From c293dfc7b1f4aed4d2f92c7f9aa38c06fe0d9841 Mon Sep 17 00:00:00 2001 From: ramishra Date: Sat, 5 Jun 2021 09:42:03 +0530 Subject: [PATCH] Deploy standalone ironic and neutron in undercloud This makes the following changes: - Create cloud.yaml for undercloud with standalone services - Remove keystone and memcached from the undercloud Change-Id: I741123dcbf4544845b40e253d8b42d868317cc03 --- .../ironic-conductor-container-puppet.yaml | 8 ++- .../ironic-inspector-container-puppet.yaml | 1 + .../neutron/neutron-api-container-puppet.yaml | 6 +++ environments/undercloud.yaml | 11 ++-- extraconfig/post_deploy/undercloud_post.py | 54 +++++++++++++++++++ extraconfig/post_deploy/undercloud_post.sh | 1 + extraconfig/post_deploy/undercloud_post.yaml | 7 ++- 7 files changed, 79 insertions(+), 9 deletions(-) diff --git a/deployment/ironic/ironic-conductor-container-puppet.yaml b/deployment/ironic/ironic-conductor-container-puppet.yaml index fdf6d1672c..01bb240b4b 100644 --- a/deployment/ironic/ironic-conductor-container-puppet.yaml +++ b/deployment/ironic/ironic-conductor-container-puppet.yaml @@ -504,8 +504,6 @@ outputs: ironic::swift::user_domain_name: 'Default' ironic::swift::project_domain_name: 'Default' ironic::swift::region_name: {get_param: KeystoneRegion} - # ironic-inspector support is not implemented, but let's configure - # the credentials for consistency. ironic::drivers::inspector::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} ironic::drivers::inspector::username: 'ironic' ironic::drivers::inspector::password: {get_param: IronicPassword} @@ -537,6 +535,12 @@ outputs: - auth_strategy_noauth - 'none' - {get_param: IronicAuthStrategy} + ironic::drivers::inspector::auth_type: + if: + - auth_strategy_noauth + - none + - {get_param: IronicAuthStrategy} + ironic::drivers::inspector::endpoint_override: {get_param: [EndpointMap, IronicInspectorInternal, uri_no_suffix]} ironic::service_catalog::endpoint_override: {get_param: [EndpointMap, IronicInternal, uri_no_suffix]} service_config_settings: {} # BEGIN DOCKER SETTINGS diff --git a/deployment/ironic/ironic-inspector-container-puppet.yaml b/deployment/ironic/ironic-inspector-container-puppet.yaml index 8b2b9cb19d..632985bd81 100644 --- a/deployment/ironic/ironic-inspector-container-puppet.yaml +++ b/deployment/ironic/ironic-inspector-container-puppet.yaml @@ -569,6 +569,7 @@ outputs: template: | admin:{{'$ADMIN_PASSWORD' | password_hash('bcrypt')}} ironic-inspector:{{'$IRONIC_PASSWORD' | password_hash('bcrypt')}} + ironic:{{'$IRONIC_PASSWORD' | password_hash('bcrypt')}} params: $ADMIN_PASSWORD: {get_param: AdminPassword} $IRONIC_PASSWORD: {get_param: IronicPassword} diff --git a/deployment/neutron/neutron-api-container-puppet.yaml b/deployment/neutron/neutron-api-container-puppet.yaml index c1dbfa1386..f1d6b281a1 100644 --- a/deployment/neutron/neutron-api-container-puppet.yaml +++ b/deployment/neutron/neutron-api-container-puppet.yaml @@ -205,6 +205,10 @@ parameters: description: | Seconds to regard the agent as down; should be at least twice NeutronGlobalReportInterval, to be sure the agent is down for good. + IronicPassword: + description: The password for the Ironic service and db account, used by the Ironic services + type: string + hidden: true parameter_groups: - label: deprecated @@ -574,9 +578,11 @@ outputs: template: | admin:{{'$ADMIN_PASSWORD' | password_hash('bcrypt')}} neutron:{{'$NEUTRON_PASSWORD' | password_hash('bcrypt')}} + ironic:{{'$IRONIC_PASSWORD' | password_hash('bcrypt')}} params: $ADMIN_PASSWORD: {get_param: AdminPassword} $NEUTRON_PASSWORD: {get_param: NeutronPassword} + $IRONIC_PASSWORD: {get_param: IronicPassword} when: is_http_basic | bool metadata_settings: list_concat: diff --git a/environments/undercloud.yaml b/environments/undercloud.yaml index 2d8135789e..a44a53e7db 100644 --- a/environments/undercloud.yaml +++ b/environments/undercloud.yaml @@ -15,9 +15,11 @@ resource_registry: OS::TripleO::Services::NeutronMl2PluginBase: ../deployment/neutron/neutron-plugin-ml2.yaml OS::TripleO::Services::OpenStackClients: ../deployment/clients/openstack-clients-baremetal-ansible.yaml - OS::TripleO::Services::HeatEphemeral: ../deployment/heat/heat-ephemeral-container-ansible.yaml + # Disable keystone by default + OS::TripleO::Services::Keystone: OS::Heat::None + OS::TripleO::Services::Memcached: OS::Heat::None # services we disable by default on the undercloud OS::TripleO::Services::AodhApi: OS::Heat::None OS::TripleO::Services::AodhEvaluator: OS::Heat::None @@ -74,11 +76,6 @@ parameter_defaults: # ensure we enable ip_forward