Fixes certificate generation error for Neutron agents
TLS certificates were introduced for the Neutron Base service in order for Neutron to securely communicate with OVS via SSL/TLS. However, the implementation only required Neutron DHCP agent (ODL deployment) to use the certificates. The other OVS agents are not used in ODL deployments and SSL/TLS use there may be added in the future. However, since other services inherit NeutronBase config_settings, they will attempt to generate certs. This certificate generation will fail because these services do not inherit metadata settings. This patch fixes the above issue by adding the metadata settings inheritance to every service derived from NeutronBase. Closes-Bug: 1754363 Change-Id: I87afc3a11efeefc1cfd768dfe817fbb3b2422694 Signed-off-by: Tim Rozet <trozet@redhat.com>
This commit is contained in:
parent
07857e3f87
commit
df31016a9a
@ -117,6 +117,8 @@ outputs:
|
|||||||
- /run/netns:/run/netns:shared
|
- /run/netns:/run/netns:shared
|
||||||
environment:
|
environment:
|
||||||
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
|
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
|
||||||
|
metadata_settings:
|
||||||
|
get_attr: [NeutronL3Base, role_data, metadata_settings]
|
||||||
host_prep_tasks:
|
host_prep_tasks:
|
||||||
list_concat:
|
list_concat:
|
||||||
- {get_attr: [NeutronLogging, host_prep_tasks]}
|
- {get_attr: [NeutronLogging, host_prep_tasks]}
|
||||||
|
@ -115,6 +115,8 @@ outputs:
|
|||||||
- /var/lib/neutron:/var/lib/neutron
|
- /var/lib/neutron:/var/lib/neutron
|
||||||
environment:
|
environment:
|
||||||
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
|
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
|
||||||
|
metadata_settings:
|
||||||
|
get_attr: [NeutronMetadataBase, role_data, metadata_settings]
|
||||||
host_prep_tasks:
|
host_prep_tasks:
|
||||||
list_concat:
|
list_concat:
|
||||||
- {get_attr: [NeutronLogging, host_prep_tasks]}
|
- {get_attr: [NeutronLogging, host_prep_tasks]}
|
||||||
|
@ -155,6 +155,8 @@ outputs:
|
|||||||
- /run/openvswitch:/run/openvswitch
|
- /run/openvswitch:/run/openvswitch
|
||||||
environment:
|
environment:
|
||||||
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
|
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
|
||||||
|
metadata_settings:
|
||||||
|
get_attr: [NeutronOvsAgentBase, role_data, metadata_settings]
|
||||||
host_prep_tasks: {get_attr: [NeutronLogging, host_prep_tasks]}
|
host_prep_tasks: {get_attr: [NeutronLogging, host_prep_tasks]}
|
||||||
upgrade_tasks:
|
upgrade_tasks:
|
||||||
list_concat:
|
list_concat:
|
||||||
|
@ -95,6 +95,8 @@ outputs:
|
|||||||
get_attr: [NeutronOvsAgentDockerBase, role_data, kolla_config]
|
get_attr: [NeutronOvsAgentDockerBase, role_data, kolla_config]
|
||||||
docker_config:
|
docker_config:
|
||||||
get_attr: [NeutronOvsAgentDockerBase, role_data, docker_config]
|
get_attr: [NeutronOvsAgentDockerBase, role_data, docker_config]
|
||||||
|
metadata_settings:
|
||||||
|
get_attr: [NeutronOvsAgentDockerBase, role_data, metadata_settings]
|
||||||
host_prep_tasks:
|
host_prep_tasks:
|
||||||
get_attr: [NeutronOvsAgentDockerBase, role_data, host_prep_tasks]
|
get_attr: [NeutronOvsAgentDockerBase, role_data, host_prep_tasks]
|
||||||
upgrade_tasks:
|
upgrade_tasks:
|
||||||
|
@ -53,6 +53,8 @@ outputs:
|
|||||||
logging_source: {get_attr: [NeutronMl2VtsBase, role_data, logging_source]}
|
logging_source: {get_attr: [NeutronMl2VtsBase, role_data, logging_source]}
|
||||||
logging_groups: {get_attr: [NeutronMl2VtsBase, role_data, logging_groups]}
|
