flatten the ovn service configurations

This change combines the previous puppet and docker files into a single
file that performs the docker service installation and configuration
for the ovn services.

Related-Blueprint: services-yaml-flattening
Change-Id: I6261863c15f594fed8207ff258f1d9c809a9a864

ci/environments/multinode-containers.yaml

@@ -4,7 +4,7 @@ resource_registry:
   # Some infra instances don't pass the ping test but are otherwise working.
   # Since the OVB jobs also test this functionality we can shut it off here.
   OS::TripleO::AllNodes::Validation: ../common/all-nodes-validation-disabled.yaml
-  OS::TripleO::Services::OVNDBs: ../../docker/services/ovn-dbs.yaml
+  OS::TripleO::Services::OVNDBs: ../../deployment/ovn/ovn-dbs-container-puppet.yaml
 
 parameter_defaults:
   ControllerServices:

deployment/ovn/ovn-controller-container-puppet.yaml

@@ -36,37 +36,108 @@ parameters:
     default: {}
     description: Parameters specific to the role
     type: json
+  OVNSouthboundServerPort:
+    description: Port of the Southbound DB Server
+    type: number
+    default: 6642
+  OVNTunnelEncapType:
+    description: Tunnel encapsulation type
+    type: string
+    default: geneve
+  NeutronBridgeMappings:
+    description: >
+      The OVS logical->physical bridge mappings to use. See the Neutron
+      documentation for details. Defaults to mapping br-ex - the external
+      bridge on hosts - to a physical name 'datacentre' which can be used
+      to create provider networks (and we use this for the default floating
+      network) - if changing this either use different post-install network
+      scripts or be sure to keep 'datacentre' as a mapping network name.
+    type: comma_delimited_list
+    default: "datacentre:br-ex"
+    tags:
+      - role_specific
+  OVNIntegrationBridge:
+    description: >
+      Name of the OVS bridge to use as integration bridge by OVN Controller.
+    type: string
+    default: "br-int"
+  OVNMetadataEnabled:
+    description: Whether Metadata Service has to be enabled
+    type: boolean
+    default: true
+  OVNCMSOptions:
+    description: The CMS options to configure in ovs db
+    type: string
+    default: ""
+    tags:
+      - role_specific
+  OvsHwOffload:
+    default: false
+    description: |
+      Enable OVS Hardware Offload. This feature supported from OVS 2.8.0
+    type: boolean
+    tags:
+      - role_specific
+
+conditions:
+  force_config_drive:  {equals: [{get_param: OVNMetadataEnabled}, false]}
 
 resources:
 
   ContainersCommon:
-    type: ./containers-common.yaml
+    type: ../../docker/services/containers-common.yaml
 
-  OvnControllerBase:
+  # Merging role-specific parameters (RoleParameters) with the default parameters.
-    type: ../../puppet/services/ovn-controller.yaml
+  # RoleParameters will have the precedence over the default parameters.
+  RoleParametersValue:
+    type: OS::Heat::Value
     properties:
-      EndpointMap: {get_param: EndpointMap}
+      type: json
-      ServiceData: {get_param: ServiceData}
+      value:
-      ServiceNetMap: {get_param: ServiceNetMap}
+        map_replace:
-      DefaultPasswords: {get_param: DefaultPasswords}
+          - map_replace:
-      RoleName: {get_param: RoleName}
+            - ovn::controller::ovn_bridge_mappings: NeutronBridgeMappings
-      RoleParameters: {get_param: RoleParameters}
+              ovn::controller::ovn_cms_options: OVNCMSOptions
+              ovn::controller::enable_hw_offload: OvsHwOffload
+            - values: {get_param: [RoleParameters]}
+          - values:
+              NeutronBridgeMappings: {get_param: NeutronBridgeMappings}
+              OVNCMSOptions: {get_param: OVNCMSOptions}
+              OvsHwOffload: {get_param: OvsHwOffload}
 
