OS::TripleO::Services::NeutronDhcpAgent: OS::Heat::None
OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None
OS::TripleO::Services::NeutronCorePlugin: OS::TripleO::Services::NeutronCorePluginML2OVN
- OS::TripleO::Services::ComputeNeutronCorePlugin: ../../puppet/services/neutron-compute-plugin-ovn.yaml
+ OS::TripleO::Services::ComputeNeutronCorePlugin: OS::Heat::None
+ OS::TripleO::Services::OVNController: ../../puppet/services/ovn-controller.yaml
OS::TripleO::Services::OVNDBs: ../../puppet/services/ovn-dbs.yaml
parameter_defaults:
- OS::TripleO::Services::NeutronServer
- OS::TripleO::Services::NeutronCorePlugin
- OS::TripleO::Services::OVNDBs
- - OS::TripleO::Services::ComputeNeutronCorePlugin
+ - OS::TripleO::Services::OVNController
- OS::TripleO::Services::RabbitMQ
- OS::TripleO::Services::HAproxy
- OS::TripleO::Services::Keepalived
command: >-
puppet apply
--modulepath=/etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules
- --logdest syslog --color=false
+ --logdest syslog --logdest console --color=false
/var/lib/tripleo-config/puppet_step_config.pp
changed_when: false
check_mode: no
sync
FACTER_hostname=$HOSTNAME FACTER_uuid=docker /usr/bin/puppet apply \
- --color=false --logdest syslog $TAGS /etc/config.pp
+ --color=false --logdest syslog --logdest console $TAGS /etc/config.pp
# Disables archiving
if [ -z "$NO_ARCHIVE" ]; then
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ metadata_settings:
+ get_attr: [CinderBase, role_data, metadata_settings]
host_prep_tasks:
- name: create persistent logs directory
file:
map_merge:
- get_attr: [HAProxyBase, role_data, config_settings]
- tripleo::haproxy::haproxy_daemon: false
+ tripleo::haproxy::haproxy_service_manage: false
step_config: &step_config
get_attr: [HAProxyBase, role_data, step_config]
service_config_settings: {get_attr: [HAProxyBase, role_data, service_config_settings]}
puppet_config:
config_volume: haproxy
puppet_tags: haproxy_config
- step_config: *step_config
+ step_config:
+ "class {'::tripleo::profile::base::haproxy': manage_firewall => false}"
config_image: {get_param: DockerHAProxyConfigImage}
volumes: &deployed_cert_mount
- list_join:
preserve_properties: true
docker_config:
step_1:
+ haproxy_firewall:
+ detach: false
+ image: {get_param: DockerHAProxyImage}
+ net: host
+ user: root
+ privileged: true
+ command:
+ - '/bin/bash'
+ - '-c'
+ - str_replace:
+ template:
+ list_join:
+ - '; '
+ - - "cp -a /tmp/puppet-etc/* /etc/puppet; echo '{\"step\": 1}' > /etc/puppet/hieradata/docker.json"
+ - "FACTER_uuid=docker puppet apply --tags TAGS -v -e 'CONFIG'"
+ params:
+ TAGS: 'tripleo::firewall::rule'
+ CONFIG: *step_config
+ volumes:
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ - *deployed_cert_mount
+ -
+ - /var/lib/kolla/config_files/haproxy.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/puppet-generated/haproxy/:/var/lib/kolla/config_files/src:ro
+ # puppet saves iptables rules in /etc/sysconfig
+ - /etc/sysconfig:/etc/sysconfig:rw
+ # saving rules require accessing /usr/libexec/iptables/iptables.init, just bind-mount
+ # the necessary bit and prevent systemd to try to reload the service in the container
+ - /usr/libexec/iptables:/usr/libexec/iptables:ro
+ - /usr/libexec/initscripts/legacy-actions:/usr/libexec/initscripts/legacy-actions:ro
+ - /etc/puppet:/tmp/puppet-etc:ro
+ - /usr/share/openstack-puppet/modules:/usr/share/openstack-puppet/modules:ro
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
haproxy:
image: {get_param: DockerHAProxyImage}
net: host
- privileged: false
restart: always
volumes:
list_concat:
volumes: *nova_api_bootstrap_volumes
user: root
command: "/usr/bin/bootstrap_host_exec nova_api su nova -s /bin/bash -c '/usr/bin/nova-manage cell_v2 discover_hosts'"
+ metadata_settings:
+ get_attr: [NovaApiBase, role_data, metadata_settings]
host_prep_tasks:
- name: create persistent logs directory
file:
- /var/log/containers/nova:/var/log/nova
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ metadata_settings:
+ get_attr: [NovaPlacementBase, role_data, metadata_settings]
host_prep_tasks:
- name: create persistent logs directory
file:
default: {}
description: Parameters specific to the role
type: json
+ EnableInternalTLS:
+ type: boolean
+ default: false
conditions:
zaqar_management_store_sqlalchemy: {equals : [{get_param: ZaqarManagementStore}, 'sqlalchemy']}
+ internal_tls_enabled: {get_param: EnableInternalTLS}
resources:
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
+ EnableInternalTLS: {get_param: EnableInternalTLS}
outputs:
role_data:
- /var/lib/kolla/config_files/zaqar.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/zaqar/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/zaqar:/var/log/zaqar
+ -
+ if:
+ - internal_tls_enabled
+ - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
+ - ''
+ -
+ if:
+ - internal_tls_enabled
+ - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
+ - ''
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
zaqar_websocket:
- name: Stop and disable zaqar service
tags: step2
service: name=httpd state=stopped enabled=no
+ metadata_settings:
+ get_attr: [ZaqarBase, role_data, metadata_settings]
OS::TripleO::Services::NeutronOvsAgent: ../docker/services/neutron-ovs-agent.yaml
OS::TripleO::Services::NeutronDhcpAgent: ../docker/services/neutron-dhcp.yaml
OS::TripleO::Services::NeutronL3Agent: ../docker/services/neutron-l3.yaml
+ OS::TripleO::Services::HAproxy: ../docker/services/haproxy.yaml
OS::TripleO::Services::MySQL: ../docker/services/database/mysql.yaml
OS::TripleO::Services::RabbitMQ: ../docker/services/rabbitmq.yaml
OS::TripleO::Services::MongoDb: ../docker/services/database/mongodb.yaml
- OS::TripleO::Services::MySQLClient
- OS::TripleO::Services::Docker
- OS::TripleO::Services::Iscsid
+ - OS::TripleO::Services::OVNController
# extensions, configured via puppet
resource_registry:
OS::TripleO::Services::NeutronCorePlugin: OS::TripleO::Services::NeutronCorePluginML2OVN
- OS::TripleO::Services::ComputeNeutronCorePlugin: ../puppet/services/neutron-compute-plugin-ovn.yaml
+ OS::TripleO::Services::OVNController: ../puppet/services/ovn-controller.yaml
OS::TripleO::Services::OVNDBs: ../puppet/services/pacemaker/ovn-dbs.yaml
# Disabling Neutron services that overlap with OVN
- OS::TripleO::Services::NeutronL3Agent: OS::Heat::None
OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None
+ OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None
+ OS::TripleO::Services::NeutronL3Agent: OS::Heat::None
OS::TripleO::Services::NeutronMetadataAgent: OS::Heat::None
OS::TripleO::Services::NeutronDhcpAgent: OS::Heat::None
- OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None
+ OS::TripleO::Services::ComputeNeutronCorePlugin: OS::Heat::None
parameter_defaults:
NeutronMechanismDrivers: ovn
# A Heat environment file which can be used to enable OVN
# extensions, configured via puppet
resource_registry:
- OS::TripleO::Services::NeutronL3Agent: OS::Heat::None
- OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None
- OS::TripleO::Services::NeutronMetadataAgent: OS::Heat::None
OS::TripleO::Services::NeutronCorePlugin: OS::TripleO::Services::NeutronCorePluginML2OVN
