heat_template_version: rocky description: > OpenDaylight OVS Configuration. parameters: OpenDaylightUsername: default: 'admin' description: The username for the opendaylight server. type: string OpenDaylightPassword: type: string description: The password for the opendaylight server. hidden: true OpenDaylightCheckURL: description: URL postfix to verify ODL has finished starting up type: string default: 'restconf/operational/network-topology:network-topology/topology/netvirt:1' OpenDaylightApiVirtualIP: type: string default: '' OpenDaylightProviderMappings: description: Mappings between logical networks and physical interfaces. Required for VLAN deployments. For example physnet1 -> eth1. type: comma_delimited_list default: "datacentre:br-ex" tags: - role_specific HostAllowedNetworkTypes: description: Allowed tenant network types for this OVS host. Note this can vary per host or role to constrain which hosts nova instances and networks are scheduled to. type: comma_delimited_list default: ['local', 'flat', 'vlan', 'vxlan', 'gre'] tags: - role_specific OvsEnableDpdk: description: Whether or not to configure enable DPDK in OVS default: false type: boolean tags: - role_specific OvsVhostuserMode: description: Specify the mode for QEMU with vhostuser port creation. In client mode, openvswitch will be responsible for creating vhostuser sockets. In server mode, the hypervisor will create them. Note, 'client' mode is deprecated. type: string default: "server" constraints: - allowed_values: [ 'client', 'server' ] tags: - role_specific VhostuserSocketDir: description: Specify the directory to use for vhostuser sockets type: string default: "/var/lib/vhost_sockets" tags: - role_specific EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json ServiceData: default: {} description: Dictionary packing service data type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set via parameter_defaults in the resource registry. This mapping overrides those in ServiceNetMapDefaults. type: json DefaultPasswords: default: {} type: json RoleName: default: '' description: Role name on which the service is applied type: string RoleParameters: default: {} description: Parameters specific to the role type: json OvsHwOffload: default: false description: | Enable OVS Hardware Offload. This feature supported from OVS 2.8.0 type: boolean tags: - role_specific EnableInternalTLS: type: boolean default: false InternalTLSCAFile: default: '/etc/ipa/ca.crt' type: string description: Specifies the default CA cert to use if TLS is used for services in the internal network. ODLUpdateLevel: default: 1 description: Specify the level of update type: number constraints: - allowed_values: - 1 - 2 VhostuserSocketGroup: default: "qemu" description: > The vhost-user socket directory group name. Defaults to 'qemu'. When vhostuser mode is 'dpdkvhostuserclient' (which is the default mode), the vhost socket is created by qemu. type: string tags: - role_specific VhostuserSocketUser: default: "qemu" description: > The vhost-user socket directory user name. Defaults to 'qemu'. When vhostuser mode is 'dpdkvhostuserclient' (which is the default mode), the vhost socket is created by qemu. type: string tags: - role_specific OpenDaylightEnableIPv6Deployment: description: Enable deployment of ODL over IPv6 underlay network type: boolean default: false conditions: internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} resources: Ovs: type: ./openvswitch.yaml properties: ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} RoleName: {get_param: RoleName} RoleParameters: {get_param: RoleParameters} # Merging role-specific parameters (RoleParameters) with the default parameters. # RoleParameters will have the precedence over the default parameters. RoleParametersValue: type: OS::Heat::Value properties: type: json value: map_replace: - map_replace: - neutron::plugins::ovs::opendaylight::allowed_network_types: HostAllowedNetworkTypes neutron::plugins::ovs::opendaylight::enable_dpdk: OvsEnableDpdk neutron::plugins::ovs::opendaylight::vhostuser_socket_dir: VhostuserSocketDir