x
/
fuel-plugin-contrail
Code Issues Proposed changes

Custom VIP functions added 

Now plugin defines a custom VIP in private network,
hosted on openstack controller nodes and managed by Fuel HA.
This VIP is used as a load-balancer for contrail services.

Change-Id: I22044860dbea52c73a9a090ed27b5c5318bab7b2
This commit is contained in:
Oleksandr Martsyniuk 2015-11-14 13:54:55 +02:00
parent 9198fdf508
commit 51ec174c2b
16 changed files with 155 additions and 324 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
deployment_scripts/puppet/manifests/controller-vip.pp Normal file
View File

@ -0,0 +1,18 @@
# Copyright 2015 Mirantis, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
notice('MODULAR: contrail/controller-vip.pp')
include contrail
class { 'contrail::vip': }

23
deployment_scripts/puppet/modules/contrail/manifests/controller.pp
View File

@ -35,18 +35,6 @@ class contrail::controller {
package { 'neutron-plugin-contrail': } ->
package { 'contrail-heat': }
# Configuration files for HAProxy
file {'/etc/haproxy/conf.d/094-web_for_contrail.cfg':
ensure => present,
content => template('contrail/094-web_for_contrail.cfg.erb'),
notify => Service['haproxy'],
}
file {'/etc/haproxy/conf.d/095-rabbit_for_contrail.cfg':
ensure => present,
content => template('contrail/095-rabbit_for_contrail.cfg.erb'),
notify => Service['haproxy'],
}
# Nova configuration
nova_config {
'DEFAULT/network_api_class': value=> 'nova.network.neutronv2.api.API';
@ -106,17 +94,6 @@ class contrail::controller {
require => Package['contrail-heat'],
}
# Services
service {'haproxy':
ensure => running,
name => 'p_haproxy',
hasstatus => true,
hasrestart => true,
provider => 'pacemaker',
subscribe => [File['/etc/haproxy/conf.d/094-web_for_contrail.cfg'],
File['/etc/haproxy/conf.d/095-rabbit_for_contrail.cfg'],
]
}
service { 'neutron-server':
ensure => running,
enable => true,

27
deployment_scripts/puppet/modules/contrail/manifests/init.pp
View File

@ -60,33 +60,20 @@ $netmask=get_network_role_property('neutron/mesh', 'netmask')
$netmask_short=netmask_to_cidr($netmask)
$mos_mgmt_vip=$network_metadata['vips']['management']['ipaddr']
$mos_public_vip=$network_metadata['vips']['public']['ipaddr']
$mgmt_if=get_network_role_property('management', 'interface')
$mgmt_cidr=get_network_role_property('management', 'cidr')
$mgmt_netmask=get_network_role_property('management', 'netmask')
$mgmt_netmask_short=netmask_to_cidr($mgmt_netmask)
$contrail_mgmt_vip=get_last_ip(hiera('management_network_range'))
$contrail_private_vip=get_last_ip(hiera('private_network_range'))
$contrail_node_basename='contrail'
$deployment_node="${contrail_node_basename}-1"
$contrail_node_num = inline_template("<%-
rv=0
@nodes.each do |node|
if (node['user_node_name'] =~ /^#{@contrail_node_basename}-.*/ and node['role'] == 'base-os')
rv+=1
end
end
-%>
<%= rv %>")
$contrail_private_vip=$network_metadata['vips']['contrail_priv']['ipaddr']
$contrail_mgmt_vip=$contrail_private_vip
# Settings for RabbitMQ on contrail controllers
$rabbit=hiera('rabbit')
$rabbit_password=$rabbit['password']
$rabbit_hosts_ports = hiera('amqp_hosts')
# RabbitMQ nodes Mgmt IP list
$rabbit_nodes_hash = get_nodes_hash_by_roles(hiera('network_metadata'), ['primary-controller', 'controller'])
$rabbit_ips = values(get_node_to_ipaddr_map_by_network_role($rabbit_nodes_hash, 'mgmt/messaging'))
# Contrail DB nodes Private IP list
$primary_contrail_db_nodes_hash = get_nodes_hash_by_roles(hiera('network_metadata'), ['primary-contrail-db'])
$primary_contrail_db_ip = values(get_node_to_ipaddr_map_by_network_role($primary_contrail_db_nodes_hash, 'neutron/mesh'))

