Latest Nexus Configuration Variables Updates

Add new interface Config variables added to Nexus plugin. vnc_pool intfcfg_portchannel https_verify https_local_certificate Identify variables which are obsolete and those being deprecated. Change default to switch_heartbeat_time. Change-Id: I940659bdd448b7bda1c38d9343ec6322390b027a Closes-bug: #1672496
2017-12-12 14:59:27 -05:00 · 2017-12-12 14:59:27 -05:00 · a273479e1e
commit a273479e1e
parent ae090c9ffe
7 changed files with 181 additions and 60 deletions
--- a/manifests/plugins/ml2/cisco/nexus.pp
+++ b/manifests/plugins/ml2/cisco/nexus.pp
@ -1,13 +1,13 @@
 # == Class: neutron::plugins::ml2::cisco::nexus
 #
-# Configure the Mech Driver for cisco neutron plugin
+# Configure the Cisco Nexus Mech Driver for neutron ML2 plugin
 # More info available here:
-# https://wiki.openstack.org/wiki/Neutron/ML2/MechCiscoNexus
+# http://networking-cisco.readthedocs.io
 #
 # === Parameters:
 #
 # [*nexus_config*]
-# (required) Nexus switch configuration for ml2_cisco_conf.ini
+# (required) Nexus switch configuration for neutron configuration file
 # Example nexus config format:
 #  { 'switch_hostname' => {'username' => 'admin',
 #    'ssh_port' => 22,
@ -15,6 +15,11 @@
 #    'ip_address' => "172.18.117.28",
 #    'nve_src_intf' => 1,
 #    'physnet' => "physnet1",
+#    'vpc_pool' => "1001-1025,1028",
+#    'intfcfg_portchannel' => "no lacp suspend-individual;
+#                              spanning-tree port type edge trunk",
+#    'https_verify' => True,
+#    'https_local_certificate' => '/tmp/my_local_cert.crt',
 #    'servers' => {
 #      'control01' => {"ports" => "portchannel:20"},
 #      'control02' => {"ports" => "portchannel:10"}
@ -25,46 +30,10 @@
 #   Nexus Switch.  This string value must be present in the ml2_conf.ini
 #   network_vlan_ranges variable.
 #
-# [*vlan_name_prefix*]
-#   (optional) A short prefix to prepend to the VLAN number when creating a
-#   VLAN interface. For example, if an interface is being created for
-#   VLAN 2001 it will be named 'q-2001' using the default prefix.
-#   The total length allowed for the prefix name and VLAN is 32 characters,
-#   the prefix will be truncated if the total length is greater than 32.
-#   Defaults to 'q-'
-#
-# [*svi_round_robin*]
-#   (optional) A flag to enable round robin scheduling of routers for SVI.
-#   Defaults to false
-#
-# [*provider_vlan_name_prefix*]
-#   (optional) A short prefix to prepend to the VLAN number when creating a
-#   provider VLAN interface. For example, if an interface is being created
-#   for provider VLAN 3003 it will be named 'p-3003' using the default prefix.
-#   The total length allowed for the prefix name and VLAN is 32 characters,
-#   the prefix will be truncated if the total length is greater than 32.
-#   Defaults to 'p-'
-#
-# [*persistent_switch_config*]
-#   (optional) To make Nexus device persistent by running the Nexus
-#   CLI 'copy run start' after applying successful configurations.
-#   (default) This flag defaults to False keep consistent with
-#   existing functionality.
-#   Defaults to false
-#
 # [*switch_heartbeat_time*]
 #   (optional) Time interval to check the state of the Nexus device.
-#   (default) This value defaults to 0 seconds which disables this
-#   functionality.  When enabled, 30 seconds is suggested.
-#   Defaults to 0
-#
-# [*switch_replay_count*]
-#   (optional) This configuration item is OBSOLETE.  The Nexus driver replay
-#   behavior is to continue to attempt to connect to the down Nexus device
-#   with a period equal to the heartbeat time interval. This was previously:
-#      Number of times to attempt config replay with switch.
