Run Octavia configuration on the overcloud

Fully configuring Octavia requires resources such as the load balancer
management network and amphora image to be created in the overcloud
during deployment. This is handled through some ansible driven through a
mistral workflow. This patch enables configuring and triggering this
workflow from heat.

Co-Authored-By: Brent Eagles <beagles@redhat.com>
Depends-on: If07ded033be9f44b7c7a7e09214032fa89a02e77

Change-Id: I2d10dbd33b3a0ed0463096849d01aa2c1b9f293e
changes/95/508195/28
Or Idgar 5 years ago
parent 39c6233306
commit 9d692aaa2f
  1. 21
      docker/services/octavia-worker.yaml
  2. 155
      docker/services/octavia/octavia-deployment-config.yaml
  3. 11
      environments/services-docker/octavia.yaml
  4. 1
      overcloud-resource-registry-puppet.j2.yaml
  5. 2
      puppet/services/octavia-worker.yaml
  6. 1
      roles/Controller.yaml
  7. 1
      roles/ControllerNoCeph.yaml
  8. 1
      roles/ControllerOpenstack.yaml
  9. 1
      roles_data.yaml

@ -66,7 +66,10 @@ outputs:
config_volume: octavia
puppet_tags: octavia_config
step_config:
get_attr: [OctaviaWorkerPuppetBase, role_data, step_config]
list_join:
- "\n"
- - "['nova_flavor'].each |String $val| { noop_resource($val) }"
- {get_attr: [OctaviaWorkerPuppetBase, role_data, step_config]}
config_image: {get_param: DockerOctaviaConfigImage}
kolla_config:
/var/lib/kolla/config_files/octavia_worker.json:
@ -108,6 +111,15 @@ outputs:
- /var/log/containers/octavia:/var/log/octavia
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
docker_puppet_tasks:
step_5:
config_volume: octavia
puppet_tags: nova_flavor
step_config:
get_attr: [OctaviaWorkerPuppetBase, role_data, step_config]
config_image: {get_param: DockerOctaviaConfigImage}
volumes:
- /var/lib/config-data/puppet-generated/nova/etc/nova:/etc/nova:ro
host_prep_tasks:
- name: create persistent logs directory
file:
@ -120,6 +132,13 @@ outputs:
Log files from octavia containers can be found under
/var/log/containers/octavia and /var/log/containers/httpd/octavia-api.
ignore_errors: true
- name: Ensure packages required for configuring octavia are present
yum: name={{item}} state=present
tags: step4
with_items:
- python2-neutronclient
- python2-openstackclient
- openssl
upgrade_tasks:
- name: Stop and disable octavia_worker service
when: step|int == 2

@ -0,0 +1,155 @@
heat_template_version: pike
description: >
Configuration of Octavia as-a-service resources in the overcloud.
parameters:
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
OctaviaPostWorkflowName:
description: Mistral workflow name for octavia configuration steps
once the overcloud is ready.
type: string
default: 'tripleo.octavia_post.v1.octavia_post_deploy'
OctaviaAmphoraImageName:
description: The glance image name used when spawning amphorae
type: string
default: 'octavia-amphora'
OctaviaAmphoraImageFilename:
description: Filename for the amphora image
type: string
default: '/usr/share/openstack-octavia-amphora-images/amphora-x64-haproxy.qcow2'
OctaviaAmphoraImageTag:
default: 'amphora-image'
description: Glance image tag for identifying the amphora image.
type: string
OctaviaControlNetwork:
description: The name for the neutron network used for the amphora
control network
type: string
default: 'lb-mgmt-net'
OctaviaControlSubnet:
description: The name for the neutron subnet used for the amphora
control network
type: string
default: 'lb-mgmt-subnet'
OctaviaControlSecurityGroup:
description: The name for the neutron security group used to
control access on the amphora control network
type: string
default: 'lb-mgmt-sec-group'
OctaviaControlSubnetCidr:
description: Subnet for amphora control subnet in CIDR form.
type: string
default: '192.168.199.0/24'
OctaviaControlSubnetGateway:
description: IP address for control network gateway
type: string
default: '192.168.199.1'
OctaviaControlSubnetPoolStart:
description: First address in amphora control subnet address
pool.
type: string
default: '192.168.199.50'
OctaviaControlSubnetPoolEnd:
description: First address in amphora control subnet address
pool.
type: string
default: '192.168.199.200'
OctaviaCaCertFile:
type: string
default: '/etc/octavia/certs/ca_01.pem'
description: Octavia CA certificate file path.
OctaviaCaKeyFile:
type: string
default: '/etc/octavia/certs/private/cakey.pem'
description: Octavia CA private key file path.
OctaviaCaKeyPassphrase:
description: CA private key passphrase.
type: string
hidden: true
OctaviaClientCertFile:
default: '/etc/octavia/certs/client.pem'
description: client certificate for amphoras
type: string
OctaviaGenerateCerts:
type: boolean
default: false
description: Enable internal generation of certificates for secure
communication with amphorae for isolated private clouds or
systems where security is not a concern. Otherwise, use
OctaviaCaCert, OctaviaCaKey, OctaviaCaKeyPassphrase and
OctaviaClientCert to configure Octavia.
OctaviaMgmtPortDevName:
type: string
default: "o-hm0"
description: Name of the octavia management network interface using
for communication between octavia worker/health-manager
with the amphora machine.
AdminPassword:
description: The password for the keystone admin account, used for monitoring, querying neutron etc.
type: string
hidden: true
outputs:
role_data:
description: Role data for the Octavia configuration service
value:
service_name: octavia_deployment_config
upgrade_tasks: []
puppet_config:
config_image: ''
config_volume: ''
step_config: ''
docker_config: {}
config_settings: {}
workflow_tasks:
step5:
- name: octavia_post_workflow
workflow: { get_param: OctaviaPostWorkflowName }
input:
amp_image_name: { get_param: OctaviaAmphoraImageName }
amp_image_filename: {get_param: OctaviaAmphoraImageFilename }
amp_image_tag: { get_param: OctaviaAmphoraImageTag }
lb_mgmt_net_name: { get_param: OctaviaControlNetwork }
lb_mgmt_subnet_name: { get_param: OctaviaControlSubnet }
lb_sec_group_name: { get_param: OctaviaControlSubnet }
lb_mgmt_subnet_cidr: { get_param: OctaviaControlSubnetCidr }
lb_mgmt_subnet_gateway: { get_param: OctaviaControlSubnetGateway }
lb_mgmt_subnet_pool_start: { get_param: OctaviaControlSubnetPoolStart }
lb_mgmt_subnet_pool_end: { get_param: OctaviaControlSubnetPoolEnd }
ca_cert_path: { get_param: OctaviaCaCertFile }
ca_private_key_path: { get_param: OctaviaCaKeyFile }
ca_passphrase: { get_param: OctaviaCaKeyPassphrase }
client_cert_path: { get_param: OctaviaClientCertFile }
generate_certs: { get_param: OctaviaGenerateCerts }
mgmt_port_dev: { get_param: OctaviaMgmtPortDevName }
overcloud_password: { get_param: AdminPassword }
overcloud_project: 'admin'
overcloud_admin: 'admin'
octavia_ansible_playbook: '/usr/share/tripleo-common/playbooks/octavia-files.yaml'
overcloud_pub_auth_uri: { get_param: [EndpointMap, KeystoneV3Public, uri] }

