openstack/tripleo-heat-templates
Code Issues Proposed changes

step2: flatten the neutron service configurations

Browse Source 
This change combines the previous puppet and docker files into a single
file that performs the docker service installation and configuration
for the neutron-metadata, neutron-ovs-agent, and neutron-ovs-dpdk-agent.

With this patch the baremetal version of each respective neutron service
has been removed.

Related-Blueprint: services-yaml-flattening

Change-Id: I7a918e72ce4bfd06a95d7a575603a6fb65ded5a9
This commit is contained in:
Dan Prince 2019-01-13 10:41:30 -05:00
parent 7b9c549795
commit d1fea280f4
16 changed files with 254 additions and 470 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

0
docker/services/neutron/neutron-cleanup → deployment/neutron/neutron-cleanup
View File

0
docker/services/neutron/neutron-cleanup.service → deployment/neutron/neutron-cleanup.service
View File

91
docker/services/neutron-metadata.yaml → deployment/neutron/neutron-metadata-container-puppet.yaml
View File

@ -41,14 +41,55 @@ parameters:
default: {}
description: Parameters specific to the role
type: json
NeutronMetadataProxySharedSecret:
description: Shared secret to prevent spoofing
type: string
hidden: true
NeutronWorkers:
default: ''
description: |
Sets the number of worker processes for the neutron metadata agent. The
default value results in the configuration being left unset and a
system-dependent default will be chosen (usually the number of
processors). Please note that this can result in a large number of
processes and memory consumption on systems with a large core count. On
such systems it is recommended that a non-default value be selected that
matches the load requirements.
type: string
NeutronPassword:
description: The password for the neutron service and db account, used by neutron agents.
type: string
hidden: true
MonitoringSubscriptionNeutronMetadata:
default: 'overcloud-neutron-metadata'
type: string
Debug:
type: boolean
default: false
description: Set to True to enable debugging on all services.
NeutronMetadataAgentDebug:
default: ''
description: Set to True to enable debugging for Neutron Metadata agent.
type: string
constraints:
- allowed_values: [ '', 'true', 'True', 'TRUE', 'false', 'False', 'FALSE']
EnableInternalTLS:
type: boolean
default: false
conditions:
neutron_workers_unset: {equals : [{get_param: NeutronWorkers}, '']}
service_debug_unset: {equals: [{get_param: NeutronMetadataAgentDebug}, '']}
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
is_neutron_shared_metadata_notempty: {not: {equals: [{get_param: NeutronMetadataProxySharedSecret}, '']}}
resources:
ContainersCommon:
type: ./containers-common.yaml
type: ../../docker/services/containers-common.yaml
NeutronMetadataBase:
type: ../../puppet/services/neutron-metadata.yaml
NeutronBase:
type: ../../puppet/services/neutron-base.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
@ -66,14 +107,44 @@ outputs:
role_data:
description: Role data for Neutron Metadata agent
value:
service_name: {get_attr: [NeutronMetadataBase, role_data, service_name]}
service_name: neutron_metadata
monitoring_subscription: {get_param: MonitoringSubscriptionNeutronMetadata}
config_settings:
map_merge:
- get_attr: [NeutronMetadataBase, role_data, config_settings]
- get_attr: [NeutronBase, role_data, config_settings]
- get_attr: [NeutronLogging, config_settings]
- neutron::agents::metadata::auth_password: {get_param: NeutronPassword}
neutron::agents::metadata::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
neutron::agents::metadata::auth_tenant: 'service'
neutron::agents::metadata::debug:
if:
- service_debug_unset
- {get_param: Debug}
- {get_param: NeutronMetadataAgentDebug}
neutron::agents::metadata::metadata_host:
str_replace:
template:
"%{hiera('cloud_name_$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, NovaMetadataNetwork]}
neutron::agents::metadata::metadata_protocol:
if:
- internal_tls_enabled
- 'https'
- 'http'
-
if:
- neutron_workers_unset
- {}
- neutron::agents::metadata::metadata_workers: {get_param: NeutronWorkers}
-
if:
- is_neutron_shared_metadata_notempty
- neutron::agents::metadata::shared_secret: {get_param: NeutronMetadataProxySharedSecret}
- {}
service_config_settings:
map_merge:
- get_attr: [NeutronMetadataBase, role_data, service_config_settings]
- get_attr: [NeutronBase, role_data, service_config_settings]
- fluentd:
tripleo_fluentd_groups_neutron_metadata:
- neutron
@ -82,8 +153,8 @@ outputs:
puppet_config:
puppet_tags: neutron_config,neutron_metadata_agent_config
config_volume: neutron
step_config:
get_attr: [NeutronMetadataBase, role_data, step_config]
step_config: |
include tripleo::profile::base::neutron::metadata
config_image: {get_param: DockerNeutronConfigImage}
kolla_config:
/var/lib/kolla/config_files/neutron_metadata_agent.json:
@ -121,7 +192,7 @@ outputs:
- yaql:
expression: str($.data.port)
data:
port: {get_attr: [NeutronMetadataBase, role_data, config_settings, 'neutron::rabbit_port']}
port: {get_attr: [NeutronBase, role_data, config_settings, 'neutron::rabbit_port']}
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
@ -134,7 +205,7 @@ outputs:
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
metadata_settings:
get_attr: [NeutronMetadataBase, role_data, metadata_settings]
get_attr: [NeutronBase, role_data, metadata_settings]
host_prep_tasks:
list_concat:
- {get_attr: [NeutronLogging, host_prep_tasks]}

