Implement automatic deploy of octavia
this patchset has implemented: - network (lb-mgmt-net) - security groups and rules (used by amphora and health manager) - amphora flavor (used by amphora) - nova keypair (used by amphora at the time of debugging) Add a octavia_amp_listen_port variable which used by amphora Add amp_image_owner_id in octavia.conf Implements: blueprint implement-automatic-deploy-of-octavia Co-Authored-By: zhangchun <zhangchun@yovole.com> Depends-On: https://review.opendev.org/652030 Change-Id: I67009d046925cfc02c1e0073c80085c1471975f6
This commit is contained in:
wu.chunyang
Radosław Piliszek
parent
5a65bd7bf6
commit
4a58f4238c
|
|
@ -1000,15 +1000,6 @@ enable_nova_horizon_policy_file: "{{ enable_nova }}"
|
|||
|
||||
horizon_internal_endpoint: "{{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ horizon_tls_port if kolla_enable_tls_internal | bool else horizon_port }}"
|
||||
|
||||
#################
|
||||
# Octavia options
|
||||
#################
|
||||
# Load balancer topology options are [ SINGLE, ACTIVE_STANDBY ]
|
||||
octavia_loadbalancer_topology: "SINGLE"
|
||||
octavia_amp_boot_network_list:
|
||||
octavia_amp_secgroup_list:
|
||||
octavia_amp_flavor_id:
|
||||
|
||||
#################
|
||||
# Qinling options
|
||||
#################
|
||||
|
|
|
|||
|
|
@ -154,3 +154,87 @@ octavia_git_repository: "{{ kolla_dev_repos_git }}/{{ project_name }}"
|
|||
octavia_dev_repos_pull: "{{ kolla_dev_repos_pull }}"
|
||||
octavia_dev_mode: "{{ kolla_dev_mode }}"
|
||||
octavia_source_version: "{{ kolla_source_version }}"
|
||||
|
||||
#####################
|
||||
# Integration Options
|
||||
#####################
|
||||
octavia_amp_ssh_key_name: "octavia_ssh_key"
|
||||
octavia_amp_listen_port: "9443"
|
||||
octavia_amp_image_tag: "amphora"
|
||||
|
||||
# Load balancer topology options are [ SINGLE, ACTIVE_STANDBY ]
|
||||
octavia_loadbalancer_topology: "SINGLE"
|
||||
|
||||
# Whether to run Kolla-Ansible's automatic configuration for Octavia.
|
||||
# NOTE: if you upgrade from Ussuri, you must set `octavia_auto_configure` to `no`
|
||||
# and keep your other Octavia config like before.
|
||||
octavia_auto_configure: yes
|
||||
|
||||
# OpenStack auth used when registering resources for Octavia.
|
||||
octavia_user_auth:
|
||||
auth_url: "{{ keystone_admin_url }}"
|
||||
username: "octavia"
|
||||
password: "{{ octavia_keystone_password }}"
|
||||
project_name: "{{ octavia_service_auth_project }}"
|
||||
domain_name: "{{ default_project_domain_name }}"
|
||||
|
||||
# Octavia amphora flavor.
|
||||
# See os_nova_flavor for details. Supported parameters:
|
||||
# - disk
|
||||
# - ephemeral (optional)
|
||||
# - extra_specs (optional)
|
||||
# - flavorid (optional)
|
||||
# - is_public (optional)
|
||||
# - name
|
||||
# - ram
|
||||
# - swap (optional)
|
||||
# - vcpus
|
||||
octavia_amp_flavor:
|
||||
name: "amphora"
|
||||
is_public: no
|
||||
vcpus: 1
|
||||
ram: 1024
|
||||
disk: 5
|
||||
|
||||
# Octavia security groups. lb-mgmt-sec-grp is for amphorae.
|
||||
octavia_amp_security_groups:
|
||||
mgmt-sec-grp:
|
||||
name: "lb-mgmt-sec-grp"
|
||||
rules:
|
||||
- protocol: icmp
|
||||
- protocol: tcp
|
||||
src_port: 22
|
||||
dst_port: 22
|
||||
- protocol: tcp
|
||||
src_port: "{{ octavia_amp_listen_port }}"
|
||||
dst_port: "{{ octavia_amp_listen_port }}"
