From 135786a9ca74b516459a284c9e667f203cae20af Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Harald=20Jens=C3=A5s?= Date: Fri, 20 Sep 2019 09:05:35 +0200 Subject: [PATCH] Add IPv6 radvd and dhcpv6 relay support Add a new templates to configure radvd and dhcpv6 relay. For IPv6 routed network the radvd daemon and the dhcpv6 relay is hosted on the same instance. Since we do not want the networks in the OVB infra to provide any DHCP or auto configuration we cannot use neutron routers for provisioning network routing. The instance running dhcpv6 relay and radvd will also be the router for the provisioning networks. Bump template version in undercloud-networks-routed.yaml to version 2015-10-15. Need this version to avoid error: 'Items to join must be strings not {u'str_split': [u'/', u'fd12:3456:789a:3::/64', 1]}' Change-Id: Ib95f7d7cfd3d2318ac4f4f44f22955b0c18c465e --- doc/source/deploy/environment-index.rst | 17 +- .../routed-networks-configuration.yaml | 4 +- environments/routed-networks-ipv6.yaml | 20 ++ sample-env-generator/environments.yaml | 20 +- templates/dhcp-relay.yaml | 3 + templates/dhcpv6-relay.yaml | 284 ++++++++++++++++++ templates/quintupleo.yaml | 1 + templates/resource-registry.yaml | 2 + templates/undercloud-networks-existing.yaml | 2 + .../undercloud-networks-public-router.yaml | 2 + templates/undercloud-networks-routed.yaml | 36 ++- templates/undercloud-networks.yaml | 2 + templates/virtual-baremetal.yaml | 6 + 13 files changed, 388 insertions(+), 11 deletions(-) create mode 100644 environments/routed-networks-ipv6.yaml create mode 100644 templates/dhcpv6-relay.yaml diff --git a/doc/source/deploy/environment-index.rst b/doc/source/deploy/environment-index.rst index 280c291..40c53f3 100644 --- a/doc/source/deploy/environment-index.rst +++ b/doc/source/deploy/environment-index.rst @@ -158,8 +158,21 @@ Configuration for Routed Networks **File:** environments/routed-networks-configuration.yaml **Description:** Contains the available parameters that need to be configured when using -a routed networks environment. Requires the routed-networks.yaml -environment. +a routed networks environment. Requires the routed-networks.yaml or +routed-networks-ipv6.yaml environment. + + +Enable Routed Networks IPv6 +--------------------------- + +**File:** environments/routed-networks-ipv6.yaml + +**Description:** Enable use of routed IPv6 networks, where there may be multiple separate +networks connected with a router, router advertisement daemon (radvd), +and DHCP relay. Do not pass any other network configuration environments +after this one or they may override the changes made by this environment. +When this environment is in use, the routed-networks-configuration +environment should usually be included as well. Base Role Configuration for Routed Networks diff --git a/environments/routed-networks-configuration.yaml b/environments/routed-networks-configuration.yaml index 2171885..43c5c1d 100644 --- a/environments/routed-networks-configuration.yaml +++ b/environments/routed-networks-configuration.yaml @@ -7,8 +7,8 @@ # title: Configuration for Routed Networks # description: | # Contains the available parameters that need to be configured when using -# a routed networks environment. Requires the routed-networks.yaml -# environment. +# a routed networks environment. Requires the routed-networks.yaml or +# routed-networks-ipv6.yaml environment. parameter_defaults: # The Nova flavor to use for the dhcrelay instance # Type: string diff --git a/environments/routed-networks-ipv6.yaml b/environments/routed-networks-ipv6.yaml new file mode 100644 index 0000000..8f44377 --- /dev/null +++ b/environments/routed-networks-ipv6.yaml @@ -0,0 +1,20 @@ +# ******************************************************************* +# This file was created automatically by the sample environment +# generator. Developers should use `tox -e genconfig` to update it. +# Users are recommended to make changes to a copy of the file instead +# of the original, if any customizations are needed. +# ******************************************************************* +# title: Enable Routed Networks IPv6 +# description: | +# Enable use of routed IPv6 networks, where there may be multiple separate +# networks connected with a router, router advertisement daemon (radvd), +# and DHCP relay. Do