openstack
/
puppet-tripleo
Code Issues Proposed changes

Add support for separate VIP in ovn_dbs 

We make the manifest contemplate the fact that ovn_dbs might have
its own separate DB. This way when I620e37117c26b5b51bf9e1eda91daeb00fdf0f43
lands and OVN DB will have its own separate VIP, it will all just work.

We also switch the explicit ordering constraints around pacemaker
resources to collectors, so the case of non existing resources (like the
separate VIP for ovn_dbs) will automatically work.

In the case of separate VIP and stack update we also add code to remove
the additional constraints that were imposed on the internal API VIP due
to being part of haproxy.

Related-Bug: #1841811
Depends-On: I8f7f5534ab3d053ba07d4fd56975e02b3f83eedc
Change-Id: Ic62b0fbc0fee40638811a5cd77a5dc5a4d82acf5
This commit is contained in:
Michele Baldessari 2019-07-25 11:21:59 +02:00
parent 2fede0c3af
commit 6b05849ab9
1 changed files with 85 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

89
manifests/profile/pacemaker/ovn_dbs_bundle.pp
View File

@ -52,6 +52,14 @@
# The TCP port in which the OVN Southbound DB listens to.
# Defaults to 6642
#
# [*meta_params*]
# (optional) Additional meta parameters to pass to "pcs resource create" for the VIP
# Defaults to ''
#
# [*op_params*]
# (optional) Additional op parameters to pass to "pcs resource create" for the VIP
# Defaults to ''
#
# [*container_backend*]
# (optional) Container backend to use when creating the bundle
# Defaults to 'docker'
@ -79,6 +87,8 @@ class tripleo::profile::pacemaker::ovn_dbs_bundle (
$ovn_dbs_vip = hiera('ovn_dbs_vip'),
$nb_db_port = 6641,
$sb_db_port = 6642,
$meta_params = '',
$op_params = '',
$container_backend = 'docker',
$tls_priorities = hiera('tripleo::pacemaker::tls_priorities', undef),
$enable_internal_tls = hiera('enable_internal_tls', false),
@ -201,6 +211,45 @@ nb_master_protocol=ssl sb_master_protocol=ssl"
bundle => 'ovn-dbs-bundle',
}
# This code tells us if ovn_dbs is using a separate ip or is using a the per-network VIP
$ovn_dbs_network = hiera('ovn_dbs_network', undef)
$net_vip_map = hiera('network_virtual_ips', undef)
if $ovn_dbs_network != undef and $net_vip_map != undef and $ovn_dbs_network in $net_vip_map {
$old_vip = $net_vip_map[$ovn_dbs_network]['ip_address']
if $old_vip != $ovn_dbs_vip {
$ovn_separate_vip = true
} else {
$ovn_separate_vip = false
}
} else {
$ovn_separate_vip = false
}
# We create a separate VIP only in case OVN has been configured so via THT
# in the non-separate case it will be created in the haproxy vip manifests
if $ovn_separate_vip {
if is_ipv6_address($ovn_dbs_vip) {
$netmask = '128'
$nic = interface_for_ip($ovn_dbs_vip)
$ipv6_addrlabel = '99'
} else {
$netmask = '32'
$nic = ''
$ipv6_addrlabel = ''
}
pacemaker::resource::ip { "${ovndb_vip_resource_name}":
ip_address => $ovn_dbs_vip,
cidr_netmask => $netmask,
nic => $nic,
ipv6_addrlabel => $ipv6_addrlabel,
location_rule => $ovn_dbs_location_rule,
meta_params => "resource-stickiness=INFINITY ${meta_params}",
op_params => $op_params,
tries => $pcs_tries,
}
}
pacemaker::constraint::colocation { "${ovndb_vip_resource_name}-with-${ovndb_servers_resource_name}":
source => "${ovndb_vip_resource_name}",
target => 'ovn-dbs-bundle',
@ -218,10 +267,42 @@ nb_master_protocol=ssl sb_master_protocol=ssl"
tries => $pcs_tries,
}
Pacemaker::Resource::Bundle['ovn-dbs-bundle']
-> Pacemaker::Resource::Ocf["${ovndb_servers_resource_name}"]
-> Pacemaker::Constraint::Order["${ovndb_vip_resource_name}-with-${ovndb_servers_resource_name}"]
-> Pacemaker::Constraint::Colocation["${ovndb_vip_resource_name}-with-${ovndb_servers_resource_name}"]
# (bandini) we can remove this old constraint removal piece once queens is out of support
# If we do a minor update or a redeploy against a cloud that did not already have the
# separate OVN VIP, we want to be sure that the old constraints are gone. At this
# point we cannot use the ovndb_resource_name because that is now the new IP
# To be on the safe side, we fetch the network that ovn_dbs is supposed to listen on
# hiera('ovn_dbs_network') and find out the VIP on that network
# NB: we cannot use ensure -> absent and a pacmeaker constraint resource because we would
# get duplicate resource errors, hence the exec usage
if hiera('stack_action') == 'UPDATE' and $ovn_separate_vip {
# We only remove these constraints if we're sure the ovn_dbs VIP is different
# from the old VIP
$old_vip_name = "ip-${old_vip}"
$old_order_constraint = "order-ovn-dbs-bundle-${old_vip_name}-Optional"
exec { "remove-old-${old_vip_name}-order-${ovndb_servers_resource_name}":
command => "pcs constraint remove ${old_order_constraint}",
onlyif => "pcs constraint order --full | egrep -q 'id:${old_order_constraint}'",
tries => $pcs_tries,
path => ['/sbin', '/usr/sbin', '/bin', '/usr/bin'],
tag => 'ovn_dbs_remove_old_cruft',
}
$old_colocation_constraint = "colocation-${old_vip_name}-ovn-dbs-bundle-INFINITY"
exec { "remove-old-${old_vip_name}-colocation-${ovndb_servers_resource_name}":
command => "pcs constraint remove ${old_colocation_constraint}",
onlyif => "pcs constraint colocation --full | egrep -q 'id:${old_colocation_constraint}'",
tries => $pcs_tries,
path => ['/sbin', '/usr/sbin', '/bin', '/usr/bin'],
tag => 'ovn_dbs_remove_old_cruft',
}
}
# End of constraint removal section
Pcmk_bundle<| title == 'ovn-dbs-bundle' |>
-> Pcmk_resource<| title == "${ovndb_servers_resource_name}" |>
-> Pcmk_resource<| title == "${ovndb_vip_resource_name}" |>
-> Pcmk_constraint<| title == "${ovndb_vip_resource_name}-with-${ovndb_servers_resource_name}" |>
-> Pcmk_constraint<| title == "${ovndb_vip_resource_name}-with-${ovndb_servers_resource_name}" |>
}
}
}