Merge "Simplify octavia service templates"

This commit is contained in:
Zuul 2021-05-22 04:09:12 +00:00 committed by Gerrit Code Review
commit fbd67550ea
7 changed files with 155 additions and 212 deletions

View File

@ -88,14 +88,7 @@ parameters:
description: Set to false if the driver agent needs to be disabled for some reason. description: Set to false if the driver agent needs to be disabled for some reason.
type: boolean type: boolean
conditions:
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
use_tls_proxy: {equals : [{get_param: EnableInternalTLS}, true]}
enable_driver_agent: {equals: [{get_param: OctaviaEnableDriverAgent}, true]}
resources: resources:
ContainersCommon: ContainersCommon:
type: ../containers-common.yaml type: ../containers-common.yaml
@ -203,12 +196,9 @@ outputs:
- list_concat: - list_concat:
- - 'amphora: The Octavia Amphora driver.' - - 'amphora: The Octavia Amphora driver.'
- 'octavia: Deprecated alias of the Octavia Amphora driver.' - 'octavia: Deprecated alias of the Octavia Amphora driver.'
- - if:
if: - {get_param: OctaviaEnableDriverAgent}
- enable_driver_agent
- {get_attr: [OctaviaProviderConfig, role_data, provider_driver_labels]} - {get_attr: [OctaviaProviderConfig, role_data, provider_driver_labels]}
- []
service_config_settings: service_config_settings:
rsyslog: rsyslog:
tripleo_logging_sources_octavia_api: tripleo_logging_sources_octavia_api:
@ -345,25 +335,20 @@ outputs:
volumes: volumes:
list_concat: list_concat:
- {get_attr: [ContainersCommon, volumes]} - {get_attr: [ContainersCommon, volumes]}
- - - /var/lib/kolla/config_files/octavia_api.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/kolla/config_files/octavia_api.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/octavia:/var/lib/kolla/config_files/src:ro - /var/lib/config-data/puppet-generated/octavia:/var/lib/kolla/config_files/src:ro
- /var/log/containers/octavia:/var/log/octavia:z - /var/log/containers/octavia:/var/log/octavia:z
- /run/octavia:/run/octavia:shared,z - /run/octavia:/run/octavia:shared,z
- /var/log/containers/httpd/octavia-api:/var/log/httpd:z - /var/log/containers/httpd/octavia-api:/var/log/httpd:z
- if: - if:
- internal_tls_enabled - {get_param: EnableInternalTLS}
- - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro - - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
- [] - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
- if:
- internal_tls_enabled
- - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
- []
- {get_attr: [OctaviaProviderConfig, role_data, volumes]} - {get_attr: [OctaviaProviderConfig, role_data, volumes]}
environment: environment:
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
- if: - if:
- enable_driver_agent - {get_param: OctaviaEnableDriverAgent}
- octavia_driver_agent: - octavia_driver_agent:
start_order: 2 start_order: 2
image: *octavia_api_image image: *octavia_api_image
@ -373,15 +358,12 @@ outputs:
volumes: volumes:
list_concat: list_concat:
- {get_attr: [ContainersCommon, volumes]} - {get_attr: [ContainersCommon, volumes]}
- - - /var/lib/kolla/config_files/octavia_driver_agent.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/kolla/config_files/octavia_driver_agent.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/octavia:/var/lib/kolla/config_files/src:ro - /var/lib/config-data/puppet-generated/octavia:/var/lib/kolla/config_files/src:ro
- /var/log/containers/octavia:/var/log/octavia:z - /var/log/containers/octavia:/var/log/octavia:z
- /run/octavia:/run/octavia:shared,z - /run/octavia:/run/octavia:shared,z
environment: environment:
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
- {}
host_prep_tasks: host_prep_tasks:
- name: create persistent directories - name: create persistent directories
file: file:

View File

@ -208,11 +208,14 @@ parameters:
type: boolean type: boolean
conditions: conditions:
octavia_ca_cert_unset: {equals: [{get_param: OctaviaCaCert}, '']} octavia_ca_cert_set:
octavia_ca_key_unset: {equals: [{get_param: OctaviaCaKey}, '']} not: {equals: [{get_param: OctaviaCaCert}, '']}
octavia_client_cert_unset: {equals: [{get_param: OctaviaClientCert}, '']} octavia_ca_key_set:
octavia_topology_unset: {equals : [{get_param: OctaviaLoadBalancerTopology}, ""]} not: {equals: [{get_param: OctaviaCaKey}, '']}
enable_sqlalchemy_collectd: {equals : [{get_param: EnableSQLAlchemyCollectd}, true]} octavia_client_cert_set:
not: {equals: [{get_param: OctaviaClientCert}, '']}
octavia_topology_set:
not: {equals : [{get_param: OctaviaLoadBalancerTopology}, '']}
outputs: outputs:
role_data: role_data:
@ -220,88 +223,80 @@ outputs:
value: value:
service_name: octavia_base service_name: octavia_base
config_settings: config_settings:
map_merge: octavia::logging::debug:
- octavia::logging::debug: if:
- {get_param: OctaviaDebug}
- true
- {get_param: Debug}
octavia::purge_config: {get_param: EnableConfigPurge}
octavia::notification_driver: {get_param: NotificationDriver}
octavia::db::database_connection:
make_url:
scheme: {get_param: [EndpointMap, MysqlInternal, protocol]}
username: {get_param: OctaviaUserName}
password: {get_param: OctaviaPassword}
host: {get_param: [EndpointMap, MysqlInternal, host]}
path: /octavia
query:
if: if:
- {get_param: OctaviaDebug} - {get_param: EnableSQLAlchemyCollectd}
- true - read_default_file: /etc/my.cnf.d/tripleo.cnf
- {get_param: Debug} read_default_group: tripleo
octavia::purge_config: {get_param: EnableConfigPurge} plugin: collectd
octavia::notification_driver: {get_param: NotificationDriver} collectd_program_name: octavia
octavia::db::database_connection: collectd_host: localhost
make_url: - read_default_file: /etc/my.cnf.d/tripleo.cnf
scheme: {get_param: [EndpointMap, MysqlInternal, protocol]} read_default_group: tripleo
username: {get_param: OctaviaUserName} octavia::service_auth::auth_url: {get_param: [EndpointMap, KeystoneV3Internal, uri]}
password: {get_param: OctaviaPassword} octavia::service_auth::auth_type: 'password'
host: {get_param: [EndpointMap, MysqlInternal, host]} octavia::service_auth::username: {get_param: OctaviaUserName}
path: /octavia octavia::service_auth::password: {get_param: OctaviaPassword}
query: octavia::service_auth::project_name: {get_param: OctaviaProjectName}
if: octavia::service_auth::project_domain_name: 'Default'
- enable_sqlalchemy_collectd octavia::service_auth::user_domain_name: 'Default'
- octavia::service_auth::region_name: {get_param: KeystoneRegion}
read_default_file: /etc/my.cnf.d/tripleo.cnf octavia::certificates::ca_certificate: {get_param: OctaviaCaCertFile}
read_default_group: tripleo octavia::certificates::ca_private_key: {get_param: OctaviaCaKeyFile}
plugin: collectd octavia::certificates::client_cert: {get_param: OctaviaClientCertFile}
collectd_program_name: octavia octavia::certificates::server_certs_key_passphrase: {get_param: OctaviaServerCertsKeyPassphrase}
collectd_host: localhost octavia::certificates::ca_private_key_passphrase: {get_param: OctaviaCaKeyPassphrase}
- octavia::controller::amp_boot_network_list: {get_param: OctaviaAmphoraNetworkList}
read_default_file: /etc/my.cnf.d/tripleo.cnf octavia::controller::amp_flavor_id: {get_param: OctaviaFlavorId}
read_default_group: tripleo octavia::controller::amp_image_tag: {get_param: OctaviaAmphoraImageTag}
octavia::controller::amp_ssh_key_name: {get_param: OctaviaAmphoraSshKeyName}
octavia::service_auth::auth_url: {get_param: [EndpointMap, KeystoneV3Internal, uri]} octavia::controller::enable_ssh_access: true
octavia::service_auth::auth_type: 'password' octavia::controller::timeout_client_data: {get_param: OctaviaTimeoutClientData}
octavia::service_auth::username: {get_param: OctaviaUserName} octavia::controller::timeout_member_connect: {get_param: OctaviaTimeoutMemberConnect}
octavia::service_auth::password: {get_param: OctaviaPassword} octavia::controller::timeout_member_data: {get_param: OctaviaTimeoutMemberData}
octavia::service_auth::project_name: {get_param: OctaviaProjectName} octavia::controller::timeout_tcp_inspect: {get_param: OctaviaTimeoutTcpInspect}
octavia::service_auth::project_domain_name: 'Default' octavia::controller::connection_max_retries: {get_param: OctaviaConnectionMaxRetries}
octavia::service_auth::user_domain_name: 'Default' octavia::controller::connection_logging: {get_param: OctaviaConnectionLogging}
octavia::service_auth::region_name: {get_param: KeystoneRegion} octavia::controller::build_active_retries: {get_param: OctaviaBuildActiveRetries}
octavia::certificates::ca_certificate: {get_param: OctaviaCaCertFile} octavia::controller::port_detach_timeout: {get_param: OctaviaPortDetachTimeout}
octavia::certificates::ca_private_key: {get_param: OctaviaCaKeyFile} octavia::controller::admin_log_targets: {get_param: OctaviaAdminLogTargets}
octavia::certificates::client_cert: {get_param: OctaviaClientCertFile} octavia::controller::administrative_log_facility: {get_param: OctaviaAdminLogFacility}
octavia::certificates::server_certs_key_passphrase: {get_param: OctaviaServerCertsKeyPassphrase} octavia::controller::forward_all_logs: {get_param: OctaviaForwardAllLogs}
octavia::certificates::ca_private_key_passphrase: {get_param: OctaviaCaKeyPassphrase} octavia::controller::tenant_log_targets: {get_param: OctaviaTenantLogTargets}
octavia::controller::amp_boot_network_list: {get_param: OctaviaAmphoraNetworkList} octavia::controller::user_log_facility: {get_param: OctaviaTenantLogFacility}
octavia::controller::amp_flavor_id: {get_param: OctaviaFlavorId} octavia::controller::user_log_format: {get_param: OctaviaUserLogFormat}
octavia::controller::amp_image_tag: {get_param: OctaviaAmphoraImageTag} octavia::controller::disable_local_log_storage: {get_param: OctaviaDisableLocalLogStorage}
octavia::controller::amp_ssh_key_name: {get_param: OctaviaAmphoraSshKeyName} octavia::nova::enable_anti_affinity: {get_param: OctaviaAntiAffinity}
octavia::controller::enable_ssh_access: true octavia::controller::loadbalancer_topology:
octavia::controller::timeout_client_data: {get_param: OctaviaTimeoutClientData} if:
octavia::controller::timeout_member_connect: {get_param: OctaviaTimeoutMemberConnect} - octavia_topology_set
octavia::controller::timeout_member_data: {get_param: OctaviaTimeoutMemberData} - {get_param: OctaviaLoadBalancerTopology}
octavia::controller::timeout_tcp_inspect: {get_param: OctaviaTimeoutTcpInspect} octavia::certificates::ca_certificate_data:
octavia::controller::connection_max_retries: {get_param: OctaviaConnectionMaxRetries} if:
octavia::controller::connection_logging: {get_param: OctaviaConnectionLogging} - octavia_ca_cert_set
octavia::controller::build_active_retries: {get_param: OctaviaBuildActiveRetries} - {get_param: OctaviaCaCert}
octavia::controller::port_detach_timeout: {get_param: OctaviaPortDetachTimeout} octavia::certificates::ca_private_key_data:
octavia::controller::admin_log_targets: {get_param: OctaviaAdminLogTargets} if:
octavia::controller::administrative_log_facility: {get_param: OctaviaAdminLogFacility} - octavia_ca_key_set
octavia::controller::forward_all_logs: {get_param: OctaviaForwardAllLogs} - {get_param: OctaviaCaKey}
octavia::controller::tenant_log_targets: {get_param: OctaviaTenantLogTargets} octavia::certificates::client_cert_data:
octavia::controller::user_log_facility: {get_param: OctaviaTenantLogFacility} if:
octavia::controller::user_log_format: {get_param: OctaviaUserLogFormat} - octavia_client_cert_set
octavia::controller::disable_local_log_storage: {get_param: OctaviaDisableLocalLogStorage} - {get_param: OctaviaClientCert}
octavia::nova::enable_anti_affinity: {get_param: OctaviaAntiAffinity}
-
if:
- octavia_topology_unset
- {}
- octavia::controller::loadbalancer_topology: {get_param: OctaviaLoadBalancerTopology}
-
if:
- octavia_ca_cert_unset
- {}
- octavia::certificates::ca_certificate_data: {get_param: OctaviaCaCert}
-
if:
- octavia_ca_key_unset
- {}
- octavia::certificates::ca_private_key_data: {get_param: OctaviaCaKey}
-
if:
- octavia_client_cert_unset
- {}
- octavia::certificates::client_cert_data: {get_param: OctaviaClientCert}
update_tasks: &ensure_start_up_files update_tasks: &ensure_start_up_files
- name: make sure that post-deploy.conf exists before restarting containers on update or upgrade - name: make sure that post-deploy.conf exists before restarting containers on update or upgrade
when: step|int == 5 when: step|int == 5

View File

@ -207,53 +207,6 @@ resources:
type: OS::Nova::KeyPair type: OS::Nova::KeyPair
external_id: default external_id: default
{% endif %} {% endif %}
OctaviaVars:
type: OS::Heat::Value
properties:
type: json
value:
vars:
os_auth_type: "password"
os_identity_api_version: "3"
amp_image_name: { get_param: OctaviaAmphoraImageName }
amp_image_filename: {get_param: OctaviaAmphoraImageFilename }
amp_image_tag: { get_param: OctaviaAmphoraImageTag }
amp_hw_arch: { get_param: OctaviaAmphoraImageArchitecture }
amp_ssh_key_name: { get_param: OctaviaAmphoraSshKeyName }
amp_ssh_key_path: { get_param: OctaviaAmphoraSshKeyFile }
{% if not octavia_standalone %}
amp_ssh_key_data: { get_attr: [default_key_pair, public_key] }
{% endif %}
{% raw %}
amp_to_raw: {if: [octavia_raw_image_check, true, false]}
auth_username: { get_param: OctaviaUserName }
auth_password: { get_param: OctaviaPassword }
auth_project_name: { get_param: OctaviaProjectName }
lb_mgmt_net_name: { get_param: OctaviaControlNetwork }
lb_mgmt_subnet_name: { get_param: OctaviaControlSubnet }
lb_sec_group_name: { get_param: OctaviaControlSubnet }
lb_mgmt_subnet_cidr: { get_param: OctaviaControlSubnetCidr }
lb_mgmt_subnet_gateway: { get_param: OctaviaControlSubnetGateway }
lb_mgmt_subnet_pool_start: { get_param: OctaviaControlSubnetPoolStart }
lb_mgmt_subnet_pool_end: { get_param: OctaviaControlSubnetPoolEnd }
ca_cert_path: { get_param: OctaviaCaCertFile }
ca_private_key_path: { get_param: OctaviaCaKeyFile }
server_certs_key_passphrase: {get_param: OctaviaServerCertsKeyPassphrase}
ca_passphrase: { get_param: OctaviaCaKeyPassphrase }
client_cert_path: { get_param: OctaviaClientCertFile }
generate_certs: { get_param: OctaviaGenerateCerts }
mgmt_port_dev: { get_param: OctaviaMgmtPortDevName }
os_password: { get_param: AdminPassword }
os_project_name: 'admin'
os_username: 'admin'
octavia_ansible_playbook: '/usr/share/ansible/tripleo-playbooks/octavia-files.yaml'
os_auth_url: { get_param: [EndpointMap, KeystoneV3Public, uri] }
os_int_auth_url: { get_param: [EndpointMap, KeystoneInternal, uri] }
octavia_local_tmpdir: "{{playbook_dir}}/octavia-ansible/local_dir"
octavia_group_vars_dir: "{{playbook_dir}}/octavia-ansible/group_vars"
container_cli: { get_param: ContainerCli }
enable_log_offloading: { get_param: OctaviaLogOffload }
stack_action: { get_param: StackAction }
outputs: outputs:
role_data: role_data:
@ -272,7 +225,48 @@ outputs:
block: block:
- name: Set up group_vars - name: Set up group_vars
set_fact: set_fact:
octavia_ansible_group_vars: { get_attr: [OctaviaVars, value, vars] } octavia_ansible_group_vars:
os_auth_type: "password"
os_identity_api_version: "3"
amp_image_name: { get_param: OctaviaAmphoraImageName }
amp_image_filename: {get_param: OctaviaAmphoraImageFilename }
amp_image_tag: { get_param: OctaviaAmphoraImageTag }
amp_hw_arch: { get_param: OctaviaAmphoraImageArchitecture }
amp_ssh_key_name: { get_param: OctaviaAmphoraSshKeyName }
amp_ssh_key_path: { get_param: OctaviaAmphoraSshKeyFile }
{% if not octavia_standalone %}
amp_ssh_key_data: { get_attr: [default_key_pair, public_key] }
{% endif %}
amp_to_raw: {if: [octavia_raw_image_check, true, false]}
auth_username: { get_param: OctaviaUserName }
auth_password: { get_param: OctaviaPassword }
auth_project_name: { get_param: OctaviaProjectName }
lb_mgmt_net_name: { get_param: OctaviaControlNetwork }
lb_mgmt_subnet_name: { get_param: OctaviaControlSubnet }
lb_sec_group_name: { get_param: OctaviaControlSubnet }
lb_mgmt_subnet_cidr: { get_param: OctaviaControlSubnetCidr }
lb_mgmt_subnet_gateway: { get_param: OctaviaControlSubnetGateway }
lb_mgmt_subnet_pool_start: { get_param: OctaviaControlSubnetPoolStart }
lb_mgmt_subnet_pool_end: { get_param: OctaviaControlSubnetPoolEnd }
ca_cert_path: { get_param: OctaviaCaCertFile }
ca_private_key_path: { get_param: OctaviaCaKeyFile }
server_certs_key_passphrase: {get_param: OctaviaServerCertsKeyPassphrase}
ca_passphrase: { get_param: OctaviaCaKeyPassphrase }
client_cert_path: { get_param: OctaviaClientCertFile }
generate_certs: { get_param: OctaviaGenerateCerts }
mgmt_port_dev: { get_param: OctaviaMgmtPortDevName }
os_password: { get_param: AdminPassword }
os_project_name: 'admin'
os_username: 'admin'
octavia_ansible_playbook: '/usr/share/ansible/tripleo-playbooks/octavia-files.yaml'
os_auth_url: { get_param: [EndpointMap, KeystoneV3Public, uri] }
os_int_auth_url: { get_param: [EndpointMap, KeystoneInternal, uri] }
{% raw %}
octavia_local_tmpdir: "{{playbook_dir}}/octavia-ansible/local_dir"
octavia_group_vars_dir: "{{playbook_dir}}/octavia-ansible/group_vars"
container_cli: { get_param: ContainerCli }
enable_log_offloading: { get_param: OctaviaLogOffload }
stack_action: { get_param: StackAction }
no_log: "{{ hide_sensitive_logs | bool }}" no_log: "{{ hide_sensitive_logs | bool }}"
- name: Make needed directories on the undercloud - name: Make needed directories on the undercloud
become: true become: true
@ -297,11 +291,9 @@ outputs:
content: | content: |
octavia_nodes: octavia_nodes:
hosts: hosts:
{%- set octavia_groups = ['worker'] -%} {%- set octavia_groups = ['worker'] -%}
{%- for octavia_group in octavia_groups -%} {%- for octavia_group in octavia_groups -%}
{%- if 'octavia_' ~ octavia_groups %} {%- if 'octavia_' ~ octavia_groups %}
{% for host in groups['octavia_' ~ octavia_group] -%} {% for host in groups['octavia_' ~ octavia_group] -%}
{{ hostvars.raw_get(host)['ansible_facts']['hostname'] | lower}}: {{ hostvars.raw_get(host)['ansible_facts']['hostname'] | lower}}:
ansible_user: {{ hostvars.raw_get(host)['ansible_ssh_user'] | default('heat-admin') }} ansible_user: {{ hostvars.raw_get(host)['ansible_ssh_user'] | default('heat-admin') }}
@ -309,10 +301,8 @@ outputs:
canonical_hostname: {{ hostvars.raw_get(host)['canonical_hostname'] | default(host) | lower }} canonical_hostname: {{ hostvars.raw_get(host)['canonical_hostname'] | default(host) | lower }}
ansible_become: true ansible_become: true
{% endfor %} {% endfor %}
{%- endif -%} {%- endif -%}
{%- endfor %} {%- endfor %}
Undercloud: Undercloud:
hosts: hosts:
{% for host in groups['Undercloud'] -%} {% for host in groups['Undercloud'] -%}

View File

@ -61,12 +61,7 @@ parameters:
the controller logs. the controller logs.
type: boolean type: boolean
conditions:
log_offload_enabled: {equals: [{get_param: OctaviaLogOffload}, true]}
resources: resources:
ContainersCommon: ContainersCommon:
type: ../containers-common.yaml type: ../containers-common.yaml
@ -167,14 +162,13 @@ outputs:
volumes: volumes:
list_concat: list_concat:
- {get_attr: [ContainersCommon, volumes]} - {get_attr: [ContainersCommon, volumes]}
- - - /var/lib/kolla/config_files/octavia_health_manager.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/kolla/config_files/octavia_health_manager.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/octavia:/var/lib/kolla/config_files/src:ro - /var/lib/config-data/puppet-generated/octavia:/var/lib/kolla/config_files/src:ro
- /var/log/containers/octavia:/var/log/octavia:z - /var/log/containers/octavia:/var/log/octavia:z
environment: environment:
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
- if: - if:
- log_offload_enabled - {get_param: OctaviaLogOffload}
- octavia_rsyslog: - octavia_rsyslog:
start_order: 2 start_order: 2
image: {get_param: ContainerOctaviaRsyslogImage} image: {get_param: ContainerOctaviaRsyslogImage}
@ -190,7 +184,6 @@ outputs:
- /var/log/containers/octavia-amphorae:/var/log/octavia:z - /var/log/containers/octavia-amphorae:/var/log/octavia:z
environment: environment:
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
- {}
update_tasks: {get_attr: [OctaviaBase, role_data, update_tasks]} update_tasks: {get_attr: [OctaviaBase, role_data, update_tasks]}
upgrade_tasks: {get_attr: [OctaviaBase, role_data, upgrade_tasks]} upgrade_tasks: {get_attr: [OctaviaBase, role_data, upgrade_tasks]}
host_prep_tasks: host_prep_tasks:

View File

@ -50,10 +50,10 @@ parameters:
type: string type: string
conditions: conditions:
amphora_expiry_is_zero: {equals: [{get_param: OctaviaAmphoraExpiryAge}, 0]} amphora_expiry_set:
not: {equals: [{get_param: OctaviaAmphoraExpiryAge}, 0]}
resources: resources:
ContainersCommon: ContainersCommon:
type: ../containers-common.yaml type: ../containers-common.yaml
@ -78,10 +78,8 @@ outputs:
config_settings: config_settings:
map_merge: map_merge:
- get_attr: [OctaviaBase, role_data, config_settings] - get_attr: [OctaviaBase, role_data, config_settings]
- - if:
if: - amphora_expiry_set
- amphora_expiry_is_zero
- {}
- octavia::housekeeping::amphora_expiry_age: {get_param: OctaviaAmphoraExpiryAge} - octavia::housekeeping::amphora_expiry_age: {get_param: OctaviaAmphoraExpiryAge}
service_config_settings: service_config_settings:
rsyslog: rsyslog:
@ -137,8 +135,7 @@ outputs:
volumes: volumes:
list_concat: list_concat:
- {get_attr: [ContainersCommon, volumes]} - {get_attr: [ContainersCommon, volumes]}
- - - /var/lib/kolla/config_files/octavia_housekeeping.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/kolla/config_files/octavia_housekeeping.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/octavia:/var/lib/kolla/config_files/src:ro - /var/lib/config-data/puppet-generated/octavia:/var/lib/kolla/config_files/src:ro
- /var/log/containers/octavia:/var/log/octavia:z - /var/log/containers/octavia:/var/log/octavia:z
environment: environment:

View File

@ -47,7 +47,6 @@ parameters:
type: string type: string
resources: resources:
ContainersCommon: ContainersCommon:
type: ../containers-common.yaml type: ../containers-common.yaml
@ -124,8 +123,7 @@ outputs:
volumes: volumes:
list_concat: list_concat:
- {get_attr: [ContainersCommon, volumes]} - {get_attr: [ContainersCommon, volumes]}
- - - /var/lib/kolla/config_files/octavia_worker.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/kolla/config_files/octavia_worker.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/octavia:/var/lib/kolla/config_files/src:ro - /var/lib/config-data/puppet-generated/octavia:/var/lib/kolla/config_files/src:ro
- /var/log/containers/octavia:/var/log/octavia:z - /var/log/containers/octavia:/var/log/octavia:z
environment: environment:

View File

@ -54,12 +54,12 @@ parameters:
certificate for this service certificate for this service
conditions: conditions:
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
is_ovn_in_neutron_mechanism_driver: {contains: ['ovn', {get_param: NeutronMechanismDrivers}]} is_ovn_in_neutron_mechanism_driver: {contains: ['ovn', {get_param: NeutronMechanismDrivers}]}
ovn_and_tls: {and: [is_ovn_in_neutron_mechanism_driver, internal_tls_enabled]} ovn_and_tls: {and: [is_ovn_in_neutron_mechanism_driver, {get_param: EnableInternalTLS}]}
octavia_provider_ovn_protocol_unset: {equals: [{get_param: OctaviaOvnProviderProtocol}, '']} octavia_provider_ovn_protocol_set:
key_size_override_unset: {equals: [{get_param: OctaviaCertificateKeySize}, '']} not: {equals: [{get_param: OctaviaOvnProviderProtocol}, '']}
key_size_override_set:
not: {equals: [{get_param: OctaviaCertificateKeySize}, '']}
outputs: outputs:
role_data: role_data:
@ -67,26 +67,23 @@ outputs:
value: value:
config_settings: config_settings:
map_merge: map_merge:
- - if:
if: - octavia_provider_ovn_protocol_set
- octavia_provider_ovn_protocol_unset - tripleo::profile::base::octavia::provider::ovn::protocol: {get_param: OctaviaOvnProviderProtocol}
- if: - if:
- internal_tls_enabled - {get_param: EnableInternalTLS}
- tripleo::profile::base::octavia::provider::ovn::protocol: 'ssl' - tripleo::profile::base::octavia::provider::ovn::protocol: 'ssl'
- tripleo::profile::base::octavia::provider::ovn::protocol: 'tcp' - tripleo::profile::base::octavia::provider::ovn::protocol: 'tcp'
- tripleo::profile::base::octavia::provider::ovn::protocol: {get_param: OctaviaOvnProviderProtocol} - if:
- if:
- ovn_and_tls - ovn_and_tls
- tripleo::profile::base::octavia::provider::ovn::ovn_nb_ca_cert: {get_param: InternalTLSCAFile} - tripleo::profile::base::octavia::provider::ovn::ovn_nb_ca_cert: {get_param: InternalTLSCAFile}
tripleo::profile::base::octavia::provider::ovn::ovn_nb_certificate: '/etc/pki/tls/certs/ovn_octavia.crt' tripleo::profile::base::octavia::provider::ovn::ovn_nb_certificate: '/etc/pki/tls/certs/ovn_octavia.crt'
tripleo::profile::base::octavia::provider::ovn::ovn_nb_private_key: '/etc/pki/tls/private/ovn_octavia.key' tripleo::profile::base::octavia::provider::ovn::ovn_nb_private_key: '/etc/pki/tls/private/ovn_octavia.key'
- {}
puppet_tags: octavia_ovn_provider_config puppet_tags: octavia_ovn_provider_config
provider_driver_labels: provider_driver_labels:
if: if:
- is_ovn_in_neutron_mechanism_driver - is_ovn_in_neutron_mechanism_driver
- ['ovn: Octavia OVN driver.'] - ['ovn: Octavia OVN driver.']
- []
step_config: step_config:
if: if:
- is_ovn_in_neutron_mechanism_driver - is_ovn_in_neutron_mechanism_driver
@ -98,39 +95,31 @@ outputs:
- - service: ovn_octavia - - service: ovn_octavia
network: {get_param: [ServiceNetMap, OvnDbsNetwork]} network: {get_param: [ServiceNetMap, OvnDbsNetwork]}
type: node type: node
- null
volumes: volumes:
if: if:
- ovn_and_tls - ovn_and_tls
- - - /etc/pki/tls/certs/ovn_octavia.crt:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/ovn_octavia.crt:ro
- /etc/pki/tls/certs/ovn_octavia.crt:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/ovn_octavia.crt:ro
- /etc/pki/tls/private/ovn_octavia.key:/var/lib/kolla/config_files/src-tls/etc/pki/tls/private/ovn_octavia.key:ro - /etc/pki/tls/private/ovn_octavia.key:/var/lib/kolla/config_files/src-tls/etc/pki/tls/private/ovn_octavia.key:ro
- []
kolla_permissions: kolla_permissions:
if: if:
- ovn_and_tls - ovn_and_tls
- - - path: /etc/pki/tls/certs/ovn_octavia.crt
- path: /etc/pki/tls/certs/ovn_octavia.crt
owner: octavia:octavia owner: octavia:octavia
perm: '0644' perm: '0644'
- path: /etc/pki/tls/private/ovn_octavia.key - path: /etc/pki/tls/private/ovn_octavia.key
owner: octavia:octavia owner: octavia:octavia
perm: '0640' perm: '0640'
- []
kolla_config_files: kolla_config_files:
if: if:
- ovn_and_tls - ovn_and_tls
- - - source: "/var/lib/kolla/config_files/src-tls/*"
- source: "/var/lib/kolla/config_files/src-tls/*"
dest: "/" dest: "/"
merge: true merge: true
preserve_properties: true preserve_properties: true
- []
deploy_steps_tasks: deploy_steps_tasks:
if: if:
- ovn_and_tls - ovn_and_tls
- - - name: Certificate generation
- name: Certificate generation
when: step|int == 1 when: step|int == 1
block: block:
- include_role: - include_role:
@ -150,8 +139,7 @@ outputs:
$NETWORK: {get_param: [ServiceNetMap, OvnDbsNetwork]} $NETWORK: {get_param: [ServiceNetMap, OvnDbsNetwork]}
key_size: key_size:
if: if:
- key_size_override_unset - key_size_override_set
- {get_param: CertificateKeySize}
- {get_param: OctaviaCertificateKeySize} - {get_param: OctaviaCertificateKeySize}
- {get_param: CertificateKeySize}
ca: ipa ca: ipa
- null