From 7a7d7ae7689aef759c976ea4ca3a67262b7dc4b5 Mon Sep 17 00:00:00 2001 From: Andrey Shestakov Date: Fri, 4 Sep 2015 12:13:56 +0300 Subject: [PATCH] Fix networking Change-Id: Ia13b5dede144ac61eb9782ba97365510836f1507 --- .../puppet/manifests/haproxy.pp | 69 ++++++--- .../manifests/ironic-conductor-config.pp | 11 -- .../puppet/manifests/network-openstack.pp | 83 +++++++++++ .../puppet/manifests/network.pp | 68 +-------- .../ironic_neutron_setter/ini_setting.rb | 140 ------------------ .../lib/puppet/type/ironic_neutron_setter.rb | 31 ---- deployment_tasks.yaml | 18 ++- environment_config.yaml | 2 +- post_install.sh | 2 +- 9 files changed, 152 insertions(+), 272 deletions(-) create mode 100644 deployment_scripts/puppet/manifests/network-openstack.pp delete mode 100644 deployment_scripts/puppet/modules/ironic/lib/puppet/provider/ironic_neutron_setter/ini_setting.rb delete mode 100644 deployment_scripts/puppet/modules/ironic/lib/puppet/type/ironic_neutron_setter.rb diff --git a/deployment_scripts/puppet/manifests/haproxy.pp b/deployment_scripts/puppet/manifests/haproxy.pp index 97632ae..3afaf08 100644 --- a/deployment_scripts/puppet/manifests/haproxy.pp +++ b/deployment_scripts/puppet/manifests/haproxy.pp @@ -1,6 +1,7 @@ notice('MODULAR: ironic/haproxy.pp') $network_metadata = hiera_hash('network_metadata') +$storage_hash = hiera_hash('storage', {}) $public_ssl_hash = hiera('public_ssl') $ironic_api_nodes = get_nodes_hash_by_roles($network_metadata, ['primary-controller', 'controller']) @@ -8,14 +9,21 @@ $ironic_address_map = get_node_to_ipaddr_map_by_network_role($ironic_api_nodes, $ironic_server_names = hiera_array('ironic_names', keys($ironic_address_map)) $ironic_ipaddresses = hiera_array('ironic_ipaddresses', values($ironic_address_map)) -$swift_proxies_address_map = get_node_to_ipaddr_map_by_network_role(hiera_hash('swift_proxies', undef), 'swift/api') -$swift_server_names = hiera_array('swift_server_names', keys($swift_proxies_address_map)) -$swift_ipaddresses = hiera_array('swift_ipaddresses', values($swift_proxies_address_map)) - $public_virtual_ip = hiera('public_vip') $internal_virtual_ip = hiera('management_vip') $baremetal_virtual_ip = $network_metadata['vips']['baremetal']['ipaddr'] +if !($storage_hash['images_ceph'] and $storage_hash['objects_ceph']) and !$storage_hash['images_vcenter'] { + $use_swift = true +} else { + $use_swift = false +} +if !($use_swift) and ($storage_hash['objects_ceph']) { + $use_radosgw = true +} else { + $use_radosgw = false +} + Openstack::Ha::Haproxy_service { ipaddresses => $ironic_ipaddresses, public_virtual_ip => $public_virtual_ip, @@ -42,17 +50,44 @@ openstack::ha::haproxy_service { 'ironic-baremetal': internal_virtual_ip => $baremetal_virtual_ip, } -openstack::ha::haproxy_service { 'swift-baremetal': - order => '125', - listen_port => 8080, - ipaddresses => $swift_ipaddresses, - server_names => $swift_server_names, - public => false, - public_ssl => false, - public_virtual_ip => false, - internal_virtual_ip => $baremetal_virtual_ip, - haproxy_config_options => { - 'option' => ['httpchk', 'httplog', 'httpclose'], - }, - balancermember_options => 'check port 49001 inter 15s fastinter 2s downinter 8s rise 3 fall 3', +if $use_swift { + $swift_proxies_address_map = get_node_to_ipaddr_map_by_network_role(hiera_hash('swift_proxies', undef), 'swift/api') + $swift_server_names = hiera_array('swift_server_names', keys($swift_proxies_address_map)) + $swift_ipaddresses = hiera_array('swift_ipaddresses', values($swift_proxies_address_map)) + + openstack::ha::haproxy_service { 'swift-baremetal': + order => '125', + listen_port => 8080, + ipaddresses => $swift_ipaddresses, + server_names => $swift_server_names, + public => false, + public_ssl => false, + public_virtual_ip => false, + internal_virtual_ip => $baremetal_virtual_ip, + haproxy_config_options => { + 'option' => ['httpchk', 'httplog', 'httpclose'], + }, + balancermember_options => 'check port 49001 inter 15s fastinter 2s downinter 8s rise 3 fall 3', + } +} + +if $use_radosgw { + $rgw_address_map = get_node_to_ipaddr_map_by_network_role(hiera_hash('ceph_rgw_nodes'), 'ceph/radosgw') + $rgw_server_names = hiera_array('radosgw_server_names', keys($rgw_address_map)) + $rgw_ipaddresses = hiera_array('radosgw_ipaddresses', values($rgw_address_map)) + + openstack::ha::haproxy_service { 'radosgw-baremetal': + order => '135', + listen_port => 8080, + balancermember_port => 6780, + ipaddresses => $rgw_ipaddresses, + server_names => $rgw_server_names, + public => false, + public_ssl => false, + public_virtual_ip => false, + internal_virtual_ip => $baremetal_virtual_ip, + haproxy_config_options => { + 'option' => ['httplog', 'httpchk GET /'], + }, + } } diff --git a/deployment_scripts/puppet/manifests/ironic-conductor-config.pp b/deployment_scripts/puppet/manifests/ironic-conductor-config.pp index 960b9ad..c887b4b 100644 --- a/deployment_scripts/puppet/manifests/ironic-conductor-config.pp +++ b/deployment_scripts/puppet/manifests/ironic-conductor-config.pp @@ -3,7 +3,6 @@ notice('MODULAR: ironic/ironic-conductor-config.pp') $ironic_hash = hiera_hash('fuel-plugin-ironic', {}) $management_vip = hiera('management_vip') $keystone_endpoint = hiera('keystone_endpoint', $management_vip) -$neutron_endpoint = hiera('neutron_endpoint', $management_vip) $ironic_tenant = pick($ironic_hash['tenant'],'services') $ironic_user = pick($ironic_hash['user'],'ironic') @@ -20,15 +19,6 @@ ironic_images_setter {'ironic_images': glance_url => "http://${management_vip}:9292/v2.0/", } -ironic_neutron_setter {'ironic_network': - ensure => present, - auth_url => "http://${keystone_endpoint}:5000/v2.0/", - auth_username => $ironic_user, - auth_password => $ironic_user_password, - auth_tenant_name => $ironic_tenant, - neutron_url => "http://${neutron_endpoint}:9696/v2.0/", -} - service { 'ironic-conductor': ensure => 'running', name => $::ironic::params::conductor_service, @@ -38,4 +28,3 @@ service { 'ironic-conductor': } Ironic_images_setter<||> ~> Service['ironic-conductor'] -Ironic_neutron_setter<||> ~> Service['ironic-conductor'] diff --git a/deployment_scripts/puppet/manifests/network-openstack.pp b/deployment_scripts/puppet/manifests/network-openstack.pp new file mode 100644 index 0000000..c293cee --- /dev/null +++ b/deployment_scripts/puppet/manifests/network-openstack.pp @@ -0,0 +1,83 @@ +notice('MODULAR: ironic/network.pp') + +$network_scheme = hiera('network_scheme', {}) +prepare_network_config($network_scheme) +$neutron_config = hiera_hash('quantum_settings') +$pnets = $neutron_config['L2']['phys_nets'] +$baremetal_network = get_network_role_property('ironic/baremetal', 'network') +$nameservers = $neutron_config['predefined_networks']['net04']['L3']['nameservers'] + +$ironic_hash = hiera_hash('fuel-plugin-ironic', {}) +$baremetal_L3_allocation_pool = $ironic_hash['l3_allocation_pool'] +$baremetal_L3_gateway = $ironic_hash['l3_gateway'] + + +# Physnets +############################### +if $pnets['physnet1'] { + $physnet1 = "physnet1:${pnets['physnet1']['bridge']}" +} +if $pnets['physnet2'] { + $physnet2 = "physnet2:${pnets['physnet2']['bridge']}" +} +$physnet_ironic = "physnet-ironic:br-ironic" +$physnets_array = [$physnet1, $physnet2, $physnet_ironic] +$bridge_mappings = delete_undef_values($physnets_array) + +$br_map_str = join($bridge_mappings, ',') +neutron_agent_ovs { + 'ovs/bridge_mappings': value => $br_map_str; +} + +$flat_networks = ['physnet-ironic'] +neutron_plugin_ml2 { + 'ml2_type_flat/flat_networks': value => join($flat_networks, ','); +} + +service { 'p_neutron-plugin-openvswitch-agent': + ensure => 'running', + enable => true, + provider => 'pacemaker', +} +service { 'p_neutron-dhcp-agent': + ensure => 'running', + enable => true, + provider => 'pacemaker', +} + +Neutron_plugin_ml2<||> ~> Service['p_neutron-plugin-openvswitch-agent'] ~> Service['p_neutron-dhcp-agent'] +Neutron_agent_ovs<||> ~> Service['p_neutron-plugin-openvswitch-agent'] ~> Service['p_neutron-dhcp-agent'] + + +# Predefined network +############################### +$netdata = { + 'L2' => { + network_type => 'flat', + physnet => 'physnet-ironic', + router_ext => 'false', + segment_id => 'null' + }, + 'L3' => { + enable_dhcp => true, + floating => $baremetal_L3_allocation_pool, + gateway => $baremetal_L3_gateway, + nameservers => $nameservers, + subnet => $baremetal_network + }, + 'shared' => 'true', + 'tenant' => 'admin', +} + +openstack::network::create_network{'baremetal': + netdata => $netdata, + segmentation_type => 'flat', +} -> +neutron_router_interface { "router04:baremetal__subnet": + ensure => present, +} + + +# Order +############################### +Neutron_plugin_ml2<||> -> Neutron_agent_ovs<||> -> Openstack::Network::Create_network<||> diff --git a/deployment_scripts/puppet/manifests/network.pp b/deployment_scripts/puppet/manifests/network.pp index f6d0440..253c272 100644 --- a/deployment_scripts/puppet/manifests/network.pp +++ b/deployment_scripts/puppet/manifests/network.pp @@ -69,72 +69,6 @@ cluster::virtual_ip { 'baremetal' : } -# Physnets -############################### -if $pnets['physnet1'] { - $physnet1 = "physnet1:${pnets['physnet1']['bridge']}" -} -if $pnets['physnet2'] { - $physnet2 = "physnet2:${pnets['physnet2']['bridge']}" -} -$physnet_ironic = "physnet-ironic:br-ironic" -$physnets_array = [$physnet1, $physnet2, $physnet_ironic] -$bridge_mappings = delete_undef_values($physnets_array) - -$br_map_str = join($bridge_mappings, ',') -neutron_agent_ovs { - 'ovs/bridge_mappings': value => $br_map_str; -} - -$flat_networks = ['physnet-ironic'] -neutron_plugin_ml2 { - 'ml2_type_flat/flat_networks': value => join($flat_networks, ','); -} - -service { 'p_neutron-plugin-openvswitch-agent': - ensure => 'running', - enable => true, - provider => 'pacemaker', -} -service { 'p_neutron-dhcp-agent': - ensure => 'running', - enable => true, - provider => 'pacemaker', -} - -Neutron_plugin_ml2<||> ~> Service['p_neutron-plugin-openvswitch-agent'] ~> Service['p_neutron-dhcp-agent'] -Neutron_agent_ovs<||> ~> Service['p_neutron-plugin-openvswitch-agent'] ~> Service['p_neutron-dhcp-agent'] - - -# Predefined network -############################### -$netdata = { - 'L2' => { - network_type => 'flat', - physnet => 'physnet-ironic', - router_ext => 'false', - segment_id => 'null' - }, - 'L3' => { - enable_dhcp => true, - floating => $baremetal_L3_allocation_pool, - gateway => $baremetal_L3_gateway, - nameservers => $nameservers, - subnet => $baremetal_network - }, - 'shared' => 'true', - 'tenant' => 'admin', -} - -openstack::network::create_network{'baremetal': - netdata => $netdata, - segmentation_type => 'flat', -} -> -neutron_router_interface { "router04:baremetal__subnet": - ensure => present, -} - - # Order ############################### -Firewall<||> -> Cluster::Virtual_ip<||> -> Neutron_plugin_ml2<||> -> Neutron_agent_ovs<||> -> Openstack::Network::Create_network<||> +Firewall<||> -> Cluster::Virtual_ip<||> diff --git