tripleo-heat-templates/puppet/services/opendaylight-ovs.yaml
2018-06-28 18:15:43 +00:00

299 lines
12 KiB
YAML

heat_template_version: rocky
description: >
OpenDaylight OVS Configuration.
parameters:
OpenDaylightUsername:
default: 'admin'
description: The username for the opendaylight server.
type: string
OpenDaylightPassword:
type: string
description: The password for the opendaylight server.
hidden: true
OpenDaylightCheckURL:
description: URL postfix to verify ODL has finished starting up
type: string
default: 'restconf/operational/network-topology:network-topology/topology/netvirt:1'
OpenDaylightApiVirtualIP:
type: string
default: ''
OpenDaylightProviderMappings:
description: Mappings between logical networks and physical interfaces.
Required for VLAN deployments. For example physnet1 -> eth1.
type: comma_delimited_list
default: "datacentre:br-ex"
tags:
- role_specific
HostAllowedNetworkTypes:
description: Allowed tenant network types for this OVS host. Note this can
vary per host or role to constrain which hosts nova instances
and networks are scheduled to.
type: comma_delimited_list
default: ['local', 'flat', 'vlan', 'vxlan', 'gre']
tags:
- role_specific
OvsEnableDpdk:
description: Whether or not to configure enable DPDK in OVS
default: false
type: boolean
tags:
- role_specific
OvsVhostuserMode:
description: Specify the mode for QEMU with vhostuser port creation. In
client mode, openvswitch will be responsible for creating
vhostuser sockets. In server mode, the hypervisor will create
them. Note, 'client' mode is deprecated.
type: string
default: "server"
constraints:
- allowed_values: [ 'client', 'server' ]
tags:
- role_specific
VhostuserSocketDir:
description: Specify the directory to use for vhostuser sockets
type: string
default: "/var/lib/vhost_sockets"
tags:
- role_specific
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
OvsHwOffload:
default: false
description: |
Enable OVS Hardware Offload. This feature supported from OVS 2.8.0
type: boolean
tags:
- role_specific
EnableInternalTLS:
type: boolean
default: false
InternalTLSCAFile:
default: '/etc/ipa/ca.crt'
type: string
description: Specifies the default CA cert to use if TLS is used for
services in the internal network.
ODLUpdateLevel:
default: 1
description: Specify the level of update
type: number
constraints:
- allowed_values:
- 1
- 2
VhostuserSocketGroup:
default: "qemu"
description: >
The vhost-user socket directory group name.
Defaults to 'qemu'. When vhostuser mode is 'dpdkvhostuserclient'
(which is the default mode), the vhost socket is created by qemu.
type: string
tags:
- role_specific
VhostuserSocketUser:
default: "qemu"
description: >
The vhost-user socket directory user name.
Defaults to 'qemu'. When vhostuser mode is 'dpdkvhostuserclient'
(which is the default mode), the vhost socket is created by qemu.
type: string
tags:
- role_specific
conditions:
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
resources:
Ovs:
type: ./openvswitch.yaml
properties:
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
# Merging role-specific parameters (RoleParameters) with the default parameters.
# RoleParameters will have the precedence over the default parameters.
RoleParametersValue:
type: OS::Heat::Value
properties:
type: json
value:
map_replace:
- map_replace:
- neutron::plugins::ovs::opendaylight::allowed_network_types: HostAllowedNetworkTypes
neutron::plugins::ovs::opendaylight::enable_dpdk: OvsEnableDpdk
neutron::plugins::ovs::opendaylight::vhostuser_socket_dir: VhostuserSocketDir
neutron::plugins::ovs::opendaylight::vhostuser_mode: OvsVhostuserMode
neutron::plugins::ovs::opendaylight::provider_mappings: OpenDaylightProviderMappings
neutron::plugins::ovs::opendaylight::enable_hw_offload: OvsHwOffload
vswitch::ovs::enable_hw_offload: OvsHwOffload
tripleo::profile::base::neutron::plugins::ovs::opendaylight::vhostuser_socket_group: VhostuserSocketGroup
tripleo::profile::base::neutron::plugins::ovs::opendaylight::vhostuser_socket_user: VhostuserSocketUser
- values: {get_param: [RoleParameters]}
- values:
HostAllowedNetworkTypes: {get_param: HostAllowedNetworkTypes}
OvsEnableDpdk: {get_param: OvsEnableDpdk}
VhostuserSocketDir: {get_param: VhostuserSocketDir}
OvsVhostuserMode: {get_param: OvsVhostuserMode}
OpenDaylightProviderMappings: {get_param: OpenDaylightProviderMappings}
OvsHwOffload: {get_param: OvsHwOffload}
VhostuserSocketGroup: {get_param: VhostuserSocketGroup}
VhostuserSocketUser: {get_param: VhostuserSocketUser}
outputs:
role_data:
description: Role data for the OpenDaylight service.
value:
service_name: opendaylight_ovs
config_settings:
map_merge:
- opendaylight::odl_rest_port: {get_param: [EndpointMap, OpenDaylightInternal, port]}
opendaylight::username: {get_param: OpenDaylightUsername}
opendaylight::password: {get_param: OpenDaylightPassword}
neutron::plugins::ovs::opendaylight::odl_username: {get_param: OpenDaylightUsername}
neutron::plugins::ovs::opendaylight::odl_password: {get_param: OpenDaylightPassword}
opendaylight_check_url: {get_param: OpenDaylightCheckURL}
neutron::agents::ml2::ovs::local_ip:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, NeutronTenantNetwork]}
tripleo.opendaylight_ovs.firewall_rules:
'118 neutron vxlan networks':
proto: 'udp'
dport: 4789
'136 neutron gre networks':
proto: 'gre'
-
if:
- internal_tls_enabled
- generate_service_certificates: true
tripleo::profile::base::neutron::plugins::ovs::opendaylight::certificate_specs:
service_certificate: '/etc/pki/tls/certs/ovs.crt'
service_key: '/etc/pki/tls/private/ovs.key'
hostname:
str_replace:
template: "%{hiera('fqdn_NETWORK')}"
params:
NETWORK: {get_param: [ServiceNetMap, OpendaylightApiNetwork]}
principal:
str_replace:
template: "ovs/%{hiera('fqdn_NETWORK')}"
params:
NETWORK: {get_param: [ServiceNetMap, OpendaylightApiNetwork]}
neutron::plugins::ovs::opendaylight::tls_ca_cert_file: {get_param: InternalTLSCAFile}
tripleo::profile::base::neutron::plugins::ovs::opendaylight::conn_proto: 'https'
- {}
- get_attr: [Ovs, role_data, config_settings]
- get_attr: [RoleParametersValue, value]
service_config_settings:
nova_libvirt:
nova::compute::libvirt::qemu::group: {get_attr: [RoleParametersValue, value, 'tripleo::profile::base::neutron::plugins::ovs::opendaylight::vhostuser_socket_group']}
step_config: |
include tripleo::profile::base::neutron::plugins::ovs::opendaylight
upgrade_tasks:
list_concat:
- get_attr: [Ovs, role_data, upgrade_tasks]
-
- name: Check if openvswitch is deployed
command: systemctl is-enabled openvswitch
tags: common
ignore_errors: True
register: openvswitch_enabled
- name: "PreUpgrade step0,validation: Check service openvswitch is running"
command: systemctl is-active --quiet openvswitch
when:
- step|int == 0
- openvswitch_enabled.rc == 0
tags: validation
- name: Stop openvswitch service
when:
- step|int == 1
- openvswitch_enabled.rc == 0
service: name=openvswitch state=stopped
# Container upgrade steps.
- name: ODL container L2 update and upgrade tasks
block: &odl_container_upgrade_tasks
- name: Block connections to ODL. #This rule will be inserted at the top.
iptables: chain=OUTPUT action=insert protocol=tcp destination_port={{ item }} jump=DROP
when: step|int == 0
with_items:
- 6640
- 6653
- 6633
post_upgrade_tasks: &odl_container_post_upgrade_tasks
- name: Check service openvswitch is running
command: systemctl is-active --quiet openvswitch
tags: common
register: openvswitch_running
- name: Delete OVS groups and ports
shell: "sudo ovs-ofctl -O Openflow13 del-groups br-int; \
for tun_port in $(ovs-vsctl list-ports br-int | grep 'tun'); \
do; ovs-vsctl del-port br-int $(tun_port); done;"
when: (step|int == 0) and (openvswitch_running.rc == 0)
- name: Stop openvswitch service
when: (step|int == 1) and (openvswitch_running.rc == 0)
service: name=openvswitch state=stopped
- name: Unblock OVS port per compute node. #Delete previously added rule
iptables: chain=OUTPUT action=insert protocol=tcp destination_port={{ item }} jump=DROP state=absent
when: step|int == 2
with_items:
- 6640
- 6653
- 6633
- name: start openvswitch service
when: step|int == 3
service : name=openvswitch state=started
update_tasks:
- name: Get ODL update level
block: &get_odl_update_level
- name: store update level to update_level variable
set_fact:
odl_update_level: {get_param: ODLUpdateLevel}
- name: Run L2 update tasks that are similar to upgrade_tasks when update level is 2
block: *odl_container_upgrade_tasks
when: odl_update_level == 2
post_update_tasks:
- block: *get_odl_update_level
- block: *odl_container_post_upgrade_tasks
when: odl_update_level == 2
metadata_settings:
if:
- internal_tls_enabled
-
- service: ovs
network: {get_param: [ServiceNetMap, OpendaylightApiNetwork]}
type: node
- null