Merge "Optimize kitchen tests for Travis CI"
diff --git a/README.rst b/README.rst
index c8ff890..570558c 100644
--- a/README.rst
+++ b/README.rst
@@ -23,6 +23,9 @@
version: mitaka
allow_pagination: true
pagination_max_limit: 100
+ api_workers: 2
+ rpc_workers: 2
+ rpc_state_report_workers: 2
bind:
address: 172.20.0.1
port: 9696
@@ -52,6 +55,7 @@
host: 127.0.0.1
port: 8775
password: pass
+ workers: 2
audit:
enabled: false
@@ -660,6 +664,7 @@
compute:
version: mitaka
dpdk: True
+ vhost_socket_dir: /var/run/openvswitch
backend:
engine: ml2
...
@@ -728,6 +733,9 @@
ovn:
driver: ovn
tenant_network_types: "geneve,flat"
+ ovn_ctl_opts:
+ db-nb-create-insecure-remote: 'yes'
+ db-sb-create-insecure-remote: 'yes'
Compute node:
@@ -806,59 +814,51 @@
virtual_host: '/openstack'
....
-Client-side RabbitMQ TLS configuration:
-|
+Configuring TLS communications
+------------------------------
-To enable TLS for oslo.messaging you need to provide the CA certificate.
-By default system-wide CA certs are used. Nothing should be specified except `ssl.enabled`.
+**Note:** by default system wide installed CA certs are used, so ``cacert_file`` param is optional, as well as ``cacert``.
+
+
+- **RabbitMQ TLS**
.. code-block:: yaml
- neutron:
- server, gateway, compute:
- ....
+ neutron:
+ server, gateway, compute:
message_queue:
+ port: 5671
ssl:
enabled: True
+ (optional) cacert: cert body if the cacert_file does not exists
+ (optional) cacert_file: /etc/openstack/rabbitmq-ca.pem
+ (optional) version: TLSv1_2
-
-Use `cacert_file` option to specify the CA-cert file path explicitly:
+- **MySQL TLS**
.. code-block:: yaml
- neutron:
- server, gateway, compute:
- ....
- message_queue:
+ neutron:
+ server:
+ database:
ssl:
enabled: True
- cacert_file: /etc/ssl/rabbitmq-ca.pem
+ (optional) cacert: cert body if the cacert_file does not exists
+ (optional) cacert_file: /etc/openstack/mysql-ca.pem
-To manage content of the `cacert_file` use the `cacert` option:
+- **Openstack HTTPS API**
+
.. code-block:: yaml
- neutron:
- server, gateway, compute:
- ....
- message_queue:
- ssl:
- enabled: True
- cacert: |
-
- -----BEGIN CERTIFICATE-----
- ...
- -----END CERTIFICATE-------
-
- cacert_file: /etc/openstack/rabbitmq-ca.pem
-
-
-Notice:
- * The `message_queue.port` is set to **5671** (AMQPS) by default if `ssl.enabled=True`.
- * Use `message_queue.ssl.version` if you need to specify protocol version. By default is TLSv1 for python < 2.7.9 and TLSv1_2 for version above.
+ neutron:
+ server:
+ identity:
+ protocol: https
+ (optional) cacert_file: /etc/openstack/proxy.pem
Enable auditing filter, ie: CADF
diff --git a/neutron/compute.sls b/neutron/compute.sls
index c6a1df5..cc1f1aa 100644
--- a/neutron/compute.sls
+++ b/neutron/compute.sls
@@ -1,4 +1,4 @@
-{% from "neutron/map.jinja" import compute, fwaas, system_cacerts_file with context %}
+{% from "neutron/map.jinja" import compute, fwaas with context %}
{%- if compute.enabled %}
{% if compute.backend.engine == "ml2" %}
@@ -129,7 +129,7 @@
- makedirs: true
{%- else %}
file.exists:
- - name: {{ compute.message_queue.ssl.get('cacert_file', system_cacerts_file) }}
+ - name: {{ compute.message_queue.ssl.get('cacert_file', compute.cacert_file) }}
{%- endif %}
{%- endif %}
diff --git a/neutron/files/liberty/neutron-server.conf.Debian b/neutron/files/liberty/neutron-server.conf.Debian
index 5e30e61..c374b9d 100644
--- a/neutron/files/liberty/neutron-server.conf.Debian
+++ b/neutron/files/liberty/neutron-server.conf.Debian
@@ -308,6 +308,9 @@
# worker thread in the current process. Greater than 0 launches that number of
# child processes as workers. The parent process manages them.
# api_workers = 0
+{%- if server.api_workers is defined %}
+api_workers = {{ server.api_workers }}
+{%- endif %}
# Number of separate RPC worker processes to spawn. The default, 0, runs the
# worker thread in the current process. Greater than 0 launches that number of
@@ -315,6 +318,9 @@
# This feature is experimental until issues are addressed and testing has been
# enabled for various plugins for compatibility.
# rpc_workers = 0
+{%- if server.rpc_workers is defined %}
+rpc_workers = {{ server.rpc_workers }}
+{%- endif %}
# Timeout for client connections socket operations. If an
# incoming connection is idle for this number of seconds it
diff --git a/neutron/files/liberty/neutron-server.conf.RedHat b/neutron/files/liberty/neutron-server.conf.RedHat
