Merge "Add support for OVN Metadata Agent"
This commit is contained in:
Zuul
Gerrit Code Review
commit
b993f5aba7
|
|
@ -3,6 +3,7 @@ resource_registry:
|
|||
OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode-os-net-config.yaml
|
||||
OS::TripleO::Services::OVNController: ../../docker/services/ovn-controller.yaml
|
||||
OS::TripleO::Services::OVNDBs: ../../docker/services/ovn-dbs.yaml
|
||||
OS::TripleO::Services::OVNMetadataAgent: ../../docker/services/ovn-metadata.yaml
|
||||
# Some infra instances don't pass the ping test but are otherwise working.
|
||||
# Since the OVB jobs also test this functionality we can shut it off here.
|
||||
OS::TripleO::AllNodes::Validation: ../common/all-nodes-validation-disabled.yaml
|
||||
|
|
@ -30,6 +31,7 @@ parameter_defaults:
|
|||
- OS::TripleO::Services::NeutronCorePlugin
|
||||
- OS::TripleO::Services::OVNDBs
|
||||
- OS::TripleO::Services::OVNController
|
||||
- OS::TripleO::Services::OVNMetadataAgent
|
||||
- OS::TripleO::Services::RabbitMQ
|
||||
- OS::TripleO::Services::HAproxy
|
||||
- OS::TripleO::Services::Keepalived
|
||||
|
|
|
|||
|
|
@ -0,0 +1,154 @@
|
|||
heat_template_version: queens
|
||||
|
||||
description: >
|
||||
OpenStack containerized OVN Metadata agent
|
||||
|
||||
parameters:
|
||||
DockerOvnMetadataImage:
|
||||
description: image
|
||||
type: string
|
||||
DockerNeutronConfigImage:
|
||||
description: The container image to use for the neutron config_volume
|
||||
type: string
|
||||
ServiceData:
|
||||
default: {}
|
||||
description: Dictionary packing service data
|
||||
type: json
|
||||
ServiceNetMap:
|
||||
default: {}
|
||||
description: Mapping of service_name -> network name. Typically set
|
||||
via parameter_defaults in the resource registry. This
|
||||
mapping overrides those in ServiceNetMapDefaults.
|
||||
type: json
|
||||
DefaultPasswords:
|
||||
default: {}
|
||||
type: json
|
||||
EndpointMap:
|
||||
default: {}
|
||||
description: Mapping of service endpoint -> protocol. Typically set
|
||||
via parameter_defaults in the resource registry.
|
||||
type: json
|
||||
RoleName:
|
||||
default: ''
|
||||
description: Role name on which the service is applied
|
||||
type: string
|
||||
RoleParameters:
|
||||
default: {}
|
||||
description: Parameters specific to the role
|
||||
type: json
|
||||
|
||||
resources:
|
||||
|
||||
ContainersCommon:
|
||||
type: ./containers-common.yaml
|
||||
|
||||
OVNMetadataBase:
|
||||
type: ../../puppet/services/ovn-metadata.yaml
|
||||
properties:
|
||||
EndpointMap: {get_param: EndpointMap}
|
||||
ServiceData: {get_param: ServiceData}
|
||||
ServiceNetMap: {get_param: ServiceNetMap}
|
||||
DefaultPasswords: {get_param: DefaultPasswords}
|
||||
RoleName: {get_param: RoleName}
|
||||
RoleParameters: {get_param: RoleParameters}
|
||||
|
||||
NeutronLogging:
|
||||
type: OS::TripleO::Services::Logging::NeutronCommon
|
||||
|
||||
outputs:
|
||||
role_data:
|
||||
description: Role data for OVNMetadata agent
|
||||
value:
|
||||
service_name: {get_attr: [OVNMetadataBase, role_data, service_name]}
|
||||
config_settings:
|
||||
map_merge:
|
||||
- get_attr: [OVNMetadataBase, role_data, config_settings]
|
||||
- get_attr: [NeutronLogging, config_settings]
|
||||
logging_source: {get_attr: [OVNMetadataBase, role_data, logging_source]}
|
||||
logging_groups: {get_attr: [OVNMetadataBase, role_data, logging_groups]}
