Merge "Simplify openvswitch and ovn service templtes"
This commit is contained in:
commit
3141aab255
|
@ -110,11 +110,7 @@ parameters:
|
|||
tags:
|
||||
- role_specific
|
||||
|
||||
conditions:
|
||||
emc_disable: {equals: [{get_param: OvsDisableEMC}, true]}
|
||||
|
||||
resources:
|
||||
|
||||
RoleParametersDpdk:
|
||||
type: OS::Heat::Value
|
||||
properties:
|
||||
|
@ -171,7 +167,6 @@ outputs:
|
|||
tripleo_ovs_dpdk_handler_cores: {get_attr: [RoleParametersDpdk, value, handler]}
|
||||
tripleo_ovs_dpdk_emc_insertion_probablity:
|
||||
if:
|
||||
- emc_disable
|
||||
- {get_param: OvsDisableEMC}
|
||||
- 0
|
||||
- ''
|
||||
tripleo_ovs_dpdk_enable_tso: {get_attr: [RoleParametersDpdk, value, enable_tso]}
|
||||
|
|
|
@ -63,8 +63,7 @@ outputs:
|
|||
volumes:
|
||||
list_concat:
|
||||
- {get_attr: [ContainersCommon, volumes]}
|
||||
-
|
||||
- /var/lib/kolla/config_files/ovs_dpdk_netcontrold.json:/var/lib/kolla/config_files/config.json:ro
|
||||
- - /var/lib/kolla/config_files/ovs_dpdk_netcontrold.json:/var/lib/kolla/config_files/config.json:ro
|
||||
- /lib/modules:/lib/modules:ro
|
||||
- /sys/kernel/debug:/sys/kernel/debug
|
||||
- /run/openvswitch:/run/openvswitch:shared,z
|
||||
|
|
|
@ -139,13 +139,10 @@ parameters:
|
|||
- role_specific
|
||||
|
||||
conditions:
|
||||
force_config_drive: {equals: [{get_param: OVNMetadataEnabled}, false]}
|
||||
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
|
||||
key_size_override_unset: {equals: [{get_param: ContainerOvnCertificateKeySize}, '']}
|
||||
enable_vlan_transparency: {equals: [{get_param: EnableVLANTransparency}, true]}
|
||||
key_size_override_set:
|
||||
not: {equals: [{get_param: ContainerOvnCertificateKeySize}, '']}
|
||||
|
||||
resources:
|
||||
|
||||
ContainersCommon:
|
||||
type: ../containers-common.yaml
|
||||
|
||||
|
@ -225,21 +222,15 @@ outputs:
|
|||
ovn::controller::hostname: "%{hiera('fqdn_canonical')}"
|
||||
ovn::controller::ovn_remote_probe_interval: {get_param: OVNRemoteProbeInterval}
|
||||
ovn::controller::ovn_openflow_probe_interval: {get_param: OVNOpenflowProbeInterval}
|
||||
- if:
|
||||
- force_config_drive
|
||||
- nova::compute::force_config_drive: true
|
||||
- {}
|
||||
-
|
||||
if:
|
||||
- internal_tls_enabled
|
||||
-
|
||||
tripleo::profile::base::neutron::agents::ovn::protocol: 'ssl'
|
||||
- {}
|
||||
-
|
||||
if:
|
||||
- enable_vlan_transparency
|
||||
- vswitch::ovs::vlan_limit: 0
|
||||
- {}
|
||||
nova::compute::force_config_drive: {get_param: OVNMetadataEnabled}
|
||||
tripleo::profile::base::neutron::agents::ovn::protocol:
|
||||
if:
|
||||
- {get_param: EnableInternalTLS}
|
||||
- 'ssl'
|
||||
vswitch::ovs::vlan_limit:
|
||||
if:
|
||||
- {get_param: EnableVLANTransparency}
|
||||
- 0
|
||||
service_config_settings: {}
|
||||
# BEGIN DOCKER SETTINGS
|
||||
puppet_config:
|
||||
|
@ -265,12 +256,11 @@ outputs:
|
|||
- ' '
|
||||
