Merge "Implement automatic deploy of octavia"
This commit is contained in:
commit
4c4ad2b87b
@ -1000,15 +1000,6 @@ enable_nova_horizon_policy_file: "{{ enable_nova }}"
|
|||||||
|
|
||||||
horizon_internal_endpoint: "{{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ horizon_tls_port if kolla_enable_tls_internal | bool else horizon_port }}"
|
horizon_internal_endpoint: "{{ internal_protocol }}://{{ kolla_internal_fqdn | put_address_in_context('url') }}:{{ horizon_tls_port if kolla_enable_tls_internal | bool else horizon_port }}"
|
||||||
|
|
||||||
#################
|
|
||||||
# Octavia options
|
|
||||||
#################
|
|
||||||
# Load balancer topology options are [ SINGLE, ACTIVE_STANDBY ]
|
|
||||||
octavia_loadbalancer_topology: "SINGLE"
|
|
||||||
octavia_amp_boot_network_list:
|
|
||||||
octavia_amp_secgroup_list:
|
|
||||||
octavia_amp_flavor_id:
|
|
||||||
|
|
||||||
#################
|
#################
|
||||||
# Qinling options
|
# Qinling options
|
||||||
#################
|
#################
|
||||||
|
@ -154,3 +154,87 @@ octavia_git_repository: "{{ kolla_dev_repos_git }}/{{ project_name }}"
|
|||||||
octavia_dev_repos_pull: "{{ kolla_dev_repos_pull }}"
|
octavia_dev_repos_pull: "{{ kolla_dev_repos_pull }}"
|
||||||
octavia_dev_mode: "{{ kolla_dev_mode }}"
|
octavia_dev_mode: "{{ kolla_dev_mode }}"
|
||||||
octavia_source_version: "{{ kolla_source_version }}"
|
octavia_source_version: "{{ kolla_source_version }}"
|
||||||
|
|
||||||
|
#####################
|
||||||
|
# Integration Options
|
||||||
|
#####################
|
||||||
|
octavia_amp_ssh_key_name: "octavia_ssh_key"
|
||||||
|
octavia_amp_listen_port: "9443"
|
||||||
|
octavia_amp_image_tag: "amphora"
|
||||||
|
|
||||||
|
# Load balancer topology options are [ SINGLE, ACTIVE_STANDBY ]
|
||||||
|
octavia_loadbalancer_topology: "SINGLE"
|
||||||
|
|
||||||
|
# Whether to run Kolla-Ansible's automatic configuration for Octavia.
|
||||||
|
# NOTE: if you upgrade from Ussuri, you must set `octavia_auto_configure` to `no`
|
||||||
|
# and keep your other Octavia config like before.
|
||||||
|
octavia_auto_configure: yes
|
||||||
|
|
||||||
|
# OpenStack auth used when registering resources for Octavia.
|
||||||
|
octavia_user_auth:
|
||||||
|
auth_url: "{{ keystone_admin_url }}"
|
||||||
|
username: "octavia"
|
||||||
|
password: "{{ octavia_keystone_password }}"
|
||||||
|
project_name: "{{ octavia_service_auth_project }}"
|
||||||
|
domain_name: "{{ default_project_domain_name }}"
|
||||||
|
|
||||||
|
# Octavia amphora flavor.
|
||||||
|
# See os_nova_flavor for details. Supported parameters:
|
||||||
|
# - disk
|
||||||
|
# - ephemeral (optional)
|
||||||
|
# - extra_specs (optional)
|
||||||
|
# - flavorid (optional)
|
||||||
|
# - is_public (optional)
|
||||||
|
# - name
|
||||||
|
# - ram
|
||||||
|
# - swap (optional)
|
||||||
|
# - vcpus
|
||||||
|
octavia_amp_flavor:
|
||||||
|
name: "amphora"
