openstack
/
tripleo-heat-templates
Code Issues Proposed changes
tripleo-heat-templates/deployment/deprecated/opendaylight/opendaylight-api-container-...

391 lines
15 KiB
YAML
Raw Blame History

heat_template_version: rocky
description: >
OpenStack containerized OpenDaylight API service
Note, This service is deprecated in Stein release and will
be disabled in future releases.
parameters:
ContainerOpendaylightApiImage:
description: image
type: string
ContainerOpendaylightConfigImage:
description: image
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EnableInternalTLS:
type: boolean
default: false
InternalTLSCAFile:
default: '/etc/ipa/ca.crt'
type: string
description: Specifies the default CA cert to use if TLS is used for
services in the internal network.
ODLUpdateLevel:
default: 1
description: Specify the level of update
type: number
constraints:
- allowed_values:
- 1
- 2
OpenDaylightUsername:
default: 'admin'
description: The username for the opendaylight server.
type: string
OpenDaylightPassword:
type: string
description: The password for the opendaylight server.
hidden: true
OpenDaylightFeatures:
description: List of features to install with ODL
type: comma_delimited_list
default: ["odl-netvirt-openstack","odl-jolokia"]
OpenDaylightManageRepositories:
description: Whether to manage the OpenDaylight repository
type: boolean
default: false
OpenDaylightSNATMechanism:
description: SNAT mechanism to be used
default: 'conntrack'
type: string
constraints:
- allowed_values:
- conntrack
- controller
OpenDaylightLogMechanism:
description: Logging mechanism to be used
default: 'file'
type: string
constraints:
- allowed_values:
- file
- console
OpenDaylightTLSKeystorePassword:
default: 'opendaylight'
type: string
description: The password for the opendaylight TLS keystore.
Must be at least 6 characters.
hidden: true
OpenDaylightInheritDSCPMarking:
description: Enable DSCP marking for VXLAN/GRE tunnels
type: boolean
default: false
OpenDaylightJavaOpts:
default: ''
type: string
description: Specifies the Java options to run ODL with as a string.
Note, these options are in addition to the default Java
options set by the karaf/ODL boot scripts and IP version
based flag set by 'opendaylight' class.
OpenDaylightInactivityProbe:
description: Time in millseconds before an inactivity probe is sent via
OVSDB to OVS
type: number
default: 180000
conditions:
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
resources:
ContainersCommon:
type: ../../containers-common.yaml
OpenDaylightApiLogging:
type: OS::TripleO::Services::Logging::OpenDaylightApi
outputs:
role_data:
description: Role data for the OpenDaylight API role.
value:
service_name: opendaylight_api
config_settings:
map_merge:
-
opendaylight::odl_rest_port: {get_param: [EndpointMap, OpenDaylightInternal, port]}
opendaylight::username: {get_param: OpenDaylightUsername}
opendaylight::password: {get_param: OpenDaylightPassword}
opendaylight::extra_features: {get_param: OpenDaylightFeatures}
opendaylight::odl_bind_ip:
str_replace:
template:
"%{hiera('$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, OpendaylightApiNetwork]}
opendaylight::manage_repositories: {get_param: OpenDaylightManageRepositories}
tripleo::opendaylight_api::firewall_rules:
'137 opendaylight api':
dport:
- {get_param: [EndpointMap, OpenDaylightInternal, port]}
- 6640
- 6653
- 2550
- 8185
opendaylight::snat_mechanism: {get_param: OpenDaylightSNATMechanism}
opendaylight::log_mechanism: {get_param: OpenDaylightLogMechanism}
opendaylight::inherit_dscp_marking: {get_param: OpenDaylightInheritDSCPMarking}
opendaylight::java_opts: {get_param: OpenDaylightJavaOpts}
opendaylight::inactivity_probe: {get_param: OpenDaylightInactivityProbe}