a/deployment_scripts/puppet/modules/ironic/lib/puppet/provider/ironic_neutron_setter/ini_setting.rb b/deployment_scripts/puppet/modules/ironic/lib/puppet/provider/ironic_neutron_setter/ini_setting.rb deleted file mode 100644 index 98253ff..0000000 --- a/deployment_scripts/puppet/modules/ironic/lib/puppet/provider/ironic_neutron_setter/ini_setting.rb +++ /dev/null @@ -1,140 +0,0 @@ -require 'rubygems' -require 'net/http' -require 'net/https' -require 'json' -require 'puppet/util/inifile' - -class KeystoneError < Puppet::Error -end - -class KeystoneConnectionError < KeystoneError -end - -class KeystoneAPIError < KeystoneError -end - -RETRY_COUNT = 10 -RETRY_SLEEP = 3 - -def handle_request(req, url) - begin - use_ssl = url.scheme == "https" ? true : false - http = Net::HTTP.start(url.hostname, url.port, {:use_ssl => use_ssl}) - res = http.request(req) - - if res.code != '200' - raise KeystoneAPIError, "Received error response from Keystone server at #{url}: #{res.message}" - end - rescue Errno::ECONNREFUSED => detail - raise KeystoneConnectionError, "Failed to connect to Keystone server at #{url}: #{detail}" - rescue SocketError => detail - raise KeystoneConnectionError, "Failed to connect to Keystone server at #{url}: #{detail}" - end - - res -end - -def keystone_v2_authenticate(auth_url, - username, - password, - tenantId=nil, - tenantName=nil) - - post_args = { - 'auth' => { - 'passwordCredentials' => { - 'username' => username, - 'password' => password - }, - }} - - if tenantId - post_args['auth']['tenantId'] = tenantId - end - - if tenantName - post_args['auth']['tenantName'] = tenantName - end - - url = URI.parse("#{auth_url}/tokens") - req = Net::HTTP::Post.new url.path - req['content-type'] = 'application/json' - req.body = post_args.to_json - - res = handle_request(req, url) - data = JSON.parse res.body - return data['access']['token']['id'] -end - -def neutron_networks(neutron_url, token) - - url = URI.parse("#{neutron_url}/networks") - req = Net::HTTP::Get.new url.path - req['content-type'] = 'application/json' - req['x-auth-token'] = token - - res = handle_request(req, url) - data = JSON.parse res.body - data['networks'] -end - -Puppet::Type.type(:ironic_neutron_setter).provide(:ruby) do - @neutron_network = nil - - def authenticate - keystone_v2_authenticate( - @resource[:auth_url], - @resource[:auth_username], - @resource[:auth_password], - nil, - @resource[:auth_tenant_name]) - end - - def find_network_by_name(networks, name) - found_networks = networks.select{|net| net['name'] == name} - if found_networks.length == 1 - return found_networks[0]['id'] - elsif found_networks.length == 0 - raise KeystoneAPIError, "Network with name '#{name}' not found." - elsif found_networks.length > 1 - raise KeystoneAPIError, "Found multiple matches for name: '#{name}'" - end - end - - def exists? - ini_file = Puppet::Util::IniConfig::File.new - ini_file.read("/etc/ironic/ironic.conf") - ini_file['neutron'] && ini_file['neutron']['cleaning_network_uuid'] && ini_file['neutron']['cleaning_network_uuid'] == neutron_network - end - - def create - config - end - - def neutron_network - @neutron_network ||= get_neutron_network - end - - def get_neutron_network - token = authenticate - RETRY_COUNT.times do |n| - begin - all_networks = neutron_networks(@resource[:neutron_url], token) - rescue => e - debug "Request failed: '#{e.message}' Retry: '#{n}'" - if n == RETRY_COUNT - 1 - raise KeystoneAPIError, 'Unable to get networks.' - end - sleep RETRY_SLEEP - next - end - return find_network_by_name(all_networks, 'baremetal') - end - end - - def config - Puppet::Type.type(:ironic_config).new( - {:name => "neutron/cleaning_network_uuid", :value => neutron_network} - ).provider.create - end -end diff --git a/deployment_scripts/puppet/modules/ironic/lib/puppet/type/ironic_neutron_setter.rb b/deployment_scripts/puppet/modules/ironic/lib/puppet/type/ironic_neutron_setter.rb deleted file mode 100644 index aa7f2cd..0000000 --- a/deployment_scripts/puppet/modules/ironic/lib/puppet/type/ironic_neutron_setter.rb +++ /dev/null @@ -1,31 +0,0 @@ -Puppet::Type.newtype(:ironic_neutron_setter) do - - ensurable - - newparam(:name, :namevar => true) do - desc 'The name of the setting to update' - end - - newparam(:auth_url) do - desc 'The Keystone endpoint URL' - defaultto 'http://localhost:35357/v2.0' - end - - newparam(:auth_username) do - desc 'Username with which to authenticate' - defaultto 'admin' - end - - newparam(:auth_password) do - desc 'Password with which to authenticate' - end - - newparam(:auth_tenant_name) do - desc 'Tenant name with which to authenticate' - defaultto 'admin' - end - - newparam(:neutron_url) do - desc 'Neutron endpoint' - end -end diff --git a/deployment_tasks.yaml b/deployment_tasks.yaml index 883ffac..7c2a85b 100644 --- a/deployment_tasks.yaml +++ b/deployment_tasks.yaml @@ -40,6 +40,16 @@ puppet_modules: puppet/modules:/etc/puppet/modules timeout: 3600 +- id: ironic-network-openstack + groups: ['primary-controller', 'controller'] + type: puppet + required_for: [deploy_end] + requires: [openstack-network, ironic-network-ovs] + parameters: + puppet_manifest: puppet/manifests/network-openstack.pp + puppet_modules: puppet/modules:/etc/puppet/modules + timeout: 3600 + - id: ironic-db groups: ['primary-controller'] type: puppet @@ -53,8 +63,8 @@ - id: ironic-upload-images role: ['primary-controller'] type: shell - required_for: [post_deployment_end] - requires: [enable_quorum] + required_for: [ironic-conductor-config] + requires: [enable_quorum, enable_rados] parameters: cmd: ruby upload_images.rb retries: 3 @@ -75,7 +85,7 @@ role: ['primary-controller'] type: shell required_for: [post_deployment_end] - requires: [enable_quorum] + requires: [enable_quorum, enable_rados] parameters: cmd: ruby post_swift_key.rb retries: 3 @@ -86,7 +96,7 @@ groups: ['primary-controller', 'controller'] type: puppet required_for: [deploy_end, controller_remaining_tasks] - requires: [openstack-controller, ironic-db, ironic-network, ironic-haproxy, swift] + requires: [openstack-controller, ironic-db, ironic-network, ironic-haproxy] parameters: puppet_manifest: puppet/manifests/ironic.pp puppet_modules: puppet/modules:/etc/puppet/modules diff --git a/environment_config.yaml b/environment_config.yaml index e525a9c..848a93d 100644 --- a/environment_config.yaml +++ b/environment_config.yaml @@ -2,7 +2,7 @@ attributes: metadata: restrictions: - "cluster:net_provider != 'neutron' or networking_parameters:segmentation_type != 'vlan'": "Ironic requires Neutron with VLAN segmentation." - - "settings:storage.images_ceph.value == true": "Ironic requires Swift as a backend for Glance image service." + - "settings:storage.images_ceph.value == true": "Ironic requires Swift API for Glance image service." password: value: "I_love_plugins" label: "Password for user, db and swift" diff --git a/post_install.sh b/post_install.sh index 2ca413f..81268e8 100755 --- a/post_install.sh +++ b/post_install.sh @@ -21,5 +21,5 @@ export BOOTSTRAP_SSH_KEYS="${key_file}.pub" export AGENT_PACKAGE_PATH="${package_path}/repositories/ubuntu" mkdir -p "${DESTDIR}" -${deployment_scripts_path}/fuel-bootstrap-image-builder/bin/fuel-bootstrap-image +#${deployment_scripts_path}/fuel-bootstrap-image-builder/bin/fuel-bootstrap-image chmod 755 -R "${DESTDIR}"