176 lines
6.1 KiB
YAML
176 lines
6.1 KiB
YAML
heat_template_version: rocky
|
|
|
|
description: >
|
|
OpenStack Neutron ML2/OVN plugin configured with Puppet
|
|
|
|
parameters:
|
|
ServiceData:
|
|
default: {}
|
|
description: Dictionary packing service data
|
|
type: json
|
|
ServiceNetMap:
|
|
default: {}
|
|
description: Mapping of service_name -> network name. Typically set
|
|
via parameter_defaults in the resource registry. This
|
|
mapping overrides those in ServiceNetMapDefaults.
|
|
type: json
|
|
DefaultPasswords:
|
|
default: {}
|
|
type: json
|
|
RoleName:
|
|
default: ''
|
|
description: Role name on which the service is applied
|
|
type: string
|
|
RoleParameters:
|
|
default: {}
|
|
description: Parameters specific to the role
|
|
type: json
|
|
EndpointMap:
|
|
default: {}
|
|
description: Mapping of service endpoint -> protocol. Typically set
|
|
via parameter_defaults in the resource registry.
|
|
type: json
|
|
OVNSouthboundServerPort:
|
|
description: Port of the OVN Southbound DB server
|
|
type: number
|
|
default: 6642
|
|
OVNNorthboundServerPort:
|
|
description: Port of the OVN Northbound DB server
|
|
type: number
|
|
default: 6641
|
|
OVNDbConnectionTimeout:
|
|
description: Timeout in seconds for the OVSDB connection transaction
|
|
type: number
|
|
default: 180
|
|
OVNVifType:
|
|
description: Type of VIF to be used for ports
|
|
type: string
|
|
default: ovs
|
|
constraints:
|
|
- allowed_values:
|
|
- ovs
|
|
- vhostuser
|
|
OVNNeutronSyncMode:
|
|
description: The synchronization mode of OVN with Neutron DB
|
|
type: string
|
|
default: log
|
|
constraints:
|
|
- allowed_values:
|
|
- log
|
|
- off
|
|
- repair
|
|
OVNQosDriver:
|
|
description: OVN notification driver for Neutron QOS service plugin
|
|
type: string
|
|
default: ovn-qos
|
|
NeutronGeneveMaxHeaderSize:
|
|
description: Geneve encapsulation header size
|
|
type: number
|
|
default: 38
|
|
NeutronEnableDVR:
|
|
description: Enable Neutron DVR.
|
|
default: ''
|
|
type: string
|
|
OVNMetadataEnabled:
|
|
description: Whether Metadata Service has to be enabled
|
|
type: boolean
|
|
default: true
|
|
# NOTE(anil): OVN supports only VLAN, geneve and flat networks
|
|
NeutronNetworkType:
|
|
default: 'geneve'
|
|
description: The tenant network type for Neutron.
|
|
type: comma_delimited_list
|
|
constraints:
|
|
- allowed_values:
|
|
- geneve
|
|
- vlan
|
|
- flat
|
|
OVNDnsServers:
|
|
default: []
|
|
description: List of servers to use as as dns forwarders
|
|
type: comma_delimited_list
|
|
EnableInternalTLS:
|
|
type: boolean
|
|
default: false
|
|
InternalTLSCAFile:
|
|
default: '/etc/ipa/ca.crt'
|
|
type: string
|
|
description: Specifies the default CA cert to use if TLS is used for
|
|
services in the internal network.
