Optional Cinder support for undercloud

This is required to support overcloud nodes boot from volume. This support is
newly introduced in ironic in the Ocata, see the following specs for details:
http://specs.openstack.org/openstack/ironic-specs/specs/approved/boot-from-volume-reference-drivers.html
http://specs.openstack.org/openstack/ironic-specs/specs/approved/volume-connection-information.html

The implementation is mostly copied from overcloud cinder services, except
that only iscsi backend is enabled, as ironic only supports it for now.

The backup service is not enabled as part of this patch for simplicity.

Partially implements: blueprint undercloud-boot-from-volume

Change-Id: I7068c85be421d7642514c30bc47bc05589d43551

elements/puppet-stack-config/puppet-stack-config.pp

@@ -56,6 +56,7 @@ Exec<| title == 'ironic-dbsync' |> { refreshonly => false }
 Exec<| title == 'mistral-db-sync' |> { refreshonly => false }
 Exec<| title == 'mistral-db-populate' |> { refreshonly => false }
 Exec<| title == 'zaqar-manage db_sync' |> { refreshonly => false }
+Exec<| title == 'cinder-manage db_sync' |> { refreshonly => false }
 
 if count(hiera('ntp::servers')) > 0 {
   include ::ntp
@@ -546,6 +547,40 @@ if str2bool(hiera('enable_zaqar', true)) {
   }
 }
 
+if str2bool(hiera('enable_cinder', true)) {
+  $cinder_dsn = split(hiera('cinder::database_connection'), '[@:/?]')
+  class { '::cinder::db::mysql':
+    user          => $cinder_dsn[3],
+    password      => $cinder_dsn[4],
+    host          => $cinder_dsn[5],
+    dbname        => $cinder_dsn[6],
+    allowed_hosts => $allowed_hosts,
+  }
+  include ::cinder::keystone::auth
+
+  include ::cinder
+  include ::cinder::api
+  include ::cinder::cron::db_purge
+  include ::cinder::config
+  include ::cinder::glance
+  include ::cinder::scheduler
+  include ::cinder::volume
+  include ::cinder::wsgi::apache
+
+  $cinder_backend_name = hiera('cinder_backend_name')
+  cinder::backend::iscsi { $cinder_backend_name:
+    iscsi_ip_address => hiera('cinder_iscsi_address'),
+    iscsi_helper     => 'lioadm',
+    iscsi_protocol   => 'iscsi'
+  }
+
+  include ::cinder::backends
+
+  if str2bool(hiera('cinder_enable_test_volume', false)) {
+    include ::cinder::setup_test_volume
+  }
+}
+
 # dependency of pxe_drac
 ensure_resource('package', 'python-dracclient')
 # dependency of pxe_ilo

elements/puppet-stack-config/puppet-stack-config.yaml.template

@@ -532,6 +532,39 @@ zaqar::messaging::mongodb::uri: mongodb://127.0.0.1:27017
 zaqar::message_pipeline: 'zaqar.notification.notifier'
 zaqar::max_messages_post_size: 1048576
 
+# Cinder
+cinder_backend_name: 'undercloud_iscsi'
+cinder_enable_test_volume: false
+cinder_iscsi_address: {{LOCAL_IP}}
+cinder::api::enable_proxy_headers_parsing: true
+cinder::api::service_name: 'httpd'
+cinder::api::nova_catalog_info: 'compute:Compute Service:internalURL'
+cinder::backends::enabled_backends: ["%{hiera('cinder_backend_name')}"]
+cinder::cron::db_purge::destination: "/dev/null"
+cinder::database_connection: mysql+pymysql://cinder:{{UNDERCLOUD_CINDER_PASSWORD}}@{{LOCAL_IP}}/cinder
+cinder::db::database_db_max_retries: -1
+cinder::db::database_max_retries: -1
+cinder::debug: "%{hiera('debug')}"
+cinder::glance::glance_api_servers: {{UNDERCLOUD_ENDPOINT_GLANCE_PUBLIC}}
+cinder::keystone::auth::tenant: 'service'
+cinder::keystone::auth::public_url: {{UNDERCLOUD_ENDPOINT_CINDER_PUBLIC}}
+cinder::keystone::auth::internal_url: {{UNDERCLOUD_ENDPOINT_CINDER_INTERNAL}}
+cinder::keystone::auth::admin_url: {{UNDERCLOUD_ENDPOINT_CINDER_ADMIN}}
+cinder::keystone::auth::region: 'regionOne'
+cinder::keystone::auth::password: {{UNDERCLOUD_CINDER_PASSWORD}}
+cinder::keystone::authtoken::project_name: 'service'
+cinder::keystone::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}"
+cinder::keystone::authtoken::auth_url: "%{hiera('keystone_identity_uri')}"
+cinder::keystone::authtoken::password: {{UNDERCLOUD_CINDER_PASSWORD}}
+cinder::rabbit_userid: {{UNDERCLOUD_RABBIT_USERNAME}}
+cinder::rabbit_password: {{UNDERCLOUD_RABBIT_PASSWORD}}
+cinder::rabbit_host: {{LOCAL_IP}}
+cinder::scheduler::scheduler_driver: cinder.scheduler.filter_scheduler.FilterScheduler
+cinder::setup_test_volume::size: '10280M'
+cinder::wsgi::apache::bind_host: {{LOCAL_IP}}
+cinder::wsgi::apache::ssl: false
+cinder::wsgi::apache::workers: "%{::os_workers}"
+
 # HAproxy
 tripleo::profile::base::haproxy::step: 1
 tripleo::haproxy::haproxy_stats_password: {{UNDERCLOUD_HAPROXY_STATS_PASSWORD}}
@@ -602,6 +635,7 @@ enable_zaqar: {{ENABLE_ZAQAR}}
 enable_validations: {{ENABLE_VALIDATIONS}}
 enable_telemetry: {{ENABLE_TELEMETRY}}
 enable_ui: {{ENABLE_UI}}
+enable_cinder: {{ENABLE_CINDER}}
 
