391 lines
15 KiB
YAML
391 lines
15 KiB
YAML
heat_template_version: rocky
|
|
|
|
description: >
|
|
OpenStack containerized OpenDaylight API service
|
|
Note, This service is deprecated in Stein release and will
|
|
be disabled in future releases.
|
|
|
|
parameters:
|
|
ContainerOpendaylightApiImage:
|
|
description: image
|
|
type: string
|
|
ContainerOpendaylightConfigImage:
|
|
description: image
|
|
type: string
|
|
EndpointMap:
|
|
default: {}
|
|
description: Mapping of service endpoint -> protocol. Typically set
|
|
via parameter_defaults in the resource registry.
|
|
type: json
|
|
ServiceData:
|
|
default: {}
|
|
description: Dictionary packing service data
|
|
type: json
|
|
ServiceNetMap:
|
|
default: {}
|
|
description: Mapping of service_name -> network name. Typically set
|
|
via parameter_defaults in the resource registry. This
|
|
mapping overrides those in ServiceNetMapDefaults.
|
|
type: json
|
|
DefaultPasswords:
|
|
default: {}
|
|
type: json
|
|
RoleName:
|
|
default: ''
|
|
description: Role name on which the service is applied
|
|
type: string
|
|
RoleParameters:
|
|
default: {}
|
|
description: Parameters specific to the role
|
|
type: json
|
|
EnableInternalTLS:
|
|
type: boolean
|
|
default: false
|
|
InternalTLSCAFile:
|
|
default: '/etc/ipa/ca.crt'
|
|
type: string
|
|
description: Specifies the default CA cert to use if TLS is used for
|
|
services in the internal network.
|
|
ODLUpdateLevel:
|
|
default: 1
|
|
description: Specify the level of update
|
|
type: number
|
|
constraints:
|
|
- allowed_values:
|
|
- 1
|
|
- 2
|
|
OpenDaylightUsername:
|
|
default: 'admin'
|
|
description: The username for the opendaylight server.
|
|
type: string
|
|
OpenDaylightPassword:
|
|
type: string
|
|
description: The password for the opendaylight server.
|
|
hidden: true
|
|
OpenDaylightFeatures:
|
|
description: List of features to install with ODL
|
|
type: comma_delimited_list
|
|
default: ["odl-netvirt-openstack","odl-jolokia"]
|
|
OpenDaylightManageRepositories:
|
|
description: Whether to manage the OpenDaylight repository
|
|
type: boolean
|
|
default: false
|
|
OpenDaylightSNATMechanism:
|
|
description: SNAT mechanism to be used
|
|
default: 'conntrack'
|
|
type: string
|
|
constraints:
|
|
- allowed_values:
|
|
- conntrack
|
|
- controller
|
|
OpenDaylightLogMechanism:
|
|
description: Logging mechanism to be used
|
|
default: 'file'
|
|
type: string
|
|
constraints:
|
|
- allowed_values:
|
|
- file
|
|
- console
|
|
OpenDaylightTLSKeystorePassword:
|
|
default: 'opendaylight'
|
|
type: string
|
|
description: The password for the opendaylight TLS keystore.
|
|
Must be at least 6 characters.
|
|
hidden: true
|
|
OpenDaylightInheritDSCPMarking:
|
|
description: Enable DSCP marking for VXLAN/GRE tunnels
|
|
type: boolean
|
|
default: false
|
|
OpenDaylightJavaOpts:
|
|
default: ''
|
|
type: string
|
|
description: Specifies the Java options to run ODL with as a string.
|
|
Note, these options are in addition to the default Java
|
|
options set by the karaf/ODL boot scripts and IP version
|
|
based flag set by 'opendaylight' class.
|
|
OpenDaylightInactivityProbe:
|
|
description: Time in millseconds before an inactivity probe is sent via
|
|
OVSDB to OVS
|
|
type: number
|
|
default: 180000
|
|
|
|
conditions:
|
|
|
|
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
|
|
|
|
resources:
|
|
|
|
ContainersCommon:
|
|
type: ../../containers-common.yaml
|
|
|
|
OpenDaylightApiLogging:
|
|
type: OS::TripleO::Services::Logging::OpenDaylightApi
|
|
|
|
outputs:
|
|
role_data:
|
|
description: Role data for the OpenDaylight API role.
