[openstack-puppet-modules/f22] Update to upstream 2014.2.11
Lukas Bezdicka
social at fedoraproject.org
Fri Mar 6 17:43:53 UTC 2015
commit 8d4762e40ec397311adcb01b77b604aa5738fc71
Author: Lukas Bezdicka <lbezdick at redhat.com>
Date: Fri Mar 6 18:31:32 2015 +0100
Update to upstream 2014.2.11
...-horizon-Change-default-documentation-URL.patch | 2 +-
0002-rabbitmq-Don-t-manage-RabbitMQ-repos.patch | 2 +-
0003-openstack-Set-default-charset-to-utf8.patch | 2 +-
0004-keystone-Add-manage_service-feature.patch | 2 +-
....patch => 0005-Add-manage_service-feature.patch | 2 +-
... 0006-Fix-against-mongodb-2.6.5-from-epel.patch | 2 +-
...ch => 0007-Fix-support-for-Fedora-Rawhide.patch | 2 +-
...h => 0008-Adds-filtering-for-BONDING-LACP.patch | 2 +-
...as-invalid.patch => 0009-JSON-was-invalid.patch | 2 +-
...-control_exchange-in-the-main-config-file.patch | 34 +++
...VS-mechanism-agent-configs-in-its-config-.patch | 161 +++++++----
...nfigure-auth-via-conf-file-not-paste-file.patch | 63 -----
0012-Create-resource-cache-upon-creation.patch | 218 +++++++++++++++
...-control_exchange-in-the-main-config-file.patch | 47 ----
0013-Fix-rabbitmq-support.patch | 308 +++++++++++++++++++++
0013-Support-Neutron.patch | 50 ----
..._ssl_-parameters-optional-when-rabbit_use.patch | 148 ----------
...LSv1-as-SSLv3-is-considered-insecure-and-.patch | 64 +++++
...LSv1-as-SSLv3-is-considered-insecure-and-.patch | 82 ------
...d-Ironic-support-into-nova-puppet-modules.patch | 144 ----------
0017-Fix-prefetch-refresh-for-providers.patch | 84 ------
openstack-puppet-modules.spec | 39 +--
sources | 2 +-
23 files changed, 766 insertions(+), 696 deletions(-)
---
diff --git a/0001-horizon-Change-default-documentation-URL.patch b/0001-horizon-Change-default-documentation-URL.patch
index 6c44c6b..aeffed7 100644
--- a/0001-horizon-Change-default-documentation-URL.patch
+++ b/0001-horizon-Change-default-documentation-URL.patch
@@ -1,4 +1,4 @@
-From 82ec48214a6d29f6eb3d7dca60db1458e4a2e875 Mon Sep 17 00:00:00 2001
+From d0018c70e718ce0cb3b34a026630b0a66e9972e2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Martin=20M=C3=A1gr?= <mmagr at redhat.com>
Date: Fri, 3 Oct 2014 19:18:45 +0200
Subject: [PATCH] [horizon] Change default documentation URL
diff --git a/0002-rabbitmq-Don-t-manage-RabbitMQ-repos.patch b/0002-rabbitmq-Don-t-manage-RabbitMQ-repos.patch
index c207c26..da2ab71 100644
--- a/0002-rabbitmq-Don-t-manage-RabbitMQ-repos.patch
+++ b/0002-rabbitmq-Don-t-manage-RabbitMQ-repos.patch
@@ -1,4 +1,4 @@
-From 17bf7e482c1fddd92e2d10f146871343aadbac0f Mon Sep 17 00:00:00 2001
+From fd5574e61260b16619aa1668c8d65b158ba4c24a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Martin=20M=C3=A1gr?= <mmagr at redhat.com>
Date: Fri, 3 Oct 2014 19:26:49 +0200
Subject: [PATCH] [rabbitmq] Don't manage RabbitMQ repos
diff --git a/0003-openstack-Set-default-charset-to-utf8.patch b/0003-openstack-Set-default-charset-to-utf8.patch
index d551b87..da574ed 100644
--- a/0003-openstack-Set-default-charset-to-utf8.patch
+++ b/0003-openstack-Set-default-charset-to-utf8.patch
@@ -1,4 +1,4 @@
-From b918c515967d11adc37e110978cfed390e19bd07 Mon Sep 17 00:00:00 2001
+From 62b097624d411275d727da99bd5f2f33ff268ffe Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Martin=20M=C3=A1gr?= <mmagr at redhat.com>
Date: Fri, 3 Oct 2014 19:56:51 +0200
Subject: [PATCH] [openstack] Set default charset to utf8
diff --git a/0004-keystone-Add-manage_service-feature.patch b/0004-keystone-Add-manage_service-feature.patch
index ddd2215..04660fc 100644
--- a/0004-keystone-Add-manage_service-feature.patch
+++ b/0004-keystone-Add-manage_service-feature.patch
@@ -1,4 +1,4 @@
-From 08c5bcc85662885bb62be0a00fb17645f41e22ac Mon Sep 17 00:00:00 2001
+From 3e85b0406d84b22dd986233f1466ec26d7a03ece Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Martin=20M=C3=A1gr?= <mmagr at redhat.com>
Date: Fri, 3 Oct 2014 20:32:27 +0200
Subject: [PATCH] [keystone] Add manage_service feature
diff --git a/0006-Add-manage_service-feature.patch b/0005-Add-manage_service-feature.patch
similarity index 99%
rename from 0006-Add-manage_service-feature.patch
rename to 0005-Add-manage_service-feature.patch
index 3882a53..1ee7daa 100644
--- a/0006-Add-manage_service-feature.patch
+++ b/0005-Add-manage_service-feature.patch
@@ -1,4 +1,4 @@
-From 28a20642294523a0b42d9404185a1f90c4370d90 Mon Sep 17 00:00:00 2001
+From 7cba33122de4045f52ca88b1dc6053ee66c842c9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Martin=20M=C3=A1gr?= <mmagr at redhat.com>
Date: Mon, 22 Sep 2014 15:50:38 +0200
Subject: [PATCH] Add manage_service feature
diff --git a/0007-Fix-against-mongodb-2.6.5-from-epel.patch b/0006-Fix-against-mongodb-2.6.5-from-epel.patch
similarity index 95%
rename from 0007-Fix-against-mongodb-2.6.5-from-epel.patch
rename to 0006-Fix-against-mongodb-2.6.5-from-epel.patch
index 23d5359..e254375 100644
--- a/0007-Fix-against-mongodb-2.6.5-from-epel.patch
+++ b/0006-Fix-against-mongodb-2.6.5-from-epel.patch
@@ -1,4 +1,4 @@
-From 6072fa1fa5974daf23c5f222c1145a07414f5b3c Mon Sep 17 00:00:00 2001
+From fa65712116ff5745710731ed511e52989fbcacf0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ivan=20Ne=C4=8Das?= <inecas at redhat.com>
Date: Tue, 25 Nov 2014 18:14:37 +0100
Subject: [PATCH] Fix against mongodb 2.6.5 from epel
diff --git a/0008-Fix-support-for-Fedora-Rawhide.patch b/0007-Fix-support-for-Fedora-Rawhide.patch
similarity index 97%
rename from 0008-Fix-support-for-Fedora-Rawhide.patch
rename to 0007-Fix-support-for-Fedora-Rawhide.patch
index f60cfc8..1fbae94 100644
--- a/0008-Fix-support-for-Fedora-Rawhide.patch
+++ b/0007-Fix-support-for-Fedora-Rawhide.patch
@@ -1,4 +1,4 @@
-From 91378e08eaf7b733956a0cdb57431c75ed1e84c7 Mon Sep 17 00:00:00 2001
+From b2af78d33bdb9bf5b801c4ed32cb0196a99c6e11 Mon Sep 17 00:00:00 2001
From: Lukas Bezdicka <lbezdick at redhat.com>
Date: Mon, 8 Dec 2014 13:02:02 -0500
Subject: [PATCH] Fix support for Fedora Rawhide
diff --git a/0009-Adds-filtering-for-BONDING-LACP.patch b/0008-Adds-filtering-for-BONDING-LACP.patch
similarity index 97%
rename from 0009-Adds-filtering-for-BONDING-LACP.patch
rename to 0008-Adds-filtering-for-BONDING-LACP.patch
index a4ee6ce..e6dc836 100644
--- a/0009-Adds-filtering-for-BONDING-LACP.patch
+++ b/0008-Adds-filtering-for-BONDING-LACP.patch
@@ -1,4 +1,4 @@
-From 1e2179ae1b7ff6a61a0058943c4d3f0f87a14206 Mon Sep 17 00:00:00 2001
+From 65a91e9e79684ce4e2bf28d39bda459e80ef1f92 Mon Sep 17 00:00:00 2001
From: Gilles Dubreuil <gilles at redhat.com>
Date: Mon, 8 Dec 2014 15:39:04 +1100
Subject: [PATCH] Adds filtering for BONDING (LACP)
diff --git a/0010-JSON-was-invalid.patch b/0009-JSON-was-invalid.patch
similarity index 94%
rename from 0010-JSON-was-invalid.patch
rename to 0009-JSON-was-invalid.patch
index cab4023..a638619 100644
--- a/0010-JSON-was-invalid.patch
+++ b/0009-JSON-was-invalid.patch
@@ -1,4 +1,4 @@
-From d1e8116c8b6f49fd052685b0cb2cf53cd949aba1 Mon Sep 17 00:00:00 2001
+From 13301ae591184a3fcc39d3f066455a17e388ab36 Mon Sep 17 00:00:00 2001
From: Gilles Dubreuil <gilles at redhat.com>
Date: Fri, 12 Dec 2014 15:40:58 +1100
Subject: [PATCH] JSON was invalid
diff --git a/0010-Set-control_exchange-in-the-main-config-file.patch b/0010-Set-control_exchange-in-the-main-config-file.patch
new file mode 100644
index 0000000..02729a2
--- /dev/null
+++ b/0010-Set-control_exchange-in-the-main-config-file.patch
@@ -0,0 +1,34 @@
+From 4b1c8c24fb52259a3c5c7b74be06439eaae59958 Mon Sep 17 00:00:00 2001
+From: Solly Ross <sross at redhat.com>
+Date: Tue, 16 Dec 2014 15:40:19 -0500
+Subject: [PATCH] Set control_exchange in the main config file
+
+`control_exchange = trove` should be set in the main config file.