|
||||
puppet_config:
|
||||
puppet_tags: neutron_config,ovn_metadata_agent_config
|
||||
config_volume: neutron
|
||||
step_config:
|
||||
get_attr: [OVNMetadataBase, role_data, step_config]
|
||||
config_image: {get_param: DockerNeutronConfigImage}
|
||||
volumes:
|
||||
- /lib/modules:/lib/modules:ro
|
||||
- /run/openvswitch:/run/openvswitch
|
||||
kolla_config:
|
||||
/var/lib/kolla/config_files/ovn_metadata_agent.json:
|
||||
command: /usr/bin/networking-ovn-metadata-agent --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/networking-ovn/networking-ovn-metadata-agent.ini --config-dir /etc/neutron/conf.d/networking-ovn-metadata-agent
|
||||
config_files:
|
||||
- source: "/var/lib/kolla/config_files/src/*"
|
||||
dest: "/"
|
||||
merge: true
|
||||
preserve_properties: true
|
||||
permissions:
|
||||
- path: /var/log/neutron
|
||||
owner: neutron:neutron
|
||||
recurse: true
|
||||
- path: /var/lib/neutron
|
||||
owner: neutron:neutron
|
||||
recurse: true
|
||||
docker_config_scripts: {get_attr: [ContainersCommon, docker_config_scripts]}
|
||||
docker_config:
|
||||
step_4:
|
||||
setup_ovs_manager:
|
||||
start_order: 0
|
||||
detach: false
|
||||
net: host
|
||||
privileged: true
|
||||
user: root
|
||||
command: # '/docker_puppet_apply.sh "STEP" "TAGS" "CONFIG" "DEBUG"'
|
||||
list_concat:
|
||||
- - '/docker_puppet_apply.sh'
|
||||
- '4'
|
||||
- 'exec'
|
||||
- 'include ::tripleo::profile::base::neutron::ovn_metadata'
|
||||
image: {get_param: DockerOvnMetadataImage}
|
||||
volumes:
|
||||
list_concat:
|
||||
- {get_attr: [ContainersCommon, docker_puppet_apply_volumes]}
|
||||
- - /lib/modules:/lib/modules:ro
|
||||
- /run/openvswitch:/run/openvswitch
|
||||
ovn_metadata_agent:
|
||||
start_order: 1
|
||||
image: {get_param: DockerOvnMetadataImage}
|
||||
net: host
|
||||
privileged: true
|
||||
restart: always
|
||||
healthcheck:
|
||||
test: /openstack/healthcheck
|
||||
volumes:
|
||||
list_concat:
|
||||
- {get_attr: [ContainersCommon, volumes]}
|
||||
- {get_attr: [NeutronLogging, volumes]}
|
||||
-
|
||||
- /var/lib/kolla/config_files/ovn_metadata_agent.json:/var/lib/kolla/config_files/config.json:ro
|
||||
- /var/lib/config-data/puppet-generated/neutron/:/var/lib/kolla/config_files/src:ro
|
||||
- /lib/modules:/lib/modules:ro
|
||||
- /run/openvswitch:/run/openvswitch
|
||||
- /var/lib/neutron:/var/lib/neutron
|
||||
environment:
|
||||
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
|
||||
host_prep_tasks:
|
||||
list_concat:
|
||||
- {get_attr: [NeutronLogging, host_prep_tasks]}
|
||||
- - name: create /var/lib/neutron
|
||||
file:
|
||||
path: /var/lib/neutron
|
||||
state: directory
|
||||
upgrade_tasks:
|
||||
- name: Check if ovn_metadata_agent is deployed
|
||||
command: systemctl is-enabled --quiet networking-ovn-metadata-agent
|
||||
tags: common
|
||||
ignore_errors: True
|
||||
register: networking_ovn_metadata_agent_enabled
|
||||
- name: "PreUpgrade step0,validation: Check service networking-ovn-metadata-agent is running"
|
||||
command: systemctl is-active --quiet networking-ovn-metadata-agent
|
||||
when: networking_ovn_metadata_agent_enabled.rc == 0
|
||||
tags: step0,validation
|
||||
- name: Stop and disable networking_ovn_metadata service
|
||||
tags: step2
|
||||
when: networking_ovn_metadata_agent_enabled.rc == 0
|
||||
service: name=networking-ovn-metadata-agent state=stopped enabled=no
