diff --git a/deployment/neutron/neutron-agents-ib-config-container-puppet.yaml b/deployment/neutron/neutron-agents-ib-config-container-puppet.yaml index 97e729ccf8..ad442ed38b 100644 --- a/deployment/neutron/neutron-agents-ib-config-container-puppet.yaml +++ b/deployment/neutron/neutron-agents-ib-config-container-puppet.yaml @@ -48,7 +48,6 @@ parameters: - role_specific resources: - ContainersCommon: type: ../containers-common.yaml @@ -111,11 +110,9 @@ outputs: volumes: list_concat: - {get_attr: [ContainersCommon, volumes]} - - - - /lib/modules:/lib/modules:ro + - - /lib/modules:/lib/modules:ro - /usr/share/openstack-puppet/modules/:/usr/share/openstack-puppet/modules/:ro - /var/lib/config-data/puppet-generated/neutron/etc/neutron:/etc/neutron - - '' environment: KOLLA_CONFIG_STRATEGY: COPY_ALWAYS TRIPLEO_DEPLOY_IDENTIFIER: {get_param: DeployIdentifier} diff --git a/deployment/neutron/neutron-api-container-puppet.yaml b/deployment/neutron/neutron-api-container-puppet.yaml index 88a47c0676..24be5c445c 100644 --- a/deployment/neutron/neutron-api-container-puppet.yaml +++ b/deployment/neutron/neutron-api-container-puppet.yaml @@ -191,20 +191,24 @@ parameter_groups: - NeutronL3HA conditions: - use_tls_proxy: {equals : [{get_param: EnableInternalTLS}, true]} - neutron_workers_unset: {equals : [{get_param: NeutronWorkers}, '']} - neutron_rpc_workers_unset: {equals : [{get_param: NeutronRpcWorkers}, '']} - neutron_ovs_int_br_unset: {equals : [{get_param: NeutronOvsIntegrationBridge}, '']} - internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} - neutron_dvr_unset: {equals : [{get_param: NeutronEnableDVR}, '']} - is_ovn_in_neutron_mechanism_driver: {contains: ['ovn', {get_param: NeutronMechanismDrivers}]} - az_unset: {equals: [{get_param: NeutronDefaultAvailabilityZones}, '']} - ovn_and_tls: {and: [is_ovn_in_neutron_mechanism_driver, internal_tls_enabled]} - enable_sqlalchemy_collectd: {equals : [{get_param: EnableSQLAlchemyCollectd}, true]} - key_size_override_unset: {equals: [{get_param: NeutronCertificateKeySize}, '']} + neutron_workers_set: + not: {equals : [{get_param: NeutronWorkers}, '']} + neutron_rpc_workers_set: + not: {equals : [{get_param: NeutronRpcWorkers}, '']} + neutron_ovs_int_br_set: + not: {equals : [{get_param: NeutronOvsIntegrationBridge}, '']} + neutron_dvr_set: + not: {equals : [{get_param: NeutronEnableDVR}, '']} + az_set: + not: {equals: [{get_param: NeutronDefaultAvailabilityZones}, '']} + ovn_and_tls: + and: + - contains: ['ovn', {get_param: NeutronMechanismDrivers}] + - {get_param: EnableInternalTLS} + key_size_override_set: + not: {equals: [{get_param: NeutronCertificateKeySize}, '']} resources: - TLSProxyBase: type: OS::TripleO::Services::TLSProxyBase properties: @@ -271,17 +275,14 @@ outputs: path: /ovs_neutron query: if: - - enable_sqlalchemy_collectd - - - read_default_file: /etc/my.cnf.d/tripleo.cnf - read_default_group: tripleo - plugin: collectd - collectd_program_name: ovs_neutron - collectd_host: localhost - - - read_default_file: /etc/my.cnf.d/tripleo.cnf - read_default_group: tripleo - + - {get_param: EnableSQLAlchemyCollectd} + - read_default_file: /etc/my.cnf.d/tripleo.cnf + read_default_group: tripleo + plugin: collectd + collectd_program_name: ovs_neutron + collectd_host: localhost + - read_default_file: /etc/my.cnf.d/tripleo.cnf + read_default_group: tripleo neutron::policy::policies: {get_param: NeutronApiPolicies} neutron::keystone::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] } neutron::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} @@ -335,7 +336,7 @@ outputs: # proxy in front. neutron::bind_host: if: - - use_tls_proxy + - {get_param: EnableInternalTLS} - "%{hiera('localhost_address')}" - str_replace: template: @@ -343,55 +344,40 @@ outputs: params: $NETWORK: {get_param: [ServiceNetMap, NeutronApiNetwork]} tripleo::profile::base::neutron::server::l3_ha_override: {get_param: NeutronL3HA} - - - if: - - neutron_dvr_unset - - {} + - if: + - neutron_dvr_set - neutron::server::router_distributed: {get_param: NeutronEnableDVR} neutron::server::enable_dvr: {get_param: NeutronEnableDVR} - - - if: - - neutron_workers_unset - - {} + - if: + - neutron_workers_set - neutron::server::api_workers: {get_param: NeutronWorkers} - - - if: - - neutron_rpc_workers_unset - - - if: - - neutron_workers_unset - - {} - - neutron::server::rpc_workers: {get_param: NeutronWorkers} + - if: + - neutron_rpc_workers_set - neutron::server::rpc_workers: {get_param: NeutronRpcWorkers} - - - if: - - neutron_ovs_int_br_unset - - {} + - if: + - neutron_workers_set + - neutron::server::rpc_workers: {get_param: NeutronWorkers} + - if: + - neutron_ovs_int_br_set - neutron::server::ovs_integration_bridge: {get_param: NeutronOvsIntegrationBridge} - - - if: - - az_unset - - {} - - - neutron::server::dhcp_load_type: {get_param: NeutronDhcpLoadType} + - if: + - az_set + - neutron::server::dhcp_load_type: {get_param: NeutronDhcpLoadType} neutron::server::network_scheduler_driver: {get_param: NeutronNetworkSchedulerDriver} neutron::server::router_scheduler_driver: {get_param: NeutronRouterSchedulerDriver} neutron::server::default_availability_zones: {get_param: NeutronDefaultAvailabilityZones} - - - if: + - if: - ovn_and_tls - - - tripleo::profile::base::neutron::plugins::ml2::ovn::protocol: 'ssl' + - tripleo::profile::base::neutron::plugins::ml2::ovn::protocol: 'ssl' tripleo::profile::base::neutron::plugins::ml2::ovn::ovn_nb_private_key: '/etc/pki/tls/private/neutron_ovn.key' tripleo::profile::base::neutron::plugins::ml2::ovn::ovn_nb_certificate: '/etc/pki/tls/certs/neutron_ovn.crt' tripleo::profile::base::neutron::plugins::ml2::ovn::ovn_sb_private_key: '/etc/pki/tls/private/neutron_ovn.key' tripleo::profile::base::neutron::plugins::ml2::ovn::ovn_sb_certificate: '/etc/pki/tls/certs/neutron_ovn.crt' tripleo::profile::base::neutron::plugins::ml2::ovn::ovn_nb_ca_cert: {get_param: InternalTLSCAFile} tripleo::profile::base::neutron::plugins::ml2::ovn::ovn_sb_ca_cert: {get_param: InternalTLSCAFile} - - {} service_config_settings: rsyslog: tripleo_logging_sources_neutron_api: @@ -499,21 +485,18 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - {get_attr: [NeutronLogging, volumes]} - {get_param: NeutronApiOptVolumes} - - - - /var/lib/kolla/config_files/neutron_api.json:/var/lib/kolla/config_files/config.json:ro + - - /var/lib/kolla/config_files/neutron_api.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/neutron:/var/lib/kolla/config_files/src:ro - if: - ovn_and_tls - - - - /etc/pki/tls/certs/neutron_ovn.crt:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/neutron_ovn.crt:ro + - - /etc/pki/tls/certs/neutron_ovn.crt:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/neutron_ovn.crt:ro - /etc/pki/tls/private/neutron_ovn.key:/var/lib/kolla/config_files/src-tls/etc/pki/tls/private/neutron_ovn.key:ro - - null environment: map_merge: - {get_param: NeutronApiOptEnvVars} - KOLLA_CONFIG_STRATEGY: COPY_ALWAYS - if: - - internal_tls_enabled + - {get_param: EnableInternalTLS} - neutron_server_tls_proxy: image: *neutron_api_image net: host @@ -523,14 +506,12 @@ outputs: list_concat: - {get_attr: [ContainersCommon, volumes]} - {get_attr: [NeutronLogging, volumes]} - - - - /var/lib/kolla/config_files/neutron_server_tls_proxy.json:/var/lib/kolla/config_files/config.json:ro + - - /var/lib/kolla/config_files/neutron_server_tls_proxy.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/neutron:/var/lib/kolla/config_files/src:ro - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro environment: KOLLA_CONFIG_STRATEGY: COPY_ALWAYS - - {} host_prep_tasks: {get_attr: [NeutronLogging, host_prep_tasks]} metadata_settings: list_concat: @@ -540,12 +521,10 @@ outputs: - - service: neutron_ovn network: {get_param: [ServiceNetMap, NeutronApiNetwork]} type: node - - null deploy_steps_tasks: if: - ovn_and_tls - - - - name: Certificate generation + - - name: Certificate generation when: step|int == 1 block: - include_role: @@ -565,11 +544,10 @@ outputs: $NETWORK: {get_param: [ServiceNetMap, NeutronApiNetwork]} key_size: if: - - key_size_override_unset - - {get_param: CertificateKeySize} + - key_size_override_set - {get_param: NeutronCertificateKeySize} + - {get_param: CertificateKeySize} ca: ipa - - null external_upgrade_tasks: - when: - step|int == 1 diff --git a/deployment/neutron/neutron-base.yaml b/deployment/neutron/neutron-base.yaml index 5f55606bb3..2f74ce5180 100644 --- a/deployment/neutron/neutron-base.yaml +++ b/deployment/neutron/neutron-base.yaml @@ -108,8 +108,10 @@ parameters: type: boolean conditions: - dhcp_agents_zero: {equals : [{get_param: NeutronDhcpAgentsPerNetwork}, 0]} - global_physnet_mtu_unset: {equals: [{get_param: NeutronGlobalPhysnetMtu}, 0]} + dhcp_agents_set: + not: {equals : [{get_param: NeutronDhcpAgentsPerNetwork}, 0]} + global_physnet_mtu_set: + not: {equals: [{get_param: NeutronGlobalPhysnetMtu}, 0]} outputs: role_data: @@ -137,12 +139,11 @@ outputs: neutron::db::sync::db_sync_timeout: {get_param: DatabaseSyncTimeout} neutron::global_physnet_mtu: if: - - global_physnet_mtu_unset - - {get_param: TenantNetPhysnetMtu} + - global_physnet_mtu_set - {get_param: NeutronGlobalPhysnetMtu} + - {get_param: TenantNetPhysnetMtu} neutron::db::sync::extra_params: {get_param: NeutronDBSyncExtraParams} neutron::vlan_transparent: {get_param: EnableVLANTransparency} - if: - - dhcp_agents_zero - - {} + - dhcp_agents_set - tripleo::profile::base::neutron::dhcp_agents_per_network: {get_param: NeutronDhcpAgentsPerNetwork} diff --git a/deployment/neutron/neutron-bgpvpn-api-container-puppet.yaml b/deployment/neutron/neutron-bgpvpn-api-container-puppet.yaml index