openstack/kayobe
Code Issues Proposed changes
50f5fb14e3
kayobe/ansible/provision-net.yml
Mark Goddard cd24b6d98e ironic: Set MTU on provisioning and cleaning Neutron networks 
Previously we were not applying an MTU defined in Kayobe networks.yml to
the provisioning and cleaning networks in Neutron. This could lead to
issues when nodes communicate with the Ironic and Inspector APIs.

Change-Id: Id9418e4e88c52056412daa22462aa611bfcc59ae
2022-04-29 17:09:49 +01:00

131 lines
6.1 KiB
YAML
Raw Blame History

---
- name: Check whether Ironic is enabled
hosts: controllers
gather_facts: False
tags:
- provision-net
- cleaning-net
tasks:
- name: Create controllers group with ironic enabled
group_by:
key: "controllers_for_provision_net_{{ kolla_enable_ironic | bool }}"
changed_when: false
- name: Ensure provisioning and cleaning networks and subnets are registered in neutron
# Only required to run on a single host.
hosts: controllers_for_provision_net_True[0]
vars:
venv: "{{ virtualenv_path }}/openstacksdk"
provision_net:
name: "{{ kolla_ironic_provisioning_network }}"
mtu: "{{ provision_wl_net_name | net_mtu | default(omit, True) }}"
provider_network_type: "{% if provision_wl_net_name | net_vlan %}vlan{% else %}flat{% endif %}"
provider_physical_network: "{{ provision_wl_net_name | net_physical_network | default('physnet1', True) }}"
provider_segmentation_id: "{{ provision_wl_net_name | net_vlan }}"
# Flat networks need to be shared to allow instances to use them.
shared: "{{ (provision_wl_net_name | net_vlan) is none }}"
subnets:
- name: "{{ kolla_ironic_provisioning_network }}"
cidr: "{{ provision_wl_net_name | net_cidr }}"
gateway_ip: "{{ provision_wl_net_name | net_neutron_gateway or provision_wl_net_name | net_gateway }}"
allocation_pool_start: "{{ provision_wl_net_name | net_neutron_allocation_pool_start }}"
allocation_pool_end: "{{ provision_wl_net_name | net_neutron_allocation_pool_end }}"
cleaning_net:
name: "{{ kolla_ironic_cleaning_network }}"
mtu: "{{ cleaning_net_name | net_mtu | default(omit, True) }}"
provider_network_type: "{% if cleaning_net_name | net_vlan %}vlan{% else %}flat{% endif %}"
provider_physical_network: "{{ cleaning_net_name | net_physical_network | default('physnet1', True) }}"
provider_segmentation_id: "{{ cleaning_net_name | net_vlan }}"
# Flat networks need to be shared to allow instances to use them.
shared: "{{ (cleaning_net_name | net_vlan) is none }}"
subnets:
- name: "{{ kolla_ironic_cleaning_network }}"
cidr: "{{ cleaning_net_name | net_cidr }}"
gateway_ip: "{{ cleaning_net_name | net_neutron_gateway or cleaning_net_name | net_gateway }}"
allocation_pool_start: "{{ cleaning_net_name | net_neutron_allocation_pool_start }}"
allocation_pool_end: "{{ cleaning_net_name | net_neutron_allocation_pool_end }}"
network_registrations: "{{ [provision_net] + ([] if cleaning_net_name == provision_wl_net_name else [cleaning_net]) }}"
tags:
- provision-net
- cleaning-net
pre_tasks:
- name: Validate OpenStack password authentication parameters
fail:
msg: >
Required OpenStack authentication parameter {{ item }} is
{% if item in openstack_auth %}empty{% else %}not present{% endif %}
in openstack_auth. Have you sourced the environment file?
when:
- openstack_auth_type == 'password'
- item not in openstack_auth or not openstack_auth[item]
with_items: "{{ openstack_auth_password_required_params }}"
tags:
- config-validation
roles:
- role: stackhpc.os-networks
os_openstacksdk_install_epel: "{{ dnf_install_epel }}"
os_openstacksdk_state: latest
os_networks_upper_constraints_file: "{{ pip_upper_constraints_file }}"
os_networks_venv: "{{ venv }}"
os_networks_auth_type: "{{ openstack_auth_type }}"
os_networks_auth: "{{ openstack_auth }}"
os_networks_cacert: "{{ openstack_cacert | default(omit, true) }}"
os_networks_interface: "{{ openstack_interface | default(omit, true) }}"
# Network configuration.
os_networks: "{{ network_registrations }}"
tasks:
# NOTE(mgoddard): Originally, provisioning and cleaning networks were
# always shared. However now, VLAN networks are not shared. The os_network
# module does not appear to update networks after they have been created,
# so during this transition we manually update them here if necessary.
# TODO(mgoddard): Remove this code after a suitable transition period.
- name: Ensure python-openstackclient is installed
pip:
name: python-openstackclient
state: latest
extra_args: "{% if pip_upper_constraints_file %}-c {{ pip_upper_constraints_file }}{% endif %}"
virtualenv: "{{ venv }}"
when: network_registrations | rejectattr('shared') | list | length > 0
- block:
- name: Gather facts about provisioning network
os_networks_info:
auth: "{{ openstack_auth }}"
auth_type: "{{ openstack_auth_type }}"
cacert: "{{ openstack_cacert | default(omit, true) }}"
interface: "{{ openstack_interface | default(omit, true) }}"
name: "{{ provision_net.name }}"
register: provisioning_network_facts
- name: Set provisioning network to unshared
command: "{{ venv }}/bin/openstack network set {{ provision_net.name }} --no-share"
changed_when: true
when: provisioning_network_facts.openstack_networks[0].shared
environment: "{{ openstack_auth_env }}"
vars:
ansible_python_interpreter: "{{ venv }}/bin/python"
when: not provision_net.shared | bool
- block:
- name: Gather facts about cleaning network
os_networks_info:
auth: "{{ openstack_auth }}"
auth_type: "{{ openstack_auth_type }}"
cacert: "{{ openstack_cacert | default(omit, true) }}"
interface: "{{ openstack_interface | default(omit, true) }}"
name: "{{ cleaning_net.name }}"
register: cleaning_network_facts
- name: Set cleaning network to unshared
command: "{{ venv }}/bin/openstack network set {{ cleaning_net.name }} --no-share"
changed_when: true
when: cleaning_network_facts.openstack_networks[0].shared
environment: "{{ openstack_auth_env }}"
vars:
ansible_python_interpreter: "{{ venv }}/bin/python"
when:
- cleaning_net_name != provision_wl_net_name
- not cleaning_net.shared | bool
View Git Blame Copy Permalink