Browse Source

Merge "Simplify neutron service templates"

changes/11/782611/4
Zuul 3 months ago
committed by Gerrit Code Review
parent
commit
eded47e014
  1. 5
      deployment/neutron/neutron-agents-ib-config-container-puppet.yaml
  2. 118
      deployment/neutron/neutron-api-container-puppet.yaml
  3. 13
      deployment/neutron/neutron-base.yaml
  4. 1
      deployment/neutron/neutron-bgpvpn-api-container-puppet.yaml
  5. 1
      deployment/neutron/neutron-bigswitch-agent-baremetal-puppet.yaml
  6. 6
      deployment/neutron/neutron-controller-plugin-nuage.yaml
  7. 60
      deployment/neutron/neutron-dhcp-container-puppet.yaml
  8. 6
      deployment/neutron/neutron-l2gw-agent-baremetal-puppet.yaml
  9. 5
      deployment/neutron/neutron-l2gw-api-container-puppet.yaml
  10. 56
      deployment/neutron/neutron-l3-container-puppet.yaml
  11. 10
      deployment/neutron/neutron-linuxbridge-agent-baremetal-puppet.yaml
  12. 31
      deployment/neutron/neutron-metadata-container-puppet.yaml
  13. 11
      deployment/neutron/neutron-mlnx-agent-container-puppet.yaml
  14. 1
      deployment/neutron/neutron-ovn-dpdk-config-container-puppet.yaml
  15. 53
      deployment/neutron/neutron-ovs-agent-container-puppet.yaml
  16. 4
      deployment/neutron/neutron-ovs-dpdk-agent-container-puppet.yaml
  17. 1
      deployment/neutron/neutron-plugin-ml2-ansible-container-puppet.yaml
  18. 1
      deployment/neutron/neutron-plugin-ml2-cisco-vts-container-puppet.yaml
  19. 1
      deployment/neutron/neutron-plugin-ml2-container-puppet.yaml
  20. 11
      deployment/neutron/neutron-plugin-ml2-mlnx-sdn-assist-container-puppet.yaml
  21. 1
      deployment/neutron/neutron-plugin-ml2-nuage.yaml
  22. 24
      deployment/neutron/neutron-plugin-ml2-ovn.yaml
  23. 10
      deployment/neutron/neutron-plugin-ml2.yaml
  24. 1
      deployment/neutron/neutron-plugin-nuage.yaml
  25. 13
      deployment/neutron/neutron-sriov-agent-container-puppet.yaml
  26. 1
      deployment/neutron/neutron-vpp-agent-baremetal-puppet.yaml

5
deployment/neutron/neutron-agents-ib-config-container-puppet.yaml

@ -48,7 +48,6 @@ parameters:
- role_specific
resources:
ContainersCommon:
type: ../containers-common.yaml
@ -111,11 +110,9 @@ outputs:
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /lib/modules:/lib/modules:ro
- - /lib/modules:/lib/modules:ro
- /usr/share/openstack-puppet/modules/:/usr/share/openstack-puppet/modules/:ro
- /var/lib/config-data/puppet-generated/neutron/etc/neutron:/etc/neutron
- ''
environment:
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
TRIPLEO_DEPLOY_IDENTIFIER: {get_param: DeployIdentifier}

