Fix networking
Change-Id: Ia13b5dede144ac61eb9782ba97365510836f1507
This commit is contained in:
parent
62cc584675
commit
7a7d7ae768
|
@ -1,6 +1,7 @@
|
|||
notice('MODULAR: ironic/haproxy.pp')
|
||||
|
||||
$network_metadata = hiera_hash('network_metadata')
|
||||
$storage_hash = hiera_hash('storage', {})
|
||||
$public_ssl_hash = hiera('public_ssl')
|
||||
|
||||
$ironic_api_nodes = get_nodes_hash_by_roles($network_metadata, ['primary-controller', 'controller'])
|
||||
|
@ -8,14 +9,21 @@ $ironic_address_map = get_node_to_ipaddr_map_by_network_role($ironic_api_nodes,
|
|||
$ironic_server_names = hiera_array('ironic_names', keys($ironic_address_map))
|
||||
$ironic_ipaddresses = hiera_array('ironic_ipaddresses', values($ironic_address_map))
|
||||
|
||||
$swift_proxies_address_map = get_node_to_ipaddr_map_by_network_role(hiera_hash('swift_proxies', undef), 'swift/api')
|
||||
$swift_server_names = hiera_array('swift_server_names', keys($swift_proxies_address_map))
|
||||
$swift_ipaddresses = hiera_array('swift_ipaddresses', values($swift_proxies_address_map))
|
||||
|
||||
$public_virtual_ip = hiera('public_vip')
|
||||
$internal_virtual_ip = hiera('management_vip')
|
||||
$baremetal_virtual_ip = $network_metadata['vips']['baremetal']['ipaddr']
|
||||
|
||||
if !($storage_hash['images_ceph'] and $storage_hash['objects_ceph']) and !$storage_hash['images_vcenter'] {
|
||||
$use_swift = true
|
||||
} else {
|
||||
$use_swift = false
|
||||
}
|
||||
if !($use_swift) and ($storage_hash['objects_ceph']) {
|
||||
$use_radosgw = true
|
||||
} else {
|
||||
$use_radosgw = false
|
||||
}
|
||||
|
||||
Openstack::Ha::Haproxy_service {
|
||||
ipaddresses => $ironic_ipaddresses,
|
||||
public_virtual_ip => $public_virtual_ip,
|
||||
|
@ -42,17 +50,44 @@ openstack::ha::haproxy_service { 'ironic-baremetal':
|
|||
internal_virtual_ip => $baremetal_virtual_ip,
|
||||
}
|
||||
|
||||
openstack::ha::haproxy_service { 'swift-baremetal':
|
||||
order => '125',
|
||||
listen_port => 8080,
|
||||
ipaddresses => $swift_ipaddresses,
|
||||
server_names => $swift_server_names,
|
||||
public => false,
|
||||
public_ssl => false,
|
||||
public_virtual_ip => false,
|
||||
internal_virtual_ip => $baremetal_virtual_ip,
|
||||
haproxy_config_options => {
|
||||
'option' => ['httpchk', 'httplog', 'httpclose'],
|
||||
},
|
||||
balancermember_options => 'check port 49001 inter 15s fastinter 2s downinter 8s rise 3 fall 3',
|
||||
if $use_swift {
|
||||
$swift_proxies_address_map = get_node_to_ipaddr_map_by_network_role(hiera_hash('swift_proxies', undef), 'swift/api')
|
||||
$swift_server_names = hiera_array('swift_server_names', keys($swift_proxies_address_map))
|
||||
$swift_ipaddresses = hiera_array('swift_ipaddresses', values($swift_proxies_address_map))
|
||||
|
||||
openstack::ha::haproxy_service { 'swift-baremetal':
|
||||
order => '125',
|
||||
listen_port => 8080,