not pass any other network configuration environments +# after this one or they may override the changes made by this environment. +# When this environment is in use, the routed-networks-configuration +# environment should usually be included as well. +resource_registry: + OS::OVB::BaremetalNetworks: ../templates/baremetal-networks-routed.yaml + OS::OVB::DHCPRelay: ../templates/dhcpv6-relay.yaml + OS::OVB::ProvisionNetRouter: OS::Heat::None + OS::OVB::ProvisionNetRouterInterface: OS::Heat::None + OS::OVB::UndercloudNetworks: ../templates/undercloud-networks-routed.yaml diff --git a/sample-env-generator/environments.yaml b/sample-env-generator/environments.yaml index 66ebfa9..3906404 100644 --- a/sample-env-generator/environments.yaml +++ b/sample-env-generator/environments.yaml @@ -195,8 +195,8 @@ environments: title: Configuration for Routed Networks description: | Contains the available parameters that need to be configured when using - a routed networks environment. Requires the routed-networks.yaml - environment. + a routed networks environment. Requires the routed-networks.yaml or + routed-networks-ipv6.yaml environment. files: templates/dhcp-relay.yaml: parameters: @@ -216,6 +216,22 @@ environments: OS::OVB::UndercloudNetworks: ../templates/undercloud-networks-routed.yaml OS::OVB::BaremetalNetworks: ../templates/baremetal-networks-routed.yaml OS::OVB::DHCPRelay: ../templates/dhcp-relay.yaml + - + name: routed-networks-ipv6 + title: Enable Routed Networks IPv6 + description: | + Enable use of routed IPv6 networks, where there may be multiple separate + networks connected with a router, router advertisement daemon (radvd), + and DHCP relay. Do not pass any other network configuration environments + after this one or they may override the changes made by this environment. + When this environment is in use, the routed-networks-configuration + environment should usually be included as well. + resource_registry: + OS::OVB::UndercloudNetworks: ../templates/undercloud-networks-routed.yaml + OS::OVB::BaremetalNetworks: ../templates/baremetal-networks-routed.yaml + OS::OVB::DHCPRelay: ../templates/dhcpv6-relay.yaml + OS::OVB::ProvisionNetRouter: OS::Heat::None + OS::OVB::ProvisionNetRouterInterface: OS::Heat::None - name: routed-networks-role title: Base Role Configuration for Routed Networks diff --git a/templates/dhcp-relay.yaml b/templates/dhcp-relay.yaml index f4e5acc..61585d7 100644 --- a/templates/dhcp-relay.yaml +++ b/templates/dhcp-relay.yaml @@ -45,6 +45,9 @@ parameters: private_net: type: string + provision_network_routers_data: + type: json + description: A map with provision network router data resources: dhcp_relay_port_private: diff --git a/templates/dhcpv6-relay.yaml b/templates/dhcpv6-relay.yaml new file mode 100644 index 0000000..295d41c --- /dev/null +++ b/templates/dhcpv6-relay.yaml @@ -0,0 +1,284 @@ +heat_template_version: 2016-10-14 + +parameters: + + key_name: + type: string + default: default + description: Nova keypair to inject into the undercloud and bmc + + dhcp_relay_flavor: + type: string + default: m1.small + description: The Nova flavor to use for the dhcrelay instance + + dhcp_relay_image: + type: string + default: CentOS-7-x86_64-GenericCloud + description: | + The base image for the dhcrelay instance. A CentOS 7 image is currently + the only one supported. + + provision_net_cidr: + type: string + description: CIDR for provision network subnet + default: fd12:3456:789a:1::/64 + + provision_net2_cidr: + type: string + description: CIDR for second provision network subnet + default: fd12:3456:789a:2::/64 + + provision_net3_cidr: + type: string + description: CIDR for third provision network subnet + default: fd12:3456:789a:3::/64 + + IPv6_dhcpv6-statefull: + type: boolean + description: | + Controls radvd parameters AdvManagedFlag and AdvAutonomous. For stateful + addressing these should be AdvManagedFlag: on, AdvAutonomous: off, for + statelss (SLAAC) these should be AdvManagedFlag: off, AdvAutonomous: on. + default: false + + dhcp_ips: + # Ignored parameter for compatibility with dhcp-relay.yaml + type: json + description: | + The IP addresses of DHCP servers to relay DHCP requests to. + + networks: + # Ignored parameter for compatibility with dhcp-relay.yaml + type: json + + private_net: + type: string + + provision_network_routers_data: + type: json + description: A map with provision network router data + + NtpPool: + default: pool.ntp.org + description: | + NTP pool, the pool name is expected to resolve to multiple addresses which + might change over time. For IPv6 overclouds the radvd-and-dhcrelay + instance can act as the NTP server. + type: string + +conditions: + dhcpv6-statefull: + get_param: IPv6_dhcpv6-statefull + +resources: + dhcp_relay_port_private: + type: OS::Neutron::Port + properties: + name: dhcp_relay_port_private + network: {get_param: private_net} + + init_packages: + type: OS::Heat::CloudConfig + properties: + cloud_config: + package_upgrade: true + packages: + - centos-release-openstack-stein + - dnsmasq + - radvd + - chrony + + init_files: + type: OS::Heat::CloudConfig + properties: + cloud_config: + write_files: + - path: /etc/os-net-config/config.yaml + content: + str_replace: + template: | + network_config: + - type: interface + name: eth0 + use_dhcp: false + use_dhcpv6: false + addresses: + - ip_netmask: $private_ip_netmask + routes: + - default: true + next_hop: $private_gateway + - type: interface + name: eth1 + use_dhcp: false + use_dhcpv6: false + addresses: + - ip_netmask: $provision_ip_netmask + - type: interface + name: eth2 + use_dhcp: false + use_dhcpv6: false + addresses: + - ip_netmask: $provision2_ip_netmask + - type: interface + name: eth3 + use_dhcp: false + use_dhcpv6: false + addresses: + - ip_netmask: $provision3_ip_netmask + params: + $private_gateway: {get_attr: [dhcp_relay_port_private, subnets, 0, gateway_ip]} + $private_ip_netmask: + list_join: + - / + - - {get_attr: [dhcp_relay_port_private, fixed_ips, 0, ip_address]} + - {str_split: ['/', {get_attr: [dhcp_relay_port_private, subnets, 0, cidr]}, 1]} + $provision_ip_netmask: {get_param: [provision_network_routers_data, provision_router_cidr]} + $provision2_ip_netmask: {get_param: [provision_network_routers_data, provision2_router_cidr]} + $provision3_ip_netmask: {get_param: [provision_network_routers_data, provision3_router_cidr]} + - path: /etc/systemd/system/dhcrelay6.service + content: + str_replace: + template: | + [Unit] + Description=DHCPv6 dnsmasq Relay Agent Daemon + Documentation=man:dnsmasq(8) + Wants=network-online.target + After=network-online.target + + [Service] + Type=simple + ExecStart=/usr/sbin/dnsmasq --keep-in-foreground --port 0 --dhcp-relay=$provision2_ip,ff05::1:3,eth1 --dhcp-relay=$provision3_ip,ff05::1:3,eth1 + StandardError=null + + [Install] + WantedBy=multi-user.target + params: + $provision2_ip: {str_split: ['/', {get_param: [provision_network_routers_data, provision2_router_cidr]}, 0]} + $provision3_ip: {str_split: ['/', {get_param: [provision_network_routers_data, provision3_router_cidr]}, 0]} + - path: /etc/radvd.conf + content: + str_replace: + template: | + interface eth1 { + AdvSendAdvert on; + AdvManagedFlag $AdvManagedFlag; + AdvOtherConfigFlag on; + AdvRASolicitedUnicast on; + AdvLinkMTU $provision_mtu; + prefix $provision_cidr { + AdvAutonomous $AdvAutonomous; + AdvOnLink on; + }; + }; + interface eth2 { + AdvSendAdvert on; + AdvManagedFlag $AdvManagedFlag; + AdvOtherConfigFlag on; + AdvRASolicitedUnicast on; + AdvLinkMTU $provision2_mtu; + prefix $provision2_cidr { + AdvAutonomous $AdvAutonomous; + AdvOnLink on; + }; + }; + interface eth3 { + AdvSendAdvert on; + AdvManagedFlag $AdvManagedFlag; + AdvOtherConfigFlag on; + AdvRASolicitedUnicast on; + AdvLinkMTU $provision3_mtu; + prefix $provision3_cidr { + AdvAutonomous $AdvAutonomous; + AdvOnLink on; + }; + }; + params: + $provision_cidr: {get_param: provision_net_cidr} + $provision2_cidr: {get_param: provision_net2_cidr} + $provision3_cidr: {get_param: provision_net3_cidr} + $provision_mtu: {get_param: [provision_network_routers_data, provision_mtu]} + $provision2_mtu: {get_param: [provision_network_routers_data, provision2_mtu]} + $provision3_mtu: {get_param: [provision_network_routers_data, provision3_mtu]} + $AdvManagedFlag: + if: + - dhcpv6-statefull + - 'on' + - 'off' + $AdvAutonomous: + if: + - dhcpv6-statefull + - 'off' + - 'on' + - path: /etc/sysctl.d/98-ipv6-routing.conf + content: | + net.ipv6.conf.eth1.forwarding = 1 + net.ipv6.conf.eth2.forwarding = 1 + net.ipv6.conf.eth3.forwarding = 1 + - - path: /etc/chrony.conf + content: + str_replace: + template: | + pool $ntp_pool