openstack/tripleo-heat-templates
Code Issues Proposed changes
ea34234ff3
tripleo-heat-templates/deployment/neutron/neutron-plugin-ml2-ovn.yaml
Slawek Kaplonski c9f0a5af01 Added support for Neutron loggings service plugin configuration 
Depends-On: https://review.opendev.org/c/openstack/puppet-neutron/+/804220/

Related: rhbz#1990357
Change-Id: Ic045cdf0544fffeed51871d5b970fd29707fcd95
2021-09-17 15:40:24 +02:00

179 lines
6.7 KiB
YAML
Raw Blame History

heat_template_version: wallaby
description: >
OpenStack Neutron ML2/OVN plugin configured with Puppet
parameters:
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. Use
parameter_merge_strategies to merge it with the defaults.
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
OVNSouthboundServerPort:
description: Port of the OVN Southbound DB server
type: number
default: 6642
OVNNorthboundServerPort:
description: Port of the OVN Northbound DB server
type: number
default: 6641
OVNDbConnectionTimeout:
description: Timeout in seconds for the OVSDB connection transaction
type: number
default: 180
OVNNeutronSyncMode:
description: The synchronization mode of OVN with Neutron DB
type: string
default: log
constraints:
- allowed_values:
- log
- off
- repair
NeutronGeneveMaxHeaderSize:
description: Geneve encapsulation header size
type: number
default: 38
NeutronEnableDVR:
description: Enable Neutron DVR.
default: ''
type: string
NeutronEnableIgmpSnooping:
description: Enable IGMP Snooping.
type: boolean
default: false
OVNMetadataEnabled:
description: Whether Metadata Service has to be enabled
type: boolean
default: true
OVNDnsServers:
default: []
description: List of servers to use as as dns forwarders
type: comma_delimited_list
EnableInternalTLS:
type: boolean
default: false
InternalTLSCAFile:
default: '/etc/ipa/ca.crt'
type: string
description: Specifies the default CA cert to use if TLS is used for
services in the internal network.
NeutronVhostuserSocketDir:
default: ""
description: The vhost-user socket directory for OVS
type: string
tags:
- role_specific
OVNEmitNeedToFrag:
type: boolean
default: false
description: Configure OVN to emit "need to frag" packets in case of
MTU mismatch. Before enabling this configuration make sure
that it's supported by the host kernel (version >= 5.2) or
by checking the output of the following command
'ovs-appctl -t ovs-vswitchd dpif/show-dp-features
br-int | grep "Check pkt length action"'.
NeutronOVNLoggingRateLimit:
default: 100
description: |
Maximum number of packets logging per second
type: number
NeutronOVNLoggingBurstLimit:
default: 25
description: |
Maximum number of packets per rate_limit
type: number
NeutronOVNLoggingLocalOutputLogBase:
default: ''
description: |
Output logfile path on agent side, default syslog file
type: string
conditions:
neutron_dvr_set:
not: {equals : [{get_param: NeutronEnableDVR}, '']}
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
vhostuser_dir_set:
or:
- {not: {equals: [{get_param: NeutronVhostuserSocketDir}, ""]}}
- {not: {equals: [{get_param: [RoleParameters, NeutronVhostuserSocketDir]}, ""]}}
network_log_local_output_log_base_set:
not: {equals : [{get_param: NeutronOVNLoggingLocalOutputLogBase}, '']}
resources:
NeutronMl2Base:
type: ./neutron-plugin-ml2.yaml
properties:
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
EndpointMap: {get_param: EndpointMap}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the Neutron ML2/OVN plugin.
value:
service_name: neutron_plugin_ml2_ovn
config_settings:
map_merge:
- get_attr: [NeutronMl2Base, role_data, config_settings]
- ovn::southbound::port: {get_param: OVNSouthboundServerPort}
ovn::northbound::port: {get_param: OVNNorthboundServerPort}
neutron::plugins::ml2::ovn::ovsdb_connection_timeout: {get_param: OVNDbConnectionTimeout}
neutron::plugins::ml2::ovn::neutron_sync_mode: {get_param: OVNNeutronSyncMode}
neutron::plugins::ml2::ovn::ovn_metadata_enabled: {get_param: OVNMetadataEnabled}
neutron::server::igmp_snooping_enable: {get_param: NeutronEnableIgmpSnooping}
neutron::plugins::ml2::max_header_size: {get_param: NeutronGeneveMaxHeaderSize}
neutron::plugins::ml2::ovn::dns_servers: {get_param: OVNDnsServers}
neutron::plugins::ml2::ovn::ovn_emit_need_to_frag: {get_param: OVNEmitNeedToFrag}
neutron::plugins::ml2::ovn::dvr_enabled:
if:
- neutron_dvr_set
- true
- if:
- {get_param: EnableInternalTLS}
- neutron::plugins::ml2::ovn::ovn_sb_ca_cert: {get_param: InternalTLSCAFile}
neutron::plugins::ml2::ovn::ovn_sb_certificate: '/etc/pki/tls/certs/ovn_neutron_client.crt'
neutron::plugins::ml2::ovn::ovn_sb_private_key: '/etc/pki/tls/private/ovn_neutron_client.key'
neutron::plugins::ml2::ovn::ovn_nb_ca_cert: {get_param: InternalTLSCAFile}
neutron::plugins::ml2::ovn::ovn_nb_certificate: '/etc/pki/tls/certs/ovn_neutron_client.crt'
neutron::plugins::ml2::ovn::ovn_nb_private_key: '/etc/pki/tls/private/ovn_neutron_client.key'
- if:
- vhostuser_dir_set
- map_replace:
- map_replace:
- neutron::plugins::ml2::ovn::vhostuser_socket_dir: NeutronVhostuserSocketDir
- values: {get_param: RoleParameters}
- values:
NeutronVhostuserSocketDir: {get_param: NeutronVhostuserSocketDir}
- neutron::agents::ml2::ovn::network_log_rate_limit: {get_param: NeutronOVNLoggingRateLimit}
- neutron::agents::ml2::ovn::network_log_burst_limit: {get_param: NeutronOVNLoggingBurstLimit}
- if:
- network_log_local_output_log_base_set
- neutron::agents::ml2::ovn::network_log_local_output_log_base: {get_param: NeutronOVNLoggingLocalOutputLogBase}
step_config: |
include tripleo::profile::base::neutron::plugins::ml2
metadata_settings:
get_attr: [NeutronMl2Base, role_data, metadata_settings]
View Git Blame Copy Permalink