118
deployment/neutron/neutron-api-container-puppet.yaml

@ -191,20 +191,24 @@ parameter_groups:
- NeutronL3HA
conditions:
use_tls_proxy: {equals : [{get_param: EnableInternalTLS}, true]}
neutron_workers_unset: {equals : [{get_param: NeutronWorkers}, '']}
neutron_rpc_workers_unset: {equals : [{get_param: NeutronRpcWorkers}, '']}
neutron_ovs_int_br_unset: {equals : [{get_param: NeutronOvsIntegrationBridge}, '']}
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
neutron_dvr_unset: {equals : [{get_param: NeutronEnableDVR}, '']}
is_ovn_in_neutron_mechanism_driver: {contains: ['ovn', {get_param: NeutronMechanismDrivers}]}
az_unset: {equals: [{get_param: NeutronDefaultAvailabilityZones}, '']}
ovn_and_tls: {and: [is_ovn_in_neutron_mechanism_driver, internal_tls_enabled]}
enable_sqlalchemy_collectd: {equals : [{get_param: EnableSQLAlchemyCollectd}, true]}
key_size_override_unset: {equals: [{get_param: NeutronCertificateKeySize}, '']}
neutron_workers_set:
not: {equals : [{get_param: NeutronWorkers}, '']}
neutron_rpc_workers_set:
not: {equals : [{get_param: NeutronRpcWorkers}, '']}
neutron_ovs_int_br_set:
not: {equals : [{get_param: NeutronOvsIntegrationBridge}, '']}
neutron_dvr_set:
not: {equals : [{get_param: NeutronEnableDVR}, '']}
az_set:
not: {equals: [{get_param: NeutronDefaultAvailabilityZones}, '']}
ovn_and_tls:
and:
- contains: ['ovn', {get_param: NeutronMechanismDrivers}]
- {get_param: EnableInternalTLS}
key_size_override_set:
not: {equals: [{get_param: NeutronCertificateKeySize}, '']}
resources:
TLSProxyBase:
type: OS::TripleO::Services::TLSProxyBase
properties:
@ -271,17 +275,14 @@ outputs:
path: /ovs_neutron
query:
if:
- enable_sqlalchemy_collectd
-
read_default_file: /etc/my.cnf.d/tripleo.cnf
read_default_group: tripleo
plugin: collectd
collectd_program_name: ovs_neutron
collectd_host: localhost
-
read_default_file: /etc/my.cnf.d/tripleo.cnf
read_default_group: tripleo
- {get_param: EnableSQLAlchemyCollectd}
- read_default_file: /etc/my.cnf.d/tripleo.cnf
read_default_group: tripleo
plugin: collectd
collectd_program_name: ovs_neutron
collectd_host: localhost
- read_default_file: /etc/my.cnf.d/tripleo.cnf
read_default_group: tripleo
neutron::policy::policies: {get_param: NeutronApiPolicies}
neutron::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
neutron::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
@ -335,7 +336,7 @@ outputs:
# proxy in front.
neutron::bind_host:
if:
- use_tls_proxy
- {get_param: EnableInternalTLS}
- "%{hiera('localhost_address')}"
- str_replace:
template:
@ -343,55 +344,40 @@ outputs:
params:
$NETWORK: {get_param: [ServiceNetMap, NeutronApiNetwork]}
tripleo::profile::base::neutron::server::l3_ha_override: {get_param: NeutronL3HA}
-
if:
- neutron_dvr_unset
- {}
- if:
- neutron_dvr_set
- neutron::server::router_distributed: {get_param: NeutronEnableDVR}
neutron::server::enable_dvr: {get_param: NeutronEnableDVR}
-
if:
- neutron_workers_unset
- {}
- if:
- neutron_workers_set
- neutron::server::api_workers: {get_param: NeutronWorkers}
-
if:
- neutron_rpc_workers_unset
-
if:
- neutron_workers_unset
- {}
- neutron::server::rpc_workers: {get_param: NeutronWorkers}
- if:
- neutron_rpc_workers_set
- neutron::server::rpc_workers: {get_param: NeutronRpcWorkers}
-
if:
- neutron_ovs_int_br_unset
- {}
- if:
- neutron_workers_set
- neutron::server::rpc_workers: {get_param: NeutronWorkers}
- if:
- neutron_ovs_int_br_set
- neutron::server::ovs_integration_bridge: {get_param: NeutronOvsIntegrationBridge}
-
if:
- az_unset
- {}
-
neutron::server::dhcp_load_type: {get_param: NeutronDhcpLoadType}
- if:
- az_set
- neutron::server::dhcp_load_type: {get_param: NeutronDhcpLoadType}
neutron::server::network_scheduler_driver:
{get_param: NeutronNetworkSchedulerDriver}
neutron::server::router_scheduler_driver:
{get_param: NeutronRouterSchedulerDriver}
neutron::server::default_availability_zones:
{get_param: NeutronDefaultAvailabilityZones}
-
if:
- if:
- ovn_and_tls
-
tripleo::profile::base::neutron::plugins::ml2::ovn::protocol: 'ssl'
- tripleo::profile::base::neutron::plugins::ml2::ovn::protocol: 'ssl'
tripleo::profile::base::neutron::plugins::ml2::ovn::ovn_nb_private_key: '/etc/pki/tls/private/neutron_ovn.key'
tripleo::profile::base::neutron::plugins::ml2::ovn::ovn_nb_certificate: '/etc/pki/tls/certs/neutron_ovn.crt'
tripleo::profile::base::neutron::plugins::ml2::ovn::ovn_sb_private_key: '/etc/pki/tls/private/neutron_ovn.key'
tripleo::profile::base::neutron::plugins::ml2::ovn::ovn_sb_certificate: '/etc/pki/tls/certs/neutron_ovn.crt'
tripleo::profile::base::neutron::plugins::ml2::ovn::ovn_nb_ca_cert: {get_param: InternalTLSCAFile}
tripleo::profile::base::neutron::plugins::ml2::ovn::ovn_sb_ca_cert: {get_param: InternalTLSCAFile}
- {}
service_config_settings:
rsyslog:
tripleo_logging_sources_neutron_api:
@ -499,21 +485,18 @@ outputs:
- {get_attr: [ContainersCommon, volumes]}
- {get_attr: [NeutronLogging, volumes]}
- {get_param: NeutronApiOptVolumes}
-
- /var/lib/kolla/config_files/neutron_api.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/kolla/config_files/neutron_api.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/neutron:/var/lib/kolla/config_files/src:ro
- if:
- ovn_and_tls
-
- /etc/pki/tls/certs/neutron_ovn.crt:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/neutron_ovn.crt:ro
- - /etc/pki/tls/certs/neutron_ovn.crt:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/neutron_ovn.crt:ro
- /etc/pki/tls/private/neutron_ovn.key:/var/lib/kolla/config_files/src-tls/etc/pki/tls/private/neutron_ovn.key:ro
- null
environment:
map_merge:
- {get_param: NeutronApiOptEnvVars}
- KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
- if:
- internal_tls_enabled
- {get_param: EnableInternalTLS}
- neutron_server_tls_proxy:
image: *neutron_api_image
net: host
@ -523,14 +506,12 @@ outputs:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
- {get_attr: [NeutronLogging, volumes]}
-
- /var/lib/kolla/config_files/neutron_server_tls_proxy.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/kolla/config_files/neutron_server_tls_proxy.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/neutron:/var/lib/kolla/config_files/src:ro
- /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
- /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
environment:
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
- {}
host_prep_tasks: {get_attr: [NeutronLogging, host_prep_tasks]}
metadata_settings:
list_concat:
@ -540,12 +521,10 @@ outputs:
- - service: neutron_ovn
network: {get_param: [ServiceNetMap, NeutronApiNetwork]}
type: node
- null
deploy_steps_tasks:
if:
- ovn_and_tls
-
- name: Certificate generation
- - name: Certificate generation
when: step|int == 1
block:
- include_role:
@ -565,11 +544,10 @@ outputs:
$NETWORK: {get_param: [ServiceNetMap, NeutronApiNetwork]}
key_size:
if:
- key_size_override_unset
- {get_param: CertificateKeySize}
- key_size_override_set
- {get_param: NeutronCertificateKeySize}
- {get_param: CertificateKeySize}
ca: ipa
- null
external_upgrade_tasks:
- when:
- step|int == 1

