openstack/kayobe
Code Issues Proposed changes

Use internal API endpoints in overcloud API interaction

Browse Source 
Connections default to 'public' interface when attempting to run
openstack commands.  This breaks setups where the network hosts are
separate from the controllers.

This change adds an ``openstack_interface`` variable to select the
correct endpoint to use, which defaults to ``internal``.

Co-Authored-By: Michael Senizaiz <michael@r-hpc.com>

Change-Id: Ifa766d2cc3ed7077f03c571398072ad5117701c6
Story: 2006814
Task: 37374
This commit is contained in:
Kayobe deployment user 2019-11-05 22:25:56 +00:00 committed by Mark Goddard
parent a02c65832c
commit 84d17b055e
16 changed files with 33 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
ansible/baremetal-compute-inspect.yml
View File

@ -37,6 +37,7 @@
auth_type: "{{ openstack_auth_type }}"
auth: "{{ openstack_auth }}"
cacert: "{{ openstack_cacert | default(omit, true) }}"
interface: "{{ openstack_interface | default(omit, true) }}"
name: "{{ inventory_hostname }}"
timeout: "{{ baremetal_compute_timeout }}"
wait: "{{ baremetal_compute_wait }}"

1
ansible/baremetal-compute-manage.yml
View File

@ -35,6 +35,7 @@
os_ironic_state_auth_type: "{{ openstack_auth_type }}"
os_ironic_state_auth: "{{ openstack_auth }}"
os_ironic_state_cacert: "{{ openstack_cacert }}"
os_ironic_state_interface: "{{ openstack_interface }}"
os_ironic_state_name: "{{ inventory_hostname }}"
os_ironic_state_provision_state: "manage"
os_ironic_state_wait: "{{ baremetal_compute_wait }}"

1
ansible/baremetal-compute-provide.yml
View File

@ -35,6 +35,7 @@
os_ironic_state_auth_type: "{{ openstack_auth_type }}"
os_ironic_state_auth: "{{ openstack_auth }}"
os_ironic_state_cacert: "{{ openstack_cacert }}"
os_ironic_state_interface: "{{ openstack_interface }}"
os_ironic_state_name: "{{ inventory_hostname }}"
os_ironic_state_provision_state: "provide"
os_ironic_state_wait: "{{ baremetal_compute_wait }}"

3
ansible/group_vars/all/openstack
View File

@ -30,6 +30,9 @@ openstack_auth:
# Overcloud CA certificate path.
openstack_cacert: "{{ lookup('env', 'OS_CACERT') }}"
# Overcloud interface (public, internal, admin).
openstack_interface: internal
# Overcloud authentication environment variables. These should be compatible
# with the openstack client.
# By default we pull these from the environment of the shell executing Ansible.

1
ansible/overcloud-introspection-rules-dell-lldp-workaround.yml
View File

@ -130,3 +130,4 @@
ironic_inspector_auth_type: "{{ openstack_auth_type }}"
ironic_inspector_auth: "{{ openstack_auth }}"
ironic_inspector_cacert: "{{ openstack_cacert }}"
ironic_inspector_interface: "{{ openstack_interface }}"

1
ansible/overcloud-introspection-rules.yml
View File

@ -64,6 +64,7 @@
ironic_inspector_auth_type: "{{ openstack_auth_type }}"
ironic_inspector_auth: "{{ openstack_auth }}"
ironic_inspector_cacert: "{{ openstack_cacert }}"
ironic_inspector_interface: "{{ openstack_interface }}"
ironic_inspector_rules: "{{ inspector_rules }}"
# These variables may be referenced in the introspection rules.
inspector_rule_var_ipmi_username: "{{ inspector_ipmi_username }}"

1
ansible/overcloud-ipa-images.yml
View File

@ -107,4 +107,5 @@
ipa_images_openstack_auth: "{{ openstack_auth }}"
ipa_images_openstack_auth_env: "{{ openstack_auth_env }}"
ipa_images_openstack_cacert: "{{ openstack_cacert }}"
ipa_images_openstack_interface: "{{ openstack_interface }}"
ipa_images_cache_path: "{{ image_cache_path }}/{{ ipa_image_name }}"

3
ansible/provision-net.yml
View File

@ -68,6 +68,7 @@
os_networks_auth_type: "{{ openstack_auth_type }}"
os_networks_auth: "{{ openstack_auth }}"
os_networks_cacert: "{{ openstack_cacert | default(omit, true) }}"
os_networks_interface: "{{ openstack_interface | default(omit, true) }}"
# Network configuration.
os_networks: "{{ network_registrations }}"
tasks:
@ -96,6 +97,7 @@
auth: "{{ openstack_auth }}"
auth_type: "{{ openstack_auth_type }}"
cacert: "{{ openstack_cacert | default(omit, true) }}"
interface: "{{ openstack_interface | default(omit, true) }}"
name: "{{ provision_net.name }}"
register: provisioning_network_facts
@ -112,6 +114,7 @@
auth: "{{ openstack_auth }}"
auth_type: "{{ openstack_auth_type }}"
cacert: "{{ openstack_cacert | default(omit, true) }}"
interface: "{{ openstack_interface | default(omit, true) }}"
name: "{{ cleaning_net.name }}"
register: cleaning_network_facts

