tripleo-heat-templates/puppet/services/opendaylight-ovs.yaml
Lukas Bezdicka 0cb5c847f3 Always evaluate step first in conditional
If we use variables defined in later step in conditional before
checking which step are we on we will fail.

Resolves: rhbz#1535457
Closes-Bug: #1743764
Change-Id: Ic21f6eb5c4101f230fa894cd0829a11e2f0ef39b
2018-02-09 17:12:29 +01:00

271 lines
10 KiB
YAML

heat_template_version: queens
description: >
OpenDaylight OVS Configuration.
parameters:
OpenDaylightPort:
default: 0
description: Set opendaylight service port
type: number
OpenDaylightUsername:
default: 'admin'
description: The username for the opendaylight server.
type: string
OpenDaylightPassword:
default: 'admin'
type: string
description: The password for the opendaylight server.
hidden: true
OpenDaylightConnectionProtocol:
description: L7 protocol used for REST access
type: string
default: 'http'
OpenDaylightCheckURL:
description: URL postfix to verify ODL has finished starting up
type: string
default: 'restconf/operational/network-topology:network-topology/topology/netvirt:1'
OpenDaylightApiVirtualIP:
type: string
default: ''
OpenDaylightProviderMappings:
description: Mappings between logical networks and physical interfaces.
Required for VLAN deployments. For example physnet1 -> eth1.
type: comma_delimited_list
default: "datacentre:br-ex"
tags:
- role_specific
HostAllowedNetworkTypes:
description: Allowed tenant network types for this OVS host. Note this can
vary per host or role to constrain which hosts nova instances
and networks are scheduled to.
type: comma_delimited_list
default: ['local', 'vlan', 'vxlan', 'gre']
tags:
- role_specific
OvsEnableDpdk:
description: Whether or not to configure enable DPDK in OVS
default: false
type: boolean
tags:
- role_specific
OvsVhostuserMode:
description: Specify the mode for OVS with vhostuser port creation. In
client mode, the hypervisor will be responsible for creating
vhostuser sockets. In server mode, OVS will create them.
type: string
default: "client"
constraints:
- allowed_values: [ 'client', 'server' ]
tags:
- role_specific
VhostuserSocketDir:
description: Specify the directory to use for vhostuser sockets
type: string
default: "/var/run/openvswitch"
tags:
- role_specific
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
OvsHwOffload:
default: false
description: |
Enable OVS Hardware Offload. This feature supported from OVS 2.8.0
type: boolean
EnableInternalTLS:
type: boolean
default: false
InternalTLSCAFile:
default: '/etc/ipa/ca.crt'
type: string
description: Specifies the default CA cert to use if TLS is used for
services in the internal network.
parameter_groups:
- label: deprecated
description: |
The following parameters are deprecated and will be removed. They should not
be relied on for new deployments. If you have concerns regarding deprecated
parameters, please contact the TripleO development team on IRC or the
OpenStack mailing list.
parameters:
- OpenDaylightConnectionProtocol
- OpenDaylightPort
conditions:
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
odl_deprecated_port_set:
not:
equals:
- {get_param: OpenDaylightPort}
- 0
resources:
Ovs:
type: ./openvswitch.yaml
properties:
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
# Merging role-specific parameters (RoleParameters) with the default parameters.
# RoleParameters will have the precedence over the default parameters.
RoleParametersValue:
type: OS::Heat::Value
properties:
type: json
value:
map_replace:
- map_replace:
- neutron::plugins::ovs::opendaylight::allowed_network_types: HostAllowedNetworkTypes
neutron::plugins::ovs::opendaylight::enable_dpdk: OvsEnableDpdk
neutron::plugins::ovs::opendaylight::vhostuser_socket_dir: VhostuserSocketDir
neutron::plugins::ovs::opendaylight::vhostuser_mode: OvsVhostuserMode
neutron::plugins::ovs::opendaylight::provider_mappings: OpenDaylightProviderMappings
neutron::plugins::ovs::opendaylight::enable_hw_offload: OvsHwOffload
