openstack/puppet-neutron
Code Issues Proposed changes

CiscoNexus: Update and Remove deprecated vars

Browse Source 
Update and Remove deprecated variables from Cisco Nexus Config.
* Deprecated variables include vlan_name_prefix, svi_round_robin,
  provider_vlan_name_prefix, persistent_switch_config,
  never_cache_ssh_connection, ssh_port, switch_replay_count,
  nexus_driver, and host_key_checks.
* Change config replay to on by defaulting switch_heartbeat_time=30.
* Replaced method of configurating host_ports_mapping config.

Change-Id: Iee2f869c4054f1120d224994aba8c827f981e6c0
Closes-bug:  #1793379
This commit is contained in:
Carol Bouchard 2018-10-01 10:03:49 -04:00
parent 898318e6cb
commit f45169f38d
6 changed files with 12 additions and 125 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
examples/cisco_ml2.pp
View File

@ -30,7 +30,6 @@ class {'::neutron::plugins::ml2::cisco::nexus':
'n9372-1' => { 'n9372-1' => {
'username' => 'admin', 'username' => 'admin',
'password' => 'password', 'password' => 'password',
'ssh_port' => 22,
'ip_address' => '127.0.0.1', 'ip_address' => '127.0.0.1',
'nve_src_intf' => 1, 'nve_src_intf' => 1,
'physnet' => 'physnet', 'physnet' => 'physnet',
@ -46,7 +45,6 @@ class {'::neutron::plugins::ml2::cisco::nexus':
'n9372-2' => { 'n9372-2' => {
'username' => 'admin', 'username' => 'admin',
'password' => 'password', 'password' => 'password',
'ssh_port' => 22,
'ip_address' => '127.0.0.2', 'ip_address' => '127.0.0.2',
'nve_src_intf' => 1, 'nve_src_intf' => 1,
'physnet' => 'physnet', 'physnet' => 'physnet',

