openstack/tripleo-heat-templates
Code Issues Proposed changes

Fix support for json-rpc in ironic

Browse Source 
This fixes support for IronicRpcTransport and enables json-rpc
for undercloud ironic.

Depends-On: https://review.opendev.org/c/openstack/puppet-tripleo/+/802858
Change-Id: I9b7edee92a3aeadd093ff997d23d085d73a04960
This commit is contained in:
ramishra 2021-07-29 09:27:08 +05:30
parent 5168050703
commit bd20c59589
12 changed files with 108 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
deployment/ironic/ironic-api-container-puppet.yaml
View File

@ -79,12 +79,25 @@ parameters:
type: string
description: The password for the keystone admin account, used for monitoring, querying neutron etc.
hidden: True
IronicRpcTransport:
description: The remote procedure call transport between conductor and
API processes, such as a messaging broker or JSON RPC.
default: 'oslo'
type: string
constraints:
- allowed_values: ['oslo', 'json-rpc']
conditions:
cors_allowed_origin_set:
not: {equals : [{get_param: IronicCorsAllowedOrigin}, '']}
auth_strategy_non_default:
contains: [{get_param: IronicAuthStrategy}, ['noauth', 'http_basic']]
auth_strategy_noauth:
equals: [{get_param: IronicAuthStrategy}, 'noauth']
auth_strategy_http_basic:
equals: [{get_param: IronicAuthStrategy}, 'http_basic']
rpc_transport_json_rpc:
equals: [{get_param: IronicRpcTransport}, 'json-rpc']
resources:
ApacheServiceBase:
@ -150,9 +163,9 @@ outputs:
ironic::api::authtoken::user_domain_name: 'Default'
ironic::api::authtoken::project_domain_name: 'Default'
ironic::api::authtoken::username: 'ironic'
ironic::api::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
ironic::api::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
ironic::api::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
ironic::api::authtoken::region_name: {get_param: KeystoneRegion }
ironic::api::authtoken::region_name: {get_param: KeystoneRegion}
ironic::api::authtoken::interface: 'internal'
ironic::api::authtoken::memcache_use_advanced_pool: {get_param: MemcacheUseAdvancedPool}
# NOTE: bind IP is found in hiera replacing the network name with the
@ -196,7 +209,18 @@ outputs:
ironic::cors::allow_methods: 'GET,POST,PUT,DELETE,OPTIONS,PATCH'
ironic::cors::allow_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma,X-Auth-Token'
ironic::cors::expose_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma'
- apache::default_vhost: false
apache::default_vhost: false
- if:
- rpc_transport_json_rpc
- ironic::json_rpc::auth_type:
if:
- auth_strategy_non_default
- if:
- auth_strategy_noauth
- 'none'
- {get_param: IronicAuthStrategy}
ironic::json_rpc::password: {get_param: IronicPassword}
ironic::json_rpc::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
service_config_settings:
mysql:
ironic::db::mysql::password: {get_param: IronicPassword}

4
deployment/ironic/ironic-base-puppet.yaml
View File

@ -51,10 +51,10 @@ parameters:
IronicRpcTransport:
description: The remote procedure call transport between conductor and
API processes, such as a messaging broker or JSON RPC.
default: ''
default: 'oslo'
type: string
constraints:
- allowed_values: [ '', 'oslo', 'json-rpc']
- allowed_values: ['oslo', 'json-rpc']
IronicRpcResponseTimeout:
default: 60
description: Ironic's RPC response timeout, in seconds.

