Octavia will create the network + upload image upon request itself

This is needed to simplify an intgrated AIO deploy Change-Id: I7b8a2314a23281a4369d431aba280e0c0dc66f22
2017-07-11 14:40:47 -04:00 · 2017-07-11 14:40:47 -04:00 · 8cfa0e02ca
parent ae211317b8
commit 8cfa0e02ca
8 changed files with 129 additions and 46 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -37,6 +37,10 @@ octavia_fatal_deprecations: False

 octavia_clients_endpoint: internalURL

+# Workaround for https://bugs.launchpad.net/octavia/+bug/1704468
+# API haproxy needs "/" to return 200 for healthcheck
+octavia_auth_strategy: noauth
+
 ## DB
 octavia_galera_user: octavia
 octavia_galera_database: octavia
@ -143,6 +147,7 @@ octavia_requires_pip_packages:
  - shade
  - virtualenv
  - virtualenv-tools
+  - python-openstackclient

 # Common pip packages
 octavia_pip_packages:
@ -212,6 +217,14 @@ octavia_loadbalancer_topology: SINGLE
 octavia_glance_image_tag: octavia-amphora-image
 # add here the id of the image owner to avoid faked images being used
 octavia_amp_image_owner_id:
+# add here the glance image id if tagging is not used (not recommended for prod)
+octavia_amp_image_id:
+# add here the file name of the image if it should be uplaoded automatically
+# Note: This does not support image tags so don't use for prod
+octavia_amp_image_file_name:
+# enable uploading image to glance automatically
+# Note: This does not support image tags so don't use for prod
+octavia_amp_image_upload_enabled: False
 # Name of the Octavia security group
 octavia_security_group_name: octavia_sec_grp
 # Restrict access to only authorized hosts
@ -279,6 +292,14 @@ octavia_user_haproxy_templates: {}
 octavia_neutron_management_network_name: lbaas-mgmt
 # Name of the provider net in the system
 octavia_provider_network_name: lbaas
+# Network type
+octavia_provider_network_type: flat
+# Network CIDR
+octavia_management_net_subnet_cidr: 172.29.232.0/22
+# Do we require the Neutron DHCP server
+octavia_management_net_dhcp: "True"
+# Should Octavia set up the network and subnet?
+octavia_service_net_setup: True
 # This sets it to the container managment network based on how you setup
 # the provider net
 octavia_container_network_name: "{{ octavia_provider_network_name }}_address"
--- a/doc/source/configure-octavia.rst
+++ b/doc/source/configure-octavia.rst
@ -57,24 +57,14 @@ name. Furthermore, the system tries to infer certain values based on the
 inventory which might not always work and hence might need to be explicitly
 declared. Review the file ``defaults\main.yml`` for more information.

-The following is an example how to set up a provider network in neutron:
-
-
-.. code-block:: bash
-
-    neutron net-create lbaas-mgmt --shared \
-                                    --provider:network_type flat \
-                                    --provider:physical_network lbaas
-
-    neutron subnet-create mgmt-net 172.19.0.0/22 --name lbaas-subnet
-                          --ip-version=4 \
-                          --allocation-pool start=172.19.1.100,end=172.19.1.200 \
-                          --enable-dhcp \
-                          --dns-nameservers list=true 8.8.4.4 8.8.8.8
+Octavia can create the required neutron networks itself. Please review the
+corresponding settings - especially ``octavia_service_net_subnet_cidr``
+needs to be adjusted. Alternatively, they can be created elsewhere and
+consumed by Octavia.

 Special attention needs to be applied to the ``--allocation-pool`` to not have
-ips which overlap with ips assigned to hosts or containers (see the ``used_ips``
-variable in ``openstack_user_config.yml``)
+ips which overlap with ips assigned to hosts or containers (see the
+``used_ips`` variable in ``openstack_user_config.yml``)