|
|
value:
|
|
service_name: opendaylight_api
|
|
config_settings:
|
|
map_merge:
|
|
-
|
|
opendaylight::odl_rest_port: {get_param: [EndpointMap, OpenDaylightInternal, port]}
|
|
opendaylight::username: {get_param: OpenDaylightUsername}
|
|
opendaylight::password: {get_param: OpenDaylightPassword}
|
|
opendaylight::extra_features: {get_param: OpenDaylightFeatures}
|
|
opendaylight::odl_bind_ip:
|
|
str_replace:
|
|
template:
|
|
"%{hiera('$NETWORK')}"
|
|
params:
|
|
$NETWORK: {get_param: [ServiceNetMap, OpendaylightApiNetwork]}
|
|
opendaylight::manage_repositories: {get_param: OpenDaylightManageRepositories}
|
|
tripleo::opendaylight_api::firewall_rules:
|
|
'137 opendaylight api':
|
|
dport:
|
|
- {get_param: [EndpointMap, OpenDaylightInternal, port]}
|
|
- 6640
|
|
- 6653
|
|
- 2550
|
|
- 8185
|
|
opendaylight::snat_mechanism: {get_param: OpenDaylightSNATMechanism}
|
|
opendaylight::log_mechanism: {get_param: OpenDaylightLogMechanism}
|
|
opendaylight::inherit_dscp_marking: {get_param: OpenDaylightInheritDSCPMarking}
|
|
opendaylight::java_opts: {get_param: OpenDaylightJavaOpts}
|
|
opendaylight::inactivity_probe: {get_param: OpenDaylightInactivityProbe}
|
|
-
|
|
if:
|
|
- internal_tls_enabled
|
|
- generate_service_certificates: true
|
|
tripleo::profile::base::neutron::opendaylight::certificate_specs:
|
|
service_certificate: '/etc/pki/tls/certs/odl.crt'
|
|
service_key: '/etc/pki/tls/private/odl.key'
|
|
hostname:
|
|
str_replace:
|
|
template: "%{hiera('fqdn_NETWORK')}"
|
|
params:
|
|
NETWORK: {get_param: [ServiceNetMap, OpendaylightApiNetwork]}
|
|
principal:
|
|
str_replace:
|
|
template: "odl/%{hiera('fqdn_NETWORK')}"
|
|
params:
|
|
NETWORK: {get_param: [ServiceNetMap, OpendaylightApiNetwork]}
|
|
opendaylight::tls_ca_cert_file: {get_param: InternalTLSCAFile}
|
|
opendaylight::tls_keystore_password: {get_param: OpenDaylightTLSKeystorePassword}
|
|
tripleo::certmonger::opendaylight::postsave_cmd: "true" # TODO: restart the odl container here
|
|
- {}
|
|
# BEGIN DOCKER SETTINGS
|
|
puppet_config:
|
|
config_volume: opendaylight
|
|
volumes:
|
|
list_concat:
|
|
- if:
|
|
- internal_tls_enabled
|
|
- - /etc/pki/tls/certs/odl.crt:/etc/pki/tls/certs/odl.crt:ro
|
|
- /etc/pki/tls/private/odl.key:/etc/pki/tls/private/odl.key:ro
|
|
- list_join:
|
|
- ':'
|
|
- - {get_param: InternalTLSCAFile}
|
|
- {get_param: InternalTLSCAFile}
|
|
- 'ro'
|
|
- null
|
|
# 'file,concat,file_line,augeas' are included by default
|
|
puppet_tags: odl_user,odl_keystore
|
|
step_config: |
|
|
include tripleo::profile::base::neutron::opendaylight
|
|
config_image: {get_param: ContainerOpendaylightConfigImage}
|
|
kolla_config:
|
|
/var/lib/kolla/config_files/opendaylight_api.json:
|
|
command: /opt/opendaylight/bin/karaf server
|
|
config_files:
|
|
- source: "/var/lib/kolla/config_files/src/*"
|
|
dest: "/"
|
|
merge: true
|
|
preserve_properties: true
|
|
permissions:
|
|
- path: /opt/opendaylight
|
|
owner: odl:odl
|
|
recurse: true
|
|
docker_config:
|
|
step_1:
|
|
opendaylight_api:
|
|
start_order: 0
|
|
image: &odl_api_image {get_param: ContainerOpendaylightApiImage}
|
|
privileged: false
|
|
net: host
|
|
detach: true
|
|
user: odl
|
|
restart: unless-stopped
|
|
healthcheck:
|
|
test: /openstack/healthcheck
|
|
volumes:
|
|
list_concat:
|
|
- {get_attr: [ContainersCommon, volumes]}
