Fixes certificate generation error for Neutron agents

TLS certificates were introduced for the Neutron Base service in order
for Neutron to securely communicate with OVS via SSL/TLS.  However, the
implementation only required Neutron DHCP agent (ODL deployment) to use
the certificates.  The other OVS agents are not used in ODL deployments
and SSL/TLS use there may be added in the future.  However, since other
services inherit NeutronBase config_settings, they will attempt to
generate certs.  This certificate generation will fail because these
services do not inherit metadata settings.

This patch fixes the above issue by adding the metadata settings
inheritance to every service derived from NeutronBase.

Closes-Bug: 1754363

Change-Id: I87afc3a11efeefc1cfd768dfe817fbb3b2422694
Signed-off-by: Tim Rozet <trozet@redhat.com>
This commit is contained in:
Tim Rozet 2018-03-08 10:59:14 -05:00
parent 07857e3f87
commit df31016a9a
28 changed files with 61 additions and 2 deletions

View File

@ -117,6 +117,8 @@ outputs:
- /run/netns:/run/netns:shared - /run/netns:/run/netns:shared
environment: environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
metadata_settings:
get_attr: [NeutronL3Base, role_data, metadata_settings]
host_prep_tasks: host_prep_tasks:
list_concat: list_concat:
- {get_attr: [NeutronLogging, host_prep_tasks]} - {get_attr: [NeutronLogging, host_prep_tasks]}

View File

@ -115,6 +115,8 @@ outputs:
- /var/lib/neutron:/var/lib/neutron - /var/lib/neutron:/var/lib/neutron
environment: environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
metadata_settings:
get_attr: [NeutronMetadataBase, role_data, metadata_settings]
host_prep_tasks: host_prep_tasks:
list_concat: list_concat:
- {get_attr: [NeutronLogging, host_prep_tasks]} - {get_attr: [NeutronLogging, host_prep_tasks]}

View File

@ -155,6 +155,8 @@ outputs:
- /run/openvswitch:/run/openvswitch - /run/openvswitch:/run/openvswitch
environment: environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
metadata_settings:
get_attr: [NeutronOvsAgentBase, role_data, metadata_settings]
host_prep_tasks: {get_attr: [NeutronLogging, host_prep_tasks]} host_prep_tasks: {get_attr: [NeutronLogging, host_prep_tasks]}
upgrade_tasks: upgrade_tasks:
list_concat: list_concat:

View File

@ -95,6 +95,8 @@ outputs:
get_attr: [NeutronOvsAgentDockerBase, role_data, kolla_config] get_attr: [NeutronOvsAgentDockerBase, role_data, kolla_config]
docker_config: docker_config:
get_attr: [NeutronOvsAgentDockerBase, role_data, docker_config] get_attr: [NeutronOvsAgentDockerBase, role_data, docker_config]
metadata_settings:
get_attr: [NeutronOvsAgentDockerBase, role_data, metadata_settings]
host_prep_tasks: host_prep_tasks:
get_attr: [NeutronOvsAgentDockerBase, role_data, host_prep_tasks] get_attr: [NeutronOvsAgentDockerBase, role_data, host_prep_tasks]
upgrade_tasks: upgrade_tasks:

View File

@ -53,6 +53,8 @@ outputs:
logging_source: {get_attr: [NeutronMl2VtsBase, role_data, logging_source]} logging_source: {get_attr: [NeutronMl2VtsBase, role_data, logging_source]}
logging_groups: {get_attr: [NeutronMl2VtsBase, role_data, logging_groups]} logging_groups: {get_attr: [NeutronMl2VtsBase, role_data, logging_groups]}
service_config_settings: {get_attr: [NeutronMl2VtsBase, role_data, service_config_settings]} service_config_settings: {get_attr: [NeutronMl2VtsBase, role_data, service_config_settings]}
metadata_settings:
get_attr: [NeutronMl2VtsBase, role_data, metadata_settings]
# BEGIN DOCKER SETTINGS # BEGIN DOCKER SETTINGS
puppet_config: puppet_config:
config_volume: 'neutron' config_volume: 'neutron'

View File

@ -56,6 +56,8 @@ outputs:
logging_source: {get_attr: [NeutronBase, role_data, logging_source]} logging_source: {get_attr: [NeutronBase, role_data, logging_source]}
logging_groups: {get_attr: [NeutronBase, role_data, logging_groups]} logging_groups: {get_attr: [NeutronBase, role_data, logging_groups]}
service_config_settings: {get_attr: [NeutronBase, role_data, service_config_settings]} service_config_settings: {get_attr: [NeutronBase, role_data, service_config_settings]}
metadata_settings:
get_attr: [NeutronBase, role_data, metadata_settings]
# BEGIN DOCKER SETTINGS # BEGIN DOCKER SETTINGS
puppet_config: puppet_config:
config_volume: 'neutron' config_volume: 'neutron'

View File

@ -110,6 +110,8 @@ outputs:
environment: environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks: {get_attr: [NeutronLogging, host_prep_tasks]} host_prep_tasks: {get_attr: [NeutronLogging, host_prep_tasks]}
metadata_settings:
get_attr: [NeutronSriovAgentBase, role_data, metadata_settings]
upgrade_tasks: upgrade_tasks:
- name: Check if neutron_sriov_nic_agent is deployed - name: Check if neutron_sriov_nic_agent is deployed
command: systemctl is-enabled --quiet neutron-sriov-nic-agent command: systemctl is-enabled --quiet neutron-sriov-nic-agent

View File

@ -138,6 +138,8 @@ outputs:
- /run/netns:/run/netns:shared - /run/netns:/run/netns:shared
environment: environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
metadata_settings:
get_attr: [OVNMetadataBase, role_data, metadata_settings]
host_prep_tasks: host_prep_tasks:
list_concat: list_concat:
- {get_attr: [NeutronLogging, host_prep_tasks]} - {get_attr: [NeutronLogging, host_prep_tasks]}

View File

@ -92,3 +92,5 @@ outputs:
- {get_param: NeutronL3ComputeAgentLoggingSource} - {get_param: NeutronL3ComputeAgentLoggingSource}
step_config: | step_config: |
include tripleo::profile::base::neutron::l3 include tripleo::profile::base::neutron::l3
metadata_settings:
get_attr: [NeutronBase, role_data, metadata_settings]

View File

@ -131,3 +131,5 @@ outputs:
- step|int == 1 - step|int == 1
- neutron_l3_agent_enabled.rc == 0 - neutron_l3_agent_enabled.rc == 0
service: name=neutron-l3-agent state=stopped service: name=neutron-l3-agent state=stopped
metadata_settings:
get_attr: [NeutronBase, role_data, metadata_settings]

View File

@ -81,3 +81,5 @@ outputs:
horizon: horizon:
horizon::neutron_options: horizon::neutron_options:
enable_lb: True enable_lb: True
metadata_settings:
get_attr: [NeutronBase, role_data, metadata_settings]

View File

@ -86,3 +86,5 @@ outputs:
- neutron::agents::ml2::linuxbridge::firewall_driver: {get_param: NeutronLinuxbridgeFirewallDriver} - neutron::agents::ml2::linuxbridge::firewall_driver: {get_param: NeutronLinuxbridgeFirewallDriver}
step_config: | step_config: |
include ::tripleo::profile::base::neutron::linuxbridge include ::tripleo::profile::base::neutron::linuxbridge
metadata_settings:
get_attr: [NeutronBase, role_data, metadata_settings]

View File

@ -148,3 +148,5 @@ outputs:
- step|int == 1 - step|int == 1
- neutron_metadata_agent_enabled.rc == 0 - neutron_metadata_agent_enabled.rc == 0
service: name=neutron-metadata-agent state=stopped service: name=neutron-metadata-agent state=stopped
metadata_settings:
get_attr: [NeutronBase, role_data, metadata_settings]

View File

@ -184,3 +184,5 @@ outputs:
- step|int == 1 - step|int == 1
- neutron_ovs_agent_enabled.rc == 0 - neutron_ovs_agent_enabled.rc == 0
service: name=neutron-openvswitch-agent state=stopped service: name=neutron-openvswitch-agent state=stopped
metadata_settings:
get_attr: [NeutronBase, role_data, metadata_settings]

View File

@ -125,3 +125,5 @@ outputs:
step_config: {get_attr: [NeutronOvsAgent, role_data, step_config]} step_config: {get_attr: [NeutronOvsAgent, role_data, step_config]}
upgrade_tasks: upgrade_tasks:
get_attr: [Ovs, role_data, upgrade_tasks] get_attr: [Ovs, role_data, upgrade_tasks]
metadata_settings:
get_attr: [NeutronOvsAgent, role_data, metadata_settings]

View File

@ -85,3 +85,5 @@ outputs:
neutron::plugins::ml2::cisco::vts::vts_timeout: {get_param: VTSTimeout} neutron::plugins::ml2::cisco::vts::vts_timeout: {get_param: VTSTimeout}
step_config: | step_config: |
include ::tripleo::profile::base::neutron::plugins::ml2 include ::tripleo::profile::base::neutron::plugins::ml2
metadata_settings:
get_attr: [NeutronMl2Base, role_data, metadata_settings]

View File

@ -86,3 +86,5 @@ outputs:
neutron::plugins::ml2::fujitsu::cfab::save_config: {get_param: NeutronFujitsuCfabSaveConfig} neutron::plugins::ml2::fujitsu::cfab::save_config: {get_param: NeutronFujitsuCfabSaveConfig}
step_config: | step_config: |
include ::tripleo::profile::base::neutron::plugins::ml2 include ::tripleo::profile::base::neutron::plugins::ml2
metadata_settings:
get_attr: [NeutronMl2Base, role_data, metadata_settings]

View File

@ -90,4 +90,5 @@ outputs:
neutron::plugins::ml2::fujitsu::fossw::ovsdb_port: {get_param: NeutronFujitsuFosswOvsdbPort} neutron::plugins::ml2::fujitsu::fossw::ovsdb_port: {get_param: NeutronFujitsuFosswOvsdbPort}
step_config: | step_config: |
include ::tripleo::profile::base::neutron::plugins::ml2 include ::tripleo::profile::base::neutron::plugins::ml2
metadata_settings:
get_attr: [NeutronMl2Base, role_data, metadata_settings]

View File

@ -109,3 +109,5 @@ outputs:
nova::patch::config::monkey_patch_modules: {get_param: NovaPatchConfigMonkeyPatchModules} nova::patch::config::monkey_patch_modules: {get_param: NovaPatchConfigMonkeyPatchModules}
step_config: | step_config: |
include tripleo::profile::base::neutron::plugins::ml2 include tripleo::profile::base::neutron::plugins::ml2
metadata_settings:
get_attr: [NeutronMl2Base, role_data, metadata_settings]

View File

@ -71,3 +71,5 @@ outputs:
- {} - {}
step_config: | step_config: |
include ::tripleo::profile::base::neutron::plugins::ml2 include ::tripleo::profile::base::neutron::plugins::ml2
metadata_settings:
get_attr: [NeutronMl2Base, role_data, metadata_settings]

View File

@ -103,3 +103,5 @@ outputs:
neutron::plugins::ml2::ovn::dvr_enabled: {get_param: NeutronEnableDVR} neutron::plugins::ml2::ovn::dvr_enabled: {get_param: NeutronEnableDVR}
step_config: | step_config: |
include ::tripleo::profile::base::neutron::plugins::ml2 include ::tripleo::profile::base::neutron::plugins::ml2
metadata_settings:
get_attr: [NeutronMl2Base, role_data, metadata_settings]

View File

@ -118,3 +118,5 @@ outputs:
service_config_settings: service_config_settings:
horizon: horizon:
neutron::plugins::ml2::mechanism_drivers: {get_param: NeutronMechanismDrivers} neutron::plugins::ml2::mechanism_drivers: {get_param: NeutronMechanismDrivers}
metadata_settings:
get_attr: [NeutronBase, role_data, metadata_settings]

View File

@ -97,3 +97,5 @@ outputs:
nova::api::use_forwarded_for: {get_param: UseForwardedFor} nova::api::use_forwarded_for: {get_param: UseForwardedFor}
step_config: | step_config: |
include tripleo::profile::base::neutron::plugins::nuage include tripleo::profile::base::neutron::plugins::nuage
metadata_settings:
get_attr: [NeutronBase, role_data, metadata_settings]

View File

@ -131,3 +131,5 @@ outputs:
- step|int == 1 - step|int == 1
- neutron_sriov_nic_agent_enabled.rc == 0 - neutron_sriov_nic_agent_enabled.rc == 0
service: name=neutron-sriov-nic-agent state=stopped service: name=neutron-sriov-nic-agent state=stopped
metadata_settings:
get_attr: [NeutronBase, role_data, metadata_settings]

View File

@ -78,3 +78,5 @@ outputs:
- get_attr: [RoleParametersValue, value] - get_attr: [RoleParametersValue, value]
step_config: | step_config: |
include ::tripleo::host::sriov include ::tripleo::host::sriov
metadata_settings:
get_attr: [NeutronBase, role_data, metadata_settings]

View File

@ -59,3 +59,5 @@ outputs:
- tripleo::profile::base::neutron::agents::vpp::physnet_mapping: {get_param: NeutronVPPAgentPhysnets} - tripleo::profile::base::neutron::agents::vpp::physnet_mapping: {get_param: NeutronVPPAgentPhysnets}
step_config: | step_config: |
include ::tripleo::profile::base::neutron::agents::vpp include ::tripleo::profile::base::neutron::agents::vpp
metadata_settings:
get_attr: [NeutronBase, role_data, metadata_settings]

View File

@ -124,3 +124,5 @@ outputs:
- step|int == 1 - step|int == 1
- neutron_metadata_agent_enabled.rc == 0 - neutron_metadata_agent_enabled.rc == 0
service: name=networking-ovn-metadata-agent state=stopped service: name=networking-ovn-metadata-agent state=stopped
metadata_settings:
get_attr: [NeutronBase, role_data, metadata_settings]

View File

@ -0,0 +1,6 @@
---
fixes:
- |
Fixes failure to create Neutron certificates for roles which do not
contain Neutron DHCP agent, but include other Neutron agents
(i.e. default Compute role).