Deprecate service ipv6 params

Detect the IP version used instead of relying on the
user specifying the IP version for services.

The IP version is stored in a net_ip_version_map which
is passed to all services in ServiceData.

Deprecates the following parameters:
 CephIPv6, CorosyncIPv6, RabbitIPv6, MemcachedIPv6,
 MysqlIPv6, RedisIPv6 and NeutronOverlayIPVersion.

Change-Id: Iebfd8ef686381be2f45d0d4c45dfd6bf654d1ac6
This commit is contained in:
Harald Jensås 2020-04-28 00:21:04 +02:00
parent a44b659bcf
commit a03f33a7d4
19 changed files with 176 additions and 68 deletions

View File

@ -27,9 +27,5 @@ resource_registry:
OS::TripleO::Controller::Ports::TenantPort: /usr/share/openstack-tripleo-heat-templates/network/ports/tenant.yaml
OS::TripleO::Compute::Ports::TenantPort: /usr/share/openstack-tripleo-heat-templates/network/ports/tenant.yaml
parameter_defaults:
CephIPv6: True
CorosyncIPv6: True
RabbitIPv6: True
MemcachedIPv6: True
ManilaIPv6: True

View File

@ -27,8 +27,4 @@ resource_registry:
OS::TripleO::Controller::Ports::TenantPort: ../../../../network/ports/tenant.yaml
OS::TripleO::Compute::Ports::TenantPort: ../../../../network/ports/tenant.yaml
parameter_defaults:
CephIPv6: True
CorosyncIPv6: True
RabbitIPv6: True
MemcachedIPv6: True
ManilaIPv6: True

View File

@ -331,6 +331,7 @@ parameter_groups:
- LocalCephAnsibleFetchDirectoryBackup
- SwiftFetchDirGetTempurl
- SwiftFetchDirPutTempurl
- CephIPv6
conditions:
deprecated_data_pool_pgnum: {not: {equals: [{get_param: ManilaCephFSDataPoolPGNum}, 128]}}
@ -367,6 +368,10 @@ conditions:
expression: let(location => $.data.rightSplit(':', 1)[0]) -> regex('(?:https?://)?(.*?)/(.*)').split($location)[1]
data: {get_param: ContainerCephDaemonImage}
expression: let(c => $.data.cred) -> $c.get($.data.ns, {}).values().last(default => "").isEmpty()
is_ipv6:
equals:
- {get_param: [ServiceData, net_ip_version_map, {get_param: [ServiceNetMap, CephMonNetwork]}]}
- 6
resources:
ContainerImageUrlParts:
@ -536,7 +541,7 @@ resources:
- get_param: [ServiceData, net_cidr_map, {get_param: [ServiceNetMap, CephClusterNetwork]}]
ip_version:
if:
- {get_param: CephIPv6}
- is_ipv6
- ipv6
- ipv4
dashboard_enabled: {get_param: CephEnableDashboard}

View File

@ -63,10 +63,23 @@ parameters:
description: Enable IPv6 in MySQL
type: boolean
parameter_groups:
- label: deprecated
description: |
The following parameters are deprecated and will be removed. They should not
be relied on for new deployments. If you have concerns regarding deprecated
parameters, please contact the TripleO development team on IRC or the
OpenStack mailing list.
parameters:
- MysqlIPv6
conditions:
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
is_ipv6:
equals:
- {get_param: [ServiceData, net_ip_version_map, {get_param: [ServiceNetMap, MysqlNetwork]}]}
- 6
outputs:
role_data:
@ -83,7 +96,7 @@ outputs:
# in tripleo-puppet-elements.
mysql::server::package_name: 'mariadb-galera-server'
mysql::server::manage_config_file: true
mysql_ipv6: {get_param: MysqlIPv6}
mysql_ipv6: {if: [is_ipv6, true, false]}
mysql_max_connections: {get_param: MysqlMaxConnections}
mysql::server::root_password:
yaql:

View File

@ -46,9 +46,22 @@ parameters:
description: Enable IPv6 in Redis
type: boolean
parameter_groups:
- label: deprecated
description: |
The following parameters are deprecated and will be removed. They should not
be relied on for new deployments. If you have concerns regarding deprecated
parameters, please contact the TripleO development team on IRC or the
OpenStack mailing list.
parameters:
- RedisIPv6
conditions:
use_tls_proxy: {equals : [{get_param: EnableInternalTLS}, true]}
redis_ipv6: {get_param: RedisIPv6}
is_ipv6:
equals:
- {get_param: [ServiceData, net_ip_version_map, {get_param: [ServiceNetMap, RedisNetwork]}]}
- 6
outputs:
role_data:
@ -59,7 +72,7 @@ outputs:
redis::requirepass: {get_param: RedisPassword}
redis::masterauth: {get_param: RedisPassword}
redis::sentinel_auth_pass: {get_param: RedisPassword}
redis_ipv6: {get_param: RedisIPv6}
redis_ipv6: {if: [is_ipv6, true, false]}
# NOTE: bind IP is found in hiera replacing the network name with the local node IP
# for the given network; replacement examples (eg. for internal_api):
# internal_api -> IP
@ -71,7 +84,7 @@ outputs:
if:
- use_tls_proxy
- if:
- redis_ipv6
- is_ipv6
- '::1'
- '127.0.0.1'
- str_replace:
@ -87,7 +100,7 @@ outputs:
if:
- use_tls_proxy
- if:
- redis_ipv6
- is_ipv6
- '::1'
- '127.0.0.1'
- str_replace:

View File

@ -68,12 +68,25 @@ parameters:
Setting this to a unique value will re-run any deployment tasks which
perform configuration on a Heat stack-update.
parameter_groups:
- label: deprecated
description: |
The following parameters are deprecated and will be removed. They should not
be relied on for new deployments. If you have concerns regarding deprecated
parameters, please contact the TripleO development team on IRC or the
OpenStack mailing list.
parameters:
- RedisIPv6
conditions:
puppet_debug_enabled: {get_param: ConfigDebug}
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
redis_ipv6: {get_param: RedisIPv6}
docker_enabled: {equals: [{get_param: ContainerCli}, 'docker']}
common_tag_enabled: {equals: [{get_param: ClusterCommonTag}, true]}
is_ipv6:
equals:
- {get_param: [ServiceData, net_ip_version_map, {get_param: [ServiceNetMap, RedisNetwork]}]}
- 6
resources:
@ -154,7 +167,7 @@ outputs:
tripleo::profile::pacemaker::database::redis_bundle::tls_tunnel_base_port: 6660
tripleo::profile::pacemaker::database::redis_bundle::tls_tunnel_local_name:
if:
- redis_ipv6
- is_ipv6
- '::1'
- '127.0.0.1'
- {}

View File

@ -129,11 +129,25 @@ parameters:
containing Keystone domain name and a human-readable description of
the domain respectively.
parameter_groups:
- label: deprecated
description: |
The following parameters are deprecated and will be removed. They should not
be relied on for new deployments. If you have concerns regarding deprecated
parameters, please contact the TripleO development team on IRC or the
OpenStack mailing list.
parameters:
- MemcachedIPv6
conditions:
debug_unset: {equals : [{get_param: Debug}, '']}
websso_enabled: {equals : [{get_param: WebSSOEnable}, True]}
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
horizon_domain_choices_set: {not: {equals: [{get_param: HorizonDomainChoices}, []]}}
is_ipv6:
equals:
- {get_param: [ServiceData, net_ip_version_map, {get_param: [ServiceNetMap, HorizonNetwork]}]}
- 6
resources:
@ -178,7 +192,7 @@ outputs:
- {get_param: HorizonSecret}
- {get_param: [DefaultPasswords, horizon_secret]}
horizon::secure_cookies: {get_param: [HorizonSecureCookies]}
memcached_ipv6: {get_param: MemcachedIPv6}
memcached_ipv6: {if: [is_ipv6, true, false]}
horizon::servername:
str_replace:
template:

View File

@ -104,6 +104,16 @@ parameters:
type: comma_delimited_list
default: ""
parameter_groups:
- label: deprecated
description: |
The following parameters are deprecated and will be removed. They should not
be relied on for new deployments. If you have concerns regarding deprecated
parameters, please contact the TripleO development team on IRC or the
OpenStack mailing list.
parameters:
- NeutronOverlayIPVersion
conditions:
physical_network_mtus_set: {not: {equals: [{get_param: NeutronML2PhysicalNetworkMtus}, []]}}
@ -136,9 +146,13 @@ outputs:
neutron::plugins::ml2::vni_ranges: {get_param: NeutronVniRanges}
neutron::plugins::ml2::tenant_network_types: {get_param: NeutronNetworkType}
neutron::plugins::ml2::firewall_driver: {get_param: NeutronFirewallDriver}
neutron::plugins::ml2::overlay_ip_version: {get_param: NeutronOverlayIPVersion}
neutron::plugins::ml2::ovs_driver::vnic_type_blacklist: {get_param: NeutronOvsVnicTypeBlacklist}
neutron::plugins::ml2::sriov_driver::vnic_type_blacklist: {get_param: NeutronSriovVnicTypeBlacklist}
neutron::plugins::ml2::overlay_ip_version:
get_param:
- ServiceData
- net_ip_version_map
- {get_param: [ServiceNetMap, NeutronTenantNetwork]}
- if:
- physical_network_mtus_set
- neutron::plugins::ml2::physical_network_mtus: {get_param: NeutronML2PhysicalNetworkMtus}

View File

@ -102,13 +102,23 @@ parameters:
default: {}
type: json
parameter_groups:
- label: deprecated
description: |
The following parameters are deprecated and will be removed. They should not
be relied on for new deployments. If you have concerns regarding deprecated
parameters, please contact the TripleO development team on IRC or the
OpenStack mailing list.
parameters:
- MysqlIPv6
conditions:
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
mysql_ipv6_use_ip_address:
and:
- {equals: [{get_param: MysqlIPv6}, true]}
- {equals: [{get_param: [ServiceData, net_ip_version_map, {get_param: [ServiceNetMap, MysqlNetwork]}]}, 6]}
- {equals: [{get_param: EnableInternalTLS}, false]}
nova_workers_zero: {equals : [{get_param: NovaWorkers}, 0]}

View File

@ -119,10 +119,24 @@ parameters:
constraints:
- allowed_pattern: "([1-9][0-9]*s)?"
parameter_groups:
- label: deprecated
description: |
The following parameters are deprecated and will be removed. They should not
be relied on for new deployments. If you have concerns regarding deprecated
parameters, please contact the TripleO development team on IRC or the
OpenStack mailing list.
parameters:
- CorosyncIPv6
conditions:
pcmk_tls_priorities_empty: {equals: [{get_param: PacemakerTLSPriorities}, '']}
pcmk_bundle_op_timeout_empty: {equals: [{get_param: PacemakerBundleOperationTimeout}, '']}
podman_enabled: {equals: [{get_param: ContainerCli}, 'podman']}
is_ipv6:
equals:
- {get_param: [ServiceData, net_ip_version_map, {get_param: [ServiceNetMap, PacemakerNetwork]}]}
- 6
outputs:
role_data:
@ -151,7 +165,7 @@ outputs:
pacemaker::resource::bundle::deep_compare: true
pacemaker::resource::ip::deep_compare: true
pacemaker::resource::ocf::deep_compare: true
corosync_ipv6: {get_param: CorosyncIPv6}
corosync_ipv6: {if: [is_ipv6, true, false]}
tripleo::fencing::config: {get_param: FencingConfig}
tripleo::fencing::deep_compare: true
enable_fencing: {get_param: EnableFencing}

View File

@ -90,9 +90,23 @@ parameters:
Setting this to a unique value will re-run any deployment tasks which
perform configuration on a Heat stack-update.
parameter_groups:
- label: deprecated
description: |
The following parameters are deprecated and will be removed. They should not
be relied on for new deployments. If you have concerns regarding deprecated
parameters, please contact the TripleO development team on IRC or the
OpenStack mailing list.
parameters:
- RabbitIPv6
conditions:
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
is_ipv6:
equals:
- {get_param: [ServiceData, net_ip_version_map, {get_param: [ServiceNetMap, RabbitmqNetwork]}]}
- 6
resources:
@ -119,7 +133,7 @@ outputs:
rabbitmq::file_limit: {get_param: RabbitFDLimit}
rabbitmq::default_user: {get_param: RabbitUserName}
rabbitmq::default_pass: {get_param: RabbitPassword}
rabbit_ipv6: {get_param: RabbitIPv6}
rabbit_ipv6: {if: [is_ipv6, true, false]}
rabbitmq::delete_guest_user: false
rabbitmq::wipe_db_on_cookie_change: true
rabbitmq::port: 5672

