Merge "step1: flatten the neutron service configurations"

This commit is contained in:
Zuul 2019-02-02 06:15:44 +00:00 committed by Gerrit Code Review
commit 9617be2d2f
14 changed files with 384 additions and 587 deletions

View File

@ -1,9 +1,25 @@
heat_template_version: rocky
description: >
OpenStack Neutron Server configured with Puppet
OpenStack containerized Neutron API service
parameters:
DockerNeutronApiImage:
description: image
type: string
DockerNeutronConfigImage:
description: The container image to use for the neutron config_volume
type: string
NeutronApiLoggingSource:
type: json
default:
tag: openstack.neutron.api
path: /var/log/containers/neutron/server.log
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
@ -25,11 +41,21 @@ parameters:
default: {}
description: Parameters specific to the role
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
EnableInternalTLS:
type: boolean
default: false
UpgradeRemoveUnusedPackages:
default: false
description: Remove package if the service is being disabled during upgrade
type: boolean
NeutronApiOptVolumes:
default: []
description: list of optional volumes to be mounted
type: comma_delimited_list
NeutronApiOptEnvVars:
default: []
description: list of optional environment variables
type: comma_delimited_list
NeutronWorkers:
default: ''
description: |
@ -123,6 +149,7 @@ conditions:
neutron_workers_unset: {equals : [{get_param: NeutronWorkers}, '']}
neutron_rpc_workers_unset: {equals : [{get_param: NeutronRpcWorkers}, '']}
neutron_ovs_int_br_unset: {equals : [{get_param: NeutronOvsIntegrationBridge}, '']}
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
resources:
@ -137,19 +164,30 @@ resources:
RoleParameters: {get_param: RoleParameters}
EnableInternalTLS: {get_param: EnableInternalTLS}
ContainersCommon:
type: ../../docker/services/containers-common.yaml
MySQLClient:
type: ../database/mysql-client.yaml
NeutronBase:
type: ./neutron-base.yaml
type: ../../puppet/services/neutron-base.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
NeutronLogging:
type: OS::TripleO::Services::Logging::NeutronApi
properties:
NeutronServiceName: server
outputs:
role_data:
description: Role data for the Neutron Server agent service.
description: Role data for the Neutron API role.
value:
service_name: neutron_api
monitoring_subscription: {get_param: MonitoringSubscriptionNeutronServer}
@ -157,6 +195,7 @@ outputs:
map_merge:
- get_attr: [NeutronBase, role_data, config_settings]
- get_attr: [TLSProxyBase, role_data, config_settings]
- get_attr: [NeutronLogging, config_settings]
- neutron::server::database_connection:
make_url:
scheme: {get_param: [EndpointMap, MysqlInternal, protocol]}
@ -241,8 +280,6 @@ outputs:
- neutron_ovs_int_br_unset
- {}
- neutron::server::ovs_integration_bridge: {get_param: NeutronOvsIntegrationBridge}
step_config: |
include tripleo::profile::base::neutron::server
service_config_settings:
fluentd:
tripleo_fluentd_groups_neutron_api:
@ -264,6 +301,161 @@ outputs:
neutron::db::mysql::allowed_hosts:
- '%'
- "%{hiera('mysql_bind_host')}"
upgrade_tasks: []
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: neutron
puppet_tags: neutron_config,neutron_api_config
step_config:
list_join:
- "\n"
- - include tripleo::profile::base::neutron::server
- {get_attr: [MySQLClient, role_data, step_config]}
config_image: {get_param: DockerNeutronConfigImage}
kolla_config:
/var/lib/kolla/config_files/neutron_api.json:
command:
list_join:
- ' '
- - /usr/bin/neutron-server --config-file /usr/share/neutron/neutron-dist.conf --config-dir /usr/share/neutron/server --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini --config-dir /etc/neutron/conf.d/common --config-dir /etc/neutron/conf.d/neutron-server