 outputs:
   role_data:
     description: Role data for the Ovn Controller agent.
     value:
-      service_name: {get_attr: [OvnControllerBase, role_data, service_name]}
+      service_name: ovn_controller
       config_settings:
         map_merge:
-          - get_attr: [OvnControllerBase, role_data, config_settings]
+          - get_attr: [RoleParametersValue, value]
-      service_config_settings: {get_attr: [OvnControllerBase, role_data, service_config_settings]}
+          - ovn::southbound::port: {get_param: OVNSouthboundServerPort}
+            ovn::controller::ovn_encap_type: {get_param: OVNTunnelEncapType}
+            ovn::controller::ovn_encap_ip:
+              str_replace:
+                 template:
+                   "%{hiera('$NETWORK')}"
+                 params:
+                   $NETWORK: {get_param: [ServiceNetMap, NeutronTenantNetwork]}
+            ovn::controller::ovn_bridge: {get_param: OVNIntegrationBridge}
+            nova::compute::force_config_drive: {if: [force_config_drive, true, false]}
+            tripleo::profile::base::neutron::agents::ovn::ovn_db_host: {get_param: [EndpointMap, OvnDbInternal, host_nobrackets]}
+            tripleo::ovn_controller::firewall_rules:
+              '118 neutron vxlan networks':
+                    proto: 'udp'
+                    dport: 4789
+              '119 neutron geneve networks':
+                    proto: 'udp'
+                    dport: 6081
+      service_config_settings: {}
       # BEGIN DOCKER SETTINGS
       puppet_config:
         puppet_tags: vs_config,exec
         config_volume: ovn_controller
-        step_config:
+        step_config: |
-          get_attr: [OvnControllerBase, role_data, step_config]
+          include ::tripleo::profile::base::neutron::agents::ovn
         config_image: {get_param: DockerOvnControllerConfigImage}
         # We need to mount /run for puppet_config step. This is because
         # puppet-vswitch runs the commands "ovs-vsctl set open_vswitch . external_ids:..."
@@ -114,7 +185,7 @@ outputs:
                     - yaql:
                         expression: str($.data.port)
                         data:
-                          port: {get_attr: [OvnControllerBase, role_data, config_settings, 'ovn::southbound::port']}
+                          port: {get_param: OVNSouthboundServerPort}
             volumes:
               - /var/lib/kolla/config_files/ovn_controller.json:/var/lib/kolla/config_files/config.json:ro
               - /lib/modules:/lib/modules:ro

deployment/ovn/ovn-dbs-container-puppet.yaml

@@ -39,30 +39,41 @@ parameters:
     default: {}
     description: Parameters specific to the role
     type: json
+  OVNNorthboundServerPort:
+    description: Port of the OVN Northbound DB server
+    type: number
+    default: 6641
+  OVNSouthboundServerPort:
+    description: Port of the OVN Southbound DB server
+    type: number
+    default: 6642
 
 resources:
 
   ContainersCommon:
-    type: ./containers-common.yaml
+    type: ../../docker/services/containers-common.yaml
-
-  OVNDbsBase:
-    type: ../../puppet/services/ovn-dbs.yaml
-    properties:
-      EndpointMap: {get_param: EndpointMap}
-      ServiceData: {get_param: ServiceData}
-      ServiceNetMap: {get_param: ServiceNetMap}
-      DefaultPasswords: {get_param: DefaultPasswords}
-      RoleName: {get_param: RoleName}
-      RoleParameters: {get_param: RoleParameters}
 
 outputs:
   role_data:
     description: Role data for the OVN Dbs role.
     value:
-      service_name: {get_attr: [OVNDbsBase, role_data, service_name]}
+      service_name: ovn_dbs
       config_settings:
-        map_merge:
+          ovn::northbound::port: {get_param: OVNNorthboundServerPort}
-          - get_attr: [OVNDbsBase, role_data, config_settings]
+          ovn::southbound::port: {get_param: OVNSouthboundServerPort}
+          ovn::northd::dbs_listen_ip:
+            str_replace:
+               template:
+                 "%{hiera('$NETWORK')}"
+               params:
+                 $NETWORK: {get_param: [ServiceNetMap, OvnDbsNetwork]}
+          tripleo::haproxy::ovn_dbs_manage_lb: true
+          tripleo::ovn_dbs::firewall_rules:
+            '121 OVN DB server ports':
+              proto: 'tcp'
+              dport:
+                - {get_param: OVNNorthboundServerPort}
+                - {get_param: OVNSouthboundServerPort}
       # BEGIN DOCKER SETTINGS
       # puppet_config is not required for this service since we configure
       # the NB and SB DB servers to listen on the proper IP address/port
@@ -71,8 +82,8 @@ outputs:
       puppet_config:
         config_volume: ''
         config_image: ''
-        step_config:
+        step_config: |
-          get_attr: [OVNDbsBase, role_data, step_config]
+          include ::tripleo::profile::base::neutron::ovn_northd #unused
       kolla_config:
         /var/lib/kolla/config_files/ovn_north_db_server.json:
           command:

deployment/ovn/ovn-dbs-pacemaker-puppet.yaml

@@ -72,10 +72,10 @@ conditions:
 resources:
 
   ContainersCommon:
-    type: ./../containers-common.yaml
+    type: ../../docker/services/containers-common.yaml
 
