openstack
/
tripleo-heat-templates
Code Issues Proposed changes

flatten the ovn service configurations 

This change combines the previous puppet and docker files into a single
file that performs the docker service installation and configuration
for the ovn services.

Related-Blueprint: services-yaml-flattening
Change-Id: I6261863c15f594fed8207ff258f1d9c809a9a864
This commit is contained in:
Dan Prince 2019-02-25 09:20:54 -05:00
parent be90d93c3c
commit 30cfaccb49
17 changed files with 224 additions and 393 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ci/environments/multinode-containers.yaml
View File

@ -4,7 +4,7 @@ resource_registry:
# Some infra instances don't pass the ping test but are otherwise working.
# Since the OVB jobs also test this functionality we can shut it off here.
OS::TripleO::AllNodes::Validation: ../common/all-nodes-validation-disabled.yaml
OS::TripleO::Services::OVNDBs: ../../docker/services/ovn-dbs.yaml
OS::TripleO::Services::OVNDBs: ../../deployment/ovn/ovn-dbs-container-puppet.yaml
parameter_defaults:
ControllerServices:

101
docker/services/ovn-controller.yaml → deployment/ovn/ovn-controller-container-puppet.yaml
View File

@ -36,37 +36,108 @@ parameters:
default: {}
description: Parameters specific to the role
type: json
OVNSouthboundServerPort:
description: Port of the Southbound DB Server
type: number
default: 6642
OVNTunnelEncapType:
description: Tunnel encapsulation type
type: string
default: geneve
NeutronBridgeMappings:
description: >
The OVS logical->physical bridge mappings to use. See the Neutron
documentation for details. Defaults to mapping br-ex - the external
bridge on hosts - to a physical name 'datacentre' which can be used
to create provider networks (and we use this for the default floating
network) - if changing this either use different post-install network
scripts or be sure to keep 'datacentre' as a mapping network name.
type: comma_delimited_list
default: "datacentre:br-ex"
tags:
- role_specific
OVNIntegrationBridge:
description: >
Name of the OVS bridge to use as integration bridge by OVN Controller.
type: string
default: "br-int"
OVNMetadataEnabled:
description: Whether Metadata Service has to be enabled
type: boolean
default: true
OVNCMSOptions:
description: The CMS options to configure in ovs db
type: string
default: ""
tags:
- role_specific
OvsHwOffload:
default: false
description: |
Enable OVS Hardware Offload. This feature supported from OVS 2.8.0
type: boolean
tags:
- role_specific
conditions:
force_config_drive: {equals: [{get_param: OVNMetadataEnabled}, false]}
resources:
ContainersCommon:
type: ./containers-common.yaml
type: ../../docker/services/containers-common.yaml
OvnControllerBase:
type: ../../puppet/services/ovn-controller.yaml
# Merging role-specific parameters (RoleParameters) with the default parameters.
# RoleParameters will have the precedence over the default parameters.
RoleParametersValue:
type: OS::Heat::Value
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
type: json
value:
map_replace:
- map_replace:
- ovn::controller::ovn_bridge_mappings: NeutronBridgeMappings
ovn::controller::ovn_cms_options: OVNCMSOptions
ovn::controller::enable_hw_offload: OvsHwOffload
- values: {get_param: [RoleParameters]}
- values:
NeutronBridgeMappings: {get_param: NeutronBridgeMappings}
OVNCMSOptions: {get_param: OVNCMSOptions}
OvsHwOffload: {get_param: OvsHwOffload}
outputs:
role_data:
description: Role data for the Ovn Controller agent.
value:
service_name: {get_attr: [OvnControllerBase, role_data, service_name]}
service_name: ovn_controller
config_settings:
map_merge:
- get_attr: [OvnControllerBase, role_data, config_settings]
service_config_settings: {get_attr: [OvnControllerBase, role_data, service_config_settings]}
- get_attr: [RoleParametersValue, value]
- ovn::southbound::port: {get_param: OVNSouthboundServerPort}
ovn::controller::ovn_encap_type: {get_param: OVNTunnelEncapType}
ovn::controller::ovn_encap_ip:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, NeutronTenantNetwork]}
ovn::controller::ovn_bridge: {get_param: OVNIntegrationBridge}
nova::compute::force_config_drive: {if: [force_config_drive, true, false]}
tripleo::profile::base::neutron::agents::ovn::ovn_db_host: {get_param: [EndpointMap, OvnDbInternal, host_nobrackets]}
tripleo::ovn_controller::firewall_rules:
'118 neutron vxlan networks':
proto: 'udp'
dport: 4789
'119 neutron geneve networks':
proto: 'udp'
dport: 6081
service_config_settings: {}
# BEGIN DOCKER SETTINGS
puppet_config:
puppet_tags: vs_config,exec
config_volume: ovn_controller
step_config:
get_attr: [OvnControllerBase, role_data, step_config]
step_config: |
include ::tripleo::profile::base::neutron::agents::ovn
config_image: {get_param: DockerOvnControllerConfigImage}
# We need to mount /run for puppet_config step. This is because
# puppet-vswitch runs the commands "ovs-vsctl set open_vswitch . external_ids:..."
@ -114,7 +185,7 @@ outputs:
- yaql:
expression: str($.data.port)
data:
port: {get_attr: [OvnControllerBase, role_data, config_settings, 'ovn::southbound::port']}
port: {get_param: OVNSouthboundServerPort}
volumes:
- /var/lib/kolla/config_files/ovn_controller.json:/var/lib/kolla/config_files/config.json:ro
- /lib/modules:/lib/modules:ro

