-# == Class: neutron
-#
-# Installs the neutron package and configures
-# /etc/neutron/neutron.conf
-#
-# === Parameters:
-#
-# [*enabled*]
-# (required) Whether or not to enable the neutron service
-# true/false
-#
-# [*package_ensure*]
-# (optional) The state of the package
-# Defaults to 'present'
-#
-# [*verbose*]
-# (optional) Verbose logging
-# Defaults to False
-#
-# [*debug*]
-# (optional) Print debug messages in the logs
-# Defaults to False
-#
-# [*bind_host*]
-# (optional) The IP/interface to bind to
-# Defaults to 0.0.0.0 (all interfaces)
-#
-# [*bind_port*]
-# (optional) The port to use
-# Defaults to 9696
-#
-# [*core_plugin*]
-# (optional) Neutron plugin provider
-# Defaults to openvswitch
-# Could be bigswitch, brocade, cisco, embrane, hyperv, linuxbridge, midonet, ml2, mlnx, nec, nicira, plumgrid, ryu
-#
-# [*service_plugins*]
-# (optional) Advanced service modules.
-# Could be an array that can have these elements:
-# router, firewall, lbaas, vpnaas, metering
-# Defaults to empty
-#
-# [*auth_strategy*]
-# (optional) How to authenticate
-# Defaults to 'keystone'. 'noauth' is the only other valid option
-#
-# [*base_mac*]
-# (optional) The MAC address pattern to use.
-# Defaults to fa:16:3e:00:00:00
-#
-# [*mac_generation_retries*]
-# (optional) How many times to try to generate a unique mac
-# Defaults to 16
-#
-# [*dhcp_lease_duration*]
-# (optional) DHCP lease
-# Defaults to 86400 seconds
-#
-# [*dhcp_agents_per_network*]
-# (optional) Number of DHCP agents scheduled to host a network.
-# This enables redundant DHCP agents for configured networks.
-# Defaults to 1
-#
-# [*network_device_mtu*]
-# (optional) The MTU size for the interfaces managed by neutron
-# Defaults to undef
-#
-# [*dhcp_agent_notification*]
-# (optional) Allow sending resource operation notification to DHCP agent.
-# Defaults to true
-#
-# [*allow_bulk*]
-# (optional) Enable bulk crud operations
-# Defaults to true
-#
-# [*allow_pagination*]
-# (optional) Enable pagination
-# Defaults to false
-#
-# [*allow_sorting*]
-# (optional) Enable sorting
-# Defaults to false
-#
-# [*allow_overlapping_ips*]
-# (optional) Enables network namespaces
-# Defaults to false
-#
-# [*api_extensions_path*]
-# (optional) Specify additional paths for API extensions that the
-# module in use needs to load.
-# Defaults to undef
-#
-# [*report_interval*]
-# (optional) Seconds between nodes reporting state to server; should be less than
-# agent_down_time, best if it is half or less than agent_down_time.
-# agent_down_time is a config for neutron-server, set by class neutron::server
-# report_interval is a config for neutron agents, set by class neutron
-# Defaults to: 30
-#
-# [*control_exchange*]
-# (optional) What RPC queue/exchange to use
-# Defaults to neutron
-
-# [*rpc_backend*]
-# (optional) what rpc/queuing service to use
-# Defaults to impl_kombu (rabbitmq)
-#
-# [*rabbit_password*]
-# [*rabbit_host*]
-# [*rabbit_port*]
-# [*rabbit_user*]
-# (optional) Various rabbitmq settings
-#
-# [*rabbit_hosts*]
-# (optional) array of rabbitmq servers for HA.
-# A single IP address, such as a VIP, can be used for load-balancing
-# multiple RabbitMQ Brokers.
-# Defaults to false
-#
-# [*rabbit_use_ssl*]
-# (optional) Connect over SSL for RabbitMQ
-# Defaults to false
-#
-# [*kombu_ssl_ca_certs*]
-# (optional) SSL certification authority file (valid only if SSL enabled).
-# Defaults to undef
-#
-# [*kombu_ssl_certfile*]
-# (optional) SSL cert file (valid only if SSL enabled).
-# Defaults to undef
-#
-# [*kombu_ssl_keyfile*]
-# (optional) SSL key file (valid only if SSL enabled).
-# Defaults to undef
-#
-# [*kombu_ssl_version*]
-# (optional) SSL version to use (valid only if SSL enabled).
-# Valid values are TLSv1, SSLv23 and SSLv3. SSLv2 may be
-# available on some distributions.