135
docker/services/neutron-ovs-agent.yaml → deployment/neutron/neutron-ovs-agent-container-puppet.yaml
View File

@ -57,18 +57,96 @@ parameters:
type: string
description: The python interpreter to use for python and ansible actions
default: /usr/bin/python
NeutronEnableL2Pop:
type: string
description: Enable/disable the L2 population feature in the Neutron agents.
default: "False"
NeutronBridgeMappings:
description: >
The OVS logical->physical bridge mappings to use. See the Neutron
documentation for details. Defaults to mapping br-ex - the external
bridge on hosts - to a physical name 'datacentre' which can be used
to create provider networks (and we use this for the default floating
network) - if changing this either use different post-install network
scripts or be sure to keep 'datacentre' as a mapping network name.
type: comma_delimited_list
default: "datacentre:br-ex"
tags:
- role_specific
NeutronTunnelTypes:
default: 'vxlan'
description: The tunnel types for the Neutron tenant network.
type: comma_delimited_list
NeutronAgentExtensions:
default: "qos"
description: |
Comma-separated list of extensions enabled for the Neutron agents.
type: comma_delimited_list
NeutronEnableDVR:
default: False
description: Enable Neutron DVR.
type: boolean
NeutronEnableARPResponder:
default: false
description: |
Enable ARP responder feature in the OVS Agent.
type: boolean
MonitoringSubscriptionNeutronOvs:
default: 'overcloud-neutron-ovs-agent'
type: string
NeutronOVSFirewallDriver:
default: ''
description: |
Configure the classname of the firewall driver to use for implementing
security groups. Possible values depend on system configuration. Some
examples are: noop, openvswitch, iptables_hybrid. The default value of an
empty string will result in a default supported configuration.
type: string
OvsHwOffload:
default: false
description: |
Enable OVS Hardware Offload. This feature supported from OVS 2.8.0
type: boolean
tags:
- role_specific
NeutronOVSTunnelCsum:
default: false
description: |
Set or un-set the tunnel header checksum on outgoing IP packet
carrying GRE/VXLAN tunnel.
type: boolean
RpcPort:
default: 5672
description: The network port for messaging backend
type: number
conditions:
no_firewall_driver: {equals : [{get_param: NeutronOVSFirewallDriver}, '']}
docker_puppet_mount_host: {equals: [{get_param: DockerPuppetMountHostPuppet}, true]}
resources:
ContainersCommon:
type: ./containers-common.yaml
type: ../../docker/services/containers-common.yaml
NeutronOvsAgentBase:
type: ../../puppet/services/neutron-ovs-agent.yaml
# Merging role-specific parameters (RoleParameters) with the default parameters.
# RoleParameters will have the precedence over the default parameters.
RoleParametersValue:
type: OS::Heat::Value
properties:
type: json
value:
map_replace:
- map_replace:
- neutron::agents::ml2::ovs::bridge_mappings: NeutronBridgeMappings
vswitch::ovs::enable_hw_offload: OvsHwOffload
- values: {get_param: [RoleParameters]}
- values:
NeutronBridgeMappings: {get_param: NeutronBridgeMappings}
OvsHwOffload: {get_param: OvsHwOffload}
NeutronBase:
type: ../../puppet/services/neutron-base.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
@ -86,14 +164,45 @@ outputs:
role_data:
description: Role data for Neutron openvswitch service
