0cb5c847f3
If we use variables defined in later step in conditional before checking which step are we on we will fail. Resolves: rhbz#1535457 Closes-Bug: #1743764 Change-Id: Ic21f6eb5c4101f230fa894cd0829a11e2f0ef39b
271 lines
10 KiB
YAML
271 lines
10 KiB
YAML
heat_template_version: queens
|
|
|
|
description: >
|
|
OpenDaylight OVS Configuration.
|
|
|
|
parameters:
|
|
OpenDaylightPort:
|
|
default: 0
|
|
description: Set opendaylight service port
|
|
type: number
|
|
OpenDaylightUsername:
|
|
default: 'admin'
|
|
description: The username for the opendaylight server.
|
|
type: string
|
|
OpenDaylightPassword:
|
|
default: 'admin'
|
|
type: string
|
|
description: The password for the opendaylight server.
|
|
hidden: true
|
|
OpenDaylightConnectionProtocol:
|
|
description: L7 protocol used for REST access
|
|
type: string
|
|
default: 'http'
|
|
OpenDaylightCheckURL:
|
|
description: URL postfix to verify ODL has finished starting up
|
|
type: string
|
|
default: 'restconf/operational/network-topology:network-topology/topology/netvirt:1'
|
|
OpenDaylightApiVirtualIP:
|
|
type: string
|
|
default: ''
|
|
OpenDaylightProviderMappings:
|
|
description: Mappings between logical networks and physical interfaces.
|
|
Required for VLAN deployments. For example physnet1 -> eth1.
|
|
type: comma_delimited_list
|
|
default: "datacentre:br-ex"
|
|
tags:
|
|
- role_specific
|
|
HostAllowedNetworkTypes:
|
|
description: Allowed tenant network types for this OVS host. Note this can
|
|
vary per host or role to constrain which hosts nova instances
|
|
and networks are scheduled to.
|
|
type: comma_delimited_list
|
|
default: ['local', 'vlan', 'vxlan', 'gre']
|
|
tags:
|
|
- role_specific
|
|
OvsEnableDpdk:
|
|
description: Whether or not to configure enable DPDK in OVS
|
|
default: false
|
|
type: boolean
|
|
tags:
|
|
- role_specific
|
|
OvsVhostuserMode:
|
|
description: Specify the mode for OVS with vhostuser port creation. In
|
|
client mode, the hypervisor will be responsible for creating
|
|
vhostuser sockets. In server mode, OVS will create them.
|
|
type: string
|
|
default: "client"
|
|
constraints:
|
|
- allowed_values: [ 'client', 'server' ]
|
|
tags:
|
|
- role_specific
|
|
VhostuserSocketDir:
|
|
description: Specify the directory to use for vhostuser sockets
|
|
type: string
|
|
default: "/var/run/openvswitch"
|
|
tags:
|
|
- role_specific
|
|
EndpointMap:
|
|
default: {}
|
|
description: Mapping of service endpoint -> protocol. Typically set
|
|
via parameter_defaults in the resource registry.
|
|
type: json
|
|
ServiceData:
|
|
default: {}
|
|
description: Dictionary packing service data
|
|
type: json
|
|
ServiceNetMap:
|
|
default: {}
|
|
description: Mapping of service_name -> network name. Typically set
|
|
via parameter_defaults in the resource registry. This
|
|
mapping overrides those in ServiceNetMapDefaults.
|
|
type: json
|
|
DefaultPasswords:
|
|
default: {}
|
|
type: json
|
|
RoleName:
|
|
default: ''
|
|
description: Role name on which the service is applied
|
|
type: string
|
|
RoleParameters:
|
|
default: {}
|
|
description: Parameters specific to the role
|
|
type: json
|
|
OvsHwOffload:
|
|
default: false
|
|
description: |
|
|
Enable OVS Hardware Offload. This feature supported from OVS 2.8.0
|
|
type: boolean
|
|
EnableInternalTLS:
|
|
type: boolean
|
|
default: false
|
|
InternalTLSCAFile:
|
|
default: '/etc/ipa/ca.crt'
|
|
type: string
|
|
description: Specifies the default CA cert to use if TLS is used for
|
|
services in the internal network.
