diff options
-rw-r--r-- | docker/services/heat-api-cfn.yaml | 16 | ||||
-rw-r--r-- | docker/services/heat-api.yaml | 16 | ||||
-rw-r--r-- | docker/services/zaqar.yaml | 8 | ||||
-rw-r--r-- | environments/docker-services-tls-everywhere.yaml | 13 | ||||
-rw-r--r-- | environments/hyperconverged-ceph.yaml | 1 | ||||
-rw-r--r-- | environments/neutron-ml2-vpp.yaml | 22 | ||||
-rw-r--r-- | overcloud-resource-registry-puppet.j2.yaml | 1 | ||||
-rw-r--r-- | puppet/services/neutron-vpp-agent.yaml | 48 | ||||
-rw-r--r-- | releasenotes/notes/vpp-ml2-8e115f7763510531.yaml | 3 | ||||
-rw-r--r-- | roles_data.yaml | 2 |
10 files changed, 122 insertions, 8 deletions
diff --git a/docker/services/heat-api-cfn.yaml b/docker/services/heat-api-cfn.yaml index fc228155..ff18f177 100644 --- a/docker/services/heat-api-cfn.yaml +++ b/docker/services/heat-api-cfn.yaml @@ -31,7 +31,13 @@ parameters: DefaultPasswords: default: {} type: json + EnableInternalTLS: + type: boolean + default: false +conditions: + + internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} resources: @@ -95,6 +101,16 @@ outputs: - /var/lib/config-data/heat_api_cfn/etc/httpd/:/etc/httpd/:ro - /var/lib/config-data/heat_api_cfn/var/www/:/var/www/:ro - /var/log/containers/heat:/var/log/heat + - + if: + - internal_tls_enabled + - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro + - '' + - + if: + - internal_tls_enabled + - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro + - '' environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS host_prep_tasks: diff --git a/docker/services/heat-api.yaml b/docker/services/heat-api.yaml index fe565411..886a0d80 100644 --- a/docker/services/heat-api.yaml +++ b/docker/services/heat-api.yaml @@ -31,7 +31,13 @@ parameters: DefaultPasswords: default: {} type: json + EnableInternalTLS: + type: boolean + default: false +conditions: + + internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} resources: @@ -95,6 +101,16 @@ outputs: - /var/lib/config-data/heat_api/etc/httpd/:/etc/httpd/:ro - /var/lib/config-data/heat_api/var/www/:/var/www/:ro - /var/log/containers/heat:/var/log/heat + - + if: + - internal_tls_enabled + - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro + - '' + - + if: + - internal_tls_enabled + - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro + - '' environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS host_prep_tasks: diff --git a/docker/services/zaqar.yaml b/docker/services/zaqar.yaml index 5ba044ea..07abf07d 100644 --- a/docker/services/zaqar.yaml +++ b/docker/services/zaqar.yaml @@ -59,7 +59,7 @@ outputs: - [ {get_param: DockerNamespace}, {get_param: DockerZaqarImage} ] kolla_config: /var/lib/kolla/config_files/zaqar.json: - command: /usr/bin/zaqar-server --config-file /etc/zaqar/zaqar.conf + command: /usr/sbin/httpd -DFOREGROUND /var/lib/kolla/config_files/zaqar_websocket.json: command: /usr/bin/zaqar-server --config-file /etc/zaqar/zaqar.conf --config-file /etc/zaqar/1.conf permissions: @@ -73,6 +73,9 @@ outputs: net: host privileged: false restart: always + # NOTE(mandre) kolla image changes the user to 'zaqar', we need it + # to be root to run httpd + user: root volumes: list_concat: - {get_attr: [ContainersCommon, volumes]} @@ -108,5 +111,4 @@ outputs: upgrade_tasks: - name: Stop and disable zaqar service tags: step2 - service: name=openstack-zaqar.service state=stopped enabled=no - + service: name=httpd state=stopped enabled=no diff --git a/environments/docker-services-tls-everywhere.yaml b/environments/docker-services-tls-everywhere.yaml index 73b91727..7b27663f 100644 --- a/environments/docker-services-tls-everywhere.yaml +++ b/environments/docker-services-tls-everywhere.yaml @@ -8,14 +8,17 @@ resource_registry: OS::TripleO::Compute::NodeUserData: ../docker/firstboot/setup_docker_host.yaml # NOTE: add roles to be docker enabled as we support them. - OS::TripleO::Services::Keystone: ../docker/services/keystone.yaml - OS::TripleO::Services::GnocchiApi: ../docker/services/gnocchi-api.yaml - OS::TripleO::Services::GnocchiMetricd: ../docker/services/gnocchi-metricd.yaml - OS::TripleO::Services::GnocchiStatsd: ../docker/services/gnocchi-statsd.yaml OS::TripleO::Services::AodhApi: ../docker/services/aodh-api.yaml OS::TripleO::Services::AodhEvaluator: ../docker/services/aodh-evaluator.yaml - OS::TripleO::Services::AodhNotifier: ../docker/services/aodh-notifier.yaml OS::TripleO::Services::AodhListener: ../docker/services/aodh-listener.yaml + OS::TripleO::Services::AodhNotifier: ../docker/services/aodh-notifier.yaml + OS::TripleO::Services::GnocchiApi: ../docker/services/gnocchi-api.yaml + OS::TripleO::Services::GnocchiMetricd: ../docker/services/gnocchi-metricd.yaml + OS::TripleO::Services::GnocchiStatsd: ../docker/services/gnocchi-statsd.yaml + OS::TripleO::Services::HeatApi: ../docker/services/heat-api.yaml + OS::TripleO::Services::HeatApiCfn: ../docker/services/heat-api-cfn.yaml + OS::TripleO::Services::HeatEngine: ../docker/services/heat-engine.yaml + OS::TripleO::Services::Keystone: ../docker/services/keystone.yaml OS::TripleO::Services::PankoApi: ../docker/services/panko-api.yaml OS::TripleO::PostDeploySteps: ../docker/post.yaml diff --git a/environments/hyperconverged-ceph.yaml b/environments/hyperconverged-ceph.yaml index f1c90e2d..6fd71013 100644 --- a/environments/hyperconverged-ceph.yaml +++ b/environments/hyperconverged-ceph.yaml @@ -32,5 +32,6 @@ parameter_defaults: - OS::TripleO::Services::Collectd - OS::TripleO::Services::CephOSD - OS::TripleO::Services::Vpp + - OS::TripleO::Services::NeutronVppAgent - OS::TripleO::Services::MySQLClient - OS::TripleO::Services::Docker diff --git a/environments/neutron-ml2-vpp.yaml b/environments/neutron-ml2-vpp.yaml new file mode 100644 index 00000000..1dec395c --- /dev/null +++ b/environments/neutron-ml2-vpp.yaml @@ -0,0 +1,22 @@ +# Environment file used to enable networking-vpp ML2 mechanism driver + +resource_registry: + OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None + OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None + OS::TripleO::Services::NeutronVppAgent: ../puppet/services/neutron-vpp-agent.yaml + OS::TripleO::Services::Etcd: ../puppet/services/etcd.yaml + OS::TripleO::Services::Vpp: ../puppet/services/vpp.yaml + +parameter_defaults: + #Comma delimited list of <physical_network>:<VPP Interface>. + #Example: "datacentre:GigabitEthernet2/2/0" + #NeutronVPPAgentPhysnets: "" + + NeutronMechanismDrivers: vpp + NeutronNetworkType: vlan + NeutronServicePlugins: router + NeutronTypeDrivers: vlan,flat + ExtraConfig: + # Use Linux Bridge driver for DHCP and L3 agent. + neutron::agents::dhcp::interface_driver: "neutron.agent.linux.interface.BridgeInterfaceDriver" + neutron::agents::l3::interface_driver: "neutron.agent.linux.interface.BridgeInterfaceDriver" diff --git a/overcloud-resource-registry-puppet.j2.yaml b/overcloud-resource-registry-puppet.j2.yaml index ea080be9..0d55070c 100644 --- a/overcloud-resource-registry-puppet.j2.yaml +++ b/overcloud-resource-registry-puppet.j2.yaml @@ -254,6 +254,7 @@ resource_registry: OS::TripleO::Services::OctaviaWorker: OS::Heat::None OS::TripleO::Services::MySQLClient: puppet/services/database/mysql-client.yaml OS::TripleO::Services::Vpp: OS::Heat::None + OS::TripleO::Services::NeutronVppAgent: OS::Heat::None OS::TripleO::Services::Docker: OS::Heat::None OS::TripleO::Services::CertmongerUser: OS::Heat::None diff --git a/puppet/services/neutron-vpp-agent.yaml b/puppet/services/neutron-vpp-agent.yaml new file mode 100644 index 00000000..7c2db445 --- /dev/null +++ b/puppet/services/neutron-vpp-agent.yaml @@ -0,0 +1,48 @@ +heat_template_version: ocata + +description: > + OpenStack Neutron ML2/VPP agent configured with Puppet + +parameters: + ServiceNetMap: + default: {} + description: > + Mapping of service_name -> network name. Typically set via + parameter_defaults in the resource registry. This mapping overrides those + in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + NeutronVPPAgentPhysnets: + description: > + List of <physical_network>:<VPP Interface> + Example: "physnet1:GigabitEthernet2/2/0,physnet2:GigabitEthernet2/3/0" + type: comma_delimited_list + default: "" + +resources: + + NeutronBase: + type: ./neutron-base.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Neutron ML2/VPP agent service. + value: + service_name: neutron_vpp_agent + config_settings: + map_merge: + - get_attr: [NeutronBase, role_data, config_settings] + - tripleo::profile::base::neutron::agents::vpp::physnet_mapping: {get_param: NeutronVPPAgentPhysnets} + step_config: | + include ::tripleo::profile::base::neutron::agents::vpp
\ No newline at end of file diff --git a/releasenotes/notes/vpp-ml2-8e115f7763510531.yaml b/releasenotes/notes/vpp-ml2-8e115f7763510531.yaml new file mode 100644 index 00000000..2f8ae146 --- /dev/null +++ b/releasenotes/notes/vpp-ml2-8e115f7763510531.yaml @@ -0,0 +1,3 @@ +--- +features: + - Adds support for networking-vpp ML2 mechanism driver and agent. diff --git a/roles_data.yaml b/roles_data.yaml index 5c9aa132..67c763ce 100644 --- a/roles_data.yaml +++ b/roles_data.yaml @@ -142,6 +142,7 @@ - OS::TripleO::Services::OctaviaHousekeeping - OS::TripleO::Services::OctaviaWorker - OS::TripleO::Services::Vpp + - OS::TripleO::Services::NeutronVppAgent - OS::TripleO::Services::Docker - name: Compute @@ -175,6 +176,7 @@ - OS::TripleO::Services::AuditD - OS::TripleO::Services::Collectd - OS::TripleO::Services::Vpp + - OS::TripleO::Services::NeutronVppAgent - OS::TripleO::Services::MySQLClient - OS::TripleO::Services::Docker |