From f45169f38db4333d60841136fe3fab951221eeb6 Mon Sep 17 00:00:00 2001 From: Carol Bouchard Date: Mon, 1 Oct 2018 10:03:49 -0400 Subject: [PATCH] CiscoNexus: Update and Remove deprecated vars Update and Remove deprecated variables from Cisco Nexus Config. * Deprecated variables include vlan_name_prefix, svi_round_robin, provider_vlan_name_prefix, persistent_switch_config, never_cache_ssh_connection, ssh_port, switch_replay_count, nexus_driver, and host_key_checks. * Change config replay to on by defaulting switch_heartbeat_time=30. * Replaced method of configurating host_ports_mapping config. Change-Id: Iee2f869c4054f1120d224994aba8c827f981e6c0 Closes-bug: #1793379 --- examples/cisco_ml2.pp | 2 - manifests/plugins/ml2/cisco/nexus.pp | 85 +------------------ manifests/plugins/ml2/cisco/nexus_creds.pp | 7 +- manifests/plugins/ml2/cisco/nexus_switch.pp | 17 +--- .../neutron_plugins_ml2_cisco_nexus_spec.rb | 25 ++---- templates/nexus_switch_port_mappings.erb | 1 + 6 files changed, 12 insertions(+), 125 deletions(-) create mode 100644 templates/nexus_switch_port_mappings.erb diff --git a/examples/cisco_ml2.pp b/examples/cisco_ml2.pp index ea9a32198..e31e94c5c 100644 --- a/examples/cisco_ml2.pp +++ b/examples/cisco_ml2.pp @@ -30,7 +30,6 @@ class {'::neutron::plugins::ml2::cisco::nexus': 'n9372-1' => { 'username' => 'admin', 'password' => 'password', - 'ssh_port' => 22, 'ip_address' => '127.0.0.1', 'nve_src_intf' => 1, 'physnet' => 'physnet', @@ -46,7 +45,6 @@ class {'::neutron::plugins::ml2::cisco::nexus': 'n9372-2' => { 'username' => 'admin', 'password' => 'password', - 'ssh_port' => 22, 'ip_address' => '127.0.0.2', 'nve_src_intf' => 1, 'physnet' => 'physnet', diff --git a/manifests/plugins/ml2/cisco/nexus.pp b/manifests/plugins/ml2/cisco/nexus.pp index 263b79434..9a2dcfb06 100644 --- a/manifests/plugins/ml2/cisco/nexus.pp +++ b/manifests/plugins/ml2/cisco/nexus.pp @@ -10,7 +10,6 @@ # (required) Nexus switch configuration for neutron configuration file # Example nexus config format: # { 'switch_hostname' => {'username' => 'admin', -# 'ssh_port' => 22, # 'password' => "password", # 'ip_address' => "172.18.117.28", # 'nve_src_intf' => 1, @@ -61,105 +60,25 @@ # orchestration. # Defaults to true # -# DEPRECATED -# [*vlan_name_prefix*] -# (optional) This configuration item is OBSOLETE. -# A short prefix to prepend to the VLAN number when creating a -# VLAN interface. For example, if an interface is being created for -# VLAN 2001 it will be named 'q-2001' using the default prefix. -# The total length allowed for the prefix name and VLAN is 32 characters, -# the prefix will be truncated if the total length is greater than 32. -# Defaults to 'q-' -# -# [*svi_round_robin*] -# (optional) This configuration item is OBSOLETE. -# A flag to enable round robin scheduling of routers for SVI. -# Defaults to false -# -# [*provider_vlan_name_prefix*] -# (optional) This configuration item is OBSOLETE. -# A short prefix to prepend to the VLAN number when creating a -# provider VLAN interface. For example, if an interface is being created -# for provider VLAN 3003 it will be named 'p-3003' using the default prefix. -# The total length allowed for the prefix name and VLAN is 32 characters, -# the prefix will be truncated if the total length is greater than 32. -# Defaults to 'p-' -# -# [*persistent_switch_config*] -# (optional) This will be deprecated. This variable makes -# Nexus device persistent by running the Nexus CLI 'copy run start' -# after applying successful configurations. -# (default) This flag defaults to False keep consistent with -# existing functionality. -# Defaults to false -# -# [*never_cache_ssh_connection*] -# (optional) This will be deprecated. This configuration prevents -# caching ssh connections to a Nexus switch. -# (default) This defaults to False which indicates that ssh -# connections to Nexus switch are cached when the neutron -# controller has fewer than 8 processes. -# Defaults to false -# -# [*switch_replay_count*] -# (optional) This configuration item is OBSOLETE. The Nexus driver replay -# behavior is to continue to attempt to connect to the down Nexus device -# with a period equal to the heartbeat time interval. This was previously: -# Number of times to attempt config replay with switch. -# This variable depends on switch_heartbeat_time being enabled. -# Defaults to $::os_service_default -# -# [*nexus_driver*] -# (optional) This will be deprecated. This configuration is a -# choice