Merge "Run Octavia configuration on the overcloud"
This commit is contained in:
commit
2ebc2ee3af
|
@ -66,7 +66,10 @@ outputs:
|
|||
config_volume: octavia
|
||||
puppet_tags: octavia_config
|
||||
step_config:
|
||||
get_attr: [OctaviaWorkerPuppetBase, role_data, step_config]
|
||||
list_join:
|
||||
- "\n"
|
||||
- - "['nova_flavor'].each |String $val| { noop_resource($val) }"
|
||||
- {get_attr: [OctaviaWorkerPuppetBase, role_data, step_config]}
|
||||
config_image: {get_param: DockerOctaviaConfigImage}
|
||||
kolla_config:
|
||||
/var/lib/kolla/config_files/octavia_worker.json:
|
||||
|
@ -108,6 +111,15 @@ outputs:
|
|||
- /var/log/containers/octavia:/var/log/octavia
|
||||
environment:
|
||||
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
|
||||
docker_puppet_tasks:
|
||||
step_5:
|
||||
config_volume: octavia
|
||||
puppet_tags: nova_flavor
|
||||
step_config:
|
||||
get_attr: [OctaviaWorkerPuppetBase, role_data, step_config]
|
||||
config_image: {get_param: DockerOctaviaConfigImage}
|
||||
volumes:
|
||||
- /var/lib/config-data/puppet-generated/nova/etc/nova:/etc/nova:ro
|
||||
host_prep_tasks:
|
||||
- name: create persistent logs directory
|
||||
file:
|
||||
|
@ -120,6 +132,13 @@ outputs:
|
|||
Log files from octavia containers can be found under
|
||||
/var/log/containers/octavia and /var/log/containers/httpd/octavia-api.
|
||||
ignore_errors: true
|
||||
- name: Ensure packages required for configuring octavia are present
|
||||
yum: name={{item}} state=present
|
||||
tags: step4
|
||||
with_items:
|
||||
- python2-neutronclient
|
||||
- python2-openstackclient
|
||||
- openssl
|
||||
upgrade_tasks:
|
||||
- name: Stop and disable octavia_worker service
|
||||
when: step|int == 2
|
||||
|
|
|
@ -0,0 +1,155 @@
|
|||
heat_template_version: pike
|
||||
|
||||
description: >
|
||||
Configuration of Octavia as-a-service resources in the overcloud.
|
||||
|
||||
parameters:
|
||||
ServiceData:
|
||||
default: {}
|
||||
description: Dictionary packing service data
|
||||
type: json
|
||||
ServiceNetMap:
|
||||
default: {}
|
||||
description: Mapping of service_name -> network name. Typically set
|
||||
via parameter_defaults in the resource registry. This
|
||||
mapping overrides those in ServiceNetMapDefaults.
|
||||
type: json
|
||||
DefaultPasswords:
|
||||
default: {}
|
||||
type: json
|
||||
RoleName:
|
||||
default: ''
|
||||
description: Role name on which the service is applied
|
||||
type: string
|
||||
RoleParameters:
|
||||
default: {}
|
||||
description: Parameters specific to the role
|
||||
type: json
|
||||
EndpointMap:
|
||||
default: {}
|
||||
description: Mapping of service endpoint -> protocol. Typically set
|
||||
via parameter_defaults in the resource registry.
|
||||
type: json
|
||||
OctaviaPostWorkflowName:
|
||||
description: Mistral workflow name for octavia configuration steps
|
||||
once the overcloud is ready.
|
||||
type: string
|
||||
default: 'tripleo.octavia_post.v1.octavia_post_deploy'
|
||||
OctaviaAmphoraImageName:
|
||||
description: The glance image name used when spawning amphorae
|
||||
type: string
|
||||
default: 'octavia-amphora'
|
||||
OctaviaAmphoraImageFilename:
|
||||
description: Filename for the amphora image
|
||||
type: string
|
||||
default: '/usr/share/openstack-octavia-amphora-images/amphora-x64-haproxy.qcow2'
|
||||
OctaviaAmphoraImageTag:
|
||||
default: 'amphora-image'
|
||||
description: Glance image tag for identifying the amphora image.
|
||||
type: string
|
||||
OctaviaControlNetwork:
|
||||
description: The name for the neutron network used for the amphora
|
||||
control network
|
||||
type: string
|
||||
default: 'lb-mgmt-net'
|
||||
OctaviaControlSubnet:
|
||||
description: The name for the neutron subnet used for the amphora
|
||||
control network
|
||||
type: string
|
||||
default: 'lb-mgmt-subnet'
|
||||
OctaviaControlSecurityGroup:
|
||||
description: The name for the neutron security group used to
|
||||
control access on the amphora control network
|
||||
type: string
|
||||
default: 'lb-mgmt-sec-group'
|
||||
OctaviaControlSubnetCidr:
|
||||
description: Subnet for amphora control subnet in CIDR form.
