openstack/puppet-nova
Code Issues Proposed changes

Merge "Deprecate neutron options and add alternatives"

Browse Source
This commit is contained in:
Zuul
2018-11-26 21:04:00 +00:00
committed by Gerrit Code Review
parent c7f44fde73 6c22e040dc
commit e4a0ea1128
3 changed files with 180 additions and 133 deletions
Download Patch File Download Diff File Expand all files Collapse all files

85
manifests/network/neutron.pp
View File

@@ -12,14 +12,6 @@
# Name of the auth type to load (string value)
# Defaults to 'v3password'
#
# [*neutron_url*]
# (optional) URL for connecting to the Neutron networking service.
# Defaults to 'http://127.0.0.1:9696'
#
# [*neutron_url_timeout*]
# (optional) Timeout value for connecting to neutron in seconds.
# Defaults to '30'
#
# [*neutron_project_name*]
# (optional) Project name for connecting to Neutron network services in
# admin context through the OpenStack Identity service.
@@ -30,21 +22,39 @@
# admin context through the OpenStack Identity service.
# Defaults to 'Default'
#
# [*neutron_username*]
# (optional) Username for connecting to Neutron network services in admin context
# through the OpenStack Identity service.
# Defaults to 'neutron'
#
# [*neutron_user_domain_name*]
# (optional) User Domain name for connecting to Neutron network services in
# admin context through the OpenStack Identity service.
# Defaults to 'Default'
#
# [*neutron_auth_url*]
# (optional) Points to the OpenStack Identity server IP and port.
# This is the Identity (keystone) admin API server IP and port value,
# and not the Identity service API IP and port.
# Defaults to 'http://127.0.0.1:5000/v3'
#
# [*neutron_valid_interfaces*]
# (optional) The endpoint type to lookup when talking to Neutron.
# Defaults to $::os_service_default
#
# [*neutron_endpoint_override*]
# (optional) Override the endpoint to use to talk to Neutron.
# Defaults to $::os_service_default
#
# [*neutron_timeout*]
# (optional) Timeout value for connecting to neutron in seconds.
# Defaults to '30'
#
# [*neutron_region_name*]
# (optional) Region name for connecting to neutron in admin context
# through the OpenStack Identity service.
# Defaults to 'RegionOne'
#
# [*neutron_username*]
# (optional) Username for connecting to Neutron network services in admin context
# through the OpenStack Identity service.
# Defaults to 'neutron'
#
# [*neutron_ovs_bridge*]
# (optional) Name of Integration Bridge used by Open vSwitch
# Defaults to 'br-int'
@@ -53,12 +63,6 @@
# (optional) Number of seconds before querying neutron for extensions
# Defaults to '600'
#
# [*neutron_auth_url*]
# (optional) Points to the OpenStack Identity server IP and port.
# This is the Identity (keystone) admin API server IP and port value,
# and not the Identity service API IP and port.
# Defaults to 'http://127.0.0.1:5000/v3'
#
# [*vif_plugging_is_fatal*]
# (optional) Fail to boot instance if vif plugging fails.
# This prevents nova from booting an instance if vif plugging notification
@@ -77,16 +81,24 @@
#
### DEPRECATED PARAMS
#
# [*neutron_url*]
# (optional) URL for connecting to the Neutron networking service.
# Defaults to undef
#
# [*neutron_url_timeout*]
# (optional) Timeout value for connecting to neutron in seconds.
# Defaults to undef
#
# [*firewall_driver*]
# (optional) Firewall driver.
# This prevents nova from maintaining a firewall so it does not interfere
# with Neutron's. Set to 'nova.virt.firewall.IptablesFirewallDriver'
# to re-enable the Nova firewall.
# Defaults to 'nova.virt.firewall.NoopFirewallDriver'
# Defaults to undef
#
# [*dhcp_domain*]
# (optional) domain to use for building the hostnames
# Defaults to 'novalocal'
# Defaults to undef
#
class nova::network::neutron (
