openstack
/
tripleo-heat-templates
Code Issues Proposed changes

Merge "Simplify openvswitch and ovn service templtes"

This commit is contained in:
Zuul 2021-05-22 04:09:20 +00:00 committed by Gerrit Code Review
parent fbd67550ea e172a7ff4e
commit 3141aab255
6 changed files with 69 additions and 120 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
deployment/openvswitch/openvswitch-dpdk-baremetal-ansible.yaml
View File

@ -110,11 +110,7 @@ parameters:
tags:
- role_specific
conditions:
emc_disable: {equals: [{get_param: OvsDisableEMC}, true]}
resources:
RoleParametersDpdk:
type: OS::Heat::Value
properties:
@ -171,7 +167,6 @@ outputs:
tripleo_ovs_dpdk_handler_cores: {get_attr: [RoleParametersDpdk, value, handler]}
tripleo_ovs_dpdk_emc_insertion_probablity:
if:
- emc_disable
- {get_param: OvsDisableEMC}
- 0
- ''
tripleo_ovs_dpdk_enable_tso: {get_attr: [RoleParametersDpdk, value, enable_tso]}

3
deployment/openvswitch/openvswitch-dpdk-netcontrold-container-ansible.yaml
View File

@ -63,8 +63,7 @@ outputs:
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/ovs_dpdk_netcontrold.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/kolla/config_files/ovs_dpdk_netcontrold.json:/var/lib/kolla/config_files/config.json:ro
- /lib/modules:/lib/modules:ro
- /sys/kernel/debug:/sys/kernel/debug
- /run/openvswitch:/run/openvswitch:shared,z

50
deployment/ovn/ovn-controller-container-puppet.yaml
View File

@ -139,13 +139,10 @@ parameters:
- role_specific
conditions:
force_config_drive: {equals: [{get_param: OVNMetadataEnabled}, false]}
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
key_size_override_unset: {equals: [{get_param: ContainerOvnCertificateKeySize}, '']}
enable_vlan_transparency: {equals: [{get_param: EnableVLANTransparency}, true]}
key_size_override_set:
not: {equals: [{get_param: ContainerOvnCertificateKeySize}, '']}
resources:
ContainersCommon:
type: ../containers-common.yaml
@ -225,21 +222,15 @@ outputs:
ovn::controller::hostname: "%{hiera('fqdn_canonical')}"
ovn::controller::ovn_remote_probe_interval: {get_param: OVNRemoteProbeInterval}
ovn::controller::ovn_openflow_probe_interval: {get_param: OVNOpenflowProbeInterval}
- if:
- force_config_drive
- nova::compute::force_config_drive: true
- {}
-
if:
- internal_tls_enabled
-
tripleo::profile::base::neutron::agents::ovn::protocol: 'ssl'
- {}
-
if:
- enable_vlan_transparency
- vswitch::ovs::vlan_limit: 0
- {}
nova::compute::force_config_drive: {get_param: OVNMetadataEnabled}
tripleo::profile::base::neutron::agents::ovn::protocol:
if:
- {get_param: EnableInternalTLS}
- 'ssl'
vswitch::ovs::vlan_limit:
if:
- {get_param: EnableVLANTransparency}
- 0
service_config_settings: {}
# BEGIN DOCKER SETTINGS
puppet_config:
@ -265,12 +256,11 @@ outputs:
- ' '
- - /usr/bin/ovn-controller --pidfile --log-file unix:/run/openvswitch/db.sock
- if:
- internal_tls_enabled
- {get_param: EnableInternalTLS}
- list_join:
- ' '
- - -p /etc/pki/tls/private/ovn_controller.key -c /etc/pki/tls/certs/ovn_controller.crt -C
- {get_param: InternalTLSCAFile}
- ''
permissions:
- path: /var/log/openvswitch
owner: root:root
@ -280,11 +270,10 @@ outputs:
recurse: true
metadata_settings:
if:
- internal_tls_enabled
- {get_param: EnableInternalTLS}
- - service: ovn_controller
network: {get_param: [ServiceNetMap, OvnDbsNetwork]}
type: node
- null
docker_config:
step_4:
configure_cms_options:
@ -323,8 +312,7 @@ outputs:
port: {get_param: OVNSouthboundServerPort}
volumes:
list_concat:
-
- /var/lib/kolla/config_files/ovn_controller.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/kolla/config_files/ovn_controller.json:/var/lib/kolla/config_files/config.json:ro
- /lib/modules:/lib/modules:ro
# TODO(numans): This is temporary. Mount /run/openvswitch once
# openvswitch systemd script is fixed to not delete /run/openvswitch
@ -334,16 +322,14 @@ outputs:
- /var/log/containers/openvswitch:/var/log/openvswitch:z
- /var/log/containers/openvswitch:/var/log/ovn:z
- if:
- internal_tls_enabled
-
- list_join:
- {get_param: EnableInternalTLS}
- - list_join:
- ':'
- - {get_param: InternalTLSCAFile}
- {get_param: InternalTLSCAFile}
- 'ro'
- /etc/pki/tls/certs/ovn_controller.crt:/etc/pki/tls/certs/ovn_controller.crt
- /etc/pki/tls/private/ovn_controller.key:/etc/pki/tls/private/ovn_controller.key
- null
environment:
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
deploy_steps_tasks:
@ -369,9 +355,9 @@ outputs:
$NETWORK: {get_param: [ServiceNetMap, OvnDbsNetwork]}
key_size:
if:
- key_size_override_unset
- {get_param: CertificateKeySize}
- key_size_override_set
- {get_param: ContainerOvnCertificateKeySize}
- {get_param: CertificateKeySize}
ca: ipa
host_prep_tasks:
- name: create persistent directories

