fb0e8f62fc
With the upgrade to puppet 5, we can no longer use dots in the hieradata key lookups. This change updates the THT for firewall_rules, haproxy_endpoints and haproxy_userlists to use the colon notation. Change-Id: I6f67153e04aed191acb715fe8cfa976ee2e75878 Related-Bug: #1803024
197 lines
6.9 KiB
YAML
197 lines
6.9 KiB
YAML
heat_template_version: rocky
|
|
|
|
description: >
|
|
OpenDaylight SDN Controller.
|
|
|
|
parameters:
|
|
OpenDaylightUsername:
|
|
default: 'admin'
|
|
description: The username for the opendaylight server.
|
|
type: string
|
|
OpenDaylightPassword:
|
|
type: string
|
|
description: The password for the opendaylight server.
|
|
hidden: true
|
|
OpenDaylightFeatures:
|
|
description: List of features to install with ODL
|
|
type: comma_delimited_list
|
|
default: ["odl-netvirt-openstack","odl-jolokia"]
|
|
OpenDaylightApiVirtualIP:
|
|
type: string
|
|
default: ''
|
|
EndpointMap:
|
|
default: {}
|
|
description: Mapping of service endpoint -> protocol. Typically set
|
|
via parameter_defaults in the resource registry.
|
|
type: json
|
|
ServiceData:
|
|
default: {}
|
|
description: Dictionary packing service data
|
|
type: json
|
|
ServiceNetMap:
|
|
default: {}
|
|
description: Mapping of service_name -> network name. Typically set
|
|
via parameter_defaults in the resource registry. This
|
|
mapping overrides those in ServiceNetMapDefaults.
|
|
type: json
|
|
DefaultPasswords:
|
|
default: {}
|
|
type: json
|
|
RoleName:
|
|
default: ''
|
|
description: Role name on which the service is applied
|
|
type: string
|
|
RoleParameters:
|
|
default: {}
|
|
description: Parameters specific to the role
|
|
type: json
|
|
OpenDaylightManageRepositories:
|
|
description: Whether to manage the OpenDaylight repository
|
|
type: boolean
|
|
default: false
|
|
OpenDaylightSNATMechanism:
|
|
description: SNAT mechanism to be used
|
|
default: 'conntrack'
|
|
type: string
|
|
constraints:
|
|
- allowed_values:
|
|
- conntrack
|
|
- controller
|
|
OpenDaylightLogMechanism:
|
|
description: Logging mechanism to be used
|
|
default: 'file'
|
|
type: string
|
|
constraints:
|
|
- allowed_values:
|
|
- file
|
|
- console
|
|
OpenDaylightTLSKeystorePassword:
|
|
default: 'opendaylight'
|
|
type: string
|
|
description: The password for the opendaylight TLS keystore.
|
|
Must be at least 6 characters.
|
|
hidden: true
|
|
EnableInternalTLS:
|
|
type: boolean
|
|
default: false
|
|
InternalTLSCAFile:
|
|
default: '/etc/ipa/ca.crt'
|
|
type: string
|
|
description: Specifies the default CA cert to use if TLS is used for
|
|
services in the internal network.
|
|
OpenDaylightInheritDSCPMarking:
|
|
description: Enable DSCP marking for VXLAN/GRE tunnels
|
|
type: boolean
|
|
default: false
|
|
OpenDaylightJavaOpts:
|
|
default: ''
|
|
type: string
|
|
description: Specifies the Java options to run ODL with as a string.
|
|
Note, these options are in addition to the default Java
|
|
options set by the karaf/ODL boot scripts and IP version
|
|
based flag set by 'opendaylight' class.
|
|
OpenDaylightInactivityProbe:
|
|
description: Time in millseconds before an inactivity probe is sent via
|
|
OVSDB to OVS
|
|
type: number
|
|
default: 180000
|
|
|
|
conditions:
|
|
|
|
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
|
|
|
|
outputs:
|
|
role_data:
|
|
description: Role data for the OpenDaylight service.
