From 6c22e040dc1f4f1f15896c162f97e024da4c902e Mon Sep 17 00:00:00 2001 From: Tobias Urdin Date: Fri, 26 Oct 2018 10:31:04 +0200 Subject: [PATCH] Deprecate neutron options and add alternatives Deprecates the neutron options that are currently deprecated and adds two new parameters that can be used to change the nova behaviour in the proper way. See here that they are deprecated [1] [2]. [1] https://github.com/openstack/nova/blob/master/nova/conf/neutron.py#L35 [2] https://github.com/openstack/nova/blob/c6218428e9b29a2c52808ec7d27b4b21aadc0299/releasenotes/notes/deprecate-more-nova-network-opts-a9f87c79f7d26438.yaml [3] https://github.com/openstack/nova/blob/c6218428e9b29a2c52808ec7d27b4b21aadc0299/releasenotes/notes/deprecate-nova-network-opts-b6da6af4497ef4ca.yaml Change-Id: I2d56ac6d1bbfc2f5565485b05b161dd0e67c576b --- manifests/network/neutron.pp | 85 ++++--- ...ated-neutron-options-c506d893a1529ed5.yaml | 21 ++ spec/classes/nova_network_neutron_spec.rb | 207 +++++++++--------- 3 files changed, 180 insertions(+), 133 deletions(-) create mode 100644 releasenotes/notes/deprecated-neutron-options-c506d893a1529ed5.yaml diff --git a/manifests/network/neutron.pp b/manifests/network/neutron.pp index 86f2b4115..d8e1a531b 100644 --- a/manifests/network/neutron.pp +++ b/manifests/network/neutron.pp @@ -12,14 +12,6 @@ # Name of the auth type to load (string value) # Defaults to 'v3password' # -# [*neutron_url*] -# (optional) URL for connecting to the Neutron networking service. -# Defaults to 'http://127.0.0.1:9696' -# -# [*neutron_url_timeout*] -# (optional) Timeout value for connecting to neutron in seconds. -# Defaults to '30' -# # [*neutron_project_name*] # (optional) Project name for connecting to Neutron network services in # admin context through the OpenStack Identity service. @@ -30,21 +22,39 @@ # admin context through the OpenStack Identity service. # Defaults to 'Default' # +# [*neutron_username*] +# (optional) Username for connecting to Neutron network services in admin context +# through the OpenStack Identity service. +# Defaults to 'neutron' +# # [*neutron_user_domain_name*] # (optional) User Domain name for connecting to Neutron network services in # admin context through the OpenStack Identity service. # Defaults to 'Default' # +# [*neutron_auth_url*] +# (optional) Points to the OpenStack Identity server IP and port. +# This is the Identity (keystone) admin API server IP and port value, +# and not the Identity service API IP and port. +# Defaults to 'http://127.0.0.1:5000/v3' +# +# [*neutron_valid_interfaces*] +# (optional) The endpoint type to lookup when talking to Neutron. +# Defaults to $::os_service_default +# +# [*neutron_endpoint_override*] +# (optional) Override the endpoint to use to talk to Neutron. +# Defaults to $::os_service_default +# +# [*neutron_timeout*] +# (optional) Timeout value for connecting to neutron in seconds. +# Defaults to '30' +# # [*neutron_region_name*] # (optional) Region name for connecting to neutron in admin context # through the OpenStack Identity service. # Defaults to 'RegionOne' # -# [*neutron_username*] -# (optional) Username for connecting to Neutron network services in admin context -# through the OpenStack Identity service. -# Defaults to 'neutron' -# # [*neutron_ovs_bridge*] # (optional) Name of Integration Bridge used by Open vSwitch # Defaults to 'br-int' @@ -53,12 +63,6 @@ # (optional) Number of seconds before querying neutron for extensions # Defaults to '600' # -# [*neutron_auth_url*] -# (optional) Points to the OpenStack Identity server IP and port. -# This is the Identity (keystone) admin API server IP and port value, -# and not the Identity service API IP and port. -# Defaults to 'http://127.0.0.1:5000/v3' -# # [*vif_plugging_is_fatal*] # (optional) Fail to boot instance if vif plugging fails. # This prevents nova from booting an instance if vif plugging notification @@ -77,16 +81,24 @@ # ### DEPRECATED PARAMS # +# [*neutron_url*] +# (optional) URL for connecting to the Neutron networking service. +# Defaults to undef +# +# [*neutron_url_timeout*] +# (optional) Timeout value for connecting to neutron in seconds. +# Defaults to undef +# # [*firewall_driver*] # (optional) Firewall driver. # This prevents nova from maintaining a firewall so it does not