value:
service_name: {get_attr: [NeutronOvsAgentBase, role_data, service_name]}
service_name: neutron_ovs_agent
monitoring_subscription: {get_param: MonitoringSubscriptionNeutronOvs}
config_settings:
map_merge:
- get_attr: [NeutronOvsAgentBase, role_data, config_settings]
- get_attr: [NeutronBase, role_data, config_settings]
- get_attr: [RoleParametersValue, value]
- get_attr: [NeutronLogging, config_settings]
- neutron::agents::ml2::ovs::l2_population: {get_param: NeutronEnableL2Pop}
neutron::agents::ml2::ovs::enable_distributed_routing: {get_param: NeutronEnableDVR}
neutron::agents::ml2::ovs::arp_responder: {get_param: NeutronEnableARPResponder}
neutron::agents::ml2::ovs::tunnel_types: {get_param: NeutronTunnelTypes}
neutron::agents::ml2::ovs::extensions: {get_param: NeutronAgentExtensions}
neutron::agents::ml2::ovs::tunnel_csum: {get_param: NeutronOVSTunnelCsum}
# NOTE: bind IP is found in hiera replacing the network name with the
# local node IP for the given network; replacement examples
# (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
neutron::agents::ml2::ovs::local_ip:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, NeutronTenantNetwork]}
tripleo::neutron_ovs_agent::firewall_rules:
'118 neutron vxlan networks':
proto: 'udp'
dport: 4789
'136 neutron gre networks':
proto: 'gre'
-
if:
- no_firewall_driver
- {}
- neutron::agents::ml2::ovs::firewall_driver: {get_param: NeutronOVSFirewallDriver}
service_config_settings:
map_merge:
- get_attr: [NeutronOvsAgentBase, role_data, service_config_settings]
- get_attr: [NeutronBase, role_data, service_config_settings]
- fluentd:
tripleo_fluentd_groups_neutron_ovs_agent:
- neutron
@ -102,8 +211,8 @@ outputs:
puppet_config:
config_volume: neutron
puppet_tags: neutron_config,neutron_agent_ovs,neutron_plugin_ml2
step_config:
get_attr: [NeutronOvsAgentBase, role_data, step_config]
step_config: |
include ::tripleo::profile::base::neutron::ovs
config_image: {get_param: DockerNeutronConfigImage}
# We need to mount /run for puppet_config step. This is because
# puppet-vswitch runs the commands "ovs-vsctl list open_vswitch ."
@ -191,7 +300,7 @@ outputs:
- yaql:
expression: str($.data.port)
data:
port: {get_attr: [NeutronOvsAgentBase, role_data, config_settings, 'neutron::rabbit_port']}
port: {get_param: RpcPort}
ulimit: {get_param: DockerOpenvswitchUlimit}
volumes:
list_concat:
@ -206,7 +315,7 @@ outputs:
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
metadata_settings:
get_attr: [NeutronOvsAgentBase, role_data, metadata_settings]
get_attr: [NeutronBase, role_data, metadata_settings]
host_prep_tasks:
list_concat:
- {get_attr: [NeutronLogging, host_prep_tasks]}
@ -220,13 +329,13 @@ outputs:
- name: openvswitch
- name: Copy in cleanup script
copy:
content: {get_file: ./neutron/neutron-cleanup}
content: {get_file: ./neutron-cleanup}
dest: '/usr/libexec/neutron-cleanup'
force: yes
mode: '0755'
- name: Copy in cleanup service
copy:
content: {get_file: ./neutron/neutron-cleanup.service}
content: {get_file: ./neutron-cleanup.service}
dest: '/usr/lib/systemd/system/neutron-cleanup.service'
force: yes
- name: Enabling the cleanup service

46
puppet/services/neutron-ovs-dpdk-agent.yaml → deployment/neutron/neutron-ovs-dpdk-agent-container-puppet.yaml
View File

