step1: flatten the neutron service configurations
This change combines the previous puppet and docker files into a single file that performs the docker service installation and configuration for the neutron-api, neutron-dhcp, and neutron-l3 services. With this patch the baremetal version of each respective neutron service has been removed. Related-Blueprint: services-yaml-flattening Change-Id: I6d1fae29498d2c8bffff2ccffcfbf0b605350205
This commit is contained in:
parent
fce7eeca78
commit
dcdb82c506
@ -1,9 +1,25 @@
|
||||
heat_template_version: rocky
|
||||
|
||||
description: >
|
||||
OpenStack Neutron Server configured with Puppet
|
||||
OpenStack containerized Neutron API service
|
||||
|
||||
parameters:
|
||||
DockerNeutronApiImage:
|
||||
description: image
|
||||
type: string
|
||||
DockerNeutronConfigImage:
|
||||
description: The container image to use for the neutron config_volume
|
||||
type: string
|
||||
NeutronApiLoggingSource:
|
||||
type: json
|
||||
default:
|
||||
tag: openstack.neutron.api
|
||||
path: /var/log/containers/neutron/server.log
|
||||
EndpointMap:
|
||||
default: {}
|
||||
description: Mapping of service endpoint -> protocol. Typically set
|
||||
via parameter_defaults in the resource registry.
|
||||
type: json
|
||||
ServiceData:
|
||||
default: {}
|
||||
description: Dictionary packing service data
|
||||
@ -25,11 +41,21 @@ parameters:
|
||||
default: {}
|
||||
description: Parameters specific to the role
|
||||
type: json
|
||||
EndpointMap:
|
||||
default: {}
|
||||
description: Mapping of service endpoint -> protocol. Typically set
|
||||
via parameter_defaults in the resource registry.
|
||||
type: json
|
||||
EnableInternalTLS:
|
||||
type: boolean
|
||||
default: false
|
||||
UpgradeRemoveUnusedPackages:
|
||||
default: false
|
||||
description: Remove package if the service is being disabled during upgrade
|
||||
type: boolean
|
||||
NeutronApiOptVolumes:
|
||||
default: []
|
||||
description: list of optional volumes to be mounted
|
||||
type: comma_delimited_list
|
||||
NeutronApiOptEnvVars:
|
||||
default: []
|
||||
description: list of optional environment variables
|
||||
type: comma_delimited_list
|
||||
NeutronWorkers:
|
||||
default: ''
|
||||
description: |
|
||||
@ -123,6 +149,7 @@ conditions:
|
||||
neutron_workers_unset: {equals : [{get_param: NeutronWorkers}, '']}
|
||||
neutron_rpc_workers_unset: {equals : [{get_param: NeutronRpcWorkers}, '']}
|
||||
neutron_ovs_int_br_unset: {equals : [{get_param: NeutronOvsIntegrationBridge}, '']}
|
||||
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
|
||||
|
||||
resources:
|
||||
|
||||
@ -137,19 +164,30 @@ resources:
|
||||
RoleParameters: {get_param: RoleParameters}
|
||||
EnableInternalTLS: {get_param: EnableInternalTLS}
|
||||
|
||||
ContainersCommon:
|
||||
type: ../../docker/services/containers-common.yaml
|
||||
|
||||
MySQLClient:
|
||||
type: ../database/mysql-client.yaml
|
||||
|
||||
NeutronBase:
|
||||
type: ./neutron-base.yaml
|
||||
type: ../../puppet/services/neutron-base.yaml
|
||||
properties:
|
||||
EndpointMap: {get_param: EndpointMap}
|
||||
ServiceData: {get_param: ServiceData}
|
||||
ServiceNetMap: {get_param: ServiceNetMap}
|
||||
DefaultPasswords: {get_param: DefaultPasswords}
|
||||
EndpointMap: {get_param: EndpointMap}
|
||||
RoleName: {get_param: RoleName}
|
||||
RoleParameters: {get_param: RoleParameters}
|
||||
|
||||
NeutronLogging:
|
||||
type: OS::TripleO::Services::Logging::NeutronApi
|
||||
properties:
|
||||
NeutronServiceName: server
|
||||
|
||||
outputs:
|
||||
role_data:
|
||||
description: Role data for the Neutron Server agent service.
|
||||
description: Role data for the Neutron API role.
|
||||
value:
|
||||
service_name: neutron_api
|
||||
monitoring_subscription: {get_param: MonitoringSubscriptionNeutronServer}
|
||||
@ -157,6 +195,7 @@ outputs:
|
||||
map_merge:
|
||||
- get_attr: [NeutronBase, role_data, config_settings]
|
||||
- get_attr: [TLSProxyBase, role_data, config_settings]
|
||||
- get_attr: [NeutronLogging, config_settings]
|
||||
- neutron::server::database_connection:
|
||||
make_url:
|
||||
scheme: {get_param: [EndpointMap, MysqlInternal, protocol]}
|
||||
@ -241,8 +280,6 @@ outputs:
|
||||
- neutron_ovs_int_br_unset
|
||||
- {}
|
||||
- neutron::server::ovs_integration_bridge: {get_param: NeutronOvsIntegrationBridge}
|
||||
step_config: |
|
||||
include tripleo::profile::base::neutron::server
|
||||
service_config_settings:
|
||||
fluentd:
|
||||
tripleo_fluentd_groups_neutron_api:
|
||||
@ -264,6 +301,161 @@ outputs:
|
||||
neutron::db::mysql::allowed_hosts:
|
||||
- '%'
|
||||
- "%{hiera('mysql_bind_host')}"
|
||||
upgrade_tasks: []
|
||||
# BEGIN DOCKER SETTINGS
|
||||
puppet_config:
|
||||
config_volume: neutron
|
||||
puppet_tags: neutron_config,neutron_api_config
|
||||
step_config:
|
||||
list_join:
|
||||
- "\n"
|
||||
- - include tripleo::profile::base::neutron::server
|
||||
- {get_attr: [MySQLClient, role_data, step_config]}
|
||||
config_image: {get_param: DockerNeutronConfigImage}
|
||||
kolla_config:
|
||||
/var/lib/kolla/config_files/neutron_api.json:
|
||||
command:
|
||||
list_join:
|
||||
- ' '
|
||||
- - /usr/bin/neutron-server --config-file /usr/share/neutron/neutron-dist.conf --config-dir /usr/share/neutron/server --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini --config-dir /etc/neutron/conf.d/common --config-dir /etc/neutron/conf.d/neutron-server
|
||||
- get_attr: [NeutronLogging, cmd_extra_args]
|
||||
config_files:
|
||||
- source: "/var/lib/kolla/config_files/src/*"
|
||||
dest: "/"
|
||||
merge: true
|
||||
preserve_properties: true
|
||||
permissions:
|
||||
- path: /var/log/neutron
|
||||
owner: neutron:neutron
|
||||
recurse: true
|
||||
/var/lib/kolla/config_files/neutron_server_tls_proxy.json:
|
||||
command: /usr/sbin/httpd -DFOREGROUND
|
||||
config_files:
|
||||
- source: "/var/lib/kolla/config_files/src/*"
|
||||
dest: "/"
|
||||
merge: true
|
||||
