Deploy standalone ironic and neutron in undercloud
This makes the following changes: - Create cloud.yaml for undercloud with standalone services - Remove keystone and memcached from the undercloud Change-Id: I741123dcbf4544845b40e253d8b42d868317cc03
This commit is contained in:
parent
6a8fb43edc
commit
c293dfc7b1
|
@ -504,8 +504,6 @@ outputs:
|
||||||
ironic::swift::user_domain_name: 'Default'
|
ironic::swift::user_domain_name: 'Default'
|
||||||
ironic::swift::project_domain_name: 'Default'
|
ironic::swift::project_domain_name: 'Default'
|
||||||
ironic::swift::region_name: {get_param: KeystoneRegion}
|
ironic::swift::region_name: {get_param: KeystoneRegion}
|
||||||
# ironic-inspector support is not implemented, but let's configure
|
|
||||||
# the credentials for consistency.
|
|
||||||
ironic::drivers::inspector::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
ironic::drivers::inspector::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
|
||||||
ironic::drivers::inspector::username: 'ironic'
|
ironic::drivers::inspector::username: 'ironic'
|
||||||
ironic::drivers::inspector::password: {get_param: IronicPassword}
|
ironic::drivers::inspector::password: {get_param: IronicPassword}
|
||||||
|
@ -537,6 +535,12 @@ outputs:
|
||||||
- auth_strategy_noauth
|
- auth_strategy_noauth
|
||||||
- 'none'
|
- 'none'
|
||||||
- {get_param: IronicAuthStrategy}
|
- {get_param: IronicAuthStrategy}
|
||||||
|
ironic::drivers::inspector::auth_type:
|
||||||
|
if:
|
||||||
|
- auth_strategy_noauth
|
||||||
|
- none
|
||||||
|
- {get_param: IronicAuthStrategy}
|
||||||
|
ironic::drivers::inspector::endpoint_override: {get_param: [EndpointMap, IronicInspectorInternal, uri_no_suffix]}
|
||||||
ironic::service_catalog::endpoint_override: {get_param: [EndpointMap, IronicInternal, uri_no_suffix]}
|
ironic::service_catalog::endpoint_override: {get_param: [EndpointMap, IronicInternal, uri_no_suffix]}
|
||||||
service_config_settings: {}
|
service_config_settings: {}
|
||||||
# BEGIN DOCKER SETTINGS
|
# BEGIN DOCKER SETTINGS
|
||||||
|
|
|
@ -569,6 +569,7 @@ outputs:
|
||||||
template: |
|
template: |
|
||||||
admin:{{'$ADMIN_PASSWORD' | password_hash('bcrypt')}}
|
admin:{{'$ADMIN_PASSWORD' | password_hash('bcrypt')}}
|
||||||
ironic-inspector:{{'$IRONIC_PASSWORD' | password_hash('bcrypt')}}
|
ironic-inspector:{{'$IRONIC_PASSWORD' | password_hash('bcrypt')}}
|
||||||
|
ironic:{{'$IRONIC_PASSWORD' | password_hash('bcrypt')}}
|
||||||
params:
|
params:
|
||||||
$ADMIN_PASSWORD: {get_param: AdminPassword}
|
$ADMIN_PASSWORD: {get_param: AdminPassword}
|
||||||
$IRONIC_PASSWORD: {get_param: IronicPassword}
|
$IRONIC_PASSWORD: {get_param: IronicPassword}
|
||||||
|
|
|
@ -205,6 +205,10 @@ parameters:
|
||||||
description: |
|
description: |
|
||||||
Seconds to regard the agent as down; should be at least twice
|
Seconds to regard the agent as down; should be at least twice
|
||||||
NeutronGlobalReportInterval, to be sure the agent is down for good.
|
NeutronGlobalReportInterval, to be sure the agent is down for good.
