openstack/tripleo-heat-templates
Code Issues Proposed changes

Make network-isolation environment rendered for all roles

Browse Source 
Currently there's some hard-coded references to roles here, rendering
from the roles_data.yaml is a step towards making the use of isolated
networks for custom roles easier.

Partial-Bug: #1633090
Depends-On: Ib681729cc2728ca4b0486c14166b6b702edfcaab
Change-Id: If3989f24f077738845d2edbee405bd9198e7b7db
This commit is contained in:
Steven Hardy 2016-12-08 17:15:46 +00:00
parent 571778f2f0
commit cba5288867
14 changed files with 97 additions and 59 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
environments/network-isolation.j2.yaml Normal file
View File

@ -0,0 +1,37 @@
{%- set primary_role = [roles[0]] -%}
{%- for role in roles -%}
{%- if 'primary' in role.tags and 'controller' in role.tags -%}
{%- set _ = primary_role.pop() -%}
{%- set _ = primary_role.append(role) -%}
{%- endif -%}
{%- endfor -%}
{%- set primary_role_name = primary_role[0].name -%}
# Enable the creation of Neutron networks for isolated Overcloud
# traffic and configure each role to assign ports (related
# to that role) on these networks.
# primary role is: {{primary_role_name}}
resource_registry:
# networks as defined in network_data.yaml
{%- for network in networks if network.enabled|default(true) %}
OS::TripleO::Network::{{network.name}}: ../network/{{network.name.lower()}}.yaml
{%- endfor %}
# Port assignments for the VIPs
{%- for network in networks if network.vip %}
OS::TripleO::Network::Ports::{{network.name}}VipPort: ../network/ports/{{network.name_lower|default(network.name.lower())}}.yaml
{%- endfor %}
OS::TripleO::Network::Ports::RedisVipPort: ../network/ports/vip.yaml
OS::TripleO::{{primary_role_name}}::Ports::RedisVipPort: ../network/ports/vip.yaml
{%- for role in roles %}
# Port assignments for the {{role.name}}
{%- for network in networks %}
{%- if network.name in role.networks|default([]) and network.enabled|default(true) %}
OS::TripleO::{{role.name}}::Ports::{{network.name}}Port: ../network/ports/{{network.name_lower|default(network.name.lower())}}.yaml
{%- else %}
OS::TripleO::{{role.name}}::Ports::{{network.name}}Port: ../network/ports/noop.yaml
{%- endif %}
{%- endfor %}
{%- endfor %}