+
+Change-Id: I559f440a2aed76968bcdce18384f8707febb1f21
+---
+ trove/manifests/init.pp | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/trove/manifests/init.pp b/trove/manifests/init.pp
+index 816be7b..8cfd011 100644
+--- a/trove/manifests/init.pp
++++ b/trove/manifests/init.pp
+@@ -139,6 +139,9 @@
+ # [*control_exchange*]
+ # (optional) Control exchange.
+ # Defaults to 'trove'.
++# [*use_neutron*]
++# (optional) Use Neutron
++# Defaults to true
+ #
+ # [*use_neutron*]
+ # (optional) Use Neutron
+@@ -171,6 +174,7 @@ class trove(
+ $use_neutron = true,
+ # DEPRECATED PARAMETERS
+ $mysql_module = undef,
++ $use_neutron = true,
+ ) {
+ include trove::params
+
diff --git a/0005-Configure-OVS-mechanism-agent-configs-in-its-config-.patch b/0011-Configure-OVS-mechanism-agent-configs-in-its-config-.patch
similarity index 66%
rename from 0005-Configure-OVS-mechanism-agent-configs-in-its-config-.patch
rename to 0011-Configure-OVS-mechanism-agent-configs-in-its-config-.patch
index ca3e5d1..cb97d62 100644
--- a/0005-Configure-OVS-mechanism-agent-configs-in-its-config-.patch
+++ b/0011-Configure-OVS-mechanism-agent-configs-in-its-config-.patch
@@ -1,10 +1,13 @@
-From 7c4b494dd4966b914a50d6c9e1f5f88aaa9a4460 Mon Sep 17 00:00:00 2001
+From e43a199969a1871a0cacfd381105bc6865782379 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mathieu=20Gagne=CC=81?= <mgagne at iweb.com>
Date: Wed, 9 Jul 2014 20:44:07 -0400
Subject: [PATCH] Configure OVS mechanism agent configs in its config file
Configurations for the OVS agent should go in its config file:
/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini
+but as packaging is broken and different in Ubuntu and Redhat
+we have to use new neutron_agent_ovs provider to configure
+ovs agent correctly.
Therefore, we should not remove the agent config file and
replace it with a symlink to plugin.ini or ml2_conf.ini.
@@ -13,17 +16,80 @@ Those config files are meant to be used by the core plugin itself
in neutron-server, not the agents themselves.
- Remove symlink creation from ovs_neutron_plugin.ini to plugin.ini
-- Use neutron_plugin_ovs to configure OVS mechanism agent configs
+- Use neutron_agent_ovs to configure OVS mechanism agent configs
Change-Id: I53d9b923784587e8a2a934f004a3b054c716daaa
Signed-off-by: Gael Chamoulaud <gchamoul at redhat.com>
+
+Conflicts:
+ neutron/manifests/agents/ml2/ovs.pp
---
- neutron/manifests/agents/ml2/ovs.pp | 39 +++++--------
- .../spec/classes/neutron_agents_ml2_ovs_spec.rb | 68 +++++++++-------------
- 2 files changed, 41 insertions(+), 66 deletions(-)
+ .../provider/neutron_agent_ovs/ini_setting.rb | 26 ++++++++++
+ neutron/lib/puppet/type/neutron_agent_ovs.rb | 18 +++++++
+ neutron/manifests/agents/ml2/ovs.pp | 43 ++++++----------
+ .../spec/classes/neutron_agents_ml2_ovs_spec.rb | 59 ++++++++++------------
+ 4 files changed, 87 insertions(+), 59 deletions(-)
+ create mode 100644 neutron/lib/puppet/provider/neutron_agent_ovs/ini_setting.rb
+ create mode 100644 neutron/lib/puppet/type/neutron_agent_ovs.rb
+diff --git a/neutron/lib/puppet/provider/neutron_agent_ovs/ini_setting.rb b/neutron/lib/puppet/provider/neutron_agent_ovs/ini_setting.rb
+new file mode 100644
+index 0000000..47ae0d6
+--- /dev/null
++++ b/neutron/lib/puppet/provider/neutron_agent_ovs/ini_setting.rb
+@@ -0,0 +1,26 @@
++Puppet::Type.type(:neutron_agent_ovs).provide(
++ :ini_setting,
++ :parent => Puppet::Type.type(:ini_setting).provider(:ruby)
++) do
++
++ def section
++ resource[:name].split('/', 2).first
++ end
++
++ def setting
++ resource[:name].split('/', 2).last
++ end
++
++ def separator
++ '='
++ end
++
++ def file_path
++ if Facter['osfamily'].value == 'Debian'
++ '/etc/neutron/plugins/ml2/ml2_conf.ini'
++ else
++ '/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini'
++ end
++ end
++
++end
+diff --git a/neutron/lib/puppet/type/neutron_agent_ovs.rb b/neutron/lib/puppet/type/neutron_agent_ovs.rb
+new file mode 100644
+index 0000000..a2c74f1
+--- /dev/null
++++ b/neutron/lib/puppet/type/neutron_agent_ovs.rb
+@@ -0,0 +1,18 @@
++Puppet::Type.newtype(:neutron_agent_ovs) do
++
++ ensurable
++
++ newparam(:name, :namevar => true) do
++ desc 'Section/setting name to manage from ovs agent config.'
++ newvalues(/\S+\/\S+/)
++ end
++
++ newproperty(:value) do
++ desc 'The value of the setting to be defined.'
