Fix networking

Change-Id: Ia13b5dede144ac61eb9782ba97365510836f1507
This commit is contained in:
Andrey Shestakov 2015-09-04 12:13:56 +03:00
parent 62cc584675
commit 7a7d7ae768
9 changed files with 152 additions and 272 deletions

View File

@ -1,6 +1,7 @@
notice('MODULAR: ironic/haproxy.pp')
$network_metadata = hiera_hash('network_metadata')
$storage_hash = hiera_hash('storage', {})
$public_ssl_hash = hiera('public_ssl')
$ironic_api_nodes = get_nodes_hash_by_roles($network_metadata, ['primary-controller', 'controller'])
@ -8,14 +9,21 @@ $ironic_address_map = get_node_to_ipaddr_map_by_network_role($ironic_api_nodes,
$ironic_server_names = hiera_array('ironic_names', keys($ironic_address_map))
$ironic_ipaddresses = hiera_array('ironic_ipaddresses', values($ironic_address_map))
$swift_proxies_address_map = get_node_to_ipaddr_map_by_network_role(hiera_hash('swift_proxies', undef), 'swift/api')
$swift_server_names = hiera_array('swift_server_names', keys($swift_proxies_address_map))
$swift_ipaddresses = hiera_array('swift_ipaddresses', values($swift_proxies_address_map))
$public_virtual_ip = hiera('public_vip')
$internal_virtual_ip = hiera('management_vip')
$baremetal_virtual_ip = $network_metadata['vips']['baremetal']['ipaddr']
if !($storage_hash['images_ceph'] and $storage_hash['objects_ceph']) and !$storage_hash['images_vcenter'] {
$use_swift = true
} else {
$use_swift = false
}
if !($use_swift) and ($storage_hash['objects_ceph']) {
$use_radosgw = true
} else {
$use_radosgw = false
}
Openstack::Ha::Haproxy_service {
ipaddresses => $ironic_ipaddresses,
public_virtual_ip => $public_virtual_ip,
@ -42,17 +50,44 @@ openstack::ha::haproxy_service { 'ironic-baremetal':
internal_virtual_ip => $baremetal_virtual_ip,
}
openstack::ha::haproxy_service { 'swift-baremetal':
order => '125',
listen_port => 8080,
ipaddresses => $swift_ipaddresses,
server_names => $swift_server_names,
public => false,
public_ssl => false,
public_virtual_ip => false,
internal_virtual_ip => $baremetal_virtual_ip,
haproxy_config_options => {
'option' => ['httpchk', 'httplog', 'httpclose'],
},
balancermember_options => 'check port 49001 inter 15s fastinter 2s downinter 8s rise 3 fall 3',
if $use_swift {
$swift_proxies_address_map = get_node_to_ipaddr_map_by_network_role(hiera_hash('swift_proxies', undef), 'swift/api')
$swift_server_names = hiera_array('swift_server_names', keys($swift_proxies_address_map))
$swift_ipaddresses = hiera_array('swift_ipaddresses', values($swift_proxies_address_map))
openstack::ha::haproxy_service { 'swift-baremetal':
order => '125',
listen_port => 8080,
ipaddresses => $swift_ipaddresses,
server_names => $swift_server_names,
public => false,
public_ssl => false,
public_virtual_ip => false,
internal_virtual_ip => $baremetal_virtual_ip,
haproxy_config_options => {
'option' => ['httpchk', 'httplog', 'httpclose'],
},
balancermember_options => 'check port 49001 inter 15s fastinter 2s downinter 8s rise 3 fall 3',
}
}
if $use_radosgw {
$rgw_address_map = get_node_to_ipaddr_map_by_network_role(hiera_hash('ceph_rgw_nodes'), 'ceph/radosgw')
$rgw_server_names = hiera_array('radosgw_server_names', keys($rgw_address_map))
$rgw_ipaddresses = hiera_array('radosgw_ipaddresses', values($rgw_address_map))
openstack::ha::haproxy_service { 'radosgw-baremetal':
order => '135',
listen_port => 8080,
balancermember_port => 6780,
ipaddresses => $rgw_ipaddresses,
server_names => $rgw_server_names,
public => false,
public_ssl => false,
public_virtual_ip => false,
internal_virtual_ip => $baremetal_virtual_ip,
haproxy_config_options => {
'option' => ['httplog', 'httpchk GET /'],
},
}
}

