openstack/puppet-nova
Code Issues Proposed changes

Deprecate neutron options and add alternatives

Browse Source 
Deprecates the neutron options that are currently deprecated
and adds two new parameters that can be used to change
the nova behaviour in the proper way.

See here that they are deprecated [1] [2].

[1] https://github.com/openstack/nova/blob/master/nova/conf/neutron.py#L35
[2] c6218428e9/releasenotes/notes/deprecate-more-nova-network-opts-a9f87c79f7d26438.yaml
[3] c6218428e9/releasenotes/notes/deprecate-nova-network-opts-b6da6af4497ef4ca.yaml

Change-Id: I2d56ac6d1bbfc2f5565485b05b161dd0e67c576b
This commit is contained in:
Tobias Urdin 2018-10-26 10:31:04 +02:00
parent 1296187b85
commit 6c22e040dc
3 changed files with 180 additions and 133 deletions

85
manifests/network/neutron.pp

@ -12,14 +12,6 @@
# Name of the auth type to load (string value) # Name of the auth type to load (string value)
# Defaults to 'v3password' # Defaults to 'v3password'
# #
# [*neutron_url*]
# (optional) URL for connecting to the Neutron networking service.
# Defaults to 'http://127.0.0.1:9696'
#
# [*neutron_url_timeout*]
# (optional) Timeout value for connecting to neutron in seconds.
# Defaults to '30'
#
# [*neutron_project_name*] # [*neutron_project_name*]
# (optional) Project name for connecting to Neutron network services in # (optional) Project name for connecting to Neutron network services in
# admin context through the OpenStack Identity service. # admin context through the OpenStack Identity service.
@ -30,21 +22,39 @@
# admin context through the OpenStack Identity service. # admin context through the OpenStack Identity service.
# Defaults to 'Default' # Defaults to 'Default'
# #
# [*neutron_username*]
# (optional) Username for connecting to Neutron network services in admin context
# through the OpenStack Identity service.
# Defaults to 'neutron'
#
# [*neutron_user_domain_name*] # [*neutron_user_domain_name*]
# (optional) User Domain name for connecting to Neutron network services in # (optional) User Domain name for connecting to Neutron network services in
# admin context through the OpenStack Identity service. # admin context through the OpenStack Identity service.
# Defaults to 'Default' # Defaults to 'Default'
# #
# [*neutron_auth_url*]
# (optional) Points to the OpenStack Identity server IP and port.
# This is the Identity (keystone) admin API server IP and port value,
# and not the Identity service API IP and port.
# Defaults to 'http://127.0.0.1:5000/v3'
#
# [*neutron_valid_interfaces*]
# (optional) The endpoint type to lookup when talking to Neutron.
# Defaults to $::os_service_default
#
# [*neutron_endpoint_override*]
# (optional) Override the endpoint to use to talk to Neutron.
# Defaults to $::os_service_default
#
# [*neutron_timeout*]
# (optional) Timeout value for connecting to neutron in seconds.
# Defaults to '30'
#
# [*neutron_region_name*] # [*neutron_region_name*]
# (optional) Region name for connecting to neutron in admin context # (optional) Region name for connecting to neutron in admin context
# through the OpenStack Identity service. # through the OpenStack Identity service.
# Defaults to 'RegionOne' # Defaults to 'RegionOne'
# #
# [*neutron_username*]
# (optional) Username for connecting to Neutron network services in admin context
# through the OpenStack Identity service.
# Defaults to 'neutron'
#
# [*neutron_ovs_bridge*] # [*neutron_ovs_bridge*]
# (optional) Name of Integration Bridge used by Open vSwitch # (optional) Name of Integration Bridge used by Open vSwitch
# Defaults to 'br-int' # Defaults to 'br-int'
@ -53,12 +63,6 @@
# (optional) Number of seconds before querying neutron for extensions # (optional) Number of seconds before querying neutron for extensions
# Defaults to '600' # Defaults to '600'
# #
# [*neutron_auth_url*]
# (optional) Points to the OpenStack Identity server IP and port.
# This is the Identity (keystone) admin API server IP and port value,
# and not the Identity service API IP and port.
# Defaults to 'http://127.0.0.1:5000/v3'
#
# [*vif_plugging_is_fatal*] # [*vif_plugging_is_fatal*]
# (optional) Fail to boot instance if vif plugging fails. # (optional) Fail to boot instance if vif plugging fails.
# This prevents nova from booting an instance if vif plugging notification # This prevents nova from booting an instance if vif plugging notification
@ -77,16 +81,24 @@