|
||||||
|
is_public: no
|
||||||
|
vcpus: 1
|
||||||
|
ram: 1024
|
||||||
|
disk: 5
|
||||||
|
|
||||||
|
# Octavia security groups. lb-mgmt-sec-grp is for amphorae.
|
||||||
|
octavia_amp_security_groups:
|
||||||
|
mgmt-sec-grp:
|
||||||
|
name: "lb-mgmt-sec-grp"
|
||||||
|
rules:
|
||||||
|
- protocol: icmp
|
||||||
|
- protocol: tcp
|
||||||
|
src_port: 22
|
||||||
|
dst_port: 22
|
||||||
|
- protocol: tcp
|
||||||
|
src_port: "{{ octavia_amp_listen_port }}"
|
||||||
|
dst_port: "{{ octavia_amp_listen_port }}"
|
||||||
|
|
||||||
|
# Octavia management network.
|
||||||
|
# See os_network and os_subnet for details. Supported parameters:
|
||||||
|
# - external (optional)
|
||||||
|
# - mtu (optional)
|
||||||
|
# - name
|
||||||
|
# - provider_network_type (optional)
|
||||||
|
# - provider_physical_network (optional)
|
||||||
|
# - provider_segmentation_id (optional)
|
||||||
|
# - shared (optional)
|
||||||
|
# - subnet
|
||||||
|
# The subnet parameter has the following supported parameters:
|
||||||
|
# - allocation_pool_start (optional)
|
||||||
|
# - allocation_pool_start (optional)
|
||||||
|
# - cidr
|
||||||
|
# - enable_dhcp (optional)
|
||||||
|
# - gateway_ip (optional)
|
||||||
|
# - name
|
||||||
|
# - no_gateway_ip (optional)
|
||||||
|
octavia_amp_network:
|
||||||
|
name: lb-mgmt-net
|
||||||
|
shared: false
|
||||||
|
subnet:
|
||||||
|
name: lb-mgmt-subnet
|
||||||
|
cidr: "{{ octavia_amp_network_cidr }}"
|
||||||
|
no_gateway_ip: yes
|
||||||
|
enable_dhcp: yes
|
||||||
|
|
||||||
|
# Octavia management network subnet CIDR.
|
||||||
|
octavia_amp_network_cidr: 10.0.0.0/24
|
||||||
|
@ -82,6 +82,16 @@
|
|||||||
notify:
|
notify:
|
||||||
- "Restart {{ item.key }} container"
|
- "Restart {{ item.key }} container"
|
||||||
|
|
||||||
|
- name: Copying over Octavia SSH key
|
||||||
|
copy:
|
||||||
|
content: "{{ octavia_amp_ssh_key.private_key }}"
|
||||||
|
dest: "{{ node_config_directory }}/octavia-worker/{{ octavia_amp_ssh_key_name }}"
|
||||||
|
owner: "{{ config_owner_user }}"
|
||||||
|
group: "{{ config_owner_group }}"
|
||||||
|
mode: "0400"
|
||||||
|
become: True
|
||||||
|
when: inventory_hostname in groups[octavia_services['octavia-worker']['group']]
|
||||||
|
|
||||||
- name: Copying certificate files for octavia-worker
|
- name: Copying certificate files for octavia-worker
|
||||||
vars:
|
vars:
|
||||||
service: "{{ octavia_services['octavia-worker'] }}"
|
service: "{{ octavia_services['octavia-worker'] }}"
|
||||||
|
@ -1,6 +1,9 @@
|
|||||||
---
|
---
|
||||||
- import_tasks: register.yml
|
- import_tasks: register.yml
|
||||||
|
|
||||||
|
- include_tasks: prepare.yml
|
||||||
|
when: octavia_auto_configure | bool
|
||||||
|
|
||||||
- import_tasks: config.yml
|
- import_tasks: config.yml
|
||||||
|
|
||||||
- include_tasks: clone.yml
|
- include_tasks: clone.yml
|
||||||
|
131
ansible/roles/octavia/tasks/prepare.yml
Normal file
131
ansible/roles/octavia/tasks/prepare.yml
Normal file
@ -0,0 +1,131 @@
|
|||||||
|
---
|
||||||
|
- name: Create amphora flavor
|
||||||
|
become: true
|
||||||
|
kolla_toolbox:
|
||||||
|
module_name: os_nova_flavor
|
||||||
|
module_args:
|
||||||
|
auth: "{{ octavia_user_auth }}"
|
||||||
|