-# Defaults to 'TLSv1'
-#
-# [*kombu_reconnect_delay*]
-# (optional) The amount of time to wait before attempting to reconnect
-# to MQ provider. This is used in some cases where you may need to wait
-# for the provider to propery premote the master before attempting to
-# reconnect. See https://review.openstack.org/#/c/76686
-# Defaults to '1.0'
-#
-# [*qpid_hostname*]
-# [*qpid_port*]
-# [*qpid_username*]
-# [*qpid_password*]
-# [*qpid_heartbeat*]
-# [*qpid_protocol*]
-# [*qpid_tcp_nodelay*]
-# [*qpid_reconnect*]
-# [*qpid_reconnect_timeout*]
-# [*qpid_reconnect_limit*]
-# [*qpid_reconnect_interval*]
-# [*qpid_reconnect_interval_min*]
-# [*qpid_reconnect_interval_max*]
-# (optional) various QPID options
-#
-# [*use_ssl*]
-# (optinal) Enable SSL on the API server
-# Defaults to false, not set
-#
-# [*cert_file*]
-# (optinal) certificate file to use when starting api server securely
-# defaults to false, not set
-#
-# [*key_file*]
-# (optional) Private key file to use when starting API server securely
-# Defaults to false, not set
-#
-# [*ca_file*]
-# (optional) CA certificate file to use to verify connecting clients
-# Defaults to false, not set
-#
-# [*use_syslog*]
-# (optional) Use syslog for logging
-# Defaults to false
-#
-# [*log_facility*]
-# (optional) Syslog facility to receive log lines
-# Defaults to LOG_USER
-#
-# [*log_file*]
-# (optional) Where to log
-# Defaults to false
-#
-# [*log_dir*]
-# (optional) Directory where logs should be stored
-# If set to boolean false, it will not log to any directory
-# Defaults to /var/log/neutron
-#
-class neutron (
- $enabled = true,
- $package_ensure = 'present',
- $verbose = false,
- $debug = false,
- $bind_host = '0.0.0.0',
- $bind_port = '9696',
- $core_plugin = 'openvswitch',
- $service_plugins = undef,
- $auth_strategy = 'keystone',
- $base_mac = 'fa:16:3e:00:00:00',
- $mac_generation_retries = 16,
- $dhcp_lease_duration = 86400,
- $dhcp_agents_per_network = 1,
- $network_device_mtu = undef,
- $dhcp_agent_notification = true,
- $allow_bulk = true,
- $allow_pagination = false,
- $allow_sorting = false,
- $allow_overlapping_ips = false,
- $api_extensions_path = undef,
- $root_helper = 'sudo neutron-rootwrap /etc/neutron/rootwrap.conf',
- $report_interval = '30',
- $control_exchange = 'neutron',
- $rpc_backend = 'neutron.openstack.common.rpc.impl_kombu',
- $rabbit_password = false,
- $rabbit_host = 'localhost',
- $rabbit_hosts = false,
- $rabbit_port = '5672',
- $rabbit_user = 'guest',
- $rabbit_virtual_host = '/',
- $rabbit_use_ssl = false,
- $kombu_ssl_ca_certs = undef,
- $kombu_ssl_certfile = undef,
- $kombu_ssl_keyfile = undef,
- $kombu_ssl_version = 'TLSv1',
- $kombu_reconnect_delay = '1.0',
- $qpid_hostname = 'localhost',
- $qpid_port = '5672',
- $qpid_username = 'guest',
- $qpid_password = 'guest',
- $qpid_heartbeat = 60,
- $qpid_protocol = 'tcp',
- $qpid_tcp_nodelay = true,
- $qpid_reconnect = true,
- $qpid_reconnect_timeout = 0,
- $qpid_reconnect_limit = 0,
- $qpid_reconnect_interval_min = 0,
- $qpid_reconnect_interval_max = 0,
- $qpid_reconnect_interval = 0,
- $use_ssl = false,
- $cert_file = false,
- $key_file = false,
- $ca_file = false,
- $use_syslog = false,
- $log_facility = 'LOG_USER',
- $log_file = false,
- $log_dir = '/var/log/neutron',