@ -1,9 +1,12 @@
heat_template_version: rocky
description: >
OpenStack Neutron OVS DPDK configured with Puppet for Compute Role
OpenStack Neutron OVS DPDK configured with Puppet for Compute Role (Containerized)
parameters:
DockerNeutronConfigImage:
description: The container image to use for the neutron config_volume
type: string
ServiceData:
default: {}
description: Dictionary packing service data
@ -67,7 +70,7 @@ parameters:
resources:
NeutronOvsAgent:
type: ./neutron-ovs-agent.yaml
type: ./neutron-ovs-agent-container-puppet.yaml
properties:
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
@ -97,7 +100,7 @@ resources:
VhostuserSocketUser: {get_param: VhostuserSocketUser}
Ovs:
type: ./openvswitch.yaml
type: ../../puppet/services/openvswitch.yaml
properties:
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
@ -107,7 +110,7 @@ resources:
outputs:
role_data:
description: Role data for the Neutron OVS DPDK Agent service.
description: Role data for Neutron openvswitch DPDK service
value:
service_name: neutron_ovs_dpdk_agent
config_settings:
@ -120,8 +123,37 @@ outputs:
- get_attr: [Ovs, role_data, config_settings]
- get_attr: [RoleParametersValue, value]
service_config_settings:
nova_libvirt:
nova::compute::libvirt::qemu::group: {get_attr: [RoleParametersValue, value, vhostuser_socket_group]}
step_config: {get_attr: [NeutronOvsAgent, role_data, step_config]}
map_merge:
- get_attr: [NeutronOvsAgent, role_data, service_config_settings]
- nova_libvirt:
nova::compute::libvirt::qemu::group: {get_attr: [RoleParametersValue, value, vhostuser_socket_group]}
puppet_config:
config_volume: neutron
puppet_tags: neutron_config,neutron_agent_ovs,neutron_plugin_ml2
step_config:
get_attr: [NeutronOvsAgent, role_data, step_config]
config_image: {get_param: DockerNeutronConfigImage}
# We need to mount /run for puppet_config step. This is because
# puppet-vswitch runs the commands "ovs-vsctl list open_vswitch ."
# when running vswitch::ovs::enable_hw_offload: true
# ovs-vsctl talks to the ovsdb-server (hosting conf.db)
# on the unix domain socket - /run/openvswitch/db.sock
volumes:
- /lib/modules:/lib/modules:ro
- /run/openvswitch:/run/openvswitch
kolla_config:
get_attr: [NeutronOvsAgent, role_data, kolla_config]
docker_config_scripts:
get_attr: [NeutronOvsAgent, role_data, docker_config_scripts]
docker_config:
get_attr: [NeutronOvsAgent, role_data, docker_config]
metadata_settings:
get_attr: [NeutronOvsAgent, role_data, metadata_settings]
host_prep_tasks:
get_attr: [NeutronOvsAgent, role_data, host_prep_tasks]
upgrade_tasks:
get_attr: [NeutronOvsAgent, role_data, upgrade_tasks]
update_tasks:
get_attr: [NeutronOvsAgent, role_data, update_tasks]
fast_forward_upgrade_tasks:
get_attr: [NeutronOvsAgent, role_data, fast_forward_upgrade_tasks]

107
docker/services/neutron-ovs-dpdk-agent.yaml
View File

@ -1,107 +0,0 @@
heat_template_version: rocky
description: >
OpenStack Neutron OVS DPDK configured with Puppet for Compute Role (Containerized)
parameters:
DockerNeutronConfigImage:
description: The container image to use for the neutron config_volume
type: string
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
resources:
ContainersCommon:
type: ./containers-common.yaml
NeutronOvsDpdkAgentBase:
type: ../../puppet/services/neutron-ovs-dpdk-agent.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
NeutronOvsAgentDockerBase:
type: ../../docker/services/neutron-ovs-agent.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
NeutronLogging:
type: OS::TripleO::Services::Logging::NeutronCommon
properties:
NeutronServiceName: openvswitch-agent
outputs:
role_data:
description: Role data for Neutron openvswitch DPDK service
value:
service_name: {get_attr: [NeutronOvsDpdkAgentBase, role_data, service_name]}
config_settings:
map_merge:
- get_attr: [NeutronOvsDpdkAgentBase, role_data, config_settings]
- get_attr: [NeutronLogging, config_settings]
service_config_settings:
get_attr: [NeutronOvsDpdkAgentBase, role_data, service_config_settings]
puppet_config:
config_volume: neutron
puppet_tags: neutron_config,neutron_agent_ovs,neutron_plugin_ml2
step_config:
get_attr: [NeutronOvsDpdkAgentBase, role_data, step_config]
config_image: {get_param: DockerNeutronConfigImage}
# We need to mount /run for puppet_config step. This is because
# puppet-vswitch runs the commands "ovs-vsctl list open_vswitch ."
# when running vswitch::ovs::enable_hw_offload: true
# ovs-vsctl talks to the ovsdb-server (hosting conf.db)
# on the unix domain socket - /run/openvswitch/db.sock
volumes:
- /lib/modules:/lib/modules:ro
- /run/openvswitch:/run/openvswitch
kolla_config:
get_attr: [NeutronOvsAgentDockerBase, role_data, kolla_config]
docker_config_scripts:
get_attr: [NeutronOvsAgentDockerBase, role_data, docker_config_scripts]
docker_config:
get_attr: [NeutronOvsAgentDockerBase, role_data, docker_config]
metadata_settings:
get_attr: [NeutronOvsAgentDockerBase, role_data, metadata_settings]
host_prep_tasks:
get_attr: [NeutronOvsAgentDockerBase, role_data, host_prep_tasks]
upgrade_tasks:
get_attr: [NeutronOvsAgentDockerBase, role_data, upgrade_tasks]
update_tasks:
get_attr: [NeutronOvsAgentDockerBase, role_data, update_tasks]
fast_forward_upgrade_tasks:
get_attr: [NeutronOvsAgentDockerBase, role_data, fast_forward_upgrade_tasks]