# #
### DEPRECATED PARAMS ### DEPRECATED PARAMS
# #
# [*neutron_url*]
# (optional) URL for connecting to the Neutron networking service.
# Defaults to undef
#
# [*neutron_url_timeout*]
# (optional) Timeout value for connecting to neutron in seconds.
# Defaults to undef
#
# [*firewall_driver*] # [*firewall_driver*]
# (optional) Firewall driver. # (optional) Firewall driver.
# This prevents nova from maintaining a firewall so it does not interfere # This prevents nova from maintaining a firewall so it does not interfere
# with Neutron's. Set to 'nova.virt.firewall.IptablesFirewallDriver' # with Neutron's. Set to 'nova.virt.firewall.IptablesFirewallDriver'
# to re-enable the Nova firewall. # to re-enable the Nova firewall.
# Defaults to 'nova.virt.firewall.NoopFirewallDriver' # Defaults to undef
# #
# [*dhcp_domain*] # [*dhcp_domain*]
# (optional) domain to use for building the hostnames # (optional) domain to use for building the hostnames
# Defaults to 'novalocal' # Defaults to undef
# #
class nova::network::neutron ( class nova::network::neutron (
$neutron_password = false, $neutron_password = false,
@ -96,8 +108,9 @@ class nova::network::neutron (
$neutron_username = 'neutron', $neutron_username = 'neutron',
$neutron_user_domain_name = 'Default', $neutron_user_domain_name = 'Default',
$neutron_auth_url = 'http://127.0.0.1:5000/v3', $neutron_auth_url = 'http://127.0.0.1:5000/v3',
$neutron_url = 'http://127.0.0.1:9696', $neutron_valid_interfaces = $::os_service_default,
$neutron_url_timeout = '30', $neutron_endpoint_override = $::os_service_default,
$neutron_timeout = '30',
$neutron_region_name = 'RegionOne', $neutron_region_name = 'RegionOne',
$neutron_ovs_bridge = 'br-int', $neutron_ovs_bridge = 'br-int',
$neutron_extension_sync_interval = '600', $neutron_extension_sync_interval = '600',
@ -105,12 +118,23 @@ class nova::network::neutron (
$vif_plugging_timeout = '300', $vif_plugging_timeout = '300',
$default_floating_pool = 'nova', $default_floating_pool = 'nova',
# DEPRECATED PARAMS # DEPRECATED PARAMS
$firewall_driver = 'nova.virt.firewall.NoopFirewallDriver', $neutron_url = undef,
$dhcp_domain = 'novalocal', $neutron_url_timeout = undef,
$firewall_driver = undef,
$dhcp_domain = undef,
) { ) {
include ::nova::deps include ::nova::deps
if $neutron_url {
warning('nova::network::neutron::neutron_url is deprecated, nova behaviour will be default to looking up \
the neutron endpoint in the keystone catalog, please use nova::network::neutron::neutron_endpoint_override to override')
}
if $neutron_url_timeout {
warning('nova::network::neutron::neutron_url_timeout is deprecated, please use neutron_timeout instead.')
}
if $firewall_driver { if $firewall_driver {
warning('nova::network::neutron::firewall_driver is deprecated and will be removed in a future release') warning('nova::network::neutron::firewall_driver is deprecated and will be removed in a future release')
} }
@ -125,12 +149,17 @@ class nova::network::neutron (
'DEFAULT/firewall_driver': value => $firewall_driver; 'DEFAULT/firewall_driver': value => $firewall_driver;
} }
nova_config {
'neutron/url': value => $neutron_url;
}
$neutron_timeout_real = pick($neutron_url_timeout, $neutron_timeout)
nova_config { nova_config {
'DEFAULT/vif_plugging_is_fatal': value => $vif_plugging_is_fatal; 'DEFAULT/vif_plugging_is_fatal': value => $vif_plugging_is_fatal;
'DEFAULT/vif_plugging_timeout': value => $vif_plugging_timeout; 'DEFAULT/vif_plugging_timeout': value => $vif_plugging_timeout;
'neutron/default_floating_pool': value => $default_floating_pool; 'neutron/default_floating_pool': value => $default_floating_pool;
'neutron/url': value => $neutron_url; 'neutron/timeout': value => $neutron_timeout_real;
'neutron/timeout': value => $neutron_url_timeout;
'neutron/project_name': value => $neutron_project_name; 'neutron/project_name': value => $neutron_project_name;
'neutron/project_domain_name': value => $neutron_project_domain_name; 'neutron/project_domain_name': value => $neutron_project_domain_name;
'neutron/region_name': value => $neutron_region_name; 'neutron/region_name': value => $neutron_region_name;
@ -138,6 +167,8 @@ class nova::network::neutron (
'neutron/user_domain_name': value => $neutron_user_domain_name; 'neutron/user_domain_name': value => $neutron_user_domain_name;
'neutron/password': value => $neutron_password, secret => true; 'neutron/password': value => $neutron_password, secret => true;
'neutron/auth_url': value => $neutron_auth_url; 'neutron/auth_url': value => $neutron_auth_url;
'neutron/valid_interfaces': value => $neutron_valid_interfaces;
'neutron/endpoint_override': value => $neutron_endpoint_override;
'neutron/ovs_bridge': value => $neutron_ovs_bridge; 'neutron/ovs_bridge': value => $neutron_ovs_bridge;
'neutron/extension_sync_interval': value => $neutron_extension_sync_interval; 'neutron/extension_sync_interval': value => $neutron_extension_sync_interval;
'neutron/auth_type': value => $neutron_auth_type; 'neutron/auth_type': value => $neutron_auth_type;

