From 1862e24bb5062be181e3462a773b96b214cd8be8 Mon Sep 17 00:00:00 2001 From: Mark Goddard Date: Tue, 22 Sep 2020 10:39:31 +0000 Subject: [PATCH] Add variables for API VIP address and FQDN Kayobe currently supports definition of various different networks - public, internal, tunnel, etc. These typically map to a VLAN or flat network, with an IP subnet. When a cloud exceeds the size of a single VLAN/subnet, this approach no longer works. One way to resolve this is to have multiple subnets that map to a single logical network, and provide routing between them. This is a similar concept to neutron's routed networks, but for the control plane. An issue arising from this is that if different hosts can have different network definitions for the internal and public networks, it is no longer trivial to use a network attribute [1] to specify the VIP address and FQDN. Furthermore, the play that generates Kolla Ansible's globals.yml containing the VIP and FQDN variables runs as localhost, which does not necessarily have the internal and public networks defined. To resolve this, we add global variables for the VIPs and FQDNs. The default values are as before, except in the case where HAProxy is disabled, which we no longer provide a useful default for. That configuration is very rarely used in practice, and the need to reference the IP address of a host in the network group makes it difficult to define safely. [1] https://docs.openstack.org/kayobe/latest/configuration/reference/network.html#global-network-configuration Story: 2008180 Task: 40937 Change-Id: I2c428ffc2b285aee03d8f59ae7cd3fb7230ce4ae --- ansible/group_vars/all/kolla | 21 ++++++ ansible/kolla-ansible.yml | 69 +++++++------------ ansible/overcloud-grafana-configure.yml | 10 --- ansible/public-openrc.yml | 2 +- .../configuration/reference/kolla-ansible.rst | 26 +++++++ .../configuration/reference/network.rst | 12 ++++ etc/kayobe/kolla.yml | 21 ++++++ ...d-vip-fqdn-variables-a6202664c2b6eb01.yaml | 22 ++++++ 8 files changed, 126 insertions(+), 57 deletions(-) create mode 100644 releasenotes/notes/add-vip-fqdn-variables-a6202664c2b6eb01.yaml diff --git a/ansible/group_vars/all/kolla b/ansible/group_vars/all/kolla index 88bf93c3f..14104c960 100644 --- a/ansible/group_vars/all/kolla +++ b/ansible/group_vars/all/kolla @@ -559,6 +559,27 @@ kolla_ansible_default_custom_passwords: # passwords file. kolla_ansible_custom_passwords: "{{ kolla_ansible_default_custom_passwords }}" +############################################################################### +# OpenStack API addresses. + +# Virtual IP address of OpenStack internal API. Default is the vip_address +# attribute of the internal network. +kolla_internal_vip_address: "{{ internal_net_name | net_vip_address }}" + +# Fully Qualified Domain Name (FQDN) of OpenStack internal API. Default is the +# fqdn attribute of the internal network if set, otherwise +# kolla_internal_vip_address. +kolla_internal_fqdn: "{{ internal_net_name | net_fqdn or kolla_internal_vip_address }}" + +# Virtual IP address of OpenStack external API. Default is the vip_address +# attribute of the external network. +kolla_external_vip_address: "{{ public_net_name | net_vip_address }}" + +# Fully Qualified Domain Name (FQDN) of OpenStack external API. Default is the +# fqdn attribute of the external network if set, otherwise +# kolla_external_vip_address. +kolla_external_fqdn: "{{ public_net_name | net_fqdn or kolla_external_vip_address }}" + ############################################################################### # TLS certificate bundle management diff --git a/ansible/kolla-ansible.yml b/ansible/kolla-ansible.yml index ae04fcf8c..fa182b5ae 100644 --- a/ansible/kolla-ansible.yml +++ b/ansible/kolla-ansible.yml @@ -27,12 +27,6 @@ tags: - kolla-ansible gather_facts: false - vars: - # We need to reference configuration for the network node. - # We pick the first host from the group for this. It is possible that at - # this point these groups have no hosts in, and we should handle that case - # gracefully. - network_host: "{{ groups['network'][0] }}" pre_tasks: # Configuration of extra user-provided Kolla globals. - block: @@ -52,46 +46,29 @@ - config # Configuration and validation of