|
||||
type: string
|
||||
default: '192.168.199.0/24'
|
||||
OctaviaControlSubnetGateway:
|
||||
description: IP address for control network gateway
|
||||
type: string
|
||||
default: '192.168.199.1'
|
||||
OctaviaControlSubnetPoolStart:
|
||||
description: First address in amphora control subnet address
|
||||
pool.
|
||||
type: string
|
||||
default: '192.168.199.50'
|
||||
OctaviaControlSubnetPoolEnd:
|
||||
description: First address in amphora control subnet address
|
||||
pool.
|
||||
type: string
|
||||
default: '192.168.199.200'
|
||||
OctaviaCaCertFile:
|
||||
type: string
|
||||
default: '/etc/octavia/certs/ca_01.pem'
|
||||
description: Octavia CA certificate file path.
|
||||
OctaviaCaKeyFile:
|
||||
type: string
|
||||
default: '/etc/octavia/certs/private/cakey.pem'
|
||||
description: Octavia CA private key file path.
|
||||
OctaviaCaKeyPassphrase:
|
||||
description: CA private key passphrase.
|
||||
type: string
|
||||
hidden: true
|
||||
OctaviaClientCertFile:
|
||||
default: '/etc/octavia/certs/client.pem'
|
||||
description: client certificate for amphoras
|
||||
type: string
|
||||
OctaviaGenerateCerts:
|
||||
type: boolean
|
||||
default: false
|
||||
description: Enable internal generation of certificates for secure
|
||||
communication with amphorae for isolated private clouds or
|
||||
systems where security is not a concern. Otherwise, use
|
||||
OctaviaCaCert, OctaviaCaKey, OctaviaCaKeyPassphrase and
|
||||
OctaviaClientCert to configure Octavia.
|
||||
OctaviaMgmtPortDevName:
|
||||
type: string
|
||||
default: "o-hm0"
|
||||
description: Name of the octavia management network interface using
|
||||
for communication between octavia worker/health-manager
|
||||
with the amphora machine.
|
||||
AdminPassword:
|
||||
description: The password for the keystone admin account, used for monitoring, querying neutron etc.
|
||||
type: string
|
||||
hidden: true
|
||||
|
||||
outputs:
|
||||
role_data:
|
||||
description: Role data for the Octavia configuration service
|
||||
value:
|
||||
service_name: octavia_deployment_config
|
||||
upgrade_tasks: []
|
||||
puppet_config:
|
||||
config_image: ''
|
||||
config_volume: ''
|
||||
step_config: ''
|
||||
docker_config: {}
|
||||
config_settings: {}
|
||||
workflow_tasks:
|
||||
step5:
|
||||
- name: octavia_post_workflow
|
||||
workflow: { get_param: OctaviaPostWorkflowName }
|
||||
input:
|
||||
amp_image_name: { get_param: OctaviaAmphoraImageName }
|
||||
amp_image_filename: {get_param: OctaviaAmphoraImageFilename }
|
||||
amp_image_tag: { get_param: OctaviaAmphoraImageTag }
|
||||
lb_mgmt_net_name: { get_param: OctaviaControlNetwork }
|
||||
lb_mgmt_subnet_name: { get_param: OctaviaControlSubnet }
|
||||
lb_sec_group_name: { get_param: OctaviaControlSubnet }
|
||||
lb_mgmt_subnet_cidr: { get_param: OctaviaControlSubnetCidr }
|
||||
lb_mgmt_subnet_gateway: { get_param: OctaviaControlSubnetGateway }
|
||||
lb_mgmt_subnet_pool_start: { get_param: OctaviaControlSubnetPoolStart }
|
||||
lb_mgmt_subnet_pool_end: { get_param: OctaviaControlSubnetPoolEnd }
|
||||
ca_cert_path: { get_param: OctaviaCaCertFile }
|
||||
ca_private_key_path: { get_param: OctaviaCaKeyFile }
|
||||
ca_passphrase: { get_param: OctaviaCaKeyPassphrase }
|
||||
client_cert_path: { get_param: OctaviaClientCertFile }
|
||||
generate_certs: { get_param: OctaviaGenerateCerts }
|
||||
mgmt_port_dev: { get_param: OctaviaMgmtPortDevName }
|
||||
overcloud_password: { get_param: AdminPassword }
|
||||
overcloud_project: 'admin'
|
||||
overcloud_admin: 'admin'
|
||||
octavia_ansible_playbook: '/usr/share/tripleo-common/playbooks/octavia-files.yaml'
|
||||
overcloud_pub_auth_uri: { get_param: [EndpointMap, KeystoneV3Public, uri] }
|
|
@ -3,11 +3,14 @@ resource_registry:
|
|||
OS::TripleO::Services::OctaviaHousekeeping: ../../docker/services/octavia-housekeeping.yaml
|
||||
OS::TripleO::Services::OctaviaHealthManager: ../../docker/services/octavia-health-manager.yaml
|
||||
OS::TripleO::Services::OctaviaWorker: ../../docker/services/octavia-worker.yaml
|
||||
OS::TripleO::Services::OctaviaDeploymentConfig: ../../docker/services/octavia/octavia-deployment-config.yaml
|
||||
|
||||
parameter_defaults:
|
||||
NeutronServicePlugins: "qos,router,trunk,lbaasv2"
|
||||
NeutronEnableForceMetadata: true
|
||||
OctaviaCaCertFile: '/etc/octavia/certs/ca_01.pem'
|
||||
OctaviaCaKeyFile: '/etc/octavia/certs/private/cakey.pem'
|
||||
OctaviaCaKeyPassphrase: 'foobar'
|
||||
OctaviaClientCertFile: '/etc/octavia/certs/client.pem'
