summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--docker/services/heat-api-cfn.yaml16
-rw-r--r--docker/services/heat-api.yaml16
-rw-r--r--docker/services/zaqar.yaml8
-rw-r--r--environments/docker-services-tls-everywhere.yaml13
-rw-r--r--environments/hyperconverged-ceph.yaml1
-rw-r--r--environments/neutron-ml2-vpp.yaml22
-rw-r--r--environments/services-docker/undercloud-aodh.yaml8
-rw-r--r--environments/services-docker/undercloud-gnocchi.yaml6
-rw-r--r--environments/services-docker/undercloud-panko.yaml2
-rw-r--r--overcloud-resource-registry-puppet.j2.yaml1
-rw-r--r--puppet/major_upgrade_steps.j2.yaml19
-rw-r--r--puppet/services/neutron-vpp-agent.yaml48
-rw-r--r--releasenotes/notes/vpp-ml2-8e115f7763510531.yaml3
-rw-r--r--roles_data.yaml2
14 files changed, 130 insertions, 35 deletions
diff --git a/docker/services/heat-api-cfn.yaml b/docker/services/heat-api-cfn.yaml
index fc228155..ff18f177 100644
--- a/docker/services/heat-api-cfn.yaml
+++ b/docker/services/heat-api-cfn.yaml
@@ -31,7 +31,13 @@ parameters:
DefaultPasswords:
default: {}
type: json
+ EnableInternalTLS:
+ type: boolean
+ default: false
+conditions:
+
+ internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
resources:
@@ -95,6 +101,16 @@ outputs:
- /var/lib/config-data/heat_api_cfn/etc/httpd/:/etc/httpd/:ro
- /var/lib/config-data/heat_api_cfn/var/www/:/var/www/:ro
- /var/log/containers/heat:/var/log/heat
+ -
+ if:
+ - internal_tls_enabled
+ - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
+ - ''
+ -
+ if:
+ - internal_tls_enabled
+ - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
+ - ''
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
diff --git a/docker/services/heat-api.yaml b/docker/services/heat-api.yaml
index fe565411..886a0d80 100644
--- a/docker/services/heat-api.yaml
+++ b/docker/services/heat-api.yaml
@@ -31,7 +31,13 @@ parameters:
DefaultPasswords:
default: {}
type: json
+ EnableInternalTLS:
+ type: boolean
+ default: false
+conditions:
+
+ internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
resources:
@@ -95,6 +101,16 @@ outputs:
- /var/lib/config-data/heat_api/etc/httpd/:/etc/httpd/:ro
- /var/lib/config-data/heat_api/var/www/:/var/www/:ro
- /var/log/containers/heat:/var/log/heat
+ -
+ if:
+ - internal_tls_enabled
+ - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
+ - ''
+ -
+ if:
+ - internal_tls_enabled
+ - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
+ - ''
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
diff --git a/docker/services/zaqar.yaml b/docker/services/zaqar.yaml
index 5ba044ea..07abf07d 100644
--- a/docker/services/zaqar.yaml
+++ b/docker/services/zaqar.yaml
@@ -59,7 +59,7 @@ outputs:
- [ {get_param: DockerNamespace}, {get_param: DockerZaqarImage} ]
kolla_config:
/var/lib/kolla/config_files/zaqar.json:
- command: /usr/bin/zaqar-server --config-file /etc/zaqar/zaqar.conf
+ command: /usr/sbin/httpd -DFOREGROUND
/var/lib/kolla/config_files/zaqar_websocket.json:
command: /usr/bin/zaqar-server --config-file /etc/zaqar/zaqar.conf --config-file /etc/zaqar/1.conf
permissions:
@@ -73,6 +73,9 @@ outputs:
net: host
privileged: false
restart: always
+ # NOTE(mandre) kolla image changes the user to 'zaqar', we need it
+ # to be root to run httpd
+ user: root
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
@@ -108,5 +111,4 @@ outputs:
upgrade_tasks:
- name: Stop and disable zaqar service
tags: step2
- service: name=openstack-zaqar.service state=stopped enabled=no
-
+ service: name=httpd state=stopped enabled=no
diff --git a/environments/docker-services-tls-everywhere.yaml b/environments/docker-services-tls-everywhere.yaml
index 73b91727..7b27663f 100644
--- a/environments/docker-services-tls-everywhere.yaml
+++ b/environments/docker-services-tls-everywhere.yaml
@@ -8,14 +8,17 @@ resource_registry:
