tripleo-heat-templates/deployment/neutron/neutron-sriov-agent-container-puppet.yaml
Takashi Kajinami ff83505e8a Replace hiera by lookup
The hiera function is deprecated and does not work with the latest
hieradata version 5. It should be replaced by the new lookup
function[1].

[1] https://puppet.com/docs/puppet/7/hiera_automatic.html

With the lookup function, we can define value type and merge behavior,
but these are kept default at this moment to limit scope of this change
to just simple replacement. Adding value type might be useful to make
sure the value is in expected type (especially when a boolean value is
expected), but we will revisit that later.

example:
lookup(<NAME>, [<VALUE TYPE>], [<MERGE BEHAVIOR>], [<DEFAULT VALUE>])

Change-Id: If5ac88ffccc1bb800d8af33c8896294a57e9b5fb
2022-04-14 17:07:52 +09:00

227 lines
8.8 KiB
YAML

heat_template_version: wallaby
description: >
OpenStack Neutron SR-IOV service
parameters:
ContainerNeutronSriovImage:
description: The container image to use for the Neutron SR-IOV agent
type: string
tags:
- role_specific
ContainerNeutronConfigImage:
description: The container image to use for the neutron config_volume
type: string
tags:
- role_specific
DockerSRIOVUlimit:
default: ['nofile=16384']
description: ulimit for SR-IOV Container
type: comma_delimited_list
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. Use
parameter_merge_strategies to merge it with the defaults.
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
NeutronPhysicalDevMappings:
description: >
List of <physical_network>:<physical device>
All physical networks listed in network_vlan_ranges
on the server should have mappings to appropriate
interfaces on each agent.
Example "tenant0:ens2f0,tenant1:ens2f1"
type: comma_delimited_list
default: ""
tags:
- role_specific
NeutronExcludeDevices:
description: >
List of <network_device>:<excluded_devices> mapping
network_device to the agent's node-specific list of virtual functions
that should not be used for virtual networking. excluded_devices is a
semicolon separated list of virtual functions to exclude from
network_device. The network_device in the mapping should appear in the
physical_device_mappings list.
type: comma_delimited_list
default: ""
tags:
- role_specific
NeutronSriovAgentExtensions:
default: ""
description: >
Comma-separated list of extensions enabled for the Neutron SR-IOV agents.
type: comma_delimited_list
tags:
- role_specific
DerivePciWhitelistEnabled:
default: true
description: Whether to enable or not the pci passthrough whitelist automation.
type: boolean
tags:
- role_specific
NeutronSriovResourceProviderBandwidths:
description: >
Comma-separated list of <network_device>:<egress_bw>:<ingress_bw> tuples,
showing the available bandwidth for the given device in the given
direction. The direction is meant from VM perspective. Bandwidth is
measured in kilobits per second (kbps). The device must appear in
physical_device_mappings as the value.
type: comma_delimited_list
default: ""
tags:
- role_specific
conditions:
derive_pci_whitelist_enabled:
or:
- and:
- {get_param: DerivePciWhitelistEnabled}
- equals: [{get_param: [RoleParameters, DerivePciWhitelistEnabled]}, '']
- {get_param: [RoleParameters, DerivePciWhitelistEnabled]}
resources:
# Merging role-specific parameters (RoleParameters) with the default parameters.
# RoleParameters will have the precedence over the default parameters.
RoleParametersValue:
type: OS::Heat::Value
properties:
type: json
value:
map_replace:
- map_replace:
- neutron::agents::ml2::sriov::physical_device_mappings: NeutronPhysicalDevMappings
neutron::agents::ml2::sriov::exclude_devices: NeutronExcludeDevices
neutron::agents::ml2::sriov::extensions: NeutronSriovAgentExtensions
neutron::agents::ml2::sriov::resource_provider_bandwidths: NeutronSriovResourceProviderBandwidths
ContainerNeutronSriovImage: ContainerNeutronSriovImage
ContainerNeutronConfigImage: ContainerNeutronConfigImage
- values: {get_param: [RoleParameters]}
- values:
NeutronPhysicalDevMappings: {get_param: NeutronPhysicalDevMappings}
NeutronExcludeDevices: {get_param: NeutronExcludeDevices}
NeutronSriovAgentExtensions: {get_param: NeutronSriovAgentExtensions}
NeutronSriovResourceProviderBandwidths: {get_param: NeutronSriovResourceProviderBandwidths}
ContainerNeutronSriovImage: {get_param: ContainerNeutronSriovImage}
ContainerNeutronConfigImage: {get_param: ContainerNeutronConfigImage}
ContainersCommon:
type: ../containers-common.yaml
NeutronBase:
type: ./neutron-base.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
NeutronLogging:
type: OS::TripleO::Services::Logging::NeutronCommon
properties:
NeutronServiceName: sriov-nic-agent
outputs:
role_data:
description: Role data for Neutron sriov service
value:
service_name: neutron_sriov_agent
config_settings:
map_merge:
- get_attr: [NeutronBase, role_data, config_settings]
- get_attr: [RoleParametersValue, value]
- get_attr: [NeutronLogging, config_settings]
- neutron::agents::ml2::sriov::resource_provider_default_hypervisor: "%{lookup('fqdn_canonical')}"
puppet_config:
config_volume: neutron
puppet_tags: neutron_config,neutron_agent_sriov_numvfs,neutron_sriov_agent_config
step_config: |
include tripleo::profile::base::neutron::sriov
config_image: {get_attr: [RoleParametersValue, value, ContainerNeutronConfigImage]}
kolla_config:
/var/lib/kolla/config_files/neutron_sriov_agent.json:
command:
list_join:
- ' '
- - /usr/bin/neutron-sriov-nic-agent --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/sriov_agent.ini --config-dir /etc/neutron/conf.d/common
- get_attr: [NeutronLogging, cmd_extra_args]
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
permissions:
- path: /var/log/neutron
owner: neutron:neutron
recurse: true
docker_config:
step_4:
neutron_sriov_agent:
start_order: 10
image: {get_attr: [RoleParametersValue, value, ContainerNeutronSriovImage]}
net: host
pid: host
privileged: true
restart: always
healthcheck: {get_attr: [ContainersCommon, healthcheck_rpc_port]}
ulimit: {get_param: DockerSRIOVUlimit}
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
- {get_attr: [NeutronLogging, volumes]}
- - /var/lib/kolla/config_files/neutron_sriov_agent.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/neutron:/var/lib/kolla/config_files/src:ro
- /lib/modules:/lib/modules:ro
- /run:/run
- /sys/class/net:/sys/class/net:rw
environment:
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
host_prep_tasks:
list_concat:
- {get_attr: [NeutronLogging, host_prep_tasks]}
- - name: enable virt_sandbox_use_netlink for healthcheck
seboolean:
name: virt_sandbox_use_netlink
persistent: true
state: true
when:
- ansible_facts.selinux is defined
- ansible_facts.selinux.status == "enabled"
- if:
- derive_pci_whitelist_enabled
- - name: "creating directory"
file:
state: directory
path: /var/lib/pci_passthrough_whitelist_scripts
owner: root
group: root
mode: 0750
- name: derive pci passthrough whitelist
copy:
src: /usr/share/openstack-tripleo-heat-templates/deployment/neutron/derive_pci_passthrough_whitelist.py
dest: /var/lib/pci_passthrough_whitelist_scripts/derive_pci_passthrough_whitelist.py
mode: 0700
- name: run derive_pci_passthrough_whitelist.py
command: /var/lib/pci_passthrough_whitelist_scripts/derive_pci_passthrough_whitelist.py
metadata_settings:
get_attr: [NeutronBase, role_data, metadata_settings]
upgrade_tasks: []