openstack/tripleo-heat-templates
Code Issues Proposed changes

Merge "Add support for OVN Metadata Agent"

Browse Source
This commit is contained in:
Zuul 2018-01-13 10:47:15 +00:00 committed by Gerrit Code Review
commit b993f5aba7
21 changed files with 315 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ci/environments/scenario007-multinode-containers.yaml
View File

@ -3,6 +3,7 @@ resource_registry:
OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode-os-net-config.yaml
OS::TripleO::Services::OVNController: ../../docker/services/ovn-controller.yaml
OS::TripleO::Services::OVNDBs: ../../docker/services/ovn-dbs.yaml
OS::TripleO::Services::OVNMetadataAgent: ../../docker/services/ovn-metadata.yaml
# Some infra instances don't pass the ping test but are otherwise working.
# Since the OVB jobs also test this functionality we can shut it off here.
OS::TripleO::AllNodes::Validation: ../common/all-nodes-validation-disabled.yaml
@ -30,6 +31,7 @@ parameter_defaults:
- OS::TripleO::Services::NeutronCorePlugin
- OS::TripleO::Services::OVNDBs
- OS::TripleO::Services::OVNController
- OS::TripleO::Services::OVNMetadataAgent
- OS::TripleO::Services::RabbitMQ
- OS::TripleO::Services::HAproxy
- OS::TripleO::Services::Keepalived

154
docker/services/ovn-metadata.yaml Normal file
View File

@ -0,0 +1,154 @@
heat_template_version: queens
description: >
OpenStack containerized OVN Metadata agent
parameters:
DockerOvnMetadataImage:
description: image
type: string
DockerNeutronConfigImage:
description: The container image to use for the neutron config_volume
type: string
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
resources:
ContainersCommon:
type: ./containers-common.yaml
OVNMetadataBase:
type: ../../puppet/services/ovn-metadata.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
NeutronLogging:
type: OS::TripleO::Services::Logging::NeutronCommon
outputs:
role_data:
description: Role data for OVNMetadata agent
value:
service_name: {get_attr: [OVNMetadataBase, role_data, service_name]}
config_settings:
map_merge:
- get_attr: [OVNMetadataBase, role_data, config_settings]
- get_attr: [NeutronLogging, config_settings]
logging_source: {get_attr: [OVNMetadataBase, role_data, logging_source]}
logging_groups: {get_attr: [OVNMetadataBase, role_data, logging_groups]}
puppet_config:
puppet_tags: neutron_config,ovn_metadata_agent_config
config_volume: neutron
step_config:
get_attr: [OVNMetadataBase, role_data, step_config]
config_image: {get_param: DockerNeutronConfigImage}
volumes:
- /lib/modules:/lib/modules:ro
- /run/openvswitch:/run/openvswitch
kolla_config:
/var/lib/kolla/config_files/ovn_metadata_agent.json:
command: /usr/bin/networking-ovn-metadata-agent --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/networking-ovn/networking-ovn-metadata-agent.ini --config-dir /etc/neutron/conf.d/networking-ovn-metadata-agent
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
permissions:
- path: /var/log/neutron
owner: neutron:neutron
recurse: true
- path: /var/lib/neutron
owner: neutron:neutron
recurse: true
docker_config_scripts: {get_attr: [ContainersCommon, docker_config_scripts]}
docker_config:
step_4:
setup_ovs_manager:
start_order: 0
detach: false
net: host
privileged: true
user: root
command: # '/docker_puppet_apply.sh "STEP" "TAGS" "CONFIG" "DEBUG"'
list_concat:
- - '/docker_puppet_apply.sh'
- '4'
- 'exec'
- 'include ::tripleo::profile::base::neutron::ovn_metadata'
image: {get_param: DockerOvnMetadataImage}
volumes:
list_concat:
- {get_attr: [ContainersCommon, docker_puppet_apply_volumes]}
- - /lib/modules:/lib/modules:ro
- /run/openvswitch:/run/openvswitch
ovn_metadata_agent:
start_order: 1
image: {get_param: DockerOvnMetadataImage}
net: host
privileged: true
restart: always
healthcheck:
test: /openstack/healthcheck
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
- {get_attr: [NeutronLogging, volumes]}
-
- /var/lib/kolla/config_files/ovn_metadata_agent.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/neutron/:/var/lib/kolla/config_files/src:ro
- /lib/modules:/lib/modules:ro
- /run/openvswitch:/run/openvswitch
- /var/lib/neutron:/var/lib/neutron
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
list_concat:
- {get_attr: [NeutronLogging, host_prep_tasks]}
- - name: create /var/lib/neutron
file:
path: /var/lib/neutron
state: directory
upgrade_tasks:
- name: Check if ovn_metadata_agent is deployed
command: systemctl is-enabled --quiet networking-ovn-metadata-agent
tags: common
ignore_errors: True
register: networking_ovn_metadata_agent_enabled
- name: "PreUpgrade step0,validation: Check service networking-ovn-metadata-agent is running"
command: systemctl is-active --quiet networking-ovn-metadata-agent
when: networking_ovn_metadata_agent_enabled.rc == 0
tags: step0,validation
- name: Stop and disable networking_ovn_metadata service
tags: step2
when: networking_ovn_metadata_agent_enabled.rc == 0
service: name=networking-ovn-metadata-agent state=stopped enabled=no

