From d1fea280f4ae0d5a66d0a0ab4f37c6917ea09818 Mon Sep 17 00:00:00 2001 From: Dan Prince Date: Sun, 13 Jan 2019 10:41:30 -0500 Subject: [PATCH] step2: flatten the neutron service configurations This change combines the previous puppet and docker files into a single file that performs the docker service installation and configuration for the neutron-metadata, neutron-ovs-agent, and neutron-ovs-dpdk-agent. With this patch the baremetal version of each respective neutron service has been removed. Related-Blueprint: services-yaml-flattening Change-Id: I7a918e72ce4bfd06a95d7a575603a6fb65ded5a9 --- .../neutron/neutron-cleanup | 0 .../neutron/neutron-cleanup.service | 0 .../neutron-metadata-container-puppet.yaml | 91 ++++++++- .../neutron-ovs-agent-container-puppet.yaml | 135 +++++++++++-- ...utron-ovs-dpdk-agent-container-puppet.yaml | 46 ++++- docker/services/neutron-ovs-dpdk-agent.yaml | 107 ----------- environments/baremetal-services.yaml | 6 +- environments/computealt.yaml | 2 +- environments/neutron-ovs-dpdk.yaml | 2 +- environments/neutron-ovs-dvr.yaml | 2 +- .../services-baremetal/neutron-ovs-dpdk.yaml | 2 +- environments/services/neutron-ovs-dpdk.yaml | 2 +- environments/services/neutron-ovs-dvr.yaml | 2 +- overcloud-resource-registry-puppet.j2.yaml | 6 +- puppet/services/neutron-metadata.yaml | 140 -------------- puppet/services/neutron-ovs-agent.yaml | 181 ------------------ 16 files changed, 254 insertions(+), 470 deletions(-) rename {docker/services => deployment}/neutron/neutron-cleanup (100%) rename {docker/services => deployment}/neutron/neutron-cleanup.service (100%) rename docker/services/neutron-metadata.yaml => deployment/neutron/neutron-metadata-container-puppet.yaml (62%) rename docker/services/neutron-ovs-agent.yaml => deployment/neutron/neutron-ovs-agent-container-puppet.yaml (68%) rename puppet/services/neutron-ovs-dpdk-agent.yaml => deployment/neutron/neutron-ovs-dpdk-agent-container-puppet.yaml (69%) delete mode 100644 docker/services/neutron-ovs-dpdk-agent.yaml delete mode 100644 puppet/services/neutron-metadata.yaml delete mode 100644 puppet/services/neutron-ovs-agent.yaml diff --git a/docker/services/neutron/neutron-cleanup b/deployment/neutron/neutron-cleanup similarity index 100% rename from docker/services/neutron/neutron-cleanup rename to deployment/neutron/neutron-cleanup diff --git a/docker/services/neutron/neutron-cleanup.service b/deployment/neutron/neutron-cleanup.service similarity index 100% rename from docker/services/neutron/neutron-cleanup.service rename to deployment/neutron/neutron-cleanup.service diff --git a/docker/services/neutron-metadata.yaml b/deployment/neutron/neutron-metadata-container-puppet.yaml similarity index 62% rename from docker/services/neutron-metadata.yaml rename to deployment/neutron/neutron-metadata-container-puppet.yaml index c266855ffd..b211436442 100644 --- a/docker/services/neutron-metadata.yaml +++ b/deployment/neutron/neutron-metadata-container-puppet.yaml @@ -41,14 +41,55 @@ parameters: default: {} description: Parameters specific to the role type: json + NeutronMetadataProxySharedSecret: + description: Shared secret to prevent spoofing + type: string + hidden: true + NeutronWorkers: + default: '' + description: | + Sets the number of worker processes for the neutron metadata agent. The + default value results in the configuration being left unset and a + system-dependent default will be chosen (usually the number of + processors). Please note that this can result in a large number of + processes and memory consumption on systems with a large core count. On + such systems it is recommended that a non-default value be selected that + matches the load requirements. + type: string + NeutronPassword: + description: The password for the neutron service and db account, used by neutron agents. + type: string + hidden: true + MonitoringSubscriptionNeutronMetadata: + default: 'overcloud-neutron-metadata' + type: string + Debug: + type: boolean + default: false + description: Set to True to enable debugging on all services. + NeutronMetadataAgentDebug: + default: '' + description: Set to True to enable debugging for Neutron Metadata agent. + type: string + constraints: + - allowed_values: [ '', 'true', 'True', 'TRUE', 'false', 'False', 'FALSE'] + EnableInternalTLS: + type: boolean + default: false + +conditions: + neutron_workers_unset: {equals : [{get_param: NeutronWorkers}, '']} + service_debug_unset: {equals: [{get_param: NeutronMetadataAgentDebug}, '']} + internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} + is_neutron_shared_metadata_notempty: {not: {equals: [{get_param: NeutronMetadataProxySharedSecret}, '']}} resources: ContainersCommon: - type: ./containers-common.yaml + type: ../../docker/services/containers-common.yaml - NeutronMetadataBase: - type: ../../puppet/services/neutron-metadata.yaml + NeutronBase: + type: ../../puppet/services/neutron-base.yaml properties: EndpointMap: {get_param: EndpointMap} ServiceData: {get_param: ServiceData} @@ -66,14 +107,44 @@ outputs: role_data: description: Role data for Neutron Metadata agent value: - service_name: {get_attr: [NeutronMetadataBase, role_data, service_name]} + service_name: neutron_metadata + monitoring_subscription: {get_param: MonitoringSubscriptionNeutronMetadata} config_settings: map_merge: - - get_attr: [NeutronMetadataBase, role_data, config_settings] + - get_attr: [NeutronBase, role_data, config_settings] - get_attr: [NeutronLogging, config_settings] + - neutron::agents::metadata::auth_password: {get_param: NeutronPassword} + neutron::agents::metadata::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] } + neutron::agents::metadata::auth_tenant: 'service' + neutron::agents::metadata::debug: + if: + - service_debug_unset + - {get_param: Debug} + - {get_param: NeutronMetadataAgentDebug} + neutron::agents::metadata::metadata_host: + str_replace: + template: + "%{hiera('cloud_name_$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, NovaMetadataNetwork]} + neutron::agents::metadata::metadata_protocol: + if: + - internal_tls_enabled + - 'https' + - 'http' + - + if: + - neutron_workers_unset + - {} + - neutron::agents::metadata::metadata_workers: {get_param: NeutronWorkers} + - + if: + - is_neutron_shared_metadata_notempty + - neutron::agents::metadata::shared_secret: {get_param: NeutronMetadataProxySharedSecret} + - {} service_config_settings: map_merge: - - get_attr: [NeutronMetadataBase, role_data, service_config_settings] + - get_attr: [NeutronBase, role_data, service_config_settings] - fluentd: tripleo_fluentd_groups_neutron_metadata: - neutron @@ -82,8 +153,8 @@ outputs: puppet_config: puppet_tags: neutron_config,neutron_metadata_agent_config config_volume: neutron - step_config: - get_attr: [NeutronMetadataBase, role_data, step_config] + step_config: | + include tripleo::profile::base::neutron::metadata config_image: {get_param: DockerNeutronConfigImage} kolla_config: /var/lib/kolla/config_files/neutron_metadata_agent.json: @@ -121,7 +192,7 @@ outputs: - yaql: expression: str($.data.port) data: - port: {get_attr: [NeutronMetadataBase, role_data, config_settings, 'neutron::rabbit_port']} + port: {get_attr: [NeutronBase, role_data, config_settings, 'neutron::rabbit_port']} volumes: list_concat: - {get_attr: [ContainersCommon, volumes]} @@ -134,7 +205,7 @@ outputs: environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS metadata_settings: - get_attr: [NeutronMetadataBase, role_data, metadata_settings] + get_attr: [NeutronBase, role_data, metadata_settings] host_prep_tasks: list_concat: - {get_attr: [NeutronLogging, host_prep_tasks]} diff --git a/docker/services/neutron-ovs-agent.yaml b/deployment/neutron/neutron-ovs-agent-container-puppet.yaml similarity index 68% rename from docker/services/neutron-ovs-agent.yaml rename to deployment/neutron/neutron-ovs-agent-container-puppet.yaml index 06e18edf03..2b9988c6d2 100644 --- a/docker/services/neutron-ovs-agent.yaml +++ b/deployment/neutron/neutron-ovs-agent-container-puppet.yaml @@ -57,18 +57,96 @@ parameters: type: string description: The python interpreter to use for python and ansible actions default: /usr/bin/python + NeutronEnableL2Pop: + type: string + description: Enable/disable the L2 population feature in the Neutron agents. + default: "False" + NeutronBridgeMappings: + description: > + The OVS logical->physical bridge mappings to use. See the Neutron + documentation for details. Defaults to mapping br-ex - the external + bridge on hosts - to a physical name 'datacentre' which can be used + to create provider networks (and we use this for the default floating + network) - if changing this either use different post-install network + scripts or be sure to keep 'datacentre' as a mapping network name. + type: comma_delimited_list + default: "datacentre:br-ex" + tags: + - role_specific + NeutronTunnelTypes: + default: 'vxlan' + description: The tunnel types for the Neutron tenant network. + type: comma_delimited_list + NeutronAgentExtensions: + default: "qos" + description: | + Comma-separated list of extensions enabled for the Neutron agents. + type: comma_delimited_list + NeutronEnableDVR: + default: False + description: Enable Neutron DVR. + type: boolean + NeutronEnableARPResponder: + default: false + description: | + Enable ARP responder feature in the OVS Agent. + type: boolean + MonitoringSubscriptionNeutronOvs: + default: 'overcloud-neutron-ovs-agent' + type: string + NeutronOVSFirewallDriver: + default: '' + description: | + Configure the classname of the firewall driver to use for implementing + security groups. Possible values depend on system configuration. Some + examples are: noop, openvswitch, iptables_hybrid. The default value of an + empty string will result in a default supported configuration. + type: string + OvsHwOffload: + default: false + description: | + Enable OVS Hardware Offload. This feature supported from