OS::TripleO::Compute::NodeUserData: ../docker/firstboot/setup_docker_host.yaml
# NOTE: add roles to be docker enabled as we support them.
- OS::TripleO::Services::Keystone: ../docker/services/keystone.yaml
- OS::TripleO::Services::GnocchiApi: ../docker/services/gnocchi-api.yaml
- OS::TripleO::Services::GnocchiMetricd: ../docker/services/gnocchi-metricd.yaml
- OS::TripleO::Services::GnocchiStatsd: ../docker/services/gnocchi-statsd.yaml
OS::TripleO::Services::AodhApi: ../docker/services/aodh-api.yaml
OS::TripleO::Services::AodhEvaluator: ../docker/services/aodh-evaluator.yaml
- OS::TripleO::Services::AodhNotifier: ../docker/services/aodh-notifier.yaml
OS::TripleO::Services::AodhListener: ../docker/services/aodh-listener.yaml
+ OS::TripleO::Services::AodhNotifier: ../docker/services/aodh-notifier.yaml
+ OS::TripleO::Services::GnocchiApi: ../docker/services/gnocchi-api.yaml
+ OS::TripleO::Services::GnocchiMetricd: ../docker/services/gnocchi-metricd.yaml
+ OS::TripleO::Services::GnocchiStatsd: ../docker/services/gnocchi-statsd.yaml
+ OS::TripleO::Services::HeatApi: ../docker/services/heat-api.yaml
+ OS::TripleO::Services::HeatApiCfn: ../docker/services/heat-api-cfn.yaml
+ OS::TripleO::Services::HeatEngine: ../docker/services/heat-engine.yaml
+ OS::TripleO::Services::Keystone: ../docker/services/keystone.yaml
OS::TripleO::Services::PankoApi: ../docker/services/panko-api.yaml
OS::TripleO::PostDeploySteps: ../docker/post.yaml
diff --git a/environments/hyperconverged-ceph.yaml b/environments/hyperconverged-ceph.yaml
index f1c90e2d..6fd71013 100644
--- a/environments/hyperconverged-ceph.yaml
+++ b/environments/hyperconverged-ceph.yaml
@@ -32,5 +32,6 @@ parameter_defaults:
- OS::TripleO::Services::Collectd
- OS::TripleO::Services::CephOSD
- OS::TripleO::Services::Vpp
+ - OS::TripleO::Services::NeutronVppAgent
- OS::TripleO::Services::MySQLClient
- OS::TripleO::Services::Docker
diff --git a/environments/neutron-ml2-vpp.yaml b/environments/neutron-ml2-vpp.yaml
new file mode 100644
index 00000000..1dec395c
--- /dev/null
+++ b/environments/neutron-ml2-vpp.yaml
@@ -0,0 +1,22 @@
+# Environment file used to enable networking-vpp ML2 mechanism driver
+
+resource_registry:
+ OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None
+ OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None
+ OS::TripleO::Services::NeutronVppAgent: ../puppet/services/neutron-vpp-agent.yaml
+ OS::TripleO::Services::Etcd: ../puppet/services/etcd.yaml
+ OS::TripleO::Services::Vpp: ../puppet/services/vpp.yaml
+
+parameter_defaults:
+ #Comma delimited list of <physical_network>:<VPP Interface>.
+ #Example: "datacentre:GigabitEthernet2/2/0"
+ #NeutronVPPAgentPhysnets: ""
+
+ NeutronMechanismDrivers: vpp
+ NeutronNetworkType: vlan
+ NeutronServicePlugins: router
+ NeutronTypeDrivers: vlan,flat
+ ExtraConfig:
+ # Use Linux Bridge driver for DHCP and L3 agent.
