1862e24bb5
Kayobe currently supports definition of various different networks - public, internal, tunnel, etc. These typically map to a VLAN or flat network, with an IP subnet. When a cloud exceeds the size of a single VLAN/subnet, this approach no longer works. One way to resolve this is to have multiple subnets that map to a single logical network, and provide routing between them. This is a similar concept to neutron's routed networks, but for the control plane. An issue arising from this is that if different hosts can have different network definitions for the internal and public networks, it is no longer trivial to use a network attribute [1] to specify the VIP address and FQDN. Furthermore, the play that generates Kolla Ansible's globals.yml containing the VIP and FQDN variables runs as localhost, which does not necessarily have the internal and public networks defined. To resolve this, we add global variables for the VIPs and FQDNs. The default values are as before, except in the case where HAProxy is disabled, which we no longer provide a useful default for. That configuration is very rarely used in practice, and the need to reference the IP address of a host in the network group makes it difficult to define safely. [1] https://docs.openstack.org/kayobe/latest/configuration/reference/network.html#global-network-configuration Story: 2008180 Task: 40937 Change-Id: I2c428ffc2b285aee03d8f59ae7cd3fb7230ce4ae
212 lines
9.0 KiB
YAML
212 lines
9.0 KiB
YAML
---
|
|
- name: Gather facts for localhost
|
|
hosts: localhost
|
|
gather_facts: true
|
|
tags: always
|
|
|
|
- name: Validate configuration options for kolla-ansible
|
|
hosts: localhost
|
|
tags:
|
|
- kolla-ansible
|
|
- config-validation
|
|
tasks:
|
|
- name: Validate serial console configuration
|
|
block:
|
|
- name: Check ipmitool-socat is in enabled in kolla_ironic_enabled_console_interfaces
|
|
fail:
|
|
msg: >
|
|
kolla_ironic_enabled_console_interfaces must contain ipmitool-socat if you set
|
|
ironic_serial_console_autoenable to true
|
|
when:
|
|
- kolla_ironic_enabled_console_interfaces is defined
|
|
- "'ipmitool-socat' not in kolla_ironic_enabled_console_interfaces"
|
|
when: ironic_serial_console_autoenable | bool
|
|
|
|
- name: Ensure Kolla Ansible is configured
|
|
hosts: localhost
|
|
tags:
|
|
- kolla-ansible
|
|
gather_facts: false
|
|
pre_tasks:
|
|
# Configuration of extra user-provided Kolla globals.
|
|
- block:
|
|
- name: Check whether a Kolla extra globals configuration file exists
|
|
stat:
|
|
path: "{{ kayobe_config_path ~ '/kolla/globals.yml' }}"
|
|
get_checksum: False
|
|
get_md5: False
|
|
mime: False
|
|
register: globals_stat
|
|
|
|
- name: Read the Kolla extra globals configuration file
|
|
set_fact:
|
|
kolla_extra_globals: "{{ lookup('template', kayobe_config_path ~ '/kolla/globals.yml') | from_yaml }}"
|
|
when: globals_stat.stat.exists
|
|
tags:
|
|
- config
|
|
|
|
# Configuration and validation of network host networking.
|
|
- name: Validate Kolla Ansible API address configuration
|
|
fail:
|
|
msg: >
|
|
The Kolla Ansible variable {{ item.var_name }}
|
|
({{ item.description }}) is invalid. Value:
|
|
"{{ hostvars[inventory_hostname][item.var_name] | default('<undefined>') }}".
|
|
when:
|
|
- groups['network'] | length > 0
|
|
- item.required | bool
|
|
- hostvars[inventory_hostname][item.var_name] is not defined or not hostvars[inventory_hostname][item.var_name]
|
|
with_items:
|
|
- var_name: "kolla_internal_vip_address"
|
|
description: "Internal API VIP address"
|
|
required: True
|
|
- var_name: "kolla_internal_fqdn"
|
|
description: "Internal API Fully Qualified Domain Name (FQDN)"
|
|
required: True
|
|
- var_name: "kolla_external_vip_address"
|
|
description: "external API VIP address"
|
|
required: True
|
|
- var_name: "kolla_external_fqdn"
|
|
description: "External API Fully Qualified Domain Name (FQDN)"
|
|
required: True
|
|
tags:
|
|
- config
|
|
- config-validation
|
|
|
|
- import_role:
|
|
name: kolla-ansible
|
|
vars:
|
|
kolla_ansible_install_epel: "{{ dnf_install_epel }}"
|
|
kolla_external_fqdn_cert: "{{ kolla_config_path }}/certificates/haproxy.pem"
|
|
kolla_internal_fqdn_cert: "{{ kolla_config_path }}/certificates/haproxy-internal.pem"
|
|
kolla_ansible_passwords_path: "{{ kayobe_config_path }}/kolla/passwords.yml"
|
|
kolla_overcloud_group_vars_path: "{{ kayobe_config_path }}/kolla/inventory/group_vars"
|
|
kolla_ansible_certificates_path: "{{ kayobe_config_path }}/kolla/certificates"