|
||||
ipaddresses => $swift_ipaddresses,
|
||||
server_names => $swift_server_names,
|
||||
public => false,
|
||||
public_ssl => false,
|
||||
public_virtual_ip => false,
|
||||
internal_virtual_ip => $baremetal_virtual_ip,
|
||||
haproxy_config_options => {
|
||||
'option' => ['httpchk', 'httplog', 'httpclose'],
|
||||
},
|
||||
balancermember_options => 'check port 49001 inter 15s fastinter 2s downinter 8s rise 3 fall 3',
|
||||
}
|
||||
}
|
||||
|
||||
if $use_radosgw {
|
||||
$rgw_address_map = get_node_to_ipaddr_map_by_network_role(hiera_hash('ceph_rgw_nodes'), 'ceph/radosgw')
|
||||
$rgw_server_names = hiera_array('radosgw_server_names', keys($rgw_address_map))
|
||||
$rgw_ipaddresses = hiera_array('radosgw_ipaddresses', values($rgw_address_map))
|
||||
|
||||
openstack::ha::haproxy_service { 'radosgw-baremetal':
|
||||
order => '135',
|
||||
listen_port => 8080,
|
||||
balancermember_port => 6780,
|
||||
ipaddresses => $rgw_ipaddresses,
|
||||
server_names => $rgw_server_names,
|
||||
public => false,
|
||||
public_ssl => false,
|
||||
public_virtual_ip => false,
|
||||
internal_virtual_ip => $baremetal_virtual_ip,
|
||||
haproxy_config_options => {
|
||||
'option' => ['httplog', 'httpchk GET /'],
|
||||
},
|
||||
}
|
||||
}
|
||||
|
|
|
@ -3,7 +3,6 @@ notice('MODULAR: ironic/ironic-conductor-config.pp')
|
|||
$ironic_hash = hiera_hash('fuel-plugin-ironic', {})
|
||||
$management_vip = hiera('management_vip')
|
||||
$keystone_endpoint = hiera('keystone_endpoint', $management_vip)
|
||||
$neutron_endpoint = hiera('neutron_endpoint', $management_vip)
|
||||
|
||||
$ironic_tenant = pick($ironic_hash['tenant'],'services')
|
||||
$ironic_user = pick($ironic_hash['user'],'ironic')
|
||||
|
@ -20,15 +19,6 @@ ironic_images_setter {'ironic_images':
|
|||
glance_url => "http://${management_vip}:9292/v2.0/",
|
||||
}
|
||||
|
||||
ironic_neutron_setter {'ironic_network':
|
||||
ensure => present,
|
||||
auth_url => "http://${keystone_endpoint}:5000/v2.0/",
|
||||
auth_username => $ironic_user,
|
||||
auth_password => $ironic_user_password,
|
||||
auth_tenant_name => $ironic_tenant,
|
||||
neutron_url => "http://${neutron_endpoint}:9696/v2.0/",
|
||||
}
|
||||
|
||||
service { 'ironic-conductor':
|
||||
ensure => 'running',
|
||||
name => $::ironic::params::conductor_service,
|
||||
|
@ -38,4 +28,3 @@ service { 'ironic-conductor':
|
|||
}
|
||||
|
||||
Ironic_images_setter<||> ~> Service['ironic-conductor']
|
||||
Ironic_neutron_setter<||> ~> Service['ironic-conductor']
|
||||
|
|
|
@ -0,0 +1,83 @@
|
|||
notice('MODULAR: ironic/network.pp')
|
||||
|
||||
$network_scheme = hiera('network_scheme', {})
|
||||
prepare_network_config($network_scheme)
|
||||
$neutron_config = hiera_hash('quantum_settings')
|
||||
$pnets = $neutron_config['L2']['phys_nets']
|
||||
$baremetal_network = get_network_role_property('ironic/baremetal', 'network')