+ neutron::agents::dhcp::interface_driver: "neutron.agent.linux.interface.BridgeInterfaceDriver"
+ neutron::agents::l3::interface_driver: "neutron.agent.linux.interface.BridgeInterfaceDriver"
diff --git a/environments/services-docker/undercloud-aodh.yaml b/environments/services-docker/undercloud-aodh.yaml
index 236512f6..95d4a873 100644
--- a/environments/services-docker/undercloud-aodh.yaml
+++ b/environments/services-docker/undercloud-aodh.yaml
@@ -1,5 +1,5 @@
resource_registry:
- OS::TripleO::Services::UndercloudAodhApi: ../docker/services/aodh-api.yaml
- OS::TripleO::Services::UndercloudAodhEvaluator: ../docker/services/aodh-evaluator.yaml
- OS::TripleO::Services::UndercloudAodhNotifier: ../docker/services/aodh-notifier.yaml
- OS::TripleO::Services::UndercloudAodhListener: ../docker/services/aodh-listener.yaml
+ OS::TripleO::Services::UndercloudAodhApi: ../../docker/services/aodh-api.yaml
+ OS::TripleO::Services::UndercloudAodhEvaluator: ../../docker/services/aodh-evaluator.yaml
+ OS::TripleO::Services::UndercloudAodhNotifier: ../../docker/services/aodh-notifier.yaml
+ OS::TripleO::Services::UndercloudAodhListener: ../../docker/services/aodh-listener.yaml
diff --git a/environments/services-docker/undercloud-gnocchi.yaml b/environments/services-docker/undercloud-gnocchi.yaml
index 55b0ac2d..4b898cb3 100644
--- a/environments/services-docker/undercloud-gnocchi.yaml
+++ b/environments/services-docker/undercloud-gnocchi.yaml
@@ -1,4 +1,4 @@
resource_registry:
- OS::TripleO::Services::UndercloudGnocchiApi: ../docker/services/gnocchi-api.yaml
- OS::TripleO::Services::UndercloudGnocchiMetricd: ../docker/services/gnocchi-metricd.yaml
- OS::TripleO::Services::UndercloudGnocchiStatsd: ../docker/services/gnocchi-statsd.yaml
+ OS::TripleO::Services::UndercloudGnocchiApi: ../../docker/services/gnocchi-api.yaml
+ OS::TripleO::Services::UndercloudGnocchiMetricd: ../../docker/services/gnocchi-metricd.yaml
+ OS::TripleO::Services::UndercloudGnocchiStatsd: ../../docker/services/gnocchi-statsd.yaml
diff --git a/environments/services-docker/undercloud-panko.yaml b/environments/services-docker/undercloud-panko.yaml
index ffe3b6da..8384f311 100644
--- a/environments/services-docker/undercloud-panko.yaml
+++ b/environments/services-docker/undercloud-panko.yaml
@@ -1,2 +1,2 @@
resource_registry:
- OS::TripleO::Services::UndercloudPankoApi: ../docker/services/panko-api.yaml
+ OS::TripleO::Services::UndercloudPankoApi: ../../docker/services/panko-api.yaml
diff --git a/overcloud-resource-registry-puppet.j2.yaml b/overcloud-resource-registry-puppet.j2.yaml
index ea080be9..0d55070c 100644
--- a/overcloud-resource-registry-puppet.j2.yaml
+++ b/overcloud-resource-registry-puppet.j2.yaml
@@ -254,6 +254,7 @@ resource_registry:
OS::TripleO::Services::OctaviaWorker: OS::Heat::None
OS::TripleO::Services::MySQLClient: puppet/services/database/mysql-client.yaml
OS::TripleO::Services::Vpp: OS::Heat::None
+ OS::TripleO::Services::NeutronVppAgent: OS::Heat::None
OS::TripleO::Services::Docker: OS::Heat::None
OS::TripleO::Services::CertmongerUser: OS::Heat::None
diff --git a/puppet/major_upgrade_steps.j2.yaml b/puppet/major_upgrade_steps.j2.yaml
index d07da568..4fdc491a 100644
--- a/puppet/major_upgrade_steps.j2.yaml
+++ b/puppet/major_upgrade_steps.j2.yaml
@@ -32,21 +32,6 @@ parameters:
type: string
hidden: true
-conditions:
- # Conditions to disable any steps where the task list is empty
- {%- for role in roles %}
- {{role.name}}UpgradeBatchConfigEnabled:
- not:
- equals:
- - {get_param: [role_data, {{role.name}}, upgrade_batch_tasks]}
