summaryrefslogtreecommitdiffstats
path: root/puppet/services/neutron-ovs-agent.yaml
blob: baeb0c66b255b616d932171ab8cc48427984f120 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
heat_template_version: ocata

description: >
  OpenStack Neutron OVS agent configured with Puppet

parameters:
  ServiceNetMap:
    default: {}
    description: Mapping of service_name -> network name. Typically set
                 via parameter_defaults in the resource registry.  This
                 mapping overrides those in ServiceNetMapDefaults.
    type: json
  DefaultPasswords:
    default: {}
    type: json
  EndpointMap:
    default: {}
    description: Mapping of service endpoint -> protocol. Typically set
                 via parameter_defaults in the resource registry.
    type: json
  NeutronEnableL2Pop:
    type: string
    description: >
        Enable/disable the L2 population feature in the Neutron agents.
    default: "False"
  NeutronBridgeMappings:
    description: >
      The OVS logical->physical bridge mappings to use. See the Neutron
      documentation for details. Defaults to mapping br-ex - the external
      bridge on hosts - to a physical name 'datacentre' which can be used
      to create provider networks (and we use this for the default floating
      network) - if changing this either use different post-install network
      scripts or be sure to keep 'datacentre' as a mapping network name.
    type: comma_delimited_list
    default: "datacentre:br-ex"
  NeutronTunnelTypes:
    default: 'vxlan'
    description: |
        The tunnel types for the Neutron tenant network.
    type: comma_delimited_list
  NeutronAgentExtensions:
    default: "qos"
    description: |
        Comma-separated list of extensions enabled for the Neutron agents.
    type: comma_delimited_list
  NeutronEnableDVR:
    default: False
    description: |
      Enable support for distributed routing in the OVS Agent.
    type: boolean
  NeutronEnableARPResponder:
    default: false
    description: |
      Enable ARP responder feature in the OVS Agent.
    type: boolean
  MonitoringSubscriptionNeutronOvs:
    default: 'overcloud-neutron-ovs-agent'
    type: string
  NeutronOVSFirewallDriver:
    default: ''
    description: |
      Configure the classname of the firewall driver to use for implementing
      security groups. Possible values depend on system configuration. Some
      examples are: noop, openvswitch, iptables_hybrid. The default value of an
      empty string will result in a default supported configuration.
    type: string
  NeutronOpenVswitchAgentLoggingSource:
    type: json
    default:
      tag: openstack.neutron.agent.openvswitch
      path: /var/log/neutron/openvswitch-agent.log

conditions:
  no_firewall_driver: {equals : [{get_param: NeutronOVSFirewallDriver}, '']}

resources:

  NeutronBase:
    type: ./neutron-base.yaml
    properties:
      ServiceNetMap: {get_param: ServiceNetMap}
      DefaultPasswords: {get_param: DefaultPasswords}
      EndpointMap: {get_param: EndpointMap}

outputs:
  role_data:
    description: Role data for the Neutron OVS agent service.
    value:
      service_name: neutron_ovs_agent
      monitoring_subscription: {get_param: MonitoringSubscriptionNeutronOvs}
      logging_source: {get_param: NeutronOpenVswitchAgentLoggingSource}
      logging_groups:
        - neutron
      config_settings:
        map_merge:
          - get_attr: [NeutronBase, role_data, config_settings]
          - neutron::agents::ml2::ovs::l2_population: {get_param: NeutronEnableL2Pop}
            neutron::agents::ml2::ovs::enable_distributed_routing: {get_param: NeutronEnableDVR}
            neutron::agents::ml2::ovs::arp_responder: {get_param: NeutronEnableARPResponder}
            neutron::agents::ml2::ovs::bridge_mappings: {get_param: NeutronBridgeMappings}
            neutron::agents::ml2::ovs::tunnel_types: {get_param: NeutronTunnelTypes}
            neutron::agents::ml2::ovs::extensions: {get_param: NeutronAgentExtensions}
            # NOTE: bind IP is found in Heat replacing the network name with the
            # local node IP for the given network; replacement examples
            # (eg. for internal_api):
            # internal_api -> IP
            # internal_api_uri -> [IP]
            # internal_api_subnet - > IP/CIDR
            neutron::agents::ml2::ovs::local_ip: {get_param: [ServiceNetMap, NeutronTenantNetwork]}
            tripleo.neutron_ovs_agent.firewall_rules:
              '118 neutron vxlan networks':
                proto: 'udp'
                dport: 4789
              '136 neutron gre networks':
                proto: 'gre'
          -
            if:
            - no_firewall_driver
            - {}
            - neutron::agents::ml2::ovs::firewall_driver: {get_param: NeutronOVSFirewallDriver}
      step_config: |
        include ::tripleo::profile::base::neutron::ovs
      upgrade_tasks:
        - name: Stop neutron_ovs_agent service
          tags: step2
          service: name=neutron-openvswitch-agent state=stopped