Merge "Minimal(ist) network config for nspawn gating"

2018-09-21 04:23:27 +00:00 · 2018-09-21 04:23:27 +00:00 · df705581f7
commit df705581f7
parent 4cd96e3318 4a07e2612e
9 changed files with 159 additions and 5 deletions
--- a/etc/openstack_deploy/conf.d/swift.yml.aio
+++ b/etc/openstack_deploy/conf.d/swift.yml.aio
@ -2,8 +2,8 @@
 global_overrides:
  swift:
    part_power: 8
-    storage_network: 'br-storage'
-    replication_network: 'br-storage'
+    storage_network: "{{ (container_tech != 'nspawn') | ternary('br-storage', ansible_default_ipv4['alias']) }}"
+    replication_network: "{{ (container_tech != 'nspawn') | ternary('br-storage', ansible_default_ipv4['alias']) }}"
    drives:
      - name: swift1.img
      - name: swift2.img
--- a/etc/openstack_deploy/openstack_user_config.yml.aio-nspawn.j2
+++ b/etc/openstack_deploy/openstack_user_config.yml.aio-nspawn.j2
@ -0,0 +1,137 @@
+---
+cidr_networks:
+  container: "172.29.236.0/22"
+  flat: 172.29.240.0/22
+  storage: "172.29.244.0/22"
+  vxlan: "172.29.248.0/22"
+
+
+used_ips:
+  - 172.29.236.100,172.29.236.200
+  - 172.29.240.110,172.29.240.200
+  - 172.29.241.0,172.29.241.254
+  - 172.29.242.100,172.29.242.200
+  - 172.29.244.100,172.29.244.200
+  - 172.29.248.100,172.29.248.200
+
+
+global_overrides:
+  internal_lb_vip_address: 172.29.236.100
+  external_lb_vip_address: "{{ bootstrap_host_public_address | default(ansible_default_ipv4['address']) }}"
+  tunnel_bridge: "mv-vxlan"
+  management_bridge: "mv-{{ ansible_default_ipv4['alias'] }}"
+  provider_networks:
+    - network:
+        container_bridge: "{{ ansible_default_ipv4['alias'] }}"
+        container_interface: "mv-container"
+        ip_from_q: "container"
+        type: "raw"
+        is_container_address: true
+        group_binds:
+          - all_containers
+          - hosts
+    - network:
+        container_bridge: "{{ ansible_default_ipv4['alias'] }}"
+        container_interface: "mv-flat"
+        ip_from_q: "flat"
+        type: "flat"
+        net_name: "flat"
+        group_binds:
+          - neutron_linuxbridge_agent
+          - octavia-worker
+          - octavia-housekeeping
+          - octavia-health-manager
+          - rabbitmq
+          - utility_all
+    - network:
+        container_bridge: "{{ ansible_default_ipv4['alias'] }}"
+        container_interface: "mv-storage"
+        ip_from_q: "storage"
+        type: "raw"
+        is_container_address: true
+        group_binds:
+          - glance_api
+          - cinder_api
+          - cinder_volume
+          - nova_compute
+          - swift_proxy
+    - network:
+        container_bridge: "{{ ansible_default_ipv4['alias'] }}"
+        container_interface: "mv-vxlan"
+        ip_from_q: "vxlan"
+        type: "vxlan"
+        net_name: "vxlan"
+        range: "1:1000"
+        group_binds:
+          - neutron_linuxbridge_agent
+
+
+###
+### Anchors
+###
+# NOTE(cloudull): This section and is only present as a way to show how blocks
+#                 can be used to to simplify config when hosts serve multiple
+#                 roles. In this case the AIO block is defined once and used
+#                 for all other components without needing to duplicate config.
+aio_block: &aio_info_block
+  aio1:
+    ip: 172.29.236.100
+    host_vars:
+      # NOTE(cloudnull): local connection is used in the gate because of the
+      #                  current gate scripts are structured. Once inline fact
+      #                  gathering is moved/removed this option can be removed.
+      ansible_connection: local
+      #
+      # NOTE(cloudnull): Currently set to false to speed up the test, set this
+      #                  true at a later date, when confidence is higher.
+      apply_security_hardening: false
+      #
+      # NOTE(cloudull): This is an example of an extra network that will be
+      #                 created on the host. This is used to setup a local host
+      #                 for testing with tempest and not something that is used
+      #                 in production.
+      #
+      #                 + The flat network configuration option provided here
+      #                   was created so a user can interact with a local flat
+      #                   network without any manual intervention. In a
+      #                   poduction setup with VLAN tagged interfaces or
+      #                   multiple nics this would not be required.
+      #
+      #                 + The "vxlan" network configuration option is provided
+      #                   so test instances can be built using l3 networks. In a
+      #                   normal production environment this would not be needed
+      #                   as a physical device (or vlan tagged interface) would
+      #                   be used and should already have an IP address assigned
+      #                   to it.
+      container_extra_networks:
+        flat_network:
+          bridge: "{{ ansible_default_ipv4['alias'] }}"
+          interface: mv-flat
+          address: 172.29.240.100
+          netmask: 255.255.252.0
+        storage_network:
+          bridge: "{{ ansible_default_ipv4['alias'] }}"
+          interface: mv-storage
+          address: 172.29.244.100
+          netmask: 255.255.252.0
+        vxlan_network:
+          bridge: "{{ ansible_default_ipv4['alias'] }}"
+          interface: mv-vxlan
+          address: 172.29.248.100
+          netmask: 255.255.252.0
+    container_vars:
+      # Optional | container_tech for a target host, default is "lxc".
+      container_tech: "nspawn"
+
+
+###
+### Infrastructure
+###
+# galera, memcache, rabbitmq, utility
+shared-infra_hosts: *aio_info_block
+
+# repository (apt cache, python packages, etc)
+repo-infra_hosts: *aio_info_block
+
+# rsyslog server
+log_hosts: *aio_info_block
--- a/osa_toolkit/generate.py
+++ b/osa_toolkit/generate.py
@ -616,7 +616,7 @@ def _add_additional_networks(key, inventory, ip_q, q_name, netmask, interface,
            is_metal = properties.get('is_metal', False)