21
releasenotes/notes/deprecated-neutron-options-c506d893a1529ed5.yaml Normal file

@ -0,0 +1,21 @@
---
deprecations:
- |
nova::network::neutron::neutron_url is deprecated and will be removed in a future
release. Nova will default to looking up the neutron endpoint in the keystone
catalog, you can override the endpoint type with neutron_endpoint_type or by
overriding the endpoint with the neutron_endpoint_override parameter.
- |
nova::network::neutron::neutron_url_timeout is deprecated, please use neutron_timeout
instead.
features:
- |
Added new parameter nova::network::neutron::neutron_timeout that replaces the current
neutron_url_timeout parameter.
- |
Added new parameter nova::network::neutron::neutron_valid_interfaces which can be used
to override the keystone catalog interface nova should lookup for the neutron endpoint.
- |
Added new parameter nova::network::neutron::neutron_endpoint_override that can be used
to force the endpoint nova should use to talk to neutron, otherwise it will be looked
up in the keystone endpoint catalog.

207
spec/classes/nova_network_neutron_spec.rb

@ -1,135 +1,130 @@
require 'spec_helper' require 'spec_helper'
describe 'nova::network::neutron' do describe 'nova::network::neutron' do
let :default_params do let :default_params do
{ :neutron_auth_type => 'v3password', {
:neutron_url => 'http://127.0.0.1:9696', :neutron_auth_type => 'v3password',
:neutron_url_timeout => '30', :neutron_timeout => '30',
:neutron_project_name => 'services', :neutron_project_name => 'services',
:neutron_project_domain_name => 'Default', :neutron_project_domain_name => 'Default',
:neutron_region_name => 'RegionOne', :neutron_region_name => 'RegionOne',
:neutron_username => 'neutron', :neutron_username => 'neutron',
:neutron_user_domain_name => 'Default', :neutron_user_domain_name => 'Default',
:neutron_auth_url => 'http://127.0.0.1:5000/v3', :neutron_auth_url => 'http://127.0.0.1:5000/v3',
:neutron_valid_interfaces => '<SERVICE DEFAULT>',
:neutron_endpoint_override => '<SERVICE DEFAULT>',
:neutron_ovs_bridge => 'br-int', :neutron_ovs_bridge => 'br-int',
:neutron_extension_sync_interval => '600', :neutron_extension_sync_interval => '600',
:firewall_driver => 'nova.virt.firewall.NoopFirewallDriver',
:vif_plugging_is_fatal => true, :vif_plugging_is_fatal => true,
:vif_plugging_timeout => '300', :vif_plugging_timeout => '300',
:dhcp_domain => 'novalocal', :default_floating_pool => 'nova',
:default_floating_pool => 'nova'
} }
end end
let :params do let :params do
{ :neutron_password => 's3cr3t' } {
:neutron_password => 's3cr3t'
}
end end
context 'with required parameters' do shared_examples 'nova::network::neutron' do
it 'configures neutron endpoint in nova.conf' do context 'with required parameters' do
is_expected.to contain_nova_config('neutron/password').with_value(params[:neutron_password]).with_secret(true) it 'configures neutron endpoint in nova.conf' do
is_expected.to contain_nova_config('DEFAULT/dhcp_domain').with_value(default_params[:dhcp_domain]) should contain_nova_config('neutron/password').with_value(params[:neutron_password]).with_secret(true)
is_expected.to contain_nova_config('neutron/default_floating_pool').with_value(default_params[:default_floating_pool]) should contain_nova_config('neutron/default_floating_pool').with_value(default_params[:default_floating_pool])
is_expected.to contain_nova_config('neutron/auth_type').with_value(default_params[:neutron_auth_type]) should contain_nova_config('neutron/auth_type').with_value(default_params[:neutron_auth_type])
