From 419187354fc2a6fcfa7ca0a964f84f83c145588c Mon Sep 17 00:00:00 2001 From: Vasyl Saienko Date: Tue, 17 Dec 2024 08:56:45 +0000 Subject: [PATCH] Add OVN VPNaaS support Allow to deploy VPNaaS with OVN. Related-Prod: PRODX-48551 Change-Id: I41a7400b435f21332f7e87e5280e4b3c46ef24f0 --- .../bin/_neutron-ovn-vpn-agent.sh.tpl | 45 ++ .../neutron/templates/configmap-bin.yaml | 2 + .../neutron/templates/configmap-etc.yaml | 1 + .../templates/daemonset-ovn-vpn-agent.yaml | 194 ++++++ charts/openstack/neutron/values.yaml | 61 +- rockoon/admission/validators/neutron.py | 8 + rockoon/templates/antelope/artifacts.yaml | 1 + rockoon/templates/caracal/artifacts.yaml | 1 + rockoon/templates/master/artifacts.yaml | 1 + rockoon/templates/queens/artifacts.yaml | 1 + rockoon/templates/rocky/artifacts.yaml | 1 + rockoon/templates/services/networking.yaml | 26 +- rockoon/templates/stein/artifacts.yaml | 1 + rockoon/templates/train/artifacts.yaml | 1 + rockoon/templates/ussuri/artifacts.yaml | 1 + rockoon/templates/victoria/artifacts.yaml | 1 + rockoon/templates/wallaby/artifacts.yaml | 1 + rockoon/templates/xena/artifacts.yaml | 1 + .../context_spec.yaml | 129 ++++ .../context_template_args.yaml | 459 ++++++++++++ .../caracal_ceph_local_ovn_non_dvr.yaml | 654 ++++++++++++++++++ 21 files changed, 1586 insertions(+), 4 deletions(-) create mode 100644 charts/openstack/neutron/templates/bin/_neutron-ovn-vpn-agent.sh.tpl create mode 100644 charts/openstack/neutron/templates/daemonset-ovn-vpn-agent.yaml create mode 100644 tests/fixtures/render_service_template/input/caracal_ceph_local_ovn_non_dvr/context_spec.yaml create mode 100644 tests/fixtures/render_service_template/input/caracal_ceph_local_ovn_non_dvr/context_template_args.yaml create mode 100644 tests/fixtures/render_service_template/output/networking/caracal_ceph_local_ovn_non_dvr.yaml diff --git a/charts/openstack/neutron/templates/bin/_neutron-ovn-vpn-agent.sh.tpl b/charts/openstack/neutron/templates/bin/_neutron-ovn-vpn-agent.sh.tpl new file mode 100644 index 0000000..75b47ab --- /dev/null +++ b/charts/openstack/neutron/templates/bin/_neutron-ovn-vpn-agent.sh.tpl @@ -0,0 +1,45 @@ +#!/bin/bash + +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -ex +{{ dict "envAll" . "objectType" "script_sh" "secretPrefix" "neutron" | include "helm-toolkit.snippets.kubernetes_ssl_objects" }} + +mkdir -p /tmp/pod-shared +rm -rf /tmp/generic_health_probe_cache +# NOTE(vsaienko): unless PRODX-24795 is fixed Pick IP on the start +ovn_db_host={{ tuple "ovn_db" "internal" . | include "helm-toolkit.endpoints.endpoint_host_lookup" }} +ovn_db_ip=$(dig ${ovn_db_host} +short) +ovn_db_proto={{ tuple "ovn_db" "internal" "sb" . | include "helm-toolkit.endpoints.keystone_endpoint_scheme_lookup" }} +ovn_db_nb_port={{ tuple "ovn_db" "internal" "nb" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }} +ovn_db_sb_port={{ tuple "ovn_db" "internal" "sb" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }} +if [[ -z $ovn_db_ip ]]; then + echo "Can't resolve ovn-db service IP" + exit 1 +fi +tee > /tmp/pod-shared/neutron-ovn.ini << EOF +[ovn] +#ovn_nb_connection=${ovn_db_proto}:${ovn_db_ip}:${ovn_db_nb_port} +ovn_sb_connection=${ovn_db_proto}:${ovn_db_ip}:${ovn_db_sb_port} +EOF + +exec neutron-ovn-vpn-agent \ + --config-file /etc/neutron/neutron.conf \ + --config-file /etc/neutron/plugins/ml2/ml2_conf.ini \ + --config-file /tmp/pod-shared/neutron-ovn.ini \ +{{- if and ( empty .Values.conf.neutron.DEFAULT.host ) ( .Values.pod.use_fqdn.neutron_agent ) }} + --config-file /tmp/pod-shared/neutron-agent.ini \ +{{- end }} + --config-file /etc/neutron/plugins/ml2/ovn_vpn_agent.ini diff --git a/charts/openstack/neutron/templates/configmap-bin.yaml b/charts/openstack/neutron/templates/configmap-bin.yaml index 49ce744..0a72dea 100644 --- a/charts/openstack/neutron/templates/configmap-bin.yaml +++ b/charts/openstack/neutron/templates/configmap-bin.yaml @@ -96,6 +96,8 @@ data: {{ tuple "bin/_neutron-sriov-agent.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} neutron-sriov-agent-init.sh: | {{ tuple "bin/_neutron-sriov-agent-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + neutron-ovn-vpn-agent.sh: | +{{ tuple "bin/_neutron-ovn-vpn-agent.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} neutron-l2gw-agent.sh: | {{ tuple "bin/_neutron-l2gw-agent.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} neutron-bagpipe-bgp.sh: | diff --git a/charts/openstack/neutron/templates/configmap-etc.yaml b/charts/openstack/neutron/templates/configmap-etc.yaml index bcd90a8..e438e64 100644 --- a/charts/openstack/neutron/templates/configmap-etc.yaml +++ b/charts/openstack/neutron/templates/configmap-etc.yaml @@ -315,6 +315,7 @@ data: openvswitch_agent.ini: {{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.plugins.openvswitch_agent | b64enc }} portprober_agent.ini: {{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.plugins.portprober_agent | b64enc }} sriov_agent.ini: {{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.plugins.sriov_agent | b64enc }} + ovn_vpn_agent.ini: {{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.plugins.ovn_vpn_agent | b64enc }} l2gw_agent.ini: {{ default "\"\"" (include "helm-toolkit.utils.to_oslo_conf" .Values.conf.l2gateway_agent | b64enc) }} bagpipe_bgp.conf: {{ default "\"\"" (include "helm-toolkit.utils.to_oslo_conf" .Values.conf.bagpipe_bgp | b64enc) }} dr_agent.ini: {{ default "\"\"" (include "helm-toolkit.utils.to_oslo_conf" .Values.conf.dr_agent | b64enc) }} diff --git a/charts/openstack/neutron/templates/daemonset-ovn-vpn-agent.yaml b/charts/openstack/neutron/templates/daemonset-ovn-vpn-agent.yaml new file mode 100644 index 0000000..3df671c --- /dev/null +++ b/charts/openstack/neutron/templates/daemonset-ovn-vpn-agent.yaml @@ -0,0 +1,194 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- define "ovnVPNAgentProbeTemplate" }} +{{- $probeType := index . 0 }} +{{- $envAll := index . 1 }} +exec: + command: + - python + - /tmp/health-probe.py + - --config-file + - /etc/neutron/neutron.conf + - --config-file + - /etc/neutron/plugins/ml2/ovn_vpn_agent.ini + - --rabbitmq-queue-name + - q-agent-notifier-tunnel-update + - --process-name + - neutron-ovn-vpn-agent + - --probe-type + - {{ $probeType }} + - --rabbitmq-rpc-timeout + - {{ $envAll.Values.pod.probes.rpc_timeout | quote}} +{{- if $envAll.Values.pod.use_fqdn.neutron_agent }} + - --use-fqdn +{{- end }} +{{- end }} + +{{- define "neutron.ovn_vpn_agent.daemonset" }} +{{- $daemonset := index . 0 }} +{{- $configMapName := index . 1 }} +{{- $serviceAccountName := index . 2 }} +{{- $envAll := index . 