|
||||
|
|
@ -52,6 +52,7 @@ parameter_defaults:
|
|||
- OS::TripleO::Services::Docker
|
||||
- OS::TripleO::Services::Iscsid
|
||||
- OS::TripleO::Services::OVNController
|
||||
- OS::TripleO::Services::OVNMetadataAgent
|
||||
- OS::TripleO::Services::RsyslogSidecar
|
||||
- OS::TripleO::Services::LoginDefs
|
||||
- OS::TripleO::Services::Rhsm
|
||||
|
|
|
|||
|
|
@ -4,6 +4,7 @@ resource_registry:
|
|||
OS::TripleO::Services::NeutronCorePlugin: OS::TripleO::Services::NeutronCorePluginML2OVN
|
||||
OS::TripleO::Services::OVNController: ../puppet/services/ovn-controller.yaml
|
||||
OS::TripleO::Services::OVNDBs: ../puppet/services/pacemaker/ovn-dbs.yaml
|
||||
OS::TripleO::Services::OVNMetadataAgent: ../puppet/services/ovn-metadata.yaml
|
||||
# Disabling Neutron services that overlap with OVN
|
||||
OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None
|
||||
OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None
|
||||
|
|
|
|||
|
|
@ -4,6 +4,7 @@ resource_registry:
|
|||
OS::TripleO::Services::NeutronCorePlugin: OS::TripleO::Services::NeutronCorePluginML2OVN
|
||||
OS::TripleO::Services::OVNController: ../puppet/services/ovn-controller.yaml
|
||||
OS::TripleO::Services::OVNDBs: ../puppet/services/ovn-dbs.yaml
|
||||
OS::TripleO::Services::OVNMetadataAgent: ../puppet/services/ovn-metadata.yaml
|
||||
# Disabling Neutron services that overlap with OVN
|
||||
OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None
|
||||
OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None
|
||||
|
|
|
|||
|
|
@ -3,6 +3,7 @@ resource_registry:
|
|||
OS::TripleO::Docker::NeutronMl2PluginBase: ../../puppet/services/neutron-plugin-ml2-ovn.yaml
|
||||
OS::TripleO::Services::OVNController: ../../docker/services/ovn-controller.yaml
|
||||
OS::TripleO::Services::OVNDBs: ../../docker/services/pacemaker/ovn-dbs.yaml
|
||||
OS::TripleO::Services::OVNMetadataAgent: ../../docker/services/ovn-metadata.yaml
|
||||
# Disabling Neutron services that overlap with OVN
|
||||
OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None
|
||||
OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None
|
||||
|
|
|
|||
|
|
@ -3,6 +3,7 @@ resource_registry:
|
|||
OS::TripleO::Docker::NeutronMl2PluginBase: ../../puppet/services/neutron-plugin-ml2-ovn.yaml
|
||||
OS::TripleO::Services::OVNController: ../../docker/services/ovn-controller.yaml
|
||||
OS::TripleO::Services::OVNDBs: ../../docker/services/ovn-dbs.yaml
|
||||
OS::TripleO::Services::OVNMetadataAgent: ../../docker/services/ovn-metadata.yaml
|
||||
# Disabling Neutron services that overlap with OVN
|
||||
OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None
|
||||
OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None
|
||||
|
|
|
|||
|
|
@ -153,6 +153,7 @@ resource_registry:
|
|||
OS::TripleO::Services::NeutronL2gwAgent: OS::Heat::None
|
||||
OS::TripleO::Services::NeutronLbaasv2Agent: OS::Heat::None
|
||||
OS::TripleO::Services::NeutronMetadataAgent: puppet/services/neutron-metadata.yaml
|
||||
OS::TripleO::Services::OVNMetadataAgent: OS::Heat::None
|
||||
# FIXME(shardy) the duplicate NeutronServer line can be removed when we've updated
|
||||
# the multinode job ControllerServices after this patch merges
|
||||
OS::TripleO::Services::NeutronServer: puppet/services/neutron-api.yaml
|
||||
|
|
|
|||
|
|
@ -67,6 +67,10 @@ parameters:
|
|||
description: Enable Neutron DVR.
