Remove Redis VirtualIP from params and build it from Neutron::Port

The redis_vip should come from a Neutron Port as its cidr depends
on the Neutron Network configuration. This change adds 2 new files
and modifies 1 in the network/ports directory:

- noop.yaml - Passes through the ctlplane Controller IP (modified)
- ctlplane_vip.yaml - Creates a new VIP on the control plane
- vip.yaml - Creates a VIP on the named network (for isolated nets)

Also, changes to overcloud-without-mergepy.yaml create the
Redis Virtual IP. The standard resource registry was modified to
use noop.yaml for the new Redis VIP. The Puppet resource registry
was modified to use ctlplane_vip.yaml by default, but can be made
to use vip.yaml when network isolation is used by using an
environment file. vip.yaml will place the VIP according to the
ServiceNetMap, which can also be overridden.

We use this new VIP port definition to assign a VIP to Redis,
but follow-up patches will assign VIPs to the rest of the
services in a similar fashion.

Co-Authored-By: Dan Sneddon <dsneddon@redhat.com>

Change-Id: I2cb44ea7a057c4064d0e1999702623618ee3390c

network/ports/ctlplane_vip.yaml

@@ -0,0 +1,46 @@
+heat_template_version: 2015-04-30
+
+description: >
+  Creates a port for a VIP on the undercloud ctlplane network.
+
+parameters:
+  NetworkName:
+    description: # Here for compatibility with isolated networks
+    default: ctlplane
+    type: string
+  PortName:
+    description: Name of the port
+    default: ''
+    type: string
+  ControlPlaneIP: # Here for compatability with noop.yaml
+    description: IP address on the control plane
+    type: string
+  ControlPlaneNetwork:
+    description: The name of the undercloud Neutron control plane
+    default: ctlplane
+    type: string
+
+
+resources:
+
+  VipPort:
+    type: OS::Neutron::Port
+    properties:
+      network: {get_param: ControlPlaneNetwork}
+      name: {get_param: PortName}
+      replacement_policy: AUTO
+
+outputs:
+  ip_address:
+    description: Virtual IP network IP
+    value: {get_attr: [VipPort, fixed_ips, 0, ip_address]}
+  ip_subnet:
+    # FIXME: this assumes a 2 digit subnet CIDR (need more heat functions?)
+    description: IP/Subnet CIDR for the internal API network IP
+    value:
+          list_join:
+            - ''
+            - - {get_attr: [VipPort, fixed_ips, 0, ip_address]}
+              - '/'
+              - {get_attr: [VipPort, subnets, 0, cidr, -2]}
+              - {get_attr: [VipPort, subnets, 0, cidr, -1]}

network/ports/noop.yaml

@@ -7,10 +7,18 @@ parameters:
   ControlPlaneIP:
     description: IP address on the control plane
     type: string
+  ControlPlaneNetwork:
+    description: Name of the control plane network
+    default: ctlplane
+    type: string
   PortName:
     description: Name of the port
     default: ''
     type: string
+  NetworkName:
+    description: # Here for compatability with vip.yaml
+    default: ''
+    type: string
   ControlPlaneSubnetCidr: # Override this via parameter_defaults
     default: '24'
     description: The subnet CIDR of the control plane network.

network/ports/vip.yaml

@@ -0,0 +1,41 @@
+heat_template_version: 2015-04-30
+
+description: >
+  Creates a port for a VIP on the isolated network NetworkName.
+
+parameters:
+  NetworkName:
+    description: Name of the network where the VIP will be created
+    default: internal_api
+    type: string
+  PortName:
+    description: Name of the port
+    default: ''
+    type: string
+  ControlPlaneIP: # Here for compatability with noop.yaml
+    description: IP address on the control plane
+    type: string
+
+resources:
+
+  VipPort:
+    type: OS::Neutron::Port
+    properties:
+      network: {get_param: NetworkName}
+      name: {get_param: PortName}
+      replacement_policy: AUTO
+
+outputs:
+  ip_address:
+    description: Virtual IP network IP
+    value: {get_attr: [VipPort, fixed_ips, 0, ip_address]}
+  ip_subnet:
+    # FIXME: this assumes a 2 digit subnet CIDR (need more heat functions?)
+    description: IP/Subnet CIDR for the internal API network IP
+    value:
+          list_join:
+            - ''
+            - - {get_attr: [VipPort, fixed_ips, 0, ip_address]}
+              - '/'
+              - {get_attr: [VipPort, subnets, 0, cidr, -2]}
+              - {get_attr: [VipPort, subnets, 0, cidr, -1]}

overcloud-resource-registry-puppet.yaml

@@ -68,5 +68,8 @@ resource_registry:
   # Cinder backend config for the controller role
   OS::TripleO::Controller::CinderBackend: extraconfig/controller/noop.yaml
 