2
deployment_scripts/puppet/modules/contrail/manifests/provision_compute.pp
View File

@ -22,7 +22,7 @@ class contrail::provision_compute {
exec { 'provision-vrouter':
path => '/bin:/usr/bin/',
command => "python /opt/contrail/utils/provision_vrouter.py \
--api_server_ip ${contrail::contrail_mgmt_vip} --api_server_port 8082 --openstack_ip ${contrail::mos_mgmt_vip} \
--api_server_ip ${contrail::mos_public_vip} --api_server_port 8082 --openstack_ip ${contrail::mos_mgmt_vip} \
--oper add --host_name ${::fqdn} --host_ip ${contrail::address} \
--admin_user neutron --admin_tenant_name services --admin_password ${contrail::service_token} \
&& touch /opt/contrail/provision-vrouter-DONE",

49
deployment_scripts/puppet/modules/contrail/manifests/vip.pp
View File

@ -13,41 +13,28 @@
# under the License.
class contrail::vip {
Package {
ensure => installed,
}
File {
# Configuration files for HAProxy
file {'/etc/haproxy/conf.d/095-rabbit_for_contrail.cfg':
ensure => present,
mode => '0644',
owner => 'root',
group => 'root',
content => template('contrail/095-rabbit_for_contrail.cfg.erb'),
notify => Service['haproxy'],
}
# Packages
package { 'keepalived': } ->
package { 'haproxy': }
# Configs
file { '/etc/keepalived/keepalived.conf':
content => template('contrail/keepalived.conf.erb'),
require => Package['keepalived'],
file {'/etc/haproxy/conf.d/096-vip_for_contrail.cfg':
ensure => present,
content => template('contrail/096-vip_for_contrail.cfg.erb'),
notify => Service['haproxy'],
}
file { '/etc/haproxy/haproxy.cfg':
content => template('contrail/haproxy.cfg.erb'),
require => Package['haproxy'],
}
# Services
service { 'keepalived':
ensure => running,
enable => true,
hasstatus => false,
subscribe => File['/etc/keepalived/keepalived.conf'],
}
service { 'haproxy':
ensure => running,
enable => true,
subscribe => File['/etc/haproxy/haproxy.cfg'],
service {'haproxy':
ensure => running,
name => 'p_haproxy',
hasstatus => true,
hasrestart => true,
provider => 'pacemaker',
subscribe => [File['/etc/haproxy/conf.d/095-rabbit_for_contrail.cfg'],
File['/etc/haproxy/conf.d/096-vip_for_contrail.cfg'],
]
}
}

52
deployment_scripts/puppet/modules/contrail/templates/094-web_for_contrail.cfg.erb
View File

@ -1,52 +0,0 @@
<%-
nodes=scope.function_hiera(['nodes'])
contrail_node_basename=scope.lookupvar('contrail::contrail_node_basename')
mgmt_ip=Array.new
nodes.each do |node|
case node['role']
when 'base-os'
if node['user_node_name'] =~ /^#{contrail_node_basename}-.*/
mgmt_ip << node['internal_address']
end
end
end
-%>
frontend contrail-analytics-api <%= scope.function_hiera(['public_vip']) %>:8081
default_backend contrail-analytics-api
backend contrail-analytics-api
option nolinger
balance roundrobin
default-server error-limit 1 on-error mark-down
<%- mgmt_ip.each_with_index do |ip, i| -%>
server <%= ip %> <%= ip %>:9081 check inter 2000 rise 2 fall 3
<%- end -%>
frontend contrail-api <%= scope.function_hiera(['public_vip']) %>:8082
default_backend contrail-api-backend
backend contrail-api-backend
option nolinger
balance roundrobin
<%- mgmt_ip.each_with_index do |ip, i| -%>
server <%= ip %> <%= ip %>:9100 check inter 2000 rise 2 fall 3
<%- end -%>
frontend contrail-webui-api <%= scope.function_hiera(['public_vip']) %>:8143
mode tcp
default_backend contrail-webui-api
backend contrail-webui-api
mode tcp
balance roundrobin
option nolinger
stick on src
stick-table type ip size 200k expire 30m
option tcp-check
tcp-check connect port 8143
default-server error-limit 1 on-error mark-down
<%- mgmt_ip.each_with_index do |ip, i| -%>
server <%= ip %> <%= ip %>:8143 check inter 2000 rise 2 fall 3
<%- end -%>

