openstack
/
openstack-virtual-baremetal
Code Issues Proposed changes

Merge "Add IPv6 radvd and dhcpv6 relay support"

This commit is contained in:
Zuul 2020-09-14 16:24:36 +00:00 committed by Gerrit Code Review
parent a953a5ebb4 135786a9ca
commit b82dc6dfc9
13 changed files with 388 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
doc/source/deploy/environment-index.rst
View File

@ -158,8 +158,21 @@ Configuration for Routed Networks
**File:** environments/routed-networks-configuration.yaml
**Description:** Contains the available parameters that need to be configured when using
a routed networks environment. Requires the routed-networks.yaml
environment.
a routed networks environment. Requires the routed-networks.yaml or
routed-networks-ipv6.yaml environment.
Enable Routed Networks IPv6
---------------------------
**File:** environments/routed-networks-ipv6.yaml
**Description:** Enable use of routed IPv6 networks, where there may be multiple separate
networks connected with a router, router advertisement daemon (radvd),
and DHCP relay. Do not pass any other network configuration environments
after this one or they may override the changes made by this environment.
When this environment is in use, the routed-networks-configuration
environment should usually be included as well.
Base Role Configuration for Routed Networks

4
environments/routed-networks-configuration.yaml
View File

@ -7,8 +7,8 @@
# title: Configuration for Routed Networks
# description: |
# Contains the available parameters that need to be configured when using
# a routed networks environment. Requires the routed-networks.yaml
# environment.
# a routed networks environment. Requires the routed-networks.yaml or
# routed-networks-ipv6.yaml environment.
parameter_defaults:
# The IP addresses of DHCP servers to relay DHCP requests to.
# Mandatory. This parameter must be set by the user.

20
environments/routed-networks-ipv6.yaml Normal file
View File

@ -0,0 +1,20 @@
# *******************************************************************
# This file was created automatically by the sample environment
# generator. Developers should use `tox -e genconfig` to update it.
# Users are recommended to make changes to a copy of the file instead
# of the original, if any customizations are needed.
# *******************************************************************
# title: Enable Routed Networks IPv6
# description: |
# Enable use of routed IPv6 networks, where there may be multiple separate
# networks connected with a router, router advertisement daemon (radvd),
# and DHCP relay. Do not pass any other network configuration environments
# after this one or they may override the changes made by this environment.
# When this environment is in use, the routed-networks-configuration
# environment should usually be included as well.
resource_registry:
OS::OVB::BaremetalNetworks: ../templates/baremetal-networks-routed.yaml
OS::OVB::DHCPRelay: ../templates/dhcpv6-relay.yaml
OS::OVB::ProvisionNetRouter: OS::Heat::None
OS::OVB::ProvisionNetRouterInterface: OS::Heat::None
OS::OVB::UndercloudNetworks: ../templates/undercloud-networks-routed.yaml

20
sample-env-generator/environments.yaml
View File

@ -198,8 +198,8 @@ environments:
title: Configuration for Routed Networks
description: |
Contains the available parameters that need to be configured when using
a routed networks environment. Requires the routed-networks.yaml
environment.
a routed networks environment. Requires the routed-networks.yaml or
routed-networks-ipv6.yaml environment.
files:
templates/dhcp-relay.yaml:
parameters:
@ -224,6 +224,22 @@ environments:
OS::OVB::UndercloudNetworks: ../templates/undercloud-networks-routed.yaml
OS::OVB::BaremetalNetworks: ../templates/baremetal-networks-routed.yaml
OS::OVB::DHCPRelay: ../templates/dhcp-relay.yaml
-
name: routed-networks-ipv6
title: Enable Routed Networks IPv6
description: |
Enable use of routed IPv6 networks, where there may be multiple separate
networks connected with a router, router advertisement daemon (radvd),
and DHCP relay. Do not pass any other network configuration environments
after this one or they may override the changes made by this environment.
When this environment is in use, the routed-networks-configuration
environment should usually be included as well.
resource_registry:
OS::OVB::UndercloudNetworks: ../templates/undercloud-networks-routed.yaml
OS::OVB::BaremetalNetworks: ../templates/baremetal-networks-routed.yaml
OS::OVB::DHCPRelay: ../templates/dhcpv6-relay.yaml
OS::OVB::ProvisionNetRouter: OS::Heat::None
OS::OVB::ProvisionNetRouterInterface: OS::Heat::None
-
name: routed-networks-role
title: Base Role Configuration for Routed Networks

