heat_template_version: wallaby description: > OpenStack Neutron ML2/OVN plugin configured with Puppet parameters: ServiceData: default: {} description: Dictionary packing service data type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set via parameter_defaults in the resource registry. Use parameter_merge_strategies to merge it with the defaults. type: json RoleName: default: '' description: Role name on which the service is applied type: string RoleParameters: default: {} description: Parameters specific to the role type: json EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json OVNSouthboundServerPort: description: Port of the OVN Southbound DB server type: number default: 6642 OVNNorthboundServerPort: description: Port of the OVN Northbound DB server type: number default: 6641 OVNDbConnectionTimeout: description: Timeout in seconds for the OVSDB connection transaction type: number default: 180 OVNNeutronSyncMode: description: The synchronization mode of OVN with Neutron DB type: string default: log constraints: - allowed_values: - log - off - repair NeutronGeneveMaxHeaderSize: description: Geneve encapsulation header size type: number default: 38 NeutronEnableDVR: description: Enable Neutron DVR. default: '' type: string NeutronEnableIgmpSnooping: description: Enable IGMP Snooping. type: boolean default: false OVNMetadataEnabled: description: Whether Metadata Service has to be enabled type: boolean default: true OVNDnsServers: default: [] description: List of servers to use as as dns forwarders type: comma_delimited_list EnableInternalTLS: type: boolean default: false InternalTLSCAFile: default: '/etc/ipa/ca.crt' type: string description: Specifies the default CA cert to use if TLS is used for services in the internal network. NeutronVhostuserSocketDir: default: "" description: The vhost-user socket directory for OVS type: string tags: - role_specific OVNEmitNeedToFrag: type: boolean default: false description: Configure OVN to emit "need to frag" packets in case of MTU mismatch. Before enabling this configuration make sure that it's supported by the host kernel (version >= 5.2) or by checking the output of the following command 'ovs-appctl -t ovs-vswitchd dpif/show-dp-features br-int | grep "Check pkt length action"'. NeutronOVNLoggingRateLimit: default: 100 description: | Maximum number of packets logging per second type: number NeutronOVNLoggingBurstLimit: default: 25 description: | Maximum number of packets per rate_limit type: number NeutronOVNLoggingLocalOutputLogBase: default: '' description: | Output logfile path on agent side, default syslog file type: string conditions: neutron_dvr_set: not: {equals : [{get_param: NeutronEnableDVR}, '']} internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} vhostuser_dir_set: or: - {not: {equals: [{get_param: NeutronVhostuserSocketDir}, ""]}} - {not: {equals: [{get_param: [RoleParameters, NeutronVhostuserSocketDir]}, ""]}} network_log_local_output_log_base_set: not: {equals : [{get_param: NeutronOVNLoggingLocalOutputLogBase}, '']} resources: NeutronMl2Base: type: ./neutron-plugin-ml2.yaml properties: ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} EndpointMap: {get_param: EndpointMap} RoleName: {get_param: RoleName} RoleParameters: {get_param: RoleParameters} outputs: role_data: description: Role data for the Neutron ML2/OVN plugin. value: service_name: neutron_plugin_ml2_ovn config_settings: map_merge: - get_attr: [NeutronMl2Base, role_data, config_settings] - ovn::southbound::port: {get_param: OVNSouthboundServerPort} ovn::northbound::port: {get_param: OVNNorthboundServerPort} neutron::plugins::ml2::ovn::ovsdb_connection_timeout: {get_param: OVNDbConnectionTimeout} neutron::plugins::ml2::ovn::neutron_sync_mode: {get_param: OVNNeutronSyncMode} neutron::plugins::ml2::ovn::ovn_metadata_enabled: {get_param: OVNMetadataEnabled} neutron::server::igmp_snooping_enable: {get_param: NeutronEnableIgmpSnooping} neutron::plugins::ml2::max_header_size: {get_param: NeutronGeneveMaxHeaderSize} neutron::plugins::ml2::ovn::dns_servers: {get_param: OVNDnsServers} neutron::plugins::ml2::ovn::ovn_emit_need_to_frag: {get_param: OVNEmitNeedToFrag} neutron::plugins::ml2::ovn::dvr_enabled: if: - neutron_dvr_set - true - if: - {get_param: EnableInternalTLS} - neutron::plugins::ml2::ovn::ovn_sb_ca_cert: {get_param: InternalTLSCAFile} neutron::plugins::ml2::ovn::ovn_sb_certificate: '/etc/pki/tls/certs/ovn_neutron_client.crt' neutron::plugins::ml2::ovn::ovn_sb_private_key: '/etc/pki/tls/private/ovn_neutron_client.key' neutron::plugins::ml2::ovn::ovn_nb_ca_cert: {get_param: InternalTLSCAFile} neutron::plugins::ml2::ovn::ovn_nb_certificate: '/etc/pki/tls/certs/ovn_neutron_client.crt' neutron::plugins::ml2::ovn::ovn_nb_private_key: '/etc/pki/tls/private/ovn_neutron_client.key' - if: - vhostuser_dir_set - map_replace: - map_replace: - neutron::plugins::ml2::ovn::vhostuser_socket_dir: NeutronVhostuserSocketDir - values: {get_param: RoleParameters} - values: NeutronVhostuserSocketDir: {get_param: NeutronVhostuserSocketDir} - neutron::agents::ml2::ovn::network_log_rate_limit: {get_param: NeutronOVNLoggingRateLimit} - neutron::agents::ml2::ovn::network_log_burst_limit: {get_param: NeutronOVNLoggingBurstLimit} - if: - network_log_local_output_log_base_set - neutron::agents::ml2::ovn::network_log_local_output_log_base: {get_param: NeutronOVNLoggingLocalOutputLogBase} step_config: | include tripleo::profile::base::neutron::plugins::ml2 metadata_settings: get_attr: [NeutronMl2Base, role_data, metadata_settings]