6
environments/baremetal-services.yaml
View File

@ -14,7 +14,7 @@ resource_registry:
OS::TripleO::Services::CinderScheduler: ../deployment/cinder/cinder-scheduler-container-puppet.yaml
OS::TripleO::Services::CinderVolume: ../deployment/cinder/cinder-volume-container-puppet.yaml
OS::TripleO::Services::ComputeCeilometerAgent: ../puppet/services/ceilometer-agent-compute.yaml
OS::TripleO::Services::ComputeNeutronOvsAgent: ../puppet/services/neutron-ovs-agent.yaml
OS::TripleO::Services::ComputeNeutronOvsAgent: ../deployment/neutron/neutron-ovs-agent-container-puppet.yaml
OS::TripleO::Services::ContainersLogrotateCrond: OS::Heat::None
OS::TripleO::Services::GlanceApi: ../deployment/glance/glance-api-container-puppet.yaml
OS::TripleO::Services::GnocchiApi: ../puppet/services/gnocchi-api.yaml
@ -34,8 +34,8 @@ resource_registry:
OS::TripleO::Services::NeutronCorePlugin: ../puppet/services/neutron-plugin-ml2.yaml
OS::TripleO::Services::NeutronDhcpAgent: ../deployment/neutron/neutron-dhcp-container-puppet.yaml
OS::TripleO::Services::NeutronL3Agent: ../deployment/neutron/neutron-l3-container-puppet.yaml
OS::TripleO::Services::NeutronMetadataAgent: ../puppet/services/neutron-metadata.yaml
OS::TripleO::Services::NeutronOvsAgent: ../puppet/services/neutron-ovs-agent.yaml
OS::TripleO::Services::NeutronMetadataAgent: ../deployment/neutron/neutron-metadata-container-puppet.yaml
OS::TripleO::Services::NeutronOvsAgent: ../deployment/neutron/neutron-ovs-agent-container-puppet.yaml
OS::TripleO::Services::NeutronServer: ../deployment/neutron/neutron-api-container-puppet.yaml
OS::TripleO::Services::NovaApi: ../puppet/services/nova-api.yaml
OS::TripleO::Services::NovaCompute: ../puppet/services/nova-compute.yaml

2
environments/computealt.yaml
View File

@ -3,7 +3,7 @@ resource_registry:
# If enabling collectd you'll need provide the following in a specific resource_registry
# OS::TripleO::Services::CollectdAlt: ../puppet/services/metrics/collectd.yaml
OS::TripleO::Services::ComputeCeilometerAgentAlt: ../puppet/services/ceilometer-agent-compute.yaml
OS::TripleO::Services::ComputeNeutronOvsAgentAlt: ../puppet/services/neutron-ovs-agent.yaml
OS::TripleO::Services::ComputeNeutronOvsAgentAlt: ../deployment/neutron/neutron-ovs-agent-container-puppet.yaml
OS::TripleO::Services::FluentdAlt: OS::Heat::None
# If enabling fluentd you'll need provide the following in a specific resource_registry
# OS::TripleO::Services::FluentdAlt: ../puppet/services/logging/fluentd.yaml

