Currently when deploying with TLS for internal API traffic, Neutron is not configured to securely communicate with OVSDB. In regular OVS agent deployments OVS listens on ptcp and accepts any incoming connection. In ODL deployments OVS is configured to only listen for pssl connections. To allow Neutron agents to communicate with OVSDB in pssl, Neutron needs to be configured with SSL key/certificate in order to connect to OVS. This patch adds key/certificate generation for NeutronBase service to be consumed by any agent. The only agent required with ODL is DHCP, so this patch only addresses configuring SSL there. However, a future patch could enable SSL for default ML2/OVS agent deployments as well by building off of this change. Note, by default OVSDB listens on port 6640. This does not work in ODL deployments when ODL is on the control node because ODL also listens on port 6640. Therefore from the ODL service, the ovsdb_connection setting for DHCP agent is modified when ODL is deployed. Depends-On: I82281eefa1aa81207ccd8ea565cffc6ca0ec48de Depends-On: I4bbaf00f0776cab0be34d814a541fb2fd1e64326 Closes-Bug: 1746762 Change-Id: I97352027d7f750d0820610fb9e06f82b47e77056 Signed-off-by: Tim Rozet <trozet@redhat.com>
Team and repository tags
tripleo-heat-templates
Heat templates to deploy OpenStack using OpenStack.
- Free software: Apache License (2.0)
- Documentation: https://docs.openstack.org/tripleo-docs/latest/
- Source: http://git.openstack.org/cgit/openstack/tripleo-heat-templates
- Bugs: https://bugs.launchpad.net/tripleo
Features
The ability to deploy a multi-node, role based OpenStack deployment using OpenStack Heat. Notable features include:
- Choice of deployment/configuration tooling: puppet, (soon) docker
- Role based deployment: roles for the controller, compute, ceph, swift, and cinder storage
- physical network configuration: support for isolated networks, bonding, and standard ctlplane networking
Directories
A description of the directory layout in TripleO Heat Templates.
- environments: contains heat environment files that can be used with -e
on the command like to enable features, etc.
- extraconfig: templates used to enable 'extra' functionality. Includes
functionality for distro specific registration and upgrades.
- firstboot: example first_boot scripts that can be used when initially
creating instances.
- network: heat templates to help create isolated networks and ports
- puppet: templates mostly driven by configuration with puppet. To use these
templates you can use the overcloud-resource-registry-puppet.yaml.
- validation-scripts: validation scripts useful to all deployment
configurations
- roles: example roles that can be used with the tripleoclient to generate
a roles_data.yaml for a deployment See the roles/README.rst for additional details.
Service testing matrix
The configuration for the CI scenarios will be defined in tripleo-heat-templates/ci/ and should be executed according to the following table:
- | scn001 | scn002 | scn003 | scn004 | scn006 | scn007 | scn009 | non-ha | ovh-ha |
---|---|---|---|---|---|---|---|---|---|
openshift |
|
||||||||
keystone |
|
|
|
|
|
|
|
|
|
glance |
|
swift |
|
|
|
|
|
|
|
cinder |
|
iscsi | |||||||
heat |
|
|
|||||||
ironic |
|
||||||||
mysql |
|
|
|
|
|
|
|
|
|
neutron |
|
|
|
|
|
|
|
|
|
neutron-bgpvpn |
|
||||||||
ovn |
|
||||||||
neutron-l2gw |
|
||||||||
rabbitmq |
|
|
|
|
|
|
|
|
|
mongodb | |||||||||
redis |
|
|
|||||||
haproxy |
|
|
|
|
|
|
|
|
|
memcached |
|
|
|
|
|
|
|
|
|
pacemaker |
|
|
|
|
|
|
|
|
|
nova |
|
|
|
|
ironic |
|
|
|
|
ntp |
|
|
|
|
|
|
|
|
|
snmp |
|
|
|
|
|
|
|
|
|
timezone |
|
|
|
|
|
|
|
|
|
sahara |
|
||||||||
mistral |
|
||||||||
swift |
|
||||||||
aodh |
|
|
|||||||
ceilometer |
|
|
|||||||
gnocchi |
|
|
|||||||
panko |
|
|
|||||||
barbican |
|
||||||||
zaqar |
|
||||||||
ec2api |
|
||||||||
cephrgw |
|
||||||||
tacker |
|
||||||||
congress |
|
||||||||
cephmds |
|
||||||||
manila |
|
||||||||
collectd |
|
||||||||
fluentd |
|
||||||||
sensu-client |
|