|
||||||
|
IronicPassword:
|
||||||
|
description: The password for the Ironic service and db account, used by the Ironic services
|
||||||
|
type: string
|
||||||
|
hidden: true
|
||||||
|
|
||||||
parameter_groups:
|
parameter_groups:
|
||||||
- label: deprecated
|
- label: deprecated
|
||||||
|
@ -574,9 +578,11 @@ outputs:
|
||||||
template: |
|
template: |
|
||||||
admin:{{'$ADMIN_PASSWORD' | password_hash('bcrypt')}}
|
admin:{{'$ADMIN_PASSWORD' | password_hash('bcrypt')}}
|
||||||
neutron:{{'$NEUTRON_PASSWORD' | password_hash('bcrypt')}}
|
neutron:{{'$NEUTRON_PASSWORD' | password_hash('bcrypt')}}
|
||||||
|
ironic:{{'$IRONIC_PASSWORD' | password_hash('bcrypt')}}
|
||||||
params:
|
params:
|
||||||
$ADMIN_PASSWORD: {get_param: AdminPassword}
|
$ADMIN_PASSWORD: {get_param: AdminPassword}
|
||||||
$NEUTRON_PASSWORD: {get_param: NeutronPassword}
|
$NEUTRON_PASSWORD: {get_param: NeutronPassword}
|
||||||
|
$IRONIC_PASSWORD: {get_param: IronicPassword}
|
||||||
when: is_http_basic | bool
|
when: is_http_basic | bool
|
||||||
metadata_settings:
|
metadata_settings:
|
||||||
list_concat:
|
list_concat:
|
||||||
|
|
|
@ -15,9 +15,11 @@ resource_registry:
|
||||||
OS::TripleO::Services::NeutronMl2PluginBase: ../deployment/neutron/neutron-plugin-ml2.yaml
|
OS::TripleO::Services::NeutronMl2PluginBase: ../deployment/neutron/neutron-plugin-ml2.yaml
|
||||||
|
|
||||||
OS::TripleO::Services::OpenStackClients: ../deployment/clients/openstack-clients-baremetal-ansible.yaml
|
OS::TripleO::Services::OpenStackClients: ../deployment/clients/openstack-clients-baremetal-ansible.yaml
|
||||||
|
|
||||||
OS::TripleO::Services::HeatEphemeral: ../deployment/heat/heat-ephemeral-container-ansible.yaml
|
OS::TripleO::Services::HeatEphemeral: ../deployment/heat/heat-ephemeral-container-ansible.yaml
|
||||||
|
|
||||||
|
# Disable keystone by default
|
||||||
|
OS::TripleO::Services::Keystone: OS::Heat::None
|
||||||
|
OS::TripleO::Services::Memcached: OS::Heat::None
|
||||||
# services we disable by default on the undercloud
|
# services we disable by default on the undercloud
|
||||||
OS::TripleO::Services::AodhApi: OS::Heat::None
|
OS::TripleO::Services::AodhApi: OS::Heat::None
|
||||||
OS::TripleO::Services::AodhEvaluator: OS::Heat::None
|
OS::TripleO::Services::AodhEvaluator: OS::Heat::None
|
||||||
|
@ -74,11 +76,6 @@ parameter_defaults:
|
||||||
# ensure we enable ip_forward before docker gets run
|
# ensure we enable ip_forward before docker gets run
|
||||||
KernelIpForward: 1
|
KernelIpForward: 1
|
||||||
KernelIpNonLocalBind: 1
|
KernelIpNonLocalBind: 1
|
||||||
KeystoneCorsAllowedOrigin: '*'
|
|
||||||
KeystoneEnableMember: true
|
|
||||||
# Increase the Token expiration time until we fix the actual session bug:
|
|
||||||
# https://bugs.launchpad.net/tripleo/+bug/1761050
|
|
||||||
TokenExpiration: 14400
|
|
||||||
EnablePackageInstall: true
|
EnablePackageInstall: true
|
||||||
StackAction: CREATE
|
StackAction: CREATE
|
||||||
NetworkDeploymentActions: ['CREATE','UPDATE']
|
NetworkDeploymentActions: ['CREATE','UPDATE']
|
||||||
|
@ -182,3 +179,5 @@ parameter_defaults:
|
||||||
SshFirewallAllowAll: true
|
SshFirewallAllowAll: true
|
||||||
NetworkSafeDefaults: false
|
NetworkSafeDefaults: false
|
||||||
IronicRpcTransport: 'json-rpc'
|
IronicRpcTransport: 'json-rpc'
|
||||||
|
IronicAuthStrategy: http_basic
|
||||||
|
NeutronAuthStrategy: http_basic
|
||||||
|
|
|
@ -14,7 +14,10 @@
|
||||||
import json
|
import json
|
||||||
import openstack
|
import openstack
|
||||||
import os
|
import os
|
||||||
|
from pathlib import Path
|
||||||
|
import shutil
|
||||||
import subprocess
|
import subprocess
|
||||||
|
import yaml
|
||||||
|
|
||||||
CONF = json.loads(os.environ['config'])
|
CONF = json.loads(os.environ['config'])
|
||||||
|
|
||||||
|
@ -77,6 +80,52 @@ def _configure_nova(sdk):
|
||||||
print('INFO: Undercloud Post - Nova configuration completed successfully.')