41
deployment/ironic/ironic-conductor-container-puppet.yaml
View File

@ -265,6 +265,13 @@ parameters:
default: keystone
constraints:
- allowed_values: ['keystone', 'noauth']
IronicRpcTransport:
description: The remote procedure call transport between conductor and
API processes, such as a messaging broker or JSON RPC.
default: 'oslo'
type: string
constraints:
- allowed_values: ['oslo', 'json-rpc']
parameter_groups:
- label: deprecated
@ -296,6 +303,12 @@ conditions:
equals: [{get_param: IronicAuthStrategy}, 'noauth']
neutron_noauth:
equals: [{get_param: NeutronAuthStrategy}, 'noauth']
rpc_transport_json_rpc:
{equals : [{get_param: IronicRpcTransport}, 'json-rpc']}
json_rpc_with_http_basic:
and:
- rpc_transport_json_rpc
- equals: [{get_param: IronicAuthStrategy}, 'http_basic']
resources:
RoleParametersValue:
@ -365,6 +378,15 @@ outputs:
ironic::conductor::power_state_change_timeout: 60
ironic::drivers::ipmi::command_retry_timeout: 120
ironic::drivers::ipmi::min_command_interval: 15
- if:
- rpc_transport_json_rpc
- ironic::json_rpc::auth_strategy: {get_param: IronicAuthStrategy}
ironic::api::authtoken::password: {get_param: IronicPassword}
ironic::api::authtoken::project_name: 'service'
ironic::api::authtoken::www_authenticate_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
ironic::api::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
ironic::api::authtoken::region_name: {get_param: KeystoneRegion}
ironic::api::authtoken::interface: 'internal'
- ironic::conductor::cleaning_disk_erase: {get_param: IronicCleaningDiskErase}
ironic::conductor::default_boot_option: {get_param: IronicDefaultBootOption}
ironic::conductor::automated_clean: {get_param: IronicAutomatedClean}
@ -607,6 +629,9 @@ outputs:
- /run:/run #shared?
- /var/lib/ironic:/var/lib/ironic:z
- /var/log/containers/ironic:/var/log/ironic:z
- if:
- json_rpc_with_http_basic
- - /etc/ironic_conductor_passwd:/etc/ironic/htpasswd-json-rpc:z
environment:
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
host_prep_tasks:
@ -630,6 +655,22 @@ outputs:
with_items:
- { 'path': /var/log/containers/ironic, 'setype': container_file_t, 'mode': '0750' }
- { 'path': /var/lib/ironic, 'setype': container_file_t, 'mode': 'g+s' }
- name: create password file for json_rpc
vars:
is_json_rpc_with_http_basic:
if:
- json_rpc_with_http_basic
- true
- false
copy:
dest: /etc/ironic_conductor_passwd
content:
str_replace:
template: |
ironic:{{'$IRONIC_PASSWORD' | password_hash('bcrypt')}}
params:
$IRONIC_PASSWORD: {get_param: IronicPassword}
when: is_json_rpc_with_http_basic | bool
- name: stat /httpboot
stat: path=/httpboot
register: stat_httpboot

22
environments/enable-designate.yaml
View File

@ -6,18 +6,11 @@
# *******************************************************************
# title: Enable Designate Service
# description: |
# EXPERIMENTAL: This service is not considered ready for production and
# should only be used for development and test purposes at this time.
#
# This environment enables the Designate services. One of the
# designate-config* environment files must also be included.
resource_registry:
OS::TripleO::Services::DesignateApi: ../deployment/designate/designate-api-container-puppet.yaml
OS::TripleO::Services::DesignateCentral: ../deployment/designate/designate-central-container-puppet.yaml
OS::TripleO::Services::DesignateMDNS: ../deployment/designate/designate-mdns-container-puppet.yaml
OS::TripleO::Services::DesignateProducer: ../deployment/designate/designate-producer-container-puppet.yaml
OS::TripleO::Services::DesignateWorker: ../deployment/designate/designate-worker-container-puppet.yaml
OS::TripleO::Services::DesignateBind: ../deployment/designate/designate-bind-container.yaml
OS::TripleO::Services::Redis: ../deployment/database/redis-container-puppet.yaml
OS::TripleO::Services::Unbound: ../deployment/unbound/unbound-container-ansible.yaml
parameter_defaults:
# If True, enable the internal Neutron DNS server that provides name
# resolution between VMs. This parameter has no effect if
@ -29,3 +22,12 @@ parameter_defaults:
# Type: comma_delimited_list
NeutronPluginExtensions: qos,port_security,dns
resource_registry:
OS::TripleO::Services::DesignateApi: ../deployment/designate/designate-api-container-puppet.yaml
OS::TripleO::Services::DesignateBind: ../deployment/designate/designate-bind-container.yaml
OS::TripleO::Services::DesignateCentral: ../deployment/designate/designate-central-container-puppet.yaml
OS::TripleO::Services::DesignateMDNS: ../deployment/designate/designate-mdns-container-puppet.yaml
OS::TripleO::Services::DesignateProducer: ../deployment/designate/designate-producer-container-puppet.yaml
OS::TripleO::Services::DesignateWorker: ../deployment/designate/designate-worker-container-puppet.yaml
OS::TripleO::Services::Redis: ../deployment/database/redis-container-puppet.yaml
OS::TripleO::Services::Unbound: ../deployment/unbound/unbound-container-ansible.yaml