|
||||
|
||||
# Octavia management network.
|
||||
# See os_network and os_subnet for details. Supported parameters:
|
||||
# - external (optional)
|
||||
# - mtu (optional)
|
||||
# - name
|
||||
# - provider_network_type (optional)
|
||||
# - provider_physical_network (optional)
|
||||
# - provider_segmentation_id (optional)
|
||||
# - shared (optional)
|
||||
# - subnet
|
||||
# The subnet parameter has the following supported parameters:
|
||||
# - allocation_pool_start (optional)
|
||||
# - allocation_pool_start (optional)
|
||||
# - cidr
|
||||
# - enable_dhcp (optional)
|
||||
# - gateway_ip (optional)
|
||||
# - name
|
||||
# - no_gateway_ip (optional)
|
||||
octavia_amp_network:
|
||||
name: lb-mgmt-net
|
||||
shared: false
|
||||
subnet:
|
||||
name: lb-mgmt-subnet
|
||||
cidr: "{{ octavia_amp_network_cidr }}"
|
||||
no_gateway_ip: yes
|
||||
enable_dhcp: yes
|
||||
|
||||
# Octavia management network subnet CIDR.
|
||||
octavia_amp_network_cidr: 10.0.0.0/24
|
||||
|
|
|
|||
|
|
@ -82,6 +82,16 @@
|
|||
notify:
|
||||
- "Restart {{ item.key }} container"
|
||||
|
||||
- name: Copying over Octavia SSH key
|
||||
copy:
|
||||
content: "{{ octavia_amp_ssh_key.private_key }}"
|
||||
dest: "{{ node_config_directory }}/octavia-worker/{{ octavia_amp_ssh_key_name }}"
|
||||
owner: "{{ config_owner_user }}"
|
||||
group: "{{ config_owner_group }}"
|
||||
mode: "0400"
|
||||
become: True
|
||||
when: inventory_hostname in groups[octavia_services['octavia-worker']['group']]
|
||||
|
||||
- name: Copying certificate files for octavia-worker
|
||||
vars:
|
||||
service: "{{ octavia_services['octavia-worker'] }}"
|
||||
|
|
|
|||
|
|
@ -1,6 +1,9 @@
|
|||
---
|
||||
- import_tasks: register.yml
|
||||
|
||||
- include_tasks: prepare.yml
|
||||
when: octavia_auto_configure | bool
|
||||
|
||||
- import_tasks: config.yml
|
||||
|
||||
- include_tasks: clone.yml
|
||||
|
|
|
|||
|
|
@ -0,0 +1,131 @@
|
|||
---
|
||||
- name: Create amphora flavor
|
||||
become: true
|
||||
kolla_toolbox:
|
||||
module_name: os_nova_flavor
|
||||
module_args:
|
||||
auth: "{{ octavia_user_auth }}"
|
||||
cacert: "{{ openstack_cacert }}"
|
||||
endpoint_type: "{{ openstack_interface }}"
|
||||
region_name: "{{ openstack_region_name }}"
|
||||
state: present
|
||||
is_public: "{{ octavia_amp_flavor.is_public | bool }}"
|
||||
name: "{{ octavia_amp_flavor.name }}"
|
||||
flavorid: "{{ octavia_amp_flavor.flavorid | default(omit, true) }}"
|
||||
vcpus: "{{ octavia_amp_flavor.vcpus }}"
|
||||
ram: "{{ octavia_amp_flavor.ram }}"
|
||||
disk: "{{ octavia_amp_flavor.disk }}"
|
||||
ephemeral: "{{ octavia_amp_flavor.ephemeral | default(omit, true) }}"
|
||||
swap: "{{ octavia_amp_flavor.swap | default(omit, true) }}"
|
||||
extra_specs: "{{ octavia_amp_flavor.extra_specs | default(omit, true) }}"
|
||||
run_once: True
|
||||
delegate_to: "{{ groups['octavia-api'][0] }}"
|
||||
register: amphora_flavor_info
|
||||
|
||||
- name: Create nova keypair for amphora
|
||||
become: True
|
||||
kolla_toolbox:
|
||||
module_name: os_keypair
|
||||
module_args:
|
||||
auth: "{{ octavia_user_auth }}"
|
||||
cacert: "{{ openstack_cacert }}"
|
||||
endpoint_type: "{{ openstack_interface }}"
|
||||
region_name: "{{ openstack_region_name }}"
|
||||
state: present
|
||||
name: "{{ octavia_amp_ssh_key_name }}"
|
||||
public_key: "{{ octavia_amp_ssh_key.public_key }}"
|
||||
run_once: True
|
||||
delegate_to: "{{ groups['octavia-api'][0] }}"
|
||||
|
||||
- name: Get {{ octavia_service_auth_project }} project id
|
||||
become: True
|
||||
kolla_toolbox:
|
||||
module_name: os_project_info
|
||||
module_args:
|
||||
auth: "{{ octavia_user_auth }}"
|
||||
cacert: "{{ openstack_cacert }}"
|
||||
endpoint_type: "{{ openstack_interface }}"
|
||||
region_name: "{{ openstack_region_name }}"
|
||||
name: "{{ octavia_service_auth_project }}"
|
||||
run_once: True
|
||||
delegate_to: "{{ groups['octavia-api'][0] }}"
|
||||
register: project_info
|
||||
|
||||
- name: Create security groups for octavia
|
||||
become: true
|
||||
kolla_toolbox:
|
||||
module_name: os_security_group
|
||||
module_args:
|
||||
auth: "{{ octavia_user_auth }}"
|
||||
cacert: "{{ openstack_cacert }}"
|
||||
endpoint_type: "{{ openstack_interface }}"
|
||||
region_name: "{{ openstack_region_name }}"
|
||||
state: present
|
||||
name: "{{ item.name }}"
|
||||
loop: "{{ octavia_amp_security_groups.values() | list }}"
|
||||
loop_control:
|
||||
label: "{{ item.name }}"
|
||||
run_once: True
|
||||
delegate_to: "{{ groups['octavia-api'][0] }}"
|
||||
register: sec_grp_info
|
||||
|
||||
- name: Add rules for security groups
|
||||
become: true
|
||||
kolla_toolbox:
|
||||
module_name: os_security_group_rule
|
||||
module_args:
|
||||
auth: "{{ octavia_user_auth }}"
|
||||
cacert: "{{ openstack_cacert }}"
|
||||
endpoint_type: "{{ openstack_interface }}"
|
||||
region_name: "{{ openstack_region_name }}"
|
||||
security_group: "{{ item.0.name }}"
|
||||
protocol: "{{ item.1.protocol }}"
|
||||
port_range_min: "{{ item.1.src_port | default(omit) }}"
|
||||
port_range_max: "{{ item.1.dst_port | default(omit) }}"
|
||||
with_subelements:
|
||||
- "{{ octavia_amp_security_groups }}"
|
||||
- rules
|
||||
run_once: True
|
||||
delegate_to: "{{ groups['octavia-api'][0] }}"
|
||||
|
||||
- name: Create loadbalancer management network
|
||||
become: true
|
||||
kolla_toolbox:
|
||||
module_name: os_network
|
||||
module_args:
|
||||
auth: "{{ octavia_user_auth }}"
|
||||
cacert: "{{ openstack_cacert }}"
|
||||
endpoint_type: "{{ openstack_interface }}"
|
||||
region_name: "{{ openstack_region_name }}"
|
||||
state: present
|
||||
name: "{{ octavia_amp_network['name'] }}"
|
||||
mtu: "{{ octavia_amp_network['mtu'] | default(omit, true) }}"
|
||||
provider_network_type: "{{ octavia_amp_network['provider_network_type'] | default(omit, true) }}"
|
||||
provider_physical_network: "{{ octavia_amp_network['provider_physical_network'] | default(omit, true) }}"
|
||||
provider_segmentation_id: "{{ octavia_amp_network['provider_segmentation_id'] | default(omit, true) }}"
|
||||
external: "{{ octavia_amp_network['external'] | default(omit) }}"
|
||||
shared: "{{ octavia_amp_network['shared'] | default(omit) }}"
|
||||
register: network_info
|
||||
run_once: True
|
||||
delegate_to: "{{ groups['octavia-api'][0] }}"
|
||||
|
||||
- name: Create loadbalancer management subnet