++ munge do |value|
++ value = value.to_s.strip
++ value.capitalize! if value =~ /^(true|false)$/i
++ value
++ end
++ end
++end
diff --git a/neutron/manifests/agents/ml2/ovs.pp b/neutron/manifests/agents/ml2/ovs.pp
-index 709a87f..9a61dff 100644
+index 4dae4f6..a2fb198 100644
--- a/neutron/manifests/agents/ml2/ovs.pp
+++ b/neutron/manifests/agents/ml2/ovs.pp
@@ -117,7 +117,8 @@ class neutron::agents::ml2::ovs (
@@ -31,8 +97,8 @@ index 709a87f..9a61dff 100644
}
- Neutron_plugin_ml2<||> ~> Service['neutron-ovs-agent-service']
-+ Package['neutron-ovs-agent'] -> Neutron_plugin_ovs<||>
-+ Neutron_plugin_ovs<||> ~> Service['neutron-ovs-agent-service']
++ Package['neutron-ovs-agent'] -> Neutron_agent_ovs<||>
++ Neutron_agent_ovs<||> ~> Service['neutron-ovs-agent-service']
if ($bridge_mappings != []) {
# bridge_mappings are used to describe external networks that are
@@ -41,7 +107,7 @@ index 709a87f..9a61dff 100644
# The OVS neutron plugin will talk in terms of the networks in the bridge_mappings
$br_map_str = join($bridge_mappings, ',')
- neutron_plugin_ml2 {
-+ neutron_plugin_ovs {
++ neutron_agent_ovs {
'ovs/bridge_mappings': value => $br_map_str;
}
neutron::plugins::ovs::bridge{ $bridge_mappings:
@@ -50,7 +116,7 @@ index 709a87f..9a61dff 100644
}
- neutron_plugin_ml2 {
-+ neutron_plugin_ovs {
++ neutron_agent_ovs {
'agent/polling_interval': value => $polling_interval;
'agent/l2_population': value => $l2_population;
'agent/arp_responder': value => $arp_responder;
@@ -63,10 +129,10 @@ index 709a87f..9a61dff 100644
- value => $firewall_driver
- }
+ if $firewall_driver {
-+ neutron_plugin_ovs { 'securitygroup/firewall_driver': value => $firewall_driver }
++ neutron_agent_ovs { 'securitygroup/firewall_driver': value => $firewall_driver }
} else {
- neutron_plugin_ml2 { 'securitygroup/firewall_driver': ensure => absent }
-+ neutron_plugin_ovs { 'securitygroup/firewall_driver': ensure => absent }
++ neutron_agent_ovs { 'securitygroup/firewall_driver': ensure => absent }
}
vs_bridge { $integration_bridge:
@@ -75,7 +141,7 @@ index 709a87f..9a61dff 100644
before => Service['neutron-ovs-agent-service'],
}
- neutron_plugin_ml2 {
-+ neutron_plugin_ovs {
++ neutron_agent_ovs {
'ovs/enable_tunneling': value => true;
'ovs/tunnel_bridge': value => $tunnel_bridge;
'ovs/local_ip': value => $local_ip;
@@ -83,20 +149,20 @@ index 709a87f..9a61dff 100644
if size($tunnel_types) > 0 {
- neutron_plugin_ml2 {
-+ neutron_plugin_ovs {
++ neutron_agent_ovs {
'agent/tunnel_types': value => join($tunnel_types, ',');
}
}
if 'vxlan' in $tunnel_types {
validate_vxlan_udp_port($vxlan_udp_port)
- neutron_plugin_ml2 {
-+ neutron_plugin_ovs {
++ neutron_agent_ovs {
'agent/vxlan_udp_port': value => $vxlan_udp_port;
}
}
} else {
- neutron_plugin_ml2 {
-+ neutron_plugin_ovs {
++ neutron_agent_ovs {
'ovs/enable_tunneling': value => false;
'ovs/tunnel_bridge': ensure => absent;
'ovs/local_ip': ensure => absent;
@@ -117,16 +183,18 @@ index 709a87f..9a61dff 100644
-
if ! defined(Package['neutron-ovs-agent']) {
package { 'neutron-ovs-agent':
- ensure => $package_ensure,
- name => $::neutron::params::ovs_server_package,
+- ensure => $package_ensure,
+- name => $::neutron::params::ovs_server_package,
- } ->
- # https://bugzilla.redhat.com/show_bug.cgi?id=1087647
- # Causes init script for agent to load the old ovs file
- # instead of the ml2 config file.
- file { '/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini':
- ensure => link,
-- target => '/etc/neutron/plugin.ini'
+- target => '/etc/neutron/plugins/ml2/ml2_conf.ini'
- } ~> Service<| title == 'neutron-ovs-agent-service' |>
++ ensure => $package_ensure,
++ name => $::neutron::params::ovs_server_package,
+ }
}
}
@@ -142,7 +210,7 @@ index 709a87f..9a61dff 100644
name => $::neutron::params::ovs_cleanup_service,
enable => $enabled,
diff --git a/neutron/spec/classes/neutron_agents_ml2_ovs_spec.rb b/neutron/spec/classes/neutron_agents_ml2_ovs_spec.rb
-index d9c9dc5..a133ffa 100644
+index 45aec8e..b7a1204 100644
--- a/neutron/spec/classes/neutron_agents_ml2_ovs_spec.rb
+++ b/neutron/spec/classes/neutron_agents_ml2_ovs_spec.rb
@@ -34,15 +34,15 @@ describe 'neutron::agents::ml2::ovs' do
@@ -154,18 +222,18 @@ index d9c9dc5..a133ffa 100644
- should contain_neutron_plugin_ml2('agent/arp_responder').with_value(p[:arp_responder])
- should contain_neutron_plugin_ml2('ovs/integration_bridge').with_value(p[:integration_bridge])
- should contain_neutron_plugin_ml2('securitygroup/firewall_driver').\
-+ should contain_neutron_plugin_ovs('agent/polling_interval').with_value(p[:polling_interval])
-+ should contain_neutron_plugin_ovs('agent/l2_population').with_value(p[:l2_population])
-+ should contain_neutron_plugin_ovs('agent/arp_responder').with_value(p[:arp_responder])
-+ should contain_neutron_plugin_ovs('ovs/integration_bridge').with_value(p[:integration_bridge])
-+ should contain_neutron_plugin_ovs('securitygroup/firewall_driver').\
++ should contain_neutron_agent_ovs('agent/polling_interval').with_value(p[:polling_interval])
++ should contain_neutron_agent_ovs('agent/l2_population').with_value(p[:l2_population])
++ should contain_neutron_agent_ovs('agent/arp_responder').with_value(p[:arp_responder])
++ should contain_neutron_agent_ovs('ovs/integration_bridge').with_value(p[:integration_bridge])
++ should contain_neutron_agent_ovs('securitygroup/firewall_driver').\
with_value(p[:firewall_driver])
- should contain_neutron_plugin_ml2('ovs/enable_tunneling').with_value(false)
- should contain_neutron_plugin_ml2('ovs/tunnel_bridge').with_ensure('absent')
- should contain_neutron_plugin_ml2('ovs/local_ip').with_ensure('absent')
-+ should contain_neutron_plugin_ovs('ovs/enable_tunneling').with_value(false)
-+ should contain_neutron_plugin_ovs('ovs/tunnel_bridge').with_ensure('absent')
-+ should contain_neutron_plugin_ovs('ovs/local_ip').with_ensure('absent')
++ should contain_neutron_agent_ovs('ovs/enable_tunneling').with_value(false)
++ should contain_neutron_agent_ovs('ovs/tunnel_bridge').with_ensure('absent')
++ should contain_neutron_agent_ovs('ovs/local_ip').with_ensure('absent')
end
it 'configures vs_bridge' do
@@ -174,7 +242,7 @@ index d9c9dc5..a133ffa 100644
:ensure => p[:package_ensure]
)
- should contain_package('neutron-ovs-agent').with_before(/Neutron_plugin_ml2\[.+\]/)
-+ should contain_package('neutron-ovs-agent').with_before(/Neutron_plugin_ovs\[.+\]/)
++ should contain_package('neutron-ovs-agent').with_before(/Neutron_agent_ovs\[.+\]/)
else
end
end
@@ -203,7 +271,7 @@ index d9c9dc5..a133ffa 100644
end
it 'should configure firewall driver' do
- should contain_neutron_plugin_ml2('securitygroup/firewall_driver').with_ensure('absent')
-+ should contain_neutron_plugin_ovs('securitygroup/firewall_driver').with_ensure('absent')
++ should contain_neutron_agent_ovs('securitygroup/firewall_driver').with_ensure('absent')
end
end
@@ -212,7 +280,7 @@ index d9c9dc5..a133ffa 100644
end
it 'should enable ARP responder' do
- should contain_neutron_plugin_ml2('agent/arp_responder').with_value(true)
-+ should contain_neutron_plugin_ovs('agent/arp_responder').with_value(true)
++ should contain_neutron_agent_ovs('agent/arp_responder').with_value(true)
end
end