85
manifests/plugins/ml2/cisco/nexus.pp
View File

@ -10,7 +10,6 @@
# (required) Nexus switch configuration for neutron configuration file # (required) Nexus switch configuration for neutron configuration file
# Example nexus config format: # Example nexus config format:
# { 'switch_hostname' => {'username' => 'admin', # { 'switch_hostname' => {'username' => 'admin',
# 'ssh_port' => 22,
# 'password' => "password", # 'password' => "password",
# 'ip_address' => "172.18.117.28", # 'ip_address' => "172.18.117.28",
# 'nve_src_intf' => 1, # 'nve_src_intf' => 1,
@ -61,105 +60,25 @@
# orchestration. # orchestration.
# Defaults to true # Defaults to true
# #
# DEPRECATED
# [*vlan_name_prefix*]
# (optional) This configuration item is OBSOLETE.
# A short prefix to prepend to the VLAN number when creating a
# VLAN interface. For example, if an interface is being created for
# VLAN 2001 it will be named 'q-2001' using the default prefix.
# The total length allowed for the prefix name and VLAN is 32 characters,
# the prefix will be truncated if the total length is greater than 32.
# Defaults to 'q-'
#
# [*svi_round_robin*]
# (optional) This configuration item is OBSOLETE.
# A flag to enable round robin scheduling of routers for SVI.
# Defaults to false
#
# [*provider_vlan_name_prefix*]
# (optional) This configuration item is OBSOLETE.
# A short prefix to prepend to the VLAN number when creating a
# provider VLAN interface. For example, if an interface is being created
# for provider VLAN 3003 it will be named 'p-3003' using the default prefix.
# The total length allowed for the prefix name and VLAN is 32 characters,
# the prefix will be truncated if the total length is greater than 32.
# Defaults to 'p-'
#
# [*persistent_switch_config*]
# (optional) This will be deprecated. This variable makes
# Nexus device persistent by running the Nexus CLI 'copy run start'
# after applying successful configurations.
# (default) This flag defaults to False keep consistent with
# existing functionality.
# Defaults to false
#
# [*never_cache_ssh_connection*]
# (optional) This will be deprecated. This configuration prevents
# caching ssh connections to a Nexus switch.
# (default) This defaults to False which indicates that ssh
# connections to Nexus switch are cached when the neutron
# controller has fewer than 8 processes.
# Defaults to false
#
# [*switch_replay_count*]
# (optional) This configuration item is OBSOLETE. The Nexus driver replay
# behavior is to continue to attempt to connect to the down Nexus device
# with a period equal to the heartbeat time interval. This was previously:
# Number of times to attempt config replay with switch.
# This variable depends on switch_heartbeat_time being enabled.
# Defaults to $::os_service_default
#
# [*nexus_driver*]
# (optional) This will be deprecated. This configuration is a
# choice of driver methods to configure Nexus devices.
# (default) This value defaults to 'restapi' but can be configured
# to legacy driver 'ncclient' temporarily until it is deprecated.
# Defaults to 'restapi'
#
# [*host_key_checks*]
# (optional) This will be deprecated. This flag indicates whether or
# not to enable strict host key checks when connecting to Nexus switches.
# Defaults to false
#
class neutron::plugins::ml2::cisco::nexus ( class neutron::plugins::ml2::cisco::nexus (
$nexus_config, $nexus_config,
$managed_physical_network, $managed_physical_network,
$vlan_name_prefix = 'q-', $switch_heartbeat_time = 30,
$svi_round_robin = false,
$provider_vlan_name_prefix = 'p-',
$persistent_switch_config = false,
$switch_heartbeat_time = 0,
$never_cache_ssh_connection = false,
$switch_replay_count = $::os_service_default,
$nexus_driver = 'restapi',
$provider_vlan_auto_create = true, $provider_vlan_auto_create = true,
$provider_vlan_auto_trunk = true, $provider_vlan_auto_trunk = true,
$vxlan_global_config = true, $vxlan_global_config = true
$host_key_checks = false
) { ) {
include ::neutron::deps include ::neutron::deps
include ::neutron::plugins::ml2::cisco include ::neutron::plugins::ml2::cisco
if ! is_service_default($switch_replay_count) {
warning('The switch_replay_count parameter is obsolete. The Nexus driver will always attempt replay on reconnect, if enabled.')
}
neutron_plugin_ml2 { neutron_plugin_ml2 {
'ml2_cisco/managed_physical_network' : value => $managed_physical_network; 'ml2_cisco/managed_physical_network' : value => $managed_physical_network;
'ml2_cisco/switch_heartbeat_time' : value => $switch_heartbeat_time; 'ml2_cisco/switch_heartbeat_time' : value => $switch_heartbeat_time;
'ml2_cisco/provider_vlan_auto_create' : value => $provider_vlan_auto_create; 'ml2_cisco/provider_vlan_auto_create' : value => $provider_vlan_auto_create;
'ml2_cisco/provider_vlan_auto_trunk' : value => $provider_vlan_auto_trunk; 'ml2_cisco/provider_vlan_auto_trunk' : value => $provider_vlan_auto_trunk;
'ml2_cisco/vxlan_global_config' : value => $vxlan_global_config; 'ml2_cisco/vxlan_global_config' : value => $vxlan_global_config;
#DEPRECATED ARGS
'ml2_cisco/vlan_name_prefix' : value => $vlan_name_prefix;
'ml2_cisco/svi_round_robin' : value => $svi_round_robin;
'ml2_cisco/provider_vlan_name_prefix' : value => $provider_vlan_name_prefix;
'ml2_cisco/persistent_switch_config' : value => $persistent_switch_config;
'ml2_cisco/never_cache_ssh_connection' : value => $never_cache_ssh_connection;
'ml2_cisco/switch_replay_count' : value => $switch_replay_count;
'ml2_cisco/nexus_driver' : value => $nexus_driver;
'ml2_cisco/host_key_checks' : value => $host_key_checks;
} }
create_resources(neutron::plugins::ml2::cisco::nexus_switch, $nexus_config) create_resources(neutron::plugins::ml2::cisco::nexus_switch, $nexus_config)

7
manifests/plugins/ml2/cisco/nexus_creds.pp
View File

@ -47,9 +47,6 @@
# [*ip_address*] # [*ip_address*]
# (required) The IP address of the switch. # (required) The IP address of the switch.
# #
# [*ssh_port*]
# (not used) The SSH port to use when connecting to the switch.
#
# [*nve_src_intf*] # [*nve_src_intf*]
# (not used) Only valid if VXLAN overlay is configured and # (not used) Only valid if VXLAN overlay is configured and
# vxlan_global_config is set to True. # vxlan_global_config is set to True.
@ -94,8 +91,7 @@
# to skip https certification checking thus making the connection # to skip https certification checking thus making the connection
# insecure. Getting a certificate and setting https_verify to True # insecure. Getting a certificate and setting https_verify to True
# is strongly advised for production to prevent man-in-the-middle # is strongly advised for production to prevent man-in-the-middle
# attacks. Be advised the default will change from False to True # attacks. The default is True for a secure connection.
# in future releases.
# #
# Defaults to undef. # Defaults to undef.
# #
@ -113,7 +109,6 @@ define neutron::plugins::ml2::cisco::nexus_creds(
$username, $username,
$password, $password,
$servers, $servers,
$ssh_port,
# Used parameters # Used parameters
$ip_address, $ip_address,
$nve_src_intf = undef, $nve_src_intf = undef,

17
manifests/plugins/ml2/cisco/nexus_switch.pp
View File

@ -91,18 +91,13 @@
# to skip https certification checking thus making the connection # to skip https certification checking thus making the connection
# insecure. Getting a certificate and setting https_verify to True # insecure. Getting a certificate and setting https_verify to True
# is strongly advised for production to prevent man-in-the-middle # is strongly advised for production to prevent man-in-the-middle
# attacks. Be advised the default will change from False to True # attacks. The default is true for a secure connection.
# in future releases.
# #
# [*https_local_certificate*] # [*https_local_certificate*]
# (optional) Configure a local certificate file to present in https # (optional) Configure a local certificate file to present in https
# requests. For experimental purpose when an official certificate # requests. For experimental purpose when an official certificate
# from a Trusted Certificate Authority is not yet available. # from a Trusted Certificate Authority is not yet available.
# #
# DEPRECATED
# [*ssh_port*]
# (optional) This configuration item is deprecated.
# The SSH port to use when connecting to the switch.
# #
define neutron::plugins::ml2::cisco::nexus_switch( define neutron::plugins::ml2::cisco::nexus_switch(
$username, $username,
@ -110,7 +105,6 @@ define neutron::plugins::ml2::cisco::nexus_switch(
$ip_address, $ip_address,
$servers, $servers,
$switchname = $title, $switchname = $title,
$ssh_port = $::os_service_default,
$nve_src_intf = $::os_service_default, $nve_src_intf = $::os_service_default,
$physnet = $::os_service_default, $physnet = $::os_service_default,
$vpc_pool = $::os_service_default, $vpc_pool = $::os_service_default,
@ -122,22 +116,17 @@ define neutron::plugins::ml2::cisco::nexus_switch(
include ::neutron::deps include ::neutron::deps
$section = "ML2_MECH_CISCO_NEXUS:${ip_address}" $section = "ML2_MECH_CISCO_NEXUS:${ip_address}"
$port_mappings = template("neutron/nexus_switch_port_mappings.erb")
neutron_plugin_ml2 { neutron_plugin_ml2 {
"${section}/username": value => $username; "${section}/username": value => $username;
"${section}/password": value => $password, secret => true; "${section}/password": value => $password, secret => true;
"${section}/host_ports_mapping": value => $port_mappings;
"${section}/nve_src_intf": value => $nve_src_intf; "${section}/nve_src_intf": value => $nve_src_intf;
"${section}/physnet": value => $physnet; "${section}/physnet": value => $physnet;
"${section}/vpc_pool": value => $vpc_pool; "${section}/vpc_pool": value => $vpc_pool;
"${section}/intfcfg_portchannel": value => $intfcfg_portchannel; "${section}/intfcfg_portchannel": value => $intfcfg_portchannel;
"${section}/https_verify": value => $https_verify; "${section}/https_verify": value => $https_verify;
"${section}/https_local_certificate": value => $https_local_certificate; "${section}/https_local_certificate": value => $https_local_certificate;
#DEPRECATED ARGS
"${section}/ssh_port": value => $ssh_port;
} }
$server_defaults = {
'switch_ip_address' => $ip_address
}
create_resources(neutron::plugins::ml2::cisco::nexus_switch_server,
$servers, $server_defaults)
} }