network host networking. - - block: - - name: Set facts containing the VIP addresses and FQDNs - set_fact: - kolla_internal_vip_address: "{{ internal_net_name | net_vip_address }}" - kolla_internal_fqdn: "{{ internal_net_name | net_fqdn or internal_net_name | net_vip_address }}" - kolla_external_vip_address: "{{ public_net_name | net_vip_address }}" - kolla_external_fqdn: "{{ public_net_name | net_fqdn or public_net_name | net_vip_address }}" - when: kolla_enable_haproxy | bool - - - name: Set facts containing the VIP addresses and FQDNs - set_fact: - kolla_internal_vip_address: "{{ internal_net_name | net_ip(network_host) }}" - kolla_internal_fqdn: "{{ internal_net_name | net_ip(network_host) }}" - kolla_external_vip_address: "{{ public_net_name | net_ip(network_host) }}" - kolla_external_fqdn: "{{ public_net_name | net_ip(network_host) }}" - when: not kolla_enable_haproxy | bool - - - name: Validate Kolla Ansible API address configuration - fail: - msg: > - The Kolla Ansible variable {{ item.var_name }} - ({{ item.description }}) is invalid. Value: - "{{ hostvars[inventory_hostname][item.var_name] | default('') }}". - when: - - item.required | bool - - hostvars[inventory_hostname][item.var_name] is not defined or not hostvars[inventory_hostname][item.var_name] - with_items: - - var_name: "kolla_internal_vip_address" - description: "Internal API VIP address" - required: True - - var_name: "kolla_internal_fqdn" - description: "Internal API Fully Qualified Domain Name (FQDN)" - required: True - - var_name: "kolla_external_vip_address" - description: "external API VIP address" - required: True - - var_name: "kolla_external_fqdn" - description: "External API Fully Qualified Domain Name (FQDN)" - required: True - when: groups['network'] | length > 0 + - name: Validate Kolla Ansible API address configuration + fail: + msg: > + The Kolla Ansible variable {{ item.var_name }} + ({{ item.description }}) is invalid. Value: + "{{ hostvars[inventory_hostname][item.var_name] | default('') }}". + when: + - groups['network'] | length > 0 + - item.required | bool + - hostvars[inventory_hostname][item.var_name] is not defined or not hostvars[inventory_hostname][item.var_name] + with_items: + - var_name: "kolla_internal_vip_address" + description: "Internal API VIP address" + required: True + - var_name: "kolla_internal_fqdn" + description: "Internal API Fully Qualified Domain Name (FQDN)" + required: True + - var_name: "kolla_external_vip_address" + description: "external API VIP address" + required: True + - var_name: "kolla_external_fqdn" + description: "External API Fully Qualified Domain Name (FQDN)" + required: True tags: - config - config-validation diff --git a/ansible/overcloud-grafana-configure.yml b/ansible/overcloud-grafana-configure.yml index 53c44e2ff..2da5c9595 100644 --- a/ansible/overcloud-grafana-configure.yml +++ b/ansible/overcloud-grafana-configure.yml @@ -59,16 +59,6 @@ tags: - grafana pre_tasks: - - name: Set fact for the VIP address - set_fact: - kolla_internal_vip_address: "{{ internal_net_name | net_vip_address }}" - when: kolla_enable_haproxy | bool - - - name: Set fact for the VIP address - set_fact: - kolla_internal_vip_address: "{{ internal_net_name | net_ip }}" - when: not kolla_enable_haproxy | bool - - name: Include Kolla passwords for Grafana local admin account credentials include_vars: "{{ kayobe_config_path }}/kolla/passwords.yml" roles: diff --git a/ansible/public-openrc.yml b/ansible/public-openrc.yml index 4367773a0..d81d1300b 100644 --- a/ansible/public-openrc.yml +++ b/ansible/public-openrc.yml @@ -8,7 +8,7 @@ - public-openrc vars: public_api_proto: "{% if kolla_enable_tls_external | bool %}https{% else %}http{% endif %}" - public_api_host: "{{ public_net_name | net_fqdn or public_net_name | net_vip_address }}" + public_api_host: "{{ kolla_external_fqdn }}" public_api_keystone_port: 5000 roles: - role: public-openrc diff --git a/doc/source/configuration/reference/kolla-ansible.rst b/doc/source/configuration/reference/kolla-ansible.rst index a5d11a933..17251ada6 100644 --- a/doc/source/configuration/reference/kolla-ansible.rst +++ b/doc/source/configuration/reference/kolla-ansible.rst @@ -225,6 +225,32 @@ OpenStack services. This