@@ -221,7 +289,7 @@ index d9c9dc5..a133ffa 100644
end
it 'should enable DVR' do
- should contain_neutron_plugin_ml2('agent/enable_distributed_routing').with_value(true)
-+ should contain_neutron_plugin_ovs('agent/enable_distributed_routing').with_value(true)
++ should contain_neutron_agent_ovs('agent/enable_distributed_routing').with_value(true)
end
end
@@ -230,7 +298,7 @@ index d9c9dc5..a133ffa 100644
it 'configures bridge mappings' do
- should contain_neutron_plugin_ml2('ovs/bridge_mappings')
-+ should contain_neutron_plugin_ovs('ovs/bridge_mappings')
++ should contain_neutron_agent_ovs('ovs/bridge_mappings')
end
it 'should configure bridge mappings' do
@@ -241,9 +309,9 @@ index d9c9dc5..a133ffa 100644
- should contain_neutron_plugin_ml2('ovs/enable_tunneling').with_value(true)
- should contain_neutron_plugin_ml2('ovs/tunnel_bridge').with_value(default_params[:tunnel_bridge])
- should contain_neutron_plugin_ml2('ovs/local_ip').with_value('127.0.0.1')
-+ should contain_neutron_plugin_ovs('ovs/enable_tunneling').with_value(true)
-+ should contain_neutron_plugin_ovs('ovs/tunnel_bridge').with_value(default_params[:tunnel_bridge])
-+ should contain_neutron_plugin_ovs('ovs/local_ip').with_value('127.0.0.1')
++ should contain_neutron_agent_ovs('ovs/enable_tunneling').with_value(true)
++ should contain_neutron_agent_ovs('ovs/tunnel_bridge').with_value(default_params[:tunnel_bridge])
++ should contain_neutron_agent_ovs('ovs/local_ip').with_value('127.0.0.1')
should contain_vs_bridge(default_params[:tunnel_bridge]).with(
:ensure => 'present',
:before => 'Service[neutron-ovs-agent-service]'
@@ -253,29 +321,20 @@ index d9c9dc5..a133ffa 100644
it 'should perform vxlan network configuration' do
- should contain_neutron_plugin_ml2('agent/tunnel_types').with_value(params[:tunnel_types])
- should contain_neutron_plugin_ml2('agent/vxlan_udp_port').with_value(params[:vxlan_udp_port])
-+ should contain_neutron_plugin_ovs('agent/tunnel_types').with_value(params[:tunnel_types])
-+ should contain_neutron_plugin_ovs('agent/vxlan_udp_port').with_value(params[:vxlan_udp_port])
++ should contain_neutron_agent_ovs('agent/tunnel_types').with_value(params[:tunnel_types])
++ should contain_neutron_agent_ovs('agent/vxlan_udp_port').with_value(params[:vxlan_udp_port])
end
end
-@@ -201,21 +203,5 @@ describe 'neutron::agents::ml2::ovs' do
+@@ -210,12 +212,5 @@ describe 'neutron::agents::ml2::ovs' do
+ )
+ should contain_package('neutron-ovs-agent').with_before(/Service\[ovs-cleanup-service\]/)
end
-
- it_configures 'neutron plugin ovs agent with ml2 plugin'
--
-- it 'configures neutron ovs cleanup service' do
-- should contain_service('ovs-cleanup-service').with(
-- :name => platform_params[:ovs_cleanup_service],
-- :enable => true,
-- :ensure => 'running'
-- )
-- should contain_package('neutron-ovs-agent').with_before(/Service\[ovs-cleanup-service\]/)
-- end
-
- it 'links from ovs config to plugin config' do
- should contain_file('/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini').with(
- :ensure => 'link',
-- :target => '/etc/neutron/plugin.ini'
+- :target => '/etc/neutron/plugins/ml2/ml2_conf.ini'
- )
- end
end
diff --git a/0012-Create-resource-cache-upon-creation.patch b/0012-Create-resource-cache-upon-creation.patch
new file mode 100644
index 0000000..2ca0cd1
--- /dev/null
+++ b/0012-Create-resource-cache-upon-creation.patch
@@ -0,0 +1,218 @@
+From 876f486ea298f276e1363408a2b06f6c31e8250f Mon Sep 17 00:00:00 2001
+From: Colleen Murphy <colleen at puppetlabs.com>
+Date: Tue, 17 Feb 2015 00:17:40 -0800
+Subject: [PATCH] Create resource cache upon creation
+
+Currently, the keystone providers ignore the output of the create
+command even though it provides much-needed information. This is a
+problem because if during the course of the puppet run that
+information is needed again, it must make another API request for it.
+This is especially problematic with the neutron providers, which
+instead of looking up the information via the API, look it up in the
+catalog. Since a keystone resource does not specify its ID upon
+creation, it reports it as nil, causing the neutron providers to
+silently fail when they need the ID of a keystone resource.
+
+This patch corrects the problem by saving the output from the create
+command in the @instance variable so that it is known to that
+resource and can be retrieved by other resources.
+
+Alternative to https://review.openstack.org/#/c/154812/
+
+Change-Id: I2090f5f4a94a6ae21bf71ac0f1b33caaa602e0bc
+Closes-bug: 1421573
+(cherry picked from commit 9a32c026ae28b56ac29edc658832fe4691ebe44e)
+---
+ keystone/lib/puppet/provider/keystone_endpoint/openstack.rb | 2 +-
+ keystone/lib/puppet/provider/keystone_role/openstack.rb | 2 +-
+ keystone/lib/puppet/provider/keystone_service/openstack.rb | 2 +-
+ keystone/lib/puppet/provider/keystone_tenant/openstack.rb | 2 +-
+ keystone/lib/puppet/provider/keystone_user/openstack.rb | 2 +-
+ keystone/lib/puppet/provider/openstack.rb | 2 +-
+ .../spec/unit/provider/keystone_endpoint/openstack_spec.rb | 11 ++++++++++-
+ keystone/spec/unit/provider/keystone_role/openstack_spec.rb | 3 ++-
+ .../spec/unit/provider/keystone_service/openstack_spec.rb | 8 +++++++-
+ .../spec/unit/provider/keystone_tenant/openstack_spec.rb | 6 +++++-
+ keystone/spec/unit/provider/keystone_user/openstack_spec.rb | 12 ++++++++++--
+ 11 files changed, 40 insertions(+), 12 deletions(-)
+
+diff --git a/keystone/lib/puppet/provider/keystone_endpoint/openstack.rb b/keystone/lib/puppet/provider/keystone_endpoint/openstack.rb
+index fadb25f..4c1ad12 100644
+--- a/keystone/lib/puppet/provider/keystone_endpoint/openstack.rb
++++ b/keystone/lib/puppet/provider/keystone_endpoint/openstack.rb
+@@ -30,7 +30,7 @@ Puppet::Type.type(:keystone_endpoint).provide(
+ properties << '--adminurl'
+ properties << resource[:admin_url]
+ end
+- request('endpoint', 'create', name, resource[:auth], properties)
++ @instance = request('endpoint', 'create', name, resource[:auth], properties)
+ end
+
+ def exists?
+diff --git a/keystone/lib/puppet/provider/keystone_role/openstack.rb b/keystone/lib/puppet/provider/keystone_role/openstack.rb
+index 50a2cbb..106058a 100644
+--- a/keystone/lib/puppet/provider/keystone_role/openstack.rb
++++ b/keystone/lib/puppet/provider/keystone_role/openstack.rb
+@@ -9,7 +9,7 @@ Puppet::Type.type(:keystone_role).provide(
+
+ def create
+ properties = []
+- request('role', 'create', resource[:name], resource[:auth], properties)
++ @instance = request('role', 'create', resource[:name], resource[:auth], properties)
+ end
+
+ def exists?
+diff --git a/keystone/lib/puppet/provider/keystone_service/openstack.rb b/keystone/lib/puppet/provider/keystone_service/openstack.rb
+index e9bed96..92e002d 100644
+--- a/keystone/lib/puppet/provider/keystone_service/openstack.rb
++++ b/keystone/lib/puppet/provider/keystone_service/openstack.rb
+@@ -22,7 +22,7 @@ Puppet::Type.type(:keystone_service).provide(
+ properties << '--type'
+ properties << resource[:type]
+ end
+- request('service', 'create', resource[:name], resource[:auth], properties)
++ @instance = request('service', 'create', resource[:name], resource[:auth], properties)
+ end
+
+ def exists?