|
||||
$nameservers = $neutron_config['predefined_networks']['net04']['L3']['nameservers']
|
||||
|
||||
$ironic_hash = hiera_hash('fuel-plugin-ironic', {})
|
||||
$baremetal_L3_allocation_pool = $ironic_hash['l3_allocation_pool']
|
||||
$baremetal_L3_gateway = $ironic_hash['l3_gateway']
|
||||
|
||||
|
||||
# Physnets
|
||||
###############################
|
||||
if $pnets['physnet1'] {
|
||||
$physnet1 = "physnet1:${pnets['physnet1']['bridge']}"
|
||||
}
|
||||
if $pnets['physnet2'] {
|
||||
$physnet2 = "physnet2:${pnets['physnet2']['bridge']}"
|
||||
}
|
||||
$physnet_ironic = "physnet-ironic:br-ironic"
|
||||
$physnets_array = [$physnet1, $physnet2, $physnet_ironic]
|
||||
$bridge_mappings = delete_undef_values($physnets_array)
|
||||
|
||||
$br_map_str = join($bridge_mappings, ',')
|
||||
neutron_agent_ovs {
|
||||
'ovs/bridge_mappings': value => $br_map_str;
|
||||
}
|
||||
|
||||
$flat_networks = ['physnet-ironic']
|
||||
neutron_plugin_ml2 {
|
||||
'ml2_type_flat/flat_networks': value => join($flat_networks, ',');
|
||||
}
|
||||
|
||||
service { 'p_neutron-plugin-openvswitch-agent':
|
||||
ensure => 'running',
|
||||
enable => true,
|
||||
provider => 'pacemaker',
|
||||
}
|
||||
service { 'p_neutron-dhcp-agent':
|
||||
ensure => 'running',
|
||||
enable => true,
|
||||
provider => 'pacemaker',
|
||||
}
|
||||
|
||||
Neutron_plugin_ml2<||> ~> Service['p_neutron-plugin-openvswitch-agent'] ~> Service['p_neutron-dhcp-agent']
|
||||
Neutron_agent_ovs<||> ~> Service['p_neutron-plugin-openvswitch-agent'] ~> Service['p_neutron-dhcp-agent']
|
||||
|
||||
|
||||
# Predefined network
|
||||
###############################
|
||||
$netdata = {
|
||||
'L2' => {
|
||||
network_type => 'flat',
|
||||
physnet => 'physnet-ironic',
|
||||
router_ext => 'false',
|
||||
segment_id => 'null'
|
||||
},
|
||||
'L3' => {
|
||||
enable_dhcp => true,
|
||||
floating => $baremetal_L3_allocation_pool,
|
||||
gateway => $baremetal_L3_gateway,
|
||||
nameservers => $nameservers,
|
||||
subnet => $baremetal_network
|
||||
},
|
||||
'shared' => 'true',
|
||||
'tenant' => 'admin',
|
||||
}
|
||||
|
||||
openstack::network::create_network{'baremetal':
|
||||
netdata => $netdata,
|
||||
segmentation_type => 'flat',
|
||||
} ->
|
||||
neutron_router_interface { "router04:baremetal__subnet":
|
||||
ensure => present,
|
||||
}
|
||||
|
||||
|
||||
# Order
|
||||
###############################
|
||||
Neutron_plugin_ml2<||> -> Neutron_agent_ovs<||> -> Openstack::Network::Create_network<||>
|
|
@ -69,72 +69,6 @@ cluster::virtual_ip { 'baremetal' :
|
|||
}
|
||||
|
||||
|
||||
# Physnets
|
||||
###############################
|
||||
if $pnets['physnet1'] {
|
||||
$physnet1 = "physnet1:${pnets['physnet1']['bridge']}"
|
||||
}
|
||||
if $pnets['physnet2'] {
|
||||
$physnet2 = "physnet2:${pnets['physnet2']['bridge']}"
|
||||
}
|
||||
$physnet_ironic = "physnet-ironic:br-ironic"