is not usually advisable in production. --- kolla_openstack_logging_debug: true +API Addresses +------------- + +.. note:: + + These variables should be used over the deprecated ``vip_address`` and + ``fqdn`` `network attributes ` + +The following variables affect the addresses used for the external and internal +API. + +``kolla_internal_vip_address`` + Virtual IP address of OpenStack internal API. Default is the + ``vip_address`` attribute of the internal network. +``kolla_internal_fqdn`` + Fully Qualified Domain Name (FQDN) of OpenStack internal API. Default is + the ``fqdn`` attribute of the internal network if set, otherwise + ``kolla_internal_vip_address``. +``kolla_external_vip_address`` + Virtual IP address of OpenStack external API. Default is the + ``vip_address`` attribute of the external network. +``kolla_external_fqdn`` + Fully Qualified Domain Name (FQDN) of OpenStack external API. Default is + the ``fqdn`` attribute of the external network if set, otherwise + ``kolla_external_vip_address``. + TLS Encryption of APIs ---------------------- diff --git a/doc/source/configuration/reference/network.rst b/doc/source/configuration/reference/network.rst index f99242f54..d53a75cf8 100644 --- a/doc/source/configuration/reference/network.rst +++ b/doc/source/configuration/reference/network.rst @@ -10,6 +10,8 @@ that define the network's attributes. For example, to configure the ``cidr`` attribute of a network named ``arpanet``, we would use a variable named ``arpanet_cidr``. +.. _configuration-network-global: + Global Network Configuration ============================ @@ -42,8 +44,18 @@ supported: ``mtu`` Maximum Transmission Unit (MTU). ``vip_address`` + .. note:: + + Use of the ``vip_address`` attribute is deprecated. Instead use + ``kolla_internal_vip_address`` and ``kolla_external_vip_address``. + Virtual IP address (VIP) used by API services on this network. ``fqdn`` + .. note:: + + Use of the ``fqdn`` attribute is deprecated. Instead use + ``kolla_internal_fqdn`` and ``kolla_external_fqdn``. + Fully Qualified Domain Name (FQDN) used by API services on this network. ``routes`` List of static IP routes. Each item should be a dict containing the diff --git a/etc/kayobe/kolla.yml b/etc/kayobe/kolla.yml index ae7a4a965..115404bd8 100644 --- a/etc/kayobe/kolla.yml +++ b/etc/kayobe/kolla.yml @@ -351,6 +351,27 @@ # passwords file. #kolla_ansible_custom_passwords: +############################################################################### +# OpenStack API addresses. + +# Virtual IP address of OpenStack internal API. Default is the vip_address +# attribute of the internal network. +#kolla_internal_vip_address: + +# Fully Qualified Domain Name (FQDN) of OpenStack internal API. Default is the +# fqdn attribute of the internal network if set, otherwise +# kolla_internal_vip_address. +#kolla_internal_fqdn: + +# Virtual IP address of OpenStack external API. Default is the vip_address +# attribute of the external network. +#kolla_external_vip_address: + +# Fully Qualified Domain Name (FQDN) of OpenStack external API. Default is the +# fqdn attribute of the external network if set, otherwise +# kolla_external_vip_address. +#kolla_external_fqdn: + ############################################################################### # TLS certificate bundle management diff --git a/releasenotes/notes/add-vip-fqdn-variables-a6202664c2b6eb01.yaml b/releasenotes/notes/add-vip-fqdn-variables-a6202664c2b6eb01.yaml new file mode 100644 index 000000000..a172f8ab0 --- /dev/null +++ b/releasenotes/notes/add-vip-fqdn-variables-a6202664c2b6eb01.yaml @@ -0,0 +1,22 @@ +--- +features: + - | + Adds the following new variables for the Kolla Ansible API VIP address and + FQDNs: + + * ``kolla_internal_vip_address`` + * ``kolla_internal_fqdn`` + * ``kolla_external_vip_address`` + * ``kolla_external_fqdn`` + + These variables should be used in preference to the ``vip_address`` and + ``fqdn`` network attributes which are deprecated. +deprecations: + - | + The ``vip_address`` and ``fqdn`` network attributes are deprecated in + favour of the following variables: + + * ``kolla_internal_vip_address`` + * ``kolla_internal_fqdn`` + * ``kolla_external_vip_address`` + * ``kolla_external_fqdn``