|
|
NeutronVhostuserSocketDir:
|
|
default: ""
|
|
description: The vhost-user socket directory for OVS
|
|
type: string
|
|
tags:
|
|
- role_specific
|
|
|
|
conditions:
|
|
neutron_dvr_unset: {equals : [{get_param: NeutronEnableDVR}, '']}
|
|
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
|
|
vhostuser_dir_set:
|
|
or:
|
|
- {not: {equals: [{get_param: NeutronVhostuserSocketDir}, ""]}}
|
|
- {not: {equals: [{get_param: [RoleParameters, NeutronVhostuserSocketDir]}, ""]}}
|
|
|
|
resources:
|
|
|
|
NeutronMl2Base:
|
|
type: ./neutron-plugin-ml2.yaml
|
|
properties:
|
|
ServiceData: {get_param: ServiceData}
|
|
ServiceNetMap: {get_param: ServiceNetMap}
|
|
DefaultPasswords: {get_param: DefaultPasswords}
|
|
EndpointMap: {get_param: EndpointMap}
|
|
RoleName: {get_param: RoleName}
|
|
RoleParameters: {get_param: RoleParameters}
|
|
|
|
outputs:
|
|
role_data:
|
|
description: Role data for the Neutron ML2/OVN plugin.
|
|
value:
|
|
service_name: neutron_plugin_ml2_ovn
|
|
config_settings:
|
|
map_merge:
|
|
- get_attr: [NeutronMl2Base, role_data, config_settings]
|
|
- ovn::southbound::port: {get_param: OVNSouthboundServerPort}
|
|
ovn::northbound::port: {get_param: OVNNorthboundServerPort}
|
|
neutron::plugins::ml2::ovn::ovsdb_connection_timeout: {get_param: OVNDbConnectionTimeout}
|
|
neutron::plugins::ml2::ovn::neutron_sync_mode: {get_param: OVNNeutronSyncMode}
|
|
neutron::plugins::ml2::ovn::ovn_l3_mode: true
|
|
neutron::plugins::ml2::ovn::vif_type: {get_param: OVNVifType}
|
|
neutron::plugins::ml2::ovn::ovn_metadata_enabled: {get_param: OVNMetadataEnabled}
|
|
neutron::server::qos_notification_drivers: {get_param: OVNQosDriver}
|
|
neutron::plugins::ml2::max_header_size: {get_param: NeutronGeneveMaxHeaderSize}
|
|
neutron::plugins::ml2::ovn::dns_servers: {get_param: OVNDnsServers}
|
|
neutron::plugins::ml2::tenant_network_types: {get_param: NeutronNetworkType}
|
|
- if:
|
|
- internal_tls_enabled
|
|
-
|
|
neutron::plugins::ml2::ovn::ovn_sb_ca_cert: {get_param: InternalTLSCAFile}
|
|
neutron::plugins::ml2::ovn::ovn_sb_certificate: '/etc/pki/tls/certs/ovn_neutron_client.crt'
|
|
neutron::plugins::ml2::ovn::ovn_sb_private_key: '/etc/pki/tls/private/ovn_neutron_client.key'
|
|
neutron::plugins::ml2::ovn::ovn_nb_ca_cert: {get_param: InternalTLSCAFile}
|
|
neutron::plugins::ml2::ovn::ovn_nb_certificate: '/etc/pki/tls/certs/ovn_neutron_client.crt'
|
|
neutron::plugins::ml2::ovn::ovn_nb_private_key: '/etc/pki/tls/private/ovn_neutron_client.key'
|
|
- {}
|
|
-
|
|
if:
|
|
- neutron_dvr_unset
|
|
- neutron::plugins::ml2::ovn::dvr_enabled: true
|
|
- neutron::plugins::ml2::ovn::dvr_enabled: {get_param: NeutronEnableDVR}
|
|
-
|
|
if:
|
|
- vhostuser_dir_set
|
|
- map_replace:
|
|
- map_replace:
|
|
- neutron::plugins::ml2::ovn::vhostuser_socket_dir: NeutronVhostuserSocketDir
|
|
- values: {get_param: RoleParameters}
|
|
- values:
|
|
NeutronVhostuserSocketDir: {get_param: NeutronVhostuserSocketDir}
|
|
- {}
|
|
|
|
step_config: |
|
|
include ::tripleo::profile::base::neutron::plugins::ml2
|
|
metadata_settings:
|
|
get_attr: [NeutronMl2Base, role_data, metadata_settings]
|