- OS::TripleO::Services::ComputeNeutronCorePlugin: ../puppet/services/neutron-compute-plugin-ovn.yaml
+ OS::TripleO::Services::OVNController: ../puppet/services/ovn-controller.yaml
+ OS::TripleO::Services::OVNDBs: ../puppet/services/ovn-dbs.yaml
# Disabling Neutron services that overlap with OVN
- OS::TripleO::Services::NeutronDhcpAgent: OS::Heat::None
+ OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None
OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None
- OS::TripleO::Services::OVNDBs: ../puppet/services/ovn-dbs.yaml
+ OS::TripleO::Services::NeutronDhcpAgent: OS::Heat::None
+ OS::TripleO::Services::NeutronL3Agent: OS::Heat::None
+ OS::TripleO::Services::NeutronMetadataAgent: OS::Heat::None
+ OS::TripleO::Services::ComputeNeutronCorePlugin: OS::Heat::None
parameter_defaults:
NeutronMechanismDrivers: ovn
{% for role in roles %}
{{role.name}}Services: []
{% endfor %}
-
- # Consistent Hostname format
- ControllerHostnameFormat: overcloud-controller-%index%
- ComputeHostnameFormat: overcloud-novacompute-%index%
- ObjectStorageHostnameFormat: overcloud-objectstorage-%index%
- CephStorageHostnameFormat: overcloud-cephstorage-%index%
- BlockStorageHostnameFormat: overcloud-blockstorage-%index%
resource_registry:
OS::TripleO::DeployedServerEnvironment: ../deployed-server/deployed-server-environment-output.yaml
-
-parameter_defaults:
- # Consistent Hostname format
- ControllerDeployedServerHostnameFormat: overcloud-controller-%index%
- ComputeDeployedServerHostnameFormat: overcloud-novacompute-%index%
- ObjectStorageDeployedServerHostnameFormat: overcloud-objectstorage-%index%
- CephStorageDeployedServerHostnameFormat: overcloud-cephstorage-%index%
- BlockStorageDeployedServerHostnameFormat: overcloud-blockstorage-%index%
OS::TripleO::Services::OctaviaHousekeeping: ../../docker/services/octavia-housekeeping.yaml
OS::TripleO::Services::OctaviaHealthManager: ../../docker/services/octavia-health-manager.yaml
OS::TripleO::Services::OctaviaWorker: ../../docker/services/octavia-worker.yaml
+
+parameter_defaults:
+ NeutronServicePlugins: "qos,router,trunk,lbaasv2"
+ NeutronEnableForceMetadata: true
+
--- /dev/null
+parameter_defaults:
+ # Consistent Hostname format
+{% for role in roles %}
+ {{role.name}}HostnameFormat: overcloud-{{role.name.lower()}}-%index%
+{% endfor %}
- allowed_pattern: "[0-9,-]*"
type: string
default: ""
+ deployment_actions:
+ default: ['CREATE', 'UPDATE']
+ type: comma_delimited_list
+ description: >
+ List of stack actions that will trigger any deployments in this
+ templates. The actions will be an empty list of the server is in the
+ toplevel DeploymentServerBlacklist parameter's value.
+ EnableDpdkDeploymentActions:
+ default: ['CREATE']
+ type: comma_delimited_list
+ description: >
+ Exposing the DPDK deployment action, it may be required to run DPDK
+ config during an upgrade. By default DPDK will be enabled during the
+ CREATE action only. But on cases when it requires for certain migration,
+ it may be required to run it for UPDATE action too.
# DEPRECATED: the following options are deprecated and are currently maintained
# for backwards compatibility. They will be removed in the Queens cycle.
HostCpusList:
default: ''
description: Memory allocated for each socket
type: string
- deployment_actions:
- default: ['CREATE', 'UPDATE']
- type: comma_delimited_list
- description: >
- List of stack actions that will trigger any deployments in this
- templates. The actions will be an empty list of the server is in the
- toplevel DeploymentServerBlacklist parameter's value.