- - /usr/bin/ovn-controller --pidfile --log-file unix:/run/openvswitch/db.sock
|
||||
- if:
|
||||
- internal_tls_enabled
|
||||
- {get_param: EnableInternalTLS}
|
||||
- list_join:
|
||||
- ' '
|
||||
- - -p /etc/pki/tls/private/ovn_controller.key -c /etc/pki/tls/certs/ovn_controller.crt -C
|
||||
- {get_param: InternalTLSCAFile}
|
||||
- ''
|
||||
permissions:
|
||||
- path: /var/log/openvswitch
|
||||
owner: root:root
|
||||
|
@ -280,11 +270,10 @@ outputs:
|
|||
recurse: true
|
||||
metadata_settings:
|
||||
if:
|
||||
- internal_tls_enabled
|
||||
- {get_param: EnableInternalTLS}
|
||||
- - service: ovn_controller
|
||||
network: {get_param: [ServiceNetMap, OvnDbsNetwork]}
|
||||
type: node
|
||||
- null
|
||||
docker_config:
|
||||
step_4:
|
||||
configure_cms_options:
|
||||
|
@ -323,8 +312,7 @@ outputs:
|
|||
port: {get_param: OVNSouthboundServerPort}
|
||||
volumes:
|
||||
list_concat:
|
||||
-
|
||||
- /var/lib/kolla/config_files/ovn_controller.json:/var/lib/kolla/config_files/config.json:ro
|
||||
- - /var/lib/kolla/config_files/ovn_controller.json:/var/lib/kolla/config_files/config.json:ro
|
||||
- /lib/modules:/lib/modules:ro
|
||||
# TODO(numans): This is temporary. Mount /run/openvswitch once
|
||||
# openvswitch systemd script is fixed to not delete /run/openvswitch
|
||||
|
@ -334,16 +322,14 @@ outputs:
|
|||
- /var/log/containers/openvswitch:/var/log/openvswitch:z
|
||||
- /var/log/containers/openvswitch:/var/log/ovn:z
|
||||
- if:
|
||||
- internal_tls_enabled
|
||||
-
|
||||
- list_join:
|
||||
- {get_param: EnableInternalTLS}
|
||||
- - list_join:
|
||||
- ':'
|
||||
- - {get_param: InternalTLSCAFile}
|
||||
- {get_param: InternalTLSCAFile}
|
||||
- 'ro'
|
||||
- /etc/pki/tls/certs/ovn_controller.crt:/etc/pki/tls/certs/ovn_controller.crt
|
||||
- /etc/pki/tls/private/ovn_controller.key:/etc/pki/tls/private/ovn_controller.key
|
||||
- null
|
||||
environment:
|
||||
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
|
||||
deploy_steps_tasks:
|
||||
|
@ -369,9 +355,9 @@ outputs:
|
|||
$NETWORK: {get_param: [ServiceNetMap, OvnDbsNetwork]}
|
||||
key_size:
|
||||
if:
|
||||
- key_size_override_unset
|
||||
- {get_param: CertificateKeySize}
|
||||
- key_size_override_set
|
||||
- {get_param: ContainerOvnCertificateKeySize}
|
||||
- {get_param: CertificateKeySize}
|
||||
ca: ipa
|
||||
host_prep_tasks:
|
||||
- name: create persistent directories
|
||||
|
|
|
@ -70,7 +70,6 @@ conditions:
|
|||
- ''
|
||||
|
||||
resources:
|
||||
|
||||
ContainersCommon:
|
||||
type: ../containers-common.yaml
|
||||
|
||||
|
@ -151,8 +150,7 @@ outputs:
|
|||
volumes:
|
||||
list_concat:
|
||||
- {get_attr: [ContainersCommon, volumes]}
|
||||
-
|
||||
- /var/lib/kolla/config_files/ovn_north_db_server.json:/var/lib/kolla/config_files/config.json:ro
|
||||
- - /var/lib/kolla/config_files/ovn_north_db_server.json:/var/lib/kolla/config_files/config.json:ro
|
||||
- /lib/modules:/lib/modules:ro
|
||||
