airship
/
treasuremap
Code Issues Proposed changes
treasuremap/type/cruiserlite/software/charts/osh/openstack-compute-kit/neutron.yaml

392 lines
13 KiB
YAML
Raw Blame History

---
schema: armada/Chart/v1
metadata:
schema: metadata/Document/v1
name: neutron
labels:
name: neutron-cruiserlite
component: neutron
layeringDefinition:
abstract: false
layer: type
parentSelector:
name: neutron-global
actions:
- method: merge
path: .
storagePolicy: cleartext
substitutions:
# OVS-DPDK settings for neutron
- src:
schema: pegleg/CommonAddresses/v1
name: common-addresses
path: .ovs-dpdk.ovs_bridge_dpdk
dest:
- path: .values.conf.ovs_dpdk.bridges[0].name
pattern: TUNNEL_BRIDGE
- path: .values.conf.ovs_dpdk.bonds[0].bridge
pattern: TUNNEL_BRIDGE
- path: .values.conf.plugins.openvswitch_agent.ovs.bridge_mappings
pattern: TUNNEL_BRIDGE
## NOTE: setting MTU same as overlay(9150) for now
- src:
schema: pegleg/NetworkSettings/v1
name: network-settings
path: .mtu.primary_bond
dest:
path: .values.conf.ovs_dpdk.bonds[0].mtu
- src:
schema: drydock/HardwareProfile/v1
name: intel-s2600wt
path: .device_aliases.data_nic2.address
dest:
path: .values.conf.ovs_dpdk.bonds[0].nics[0].pci_id
- src:
schema: drydock/HardwareProfile/v1
name: intel-s2600wt
path: .device_aliases.data_nic2.address
dest:
path: .values.conf.ovs_dpdk.bonds[0].nics[1].pci_id
# Site data mappings
# routable network
- src:
schema: drydock/Network/v1
name: routable
path: .vlan
dest:
path: .values.bootstrap.script
pattern: PUBLIC_SEGMENTATION_ID_VALUE
- src:
schema: drydock/Network/v1
name: routable
path: .labels.enabled
dest:
path: .values.bootstrap.script
pattern: PUBLIC_NETWORK_ENABLED_VALUE
- src:
schema: drydock/Network/v1
name: routable
path: ranges[0].start
dest:
path: .values.bootstrap.script
pattern: PUBLIC_START_IP_ADDRESS_VALUE
- src:
schema: drydock/Network/v1
name: routable
path: ranges[0].end
dest:
path: .values.bootstrap.script
pattern: PUBLIC_END_IP_ADDRESS_VALUE
- src:
schema: drydock/Network/v1
name: routable
path: .routes[0].gateway
dest:
path: .values.bootstrap.script
pattern: PUBLIC_NETWORK_GATEWAY_VALUE
- src:
schema: drydock/Network/v1
name: routable
path: .cidr
dest:
path: .values.bootstrap.script
pattern: PUBLIC_NETWORK_CIDR_VALUE
# overlay network
- src:
schema: drydock/Network/v1
name: overlay
path: .vlan
dest:
path: .values.bootstrap.script
pattern: OVERLAY_SEGMENTATION_ID_VALUE
- src:
schema: drydock/Network/v1
name: overlay
path: .labels.enabled
dest:
path: .values.bootstrap.script
pattern: OVERLAY_NETWORK_ENABLED_VALUE
- src:
schema: drydock/Network/v1
name: overlay
path: ranges[1].start
dest:
path: .values.bootstrap.script
pattern: OVERLAY_START_IP_ADDRESS_VALUE
- src:
schema: drydock/Network/v1
name: overlay
path: ranges[1].end
dest:
path: .values.bootstrap.script
pattern: OVERLAY_END_IP_ADDRESS_VALUE
- src:
schema: drydock/Network/v1
name: overlay
path: .routes[0].gateway
dest:
path: .values.bootstrap.script
pattern: OVERLAY_NETWORK_GATEWAY_VALUE
- src:
schema: drydock/Network/v1
name: overlay
path: .cidr
dest:
path: .values.bootstrap.script
pattern: OVERLAY_NETWORK_CIDR_VALUE
data:
wait:
timeout: 12000
test:
timeout: 1200
values:
pod:
use_fqdn:
neutron_agent: false
replicas:
server: 3
labels:
sriov:
node_selector_key: sriov
node_selector_value: enabled
network:
interface:
sriov:
- device: ens785f1
num_vfs: 32
promisc: false
qos:
- vf_num: 0
share: 20
backend:
- openvswitch
- sriov
conf:
# FIXME(je808k) confirm with NCD
auto_bridge_add:
br-bond1: null
dhcp_agent:
DEFAULT:
ovs_use_veth: true
ovs_dpdk:
enabled: true
driver: vfio-pci
nics: []
bridges:
- name: TUNNEL_BRIDGE
bonds:
- name: dpdkbond0
bridge: TUNNEL_BRIDGE
# The IP from the first nic in nics list shall be used
migrate_ip: false
n_rxq: 4
n_rxq_size: 4096
n_txq_size: 4096
ovs_options: "bond_mode=active-backup"
nics:
- name: dpdk_b0s0
vf_index: 0
- name: dpdk_b0s1
vf_index: 1
neutron:
DEFAULT:
#service_plugins: router,taas,trunk
service_plugins: router,trunk,neutron.services.qos.qos_plugin.QoSPlugin
plugins:
openvswitch_agent:
default:
ovs_vsctl_timeout: 30
agent:
tunnel_types: ""
securitygroup:
enable_security_group: False
firewall_driver: neutron.agent.firewall.NoopFirewallDriver
ovs:
bridge_mappings: ovsnet:TUNNEL_BRIDGE
datapath_type: netdev
of_connect_timeout: 60
of_request_timeout: 30
vhostuser_socket_dir: /var/run/openvswitch/vhostuser
ml2_conf:
ml2:
mechanism_drivers: l2population,openvswitch,sriovnicswitch
extension_drivers: port_security, qos
agent:
extensions: qos
ml2_type_vlan:
## NOTE: Must have at least 1 sriov network defined
network_vlan_ranges: external,sriovnet1:100:4000,ovsnet:2:4094
sriov_agent:
securitygroup:
firewall_driver: neutron.agent.firewall.NoopFirewallDriver
sriov_nic:
physical_device_mappings: sriovnet1:ens785f1
exclude_devices: ens785f1:0000:05:06.0; 0000:05:06.1
taas:
taas:
enabled: True
taas_plugin:
service_providers:
service_provider: TAAS:TAAS:neutron_taas.services.taas.service_drivers.taas_rpc.TaasRpcDriver:default
# Need to wait for sriov agent to come up and configure VFs first
dependencies:
dynamic:
targeted:
openvswitch:
ovs_agent:
pod:
- requireSameNode: true
labels:
application: neutron
component: neutron-sriov-agent
# Disable the boostrap script for now because there is no longer an oam network
# on vlan45 to put the public network on.
bootstrap:
enabled: false
ks_user: neutron
script: |
# TODO this should be moved out of neutron into an ending chart group that config
# a running openstack site to the targeted tenet's needs.
set +e
# Static Values
export PUBLIC_PHYSICAL_NETWORK="ovsnet"
export RESOURCE_DOMAIN=qa
export RESOURCE_PROJECT=aqua-admin
# Non-site data
export DNS_UPSTREAM_SERVERS="DNS_UPSTREAM_SERVERS_JOINED_VALUE"
# Site Data
# Declare associative arrays with each network data
declare -A PUBLIC_NET=(
[NETWORK_NAME]="routable"
[NETWORK_ENABLED]="PUBLIC_NETWORK_ENABLED_VALUE"
[SEGMENTATION_ID]="PUBLIC_SEGMENTATION_ID_VALUE"
[START_IP_ADDRESS]="PUBLIC_START_IP_ADDRESS_VALUE"
[END_IP_ADDRESS]="PUBLIC_END_IP_ADDRESS_VALUE"
[NETWORK_GATEWAY]="PUBLIC_NETWORK_GATEWAY_VALUE"
[NETWORK_CIDR]="PUBLIC_NETWORK_CIDR_VALUE"
[EXTERNAL]="true"
)
export PUBLIC_NET
declare -A OVERLAY_NET=(
[NETWORK_NAME]="default-private"
[NETWORK_ENABLED]="OVERLAY_NETWORK_ENABLED_VALUE"
[SEGMENTATION_ID]="OVERLAY_SEGMENTATION_ID_VALUE"
[START_IP_ADDRESS]="OVERLAY_START_IP_ADDRESS_VALUE"
[END_IP_ADDRESS]="OVERLAY_END_IP_ADDRESS_VALUE"
[NETWORK_GATEWAY]="OVERLAY_NETWORK_GATEWAY_VALUE"
[NETWORK_CIDR]="OVERLAY_NETWORK_CIDR_VALUE"
[EXTERNAL]="false"
)
export OVERLAY_NET
# Defining function for validating ip address
valid_ip() {
local ip=$1
if expr "$ip" : '[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*$' >/dev/null; then
for i in 1 2 3 4; do
if [ $(echo "$ip" | cut -d. -f$i) -gt 255 ]; then
return 1
fi
done
return 0
else
return 1
fi
}
# Declare array of names of associative arrays
export networks=("${!PUBLIC_NET@}" "${!OVERLAY_NET@}")