-) {
-
- include neutron::params
-
- Package['neutron'] -> Neutron_config<||>
- Package['neutron'] -> Nova_Admin_Tenant_Id_Setter<||>
-
- if $use_ssl {
- if !$cert_file {
- fail('The cert_file parameter is required when use_ssl is set to true')
- }
- if !$key_file {
- fail('The key_file parameter is required when use_ssl is set to true')
- }
- }
-
- if $ca_file and !$use_ssl {
- fail('The ca_file parameter requires that use_ssl to be set to true')
- }
-
- if $kombu_ssl_ca_certs and !$rabbit_use_ssl {
- fail('The kombu_ssl_ca_certs parameter requires rabbit_use_ssl to be set to true')
- }
- if $kombu_ssl_certfile and !$rabbit_use_ssl {
- fail('The kombu_ssl_certfile parameter requires rabbit_use_ssl to be set to true')
- }
- if $kombu_ssl_keyfile and !$rabbit_use_ssl {
- fail('The kombu_ssl_keyfile parameter requires rabbit_use_ssl to be set to true')
- }
- if ($kombu_ssl_certfile and !$kombu_ssl_keyfile) or ($kombu_ssl_keyfile and !$kombu_ssl_certfile) {
- fail('The kombu_ssl_certfile and kombu_ssl_keyfile parameters must be used together')
- }
-
- File {
- require => Package['neutron'],
- owner => 'root',
- group => 'neutron',
- mode => '0640',
- }
-
- file { '/etc/neutron':
- ensure => directory,
- mode => '0750',
- }
-
- file { '/etc/neutron/neutron.conf': }
-
- package { 'neutron':
- ensure => $package_ensure,
- name => $::neutron::params::package_name,
- }
-
- neutron_config {
- 'DEFAULT/verbose': value => $verbose;
- 'DEFAULT/debug': value => $debug;
- 'DEFAULT/bind_host': value => $bind_host;
- 'DEFAULT/bind_port': value => $bind_port;
- 'DEFAULT/auth_strategy': value => $auth_strategy;
- 'DEFAULT/core_plugin': value => $core_plugin;
- 'DEFAULT/base_mac': value => $base_mac;
- 'DEFAULT/mac_generation_retries': value => $mac_generation_retries;
- 'DEFAULT/dhcp_lease_duration': value => $dhcp_lease_duration;
- 'DEFAULT/dhcp_agents_per_network': value => $dhcp_agents_per_network;
- 'DEFAULT/dhcp_agent_notification': value => $dhcp_agent_notification;
- 'DEFAULT/allow_bulk': value => $allow_bulk;
- 'DEFAULT/allow_pagination': value => $allow_pagination;
- 'DEFAULT/allow_sorting': value => $allow_sorting;
- 'DEFAULT/allow_overlapping_ips': value => $allow_overlapping_ips;
- 'DEFAULT/control_exchange': value => $control_exchange;
- 'DEFAULT/rpc_backend': value => $rpc_backend;
- 'DEFAULT/api_extensions_path': value => $api_extensions_path;
- 'agent/root_helper': value => $root_helper;
- 'agent/report_interval': value => $report_interval;
- }
-
- if $log_file {
- neutron_config {
- 'DEFAULT/log_file': value => $log_file;
- 'DEFAULT/log_dir': value => $log_dir;
- }
- } else {
- if $log_dir {
- neutron_config {
- 'DEFAULT/log_dir': value => $log_dir;
- 'DEFAULT/log_file': ensure => absent;
- }
- } else {
- neutron_config {
- 'DEFAULT/log_dir': ensure => absent;
- 'DEFAULT/log_file': ensure => absent;
- }
- }
- }
-
- if $network_device_mtu {
- neutron_config {
- 'DEFAULT/network_device_mtu': value => $network_device_mtu;
- }
- } else {
- neutron_config {
- 'DEFAULT/network_device_mtu': ensure => absent;
- }
- }
-
-
- if $service_plugins {
- if is_array($service_plugins) {
- neutron_config { 'DEFAULT/service_plugins': value => join($service_plugins, ',') }
- } else {
- fail('service_plugins should be an array.')