3
templates/dhcp-relay.yaml
View File

@ -50,6 +50,9 @@ parameters:
private_net:
type: string
provision_network_routers_data:
type: json
description: A map with provision network router data
resources:
dhcp_relay_port_private:

284
templates/dhcpv6-relay.yaml Normal file
View File

@ -0,0 +1,284 @@
heat_template_version: 2016-10-14
parameters:
key_name:
type: string
default: default
description: Nova keypair to inject into the undercloud and bmc
dhcp_relay_flavor:
type: string
default: m1.small
description: The Nova flavor to use for the dhcrelay instance
dhcp_relay_image:
type: string
default: CentOS-7-x86_64-GenericCloud
description: |
The base image for the dhcrelay instance. A CentOS 7 image is currently
the only one supported.
provision_net_cidr:
type: string
description: CIDR for provision network subnet
default: fd12:3456:789a:1::/64
provision_net2_cidr:
type: string
description: CIDR for second provision network subnet
default: fd12:3456:789a:2::/64
provision_net3_cidr:
type: string
description: CIDR for third provision network subnet
default: fd12:3456:789a:3::/64
IPv6_dhcpv6-statefull:
type: boolean
description: |
Controls radvd parameters AdvManagedFlag and AdvAutonomous. For stateful
addressing these should be AdvManagedFlag: on, AdvAutonomous: off, for
statelss (SLAAC) these should be AdvManagedFlag: off, AdvAutonomous: on.
default: false
dhcp_ips:
# Ignored parameter for compatibility with dhcp-relay.yaml
type: json
description: |
The IP addresses of DHCP servers to relay DHCP requests to.
networks:
# Ignored parameter for compatibility with dhcp-relay.yaml
type: json
private_net:
type: string
provision_network_routers_data:
type: json
description: A map with provision network router data
NtpPool:
default: pool.ntp.org
description: |
NTP pool, the pool name is expected to resolve to multiple addresses which
might change over time. For IPv6 overclouds the radvd-and-dhcrelay
instance can act as the NTP server.
type: string
conditions:
dhcpv6-statefull:
get_param: IPv6_dhcpv6-statefull
resources:
dhcp_relay_port_private:
type: OS::Neutron::Port
properties:
name: dhcp_relay_port_private
network: {get_param: private_net}
init_packages:
type: OS::Heat::CloudConfig
properties:
cloud_config:
package_upgrade: true
packages:
- centos-release-openstack-stein
- dnsmasq
- radvd
- chrony
init_files:
type: OS::Heat::CloudConfig
properties:
cloud_config:
write_files:
- path: /etc/os-net-config/config.yaml
content:
str_replace:
template: |
network_config:
- type: interface
name: eth0
use_dhcp: false
use_dhcpv6: false
addresses:
- ip_netmask: $private_ip_netmask
routes:
- default: true
next_hop: $private_gateway
- type: interface
name: eth1
use_dhcp: false
use_dhcpv6: false
addresses:
- ip_netmask: $provision_ip_netmask
- type: interface
name: eth2
use_dhcp: false
use_dhcpv6: false
addresses:
- ip_netmask: $provision2_ip_netmask
- type: interface
name: eth3
use_dhcp: false
use_dhcpv6: false
addresses:
- ip_netmask: $provision3_ip_netmask
params:
$private_gateway: {get_attr: [dhcp_relay_port_private, subnets, 0, gateway_ip]}
$private_ip_netmask:
list_join:
- /
- - {get_attr: [dhcp_relay_port_private, fixed_ips, 0, ip_address]}
- {str_split: ['/', {get_attr: [dhcp_relay_port_private, subnets, 0, cidr]}, 1]}
$provision_ip_netmask: {get_param: [provision_network_routers_data, provision_router_cidr]}
$provision2_ip_netmask: {get_param: [provision_network_routers_data, provision2_router_cidr]}
$provision3_ip_netmask: {get_param: [provision_network_routers_data, provision3_router_cidr]}
- path: /etc/systemd/system/dhcrelay6.service
content:
str_replace:
template: |
[Unit]
Description=DHCPv6 dnsmasq Relay Agent Daemon
Documentation=man:dnsmasq(8)
Wants=network-online.target
After=network-online.target
[Service]
Type=simple
ExecStart=/usr/sbin/dnsmasq --keep-in-foreground --port 0 --dhcp-relay=$provision2_ip,ff05::1:3,eth1 --dhcp-relay=$provision3_ip,ff05::1:3,eth1