conditions:
is_host_config_required: {not: {equals: [{get_param: [RoleParameters, KernelArgs]}, ""]}}
_TUNED_PROFILE_NAME_: {get_param: [RoleParameters, TunedProfileName]}
_TUNED_CORES_: {get_param: [RoleParameters, IsolCpusList]}
+ RebootConfig:
+ type: OS::Heat::SoftwareConfig
+ condition: is_reboot_config_required
+ properties:
+ group: script
+ config: |
+ #!/bin/bash
+ # Stop os-collect-config to avoid any race collecting another
+ # deployment before reboot happens
+ systemctl stop os-collect-config.service
+ /sbin/reboot
+
+ RebootDeployment:
+ type: OS::Heat::SoftwareDeployment
+ depends_on: HostParametersDeployment
+ condition: is_reboot_config_required
+ properties:
+ name: RebootDeployment
+ server: {get_param: server}
+ config: {get_resource: RebootConfig}
+ actions:
+ if:
+ - deployment_actions_empty
+ - []
+ - ['CREATE'] # Only do this on CREATE
+ signal_transport: NO_SIGNAL
+
+ # With OvS2.7 (which is default with pike), ovs-vswitchd will start dpdk
+ # immediately after setting dpdk-init (behaviour change from ovs2.6).
+ # Starting of DPDK require the huge page configuration to be enabled. So
+ # reboot will happen before DPDK config and we don't need an explicity
+ # restart after dpdk-init as true because of the behavior change.
+ # TODO(skramaja): Dependency is that till the service file workaround, is
+ # maintained, restart of ovs is required.
EnableDpdkConfig:
type: OS::Heat::SoftwareConfig
condition: is_dpdk_config_required
sed -i 's/start_daemon \"\$OVS_VSWITCHD_PRIORITY\"/umask 0002 \&\& start_daemon \"$OVS_VSWITCHD_PRIORITY\"/' $ovs_ctl_path
fi
+ systemctl daemon-reload
+ systemctl restart openvswitch
# DO NOT use --detailed-exitcodes
puppet apply --logdest console \
EnableDpdkDeployment:
type: OS::Heat::SoftwareDeployment
condition: is_dpdk_config_required
+ depends_on: RebootDeployment
properties:
name: EnableDpdkDeployment
server: {get_param: server}
if:
- deployment_actions_empty
- []
- - ['CREATE'] # Only do this on CREATE
-
- RebootConfig:
- type: OS::Heat::SoftwareConfig
- condition: is_reboot_config_required
- properties:
- group: script
- config: |
- #!/bin/bash
- # Stop os-collect-config to avoid any race collecting another
- # deployment before reboot happens
- systemctl stop os-collect-config.service
- /sbin/reboot
-
- RebootDeployment:
- type: OS::Heat::SoftwareDeployment
- depends_on: HostParametersDeployment
- condition: is_reboot_config_required
- properties:
- name: RebootDeployment
- server: {get_param: server}
- config: {get_resource: RebootConfig}
- actions:
- if:
- - deployment_actions_empty
- - []
- - ['CREATE'] # Only do this on CREATE
- signal_transport: NO_SIGNAL
+ - {get_param: EnableDpdkDeploymentActions}
outputs:
result:
OS::TripleO::Services::NeutronCorePluginNuage: puppet/services/neutron-plugin-nuage.yaml
OS::TripleO::Services::NeutronCorePluginNSX: puppet/services/neutron-plugin-nsx.yaml
OS::TripleO::Services::OVNDBs: OS::Heat::None
+ OS::TripleO::Services::OVNController: OS::Heat::None
OS::TripleO::Services::NeutronCorePluginMidonet: puppet/services/neutron-midonet.yaml
OS::TripleO::Services::NeutronOvsAgent: puppet/services/neutron-ovs-agent.yaml
heat_template_version: pike
description: >
- OpenStack Neutron Compute OVN agent
+ OpenStack OVN Controller agent
parameters:
EndpointMap:
outputs:
role_data:
- description: Role data for the Neutron Compute OVN agent
+ description: Role data for the OVN Controller agent
value:
- service_name: neutron_compute_plugin_ovn
+ service_name: ovn_controller
config_settings:
ovn::southbound::port: {get_param: OVNSouthboundServerPort}
ovn::controller::ovn_encap_type: {get_param: OVNTunnelEncapType}
ovn::controller::ovn_encap_ip: {get_param: [ServiceNetMap, NeutronApiNetwork]}