logging_groups: {get_attr: [NeutronMl2VtsBase, role_data, logging_groups]}
|
||||||
service_config_settings: {get_attr: [NeutronMl2VtsBase, role_data, service_config_settings]}
|
service_config_settings: {get_attr: [NeutronMl2VtsBase, role_data, service_config_settings]}
|
||||||
|
metadata_settings:
|
||||||
|
get_attr: [NeutronMl2VtsBase, role_data, metadata_settings]
|
||||||
# BEGIN DOCKER SETTINGS
|
# BEGIN DOCKER SETTINGS
|
||||||
puppet_config:
|
puppet_config:
|
||||||
config_volume: 'neutron'
|
config_volume: 'neutron'
|
||||||
|
@ -56,6 +56,8 @@ outputs:
|
|||||||
logging_source: {get_attr: [NeutronBase, role_data, logging_source]}
|
logging_source: {get_attr: [NeutronBase, role_data, logging_source]}
|
||||||
logging_groups: {get_attr: [NeutronBase, role_data, logging_groups]}
|
logging_groups: {get_attr: [NeutronBase, role_data, logging_groups]}
|
||||||
service_config_settings: {get_attr: [NeutronBase, role_data, service_config_settings]}
|
service_config_settings: {get_attr: [NeutronBase, role_data, service_config_settings]}
|
||||||
|
metadata_settings:
|
||||||
|
get_attr: [NeutronBase, role_data, metadata_settings]
|
||||||
# BEGIN DOCKER SETTINGS
|
# BEGIN DOCKER SETTINGS
|
||||||
puppet_config:
|
puppet_config:
|
||||||
config_volume: 'neutron'
|
config_volume: 'neutron'
|
||||||
|
@ -110,6 +110,8 @@ outputs:
|
|||||||
environment:
|
environment:
|
||||||
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
|
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
|
||||||
host_prep_tasks: {get_attr: [NeutronLogging, host_prep_tasks]}
|
host_prep_tasks: {get_attr: [NeutronLogging, host_prep_tasks]}
|
||||||
|
metadata_settings:
|
||||||
|
get_attr: [NeutronSriovAgentBase, role_data, metadata_settings]
|
||||||
upgrade_tasks:
|
upgrade_tasks:
|
||||||
- name: Check if neutron_sriov_nic_agent is deployed
|
- name: Check if neutron_sriov_nic_agent is deployed
|
||||||
command: systemctl is-enabled --quiet neutron-sriov-nic-agent
|
command: systemctl is-enabled --quiet neutron-sriov-nic-agent
|
||||||
|
@ -138,6 +138,8 @@ outputs:
|
|||||||
- /run/netns:/run/netns:shared
|
- /run/netns:/run/netns:shared
|
||||||
environment:
|
environment:
|
||||||
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
|
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
|
||||||
|
metadata_settings:
|
||||||
|
get_attr: [OVNMetadataBase, role_data, metadata_settings]
|
||||||
host_prep_tasks:
|
host_prep_tasks:
|
||||||
list_concat:
|
list_concat:
|
||||||
- {get_attr: [NeutronLogging, host_prep_tasks]}
|
- {get_attr: [NeutronLogging, host_prep_tasks]}
|
||||||
|
@ -92,3 +92,5 @@ outputs:
|
|||||||
- {get_param: NeutronL3ComputeAgentLoggingSource}
|
- {get_param: NeutronL3ComputeAgentLoggingSource}
|
||||||
step_config: |
|
step_config: |
|
||||||
include tripleo::profile::base::neutron::l3
|
include tripleo::profile::base::neutron::l3
|
||||||
|
metadata_settings:
|
||||||
|
get_attr: [NeutronBase, role_data, metadata_settings]
|
||||||
|
@ -131,3 +131,5 @@ outputs:
|
|||||||
- step|int == 1
|
- step|int == 1
|
||||||
- neutron_l3_agent_enabled.rc == 0
|
- neutron_l3_agent_enabled.rc == 0
|
||||||
service: name=neutron-l3-agent state=stopped
|
service: name=neutron-l3-agent state=stopped
|
||||||
|
metadata_settings:
|
||||||
|
get_attr: [NeutronBase, role_data, metadata_settings]
|
||||||
|
@ -81,3 +81,5 @@ outputs:
|
|||||||
horizon:
|
horizon:
|
||||||
horizon::neutron_options:
|
horizon::neutron_options:
|
||||||
enable_lb: True
|
enable_lb: True
|
||||||
|
metadata_settings:
|
||||||
|
get_attr: [NeutronBase, role_data, metadata_settings]