-#      This variable depends on switch_heartbeat_time being enabled.
-#   Defaults to $::os_service_default
+#   (default) This value defaults to 30 seconds. To disable, set to 0.
+#   Defaults to 30
 #
 # [*provider_vlan_auto_create*]
 #   (optional) A flag indicating whether OpenStack networking should manage the
@ -92,11 +61,67 @@
 #   orchestration.
 #   Defaults to true
 #
-# [*host_key_checks*]
-#   (optional) A flag indicating whether or not to enable strict host key checks
-#   when connecting to Nexus switches.
+# DEPRECATED
+# [*vlan_name_prefix*]
+#   (optional) This configuration item is OBSOLETE.
+#   A short prefix to prepend to the VLAN number when creating a
+#   VLAN interface. For example, if an interface is being created for
+#   VLAN 2001 it will be named 'q-2001' using the default prefix.
+#   The total length allowed for the prefix name and VLAN is 32 characters,
+#   the prefix will be truncated if the total length is greater than 32.
+#   Defaults to 'q-'
+#
+# [*svi_round_robin*]
+#   (optional) This configuration item is OBSOLETE.
+#   A flag to enable round robin scheduling of routers for SVI.
 #   Defaults to false
 #
+# [*provider_vlan_name_prefix*]
+#   (optional) This configuration item is OBSOLETE.
+#   A short prefix to prepend to the VLAN number when creating a
+#   provider VLAN interface. For example, if an interface is being created
+#   for provider VLAN 3003 it will be named 'p-3003' using the default prefix.
+#   The total length allowed for the prefix name and VLAN is 32 characters,
+#   the prefix will be truncated if the total length is greater than 32.
+#   Defaults to 'p-'
+#
+# [*persistent_switch_config*]
+#   (optional) This will be deprecated.  This variable makes
+#   Nexus device persistent by running the Nexus CLI 'copy run start'
+#   after applying successful configurations.
+#   (default) This flag defaults to False keep consistent with
+#   existing functionality.
+#   Defaults to false
+#
+# [*never_cache_ssh_connection*]
+#   (optional) This will be deprecated.  This configuration prevents
+#   caching ssh connections to a Nexus switch.
+#   (default) This defaults to False which indicates that ssh
+#   connections to Nexus switch are cached when the neutron
+#   controller has fewer than 8 processes.
+#   Defaults to false
+#
+# [*switch_replay_count*]
+#   (optional) This configuration item is OBSOLETE.  The Nexus driver replay
+#   behavior is to continue to attempt to connect to the down Nexus device
+#   with a period equal to the heartbeat time interval. This was previously:
+#   Number of times to attempt config replay with switch.
+#   This variable depends on switch_heartbeat_time being enabled.
+#   Defaults to $::os_service_default
+#
+# [*nexus_driver*]
+#   (optional) This will be deprecated.  This configuration is a
+#   choice of driver methods to configure Nexus devices.
+#   (default) This value defaults to 'restapi' but can be configured
+#   to legacy driver 'ncclient' temporarily until it is deprecated.
+#   Defaults to 'restapi'
+#
+# [*host_key_checks*]
+#   (optional) This will be deprecated.   This flag indicates whether or
+#   not to enable strict host key checks when connecting to Nexus switches.
