heat_template_version: queens description: > OpenDaylight OVS Configuration. parameters: OpenDaylightPort: default: 0 description: Set opendaylight service port type: number OpenDaylightUsername: default: 'admin' description: The username for the opendaylight server. type: string OpenDaylightPassword: default: 'admin' type: string description: The password for the opendaylight server. hidden: true OpenDaylightConnectionProtocol: description: L7 protocol used for REST access type: string default: 'http' OpenDaylightCheckURL: description: URL postfix to verify ODL has finished starting up type: string default: 'restconf/operational/network-topology:network-topology/topology/netvirt:1' OpenDaylightApiVirtualIP: type: string default: '' OpenDaylightProviderMappings: description: Mappings between logical networks and physical interfaces. Required for VLAN deployments. For example physnet1 -> eth1. type: comma_delimited_list default: "datacentre:br-ex" tags: - role_specific HostAllowedNetworkTypes: description: Allowed tenant network types for this OVS host. Note this can vary per host or role to constrain which hosts nova instances and networks are scheduled to. type: comma_delimited_list default: ['local', 'vlan', 'vxlan', 'gre'] tags: - role_specific OvsEnableDpdk: description: Whether or not to configure enable DPDK in OVS default: false type: boolean tags: - role_specific OvsVhostuserMode: description: Specify the mode for OVS with vhostuser port creation. In client mode, the hypervisor will be responsible for creating vhostuser sockets. In server mode, OVS will create them. type: string default: "client" constraints: - allowed_values: [ 'client', 'server' ] tags: - role_specific VhostuserSocketDir: description: Specify the directory to use for vhostuser sockets type: string default: "/var/run/openvswitch" tags: - role_specific EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json ServiceData: default: {} description: Dictionary packing service data type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set via parameter_defaults in the resource registry. This mapping overrides those in ServiceNetMapDefaults. type: json DefaultPasswords: default: {} type: json RoleName: default: '' description: Role name on which the service is applied type: string RoleParameters: default: {} description: Parameters specific to the role type: json OvsHwOffload: default: false description: | Enable OVS Hardware Offload. This feature supported from OVS 2.8.0 type: boolean EnableInternalTLS: type: boolean default: false InternalTLSCAFile: default: '/etc/ipa/ca.crt' type: string description: Specifies the default CA cert to use if TLS is used for services in the internal network. parameter_groups: - label: deprecated description: | The following parameters are deprecated and will be removed. They should not be relied on for new deployments. If you have concerns regarding deprecated parameters, please contact the TripleO development team on IRC or the OpenStack mailing list. parameters: - OpenDaylightConnectionProtocol - OpenDaylightPort conditions: internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} odl_deprecated_port_set: not: equals: - {get_param: OpenDaylightPort} - 0 resources: Ovs: type: ./openvswitch.yaml properties: ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} RoleName: {get_param: RoleName} RoleParameters: {get_param: RoleParameters} # Merging role-specific parameters (RoleParameters) with the default parameters. # RoleParameters will have the precedence over the default parameters. RoleParametersValue: type: OS::Heat::Value properties: type: json value: map_replace: - map_replace: - neutron::plugins::ovs::opendaylight::allowed_network_types: HostAllowedNetworkTypes neutron::plugins::ovs::opendaylight::enable_dpdk: OvsEnableDpdk neutron::plugins::ovs::opendaylight::vhostuser_socket_dir: VhostuserSocketDir neutron::plugins::ovs::opendaylight::vhostuser_mode: OvsVhostuserMode neutron::plugins::ovs::opendaylight::provider_mappings: OpenDaylightProviderMappings neutron::plugins::ovs::opendaylight::enable_hw_offload: OvsHwOffload vswitch::ovs::enable_hw_offload: OvsHwOffload - values: {get_param: [RoleParameters]} - values: HostAllowedNetworkTypes: {get_param: HostAllowedNetworkTypes} OvsEnableDpdk: {get_param: OvsEnableDpdk} VhostuserSocketDir: {get_param: VhostuserSocketDir} OvsVhostuserMode: {get_param: OvsVhostuserMode} OpenDaylightProviderMappings: {get_param: OpenDaylightProviderMappings} OvsHwOffload: {get_param: OvsHwOffload} outputs: role_data: description: Role data for the OpenDaylight service. value: service_name: opendaylight_ovs config_settings: map_merge: - opendaylight::odl_rest_port: if: - odl_deprecated_port_set - {get_param: OpenDaylightPort} - {get_param: [EndpointMap, OpenDaylightInternal, port]} opendaylight::username: {get_param: OpenDaylightUsername} opendaylight::password: {get_param: OpenDaylightPassword} neutron::plugins::ovs::opendaylight::odl_username: {get_param: OpenDaylightUsername} neutron::plugins::ovs::opendaylight::odl_password: {get_param: OpenDaylightPassword} opendaylight_check_url: {get_param: OpenDaylightCheckURL} neutron::agents::ml2::ovs::local_ip: {get_param: [ServiceNetMap, NeutronTenantNetwork]} tripleo.opendaylight_ovs.firewall_rules: '118 neutron vxlan networks': proto: 'udp' dport: 4789 '136 neutron gre networks': proto: 'gre' - if: - internal_tls_enabled - generate_service_certificates: true tripleo::profile::base::neutron::plugins::ovs::opendaylight::certificate_specs: service_certificate: '/etc/pki/tls/certs/ovs.crt' service_key: '/etc/pki/tls/private/ovs.key' hostname: str_replace: template: "%{hiera('fqdn_NETWORK')}" params: NETWORK: {get_param: [ServiceNetMap, OpendaylightApiNetwork]} principal: str_replace: template: "ovs/%{hiera('fqdn_NETWORK')}" params: NETWORK: {get_param: [ServiceNetMap, OpendaylightApiNetwork]} neutron::plugins::ovs::opendaylight::tls_ca_cert_file: {get_param: InternalTLSCAFile} tripleo::profile::base::neutron::plugins::ovs::opendaylight::conn_proto: 'https' - {} - get_attr: [Ovs, role_data, config_settings] - get_attr: [RoleParametersValue, value] step_config: | include tripleo::profile::base::neutron::plugins::ovs::opendaylight upgrade_tasks: list_concat: - get_attr: [Ovs, role_data, upgrade_tasks] - - name: Check if openvswitch is deployed command: systemctl is-enabled openvswitch tags: common ignore_errors: True register: openvswitch_enabled - name: "PreUpgrade step0,validation: Check service openvswitch is running" command: systemctl is-active --quiet openvswitch when: (openvswitch_enabled.rc == 0) and (step|int == 0) tags: validation - name: Stop openvswitch service when: (openvswitch_enabled.rc == 0) and (step|int == 1) service: name=openvswitch state=stopped # Container upgrade steps. - name: Block connections to ODL. #This rule will be inserted at the top. iptables: chain=OUTPUT action=insert protocol=tcp destination_port={{ item }} jump=DROP when: step|int == 0 with_items: - 6640 - 6653 - 6633 post_upgrade_tasks: - name: Check service openvswitch is running command: systemctl is-active --quiet openvswitch tags: common register: openvswitch_running - name: Delete OVS groups and ports shell: "sudo ovs-ofctl -O Openflow13 del-groups br-int; \ for tun_port in $(ovs-vsctl list-ports br-int | grep 'tun'); \ do; ovs-vsctl del-port br-int $(tun_port); done;" when: (step|int == 0) and (openvswitch_running.rc == 0) - name: Stop openvswitch service when: (step|int == 1) and (openvswitch_running.rc == 0) service: name=openvswitch state=stopped - name: Unblock OVS port per compute node. #Delete previously added rule iptables: chain=OUTPUT action=insert protocol=tcp destination_port={{ item }} jump=DROP state=absent when: step|int == 2 with_items: - 6640 - 6653 - 6633 - name: start openvswitch service when: step|int == 3 service : name=openvswitch state=started metadata_settings: if: - internal_tls_enabled - - service: ovs network: {get_param: [ServiceNetMap, OpendaylightApiNetwork]} type: node - null