b1204893eb
Since 20.09, OVN supports VXLAN type for inter-chassis communication. This patch also gets rid of no longer needed override for NeutronNetworkType for OVN, moving the constraints into generic ML2 definition list. The constraints list is extended to include vxlan. Depends-On: I81c016ba9c91282d1bebb40a282077e14ce4bd6b Change-Id: I447458c344a8817f3cfacba06f3410d500ed1f59
180 lines
6.5 KiB
YAML
180 lines
6.5 KiB
YAML
heat_template_version: rocky
|
|
|
|
description: >
|
|
OpenStack Neutron ML2/OVN plugin configured with Puppet
|
|
|
|
parameters:
|
|
ServiceData:
|
|
default: {}
|
|
description: Dictionary packing service data
|
|
type: json
|
|
ServiceNetMap:
|
|
default: {}
|
|
description: Mapping of service_name -> network name. Typically set
|
|
via parameter_defaults in the resource registry. This
|
|
mapping overrides those in ServiceNetMapDefaults.
|
|
type: json
|
|
DefaultPasswords:
|
|
default: {}
|
|
type: json
|
|
RoleName:
|
|
default: ''
|
|
description: Role name on which the service is applied
|
|
type: string
|
|
RoleParameters:
|
|
default: {}
|
|
description: Parameters specific to the role
|
|
type: json
|
|
EndpointMap:
|
|
default: {}
|
|
description: Mapping of service endpoint -> protocol. Typically set
|
|
via parameter_defaults in the resource registry.
|
|
type: json
|
|
OVNSouthboundServerPort:
|
|
description: Port of the OVN Southbound DB server
|
|
type: number
|
|
default: 6642
|
|
OVNNorthboundServerPort:
|
|
description: Port of the OVN Northbound DB server
|
|
type: number
|
|
default: 6641
|
|
OVNDbConnectionTimeout:
|
|
description: Timeout in seconds for the OVSDB connection transaction
|
|
type: number
|
|
default: 180
|
|
OVNVifType:
|
|
description: Type of VIF to be used for ports
|
|
type: string
|
|
default: ovs
|
|
constraints:
|
|
- allowed_values:
|
|
- ovs
|
|
- vhostuser
|
|
OVNNeutronSyncMode:
|
|
description: The synchronization mode of OVN with Neutron DB
|
|
type: string
|
|
default: log
|
|
constraints:
|
|
- allowed_values:
|
|
- log
|
|
- off
|
|
- repair
|
|
OVNQosDriver:
|
|
description: OVN notification driver for Neutron QOS service plugin
|
|
type: string
|
|
default: ovn-qos
|
|
NeutronGeneveMaxHeaderSize:
|
|
description: Geneve encapsulation header size
|
|
type: number
|
|
default: 38
|
|
NeutronEnableDVR:
|
|
description: Enable Neutron DVR.
|
|
default: ''
|
|
type: string
|
|
NeutronEnableIgmpSnooping:
|
|
description: Enable IGMP Snooping.
|
|
type: boolean
|
|
default: false
|
|
OVNMetadataEnabled:
|
|
description: Whether Metadata Service has to be enabled
|
|
type: boolean
|
|
default: true
|
|
OVNDnsServers:
|
|
default: []
|
|
description: List of servers to use as as dns forwarders
|
|
type: comma_delimited_list
|
|
EnableInternalTLS:
|
|
type: boolean
|
|
default: false
|
|
InternalTLSCAFile:
|
|
default: '/etc/ipa/ca.crt'
|
|
type: string
|
|
description: Specifies the default CA cert to use if TLS is used for
|
|
services in the internal network.
|
|
NeutronVhostuserSocketDir:
|
|
default: ""
|
|
description: The vhost-user socket directory for OVS
|
|
type: string
|
|
tags:
|
|
- role_specific
|
|
OVNEmitNeedToFrag:
|
|
type: boolean
|
|
default: false
|
|
description: Configure OVN to emit "need to frag" packets in case of
|
|
MTU mismatch. Before enabling this configuration make sure
|
|
that it's supported by the host kernel (version >= 5.2) or
|
|
by checking the output of the following command
|
|
'ovs-appctl -t ovs-vswitchd dpif/show-dp-features
|
|
br-int | grep "Check pkt length action"'.