preserve_properties: true
|
||||
- source: "/var/lib/kolla/config_files/src/etc/httpd/conf.d"
|
||||
dest: "/etc/httpd/conf.d"
|
||||
merge: false
|
||||
preserve_properties: true
|
||||
docker_config:
|
||||
step_2:
|
||||
get_attr: [NeutronLogging, docker_config, step_2]
|
||||
step_3:
|
||||
neutron_db_sync:
|
||||
image: &neutron_api_image {get_param: DockerNeutronApiImage}
|
||||
net: host
|
||||
privileged: false
|
||||
detach: false
|
||||
user: root
|
||||
volumes:
|
||||
list_concat:
|
||||
- {get_attr: [ContainersCommon, volumes]}
|
||||
- {get_attr: [NeutronLogging, volumes]}
|
||||
-
|
||||
- /var/lib/config-data/neutron/etc/my.cnf.d/tripleo.cnf:/etc/my.cnf.d/tripleo.cnf:ro
|
||||
- /var/lib/config-data/neutron/etc/neutron:/etc/neutron:ro
|
||||
command: ['/usr/bin/bootstrap_host_exec', 'neutron_api', 'neutron-db-manage', 'upgrade', 'heads']
|
||||
# FIXME: we should make config file permissions right
|
||||
# and run as neutron user
|
||||
#command: "/usr/bin/bootstrap_host_exec neutron_api su neutron -s /bin/bash -c 'neutron-db-manage upgrade heads'"
|
||||
step_4:
|
||||
map_merge:
|
||||
- neutron_api:
|
||||
start_order: 0
|
||||
image: *neutron_api_image
|
||||
net: host
|
||||
privileged: false
|
||||
restart: always
|
||||
healthcheck:
|
||||
test: /openstack/healthcheck
|
||||
volumes:
|
||||
list_concat:
|
||||
- {get_attr: [ContainersCommon, volumes]}
|
||||
- {get_attr: [NeutronLogging, volumes]}
|
||||
- {get_param: NeutronApiOptVolumes}
|
||||
-
|
||||
- /var/lib/kolla/config_files/neutron_api.json:/var/lib/kolla/config_files/config.json:ro
|
||||
- /var/lib/config-data/puppet-generated/neutron/:/var/lib/kolla/config_files/src:ro
|
||||
environment:
|
||||
list_concat:
|
||||
- {get_param: NeutronApiOptEnvVars}
|
||||
-
|
||||
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
|
||||
- if:
|
||||
- internal_tls_enabled
|
||||
- neutron_server_tls_proxy:
|
||||
image: *neutron_api_image
|
||||
net: host
|
||||
user: root
|
||||
restart: always
|
||||
volumes:
|
||||
list_concat:
|
||||
- {get_attr: [ContainersCommon, volumes]}
|
||||
-
|
||||
- /var/lib/kolla/config_files/neutron_server_tls_proxy.json:/var/lib/kolla/config_files/config.json:ro
|
||||
- /var/lib/config-data/puppet-generated/neutron/:/var/lib/kolla/config_files/src:ro
|
||||
- /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
|
||||
- /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
|
||||
environment:
|
||||
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
|
||||
- {}
|
||||
host_prep_tasks: {get_attr: [NeutronLogging, host_prep_tasks]}
|
||||
upgrade_tasks:
|
||||
- when: step|int == 3
|
||||
block:
|
||||
- name: Set fact for removal of openstack-neutron package
|
||||
set_fact:
|
||||
remove_neutron_package: {get_param: UpgradeRemoveUnusedPackages}
|
||||
- name: Remove openstack-neutron package if operator requests it
|
||||
package: name=openstack-neutron state=removed
|
||||
ignore_errors: True
|
||||
when: remove_neutron_package|bool
|
||||
metadata_settings:
|
||||
get_attr: [TLSProxyBase, role_data, metadata_settings]
|
||||
post_upgrade_tasks:
|
||||
- when: step|int == 1
|
||||
import_role:
|
||||
name: tripleo-docker-rm
|
||||
vars:
|
||||
containers_to_rm:
|
||||
with_items:
|
||||
list_concat:
|
||||
- - neutron_api
|
||||
- - if:
|
||||
- internal_tls_enabled
|
||||
- - neutron_server_tls_proxy
|
||||
- null
|
||||
fast_forward_upgrade_tasks:
|
||||
- when:
|
||||
- step|int == 0
|
||||
- release == 'ocata'
|
||||
block:
|
||||
- name: Check if neutron_server is deployed
|
||||
command: systemctl is-enabled --quiet neutron-server
|
||||
ignore_errors: True
|
||||
register: neutron_server_enabled_result
|
||||
- name: Set fact neutron_server_enabled
|
||||
set_fact:
|
||||
neutron_server_enabled: "{{ neutron_server_enabled_result.rc == 0 }}"
|
||||
- name: Stop neutron_server
|
||||
service: name=neutron-server state=stopped enabled=no
|
||||
when:
|
||||
- step|int == 1
|
||||
- release == 'ocata'
|
||||
- neutron_server_enabled|bool
|
||||
- when:
|
||||
- step|int == 6
|
||||
- is_bootstrap_node|bool
|
||||
block:
|
||||
- name: Neutron package update
|
||||
package:
|
||||
name: 'openstack-neutron*'
|
||||
state: latest
|
||||
- name: Neutron package update workaround
|
||||
package: name=python-networking-odl state=latest
|
||||
- name: Neutron db sync
|
||||
command: neutron-db-manage upgrade head
|
||||
when:
|
||||
- step|int == 8
|
||||
- is_bootstrap_node|bool
|
@ -68,6 +68,10 @@ parameters:
|
||||
default: {}
|
||||
description: Parameters specific to the role
|
||||
type: json
|
||||
RpcPort:
|
||||
default: 5672
|
||||
description: The network port for messaging backend
|
||||
type: number
|
||||
EnableInternalTLS:
|
||||
type: boolean
|
||||
default: false
|
||||
@ -76,6 +80,47 @@ parameters:
|
||||
type: string
|
||||
description: Specifies the default CA cert to use if TLS is used for
|
||||
services in the internal network.
|
||||
NeutronEnableMetadataNetwork:
|
||||
default: false
|
||||
description: If True, DHCP provide metadata network. Requires either
|
||||
IsolatedMetadata or ForceMetadata parameters to also be True.
|
||||
type: boolean
|
||||
NeutronEnableIsolatedMetadata:
|
||||
default: false
|
||||
description: If True, DHCP provide metadata route to VM.
|
||||
type: boolean
|
||||
NeutronEnableForceMetadata:
|
||||
default: false
|
||||
description: If True, DHCP always provides metadata route to VM.
|
||||
type: boolean
|
||||
NeutronEnableInternalDNS:
|
||||
default: false
|
||||
description: |
|
||||
If True, enable the internal Neutron DNS server that provides name
|
||||
resolution between VMs. This parameter has no effect if
|
||||
NeutronDhcpAgentDnsmasqDnsServers is set.
|
||||
type: boolean
|
||||
MonitoringSubscriptionNeutronDhcp:
|
||||
default: 'overcloud-neutron-dhcp'
|
||||
type: string
|
||||
NeutronDhcpAgentDebug:
|
||||
default: ''
|
||||
description: Set to True to enable debugging for Neutron DHCP agent.