|
|
|
|
parameter_groups:
|
|
- label: deprecated
|
|
description: |
|
|
The following parameters are deprecated and will be removed. They should not
|
|
be relied on for new deployments. If you have concerns regarding deprecated
|
|
parameters, please contact the TripleO development team on IRC or the
|
|
OpenStack mailing list.
|
|
parameters:
|
|
- OpenDaylightConnectionProtocol
|
|
- OpenDaylightPort
|
|
|
|
conditions:
|
|
|
|
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
|
|
odl_deprecated_port_set:
|
|
not:
|
|
equals:
|
|
- {get_param: OpenDaylightPort}
|
|
- 0
|
|
|
|
resources:
|
|
Ovs:
|
|
type: ./openvswitch.yaml
|
|
properties:
|
|
ServiceData: {get_param: ServiceData}
|
|
ServiceNetMap: {get_param: ServiceNetMap}
|
|
DefaultPasswords: {get_param: DefaultPasswords}
|
|
EndpointMap: {get_param: EndpointMap}
|
|
RoleName: {get_param: RoleName}
|
|
RoleParameters: {get_param: RoleParameters}
|
|
|
|
# Merging role-specific parameters (RoleParameters) with the default parameters.
|
|
# RoleParameters will have the precedence over the default parameters.
|
|
RoleParametersValue:
|
|
type: OS::Heat::Value
|
|
properties:
|
|
type: json
|
|
value:
|
|
map_replace:
|
|
- map_replace:
|
|
- neutron::plugins::ovs::opendaylight::allowed_network_types: HostAllowedNetworkTypes
|
|
neutron::plugins::ovs::opendaylight::enable_dpdk: OvsEnableDpdk
|
|
neutron::plugins::ovs::opendaylight::vhostuser_socket_dir: VhostuserSocketDir
|
|
neutron::plugins::ovs::opendaylight::vhostuser_mode: OvsVhostuserMode
|
|
neutron::plugins::ovs::opendaylight::provider_mappings: OpenDaylightProviderMappings
|
|
neutron::plugins::ovs::opendaylight::enable_hw_offload: OvsHwOffload
|
|
vswitch::ovs::enable_hw_offload: OvsHwOffload
|
|
- values: {get_param: [RoleParameters]}
|
|
- values:
|
|
HostAllowedNetworkTypes: {get_param: HostAllowedNetworkTypes}
|
|
OvsEnableDpdk: {get_param: OvsEnableDpdk}
|
|
VhostuserSocketDir: {get_param: VhostuserSocketDir}
|
|
OvsVhostuserMode: {get_param: OvsVhostuserMode}
|
|
OpenDaylightProviderMappings: {get_param: OpenDaylightProviderMappings}
|
|
OvsHwOffload: {get_param: OvsHwOffload}
|
|
|
|
outputs:
|
|
role_data:
|
|
description: Role data for the OpenDaylight service.
