Merge "Add NovaLocalMetadataPerCell cell support"

deployment/nova/nova-metadata-container-puppet.yaml

@@ -63,6 +63,19 @@ parameters:
   MonitoringSubscriptionNovaMetadata:
     default: 'overcloud-nova-metadata'
     type: string
+  NovaLocalMetadataPerCell:
+    default: false
+    description: >
+      Indicates that the nova-metadata API service has been deployed
+      per-cell, so that we can have better performance and data isolation in a
+      multi-cell deployment. Users should consider the use of this configuration
+      depending on how neutron is setup. If networks span cells, you might need
+      to run nova-metadata API service globally. If your networks are segmented
+      along cell boundaries, then you can run nova-metadata API service per cell.
+      When running nova-metadata API service per cell, you should also configure
+      each Neutron metadata-agent to point to the corresponding nova-metadata API
+      service.
+    type: boolean
 
 conditions:
   internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
@@ -127,6 +140,7 @@ outputs:
             nova_metadata_wsgi_enabled: true
             nova::wsgi::apache_metadata::api_port: '8775'
             nova::wsgi::apache_metadata::ssl: {get_param: EnableInternalTLS}
+            nova::metadata::local_metadata_per_cell: {get_param: NovaLocalMetadataPerCell}
             # NOTE: bind IP is found in Heat replacing the network name with the local node IP
             # for the given network; replacement examples (eg. for internal_api):
             # internal_api -> IP

deployment/ovn/ovn-metadata-container-puppet.yaml

@@ -158,13 +158,7 @@ outputs:
             neutron::agents::ovn_metadata::auth_password: {get_param: NeutronPassword}
             neutron::agents::ovn_metadata::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
             neutron::agents::ovn_metadata::auth_tenant: 'service'
-            neutron::agents::ovn_metadata::metadata_ip: "%{hiera('nova_metadata_vip')}"
+            neutron::agents::ovn_metadata::metadata_host: {get_param: [EndpointMap, NovaMetadataCellInternal, host_nobrackets]}
-            neutron::agents::ovn_metadata::metadata_host:
-              str_replace:
-                template:
-                  "%{hiera('cloud_name_$NETWORK')}"
-                params:
-                  $NETWORK: {get_param: [ServiceNetMap, NovaMetadataNetwork]}
             neutron::agents::ovn_metadata::ovsdb_connection_timeout: {get_param: OVNDbConnectionTimeout}
             ovn::southbound::port: {get_param: OVNSouthboundServerPort}
             tripleo::profile::base::neutron::ovn_metadata::ovn_db_host: {get_param: [EndpointMap, OvnDbInternal, host_nobrackets]}

environments/ssl/no-tls-endpoints-public-ip.yaml

@@ -76,6 +76,7 @@ parameter_defaults:
     NovaAdmin: {protocol: http, port: '8774', host: IP_ADDRESS}
     NovaInternal: {protocol: http, port: '8774', host: IP_ADDRESS}
     NovaPublic: {protocol: http, port: '8774', host: IP_ADDRESS}
+    NovaMetadataInternal: {protocol: http, port: '8775', host: IP_ADDRESS}
     NovaUIConfig: {protocol: http, port: '3000', host: IP_ADDRESS}
     PlacementAdmin: {protocol: http, port: '8778', host: IP_ADDRESS}
     PlacementInternal: {protocol: http, port: '8778', host: IP_ADDRESS}

environments/ssl/tls-endpoints-public-dns.yaml

@@ -72,6 +72,7 @@ parameter_defaults:
     NovaAdmin: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'}
     NovaInternal: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'}
     NovaPublic: {protocol: 'https', port: '13774', host: 'CLOUDNAME'}
+    NovaMetadataInternal: {protocol: 'https', port: '8775', host: 'IP_ADDRESS'}
     NovaUIConfig: {protocol: 'https', port: '443', host: 'IP_ADDRESS'}
     PlacementAdmin: {protocol: 'http', port: '8778', host: 'IP_ADDRESS'}
     PlacementInternal: {protocol: 'http', port: '8778', host: 'IP_ADDRESS'}