|
||||
|
||||
# This flag enables internal generation of certificates for communication
|
||||
# with amphorae. Use OctaviaCaCert, OctaviaCaKey, OctaviaCaKeyPassphrase
|
||||
# and OctaviaClient cert to configure secure production environments.
|
||||
OctaviaGenerateCerts: true
|
||||
|
||||
|
|
|
@ -303,6 +303,7 @@ resource_registry:
|
|||
OS::TripleO::Services::OctaviaHealthManager: OS::Heat::None
|
||||
OS::TripleO::Services::OctaviaHousekeeping: OS::Heat::None
|
||||
OS::TripleO::Services::OctaviaWorker: OS::Heat::None
|
||||
OS::TripleO::Services::OctaviaDeploymentConfig: OS::Heat::None
|
||||
OS::TripleO::Services::MySQLClient: puppet/services/database/mysql-client.yaml
|
||||
OS::TripleO::Services::Vpp: OS::Heat::None
|
||||
OS::TripleO::Services::NeutronVppAgent: OS::Heat::None
|
||||
|
|
|
@ -60,7 +60,7 @@ parameters:
|
|||
description: Dictionary describing the nova flavor for amphora.
|
||||
type: json
|
||||
OctaviaManageNovaFlavor:
|
||||
default: false
|
||||
default: true
|
||||
description: Configure the nova flavor for the amphora.
|
||||
type: boolean
|
||||
OctaviaClientCertFile:
|
||||
|
|
|
@ -121,6 +121,7 @@
|
|||
- OS::TripleO::Services::Ntp
|
||||
- OS::TripleO::Services::ContainersLogrotateCrond
|
||||
- OS::TripleO::Services::OctaviaApi
|
||||
- OS::TripleO::Services::OctaviaDeploymentConfig
|
||||
- OS::TripleO::Services::OctaviaHealthManager
|
||||
- OS::TripleO::Services::OctaviaHousekeeping
|
||||
- OS::TripleO::Services::OctaviaWorker
|
||||
|
|
|
@ -117,6 +117,7 @@
|
|||
- OS::TripleO::Services::Ntp
|
||||
- OS::TripleO::Services::ContainersLogrotateCrond
|
||||
- OS::TripleO::Services::OctaviaApi
|
||||
- OS::TripleO::Services::OctaviaDeploymentConfig
|
||||
- OS::TripleO::Services::OctaviaHealthManager
|
||||
- OS::TripleO::Services::OctaviaHousekeeping
|
||||
- OS::TripleO::Services::OctaviaWorker
|
||||
|
|
|
@ -95,6 +95,7 @@
|
|||
- OS::TripleO::Services::Ntp
|
||||
- OS::TripleO::Services::ContainersLogrotateCrond
|
||||
- OS::TripleO::Services::OctaviaApi
|
||||
- OS::TripleO::Services::OctaviaDeploymentConfig
|
||||
- OS::TripleO::Services::OctaviaHealthManager
|
||||
- OS::TripleO::Services::OctaviaHousekeeping
|
||||
- OS::TripleO::Services::OctaviaWorker
|
||||
|
|
|
@ -124,6 +124,7 @@
|
|||
- OS::TripleO::Services::Ntp
|
||||
- OS::TripleO::Services::ContainersLogrotateCrond
|
||||
- OS::TripleO::Services::OctaviaApi
|
||||
- OS::TripleO::Services::OctaviaDeploymentConfig
|
||||
- OS::TripleO::Services::OctaviaHealthManager
|
||||
- OS::TripleO::Services::OctaviaHousekeeping
|
||||
- OS::TripleO::Services::OctaviaWorker
|
||||
|
|
Loading…
Reference in New Issue