3
ansible/roles/ipa-images/defaults/main.yml
View File

@ -20,6 +20,9 @@ ipa_images_openstack_auth_env: {}
# CA certificate path.
ipa_images_openstack_caert:
# Interface (public, internal, admin).
ipa_images_openstack_interface:
# Path to directory in which to store downloaded images.
ipa_images_cache_path:

3
ansible/roles/ipa-images/tasks/main.yml
View File

@ -71,6 +71,7 @@
auth_type: "{{ ipa_images_openstack_auth_type }}"
auth: "{{ ipa_images_openstack_auth }}"
cacert: "{{ ipa_images_openstack_cacert | default(omit, true) }}"
interface: "{{ ipa_images_openstack_interface | default(omit, true) }}"
image: "{{ ipa_images_kernel_name }}"
- name: Set a fact containing the Ironic Python Agent (IPA) kernel image
@ -82,6 +83,7 @@
auth_type: "{{ ipa_images_openstack_auth_type }}"
auth: "{{ ipa_images_openstack_auth }}"
cacert: "{{ ipa_images_openstack_cacert | default(omit, true) }}"
interface: "{{ ipa_images_openstack_interface | default(omit, true) }}"
image: "{{ ipa_images_ramdisk_name }}"
- name: Set a fact containing the Ironic Python Agent (IPA) ramdisk image
@ -114,6 +116,7 @@
auth_type: "{{ ipa_images_openstack_auth_type }}"
auth: "{{ ipa_images_openstack_auth }}"
cacert: "{{ ipa_images_openstack_cacert | default(omit, true) }}"
interface: "{{ ipa_images_openstack_interface | default(omit, true) }}"
name: "{{ item.name }}"
container_format: "{{ item.format }}"
disk_format: "{{ item.format }}"

1
ansible/roles/ipa-images/tasks/set-driver-info.yml
View File

@ -5,6 +5,7 @@
auth_type: "{{ ipa_images_openstack_auth_type }}"
auth: "{{ ipa_images_openstack_auth }}"
cacert: "{{ ipa_images_openstack_cacert | default(omit, true) }}"
interface: "{{ ipa_images_openstack_interface | default(omit, true) }}"
image: "{{ item.name }}"
with_items:
- name: "{{ ipa_images_kernel_name }}"

3
ansible/roles/ironic-inspector-rules/defaults/main.yml
View File

@ -14,6 +14,9 @@ ironic_inspector_auth: {}
# CA certificate path.
ironic_inspector_cacert:
# Interface (public, internal, admin).
ironic_inspector_interface:
# URL of Ironic Inspector API endpoint.
ironic_inspector_url:

1
ansible/roles/ironic-inspector-rules/library/os_ironic_inspector_rule.py
View File

@ -85,6 +85,7 @@ def _build_client(module):
api_version = (1, 14)
client = ironic_inspector_client.v1.ClientV1(
inspector_url=module.params['inspector_url'],
interface=module.params['interface'],
session=session, region_name=module.params['region_name'],
api_version=api_version)
return client

1
ansible/roles/ironic-inspector-rules/tasks/main.yml
View File

@ -20,6 +20,7 @@
auth_type: "{{ ironic_inspector_auth_type }}"
auth: "{{ ironic_inspector_auth }}"
cacert: "{{ ironic_inspector_cacert | default(omit, true) }}"
interface: "{{ ironic_inspector_interface | default(omit, true) }}"
conditions: "{{ item.conditions }}"
actions: "{{ item.actions }}"
description: "{{ item.description | default(omit) }}"

7
releasenotes/notes/fix-post-config-public-eb72f3a692a2be6b.yaml Normal file
View File

@ -0,0 +1,7 @@
---
fixes:
- |
Fixes an issue where ``kayobe overcloud post configure`` would use the
public OpenStack API interface, which might not be accessible from the
control hosts. See `story 2006814
<https://storyboard.openstack.org/#!/story/2006814>`__ for details.

4
requirements.yml
View File

@ -32,9 +32,9 @@
- src: stackhpc.os-images
version: v1.4.0
- src: stackhpc.os-ironic-state
version: v1.1.0
version: v1.2.0
- src: stackhpc.os-networks
version: v1.1.0
version: v1.2.0
- src: stackhpc.os-openstackclient
version: v1.3.0
- src: stackhpc.os-shade