|
||||||
|
@ -86,3 +86,5 @@ outputs:
|
|||||||
- neutron::agents::ml2::linuxbridge::firewall_driver: {get_param: NeutronLinuxbridgeFirewallDriver}
|
- neutron::agents::ml2::linuxbridge::firewall_driver: {get_param: NeutronLinuxbridgeFirewallDriver}
|
||||||
step_config: |
|
step_config: |
|
||||||
include ::tripleo::profile::base::neutron::linuxbridge
|
include ::tripleo::profile::base::neutron::linuxbridge
|
||||||
|
metadata_settings:
|
||||||
|
get_attr: [NeutronBase, role_data, metadata_settings]
|
||||||
|
@ -148,3 +148,5 @@ outputs:
|
|||||||
- step|int == 1
|
- step|int == 1
|
||||||
- neutron_metadata_agent_enabled.rc == 0
|
- neutron_metadata_agent_enabled.rc == 0
|
||||||
service: name=neutron-metadata-agent state=stopped
|
service: name=neutron-metadata-agent state=stopped
|
||||||
|
metadata_settings:
|
||||||
|
get_attr: [NeutronBase, role_data, metadata_settings]
|
||||||
|
@ -184,3 +184,5 @@ outputs:
|
|||||||
- step|int == 1
|
- step|int == 1
|
||||||
- neutron_ovs_agent_enabled.rc == 0
|
- neutron_ovs_agent_enabled.rc == 0
|
||||||
service: name=neutron-openvswitch-agent state=stopped
|
service: name=neutron-openvswitch-agent state=stopped
|
||||||
|
metadata_settings:
|
||||||
|
get_attr: [NeutronBase, role_data, metadata_settings]
|
||||||
|
@ -125,3 +125,5 @@ outputs:
|
|||||||
step_config: {get_attr: [NeutronOvsAgent, role_data, step_config]}
|
step_config: {get_attr: [NeutronOvsAgent, role_data, step_config]}
|
||||||
upgrade_tasks:
|
upgrade_tasks:
|
||||||
get_attr: [Ovs, role_data, upgrade_tasks]
|
get_attr: [Ovs, role_data, upgrade_tasks]
|
||||||
|
metadata_settings:
|
||||||
|
get_attr: [NeutronOvsAgent, role_data, metadata_settings]
|
||||||
|
@ -85,3 +85,5 @@ outputs:
|
|||||||
neutron::plugins::ml2::cisco::vts::vts_timeout: {get_param: VTSTimeout}
|
neutron::plugins::ml2::cisco::vts::vts_timeout: {get_param: VTSTimeout}
|
||||||
step_config: |
|
step_config: |
|
||||||
include ::tripleo::profile::base::neutron::plugins::ml2
|
include ::tripleo::profile::base::neutron::plugins::ml2
|
||||||
|
metadata_settings:
|
||||||
|
get_attr: [NeutronMl2Base, role_data, metadata_settings]
|
||||||
|
@ -86,3 +86,5 @@ outputs:
|
|||||||
neutron::plugins::ml2::fujitsu::cfab::save_config: {get_param: NeutronFujitsuCfabSaveConfig}
|
neutron::plugins::ml2::fujitsu::cfab::save_config: {get_param: NeutronFujitsuCfabSaveConfig}
|
||||||
step_config: |
|
step_config: |
|
||||||
include ::tripleo::profile::base::neutron::plugins::ml2
|
include ::tripleo::profile::base::neutron::plugins::ml2
|
||||||
|
metadata_settings:
|
||||||
|
get_attr: [NeutronMl2Base, role_data, metadata_settings]
|
||||||
|
@ -90,4 +90,5 @@ outputs:
|
|||||||
neutron::plugins::ml2::fujitsu::fossw::ovsdb_port: {get_param: NeutronFujitsuFosswOvsdbPort}
|
neutron::plugins::ml2::fujitsu::fossw::ovsdb_port: {get_param: NeutronFujitsuFosswOvsdbPort}
|
||||||
step_config: |
|
step_config: |
|
||||||
include ::tripleo::profile::base::neutron::plugins::ml2
|
include ::tripleo::profile::base::neutron::plugins::ml2
|
||||||
|
metadata_settings:
|
||||||
|
get_attr: [NeutronMl2Base, role_data, metadata_settings]
|
||||||
|
@ -109,3 +109,5 @@ outputs:
|
|||||||
nova::patch::config::monkey_patch_modules: {get_param: NovaPatchConfigMonkeyPatchModules}
|
nova::patch::config::monkey_patch_modules: {get_param: NovaPatchConfigMonkeyPatchModules}
|
||||||
step_config: |
|
step_config: |
|
||||||
include tripleo::profile::base::neutron::plugins::ml2
|
include tripleo::profile::base::neutron::plugins::ml2
|
||||||
|
metadata_settings:
|
||||||
|
