Fixes certificate generation error for Neutron agents
TLS certificates were introduced for the Neutron Base service in order
for Neutron to securely communicate with OVS via SSL/TLS. However, the
implementation only required Neutron DHCP agent (ODL deployment) to use
the certificates. The other OVS agents are not used in ODL deployments
and SSL/TLS use there may be added in the future. However, since other
services inherit NeutronBase config_settings, they will attempt to
generate certs. This certificate generation will fail because these
services do not inherit metadata settings.
This patch fixes the above issue by adding the metadata settings
inheritance to every service derived from NeutronBase.
Closes-Bug: 1754363
Change-Id: I87afc3a11efeefc1cfd768dfe817fbb3b2422694
Signed-off-by: Tim Rozet <trozet@redhat.com>
(cherry picked from commit df31016a9a
)
This commit is contained in:
parent
a2d529e108
commit
fa83eb1b86
|
@ -117,6 +117,8 @@ outputs:
|
|||
- /run/netns:/run/netns:shared
|
||||
environment:
|
||||
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
|
||||
metadata_settings:
|
||||
get_attr: [NeutronL3Base, role_data, metadata_settings]
|
||||
host_prep_tasks:
|
||||
list_concat:
|
||||
- {get_attr: [NeutronLogging, host_prep_tasks]}
|
||||
|
|
|
@ -115,6 +115,8 @@ outputs:
|
|||
- /var/lib/neutron:/var/lib/neutron
|
||||
environment:
|
||||
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
|
||||
metadata_settings:
|
||||
get_attr: [NeutronMetadataBase, role_data, metadata_settings]
|
||||
host_prep_tasks:
|
||||
list_concat:
|
||||
- {get_attr: [NeutronLogging, host_prep_tasks]}
|
||||
|
|
|
@ -155,6 +155,8 @@ outputs:
|
|||
- /run/openvswitch:/run/openvswitch
|
||||
environment:
|
||||
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
|
||||
metadata_settings:
|
||||
get_attr: [NeutronOvsAgentBase, role_data, metadata_settings]
|
||||
host_prep_tasks: {get_attr: [NeutronLogging, host_prep_tasks]}
|
||||
upgrade_tasks:
|
||||
list_concat:
|
||||
|
|
|
@ -95,6 +95,8 @@ outputs:
|
|||
get_attr: [NeutronOvsAgentDockerBase, role_data, kolla_config]
|
||||
docker_config:
|
||||
get_attr: [NeutronOvsAgentDockerBase, role_data, docker_config]
|
||||
metadata_settings:
|
||||
get_attr: [NeutronOvsAgentDockerBase, role_data, metadata_settings]
|
||||
host_prep_tasks:
|
||||
get_attr: [NeutronOvsAgentDockerBase, role_data, host_prep_tasks]
|
||||
upgrade_tasks:
|
||||
|
|
|
@ -53,6 +53,8 @@ outputs:
|
|||
logging_source: {get_attr: [NeutronMl2VtsBase, role_data, logging_source]}
|
||||
logging_groups: {get_attr: [NeutronMl2VtsBase, role_data, logging_groups]}
|
||||
service_config_settings: {get_attr: [NeutronMl2VtsBase, role_data, service_config_settings]}
|
||||
metadata_settings:
|
||||
get_attr: [NeutronMl2VtsBase, role_data, metadata_settings]
|
||||
# BEGIN DOCKER SETTINGS
|
||||
puppet_config:
|
||||
config_volume: 'neutron'
|
||||
|
|
|
@ -56,6 +56,8 @@ outputs:
|
|||
logging_source: {get_attr: [NeutronBase, role_data, logging_source]}
|
||||
logging_groups: {get_attr: [NeutronBase, role_data, logging_groups]}
|
||||
service_config_settings: {get_attr: [NeutronBase, role_data, service_config_settings]}
|
||||
metadata_settings:
|
||||