18
deployment_scripts/puppet/modules/contrail/templates/095-rabbit_for_contrail.cfg.erb
View File

@ -1,5 +1,5 @@
listen rabbit
bind <%= scope.function_hiera(['management_vip']) %>:5673
bind <%= scope.lookupvar('contrail::contrail_private_vip') %>:5673
mode tcp
option tcplog
balance roundrobin
@ -10,16 +10,6 @@ listen rabbit
option tcpka
retries 3
<%-
nodes=scope.function_hiera(['nodes'])
nodes.each do |node|
case node['role']
when /^(primary-)?controller$/
-%>
server <%= node['name'] %> <%= node['internal_address']%>:5673 check inter 10s fastinter 2s downinter 3s rise 3 fall 3
<%- end
end
-%>
<%- scope.lookupvar('contrail::rabbit_ips').each_with_index do |ip, i| -%>
server <%= ip %> <%= ip %>:5673 check inter 10s fastinter 2s downinter 3s rise 3 fall 3
<%- end -%>

76
deployment_scripts/puppet/modules/contrail/templates/096-vip_for_contrail.cfg.erb Normal file
View File

@ -0,0 +1,76 @@
#contrail-collector-marker-start
listen contrail-collector-stats <%= scope.lookupvar('contrail::contrail_private_vip') %>:5938
mode http
stats enable
stats uri /
stats auth haproxy:contrail123
frontend contrail-analytics-api <%= scope.lookupvar('contrail::contrail_private_vip') %>:8081
default_backend contrail-analytics-api
frontend contrail-analytics-api-public <%= scope.lookupvar('contrail::mos_public_vip') %>:8081
default_backend contrail-analytics-api
backend contrail-analytics-api
option nolinger
balance roundrobin
option tcp-check
tcp-check connect port 6379
default-server error-limit 1 on-error mark-down
<%- scope.lookupvar('contrail::contrail_config_ips').each_with_index do |ip, i| -%>
server <%= ip %> <%= ip %>:9081 check inter 2000 rise 2 fall 3
<%- end -%>
#contrail-collector-marker-end
#contrail-config-marker-start
listen contrail-config-stats <%= scope.lookupvar('contrail::contrail_private_vip') %>:5937
mode http
stats enable
stats uri /
stats auth haproxy:contrail123
frontend contrail-discovery <%= scope.lookupvar('contrail::contrail_private_vip') %>:5998
default_backend contrail-discovery-backend
backend contrail-discovery-backend
option nolinger
balance roundrobin
<%- scope.lookupvar('contrail::contrail_config_ips').each_with_index do |ip, i| -%>
server <%= ip %> <%= ip %>:9110 check inter 2000 rise 2 fall 3
<%- end -%>
frontend contrail-api <%= scope.lookupvar('contrail::contrail_private_vip') %>:8082
default_backend contrail-api-backend
timeout client 3m
frontend contrail-api-public <%= scope.lookupvar('contrail::mos_public_vip') %>:8082
default_backend contrail-api-backend
timeout client 3m
backend contrail-api-backend
option nolinger
timeout server 3m
balance roundrobin
<%- scope.lookupvar('contrail::contrail_config_ips').each_with_index do |ip, i| -%>
server <%= ip %> <%= ip %>:9100 check inter 2000 rise 2 fall 3
<%- end -%>
#contrail-config-marker-end
#contrail-webui-marker-start
frontend contrail-webui-api <%= scope.lookupvar('contrail::mos_public_vip') %>:8143
mode tcp
default_backend contrail-webui-api
backend contrail-webui-api
mode tcp
balance roundrobin
option nolinger
stick on src
stick-table type ip size 200k expire 30m
option tcp-check
tcp-check connect port 8143
default-server error-limit 1 on-error mark-down
<%- scope.lookupvar('contrail::contrail_config_ips').each_with_index do |ip, i| -%>
server <%= ip %> <%= ip %>:8143 check inter 2000 rise 2 fall 3
<%- end -%>
#contrail-webui-marker-start

2
deployment_scripts/puppet/modules/contrail/templates/contrail-api.conf.erb
View File