interfere # with Neutron's. Set to 'nova.virt.firewall.IptablesFirewallDriver' # to re-enable the Nova firewall. -# Defaults to 'nova.virt.firewall.NoopFirewallDriver' +# Defaults to undef # # [*dhcp_domain*] # (optional) domain to use for building the hostnames -# Defaults to 'novalocal' +# Defaults to undef # class nova::network::neutron ( $neutron_password = false, @@ -96,8 +108,9 @@ class nova::network::neutron ( $neutron_username = 'neutron', $neutron_user_domain_name = 'Default', $neutron_auth_url = 'http://127.0.0.1:5000/v3', - $neutron_url = 'http://127.0.0.1:9696', - $neutron_url_timeout = '30', + $neutron_valid_interfaces = $::os_service_default, + $neutron_endpoint_override = $::os_service_default, + $neutron_timeout = '30', $neutron_region_name = 'RegionOne', $neutron_ovs_bridge = 'br-int', $neutron_extension_sync_interval = '600', @@ -105,12 +118,23 @@ class nova::network::neutron ( $vif_plugging_timeout = '300', $default_floating_pool = 'nova', # DEPRECATED PARAMS - $firewall_driver = 'nova.virt.firewall.NoopFirewallDriver', - $dhcp_domain = 'novalocal', + $neutron_url = undef, + $neutron_url_timeout = undef, + $firewall_driver = undef, + $dhcp_domain = undef, ) { include ::nova::deps + if $neutron_url { + warning('nova::network::neutron::neutron_url is deprecated, nova behaviour will be default to looking up \ + the neutron endpoint in the keystone catalog, please use nova::network::neutron::neutron_endpoint_override to override') + } + + if $neutron_url_timeout { + warning('nova::network::neutron::neutron_url_timeout is deprecated, please use neutron_timeout instead.') + } + if $firewall_driver { warning('nova::network::neutron::firewall_driver is deprecated and will be removed in a future release') } @@ -125,12 +149,17 @@ class nova::network::neutron ( 'DEFAULT/firewall_driver': value => $firewall_driver; } + nova_config { + 'neutron/url': value => $neutron_url; + } + + $neutron_timeout_real = pick($neutron_url_timeout, $neutron_timeout) + nova_config { 'DEFAULT/vif_plugging_is_fatal': value => $vif_plugging_is_fatal; 'DEFAULT/vif_plugging_timeout': value => $vif_plugging_timeout; 'neutron/default_floating_pool': value => $default_floating_pool; - 'neutron/url': value => $neutron_url; - 'neutron/timeout': value => $neutron_url_timeout; + 'neutron/timeout': value => $neutron_timeout_real; 'neutron/project_name': value => $neutron_project_name; 'neutron/project_domain_name': value => $neutron_project_domain_name; 'neutron/region_name': value => $neutron_region_name; @@ -138,6 +167,8 @@ class nova::network::neutron ( 'neutron/user_domain_name': value => $neutron_user_domain_name; 'neutron/password': value => $neutron_password, secret => true; 'neutron/auth_url': value => $neutron_auth_url; + 'neutron/valid_interfaces': value => $neutron_valid_interfaces; + 'neutron/endpoint_override': value => $neutron_endpoint_override; 'neutron/ovs_bridge': value => $neutron_ovs_bridge; 'neutron/extension_sync_interval': value => $neutron_extension_sync_interval; 'neutron/auth_type': value => $neutron_auth_type; diff --git a/releasenotes/notes/deprecated-neutron-options-c506d893a1529ed5.yaml b/releasenotes/notes/deprecated-neutron-options-c506d893a1529ed5.yaml new file mode 100644 index 000000000..c2323d45d --- /dev/null +++ b/releasenotes/notes/deprecated-neutron-options-c506d893a1529ed5.yaml @@ -0,0 +1,21 @@ +--- +deprecations: + - | + nova::network::neutron::neutron_url is deprecated and will be removed in a future + release. Nova will default to looking up the neutron endpoint in the keystone + catalog, you can override the endpoint type with neutron_endpoint_type or by + overriding the endpoint with the neutron_endpoint_override parameter. + - | + nova::network::neutron::neutron_url_timeout is deprecated, please use neutron_timeout + instead. +features: + - | + Added new parameter nova::network::neutron::neutron_timeout that replaces the current + neutron_url_timeout parameter. + - | + Added new parameter nova::network::neutron::neutron_valid_interfaces which can be used + to override the keystone catalog interface nova should lookup for the neutron endpoint. + - | + Added new parameter nova::network::neutron::neutron_endpoint_override that can be used + to force the endpoint nova should use to talk to neutron, otherwise