before docker gets run KernelIpForward: 1 KernelIpNonLocalBind: 1 - KeystoneCorsAllowedOrigin: '*' - KeystoneEnableMember: true - # Increase the Token expiration time until we fix the actual session bug: - # https://bugs.launchpad.net/tripleo/+bug/1761050 - TokenExpiration: 14400 EnablePackageInstall: true StackAction: CREATE NetworkDeploymentActions: ['CREATE','UPDATE'] @@ -182,3 +179,5 @@ parameter_defaults: SshFirewallAllowAll: true NetworkSafeDefaults: false IronicRpcTransport: 'json-rpc' + IronicAuthStrategy: http_basic + NeutronAuthStrategy: http_basic diff --git a/extraconfig/post_deploy/undercloud_post.py b/extraconfig/post_deploy/undercloud_post.py index 4c0769116f..c244eb52f3 100755 --- a/extraconfig/post_deploy/undercloud_post.py +++ b/extraconfig/post_deploy/undercloud_post.py @@ -14,7 +14,10 @@ import json import openstack import os +from pathlib import Path +import shutil import subprocess +import yaml CONF = json.loads(os.environ['config']) @@ -77,6 +80,52 @@ def _configure_nova(sdk): print('INFO: Undercloud Post - Nova configuration completed successfully.') +def create_update_clouds_yaml(): + """Disable nova quotas""" + clouds_yaml_dir = '/etc/openstack' + clouds_yaml = os.path.join(clouds_yaml_dir, 'clouds.yaml') + cloud_name = CONF.get('cloud_name', 'undercloud') + Path(clouds_yaml_dir).mkdir(parents=True, exist_ok=True) + + usr_clouds_yaml_dir = os.path.join(CONF['home_dir'], '.config/openstack') + usr_clouds_yaml = os.path.join(usr_clouds_yaml_dir, 'clouds.yaml') + Path(usr_clouds_yaml_dir).mkdir(parents=True, exist_ok=True) + + data = {} + if os.path.exists(clouds_yaml): + with open(clouds_yaml, 'r') as fs: + data = yaml.safe_load(fs) + + if 'clouds' not in data: + data['clouds'] = {} + + data['clouds'][cloud_name] = {} + config = {} + config['auth_type'] = 'http_basic' + config['auth'] = {} + config['auth']['username'] = 'admin' + config['auth']['password'] = CONF.get('admin_password', 'admin') + config['baremetal_endpoint_override'] = CONF.get( + 'endpoints', {}).get('baremetal', 'https://192.168.24.2:13385/') + config['network_endpoint_override'] = CONF.get( + 'endpoints', {}).get('network', 'https://192.168.24.2:13696/') + config['baremetal_introspection_endpoint_override'] = CONF.get( + 'endpoints', {}).get( + 'baremetal_introspection', 'https://192.168.24.2:13696/') + config['baremetal_api_version'] = '1' + config['network_api_version'] = '2' + + data['clouds'][cloud_name] = config + with open(clouds_yaml, 'w') as fs: + fs.write(yaml.dump(data, default_flow_style=False)) + + shutil.copyfile(clouds_yaml, usr_clouds_yaml) + + stat_info = os.stat(CONF['home_dir']) + os.chown(usr_clouds_yaml_dir, stat_info.st_uid, stat_info.st_gid) + os.chown(usr_clouds_yaml, stat_info.st_uid, stat_info.st_gid) + + def _create_default_keypair(sdk): """Set up a default keypair.""" ssh_dir = os.path.join(CONF['home_dir'], '.ssh') @@ -88,6 +137,11 @@ def _create_default_keypair(sdk): public_key=pub_key_file.read()) +keystone_enabled = 'true' in _run_command( + ['hiera', 'keystone_enabled']).lower() +if not keystone_enabled: + create_update_clouds_yaml() + nova_api_enabled = 'true' in _run_command( ['hiera', 'nova_api_enabled']).lower() diff --git a/extraconfig/post_deploy/undercloud_post.sh b/extraconfig/post_deploy/undercloud_post.sh index 2fd7a9d020..b588014fbb 100755 --- a/extraconfig/post_deploy/undercloud_post.sh +++ b/extraconfig/post_deploy/undercloud_post.sh @@ -3,6 +3,7 @@ set -eux HOMEDIR="$homedir" CLOUD_NAME="$cloud_name" + USERNAME=`ls -ld $HOMEDIR | awk {'print $3'}` GROUPNAME=`ls -ld $HOMEDIR | awk {'print $4'}` diff --git a/extraconfig/post_deploy/undercloud_post.yaml b/extraconfig/post_deploy/undercloud_post.yaml index ba89d08ae0..30c12ed378 100644 --- a/extraconfig/post_deploy/undercloud_post.yaml +++ b/extraconfig/post_deploy/undercloud_post.yaml @@ -159,6 +159,11 @@ resources: JSON: cloud_name: {get_param: UndercloudCloudName} home_dir: {get_param: UndercloudHomeDir} + admin_password: {get_param: AdminPassword} + endpoints: + baremetal: {get_param: [EndpointMap, IronicPublic, uri_no_suffix]} + network: {get_param: [EndpointMap, NeutronPublic, uri_no_suffix]} + baremetal_introspection: {get_param: [EndpointMap, IronicInspectorPublic, uri_no_suffix]} UndercloudCtlplaneNetworkConfig: type: OS::Heat::SoftwareConfig @@ -170,7 +175,7 @@ resources: UndercloudCtlplaneNetworkDeployment: type: OS::Heat::SoftwareDeploymentGroup - depends_on: UndercloudPostDeployment + depends_on: UndercloudPostPyDeployment properties: name: UndercloudCtlplaneNetworkDeployment servers: {get_param: servers}