of times to attempt config replay with switch. -# This variable depends on switch_heartbeat_time being enabled. -# Defaults to $::os_service_default +# (default) This value defaults to 30 seconds. To disable, set to 0. +# Defaults to 30 # # [*provider_vlan_auto_create*] # (optional) A flag indicating whether OpenStack networking should manage the @@ -92,11 +61,67 @@ # orchestration. # Defaults to true # -# [*host_key_checks*] -# (optional) A flag indicating whether or not to enable strict host key checks -# when connecting to Nexus switches. +# DEPRECATED +# [*vlan_name_prefix*] +# (optional) This configuration item is OBSOLETE. +# A short prefix to prepend to the VLAN number when creating a +# VLAN interface. For example, if an interface is being created for +# VLAN 2001 it will be named 'q-2001' using the default prefix. +# The total length allowed for the prefix name and VLAN is 32 characters, +# the prefix will be truncated if the total length is greater than 32. +# Defaults to 'q-' +# +# [*svi_round_robin*] +# (optional) This configuration item is OBSOLETE. +# A flag to enable round robin scheduling of routers for SVI. # Defaults to false # +# [*provider_vlan_name_prefix*] +# (optional) This configuration item is OBSOLETE. +# A short prefix to prepend to the VLAN number when creating a +# provider VLAN interface. For example, if an interface is being created +# for provider VLAN 3003 it will be named 'p-3003' using the default prefix. +# The total length allowed for the prefix name and VLAN is 32 characters, +# the prefix will be truncated if the total length is greater than 32. +# Defaults to 'p-' +# +# [*persistent_switch_config*] +# (optional) This will be deprecated. This variable makes +# Nexus device persistent by running the Nexus CLI 'copy run start' +# after applying successful configurations. +# (default) This flag defaults to False keep consistent with +# existing functionality. +# Defaults to false +# +# [*never_cache_ssh_connection*] +# (optional) This will be deprecated. This configuration prevents +# caching ssh connections to a Nexus switch. +# (default) This defaults to False which indicates that ssh +# connections to Nexus switch are cached when the neutron +# controller has fewer than 8 processes. +# Defaults to false +# +# [*switch_replay_count*] +# (optional) This configuration item is OBSOLETE. The Nexus driver replay +# behavior is to continue to attempt to connect to the down Nexus device +# with a period equal to the heartbeat time interval. This was previously: +# Number of times to attempt config replay with switch. +# This variable depends on switch_heartbeat_time being enabled. +# Defaults to $::os_service_default +# +# [*nexus_driver*] +# (optional) This will be deprecated. This configuration is a +# choice of driver methods to configure Nexus devices. +# (default) This value defaults to 'restapi' but can be configured +# to legacy driver 'ncclient' temporarily until it is deprecated. +# Defaults to 'restapi' +# +# [*host_key_checks*] +# (optional) This will be deprecated. This flag indicates whether or +# not to enable strict host key checks when connecting to Nexus switches. +# Defaults to false +# + class neutron::plugins::ml2::cisco::nexus ( $nexus_config, $managed_physical_network, @@ -105,7 +130,9 @@ class neutron::plugins::ml2::cisco::nexus ( $provider_vlan_name_prefix = 'p-', $persistent_switch_config = false, $switch_heartbeat_time = 0, + $never_cache_ssh_connection = false, $switch_replay_count = $::os_service_default, + $nexus_driver = 'restapi', $provider_vlan_auto_create = true, $provider_vlan_auto_trunk = true, $vxlan_global_config = true, @@ -120,15 +147,18 @@ class neutron::plugins::ml2::cisco::nexus ( } neutron_plugin_ml2 { 'ml2_cisco/managed_physical_network' : value => $managed_physical_network; + 'ml2_cisco/switch_heartbeat_time' : value => $switch_heartbeat_time; + 'ml2_cisco/provider_vlan_auto_create' : value => $provider_vlan_auto_create; + 'ml2_cisco/provider_vlan_auto_trunk' : value => $provider_vlan_auto_trunk; + 'ml2_cisco/vxlan_global_config' : value => $vxlan_global_config; + #DEPRECATED ARGS 'ml2_cisco/vlan_name_prefix' : value => $vlan_name_prefix; 'ml2_cisco/svi_round_robin' : value => $svi_round_robin; 'ml2_cisco/provider_vlan_name_prefix' : value => $provider_vlan_name_prefix; 'ml2_cisco/persistent_switch_config' : value => $persistent_switch_config; - 'ml2_cisco/switch_heartbeat_time' : value => $switch_heartbeat_time; + 'ml2_cisco/never_cache_ssh_connection' : value => $never_cache_ssh_connection; 'ml2_cisco/switch_replay_count' : value => $switch_replay_count; - 'ml2_cisco/provider_vlan_auto_create' : value => $provider_vlan_auto_create; - 'ml2_cisco/provider_vlan_auto_trunk' : value => $provider_vlan_auto_trunk; - 'ml2_cisco/vxlan_global_config' : value => $vxlan_global_config; + 'ml2_cisco/nexus_driver' : value => $nexus_driver; 'ml2_cisco/host_key_checks' : value => $host_key_checks; } diff --git a/manifests/plugins/ml2/cisco/nexus_creds.pp b/manifests/plugins/ml2/cisco/nexus_creds.pp index 421ef42c1..b80a01558 100644 --- a/manifests/plugins/ml2/cisco/nexus_creds.pp +++ b/manifests/plugins/ml2/cisco/nexus_creds.pp @@ -4,7 +4,7 @@ # for use by the ML2 Mech Driver for Cisco Nexus Switches. # # More info available here: -# https://wiki.openstack.org/wiki/Neutron/ML2/MechCiscoNexus +# http://networking-cisco.readthedocs.io # # # neutron::plugins::ml2::cisco::nexus_creds used by @@ -74,6 +74,40 @@ # # Defaults to undef. # +# [*vpc_pool*] +# (not used) Required for Baremetal deployments and Port-Channel creation +# is needed. This defines the pool of port-channel ids which are +# available for port-channel creation. +# +# Defaults to undef. +# +# [*intfcfg_portchannel*] +# (not used) For use with Baremetal deployments and custom port-channel +# configuration is required during port-channel creation. +# +# Defaults to undef. +# +# [*https_verify*] +# (not used) Set to True when certification authority (CA) file is in +# the Operating System repository or is a locally defined file whose +# name is provided in https_local_certificate. Set to False +# to skip https certification checking thus making the connection +# insecure. Getting a certificate and setting https_verify to True +# is strongly advised for production to prevent man-in-the-middle +# attacks. Be advised the default will change from False to True +# in future releases. +# +# Defaults to undef. +# +# [*https_local_certificate*] +# (not used) Configure a local certificate file to present in https +# requests. For experimental purpose when an official certificate +# from a Trusted Certificate Authority is not yet available. +# +# Defaults to undef. +# + + define neutron::plugins::ml2::cisco::nexus_creds( # Not used parameters $username, @@ -84,6 +118,10 @@ define neutron::plugins::ml2::cisco::nexus_creds( $ip_address, $nve_src_intf = undef, $physnet = undef, + $vpc_pool = undef, + $intfcfg_portchannel = undef, + $https_verify = undef, + $https_local_certificate = undef, ) { include ::neutron::deps diff --git a/manifests/plugins/ml2/cisco/nexus_switch.pp b/manifests/plugins/ml2/cisco/nexus_switch.pp index 128d226b4..69448d883 100644 --- a/manifests/plugins/ml2/cisco/nexus_switch.pp +++ b/manifests/plugins/ml2/cisco/nexus_switch.pp @@ -4,7 +4,7 @@ # for use by the ML2 Mech Driver for Cisco Nexus Switches. # # More info available here: -# https://wiki.openstack.org/wiki/Neutron/ML2/MechCiscoNexus +# http://networking-cisco.readthedocs.io # # # neutron::plugins::ml2::cisco::nexus_switch used by @@ -20,9 +20,6 @@ # [*ip_address*] # (required) The IP address of the switch. # -# [*ssh_port*] -# (required) The SSH port to use when connecting to the switch. -# # [*servers*] # (required) A hash of server names (key) mapped to the switch's # interfaces (value). For each host connected to a port on the @@ -78,15 +75,48 @@ # # Defaults to $::os_service_default. # +# [*vpc_pool*] +# (optional) Required for Baremetal deployments and Port-Channel creation +# is needed. This defines the pool of port-channel ids which are +# available for port-channel creation. +# +# [*intfcfg_portchannel*] +# (optional) For use with Baremetal deployments and custom port-channel +# configuration is required during port-channel creation. +# +# [*https_verify*] +# (optional) Set to True when certification authority (CA) file is in +# the Operating System repository or is a locally defined file whose +# name is provided in https_local_certificate. Set to False +# to skip https certification checking thus making the connection +# insecure. Getting a certificate and setting https_verify to True +# is strongly advised for production to prevent man-in-the-middle +# attacks. Be advised the default will change from False to True +# in future releases. +# +# [*https_local_certificate*] +# (optional) Configure a local certificate file to present in https +# requests. For experimental purpose when an official certificate +# from a Trusted Certificate Authority is not yet available. +# +# DEPRECATED +# [*ssh_port*] +# (optional) This configuration item is deprecated. +# The SSH port to use when connecting to the switch. +# define neutron::plugins::ml2::cisco::nexus_switch( $username, $password, $ip_address, - $ssh_port, $servers, $switchname = $title, + $ssh_port = $::os_service_default, $nve_src_intf = $::os_service_default, - $physnet = $::os_service_default + $physnet = $::os_service_default, + $vpc_pool = $::os_service_default, + $intfcfg_portchannel = $::os_service_default, + $https_verify = $::os_service_default, + $https_local_certificate = $::os_service_default ) { include ::neutron::deps @@ -95,9 +125,14 @@ define neutron::plugins::ml2::cisco::nexus_switch( neutron_plugin_ml2 { "${section}/username": value => $username; "${section}/password": value => $password, secret => true; - "${section}/ssh_port": value => $ssh_port; "${section}/nve_src_intf": value => $nve_src_intf; "${section}/physnet": value => $physnet; + "${section}/vpc_pool": value => $vpc_pool; + "${section}/intfcfg_portchannel": value => $intfcfg_portchannel; + "${section}/https_verify": value => $https_verify; + "${section}/https_local_certificate": value => $https_local_certificate; + #DEPRECATED ARGS + "${section}/ssh_port": value => $ssh_port; } $server_defaults = { diff --git a/manifests/plugins/ml2/cisco/nexus_switch_server.pp b/manifests/plugins/ml2/cisco/nexus_switch_server.pp index 77b01ab05..dec983219 100644 --- a/manifests/plugins/ml2/cisco/nexus_switch_server.pp +++ b/manifests/plugins/ml2/cisco/nexus_switch_server.pp @@ -1,11 +1,11 @@ -# == Define: neutron::plugins::ml2::cisco::nexus_switch +# == Define: neutron::plugins::ml2::cisco::nexus_switch_server # # Defined type to configure the Cisco Nexus Switch parameters # for servers connected to the switch for use by the ML2 Mech # Driver for Cisco Nexus Switches. # # More info available here: -# https://wiki.openstack.org/wiki/Neutron/ML2/MechCiscoNexus +# http://networking-cisco.readthedocs.io # # # neutron::plugins::ml2::cisco::nexus_switch_server used by diff --git a/manifests/plugins/ml2/cisco/type_nexus_vxlan.pp b/manifests/plugins/ml2/cisco/type_nexus_vxlan.pp index a79265ecd..e404cf874 100644 --- a/manifests/plugins/ml2/cisco/type_nexus_vxlan.pp +++ b/manifests/plugins/ml2/cisco/type_nexus_vxlan.pp @@ -1,7 +1,7 @@ # # Configure the Nexus VXLAN Type Driver # More info available here: -# http://docwiki.cisco.com/wiki/OpenStack/ML2NexusMechanismDriver +# http://networking-cisco.readthedocs.io # # === Parameters # diff --git a/releasenotes/notes/deprecate-some-nw-cisco-params-aad5a98077f9b4e4.yaml b/releasenotes/notes/deprecate-some-nw-cisco-params-aad5a98077f9b4e4.yaml new file mode 100644 index 000000000..ed2689ba6 --- /dev/null +++ b/releasenotes/notes/deprecate-some-nw-cisco-params-aad5a98077f9b4e4.yaml @@ -0,0 +1,10 @@ +--- +deprecations: + - | + Nexus: Configuration clean-up + + This changeset deprecates old configurations not used in the code and + others to be aged out mostly due to code improvements such as implementation + of the Nexusu RESTAPI driver. The RESTAPI driver replaces use of the + ncclient driver. The ncclient driver will be removed along with any tuning + configuration that goes with it. diff --git a/spec/classes/neutron_plugins_ml2_cisco_nexus_spec.rb b/spec/classes/neutron_plugins_ml2_cisco_nexus_spec.rb index 7ce913681..8b9f6e2a1 100644 --- a/spec/classes/neutron_plugins_ml2_cisco_nexus_spec.rb +++ b/spec/classes/neutron_plugins_ml2_cisco_nexus_spec.rb @@ -26,6 +26,10 @@ describe 'neutron::plugins::ml2::cisco::nexus' do "ip_address" => "172.18.117.28", "nve_src_intf" => 1, "physnet" => "physnet1", + "vpc_pool" => "", + "intfcfg_portchannel" => "", + "https_verify" => false, + "https_local_certificate" => "", "servers" => { "control02" => {"ports" => "portchannel:20"}, "control01" => {"ports" => "portchannel:10"} @@ -37,8 +41,10 @@ describe 'neutron::plugins::ml2::cisco::nexus' do :svi_round_robin => false, :provider_vlan_name_prefix => 'p-', :persistent_switch_config => false, - :switch_heartbeat_time => 0, + :never_cache_ssh_connection => false, + :switch_heartbeat_time => 30, :switch_replay_count => 3, + :nexus_driver => 'restapi', :provider_vlan_auto_create => true, :provider_vlan_auto_trunk => true, :vxlan_global_config => true, @@ -71,8 +77,10 @@ describe 'neutron::plugins::ml2::cisco::nexus' do is_expected.to contain_neutron_plugin_ml2('ml2_cisco/svi_round_robin').with_value(params[:svi_round_robin]) is_expected.to contain_neutron_plugin_ml2('ml2_cisco/provider_vlan_name_prefix').with_value(params[:provider_vlan_name_prefix]) is_expected.to contain_neutron_plugin_ml2('ml2_cisco/persistent_switch_config').with_value(params[:persistent_switch_config]) + is_expected.to contain_neutron_plugin_ml2('ml2_cisco/never_cache_ssh_connection').with_value(params[:never_cache_ssh_connection]) is_expected.to contain_neutron_plugin_ml2('ml2_cisco/switch_heartbeat_time').with_value(params[:switch_heartbeat_time]) is_expected.to contain_neutron_plugin_ml2('ml2_cisco/switch_replay_count').with_value(params[:switch_replay_count]) + is_expected.to contain_neutron_plugin_ml2('ml2_cisco/nexus_driver').with_value(params[:nexus_driver]) is_expected.to contain_neutron_plugin_ml2('ml2_cisco/provider_vlan_auto_create').with_value(params[:provider_vlan_auto_create]) is_expected.to contain_neutron_plugin_ml2('ml2_cisco/provider_vlan_auto_trunk').with_value(params[:provider_vlan_auto_trunk]) is_expected.to contain_neutron_plugin_ml2('ml2_cisco/vxlan_global_config').with_value(params[:vxlan_global_config])