StandardError=null
[Install]
WantedBy=multi-user.target
params:
$provision2_ip: {str_split: ['/', {get_param: [provision_network_routers_data, provision2_router_cidr]}, 0]}
$provision3_ip: {str_split: ['/', {get_param: [provision_network_routers_data, provision3_router_cidr]}, 0]}
- path: /etc/radvd.conf
content:
str_replace:
template: |
interface eth1 {
AdvSendAdvert on;
AdvManagedFlag $AdvManagedFlag;
AdvOtherConfigFlag on;
AdvRASolicitedUnicast on;
AdvLinkMTU $provision_mtu;
prefix $provision_cidr {
AdvAutonomous $AdvAutonomous;
AdvOnLink on;
};
};
interface eth2 {
AdvSendAdvert on;
AdvManagedFlag $AdvManagedFlag;
AdvOtherConfigFlag on;
AdvRASolicitedUnicast on;
AdvLinkMTU $provision2_mtu;
prefix $provision2_cidr {
AdvAutonomous $AdvAutonomous;
AdvOnLink on;
};
};
interface eth3 {
AdvSendAdvert on;
AdvManagedFlag $AdvManagedFlag;
AdvOtherConfigFlag on;
AdvRASolicitedUnicast on;
AdvLinkMTU $provision3_mtu;
prefix $provision3_cidr {
AdvAutonomous $AdvAutonomous;
AdvOnLink on;
};
};
params:
$provision_cidr: {get_param: provision_net_cidr}
$provision2_cidr: {get_param: provision_net2_cidr}
$provision3_cidr: {get_param: provision_net3_cidr}
$provision_mtu: {get_param: [provision_network_routers_data, provision_mtu]}
$provision2_mtu: {get_param: [provision_network_routers_data, provision2_mtu]}
$provision3_mtu: {get_param: [provision_network_routers_data, provision3_mtu]}
$AdvManagedFlag:
if:
- dhcpv6-statefull
- 'on'
- 'off'
$AdvAutonomous:
if:
- dhcpv6-statefull
- 'off'
- 'on'
- path: /etc/sysctl.d/98-ipv6-routing.conf
content: |
net.ipv6.conf.eth1.forwarding = 1
net.ipv6.conf.eth2.forwarding = 1
net.ipv6.conf.eth3.forwarding = 1
- - path: /etc/chrony.conf
content:
str_replace:
template: |
pool $ntp_pool iburst
# Record the rate at which the system clock gains/losses time.
driftfile /var/lib/chrony/drift
# Allow the system clock to be stepped in the first three updates
# if its offset is larger than 1 second.
makestep 1.0 3
# Allow NTP client access from provision network.
allow $provision_cidr
allow $provision2_cidr
allow $provision3_cidr
# Serve time even if not synchronized to a time source.
local stratum 10
# Specify file containing keys for NTP authentication.
keyfile /etc/chrony.keys
# Get TAI-UTC offset and leap seconds from the system tz database.
leapsectz right/UTC
# Specify directory for log files.
logdir /var/log/chrony
params:
$ntp_pool: {get_param: NtpPool}
$provision_cidr: {get_param: provision_net_cidr}
$provision2_cidr: {get_param: provision_net2_cidr}
$provision3_cidr: {get_param: provision_net3_cidr}
init_runcmd:
type: OS::Heat::CloudConfig
properties:
cloud_config:
runcmd:
- ['sysctl','--system']
- ['systemctl', 'daemon-reload']
- ['yum', '-y', 'install', 'os-net-config']
- ['os-net-config', '--config', '/etc/os-net-config/config.yaml']
- ['systemctl', 'enable', 'dhcrelay6.service']
- ['systemctl', 'start', 'dhcrelay6.service']
- ['systemctl', 'status', 'dhcrelay6.service']
- ['systemctl', 'enable', 'radvd.service']
- ['systemctl', 'start', 'radvd.service']
- ['systemctl', 'status', 'radvd.service']
dhcrelay_init:
type: OS::Heat::MultipartMime
properties:
parts:
- config: {get_resource: init_packages}
- config: {get_resource: init_files}
- config: {get_resource: init_runcmd}
dhcp_relay_server:
type: OS::Nova::Server
properties:
name: radvd-and-dhcrelay
flavor: {get_param: dhcp_relay_flavor}
image: {get_param: dhcp_relay_image}
key_name: {get_param: key_name}
networks:
- {port: {get_resource: dhcp_relay_port_private}}
- {port: {get_param: [provision_network_routers_data, provision_router_resource]}}
- {port: {get_param: [provision_network_routers_data, provision2_router_resource]}}
- {port: {get_param: [provision_network_routers_data, provision3_router_resource]}}
config_drive: true
user_data_format: RAW
user_data: {get_resource: dhcrelay_init}