ovn::controller::ovn_bridge_mappings: {get_param: NeutronBridgeMappings}
nova::compute::force_config_drive: true
- tripleo.neutron_compute_plugin_ovn.firewall_rules:
+ tripleo.ovn_controller.firewall_rules:
'118 neutron vxlan networks':
proto: 'udp'
dport: 4789
dport: 6081
step_config: |
include ::tripleo::profile::base::neutron::agents::ovn
+ upgrade_tasks:
+ - name: Check if ovn_controller is deployed
+ command: systemctl is-enabled ovn-controller
+ tags: common
+ ignore_errors: True
+ register: ovn_controller_enabled
+ - name: "PreUpgrade step0,validation: Check service ovn-controller is running"
+ shell: /usr/bin/systemctl show 'ovn-controller' --property ActiveState | grep '\bactive\b'
+ when: ovn_controller_enabled.rc == 0
+ tags: step0,validation
+ - name: Stop ovn-controller service
+ tags: step1
+ when: ovn_controller_enabled.rc == 0
+ service: name=ovn-controller state=stopped
- {get_param: OVNSouthboundServerPort}
step_config: |
include ::tripleo::profile::base::neutron::ovn_northd
+ upgrade_tasks:
+ - name: Check if ovn_northd is deployed
+ command: systemctl is-enabled ovn-northd
+ tags: common
+ ignore_errors: True
+ register: ovn_northd_enabled
+ - name: "PreUpgrade step0,validation: Check service ovn-northd is running"
+ shell: /usr/bin/systemctl show 'ovn-northd' --property ActiveState | grep '\bactive\b'
+ when: ovn_northd_enabled.rc == 0
+ tags: step0,validation
+ - name: Stop ovn-northd service
+ tags: step1
+ when: ovn_northd_enabled.rc == 0
+ service: name=ovn-northd state=stopped
- {get_param: ZaqarDebug }
zaqar::server::service_name: 'httpd'
zaqar::transport::websocket::bind: {get_param: [EndpointMap, ZaqarInternal, host]}
- zaqar::wsgi::apache::ssl: false
+ zaqar::wsgi::apache::ssl: {get_param: EnableInternalTLS}
zaqar::wsgi::apache::bind_host: {get_param: [ServiceNetMap, ZaqarApiNetwork]}
zaqar::message_pipeline: 'zaqar.notification.notifier'
zaqar::unreliable: true
- {}
step_config: |
include ::tripleo::profile::base::zaqar
+ metadata_settings:
+ get_attr: [ApacheServiceBase, role_data, metadata_settings]
upgrade_tasks:
yaql:
expression: $.data.apache_upgrade + $.data.zaqar_upgrade
--- /dev/null
+---
+features:
+ - Added support for DPDK with OvS2.7, which requires huge page
+ configuration (with reboot) to be available before enabling DPDK.
+
- OS::TripleO::Services::TripleoPackages
- OS::TripleO::Services::Tuned
- OS::TripleO::Services::Vpp
+ - OS::TripleO::Services::OVNController
- OS::TripleO::Services::TripleoPackages
- OS::TripleO::Services::Tuned
- OS::TripleO::Services::Vpp
+ - OS::TripleO::Services::OVNController
- OS::TripleO::Services::OpenDaylightApi
- OS::TripleO::Services::OpenDaylightOvs
- OS::TripleO::Services::OVNDBs
+ - OS::TripleO::Services::OVNController
- OS::TripleO::Services::Pacemaker
- OS::TripleO::Services::PankoApi
- OS::TripleO::Services::RabbitMQ
- OS::TripleO::Services::OpenDaylightApi
- OS::TripleO::Services::OpenDaylightOvs
- OS::TripleO::Services::OVNDBs
+ - OS::TripleO::Services::OVNController
- OS::TripleO::Services::Pacemaker
- OS::TripleO::Services::PankoApi
- OS::TripleO::Services::Redis
- OS::TripleO::Services::OpenDaylightApi
- OS::TripleO::Services::OpenDaylightOvs
- OS::TripleO::Services::OVNDBs
+ - OS::TripleO::Services::OVNController
- OS::TripleO::Services::Pacemaker
- OS::TripleO::Services::PankoApi
- OS::TripleO::Services::RabbitMQ
- OS::TripleO::Services::TripleoPackages
- OS::TripleO::Services::Tuned
- OS::TripleO::Services::Vpp
+ - OS::TripleO::Services::OVNController
###############################################################################
# Role: BlockStorage #
###############################################################################