56bec75c02
To not to redefine variable multiple times in each service we run check only once and we set fact. To increase readability of generated playbook we add block per strep in services. Change-Id: I2399a72709d240f84e3463c5c3b56942462d1e5c
250 lines
10 KiB
YAML
250 lines
10 KiB
YAML
heat_template_version: rocky
|
|
|
|
description: >
|
|
OpenStack Neutron openvswitch service
|
|
|
|
parameters:
|
|
DockerOpenvswitchImage:
|
|
description: image
|
|
type: string
|
|
DockerNeutronConfigImage:
|
|
description: The container image to use for the neutron config_volume
|
|
type: string
|
|
DockerOpenvswitchUlimit:
|
|
default: ['nofile=1024']
|
|
description: ulimit for Openvswitch Container
|
|
type: comma_delimited_list
|
|
NeutronOpenVswitchAgentLoggingSource:
|
|
type: json
|
|
default:
|
|
tag: openstack.neutron.agent.openvswitch
|
|
path: /var/log/containers/neutron/openvswitch-agent.log
|
|
ServiceData:
|
|
default: {}
|
|
description: Dictionary packing service data
|
|
type: json
|
|
ServiceNetMap:
|
|
default: {}
|
|
description: Mapping of service_name -> network name. Typically set
|
|
via parameter_defaults in the resource registry. This
|
|
mapping overrides those in ServiceNetMapDefaults.
|
|
type: json
|
|
DefaultPasswords:
|
|
default: {}
|
|
type: json
|
|
RoleName:
|
|
default: ''
|
|
description: Role name on which the service is applied
|
|
type: string
|
|
RoleParameters:
|
|
default: {}
|
|
description: Parameters specific to the role
|
|
type: json
|
|
EndpointMap:
|
|
default: {}
|
|
description: Mapping of service endpoint -> protocol. Typically set
|
|
via parameter_defaults in the resource registry.
|
|
type: json
|
|
UpgradeRemoveUnusedPackages:
|
|
default: false
|
|
description: Remove package if the service is being disabled during upgrade
|
|
type: boolean
|
|
|
|
resources:
|
|
|
|
ContainersCommon:
|
|
type: ./containers-common.yaml
|
|
|
|
NeutronOvsAgentBase:
|
|
type: ../../puppet/services/neutron-ovs-agent.yaml
|
|
properties:
|
|
EndpointMap: {get_param: EndpointMap}
|
|
ServiceData: {get_param: ServiceData}
|
|
ServiceNetMap: {get_param: ServiceNetMap}
|
|
DefaultPasswords: {get_param: DefaultPasswords}
|
|
RoleName: {get_param: RoleName}
|
|
RoleParameters: {get_param: RoleParameters}
|
|
|
|
NeutronLogging:
|
|
type: OS::TripleO::Services::Logging::NeutronCommon
|
|
properties:
|
|
NeutronServiceName: openvswitch-agent
|
|
|
|
outputs:
|
|
role_data:
|
|
description: Role data for Neutron openvswitch service
|
|
value:
|
|
service_name: {get_attr: [NeutronOvsAgentBase, role_data, service_name]}
|
|
config_settings:
|
|
map_merge:
|
|
- get_attr: [NeutronOvsAgentBase, role_data, config_settings]
|
|
- get_attr: [NeutronLogging, config_settings]
|
|
logging_source: {get_attr: [NeutronOvsAgentBase, role_data, logging_source]}
|
|
logging_groups: {get_attr: [NeutronOvsAgentBase, role_data, logging_groups]}
|
|
service_config_settings:
|
|
map_merge:
|
|
- get_attr: [NeutronOvsAgentBase, role_data, service_config_settings]
|
|
- fluentd:
|
|
tripleo_fluentd_groups_neutron_ovs_agent:
|
|
- neutron
|
|
tripleo_fluentd_sources_neutron_ovs_agent:
|
|
- {get_param: NeutronOpenVswitchAgentLoggingSource}
|
|
puppet_config:
|
|
config_volume: neutron
|
|
puppet_tags: neutron_config,neutron_agent_ovs,neutron_plugin_ml2
|
|
step_config:
|
|
get_attr: [NeutronOvsAgentBase, role_data, step_config]