index cba51e2..2aefb45 100644
--- a/neutron/files/liberty/neutron-server.conf.RedHat
+++ b/neutron/files/liberty/neutron-server.conf.RedHat
@@ -304,6 +304,9 @@
# worker thread in the current process. Greater than 0 launches that number of
# child processes as workers. The parent process manages them.
# api_workers = 0
+{%- if server.api_workers is defined %}
+api_workers = {{ server.api_workers }}
+{%- endif %}
# Number of separate RPC worker processes to spawn. The default, 0, runs the
# worker thread in the current process. Greater than 0 launches that number of
@@ -311,6 +314,9 @@
# This feature is experimental until issues are addressed and testing has been
# enabled for various plugins for compatibility.
# rpc_workers = 0
+{%- if server.rpc_workers is defined %}
+rpc_workers = {{ server.rpc_workers }}
+{%- endif %}
# Timeout for client connections socket operations. If an
# incoming connection is idle for this number of seconds it
diff --git a/neutron/files/mitaka/metadata_agent.ini b/neutron/files/mitaka/metadata_agent.ini
index 15c21ac..ccbb827 100644
--- a/neutron/files/mitaka/metadata_agent.ini
+++ b/neutron/files/mitaka/metadata_agent.ini
@@ -58,6 +58,9 @@
# Number of separate worker processes for metadata server (defaults to half of the number of CPUs) (integer value)
#metadata_workers = 4
+{%- if neutron.metadata.workers is defined %}
+metadata_workers = {{ neutron.metadata.workers }}
+{%- endif %}
# Number of backlog requests to configure the metadata server socket with (integer value)
#metadata_backlog = 4096
diff --git a/neutron/files/mitaka/neutron-generic.conf.Debian b/neutron/files/mitaka/neutron-generic.conf.Debian
index 36c7fc4..ee5b2bf 100644
--- a/neutron/files/mitaka/neutron-generic.conf.Debian
+++ b/neutron/files/mitaka/neutron-generic.conf.Debian
@@ -1,7 +1,7 @@
{%- if pillar.neutron.gateway is defined %}
-{%- from "neutron/map.jinja" import system_cacerts_file, gateway as neutron with context %}
+{%- from "neutron/map.jinja" import gateway as neutron with context %}
{%- else %}
-{%- from "neutron/map.jinja" import system_cacerts_file, compute as neutron with context %}
+{%- from "neutron/map.jinja" import compute as neutron with context %}
{%- endif %}
[DEFAULT]
@@ -1289,11 +1289,7 @@
kombu_ssl_version = TLSv1_2
{%- endif %}
-{%- if neutron.message_queue.ssl.cacert_file is defined %}
-kombu_ssl_ca_certs = {{ neutron.message_queue.ssl.cacert_file }}
-{%- else %}
-kombu_ssl_ca_certs={{ system_cacerts_file }}
-{%- endif %}
+kombu_ssl_ca_certs = {{ neutron.message_queue.ssl.get('cacert_file', neutron.cacert_file) }}
{%- endif %}
rabbit_userid = {{ neutron.message_queue.user }}
diff --git a/neutron/files/mitaka/neutron-server.conf.Debian b/neutron/files/mitaka/neutron-server.conf.Debian
index a3dcdc1..d676791 100644
--- a/neutron/files/mitaka/neutron-server.conf.Debian
+++ b/neutron/files/mitaka/neutron-server.conf.Debian
@@ -1,4 +1,4 @@
-{%- from "neutron/map.jinja" import fwaas, server, system_cacerts_file with context %}
+{%- from "neutron/map.jinja" import fwaas, server with context %}
[DEFAULT]
@@ -215,15 +215,26 @@
# default is equal to the number of CPUs available for best performance.
# (integer value)
#api_workers = <None>
+{%- if server.api_workers is defined %}
+api_workers = {{ server.api_workers }}
+{%- endif %}
# Number of RPC worker processes for service (integer value)
#rpc_workers = 1
+{%- if server.rpc_workers is defined %}
+rpc_workers = {{ server.rpc_workers }}
+{%- else %}
rpc_workers = {{ grains.num_cpus }}
+{%- endif %}
# Number of RPC worker processes dedicated to state reports queue (integer
# value)
#rpc_state_report_workers = 1
+{%- if server.rpc_state_report_workers is defined %}
+rpc_state_report_workers = {{ server.rpc_state_report_workers }}
+{%- else %}
rpc_state_report_workers = 4
+{%- endif %}
# Range of seconds to randomly delay when starting the periodic task scheduler
# to reduce stampeding. (Disable by setting to 0) (integer value)
@@ -750,7 +761,7 @@