25
spec/classes/neutron_plugins_ml2_cisco_nexus_spec.rb
View File

@ -20,7 +20,6 @@ describe 'neutron::plugins::ml2::cisco::nexus' do
:nexus_config => { :nexus_config => {
'cvf2leaff2' => { 'cvf2leaff2' => {
'username' => 'prad', 'username' => 'prad',
"ssh_port" => 22,
"password" => "password", "password" => "password",
"ip_address" => "172.18.117.28", "ip_address" => "172.18.117.28",
"nve_src_intf" => 1, "nve_src_intf" => 1,
@ -30,24 +29,18 @@ describe 'neutron::plugins::ml2::cisco::nexus' do
"https_verify" => false, "https_verify" => false,
"https_local_certificate" => "", "https_local_certificate" => "",
"servers" => { "servers" => {
"control02" => {"ports" => "portchannel:20"}, "control02" => {"hostname"=> "control02",
"control01" => {"ports" => "portchannel:10"} "ports" => "portchannel:20"},
"control01" => {"hostname"=> "control01",
"ports" => "portchannel:10"}
} }
} }
}, },
:managed_physical_network => 'physnet1', :managed_physical_network => 'physnet1',
:vlan_name_prefix => 'q-',
:svi_round_robin => false,
:provider_vlan_name_prefix => 'p-',
:persistent_switch_config => false,
:never_cache_ssh_connection => false,
:switch_heartbeat_time => 30, :switch_heartbeat_time => 30,
:switch_replay_count => 3,
:nexus_driver => 'restapi',
:provider_vlan_auto_create => true, :provider_vlan_auto_create => true,
:provider_vlan_auto_trunk => true, :provider_vlan_auto_trunk => true,
:vxlan_global_config => true, :vxlan_global_config => true
:host_key_checks => false
} }
end end
@ -72,18 +65,10 @@ describe 'neutron::plugins::ml2::cisco::nexus' do
it do it do
is_expected.to contain_neutron_plugin_ml2('ml2_cisco/managed_physical_network').with_value(params[:managed_physical_network]) is_expected.to contain_neutron_plugin_ml2('ml2_cisco/managed_physical_network').with_value(params[:managed_physical_network])
is_expected.to contain_neutron_plugin_ml2('ml2_cisco/vlan_name_prefix').with_value(params[:vlan_name_prefix])
is_expected.to contain_neutron_plugin_ml2('ml2_cisco/svi_round_robin').with_value(params[:svi_round_robin])
is_expected.to contain_neutron_plugin_ml2('ml2_cisco/provider_vlan_name_prefix').with_value(params[:provider_vlan_name_prefix])
is_expected.to contain_neutron_plugin_ml2('ml2_cisco/persistent_switch_config').with_value(params[:persistent_switch_config])
is_expected.to contain_neutron_plugin_ml2('ml2_cisco/never_cache_ssh_connection').with_value(params[:never_cache_ssh_connection])
is_expected.to contain_neutron_plugin_ml2('ml2_cisco/switch_heartbeat_time').with_value(params[:switch_heartbeat_time]) is_expected.to contain_neutron_plugin_ml2('ml2_cisco/switch_heartbeat_time').with_value(params[:switch_heartbeat_time])
is_expected.to contain_neutron_plugin_ml2('ml2_cisco/switch_replay_count').with_value(params[:switch_replay_count])
is_expected.to contain_neutron_plugin_ml2('ml2_cisco/nexus_driver').with_value(params[:nexus_driver])
is_expected.to contain_neutron_plugin_ml2('ml2_cisco/provider_vlan_auto_create').with_value(params[:provider_vlan_auto_create]) is_expected.to contain_neutron_plugin_ml2('ml2_cisco/provider_vlan_auto_create').with_value(params[:provider_vlan_auto_create])
is_expected.to contain_neutron_plugin_ml2('ml2_cisco/provider_vlan_auto_trunk').with_value(params[:provider_vlan_auto_trunk]) is_expected.to contain_neutron_plugin_ml2('ml2_cisco/provider_vlan_auto_trunk').with_value(params[:provider_vlan_auto_trunk])
is_expected.to contain_neutron_plugin_ml2('ml2_cisco/vxlan_global_config').with_value(params[:vxlan_global_config]) is_expected.to contain_neutron_plugin_ml2('ml2_cisco/vxlan_global_config').with_value(params[:vxlan_global_config])
is_expected.to contain_neutron_plugin_ml2('ml2_cisco/host_key_checks').with_value(params[:host_key_checks])
end end
it { it {

1
templates/nexus_switch_port_mappings.erb Normal file
View File

@ -0,0 +1 @@
<%- @servers.each_with_index do |(server, value), index| -%><%= value['hostname'] -%><%= ':' %>[<%= value['ports'] %>]<%= ',' if index < (@servers.size - 1) %><%- end -%>