iburst + # Record the rate at which the system clock gains/losses time. + driftfile /var/lib/chrony/drift + # Allow the system clock to be stepped in the first three updates + # if its offset is larger than 1 second. + makestep 1.0 3 + # Allow NTP client access from provision network. + allow $provision_cidr + allow $provision2_cidr + allow $provision3_cidr + # Serve time even if not synchronized to a time source. + local stratum 10 + # Specify file containing keys for NTP authentication. + keyfile /etc/chrony.keys + # Get TAI-UTC offset and leap seconds from the system tz database. + leapsectz right/UTC + # Specify directory for log files. + logdir /var/log/chrony + params: + $ntp_pool: {get_param: NtpPool} + $provision_cidr: {get_param: provision_net_cidr} + $provision2_cidr: {get_param: provision_net2_cidr} + $provision3_cidr: {get_param: provision_net3_cidr} + + init_runcmd: + type: OS::Heat::CloudConfig + properties: + cloud_config: + runcmd: + - ['sysctl','--system'] + - ['systemctl', 'daemon-reload'] + - ['yum', '-y', 'install', 'os-net-config'] + - ['os-net-config', '--config', '/etc/os-net-config/config.yaml'] + - ['systemctl', 'enable', 'dhcrelay6.service'] + - ['systemctl', 'start', 'dhcrelay6.service'] + - ['systemctl', 'status', 'dhcrelay6.service'] + - ['systemctl', 'enable', 'radvd.service'] + - ['systemctl', 'start', 'radvd.service'] + - ['systemctl', 'status', 'radvd.service'] + + dhcrelay_init: + type: OS::Heat::MultipartMime + properties: + parts: + - config: {get_resource: init_packages} + - config: {get_resource: init_files} + - config: {get_resource: init_runcmd} + + dhcp_relay_server: + type: OS::Nova::Server + properties: + name: radvd-and-dhcrelay + flavor: {get_param: dhcp_relay_flavor} + image: {get_param: dhcp_relay_image} + key_name: {get_param: key_name} + networks: + - {port: {get_resource: dhcp_relay_port_private}} + - {port: {get_param: [provision_network_routers_data, provision_router_resource]}} + - {port: {get_param: [provision_network_routers_data, provision2_router_resource]}} + - {port: {get_param: [provision_network_routers_data, provision3_router_resource]}} + config_drive: true + user_data_format: RAW + user_data: {get_resource: dhcrelay_init} diff --git a/templates/quintupleo.yaml b/templates/quintupleo.yaml index 01d869f..26f851a 100644 --- a/templates/quintupleo.yaml +++ b/templates/quintupleo.yaml @@ -186,6 +186,7 @@ resources: baremetal_prefix: {get_param: baremetal_prefix} cloud_data: {get_param: cloud_data} dhcp_ips: {get_param: dhcp_ips} + provision_network_routers_data: {get_attr: [undercloud_networks, provision_network_routers_data]} outputs: undercloud_host_floating_ip: diff --git a/templates/resource-registry.yaml b/templates/resource-registry.yaml index c023d37..92db11a 100644 --- a/templates/resource-registry.yaml +++ b/templates/resource-registry.yaml @@ -12,3 +12,5 @@ resource_registry: OS::OVB::UndercloudNetworks: undercloud-networks.yaml OS::OVB::DHCPRelay: OS::Heat::None OS::OVB::RouterAdvertisementDaemon: OS::Heat::None + OS::OVB::ProvisionNetRouter: OS::Neutron::Router + OS::OVB::ProvisionNetRouterInterface: OS::Neutron::RouterInterface diff --git a/templates/undercloud-networks-existing.yaml b/templates/undercloud-networks-existing.yaml index 2cf6898..f050cbd 100644 --- a/templates/undercloud-networks-existing.yaml +++ b/templates/undercloud-networks-existing.yaml @@ -50,5 +50,7 @@ outputs: # The provision and public network routers is here for compatibility only provision_network_routers: value: null + provision_network_routers_data: + value: null public_network_router: value: null diff --git a/templates/undercloud-networks-public-router.yaml b/templates/undercloud-networks-public-router.yaml index 19bc049..b49d997 100644 --- a/templates/undercloud-networks-public-router.yaml +++ b/templates/undercloud-networks-public-router.yaml @@ -111,6 +111,8 @@ outputs: # The provision_network_routers is here for compatibility only provision_network_routers: value: {} + provision_network_routers_data: + value: {} public_network_router: value: public_router: {get_attr: [public_router_port, fixed_ips, 0, ip_address]} diff --git a/templates/undercloud-networks-routed.yaml b/templates/undercloud-networks-routed.yaml index c04370b..37b27d1 100644 --- a/templates/undercloud-networks-routed.yaml +++ b/templates/undercloud-networks-routed.