The network isolation code in the TripleO Heat templates has files
in the environment folder that can be included to enable network
isolation. This updates the environment file to include the VIP
for Redis.
Change-Id: Ic05720c565d9ecf76bf7485b969cb2d9ead9fd6f
The redis_vip should come from a Neutron Port as its cidr depends
on the Neutron Network configuration. This change adds 2 new files
and modifies 1 in the network/ports directory:
- noop.yaml - Passes through the ctlplane Controller IP (modified)
- ctlplane_vip.yaml - Creates a new VIP on the control plane
- vip.yaml - Creates a VIP on the named network (for isolated nets)
Also, changes to overcloud-without-mergepy.yaml create the
Redis Virtual IP. The standard resource registry was modified to
use noop.yaml for the new Redis VIP. The Puppet resource registry
was modified to use ctlplane_vip.yaml by default, but can be made
to use vip.yaml when network isolation is used by using an
environment file. vip.yaml will place the VIP according to the
ServiceNetMap, which can also be overridden.
We use this new VIP port definition to assign a VIP to Redis,
but follow-up patches will assign VIPs to the rest of the
services in a similar fashion.
Co-Authored-By: Dan Sneddon <dsneddon@redhat.com>
Change-Id: I2cb44ea7a057c4064d0e1999702623618ee3390c
This change adds config and deployment resources to trigger package
updates on nodes. The deployments are triggered by doing a stack-update
and setting one of the parameters to a unique value.
The intent is that rolling update will be controlled by setting
breakpoints on all of the UpdateDeployment resources inside the
role resource groups.
Change-Id: I56bbf944ecd6cbdbf116021b8a53f9f9111c134f
Since t-h-t can now deploy a Redis cluster, we can rely on it as the
tooz backend for high availability.
Change-Id: If045a273388aa2e725b6de624e09aa9c85248cc4
Enables support for configuring Cinder with a NetApp backend.
This change adds all relevant parameters for:
- Clustered Data ONTAP (NFS, iSCSI, FC)
- Data ONTAP 7-Mode (NFS, iSCSI, FC)
- E-Series (iSCSI)
Change-Id: If6c6e511ef2d26c4794e3b37c61e5318485ff4db
The list of drivers loaded by the ML2 plugin does not have to
match the list of tenant_network_types, this will make ML2 load
the flat, gre, vxlan and vlan drivers so that the provider
networks can be of flat (default) and vlan type as well.
Change-Id: I0b74f86acf5c1ff644deb46c0a1d14129c1882d4
Turns NeutronNetworkVLANRanges into a list and makes it consumable by
neutron::plugins::ml2::network_vlan_ranges as an array. Previously
usage of vlans was impossible due to puppet-neutron failing to
join() network_vlan_ranges.
Also fixes wiring of network_vlan_ranges on computes and adds a
sample environment file to test use of vlans for tenant networks.
Change-Id: I8725cdb9591dd8d0b7125fdacbefdc9138703266
This patch updates the Ceph configuration for the puppet
implementation so that it isolates the Ceph traffic
for the public and cluster interfaces. By default public traffic
runs on the "storage" network and the cluster traffic runs on the
"storage mgmt" network.
If network isolation is not enabled then the default
ctlplane address's will be used for both the public and
cluster interfaces.
Change-Id: I791244d72c8f42142d9de99e0cf0acdca19e62b0
This patch updates the overcloud pacemaker role manifest so
that it optionally configures VIPs on isolated networks if
they are enabled.
Change-Id: I6123ee622abe4d8d7b5f76cf9bac43acd80c1f64
This patch updates the hiera configuration for the Cinder API so
that we set glance_api_servers. By default Cinder constructs
a glance URL based on $my_ip (the local IP of the machine)
which may not be correct if you are running Glance on a non-default
internal network.
By setting glance_api_servers to the same thing we already
use for Nova we make Cinder contact the correct Glance URL
regardless of the network settings.
Change-Id: I1c56eb585ddfdc9989a8b55bc1bac819802f7794
This patch refactors the puppet controller role so that it
makes use of per service VIP settings for each service.
Previously the VIP for the ctlplane was hard wired to
many of the controller service. With this patch we have
the ability to isolate traffic for services which
made use of the ctlplane and public VIPs for their
settings.
The implementation includes:
* stops the use of the VirtualIP and PublicVirtualIP within the
controller role. These parameters have now been replaced with
per service heat parameters for the controller nested stack which
are determined via VipMap based on per service settings in the heat
environment.
* All VIP configuration is now moved into puppet/vip-config.yaml.
This made sense so we could deprecate the use of the VirtualIP
and PublicVirtualIP settings above.
* The puppet manifests for the controller were cleaned up for several
to use Hiera directly instead of constructing URLs based on the
static controller and public network VIPs. This improvement
was something we wanted to do anyways and made the implementation
cleaner.
Change-Id: I9b9a15be67f74bec97366408f7047acfd6ea0ec6
We forgot to pass NeutronEnableTunnelling param to controllers
(passed only to computes), making it unusable.
Change-Id: I74756732deabd1c7ba9039832ea169fd322a569f
As most of the OpenStack services are automatically bound
to the public virtual IP already we don't need to set
the default network for Horizon and Keystone to the 'external'
network. These should probably default to the internal_api
network like the rest of the OpenStack services...
Change-Id: I04cf64568c2fc7bb8a821b0de5ba56aa90158e2d
This patch adds VIPs for the internal_api, storage,
and storage management networks.
For puppet these are persisted into a local vip-config
hieradata file which is then used by puppet-tripleo's
loadbalancer module to apply per-service VIP settings.
Change-Id: I909c3bdc9d17a8e15351f4797287769e3f76c849
For VIP ports we set an explicit name on the ports. This
patch adds an optional PortName parameter to the ports
objects which can be used to specify a name.
Change-Id: Iad0f5e4cfc31a931dbb574d9e589570125e9465c
We probably don't need to split out separate networks
for Heat CFN and Cloudwatch. Just having a single network
for Heat API in the overcloud is probably fine.
Change-Id: I917b314e01227af72129645c9b72ad8e54f07865
This patch adds a new NetIpListMap abstraction which we can use
to make the all-nodes-config IP list network assignments
configurable. Ip address lists for all overcloud services
which require IPs were added to all-nodes-config so
that puppet manifests can be directly supplied the
correct network list for each service.
Change-Id: I209f2b4f97a4bb78648c54813dad8615770bcf1a
This patch makes ServiceNetMap a top level parameter.
This is helpful to tools like Tuskar which don't support Heat
environments that contain both a resource_registry and default_parameters.
ServiceNetMap will in fact be utilized at the top level in some of
the VIP related patches that follow.
Change-Id: I375063dacf5f3fc68e6df93e11c3e88f48aa3c3a
This patch adds 5 new role templates to help configure
a vlans on top for each of the overcloud roles. This
patch adds vlans on top of a single NIC attached to
the control plane network (already used for provisioning).
The patch also includes an environment file to
enable configuration of vlans by simply sourcing this file.
Change-Id: Ibc40e452dec9b372ff10442aab2bddaf382b0a2f
With current effort of creating isolated networks, the controller_host
hiera variable does not exist anymore. Hence we remove it else the
lookup will fail.
The hiera binding neutron::agents::ml2::ovs::local_ip has been written
in another review[1]
[1] I1dc11987b4ea3c37775b14fbdddb75588499e9bb
Change-Id: I12777c512d379210e5cddb5e683be4d79808fa2c