- /var/lib/openvswitch/ovn:/var/lib/openvswitch:shared,z
|
||||
- /var/lib/openvswitch/ovn:/run/openvswitch:shared,z
|
||||
|
@ -173,8 +171,7 @@ outputs:
|
|||
volumes:
|
||||
list_concat:
|
||||
- {get_attr: [ContainersCommon, volumes]}
|
||||
-
|
||||
- /var/lib/kolla/config_files/ovn_south_db_server.json:/var/lib/kolla/config_files/config.json:ro
|
||||
- - /var/lib/kolla/config_files/ovn_south_db_server.json:/var/lib/kolla/config_files/config.json:ro
|
||||
- /lib/modules:/lib/modules:ro
|
||||
- /var/lib/openvswitch/ovn:/var/lib/openvswitch:shared,z
|
||||
- /var/lib/openvswitch/ovn:/run/openvswitch:shared,z
|
||||
|
@ -207,8 +204,7 @@ outputs:
|
|||
volumes:
|
||||
list_concat:
|
||||
- {get_attr: [ContainersCommon, volumes]}
|
||||
-
|
||||
- /var/lib/kolla/config_files/ovn_northd.json:/var/lib/kolla/config_files/config.json:ro
|
||||
- - /var/lib/kolla/config_files/ovn_northd.json:/var/lib/kolla/config_files/config.json:ro
|
||||
- /lib/modules:/lib/modules:ro
|
||||
- /var/lib/openvswitch/ovn:/run/openvswitch:shared,z
|
||||
- /var/log/containers/openvswitch:/var/log/openvswitch:z
|
||||
|
|
|
@ -113,16 +113,10 @@ parameters:
|
|||
default: 10
|
||||
|
||||
conditions:
|
||||
puppet_debug_enabled: {get_param: ConfigDebug}
|
||||
docker_enabled: {equals: [{get_param: ContainerCli}, 'docker']}
|
||||
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
|
||||
common_tag_enabled: {equals: [{get_param: ClusterCommonTag}, true]}
|
||||
common_tag_full: {equals: [{get_param: ClusterFullTag}, true]}
|
||||
use_external_load_balancer: {equals: [{get_param: EnableLoadBalancer}, false]}
|
||||
key_size_override_unset: {equals: [{get_param: OvnDBSCertificateKeySize}, '']}
|
||||
key_size_override_set:
|
||||
not: {equals: [{get_param: OvnDBSCertificateKeySize}, '']}
|
||||
|
||||
resources:
|
||||
|
||||
ContainersCommon:
|
||||
type: ../containers-common.yaml
|
||||
|
||||
|
@ -155,43 +149,41 @@ outputs:
|
|||
- get_attr: [OVNDbsBase, role_data, config_settings]
|
||||
- tripleo::profile::pacemaker::ovn_dbs_bundle::ovn_dbs_docker_image: &ovn_dbs_image_pcmklatest
|
||||
if:
|
||||
- common_tag_full
|
||||
- {get_param: ClusterFullTag}
|
||||
- "cluster.common.tag/ovn-northd:pcmklatest"
|
||||
- yaql:
|
||||
data:
|
||||
if:
|
||||
- common_tag_enabled
|
||||
- {get_param: ClusterCommonTag}
|
||||
- yaql:
|
||||
data: {get_param: ContainerOvnDbsImage}
|
||||
expression: concat("cluster.common.tag/", $.data.rightSplit(separator => "/", maxSplits => 1)[1])
|
||||
- {get_param: ContainerOvnDbsImage}
|
||||
expression: concat($.data.rightSplit(separator => ":", maxSplits => 1)[0], ":pcmklatest")
|
||||
- tripleo::profile::pacemaker::ovn_dbs_bundle::nb_db_port: {get_param: OVNNorthboundServerPort}
|
||||
- tripleo::profile::pacemaker::ovn_dbs_bundle::sb_db_port: {get_param: OVNSouthboundServerPort}
|
||||
- tripleo::profile::pacemaker::ovn_dbs_bundle::container_backend: {get_param: ContainerCli}