vswitch::ovs::enable_hw_offload: OvsHwOffload
- values: {get_param: [RoleParameters]}
- values:
HostAllowedNetworkTypes: {get_param: HostAllowedNetworkTypes}
OvsEnableDpdk: {get_param: OvsEnableDpdk}
VhostuserSocketDir: {get_param: VhostuserSocketDir}
OvsVhostuserMode: {get_param: OvsVhostuserMode}
OpenDaylightProviderMappings: {get_param: OpenDaylightProviderMappings}
OvsHwOffload: {get_param: OvsHwOffload}
outputs:
role_data:
description: Role data for the OpenDaylight service.
value:
service_name: opendaylight_ovs
config_settings:
map_merge:
- opendaylight::odl_rest_port:
if:
- odl_deprecated_port_set
- {get_param: OpenDaylightPort}
- {get_param: [EndpointMap, OpenDaylightInternal, port]}
opendaylight::username: {get_param: OpenDaylightUsername}
opendaylight::password: {get_param: OpenDaylightPassword}
neutron::plugins::ovs::opendaylight::odl_username: {get_param: OpenDaylightUsername}
neutron::plugins::ovs::opendaylight::odl_password: {get_param: OpenDaylightPassword}
opendaylight_check_url: {get_param: OpenDaylightCheckURL}
neutron::agents::ml2::ovs::local_ip: {get_param: [ServiceNetMap, NeutronTenantNetwork]}
tripleo.opendaylight_ovs.firewall_rules:
'118 neutron vxlan networks':
proto: 'udp'
dport: 4789
'136 neutron gre networks':
proto: 'gre'
-
if:
- internal_tls_enabled
- generate_service_certificates: true
tripleo::profile::base::neutron::plugins::ovs::opendaylight::certificate_specs:
service_certificate: '/etc/pki/tls/certs/ovs.crt'
service_key: '/etc/pki/tls/private/ovs.key'
hostname:
str_replace:
template: "%{hiera('fqdn_NETWORK')}"
params:
NETWORK: {get_param: [ServiceNetMap, OpendaylightApiNetwork]}
principal:
str_replace:
template: "ovs/%{hiera('fqdn_NETWORK')}"
params:
NETWORK: {get_param: [ServiceNetMap, OpendaylightApiNetwork]}
neutron::plugins::ovs::opendaylight::tls_ca_cert_file: {get_param: InternalTLSCAFile}
tripleo::profile::base::neutron::plugins::ovs::opendaylight::conn_proto: 'https'
- {}
- get_attr: [Ovs, role_data, config_settings]
- get_attr: [RoleParametersValue, value]
step_config: |
include tripleo::profile::base::neutron::plugins::ovs::opendaylight
upgrade_tasks:
list_concat:
- get_attr: [Ovs, role_data, upgrade_tasks]
-
- name: Check if openvswitch is deployed
command: systemctl is-enabled openvswitch
tags: common
ignore_errors: True
register: openvswitch_enabled
- name: "PreUpgrade step0,validation: Check service openvswitch is running"
command: systemctl is-active --quiet openvswitch
when:
- step|int == 0
- openvswitch_enabled.rc == 0
tags: validation
- name: Stop openvswitch service
when:
- step|int == 1
- openvswitch_enabled.rc == 0
service: name=openvswitch state=stopped
# Container upgrade steps.
- name: Block connections to ODL. #This rule will be inserted at the top.
iptables: chain=OUTPUT action=insert protocol=tcp destination_port={{ item }} jump=DROP
when: step|int == 0
with_items:
- 6640
- 6653
- 6633
post_upgrade_tasks:
- name: Check service openvswitch is running
command: systemctl is-active --quiet openvswitch
tags: common
register: openvswitch_running
- name: Delete OVS groups and ports
shell: "sudo ovs-ofctl -O Openflow13 del-groups br-int; \
for tun_port in $(ovs-vsctl list-ports br-int | grep 'tun'); \
do; ovs-vsctl del-port br-int $(tun_port); done;"
when: (step|int == 0) and (openvswitch_running.rc == 0)
- name: Stop openvswitch service
when: (step|int == 1) and (openvswitch_running.rc == 0)
service: name=openvswitch state=stopped
- name: Unblock OVS port per compute node. #Delete previously added rule
iptables: chain=OUTPUT action=insert protocol=tcp destination_port={{ item }} jump=DROP state=absent
when: step|int == 2
with_items:
- 6640
- 6653
- 6633
- name: start openvswitch service
when: step|int == 3
service : name=openvswitch state=started
metadata_settings:
if:
- internal_tls_enabled
-
- service: ovs
network: {get_param: [ServiceNetMap, OpendaylightApiNetwork]}
type: node
- null