f065e99adf
This patch replces the remaining usage of absolute name in 'require', and makes all class inclusion depend on relative name. Change-Id: Ic4698d309e899303c7e2566187fb21a442fb930d
304 lines
9.8 KiB
Puppet
304 lines
9.8 KiB
Puppet
#
|
|
# Configure OVS to use OpenDaylight
|
|
#
|
|
# === Parameters
|
|
#
|
|
# [*tunnel_ip*]
|
|
# (required) The IP of the host to use for tunneling tenant VXLAN/GRE over
|
|
#
|
|
# [*odl_username*]
|
|
# (optional) The opendaylight controller username
|
|
#
|
|
# [*odl_password*]
|
|
# (optional) The opendaylight controller password
|
|
#
|
|
# [*odl_check_url*]
|
|
# (optional) The URL used to check ODL is available and ready
|
|
# Defaults to 'http://127.0.0.1:8080/restconf/operational/network-topology:network-topology/topology/netvirt:1'
|
|
#
|
|
# [*odl_ovsdb_iface*]
|
|
# (optional) The ODL southbound interface for OVSDB
|
|
# Defaults to 'tcp:127.0.0.1:6640'
|
|
#
|
|
# [*ovsdb_server_iface*]
|
|
# (optional) The interface for OVSDB local server to listen on
|
|
# Defaults to 'ptcp:6639:127.0.0.1'
|
|
#
|
|
# [*provider_mappings*]
|
|
# (optional) List of <physical_network>:<nic/bridge>
|
|
# Required for VLAN provider networks.
|
|
# Required for Flat provider networks when using new NetVirt
|
|
# Defaults to empty list
|
|
#
|
|
# [*retry_interval*]
|
|
# (optional) The time (in seconds) to wait between ODL availability checks
|
|
# Defaults to 60
|
|
#
|
|
# [*retry_count*]
|
|
# (optional) The number of ODL availability checks to run before failing
|
|
# Defaults to 20
|
|
#
|
|
# [*host_id*]
|
|
# (optional) The desired hostname for this node
|
|
# Defaults to FQDN hostname of the server
|
|
#
|
|
# [*allowed_network_types*]
|
|
# (optional) List of network_types to allocate as tenant networks.
|
|
# The value 'local' is only useful for single-box testing
|
|
# but provides no connectivity between hosts.
|
|
# Should be an array that can have these elements:
|
|
# local, flat, vlan, gre, vxlan
|
|
# Defaults to ['local', 'flat', 'vlan', 'gre', 'vxlan']
|
|
#
|
|
# [*enable_dpdk*]
|
|
# (optional) Enables vhostuser VIF host configuration for OVS DPDK.
|
|
# Defaults to false.
|
|
#
|
|
# [*vhostuser_socket_dir*]
|
|
# (optional) Specify the directory to use for vhostuser sockets.
|
|
# Defaults to "/var/run/openvswitch"
|
|
#
|
|
# [*vhostuser_mode*]
|
|
# (optional) Specify the mode for the VIF when creating vhostuser ports.
|
|
# Valid values are 'client' or 'server'. In client mode, openvswitch
|
|
# will be responsible for creating the vhostuser socket. In server mode,
|
|
# the hypervisor will create the vhostuser socket.
|
|
# Defaults to "server"
|
|
#
|
|
# [*enable_hw_offload*]
|
|
# (optional) Configure OVS to use
|
|
# Hardware Offload. This feature is
|
|
# supported from ovs 2.8.0.
|
|
# Defaults to False.
|
|
#
|
|
# [*enable_tls*]
|
|
# (optional) Configure OVS to use SSL/TLS
|
|
# Defaults to False.
|
|
#
|
|
# [*tls_key_file*]
|
|
# (optional) Private key file path to use for TLS configuration
|
|
# Defaults to False. Required if enabling TLS.
|
|
#
|
|
# [*tls_cert_file*]
|
|
# (optional) Certificate file path to use for TLS configuration
|
|
# Defaults to False. Required if enabling TLS.
|
|
#
|
|
# [*tls_ca_cert_file*]
|
|
# (optional) CA Certificate file path to use for TLS configuration
|
|
# Defaults to False.
|
|
#
|
|
# [*enable_ipv6*]
|
|
# (optional) If we should enable ipv6.
|