43
docker/services/ovn-dbs.yaml → deployment/ovn/ovn-dbs-container-puppet.yaml
View File

@ -39,30 +39,41 @@ parameters:
default: {}
description: Parameters specific to the role
type: json
OVNNorthboundServerPort:
description: Port of the OVN Northbound DB server
type: number
default: 6641
OVNSouthboundServerPort:
description: Port of the OVN Southbound DB server
type: number
default: 6642
resources:
ContainersCommon:
type: ./containers-common.yaml
OVNDbsBase:
type: ../../puppet/services/ovn-dbs.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
type: ../../docker/services/containers-common.yaml
outputs:
role_data:
description: Role data for the OVN Dbs role.
value:
service_name: {get_attr: [OVNDbsBase, role_data, service_name]}
service_name: ovn_dbs
config_settings:
map_merge:
- get_attr: [OVNDbsBase, role_data, config_settings]
ovn::northbound::port: {get_param: OVNNorthboundServerPort}
ovn::southbound::port: {get_param: OVNSouthboundServerPort}
ovn::northd::dbs_listen_ip:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, OvnDbsNetwork]}
tripleo::haproxy::ovn_dbs_manage_lb: true
tripleo::ovn_dbs::firewall_rules:
'121 OVN DB server ports':
proto: 'tcp'
dport:
- {get_param: OVNNorthboundServerPort}
- {get_param: OVNSouthboundServerPort}
# BEGIN DOCKER SETTINGS
# puppet_config is not required for this service since we configure
# the NB and SB DB servers to listen on the proper IP address/port
@ -71,8 +82,8 @@ outputs:
puppet_config:
config_volume: ''
config_image: ''
step_config:
get_attr: [OVNDbsBase, role_data, step_config]
step_config: |
include ::tripleo::profile::base::neutron::ovn_northd #unused
kolla_config:
/var/lib/kolla/config_files/ovn_north_db_server.json:
command:

9
docker/services/pacemaker/ovn-dbs.yaml → deployment/ovn/ovn-dbs-pacemaker-puppet.yaml
View File

