Puppet Class: openstack::neutron::l3_agent

Defined in:
modules/openstack/manifests/neutron/l3_agent.pp

Overview

Parameters:

  • version (Any)
  • report_interval (Any)
  • wan_nic (String[1])
  • virt_nic (String[1])
  • interface_driver (Enum['linuxbridge', 'openvswitch'])
  • enabled (Any) (defaults to: true) 


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
 
# File 'modules/openstack/manifests/neutron/l3_agent.pp', line 1

class openstack::neutron::l3_agent(
    $version,
    $report_interval,
    String[1] $wan_nic,
    String[1] $virt_nic,
    Enum['linuxbridge', 'openvswitch'] $interface_driver,
    $enabled=true,
) {

    class { "openstack::neutron::l3_agent::${version}":
        report_interval  => $report_interval,
        interface_driver => $interface_driver,
    }

    service {'neutron-l3-agent':
        ensure  => $enabled,
        require => Package['neutron-l3-agent'],
    }

    # ensure the module is loaded at boot, otherwise sysctl parameters might be ignored
    kmod::module { 'nf_conntrack':
        ensure => present,
    }

    # if the NIC has the legacy naming 'eth0.xxxx' then we need to replace the dot with a slash
    $nic_virt = regsubst($virt_nic, '[.]', '/')
    $nic_wan  = regsubst($wan_nic, '[.]', '/')

    sysctl::parameters { 'openstack':
        values   => {
            # Turn off IP filter, only on dataplane
            "net.ipv4.conf.${nic_virt}.rp_filter"  => 0,
            "net.ipv4.conf.${nic_wan}.rp_filter"   => 0,
            # Enable IP forwarding, only on dataplane subinterfaces
            "net.ipv4.conf.${nic_virt}.forwarding" => 1,
            "net.ipv4.conf.${nic_wan}.forwarding"  => 1,
            "net.ipv6.conf.${nic_virt}.forwarding" => 1,
            "net.ipv6.conf.${nic_wan}.forwarding"  => 1,
            # Disable RA, only on dataplane
            "net.ipv6.conf.${nic_virt}.accept_ra"  => 0,
            "net.ipv6.conf.${nic_wan}.accept_ra"   => 0,

            # Tune arp cache table
            'net.ipv4.neigh.default.gc_thresh1'    => 1024,
            'net.ipv4.neigh.default.gc_thresh2'    => 2048,
            'net.ipv4.neigh.default.gc_thresh3'    => 4096,

            # Increase connection tracking size
            # and bucket since all of CloudVPS VM instances ingress/egress
            # are flowing through cloudnet servers
            # default buckets is 65536. Let's use x8; 65536 * 8 = 524288
            # default max is buckets x4; 524288 * 4 = 2097152
            'net.netfilter.nf_conntrack_buckets'   => 524288,
            'net.netfilter.nf_conntrack_max'       => 2097152,
        },
        priority => 50,
    }

    class { '::openstack::monitor::neutron::l3_agent_conntrack': }

    # our custom daemon to plug in additional config to neutron l3 agent
    $daemon = 'wmcs-netns-events'
    file { "/usr/local/sbin/${daemon}" :
        ensure => present,
        owner  => root,
        group  => root,
        mode   => '0755',
        source => "puppet:///modules/openstack/neutron/${daemon}.py",
        notify => Systemd::Service[$daemon],
    }
    $daemon_config = 'wmcs-netns-events-config.yaml'
    file { "/etc/${daemon_config}":
        ensure => present,
        owner  => root,
        group  => root,
        mode   => '0644',
        source => "puppet:///modules/openstack/neutron/${daemon_config}",
        notify => Systemd::Service[$daemon],
    }
    systemd::service { $daemon:
        restart  => true,
        content  => systemd_template($daemon),
        override => false,
    }
}