|
||||
$physnets_array = [$physnet1, $physnet2, $physnet_ironic]
|
||||
$bridge_mappings = delete_undef_values($physnets_array)
|
||||
|
||||
$br_map_str = join($bridge_mappings, ',')
|
||||
neutron_agent_ovs {
|
||||
'ovs/bridge_mappings': value => $br_map_str;
|
||||
}
|
||||
|
||||
$flat_networks = ['physnet-ironic']
|
||||
neutron_plugin_ml2 {
|
||||
'ml2_type_flat/flat_networks': value => join($flat_networks, ',');
|
||||
}
|
||||
|
||||
service { 'p_neutron-plugin-openvswitch-agent':
|
||||
ensure => 'running',
|
||||
enable => true,
|
||||
provider => 'pacemaker',
|
||||
}
|
||||
service { 'p_neutron-dhcp-agent':
|
||||
ensure => 'running',
|
||||
enable => true,
|
||||
provider => 'pacemaker',
|
||||
}
|
||||
|
||||
Neutron_plugin_ml2<||> ~> Service['p_neutron-plugin-openvswitch-agent'] ~> Service['p_neutron-dhcp-agent']
|
||||
Neutron_agent_ovs<||> ~> Service['p_neutron-plugin-openvswitch-agent'] ~> Service['p_neutron-dhcp-agent']
|
||||
|
||||
|
||||
# Predefined network
|
||||
###############################
|
||||
$netdata = {
|
||||
'L2' => {
|
||||
network_type => 'flat',
|
||||
physnet => 'physnet-ironic',
|
||||
router_ext => 'false',
|
||||
segment_id => 'null'
|
||||
},
|
||||
'L3' => {
|
||||
enable_dhcp => true,
|
||||
floating => $baremetal_L3_allocation_pool,
|
||||
gateway => $baremetal_L3_gateway,
|
||||
nameservers => $nameservers,
|
||||
subnet => $baremetal_network
|
||||
},
|
||||
'shared' => 'true',
|
||||
'tenant' => 'admin',
|
||||
}
|
||||
|
||||
openstack::network::create_network{'baremetal':
|
||||
netdata => $netdata,
|
||||
segmentation_type => 'flat',
|
||||
} ->
|
||||
neutron_router_interface { "router04:baremetal__subnet":
|
||||
ensure => present,
|
||||
}
|
||||
|
||||
|
||||
# Order
|
||||
###############################
|
||||
Firewall<||> -> Cluster::Virtual_ip<||> -> Neutron_plugin_ml2<||> -> Neutron_agent_ovs<||> -> Openstack::Network::Create_network<||>
|
||||
Firewall<||> -> Cluster::Virtual_ip<||>
|
||||
|
|
|
@ -1,140 +0,0 @@
|
|||
require 'rubygems'
|
||||
require 'net/http'
|
||||
require 'net/https'
|
||||
require 'json'
|
||||
require 'puppet/util/inifile'
|
||||
|
||||
class KeystoneError < Puppet::Error
|
||||
end
|
||||
|
||||
class KeystoneConnectionError < KeystoneError
|
||||
end
|
||||
|
||||
class KeystoneAPIError < KeystoneError
|
||||
end
|
||||
|
||||
RETRY_COUNT = 10
|
||||
RETRY_SLEEP = 3
|
||||
|
||||
def handle_request(req, url)
|
||||
begin
|
||||
use_ssl = url.scheme == "https" ? true : false
|
||||
http = Net::HTTP.start(url.hostname, url.port, {:use_ssl => use_ssl})
|
||||
res = http.request(req)
|
||||
|
||||
if res.code != '200'
|
||||
raise KeystoneAPIError, "Received error response from Keystone server at #{url}: #{res.message}"
|
||||
end
|
||||
rescue Errno::ECONNREFUSED => detail
|
||||
raise KeystoneConnectionError, "Failed to connect to Keystone server at #{url}: #{detail}"