of driver methods to configure Nexus devices. -# (default) This value defaults to 'restapi' but can be configured -# to legacy driver 'ncclient' temporarily until it is deprecated. -# Defaults to 'restapi' -# -# [*host_key_checks*] -# (optional) This will be deprecated. This flag indicates whether or -# not to enable strict host key checks when connecting to Nexus switches. -# Defaults to false -# class neutron::plugins::ml2::cisco::nexus ( $nexus_config, $managed_physical_network, - $vlan_name_prefix = 'q-', - $svi_round_robin = false, - $provider_vlan_name_prefix = 'p-', - $persistent_switch_config = false, - $switch_heartbeat_time = 0, - $never_cache_ssh_connection = false, - $switch_replay_count = $::os_service_default, - $nexus_driver = 'restapi', + $switch_heartbeat_time = 30, $provider_vlan_auto_create = true, $provider_vlan_auto_trunk = true, - $vxlan_global_config = true, - $host_key_checks = false + $vxlan_global_config = true ) { include ::neutron::deps include ::neutron::plugins::ml2::cisco - if ! is_service_default($switch_replay_count) { - warning('The switch_replay_count parameter is obsolete. The Nexus driver will always attempt replay on reconnect, if enabled.') - } neutron_plugin_ml2 { 'ml2_cisco/managed_physical_network' : value => $managed_physical_network; 'ml2_cisco/switch_heartbeat_time' : value => $switch_heartbeat_time; 'ml2_cisco/provider_vlan_auto_create' : value => $provider_vlan_auto_create; 'ml2_cisco/provider_vlan_auto_trunk' : value => $provider_vlan_auto_trunk; 'ml2_cisco/vxlan_global_config' : value => $vxlan_global_config; - #DEPRECATED ARGS - 'ml2_cisco/vlan_name_prefix' : value => $vlan_name_prefix; - 'ml2_cisco/svi_round_robin' : value => $svi_round_robin; - 'ml2_cisco/provider_vlan_name_prefix' : value => $provider_vlan_name_prefix; - 'ml2_cisco/persistent_switch_config' : value => $persistent_switch_config; - 'ml2_cisco/never_cache_ssh_connection' : value => $never_cache_ssh_connection; - 'ml2_cisco/switch_replay_count' : value => $switch_replay_count; - 'ml2_cisco/nexus_driver' : value => $nexus_driver; - 'ml2_cisco/host_key_checks' : value => $host_key_checks; } create_resources(neutron::plugins::ml2::cisco::nexus_switch, $nexus_config) diff --git a/manifests/plugins/ml2/cisco/nexus_creds.pp b/manifests/plugins/ml2/cisco/nexus_creds.pp index b80a01558..b0fa232fd 100644 --- a/manifests/plugins/ml2/cisco/nexus_creds.pp +++ b/manifests/plugins/ml2/cisco/nexus_creds.pp @@ -47,9 +47,6 @@ # [*ip_address*] # (required) The IP address of the switch. # -# [*ssh_port*] -# (not used) The SSH port to use when connecting to the switch. -# # [*nve_src_intf*] # (not used) Only valid if VXLAN overlay is configured and # vxlan_global_config is set to True. @@ -94,8 +91,7 @@ # to skip https certification checking thus making the connection # insecure. Getting a certificate and setting https_verify to True # is strongly advised for production to prevent man-in-the-middle -# attacks. Be advised the default will change from False to True -# in future releases. +# attacks. The default is True for a secure connection. # # Defaults to undef. # @@ -113,7 +109,6 @@ define neutron::plugins::ml2::cisco::nexus_creds( $username, $password, $servers, - $ssh_port, # Used parameters $ip_address, $nve_src_intf = undef, diff --git a/manifests/plugins/ml2/cisco/nexus_switch.pp b/manifests/plugins/ml2/cisco/nexus_switch.pp index 69448d883..6b9b34dcb 100644 --- a/manifests/plugins/ml2/cisco/nexus_switch.pp +++ b/manifests/plugins/ml2/cisco/nexus_switch.pp @@ -91,18 +91,13 @@ # to skip https certification checking thus making the connection # insecure. Getting a certificate and setting https_verify to True # is strongly advised for production to prevent man-in-the-middle -# attacks. Be advised the default will change from False to True -# in future releases. +# attacks. The default is true for a secure connection. # # [*https_local_certificate*] # (optional) Configure a local certificate file to present in https # requests. For experimental purpose when an official certificate # from a Trusted Certificate Authority is not yet available. # -# DEPRECATED -# [*ssh_port*] -# (optional) This configuration item is deprecated. -# The SSH port to use when connecting to the switch. # define neutron::plugins::ml2::cisco::nexus_switch( $username, @@ -110,7 +105,6 @@ define neutron::plugins::ml2::cisco::nexus_switch( $ip_address, $servers, $switchname = $title, - $ssh_port = $::os_service_default, $nve_src_intf = $::os_service_default, $physnet = $::os_service_default, $vpc_pool = $::os_service_default, @@ -122,22 +116,17 @@ define neutron::plugins::ml2::cisco::nexus_switch( include ::neutron::deps $section = "ML2_MECH_CISCO_NEXUS:${ip_address}" + $port_mappings = template("neutron/nexus_switch_port_mappings.erb") neutron_plugin_ml2 { "${section}/username": value => $username; "${section}/password": value => $password, secret => true; + "${section}/host_ports_mapping": value => $port_mappings; "${section}/nve_src_intf": value => $nve_src_intf; "${section}/physnet": value => $physnet; "${section}/vpc_pool": value => $vpc_pool; "${section}/intfcfg_portchannel": value => $intfcfg_portchannel; "${section}/https_verify": value => $https_verify; "${section}/https_local_certificate": value => $https_local_certificate; - #DEPRECATED ARGS - "${section}/ssh_port": value => $ssh_port; } - $server_defaults = { - 'switch_ip_address' => $ip_address - } - create_resources(neutron::plugins::ml2::cisco::nexus_switch_server, - $servers, $server_defaults) } diff --git a/spec/classes/neutron_plugins_ml2_cisco_nexus_spec.rb b/spec/classes/neutron_plugins_ml2_cisco_nexus_spec.rb index 66f02bc02..40e015e1c 100644 --- a/spec/classes/neutron_plugins_ml2_cisco_nexus_spec.rb +++ b/spec/classes/neutron_plugins_ml2_cisco_nexus_spec.rb @@ -20,7 +20,6 @@ describe 'neutron::plugins::ml2::cisco::nexus' do :nexus_config => { 'cvf2leaff2' => { 'username' => 'prad', - "ssh_port" => 22, "password" => "password", "ip_address" => "172.18.117.28", "nve_src_intf" => 1, @@ -30,24 +29,18 @@ describe 'neutron::plugins::ml2::cisco::nexus' do "https_verify" => false, "https_local_certificate" => "", "servers" => { - "control02" => {"ports" => "portchannel:20"}, - "control01" => {"ports" => "portchannel:10"} + "control02" => {"hostname"=> "control02", + "ports" => "portchannel:20"}, + "control01" => {"hostname"=> "control01", + "ports" => "portchannel:10"} } } }, :managed_physical_network => 'physnet1', - :vlan_name_prefix => 'q-', - :svi_round_robin => false, - :provider_vlan_name_prefix => 'p-', - :persistent_switch_config => false, - :never_cache_ssh_connection => false, :switch_heartbeat_time => 30, - :switch_replay_count => 3, - :nexus_driver => 'restapi', :provider_vlan_auto_create => true, :provider_vlan_auto_trunk => true, - :vxlan_global_config => true, - :host_key_checks => false + :vxlan_global_config => true } end @@ -72,18 +65,10 @@ describe 'neutron::plugins::ml2::cisco::nexus' do it do is_expected.to contain_neutron_plugin_ml2('ml2_cisco/managed_physical_network').with_value(params[:managed_physical_network]) - is_expected.to contain_neutron_plugin_ml2('ml2_cisco/vlan_name_prefix').with_value(params[:vlan_name_prefix]) - is_expected.to contain_neutron_plugin_ml2('ml2_cisco/svi_round_robin').with_value(params[:svi_round_robin]) - is_expected.to contain_neutron_plugin_ml2('ml2_cisco/provider_vlan_name_prefix').with_value(params[:provider_vlan_name_prefix]) - is_expected.to contain_neutron_plugin_ml2('ml2_cisco/persistent_switch_config').with_value(params[:persistent_switch_config]) - is_expected.to contain_neutron_plugin_ml2('ml2_cisco/never_cache_ssh_connection').with_value(params[:never_cache_ssh_connection]) is_expected.to contain_neutron_plugin_ml2('ml2_cisco/switch_heartbeat_time').with_value(params[:switch_heartbeat_time]) - is_expected.to contain_neutron_plugin_ml2('ml2_cisco/switch_replay_count').with_value(params[:switch_replay_count]) - is_expected.to contain_neutron_plugin_ml2('ml2_cisco/nexus_driver').with_value(params[:nexus_driver]) is_expected.to contain_neutron_plugin_ml2('ml2_cisco/provider_vlan_auto_create').with_value(params[:provider_vlan_auto_create]) is_expected.to contain_neutron_plugin_ml2('ml2_cisco/provider_vlan_auto_trunk').with_value(params[:provider_vlan_auto_trunk]) is_expected.to contain_neutron_plugin_ml2('ml2_cisco/vxlan_global_config').with_value(params[:vxlan_global_config]) - is_expected.to contain_neutron_plugin_ml2('ml2_cisco/host_key_checks').with_value(params[:host_key_checks]) end it { diff --git a/templates/nexus_switch_port_mappings.erb b/templates/nexus_switch_port_mappings.erb new file mode 100644 index 000000000..940d845db --- /dev/null +++ b/templates/nexus_switch_port_mappings.erb @@ -0,0 +1 @@ +<%- @servers.each_with_index do |(server, value), index| -%><%= value['hostname'] -%><%= ':' %>[<%= value['ports'] %>]<%= ',' if index < (@servers.size - 1) %><%- end -%>