Browse Source

Fix networking

Change-Id: Ia13b5dede144ac61eb9782ba97365510836f1507
Andrey Shestakov 3 years ago
parent
commit
7a7d7ae768

+ 52
- 17
deployment_scripts/puppet/manifests/haproxy.pp View File

@@ -1,6 +1,7 @@
1 1
 notice('MODULAR: ironic/haproxy.pp')
2 2
 
3 3
 $network_metadata   = hiera_hash('network_metadata')
4
+$storage_hash       = hiera_hash('storage', {})
4 5
 $public_ssl_hash    = hiera('public_ssl')
5 6
 
6 7
 $ironic_api_nodes   = get_nodes_hash_by_roles($network_metadata, ['primary-controller', 'controller'])
@@ -8,14 +9,21 @@ $ironic_address_map = get_node_to_ipaddr_map_by_network_role($ironic_api_nodes,
8 9
 $ironic_server_names = hiera_array('ironic_names', keys($ironic_address_map))
9 10
 $ironic_ipaddresses = hiera_array('ironic_ipaddresses', values($ironic_address_map))
10 11
 
11
-$swift_proxies_address_map = get_node_to_ipaddr_map_by_network_role(hiera_hash('swift_proxies', undef), 'swift/api')
12
-$swift_server_names        = hiera_array('swift_server_names', keys($swift_proxies_address_map))
13
-$swift_ipaddresses         = hiera_array('swift_ipaddresses', values($swift_proxies_address_map))
14
-
15 12
 $public_virtual_ip    = hiera('public_vip')
16 13
 $internal_virtual_ip  = hiera('management_vip')
17 14
 $baremetal_virtual_ip = $network_metadata['vips']['baremetal']['ipaddr']
18 15
 
16
+if !($storage_hash['images_ceph'] and $storage_hash['objects_ceph']) and !$storage_hash['images_vcenter'] {
17
+  $use_swift = true
18
+} else {
19
+  $use_swift = false
20
+}
21
+if !($use_swift) and ($storage_hash['objects_ceph']) {
22
+  $use_radosgw = true
23
+} else {
24
+  $use_radosgw = false
25
+}
26
+
19 27
 Openstack::Ha::Haproxy_service {
20 28
   ipaddresses            => $ironic_ipaddresses,
21 29
   public_virtual_ip      => $public_virtual_ip,
@@ -42,17 +50,44 @@ openstack::ha::haproxy_service { 'ironic-baremetal':
42 50
   internal_virtual_ip => $baremetal_virtual_ip,
43 51
 }
44 52
 
