b3a382f738
The minimum version of puppetlabs-stdlib has been bumped globally, so now we can use the common type definition. Change-Id: Ide3c9d927c25721001295faa105835928a95cf9d Signed-off-by: Takashi Kajinami <kajinamit@oss.nttdata.com>
193 lines
7.5 KiB
Puppet
193 lines
7.5 KiB
Puppet
# == Class: neutron::agents::ml2::ovn
|
|
#
|
|
# Setup and configure neutron OVN Neutron Agent.
|
|
#
|
|
# === Parameters
|
|
#
|
|
# [*package_ensure*]
|
|
# (optional) Ensure state of the package. Defaults to 'present'.
|
|
#
|
|
# [*enabled*]
|
|
# (optional) State of the service. Defaults to true.
|
|
#
|
|
# [*manage_service*]
|
|
# (optional) Whether to start/stop the service
|
|
# Defaults to true
|
|
#
|
|
# [*debug*]
|
|
# (optional) Debug. Defaults to $facts['os_service_default'].
|
|
#
|
|
# [*extensions*]
|
|
# (optional) Extension list to use.
|
|
# Defaults to $facts['os_service_default']
|
|
#
|
|
# [*ovsdb_connection*]
|
|
# (optional) The URI used to connect to the local OVSDB server.
|
|
# Defaults to 'tcp:127.0.0.1:6640'
|
|
#
|
|
# [*ovs_manager*]
|
|
# The manager target that will be set to OVS so that the metadata agent can
|
|
# connect to.
|
|
# Defaults to 'ptcp:6640:127.0.0.1'
|
|
#
|
|
# [*ovn_nb_connection*]
|
|
# (optional) The connection string for the OVN_Northbound OVSDB.
|
|
# Defaults to 'tcp:127.0.0.1:6641'
|
|
#
|
|
# [*ovn_sb_connection*]
|
|
# (optional) The connection string for the OVN_Southbound OVSDB
|
|
# Defaults to '$facts['os_service_default']'
|
|
#
|
|
# [*ovn_nb_private_key*]
|
|
# (optional) The PEM file with private key for SSL connection to OVN-NB-DB
|
|
# Defaults to $facts['os_service_default']
|
|
#
|
|
# [*ovn_nb_certificate*]
|
|
# (optional) The PEM file with certificate that certifies the private
|
|
# key specified in ovn_nb_private_key
|
|
# Defaults to $facts['os_service_default']
|
|
#
|
|
# [*ovn_nb_ca_cert*]
|
|
# (optional) The PEM file with CA certificate that OVN should use to
|
|
# verify certificates presented to it by SSL peers
|
|
# Defaults to $facts['os_service_default']
|
|
#
|
|
# [*ovn_sb_private_key*]
|
|
# (optional) TThe PEM file with private key for SSL connection to OVN-SB-DB
|
|
# Defaults to $facts['os_service_default']
|
|
#
|
|
# [*ovn_sb_certificate*]
|
|
# (optional) The PEM file with certificate that certifies the
|
|
# private key specified in ovn_sb_private_key
|
|
# Defaults to $facts['os_service_default']
|
|
#
|
|
# [*ovn_sb_ca_cert*]
|
|
# (optional) TThe PEM file with CA certificate that OVN should use to
|
|
# verify certificates presented to it by SSL peers
|
|
# Defaults to $facts['os_service_default']
|
|
#
|
|
# [*ovsdb_connection_timeout*]
|
|
# (optional) Timeout in seconds for the OVSDB connection transaction.
|
|
# Defaults to $facts['os_service_default']
|
|
#
|
|
# [*ovndb_connection_timeout*]
|
|
# (optional) Timeout in seconds for the OVNDB connection transaction. This
|
|
# is used for OVN DB connection.
|
|
# Defaults to $facts['os_service_default']
|
|
#
|
|
# [*ovsdb_retry_max_interval*]
|
|
# (optional) Max interval in seconds between each retry to get the OVN NB
|
|
# and SB IDLs.
|
|
# Defaults to $facts['os_service_default'].
|
|
#
|
|
# [*ovsdb_probe_interval*]
|
|
# (optional) The probe interval for the OVSDB session in milliseconds.
|
|
# Defaults to $facts['os_service_default'].
|
|
#
|
|
# [*root_helper*]
|
|
# (optional) Use "sudo neutron-rootwrap /etc/neutron/rootwrap.conf" to use the real
|
|
# root filter facility. Change to "sudo" to skip the filtering and just run the command
|
|
# directly
|
|
# Defaults to 'sudo neutron-rootwrap /etc/neutron/rootwrap.conf'.
|
|
#
|
|
# [*root_helper_daemon*]
|
|
# (optional) Root helper daemon application to use when possible.
|
|
# Defaults to $facts['os_service_default'].
|
|
#
|
|
# [*state_path*]
|
|
# (optional) Where to store state files. This directory must be writable
|