eea36aad52..29f69a9c5b 100644 --- a/deployment/neutron/neutron-bgpvpn-api-container-puppet.yaml +++ b/deployment/neutron/neutron-bgpvpn-api-container-puppet.yaml @@ -36,7 +36,6 @@ parameters: type: string resources: - ContainersCommon: type: ../containers-common.yaml diff --git a/deployment/neutron/neutron-bigswitch-agent-baremetal-puppet.yaml b/deployment/neutron/neutron-bigswitch-agent-baremetal-puppet.yaml index cec501a424..0210b21abb 100644 --- a/deployment/neutron/neutron-bigswitch-agent-baremetal-puppet.yaml +++ b/deployment/neutron/neutron-bigswitch-agent-baremetal-puppet.yaml @@ -28,7 +28,6 @@ parameters: via parameter_defaults in the resource registry. type: json - outputs: role_data: description: Configure the bigswitch agent services diff --git a/deployment/neutron/neutron-controller-plugin-nuage.yaml b/deployment/neutron/neutron-controller-plugin-nuage.yaml index b118414cc9..0f08fd7ff4 100644 --- a/deployment/neutron/neutron-controller-plugin-nuage.yaml +++ b/deployment/neutron/neutron-controller-plugin-nuage.yaml @@ -50,20 +50,16 @@ parameters: type: boolean default: false -conditions: - apply_vxlan_iptables_rule: {equals : [{get_param: ControllerVxlanIPtableRule}, true]} - outputs: role_data: description: Role data for the Neutron Controller Nuage plugin value: firewall_rules: - if: - - apply_vxlan_iptables_rule + - {get_param: ControllerVxlanIPtableRule} - '118 neutron vxlan networks': proto: 'udp' dport: 4789 - - {} service_name: neutron_controller_plugin_nuage config_settings: map_merge: diff --git a/deployment/neutron/neutron-dhcp-container-puppet.yaml b/deployment/neutron/neutron-dhcp-container-puppet.yaml index 3b75566c7d..4e1cd77569 100644 --- a/deployment/neutron/neutron-dhcp-container-puppet.yaml +++ b/deployment/neutron/neutron-dhcp-container-puppet.yaml @@ -154,17 +154,14 @@ parameters: certificate for this service conditions: - - internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} - dnsmasq_wrapper_enabled: {equals: [{get_param: NeutronEnableDnsmasqDockerWrapper}, true]} - haproxy_wrapper_enabled: {equals: [{get_param: NeutronEnableHaproxyDockerWrapper}, true]} - docker_enabled: {equals: [{get_param: ContainerCli}, 'docker']} - dhcp_ovs_intergation_bridge_unset: {equals: [{get_param: NeutronDhcpOvsIntegrationBridge}, '']} - az_unset: {equals: [{get_param: NeutronDhcpAgentAvailabilityZone}, '']} - key_size_override_unset: {equals: [{get_param: NeutronDhcpCertificateKeySize}, '']} + dhcp_ovs_intergation_bridge_set: + not: {equals: [{get_param: NeutronDhcpOvsIntegrationBridge}, '']} + az_set: + not: {equals: [{get_param: NeutronDhcpAgentAvailabilityZone}, '']} + key_size_override_set: + not: {equals: [{get_param: NeutronDhcpCertificateKeySize}, '']} resources: - ContainersCommon: type: ../containers-common.yaml @@ -242,18 +239,15 @@ outputs: - true - {get_param: Debug} - if: - - internal_tls_enabled + - {get_param: EnableInternalTLS} - neutron::agents::dhcp::ovsdb_agent_ssl_key_file: '/etc/pki/tls/private/neutron.key' neutron::agents::dhcp::ovsdb_agent_ssl_cert_file: '/etc/pki/tls/certs/neutron.crt' neutron::agents::dhcp::ovsdb_agent_ssl_ca_file: {get_param: InternalTLSCAFile} - - {} - if: - - dhcp_ovs_intergation_bridge_unset - - {} + - dhcp_ovs_intergation_bridge_set - neutron::agents::dhcp::ovs_integration_bridge: {get_param: NeutronDhcpOvsIntegrationBridge} - if: - - az_unset - - {} + - az_set - neutron::agents::dhcp::availability_zone: {get_param: NeutronDhcpAgentAvailabilityZone} service_config_settings: map_merge: @@ -336,45 +330,31 @@ outputs: list_concat: - {get_attr: [ContainersCommon, volumes]} - {get_attr: [NeutronLogging, volumes]} - - - - /var/lib/kolla/config_files/neutron_dhcp.json:/var/lib/kolla/config_files/config.json:ro + - - /var/lib/kolla/config_files/neutron_dhcp.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/neutron:/var/lib/kolla/config_files/src:ro - /lib/modules:/lib/modules:ro - /run/openvswitch:/run/openvswitch:shared,z - /var/lib/neutron:/var/lib/neutron:shared,z - /run/netns:/run/netns:shared - /var/lib/neutron/kill_scripts:/etc/neutron/kill_scripts:shared,z - - - if: - - docker_enabled - - - /var/lib/openstack:/var/lib/openstack - - null - - - if: - - dnsmasq_wrapper_enabled + - if: + - {get_param: NeutronEnableDnsmasqDockerWrapper} - - /var/lib/neutron/dnsmasq_wrapper:/usr/local/bin/dnsmasq:ro - - null - - - if: - - haproxy_wrapper_enabled + - if: + - {get_param: NeutronEnableHaproxyDockerWrapper} - - /var/lib/neutron/dhcp_haproxy_wrapper:/usr/local/bin/haproxy:ro - - null - - - if: - - internal_tls_enabled + - if: + - {get_param: EnableInternalTLS} - - /etc/pki/tls/certs/neutron.crt:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/neutron.crt:ro - /etc/pki/tls/private/neutron.key:/var/lib/kolla/config_files/src-tls/etc/pki/tls/private/neutron.key:ro - - null environment: KOLLA_CONFIG_STRATEGY: COPY_ALWAYS metadata_settings: if: - - internal_tls_enabled - - - - service: neutron + - {get_param: EnableInternalTLS} + - - service: neutron network: {get_param: [ServiceNetMap, NeutronApiNetwork]} type: node - - null deploy_steps_tasks: - name: Certificate generation when: @@ -411,9 +391,9 @@ outputs: # No need to trigger a reload for neutron dhcpd since the cert is not cached key_size: if: - - key_size_override_unset - - {get_param: CertificateKeySize} + - key_size_override_set - {get_param: NeutronDhcpCertificateKeySize} + - {get_param: CertificateKeySize} ca: ipa host_prep_tasks: list_concat: diff --git a/deployment/neutron/neutron-l2gw-agent-baremetal-puppet.yaml b/deployment/neutron/neutron-l2gw-agent-baremetal-puppet.yaml index e6c65d0966..b144df7653 100644 --- a/deployment/neutron/neutron-l2gw-agent-baremetal-puppet.yaml +++ b/deployment/neutron/neutron-l2gw-agent-baremetal-puppet.yaml @@ -68,21 +68,17 @@ parameters: tag: openstack.neutron.agent.l2gw file: /var/log/neutron/l2gw-agent.log -conditions: - internal_manager_enabled: {equals: [{get_param: L2gwAgentEnableManager}, True]} - outputs: role_data: description: Role data for the L2 Gateway role. value: service_name: neutron_l2gw_agent if: - - internal_manager_enabled + - {get_param: L2gwAgentEnableManager} - firewall_rules: '142 neutron l2gw agent input': proto: 'tcp' dport: {get_param: L2gwAgentManagerTableListeningPort} - - null monitoring_subscription: {get_param: MonitoringSubscriptionNeutronL2gwAgent} config_settings: neutron::agents::l2gw::ovsdb_hosts: {get_param: L2gwAgentOvsdbHosts} diff --git a/deployment/neutron/neutron-l2gw-api-container-puppet.yaml b/deployment/neutron/neutron-l2gw-api-container-puppet.yaml index 47381eadc3..b6884a673a 100644 --- a/deployment/neutron/neutron-l2gw-api-container-puppet.yaml +++ b/deployment/neutron/neutron-l2gw-api-container-puppet.yaml @@ -51,11 +51,6 @@ parameters: description: Backend to use as a service provider for L2 Gateway type: comma_delimited_list -resources: - - ContainersCommon: - type: ../containers-common.yaml - outputs: role_data: description: Role data for the L2 Gateway role. diff --git a/deployment/neutron/neutron-l3-container-puppet.yaml b/deployment/neutron/neutron-l3-container-puppet.yaml index b805d99dd2..f3ba8003c8 100644 --- a/deployment/neutron/neutron-l3-container-puppet.yaml +++ b/deployment/neutron/neutron-l3-container-puppet.yaml @@ -126,16 +126,12 @@ parameters: type: string conditions: - keepalived_wrapper_enabled: {equals: [{get_param: NeutronEnableKeepalivedWrapper}, true]} - haproxy_wrapper_enabled: {equals: [{get_param: NeutronEnableHaproxyDockerWrapper}, true]} - dibbler_wrapper_enabled: {equals: [{get_param: NeutronEnableDibblerDockerWrapper}, true]} - radvd_wrapper_enabled: {equals: [{get_param: NeutronEnableRadvdDockerWrapper}, true]} - docker_enabled: {equals: [{get_param: ContainerCli}, 'docker']} - az_unset: {equals: [{get_param: NeutronL3AgentAvailabilityZone}, '']} - l3_agent_extensions_empty: {equals : [{get_param: NeutronL3AgentExtensions}, "''"]} + az_set: + not: {equals: [{get_param: NeutronL3AgentAvailabilityZone}, '']} + l3_agent_extensions_set: + not: {equals : [{get_param: NeutronL3AgentExtensions}, "''"]} resources: - ContainersCommon: type: ../containers-common.yaml @@ -207,12 +203,10 @@ outputs: - true - {get_param: Debug} - if: - - az_unset - - {} + - az_set - neutron::agents::l3::availability_zone: {get_param: NeutronL3AgentAvailabilityZone} - if: - - l3_agent_extensions_empty - - {} + - l3_agent_extensions_set - neutron::agents::l3::extensions: {get_param: NeutronL3AgentExtensions} - neutron::agents::l3::radvd_user: {get_param: NeutronL3AgentRadvdUser} service_config_settings: @@ -257,8 +251,7 @@ outputs: user: root command: # '/container_puppet_apply.sh "STEP" "TAGS" "CONFIG" "DEBUG"' list_concat: - - - - '/container_puppet_apply.sh' + - - '/container_puppet_apply.sh' - '4' - 'file' - 'include ::tripleo::profile::base::neutron::l3_agent_wrappers' @@ -266,8 +259,7 @@ outputs: volumes: list_concat: - {get_attr: [ContainersCommon, container_puppet_apply_volumes]} - - - - /run/openvswitch:/run/openvswitch:shared,z + - - /run/openvswitch:/run/openvswitch:shared,z - /var/lib/neutron:/var/lib/neutron:shared,z step_4: neutron_l3_agent: @@ -285,39 +277,25 @@ outputs: list_concat: - {get_attr: [ContainersCommon, volumes]} - {get_attr: [NeutronLogging, volumes]} - - - - /var/lib/kolla/config_files/neutron_l3_agent.json:/var/lib/kolla/config_files/config.json:ro + - - /var/lib/kolla/config_files/neutron_l3_agent.