|
||||
become: true
|
||||
kolla_toolbox:
|
||||
module_name: os_subnet
|
||||
module_args:
|
||||
auth: "{{ octavia_user_auth }}"
|
||||
cacert: "{{ openstack_cacert }}"
|
||||
endpoint_type: "{{ openstack_interface }}"
|
||||
region_name: "{{ openstack_region_name }}"
|
||||
state: present
|
||||
network_name: "{{ octavia_amp_network['name'] }}"
|
||||
name: "{{ octavia_amp_network['subnet']['name'] }}"
|
||||
cidr: "{{ octavia_amp_network['subnet']['cidr'] }}"
|
||||
allocation_pool_start: "{{ octavia_amp_network['subnet']['allocation_pool_start'] | default(omit, true) }}"
|
||||
allocation_pool_end: "{{ octavia_amp_network['subnet']['allocation_pool_end'] | default(omit, true) }}"
|
||||
enable_dhcp: "{{ octavia_amp_network['subnet']['enable_dhcp'] | default(omit) }}"
|
||||
no_gateway_ip: "{{ octavia_amp_network['subnet']['no_gateway_ip'] | default(omit) }}"
|
||||
gateway_ip: "{{ octavia_amp_network['gateway_ip'] | default(omit, true) }}"
|
||||
run_once: True
|
||||
delegate_to: "{{ groups['octavia-api'][0] }}"
|
||||
|
|
@ -22,6 +22,7 @@ ca_certificates_file = {{ openstack_cacert }}
|
|||
[haproxy_amphora]
|
||||
server_ca = /etc/octavia/certs/server_ca.cert.pem
|
||||
client_cert = /etc/octavia/certs/client.cert-and-key.pem
|
||||
bind_port = {{ octavia_amp_listen_port }}
|
||||
|
||||
[database]
|
||||
connection = mysql+pymysql://{{ octavia_database_user }}:{{ octavia_database_password }}@{{ octavia_database_address }}/{{ octavia_database_name }}
|
||||
|
|
@ -68,11 +69,29 @@ stats_update_threads = {{ openstack_service_workers }}
|
|||
health_update_threads = {{ openstack_service_workers }}
|
||||
|
||||
[controller_worker]
|
||||
amp_ssh_key_name = {{ octavia_amp_ssh_key_name }}
|
||||
amp_image_tag = {{ octavia_amp_image_tag }}
|
||||
|
||||
{% if not octavia_auto_configure | bool %}
|
||||
{% if octavia_amp_image_owner_id is defined %}
|
||||
amp_image_owner_id = {{ octavia_amp_image_owner_id }}
|
||||
{% endif %}
|
||||
{% if octavia_amp_boot_network_list is defined %}
|
||||
amp_boot_network_list = {{ octavia_amp_boot_network_list }}
|
||||
amp_image_tag = amphora
|
||||
{% endif %}
|
||||
{% if octavia_amp_secgroup_list is defined %}
|
||||
amp_secgroup_list = {{ octavia_amp_secgroup_list }}
|
||||
{% endif %}
|
||||
{% if octavia_amp_flavor_id is defined %}
|
||||
amp_flavor_id = {{ octavia_amp_flavor_id }}
|
||||
amp_ssh_key_name = octavia_ssh_key
|
||||
{% endif %}
|
||||
{% else %}
|
||||
amp_image_owner_id = {{ project_info.openstack_projects.0.id }}
|
||||
amp_boot_network_list = {{ network_info.id }}
|
||||
amp_secgroup_list = {{ (sec_grp_info.results | selectattr('secgroup.name', 'equalto', octavia_amp_security_groups['mgmt-sec-grp'].name) | list).0.secgroup.id }}
|
||||
amp_flavor_id = {{ amphora_flavor_info.flavor.id }}
|
||||
{% endif %}
|
||||
|
||||
client_ca = /etc/octavia/certs/client_ca.cert.pem
|
||||
network_driver = allowed_address_pairs_driver
|
||||
compute_driver = compute_nova_driver
|
||||
|
|
|
|||
|
|
@ -666,3 +666,83 @@
|
|||
# Configure telegraf to use the docker daemon itself as an input for
|
||||
# telemetry data.
|
||||
#telegraf_enable_docker_input: "no"