View File

@ -3,7 +3,6 @@ notice('MODULAR: ironic/ironic-conductor-config.pp')
$ironic_hash = hiera_hash('fuel-plugin-ironic', {})
$management_vip = hiera('management_vip')
$keystone_endpoint = hiera('keystone_endpoint', $management_vip)
$neutron_endpoint = hiera('neutron_endpoint', $management_vip)
$ironic_tenant = pick($ironic_hash['tenant'],'services')
$ironic_user = pick($ironic_hash['user'],'ironic')
@ -20,15 +19,6 @@ ironic_images_setter {'ironic_images':
glance_url => "http://${management_vip}:9292/v2.0/",
}
ironic_neutron_setter {'ironic_network':
ensure => present,
auth_url => "http://${keystone_endpoint}:5000/v2.0/",
auth_username => $ironic_user,
auth_password => $ironic_user_password,
auth_tenant_name => $ironic_tenant,
neutron_url => "http://${neutron_endpoint}:9696/v2.0/",
}
service { 'ironic-conductor':
ensure => 'running',
name => $::ironic::params::conductor_service,
@ -38,4 +28,3 @@ service { 'ironic-conductor':
}
Ironic_images_setter<||> ~> Service['ironic-conductor']
Ironic_neutron_setter<||> ~> Service['ironic-conductor']

View File

@ -0,0 +1,83 @@
notice('MODULAR: ironic/network.pp')
$network_scheme = hiera('network_scheme', {})
prepare_network_config($network_scheme)
$neutron_config = hiera_hash('quantum_settings')
$pnets = $neutron_config['L2']['phys_nets']
$baremetal_network = get_network_role_property('ironic/baremetal', 'network')
$nameservers = $neutron_config['predefined_networks']['net04']['L3']['nameservers']
$ironic_hash = hiera_hash('fuel-plugin-ironic', {})
$baremetal_L3_allocation_pool = $ironic_hash['l3_allocation_pool']
$baremetal_L3_gateway = $ironic_hash['l3_gateway']
# Physnets
###############################
if $pnets['physnet1'] {
$physnet1 = "physnet1:${pnets['physnet1']['bridge']}"
}
if $pnets['physnet2'] {
$physnet2 = "physnet2:${pnets['physnet2']['bridge']}"
}
$physnet_ironic = "physnet-ironic:br-ironic"
$physnets_array = [$physnet1, $physnet2, $physnet_ironic]
$bridge_mappings = delete_undef_values($physnets_array)
$br_map_str = join($bridge_mappings, ',')
neutron_agent_ovs {
'ovs/bridge_mappings': value => $br_map_str;
}
$flat_networks = ['physnet-ironic']
neutron_plugin_ml2 {
'ml2_type_flat/flat_networks': value => join($flat_networks, ',');
}
service { 'p_neutron-plugin-openvswitch-agent':
ensure => 'running',
enable => true,
provider => 'pacemaker',
}
service { 'p_neutron-dhcp-agent':
ensure => 'running',
enable => true,
provider => 'pacemaker',
}
Neutron_plugin_ml2<||> ~> Service['p_neutron-plugin-openvswitch-agent'] ~> Service['p_neutron-dhcp-agent']
Neutron_agent_ovs<||> ~> Service['p_neutron-plugin-openvswitch-agent'] ~> Service['p_neutron-dhcp-agent']
# Predefined network
###############################
$netdata = {
'L2' => {
network_type => 'flat',
physnet => 'physnet-ironic',
router_ext => 'false',
segment_id => 'null'
},
'L3' => {
enable_dhcp => true,
floating => $baremetal_L3_allocation_pool,
gateway => $baremetal_L3_gateway,
nameservers => $nameservers,
subnet => $baremetal_network
},
'shared' => 'true',
'tenant' => 'admin',
}
openstack::network::create_network{'baremetal':
netdata => $netdata,
segmentation_type => 'flat',
} ->
neutron_router_interface { "router04:baremetal__subnet":
ensure => present,
}
# Order
###############################
Neutron_plugin_ml2<||> -> Neutron_agent_ovs<||> -> Openstack::Network::Create_network<||>