- get_attr: [NeutronLogging, cmd_extra_args]
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
permissions:
- path: /var/log/neutron
owner: neutron:neutron
recurse: true
/var/lib/kolla/config_files/neutron_server_tls_proxy.json:
command: /usr/sbin/httpd -DFOREGROUND
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
- source: "/var/lib/kolla/config_files/src/etc/httpd/conf.d"
dest: "/etc/httpd/conf.d"
merge: false
preserve_properties: true
docker_config:
step_2:
get_attr: [NeutronLogging, docker_config, step_2]
step_3:
neutron_db_sync:
image: &neutron_api_image {get_param: DockerNeutronApiImage}
net: host
privileged: false
detach: false
user: root
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
- {get_attr: [NeutronLogging, volumes]}
-
- /var/lib/config-data/neutron/etc/my.cnf.d/tripleo.cnf:/etc/my.cnf.d/tripleo.cnf:ro
- /var/lib/config-data/neutron/etc/neutron:/etc/neutron:ro
command: ['/usr/bin/bootstrap_host_exec', 'neutron_api', 'neutron-db-manage', 'upgrade', 'heads']
# FIXME: we should make config file permissions right
# and run as neutron user
#command: "/usr/bin/bootstrap_host_exec neutron_api su neutron -s /bin/bash -c 'neutron-db-manage upgrade heads'"
step_4:
map_merge:
- neutron_api:
start_order: 0
image: *neutron_api_image
net: host
privileged: false
restart: always
healthcheck:
test: /openstack/healthcheck
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
- {get_attr: [NeutronLogging, volumes]}
- {get_param: NeutronApiOptVolumes}
-
- /var/lib/kolla/config_files/neutron_api.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/neutron/:/var/lib/kolla/config_files/src:ro
environment:
list_concat:
- {get_param: NeutronApiOptEnvVars}
-
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
- if:
- internal_tls_enabled
- neutron_server_tls_proxy:
image: *neutron_api_image
net: host
user: root
restart: always
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/neutron_server_tls_proxy.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/neutron/:/var/lib/kolla/config_files/src:ro
- /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
- /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
- {}
host_prep_tasks: {get_attr: [NeutronLogging, host_prep_tasks]}
upgrade_tasks:
- when: step|int == 3
block:
- name: Set fact for removal of openstack-neutron package
set_fact:
remove_neutron_package: {get_param: UpgradeRemoveUnusedPackages}
- name: Remove openstack-neutron package if operator requests it
package: name=openstack-neutron state=removed
ignore_errors: True
when: remove_neutron_package|bool
metadata_settings:
get_attr: [TLSProxyBase, role_data, metadata_settings]
post_upgrade_tasks:
- when: step|int == 1
import_role:
name: tripleo-docker-rm
vars:
containers_to_rm:
with_items:
list_concat:
- - neutron_api
- - if:
- internal_tls_enabled
- - neutron_server_tls_proxy
- null
fast_forward_upgrade_tasks:
- when:
- step|int == 0
- release == 'ocata'
block:
- name: Check if neutron_server is deployed
command: systemctl is-enabled --quiet neutron-server
ignore_errors: True
register: neutron_server_enabled_result
- name: Set fact neutron_server_enabled
set_fact:
neutron_server_enabled: "{{ neutron_server_enabled_result.rc == 0 }}"
- name: Stop neutron_server
service: name=neutron-server state=stopped enabled=no
when:
- step|int == 1
- release == 'ocata'
- neutron_server_enabled|bool
- when:
- step|int == 6
- is_bootstrap_node|bool
block:
- name: Neutron package update
package:
name: 'openstack-neutron*'
state: latest
- name: Neutron package update workaround
package: name=python-networking-odl state=latest
- name: Neutron db sync
command: neutron-db-manage upgrade head
when:
- step|int == 8
- is_bootstrap_node|bool