|
|
value:
|
|
service_name: opendaylight_ovs
|
|
config_settings:
|
|
map_merge:
|
|
- opendaylight::odl_rest_port:
|
|
if:
|
|
- odl_deprecated_port_set
|
|
- {get_param: OpenDaylightPort}
|
|
- {get_param: [EndpointMap, OpenDaylightInternal, port]}
|
|
opendaylight::username: {get_param: OpenDaylightUsername}
|
|
opendaylight::password: {get_param: OpenDaylightPassword}
|
|
neutron::plugins::ovs::opendaylight::odl_username: {get_param: OpenDaylightUsername}
|
|
neutron::plugins::ovs::opendaylight::odl_password: {get_param: OpenDaylightPassword}
|
|
opendaylight_check_url: {get_param: OpenDaylightCheckURL}
|
|
neutron::agents::ml2::ovs::local_ip: {get_param: [ServiceNetMap, NeutronTenantNetwork]}
|
|
tripleo.opendaylight_ovs.firewall_rules:
|
|
'118 neutron vxlan networks':
|
|
proto: 'udp'
|
|
dport: 4789
|
|
'136 neutron gre networks':
|
|
proto: 'gre'
|
|
-
|
|
if:
|
|
- internal_tls_enabled
|
|
- generate_service_certificates: true
|
|
tripleo::profile::base::neutron::plugins::ovs::opendaylight::certificate_specs:
|
|
service_certificate: '/etc/pki/tls/certs/ovs.crt'
|
|
service_key: '/etc/pki/tls/private/ovs.key'
|
|
hostname:
|
|
str_replace:
|
|
template: "%{hiera('fqdn_NETWORK')}"
|
|
params:
|
|
NETWORK: {get_param: [ServiceNetMap, OpendaylightApiNetwork]}
|
|
principal:
|
|
str_replace:
|
|
template: "ovs/%{hiera('fqdn_NETWORK')}"
|
|
params:
|
|
NETWORK: {get_param: [ServiceNetMap, OpendaylightApiNetwork]}
|
|
neutron::plugins::ovs::opendaylight::tls_ca_cert_file: {get_param: InternalTLSCAFile}
|
|
tripleo::profile::base::neutron::plugins::ovs::opendaylight::conn_proto: 'https'
|
|
- {}
|
|
- get_attr: [Ovs, role_data, config_settings]
|
|
- get_attr: [RoleParametersValue, value]
|
|
step_config: |
|
|
include tripleo::profile::base::neutron::plugins::ovs::opendaylight
|
|
upgrade_tasks:
|
|
list_concat:
|
|
- get_attr: [Ovs, role_data, upgrade_tasks]
|
|
-
|
|
- name: Check if openvswitch is deployed
|
|
command: systemctl is-enabled openvswitch
|
|
tags: common
|
|
ignore_errors: True
|
|
register: openvswitch_enabled
|
|
- name: "PreUpgrade step0,validation: Check service openvswitch is running"
|
|
command: systemctl is-active --quiet openvswitch
|
|
when:
|
|
- step|int == 0
|
|
- openvswitch_enabled.rc == 0
|
|
tags: validation
|
|
- name: Stop openvswitch service
|
|
when:
|
|
- step|int == 1
|
|
- openvswitch_enabled.rc == 0
|
|
service: name=openvswitch state=stopped
|
|
# Container upgrade steps.
|
|
- name: Block connections to ODL. #This rule will be inserted at the top.
|
|
iptables: chain=OUTPUT action=insert protocol=tcp destination_port={{ item }} jump=DROP
|
|
when: step|int == 0
|
|
with_items:
|
|
- 6640
|
|
- 6653
|
|
- 6633
|
|
post_upgrade_tasks:
|
|
- name: Check service openvswitch is running
|
|
command: systemctl is-active --quiet openvswitch
|
|
tags: common
|
|
register: openvswitch_running
|
|
- name: Delete OVS groups and ports
|
|
shell: "sudo ovs-ofctl -O Openflow13 del-groups br-int; \
|
|
for tun_port in $(ovs-vsctl list-ports br-int | grep 'tun'); \
|
|
do; ovs-vsctl del-port br-int $(tun_port); done;"
|
|
when: (step|int == 0) and (openvswitch_running.rc == 0)
|
|
- name: Stop openvswitch service
|
|
when: (step|int == 1) and (openvswitch_running.rc == 0)
|
|
service: name=openvswitch state=stopped
|
|
- name: Unblock OVS port per compute node. #Delete previously added rule
|
|
iptables: chain=OUTPUT action=insert protocol=tcp destination_port={{ item }} jump=DROP state=absent
|
|
when: step|int == 2
|
|
with_items:
|
|
- 6640
|
|
- 6653
|
|
- 6633
|
|
- name: start openvswitch service
|
|
when: step|int == 3
|
|
service : name=openvswitch state=started
|
|
metadata_settings:
|
|
if:
|
|
- internal_tls_enabled
|
|
-
|
|
- service: ovs
|
|
network: {get_param: [ServiceNetMap, OpendaylightApiNetwork]}
|
|
type: node
|
|
- null
|