@ -14,7 +14,7 @@ disc_server_ip=<%= scope.lookupvar('contrail::contrail_private_vip') %>
disc_server_port=5998
zk_server_ip=<%= scope.lookupvar('contrail::contrail_db_ips').map{ |ip| "#{ip}:2181" }.join(',') %>
redis_server_ip=$__contrail_redis_ip__
rabbit_server=<%= scope.lookupvar('contrail::mos_mgmt_vip') %>
rabbit_server=<%= scope.lookupvar('contrail::contrail_private_vip') %>
rabbit_port=5673
list_optimization_enabled=True
auth = keystone

2
deployment_scripts/puppet/modules/contrail/templates/contrail-device-manager.conf.erb
View File

@ -8,7 +8,7 @@ disc_server_ip=<%= scope.lookupvar('contrail::contrail_private_vip') %>
disc_server_port=5998
log_local=1
log_level=SYS_NOTICE
rabbit_server=<%= scope.lookupvar('contrail::mos_mgmt_vip') %>
rabbit_server=<%= scope.lookupvar('contrail::contrail_private_vip') %>
rabbit_port=5673
rabbit_user = nova
rabbit_password = <%= scope.lookupvar('contrail::rabbit_password') %>

2
deployment_scripts/puppet/modules/contrail/templates/contrail-schema.conf.erb
View File

@ -12,7 +12,7 @@ disc_server_ip=<%= scope.lookupvar('contrail::contrail_private_vip') %>
disc_server_port=5998
log_local=1
log_level=SYS_NOTICE
rabbit_server=<%= scope.lookupvar('contrail::mos_mgmt_vip') %>
rabbit_server=<%= scope.lookupvar('contrail::contrail_private_vip') %>
rabbit_port=5673
rabbit_user = nova
rabbit_password = <%= scope.lookupvar('contrail::rabbit_password') %>

2
deployment_scripts/puppet/modules/contrail/templates/contrail-svc-monitor.conf.erb
View File

@ -13,7 +13,7 @@ disc_server_port=5998
region_name=RegionOne
log_local=1
log_level=SYS_NOTICE
rabbit_server=<%= scope.lookupvar('contrail::mos_mgmt_vip') %>
rabbit_server=<%= scope.lookupvar('contrail::contrail_private_vip') %>
rabbit_port=5673
rabbit_password = <%= scope.lookupvar('contrail::rabbit_password') %>
rabbit_user = nova

96
deployment_scripts/puppet/modules/contrail/templates/haproxy.cfg.erb
View File

@ -1,96 +0,0 @@
global
tune.maxrewrite 1024
tune.bufsize 16384
tune.maxrewrite 1024
tune.bufsize 16384
tune.maxrewrite 1024
tune.bufsize 16384
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin
stats timeout 30s
user haproxy
group haproxy
daemon
# Default SSL material locations
ca-base /etc/ssl/certs
crt-base /etc/ssl/private
# Default ciphers to use on SSL-enabled listening sockets.
# For more information, see ciphers(1SSL).
ssl-default-bind-ciphers kEECDH+aRSA+AES:kRSA+AES:+AES256:RC4-SHA:!kEDH:!LOW:!EXP:!MD5:!aNULL:!eNULL
defaults
log global
mode http
option tcplog
option dontlognull
timeout connect 5000
timeout client 50000
timeout server 50000
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http
#contrail-collector-marker-start
listen contrail-collector-stats :5938
mode http
stats enable
stats uri /
stats auth haproxy:contrail123
frontend contrail-analytics-api *:8081
default_backend contrail-analytics-api
backend contrail-analytics-api
option nolinger
balance roundrobin
option tcp-check
tcp-check connect port 6379
default-server error-limit 1 on-error mark-down
<%- scope.lookupvar('contrail::baseos_ips').each_with_index do |ip, i| -%>
server <%= ip %> <%= ip %>:9081 check inter 2000 rise 2 fall 3
<%- end -%>
#contrail-collector-marker-end
#contrail-config-marker-start
global
tune.maxrewrite 1024
listen contrail-config-stats :5937
mode http
stats enable
stats uri /
stats auth haproxy:contrail123
frontend contrail-api *:8082
default_backend contrail-api-backend
timeout client 3m
frontend contrail-discovery *:5998
default_backend contrail-discovery-backend
backend contrail-api-backend
option nolinger
timeout server 3m
balance roundrobin
<%- scope.lookupvar('contrail::baseos_ips').each_with_index do |ip, i| -%>
server <%= ip %> <%= ip %>:9100 check inter 2000 rise 2 fall 3
<%- end -%>
backend contrail-discovery-backend
option nolinger
balance roundrobin
<%- scope.lookupvar('contrail::baseos_ips').each_with_index do |ip, i| -%>
server <%= ip %> <%= ip %>:9110 check inter 2000 rise 2 fall 3
<%- end -%>
#contrail-config-marker-end