View File

@ -68,6 +68,10 @@ parameters:
default: {}
description: Parameters specific to the role
type: json
RpcPort:
default: 5672
description: The network port for messaging backend
type: number
EnableInternalTLS:
type: boolean
default: false
@ -76,6 +80,47 @@ parameters:
type: string
description: Specifies the default CA cert to use if TLS is used for
services in the internal network.
NeutronEnableMetadataNetwork:
default: false
description: If True, DHCP provide metadata network. Requires either
IsolatedMetadata or ForceMetadata parameters to also be True.
type: boolean
NeutronEnableIsolatedMetadata:
default: false
description: If True, DHCP provide metadata route to VM.
type: boolean
NeutronEnableForceMetadata:
default: false
description: If True, DHCP always provides metadata route to VM.
type: boolean
NeutronEnableInternalDNS:
default: false
description: |
If True, enable the internal Neutron DNS server that provides name
resolution between VMs. This parameter has no effect if
NeutronDhcpAgentDnsmasqDnsServers is set.
type: boolean
MonitoringSubscriptionNeutronDhcp:
default: 'overcloud-neutron-dhcp'
type: string
NeutronDhcpAgentDebug:
default: ''
description: Set to True to enable debugging for Neutron DHCP agent.
type: string
constraints:
- allowed_values: [ '', 'true', 'True', 'TRUE', 'false', 'False', 'FALSE']
NeutronDhcpAgentDnsmasqDnsServers:
default: []
description: List of servers to use as dnsmasq forwarders
type: comma_delimited_list
NeutronInterfaceDriver:
default: 'neutron.agent.linux.interface.OVSInterfaceDriver'
description: Neutron DHCP Agent interface driver
type: string
NeutronDhcpOvsIntegrationBridge:
default: ''
type: string
description: Name of Open vSwitch bridge to use
conditions:
@ -83,15 +128,17 @@ conditions:
dnsmasq_wrapper_enabled: {equals: [{get_param: NeutronEnableDnsmasqDockerWrapper}, true]}
haproxy_wrapper_enabled: {equals: [{get_param: NeutronEnableHaproxyDockerWrapper}, true]}
docker_enabled: {equals: [{get_param: ContainerCli}, 'docker']}
service_debug_unset: {equals : [{get_param: NeutronWrapperDebug}, false]}
service_wrapper_debug_unset: {equals : [{get_param: NeutronWrapperDebug}, false]}
service_debug_unset: {equals: [{get_param: NeutronDhcpAgentDebug}, '']}
dhcp_ovs_intergation_bridge_unset: {equals: [{get_param: NeutronDhcpOvsIntegrationBridge}, '']}
resources:
ContainersCommon:
type: ./containers-common.yaml
type: ../../docker/services/containers-common.yaml
NeutronBase:
type: ../../puppet/services/neutron-dhcp.yaml
type: ../../puppet/services/neutron-base.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
@ -109,7 +156,8 @@ outputs:
role_data:
description: Role data for the Neutron DHCP role.
value:
service_name: {get_attr: [NeutronBase, role_data, service_name]}
service_name: neutron_dhcp
monitoring_subscription: {get_param: MonitoringSubscriptionNeutronDhcp}
config_settings:
map_merge:
- get_attr: [NeutronBase, role_data, config_settings]
@ -126,10 +174,39 @@ outputs:
tripleo::profile::base::neutron::dhcp_agent_wrappers::haproxy_image: {get_param: DockerNeutronDHCPImage}
tripleo::profile::base::neutron::dhcp_agent_wrappers::debug:
if:
- service_debug_unset
- service_wrapper_debug_unset
- {get_param: Debug }
- {get_param: NeutronWrapperDebug}
tripleo::profile::base::neutron::container_cli: {get_param: ContainerCli}
neutron::agents::dhcp::enable_isolated_metadata: {get_param: NeutronEnableIsolatedMetadata}
neutron::agents::dhcp::enable_force_metadata: {get_param: NeutronEnableForceMetadata}
neutron::agents::dhcp::enable_metadata_network: {get_param: NeutronEnableMetadataNetwork}
neutron::agents::dhcp::dnsmasq_local_resolv: {get_param: NeutronEnableInternalDNS}
neutron::agents::dhcp::dnsmasq_dns_servers: {get_param: NeutronDhcpAgentDnsmasqDnsServers}
neutron::agents::dhcp::interface_driver: {get_param: NeutronInterfaceDriver}
neutron::agents::dhcp::debug:
if:
- service_debug_unset
- {get_param: Debug}
- {get_param: NeutronDhcpAgentDebug}
tripleo::neutron_dhcp::firewall_rules:
'115 neutron dhcp input':
proto: 'udp'
dport: 67
'116 neutron dhcp output':
proto: 'udp'
chain: 'OUTPUT'
dport: 68
- if:
- internal_tls_enabled
- neutron::agents::dhcp::ovsdb_agent_ssl_key_file: '/etc/pki/tls/private/neutron.key'
neutron::agents::dhcp::ovsdb_agent_ssl_cert_file: '/etc/pki/tls/certs/neutron.crt'
neutron::agents::dhcp::ovsdb_agent_ssl_ca_file: {get_param: InternalTLSCAFile}
- {}
- if:
- dhcp_ovs_intergation_bridge_unset
- {}
- neutron::agents::dhcp::ovs_integration_bridge: {get_param: NeutronDhcpOvsIntegrationBridge}
service_config_settings:
map_merge:
- get_attr: [NeutronBase, role_data, service_config_settings]
@ -142,8 +219,8 @@ outputs:
puppet_config:
config_volume: neutron
puppet_tags: neutron_config,neutron_dhcp_agent_config
step_config:
get_attr: [NeutronBase, role_data, step_config]
step_config: |
include tripleo::profile::base::neutron::dhcp
config_image: {get_param: DockerNeutronConfigImage}
kolla_config:
/var/lib/kolla/config_files/neutron_dhcp.json:
@ -213,7 +290,7 @@ outputs:
- yaql:
expression: str($.data.port)
data:
port: {get_attr: [NeutronBase, role_data, config_settings, 'neutron::rabbit_port']}
port: {get_param: RpcPort}
ulimit: {get_param: DockerNeutronDHCPAgentUlimit}
volumes:
list_concat:

