# Copyright 2017 Red Hat, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # # == Class: tripleo::profile::pacemaker::neutron::plugins::ml2::ovn # # Neutron ML2 driver Pacemaker HA profile for tripleo # # === Parameters # # [*ovn_dbs_docker_image*] # (Optional) The docker image to use for creating the pacemaker bundle # Defaults to undef # # [*ovn_dbs_control_port*] # (Optional) The bundle's pacemaker_remote control port on the host # Defaults to 3125 # # [*bootstrap_node*] # (Optional) The hostname of the node responsible for bootstrapping tasks # Defaults to hiera('ovn_dbs_short_bootstrap_node_name') # # [*step*] # (Optional) The current step in deployment. See tripleo-heat-templates # for more details. # Defaults to hiera('step') # # [*pcs_tries*] # (Optional) The number of times pcs commands should be retried. # Defaults to hiera('pcs_tries', 20) # # [*ovn_dbs_vip*] # (Optional) The vip to be used for OVN DB servers. It is expected that # the vip resource to be created before calling this class. # Defaults to hiera('ovn_dbs_vip') # # [*nb_db_port*] # The TCP port in which the OVN Northbound DB listens to. # Defaults to 6641 # # [*sb_db_port*] # The TCP port in which the OVN Southbound DB listens to. # Defaults to 6642 # # [*meta_params*] # (optional) Additional meta parameters to pass to "pcs resource create" for the VIP # Defaults to '' # # [*op_params*] # (optional) Additional op parameters to pass to "pcs resource create" for the VIP # Defaults to '' # # [*container_backend*] # (optional) Container backend to use when creating the bundle # Defaults to 'docker' # # [*log_driver*] # (optional) Container log driver to use. When set to undef it uses 'k8s-file' # when container_cli is set to podman and 'journald' when it is set to docker. # Defaults to undef # # [*log_file*] # (optional) Container log file to use. Only relevant when log_driver is # set to 'k8s-file'. # Defaults to '/var/log/containers/stdouts/ovn-dbs-bundle.log' # # [*tls_priorities*] # (optional) Sets PCMK_tls_priorities in /etc/sysconfig/pacemaker when set # Defaults to hiera('tripleo::pacemaker::tls_priorities', undef) # # [*bundle_user*] # (optional) Set the --user= switch to be passed to pcmk # Defaults to undef # # [*enable_internal_tls*] # (Optional) Whether TLS in the internal network is enabled or not. # Defaults to hiera('enable_internal_tls', false) # # [*ca_file*] # (Optional) The path to the CA file that will be used for the TLS # configuration. It's only used if internal TLS is enabled. # Defaults to undef # # [*dbs_timeout*] # (Optional) timeout for monitor of ovn dbs resource # Defaults to 60 # # [*listen_on_master_ip_only*] # (Optional) t If set to yes, the OVNDBs will listen on master IP. Otherwise, # it will listen on 0.0.0.0. Set to yes when using pacemaker managed vip resource # as MASTER_IP; set to no when using external LB VIP. # Defaults to 'yes' # # [*force_ocf*] # (optional) Use --force when creating the ocf resource via pcs # Defaults to false # # [*force_nic*] # (optional) Force a specific nic interface name when creating all the VIPs # The listening nic can be customized on a per-VIP basis by creating a hiera # dict called: force_vip_nic_overrides[] = 'dummy' # Defaults to hiera('tripleo::pacemaker::force_nic', undef) # # [*monitor_interval_master*] # (Optional) monitor interval for ovn dbs resource # Defaults to 10 # # [*monitor_interval_slave*] # (Optional) monitor interval for ovn dbs resource # Defaults to 30 # # [*replication_probe_interval*] # (Optional) probe interval for ovsdb-server. It configure probe interval for connection for ovsdb-server when it is # in backup mode and connects to the active ovsdb-server for replication # Defaults to 60000 # class tripleo::profile::pacemaker::ovn_dbs_bundle ( $ovn_dbs_docker_image = undef, $ovn_dbs_control_port = 3125, $bootstrap_node = hiera('ovn_dbs_short_bootstrap_node_name'), $step = Integer(hiera('step')), $pcs_tries = hiera('pcs_tries', 20), $ovn_dbs_vip = hiera('ovn_dbs_vip'), $nb_db_port = 6641, $sb_db_port = 6642, $meta_params = '', $op_params = '', $container_backend = 'docker', $tls_priorities = hiera('tripleo::pacemaker::tls_priorities', undef), $bundle_user = undef, $log_driver = undef, $log_file = '/var/log/containers/stdouts/ovn-dbs-bundle.log', $enable_internal_tls = hiera('enable_internal_tls', false), $ca_file = undef, $dbs_timeout = 60, $listen_on_master_ip_only = 'yes', $force_ocf = false, $force_nic = hiera('tripleo::pacemaker::force_nic', undef), $monitor_interval_master = 10, $monitor_interval_slave = 30, $replication_probe_interval = 60000, ) { if $bootstrap_node and $::hostname == downcase($bootstrap_node) { $pacemaker_master = true } else { $pacemaker_master = false } if $log_driver == undef { if hiera('container_cli', 'docker') == 'podman' { $log_driver_real = 'k8s-file' } else { $log_driver_real = 'journald' } } else { $log_driver_real = $log_driver } if $log_driver_real == 'k8s-file' { $log_file_real = " --log-opt path=${log_file}" } else { $log_file_real = '' } $force_vip_nic_overrides = hiera('force_vip_nic_overrides', {}) validate_legacy(Hash, 'validate_hash', $force_vip_nic_overrides) if $step >= 3 { if $pacemaker_master { $ovndb_servers_resource_name = 'ovndb_servers' $ovndb_servers_ocf_name = 'ovn:ovndb-servers' $ovndb_vip_resource_name = "ip-${ovn_dbs_vip}" $storage_maps = { 'ovn-dbs-cfg-files' => { 'source-dir' => '/var/lib/kolla/config_files/ovn_dbs.json', 'target-dir' => '/var/lib/kolla/config_files/config.json', 'options' => 'ro', }, 'ovn-dbs-mod-files' => { 'source-dir' => '/lib/modules', 'target-dir' => '/lib/modules', 'options' => 'ro', }, 'ovn-dbs-run-files' => { 'source-dir' => '/var/lib/openvswitch/ovn', 'target-dir' => '/run/openvswitch', 'options' => 'rw', }, 'ovn-dbs-new-run-files' => { 'source-dir' => '/var/lib/openvswitch/ovn', 'target-dir' => '/run/ovn', 'options' => 'rw', }, 'ovn-dbs-log-files' => { 'source-dir' => '/var/log/containers/openvswitch', 'target-dir' => '/var/log/openvswitch', 'options' => 'rw', }, 'ovn-dbs-new-log-files' => { 'source-dir' => '/var/log/containers/openvswitch', 'target-dir' => '/var/log/ovn', 'options' => 'rw', }, 'ovn-dbs-db-path' => { 'source-dir' => '/var/lib/openvswitch/ovn', 'target-dir' => '/etc/openvswitch', 'options' => 'rw', }, 'ovn-dbs-new-db-path' => { 'source-dir' => '/var/lib/openvswitch/ovn', 'target-dir' => '/etc/ovn', 'options' => 'rw', }, } if (hiera('ovn_dbs_short_node_names_override', undef)) { $ovn_dbs_short_node_names = hiera('ovn_dbs_short_node_names_override') } else { $ovn_dbs_short_node_names = hiera('ovn_dbs_short_node_names') } $ovn_dbs_nodes_count = count($ovn_dbs_short_node_names) $ovn_dbs_short_node_names.each |String $node_name| { pacemaker::property { "ovn-dbs-role-${node_name}": property => 'ovn-dbs-role', value => true, tries => $pcs_tries, node => downcase($node_name), before => Pacemaker::Resource::Bundle['ovn-dbs-bundle'], } } $ovn_dbs_vip_norm = normalize_ip_for_uri($ovn_dbs_vip) $resource_params = "master_ip=${ovn_dbs_vip_norm} nb_master_port=${nb_db_port} \ sb_master_port=${sb_db_port} manage_northd=yes inactive_probe_interval=180000 \ listen_on_master_ip_only=${listen_on_master_ip_only} inactive_probe_interval_to_master=${replication_probe_interval}" $ovn_dbs_location_rule = { resource_discovery => 'exclusive', score => 0, expression => ['ovn-dbs-role eq true'], } if $tls_priorities != undef { $tls_priorities_real = " -e PCMK_tls_priorities=${tls_priorities}" } else { $tls_priorities_real = '' } if $enable_internal_tls { $ovn_storage_maps_tls = { 'ovn-dbs-pki-' => { 'source-dir' => '/etc/pki/tls/private/ovn_dbs.key', 