@ -72,10 +72,10 @@ conditions:
resources:
ContainersCommon:
type: ./../containers-common.yaml
type: ../../docker/services/containers-common.yaml
OVNDbsBase:
type: ../../../puppet/services/pacemaker/ovn-dbs.yaml
type: ./ovn-dbs-container-puppet.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
@ -90,7 +90,7 @@ outputs:
role_data:
description: Role data for the OVN Dbs HA role.
value:
service_name: {get_attr: [OVNDbsBase, role_data, service_name]}
service_name: ovn_dbs
config_settings:
map_merge:
- get_attr: [OVNDbsBase, role_data, config_settings]
@ -104,7 +104,8 @@ outputs:
- tripleo::profile::pacemaker::ovn_dbs_bundle::nb_db_port: {get_param: OVNNorthboundServerPort}
- tripleo::profile::pacemaker::ovn_dbs_bundle::sb_db_port: {get_param: OVNSouthboundServerPort}
- tripleo::profile::pacemaker::ovn_dbs_bundle::container_backend: {get_param: ContainerCli}
service_config_settings: {get_attr: [OVNDbsBase, role_data, service_config_settings]}
- tripleo::haproxy::ovn_dbs_manage_lb: false
service_config_settings: {}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: 'ovn_dbs'

93
docker/services/ovn-metadata.yaml → deployment/ovn/ovn-metadata-container-puppet.yaml
View File

@ -59,19 +59,64 @@ parameters:
default: {}
description: Parameters specific to the role
type: json
NeutronMetadataProxySharedSecret:
description: Shared secret to prevent spoofing
type: string
hidden: true
NeutronWorkers:
default: ''
description: |
Sets the number of worker processes for the neutron metadata agent. The
default value results in the configuration being left unset and a
system-dependent default will be chosen (usually the number of
processors). Please note that this can result in a large number of
processes and memory consumption on systems with a large core count. On
such systems it is recommended that a non-default value be selected that
matches the load requirements.
type: string
NeutronPassword:
description: The password for the neutron service and db account, used by neutron agents.
type: string
hidden: true
OVNSouthboundServerPort:
description: Port of the OVN Southbound DB server
type: number
default: 6642
OVNDbConnectionTimeout:
description: Timeout in seconds for the OVSDB connection transaction
type: number
default: 180
MonitoringSubscriptionOvnMetadata:
default: 'overcloud-ovn-metadata'
type: string
Debug:
type: boolean
default: false
description: Set to True to enable debugging on all services.
OvnMetadataAgentDebug:
default: ''
description: Set to True to enable debugging for OVN Metadata agent.
type: string
constraints:
- allowed_values: [ '', 'true', 'True', 'TRUE', 'false', 'False', 'FALSE']
EnableInternalTLS:
type: boolean
default: false
conditions:
haproxy_wrapper_enabled: {equals: [{get_param: OVNEnableHaproxyDockerWrapper}, true]}
docker_enabled: {equals: [{get_param: ContainerCli}, 'docker']}
service_debug_unset: {equals : [{get_param: OVNWrapperDebug}, false]}
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
neutron_workers_unset: {equals : [{get_param: NeutronWorkers}, '']}
resources:
ContainersCommon:
type: ./containers-common.yaml
type: ../../docker/services/containers-common.yaml
OVNMetadataBase:
type: ../../puppet/services/ovn-metadata.yaml
NeutronBase:
type: ../../puppet/services/neutron-base.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
@ -89,10 +134,11 @@ outputs:
role_data:
description: Role data for OVNMetadata agent
value:
service_name: {get_attr: [OVNMetadataBase, role_data, service_name]}
service_name: ovn_metadata
monitoring_subscription: {get_param: MonitoringSubscriptionOvnMetadata}
config_settings:
map_merge:
- get_attr: [OVNMetadataBase, role_data, config_settings]
- get_attr: [NeutronBase, role_data, config_settings]
- get_attr: [NeutronLogging, config_settings]
- tripleo::profile::base::neutron::ovn_metadata_agent_wrappers::enable_haproxy_wrapper: {get_param: OVNEnableHaproxyDockerWrapper}
tripleo::profile::base::neutron::ovn_metadata_agent_wrappers::haproxy_process_wrapper: '/var/lib/neutron/ovn_metadata_haproxy_wrapper'
@ -103,11 +149,41 @@ outputs:
- {get_param: Debug }
- {get_param: OVNWrapperDebug}
tripleo::profile::base::neutron::container_cli: {get_param: ContainerCli}
neutron::agents::ovn_metadata::shared_secret: {get_param: NeutronMetadataProxySharedSecret}
neutron::agents::ovn_metadata::auth_password: {get_param: NeutronPassword}
neutron::agents::ovn_metadata::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
neutron::agents::ovn_metadata::auth_tenant: 'service'
neutron::agents::ovn_metadata::metadata_ip: "%{hiera('nova_metadata_vip')}"
neutron::agents::ovn_metadata::metadata_host:
str_replace:
template:
"%{hiera('cloud_name_$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, NovaMetadataNetwork]}
neutron::agents::ovn_metadata::ovsdb_connection_timeout: {get_param: OVNDbConnectionTimeout}
ovn::southbound::port: {get_param: OVNSouthboundServerPort}
tripleo::profile::base::neutron::ovn_metadata::ovn_db_host: {get_param: [EndpointMap, OvnDbInternal, host_nobrackets]}
neutron::agents::ovn_metadata::debug:
if:
- service_debug_unset
- {get_param: Debug}
- {get_param: OvnMetadataAgentDebug}
neutron::agents::ovn_metadata::metadata_protocol:
if:
- internal_tls_enabled
- 'https'
- 'http'
-
if:
- neutron_workers_unset
- {}
- neutron::agents::ovn_metadata::metadata_workers: {get_param: NeutronWorkers}
puppet_config:
puppet_tags: neutron_config,ovn_metadata_agent_config
config_volume: neutron
step_config:
get_attr: [OVNMetadataBase, role_data, step_config]
step_config: |
include tripleo::profile::base::neutron::ovn_metadata
config_image: {get_param: DockerNeutronConfigImage}
volumes:
- /lib/modules:/lib/modules:ro
@ -205,8 +281,7 @@ outputs:
- null
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
metadata_settings:
get_attr: [OVNMetadataBase, role_data, metadata_settings]
metadata_settings: {}
host_prep_tasks:
list_concat:
- {get_attr: [NeutronLogging, host_prep_tasks]}