|
||||
- tripleo::profile::pacemaker::ovn_dbs_bundle::dbs_timeout: {get_param: OVNDBSPacemakerTimeout}
|
||||
- tripleo::profile::pacemaker::ovn_dbs_bundle::replication_probe_interval: {get_param: OVNDBSReplicationInterval}
|
||||
- tripleo::profile::pacemaker::ovn_dbs_bundle::force_ocf: true
|
||||
- tripleo::profile::pacemaker::ovn_dbs_bundle::monitor_interval_slave: {get_param: OVNDBSPacemakerMonitorIntervalSlave}
|
||||
- tripleo::profile::pacemaker::ovn_dbs_bundle::monitor_interval_master: {get_param: OVNDBSPacemakerMonitorIntervalMaster}
|
||||
- tripleo::haproxy::ovn_dbs_manage_lb:
|
||||
tripleo::profile::pacemaker::ovn_dbs_bundle::nb_db_port: {get_param: OVNNorthboundServerPort}
|
||||
tripleo::profile::pacemaker::ovn_dbs_bundle::sb_db_port: {get_param: OVNSouthboundServerPort}
|
||||
tripleo::profile::pacemaker::ovn_dbs_bundle::container_backend: {get_param: ContainerCli}
|
||||
tripleo::profile::pacemaker::ovn_dbs_bundle::dbs_timeout: {get_param: OVNDBSPacemakerTimeout}
|
||||
tripleo::profile::pacemaker::ovn_dbs_bundle::replication_probe_interval: {get_param: OVNDBSReplicationInterval}
|
||||
tripleo::profile::pacemaker::ovn_dbs_bundle::force_ocf: true
|
||||
tripleo::profile::pacemaker::ovn_dbs_bundle::monitor_interval_slave: {get_param: OVNDBSPacemakerMonitorIntervalSlave}
|
||||
tripleo::profile::pacemaker::ovn_dbs_bundle::monitor_interval_master: {get_param: OVNDBSPacemakerMonitorIntervalMaster}
|
||||
tripleo::haproxy::ovn_dbs_manage_lb:
|
||||
if:
|
||||
- use_external_load_balancer
|
||||
- not: {get_param: EnableLoadBalancer}
|
||||
- true
|
||||
- false
|
||||
- tripleo::profile::pacemaker::ovn_dbs_bundle::listen_on_master_ip_only:
|
||||
tripleo::profile::pacemaker::ovn_dbs_bundle::listen_on_master_ip_only:
|
||||
if:
|
||||
- use_external_load_balancer
|
||||
- 'no'
|
||||
- {get_param: EnableLoadBalancer}
|
||||
- 'yes'
|
||||
- 'no'
|
||||
- if:
|
||||
- internal_tls_enabled
|
||||
-
|
||||
tripleo::profile::pacemaker::ovn_dbs_bundle::ca_file:
|
||||
- {get_param: EnableInternalTLS}
|
||||
- tripleo::profile::pacemaker::ovn_dbs_bundle::ca_file:
|
||||
get_param: InternalTLSCAFile
|
||||
tripleo::profile::base::neutron::agents::ovn::protocol: 'ssl'
|
||||
tripleo::profile::pacemaker::ovn_dbs_bundle::enable_internal_tls: true
|
||||
- {}
|
||||
service_config_settings: {}
|
||||
kolla_config:
|
||||
/var/lib/kolla/config_files/ovn_dbs.json:
|
||||
|
@ -209,14 +201,13 @@ outputs:
|
|||
container_config_scripts: {get_attr: [ContainersCommon, container_config_scripts]}
|
||||
metadata_settings:
|
||||
if:
|
||||
- internal_tls_enabled
|
||||
- {get_param: EnableInternalTLS}
|
||||
- - service: ovn_dbs
|
||||
network: {get_param: [ServiceNetMap, OvnDbsNetwork]}
|
||||
type: vip
|
||||
- service: ovn_dbs
|
||||
network: {get_param: [ServiceNetMap, OvnDbsNetwork]}
|
||||
type: node
|
||||
- null
|
||||
host_prep_tasks:
|
||||