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/neutron:/var/lib/kolla/config_files/src:ro - /lib/modules:/lib/modules:ro - /run/openvswitch:/run/openvswitch:shared,z - /var/lib/neutron:/var/lib/neutron:shared,z - /run/netns:/run/netns:shared - /var/lib/neutron/kill_scripts:/etc/neutron/kill_scripts:shared,z - - - if: - - docker_enabled - - - /var/lib/openstack:/var/lib/openstack - - null - - - if: - - keepalived_wrapper_enabled + - if: + - {get_param: NeutronEnableKeepalivedWrapper} - - /var/lib/neutron/keepalived_wrapper:/usr/local/bin/keepalived:ro - - null - - - if: - - haproxy_wrapper_enabled + - if: + - {get_param: NeutronEnableHaproxyDockerWrapper} - - /var/lib/neutron/l3_haproxy_wrapper:/usr/local/bin/haproxy:ro - - null - - - if: - - radvd_wrapper_enabled + - if: + - {get_param: NeutronEnableRadvdDockerWrapper} - - /var/lib/neutron/radvd_wrapper:/usr/local/bin/radvd:ro - - null - - - if: - - dibbler_wrapper_enabled + - if: + - {get_param: NeutronEnableDibblerDockerWrapper} - - /var/lib/neutron/dibbler_wrapper:/usr/local/bin/dibbler_client:ro - - null environment: KOLLA_CONFIG_STRATEGY: COPY_ALWAYS metadata_settings: diff --git a/deployment/neutron/neutron-linuxbridge-agent-baremetal-puppet.yaml b/deployment/neutron/neutron-linuxbridge-agent-baremetal-puppet.yaml index f109bf6c1d..7a63a1e088 100644 --- a/deployment/neutron/neutron-linuxbridge-agent-baremetal-puppet.yaml +++ b/deployment/neutron/neutron-linuxbridge-agent-baremetal-puppet.yaml @@ -50,10 +50,10 @@ parameters: type: comma_delimited_list conditions: - no_firewall_driver: {equals : [{get_param: NeutronLinuxbridgeFirewallDriver}, '']} + firewall_driver_set: + not: {equals : [{get_param: NeutronLinuxbridgeFirewallDriver}, '']} resources: - NeutronBase: type: ./neutron-base.yaml properties: @@ -80,10 +80,8 @@ outputs: $NETWORK: {get_param: [ServiceNetMap, NeutronTenantNetwork]} neutron::agents::dhcp::interface_driver: 'neutron.agent.linux.interface.BridgeInterfaceDriver' neutron::agents::dhcp::dhcp_driver: 'neutron.agent.linux.dhcp.Dnsmasq' - - - if: - - no_firewall_driver - - {} + - if: + - firewall_driver_set - neutron::agents::ml2::linuxbridge::firewall_driver: {get_param: NeutronLinuxbridgeFirewallDriver} step_config: | include tripleo::profile::base::neutron::linuxbridge diff --git a/deployment/neutron/neutron-metadata-container-puppet.yaml b/deployment/neutron/neutron-metadata-container-puppet.yaml index 1fef6b27a4..5d89131116 100644 --- a/deployment/neutron/neutron-metadata-container-puppet.yaml +++ b/deployment/neutron/neutron-metadata-container-puppet.yaml @@ -73,12 +73,12 @@ parameters: default: false conditions: - neutron_workers_unset: {equals : [{get_param: NeutronWorkers}, '']} - internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} - is_neutron_shared_metadata_notempty: {not: {equals: [{get_param: NeutronMetadataProxySharedSecret}, '']}} + neutron_workers_set: + not: {equals : [{get_param: NeutronWorkers}, '']} + neutron_shared_metadata_set: + not: {equals: [{get_param: NeutronMetadataProxySharedSecret}, '']} resources: - ContainersCommon: type: ../containers-common.yaml @@ -122,19 +122,17 @@ outputs: $NETWORK: {get_param: [ServiceNetMap, NovaMetadataNetwork]} neutron::agents::metadata::metadata_protocol: if: - - internal_tls_enabled + - {get_param: EnableInternalTLS} - 'https' - 'http' - - - if: - - neutron_workers_unset - - {} - - neutron::agents::metadata::metadata_workers: {get_param: NeutronWorkers} - - - if: - - is_neutron_shared_metadata_notempty - - neutron::agents::metadata::shared_secret: {get_param: NeutronMetadataProxySharedSecret} - - {} + neutron::agents::metadata::metadata_workers: + if: + - neutron_workers_set + - {get_param: NeutronWorkers} + neutron::agents::metadata::shared_secret: + if: + - neutron_shared_metadata_set + - {get_param: NeutronMetadataProxySharedSecret} service_config_settings: map_merge: - get_attr: [NeutronBase, role_data, service_config_settings] @@ -180,8 +178,7 @@ outputs: list_concat: - {get_attr: [ContainersCommon, volumes]} - {get_attr: [NeutronLogging, volumes]} - - - - /var/lib/kolla/config_files/neutron_metadata_agent.json:/var/lib/kolla/config_files/config.json:ro + - - /var/lib/kolla/config_files/neutron_metadata_agent.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/neutron:/var/lib/kolla/config_files/src:ro - /lib/modules:/lib/modules:ro - /var/lib/neutron:/var/lib/neutron:shared,z diff --git a/deployment/neutron/neutron-mlnx-agent-container-puppet.yaml b/deployment/neutron/neutron-mlnx-agent-container-puppet.yaml index 4022b603d6..4edad08ddb 100644 --- a/deployment/neutron/neutron-mlnx-agent-container-puppet.yaml +++ b/deployment/neutron/neutron-mlnx-agent-container-puppet.yaml @@ -59,7 +59,6 @@ parameters: - role_specific resources: - # Merging role-specific parameters (RoleParameters) with the default parameters. # RoleParameters will have the precedence over the default parameters. RoleParametersValue: @@ -166,13 +165,11 @@ outputs: volumes: list_concat: - {get_attr: [ContainersCommon, volumes]} - - - - /var/lib/kolla/config_files/neutron_mlnx_agent.json:/var/lib/kolla/config_files/config.json:ro + - - /var/lib/kolla/config_files/neutron_mlnx_agent.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/neutron:/var/lib/kolla/config_files/src:ro - /lib/modules:/lib/modules:ro - /usr/share/openstack-puppet/modules/:/usr/share/openstack-puppet/modules/:ro - /var/lib/config-data/puppet-generated/neutron/etc/neutron:/etc/neutron - - '' environment: KOLLA_CONFIG_STRATEGY: COPY_ALWAYS TRIPLEO_DEPLOY_IDENTIFIER: {get_param: DeployIdentifier} @@ -189,8 +186,7 @@ outputs: list_concat: - {get_attr: [ContainersCommon, volumes]} - {get_attr: [MlnxAgentLogging, volumes]} - - - - /var/lib/kolla/config_files/neutron_mlnx_agent.json:/var/lib/kolla/config_files/config.json:ro + - - /var/lib/kolla/config_files/neutron_mlnx_agent.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/neutron:/var/lib/kolla/config_files/src:ro - /lib/modules:/lib/modules:ro - /run:/run @@ -209,8 +205,7 @@ outputs: list_concat: - {get_attr: [ContainersCommon, volumes]} - {get_attr: [EswitchdLogging, volumes]} - - - - /var/lib/kolla/config_files/eswitchd.json:/var/lib/kolla/config_files/config.json:ro + - - /var/lib/kolla/config_files/eswitchd.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/neutron:/var/lib/kolla/config_files/src:ro - /lib/modules:/lib/modules:ro - /run:/run diff --git a/deployment/neutron/neutron-ovn-dpdk-config-container-puppet.yaml b/deployment/neutron/neutron-ovn-dpdk-config-container-puppet.yaml index 3f8f4a92b9..ecaeb1d2e9 100644 --- a/deployment/neutron/neutron-ovn-dpdk-config-container-puppet.yaml +++ b/deployment/neutron/neutron-ovn-dpdk-config-container-puppet.yaml @@ -47,7 +47,6 @@ parameters: - role_specific resources: - OpenvswitchDpdk: type: ./../openvswitch/openvswitch-dpdk-baremetal-ansible.yaml properties: diff --git a/deployment/neutron/neutron-ovs-agent-container-puppet.yaml b/deployment/neutron/neutron-ovs-agent-container-puppet.yaml index 0b92ebeeaf..82c915cd95 100644 --- a/deployment/neutron/neutron-ovs-agent-container-puppet.yaml +++ b/deployment/neutron/neutron-ovs-agent-container-puppet.yaml @@ -142,13 +142,14 @@ parameters: default: false conditions: - no_firewall_driver: {equals : [{get_param: NeutronOVSFirewallDriver}, '']} - docker_puppet_mount_host: {equals: [{get_param: DockerPuppetMountHostPuppet}, true]} - neutron_dvr_unset: {equals : [{get_param: NeutronEnableDVR}, '']} - ethertypes_unset: {equals : [{get_param: NeutronPermittedEthertypes}, []]} + firewall_driver_set: + not: {equals : [{get_param: NeutronOVSFirewallDriver}, '']} + neutron_dvr_set: + not: {equals : [{get_param: NeutronEnableDVR}, '']} + ethertypes_set: + not: {equals : [{get_param: NeutronPermittedEthertypes}, []]} resources: - ContainersCommon: type: ../containers-common.yaml @@ -221,21 +222,18 @@ outputs: "%{hiera('$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, NeutronTenantNetwork]} - - - if: - - neutron_dvr_unset - - {} - - neutron::agents::ml2::ovs::enable_distributed_routing: {get_param: NeutronEnableDVR} - - - if: - - no_firewall_driver - - {} - - neutron::agents::ml2::ovs::firewall_driver: {get_param: NeutronOVSFirewallDriver} - - - if: - - ethertypes_unset - - {} - - neutron::agents::ml2::ovs::permitted_ethertypes: {get_param: NeutronPermittedEthertypes} + neutron::agents::ml2::ovs::enable_distributed_routing: + if: + - neutron_dvr_set + - {get_param: NeutronEnableDVR} + neutron::agents::ml2::ovs::firewall_driver: + if: + - firewall_driver_set + - {get_param: NeutronOVSFirewallDriver} + neutron::agents::ml2::ovs::permitted_ethertypes: + if: + - ethertypes_set + - {get_param: NeutronPermittedEthertypes} service_config_settings: map_merge: @@ -322,16 +320,13 @@ outputs: volumes: list_concat: - {get_attr: [ContainersCommon, volumes]} - - - - /var/lib/kolla/config_files/neutron_ovs_agent.json:/var/lib/kolla/config_files/config.json:ro + - - /var/lib/kolla/config_files/neutron_ovs_agent.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/neutron:/var/lib/kolla/config_files/src:ro - /lib/modules:/lib/modules:ro - /run/openvswitch:/run/openvswitch:shared,z - - - if: - - docker_puppet_mount_host + - if: + - {get_param: DockerPuppetMountHostPuppet} - /usr/share/openstack-puppet/modules/:/usr/share/openstack-puppet/modules/:ro - - '' environment: KOLLA_CONFIG_STRATEGY: COPY_ALWAYS TRIPLEO_DEPLOY_IDENTIFIER: {get_param: DeployIdentifier} @@ -352,8 +347,7 @@ outputs: list_concat: - {get_attr: [ContainersCommon, volumes]} - {get_attr: [NeutronLogging, volumes]} - - - - /var/lib/kolla/config_files/neutron_ovs_agent.json:/var/lib/kolla/config_files/config.json:ro + - - /var/lib/kolla/config_files/neutron_ovs_agent.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/neutron:/var/lib/kolla/config_files/src:ro - /var/lib/container-config-scripts/neutron_ovs_agent_launcher.sh:/neutron_ovs_agent_launcher.sh:ro - /lib/modules:/lib/modules:ro @@ -365,8 +359,7 @@ outputs: host_prep_tasks: list_concat: - {get_attr: [NeutronLogging, host_prep_tasks]} - - - - block: + - - block: - name: load openvswitch module import_role: name: tripleo_module_load diff --git a/deployment/neutron/neutron-ovs-dpdk-agent-container-puppet.yaml b/deployment/neutron/neutron-ovs-dpdk-agent-container-puppet.yaml index 21fc289ea3..3470b7bf76 100644 --- a/deployment/neutron/neutron-ovs-dpdk-agent-container-puppet.yaml +++ b/deployment/neutron/neutron-ovs-dpdk-agent-container-puppet.yaml @@ -65,7 +65,6 @@ parameters: - role_specific resources: - NeutronOvsAgent: type: ./neutron-ovs-agent-container-puppet.yaml properties: @@ -155,8 +154,7 @@ outputs: upgrade_tasks: list_concat: - get_attr: [NeutronOvsAgent, role_data, upgrade_tasks] - - - - name: upgrade prepare for leapp to vfio-pci.conf + - - name: upgrade prepare for leapp to vfio-pci.conf tags: - never - system_upgrade diff --git a/deployment/neutron/neutron-plugin-ml2-ansible-container-puppet.yaml b/deployment/neutron/neutron-plugin-ml2-ansible-container-puppet.yaml index 6cc81f9ddc..c49db8ebb5 100644 --- a/deployment/neutron/neutron-plugin-ml2-ansible-container-puppet.yaml +++ b/deployment/neutron/neutron-plugin-ml2-ansible-container-puppet.yaml @@ -40,7 +40,6 @@ parameters: hidden: true resources: - NeutronMl2Base: type: OS::TripleO::Services::NeutronMl2PluginBase properties: diff --git a/deployment/neutron/neutron-plugin-ml2-cisco-vts-container-puppet.yaml b/deployment/neutron/neutron-plugin-ml2-cisco-vts-container-puppet.yaml index 28f1d58780..2f5a397b3d 100644 --- a/deployment/neutron/neutron-plugin-ml2-cisco-vts-container-puppet.yaml +++ b/deployment/neutron/neutron-plugin-ml2-cisco-vts-container-puppet.yaml @@ -58,7 +58,6 @@ parameters: default: 120 resources: - NeutronMl2Base: type: ./neutron-plugin-ml2.yaml properties: diff --git a/deployment/neutron/neutron-plugin-ml2-container-puppet.yaml b/deployment/neutron/neutron-plugin-ml2-container-puppet.yaml index 819b2bece3..d1d08a6d78 100644 --- a/deployment/neutron/neutron-plugin-ml2-container-puppet.yaml +++ b/deployment/neutron/neutron-plugin-ml2-container-puppet.yaml @@ -36,7 +36,6 @@ parameters: type: string resources: - NeutronBase: type: OS::TripleO::Services::NeutronMl2PluginBase properties: diff --git a/deployment/neutron/neutron-plugin-ml2-mlnx-sdn-assist-container-puppet.yaml b/deployment/neutron/neutron-plugin-ml2-mlnx-sdn-assist-container-puppet.yaml index 66a4d3c391..5a1326c9d7 100644 --- a/deployment/neutron/neutron-plugin-ml2-mlnx-sdn-assist-container-puppet.yaml +++ b/deployment/neutron/neutron-plugin-ml2-mlnx-sdn-assist-container-puppet.yaml @@ -55,12 +55,7 @@ parameters: type: string default: 'datacentre' -conditions: - - multi_interface_enabled: {equals: [{get_param: MultiInterfaceEnabled}, true]} - resources: - NeutronMl2Base: type: ./neutron-plugin-ml2.yaml properties: @@ -83,12 +78,10 @@ outputs: neutron::plugins::ml2::mellanox::mlnx_sdn_assist::sdn_url: {get_param: MlnxSDNUrl} neutron::plugins::ml2::mellanox::mlnx_sdn_assist::sdn_domain: {get_param: MlnxSDNDomain} neutron::plugins::ml2::mellanox::mlnx_sdn_assist::sync_enabled: {get_param: MlnxSDNSyncEnabled} - - - if: - - multi_interface_enabled + - if: + - {get_param: MultiInterfaceEnabled} - neutron::plugins::ml2::mellanox::mlnx_sdn_assist::bind_normal_ports: {get_param: MultiInterfaceEnabled} neutron::plugins::ml2::mellanox::mlnx_sdn_assist::bind_normal_ports_physnets: {get_param: BindNormalPortsPhysnet} - - {} service_config_settings: {} # BEGIN DOCKER SETTINGS puppet_config: diff --git a/deployment/neutron/neutron-plugin-ml2-nuage.yaml b/deployment/neutron/neutron-plugin-ml2-nuage.yaml index 2254d5a712..e057200d4a 100644 --- a/deployment/neutron/neutron-plugin-ml2-nuage.yaml +++ b/deployment/neutron/neutron-plugin-ml2-nuage.yaml @@ -80,7 +80,6 @@ parameters: default: false resources: - NeutronMl2Base: type: ./neutron-plugin-ml2.yaml properties: diff --git a/deployment/neutron/neutron-plugin-ml2-ovn.yaml b/deployment/neutron/neutron-plugin-ml2-ovn.yaml index bcc4b89b38..d1c1d65e19 100644 --- a/deployment/neutron/neutron-plugin-ml2-ovn.yaml +++ b/deployment/neutron/neutron-plugin-ml2-ovn.yaml @@ -97,7 +97,8 @@ parameters: br-int | grep "Check pkt length action"'. conditions: - neutron_dvr_unset: {equals : [{get_param: NeutronEnableDVR}, '']} + neutron_dvr_set: + not: {equals : [{get_param: NeutronEnableDVR}, '']} internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} vhostuser_dir_set: or: @@ -105,7 +106,6 @@ conditions: - {not: {equals: [{get_param: [RoleParameters, NeutronVhostuserSocketDir]}, ""]}} resources: - NeutronMl2Base: type: ./neutron-plugin-ml2.yaml properties: @@ -133,23 +133,19 @@ outputs: neutron::plugins::ml2::max_header_size: {get_param: NeutronGeneveMaxHeaderSize} neutron::plugins::ml2::ovn::dns_servers: {get_param: OVNDnsServers} neutron::plugins::ml2::ovn::ovn_emit_need_to_frag: {get_param: OVNEmitNeedToFrag} + neutron::plugins::ml2::ovn::dvr_enabled: + if: + - neutron_dvr_set + - true - if: - - internal_tls_enabled - - - neutron::plugins::ml2::ovn::ovn_sb_ca_cert: {get_param: InternalTLSCAFile} + - {get_param: EnableInternalTLS} + - neutron::plugins::ml2::ovn::ovn_sb_ca_cert: {get_param: InternalTLSCAFile} neutron::plugins::ml2::ovn::ovn_sb_certificate: '/etc/pki/tls/certs/ovn_neutron_client.crt' neutron::plugins::ml2::ovn::ovn_sb_private_key: '/etc/pki/tls/private/ovn_neutron_client.key' neutron::plugins::ml2::ovn::ovn_nb_ca_cert: {get_param: InternalTLSCAFile} neutron::plugins::ml2::ovn::ovn_nb_certificate: '/etc/pki/tls/certs/ovn_neutron_client.crt' neutron::plugins::ml2::ovn::ovn_nb_private_key: '/etc/pki/tls/private/ovn_neutron_client.key' - - {} - - - if: - - neutron_dvr_unset - - neutron::plugins::ml2::ovn::dvr_enabled: true - - neutron::plugins::ml2::ovn::dvr_enabled: {get_param: NeutronEnableDVR} - - - if: + - if: - vhostuser_dir_set - map_replace: - map_replace: @@ -157,8 +153,6 @@ outputs: - values: {get_param: RoleParameters} - values: NeutronVhostuserSocketDir: {get_param: NeutronVhostuserSocketDir} - - {} - step_config: | include tripleo::profile::base::neutron::plugins::ml2 metadata_settings: diff --git a/deployment/neutron/neutron-plugin-ml2.yaml b/deployment/neutron/neutron-plugin-ml2.yaml index bb435c4ccb..786c37bf97 100644 --- a/deployment/neutron/neutron-plugin-ml2.yaml +++ b/deployment/neutron/neutron-plugin-ml2.yaml @@ -119,7 +119,6 @@ conditions: physical_network_mtus_set: {not: {equals: [{get_param: NeutronML2PhysicalNetworkMtus}, []]}} resources: - NeutronBase: type: ./neutron-base.yaml properties: @@ -152,11 +151,10 @@ outputs: - ServiceData - net_ip_version_map - {get_param: [ServiceNetMap, NeutronTenantNetwork]} - - if: - - physical_network_mtus_set - - neutron::plugins::ml2::physical_network_mtus: {get_param: NeutronML2PhysicalNetworkMtus} - - null - + neutron::plugins::ml2::physical_network_mtus: + if: + - physical_network_mtus_set + - {get_param: NeutronML2PhysicalNetworkMtus} step_config: | include tripleo::profile::base::neutron::plugins::ml2 service_config_settings: diff --git a/deployment/neutron/neutron-plugin-nuage.yaml b/deployment/neutron/neutron-plugin-nuage.yaml index 255c054bdf..ea08620926 100644 --- a/deployment/neutron/neutron-plugin-nuage.yaml +++ b/deployment/neutron/neutron-plugin-nuage.yaml @@ -65,7 +65,6 @@ parameters: default: false resources: - NeutronBase: type: ./neutron-base.yaml properties: diff --git a/deployment/neutron/neutron-sriov-agent-container-puppet.yaml b/deployment/neutron/neutron-sriov-agent-container-puppet.yaml index fae29fe59b..65be17d45b 100644 --- a/deployment/neutron/neutron-sriov-agent-container-puppet.yaml +++ b/deployment/neutron/neutron-sriov-agent-container-puppet.yaml @@ -86,16 +86,14 @@ parameters: - role_specific conditions: - derive_pci_whitelist_enabled: or: - and: - - equals: [{get_param: DerivePciWhitelistEnabled}, true] + - {get_param: DerivePciWhitelistEnabled} - equals: [{get_param: [RoleParameters, DerivePciWhitelistEnabled]}, ''] - - equals: [{get_param: [RoleParameters, DerivePciWhitelistEnabled]}, true] + - {get_param: [RoleParameters, DerivePciWhitelistEnabled]} resources: - # Merging role-specific parameters (RoleParameters) with the default parameters. # RoleParameters will have the precedence over the default parameters. RoleParametersValue: @@ -180,8 +178,7 @@ outputs: list_concat: - {get_attr: [ContainersCommon, volumes]} - {get_attr: [NeutronLogging, volumes]} - - - - /var/lib/kolla/config_files/neutron_sriov_agent.json:/var/lib/kolla/config_files/config.json:ro + - - /var/lib/kolla/config_files/neutron_sriov_agent.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/neutron:/var/lib/kolla/config_files/src:ro - /lib/modules:/lib/modules:ro - /run:/run @@ -196,8 +193,7 @@ outputs: name: virt_sandbox_use_netlink persistent: yes state: yes - - - if: + - if: - derive_pci_whitelist_enabled - - name: "creating directory" file: @@ -213,7 +209,6 @@ outputs: mode: 0700 - name: run derive_pci_passthrough_whitelist.py command: /var/lib/pci_passthrough_whitelist_scripts/derive_pci_passthrough_whitelist.py - - [] metadata_settings: get_attr: [NeutronBase, role_data, metadata_settings] upgrade_tasks: [] diff --git a/deployment/neutron/neutron-vpp-agent-baremetal-puppet.yaml b/deployment/neutron/neutron-vpp-agent-baremetal-puppet.yaml index d4f11f0953..3a8bf6fdbe 100644 --- a/deployment/neutron/neutron-vpp-agent-baremetal-puppet.yaml +++ b/deployment/neutron/neutron-vpp-agent-baremetal-puppet.yaml @@ -36,7 +36,6 @@ parameters: default: "" resources: - NeutronBase: type: ./neutron-base.yaml properties: