Implement plugin actions: install package, configure nsx.ini

Implement two deployment actions:
* python-vmware-nsx (contains Neutron NSX plugin) installation
* pass UI parameters into nsx.ini file

Plugin contains custom type `nsx_config' to configure settings in
nsx.ini file.

Plugin reuses network:neutron:core:nsx component due to a hardcoded
restriction in fuel UI. This makes impossible simultaneous usage of
NSX-T and NSXv plugins.

Change-Id: I963a9a8c1d5d8c27324bf01a6ae10be23075f413

README.md

@@ -1,4 +1,5 @@
-nsx
-============
+Fuel NSX-T plugin
+=================
 
-Plugin description
+The plugin allows Fuel deployment engineers install OpenStack that will use
+VMware NSX Transformers as network backend for Neutron.

components.yaml

@@ -1,12 +1,15 @@
-# This file contains wizard components descriptions that are pretty similar to
-# the `environment_config.yaml`.
-# Please, take a look at following link for the details:
-# - https://blueprints.launchpad.net/fuel/+spec/component-registry
-# - https://specs.openstack.org/openstack/fuel-specs/specs/8.0/component-registry.html
-
-- name: additional_service:nsx
-  compatible: []
+- name: network:neutron:core:nsx
+  label: "Neutron with NSX-T plugin"
+  description: "NSX Transformers uses STT tunneling protocol. NSX must be up and running before OpenStack deployment!"
+  bind: !!pairs
+    - "cluster:net_segment_type": "tun"
+  compatible:
+    - name: "hypervisor:vmware"
+    - name: "hypervisor:qemu"
+    - name: "storage:block:lvm"
+    - name: "storage:image:ceph"
+    - name: "storage:object:ceph"
   requires: []
-  incompatible: []
-  label: "Plugin label, that will be shown on UI"
-  description: "Component description (optional)"
+  incompatible:
+    - name: "additional_service:ironic"
+

deployment_scripts/deploy.sh

@@ -1,4 +0,0 @@
-#!/bin/bash
-
-# It's a script which deploys your plugin
-echo nsx > /tmp/nsx

deployment_scripts/puppet/manifests/configure-plugin.pp

@@ -0,0 +1,36 @@
+notice('fuel-plugin-nsx-t: configure-plugin.pp')
+
+include ::nsxt::params
+
+file { $::nsxt::params::nsx_plugin_dir:
+  ensure => directory,
+}
+
+file { $::nsxt::params::nsx_plugin_config:
+  ensure  => present,
+  content => template("nsxt/nsx.ini")
+}
+
+
+$settings     = hiera($::nsxt::params::hiera_key)
+$managers     = $settings['nsx_api_managers']
+$user         = $settings['nsx_api_user']
+$password     = $settings['nsx_api_password']
+$overlay_tz   = $settings['default_overlay_tz_uuid']
+$vlan_tz      = $settings['default_vlan_tz_uuid']
+$tier0_router = $settings['default_tier0_router_uuid']
+$edge_cluster = $settings['default_edge_cluster_uuid']
+
+nsx_config {
+  'nsx_v3/nsx_api_managers':          value => $managers;
+  'nsx_v3/nsx_api_user':              value => $user;
+  'nsx_v3/nsx_api_password':          value => $password;
+  'nsx_v3/default_overlay_tz_uuid':   value => $overlay_tz;
+  'nsx_v3/default_vlan_tz_uuid':      value => $vlan_tz;
+  'nsx_v3/default_tier0_router_uuid': value => $tier0_router;
+  'nsx_v3/default_edge_cluster_uuid': value => $edge_cluster;
+}
+
+File[$::nsxt::params::nsx_plugin_dir]->
+File[$::nsxt::params::nsx_plugin_config]->
+Nsx_config<||>

deployment_scripts/puppet/manifests/install-nsx-plugin.pp

@@ -0,0 +1,7 @@
+notice('fuel-plugin-nsx-t: install-nsx-plugin.pp')
+
+include ::nsxt::params
+
+package { $::nsxt::params::plugin_package:
+  ensure => present,
+}

deployment_scripts/puppet/modules/nsxt/lib/puppet/provider/nsx_config/ini_setting.rb

