299 lines
12 KiB
YAML
299 lines
12 KiB
YAML
heat_template_version: rocky
|
|
|
|
description: >
|
|
OpenDaylight OVS Configuration.
|
|
|
|
parameters:
|
|
OpenDaylightUsername:
|
|
default: 'admin'
|
|
description: The username for the opendaylight server.
|
|
type: string
|
|
OpenDaylightPassword:
|
|
type: string
|
|
description: The password for the opendaylight server.
|
|
hidden: true
|
|
OpenDaylightCheckURL:
|
|
description: URL postfix to verify ODL has finished starting up
|
|
type: string
|
|
default: 'restconf/operational/network-topology:network-topology/topology/netvirt:1'
|
|
OpenDaylightApiVirtualIP:
|
|
type: string
|
|
default: ''
|
|
OpenDaylightProviderMappings:
|
|
description: Mappings between logical networks and physical interfaces.
|
|
Required for VLAN deployments. For example physnet1 -> eth1.
|
|
type: comma_delimited_list
|
|
default: "datacentre:br-ex"
|
|
tags:
|
|
- role_specific
|
|
HostAllowedNetworkTypes:
|
|
description: Allowed tenant network types for this OVS host. Note this can
|
|
vary per host or role to constrain which hosts nova instances
|
|
and networks are scheduled to.
|
|
type: comma_delimited_list
|
|
default: ['local', 'flat', 'vlan', 'vxlan', 'gre']
|
|
tags:
|
|
- role_specific
|
|
OvsEnableDpdk:
|
|
description: Whether or not to configure enable DPDK in OVS
|
|
default: false
|
|
type: boolean
|
|
tags:
|
|
- role_specific
|
|
OvsVhostuserMode:
|
|
description: Specify the mode for QEMU with vhostuser port creation. In
|
|
client mode, openvswitch will be responsible for creating
|
|
vhostuser sockets. In server mode, the hypervisor will create
|
|
them. Note, 'client' mode is deprecated.
|
|
type: string
|
|
default: "server"
|
|
constraints:
|
|
- allowed_values: [ 'client', 'server' ]
|
|
tags:
|
|
- role_specific
|
|
VhostuserSocketDir:
|
|
description: Specify the directory to use for vhostuser sockets
|
|
type: string
|
|
default: "/var/lib/vhost_sockets"
|
|
tags:
|
|
- role_specific
|
|
EndpointMap:
|
|
default: {}
|
|
description: Mapping of service endpoint -> protocol. Typically set
|
|
via parameter_defaults in the resource registry.
|
|
type: json
|
|
ServiceData:
|
|
default: {}
|
|
description: Dictionary packing service data
|
|
type: json
|
|
ServiceNetMap:
|
|
default: {}
|
|
description: Mapping of service_name -> network name. Typically set
|
|
via parameter_defaults in the resource registry. This
|
|
mapping overrides those in ServiceNetMapDefaults.
|
|
type: json
|
|
DefaultPasswords:
|
|
default: {}
|
|
type: json
|
|
RoleName:
|
|
default: ''
|
|
description: Role name on which the service is applied
|
|
type: string
|
|
RoleParameters:
|
|
default: {}
|
|
description: Parameters specific to the role
|
|
type: json
|
|
OvsHwOffload:
|
|
default: false
|
|
description: |
|
|
Enable OVS Hardware Offload. This feature supported from OVS 2.8.0
|
|
type: boolean
|
|
tags:
|
|
- role_specific
|
|
EnableInternalTLS:
|
|
type: boolean
|
|
default: false
|
|
InternalTLSCAFile:
|
|
default: '/etc/ipa/ca.crt'
|
|
type: string
|
|
description: Specifies the default CA cert to use if TLS is used for
|
|
services in the internal network.
|
|
ODLUpdateLevel:
|
|
default: 1
|
|
description: Specify the level of update
|
|
type: number
|
|
constraints:
|
|
- allowed_values:
|
|
- 1
|
|
- 2
|
|
VhostuserSocketGroup:
|
|
default: "qemu"
|
|
description: >
|
|
The vhost-user socket directory group name.
|
|
Defaults to 'qemu'. When vhostuser mode is 'dpdkvhostuserclient'
|
|
(which is the default mode), the vhost socket is created by qemu.
|
|
type: string
|
|
tags:
|
|
- role_specific
|
|
VhostuserSocketUser:
|
|
default: "qemu"
|
|
description: >
|
|
The vhost-user socket directory user name.
|
|
Defaults to 'qemu'. When vhostuser mode is 'dpdkvhostuserclient'
|
|
(which is the default mode), the vhost socket is created by qemu.
|
|
type: string
|
|
tags:
|
|
- role_specific
|
|
|
|
conditions:
|
|
|
|
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
|
|
|
|
resources:
|
|
Ovs:
|
|
type: ./openvswitch.yaml
|
|
properties:
|
|
ServiceData: {get_param: ServiceData}
|
|
ServiceNetMap: {get_param: ServiceNetMap}
|
|
DefaultPasswords: {get_param: DefaultPasswords}
|
|
EndpointMap: {get_param: EndpointMap}
|
|
RoleName: {get_param: RoleName}
|
|
RoleParameters: {get_param: RoleParameters}
|
|
|
|
# Merging role-specific parameters (RoleParameters) with the default parameters.
|
|
# RoleParameters will have the precedence over the default parameters.
|
|
RoleParametersValue:
|
|
type: OS::Heat::Value
|
|
properties:
|
|
type: json
|
|
value:
|
|
map_replace:
|
|
- map_replace:
|
|
- neutron::plugins::ovs::opendaylight::allowed_network_types: HostAllowedNetworkTypes
|
|
neutron::plugins::ovs::opendaylight::enable_dpdk: OvsEnableDpdk
|
|
neutron::plugins::ovs::opendaylight::vhostuser_socket_dir: VhostuserSocketDir
|
|
neutron::plugins::ovs::opendaylight::vhostuser_mode: OvsVhostuserMode
|
|
neutron::plugins::ovs::opendaylight::provider_mappings: OpenDaylightProviderMappings
|
|
neutron::plugins::ovs::opendaylight::enable_hw_offload: OvsHwOffload
|
|
vswitch::ovs::enable_hw_offload: OvsHwOffload
|
|
tripleo::profile::base::neutron::plugins::ovs::opendaylight::vhostuser_socket_group: VhostuserSocketGroup
|
|
tripleo::profile::base::neutron::plugins::ovs::opendaylight::vhostuser_socket_user: VhostuserSocketUser
|
|
- values: {get_param: [RoleParameters]}
|
|
- values:
|
|
HostAllowedNetworkTypes: {get_param: HostAllowedNetworkTypes}
|
|
OvsEnableDpdk: {get_param: OvsEnableDpdk}
|
|
VhostuserSocketDir: {get_param: VhostuserSocketDir}
|
|
OvsVhostuserMode: {get_param: OvsVhostuserMode}
|
|
OpenDaylightProviderMappings: {get_param: OpenDaylightProviderMappings}
|
|
OvsHwOffload: {get_param: OvsHwOffload}
|
|
VhostuserSocketGroup: {get_param: VhostuserSocketGroup}
|
|
VhostuserSocketUser: {get_param: VhostuserSocketUser}
|
|
|
|
outputs:
|
|
role_data:
|
|
description: Role data for the OpenDaylight service.
|
|
value:
|
|
service_name: opendaylight_ovs
|
|
config_settings:
|
|
map_merge:
|
|
- opendaylight::odl_rest_port: {get_param: [EndpointMap, OpenDaylightInternal, port]}
|
|
opendaylight::username: {get_param: OpenDaylightUsername}
|
|
opendaylight::password: {get_param: OpenDaylightPassword}
|
|
neutron::plugins::ovs::opendaylight::odl_username: {get_param: OpenDaylightUsername}
|
|
neutron::plugins::ovs::opendaylight::odl_password: {get_param: OpenDaylightPassword}
|
|
opendaylight_check_url: {get_param: OpenDaylightCheckURL}
|
|
neutron::agents::ml2::ovs::local_ip:
|
|
str_replace:
|
|
template:
|
|
"%{hiera('$NETWORK')}"
|
|
params:
|
|
$NETWORK: {get_param: [ServiceNetMap, NeutronTenantNetwork]}
|
|
tripleo.opendaylight_ovs.firewall_rules:
|
|
'118 neutron vxlan networks':
|
|
proto: 'udp'
|
|
dport: 4789
|
|
'136 neutron gre networks':
|
|
proto: 'gre'
|
|
-
|
|
if:
|
|
- internal_tls_enabled
|
|
- generate_service_certificates: true
|
|
tripleo::profile::base::neutron::plugins::ovs::opendaylight::certificate_specs:
|
|
service_certificate: '/etc/pki/tls/certs/ovs.crt'
|
|
service_key: '/etc/pki/tls/private/ovs.key'
|
|
hostname:
|
|
str_replace:
|
|
template: "%{hiera('fqdn_NETWORK')}"
|
|
params:
|
|
NETWORK: {get_param: [ServiceNetMap, OpendaylightApiNetwork]}
|
|
principal:
|
|
str_replace:
|
|
template: "ovs/%{hiera('fqdn_NETWORK')}"
|
|
params:
|
|
NETWORK: {get_param: [ServiceNetMap, OpendaylightApiNetwork]}
|
|
neutron::plugins::ovs::opendaylight::tls_ca_cert_file: {get_param: InternalTLSCAFile}
|
|
tripleo::profile::base::neutron::plugins::ovs::opendaylight::conn_proto: 'https'
|
|
- {}
|
|
- get_attr: [Ovs, role_data, config_settings]
|
|
- get_attr: [RoleParametersValue, value]
|
|
service_config_settings:
|
|
nova_libvirt:
|
|
nova::compute::libvirt::qemu::group: {get_attr: [RoleParametersValue, value, 'tripleo::profile::base::neutron::plugins::ovs::opendaylight::vhostuser_socket_group']}
|
|
step_config: |
|
|
include tripleo::profile::base::neutron::plugins::ovs::opendaylight
|
|
upgrade_tasks:
|
|
list_concat:
|
|
- get_attr: [Ovs, role_data, upgrade_tasks]
|
|
-
|
|
- name: Check if openvswitch is deployed
|
|
command: systemctl is-enabled openvswitch
|
|
tags: common
|
|
ignore_errors: True
|
|
register: openvswitch_enabled
|
|
- name: "PreUpgrade step0,validation: Check service openvswitch is running"
|
|
command: systemctl is-active --quiet openvswitch
|
|
when:
|
|
- step|int == 0
|
|
- openvswitch_enabled.rc == 0
|
|
tags: validation
|
|
- name: Stop openvswitch service
|
|
when:
|
|
- step|int == 1
|
|
- openvswitch_enabled.rc == 0
|
|
service: name=openvswitch state=stopped
|
|
# Container upgrade steps.
|
|
- name: ODL container L2 update and upgrade tasks
|
|
block: &odl_container_upgrade_tasks
|
|
- name: Block connections to ODL. #This rule will be inserted at the top.
|
|
iptables: chain=OUTPUT action=insert protocol=tcp destination_port={{ item }} jump=DROP
|
|
when: step|int == 0
|
|
with_items:
|
|
- 6640
|
|
- 6653
|
|
- 6633
|
|
post_upgrade_tasks: &odl_container_post_upgrade_tasks
|
|
- name: Check service openvswitch is running
|
|
command: systemctl is-active --quiet openvswitch
|
|
tags: common
|
|
register: openvswitch_running
|
|
- name: Delete OVS groups and ports
|
|
shell: "sudo ovs-ofctl -O Openflow13 del-groups br-int; \
|
|
for tun_port in $(ovs-vsctl list-ports br-int | grep 'tun'); \
|
|
do; ovs-vsctl del-port br-int $(tun_port); done;"
|
|
when: (step|int == 0) and (openvswitch_running.rc == 0)
|
|
- name: Stop openvswitch service
|
|
when: (step|int == 1) and (openvswitch_running.rc == 0)
|
|
service: name=openvswitch state=stopped
|
|
- name: Unblock OVS port per compute node. #Delete previously added rule
|
|
iptables: chain=OUTPUT action=insert protocol=tcp destination_port={{ item }} jump=DROP state=absent
|
|
when: step|int == 2
|
|
with_items:
|
|
- 6640
|
|
- 6653
|
|
- 6633
|
|
- name: start openvswitch service
|
|
when: step|int == 3
|
|
service : name=openvswitch state=started
|
|
update_tasks:
|
|
- name: Get ODL update level
|
|
block: &get_odl_update_level
|
|
- name: store update level to update_level variable
|
|
set_fact:
|
|
odl_update_level: {get_param: ODLUpdateLevel}
|
|
- name: Run L2 update tasks that are similar to upgrade_tasks when update level is 2
|
|
block: *odl_container_upgrade_tasks
|
|
when: odl_update_level == 2
|
|
post_update_tasks:
|
|
- block: *get_odl_update_level
|
|
- block: *odl_container_post_upgrade_tasks
|
|
when: odl_update_level == 2
|
|
|
|
metadata_settings:
|
|
if:
|
|
- internal_tls_enabled
|
|
-
|
|
- service: ovs
|
|
network: {get_param: [ServiceNetMap, OpendaylightApiNetwork]}
|
|
type: node
|
|
- null
|