1
environments/hyperconverged-ceph.yaml
View File

@ -52,6 +52,7 @@ parameter_defaults:
- OS::TripleO::Services::Docker
- OS::TripleO::Services::Iscsid
- OS::TripleO::Services::OVNController
- OS::TripleO::Services::OVNMetadataAgent
- OS::TripleO::Services::RsyslogSidecar
- OS::TripleO::Services::LoginDefs
- OS::TripleO::Services::Rhsm

1
environments/neutron-ml2-ovn-ha.yaml
View File

@ -4,6 +4,7 @@ resource_registry:
OS::TripleO::Services::NeutronCorePlugin: OS::TripleO::Services::NeutronCorePluginML2OVN
OS::TripleO::Services::OVNController: ../puppet/services/ovn-controller.yaml
OS::TripleO::Services::OVNDBs: ../puppet/services/pacemaker/ovn-dbs.yaml
OS::TripleO::Services::OVNMetadataAgent: ../puppet/services/ovn-metadata.yaml
# Disabling Neutron services that overlap with OVN
OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None
OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None

1
environments/neutron-ml2-ovn.yaml
View File

@ -4,6 +4,7 @@ resource_registry:
OS::TripleO::Services::NeutronCorePlugin: OS::TripleO::Services::NeutronCorePluginML2OVN
OS::TripleO::Services::OVNController: ../puppet/services/ovn-controller.yaml
OS::TripleO::Services::OVNDBs: ../puppet/services/ovn-dbs.yaml
OS::TripleO::Services::OVNMetadataAgent: ../puppet/services/ovn-metadata.yaml
# Disabling Neutron services that overlap with OVN
OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None
OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None

1
environments/services-docker/neutron-ovn-ha.yaml
View File

@ -3,6 +3,7 @@ resource_registry:
OS::TripleO::Docker::NeutronMl2PluginBase: ../../puppet/services/neutron-plugin-ml2-ovn.yaml
OS::TripleO::Services::OVNController: ../../docker/services/ovn-controller.yaml
OS::TripleO::Services::OVNDBs: ../../docker/services/pacemaker/ovn-dbs.yaml
OS::TripleO::Services::OVNMetadataAgent: ../../docker/services/ovn-metadata.yaml
# Disabling Neutron services that overlap with OVN
OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None
OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None

1
environments/services-docker/neutron-ovn.yaml
View File

@ -3,6 +3,7 @@ resource_registry:
OS::TripleO::Docker::NeutronMl2PluginBase: ../../puppet/services/neutron-plugin-ml2-ovn.yaml
OS::TripleO::Services::OVNController: ../../docker/services/ovn-controller.yaml
OS::TripleO::Services::OVNDBs: ../../docker/services/ovn-dbs.yaml
OS::TripleO::Services::OVNMetadataAgent: ../../docker/services/ovn-metadata.yaml
# Disabling Neutron services that overlap with OVN
OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None
OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None

1
overcloud-resource-registry-puppet.j2.yaml
View File

@ -153,6 +153,7 @@ resource_registry:
OS::TripleO::Services::NeutronL2gwAgent: OS::Heat::None
OS::TripleO::Services::NeutronLbaasv2Agent: OS::Heat::None
OS::TripleO::Services::NeutronMetadataAgent: puppet/services/neutron-metadata.yaml
OS::TripleO::Services::OVNMetadataAgent: OS::Heat::None
# FIXME(shardy) the duplicate NeutronServer line can be removed when we've updated
# the multinode job ControllerServices after this patch merges
OS::TripleO::Services::NeutronServer: puppet/services/neutron-api.yaml