45
-openstack::ha::haproxy_service { 'swift-baremetal':
46
-  order                  => '125',
47
-  listen_port            => 8080,
48
-  ipaddresses            => $swift_ipaddresses,
49
-  server_names           => $swift_server_names,
50
-  public                 => false,
51
-  public_ssl             => false,
52
-  public_virtual_ip      => false,
53
-  internal_virtual_ip    => $baremetal_virtual_ip,
54
-  haproxy_config_options => {
55
-    'option' => ['httpchk', 'httplog', 'httpclose'],
56
-  },
57
-  balancermember_options => 'check port 49001 inter 15s fastinter 2s downinter 8s rise 3 fall 3',
53
+if $use_swift {
54
+  $swift_proxies_address_map = get_node_to_ipaddr_map_by_network_role(hiera_hash('swift_proxies', undef), 'swift/api')
55
+  $swift_server_names        = hiera_array('swift_server_names', keys($swift_proxies_address_map))
56
+  $swift_ipaddresses         = hiera_array('swift_ipaddresses', values($swift_proxies_address_map))
57
+
58
+  openstack::ha::haproxy_service { 'swift-baremetal':
59
+    order                  => '125',
60
+    listen_port            => 8080,
61
+    ipaddresses            => $swift_ipaddresses,
62
+    server_names           => $swift_server_names,
63
+    public                 => false,
64
+    public_ssl             => false,
65
+    public_virtual_ip      => false,
66
+    internal_virtual_ip    => $baremetal_virtual_ip,
67
+    haproxy_config_options => {
68
+      'option' => ['httpchk', 'httplog', 'httpclose'],
69
+    },
70
+    balancermember_options => 'check port 49001 inter 15s fastinter 2s downinter 8s rise 3 fall 3',
71
+  }
72
+}
73
+
74
+if $use_radosgw {
75
+  $rgw_address_map     = get_node_to_ipaddr_map_by_network_role(hiera_hash('ceph_rgw_nodes'), 'ceph/radosgw')
76
+  $rgw_server_names    = hiera_array('radosgw_server_names', keys($rgw_address_map))
77
+  $rgw_ipaddresses     = hiera_array('radosgw_ipaddresses', values($rgw_address_map))
78
+
79
+  openstack::ha::haproxy_service { 'radosgw-baremetal':
80
+    order                  => '135',
81
+    listen_port            => 8080,
82
+    balancermember_port    => 6780,
83
+    ipaddresses            => $rgw_ipaddresses,
84
+    server_names           => $rgw_server_names,
85
+    public                 => false,
86
+    public_ssl             => false,
87
+    public_virtual_ip      => false,
88
+    internal_virtual_ip    => $baremetal_virtual_ip,
89
+    haproxy_config_options => {
90
+      'option' => ['httplog', 'httpchk GET /'],
91
+    },
92
+  }
58 93
 }

+ 0
- 11
deployment_scripts/puppet/manifests/ironic-conductor-config.pp View File

@@ -3,7 +3,6 @@ notice('MODULAR: ironic/ironic-conductor-config.pp')
3 3
 $ironic_hash                = hiera_hash('fuel-plugin-ironic', {})
4 4
 $management_vip             = hiera('management_vip')
5 5
 $keystone_endpoint          = hiera('keystone_endpoint', $management_vip)
6
-$neutron_endpoint           = hiera('neutron_endpoint', $management_vip)
7 6
 
8 7
 $ironic_tenant              = pick($ironic_hash['tenant'],'services')
9 8
 $ironic_user                = pick($ironic_hash['user'],'ironic')
@@ -20,15 +19,6 @@ ironic_images_setter {'ironic_images':
20 19
   glance_url       => "http://${management_vip}:9292/v2.0/",
21 20
 }
22 21
 
23
-ironic_neutron_setter {'ironic_network':
24
-  ensure           => present,
25
-  auth_url         => "http://${keystone_endpoint}:5000/v2.0/",
26
-  auth_username    => $ironic_user,
27
-  auth_password    => $ironic_user_password,
28
-  auth_tenant_name => $ironic_tenant,
29
-  neutron_url      => "http://${neutron_endpoint}:9696/v2.0/",
30
-}
31
-
32 22
 service { 'ironic-conductor':
33 23
   ensure    => 'running',
34 24
   name      => $::ironic::params::conductor_service,
@@ -38,4 +28,3 @@ service { 'ironic-conductor':
38 28
 }
39 29
 
40 30
 Ironic_images_setter<||> ~> Service['ironic-conductor']
41
-Ironic_neutron_setter<||> ~> Service['ironic-conductor']