environments/ssl/tls-endpoints-public-ip.yaml

@@ -72,6 +72,7 @@ parameter_defaults:
     NovaAdmin: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'}
     NovaInternal: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'}
     NovaPublic: {protocol: 'https', port: '13774', host: 'IP_ADDRESS'}
+    NovaMetadataInternal: {protocol: 'https', port: '8775', host: 'IP_ADDRESS'}
     NovaUIConfig: {protocol: 'https', port: '443', host: 'IP_ADDRESS'}
     PlacementAdmin: {protocol: 'http', port: '8778', host: 'IP_ADDRESS'}
     PlacementInternal: {protocol: 'http', port: '8778', host: 'IP_ADDRESS'}

environments/ssl/tls-everywhere-endpoints-dns.yaml

@@ -72,6 +72,7 @@ parameter_defaults:
     NovaAdmin: {protocol: 'https', port: '8774', host: 'CLOUDNAME'}
     NovaInternal: {protocol: 'https', port: '8774', host: 'CLOUDNAME'}
     NovaPublic: {protocol: 'https', port: '13774', host: 'CLOUDNAME'}
+    NovaMetadataInternal: {protocol: 'https', port: '8775', host: 'CLOUDNAME'}
     NovaUIConfig: {protocol: 'https', port: '443', host: 'CLOUDNAME'}
     PlacementAdmin: {protocol: 'https', port: '8778', host: 'CLOUDNAME'}
     PlacementInternal: {protocol: 'https', port: '8778', host: 'CLOUDNAME'}

network/endpoints/endpoint_data.yaml

@@ -404,3 +404,8 @@ OpenDaylight:
     Admin:
         net_param: OpendaylightApi
     port: 8081
+
+NovaMetadata:
+    Internal:
+        net_param: NovaMetadata
+    port: 8775

overcloud.j2.yaml

@@ -156,6 +156,20 @@ parameters:
     description: Whether this is an cell additional to the default cell.
     type: boolean
 
+  NovaLocalMetadataPerCell:
+    default: false
+    description: >
+      Indicates that the nova-metadata API service has been deployed
+      per-cell, so that we can have better performance and data isolation in a
+      multi-cell deployment. Users should consider the use of this configuration
+      depending on how neutron is setup. If networks span cells, you might need
+      to run nova-metadata API service globally. If your networks are segmented
+      along cell boundaries, then you can run nova-metadata API service per cell.
+      When running nova-metadata API service per cell, you should also configure
+      each Neutron metadata-agent to point to the corresponding nova-metadata API
+      service.
+    type: boolean
+
   # Jinja loop for Role in role_data.yaml
 {% for role in roles %}
   {{role.name}}ExtraConfig:
@@ -322,6 +336,18 @@ conditions:
         - equals:
           - get_param: [EndpointMapOverride, NovaVNCProxyCellPublic]
           - ''
+  set_default_nova_metadata_cell_internal:
+    or:
+      - equals:
+        - get_param: NovaLocalMetadataPerCell
+        - true
+      - and:
+        - equals:
+          - get_param: NovaLocalMetadataPerCell
+          - false
+        - equals:
+          - get_param: [EndpointMapOverride, NovaMetadataCellInternal]
+          - ''
 
 resources:
 
@@ -441,6 +467,10 @@ resources:
             - set_default_nova_vnc_proxy_cell_public
             - NovaVNCProxyCellPublic: {get_attr: [EndpointMap, endpoint_map, NovaVNCProxyPublic]}
             - {}
+          - if:
+            - set_default_nova_metadata_cell_internal
+            - NovaMetadataCellInternal: {get_attr: [EndpointMap, endpoint_map, NovaMetadataInternal]}
+            - {}
 
   # Creates the "heat-admin" user if configured via the environment
   # Should return a OS::Heat::MultipartMime reference via OS::stack_id

releasenotes/notes/nova_local_metadata_per_cell-c374bd46a825c07e.yaml

@@ -0,0 +1,11 @@
+---
+features:
+  - |
+    Adds NovaLocalMetadataPerCell cell support, default false.
+    Indicates that the nova-metadata API service has been deployed
+    per-cell, so that we can have better performance and data isolation
+    in a multi-cell deployment. Users should consider the use of this
+    configuration depending on how neutron is setup. If networks span
+    cells, you might need to run nova-metadata API service globally.
+    If your networks are segmented along cell boundaries, then you can
+    run nova-metadata API service per cell.