|
|
value:
|
|
service_name: opendaylight_api
|
|
config_settings:
|
|
map_merge:
|
|
-
|
|
opendaylight::odl_rest_port: {get_param: [EndpointMap, OpenDaylightInternal, port]}
|
|
opendaylight::username: {get_param: OpenDaylightUsername}
|
|
opendaylight::password: {get_param: OpenDaylightPassword}
|
|
opendaylight::extra_features: {get_param: OpenDaylightFeatures}
|
|
opendaylight::odl_bind_ip:
|
|
str_replace:
|
|
template:
|
|
"%{hiera('$NETWORK')}"
|
|
params:
|
|
$NETWORK: {get_param: [ServiceNetMap, OpendaylightApiNetwork]}
|
|
opendaylight::manage_repositories: {get_param: OpenDaylightManageRepositories}
|
|
tripleo::opendaylight_api::firewall_rules:
|
|
'137 opendaylight api':
|
|
dport:
|
|
- {get_param: [EndpointMap, OpenDaylightInternal, port]}
|
|
- 6640
|
|
- 6653
|
|
- 2550
|
|
- 8185
|
|
opendaylight::snat_mechanism: {get_param: OpenDaylightSNATMechanism}
|
|
opendaylight::log_mechanism: {get_param: OpenDaylightLogMechanism}
|
|
opendaylight::inherit_dscp_marking: {get_param: OpenDaylightInheritDSCPMarking}
|
|
opendaylight::java_opts: {get_param: OpenDaylightJavaOpts}
|
|
opendaylight::inactivity_probe: {get_param: OpenDaylightInactivityProbe}
|
|
-
|
|
if:
|
|
- internal_tls_enabled
|
|
- generate_service_certificates: true
|
|
tripleo::profile::base::neutron::opendaylight::certificate_specs:
|
|
service_certificate: '/etc/pki/tls/certs/odl.crt'
|
|
service_key: '/etc/pki/tls/private/odl.key'
|
|
hostname:
|
|
str_replace:
|
|
template: "%{hiera('fqdn_NETWORK')}"
|
|
params:
|
|
NETWORK: {get_param: [ServiceNetMap, OpendaylightApiNetwork]}
|
|
principal:
|
|
str_replace:
|
|
template: "odl/%{hiera('fqdn_NETWORK')}"
|
|
params:
|
|
NETWORK: {get_param: [ServiceNetMap, OpendaylightApiNetwork]}
|
|
opendaylight::tls_ca_cert_file: {get_param: InternalTLSCAFile}
|
|
opendaylight::tls_keystore_password: {get_param: OpenDaylightTLSKeystorePassword}
|
|
- {}
|
|
service_config_settings:
|
|
neutron_dhcp:
|
|
if:
|
|
- internal_tls_enabled
|
|
- neutron::agents::dhcp::ovsdb_connection: 'ssl:127.0.0.1:6639'
|
|
- neutron::agents::dhcp::ovsdb_connection: 'tcp:127.0.0.1:6639'
|
|
step_config: |
|
|
include tripleo::profile::base::neutron::opendaylight
|
|
upgrade_tasks:
|
|
- name: Check if opendaylight is deployed
|
|
command: systemctl is-enabled opendaylight
|
|
tags: common
|
|
ignore_errors: True
|
|
register: opendaylight_enabled
|
|
- name: "PreUpgrade step0,validation: Check service opendaylight is running"
|
|
shell: /usr/bin/systemctl show 'opendaylight' --property ActiveState | grep '\bactive\b'
|
|
when:
|
|
- step|int == 0
|
|
- opendaylight_enabled.rc == 0
|
|
tags: validation
|
|
- name: Stop opendaylight service
|
|
when:
|
|
- step|int == 1
|
|
- opendaylight_enabled.rc == 0
|
|
service: name=opendaylight state=stopped
|
|
- name: Removes ODL snapshots, data, journal directories
|
|
file:
|
|
state: absent
|
|
path: /opt/opendaylight/{{item}}
|
|
when: step|int == 2
|
|
with_items:
|
|
- snapshots
|
|
- data
|
|
- journal
|
|
metadata_settings:
|
|
if:
|
|
- internal_tls_enabled
|
|
-
|
|
- service: odl
|
|
network: {get_param: [ServiceNetMap, OpendaylightApiNetwork]}
|
|
type: node
|
|
- null
|