ce3796aa60
Since we replaced hiera by lookup[1], we no longer able to look up
a hierata value which refers to a different value by lookup, and
the hiera CLI fails with the following error.
```
in `get_interpolation_method_and_key': Invalid interpolation method
'lookup' (Hiera::InterpolationInvalidValue)
```
This replaces indirect reference by direct reference to avoid that
problem.
[1] ff83505e8a
Change-Id: I05d5490734f49220002bd88294db132da9fb2898
305 lines
11 KiB
YAML
305 lines
11 KiB
YAML
heat_template_version: wallaby
|
|
|
|
description: >
|
|
OpenStack containerized Ovn DBs service
|
|
|
|
parameters:
|
|
RootStackName:
|
|
description: The name of the stack/plan.
|
|
type: string
|
|
ContainerOvnNbDbImage:
|
|
description: image
|
|
type: string
|
|
tags:
|
|
- role_specific
|
|
ContainerOvnSbDbImage:
|
|
description: image
|
|
type: string
|
|
tags:
|
|
- role_specific
|
|
ContainerOvnNorthdImage:
|
|
description: image
|
|
type: string
|
|
tags:
|
|
- role_specific
|
|
EndpointMap:
|
|
default: {}
|
|
description: Mapping of service endpoint -> protocol. Typically set
|
|
via parameter_defaults in the resource registry.
|
|
type: json
|
|
ServiceData:
|
|
default: {}
|
|
description: Dictionary packing service data
|
|
type: json
|
|
ServiceNetMap:
|
|
default: {}
|
|
description: Mapping of service_name -> network name. Typically set
|
|
via parameter_defaults in the resource registry. Use
|
|
parameter_merge_strategies to merge it with the defaults.
|
|
type: json
|
|
RoleName:
|
|
default: ''
|
|
description: Role name on which the service is applied
|
|
type: string
|
|
RoleParameters:
|
|
default: {}
|
|
description: Parameters specific to the role
|
|
type: json
|
|
EnableInternalTLS:
|
|
type: boolean
|
|
default: false
|
|
OVNNorthboundServerPort:
|
|
description: Port of the OVN Northbound DB server
|
|
type: number
|
|
default: 6641
|
|
OVNSouthboundServerPort:
|
|
description: Port of the OVN Southbound DB server
|
|
type: number
|
|
default: 6642
|
|
OVNDBsVirtualFixedIPs:
|
|
default: []
|
|
description: >
|
|
Control the IP allocation for the virtual IP used by OVN DBs. E.g.
|
|
[{'ip_address':'1.2.3.4'}]
|
|
type: json
|
|
ServiceVips:
|
|
default: {}
|
|
type: json
|
|
|
|
conditions:
|
|
ovn_dbs_virtual_fixed_ip_set:
|
|
not:
|
|
equals:
|
|
- get_param: OVNDBsVirtualFixedIPs
|
|
- []
|
|
ovn_dbs_service_vip_set:
|
|
not:
|
|
equals:
|
|
- get_param: [ServiceVips, ovn_dbs]
|
|
- ''
|
|
|
|
resources:
|
|
ContainersCommon:
|
|
type: ../containers-common.yaml
|
|
|
|
RoleParametersValue:
|
|
type: OS::Heat::Value
|
|
properties:
|
|
type: json
|
|
value:
|
|
map_replace:
|
|
- map_replace:
|
|
- ContainerOvnNbDbImage: ContainerOvnNbDbImage
|
|
ContainerOvnSbDbImage: ContainerOvnSbDbImage
|
|
ContainerOvnNorthdImage: ContainerOvnNorthdImage
|
|
- values: {get_param: [RoleParameters]}
|
|
- values:
|
|
ContainerOvnNbDbImage: {get_param: ContainerOvnNbDbImage}
|
|
ContainerOvnSbDbImage: {get_param: ContainerOvnSbDbImage}
|
|
ContainerOvnNorthdImage: {get_param: ContainerOvnNorthdImage}
|
|
|
|
outputs:
|
|
role_data:
|
|
description: Role data for the OVN Dbs role.
