e4ee042a2a
We don't need upgrade_tasks that stop systemd services since all services are now containerized. However, we decided to keep the tasks that remove the rpms in case some of deployments didn't cleanup them in previous releases, they can still do it now. Change-Id: I6abdc9e37966cd818306f7af473958fd4662ccb5 Related-Bug: #1806733
172 lines
6.0 KiB
YAML
172 lines
6.0 KiB
YAML
heat_template_version: rocky
|
|
|
|
description: >
|
|
OpenDaylight SDN Controller.
|
|
|
|
parameters:
|
|
OpenDaylightUsername:
|
|
default: 'admin'
|
|
description: The username for the opendaylight server.
|
|
type: string
|
|
OpenDaylightPassword:
|
|
type: string
|
|
description: The password for the opendaylight server.
|
|
hidden: true
|
|
OpenDaylightFeatures:
|
|
description: List of features to install with ODL
|
|
type: comma_delimited_list
|
|
default: ["odl-netvirt-openstack","odl-jolokia"]
|
|
OpenDaylightApiVirtualIP:
|
|
type: string
|
|
default: ''
|
|
EndpointMap:
|
|
default: {}
|
|
description: Mapping of service endpoint -> protocol. Typically set
|
|
via parameter_defaults in the resource registry.
|
|
type: json
|
|
ServiceData:
|
|
default: {}
|
|
description: Dictionary packing service data
|
|
type: json
|
|
ServiceNetMap:
|
|
default: {}
|
|
description: Mapping of service_name -> network name. Typically set
|
|
via parameter_defaults in the resource registry. This
|
|
mapping overrides those in ServiceNetMapDefaults.
|
|
type: json
|
|
DefaultPasswords:
|
|
default: {}
|
|
type: json
|
|
RoleName:
|
|
default: ''
|
|
description: Role name on which the service is applied
|
|
type: string
|
|
RoleParameters:
|
|
default: {}
|
|
description: Parameters specific to the role
|
|
type: json
|
|
OpenDaylightManageRepositories:
|
|
description: Whether to manage the OpenDaylight repository
|
|
type: boolean
|
|
default: false
|
|
OpenDaylightSNATMechanism:
|
|
description: SNAT mechanism to be used
|
|
default: 'conntrack'
|
|
type: string
|
|
constraints:
|
|
- allowed_values:
|
|
- conntrack
|
|
- controller
|
|
OpenDaylightLogMechanism:
|
|
description: Logging mechanism to be used
|
|
default: 'file'
|
|
type: string
|
|
constraints:
|
|
- allowed_values:
|
|
- file
|
|
- console
|
|
OpenDaylightTLSKeystorePassword:
|
|
default: 'opendaylight'
|
|
type: string
|
|
description: The password for the opendaylight TLS keystore.
|
|
Must be at least 6 characters.
|
|
hidden: true
|
|
EnableInternalTLS:
|
|
type: boolean
|
|
default: false
|
|
InternalTLSCAFile:
|
|
default: '/etc/ipa/ca.crt'
|
|
type: string
|
|
description: Specifies the default CA cert to use if TLS is used for
|
|
services in the internal network.
|
|
OpenDaylightInheritDSCPMarking:
|
|
description: Enable DSCP marking for VXLAN/GRE tunnels
|
|
type: boolean
|
|
default: false
|
|
OpenDaylightJavaOpts:
|
|
default: ''
|
|
type: string
|
|
description: Specifies the Java options to run ODL with as a string.
|
|
Note, these options are in addition to the default Java
|
|
options set by the karaf/ODL boot scripts and IP version
|
|
based flag set by 'opendaylight' class.
|
|
OpenDaylightInactivityProbe:
|
|
description: Time in millseconds before an inactivity probe is sent via
|
|
OVSDB to OVS
|
|
type: number
|
|
default: 180000
|
|
|
|
conditions:
|
|
|
|
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
|
|
|
|
outputs:
|
|
role_data:
|
|
description: Role data for the OpenDaylight service.
|
|
value:
|
|
service_name: opendaylight_api
|
|
config_settings:
|
|
map_merge:
|
|
-
|
|
opendaylight::odl_rest_port: {get_param: [EndpointMap, OpenDaylightInternal, port]}
|
|
opendaylight::username: {get_param: OpenDaylightUsername}
|
|
opendaylight::password: {get_param: OpenDaylightPassword}
|
|
opendaylight::extra_features: {get_param: OpenDaylightFeatures}
|
|
opendaylight::odl_bind_ip:
|
|
str_replace:
|
|
template:
|
|
"%{hiera('$NETWORK')}"
|
|
params:
|
|
$NETWORK: {get_param: [ServiceNetMap, OpendaylightApiNetwork]}
|
|
opendaylight::manage_repositories: {get_param: OpenDaylightManageRepositories}
|
|
tripleo::opendaylight_api::firewall_rules:
|
|
'137 opendaylight api':
|
|
dport:
|
|
- {get_param: [EndpointMap, OpenDaylightInternal, port]}
|
|
- 6640
|
|
- 6653
|
|
- 2550
|
|
- 8185
|
|
opendaylight::snat_mechanism: {get_param: OpenDaylightSNATMechanism}
|
|
opendaylight::log_mechanism: {get_param: OpenDaylightLogMechanism}
|
|
opendaylight::inherit_dscp_marking: {get_param: OpenDaylightInheritDSCPMarking}
|
|
opendaylight::java_opts: {get_param: OpenDaylightJavaOpts}
|
|
opendaylight::inactivity_probe: {get_param: OpenDaylightInactivityProbe}
|
|
-
|
|
if:
|
|
- internal_tls_enabled
|
|
- generate_service_certificates: true
|
|
tripleo::profile::base::neutron::opendaylight::certificate_specs:
|
|
service_certificate: '/etc/pki/tls/certs/odl.crt'
|
|
service_key: '/etc/pki/tls/private/odl.key'
|
|
hostname:
|
|
str_replace:
|
|
template: "%{hiera('fqdn_NETWORK')}"
|
|
params:
|
|
NETWORK: {get_param: [ServiceNetMap, OpendaylightApiNetwork]}
|
|
principal:
|
|
str_replace:
|
|
template: "odl/%{hiera('fqdn_NETWORK')}"
|
|
params:
|
|
NETWORK: {get_param: [ServiceNetMap, OpendaylightApiNetwork]}
|
|
opendaylight::tls_ca_cert_file: {get_param: InternalTLSCAFile}
|
|
opendaylight::tls_keystore_password: {get_param: OpenDaylightTLSKeystorePassword}
|
|
- {}
|
|
service_config_settings:
|
|
neutron_dhcp:
|
|
if:
|
|
- internal_tls_enabled
|
|
- neutron::agents::dhcp::ovsdb_connection: 'ssl:127.0.0.1:6639'
|
|
- neutron::agents::dhcp::ovsdb_connection: 'tcp:127.0.0.1:6639'
|
|
step_config: |
|
|
include tripleo::profile::base::neutron::opendaylight
|
|
upgrade_tasks: []
|
|
metadata_settings:
|
|
if:
|
|
- internal_tls_enabled
|
|
-
|
|
- service: odl
|
|
network: {get_param: [ServiceNetMap, OpendaylightApiNetwork]}
|
|
type: node
|
|
- null
|