OVS 2.8.0 + type: boolean + tags: + - role_specific + NeutronOVSTunnelCsum: + default: false + description: | + Set or un-set the tunnel header checksum on outgoing IP packet + carrying GRE/VXLAN tunnel. + type: boolean + RpcPort: + default: 5672 + description: The network port for messaging backend + type: number conditions: - + no_firewall_driver: {equals : [{get_param: NeutronOVSFirewallDriver}, '']} docker_puppet_mount_host: {equals: [{get_param: DockerPuppetMountHostPuppet}, true]} resources: ContainersCommon: - type: ./containers-common.yaml + type: ../../docker/services/containers-common.yaml - NeutronOvsAgentBase: - type: ../../puppet/services/neutron-ovs-agent.yaml + # Merging role-specific parameters (RoleParameters) with the default parameters. + # RoleParameters will have the precedence over the default parameters. + RoleParametersValue: + type: OS::Heat::Value + properties: + type: json + value: + map_replace: + - map_replace: + - neutron::agents::ml2::ovs::bridge_mappings: NeutronBridgeMappings + vswitch::ovs::enable_hw_offload: OvsHwOffload + - values: {get_param: [RoleParameters]} + - values: + NeutronBridgeMappings: {get_param: NeutronBridgeMappings} + OvsHwOffload: {get_param: OvsHwOffload} + + NeutronBase: + type: ../../puppet/services/neutron-base.yaml properties: EndpointMap: {get_param: EndpointMap} ServiceData: {get_param: ServiceData} @@ -86,14 +164,45 @@ outputs: role_data: description: Role data for Neutron openvswitch service value: - service_name: {get_attr: [NeutronOvsAgentBase, role_data, service_name]} + service_name: neutron_ovs_agent + monitoring_subscription: {get_param: MonitoringSubscriptionNeutronOvs} config_settings: map_merge: - - get_attr: [NeutronOvsAgentBase, role_data, config_settings] + - get_attr: [NeutronBase, role_data, config_settings] + - get_attr: [RoleParametersValue, value] - get_attr: [NeutronLogging, config_settings] + - neutron::agents::ml2::ovs::l2_population: {get_param: NeutronEnableL2Pop} + neutron::agents::ml2::ovs::enable_distributed_routing: {get_param: NeutronEnableDVR} + neutron::agents::ml2::ovs::arp_responder: {get_param: NeutronEnableARPResponder} + neutron::agents::ml2::ovs::tunnel_types: {get_param: NeutronTunnelTypes} + neutron::agents::ml2::ovs::extensions: {get_param: NeutronAgentExtensions} + neutron::agents::ml2::ovs::tunnel_csum: {get_param: NeutronOVSTunnelCsum} + # NOTE: bind IP is found in hiera replacing the network name with the + # local node IP for the given network; replacement examples + # (eg. for internal_api): + # internal_api -> IP + # internal_api_uri -> [IP] + # internal_api_subnet - > IP/CIDR + neutron::agents::ml2::ovs::local_ip: + str_replace: + template: + "%{hiera('$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, NeutronTenantNetwork]} + tripleo::neutron_ovs_agent::firewall_rules: + '118 neutron vxlan networks': + proto: 'udp' + dport: 4789 + '136 neutron gre networks': + proto: 'gre' + - + if: + - no_firewall_driver + - {} + - neutron::agents::ml2::ovs::firewall_driver: {get_param: NeutronOVSFirewallDriver} service_config_settings: map_merge: - - get_attr: [NeutronOvsAgentBase, role_data, service_config_settings] + - get_attr: [NeutronBase, role_data, service_config_settings] - fluentd: tripleo_fluentd_groups_neutron_ovs_agent: - neutron @@ -102,8 +211,8 @@ outputs: puppet_config: config_volume: neutron puppet_tags: neutron_config,neutron_agent_ovs,neutron_plugin_ml2 - step_config: - get_attr: [NeutronOvsAgentBase, role_data, step_config] + step_config: | + include ::tripleo::profile::base::neutron::ovs config_image: {get_param: DockerNeutronConfigImage} # We need to mount /run for puppet_config step. This is because # puppet-vswitch runs the commands "ovs-vsctl list open_vswitch ." @@ -191,7 +300,7 @@ outputs: - yaql: expression: str($.data.port) data: - port: {get_attr: [NeutronOvsAgentBase, role_data, config_settings, 'neutron::rabbit_port']} + port: {get_param: RpcPort} ulimit: {get_param: DockerOpenvswitchUlimit} volumes: list_concat: @@ -206,7 +315,7 @@ outputs: environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS metadata_settings: - get_attr: [NeutronOvsAgentBase, role_data, metadata_settings] + get_attr: [NeutronBase, role_data, metadata_settings] host_prep_tasks: list_concat: - {get_attr: [NeutronLogging, host_prep_tasks]} @@ -220,13 +329,13 @@ outputs: - name: openvswitch - name: Copy in cleanup script copy: - content: {get_file: ./neutron/neutron-cleanup} + content: {get_file: ./neutron-cleanup} dest: '/usr/libexec/neutron-cleanup' force: yes mode: '0755' - name: Copy in cleanup service copy: - content: {get_file: ./neutron/neutron-cleanup.service} + content: {get_file: ./neutron-cleanup.service} dest: '/usr/lib/systemd/system/neutron-cleanup.service' force: yes - name: Enabling the cleanup service diff --git a/puppet/services/neutron-ovs-dpdk-agent.yaml b/deployment/neutron/neutron-ovs-dpdk-agent-container-puppet.yaml similarity index 69% rename