2
environments/docker-ha.yaml
View File

@ -21,7 +21,7 @@ resource_registry:
OS::TripleO::Services::OsloMessagingRpc: ../deployment/rabbitmq/rabbitmq-messaging-rpc-pacemaker-puppet.yaml
OS::TripleO::Services::OsloMessagingNotify: ../deployment/rabbitmq/rabbitmq-messaging-notify-shared-puppet.yaml
OS::TripleO::Services::Redis: ../deployment/database/redis-pacemaker-puppet.yaml
OS::TripleO::Services::OVNDBs: ../docker/services/pacemaker/ovn-dbs.yaml
OS::TripleO::Services::OVNDBs: ../deployment/ovn/ovn-dbs-pacemaker-puppet.yaml
parameter_defaults:
ContainerCli: docker

6
environments/neutron-ml2-ovn-ha.yaml
View File

@ -2,9 +2,9 @@
# extensions, configured via docker
resource_registry:
OS::TripleO::Services::NeutronCorePlugin: OS::TripleO::Services::NeutronCorePluginML2OVN
OS::TripleO::Services::OVNController: ../docker/services/ovn-controller.yaml
OS::TripleO::Services::OVNDBs: ../docker/services/pacemaker/ovn-dbs.yaml
OS::TripleO::Services::OVNMetadataAgent: ../docker/services/ovn-metadata.yaml
OS::TripleO::Services::OVNController: ../deployment/ovn/ovn-controller-container-puppet.yaml
OS::TripleO::Services::OVNDBs: ../deployment/ovn/ovn-dbs-pacemaker-puppet.yaml
OS::TripleO::Services::OVNMetadataAgent: ../deployment/ovn/ovn-metadata-container-puppet.yaml
# Disabling Neutron services that overlap with OVN
OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None
OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None

