diff --git a/doc/source/deploy/environment-index.rst b/doc/source/deploy/environment-index.rst index 280c291..40c53f3 100644 --- a/doc/source/deploy/environment-index.rst +++ b/doc/source/deploy/environment-index.rst @@ -158,8 +158,21 @@ Configuration for Routed Networks **File:** environments/routed-networks-configuration.yaml **Description:** Contains the available parameters that need to be configured when using -a routed networks environment. Requires the routed-networks.yaml -environment. +a routed networks environment. Requires the routed-networks.yaml or +routed-networks-ipv6.yaml environment. + + +Enable Routed Networks IPv6 +--------------------------- + +**File:** environments/routed-networks-ipv6.yaml + +**Description:** Enable use of routed IPv6 networks, where there may be multiple separate +networks connected with a router, router advertisement daemon (radvd), +and DHCP relay. Do not pass any other network configuration environments +after this one or they may override the changes made by this environment. +When this environment is in use, the routed-networks-configuration +environment should usually be included as well. Base Role Configuration for Routed Networks diff --git a/environments/routed-networks-configuration.yaml b/environments/routed-networks-configuration.yaml index 2171885..43c5c1d 100644 --- a/environments/routed-networks-configuration.yaml +++ b/environments/routed-networks-configuration.yaml @@ -7,8 +7,8 @@ # title: Configuration for Routed Networks # description: | # Contains the available parameters that need to be configured when using -# a routed networks environment. Requires the routed-networks.yaml -# environment. +# a routed networks environment. Requires the routed-networks.yaml or +# routed-networks-ipv6.yaml environment. parameter_defaults: # The Nova flavor to use for the dhcrelay instance # Type: string diff --git a/environments/routed-networks-ipv6.yaml b/environments/routed-networks-ipv6.yaml new file mode 100644 index 0000000..8f44377 --- /dev/null +++ b/environments/routed-networks-ipv6.yaml @@ -0,0 +1,20 @@ +# ******************************************************************* +# This file was created automatically by the sample environment +# generator. Developers should use `tox -e genconfig` to update it. +# Users are recommended to make changes to a copy of the file instead +# of the original, if any customizations are needed. +# ******************************************************************* +# title: Enable Routed Networks IPv6 +# description: | +# Enable use of routed IPv6 networks, where there may be multiple separate +# networks connected with a router, router advertisement daemon (radvd), +# and DHCP relay. Do not pass any other network configuration environments +# after this one or they may override the changes made by this environment. +# When this environment is in use, the routed-networks-configuration +# environment should usually be included as well. +resource_registry: + OS::OVB::BaremetalNetworks: ../templates/baremetal-networks-routed.yaml + OS::OVB::DHCPRelay: ../templates/dhcpv6-relay.yaml + OS::OVB::ProvisionNetRouter: OS::Heat::None + OS::OVB::ProvisionNetRouterInterface: OS::Heat::None + OS::OVB::UndercloudNetworks: ../templates/undercloud-networks-routed.yaml diff --git a/sample-env-generator/environments.yaml b/sample-env-generator/environments.yaml index 66ebfa9..3906404 100644 --- a/sample-env-generator/environments.yaml +++ b/sample-env-generator/environments.yaml @@ -195,8 +195,8 @@ environments: title: Configuration for Routed Networks description: | Contains the available parameters that need to be configured when using - a routed networks environment. Requires the routed-networks.yaml - environment. + a routed networks environment. Requires the routed-networks.yaml or + routed-networks-ipv6.yaml environment. files: templates/dhcp-relay.yaml: parameters: @@ -216,6 +216,22 @@ environments: OS::OVB::UndercloudNetworks: ../templates/undercloud-networks-routed.yaml