 # Path to install configuration files
 tripleo_install_user: {{TRIPLEO_INSTALL_USER}}

elements/undercloud-install/os-apply-config/root/tripleo-undercloud-passwords

@@ -21,3 +21,4 @@ UNDERCLOUD_SWIFT_HASH_SUFFIX=$(sudo hiera swift::swift_hash_suffix)
 UNDERCLOUD_SWIFT_PASSWORD=$(sudo hiera swift::proxy::authtoken::admin_password)
 UNDERCLOUD_MISTRAL_PASSWORD=$(sudo hiera mistral::admin_password)
 UNDERCLOUD_ZAQAR_PASSWORD=$(sudo hiera zaqar::keystone::authtoken::password)
+UNDERCLOUD_CINDER_PASSWORD=$(sudo hiera cinder::keystone::authtoken::password)

instack_undercloud/tests/test_undercloud.py

@@ -290,7 +290,7 @@ class TestGenerateEnvironment(BaseTestCase):
         env = undercloud._generate_environment('.')
         endpoint_vars = {k: v for (k, v) in env.items()
                          if k.startswith('UNDERCLOUD_ENDPOINT')}
-        self.assertEqual(39, len(endpoint_vars))
+        self.assertEqual(42, len(endpoint_vars))
         # Spot check one service
         self.assertEqual('http://192.168.24.1:5000',
                          env['UNDERCLOUD_ENDPOINT_KEYSTONE_PUBLIC'])

instack_undercloud/undercloud.py

@@ -286,6 +286,10 @@ _opts = [
                 help=('Whether to install requirements to run the TripleO '
                       'validations.')
                 ),
+    cfg.BoolOpt('enable_cinder',
+                default=False,
+                help=('Whether to install the Volume service to be boot '
+                      'overcloud nodes from remote volumes.')),
     cfg.BoolOpt('ipxe_enabled',
                 default=True,
                 help=('Whether to use iPXE for deploy and inspection.'),
@@ -414,6 +418,10 @@ _auth_opts = [
                help=('Horizon secret key. '
                      'If left unset, one will be automatically generated.')
                ),
+    cfg.StrOpt('undercloud_cinder_password',
+               help=('Cinder service password. '
+                     'If left unset, one will be automatically generated.')
+               ),
 ]
 CONF.register_opts(_opts)
 CONF.register_opts(_auth_opts, group='auth')
@@ -703,6 +711,10 @@ def _generate_endpoints(instack_env):
             '%s://%s:%d',
             {'host': public_host, 'port': 8888, 'ssl_port': 13888},
             {'host': internal_host, 'port': 8888}),
+        ('cinder',
+            '%s://%s:%d/v1/%%(tenant_id)s',
+            {'host': public_host, 'port': 8776, 'ssl_port': 13776},
+            {'host': internal_host, 'port': 8776}),
     ]
     for endpoint_data in endpoint_list:
         endpoints.update(

undercloud.conf.sample

@@ -159,6 +159,10 @@
 # (boolean value)
 #enable_validations = true
 
+# Whether to install the Volume service to be boot overcloud nodes
+# from remote volumes. (boolean value)
+#enable_cinder = false
+
 # Whether to use iPXE for deploy and inspection. (boolean value)
 # Deprecated group/name - [DEFAULT]/ipxe_deploy
 #ipxe_enabled = true
@@ -285,3 +289,7 @@
 # Horizon secret key. If left unset, one will be automatically
 # generated. (string value)
 #undercloud_horizon_secret_key = <None>
+
+# Cinder service password. If left unset, one will be automatically
+# generated. (string value)
+#undercloud_cinder_password = <None>