   OVNDbsBase:
-    type: ../../../puppet/services/pacemaker/ovn-dbs.yaml
+    type: ./ovn-dbs-container-puppet.yaml
     properties:
       EndpointMap: {get_param: EndpointMap}
       ServiceData: {get_param: ServiceData}
@@ -90,7 +90,7 @@ outputs:
   role_data:
     description: Role data for the OVN Dbs HA role.
     value:
-      service_name: {get_attr: [OVNDbsBase, role_data, service_name]}
+      service_name: ovn_dbs
       config_settings:
         map_merge:
           - get_attr: [OVNDbsBase, role_data, config_settings]
@@ -104,7 +104,8 @@ outputs:
           - tripleo::profile::pacemaker::ovn_dbs_bundle::nb_db_port: {get_param: OVNNorthboundServerPort}
           - tripleo::profile::pacemaker::ovn_dbs_bundle::sb_db_port: {get_param: OVNSouthboundServerPort}
           - tripleo::profile::pacemaker::ovn_dbs_bundle::container_backend: {get_param: ContainerCli}
-      service_config_settings: {get_attr: [OVNDbsBase, role_data, service_config_settings]}
+          - tripleo::haproxy::ovn_dbs_manage_lb: false
+      service_config_settings: {}
       # BEGIN DOCKER SETTINGS
       puppet_config:
         config_volume: 'ovn_dbs'

deployment/ovn/ovn-metadata-container-puppet.yaml

@@ -59,19 +59,64 @@ parameters:
     default: {}
     description: Parameters specific to the role
     type: json
+  NeutronMetadataProxySharedSecret:
+    description: Shared secret to prevent spoofing
+    type: string
+    hidden: true
+  NeutronWorkers:
+    default: ''
+    description: |
+      Sets the number of worker processes for the neutron metadata agent. The
+      default value results in the configuration being left unset and a
+      system-dependent default will be chosen (usually the number of
+      processors). Please note that this can result in a large number of
+      processes and memory consumption on systems with a large core count. On
+      such systems it is recommended that a non-default value be selected that
+      matches the load requirements.
+    type: string
+  NeutronPassword:
+    description: The password for the neutron service and db account, used by neutron agents.
+    type: string
+    hidden: true
+  OVNSouthboundServerPort:
+    description: Port of the OVN Southbound DB server
+    type: number
+    default: 6642
+  OVNDbConnectionTimeout:
+    description: Timeout in seconds for the OVSDB connection transaction
+    type: number
+    default: 180
+  MonitoringSubscriptionOvnMetadata:
+    default: 'overcloud-ovn-metadata'
+    type: string
+  Debug:
+    type: boolean
+    default: false
+    description: Set to True to enable debugging on all services.
+  OvnMetadataAgentDebug:
+    default: ''
+    description: Set to True to enable debugging for OVN Metadata agent.
+    type: string
+    constraints:
+      - allowed_values: [ '', 'true', 'True', 'TRUE', 'false', 'False', 'FALSE']
+  EnableInternalTLS:
+    type: boolean
+    default: false
 
 conditions:
   haproxy_wrapper_enabled: {equals: [{get_param: OVNEnableHaproxyDockerWrapper}, true]}
   docker_enabled: {equals: [{get_param: ContainerCli}, 'docker']}
   service_debug_unset: {equals : [{get_param: OVNWrapperDebug}, false]}
+  internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
+  neutron_workers_unset: {equals : [{get_param: NeutronWorkers}, '']}
 
 resources:
 
   ContainersCommon:
-    type: ./containers-common.yaml
+    type: ../../docker/services/containers-common.yaml
 