@@ -0,0 +1,13 @@
+Puppet::Type.type(:nsx_config).provide(
+  :ini_setting,
+  :parent => Puppet::Type.type(:openstack_config).provider(:ini_setting)
+) do
+
+  def file_path
+    '/etc/neutron/plugins/vmware/nsx.ini'
+  end
+
+  def separator
+    ' = '
+  end
+end

deployment_scripts/puppet/modules/nsxt/lib/puppet/type/nsx_config.rb

@@ -0,0 +1,28 @@
+Puppet::Type::newtype(:nsx_config) do
+
+  ensurable
+
+  newparam(:name, :namevar => true) do
+    desc 'Section name to manage from nsx.ini'
+    newvalues(/\S+\/\S+/)
+  end
+
+  newparam(:secret, :boolean => true) do
+    newvalues(:true, :false)
+
+    defaultto false
+  end
+
+  newparam(:ensure_absent_val) do
+    defaultto('<DEFAULT>')
+  end
+
+  newproperty(:value) do
+    munge do |value|
+      value = value.to_s.strip
+      value
+    end
+    newvalues(/^[\S ]*$/)
+
+  end
+end

deployment_scripts/puppet/modules/nsxt/manifests/params.pp

@@ -0,0 +1,7 @@
+class nsxt::params {
+  $hiera_key          = 'nsx-t'
+  $plugin_package     = 'python-vmware-nsx'
+  $core_plugin        = 'vmware_nsx.plugin.NsxV3Plugin'
+  $nsx_plugin_dir     = '/etc/neutron/plugins/vmware'
+  $nsx_plugin_config  = '/etc/neutron/plugins/vmware/nsx.ini'
+}

deployment_scripts/puppet/modules/nsxt/templates/nsx.ini

@@ -0,0 +1,89 @@
+[nsx_v3]
+# IP address of one or more NSX managers separated by commas.
+# The IP address should be of the form:
+#   [<scheme>://]<ip_adress>[:<port>]
+# If scheme is not provided https is used. If port is not provided
+# port 80 is used for http and port 443 for https.
+nsx_api_managers =
+
+# User name of NSX Manager
+nsx_api_user =
+
+# Password of NSX Manager
+nsx_api_password =
+
+# UUID of the default NSX overlay transport zone that will be used for creating
+# tunneled isolated Neutron networks. If no physical network is specified when
+# creating a logical network, this transport zone will be used by default
+default_overlay_tz_uuid =
+
+# (Optional) Only required when creating VLAN or flat provider networks. UUID
+# of default NSX VLAN transport zone that will be used for bridging between
+# Neutron networks, if no physical network has been specified
+default_vlan_tz_uuid =
+
+# Default Edge Cluster Identifier
+default_edge_cluster_uuid =
+
+# Maximum number of times to retry API requests upon stale revision errors.
+# retries = 10
+
+# Specify a CA bundle file to use in verifying the NSX Manager
+# server certificate. This option is ignored if "insecure" is set to True.
+# If "insecure" is set to False and ca_file is unset, the system root CAs
+# will be used to verify the server certificate.
+# ca_file =
+
+# If true, the NSX Manager server certificate is not verified. If false
+# the CA bundle specified via "ca_file" will be used or if unset the
+# default system root CAs will be used.
+# insecure = True
+
+# The time in seconds before aborting a HTTP connection to a NSX manager.
+http_timeout = 10
+
+# The time in seconds before aborting a HTTP read response from a NSX manager.
+http_read_timeout = 180
+
+# Maximum number of times to retry a HTTP connection.
+http_retries = 3
+
+# Maximum number of connection connections to each NSX manager.
+concurrent_connections = 10
+
+# The amount of time in seconds to wait before ensuring connectivity to
+# the NSX manager if no manager connection has been used.
+conn_idle_timeout = 10
+
+# UUID of the default tier0 router that will be used for connecting to
+# tier1 logical routers and configuring external networks
+default_tier0_router_uuid =
+
+# (Optional) UUID of the default NSX bridge cluster that will be used to
+# perform L2 gateway bridging between VXLAN and VLAN networks. It is an
+# optional field. If default bridge cluster UUID is not specified, admin will
+# have to manually create a L2 gateway corresponding to a NSX Bridge Cluster
+# using L2 gateway APIs. This field must be specified on one of the active
+# neutron servers only.
+# default_bridge_cluster_uuid =
+
+# (Optional) The number of nested groups which are used by the plugin,
+# each Neutron security-groups is added to one nested group, and each nested
+# group can contain as maximum as 500 security-groups, therefore, the maximum
+# number of security groups that can be created is
+# 500 * number_of_nested_groups.
+# The default is 8 nested groups, which allows a maximum of 4k security-groups,
+# to allow creation of more security-groups, modify this figure.
+# number_of_nested_groups =
+
+# Acceptable values for 'metadata_mode' are:
+#   - 'access_network': this enables a dedicated connection to the metadata
+#     proxy for metadata server access via Neutron router.
+#   - 'dhcp_host_route': this enables host route injection via the dhcp agent.
+# This option is only useful if running on a host that does not support
+# namespaces otherwise access_network should be used.
+# metadata_mode = access_network
+
+# If True, an internal metadata network will be created for a router only when
+# the router is attached to a DHCP-disabled subnet.
+# metadata_on_demand = False

deployment_tasks.yaml

@@ -1,62 +1,29 @@
-# These tasks will be merged into deployment graph. Here you
-# can specify new tasks for any roles, even built-in ones.
-
-- id: nsx_role
-  type: group
-  role: [nsx_role]
-  parameters:
-    strategy:
-      type: parallel
-
-- id: nsx-deployment-puppet
-  type: puppet
-  role: [nsx_role]
-
-# If you do not want to use task-based deployment that is introduced as experimental
-# in fuel v8.0 comment code section below this comment, uncomment two lines below it
-# and do the same for tasks below.
-
+- id: nsx-t-install-plugin
   version: 2.0.0
-  cross-depends:
-    - name: deploy_start
-  cross-depended-by:
-    - name: deploy_end
-#  requires: [deploy_start] # version 1.0.0
-#  required_for: [deploy_end]
-
+  type: puppet
+  groups:
+    - primary-controller
+    - controller
+  required_for:
+    - nsx-t-configure-plugin
+  requires:
+    - openstack-network-common-config
   parameters:
-    puppet_manifest: "deploy.pp"
-    puppet_modules: "."
-    timeout: 3600
+    puppet_manifest: puppet/manifests/install-nsx-plugin.pp
+    puppet_modules: puppet/modules
+    timeout: 60
 
-#- id: nsx-post-deployment-sh
-#  type: shell
-#  role: [nsx_role]
-#  version: 2.0.0
-#  cross-depends:
-#    - name: post_deployment_start
-#  cross-depended-by:
-#    - name: post_deployment_end
-# #  requires: [post_deployment_start]
-# #  required_for: [post_deployment_end]
-#  parameters:
-#    cmd: echo post_deployment_task_executed > /tmp/post_deployment
-#    retries: 3
-#    interval: 20
-#    timeout: 180
-
-#- id: nsx-pre-deployment-sh
-#  type: shell
-#  role: [nsx_role]
-#  version: 2.0.0
-#  cross-depends:
-#    - name: pre_deployment_start
-#  cross-depended-by:
-#    - name: pre_deployment_end
-# #  requires: [pre_deployment_start]
-# #  required_for: [pre_deployment_end]
-#  parameters:
-#    cmd: echo pre_deployment_task_executed > /tmp/pre_deployment
-#    retries: 3
-#    interval: 20
-#    timeout: 180
+- id: nsx-t-configure-plugin
+  version: 2.0.0
+  type: puppet
+  groups:
+    - primary-controller
+    - controller
+  required_for:
+    - openstack-network-neutron-start
+  requires:
+    - openstack-network-server-nova
+  parameters:
+    puppet_manifest: puppet/manifests/configure-plugin.pp
+    puppet_modules: puppet/modules:/etc/puppet/modules
+    timeout: 60

environment_config.yaml

@@ -1,11 +1,64 @@
 attributes:
   metadata:
-    # Settings group can be one of "general", "security", "compute", "network",
-    # "storage", "logging", "openstack_services" and "other".
-    group: 'other'
-  nsx_text:
-    value: 'Set default value'
-    label: 'Text field'
-    description: 'Description for text field'
+    group: network
+  nsx_api_managers:
+    value: ''
+    label: 'NSX Manager'
+    description: 'Multiple IP addresses can be separated by commas'
+    weight: 10
+    type: "text"
+    regex:
+      source: &non_empty '^.+$'
+      error: 'Enter IPv4 address'
+  nsx_api_user:
+    value: admin
+    label: 'User'
+    description: ''
+    weight: 15
+    type: "text"
+    regex:
+      source: *non_empty
+      error: 'User field cannot be empty'
+  nsx_api_password:
+    value: ''
+    label: 'Password'
+    description: ''
+    weight: 20
+    type: "password"
+    regex:
+      source: *non_empty
+      error: 'Password field cannot be empty'
+  default_overlay_tz_uuid:
+    value: ''
+    label: 'Overlay transport zone ID'
+    description: ''
     weight: 25
     type: "text"
+    regex:
+      source: &uuid '[a-f0-9]{8}-[a-f0-9]{4}-4[a-f0-9]{3}-[89ab][a-f0-9]{3}-[a-f0-9]{12}'
+      error: 'Enter transport zone UUID'
+  default_vlan_tz_uuid:
+    value: ''
+    label: 'VLAN transport zone ID'
+    description: ''
+    weight: 30
+    type: "text"
+    regex:
+      source: *uuid
+      error: 'Enter transport zone UUID'
+  default_tier0_router_uuid:
+    value: ''
+    label: 'Tier-0 router ID'
+    weight: 35
+    regex:
+      source: *uuid
+      error: 'Enter tier-0 router UUID'
+    type: "text"
+  default_edge_cluster_uuid:
+    value: ''
+    label: 'Edge cluster'
+    weight: 40
+    regex:
+      source: *uuid
+      error: 'Enter cluster UUID'
+    type: "text"

metadata.yaml

@@ -1,26 +1,14 @@
-# Plugin name
-name: nsx
-# Human-readable name for your plugin
-title: Title for nsx plugin
-# Plugin version
+name: nsx-t
+title: NSX Transformers plugin
 version: '1.0.0'
-# Description
-description: Please describe your plugin here
-# Required fuel version
-fuel_version: ['8.0']
-# Specify license of your plugin
+description: ''
+fuel_version: ['9.0']
 licenses: ['Apache License Version 2.0']
-# Specify author or company name
-authors: ['Specify author or company name']
-# A link to the plugin's page
-homepage: 'https://github.com/openstack/fuel-plugins'
-# Specify a group which your plugin implements, possible options:
-# network, storage, storage::cinder, storage::glance, hypervisor,
-# equipment
-groups: []
-# Change `false` to `true` if the plugin can be installed in the environment
-# after the deployment.
-is_hotpluggable: false
+authors:
+  - 'Artem Savinov, Mirantis'
+  - 'Igor Zinovik, Mirantis'
+homepage: https://github.com/openstack/fuel-plugin-nsx-t
+groups: ['network']
 
 # The plugin is compatible with releases in the list
 releases:
@@ -32,3 +20,4 @@ releases:
 
 # Version of plugin package
 package_version: '4.0.0'
+is_hotpluggable: false

network_roles.yaml

@@ -1,15 +0,0 @@
-# Unique network role name
-- id: "example_net_role"
-  # Role mapping to network
-  default_mapping: "public"
-  properties:
-    # Should be true if network role requires subnet being set
-    subnet: true
-    # Should be true if network role requires gateway being set
-    gateway: false
-    # List of VIPs to be allocated
-    vip:
-         # Unique VIP name
-       - name: "vip_name"
-         # Optional linux namespace for VIP
-         namespace: "haproxy"

node_roles.yaml

@@ -1,13 +0,0 @@
-nsx_role:
-  # Role name
-  name: "Set here the name for the role. This name will be displayed in the Fuel web UI"
-  # Role description
-  description: "Write description for your role"
-  # If primary then during orchestration this role will be
-  # separated into primary-role and role
-  has_primary: false
-  # Assign public IP to node if true
-  public_ip_required: false
-  # Weight that will be used to sort out the
-  # roles on the Fuel web UI
-  weight: 1000

tasks.yaml

@@ -1,26 +0,0 @@
-# WARNING: `tasks.yaml` will be deprecated in further releases.
-# Please, use `deployment_tasks.yaml` to describe tasks instead.
-
-# This tasks will be applied on controller nodes,
-# here you can also specify several roles, for example
-# ['cinder', 'compute'] will be applied only on
-# cinder and compute nodes
-- role: ['controller']
-  stage: post_deployment
-  type: shell
-  parameters:
-    cmd: bash deploy.sh
-    timeout: 42
-# Task is applied for all roles
-- role: '*'
-  stage: pre_deployment
-  type: shell
-  parameters:
-    cmd: echo all > /tmp/plugin.all
-    timeout: 42
-# "reboot" task reboots the nodes and waits until they get back online
-# - role: '*'
-#   stage: pre_deployment
-#   type: reboot
-#   parameters:
-#     timeout: 600

volumes.yaml

@@ -1,7 +0,0 @@
-volumes_roles_mapping:
-  # Default role mapping
-  nsx_role:
-    - {allocate_size: "min", id: "os"}
-
-# Set here new volumes for your role
-volumes: []