Deprecate service ipv6 params

Detect the IP version used instead of relying on the
user specifying the IP version for services.

The IP version is stored in a net_ip_version_map which
is passed to all services in ServiceData.

Deprecates the following parameters:
 CephIPv6, CorosyncIPv6, RabbitIPv6, MemcachedIPv6,
 MysqlIPv6, RedisIPv6 and NeutronOverlayIPVersion.

Change-Id: Iebfd8ef686381be2f45d0d4c45dfd6bf654d1ac6
changes/98/723898/9
Harald Jensås 2 years ago
parent a44b659bcf
commit a03f33a7d4
  1. 4
      ci/environments/network/multiple-nics-ipv6/network-isolation-absolute.yaml
  2. 4
      ci/environments/network/multiple-nics-ipv6/network-isolation.yaml
  3. 7
      deployment/ceph-ansible/ceph-base.yaml
  4. 15
      deployment/database/mysql-base.yaml
  5. 21
      deployment/database/redis-base-puppet.yaml
  6. 17
      deployment/database/redis-pacemaker-puppet.yaml
  7. 16
      deployment/horizon/horizon-container-puppet.yaml
  8. 16
      deployment/neutron/neutron-plugin-ml2.yaml
  9. 12
      deployment/nova/nova-api-container-puppet.yaml
  10. 16
      deployment/pacemaker/pacemaker-baremetal-puppet.yaml
  11. 16
      deployment/rabbitmq/rabbitmq-container-puppet.yaml
  12. 2
      environments/network-environment-v6-all.j2.yaml
  13. 16
      environments/network-isolation-v6-all.j2.yaml
  14. 12
      environments/network-isolation-v6.j2.yaml
  15. 41
      network/network.j2
  16. 6
      network/networks.j2.yaml
  17. 13
      overcloud.j2.yaml
  18. 7
      releasenotes/notes/deprecate-sevice-ipv6-params-e301590647a0c8f5.yaml
  19. 3
      tools/yaml-validate.py

@ -27,9 +27,5 @@ resource_registry:
OS::TripleO::Controller::Ports::TenantPort: /usr/share/openstack-tripleo-heat-templates/network/ports/tenant.yaml
OS::TripleO::Compute::Ports::TenantPort: /usr/share/openstack-tripleo-heat-templates/network/ports/tenant.yaml
parameter_defaults:
CephIPv6: True
CorosyncIPv6: True
RabbitIPv6: True
MemcachedIPv6: True
ManilaIPv6: True

@ -27,8 +27,4 @@ resource_registry:
OS::TripleO::Controller::Ports::TenantPort: ../../../../network/ports/tenant.yaml
OS::TripleO::Compute::Ports::TenantPort: ../../../../network/ports/tenant.yaml
parameter_defaults:
CephIPv6: True
CorosyncIPv6: True
RabbitIPv6: True
MemcachedIPv6: True
ManilaIPv6: True

@ -331,6 +331,7 @@ parameter_groups:
- LocalCephAnsibleFetchDirectoryBackup
- SwiftFetchDirGetTempurl
- SwiftFetchDirPutTempurl
- CephIPv6
conditions:
deprecated_data_pool_pgnum: {not: {equals: [{get_param: ManilaCephFSDataPoolPGNum}, 128]}}
@ -367,6 +368,10 @@ conditions:
expression: let(location => $.data.rightSplit(':', 1)[0]) -> regex('(?:https?://)?(.*?)/(.*)').split($location)[1]
data: {get_param: ContainerCephDaemonImage}
expression: let(c => $.data.cred) -> $c.get($.data.ns, {}).values().last(default => "").isEmpty()
is_ipv6:
equals:
- {get_param: [ServiceData, net_ip_version_map, {get_param: [ServiceNetMap, CephMonNetwork]}]}
- 6
resources:
ContainerImageUrlParts:
@ -536,7 +541,7 @@ resources:
- get_param: [ServiceData, net_cidr_map, {get_param: [ServiceNetMap, CephClusterNetwork]}]
ip_version:
if:
- {get_param: CephIPv6}
- is_ipv6
- ipv6
- ipv4
dashboard_enabled: {get_param: CephEnableDashboard}