from puppet/services/neutron-ovs-dpdk-agent.yaml rename to deployment/neutron/neutron-ovs-dpdk-agent-container-puppet.yaml index 989b09ec22..ab51fcc7f2 100644 --- a/puppet/services/neutron-ovs-dpdk-agent.yaml +++ b/deployment/neutron/neutron-ovs-dpdk-agent-container-puppet.yaml @@ -1,9 +1,12 @@ heat_template_version: rocky description: > - OpenStack Neutron OVS DPDK configured with Puppet for Compute Role + OpenStack Neutron OVS DPDK configured with Puppet for Compute Role (Containerized) parameters: + DockerNeutronConfigImage: + description: The container image to use for the neutron config_volume + type: string ServiceData: default: {} description: Dictionary packing service data @@ -67,7 +70,7 @@ parameters: resources: NeutronOvsAgent: - type: ./neutron-ovs-agent.yaml + type: ./neutron-ovs-agent-container-puppet.yaml properties: ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} @@ -97,7 +100,7 @@ resources: VhostuserSocketUser: {get_param: VhostuserSocketUser} Ovs: - type: ./openvswitch.yaml + type: ../../puppet/services/openvswitch.yaml properties: ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} @@ -107,7 +110,7 @@ resources: outputs: role_data: - description: Role data for the Neutron OVS DPDK Agent service. + description: Role data for Neutron openvswitch DPDK service value: service_name: neutron_ovs_dpdk_agent config_settings: @@ -120,8 +123,37 @@ outputs: - get_attr: [Ovs, role_data, config_settings] - get_attr: [RoleParametersValue, value] service_config_settings: - nova_libvirt: - nova::compute::libvirt::qemu::group: {get_attr: [RoleParametersValue, value, vhostuser_socket_group]} - step_config: {get_attr: [NeutronOvsAgent, role_data, step_config]} + map_merge: + - get_attr: [NeutronOvsAgent, role_data, service_config_settings] + - nova_libvirt: + nova::compute::libvirt::qemu::group: {get_attr: [RoleParametersValue, value, vhostuser_socket_group]} + puppet_config: + config_volume: neutron + puppet_tags: neutron_config,neutron_agent_ovs,neutron_plugin_ml2 + step_config: + get_attr: [NeutronOvsAgent, role_data, step_config] + config_image: {get_param: DockerNeutronConfigImage} + # We need to mount /run for puppet_config step. This is because + # puppet-vswitch runs the commands "ovs-vsctl list open_vswitch ." + # when running vswitch::ovs::enable_hw_offload: true + # ovs-vsctl talks to the ovsdb-server (hosting conf.db) + # on the unix domain socket - /run/openvswitch/db.sock + volumes: + - /lib/modules:/lib/modules:ro + - /run/openvswitch:/run/openvswitch + kolla_config: + get_attr: [NeutronOvsAgent, role_data, kolla_config] + docker_config_scripts: + get_attr: [NeutronOvsAgent, role_data, docker_config_scripts] + docker_config: + get_attr: [NeutronOvsAgent, role_data, docker_config] metadata_settings: get_attr: [NeutronOvsAgent, role_data, metadata_settings] + host_prep_tasks: + get_attr: [NeutronOvsAgent, role_data, host_prep_tasks] + upgrade_tasks: + get_attr: [NeutronOvsAgent, role_data, upgrade_tasks] + update_tasks: + get_attr: [NeutronOvsAgent, role_data, update_tasks] + fast_forward_upgrade_tasks: + get_attr: [NeutronOvsAgent, role_data, fast_forward_upgrade_tasks] diff --git a/docker/services/neutron-ovs-dpdk-agent.yaml b/docker/services/neutron-ovs-dpdk-agent.yaml deleted file mode 100644 index ea5cfb2668..0000000000 --- a/docker/services/neutron-ovs-dpdk-agent.yaml +++ /dev/null @@ -1,107 +0,0 @@ -heat_template_version: rocky - -description: > - OpenStack Neutron OVS DPDK configured with Puppet for Compute Role (Containerized) - -parameters: - DockerNeutronConfigImage: - description: The container image to use for the neutron config_volume - type: string - ServiceData: - default: {} - description: Dictionary packing service data - type: json - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - DefaultPasswords: - default: {} - type: json - RoleName: - default: '' - description: Role name on which the service is applied - type: string - RoleParameters: - default: {} - description: Parameters specific to the role - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - -resources: - - ContainersCommon: - type: ./containers-common.yaml - - NeutronOvsDpdkAgentBase: - type: ../../puppet/services/neutron-ovs-dpdk-agent.yaml - properties: - EndpointMap: {get_param: EndpointMap} - ServiceData: {get_param: ServiceData} - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - RoleName: {get_param: RoleName} - RoleParameters: {get_param: RoleParameters} - - NeutronOvsAgentDockerBase: - type: ../../docker/services/neutron-ovs-agent.yaml - properties: - EndpointMap: {get_param: EndpointMap} - ServiceData: {get_param: ServiceData} - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - RoleName: {get_param: RoleName} - RoleParameters: {get_param: RoleParameters} - - NeutronLogging: - type: OS::TripleO::Services::Logging::NeutronCommon - properties: - NeutronServiceName: openvswitch-agent - -outputs: - role_data: - description: Role data for