fuel-plugin-vmware-dvs/deployment_scripts/puppet/modules/vmware_dvs/manifests/l2.pp

174 lines
6.2 KiB
Puppet

class vmware_dvs::l2 {
$use_neutron = hiera('use_neutron', false)
if $use_neutron {
include ::neutron::params
$node_name = hiera('node_name')
$neutron_compute_roles = hiera('neutron_compute_nodes', ['compute'])
$primary_neutron = has_primary_role(intersection(hiera('neutron_roles'), hiera('roles')))
$compute = roles_include($neutron_compute_roles)
$neutron_config = hiera_hash('neutron_config')
$neutron_server_enable = pick($neutron_config['neutron_server_enable'], true)
$neutron_nodes = hiera_hash('neutron_nodes')
$dpdk_config = hiera_hash('dpdk', {})
$enable_dpdk = pick($dpdk_config['enabled'], false)
$management_vip = hiera('management_vip')
$service_endpoint = hiera('service_endpoint', $management_vip)
$ssl_hash = hiera_hash('use_ssl', {})
$internal_auth_protocol = get_ssl_property($ssl_hash, {}, 'keystone', 'internal', 'protocol', 'http')
$internal_auth_address = get_ssl_property($ssl_hash, {}, 'keystone', 'internal', 'hostname', [$service_endpoint])
$auth_api_version = 'v2.0'
$identity_uri = "${internal_auth_protocol}://${internal_auth_address}:5000"
$auth_url = "${identity_uri}/${auth_api_version}"
$auth_password = $neutron_config['keystone']['admin_password']
$auth_user = pick($neutron_config['keystone']['admin_user'], 'neutron')
$auth_tenant = pick($neutron_config['keystone']['admin_tenant'], 'services')
$auth_region = hiera('region', 'RegionOne')
$auth_endpoint_type = 'internalURL'
$network_scheme = hiera_hash('network_scheme', {})
prepare_network_config($network_scheme)
$neutron_advanced_config = hiera_hash('neutron_advanced_configuration', { })
$l2_population = try_get_value($neutron_advanced_config, 'neutron_l2_pop', false)
$dvr = try_get_value($neutron_advanced_config, 'neutron_dvr', false)
$enable_qos = pick($neutron_advanced_config['neutron_qos'], false)
$segmentation_type = try_get_value($neutron_config, 'L2/segmentation_type')
if $compute and ! $dvr {
$do_floating = false
} else {
$do_floating = true
}
if $enable_qos {
$extensions = ['qos']
} else {
$extensions = undef
}
$bridge_mappings = generate_bridge_mappings($neutron_config, $network_scheme, {
'do_floating' => $do_floating,
'do_tenant' => true,
'do_provider' => false
})
if $segmentation_type == 'vlan' {
$net_role_property = 'neutron/private'
$iface = get_network_role_property($net_role_property, 'phys_dev')
$enable_tunneling = false
$network_type = 'vlan'
$tunnel_types = []
} else {
$net_role_property = 'neutron/mesh'
$tunneling_ip = get_network_role_property($net_role_property, 'ipaddr')
$iface = get_network_role_property($net_role_property, 'phys_dev')
$physical_net_mtu = pick(get_transformation_property('mtu', $iface[0]), '1500')
if $segmentation_type == 'gre' {
$mtu_offset = '42'
$network_type = 'gre'
} else {
# vxlan is the default segmentation type for non-vlan cases
$mtu_offset = '50'
$network_type = 'vxlan'
}
$tunnel_types = [$network_type]
$enable_tunneling = true
}
# DPDK settings on compute node
if $enable_dpdk and $compute {
$firewall_driver = 'openvswitch'
$ovs_datapath_type = 'netdev'
$ovs_vhostuser_socket_dir = '/var/run/openvswitch'
} else {
$firewall_driver = hiera('security_groups', 'iptables_hybrid')
# Leave default values when passed to the class
$ovs_datapath_type = undef
$ovs_vhostuser_socket_dir = undef
}
neutron_agent_ovs {
'securitygroup/enable_security_group': value => true;
}
Neutron_agent_ovs<||> ~> Service['neutron-ovs-agent-service']
class { '::neutron::agents::ml2::ovs':
bridge_mappings => $bridge_mappings,
enable_tunneling => $enable_tunneling,
local_ip => $tunneling_ip,
tunnel_types => $tunnel_types,
enable_distributed_routing => $dvr,
l2_population => $l2_population,
arp_responder => $l2_population,
firewall_driver => $firewall_driver,
datapath_type => $ovs_datapath_type,
vhostuser_socket_dir => $ovs_vhostuser_socket_dir,
extensions => $extensions,
manage_vswitch => false,
manage_service => true,
enabled => true,
}
if $node_name in keys($neutron_nodes) {
if $neutron_server_enable {
$service_ensure = 'running'
} else {
$service_ensure = 'stopped'
}
service { 'neutron-server':
name => $::neutron::params::server_service,
enable => $neutron_server_enable,
ensure => $service_ensure,
hasstatus => true,
hasrestart => true,
tag => 'neutron-service',
}
exec { 'waiting-for-neutron-api':
environment => [
"OS_TENANT_NAME=${auth_tenant}",
"OS_USERNAME=${auth_user}",
"OS_PASSWORD=${auth_password}",
"OS_AUTH_URL=${auth_url}",
"OS_REGION_NAME=${auth_region}",
"OS_ENDPOINT_TYPE=${auth_endpoint_type}",
],
path => '/usr/sbin:/usr/bin:/sbin:/bin',
tries => '30',
try_sleep => '4',
command => 'neutron net-list --http-timeout=4 2>&1 > /dev/null',
provider => 'shell',
subscribe => Service['neutron-server'],
refreshonly => true,
}
$ha_agent = try_get_value($neutron_advanced_config, 'l2_agent_ha', true)
if $ha_agent {
#Exec<| title == 'waiting-for-neutron-api' |> ->
class { '::cluster::neutron::ovs' :
primary => $primary_neutron,
}
}
}
# Stub for upstream neutron manifests
package { 'neutron':
name => 'binutils',
ensure => 'installed',
}
}
}