- name: create persistent directories
|
||||
file:
|
||||
|
@ -273,9 +264,9 @@ outputs:
|
|||
$NETWORK: {get_param: [ServiceNetMap, OvnDbsNetwork]}
|
||||
key_size:
|
||||
if:
|
||||
- key_size_override_unset
|
||||
- {get_param: CertificateKeySize}
|
||||
- key_size_override_set
|
||||
- {get_param: OvnDBSCertificateKeySize}
|
||||
- {get_param: CertificateKeySize}
|
||||
ca: ipa
|
||||
update_tasks:
|
||||
- name: Tear-down non-HA ovn-dbs containers
|
||||
|
|
|
@ -125,14 +125,12 @@ parameters:
|
|||
certificate for this service
|
||||
|
||||
conditions:
|
||||
haproxy_wrapper_enabled: {equals: [{get_param: OVNEnableHaproxyDockerWrapper}, true]}
|
||||
docker_enabled: {equals: [{get_param: ContainerCli}, 'docker']}
|
||||
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
|
||||
neutron_metadata_workers_unset: {equals : [{get_param: NeutronMetadataWorkers}, '']}
|
||||
key_size_override_unset: {equals: [{get_param: OvnMetadataCertificateKeySize}, '']}
|
||||
neutron_metadata_workers_set:
|
||||
not: {equals : [{get_param: NeutronMetadataWorkers}, '']}
|
||||
key_size_override_set:
|
||||
not: {equals: [{get_param: OvnMetadataCertificateKeySize}, '']}
|
||||
|
||||
resources:
|
||||
|
||||
ContainersCommon:
|
||||
type: ../containers-common.yaml
|
||||
|
||||
|
@ -178,28 +176,25 @@ outputs:
|
|||
ovn::southbound::port: {get_param: OVNSouthboundServerPort}
|
||||
neutron::agents::ovn_metadata::ovn_remote_probe_interval: {get_param: OVNRemoteProbeInterval}
|
||||
neutron::agents::ovn_metadata::debug:
|
||||
if:
|
||||
if:
|
||||
- {get_param: OvnMetadataAgentDebug}
|
||||
- true
|
||||
- {get_param: Debug}
|
||||
neutron::agents::ovn_metadata::metadata_protocol:
|
||||
if:
|
||||
- internal_tls_enabled
|
||||
- 'https'
|
||||
- 'http'
|
||||
-
|
||||
if:
|
||||
- neutron_metadata_workers_unset
|
||||
- {}
|
||||
- neutron::agents::ovn_metadata::metadata_workers: {get_param: NeutronMetadataWorkers}
|
||||
- {get_param: EnableInternalTLS}
|
||||
- 'https'
|
||||
- 'http'
|
||||
neutron::agents::ovn_metadata::metadata_workers:
|
||||
if:
|
||||
- neutron_metadata_workers_set
|
||||
- {get_param: NeutronMetadataWorkers}
|
||||
- if:
|
||||
- internal_tls_enabled
|
||||
- {get_param: EnableInternalTLS}
|
||||
- tripleo::profile::base::neutron::ovn_metadata::ovn_sb_ca_cert: {get_param: InternalTLSCAFile}
|
||||
tripleo::profile::base::neutron::ovn_metadata::protocol: 'ssl'
|
||||
tripleo::profile::base::neutron::ovn_metadata::ovn_sb_certificate: '/etc/pki/tls/certs/ovn_metadata.crt'
|
||||
tripleo::profile::base::neutron::ovn_metadata::ovn_sb_private_key: '/etc/pki/tls/private/ovn_metadata.key'
|
||||
- {}
|
||||
|
||||
puppet_config:
|
||||
puppet_tags: neutron_config,ovn_metadata_agent_config
|
||||
config_volume: neutron
|
||||
|
@ -247,8 +242,7 @@ outputs:
|
|||
user: root
|
||||
command: # '/container_puppet_apply.sh "STEP" "TAGS" "CONFIG" "DEBUG"'
|
||||
list_concat:
|
||||