2
environments/neutron-ovs-dpdk.yaml
View File

@ -5,7 +5,7 @@
# A Heat environment that can be used to deploy DPDK with OVS
# Deploying DPDK requires enabling hugepages for the overcloud nodes
resource_registry:
OS::TripleO::Services::ComputeNeutronOvsDpdk: ../docker/services/neutron-ovs-dpdk-agent.yaml
OS::TripleO::Services::ComputeNeutronOvsDpdk: ../deployment/neutron/neutron-ovs-dpdk-agent-container-puppet.yaml
parameter_defaults:
NeutronDatapathType: "netdev"

2
environments/neutron-ovs-dvr.yaml
View File

@ -3,7 +3,7 @@
# compute nodes.
resource_registry:
OS::TripleO::Services::ComputeNeutronL3Agent: ../deployment/neutron/neutron-l3-container-puppet.yaml
OS::TripleO::Services::ComputeNeutronMetadataAgent: ../docker/services/neutron-metadata.yaml
OS::TripleO::Services::ComputeNeutronMetadataAgent: ../deployment/neutron/neutron-metadata-container-puppet.yaml
# With using default template values, the Compute nodes also need the br-ex
# bridge to be connected to a physical network.

2
environments/services-baremetal/neutron-ovs-dpdk.yaml
View File

@ -1,7 +1,7 @@
# A Heat environment that can be used to deploy DPDK with OVS
# Deploying DPDK requires enabling hugepages for the overcloud nodes
resource_registry:
OS::TripleO::Services::ComputeNeutronOvsDpdk: ../../puppet/services/neutron-ovs-dpdk-agent.yaml
OS::TripleO::Services::ComputeNeutronOvsDpdk: ../../deployment/neutron/neutron-ovs-dpdk-agent-container-puppet.yaml
parameter_defaults:
NeutronDatapathType: "netdev"

2
environments/services/neutron-ovs-dpdk.yaml
View File

@ -1,7 +1,7 @@
# A Heat environment that can be used to deploy DPDK with OVS
# Deploying DPDK requires enabling hugepages for the overcloud nodes
resource_registry:
OS::TripleO::Services::ComputeNeutronOvsDpdk: ../../docker/services/neutron-ovs-dpdk-agent.yaml
OS::TripleO::Services::ComputeNeutronOvsDpdk: ../../deployment/neutron/neutron-ovs-dpdk-agent-container-puppet.yaml
parameter_defaults:
NeutronDatapathType: "netdev"

2
environments/services/neutron-ovs-dvr.yaml
View File

@ -4,7 +4,7 @@
# production deployments.
resource_registry:
OS::TripleO::Services::ComputeNeutronL3Agent: ../../deployment/neutron/neutron-l3-container-puppet.yaml
OS::TripleO::Services::ComputeNeutronMetadataAgent: ../../docker/services/neutron-metadata.yaml
OS::TripleO::Services::ComputeNeutronMetadataAgent: ../../deployment/neutron/neutron-metadata-container-puppet.yaml
OS::TripleO::ComputeDVR::Net::SoftwareConfig: ../../net-config-bridge.yaml
parameter_defaults:

6
overcloud-resource-registry-puppet.j2.yaml
View File

@ -140,7 +140,7 @@ resource_registry:
OS::TripleO::Services::NeutronL2gwAgent: OS::Heat::None
OS::TripleO::Services::NeutronLbaasv2Agent: OS::Heat::None
OS::TripleO::Services::NeutronLbaasv2Api: OS::Heat::None
OS::TripleO::Services::NeutronMetadataAgent: docker/services/neutron-metadata.yaml
OS::TripleO::Services::NeutronMetadataAgent: deployment/neutron/neutron-metadata-container-puppet.yaml
OS::TripleO::Services::OVNMetadataAgent: OS::Heat::None
# FIXME(shardy) the duplicate NeutronServer line can be removed when we've updated
# the multinode job ControllerServices after this patch merges
@ -165,9 +165,9 @@ resource_registry:
OS::TripleO::Services::NeutronCorePluginVTS: docker/services/neutron-plugin-ml2-cisco-vts.yaml
OS::TripleO::Services::NeutronCorePluginML2Ansible: docker/services/neutron-plugin-ml2-ansible.yaml
OS::TripleO::Services::NeutronNuageVrs: puppet/services/neutron-controller-plugin-nuage.yaml
OS::TripleO::Services::NeutronOvsAgent: docker/services/neutron-ovs-agent.yaml
OS::TripleO::Services::NeutronOvsAgent: deployment/neutron/neutron-ovs-agent-container-puppet.yaml
OS::TripleO::Services::NeutronLinuxbridgeAgent: OS::Heat::None
OS::TripleO::Services::ComputeNeutronOvsAgent: docker/services/neutron-ovs-agent.yaml
OS::TripleO::Services::ComputeNeutronOvsAgent: deployment/neutron/neutron-ovs-agent-container-puppet.yaml
OS::TripleO::Services::ComputeNeutronOvsDpdk: OS::Heat::None
OS::TripleO::Services::Pacemaker: OS::Heat::None
OS::TripleO::Services::PacemakerRemote: OS::Heat::None