|
||||
rescue SocketError => detail
|
||||
raise KeystoneConnectionError, "Failed to connect to Keystone server at #{url}: #{detail}"
|
||||
end
|
||||
|
||||
res
|
||||
end
|
||||
|
||||
def keystone_v2_authenticate(auth_url,
|
||||
username,
|
||||
password,
|
||||
tenantId=nil,
|
||||
tenantName=nil)
|
||||
|
||||
post_args = {
|
||||
'auth' => {
|
||||
'passwordCredentials' => {
|
||||
'username' => username,
|
||||
'password' => password
|
||||
},
|
||||
}}
|
||||
|
||||
if tenantId
|
||||
post_args['auth']['tenantId'] = tenantId
|
||||
end
|
||||
|
||||
if tenantName
|
||||
post_args['auth']['tenantName'] = tenantName
|
||||
end
|
||||
|
||||
url = URI.parse("#{auth_url}/tokens")
|
||||
req = Net::HTTP::Post.new url.path
|
||||
req['content-type'] = 'application/json'
|
||||
req.body = post_args.to_json
|
||||
|
||||
res = handle_request(req, url)
|
||||
data = JSON.parse res.body
|
||||
return data['access']['token']['id']
|
||||
end
|
||||
|
||||
def neutron_networks(neutron_url, token)
|
||||
|
||||
url = URI.parse("#{neutron_url}/networks")
|
||||
req = Net::HTTP::Get.new url.path
|
||||
req['content-type'] = 'application/json'
|
||||
req['x-auth-token'] = token
|
||||
|
||||
res = handle_request(req, url)
|
||||
data = JSON.parse res.body
|
||||
data['networks']
|
||||
end
|
||||
|
||||
Puppet::Type.type(:ironic_neutron_setter).provide(:ruby) do
|
||||
@neutron_network = nil
|
||||
|
||||
def authenticate
|
||||
keystone_v2_authenticate(
|
||||
@resource[:auth_url],
|
||||
@resource[:auth_username],
|
||||
@resource[:auth_password],
|
||||
nil,
|
||||
@resource[:auth_tenant_name])
|
||||
end
|
||||
|
||||
def find_network_by_name(networks, name)
|
||||
found_networks = networks.select{|net| net['name'] == name}
|
||||
if found_networks.length == 1
|
||||
return found_networks[0]['id']
|
||||
elsif found_networks.length == 0
|
||||
raise KeystoneAPIError, "Network with name '#{name}' not found."
|
||||
elsif found_networks.length > 1
|
||||
raise KeystoneAPIError, "Found multiple matches for name: '#{name}'"
|
||||
end
|
||||
end
|
||||
|
||||
def exists?
|
||||
ini_file = Puppet::Util::IniConfig::File.new
|
||||
ini_file.read("/etc/ironic/ironic.conf")
|
||||
ini_file['neutron'] && ini_file['neutron']['cleaning_network_uuid'] && ini_file['neutron']['cleaning_network_uuid'] == neutron_network
|
||||
end
|
||||
|
||||
def create
|
||||
config
|
||||
end
|
||||
|
||||
def neutron_network
|
||||
@neutron_network ||= get_neutron_network
|
||||
end
|
||||
|
||||
def get_neutron_network
|
||||
token = authenticate
|
||||
RETRY_COUNT.times do |n|
|
||||
begin
|
||||
all_networks = neutron_networks(@resource[:neutron_url], token)
|
||||
rescue => e
|
||||
debug "Request failed: '#{e.message}' Retry: '#{n}'"
|
||||
if n == RETRY_COUNT - 1
|
||||
raise KeystoneAPIError, 'Unable to get networks.'