+#   Defaults to false
+#
+
 class neutron::plugins::ml2::cisco::nexus (
  $nexus_config,
  $managed_physical_network,
@ -105,7 +130,9 @@ class neutron::plugins::ml2::cisco::nexus (
  $provider_vlan_name_prefix = 'p-',
  $persistent_switch_config  = false,
  $switch_heartbeat_time     = 0,
+  $never_cache_ssh_connection = false,
  $switch_replay_count       = $::os_service_default,
+  $nexus_driver              = 'restapi',
  $provider_vlan_auto_create = true,
  $provider_vlan_auto_trunk  = true,
  $vxlan_global_config       = true,
@ -120,15 +147,18 @@ class neutron::plugins::ml2::cisco::nexus (
  }
  neutron_plugin_ml2 {
    'ml2_cisco/managed_physical_network'  : value => $managed_physical_network;
+    'ml2_cisco/switch_heartbeat_time'     : value => $switch_heartbeat_time;
+    'ml2_cisco/provider_vlan_auto_create' : value => $provider_vlan_auto_create;
+    'ml2_cisco/provider_vlan_auto_trunk'  : value => $provider_vlan_auto_trunk;
+    'ml2_cisco/vxlan_global_config'       : value => $vxlan_global_config;
+    #DEPRECATED ARGS
    'ml2_cisco/vlan_name_prefix'          : value => $vlan_name_prefix;
    'ml2_cisco/svi_round_robin'           : value => $svi_round_robin;
    'ml2_cisco/provider_vlan_name_prefix' : value => $provider_vlan_name_prefix;
    'ml2_cisco/persistent_switch_config'  : value => $persistent_switch_config;
-    'ml2_cisco/switch_heartbeat_time'     : value => $switch_heartbeat_time;
+    'ml2_cisco/never_cache_ssh_connection'  : value => $never_cache_ssh_connection;
    'ml2_cisco/switch_replay_count'       : value => $switch_replay_count;
-    'ml2_cisco/provider_vlan_auto_create' : value => $provider_vlan_auto_create;
-    'ml2_cisco/provider_vlan_auto_trunk'  : value => $provider_vlan_auto_trunk;
-    'ml2_cisco/vxlan_global_config'       : value => $vxlan_global_config;
+    'ml2_cisco/nexus_driver'              : value => $nexus_driver;
    'ml2_cisco/host_key_checks'           : value => $host_key_checks;
  }

--- a/manifests/plugins/ml2/cisco/nexus_creds.pp
+++ b/manifests/plugins/ml2/cisco/nexus_creds.pp
@ -4,7 +4,7 @@
 # for use by the ML2 Mech Driver for Cisco Nexus Switches.
 #
 # More info available here:
-# https://wiki.openstack.org/wiki/Neutron/ML2/MechCiscoNexus
+# http://networking-cisco.readthedocs.io
 #
 #
 # neutron::plugins::ml2::cisco::nexus_creds used by
@ -74,6 +74,40 @@
 #
 # Defaults to undef.
 #
+# [*vpc_pool*]
+# (not used) Required for Baremetal deployments and Port-Channel creation
+# is needed.  This defines the pool of port-channel ids which are
+# available for port-channel creation.
+#
+# Defaults to undef.
+#
+# [*intfcfg_portchannel*]
+# (not used) For use with Baremetal deployments and custom port-channel
+# configuration is required during port-channel creation.
+#
+# Defaults to undef.
+#
+# [*https_verify*]
+# (not used) Set to True when certification authority (CA) file is in
+# the Operating System repository or is a locally defined file whose
+# name is provided in https_local_certificate.  Set to False
+# to skip https certification checking thus making the connection
+# insecure.  Getting a certificate and setting https_verify to True
+# is strongly advised for production to prevent man-in-the-middle
+# attacks.  Be advised the default will change from False to True
+# in future releases.
+#
+# Defaults to undef.
+#
+# [*https_local_certificate*]
+# (not used) Configure a local certificate file to present in https
+# requests.  For experimental purpose when an official certificate
+# from a Trusted Certificate Authority is not yet available.
+#
+# Defaults to undef.
+#
+
+
 define neutron::plugins::ml2::cisco::nexus_creds(
  # Not used parameters
  $username,
@ -84,6 +118,10 @@ define neutron::plugins::ml2::cisco::nexus_creds(
  $ip_address,
  $nve_src_intf = undef,
  $physnet      = undef,
+  $vpc_pool     = undef,
+  $intfcfg_portchannel = undef,
+  $https_verify = undef,
+  $https_local_certificate = undef,

 ) {
  include ::neutron::deps
--- a/manifests/plugins/ml2/cisco/nexus_switch.pp
+++ b/manifests/plugins/ml2/cisco/nexus_switch.pp
@ -4,7 +4,7 @@
 # for use by the ML2 Mech Driver for Cisco Nexus Switches.
 #
 # More info available here:
-# https://wiki.openstack.org/wiki/Neutron/ML2/MechCiscoNexus
+# http://networking-cisco.readthedocs.io
 #
 #
 # neutron::plugins::ml2::cisco::nexus_switch used by
@ -20,9 +20,6 @@
 # [*ip_address*]
 # (required) The IP address of the switch.
 #
-# [*ssh_port*]
-# (required) The SSH port to use when connecting to the switch.
-#
 # [*servers*]
 # (required) A hash of server names (key) mapped to the switch's
 # interfaces (value).  For each host connected to a port on the
@ -78,15 +75,48 @@
 #
 # Defaults to $::os_service_default.
 #
+# [*vpc_pool*]
+# (optional) Required for Baremetal deployments and Port-Channel creation
+# is needed.  This defines the pool of port-channel ids which are
+# available for port-channel creation.
+#
+# [*intfcfg_portchannel*]
+# (optional) For use with Baremetal deployments and custom port-channel
+# configuration is required during port-channel creation.
+#
+# [*https_verify*]
+# (optional) Set to True when certification authority (CA) file is in
+# the Operating System repository or is a locally defined file whose
+# name is provided in https_local_certificate.  Set to False
+# to skip https certification checking thus making the connection
+# insecure.  Getting a certificate and setting https_verify to True
+# is strongly advised for production to prevent man-in-the-middle
+# attacks.  Be advised the default will change from False to True
+# in future releases.
+#
+# [*https_local_certificate*]
+# (optional) Configure a local certificate file to present in https
+# requests.  For experimental purpose when an official certificate
+# from a Trusted Certificate Authority is not yet available.
+#
+# DEPRECATED
+# [*ssh_port*]
+# (optional)  This configuration item is deprecated.
+# The SSH port to use when connecting to the switch.
+#
 define neutron::plugins::ml2::cisco::nexus_switch(
  $username,
  $password,
  $ip_address,
-  $ssh_port,
  $servers,
  $switchname   = $title,
+  $ssh_port     = $::os_service_default,
  $nve_src_intf = $::os_service_default,
-  $physnet      = $::os_service_default
+  $physnet      = $::os_service_default,
+  $vpc_pool     = $::os_service_default,
+  $intfcfg_portchannel = $::os_service_default,
+  $https_verify = $::os_service_default,
+  $https_local_certificate = $::os_service_default
 ) {

  include ::neutron::deps
@ -95,9 +125,14 @@ define neutron::plugins::ml2::cisco::nexus_switch(
  neutron_plugin_ml2 {
    "${section}/username":       value => $username;
    "${section}/password":       value => $password, secret => true;
-    "${section}/ssh_port":       value => $ssh_port;
    "${section}/nve_src_intf":   value => $nve_src_intf;
    "${section}/physnet":        value => $physnet;
+    "${section}/vpc_pool":       value => $vpc_pool;
+    "${section}/intfcfg_portchannel":  value => $intfcfg_portchannel;
+    "${section}/https_verify":  value => $https_verify;
+    "${section}/https_local_certificate":  value => $https_local_certificate;
+    #DEPRECATED ARGS
+    "${section}/ssh_port":       value => $ssh_port;
  }