-  OVNMetadataBase:
+  NeutronBase:
-    type: ../../puppet/services/ovn-metadata.yaml
+    type: ../../puppet/services/neutron-base.yaml
     properties:
       EndpointMap: {get_param: EndpointMap}
       ServiceData: {get_param: ServiceData}
@@ -89,10 +134,11 @@ outputs:
   role_data:
     description: Role data for OVNMetadata agent
     value:
-      service_name: {get_attr: [OVNMetadataBase, role_data, service_name]}
+      service_name: ovn_metadata
+      monitoring_subscription: {get_param: MonitoringSubscriptionOvnMetadata}
       config_settings:
         map_merge:
-          - get_attr: [OVNMetadataBase, role_data, config_settings]
+          - get_attr: [NeutronBase, role_data, config_settings]
           - get_attr: [NeutronLogging, config_settings]
           - tripleo::profile::base::neutron::ovn_metadata_agent_wrappers::enable_haproxy_wrapper: {get_param: OVNEnableHaproxyDockerWrapper}
             tripleo::profile::base::neutron::ovn_metadata_agent_wrappers::haproxy_process_wrapper: '/var/lib/neutron/ovn_metadata_haproxy_wrapper'
@@ -103,11 +149,41 @@ outputs:
                 - {get_param: Debug }
                 - {get_param: OVNWrapperDebug}
             tripleo::profile::base::neutron::container_cli: {get_param: ContainerCli}
+            neutron::agents::ovn_metadata::shared_secret: {get_param: NeutronMetadataProxySharedSecret}
+            neutron::agents::ovn_metadata::auth_password: {get_param: NeutronPassword}
+            neutron::agents::ovn_metadata::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
+            neutron::agents::ovn_metadata::auth_tenant: 'service'
+            neutron::agents::ovn_metadata::metadata_ip: "%{hiera('nova_metadata_vip')}"
+            neutron::agents::ovn_metadata::metadata_host:
+              str_replace:
+                template:
+                  "%{hiera('cloud_name_$NETWORK')}"
+                params:
+                  $NETWORK: {get_param: [ServiceNetMap, NovaMetadataNetwork]}
+            neutron::agents::ovn_metadata::ovsdb_connection_timeout: {get_param: OVNDbConnectionTimeout}
+            ovn::southbound::port: {get_param: OVNSouthboundServerPort}
+            tripleo::profile::base::neutron::ovn_metadata::ovn_db_host: {get_param: [EndpointMap, OvnDbInternal, host_nobrackets]}
+            neutron::agents::ovn_metadata::debug:
+                if:
+                - service_debug_unset
+                - {get_param: Debug}
+                - {get_param: OvnMetadataAgentDebug}
+            neutron::agents::ovn_metadata::metadata_protocol:
+              if:
+              - internal_tls_enabled
+              - 'https'
+              - 'http'
+          -
+            if:
+            - neutron_workers_unset
+            - {}
+            - neutron::agents::ovn_metadata::metadata_workers: {get_param: NeutronWorkers}
+
       puppet_config:
         puppet_tags: neutron_config,ovn_metadata_agent_config
         config_volume: neutron
-        step_config:
+        step_config: |
-          get_attr: [OVNMetadataBase, role_data, step_config]
+          include tripleo::profile::base::neutron::ovn_metadata
         config_image: {get_param: DockerNeutronConfigImage}
         volumes:
           - /lib/modules:/lib/modules:ro
@@ -205,8 +281,7 @@ outputs:
                     - null
             environment:
               - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
-      metadata_settings:
+      metadata_settings: {}
-        get_attr: [OVNMetadataBase, role_data, metadata_settings]
       host_prep_tasks:
         list_concat:
           - {get_attr: [NeutronLogging, host_prep_tasks]}

environments/docker-ha.yaml

@@ -21,7 +21,7 @@ resource_registry:
   OS::TripleO::Services::OsloMessagingRpc: ../deployment/rabbitmq/rabbitmq-messaging-rpc-pacemaker-puppet.yaml
   OS::TripleO::Services::OsloMessagingNotify: ../deployment/rabbitmq/rabbitmq-messaging-notify-shared-puppet.yaml
   OS::TripleO::Services::Redis: ../deployment/database/redis-pacemaker-puppet.yaml
-  OS::TripleO::Services::OVNDBs: ../docker/services/pacemaker/ovn-dbs.yaml
+  OS::TripleO::Services::OVNDBs: ../deployment/ovn/ovn-dbs-pacemaker-puppet.yaml
 
 parameter_defaults:
   ContainerCli: docker

environments/neutron-ml2-ovn-ha.yaml

@@ -2,9 +2,9 @@
 # extensions, configured via docker
 resource_registry:
   OS::TripleO::Services::NeutronCorePlugin: OS::TripleO::Services::NeutronCorePluginML2OVN
-  OS::TripleO::Services::OVNController: ../docker/services/ovn-controller.yaml
+  OS::TripleO::Services::OVNController: ../deployment/ovn/ovn-controller-container-puppet.yaml
-  OS::TripleO::Services::OVNDBs: ../docker/services/pacemaker/ovn-dbs.yaml
+  OS::TripleO::Services::OVNDBs: ../deployment/ovn/ovn-dbs-pacemaker-puppet.yaml
-  OS::TripleO::Services::OVNMetadataAgent: ../docker/services/ovn-metadata.yaml
+  OS::TripleO::Services::OVNMetadataAgent: ../deployment/ovn/ovn-metadata-container-puppet.yaml
 # Disabling Neutron services that overlap with OVN
   OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None
   OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None

environments/services-baremetal/neutron-ovn-ha.yaml

@@ -1,9 +1,9 @@
 # A Heat environment that can be used to deploy OVN services with non HA OVN DB servers.
 resource_registry:
   OS::TripleO::Docker::NeutronMl2PluginBase: ../../puppet/services/neutron-plugin-ml2-ovn.yaml
-  OS::TripleO::Services::OVNController: ../../puppet/services/ovn-controller.yaml
+  OS::TripleO::Services::OVNController: ../../deployment/ovn/ovn-controller-container-puppet.yaml
-  OS::TripleO::Services::OVNDBs: ../../puppet/services/pacemaker/ovn-dbs.yaml
+  OS::TripleO::Services::OVNDBs: ../../deployment/ovn/ovn-dbs-pacemaker-puppet.yaml
-  OS::TripleO::Services::OVNMetadataAgent: ../../puppet/services/ovn-metadata.yaml
+  OS::TripleO::Services::OVNMetadataAgent: ../../deployment/ovn/ovn-metadata-container-puppet.yaml
 # Disabling Neutron services that overlap with OVN
   OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None
   OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None