|
# Defaults to False.
|
|
#
|
|
class neutron::plugins::ovs::opendaylight (
|
|
$tunnel_ip,
|
|
$odl_username,
|
|
$odl_password,
|
|
$odl_check_url = 'http://127.0.0.1:8080/restconf/operational/network-topology:network-topology/topology/netvirt:1',
|
|
$odl_ovsdb_iface = 'tcp:127.0.0.1:6640',
|
|
$ovsdb_server_iface = 'ptcp:6639:127.0.0.1',
|
|
$provider_mappings = [],
|
|
$retry_interval = 60,
|
|
$retry_count = 20,
|
|
$host_id = $fqdn,
|
|
$allowed_network_types = ['local', 'flat', 'vlan', 'vxlan', 'gre'],
|
|
$enable_dpdk = false,
|
|
$vhostuser_socket_dir = '/var/run/openvswitch',
|
|
$vhostuser_mode = 'server',
|
|
$enable_hw_offload = false,
|
|
$enable_tls = false,
|
|
$tls_key_file = undef,
|
|
$tls_cert_file = undef,
|
|
$tls_ca_cert_file = undef,
|
|
$enable_ipv6 = false,
|
|
) {
|
|
|
|
include neutron::deps
|
|
|
|
# Handle the case where ODL controller is also on this host
|
|
Service<| title == 'opendaylight' |> -> Exec <| title == 'Wait for NetVirt OVSDB to come up' |>
|
|
|
|
if $enable_tls {
|
|
if empty($tls_key_file) or empty($tls_cert_file) {
|
|
fail('When enabling TLS, tls_key_file and tls_cert_file must be provided')
|
|
}
|
|
if ! empty($tls_ca_cert_file) {
|
|
vs_ssl { 'system':
|
|
ensure => present,
|
|
key_file => $tls_key_file,
|
|
cert_file => $tls_cert_file,
|
|
ca_file => $tls_ca_cert_file,
|
|
before => Exec['Set OVS Manager to OpenDaylight']
|
|
}
|
|
} else {
|
|
vs_ssl { 'system':
|
|
ensure => present,
|
|
key_file => $tls_key_file,
|
|
cert_file => $tls_cert_file,
|
|
bootstrap => true,
|
|
before => Exec['Set OVS Manager to OpenDaylight']
|
|
}
|
|
}
|
|
|
|
warning('TLS enabled, overriding all protocols')
|
|
$odl_ovsdb_iface_proto = 'ssl'
|
|
$ovsdb_server_iface_proto = 'pssl'
|
|
$odl_check_url_proto = 'https'
|
|
|
|
$cert_data = convert_cert_to_string($tls_cert_file)
|
|
$rest_data = @("END":json/L)
|
|
{\
|
|
"aaa-cert-rpc:input": {\
|
|
"aaa-cert-rpc:node-alias": "${::hostname}",\
|
|
"aaa-cert-rpc:node-cert": "${cert_data}"\
|
|
}\
|
|
}
|
|
|-END
|
|
|
|
$curl_post = "curl -k -X POST -o /dev/null --fail --silent -H 'Content-Type: application/json' -H 'Cache-Control: no-cache'"
|
|
$curl_get = "curl -k -X POST --fail --silent -H 'Content-Type: application/json' -H 'Cache-Control: no-cache'"
|
|
$rest_get_data = @("END":json/L)
|
|
{\
|
|
"aaa-cert-rpc:input": {\
|
|
"aaa-cert-rpc:node-alias": "${::hostname}"\
|
|
}\
|
|
}
|
|
|-END
|
|
|
|
$ovsdb_arr = split($odl_ovsdb_iface, ' ')
|
|
$odl_rest_port = regsubst($odl_check_url, '^.*:([0-9]+)/.*$', '\1')
|
|
$ovsdb_arr.each |$ovsdb_uri| {
|
|
|
|
$odl_ip = regsubst($ovsdb_uri, 'ssl:(.+):[0-9]+', '\1')
|
|
$odl_url_prefix = "https://${odl_ip}:${odl_rest_port}"
|
|
$cert_rest_url = "${odl_url_prefix}/restconf/operations/aaa-cert-rpc:setNodeCertifcate"
|
|
$cert_rest_get = "${odl_url_prefix}/restconf/operations/aaa-cert-rpc:getNodeCertifcate"
|
|
exec { "Add trusted cert: ${tls_cert_file} to ${odl_url_prefix}":
|
|
command => "${curl_post} -u ${odl_username}:${odl_password} -d '${rest_data}' ${cert_rest_url}",
|
|
tries => 5,
|
|
try_sleep => 30,
|
|
unless => "${curl_get} -u ${odl_username}:${odl_password} -d '${rest_get_data}' ${cert_rest_get} | grep -q ${cert_data}",
|
|
path => '/usr/sbin:/usr/bin:/sbin:/bin',
|
|
before => Exec['Set OVS Manager to OpenDaylight'],
|
|
require => Exec['Wait for NetVirt OVSDB to come up']
|
|
}
|
|
}
|
|
}
|
|
else {
|
|