is_expected.to contain_nova_config('neutron/url').with_value(default_params[:neutron_url]) should contain_nova_config('neutron/timeout').with_value(default_params[:neutron_timeout])
is_expected.to contain_nova_config('neutron/timeout').with_value(default_params[:neutron_url_timeout]) should contain_nova_config('neutron/project_name').with_value(default_params[:neutron_project_name])
is_expected.to contain_nova_config('neutron/project_name').with_value(default_params[:neutron_project_name]) should contain_nova_config('neutron/project_domain_name').with_value(default_params[:neutron_project_domain_name])
is_expected.to contain_nova_config('neutron/project_domain_name').with_value(default_params[:neutron_project_domain_name]) should contain_nova_config('neutron/region_name').with_value(default_params[:neutron_region_name])
is_expected.to contain_nova_config('neutron/region_name').with_value(default_params[:neutron_region_name]) should contain_nova_config('neutron/username').with_value(default_params[:neutron_username])
is_expected.to contain_nova_config('neutron/username').with_value(default_params[:neutron_username]) should contain_nova_config('neutron/user_domain_name').with_value(default_params[:neutron_user_domain_name])
is_expected.to contain_nova_config('neutron/user_domain_name').with_value(default_params[:neutron_user_domain_name]) should contain_nova_config('neutron/auth_url').with_value(default_params[:neutron_auth_url])
is_expected.to contain_nova_config('neutron/auth_url').with_value(default_params[:neutron_auth_url]) should contain_nova_config('neutron/valid_interfaces').with_value(default_params[:neutron_valid_interfaces])
is_expected.to contain_nova_config('neutron/extension_sync_interval').with_value(default_params[:neutron_extension_sync_interval]) should contain_nova_config('neutron/endpoint_override').with_value(default_params[:neutron_endpoint_override])
should contain_nova_config('neutron/extension_sync_interval').with_value(default_params[:neutron_extension_sync_interval])
should contain_nova_config('neutron/ovs_bridge').with_value(default_params[:neutron_ovs_bridge])
end
it 'configures neutron vif plugging events in nova.conf' do
should contain_nova_config('DEFAULT/vif_plugging_is_fatal').with_value(default_params[:vif_plugging_is_fatal])
should contain_nova_config('DEFAULT/vif_plugging_timeout').with_value(default_params[:vif_plugging_timeout])
end
end end
it 'configures Nova to use Neutron Bridge Security Groups and Firewall' do
is_expected.to contain_nova_config('DEFAULT/firewall_driver').with_value(default_params[:firewall_driver]) context 'when overriding class parameters' do
is_expected.to contain_nova_config('neutron/ovs_bridge').with_value(default_params[:neutron_ovs_bridge]) before do
params.merge!(
:neutron_timeout => '30',
:neutron_project_name => 'openstack',
:neutron_project_domain_name => 'openstack_domain',
:neutron_region_name => 'RegionTwo',
:neutron_username => 'neutron2',
:neutron_user_domain_name => 'neutron_domain',
:neutron_auth_url => 'http://10.0.0.1:5000/v2',
:neutron_valid_interfaces => 'public',
:neutron_endpoint_override => 'http://127.0.0.1:9696',
:neutron_ovs_bridge => 'br-int',
:neutron_extension_sync_interval => '600',
:vif_plugging_is_fatal => false,
:vif_plugging_timeout => '0',
:default_floating_pool => 'public'
)
end
it 'configures neutron endpoint in nova.conf' do
should contain_nova_config('neutron/password').with_value(params[:neutron_password]).with_secret(true)
should contain_nova_config('neutron/default_floating_pool').with_value(params[:default_floating_pool])
should contain_nova_config('neutron/timeout').with_value(params[:neutron_timeout])
should contain_nova_config('neutron/project_name').with_value(params[:neutron_project_name])
should contain_nova_config('neutron/project_domain_name').with_value(params[:neutron_project_domain_name])
should contain_nova_config('neutron/region_name').with_value(params[:neutron_region_name])
should contain_nova_config('neutron/username').with_value(params[:neutron_username])
should contain_nova_config('neutron/user_domain_name').with_value(params[:neutron_user_domain_name])
should contain_nova_config('neutron/auth_url').with_value(params[:neutron_auth_url])
should contain_nova_config('neutron/valid_interfaces').with_value(params[:neutron_valid_interfaces])
should contain_nova_config('neutron/endpoint_override').with_value(params[:neutron_endpoint_override])
should contain_nova_config('neutron/extension_sync_interval').with_value(params[:neutron_extension_sync_interval])
should contain_nova_config('neutron/ovs_bridge').with_value(params[:neutron_ovs_bridge])
end
it 'configures neutron vif plugging events in nova.conf' do
should contain_nova_config('DEFAULT/vif_plugging_is_fatal').with_value(params[:vif_plugging_is_fatal])
should contain_nova_config('DEFAULT/vif_plugging_timeout').with_value(params[:vif_plugging_timeout])
end
end end
it 'configures neutron vif plugging events in nova.conf' do
is_expected.to contain_nova_config('DEFAULT/vif_plugging_is_fatal').with_value(default_params[:vif_plugging_is_fatal]) context 'with deprecated class parameters' do
is_expected.to contain_nova_config('DEFAULT/vif_plugging_timeout').with_value(default_params[:vif_plugging_timeout]) before do
params.merge!(
:neutron_url => 'http://10.0.0.1:9696',
:neutron_url_timeout => '30',
:firewall_driver => 'nova.virt.firewall.IptablesFirewallDriver',
:dhcp_domain => 'foo',
)
end
it 'configures neutron endpoint in nova.conf' do
should contain_nova_config('DEFAULT/dhcp_domain').with_value(params[:dhcp_domain])
should contain_nova_config('neutron/url').with_value(params[:neutron_url])
should contain_nova_config('neutron/timeout').with_value(params[:neutron_url_timeout])
end
it 'configures Nova to use Neutron Security Groups and Firewall' do
should contain_nova_config('DEFAULT/firewall_driver').with_value(params[:firewall_driver])
end
end end
end end
context 'when overriding class parameters' do on_supported_os({
before do :supported_os => OSDefaults.get_supported_os
params.merge!( }).each do |os,facts|
:neutron_url => 'http://10.0.0.1:9696', context "on #{os}" do
:neutron_url_timeout => '30', let (:facts) do
:neutron_project_name => 'openstack', facts.merge(OSDefaults.get_facts())
:neutron_project_domain_name => 'openstack_domain', end
:neutron_region_name => 'RegionTwo',
:neutron_username => 'neutron2',
:neutron_user_domain_name => 'neutron_domain',
:neutron_auth_url => 'http://10.0.0.1:5000/v2',
:firewall_driver => 'nova.virt.firewall.IptablesFirewallDriver',
:neutron_ovs_bridge => 'br-int',
:neutron_extension_sync_interval => '600',
:vif_plugging_is_fatal => false,
:vif_plugging_timeout => '0',
:dhcp_domain => 'foo',
:default_floating_pool => 'public'
)
end
it 'configures neutron endpoint in nova.conf' do it_behaves_like 'nova::network::neutron'
