Heat templates for deploying OpenStack
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

311 lines
12KB

  1. heat_template_version: rocky
  2. description: >
  3. Configuration of Octavia as-a-service resources in the overcloud.
  4. parameters:
  5. ServiceData:
  6. default: {}
  7. description: Dictionary packing service data
  8. type: json
  9. ServiceNetMap:
  10. default: {}
  11. description: Mapping of service_name -> network name. Typically set
  12. via parameter_defaults in the resource registry. This
  13. mapping overrides those in ServiceNetMapDefaults.
  14. type: json
  15. DefaultPasswords:
  16. default: {}
  17. type: json
  18. RoleName:
  19. default: ''
  20. description: Role name on which the service is applied
  21. type: string
  22. RoleParameters:
  23. default: {}
  24. description: Parameters specific to the role
  25. type: json
  26. EndpointMap:
  27. default: {}
  28. description: Mapping of service endpoint -> protocol. Typically set
  29. via parameter_defaults in the resource registry.
  30. type: json
  31. StackAction:
  32. type: string
  33. description: >
  34. Heat action on performed top-level stack. Note StackUpdateType is
  35. set to UPGRADE when a major-version upgrade is in progress.
  36. constraints:
  37. - allowed_values: ['CREATE', 'UPDATE']
  38. OctaviaPostWorkflowName:
  39. description: Mistral workflow name for octavia configuration steps
  40. once the overcloud is ready.
  41. type: string
  42. default: 'tripleo.octavia_post.v1.octavia_post_deploy'
  43. OctaviaAmphoraImageName:
  44. description: The glance image name used when spawning amphorae. Default
  45. is an empty string which will use the file name as the image
  46. name.
  47. type: string
  48. default: ''
  49. OctaviaAmphoraImageFilename:
  50. description: Filename for the amphora image. Image files are expected to be
  51. located in directory /usr/share/openstack-octavia-amphora-images.
  52. Using the default of an empty string will cause a distro
  53. specific default to be used. (e.g.
  54. /usr/share/openstack-octavia-amphora-images/amphora-x64-haproxy.qcow2
  55. on CentOS and /usr/share/openstack-octavia-amphora-images/octavia-amphora.qcow2
  56. on Red Hat Enterprise Linux).
  57. type: string
  58. default: ''
  59. OctaviaAmphoraImageTag:
  60. default: 'amphora-image'
  61. description: Glance image tag for identifying the amphora image.
  62. type: string
  63. OctaviaAmphoraSshKeyName:
  64. type: string
  65. default: 'octavia-ssh-key'
  66. description: SSH key name.
  67. OctaviaAmphoraSshKeyFile:
  68. type: string
  69. default: ''
  70. description: Public key file path. User will be able to SSH into amphorae
  71. with the provided key. User may, in most cases, also elevate to root
  72. from user 'centos' (CentOS), 'ubuntu' (Ubuntu) or 'cloud-user' (RHEL)
  73. (depends on how amphora image was created). Logging in to amphorae
  74. provides a convenient way to e.g. debug load balancing services.
  75. NovaEnableRbdBackend:
  76. default: false
  77. description: Whether to enable the Rbd backend for Nova ephemeral storage.
  78. type: boolean
  79. tags:
  80. - role_specific
  81. OctaviaControlNetwork:
  82. description: The name for the neutron network used for the amphora
  83. control network
  84. type: string
  85. default: 'lb-mgmt-net'
  86. OctaviaControlSubnet:
  87. description: The name for the neutron subnet used for the amphora
  88. control network
  89. type: string
  90. default: 'lb-mgmt-subnet'
  91. OctaviaControlSecurityGroup:
  92. description: The name for the neutron security group used to
  93. control access on the amphora control network
  94. type: string
  95. default: 'lb-mgmt-sec-group'
  96. OctaviaControlSubnetCidr:
  97. description: Subnet for amphora control subnet in CIDR form.
  98. type: string
  99. default: '172.24.0.0/16'
  100. OctaviaControlSubnetGateway:
  101. description: IP address for control network gateway
  102. type: string
  103. default: '172.24.0.1'
  104. OctaviaControlSubnetPoolStart:
  105. description: First address in amphora control subnet address
  106. pool.
  107. type: string
  108. default: '172.24.0.2'
  109. OctaviaControlSubnetPoolEnd:
  110. description: First address in amphora control subnet address
  111. pool.
  112. type: string
  113. default: '172.24.255.254'
  114. OctaviaCaCertFile:
  115. type: string
  116. default: '/etc/octavia/certs/ca_01.pem'
  117. description: Octavia CA certificate file path.
  118. OctaviaCaKeyFile:
  119. type: string
  120. default: '/etc/octavia/certs/private/cakey.pem'
  121. description: Octavia CA private key file path.
  122. OctaviaServerCertsKeyPassphrase:
  123. constraints:
  124. - length: { min: 32, max: 32}
  125. description: Passphrase for encrypting Amphora Certificates and
  126. Private Keys. Must be exactly 32 characters.
  127. type: string
  128. hidden: true
  129. OctaviaCaKeyPassphrase:
  130. description: CA private key passphrase.
  131. type: string
  132. hidden: true
  133. OctaviaClientCertFile:
  134. default: '/etc/octavia/certs/client.pem'
  135. description: client certificate for amphoras
  136. type: string
  137. OctaviaGenerateCerts:
  138. type: boolean
  139. default: false
  140. description: Enable internal generation of certificates for secure
  141. communication with amphorae for isolated private clouds or
  142. systems where security is not a concern. Otherwise, use
  143. OctaviaCaCert, OctaviaCaKey, OctaviaCaKeyPassphrase,
  144. OctaviaClientCert and OctaviaServerCertsKeyPassphrase
  145. to configure Octavia.
  146. OctaviaMgmtPortDevName:
  147. type: string
  148. default: "o-hm0"
  149. description: Name of the octavia management network interface using
  150. for communication between octavia worker/health-manager
  151. with the amphora machine.
  152. AdminPassword:
  153. description: The password for the keystone admin account, used for monitoring, querying neutron etc.
  154. type: string
  155. hidden: true
  156. OctaviaUserName:
  157. description: The username for the Octavia database and keystone accounts.
  158. type: string
  159. default: 'octavia'
  160. OctaviaPassword:
  161. description: The password for the Octavia database and keystone accounts.
  162. type: string
  163. hidden: true
  164. OctaviaProjectName:
  165. description: The project name for the keystone Octavia account.
  166. type: string
  167. default: 'service'
  168. generate_certs:
  169. and:
  170. - get_param: OctaviaGenerateCerts
  171. - equals:
  172. - get_param: StackAction
  173. - CREATE
  174. resources:
  175. default_key_pair:
  176. type: OS::Nova::KeyPair
  177. external_id: default
  178. OctaviaVars:
  179. type: OS::Heat::Value
  180. properties:
  181. type: json
  182. value:
  183. vars:
  184. os_auth_type: "password"
  185. os_identity_api_version: "3"
  186. amp_image_name: { get_param: OctaviaAmphoraImageName }
  187. amp_image_filename: {get_param: OctaviaAmphoraImageFilename }
  188. amp_image_tag: { get_param: OctaviaAmphoraImageTag }
  189. amp_ssh_key_name: { get_param: OctaviaAmphoraSshKeyName }
  190. amp_ssh_key_path: { get_param: OctaviaAmphoraSshKeyFile }
  191. amp_ssh_key_data: { get_attr: [default_key_pair, public_key] }
  192. amp_to_raw: { get_param: NovaEnableRbdBackend }
  193. auth_username: { get_param: OctaviaUserName }
  194. auth_password: { get_param: OctaviaPassword }
  195. auth_project_name: { get_param: OctaviaProjectName }
  196. lb_mgmt_net_name: { get_param: OctaviaControlNetwork }
  197. lb_mgmt_subnet_name: { get_param: OctaviaControlSubnet }
  198. lb_sec_group_name: { get_param: OctaviaControlSubnet }
  199. lb_mgmt_subnet_cidr: { get_param: OctaviaControlSubnetCidr }
  200. lb_mgmt_subnet_gateway: { get_param: OctaviaControlSubnetGateway }
  201. lb_mgmt_subnet_pool_start: { get_param: OctaviaControlSubnetPoolStart }
  202. lb_mgmt_subnet_pool_end: { get_param: OctaviaControlSubnetPoolEnd }
  203. ca_cert_path: { get_param: OctaviaCaCertFile }
  204. ca_private_key_path: { get_param: OctaviaCaKeyFile }
  205. server_certs_key_passphrase: {get_param: OctaviaServerCertsKeyPassphrase}
  206. ca_passphrase: { get_param: OctaviaCaKeyPassphrase }
  207. client_cert_path: { get_param: OctaviaClientCertFile }
  208. generate_certs: {if: [generate_certs, true, false]}
  209. mgmt_port_dev: { get_param: OctaviaMgmtPortDevName }
