Merge "Simplify octavia service templates"

changes/24/792724/1
Zuul 2 years ago committed by Gerrit Code Review
commit fbd67550ea
  1. 32
      deployment/octavia/octavia-api-container-puppet.yaml
  2. 167
      deployment/octavia/octavia-base.yaml
  3. 94
      deployment/octavia/octavia-deployment-config.j2.yaml
  4. 11
      deployment/octavia/octavia-health-manager-container-puppet.yaml
  5. 13
      deployment/octavia/octavia-housekeeping-container-puppet.yaml
  6. 4
      deployment/octavia/octavia-worker-container-puppet.yaml
  7. 46
      deployment/octavia/providers/ovn-provider-config.yaml

@ -88,14 +88,7 @@ parameters:
description: Set to false if the driver agent needs to be disabled for some reason.
type: boolean
conditions:
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
use_tls_proxy: {equals : [{get_param: EnableInternalTLS}, true]}
enable_driver_agent: {equals: [{get_param: OctaviaEnableDriverAgent}, true]}
resources:
ContainersCommon:
type: ../containers-common.yaml
@ -203,12 +196,9 @@ outputs:
- list_concat:
- - 'amphora: The Octavia Amphora driver.'
- 'octavia: Deprecated alias of the Octavia Amphora driver.'
-
if:
- enable_driver_agent
- if:
- {get_param: OctaviaEnableDriverAgent}
- {get_attr: [OctaviaProviderConfig, role_data, provider_driver_labels]}
- []
service_config_settings:
rsyslog:
tripleo_logging_sources_octavia_api:
@ -345,25 +335,20 @@ outputs:
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/octavia_api.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/kolla/config_files/octavia_api.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/octavia:/var/lib/kolla/config_files/src:ro
- /var/log/containers/octavia:/var/log/octavia:z
- /run/octavia:/run/octavia:shared,z
- /var/log/containers/httpd/octavia-api:/var/log/httpd:z
- if:
- internal_tls_enabled
- {get_param: EnableInternalTLS}
- - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
- []
- if:
- internal_tls_enabled
- - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
- []
- /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
- {get_attr: [OctaviaProviderConfig, role_data, volumes]}
environment:
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
- if:
- enable_driver_agent
- {get_param: OctaviaEnableDriverAgent}
- octavia_driver_agent:
start_order: 2
image: *octavia_api_image
@ -373,15 +358,12 @@ outputs:
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/octavia_driver_agent.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/kolla/config_files/octavia_driver_agent.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/octavia:/var/lib/kolla/config_files/src:ro
- /var/log/containers/octavia:/var/log/octavia:z
- /run/octavia:/run/octavia:shared,z
environment:
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
- {}
host_prep_tasks:
- name: create persistent directories
file:

@ -208,11 +208,14 @@ parameters:
type: boolean
conditions:
octavia_ca_cert_unset: {equals: [{get_param: OctaviaCaCert}, '']}
octavia_ca_key_unset: {equals: [{get_param: OctaviaCaKey}, '']}
octavia_client_cert_unset: {equals: [{get_param: OctaviaClientCert}, '']}
octavia_topology_unset: {equals : [{get_param: OctaviaLoadBalancerTopology}, ""]}
enable_sqlalchemy_collectd: {equals : [{get_param: EnableSQLAlchemyCollectd}, true]}
octavia_ca_cert_set:
not: {equals: [{get_param: OctaviaCaCert}, '']}
octavia_ca_key_set:
not: {equals: [{get_param: OctaviaCaKey}, '']}
octavia_client_cert_set:
not: {equals: [{get_param: OctaviaClientCert}, '']}
octavia_topology_set:
not: {equals : [{get_param: OctaviaLoadBalancerTopology}, '']}
outputs:
role_data:
@ -220,88 +223,80 @@ outputs:
value:
service_name: octavia_base
config_settings:
map_merge:
- octavia::logging::debug:
octavia::logging::debug:
if:
- {get_param: OctaviaDebug}
- true
- {get_param: Debug}
octavia::purge_config: {get_param: EnableConfigPurge}
octavia::notification_driver: {get_param: NotificationDriver}
octavia::db::database_connection:
make_url:
scheme: {get_param: [EndpointMap, MysqlInternal, protocol]}
username: {get_param: OctaviaUserName}
password: {get_param: OctaviaPassword}
host: {get_param: [EndpointMap, MysqlInternal, host]}
path: /octavia
query:
if:
- {get_param: OctaviaDebug}
- true
- {get_param: Debug}
octavia::purge_config: {get_param: EnableConfigPurge}
octavia::notification_driver: {get_param: NotificationDriver}
octavia::db::database_connection:
make_url:
scheme: {get_param: [EndpointMap, MysqlInternal, protocol]}
username: {get_param: OctaviaUserName}
password: {get_param: OctaviaPassword}
host: {get_param: [EndpointMap, MysqlInternal, host]}
path: /octavia
query:
if:
- enable_sqlalchemy_collectd
-
read_default_file: /etc/my.cnf.d/tripleo.cnf
read_default_group: tripleo
plugin: collectd
collectd_program_name: octavia
collectd_host: localhost
-
read_default_file: /etc/my.cnf.d/tripleo.cnf
read_default_group: tripleo
octavia::service_auth::auth_url: {get_param: [EndpointMap, KeystoneV3Internal, uri]}
octavia::service_auth::auth_type: 'password'
octavia::service_auth::username: {get_param: OctaviaUserName}
octavia::service_auth::password: {get_param: OctaviaPassword}
octavia::service_auth::project_name: {get_param: OctaviaProjectName}
octavia::service_auth::project_domain_name: 'Default'
octavia::service_auth::user_domain_name: 'Default'
octavia::service_auth::region_name: {get_param: KeystoneRegion}
octavia::certificates::ca_certificate: {get_param: OctaviaCaCertFile}
octavia::certificates::ca_private_key: {get_param: OctaviaCaKeyFile}
octavia::certificates::client_cert: {get_param: OctaviaClientCertFile}
octavia::certificates::server_certs_key_passphrase: {get_param: OctaviaServerCertsKeyPassphrase}
octavia::certificates::ca_private_key_passphrase: {get_param: OctaviaCaKeyPassphrase}
octavia::controller::amp_boot_network_list: {get_param: OctaviaAmphoraNetworkList}
octavia::controller::amp_flavor_id: {get_param: OctaviaFlavorId}
octavia::controller::amp_image_tag: {get_param: OctaviaAmphoraImageTag}
octavia::controller::amp_ssh_key_name: {get_param: OctaviaAmphoraSshKeyName}
octavia::controller::enable_ssh_access: true
octavia::controller::timeout_client_data: {get_param: OctaviaTimeoutClientData}
octavia::controller::timeout_member_connect: {get_param: OctaviaTimeoutMemberConnect}
octavia::controller::timeout_member_data: {get_param: OctaviaTimeoutMemberData}
octavia::controller::timeout_tcp_inspect: {get_param: OctaviaTimeoutTcpInspect}
octavia::controller::connection_max_retries: {get_param: OctaviaConnectionMaxRetries}
octavia::controller::connection_logging: {get_param: OctaviaConnectionLogging}
octavia::controller::build_active_retries: {get_param: OctaviaBuildActiveRetries}
octavia::controller::port_detach_timeout: {get_param: OctaviaPortDetachTimeout}
octavia::controller::admin_log_targets: {get_param: OctaviaAdminLogTargets}
octavia::controller::administrative_log_facility: {get_param: OctaviaAdminLogFacility}
octavia::controller::forward_all_logs: {get_param: OctaviaForwardAllLogs}
octavia::controller::tenant_log_targets: {get_param: OctaviaTenantLogTargets}
octavia::controller::user_log_facility: {get_param: OctaviaTenantLogFacility}
octavia::controller::user_log_format: {get_param: OctaviaUserLogFormat}
octavia::controller::disable_local_log_storage: {get_param: OctaviaDisableLocalLogStorage}
octavia::nova::enable_anti_affinity: {get_param: OctaviaAntiAffinity}
-
if:
- octavia_topology_unset
- {}
- octavia::controller::loadbalancer_topology: {get_param: OctaviaLoadBalancerTopology}
-
if:
- octavia_ca_cert_unset
- {}
- octavia::certificates::ca_certificate_data: {get_param: OctaviaCaCert}
-
if:
- octavia_ca_key_unset
- {}
- octavia::certificates::ca_private_key_data: {get_param: OctaviaCaKey}
-
if:
- octavia_client_cert_unset
- {}
- octavia::certificates::client_cert_data: {get_param: OctaviaClientCert}
- {get_param: EnableSQLAlchemyCollectd}
- read_default_file: /etc/my.cnf.d/tripleo.cnf
read_default_group: tripleo
plugin: collectd
collectd_program_name: octavia
collectd_host: localhost
- read_default_file: /etc/my.cnf.d/tripleo.cnf
read_default_group: tripleo
octavia::service_auth::auth_url: {get_param: [EndpointMap, KeystoneV3Internal, uri]}
octavia::service_auth::auth_type: 'password'
octavia::service_auth::username: {get_param: OctaviaUserName}
octavia::service_auth::password: {get_param: OctaviaPassword}
octavia::service_auth::project_name: {get_param: OctaviaProjectName}
octavia::service_auth::project_domain_name: 'Default'
octavia::service_auth::user_domain_name: 'Default'
octavia::service_auth::region_name: {get_param: KeystoneRegion}
octavia::certificates::ca_certificate: {get_param: OctaviaCaCertFile}
octavia::certificates::ca_private_key: {get_param: OctaviaCaKeyFile}
octavia::certificates::client_cert: {get_param: OctaviaClientCertFile}
octavia::certificates::server_certs_key_passphrase: {get_param: OctaviaServerCertsKeyPassphrase}
octavia::certificates::ca_private_key_passphrase: {get_param: OctaviaCaKeyPassphrase}
octavia::controller::amp_boot_network_list: {get_param: OctaviaAmphoraNetworkList}
octavia::controller::amp_flavor_id: {get_param: OctaviaFlavorId}
octavia::controller::amp_image_tag: {get_param: OctaviaAmphoraImageTag}
octavia::controller::amp_ssh_key_name: {get_param: OctaviaAmphoraSshKeyName}
octavia::controller::enable_ssh_access: true
octavia::controller::timeout_client_data: {get_param: OctaviaTimeoutClientData}
octavia::controller::timeout_member_connect: {get_param: OctaviaTimeoutMemberConnect}
octavia::controller::timeout_member_data: {get_param: OctaviaTimeoutMemberData}
octavia::controller::timeout_tcp_inspect: {get_param: OctaviaTimeoutTcpInspect}
octavia::controller::connection_max_retries: {get_param: OctaviaConnectionMaxRetries}
octavia::controller::connection_logging: {get_param: OctaviaConnectionLogging}
octavia::controller::build_active_retries: {get_param: OctaviaBuildActiveRetries}
octavia::controller::port_detach_timeout: {get_param: OctaviaPortDetachTimeout}
octavia::controller::admin_log_targets: {get_param: OctaviaAdminLogTargets}
octavia::controller::administrative_log_facility: {get_param: OctaviaAdminLogFacility}
octavia::controller::forward_all_logs: {get_param: OctaviaForwardAllLogs}
octavia::controller::tenant_log_targets: {get_param: OctaviaTenantLogTargets}
octavia::controller::user_log_facility: {get_param: OctaviaTenantLogFacility}
octavia::controller::user_log_format: {get_param: OctaviaUserLogFormat}
octavia::controller::disable_local_log_storage: {get_param: OctaviaDisableLocalLogStorage}
octavia::nova::enable_anti_affinity: {get_param: OctaviaAntiAffinity}
octavia::controller::loadbalancer_topology:
if:
- octavia_topology_set
- {get_param: OctaviaLoadBalancerTopology}
octavia::certificates::ca_certificate_data:
if:
- octavia_ca_cert_set
- {get_param: OctaviaCaCert}
octavia::certificates::ca_private_key_data:
if:
- octavia_ca_key_set
- {get_param: OctaviaCaKey}
octavia::certificates::client_cert_data:
if:
- octavia_client_cert_set
- {get_param: OctaviaClientCert}
update_tasks: &ensure_start_up_files
- name: make sure that post-deploy.conf exists before restarting containers on update or upgrade
when: step|int == 5

@ -207,53 +207,6 @@ resources:
type: OS::Nova::KeyPair
external_id: default
{% endif %}
OctaviaVars:
type: OS::Heat::Value
properties:
type: json
value:
vars:
os_auth_type: "password"
os_identity_api_version: "3"
amp_image_name: { get_param: OctaviaAmphoraImageName }
amp_image_filename: {get_param: OctaviaAmphoraImageFilename }
amp_image_tag: { get_param: OctaviaAmphoraImageTag }
amp_hw_arch: { get_param: OctaviaAmphoraImageArchitecture }
amp_ssh_key_name: { get_param: OctaviaAmphoraSshKeyName }
amp_ssh_key_path: { get_param: OctaviaAmphoraSshKeyFile }
{% if not octavia_standalone %}
amp_ssh_key_data: { get_attr: [default_key_pair, public_key] }
{% endif %}
{% raw %}
amp_to_raw: {if: [octavia_raw_image_check, true, false]}
auth_username: { get_param: OctaviaUserName }
auth_password: { get_param: OctaviaPassword }
auth_project_name: { get_param: OctaviaProjectName }
lb_mgmt_net_name: { get_param: OctaviaControlNetwork }
lb_mgmt_subnet_name: { get_param: OctaviaControlSubnet }
lb_sec_group_name: { get_param: OctaviaControlSubnet }
lb_mgmt_subnet_cidr: { get_param: OctaviaControlSubnetCidr }
lb_mgmt_subnet_gateway: { get_param: OctaviaControlSubnetGateway }
lb_mgmt_subnet_pool_start: { get_param: OctaviaControlSubnetPoolStart }
lb_mgmt_subnet_pool_end: { get_param: OctaviaControlSubnetPoolEnd }
ca_cert_path: { get_param: OctaviaCaCertFile }
ca_private_key_path: { get_param: OctaviaCaKeyFile }
server_certs_key_passphrase: {get_param: OctaviaServerCertsKeyPassphrase}
ca_passphrase: { get_param: OctaviaCaKeyPassphrase }
client_cert_path: { get_param: OctaviaClientCertFile }
generate_certs: { get_param: OctaviaGenerateCerts }
mgmt_port_dev: { get_param: OctaviaMgmtPortDevName }
os_password: { get_param: AdminPassword }
os_project_name: 'admin'
os_username: 'admin'
octavia_ansible_playbook: '/usr/share/ansible/tripleo-playbooks/octavia-files.yaml'
os_auth_url: { get_param: [EndpointMap, KeystoneV3Public, uri] }
os_int_auth_url: { get_param: [EndpointMap, KeystoneInternal, uri] }
octavia_local_tmpdir: "{{playbook_dir}}/octavia-ansible/local_dir"
octavia_group_vars_dir: "{{playbook_dir}}/octavia-ansible/group_vars"
container_cli: { get_param: ContainerCli }
enable_log_offloading: { get_param: OctaviaLogOffload }
stack_action: { get_param: StackAction }
outputs:
role_data:
@ -272,7 +225,48 @@ outputs:
block:
- name: Set up group_vars
set_fact:
octavia_ansible_group_vars: { get_attr: [OctaviaVars, value, vars] }
octavia_ansible_group_vars:
os_auth_type: "password"
os_identity_api_version: "3"
amp_image_name: { get_param: OctaviaAmphoraImageName }
amp_image_filename: {get_param: OctaviaAmphoraImageFilename }
amp_image_tag: { get_param: OctaviaAmphoraImageTag }
amp_hw_arch: { get_param: OctaviaAmphoraImageArchitecture }
amp_ssh_key_name: { get_param: OctaviaAmphoraSshKeyName }
amp_ssh_key_path: { get_param: OctaviaAmphoraSshKeyFile }
{% if not octavia_standalone %}
amp_ssh_key_data: { get_attr: [default_key_pair, public_key] }
{% endif %}
amp_to_raw: {if: [octavia_raw_image_check, true, false]}
auth_username: { get_param: OctaviaUserName }
auth_password: { get_param: OctaviaPassword }
auth_project_name: { get_param: OctaviaProjectName }
lb_mgmt_net_name: { get_param: OctaviaControlNetwork }
lb_mgmt_subnet_name: { get_param: OctaviaControlSubnet }
lb_sec_group_name: { get_param: OctaviaControlSubnet }
lb_mgmt_subnet_cidr: { get_param: OctaviaControlSubnetCidr }
lb_mgmt_subnet_gateway: { get_param: OctaviaControlSubnetGateway }
lb_mgmt_subnet_pool_start: { get_param: OctaviaControlSubnetPoolStart }
lb_mgmt_subnet_pool_end: { get_param: OctaviaControlSubnetPoolEnd }
ca_cert_path: { get_param: OctaviaCaCertFile }
ca_private_key_path: { get_param: OctaviaCaKeyFile }
server_certs_key_passphrase: {get_param: OctaviaServerCertsKeyPassphrase}
ca_passphrase: { get_param: OctaviaCaKeyPassphrase }
client_cert_path: { get_param: OctaviaClientCertFile }
generate_certs: { get_param: OctaviaGenerateCerts }
mgmt_port_dev: { get_param: OctaviaMgmtPortDevName }
os_password: { get_param: AdminPassword }
os_project_name: 'admin'
os_username: 'admin'
octavia_ansible_playbook: '/usr/share/ansible/tripleo-playbooks/octavia-files.yaml'
os_auth_url: { get_param: [EndpointMap, KeystoneV3Public, uri] }
os_int_auth_url: { get_param: [EndpointMap, KeystoneInternal, uri] }
{% raw %}
octavia_local_tmpdir: "{{playbook_dir}}/octavia-ansible/local_dir"
octavia_group_vars_dir: "{{playbook_dir}}/octavia-ansible/group_vars"
container_cli: { get_param: ContainerCli }
enable_log_offloading: { get_param: OctaviaLogOffload }
stack_action: { get_param: StackAction }
no_log: "{{ hide_sensitive_logs | bool }}"
- name: Make needed directories on the undercloud
become: true
@ -297,11 +291,9 @@ outputs:
content: |
octavia_nodes:
hosts:
{%- set octavia_groups = ['worker'] -%}
{%- for octavia_group in octavia_groups -%}
{%- if 'octavia_' ~ octavia_groups %}
{% for host in groups['octavia_' ~ octavia_group] -%}
{{ hostvars.raw_get(host)['ansible_facts']['hostname'] | lower}}:
ansible_user: {{ hostvars.raw_get(host)['ansible_ssh_user'] | default('heat-admin') }}
@ -309,10 +301,8 @@ outputs:
canonical_hostname: {{ hostvars.raw_get(host)['canonical_hostname'] | default(host) | lower }}
ansible_become: true
{% endfor %}
{%- endif -%}
{%- endfor %}
Undercloud:
hosts:
{% for host in groups['Undercloud'] -%}

@ -61,12 +61,7 @@ parameters:
the controller logs.
type: boolean
conditions:
log_offload_enabled: {equals: [{get_param: OctaviaLogOffload}, true]}
resources:
ContainersCommon:
type: ../containers-common.yaml
@ -167,14 +162,13 @@ outputs:
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/octavia_health_manager.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/kolla/config_files/octavia_health_manager.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/octavia:/var/lib/kolla/config_files/src:ro
- /var/log/containers/octavia:/var/log/octavia:z
environment:
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
- if:
- log_offload_enabled
- {get_param: OctaviaLogOffload}
- octavia_rsyslog:
start_order: 2
image: {get_param: ContainerOctaviaRsyslogImage}
@ -190,7 +184,6 @@ outputs:
- /var/log/containers/octavia-amphorae:/var/log/octavia:z
environment:
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
- {}
update_tasks: {get_attr: [OctaviaBase, role_data, update_tasks]}
upgrade_tasks: {get_attr: [OctaviaBase, role_data, upgrade_tasks]}
host_prep_tasks:

@ -50,10 +50,10 @@ parameters:
type: string
conditions:
amphora_expiry_is_zero: {equals: [{get_param: OctaviaAmphoraExpiryAge}, 0]}
amphora_expiry_set:
not: {equals: [{get_param: OctaviaAmphoraExpiryAge}, 0]}
resources:
ContainersCommon:
type: ../containers-common.yaml
@ -78,10 +78,8 @@ outputs:
config_settings:
map_merge:
- get_attr: [OctaviaBase, role_data, config_settings]
-
if:
- amphora_expiry_is_zero
- {}
- if:
- amphora_expiry_set
- octavia::housekeeping::amphora_expiry_age: {get_param: OctaviaAmphoraExpiryAge}
service_config_settings:
rsyslog:
@ -137,8 +135,7 @@ outputs:
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/octavia_housekeeping.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/kolla/config_files/octavia_housekeeping.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/octavia:/var/lib/kolla/config_files/src:ro
- /var/log/containers/octavia:/var/log/octavia:z
environment:

@ -47,7 +47,6 @@ parameters:
type: string
resources:
ContainersCommon:
type: ../containers-common.yaml
@ -124,8 +123,7 @@ outputs:
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/octavia_worker.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/kolla/config_files/octavia_worker.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/octavia:/var/lib/kolla/config_files/src:ro
- /var/log/containers/octavia:/var/log/octavia:z
environment:

@ -54,12 +54,12 @@ parameters:
certificate for this service
conditions:
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
is_ovn_in_neutron_mechanism_driver: {contains: ['ovn', {get_param: NeutronMechanismDrivers}]}
ovn_and_tls: {and: [is_ovn_in_neutron_mechanism_driver, internal_tls_enabled]}
octavia_provider_ovn_protocol_unset: {equals: [{get_param: OctaviaOvnProviderProtocol}, '']}
key_size_override_unset: {equals: [{get_param: OctaviaCertificateKeySize}, '']}
ovn_and_tls: {and: [is_ovn_in_neutron_mechanism_driver, {get_param: EnableInternalTLS}]}
octavia_provider_ovn_protocol_set:
not: {equals: [{get_param: OctaviaOvnProviderProtocol}, '']}
key_size_override_set:
not: {equals: [{get_param: OctaviaCertificateKeySize}, '']}
outputs:
role_data:
@ -67,26 +67,23 @@ outputs:
value:
config_settings:
map_merge:
-
if:
- octavia_provider_ovn_protocol_unset
- if:
- internal_tls_enabled
- if:
- octavia_provider_ovn_protocol_set
- tripleo::profile::base::octavia::provider::ovn::protocol: {get_param: OctaviaOvnProviderProtocol}
- if:
- {get_param: EnableInternalTLS}
- tripleo::profile::base::octavia::provider::ovn::protocol: 'ssl'
- tripleo::profile::base::octavia::provider::ovn::protocol: 'tcp'
- tripleo::profile::base::octavia::provider::ovn::protocol: {get_param: OctaviaOvnProviderProtocol}
- if:
- if:
- ovn_and_tls
- tripleo::profile::base::octavia::provider::ovn::ovn_nb_ca_cert: {get_param: InternalTLSCAFile}
tripleo::profile::base::octavia::provider::ovn::ovn_nb_certificate: '/etc/pki/tls/certs/ovn_octavia.crt'
tripleo::profile::base::octavia::provider::ovn::ovn_nb_private_key: '/etc/pki/tls/private/ovn_octavia.key'
- {}
puppet_tags: octavia_ovn_provider_config
provider_driver_labels:
if:
- is_ovn_in_neutron_mechanism_driver
- ['ovn: Octavia OVN driver.']
- []
step_config:
if:
- is_ovn_in_neutron_mechanism_driver
@ -98,39 +95,31 @@ outputs:
- - service: ovn_octavia
network: {get_param: [ServiceNetMap, OvnDbsNetwork]}
type: node
- null
volumes:
if:
- ovn_and_tls
-
- /etc/pki/tls/certs/ovn_octavia.crt:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/ovn_octavia.crt:ro
- - /etc/pki/tls/certs/ovn_octavia.crt:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/ovn_octavia.crt:ro
- /etc/pki/tls/private/ovn_octavia.key:/var/lib/kolla/config_files/src-tls/etc/pki/tls/private/ovn_octavia.key:ro
- []
kolla_permissions:
if:
- ovn_and_tls
-
- path: /etc/pki/tls/certs/ovn_octavia.crt
- - path: /etc/pki/tls/certs/ovn_octavia.crt
owner: octavia:octavia
perm: '0644'
- path: /etc/pki/tls/private/ovn_octavia.key
owner: octavia:octavia
perm: '0640'
- []
kolla_config_files:
if:
- ovn_and_tls
-
- source: "/var/lib/kolla/config_files/src-tls/*"
- - source: "/var/lib/kolla/config_files/src-tls/*"
dest: "/"
merge: true
preserve_properties: true
- []
deploy_steps_tasks:
if:
- ovn_and_tls
-
- name: Certificate generation
- - name: Certificate generation
when: step|int == 1
block:
- include_role:
@ -150,8 +139,7 @@ outputs:
$NETWORK: {get_param: [ServiceNetMap, OvnDbsNetwork]}
key_size:
if:
- key_size_override_unset
- {get_param: CertificateKeySize}
- key_size_override_set
- {get_param: OctaviaCertificateKeySize}
- {get_param: CertificateKeySize}
ca: ipa
- null

Loading…
Cancel
Save