- - []
- {{role.name}}UpgradeConfigEnabled:
- not:
- equals:
- - {get_param: [role_data, {{role.name}}, upgrade_tasks]}
- - []
- {%- endfor %}
-
resources:
{% for role in roles if role.disable_upgrade_deployment|default(false) %}
@@ -103,7 +88,6 @@ resources:
{%- for role in roles %}
{{role.name}}UpgradeBatchConfig_Step{{step}}:
type: OS::TripleO::UpgradeConfig
- condition: {{role.name}}UpgradeBatchConfigEnabled
{%- if step > 0 %}
depends_on:
{%- for role_inside in enabled_roles %}
@@ -129,7 +113,6 @@ resources:
{%- for role in enabled_roles %}
{{role.name}}UpgradeBatch_Step{{step}}:
type: OS::Heat::SoftwareDeploymentGroup
- condition: {{role.name}}UpgradeBatchConfigEnabled
{%- if step > 0 %}
depends_on:
{%- for role_inside in enabled_roles %}
@@ -192,7 +175,6 @@ resources:
{%- for role in roles %}
{{role.name}}UpgradeConfig_Step{{step}}:
type: OS::TripleO::UpgradeConfig
- condition: {{role.name}}UpgradeConfigEnabled
# The UpgradeConfig resources could actually be created without
# serialization, but the event output is easier to follow if we
# do, and there should be minimal performance hit (creating the
@@ -214,7 +196,6 @@ resources:
{%- for role in enabled_roles %}
{{role.name}}Upgrade_Step{{step}}:
type: OS::Heat::SoftwareDeploymentGroup
- condition: {{role.name}}UpgradeConfigEnabled
depends_on:
{%- for role_inside in enabled_roles %}
{%- if step > 0 %}
diff --git a/puppet/services/neutron-vpp-agent.yaml b/puppet/services/neutron-vpp-agent.yaml
new file mode 100644
index 00000000..7c2db445
--- /dev/null
+++ b/puppet/services/neutron-vpp-agent.yaml
@@ -0,0 +1,48 @@
+heat_template_version: ocata
+
+description: >
+ OpenStack Neutron ML2/VPP agent configured with Puppet
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: >
+ Mapping of service_name -> network name. Typically set via
+ parameter_defaults in the resource registry. This mapping overrides those
+ in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ NeutronVPPAgentPhysnets:
+ description: >
+ List of <physical_network>:<VPP Interface>
+ Example: "physnet1:GigabitEthernet2/2/0,physnet2:GigabitEthernet2/3/0"
+ type: comma_delimited_list
+ default: ""
+
+resources:
+
+ NeutronBase:
+ type: ./neutron-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the Neutron ML2/VPP agent service.
+ value:
+ service_name: neutron_vpp_agent
+ config_settings:
+ map_merge:
+ - get_attr: [NeutronBase, role_data, config_settings]
+ - tripleo::profile::base::neutron::agents::vpp::physnet_mapping: {get_param: NeutronVPPAgentPhysnets}
+ step_config: |
+ include ::tripleo::profile::base::neutron::agents::vpp \ No newline at end of file
diff --git a/releasenotes/notes/vpp-ml2-8e115f7763510531.yaml b/releasenotes/notes/vpp-ml2-8e115f7763510531.yaml
new file mode 100644
index 00000000..2f8ae146
--- /dev/null
+++ b/releasenotes/notes/vpp-ml2-8e115f7763510531.yaml
@@ -0,0 +1,3 @@
+---
+features:
+ - Adds support for networking-vpp ML2 mechanism driver and agent.
diff --git a/roles_data.yaml b/roles_data.yaml
index 5c9aa132..67c763ce 100644
--- a/roles_data.yaml
+++ b/roles_data.yaml
@@ -142,6 +142,7 @@
- OS::TripleO::Services::OctaviaHousekeeping
- OS::TripleO::Services::OctaviaWorker
- OS::TripleO::Services::Vpp
+ - OS::TripleO::Services::NeutronVppAgent
- OS::TripleO::Services::Docker
- name: Compute
@@ -175,6 +176,7 @@
- OS::TripleO::Services::AuditD
- OS::TripleO::Services::Collectd
- OS::TripleO::Services::Vpp
+ - OS::TripleO::Services::NeutronVppAgent
- OS::TripleO::Services::MySQLClient
- OS::TripleO::Services::Docker