+ 83
- 0
deployment_scripts/puppet/manifests/network-openstack.pp View File

@@ -0,0 +1,83 @@
1
+notice('MODULAR: ironic/network.pp')
2
+
3
+$network_scheme    = hiera('network_scheme', {})
4
+prepare_network_config($network_scheme)
5
+$neutron_config    = hiera_hash('quantum_settings')
6
+$pnets             = $neutron_config['L2']['phys_nets']
7
+$baremetal_network = get_network_role_property('ironic/baremetal', 'network')
8
+$nameservers       = $neutron_config['predefined_networks']['net04']['L3']['nameservers']
9
+
10
+$ironic_hash       = hiera_hash('fuel-plugin-ironic', {})
11
+$baremetal_L3_allocation_pool = $ironic_hash['l3_allocation_pool']
12
+$baremetal_L3_gateway = $ironic_hash['l3_gateway']
13
+
14
+
15
+# Physnets
16
+###############################
17
+if $pnets['physnet1'] {
18
+  $physnet1 = "physnet1:${pnets['physnet1']['bridge']}"
19
+}
20
+if $pnets['physnet2'] {
21
+  $physnet2 = "physnet2:${pnets['physnet2']['bridge']}"
22
+}
23
+$physnet_ironic = "physnet-ironic:br-ironic"
24
+$physnets_array = [$physnet1, $physnet2, $physnet_ironic]
25
+$bridge_mappings = delete_undef_values($physnets_array)
26
+
27
+$br_map_str = join($bridge_mappings, ',')
28
+neutron_agent_ovs {
29
+  'ovs/bridge_mappings': value => $br_map_str;
30
+}
31
+
32
+$flat_networks  = ['physnet-ironic']
33
+neutron_plugin_ml2 {
34
+  'ml2_type_flat/flat_networks': value => join($flat_networks, ',');
35
+}
36
+
37
+service { 'p_neutron-plugin-openvswitch-agent':
38
+  ensure => 'running',
39
+  enable => true,
40
+  provider => 'pacemaker',
41
+}
42
+service { 'p_neutron-dhcp-agent':
43
+  ensure => 'running',
44
+  enable => true,
45
+  provider => 'pacemaker',
46
+}
47
+
48
+Neutron_plugin_ml2<||> ~> Service['p_neutron-plugin-openvswitch-agent'] ~> Service['p_neutron-dhcp-agent']
49
+Neutron_agent_ovs<||> ~> Service['p_neutron-plugin-openvswitch-agent'] ~> Service['p_neutron-dhcp-agent']
50
+
51
+
52
+# Predefined network
53
+###############################
54
+$netdata = {
55
+  'L2' => {
56
+    network_type => 'flat',
57
+    physnet => 'physnet-ironic',
58
+    router_ext => 'false',
59
+    segment_id => 'null'
60
+  },
61
+  'L3' => {
62
+    enable_dhcp => true,
63
+    floating => $baremetal_L3_allocation_pool,
64
+    gateway => $baremetal_L3_gateway,
65
+    nameservers => $nameservers,
66
+    subnet => $baremetal_network
67
+  },
68
+  'shared' => 'true',
69
+  'tenant' => 'admin',
70
+}
71
+
72
+openstack::network::create_network{'baremetal':
73
+  netdata           => $netdata,
74
+  segmentation_type => 'flat',
75
+} ->
76
+neutron_router_interface { "router04:baremetal__subnet":
77
+  ensure => present,
78
+}
79
+
80
+
81
+# Order
82
+###############################
83
+Neutron_plugin_ml2<||> -> Neutron_agent_ovs<||> -> Openstack::Network::Create_network<||>