get_attr: [NeutronBase, role_data, metadata_settings]
|
||||
# BEGIN DOCKER SETTINGS
|
||||
puppet_config:
|
||||
config_volume: 'neutron'
|
||||
|
|
|
@ -110,6 +110,8 @@ outputs:
|
|||
environment:
|
||||
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
|
||||
host_prep_tasks: {get_attr: [NeutronLogging, host_prep_tasks]}
|
||||
metadata_settings:
|
||||
get_attr: [NeutronSriovAgentBase, role_data, metadata_settings]
|
||||
upgrade_tasks:
|
||||
- name: Check if neutron_sriov_nic_agent is deployed
|
||||
command: systemctl is-enabled --quiet neutron-sriov-nic-agent
|
||||
|
|
|
@ -138,6 +138,8 @@ outputs:
|
|||
- /run/netns:/run/netns:shared
|
||||
environment:
|
||||
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
|
||||
metadata_settings:
|
||||
get_attr: [OVNMetadataBase, role_data, metadata_settings]
|
||||
host_prep_tasks:
|
||||
list_concat:
|
||||
- {get_attr: [NeutronLogging, host_prep_tasks]}
|
||||
|
|
|
@ -92,3 +92,5 @@ outputs:
|
|||
- {get_param: NeutronL3ComputeAgentLoggingSource}
|
||||
step_config: |
|
||||
include tripleo::profile::base::neutron::l3
|
||||
metadata_settings:
|
||||
get_attr: [NeutronBase, role_data, metadata_settings]
|
||||
|
|
|
@ -131,3 +131,5 @@ outputs:
|
|||
- step|int == 1
|
||||
- neutron_l3_agent_enabled.rc == 0
|
||||
service: name=neutron-l3-agent state=stopped
|
||||
metadata_settings:
|
||||
get_attr: [NeutronBase, role_data, metadata_settings]
|
||||
|
|
|
@ -81,3 +81,5 @@ outputs:
|
|||
horizon:
|
||||
horizon::neutron_options:
|
||||
enable_lb: True
|
||||
metadata_settings:
|
||||
get_attr: [NeutronBase, role_data, metadata_settings]
|
||||
|
|
|
@ -86,3 +86,5 @@ outputs:
|
|||
- neutron::agents::ml2::linuxbridge::firewall_driver: {get_param: NeutronLinuxbridgeFirewallDriver}
|
||||
step_config: |
|
||||
include ::tripleo::profile::base::neutron::linuxbridge
|
||||
metadata_settings:
|
||||
get_attr: [NeutronBase, role_data, metadata_settings]
|
||||
|
|
|
@ -148,3 +148,5 @@ outputs:
|
|||
- step|int == 1
|
||||
- neutron_metadata_agent_enabled.rc == 0
|
||||
service: name=neutron-metadata-agent state=stopped
|
||||
metadata_settings:
|
||||
get_attr: [NeutronBase, role_data, metadata_settings]
|
||||
|
|
|
@ -184,3 +184,5 @@ outputs:
|
|||
- step|int == 1
|
||||
- neutron_ovs_agent_enabled.rc == 0
|
||||
service: name=neutron-openvswitch-agent state=stopped
|
||||
metadata_settings:
|
||||
get_attr: [NeutronBase, role_data, metadata_settings]
|
||||
|
|
|
@ -125,3 +125,5 @@ outputs:
|
|||
step_config: {get_attr: [NeutronOvsAgent, role_data, step_config]}
|
||||
upgrade_tasks:
|
||||
get_attr: [Ovs, role_data, upgrade_tasks]
|
||||
metadata_settings:
|
||||
get_attr: [NeutronOvsAgent, role_data, metadata_settings]
|
||||
|
|
|
@ -85,3 +85,5 @@ outputs:
|
|||
neutron::plugins::ml2::cisco::vts::vts_timeout: {get_param: VTSTimeout}
|
||||
step_config: |
|
||||
include ::tripleo::profile::base::neutron::plugins::ml2
|
||||
metadata_settings:
|
||||
get_attr: [NeutronMl2Base, role_data, metadata_settings]
|
||||
|
|
|
@ -86,3 +86,5 @@ outputs:
|
|||
neutron::plugins::ml2::fujitsu::cfab::save_config: {get_param: NeutronFujitsuCfabSaveConfig}
|
||||
step_config: |
|
||||
include ::tripleo::profile::base::neutron::plugins::ml2
|
||||