  210. os_password: { get_param: AdminPassword }
  211. os_project_name: 'admin'
  212. os_username: 'admin'
  213. octavia_ansible_playbook: '/usr/share/tripleo-common/playbooks/octavia-files.yaml'
  214. os_auth_url: { get_param: [EndpointMap, KeystoneV3Public, uri] }
  215. os_int_auth_url: { get_param: [EndpointMap, KeystoneInternal, uri] }
  216. octavia_local_tmpdir: "{{playbook_dir}}/octavia-ansible/local_dir"
  217. octavia_group_vars_dir: "{{playbook_dir}}/octavia-ansible/group_vars"
  218. outputs:
  219. role_data:
  220. description: Role data for the Octavia configuration service
  221. value:
  222. service_name: octavia_deployment_config
  223. upgrade_tasks: []
  224. puppet_config:
  225. config_image: ''
  226. config_volume: ''
  227. step_config: ''
  228. docker_config: {}
  229. config_settings: {}
  230. external_deploy_tasks:
  231. - name: octavia_post_deploy
  232. when: step == '5'
  233. block:
  234. - name: Set up group_vars
  235. set_fact:
  236. octavia_ansible_group_vars: { get_attr: [OctaviaVars, value, vars] }
  237. - name: Make needed directories on the undercloud
  238. file:
  239. path: "{{item}}"
  240. state: directory
  241. with_items:
  242. - "{{ octavia_ansible_group_vars.octavia_local_tmpdir }}"
  243. - "{{ octavia_ansible_group_vars.octavia_group_vars_dir }}"
  244. - name: Write group_vars file
  245. copy:
  246. dest: "{{ octavia_ansible_group_vars.octavia_group_vars_dir }}/octavia_vars.yaml"
  247. content: "{{ octavia_ansible_group_vars|to_nice_yaml }}"
  248. - name: Write octavia inventory
  249. copy:
  250. dest: "{{playbook_dir}}/octavia-ansible/inventory.yaml"
  251. content: |
  252. octavia_nodes:
  253. hosts:
  254. {%- set octavia_groups = ['worker'] -%}
  255. {%- for octavia_group in octavia_groups -%}
  256. {%- if 'octavia_' ~ octavia_groups %}
  257. {% for host in groups['octavia_' ~ octavia_group] -%}
  258. {{ hostvars.raw_get(host)['ansible_hostname'] }}:
  259. ansible_user: {{ hostvars.raw_get(host)['ansible_ssh_user'] | default('heat-admin') }}
  260. ansible_host: {{ hostvars.raw_get(host)['ansible_host'] | default(host) }}
  261. ansible_become: true
  262. {% endfor %}
  263. {%- endif -%}
  264. {%- endfor %}
  265. Undercloud:
  266. hosts:
  267. {% for host in groups['Undercloud'] -%}
  268. {{ hostvars.raw_get(host)['ansible_hostname'] }}:
  269. ansible_host: {{ hostvars.raw_get(host)['ansible_host'] | default(host) }}
  270. ansible_become: false
  271. ansible_connection: local
  272. {%- endfor -%}
  273. - name: Check for ssh_private_key in working directory
  274. stat:
  275. path: "{{playbook_dir}}/ssh_private_key"
  276. register: st
  277. - name: Set private key location
  278. set_fact:
  279. ansible_ssh_key: "{{ playbook_dir+'/ssh_private_key' if st.stat.exists else '~/.ssh/id_rsa' }}"
  280. - name: Configure octavia command
  281. set_fact:
  282. config_octavia_cmd: ansible-playbook -i "{{playbook_dir}}/octavia-ansible/inventory.yaml" --extra-vars @"{{ octavia_ansible_group_vars.octavia_group_vars_dir }}"/octavia_vars.yaml "{{ octavia_ansible_group_vars.octavia_ansible_playbook }}" --private-key "{{ ansible_ssh_key }}"
  283. - set_fact:
  284. octavia_log_dir: "{{playbook_dir}}/octavia-ansible/"
  285. - debug:
  286. msg: "Configure Octavia command is: {{ config_octavia_cmd }}"
  287. - name: Configure octavia on overcloud
  288. environment:
  289. ANSIBLE_HOST_KEY_CHECKING: False
  290. ANSIBLE_SSH_RETRIES: 3
  291. ANSIBLE_RETRY_FILES_ENABLED: false
  292. ANSIBLE_LOCAL_TEMP: "{{ octavia_ansible_group_vars.octavia_local_tmpdir }}"
  293. ANSIBLE_LOG_PATH: "{{ octavia_log_dir }}/octavia-ansible.log"
  294. shell: "{{ config_octavia_cmd }}"
  295. - name: Purge temp dirs
  296. file:
  297. state: absent
  298. path: "{{ item }}"
  299. with_items:
  300. - "{{ octavia_ansible_group_vars.octavia_local_tmpdir }}"