environments/services/neutron-ovn-dvr-ha.yaml

@@ -1,9 +1,9 @@
 # A Heat environment that can be used to deploy OVN services with non HA OVN DB servers.
 resource_registry:
   OS::TripleO::Docker::NeutronMl2PluginBase: ../../puppet/services/neutron-plugin-ml2-ovn.yaml
-  OS::TripleO::Services::OVNController: ../../docker/services/ovn-controller.yaml
+  OS::TripleO::Services::OVNController: ../../deployment/ovn/ovn-controller-container-puppet.yaml
-  OS::TripleO::Services::OVNDBs: ../../docker/services/pacemaker/ovn-dbs.yaml
+  OS::TripleO::Services::OVNDBs: ../../deployment/ovn/ovn-dbs-pacemaker-puppet.yaml
-  OS::TripleO::Services::OVNMetadataAgent: ../../docker/services/ovn-metadata.yaml
+  OS::TripleO::Services::OVNMetadataAgent: ../../deployment/ovn/ovn-metadata-container-puppet.yaml
 # Disabling Neutron services that overlap with OVN
   OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None
   OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None

environments/services/neutron-ovn-ha.yaml

@@ -1,9 +1,9 @@
 # A Heat environment that can be used to deploy OVN services with non HA OVN DB servers.
 resource_registry:
   OS::TripleO::Docker::NeutronMl2PluginBase: ../../puppet/services/neutron-plugin-ml2-ovn.yaml
-  OS::TripleO::Services::OVNController: ../../docker/services/ovn-controller.yaml
+  OS::TripleO::Services::OVNController: ../../deployment/ovn/ovn-controller-container-puppet.yaml
-  OS::TripleO::Services::OVNDBs: ../../docker/services/pacemaker/ovn-dbs.yaml
+  OS::TripleO::Services::OVNDBs: ../../deployment/ovn/ovn-dbs-pacemaker-puppet.yaml
-  OS::TripleO::Services::OVNMetadataAgent: ../../docker/services/ovn-metadata.yaml
+  OS::TripleO::Services::OVNMetadataAgent: ../../deployment/ovn/ovn-metadata-container-puppet.yaml
 # Disabling Neutron services that overlap with OVN
   OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None
   OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None

environments/services/neutron-ovn-standalone.yaml

@@ -1,9 +1,9 @@
 # A Heat environment that can be used to deploy OVN services with non HA OVN DB servers.
 resource_registry:
   OS::TripleO::Docker::NeutronMl2PluginBase: ../../puppet/services/neutron-plugin-ml2-ovn.yaml
-  OS::TripleO::Services::OVNController: ../../docker/services/ovn-controller.yaml
+  OS::TripleO::Services::OVNController: ../../deployment/ovn/ovn-controller-container-puppet.yaml
-  OS::TripleO::Services::OVNDBs: ../../docker/services/ovn-dbs.yaml
+  OS::TripleO::Services::OVNDBs: ../../deployment/ovn/ovn-dbs-container-puppet.yaml
-  OS::TripleO::Services::OVNMetadataAgent: ../../docker/services/ovn-metadata.yaml
+  OS::TripleO::Services::OVNMetadataAgent: ../../deployment/ovn/ovn-metadata-container-puppet.yaml
 # Disabling Neutron services that overlap with OVN
   OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None
   OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None

environments/standalone/standalone-tripleo.yaml

@@ -110,7 +110,7 @@ resource_registry:
   OS::TripleO::Services::MistralEngine: OS::Heat::None
   OS::TripleO::Services::MistralEventEngine: OS::Heat::None
   OS::TripleO::Services::MistralExecutor: OS::Heat::None
-  OS::TripleO::Services::OVNDBs: ../../docker/services/ovn-dbs.yaml
+  OS::TripleO::Services::OVNDBs: ../../deployment/ovn/ovn-dbs-container-puppet.yaml
   OS::TripleO::Services::OpenStackClients: ../../deployment/clients/openstack-clients-baremetal-puppet.yaml
   OS::TripleO::Services::PankoApi: OS::Heat::None
   OS::TripleO::Services::Podman: ../../deployment/podman/podman-baremetal-ansible.yaml