1
templates/quintupleo.yaml
View File

@ -186,6 +186,7 @@ resources:
baremetal_prefix: {get_param: baremetal_prefix}
cloud_data: {get_param: cloud_data}
dhcp_ips: {get_param: dhcp_ips}
provision_network_routers_data: {get_attr: [undercloud_networks, provision_network_routers_data]}
outputs:
undercloud_host_floating_ip:

2
templates/resource-registry.yaml
View File

@ -12,3 +12,5 @@ resource_registry:
OS::OVB::UndercloudNetworks: undercloud-networks.yaml
OS::OVB::DHCPRelay: OS::Heat::None
OS::OVB::RouterAdvertisementDaemon: OS::Heat::None
OS::OVB::ProvisionNetRouter: OS::Neutron::Router
OS::OVB::ProvisionNetRouterInterface: OS::Neutron::RouterInterface

2
templates/undercloud-networks-existing.yaml
View File

@ -55,5 +55,7 @@ outputs:
# The provision and public network routers is here for compatibility only
provision_network_routers:
value: null
provision_network_routers_data:
value: null
public_network_router:
value: null

2
templates/undercloud-networks-public-router.yaml
View File

@ -117,6 +117,8 @@ outputs:
# The provision_network_routers is here for compatibility only
provision_network_routers:
value: {}
provision_network_routers_data:
value: {}
public_network_router:
value:
public_router: {get_attr: [public_router_port, fixed_ips, 0, ip_address]}

