18e6dc96e5
Using an empty string to allow the default value in the puppet module no longer seems to work, resulting in the OVS agent configuration having an empty firewall driver configuration. This patch uses a heat template condition to set the hieradata only if something other than an empty string has been set. Change-Id: Ifef9ded1dbb719e75997474bf5ada909dbf40599 Related-Bug: #1656939
131 lines
4.9 KiB
YAML
131 lines
4.9 KiB
YAML
heat_template_version: ocata
|
|
|
|
description: >
|
|
OpenStack Neutron OVS agent configured with Puppet
|
|
|
|
parameters:
|
|
ServiceNetMap:
|
|
default: {}
|
|
description: Mapping of service_name -> network name. Typically set
|
|
via parameter_defaults in the resource registry. This
|
|
mapping overrides those in ServiceNetMapDefaults.
|
|
type: json
|
|
DefaultPasswords:
|
|
default: {}
|
|
type: json
|
|
EndpointMap:
|
|
default: {}
|
|
description: Mapping of service endpoint -> protocol. Typically set
|
|
via parameter_defaults in the resource registry.
|
|
type: json
|
|
NeutronEnableL2Pop:
|
|
type: string
|
|
description: >
|
|
Enable/disable the L2 population feature in the Neutron agents.
|
|
default: "False"
|
|
NeutronBridgeMappings:
|
|
description: >
|
|
The OVS logical->physical bridge mappings to use. See the Neutron
|
|
documentation for details. Defaults to mapping br-ex - the external
|
|
bridge on hosts - to a physical name 'datacentre' which can be used
|
|
to create provider networks (and we use this for the default floating
|
|
network) - if changing this either use different post-install network
|
|
scripts or be sure to keep 'datacentre' as a mapping network name.
|
|
type: comma_delimited_list
|
|
default: "datacentre:br-ex"
|
|
NeutronTunnelTypes:
|
|
default: 'vxlan'
|
|
description: |
|
|
The tunnel types for the Neutron tenant network.
|
|
type: comma_delimited_list
|
|
NeutronAgentExtensions:
|
|
default: "qos"
|
|
description: |
|
|
Comma-separated list of extensions enabled for the Neutron agents.
|
|
type: comma_delimited_list
|
|
NeutronEnableDVR:
|
|
default: False
|
|
description: |
|
|
Enable support for distributed routing in the OVS Agent.
|
|
type: boolean
|
|
NeutronEnableARPResponder:
|
|
default: false
|
|
description: |
|
|
Enable ARP responder feature in the OVS Agent.
|
|
type: boolean
|
|
MonitoringSubscriptionNeutronOvs:
|
|
default: 'overcloud-neutron-ovs-agent'
|
|
type: string
|
|
NeutronOVSFirewallDriver:
|
|
default: ''
|
|
description: |
|
|
Configure the classname of the firewall driver to use for implementing
|
|
security groups. Possible values depend on system configuration. Some
|
|
examples are: noop, openvswitch, iptables_hybrid. The default value of an
|
|
empty string will result in a default supported configuration.
|
|
type: string
|
|
NeutronOpenVswitchAgentLoggingSource:
|
|
type: json
|
|
default:
|
|
tag: openstack.neutron.agent.openvswitch
|
|
path: /var/log/neutron/openvswitch-agent.log
|
|
|
|
conditions:
|
|
no_firewall_driver: {equals : [{get_param: NeutronOVSFirewallDriver}, '']}
|
|
|
|
resources:
|
|
|
|
NeutronBase:
|
|
type: ./neutron-base.yaml
|
|
properties:
|
|
ServiceNetMap: {get_param: ServiceNetMap}
|
|
DefaultPasswords: {get_param: DefaultPasswords}
|
|
EndpointMap: {get_param: EndpointMap}
|
|
|
|
outputs:
|
|
role_data:
|
|
description: Role data for the Neutron OVS agent service.
|
|
value:
|
|
service_name: neutron_ovs_agent
|
|
monitoring_subscription: {get_param: MonitoringSubscriptionNeutronOvs}
|
|
logging_source: {get_param: NeutronOpenVswitchAgentLoggingSource}
|
|
logging_groups:
|
|
- neutron
|
|
config_settings:
|
|
map_merge:
|
|
- get_attr: [NeutronBase, role_data, config_settings]
|
|
- neutron::agents::ml2::ovs::l2_population: {get_param: NeutronEnableL2Pop}
|
|
neutron::agents::ml2::ovs::enable_distributed_routing: {get_param: NeutronEnableDVR}
|
|
neutron::agents::ml2::ovs::arp_responder: {get_param: NeutronEnableARPResponder}
|
|
neutron::agents::ml2::ovs::bridge_mappings: {get_param: NeutronBridgeMappings}
|
|
neutron::agents::ml2::ovs::tunnel_types: {get_param: NeutronTunnelTypes}
|
|
neutron::agents::ml2::ovs::extensions: {get_param: NeutronAgentExtensions}
|
|
# NOTE: bind IP is found in Heat replacing the network name with the
|
|
# local node IP for the given network; replacement examples
|
|
# (eg. for internal_api):
|
|
# internal_api -> IP
|
|
# internal_api_uri -> [IP]
|
|
# internal_api_subnet - > IP/CIDR
|
|
neutron::agents::ml2::ovs::local_ip: {get_param: [ServiceNetMap, NeutronTenantNetwork]}
|
|
tripleo.neutron_ovs_agent.firewall_rules:
|
|
'118 neutron vxlan networks':
|
|
proto: 'udp'
|
|
dport: 4789
|
|
'136 neutron gre networks':
|
|
proto: 'gre'
|
|
-
|
|
if:
|
|
- no_firewall_driver
|
|
- {}
|
|
- neutron::agents::ml2::ovs::firewall_driver: {get_param: NeutronOVSFirewallDriver}
|
|
step_config: |
|
|
include ::tripleo::profile::base::neutron::ovs
|
|
upgrade_tasks:
|
|
- name: Stop neutron_ovs_agent service
|
|
tags: step2
|
|
service: name=neutron-openvswitch-agent state=stopped
|
|
- name: Start neutron_ovs_agent service
|
|
tags: step6
|
|
service: name=neutron-openvswitch-agent state=started
|
|
|