- }
- }
-
- if $rpc_backend == 'neutron.openstack.common.rpc.impl_kombu' {
- if ! $rabbit_password {
- fail('When rpc_backend is rabbitmq, you must set rabbit password')
- }
- if $rabbit_hosts {
- neutron_config { 'DEFAULT/rabbit_hosts': value => join($rabbit_hosts, ',') }
- neutron_config { 'DEFAULT/rabbit_ha_queues': value => true }
- } else {
- neutron_config { 'DEFAULT/rabbit_host': value => $rabbit_host }
- neutron_config { 'DEFAULT/rabbit_port': value => $rabbit_port }
- neutron_config { 'DEFAULT/rabbit_hosts': value => "${rabbit_host}:${rabbit_port}" }
- neutron_config { 'DEFAULT/rabbit_ha_queues': value => false }
- }
-
- neutron_config {
- 'DEFAULT/rabbit_userid': value => $rabbit_user;
- 'DEFAULT/rabbit_password': value => $rabbit_password, secret => true;
- 'DEFAULT/rabbit_virtual_host': value => $rabbit_virtual_host;
- 'DEFAULT/rabbit_use_ssl': value => $rabbit_use_ssl;
- 'DEFAULT/kombu_reconnect_delay': value => $kombu_reconnect_delay;
- }
-
- if $rabbit_use_ssl {
-
- if $kombu_ssl_ca_certs {
- neutron_config { 'DEFAULT/kombu_ssl_ca_certs': value => $kombu_ssl_ca_certs; }
- } else {
- neutron_config { 'DEFAULT/kombu_ssl_ca_certs': ensure => absent; }
- }
-
- if $kombu_ssl_certfile or $kombu_ssl_keyfile {
- neutron_config {
- 'DEFAULT/kombu_ssl_certfile': value => $kombu_ssl_certfile;
- 'DEFAULT/kombu_ssl_keyfile': value => $kombu_ssl_keyfile;
- }
- } else {
- neutron_config {
- 'DEFAULT/kombu_ssl_certfile': ensure => absent;
- 'DEFAULT/kombu_ssl_keyfile': ensure => absent;
- }
- }
-
- if $kombu_ssl_version {
- neutron_config { 'DEFAULT/kombu_ssl_version': value => $kombu_ssl_version; }
- } else {
- neutron_config { 'DEFAULT/kombu_ssl_version': ensure => absent; }
- }
-
- } else {
- neutron_config {
- 'DEFAULT/kombu_ssl_ca_certs': ensure => absent;
- 'DEFAULT/kombu_ssl_certfile': ensure => absent;
- 'DEFAULT/kombu_ssl_keyfile': ensure => absent;
- 'DEFAULT/kombu_ssl_version': ensure => absent;
- }
- }
-
- }
-
- if $rpc_backend == 'neutron.openstack.common.rpc.impl_qpid' {
- neutron_config {
- 'DEFAULT/qpid_hostname': value => $qpid_hostname;
- 'DEFAULT/qpid_port': value => $qpid_port;
- 'DEFAULT/qpid_username': value => $qpid_username;
- 'DEFAULT/qpid_password': value => $qpid_password, secret => true;
- 'DEFAULT/qpid_heartbeat': value => $qpid_heartbeat;
- 'DEFAULT/qpid_protocol': value => $qpid_protocol;
- 'DEFAULT/qpid_tcp_nodelay': value => $qpid_tcp_nodelay;
- 'DEFAULT/qpid_reconnect': value => $qpid_reconnect;
- 'DEFAULT/qpid_reconnect_timeout': value => $qpid_reconnect_timeout;
- 'DEFAULT/qpid_reconnect_limit': value => $qpid_reconnect_limit;
- 'DEFAULT/qpid_reconnect_interval_min': value => $qpid_reconnect_interval_min;
- 'DEFAULT/qpid_reconnect_interval_max': value => $qpid_reconnect_interval_max;
- 'DEFAULT/qpid_reconnect_interval': value => $qpid_reconnect_interval;
- }
- }
-
- # SSL Options
- neutron_config { 'DEFAULT/use_ssl' : value => $use_ssl; }
- if $use_ssl {
- neutron_config {
- 'DEFAULT/ssl_cert_file' : value => $cert_file;
- 'DEFAULT/ssl_key_file' : value => $key_file;
- }
- if $ca_file {
- neutron_config { 'DEFAULT/ssl_ca_file' : value => $ca_file; }
- } else {
- neutron_config { 'DEFAULT/ssl_ca_file' : ensure => absent; }
- }
- } else {
- neutron_config {
- 'DEFAULT/ssl_cert_file': ensure => absent;
- 'DEFAULT/ssl_key_file': ensure => absent;
- 'DEFAULT/ssl_ca_file': ensure => absent;
- }
- }
-
- if $use_syslog {
- neutron_config {
- 'DEFAULT/use_syslog': value => true;
- 'DEFAULT/syslog_log_facility': value => $log_facility;
- }
- } else {
- neutron_config {
- 'DEFAULT/use_syslog': value => false;
- }
- }
-}