+  # Port assignments for service virtual IPs for the controller role
+  OS::TripleO::Controller::Ports::RedisVipPort: network/ports/ctlplane_vip.yaml
+
 parameter_defaults:
   EnablePackageInstall: false

overcloud-resource-registry.yaml

@@ -61,3 +61,6 @@ resource_registry:
   OS::TripleO::BlockStorage::Ports::InternalApiPort: network/ports/noop.yaml
   OS::TripleO::BlockStorage::Ports::StoragePort: network/ports/noop.yaml
   OS::TripleO::BlockStorage::Ports::StorageMgmtPort: network/ports/noop.yaml
+
+  # Port assignments for service virtual IPs for the controller role
+  OS::TripleO::Controller::Ports::RedisVipPort: network/ports/noop.yaml

overcloud-without-mergepy.yaml

@@ -399,9 +399,6 @@ parameters:
         Specifies the interface where the public-facing virtual ip will be assigned.
         This should be int_public when a VLAN is being used.
     type: string
-  RedisVirtualIP:
-    type: string
-    default: ''  # Has to be here because of the ignored empty value bug
   SSLCertificate:
     default: ''
     description: If set, the contents of an SSL certificate .crt file for encrypting SSL endpoints.
@@ -666,7 +663,7 @@ resources:
           RabbitClientPort: {get_param: RabbitClientPort}
           SnmpdReadonlyUserName: {get_param: SnmpdReadonlyUserName}
           SnmpdReadonlyUserPassword: {get_param: SnmpdReadonlyUserPassword}
-          RedisVirtualIP: {get_param: RedisVirtualIP}
+          RedisVirtualIP: {get_attr: [RedisVirtualIP, ip_address]}
           SSLCertificate: {get_param: SSLCertificate}
           SSLKey: {get_param: SSLKey}
           SSLCACertificate: {get_param: SSLCACertificate}
@@ -869,6 +866,15 @@ resources:
       fixed_ips: {get_param: ControlFixedIPs}
       replacement_policy: AUTO
 
+  RedisVirtualIP:
+    depends_on: Networks
+    type: OS::TripleO::Controller::Ports::RedisVipPort
+    properties:
+      ControlPlaneIP: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
+      ControlPlaneNetwork: {get_param: NeutronControlPlaneID}
+      PortName: redis_virtual_ip
+      NetworkName: {get_param: [ServiceNetMap, RedisNetwork]}
+
   # same as external
   PublicVirtualIP:
     type: OS::Neutron::Port
@@ -931,7 +937,7 @@ resources:
         ceilometer_api_vip: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, CeilometerApiNetwork]}]}
         heat_api_vip: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, HeatApiNetwork]}]}
         horizon_vip: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, HorizonNetwork]}]}
-        redis_vip: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, RedisNetwork]}]}
+        redis_vip: {get_attr: [RedisVirtualIP, ip_address]}
         mysql_vip: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, MysqlNetwork]}]}
         rabbit_vip: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, RabbitMqNetwork]}]}
         # direct configuration of Virtual IPs for each network

puppet/manifests/overcloud_controller_pacemaker.pp

@@ -254,8 +254,10 @@ if hiera('step') >= 2 {
       require         => Class['::redis'],
     }
     $redis_vip = hiera('redis_vip')
-    pacemaker::resource::ip { 'vip-redis':
-      ip_address => $redis_vip,
+    if $redis_vip and $redis_vip != $control_vip {
+        pacemaker::resource::ip { 'vip-redis':
+          ip_address => $redis_vip,
+        }
     }
     pacemaker::constraint::base { 'redis-master-then-vip-redis':
       constraint_type => 'order',