cacert: "{{ openstack_cacert }}"
|
||||||
|
endpoint_type: "{{ openstack_interface }}"
|
||||||
|
region_name: "{{ openstack_region_name }}"
|
||||||
|
state: present
|
||||||
|
is_public: "{{ octavia_amp_flavor.is_public | bool }}"
|
||||||
|
name: "{{ octavia_amp_flavor.name }}"
|
||||||
|
flavorid: "{{ octavia_amp_flavor.flavorid | default(omit, true) }}"
|
||||||
|
vcpus: "{{ octavia_amp_flavor.vcpus }}"
|
||||||
|
ram: "{{ octavia_amp_flavor.ram }}"
|
||||||
|
disk: "{{ octavia_amp_flavor.disk }}"
|
||||||
|
ephemeral: "{{ octavia_amp_flavor.ephemeral | default(omit, true) }}"
|
||||||
|
swap: "{{ octavia_amp_flavor.swap | default(omit, true) }}"
|
||||||
|
extra_specs: "{{ octavia_amp_flavor.extra_specs | default(omit, true) }}"
|
||||||
|
run_once: True
|
||||||
|
delegate_to: "{{ groups['octavia-api'][0] }}"
|
||||||
|
register: amphora_flavor_info
|
||||||
|
|
||||||
|
- name: Create nova keypair for amphora
|
||||||
|
become: True
|
||||||
|
kolla_toolbox:
|
||||||
|
module_name: os_keypair
|
||||||
|
module_args:
|
||||||
|
auth: "{{ octavia_user_auth }}"
|
||||||
|
cacert: "{{ openstack_cacert }}"
|
||||||
|
endpoint_type: "{{ openstack_interface }}"
|
||||||
|
region_name: "{{ openstack_region_name }}"
|
||||||
|
state: present
|
||||||
|
name: "{{ octavia_amp_ssh_key_name }}"
|
||||||
|
public_key: "{{ octavia_amp_ssh_key.public_key }}"
|
||||||
|
run_once: True
|
||||||
|
delegate_to: "{{ groups['octavia-api'][0] }}"
|
||||||
|
|
||||||
|
- name: Get {{ octavia_service_auth_project }} project id
|
||||||
|
become: True
|
||||||
|
kolla_toolbox:
|
||||||
|
module_name: os_project_info
|
||||||
|
module_args:
|
||||||
|
auth: "{{ octavia_user_auth }}"
|
||||||
|
cacert: "{{ openstack_cacert }}"
|
||||||
|
endpoint_type: "{{ openstack_interface }}"
|
||||||
|
region_name: "{{ openstack_region_name }}"
|
||||||
|
name: "{{ octavia_service_auth_project }}"
|
||||||
|
run_once: True
|
||||||
|
delegate_to: "{{ groups['octavia-api'][0] }}"
|
||||||
|
register: project_info
|
||||||
|
|
||||||
|
- name: Create security groups for octavia
|
||||||
|
become: true
|
||||||
|
kolla_toolbox:
|
||||||
|
module_name: os_security_group
|
||||||
|
module_args:
|
||||||
|
auth: "{{ octavia_user_auth }}"
|
||||||
|
cacert: "{{ openstack_cacert }}"
|
||||||
|
endpoint_type: "{{ openstack_interface }}"
|
||||||
|
region_name: "{{ openstack_region_name }}"
|
||||||
|
state: present
|
||||||
|
name: "{{ item.name }}"
|
||||||
|
loop: "{{ octavia_amp_security_groups.values() | list }}"
|
||||||
|
loop_control:
|
||||||
|
label: "{{ item.name }}"
|
||||||
|
run_once: True
|
||||||
|
delegate_to: "{{ groups['octavia-api'][0] }}"
|
||||||
|
register: sec_grp_info
|
||||||
|
|
||||||
|
- name: Add rules for security groups
|
||||||
|
become: true
|
||||||
|
kolla_toolbox:
|
||||||
|
module_name: os_security_group_rule
|
||||||
|
module_args:
|
||||||
|
auth: "{{ octavia_user_auth }}"
|
||||||
|
cacert: "{{ openstack_cacert }}"
|
||||||
|
endpoint_type: "{{ openstack_interface }}"
|
||||||
|
region_name: "{{ openstack_region_name }}"
|
||||||
|
security_group: "{{ item.0.name }}"
|
||||||
|
protocol: "{{ item.1.protocol }}"
|
||||||
|
port_range_min: "{{ item.1.src_port | default(omit) }}"