metadata_settings:
|
||||
get_attr: [NeutronMl2Base, role_data, metadata_settings]
|
||||
|
|
|
@ -90,4 +90,5 @@ outputs:
|
|||
neutron::plugins::ml2::fujitsu::fossw::ovsdb_port: {get_param: NeutronFujitsuFosswOvsdbPort}
|
||||
step_config: |
|
||||
include ::tripleo::profile::base::neutron::plugins::ml2
|
||||
|
||||
metadata_settings:
|
||||
get_attr: [NeutronMl2Base, role_data, metadata_settings]
|
||||
|
|
|
@ -109,3 +109,5 @@ outputs:
|
|||
nova::patch::config::monkey_patch_modules: {get_param: NovaPatchConfigMonkeyPatchModules}
|
||||
step_config: |
|
||||
include tripleo::profile::base::neutron::plugins::ml2
|
||||
metadata_settings:
|
||||
get_attr: [NeutronMl2Base, role_data, metadata_settings]
|
||||
|
|
|
@ -71,3 +71,5 @@ outputs:
|
|||
- {}
|
||||
step_config: |
|
||||
include ::tripleo::profile::base::neutron::plugins::ml2
|
||||
metadata_settings:
|
||||
get_attr: [NeutronMl2Base, role_data, metadata_settings]
|
||||
|
|
|
@ -103,3 +103,5 @@ outputs:
|
|||
neutron::plugins::ml2::ovn::dvr_enabled: {get_param: NeutronEnableDVR}
|
||||
step_config: |
|
||||
include ::tripleo::profile::base::neutron::plugins::ml2
|
||||
metadata_settings:
|
||||
get_attr: [NeutronMl2Base, role_data, metadata_settings]
|
||||
|
|
|
@ -118,3 +118,5 @@ outputs:
|
|||
service_config_settings:
|
||||
horizon:
|
||||
neutron::plugins::ml2::mechanism_drivers: {get_param: NeutronMechanismDrivers}
|
||||
metadata_settings:
|
||||
get_attr: [NeutronBase, role_data, metadata_settings]
|
||||
|
|
|
@ -97,3 +97,5 @@ outputs:
|
|||
nova::api::use_forwarded_for: {get_param: UseForwardedFor}
|
||||
step_config: |
|
||||
include tripleo::profile::base::neutron::plugins::nuage
|
||||
metadata_settings:
|
||||
get_attr: [NeutronBase, role_data, metadata_settings]
|
||||
|
|
|
@ -131,3 +131,5 @@ outputs:
|
|||
- step|int == 1
|
||||
- neutron_sriov_nic_agent_enabled.rc == 0
|
||||
service: name=neutron-sriov-nic-agent state=stopped
|
||||
metadata_settings:
|
||||
get_attr: [NeutronBase, role_data, metadata_settings]
|
||||
|
|
|
@ -78,3 +78,5 @@ outputs:
|
|||
- get_attr: [RoleParametersValue, value]
|
||||
step_config: |
|
||||
include ::tripleo::host::sriov
|
||||
metadata_settings:
|
||||
get_attr: [NeutronBase, role_data, metadata_settings]
|
||||
|
|
|
@ -58,4 +58,6 @@ outputs:
|
|||
- get_attr: [NeutronBase, role_data, config_settings]
|
||||
- tripleo::profile::base::neutron::agents::vpp::physnet_mapping: {get_param: NeutronVPPAgentPhysnets}
|
||||
step_config: |
|
||||
include ::tripleo::profile::base::neutron::agents::vpp
|
||||
include ::tripleo::profile::base::neutron::agents::vpp
|
||||
metadata_settings:
|
||||
get_attr: [NeutronBase, role_data, metadata_settings]
|
||||
|
|
|
@ -124,3 +124,5 @@ outputs:
|
|||
- step|int == 1
|
||||
- neutron_metadata_agent_enabled.rc == 0
|
||||
service: name=networking-ovn-metadata-agent state=stopped
|
||||
metadata_settings:
|
||||
get_attr: [NeutronBase, role_data, metadata_settings]
|
||||
|
|
|
@ -0,0 +1,6 @@
|
|||
---
|
||||
fixes:
|
||||
- |
|
||||
Fixes failure to create Neutron certificates for roles which do not
|
||||
contain Neutron DHCP agent, but include other Neutron agents
|
||||
(i.e. default Compute role).
|
Loading…
Reference in New Issue