View File

@ -69,72 +69,6 @@ cluster::virtual_ip { 'baremetal' :
}
# Physnets
###############################
if $pnets['physnet1'] {
$physnet1 = "physnet1:${pnets['physnet1']['bridge']}"
}
if $pnets['physnet2'] {
$physnet2 = "physnet2:${pnets['physnet2']['bridge']}"
}
$physnet_ironic = "physnet-ironic:br-ironic"
$physnets_array = [$physnet1, $physnet2, $physnet_ironic]
$bridge_mappings = delete_undef_values($physnets_array)
$br_map_str = join($bridge_mappings, ',')
neutron_agent_ovs {
'ovs/bridge_mappings': value => $br_map_str;
}
$flat_networks = ['physnet-ironic']
neutron_plugin_ml2 {
'ml2_type_flat/flat_networks': value => join($flat_networks, ',');
}
service { 'p_neutron-plugin-openvswitch-agent':
ensure => 'running',
enable => true,
provider => 'pacemaker',
}
service { 'p_neutron-dhcp-agent':
ensure => 'running',
enable => true,
provider => 'pacemaker',
}
Neutron_plugin_ml2<||> ~> Service['p_neutron-plugin-openvswitch-agent'] ~> Service['p_neutron-dhcp-agent']
Neutron_agent_ovs<||> ~> Service['p_neutron-plugin-openvswitch-agent'] ~> Service['p_neutron-dhcp-agent']
# Predefined network
###############################
$netdata = {
'L2' => {
network_type => 'flat',
physnet => 'physnet-ironic',
router_ext => 'false',
segment_id => 'null'
},
'L3' => {
enable_dhcp => true,
floating => $baremetal_L3_allocation_pool,
gateway => $baremetal_L3_gateway,
nameservers => $nameservers,
subnet => $baremetal_network
},
'shared' => 'true',
'tenant' => 'admin',
}
openstack::network::create_network{'baremetal':
netdata => $netdata,
segmentation_type => 'flat',
} ->
neutron_router_interface { "router04:baremetal__subnet":
ensure => present,
}
# Order
###############################
Firewall<||> -> Cluster::Virtual_ip<||> -> Neutron_plugin_ml2<||> -> Neutron_agent_ovs<||> -> Openstack::Network::Create_network<||>
Firewall<||> -> Cluster::Virtual_ip<||>

View File

@ -1,140 +0,0 @@
require 'rubygems'
require 'net/http'
require 'net/https'
require 'json'
require 'puppet/util/inifile'
class KeystoneError < Puppet::Error
end
class KeystoneConnectionError < KeystoneError
end
class KeystoneAPIError < KeystoneError
end
RETRY_COUNT = 10
RETRY_SLEEP = 3
def handle_request(req, url)
begin
use_ssl = url.scheme == "https" ? true : false
http = Net::HTTP.start(url.hostname, url.port, {:use_ssl => use_ssl})
res = http.request(req)
if res.code != '200'
raise KeystoneAPIError, "Received error response from Keystone server at #{url}: #{res.message}"
end
rescue Errno::ECONNREFUSED => detail
raise KeystoneConnectionError, "Failed to connect to Keystone server at #{url}: #{detail}"
rescue SocketError => detail
raise KeystoneConnectionError, "Failed to connect to Keystone server at #{url}: #{detail}"
end
res
end
def keystone_v2_authenticate(auth_url,
username,
password,
tenantId=nil,
tenantName=nil)
post_args = {
'auth' => {
'passwordCredentials' => {
'username' => username,
'password' => password
},
}}
if tenantId
post_args['auth']['tenantId'] = tenantId
end
if tenantName
post_args['auth']['tenantName'] = tenantName
end
url = URI.parse("#{auth_url}/tokens")
req = Net::HTTP::Post.new url.path
req['content-type'] = 'application/json'
req.body = post_args.to_json
res = handle_request(req, url)
data = JSON.parse res.body
return data['access']['token']['id']
end
def neutron_networks(neutron_url, token)
url = URI.parse("#{neutron_url}/networks")
req = Net::HTTP::Get.new url.path
req['content-type'] = 'application/json'
req['x-auth-token'] = token
res = handle_request(req, url)
data = JSON.parse res.body
data['networks']
end
Puppet::Type.type(:ironic_neutron_setter).provide(:ruby) do
@neutron_network = nil
def authenticate
keystone_v2_authenticate(
@resource[:auth_url],
@resource[:auth_username],
@resource[:auth_password],
nil,
@resource[:auth_tenant_name])
end
def find_network_by_name(networks, name)
found_networks = networks.select{|net| net['name'] == name}
if found_networks.length == 1
return found_networks[0]['id']
elsif found_networks.length == 0
raise KeystoneAPIError, "Network with name '#{name}' not found."
elsif found_networks.length > 1
raise KeystoneAPIError, "Found multiple matches for name: '#{name}'"
end
end
def exists?
ini_file = Puppet::Util::IniConfig::File.new
ini_file.read("/etc/ironic/ironic.conf")
ini_file['neutron'] && ini_file['neutron']['cleaning_network_uuid'] && ini_file['neutron']['cleaning_network_uuid'] == neutron_network
end
def create
config
end
def neutron_network
@neutron_network ||= get_neutron_network
end
def get_neutron_network
token = authenticate
RETRY_COUNT.times do |n|
begin
all_networks = neutron_networks(@resource[:neutron_url], token)
rescue => e
debug "Request failed: '#{e.message}' Retry: '#{n}'"
if n == RETRY_COUNT - 1
raise KeystoneAPIError, 'Unable to get networks.'
end
sleep RETRY_SLEEP
next
end
return find_network_by_name(all_networks, 'baremetal')
end
end
def config
Puppet::Type.type(:ironic_config).new(
{:name => "neutron/cleaning_network_uuid", :value => neutron_network}
).provider.create
end
end