|
|
- {get_attr: [OpenDaylightApiLogging, volumes]}
|
|
-
|
|
- /var/lib/kolla/config_files/opendaylight_api.json:/var/lib/kolla/config_files/config.json:ro
|
|
- /var/lib/config-data/puppet-generated/opendaylight/:/var/lib/kolla/config_files/src:ro
|
|
- /var/lib/opendaylight/journal:/opt/opendaylight/journal
|
|
- /var/lib/opendaylight/snapshots:/opt/opendaylight/snapshots
|
|
environment:
|
|
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
|
|
metadata_settings:
|
|
if:
|
|
- internal_tls_enabled
|
|
-
|
|
- service: odl
|
|
network: {get_param: [ServiceNetMap, OpendaylightApiNetwork]}
|
|
type: node
|
|
- null
|
|
host_prep_tasks:
|
|
list_concat:
|
|
- {get_attr: [OpenDaylightApiLogging, host_prep_tasks]}
|
|
-
|
|
- name: Delete data and karaf folder
|
|
file:
|
|
path: "{{ item }}"
|
|
state: absent
|
|
with_items:
|
|
- /var/lib/opendaylight/data # Delete folder if present from previous deployment
|
|
- /var/lib/config-data/puppet-generated/opendaylight/opt/opendaylight/etc/opendaylight/karaf
|
|
- name: create persistent directories
|
|
file:
|
|
path: "{{ item }}"
|
|
state: directory
|
|
with_items:
|
|
- /var/lib/opendaylight/snapshots
|
|
- /var/lib/opendaylight/journal
|
|
upgrade_tasks:
|
|
# Containerized deployment upgrade steps
|
|
- name: ODL container L2 update and upgrade tasks
|
|
block: &odl_container_upgrade_tasks
|
|
- name: Set fact for container CLI
|
|
set_fact:
|
|
container_cli: {get_param: ContainerCli}
|
|
- name: Check if ODL container is present
|
|
shell: "{{ container_cli }} ps -a --format '{{ '{{' }}.Names{{ '}}' }}' | grep '^opendaylight_api$'"
|
|
register: opendaylight_api_container_present
|
|
failed_when: false
|
|
# NOTE: using shell module because of
|
|
# https://github.com/ansible/ansible/issues/27960
|
|
##TODO: (janki) make update policy compatible with podman
|
|
- name: Update ODL container restart policy to unless-stopped
|
|
shell: "docker update --restart=unless-stopped opendaylight_api"
|
|
when:
|
|
- opendaylight_api_container_present.rc == 0
|
|
- container_cli == docker
|
|
- name: stop previous ODL container
|
|
docker_container:
|
|
name: opendaylight_api
|
|
state: stopped
|
|
when:
|
|
- step|int == 0
|
|
- container_cli == docker
|
|
##TODO: (janki) Switch to podman ansible module once its available
|
|
- name: stop previous ODL container using podman
|
|
shell: "systemctl stop opendaylight_api"
|
|
when:
|
|
- step|int == 0
|
|
- container_cli == podman
|
|
- name: remove journal and snapshots
|
|
file:
|
|
path: /var/lib/opendaylight/{{item}}
|
|
state: absent
|
|
with_items:
|
|
- snapshots
|
|
- journal
|
|
when: step|int == 0
|
|
- name: Set ODL upgrade flag to True
|
|
copy:
|
|
dest: /var/lib/config-data/puppet-generated/opendaylight/opt/opendaylight/etc/opendaylight/datastore/initial/config/genius-mdsalutil-config.xml
|
|
content: |
|
|
<config xmlns="urn:opendaylight:params:xml:ns:yang:mdsalutil">
|
|
<upgradeInProgress>true</upgradeInProgress>
|
|
</config>
|
|
owner: 42462
|
|
group: 42462
|
|
mode: 0644
|
|
when: step|int == 1
|
|
post_upgrade_tasks: &odl_container_post_upgrade_tasks
|
|
- name: Disable Upgrade in Config File
|
|
copy:
|
|
dest: /var/lib/config-data/puppet-generated/opendaylight/opt/opendaylight/etc/opendaylight/datastore/initial/config/genius-mdsalutil-config.xml
|
|
content: |
|
|
<config xmlns="urn:opendaylight:params:xml:ns:yang:mdsalutil">
|
|
<upgradeInProgress>false</upgradeInProgress>
|
|
</config>
|
|
owner: 42462
|
|
group: 42462
|
|
mode: 0644
|
|
when: step|int == 0
|
|
# 2 commands in 1 task because the sequence of commands needs to be ensured
|
|
# and that no other task is executed in between.
|
|
- name: Delete Upgrade Flag and Unset it via Rest
|
|
shell:
|
|
str_replace:
|
|
template: >
|
|
curl -k -v --silent --fail --show-error -u $ODL_USERNAME:$ODL_PASSWORD
|
|
-H "Content-Type: application/json" -X DELETE
|
|
$ODL_URI/restconf/config/genius-mdsalutil:config;
|
|
curl -k -v --silent --fail --show-error -u $ODL_USERNAME:$ODL_PASSWORD
|
|
-H "Content-Type: application/json" -X POST
|
|
$ODL_URI/restconf/config/genius-mdsalutil:config
|
|
-d "{ "upgradeInProgress": false }"
|
|
params:
|
|
$ODL_USERNAME: {get_param: OpenDaylightUsername}
|
|
$ODL_PASSWORD: {get_param: OpenDaylightPassword}
|
|
$ODL_URI: {get_param: [EndpointMap, OpenDaylightInternal, uri]}
|
|
when: step|int == 0
|
|
run_once: true
|
|
- when: step|int == 1
|
|
import_role:
|
|
name: tripleo-docker-rm
|
|
vars:
|
|
containers_to_rm:
|
|
- opendaylight_api
|
|
tripleo_container_cli: "docker"
|
|
update_tasks:
|
|
- name: Get ODL update level
|
|
block: &get_odl_update_level
|
|
- name: store update level to update_level variable
|
|
set_fact:
|
|
odl_update_level: {get_param: ODLUpdateLevel}
|
|
- name: Stop ODL container and remove cache
|
|
block:
|
|
- name: Set fact for container CLI
|
|
set_fact:
|
|
container_cli: {get_param: ContainerCli}
|
|
- name: Check if ODL container is present
|
|
shell: "{{ contianer_cli }} ps -a --format '{{ '{{' }}.Names{{ '}}' }}' | grep '^opendaylight_api$'"
|
|
register: opendaylight_api_container_present
|
|
failed_when: false
|
|
# NOTE: using shell module because of
|
|
# https://github.com/ansible/ansible/issues/27960
|
|
##TODO: (janki) make update policy compatible with podman
|
|
- name: Update ODL container restart policy to unless-stopped
|
|
shell: "docker update --restart=unless-stopped opendaylight_api"
|
|
when: opendaylight_api_container_present.rc == 0
|
|
- name: Stop previous ODL container
|
|
docker_container:
|
|
name: opendaylight_api
|
|
state: stopped
|
|
when: container_cli == docker
|
|
##TODO: (janki) Switch to podman ansible module once its available
|
|
- name: stop previous ODL container using podman
|
|
shell: "systemctl stop opendaylight_api"
|
|
when: container_cli == podman
|
|
- name: Delete data folder
|
|
file:
|
|
path: /var/lib/opendaylight/data
|
|
state: absent
|
|
when:
|
|
- step|int == 0
|
|
- odl_update_level == 1
|
|
- name: Run L2 update tasks that are similar to upgrade_tasks when update level is 2
|
|
block: *odl_container_upgrade_tasks
|
|
when: odl_update_level == 2
|
|
post_update_tasks:
|
|
- block: *get_odl_update_level
|
|
- block: *odl_container_post_upgrade_tasks
|
|
when: odl_update_level == 2
|