83
deployment_scripts/puppet/modules/contrail/templates/keepalived.conf.erb
View File

@ -1,83 +0,0 @@
vrrp_script chk_haproxy_INTERNAL {
script "killall -0 haproxy" # verify if pid exists
interval 1
timeout 3
rise 2
fall 2
}
vrrp_script chk_ctrldatanet_INTERNAL {
script "/opt/contrail/bin/chk_ctrldata.sh"
interval 1
timeout 3
rise 1
fall 1
}
vrrp_instance INTERNAL {
interface <%= scope.lookupvar('contrail::interface') %>
state MASTER
preempt_delay 7
garp_master_delay 5
garp_master_repeat 3
garp_master_refresh 1
advert_int 1
virtual_router_id 101
vmac_xmit_base
priority 101
virtual_ipaddress {
<%= scope.lookupvar('contrail::contrail_private_vip') %>/<%= scope.lookupvar('contrail::netmask_short') %> dev <%= scope.lookupvar('contrail::interface') %>
}
track_script {
chk_haproxy_INTERNAL
}
track_script {
chk_ctrldatanet_INTERNAL
}
track_interface {
<%= scope.lookupvar('contrail::interface') %>
}
}
vrrp_script chk_haproxy_EXTERNAL {
script "killall -0 haproxy" # verify if pid exists
interval 1
timeout 3
rise 2
fall 2
}
vrrp_script chk_ctrldatanet_EXTERNAL {
script "/opt/contrail/bin/chk_ctrldata.sh"
interval 1
timeout 3
rise 1
fall 1
}
vrrp_instance EXTERNAL {
interface <%= scope.lookupvar('contrail::mgmt_if') %>
state MASTER
preempt_delay 7
garp_master_delay 5
garp_master_repeat 3
garp_master_refresh 1
advert_int 1
virtual_router_id 201
vmac_xmit_base
priority 201
virtual_ipaddress {
<%= scope.lookupvar('contrail::contrail_mgmt_vip') %>/<%= scope.lookupvar('contrail::mgmt_netmask_short') %> dev <%= scope.lookupvar('contrail::mgmt_if') %>
}
track_script {
chk_haproxy_EXTERNAL
}
track_script {
chk_ctrldatanet_EXTERNAL
}
track_interface {
<%= scope.lookupvar('contrail::mgmt_if') %>
}
}

10
deployment_tasks.yaml
View File

@ -102,6 +102,16 @@
puppet_manifest: puppet/manifests/contrail-db.pp
puppet_modules: puppet/modules:/etc/puppet/modules
timeout: 3600
# Configure haproxy on OpenStack Controllers
- id: openstack-haproxy-contrail
type: puppet
role: [primary-controller, controller]
required_for: [deploy_end]
requires: [deploy_start, openstack-haproxy, rabbitmq]
parameters:
puppet_manifest: puppet/manifests/controller-vip.pp
puppet_modules: puppet/modules:/etc/puppet/modules
timeout: 720
# Install and configure Contrail Config, Contrail Analytics, Contrail WebUI
# this task is performed on one node initially to allow discovery service to start up
- id: contrail-config-primary

17
network_roles.yaml Normal file
View File

@ -0,0 +1,17 @@
# Unique network role name
- id: "contrail/vip"
# Role mapping to network
default_mapping: "private"
properties:
# Should be true if network role requires subnet being set
subnet: true
# Should be true if network role requires gateway being set
gateway: false
# List of VIPs to be allocated
vip:
# Unique VIP name
- name: "contrail_priv"
# Optional linux namespace for VIP
namespace: "haproxy"
# Optional alias so VIP can be queried via API
alias: "contrail_priv"