Add support for IPv6 lb management network
Downstream Wallaby backport candidate. This will use the existing lb_mgmt_subnet_cidr setting to decide whether IPv6 is used and configure the deployment accordingly. Change-Id: I735a905fa42a354cb2547e4fc96c396af914a529
This commit is contained in:
parent
7898061a31
commit
f4ed39060e
|
@ -0,0 +1,5 @@
|
||||||
|
---
|
||||||
|
features:
|
||||||
|
- |
|
||||||
|
Added support for load balancer management network with IPv6 subnet for
|
||||||
|
Octavia. Using a private IPv6 subnet may simplify edge deployments.
|
|
@ -59,9 +59,9 @@
|
||||||
set_fact:
|
set_fact:
|
||||||
mgmt_subnet_cidr: "{{ out_mgmt_subnet_cidr.stdout }}"
|
mgmt_subnet_cidr: "{{ out_mgmt_subnet_cidr.stdout }}"
|
||||||
|
|
||||||
- name: setting fact for management network netmask
|
- name: setting fact for management network prefix
|
||||||
set_fact:
|
set_fact:
|
||||||
mgmt_port_netmask: "{{ mgmt_subnet_cidr | ansible.netcommon.ipaddr('netmask') }}"
|
mgmt_port_prefix: "{{ mgmt_subnet_cidr | ansible.netcommon.ipaddr('prefix') }}"
|
||||||
|
|
||||||
- name: get MTU for management port
|
- name: get MTU for management port
|
||||||
shell: |
|
shell: |
|
||||||
|
|
|
@ -6,7 +6,10 @@ BOOTPROTO=static
|
||||||
IPV6_AUTOCONF=no
|
IPV6_AUTOCONF=no
|
||||||
DEVICE={{ mgmt_port_dev }}
|
DEVICE={{ mgmt_port_dev }}
|
||||||
IPADDR={{ mgmt_port_ip }}
|
IPADDR={{ mgmt_port_ip }}
|
||||||
NETMASK={{ mgmt_port_netmask }}
|
PREFIX={{ mgmt_port_prefix }}
|
||||||
|
{% if lb_mgmt_net_ip_version == 6 -%}
|
||||||
|
IPV6INIT=yes
|
||||||
|
{% endif -%}
|
||||||
NM_CONTROLLED=no
|
NM_CONTROLLED=no
|
||||||
MACADDR={{ mgmt_port_mac }}
|
MACADDR={{ mgmt_port_mac }}
|
||||||
MTU={{ mgmt_port_mtu }}
|
MTU={{ mgmt_port_mtu }}
|
||||||
|
|
|
@ -0,0 +1,17 @@
|
||||||
|
---
|
||||||
|
# Copyright Red Hat
|
||||||
|
# All Rights Reserved.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
# not use this file except in compliance with the License. You may obtain
|
||||||
|
# a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
# License for the specific language governing permissions and limitations
|
||||||
|
# under the License.
|
||||||
|
|
||||||
|
lb_mgmt_net_ip_version: "{{ 6 if lb_mgmt_subnet_cidr | ansible.netcommon.ipv6 else 4 }}"
|
|
@ -29,6 +29,26 @@
|
||||||
else
|
else
|
||||||
openstack subnet set --gateway none {{ lb_mgmt_subnet_name }}
|
openstack subnet set --gateway none {{ lb_mgmt_subnet_name }}
|
||||||
fi
|
fi
|
||||||
|
when: lb_mgmt_net_ip_version == "4"
|
||||||
|
register: lb_mgmt_subnet_result
|
||||||
|
changed_when: (lb_mgmt_subnet_result.stdout | length) > 0
|
||||||
|
|
||||||
|
- name: create IPv6 subnet and router for SLAAC
|
||||||
|
shell: |
|
||||||
|
set -o pipefail
|
||||||
|
if [[ $(openstack subnet show {{ lb_mgmt_subnet_name }} > /dev/null; echo $?) -eq 1 ]]; then
|
||||||
|
openstack subnet create {{ lb_mgmt_subnet_name }} \
|
||||||
|
--allocation-pool=start={{ lb_mgmt_subnet_pool_start }},end={{ lb_mgmt_subnet_pool_end }} \