10
deployment/ovn/ovn-dbs-container-puppet.yaml
View File

@ -70,7 +70,6 @@ conditions:
- ''
resources:
ContainersCommon:
type: ../containers-common.yaml
@ -151,8 +150,7 @@ outputs:
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/ovn_north_db_server.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/kolla/config_files/ovn_north_db_server.json:/var/lib/kolla/config_files/config.json:ro
- /lib/modules:/lib/modules:ro
- /var/lib/openvswitch/ovn:/var/lib/openvswitch:shared,z
- /var/lib/openvswitch/ovn:/run/openvswitch:shared,z
@ -173,8 +171,7 @@ outputs:
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/ovn_south_db_server.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/kolla/config_files/ovn_south_db_server.json:/var/lib/kolla/config_files/config.json:ro
- /lib/modules:/lib/modules:ro
- /var/lib/openvswitch/ovn:/var/lib/openvswitch:shared,z
- /var/lib/openvswitch/ovn:/run/openvswitch:shared,z
@ -207,8 +204,7 @@ outputs:
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/ovn_northd.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/kolla/config_files/ovn_northd.json:/var/lib/kolla/config_files/config.json:ro
- /lib/modules:/lib/modules:ro
- /var/lib/openvswitch/ovn:/run/openvswitch:shared,z
- /var/log/containers/openvswitch:/var/log/openvswitch:z