|
||||
type: string
|
||||
constraints:
|
||||
- allowed_values: [ '', 'true', 'True', 'TRUE', 'false', 'False', 'FALSE']
|
||||
NeutronDhcpAgentDnsmasqDnsServers:
|
||||
default: []
|
||||
description: List of servers to use as dnsmasq forwarders
|
||||
type: comma_delimited_list
|
||||
NeutronInterfaceDriver:
|
||||
default: 'neutron.agent.linux.interface.OVSInterfaceDriver'
|
||||
description: Neutron DHCP Agent interface driver
|
||||
type: string
|
||||
NeutronDhcpOvsIntegrationBridge:
|
||||
default: ''
|
||||
type: string
|
||||
description: Name of Open vSwitch bridge to use
|
||||
|
||||
conditions:
|
||||
|
||||
@ -83,15 +128,17 @@ conditions:
|
||||
dnsmasq_wrapper_enabled: {equals: [{get_param: NeutronEnableDnsmasqDockerWrapper}, true]}
|
||||
haproxy_wrapper_enabled: {equals: [{get_param: NeutronEnableHaproxyDockerWrapper}, true]}
|
||||
docker_enabled: {equals: [{get_param: ContainerCli}, 'docker']}
|
||||
service_debug_unset: {equals : [{get_param: NeutronWrapperDebug}, false]}
|
||||
service_wrapper_debug_unset: {equals : [{get_param: NeutronWrapperDebug}, false]}
|
||||
service_debug_unset: {equals: [{get_param: NeutronDhcpAgentDebug}, '']}
|
||||
dhcp_ovs_intergation_bridge_unset: {equals: [{get_param: NeutronDhcpOvsIntegrationBridge}, '']}
|
||||
|
||||
resources:
|
||||
|
||||
ContainersCommon:
|
||||
type: ./containers-common.yaml
|
||||
type: ../../docker/services/containers-common.yaml
|
||||
|
||||
NeutronBase:
|
||||
type: ../../puppet/services/neutron-dhcp.yaml
|
||||
type: ../../puppet/services/neutron-base.yaml
|
||||
properties:
|
||||
EndpointMap: {get_param: EndpointMap}
|
||||
ServiceData: {get_param: ServiceData}
|
||||
@ -109,7 +156,8 @@ outputs:
|
||||
role_data:
|
||||
description: Role data for the Neutron DHCP role.
|
||||
value:
|
||||
service_name: {get_attr: [NeutronBase, role_data, service_name]}
|
||||
service_name: neutron_dhcp
|
||||
monitoring_subscription: {get_param: MonitoringSubscriptionNeutronDhcp}
|
||||
config_settings:
|
||||
map_merge:
|
||||
- get_attr: [NeutronBase, role_data, config_settings]
|
||||
@ -126,10 +174,39 @@ outputs:
|
||||
tripleo::profile::base::neutron::dhcp_agent_wrappers::haproxy_image: {get_param: DockerNeutronDHCPImage}
|
||||
tripleo::profile::base::neutron::dhcp_agent_wrappers::debug:
|
||||
if:
|
||||
- service_debug_unset
|
||||
- service_wrapper_debug_unset
|
||||
- {get_param: Debug }
|
||||
- {get_param: NeutronWrapperDebug}
|
||||
tripleo::profile::base::neutron::container_cli: {get_param: ContainerCli}
|
||||
neutron::agents::dhcp::enable_isolated_metadata: {get_param: NeutronEnableIsolatedMetadata}
|
||||
neutron::agents::dhcp::enable_force_metadata: {get_param: NeutronEnableForceMetadata}
|
||||
neutron::agents::dhcp::enable_metadata_network: {get_param: NeutronEnableMetadataNetwork}
|
||||
neutron::agents::dhcp::dnsmasq_local_resolv: {get_param: NeutronEnableInternalDNS}
|
||||
neutron::agents::dhcp::dnsmasq_dns_servers: {get_param: NeutronDhcpAgentDnsmasqDnsServers}
|
||||
neutron::agents::dhcp::interface_driver: {get_param: NeutronInterfaceDriver}
|
||||
neutron::agents::dhcp::debug:
|
||||
if:
|
||||
- service_debug_unset
|
||||
- {get_param: Debug}
|
||||
- {get_param: NeutronDhcpAgentDebug}
|
||||
tripleo::neutron_dhcp::firewall_rules:
|
||||
'115 neutron dhcp input':
|
||||
proto: 'udp'
|
||||
dport: 67
|
||||
'116 neutron dhcp output':
|
||||
proto: 'udp'
|
||||
chain: 'OUTPUT'
|
||||
dport: 68
|
||||
- if:
|
||||
- internal_tls_enabled
|
||||
- neutron::agents::dhcp::ovsdb_agent_ssl_key_file: '/etc/pki/tls/private/neutron.key'
|
||||
neutron::agents::dhcp::ovsdb_agent_ssl_cert_file: '/etc/pki/tls/certs/neutron.crt'
|
||||
neutron::agents::dhcp::ovsdb_agent_ssl_ca_file: {get_param: InternalTLSCAFile}
|
||||
- {}
|
||||
- if:
|
||||
- dhcp_ovs_intergation_bridge_unset
|
||||
- {}
|
||||
- neutron::agents::dhcp::ovs_integration_bridge: {get_param: NeutronDhcpOvsIntegrationBridge}
|
||||
service_config_settings:
|
||||
map_merge:
|
||||
- get_attr: [NeutronBase, role_data, service_config_settings]
|
||||
@ -142,8 +219,8 @@ outputs:
|
||||
puppet_config:
|
||||
config_volume: neutron
|
||||
puppet_tags: neutron_config,neutron_dhcp_agent_config
|
||||
step_config:
|
||||
get_attr: [NeutronBase, role_data, step_config]
|
||||
step_config: |
|
||||
include tripleo::profile::base::neutron::dhcp
|
||||
config_image: {get_param: DockerNeutronConfigImage}
|
||||
kolla_config:
|
||||
/var/lib/kolla/config_files/neutron_dhcp.json:
|
||||
@ -213,7 +290,7 @@ outputs:
|
||||
- yaql:
|
||||
expression: str($.data.port)
|
||||
data:
|
||||
port: {get_attr: [NeutronBase, role_data, config_settings, 'neutron::rabbit_port']}
|
||||
port: {get_param: RpcPort}
|
||||
ulimit: {get_param: DockerNeutronDHCPAgentUlimit}
|
||||
volumes:
|
||||
list_concat:
|
@ -80,6 +80,45 @@ parameters:
|
||||
description: Mapping of service endpoint -> protocol. Typically set
|
||||
via parameter_defaults in the resource registry.
|
||||
type: json
|
||||
RpcPort:
|
||||
default: 5672
|
||||
description: The network port for messaging backend
|
||||
type: number
|
||||
NeutronL3AgentMode:
|
||||
description: |
|
||||
Agent mode for L3 agent. Must be one of legacy or dvr_snat.
|
||||
default: 'legacy'
|
||||
type: string
|
||||
constraints:
|
||||
- allowed_values:
|
||||
- legacy
|
||||
- dvr_snat
|
||||
- dvr
|
||||
tags:
|
||||
- role_specific
|
||||
MonitoringSubscriptionNeutronL3:
|
||||
default: 'overcloud-neutron-l3-agent'
|
||||
type: string
|
||||
NeutronL3AgentDebug:
|
||||
default: ''
|
||||
description: Set to True to enable debugging for Neutron L3 agent.
|
||||
type: string
|
||||
constraints:
|
||||
- allowed_values: [ '', 'true', 'True', 'TRUE', 'false', 'False', 'FALSE']
|
||||
NeutronL3AgentLoggingSource:
|
||||
type: json
|
||||
default:
|
||||
tag: openstack.neutron.agent.l3
|
||||
path: /var/log/neutron/l3-agent.log
|
||||
|
||||
# DEPRECATED: the following options are deprecated and are currently maintained
|
||||
# for backwards compatibility. They will be removed in the Pike cycle.
|
||||
NeutronExternalNetworkBridge:
|
||||
description: Name of bridge used for external network traffic. Usually L2
|
||||
agent handles port wiring into external bridge, and hence the
|
||||
parameter should be unset.
