tripleo-heat-templates/puppet/services/neutron-ovs-agent.yaml
Giulio Fidente baf6eee501 Adds network/cidr mapping into a new service property
Makes it possible to resolve network subnets within a service
template; the data is transported into a new property ServiceData
wired into every service which hopefully is generic enough to
be extended in the future and transport more data.

Data can be consumed in service templates to set config values
which need to know what is the subnet where a deamon operates (for
example the Ceph Public vs Cluster network).

Change-Id: I28e21c46f1ef609517175f7e7ee19e28d1c0cba2
2017-07-14 13:44:04 +02:00

164 lines
6.2 KiB
YAML

heat_template_version: pike
description: >
OpenStack Neutron OVS agent configured with Puppet
parameters:
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
NeutronEnableL2Pop:
type: string
description: >
Enable/disable the L2 population feature in the Neutron agents.
default: "False"
NeutronBridgeMappings:
description: >
The OVS logical->physical bridge mappings to use. See the Neutron
documentation for details. Defaults to mapping br-ex - the external
bridge on hosts - to a physical name 'datacentre' which can be used
to create provider networks (and we use this for the default floating
network) - if changing this either use different post-install network
scripts or be sure to keep 'datacentre' as a mapping network name.
type: comma_delimited_list
default: "datacentre:br-ex"
NeutronTunnelTypes:
default: 'vxlan'
description: |
The tunnel types for the Neutron tenant network.
type: comma_delimited_list
NeutronAgentExtensions:
default: "qos"
description: |
Comma-separated list of extensions enabled for the Neutron agents.
type: comma_delimited_list
NeutronEnableDVR:
default: False
description: Enable Neutron DVR.
type: boolean
NeutronEnableARPResponder:
default: false
description: |
Enable ARP responder feature in the OVS Agent.
type: boolean
MonitoringSubscriptionNeutronOvs:
default: 'overcloud-neutron-ovs-agent'
type: string
NeutronOVSFirewallDriver:
default: ''
description: |
Configure the classname of the firewall driver to use for implementing
security groups. Possible values depend on system configuration. Some
examples are: noop, openvswitch, iptables_hybrid. The default value of an
empty string will result in a default supported configuration.
type: string
NeutronOpenVswitchAgentLoggingSource:
type: json
default:
tag: openstack.neutron.agent.openvswitch
path: /var/log/neutron/openvswitch-agent.log
conditions:
no_firewall_driver: {equals : [{get_param: NeutronOVSFirewallDriver}, '']}
resources:
NeutronBase:
type: ./neutron-base.yaml
properties:
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
Ovs:
type: ./openvswitch.yaml
properties:
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
outputs:
role_data:
description: Role data for the Neutron OVS agent service.
value:
service_name: neutron_ovs_agent
monitoring_subscription: {get_param: MonitoringSubscriptionNeutronOvs}
logging_source: {get_param: NeutronOpenVswitchAgentLoggingSource}
logging_groups:
- neutron
config_settings:
map_merge:
- get_attr: [NeutronBase, role_data, config_settings]
- neutron::agents::ml2::ovs::l2_population: {get_param: NeutronEnableL2Pop}
neutron::agents::ml2::ovs::enable_distributed_routing: {get_param: NeutronEnableDVR}
neutron::agents::ml2::ovs::arp_responder: {get_param: NeutronEnableARPResponder}
neutron::agents::ml2::ovs::bridge_mappings: {get_param: NeutronBridgeMappings}
neutron::agents::ml2::ovs::tunnel_types: {get_param: NeutronTunnelTypes}
neutron::agents::ml2::ovs::extensions: {get_param: NeutronAgentExtensions}
# NOTE: bind IP is found in Heat replacing the network name with the
# local node IP for the given network; replacement examples
# (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
neutron::agents::ml2::ovs::local_ip: {get_param: [ServiceNetMap, NeutronTenantNetwork]}
tripleo.neutron_ovs_agent.firewall_rules:
'118 neutron vxlan networks':
proto: 'udp'
dport: 4789
'136 neutron gre networks':
proto: 'gre'
-
if:
- no_firewall_driver
- {}
- neutron::agents::ml2::ovs::firewall_driver: {get_param: NeutronOVSFirewallDriver}
step_config: |
include ::tripleo::profile::base::neutron::ovs
upgrade_tasks:
yaql:
expression: $.data.ovs_upgrade + $.data.neutron_ovs_upgrade
data:
ovs_upgrade:
get_attr: [Ovs, role_data, upgrade_tasks]
neutron_ovs_upgrade:
- name: Check if neutron_ovs_agent is deployed
command: systemctl is-enabled neutron-openvswitch-agent
tags: common
ignore_errors: True
register: neutron_ovs_agent_enabled
- name: "PreUpgrade step0,validation: Check service neutron-openvswitch-agent is running"
shell: /usr/bin/systemctl show 'neutron-openvswitch-agent' --property ActiveState | grep '\bactive\b'
when: neutron_ovs_agent_enabled.rc == 0
tags: step0,validation
- name: Stop neutron_ovs_agent service
tags: step1
when: neutron_ovs_agent_enabled.rc == 0
service: name=neutron-openvswitch-agent state=stopped