it will be looked + up in the keystone endpoint catalog. diff --git a/spec/classes/nova_network_neutron_spec.rb b/spec/classes/nova_network_neutron_spec.rb index e583a353e..749dfa367 100644 --- a/spec/classes/nova_network_neutron_spec.rb +++ b/spec/classes/nova_network_neutron_spec.rb @@ -1,135 +1,130 @@ require 'spec_helper' describe 'nova::network::neutron' do - let :default_params do - { :neutron_auth_type => 'v3password', - :neutron_url => 'http://127.0.0.1:9696', - :neutron_url_timeout => '30', + { + :neutron_auth_type => 'v3password', + :neutron_timeout => '30', :neutron_project_name => 'services', :neutron_project_domain_name => 'Default', :neutron_region_name => 'RegionOne', :neutron_username => 'neutron', :neutron_user_domain_name => 'Default', :neutron_auth_url => 'http://127.0.0.1:5000/v3', + :neutron_valid_interfaces => '', + :neutron_endpoint_override => '', :neutron_ovs_bridge => 'br-int', :neutron_extension_sync_interval => '600', - :firewall_driver => 'nova.virt.firewall.NoopFirewallDriver', :vif_plugging_is_fatal => true, :vif_plugging_timeout => '300', - :dhcp_domain => 'novalocal', - :default_floating_pool => 'nova' + :default_floating_pool => 'nova', } end let :params do - { :neutron_password => 's3cr3t' } + { + :neutron_password => 's3cr3t' + } end - context 'with required parameters' do - it 'configures neutron endpoint in nova.conf' do - is_expected.to contain_nova_config('neutron/password').with_value(params[:neutron_password]).with_secret(true) - is_expected.to contain_nova_config('DEFAULT/dhcp_domain').with_value(default_params[:dhcp_domain]) - is_expected.to contain_nova_config('neutron/default_floating_pool').with_value(default_params[:default_floating_pool]) - is_expected.to contain_nova_config('neutron/auth_type').with_value(default_params[:neutron_auth_type]) - is_expected.to contain_nova_config('neutron/url').with_value(default_params[:neutron_url]) - is_expected.to contain_nova_config('neutron/timeout').with_value(default_params[:neutron_url_timeout]) - is_expected.to contain_nova_config('neutron/project_name').with_value(default_params[:neutron_project_name]) - is_expected.to contain_nova_config('neutron/project_domain_name').with_value(default_params[:neutron_project_domain_name]) - is_expected.to contain_nova_config('neutron/region_name').with_value(default_params[:neutron_region_name]) - is_expected.to contain_nova_config('neutron/username').with_value(default_params[:neutron_username]) - is_expected.to contain_nova_config('neutron/user_domain_name').with_value(default_params[:neutron_user_domain_name]) - is_expected.to contain_nova_config('neutron/auth_url').with_value(default_params[:neutron_auth_url]) - is_expected.to contain_nova_config('neutron/extension_sync_interval').with_value(default_params[:neutron_extension_sync_interval]) + shared_examples 'nova::network::neutron' do + context 'with required parameters' do + it 'configures neutron endpoint in nova.conf' do + should contain_nova_config('neutron/password').with_value(params[:neutron_password]).with_secret(true) + should contain_nova_config('neutron/default_floating_pool').with_value(default_params[:default_floating_pool]) + should contain_nova_config('neutron/auth_type').with_value(default_params[:neutron_auth_type]) + should contain_nova_config('neutron/timeout').with_value(default_params[:neutron_timeout]) + should contain_nova_config('neutron/project_name').with_value(default_params[:neutron_project_name]) + should contain_nova_config('neutron/project_domain_name').with_value(default_params[:neutron_project_domain_name]) + should contain_nova_config('neutron/region_name').with_value(default_params[:neutron_region_name]) + should contain_nova_config('neutron/username').with_value(default_params[:neutron_username]) + should contain_nova_config('neutron/user_domain_name').with_value(default_params[:neutron_user_domain_name]) + should contain_nova_config('neutron/auth_url').with_value(default_params[:neutron_auth_url]) + should contain_nova_config('neutron/valid_interfaces').with_value(default_params[:neutron_valid_interfaces]) + should contain_nova_config('neutron/endpoint_override').with_value(default_params[:neutron_endpoint_override]) + should