|
||||
type: string
|
||||
default: ''
|
||||
|
||||
conditions:
|
||||
keepalived_wrapper_enabled: {equals: [{get_param: NeutronEnableKeepalivedWrapper}, true]}
|
||||
@ -88,14 +127,15 @@ conditions:
|
||||
radvd_wrapper_enabled: {equals: [{get_param: NeutronEnableRadvdDockerWrapper}, true]}
|
||||
docker_enabled: {equals: [{get_param: ContainerCli}, 'docker']}
|
||||
service_debug_unset: {equals : [{get_param: NeutronWrapperDebug}, false]}
|
||||
external_network_bridge_empty: {equals : [{get_param: NeutronExternalNetworkBridge}, "''"]}
|
||||
|
||||
resources:
|
||||
|
||||
ContainersCommon:
|
||||
type: ./containers-common.yaml
|
||||
type: ../../docker/services/containers-common.yaml
|
||||
|
||||
NeutronL3Base:
|
||||
type: ../../puppet/services/neutron-l3.yaml
|
||||
NeutronBase:
|
||||
type: ../../puppet/services/neutron-base.yaml
|
||||
properties:
|
||||
EndpointMap: {get_param: EndpointMap}
|
||||
ServiceData: {get_param: ServiceData}
|
||||
@ -104,6 +144,20 @@ resources:
|
||||
RoleName: {get_param: RoleName}
|
||||
RoleParameters: {get_param: RoleParameters}
|
||||
|
||||
# Merging role-specific parameters (RoleParameters) with the default parameters.
|
||||
# RoleParameters will have the precedence over the default parameters.
|
||||
RoleParametersValue:
|
||||
type: OS::Heat::Value
|
||||
properties:
|
||||
type: json
|
||||
value:
|
||||
map_replace:
|
||||
- map_replace:
|
||||
- neutron::agents::l3::agent_mode: NeutronL3AgentMode
|
||||
- values: {get_param: [RoleParameters]}
|
||||
- values:
|
||||
NeutronL3AgentMode: {get_param: NeutronL3AgentMode}
|
||||
|
||||
NeutronLogging:
|
||||
type: OS::TripleO::Services::Logging::NeutronCommon
|
||||
properties:
|
||||
@ -113,10 +167,12 @@ outputs:
|
||||
role_data:
|
||||
description: Role data for Neutron L3 agent
|
||||
value:
|
||||
service_name: {get_attr: [NeutronL3Base, role_data, service_name]}
|
||||
service_name: neutron_l3
|
||||
monitoring_subscription: {get_param: MonitoringSubscriptionNeutronL3}
|
||||
config_settings:
|
||||
map_merge:
|
||||
- get_attr: [NeutronL3Base, role_data, config_settings]
|
||||
- get_attr: [NeutronBase, role_data, config_settings]
|
||||
- get_attr: [RoleParametersValue, value]
|
||||
- get_attr: [NeutronLogging, config_settings]
|
||||
- tripleo::profile::base::neutron::l3_agent_wrappers::enable_keepalived_wrapper: {get_param: NeutronEnableKeepalivedWrapper}
|
||||
tripleo::profile::base::neutron::l3_agent_wrappers::keepalived_process_wrapper: '/var/lib/neutron/keepalived_wrapper'
|
||||
@ -138,10 +194,22 @@ outputs:
|
||||
- {get_param: Debug }
|
||||
- {get_param: NeutronWrapperDebug}
|
||||
tripleo::profile::base::neutron::container_cli: {get_param: ContainerCli}
|
||||
|
||||
- neutron::agents::l3::debug:
|
||||
if:
|
||||
- service_debug_unset
|
||||
- {get_param: Debug}
|
||||
- {get_param: NeutronL3AgentDebug}
|
||||
tripleo::neutron_l3::firewall_rules:
|
||||
'106 neutron_l3 vrrp':
|
||||
proto: vrrp
|
||||
-
|
||||
if:
|
||||
- external_network_bridge_empty
|
||||
- {}
|
||||
- neutron::agents::l3::external_network_bridge: {get_param: NeutronExternalNetworkBridge}
|
||||
service_config_settings:
|
||||
map_merge:
|
||||
- get_attr: [NeutronL3Base, role_data, service_config_settings]
|
||||
- get_attr: [NeutronBase, role_data, service_config_settings]
|
||||
- fluentd:
|
||||
tripleo_fluentd_groups_neutron_l3:
|
||||
- neutron
|
||||
@ -150,8 +218,8 @@ outputs:
|
||||
puppet_config:
|
||||
puppet_tags: neutron_config,neutron_l3_agent_config
|
||||
config_volume: neutron
|
||||
step_config:
|
||||
get_attr: [NeutronL3Base, role_data, step_config]
|
||||
step_config: |
|
||||
include tripleo::profile::base::neutron::l3
|
||||
config_image: {get_param: DockerNeutronConfigImage}
|
||||
kolla_config:
|
||||
/var/lib/kolla/config_files/neutron_l3_agent.json:
|
||||
@ -211,7 +279,7 @@ outputs:
|
||||
- yaql:
|
||||
expression: str($.data.port)
|
||||
data:
|
||||
port: {get_attr: [NeutronL3Base, role_data, config_settings, 'neutron::rabbit_port']}
|
||||
port: {get_param: RpcPort}
|
||||
ulimit: {get_param: DockerNeutronL3AgentUlimit}
|
||||
volumes:
|
||||
list_concat:
|
||||
@ -252,7 +320,7 @@ outputs:
|
||||
environment:
|
||||
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
|
||||
metadata_settings:
|
||||
get_attr: [NeutronL3Base, role_data, metadata_settings]
|
||||
get_attr: [NeutronBase, role_data, metadata_settings]
|
||||
host_prep_tasks:
|
||||
list_concat:
|
||||
- {get_attr: [NeutronLogging, host_prep_tasks]}
|
@ -1,261 +0,0 @@
|
||||
heat_template_version: rocky
|
||||
|
||||
description: >
|
||||
OpenStack containerized Neutron API service
|
||||
|
||||
parameters:
|
||||
DockerNeutronApiImage:
|
||||
description: image
|
||||
type: string
|
||||
DockerNeutronConfigImage:
|
||||
description: The container image to use for the neutron config_volume
|
||||
type: string
|
||||
NeutronApiLoggingSource:
|
||||
type: json
|
||||
default:
|
||||
tag: openstack.neutron.api
|
||||
path: /var/log/containers/neutron/server.log
|
||||
EndpointMap:
|
||||
default: {}
|
||||
description: Mapping of service endpoint -> protocol. Typically set
|
||||
via parameter_defaults in the resource registry.
|
||||
type: json
|
||||
ServiceData:
|
||||
default: {}
|
||||
description: Dictionary packing service data
|
||||
type: json
|
||||
ServiceNetMap:
|
||||
default: {}
|
||||
description: Mapping of service_name -> network name. Typically set
|
||||
via parameter_defaults in the resource registry. This
|
||||
mapping overrides those in ServiceNetMapDefaults.