# Deprecated group/name - [DATABASE]/sql_connection
# Deprecated group/name - [sql]/connection
{% if server.backend.engine == "ml2" %}
-connection = {{ server.database.engine }}+pymysql://{{ server.database.user }}:{{ server.database.password }}@{{ server.database.host }}/{{ server.database.name }}{%- if server.database.get('ssl',{}).get('enabled',False) %}?ssl_ca={{ server.database.ssl.get('cacert_file', system_cacerts_file) }}{% endif %}
+connection = {{ server.database.engine }}+pymysql://{{ server.database.user }}:{{ server.database.password }}@{{ server.database.host }}/{{ server.database.name }}{%- if server.database.get('ssl',{}).get('enabled',False) %}?ssl_ca={{ server.database.ssl.get('cacert_file', server.cacert_file) }}{% endif %}
{% else %}
connection = sqlite:////var/lib/neutron/neutron.sqlite
{% endif %}
@@ -1386,11 +1397,7 @@
kombu_ssl_version = TLSv1_2
{%- endif %}
-{%- if server.message_queue.ssl.cacert_file is defined %}
-kombu_ssl_ca_certs = {{ server.message_queue.ssl.cacert_file }}
-{%- else %}
-kombu_ssl_ca_certs={{ system_cacerts_file }}
-{%- endif %}
+kombu_ssl_ca_certs = {{ server.message_queue.ssl.get('cacert_file', server.cacert_file) }}
{%- endif %}
rabbit_userid = {{ server.message_queue.user }}
diff --git a/neutron/files/mitaka/openvswitch_agent.ini b/neutron/files/mitaka/openvswitch_agent.ini
index 01162a0..25ecbbd 100644
--- a/neutron/files/mitaka/openvswitch_agent.ini
+++ b/neutron/files/mitaka/openvswitch_agent.ini
@@ -217,6 +217,9 @@
# OVS vhost-user socket directory. (string value)
#vhostuser_socket_dir = /var/run/openvswitch
+{%- if neutron.vhost_socket_dir is defined %}
+vhostuser_socket_dir = {{ neutron.vhost_socket_dir }}
+{%- endif %}
# Address to listen on for OpenFlow connections. Used only for 'native' driver. (IP address value)
#of_listen_address = 127.0.0.1
diff --git a/neutron/files/newton/metadata_agent.ini b/neutron/files/newton/metadata_agent.ini
index 15c21ac..ccbb827 100644
--- a/neutron/files/newton/metadata_agent.ini
+++ b/neutron/files/newton/metadata_agent.ini
@@ -58,6 +58,9 @@
# Number of separate worker processes for metadata server (defaults to half of the number of CPUs) (integer value)
#metadata_workers = 4
+{%- if neutron.metadata.workers is defined %}
+metadata_workers = {{ neutron.metadata.workers }}
+{%- endif %}
# Number of backlog requests to configure the metadata server socket with (integer value)
#metadata_backlog = 4096
diff --git a/neutron/files/newton/neutron-generic.conf.Debian b/neutron/files/newton/neutron-generic.conf.Debian
index 3d8c5fb..a9e3a56 100644
--- a/neutron/files/newton/neutron-generic.conf.Debian
+++ b/neutron/files/newton/neutron-generic.conf.Debian
@@ -1,7 +1,7 @@
{%- if pillar.neutron.gateway is defined %}
-{%- from "neutron/map.jinja" import system_cacerts_file, gateway as neutron with context %}
+{%- from "neutron/map.jinja" import gateway as neutron with context %}
{%- else %}
-{%- from "neutron/map.jinja" import system_cacerts_file, compute as neutron with context %}
+{%- from "neutron/map.jinja" import compute as neutron with context %}
{%- endif %}
[DEFAULT]
@@ -1227,11 +1227,7 @@
kombu_ssl_version = TLSv1_2
{%- endif %}
-{%- if neutron.message_queue.ssl.cacert_file is defined %}
-kombu_ssl_ca_certs = {{ neutron.message_queue.ssl.cacert_file }}
-{%- else %}
-kombu_ssl_ca_certs={{ system_cacerts_file }}
-{%- endif %}
+kombu_ssl_ca_certs = {{ neutron.message_queue.ssl.get('cacert_file', neutron.cacert_file) }}
{%- endif %}
# Use durable queues in AMQP. (boolean value)
diff --git a/neutron/files/newton/neutron-server.conf.Debian b/neutron/files/newton/neutron-server.conf.Debian
index fc763eb..cf54c3e 100644
--- a/neutron/files/newton/neutron-server.conf.Debian
+++ b/neutron/files/newton/neutron-server.conf.Debian
@@ -1,4 +1,4 @@
-{%- from "neutron/map.jinja" import server, system_cacerts_file with context %}
+{%- from "neutron/map.jinja" import server with context %}
[DEFAULT]