6
environments/ssl/tls-endpoints-public-dns.yaml
View File

@ -8,9 +8,6 @@
# description: |
# Use this environment when deploying an SSL-enabled overcloud where the public
# endpoint is a DNS name.
parameter_merge_strategies:
EndpointMap: merge
parameter_defaults:
# Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry.
# Type: json
@ -43,3 +40,6 @@ parameter_defaults:
SwiftPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'}
ZaqarPublic: {protocol: 'https', port: '13888', host: 'CLOUDNAME'}
ZaqarWebSocketPublic: {protocol: 'wss', port: '3000', host: 'CLOUDNAME'}
parameter_merge_strategies:
EndpointMap: merge

8
environments/ssl/tls-endpoints-public-ip.yaml
View File

@ -8,18 +8,15 @@
# description: |
# Use this environment when deploying an SSL-enabled overcloud where the public
# endpoint is an IP address.
parameter_merge_strategies:
EndpointMap: merge
parameter_defaults:
# Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry.
# Type: json
EndpointMap:
AodhPublic: {protocol: 'https', port: '13042', host: 'IP_ADDRESS'}
BarbicanPublic: {protocol: 'https', port: '13311', host: 'IP_ADDRESS'}
CephRgwPublic: {protocol: 'https', port: '13808', host: 'IP_ADDRESS'}
CephDashboardInternal: {protocol: 'https', port: '8444', host: 'IP_ADDRESS'}
CephGrafanaInternal: {protocol: 'https', port: '3100', host: 'IP_ADDRESS'}
CephRgwPublic: {protocol: 'https', port: '13808', host: 'IP_ADDRESS'}
CinderPublic: {protocol: 'https', port: '13776', host: 'IP_ADDRESS'}
DesignatePublic: {protocol: 'https', port: '13001', host: 'IP_ADDRESS'}
DockerRegistryInternal: {protocol: 'https', port: '8787', host: 'IP_ADDRESS'}
@ -43,3 +40,6 @@ parameter_defaults:
SwiftPublic: {protocol: 'https', port: '13808', host: 'IP_ADDRESS'}
ZaqarPublic: {protocol: 'https', port: '13888', host: 'IP_ADDRESS'}
ZaqarWebSocketPublic: {protocol: 'wss', port: '3000', host: 'IP_ADDRESS'}
parameter_merge_strategies:
EndpointMap: merge

5
environments/ssl/tls-everywhere-endpoints-dns.yaml
View File

@ -8,9 +8,6 @@
# description: |
# Use this environment when deploying an overcloud where all the endpoints are
# DNS names and there's TLS in all endpoint types.
parameter_merge_strategies:
EndpointMap: merge
parameter_defaults:
# Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry.
# Type: json
@ -93,3 +90,5 @@ parameter_defaults:
ZaqarWebSocketInternal: {protocol: 'wss', port: '9000', host: 'CLOUDNAME'}
ZaqarWebSocketPublic: {protocol: 'wss', port: '3000', host: 'CLOUDNAME'}
parameter_merge_strategies:
EndpointMap: merge

2
environments/standalone/standalone-overcloud.yaml
View File

@ -64,12 +64,12 @@ resource_registry:
OS::TripleO::Services::CeilometerAgentNotification: OS::Heat::None
OS::TripleO::Services::ComputeCeilometerAgent: OS::Heat::None
OS::TripleO::Services::DesignateApi: OS::Heat::None
OS::TripleO::Services::DesignateBind: OS::Heat::None
OS::TripleO::Services::DesignateCentral: OS::Heat::None
OS::TripleO::Services::DesignateMDNS: OS::Heat::None
OS::TripleO::Services::DesignateProducer: OS::Heat::None
OS::TripleO::Services::DesignateSink: OS::Heat::None
OS::TripleO::Services::DesignateWorker: OS::Heat::None
OS::TripleO::Services::DesignateBind: OS::Heat::None
OS::TripleO::Services::GnocchiApi: OS::Heat::None
OS::TripleO::Services::GnocchiMetricd: OS::Heat::None
OS::TripleO::Services::GnocchiStatsd: OS::Heat::None