OS::OVB::BaremetalNetworks: ../templates/baremetal-networks-routed.yaml OS::OVB::DHCPRelay: ../templates/dhcp-relay.yaml + - + name: routed-networks-ipv6 + title: Enable Routed Networks IPv6 + description: | + Enable use of routed IPv6 networks, where there may be multiple separate + networks connected with a router, router advertisement daemon (radvd), + and DHCP relay. Do not pass any other network configuration environments + after this one or they may override the changes made by this environment. + When this environment is in use, the routed-networks-configuration + environment should usually be included as well. + resource_registry: + OS::OVB::UndercloudNetworks: ../templates/undercloud-networks-routed.yaml + OS::OVB::BaremetalNetworks: ../templates/baremetal-networks-routed.yaml + OS::OVB::DHCPRelay: ../templates/dhcpv6-relay.yaml + OS::OVB::ProvisionNetRouter: OS::Heat::None + OS::OVB::ProvisionNetRouterInterface: OS::Heat::None - name: routed-networks-role title: Base Role Configuration for Routed Networks diff --git a/templates/dhcp-relay.yaml b/templates/dhcp-relay.yaml index f4e5acc..61585d7 100644 --- a/templates/dhcp-relay.yaml +++ b/templates/dhcp-relay.yaml @@ -45,6 +45,9 @@ parameters: private_net: type: string + provision_network_routers_data: + type: json + description: A map with provision network router data resources: dhcp_relay_port_private: diff --git a/templates/dhcpv6-relay.yaml b/templates/dhcpv6-relay.yaml new file mode 100644 index 0000000..295d41c --- /dev/null +++ b/templates/dhcpv6-relay.yaml @@ -0,0 +1,284 @@ +heat_template_version: 2016-10-14 + +parameters: + + key_name: + type: string + default: default + description: Nova keypair to inject into the undercloud and bmc + + dhcp_relay_flavor: + type: string + default: m1.small + description: The Nova flavor to use for the dhcrelay instance + + dhcp_relay_image: + type: string + default: CentOS-7-x86_64-GenericCloud + description: | + The base image for the dhcrelay instance. A CentOS 7 image is currently + the only one supported. + + provision_net_cidr: + type: string + description: CIDR for provision network subnet + default: fd12:3456:789a:1::/64 + + provision_net2_cidr: + type: string + description: CIDR for second provision network subnet + default: fd12:3456:789a:2::/64 + + provision_net3_cidr: + type: string + description: CIDR for third provision network subnet + default: fd12:3456:789a:3::/64 + + IPv6_dhcpv6-statefull: + type: boolean + description: | + Controls radvd parameters AdvManagedFlag and AdvAutonomous. For stateful + addressing these should be AdvManagedFlag: on, AdvAutonomous: off, for + statelss (SLAAC) these should be AdvManagedFlag: off, AdvAutonomous: on. + default: false + + dhcp_ips: + # Ignored parameter for compatibility with dhcp-relay.yaml + type: json + description: | + The IP addresses of DHCP servers to relay DHCP requests to. + + networks: + # Ignored parameter for compatibility with dhcp-relay.yaml + type: json + + private_net: + type: string + + provision_network_routers_data: + type: json + description: A map with provision network router data + + NtpPool: + default: pool.ntp.org + description: | + NTP pool, the pool name is expected to resolve to multiple addresses which + might change over time. For IPv6 overclouds the radvd-and-dhcrelay + instance can act as the NTP server. + type: string + +conditions: + dhcpv6-statefull: + get_param: IPv6_dhcpv6-statefull + +resources: + dhcp_relay_port_private: + type: OS::Neutron::Port + properties: + name: dhcp_relay_port_private + network: {get_param: private_net} + + init_packages: + type: OS::Heat::CloudConfig + properties: + cloud_config: + package_upgrade: true + packages: + - centos-release-openstack-stein + - dnsmasq + - radvd + - chrony + + init_files: + type: OS::Heat::CloudConfig + properties: + cloud_config: + write_files: + - path: /etc/os-net-config/config.yaml + content: + str_replace: + template: | + network_config: + - type: interface + name: eth0 + use_dhcp: false + use_dhcpv6: false + addresses: + - ip_netmask: $private_ip_netmask + routes: + - default: true + next_hop: $private_gateway + - type: interface + name: eth1 + use_dhcp: false + use_dhcpv6: false + addresses: + - ip_netmask: $provision_ip_netmask + - type: interface + name: eth2 + use_dhcp: false + use_dhcpv6: false + addresses: + - ip_netmask: $provision2_ip_netmask + - type: interface + name: eth3 + use_dhcp: false + use_dhcpv6: false + addresses: + - ip_netmask: $provision3_ip_netmask + params: + $private_gateway: {get_attr: [dhcp_relay_port_private, subnets, 0, gateway_ip]} + $private_ip_netmask: + list_join: + - / + - - {get_attr: [dhcp_relay_port_private, fixed_ips, 0, ip_address]} + - {str_split: ['/', {get_attr: [dhcp_relay_port_private, subnets, 0, cidr]}, 1]} + $provision_ip_netmask: {get_param: [provision_network_routers_data, provision_router_cidr]} + $provision2_ip_netmask: {get_param: [provision_network_routers_data, provision2_router_cidr]} + $provision3_ip_netmask: {get_param: [provision_network_routers_data, provision3_router_cidr]} + - path: /etc/systemd/system/dhcrelay6.service + content: + str_replace: + template: | + [Unit] + Description=DHCPv6 dnsmasq Relay Agent Daemon + Documentation=man:dnsmasq(8) + Wants=network-online.target + After=network-online.target + + [Service] + Type=simple + ExecStart=/usr/sbin/dnsmasq --keep-in-foreground --port 0 --dhcp-relay=$provision2_ip,ff05::1:3,eth1 --dhcp-relay=$provision3_ip,ff05::1:3,eth1 + StandardError=null + + [Install] + WantedBy=multi-user.target + params: + $provision2_ip: {str_split: ['/', {get_param: [provision_network_routers_data, provision2_router_cidr]}, 0]} + $provision3_ip: {str_split: ['/', {get_param: [provision_network_routers_data, provision3_router_cidr]}, 0]} + - path: /etc/radvd.conf + content: + str_replace: + template: | + interface eth1 { + AdvSendAdvert on; + AdvManagedFlag $AdvManagedFlag; + AdvOtherConfigFlag on; + AdvRASolicitedUnicast on; + AdvLinkMTU $provision_mtu; + prefix $provision_cidr { + AdvAutonomous $AdvAutonomous; + AdvOnLink on; + }; + }; + interface eth2 { + AdvSendAdvert on; + AdvManagedFlag $AdvManagedFlag; + AdvOtherConfigFlag on; + AdvRASolicitedUnicast on; + AdvLinkMTU $provision2_mtu; + prefix $provision2_cidr { + AdvAutonomous $AdvAutonomous; + AdvOnLink on; + }; + }; + interface eth3 { + AdvSendAdvert on; + AdvManagedFlag $AdvManagedFlag; + AdvOtherConfigFlag on; + AdvRASolicitedUnicast on; + AdvLinkMTU $provision3_mtu; + prefix $provision3_cidr { + AdvAutonomous $AdvAutonomous; + AdvOnLink on; + }; + }; + params: + $provision_cidr: {get_param: provision_net_cidr} + $provision2_cidr: {get_param: provision_net2_cidr} + $provision3_cidr: {get_param: provision_net3_cidr} + $provision_mtu: {get_param: [provision_network_routers_data, provision_mtu]} + $provision2_mtu: {get_param: [provision_network_routers_data, provision2_mtu]} + $provision3_mtu: {get_param: [provision_network_routers_data, provision3_mtu]} + $AdvManagedFlag: + if: + - dhcpv6-statefull + - 'on' + - 'off' + $AdvAutonomous: + if: + - dhcpv6-statefull + - 'off' + - 'on' + - path: /etc/sysctl.d/98-ipv6-routing.conf + content: | + net.ipv6.conf.eth1.forwarding = 1 + net.ipv6.conf.eth2.forwarding = 1 + net.ipv6.conf.eth3.forwarding = 1 + - - path: /etc/chrony.conf + content: + str_replace: + template: | + pool $ntp_pool iburst + # Record the rate at which the system clock gains/losses time. + driftfile /var/lib/chrony/drift + # Allow the system clock to be stepped in the first three updates + # if its offset is larger than 1 second. + makestep 1.0 3 + # Allow NTP client access from provision network. + allow $provision_cidr + allow $provision2_cidr + allow $provision3_cidr + # Serve time even if not synchronized to a time source. + local stratum 10 + # Specify file containing keys for NTP authentication. + keyfile /etc/chrony.keys + # Get TAI-UTC offset and leap seconds from the system tz database. + leapsectz right/UTC + # Specify directory for log