roles/CellController.yaml

@@ -9,11 +9,16 @@
     - primary
     - controller
   networks:
-    - External
+    External:
-    - InternalApi
+      subnet: external_subnet
-    - Storage
+    InternalApi:
-    - StorageMgmt
+      subnet: internal_api_subnet
-    - Tenant
+    Storage:
+      subnet: storage_subnet
+    StorageMgmt:
+      subnet: storage_mgmt_subnet
+    Tenant:
+      subnet: tenant_subnet
   # For systems with both IPv4 and IPv6, you may specify a gateway network for
   # each, such as ['ControlPlane', 'External']
   default_route_networks: ['External']
@@ -38,7 +43,9 @@
     - OS::TripleO::Services::MetricsQdr
     - OS::TripleO::Services::MySQL
     - OS::TripleO::Services::MySQLClient
+    - OS::TripleO::Services::NeutronMetadataAgent
     - OS::TripleO::Services::NovaConductor
+    - OS::TripleO::Services::NovaMetadata
     - OS::TripleO::Services::NovaVncProxy
     - OS::TripleO::Services::ContainersLogrotateCrond
     - OS::TripleO::Services::Pacemaker

sample-env-generator/ssl.yaml

@@ -180,6 +180,7 @@ environments:
             NovaAdmin: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'}
             NovaInternal: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'}
             NovaPublic: {protocol: 'https', port: '13774', host: 'IP_ADDRESS'}
+            NovaMetadataInternal: {protocol: 'https', port: '8775', host: 'IP_ADDRESS'}
             NovaUIConfig: {protocol: 'https', port: '443', host: 'IP_ADDRESS'}
             PlacementAdmin: {protocol: 'http', port: '8778', host: 'IP_ADDRESS'}
             PlacementInternal: {protocol: 'http', port: '8778', host: 'IP_ADDRESS'}
@@ -291,6 +292,7 @@ environments:
             NovaAdmin: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'}
             NovaInternal: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'}
             NovaPublic: {protocol: 'https', port: '13774', host: 'CLOUDNAME'}
+            NovaMetadataInternal: {protocol: 'https', port: '8775', host: 'IP_ADDRESS'}
             NovaUIConfig: {protocol: 'https', port: '443', host: 'IP_ADDRESS'}
             PlacementAdmin: {protocol: 'http', port: '8778', host: 'IP_ADDRESS'}
             PlacementInternal: {protocol: 'http', port: '8778', host: 'IP_ADDRESS'}
@@ -402,6 +404,7 @@ environments:
             NovaAdmin: {protocol: 'https', port: '8774', host: 'CLOUDNAME'}
             NovaInternal: {protocol: 'https', port: '8774', host: 'CLOUDNAME'}
             NovaPublic: {protocol: 'https', port: '13774', host: 'CLOUDNAME'}
+            NovaMetadataInternal: {protocol: 'https', port: '8775', host: 'CLOUDNAME'}
             NovaUIConfig: {protocol: 'https', port: '443', host: 'CLOUDNAME'}
             PlacementAdmin: {protocol: 'https', port: '8778', host: 'CLOUDNAME'}
             PlacementInternal: {protocol: 'https', port: '8778', host: 'CLOUDNAME'}
@@ -523,6 +526,7 @@ environments:
             NovaAdmin: {protocol: http, port: '8774', host: IP_ADDRESS}
             NovaInternal: {protocol: http, port: '8774', host: IP_ADDRESS}
             NovaPublic: {protocol: http, port: '8774', host: IP_ADDRESS}
+            NovaMetadataInternal: {protocol: http, port: '8775', host: IP_ADDRESS}
             NovaUIConfig: {protocol: http, port: '3000', host: IP_ADDRESS}
             PlacementAdmin: {protocol: http, port: '8778', host: IP_ADDRESS}
             PlacementInternal: {protocol: http, port: '8778', host: IP_ADDRESS}