View File

@ -58,5 +58,3 @@ parameter_defaults:
# Customize bonding options, e.g. "mode=4 lacp_rate=1 updelay=1000 miimon=100"
# for Linux bonds w/LACP, or "bond_mode=active-backup" for OVS active/backup.
BondInterfaceOvsOptions: "bond_mode=active-backup"
# Specify Tunnel endpoints to be IPv6
NeutronOverlayIPVersion: 6

View File

@ -48,21 +48,5 @@ resource_registry:
parameter_defaults:
# Enable IPv6 for Ceph.
CephIPv6: True
# Enable IPv6 for Corosync. This is required when Corosync is using an IPv6 IP in the cluster.
CorosyncIPv6: True
# Enable IPv6 for MongoDB. This is required when MongoDB is using an IPv6 IP.
MongoDbIPv6: True
# Enable IPv6 environment for RabbitMQ.
RabbitIPv6: True
# Enable IPv6 environment for Memcached.
MemcachedIPv6: True
# Enable IPv6 environment for MySQL.
MysqlIPv6: True
# Enable IPv6 environment for Manila
ManilaIPv6: True
# Enable IPv6 environment for Redis.
RedisIPv6: True
# Specify Tunnel endpoints to be IPv6
NeutronOverlayIPVersion: 6

View File

@ -55,17 +55,5 @@ resource_registry:
parameter_defaults:
# Enable IPv6 for Ceph.
CephIPv6: True
# Enable IPv6 for Corosync. This is required when Corosync is using an IPv6 IP in the cluster.
CorosyncIPv6: True
# Enable IPv6 environment for RabbitMQ.
RabbitIPv6: True
# Enable IPv6 environment for Memcached.
MemcachedIPv6: True
# Enable IPv6 environment for MySQL.
MysqlIPv6: True
# Enable IPv6 environment for Manila
ManilaIPv6: True
# Enable IPv6 environment for Redis.
RedisIPv6: True

View File

@ -17,12 +17,10 @@ parameters:
default: {'provider:physical_network': '{{network.name_lower}}', 'provider:network_type': 'flat'}
description: Value specs for the {{network.name_lower}} network.
type: json
{%- if not ":" in network.ip_subnet and not network.ipv6 and not ipv6_override %}
{{network.name}}NetEnableDHCP:
default: false
description: Whether to enable DHCP on the associated subnet (IPv4 only).
description: Whether to enable DHCP on the associated subnet.
type: boolean
{%- endif %}
{{network.name}}NetAdminStateUp:
default: false
description: The admin state of the network.
@ -146,6 +144,10 @@ parameters:
conditions:
manage_networks: {get_param: ManageNetworks}
is_ipv6:
yaql:
expression: '":" in $.data'
data: {get_param: {{network.name}}NetCidr}
resources:
{{network.name}}Network:
@ -176,13 +178,6 @@ resources:
external_id: {{ network.external_resource_subnet_id }}
{%- endif %}
properties:
{%- if ":" in network.ip_subnet or network.ipv6 or ipv6_override %}
ip_version: 6
ipv6_address_mode: {get_param: IPv6AddressMode}
ipv6_ra_mode: {get_param: IPv6RAMode}
{%- else %}
enable_dhcp: {get_param: {{network.name}}NetEnableDHCP}
{%- endif %}
cidr: {get_param: {{network.name}}NetCidr}
name: {get_param: {{network.name}}SubnetName}
network: {get_resource: {{network.name}}Network}
@ -191,6 +186,14 @@ resources:
host_routes: {get_param: {{network.name}}Routes}
# All networks have an implicit network segment when created, map this subnet to that segment.
segment: {get_attr: [{{network.name}}Network, segments, 0, id]}
ip_version: {if: [is_ipv6, 6, 4]}
{%- if ":" in network.ip_subnet or network.ipv6 or ipv6_override %}
ipv6_address_mode: {get_param: IPv6AddressMode}
ipv6_ra_mode: {get_param: IPv6RAMode}
{%- else %}
enable_dhcp: {get_param: {{network.name}}NetEnableDHCP}
{%- endif %}
{% for subnet in network.subnets|default({}) if network.subnets[subnet].enabled|default(true) %}
{{network.name}}Segment_{{subnet}}:
@ -217,13 +220,6 @@ resources:
external_id: {{ network.subnets[subnet].external_resource_subnet_id }}
{%- endif %}
properties:
{%- if ":" in network.ip_subnet or network.ipv6 or ipv6_override %}
ip_version: 6
ipv6_address_mode: {get_param: IPv6AddressMode}
ipv6_ra_mode: {get_param: IPv6RAMode}
{%- else %}
enable_dhcp: {get_param: {{network.name}}NetEnableDHCP}
{%- endif %}
cidr: {get_param: {{network.name}}SubnetCidr_{{subnet}}}
name: {{subnet}}
network: {get_resource: {{network.name}}Network}
@ -231,12 +227,23 @@ resources:
gateway_ip: {get_param: {{network.name}}InterfaceDefaultRoute_{{subnet}}}
host_routes: {get_param: {{network.name}}Routes_{{subnet}}}
segment: {get_resource: {{network.name}}Segment_{{subnet}}}
ip_version: {if: [is_ipv6, 6, 4]}
{%- if ":" in network.ip_subnet or network.ipv6 or ipv6_override %}
ipv6_address_mode: {get_param: IPv6AddressMode}
ipv6_ra_mode: {get_param: IPv6RAMode}
{%- else %}
enable_dhcp: {get_param: {{network.name}}NetEnableDHCP}
{%- endif %}
{% endfor %}
outputs:
OS::stack_id:
description: {{network.name_lower}} network
value: {get_resource: {{network.name}}Network}
ip_version:
description: IP version of {{network.name}} network.
value: {if: [is_ipv6, 6, 4]}
network_cidrs:
description: List of {{network.name}} network's subnets in CIDR notation.
value:

View File

@ -32,3 +32,9 @@ outputs:
ctlplane_cidrs: {get_param: CtlplaneNetworkCidrs}
expression: switch(not isList($.data.network_cidrs) => $.data.ctlplane_cidrs, $.data.network_cidrs => $.data.network_cidrs)
{%- endfor %}
net_ip_version_map:
value:
{%- for network in networks if network.enabled|default(true) %}
{%- set network_name = network.compat_name|default(network.name) %}
{{network.name_lower}}: {get_attr: [{{network_name}}Network, ip_version]}
{%- endfor %}

View File

@ -470,6 +470,18 @@ resources:
- keys:
ctlplane: {get_param: NeutronControlPlaneID}
NetIpVersionMapValue:
type: OS::Heat::Value
properties:
type: json
value:
map_replace:
- map_merge:
- {get_attr: [Networks, net_ip_version_map]}
- ctlplane: {get_attr: [ControlVirtualIP, subnets, 0, ip_version]}
- keys:
ctlplane: {get_param: NeutronControlPlaneID}
ServiceNetMap:
type: OS::TripleO::ServiceNetMap
@ -549,6 +561,7 @@ resources:
ServiceData:
net_cidr_map: {get_attr: [NetCidrMapValue, value]}
net_vip_map: {get_attr: [VipMap, net_ip_map]}
net_ip_version_map: {get_attr: [NetIpVersionMapValue, value]}
EndpointMap: {get_attr: [EndpointMapData, value]}
DefaultPasswords: {get_attr: [DefaultPasswords, passwords]}
RoleName: {{role.name}}

View File

@ -0,0 +1,7 @@
---
deprecations:
- |
The following parameters has been deprecated and are no longer used:
´´CephIPv6``, ``CorosyncIPv6``, ``RabbitIPv6``, ``MemcachedIPv6``,
``MysqlIPv6``, ``RedisIPv6`` and ``NeutronOverlayIPVersion``. The IP version
is now detected by looking at the CIDR of network subnets instead.

View File

@ -1019,6 +1019,9 @@ def validate_service_hiera_interpol(f, tpl):
if ('tripleo::profile::base::designate::rndc_allowed_addresses' in
path):
continue
# Omit Neutron ml2 overlay_ip_version
if 'neutron::plugins::ml2::overlay_ip_version' in path:
continue
# Omit if not a part of {get_param: [ServiceNetMap ...
if not enter_lists and path[-1] != 'get_param':