View File

@ -80,6 +80,45 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
RpcPort:
default: 5672
description: The network port for messaging backend
type: number
NeutronL3AgentMode:
description: |
Agent mode for L3 agent. Must be one of legacy or dvr_snat.
default: 'legacy'
type: string
constraints:
- allowed_values:
- legacy
- dvr_snat
- dvr
tags:
- role_specific
MonitoringSubscriptionNeutronL3:
default: 'overcloud-neutron-l3-agent'
type: string
NeutronL3AgentDebug:
default: ''
description: Set to True to enable debugging for Neutron L3 agent.
type: string
constraints:
- allowed_values: [ '', 'true', 'True', 'TRUE', 'false', 'False', 'FALSE']
NeutronL3AgentLoggingSource:
type: json
default:
tag: openstack.neutron.agent.l3
path: /var/log/neutron/l3-agent.log
# DEPRECATED: the following options are deprecated and are currently maintained
# for backwards compatibility. They will be removed in the Pike cycle.
NeutronExternalNetworkBridge:
description: Name of bridge used for external network traffic. Usually L2
agent handles port wiring into external bridge, and hence the
parameter should be unset.
type: string
default: ''
conditions:
keepalived_wrapper_enabled: {equals: [{get_param: NeutronEnableKeepalivedWrapper}, true]}
@ -88,14 +127,15 @@ conditions:
radvd_wrapper_enabled: {equals: [{get_param: NeutronEnableRadvdDockerWrapper}, true]}
docker_enabled: {equals: [{get_param: ContainerCli}, 'docker']}
service_debug_unset: {equals : [{get_param: NeutronWrapperDebug}, false]}
external_network_bridge_empty: {equals : [{get_param: NeutronExternalNetworkBridge}, "''"]}
resources:
ContainersCommon:
type: ./containers-common.yaml
type: ../../docker/services/containers-common.yaml
NeutronL3Base:
type: ../../puppet/services/neutron-l3.yaml
NeutronBase:
type: ../../puppet/services/neutron-base.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
@ -104,6 +144,20 @@ resources:
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
# Merging role-specific parameters (RoleParameters) with the default parameters.
# RoleParameters will have the precedence over the default parameters.
RoleParametersValue:
type: OS::Heat::Value
properties:
type: json
value:
map_replace:
- map_replace:
- neutron::agents::l3::agent_mode: NeutronL3AgentMode
- values: {get_param: [RoleParameters]}
- values:
NeutronL3AgentMode: {get_param: NeutronL3AgentMode}
NeutronLogging:
type: OS::TripleO::Services::Logging::NeutronCommon
properties:
@ -113,10 +167,12 @@ outputs:
role_data:
description: Role data for Neutron L3 agent
value:
service_name: {get_attr: [NeutronL3Base, role_data, service_name]}
service_name: neutron_l3
monitoring_subscription: {get_param: MonitoringSubscriptionNeutronL3}
config_settings:
map_merge:
- get_attr: [NeutronL3Base, role_data, config_settings]
- get_attr: [NeutronBase, role_data, config_settings]
- get_attr: [RoleParametersValue, value]
- get_attr: [NeutronLogging, config_settings]
- tripleo::profile::base::neutron::l3_agent_wrappers::enable_keepalived_wrapper: {get_param: NeutronEnableKeepalivedWrapper}
tripleo::profile::base::neutron::l3_agent_wrappers::keepalived_process_wrapper: '/var/lib/neutron/keepalived_wrapper'
@ -138,10 +194,22 @@ outputs:
- {get_param: Debug }
- {get_param: NeutronWrapperDebug}
tripleo::profile::base::neutron::container_cli: {get_param: ContainerCli}
- neutron::agents::l3::debug:
if:
- service_debug_unset
- {get_param: Debug}
- {get_param: NeutronL3AgentDebug}
tripleo::neutron_l3::firewall_rules:
'106 neutron_l3 vrrp':
proto: vrrp
-
if:
- external_network_bridge_empty
- {}
- neutron::agents::l3::external_network_bridge: {get_param: NeutronExternalNetworkBridge}
service_config_settings:
map_merge:
- get_attr: [NeutronL3Base, role_data, service_config_settings]
- get_attr: [NeutronBase, role_data, service_config_settings]
- fluentd:
tripleo_fluentd_groups_neutron_l3:
- neutron
@ -150,8 +218,8 @@ outputs:
puppet_config:
puppet_tags: neutron_config,neutron_l3_agent_config
config_volume: neutron
step_config:
get_attr: [NeutronL3Base, role_data, step_config]
step_config: |
include tripleo::profile::base::neutron::l3
config_image: {get_param: DockerNeutronConfigImage}
kolla_config:
/var/lib/kolla/config_files/neutron_l3_agent.json:
@ -211,7 +279,7 @@ outputs:
- yaql:
expression: str($.data.port)
data:
port: {get_attr: [NeutronL3Base, role_data, config_settings, 'neutron::rabbit_port']}
port: {get_param: RpcPort}
ulimit: {get_param: DockerNeutronL3AgentUlimit}
volumes:
list_concat:
@ -252,7 +320,7 @@ outputs:
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
metadata_settings:
get_attr: [NeutronL3Base, role_data, metadata_settings]
get_attr: [NeutronBase, role_data, metadata_settings]
host_prep_tasks:
list_concat:
- {get_attr: [NeutronLogging, host_prep_tasks]}