 .. note::
    The system will deploy an iptables firewall if ``octavia_ip_tables_fw`` is set
--- a/releasenotes/notes/add_image_upload_and_network_preparation-a414d45b624652a3.yaml
+++ b/releasenotes/notes/add_image_upload_and_network_preparation-a414d45b624652a3.yaml
@ -0,0 +1,11 @@
+---
+features:
+  - Adds a way for the system to automatically create the Octavia management
+    network if octavia_service_net_setup is enabled (DEFAULT). Additional
+    parameters can control the setup.
+  - Adds support for glance-image-id and automatic uploading of the image
+    if octavia_amp_image_upload_enabled is True (Default is False). This is
+    mostly tp work around the limitations of Ansible's OpenStack support
+    and should not be used in prodcution settings. Instead refer to the
+    documentation to upload images yourself.
+
--- a/tasks/octavia_mgmt_network.yml
+++ b/tasks/octavia_mgmt_network.yml
@ -13,6 +13,45 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+- name: Create mgmt network
+  os_network:
+    auth:
+      auth_url: "{{ keystone_service_adminurl }}"
+      username: "{{ octavia_service_user_name }}"
+      password: "{{ octavia_service_password }}"
+      project_name: "{{ octavia_service_project_name }}"
+      user_domain_name: "{{ octavia_service_user_domain_id }}"
+      project_domain_name: "{{ octavia_service_project_domain_id }}"
+    endpoint_type: "{{ octavia_ansible_endpoint_type }}"
+    region_name: "{{ octavia_service_region }}"
+    validate_certs: "{{ keystone_service_adminuri_insecure }}"
+    auth_type: "{{ octavia_keystone_auth_plugin }}"
+    state: present
+    name: "{{ octavia_neutron_management_network_name }}"
+    provider_network_type: "{{ octavia_provider_network_type }}"
+    provider_physical_network: "{{ octavia_provider_network_name }}"
+  when: octavia_service_net_setup
+
+- name: Ensure mgmt subnet exists
+  os_subnet:
+    auth:
+      auth_url: "{{ keystone_service_adminurl }}"
+      username: "{{ octavia_service_user_name }}"
+      password: "{{ octavia_service_password }}"
+      project_name: "{{ octavia_service_project_name }}"
+      user_domain_name: "{{ octavia_service_user_domain_id }}"
+      project_domain_name: "{{ octavia_service_project_domain_id }}"
+    endpoint_type: "{{ octavia_ansible_endpoint_type }}"
+    region_name: "{{ octavia_service_region }}"
+    validate_certs: "{{ keystone_service_adminuri_insecure }}"
+    auth_type: "{{ octavia_keystone_auth_plugin }}"
+    state: present
+    network_name: "{{ octavia_neutron_management_network_name }}"
+    name: "{{ octavia_neutron_management_network_name }}-subnet"
+    cidr: "{{ octavia_management_net_subnet_cidr }}"
+    enable_dhcp: "{{ octavia_management_net_dhcp }}"
+  when: octavia_service_net_setup
+
 - name: Get neutron network
  os_networks_facts:
    auth:
--- a/tasks/octavia_post_install.yml
+++ b/tasks/octavia_post_install.yml
@ -56,6 +56,54 @@
    - src: "{{ octavia_ca_private_key }}"
      dest: "/etc/octavia/certs/ca_key.pem"