+ 1
- 67
deployment_scripts/puppet/manifests/network.pp View File

@@ -69,72 +69,6 @@ cluster::virtual_ip { 'baremetal' :
69 69
 }
70 70
 
71 71
 
72
-# Physnets
73
-###############################
74
-if $pnets['physnet1'] {
75
-  $physnet1 = "physnet1:${pnets['physnet1']['bridge']}"
76
-}
77
-if $pnets['physnet2'] {
78
-  $physnet2 = "physnet2:${pnets['physnet2']['bridge']}"
79
-}
80
-$physnet_ironic = "physnet-ironic:br-ironic"
81
-$physnets_array = [$physnet1, $physnet2, $physnet_ironic]
82
-$bridge_mappings = delete_undef_values($physnets_array)
83
-
84
-$br_map_str = join($bridge_mappings, ',')
85
-neutron_agent_ovs {
86
-  'ovs/bridge_mappings': value => $br_map_str;
87
-}
88
-
89
-$flat_networks  = ['physnet-ironic']
90
-neutron_plugin_ml2 {
91
-  'ml2_type_flat/flat_networks': value => join($flat_networks, ',');
92
-}
93
-
94
-service { 'p_neutron-plugin-openvswitch-agent':
95
-  ensure => 'running',
96
-  enable => true,
97
-  provider => 'pacemaker',
98
-}
99
-service { 'p_neutron-dhcp-agent':
100
-  ensure => 'running',
101
-  enable => true,
102
-  provider => 'pacemaker',
103
-}
104
-
105
-Neutron_plugin_ml2<||> ~> Service['p_neutron-plugin-openvswitch-agent'] ~> Service['p_neutron-dhcp-agent']
106
-Neutron_agent_ovs<||> ~> Service['p_neutron-plugin-openvswitch-agent'] ~> Service['p_neutron-dhcp-agent']
107
-
108
-
109
-# Predefined network
110
-###############################
111
-$netdata = {
112
-  'L2' => {
113
-    network_type => 'flat',
114
-    physnet => 'physnet-ironic',
115
-    router_ext => 'false',
116
-    segment_id => 'null'
117
-  },
118
-  'L3' => {
119
-    enable_dhcp => true,
120
-    floating => $baremetal_L3_allocation_pool,
121
-    gateway => $baremetal_L3_gateway,
122
-    nameservers => $nameservers,
123
-    subnet => $baremetal_network
124
-  },
125
-  'shared' => 'true',
126
-  'tenant' => 'admin',
127
-}
128
-
129
-openstack::network::create_network{'baremetal':
130
-  netdata           => $netdata,
131
-  segmentation_type => 'flat',
132
-} ->
133
-neutron_router_interface { "router04:baremetal__subnet":
134
-  ensure => present,
135
-}
136
-
137
-
138 72
 # Order
139 73
 ###############################
140
-Firewall<||> -> Cluster::Virtual_ip<||> -> Neutron_plugin_ml2<||> -> Neutron_agent_ovs<||> -> Openstack::Network::Create_network<||>
74
+Firewall<||> -> Cluster::Virtual_ip<||>

+ 0
- 140
deployment_scripts/puppet/modules/ironic/lib/puppet/provider/ironic_neutron_setter/ini_setting.rb View File