is_expected.to contain_nova_config('neutron/password').with_value(params[:neutron_password]).with_secret(true)
is_expected.to contain_nova_config('DEFAULT/dhcp_domain').with_value(params[:dhcp_domain])
is_expected.to contain_nova_config('neutron/default_floating_pool').with_value(params[:default_floating_pool])
is_expected.to contain_nova_config('neutron/url').with_value(params[:neutron_url])
is_expected.to contain_nova_config('neutron/timeout').with_value(params[:neutron_url_timeout])
is_expected.to contain_nova_config('neutron/project_name').with_value(params[:neutron_project_name])
is_expected.to contain_nova_config('neutron/project_domain_name').with_value(params[:neutron_project_domain_name])
is_expected.to contain_nova_config('neutron/region_name').with_value(params[:neutron_region_name])
is_expected.to contain_nova_config('neutron/username').with_value(params[:neutron_username])
is_expected.to contain_nova_config('neutron/user_domain_name').with_value(params[:neutron_user_domain_name])
is_expected.to contain_nova_config('neutron/auth_url').with_value(params[:neutron_auth_url])
is_expected.to contain_nova_config('neutron/extension_sync_interval').with_value(params[:neutron_extension_sync_interval])
end
it 'configures Nova to use Neutron Security Groups and Firewall' do
is_expected.to contain_nova_config('DEFAULT/firewall_driver').with_value(params[:firewall_driver])
is_expected.to contain_nova_config('neutron/ovs_bridge').with_value(params[:neutron_ovs_bridge])
end
it 'configures neutron vif plugging events in nova.conf' do
is_expected.to contain_nova_config('DEFAULT/vif_plugging_is_fatal').with_value(params[:vif_plugging_is_fatal])
is_expected.to contain_nova_config('DEFAULT/vif_plugging_timeout').with_value(params[:vif_plugging_timeout])
end end
end end
context 'with deprecated class parameters' do
before do
params.merge!(
:neutron_url => 'http://10.0.0.1:9696',
:neutron_url_timeout => '30',
:neutron_region_name => 'RegionTwo',
:firewall_driver => 'nova.virt.firewall.IptablesFirewallDriver',
:neutron_ovs_bridge => 'br-int',
:neutron_extension_sync_interval => '600',
:vif_plugging_is_fatal => false,
:vif_plugging_timeout => '0',
:dhcp_domain => 'foo',
)
end
it 'configures neutron endpoint in nova.conf' do
is_expected.to contain_nova_config('neutron/password').with_value(params[:neutron_password]).with_secret(true)
is_expected.to contain_nova_config('DEFAULT/dhcp_domain').with_value(params[:dhcp_domain])
is_expected.to contain_nova_config('neutron/url').with_value(params[:neutron_url])
is_expected.to contain_nova_config('neutron/timeout').with_value(params[:neutron_url_timeout])
is_expected.to contain_nova_config('neutron/region_name').with_value(params[:neutron_region_name])
is_expected.to contain_nova_config('neutron/extension_sync_interval').with_value(params[:neutron_extension_sync_interval])
end
it 'configures Nova to use Neutron Security Groups and Firewall' do
is_expected.to contain_nova_config('DEFAULT/firewall_driver').with_value(params[:firewall_driver])
is_expected.to contain_nova_config('neutron/ovs_bridge').with_value(params[:neutron_ovs_bridge])
end
it 'configures neutron vif plugging events in nova.conf' do
is_expected.to contain_nova_config('DEFAULT/vif_plugging_is_fatal').with_value(params[:vif_plugging_is_fatal])
is_expected.to contain_nova_config('DEFAULT/vif_plugging_timeout').with_value(params[:vif_plugging_timeout])
end
end
end end