+- name: Copy image
+  copy:
+    src: "{{ octavia_amp_image_file_name}}"
+    dest: "{{ octavia_amp_image_file_name}}"
+  when: octavia_amp_image_upload_enabled
+
+- name: Upload image to glance
+  os_image:
+    auth:
+      auth_url: "{{ keystone_service_adminurl }}"
+      username: "{{ octavia_service_user_name }}"
+      password: "{{ octavia_service_password }}"
+      project_name: "{{ octavia_service_project_name }}"
+      user_domain_name: "{{ octavia_service_user_domain_id }}"
+      project_domain_name: "{{ octavia_service_project_domain_id }}"
+    endpoint_type: "{{ octavia_ansible_endpoint_type }}"
+    region_name: "{{ octavia_service_region }}"
+    validate_certs: "{{ keystone_service_adminuri_insecure }}"
+    auth_type: "{{ octavia_keystone_auth_plugin }}"
+    name: amphora-x64-haproxy
+    container_format: bare
+    disk_format: qcow2
+    state: present
+    filename: "{{ octavia_amp_image_file_name}}"
+    is_public:
+  when: octavia_amp_image_upload_enabled
+
+- name: Get image uuid
+  os_image_facts:
+    auth:
+      auth_url: "{{ keystone_service_adminurl }}"
+      username: "{{ octavia_service_user_name }}"
+      password: "{{ octavia_service_password }}"
+      project_name: "{{ octavia_service_project_name }}"
+      user_domain_name: "{{ octavia_service_user_domain_id }}"
+      project_domain_name: "{{ octavia_service_project_domain_id }}"
+    endpoint_type: "{{ octavia_ansible_endpoint_type }}"
+    region_name: "{{ octavia_service_region }}"
+    validate_certs: "{{ keystone_service_adminuri_insecure }}"
+    auth_type: "{{ octavia_keystone_auth_plugin }}"
+    image: amphora-x64-haproxy
+  when: octavia_amp_image_upload_enabled
+
+- name: Set image UUID fact
+  set_fact:
+     octavia_amp_image_id: "{{ openstack_image.id }}"
+  when: octavia_amp_image_upload_enabled
+
 - name: Copy user provided HAProxy templates
  copy:
    src: "{{ item.src }}"
--- a/templates/octavia.conf.j2
+++ b/templates/octavia.conf.j2
@ -24,6 +24,8 @@ bind_port = {{ octavia_service_port }}

 transport_url = rabbit://{% for host in octavia_rabbitmq_servers.split(',') %}{{ octavia_rabbitmq_userid }}:{{ octavia_rabbitmq_password }}@{{ host }}:{{ octavia_rabbitmq_port }}{% if not loop.last %},{% else %}/{{ octavia_rabbitmq_vhost }}{% endif %}{% endfor %}

+# for pre Pike
+auth_strategy = {{ octavia_auth_strategy }}
 # pre Ocata
 [oslo_messaging_rabbit]
 ssl = {{ octavia_rabbitmq_use_ssl }}
@ -156,7 +158,7 @@ server_ca = /etc/octavia/certs/server_ca.pem
 # amp_active_wait_sec = 10
 # Glance parameters to extract image ID to use for amphora. Only one of
 # parameters is needed. Using tags is the recommended way to refer to images.
-# amp_image_id =
+amp_image_id = {{ octavia_amp_image_id }}
 amp_image_tag = {{ octavia_glance_image_tag }}
 # Optional owner ID used to restrict glance images to one owner ID.
 # This is a recommended security setting.
--- a/tests/os_octavia-overrides.yml
+++ b/tests/os_octavia-overrides.yml
@ -84,6 +84,7 @@ neutron_metadata: True
 octavia_pip_package_state: latest
 octavia_package_state: latest
 octavia_neutron_management_network_name: lbaas-mgmt
+octavia_management_net_subnet_cidr: 10.1.7.0/24

 octavia_git_install_branch: stable/ocata

--- a/tests/test-configure-octavia.yml
+++ b/tests/test-configure-octavia.yml
@ -81,34 +81,5 @@
      until: install_packages|success
      retries: 5
      delay: 2
-    - name: Create mgmt network
-      os_network:
-        auth:
-          auth_url: "http://{{ test_keystone_host }}:5000/v3"
-          username: "{{ keystone_admin_user_name }}"
-          password: "{{ keystone_auth_admin_password }}"
-          project_name: "admin"
-          user_domain_name: "Default"
-          project_domain_name: "Default"
-        endpoint_type: "internal"
-        state: present
-        name: "{{ octavia_neutron_management_network_name }}"
-        provider_network_type: "flat"
-        provider_physical_network: "lbaas"
-    - name: Ensure mgmt subnet exists
-      os_subnet:
-        auth:
-          auth_url: "http://{{ test_keystone_host }}:5000/v3"
-          username: "{{ keystone_admin_user_name }}"
-          password: "{{ keystone_auth_admin_password }}"
-          project_name: "admin"
-          user_domain_name: "Default"
-          project_domain_name: "Default"
-        endpoint_type: "internal"
-        state: present
-        network_name: "{{ octavia_neutron_management_network_name }}"
-        name: "lbaas-mgmt-subnet"
-        cidr: "10.1.7.0/24"
-
  vars_files:
    - common/test-vars.yml