13
deployment/neutron/neutron-base.yaml

@ -108,8 +108,10 @@ parameters:
type: boolean
conditions:
dhcp_agents_zero: {equals : [{get_param: NeutronDhcpAgentsPerNetwork}, 0]}
global_physnet_mtu_unset: {equals: [{get_param: NeutronGlobalPhysnetMtu}, 0]}
dhcp_agents_set:
not: {equals : [{get_param: NeutronDhcpAgentsPerNetwork}, 0]}
global_physnet_mtu_set:
not: {equals: [{get_param: NeutronGlobalPhysnetMtu}, 0]}
outputs:
role_data:
@ -137,12 +139,11 @@ outputs:
neutron::db::sync::db_sync_timeout: {get_param: DatabaseSyncTimeout}
neutron::global_physnet_mtu:
if:
- global_physnet_mtu_unset
- {get_param: TenantNetPhysnetMtu}
- global_physnet_mtu_set
- {get_param: NeutronGlobalPhysnetMtu}
- {get_param: TenantNetPhysnetMtu}
neutron::db::sync::extra_params: {get_param: NeutronDBSyncExtraParams}
neutron::vlan_transparent: {get_param: EnableVLANTransparency}
- if:
- dhcp_agents_zero
- {}
- dhcp_agents_set
- tripleo::profile::base::neutron::dhcp_agents_per_network: {get_param: NeutronDhcpAgentsPerNetwork}

1
deployment/neutron/neutron-bgpvpn-api-container-puppet.yaml

@ -36,7 +36,6 @@ parameters:
type: string
resources:
ContainersCommon:
type: ../containers-common.yaml

1
deployment/neutron/neutron-bigswitch-agent-baremetal-puppet.yaml

@ -28,7 +28,6 @@ parameters:
via parameter_defaults in the resource registry.
type: json
outputs:
role_data:
description: Configure the bigswitch agent services

6
deployment/neutron/neutron-controller-plugin-nuage.yaml

@ -50,20 +50,16 @@ parameters:
type: boolean
default: false
conditions:
apply_vxlan_iptables_rule: {equals : [{get_param: ControllerVxlanIPtableRule}, true]}
outputs:
role_data:
description: Role data for the Neutron Controller Nuage plugin
value:
firewall_rules:
- if:
- apply_vxlan_iptables_rule
- {get_param: ControllerVxlanIPtableRule}
- '118 neutron vxlan networks':
proto: 'udp'
dport: 4789
- {}
service_name: neutron_controller_plugin_nuage
config_settings:
map_merge:

60
deployment/neutron/neutron-dhcp-container-puppet.yaml

@ -154,17 +154,14 @@ parameters:
certificate for this service
conditions:
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
dnsmasq_wrapper_enabled: {equals: [{get_param: NeutronEnableDnsmasqDockerWrapper}, true]}
haproxy_wrapper_enabled: {equals: [{get_param: NeutronEnableHaproxyDockerWrapper}, true]}
docker_enabled: {equals: [{get_param: ContainerCli}, 'docker']}
dhcp_ovs_intergation_bridge_unset: {equals: [{get_param: NeutronDhcpOvsIntegrationBridge}, '']}
az_unset: {equals: [{get_param: NeutronDhcpAgentAvailabilityZone}, '']}
key_size_override_unset: {equals: [{get_param: NeutronDhcpCertificateKeySize}, '']}
dhcp_ovs_intergation_bridge_set:
not: {equals: [{get_param: NeutronDhcpOvsIntegrationBridge}, '']}
az_set:
not: {equals: [{get_param: NeutronDhcpAgentAvailabilityZone}, '']}
key_size_override_set:
not: {equals: [{get_param: NeutronDhcpCertificateKeySize}, '']}
resources:
ContainersCommon:
type: ../containers-common.yaml
@ -242,18 +239,15 @@ outputs:
- true
- {get_param: Debug}
- if:
- internal_tls_enabled
- {get_param: EnableInternalTLS}
- neutron::agents::dhcp::ovsdb_agent_ssl_key_file: '/etc/pki/tls/private/neutron.key'
neutron::agents::dhcp::ovsdb_agent_ssl_cert_file: '/etc/pki/tls/certs/neutron.crt'
neutron::agents::dhcp::ovsdb_agent_ssl_ca_file: {get_param: InternalTLSCAFile}
- {}
- if:
- dhcp_ovs_intergation_bridge_unset
- {}
- dhcp_ovs_intergation_bridge_set
- neutron::agents::dhcp::ovs_integration_bridge: {get_param: NeutronDhcpOvsIntegrationBridge}
- if:
- az_unset
- {}
- az_set
- neutron::agents::dhcp::availability_zone: {get_param: NeutronDhcpAgentAvailabilityZone}
service_config_settings:
map_merge:
@ -336,45 +330,31 @@ outputs:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
- {get_attr: [NeutronLogging, volumes]}
-
- /var/lib/kolla/config_files/neutron_dhcp.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/kolla/config_files/neutron_dhcp.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/neutron:/var/lib/kolla/config_files/src:ro
- /lib/modules:/lib/modules:ro
- /run/openvswitch:/run/openvswitch:shared,z
- /var/lib/neutron:/var/lib/neutron:shared,z
- /run/netns:/run/netns:shared
- /var/lib/neutron/kill_scripts:/etc/neutron/kill_scripts:shared,z
-
if:
- docker_enabled
- - /var/lib/openstack:/var/lib/openstack
- null
-
if:
- dnsmasq_wrapper_enabled
- if:
- {get_param: NeutronEnableDnsmasqDockerWrapper}
- - /var/lib/neutron/dnsmasq_wrapper:/usr/local/bin/dnsmasq:ro
- null
-
if:
- haproxy_wrapper_enabled
- if:
- {get_param: NeutronEnableHaproxyDockerWrapper}
- - /var/lib/neutron/dhcp_haproxy_wrapper:/usr/local/bin/haproxy:ro
- null
-
if:
- internal_tls_enabled
- if:
- {get_param: EnableInternalTLS}
- - /etc/pki/tls/certs/neutron.crt:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/neutron.crt:ro
- /etc/pki/tls/private/neutron.key:/var/lib/kolla/config_files/src-tls/etc/pki/tls/private/neutron.key:ro
- null
environment:
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
metadata_settings:
if:
- internal_tls_enabled
-
- service: neutron
- {get_param: EnableInternalTLS}
- - service: neutron
network: {get_param: [ServiceNetMap, NeutronApiNetwork]}
type: node
- null
deploy_steps_tasks:
- name: Certificate generation
when:
@ -411,9 +391,9 @@ outputs:
# No need to trigger a reload for neutron dhcpd since the cert is not cached
key_size:
if:
- key_size_override_unset
- {get_param: CertificateKeySize}
- key_size_override_set
- {get_param: NeutronDhcpCertificateKeySize}
- {get_param: CertificateKeySize}
ca: ipa
host_prep_tasks:
list_concat:

6
deployment/neutron/neutron-l2gw-agent-baremetal-puppet.yaml

@ -68,21 +68,17 @@ parameters:
tag: openstack.neutron.agent.l2gw
file: /var/log/neutron/l2gw-agent.log
conditions:
internal_manager_enabled: {equals: [{get_param: L2gwAgentEnableManager}, True]}
outputs:
role_data:
description: Role data for the L2 Gateway role.
value:
service_name: neutron_l2gw_agent
if:
- internal_manager_enabled
- {get_param: L2gwAgentEnableManager}
- firewall_rules:
'142 neutron l2gw agent input':
proto: 'tcp'
dport: {get_param: L2gwAgentManagerTableListeningPort}
- null
monitoring_subscription: {get_param: MonitoringSubscriptionNeutronL2gwAgent}
config_settings:
neutron::agents::l2gw::ovsdb_hosts: {get_param: L2gwAgentOvsdbHosts}

5
deployment/neutron/neutron-l2gw-api-container-puppet.yaml

@ -51,11 +51,6 @@ parameters:
description: Backend to use as a service provider for L2 Gateway
type: comma_delimited_list
resources:
ContainersCommon:
type: ../containers-common.yaml
outputs:
role_data:
description: Role data for the L2 Gateway role.