@ -63,10 +63,23 @@ parameters:
description: Enable IPv6 in MySQL
type: boolean
parameter_groups:
- label: deprecated
description: |
The following parameters are deprecated and will be removed. They should not
be relied on for new deployments. If you have concerns regarding deprecated
parameters, please contact the TripleO development team on IRC or the
OpenStack mailing list.
parameters:
- MysqlIPv6
conditions:
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
is_ipv6:
equals:
- {get_param: [ServiceData, net_ip_version_map, {get_param: [ServiceNetMap, MysqlNetwork]}]}
- 6
outputs:
role_data:
@ -83,7 +96,7 @@ outputs:
# in tripleo-puppet-elements.
mysql::server::package_name: 'mariadb-galera-server'
mysql::server::manage_config_file: true
mysql_ipv6: {get_param: MysqlIPv6}
mysql_ipv6: {if: [is_ipv6, true, false]}
mysql_max_connections: {get_param: MysqlMaxConnections}
mysql::server::root_password:
yaql:

@ -46,9 +46,22 @@ parameters:
description: Enable IPv6 in Redis
type: boolean
parameter_groups:
- label: deprecated
description: |
The following parameters are deprecated and will be removed. They should not
be relied on for new deployments. If you have concerns regarding deprecated
parameters, please contact the TripleO development team on IRC or the
OpenStack mailing list.
parameters:
- RedisIPv6
conditions:
use_tls_proxy: {equals : [{get_param: EnableInternalTLS}, true]}
redis_ipv6: {get_param: RedisIPv6}
is_ipv6:
equals:
- {get_param: [ServiceData, net_ip_version_map, {get_param: [ServiceNetMap, RedisNetwork]}]}
- 6
outputs:
role_data:
@ -59,7 +72,7 @@ outputs:
redis::requirepass: {get_param: RedisPassword}
redis::masterauth: {get_param: RedisPassword}
redis::sentinel_auth_pass: {get_param: RedisPassword}
redis_ipv6: {get_param: RedisIPv6}
redis_ipv6: {if: [is_ipv6, true, false]}
# NOTE: bind IP is found in hiera replacing the network name with the local node IP
# for the given network; replacement examples (eg. for internal_api):
# internal_api -> IP
@ -71,7 +84,7 @@ outputs:
if:
- use_tls_proxy
- if:
- redis_ipv6
- is_ipv6
- '::1'
- '127.0.0.1'
- str_replace:
@ -87,7 +100,7 @@ outputs:
if:
- use_tls_proxy
- if:
- redis_ipv6
- is_ipv6
- '::1'
- '127.0.0.1'
- str_replace:

@ -68,12 +68,25 @@ parameters:
Setting this to a unique value will re-run any deployment tasks which
perform configuration on a Heat stack-update.
parameter_groups:
- label: deprecated
description: |
The following parameters are deprecated and will be removed. They should not
be relied on for new deployments. If you have concerns regarding deprecated
parameters, please contact the TripleO development team on IRC or the
OpenStack mailing list.
parameters:
- RedisIPv6
conditions:
puppet_debug_enabled: {get_param: ConfigDebug}
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
redis_ipv6: {get_param: RedisIPv6}
docker_enabled: {equals: [{get_param: ContainerCli}, 'docker']}
common_tag_enabled: {equals: [{get_param: ClusterCommonTag}, true]}
is_ipv6:
equals:
- {get_param: [ServiceData, net_ip_version_map, {get_param: [ServiceNetMap, RedisNetwork]}]}
- 6
resources:
@ -154,7 +167,7 @@ outputs:
tripleo::profile::pacemaker::database::redis_bundle::tls_tunnel_base_port: 6660
tripleo::profile::pacemaker::database::redis_bundle::tls_tunnel_local_name:
if:
- redis_ipv6
- is_ipv6
- '::1'
- '127.0.0.1'
- {}

@ -129,11 +129,25 @@ parameters:
containing Keystone domain name and a human-readable description of
the domain respectively.
parameter_groups:
- label: deprecated
description: |
The following parameters are deprecated and will be removed. They should not
be relied on for new deployments. If you have concerns regarding deprecated
parameters, please contact the TripleO development team on IRC or the
OpenStack mailing list.
parameters:
- MemcachedIPv6
conditions:
debug_unset: {equals : [{get_param: Debug}, '']}
websso_enabled: {equals : [{get_param: WebSSOEnable}, True]}
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
horizon_domain_choices_set: {not: {equals: [{get_param: HorizonDomainChoices}, []]}}
is_ipv6:
equals:
- {get_param: [ServiceData, net_ip_version_map, {get_param: [ServiceNetMap, HorizonNetwork]}]}
- 6
resources:
@ -178,7 +192,7 @@ outputs:
- {get_param: HorizonSecret}
- {get_param: [DefaultPasswords, horizon_secret]}
horizon::secure_cookies: {get_param: [HorizonSecureCookies]}
memcached_ipv6: {get_param: MemcachedIPv6}
memcached_ipv6: {if: [is_ipv6, true, false]}
horizon::servername:
str_replace:
template:

@ -104,6 +104,16 @@ parameters:
type: comma_delimited_list
default: ""
parameter_groups:
- label: deprecated
description: |
The following parameters are deprecated and will be removed. They should not
be relied on for new deployments. If you have concerns regarding deprecated
parameters, please contact the TripleO development team on IRC or the
OpenStack mailing list.
parameters:
- NeutronOverlayIPVersion
conditions:
physical_network_mtus_set: {not: {equals: [{get_param: NeutronML2PhysicalNetworkMtus}, []]}}
@ -136,9 +146,13 @@ outputs:
neutron::plugins::ml2::vni_ranges: {get_param: NeutronVniRanges}
neutron::plugins::ml2::tenant_network_types: {get_param: NeutronNetworkType}
neutron::plugins::ml2::firewall_driver: {get_param: NeutronFirewallDriver}
neutron::plugins::ml2::overlay_ip_version: {get_param: NeutronOverlayIPVersion}
neutron::plugins::ml2::ovs_driver::vnic_type_blacklist: {get_param: NeutronOvsVnicTypeBlacklist}
neutron::plugins::ml2::sriov_driver::vnic_type_blacklist: {get_param: NeutronSriovVnicTypeBlacklist}
neutron::plugins::ml2::overlay_ip_version:
get_param:
- ServiceData
- net_ip_version_map
- {get_param: [ServiceNetMap, NeutronTenantNetwork]}
- if:
- physical_network_mtus_set
- neutron::plugins::ml2::physical_network_mtus: {get_param: NeutronML2PhysicalNetworkMtus}

@ -102,13 +102,23 @@ parameters:
default: {}
type: json
parameter_groups:
- label: deprecated
description: |
The following parameters are deprecated and will be removed. They should not
be relied on for new deployments. If you have concerns regarding deprecated
parameters, please contact the TripleO development team on IRC or the
OpenStack mailing list.
parameters:
- MysqlIPv6
conditions:
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
mysql_ipv6_use_ip_address:
and:
- {equals: [{get_param: MysqlIPv6}, true]}
- {equals: [{get_param: [ServiceData, net_ip_version_map, {get_param: [ServiceNetMap, MysqlNetwork]}]}, 6]}
- {equals: [{get_param: EnableInternalTLS}, false]}
nova_workers_zero: {equals : [{get_param: NovaWorkers}, 0]}

@ -119,10 +119,24 @@ parameters:
constraints:
- allowed_pattern: "([1-9][0-9]*s)?"
parameter_groups:
- label: deprecated
description: |
The following parameters are deprecated and will be removed. They should not
be relied on for new deployments. If you have concerns regarding deprecated
parameters, please contact the TripleO development team on IRC or the
OpenStack mailing list.
parameters:
- CorosyncIPv6
conditions:
pcmk_tls_priorities_empty: {equals: [{get_param: PacemakerTLSPriorities}, '']}
pcmk_bundle_op_timeout_empty: {equals: [{get_param: PacemakerBundleOperationTimeout}, '']}
podman_enabled: {equals: [{get_param: ContainerCli}, 'podman']}
is_ipv6:
equals:
- {get_param: [ServiceData, net_ip_version_map, {get_param: [ServiceNetMap, PacemakerNetwork]}]}
- 6
outputs:
role_data:
@ -151,7 +165,7 @@ outputs:
pacemaker::resource::bundle::deep_compare: true
pacemaker::resource::ip::deep_compare: true
pacemaker::resource::ocf::deep_compare: true
corosync_ipv6: {get_param: CorosyncIPv6}
corosync_ipv6: {if: [is_ipv6, true, false]}
tripleo::fencing::config: {get_param: FencingConfig}
tripleo::fencing::deep_compare: true
enable_fencing: {get_param: EnableFencing}