|
||||
|
||||
##########################################
|
||||
# Octavia - openstack loadbalancer Options
|
||||
##########################################
|
||||
# Whether to run Kolla-Ansible's automatic configuration for Octavia.
|
||||
# NOTE: if you upgrade from Ussuri, you must set `octavia_auto_configure` to `no`
|
||||
# and keep your other Octavia config like before.
|
||||
#octavia_auto_configure: yes
|
||||
|
||||
# Octavia amphora flavor.
|
||||
# See os_nova_flavor for details. Supported parameters:
|
||||
# - flavorid (optional)
|
||||
# - is_public (optional)
|
||||
# - name
|
||||
# - vcpus
|
||||
# - ram
|
||||
# - disk
|
||||
# - ephemeral (optional)
|
||||
# - swap (optional)
|
||||
# - extra_specs (optional)
|
||||
#octavia_amp_flavor:
|
||||
# name: "amphora"
|
||||
# is_public: no
|
||||
# vcpus: 1
|
||||
# ram: 1024
|
||||
# disk: 5
|
||||
|
||||
# Octavia security groups. lb-mgmt-sec-grp is for amphorae.
|
||||
#octavia_amp_security_groups:
|
||||
# mgmt-sec-grp:
|
||||
# name: "lb-mgmt-sec-grp"
|
||||
# rules:
|
||||
# - protocol: icmp
|
||||
# - protocol: tcp
|
||||
# src_port: 22
|
||||
# dst_port: 22
|
||||
# - protocol: tcp
|
||||
# src_port: "{{ octavia_amp_listen_port }}"
|
||||
# dst_port: "{{ octavia_amp_listen_port }}"
|
||||
|
||||
# Octavia management network.
|
||||
# See os_network and os_subnet for details. Supported parameters:
|
||||
# - external (optional)
|
||||
# - mtu (optional)
|
||||
# - name
|
||||
# - provider_network_type (optional)
|
||||
# - provider_physical_network (optional)
|
||||
# - provider_segmentation_id (optional)
|
||||
# - shared (optional)
|
||||
# - subnet
|
||||
# The subnet parameter has the following supported parameters:
|
||||
# - allocation_pool_start (optional)
|
||||
# - allocation_pool_start (optional)
|
||||
# - cidr
|
||||
# - enable_dhcp (optional)
|
||||
# - gateway_ip (optional)
|
||||
# - name
|
||||
# - no_gateway_ip (optional)
|
||||
#octavia_amp_network:
|
||||
# name: lb-mgmt-net
|
||||
# shared: false
|
||||
# subnet:
|
||||
# name: lb-mgmt-subnet
|
||||
# cidr: "{{ octavia_amp_network_cidr }}"
|
||||
# no_gateway_ip: yes
|
||||
# enable_dhcp: yes
|
||||
|
||||
# Octavia management network subnet CIDR.
|
||||
#octavia_amp_network_cidr: 10.0.0.0/24
|
||||
|
||||
#octavia_amp_image_tag: "amphora"
|
||||
|
||||
# Load balancer topology options are [ SINGLE, ACTIVE_STANDBY ]
|
||||
#octavia_loadbalancer_topology: "SINGLE"
|
||||
|
||||
# The following variables are ignored as along as `octavia_auto_configure` is set to `yes`.
|
||||
#octavia_amp_image_owner_id:
|
||||
#octavia_amp_boot_network_list:
|
||||
#octavia_amp_secgroup_list:
|
||||
#octavia_amp_flavor_id:
|
||||
|
|
|
|||
|
|
@ -209,6 +209,10 @@ bifrost_ssh_key:
|
|||
private_key:
|
||||
public_key:
|
||||
|
||||
octavia_amp_ssh_key:
|
||||
private_key:
|
||||
public_key:
|
||||
|
||||
####################
|
||||
# Gnocchi options
|
||||
####################
|
||||
|
|
|
|||
|
|
@ -117,7 +117,7 @@ def main():
|
|||
|
||||
# SSH key pair
|
||||
ssh_keys = ['kolla_ssh_key', 'nova_ssh_key',
|
||||
'keystone_ssh_key', 'bifrost_ssh_key']
|
||||
'keystone_ssh_key', 'bifrost_ssh_key', 'octavia_amp_ssh_key']
|
||||
|
||||
# If these keys are None, leave them as None
|
||||
blank_keys = ['docker_registry_password']
|
||||
|
|
|
|||
Loading…
Reference in New Issue