tripleo-heat-templates/deployment/neutron/neutron-plugin-ml2-ovn.yaml

176 lines
6.1 KiB
YAML

heat_template_version: rocky
description: >
OpenStack Neutron ML2/OVN plugin configured with Puppet
parameters:
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
OVNSouthboundServerPort:
description: Port of the OVN Southbound DB server
type: number
default: 6642
OVNNorthboundServerPort:
description: Port of the OVN Northbound DB server
type: number
default: 6641
OVNDbConnectionTimeout:
description: Timeout in seconds for the OVSDB connection transaction
type: number
default: 180
OVNVifType:
description: Type of VIF to be used for ports
type: string
default: ovs
constraints:
- allowed_values:
- ovs
- vhostuser
OVNNeutronSyncMode:
description: The synchronization mode of OVN with Neutron DB
type: string
default: log
constraints:
- allowed_values:
- log
- off
- repair
OVNQosDriver:
description: OVN notification driver for Neutron QOS service plugin
type: string
default: ovn-qos
NeutronGeneveMaxHeaderSize:
description: Geneve encapsulation header size
type: number
default: 38
NeutronEnableDVR:
description: Enable Neutron DVR.
default: ''
type: string
OVNMetadataEnabled:
description: Whether Metadata Service has to be enabled
type: boolean
default: true
# NOTE(anil): OVN supports only VLAN, geneve and flat networks
NeutronNetworkType:
default: 'geneve'
description: The tenant network type for Neutron.
type: comma_delimited_list
constraints:
- allowed_values:
- geneve
- vlan
- flat
OVNDnsServers:
default: []
description: List of servers to use as as dns forwarders
type: comma_delimited_list
EnableInternalTLS:
type: boolean
default: false
InternalTLSCAFile:
default: '/etc/ipa/ca.crt'
type: string
description: Specifies the default CA cert to use if TLS is used for
services in the internal network.
NeutronVhostuserSocketDir:
default: ""
description: The vhost-user socket directory for OVS
type: string
tags:
- role_specific
conditions:
neutron_dvr_unset: {equals : [{get_param: NeutronEnableDVR}, '']}
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
vhostuser_dir_set:
or:
- {not: {equals: [{get_param: NeutronVhostuserSocketDir}, ""]}}
- {not: {equals: [{get_param: [RoleParameters, NeutronVhostuserSocketDir]}, ""]}}
resources:
NeutronMl2Base:
type: ./neutron-plugin-ml2.yaml
properties:
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the Neutron ML2/OVN plugin.
value:
service_name: neutron_plugin_ml2_ovn
config_settings:
map_merge:
- get_attr: [NeutronMl2Base, role_data, config_settings]
- ovn::southbound::port: {get_param: OVNSouthboundServerPort}
ovn::northbound::port: {get_param: OVNNorthboundServerPort}
neutron::plugins::ml2::ovn::ovsdb_connection_timeout: {get_param: OVNDbConnectionTimeout}
neutron::plugins::ml2::ovn::neutron_sync_mode: {get_param: OVNNeutronSyncMode}
neutron::plugins::ml2::ovn::ovn_l3_mode: true
neutron::plugins::ml2::ovn::vif_type: {get_param: OVNVifType}
neutron::plugins::ml2::ovn::ovn_metadata_enabled: {get_param: OVNMetadataEnabled}
neutron::server::qos_notification_drivers: {get_param: OVNQosDriver}
neutron::plugins::ml2::max_header_size: {get_param: NeutronGeneveMaxHeaderSize}
neutron::plugins::ml2::ovn::dns_servers: {get_param: OVNDnsServers}
neutron::plugins::ml2::tenant_network_types: {get_param: NeutronNetworkType}
- if:
- internal_tls_enabled
-
neutron::plugins::ml2::ovn::ovn_sb_ca_cert: {get_param: InternalTLSCAFile}
neutron::plugins::ml2::ovn::ovn_sb_certificate: '/etc/pki/tls/certs/ovn_neutron_client.crt'
neutron::plugins::ml2::ovn::ovn_sb_private_key: '/etc/pki/tls/private/ovn_neutron_client.key'
neutron::plugins::ml2::ovn::ovn_nb_ca_cert: {get_param: InternalTLSCAFile}
neutron::plugins::ml2::ovn::ovn_nb_certificate: '/etc/pki/tls/certs/ovn_neutron_client.crt'
neutron::plugins::ml2::ovn::ovn_nb_private_key: '/etc/pki/tls/private/ovn_neutron_client.key'
- {}
-
if:
- neutron_dvr_unset
- neutron::plugins::ml2::ovn::dvr_enabled: true
- neutron::plugins::ml2::ovn::dvr_enabled: {get_param: NeutronEnableDVR}
-
if:
- vhostuser_dir_set
- map_replace:
- map_replace:
- neutron::plugins::ml2::ovn::vhostuser_socket_dir: NeutronVhostuserSocketDir
- values: {get_param: RoleParameters}
- values:
NeutronVhostuserSocketDir: {get_param: NeutronVhostuserSocketDir}
- {}
step_config: |
include ::tripleo::profile::base::neutron::plugins::ml2
metadata_settings:
get_attr: [NeutronMl2Base, role_data, metadata_settings]