@ -90,9 +90,23 @@ parameters:
Setting this to a unique value will re-run any deployment tasks which
perform configuration on a Heat stack-update.
parameter_groups:
- label: deprecated
description: |
The following parameters are deprecated and will be removed. They should not
be relied on for new deployments. If you have concerns regarding deprecated
parameters, please contact the TripleO development team on IRC or the
OpenStack mailing list.
parameters:
- RabbitIPv6
conditions:
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
is_ipv6:
equals:
- {get_param: [ServiceData, net_ip_version_map, {get_param: [ServiceNetMap, RabbitmqNetwork]}]}
- 6
resources:
@ -119,7 +133,7 @@ outputs:
rabbitmq::file_limit: {get_param: RabbitFDLimit}
rabbitmq::default_user: {get_param: RabbitUserName}
rabbitmq::default_pass: {get_param: RabbitPassword}
rabbit_ipv6: {get_param: RabbitIPv6}
rabbit_ipv6: {if: [is_ipv6, true, false]}
rabbitmq::delete_guest_user: false
rabbitmq::wipe_db_on_cookie_change: true
rabbitmq::port: 5672

@ -58,5 +58,3 @@ parameter_defaults:
# Customize bonding options, e.g. "mode=4 lacp_rate=1 updelay=1000 miimon=100"
# for Linux bonds w/LACP, or "bond_mode=active-backup" for OVS active/backup.
BondInterfaceOvsOptions: "bond_mode=active-backup"
# Specify Tunnel endpoints to be IPv6
NeutronOverlayIPVersion: 6

@ -48,21 +48,5 @@ resource_registry:
parameter_defaults:
# Enable IPv6 for Ceph.
CephIPv6: True
# Enable IPv6 for Corosync. This is required when Corosync is using an IPv6 IP in the cluster.
CorosyncIPv6: True
# Enable IPv6 for MongoDB. This is required when MongoDB is using an IPv6 IP.
MongoDbIPv6: True
# Enable IPv6 environment for RabbitMQ.
RabbitIPv6: True
# Enable IPv6 environment for Memcached.
MemcachedIPv6: True
# Enable IPv6 environment for MySQL.
MysqlIPv6: True
# Enable IPv6 environment for Manila
ManilaIPv6: True
# Enable IPv6 environment for Redis.
RedisIPv6: True
# Specify Tunnel endpoints to be IPv6
NeutronOverlayIPVersion: 6

@ -55,17 +55,5 @@ resource_registry:
parameter_defaults:
# Enable IPv6 for Ceph.
CephIPv6: True
# Enable IPv6 for Corosync. This is required when Corosync is using an IPv6 IP in the cluster.
CorosyncIPv6: True
# Enable IPv6 environment for RabbitMQ.
RabbitIPv6: True
# Enable IPv6 environment for Memcached.
MemcachedIPv6: True
# Enable IPv6 environment for MySQL.
MysqlIPv6: True
# Enable IPv6 environment for Manila
ManilaIPv6: True
# Enable IPv6 environment for Redis.
RedisIPv6: True