3 }} +{{- with $envAll }} + +{{- $mounts_ovn_vpn_agent := .Values.pod.mounts.ovn_vpn_agent.ovn_vpn_agent }} +{{- $mounts_ovn_vpn_agent_init := .Values.pod.mounts.ovn_vpn_agent.init_container }} + +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: neutron-ovn-vpn-agent + annotations: + {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} + labels: +{{ tuple $envAll "neutron" "neutron-ovn-vpn-agent" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} +spec: + selector: + matchLabels: +{{ tuple $envAll "neutron" "ovn-vpn-agent" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }} +{{ tuple $envAll "ovn_vpn_agent" | include "helm-toolkit.snippets.kubernetes_upgrades_daemonset" | indent 2 }} + template: + metadata: + labels: +{{ tuple $envAll "neutron" "ovn-vpn-agent" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + annotations: +{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }} + configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }} + configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }} + endpoints-hash: {{ .Values.endpoints | include "helm-toolkit.utils.get_hash" }} +{{ dict "envAll" $envAll "podName" "neutron-ovn-vpn-agent-default" "containerNames" (list "init" "neutron-ovn-vpn-agent") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }} + spec: +{{ dict "envAll" $envAll "application" "ovn_vpn_agent" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }} + serviceAccountName: {{ $serviceAccountName }} + nodeSelector: + {{ .Values.labels.ovn_vpn.node_selector_key }}: {{ .Values.labels.ovn_vpn.node_selector_value }} + dnsPolicy: ClusterFirstWithHostNet + hostNetwork: true + initContainers: +{{ tuple $envAll "pod_dependency" $mounts_ovn_vpn_agent_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: + - name: ovn-vpn-agent +{{ tuple $envAll "neutron_ovn_vpn_agent" | include "helm-toolkit.snippets.image" | indent 10 }} +{{ tuple $envAll $envAll.Values.pod.resources.agent.ovn_vpn | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} +{{ dict "envAll" $envAll "application" "ovn_vpn_agent" "container" "ovn_vpn_agent" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }} +{{ dict "envAll" $envAll "component" "ovn_vpn_agent" "container" "ovn_vpn_agent" "type" "readiness" "probeTemplate" ((tuple "readiness" $envAll | include "ovnVPNAgentProbeTemplate") | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }} +{{ dict "envAll" $envAll "component" "ovn_vpn_agent" "container" "ovn_vpn_agent" "type" "liveness" "probeTemplate" ((tuple "liveness" $envAll | include "ovnVPNAgentProbeTemplate") | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }} + command: + - /tmp/neutron-ovn-vpn-agent.sh + volumeMounts: +{{ dict "envAll" $envAll "objectType" "mountpoint" "secretPrefix" "neutron" | include "helm-toolkit.snippets.kubernetes_ssl_objects" | indent 12 }} + - name: pod-tmp + mountPath: /tmp + - name: pod-var-neutron + mountPath: {{ .Values.conf.neutron.DEFAULT.state_path }} + - name: neutron-bin + mountPath: /tmp/neutron-ovn-vpn-agent.sh + subPath: neutron-ovn-vpn-agent.sh + readOnly: true + - name: neutron-bin + mountPath: /tmp/health-probe.py + subPath: health-probe.py + readOnly: true + - name: pod-shared + mountPath: /tmp/pod-shared + - name: neutron-etc + mountPath: /etc/neutron/neutron.conf + subPath: neutron.conf + readOnly: true + {{- if .Values.conf.neutron.DEFAULT.log_config_append }} + - name: neutron-etc + mountPath: {{ .Values.conf.neutron.DEFAULT.log_config_append }} + subPath: {{ base .Values.conf.neutron.DEFAULT.log_config_append }} + readOnly: true + {{- end }} + - name: neutron-etc + mountPath: /etc/neutron/plugins/ml2/ml2_conf.ini + subPath: ml2_conf.ini + readOnly: true + - name: neutron-etc + mountPath: /etc/neutron/plugins/ml2/ovn_vpn_agent.ini + subPath: ovn_vpn_agent.ini + readOnly: true + - name: neutron-etc + # NOTE (Portdirect): We mount here to override Kollas + # custom sudoers file when using Kolla images, this + # location will also work fine for other images. + mountPath: /etc/sudoers.d/kolla_neutron_sudoers + subPath: neutron_sudoers + readOnly: true + - name: neutron-etc + mountPath: /etc/neutron/rootwrap.conf + subPath: rootwrap.conf + readOnly: true + {{- range $key, $value := $envAll.Values.conf.rootwrap_filters }} + {{- if ( has "ovn_vpn_agent" $value.pods ) }} + {{- $filePrefix := replace "_" "-" $key }} + {{- $rootwrapFile := printf "/etc/neutron/rootwrap.d/%s.filters" $filePrefix }} + - name: neutron-etc + mountPath: {{ $rootwrapFile }} + subPath: {{ base $rootwrapFile }} + readOnly: true + {{- end }} + {{- end }} + {{- if .Values.network.share_namespaces }} + - name: run + mountPath: /run + mountPropagation: Bidirectional + {{- end }} +{{ if $mounts_ovn_vpn_agent.volumeMounts }}{{ toYaml $mounts_ovn_vpn_agent.volumeMounts | indent 12 }}{{ end }} + volumes: +{{ dict "envAll" $envAll "objectType" "volume" "secretPrefix" "neutron" | include "helm-toolkit.snippets.kubernetes_ssl_objects" | indent 8 }} + - name: pod-tmp + emptyDir: {} + - name: pod-var-neutron + emptyDir: {} + - name: pod-shared + emptyDir: {} + - name: neutron-bin + configMap: + name: neutron-bin + defaultMode: 504 + - name: neutron-etc + secret: + secretName: {{ $configMapName }} + defaultMode: 416 + {{- if .Values.network.share_namespaces }} + - name: run + hostPath: + path: /run/ + {{- end }} +{{ if $mounts_ovn_vpn_agent.volumes }}{{ toYaml $mounts_ovn_vpn_agent.volumes | indent 8 }}{{ end }} +{{- end }} +{{- end }} + +{{- if .Values.manifests.daemonset_ovn_vpn_agent }} +{{- $envAll := . }} +{{- $daemonset := "ovn-vpn-agent" }} +{{- $configMapName := "neutron-etc" }} +{{- $serviceAccountName := "neutron-ovn-vpn-agent" }} +{{- $dependencyOpts := dict "envAll" $envAll "dependencyMixinParam" $envAll.Values.network.backend "dependencyKey" "ovn_vpn_agent" -}} +{{- $_ := include "helm-toolkit.utils.dependency_resolver" $dependencyOpts | toString | fromYaml }} +{{ tuple $envAll "pod_dependency" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +{{- $daemonset_yaml := list $daemonset $configMapName $serviceAccountName . | include "neutron.ovn_vpn_agent.daemonset" | toString | fromYaml }} +{{- $configmap_yaml := "neutron.configmap.etc" }} + +{{/* Preffer using .Values.overrides rather than .Values.conf.overrides */}} +{{- if index (index .Values "overrides" |default dict ) "ovn-vpn-agent" }} +{{- list $daemonset "neutron.ovn_vpn_agent.daemonset" $serviceAccountName $configmap_yaml $configMapName "neutron.configmap.bin" "neutron-bin" . | include "helm-toolkit.utils.daemonset_overrides_root" }} +{{- else }} +{{- list $daemonset $daemonset_yaml $configmap_yaml $configMapName . | include "helm-toolkit.utils.daemonset_overrides" }} +{{- end }} +{{- end }} diff --git a/charts/openstack/neutron/values.yaml b/charts/openstack/neutron/values.yaml index 6909e88..25c15c2 100644 --- a/charts/openstack/neutron/values.yaml +++ b/charts/openstack/neutron/values.yaml @@ -41,6 +41,7 @@ images: neutron_linuxbridge_agent: docker.io/openstackhelm/neutron:stein-ubuntu_bionic neutron_sriov_agent: docker.io/openstackhelm/neutron:stein-18.04-sriov neutron_sriov_agent_init: docker.io/openstackhelm/neutron:stein-18.04-sriov + neutron_ovn_vpn_agent: docker.io/openstackhelm/neutron:stein-ubuntu_bionic neutron_bagpipe_bgp: docker.io/openstackhelm/neutron:stein-ubuntu_bionic neutron_dr: docker.io/openstackhelm/neutron:stein-ubuntu_bionic neutron_ironic_agent: docker.io/openstackhelm/neutron:stein-ubuntu_bionic @@ -113,6 +114,9 @@ labels: sriov: node_selector_key: sriov node_selector_value: enabled + ovn_vpn: + node_selector_key: openstack-gateway + node_selector_value: enabled bagpipe_bgp: node_selector_key: openstack-compute-node node_selector_value: enabled @@ -193,6 +197,7 @@ dependencies: sriovnicswitch: {} ovn: {} l2population: {} + ovn_vpn: {} openvswitch: dhcp: pod: @@ -519,6 +524,20 @@ pod: initialDelaySeconds: 30 periodSeconds: 190 timeoutSeconds: 185 + ovn_vpn_agent: + ovn_vpn_agent: + readiness: + enabled: true + params: + initialDelaySeconds: 30 + periodSeconds: 190 + timeoutSeconds: 185 + liveness: + enabled: true + params: + initialDelaySeconds: 30 + periodSeconds: 190 + timeoutSeconds: 185 bagpipe_bgp: bagpipe_bgp: readiness: @@ -797,6 +816,14 @@ pod: neutron_sriov_agent: readOnlyRootFilesystem: true privileged: true + ovn_vpn_agent: + pod: + fsGroup: 42424 + runAsUser: 42424 + container: + ovn_vpn_agent: + readOnlyRootFilesystem: true + privileged: true neutron_ironic_agent: pod: fsGroup: 42424 @@ -966,6 +993,11 @@ pod: neutron_sriov_agent: volumeMounts: volumes: + ovn_vpn_agent: + init_container: null + ovn_vpn_agent: + volumeMounts: + volumes: neutron_l2gw_agent: init_container: null neutron_l2gw_agent: @@ -1065,6 +1097,10 @@ pod: enabled: true min_ready_seconds: 0 max_unavailable: 1 + ovn_vpn_agent: + enabled: true + min_ready_seconds: 0 + max_unavailable: 1 netns_cleanup_cron: enabled: true min_ready_seconds: 0 @@ -1128,6 +1164,13 @@ pod: limits: memory: "1024Mi" cpu: "2000m" + ovn_vpn: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" l2gw: requests: memory: "128Mi" @@ -1656,6 +1699,7 @@ conf: - ovs_agent - portprober_agent - sriov_agent + - ovn_vpn_agent content: | # neutron-rootwrap command filters for nodes on which neutron is # expected to control network @@ -1683,6 +1727,7 @@ conf: - metadata_agent - ovs_agent - sriov_agent + - ovn_vpn_agent content: | # neutron-rootwrap command filters for nodes on which neutron is # expected to control network @@ -1708,6 +1753,7 @@ conf: - metadata_agent - ovs_agent - sriov_agent + - ovn_vpn_agent content: | # neutron-rootwrap command filters for nodes on which neutron is # expected to control network @@ -1729,6 +1775,7 @@ conf: - metadata_agent - ovs_agent - sriov_agent + - ovn_pvn_agent content: | # neutron-rootwrap command filters for nodes on which neutron is # expected to control network @@ -1890,6 +1937,7 @@ conf: - metadata_agent - ovs_agent - sriov_agent + - ovn_vpn_agent content: | # neutron-rootwrap command filters for nodes on which neutron is # expected to control network @@ -1910,6 +1958,7 @@ conf: - metadata_agent - ovs_agent - sriov_agent + - ovn_vpn_agent content: | # neutron-rootwrap command filters for nodes on which neutron is # expected to control network @@ -1983,6 +2032,7 @@ conf: - metadata_agent - ovs_agent - sriov_agent + - ovn_vpn_agent content: | # neutron-rootwrap command filters for nodes on which neutron is # expected to control network @@ -2020,6 +2070,7 @@ conf: - metadata_agent - ovs_agent - sriov_agent + - ovn_vpn_agent - netns_cleanup_cron - portprober_agent content: | @@ -2344,6 +2395,13 @@ conf: sriov_nic: # NOTE: do not use null here, use an empty string exclude_devices: "" + ovn_vpn_agent: + ovs: + ovsdb_connection: tcp:127.0.0.1:6640 + vpnagent: + vpn_device_driver: neutron_vpnaas.services.vpn.device_drivers.ovn_ipsec.OvnStrongSwanDriver + DEFAULT: + interface_driver: openvswitch dhcp_agent: DEFAULT: # (NOTE)portdirect: if unset this is populated dyanmicly from the value in @@ -2860,7 +2918,8 @@ manifests: daemonset_metadata_agent: true daemonset_ovs_agent: true daemonset_portprober_agent: false - daemonset_sriov_agent: true + daemonset_sriov_agent: false + daemonset_ovn_vpn_agent: false daemonset_l2gw_agent: false daemonset_bagpipe_bgp: false daemonset_dragent: false diff --git a/rockoon/admission/validators/neutron.py b/rockoon/admission/validators/neutron.py index a979f71..fd87f64 100644 --- a/rockoon/admission/validators/neutron.py +++ b/rockoon/admission/validators/neutron.py @@ -105,6 +105,14 @@ def validate(self, review_request): raise exception.OsDplValidationFailed( "IPSEC and OVN are not supported." ) + if vpnaas["enabled"]: + if ( + constants.OpenStackVersion[openstack_version].value + < constants.OpenStackVersion["caracal"] + ): + raise exception.OsDplValidationFailed( + "VPNaaS with OVN is supported from Caracal release." + ) if vpnaas["enabled"]: if ( constants.OpenStackVersion[openstack_version].value diff --git a/rockoon/templates/antelope/artifacts.yaml b/rockoon/templates/antelope/artifacts.yaml index 504aa17..6a57353 100644 --- a/rockoon/templates/antelope/artifacts.yaml +++ b/rockoon/templates/antelope/artifacts.yaml @@ -127,6 +127,7 @@ neutron_bagpipe_bgp: '{{ images_base_url }}/openstack/neutron:antelope-jammy-202 neutron_l2gw: '{{ images_base_url }}/openstack/neutron:antelope-jammy-20241209060026' neutron_sriov_agent: '{{ images_base_url }}/openstack/neutron:antelope-jammy-20241209060026' neutron_sriov_agent_init: '{{ images_base_url }}/openstack/neutron:antelope-jammy-20241209060026' +neutron_ovn_vpn_agent: '{{ images_base_url }}/openstack/neutron:antelope-jammy-20241209060026' ingress_module_init: '{{ images_base_url }}/openstack/neutron:antelope-jammy-20241209060026' ingress_routed_vip: '{{ images_base_url }}/openstack/neutron:antelope-jammy-20241209060026' octavia_health_manager_init: '{{ images_base_url }}/openstack/octavia:antelope-jammy-20241209060026' diff --git a/rockoon/templates/caracal/artifacts.yaml b/rockoon/templates/caracal/artifacts.yaml index a427c07..fd6a13d 100644 --- a/rockoon/templates/caracal/artifacts.yaml +++ b/rockoon/templates/caracal/artifacts.yaml @@ -127,6 +127,7 @@ neutron_bagpipe_bgp: '{{ images_base_url }}/openstack/neutron:caracal-jammy-2024 neutron_l2gw: '{{ images_base_url }}/openstack/neutron:caracal-jammy-20241209060026' neutron_sriov_agent: '{{ images_base_url }}/openstack/neutron:caracal-jammy-20241209060026' neutron_sriov_agent_init: '{{ images_base_url }}/openstack/neutron:caracal-jammy-20241209060026' +neutron_ovn_vpn_agent: '{{ images_base_url }}/openstack/neutron:caracal-jammy-20241209060026' ingress_module_init: '{{ images_base_url }}/openstack/neutron:caracal-jammy-20241209060026' ingress_routed_vip: '{{ images_base_url }}/openstack/neutron:caracal-jammy-20241209060026' octavia_health_manager_init: '{{ images_base_url }}/openstack/octavia:caracal-jammy-20241209060026' diff --git a/rockoon/templates/master/artifacts.yaml b/rockoon/templates/master/artifacts.yaml index d68ec16..51e180b 100644 --- a/rockoon/templates/master/artifacts.yaml +++ b/rockoon/templates/master/artifacts.yaml @@ -121,6 +121,7 @@ neutron_bagpipe_bgp: '{{ images_base_url }}/openstack/neutron:master-bionic-2021 neutron_l2gw: '{{ images_base_url }}/openstack/neutron:master-bionic-20210524060023' neutron_sriov_agent: '{{ images_base_url }}/openstack/neutron:master-bionic-20210524060023' neutron_sriov_agent_init: '{{ images_base_url }}/openstack/neutron:master-bionic-20210524060023' +neutron_ovn_vpn_agent: '{{ images_base_url }}/openstack/neutron:master-bionic-20210524060023' ingress_module_init: '{{ images_base_url }}/openstack/neutron:master-bionic-20210524060023' ingress_routed_vip: '{{ images_base_url }}/openstack/neutron:master-bionic-20210524060023' nova_spiceproxy: '{{ images_base_url }}/openstack/nova:master-bionic-20210524060023' diff --git a/rockoon/templates/queens/artifacts.yaml b/rockoon/templates/queens/artifacts.yaml index f1d55e7..c9990a0 100644 --- a/rockoon/templates/queens/artifacts.yaml +++ b/rockoon/templates/queens/artifacts.yaml @@ -126,6 +126,7 @@ neutron_bagpipe_bgp: '{{ images_base_url }}/openstack/neutron:queens-bionic-2023 neutron_l2gw: '{{ images_base_url }}/openstack/neutron:queens-bionic-20230227093206' neutron_sriov_agent: '{{ images_base_url }}/openstack/neutron:queens-bionic-20230227093206' neutron_sriov_agent_init: '{{ images_base_url }}/openstack/neutron:queens-bionic-20230227093206' +neutron_ovn_vpn_agent: '{{ images_base_url }}/openstack/neutron:queens-bionic-20230227093206' ingress_module_init: '{{ images_base_url }}/openstack/neutron:queens-bionic-20230227093206' ingress_routed_vip: '{{ images_base_url }}/openstack/neutron:queens-bionic-20230227093206' nova_spiceproxy: '{{ images_base_url }}/openstack/nova:queens-bionic-20230227093206' diff --git a/rockoon/templates/rocky/artifacts.yaml b/rockoon/templates/rocky/artifacts.yaml index 8cb6a72..94a903b 100644 --- a/rockoon/templates/rocky/artifacts.yaml +++ b/rockoon/templates/rocky/artifacts.yaml @@ -121,6 +121,7 @@ neutron_bagpipe_bgp: '{{ images_base_url }}/openstack/neutron:rocky-bionic-20230 neutron_l2gw: '{{ images_base_url }}/openstack/neutron:rocky-bionic-20230227093206' neutron_sriov_agent: '{{ images_base_url }}/openstack/neutron:rocky-bionic-20230227093206' neutron_sriov_agent_init: '{{ images_base_url }}/openstack/neutron:rocky-bionic-20230227093206' +neutron_ovn_vpn_agent: '{{ images_base_url }}/openstack/neutron:rocky-bionic-20230227093206' ingress_module_init: '{{ images_base_url }}/openstack/neutron:rocky-bionic-20230227093206' ingress_routed_vip: '{{ images_base_url }}/openstack/neutron:rocky-bionic-20230227093206' nova_spiceproxy: '{{ images_base_url }}/openstack/nova:rocky-bionic-20230227093206' diff --git a/rockoon/templates/services/networking.yaml b/rockoon/templates/services/networking.yaml index 0af63c0..cd06e70 100644 --- a/rockoon/templates/services/networking.yaml +++ b/rockoon/templates/services/networking.yaml @@ -39,10 +39,17 @@ {%- do service_plugins.append('bgpvpn') if bgpvpn.enabled %} {%- do service_providers.append("BGPVPN:BaGPipe:networking_bgpvpn.neutron.services.service_drivers.bagpipe.bagpipe_v2.BaGPipeBGPVPNDriver:default") if bgpvpn.enabled %} -{%- do service_plugins.append('vpnaas') if vpnaas.enabled %} -{%- do service_providers.append("VPN:strongswan:neutron_vpnaas.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default") if vpnaas.enabled %} +{%- if vpnaas.enabled %} + {%- if ovn_enabled %} + {%- do service_providers.append("VPN:strongswan:neutron_vpnaas.services.vpn.service_drivers.ovn_ipsec.IPsecOvnVPNDriver:default") %} + {%- do service_plugins.append("ovn-vpnaas") %} + {%- else %} + {%- do service_providers.append("VPN:strongswan:neutron_vpnaas.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default") %} + {%- do service_plugins.append("vpnaas") %} + {%- do l3_agent_extensions.append("vpnaas") %} + {%- endif %} +{%- endif %} {%- do service_plugins.append('bgp') if dynamic_routing.enabled %} -{%- do l3_agent_extensions.append("vpnaas") if vpnaas.enabled %} {%- do service_plugins.append('portprober') if portprober_enabled %} {%- do service_plugins.append('trunk') if trunk.enabled %} {%- do notification_topics.append('stacklight_notifications') if stacklight_enabled %} @@ -478,6 +485,7 @@ spec: "neutron_server", "neutron_rpc_server", "neutron_portprober_agent", + "neutron_ovn_vpn_agent", "purge_test", "test",] %} {%- if image in images %} @@ -763,6 +771,9 @@ spec: {%- if portprober_enabled %} daemonset_portprober_agent: true {%- endif %} + {%- if vpnaas.enabled and ovn_enabled %} + daemonset_ovn_vpn_agent: true + {%- endif %} network: server: ingress: @@ -1005,6 +1016,15 @@ spec: linuxbridge_agent: linux_bridge: bridge_mappings: {{ ','.join(bridge_mappings) }} + {%- if vpnaas.enabled and ovn_enabled %} + ovn_vpn_agent: + ovs: + ovsdb_connection: tcp:127.0.0.1:6640 + vpnagent: + vpn_device_driver: neutron_vpnaas.services.vpn.device_drivers.ovn_ipsec.OvnStrongSwanDriver + DEFAULT: + interface_driver: openvswitch + {%- endif %} auto_bridge_add: {%- for network in spec.features.neutron.external_networks %} {{ network.bridge }}: {{ network.interface }} diff --git a/rockoon/templates/stein/artifacts.yaml b/rockoon/templates/stein/artifacts.yaml index a5ce517..83b29ba 100644 --- a/rockoon/templates/stein/artifacts.yaml +++ b/rockoon/templates/stein/artifacts.yaml @@ -128,6 +128,7 @@ neutron_bagpipe_bgp: '{{ images_base_url }}/openstack/neutron:stein-bionic-20230 neutron_l2gw: '{{ images_base_url }}/openstack/neutron:stein-bionic-20230227093206' neutron_sriov_agent: '{{ images_base_url }}/openstack/neutron:stein-bionic-20230227093206' neutron_sriov_agent_init: '{{ images_base_url }}/openstack/neutron:stein-bionic-20230227093206' +neutron_ovn_vpn_agent: '{{ images_base_url }}/openstack/neutron:stein-bionic-20230227093206' ingress_module_init: '{{ images_base_url }}/openstack/neutron:stein-bionic-20230227093206' ingress_routed_vip: '{{ images_base_url }}/openstack/neutron:stein-bionic-20230227093206' octavia_health_manager_init: '{{ images_base_url }}/openstack/octavia:stein-bionic-20230227093206' diff --git a/rockoon/templates/train/artifacts.yaml b/rockoon/templates/train/artifacts.yaml index 646cfc8..9a6459d 100644 --- a/rockoon/templates/train/artifacts.yaml +++ b/rockoon/templates/train/artifacts.yaml @@ -126,6 +126,7 @@ neutron_bagpipe_bgp: '{{ images_base_url }}/openstack/neutron:train-bionic-20230 neutron_l2gw: '{{ images_base_url }}/openstack/neutron:train-bionic-20230227093206' neutron_sriov_agent: '{{ images_base_url }}/openstack/neutron:train-bionic-20230227093206' neutron_sriov_agent_init: '{{ images_base_url }}/openstack/neutron:train-bionic-20230227093206' +neutron_ovn_vpn_agent: '{{ images_base_url }}/openstack/neutron:train-bionic-20230227093206' ingress_module_init: '{{ images_base_url }}/openstack/neutron:train-bionic-20230227093206' ingress_routed_vip: '{{ images_base_url }}/openstack/neutron:train-bionic-20230227093206' octavia_health_manager_init: '{{ images_base_url }}/openstack/octavia:train-bionic-20230227093206' diff --git a/rockoon/templates/ussuri/artifacts.yaml b/rockoon/templates/ussuri/artifacts.yaml index 70007bd..4a481e1 100644 --- a/rockoon/templates/ussuri/artifacts.yaml +++ b/rockoon/templates/ussuri/artifacts.yaml @@ -126,6 +126,7 @@ neutron_bagpipe_bgp: '{{ images_base_url }}/openstack/neutron:ussuri-bionic-2023 neutron_l2gw: '{{ images_base_url }}/openstack/neutron:ussuri-bionic-20230227093206' neutron_sriov_agent: '{{ images_base_url }}/openstack/neutron:ussuri-bionic-20230227093206' neutron_sriov_agent_init: '{{ images_base_url }}/openstack/neutron:ussuri-bionic-20230227093206' +neutron_ovn_vpn_agent: '{{ images_base_url }}/openstack/neutron:ussuri-bionic-20230227093206' ingress_module_init: '{{ images_base_url }}/openstack/neutron:ussuri-bionic-20230227093206' ingress_routed_vip: '{{ images_base_url }}/openstack/neutron:ussuri-bionic-20230227093206' octavia_health_manager_init: '{{ images_base_url }}/openstack/octavia:ussuri-bionic-20230227093206' diff --git a/rockoon/templates/victoria/artifacts.yaml b/rockoon/templates/victoria/artifacts.yaml index 799b384..80b2751 100644 --- a/rockoon/templates/victoria/artifacts.yaml +++ b/rockoon/templates/victoria/artifacts.yaml @@ -127,6 +127,7 @@ neutron_bagpipe_bgp: '{{ images_base_url }}/openstack/neutron:victoria-focal-202 neutron_l2gw: '{{ images_base_url }}/openstack/neutron:victoria-focal-20240112082932' neutron_sriov_agent: '{{ images_base_url }}/openstack/neutron:victoria-focal-20240112082932' neutron_sriov_agent_init: '{{ images_base_url }}/openstack/neutron:victoria-focal-20240112082932' +neutron_ovn_vpn_agent: '{{ images_base_url }}/openstack/neutron:victoria-focal-20240112082932' ingress_module_init: '{{ images_base_url }}/openstack/neutron:victoria-focal-20240112082932' ingress_routed_vip: '{{ images_base_url }}/openstack/neutron:victoria-focal-20240112082932' octavia_health_manager_init: '{{ images_base_url }}/openstack/octavia:victoria-focal-20240112082932' diff --git a/rockoon/templates/wallaby/artifacts.yaml b/rockoon/templates/wallaby/artifacts.yaml index 5192227..8a41a1d 100644 --- a/rockoon/templates/wallaby/artifacts.yaml +++ b/rockoon/templates/wallaby/artifacts.yaml @@ -126,6 +126,7 @@ neutron_bagpipe_bgp: '{{ images_base_url }}/openstack/neutron:wallaby-focal-2024 neutron_l2gw: '{{ images_base_url }}/openstack/neutron:wallaby-focal-20240112082933' neutron_sriov_agent: '{{ images_base_url }}/openstack/neutron:wallaby-focal-20240112082933' neutron_sriov_agent_init: '{{ images_base_url }}/openstack/neutron:wallaby-focal-20240112082933' +neutron_ovn_vpn_agent: '{{ images_base_url }}/openstack/neutron:wallaby-focal-20240112082933' ingress_module_init: '{{ images_base_url }}/openstack/neutron:wallaby-focal-20240112082933' ingress_routed_vip: '{{ images_base_url }}/openstack/neutron:wallaby-focal-20240112082933' octavia_health_manager_init: '{{ images_base_url }}/openstack/octavia:wallaby-focal-20240112082933' diff --git a/rockoon/templates/xena/artifacts.yaml b/rockoon/templates/xena/artifacts.yaml index 3b7e7f2..4824e88 100644 --- a/rockoon/templates/xena/artifacts.yaml +++ b/rockoon/templates/xena/artifacts.yaml @@ -127,6 +127,7 @@ neutron_bagpipe_bgp: '{{ images_base_url }}/openstack/neutron:xena-focal-2024011 neutron_l2gw: '{{ images_base_url }}/openstack/neutron:xena-focal-20240112082932' neutron_sriov_agent: '{{ images_base_url }}/openstack/neutron:xena-focal-20240112082932' neutron_sriov_agent_init: '{{ images_base_url }}/openstack/neutron:xena-focal-20240112082932' +neutron_ovn_vpn_agent: '{{ images_base_url }}/openstack/neutron:xena-focal-20240112082932' ingress_module_init: '{{ images_base_url }}/openstack/neutron:xena-focal-20240112082932' ingress_routed_vip: '{{ images_base_url }}/openstack/neutron:xena-focal-20240112082932' octavia_health_manager_init: '{{ images_base_url }}/openstack/octavia:xena-focal-20240112082932' diff --git a/tests/fixtures/render_service_template/input/caracal_ceph_local_ovn_non_dvr/context_spec.yaml b/tests/fixtures/render_service_template/input/caracal_ceph_local_ovn_non_dvr/context_spec.yaml new file mode 100644 index 0000000..a27707a --- /dev/null +++ b/tests/fixtures/render_service_template/input/caracal_ceph_local_ovn_non_dvr/context_spec.yaml @@ -0,0 +1,129 @@ +openstack_version: caracal +features: + barbican: + backends: + vault: + approle_role_id: e5e97952-cf82-e7fd-da71-c568f18cea5e + approle_secret_id: e33841c6-f175-1ea1-87ba-2dd49df6f776 + enabled: true + use_ssl: false + vault_url: http://vault.openstack-vault.svc:8200 + database: + local_volumes: + enabled: true + messaging: + components_with_dedicated_messaging: + - networking + keystone: + domain_specific_configuration: + enabled: true + ks_domains: + domain.with.ldap: + enabled: true + config: + assignment: + driver: keystone.assignment.backends.sql.Assignment + identity: + driver: ldap + ldap: + chase_referrals: false + group_desc_attribute: description + group_id_attribute: cn + group_member_attribute: member + group_name_attribute: ou + group_objectclass: groupOfNames + page_size: 0 + password: ar4DtqGDBQ2xEGvw + query_scope: sub + suffix: dc=mydomain,dc=com + url: ldap://ldap01.mydomain.com,ldap://ldap02.mydomain.com + user: uid=openstack,ou=people,o=mydomain,dc=com + user_enabled_attribute: enabled + user_enabled_default: false + user_enabled_invert: true + user_enabled_mask: 0 + user_id_attribute: uid + user_mail_attribute: mail + user_name_attribute: uid + user_objectclass: inetOrgPerson + network_policies: + enabled: false + neutron: + backend: ml2/ovn + dns_servers: + - 10.172.1.100 + external_networks: + - bridge: br-ex + interface: veth-phy + mtu: null + network_types: + - flat + physnet: physnet1 + vlan_ranges: null + floating_network: + enabled: true + physnet: physnet1 + subnet: + gateway: 10.11.12.39 + pool_end: 10.11.12.200 + pool_start: 10.11.12.100 + range: 10.11.12.0/24 + tunnel_interface: ens3 + extensions: + vpnaas: + enabled: true + octavia: + lb_network: + name: lb-service-management + subnets: + - range: '192.168.0.0/24' + pool_start: '192.168.0.1' + pool_end: '192.168.0.254' + nova: + images: + backend: local + live_migration_interface: ens3 + services: + - block-storage + - compute + - dns + - identity + - dashboard + - image + - ingress + - database + - descheduler + - memcached + - networking + - orchestration + - messaging + - load-balancer + - placement + - coordination + - key-manager + - redis + - instance-ha + ssl: + public_endpoints: + api_cert: "TEST CRT" + api_key: "TEST KEY" + ca_cert: "TEST CA" + enabled: true + stacklight: + enabled: true + user: + password: stacklight + username: stacklight +artifacts: + binary_base_url: https://artifactory.mcp.mirantis.net/binary-dev-kaas-local + images_base_url: docker-dev-kaas-local.docker.mirantis.net +common: + charts: {} + infra: + repo: osh-infra + openstack: + repo: osh +persistent_volume_storage_class: mirablock-k8s-block-hdd +public_domain_name: it.just.works +internal_domain_name: cluster.local +local_volume_storage_class: lvp-fake-root diff --git a/tests/fixtures/render_service_template/input/caracal_ceph_local_ovn_non_dvr/context_template_args.yaml b/tests/fixtures/render_service_template/input/caracal_ceph_local_ovn_non_dvr/context_template_args.yaml new file mode 100644 index 0000000..1804022 --- /dev/null +++ b/tests/fixtures/render_service_template/input/caracal_ceph_local_ovn_non_dvr/context_template_args.yaml @@ -0,0 +1,459 @@ +block-storage: + ceph: + cinder: + keyring: 'AQDLZLJfNPtTOxAAQm248Q9AyoirvELaSyPz5w== + + ' + pools: + backup-hdd: + name: backup-hdd + role: backup + volumes-hdd: + name: volumes-hdd + role: volumes + secrets: cinder-rbd-keyring + username: cinder + mon_host: + - "10.10.10.1:6789" + - "10.10.10.2:6789" + - "10.10.10.3:6789" + credentials: &credentials_block-storage + - database: + user: + password: 8xckAGB149FBiBsPfawjSqRNNF7lvXmM + username: cinder1rKIan + memcached: 76HsSsABaJvTQU6I + messaging: + user: + password: KgjY6ghlVbGSKJL6DH2jQXH50EtBVsiC + username: cinder0Jhxmf + notifications: + user: + password: ptehSf4lZxF0TAs16INhV9XmuVXHbL6R + username: cinderU5dqXt + identity: + cinder: + password: 7SJvTD3HZ4gm3eU2UDGdjrcZC4wyj2zA + username: cinderJCh8Iz + test: + password: 55Y1R3QdGFvuntBCtD2iNZQcZiQUnsTJ + username: testtFQE + keystone_creds: {} +compute: + ceph: + nova: + keyring: 'AQDNZLJf8S+fORAA6hg50Jo+vBq07kxtBXB9PQ== + + ' + pools: + vms-hdd: + name: vms-hdd + role: vms + secrets: nova-rbd-keyring + username: nova + mon_host: + - "10.10.10.1:6789" + - "10.10.10.2:6789" + - "10.10.10.3:6789" + credentials: &credentials_compute + - database: + user: + password: sZ43nXhtf9PEV0UaNBk5VITz0FTwDAM8 + username: novaQvW6 + memcached: JinzIdQzLdIslgxu + messaging: + user: + password: tuzgvismPceyDLXGeq1cpQcDIQDwIyhr + username: nova27zb + notifications: + user: + password: 55HghKuwQUTPlVFt8UKM6JhIGQ8egSLP + username: novauvhH + identity: + nova: + password: BLFKrb8JhAMBb1v9BnRGDckMaYY7XUbq + username: novaZzHG + test: + password: YJh7cWqBdT8R5ylm3LD0aKw4V3DtlS8p + username: testb2yA + metadata_secret: mN0aLDTcg1AVqyLWNDjCd2Jz6DA61cZJ + keystone_creds: + neutron: + password: 9d4CIP5ismqTa7l5N5FdD8MAuFMXx9EV + username: neutronnmAhFsr + placement: + password: AEYVXR3LFUbLcePQlkxSFvbQ1WyWtaiY + username: placementR3AqaC4te + ssh_credentials: + private: COMPUTE TEST SSH PRIVATE KEY + public: COMPUTE TEST SSH PUBLIC KEY +coordination: + credentials: null + keystone_creds: {} +dashboard: + os_policy_services: ['cinder', 'nova', 'designate', 'keystone', 'glance', 'neutron', 'heat', 'octavia', 'barbican', 'placement', 'ironic', 'aodh', 'panko', 'gnocchi', 'masakari'] + rgw_internal_cacert: "RGW CRT" + credentials: &credentials_dashboard + - database: + user: + password: rBJDRdVaBH92I8zKHuBeKvtYSq8661ZE + username: horizonf2AZh0J + memcached: KsksRIzFV8aQzEcL + messaging: + user: + password: RcRa3Te0yKZEUlAemKhHEbe6fUNYqDgB + username: horizonqddV2Jv + notifications: + user: + password: yaZ2s3GLtcuT7rKHenxFUMCr3ZNumHvA + username: horizonJnVdJYu + identity: + horizon: + password: MNysGxHJy8xYI8LmZjS3QrJC6N10XsFZ + username: horizonhGcF8rA + test: + password: 5Q52SdTD0ern0aJ6AMcraLqh0rbUbGJr + username: test5JeB + secret_key: kQt7XsbPVNDABuHyngdJuppnzP5i82Mz + keystone_creds: {} +database: + galera_creds: + audit: + password: FLrW91FwKgBvunCRdbvLAHYGJ5zTC6tk + username: auditfHeBI + backup: + password: HxPZlfzlEkk4GKUNFyDs4JeNa8gtlPFn + username: backup0LlWwe + exporter: + password: 7STInCAmfXhY01JfYd293nhewuQxG10m + username: exportergr8suIPh + sst: + password: RbLblzhS7yNE8WQ4nY829uRQpvTegI87 + username: sstybw + openssl_kek: opensslkek +dns: + credentials: &credentials_dns + - database: + user: + password: UYBLfmPtWfLqWw3rgcR0Jf4NTqzWtTIG + username: designate9fbxYXW1E + memcached: zdLlg6VAsGH6E7tX + messaging: + user: + password: tBFq4j3X2PdA5Jh9x2kkR0Hgs7FZhdFE + username: designatePLbJrH4JP + notifications: + user: + password: nzsKJHIGHIwsildBgpfmZQDan7Cexzc1 + username: designateUMq5w6Q7G + identity: + designate: + password: KBecvsPZsWBFzDqYnevHWArm7tFycZKr + username: designateLeRjiDsyT + test: + password: YspSgibZuHb2lFBxM8kzDDtstsrEqbWM + username: testQuxr + powerdns: + api_key: '"YiXHHuH21qlTtdv7"' + database: + password: EMG3I4EUNat5buHSUW9kmzFIdiCMSZRZ + username: powerdns4TuEzVpk + keystone_creds: {} +identity: + rgw_internal_cacert: "RGW CRT" + credentials: &credentials_identity + - database: + user: + password: GW4MBjKLshsGdLI38kKUpR2gm3SQiHFp + username: keystonemzhwDmzj + memcached: x2CRuwvJytT5kAv7 + messaging: + user: + password: i1LUJuYCIEeUdpKbztpemVvIQhmJ56cn + username: keystoneeYwYK03G + notifications: + user: + password: TzLbvAXVJKzX4klDdVWEuYnWf35hVBTf + username: keystonefz7wkYYH + identity: + keystone: + password: CZTF3XgNSfbahGGcx0EnjzqTQspr9aPi + username: keystonesCHMyIkz + test: + password: lIaVpAA3RiymRzerAWbNYFj5XfSitjcL + username: testQALi + keystone_creds: {} + credentials_secret_name: keystone-credential-data + fernet_secret_name: keystone-fernet-data +image: + ceph: + glance: + keyring: 'AQDKZLJfoTtgAhAA7f9e8GriyIpFbj8Ez88l2A== + + ' + pools: + images-hdd: + name: images-hdd + role: images + secrets: glance-rbd-keyring + username: glance + mon_host: + - "10.10.10.1:6789" + - "10.10.10.2:6789" + - "10.10.10.3:6789" + credentials: &credentials_image + - database: + user: + password: vwAUndcvyeKBi455lrWGkB8NAUXEeWVn + username: glanceFEVFCm + memcached: yXjj5J8Ad1hHdCCh + messaging: + user: + password: a1tgZk2bR7f5WyweUt2a4PuFYEty6Igv + username: glanceFjTBUv + notifications: + user: + password: uYRL35JdXg39DumFdDG8xdJeqvL0cswM + username: glancejdih0V + identity: + glance: + password: tAXKyhKBuNVBHlbRPvC1C24f3U4wqbhm + username: glancefVB5ZF + test: + password: UBCA8WZMUg3PDSAD5ppiLNNZrNjWAEBI + username: test5RyH + keystone_creds: {} +ingress: + credentials: null + keystone_creds: {} +key-manager: + credentials: &credentials_key-manager + - database: + user: + password: R441HIJxfNF8iAfAfwxASnndFXqSBfVn + username: barbicanteW3kGBC + kek: SDJTR0lEQVFXeFhkMjdyS05WVGxnR3MxbHkxWlNIaWg= + memcached: 3vySYJq0rDZ32KGG + messaging: + user: + password: iHMN1WsAMxAi8G4d0r64iggSdedSRR1p + username: barbicanVuqCvFid + notifications: + user: + password: acH2p6deh90bDJWlRDzFE7wptqgQgVc7 + username: barbicanyfHtXhiq + identity: + barbican: + password: fUPlF2xntwICHH8KDYEjuc4Seb1TNQ8d + username: barbican8Xfl6MhP + test: + password: KI40mJVQ9fZP3MBZLpgrFSf2nqZIbbqg + username: testC7BY + keystone_creds: {} +load-balancer: + credentials: &credentials_load-balancer + - database: + user: + password: jBxCDfusABmmmeBcY7ZUb6pVtTX2ip9s + username: octaviaFEzC0Qa + memcached: cAZLeChP79lxHJ1Z + messaging: + user: + password: P4tAIFt2fRzEddPyPmfCmBcInbNdCI9S + username: octaviaGrHbrrp + notifications: + user: + password: xcKEJVAYZflpAmEWcyzTKpvNlJycCLvc + username: octaviadRDTSj1 + identity: + octavia: + password: VdeaqYEJb5UWW3TCxCMBNWIlzkcy94W7 + username: octaviafgirF49 + test: + password: Y6tYdn0ShRF69ZrXKeaa3sNYT8Y7AlP8 + username: testcnVC + redis_namespace: openstack-redis + redis_secret: cfLDYSsNbuCywa6VmBvZ8h2sJXuZnvqW + keystone_creds: {} + ssh_credentials: + private: "LOAD BALANCER TEST SSH PRIVATE KEY" + public: "LOAD BALANCER TEST SSH PUBLIC KEY" +memcached: + credentials: null + keystone_creds: {} +networking: + credentials: &credentials_networking + - database: + user: + password: knwFGHdZ6KCqcKqBidXXEqiEpZhBD7h4 + username: neutrondrGjrFm + memcached: 4zDhycwch09UPx4j + messaging: + user: + password: TRRhbnUMsepnqSzyJngJtgZD9gRu0Fwy + username: neutronx7uHpit + metadata_secret: mN0aLDTcg1AVqyLWNDjCd2Jz6DA61cZJ + notifications: + user: + password: hL3STFyPBLCdR2qUCdaGEUeRB5jRIFPf + username: neutrontvAcFA3 + identity: + neutron: + password: 9d4CIP5ismqTa7l5N5FdD8MAuFMXx9EV + username: neutronnmAhFsr + test: + password: q38BqVBqRH8mwfvI3uZeTmwe7JhKm3q1 + username: testLJtA + keystone_creds: + nova: + password: BLFKrb8JhAMBb1v9BnRGDckMaYY7XUbq + username: novaZzHG + designate: + password: KBecvsPZsWBFzDqYnevHWArm7tFycZKr + username: designateLeRjiDsyT +orchestration: + credentials: &credentials_orchestration + - database: + user: + password: nCaJwL99CRHY0gPNfEmihxtVAbrNGgCD + username: heatuQjt + memcached: 7JNLzlMydG5nxe80 + messaging: + user: + password: BY5CvE9aGG3jUkQghTCACvcDZbp6VcUI + username: heatekEb + notifications: + user: + password: GPQzkiL39fEDGEWn6DIZGBxkjXBuDpQe + username: heatKQF7 + identity: + heat_trustee: + password: Y2Lue7K2AP7MSqZBcFDlsaCbdBMaW612 + username: heat_trustee2Z9xQdWPIsCJ + heat_stack_user: + password: NcS3SPS193Kzn6thbf3z4NgaQhnQJvd0 + username: heat_stack_useraPNg9FUFALHAHdG + heat: + password: u21jJUD1Gfy1aJ0aLmP9vZCHwc6KP1Ct + username: heatJAfw + test: + password: nDsJytWemY6VcFv0jxqsg7QHBRgetQF7 + username: testyRGH + keystone_creds: {} +placement: + credentials: &credentials_placement + - database: + user: + password: FdmszFTEuCvADMYGShqdBqLzuczyZf4c + username: placementEqEMt8aUc + memcached: 0NZmrV1NcBFwzDmv + messaging: + user: + password: fHqGcwsr7qzdy0taDQliyRMzA7S6xgYg + username: placementwB77qXfl0 + notifications: + user: + password: UBrmnWdChvZA5gEFum07AM7Ba6nExCc2 + username: placement9lrJ9dNfe + identity: + placement: + password: AEYVXR3LFUbLcePQlkxSFvbQ1WyWtaiY + username: placementR3AqaC4te + test: + password: b1szm2wvF9n2tdCvDQQZEZM5GzpVtQkP + username: testXByW + keystone_creds: {} +redis: + redis_creds: + password: | + Y2ZMRFlTc05idUN5d2E2Vm1Cdlo4aDJzSlh1Wm52cVc= +instance-ha: + credentials: &credentials_instance-ha + - database: + user: + password: R441HIJxfNF8iAfAfwxASnndFXqSBfVn + username: masakariteW3kGBC + memcached: 3vySYJq0rDZ32KGG + messaging: + user: + password: iHMN1WsAMxAi8G4d0r64iggSdedSRR1p + username: masakariVuqCvFid + notifications: + user: + password: acH2p6deh90bDJWlRDzFE7wptqgQgVc7 + username: masakariyfHtXhiq + identity: + masakari: + password: fUPlF2xntwICHH8KDYEjuc4Seb1TNQ8d + username: masakari8Xfl6MhP + test: + password: KI40mJVQ9fZP3MBZLpgrFSf2nqZIbbqg + username: testC7BY + keystone_creds: {} +baremetal: + credentials: &credentials_baremetal + - database: + user: + password: knwFGHdZ6KCqcKqBidXXEqiEpZhBD7h4 + username: ironicdrGjrFm + memcached: 4zDhycwch09UPx4j + messaging: + user: + password: TRRhbnUMsepnqSzyJngJtgZD9gRu0Fwy + username: ironicx7uHpit + metadata_secret: mN0aLDTcg1AVqyLWNDjCd2Jz6DA61cZJ + notifications: + user: + password: hL3STFyPBLCdR2qUCdaGEUeRB5jRIFPf + username: ironictvAcFA3 + identity: + ironic: + password: 9d4CIP5ismqTa7l5N5FdD8MAuFMXx9EV + username: ironicAhFsr + test: + password: q38BqVBqRH8mwfvI3uZeTmwe7JhKm3q1 + username: testLJtA + keystone_creds: + nova: + password: BLFKrb8JhAMBb1v9BnRGDckMaYY7XUbq + username: novaZzHG + neutron: + password: KBecvsPZsWBFzDqYnevHWArm7tFycZKr + username: neutronLeRjiDsyT +messaging: + credentials: + block-storage: *credentials_block-storage + compute: *credentials_compute + dashboard: *credentials_dashboard + dns: *credentials_dns + identity: *credentials_identity + image: *credentials_image + key-manager: *credentials_key-manager + load-balancer: *credentials_load-balancer + networking: *credentials_networking + orchestration: *credentials_orchestration + placement: *credentials_placement + instance-ha: *credentials_instance-ha + barmetal: *credentials_baremetal + stacklight: + username: stacklight123456 + password: ptehSf4lZxF0TAs16INhV9XmuVXHbL6R + services: + block-storage: null + compute: null + coordination: null + dashboard: null + database: null + dns: null + identity: null + image: null + ingress: null + key-manager: null + load-balancer: null + memcached: null + messaging: null + networking: null + orchestration: null + placement: null + redis: null + instance-ha: null diff --git a/tests/fixtures/render_service_template/output/networking/caracal_ceph_local_ovn_non_dvr.yaml b/tests/fixtures/render_service_template/output/networking/caracal_ceph_local_ovn_non_dvr.yaml new file mode 100644 index 0000000..ab8490c --- /dev/null +++ b/tests/fixtures/render_service_template/output/networking/caracal_ceph_local_ovn_non_dvr.yaml @@ -0,0 +1,654 @@ +spec: + releases: + - chart: rabbitmq + name: openstack-neutron-rabbitmq + values: + conf: + enabled_plugins: + - rabbitmq_management + - rabbitmq_prometheus + aux_conf: + policies: + - definition: + message-ttl: 120000 + expires: 600000 + name: default-policy + pattern: ^(?!amq\.).* + vhost: neutron + - definition: + expires: 600000 + name: results_expire + pattern: ^results\. + priority: 1 + vhost: neutron + - definition: + expires: 600000 + name: tasks_expire + pattern: ^tasks\. + priority: 1 + vhost: neutron + prometheus_exporter: + rabbit_exporters: overview,exchange,node + users: + neutron_service: + auth: + neutron_1: + password: TRRhbnUMsepnqSzyJngJtgZD9gRu0Fwy + username: neutronx7uHpit + path: + - /neutron + endpoints: + cluster_domain_suffix: cluster.local + oslo_messaging: + auth: + admin: + password: 2tnAuP0j9MsgaVHErehZkC5HCK3ZxYLr + username: rabbitmq + guest: + password: 7TnAuP0dKMsgaVHErehZkC5HCK3ZxOi4 + username: guest + neutron: + password: TRRhbnUMsepnqSzyJngJtgZD9gRu0Fwy + username: neutronx7uHpit + user: + password: 2tnAuP0j9MsgaVHErehZkC5HCK3ZxYLr + username: rabbitmq + hosts: + default: rabbitmq-neutron + path: /neutron + statefulset: + name: openstack-neutron-rabbitmq-rabbitmq + replicas: 1 + prometheus_rabbitmq_exporter: + hosts: + default: rabbitmq-exporter-neutron + images: + tags: + dep_check: dep-check:latest + image_repo_sync: image-repo-sync:latest + prometheus_rabbitmq_exporter: prometheus-rabbitmq-exporter:latest + prometheus_rabbitmq_exporter_helm_tests: prometheus-rabbitmq-exporter-helm-tests:latest + rabbitmq: rabbitmq:latest + rabbitmq_init: rabbitmq-init:latest + rabbitmq_scripted_test: rabbitmq-scripted-test:latest + manifests: + job_users_create: true + network_policy: false + monitoring: + prometheus: + configmap_bin: true + deployment_exporter: true + service_exporter: true + monitoring: + prometheus: + enabled: true + pod: + replicas: + server: 1 + probes: + server: + rabbitmq: + readiness: + params: + periodSeconds: 60 + timeoutSeconds: 30 + liveness: + params: + periodSeconds: 60 + timeoutSeconds: 30 + volume: + enabled: false + - chart: openvswitch + name: openstack-openvswitch + values: + conf: + neutron: + DEFAULT: + support_sync_ovs_info: false + openvswitch_db_server: + ptcp_port: 6640 + external-ids: + ovn-bridge: 'br-int' + ovn-encap-type: 'geneve' + ovn-bridge-mappings: 'physnet1:br-ex' + ovn-monitor-all: true + ovn-remote-probe-interval: 60000 + ovn-openflow-probe-interval: 60 + volume: + ovn_db: + class_name: 'lvp-fake-root' + endpoints: + cluster_domain_suffix: cluster.local + images: + tags: + dep_check: dep-check:latest + image_repo_sync: image-repo-sync:latest + openvswitch_db_server: openvswitch-db-server:latest + openvswitch_vswitchd: openvswitch-vswitchd:latest + openvswitch_vswitchd_dpdk: openvswitch-vswitchd-dpdk:latest + openvswitch_ovn_db_nb: openvswitch-ovn-db-nb:latest + openvswitch_ovn_db_sb: openvswitch-ovn-db-sb:latest + openvswitch_ovn_northd: openvswitch-ovn-northd:latest + openvswitch_ovn_vswitchd: openvswitch-ovn-vswitchd:latest + openvswitch_ovn_db: openvswitch-ovn-db:latest + openvswitch_ovn_controller: openvswitch-ovn-controller:latest + manifests: + statefulset_ovn_db: true + statefulset_ovn_northd: true + service_discovery_ovn_db: true + service_master_ovn_db: true + daemonset_ovn_controller: true + daemonset_ovs_db: false + daemonset_ovs_vswitchd: false + network: + interface: + tunnel: ens3 + overrides: + openvswitch_ovn-controller: + overrides_default: false + labels: + rockoon-openstack-compute-node::controller: + values: + conf: + ovs_bridges: + br-ex: + nics: + - name: veth-phy + rockoon-openstack-gateway::controller: + values: + conf: + external-ids: + ovn-cms-options: 'enable-chassis-as-gw' + ovs_bridges: + br-ex: + nics: + - name: veth-phy + pod: + probes: + ovs_db: + ovs_db: + liveness: + enabled: true + params: + failureThreshold: 3 + initialDelaySeconds: 0 + periodSeconds: 30 + timeoutSeconds: 5 + readiness: + enabled: true + params: + failureThreshold: 3 + initialDelaySeconds: 0 + periodSeconds: 20 + timeoutSeconds: 5 + ovs_vswitch: + ovs_vswitch: + liveness: + enabled: true + params: + failureThreshold: 3 + initialDelaySeconds: 0 + periodSeconds: 30 + timeoutSeconds: 5 + readiness: + enabled: true + params: + failureThreshold: 3 + initialDelaySeconds: 0 + periodSeconds: 10 + timeoutSeconds: 5 + ovn: + northd: + liveness: + params: + initialDelaySeconds: 10 + readiness: + params: + initialDelaySeconds: 10 + nb: + liveness: + params: + initialDelaySeconds: 10 + readiness: + params: + initialDelaySeconds: 10 + sb: + liveness: + params: + initialDelaySeconds: 10 + readiness: + params: + initialDelaySeconds: 10 + vswitchd: + liveness: + params: + initialDelaySeconds: 10 + readiness: + params: + initialDelaySeconds: 10 + controller: + liveness: + params: + initialDelaySeconds: 10 + readiness: + params: + initialDelaySeconds: 10 + db: + liveness: + params: + initialDelaySeconds: 10 + readiness: + params: + initialDelaySeconds: 10 + - chart: neutron + name: openstack-neutron + values: + bootstrap: + enabled: true + floating_network: + enabled: true + default: true + external: true + name: public + network_type: flat + physnet: physnet1 + subnet: + name: public-subnet + gateway: 10.11.12.39 + pool_end: 10.11.12.200 + pool_start: 10.11.12.100 + range: 10.11.12.0/24 + dhcp: false + router: + name: r1 + conf: + netns_cleanup: + orphaned_ports: true + policy.d: + 01-controller-default.yaml: {'networking_rule1': 'networking_value1'} + 02-custom.yaml: {} + auto_bridge_add: + br-ex: veth-phy + l3_agent: + agent: + extensions: fip_qos,gateway_ip_qos + DEFAULT: + cleanup_on_shutdown: true + vpnagent: + vpn_device_driver: 'neutron_vpnaas.services.vpn.device_drivers.strongswan_ipsec.StrongSwanDriver' + logging: + logger_neutron: + level: INFO + logger_neutron_lib: + handlers: "" + level: INFO + qualname: neutron_lib + metadata_agent: + DEFAULT: + metadata_proxy_shared_secret: mN0aLDTcg1AVqyLWNDjCd2Jz6DA61cZJ + nova_metadata_port: 8775 + nova_metadata_protocol: http + ovs: + ovsdb_connection: 'tcp:127.0.0.1:6640' + neutron: + DEFAULT: + api_workers: 4 + support_sync_ovs_info: false + support_sync_ha_routers_info: false + router_processes_greentlet_max: 10 + dhcp_agent_notification: false + dhcp_agents_per_network: 2 + dns_domain: openstack.internal. + dnsmasq_dns_servers: 10.172.1.100 + external_dns_driver: designate + l3_ha: true + allow_automatic_l3agent_failover: false + l3_ha_network_type: geneve + max_l3_agents_per_router: 2 + service_plugins: ovn-router,metering,qos,ovn-vpnaas,trunk + cache: + backend: oslo_cache.memcache_pool + keystone_authtoken: + memcache_secret_key: 4zDhycwch09UPx4j + memcache_security_strategy: ENCRYPT + service_type: network + audit_middleware_notifications: + driver: noop + oslo_messaging_notifications: + topics: notifications,stacklight_notifications + oslo_policy: + enforce_new_defaults: false + enforce_scope: false + ovn: + enable_distributed_floating_ip: False + dns_servers: 10.172.1.100 + nova: + live_migration_events: True + ironic: + valid_interfaces: internal + service_providers: + service_provider: + type: 'multistring' + values: + - 'VPN:strongswan:neutron_vpnaas.services.vpn.service_drivers.ovn_ipsec.IPsecOvnVPNDriver:default' + paste: + app:neutronversions: + paste.app_factory: neutron.pecan_wsgi.app:versions_factory + plugins: + linuxbridge_agent: + linux_bridge: + bridge_mappings: physnet1:br-ex + ml2_conf: + ml2: + extension_drivers: + - port_security + - qos + - dns_domain_ports + tenant_network_types: geneve + mechanism_drivers: 'ovn' + type_drivers: 'local,flat,vlan,geneve,vxlan' + ml2_type_flat: + flat_networks: physnet1 + ml2_type_geneve: + max_header_size: 38 + vni_ranges: '1:65536' + ovn: + ovn_metadata_enabled: true + openvswitch_agent: + agent: + extensions: qos + tunnel_types: vxlan + vxlan_udp_port: 4790 + ovs: + bridge_mappings: physnet1:br-ex + securitygroup: + firewall_driver: openvswitch + ovn_vpn_agent: + DEFAULT: + interface_driver: openvswitch + ovs: + ovsdb_connection: tcp:127.0.0.1:6640 + vpnagent: + vpn_device_driver: neutron_vpnaas.services.vpn.device_drivers.ovn_ipsec.OvnStrongSwanDriver + dependencies: + static: + db_init: + jobs: + - openstack-mariadb-cluster-wait + endpoints: + cluster_domain_suffix: cluster.local + compute_metadata: + hosts: + default: nova-metadata + public: nova-metadata + scheme: + default: http + identity: + auth: + admin: + default_domain_id: default + password: ZUqTyP2XwsgEGKZ7qNhhecYyq9NLkGE6 + project_domain_name: default + project_name: admin + region_name: RegionOne + user_domain_name: default + username: admin + designate: + password: KBecvsPZsWBFzDqYnevHWArm7tFycZKr + username: designateLeRjiDsyT + region_name: 'RegionOne' + neutron: + password: 9d4CIP5ismqTa7l5N5FdD8MAuFMXx9EV + username: neutronnmAhFsr + region_name: 'RegionOne' + nova: + password: BLFKrb8JhAMBb1v9BnRGDckMaYY7XUbq + username: novaZzHG + region_name: 'RegionOne' + test: + password: q38BqVBqRH8mwfvI3uZeTmwe7JhKm3q1 + username: testLJtA + region_name: 'RegionOne' + network: + host_fqdn_override: + public: + host: neutron.it.just.works + tls: + ca: 'TEST CA + + ' + crt: 'TEST CRT + + ' + key: 'TEST KEY + + ' + hosts: + admin: + host: neutron-server + default: neutron + internal: neutron-server + public: + host: neutron + tls: + ca: 'TEST CA + + ' + crt: 'TEST CRT + + ' + key: 'TEST KEY + + ' + port: + api: + admin: 9696 + default: 80 + internal: 9696 + public: 443 + scheme: + default: http + public: https + oslo_cache: + statefulset: + name: openstack-memcached-memcached + replicas: 3 + oslo_db: + auth: + admin: + password: QACDSM6FBTH2LuXjTuRQ6DXhD8bSgPbn + username: root + neutron: + password: knwFGHdZ6KCqcKqBidXXEqiEpZhBD7h4 + username: neutrondrGjrFm + oslo_messaging: + auth: + admin: + password: 2tnAuP0j9MsgaVHErehZkC5HCK3ZxYLr + username: rabbitmq + guest: + password: 7TnAuP0dKMsgaVHErehZkC5HCK3ZxOi4 + username: guest + neutron: + password: TRRhbnUMsepnqSzyJngJtgZD9gRu0Fwy + username: neutronx7uHpit + user: + password: 2tnAuP0j9MsgaVHErehZkC5HCK3ZxYLr + username: rabbitmq + hosts: + default: rabbitmq-neutron + path: /neutron + statefulset: + name: openstack-neutron-rabbitmq-rabbitmq + replicas: 1 + oslo_messaging_notifications: + auth: + neutron: + password: hL3STFyPBLCdR2qUCdaGEUeRB5jRIFPf + username: neutrontvAcFA3 + host_fqdn_override: {} + hosts: + default: rabbitmq + path: /openstack + port: + amqp: + default: 5672 + http: + default: 15672 + scheme: rabbit + statefulset: + name: openstack-rabbitmq-rabbitmq + replicas: 1 + prometheus_rabbitmq_exporter: + hosts: + default: rabbitmq-exporter-neutron + images: + tags: + bootstrap: bootstrap:latest + db_drop: db-drop:latest + db_init: db-init:latest + dep_check: dep-check:latest + image_repo_sync: image-repo-sync:latest + ks_endpoints: ks-endpoints:latest + ks_service: ks-service:latest + ks_user: ks-user:latest + neutron_bagpipe_bgp: neutron-bagpipe-bgp:latest + neutron_db_sync: neutron-db-sync:latest + neutron_ovn_db_sync_migrate: neutron-ovn-db-sync-migrate:latest + neutron_dhcp: neutron-dhcp:latest + neutron_ironic_agent: neutron-ironic-agent:latest + neutron_l2gw: neutron-l2gw:latest + neutron_l3: neutron-l3:latest + neutron_linuxbridge_agent: neutron-linuxbridge-agent:latest + neutron_metadata: neutron-metadata:latest + neutron_openvswitch_agent: neutron-openvswitch-agent:latest + neutron_rpc_server: neutron-rpc-server:latest + neutron_server: neutron-server:latest + neutron_sriov_agent: neutron-sriov-agent:latest + neutron_sriov_agent_init: neutron-sriov-agent-init:latest + purge_test: purge-test:latest + rabbit_init: rabbit-init:latest + test: test:latest + jobs: + ks_endpoints: + restartPolicy: Never + ks_service: + restartPolicy: Never + ks_user: + restartPolicy: Never + manifests: + job_rabbit_init: false + network_policy: false + secret_ca_bundle: true + daemonset_dhcp_agent: false + daemonset_l3_agent: false + daemonset_lb_agent: false + daemonset_ovs_agent: false + daemonset_sriov_agent: false + daemonset_ovn_vpn_agent: true + pod_rally_test: false + daemonset_netns_cleanup_cron: false + network: + server: + ingress: + annotations: + nginx.ingress.kubernetes.io/proxy-read-timeout: "120" + core_plugin: ml2 + interface: + tunnel: ens3 + backend: + - ovn + overrides: + neutron_ovs-agent: + labels: null + labels: + sriov: + node_selector_key: openstack-compute-node + node_selector_value: enabled + netns_cleanup_cron: + node_selector_key: openvswitch + node_selector_value: enabled + agent: + metadata: + node_selector_key: openvswitch + node_selector_value: enabled + pod: + probes: + server: + server: + readiness: + enabled: true + params: + periodSeconds: 15 + timeoutSeconds: 15 + liveness: + enabled: true + params: + initialDelaySeconds: 60 + periodSeconds: 30 + timeoutSeconds: 30 + startup: + enabled: true + params: + periodSeconds: 30 + successThreshold: 1 + timeoutSeconds: 30 + dhcp_agent: + dhcp_agent: + liveness: + enabled: true + params: + initialDelaySeconds: 180 + periodSeconds: 90 + timeoutSeconds: 65 + l3_agent: + l3_agent: + liveness: + enabled: true + params: + initialDelaySeconds: 180 + periodSeconds: 90 + timeoutSeconds: 65 + readiness: + enabled: true + params: + failureThreshold: 240 + initialDelaySeconds: 60 + periodSeconds: 15 + metadata_agent: + metadata_agent: + liveness: + enabled: true + params: + initialDelaySeconds: 180 + periodSeconds: 90 + timeoutSeconds: 65 + readiness: + enabled: true + params: + initialDelaySeconds: 10 + periodSeconds: 50 + timeoutSeconds: 40 + ovs_agent: + ovs_agent: + liveness: + enabled: true + params: + initialDelaySeconds: 180 + periodSeconds: 90 + timeoutSeconds: 65 + readiness: + params: + initialDelaySeconds: 30 + periodSeconds: 30 + timeoutSeconds: 30 + rpc_retries: 2 + rpc_timeout: 30 + security_context: + neutron_metadata_agent: + container: + neutron_metadata_agent: + privileged: true + allowPrivilegeEscalation: true + use_fqdn: + neutron_agent: false