6
environments/services-baremetal/neutron-ovn-ha.yaml
View File

@ -1,9 +1,9 @@
# A Heat environment that can be used to deploy OVN services with non HA OVN DB servers.
resource_registry:
OS::TripleO::Docker::NeutronMl2PluginBase: ../../puppet/services/neutron-plugin-ml2-ovn.yaml
OS::TripleO::Services::OVNController: ../../puppet/services/ovn-controller.yaml
OS::TripleO::Services::OVNDBs: ../../puppet/services/pacemaker/ovn-dbs.yaml
OS::TripleO::Services::OVNMetadataAgent: ../../puppet/services/ovn-metadata.yaml
OS::TripleO::Services::OVNController: ../../deployment/ovn/ovn-controller-container-puppet.yaml
OS::TripleO::Services::OVNDBs: ../../deployment/ovn/ovn-dbs-pacemaker-puppet.yaml
OS::TripleO::Services::OVNMetadataAgent: ../../deployment/ovn/ovn-metadata-container-puppet.yaml
# Disabling Neutron services that overlap with OVN
OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None
OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None

6
environments/services/neutron-ovn-dvr-ha.yaml
View File

@ -1,9 +1,9 @@
# A Heat environment that can be used to deploy OVN services with non HA OVN DB servers.
resource_registry:
OS::TripleO::Docker::NeutronMl2PluginBase: ../../puppet/services/neutron-plugin-ml2-ovn.yaml
OS::TripleO::Services::OVNController: ../../docker/services/ovn-controller.yaml
OS::TripleO::Services::OVNDBs: ../../docker/services/pacemaker/ovn-dbs.yaml
OS::TripleO::Services::OVNMetadataAgent: ../../docker/services/ovn-metadata.yaml
OS::TripleO::Services::OVNController: ../../deployment/ovn/ovn-controller-container-puppet.yaml
OS::TripleO::Services::OVNDBs: ../../deployment/ovn/ovn-dbs-pacemaker-puppet.yaml
OS::TripleO::Services::OVNMetadataAgent: ../../deployment/ovn/ovn-metadata-container-puppet.yaml
# Disabling Neutron services that overlap with OVN
OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None
OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None

6
environments/services/neutron-ovn-ha.yaml
View File

@ -1,9 +1,9 @@
# A Heat environment that can be used to deploy OVN services with non HA OVN DB servers.
resource_registry:
OS::TripleO::Docker::NeutronMl2PluginBase: ../../puppet/services/neutron-plugin-ml2-ovn.yaml
OS::TripleO::Services::OVNController: ../../docker/services/ovn-controller.yaml
OS::TripleO::Services::OVNDBs: ../../docker/services/pacemaker/ovn-dbs.yaml
OS::TripleO::Services::OVNMetadataAgent: ../../docker/services/ovn-metadata.yaml
OS::TripleO::Services::OVNController: ../../deployment/ovn/ovn-controller-container-puppet.yaml
OS::TripleO::Services::OVNDBs: ../../deployment/ovn/ovn-dbs-pacemaker-puppet.yaml
OS::TripleO::Services::OVNMetadataAgent: ../../deployment/ovn/ovn-metadata-container-puppet.yaml
# Disabling Neutron services that overlap with OVN
OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None
OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None