$odl_ovsdb_iface_proto = 'tcp'
|
|
$ovsdb_server_iface_proto = 'ptcp'
|
|
$odl_check_url_proto = 'http'
|
|
}
|
|
|
|
if $enable_ipv6 {
|
|
$ovsdb_server_ip = '[::1]'
|
|
}
|
|
else {
|
|
$ovsdb_server_ip = '127.0.0.1'
|
|
}
|
|
|
|
$odl_ovsdb_iface_parsed = regsubst($odl_ovsdb_iface, 'tcp', $odl_ovsdb_iface_proto, 'G')
|
|
$ovsdb_server_iface_parsed = "${ovsdb_server_iface_proto}:6639:${ovsdb_server_ip}"
|
|
$odl_check_url_parsed = regsubst($odl_check_url, 'http', $odl_check_url_proto)
|
|
|
|
exec { 'Wait for NetVirt OVSDB to come up':
|
|
command => "curl -g -k -o /dev/null --fail --silent --head -u ${odl_username}:${odl_password} ${odl_check_url_parsed}",
|
|
tries => $retry_count,
|
|
try_sleep => $retry_interval,
|
|
path => '/usr/sbin:/usr/bin:/sbin:/bin',
|
|
}
|
|
# OVS manager
|
|
-> exec { 'Set OVS Manager to OpenDaylight':
|
|
command => "ovs-vsctl set-manager ${ovsdb_server_iface_parsed} ${odl_ovsdb_iface_parsed}",
|
|
unless => "ovs-vsctl show | grep 'Manager \"${ovsdb_server_iface_parsed} ${odl_ovsdb_iface_parsed}\"'",
|
|
path => '/usr/sbin:/usr/bin:/sbin:/bin',
|
|
}
|
|
|
|
# local ip
|
|
vs_config {'other_config:local_ip':
|
|
value => $tunnel_ip,
|
|
}
|
|
|
|
# set mappings for VLAN or Flat provider networks
|
|
if $provider_mappings and ! empty($provider_mappings) {
|
|
$pr_map_str = join(any2array($provider_mappings), ',')
|
|
vs_config {'other_config:provider_mappings':
|
|
value => $pr_map_str
|
|
}
|
|
}
|
|
|
|
# host config for pseudo agent binding type
|
|
vs_config {'external_ids:odl_os_hostconfig_hostid':
|
|
value => $host_id,
|
|
}
|
|
|
|
# Set hostname to FQDN instead of default 'localhost'
|
|
vs_config {'external_ids:hostname':
|
|
value => $host_id,
|
|
}
|
|
|
|
$json_network_types = convert_to_json_string($allowed_network_types)
|
|
$json_bridge_mappings = convert_to_json_string($provider_mappings)
|
|
|
|
if $enable_hw_offload and $enable_dpdk {
|
|
fail('Enabling hardware offload and DPDK is not allowed')
|
|
}
|
|
|
|
if $enable_dpdk {
|
|
$host_config = @("END":json/$L)
|
|
{\
|
|
"supported_vnic_types": [{\
|
|
"vnic_type": "normal",\
|
|
"vif_type": "vhostuser",\
|
|
"vif_details": {\
|
|
"uuid": "${::ovs_uuid}",\
|
|
"has_datapath_type_netdev": true,\
|
|
"port_prefix": "vhu",\
|
|
"vhostuser_socket_dir": "${vhostuser_socket_dir}",\
|
|
"vhostuser_ovs_plug": true,\
|
|
"vhostuser_mode": "${vhostuser_mode}",\
|
|
"vhostuser_socket": "${vhostuser_socket_dir}/vhu\$PORT_ID"\
|
|
}\
|
|
}],\
|
|
"allowed_network_types": ${json_network_types},\
|
|
"bridge_mappings": ${json_bridge_mappings}\
|
|
}
|
|
|-END
|
|
} elsif $enable_hw_offload {
|
|
require vswitch::ovs
|
|
$host_config = @("END":json/L)
|
|
{\
|
|
"supported_vnic_types": [{\
|
|
"vnic_type": "normal",\
|
|
"vif_type": "ovs",\
|
|
"vif_details": {}\
|
|
},{\
|
|
"vnic_type": "direct",\
|
|
"vif_type": "ovs",\
|
|
"vif_details": {}\
|
|
}],\
|
|
"allowed_network_types": ${json_network_types},\
|
|
"bridge_mappings": ${json_bridge_mappings}\
|
|
}
|
|
|-END
|
|
|
|
} else {
|
|
$host_config = @("END":json/L)
|
|
{\
|
|
"supported_vnic_types": [{\
|
|
"vnic_type": "normal",\
|
|
"vif_type": "ovs",\
|
|
"vif_details": {}\
|
|
}],\
|
|
"allowed_network_types": ${json_network_types},\
|
|
"bridge_mappings": ${json_bridge_mappings}\
|
|
}
|
|
|-END
|
|
}
|
|
|
|
vs_config {'external_ids:odl_os_hostconfig_config_odl_l2':
|
|
value => $host_config
|
|
}
|
|
}
|