|
||||||
|
port_range_max: "{{ item.1.dst_port | default(omit) }}"
|
||||||
|
with_subelements:
|
||||||
|
- "{{ octavia_amp_security_groups }}"
|
||||||
|
- rules
|
||||||
|
run_once: True
|
||||||
|
delegate_to: "{{ groups['octavia-api'][0] }}"
|
||||||
|
|
||||||
|
- name: Create loadbalancer management network
|
||||||
|
become: true
|
||||||
|
kolla_toolbox:
|
||||||
|
module_name: os_network
|
||||||
|
module_args:
|
||||||
|
auth: "{{ octavia_user_auth }}"
|
||||||
|
cacert: "{{ openstack_cacert }}"
|
||||||
|
endpoint_type: "{{ openstack_interface }}"
|
||||||
|
region_name: "{{ openstack_region_name }}"
|
||||||
|
state: present
|
||||||
|
name: "{{ octavia_amp_network['name'] }}"
|
||||||
|
mtu: "{{ octavia_amp_network['mtu'] | default(omit, true) }}"
|
||||||
|
provider_network_type: "{{ octavia_amp_network['provider_network_type'] | default(omit, true) }}"
|
||||||
|
provider_physical_network: "{{ octavia_amp_network['provider_physical_network'] | default(omit, true) }}"
|
||||||
|
provider_segmentation_id: "{{ octavia_amp_network['provider_segmentation_id'] | default(omit, true) }}"
|
||||||
|
external: "{{ octavia_amp_network['external'] | default(omit) }}"
|
||||||
|
shared: "{{ octavia_amp_network['shared'] | default(omit) }}"
|
||||||
|
register: network_info
|
||||||
|
run_once: True
|
||||||
|
delegate_to: "{{ groups['octavia-api'][0] }}"
|
||||||
|
|
||||||
|
- name: Create loadbalancer management subnet
|
||||||
|
become: true
|
||||||
|
kolla_toolbox:
|
||||||
|
module_name: os_subnet
|
||||||
|
module_args:
|
||||||
|
auth: "{{ octavia_user_auth }}"
|
||||||
|
cacert: "{{ openstack_cacert }}"
|
||||||
|
endpoint_type: "{{ openstack_interface }}"
|
||||||
|
region_name: "{{ openstack_region_name }}"
|
||||||
|
state: present
|
||||||
|
network_name: "{{ octavia_amp_network['name'] }}"
|
||||||
|
name: "{{ octavia_amp_network['subnet']['name'] }}"
|
||||||
|
cidr: "{{ octavia_amp_network['subnet']['cidr'] }}"
|
||||||
|
allocation_pool_start: "{{ octavia_amp_network['subnet']['allocation_pool_start'] | default(omit, true) }}"
|
||||||
|
allocation_pool_end: "{{ octavia_amp_network['subnet']['allocation_pool_end'] | default(omit, true) }}"
|
||||||
|
enable_dhcp: "{{ octavia_amp_network['subnet']['enable_dhcp'] | default(omit) }}"
|
||||||
|
no_gateway_ip: "{{ octavia_amp_network['subnet']['no_gateway_ip'] | default(omit) }}"
|
||||||
|
gateway_ip: "{{ octavia_amp_network['gateway_ip'] | default(omit, true) }}"
|
||||||
|
run_once: True
|
||||||
|
delegate_to: "{{ groups['octavia-api'][0] }}"
|
@ -22,6 +22,7 @@ ca_certificates_file = {{ openstack_cacert }}
|
|||||||
[haproxy_amphora]
|
[haproxy_amphora]
|
||||||
server_ca = /etc/octavia/certs/server_ca.cert.pem
|
server_ca = /etc/octavia/certs/server_ca.cert.pem
|
||||||
client_cert = /etc/octavia/certs/client.cert-and-key.pem
|
client_cert = /etc/octavia/certs/client.cert-and-key.pem
|
||||||
|
bind_port = {{ octavia_amp_listen_port }}
|
||||||
|
|
||||||
[database]
|
[database]
|
||||||
connection = mysql+pymysql://{{ octavia_database_user }}:{{ octavia_database_password }}@{{ octavia_database_address }}/{{ octavia_database_name }}
|