overcloud-resource-registry-puppet.j2.yaml

@@ -138,7 +138,7 @@ resource_registry:
   OS::TripleO::Services::NeutronLbaasv2Agent: OS::Heat::None
   OS::TripleO::Services::NeutronLbaasv2Api: OS::Heat::None
   OS::TripleO::Services::NeutronMetadataAgent: OS::Heat::None
-  OS::TripleO::Services::OVNMetadataAgent: docker/services/ovn-metadata.yaml
+  OS::TripleO::Services::OVNMetadataAgent: deployment/ovn/ovn-metadata-container-puppet.yaml
   # FIXME(shardy) the duplicate NeutronServer line can be removed when we've updated
   # the multinode job ControllerServices after this patch merges
   OS::TripleO::Services::NeutronServer: deployment/neutron/neutron-api-container-puppet.yaml
@@ -153,10 +153,9 @@ resource_registry:
   OS::TripleO::Services::NeutronCorePluginPlumgrid: puppet/services/neutron-plugin-plumgrid.yaml
   OS::TripleO::Services::NeutronCorePluginNuage: puppet/services/neutron-plugin-nuage.yaml
   OS::TripleO::Services::NeutronCorePluginML2Nuage: puppet/services/neutron-plugin-ml2-nuage.yaml
-
   OS::TripleO::Services::NeutronCorePluginNSX: deployment/neutron/neutron-plugin-nsx-container-puppet.yaml
-  OS::TripleO::Services::OVNDBs: docker/services/ovn-dbs.yaml
+  OS::TripleO::Services::OVNDBs: deployment/ovn/ovn-dbs-container-puppet.yaml
-  OS::TripleO::Services::OVNController: docker/services/ovn-controller.yaml
+  OS::TripleO::Services::OVNController: deployment/ovn/ovn-controller-container-puppet.yaml
 
   OS::TripleO::Services::NeutronCorePluginMLNXSDN: docker/services/neutron-plugin-ml2-mlnx-sdn-assist.yaml
   OS::TripleO::Services::NeutronCorePluginMidonet: puppet/services/neutron-midonet.yaml

puppet/services/ovn-controller.yaml

@@ -1,127 +0,0 @@
-heat_template_version: rocky
-
-description: >
-  OpenStack OVN Controller agent
-
-parameters:
-  EndpointMap:
-    default: {}
-    description: Mapping of service endpoint -> protocol. Typically set
-                 via parameter_defaults in the resource registry.
-    type: json
-  DefaultPasswords:
-    default: {}
-    type: json
-  RoleName:
-    default: ''
-    description: Role name on which the service is applied
-    type: string
-  RoleParameters:
-    default: {}
-    description: Parameters specific to the role
-    type: json
-  ServiceData:
-    default: {}
-    description: Dictionary packing service data
-    type: json
-  ServiceNetMap:
-    default: {}
-    description: Mapping of service_name -> network name. Typically set
-                 via parameter_defaults in the resource registry.  This
-                 mapping overrides those in ServiceNetMapDefaults.
-    type: json
-  OVNSouthboundServerPort:
-    description: Port of the Southbound DB Server
-    type: number
-    default: 6642
-  OVNTunnelEncapType:
-    description: Tunnel encapsulation type
-    type: string
-    default: geneve
-  NeutronBridgeMappings:
-    description: >
-      The OVS logical->physical bridge mappings to use. See the Neutron
-      documentation for details. Defaults to mapping br-ex - the external
-      bridge on hosts - to a physical name 'datacentre' which can be used
-      to create provider networks (and we use this for the default floating
-      network) - if changing this either use different post-install network
-      scripts or be sure to keep 'datacentre' as a mapping network name.
-    type: comma_delimited_list
-    default: "datacentre:br-ex"
-    tags:
-      - role_specific
-  OVNIntegrationBridge:
-    description: >
-      Name of the OVS bridge to use as integration bridge by OVN Controller.
-    type: string
-    default: "br-int"
-  OVNMetadataEnabled:
-    description: Whether Metadata Service has to be enabled
-    type: boolean
-    default: true
-  OVNCMSOptions:
-    description: The CMS options to configure in ovs db
-    type: string
-    default: ""
-    tags:
-      - role_specific
-  OvsHwOffload:
-    default: false
-    description: |
-      Enable OVS Hardware Offload. This feature supported from OVS 2.8.0
-    type: boolean
-    tags:
-      - role_specific
-
-
-resources:
-  # Merging role-specific parameters (RoleParameters) with the default parameters.
-  # RoleParameters will have the precedence over the default parameters.
-  RoleParametersValue:
-    type: OS::Heat::Value
-    properties:
-      type: json
-      value:
-        map_replace:
-          - map_replace:
-            - ovn::controller::ovn_bridge_mappings: NeutronBridgeMappings
-              ovn::controller::ovn_cms_options: OVNCMSOptions
-              ovn::controller::enable_hw_offload: OvsHwOffload
-            - values: {get_param: [RoleParameters]}
-          - values:
-              NeutronBridgeMappings: {get_param: NeutronBridgeMappings}
-              OVNCMSOptions: {get_param: OVNCMSOptions}
-              OvsHwOffload: {get_param: OvsHwOffload}
-
-conditions:
-    force_config_drive:  {equals: [{get_param: OVNMetadataEnabled}, false]}
-
-outputs:
-  role_data:
-    description: Role data for the OVN Controller agent
-    value:
-      service_name: ovn_controller
-      config_settings:
-        map_merge:
-          - get_attr: [RoleParametersValue, value]
-          - ovn::southbound::port: {get_param: OVNSouthboundServerPort}
-            ovn::controller::ovn_encap_type: {get_param: OVNTunnelEncapType}
-            ovn::controller::ovn_encap_ip:
-              str_replace:
-                 template:
-                   "%{hiera('$NETWORK')}"
-                 params:
-                   $NETWORK: {get_param: [ServiceNetMap, NeutronTenantNetwork]}
-            ovn::controller::ovn_bridge: {get_param: OVNIntegrationBridge}
-            nova::compute::force_config_drive: {if: [force_config_drive, true, false]}
-            tripleo::profile::base::neutron::agents::ovn::ovn_db_host: {get_param: [EndpointMap, OvnDbInternal, host_nobrackets]}
-            tripleo::ovn_controller::firewall_rules:
-              '118 neutron vxlan networks':
-                    proto: 'udp'
-                    dport: 4789
-              '119 neutron geneve networks':
-                    proto: 'udp'
-                    dport: 6081
-      step_config: |
-        include ::tripleo::profile::base::neutron::agents::ovn
-      upgrade_tasks: []

puppet/services/ovn-dbs.yaml

@@ -1,65 +0,0 @@
-heat_template_version: rocky
-
-description: >
-  OVN databases configured with puppet
-
-parameters:
-  ServiceData:
-    default: {}
-    description: Dictionary packing service data
-    type: json
-  ServiceNetMap:
-    default: {}
-    description: Mapping of service_name -> network name. Typically set
-                 via parameter_defaults in the resource registry.  This
-                 mapping overrides those in ServiceNetMapDefaults.
-    type: json
-  DefaultPasswords:
-    default: {}
-    type: json
-  RoleName:
-    default: ''
-    description: Role name on which the service is applied
-    type: string
-  RoleParameters:
-    default: {}
-    description: Parameters specific to the role
-    type: json
-  EndpointMap:
-    default: {}
-    description: Mapping of service endpoint -> protocol. Typically set
-                 via parameter_defaults in the resource registry.
-    type: json
-  OVNNorthboundServerPort:
-    description: Port of the OVN Northbound DB server
-    type: number
-    default: 6641
-  OVNSouthboundServerPort:
-    description: Port of the OVN Southbound DB server
-    type: number
-    default: 6642
-
-outputs:
-  role_data:
-    description: Role data for the OVN northd service
-    value:
-      service_name: ovn_dbs
-      config_settings:
-          ovn::northbound::port: {get_param: OVNNorthboundServerPort}
-          ovn::southbound::port: {get_param: OVNSouthboundServerPort}
-          ovn::northd::dbs_listen_ip:
-            str_replace:
-               template:
-                 "%{hiera('$NETWORK')}"
-               params:
-                 $NETWORK: {get_param: [ServiceNetMap, OvnDbsNetwork]}
-          tripleo::haproxy::ovn_dbs_manage_lb: true
-          tripleo::ovn_dbs::firewall_rules:
-            '121 OVN DB server ports':
-              proto: 'tcp'
-              dport:
-                - {get_param: OVNNorthboundServerPort}
-                - {get_param: OVNSouthboundServerPort}
-      step_config: |
-        include ::tripleo::profile::base::neutron::ovn_northd
-      upgrade_tasks: []

