df31016a9a
TLS certificates were introduced for the Neutron Base service in order for Neutron to securely communicate with OVS via SSL/TLS. However, the implementation only required Neutron DHCP agent (ODL deployment) to use the certificates. The other OVS agents are not used in ODL deployments and SSL/TLS use there may be added in the future. However, since other services inherit NeutronBase config_settings, they will attempt to generate certs. This certificate generation will fail because these services do not inherit metadata settings. This patch fixes the above issue by adding the metadata settings inheritance to every service derived from NeutronBase. Closes-Bug: 1754363 Change-Id: I87afc3a11efeefc1cfd768dfe817fbb3b2422694 Signed-off-by: Tim Rozet <trozet@redhat.com>
123 lines
4.6 KiB
YAML
123 lines
4.6 KiB
YAML
heat_template_version: queens
|
|
|
|
description: >
|
|
OpenStack Neutron ML2 Plugin configured with Puppet
|
|
|
|
parameters:
|
|
ServiceData:
|
|
default: {}
|
|
description: Dictionary packing service data
|
|
type: json
|
|
ServiceNetMap:
|
|
default: {}
|
|
description: Mapping of service_name -> network name. Typically set
|
|
via parameter_defaults in the resource registry. This
|
|
mapping overrides those in ServiceNetMapDefaults.
|
|
type: json
|
|
DefaultPasswords:
|
|
default: {}
|
|
type: json
|
|
RoleName:
|
|
default: ''
|
|
description: Role name on which the service is applied
|
|
type: string
|
|
RoleParameters:
|
|
default: {}
|
|
description: Parameters specific to the role
|
|
type: json
|
|
EndpointMap:
|
|
default: {}
|
|
description: Mapping of service endpoint -> protocol. Typically set
|
|
via parameter_defaults in the resource registry.
|
|
type: json
|
|
NeutronMechanismDrivers:
|
|
default: 'openvswitch'
|
|
description: |
|
|
The mechanism drivers for the Neutron tenant network.
|
|
type: comma_delimited_list
|
|
NeutronTypeDrivers:
|
|
default: "vxlan,vlan,flat,gre"
|
|
description: |
|
|
Comma-separated list of network type driver entrypoints to be loaded.
|
|
type: comma_delimited_list
|
|
NeutronFlatNetworks:
|
|
type: comma_delimited_list
|
|
default: 'datacentre'
|
|
description: If set, flat networks to configure in neutron plugins.
|
|
NeutronPluginExtensions:
|
|
default: "qos,port_security"
|
|
description: |
|
|
Comma-separated list of extensions enabled for the Neutron plugin.
|
|
type: comma_delimited_list
|
|
NeutronNetworkVLANRanges:
|
|
default: 'datacentre:1:1000'
|
|
description: >
|
|
The Neutron ML2 and OpenVSwitch vlan mapping range to support. See the
|
|
Neutron documentation for permitted values. Defaults to permitting VLANs
|
|
1 to 1000 on the 'datacentre' physical network (See NeutronBridgeMappings).
|
|
type: comma_delimited_list
|
|
NeutronTunnelIdRanges:
|
|
description: |
|
|
Comma-separated list of <tun_min>:<tun_max> tuples enumerating ranges
|
|
of GRE tunnel IDs that are available for tenant network allocation
|
|
default: ["1:4094", ]
|
|
type: comma_delimited_list
|
|
NeutronVniRanges:
|
|
description: |
|
|
Comma-separated list of <vni_min>:<vni_max> tuples enumerating ranges
|
|
of VXLAN VNI IDs that are available for tenant network allocation
|
|
default: ["1:4094", ]
|
|
type: comma_delimited_list
|
|
NeutronNetworkType:
|
|
default: 'vxlan'
|
|
description: The tenant network type for Neutron.
|
|
type: comma_delimited_list
|
|
NeutronFirewallDriver:
|
|
description: Firewall driver for realizing neutron security group function
|
|
type: string
|
|
default: 'iptables_hybrid'
|
|
NeutronOverlayIPVersion:
|
|
default: 4
|
|
description: IP version used for all overlay network endpoints.
|
|
type: number
|
|
constraints:
|
|
- allowed_values: [4,6]
|
|
resources:
|
|
|
|
NeutronBase:
|
|
type: ./neutron-base.yaml
|
|
properties:
|
|
ServiceData: {get_param: ServiceData}
|
|
ServiceNetMap: {get_param: ServiceNetMap}
|
|
DefaultPasswords: {get_param: DefaultPasswords}
|
|
EndpointMap: {get_param: EndpointMap}
|
|
RoleName: {get_param: RoleName}
|
|
RoleParameters: {get_param: RoleParameters}
|
|
|
|
outputs:
|
|
role_data:
|
|
description: Role data for the Neutron ML2 plugin.
|
|
value:
|
|
service_name: neutron_plugin_ml2
|
|
config_settings:
|
|
map_merge:
|
|
- get_attr: [NeutronBase, role_data, config_settings]
|
|
- neutron::plugins::ml2::mechanism_drivers: {get_param: NeutronMechanismDrivers}
|
|
neutron::plugins::ml2::type_drivers: {get_param: NeutronTypeDrivers}
|
|
neutron::plugins::ml2::flat_networks: {get_param: NeutronFlatNetworks}
|
|
neutron::plugins::ml2::extension_drivers: {get_param: NeutronPluginExtensions}
|
|
neutron::plugins::ml2::network_vlan_ranges: {get_param: NeutronNetworkVLANRanges}
|
|
neutron::plugins::ml2::tunnel_id_ranges: {get_param: NeutronTunnelIdRanges}
|
|
neutron::plugins::ml2::vni_ranges: {get_param: NeutronVniRanges}
|
|
neutron::plugins::ml2::tenant_network_types: {get_param: NeutronNetworkType}
|
|
neutron::plugins::ml2::firewall_driver: {get_param: NeutronFirewallDriver}
|
|
neutron::plugins::ml2::overlay_ip_version: {get_param: NeutronOverlayIPVersion}
|
|
|
|
step_config: |
|
|
include ::tripleo::profile::base::neutron::plugins::ml2
|
|
service_config_settings:
|
|
horizon:
|
|
neutron::plugins::ml2::mechanism_drivers: {get_param: NeutronMechanismDrivers}
|
|
metadata_settings:
|
|
get_attr: [NeutronBase, role_data, metadata_settings]
|