6
environments/services/neutron-ovn-standalone.yaml
View File

@ -1,9 +1,9 @@
# A Heat environment that can be used to deploy OVN services with non HA OVN DB servers.
resource_registry:
OS::TripleO::Docker::NeutronMl2PluginBase: ../../puppet/services/neutron-plugin-ml2-ovn.yaml
OS::TripleO::Services::OVNController: ../../docker/services/ovn-controller.yaml
OS::TripleO::Services::OVNDBs: ../../docker/services/ovn-dbs.yaml
OS::TripleO::Services::OVNMetadataAgent: ../../docker/services/ovn-metadata.yaml
OS::TripleO::Services::OVNController: ../../deployment/ovn/ovn-controller-container-puppet.yaml
OS::TripleO::Services::OVNDBs: ../../deployment/ovn/ovn-dbs-container-puppet.yaml
OS::TripleO::Services::OVNMetadataAgent: ../../deployment/ovn/ovn-metadata-container-puppet.yaml
# Disabling Neutron services that overlap with OVN
OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None
OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None

2
environments/standalone/standalone-tripleo.yaml
View File

@ -110,7 +110,7 @@ resource_registry:
OS::TripleO::Services::MistralEngine: OS::Heat::None
OS::TripleO::Services::MistralEventEngine: OS::Heat::None
OS::TripleO::Services::MistralExecutor: OS::Heat::None
OS::TripleO::Services::OVNDBs: ../../docker/services/ovn-dbs.yaml
OS::TripleO::Services::OVNDBs: ../../deployment/ovn/ovn-dbs-container-puppet.yaml
OS::TripleO::Services::OpenStackClients: ../../deployment/clients/openstack-clients-baremetal-puppet.yaml
OS::TripleO::Services::PankoApi: OS::Heat::None
OS::TripleO::Services::Podman: ../../deployment/podman/podman-baremetal-ansible.yaml

7
overcloud-resource-registry-puppet.j2.yaml
View File

@ -138,7 +138,7 @@ resource_registry:
OS::TripleO::Services::NeutronLbaasv2Agent: OS::Heat::None
OS::TripleO::Services::NeutronLbaasv2Api: OS::Heat::None
OS::TripleO::Services::NeutronMetadataAgent: OS::Heat::None
OS::TripleO::Services::OVNMetadataAgent: docker/services/ovn-metadata.yaml
OS::TripleO::Services::OVNMetadataAgent: deployment/ovn/ovn-metadata-container-puppet.yaml
# FIXME(shardy) the duplicate NeutronServer line can be removed when we've updated
# the multinode job ControllerServices after this patch merges
OS::TripleO::Services::NeutronServer: deployment/neutron/neutron-api-container-puppet.yaml
@ -153,10 +153,9 @@ resource_registry:
OS::TripleO::Services::NeutronCorePluginPlumgrid: puppet/services/neutron-plugin-plumgrid.yaml
OS::TripleO::Services::NeutronCorePluginNuage: puppet/services/neutron-plugin-nuage.yaml
OS::TripleO::Services::NeutronCorePluginML2Nuage: puppet/services/neutron-plugin-ml2-nuage.yaml
OS::TripleO::Services::NeutronCorePluginNSX: deployment/neutron/neutron-plugin-nsx-container-puppet.yaml
OS::TripleO::Services::OVNDBs: docker/services/ovn-dbs.yaml
OS::TripleO::Services::OVNController: docker/services/ovn-controller.yaml
OS::TripleO::Services::OVNDBs: deployment/ovn/ovn-dbs-container-puppet.yaml
OS::TripleO::Services::OVNController: deployment/ovn/ovn-controller-container-puppet.yaml
OS::TripleO::Services::NeutronCorePluginMLNXSDN: docker/services/neutron-plugin-ml2-mlnx-sdn-assist.yaml
OS::TripleO::Services::NeutronCorePluginMidonet: puppet/services/neutron-midonet.yaml