neutron::plugins::ovs::opendaylight::vhostuser_mode: OvsVhostuserMode neutron::plugins::ovs::opendaylight::provider_mappings: OpenDaylightProviderMappings neutron::plugins::ovs::opendaylight::enable_hw_offload: OvsHwOffload vswitch::ovs::enable_hw_offload: OvsHwOffload tripleo::profile::base::neutron::plugins::ovs::opendaylight::vhostuser_socket_group: VhostuserSocketGroup tripleo::profile::base::neutron::plugins::ovs::opendaylight::vhostuser_socket_user: VhostuserSocketUser - values: {get_param: [RoleParameters]} - values: HostAllowedNetworkTypes: {get_param: HostAllowedNetworkTypes} OvsEnableDpdk: {get_param: OvsEnableDpdk} VhostuserSocketDir: {get_param: VhostuserSocketDir} OvsVhostuserMode: {get_param: OvsVhostuserMode} OpenDaylightProviderMappings: {get_param: OpenDaylightProviderMappings} OvsHwOffload: {get_param: OvsHwOffload} VhostuserSocketGroup: {get_param: VhostuserSocketGroup} VhostuserSocketUser: {get_param: VhostuserSocketUser} outputs: role_data: description: Role data for the OpenDaylight service. value: service_name: opendaylight_ovs config_settings: map_merge: - opendaylight::odl_rest_port: {get_param: [EndpointMap, OpenDaylightInternal, port]} opendaylight::username: {get_param: OpenDaylightUsername} opendaylight::password: {get_param: OpenDaylightPassword} neutron::plugins::ovs::opendaylight::odl_username: {get_param: OpenDaylightUsername} neutron::plugins::ovs::opendaylight::odl_password: {get_param: OpenDaylightPassword} opendaylight_check_url: {get_param: OpenDaylightCheckURL} neutron::agents::ml2::ovs::local_ip: str_replace: template: "%{hiera('$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, NeutronTenantNetwork]} tripleo.opendaylight_ovs.firewall_rules: '118 neutron vxlan networks': proto: 'udp' dport: 4789 '136 neutron gre networks': proto: 'gre' enable_ipv6: {get_param: OpenDaylightEnableIPv6Deployment} - if: - internal_tls_enabled - generate_service_certificates: true tripleo::profile::base::neutron::plugins::ovs::opendaylight::certificate_specs: service_certificate: '/etc/pki/tls/certs/ovs.crt' service_key: '/etc/pki/tls/private/ovs.key' hostname: str_replace: template: "%{hiera('fqdn_NETWORK')}" params: NETWORK: {get_param: [ServiceNetMap, OpendaylightApiNetwork]} principal: str_replace: template: "ovs/%{hiera('fqdn_NETWORK')}" params: NETWORK: {get_param: [ServiceNetMap, OpendaylightApiNetwork]} neutron::plugins::ovs::opendaylight::tls_ca_cert_file: {get_param: InternalTLSCAFile} tripleo::profile::base::neutron::plugins::ovs::opendaylight::conn_proto: 'https' - {} - get_attr: [Ovs, role_data, config_settings] - get_attr: [RoleParametersValue, value] service_config_settings: nova_libvirt: nova::compute::libvirt::qemu::group: {get_attr: [RoleParametersValue, value, 'tripleo::profile::base::neutron::plugins::ovs::opendaylight::vhostuser_socket_group']} step_config: | include tripleo::profile::base::neutron::plugins::ovs::opendaylight upgrade_tasks: - name: ODL container L2 update and upgrade tasks block: &odl_container_upgrade_tasks - name: Check if openvswitch is deployed command: systemctl is-enabled openvswitch tags: common ignore_errors: True register: openvswitch_enabled - name: "PreUpgrade step0,validation: Check service openvswitch is running" command: systemctl is-active --quiet openvswitch when: - step|int == 0 - openvswitch_enabled.rc == 0 tags: validation # Container upgrade steps. - name: Delete OVS groups and ports shell: > sudo ovs-ofctl -O Openflow13 del-groups br-int; for tun_port in $(sudo ovs-vsctl list-ports br-int | grep tun); do sudo ovs-vsctl del-port br-int $tun_port; done when: - step|int == 0 - openvswitch_enabled.rc == 0 update_tasks: - name: Get ODL update level block: &get_odl_update_level - name: store update level to update_level variable set_fact: odl_update_level: {get_param: ODLUpdateLevel} - name: Run L2 update tasks that are similar to upgrade_tasks when update level is 2 block: *odl_container_upgrade_tasks when: odl_update_level == 2 metadata_settings: if: - internal_tls_enabled - - service: ovs network: {get_param: [ServiceNetMap, OpendaylightApiNetwork]} type: node - null