  $server_defaults = {
--- a/manifests/plugins/ml2/cisco/nexus_switch_server.pp
+++ b/manifests/plugins/ml2/cisco/nexus_switch_server.pp
@ -1,11 +1,11 @@
-# == Define: neutron::plugins::ml2::cisco::nexus_switch
+# == Define: neutron::plugins::ml2::cisco::nexus_switch_server
 #
 # Defined type to configure the Cisco Nexus Switch parameters
 # for servers connected to the switch for use by the ML2 Mech
 # Driver for Cisco Nexus Switches.
 #
 # More info available here:
-# https://wiki.openstack.org/wiki/Neutron/ML2/MechCiscoNexus
+# http://networking-cisco.readthedocs.io
 #
 #
 # neutron::plugins::ml2::cisco::nexus_switch_server used by
--- a/manifests/plugins/ml2/cisco/type_nexus_vxlan.pp
+++ b/manifests/plugins/ml2/cisco/type_nexus_vxlan.pp
@ -1,7 +1,7 @@
 #
 # Configure the Nexus VXLAN Type Driver
 # More info available here:
-# http://docwiki.cisco.com/wiki/OpenStack/ML2NexusMechanismDriver
+# http://networking-cisco.readthedocs.io
 #
 # === Parameters
 #
--- a/releasenotes/notes/deprecate-some-nw-cisco-params-aad5a98077f9b4e4.yaml
+++ b/releasenotes/notes/deprecate-some-nw-cisco-params-aad5a98077f9b4e4.yaml
@ -0,0 +1,10 @@
+---
+deprecations:
+  - |
+    Nexus: Configuration clean-up
+
+    This changeset deprecates old configurations not used in the code and
+    others to be aged out mostly due to code improvements such as implementation
+    of the Nexusu RESTAPI driver.  The RESTAPI driver replaces use of the
+    ncclient driver.  The ncclient driver will be removed along with any tuning
+    configuration that goes with it.
--- a/spec/classes/neutron_plugins_ml2_cisco_nexus_spec.rb
+++ b/spec/classes/neutron_plugins_ml2_cisco_nexus_spec.rb
@ -26,6 +26,10 @@ describe 'neutron::plugins::ml2::cisco::nexus' do
          "ip_address" => "172.18.117.28",
          "nve_src_intf" => 1,
          "physnet" => "physnet1",
+          "vpc_pool" => "",
+          "intfcfg_portchannel" => "",
+          "https_verify" => false,
+          "https_local_certificate" => "",
          "servers" => {
            "control02" => {"ports" => "portchannel:20"},
            "control01" => {"ports" => "portchannel:10"}
@ -37,8 +41,10 @@ describe 'neutron::plugins::ml2::cisco::nexus' do
      :svi_round_robin           => false,
      :provider_vlan_name_prefix => 'p-',
      :persistent_switch_config  => false,
-      :switch_heartbeat_time     => 0,
+      :never_cache_ssh_connection => false,
+      :switch_heartbeat_time     => 30,
      :switch_replay_count       => 3,
+      :nexus_driver              => 'restapi',
      :provider_vlan_auto_create => true,
      :provider_vlan_auto_trunk  => true,
      :vxlan_global_config       => true,
@ -71,8 +77,10 @@ describe 'neutron::plugins::ml2::cisco::nexus' do
      is_expected.to contain_neutron_plugin_ml2('ml2_cisco/svi_round_robin').with_value(params[:svi_round_robin])
      is_expected.to contain_neutron_plugin_ml2('ml2_cisco/provider_vlan_name_prefix').with_value(params[:provider_vlan_name_prefix])
      is_expected.to contain_neutron_plugin_ml2('ml2_cisco/persistent_switch_config').with_value(params[:persistent_switch_config])
+      is_expected.to contain_neutron_plugin_ml2('ml2_cisco/never_cache_ssh_connection').with_value(params[:never_cache_ssh_connection])
      is_expected.to contain_neutron_plugin_ml2('ml2_cisco/switch_heartbeat_time').with_value(params[:switch_heartbeat_time])
      is_expected.to contain_neutron_plugin_ml2('ml2_cisco/switch_replay_count').with_value(params[:switch_replay_count])
+      is_expected.to contain_neutron_plugin_ml2('ml2_cisco/nexus_driver').with_value(params[:nexus_driver])
      is_expected.to contain_neutron_plugin_ml2('ml2_cisco/provider_vlan_auto_create').with_value(params[:provider_vlan_auto_create])
      is_expected.to contain_neutron_plugin_ml2('ml2_cisco/provider_vlan_auto_trunk').with_value(params[:provider_vlan_auto_trunk])
      is_expected.to contain_neutron_plugin_ml2('ml2_cisco/vxlan_global_config').with_value(params[:vxlan_global_config])