|
||||
type: json
|
||||
DefaultPasswords:
|
||||
default: {}
|
||||
type: json
|
||||
RoleName:
|
||||
default: ''
|
||||
description: Role name on which the service is applied
|
||||
type: string
|
||||
RoleParameters:
|
||||
default: {}
|
||||
description: Parameters specific to the role
|
||||
type: json
|
||||
EnableInternalTLS:
|
||||
type: boolean
|
||||
default: false
|
||||
UpgradeRemoveUnusedPackages:
|
||||
default: false
|
||||
description: Remove package if the service is being disabled during upgrade
|
||||
type: boolean
|
||||
NeutronApiOptVolumes:
|
||||
default: []
|
||||
description: list of optional volumes to be mounted
|
||||
type: comma_delimited_list
|
||||
NeutronApiOptEnvVars:
|
||||
default: []
|
||||
description: list of optional environment variables
|
||||
type: comma_delimited_list
|
||||
|
||||
conditions:
|
||||
|
||||
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
|
||||
|
||||
resources:
|
||||
|
||||
ContainersCommon:
|
||||
type: ./containers-common.yaml
|
||||
|
||||
MySQLClient:
|
||||
type: ../../deployment/database/mysql-client.yaml
|
||||
|
||||
NeutronBase:
|
||||
type: ../../puppet/services/neutron-api.yaml
|
||||
properties:
|
||||
EndpointMap: {get_param: EndpointMap}
|
||||
ServiceData: {get_param: ServiceData}
|
||||
ServiceNetMap: {get_param: ServiceNetMap}
|
||||
DefaultPasswords: {get_param: DefaultPasswords}
|
||||
RoleName: {get_param: RoleName}
|
||||
RoleParameters: {get_param: RoleParameters}
|
||||
|
||||
NeutronLogging:
|
||||
type: OS::TripleO::Services::Logging::NeutronApi
|
||||
properties:
|
||||
NeutronServiceName: server
|
||||
|
||||
outputs:
|
||||
role_data:
|
||||
description: Role data for the Neutron API role.
|
||||
value:
|
||||
service_name: {get_attr: [NeutronBase, role_data, service_name]}
|
||||
config_settings:
|
||||
map_merge:
|
||||
- get_attr: [NeutronBase, role_data, config_settings]
|
||||
- get_attr: [NeutronLogging, config_settings]
|
||||
service_config_settings:
|
||||
map_merge:
|
||||
- get_attr: [NeutronBase, role_data, service_config_settings]
|
||||
- fluentd:
|
||||
tripleo_fluentd_groups_neutron_api:
|
||||
- neutron
|
||||
tripleo_fluentd_sources_neutron_api:
|
||||
- {get_param: NeutronApiLoggingSource}
|
||||
# BEGIN DOCKER SETTINGS
|
||||
puppet_config:
|
||||
config_volume: neutron
|
||||
puppet_tags: neutron_config,neutron_api_config
|
||||
step_config:
|
||||
list_join:
|
||||
- "\n"
|
||||
- - {get_attr: [NeutronBase, role_data, step_config]}
|
||||
- {get_attr: [MySQLClient, role_data, step_config]}
|
||||
config_image: {get_param: DockerNeutronConfigImage}
|
||||
kolla_config:
|
||||
/var/lib/kolla/config_files/neutron_api.json:
|
||||
command:
|
||||
list_join:
|
||||
- ' '
|
||||
- - /usr/bin/neutron-server --config-file /usr/share/neutron/neutron-dist.conf --config-dir /usr/share/neutron/server --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini --config-dir /etc/neutron/conf.d/common --config-dir /etc/neutron/conf.d/neutron-server
|
||||
- get_attr: [NeutronLogging, cmd_extra_args]
|
||||
config_files:
|
||||
- source: "/var/lib/kolla/config_files/src/*"
|
||||
dest: "/"
|
||||
merge: true
|
||||
preserve_properties: true
|
||||
permissions:
|
||||
- path: /var/log/neutron
|
||||
owner: neutron:neutron
|
||||
recurse: true
|
||||
/var/lib/kolla/config_files/neutron_server_tls_proxy.json:
|
||||
command: /usr/sbin/httpd -DFOREGROUND
|
||||
config_files:
|
||||
- source: "/var/lib/kolla/config_files/src/etc/httpd/conf.d"
|
||||
dest: "/etc/httpd/conf.d"
|
||||
merge: false
|
||||
preserve_properties: true
|
||||
- source: "/var/lib/kolla/config_files/src/*"
|
||||
dest: "/"
|
||||
merge: true
|
||||
preserve_properties: true
|
||||
docker_config:
|
||||
step_2:
|
||||
get_attr: [NeutronLogging, docker_config, step_2]
|
||||
step_3:
|
||||
neutron_db_sync:
|
||||
image: &neutron_api_image {get_param: DockerNeutronApiImage}
|
||||
net: host
|
||||
privileged: false
|
||||
detach: false
|
||||
user: root
|
||||
volumes:
|
||||
list_concat:
|
||||
- {get_attr: [ContainersCommon, volumes]}
|
||||
- {get_attr: [NeutronLogging, volumes]}
|
||||
-
|
||||
- /var/lib/config-data/neutron/etc/my.cnf.d/tripleo.cnf:/etc/my.cnf.d/tripleo.cnf:ro
|
||||
- /var/lib/config-data/neutron/etc/neutron:/etc/neutron:ro
|
||||
command: ['/usr/bin/bootstrap_host_exec', 'neutron_api', 'neutron-db-manage', 'upgrade', 'heads']
|
||||
# FIXME: we should make config file permissions right
|
||||
# and run as neutron user
|
||||
#command: "/usr/bin/bootstrap_host_exec neutron_api su neutron -s /bin/bash -c 'neutron-db-manage upgrade heads'"
|
||||
step_4:
|
||||
map_merge:
|
||||
- neutron_api:
|
||||
start_order: 0
|
||||
image: *neutron_api_image
|
||||
net: host
|
||||
privileged: false
|
||||
restart: always
|
||||
healthcheck:
|
||||
test: /openstack/healthcheck
|
||||
volumes:
|
||||
list_concat:
|
||||
- {get_attr: [ContainersCommon, volumes]}
|
||||
- {get_attr: [NeutronLogging, volumes]}
|
||||
- {get_param: NeutronApiOptVolumes}
|
||||
-
|
||||
- /var/lib/kolla/config_files/neutron_api.json:/var/lib/kolla/config_files/config.json:ro
|
||||
- /var/lib/config-data/puppet-generated/neutron/:/var/lib/kolla/config_files/src:ro
|
||||
environment:
|
||||
list_concat:
|
||||
- {get_param: NeutronApiOptEnvVars}
|
||||
-
|
||||
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
|
||||
- if:
|
||||
- internal_tls_enabled
|
||||
- neutron_server_tls_proxy:
|
||||
image: *neutron_api_image
|
||||
net: host
|
||||
user: root
|
||||
restart: always
|
||||
volumes:
|
||||
list_concat:
|
||||
- {get_attr: [ContainersCommon, volumes]}
|
||||
-
|
||||
- /var/lib/kolla/config_files/neutron_server_tls_proxy.json:/var/lib/kolla/config_files/config.json:ro
|
||||
- /var/lib/config-data/puppet-generated/neutron/:/var/lib/kolla/config_files/src:ro
|
||||
- /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
|
||||