View File

@ -1,261 +0,0 @@
heat_template_version: rocky
description: >
OpenStack containerized Neutron API service
parameters:
DockerNeutronApiImage:
description: image
type: string
DockerNeutronConfigImage:
description: The container image to use for the neutron config_volume
type: string
NeutronApiLoggingSource:
type: json
default:
tag: openstack.neutron.api
path: /var/log/containers/neutron/server.log
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EnableInternalTLS:
type: boolean
default: false
UpgradeRemoveUnusedPackages:
default: false
description: Remove package if the service is being disabled during upgrade
type: boolean
NeutronApiOptVolumes:
default: []
description: list of optional volumes to be mounted
type: comma_delimited_list
NeutronApiOptEnvVars:
default: []
description: list of optional environment variables
type: comma_delimited_list
conditions:
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
resources:
ContainersCommon:
type: ./containers-common.yaml
MySQLClient:
type: ../../deployment/database/mysql-client.yaml
NeutronBase:
type: ../../puppet/services/neutron-api.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
NeutronLogging:
type: OS::TripleO::Services::Logging::NeutronApi
properties:
NeutronServiceName: server
outputs:
role_data:
description: Role data for the Neutron API role.
value:
service_name: {get_attr: [NeutronBase, role_data, service_name]}
config_settings:
map_merge:
- get_attr: [NeutronBase, role_data, config_settings]
- get_attr: [NeutronLogging, config_settings]
service_config_settings:
map_merge:
- get_attr: [NeutronBase, role_data, service_config_settings]
- fluentd:
tripleo_fluentd_groups_neutron_api:
- neutron
tripleo_fluentd_sources_neutron_api:
- {get_param: NeutronApiLoggingSource}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: neutron
puppet_tags: neutron_config,neutron_api_config
step_config:
list_join:
- "\n"
- - {get_attr: [NeutronBase, role_data, step_config]}
- {get_attr: [MySQLClient, role_data, step_config]}
config_image: {get_param: DockerNeutronConfigImage}
kolla_config:
/var/lib/kolla/config_files/neutron_api.json:
command:
list_join:
- ' '
- - /usr/bin/neutron-server --config-file /usr/share/neutron/neutron-dist.conf --config-dir /usr/share/neutron/server --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini --config-dir /etc/neutron/conf.d/common --config-dir /etc/neutron/conf.d/neutron-server
- get_attr: [NeutronLogging, cmd_extra_args]
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
permissions:
- path: /var/log/neutron
owner: neutron:neutron
recurse: true
/var/lib/kolla/config_files/neutron_server_tls_proxy.json:
command: /usr/sbin/httpd -DFOREGROUND
config_files:
- source: "/var/lib/kolla/config_files/src/etc/httpd/conf.d"
dest: "/etc/httpd/conf.d"
merge: false
preserve_properties: true
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
docker_config:
step_2:
get_attr: [NeutronLogging, docker_config, step_2]
step_3:
neutron_db_sync:
image: &neutron_api_image {get_param: DockerNeutronApiImage}
net: host
privileged: false
detach: false
user: root
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
- {get_attr: [NeutronLogging, volumes]}
-
- /var/lib/config-data/neutron/etc/my.cnf.d/tripleo.cnf:/etc/my.cnf.d/tripleo.cnf:ro
- /var/lib/config-data/neutron/etc/neutron:/etc/neutron:ro
command: ['/usr/bin/bootstrap_host_exec', 'neutron_api', 'neutron-db-manage', 'upgrade', 'heads']
# FIXME: we should make config file permissions right
# and run as neutron user
#command: "/usr/bin/bootstrap_host_exec neutron_api su neutron -s /bin/bash -c 'neutron-db-manage upgrade heads'"
step_4:
map_merge:
- neutron_api:
start_order: 0
image: *neutron_api_image
net: host
privileged: false
restart: always
healthcheck:
test: /openstack/healthcheck
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
- {get_attr: [NeutronLogging, volumes]}
- {get_param: NeutronApiOptVolumes}
-
- /var/lib/kolla/config_files/neutron_api.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/neutron/:/var/lib/kolla/config_files/src:ro
environment:
list_concat:
- {get_param: NeutronApiOptEnvVars}
-
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
- if:
- internal_tls_enabled
- neutron_server_tls_proxy:
image: *neutron_api_image
net: host
user: root
restart: always
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/neutron_server_tls_proxy.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/neutron/:/var/lib/kolla/config_files/src:ro
- /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
- /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
- {}
host_prep_tasks: {get_attr: [NeutronLogging, host_prep_tasks]}
upgrade_tasks:
- when: step|int == 3
block:
- name: Set fact for removal of openstack-neutron package
set_fact:
remove_neutron_package: {get_param: UpgradeRemoveUnusedPackages}
- name: Remove openstack-neutron package if operator requests it
package: name=openstack-neutron state=removed
ignore_errors: True
when: remove_neutron_package|bool
metadata_settings:
get_attr: [NeutronBase, role_data, metadata_settings]
post_upgrade_tasks:
- when: step|int == 1
import_role:
name: tripleo-docker-rm
vars:
containers_to_rm:
with_items:
list_concat:
- - neutron_api
- - if:
- internal_tls_enabled
- - neutron_server_tls_proxy
- null
fast_forward_upgrade_tasks:
- when:
- step|int == 0
- release == 'ocata'
block:
- name: Check if neutron_server is deployed
command: systemctl is-enabled --quiet neutron-server
ignore_errors: True
register: neutron_server_enabled_result
- name: Set fact neutron_server_enabled
set_fact:
neutron_server_enabled: "{{ neutron_server_enabled_result.rc == 0 }}"
- name: Stop neutron_server
service: name=neutron-server state=stopped enabled=no
when:
- step|int == 1
- release == 'ocata'
- neutron_server_enabled|bool
- when:
- step|int == 6
- is_bootstrap_node|bool
block:
- name: Neutron package update
package:
name: 'openstack-neutron*'
state: latest
- name: Neutron package update workaround
package: name=python-networking-odl state=latest
- name: Neutron db sync
command: neutron-db-manage upgrade head
when:
- step|int == 8
- is_bootstrap_node|bool