53
deployment/ovn/ovn-dbs-pacemaker-puppet.yaml
View File

@ -113,16 +113,10 @@ parameters:
default: 10
conditions:
puppet_debug_enabled: {get_param: ConfigDebug}
docker_enabled: {equals: [{get_param: ContainerCli}, 'docker']}
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
common_tag_enabled: {equals: [{get_param: ClusterCommonTag}, true]}
common_tag_full: {equals: [{get_param: ClusterFullTag}, true]}
use_external_load_balancer: {equals: [{get_param: EnableLoadBalancer}, false]}
key_size_override_unset: {equals: [{get_param: OvnDBSCertificateKeySize}, '']}
key_size_override_set:
not: {equals: [{get_param: OvnDBSCertificateKeySize}, '']}
resources:
ContainersCommon:
type: ../containers-common.yaml
@ -155,43 +149,41 @@ outputs:
- get_attr: [OVNDbsBase, role_data, config_settings]
- tripleo::profile::pacemaker::ovn_dbs_bundle::ovn_dbs_docker_image: &ovn_dbs_image_pcmklatest
if:
- common_tag_full
- {get_param: ClusterFullTag}
- "cluster.common.tag/ovn-northd:pcmklatest"
- yaql:
data:
if:
- common_tag_enabled
- {get_param: ClusterCommonTag}
- yaql:
data: {get_param: ContainerOvnDbsImage}
expression: concat("cluster.common.tag/", $.data.rightSplit(separator => "/", maxSplits => 1)[1])
- {get_param: ContainerOvnDbsImage}
expression: concat($.data.rightSplit(separator => ":", maxSplits => 1)[0], ":pcmklatest")
- tripleo::profile::pacemaker::ovn_dbs_bundle::nb_db_port: {get_param: OVNNorthboundServerPort}
- tripleo::profile::pacemaker::ovn_dbs_bundle::sb_db_port: {get_param: OVNSouthboundServerPort}
- tripleo::profile::pacemaker::ovn_dbs_bundle::container_backend: {get_param: ContainerCli}
- tripleo::profile::pacemaker::ovn_dbs_bundle::dbs_timeout: {get_param: OVNDBSPacemakerTimeout}
- tripleo::profile::pacemaker::ovn_dbs_bundle::replication_probe_interval: {get_param: OVNDBSReplicationInterval}
- tripleo::profile::pacemaker::ovn_dbs_bundle::force_ocf: true
- tripleo::profile::pacemaker::ovn_dbs_bundle::monitor_interval_slave: {get_param: OVNDBSPacemakerMonitorIntervalSlave}
- tripleo::profile::pacemaker::ovn_dbs_bundle::monitor_interval_master: {get_param: OVNDBSPacemakerMonitorIntervalMaster}
- tripleo::haproxy::ovn_dbs_manage_lb:
tripleo::profile::pacemaker::ovn_dbs_bundle::nb_db_port: {get_param: OVNNorthboundServerPort}
tripleo::profile::pacemaker::ovn_dbs_bundle::sb_db_port: {get_param: OVNSouthboundServerPort}
tripleo::profile::pacemaker::ovn_dbs_bundle::container_backend: {get_param: ContainerCli}
tripleo::profile::pacemaker::ovn_dbs_bundle::dbs_timeout: {get_param: OVNDBSPacemakerTimeout}
tripleo::profile::pacemaker::ovn_dbs_bundle::replication_probe_interval: {get_param: OVNDBSReplicationInterval}
tripleo::profile::pacemaker::ovn_dbs_bundle::force_ocf: true
tripleo::profile::pacemaker::ovn_dbs_bundle::monitor_interval_slave: {get_param: OVNDBSPacemakerMonitorIntervalSlave}
tripleo::profile::pacemaker::ovn_dbs_bundle::monitor_interval_master: {get_param: OVNDBSPacemakerMonitorIntervalMaster}
tripleo::haproxy::ovn_dbs_manage_lb:
if:
- use_external_load_balancer
- not: {get_param: EnableLoadBalancer}
- true
- false
- tripleo::profile::pacemaker::ovn_dbs_bundle::listen_on_master_ip_only:
tripleo::profile::pacemaker::ovn_dbs_bundle::listen_on_master_ip_only:
if:
- use_external_load_balancer
- 'no'
- {get_param: EnableLoadBalancer}
- 'yes'
- 'no'
- if:
- internal_tls_enabled
-
tripleo::profile::pacemaker::ovn_dbs_bundle::ca_file:
- {get_param: EnableInternalTLS}
- tripleo::profile::pacemaker::ovn_dbs_bundle::ca_file:
get_param: InternalTLSCAFile
tripleo::profile::base::neutron::agents::ovn::protocol: 'ssl'
tripleo::profile::pacemaker::ovn_dbs_bundle::enable_internal_tls: true
- {}
service_config_settings: {}
kolla_config:
/var/lib/kolla/config_files/ovn_dbs.json:
@ -209,14 +201,13 @@ outputs:
container_config_scripts: {get_attr: [ContainersCommon, container_config_scripts]}
metadata_settings:
if:
- internal_tls_enabled
- {get_param: EnableInternalTLS}
- - service: ovn_dbs
network: {get_param: [ServiceNetMap, OvnDbsNetwork]}
type: vip
- service: ovn_dbs
network: {get_param: [ServiceNetMap, OvnDbsNetwork]}
type: node
- null
host_prep_tasks:
- name: create persistent directories
file:
@ -273,9 +264,9 @@ outputs:
$NETWORK: {get_param: [ServiceNetMap, OvnDbsNetwork]}
key_size:
if:
- key_size_override_unset
- {get_param: CertificateKeySize}
- key_size_override_set
- {get_param: OvnDBSCertificateKeySize}
- {get_param: CertificateKeySize}
ca: ipa
update_tasks:
- name: Tear-down non-HA ovn-dbs containers

