84b18f8fea
This patch is adding a new parameter called OVNEmitNeedToFrag. This parameter sets the "ovn_emit_need_to_frag" configuration option in networking-ovn. When set to True the option tells ovn whether it should emit "need to frag" packets in case of MTU mismatch. Before enabling this configuration make sure that its supported by the host kernel (version >= 5.2) or by checking the output of the following command: ovs-appctl -t ovs-vswitchd dpif/show-dp-features br-int | grep "Check pkt length action". Defaults to False. This option was introduced by networking-ovn at: https://review.opendev.org/#/c/671766/ Depends-On: https://review.opendev.org/#/c/687845/ Change-Id: Icf6c00997e52346e3c676f937be7daf553f137e3 Signed-off-by: Lucas Alvares Gomes <lucasagomes@gmail.com>
186 lines
6.7 KiB
YAML
186 lines
6.7 KiB
YAML
heat_template_version: rocky
|
|
|
|
description: >
|
|
OpenStack Neutron ML2/OVN plugin configured with Puppet
|
|
|
|
parameters:
|
|
ServiceData:
|
|
default: {}
|
|
description: Dictionary packing service data
|
|
type: json
|
|
ServiceNetMap:
|
|
default: {}
|
|
description: Mapping of service_name -> network name. Typically set
|
|
via parameter_defaults in the resource registry. This
|
|
mapping overrides those in ServiceNetMapDefaults.
|
|
type: json
|
|
DefaultPasswords:
|
|
default: {}
|
|
type: json
|
|
RoleName:
|
|
default: ''
|
|
description: Role name on which the service is applied
|
|
type: string
|
|
RoleParameters:
|
|
default: {}
|
|
description: Parameters specific to the role
|
|
type: json
|
|
EndpointMap:
|
|
default: {}
|
|
description: Mapping of service endpoint -> protocol. Typically set
|
|
via parameter_defaults in the resource registry.
|
|
type: json
|
|
OVNSouthboundServerPort:
|
|
description: Port of the OVN Southbound DB server
|
|
type: number
|
|
default: 6642
|
|
OVNNorthboundServerPort:
|
|
description: Port of the OVN Northbound DB server
|
|
type: number
|
|
default: 6641
|
|
OVNDbConnectionTimeout:
|
|
description: Timeout in seconds for the OVSDB connection transaction
|
|
type: number
|
|
default: 180
|
|
OVNVifType:
|
|
description: Type of VIF to be used for ports
|
|
type: string
|
|
default: ovs
|
|
constraints:
|
|
- allowed_values:
|
|
- ovs
|
|
- vhostuser
|
|
OVNNeutronSyncMode:
|
|
description: The synchronization mode of OVN with Neutron DB
|
|
type: string
|
|
default: log
|
|
constraints:
|
|
- allowed_values:
|
|
- log
|
|
- off
|
|
- repair
|
|
OVNQosDriver:
|
|
description: OVN notification driver for Neutron QOS service plugin
|
|
type: string
|
|
default: ovn-qos
|
|
NeutronGeneveMaxHeaderSize:
|
|
description: Geneve encapsulation header size
|
|
type: number
|
|
default: 38
|
|
NeutronEnableDVR:
|
|
description: Enable Neutron DVR.
|
|
default: ''
|
|
type: string
|
|
OVNMetadataEnabled:
|
|
description: Whether Metadata Service has to be enabled
|
|
type: boolean
|
|
default: true
|
|
# NOTE(anil): OVN supports only VLAN, geneve and flat networks
|
|
NeutronNetworkType:
|
|
default: 'geneve'
|
|
description: The tenant network type for Neutron.
|
|
type: comma_delimited_list
|
|
constraints:
|
|
- allowed_values:
|
|
- geneve
|
|
- vlan
|
|
- flat
|
|
OVNDnsServers:
|
|
default: []
|
|
description: List of servers to use as as dns forwarders
|
|
type: comma_delimited_list
|
|
EnableInternalTLS:
|
|
type: boolean
|
|
default: false
|
|
InternalTLSCAFile:
|
|
default: '/etc/ipa/ca.crt'
|
|
type: string
|
|
description: Specifies the default CA cert to use if TLS is used for
|
|
services in the internal network.
|
|
NeutronVhostuserSocketDir:
|
|
default: ""
|
|
description: The vhost-user socket directory for OVS
|
|
type: string
|
|
tags:
|
|
- role_specific
|
|
OVNEmitNeedToFrag:
|
|
type: boolean
|
|
default: false
|
|
description: Configure OVN to emit "need to frag" packets in case of
|
|
MTU mismatch. Before enabling this configuration make sure
|
|
that it's supported by the host kernel (version >= 5.2) or
|
|
by checking the output of the following command
|
|
'ovs-appctl -t ovs-vswitchd dpif/show-dp-features
|
|
br-int | grep "Check pkt length action"'.
|
|
|
|
conditions:
|
|
neutron_dvr_unset: {equals : [{get_param: NeutronEnableDVR}, '']}
|
|
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
|
|
vhostuser_dir_set:
|
|
or:
|
|
- {not: {equals: [{get_param: NeutronVhostuserSocketDir}, ""]}}
|
|
- {not: {equals: [{get_param: [RoleParameters, NeutronVhostuserSocketDir]}, ""]}}
|
|
|
|
resources:
|
|
|
|
NeutronMl2Base:
|
|
type: ./neutron-plugin-ml2.yaml
|
|
properties:
|
|
ServiceData: {get_param: ServiceData}
|
|
ServiceNetMap: {get_param: ServiceNetMap}
|
|
DefaultPasswords: {get_param: DefaultPasswords}
|
|
EndpointMap: {get_param: EndpointMap}
|
|
RoleName: {get_param: RoleName}
|
|
RoleParameters: {get_param: RoleParameters}
|
|
|
|
outputs:
|
|
role_data:
|
|
description: Role data for the Neutron ML2/OVN plugin.
|
|
value:
|
|
service_name: neutron_plugin_ml2_ovn
|
|
config_settings:
|
|
map_merge:
|
|
- get_attr: [NeutronMl2Base, role_data, config_settings]
|
|
- ovn::southbound::port: {get_param: OVNSouthboundServerPort}
|
|
ovn::northbound::port: {get_param: OVNNorthboundServerPort}
|
|
neutron::plugins::ml2::ovn::ovsdb_connection_timeout: {get_param: OVNDbConnectionTimeout}
|
|
neutron::plugins::ml2::ovn::neutron_sync_mode: {get_param: OVNNeutronSyncMode}
|
|
neutron::plugins::ml2::ovn::ovn_l3_mode: true
|
|
neutron::plugins::ml2::ovn::vif_type: {get_param: OVNVifType}
|
|
neutron::plugins::ml2::ovn::ovn_metadata_enabled: {get_param: OVNMetadataEnabled}
|
|
neutron::server::qos_notification_drivers: {get_param: OVNQosDriver}
|
|
neutron::plugins::ml2::max_header_size: {get_param: NeutronGeneveMaxHeaderSize}
|
|
neutron::plugins::ml2::ovn::dns_servers: {get_param: OVNDnsServers}
|
|
neutron::plugins::ml2::tenant_network_types: {get_param: NeutronNetworkType}
|
|
neutron::plugins::ml2::ovn::ovn_emit_need_to_frag: {get_param: OVNEmitNeedToFrag}
|
|
- if:
|
|
- internal_tls_enabled
|
|
-
|
|
neutron::plugins::ml2::ovn::ovn_sb_ca_cert: {get_param: InternalTLSCAFile}
|
|
neutron::plugins::ml2::ovn::ovn_sb_certificate: '/etc/pki/tls/certs/ovn_neutron_client.crt'
|
|
neutron::plugins::ml2::ovn::ovn_sb_private_key: '/etc/pki/tls/private/ovn_neutron_client.key'
|
|
neutron::plugins::ml2::ovn::ovn_nb_ca_cert: {get_param: InternalTLSCAFile}
|
|
neutron::plugins::ml2::ovn::ovn_nb_certificate: '/etc/pki/tls/certs/ovn_neutron_client.crt'
|
|
neutron::plugins::ml2::ovn::ovn_nb_private_key: '/etc/pki/tls/private/ovn_neutron_client.key'
|
|
- {}
|
|
-
|
|
if:
|
|
- neutron_dvr_unset
|
|
- neutron::plugins::ml2::ovn::dvr_enabled: true
|
|
- neutron::plugins::ml2::ovn::dvr_enabled: {get_param: NeutronEnableDVR}
|
|
-
|
|
if:
|
|
- vhostuser_dir_set
|
|
- map_replace:
|
|
- map_replace:
|
|
- neutron::plugins::ml2::ovn::vhostuser_socket_dir: NeutronVhostuserSocketDir
|
|
- values: {get_param: RoleParameters}
|
|
- values:
|
|
NeutronVhostuserSocketDir: {get_param: NeutronVhostuserSocketDir}
|
|
- {}
|
|
|
|
step_config: |
|
|
include ::tripleo::profile::base::neutron::plugins::ml2
|
|
metadata_settings:
|
|
get_attr: [NeutronMl2Base, role_data, metadata_settings]
|