View File

@ -30,13 +30,13 @@ resource_registry:
OS::TripleO::Services::Memcached: ../deployment/memcached/memcached-container-puppet.yaml
OS::TripleO::Services::Multipathd: OS::Heat::None
OS::TripleO::Services::MySQL: ../puppet/services/database/mysql.yaml
OS::TripleO::Services::NeutronApi: ../puppet/services/neutron-api.yaml
OS::TripleO::Services::NeutronApi: ../deployment/neutron/neutron-api-container-puppet.yaml
OS::TripleO::Services::NeutronCorePlugin: ../puppet/services/neutron-plugin-ml2.yaml
OS::TripleO::Services::NeutronDhcpAgent: ../puppet/services/neutron-dhcp.yaml
OS::TripleO::Services::NeutronL3Agent: ../puppet/services/neutron-l3.yaml
OS::TripleO::Services::NeutronDhcpAgent: ../deployment/neutron/neutron-dhcp-container-puppet.yaml
OS::TripleO::Services::NeutronL3Agent: ../deployment/neutron/neutron-l3-container-puppet.yaml
OS::TripleO::Services::NeutronMetadataAgent: ../puppet/services/neutron-metadata.yaml
OS::TripleO::Services::NeutronOvsAgent: ../puppet/services/neutron-ovs-agent.yaml
OS::TripleO::Services::NeutronServer: ../puppet/services/neutron-api.yaml
OS::TripleO::Services::NeutronServer: ../deployment/neutron/neutron-api-container-puppet.yaml
OS::TripleO::Services::NovaApi: ../puppet/services/nova-api.yaml
OS::TripleO::Services::NovaCompute: ../puppet/services/nova-compute.yaml
OS::TripleO::Services::NovaConductor: ../puppet/services/nova-conductor.yaml

View File

@ -16,10 +16,10 @@ resource_registry:
OS::TripleO::Services::MistralEngine: ../deployment/mistral/mistral-engine-container-puppet.yaml
OS::TripleO::Services::MistralExecutor: ../deployment/mistral/mistral-executor-container-puppet.yaml
OS::TripleO::Services::MySQL: ../docker/services/database/mysql.yaml
OS::TripleO::Services::NeutronApi: ../docker/services/neutron-api.yaml
OS::TripleO::Services::NeutronApi: ../deployment/neutron/neutron-api-container-puppet.yaml
OS::TripleO::Services::NeutronCorePlugin: ../docker/services/neutron-plugin-ml2.yaml
OS::TripleO::Services::NeutronDhcpAgent: ../docker/services/neutron-dhcp.yaml
OS::TripleO::Services::NeutronServer: ../docker/services/neutron-api.yaml
OS::TripleO::Services::NeutronDhcpAgent: ../deployment/neutron/neutron-dhcp-container-puppet.yaml
OS::TripleO::Services::NeutronServer: ../deployment/neutron/neutron-api-container-puppet.yaml
OS::TripleO::Services::OsloMessagingRpc: ../docker/services/messaging/rpc-rabbitmq.yaml
OS::TripleO::Services::OsloMessagingNotify: ../docker/services/messaging/notify-rabbitmq-shared.yaml
OS::TripleO::Services::SwiftProxy: ../deployment/swift/swift-proxy-container-puppet.yaml

View File

@ -2,7 +2,7 @@
# This works by configuring L3 and Metadata agents on the
# compute nodes.
resource_registry:
OS::TripleO::Services::ComputeNeutronL3Agent: ../docker/services/neutron-l3.yaml
OS::TripleO::Services::ComputeNeutronL3Agent: ../deployment/neutron/neutron-l3-container-puppet.yaml
OS::TripleO::Services::ComputeNeutronMetadataAgent: ../docker/services/neutron-metadata.yaml
# With using default template values, the Compute nodes also need the br-ex

View File

@ -9,7 +9,7 @@
resource_registry:
OS::TripleO::Services::NeutronSriovAgent: ../../docker/services/neutron-sriov-agent.yaml
OS::TripleO::Services::NeutronSriovHostConfig: ../../puppet/services/neutron-sriov-host-config.yaml
OS::TripleO::Services::NeutronDhcpAgent: ../../docker/services/neutron-dhcp.yaml
OS::TripleO::Services::NeutronDhcpAgent: ../../deployment/neutron/neutron-dhcp-container-puppet.yaml
parameter_defaults:
NeutronMechanismDrivers: ['sriovnicswitch','ovn']

View File

@ -3,7 +3,7 @@
# tripleo network templates so some customization is likely required for
# production deployments.
resource_registry:
OS::TripleO::Services::ComputeNeutronL3Agent: ../../docker/services/neutron-l3.yaml
OS::TripleO::Services::ComputeNeutronL3Agent: ../../deployment/neutron/neutron-l3-container-puppet.yaml
OS::TripleO::Services::ComputeNeutronMetadataAgent: ../../docker/services/neutron-metadata.yaml
OS::TripleO::ComputeDVR::Net::SoftwareConfig: ../../net-config-bridge.yaml

