From fe8b808fd3859004e0de902fa82f43fa1998426c Mon Sep 17 00:00:00 2001 From: Janki Chhatbar Date: Fri, 23 Nov 2018 14:33:48 +0530 Subject: [PATCH] Allow overlay tunnel endpoints on IPv6 address Overlay tunnel endpoints are supported only on IPv4 address. Now that OVS and Neutron support having v6 endpoints, edit network enviroment files in TripleO to allow this. Change-Id: Ie2523cf4e359289298e4ea5d0992093976a19e04 Closes-Bug: #1793239 --- .../external-loadbalancer-vip-v6-all.yaml | 40 +++++++++++ .../network-environment-v6-all.j2.yaml | 64 ++++++++++++++++++ environments/network-isolation-v6-all.j2.yaml | 67 +++++++++++++++++++ network_data.yaml | 1 - network_data_ganesha.yaml | 1 - network_data_routed.yaml | 2 - ..._for_tenant_networks-30938bfdde547969.yaml | 8 +++ 7 files changed, 179 insertions(+), 4 deletions(-) create mode 100644 environments/external-loadbalancer-vip-v6-all.yaml create mode 100644 environments/network-environment-v6-all.j2.yaml create mode 100644 environments/network-isolation-v6-all.j2.yaml create mode 100644 releasenotes/notes/support_IPv6_for_tenant_networks-30938bfdde547969.yaml diff --git a/environments/external-loadbalancer-vip-v6-all.yaml b/environments/external-loadbalancer-vip-v6-all.yaml new file mode 100644 index 0000000000..057e53a23a --- /dev/null +++ b/environments/external-loadbalancer-vip-v6-all.yaml @@ -0,0 +1,40 @@ +# This file allows IPv6 deployment on tenant networks as well. +# This should only be used for new deployments and not for upgrade +# or update. +resource_registry: + OS::TripleO::Network::Ports::ExternalVipPort: ../network/ports/external_v6.yaml + OS::TripleO::Network::Ports::InternalApiVipPort: ../network/ports/internal_api_v6.yaml + OS::TripleO::Network::Ports::StorageVipPort: ../network/ports/storage_v6.yaml + OS::TripleO::Network::Ports::StorageMgmtVipPort: ../network/ports/storage_mgmt_v6.yaml + OS::TripleO::Network::Ports::RedisVipPort: ../network/ports/vip_v6.yaml + OS::TripleO::Controller::Ports::ExternalPort: ../network/ports/external_from_pool_v6.yaml + OS::TripleO::Controller::Ports::InternalApiPort: ../network/ports/internal_api_from_pool_v6.yaml + OS::TripleO::Controller::Ports::StoragePort: ../network/ports/storage_from_pool_v6.yaml + OS::TripleO::Controller::Ports::StorageMgmtPort: ../network/ports/storage_mgmt_from_pool_v6.yaml + OS::TripleO::Controller::Ports::TenantPort: ../network/ports/tenant_from_pool_v6.yaml + # Management network is optional and disabled by default + #OS::TripleO::Controller::Ports::ManagementPort: ../network/ports/management_from_pool_v6.yaml + +parameter_defaults: + # When using an external loadbalancer set the following in parameter_defaults + # to control your VIPs (currently one per network) + # NOTE: we will eventually move to one VIP per service + # + ControlFixedIPs: [{'ip_address':'192.168.24.251'}] + PublicVirtualFixedIPs: [{'ip_address':'2001:db8:fd00:1000:0000:0000:0000:0005'}] + InternalApiVirtualFixedIPs: [{'ip_address':'fd00:fd00:fd00:2000:0000:0000:0000:0005'}] + StorageVirtualFixedIPs: [{'ip_address':'fd00:fd00:fd00:3000:0000:0000:0000:0005'}] + StorageMgmtVirtualFixedIPs: [{'ip_address':'fd00:fd00:fd00:4000:0000:0000:0000:0005'}] + RedisVirtualFixedIPs: [{'ip_address':'fd00:fd00:fd00:2000:0000:0000:0000:0006'}] + ControllerIPs: + external: + - 2001:db8:fd00:1000:0000:0000:0000:0007 + internal_api: + - fd00:fd00:fd00:2000:0000:0000:0000:0007 + storage: + - fd00:fd00:fd00:3000:0000:0000:0000:0007 + storage_mgmt: + - fd00:fd00:fd00:4000:0000:0000:0000:0007 + tenant: + - fd00:fd00:fd00:5000:0000:0000:0000:0007 + EnableLoadBalancer: false diff --git a/environments/network-environment-v6-all.j2.yaml b/environments/network-environment-v6-all.j2.yaml new file mode 100644 index 0000000000..3b9cd30ad1 --- /dev/null +++ b/environments/network-environment-v6-all.j2.yaml @@ -0,0 +1,64 @@ +# This file allows IPv6 deployment on tenant networks as well. +# This should only be used for new deployments and not for upgrade +# or update. +resource_registry: + # Network Interface templates to use (these files must exist). You can + # override these by including one of the net-*.yaml environment files, + # such as net-bond-with-vlans-v6.yaml, or modifying the list here. +{%- for role in roles %} + # Port assignments for the {{role.name}} + OS::TripleO::{{role.name}}::Net::SoftwareConfig: + ../network/config/single-nic-vlans/{{role.deprecated_nic_config_name|default(role.name.lower() ~ ".yaml")}} +{%- endfor %} + +parameter_defaults: + # This section is where deployment-specific configuration is done + # + # NOTE: (Since Rocky) + # ControlPlaneSubnetCidr: It is no longer a requirement to provide this + # parameter. The attribute is resolved from the + # ctlplane subnet(s). + # ControlPlaneDefaultRoute: It is no longer a requirement to provide this + # parameter. The attribute is resolved from the + # ctlplane subnet(s). + # EC2MetadataIp: It is no longer a requirement to provide this parameter. The + # attribute is resolved from the ctlplane subnet(s). + # + # +{% for network in networks if network.enabled|default(true) %} + # Customize the IP subnets to match the local environment + {{network.name}}NetCidr: '{{network.ipv6_subnet}}' + # Customize the IP range to use for static IPs and VIPs +{%- if network.name == 'External' %} + # Leave room if the external network is also used for floating IPs +{%- endif %} + {{network.name}}AllocationPools: {{network.ipv6_allocation_pools}} +{%- if network.gateway_ipv6|default(false) %} + # Gateway router for routable networks + {{network.name}}InterfaceDefaultRoute: '{{network.gateway_ipv6}}' +{%- endif %} +{%- if network.vlan is defined %} + # Customize the VLAN ID to match the local environment + {{network.name}}NetworkVlanID: {{network.vlan}} +{%- endif %} +{%- if network.routes_ipv6 %} + # Routes to add to host_routes property of the subnets in neutron. + {{network.name}}Routes: {{network.routes_ipv6|default([])}} +{%- endif %} +{% endfor %} +{#- FIXME: These global parameters should be defined in a YAML file, e.g. network_data.yaml. #} + # Define the DNS servers (maximum 2) for the overcloud nodes + # When the list is not set (empty) the nameservers on the ctlplane subnet(s) will be used. + # (ctlplane subnet(s) nameservers are confgured by the ``undercloud_nameservers`` option in ``undercloud.conf``) + DnsServers: [] + # List of Neutron network types for tenant networks (will be used in order) + NeutronNetworkType: 'vxlan,vlan' + # The tunnel type for the tenant network (vxlan or gre). Set to '' to disable tunneling. + NeutronTunnelTypes: 'vxlan' + # Neutron VLAN ranges per network, for example 'datacentre:1:499,tenant:500:1000': + NeutronNetworkVLANRanges: 'datacentre:1:1000' + # Customize bonding options, e.g. "mode=4 lacp_rate=1 updelay=1000 miimon=100" + # for Linux bonds w/LACP, or "bond_mode=active-backup" for OVS active/backup. + BondInterfaceOvsOptions: "bond_mode=active-backup" + # Specify Tunnel endpoints to be IPv6 + NeutronOverlayIPVersion: 6 \ No newline at end of file diff --git a/environments/network-isolation-v6-all.j2.yaml b/environments/network-isolation-v6-all.j2.yaml new file mode 100644 index 0000000000..05994dfb6d --- /dev/null +++ b/environments/network-isolation-v6-all.j2.yaml @@ -0,0 +1,67 @@ +# This file allows IPv6 deployment on tenant networks as well. +# This should only be used for new deployments and not for upgrade +# or update. +{%- set primary_role = [roles[0]] -%} +{%- for role in roles -%} + {%- if 'primary' in role.tags and 'controller' in role.tags -%} + {%- set _ = primary_role.pop() -%} + {%- set _ = primary_role.append(role) -%} + {%- endif -%} +{%- endfor -%} +{%- set primary_role_name = primary_role[0].name -%} +# NOTE: This template is now deprecated, and is only included for compatibility +# when upgrading a deployment where this template was originally used. For new +# deployments, set "ipv6: true" on desired networks in network_data.yaml, and +# include network-isolation.yaml. +# +# Enable the creation of Neutron networks for isolated Overcloud +# traffic and configure each role to assign ports (related +# to that role) on these networks. +# primary role is: {{primary_role_name}} +resource_registry: + # networks as defined in network_data.yaml + {%- for network in networks if network.enabled|default(true) %} + OS::TripleO::Network::{{network.name}}: ../network/{{network.name_lower|default(network.name.lower())}}_v6.yaml + {%- endfor %} + + # Port assignments for the VIPs + {%- for network in networks if network.vip and network.enabled|default(true) %} + OS::TripleO::Network::Ports::{{network.name}}VipPort: ../network/ports/{{network.name_lower|default(network.name.lower())}}_v6.yaml + {%- endfor %} + + OS::TripleO::Network::Ports::RedisVipPort: ../network/ports/vip_v6.yaml + + # Port assignments by role, edit role definition to assign networks to roles. +{%- for role in roles %} + # Port assignments for the {{role.name}} + {%- for network in networks %} + {%- if network.name in role.networks|default([]) and network.enabled|default(true) %} + OS::TripleO::{{role.name}}::Ports::{{network.name}}Port: ../network/ports/{{network.name_lower|default(network.name.lower())}}_v6.yaml + {%- endif %} + {%- endfor %} +{% endfor %} + + +parameter_defaults: + # Enable IPv6 for Ceph. + CephIPv6: True + # Enable IPv6 for Corosync. This is required when Corosync is using an IPv6 IP in the cluster. + CorosyncIPv6: True + # Enable IPv6 for MongoDB. This is required when MongoDB is using an IPv6 IP. + MongoDbIPv6: True + # Enable various IPv6 features in Nova. + NovaIPv6: True + # Enable IPv6 environment for RabbitMQ. + RabbitIPv6: True + # Enable IPv6 environment for Memcached. + MemcachedIPv6: True + # Enable IPv6 environment for MySQL. + MysqlIPv6: True + # Enable IPv6 environment for Manila + ManilaIPv6: True + # Enable IPv6 environment for Redis. + RedisIPv6: True + # Enable IPv6 environment for OpenDaylight + OpenDaylightEnableIPv6Deployment: True + # Specify Tunnel endpoints to be IPv6 + NeutronOverlayIPVersion: 6 \ No newline at end of file diff --git a/network_data.yaml b/network_data.yaml index a6c5968cf6..9905d531a9 100644 --- a/network_data.yaml +++ b/network_data.yaml @@ -84,7 +84,6 @@ vlan: 50 ip_subnet: '172.16.0.0/24' allocation_pools: [{'start': '172.16.0.4', 'end': '172.16.0.250'}] - # Note that tenant tunneling is only compatible with IPv4 addressing at this time. ipv6_subnet: 'fd00:fd00:fd00:5000::/64' ipv6_allocation_pools: [{'start': 'fd00:fd00:fd00:5000::10', 'end': 'fd00:fd00:fd00:5000:ffff:ffff:ffff:fffe'}] - name: External diff --git a/network_data_ganesha.yaml b/network_data_ganesha.yaml index 04dfcc1684..fe6942db30 100644 --- a/network_data_ganesha.yaml +++ b/network_data_ganesha.yaml @@ -81,7 +81,6 @@ vlan: 50 ip_subnet: '172.16.0.0/24' allocation_pools: [{'start': '172.16.0.4', 'end': '172.16.0.250'}] - # Note that tenant tunneling is only compatible with IPv4 addressing at this time. ipv6_subnet: 'fd00:fd00:fd00:5000::/64' ipv6_allocation_pools: [{'start': 'fd00:fd00:fd00:5000::10', 'end': 'fd00:fd00:fd00:5000:ffff:ffff:ffff:fffe'}] - name: External diff --git a/network_data_routed.yaml b/network_data_routed.yaml index 58a0f70fc0..0b024ac5d8 100644 --- a/network_data_routed.yaml +++ b/network_data_routed.yaml @@ -146,7 +146,6 @@ gateway_ip: '172.16.0.1' routes: [{'destination':'172.16.0.0/20', 'nexthop':'172.16.0.1'}] allocation_pools: [{'start': '172.16.0.4', 'end': '172.16.0.250'}] - # Note that tenant tunneling is only compatible with IPv4 addressing at this time. ipv6_subnet: 'fd00:fd00:fd00:5000::/64' ipv6_allocation_pools: [{'start': 'fd00:fd00:fd00:5000::10', 'end': 'fd00:fd00:fd00:5000:ffff:ffff:ffff:fffe'}] routes_ipv6: [{'destination':'fd00:fd00:fd00:5004::/64', 'nexthop':'fd00:fd00:fd00:5000::1'}] @@ -158,7 +157,6 @@ gateway_ip: '172.16.1.1' routes: [{'destination':'172.16.0.0/20', 'nexthop':'172.16.1.1'}] allocation_pools: [{'start': '172.16.1.4', 'end': '172.16.1.250'}] - # Note that tenant tunneling is only compatible with IPv4 addressing at this time. ipv6_subnet: 'fd00:fd00:fd00:5004::/64' ipv6_allocation_pools: [{'start': 'fd00:fd00:fd00:5004::10', 'end': 'fd00:fd00:fd00:5004:ffff:ffff:ffff:fffe'}] routes_ipv6: [{'destination':'fd00:fd00:fd00:5000::/64', 'nexthop':'fd00:fd00:fd00:5004::1'}] diff --git a/releasenotes/notes/support_IPv6_for_tenant_networks-30938bfdde547969.yaml b/releasenotes/notes/support_IPv6_for_tenant_networks-30938bfdde547969.yaml new file mode 100644 index 0000000000..af27078966 --- /dev/null +++ b/releasenotes/notes/support_IPv6_for_tenant_networks-30938bfdde547969.yaml @@ -0,0 +1,8 @@ +--- +features: + - | + OVS and neutron now supports endpoint creation on IPv6 networks. New + network-*-v6-all.j2.yaml environment files are added to allow tenant + network to be created on IPv6 addresses. Note that these files are only + to be used for new deployments and not during update or upgrade. + network_data*.yaml files are also edited to reflect the same.