|
||||
default: false
|
||||
type: boolean
|
||||
OVNMetadataEnabled:
|
||||
description: Whether Metadata Service has to be enabled
|
||||
type: boolean
|
||||
default: true
|
||||
|
||||
resources:
|
||||
|
||||
|
|
@ -93,6 +97,7 @@ outputs:
|
|||
neutron::plugins::ml2::ovn::neutron_sync_mode: {get_param: OVNNeutronSyncMode}
|
||||
neutron::plugins::ml2::ovn::ovn_l3_mode: true
|
||||
neutron::plugins::ml2::ovn::vif_type: {get_param: OVNVifType}
|
||||
neutron::plugins::ml2::ovn::ovn_metadata_enabled: {get_param: OVNMetadataEnabled}
|
||||
neutron::server::qos_notification_drivers: {get_param: OVNQosDriver}
|
||||
neutron::plugins::ml2::max_header_size: {get_param: NeutronGeneveMaxHeaderSize}
|
||||
neutron::plugins::ml2::ovn::dvr_enabled: {get_param: NeutronEnableDVR}
|
||||
|
|
|
|||
|
|
@ -53,6 +53,10 @@ parameters:
|
|||
Name of the OVS bridge to use as integration bridge by OVN Controller.
|
||||
type: string
|
||||
default: "br-int"
|
||||
OVNMetadataEnabled:
|
||||
description: Whether Metadata Service has to be enabled
|
||||
type: boolean
|
||||
default: true
|
||||
|
||||
|
||||
resources:
|
||||
|
|
@ -70,6 +74,9 @@ resources:
|
|||
- values:
|
||||
NeutronBridgeMappings: {get_param: NeutronBridgeMappings}
|
||||
|
||||
conditions:
|
||||
force_config_drive: {equals: [{get_param: OVNMetadataEnabled}, false]}
|
||||
|
||||
outputs:
|
||||
role_data:
|
||||
description: Role data for the OVN Controller agent
|
||||
|
|
@ -82,7 +89,7 @@ outputs:
|
|||
ovn::controller::ovn_encap_type: {get_param: OVNTunnelEncapType}
|
||||
ovn::controller::ovn_encap_ip: {get_param: [ServiceNetMap, NeutronTenantNetwork]}
|
||||
ovn::controller::ovn_bridge: {get_param: OVNIntegrationBridge}
|
||||
nova::compute::force_config_drive: true
|
||||
nova::compute::force_config_drive: {if: [force_config_drive, true, false]}
|
||||
tripleo.ovn_controller.firewall_rules:
|
||||
'118 neutron vxlan networks':
|
||||
proto: 'udp'
|
||||
|
|
|
|||
|
|
@ -0,0 +1,123 @@
|
|||
heat_template_version: pike
|
||||
|
||||
description: >
|
||||
OpenStack Networking-ovn Metadata agent configured with Puppet
|
||||
|
||||
parameters:
|
||||
ServiceData:
|
||||
default: {}
|
||||
description: Dictionary packing service data
|
||||
type: json
|
||||
ServiceNetMap:
|
||||
default: {}
|
||||
description: Mapping of service_name -> network name. Typically set
|
||||
via parameter_defaults in the resource registry. This
|
||||
mapping overrides those in ServiceNetMapDefaults.
|
||||
type: json
|
||||
DefaultPasswords:
|
||||
default: {}
|
||||
type: json
|
||||
RoleName:
|
||||
default: ''
|
||||
description: Role name on which the service is applied
|
||||
type: string
|
||||
RoleParameters:
|
||||
default: {}
|
||||
description: Parameters specific to the role
|
||||
type: json
|
||||
EndpointMap:
|
||||
default: {}
|
||||
description: Mapping of service endpoint -> protocol. Typically set
|
||||
via parameter_defaults in the resource registry.