View File

@ -134,9 +134,9 @@ resource_registry:
OS::TripleO::Services::NeutronBgpVpnApi: OS::Heat::None
OS::TripleO::Services::NeutronBgpVpnBagpipe: OS::Heat::None
OS::TripleO::Services::NeutronSfcApi: OS::Heat::None
OS::TripleO::Services::NeutronDhcpAgent: docker/services/neutron-dhcp.yaml
OS::TripleO::Services::NeutronDhcpAgent: deployment/neutron/neutron-dhcp-container-puppet.yaml
OS::TripleO::Services::NeutronL2gwApi: OS::Heat::None
OS::TripleO::Services::NeutronL3Agent: docker/services/neutron-l3.yaml
OS::TripleO::Services::NeutronL3Agent: deployment/neutron/neutron-l3-container-puppet.yaml
OS::TripleO::Services::NeutronL2gwAgent: OS::Heat::None
OS::TripleO::Services::NeutronLbaasv2Agent: OS::Heat::None
OS::TripleO::Services::NeutronLbaasv2Api: OS::Heat::None
@ -144,8 +144,8 @@ resource_registry:
OS::TripleO::Services::OVNMetadataAgent: OS::Heat::None
# FIXME(shardy) the duplicate NeutronServer line can be removed when we've updated
# the multinode job ControllerServices after this patch merges
OS::TripleO::Services::NeutronServer: docker/services/neutron-api.yaml
OS::TripleO::Services::NeutronApi: docker/services/neutron-api.yaml
OS::TripleO::Services::NeutronServer: deployment/neutron/neutron-api-container-puppet.yaml
OS::TripleO::Services::NeutronApi: deployment/neutron/neutron-api-container-puppet.yaml
OS::TripleO::Services::NeutronCorePlugin: docker/services/neutron-plugin-ml2.yaml
# can be the same as NeutronCorePlugin but some vendors install different
# things where VMs run

View File

@ -1,157 +0,0 @@
heat_template_version: rocky
description: >
OpenStack Neutron DHCP agent configured with Puppet
parameters:
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
Debug:
type: boolean
default: false
description: Set to True to enable debugging on all services.
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
NeutronEnableMetadataNetwork:
default: false
description: If True, DHCP provide metadata network. Requires either
IsolatedMetadata or ForceMetadata parameters to also be True.
type: boolean
NeutronEnableIsolatedMetadata:
default: false
description: If True, DHCP provide metadata route to VM.
type: boolean
NeutronEnableForceMetadata:
default: false
description: If True, DHCP always provides metadata route to VM.
type: boolean
NeutronEnableInternalDNS:
default: false
description: |
If True, enable the internal Neutron DNS server that provides name
resolution between VMs. This parameter has no effect if
NeutronDhcpAgentDnsmasqDnsServers is set.
type: boolean
MonitoringSubscriptionNeutronDhcp:
default: 'overcloud-neutron-dhcp'
type: string
NeutronDhcpAgentDebug:
default: ''
description: Set to True to enable debugging for Neutron DHCP agent.
type: string
constraints:
- allowed_values: [ '', 'true', 'True', 'TRUE', 'false', 'False', 'FALSE']
NeutronDhcpAgentLoggingSource:
type: json
default:
tag: openstack.neutron.agent.dhcp
path: /var/log/neutron/dhcp-agent.log
NeutronDhcpAgentDnsmasqDnsServers:
default: []
description: List of servers to use as dnsmasq forwarders
type: comma_delimited_list
NeutronInterfaceDriver:
default: 'neutron.agent.linux.interface.OVSInterfaceDriver'
description: Neutron DHCP Agent interface driver
type: string
EnableInternalTLS:
type: boolean
default: false
InternalTLSCAFile:
default: '/etc/ipa/ca.crt'
type: string
description: Specifies the default CA cert to use if TLS is used for
services in the internal network.
NeutronDhcpOvsIntegrationBridge:
default: ''
type: string
description: Name of Open vSwitch bridge to use
conditions:
service_debug_unset: {equals: [{get_param: NeutronDhcpAgentDebug}, '']}
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
dhcp_ovs_intergation_bridge_unset: {equals: [{get_param: NeutronDhcpOvsIntegrationBridge}, '']}
resources:
NeutronBase:
type: ./neutron-base.yaml
properties:
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the Neutron DHCP agent service.
value:
service_name: neutron_dhcp
monitoring_subscription: {get_param: MonitoringSubscriptionNeutronDhcp}
config_settings:
map_merge:
- get_attr: [NeutronBase, role_data, config_settings]
- neutron::agents::dhcp::enable_isolated_metadata: {get_param: NeutronEnableIsolatedMetadata}
neutron::agents::dhcp::enable_force_metadata: {get_param: NeutronEnableForceMetadata}
neutron::agents::dhcp::enable_metadata_network: {get_param: NeutronEnableMetadataNetwork}
neutron::agents::dhcp::dnsmasq_local_resolv: {get_param: NeutronEnableInternalDNS}
neutron::agents::dhcp::dnsmasq_dns_servers: {get_param: NeutronDhcpAgentDnsmasqDnsServers}
neutron::agents::dhcp::interface_driver: {get_param: NeutronInterfaceDriver}
neutron::agents::dhcp::debug:
if:
- service_debug_unset
- {get_param: Debug}
- {get_param: NeutronDhcpAgentDebug}
tripleo::neutron_dhcp::firewall_rules:
'115 neutron dhcp input':
proto: 'udp'
dport: 67
'116 neutron dhcp output':
proto: 'udp'
chain: 'OUTPUT'
dport: 68
- if:
- internal_tls_enabled
- neutron::agents::dhcp::ovsdb_agent_ssl_key_file: '/etc/pki/tls/private/neutron.key'
neutron::agents::dhcp::ovsdb_agent_ssl_cert_file: '/etc/pki/tls/certs/neutron.crt'
neutron::agents::dhcp::ovsdb_agent_ssl_ca_file: {get_param: InternalTLSCAFile}
- {}
- if:
- dhcp_ovs_intergation_bridge_unset
- {}
- neutron::agents::dhcp::ovs_integration_bridge: {get_param: NeutronDhcpOvsIntegrationBridge}
service_config_settings:
fluentd:
tripleo_fluentd_groups_neutron_dhcp:
- neutron
tripleo_fluentd_sources_neutron_dhcp:
- {get_param: NeutronDhcpAgentLoggingSource}
step_config: |
include tripleo::profile::base::neutron::dhcp
upgrade_tasks: []
metadata_settings:
get_attr: [NeutronBase, role_data, metadata_settings]