@ -17,12 +17,10 @@ parameters:
default: {'provider:physical_network': '{{network.name_lower}}', 'provider:network_type': 'flat'}
description: Value specs for the {{network.name_lower}} network.
type: json
{%- if not ":" in network.ip_subnet and not network.ipv6 and not ipv6_override %}
{{network.name}}NetEnableDHCP:
default: false
description: Whether to enable DHCP on the associated subnet (IPv4 only).
description: Whether to enable DHCP on the associated subnet.
type: boolean
{%- endif %}
{{network.name}}NetAdminStateUp:
default: false
description: The admin state of the network.
@ -146,6 +144,10 @@ parameters:
conditions:
manage_networks: {get_param: ManageNetworks}
is_ipv6:
yaql:
expression: '":" in $.data'
data: {get_param: {{network.name}}NetCidr}
resources:
{{network.name}}Network:
@ -176,13 +178,6 @@ resources:
external_id: {{ network.external_resource_subnet_id }}
{%- endif %}
properties:
{%- if ":" in network.ip_subnet or network.ipv6 or ipv6_override %}
ip_version: 6
ipv6_address_mode: {get_param: IPv6AddressMode}
ipv6_ra_mode: {get_param: IPv6RAMode}
{%- else %}
enable_dhcp: {get_param: {{network.name}}NetEnableDHCP}
{%- endif %}
cidr: {get_param: {{network.name}}NetCidr}
name: {get_param: {{network.name}}SubnetName}
network: {get_resource: {{network.name}}Network}
@ -191,6 +186,14 @@ resources:
host_routes: {get_param: {{network.name}}Routes}
# All networks have an implicit network segment when created, map this subnet to that segment.
segment: {get_attr: [{{network.name}}Network, segments, 0, id]}
ip_version: {if: [is_ipv6, 6, 4]}
{%- if ":" in network.ip_subnet or network.ipv6 or ipv6_override %}
ipv6_address_mode: {get_param: IPv6AddressMode}
ipv6_ra_mode: {get_param: IPv6RAMode}
{%- else %}
enable_dhcp: {get_param: {{network.name}}NetEnableDHCP}
{%- endif %}
{% for subnet in network.subnets|default({}) if network.subnets[subnet].enabled|default(true) %}
{{network.name}}Segment_{{subnet}}:
@ -217,13 +220,6 @@ resources:
external_id: {{ network.subnets[subnet].external_resource_subnet_id }}
{%- endif %}
properties:
{%- if ":" in network.ip_subnet or network.ipv6 or ipv6_override %}
ip_version: 6
ipv6_address_mode: {get_param: IPv6AddressMode}
ipv6_ra_mode: {get_param: IPv6RAMode}
{%- else %}
enable_dhcp: {get_param: {{network.name}}NetEnableDHCP}
{%- endif %}
cidr: {get_param: {{network.name}}SubnetCidr_{{subnet}}}
name: {{subnet}}
network: {get_resource: {{network.name}}Network}
@ -231,12 +227,23 @@ resources:
gateway_ip: {get_param: {{network.name}}InterfaceDefaultRoute_{{subnet}}}
host_routes: {get_param: {{network.name}}Routes_{{subnet}}}
segment: {get_resource: {{network.name}}Segment_{{subnet}}}
ip_version: {if: [is_ipv6, 6, 4]}
{%- if ":" in network.ip_subnet or network.ipv6 or ipv6_override %}
ipv6_address_mode: {get_param: IPv6AddressMode}
ipv6_ra_mode: {get_param: IPv6RAMode}
{%- else %}
enable_dhcp: {get_param: {{network.name}}NetEnableDHCP}
{%- endif %}
{% endfor %}
outputs:
OS::stack_id:
description: {{network.name_lower}} network
value: {get_resource: {{network.name}}Network}
ip_version:
description: IP version of {{network.name}} network.
value: {if: [is_ipv6, 6, 4]}
network_cidrs:
description: List of {{network.name}} network's subnets in CIDR notation.
value:

@ -32,3 +32,9 @@ outputs:
ctlplane_cidrs: {get_param: CtlplaneNetworkCidrs}
expression: switch(not isList($.data.network_cidrs) => $.data.ctlplane_cidrs, $.data.network_cidrs => $.data.network_cidrs)
{%- endfor %}
net_ip_version_map:
value:
{%- for network in networks if network.enabled|default(true) %}
{%- set network_name = network.compat_name|default(network.name) %}
{{network.name_lower}}: {get_attr: [{{network_name}}Network, ip_version]}
{%- endfor %}

@ -470,6 +470,18 @@ resources:
- keys:
ctlplane: {get_param: NeutronControlPlaneID}
NetIpVersionMapValue:
type: OS::Heat::Value
properties:
type: json
value:
map_replace:
- map_merge:
- {get_attr: [Networks, net_ip_version_map]}
- ctlplane: {get_attr: [ControlVirtualIP, subnets, 0, ip_version]}
- keys:
ctlplane: {get_param: NeutronControlPlaneID}
ServiceNetMap:
type: OS::TripleO::ServiceNetMap
@ -549,6 +561,7 @@ resources:
ServiceData:
net_cidr_map: {get_attr: [NetCidrMapValue, value]}
net_vip_map: {get_attr: [VipMap, net_ip_map]}
net_ip_version_map: {get_attr: [NetIpVersionMapValue, value]}
EndpointMap: {get_attr: [EndpointMapData, value]}
DefaultPasswords: {get_attr: [DefaultPasswords, passwords]}
RoleName: {{role.name}}

@ -0,0 +1,7 @@
---
deprecations:
- |
The following parameters has been deprecated and are no longer used:
´´CephIPv6``, ``CorosyncIPv6``, ``RabbitIPv6``, ``MemcachedIPv6``,
``MysqlIPv6``, ``RedisIPv6`` and ``NeutronOverlayIPVersion``. The IP version
is now detected by looking at the CIDR of network subnets instead.

@ -1019,6 +1019,9 @@ def validate_service_hiera_interpol(f, tpl):
if ('tripleo::profile::base::designate::rndc_allowed_addresses' in
path):
continue
# Omit Neutron ml2 overlay_ip_version
if 'neutron::plugins::ml2::overlay_ip_version' in path:
continue
# Omit if not a part of {get_param: [ServiceNetMap ...
if not enter_lists and path[-1] != 'get_param':

Loading…
Cancel
Save