|
|
# NOTE: This differs from the default SELinux mode in kolla ansible,
|
|
# which is permissive. The justification for using this mode is twofold:
|
|
# 1. it avoids filling up the audit log
|
|
# 2. it avoids an issue seen when using diskimage-builder in the bifrost
|
|
# container.
|
|
# We could look at making the SELinux mode configurable in future.
|
|
kolla_selinux_state: disabled
|
|
kolla_inspector_dhcp_pool_start: "{{ inspection_net_name | net_inspection_allocation_pool_start }}"
|
|
kolla_inspector_dhcp_pool_end: "{{ inspection_net_name | net_inspection_allocation_pool_end }}"
|
|
kolla_inspector_default_gateway: "{{ inspection_net_name | net_inspection_gateway or inspection_net_name | net_gateway }}"
|
|
kolla_inspector_extra_kernel_options: "{{ inspector_extra_kernel_options }}"
|
|
kolla_enable_host_ntp: false
|
|
docker_daemon_mtu: "{{ public_net_name | net_mtu | default }}"
|
|
|
|
- name: Generate Kolla Ansible host vars for the seed host
|
|
hosts: seed
|
|
tags:
|
|
- config
|
|
- config-validation
|
|
- kolla-ansible
|
|
gather_facts: False
|
|
tasks:
|
|
- name: Set Kolla Ansible host variables
|
|
kolla_ansible_host_vars:
|
|
interfaces:
|
|
- var_name: "kolla_bifrost_network_interface"
|
|
description: "Bifrost provisioning network"
|
|
network: "{{ provision_oc_net_name }}"
|
|
required: True
|
|
# Strictly api_interface is not required but kolla-ansible currently
|
|
# references it in prechecks.
|
|
- var_name: "kolla_api_interface"
|
|
description: "Bifrost provisioning network"
|
|
network: "{{ provision_oc_net_name }}"
|
|
required: True
|
|
|
|
- import_role:
|
|
name: kolla-ansible-host-vars
|
|
vars:
|
|
kolla_ansible_pass_through_host_vars: "{{ kolla_seed_inventory_pass_through_host_vars }}"
|
|
kolla_ansible_pass_through_host_vars_map: "{{ kolla_seed_inventory_pass_through_host_vars_map }}"
|
|
kolla_ansible_inventory_path: "{{ kolla_config_path }}/inventory/seed"
|
|
|
|
- name: Generate Kolla Ansible host vars for overcloud hosts
|
|
hosts: overcloud
|
|
tags:
|
|
- config
|
|
- config-validation
|
|
- kolla-ansible
|
|
gather_facts: False
|
|
tasks:
|
|
- name: Set Kolla Ansible host variables
|
|
vars:
|
|
require_ironic_networks: >-
|
|
{{ kolla_enable_ironic | bool and
|
|
inventory_hostname in groups['controllers'] }}
|
|
ironic_networks:
|
|
- network: "{{ provision_wl_net_name }}"
|
|
required: "{{ require_ironic_networks }}"
|
|
- network: "{{ cleaning_net_name }}"
|
|
required: "{{ require_ironic_networks }}"
|
|
require_provider_networks: >-
|
|
{{ kolla_enable_neutron | bool and
|
|
(inventory_hostname in groups['network'] or
|
|
(kolla_enable_neutron_provider_networks | bool and inventory_hostname in groups['compute'])) }}
|
|
# This expression generates a list containing an item for each network
|
|
# in external_net_names, in the format required by the
|
|
# external_networks argument of the kolla_ansible_host_vars action
|
|
# plugin.
|
|
provider_networks: >-
|
|
{{ dict(external_net_names |
|
|
zip_longest([], fillvalue=require_provider_networks)) |
|
|
dict2items(key_name='network', value_name='required') }}
|
|
kolla_ansible_host_vars:
|
|
interfaces:
|
|
- var_name: "kolla_network_interface"
|
|
description: "Default network"
|
|
network: "{{ internal_net_name }}"
|
|
required: True
|
|
- var_name: "kolla_api_interface"
|
|
description: "API network"
|
|
network: "{{ internal_net_name }}"
|
|
required: True
|
|
- var_name: "kolla_storage_interface"
|
|
description: "Storage network"
|
|
network: "{{ storage_net_name }}"
|
|
required: False
|
|
- var_name: "kolla_cluster_interface"
|
|
description: "Cluster network"
|
|
network: "{{ storage_mgmt_net_name }}"
|
|
required: False
|
|
- var_name: "kolla_swift_storage_interface"
|
|
description: "Swift storage network"
|
|
network: "{{ swift_storage_net_name }}"
|
|
required: False
|
|
- var_name: "kolla_swift_replication_interface"
|
|
description: "Swift storage replication network"
|
|
network: "{{ swift_storage_replication_net_name }}"
|
|
required: False
|
|
- var_name: "kolla_provision_interface"
|
|
description: "Bare metal provisioning network"
|
|
network: "{{ provision_wl_net_name }}"
|
|
required: "{{ kolla_enable_ironic | bool and inventory_hostname in groups['controllers'] }}"
|
|
- var_name: "kolla_inspector_dnsmasq_interface"
|
|
description: "Bare metal introspection network"
|
|
network: "{{ inspection_net_name }}"
|
|
required: "{{ kolla_enable_ironic | bool and inventory_hostname in groups['controllers'] }}"
|
|
- var_name: "kolla_dns_interface"
|
|
description: "DNS network"
|
|
network: "{{ public_net_name }}"
|
|
required: False
|
|
- var_name: "kolla_tunnel_interface"
|
|
description: "Tunnel network"
|
|
network: "{{ tunnel_net_name }}"
|
|
required: False
|
|
- var_name: "kolla_external_vip_interface"
|
|
description: "External network"
|
|
network: "{{ public_net_name }}"
|
|
required: "{{ inventory_hostname in groups['network'] }}"
|
|
external_networks: "{{ ironic_networks + provider_networks }}"
|
|
|
|
- import_role:
|
|
name: kolla-ansible-host-vars
|
|
vars:
|
|
kolla_ansible_pass_through_host_vars: "{{ kolla_overcloud_inventory_pass_through_host_vars }}"
|
|
kolla_ansible_pass_through_host_vars_map: "{{ kolla_overcloud_inventory_pass_through_host_vars_map }}"
|
|
kolla_ansible_inventory_path: "{{ kolla_config_path }}/inventory/overcloud"
|