contain_nova_config('neutron/extension_sync_interval').with_value(default_params[:neutron_extension_sync_interval]) + should contain_nova_config('neutron/ovs_bridge').with_value(default_params[:neutron_ovs_bridge]) + end + + it 'configures neutron vif plugging events in nova.conf' do + should contain_nova_config('DEFAULT/vif_plugging_is_fatal').with_value(default_params[:vif_plugging_is_fatal]) + should contain_nova_config('DEFAULT/vif_plugging_timeout').with_value(default_params[:vif_plugging_timeout]) + end end - it 'configures Nova to use Neutron Bridge Security Groups and Firewall' do - is_expected.to contain_nova_config('DEFAULT/firewall_driver').with_value(default_params[:firewall_driver]) - is_expected.to contain_nova_config('neutron/ovs_bridge').with_value(default_params[:neutron_ovs_bridge]) + + context 'when overriding class parameters' do + before do + params.merge!( + :neutron_timeout => '30', + :neutron_project_name => 'openstack', + :neutron_project_domain_name => 'openstack_domain', + :neutron_region_name => 'RegionTwo', + :neutron_username => 'neutron2', + :neutron_user_domain_name => 'neutron_domain', + :neutron_auth_url => 'http://10.0.0.1:5000/v2', + :neutron_valid_interfaces => 'public', + :neutron_endpoint_override => 'http://127.0.0.1:9696', + :neutron_ovs_bridge => 'br-int', + :neutron_extension_sync_interval => '600', + :vif_plugging_is_fatal => false, + :vif_plugging_timeout => '0', + :default_floating_pool => 'public' + ) + end + + it 'configures neutron endpoint in nova.conf' do + should contain_nova_config('neutron/password').with_value(params[:neutron_password]).with_secret(true) + should contain_nova_config('neutron/default_floating_pool').with_value(params[:default_floating_pool]) + should contain_nova_config('neutron/timeout').with_value(params[:neutron_timeout]) + should contain_nova_config('neutron/project_name').with_value(params[:neutron_project_name]) + should contain_nova_config('neutron/project_domain_name').with_value(params[:neutron_project_domain_name]) + should contain_nova_config('neutron/region_name').with_value(params[:neutron_region_name]) + should contain_nova_config('neutron/username').with_value(params[:neutron_username]) + should contain_nova_config('neutron/user_domain_name').with_value(params[:neutron_user_domain_name]) + should contain_nova_config('neutron/auth_url').with_value(params[:neutron_auth_url]) + should contain_nova_config('neutron/valid_interfaces').with_value(params[:neutron_valid_interfaces]) + should contain_nova_config('neutron/endpoint_override').with_value(params[:neutron_endpoint_override]) + should contain_nova_config('neutron/extension_sync_interval').with_value(params[:neutron_extension_sync_interval]) + should contain_nova_config('neutron/ovs_bridge').with_value(params[:neutron_ovs_bridge]) + end + + it 'configures neutron vif plugging events in nova.conf' do + should contain_nova_config('DEFAULT/vif_plugging_is_fatal').with_value(params[:vif_plugging_is_fatal]) + should contain_nova_config('DEFAULT/vif_plugging_timeout').with_value(params[:vif_plugging_timeout]) + end end - it 'configures neutron vif plugging events in nova.conf' do - is_expected.to contain_nova_config('DEFAULT/vif_plugging_is_fatal').with_value(default_params[:vif_plugging_is_fatal]) - is_expected.to contain_nova_config('DEFAULT/vif_plugging_timeout').with_value(default_params[:vif_plugging_timeout]) + + context 'with deprecated class parameters' do + before do + params.merge!( + :neutron_url => 'http://10.0.0.1:9696', + :neutron_url_timeout => '30', + :firewall_driver => 'nova.virt.firewall.IptablesFirewallDriver', + :dhcp_domain => 'foo', + ) + end + + it 'configures neutron endpoint in nova.conf' do + should contain_nova_config('DEFAULT/dhcp_domain').with_value(params[:dhcp_domain]) + should contain_nova_config('neutron/url').with_value(params[:neutron_url]) + should contain_nova_config('neutron/timeout').with_value(params[:neutron_url_timeout]) + end + + it 'configures Nova to use Neutron Security Groups and Firewall' do + should contain_nova_config('DEFAULT/firewall_driver').with_value(params[:firewall_driver]) + end end end - context 'when overriding class parameters' do - before do - params.merge!