Merge "Test deployment with VPNaaS + ml2 ovn driver"
This commit is contained in:
Zuul
Gerrit Code Review
commit
2f556a71b5
@ -73,7 +73,7 @@ scenario](#all-in-one).
|
|||||||
| ceph rgw | | | | X | | |
|
| ceph rgw | | | | X | | |
|
||||||
| vitrage | X | | | | | |
|
| vitrage | X | | | | | |
|
||||||
| watcher | | | | X | | |
|
| watcher | | | | X | | |
|
||||||
| vpnaas | | | | X | | |
|
| vpnaas | | | | X | X | |
|
||||||
| taas | | | | X | | |
|
| taas | | | | X | | |
|
||||||
| bgpvpn-api | | | | X | | |
|
| bgpvpn-api | | | | X | | |
|
||||||
| bgp-dr | | | | X | | |
|
| bgp-dr | | | | X | | |
|
||||||
|
|||||||
@ -25,11 +25,14 @@ case $facts['os']['family'] {
|
|||||||
$ipv6 = false
|
$ipv6 = false
|
||||||
$ovn_metadata_agent_enabled = true
|
$ovn_metadata_agent_enabled = true
|
||||||
$jobboard_backend = 'redis'
|
$jobboard_backend = 'redis'
|
||||||
|
# TODO(tkajinam): Enable these along with the other plugins
|
||||||
|
$vpnaas_enabled = false
|
||||||
}
|
}
|
||||||
'RedHat': {
|
'RedHat': {
|
||||||
$ipv6 = true
|
$ipv6 = true
|
||||||
$ovn_metadata_agent_enabled = false
|
$ovn_metadata_agent_enabled = false
|
||||||
$jobboard_backend = 'redis_sentinel'
|
$jobboard_backend = 'redis_sentinel'
|
||||||
|
$vpnaas_enabled = true
|
||||||
}
|
}
|
||||||
default: {
|
default: {
|
||||||
fail("Unsupported osfamily (${facts['os']['family']})")
|
fail("Unsupported osfamily (${facts['os']['family']})")
|
||||||
@ -59,6 +62,7 @@ class { 'openstack_integration::glance':
|
|||||||
class { 'openstack_integration::neutron':
|
class { 'openstack_integration::neutron':
|
||||||
driver => 'ovn',
|
driver => 'ovn',
|
||||||
ovn_metadata_agent_enabled => $ovn_metadata_agent_enabled,
|
ovn_metadata_agent_enabled => $ovn_metadata_agent_enabled,
|
||||||
|
vpnaas_enabled => $vpnaas_enabled
|
||||||
}
|
}
|
||||||
include openstack_integration::placement
|
include openstack_integration::placement
|
||||||
class { 'openstack_integration::nova':
|
class { 'openstack_integration::nova':
|
||||||
@ -88,4 +92,5 @@ class { 'openstack_integration::tempest':
|
|||||||
octavia => true,
|
octavia => true,
|
||||||
neutron_driver => 'ovn',
|
neutron_driver => 'ovn',
|
||||||
image_format => 'raw',
|
image_format => 'raw',
|
||||||
|
vpnaas => $vpnaas_enabled,
|
||||||
}
|
}
|
||||||
|
|||||||
@ -61,9 +61,6 @@ class openstack_integration::neutron (
|
|||||||
if $metering_enabled {
|
if $metering_enabled {
|
||||||
fail('Metering agent is not supported when ovn mechanism driver is used.')
|
fail('Metering agent is not supported when ovn mechanism driver is used.')
|
||||||
}
|
}
|
||||||
if $vpnaas_enabled {
|
|
||||||
fail('VPNaaS is not supported when ovn mechanism driver is used.')
|
|
||||||
}
|
|
||||||
if $bgpvpn_enabled {
|
if $bgpvpn_enabled {
|
||||||
fail('BGP VPN is not supported when ovn mechanism driver is used.')
|
fail('BGP VPN is not supported when ovn mechanism driver is used.')