$neutron_password = false,
@@ -96,8 +108,9 @@ class nova::network::neutron (
$neutron_username = 'neutron',
$neutron_user_domain_name = 'Default',
$neutron_auth_url = 'http://127.0.0.1:5000/v3',
$neutron_url = 'http://127.0.0.1:9696',
$neutron_url_timeout = '30',
$neutron_valid_interfaces = $::os_service_default,
$neutron_endpoint_override = $::os_service_default,
$neutron_timeout = '30',
$neutron_region_name = 'RegionOne',
$neutron_ovs_bridge = 'br-int',
$neutron_extension_sync_interval = '600',
@@ -105,12 +118,23 @@ class nova::network::neutron (
$vif_plugging_timeout = '300',
$default_floating_pool = 'nova',
# DEPRECATED PARAMS
$firewall_driver = 'nova.virt.firewall.NoopFirewallDriver',
$dhcp_domain = 'novalocal',
$neutron_url = undef,
$neutron_url_timeout = undef,
$firewall_driver = undef,
$dhcp_domain = undef,
) {
include ::nova::deps
if $neutron_url {
warning('nova::network::neutron::neutron_url is deprecated, nova behaviour will be default to looking up \
the neutron endpoint in the keystone catalog, please use nova::network::neutron::neutron_endpoint_override to override')
}
if $neutron_url_timeout {
warning('nova::network::neutron::neutron_url_timeout is deprecated, please use neutron_timeout instead.')
}
if $firewall_driver {
warning('nova::network::neutron::firewall_driver is deprecated and will be removed in a future release')
}
@@ -125,12 +149,17 @@ class nova::network::neutron (
'DEFAULT/firewall_driver': value => $firewall_driver;
}
nova_config {
'neutron/url': value => $neutron_url;
}
$neutron_timeout_real = pick($neutron_url_timeout, $neutron_timeout)
nova_config {
'DEFAULT/vif_plugging_is_fatal': value => $vif_plugging_is_fatal;
'DEFAULT/vif_plugging_timeout': value => $vif_plugging_timeout;
'neutron/default_floating_pool': value => $default_floating_pool;
'neutron/url': value => $neutron_url;
'neutron/timeout': value => $neutron_url_timeout;
'neutron/timeout': value => $neutron_timeout_real;
'neutron/project_name': value => $neutron_project_name;
'neutron/project_domain_name': value => $neutron_project_domain_name;
'neutron/region_name': value => $neutron_region_name;
@@ -138,6 +167,8 @@ class nova::network::neutron (
'neutron/user_domain_name': value => $neutron_user_domain_name;
'neutron/password': value => $neutron_password, secret => true;
'neutron/auth_url': value => $neutron_auth_url;
'neutron/valid_interfaces': value => $neutron_valid_interfaces;
'neutron/endpoint_override': value => $neutron_endpoint_override;
'neutron/ovs_bridge': value => $neutron_ovs_bridge;
'neutron/extension_sync_interval': value => $neutron_extension_sync_interval;
'neutron/auth_type': value => $neutron_auth_type;

21
releasenotes/notes/deprecated-neutron-options-c506d893a1529ed5.yaml Normal file
View File

@@ -0,0 +1,21 @@
---
deprecations:
- |
nova::network::neutron::neutron_url is deprecated and will be removed in a future
release. Nova will default to looking up the neutron endpoint in the keystone
catalog, you can override the endpoint type with neutron_endpoint_type or by
overriding the endpoint with the neutron_endpoint_override parameter.
- |
nova::network::neutron::neutron_url_timeout is deprecated, please use neutron_timeout
instead.
features:
- |
Added new parameter nova::network::neutron::neutron_timeout that replaces the current
neutron_url_timeout parameter.
- |
Added new parameter nova::network::neutron::neutron_valid_interfaces which can be used
to override the keystone catalog interface nova should lookup for the neutron endpoint.
- |
Added new parameter nova::network::neutron::neutron_endpoint_override that can be used
to force the endpoint nova should use to talk to neutron, otherwise it will be looked
up in the keystone endpoint catalog.