@@ -1,140 +0,0 @@
1
-require 'rubygems'
2
-require 'net/http'
3
-require 'net/https'
4
-require 'json'
5
-require 'puppet/util/inifile'
6
-
7
-class KeystoneError < Puppet::Error
8
-end
9
-
10
-class KeystoneConnectionError < KeystoneError
11
-end
12
-
13
-class KeystoneAPIError < KeystoneError
14
-end
15
-
16
-RETRY_COUNT = 10
17
-RETRY_SLEEP = 3
18
-
19
-def handle_request(req, url)
20
-    begin
21
-        use_ssl = url.scheme == "https" ? true : false
22
-        http = Net::HTTP.start(url.hostname, url.port, {:use_ssl => use_ssl})
23
-        res = http.request(req)
24
-
25
-        if res.code != '200'
26
-            raise KeystoneAPIError, "Received error response from Keystone server at #{url}: #{res.message}"
27
-        end
28
-    rescue Errno::ECONNREFUSED => detail
29
-        raise KeystoneConnectionError, "Failed to connect to Keystone server at #{url}: #{detail}"
30
-    rescue SocketError => detail
31
-        raise KeystoneConnectionError, "Failed to connect to Keystone server at #{url}: #{detail}"
32
-    end
33
-
34
-    res
35
-end
36
-
37
-def keystone_v2_authenticate(auth_url,
38
-                             username,
39
-                             password,
40
-                             tenantId=nil,
41
-                             tenantName=nil)
42
-
43
-    post_args = {
44
-        'auth' => {
45
-            'passwordCredentials' => {
46
-                'username' => username,
47
-                'password' => password
48
-            },
49
-        }}
50
-
51
-    if tenantId
52
-        post_args['auth']['tenantId'] = tenantId
53
-    end
54
-
55
-    if tenantName
56
-        post_args['auth']['tenantName'] = tenantName
57
-    end
58
-
59
-    url = URI.parse("#{auth_url}/tokens")
60
-    req = Net::HTTP::Post.new url.path
61
-    req['content-type'] = 'application/json'
62
-    req.body = post_args.to_json
63
-
64
-    res = handle_request(req, url)
65
-    data = JSON.parse res.body
66
-    return data['access']['token']['id']
67
-end
68
-
69
-def neutron_networks(neutron_url, token)
70
-
71
-    url = URI.parse("#{neutron_url}/networks")
72
-    req = Net::HTTP::Get.new url.path
73
-    req['content-type'] = 'application/json'
74
-    req['x-auth-token'] = token
75
-
76
-    res = handle_request(req, url)
77
-    data = JSON.parse res.body
78
-    data['networks']
79
-end
80
-
81
-Puppet::Type.type(:ironic_neutron_setter).provide(:ruby) do
82
-    @neutron_network = nil
83
-
84
-    def authenticate
85
-        keystone_v2_authenticate(
86
-          @resource[:auth_url],
87
-          @resource[:auth_username],
88
-          @resource[:auth_password],
89
-          nil,
90
-          @resource[:auth_tenant_name])
91
-    end
92
-
93
-    def find_network_by_name(networks, name)
94
-        found_networks = networks.select{|net| net['name'] == name}
95
-        if found_networks.length == 1
96
-          return found_networks[0]['id']
97
-        elsif found_networks.length == 0
98
-          raise KeystoneAPIError, "Network with name '#{name}' not found."
99
-        elsif found_networks.length > 1
100
-          raise KeystoneAPIError, "Found multiple matches for name: '#{name}'"
101
-        end
102
-    end
103
-
104
-    def exists?
105
-      ini_file = Puppet::Util::IniConfig::File.new
106
-      ini_file.read("/etc/ironic/ironic.conf")
107
-      ini_file['neutron'] && ini_file['neutron']['cleaning_network_uuid'] && ini_file['neutron']['cleaning_network_uuid'] == neutron_network
108
-    end
109
-
110
-    def create
111
-        config
112
-    end
113
-
114
-    def neutron_network
115
-      @neutron_network ||= get_neutron_network
116
-    end
117
-
118
-    def get_neutron_network
119
-      token = authenticate
120
-      RETRY_COUNT.times do |n|
121
-        begin
122
-          all_networks = neutron_networks(@resource[:neutron_url], token)
123
-        rescue => e
124
-          debug "Request failed: '#{e.message}' Retry: '#{n}'"
125
-          if n == RETRY_COUNT - 1
126
-            raise KeystoneAPIError, 'Unable to get networks.'
127
-          end
128
-          sleep RETRY_SLEEP
129
-          next
130
-        end
131
-        return find_network_by_name(all_networks, 'baremetal')
132
-      end
133
-    end
134
-
135
-    def config
136
-      Puppet::Type.type(:ironic_config).new(
137
-        {:name => "neutron/cleaning_network_uuid", :value => neutron_network}
138
-      ).provider.create
139
-    end
140
-end

+ 0
- 31
deployment_scripts/puppet/modules/ironic/lib/puppet/type/ironic_neutron_setter.rb View File