|
|
value:
|
|
service_name: ovn_dbs
|
|
firewall_rules:
|
|
'121 OVN DB server ports':
|
|
proto: 'tcp'
|
|
dport:
|
|
- {get_param: OVNNorthboundServerPort}
|
|
- {get_param: OVNSouthboundServerPort}
|
|
firewall_frontend_rules:
|
|
'100 ovn_nbdb_haproxy_frontend':
|
|
dport:
|
|
- {get_param: OVNNorthboundServerPort}
|
|
'100 ovn_sbdb_haproxy_frontend_ssl':
|
|
dport:
|
|
- {get_param: OVNSouthboundServerPort}
|
|
config_settings:
|
|
ovn::northbound::port: {get_param: OVNNorthboundServerPort}
|
|
ovn::southbound::port: {get_param: OVNSouthboundServerPort}
|
|
ovn::northd::dbs_listen_ip:
|
|
str_replace:
|
|
template:
|
|
"%{lookup('$NETWORK')}"
|
|
params:
|
|
$NETWORK: {get_param: [ServiceNetMap, OvnDbsNetwork]}
|
|
service_config_settings:
|
|
haproxy:
|
|
tripleo::haproxy::ovn_dbs_manage_lb: true
|
|
# BEGIN DOCKER SETTINGS
|
|
# puppet_config is not required for this service since we configure
|
|
# the NB and SB DB servers to listen on the proper IP address/port
|
|
# in the docker_config section.
|
|
# puppet_config is defined to satisfy the pep8 validations.
|
|
puppet_config: {}
|
|
kolla_config:
|
|
/var/lib/kolla/config_files/ovn_north_db_server.json:
|
|
command: /usr/local/bin/start-nb-db-server
|
|
permissions:
|
|
- path: /var/log/openvswitch
|
|
owner: root:root
|
|
recurse: true
|
|
- path: /var/log/ovn
|
|
owner: root:root
|
|
recurse: true
|
|
/var/lib/kolla/config_files/ovn_south_db_server.json:
|
|
command: /usr/local/bin/start-sb-db-server
|
|
permissions:
|
|
- path: /var/log/openvswitch
|
|
owner: root:root
|
|
recurse: true
|
|
- path: /var/log/ovn
|
|
owner: root:root
|
|
recurse: true
|
|
/var/lib/kolla/config_files/ovn_northd.json:
|
|
command:
|
|
list_join:
|
|
- ' '
|
|
- - '/usr/bin/ovn-northd -vconsole:emer -vsyslog:err -vfile:info'
|
|
- '--ovnnb-db=unix:/run/openvswitch/ovnnb_db.sock'
|
|
- '--ovnsb-db=unix:/run/openvswitch/ovnsb_db.sock'
|
|
- '--log-file=/var/log/openvswitch/ovn-northd.log'
|
|
- '--pidfile=/run/openvswitch/ovn-northd.pid'
|
|
permissions:
|
|
- path: /var/log/openvswitch
|
|
owner: root:root
|
|
recurse: true
|
|
- path: /var/log/ovn
|
|
owner: root:root
|
|
recurse: true
|
|
docker_config:
|
|
step_4:
|
|
ovn_north_db_server:
|
|
start_order: 0
|
|
image: {get_attr: [RoleParametersValue, value, ContainerOvnNbDbImage]}
|
|
net: host
|
|
privileged: false
|
|
restart: always
|
|
volumes:
|
|
list_concat:
|
|
- {get_attr: [ContainersCommon, volumes]}
|
|
- - /var/lib/kolla/config_files/ovn_north_db_server.json:/var/lib/kolla/config_files/config.json:ro
|
|
- /lib/modules:/lib/modules:ro
|
|
- /var/lib/openvswitch/ovn:/var/lib/openvswitch:shared,z
|
|
- /var/lib/openvswitch/ovn:/run/openvswitch:shared,z
|
|
- /var/log/containers/openvswitch:/var/log/openvswitch:z
|
|
- /var/lib/openvswitch/ovn:/var/lib/ovn:shared,z
|
|
- /var/lib/openvswitch/ovn:/etc/openvswitch:shared,z
|
|
- /var/lib/openvswitch/ovn:/etc/ovn:shared,z
|
|
- /var/lib/openvswitch/ovn:/run/ovn:shared,z
|
|
- /var/log/containers/openvswitch:/var/log/ovn:z
|
|
environment:
|
|
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
|
|
ovn_south_db_server:
|
|
start_order: 0
|
|
image: {get_attr: [RoleParametersValue, value, ContainerOvnSbDbImage]}
|
|
net: host
|
|
privileged: false
|
|
restart: always
|
|
volumes:
|
|
list_concat:
|
|
- {get_attr: [ContainersCommon, volumes]}
|
|
- - /var/lib/kolla/config_files/ovn_south_db_server.json:/var/lib/kolla/config_files/config.json:ro
|
|
- /lib/modules:/lib/modules:ro
|
|
