openstack
/
tripleo-heat-templates
Code Issues Proposed changes
Heat templates for deploying OpenStack
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6896 Commits
3 Branches
24 Tags
314 MiB
 
 
 
Tree: a175c9e6aa
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'a175c9e6aa'
${ noResults }
tripleo-heat-templates/docker/services/neutron-ovs-agent.yaml

231 lines
9.6 KiB
Raw Blame History

heat_template_version: queens
description: >
OpenStack Neutron openvswitch service
parameters:
DockerOpenvswitchImage:
description: image
type: string
DockerNeutronConfigImage:
description: The container image to use for the neutron config_volume
type: string
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
UpgradeRemoveUnusedPackages:
default: false
description: Remove package if the service is being disabled during upgrade
type: boolean
resources:
ContainersCommon:
type: ./containers-common.yaml
NeutronOvsAgentBase:
type: ../../puppet/services/neutron-ovs-agent.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
NeutronLogging:
type: OS::TripleO::Services::Logging::NeutronCommon
properties:
NeutronServiceName: openvswitch-agent
outputs:
role_data:
description: Role data for Neutron openvswitch service
value:
service_name: {get_attr: [NeutronOvsAgentBase, role_data, service_name]}
config_settings:
map_merge:
- get_attr: [NeutronOvsAgentBase, role_data, config_settings]
- get_attr: [NeutronLogging, config_settings]
logging_source: {get_attr: [NeutronOvsAgentBase, role_data, logging_source]}
logging_groups: {get_attr: [NeutronOvsAgentBase, role_data, logging_groups]}
puppet_config:
config_volume: neutron
puppet_tags: neutron_config,neutron_agent_ovs,neutron_plugin_ml2
step_config:
get_attr: [NeutronOvsAgentBase, role_data, step_config]
config_image: {get_param: DockerNeutronConfigImage}
# We need to mount /run for puppet_config step. This is because
# puppet-vswitch runs the commands "ovs-vsctl list open_vswitch ."
# when running vswitch::ovs::enable_hw_offload: true
# ovs-vsctl talks to the ovsdb-server (hosting conf.db)
# on the unix domain socket - /run/openvswitch/db.sock
volumes:
- /lib/modules:/lib/modules:ro
- /run/openvswitch:/run/openvswitch
kolla_config:
/var/lib/kolla/config_files/neutron_ovs_agent.json:
command: /neutron_ovs_agent_launcher.sh
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
permissions:
- path: /var/log/neutron
owner: neutron:neutron
recurse: true
docker_config_scripts:
neutron_ovs_agent_launcher.sh:
mode: "0755"
content: |
#!/bin/bash
set -xe
/usr/bin/python -m neutron.cmd.destroy_patch_ports --config-file /usr/share/neutron/neutron-dist.conf --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/openvswitch_agent.ini --config-dir /etc/neutron/conf.d/common --config-dir /etc/neutron/conf.d/neutron-openvswitch-agent
/usr/bin/neutron-openvswitch-agent --config-file /usr/share/neutron/neutron-dist.conf --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/openvswitch_agent.ini --config-file /etc/neutron/plugins/ml2/ml2_conf.ini --config-dir /etc/neutron/conf.d/common --log-file=/var/log/neutron/openvswitch-agent.log
docker_config:
step_3:
neutron_ovs_bridge:
detach: false
image: {get_param: DockerNeutronConfigImage}
net: host
pid: host
user: root
privileged: true
command:
- puppet
- apply
- --modulepath
- /etc/puppet/modules:/usr/share/openstack-puppet/modules
- --tags
- file,file_line,concat,augeas,neutron::plugins::ovs::bridge,vs_config
- -v
- -e
- include neutron::agents::ml2::ovs
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/neutron_ovs_agent.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/neutron/:/var/lib/kolla/config_files/src:ro
- /lib/modules:/lib/modules:ro
- /run/openvswitch:/run/openvswitch
- /etc/puppet:/etc/puppet:ro
- /usr/share/openstack-puppet/modules/:/usr/share/openstack-puppet/modules/:ro
- /var/run/openvswitch/db.sock:/var/run/openvswitch/db.sock
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
step_4:
neutron_ovs_agent:
start_order: 10
image: {get_param: DockerOpenvswitchImage}
net: host
pid: host
privileged: true
restart: always
healthcheck:
test: /openstack/healthcheck
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
- {get_attr: [NeutronLogging, volumes]}
-
- /var/lib/kolla/config_files/neutron_ovs_agent.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/neutron/:/var/lib/kolla/config_files/src:ro
- /var/lib/docker-config-scripts/neutron_ovs_agent_launcher.sh:/neutron_ovs_agent_launcher.sh:ro
- /lib/modules:/lib/modules:ro
- /run/openvswitch:/run/openvswitch
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
metadata_settings:
get_attr: [NeutronOvsAgentBase, role_data, metadata_settings]
host_prep_tasks: {get_attr: [NeutronLogging, host_prep_tasks]}
upgrade_tasks:
list_concat:
- get_attr: [NeutronOvsAgentBase, role_data, ovs_upgrade_tasks]
-
- name: Check if neutron_ovs_agent is deployed
command: systemctl is-enabled --quiet neutron-openvswitch-agent
tags: common
ignore_errors: True
register: neutron_ovs_agent_enabled
- name: "PreUpgrade step0,validation: Check service neutron-openvswitch-agent is running"
command: systemctl is-active --quiet neutron-openvswitch-agent
when:
- step|int == 0
- neutron_ovs_agent_enabled.rc == 0
tags: validation
- name: Stop and disable neutron_ovs_agent service
when:
- step|int == 2
- neutron_ovs_agent_enabled.rc == 0
service: name=neutron-openvswitch-agent state=stopped enabled=no
- name: Set fact for removal of openstack-neutron-openvswitch package
when: step|int == 2
set_fact:
remove_neutron_openvswitch_package: {get_param: UpgradeRemoveUnusedPackages}
- name: Remove openstack-neutron-openvswitch package if operator requests it
yum: name=openstack-neutron-openvswitch state=removed
ignore_errors: True
when:
- step|int == 2
- remove_neutron_openvswitch_package|bool
update_tasks:
# puppetlabs-firewall manages security rules via Puppet but make the rules
# consistent by default. Since Neutron also creates some rules, we don't
# want them to be consistent so we have to ensure that they're not stored
# into sysconfig.
# https://bugzilla.redhat.com/show_bug.cgi?id=1541528
- name: Remove IPv4 iptables rules created by Neutron that are persistent
lineinfile: dest=/etc/sysconfig/iptables
regexp=".*neutron-"
state=absent
when: step|int == 5
- name: Remove IPv6 iptables rules created by Neutron that are persistent
lineinfile: dest=/etc/sysconfig/ip6tables
regexp=".*neutron-"
state=absent
when: step|int == 5
fast_forward_upgrade_tasks:
- name: Check if neutron_ovs_agent is deployed
command: systemctl is-enabled --quiet neutron-openvswitch-agent
ignore_errors: True
register: neutron_ovs_agent_enabled_result
when:
- step|int == 0
- release == 'ocata'
- name: Set fact neutron_ovs_agent_enabled
set_fact:
neutron_ovs_agent_enabled: "{{ neutron_ovs_agent_enabled_result.rc == 0 }}"
when:
- step|int == 0
- release == 'ocata'
- name: Stop neutron_openvswitch_agent
service: name=neutron-openvswitch-agent state=stopped enabled=no
when:
- step|int == 1
- release == 'ocata'
- neutron_ovs_agent_enabled|bool