# Declare loop variable as nameref
declare -n net_ref
# Loop over networks
for net_ref in "${networks[@]}"; do
# NOTE: If the network is not found, just assume this is a new deployment
# and create all the essentials if enabled.
NET_ENABLED=$(echo "${net_ref[NETWORK_ENABLED]}" | tr [:upper:] [:lower:])
if [ "${NET_ENABLED}" = "true" ]; then
EXISTING_NET=($(openstack network list \
--provider-physical-network "${PUBLIC_PHYSICAL_NETWORK}" \
--provider-network-type vlan \
--provider-segment "${net_ref[SEGMENTATION_ID]}" \
--long -f value -c ID -c Name -c Project))
if [ ! -z "${EXISTING_NET[0]}" ]; then
echo "WARN network [${EXISTING_NET[0]}], [${EXISTING_NET[1]}] already exists in project ${EXISTING_NET[2]}"
CURNET="${EXISTING_NET[0]}"
else
## NOTE: Due to this nova RBAC rule "network:attach_external_network:!"
## the routable network cannot be created with --external
## otherwise will not be able to create VM directly off of it.
echo "INFO Creating network with name [${net_ref[NETWORK_NAME]}]"
CURNET=$(openstack network create "${net_ref[NETWORK_NAME]}" \
--enable \
--provider-physical-network "${PUBLIC_PHYSICAL_NETWORK}" \
--provider-network-type vlan \
--provider-segment "${net_ref[SEGMENTATION_ID]}" \
--enable-port-security \
--project-domain "${RESOURCE_DOMAIN}" \
--project "${RESOURCE_PROJECT}" -f value -c id)
if [ -z "${CURNET}" ]; then
echo "ERROR Failed to create network"
exit 0
fi
fi
SUBNET=$(openstack subnet list --name "${net_ref[NETWORK_NAME]}-subnet" \
--network "${CURNET}" -f value -c ID)
if [ "${SUBNET}" = "" ]; then
export EXTRA_SUBNET_ARGS=()
# we should have dns servers only for routable network
if [ "${net_ref[EXTERNAL]}" = "true" ]; then
for dns_server in $(echo "${DNS_UPSTREAM_SERVERS}" | tr ',' ' '); do
EXTRA_SUBNET_ARGS+=(--dns-nameserver "${dns_server}")
done
fi
if ! valid_ip "${net_ref[NETWORK_GATEWAY]}"; then
net_ref[NETWORK_GATEWAY]=none
fi
EXTRA_SUBNET_ARGS+=(
--gateway "${net_ref[NETWORK_GATEWAY]}"
)
echo "INFO Creating subnet for network ${net_ref[NETWORK_NAME]}"
SUBNET=$(openstack subnet create "${net_ref[NETWORK_NAME]}-subnet" \
--network "${CURNET}" \
--allocation-pool start="${net_ref[START_IP_ADDRESS]}",end="${net_ref[END_IP_ADDRESS]}" \
"${EXTRA_SUBNET_ARGS[@]}" \
--subnet-range "${net_ref[NETWORK_CIDR]}" \
--dhcp \
--project-domain "${RESOURCE_DOMAIN}" \
--project "${RESOURCE_PROJECT}" -f value -c id)
if [ -z "${SUBNET}" ]; then
echo "ERROR Failed to create subnet [${net_ref[NETWORK_NAME]}-subnet]"
exit 0
fi
else
echo "WARN Subnet [${net_ref[NETWORK_NAME]}-subnet] for [${net_ref[NETWORK_NAME]}] already exists, not re-creating."
fi
else
echo "INFO The creation of a public network [${net_ref[NETWORK_NAME]}] was disabled, no attempt to create related resources was made."
fi
done
exit 0
...
View Git Blame Copy Permalink