|
||||
type: json
|
||||
NeutronMetadataProxySharedSecret:
|
||||
description: Shared secret to prevent spoofing
|
||||
type: string
|
||||
hidden: true
|
||||
NeutronWorkers:
|
||||
default: ''
|
||||
description: |
|
||||
Sets the number of worker processes for the neutron metadata agent. The
|
||||
default value results in the configuration being left unset and a
|
||||
system-dependent default will be chosen (usually the number of
|
||||
processors). Please note that this can result in a large number of
|
||||
processes and memory consumption on systems with a large core count. On
|
||||
such systems it is recommended that a non-default value be selected that
|
||||
matches the load requirements.
|
||||
type: string
|
||||
NeutronPassword:
|
||||
description: The password for the neutron service and db account, used by neutron agents.
|
||||
type: string
|
||||
hidden: true
|
||||
OVNSouthboundServerPort:
|
||||
description: Port of the OVN Southbound DB server
|
||||
type: number
|
||||
default: 6642
|
||||
OVNDbConnectionTimeout:
|
||||
description: Timeout in seconds for the OVSDB connection transaction
|
||||
type: number
|
||||
default: 180
|
||||
MonitoringSubscriptionOvnMetadata:
|
||||
default: 'overcloud-ovn-metadata'
|
||||
type: string
|
||||
OvnMetadataAgentLoggingSource:
|
||||
type: json
|
||||
default:
|
||||
tag: openstack.neutron.agent.ovn-metadata
|
||||
path: /var/log/neutron/networking-ovn-metadata-agent.log
|
||||
|
||||
conditions:
|
||||
neutron_workers_unset: {equals : [{get_param: NeutronWorkers}, '']}
|
||||
|
||||
resources:
|
||||
|
||||
NeutronBase:
|
||||
type: ./neutron-base.yaml
|
||||
properties:
|
||||
ServiceData: {get_param: ServiceData}
|
||||
ServiceNetMap: {get_param: ServiceNetMap}
|
||||
DefaultPasswords: {get_param: DefaultPasswords}
|
||||
EndpointMap: {get_param: EndpointMap}
|
||||
RoleName: {get_param: RoleName}
|
||||
RoleParameters: {get_param: RoleParameters}
|
||||
|
||||
outputs:
|
||||
role_data:
|
||||
description: Role data for the Networking-ovn Metadata agent service.
|
||||
value:
|
||||
service_name: ovn_metadata
|
||||
monitoring_subscription: {get_param: MonitoringSubscriptionOvnMetadata}
|
||||
logging_source: {get_param: OvnMetadataAgentLoggingSource}
|
||||
logging_groups:
|
||||
- neutron
|
||||
config_settings:
|
||||
map_merge:
|
||||
- get_attr: [NeutronBase, role_data, config_settings]
|
||||
- neutron::agents::ovn_metadata::shared_secret: {get_param: NeutronMetadataProxySharedSecret}
|
||||
neutron::agents::ovn_metadata::auth_password: {get_param: NeutronPassword}
|
||||
neutron::agents::ovn_metadata::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
|
||||
neutron::agents::ovn_metadata::auth_tenant: 'service'
|
||||
neutron::agents::ovn_metadata::metadata_ip: "%{hiera('nova_metadata_vip')}"
|
||||
neutron::agents::ovn_metadata::ovsdb_connection_timeout: {get_param: OVNDbConnectionTimeout}
|
||||
ovn::southbound::port: {get_param: OVNSouthboundServerPort}
|
||||
-
|
||||
if:
|
||||
- neutron_workers_unset
|
||||
- {}
|
||||
- neutron::agents::ovn_metadata::metadata_workers: {get_param: NeutronWorkers}
|
||||
step_config: |
|
||||
include tripleo::profile::base::neutron::ovn_metadata
|
||||
upgrade_tasks:
|
||||
- name: Check if networking_ovn_metadata_agent is deployed
|
||||
command: systemctl is-enabled networking-ovn-metadata-agent
|
||||
tags: common
|
||||
ignore_errors: True
|
||||
register: networking_ovn_metadata_agent_enabled
|
||||
- name: "PreUpgrade step0,validation: Check service networking-ovn-metadata-agent is running"
|
||||
shell: /usr/bin/systemctl show 'networking-ovn-metadata-agent' --property ActiveState | grep '\bactive\b'
|
||||
when: networking_ovn_metadata_agent_enabled.rc == 0
|
||||
tags: step0,validation
|
||||
- name: Stop networking_ovn_metadata service
|
||||
tags: step1
|
||||
when: neutron_metadata_agent_enabled.rc == 0
|
||||
service: name=networking-ovn-metadata-agent state=stopped
|
||||
|
|
@ -0,0 +1,8 @@
|
|||
---
|
||||
features:
|
||||
- Adds ability to configure metadata agent for networking-ovn based
|
||||
deployments.
