Add network group, move neutron and load balancing services to it

In many cases network services will be provided by controllers, but
this allows these services to be separated.

ansible/group_vars/all/controllers

@@ -12,7 +12,9 @@ controller_bootstrap_user: "{{ lookup('env', 'USER') }}"
 # List of networks to which controller nodes are attached.
 controller_network_interfaces: >
   {{ (controller_default_network_interfaces +
-      controller_extra_network_interfaces) | unique | list }}
+      controller_extra_network_interfaces +
+      controller_network_host_network_interfaces
+      if inventory_hostname in groups['network'] else []) | unique | list }}
 
 # List of default networks to which controller nodes are attached.
 controller_default_network_interfaces: >
@@ -20,14 +22,17 @@ controller_default_network_interfaces: >
       oob_wl_net_name,
       provision_wl_net_name,
       internal_net_name,
-      public_net_name,
-      external_net_name,
       storage_net_name,
       storage_mgmt_net_name] | unique | list }}
 
 # List of extra networks to which controller nodes are attached.
 controller_extra_network_interfaces: []
 
+# List of network interfaces to which network nodes are attached.
+controller_network_host_network_interfaces: >
+  {{ [public_net_name,
+      external_net_name] | unique | list }}
+
 ###############################################################################
 # Controller node BIOS configuration.
 

ansible/kolla-ansible.yml

@@ -8,6 +8,7 @@
     # gracefully.
     # NOTE: Per-host configuration is not currently supported.
     controller_host: "{{ groups['controllers'][0] }}"
+    network_host: "{{ groups['network'][0] }}"
     seed_host: "{{ groups['seed'][0] }}"
   pre_tasks:
     # Configuration of extra user-provided Kolla globals.
@@ -28,6 +29,41 @@
         - config
 
     # Configuration and validation of controller networking.
+    - block:
+        - name: Set facts containing the controller network interfaces
+          set_fact:
+            kolla_network_interface: "{{ internal_net_name | net_interface(controller_host) | replace('-', '_') }}"
+            kolla_api_interface: "{{ internal_net_name | net_interface(controller_host) | replace('-', '_') }}"
+            kolla_storage_interface: "{{ storage_net_name | net_interface(controller_host) | replace('-', '_') }}"
+            kolla_cluster_interface: "{{ storage_mgmt_net_name | net_interface(controller_host) | replace('-', '_') }}"
+            kolla_provision_interface: "{{ provision_wl_net_name | net_interface(controller_host) | replace('-', '_') }}"
+            kolla_inspector_dnsmasq_interface: "{{ provision_wl_net_name | net_interface(controller_host) | replace('-', '_') }}"
+
+        - name: Validate controller Kolla Ansible network configuration
+          fail:
+            msg: >
+              The Kolla Ansible variable {{ item.var_name }}
+              ({{ item.description }}) is invalid. Value:
+              "{{ hostvars[inventory_hostname][item.var_name] | default('<undefined>') }}".
+          when:
+            - "{{ item.required | bool }}"
+            - "{{ hostvars[inventory_hostname][item.var_name] is not defined or not hostvars[inventory_hostname][item.var_name] }}"
+          with_items:
+            - var_name: "kolla_api_interface"
+              description: "API network interface name"
+              required: True
+            - var_name: "kolla_provision_interface"
+              description: "Bare metal provisioning network interface name"
+              required: "{{ kolla_enable_ironic }}"
+            - var_name: "kolla_inspector_dnsmasq_interface"
+              description: "Bare metal introspection network interface name"
+              required: "{{ kolla_enable_ironic }}"
+      when: "{{ groups['controllers'] | length > 0 }}"
+      tags:
+        - config
+        - config-validation
+
+    # Configuration and validation of network host networking.
     - block:
         - name: Set facts containing the VIP addresses and FQDNs
           set_fact:
@@ -39,22 +75,19 @@
 
         - name: Set facts containing the VIP addresses and FQDNs
           set_fact:
-            kolla_internal_vip_address: "{{ internal_net_name | net_ip(controller_host) }}"
-            kolla_internal_fqdn: "{{ internal_net_name | net_ip(controller_host) }}"
-            kolla_external_vip_address: "{{ public_net_name | net_ip(controller_host) }}"
-            kolla_external_fqdn: "{{ public_net_name | net_ip(controller_host) }}"
+            kolla_internal_vip_address: "{{ internal_net_name | net_ip(network_host) }}"
+            kolla_internal_fqdn: "{{ internal_net_name | net_ip(network_host) }}"
+            kolla_external_vip_address: "{{ public_net_name | net_ip(network_host) }}"
+            kolla_external_fqdn: "{{ public_net_name | net_ip(network_host) }}"
           when:
             - "{{ not kolla_enable_haproxy | bool }}"
 