-
if:
- internal_tls_enabled
- generate_service_certificates: true
tripleo::profile::base::neutron::opendaylight::certificate_specs:
service_certificate: '/etc/pki/tls/certs/odl.crt'
service_key: '/etc/pki/tls/private/odl.key'
hostname:
str_replace:
template: "%{hiera('fqdn_NETWORK')}"
params:
NETWORK: {get_param: [ServiceNetMap, OpendaylightApiNetwork]}
principal:
str_replace:
template: "odl/%{hiera('fqdn_NETWORK')}"
params:
NETWORK: {get_param: [ServiceNetMap, OpendaylightApiNetwork]}
opendaylight::tls_ca_cert_file: {get_param: InternalTLSCAFile}
opendaylight::tls_keystore_password: {get_param: OpenDaylightTLSKeystorePassword}
tripleo::certmonger::opendaylight::postsave_cmd: "true" # TODO: restart the odl container here
- {}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: opendaylight
volumes:
list_concat:
- if:
- internal_tls_enabled
- - /etc/pki/tls/certs/odl.crt:/etc/pki/tls/certs/odl.crt:ro
- /etc/pki/tls/private/odl.key:/etc/pki/tls/private/odl.key:ro
- list_join:
- ':'
- - {get_param: InternalTLSCAFile}
- {get_param: InternalTLSCAFile}
- 'ro'
- null
# 'file,concat,file_line,augeas' are included by default
puppet_tags: odl_user,odl_keystore
step_config: |
include tripleo::profile::base::neutron::opendaylight
config_image: {get_param: ContainerOpendaylightConfigImage}
kolla_config:
/var/lib/kolla/config_files/opendaylight_api.json:
command: /opt/opendaylight/bin/karaf server
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
permissions:
- path: /opt/opendaylight
owner: odl:odl
recurse: true
docker_config:
step_1:
opendaylight_api:
start_order: 0
image: &odl_api_image {get_param: ContainerOpendaylightApiImage}
privileged: false
net: host
detach: true
user: odl
restart: unless-stopped
healthcheck:
test: /openstack/healthcheck
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
- {get_attr: [OpenDaylightApiLogging, volumes]}
-
- /var/lib/kolla/config_files/opendaylight_api.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/opendaylight/:/var/lib/kolla/config_files/src:ro
- /var/lib/opendaylight/journal:/opt/opendaylight/journal
- /var/lib/opendaylight/snapshots:/opt/opendaylight/snapshots
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
metadata_settings:
if:
- internal_tls_enabled
-
- service: odl
network: {get_param: [ServiceNetMap, OpendaylightApiNetwork]}
type: node
- null
host_prep_tasks:
list_concat:
- {get_attr: [OpenDaylightApiLogging, host_prep_tasks]}
-
- name: Delete data and karaf folder
file:
path: "{{ item }}"
state: absent
with_items:
- /var/lib/opendaylight/data # Delete folder if present from previous deployment
- /var/lib/config-data/puppet-generated/opendaylight/opt/opendaylight/etc/opendaylight/karaf
- name: create persistent directories
file:
path: "{{ item }}"
state: directory
with_items:
- /var/lib/opendaylight/snapshots
- /var/lib/opendaylight/journal
upgrade_tasks:
# Containerized deployment upgrade steps
- name: ODL container L2 update and upgrade tasks
block: &odl_container_upgrade_tasks
- name: Set fact for container CLI
set_fact:
container_cli: {get_param: ContainerCli}
- name: Check if ODL container is present
shell: "{{ container_cli }} ps -a --format '{{ '{{' }}.Names{{ '}}' }}' | grep '^opendaylight_api$'"
register: opendaylight_api_container_present
failed_when: false
# NOTE: using shell module because of
# https://github.com/ansible/ansible/issues/27960
##TODO: (janki) make update policy compatible with podman
- name: Update ODL container restart policy to unless-stopped
shell: "docker update --restart=unless-stopped opendaylight_api"
when:
- opendaylight_api_container_present.rc == 0
- container_cli == docker
- name: stop previous ODL container
docker_container:
name: opendaylight_api
state: stopped
when:
- step|int == 0
- container_cli == docker
##TODO: (janki) Switch to podman ansible module once its available
- name: stop previous ODL container using podman
shell: "systemctl stop opendaylight_api"
when:
- step|int == 0
- container_cli == podman
- name: remove journal and snapshots
file:
path: /var/lib/opendaylight/{{item}}
state: absent
with_items:
- snapshots
- journal
when: step|int == 0
- name: Set ODL upgrade flag to True
copy:
dest: /var/lib/config-data/puppet-generated/opendaylight/opt/opendaylight/etc/opendaylight/datastore/initial/config/genius-mdsalutil-config.xml
content: |
<config xmlns="urn:opendaylight:params:xml:ns:yang:mdsalutil">
<upgradeInProgress>true</upgradeInProgress>
</config>
owner: 42462
group: 42462
mode: 0644
when: step|int == 1
post_upgrade_tasks: &odl_container_post_upgrade_tasks
- name: Disable Upgrade in Config File
copy:
dest: /var/lib/config-data/puppet-generated/opendaylight/opt/opendaylight/etc/opendaylight/datastore/initial/config/genius-mdsalutil-config.xml
content: |
<config xmlns="urn:opendaylight:params:xml:ns:yang:mdsalutil">
<upgradeInProgress>false</upgradeInProgress>
</config>
owner: 42462
group: 42462
mode: 0644
when: step|int == 0
# 2 commands in 1 task because the sequence of commands needs to be ensured
# and that no other task is executed in between.
- name: Delete Upgrade Flag and Unset it via Rest
shell:
str_replace:
template: >
curl -k -v --silent --fail --show-error -u $ODL_USERNAME:$ODL_PASSWORD
-H "Content-Type: application/json" -X DELETE
$ODL_URI/restconf/config/genius-mdsalutil:config;
curl -k -v --silent --fail --show-error -u $ODL_USERNAME:$ODL_PASSWORD
-H "Content-Type: application/json" -X POST
$ODL_URI/restconf/config/genius-mdsalutil:config
-d "{ "upgradeInProgress": false }"
params:
$ODL_USERNAME: {get_param: OpenDaylightUsername}
$ODL_PASSWORD: {get_param: OpenDaylightPassword}
$ODL_URI: {get_param: [EndpointMap, OpenDaylightInternal, uri]}
when: step|int == 0
run_once: true
- when: step|int == 1
import_role:
name: tripleo-docker-rm
vars:
containers_to_rm:
- opendaylight_api
tripleo_container_cli: "docker"
update_tasks:
- name: Get ODL update level
block: &get_odl_update_level
- name: store update level to update_level variable
set_fact:
odl_update_level: {get_param: ODLUpdateLevel}
- name: Stop ODL container and remove cache
block:
- name: Set fact for container CLI
set_fact:
container_cli: {get_param: ContainerCli}
- name: Check if ODL container is present
shell: "{{ contianer_cli }} ps -a --format '{{ '{{' }}.Names{{ '}}' }}' | grep '^opendaylight_api$'"
register: opendaylight_api_container_present
failed_when: false
# NOTE: using shell module because of
# https://github.com/ansible/ansible/issues/27960
##TODO: (janki) make update policy compatible with podman
- name: Update ODL container restart policy to unless-stopped
shell: "docker update --restart=unless-stopped opendaylight_api"
when: opendaylight_api_container_present.rc == 0
- name: Stop previous ODL container
docker_container:
name: opendaylight_api
state: stopped
when: container_cli == docker
##TODO: (janki) Switch to podman ansible module once its available
- name: stop previous ODL container using podman
shell: "systemctl stop opendaylight_api"
when: container_cli == podman
- name: Delete data folder
file:
path: /var/lib/opendaylight/data
state: absent
when:
- step|int == 0
- odl_update_level == 1
- name: Run L2 update tasks that are similar to upgrade_tasks when update level is 2
block: *odl_container_upgrade_tasks
when: odl_update_level == 2
post_update_tasks:
- block: *get_odl_update_level
- block: *odl_container_post_upgrade_tasks
when: odl_update_level == 2
View Git Blame Copy Permalink