Neutron openvswitch DPDK service - value: - service_name: {get_attr: [NeutronOvsDpdkAgentBase, role_data, service_name]} - config_settings: - map_merge: - - get_attr: [NeutronOvsDpdkAgentBase, role_data, config_settings] - - get_attr: [NeutronLogging, config_settings] - service_config_settings: - get_attr: [NeutronOvsDpdkAgentBase, role_data, service_config_settings] - puppet_config: - config_volume: neutron - puppet_tags: neutron_config,neutron_agent_ovs,neutron_plugin_ml2 - step_config: - get_attr: [NeutronOvsDpdkAgentBase, role_data, step_config] - config_image: {get_param: DockerNeutronConfigImage} - # We need to mount /run for puppet_config step. This is because - # puppet-vswitch runs the commands "ovs-vsctl list open_vswitch ." - # when running vswitch::ovs::enable_hw_offload: true - # ovs-vsctl talks to the ovsdb-server (hosting conf.db) - # on the unix domain socket - /run/openvswitch/db.sock - volumes: - - /lib/modules:/lib/modules:ro - - /run/openvswitch:/run/openvswitch - kolla_config: - get_attr: [NeutronOvsAgentDockerBase, role_data, kolla_config] - docker_config_scripts: - get_attr: [NeutronOvsAgentDockerBase, role_data, docker_config_scripts] - docker_config: - get_attr: [NeutronOvsAgentDockerBase, role_data, docker_config] - metadata_settings: - get_attr: [NeutronOvsAgentDockerBase, role_data, metadata_settings] - host_prep_tasks: - get_attr: [NeutronOvsAgentDockerBase, role_data, host_prep_tasks] - upgrade_tasks: - get_attr: [NeutronOvsAgentDockerBase, role_data, upgrade_tasks] - update_tasks: - get_attr: [NeutronOvsAgentDockerBase, role_data, update_tasks] - fast_forward_upgrade_tasks: - get_attr: [NeutronOvsAgentDockerBase, role_data, fast_forward_upgrade_tasks] diff --git a/environments/baremetal-services.yaml b/environments/baremetal-services.yaml index 6643bf7052..f88747e8ec 100644 --- a/environments/baremetal-services.yaml +++ b/environments/baremetal-services.yaml @@ -14,7 +14,7 @@ resource_registry: OS::TripleO::Services::CinderScheduler: ../deployment/cinder/cinder-scheduler-container-puppet.yaml OS::TripleO::Services::CinderVolume: ../deployment/cinder/cinder-volume-container-puppet.yaml OS::TripleO::Services::ComputeCeilometerAgent: ../puppet/services/ceilometer-agent-compute.yaml - OS::TripleO::Services::ComputeNeutronOvsAgent: ../puppet/services/neutron-ovs-agent.yaml + OS::TripleO::Services::ComputeNeutronOvsAgent: ../deployment/neutron/neutron-ovs-agent-container-puppet.yaml OS::TripleO::Services::ContainersLogrotateCrond: OS::Heat::None OS::TripleO::Services::GlanceApi: ../deployment/glance/glance-api-container-puppet.yaml OS::TripleO::Services::GnocchiApi: ../puppet/services/gnocchi-api.yaml @@ -34,8 +34,8 @@ resource_registry: OS::TripleO::Services::NeutronCorePlugin: ../puppet/services/neutron-plugin-ml2.yaml OS::TripleO::Services::NeutronDhcpAgent: ../deployment/neutron/neutron-dhcp-container-puppet.yaml OS::TripleO::Services::NeutronL3Agent: ../deployment/neutron/neutron-l3-container-puppet.yaml - OS::TripleO::Services::NeutronMetadataAgent: ../puppet/services/neutron-metadata.yaml - OS::TripleO::Services::NeutronOvsAgent: ../puppet/services/neutron-ovs-agent.yaml + OS::TripleO::Services::NeutronMetadataAgent: ../deployment/neutron/neutron-metadata-container-puppet.yaml + OS::TripleO::Services::NeutronOvsAgent: ../deployment/neutron/neutron-ovs-agent-container-puppet.yaml OS::TripleO::Services::NeutronServer: ../deployment/neutron/neutron-api-container-puppet.yaml OS::TripleO::Services::NovaApi: ../puppet/services/nova-api.yaml OS::TripleO::Services::NovaCompute: ../puppet/services/nova-compute.yaml diff --git a/environments/computealt.yaml b/environments/computealt.yaml index 02e98ae848..7c5d720501 100644 --- a/environments/computealt.yaml +++ b/environments/computealt.yaml @@ -3,7 +3,7 @@ resource_registry: # If enabling collectd you'll need provide the following in a specific resource_registry # OS::TripleO::Services::CollectdAlt: ../puppet/services/metrics/collectd.yaml OS::TripleO::Services::ComputeCeilometerAgentAlt: ../puppet/services/ceilometer-agent-compute.yaml - OS::TripleO::Services::ComputeNeutronOvsAgentAlt: ../puppet/services/neutron-ovs-agent.yaml + OS::TripleO::Services::ComputeNeutronOvsAgentAlt: ../deployment/neutron/neutron-ovs-agent-container-puppet.yaml OS::TripleO::Services::FluentdAlt: OS::Heat::None # If enabling fluentd you'll need provide the following in a specific resource_registry # OS::TripleO::Services::FluentdAlt: ../puppet/services/logging/fluentd.yaml diff --git a/environments/neutron-ovs-dpdk.yaml b/environments/neutron-ovs-dpdk.yaml index 3f6cefa165..1c110a5283 100644 --- a/environments/neutron-ovs-dpdk.yaml +++ b/environments/neutron-ovs-dpdk.yaml @@ -5,7 +5,7 @@ # A Heat environment that can be used to deploy DPDK with OVS # Deploying DPDK requires enabling hugepages for the overcloud nodes resource_registry: - OS::TripleO::Services::ComputeNeutronOvsDpdk: ../docker/services/neutron-ovs-dpdk-agent.yaml + OS::TripleO::Services::ComputeNeutronOvsDpdk: ../deployment/neutron/neutron-ovs-dpdk-agent-container-puppet.yaml parameter_defaults: NeutronDatapathType: "netdev" diff --git a/environments/neutron-ovs-dvr.yaml b/environments/neutron-ovs-dvr.yaml index c26e577af8..0850de70eb 100644 --- a/environments/neutron-ovs-dvr.yaml +++ b/environments/neutron-ovs-dvr.yaml @@ -3,7 +3,7 @@ # compute nodes. resource_registry: OS::TripleO::Services::ComputeNeutronL3Agent: ../deployment/neutron/neutron-l3-container-puppet.yaml - OS::TripleO::Services::ComputeNeutronMetadataAgent: ../docker/services/neutron-metadata.yaml + OS::TripleO::Services::ComputeNeutronMetadataAgent: ../deployment/neutron/neutron-metadata-container-puppet.yaml # With using default template values, the Compute nodes also need the br-ex # bridge to be connected to a physical network. diff --git a/environments/services-baremetal/neutron-ovs-dpdk.yaml b/environments/services-baremetal/neutron-ovs-dpdk.yaml index dd47591df0..f91a722ec1 100644 --- a/environments/services-baremetal/neutron-ovs-dpdk.yaml +++ b/environments/services-baremetal/neutron-ovs-dpdk.yaml @@ -1,7 +1,7 @@ # A Heat environment that can be used to deploy DPDK with OVS # Deploying DPDK requires enabling hugepages for the overcloud nodes resource_registry: - OS::TripleO::Services::ComputeNeutronOvsDpdk: ../../puppet/services/neutron-ovs-dpdk-agent.yaml + OS::TripleO::Services::ComputeNeutronOvsDpdk: ../../deployment/neutron/neutron-ovs-dpdk-agent-container-puppet.yaml parameter_defaults: NeutronDatapathType: "netdev" diff --git a/environments/services/neutron-ovs-dpdk.yaml b/environments/services/neutron-ovs-dpdk.yaml index 0c4d3a6b35..f91a722ec1 100644 --- a/environments/services/neutron-ovs-dpdk.yaml +++ b/environments/services/neutron-ovs-dpdk.yaml @@ -1,7 +1,7 @@ # A Heat environment that can be used to deploy DPDK with OVS # Deploying DPDK requires enabling hugepages for the overcloud nodes resource_registry: - OS::TripleO::Services::ComputeNeutronOvsDpdk: ../../docker/services/neutron-ovs-dpdk-agent.yaml + OS::TripleO::Services::ComputeNeutronOvsDpdk: ../../deployment/neutron/neutron-ovs-dpdk-agent-container-puppet.yaml parameter_defaults: NeutronDatapathType: "netdev" diff --git a/environments/services/neutron-ovs-dvr.yaml b/environments/services/neutron-ovs-dvr.yaml index f20810535b..cd34a53dad 100644 --- a/environments/services/neutron-ovs-dvr.yaml +++ b/environments/services/neutron-ovs-dvr.yaml @@ -4,7 +4,7 @@ # production deployments. resource_registry: OS::TripleO::Services::ComputeNeutronL3Agent: ../../deployment/neutron/neutron-l3-container-puppet.yaml - OS::TripleO::Services::ComputeNeutronMetadataAgent: ../../docker/services/neutron-metadata.yaml + OS::TripleO::Services::ComputeNeutronMetadataAgent: ../../deployment/neutron/neutron-metadata-container-puppet.yaml OS::TripleO::ComputeDVR::Net::SoftwareConfig: ../../net-config-bridge.yaml parameter_defaults: diff --git a/overcloud-resource-registry-puppet.j2.yaml b/overcloud-resource-registry-puppet.j2.yaml index 0872106028..4db561fa80 100644 --- a/overcloud-resource-registry-puppet.j2.yaml +++ b/overcloud-resource-registry-puppet.j2.yaml @@ -140,7 +140,7 @@ resource_registry: OS::TripleO::Services::NeutronL2gwAgent: OS::Heat::None OS::TripleO::Services::NeutronLbaasv2Agent: OS::Heat::None OS::TripleO::Services::NeutronLbaasv2Api: OS::Heat::None - OS::TripleO::Services::NeutronMetadataAgent: docker/services/neutron-metadata.yaml + OS::TripleO::Services::NeutronMetadataAgent: deployment/neutron/neutron-metadata-container-puppet.yaml OS::TripleO::Services::OVNMetadataAgent: OS::Heat::None # FIXME(shardy) the duplicate NeutronServer line can be removed when we've updated # the multinode job ControllerServices after this patch merges @@ -165,9 +165,9 @@ resource_registry: OS::TripleO::Services::NeutronCorePluginVTS: docker/services/neutron-plugin-ml2-cisco-vts.yaml OS::TripleO::Services::NeutronCorePluginML2Ansible: docker/services/neutron-plugin-ml2-ansible.yaml OS::TripleO::Services::NeutronNuageVrs: puppet/services/neutron-controller-plugin-nuage.yaml - OS::TripleO::Services::NeutronOvsAgent: docker/services/neutron-ovs-agent.yaml + OS::TripleO::Services::NeutronOvsAgent: deployment/neutron/neutron-ovs-agent-container-puppet.yaml OS::TripleO::Services::NeutronLinuxbridgeAgent: OS::Heat::None - OS::TripleO::Services::ComputeNeutronOvsAgent: docker/services/neutron-ovs-agent.yaml + OS::TripleO::Services::ComputeNeutronOvsAgent: deployment/neutron/neutron-ovs-agent-container-puppet.yaml OS::TripleO::Services::ComputeNeutronOvsDpdk: OS::Heat::None OS::TripleO::Services::Pacemaker: OS::Heat::None OS::TripleO::Services::PacemakerRemote: OS::Heat::None diff --git a/puppet/services/neutron-metadata.yaml b/puppet/services/neutron-metadata.yaml deleted file mode 100644 index d95f30e7ae..0000000000 --- a/puppet/services/neutron-metadata.yaml +++ /dev/null @@ -1,140 +0,0 @@ -heat_template_version: rocky - -description: > - OpenStack Neutron Metadata agent configured with Puppet - -parameters: - ServiceData: - default: {} - description: Dictionary packing service data - type: json - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - DefaultPasswords: - default: {} - type: json - RoleName: - default: '' - description: Role name on which the service is applied - type: string - RoleParameters: - default: {} - description: Parameters specific to the role - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - NeutronMetadataProxySharedSecret: - description: Shared secret to prevent spoofing - type: string - hidden: true - NeutronWorkers: - default: '' - description: | - Sets the number of worker processes for the neutron metadata agent. The - default value results in the configuration being left unset and a - system-dependent default will be chosen (usually the number of - processors). Please note that this can result in a large number of - processes and memory consumption on systems with a large core count. On - such systems it is recommended that a non-default value be selected that - matches the load requirements. - type: string - NeutronPassword: - description: The password for the neutron service and db account, used by neutron agents. - type: string - hidden: true - MonitoringSubscriptionNeutronMetadata: - default: 'overcloud-neutron-metadata' - type: string - NeutronMetadataAgentLoggingSource: - type: json - default: - tag: openstack.neutron.agent.metadata - path: /var/log/neutron/metadata-agent.log - Debug: - type: boolean - default: false - description: Set to True to enable debugging on all services. - NeutronMetadataAgentDebug: - default: '' - description: Set to True to enable debugging for Neutron Metadata agent. - type: string - constraints: - - allowed_values: [ '', 'true', 'True', 'TRUE', 'false', 'False', 'FALSE'] - EnableInternalTLS: - type: boolean - default: false - -conditions: - neutron_workers_unset: {equals : [{get_param: NeutronWorkers}, '']} - service_debug_unset: {equals: [{get_param: NeutronMetadataAgentDebug}, '']} - internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} - is_neutron_shared_metadata_notempty: {not: {equals: [{get_param: NeutronMetadataProxySharedSecret}, '']}} - -resources: - - NeutronBase: - type: ./neutron-base.yaml - properties: - ServiceData: {get_param: ServiceData} - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - EndpointMap: {get_param: EndpointMap} - RoleName: {get_param: RoleName} - RoleParameters: {get_param: RoleParameters} - -outputs: - role_data: - description: Role data for the Neutron Metadata agent service. - value: - service_name: neutron_metadata - monitoring_subscription: {get_param: MonitoringSubscriptionNeutronMetadata} - config_settings: - map_merge: - - get_attr: [NeutronBase, role_data, config_settings] - - neutron::agents::metadata::auth_password: {get_param: NeutronPassword} - neutron::agents::metadata::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] } - neutron::agents::metadata::auth_tenant: 'service' - neutron::agents::metadata::debug: - if: - - service_debug_unset - - {get_param: Debug} - - {get_param: NeutronMetadataAgentDebug} - neutron::agents::metadata::metadata_host: - str_replace: - template: - "%{hiera('cloud_name_$NETWORK')}" - params: - $NETWORK: {get_param: [ServiceNetMap, NovaMetadataNetwork]} - neutron::agents::metadata::metadata_protocol: - if: - - internal_tls_enabled - - 'https' - - 'http' - - - if: - - neutron_workers_unset - - {} - - neutron::agents::metadata::metadata_workers: {get_param: NeutronWorkers} - - - if: - - is_neutron_shared_metadata_notempty - - neutron::agents::metadata::shared_secret: {get_param: NeutronMetadataProxySharedSecret} - - {} - service_config_settings: - fluentd: - tripleo_fluentd_groups_neutron_metadata: - - neutron - tripleo_fluentd_sources_neutron_metadata: - - {get_param: NeutronMetadataAgentLoggingSource} - step_config: | - include tripleo::profile::base::neutron::metadata - upgrade_tasks: [] - metadata_settings: - get_attr: [NeutronBase, role_data, metadata_settings] diff --git a/puppet/services/neutron-ovs-agent.yaml b/puppet/services/neutron-ovs-agent.yaml deleted file mode 100644 index 23b2eb534c..0000000000 --- a/puppet/services/neutron-ovs-agent.yaml +++ /dev/null @@ -1,181 +0,0 @@ -heat_template_version: rocky - -description: > - OpenStack Neutron OVS agent configured with Puppet - -parameters: - ServiceData: - default: {} - description: Dictionary packing service data - type: json - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - DefaultPasswords: - default: {} - type: json - RoleName: - default: '' - description: Role name on which the service is applied - type: string - RoleParameters: - default: {} - description: Parameters specific to the role - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - NeutronEnableL2Pop: - type: string - description: Enable/disable the L2 population feature