|
|
config_image: {get_param: DockerNeutronConfigImage}
|
|
# We need to mount /run for puppet_config step. This is because
|
|
# puppet-vswitch runs the commands "ovs-vsctl list open_vswitch ."
|
|
# when running vswitch::ovs::enable_hw_offload: true
|
|
# ovs-vsctl talks to the ovsdb-server (hosting conf.db)
|
|
# on the unix domain socket - /run/openvswitch/db.sock
|
|
volumes:
|
|
- /lib/modules:/lib/modules:ro
|
|
- /run/openvswitch:/run/openvswitch
|
|
kolla_config:
|
|
/var/lib/kolla/config_files/neutron_ovs_agent.json:
|
|
command: /neutron_ovs_agent_launcher.sh
|
|
config_files:
|
|
- source: "/var/lib/kolla/config_files/src/*"
|
|
dest: "/"
|
|
merge: true
|
|
preserve_properties: true
|
|
permissions:
|
|
- path: /var/log/neutron
|
|
owner: neutron:neutron
|
|
recurse: true
|
|
docker_config_scripts:
|
|
neutron_ovs_agent_launcher.sh:
|
|
mode: "0755"
|
|
content: |
|
|
#!/bin/bash
|
|
set -xe
|
|
/usr/bin/python -m neutron.cmd.destroy_patch_ports --config-file /usr/share/neutron/neutron-dist.conf --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/openvswitch_agent.ini --config-dir /etc/neutron/conf.d/common --config-dir /etc/neutron/conf.d/neutron-openvswitch-agent
|
|
/usr/bin/neutron-openvswitch-agent --config-file /usr/share/neutron/neutron-dist.conf --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/openvswitch_agent.ini --config-file /etc/neutron/plugins/ml2/ml2_conf.ini --config-dir /etc/neutron/conf.d/common --log-file=/var/log/neutron/openvswitch-agent.log
|
|
docker_config:
|
|
step_3:
|
|
neutron_ovs_bridge:
|
|
detach: false
|
|
image: {get_param: DockerNeutronConfigImage}
|
|
net: host
|
|
pid: host
|
|
user: root
|
|
privileged: true
|
|
command:
|
|
- puppet
|
|
- apply
|
|
- --modulepath
|
|
- /etc/puppet/modules:/usr/share/openstack-puppet/modules
|
|
- --tags
|
|
- file,file_line,concat,augeas,neutron::plugins::ovs::bridge,vs_config
|
|
- -v
|
|
- -e
|
|
- include neutron::agents::ml2::ovs
|
|
volumes:
|
|
list_concat:
|
|
- {get_attr: [ContainersCommon, volumes]}
|
|
-
|
|
- /var/lib/kolla/config_files/neutron_ovs_agent.json:/var/lib/kolla/config_files/config.json:ro
|
|
- /var/lib/config-data/puppet-generated/neutron/:/var/lib/kolla/config_files/src:ro
|
|
- /lib/modules:/lib/modules:ro
|
|
- /run/openvswitch:/run/openvswitch
|
|
- /etc/puppet:/etc/puppet:ro
|
|
- /usr/share/openstack-puppet/modules/:/usr/share/openstack-puppet/modules/:ro
|
|
- /var/run/openvswitch/:/var/run/openvswitch/
|
|
environment:
|
|
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
|
|
step_4:
|
|
neutron_ovs_agent:
|
|
start_order: 10
|
|
image: {get_param: DockerOpenvswitchImage}
|
|
net: host
|
|
pid: host
|
|
privileged: true
|
|
restart: always
|
|
healthcheck:
|
|
test: /openstack/healthcheck
|
|
ulimit: {get_param: DockerOpenvswitchUlimit}
|
|
volumes:
|
|
list_concat:
|
|
- {get_attr: [ContainersCommon, volumes]}
|
|
- {get_attr: [NeutronLogging, volumes]}
|
|
-
|
|
- /var/lib/kolla/config_files/neutron_ovs_agent.json:/var/lib/kolla/config_files/config.json:ro
|
|
- /var/lib/config-data/puppet-generated/neutron/:/var/lib/kolla/config_files/src:ro