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2015-04-30 +heat_template_version: 2015-10-15 parameters: provision_net: @@ -107,7 +107,7 @@ parameters: resources: provision_router: - type: OS::Neutron::Router + type: OS::OVB::ProvisionNetRouter properties: name: provision-router external_gateway_info: @@ -132,13 +132,14 @@ resources: provision_router_port: type: OS::Neutron::Port properties: + name: provision_router_port network: {get_resource: provision_network} port_security_enabled: false fixed_ips: - ip_address: {get_param: provision_net_router_address} provision_router_interface: - type: OS::Neutron::RouterInterface + type: OS::OVB::ProvisionNetRouterInterface properties: router: {get_resource: provision_router} port: {get_resource: provision_router_port} @@ -162,13 +163,14 @@ resources: provision_router_port2: type: OS::Neutron::Port properties: + name: provision_router_port2 network: {get_resource: provision_network2} port_security_enabled: false fixed_ips: - ip_address: {get_param: provision_net2_router_address} provision_router_interface2: - type: OS::Neutron::RouterInterface + type: OS::OVB::ProvisionNetRouterInterface properties: router: {get_resource: provision_router} port: {get_resource: provision_router_port2} @@ -192,13 +194,14 @@ resources: provision_router_port3: type: OS::Neutron::Port properties: + name: provision_router_port3 network: {get_resource: provision_network3} port_security_enabled: false fixed_ips: - ip_address: {get_param: provision_net3_router_address} provision_router_interface3: - type: OS::Neutron::RouterInterface + type: OS::OVB::ProvisionNetRouterInterface properties: router: {get_resource: provision_router} port: {get_resource: provision_router_port3} @@ -252,6 +255,29 @@ outputs: provision_router: {get_attr: [provision_router_port, fixed_ips, 0, ip_address]} provision2_router: {get_attr: [provision_router_port2, fixed_ips, 0, ip_address]} provision3_router: {get_attr: [provision_router_port3, fixed_ips, 0, ip_address]} + provision_network_routers_data: + value: + provision_router_cidr: + list_join: + - / + - - {get_attr: [provision_router_port, fixed_ips, 0, ip_address]} + - {str_split: ['/', {get_attr: [provision_router_port, subnets, 0, cidr]}, 1]} + provision2_router_cidr: + list_join: + - / + - - {get_attr: [provision_router_port2, fixed_ips, 0, ip_address]} + - {str_split: ['/', {get_attr: [provision_router_port2, subnets, 0, cidr]}, 1]} + provision3_router_cidr: + list_join: + - / + - - {get_attr: [provision_router_port3, fixed_ips, 0, ip_address]} + - {str_split: ['/', {get_attr: [provision_router_port3, subnets, 0, cidr]}, 1]} + provision_router_resource: {get_resource: provision_router_port} + provision2_router_resource: {get_resource: provision_router_port2} + provision3_router_resource: {get_resource: provision_router_port3} + provision_mtu: {get_attr: [provision_router_port, network, mtu]} + provision2_mtu: {get_attr: [provision_router_port2, network, mtu]} + provision3_mtu: {get_attr: [provision_router_port3, network, mtu]} public_network_router: value: public_router: {get_attr: [public_router_port, fixed_ips, 0, ip_address]} diff --git a/templates/undercloud-networks.yaml b/templates/undercloud-networks.yaml index 1adc322..4320670 100644 --- a/templates/undercloud-networks.yaml +++ b/templates/undercloud-networks.yaml @@ -82,5 +82,7 @@ outputs: # The provision and public network routers is here for compatibility only provision_network_routers: value: null + provision_network_routers_data: + value: null public_network_router: value: null diff --git a/templates/virtual-baremetal.yaml b/templates/virtual-baremetal.yaml index 6995c22..ce720f5 100644 --- a/templates/virtual-baremetal.yaml +++ b/templates/virtual-baremetal.yaml @@ -60,6 +60,11 @@ parameters: description: | The IP addresses of DHCP servers to relay DHCP requests to. + provision_network_routers_data: + type: json + default: {} + description: A map with provision network router data + # Ignored parameters for compatibility with QuintupleO env files undercloud_image: type: string @@ -126,6 +131,7 @@ resources: properties: networks: {get_param: networks} dhcp_ips: {get_param: dhcp_ips} + provision_network_routers_data: {get_param: provision_network_routers_data} ipv6_radvd: type: OS::OVB::RouterAdvertisementDaemon