36
templates/undercloud-networks-routed.yaml
View File

@ -1,4 +1,4 @@
heat_template_version: 2015-04-30
heat_template_version: 2015-10-15
parameters:
provision_net:
@ -112,7 +112,7 @@ parameters:
resources:
provision_router:
type: OS::Neutron::Router
type: OS::OVB::ProvisionNetRouter
properties:
name: provision-router
external_gateway_info:
@ -137,13 +137,14 @@ resources:
provision_router_port:
type: OS::Neutron::Port
properties:
name: provision_router_port
network: {get_resource: provision_network}
port_security_enabled: false
fixed_ips:
- ip_address: {get_param: provision_net_router_address}
provision_router_interface:
type: OS::Neutron::RouterInterface
type: OS::OVB::ProvisionNetRouterInterface
properties:
router: {get_resource: provision_router}
port: {get_resource: provision_router_port}
@ -167,13 +168,14 @@ resources:
provision_router_port2:
type: OS::Neutron::Port
properties:
name: provision_router_port2
network: {get_resource: provision_network2}
port_security_enabled: false
fixed_ips:
- ip_address: {get_param: provision_net2_router_address}
provision_router_interface2:
type: OS::Neutron::RouterInterface
type: OS::OVB::ProvisionNetRouterInterface
properties:
router: {get_resource: provision_router}
port: {get_resource: provision_router_port2}
@ -197,13 +199,14 @@ resources:
provision_router_port3:
type: OS::Neutron::Port
properties:
name: provision_router_port3
network: {get_resource: provision_network3}
port_security_enabled: false
fixed_ips:
- ip_address: {get_param: provision_net3_router_address}
provision_router_interface3:
type: OS::Neutron::RouterInterface
type: OS::OVB::ProvisionNetRouterInterface
properties:
router: {get_resource: provision_router}
port: {get_resource: provision_router_port3}
@ -258,6 +261,29 @@ outputs:
provision_router: {get_attr: [provision_router_port, fixed_ips, 0, ip_address]}
provision2_router: {get_attr: [provision_router_port2, fixed_ips, 0, ip_address]}
provision3_router: {get_attr: [provision_router_port3, fixed_ips, 0, ip_address]}
provision_network_routers_data:
value:
provision_router_cidr:
list_join:
- /
- - {get_attr: [provision_router_port, fixed_ips, 0, ip_address]}
- {str_split: ['/', {get_attr: [provision_router_port, subnets, 0, cidr]}, 1]}
provision2_router_cidr:
list_join:
- /
- - {get_attr: [provision_router_port2, fixed_ips, 0, ip_address]}
- {str_split: ['/', {get_attr: [provision_router_port2, subnets, 0, cidr]}, 1]}
provision3_router_cidr:
list_join:
- /
- - {get_attr: [provision_router_port3, fixed_ips, 0, ip_address]}
- {str_split: ['/', {get_attr: [provision_router_port3, subnets, 0, cidr]}, 1]}
provision_router_resource: {get_resource: provision_router_port}
provision2_router_resource: {get_resource: provision_router_port2}
provision3_router_resource: {get_resource: provision_router_port3}
provision_mtu: {get_attr: [provision_router_port, network, mtu]}
provision2_mtu: {get_attr: [provision_router_port2, network, mtu]}
provision3_mtu: {get_attr: [provision_router_port3, network, mtu]}
public_network_router:
value:
public_router: {get_attr: [public_router_port, fixed_ips, 0, ip_address]}

2
templates/undercloud-networks.yaml
View File

@ -88,5 +88,7 @@ outputs:
# The provision and public network routers is here for compatibility only
provision_network_routers:
value: null
provision_network_routers_data:
value: null
public_network_router:
value: null

6
templates/virtual-baremetal.yaml
View File

@ -60,6 +60,11 @@ parameters:
description: |
The IP addresses of DHCP servers to relay DHCP requests to.
provision_network_routers_data:
type: json
default: {}
description: A map with provision network router data
# Ignored parameters for compatibility with QuintupleO env files
undercloud_image:
type: string
@ -126,6 +131,7 @@ resources:
properties:
networks: {get_param: networks}
dhcp_ips: {get_param: dhcp_ips}
provision_network_routers_data: {get_param: provision_network_routers_data}
ipv6_radvd:
type: OS::OVB::RouterAdvertisementDaemon