2
environments/standalone/standalone-tripleo.yaml
View File

@ -72,12 +72,12 @@ resource_registry:
OS::TripleO::Services::ComputeCeilometerAgent: OS::Heat::None
OS::TripleO::Services::ContainerImagePrepare: ../../deployment/container-image-prepare/container-image-prepare-baremetal-ansible.yaml
OS::TripleO::Services::DesignateApi: OS::Heat::None
OS::TripleO::Services::DesignateBind: OS::Heat::None
OS::TripleO::Services::DesignateCentral: OS::Heat::None
OS::TripleO::Services::DesignateMDNS: OS::Heat::None
OS::TripleO::Services::DesignateProducer: OS::Heat::None
OS::TripleO::Services::DesignateSink: OS::Heat::None
OS::TripleO::Services::DesignateWorker: OS::Heat::None
OS::TripleO::Services::DesignateBind: OS::Heat::None
OS::TripleO::Services::Docker: OS::Heat::None
OS::TripleO::Services::DockerRegistry: ../../deployment/image-serve/image-serve-baremetal-ansible.yaml
OS::TripleO::Services::GnocchiApi: OS::Heat::None

1
environments/undercloud.yaml
View File

@ -181,3 +181,4 @@ parameter_defaults:
connect_timeout: 60
SshFirewallAllowAll: true
NetworkSafeDefaults: false
IronicRpcTransport: 'json-rpc'

6
environments/undercloud/undercloud-minion.yaml
View File

@ -92,6 +92,10 @@ parameter_defaults:
# Type: string
IronicRescuingNetwork: ctlplane
# The remote procedure call transport between conductor and API processes, such as a messaging broker or JSON RPC.
# Type: string
IronicRpcTransport: json-rpc
# NTP servers list. Defaulted to a set of pool.ntp.org servers in order to have a sane default for Pacemaker deployments when not configuring this parameter by default.
# Type: comma_delimited_list
NtpServer: ['0.pool.ntp.org', '1.pool.ntp.org', '2.pool.ntp.org', '3.pool.ntp.org']
@ -148,12 +152,12 @@ resource_registry:
OS::TripleO::Services::ComputeNeutronOvsDpdk: OS::Heat::None
OS::TripleO::Services::ContainerImagePrepare: ../../deployment/container-image-prepare/container-image-prepare-baremetal-ansible.yaml
OS::TripleO::Services::DesignateApi: OS::Heat::None
OS::TripleO::Services::DesignateBind: OS::Heat::None
OS::TripleO::Services::DesignateCentral: OS::Heat::None
OS::TripleO::Services::DesignateMDNS: OS::Heat::None
OS::TripleO::Services::DesignateProducer: OS::Heat::None
OS::TripleO::Services::DesignateSink: OS::Heat::None
OS::TripleO::Services::DesignateWorker: OS::Heat::None
OS::TripleO::Services::DesignateBind: OS::Heat::None
OS::TripleO::Services::Docker: OS::Heat::None
OS::TripleO::Services::DockerRegistry: OS::Heat::None
OS::TripleO::Services::Etcd: OS::Heat::None

9
sample-env-generator/undercloud-minion.yaml
View File

@ -24,6 +24,7 @@ environments:
sample-env-generator/undercloud-minion.yaml:
parameters:
- UndercloudMinionNetworkConfigTemplate
- IronicRpcTransport
deployment/ironic/ironic-conductor-container-puppet.yaml:
parameters:
- IronicCleaningDiskErase
@ -75,6 +76,7 @@ environments:
IronicProvisioningNetwork: 'ctlplane'
IronicRescuingNetwork: 'ctlplane'
UndercloudMinionNetworkConfigTemplate: 'templates/undercloud.j2'
IronicRpcTransport: 'json-rpc'
resource_registry:
# this network config is assumed by the tripleo deploy command
OS::TripleO::Network::Ports::ControlPlaneVipPort: OS::Heat::None
@ -278,3 +280,10 @@ parameters:
description: UndercloudMinion NetworkConfigTemplate
type: string
default: ''
IronicRpcTransport:
description: The remote procedure call transport between conductor and
API processes, such as a messaging broker or JSON RPC.
default: 'oslo'
type: string
constraints:
- allowed_values: ['oslo', 'json-rpc']