- /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
|
||||
environment:
|
||||
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
|
||||
- {}
|
||||
host_prep_tasks: {get_attr: [NeutronLogging, host_prep_tasks]}
|
||||
upgrade_tasks:
|
||||
- when: step|int == 3
|
||||
block:
|
||||
- name: Set fact for removal of openstack-neutron package
|
||||
set_fact:
|
||||
remove_neutron_package: {get_param: UpgradeRemoveUnusedPackages}
|
||||
- name: Remove openstack-neutron package if operator requests it
|
||||
package: name=openstack-neutron state=removed
|
||||
ignore_errors: True
|
||||
when: remove_neutron_package|bool
|
||||
metadata_settings:
|
||||
get_attr: [NeutronBase, role_data, metadata_settings]
|
||||
post_upgrade_tasks:
|
||||
- when: step|int == 1
|
||||
import_role:
|
||||
name: tripleo-docker-rm
|
||||
vars:
|
||||
containers_to_rm:
|
||||
with_items:
|
||||
list_concat:
|
||||
- - neutron_api
|
||||
- - if:
|
||||
- internal_tls_enabled
|
||||
- - neutron_server_tls_proxy
|
||||
- null
|
||||
fast_forward_upgrade_tasks:
|
||||
- when:
|
||||
- step|int == 0
|
||||
- release == 'ocata'
|
||||
block:
|
||||
- name: Check if neutron_server is deployed
|
||||
command: systemctl is-enabled --quiet neutron-server
|
||||
ignore_errors: True
|
||||
register: neutron_server_enabled_result
|
||||
- name: Set fact neutron_server_enabled
|
||||
set_fact:
|
||||
neutron_server_enabled: "{{ neutron_server_enabled_result.rc == 0 }}"
|
||||
- name: Stop neutron_server
|
||||
service: name=neutron-server state=stopped enabled=no
|
||||
when:
|
||||
- step|int == 1
|
||||
- release == 'ocata'
|
||||
- neutron_server_enabled|bool
|
||||
- when:
|
||||
- step|int == 6
|
||||
- is_bootstrap_node|bool
|
||||
block:
|
||||
- name: Neutron package update
|
||||
package:
|
||||
name: 'openstack-neutron*'
|
||||
state: latest
|
||||
- name: Neutron package update workaround
|
||||
package: name=python-networking-odl state=latest
|
||||
- name: Neutron db sync
|
||||
command: neutron-db-manage upgrade head
|
||||
when:
|
||||
- step|int == 8
|
||||
- is_bootstrap_node|bool
|
@ -30,13 +30,13 @@ resource_registry:
|
||||
OS::TripleO::Services::Memcached: ../deployment/memcached/memcached-container-puppet.yaml
|
||||
OS::TripleO::Services::Multipathd: OS::Heat::None
|
||||
OS::TripleO::Services::MySQL: ../puppet/services/database/mysql.yaml
|
||||
OS::TripleO::Services::NeutronApi: ../puppet/services/neutron-api.yaml
|
||||
OS::TripleO::Services::NeutronApi: ../deployment/neutron/neutron-api-container-puppet.yaml
|
||||
OS::TripleO::Services::NeutronCorePlugin: ../puppet/services/neutron-plugin-ml2.yaml
|
||||
OS::TripleO::Services::NeutronDhcpAgent: ../puppet/services/neutron-dhcp.yaml
|
||||
OS::TripleO::Services::NeutronL3Agent: ../puppet/services/neutron-l3.yaml
|
||||
OS::TripleO::Services::NeutronDhcpAgent: ../deployment/neutron/neutron-dhcp-container-puppet.yaml
|
||||
OS::TripleO::Services::NeutronL3Agent: ../deployment/neutron/neutron-l3-container-puppet.yaml
|
||||
OS::TripleO::Services::NeutronMetadataAgent: ../puppet/services/neutron-metadata.yaml
|
||||
OS::TripleO::Services::NeutronOvsAgent: ../puppet/services/neutron-ovs-agent.yaml
|
||||
OS::TripleO::Services::NeutronServer: ../puppet/services/neutron-api.yaml
|
||||
OS::TripleO::Services::NeutronServer: ../deployment/neutron/neutron-api-container-puppet.yaml
|
||||
OS::TripleO::Services::NovaApi: ../puppet/services/nova-api.yaml
|
||||
OS::TripleO::Services::NovaCompute: ../puppet/services/nova-compute.yaml
|
||||
OS::TripleO::Services::NovaConductor: ../puppet/services/nova-conductor.yaml
|
||||
|
@ -16,10 +16,10 @@ resource_registry:
|
||||
OS::TripleO::Services::MistralEngine: ../deployment/mistral/mistral-engine-container-puppet.yaml
|
||||
OS::TripleO::Services::MistralExecutor: ../deployment/mistral/mistral-executor-container-puppet.yaml
|
||||
OS::TripleO::Services::MySQL: ../docker/services/database/mysql.yaml
|
||||
OS::TripleO::Services::NeutronApi: ../docker/services/neutron-api.yaml
|
||||
OS::TripleO::Services::NeutronApi: ../deployment/neutron/neutron-api-container-puppet.yaml
|
||||
OS::TripleO::Services::NeutronCorePlugin: ../docker/services/neutron-plugin-ml2.yaml
|
||||
OS::TripleO::Services::NeutronDhcpAgent: ../docker/services/neutron-dhcp.yaml
|
||||
OS::TripleO::Services::NeutronServer: ../docker/services/neutron-api.yaml
|
||||
OS::TripleO::Services::NeutronDhcpAgent: ../deployment/neutron/neutron-dhcp-container-puppet.yaml
|
||||
OS::TripleO::Services::NeutronServer: ../deployment/neutron/neutron-api-container-puppet.yaml
|
||||
OS::TripleO::Services::OsloMessagingRpc: ../docker/services/messaging/rpc-rabbitmq.yaml
|
||||
OS::TripleO::Services::OsloMessagingNotify: ../docker/services/messaging/notify-rabbitmq-shared.yaml
|
||||
OS::TripleO::Services::SwiftProxy: ../docker/services/swift-proxy.yaml
|
||||
|
@ -2,7 +2,7 @@
|
||||
# This works by configuring L3 and Metadata agents on the
|
||||
# compute nodes.
|
||||
resource_registry:
|
||||
OS::TripleO::Services::ComputeNeutronL3Agent: ../docker/services/neutron-l3.yaml
|
||||
OS::TripleO::Services::ComputeNeutronL3Agent: ../deployment/neutron/neutron-l3-container-puppet.yaml
|
||||
OS::TripleO::Services::ComputeNeutronMetadataAgent: ../docker/services/neutron-metadata.yaml
|
||||
|
||||
# With using default template values, the Compute nodes also need the br-ex
|
||||
|
@ -9,7 +9,7 @@
|
||||
resource_registry:
|
||||
OS::TripleO::Services::NeutronSriovAgent: ../../docker/services/neutron-sriov-agent.yaml
|
||||
OS::TripleO::Services::NeutronSriovHostConfig: ../../puppet/services/neutron-sriov-host-config.yaml
|
||||
OS::TripleO::Services::NeutronDhcpAgent: ../../docker/services/neutron-dhcp.yaml
|
||||
OS::TripleO::Services::NeutronDhcpAgent: ../../deployment/neutron/neutron-dhcp-container-puppet.yaml
|
||||
|
||||
parameter_defaults:
|
||||
NeutronMechanismDrivers: ['sriovnicswitch','ovn']