- /var/lib/openvswitch/ovn:/var/lib/openvswitch:shared,z
|
|
- /var/lib/openvswitch/ovn:/run/openvswitch:shared,z
|
|
- /var/log/containers/openvswitch:/var/log/openvswitch:z
|
|
- /var/lib/openvswitch/ovn:/var/lib/ovn:shared,z
|
|
- /var/lib/openvswitch/ovn:/etc/openvswitch:shared,z
|
|
- /var/lib/openvswitch/ovn:/etc/ovn:shared,z
|
|
- /var/lib/openvswitch/ovn:/run/ovn:shared,z
|
|
- /var/log/containers/openvswitch:/var/log/ovn:z
|
|
environment:
|
|
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
|
|
configure_ovn_north_db_server:
|
|
start_order: 1
|
|
action: exec
|
|
user: root
|
|
command:
|
|
list_concat:
|
|
- ['ovn_north_db_server', '/bin/bash', '-c']
|
|
- - list_join:
|
|
- ' '
|
|
-
|
|
# TODO(tkajinam): Replace the hiera CLI
|
|
- 'DBS_LISTEN_IP=`hiera $OVN_DB_NETWORK -c /etc/puppet/hiera.yaml`;'
|
|
- '/usr/bin/bootstrap_host_exec ovn_dbs ovn-nbctl set-connection'
|
|
- if:
|
|
- {get_param: EnableInternalTLS}
|
|
- 'pssl:$NB_DB_PORT:$DBS_LISTEN_IP'
|
|
- 'ptcp:$NB_DB_PORT:$DBS_LISTEN_IP'
|
|
environment:
|
|
OVN_DB_NETWORK: {get_param: [ServiceNetMap, OvnDbsNetwork]}
|
|
NB_DB_PORT: {get_param: OVNNorthboundServerPort}
|
|
configure_ovn_south_db_server:
|
|
start_order: 1
|
|
action: exec
|
|
user: root
|
|
command:
|
|
list_concat:
|
|
- ['ovn_south_db_server', '/bin/bash', '-c']
|
|
- - list_join:
|
|
- ' '
|
|
-
|
|
# TODO(tkajinam): Replace the hiera CLI
|
|
- 'DBS_LISTEN_IP=`hiera $OVN_DB_NETWORK -c /etc/puppet/hiera.yaml`;'
|
|
- '/usr/bin/bootstrap_host_exec ovn_dbs ovn-sbctl set-connection'
|
|
- if:
|
|
- {get_param: EnableInternalTLS}
|
|
- 'pssl:$SB_DB_PORT:$DBS_LISTEN_IP'
|
|
- 'ptcp:$SB_DB_PORT:$DBS_LISTEN_IP'
|
|
environment:
|
|
OVN_DB_NETWORK: {get_param: [ServiceNetMap, OvnDbsNetwork]}
|
|
SB_DB_PORT: {get_param: OVNSouthboundServerPort}
|
|
ovn_northd:
|
|
start_order: 2
|
|
image: {get_attr: [RoleParametersValue, value, ContainerOvnNorthdImage]}
|
|
net: host
|
|
privileged: false
|
|
restart: always
|
|
healthcheck:
|
|
test: /openstack/healthcheck
|
|
volumes:
|
|
list_concat:
|
|
- {get_attr: [ContainersCommon, volumes]}
|
|
- - /var/lib/kolla/config_files/ovn_northd.json:/var/lib/kolla/config_files/config.json:ro
|
|
- /lib/modules:/lib/modules:ro
|
|
- /var/lib/openvswitch/ovn:/run/openvswitch:shared,z
|
|
- /var/log/containers/openvswitch:/var/log/openvswitch:z
|
|
- /var/lib/openvswitch/ovn:/run/ovn:shared,z
|
|
- /var/log/containers/openvswitch:/var/log/ovn:z
|
|
environment:
|
|
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
|
|
host_prep_tasks:
|
|
- name: create persistent directories
|
|
file:
|
|
path: "{{ item.path }}"
|
|
state: directory
|
|
setype: "{{ item.setype }}"
|
|
mode: "{{ item.mode|default(omit) }}"
|
|
with_items:
|
|
- { 'path': /var/log/containers/openvswitch, 'setype': container_file_t, 'mode': '0750' }
|
|
- { 'path': /var/lib/openvswitch/ovn, 'setype': container_file_t }
|
|
external_deploy_tasks:
|
|
- when:
|
|
- step|int == 0
|
|
name: ovn_external_deploy_init
|
|
block:
|
|
- name: create ovn_dbs virtual ip
|
|
tripleo_service_vip:
|
|
playbook_dir: "{{ playbook_dir }}"
|
|
stack_name: {get_param: RootStackName}
|
|
service_name: ovn_dbs
|
|
network: {get_param: [ServiceNetMap, OvnDbsNetwork]}
|
|
fixed_ips:
|
|
if:
|
|
- ovn_dbs_virtual_fixed_ip_set
|
|
- {get_param: OVNDBsVirtualFixedIPs}
|
|
- if:
|
|
- ovn_dbs_service_vip_set
|
|
- [{ip_address: {get_param: [ServiceVips, ovn_dbs]}}]
|
|
- [{subnet: {get_param: [ServiceData, vip_subnet_map, ovn_dbs]}}]
|
|
upgrade_tasks: []
|