140
puppet/services/neutron-metadata.yaml
View File

@ -1,140 +0,0 @@
heat_template_version: rocky
description: >
OpenStack Neutron Metadata agent configured with Puppet
parameters:
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
NeutronMetadataProxySharedSecret:
description: Shared secret to prevent spoofing
type: string
hidden: true
NeutronWorkers:
default: ''
description: |
Sets the number of worker processes for the neutron metadata agent. The
default value results in the configuration being left unset and a
system-dependent default will be chosen (usually the number of
processors). Please note that this can result in a large number of
processes and memory consumption on systems with a large core count. On
such systems it is recommended that a non-default value be selected that
matches the load requirements.
type: string
NeutronPassword:
description: The password for the neutron service and db account, used by neutron agents.
type: string
hidden: true
MonitoringSubscriptionNeutronMetadata:
default: 'overcloud-neutron-metadata'
type: string
NeutronMetadataAgentLoggingSource:
type: json
default:
tag: openstack.neutron.agent.metadata
path: /var/log/neutron/metadata-agent.log
Debug:
type: boolean
default: false
description: Set to True to enable debugging on all services.
NeutronMetadataAgentDebug:
default: ''
description: Set to True to enable debugging for Neutron Metadata agent.
type: string
constraints:
- allowed_values: [ '', 'true', 'True', 'TRUE', 'false', 'False', 'FALSE']
EnableInternalTLS:
type: boolean
default: false
conditions:
neutron_workers_unset: {equals : [{get_param: NeutronWorkers}, '']}
service_debug_unset: {equals: [{get_param: NeutronMetadataAgentDebug}, '']}
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
is_neutron_shared_metadata_notempty: {not: {equals: [{get_param: NeutronMetadataProxySharedSecret}, '']}}
resources:
NeutronBase:
type: ./neutron-base.yaml
properties:
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the Neutron Metadata agent service.
value:
service_name: neutron_metadata
monitoring_subscription: {get_param: MonitoringSubscriptionNeutronMetadata}
config_settings:
map_merge:
- get_attr: [NeutronBase, role_data, config_settings]
- neutron::agents::metadata::auth_password: {get_param: NeutronPassword}
neutron::agents::metadata::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
neutron::agents::metadata::auth_tenant: 'service'
neutron::agents::metadata::debug:
if:
- service_debug_unset
- {get_param: Debug}
- {get_param: NeutronMetadataAgentDebug}
neutron::agents::metadata::metadata_host:
str_replace:
template:
"%{hiera('cloud_name_$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, NovaMetadataNetwork]}
neutron::agents::metadata::metadata_protocol:
if:
- internal_tls_enabled
- 'https'
- 'http'
-
if:
- neutron_workers_unset
- {}
- neutron::agents::metadata::metadata_workers: {get_param: NeutronWorkers}
-
if:
- is_neutron_shared_metadata_notempty
- neutron::agents::metadata::shared_secret: {get_param: NeutronMetadataProxySharedSecret}
- {}
service_config_settings:
fluentd:
tripleo_fluentd_groups_neutron_metadata:
- neutron
tripleo_fluentd_sources_neutron_metadata:
- {get_param: NeutronMetadataAgentLoggingSource}
step_config: |
include tripleo::profile::base::neutron::metadata
upgrade_tasks: []
metadata_settings:
get_attr: [NeutronBase, role_data, metadata_settings]