in the Neutron agents. - default: "False" - NeutronBridgeMappings: - description: > - The OVS logical->physical bridge mappings to use. See the Neutron - documentation for details. Defaults to mapping br-ex - the external - bridge on hosts - to a physical name 'datacentre' which can be used - to create provider networks (and we use this for the default floating - network) - if changing this either use different post-install network - scripts or be sure to keep 'datacentre' as a mapping network name. - type: comma_delimited_list - default: "datacentre:br-ex" - tags: - - role_specific - NeutronTunnelTypes: - default: 'vxlan' - description: The tunnel types for the Neutron tenant network. - type: comma_delimited_list - NeutronAgentExtensions: - default: "qos" - description: | - Comma-separated list of extensions enabled for the Neutron agents. - type: comma_delimited_list - NeutronEnableDVR: - default: False - description: Enable Neutron DVR. - type: boolean - NeutronEnableARPResponder: - default: false - description: | - Enable ARP responder feature in the OVS Agent. - type: boolean - MonitoringSubscriptionNeutronOvs: - default: 'overcloud-neutron-ovs-agent' - type: string - NeutronOVSFirewallDriver: - default: '' - description: | - Configure the classname of the firewall driver to use for implementing - security groups. Possible values depend on system configuration. Some - examples are: noop, openvswitch, iptables_hybrid. The default value of an - empty string will result in a default supported configuration. - type: string - NeutronOpenVswitchAgentLoggingSource: - type: json - default: - tag: openstack.neutron.agent.openvswitch - path: /var/log/neutron/openvswitch-agent.log - OvsHwOffload: - default: false - description: | - Enable OVS Hardware Offload. This feature supported from OVS 2.8.0 - type: boolean - tags: - - role_specific - NeutronOVSTunnelCsum: - default: false - description: | - Set or un-set the tunnel header checksum on outgoing IP packet - carrying GRE/VXLAN tunnel. - type: boolean - -conditions: - no_firewall_driver: {equals : [{get_param: NeutronOVSFirewallDriver}, '']} - -resources: - - NeutronBase: - type: ./neutron-base.yaml - properties: - ServiceData: {get_param: ServiceData} - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - EndpointMap: {get_param: EndpointMap} - RoleName: {get_param: RoleName} - RoleParameters: {get_param: RoleParameters} - - # Merging role-specific parameters (RoleParameters) with the default parameters. - # RoleParameters will have the precedence over the default parameters. - RoleParametersValue: - type: OS::Heat::Value - properties: - type: json - value: - map_replace: - - map_replace: - - neutron::agents::ml2::ovs::bridge_mappings: NeutronBridgeMappings - vswitch::ovs::enable_hw_offload: OvsHwOffload - - values: {get_param: [RoleParameters]} - - values: - NeutronBridgeMappings: {get_param: NeutronBridgeMappings} - OvsHwOffload: {get_param: OvsHwOffload} - -outputs: - role_data: - description: Role data for the Neutron OVS agent service. - value: - service_name: neutron_ovs_agent - monitoring_subscription: {get_param: MonitoringSubscriptionNeutronOvs} - config_settings: - map_merge: - - get_attr: [NeutronBase, role_data, config_settings] - - get_attr: [RoleParametersValue, value] - - neutron::agents::ml2::ovs::l2_population: {get_param: NeutronEnableL2Pop} - neutron::agents::ml2::ovs::enable_distributed_routing: {get_param: NeutronEnableDVR} - neutron::agents::ml2::ovs::arp_responder: {get_param: NeutronEnableARPResponder} - neutron::agents::ml2::ovs::tunnel_types: {get_param: NeutronTunnelTypes} - neutron::agents::ml2::ovs::extensions: {get_param: NeutronAgentExtensions} - neutron::agents::ml2::ovs::tunnel_csum: {get_param: NeutronOVSTunnelCsum} - # NOTE: bind IP is found in hiera replacing the network name with the - # local node IP for the given network; replacement examples - # (eg. for internal_api): - # internal_api -> IP - # internal_api_uri -> [IP] - # internal_api_subnet - > IP/CIDR - neutron::agents::ml2::ovs::local_ip: - str_replace: - template: - "%{hiera('$NETWORK')}" - params: - $NETWORK: {get_param: [ServiceNetMap, NeutronTenantNetwork]} - tripleo::neutron_ovs_agent::firewall_rules: - '118 neutron vxlan networks': - proto: 'udp' - dport: 4789 - '136 neutron gre networks': - proto: 'gre' - - - if: - - no_firewall_driver - - {} - - neutron::agents::ml2::ovs::firewall_driver: {get_param: NeutronOVSFirewallDriver} - service_config_settings: - collectd: - tripleo.collectd.plugins.neutron_ovs_agent: - - ovs_stats - collectd::plugin::ovs_stats::socket: '/var/run/openvswitch/db.sock' - fluentd: - tripleo_fluentd_groups_neutron_ovs_agent: - - neutron - tripleo_fluentd_sources_neutron_ovs_agent: - - {get_param: NeutronOpenVswitchAgentLoggingSource} - step_config: | - include ::tripleo::profile::base::neutron::ovs - upgrade_tasks: [] - metadata_settings: - get_attr: [NeutronBase, role_data, metadata_settings]