|
|
- /var/lib/docker-config-scripts/neutron_ovs_agent_launcher.sh:/neutron_ovs_agent_launcher.sh:ro
|
|
- /lib/modules:/lib/modules:ro
|
|
- /run/openvswitch:/run/openvswitch
|
|
environment:
|
|
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
|
|
metadata_settings:
|
|
get_attr: [NeutronOvsAgentBase, role_data, metadata_settings]
|
|
host_prep_tasks: {get_attr: [NeutronLogging, host_prep_tasks]}
|
|
upgrade_tasks:
|
|
list_concat:
|
|
- get_attr: [NeutronOvsAgentBase, role_data, ovs_upgrade_tasks]
|
|
-
|
|
- when: step|int == 0
|
|
tags: common
|
|
block:
|
|
- name: Check if neutron_ovs_agent is deployed
|
|
command: systemctl is-enabled --quiet neutron-openvswitch-agent
|
|
ignore_errors: True
|
|
register: neutron_ovs_agent_enabled_result
|
|
- name: Set fact neutron_ovs_agent_enabled
|
|
set_fact:
|
|
neutron_ovs_agent_enabled: "{{ neutron_ovs_agent_enabled_result.rc == 0 }}"
|
|
- name: "PreUpgrade step0,validation: Check service neutron-openvswitch-agent is running"
|
|
command: systemctl is-active --quiet neutron-openvswitch-agent
|
|
when: neutron_ovs_agent_enabled|bool
|
|
tags: validation
|
|
- when: step|int == 2
|
|
block:
|
|
- name: Stop and disable neutron_ovs_agent service
|
|
when: neutron_ovs_agent_enabled|bool
|
|
service: name=neutron-openvswitch-agent state=stopped enabled=no
|
|
- name: Set fact for removal of openstack-neutron-openvswitch package
|
|
set_fact:
|
|
remove_neutron_openvswitch_package: {get_param: UpgradeRemoveUnusedPackages}
|
|
- name: Remove openstack-neutron-openvswitch package if operator requests it
|
|
yum: name=openstack-neutron-openvswitch state=removed
|
|
ignore_errors: True
|
|
when: remove_neutron_openvswitch_package|bool
|
|
update_tasks:
|
|
# puppetlabs-firewall manages security rules via Puppet but make the rules
|
|
# consistent by default. Since Neutron also creates some rules, we don't
|
|
# want them to be consistent so we have to ensure that they're not stored
|
|
# into sysconfig.
|
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1541528
|
|
- name: Remove IPv4 iptables rules created by Neutron that are persistent
|
|
lineinfile: dest=/etc/sysconfig/iptables
|
|
regexp=".*neutron-"
|
|
state=absent
|
|
when: step|int == 5
|
|
- name: Remove IPv6 iptables rules created by Neutron that are persistent
|
|
lineinfile: dest=/etc/sysconfig/ip6tables
|
|
regexp=".*neutron-"
|
|
state=absent
|
|
when: step|int == 5
|
|
fast_forward_upgrade_tasks:
|
|
- name: Check if neutron_ovs_agent is deployed
|
|
command: systemctl is-enabled --quiet neutron-openvswitch-agent
|
|
ignore_errors: True
|
|
register: neutron_ovs_agent_enabled_result
|
|
when:
|
|
- step|int == 0
|
|
- release == 'ocata'
|
|
- name: Set fact neutron_ovs_agent_enabled
|
|
set_fact:
|
|
neutron_ovs_agent_enabled: "{{ neutron_ovs_agent_enabled_result.rc == 0 }}"
|
|
when:
|
|
- step|int == 0
|
|
- release == 'ocata'
|
|
- name: Stop neutron_openvswitch_agent
|
|
service: name=neutron-openvswitch-agent state=stopped enabled=no
|
|
when:
|
|
- step|int == 1
|
|
- release == 'ocata'
|
|
- neutron_ovs_agent_enabled|bool
|