|
||||
|
@ -3,7 +3,7 @@
|
||||
# tripleo network templates so some customization is likely required for
|
||||
# production deployments.
|
||||
resource_registry:
|
||||
OS::TripleO::Services::ComputeNeutronL3Agent: ../../docker/services/neutron-l3.yaml
|
||||
OS::TripleO::Services::ComputeNeutronL3Agent: ../../deployment/neutron/neutron-l3-container-puppet.yaml
|
||||
OS::TripleO::Services::ComputeNeutronMetadataAgent: ../../docker/services/neutron-metadata.yaml
|
||||
OS::TripleO::ComputeDVR::Net::SoftwareConfig: ../../net-config-bridge.yaml
|
||||
|
||||
|
@ -134,9 +134,9 @@ resource_registry:
|
||||
OS::TripleO::Services::NeutronBgpVpnApi: OS::Heat::None
|
||||
OS::TripleO::Services::NeutronBgpVpnBagpipe: OS::Heat::None
|
||||
OS::TripleO::Services::NeutronSfcApi: OS::Heat::None
|
||||
OS::TripleO::Services::NeutronDhcpAgent: docker/services/neutron-dhcp.yaml
|
||||
OS::TripleO::Services::NeutronDhcpAgent: deployment/neutron/neutron-dhcp-container-puppet.yaml
|
||||
OS::TripleO::Services::NeutronL2gwApi: OS::Heat::None
|
||||
OS::TripleO::Services::NeutronL3Agent: docker/services/neutron-l3.yaml
|
||||
OS::TripleO::Services::NeutronL3Agent: deployment/neutron/neutron-l3-container-puppet.yaml
|
||||
OS::TripleO::Services::NeutronL2gwAgent: OS::Heat::None
|
||||
OS::TripleO::Services::NeutronLbaasv2Agent: OS::Heat::None
|
||||
OS::TripleO::Services::NeutronLbaasv2Api: OS::Heat::None
|
||||
@ -144,8 +144,8 @@ resource_registry:
|
||||
OS::TripleO::Services::OVNMetadataAgent: OS::Heat::None
|
||||
# FIXME(shardy) the duplicate NeutronServer line can be removed when we've updated
|
||||
# the multinode job ControllerServices after this patch merges
|
||||
OS::TripleO::Services::NeutronServer: docker/services/neutron-api.yaml
|
||||
OS::TripleO::Services::NeutronApi: docker/services/neutron-api.yaml
|
||||
OS::TripleO::Services::NeutronServer: deployment/neutron/neutron-api-container-puppet.yaml
|
||||
OS::TripleO::Services::NeutronApi: deployment/neutron/neutron-api-container-puppet.yaml
|
||||
OS::TripleO::Services::NeutronCorePlugin: docker/services/neutron-plugin-ml2.yaml
|
||||
# can be the same as NeutronCorePlugin but some vendors install different
|
||||
# things where VMs run
|
||||
|
@ -1,157 +0,0 @@
|
||||
heat_template_version: rocky
|
||||
|
||||
description: >
|
||||
OpenStack Neutron DHCP agent configured with Puppet
|
||||
|
||||
parameters:
|
||||
ServiceData:
|
||||
default: {}
|
||||
description: Dictionary packing service data
|
||||
type: json
|
||||
ServiceNetMap:
|
||||
default: {}
|
||||
description: Mapping of service_name -> network name. Typically set
|
||||
via parameter_defaults in the resource registry. This
|
||||
mapping overrides those in ServiceNetMapDefaults.
|
||||
type: json
|
||||
Debug:
|
||||
type: boolean
|
||||
default: false
|
||||
description: Set to True to enable debugging on all services.
|
||||
DefaultPasswords:
|
||||
default: {}
|
||||
type: json
|
||||
RoleName:
|
||||
default: ''
|
||||
description: Role name on which the service is applied
|
||||
type: string
|
||||
RoleParameters:
|
||||
default: {}
|
||||
description: Parameters specific to the role
|
||||
type: json
|
||||
EndpointMap:
|
||||
default: {}
|
||||
description: Mapping of service endpoint -> protocol. Typically set
|
||||
via parameter_defaults in the resource registry.
|
||||
type: json
|
||||
NeutronEnableMetadataNetwork:
|
||||
default: false
|
||||
description: If True, DHCP provide metadata network. Requires either
|
||||
IsolatedMetadata or ForceMetadata parameters to also be True.
|
||||
type: boolean
|
||||
NeutronEnableIsolatedMetadata:
|
||||
default: false
|
||||
description: If True, DHCP provide metadata route to VM.
|
||||
type: boolean
|
||||
NeutronEnableForceMetadata:
|
||||
default: false
|
||||
description: If True, DHCP always provides metadata route to VM.
|
||||
type: boolean
|
||||
NeutronEnableInternalDNS:
|
||||
default: false
|
||||
description: |
|
||||
If True, enable the internal Neutron DNS server that provides name
|
||||
resolution between VMs. This parameter has no effect if
|
||||
NeutronDhcpAgentDnsmasqDnsServers is set.
|
||||
type: boolean
|
||||
MonitoringSubscriptionNeutronDhcp:
|
||||
default: 'overcloud-neutron-dhcp'
|
||||
type: string
|
||||
NeutronDhcpAgentDebug:
|
||||
default: ''
|
||||
description: Set to True to enable debugging for Neutron DHCP agent.
|
||||
type: string
|
||||
constraints:
|
||||
- allowed_values: [ '', 'true', 'True', 'TRUE', 'false', 'False', 'FALSE']
|
||||
NeutronDhcpAgentLoggingSource:
|
||||
type: json
|
||||
default:
|
||||
tag: openstack.neutron.agent.dhcp
|
||||
path: /var/log/neutron/dhcp-agent.log
|
||||
NeutronDhcpAgentDnsmasqDnsServers:
|
||||
default: []
|
||||
description: List of servers to use as dnsmasq forwarders
|
||||
type: comma_delimited_list
|
||||
NeutronInterfaceDriver:
|
||||
default: 'neutron.agent.linux.interface.OVSInterfaceDriver'
|
||||
description: Neutron DHCP Agent interface driver
|
||||
type: string
|
||||
EnableInternalTLS:
|
||||
type: boolean
|
||||
default: false
|
||||
InternalTLSCAFile:
|
||||
default: '/etc/ipa/ca.crt'
|
||||
type: string
|
||||
description: Specifies the default CA cert to use if TLS is used for
|
||||
services in the internal network.
|
||||
NeutronDhcpOvsIntegrationBridge:
|
||||
default: ''
|
||||
type: string
|
||||
description: Name of Open vSwitch bridge to use
|
||||
|
||||
conditions:
|
||||
service_debug_unset: {equals: [{get_param: NeutronDhcpAgentDebug}, '']}
|
||||
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
|
||||
dhcp_ovs_intergation_bridge_unset: {equals: [{get_param: NeutronDhcpOvsIntegrationBridge}, '']}
|
||||
|
||||
resources:
|
||||
|
||||
NeutronBase:
|
||||
type: ./neutron-base.yaml
|
||||
properties:
|
||||
ServiceData: {get_param: ServiceData}
|
||||
ServiceNetMap: {get_param: ServiceNetMap}
|
||||
DefaultPasswords: {get_param: DefaultPasswords}
|
||||
EndpointMap: {get_param: EndpointMap}
|
||||
RoleName: {get_param: RoleName}
|
||||
RoleParameters: {get_param: RoleParameters}
|
||||
|
||||
outputs:
|
||||
role_data:
|
||||
description: Role data for the Neutron DHCP agent service.