59
environments/network-isolation.yaml
View File

@ -1,59 +0,0 @@
# Enable the creation of Neutron networks for isolated Overcloud
# traffic and configure each role to assign ports (related
# to that role) on these networks.
resource_registry:
OS::TripleO::Network::External: ../network/external.yaml
OS::TripleO::Network::InternalApi: ../network/internal_api.yaml
OS::TripleO::Network::StorageMgmt: ../network/storage_mgmt.yaml
OS::TripleO::Network::Storage: ../network/storage.yaml
OS::TripleO::Network::Tenant: ../network/tenant.yaml
# Management network is optional and disabled by default.
# To enable it, include environments/network-management.yaml
#OS::TripleO::Network::Management: ../network/management.yaml
# Port assignments for the VIPs
OS::TripleO::Network::Ports::ExternalVipPort: ../network/ports/external.yaml
OS::TripleO::Network::Ports::InternalApiVipPort: ../network/ports/internal_api.yaml
OS::TripleO::Network::Ports::StorageVipPort: ../network/ports/storage.yaml
OS::TripleO::Network::Ports::StorageMgmtVipPort: ../network/ports/storage_mgmt.yaml
OS::TripleO::Network::Ports::RedisVipPort: ../network/ports/vip.yaml
# Port assignments for the controller role
OS::TripleO::Controller::Ports::ExternalPort: ../network/ports/external.yaml
OS::TripleO::Controller::Ports::InternalApiPort: ../network/ports/internal_api.yaml
OS::TripleO::Controller::Ports::StoragePort: ../network/ports/storage.yaml
OS::TripleO::Controller::Ports::StorageMgmtPort: ../network/ports/storage_mgmt.yaml
OS::TripleO::Controller::Ports::TenantPort: ../network/ports/tenant.yaml
#OS::TripleO::Controller::Ports::ManagementPort: ../network/ports/management.yaml
# Port assignments for the compute role
OS::TripleO::Compute::Ports::ExternalPort: ../network/ports/noop.yaml
OS::TripleO::Compute::Ports::InternalApiPort: ../network/ports/internal_api.yaml
OS::TripleO::Compute::Ports::StoragePort: ../network/ports/storage.yaml
OS::TripleO::Compute::Ports::StorageMgmtPort: ../network/ports/noop.yaml
OS::TripleO::Compute::Ports::TenantPort: ../network/ports/tenant.yaml
#OS::TripleO::Compute::Ports::ManagementPort: ../network/ports/management.yaml
# Port assignments for the ceph storage role
OS::TripleO::CephStorage::Ports::ExternalPort: ../network/ports/noop.yaml
OS::TripleO::CephStorage::Ports::InternalApiPort: ../network/ports/noop.yaml
OS::TripleO::CephStorage::Ports::StoragePort: ../network/ports/storage.yaml
OS::TripleO::CephStorage::Ports::StorageMgmtPort: ../network/ports/storage_mgmt.yaml
OS::TripleO::CephStorage::Ports::TenantPort: ../network/ports/noop.yaml
#OS::TripleO::CephStorage::Ports::ManagementPort: ../network/ports/management.yaml
# Port assignments for the swift storage role
OS::TripleO::SwiftStorage::Ports::ExternalPort: ../network/ports/noop.yaml
OS::TripleO::SwiftStorage::Ports::InternalApiPort: ../network/ports/internal_api.yaml
OS::TripleO::SwiftStorage::Ports::StoragePort: ../network/ports/storage.yaml
OS::TripleO::SwiftStorage::Ports::StorageMgmtPort: ../network/ports/storage_mgmt.yaml
OS::TripleO::SwiftStorage::Ports::TenantPort: ../network/ports/noop.yaml
#OS::TripleO::SwiftStorage::Ports::ManagementPort: ../network/ports/management.yaml
# Port assignments for the block storage role
OS::TripleO::BlockStorage::Ports::ExternalPort: ../network/ports/noop.yaml
OS::TripleO::BlockStorage::Ports::InternalApiPort: ../network/ports/internal_api.yaml
OS::TripleO::BlockStorage::Ports::StoragePort: ../network/ports/storage.yaml
OS::TripleO::BlockStorage::Ports::StorageMgmtPort: ../network/ports/storage_mgmt.yaml
OS::TripleO::BlockStorage::Ports::TenantPort: ../network/ports/noop.yaml
#OS::TripleO::BlockStorage::Ports::ManagementPort: ../network/ports/management.yaml

4
roles/BlockStorage.yaml
View File

@ -4,6 +4,10 @@
- name: BlockStorage
description: |
Cinder Block Storage node role
networks:
- InternalApi
- Storage
- StorageMgmt
ServicesDefault:
- OS::TripleO::Services::AuditD
- OS::TripleO::Services::BlockStorageCinderVolume

3
roles/CephStorage.yaml
View File

@ -4,6 +4,9 @@
- name: CephStorage
description: |
Ceph OSD Storage node role
networks:
- Storage
- StorageMgmt
ServicesDefault:
- OS::TripleO::Services::AuditD
- OS::TripleO::Services::CACerts

4
roles/Compute.yaml
View File

@ -5,6 +5,10 @@
description: |
Basic Compute Node role
CountDefault: 1
networks:
- InternalApi
- Tenant
- Storage
HostnameFormatDefault: '%stackname%-novacompute-%index%'
disable_upgrade_deployment: True
ServicesDefault:

6
roles/Controller.yaml
View File

@ -9,6 +9,12 @@
tags:
- primary
- controller
networks:
- External
- InternalApi
- Storage
- StorageMgmt
- Tenant
HostnameFormatDefault: '%stackname%-controller-%index%'
ServicesDefault:
- OS::TripleO::Services::AodhApi

6
roles/ControllerOpenstack.yaml
View File

@ -9,6 +9,12 @@
tags:
- primary
- controller
networks:
- External
- InternalApi
- Storage
- StorageMgmt
- Tenant
HostnameFormatDefault: '%stackname%-controller-%index%'
ServicesDefault:
- OS::TripleO::Services::AodhApi

2
roles/Database.yaml
View File

@ -4,6 +4,8 @@
- name: Database
description: |
Standalone database role with the database being managed via Pacemaker
networks:
- InternalApi
HostnameFormatDefault: '%stackname%-database-%index%'
ServicesDefault:
- OS::TripleO::Services::AuditD

2
roles/Messaging.yaml
View File

@ -4,6 +4,8 @@
- name: Messaging
description: |
Standalone messaging role with RabbitMQ being managed via Pacemaker
networks:
- InternalApi
HostnameFormatDefault: '%stackname%-messaging-%index%'
ServicesDefault:
- OS::TripleO::Services::AuditD

2
roles/Networker.yaml
View File

@ -5,6 +5,8 @@
description: |
Standalone networking role to run Neutron services their own. Includes
Pacemaker integration via PacemakerRemote
networks:
- InternalApi
HostnameFormatDefault: '%stackname%-networker-%index%'
ServicesDefault:
- OS::TripleO::Services::AuditD

4
roles/ObjectStorage.yaml
View File

@ -4,6 +4,10 @@
- name: ObjectStorage
description: |
Swift Object Storage node role
networks:
- InternalApi
- Storage
- StorageMgmt
disable_upgrade_deployment: True
ServicesDefault:
- OS::TripleO::Services::AuditD

4
roles/README.rst
View File

@ -58,6 +58,10 @@ Role Options
* description: (string) as few sentences describing the role and information
pertaining to the usage of the role.
* networks: (list), optional list of networks which the role will have
access to when network isolation is enabled. The names should match
those defined in network_data.yaml.
Working with Roles
==================
The tripleoclient provides a series of commands that can be used to view

2
roles/Telemetry.yaml
View File

@ -4,6 +4,8 @@
- name: Telemetry
description: |
Telemetry role that has all the telemetry services.
networks:
- InternalApi
HostnameFormatDefault: '%stackname%-telemetry-%index%'
ServicesDefault:
- OS::TripleO::Services::AodhApi

21
roles_data.yaml
View File

@ -12,6 +12,12 @@
tags:
- primary
- controller
networks:
- External
- InternalApi
- Storage
- StorageMgmt
- Tenant
HostnameFormatDefault: '%stackname%-controller-%index%'
ServicesDefault:
- OS::TripleO::Services::AodhApi
@ -128,6 +134,10 @@
description: |
Basic Compute Node role
CountDefault: 1
networks:
- InternalApi
- Tenant
- Storage
HostnameFormatDefault: '%stackname%-novacompute-%index%'
disable_upgrade_deployment: True
ServicesDefault:
@ -167,6 +177,10 @@
- name: BlockStorage
description: |
Cinder Block Storage node role
networks:
- InternalApi
- Storage
- StorageMgmt
ServicesDefault:
- OS::TripleO::Services::AuditD
- OS::TripleO::Services::BlockStorageCinderVolume
@ -191,6 +205,10 @@
- name: ObjectStorage
description: |
Swift Object Storage node role
networks:
- InternalApi
- Storage
- StorageMgmt
disable_upgrade_deployment: True
ServicesDefault:
- OS::TripleO::Services::AuditD
@ -217,6 +235,9 @@
- name: CephStorage
description: |
Ceph OSD Storage node role
networks:
- Storage
- StorageMgmt
ServicesDefault:
- OS::TripleO::Services::AuditD
- OS::TripleO::Services::CACerts