fffdcf0f30
Current puppet modules uses only absolute name to include classes, so replace relative name by absolute name in template files so that template description can be consistent with puppet implementation. Change-Id: I7a704d113289d61ed05f7a31d65caf2908a7994a
191 lines
6.9 KiB
YAML
191 lines
6.9 KiB
YAML
heat_template_version: rocky
|
|
|
|
description: >
|
|
OpenStack Neutron ML2/OVN plugin configured with Puppet
|
|
|
|
parameters:
|
|
ServiceData:
|
|
default: {}
|
|
description: Dictionary packing service data
|
|
type: json
|
|
ServiceNetMap:
|
|
default: {}
|
|
description: Mapping of service_name -> network name. Typically set
|
|
via parameter_defaults in the resource registry. This
|
|
mapping overrides those in ServiceNetMapDefaults.
|
|
type: json
|
|
DefaultPasswords:
|
|
default: {}
|
|
type: json
|
|
RoleName:
|
|
default: ''
|
|
description: Role name on which the service is applied
|
|
type: string
|
|
RoleParameters:
|
|
default: {}
|
|
description: Parameters specific to the role
|
|
type: json
|
|
EndpointMap:
|
|
default: {}
|
|
description: Mapping of service endpoint -> protocol. Typically set
|
|
via parameter_defaults in the resource registry.
|
|
type: json
|
|
OVNSouthboundServerPort:
|
|
description: Port of the OVN Southbound DB server
|
|
type: number
|
|
default: 6642
|
|
OVNNorthboundServerPort:
|
|
description: Port of the OVN Northbound DB server
|
|
type: number
|
|
default: 6641
|
|
OVNDbConnectionTimeout:
|
|
description: Timeout in seconds for the OVSDB connection transaction
|
|
type: number
|
|
default: 180
|
|
OVNVifType:
|
|
description: Type of VIF to be used for ports
|
|
type: string
|
|
default: ovs
|
|
constraints:
|
|
- allowed_values:
|
|
- ovs
|
|
- vhostuser
|
|
OVNNeutronSyncMode:
|
|
description: The synchronization mode of OVN with Neutron DB
|
|
type: string
|
|
default: log
|
|
constraints:
|
|
- allowed_values:
|
|
- log
|
|
- off
|
|
- repair
|
|
OVNQosDriver:
|
|
description: OVN notification driver for Neutron QOS service plugin
|
|
type: string
|
|
default: ovn-qos
|
|
NeutronGeneveMaxHeaderSize:
|
|
description: Geneve encapsulation header size
|
|
type: number
|
|
default: 38
|
|
NeutronEnableDVR:
|
|
description: Enable Neutron DVR.
|
|
default: ''
|
|
type: string
|
|
NeutronEnableIgmpSnooping:
|
|
description: Enable IGMP Snooping.
|
|
type: boolean
|
|
default: false
|
|
OVNMetadataEnabled:
|
|
description: Whether Metadata Service has to be enabled
|
|
type: boolean
|
|
default: true
|
|
# NOTE(anil): OVN supports only VLAN, geneve and flat networks
|
|
NeutronNetworkType:
|
|
default: 'geneve'
|
|
description: The tenant network type for Neutron.
|
|
type: comma_delimited_list
|
|
constraints:
|
|
- allowed_values:
|
|
- geneve
|
|
- vlan
|
|
- flat
|
|
OVNDnsServers:
|
|
default: []
|
|
description: List of servers to use as as dns forwarders
|
|
type: comma_delimited_list
|
|
EnableInternalTLS:
|
|
type: boolean
|
|
default: false
|
|
InternalTLSCAFile:
|
|
default: '/etc/ipa/ca.crt'
|
|
type: string
|
|
description: Specifies the default CA cert to use if TLS is used for
|
|
services in the internal network.
|
|
NeutronVhostuserSocketDir:
|
|
default: ""
|
|
description: The vhost-user socket directory for OVS
|
|
type: string
|
|
tags:
|
|
- role_specific
|
|
OVNEmitNeedToFrag:
|
|
type: boolean
|
|
default: false
|
|
description: Configure OVN to emit "need to frag" packets in case of
|
|
MTU mismatch. Before enabling this configuration make sure
|
|
that it's supported by the host kernel (version >= 5.2) or
|
|
by checking the output of the following command
|
|
'ovs-appctl -t ovs-vswitchd dpif/show-dp-features
|
|
br-int | grep "Check pkt length action"'.
|
|
|
|
conditions:
|
|
neutron_dvr_unset: {equals : [{get_param: NeutronEnableDVR}, '']}
|
|
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
|
|
vhostuser_dir_set:
|
|
or:
|
|
- {not: {equals: [{get_param: NeutronVhostuserSocketDir}, ""]}}
|
|
- {not: {equals: [{get_param: [RoleParameters, NeutronVhostuserSocketDir]}, ""]}}
|
|
|
|
resources:
|
|
|
|
NeutronMl2Base:
|
|
type: ./neutron-plugin-ml2.yaml
|
|
properties:
|
|
ServiceData: {get_param: ServiceData}
|
|
ServiceNetMap: {get_param: ServiceNetMap}
|
|
DefaultPasswords: {get_param: DefaultPasswords}
|
|
EndpointMap: {get_param: EndpointMap}
|
|
RoleName: {get_param: RoleName}
|
|
RoleParameters: {get_param: RoleParameters}
|
|
|
|
outputs:
|
|
role_data:
|
|
description: Role data for the Neutron ML2/OVN plugin.
|
|
value:
|
|
service_name: neutron_plugin_ml2_ovn
|
|
config_settings:
|
|
map_merge:
|
|
- get_attr: [NeutronMl2Base, role_data, config_settings]
|
|
- ovn::southbound::port: {get_param: OVNSouthboundServerPort}
|
|
ovn::northbound::port: {get_param: OVNNorthboundServerPort}
|
|
neutron::plugins::ml2::ovn::ovsdb_connection_timeout: {get_param: OVNDbConnectionTimeout}
|
|
neutron::plugins::ml2::ovn::neutron_sync_mode: {get_param: OVNNeutronSyncMode}
|
|
neutron::plugins::ml2::ovn::ovn_l3_mode: true
|
|
neutron::plugins::ml2::ovn::vif_type: {get_param: OVNVifType}
|
|
neutron::plugins::ml2::ovn::ovn_metadata_enabled: {get_param: OVNMetadataEnabled}
|
|
neutron::server::qos_notification_drivers: {get_param: OVNQosDriver}
|
|
neutron::server::igmp_snooping_enable: {get_param: NeutronEnableIgmpSnooping}
|
|
neutron::plugins::ml2::max_header_size: {get_param: NeutronGeneveMaxHeaderSize}
|
|
neutron::plugins::ml2::ovn::dns_servers: {get_param: OVNDnsServers}
|
|
neutron::plugins::ml2::tenant_network_types: {get_param: NeutronNetworkType}
|
|
neutron::plugins::ml2::ovn::ovn_emit_need_to_frag: {get_param: OVNEmitNeedToFrag}
|
|
- if:
|
|
- internal_tls_enabled
|
|
-
|
|
neutron::plugins::ml2::ovn::ovn_sb_ca_cert: {get_param: InternalTLSCAFile}
|
|
neutron::plugins::ml2::ovn::ovn_sb_certificate: '/etc/pki/tls/certs/ovn_neutron_client.crt'
|
|
neutron::plugins::ml2::ovn::ovn_sb_private_key: '/etc/pki/tls/private/ovn_neutron_client.key'
|
|
neutron::plugins::ml2::ovn::ovn_nb_ca_cert: {get_param: InternalTLSCAFile}
|
|
neutron::plugins::ml2::ovn::ovn_nb_certificate: '/etc/pki/tls/certs/ovn_neutron_client.crt'
|
|
neutron::plugins::ml2::ovn::ovn_nb_private_key: '/etc/pki/tls/private/ovn_neutron_client.key'
|
|
- {}
|
|
-
|
|
if:
|
|
- neutron_dvr_unset
|
|
- neutron::plugins::ml2::ovn::dvr_enabled: true
|
|
- neutron::plugins::ml2::ovn::dvr_enabled: {get_param: NeutronEnableDVR}
|
|
-
|
|
if:
|
|
- vhostuser_dir_set
|
|
- map_replace:
|
|
- map_replace:
|
|
- neutron::plugins::ml2::ovn::vhostuser_socket_dir: NeutronVhostuserSocketDir
|
|
- values: {get_param: RoleParameters}
|
|
- values:
|
|
NeutronVhostuserSocketDir: {get_param: NeutronVhostuserSocketDir}
|
|
- {}
|
|
|
|
step_config: |
|
|
include tripleo::profile::base::neutron::plugins::ml2
|
|
metadata_settings:
|
|
get_attr: [NeutronMl2Base, role_data, metadata_settings]
|