puppet/services/ovn-metadata.yaml

@@ -1,134 +0,0 @@
-heat_template_version: rocky
-
-description: >
-  OpenStack Networking-ovn Metadata agent configured with Puppet
-
-parameters:
-  ServiceData:
-    default: {}
-    description: Dictionary packing service data
-    type: json
-  ServiceNetMap:
-    default: {}
-    description: Mapping of service_name -> network name. Typically set
-                 via parameter_defaults in the resource registry.  This
-                 mapping overrides those in ServiceNetMapDefaults.
-    type: json
-  DefaultPasswords:
-    default: {}
-    type: json
-  RoleName:
-    default: ''
-    description: Role name on which the service is applied
-    type: string
-  RoleParameters:
-    default: {}
-    description: Parameters specific to the role
-    type: json
-  EndpointMap:
-    default: {}
-    description: Mapping of service endpoint -> protocol. Typically set
-                 via parameter_defaults in the resource registry.
-    type: json
-  EnableInternalTLS:
-    type: boolean
-    default: false
-  NeutronMetadataProxySharedSecret:
-    description: Shared secret to prevent spoofing
-    type: string
-    hidden: true
-  NeutronWorkers:
-    default: ''
-    description: |
-      Sets the number of worker processes for the neutron metadata agent. The
-      default value results in the configuration being left unset and a
-      system-dependent default will be chosen (usually the number of
-      processors). Please note that this can result in a large number of
-      processes and memory consumption on systems with a large core count. On
-      such systems it is recommended that a non-default value be selected that
-      matches the load requirements.
-    type: string
-  NeutronPassword:
-    description: The password for the neutron service and db account, used by neutron agents.
-    type: string
-    hidden: true
-  OVNSouthboundServerPort:
-    description: Port of the OVN Southbound DB server
-    type: number
-    default: 6642
-  OVNDbConnectionTimeout:
-    description: Timeout in seconds for the OVSDB connection transaction
-    type: number
-    default: 180
-  MonitoringSubscriptionOvnMetadata:
-    default: 'overcloud-ovn-metadata'
-    type: string
-  Debug:
-    type: boolean
-    default: false
-    description: Set to True to enable debugging on all services.
-  OvnMetadataAgentDebug:
-    default: ''
-    description: Set to True to enable debugging for OVN Metadata agent.
-    type: string
-    constraints:
-      - allowed_values: [ '', 'true', 'True', 'TRUE', 'false', 'False', 'FALSE']
-
-conditions:
-  neutron_workers_unset: {equals : [{get_param: NeutronWorkers}, '']}
-  service_debug_unset: {equals: [{get_param: OvnMetadataAgentDebug}, '']}
-  internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
-
-resources:
-
-  NeutronBase:
-    type: ./neutron-base.yaml
-    properties:
-      ServiceData: {get_param: ServiceData}
-      ServiceNetMap: {get_param: ServiceNetMap}
-      DefaultPasswords: {get_param: DefaultPasswords}
-      EndpointMap: {get_param: EndpointMap}
-      RoleName: {get_param: RoleName}
-      RoleParameters: {get_param: RoleParameters}
-
-outputs:
-  role_data:
-    description: Role data for the Networking-ovn Metadata agent service.
-    value:
-      service_name: ovn_metadata
-      monitoring_subscription: {get_param: MonitoringSubscriptionOvnMetadata}
-      config_settings:
-        map_merge:
-          - get_attr: [NeutronBase, role_data, config_settings]
-          - neutron::agents::ovn_metadata::shared_secret: {get_param: NeutronMetadataProxySharedSecret}
-            neutron::agents::ovn_metadata::auth_password: {get_param: NeutronPassword}
-            neutron::agents::ovn_metadata::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
-            neutron::agents::ovn_metadata::auth_tenant: 'service'
-            neutron::agents::ovn_metadata::metadata_ip: "%{hiera('nova_metadata_vip')}"
-            neutron::agents::ovn_metadata::metadata_host:
-              str_replace:
-                template:
-                  "%{hiera('cloud_name_$NETWORK')}"
-                params:
-                  $NETWORK: {get_param: [ServiceNetMap, NovaMetadataNetwork]}
-            neutron::agents::ovn_metadata::ovsdb_connection_timeout: {get_param: OVNDbConnectionTimeout}
-            ovn::southbound::port: {get_param: OVNSouthboundServerPort}
-            tripleo::profile::base::neutron::ovn_metadata::ovn_db_host: {get_param: [EndpointMap, OvnDbInternal, host_nobrackets]}
-            neutron::agents::ovn_metadata::debug:
-                if:
-                - service_debug_unset
-                - {get_param: Debug}
-                - {get_param: OvnMetadataAgentDebug}
-            neutron::agents::ovn_metadata::metadata_protocol:
-              if:
-              - internal_tls_enabled
-              - 'https'
-              - 'http'
-          -
-            if:
-            - neutron_workers_unset
-            - {}
-            - neutron::agents::ovn_metadata::metadata_workers: {get_param: NeutronWorkers}
-      step_config: |
-        include tripleo::profile::base::neutron::ovn_metadata
-      upgrade_tasks: []

sample-env-generator/standalone.yaml

@@ -63,7 +63,7 @@ environments:
       OS::TripleO::NodeExtraConfigPost: ../../extraconfig/post_deploy/standalone_post.yaml
 
       # OVN
-      OS::TripleO::Services::OVNDBs: ../../docker/services/ovn-dbs.yaml
+      OS::TripleO::Services::OVNDBs: ../../deployment/ovn/ovn-dbs-container-puppet.yaml
 
       # Manage SELinux
       OS::TripleO::Services::SELinux: ../../deployment/selinux/selinux-baremetal-puppet.yaml