|
# by the user executing the agent
|
|
# Defaults to $facts['os_service_default'].
|
|
#
|
|
# [*purge_config*]
|
|
# (optional) Whether to set only the specified config options
|
|
# in the metadata config.
|
|
# Defaults to false.
|
|
#
|
|
class neutron::agents::ml2::ovn (
|
|
Stdlib::Ensure::Package $package_ensure = 'present',
|
|
Boolean $enabled = true,
|
|
Boolean $manage_service = true,
|
|
$debug = $facts['os_service_default'],
|
|
$extensions = $facts['os_service_default'],
|
|
$ovsdb_connection = 'tcp:127.0.0.1:6640',
|
|
$ovs_manager = 'ptcp:6640:127.0.0.1',
|
|
$ovn_nb_connection = $facts['os_service_default'],
|
|
$ovn_sb_connection = $facts['os_service_default'],
|
|
$ovn_nb_private_key = $facts['os_service_default'],
|
|
$ovn_nb_certificate = $facts['os_service_default'],
|
|
$ovn_nb_ca_cert = $facts['os_service_default'],
|
|
$ovn_sb_private_key = $facts['os_service_default'],
|
|
$ovn_sb_certificate = $facts['os_service_default'],
|
|
$ovn_sb_ca_cert = $facts['os_service_default'],
|
|
$ovsdb_connection_timeout = $facts['os_service_default'],
|
|
$ovndb_connection_timeout = $facts['os_service_default'],
|
|
$ovsdb_retry_max_interval = $facts['os_service_default'],
|
|
$ovsdb_probe_interval = $facts['os_service_default'],
|
|
$root_helper = 'sudo neutron-rootwrap /etc/neutron/rootwrap.conf',
|
|
$root_helper_daemon = $facts['os_service_default'],
|
|
$state_path = $facts['os_service_default'],
|
|
Boolean $purge_config = false,
|
|
) {
|
|
include neutron::deps
|
|
include neutron::params
|
|
|
|
resources { 'neutron_agent_ovn':
|
|
purge => $purge_config,
|
|
}
|
|
|
|
neutron_agent_ovn {
|
|
'DEFAULT/debug': value => $debug;
|
|
'DEFAULT/state_path': value => $state_path;
|
|
'agent/extensions': value => join(any2array($extensions), ',');
|
|
'agent/root_helper': value => $root_helper;
|
|
'agent/root_helper_daemon': value => $root_helper_daemon;
|
|
'ovs/ovsdb_connection': value => $ovsdb_connection;
|
|
'ovs/ovsdb_connection_timeout': value => $ovsdb_connection_timeout;
|
|
'ovn/ovsdb_connection_timeout': value => $ovndb_connection_timeout;
|
|
'ovn/ovsdb_retry_max_interval': value => $ovsdb_retry_max_interval;
|
|
'ovn/ovsdb_probe_interval': value => $ovsdb_probe_interval;
|
|
'ovn/ovn_sb_connection': value => join(any2array($ovn_sb_connection), ',');
|
|
'ovn/ovn_nb_connection': value => join(any2array($ovn_nb_connection), ',');
|
|
'ovn/ovn_nb_private_key': value => $ovn_nb_private_key;
|
|
'ovn/ovn_nb_certificate': value => $ovn_nb_certificate;
|
|
'ovn/ovn_nb_ca_cert': value => $ovn_nb_ca_cert;
|
|
'ovn/ovn_sb_private_key': value => $ovn_sb_private_key;
|
|
'ovn/ovn_sb_certificate': value => $ovn_sb_certificate;
|
|
'ovn/ovn_sb_ca_cert': value => $ovn_sb_ca_cert;
|
|
}
|
|
|
|
package { 'neutron-ovn-agent':
|
|
ensure => $package_ensure,
|
|
name => $neutron::params::ovn_agent_package,
|
|
tag => ['openstack', 'neutron-package'],
|
|
}
|
|
|
|
if $manage_service {
|
|
if $enabled {
|
|
$service_ensure = 'running'
|
|
} else {
|
|
$service_ensure = 'stopped'
|
|
}
|
|
service { 'neutron-ovn-agent':
|
|
ensure => $service_ensure,
|
|
name => $neutron::params::ovn_agent_service,
|
|
enable => $enabled,
|
|
tag => 'neutron-service',
|
|
}
|
|
Neutron_agent_ovn<||> ~> Service['neutron-ovn-agent']
|
|
Exec['Set OVS Manager'] -> Service['neutron-ovn-agent']
|
|
}
|
|
|
|
# Set OVS manager so that the OVN Neutron Agent can connect to Open vSwitch
|
|
# NOTE(tkajinam): We use ensure_resource to avoid conflict with
|
|
# neutron::agents::ovn_metadata
|
|
ensure_resource('exec', 'Set OVS Manager', {
|
|
'command' => "ovs-vsctl set-manager ${ovs_manager}",
|
|
'unless' => "ovs-vsctl get-manager | grep \"${ovs_manager}\"",
|
|
'path' => '/usr/sbin:/usr/bin:/sbin:/bin',
|
|
})
|
|
|
|
Package<| title == 'neutron-ovn-agent' |> -> Exec['Set OVS Manager']
|
|
}
|