#
@@ -214,15 +214,26 @@
# default is equal to the number of CPUs available for best performance.
# (integer value)
#api_workers = <None>
+{%- if server.api_workers is defined %}
+api_workers = {{ server.api_workers }}
+{%- endif %}
# Number of RPC worker processes for service (integer value)
#rpc_workers = 1
+{%- if server.rpc_workers is defined %}
+rpc_workers = {{ server.rpc_workers }}
+{%- else %}
rpc_workers = {{ grains.num_cpus }}
+{%- endif %}
# Number of RPC worker processes dedicated to state reports queue (integer
# value)
#rpc_state_report_workers = 1
+{%- if server.rpc_state_report_workers is defined %}
+rpc_state_report_workers = {{ server.rpc_state_report_workers }}
+{%- else %}
rpc_state_report_workers = 4
+{%- endif %}
# Range of seconds to randomly delay when starting the periodic task scheduler
# to reduce stampeding. (Disable by setting to 0) (integer value)
@@ -760,7 +771,7 @@
# Deprecated group/name - [DATABASE]/sql_connection
# Deprecated group/name - [sql]/connection
{% if server.backend.engine == "ml2" %}
-connection = {{ server.database.engine }}+pymysql://{{ server.database.user }}:{{ server.database.password }}@{{ server.database.host }}/{{ server.database.name }}?charset=utf8{%- if server.database.get('ssl',{}).get('enabled',False) %}&ssl_ca={{ server.database.ssl.get('cacert_file', system_cacerts_file) }}{% endif %}
+connection = {{ server.database.engine }}+pymysql://{{ server.database.user }}:{{ server.database.password }}@{{ server.database.host }}/{{ server.database.name }}?charset=utf8{%- if server.database.get('ssl',{}).get('enabled',False) %}&ssl_ca={{ server.database.ssl.get('cacert_file', server.cacert_file) }}{% endif %}
{% else %}
connection = sqlite:////var/lib/neutron/neutron.sqlite
{% endif %}
@@ -862,8 +873,11 @@
project_name = {{ server.identity.tenant }}
username = {{ server.identity.user }}
password = {{ server.identity.password }}
-auth_uri=http://{{ server.identity.host }}:5000
-auth_url=http://{{ server.identity.host }}:35357
+auth_uri={{ server.identity.get('protocol', 'http') }}://{{ server.identity.host }}:5000
+auth_url={{ server.identity.get('protocol', 'http') }}://{{ server.identity.host }}:35357
+{%- if server.identity.get('protocol', 'http') == 'https' %}
+cafile={{ server.identity.get('cacert_file', server.cacert_file) }}
+{%- endif %}
{%- if server.cache is defined %}
memcached_servers={%- for member in server.cache.members %}{{ member.host }}:11211{% if not loop.last %},{% endif %}{%- endfor %}
{%- endif %}
@@ -1099,7 +1113,10 @@
password = {{ server.compute.password }}
username = {{ server.compute.user }}
auth_type = password
-auth_url = http://{{ server.identity.host }}:35357
+auth_url = {{ server.identity.get('protocol', 'http') }}://{{ server.identity.host }}:35357
+{%- if server.identity.get('protocol', 'http') == 'https' %}
+cafile={{ server.identity.get('cacert_file', server.cacert_file) }}
+{%- endif %}
# Authentication type to load (unknown value)
# Deprecated group/name - [DEFAULT]/auth_plugin
@@ -1312,11 +1329,7 @@
kombu_ssl_version = TLSv1_2
{%- endif %}
-{%- if server.message_queue.ssl.cacert_file is defined %}
-kombu_ssl_ca_certs = {{ server.message_queue.ssl.cacert_file }}
-{%- else %}
-kombu_ssl_ca_certs={{ system_cacerts_file }}
-{%- endif %}
+kombu_ssl_ca_certs = {{ server.message_queue.ssl.get('cacert_file', server.cacert_file) }}
{%- endif %}
# Use durable queues in AMQP. (boolean value)
diff --git a/neutron/files/newton/openvswitch_agent.ini b/neutron/files/newton/openvswitch_agent.ini
index 01162a0..25ecbbd 100644
--- a/neutron/files/newton/openvswitch_agent.ini
+++ b/neutron/files/newton/openvswitch_agent.ini
@@ -217,6 +217,9 @@
# OVS vhost-user socket directory. (string value)
#vhostuser_socket_dir = /var/run/openvswitch
+{%- if neutron.vhost_socket_dir is defined %}
+vhostuser_socket_dir = {{ neutron.vhost_socket_dir }}
+{%- endif %}
# Address to listen on for OpenFlow connections. Used only for 'native' driver. (IP address value)
#of_listen_address = 127.0.0.1
diff --git a/neutron/files/ocata/metadata_agent.ini b/neutron/files/ocata/metadata_agent.ini
index 9772781..082da7b 100644
--- a/neutron/files/ocata/metadata_agent.ini
+++ b/neutron/files/ocata/metadata_agent.ini
@@ -67,6 +67,9 @@
# Number of separate worker processes for metadata server (defaults to half of
# the number of CPUs) (integer value)
#metadata_workers = 2
+{%- if neutron.metadata.workers is defined %}
+metadata_workers = {{ neutron.metadata.workers }}
+{%- endif %}
# Number of backlog requests to configure the metadata server socket with
# (integer value)
diff --git a/neutron/files/ocata/neutron-generic.conf.Debian b/neutron/files/ocata/neutron-generic.conf.Debian
index 123386d..0d16a6d 100644
--- a/neutron/files/ocata/neutron-generic.conf.Debian
+++ b/neutron/files/ocata/neutron-generic.conf.Debian
@@ -1,7 +1,7 @@
{%- if pillar.neutron.gateway is defined %}
-{%- from "neutron/map.jinja" import system_cacerts_file, gateway as neutron with context %}
+{%- from "neutron/map.jinja" import gateway as neutron with context %}
{%- else %}
-{%- from "neutron/map.jinja" import system_cacerts_file, compute as neutron with context %}
+{%- from "neutron/map.jinja" import compute as neutron with context %}
{%- endif %}
[DEFAULT]
@@ -1535,11 +1535,7 @@
kombu_ssl_version = TLSv1_2
{%- endif %}
-{%- if neutron.message_queue.ssl.cacert_file is defined %}
-kombu_ssl_ca_certs = {{ neutron.message_queue.ssl.cacert_file }}
-{%- else %}
-kombu_ssl_ca_certs={{ system_cacerts_file }}
-{%- endif %}
+kombu_ssl_ca_certs = {{ neutron.message_queue.ssl.get('cacert_file', neutron.cacert_file) }}
{%- endif %}
# Use durable queues in AMQP. (boolean value)
diff --git a/neutron/files/ocata/neutron-server.conf.Debian b/neutron/files/ocata/neutron-server.conf.Debian
index 79376a2..0875697 100644
--- a/neutron/files/ocata/neutron-server.conf.Debian
+++ b/neutron/files/ocata/neutron-server.conf.Debian
@@ -1,4 +1,4 @@
-{%- from "neutron/map.jinja" import fwaas, server, system_cacerts_file with context %}
+{%- from "neutron/map.jinja" import fwaas, server with context %}
[DEFAULT]