|
||||
value:
|
||||
service_name: neutron_dhcp
|
||||
monitoring_subscription: {get_param: MonitoringSubscriptionNeutronDhcp}
|
||||
config_settings:
|
||||
map_merge:
|
||||
- get_attr: [NeutronBase, role_data, config_settings]
|
||||
- neutron::agents::dhcp::enable_isolated_metadata: {get_param: NeutronEnableIsolatedMetadata}
|
||||
neutron::agents::dhcp::enable_force_metadata: {get_param: NeutronEnableForceMetadata}
|
||||
neutron::agents::dhcp::enable_metadata_network: {get_param: NeutronEnableMetadataNetwork}
|
||||
neutron::agents::dhcp::dnsmasq_local_resolv: {get_param: NeutronEnableInternalDNS}
|
||||
neutron::agents::dhcp::dnsmasq_dns_servers: {get_param: NeutronDhcpAgentDnsmasqDnsServers}
|
||||
neutron::agents::dhcp::interface_driver: {get_param: NeutronInterfaceDriver}
|
||||
neutron::agents::dhcp::debug:
|
||||
if:
|
||||
- service_debug_unset
|
||||
- {get_param: Debug}
|
||||
- {get_param: NeutronDhcpAgentDebug}
|
||||
tripleo::neutron_dhcp::firewall_rules:
|
||||
'115 neutron dhcp input':
|
||||
proto: 'udp'
|
||||
dport: 67
|
||||
'116 neutron dhcp output':
|
||||
proto: 'udp'
|
||||
chain: 'OUTPUT'
|
||||
dport: 68
|
||||
- if:
|
||||
- internal_tls_enabled
|
||||
- neutron::agents::dhcp::ovsdb_agent_ssl_key_file: '/etc/pki/tls/private/neutron.key'
|
||||
neutron::agents::dhcp::ovsdb_agent_ssl_cert_file: '/etc/pki/tls/certs/neutron.crt'
|
||||
neutron::agents::dhcp::ovsdb_agent_ssl_ca_file: {get_param: InternalTLSCAFile}
|
||||
- {}
|
||||
- if:
|
||||
- dhcp_ovs_intergation_bridge_unset
|
||||
- {}
|
||||
- neutron::agents::dhcp::ovs_integration_bridge: {get_param: NeutronDhcpOvsIntegrationBridge}
|
||||
service_config_settings:
|
||||
fluentd:
|
||||
tripleo_fluentd_groups_neutron_dhcp:
|
||||
- neutron
|
||||
tripleo_fluentd_sources_neutron_dhcp:
|
||||
- {get_param: NeutronDhcpAgentLoggingSource}
|
||||
step_config: |
|
||||
include tripleo::profile::base::neutron::dhcp
|
||||
upgrade_tasks: []
|
||||
metadata_settings:
|
||||
get_attr: [NeutronBase, role_data, metadata_settings]
|
@ -1,122 +0,0 @@
|
||||
heat_template_version: rocky
|
||||
|
||||
description: >
|
||||
OpenStack Neutron L3 agent configured with Puppet
|
||||
|
||||
parameters:
|
||||
ServiceData:
|
||||
default: {}
|
||||
description: Dictionary packing service data
|
||||
type: json
|
||||
ServiceNetMap:
|
||||
default: {}
|
||||
description: Mapping of service_name -> network name. Typically set
|
||||
via parameter_defaults in the resource registry. This
|
||||
mapping overrides those in ServiceNetMapDefaults.
|
||||
type: json
|
||||
Debug:
|
||||
type: boolean
|
||||
default: false
|
||||
description: Set to True to enable debugging on all services.
|
||||
DefaultPasswords:
|
||||
default: {}
|
||||
type: json
|
||||
RoleName:
|
||||
default: ''
|
||||
description: Role name on which the service is applied
|
||||
type: string
|
||||
RoleParameters:
|
||||
default: {}
|
||||
description: Parameters specific to the role
|
||||
type: json
|
||||
EndpointMap:
|
||||
default: {}
|
||||
description: Mapping of service endpoint -> protocol. Typically set
|
||||
via parameter_defaults in the resource registry.
|
||||
type: json
|
||||
NeutronL3AgentMode:
|
||||
description: |
|
||||
Agent mode for L3 agent. Must be one of legacy or dvr_snat.
|
||||
default: 'legacy'
|
||||
type: string
|
||||
constraints:
|
||||
- allowed_values:
|
||||
- legacy
|
||||
- dvr_snat
|
||||
- dvr
|
||||
tags:
|
||||
- role_specific
|
||||
MonitoringSubscriptionNeutronL3:
|
||||
default: 'overcloud-neutron-l3-agent'
|
||||
type: string
|
||||
NeutronL3AgentDebug:
|
||||
default: ''
|
||||
description: Set to True to enable debugging for Neutron L3 agent.
|
||||
type: string
|
||||
constraints:
|
||||
- allowed_values: [ '', 'true', 'True', 'TRUE', 'false', 'False', 'FALSE']
|
||||
NeutronL3AgentLoggingSource:
|
||||
type: json
|
||||
default:
|
||||
tag: openstack.neutron.agent.l3
|
||||
path: /var/log/neutron/l3-agent.log
|
||||
|
||||
conditions:
|
||||
service_debug_unset: {equals: [{get_param: NeutronL3AgentDebug}, '']}
|
||||
|
||||
resources:
|
||||
|
||||
NeutronBase:
|
||||
type: ./neutron-base.yaml
|
||||
properties:
|
||||
ServiceData: {get_param: ServiceData}
|
||||
ServiceNetMap: {get_param: ServiceNetMap}
|
||||
DefaultPasswords: {get_param: DefaultPasswords}
|
||||
EndpointMap: {get_param: EndpointMap}
|
||||
RoleName: {get_param: RoleName}
|
||||
RoleParameters: {get_param: RoleParameters}
|
||||
|
||||
|
||||
# Merging role-specific parameters (RoleParameters) with the default parameters.
|
||||
# RoleParameters will have the precedence over the default parameters.
|
||||
RoleParametersValue:
|
||||
type: OS::Heat::Value
|
||||
properties:
|
||||
type: json
|
||||
value:
|
||||
map_replace:
|
||||
- map_replace:
|
||||
- neutron::agents::l3::agent_mode: NeutronL3AgentMode
|
||||
- values: {get_param: [RoleParameters]}
|
||||
- values:
|
||||
NeutronL3AgentMode: {get_param: NeutronL3AgentMode}
|
||||
|
||||
outputs:
|
||||
role_data:
|
||||
description: Role data for the Neutron L3 agent service.
|
||||
value:
|
||||
service_name: neutron_l3
|
||||
monitoring_subscription: {get_param: MonitoringSubscriptionNeutronL3}
|
||||
config_settings:
|
||||
map_merge:
|
||||
- get_attr: [NeutronBase, role_data, config_settings]
|
||||
- get_attr: [RoleParametersValue, value]
|
||||
- neutron::agents::l3::debug:
|
||||
if:
|
||||
- service_debug_unset
|
||||
- {get_param: Debug}
|
||||
- {get_param: NeutronL3AgentDebug}
|
||||
tripleo::neutron_l3::firewall_rules:
|
||||
'106 neutron_l3 vrrp':
|
||||
proto: vrrp
|
||||
service_config_settings:
|
||||
fluentd:
|
||||
tripleo_fluentd_groups_neutron_l3:
|
||||
- neutron
|
||||
tripleo_fluentd_sources_neutron_l3:
|
||||
- {get_param: NeutronL3AgentLoggingSource}
|
||||
step_config: |
|
||||
include tripleo::profile::base::neutron::l3
|
||||
upgrade_tasks: []
|
||||
metadata_settings:
|
||||
get_attr: [NeutronBase, role_data, metadata_settings]
|
@ -26,7 +26,7 @@ environments:
|
||||
puppet/services/neutron-plugin-ml2.yaml:
|
||||
parameters:
|
||||
- NeutronPluginExtensions
|
||||
puppet/services/neutron-dhcp.yaml:
|
||||
deployment/neutron/neutron-dhcp-container-puppet.yaml:
|
||||
parameters:
|
||||
- NeutronEnableInternalDNS
|
||||
puppet/services/designate-central.yaml:
|
||||
|
@ -9,7 +9,7 @@ environments:
|
||||
puppet/services/neutron-base.yaml:
|
||||
parameters:
|
||||
- NeutronCorePlugin
|
||||
puppet/services/neutron-dhcp.yaml:
|
||||
deployment/neutron/neutron-dhcp-container-puppet.yaml:
|
||||
parameters:
|
||||
- NeutronEnableIsolatedMetadata
|
||||
sample_values:
|
||||
|
Loading…
Reference in New Issue
Block a user