ff83505e8a
The hiera function is deprecated and does not work with the latest hieradata version 5. It should be replaced by the new lookup function[1]. [1] https://puppet.com/docs/puppet/7/hiera_automatic.html With the lookup function, we can define value type and merge behavior, but these are kept default at this moment to limit scope of this change to just simple replacement. Adding value type might be useful to make sure the value is in expected type (especially when a boolean value is expected), but we will revisit that later. example: lookup(<NAME>, [<VALUE TYPE>], [<MERGE BEHAVIOR>], [<DEFAULT VALUE>]) Change-Id: If5ac88ffccc1bb800d8af33c8896294a57e9b5fb
227 lines
8.8 KiB
YAML
227 lines
8.8 KiB
YAML
heat_template_version: wallaby
|
|
|
|
description: >
|
|
OpenStack Neutron SR-IOV service
|
|
|
|
parameters:
|
|
ContainerNeutronSriovImage:
|
|
description: The container image to use for the Neutron SR-IOV agent
|
|
type: string
|
|
tags:
|
|
- role_specific
|
|
ContainerNeutronConfigImage:
|
|
description: The container image to use for the neutron config_volume
|
|
type: string
|
|
tags:
|
|
- role_specific
|
|
DockerSRIOVUlimit:
|
|
default: ['nofile=16384']
|
|
description: ulimit for SR-IOV Container
|
|
type: comma_delimited_list
|
|
ServiceData:
|
|
default: {}
|
|
description: Dictionary packing service data
|
|
type: json
|
|
ServiceNetMap:
|
|
default: {}
|
|
description: Mapping of service_name -> network name. Typically set
|
|
via parameter_defaults in the resource registry. Use
|
|
parameter_merge_strategies to merge it with the defaults.
|
|
type: json
|
|
RoleName:
|
|
default: ''
|
|
description: Role name on which the service is applied
|
|
type: string
|
|
RoleParameters:
|
|
default: {}
|
|
description: Parameters specific to the role
|
|
type: json
|
|
EndpointMap:
|
|
default: {}
|
|
description: Mapping of service endpoint -> protocol. Typically set
|
|
via parameter_defaults in the resource registry.
|
|
type: json
|
|
NeutronPhysicalDevMappings:
|
|
description: >
|
|
List of <physical_network>:<physical device>
|
|
All physical networks listed in network_vlan_ranges
|
|
on the server should have mappings to appropriate
|
|
interfaces on each agent.
|
|
Example "tenant0:ens2f0,tenant1:ens2f1"
|
|
type: comma_delimited_list
|
|
default: ""
|
|
tags:
|
|
- role_specific
|
|
NeutronExcludeDevices:
|
|
description: >
|
|
List of <network_device>:<excluded_devices> mapping
|
|
network_device to the agent's node-specific list of virtual functions
|
|
that should not be used for virtual networking. excluded_devices is a
|
|
semicolon separated list of virtual functions to exclude from
|
|
network_device. The network_device in the mapping should appear in the
|
|
physical_device_mappings list.
|
|
type: comma_delimited_list
|
|
default: ""
|
|
tags:
|
|
- role_specific
|
|
NeutronSriovAgentExtensions:
|
|
default: ""
|
|
description: >
|
|
Comma-separated list of extensions enabled for the Neutron SR-IOV agents.
|
|
type: comma_delimited_list
|
|
tags:
|
|
- role_specific
|
|
DerivePciWhitelistEnabled:
|
|
default: true
|
|
description: Whether to enable or not the pci passthrough whitelist automation.
|
|
type: boolean
|
|
tags:
|
|
- role_specific
|
|
NeutronSriovResourceProviderBandwidths:
|
|
description: >
|
|
Comma-separated list of <network_device>:<egress_bw>:<ingress_bw> tuples,
|
|
showing the available bandwidth for the given device in the given
|
|
direction. The direction is meant from VM perspective. Bandwidth is
|
|
measured in kilobits per second (kbps). The device must appear in
|
|
physical_device_mappings as the value.
|
|
type: comma_delimited_list
|
|
default: ""
|
|
tags:
|
|
- role_specific
|
|
|
|
conditions:
|
|
derive_pci_whitelist_enabled:
|
|
or:
|
|
- and:
|
|
- {get_param: DerivePciWhitelistEnabled}
|
|
- equals: [{get_param: [RoleParameters, DerivePciWhitelistEnabled]}, '']
|
|
- {get_param: [RoleParameters, DerivePciWhitelistEnabled]}
|
|
|
|
resources:
|
|
# Merging role-specific parameters (RoleParameters) with the default parameters.
|
|
# RoleParameters will have the precedence over the default parameters.
|
|
RoleParametersValue:
|
|
type: OS::Heat::Value
|
|
properties:
|
|
type: json
|
|
value:
|
|
map_replace:
|
|
- map_replace:
|
|
- neutron::agents::ml2::sriov::physical_device_mappings: NeutronPhysicalDevMappings
|
|
neutron::agents::ml2::sriov::exclude_devices: NeutronExcludeDevices
|
|
neutron::agents::ml2::sriov::extensions: NeutronSriovAgentExtensions
|
|
neutron::agents::ml2::sriov::resource_provider_bandwidths: NeutronSriovResourceProviderBandwidths
|
|
ContainerNeutronSriovImage: ContainerNeutronSriovImage
|
|
ContainerNeutronConfigImage: ContainerNeutronConfigImage
|
|
- values: {get_param: [RoleParameters]}
|
|
- values:
|
|
NeutronPhysicalDevMappings: {get_param: NeutronPhysicalDevMappings}
|
|
NeutronExcludeDevices: {get_param: NeutronExcludeDevices}
|
|
NeutronSriovAgentExtensions: {get_param: NeutronSriovAgentExtensions}
|
|
NeutronSriovResourceProviderBandwidths: {get_param: NeutronSriovResourceProviderBandwidths}
|
|
ContainerNeutronSriovImage: {get_param: ContainerNeutronSriovImage}
|
|
ContainerNeutronConfigImage: {get_param: ContainerNeutronConfigImage}
|
|
|
|
ContainersCommon:
|
|
type: ../containers-common.yaml
|
|
|
|
NeutronBase:
|
|
type: ./neutron-base.yaml
|
|
properties:
|
|
EndpointMap: {get_param: EndpointMap}
|
|
ServiceData: {get_param: ServiceData}
|
|
ServiceNetMap: {get_param: ServiceNetMap}
|
|
RoleName: {get_param: RoleName}
|
|
RoleParameters: {get_param: RoleParameters}
|
|
|
|
NeutronLogging:
|
|
type: OS::TripleO::Services::Logging::NeutronCommon
|
|
properties:
|
|
NeutronServiceName: sriov-nic-agent
|
|
|
|
outputs:
|
|
role_data:
|
|
description: Role data for Neutron sriov service
|
|
value:
|
|
service_name: neutron_sriov_agent
|
|
config_settings:
|
|
map_merge:
|
|
- get_attr: [NeutronBase, role_data, config_settings]
|
|
- get_attr: [RoleParametersValue, value]
|
|
- get_attr: [NeutronLogging, config_settings]
|
|
- neutron::agents::ml2::sriov::resource_provider_default_hypervisor: "%{lookup('fqdn_canonical')}"
|
|
puppet_config:
|
|
config_volume: neutron
|
|
puppet_tags: neutron_config,neutron_agent_sriov_numvfs,neutron_sriov_agent_config
|
|
step_config: |
|
|
include tripleo::profile::base::neutron::sriov
|
|
config_image: {get_attr: [RoleParametersValue, value, ContainerNeutronConfigImage]}
|
|
kolla_config:
|
|
/var/lib/kolla/config_files/neutron_sriov_agent.json:
|
|
command:
|
|
list_join:
|
|
- ' '
|
|
- - /usr/bin/neutron-sriov-nic-agent --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/sriov_agent.ini --config-dir /etc/neutron/conf.d/common
|
|
- get_attr: [NeutronLogging, cmd_extra_args]
|
|
config_files:
|
|
- source: "/var/lib/kolla/config_files/src/*"
|
|
dest: "/"
|
|
merge: true
|
|
preserve_properties: true
|
|
permissions:
|
|
- path: /var/log/neutron
|
|
owner: neutron:neutron
|
|
recurse: true
|
|
docker_config:
|
|
step_4:
|
|
neutron_sriov_agent:
|
|
start_order: 10
|
|
image: {get_attr: [RoleParametersValue, value, ContainerNeutronSriovImage]}
|
|
net: host
|
|
pid: host
|
|
privileged: true
|
|
restart: always
|
|
healthcheck: {get_attr: [ContainersCommon, healthcheck_rpc_port]}
|
|
ulimit: {get_param: DockerSRIOVUlimit}
|
|
volumes:
|
|
list_concat:
|
|
- {get_attr: [ContainersCommon, volumes]}
|
|
- {get_attr: [NeutronLogging, volumes]}
|
|
- - /var/lib/kolla/config_files/neutron_sriov_agent.json:/var/lib/kolla/config_files/config.json:ro
|
|
- /var/lib/config-data/puppet-generated/neutron:/var/lib/kolla/config_files/src:ro
|
|
- /lib/modules:/lib/modules:ro
|
|
- /run:/run
|
|
- /sys/class/net:/sys/class/net:rw
|
|
environment:
|
|
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
|
|
host_prep_tasks:
|
|
list_concat:
|
|
- {get_attr: [NeutronLogging, host_prep_tasks]}
|
|
- - name: enable virt_sandbox_use_netlink for healthcheck
|
|
seboolean:
|
|
name: virt_sandbox_use_netlink
|
|
persistent: true
|
|
state: true
|
|
when:
|
|
- ansible_facts.selinux is defined
|
|
- ansible_facts.selinux.status == "enabled"
|
|
- if:
|
|
- derive_pci_whitelist_enabled
|
|
- - name: "creating directory"
|
|
file:
|
|
state: directory
|
|
path: /var/lib/pci_passthrough_whitelist_scripts
|
|
owner: root
|
|
group: root
|
|
mode: 0750
|
|
- name: derive pci passthrough whitelist
|
|
copy:
|
|
src: /usr/share/openstack-tripleo-heat-templates/deployment/neutron/derive_pci_passthrough_whitelist.py
|
|
dest: /var/lib/pci_passthrough_whitelist_scripts/derive_pci_passthrough_whitelist.py
|
|
mode: 0700
|
|
- name: run derive_pci_passthrough_whitelist.py
|
|
command: /var/lib/pci_passthrough_whitelist_scripts/derive_pci_passthrough_whitelist.py
|
|
metadata_settings:
|
|
get_attr: [NeutronBase, role_data, metadata_settings]
|
|
upgrade_tasks: []
|