heat_template_version: wallaby description: > OpenStack Neutron ML2/OVN plugin configured with Puppet parameters: ServiceData: default: {} description: Dictionary packing service data type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set via parameter_defaults in the resource registry. This mapping overrides those in ServiceNetMapDefaults. type: json RoleName: default: '' description: Role name on which the service is applied type: string RoleParameters: default: {} description: Parameters specific to the role type: json EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json OVNSouthboundServerPort: description: Port of the OVN Southbound DB server type: number default: 6642 OVNNorthboundServerPort: description: Port of the OVN Northbound DB server type: number default: 6641 OVNDbConnectionTimeout: description: Timeout in seconds for the OVSDB connection transaction type: number default: 180 OVNVifType: description: Type of VIF to be used for ports type: string default: ovs constraints: - allowed_values: - ovs - vhostuser OVNNeutronSyncMode: description: The synchronization mode of OVN with Neutron DB type: string default: log constraints: - allowed_values: - log - off - repair OVNQosDriver: description: OVN notification driver for Neutron QOS service plugin type: string default: ovn-qos NeutronGeneveMaxHeaderSize: description: Geneve encapsulation header size type: number default: 38 NeutronEnableDVR: description: Enable Neutron DVR. default: '' type: string NeutronEnableIgmpSnooping: description: Enable IGMP Snooping. type: boolean default: false OVNMetadataEnabled: description: Whether Metadata Service has to be enabled type: boolean default: true OVNDnsServers: default: [] description: List of servers to use as as dns forwarders type: comma_delimited_list EnableInternalTLS: type: boolean default: false InternalTLSCAFile: default: '/etc/ipa/ca.crt' type: string description: Specifies the default CA cert to use if TLS is used for services in the internal network. NeutronVhostuserSocketDir: default: "" description: The vhost-user socket directory for OVS type: string tags: - role_specific OVNEmitNeedToFrag: type: boolean default: false description: Configure OVN to emit "need to frag" packets in case of MTU mismatch. Before enabling this configuration make sure that it's supported by the host kernel (version >= 5.2) or by checking the output of the following command 'ovs-appctl -t ovs-vswitchd dpif/show-dp-features br-int | grep "Check pkt length action"'. conditions: neutron_dvr_unset: {equals : [{get_param: NeutronEnableDVR}, '']} internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} vhostuser_dir_set: or: - {not: {equals: [{get_param: NeutronVhostuserSocketDir}, ""]}} - {not: {equals: [{get_param: [RoleParameters, NeutronVhostuserSocketDir]}, ""]}} resources: NeutronMl2Base: type: ./neutron-plugin-ml2.yaml properties: ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} EndpointMap: {get_param: EndpointMap} RoleName: {get_param: RoleName} RoleParameters: {get_param: RoleParameters} outputs: role_data: description: Role data for the Neutron ML2/OVN plugin. value: service_name: neutron_plugin_ml2_ovn config_settings: map_merge: - get_attr: [NeutronMl2Base, role_data, config_settings] - ovn::southbound::port: {get_param: OVNSouthboundServerPort} ovn::northbound::port: {get_param: OVNNorthboundServerPort} neutron::plugins::ml2::ovn::ovsdb_connection_timeout: {get_param: OVNDbConnectionTimeout} neutron::plugins::ml2::ovn::neutron_sync_mode: {get_param: OVNNeutronSyncMode} neutron::plugins::ml2::ovn::vif_type: {get_param: OVNVifType} neutron::plugins::ml2::ovn::ovn_metadata_enabled: {get_param: OVNMetadataEnabled} neutron::server::qos_notification_drivers: {get_param: OVNQosDriver} neutron::server::igmp_snooping_enable: {get_param: NeutronEnableIgmpSnooping} neutron::plugins::ml2::max_header_size: {get_param: NeutronGeneveMaxHeaderSize} neutron::plugins::ml2::ovn::dns_servers: {get_param: OVNDnsServers} neutron::plugins::ml2::ovn::ovn_emit_need_to_frag: {get_param: OVNEmitNeedToFrag} - if: - internal_tls_enabled - neutron::plugins::ml2::ovn::ovn_sb_ca_cert: {get_param: InternalTLSCAFile} neutron::plugins::ml2::ovn::ovn_sb_certificate: '/etc/pki/tls/certs/ovn_neutron_client.crt' neutron::plugins::ml2::ovn::ovn_sb_private_key: '/etc/pki/tls/private/ovn_neutron_client.key' neutron::plugins::ml2::ovn::ovn_nb_ca_cert: {get_param: InternalTLSCAFile} neutron::plugins::ml2::ovn::ovn_nb_certificate: '/etc/pki/tls/certs/ovn_neutron_client.crt' neutron::plugins::ml2::ovn::ovn_nb_private_key: '/etc/pki/tls/private/ovn_neutron_client.key' - {} - if: - neutron_dvr_unset - neutron::plugins::ml2::ovn::dvr_enabled: true - neutron::plugins::ml2::ovn::dvr_enabled: {get_param: NeutronEnableDVR} - if: - vhostuser_dir_set - map_replace: - map_replace: - neutron::plugins::ml2::ovn::vhostuser_socket_dir: NeutronVhostuserSocketDir - values: {get_param: RoleParameters} - values: NeutronVhostuserSocketDir: {get_param: NeutronVhostuserSocketDir} - {} step_config: | include tripleo::profile::base::neutron::plugins::ml2 metadata_settings: get_attr: [NeutronMl2Base, role_data, metadata_settings]