127
puppet/services/ovn-controller.yaml
View File

@ -1,127 +0,0 @@
heat_template_version: rocky
description: >
OpenStack OVN Controller agent
parameters:
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
OVNSouthboundServerPort:
description: Port of the Southbound DB Server
type: number
default: 6642
OVNTunnelEncapType:
description: Tunnel encapsulation type
type: string
default: geneve
NeutronBridgeMappings:
description: >
The OVS logical->physical bridge mappings to use. See the Neutron
documentation for details. Defaults to mapping br-ex - the external
bridge on hosts - to a physical name 'datacentre' which can be used
to create provider networks (and we use this for the default floating
network) - if changing this either use different post-install network
scripts or be sure to keep 'datacentre' as a mapping network name.
type: comma_delimited_list
default: "datacentre:br-ex"
tags:
- role_specific
OVNIntegrationBridge:
description: >
Name of the OVS bridge to use as integration bridge by OVN Controller.
type: string
default: "br-int"
OVNMetadataEnabled:
description: Whether Metadata Service has to be enabled
type: boolean
default: true
OVNCMSOptions:
description: The CMS options to configure in ovs db
type: string
default: ""
tags:
- role_specific
OvsHwOffload:
default: false
description: |
Enable OVS Hardware Offload. This feature supported from OVS 2.8.0
type: boolean
tags:
- role_specific
resources:
# Merging role-specific parameters (RoleParameters) with the default parameters.
# RoleParameters will have the precedence over the default parameters.
RoleParametersValue:
type: OS::Heat::Value
properties:
type: json
value:
map_replace:
- map_replace:
- ovn::controller::ovn_bridge_mappings: NeutronBridgeMappings
ovn::controller::ovn_cms_options: OVNCMSOptions
ovn::controller::enable_hw_offload: OvsHwOffload
- values: {get_param: [RoleParameters]}
- values:
NeutronBridgeMappings: {get_param: NeutronBridgeMappings}
OVNCMSOptions: {get_param: OVNCMSOptions}
OvsHwOffload: {get_param: OvsHwOffload}
conditions:
force_config_drive: {equals: [{get_param: OVNMetadataEnabled}, false]}
outputs:
role_data:
description: Role data for the OVN Controller agent
value:
service_name: ovn_controller
config_settings:
map_merge:
- get_attr: [RoleParametersValue, value]
- ovn::southbound::port: {get_param: OVNSouthboundServerPort}
ovn::controller::ovn_encap_type: {get_param: OVNTunnelEncapType}
ovn::controller::ovn_encap_ip:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, NeutronTenantNetwork]}
ovn::controller::ovn_bridge: {get_param: OVNIntegrationBridge}
nova::compute::force_config_drive: {if: [force_config_drive, true, false]}
tripleo::profile::base::neutron::agents::ovn::ovn_db_host: {get_param: [EndpointMap, OvnDbInternal, host_nobrackets]}
tripleo::ovn_controller::firewall_rules:
'118 neutron vxlan networks':
proto: 'udp'
dport: 4789
'119 neutron geneve networks':
proto: 'udp'
dport: 6081
step_config: |
include ::tripleo::profile::base::neutron::agents::ovn
upgrade_tasks: []

65
puppet/services/ovn-dbs.yaml
View File

@ -1,65 +0,0 @@
heat_template_version: rocky
description: >
OVN databases configured with puppet
parameters:
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
OVNNorthboundServerPort:
description: Port of the OVN Northbound DB server
type: number
default: 6641
OVNSouthboundServerPort:
description: Port of the OVN Southbound DB server
type: number
default: 6642
outputs:
role_data:
description: Role data for the OVN northd service
value:
service_name: ovn_dbs
config_settings:
ovn::northbound::port: {get_param: OVNNorthboundServerPort}
ovn::southbound::port: {get_param: OVNSouthboundServerPort}
ovn::northd::dbs_listen_ip:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, OvnDbsNetwork]}
tripleo::haproxy::ovn_dbs_manage_lb: true
tripleo::ovn_dbs::firewall_rules:
'121 OVN DB server ports':
proto: 'tcp'
dport:
- {get_param: OVNNorthboundServerPort}
- {get_param: OVNSouthboundServerPort}
step_config: |
include ::tripleo::profile::base::neutron::ovn_northd
upgrade_tasks: []