View File

@ -1,31 +0,0 @@
Puppet::Type.newtype(:ironic_neutron_setter) do
ensurable
newparam(:name, :namevar => true) do
desc 'The name of the setting to update'
end
newparam(:auth_url) do
desc 'The Keystone endpoint URL'
defaultto 'http://localhost:35357/v2.0'
end
newparam(:auth_username) do
desc 'Username with which to authenticate'
defaultto 'admin'
end
newparam(:auth_password) do
desc 'Password with which to authenticate'
end
newparam(:auth_tenant_name) do
desc 'Tenant name with which to authenticate'
defaultto 'admin'
end
newparam(:neutron_url) do
desc 'Neutron endpoint'
end
end

View File

@ -40,6 +40,16 @@
puppet_modules: puppet/modules:/etc/puppet/modules
timeout: 3600
- id: ironic-network-openstack
groups: ['primary-controller', 'controller']
type: puppet
required_for: [deploy_end]
requires: [openstack-network, ironic-network-ovs]
parameters:
puppet_manifest: puppet/manifests/network-openstack.pp
puppet_modules: puppet/modules:/etc/puppet/modules
timeout: 3600
- id: ironic-db
groups: ['primary-controller']
type: puppet
@ -53,8 +63,8 @@
- id: ironic-upload-images
role: ['primary-controller']
type: shell
required_for: [post_deployment_end]
requires: [enable_quorum]
required_for: [ironic-conductor-config]
requires: [enable_quorum, enable_rados]
parameters:
cmd: ruby upload_images.rb
retries: 3
@ -75,7 +85,7 @@
role: ['primary-controller']
type: shell
required_for: [post_deployment_end]
requires: [enable_quorum]
requires: [enable_quorum, enable_rados]
parameters:
cmd: ruby post_swift_key.rb
retries: 3
@ -86,7 +96,7 @@
groups: ['primary-controller', 'controller']
type: puppet
required_for: [deploy_end, controller_remaining_tasks]
requires: [openstack-controller, ironic-db, ironic-network, ironic-haproxy, swift]
requires: [openstack-controller, ironic-db, ironic-network, ironic-haproxy]
parameters:
puppet_manifest: puppet/manifests/ironic.pp
puppet_modules: puppet/modules:/etc/puppet/modules

View File

@ -2,7 +2,7 @@ attributes:
metadata:
restrictions:
- "cluster:net_provider != 'neutron' or networking_parameters:segmentation_type != 'vlan'": "Ironic requires Neutron with VLAN segmentation."
- "settings:storage.images_ceph.value == true": "Ironic requires Swift as a backend for Glance image service."
- "settings:storage.images_ceph.value == true": "Ironic requires Swift API for Glance image service."
password:
value: "I_love_plugins"
label: "Password for user, db and swift"

View File

@ -21,5 +21,5 @@ export BOOTSTRAP_SSH_KEYS="${key_file}.pub"
export AGENT_PACKAGE_PATH="${package_path}/repositories/ubuntu"
mkdir -p "${DESTDIR}"
${deployment_scripts_path}/fuel-bootstrap-image-builder/bin/fuel-bootstrap-image
#${deployment_scripts_path}/fuel-bootstrap-image-builder/bin/fuel-bootstrap-image
chmod 755 -R "${DESTDIR}"