connection = mysql+pymysql://{{ octavia_database_user }}:{{ octavia_database_password }}@{{ octavia_database_address }}/{{ octavia_database_name }}
|
||||||
@ -68,11 +69,29 @@ stats_update_threads = {{ openstack_service_workers }}
|
|||||||
health_update_threads = {{ openstack_service_workers }}
|
health_update_threads = {{ openstack_service_workers }}
|
||||||
|
|
||||||
[controller_worker]
|
[controller_worker]
|
||||||
|
amp_ssh_key_name = {{ octavia_amp_ssh_key_name }}
|
||||||
|
amp_image_tag = {{ octavia_amp_image_tag }}
|
||||||
|
|
||||||
|
{% if not octavia_auto_configure | bool %}
|
||||||
|
{% if octavia_amp_image_owner_id is defined %}
|
||||||
|
amp_image_owner_id = {{ octavia_amp_image_owner_id }}
|
||||||
|
{% endif %}
|
||||||
|
{% if octavia_amp_boot_network_list is defined %}
|
||||||
amp_boot_network_list = {{ octavia_amp_boot_network_list }}
|
amp_boot_network_list = {{ octavia_amp_boot_network_list }}
|
||||||
amp_image_tag = amphora
|
{% endif %}
|
||||||
|
{% if octavia_amp_secgroup_list is defined %}
|
||||||
amp_secgroup_list = {{ octavia_amp_secgroup_list }}
|
amp_secgroup_list = {{ octavia_amp_secgroup_list }}
|
||||||
|
{% endif %}
|
||||||
|
{% if octavia_amp_flavor_id is defined %}
|
||||||
amp_flavor_id = {{ octavia_amp_flavor_id }}
|
amp_flavor_id = {{ octavia_amp_flavor_id }}
|
||||||
amp_ssh_key_name = octavia_ssh_key
|
{% endif %}
|
||||||
|
{% else %}
|
||||||
|
amp_image_owner_id = {{ project_info.openstack_projects.0.id }}
|
||||||
|
amp_boot_network_list = {{ network_info.id }}
|
||||||
|
amp_secgroup_list = {{ (sec_grp_info.results | selectattr('secgroup.name', 'equalto', octavia_amp_security_groups['mgmt-sec-grp'].name) | list).0.secgroup.id }}
|
||||||
|
amp_flavor_id = {{ amphora_flavor_info.flavor.id }}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
client_ca = /etc/octavia/certs/client_ca.cert.pem
|
client_ca = /etc/octavia/certs/client_ca.cert.pem
|
||||||
network_driver = allowed_address_pairs_driver
|
network_driver = allowed_address_pairs_driver
|
||||||
compute_driver = compute_nova_driver
|
compute_driver = compute_nova_driver
|
||||||
|
@ -666,3 +666,83 @@
|
|||||||
# Configure telegraf to use the docker daemon itself as an input for
|
# Configure telegraf to use the docker daemon itself as an input for
|
||||||
# telemetry data.
|
# telemetry data.
|
||||||
#telegraf_enable_docker_input: "no"
|
#telegraf_enable_docker_input: "no"
|
||||||
|
|
||||||
|
##########################################
|
||||||
|
# Octavia - openstack loadbalancer Options
|
||||||
|
##########################################
|
||||||
|
# Whether to run Kolla-Ansible's automatic configuration for Octavia.
|
||||||
|
# NOTE: if you upgrade from Ussuri, you must set `octavia_auto_configure` to `no`
|
||||||
|
# and keep your other Octavia config like before.
|
||||||
|
#octavia_auto_configure: yes
|
||||||
|
|
||||||
|
# Octavia amphora flavor.
|
||||||
|
# See os_nova_flavor for details. Supported parameters:
|
||||||
|
# - flavorid (optional)
|
||||||
|
# - is_public (optional)
|
||||||
|
# - name
|
||||||
|
# - vcpus
|
||||||
|
# - ram
|
||||||
|
# - disk
|
||||||
|
# - ephemeral (optional)
|
||||||
|
# - swap (optional)
|
||||||
|
# - extra_specs (optional)
|
||||||
|
#octavia_amp_flavor:
|
||||||
|
# name: "amphora"
|
||||||
|
# is_public: no
|
||||||
|
# vcpus: 1
|
||||||
|
# ram: 1024
|
||||||
|
# disk: 5
|
||||||
|
|
||||||
|
# Octavia security groups. lb-mgmt-sec-grp is for amphorae.
|
||||||
|
#octavia_amp_security_groups:
|
||||||
|
# mgmt-sec-grp:
|
||||||
|
# name: "lb-mgmt-sec-grp"
|
||||||
|
# rules:
|
||||||
|
# - protocol: icmp
|
||||||
|
# - protocol: tcp
|
||||||
|
# src_port: 22
|
||||||
|
# dst_port: 22
|
||||||
|
# - protocol: tcp
|
||||||
|
# src_port: "{{ octavia_amp_listen_port }}"
|
||||||
|
# dst_port: "{{ octavia_amp_listen_port }}"
|
||||||
|
|
||||||
|
# Octavia management network.
|
||||||
|
# See os_network and os_subnet for details. Supported parameters:
|
||||||
|
# - external (optional)
|
||||||
|
# - mtu (optional)
|
||||||
|
# - name
|
||||||
|
# - provider_network_type (optional)
|
||||||
|
# - provider_physical_network (optional)
|
||||||
|
# - provider_segmentation_id (optional)
|
||||||
|
# - shared (optional)
|
||||||
|
# - subnet
|
||||||
|
# The subnet parameter has the following supported parameters:
|
||||||
|
# - allocation_pool_start (optional)
|
||||||
|
# - allocation_pool_start (optional)
|
||||||
|
# - cidr
|
||||||
|
# - enable_dhcp (optional)
|
||||||
|
# - gateway_ip (optional)
|
||||||
|
# - name
|
||||||
|
# - no_gateway_ip (optional)
|
||||||
|
#octavia_amp_network:
|
||||||
|
# name: lb-mgmt-net
|
||||||
|
# shared: false
|
||||||
|
# subnet:
|
||||||
|
# name: lb-mgmt-subnet
|
||||||
|
# cidr: "{{ octavia_amp_network_cidr }}"
|
||||||
|
# no_gateway_ip: yes
|
||||||
|
# enable_dhcp: yes
|
||||||
|
|
||||||
|
# Octavia management network subnet CIDR.
|
||||||
|
#octavia_amp_network_cidr: 10.0.0.0/24
|
||||||
|
|
||||||
|
#octavia_amp_image_tag: "amphora"
|
||||||
|
|
||||||
|
# Load balancer topology options are [ SINGLE, ACTIVE_STANDBY ]
|
||||||
|
#octavia_loadbalancer_topology: "SINGLE"
|
||||||
|
|
||||||
|
# The following variables are ignored as along as `octavia_auto_configure` is set to `yes`.
|
||||||
|
#octavia_amp_image_owner_id:
|
||||||
|
#octavia_amp_boot_network_list:
|
||||||
|
#octavia_amp_secgroup_list:
|
||||||
|
#octavia_amp_flavor_id:
|
||||||
|
@ -209,6 +209,10 @@ bifrost_ssh_key:
|
|||||||
private_key:
|
private_key:
|
||||||
public_key:
|
public_key:
|
||||||
|
|
||||||
|
octavia_amp_ssh_key:
|
||||||
|
private_key:
|
||||||
|
public_key:
|
||||||
|
|
||||||
####################
|
####################
|
||||||
# Gnocchi options
|
# Gnocchi options
|
||||||
####################
|
####################
|
||||||
|
@ -117,7 +117,7 @@ def main():
|
|||||||
|
|
||||||
# SSH key pair
|
# SSH key pair
|
||||||
ssh_keys = ['kolla_ssh_key', 'nova_ssh_key',
|
ssh_keys = ['kolla_ssh_key', 'nova_ssh_key',
|
||||||
'keystone_ssh_key', 'bifrost_ssh_key']
|
'keystone_ssh_key', 'bifrost_ssh_key', 'octavia_amp_ssh_key']
|
||||||
|
|
||||||
# If these keys are None, leave them as None
|
# If these keys are None, leave them as None
|
||||||
blank_keys = ['docker_registry_password']
|
blank_keys = ['docker_registry_password']
|
||||||
|
Loading…
Reference in New Issue
Block a user