View File

@ -1,122 +0,0 @@
heat_template_version: rocky
description: >
OpenStack Neutron L3 agent configured with Puppet
parameters:
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
Debug:
type: boolean
default: false
description: Set to True to enable debugging on all services.
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
NeutronL3AgentMode:
description: |
Agent mode for L3 agent. Must be one of legacy or dvr_snat.
default: 'legacy'
type: string
constraints:
- allowed_values:
- legacy
- dvr_snat
- dvr
tags:
- role_specific
MonitoringSubscriptionNeutronL3:
default: 'overcloud-neutron-l3-agent'
type: string
NeutronL3AgentDebug:
default: ''
description: Set to True to enable debugging for Neutron L3 agent.
type: string
constraints:
- allowed_values: [ '', 'true', 'True', 'TRUE', 'false', 'False', 'FALSE']
NeutronL3AgentLoggingSource:
type: json
default:
tag: openstack.neutron.agent.l3
path: /var/log/neutron/l3-agent.log
conditions:
service_debug_unset: {equals: [{get_param: NeutronL3AgentDebug}, '']}
resources:
NeutronBase:
type: ./neutron-base.yaml
properties:
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
# Merging role-specific parameters (RoleParameters) with the default parameters.
# RoleParameters will have the precedence over the default parameters.
RoleParametersValue:
type: OS::Heat::Value
properties:
type: json
value:
map_replace:
- map_replace:
- neutron::agents::l3::agent_mode: NeutronL3AgentMode
- values: {get_param: [RoleParameters]}
- values:
NeutronL3AgentMode: {get_param: NeutronL3AgentMode}
outputs:
role_data:
description: Role data for the Neutron L3 agent service.
value:
service_name: neutron_l3
monitoring_subscription: {get_param: MonitoringSubscriptionNeutronL3}
config_settings:
map_merge:
- get_attr: [NeutronBase, role_data, config_settings]
- get_attr: [RoleParametersValue, value]
- neutron::agents::l3::debug:
if:
- service_debug_unset
- {get_param: Debug}
- {get_param: NeutronL3AgentDebug}
tripleo::neutron_l3::firewall_rules:
'106 neutron_l3 vrrp':
proto: vrrp
service_config_settings:
fluentd:
tripleo_fluentd_groups_neutron_l3:
- neutron
tripleo_fluentd_sources_neutron_l3:
- {get_param: NeutronL3AgentLoggingSource}
step_config: |
include tripleo::profile::base::neutron::l3
upgrade_tasks: []
metadata_settings:
get_attr: [NeutronBase, role_data, metadata_settings]

View File

@ -26,7 +26,7 @@ environments:
puppet/services/neutron-plugin-ml2.yaml:
parameters:
- NeutronPluginExtensions
puppet/services/neutron-dhcp.yaml:
deployment/neutron/neutron-dhcp-container-puppet.yaml:
parameters:
- NeutronEnableInternalDNS
puppet/services/designate-central.yaml:

View File

@ -9,7 +9,7 @@ environments:
puppet/services/neutron-base.yaml:
parameters:
- NeutronCorePlugin
puppet/services/neutron-dhcp.yaml:
deployment/neutron/neutron-dhcp-container-puppet.yaml:
parameters:
- NeutronEnableIsolatedMetadata
sample_values: