heat_template_version: rocky description: > OpenStack Neutron SR-IOV service parameters: ContainerNeutronSriovImage: description: The container image to use for the Neutron SR-IOV agent type: string ContainerNeutronConfigImage: description: The container image to use for the neutron config_volume type: string DockerSRIOVUlimit: default: ['nofile=16384'] description: ulimit for SR-IOV Container type: comma_delimited_list ServiceData: default: {} description: Dictionary packing service data type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set via parameter_defaults in the resource registry. This mapping overrides those in ServiceNetMapDefaults. type: json DefaultPasswords: default: {} type: json RoleName: default: '' description: Role name on which the service is applied type: string RoleParameters: default: {} description: Parameters specific to the role type: json EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json NeutronPhysicalDevMappings: description: > List of : All physical networks listed in network_vlan_ranges on the server should have mappings to appropriate interfaces on each agent. Example "tenant0:ens2f0,tenant1:ens2f1" type: comma_delimited_list default: "" tags: - role_specific NeutronExcludeDevices: description: > List of : mapping network_device to the agent's node-specific list of virtual functions that should not be used for virtual networking. excluded_devices is a semicolon separated list of virtual functions to exclude from network_device. The network_device in the mapping should appear in the physical_device_mappings list. type: comma_delimited_list default: "" tags: - role_specific NeutronSriovAgentExtensions: default: "" description: > Comma-separated list of extensions enabled for the Neutron SR-IOV agents. type: comma_delimited_list tags: - role_specific DerivePciWhitelistEnabled: default: true description: Whether to enable or not the pci passthrough whitelist automation. type: boolean tags: - role_specific NeutronSriovResourceProviderBandwidths: description: > Comma-separated list of :: tuples, showing the available bandwidth for the given device in the given direction. The direction is meant from VM perspective. Bandwidth is measured in kilobits per second (kbps). The device must appear in physical_device_mappings as the value. type: comma_delimited_list default: "" tags: - role_specific conditions: derive_pci_whitelist_enabled: or: - and: - equals: [{get_param: DerivePciWhitelistEnabled}, true] - equals: [{get_param: [RoleParameters, DerivePciWhitelistEnabled]}, ''] - equals: [{get_param: [RoleParameters, DerivePciWhitelistEnabled]}, true] resources: # Merging role-specific parameters (RoleParameters) with the default parameters. # RoleParameters will have the precedence over the default parameters. RoleParametersValue: type: OS::Heat::Value properties: type: json value: map_replace: - map_replace: - neutron::agents::ml2::sriov::physical_device_mappings: NeutronPhysicalDevMappings neutron::agents::ml2::sriov::exclude_devices: NeutronExcludeDevices neutron::agents::ml2::sriov::extensions: NeutronSriovAgentExtensions neutron::agents::ml2::sriov_nic::resource_provider_bandwidths: NeutronSriovResourceProviderBandwidths - values: {get_param: [RoleParameters]} - values: NeutronPhysicalDevMappings: {get_param: NeutronPhysicalDevMappings} NeutronExcludeDevices: {get_param: NeutronExcludeDevices} NeutronSriovAgentExtensions: {get_param: NeutronSriovAgentExtensions} NeutronSriovResourceProviderBandwidths: {get_param: NeutronSriovResourceProviderBandwidths} ContainersCommon: type: ../containers-common.yaml NeutronBase: type: ./neutron-base.yaml properties: EndpointMap: {get_param: EndpointMap} ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} RoleParameters: {get_param: RoleParameters} NeutronLogging: type: OS::TripleO::Services::Logging::NeutronCommon properties: NeutronServiceName: sriov-nic-agent outputs: role_data: description: Role data for Neutron sriov service value: service_name: neutron_sriov_agent config_settings: map_merge: - get_attr: [NeutronBase, role_data, config_settings] - get_attr: [RoleParametersValue, value] - get_attr: [NeutronLogging, config_settings] puppet_config: config_volume: neutron puppet_tags: neutron_config,neutron_agent_sriov_numvfs,neutron_sriov_agent_config step_config: | include tripleo::profile::base::neutron::sriov config_image: {get_param: ContainerNeutronConfigImage} kolla_config: /var/lib/kolla/config_files/neutron_sriov_agent.json: command: list_join: - ' ' - - /usr/bin/neutron-sriov-nic-agent --config-file /usr/share/neutron/neutron-dist.conf --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/sriov_agent.ini --config-dir /etc/neutron/conf.d/common - get_attr: [NeutronLogging, cmd_extra_args] config_files: - source: "/var/lib/kolla/config_files/src/*" dest: "/" merge: true preserve_properties: true permissions: - path: /var/log/neutron owner: neutron:neutron recurse: true docker_config: step_4: neutron_sriov_agent: start_order: 10 image: {get_param: ContainerNeutronSriovImage} net: host pid: host privileged: true restart: always healthcheck: {get_attr: [ContainersCommon, healthcheck_rpc_port]} ulimit: {get_param: DockerSRIOVUlimit} volumes: list_concat: - {get_attr: [ContainersCommon, volumes]} - {get_attr: [NeutronLogging, volumes]} - - /var/lib/kolla/config_files/neutron_sriov_agent.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/neutron:/var/lib/kolla/config_files/src:ro - /lib/modules:/lib/modules:ro - /run:/run - /sys/class/net:/sys/class/net:rw environment: KOLLA_CONFIG_STRATEGY: COPY_ALWAYS host_prep_tasks: list_concat: - {get_attr: [NeutronLogging, host_prep_tasks]} - - name: enable virt_sandbox_use_netlink for healthcheck seboolean: name: virt_sandbox_use_netlink persistent: yes state: yes - if: - derive_pci_whitelist_enabled - - name: "creating directory" file: state: directory path: /var/lib/pci_passthrough_whitelist_scripts owner: root group: root mode: 0750 - name: derive pci passthrough whitelist copy: src: /usr/share/openstack-tripleo-heat-templates/deployment/neutron/derive_pci_passthrough_whitelist.py dest: /var/lib/pci_passthrough_whitelist_scripts/derive_pci_passthrough_whitelist.py mode: 0700 - name: run derive_pci_passthrough_whitelist.py command: /var/lib/pci_passthrough_whitelist_scripts/derive_pci_passthrough_whitelist.py - [] metadata_settings: get_attr: [NeutronBase, role_data, metadata_settings] upgrade_tasks: - name: upgrade prepare for leapp to remove extra sriov vfs tags: - never - system_upgrade - system_upgrade_prepare when: - step|int == 3 - upgrade_leapp_enabled block: - name: reset all vfs as leapp will look for all interfaces on reboot shell: | for item in $(find /sys/class/net/ -type l); do DEVPATH="$item/device/sriov_numvfs" if [ -f $DEVPATH ]; then NUM_VFS=$(cat $DEVPATH) if [[ $NUM_VFS != 0 ]]; then echo 0 >$DEVPATH fi fi done - name: remove sriov_config service for leapp upgrade file: path: "/etc/systemd/system/sriov_config.service" state: absent register: sriov_config_remove_result - name: reload systemd daemon after removing sriov_config service systemd: daemon-reload: yes when: sriov_config_remove_result['changed']