'target-dir' => '/etc/pki/tls/private/ovn_dbs.key', 'options' => 'ro', }, 'ovn-dbs-cert' => { 'source-dir' => '/etc/pki/tls/certs/ovn_dbs.crt', 'target-dir' => '/etc/pki/tls/certs/ovn_dbs.crt', 'options' => 'ro', }, 'ovn-dbs-cacert' => { 'source-dir' => "${ca_file}", 'target-dir' => "${ca_file}", 'options' => 'ro', }, } $tls_params = " ovn_nb_db_privkey=/etc/pki/tls/private/ovn_dbs.key ovn_nb_db_cert=/etc/pki/tls/certs/ovn_dbs.crt \ ovn_nb_db_cacert=${ca_file} ovn_sb_db_privkey=/etc/pki/tls/private/ovn_dbs.key \ ovn_sb_db_cert=/etc/pki/tls/certs/ovn_dbs.crt ovn_sb_db_cacert=${ca_file} \ nb_master_protocol=ssl sb_master_protocol=ssl" } else { $tls_params = '' $ovn_storage_maps_tls = {} } if $bundle_user == undef { $bundle_user_real = '' } else { $bundle_user_real = "--user=${bundle_user} " } $resource_map = "${resource_params}${tls_params}" pacemaker::resource::bundle { 'ovn-dbs-bundle': image => $ovn_dbs_docker_image, replicas => $ovn_dbs_nodes_count, masters => 1, location_rule => $ovn_dbs_location_rule, container_options => 'network=host', # lint:ignore:140chars options => "${bundle_user_real}--log-driver=${log_driver_real}${log_file_real} -e KOLLA_CONFIG_STRATEGY=COPY_ALWAYS${tls_priorities_real}", # lint:endignore run_command => '/bin/bash /usr/local/bin/kolla_start', network => "control-port=${ovn_dbs_control_port}", storage_maps => merge($storage_maps, $ovn_storage_maps_tls), container_backend => $container_backend, tries => $pcs_tries, } pacemaker::resource::ocf { "${ovndb_servers_resource_name}": ocf_agent_name => "${ovndb_servers_ocf_name}", master_params => '', op_params => "start timeout=200s stop timeout=200s monitor interval=${monitor_interval_master}s role=Master timeout=${dbs_timeout}s \ monitor interval=${monitor_interval_slave}s role=Slave timeout=${dbs_timeout}s", resource_params => $resource_map, tries => $pcs_tries, location_rule => $ovn_dbs_location_rule, meta_params => 'notify=true container-attribute-target=host', bundle => 'ovn-dbs-bundle', force => $force_ocf, } if downcase($listen_on_master_ip_only) == 'yes' { if has_key($force_vip_nic_overrides, 'ovn_dbs_vip') { $ovn_dbs_vip_nic = $force_vip_nic_overrides['ovn_dbs_vip'] } else { $ovn_dbs_vip_nic = $force_nic } # We create a separate VIP by default now in OVN (since train) if is_ipv6_address($ovn_dbs_vip) { $netmask = '128' $vip_nic = interface_for_ip($ovn_dbs_vip) $ipv6_addrlabel = '99' } else { $netmask = '32' $vip_nic = '' $ipv6_addrlabel = '' } if $ovn_dbs_vip_nic != undef { $nic_real = $ovn_dbs_vip_nic } else { $nic_real = $vip_nic } pacemaker::resource::ip { "${ovndb_vip_resource_name}": ip_address => $ovn_dbs_vip, cidr_netmask => $netmask, nic => $nic_real, ipv6_addrlabel => $ipv6_addrlabel, location_rule => $ovn_dbs_location_rule, meta_params => "resource-stickiness=INFINITY ${meta_params}", op_params => $op_params, tries => $pcs_tries, } pacemaker::constraint::colocation { "${ovndb_vip_resource_name}-with-${ovndb_servers_resource_name}": source => "${ovndb_vip_resource_name}", target => 'ovn-dbs-bundle', master_slave => true, score => 'INFINITY', tries => $pcs_tries, } pacemaker::constraint::order { "${ovndb_vip_resource_name}-with-${ovndb_servers_resource_name}": first_resource => 'ovn-dbs-bundle', second_resource => "${ovndb_vip_resource_name}", first_action => 'promote', second_action => 'start', constraint_params => 'kind=Optional', tries => $pcs_tries, } } # Only run when enable_load_balancer is set to true Pcmk_bundle<| title == 'ovn-dbs-bundle' |> -> Pcmk_resource<| title == "${ovndb_servers_resource_name}" |> -> Pcmk_resource<| title == "${ovndb_vip_resource_name}" |> -> Pcmk_constraint<| title == "${ovndb_vip_resource_name}-with-${ovndb_servers_resource_name}" |> -> Pcmk_constraint<| title == "${ovndb_vip_resource_name}-with-${ovndb_servers_resource_name}" |> } } }