134
puppet/services/ovn-metadata.yaml
View File

@ -1,134 +0,0 @@
heat_template_version: rocky
description: >
OpenStack Networking-ovn Metadata agent configured with Puppet
parameters:
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
EnableInternalTLS:
type: boolean
default: false
NeutronMetadataProxySharedSecret:
description: Shared secret to prevent spoofing
type: string
hidden: true
NeutronWorkers:
default: ''
description: |
Sets the number of worker processes for the neutron metadata agent. The
default value results in the configuration being left unset and a
system-dependent default will be chosen (usually the number of
processors). Please note that this can result in a large number of
processes and memory consumption on systems with a large core count. On
such systems it is recommended that a non-default value be selected that
matches the load requirements.
type: string
NeutronPassword:
description: The password for the neutron service and db account, used by neutron agents.
type: string
hidden: true
OVNSouthboundServerPort:
description: Port of the OVN Southbound DB server
type: number
default: 6642
OVNDbConnectionTimeout:
description: Timeout in seconds for the OVSDB connection transaction
type: number
default: 180
MonitoringSubscriptionOvnMetadata:
default: 'overcloud-ovn-metadata'
type: string
Debug:
type: boolean
default: false
description: Set to True to enable debugging on all services.
OvnMetadataAgentDebug:
default: ''
description: Set to True to enable debugging for OVN Metadata agent.
type: string
constraints:
- allowed_values: [ '', 'true', 'True', 'TRUE', 'false', 'False', 'FALSE']
conditions:
neutron_workers_unset: {equals : [{get_param: NeutronWorkers}, '']}
service_debug_unset: {equals: [{get_param: OvnMetadataAgentDebug}, '']}
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
resources:
NeutronBase:
type: ./neutron-base.yaml
properties:
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the Networking-ovn Metadata agent service.
value:
service_name: ovn_metadata
monitoring_subscription: {get_param: MonitoringSubscriptionOvnMetadata}
config_settings:
map_merge:
- get_attr: [NeutronBase, role_data, config_settings]
- neutron::agents::ovn_metadata::shared_secret: {get_param: NeutronMetadataProxySharedSecret}
neutron::agents::ovn_metadata::auth_password: {get_param: NeutronPassword}
neutron::agents::ovn_metadata::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
neutron::agents::ovn_metadata::auth_tenant: 'service'
neutron::agents::ovn_metadata::metadata_ip: "%{hiera('nova_metadata_vip')}"
neutron::agents::ovn_metadata::metadata_host:
str_replace:
template:
"%{hiera('cloud_name_$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, NovaMetadataNetwork]}
neutron::agents::ovn_metadata::ovsdb_connection_timeout: {get_param: OVNDbConnectionTimeout}
ovn::southbound::port: {get_param: OVNSouthboundServerPort}
tripleo::profile::base::neutron::ovn_metadata::ovn_db_host: {get_param: [EndpointMap, OvnDbInternal, host_nobrackets]}
neutron::agents::ovn_metadata::debug:
if:
- service_debug_unset
- {get_param: Debug}
- {get_param: OvnMetadataAgentDebug}
neutron::agents::ovn_metadata::metadata_protocol:
if:
- internal_tls_enabled
- 'https'
- 'http'
-
if:
- neutron_workers_unset
- {}
- neutron::agents::ovn_metadata::metadata_workers: {get_param: NeutronWorkers}
step_config: |
include tripleo::profile::base::neutron::ovn_metadata
upgrade_tasks: []

2
sample-env-generator/standalone.yaml
View File

@ -63,7 +63,7 @@ environments:
OS::TripleO::NodeExtraConfigPost: ../../extraconfig/post_deploy/standalone_post.yaml
# OVN
OS::TripleO::Services::OVNDBs: ../../docker/services/ovn-dbs.yaml
OS::TripleO::Services::OVNDBs: ../../deployment/ovn/ovn-dbs-container-puppet.yaml
# Manage SELinux
OS::TripleO::Services::SELinux: ../../deployment/selinux/selinux-baremetal-puppet.yaml