+diff --git a/keystone/lib/puppet/provider/keystone_tenant/openstack.rb b/keystone/lib/puppet/provider/keystone_tenant/openstack.rb
+index b0a6361..7e330f8 100644
+--- a/keystone/lib/puppet/provider/keystone_tenant/openstack.rb
++++ b/keystone/lib/puppet/provider/keystone_tenant/openstack.rb
+@@ -23,7 +23,7 @@ Puppet::Type.type(:keystone_tenant).provide(
+ properties << '--description'
+ properties << resource[:description]
+ end
+- request('project', 'create', resource[:name], resource[:auth], properties)
++ @instance = request('project', 'create', resource[:name], resource[:auth], properties)
+ end
+
+ def exists?
+diff --git a/keystone/lib/puppet/provider/keystone_user/openstack.rb b/keystone/lib/puppet/provider/keystone_user/openstack.rb
+index f91b3b0..1b5af76 100644
+--- a/keystone/lib/puppet/provider/keystone_user/openstack.rb
++++ b/keystone/lib/puppet/provider/keystone_user/openstack.rb
+@@ -32,7 +32,7 @@ Puppet::Type.type(:keystone_user).provide(
+ properties << '--email'
+ properties << resource[:email]
+ end
+- request('user', 'create', resource[:name], resource[:auth], properties)
++ @instance = request('user', 'create', resource[:name], resource[:auth], properties)
+ end
+
+ def exists?
+diff --git a/keystone/lib/puppet/provider/openstack.rb b/keystone/lib/puppet/provider/openstack.rb
+index d1cc3e0..7d960e7 100644
+--- a/keystone/lib/puppet/provider/openstack.rb
++++ b/keystone/lib/puppet/provider/openstack.rb
+@@ -62,7 +62,7 @@ class Puppet::Provider::Openstack < Puppet::Provider
+ end
+ hash
+ end
+- elsif(action == 'show')
++ elsif(action == 'show' || action == 'create')
+ rv = {}
+ # shell output is name="value"\nid="value2"\ndescription="value3" etc.
+ openstack(service, action, '--format', 'shell', args).split("\n").each do |line|
+diff --git a/keystone/spec/unit/provider/keystone_endpoint/openstack_spec.rb b/keystone/spec/unit/provider/keystone_endpoint/openstack_spec.rb
+index 7113458..a0ac752 100644
+--- a/keystone/spec/unit/provider/keystone_endpoint/openstack_spec.rb
++++ b/keystone/spec/unit/provider/keystone_endpoint/openstack_spec.rb
+@@ -40,7 +40,16 @@ describe provider_class do
+ "1cb05cfed7c24279be884ba4f6520262","foo","bar","","http://127.0.0.1:5000/v2.0","http://127.0.0.1:5001/v2.0","http://127.0.0.1:5002/v2.0"
+ ')
+ provider.class.stubs(:openstack)
+- .with('endpoint', 'create', [['bar', '--region', 'foo', '--publicurl', 'http://127.0.0.1:5000/v2.0', '--internalurl', 'http://127.0.0.1:5001/v2.0', '--adminurl', 'http://127.0.0.1:5002/v2.0', '--os-username', 'test', '--os-password', 'abc123', '--os-tenant-name', 'foo', '--os-auth-url', 'http://127.0.0.1:5000/v2.0']])
++ .with('endpoint', 'create', '--format', 'shell', [['bar', '--region', 'foo', '--publicurl', 'http://127.0.0.1:5000/v2.0', '--internalurl', 'http://127.0.0.1:5001/v2.0', '--adminurl', 'http://127.0.0.1:5002/v2.0', '--os-username', 'test', '--os-password', 'abc123', '--os-tenant-name', 'foo', '--os-auth-url', 'http://127.0.0.1:5000/v2.0']])
++ .returns('adminurl="http://127.0.0.1:5002/v2.0"
++id="3a5c4378981e4112a0d44902a43e16ef"
++internalurl="http://127.0.0.1:5001/v2.0"
++publicurl="http://127.0.0.1:5000/v2.0"
++region="foo"
++service_id="8137d72980fd462192f276585a002426"
++service_name="bar"
++service_type="test"
++')
+ provider.create
+ expect(provider.exists?).to be_truthy
+ end
+diff --git a/keystone/spec/unit/provider/keystone_role/openstack_spec.rb b/keystone/spec/unit/provider/keystone_role/openstack_spec.rb
+index effbabe..179574f 100644
+--- a/keystone/spec/unit/provider/keystone_role/openstack_spec.rb
++++ b/keystone/spec/unit/provider/keystone_role/openstack_spec.rb
+@@ -37,7 +37,8 @@ describe provider_class do
+ "1cb05cfed7c24279be884ba4f6520262","foo"
+ ')
+ provider.class.stubs(:openstack)
+- .with('role', 'create', [['foo', '--os-username', 'test', '--os-password', 'abc123', '--os-tenant-name', 'foo', '--os-auth-url', 'http://127.0.0.1:5000/v2.0']])
++ .with('role', 'create', '--format', 'shell', [['foo', '--os-username', 'test', '--os-password', 'abc123', '--os-tenant-name', 'foo', '--os-auth-url', 'http://127.0.0.1:5000/v2.0']])
++ .returns('name="foo"')
+ provider.create
+ expect(provider.exists?).to be_truthy
+ end
+diff --git a/keystone/spec/unit/provider/keystone_service/openstack_spec.rb b/keystone/spec/unit/provider/keystone_service/openstack_spec.rb
+index d7110d2..5b9814f 100644
+--- a/keystone/spec/unit/provider/keystone_service/openstack_spec.rb
++++ b/keystone/spec/unit/provider/keystone_service/openstack_spec.rb
+@@ -39,7 +39,13 @@ describe provider_class do
+ "1cb05cfed7c24279be884ba4f6520262","foo","foo","foo"
+ ')
+ provider.class.stubs(:openstack)
+- .with('service', 'create', [['foo', '--description', 'foo', '--type', 'foo', '--os-username', 'test', '--os-password', 'abc123', '--os-tenant-name', 'foo', '--os-auth-url', 'http://127.0.0.1:5000/v2.0']])
++ .with('service', 'create', '--format', 'shell', [['foo', '--description', 'foo', '--type', 'foo', '--os-username', 'test', '--os-password', 'abc123', '--os-tenant-name', 'foo', '--os-auth-url', 'http://127.0.0.1:5000/v2.0']])
++ .returns('description="foo"
++enabled="True"
++id="8f0dd4c0abc44240998fbb3f5089ecbf"
++name="foo"
++type="foo"
++')
+ provider.create
+ expect(provider.exists?).to be_truthy
+ end
+diff --git a/keystone/spec/unit/provider/keystone_tenant/openstack_spec.rb b/keystone/spec/unit/provider/keystone_tenant/openstack_spec.rb
+index e65b970..11861fc 100644
+--- a/keystone/spec/unit/provider/keystone_tenant/openstack_spec.rb
++++ b/keystone/spec/unit/provider/keystone_tenant/openstack_spec.rb
+@@ -39,7 +39,11 @@ describe provider_class do
+ "1cb05cfed7c24279be884ba4f6520262","foo","foo",True
+ ')
+ provider.class.stubs(:openstack)
+- .with('project', 'create', [['foo', '--enable', '--description', 'foo', '--os-username', 'test', '--os-password', 'abc123', '--os-tenant-name', 'foo', '--os-auth-url', 'http://127.0.0.1:5000/v2.0']])
++ .with('project', 'create', '--format', 'shell', [['foo', '--enable', '--description', 'foo', '--os-username', 'test', '--os-password', 'abc123', '--os-tenant-name', 'foo', '--os-auth-url', 'http://127.0.0.1:5000/v2.0']])
++ .returns('description="foo"
++enabled="True"
++name="foo"
++')
+ provider.create
+ expect(provider.exists?).to be_truthy
+ end
+diff --git a/keystone/spec/unit/provider/keystone_user/openstack_spec.rb b/keystone/spec/unit/provider/keystone_user/openstack_spec.rb
+index c7f832b..447187c 100644
+--- a/keystone/spec/unit/provider/keystone_user/openstack_spec.rb
++++ b/keystone/spec/unit/provider/keystone_user/openstack_spec.rb
+@@ -41,7 +41,14 @@ describe provider_class do
+ "1cb05cfed7c24279be884ba4f6520262","foo","foo","foo at example.com",True
+ ')
+ provider.class.stubs(:openstack)
+- .with('user', 'create', [['foo', '--enable', '--password', 'foo', '--project', 'foo', '--email', 'foo at example.com', '--os-username', 'test', '--os-password', 'abc123', '--os-tenant-name', 'foo', '--os-auth-url', 'http://127.0.0.1:5000/v2.0']])