files. + logdir /var/log/chrony + params: + $ntp_pool: {get_param: NtpPool} + $provision_cidr: {get_param: provision_net_cidr} + $provision2_cidr: {get_param: provision_net2_cidr} + $provision3_cidr: {get_param: provision_net3_cidr} + + init_runcmd: + type: OS::Heat::CloudConfig + properties: + cloud_config: + runcmd: + - ['sysctl','--system'] + - ['systemctl', 'daemon-reload'] + - ['yum', '-y', 'install', 'os-net-config'] + - ['os-net-config', '--config', '/etc/os-net-config/config.yaml'] + - ['systemctl', 'enable', 'dhcrelay6.service'] + - ['systemctl', 'start', 'dhcrelay6.service'] + - ['systemctl', 'status', 'dhcrelay6.service'] + - ['systemctl', 'enable', 'radvd.service'] + - ['systemctl', 'start', 'radvd.service'] + - ['systemctl', 'status', 'radvd.service'] + + dhcrelay_init: + type: OS::Heat::MultipartMime + properties: + parts: + - config: {get_resource: init_packages} + - config: {get_resource: init_files} + - config: {get_resource: init_runcmd} + + dhcp_relay_server: + type: OS::Nova::Server + properties: + name: radvd-and-dhcrelay + flavor: {get_param: dhcp_relay_flavor} + image: {get_param: dhcp_relay_image} + key_name: {get_param: key_name} + networks: + - {port: {get_resource: dhcp_relay_port_private}} + - {port: {get_param: [provision_network_routers_data, provision_router_resource]}} + - {port: {get_param: [provision_network_routers_data, provision2_router_resource]}} + - {port: {get_param: [provision_network_routers_data, provision3_router_resource]}} + config_drive: true + user_data_format: RAW + user_data: {get_resource: dhcrelay_init} diff --git a/templates/quintupleo.yaml b/templates/quintupleo.yaml index 01d869f..26f851a 100644 --- a/templates/quintupleo.yaml +++ b/templates/quintupleo.yaml @@ -186,6 +186,7 @@ resources: baremetal_prefix: {get_param: baremetal_prefix} cloud_data: {get_param: cloud_data} dhcp_ips: {get_param: dhcp_ips} + provision_network_routers_data: {get_attr: [undercloud_networks, provision_network_routers_data]} outputs: undercloud_host_floating_ip: diff --git a/templates/resource-registry.yaml b/templates/resource-registry.yaml index c023d37..92db11a 100644 --- a/templates/resource-registry.yaml +++ b/templates/resource-registry.yaml @@ -12,3 +12,5 @@ resource_registry: OS::OVB::UndercloudNetworks: undercloud-networks.yaml OS::OVB::DHCPRelay: OS::Heat::None OS::OVB::RouterAdvertisementDaemon: OS::Heat::None + OS::OVB::ProvisionNetRouter: OS::Neutron::Router + OS::OVB::ProvisionNetRouterInterface: OS::Neutron::RouterInterface diff --git a/templates/undercloud-networks-existing.yaml b/templates/undercloud-networks-existing.yaml index 2cf6898..f050cbd 100644 --- a/templates/undercloud-networks-existing.yaml +++ b/templates/undercloud-networks-existing.yaml @@ -50,5 +50,7 @@ outputs: # The provision and public network routers is here for compatibility only provision_network_routers: value: null + provision_network_routers_data: + value: null public_network_router: value: null diff --git a/templates/undercloud-networks-public-router.yaml b/templates/undercloud-networks-public-router.yaml index 19bc049..b49d997 100644 --- a/templates/undercloud-networks-public-router.yaml +++ b/templates/undercloud-networks-public-router.yaml @@ -111,6 +111,8 @@ outputs: # The provision_network_routers is here for compatibility only provision_network_routers: value: {} + provision_network_routers_data: + value: {} public_network_router: value: public_router: {get_attr: [public_router_port, fixed_ips, 0, ip_address]} diff --git a/templates/undercloud-networks-routed.yaml b/templates/undercloud-networks-routed.yaml index c04370b..37b27d1 100644 --- a/templates/undercloud-networks-routed.yaml +++ b/templates/undercloud-networks-routed.