5
puppet/services/neutron-plugin-ml2-ovn.yaml
View File

@ -67,6 +67,10 @@ parameters:
description: Enable Neutron DVR.
default: false
type: boolean
OVNMetadataEnabled:
description: Whether Metadata Service has to be enabled
type: boolean
default: true
resources:
@ -93,6 +97,7 @@ outputs:
neutron::plugins::ml2::ovn::neutron_sync_mode: {get_param: OVNNeutronSyncMode}
neutron::plugins::ml2::ovn::ovn_l3_mode: true
neutron::plugins::ml2::ovn::vif_type: {get_param: OVNVifType}
neutron::plugins::ml2::ovn::ovn_metadata_enabled: {get_param: OVNMetadataEnabled}
neutron::server::qos_notification_drivers: {get_param: OVNQosDriver}
neutron::plugins::ml2::max_header_size: {get_param: NeutronGeneveMaxHeaderSize}
neutron::plugins::ml2::ovn::dvr_enabled: {get_param: NeutronEnableDVR}

9
puppet/services/ovn-controller.yaml
View File

@ -53,6 +53,10 @@ parameters:
Name of the OVS bridge to use as integration bridge by OVN Controller.
type: string
default: "br-int"
OVNMetadataEnabled:
description: Whether Metadata Service has to be enabled
type: boolean
default: true
resources:
@ -70,6 +74,9 @@ resources:
- values:
NeutronBridgeMappings: {get_param: NeutronBridgeMappings}
conditions:
force_config_drive: {equals: [{get_param: OVNMetadataEnabled}, false]}
outputs:
role_data:
description: Role data for the OVN Controller agent
@ -82,7 +89,7 @@ outputs:
ovn::controller::ovn_encap_type: {get_param: OVNTunnelEncapType}
ovn::controller::ovn_encap_ip: {get_param: [ServiceNetMap, NeutronTenantNetwork]}
ovn::controller::ovn_bridge: {get_param: OVNIntegrationBridge}
nova::compute::force_config_drive: true
nova::compute::force_config_drive: {if: [force_config_drive, true, false]}
tripleo.ovn_controller.firewall_rules:
'118 neutron vxlan networks':
proto: 'udp'

123
puppet/services/ovn-metadata.yaml Normal file
View File

@ -0,0 +1,123 @@
heat_template_version: pike
description: >
OpenStack Networking-ovn Metadata agent configured with Puppet
parameters:
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
NeutronMetadataProxySharedSecret:
description: Shared secret to prevent spoofing
type: string
hidden: true
NeutronWorkers:
default: ''
description: |
Sets the number of worker processes for the neutron metadata agent. The
default value results in the configuration being left unset and a
system-dependent default will be chosen (usually the number of
processors). Please note that this can result in a large number of
processes and memory consumption on systems with a large core count. On
such systems it is recommended that a non-default value be selected that
matches the load requirements.
type: string
NeutronPassword:
description: The password for the neutron service and db account, used by neutron agents.
type: string
hidden: true
OVNSouthboundServerPort:
description: Port of the OVN Southbound DB server
type: number
default: 6642
OVNDbConnectionTimeout:
description: Timeout in seconds for the OVSDB connection transaction
type: number
default: 180
MonitoringSubscriptionOvnMetadata:
default: 'overcloud-ovn-metadata'
type: string
OvnMetadataAgentLoggingSource:
type: json
default:
tag: openstack.neutron.agent.ovn-metadata
path: /var/log/neutron/networking-ovn-metadata-agent.log
conditions:
neutron_workers_unset: {equals : [{get_param: NeutronWorkers}, '']}
resources:
NeutronBase:
type: ./neutron-base.yaml
properties:
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the Networking-ovn Metadata agent service.
value:
service_name: ovn_metadata
monitoring_subscription: {get_param: MonitoringSubscriptionOvnMetadata}
logging_source: {get_param: OvnMetadataAgentLoggingSource}
logging_groups:
- neutron
config_settings:
map_merge:
- get_attr: [NeutronBase, role_data, config_settings]
- neutron::agents::ovn_metadata::shared_secret: {get_param: NeutronMetadataProxySharedSecret}
neutron::agents::ovn_metadata::auth_password: {get_param: NeutronPassword}
neutron::agents::ovn_metadata::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
neutron::agents::ovn_metadata::auth_tenant: 'service'
neutron::agents::ovn_metadata::metadata_ip: "%{hiera('nova_metadata_vip')}"
neutron::agents::ovn_metadata::ovsdb_connection_timeout: {get_param: OVNDbConnectionTimeout}
ovn::southbound::port: {get_param: OVNSouthboundServerPort}
-
if:
- neutron_workers_unset
- {}
- neutron::agents::ovn_metadata::metadata_workers: {get_param: NeutronWorkers}
step_config: |
include tripleo::profile::base::neutron::ovn_metadata
upgrade_tasks:
- name: Check if networking_ovn_metadata_agent is deployed
command: systemctl is-enabled networking-ovn-metadata-agent
tags: common
ignore_errors: True
register: networking_ovn_metadata_agent_enabled
- name: "PreUpgrade step0,validation: Check service networking-ovn-metadata-agent is running"
shell: /usr/bin/systemctl show 'networking-ovn-metadata-agent' --property ActiveState | grep '\bactive\b'
when: networking_ovn_metadata_agent_enabled.rc == 0
tags: step0,validation
- name: Stop networking_ovn_metadata service
tags: step1
when: neutron_metadata_agent_enabled.rc == 0
service: name=networking-ovn-metadata-agent state=stopped

