openstack
/
tripleo-heat-templates
Code Issues Proposed changes
Heat templates for deploying OpenStack
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
13636 Commits
3 Branches
24 Tags
313 MiB
 
 
 
Tree: b9e4f73207
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'b9e4f73207'
${ noResults }
tripleo-heat-templates/deployment/neutron/neutron-plugin-ml2-ovn.yaml

174 lines
6.3 KiB
Raw Blame History

heat_template_version: wallaby
description: >
OpenStack Neutron ML2/OVN plugin configured with Puppet
parameters:
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
OVNSouthboundServerPort:
description: Port of the OVN Southbound DB server
type: number
default: 6642
OVNNorthboundServerPort:
description: Port of the OVN Northbound DB server
type: number
default: 6641
OVNDbConnectionTimeout:
description: Timeout in seconds for the OVSDB connection transaction
type: number
default: 180
OVNVifType:
description: Type of VIF to be used for ports
type: string
default: ovs
constraints:
- allowed_values:
- ovs
- vhostuser
OVNNeutronSyncMode:
description: The synchronization mode of OVN with Neutron DB
type: string
default: log
constraints:
- allowed_values:
- log
- off
- repair
OVNQosDriver:
description: OVN notification driver for Neutron QOS service plugin
type: string
default: ovn-qos
NeutronGeneveMaxHeaderSize:
description: Geneve encapsulation header size
type: number
default: 38
NeutronEnableDVR:
description: Enable Neutron DVR.
default: ''
type: string
NeutronEnableIgmpSnooping:
description: Enable IGMP Snooping.
type: boolean
default: false
OVNMetadataEnabled:
description: Whether Metadata Service has to be enabled
type: boolean
default: true
OVNDnsServers:
default: []
description: List of servers to use as as dns forwarders
type: comma_delimited_list
EnableInternalTLS:
type: boolean
default: false
InternalTLSCAFile:
default: '/etc/ipa/ca.crt'
type: string
description: Specifies the default CA cert to use if TLS is used for
services in the internal network.
NeutronVhostuserSocketDir:
default: ""
description: The vhost-user socket directory for OVS
type: string
tags:
- role_specific
OVNEmitNeedToFrag:
type: boolean
default: false
description: Configure OVN to emit "need to frag" packets in case of
MTU mismatch. Before enabling this configuration make sure
that it's supported by the host kernel (version >= 5.2) or
by checking the output of the following command
'ovs-appctl -t ovs-vswitchd dpif/show-dp-features
br-int | grep "Check pkt length action"'.
conditions:
neutron_dvr_unset: {equals : [{get_param: NeutronEnableDVR}, '']}
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
vhostuser_dir_set:
or:
- {not: {equals: [{get_param: NeutronVhostuserSocketDir}, ""]}}
- {not: {equals: [{get_param: [RoleParameters, NeutronVhostuserSocketDir]}, ""]}}
resources:
NeutronMl2Base:
type: ./neutron-plugin-ml2.yaml
properties:
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
EndpointMap: {get_param: EndpointMap}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the Neutron ML2/OVN plugin.
value:
service_name: neutron_plugin_ml2_ovn
config_settings:
map_merge:
- get_attr: [NeutronMl2Base, role_data, config_settings]
- ovn::southbound::port: {get_param: OVNSouthboundServerPort}
ovn::northbound::port: {get_param: OVNNorthboundServerPort}
neutron::plugins::ml2::ovn::ovsdb_connection_timeout: {get_param: OVNDbConnectionTimeout}
neutron::plugins::ml2::ovn::neutron_sync_mode: {get_param: OVNNeutronSyncMode}
neutron::plugins::ml2::ovn::vif_type: {get_param: OVNVifType}
neutron::plugins::ml2::ovn::ovn_metadata_enabled: {get_param: OVNMetadataEnabled}
neutron::server::qos_notification_drivers: {get_param: OVNQosDriver}
neutron::server::igmp_snooping_enable: {get_param: NeutronEnableIgmpSnooping}
neutron::plugins::ml2::max_header_size: {get_param: NeutronGeneveMaxHeaderSize}
neutron::plugins::ml2::ovn::dns_servers: {get_param: OVNDnsServers}
neutron::plugins::ml2::ovn::ovn_emit_need_to_frag: {get_param: OVNEmitNeedToFrag}
- if:
- internal_tls_enabled
-
neutron::plugins::ml2::ovn::ovn_sb_ca_cert: {get_param: InternalTLSCAFile}
neutron::plugins::ml2::ovn::ovn_sb_certificate: '/etc/pki/tls/certs/ovn_neutron_client.crt'
neutron::plugins::ml2::ovn::ovn_sb_private_key: '/etc/pki/tls/private/ovn_neutron_client.key'
neutron::plugins::ml2::ovn::ovn_nb_ca_cert: {get_param: InternalTLSCAFile}
neutron::plugins::ml2::ovn::ovn_nb_certificate: '/etc/pki/tls/certs/ovn_neutron_client.crt'
neutron::plugins::ml2::ovn::ovn_nb_private_key: '/etc/pki/tls/private/ovn_neutron_client.key'
- {}
-
if:
- neutron_dvr_unset
- neutron::plugins::ml2::ovn::dvr_enabled: true
- neutron::plugins::ml2::ovn::dvr_enabled: {get_param: NeutronEnableDVR}
-
if:
- vhostuser_dir_set
- map_replace:
- map_replace:
- neutron::plugins::ml2::ovn::vhostuser_socket_dir: NeutronVhostuserSocketDir
- values: {get_param: RoleParameters}
- values:
NeutronVhostuserSocketDir: {get_param: NeutronVhostuserSocketDir}
- {}
step_config: |
include tripleo::profile::base::neutron::plugins::ml2
metadata_settings:
get_attr: [NeutronMl2Base, role_data, metadata_settings]