Add support for IPv6 lb management network
Downstream Wallaby backport candidate. This will use the existing lb_mgmt_subnet_cidr setting to decide whether IPv6 is used and configure the deployment accordingly. Change-Id: I735a905fa42a354cb2547e4fc96c396af914a529
This commit is contained in:
parent
7898061a31
commit
f4ed39060e
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
features:
|
||||
- |
|
||||
Added support for load balancer management network with IPv6 subnet for
|
||||
Octavia. Using a private IPv6 subnet may simplify edge deployments.
|
|
@ -59,9 +59,9 @@
|
|||
set_fact:
|
||||
mgmt_subnet_cidr: "{{ out_mgmt_subnet_cidr.stdout }}"
|
||||
|
||||
- name: setting fact for management network netmask
|
||||
- name: setting fact for management network prefix
|
||||
set_fact:
|
||||
mgmt_port_netmask: "{{ mgmt_subnet_cidr | ansible.netcommon.ipaddr('netmask') }}"
|
||||
mgmt_port_prefix: "{{ mgmt_subnet_cidr | ansible.netcommon.ipaddr('prefix') }}"
|
||||
|
||||
- name: get MTU for management port
|
||||
shell: |
|
||||
|
|
|
@ -6,7 +6,10 @@ BOOTPROTO=static
|
|||
IPV6_AUTOCONF=no
|
||||
DEVICE={{ mgmt_port_dev }}
|
||||
IPADDR={{ mgmt_port_ip }}
|
||||
NETMASK={{ mgmt_port_netmask }}
|
||||
PREFIX={{ mgmt_port_prefix }}
|
||||
{% if lb_mgmt_net_ip_version == 6 -%}
|
||||
IPV6INIT=yes
|
||||
{% endif -%}
|
||||
NM_CONTROLLED=no
|
||||
MACADDR={{ mgmt_port_mac }}
|
||||
MTU={{ mgmt_port_mtu }}
|
||||
|
|
|
@ -0,0 +1,17 @@
|
|||
---
|
||||
# Copyright Red Hat
|
||||
# All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
lb_mgmt_net_ip_version: "{{ 6 if lb_mgmt_subnet_cidr | ansible.netcommon.ipv6 else 4 }}"
|
|
@ -29,6 +29,26 @@
|
|||
else
|
||||
openstack subnet set --gateway none {{ lb_mgmt_subnet_name }}
|
||||
fi
|
||||
when: lb_mgmt_net_ip_version == "4"
|
||||
register: lb_mgmt_subnet_result
|
||||
changed_when: (lb_mgmt_subnet_result.stdout | length) > 0
|
||||
|
||||
- name: create IPv6 subnet and router for SLAAC
|
||||
shell: |
|
||||
set -o pipefail
|
||||
if [[ $(openstack subnet show {{ lb_mgmt_subnet_name }} > /dev/null; echo $?) -eq 1 ]]; then
|
||||
openstack subnet create {{ lb_mgmt_subnet_name }} \
|
||||
--allocation-pool=start={{ lb_mgmt_subnet_pool_start }},end={{ lb_mgmt_subnet_pool_end }} \