56
deployment/neutron/neutron-l3-container-puppet.yaml

@ -126,16 +126,12 @@ parameters:
type: string
conditions:
keepalived_wrapper_enabled: {equals: [{get_param: NeutronEnableKeepalivedWrapper}, true]}
haproxy_wrapper_enabled: {equals: [{get_param: NeutronEnableHaproxyDockerWrapper}, true]}
dibbler_wrapper_enabled: {equals: [{get_param: NeutronEnableDibblerDockerWrapper}, true]}
radvd_wrapper_enabled: {equals: [{get_param: NeutronEnableRadvdDockerWrapper}, true]}
docker_enabled: {equals: [{get_param: ContainerCli}, 'docker']}
az_unset: {equals: [{get_param: NeutronL3AgentAvailabilityZone}, '']}
l3_agent_extensions_empty: {equals : [{get_param: NeutronL3AgentExtensions}, "''"]}
az_set:
not: {equals: [{get_param: NeutronL3AgentAvailabilityZone}, '']}
l3_agent_extensions_set:
not: {equals : [{get_param: NeutronL3AgentExtensions}, "''"]}
resources:
ContainersCommon:
type: ../containers-common.yaml
@ -207,12 +203,10 @@ outputs:
- true
- {get_param: Debug}
- if:
- az_unset
- {}
- az_set
- neutron::agents::l3::availability_zone: {get_param: NeutronL3AgentAvailabilityZone}
- if:
- l3_agent_extensions_empty
- {}
- l3_agent_extensions_set
- neutron::agents::l3::extensions: {get_param: NeutronL3AgentExtensions}
- neutron::agents::l3::radvd_user: {get_param: NeutronL3AgentRadvdUser}
service_config_settings:
@ -257,8 +251,7 @@ outputs:
user: root
command: # '/container_puppet_apply.sh "STEP" "TAGS" "CONFIG" "DEBUG"'
list_concat:
-
- '/container_puppet_apply.sh'
- - '/container_puppet_apply.sh'
- '4'
- 'file'
- 'include ::tripleo::profile::base::neutron::l3_agent_wrappers'
@ -266,8 +259,7 @@ outputs:
volumes:
list_concat:
- {get_attr: [ContainersCommon, container_puppet_apply_volumes]}
-
- /run/openvswitch:/run/openvswitch:shared,z
- - /run/openvswitch:/run/openvswitch:shared,z
- /var/lib/neutron:/var/lib/neutron:shared,z
step_4:
neutron_l3_agent:
@ -285,39 +277,25 @@ outputs:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
- {get_attr: [NeutronLogging, volumes]}
-
- /var/lib/kolla/config_files/neutron_l3_agent.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/kolla/config_files/neutron_l3_agent.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/neutron:/var/lib/kolla/config_files/src:ro
- /lib/modules:/lib/modules:ro
- /run/openvswitch:/run/openvswitch:shared,z
- /var/lib/neutron:/var/lib/neutron:shared,z
- /run/netns:/run/netns:shared
- /var/lib/neutron/kill_scripts:/etc/neutron/kill_scripts:shared,z
-
if:
- docker_enabled
- - /var/lib/openstack:/var/lib/openstack
- null
-
if:
- keepalived_wrapper_enabled
- if:
- {get_param: NeutronEnableKeepalivedWrapper}
- - /var/lib/neutron/keepalived_wrapper:/usr/local/bin/keepalived:ro
- null
-
if:
- haproxy_wrapper_enabled
- if:
- {get_param: NeutronEnableHaproxyDockerWrapper}
- - /var/lib/neutron/l3_haproxy_wrapper:/usr/local/bin/haproxy:ro
- null
-
if:
- radvd_wrapper_enabled
- if:
- {get_param: NeutronEnableRadvdDockerWrapper}
- - /var/lib/neutron/radvd_wrapper:/usr/local/bin/radvd:ro
- null
-
if:
- dibbler_wrapper_enabled
- if:
- {get_param: NeutronEnableDibblerDockerWrapper}
- - /var/lib/neutron/dibbler_wrapper:/usr/local/bin/dibbler_client:ro
- null
environment:
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
metadata_settings:

10
deployment/neutron/neutron-linuxbridge-agent-baremetal-puppet.yaml

@ -50,10 +50,10 @@ parameters:
type: comma_delimited_list
conditions:
no_firewall_driver: {equals : [{get_param: NeutronLinuxbridgeFirewallDriver}, '']}
firewall_driver_set:
not: {equals : [{get_param: NeutronLinuxbridgeFirewallDriver}, '']}
resources:
NeutronBase:
type: ./neutron-base.yaml
properties:
@ -80,10 +80,8 @@ outputs:
$NETWORK: {get_param: [ServiceNetMap, NeutronTenantNetwork]}
neutron::agents::dhcp::interface_driver: 'neutron.agent.linux.interface.BridgeInterfaceDriver'
neutron::agents::dhcp::dhcp_driver: 'neutron.agent.linux.dhcp.Dnsmasq'
-
if:
- no_firewall_driver
- {}
- if:
- firewall_driver_set
- neutron::agents::ml2::linuxbridge::firewall_driver: {get_param: NeutronLinuxbridgeFirewallDriver}
step_config: |
include tripleo::profile::base::neutron::linuxbridge