-
|
||||
- '/container_puppet_apply.sh'
|
||||
- - '/container_puppet_apply.sh'
|
||||
- '4'
|
||||
- 'file'
|
||||
- 'include ::tripleo::profile::base::neutron::ovn_metadata_agent_wrappers'
|
||||
|
@ -256,8 +250,7 @@ outputs:
|
|||
volumes:
|
||||
list_concat:
|
||||
- {get_attr: [ContainersCommon, container_puppet_apply_volumes]}
|
||||
-
|
||||
- /run/openvswitch:/run/openvswitch:shared,z
|
||||
- - /run/openvswitch:/run/openvswitch:shared,z
|
||||
- /var/lib/neutron:/var/lib/neutron:shared,z
|
||||
step_4:
|
||||
setup_ovs_manager:
|
||||
|
@ -293,41 +286,30 @@ outputs:
|
|||
list_concat:
|
||||
- {get_attr: [ContainersCommon, volumes]}
|
||||
- {get_attr: [NeutronLogging, volumes]}
|
||||
-
|
||||
- /var/lib/kolla/config_files/ovn_metadata_agent.json:/var/lib/kolla/config_files/config.json:ro
|
||||
- - /var/lib/kolla/config_files/ovn_metadata_agent.json:/var/lib/kolla/config_files/config.json:ro
|
||||
- /var/lib/config-data/puppet-generated/neutron:/var/lib/kolla/config_files/src:ro
|
||||
- /lib/modules:/lib/modules:ro
|
||||
- /run/openvswitch:/run/openvswitch:shared,z
|
||||
- /var/lib/neutron:/var/lib/neutron:shared,z
|
||||
- /run/netns:/run/netns:shared
|
||||
- /var/lib/neutron/kill_scripts:/etc/neutron/kill_scripts:shared,z
|
||||
-
|
||||
if:
|
||||
- docker_enabled
|
||||
- - /var/lib/openstack:/var/lib/openstack
|
||||
- null
|
||||
-
|
||||
if:
|
||||
- haproxy_wrapper_enabled
|
||||
- - /var/lib/neutron/ovn_metadata_haproxy_wrapper:/usr/local/bin/haproxy:ro
|
||||
- null
|
||||
- if:
|
||||
- internal_tls_enabled
|
||||
-
|
||||
- /etc/pki/tls/certs/ovn_metadata.crt:/etc/pki/tls/certs/ovn_metadata.crt
|
||||
- {get_param: OVNEnableHaproxyDockerWrapper}
|
||||
- - /var/lib/neutron/ovn_metadata_haproxy_wrapper:/usr/local/bin/haproxy:ro
|
||||
- if:
|
||||
- {get_param: EnableInternalTLS}
|
||||
- - /etc/pki/tls/certs/ovn_metadata.crt:/etc/pki/tls/certs/ovn_metadata.crt
|
||||
- /etc/pki/tls/private/ovn_metadata.key:/etc/pki/tls/private/ovn_metadata.key
|
||||
- null
|
||||
environment:
|
||||
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
|
||||
metadata_settings:
|
||||
list_concat:
|
||||
- {get_attr: [NeutronBase, role_data, metadata_settings]}
|
||||
- if:
|
||||
- internal_tls_enabled
|
||||
- {get_param: EnableInternalTLS}
|
||||
- - service: ovn_metadata
|
||||
network: {get_param: [ServiceNetMap, OvnDbsNetwork]}
|
||||
type: node
|
||||
- null
|
||||
deploy_steps_tasks:
|
||||
- name: Certificate generation
|
||||
when:
|
||||
|
@ -351,9 +333,9 @@ outputs:
|
|||
$NETWORK: {get_param: [ServiceNetMap, OvnDbsNetwork]}
|
||||
key_size:
|
||||
if:
|
||||
- key_size_override_unset
|
||||
- {get_param: CertificateKeySize}
|
||||
- key_size_override_set
|
||||
- {get_param: OvnMetadataCertificateKeySize}
|
||||
- {get_param: CertificateKeySize}
|
||||
ca: ipa
|
||||
host_prep_tasks:
|
||||
list_concat:
|
||||
|
|
Loading…
Reference in New Issue