get_attr: [NeutronMl2Base, role_data, metadata_settings]
|
||||||
|
@ -71,3 +71,5 @@ outputs:
|
|||||||
- {}
|
- {}
|
||||||
step_config: |
|
step_config: |
|
||||||
include ::tripleo::profile::base::neutron::plugins::ml2
|
include ::tripleo::profile::base::neutron::plugins::ml2
|
||||||
|
metadata_settings:
|
||||||
|
get_attr: [NeutronMl2Base, role_data, metadata_settings]
|
||||||
|
@ -103,3 +103,5 @@ outputs:
|
|||||||
neutron::plugins::ml2::ovn::dvr_enabled: {get_param: NeutronEnableDVR}
|
neutron::plugins::ml2::ovn::dvr_enabled: {get_param: NeutronEnableDVR}
|
||||||
step_config: |
|
step_config: |
|
||||||
include ::tripleo::profile::base::neutron::plugins::ml2
|
include ::tripleo::profile::base::neutron::plugins::ml2
|
||||||
|
metadata_settings:
|
||||||
|
get_attr: [NeutronMl2Base, role_data, metadata_settings]
|
||||||
|
@ -118,3 +118,5 @@ outputs:
|
|||||||
service_config_settings:
|
service_config_settings:
|
||||||
horizon:
|
horizon:
|
||||||
neutron::plugins::ml2::mechanism_drivers: {get_param: NeutronMechanismDrivers}
|
neutron::plugins::ml2::mechanism_drivers: {get_param: NeutronMechanismDrivers}
|
||||||
|
metadata_settings:
|
||||||
|
get_attr: [NeutronBase, role_data, metadata_settings]
|
||||||
|
@ -97,3 +97,5 @@ outputs:
|
|||||||
nova::api::use_forwarded_for: {get_param: UseForwardedFor}
|
nova::api::use_forwarded_for: {get_param: UseForwardedFor}
|
||||||
step_config: |
|
step_config: |
|
||||||
include tripleo::profile::base::neutron::plugins::nuage
|
include tripleo::profile::base::neutron::plugins::nuage
|
||||||
|
metadata_settings:
|
||||||
|
get_attr: [NeutronBase, role_data, metadata_settings]
|
||||||
|
@ -131,3 +131,5 @@ outputs:
|
|||||||
- step|int == 1
|
- step|int == 1
|
||||||
- neutron_sriov_nic_agent_enabled.rc == 0
|
- neutron_sriov_nic_agent_enabled.rc == 0
|
||||||
service: name=neutron-sriov-nic-agent state=stopped
|
service: name=neutron-sriov-nic-agent state=stopped
|
||||||
|
metadata_settings:
|
||||||
|
get_attr: [NeutronBase, role_data, metadata_settings]
|
||||||
|
@ -78,3 +78,5 @@ outputs:
|
|||||||
- get_attr: [RoleParametersValue, value]
|
- get_attr: [RoleParametersValue, value]
|
||||||
step_config: |
|
step_config: |
|
||||||
include ::tripleo::host::sriov
|
include ::tripleo::host::sriov
|
||||||
|
metadata_settings:
|
||||||
|
get_attr: [NeutronBase, role_data, metadata_settings]
|
||||||
|
@ -59,3 +59,5 @@ outputs:
|
|||||||
- tripleo::profile::base::neutron::agents::vpp::physnet_mapping: {get_param: NeutronVPPAgentPhysnets}
|
- tripleo::profile::base::neutron::agents::vpp::physnet_mapping: {get_param: NeutronVPPAgentPhysnets}
|
||||||
step_config: |
|
step_config: |
|
||||||
include ::tripleo::profile::base::neutron::agents::vpp
|
include ::tripleo::profile::base::neutron::agents::vpp
|
||||||
|
metadata_settings:
|
||||||
|
get_attr: [NeutronBase, role_data, metadata_settings]
|
||||||
|
@ -124,3 +124,5 @@ outputs:
|
|||||||
- step|int == 1
|
- step|int == 1
|
||||||
- neutron_metadata_agent_enabled.rc == 0
|
- neutron_metadata_agent_enabled.rc == 0
|
||||||
service: name=networking-ovn-metadata-agent state=stopped
|
service: name=networking-ovn-metadata-agent state=stopped
|
||||||
|
metadata_settings:
|
||||||
|
get_attr: [NeutronBase, role_data, metadata_settings]
|
||||||
|
@ -0,0 +1,6 @@
|
|||||||
|
---
|
||||||
|
fixes:
|
||||||
|
- |
|
||||||
|
Fixes failure to create Neutron certificates for roles which do not
|
||||||
|
contain Neutron DHCP agent, but include other Neutron agents
|
||||||
|
(i.e. default Compute role).
|
Loading…
Reference in New Issue
Block a user