        _network = network_entry(
-            is_metal,
+            is_metal and (container.get('container_tech') != 'nspawn'),
            interface,
            bridge,
            net_type,
--- a/tests/bootstrap-aio.yml
+++ b/tests/bootstrap-aio.yml
@ -81,6 +81,8 @@
          - ansible_eth12['active'] == true
          - ansible_eth13['active'] == true
          - ansible_eth14['active'] == true
+      when:
+        - (container_tech | default('unknown')) != 'nspawn'
  vars_files:
    - "{{ playbook_dir }}/../playbooks/defaults/repo_packages/openstack_services.yml"
    - vars/bootstrap-aio-vars.yml
--- a/tests/roles/bootstrap-host/tasks/main.yml
+++ b/tests/roles/bootstrap-host/tasks/main.yml
@ -131,6 +131,8 @@

 # Prepare the network interfaces
 - include: prepare_networking.yml
+  when:
+    - container_tech != 'nspawn'
  tags:
    - prepare-networking

--- a/tests/roles/bootstrap-host/tasks/prepare_aio_config.yml
+++ b/tests/roles/bootstrap-host/tasks/prepare_aio_config.yml
@ -34,7 +34,7 @@

 - name: Deploy openstack_user_config
  config_template:
-    src: "{{ bootstrap_host_aio_config_path }}/openstack_user_config.yml.aio.j2"
+    src: "{{ bootstrap_host_aio_config_path }}/openstack_user_config.yml.{{ (container_tech == 'nspawn') | ternary('aio-nspawn', 'aio') }}.j2"
    dest: "/etc/openstack_deploy/openstack_user_config.yml"
    config_overrides: "{{ openstack_user_config_overrides | default({}) }}"
    config_type: "yaml"
--- a/tests/roles/bootstrap-host/templates/user_variables.aio.yml.j2
+++ b/tests/roles/bootstrap-host/templates/user_variables.aio.yml.j2
@ -19,9 +19,15 @@ debug: True
 ## Installation method for OpenStack services
 install_method: "{{ lookup('env','INSTALL_METHOD') | default('source', true) }}"

+## Tempest settings
+{% if container_tech == 'nspawn' %}
+tempest_public_subnet_cidr: "172.29.236.0/22"
+tempest_public_subnet_allocation_pools: "172.29.239.110-172.29.239.200"
+{% else %}
 ## Tempest settings
 tempest_public_subnet_cidr: 172.29.248.0/22
 tempest_public_subnet_allocation_pools: "172.29.249.110-172.29.249.200"
+{% endif %}

 ## Galera settings
 galera_monitoring_allowed_source: "0.0.0.0/0"
--- a/tests/roles/bootstrap-host/templates/user_variables_octavia.yml.j2
+++ b/tests/roles/bootstrap-host/templates/user_variables_octavia.yml.j2
@ -19,7 +19,7 @@ neutron_lbaas_octavia: True
 octavia_amp_image_file_name: {{ bootstrap_host_octavia_tmp }}/amphora-x64-haproxy.qcow2
 octavia_amp_image_upload_enabled: True
 octavia_glance_image_tag:
-octavia_management_net_subnet_cidr: 172.29.252.0/22
+octavia_management_net_subnet_cidr: "{{ (container_tech == 'nspawn') | ternary('172.29.240.0/22', '172.29.252.0/22') }}"

 # make glance only use file
 glance_default_store: file
--- a/tests/roles/bootstrap-host/templates/user_variables_translations.yml.j2
+++ b/tests/roles/bootstrap-host/templates/user_variables_translations.yml.j2
@ -17,6 +17,13 @@
 trove_provider_net_name: flat-db
 trove_service_net_phys_net: flat-db
 trove_service_net_setup: True
+
+{% if container_tech == 'nspawn' %}
+trove_service_net_subnet_cidr: "172.29.236.0/22"
+trove_service_net_allocation_pool_start: "172.29.237.110"
+trove_service_net_allocation_pool_end: "172.29.237.200"
+{% else %}
 trove_service_net_subnet_cidr: "172.29.232.0/22"
 trove_service_net_allocation_pool_start: "172.29.233.110"
 trove_service_net_allocation_pool_end: "172.29.233.200"
+{% endif %}