|
||||||
}
|
}
|
||||||
@ -158,7 +155,13 @@ class openstack_integration::neutron (
|
|||||||
|
|
||||||
if $driver == 'ovn' {
|
if $driver == 'ovn' {
|
||||||
$dhcp_agent_notification = false
|
$dhcp_agent_notification = false
|
||||||
$plugins_list = ['qos', 'ovn-router', 'trunk']
|
$vpaaas_plugin = $vpnaas_enabled ? {
|
||||||
|
true => 'ovn-vpnaas',
|
||||||
|
default => undef,
|
||||||
|
}
|
||||||
|
$plugins_list = delete_undef_values([
|
||||||
|
'qos', 'ovn-router', 'trunk', $vpaaas_plugin,
|
||||||
|
])
|
||||||
} else {
|
} else {
|
||||||
$dhcp_agent_notification = true
|
$dhcp_agent_notification = true
|
||||||
$metering_plugin = $metering_enabled ? {
|
$metering_plugin = $metering_enabled ? {
|
||||||
@ -281,7 +284,10 @@ class openstack_integration::neutron (
|
|||||||
}
|
}
|
||||||
|
|
||||||
$rpc_workers = $driver ? {
|
$rpc_workers = $driver ? {
|
||||||
'ovn' => 0,
|
'ovn' => $vpnaas_enabled ? {
|
||||||
|
true => 2,
|
||||||
|
default => 0,
|
||||||
|
},
|
||||||
default => 2,
|
default => 2,
|
||||||
}
|
}
|
||||||
$rpc_state_report_workers = $driver ? {
|
$rpc_state_report_workers = $driver ? {
|
||||||
@ -404,6 +410,23 @@ class openstack_integration::neutron (
|
|||||||
ovn_sb_ca_cert => '/etc/neutron/switchcacert.pem',
|
ovn_sb_ca_cert => '/etc/neutron/switchcacert.pem',
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$vpn_device_driver = $facts['os']['family'] ? {
|
||||||
|
'Debian' => 'neutron_vpnaas.services.vpn.device_drivers.ovn_ipsec.OvnStrongSwanDriver',
|
||||||
|
default => 'neutron_vpnaas.services.vpn.device_drivers.ovn_ipsec.OvnLibreSwanDriver',
|
||||||
|
}
|
||||||
|
$vpnaas_driver = 'neutron_vpnaas.services.vpn.service_drivers.ovn_ipsec.IPsecOvnVPNDriver'
|
||||||
|
if $vpnaas_enabled {
|
||||||
|
class { 'neutron::agents::vpnaas::ovn':
|
||||||
|
debug => true,
|
||||||
|
vpn_device_driver => $vpn_device_driver,
|
||||||
|
interface_driver => 'openvswitch',
|
||||||
|
ovn_sb_connection => $::openstack_integration::config::ovn_sb_connection,
|
||||||
|
ovn_sb_private_key => '/etc/neutron/ovnsb-privkey.pem',
|
||||||
|
ovn_sb_certificate => '/etc/neutron/ovnsb-cert.pem',
|
||||||
|
ovn_sb_ca_cert => '/etc/neutron/switchcacert.pem',
|
||||||
|
}
|
||||||
|
}
|
||||||
} else {
|
} else {
|
||||||
class { 'neutron::agents::metadata':
|
class { 'neutron::agents::metadata':
|
||||||
debug => true,
|
debug => true,
|
||||||
@ -434,29 +457,19 @@ class openstack_integration::neutron (
|
|||||||
debug => true,
|
debug => true,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if $vpnaas_enabled {
|
|
||||||
$vpn_device_driver = $facts['os']['family'] ? {
|
|
||||||
'Debian' => 'neutron_vpnaas.services.vpn.device_drivers.strongswan_ipsec.StrongSwanDriver',
|
|
||||||
default => 'neutron_vpnaas.services.vpn.device_drivers.libreswan_ipsec.LibreSwanDriver'
|
|
||||||
}
|
|
||||||
$service_provider_name = $facts['os']['family'] ? {
|
|
||||||
'Debian' => 'strongswan',
|
|
||||||
default => 'openswan'
|
|
||||||
}
|
|
||||||
|
|
||||||
class { 'neutron::services::vpnaas':
|
$vpn_device_driver = $facts['os']['family'] ? {
|
||||||
service_providers => join([
|
'Debian' => 'neutron_vpnaas.services.vpn.device_drivers.strongswan_ipsec.StrongSwanDriver',
|
||||||
'VPN',
|
default => 'neutron_vpnaas.services.vpn.device_drivers.libreswan_ipsec.LibreSwanDriver'
|
||||||
$service_provider_name,
|
}
|
||||||
'neutron_vpnaas.services.vpn.service_drivers.ipsec.IPsecVPNDriver',
|
$vpnaas_driver = 'neutron_vpnaas.services.vpn.service_drivers.ipsec.IPsecVPNDriver'
|
||||||
'default'
|
if $vpnaas_enabled {
|
||||||
], ':')
|
|
||||||
}
|
|
||||||
class { 'neutron::agents::vpnaas':
|
class { 'neutron::agents::vpnaas':
|
||||||
vpn_device_driver => $vpn_device_driver,
|
vpn_device_driver => $vpn_device_driver,
|
||||||
interface_driver => $driver,
|
interface_driver => $driver,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if $taas_enabled {
|
if $taas_enabled {
|
||||||
class { 'neutron::agents::taas': }
|
class { 'neutron::agents::taas': }
|
||||||
class { 'neutron::services::taas': }
|
class { 'neutron::services::taas': }
|
||||||
@ -483,6 +496,22 @@ class openstack_integration::neutron (
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if $vpnaas_enabled {
|
||||||
|
$vpnaas_service_provider = $facts['os']['family'] ? {
|
||||||
|
'Debian' => 'strongswan',
|
||||||
|
default => 'openswan'
|
||||||
|
}
|
||||||
|
|
||||||
|
class { 'neutron::services::vpnaas':
|
||||||
|
service_providers => join([
|
||||||
|
'VPN',
|
||||||
|
$vpnaas_service_provider,
|
||||||
|
$vpnaas_driver,
|
||||||
|
'default'
|
||||||
|
], ':')
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if $baremetal_enabled {
|
if $baremetal_enabled {
|
||||||
class { 'neutron::plugins::ml2::networking_baremetal': }
|
class { 'neutron::plugins::ml2::networking_baremetal': }
|
||||||
class { 'neutron::agents::ml2::networking_baremetal':
|
class { 'neutron::agents::ml2::networking_baremetal':
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user