Add local radosgw and API to ironic-conductor pod.

Currenty ironic depends on external dns, ingress, ssl, and network routing.
To download image to baremetal node in provisioning network, traffic going
from ceph to radosgw to ingress proxy and then to node. It utilizes all
networks (storage, public, provisioning) and loads radosgw and ingress on
controller nodes.

This change introduces local radosgw and ironic API inside of ironic-conductor
pod. For provision baremetal node, traffic will go from ceph to radosgw on
ironic-conductor node and then to baremetal node. Also ironic provisioning will
not depends on external network access, ingress, valid ssl, external dns.

Change-Id: Ib2e2027ae80ad222e64c7e85cf7ddb1da95ca5ed
This commit is contained in:
Andrey Shestakov 2016-12-27 13:28:44 +02:00 committed by Mikhail
parent d66711c52d
commit 6c2daf043f
5 changed files with 62 additions and 7 deletions

View File

@ -9,4 +9,3 @@ RUN apt-get install -y --no-install-recommends \
RUN chmod 777 /run
USER ironic

View File

@ -0,0 +1,3 @@
[client.radosgw.gateway]
key = {{ radosgw.key }}

View File

@ -0,0 +1,26 @@
[global]
fsid = {{ ceph.fsid }}
mon_host = {{ ceph.mon_host }}
auth_cluster_required = cephx
auth_service_required = cephx
auth_client_required = cephx
debug_rgw = 20
[client.radosgw.gateway]
keyring = /var/lib/ceph/radosgw/ceph-rgw/keyring
rgw socket path = /tmp/radosgw.sock
log file = /var/log/ceph/ceph-rgw-{{ namespace }}.log
rgw data = /var/lib/ceph/radosgw/ceph-rgw
rgw frontends = civetweb port={{ radosgw.port.cont }} num_threads=50
rgw keystone api version = 3
rgw keystone admin domain = Default
rgw keystone admin project = {{ openstack.project_name }}
rgw keystone url = {{ address('keystone', keystone.admin_port, with_scheme=True) }}
rgw keystone accepted roles = Member, _member_, admin
rgw keystone revocation interval = 900
rgw s3 auth use keystone = true
rgw keystone verify ssl = {{ keystone.tls.enabled }}
rgw keystone admin user = {{ openstack.user_name }}
rgw keystone admin password = {{ openstack.user_password }}

View File

@ -11,7 +11,7 @@ enabled_network_interfaces = noop,flat
default_network_interface = flat
[api]
public_endpoint = http://{{ address('ironic', ironic.api_port, external=True, with_scheme=False) }}
public_endpoint = http://{{ network_topology["private"]["address"] }}:{{ ironic.api_port.cont }}
host_ip = {{ network_topology["private"]["address"] }}
port = {{ ironic.api_port.cont }}
@ -20,6 +20,7 @@ connection = mysql+pymysql://{{ ironic.db.username }}:{{ ironic.db.password }}@{
max_retries = -1
{{ keystone_authtoken.keystone_authtoken(ironic.username, ironic.password) }}
auth_version = 3
[service_catalog]
auth_type = password
@ -31,7 +32,7 @@ username = {{ ironic.username }}
password = {{ ironic.password }}
[conductor]
api_url = http://{{ address('ironic', ironic.api_port, external=True, with_scheme=False) }}
api_url = http://{{ network_topology["private"]["address"] }}:{{ ironic.api_port.cont }}
automated_clean = {{ ironic.automated_clean }}
[neutron]
@ -56,7 +57,7 @@ password = {{ ironic.password }}
glance_api_servers = {{ address('glance-api', glance.api_port, with_scheme=True) }}
swift_endpoint_url = http://{{ address('radosgw', radosgw.port, external=True, with_scheme=False) }}
swift_endpoint_url = http://{{ network_topology["private"]["address"] }}:{{ radosgw.port.cont }}/swift
swift_temp_url_key = {{ ironic.swift.temp_url_key }}
temp_url_endpoint_type = radosgw

View File

@ -4,7 +4,7 @@ service:
hostNetwork: true
kind: DaemonSet
containers:
- name: ironic-conductor
- name: conductor
image: ironic-conductor
probes:
readiness: "true"
@ -34,7 +34,7 @@ service:
dependencies:
- ironic-db-sync
- ironic-post-swift-tempurl-key
- name: ironic-pxe
- name: pxe
image: ironic-pxe
probes:
readiness: "true"
@ -54,7 +54,7 @@ service:
/var/lib/ironic/tftpboot
files:
- pxe-bootstrap.sh
- name: ironic-ipxe
- name: ipxe
image: ironic-ipxe
probes:
readiness: "true"
@ -69,6 +69,23 @@ service:
command: nginx -g 'daemon off; error_log stderr;'
files:
- nginx-ipxe.conf
- name: radosgw
image: radosgw
daemon:
command: radosgw -c /etc/ceph/ceph.conf -n client.radosgw.gateway -d
files:
- ceph-conf
- radosgw-ceph-key
- radosgw-keyring
- name: api
image: ironic-api
daemon:
command: ironic-api --config-file /etc/ironic/ironic.conf
files:
- ironic.conf
dependencies:
- rpc
- ironic-db-sync
files:
ironic.conf:
path: /etc/ironic/ironic.conf
@ -86,3 +103,12 @@ files:
path: /home/ironic/.ssh/id_rsa
content: ssh_key.j2
perm: "0400"
ceph-conf:
path: /etc/ceph/ceph.conf
content: ceph.conf.j2
radosgw-ceph-key:
path: /etc/ceph/ceph.client.radosgw.keyring
content: ceph.client.radosgw.keyring.j2
radosgw-keyring:
path: /var/lib/ceph/radosgw/ceph-rgw/keyring
content: ceph.client.radosgw.keyring.j2