@ -3,11 +3,14 @@ resource_registry:
OS::TripleO::Services::OctaviaHousekeeping: ../../docker/services/octavia-housekeeping.yaml
OS::TripleO::Services::OctaviaHealthManager: ../../docker/services/octavia-health-manager.yaml
OS::TripleO::Services::OctaviaWorker: ../../docker/services/octavia-worker.yaml
OS::TripleO::Services::OctaviaDeploymentConfig: ../../docker/services/octavia/octavia-deployment-config.yaml
parameter_defaults:
NeutronServicePlugins: "qos,router,trunk,lbaasv2"
NeutronEnableForceMetadata: true
OctaviaCaCertFile: '/etc/octavia/certs/ca_01.pem'
OctaviaCaKeyFile: '/etc/octavia/certs/private/cakey.pem'
OctaviaCaKeyPassphrase: 'foobar'
OctaviaClientCertFile: '/etc/octavia/certs/client.pem'
# This flag enables internal generation of certificates for communication
# with amphorae. Use OctaviaCaCert, OctaviaCaKey, OctaviaCaKeyPassphrase
# and OctaviaClient cert to configure secure production environments.
OctaviaGenerateCerts: true

@ -303,6 +303,7 @@ resource_registry:
OS::TripleO::Services::OctaviaHealthManager: OS::Heat::None
OS::TripleO::Services::OctaviaHousekeeping: OS::Heat::None
OS::TripleO::Services::OctaviaWorker: OS::Heat::None
OS::TripleO::Services::OctaviaDeploymentConfig: OS::Heat::None
OS::TripleO::Services::MySQLClient: puppet/services/database/mysql-client.yaml
OS::TripleO::Services::Vpp: OS::Heat::None
OS::TripleO::Services::NeutronVppAgent: OS::Heat::None

@ -60,7 +60,7 @@ parameters:
description: Dictionary describing the nova flavor for amphora.
type: json
OctaviaManageNovaFlavor:
default: false
default: true
description: Configure the nova flavor for the amphora.
type: boolean
OctaviaClientCertFile:

@ -120,6 +120,7 @@
- OS::TripleO::Services::Ntp
- OS::TripleO::Services::ContainersLogrotateCrond
- OS::TripleO::Services::OctaviaApi
- OS::TripleO::Services::OctaviaDeploymentConfig
- OS::TripleO::Services::OctaviaHealthManager
- OS::TripleO::Services::OctaviaHousekeeping
- OS::TripleO::Services::OctaviaWorker

@ -116,6 +116,7 @@
- OS::TripleO::Services::Ntp
- OS::TripleO::Services::ContainersLogrotateCrond
- OS::TripleO::Services::OctaviaApi
- OS::TripleO::Services::OctaviaDeploymentConfig
- OS::TripleO::Services::OctaviaHealthManager
- OS::TripleO::Services::OctaviaHousekeeping
- OS::TripleO::Services::OctaviaWorker

@ -94,6 +94,7 @@
- OS::TripleO::Services::Ntp
- OS::TripleO::Services::ContainersLogrotateCrond
- OS::TripleO::Services::OctaviaApi
- OS::TripleO::Services::OctaviaDeploymentConfig
- OS::TripleO::Services::OctaviaHealthManager
- OS::TripleO::Services::OctaviaHousekeeping
- OS::TripleO::Services::OctaviaWorker

@ -123,6 +123,7 @@
- OS::TripleO::Services::Ntp
- OS::TripleO::Services::ContainersLogrotateCrond
- OS::TripleO::Services::OctaviaApi
- OS::TripleO::Services::OctaviaDeploymentConfig
- OS::TripleO::Services::OctaviaHealthManager
- OS::TripleO::Services::OctaviaHousekeeping
- OS::TripleO::Services::OctaviaWorker

Loading…
Cancel
Save