( - :neutron_url => 'http://10.0.0.1:9696', - :neutron_url_timeout => '30', - :neutron_project_name => 'openstack', - :neutron_project_domain_name => 'openstack_domain', - :neutron_region_name => 'RegionTwo', - :neutron_username => 'neutron2', - :neutron_user_domain_name => 'neutron_domain', - :neutron_auth_url => 'http://10.0.0.1:5000/v2', - :firewall_driver => 'nova.virt.firewall.IptablesFirewallDriver', - :neutron_ovs_bridge => 'br-int', - :neutron_extension_sync_interval => '600', - :vif_plugging_is_fatal => false, - :vif_plugging_timeout => '0', - :dhcp_domain => 'foo', - :default_floating_pool => 'public' - ) - end + on_supported_os({ + :supported_os => OSDefaults.get_supported_os + }).each do |os,facts| + context "on #{os}" do + let (:facts) do + facts.merge(OSDefaults.get_facts()) + end - it 'configures neutron endpoint in nova.conf' do - is_expected.to contain_nova_config('neutron/password').with_value(params[:neutron_password]).with_secret(true) - is_expected.to contain_nova_config('DEFAULT/dhcp_domain').with_value(params[:dhcp_domain]) - is_expected.to contain_nova_config('neutron/default_floating_pool').with_value(params[:default_floating_pool]) - is_expected.to contain_nova_config('neutron/url').with_value(params[:neutron_url]) - is_expected.to contain_nova_config('neutron/timeout').with_value(params[:neutron_url_timeout]) - is_expected.to contain_nova_config('neutron/project_name').with_value(params[:neutron_project_name]) - is_expected.to contain_nova_config('neutron/project_domain_name').with_value(params[:neutron_project_domain_name]) - is_expected.to contain_nova_config('neutron/region_name').with_value(params[:neutron_region_name]) - is_expected.to contain_nova_config('neutron/username').with_value(params[:neutron_username]) - is_expected.to contain_nova_config('neutron/user_domain_name').with_value(params[:neutron_user_domain_name]) - is_expected.to contain_nova_config('neutron/auth_url').with_value(params[:neutron_auth_url]) - is_expected.to contain_nova_config('neutron/extension_sync_interval').with_value(params[:neutron_extension_sync_interval]) - end - it 'configures Nova to use Neutron Security Groups and Firewall' do - is_expected.to contain_nova_config('DEFAULT/firewall_driver').with_value(params[:firewall_driver]) - is_expected.to contain_nova_config('neutron/ovs_bridge').with_value(params[:neutron_ovs_bridge]) - end - it 'configures neutron vif plugging events in nova.conf' do - is_expected.to contain_nova_config('DEFAULT/vif_plugging_is_fatal').with_value(params[:vif_plugging_is_fatal]) - is_expected.to contain_nova_config('DEFAULT/vif_plugging_timeout').with_value(params[:vif_plugging_timeout]) + it_behaves_like 'nova::network::neutron' end end - - context 'with deprecated class parameters' do - before do - params.merge!( - :neutron_url => 'http://10.0.0.1:9696', - :neutron_url_timeout => '30', - :neutron_region_name => 'RegionTwo', - :firewall_driver => 'nova.virt.firewall.IptablesFirewallDriver', - :neutron_ovs_bridge => 'br-int', - :neutron_extension_sync_interval => '600', - :vif_plugging_is_fatal => false, - :vif_plugging_timeout => '0', - :dhcp_domain => 'foo', - ) - end - - it 'configures neutron endpoint in nova.conf' do - is_expected.to contain_nova_config('neutron/password').with_value(params[:neutron_password]).with_secret(true) - is_expected.to contain_nova_config('DEFAULT/dhcp_domain').with_value(params[:dhcp_domain]) - is_expected.to contain_nova_config('neutron/url').with_value(params[:neutron_url]) - is_expected.to contain_nova_config('neutron/timeout').with_value(params[:neutron_url_timeout]) - is_expected.to contain_nova_config('neutron/region_name').with_value(params[:neutron_region_name]) - is_expected.to contain_nova_config('neutron/extension_sync_interval').with_value(params[:neutron_extension_sync_interval]) - end - it 'configures Nova to use Neutron Security Groups and Firewall' do - is_expected.to contain_nova_config('DEFAULT/firewall_driver').with_value(params[:firewall_driver]) - is_expected.to contain_nova_config('neutron/ovs_bridge').with_value(params[:neutron_ovs_bridge]) - end - it 'configures neutron vif plugging events in nova.conf' do - is_expected.to contain_nova_config('DEFAULT/vif_plugging_is_fatal').with_value(params[:vif_plugging_is_fatal]) - is_expected.to contain_nova_config('DEFAULT/vif_plugging_timeout').with_value(params[:vif_plugging_timeout]) - end - end - - - end