@@ -1,31 +0,0 @@
1
-Puppet::Type.newtype(:ironic_neutron_setter) do
2
-
3
-    ensurable
4
-
5
-    newparam(:name, :namevar => true) do
6
-        desc 'The name of the setting to update'
7
-    end
8
-
9
-    newparam(:auth_url) do
10
-        desc 'The Keystone endpoint URL'
11
-        defaultto 'http://localhost:35357/v2.0'
12
-    end
13
-
14
-    newparam(:auth_username) do
15
-        desc 'Username with which to authenticate'
16
-        defaultto 'admin'
17
-    end
18
-
19
-    newparam(:auth_password) do
20
-        desc 'Password with which to authenticate'
21
-    end
22
-
23
-    newparam(:auth_tenant_name) do
24
-        desc 'Tenant name with which to authenticate'
25
-        defaultto 'admin'
26
-    end
27
-
28
-    newparam(:neutron_url) do
29
-        desc 'Neutron endpoint'
30
-    end
31
-end

+ 14
- 4
deployment_tasks.yaml View File

@@ -40,6 +40,16 @@
40 40
     puppet_modules: puppet/modules:/etc/puppet/modules
41 41
     timeout: 3600
42 42
 
43
+- id: ironic-network-openstack
44
+  groups: ['primary-controller', 'controller']
45
+  type: puppet
46
+  required_for: [deploy_end]
47
+  requires: [openstack-network, ironic-network-ovs]
48
+  parameters:
49
+    puppet_manifest: puppet/manifests/network-openstack.pp
50
+    puppet_modules: puppet/modules:/etc/puppet/modules
51
+    timeout: 3600
52
+
43 53
 - id: ironic-db
44 54
   groups: ['primary-controller']
45 55
   type: puppet
@@ -53,8 +63,8 @@
53 63
 - id: ironic-upload-images
54 64
   role: ['primary-controller']
55 65
   type: shell
56
-  required_for: [post_deployment_end]
57
-  requires: [enable_quorum]
66
+  required_for: [ironic-conductor-config]
67
+  requires: [enable_quorum, enable_rados]
58 68
   parameters:
59 69
     cmd: ruby upload_images.rb
60 70
     retries: 3
@@ -75,7 +85,7 @@
75 85
   role: ['primary-controller']
76 86
   type: shell
77 87
   required_for: [post_deployment_end]
78
-  requires: [enable_quorum]
88
+  requires: [enable_quorum, enable_rados]
79 89
   parameters:
80 90
     cmd: ruby post_swift_key.rb
81 91
     retries: 3
@@ -86,7 +96,7 @@
86 96
   groups: ['primary-controller', 'controller']
87 97
   type: puppet
88 98
   required_for: [deploy_end, controller_remaining_tasks]
89
-  requires: [openstack-controller, ironic-db, ironic-network, ironic-haproxy, swift]
99
+  requires: [openstack-controller, ironic-db, ironic-network, ironic-haproxy]
90 100
   parameters:
91 101
     puppet_manifest: puppet/manifests/ironic.pp
92 102
     puppet_modules: puppet/modules:/etc/puppet/modules

+ 1
- 1
environment_config.yaml View File

@@ -2,7 +2,7 @@ attributes:
2 2
   metadata:
3 3
     restrictions:
4 4
       - "cluster:net_provider != 'neutron' or networking_parameters:segmentation_type != 'vlan'": "Ironic requires Neutron with VLAN segmentation."
5
-      - "settings:storage.images_ceph.value == true": "Ironic requires Swift as a backend for Glance image service."
5
+      - "settings:storage.images_ceph.value == true": "Ironic requires Swift API for Glance image service."
6 6
   password:
7 7
     value: "I_love_plugins"
8 8
     label: "Password for user, db and swift"

+ 1
- 1
post_install.sh View File

@@ -21,5 +21,5 @@ export BOOTSTRAP_SSH_KEYS="${key_file}.pub"
21 21
 export AGENT_PACKAGE_PATH="${package_path}/repositories/ubuntu"
22 22
 
23 23
 mkdir -p "${DESTDIR}"
24
-${deployment_scripts_path}/fuel-bootstrap-image-builder/bin/fuel-bootstrap-image
24
+#${deployment_scripts_path}/fuel-bootstrap-image-builder/bin/fuel-bootstrap-image
25 25
 chmod 755 -R "${DESTDIR}"

Loading…
Cancel
Save