66
deployment/ovn/ovn-metadata-container-puppet.yaml
View File

@ -125,14 +125,12 @@ parameters:
certificate for this service
conditions:
haproxy_wrapper_enabled: {equals: [{get_param: OVNEnableHaproxyDockerWrapper}, true]}
docker_enabled: {equals: [{get_param: ContainerCli}, 'docker']}
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
neutron_metadata_workers_unset: {equals : [{get_param: NeutronMetadataWorkers}, '']}
key_size_override_unset: {equals: [{get_param: OvnMetadataCertificateKeySize}, '']}
neutron_metadata_workers_set:
not: {equals : [{get_param: NeutronMetadataWorkers}, '']}
key_size_override_set:
not: {equals: [{get_param: OvnMetadataCertificateKeySize}, '']}
resources:
ContainersCommon:
type: ../containers-common.yaml
@ -178,28 +176,25 @@ outputs:
ovn::southbound::port: {get_param: OVNSouthboundServerPort}
neutron::agents::ovn_metadata::ovn_remote_probe_interval: {get_param: OVNRemoteProbeInterval}
neutron::agents::ovn_metadata::debug:
if:
if:
- {get_param: OvnMetadataAgentDebug}
- true
- {get_param: Debug}
neutron::agents::ovn_metadata::metadata_protocol:
if:
- internal_tls_enabled
- 'https'
- 'http'
-
if:
- neutron_metadata_workers_unset
- {}
- neutron::agents::ovn_metadata::metadata_workers: {get_param: NeutronMetadataWorkers}
- {get_param: EnableInternalTLS}
- 'https'
- 'http'
neutron::agents::ovn_metadata::metadata_workers:
if:
- neutron_metadata_workers_set
- {get_param: NeutronMetadataWorkers}
- if:
- internal_tls_enabled
- {get_param: EnableInternalTLS}
- tripleo::profile::base::neutron::ovn_metadata::ovn_sb_ca_cert: {get_param: InternalTLSCAFile}
tripleo::profile::base::neutron::ovn_metadata::protocol: 'ssl'
tripleo::profile::base::neutron::ovn_metadata::ovn_sb_certificate: '/etc/pki/tls/certs/ovn_metadata.crt'
tripleo::profile::base::neutron::ovn_metadata::ovn_sb_private_key: '/etc/pki/tls/private/ovn_metadata.key'
- {}
puppet_config:
puppet_tags: neutron_config,ovn_metadata_agent_config
config_volume: neutron
@ -247,8 +242,7 @@ outputs:
user: root
command: # '/container_puppet_apply.sh "STEP" "TAGS" "CONFIG" "DEBUG"'
list_concat:
-
- '/container_puppet_apply.sh'
- - '/container_puppet_apply.sh'
- '4'
- 'file'
- 'include ::tripleo::profile::base::neutron::ovn_metadata_agent_wrappers'
@ -256,8 +250,7 @@ outputs:
volumes:
list_concat:
- {get_attr: [ContainersCommon, container_puppet_apply_volumes]}
-
- /run/openvswitch:/run/openvswitch:shared,z
- - /run/openvswitch:/run/openvswitch:shared,z
- /var/lib/neutron:/var/lib/neutron:shared,z
step_4:
setup_ovs_manager:
@ -293,41 +286,30 @@ outputs:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
- {get_attr: [NeutronLogging, volumes]}
-
- /var/lib/kolla/config_files/ovn_metadata_agent.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/kolla/config_files/ovn_metadata_agent.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/neutron:/var/lib/kolla/config_files/src:ro
- /lib/modules:/lib/modules:ro
- /run/openvswitch:/run/openvswitch:shared,z
- /var/lib/neutron:/var/lib/neutron:shared,z
- /run/netns:/run/netns:shared
- /var/lib/neutron/kill_scripts:/etc/neutron/kill_scripts:shared,z
-
if:
- docker_enabled
- - /var/lib/openstack:/var/lib/openstack
- null
-
if:
- haproxy_wrapper_enabled
- - /var/lib/neutron/ovn_metadata_haproxy_wrapper:/usr/local/bin/haproxy:ro
- null
- if:
- internal_tls_enabled
-
- /etc/pki/tls/certs/ovn_metadata.crt:/etc/pki/tls/certs/ovn_metadata.crt
- {get_param: OVNEnableHaproxyDockerWrapper}
- - /var/lib/neutron/ovn_metadata_haproxy_wrapper:/usr/local/bin/haproxy:ro
- if:
- {get_param: EnableInternalTLS}
- - /etc/pki/tls/certs/ovn_metadata.crt:/etc/pki/tls/certs/ovn_metadata.crt
- /etc/pki/tls/private/ovn_metadata.key:/etc/pki/tls/private/ovn_metadata.key
- null
environment:
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
metadata_settings:
list_concat:
- {get_attr: [NeutronBase, role_data, metadata_settings]}
- if:
- internal_tls_enabled
- {get_param: EnableInternalTLS}
- - service: ovn_metadata
network: {get_param: [ServiceNetMap, OvnDbsNetwork]}
type: node
- null
deploy_steps_tasks:
- name: Certificate generation
when:
@ -351,9 +333,9 @@ outputs:
$NETWORK: {get_param: [ServiceNetMap, OvnDbsNetwork]}
key_size:
if:
- key_size_override_unset
- {get_param: CertificateKeySize}
- key_size_override_set
- {get_param: OvnMetadataCertificateKeySize}
- {get_param: CertificateKeySize}
ca: ipa
host_prep_tasks:
list_concat: