Add variables for API VIP address and FQDN
Kayobe currently supports definition of various different networks - public, internal, tunnel, etc. These typically map to a VLAN or flat network, with an IP subnet. When a cloud exceeds the size of a single VLAN/subnet, this approach no longer works. One way to resolve this is to have multiple subnets that map to a single logical network, and provide routing between them. This is a similar concept to neutron's routed networks, but for the control plane. An issue arising from this is that if different hosts can have different network definitions for the internal and public networks, it is no longer trivial to use a network attribute [1] to specify the VIP address and FQDN. Furthermore, the play that generates Kolla Ansible's globals.yml containing the VIP and FQDN variables runs as localhost, which does not necessarily have the internal and public networks defined. To resolve this, we add global variables for the VIPs and FQDNs. The default values are as before, except in the case where HAProxy is disabled, which we no longer provide a useful default for. That configuration is very rarely used in practice, and the need to reference the IP address of a host in the network group makes it difficult to define safely. [1] https://docs.openstack.org/kayobe/latest/configuration/reference/network.html#global-network-configuration Story: 2008180 Task: 40937 Change-Id: I2c428ffc2b285aee03d8f59ae7cd3fb7230ce4ae
This commit is contained in:
parent
1f155b5582
commit
1862e24bb5
@ -559,6 +559,27 @@ kolla_ansible_default_custom_passwords:
|
|||||||
# passwords file.
|
# passwords file.
|
||||||
kolla_ansible_custom_passwords: "{{ kolla_ansible_default_custom_passwords }}"
|
kolla_ansible_custom_passwords: "{{ kolla_ansible_default_custom_passwords }}"
|
||||||
|
|
||||||
|
###############################################################################
|
||||||
|
# OpenStack API addresses.
|
||||||
|
|
||||||
|
# Virtual IP address of OpenStack internal API. Default is the vip_address
|
||||||
|
# attribute of the internal network.
|
||||||
|
kolla_internal_vip_address: "{{ internal_net_name | net_vip_address }}"
|
||||||
|
|
||||||
|
# Fully Qualified Domain Name (FQDN) of OpenStack internal API. Default is the
|
||||||
|
# fqdn attribute of the internal network if set, otherwise
|
||||||
|
# kolla_internal_vip_address.
|
||||||
|
kolla_internal_fqdn: "{{ internal_net_name | net_fqdn or kolla_internal_vip_address }}"
|
||||||
|
|
||||||
|
# Virtual IP address of OpenStack external API. Default is the vip_address
|
||||||
|
# attribute of the external network.
|
||||||
|
kolla_external_vip_address: "{{ public_net_name | net_vip_address }}"
|
||||||
|
|
||||||
|
# Fully Qualified Domain Name (FQDN) of OpenStack external API. Default is the
|
||||||
|
# fqdn attribute of the external network if set, otherwise
|
||||||
|
# kolla_external_vip_address.
|
||||||
|
kolla_external_fqdn: "{{ public_net_name | net_fqdn or kolla_external_vip_address }}"
|
||||||
|
|
||||||
###############################################################################
|
###############################################################################
|
||||||
# TLS certificate bundle management
|
# TLS certificate bundle management
|
||||||
|
|
||||||
|
@ -27,12 +27,6 @@
|
|||||||
tags:
|
tags:
|
||||||
- kolla-ansible
|
- kolla-ansible
|
||||||
gather_facts: false
|
gather_facts: false
|
||||||
vars:
|
|
||||||
# We need to reference configuration for the network node.
|
|
||||||
# We pick the first host from the group for this. It is possible that at
|
|
||||||
# this point these groups have no hosts in, and we should handle that case
|
|
||||||
# gracefully.
|
|
||||||
network_host: "{{ groups['network'][0] }}"
|
|
||||||
pre_tasks:
|
pre_tasks:
|
||||||
# Configuration of extra user-provided Kolla globals.
|
# Configuration of extra user-provided Kolla globals.
|
||||||
- block:
|
- block:
|
||||||
@ -52,23 +46,6 @@
|
|||||||
- config
|
- config
|
||||||
|
|
||||||
# Configuration and validation of network host networking.
|
# Configuration and validation of network host networking.
|
||||||
- block:
|
|
||||||
- name: Set facts containing the VIP addresses and FQDNs
|
|
||||||
set_fact:
|
|
||||||
kolla_internal_vip_address: "{{ internal_net_name | net_vip_address }}"
|
|
||||||
kolla_internal_fqdn: "{{ internal_net_name | net_fqdn or internal_net_name | net_vip_address }}"
|
|
||||||
kolla_external_vip_address: "{{ public_net_name | net_vip_address }}"
|
|
||||||
kolla_external_fqdn: "{{ public_net_name | net_fqdn or public_net_name | net_vip_address }}"
|
|
||||||
when: kolla_enable_haproxy | bool
|
|
||||||
|
|
||||||
- name: Set facts containing the VIP addresses and FQDNs
|
|
||||||
set_fact:
|
|
||||||
kolla_internal_vip_address: "{{ internal_net_name | net_ip(network_host) }}"
|
|
||||||
kolla_internal_fqdn: "{{ internal_net_name | net_ip(network_host) }}"
|
|
||||||
kolla_external_vip_address: "{{ public_net_name | net_ip(network_host) }}"
|
|
||||||
kolla_external_fqdn: "{{ public_net_name | net_ip(network_host) }}"
|
|
||||||
when: not kolla_enable_haproxy | bool
|
|
||||||
|
|
||||||
- name: Validate Kolla Ansible API address configuration
|
- name: Validate Kolla Ansible API address configuration
|
||||||
fail:
|
fail:
|
||||||
msg: >
|
msg: >
|
||||||
@ -76,6 +53,7 @@
|
|||||||
({{ item.description }}) is invalid. Value:
|
({{ item.description }}) is invalid. Value:
|
||||||
"{{ hostvars[inventory_hostname][item.var_name] | default('<undefined>') }}".
|
"{{ hostvars[inventory_hostname][item.var_name] | default('<undefined>') }}".
|
||||||
when:
|
when:
|
||||||
|
- groups['network'] | length > 0
|
||||||
- item.required | bool
|
- item.required | bool
|
||||||
- hostvars[inventory_hostname][item.var_name] is not defined or not hostvars[inventory_hostname][item.var_name]
|
- hostvars[inventory_hostname][item.var_name] is not defined or not hostvars[inventory_hostname][item.var_name]
|
||||||
with_items:
|
with_items:
|
||||||
@ -91,7 +69,6 @@
|
|||||||
- var_name: "kolla_external_fqdn"
|
- var_name: "kolla_external_fqdn"
|
||||||
description: "External API Fully Qualified Domain Name (FQDN)"
|
description: "External API Fully Qualified Domain Name (FQDN)"
|
||||||
required: True
|
required: True
|
||||||
when: groups['network'] | length > 0
|
|
||||||
tags:
|
tags:
|
||||||
- config
|
- config
|
||||||
- config-validation
|
- config-validation
|
||||||
|
@ -59,16 +59,6 @@
|
|||||||
tags:
|
tags:
|
||||||
- grafana
|
- grafana
|
||||||
pre_tasks:
|
pre_tasks:
|
||||||
- name: Set fact for the VIP address
|
|
||||||
set_fact:
|
|
||||||
kolla_internal_vip_address: "{{ internal_net_name | net_vip_address }}"
|
|
||||||
when: kolla_enable_haproxy | bool
|
|
||||||
|
|
||||||
- name: Set fact for the VIP address
|
|
||||||
set_fact:
|
|
||||||
kolla_internal_vip_address: "{{ internal_net_name | net_ip }}"
|
|
||||||
when: not kolla_enable_haproxy | bool
|
|
||||||
|
|
||||||
- name: Include Kolla passwords for Grafana local admin account credentials
|
- name: Include Kolla passwords for Grafana local admin account credentials
|
||||||
include_vars: "{{ kayobe_config_path }}/kolla/passwords.yml"
|
include_vars: "{{ kayobe_config_path }}/kolla/passwords.yml"
|
||||||
roles:
|
roles:
|
||||||
|
@ -8,7 +8,7 @@
|
|||||||
- public-openrc
|
- public-openrc
|
||||||
vars:
|
vars:
|
||||||
public_api_proto: "{% if kolla_enable_tls_external | bool %}https{% else %}http{% endif %}"
|
public_api_proto: "{% if kolla_enable_tls_external | bool %}https{% else %}http{% endif %}"
|
||||||
public_api_host: "{{ public_net_name | net_fqdn or public_net_name | net_vip_address }}"
|
public_api_host: "{{ kolla_external_fqdn }}"
|
||||||
public_api_keystone_port: 5000
|
public_api_keystone_port: 5000
|
||||||
roles:
|
roles:
|
||||||
- role: public-openrc
|
- role: public-openrc
|
||||||
|
@ -225,6 +225,32 @@ OpenStack services. This is not usually advisable in production.
|
|||||||
---
|
---
|
||||||
kolla_openstack_logging_debug: true
|
kolla_openstack_logging_debug: true
|
||||||
|
|
||||||
|
API Addresses
|
||||||
|
-------------
|
||||||
|
|
||||||
|
.. note::
|
||||||
|
|
||||||
|
These variables should be used over the deprecated ``vip_address`` and
|
||||||
|
``fqdn`` `network attributes <configuration-network-global>`
|
||||||
|
|
||||||
|
The following variables affect the addresses used for the external and internal
|
||||||
|
API.
|
||||||
|
|
||||||
|
``kolla_internal_vip_address``
|
||||||
|
Virtual IP address of OpenStack internal API. Default is the
|
||||||
|
``vip_address`` attribute of the internal network.
|
||||||
|
``kolla_internal_fqdn``
|
||||||
|
Fully Qualified Domain Name (FQDN) of OpenStack internal API. Default is
|
||||||
|
the ``fqdn`` attribute of the internal network if set, otherwise
|
||||||
|
``kolla_internal_vip_address``.
|
||||||
|
``kolla_external_vip_address``
|
||||||
|
Virtual IP address of OpenStack external API. Default is the
|
||||||
|
``vip_address`` attribute of the external network.
|
||||||
|
``kolla_external_fqdn``
|
||||||
|
Fully Qualified Domain Name (FQDN) of OpenStack external API. Default is
|
||||||
|
the ``fqdn`` attribute of the external network if set, otherwise
|
||||||
|
``kolla_external_vip_address``.
|
||||||
|
|
||||||
TLS Encryption of APIs
|
TLS Encryption of APIs
|
||||||
----------------------
|
----------------------
|
||||||
|
|
||||||
|
@ -10,6 +10,8 @@ that define the network's attributes. For example, to configure the ``cidr``
|
|||||||
attribute of a network named ``arpanet``, we would use a variable named
|
attribute of a network named ``arpanet``, we would use a variable named
|
||||||
``arpanet_cidr``.
|
``arpanet_cidr``.
|
||||||
|
|
||||||
|
.. _configuration-network-global:
|
||||||
|
|
||||||
Global Network Configuration
|
Global Network Configuration
|
||||||
============================
|
============================
|
||||||
|
|
||||||
@ -42,8 +44,18 @@ supported:
|
|||||||
``mtu``
|
``mtu``
|
||||||
Maximum Transmission Unit (MTU).
|
Maximum Transmission Unit (MTU).
|
||||||
``vip_address``
|
``vip_address``
|
||||||
|
.. note::
|
||||||
|
|
||||||
|
Use of the ``vip_address`` attribute is deprecated. Instead use
|
||||||
|
``kolla_internal_vip_address`` and ``kolla_external_vip_address``.
|
||||||
|
|
||||||
Virtual IP address (VIP) used by API services on this network.
|
Virtual IP address (VIP) used by API services on this network.
|
||||||
``fqdn``
|
``fqdn``
|
||||||
|
.. note::
|
||||||
|
|
||||||
|
Use of the ``fqdn`` attribute is deprecated. Instead use
|
||||||
|
``kolla_internal_fqdn`` and ``kolla_external_fqdn``.
|
||||||
|
|
||||||
Fully Qualified Domain Name (FQDN) used by API services on this network.
|
Fully Qualified Domain Name (FQDN) used by API services on this network.
|
||||||
``routes``
|
``routes``
|
||||||
List of static IP routes. Each item should be a dict containing the
|
List of static IP routes. Each item should be a dict containing the
|
||||||
|
@ -351,6 +351,27 @@
|
|||||||
# passwords file.
|
# passwords file.
|
||||||
#kolla_ansible_custom_passwords:
|
#kolla_ansible_custom_passwords:
|
||||||
|
|
||||||
|
###############################################################################
|
||||||
|
# OpenStack API addresses.
|
||||||
|
|
||||||
|
# Virtual IP address of OpenStack internal API. Default is the vip_address
|
||||||
|
# attribute of the internal network.
|
||||||
|
#kolla_internal_vip_address:
|
||||||
|
|
||||||
|
# Fully Qualified Domain Name (FQDN) of OpenStack internal API. Default is the
|
||||||
|
# fqdn attribute of the internal network if set, otherwise
|
||||||
|
# kolla_internal_vip_address.
|
||||||
|
#kolla_internal_fqdn:
|
||||||
|
|
||||||
|
# Virtual IP address of OpenStack external API. Default is the vip_address
|
||||||
|
# attribute of the external network.
|
||||||
|
#kolla_external_vip_address:
|
||||||
|
|
||||||
|
# Fully Qualified Domain Name (FQDN) of OpenStack external API. Default is the
|
||||||
|
# fqdn attribute of the external network if set, otherwise
|
||||||
|
# kolla_external_vip_address.
|
||||||
|
#kolla_external_fqdn:
|
||||||
|
|
||||||
###############################################################################
|
###############################################################################
|
||||||
# TLS certificate bundle management
|
# TLS certificate bundle management
|
||||||
|
|
||||||
|
@ -0,0 +1,22 @@
|
|||||||
|
---
|
||||||
|
features:
|
||||||
|
- |
|
||||||
|
Adds the following new variables for the Kolla Ansible API VIP address and
|
||||||
|
FQDNs:
|
||||||
|
|
||||||
|
* ``kolla_internal_vip_address``
|
||||||
|
* ``kolla_internal_fqdn``
|
||||||
|
* ``kolla_external_vip_address``
|
||||||
|
* ``kolla_external_fqdn``
|
||||||
|
|
||||||
|
These variables should be used in preference to the ``vip_address`` and
|
||||||
|
``fqdn`` network attributes which are deprecated.
|
||||||
|
deprecations:
|
||||||
|
- |
|
||||||
|
The ``vip_address`` and ``fqdn`` network attributes are deprecated in
|
||||||
|
favour of the following variables:
|
||||||
|
|
||||||
|
* ``kolla_internal_vip_address``
|
||||||
|
* ``kolla_internal_fqdn``
|
||||||
|
* ``kolla_external_vip_address``
|
||||||
|
* ``kolla_external_fqdn``
|
Loading…
Reference in New Issue
Block a user