|
|
|
|
conditions:
|
|
neutron_dvr_unset: {equals : [{get_param: NeutronEnableDVR}, '']}
|
|
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
|
|
vhostuser_dir_set:
|
|
or:
|
|
- {not: {equals: [{get_param: NeutronVhostuserSocketDir}, ""]}}
|
|
- {not: {equals: [{get_param: [RoleParameters, NeutronVhostuserSocketDir]}, ""]}}
|
|
|
|
resources:
|
|
|
|
NeutronMl2Base:
|
|
type: ./neutron-plugin-ml2.yaml
|
|
properties:
|
|
ServiceData: {get_param: ServiceData}
|
|
ServiceNetMap: {get_param: ServiceNetMap}
|
|
DefaultPasswords: {get_param: DefaultPasswords}
|
|
EndpointMap: {get_param: EndpointMap}
|
|
RoleName: {get_param: RoleName}
|
|
RoleParameters: {get_param: RoleParameters}
|
|
|
|
outputs:
|
|
role_data:
|
|
description: Role data for the Neutron ML2/OVN plugin.
|
|
value:
|
|
service_name: neutron_plugin_ml2_ovn
|
|
config_settings:
|
|
map_merge:
|
|
- get_attr: [NeutronMl2Base, role_data, config_settings]
|
|
- ovn::southbound::port: {get_param: OVNSouthboundServerPort}
|
|
ovn::northbound::port: {get_param: OVNNorthboundServerPort}
|
|
neutron::plugins::ml2::ovn::ovsdb_connection_timeout: {get_param: OVNDbConnectionTimeout}
|
|
neutron::plugins::ml2::ovn::neutron_sync_mode: {get_param: OVNNeutronSyncMode}
|
|
neutron::plugins::ml2::ovn::ovn_l3_mode: true
|
|
neutron::plugins::ml2::ovn::vif_type: {get_param: OVNVifType}
|
|
neutron::plugins::ml2::ovn::ovn_metadata_enabled: {get_param: OVNMetadataEnabled}
|
|
neutron::server::qos_notification_drivers: {get_param: OVNQosDriver}
|
|
neutron::server::igmp_snooping_enable: {get_param: NeutronEnableIgmpSnooping}
|
|
neutron::plugins::ml2::max_header_size: {get_param: NeutronGeneveMaxHeaderSize}
|
|
neutron::plugins::ml2::ovn::dns_servers: {get_param: OVNDnsServers}
|
|
neutron::plugins::ml2::ovn::ovn_emit_need_to_frag: {get_param: OVNEmitNeedToFrag}
|
|
- if:
|
|
- internal_tls_enabled
|
|
-
|
|
neutron::plugins::ml2::ovn::ovn_sb_ca_cert: {get_param: InternalTLSCAFile}
|
|
neutron::plugins::ml2::ovn::ovn_sb_certificate: '/etc/pki/tls/certs/ovn_neutron_client.crt'
|
|
neutron::plugins::ml2::ovn::ovn_sb_private_key: '/etc/pki/tls/private/ovn_neutron_client.key'
|
|
neutron::plugins::ml2::ovn::ovn_nb_ca_cert: {get_param: InternalTLSCAFile}
|
|
neutron::plugins::ml2::ovn::ovn_nb_certificate: '/etc/pki/tls/certs/ovn_neutron_client.crt'
|
|
neutron::plugins::ml2::ovn::ovn_nb_private_key: '/etc/pki/tls/private/ovn_neutron_client.key'
|
|
- {}
|
|
-
|
|
if:
|
|
- neutron_dvr_unset
|
|
- neutron::plugins::ml2::ovn::dvr_enabled: true
|
|
- neutron::plugins::ml2::ovn::dvr_enabled: {get_param: NeutronEnableDVR}
|
|
-
|
|
if:
|
|
- vhostuser_dir_set
|
|
- map_replace:
|
|
- map_replace:
|
|
- neutron::plugins::ml2::ovn::vhostuser_socket_dir: NeutronVhostuserSocketDir
|
|
- values: {get_param: RoleParameters}
|
|
- values:
|
|
NeutronVhostuserSocketDir: {get_param: NeutronVhostuserSocketDir}
|
|
- {}
|
|
|
|
step_config: |
|
|
include tripleo::profile::base::neutron::plugins::ml2
|
|
metadata_settings:
|
|
get_attr: [NeutronMl2Base, role_data, metadata_settings]
|