181
puppet/services/neutron-ovs-agent.yaml
View File

@ -1,181 +0,0 @@
heat_template_version: rocky
description: >
OpenStack Neutron OVS agent configured with Puppet
parameters:
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
NeutronEnableL2Pop:
type: string
description: Enable/disable the L2 population feature in the Neutron agents.
default: "False"
NeutronBridgeMappings:
description: >
The OVS logical->physical bridge mappings to use. See the Neutron
documentation for details. Defaults to mapping br-ex - the external
bridge on hosts - to a physical name 'datacentre' which can be used
to create provider networks (and we use this for the default floating
network) - if changing this either use different post-install network
scripts or be sure to keep 'datacentre' as a mapping network name.
type: comma_delimited_list
default: "datacentre:br-ex"
tags:
- role_specific
NeutronTunnelTypes:
default: 'vxlan'
description: The tunnel types for the Neutron tenant network.
type: comma_delimited_list
NeutronAgentExtensions:
default: "qos"
description: |
Comma-separated list of extensions enabled for the Neutron agents.
type: comma_delimited_list
NeutronEnableDVR:
default: False
description: Enable Neutron DVR.
type: boolean
NeutronEnableARPResponder:
default: false
description: |
Enable ARP responder feature in the OVS Agent.
type: boolean
MonitoringSubscriptionNeutronOvs:
default: 'overcloud-neutron-ovs-agent'
type: string
NeutronOVSFirewallDriver:
default: ''
description: |
Configure the classname of the firewall driver to use for implementing
security groups. Possible values depend on system configuration. Some
examples are: noop, openvswitch, iptables_hybrid. The default value of an
empty string will result in a default supported configuration.
type: string
NeutronOpenVswitchAgentLoggingSource:
type: json
default:
tag: openstack.neutron.agent.openvswitch
path: /var/log/neutron/openvswitch-agent.log
OvsHwOffload:
default: false
description: |
Enable OVS Hardware Offload. This feature supported from OVS 2.8.0
type: boolean
tags:
- role_specific
NeutronOVSTunnelCsum:
default: false
description: |
Set or un-set the tunnel header checksum on outgoing IP packet
carrying GRE/VXLAN tunnel.
type: boolean
conditions:
no_firewall_driver: {equals : [{get_param: NeutronOVSFirewallDriver}, '']}
resources:
NeutronBase:
type: ./neutron-base.yaml
properties:
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
# Merging role-specific parameters (RoleParameters) with the default parameters.
# RoleParameters will have the precedence over the default parameters.
RoleParametersValue:
type: OS::Heat::Value
properties:
type: json
value:
map_replace:
- map_replace:
- neutron::agents::ml2::ovs::bridge_mappings: NeutronBridgeMappings
vswitch::ovs::enable_hw_offload: OvsHwOffload
- values: {get_param: [RoleParameters]}
- values:
NeutronBridgeMappings: {get_param: NeutronBridgeMappings}
OvsHwOffload: {get_param: OvsHwOffload}
outputs:
role_data:
description: Role data for the Neutron OVS agent service.
value:
service_name: neutron_ovs_agent
monitoring_subscription: {get_param: MonitoringSubscriptionNeutronOvs}
config_settings:
map_merge:
- get_attr: [NeutronBase, role_data, config_settings]
- get_attr: [RoleParametersValue, value]
- neutron::agents::ml2::ovs::l2_population: {get_param: NeutronEnableL2Pop}
neutron::agents::ml2::ovs::enable_distributed_routing: {get_param: NeutronEnableDVR}
neutron::agents::ml2::ovs::arp_responder: {get_param: NeutronEnableARPResponder}
neutron::agents::ml2::ovs::tunnel_types: {get_param: NeutronTunnelTypes}
neutron::agents::ml2::ovs::extensions: {get_param: NeutronAgentExtensions}
neutron::agents::ml2::ovs::tunnel_csum: {get_param: NeutronOVSTunnelCsum}
# NOTE: bind IP is found in hiera replacing the network name with the
# local node IP for the given network; replacement examples
# (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
neutron::agents::ml2::ovs::local_ip:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, NeutronTenantNetwork]}
tripleo::neutron_ovs_agent::firewall_rules:
'118 neutron vxlan networks':
proto: 'udp'
dport: 4789
'136 neutron gre networks':
proto: 'gre'
-
if:
- no_firewall_driver
- {}
- neutron::agents::ml2::ovs::firewall_driver: {get_param: NeutronOVSFirewallDriver}
service_config_settings:
collectd:
tripleo.collectd.plugins.neutron_ovs_agent:
- ovs_stats
collectd::plugin::ovs_stats::socket: '/var/run/openvswitch/db.sock'
fluentd:
tripleo_fluentd_groups_neutron_ovs_agent:
- neutron
tripleo_fluentd_sources_neutron_ovs_agent:
- {get_param: NeutronOpenVswitchAgentLoggingSource}
step_config: |
include ::tripleo::profile::base::neutron::ovs
upgrade_tasks: []
metadata_settings:
get_attr: [NeutronBase, role_data, metadata_settings]