|
||||
--ip-version 6 --ipv6-address-mode slaac --ipv6-ra-mode slaac \
|
||||
--network {{ lb_mgmt_net_id }} \
|
||||
--subnet-range {{ lb_mgmt_subnet_cidr }}
|
||||
# SLAAC needs a router on the subnet to advertise the prefix.
|
||||
openstack router create lb-mgmt-router
|
||||
openstack router add subnet lb-mgmt-router lb-mgmt-subnet
|
||||
else
|
||||
openstack subnet set {{ lb_mgmt_subnet_name }}
|
||||
fi
|
||||
when: lb_mgmt_net_ip_version == "6"
|
||||
register: lb_mgmt_subnet_result
|
||||
changed_when: (lb_mgmt_subnet_result.stdout | length) > 0
|
||||
|
||||
|
@ -51,9 +71,10 @@
|
|||
shell: |-
|
||||
set -o pipefail
|
||||
SECGROUP="$(openstack security group rule list {{ lb_mgmt_sec_grp_name }} --protocol tcp \
|
||||
--ingress -f value 2>&1 | grep "0.0.0.0/0 22:22")"
|
||||
--ingress -f value 2>&1 | grep "{{ ip_all_range }} 22:22")"
|
||||
if [[ -z "${SECGROUP}" ]]; then
|
||||
openstack security group rule create --protocol tcp --dst-port 22 {{ lb_mgmt_sec_grp_name }}
|
||||
openstack security group rule create --protocol tcp --dst-port 22 \
|
||||
--ethertype IPv{{ lb_mgmt_net_ip_version }} {{ lb_mgmt_sec_grp_name }}
|
||||
fi
|
||||
register: sec_group_rule_one
|
||||
changed_when: (sec_group_rule_one.stdout | length) > 0
|
||||
|
@ -66,9 +87,10 @@
|
|||
shell: |-
|
||||
set -o pipefail
|
||||
SECGROUP="$(openstack security group rule list {{ lb_mgmt_sec_grp_name }} --protocol tcp \
|
||||
--ingress -f value 2>&1 | grep "0.0.0.0/0 9443:9443")"
|
||||
--ingress -f value 2>&1 | grep "{{ ip_all_range }} 9443:9443")"
|
||||
if [[ -z "${SECGROUP}" ]]; then
|
||||
openstack security group rule create --protocol tcp --dst-port 9443 {{ lb_mgmt_sec_grp_name }}
|
||||
openstack security group rule create --protocol tcp --dst-port 9443 \
|
||||
--ethertype IPv{{ lb_mgmt_net_ip_version }} {{ lb_mgmt_sec_grp_name }}
|
||||
fi
|
||||
register: sec_group_rule_two
|
||||
changed_when: (sec_group_rule_two.stdout | length) > 0
|
||||
|
@ -93,9 +115,10 @@
|
|||
set -o pipefail
|
||||
SECGROUP="$(openstack security group rule list {{ lb_health_mgr_sec_grp_name }} \
|
||||
--protocol udp \
|
||||
--ingress -f value 2>&1 | grep "0.0.0.0/0 5555:5555")"
|
||||
--ingress -f value 2>&1 | grep "{{ ip_all_range }} 5555:5555")"
|
||||
if [[ -z "${SECGROUP}" ]]; then
|
||||
openstack security group rule create --protocol udp --dst-port 5555 {{ lb_health_mgr_sec_grp_name }}
|
||||
openstack security group rule create --protocol udp --dst-port 5555 \
|
||||
--ethertype IPv{{ lb_mgmt_net_ip_version }} {{ lb_health_mgr_sec_grp_name }}
|
||||
fi
|
||||
register: health_mgr_sec_grp_rule
|
||||
changed_when: (health_mgr_sec_grp_rule.stdout | length) > 0
|
||||
|
@ -110,7 +133,8 @@
|
|||
protocol: "{{ log_offload_protocol }}"
|
||||
port_range_min: 514
|
||||
port_range_max: 514
|
||||
remote_ip_prefix: 0.0.0.0/0
|
||||
remote_ip_prefix: "{{ ip_all_range }}"
|
||||
ethertype: "IPv{{ lb_mgmt_net_ip_version }}"
|
||||
environment:
|
||||
OS_USERNAME: "{{ auth_username }}"
|
||||
OS_PASSWORD: "{{ auth_password }}"
|
||||
|
|
|
@ -0,0 +1,18 @@
|
|||
---
|
||||
# Copyright Red Hat
|
||||
# All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
lb_mgmt_net_ip_version: "{{ 6 if lb_mgmt_subnet_cidr | ansible.netcommon.ipv6 else 4 }}"
|
||||
ip_all_range: "{{ '::/0' if lb_mgmt_net_ip_version == '6' else '0.0.0.0/0' }}"
|
Loading…
Reference in New Issue