31
deployment/neutron/neutron-metadata-container-puppet.yaml

@ -73,12 +73,12 @@ parameters:
default: false
conditions:
neutron_workers_unset: {equals : [{get_param: NeutronWorkers}, '']}
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
is_neutron_shared_metadata_notempty: {not: {equals: [{get_param: NeutronMetadataProxySharedSecret}, '']}}
neutron_workers_set:
not: {equals : [{get_param: NeutronWorkers}, '']}
neutron_shared_metadata_set:
not: {equals: [{get_param: NeutronMetadataProxySharedSecret}, '']}
resources:
ContainersCommon:
type: ../containers-common.yaml
@ -122,19 +122,17 @@ outputs:
$NETWORK: {get_param: [ServiceNetMap, NovaMetadataNetwork]}
neutron::agents::metadata::metadata_protocol:
if:
- internal_tls_enabled
- {get_param: EnableInternalTLS}
- 'https'
- 'http'
-
if:
- neutron_workers_unset
- {}
- neutron::agents::metadata::metadata_workers: {get_param: NeutronWorkers}
-
if:
- is_neutron_shared_metadata_notempty
- neutron::agents::metadata::shared_secret: {get_param: NeutronMetadataProxySharedSecret}
- {}
neutron::agents::metadata::metadata_workers:
if:
- neutron_workers_set
- {get_param: NeutronWorkers}
neutron::agents::metadata::shared_secret:
if:
- neutron_shared_metadata_set
- {get_param: NeutronMetadataProxySharedSecret}
service_config_settings:
map_merge:
- get_attr: [NeutronBase, role_data, service_config_settings]
@ -180,8 +178,7 @@ outputs:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
- {get_attr: [NeutronLogging, volumes]}
-
- /var/lib/kolla/config_files/neutron_metadata_agent.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/kolla/config_files/neutron_metadata_agent.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/neutron:/var/lib/kolla/config_files/src:ro
- /lib/modules:/lib/modules:ro
- /var/lib/neutron:/var/lib/neutron:shared,z

11
deployment/neutron/neutron-mlnx-agent-container-puppet.yaml

@ -59,7 +59,6 @@ parameters:
- role_specific
resources:
# Merging role-specific parameters (RoleParameters) with the default parameters.
# RoleParameters will have the precedence over the default parameters.
RoleParametersValue:
@ -166,13 +165,11 @@ outputs:
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/neutron_mlnx_agent.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/kolla/config_files/neutron_mlnx_agent.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/neutron:/var/lib/kolla/config_files/src:ro
- /lib/modules:/lib/modules:ro
- /usr/share/openstack-puppet/modules/:/usr/share/openstack-puppet/modules/:ro
- /var/lib/config-data/puppet-generated/neutron/etc/neutron:/etc/neutron
- ''
environment:
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
TRIPLEO_DEPLOY_IDENTIFIER: {get_param: DeployIdentifier}
@ -189,8 +186,7 @@ outputs:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
- {get_attr: [MlnxAgentLogging, volumes]}
-
- /var/lib/kolla/config_files/neutron_mlnx_agent.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/kolla/config_files/neutron_mlnx_agent.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/neutron:/var/lib/kolla/config_files/src:ro
- /lib/modules:/lib/modules:ro
- /run:/run
@ -209,8 +205,7 @@ outputs:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
- {get_attr: [EswitchdLogging, volumes]}
-
- /var/lib/kolla/config_files/eswitchd.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/kolla/config_files/eswitchd.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/neutron:/var/lib/kolla/config_files/src:ro
- /lib/modules:/lib/modules:ro
- /run:/run

1
deployment/neutron/neutron-ovn-dpdk-config-container-puppet.yaml

@ -47,7 +47,6 @@ parameters:
- role_specific
resources:
OpenvswitchDpdk:
type: ./../openvswitch/openvswitch-dpdk-baremetal-ansible.yaml
properties:

53
deployment/neutron/neutron-ovs-agent-container-puppet.yaml

@ -142,13 +142,14 @@ parameters:
default: false
conditions:
no_firewall_driver: {equals : [{get_param: NeutronOVSFirewallDriver}, '']}
docker_puppet_mount_host: {equals: [{get_param: DockerPuppetMountHostPuppet}, true]}
neutron_dvr_unset: {equals : [{get_param: NeutronEnableDVR}, '']}
ethertypes_unset: {equals : [{get_param: NeutronPermittedEthertypes}, []]}
firewall_driver_set:
not: {equals : [{get_param: NeutronOVSFirewallDriver}, '']}
neutron_dvr_set:
not: {equals : [{get_param: NeutronEnableDVR}, '']}
ethertypes_set:
not: {equals : [{get_param: NeutronPermittedEthertypes}, []]}
resources:
ContainersCommon:
type: ../containers-common.yaml
@ -221,21 +222,18 @@ outputs:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, NeutronTenantNetwork]}
-
if:
- neutron_dvr_unset
- {}
- neutron::agents::ml2::ovs::enable_distributed_routing: {get_param: NeutronEnableDVR}
-
if:
- no_firewall_driver
- {}
- neutron::agents::ml2::ovs::firewall_driver: {get_param: NeutronOVSFirewallDriver}
-
if:
- ethertypes_unset
- {}
- neutron::agents::ml2::ovs::permitted_ethertypes: {get_param: NeutronPermittedEthertypes}
neutron::agents::ml2::ovs::enable_distributed_routing:
if:
- neutron_dvr_set
- {get_param: NeutronEnableDVR}
neutron::agents::ml2::ovs::firewall_driver:
if:
- firewall_driver_set
- {get_param: NeutronOVSFirewallDriver}
neutron::agents::ml2::ovs::permitted_ethertypes:
if:
- ethertypes_set
- {get_param: NeutronPermittedEthertypes}
service_config_settings:
map_merge:
@ -322,16 +320,13 @@ outputs:
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/neutron_ovs_agent.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/kolla/config_files/neutron_ovs_agent.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/neutron:/var/lib/kolla/config_files/src:ro
- /lib/modules:/lib/modules:ro
- /run/openvswitch:/run/openvswitch:shared,z
-
if:
- docker_puppet_mount_host
- if:
- {get_param: DockerPuppetMountHostPuppet}
- /usr/share/openstack-puppet/modules/:/usr/share/openstack-puppet/modules/:ro
- ''
environment:
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
TRIPLEO_DEPLOY_IDENTIFIER: {get_param: DeployIdentifier}
@ -352,8 +347,7 @@ outputs:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
- {get_attr: [NeutronLogging, volumes]}
-
- /var/lib/kolla/config_files/neutron_ovs_agent.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/kolla/config_files/neutron_ovs_agent.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/neutron:/var/lib/kolla/config_files/src:ro
- /var/lib/container-config-scripts/neutron_ovs_agent_launcher.sh:/neutron_ovs_agent_launcher.sh:ro
- /lib/modules:/lib/modules:ro
@ -365,8 +359,7 @@ outputs:
host_prep_tasks:
list_concat:
- {get_attr: [NeutronLogging, host_prep_tasks]}
-
- block:
- - block:
- name: load openvswitch module
import_role:
name: tripleo_module_load

4
deployment/neutron/neutron-ovs-dpdk-agent-container-puppet.yaml

@ -65,7 +65,6 @@ parameters:
- role_specific
resources:
NeutronOvsAgent:
type: ./neutron-ovs-agent-container-puppet.yaml
properties:
@ -155,8 +154,7 @@ outputs:
upgrade_tasks:
list_concat:
- get_attr: [NeutronOvsAgent, role_data, upgrade_tasks]
-
- name: upgrade prepare for leapp to vfio-pci.conf
- - name: upgrade prepare for leapp to vfio-pci.conf
tags:
- never
- system_upgrade

1
deployment/neutron/neutron-plugin-ml2-ansible-container-puppet.yaml

@ -40,7 +40,6 @@ parameters:
hidden: true
resources:
NeutronMl2Base:
type: OS::TripleO::Services::NeutronMl2PluginBase
properties:

1
deployment/neutron/neutron-plugin-ml2-cisco-vts-container-puppet.yaml

@ -58,7 +58,6 @@ parameters:
default: 120
resources:
NeutronMl2Base:
type: ./neutron-plugin-ml2.yaml
properties:

1
deployment/neutron/neutron-plugin-ml2-container-puppet.yaml

@ -36,7 +36,6 @@ parameters:
type: string
resources:
NeutronBase:
type: OS::TripleO::Services::NeutronMl2PluginBase
properties:

11
deployment/neutron/neutron-plugin-ml2-mlnx-sdn-assist-container-puppet.yaml

@ -55,12 +55,7 @@ parameters:
type: string
default: 'datacentre'
conditions:
multi_interface_enabled: {equals: [{get_param: MultiInterfaceEnabled}, true]}
resources:
NeutronMl2Base:
type: ./neutron-plugin-ml2.yaml
properties:
@ -83,12 +78,10 @@ outputs:
neutron::plugins::ml2::mellanox::mlnx_sdn_assist::sdn_url: {get_param: MlnxSDNUrl}
neutron::plugins::ml2::mellanox::mlnx_sdn_assist::sdn_domain: {get_param: MlnxSDNDomain}
neutron::plugins::ml2::mellanox::mlnx_sdn_assist::sync_enabled: {get_param: MlnxSDNSyncEnabled}
-
if:
- multi_interface_enabled
- if:
- {get_param: MultiInterfaceEnabled}
- neutron::plugins::ml2::mellanox::mlnx_sdn_assist::bind_normal_ports: {get_param: MultiInterfaceEnabled}
neutron::plugins::ml2::mellanox::mlnx_sdn_assist::bind_normal_ports_physnets: {get_param: BindNormalPortsPhysnet}
- {}
service_config_settings: {}
# BEGIN DOCKER SETTINGS
puppet_config:

1
deployment/neutron/neutron-plugin-ml2-nuage.yaml

@ -80,7 +80,6 @@ parameters:
default: false
resources:
NeutronMl2Base:
type: ./neutron-plugin-ml2.yaml
properties:

24
deployment/neutron/neutron-plugin-ml2-ovn.yaml

@ -97,7 +97,8 @@ parameters:
br-int | grep "Check pkt length action"'.
conditions:
neutron_dvr_unset: {equals : [{get_param: NeutronEnableDVR}, '']}
neutron_dvr_set:
not: {equals : [{get_param: NeutronEnableDVR}, '']}
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
vhostuser_dir_set:
or:
@ -105,7 +106,6 @@ conditions:
- {not: {equals: [{get_param: [RoleParameters, NeutronVhostuserSocketDir]}, ""]}}
resources:
NeutronMl2Base:
type: ./neutron-plugin-ml2.yaml
properties:
@ -133,23 +133,19 @@ outputs:
neutron::plugins::ml2::max_header_size: {get_param: NeutronGeneveMaxHeaderSize}
neutron::plugins::ml2::ovn::dns_servers: {get_param: OVNDnsServers}
neutron::plugins::ml2::ovn::ovn_emit_need_to_frag: {get_param: OVNEmitNeedToFrag}
neutron::plugins::ml2::ovn::dvr_enabled:
if:
- neutron_dvr_set
- true
- if:
- internal_tls_enabled
-
neutron::plugins::ml2::ovn::ovn_sb_ca_cert: {get_param: InternalTLSCAFile}
- {get_param: EnableInternalTLS}
- neutron::plugins::ml2::ovn::ovn_sb_ca_cert: {get_param: InternalTLSCAFile}
neutron::plugins::ml2::ovn::ovn_sb_certificate: '/etc/pki/tls/certs/ovn_neutron_client.crt'
neutron::plugins::ml2::ovn::ovn_sb_private_key: '/etc/pki/tls/private/ovn_neutron_client.key'
neutron::plugins::ml2::ovn::ovn_nb_ca_cert: {get_param: InternalTLSCAFile}
neutron::plugins::ml2::ovn::ovn_nb_certificate: '/etc/pki/tls/certs/ovn_neutron_client.crt'
neutron::plugins::ml2::ovn::ovn_nb_private_key: '/etc/pki/tls/private/ovn_neutron_client.key'
- {}
-
if:
- neutron_dvr_unset
- neutron::plugins::ml2::ovn::dvr_enabled: true
- neutron::plugins::ml2::ovn::dvr_enabled: {get_param: NeutronEnableDVR}
-
if:
- if:
- vhostuser_dir_set
- map_replace:
- map_replace:
@ -157,8 +153,6 @@ outputs:
- values: {get_param: RoleParameters}
- values:
NeutronVhostuserSocketDir: {get_param: NeutronVhostuserSocketDir}
- {}
step_config: |
include tripleo::profile::base::neutron::plugins::ml2
metadata_settings:

10
deployment/neutron/neutron-plugin-ml2.yaml

@ -119,7 +119,6 @@ conditions:
physical_network_mtus_set: {not: {equals: [{get_param: NeutronML2PhysicalNetworkMtus}, []]}}
resources:
NeutronBase:
type: ./neutron-base.yaml
properties:
@ -152,11 +151,10 @@ outputs:
- ServiceData
- net_ip_version_map
- {get_param: [ServiceNetMap, NeutronTenantNetwork]}
- if:
- physical_network_mtus_set
- neutron::plugins::ml2::physical_network_mtus: {get_param: NeutronML2PhysicalNetworkMtus}
- null
neutron::plugins::ml2::physical_network_mtus:
if:
- physical_network_mtus_set
- {get_param: NeutronML2PhysicalNetworkMtus}
step_config: |
include tripleo::profile::base::neutron::plugins::ml2
service_config_settings:

1
deployment/neutron/neutron-plugin-nuage.yaml

@ -65,7 +65,6 @@ parameters:
default: false
resources:
NeutronBase:
type: ./neutron-base.yaml
properties:

13
deployment/neutron/neutron-sriov-agent-container-puppet.yaml

@ -86,16 +86,14 @@ parameters:
- role_specific
conditions:
derive_pci_whitelist_enabled:
or:
- and:
- equals: [{get_param: DerivePciWhitelistEnabled}, true]
- {get_param: DerivePciWhitelistEnabled}
- equals: [{get_param: [RoleParameters, DerivePciWhitelistEnabled]}, '']
- equals: [{get_param: [RoleParameters, DerivePciWhitelistEnabled]}, true]
- {get_param: [RoleParameters, DerivePciWhitelistEnabled]}
resources:
# Merging role-specific parameters (RoleParameters) with the default parameters.
# RoleParameters will have the precedence over the default parameters.
RoleParametersValue:
@ -180,8 +178,7 @@ outputs:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
- {get_attr: [NeutronLogging, volumes]}
-
- /var/lib/kolla/config_files/neutron_sriov_agent.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/kolla/config_files/neutron_sriov_agent.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/neutron:/var/lib/kolla/config_files/src:ro
- /lib/modules:/lib/modules:ro
- /run:/run
@ -196,8 +193,7 @@ outputs:
name: virt_sandbox_use_netlink
persistent: yes
state: yes
-
if:
- if:
- derive_pci_whitelist_enabled
- - name: "creating directory"
file:
@ -213,7 +209,6 @@ outputs:
mode: 0700
- name: run derive_pci_passthrough_whitelist.py
command: /var/lib/pci_passthrough_whitelist_scripts/derive_pci_passthrough_whitelist.py
- []
metadata_settings:
get_attr: [NeutronBase, role_data, metadata_settings]
upgrade_tasks: []

1
deployment/neutron/neutron-vpp-agent-baremetal-puppet.yaml

@ -36,7 +36,6 @@ parameters:
default: ""
resources:
NeutronBase:
type: ./neutron-base.yaml
properties:

Loading…
Cancel
Save