openstack
/
tripleo-heat-templates
Code Issues Proposed changes

Merge "Do not run puppet in docker_config"

This commit is contained in:
Zuul 2022-02-27 19:41:01 +00:00 committed by Gerrit Code Review
parent 9ac454b014 c275d78703
commit bf8ce722fd
3 changed files with 19 additions and 114 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
deployment/neutron/neutron-agents-ib-config-container-puppet.yaml
View File

@ -32,12 +32,6 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
DeployIdentifier:
default: ''
type: string
description: >
Setting this to a unique value will re-run any deployment tasks which
perform configuration on a Heat stack-update.
MultiInterfaceDriverMappings:
type: comma_delimited_list
default: ""
@ -92,34 +86,13 @@ outputs:
neutron::agents::ml2::mlnx::dhcp_broadcast_reply: true
neutron::agents::ml2::mlnx::interface_driver : 'multi'
neutron::agents::ml2::mlnx::enable_multi_interface_driver_cache_maintenance : true
docker_config:
step_3:
neutron_agents_ib_config:
detach: false
image: {get_attr: [RoleParametersValue, value, ContainerNeutronConfigImage]}
net: host
pid: host
user: root
privileged: true
security_opt:
- label=disable
command:
- puppet
- apply
- --modulepath
- /etc/puppet/modules:/usr/share/openstack-puppet/modules
- -v
- -e
- "include neutron::agents::ml2::mlnx"
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
- - /lib/modules:/lib/modules:ro
- /usr/share/openstack-puppet/modules:/usr/share/openstack-puppet/modules:ro
- /var/lib/config-data/puppet-generated/neutron/etc/neutron:/etc/neutron
environment:
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
TRIPLEO_DEPLOY_IDENTIFIER: {get_param: DeployIdentifier}
puppet_config:
config_volume: 'neutron'
puppet_tags: eswitchd_config,neutron_dhcp_agent_config,neutron_l3_agent_config,neutron_mlnx_agent_config
step_config: |
include tripleo::profile::base::neutron::agents::mlnx
config_image: {get_attr: [RoleParametersValue, value, ContainerNeutronConfigImage]}
docker_config: {}
metadata_settings:
get_attr: [NeutronBase, role_data, metadata_settings]
upgrade_tasks: []

38
deployment/neutron/neutron-mlnx-agent-container-puppet.yaml
View File

@ -37,12 +37,6 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
DeployIdentifier:
default: ''
type: string
description: >
Setting this to a unique value will re-run any deployment tasks which
perform configuration on a Heat stack-update.
NeutronPhysicalDevMappings:
description: >
List of <physical_network>:<physical device>
@ -117,9 +111,10 @@ outputs:
- get_attr: [MlnxAgentLogging, config_settings]
puppet_config:
config_volume: 'neutron'
puppet_tags: neutron_plugin_ml2
puppet_tags: neutron_plugin_ml2,eswitchd_config,neutron_dhcp_agent_config,neutron_l3_agent_config,neutron_mlnx_agent_config
step_config: |
include tripleo::profile::base::neutron::plugins::ml2
include tripleo::profile::base::neutron::agents::mlnx
config_image: {get_attr: [RoleParametersValue, value, ContainerNeutronConfigImage]}
kolla_config:
/var/lib/kolla/config_files/neutron_mlnx_agent.json:
@ -153,35 +148,6 @@ outputs:
owner: neutron:neutron
recurse: true
docker_config:
step_3:
neutron_mlnx_agent_config:
detach: false
image: {get_attr: [RoleParametersValue, value, ContainerNeutronConfigImage]}
net: host
pid: host
user: root
privileged: true
security_opt:
- label=disable
command:
- puppet
- apply
- --modulepath
- /etc/puppet/modules:/usr/share/openstack-puppet/modules
- -v
- -e
- "include tripleo::profile::base::neutron::agents::mlnx"
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
- - /var/lib/kolla/config_files/neutron_mlnx_agent.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/neutron:/var/lib/kolla/config_files/src:ro
- /lib/modules:/lib/modules:ro
- /usr/share/openstack-puppet/modules:/usr/share/openstack-puppet/modules:ro
- /var/lib/config-data/puppet-generated/neutron/etc/neutron:/etc/neutron
environment:
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
TRIPLEO_DEPLOY_IDENTIFIER: {get_param: DeployIdentifier}
step_4:
neutron_mlnx_agent:
start_order: 10

54
deployment/neutron/neutron-ovs-agent-container-puppet.yaml
View File

@ -46,16 +46,6 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
DeployIdentifier:
default: ''
type: string
description: >
Setting this to a unique value will re-run any deployment tasks which
perform configuration on a Heat stack-update.
DockerPuppetMountHostPuppet:
type: boolean
default: true
description: Whether containerized puppet executions use modules from the baremetal host. Defaults to true. Can be set to false to consume puppet modules from containers directly.
PythonInterpreter:
type: string
description: The python interpreter to use for python and ansible actions
@ -281,7 +271,7 @@ outputs:
collectd::plugin::ovs_stats::socket: '/run/openvswitch/db.sock'
puppet_config:
config_volume: neutron
puppet_tags: neutron_config,neutron_agent_ovs,neutron_plugin_ml2
puppet_tags: neutron_config,neutron_agent_ovs,neutron_plugin_ml2,vs_config
step_config: |
include tripleo::profile::base::neutron::ovs
config_image: {get_attr: [RoleParametersValue, value, ContainerNeutronConfigImage]}
@ -328,39 +318,6 @@ outputs:
params:
PYTHON: {get_param: PythonInterpreter}
docker_config:
step_3:
neutron_ovs_bridge:
detach: false
image: {get_attr: [RoleParametersValue, value, ContainerNeutronConfigImage]}
net: host
pid: host
user: root
privileged: true
security_opt:
- label=disable
command:
- puppet
- apply
- --modulepath
- /etc/puppet/modules:/usr/share/openstack-puppet/modules
- --tags
- file,file_line,concat,augeas,neutron::plugins::ovs::bridge,vs_config
- -v
- -e
- include neutron::agents::ml2::ovs
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
- - /var/lib/kolla/config_files/neutron_ovs_agent.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/neutron:/var/lib/kolla/config_files/src:ro
- /lib/modules:/lib/modules:ro
- /run/openvswitch:/run/openvswitch:shared,z
- if:
- {get_param: DockerPuppetMountHostPuppet}
- /usr/share/openstack-puppet/modules/:/usr/share/openstack-puppet/modules/:ro
environment:
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
TRIPLEO_DEPLOY_IDENTIFIER: {get_param: DeployIdentifier}
step_4:
neutron_ovs_agent:
start_order: 10
@ -421,6 +378,15 @@ outputs:
when:
- ansible_facts.selinux is defined
- ansible_facts.selinux.status == "enabled"
- block:
- name: Create the ovs bridges
shell: |
ovs-vsctl --may-exist add-br "{{ item.split(':')[1] }}"
with_items: {get_attr: [RoleParametersValue, value, 'neutron::agents::ml2::ovs::bridge_mappings']}
- name: Activate the ovs bridges
shell: |
ip link set dev "{{ item.split(':')[1] }}" up
with_items: {get_attr: [RoleParametersValue, value, 'neutron::agents::ml2::ovs::bridge_mappings']}
update_tasks:
# puppetlabs-firewall manages security rules via Puppet but make the rules
# consistent by default. Since Neutron also creates some rules, we don't