|
||||
end
|
||||
sleep RETRY_SLEEP
|
||||
next
|
||||
end
|
||||
return find_network_by_name(all_networks, 'baremetal')
|
||||
end
|
||||
end
|
||||
|
||||
def config
|
||||
Puppet::Type.type(:ironic_config).new(
|
||||
{:name => "neutron/cleaning_network_uuid", :value => neutron_network}
|
||||
).provider.create
|
||||
end
|
||||
end
|
|
@ -1,31 +0,0 @@
|
|||
Puppet::Type.newtype(:ironic_neutron_setter) do
|
||||
|
||||
ensurable
|
||||
|
||||
newparam(:name, :namevar => true) do
|
||||
desc 'The name of the setting to update'
|
||||
end
|
||||
|
||||
newparam(:auth_url) do
|
||||
desc 'The Keystone endpoint URL'
|
||||
defaultto 'http://localhost:35357/v2.0'
|
||||
end
|
||||
|
||||
newparam(:auth_username) do
|
||||
desc 'Username with which to authenticate'
|
||||
defaultto 'admin'
|
||||
end
|
||||
|
||||
newparam(:auth_password) do
|
||||
desc 'Password with which to authenticate'
|
||||
end
|
||||
|
||||
newparam(:auth_tenant_name) do
|
||||
desc 'Tenant name with which to authenticate'
|
||||
defaultto 'admin'
|
||||
end
|
||||
|
||||
newparam(:neutron_url) do
|
||||
desc 'Neutron endpoint'
|
||||
end
|
||||
end
|
|
@ -40,6 +40,16 @@
|
|||
puppet_modules: puppet/modules:/etc/puppet/modules
|
||||
timeout: 3600
|
||||
|
||||
- id: ironic-network-openstack
|
||||
groups: ['primary-controller', 'controller']
|
||||
type: puppet
|
||||
required_for: [deploy_end]
|
||||
requires: [openstack-network, ironic-network-ovs]
|
||||
parameters:
|
||||
puppet_manifest: puppet/manifests/network-openstack.pp
|
||||
puppet_modules: puppet/modules:/etc/puppet/modules
|
||||
timeout: 3600
|
||||
|
||||
- id: ironic-db
|
||||
groups: ['primary-controller']
|
||||
type: puppet
|
||||
|
@ -53,8 +63,8 @@
|
|||
- id: ironic-upload-images
|
||||
role: ['primary-controller']
|
||||
type: shell
|
||||
required_for: [post_deployment_end]
|
||||
requires: [enable_quorum]
|
||||
required_for: [ironic-conductor-config]
|
||||
requires: [enable_quorum, enable_rados]
|
||||
parameters:
|
||||
cmd: ruby upload_images.rb
|
||||
retries: 3
|
||||
|
@ -75,7 +85,7 @@
|
|||
role: ['primary-controller']
|
||||
type: shell
|
||||
required_for: [post_deployment_end]
|
||||
requires: [enable_quorum]
|
||||
requires: [enable_quorum, enable_rados]
|
||||
parameters:
|
||||
cmd: ruby post_swift_key.rb
|
||||
retries: 3
|
||||
|
@ -86,7 +96,7 @@
|
|||
groups: ['primary-controller', 'controller']
|
||||
type: puppet
|
||||
required_for: [deploy_end, controller_remaining_tasks]
|
||||
requires: [openstack-controller, ironic-db, ironic-network, ironic-haproxy, swift]
|
||||
requires: [openstack-controller, ironic-db, ironic-network, ironic-haproxy]
|
||||
parameters:
|
||||
puppet_manifest: puppet/manifests/ironic.pp
|
||||
puppet_modules: puppet/modules:/etc/puppet/modules
|
||||
|
|
|
@ -2,7 +2,7 @@ attributes:
|
|||
metadata:
|
||||
restrictions:
|
||||
- "cluster:net_provider != 'neutron' or networking_parameters:segmentation_type != 'vlan'": "Ironic requires Neutron with VLAN segmentation."
|
||||
- "settings:storage.images_ceph.value == true": "Ironic requires Swift as a backend for Glance image service."
|
||||
- "settings:storage.images_ceph.value == true": "Ironic requires Swift API for Glance image service."
|
||||
password:
|
||||
value: "I_love_plugins"
|
||||
label: "Password for user, db and swift"
|
||||
|
|
|
@ -21,5 +21,5 @@ export BOOTSTRAP_SSH_KEYS="${key_file}.pub"
|
|||
export AGENT_PACKAGE_PATH="${package_path}/repositories/ubuntu"
|
||||
|
||||
mkdir -p "${DESTDIR}"
|
||||
${deployment_scripts_path}/fuel-bootstrap-image-builder/bin/fuel-bootstrap-image
|
||||
#${deployment_scripts_path}/fuel-bootstrap-image-builder/bin/fuel-bootstrap-image
|
||||
chmod 755 -R "${DESTDIR}"
|
||||
|
|
Loading…
Reference in New Issue