++ .with('user', 'create', '--format', 'shell', [['foo', '--enable', '--password', 'foo', '--project', 'foo', '--email', 'foo at example.com', '--os-username', 'test', '--os-password', 'abc123', '--os-tenant-name', 'foo', '--os-auth-url', 'http://127.0.0.1:5000/v2.0']])
++ .returns('email="foo at example.com"
++enabled="True"
++id="12b23f07d4a3448d8189521ab09610b0"
++name="foo"
++project_id="5e2001b2248540f191ff22627dc0c2d7"
++username="foo"
++')
+ provider.create
+ expect(provider.exists?).to be_truthy
+ end
+@@ -162,7 +169,8 @@ describe provider_class do
+ .with('role', 'show', '--format', 'shell', [['_member_', '--os-username', 'test', '--os-password', 'abc123', '--os-tenant-name', 'foo', '--os-auth-url', 'http://127.0.0.1:5000/v2.0']])
+ .raises(Puppet::ExecutionFailure, 'no such role _member_')
+ provider.class.expects(:openstack)
+- .with('role', 'create', [['_member_', '--os-username', 'test', '--os-password', 'abc123', '--os-tenant-name', 'foo', '--os-auth-url', 'http://127.0.0.1:5000/v2.0']])
++ .with('role', 'create', '--format', 'shell', [['_member_', '--os-username', 'test', '--os-password', 'abc123', '--os-tenant-name', 'foo', '--os-auth-url', 'http://127.0.0.1:5000/v2.0']])
++ .returns('name="_member_"')
+ provider.class.expects(:openstack)
+ .with('role', 'add', [['_member_', '--project', 'bar', '--user', 'foo', '--os-username', 'test', '--os-password', 'abc123', '--os-tenant-name', 'foo', '--os-auth-url', 'http://127.0.0.1:5000/v2.0']])
+ provider.tenant=('bar')
diff --git a/0013-Fix-rabbitmq-support.patch b/0013-Fix-rabbitmq-support.patch
new file mode 100644
index 0000000..0c49d6e
--- /dev/null
+++ b/0013-Fix-rabbitmq-support.patch
@@ -0,0 +1,308 @@
+From 61053e81f63b4dc7ca6da5679a5ebd481626e8f5 Mon Sep 17 00:00:00 2001
+From: Lukas Bezdicka <lbezdick at redhat.com>
+Date: Mon, 23 Feb 2015 15:00:31 +0100
+Subject: [PATCH] Fix rabbitmq support
+
+Ironic was missing SSL and amqp_durable_queues for
+rabbitmq.
+
+Change-Id: Iadc7ac8481d52d7764345d50b5d3ffd9bc31999f
+---
+ ironic/manifests/init.pp | 112 ++++++++++++++++++++++++++++----
+ ironic/spec/classes/ironic_init_spec.rb | 84 ++++++++++++++++++++++--
+ 2 files changed, 179 insertions(+), 17 deletions(-)
+
+diff --git a/ironic/manifests/init.pp b/ironic/manifests/init.pp
+index 90cbe22..2df9f81 100644
+--- a/ironic/manifests/init.pp
++++ b/ironic/manifests/init.pp
+@@ -44,15 +44,62 @@
+ # [*control_exchange*]
+ # (optional) What RPC queue/exchange to use
+ # Defaults to openstack
+-
++#
+ # [*rpc_backend*]
+ # (optional) what rpc/queuing service to use
+ # Defaults to impl_kombu (rabbitmq)
+ #
+-# [*rabbit_password*]
+ # [*rabbit_host*]
++# (Optional) IP or hostname of the rabbit server.
++# Defaults to 'localhost'
++#
+ # [*rabbit_port*]
+-# [*rabbit_user*]
++# (Optional) Port of the rabbit server.
++# Defaults to 5672.
++#
++# [*rabbit_hosts*]
++# (Optional) Array of host:port (used with HA queues).
++# If defined, will remove rabbit_host & rabbit_port parameters from config
++# Defaults to undef.
++#
++# [*rabbit_userid*]
++# (Optional) User to connect to the rabbit server.
++# Defaults to 'guest'
++#
++# [*rabbit_password*]
++# (Optional) Password to connect to the rabbit_server.
++# Defaults to empty.
++#
++# [*rabbit_virtual_host*]
++# (Optional) Virtual_host to use.
++# Defaults to '/'
++#
++# [*rabbit_use_ssl*]
++# (optional) Connect over SSL for RabbitMQ
++# Defaults to false
++#
++# [*kombu_ssl_ca_certs*]
++# (optional) SSL certification authority file (valid only if SSL enabled).
++# Defaults to undef
++#
++# [*kombu_ssl_certfile*]
++# (optional) SSL cert file (valid only if SSL enabled).
++# Defaults to undef
++#
++# [*kombu_ssl_keyfile*]
++# (optional) SSL key file (valid only if SSL enabled).
++# Defaults to undef
++#
++# [*kombu_ssl_version*]
++# (optional) SSL version to use (valid only if SSL enabled).
++# Valid values are TLSv1, SSLv23 and SSLv3. SSLv2 may be
++# available on some distributions.
++# Defaults to 'TLSv1'
++#
++# [*amqp_durable_queues*]
++# Use durable queues in amqp.
++# (Optional) Defaults to false.
++#
+ # [*rabbit_virtual_host*]
+ # (optional) Various rabbitmq settings
+ #
+@@ -123,12 +170,20 @@ class ironic (
+ $auth_strategy = 'keystone',
+ $control_exchange = 'openstack',
+ $rpc_backend = 'ironic.openstack.common.rpc.impl_kombu',
+- $rabbit_password = false,
++ $rabbit_hosts = false,
++ $rabbit_virtual_host = '/',
+ $rabbit_host = 'localhost',
++ $rabbit_port = 5672,
+ $rabbit_hosts = false,
+- $rabbit_port = '5672',
+- $rabbit_user = 'guest',
+ $rabbit_virtual_host = '/',
++ $rabbit_userid = 'guest',
++ $rabbit_password = false,
++ $rabbit_use_ssl = false,
++ $kombu_ssl_ca_certs = undef,
++ $kombu_ssl_certfile = undef,
++ $kombu_ssl_keyfile = undef,
++ $kombu_ssl_version = 'TLSv1',
++ $amqp_durable_queues = false,
+ $qpid_hostname = 'localhost',
+ $qpid_port = '5672',
+ $qpid_username = 'guest',
+@@ -219,7 +274,6 @@ class ironic (
+ 'DEFAULT/verbose': value => $verbose;
+ 'DEFAULT/debug': value => $debug;
+ 'DEFAULT/auth_strategy': value => $auth_strategy;
+- 'DEFAULT/control_exchange': value => $control_exchange;
+ 'DEFAULT/rpc_backend': value => $rpc_backend;
+ 'database/connection': value => $database_connection, secret => true;
+ 'database/idle_timeout': value => $database_idle_timeout;
+@@ -240,12 +294,25 @@ class ironic (
+ }
+
+ if $rpc_backend == 'ironic.openstack.common.rpc.impl_kombu' {
++
+ if ! $rabbit_password {
+ fail('When rpc_backend is rabbitmq, you must set rabbit password')
+ }
++
++ ironic_config {
++ 'DEFAULT/rabbit_userid': value => $rabbit_userid;
++ 'DEFAULT/rabbit_password': value => $rabbit_password, secret => true;
++ 'DEFAULT/rabbit_virtual_host': value => $rabbit_virtual_host;
++ 'DEFAULT/rabbit_use_ssl': value => $rabbit_use_ssl;
++ 'DEFAULT/control_exchange': value => $control_exchange;
++ 'DEFAULT/amqp_durable_queues': value => $amqp_durable_queues;
++ }
++
+ if $rabbit_hosts {
+ ironic_config { 'DEFAULT/rabbit_hosts': value => join($rabbit_hosts, ',') }
+ ironic_config { 'DEFAULT/rabbit_ha_queues': value => true }
++ ironic_config { 'DEFAULT/rabbit_host': ensure => absent }
++ ironic_config { 'DEFAULT/rabbit_port': ensure => absent }
+ } else {
+ ironic_config { 'DEFAULT/rabbit_host': value => $rabbit_host }
+ ironic_config { 'DEFAULT/rabbit_port': value => $rabbit_port }
+@@ -253,10 +320,33 @@ class ironic (
+ ironic_config { 'DEFAULT/rabbit_ha_queues': value => false }
+ }
+
+- ironic_config {
+- 'DEFAULT/rabbit_userid': value => $rabbit_user;
+- 'DEFAULT/rabbit_password': value => $rabbit_password, secret => true;
+- 'DEFAULT/rabbit_virtual_host': value => $rabbit_virtual_host;
++ if $rabbit_use_ssl {
++ ironic_config { 'DEFAULT/kombu_ssl_version': value => $kombu_ssl_version }
++
++ if $kombu_ssl_ca_certs {
++ ironic_config { 'DEFAULT/kombu_ssl_ca_certs': value => $kombu_ssl_ca_certs }
++ } else {
++ ironic_config { 'DEFAULT/kombu_ssl_ca_certs': ensure => absent}
++ }
++
++ if $kombu_ssl_certfile {
++ ironic_config { 'DEFAULT/kombu_ssl_certfile': value => $kombu_ssl_certfile }
++ } else {