|
||||||
|
--ip-version 6 --ipv6-address-mode slaac --ipv6-ra-mode slaac \
|
||||||
|
--network {{ lb_mgmt_net_id }} \
|
||||||
|
--subnet-range {{ lb_mgmt_subnet_cidr }}
|
||||||
|
# SLAAC needs a router on the subnet to advertise the prefix.
|
||||||
|
openstack router create lb-mgmt-router
|
||||||
|
openstack router add subnet lb-mgmt-router lb-mgmt-subnet
|
||||||
|
else
|
||||||
|
openstack subnet set {{ lb_mgmt_subnet_name }}
|
||||||
|
fi
|
||||||
|
when: lb_mgmt_net_ip_version == "6"
|
||||||
register: lb_mgmt_subnet_result
|
register: lb_mgmt_subnet_result
|
||||||
changed_when: (lb_mgmt_subnet_result.stdout | length) > 0
|
changed_when: (lb_mgmt_subnet_result.stdout | length) > 0
|
||||||
|
|
||||||
|
@ -51,9 +71,10 @@
|
||||||
shell: |-
|
shell: |-
|
||||||
set -o pipefail
|
set -o pipefail
|
||||||
SECGROUP="$(openstack security group rule list {{ lb_mgmt_sec_grp_name }} --protocol tcp \
|
SECGROUP="$(openstack security group rule list {{ lb_mgmt_sec_grp_name }} --protocol tcp \
|
||||||
--ingress -f value 2>&1 | grep "0.0.0.0/0 22:22")"
|
--ingress -f value 2>&1 | grep "{{ ip_all_range }} 22:22")"
|
||||||
if [[ -z "${SECGROUP}" ]]; then
|
if [[ -z "${SECGROUP}" ]]; then
|
||||||
openstack security group rule create --protocol tcp --dst-port 22 {{ lb_mgmt_sec_grp_name }}
|
openstack security group rule create --protocol tcp --dst-port 22 \
|
||||||
|
--ethertype IPv{{ lb_mgmt_net_ip_version }} {{ lb_mgmt_sec_grp_name }}
|
||||||
fi
|
fi
|
||||||
register: sec_group_rule_one
|
register: sec_group_rule_one
|
||||||
changed_when: (sec_group_rule_one.stdout | length) > 0
|
changed_when: (sec_group_rule_one.stdout | length) > 0
|
||||||
|
@ -66,9 +87,10 @@
|
||||||
shell: |-
|
shell: |-
|
||||||
set -o pipefail
|
set -o pipefail
|
||||||
SECGROUP="$(openstack security group rule list {{ lb_mgmt_sec_grp_name }} --protocol tcp \
|
SECGROUP="$(openstack security group rule list {{ lb_mgmt_sec_grp_name }} --protocol tcp \
|
||||||
--ingress -f value 2>&1 | grep "0.0.0.0/0 9443:9443")"
|
--ingress -f value 2>&1 | grep "{{ ip_all_range }} 9443:9443")"
|
||||||
if [[ -z "${SECGROUP}" ]]; then
|
if [[ -z "${SECGROUP}" ]]; then
|
||||||
openstack security group rule create --protocol tcp --dst-port 9443 {{ lb_mgmt_sec_grp_name }}
|
openstack security group rule create --protocol tcp --dst-port 9443 \
|
||||||
|
--ethertype IPv{{ lb_mgmt_net_ip_version }} {{ lb_mgmt_sec_grp_name }}
|
||||||
fi
|
fi
|
||||||
register: sec_group_rule_two
|
register: sec_group_rule_two
|
||||||
changed_when: (sec_group_rule_two.stdout | length) > 0
|
changed_when: (sec_group_rule_two.stdout | length) > 0
|
||||||
|
@ -93,9 +115,10 @@
|
||||||
set -o pipefail
|
set -o pipefail
|
||||||
SECGROUP="$(openstack security group rule list {{ lb_health_mgr_sec_grp_name }} \
|
SECGROUP="$(openstack security group rule list {{ lb_health_mgr_sec_grp_name }} \
|
||||||
--protocol udp \
|
--protocol udp \
|
||||||
--ingress -f value 2>&1 | grep "0.0.0.0/0 5555:5555")"
|
--ingress -f value 2>&1 | grep "{{ ip_all_range }} 5555:5555")"
|
||||||
if [[ -z "${SECGROUP}" ]]; then
|
if [[ -z "${SECGROUP}" ]]; then
|
||||||
openstack security group rule create --protocol udp --dst-port 5555 {{ lb_health_mgr_sec_grp_name }}
|
openstack security group rule create --protocol udp --dst-port 5555 \
|
||||||
|
--ethertype IPv{{ lb_mgmt_net_ip_version }} {{ lb_health_mgr_sec_grp_name }}
|
||||||
fi
|
fi
|
||||||
register: health_mgr_sec_grp_rule
|
register: health_mgr_sec_grp_rule
|
||||||
changed_when: (health_mgr_sec_grp_rule.stdout | length) > 0
|
changed_when: (health_mgr_sec_grp_rule.stdout | length) > 0
|
||||||
|
@ -110,7 +133,8 @@
|
||||||
protocol: "{{ log_offload_protocol }}"
|
protocol: "{{ log_offload_protocol }}"
|
||||||
port_range_min: 514
|
port_range_min: 514
|
||||||
port_range_max: 514
|
port_range_max: 514
|
||||||
remote_ip_prefix: 0.0.0.0/0
|
remote_ip_prefix: "{{ ip_all_range }}"
|
||||||
|
ethertype: "IPv{{ lb_mgmt_net_ip_version }}"
|
||||||
environment:
|
environment:
|
||||||
OS_USERNAME: "{{ auth_username }}"
|
OS_USERNAME: "{{ auth_username }}"
|
||||||
OS_PASSWORD: "{{ auth_password }}"
|
OS_PASSWORD: "{{ auth_password }}"
|
||||||
|
|
|
@ -0,0 +1,18 @@
|
||||||
|
---
|
||||||
|
# Copyright Red Hat
|
||||||
|
# All Rights Reserved.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
# not use this file except in compliance with the License. You may obtain
|
||||||
|
# a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
# License for the specific language governing permissions and limitations
|
||||||
|
# under the License.
|
||||||
|
|
||||||
|
lb_mgmt_net_ip_version: "{{ 6 if lb_mgmt_subnet_cidr | ansible.netcommon.ipv6 else 4 }}"
|
||||||
|
ip_all_range: "{{ '::/0' if lb_mgmt_net_ip_version == '6' else '0.0.0.0/0' }}"
|
Loading…
Reference in New Issue