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2015-04-30 +heat_template_version: 2015-10-15 parameters: provision_net: @@ -107,7 +107,7 @@ parameters: resources: provision_router: - type: OS::Neutron::Router + type: OS::OVB::ProvisionNetRouter properties: name: provision-router external_gateway_info: @@ -132,13 +132,14 @@ resources: provision_router_port: type: OS::Neutron::Port properties: + name: provision_router_port network: {get_resource: provision_network} port_security_enabled: false fixed_ips: - ip_address: {get_param: provision_net_router_address} provision_router_interface: - type: OS::Neutron::RouterInterface + type: OS::OVB::ProvisionNetRouterInterface properties: router: {get_resource: provision_router} port: {get_resource: provision_router_port} @@ -162,13 +163,14 @@ resources: provision_router_port2: type: OS::Neutron::Port properties: + name: provision_router_port2 network: {get_resource: provision_network2} port_security_enabled: false fixed_ips: - ip_address: {get_param: provision_net2_router_address} provision_router_interface2: - type: OS::Neutron::RouterInterface + type: OS::OVB::ProvisionNetRouterInterface properties: router: {get_resource: provision_router} port: {get_resource: provision_router_port2} @@ -192,13 +194,14 @@ resources: provision_router_port3: type: OS::Neutron::Port properties: + name: provision_router_port3 network: {get_resource: provision_network3} port_security_enabled: false fixed_ips: - ip_address: {get_param: provision_net3_router_address} provision_router_interface3: - type: OS::Neutron::RouterInterface + type: OS::OVB::ProvisionNetRouterInterface properties: router: {get_resource: provision_router} port: {get_resource: provision_router_port3} @@ -252,6 +255,29 @@ outputs: provision_router: {get_attr: [provision_router_port, fixed_ips, 0, ip_address]} provision2_router: {get_attr: [provision_router_port2, fixed_ips, 0, ip_address]} provision3_router: {get_attr: [provision_router_port3, fixed_ips, 0, ip_address]} + provision_network_routers_data: + value: + provision_router_cidr: + list_join: + - / + - - {get_attr: [provision_router_port, fixed_ips, 0, ip_address]} + - {str_split: ['/', {get_attr: [provision_router_port, subnets, 0, cidr]}, 1]} + provision2_router_cidr: + list_join: + - / + - - {get_attr: [provision_router_port2, fixed_ips, 0, ip_address]} + - {str_split: ['/', {get_attr: [provision_router_port2, subnets, 0, cidr]}, 1]} + provision3_router_cidr: + list_join: + - / + - - {get_attr: [provision_router_port3, fixed_ips, 0, ip_address]} + - {str_split: ['/', {get_attr: [provision_router_port3, subnets, 0, cidr]}, 1]} + provision_router_resource: {get_resource: provision_router_port} + provision2_router_resource: {get_resource: provision_router_port2} + provision3_router_resource: {get_resource: provision_router_port3} + provision_mtu: {get_attr: [provision_router_port, network, mtu]} + provision2_mtu: {get_attr: [provision_router_port2, network, mtu]} + provision3_mtu: {get_attr: [provision_router_port3, network, mtu]} public_network_router: value: public_router: {get_attr: [public_router_port, fixed_ips, 0, ip_address]} diff --git a/templates/undercloud-networks.yaml b/templates/undercloud-networks.yaml index 1adc322..4320670 100644 --- a/templates/undercloud-networks.yaml +++ b/templates/undercloud-networks.yaml @@ -82,5 +82,7 @@ outputs: # The provision and public network routers is here for compatibility only provision_network_routers: value: null + provision_network_routers_data: + value: null public_network_router: value: null diff --git a/templates/virtual-baremetal.yaml b/templates/virtual-baremetal.yaml index 6995c22..ce720f5 100644 --- a/templates/virtual-baremetal.yaml +++ b/templates/virtual-baremetal.yaml @@ -60,6 +60,11 @@ parameters: description: | The IP addresses of DHCP servers to relay DHCP requests to. + provision_network_routers_data: + type: json + default: {} + description: A map with provision network router data + # Ignored parameters for compatibility with QuintupleO env files undercloud_image: type: string @@ -126,6 +131,7 @@ resources: properties: networks: {get_param: networks} dhcp_ips: {get_param: dhcp_ips} + provision_network_routers_data: {get_param: provision_network_routers_data} ipv6_radvd: type: OS::OVB::RouterAdvertisementDaemon