207
spec/classes/nova_network_neutron_spec.rb
View File

@@ -1,135 +1,130 @@
require 'spec_helper'
describe 'nova::network::neutron' do
let :default_params do
{ :neutron_auth_type => 'v3password',
:neutron_url => 'http://127.0.0.1:9696',
:neutron_url_timeout => '30',
{
:neutron_auth_type => 'v3password',
:neutron_timeout => '30',
:neutron_project_name => 'services',
:neutron_project_domain_name => 'Default',
:neutron_region_name => 'RegionOne',
:neutron_username => 'neutron',
:neutron_user_domain_name => 'Default',
:neutron_auth_url => 'http://127.0.0.1:5000/v3',
:neutron_valid_interfaces => '<SERVICE DEFAULT>',
:neutron_endpoint_override => '<SERVICE DEFAULT>',
:neutron_ovs_bridge => 'br-int',
:neutron_extension_sync_interval => '600',
:firewall_driver => 'nova.virt.firewall.NoopFirewallDriver',
:vif_plugging_is_fatal => true,
:vif_plugging_timeout => '300',
:dhcp_domain => 'novalocal',
:default_floating_pool => 'nova'
:default_floating_pool => 'nova',
}
end
let :params do
{ :neutron_password => 's3cr3t' }
{
:neutron_password => 's3cr3t'
}
end
context 'with required parameters' do
it 'configures neutron endpoint in nova.conf' do
is_expected.to contain_nova_config('neutron/password').with_value(params[:neutron_password]).with_secret(true)
is_expected.to contain_nova_config('DEFAULT/dhcp_domain').with_value(default_params[:dhcp_domain])
is_expected.to contain_nova_config('neutron/default_floating_pool').with_value(default_params[:default_floating_pool])
is_expected.to contain_nova_config('neutron/auth_type').with_value(default_params[:neutron_auth_type])
is_expected.to contain_nova_config('neutron/url').with_value(default_params[:neutron_url])
is_expected.to contain_nova_config('neutron/timeout').with_value(default_params[:neutron_url_timeout])
is_expected.to contain_nova_config('neutron/project_name').with_value(default_params[:neutron_project_name])
is_expected.to contain_nova_config('neutron/project_domain_name').with_value(default_params[:neutron_project_domain_name])
is_expected.to contain_nova_config('neutron/region_name').with_value(default_params[:neutron_region_name])
is_expected.to contain_nova_config('neutron/username').with_value(default_params[:neutron_username])
is_expected.to contain_nova_config('neutron/user_domain_name').with_value(default_params[:neutron_user_domain_name])
is_expected.to contain_nova_config('neutron/auth_url').with_value(default_params[:neutron_auth_url])
is_expected.to contain_nova_config('neutron/extension_sync_interval').with_value(default_params[:neutron_extension_sync_interval])
shared_examples 'nova::network::neutron' do
context 'with required parameters' do
it 'configures neutron endpoint in nova.conf' do
should contain_nova_config('neutron/password').with_value(params[:neutron_password]).with_secret(true)
should contain_nova_config('neutron/default_floating_pool').with_value(default_params[:default_floating_pool])
should contain_nova_config('neutron/auth_type').with_value(default_params[:neutron_auth_type])
should contain_nova_config('neutron/timeout').with_value(default_params[:neutron_timeout])
should contain_nova_config('neutron/project_name').with_value(default_params[:neutron_project_name])
should contain_nova_config('neutron/project_domain_name').with_value(default_params[:neutron_project_domain_name])
should contain_nova_config('neutron/region_name').with_value(default_params[:neutron_region_name])
should contain_nova_config('neutron/username').with_value(default_params[:neutron_username])
should contain_nova_config('neutron/user_domain_name').with_value(default_params[:neutron_user_domain_name])
should contain_nova_config('neutron/auth_url').with_value(default_params[:neutron_auth_url])
should contain_nova_config('neutron/valid_interfaces').with_value(default_params[:neutron_valid_interfaces])
should contain_nova_config('neutron/endpoint_override').with_value(default_params[:neutron_endpoint_override])
should contain_nova_config('neutron/extension_sync_interval').with_value(default_params[:neutron_extension_sync_interval])