|
print('INFO: Undercloud Post - Nova configuration completed successfully.')
|
||||||
|
|
||||||
|
|
||||||
|
def create_update_clouds_yaml():
|
||||||
|
"""Disable nova quotas"""
|
||||||
|
clouds_yaml_dir = '/etc/openstack'
|
||||||
|
clouds_yaml = os.path.join(clouds_yaml_dir, 'clouds.yaml')
|
||||||
|
cloud_name = CONF.get('cloud_name', 'undercloud')
|
||||||
|
Path(clouds_yaml_dir).mkdir(parents=True, exist_ok=True)
|
||||||
|
|
||||||
|
usr_clouds_yaml_dir = os.path.join(CONF['home_dir'], '.config/openstack')
|
||||||
|
usr_clouds_yaml = os.path.join(usr_clouds_yaml_dir, 'clouds.yaml')
|
||||||
|
Path(usr_clouds_yaml_dir).mkdir(parents=True, exist_ok=True)
|
||||||
|
|
||||||
|
data = {}
|
||||||
|
if os.path.exists(clouds_yaml):
|
||||||
|
with open(clouds_yaml, 'r') as fs:
|
||||||
|
data = yaml.safe_load(fs)
|
||||||
|
|
||||||
|
if 'clouds' not in data:
|
||||||
|
data['clouds'] = {}
|
||||||
|
|
||||||
|
data['clouds'][cloud_name] = {}
|
||||||
|
config = {}
|
||||||
|
config['auth_type'] = 'http_basic'
|
||||||
|
config['auth'] = {}
|
||||||
|
config['auth']['username'] = 'admin'
|
||||||
|
config['auth']['password'] = CONF.get('admin_password', 'admin')
|
||||||
|
config['baremetal_endpoint_override'] = CONF.get(
|
||||||
|
'endpoints', {}).get('baremetal', 'https://192.168.24.2:13385/')
|
||||||
|
config['network_endpoint_override'] = CONF.get(
|
||||||
|
'endpoints', {}).get('network', 'https://192.168.24.2:13696/')
|
||||||
|
config['baremetal_introspection_endpoint_override'] = CONF.get(
|
||||||
|
'endpoints', {}).get(
|
||||||
|
'baremetal_introspection', 'https://192.168.24.2:13696/')
|
||||||
|
config['baremetal_api_version'] = '1'
|
||||||
|
config['network_api_version'] = '2'
|
||||||
|
|
||||||
|
data['clouds'][cloud_name] = config
|
||||||
|
with open(clouds_yaml, 'w') as fs:
|
||||||
|
fs.write(yaml.dump(data, default_flow_style=False))
|
||||||
|
|
||||||
|
shutil.copyfile(clouds_yaml, usr_clouds_yaml)
|
||||||
|
|
||||||
|
stat_info = os.stat(CONF['home_dir'])
|
||||||
|
os.chown(usr_clouds_yaml_dir, stat_info.st_uid, stat_info.st_gid)
|
||||||
|
os.chown(usr_clouds_yaml, stat_info.st_uid, stat_info.st_gid)
|
||||||
|
|
||||||
|
|
||||||
def _create_default_keypair(sdk):
|
def _create_default_keypair(sdk):
|
||||||
"""Set up a default keypair."""