-        - name: Set facts containing the controller network interfaces
+        - name: Set facts containing the network host interfaces
+          set_fact:
+            kolla_external_vip_interface: "{{ public_net_name | net_interface(network_host) | replace('-', '_') }}"
+
+        - name: Initialise facts containing the network host interfaces
           set_fact:
-            kolla_network_interface: "{{ internal_net_name | net_interface(controller_host) | replace('-', '_') }}"
-            kolla_external_vip_interface: "{{ public_net_name | net_interface(controller_host) | replace('-', '_') }}"
-            kolla_api_interface: "{{ internal_net_name | net_interface(controller_host) | replace('-', '_') }}"
-            kolla_storage_interface: "{{ storage_net_name | net_interface(controller_host) | replace('-', '_') }}"
-            kolla_cluster_interface: "{{ storage_mgmt_net_name | net_interface(controller_host) | replace('-', '_') }}"
-            kolla_provision_interface: "{{ provision_wl_net_name | net_interface(controller_host) | replace('-', '_') }}"
-            kolla_inspector_dnsmasq_interface: "{{ provision_wl_net_name | net_interface(controller_host) | replace('-', '_') }}"
             # Initialise the following lists.
             kolla_neutron_bridge_names: []
             kolla_neutron_external_interfaces: []
@@ -68,12 +101,13 @@
           set_fact:
             kolla_neutron_bridge_interfaces: >
               {{ kolla_neutron_bridge_interfaces |
-                 union([item | net_interface(controller_host) | replace('.' ~ item | net_vlan(controller_host) | default('!nomatch!'), '')]) |
+                 union([item | net_interface(network_host) | replace('.' ~ item | net_vlan(network_host) | default('!nomatch!'), '')]) |
                  list }}
           with_items:
+            # FIXME: Network host does not have an IP on this network.
             - "{{ provision_wl_net_name }}"
             - "{{ external_net_name }}"
-          when: "{{ item in hostvars[controller_host].network_interfaces }}"
+          when: "{{ item in hostvars[network_host].network_interfaces }}"
 
         - name: Set facts containing the Neutron bridge and interface names
           set_fact:
@@ -85,7 +119,7 @@
                  [network_patch_prefix ~ item ~ network_patch_suffix_ovs] }}
           with_items: "{{ kolla_neutron_bridge_interfaces }}"
 
-        - name: Validate controller Kolla Ansible network configuration
+        - name: Validate network host Kolla Ansible network configuration
           fail:
             msg: >
               The Kolla Ansible variable {{ item.var_name }}
@@ -107,18 +141,9 @@
             - var_name: "kolla_external_fqdn"
               description: "External API Fully Qualified Domain Name (FQDN)"
               required: True
-            - var_name: "kolla_api_interface"
-              description: "API network interface name"
-              required: True
             - var_name: "kolla_external_vip_interface"
               description: "External network interface name"
               required: True
-            - var_name: "kolla_provision_interface"
-              description: "Bare metal provisioning network interface name"
-              required: "{{ kolla_enable_ironic }}"
-            - var_name: "kolla_inspector_dnsmasq_interface"
-              description: "Bare metal introspection network interface name"
-              required: "{{ kolla_enable_ironic }}"
             - var_name: "kolla_neutron_bridge_names"
               description: "List of Neutron bridge names"
               required: True
@@ -126,7 +151,7 @@
               description: "List of Neutron interface names"
               required: True
 
-        - name: Validate controller Kolla Ansible Neutron bridge and interface configuration
+        - name: Validate network host Kolla Ansible Neutron bridge and interface configuration
           fail:
             msg: >
               The Kolla Ansible variable {{ item.0.var_name }}
@@ -145,7 +170,7 @@
                 description: "List of Neutron interface names"
                 required: True
             - value
-      when: "{{ groups['controllers'] | length > 0 }}"
+      when: "{{ groups['network'] | length > 0 }}"
       tags:
         - config
         - config-validation

ansible/network.yml

@@ -66,10 +66,10 @@
            list }}
       become: True
 
-# Configure a virtual ethernet patch links to connect the workload provision
+# Configure virtual ethernet patch links to connect the workload provision
 # and external network bridges to the Neutron OVS bridge.
-- name: Ensure controller workload OVS patch links exist
-  hosts: controllers
+- name: Ensure OVS patch links exist
+  hosts: network
   tags:
     - config
   vars:

doc/source/architecture.rst

@@ -15,10 +15,10 @@ Seed host
     the cloud hosts.  Typically the seed host is deployed as a VM but this is
     not mandatory.
 Cloud hosts
-    The cloud hosts run the OpenStack control plane, storage, and virtualised
-    compute services.  Typically the cloud hosts run on bare metal but this is
-    not mandatory.
-Bare metal compute hosts:
+    The cloud hosts run the OpenStack control plane, network, monitoring,
+    storage, and virtualised compute services.  Typically the cloud hosts run
+    on bare metal but this is not mandatory.
+Bare metal compute hosts
     In a cloud providing bare metal compute services to tenants via ironic,
     these hosts will run the bare metal tenant workloads.  In a cloud with only
     virtualised compute this category of hosts does not exist.
@@ -28,6 +28,20 @@ Bare metal compute hosts:
    In many cases the control and seed host will be the same, although this is
    not mandatory.
 
+Cloud Hosts
+-----------
+
+Cloud hosts can further be divided into subclasses.
+
+Controllers
+    Controller hosts run the OpenStack control plane services.
+Network
+    Network hosts run the neutron networking services and load balancers for
+    the OpenStack API services.
+Monitoring
+    Monitoring host run the control plane and workload monitoring services.
+    Currently, kayobe does not deploy any services onto monitoring hosts.
+
 Networks
 ========
 

etc/kayobe/controllers.yml

@@ -18,6 +18,9 @@
 # List of extra networks to which controller nodes are attached.
 #controller_extra_network_interfaces:
 
+# List of network interfaces to which network nodes are attached.
+#controller_network_host_network_interfaces:
+
 ###############################################################################
 # Controller node BIOS configuration.
 

etc/kayobe/inventory/groups

@@ -7,17 +7,24 @@
 [controllers]
 # Empty group to provide declaration of controllers group.
 
+[network:children]
+# Add controllers to network group by default for backwards compatibility,
+# although they could be separate hosts.
+controllers
+
 [monitoring]
 # Empty group to provide declaration of monitoring group.
 
 [overcloud:children]
 controllers
+network
 monitoring
 
 [docker:children]
 # Hosts in this group will have Docker installed.
 seed
 controllers
+network
 monitoring
 
 ###############################################################################