should contain_nova_config('neutron/ovs_bridge').with_value(default_params[:neutron_ovs_bridge])
end
it 'configures neutron vif plugging events in nova.conf' do
should contain_nova_config('DEFAULT/vif_plugging_is_fatal').with_value(default_params[:vif_plugging_is_fatal])
should contain_nova_config('DEFAULT/vif_plugging_timeout').with_value(default_params[:vif_plugging_timeout])
end
end
it 'configures Nova to use Neutron Bridge Security Groups and Firewall' do
is_expected.to contain_nova_config('DEFAULT/firewall_driver').with_value(default_params[:firewall_driver])
is_expected.to contain_nova_config('neutron/ovs_bridge').with_value(default_params[:neutron_ovs_bridge])
context 'when overriding class parameters' do
before do
params.merge!(
:neutron_timeout => '30',
:neutron_project_name => 'openstack',
:neutron_project_domain_name => 'openstack_domain',
:neutron_region_name => 'RegionTwo',
:neutron_username => 'neutron2',
:neutron_user_domain_name => 'neutron_domain',
:neutron_auth_url => 'http://10.0.0.1:5000/v2',
:neutron_valid_interfaces => 'public',
:neutron_endpoint_override => 'http://127.0.0.1:9696',
:neutron_ovs_bridge => 'br-int',
:neutron_extension_sync_interval => '600',
:vif_plugging_is_fatal => false,
:vif_plugging_timeout => '0',
:default_floating_pool => 'public'
)
end
it 'configures neutron endpoint in nova.conf' do
should contain_nova_config('neutron/password').with_value(params[:neutron_password]).with_secret(true)
should contain_nova_config('neutron/default_floating_pool').with_value(params[:default_floating_pool])
should contain_nova_config('neutron/timeout').with_value(params[:neutron_timeout])
should contain_nova_config('neutron/project_name').with_value(params[:neutron_project_name])
should contain_nova_config('neutron/project_domain_name').with_value(params[:neutron_project_domain_name])
should contain_nova_config('neutron/region_name').with_value(params[:neutron_region_name])
should contain_nova_config('neutron/username').with_value(params[:neutron_username])
should contain_nova_config('neutron/user_domain_name').with_value(params[:neutron_user_domain_name])
should contain_nova_config('neutron/auth_url').with_value(params[:neutron_auth_url])
should contain_nova_config('neutron/valid_interfaces').with_value(params[:neutron_valid_interfaces])
should contain_nova_config('neutron/endpoint_override').with_value(params[:neutron_endpoint_override])
should contain_nova_config('neutron/extension_sync_interval').with_value(params[:neutron_extension_sync_interval])
should contain_nova_config('neutron/ovs_bridge').with_value(params[:neutron_ovs_bridge])
end
it 'configures neutron vif plugging events in nova.conf' do
should contain_nova_config('DEFAULT/vif_plugging_is_fatal').with_value(params[:vif_plugging_is_fatal])
should contain_nova_config('DEFAULT/vif_plugging_timeout').with_value(params[:vif_plugging_timeout])
end
end
it 'configures neutron vif plugging events in nova.conf' do
is_expected.to contain_nova_config('DEFAULT/vif_plugging_is_fatal').with_value(default_params[:vif_plugging_is_fatal])
is_expected.to contain_nova_config('DEFAULT/vif_plugging_timeout').with_value(default_params[:vif_plugging_timeout])
context 'with deprecated class parameters' do
before do
params.merge!(
:neutron_url => 'http://10.0.0.1:9696',
:neutron_url_timeout => '30',
:firewall_driver => 'nova.virt.firewall.IptablesFirewallDriver',
:dhcp_domain => 'foo',
)
end
it 'configures neutron endpoint in nova.conf' do
should contain_nova_config('DEFAULT/dhcp_domain').with_value(params[:dhcp_domain])
should contain_nova_config('neutron/url').with_value(params[:neutron_url])
should contain_nova_config('neutron/timeout').with_value(params[:neutron_url_timeout])
end
it 'configures Nova to use Neutron Security Groups and Firewall' do
should contain_nova_config('DEFAULT/firewall_driver').with_value(params[:firewall_driver])
end
end
end
context 'when overriding class parameters' do
before do
params.merge!(
:neutron_url => 'http://10.0.0.1:9696',
:neutron_url_timeout => '30',
:neutron_project_name => 'openstack',
:neutron_project_domain_name => 'openstack_domain',
:neutron_region_name => 'RegionTwo',
:neutron_username => 'neutron2',
:neutron_user_domain_name => 'neutron_domain',
:neutron_auth_url => 'http://10.0.0.1:5000/v2',
:firewall_driver => 'nova.virt.firewall.IptablesFirewallDriver',
:neutron_ovs_bridge => 'br-int',
:neutron_extension_sync_interval => '600',
:vif_plugging_is_fatal => false,
:vif_plugging_timeout => '0',
:dhcp_domain => 'foo',
:default_floating_pool => 'public'
)
end
on_supported_os({
:supported_os => OSDefaults.get_supported_os
}).each do |os,facts|
context "on #{os}" do
let (:facts) do
facts.merge(OSDefaults.get_facts())
end
it 'configures neutron endpoint in nova.conf' do
is_expected.to contain_nova_config('neutron/password').with_value(params[:neutron_password]).with_secret(true)
is_expected.to contain_nova_config('DEFAULT/dhcp_domain').with_value(params[:dhcp_domain])
is_expected.to contain_nova_config('neutron/default_floating_pool').with_value(params[:default_floating_pool])
is_expected.to contain_nova_config('neutron/url').with_value(params[:neutron_url])
is_expected.to contain_nova_config('neutron/timeout').with_value(params[:neutron_url_timeout])
is_expected.to contain_nova_config('neutron/project_name').with_value(params[:neutron_project_name])
is_expected.to contain_nova_config('neutron/project_domain_name').with_value(params[:neutron_project_domain_name])
is_expected.to contain_nova_config('neutron/region_name').with_value(params[:neutron_region_name])
is_expected.to contain_nova_config('neutron/username').with_value(params[:neutron_username])
is_expected.to contain_nova_config('neutron/user_domain_name').with_value(params[:neutron_user_domain_name])
is_expected.to contain_nova_config('neutron/auth_url').with_value(params[:neutron_auth_url])
is_expected.to contain_nova_config('neutron/extension_sync_interval').with_value(params[:neutron_extension_sync_interval])
end
it 'configures Nova to use Neutron Security Groups and Firewall' do
is_expected.to contain_nova_config('DEFAULT/firewall_driver').with_value(params[:firewall_driver])
is_expected.to contain_nova_config('neutron/ovs_bridge').with_value(params[:neutron_ovs_bridge])
end
it 'configures neutron vif plugging events in nova.conf' do
is_expected.to contain_nova_config('DEFAULT/vif_plugging_is_fatal').with_value(params[:vif_plugging_is_fatal])
is_expected.to contain_nova_config('DEFAULT/vif_plugging_timeout').with_value(params[:vif_plugging_timeout])
it_behaves_like 'nova::network::neutron'
end
end
context 'with deprecated class parameters' do
before do
params.merge!(
:neutron_url => 'http://10.0.0.1:9696',
:neutron_url_timeout => '30',
:neutron_region_name => 'RegionTwo',
:firewall_driver => 'nova.virt.firewall.IptablesFirewallDriver',
:neutron_ovs_bridge => 'br-int',
:neutron_extension_sync_interval => '600',
:vif_plugging_is_fatal => false,
:vif_plugging_timeout => '0',
:dhcp_domain => 'foo',
)
end
it 'configures neutron endpoint in nova.conf' do
is_expected.to contain_nova_config('neutron/password').with_value(params[:neutron_password]).with_secret(true)
is_expected.to contain_nova_config('DEFAULT/dhcp_domain').with_value(params[:dhcp_domain])
is_expected.to contain_nova_config('neutron/url').with_value(params[:neutron_url])
is_expected.to contain_nova_config('neutron/timeout').with_value(params[:neutron_url_timeout])
is_expected.to contain_nova_config('neutron/region_name').with_value(params[:neutron_region_name])
is_expected.to contain_nova_config('neutron/extension_sync_interval').with_value(params[:neutron_extension_sync_interval])
end
it 'configures Nova to use Neutron Security Groups and Firewall' do
is_expected.to contain_nova_config('DEFAULT/firewall_driver').with_value(params[:firewall_driver])
is_expected.to contain_nova_config('neutron/ovs_bridge').with_value(params[:neutron_ovs_bridge])
end
it 'configures neutron vif plugging events in nova.conf' do
is_expected.to contain_nova_config('DEFAULT/vif_plugging_is_fatal').with_value(params[:vif_plugging_is_fatal])
is_expected.to contain_nova_config('DEFAULT/vif_plugging_timeout').with_value(params[:vif_plugging_timeout])
end
end
end