#
@@ -187,15 +187,27 @@
# default is equal to the number of CPUs available for best performance.
# (integer value)
#api_workers = <None>
+{%- if server.api_workers is defined %}
+api_workers = {{ server.api_workers }}
+{%- endif %}
# Number of RPC worker processes for service. (integer value)
#rpc_workers = 1
+{%- if server.rpc_workers is defined %}
+rpc_workers = {{ server.rpc_workers }}
+{%- else %}
rpc_workers = {{ grains.num_cpus }}
+{%- endif %}
+
# Number of RPC worker processes dedicated to state reports queue. (integer
# value)
#rpc_state_report_workers = 1
+{%- if server.rpc_state_report_workers is defined %}
+rpc_state_report_workers = {{ server.rpc_state_report_workers }}
+{%- else %}
rpc_state_report_workers = 4
+{%- endif %}
# Range of seconds to randomly delay when starting the periodic task scheduler
# to reduce stampeding. (Disable by setting to 0) (integer value)
@@ -850,7 +862,7 @@
# Deprecated group/name - [sql]/connection
{% if server.backend.engine in ["ml2", "ovn"] %}
-connection = {{ server.database.engine }}+pymysql://{{ server.database.user }}:{{ server.database.password }}@{{ server.database.host }}/{{ server.database.name }}?charset=utf8{%- if server.database.get('ssl',{}).get('enabled',False) %}&ssl_ca={{ server.database.ssl.get('cacert_file', system_cacerts_file) }}{% endif %}
+connection = {{ server.database.engine }}+pymysql://{{ server.database.user }}:{{ server.database.password }}@{{ server.database.host }}/{{ server.database.name }}?charset=utf8{%- if server.database.get('ssl',{}).get('enabled',False) %}&ssl_ca={{ server.database.ssl.get('cacert_file', server.cacert_file) }}{% endif %}
{% else %}
connection = sqlite:////var/lib/neutron/neutron.sqlite
{% endif %}
@@ -955,8 +967,11 @@
project_name = {{ server.identity.tenant }}
username = {{ server.identity.user }}
password = {{ server.identity.password }}
-auth_uri=http://{{ server.identity.host }}:5000
-auth_url=http://{{ server.identity.host }}:35357
+auth_uri={{ server.identity.get('protocol', 'http') }}://{{ server.identity.host }}:5000
+auth_url={{ server.identity.get('protocol', 'http') }}://{{ server.identity.host }}:35357
+{%- if server.identity.get('protocol', 'http') == 'https' %}
+cafile={{ server.identity.get('cacert_file', server.cacert_file) }}
+{%- endif %}
{%- if server.cache is defined %}
memcached_servers={%- for member in server.cache.members %}{{ member.host }}:11211{% if not loop.last %},{% endif %}{%- endfor %}
{%- endif %}
@@ -1245,7 +1260,10 @@
password = {{ server.compute.password }}
username = {{ server.compute.user }}
auth_type = password
-auth_url = http://{{ server.identity.host }}:35357
+auth_url = {{ server.identity.get('protocol', 'http') }}://{{ server.identity.host }}:35357
+{%- if server.identity.get('protocol', 'http') == 'https' %}
+cafile={{ server.identity.get('cacert_file', server.cacert_file) }}
+{%- endif %}
# Authentication type to load (string value)
# Deprecated group/name - [nova]/auth_plugin
@@ -1626,11 +1644,7 @@
kombu_ssl_version = TLSv1_2
{%- endif %}
-{%- if server.message_queue.ssl.cacert_file is defined %}
-kombu_ssl_ca_certs = {{ server.message_queue.ssl.cacert_file }}
-{%- else %}
-kombu_ssl_ca_certs={{ system_cacerts_file }}
-{%- endif %}
+kombu_ssl_ca_certs = {{ server.message_queue.ssl.get('cacert_file', server.cacert_file) }}
{%- endif %}
# Use durable queues in AMQP. (boolean value)
diff --git a/neutron/files/ocata/openvswitch_agent.ini b/neutron/files/ocata/openvswitch_agent.ini
index a8eecc4..a8ae0d2 100644
--- a/neutron/files/ocata/openvswitch_agent.ini
+++ b/neutron/files/ocata/openvswitch_agent.ini
@@ -276,6 +276,9 @@
# OVS vhost-user socket directory. (string value)
#vhostuser_socket_dir = /var/run/openvswitch
+{%- if neutron.vhost_socket_dir is defined %}
+vhostuser_socket_dir = {{ neutron.vhost_socket_dir }}
+{%- endif %}
# Address to listen on for OpenFlow connections. Used only for 'native' driver.
# (IP address value)
diff --git a/neutron/files/ocata/ovn_central_options b/neutron/files/ocata/ovn_central_options
new file mode 100644
index 0000000..e59db5f
--- /dev/null
+++ b/neutron/files/ocata/ovn_central_options
@@ -0,0 +1,10 @@
+{%- from "neutron/map.jinja" import server with context %}
+# This is a POSIX shell fragment -*- sh -*-
+
+# OVN_CTL_OPTS: Extra options to pass to ovn-ctl. This is, for example,
+# a suitable place to specify --ovn-northd-wrapper=valgrind.