|
"""Set up a default keypair."""
|
||||||
ssh_dir = os.path.join(CONF['home_dir'], '.ssh')
|
ssh_dir = os.path.join(CONF['home_dir'], '.ssh')
|
||||||
|
@ -88,6 +137,11 @@ def _create_default_keypair(sdk):
|
||||||
public_key=pub_key_file.read())
|
public_key=pub_key_file.read())
|
||||||
|
|
||||||
|
|
||||||
|
keystone_enabled = 'true' in _run_command(
|
||||||
|
['hiera', 'keystone_enabled']).lower()
|
||||||
|
if not keystone_enabled:
|
||||||
|
create_update_clouds_yaml()
|
||||||
|
|
||||||
nova_api_enabled = 'true' in _run_command(
|
nova_api_enabled = 'true' in _run_command(
|
||||||
['hiera', 'nova_api_enabled']).lower()
|
['hiera', 'nova_api_enabled']).lower()
|
||||||
|
|
||||||
|
|
|
@ -3,6 +3,7 @@ set -eux
|
||||||
|
|
||||||
HOMEDIR="$homedir"
|
HOMEDIR="$homedir"
|
||||||
CLOUD_NAME="$cloud_name"
|
CLOUD_NAME="$cloud_name"
|
||||||
|
|
||||||
USERNAME=`ls -ld $HOMEDIR | awk {'print $3'}`
|
USERNAME=`ls -ld $HOMEDIR | awk {'print $3'}`
|
||||||
GROUPNAME=`ls -ld $HOMEDIR | awk {'print $4'}`
|
GROUPNAME=`ls -ld $HOMEDIR | awk {'print $4'}`
|
||||||
|
|
||||||
|
|
|
@ -159,6 +159,11 @@ resources:
|
||||||
JSON:
|
JSON:
|
||||||
cloud_name: {get_param: UndercloudCloudName}
|
cloud_name: {get_param: UndercloudCloudName}
|
||||||
home_dir: {get_param: UndercloudHomeDir}
|
home_dir: {get_param: UndercloudHomeDir}
|
||||||
|
admin_password: {get_param: AdminPassword}
|
||||||
|
endpoints:
|
||||||
|
baremetal: {get_param: [EndpointMap, IronicPublic, uri_no_suffix]}
|
||||||
|
network: {get_param: [EndpointMap, NeutronPublic, uri_no_suffix]}
|
||||||
|
baremetal_introspection: {get_param: [EndpointMap, IronicInspectorPublic, uri_no_suffix]}
|
||||||
|
|
||||||
UndercloudCtlplaneNetworkConfig:
|
UndercloudCtlplaneNetworkConfig:
|
||||||
type: OS::Heat::SoftwareConfig
|
type: OS::Heat::SoftwareConfig
|
||||||
|
@ -170,7 +175,7 @@ resources:
|
||||||
|
|
||||||
UndercloudCtlplaneNetworkDeployment:
|
UndercloudCtlplaneNetworkDeployment:
|
||||||
type: OS::Heat::SoftwareDeploymentGroup
|
type: OS::Heat::SoftwareDeploymentGroup
|
||||||
depends_on: UndercloudPostDeployment
|
depends_on: UndercloudPostPyDeployment
|
||||||
properties:
|
properties:
|
||||||
name: UndercloudCtlplaneNetworkDeployment
|
name: UndercloudCtlplaneNetworkDeployment
|
||||||
servers: {get_param: servers}
|
servers: {get_param: servers}
|
||||||
|
|
Loading…
Reference in New Issue