|
||||
upgrade:
|
||||
- force_config_drive is now set to False in Nova. Instances will now
|
||||
fetch their metadata from the metadata service instead from the config
|
||||
drive.
|
||||
|
|
@ -61,3 +61,4 @@
|
|||
- OS::TripleO::Services::Tuned
|
||||
- OS::TripleO::Services::Vpp
|
||||
- OS::TripleO::Services::OVNController
|
||||
- OS::TripleO::Services::OVNMetadataAgent
|
||||
|
|
|
|||
|
|
@ -52,3 +52,4 @@
|
|||
- OS::TripleO::Services::Tuned
|
||||
- OS::TripleO::Services::Vpp
|
||||
- OS::TripleO::Services::OVNController
|
||||
- OS::TripleO::Services::OVNMetadataAgent
|
||||
|
|
|
|||
|
|
@ -37,6 +37,7 @@
|
|||
- OS::TripleO::Services::Ntp
|
||||
- OS::TripleO::Services::ContainersLogrotateCrond
|
||||
- OS::TripleO::Services::OpenDaylightOvs
|
||||
- OS::TripleO::Services::OVNMetadataAgent
|
||||
- OS::TripleO::Services::Rhsm
|
||||
- OS::TripleO::Services::RsyslogSidecar
|
||||
- OS::TripleO::Services::Securetty
|
||||
|
|
|
|||
|
|
@ -52,3 +52,4 @@
|
|||
- OS::TripleO::Services::TripleoPackages
|
||||
- OS::TripleO::Services::Vpp
|
||||
- OS::TripleO::Services::OVNController
|
||||
- OS::TripleO::Services::OVNMetadataAgent
|
||||
|
|
|
|||
|
|
@ -58,3 +58,4 @@
|
|||
- OS::TripleO::Services::Tuned
|
||||
- OS::TripleO::Services::Vpp
|
||||
- OS::TripleO::Services::OVNController
|
||||
- OS::TripleO::Services::OVNMetadataAgent
|
||||
|
|
|
|||
|
|
@ -54,3 +54,4 @@
|
|||
- OS::TripleO::Services::Tuned
|
||||
- OS::TripleO::Services::Vpp
|
||||
- OS::TripleO::Services::OVNController
|
||||
- OS::TripleO::Services::OVNMetadataAgent
|
||||
|
|
|
|||
|
|
@ -55,3 +55,4 @@
|
|||
- OS::TripleO::Services::Tuned
|
||||
- OS::TripleO::Services::Vpp
|
||||
- OS::TripleO::Services::OVNController
|
||||
- OS::TripleO::Services::OVNMetadataAgent
|
||||
|
|
|
|||
|
|
@ -54,3 +54,4 @@
|
|||
- OS::TripleO::Services::Tuned
|
||||
- OS::TripleO::Services::Vpp
|
||||
- OS::TripleO::Services::OVNController
|
||||
- OS::TripleO::Services::OVNMetadataAgent
|
||||
|
|
|
|||
|
|
@ -218,6 +218,7 @@
|
|||
- OS::TripleO::Services::Tuned
|
||||
- OS::TripleO::Services::Vpp
|
||||
- OS::TripleO::Services::OVNController
|
||||
- OS::TripleO::Services::OVNMetadataAgent
|
||||
###############################################################################
|
||||
# Role: BlockStorage #
|
||||
###############################################################################
|
||||
|
|
|
|||
Loading…
Reference in New Issue