+{%- set ovn_ctl_opts = [] %}
+{%- for opt, value in server.get('ovn_ctl_opts', {}).iteritems() %}
+{%- do ovn_ctl_opts.append("--%s=%s"|format(opt, value)) %}
+{%- endfor %}
+OVN_CTL_OPTS='{{ ovn_ctl_opts|join(' ') }}'
diff --git a/neutron/gateway.sls b/neutron/gateway.sls
index 81513d8..6046b96 100644
--- a/neutron/gateway.sls
+++ b/neutron/gateway.sls
@@ -1,4 +1,4 @@
-{% from "neutron/map.jinja" import gateway, fwaas, system_cacerts_file with context %}
+{% from "neutron/map.jinja" import gateway, fwaas with context %}
{%- if fwaas.get('enabled', False) %}
include:
@@ -77,7 +77,7 @@
- makedirs: true
{%- else %}
file.exists:
- - name: {{ gateway.message_queue.ssl.get('cacert_file', system_cacerts_file) }}
+ - name: {{ gateway.message_queue.ssl.get('cacert_file', gateway.cacert_file) }}
{%- endif %}
{%- endif %}
diff --git a/neutron/map.jinja b/neutron/map.jinja
index 9631d1b..4c95928 100644
--- a/neutron/map.jinja
+++ b/neutron/map.jinja
@@ -1,9 +1,12 @@
-{%- set system_cacerts_file = salt['grains.filter_by']({
- 'Debian': '/etc/ssl/certs/ca-certificates.crt',
- 'RedHat': '/etc/pki/tls/certs/ca-bundle.crt'
-})%}
+{%- set default_params = {
+ 'cacert_file': salt['grains.filter_by']({
+ 'Debian': '/etc/ssl/certs/ca-certificates.crt',
+ 'RedHat': '/etc/pki/tls/certs/ca-bundle.crt'
+ })}
+%}
{% set compute = salt['grains.filter_by']({
+ 'BaseDefaults': default_params,
'Debian': {
'pkgs': ['neutron-openvswitch-agent', 'openvswitch-switch', 'python-pycadf'],
'pkgs_ovn': ['ovn-common', 'ovn-host'],
@@ -24,9 +27,10 @@
'enabled': false
}
},
-}, merge=pillar.neutron.get('compute', {})) %}
+}, merge=pillar.neutron.get('compute', {}), base='BaseDefaults') %}
{% set gateway = salt['grains.filter_by']({
+ 'BaseDefaults': default_params,
'Debian': {
'pkgs': ['neutron-dhcp-agent', 'neutron-openvswitch-agent', 'neutron-l3-agent', 'openvswitch-common', 'neutron-metadata-agent'],
'services': ['neutron-openvswitch-agent', 'neutron-metadata-agent', 'neutron-l3-agent', 'neutron-dhcp-agent'],
@@ -37,9 +41,10 @@
'services': ['neutron-openvswitch-agent', 'neutron-metadata-agent', 'neutron-l3-agent', 'neutron-dhcp-agent'],
'dpdk': false
},
-}, merge=pillar.neutron.get('gateway', {})) %}
+}, merge=pillar.neutron.get('gateway', {}), base='BaseDefaults') %}
{% set server = salt['grains.filter_by']({
+ 'BaseDefaults': default_params,
'Debian': {
'pkgs': ['neutron-server','python-neutron-lbaas', 'gettext-base', 'python-pycadf'],
'pkgs_ovn': ['python-networking-ovn', 'ovn-common', 'ovn-central'],
@@ -66,7 +71,7 @@
'enabled': false
}
},
-}, merge=pillar.neutron.get('server', {})) %}
+}, merge=pillar.neutron.get('server', {}), base='BaseDefaults') %}
{% set client = salt['grains.filter_by']({
'Debian': {
diff --git a/neutron/server.sls b/neutron/server.sls
index ab624f5..c7be3d7 100644
--- a/neutron/server.sls
+++ b/neutron/server.sls
@@ -1,4 +1,4 @@
-{%- from "neutron/map.jinja" import server, fwaas, system_cacerts_file with context %}
+{%- from "neutron/map.jinja" import server, fwaas with context %}
{%- if fwaas.get('enabled', False) %}
include:
@@ -192,6 +192,16 @@
- require:
- pkg: ovn_packages
+{%- if grains.os_family == 'Debian' %}
+/etc/default/ovn-central:
+ file.managed:
+ - source: salt://neutron/files/{{ server.version }}/ovn_central_options
+ - template: jinja
+ - require:
+ - pkg: ovn_packages
+ - watch_in:
+ - service: ovn_services
+{%- endif %}
{%- endif %}
{%- endif %}
@@ -289,7 +299,7 @@
- makedirs: true
{%- else %}
file.exists:
- - name: {{ server.message_queue.ssl.get('cacert_file', system_cacerts_file) }}
+ - name: {{ server.message_queue.ssl.get('cacert_file', server.cacert_file) }}
{%- endif %}
{%- endif %}
@@ -303,7 +313,7 @@
- makedirs: true
{%- else %}
file.exists:
- - name: {{ server.database.ssl.get('cacert_file', system_cacerts_file) }}
+ - name: {{ server.database.ssl.get('cacert_file', server.cacert_file) }}
{%- endif %}
{%- endif %}
diff --git a/tests/pillar/compute_dpdk.sls b/tests/pillar/compute_dpdk.sls
index c56fb81..dfaf10f 100644
--- a/tests/pillar/compute_dpdk.sls
+++ b/tests/pillar/compute_dpdk.sls
@@ -22,4 +22,5 @@
metadata:
host: 127.0.0.1
password: password
+ workers: 2
version: mitaka
diff --git a/tests/pillar/compute_dvr.sls b/tests/pillar/compute_dvr.sls
index 8d5f7d5..f172d70 100644
--- a/tests/pillar/compute_dvr.sls
+++ b/tests/pillar/compute_dvr.sls
@@ -21,4 +21,5 @@
metadata:
host: 127.0.0.1
password: password
+ workers: 2
version: mitaka
\ No newline at end of file
diff --git a/tests/pillar/compute_dvr_fwaas_v1.sls b/tests/pillar/compute_dvr_fwaas_v1.sls
index a4b86d2..e1a61a5 100644
--- a/tests/pillar/compute_dvr_fwaas_v1.sls
+++ b/tests/pillar/compute_dvr_fwaas_v1.sls
@@ -21,6 +21,7 @@
metadata:
host: 127.0.0.1
password: password
+ workers: 2
version: ocata
fwaas:
enabled: true
diff --git a/tests/pillar/compute_legacy.sls b/tests/pillar/compute_legacy.sls
index 154af25..943b35c 100644
--- a/tests/pillar/compute_legacy.sls
+++ b/tests/pillar/compute_legacy.sls
@@ -21,4 +21,5 @@
metadata:
host: 127.0.0.1
password: password
+ workers: 2
version: mitaka
diff --git a/tests/pillar/compute_nonexternal_dvr.sls b/tests/pillar/compute_nonexternal_dvr.sls
index 8ce0da1..30c6f07 100644
--- a/tests/pillar/compute_nonexternal_dvr.sls
+++ b/tests/pillar/compute_nonexternal_dvr.sls
@@ -21,4 +21,5 @@
metadata:
host: 127.0.0.1
password: password
+ workers: 2
version: mitaka
diff --git a/tests/pillar/compute_qos.sls b/tests/pillar/compute_qos.sls
index fdb3beb..9c2b60d 100644
--- a/tests/pillar/compute_qos.sls
+++ b/tests/pillar/compute_qos.sls
@@ -24,4 +24,5 @@
metadata:
host: 127.0.0.1
password: password
+ workers: 2
version: ocata
diff --git a/tests/pillar/compute_qos_sriov.sls b/tests/pillar/compute_qos_sriov.sls
index 7d4d4ab..34ee962 100644
--- a/tests/pillar/compute_qos_sriov.sls
+++ b/tests/pillar/compute_qos_sriov.sls
@@ -26,4 +26,5 @@
metadata:
host: 127.0.0.1
password: password
+ workers: 2
version: ocata
diff --git a/tests/pillar/compute_sriov.sls b/tests/pillar/compute_sriov.sls
index f5a106f..a080511 100644
--- a/tests/pillar/compute_sriov.sls
+++ b/tests/pillar/compute_sriov.sls
@@ -25,4 +25,5 @@
metadata:
host: 127.0.0.1
password: password
+ workers: 2
version: mitaka
diff --git a/tests/pillar/control_cluster.sls b/tests/pillar/control_cluster.sls
index bebff8c..2b4e2af 100644
--- a/tests/pillar/control_cluster.sls
+++ b/tests/pillar/control_cluster.sls
@@ -6,6 +6,8 @@
dns_domain: novalocal
tunnel_type: vxlan
version: liberty
+ api_workers: 2
+ rpc_workers: 2
backend:
engine: contrail
#contrail_discovery_host
diff --git a/tests/pillar/control_dns.sls b/tests/pillar/control_dns.sls
index d8167fa..5504798 100644
--- a/tests/pillar/control_dns.sls
+++ b/tests/pillar/control_dns.sls
@@ -1,5 +1,8 @@
neutron:
server:
+ api_workers: 2
+ rpc_workers: 2
+ rpc_state_report_workers: 2
backend:
engine: ml2
external_mtu: 1500
diff --git a/tests/pillar/control_dvr.sls b/tests/pillar/control_dvr.sls
index 5031810..1bf7b7a 100644
--- a/tests/pillar/control_dvr.sls
+++ b/tests/pillar/control_dvr.sls
@@ -1,5 +1,8 @@
neutron:
server:
+ api_workers: 2
+ rpc_workers: 2
+ rpc_state_report_workers: 2
backend:
engine: ml2
external_mtu: 1500
diff --git a/tests/pillar/control_fwaas_v1.sls b/tests/pillar/control_fwaas_v1.sls
index c39f05c..2ca5e0d 100644
--- a/tests/pillar/control_fwaas_v1.sls
+++ b/tests/pillar/control_fwaas_v1.sls
@@ -1,5 +1,8 @@
neutron:
server:
+ api_workers: 2
+ rpc_workers: 2
+ rpc_state_report_workers: 2
backend:
engine: ml2
external_mtu: 1500
diff --git a/tests/pillar/control_lbaas_octavia.sls b/tests/pillar/control_lbaas_octavia.sls
index 65b0318..cf4710c 100644
--- a/tests/pillar/control_lbaas_octavia.sls
+++ b/tests/pillar/control_lbaas_octavia.sls
@@ -1,5 +1,8 @@
neutron:
server:
+ api_workers: 2
+ rpc_workers: 2
+ rpc_state_report_workers: 2
backend:
engine: ml2
external_mtu: 1500
diff --git a/tests/pillar/control_nodvr.sls b/tests/pillar/control_nodvr.sls
index 9597eee..1000769 100644
--- a/tests/pillar/control_nodvr.sls
+++ b/tests/pillar/control_nodvr.sls
@@ -1,5 +1,8 @@
neutron:
server:
+ api_workers: 2
+ rpc_workers: 2
+ rpc_state_report_workers: 2
backend:
engine: ml2
external_mtu: 1500
diff --git a/tests/pillar/control_ovn.sls b/tests/pillar/control_ovn.sls
index cd79174..a173679 100644
--- a/tests/pillar/control_ovn.sls
+++ b/tests/pillar/control_ovn.sls
@@ -2,6 +2,9 @@
server:
enabled: true
version: ocata
+ api_workers: 2
+ rpc_workers: 2
+ rpc_state_report_workers: 2
backend:
engine: ovn
external_mtu: 1500
@@ -46,6 +49,9 @@
port: 5672
user: openstack
virtual_host: /openstack
+ ovn_ctl_opts:
+ db-nb-create-insecure-remote: 'yes'
+ db-sb-create-insecure-remote: 'yes'
linux:
system:
diff --git a/tests/pillar/control_qos.sls b/tests/pillar/control_qos.sls
index e1a8f6f..ffc198f 100644
--- a/tests/pillar/control_qos.sls
+++ b/tests/pillar/control_qos.sls
@@ -1,5 +1,8 @@
neutron:
server:
+ api_workers: 2
+ rpc_workers: 2
+ rpc_state_report_workers: 2
backend:
engine: ml2
external_mtu: 1500
diff --git a/tests/pillar/control_single.sls b/tests/pillar/control_single.sls
index d59669b..8c7821e 100644
--- a/tests/pillar/control_single.sls
+++ b/tests/pillar/control_single.sls
@@ -1,5 +1,8 @@
neutron:
server:
+ api_workers: 2
+ rpc_workers: 2
+ rpc_state_report_workers: 2
enabled: true
backend:
external_mtu: 1500
diff --git a/tests/pillar/gateway_dvr.sls b/tests/pillar/gateway_dvr.sls
index 2c47529..fb3acd6 100644
--- a/tests/pillar/gateway_dvr.sls
+++ b/tests/pillar/gateway_dvr.sls
@@ -21,4 +21,5 @@
metadata:
host: 127.0.0.1
password: password
+ workers: 2
version: mitaka
\ No newline at end of file
diff --git a/tests/pillar/gateway_legacy.sls b/tests/pillar/gateway_legacy.sls
index d9b7ef8..66e99fa 100644
--- a/tests/pillar/gateway_legacy.sls
+++ b/tests/pillar/gateway_legacy.sls
@@ -21,4 +21,5 @@
metadata:
host: 127.0.0.1
password: password
+ workers: 2
version: mitaka
diff --git a/tests/pillar/gateway_legacy_fwaas_v1.sls b/tests/pillar/gateway_legacy_fwaas_v1.sls
index 34e921c..8b52f6d 100644
--- a/tests/pillar/gateway_legacy_fwaas_v1.sls
+++ b/tests/pillar/gateway_legacy_fwaas_v1.sls
@@ -21,6 +21,7 @@
metadata:
host: 127.0.0.1
password: password
+ workers: 2
version: ocata
fwaas:
enabled: true
diff --git a/tests/pillar/gateway_qos.sls b/tests/pillar/gateway_qos.sls
index f816c94..1f9756d 100644
--- a/tests/pillar/gateway_qos.sls
+++ b/tests/pillar/gateway_qos.sls
@@ -24,4 +24,5 @@
metadata:
host: 127.0.0.1
password: password
+ workers: 2
version: ocata
diff --git a/tests/run_tests.sh b/tests/run_tests.sh
index a4cac88..db89554 100755
--- a/tests/run_tests.sh
+++ b/tests/run_tests.sh
@@ -113,7 +113,7 @@
}
salt_run() {
- [ -e ${VEN_DIR}/bin/activate ] && source ${VENV_DIR}/bin/activate
+ [ -e ${VENV_DIR}/bin/activate ] && source ${VENV_DIR}/bin/activate
salt-call ${SALT_OPTS} $*
}