++ ironic_config { 'DEFAULT/kombu_ssl_certfile': ensure => absent}
++ }
++
++ if $kombu_ssl_keyfile {
++ ironic_config { 'DEFAULT/kombu_ssl_keyfile': value => $kombu_ssl_keyfile }
++ } else {
++ ironic_config { 'DEFAULT/kombu_ssl_keyfile': ensure => absent}
++ }
++ } else {
++ ironic_config {
++ 'DEFAULT/kombu_ssl_ca_certs': ensure => absent;
++ 'DEFAULT/kombu_ssl_certfile': ensure => absent;
++ 'DEFAULT/kombu_ssl_keyfile': ensure => absent;
++ 'DEFAULT/kombu_ssl_version': ensure => absent;
++ }
+ }
+ }
+
+diff --git a/ironic/spec/classes/ironic_init_spec.rb b/ironic/spec/classes/ironic_init_spec.rb
+index 5c2f6ee..4aeea8f 100644
+--- a/ironic/spec/classes/ironic_init_spec.rb
++++ b/ironic/spec/classes/ironic_init_spec.rb
+@@ -29,7 +29,7 @@ describe 'ironic' do
+ :rabbit_host => '127.0.0.1',
+ :rabbit_port => 5672,
+ :rabbit_hosts => false,
+- :rabbit_user => 'guest',
++ :rabbit_userid => 'guest',
+ :rabbit_password => 'guest',
+ :rabbit_virtual_host => '/',
+ :database_connection => 'sqlite:////var/lib/ironic/ironic.sqlite',
+@@ -46,6 +46,9 @@ describe 'ironic' do
+
+ context 'and if rabbit_host parameter is provided' do
+ it_configures 'a ironic base installation'
++ it_configures 'with SSL disabled'
++ it_configures 'with SSL enabled without kombu'
++ it_configures 'with SSL enabled with kombu'
+ end
+
+ context 'and if rabbit_hosts parameter is provided' do
+@@ -123,7 +126,7 @@ describe 'ironic' do
+ end
+
+ it 'configures credentials for rabbit' do
+- should contain_ironic_config('DEFAULT/rabbit_userid').with_value( params[:rabbit_user] )
++ should contain_ironic_config('DEFAULT/rabbit_userid').with_value( params[:rabbit_userid] )
+ should contain_ironic_config('DEFAULT/rabbit_password').with_value( params[:rabbit_password] )
+ should contain_ironic_config('DEFAULT/rabbit_virtual_host').with_value( params[:rabbit_virtual_host] )
+ should contain_ironic_config('DEFAULT/rabbit_password').with_secret( true )
+@@ -150,8 +153,8 @@ describe 'ironic' do
+
+ shared_examples_for 'rabbit HA with a single virtual host' do
+ it 'in ironic.conf' do
+- should_not contain_ironic_config('DEFAULT/rabbit_host')
+- should_not contain_ironic_config('DEFAULT/rabbit_port')
++ should contain_ironic_config('DEFAULT/rabbit_host').with_ensure('absent')
++ should contain_ironic_config('DEFAULT/rabbit_port').with_ensure('absent')
+ should contain_ironic_config('DEFAULT/rabbit_hosts').with_value( params[:rabbit_hosts] )
+ should contain_ironic_config('DEFAULT/rabbit_ha_queues').with_value(true)
+ end
+@@ -159,13 +162,82 @@ describe 'ironic' do
+
+ shared_examples_for 'rabbit HA with multiple hosts' do
+ it 'in ironic.conf' do
+- should_not contain_ironic_config('DEFAULT/rabbit_host')
+- should_not contain_ironic_config('DEFAULT/rabbit_port')
++ should contain_ironic_config('DEFAULT/rabbit_host').with_ensure('absent')
++ should contain_ironic_config('DEFAULT/rabbit_port').with_ensure('absent')
+ should contain_ironic_config('DEFAULT/rabbit_hosts').with_value( params[:rabbit_hosts].join(',') )
+ should contain_ironic_config('DEFAULT/rabbit_ha_queues').with_value(true)
+ end
+ end
+
++ shared_examples_for 'with SSL enabled with kombu' do
++ before do
++ params.merge!(
++ :rabbit_use_ssl => true,
++ :kombu_ssl_ca_certs => '/path/to/ssl/ca/certs',
++ :kombu_ssl_certfile => '/path/to/ssl/cert/file',
++ :kombu_ssl_keyfile => '/path/to/ssl/keyfile',
++ :kombu_ssl_version => 'TLSv1'
++ )
++ end
++
++ it do
++ should contain_ironic_config('DEFAULT/rabbit_use_ssl').with_value('true')
++ should contain_ironic_config('DEFAULT/kombu_ssl_ca_certs').with_value('/path/to/ssl/ca/certs')
++ should contain_ironic_config('DEFAULT/kombu_ssl_certfile').with_value('/path/to/ssl/cert/file')
++ should contain_ironic_config('DEFAULT/kombu_ssl_keyfile').with_value('/path/to/ssl/keyfile')
++ should contain_ironic_config('DEFAULT/kombu_ssl_version').with_value('TLSv1')
++ end
++ end
++
++ shared_examples_for 'with SSL enabled without kombu' do
++ before do
++ params.merge!(
++ :rabbit_use_ssl => true,
++ )
++ end
++
++ it do
++ should contain_ironic_config('DEFAULT/rabbit_use_ssl').with_value('true')
++ should contain_ironic_config('DEFAULT/kombu_ssl_ca_certs').with_ensure('absent')
++ should contain_ironic_config('DEFAULT/kombu_ssl_certfile').with_ensure('absent')
++ should contain_ironic_config('DEFAULT/kombu_ssl_keyfile').with_ensure('absent')
++ should contain_ironic_config('DEFAULT/kombu_ssl_version').with_value('TLSv1')
++ end
++ end
++
++ shared_examples_for 'with SSL disabled' do
++ before do
++ params.merge!(
++ :rabbit_use_ssl => false,
++ :kombu_ssl_ca_certs => 'undef',
++ :kombu_ssl_certfile => 'undef',
++ :kombu_ssl_keyfile => 'undef',
++ :kombu_ssl_version => 'TLSv1'
++ )
++ end
++
++ it do
++ should contain_ironic_config('DEFAULT/rabbit_use_ssl').with_value('false')
++ should contain_ironic_config('DEFAULT/kombu_ssl_ca_certs').with_ensure('absent')
++ should contain_ironic_config('DEFAULT/kombu_ssl_certfile').with_ensure('absent')
++ should contain_ironic_config('DEFAULT/kombu_ssl_keyfile').with_ensure('absent')
++ should contain_ironic_config('DEFAULT/kombu_ssl_version').with_ensure('absent')
++ end
++ end
++
++
++ shared_examples_for 'with amqp_durable_queues disabled' do
++ it { should contain_ironic_config('DEFAULT/amqp_durable_queues').with_value(false) }
++ end
++
++ shared_examples_for 'with amqp_durable_queues enabled' do
++ before do
++ params.merge( :amqp_durable_queues => true )
++ end
++
++ it { should contain_ironic_config('DEFAULT/amqp_durable_queues').with_value(true) }
++ end
++
+ shared_examples_for 'with syslog disabled' do
+ it { should contain_ironic_config('DEFAULT/use_syslog').with_value(false) }
+ end
diff --git a/0014-Switch-to-TLSv1-as-SSLv3-is-considered-insecure-and-.patch b/0014-Switch-to-TLSv1-as-SSLv3-is-considered-insecure-and-.patch
new file mode 100644
index 0000000..4cfa70f
--- /dev/null
+++ b/0014-Switch-to-TLSv1-as-SSLv3-is-considered-insecure-and-.patch
@@ -0,0 +1,64 @@
+From 8ea9dc52eb3429d9110cb8eed192f372e61f7443 Mon Sep 17 00:00:00 2001
+From: Lukas Bezdicka <lbezdick at redhat.com>
+Date: Fri, 2 Jan 2015 22:49:10 +0100
+Subject: [PATCH] Switch to TLSv1 as SSLv3 is considered insecure and is
+ disabled by default
+
+Rabbitmq won't talk to us anymore if we try to use SSLv3 as it disabled
+support for SSLv3. Openstack components use python's openssl
+implementation which does not support TLSv1.1 and TLSv1.2 yet so we
+just switch to TLSv1. Support for newer TLS should come with python
+2.7.9+
+
+Closes-Bug: #1409667
+Change-Id: Ifa6b377ef2c6f25ad11c1f4809a770a031534962
+(cherry picked from commit 39006b77e2957aef818f2adaffe0392773ee99e2)
+---
+ nova/manifests/init.pp | 4 ++--
+ nova/spec/classes/nova_init_spec.rb | 4 ++--
+ 2 files changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/nova/manifests/init.pp b/nova/manifests/init.pp
+index 6cbf4c7..40c8c79 100644
+--- a/nova/manifests/init.pp
++++ b/nova/manifests/init.pp
+@@ -91,7 +91,7 @@
+ # (optional) SSL version to use (valid only if SSL enabled).
+ # Valid values are TLSv1, SSLv23 and SSLv3. SSLv2 may be
+ # available on some distributions.
+-# Defaults to 'SSLv3'
++# Defaults to 'TLSv1'
+ #
+ # [*amqp_durable_queues*]
+ # (optional) Define queues as "durable" to rabbitmq.
+@@ -286,7 +286,7 @@ class nova(
+ $kombu_ssl_ca_certs = undef,
+ $kombu_ssl_certfile = undef,
+ $kombu_ssl_keyfile = undef,
+- $kombu_ssl_version = 'SSLv3',
++ $kombu_ssl_version = 'TLSv1',
+ $amqp_durable_queues = false,
+ $qpid_hostname = 'localhost',
+ $qpid_port = '5672',
+diff --git a/nova/spec/classes/nova_init_spec.rb b/nova/spec/classes/nova_init_spec.rb
+index 05f345f..ce69ed5 100644
+--- a/nova/spec/classes/nova_init_spec.rb
++++ b/nova/spec/classes/nova_init_spec.rb
+@@ -351,7 +351,7 @@ describe 'nova' do
+ should contain_nova_config('DEFAULT/kombu_ssl_ca_certs').with_ensure('absent')
+ should contain_nova_config('DEFAULT/kombu_ssl_certfile').with_ensure('absent')
+ should contain_nova_config('DEFAULT/kombu_ssl_keyfile').with_ensure('absent')
+- should contain_nova_config('DEFAULT/kombu_ssl_version').with_value('SSLv3')
++ should contain_nova_config('DEFAULT/kombu_ssl_version').with_value('TLSv1')
+ end
+ end
+
+@@ -360,7 +360,7 @@ describe 'nova' do
+ {
+ :rabbit_password => 'pass',
+ :rabbit_use_ssl => false,
+- :kombu_ssl_version => 'SSLv3',
++ :kombu_ssl_version => 'TLSv1',
+ }
+ end
+
diff --git a/openstack-puppet-modules.spec b/openstack-puppet-modules.spec
index 5b6b842..fdbc7ed 100644
--- a/openstack-puppet-modules.spec
+++ b/openstack-puppet-modules.spec
@@ -1,6 +1,6 @@
Name: openstack-puppet-modules
-Version: 2014.2.10
+Version: 2014.2.11
Release: 1%{?dist}
Summary: Collection of Puppet modules for OpenStack deployment
License: ASL 2.0 and GPLv2 and GPLv3
@@ -13,19 +13,16 @@ Patch0001: 0001-horizon-Change-default-documentation-URL.patch
Patch0002: 0002-rabbitmq-Don-t-manage-RabbitMQ-repos.patch
Patch0003: 0003-openstack-Set-default-charset-to-utf8.patch
Patch0004: 0004-keystone-Add-manage_service-feature.patch
-Patch0005: 0005-Configure-OVS-mechanism-agent-configs-in-its-config-.patch
-Patch0006: 0006-Add-manage_service-feature.patch
-Patch0007: 0007-Fix-against-mongodb-2.6.5-from-epel.patch
-Patch0008: 0008-Fix-support-for-Fedora-Rawhide.patch
-Patch0009: 0009-Adds-filtering-for-BONDING-LACP.patch
-Patch0010: 0010-JSON-was-invalid.patch
-Patch0011: 0011-Configure-auth-via-conf-file-not-paste-file.patch
-Patch0012: 0012-Set-control_exchange-in-the-main-config-file.patch
-Patch0013: 0013-Support-Neutron.patch
-Patch0014: 0014-Makes-kombu_ssl_-parameters-optional-when-rabbit_use.patch
-Patch0015: 0015-Switch-to-TLSv1-as-SSLv3-is-considered-insecure-and-.patch
-Patch0016: 0016-Add-Ironic-support-into-nova-puppet-modules.patch
-Patch0017: 0017-Fix-prefetch-refresh-for-providers.patch
+Patch0005: 0005-Add-manage_service-feature.patch
+Patch0006: 0006-Fix-against-mongodb-2.6.5-from-epel.patch
+Patch0007: 0007-Fix-support-for-Fedora-Rawhide.patch
+Patch0008: 0008-Adds-filtering-for-BONDING-LACP.patch
+Patch0009: 0009-JSON-was-invalid.patch
+Patch0010: 0010-Set-control_exchange-in-the-main-config-file.patch
+Patch0011: 0011-Configure-OVS-mechanism-agent-configs-in-its-config-.patch
+Patch0012: 0012-Create-resource-cache-upon-creation.patch
+Patch0013: 0013-Fix-rabbitmq-support.patch
+Patch0014: 0014-Switch-to-TLSv1-as-SSLv3-is-considered-insecure-and-.patch
BuildArch: noarch
Requires: rubygem-json
@@ -52,9 +49,6 @@ OpenStack via installers using Puppet configuration tool.
%patch0012 -p1
%patch0013 -p1
%patch0014 -p1
-%patch0015 -p1
-%patch0016 -p1
-%patch0017 -p1
find %{_builddir}/%{name}-%{version}/ -type f -name ".*" -exec rm {} +
find %{_builddir}/%{name}-%{version}/ -size 0 -exec rm {} +
@@ -128,6 +122,17 @@ rm -f %{buildroot}/%{_datadir}/openstack-puppet/modules/nova/files/nova-novncpro
%changelog
+* Fri Mar 06 2015 Lukas Bezdicka <lbezdick at redhat.com> 2014.2.11-1
+- Update to upstream 2014.2.11
+- cinder 00efa65680314e9364d6aaa559ebada7015dfb7f
+- glance f71bab5b7ddac3e1fde4823e67ad4cb21512e0d5
+- horizon 46f74e5576ccd4044328c619702721df012a0521
+- keystone 3bb6ec1281d831b743e3c18587d75227fb96dc19
+- neutron 1e5e1b902964013f7c5c2e7107dcd81ed26db1e5
+- nova 482ca09469f97de8cfbb3fd4f4e08505dfdc8911
+- sahara 6781e080362fa03a7bde0feaa52e2fc0d10b4c8b
+- trove c6d7addb151d572b5146d59898179434d1c2ba73
+
* Wed Feb 11 2015 Lukas Bezdicka <lbezdick at redhat.com> 2014.2.10-1
- Update to upstream 2014.2.10
diff --git a/sources b/sources
index 35d2304..5e290dc 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-986630899afee072685a919cce836ab3 2014.2.10.tar.gz
+6f7b96da20e82f98468efacc961b7a44 2014.2.11.tar.gz
More information about the scm-commits
mailing list