8
releasenotes/notes/add-support-networking-ovn-metadata-agent-3bfecfbabd6d9628.yaml Normal file
View File

@ -0,0 +1,8 @@
---
features:
- Adds ability to configure metadata agent for networking-ovn based
deployments.
upgrade:
- force_config_drive is now set to False in Nova. Instances will now
fetch their metadata from the metadata service instead from the config
drive.

1
roles/Compute.yaml
View File

@ -61,3 +61,4 @@
- OS::TripleO::Services::Tuned
- OS::TripleO::Services::Vpp
- OS::TripleO::Services::OVNController
- OS::TripleO::Services::OVNMetadataAgent

1
roles/ComputeHCI.yaml
View File

@ -52,3 +52,4 @@
- OS::TripleO::Services::Tuned
- OS::TripleO::Services::Vpp
- OS::TripleO::Services::OVNController
- OS::TripleO::Services::OVNMetadataAgent

1
roles/ComputeOvsDpdk.yaml
View File

@ -37,6 +37,7 @@
- OS::TripleO::Services::Ntp
- OS::TripleO::Services::ContainersLogrotateCrond
- OS::TripleO::Services::OpenDaylightOvs
- OS::TripleO::Services::OVNMetadataAgent
- OS::TripleO::Services::Rhsm
- OS::TripleO::Services::RsyslogSidecar
- OS::TripleO::Services::Securetty

1
roles/ComputeSriov.yaml
View File

@ -52,3 +52,4 @@
- OS::TripleO::Services::TripleoPackages
- OS::TripleO::Services::Vpp
- OS::TripleO::Services::OVNController
- OS::TripleO::Services::OVNMetadataAgent

1
roles/HciCephAll.yaml
View File

@ -58,3 +58,4 @@
- OS::TripleO::Services::Tuned
- OS::TripleO::Services::Vpp
- OS::TripleO::Services::OVNController
- OS::TripleO::Services::OVNMetadataAgent

1
roles/HciCephFile.yaml
View File

@ -54,3 +54,4 @@
- OS::TripleO::Services::Tuned
- OS::TripleO::Services::Vpp
- OS::TripleO::Services::OVNController
- OS::TripleO::Services::OVNMetadataAgent

1
roles/HciCephMon.yaml
View File

@ -55,3 +55,4 @@
- OS::TripleO::Services::Tuned
- OS::TripleO::Services::Vpp
- OS::TripleO::Services::OVNController
- OS::TripleO::Services::OVNMetadataAgent

1
roles/HciCephObject.yaml
View File

@ -54,3 +54,4 @@
- OS::TripleO::Services::Tuned
- OS::TripleO::Services::Vpp
- OS::TripleO::Services::OVNController
- OS::TripleO::Services::OVNMetadataAgent

1
roles_data.yaml
View File

@ -218,6 +218,7 @@
- OS::TripleO::Services::Tuned
- OS::TripleO::Services::Vpp
- OS::TripleO::Services::OVNController
- OS::TripleO::Services::OVNMetadataAgent
###############################################################################
# Role: BlockStorage #
###############################################################################