From 51c9e1b6338d6f1ab05040e7ed92b051c0a0411b Mon Sep 17 00:00:00 2001 From: Jim Rollenhagen Date: Tue, 18 Dec 2018 09:42:52 -0500 Subject: [PATCH] Allow nova services to use independent hostnames This allows nova service endpoints to use custom hostnames, and adds the following variables: * nova_internal_fqdn * nova_external_fqdn * placement_internal_fqdn * placement_external_fqdn * nova_novncproxy_fqdn * nova_spicehtml5proxy_fqdn * nova_serialproxy_fqdn These default to the old values of kolla_internal_fqdn or kolla_external_fqdn. This also adds the following variables: * nova_api_listen_port * nova_metadata_listen_port * nova_novncproxy_listen_port * nova_spicehtml5proxy_listen_port * nova_serialproxy_listen_port * placement_api_listen_port These default to _port, e.g. nova_api_port, for backward compatibility. These options allow the user to differentiate between the port the service listens on, and the port the service is reachable on. This is useful for external load balancers which live on the same host as the service itself. Change-Id: I7bcce56a2138eeadcabac79dd07c8dba1c5af644 Implements: blueprint service-hostnames --- ansible/group_vars/all.yml | 13 ++++++++ .../neutron/templates/metadata_agent.ini.j2 | 2 +- ansible/roles/nova/defaults/main.yml | 31 +++++++++++++------ ansible/roles/nova/tasks/precheck.yml | 12 +++---- ansible/roles/nova/templates/nova.conf.j2 | 16 +++++----- .../nova/templates/placement-api-wsgi.conf.j2 | 4 +-- 6 files changed, 52 insertions(+), 26 deletions(-) diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml index e5f5c69a9a..b53e135f18 100644 --- a/ansible/group_vars/all.yml +++ b/ansible/group_vars/all.yml @@ -272,11 +272,21 @@ murano_api_port: "8082" neutron_server_port: "9696" +nova_internal_fqdn: "{{ kolla_internal_fqdn }}" +nova_external_fqdn: "{{ kolla_external_fqdn }}" nova_api_port: "8774" +nova_api_listen_port: "{{ nova_api_port }}" nova_metadata_port: "8775" +nova_metadata_listen_port: "{{ nova_metadata_port }}" +nova_novncproxy_fqdn: "{{ kolla_external_fqdn }}" nova_novncproxy_port: "6080" +nova_novncproxy_listen_port: "{{ nova_novncproxy_port }}" +nova_spicehtml5proxy_fqdn: "{{ kolla_external_fqdn }}" nova_spicehtml5proxy_port: "6082" +nova_spicehtml5proxy_listen_port: "{{ nova_spicehtml5proxy_port }}" +nova_serialproxy_fqdn: "{{ kolla_external_fqdn }}" nova_serialproxy_port: "6083" +nova_serialproxy_listen_port: "{{ nova_serialproxy_port }}" octavia_api_port: "9876" octavia_health_manager_port: "5555" @@ -290,7 +300,10 @@ ovsdb_port: "6640" panko_api_port: "8977" +placement_internal_fqdn: "{{ kolla_internal_fqdn }}" +placement_external_fqdn: "{{ kolla_external_fqdn }}" placement_api_port: "8780" +placement_api_listen_port: "{{ placement_api_port }}" prometheus_port: "9091" prometheus_node_exporter_port: "9100" diff --git a/ansible/roles/neutron/templates/metadata_agent.ini.j2 b/ansible/roles/neutron/templates/metadata_agent.ini.j2 index 944ba1bcfb..981d86c451 100644 --- a/ansible/roles/neutron/templates/metadata_agent.ini.j2 +++ b/ansible/roles/neutron/templates/metadata_agent.ini.j2 @@ -1,6 +1,6 @@ # metadata_agent.ini [DEFAULT] -nova_metadata_host = {{ kolla_internal_fqdn }} +nova_metadata_host = {{ nova_internal_fqdn }} nova_metadata_port = {{ nova_metadata_port }} metadata_proxy_shared_secret = {{ metadata_secret }} diff --git a/ansible/roles/nova/defaults/main.yml b/ansible/roles/nova/defaults/main.yml index 10d6f64c9b..cc35dd4eb4 100644 --- a/ansible/roles/nova/defaults/main.yml +++ b/ansible/roles/nova/defaults/main.yml @@ -53,11 +53,13 @@ nova_services: mode: "http" external: false port: "{{ placement_api_port }}" + listen_port: "{{ placement_api_listen_port }}" placement_api_external: enabled: "{{ enable_nova }}" mode: "http" external: true port: "{{ placement_api_port }}" + listen_port: "{{ placement_api_listen_port }}" nova-api: container_name: "nova_api" group: "nova-api" @@ -77,21 +79,25 @@ nova_services: mode: "http" external: false port: "{{ nova_api_port }}" + listen_port: "{{ nova_api_listen_port }}" nova_api_external: enabled: "{{ enable_nova }}" mode: "http" external: true port: "{{ nova_api_port }}" + listen_port: "{{ nova_api_listen_port }}" nova_metadata: enabled: "{{ enable_nova }}" mode: "http" external: false port: "{{ nova_metadata_port }}" + listen_port: "{{ nova_metadata_listen_port }}" nova_metadata_external: enabled: "{{ enable_nova }}" mode: "http" external: true port: "{{ nova_metadata_port }}" + listen_port: "{{ nova_metadata_listen_port }}" nova_rdp: enabled: "{{ enable_nova|bool and nova_console == 'rdp' }}" mode: "http" @@ -126,6 +132,7 @@ nova_services: mode: "http" external: false port: "{{ nova_novncproxy_port }}" + listen_port: "{{ nova_novncproxy_listen_port }}" backend_http_extra: - "timeout tunnel 1h" nova_novncproxy_external: @@ -133,6 +140,7 @@ nova_services: mode: "http" external: true port: "{{ nova_novncproxy_port }}" + listen_port: "{{ nova_novncproxy_listen_port }}" nova-scheduler: container_name: "nova_scheduler" group: "nova-scheduler" @@ -161,11 +169,13 @@ nova_services: mode: "http" external: false port: "{{ nova_spicehtml5proxy_port }}" + listen_port: "{{ nova_spicehtml5proxy_listen_port }}" nova_spicehtml5proxy_external: enabled: "{{ enable_nova|bool and nova_console == 'spice' }}" mode: "http" external: true port: "{{ nova_spicehtml5proxy_port }}" + listen_port: "{{ nova_spicehtml5proxy_listen_port }}" nova-serialproxy: container_name: "nova_serialproxy" group: "nova-serialproxy" @@ -183,6 +193,7 @@ nova_services: mode: "http" external: false port: "{{ nova_serialproxy_port }}" + listen_port: "{{ nova_serialproxy_listen_port }}" backend_http_extra: - "timeout tunnel {{ haproxy_nova_serialconsole_proxy_tunnel_timeout }}" nova_serialconsole_proxy_external: @@ -190,6 +201,7 @@ nova_services: mode: "http" external: true port: "{{ nova_serialproxy_port }}" + listen_port: "{{ nova_serialproxy_listen_port }}" backend_http_extra: - "timeout tunnel {{ haproxy_nova_serialconsole_proxy_tunnel_timeout }}" nova-conductor: @@ -354,17 +366,18 @@ haproxy_nova_serialconsole_proxy_tunnel_timeout: "10m" #################### # OpenStack #################### -nova_legacy_admin_endpoint: "{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ nova_api_port }}/v2/%(tenant_id)s" -nova_legacy_internal_endpoint: "{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ nova_api_port }}/v2/%(tenant_id)s" -nova_legacy_public_endpoint: "{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ nova_api_port }}/v2/%(tenant_id)s" -nova_admin_endpoint: "{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ nova_api_port }}/v2.1/%(tenant_id)s" -nova_internal_endpoint: "{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ nova_api_port }}/v2.1/%(tenant_id)s" -nova_public_endpoint: "{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ nova_api_port }}/v2.1/%(tenant_id)s" +nova_legacy_admin_endpoint: "{{ admin_protocol }}://{{ nova_internal_fqdn }}:{{ nova_api_port }}/v2/%(tenant_id)s" +nova_legacy_internal_endpoint: "{{ internal_protocol }}://{{ nova_internal_fqdn }}:{{ nova_api_port }}/v2/%(tenant_id)s" +nova_legacy_public_endpoint: "{{ public_protocol }}://{{ nova_external_fqdn }}:{{ nova_api_port }}/v2/%(tenant_id)s" -placement_admin_endpoint: "{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ placement_api_port }}" -placement_internal_endpoint: "{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ placement_api_port }}" -placement_public_endpoint: "{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ placement_api_port }}" +nova_admin_endpoint: "{{ admin_protocol }}://{{ nova_internal_fqdn }}:{{ nova_api_port }}/v2.1/%(tenant_id)s" +nova_internal_endpoint: "{{ internal_protocol }}://{{ nova_internal_fqdn }}:{{ nova_api_port }}/v2.1/%(tenant_id)s" +nova_public_endpoint: "{{ public_protocol }}://{{ nova_external_fqdn }}:{{ nova_api_port }}/v2.1/%(tenant_id)s" + +placement_admin_endpoint: "{{ admin_protocol }}://{{ placement_internal_fqdn }}:{{ placement_api_port }}" +placement_internal_endpoint: "{{ internal_protocol }}://{{ placement_internal_fqdn }}:{{ placement_api_port }}" +placement_public_endpoint: "{{ public_protocol }}://{{ placement_external_fqdn }}:{{ placement_api_port }}" nova_logging_debug: "{{ openstack_logging_debug }}" diff --git a/ansible/roles/nova/tasks/precheck.yml b/ansible/roles/nova/tasks/precheck.yml index 2cc6065679..d20fbb74b2 100644 --- a/ansible/roles/nova/tasks/precheck.yml +++ b/ansible/roles/nova/tasks/precheck.yml @@ -26,7 +26,7 @@ nova_api: "{{ nova_services['nova-api'] }}" wait_for: host: "{{ api_interface_address }}" - port: "{{ nova_api_port }}" + port: "{{ nova_api_listen_port }}" connect_timeout: 1 timeout: 1 state: stopped @@ -40,7 +40,7 @@ nova_api: "{{ nova_services['nova-api'] }}" wait_for: host: "{{ api_interface_address }}" - port: "{{ nova_metadata_port }}" + port: "{{ nova_metadata_listen_port }}" connect_timeout: 1 timeout: 1 state: stopped @@ -54,7 +54,7 @@ nova_novncproxy: "{{ nova_services['nova-novncproxy'] }}" wait_for: host: "{{ api_interface_address }}" - port: "{{ nova_novncproxy_port }}" + port: "{{ nova_novncproxy_listen_port }}" connect_timeout: 1 timeout: 1 state: stopped @@ -68,7 +68,7 @@ nova_serialproxy: "{{ nova_services['nova-serialproxy'] }}" wait_for: host: "{{ api_interface_address }}" - port: "{{ nova_serialproxy_port }}" + port: "{{ nova_serialproxy_listen_port }}" connect_timeout: 1 timeout: 1 state: stopped @@ -82,7 +82,7 @@ nova_spicehtml5proxy: "{{ nova_services['nova-spicehtml5proxy'] }}" wait_for: host: "{{ api_interface_address }}" - port: "{{ nova_spicehtml5proxy_port }}" + port: "{{ nova_spicehtml5proxy_listen_port }}" connect_timeout: 1 timeout: 1 state: stopped @@ -124,7 +124,7 @@ placement_api: "{{ nova_services['placement-api'] }}" wait_for: host: "{{ api_interface_address }}" - port: "{{ placement_api_port }}" + port: "{{ placement_api_listen_port }}" connect_timeout: 1 timeout: 1 state: stopped diff --git a/ansible/roles/nova/templates/nova.conf.j2 b/ansible/roles/nova/templates/nova.conf.j2 index 1a4fb39846..540f25f723 100644 --- a/ansible/roles/nova/templates/nova.conf.j2 +++ b/ansible/roles/nova/templates/nova.conf.j2 @@ -7,12 +7,12 @@ log_dir = /var/log/kolla/nova state_path = /var/lib/nova osapi_compute_listen = {{ api_interface_address }} -osapi_compute_listen_port = {{ nova_api_port }} +osapi_compute_listen_port = {{ nova_api_listen_port }} osapi_compute_workers = {{ openstack_service_workers }} metadata_workers = {{ openstack_service_workers }} metadata_listen = {{ api_interface_address }} -metadata_listen_port = {{ nova_metadata_port }} +metadata_listen_port = {{ nova_metadata_listen_port }} # NOTE(mgoddard): This option has been deprecated but RDO sets a different # default value for it in /usr/share/nova/nova-dist.conf which causes the @@ -74,11 +74,11 @@ workers = {{ openstack_service_workers }} enabled = false {% else %} novncproxy_host = {{ api_interface_address }} -novncproxy_port = {{ nova_novncproxy_port }} +novncproxy_port = {{ nova_novncproxy_listen_port }} server_listen = {{ api_interface_address }} server_proxyclient_address = {{ api_interface_address }} {% if inventory_hostname in groups['compute'] %} -novncproxy_base_url = {{ public_protocol }}://{{ kolla_external_fqdn }}:{{ nova_novncproxy_port }}/vnc_auto.html +novncproxy_base_url = {{ public_protocol }}://{{ nova_novncproxy_fqdn }}:{{ nova_novncproxy_port }}/vnc_auto.html {% endif %} {% endif %} {% elif nova_console == 'spice' %} @@ -90,10 +90,10 @@ enabled = true server_listen = {{ api_interface_address }} server_proxyclient_address = {{ api_interface_address }} {% if inventory_hostname in groups['compute'] %} -html5proxy_base_url = {{ public_protocol }}://{{ kolla_external_fqdn }}:{{ nova_spicehtml5proxy_port }}/spice_auto.html +html5proxy_base_url = {{ public_protocol }}://{{ nova_spicehtml5proxy_fqdn }}:{{ nova_spicehtml5proxy_port }}/spice_auto.html {% endif %} html5proxy_host = {{ api_interface_address }} -html5proxy_port = {{ nova_spicehtml5proxy_port }} +html5proxy_port = {{ nova_spicehtml5proxy_listen_port }} {% elif nova_console == 'none' %} [vnc] enabled = false @@ -103,9 +103,9 @@ enabled = false {% if enable_nova_serialconsole_proxy | bool %} [serial_console] enabled = true -base_url = ws://{{ kolla_external_fqdn }}:{{ nova_serialproxy_port }}/ +base_url = ws://{{ nova_serialproxy_fqdn }}:{{ nova_serialproxy_port }}/ serialproxy_host = {{ api_interface_address }} -serialproxy_port = {{ nova_serialproxy_port }} +serialproxy_port = {{ nova_serialproxy_listen_port }} proxyclient_address = {{ api_interface_address }} {% endif %} diff --git a/ansible/roles/nova/templates/placement-api-wsgi.conf.j2 b/ansible/roles/nova/templates/placement-api-wsgi.conf.j2 index 69a20a57f9..7af2e9ae6c 100644 --- a/ansible/roles/nova/templates/placement-api-wsgi.conf.j2 +++ b/ansible/roles/nova/templates/placement-api-wsgi.conf.j2 @@ -1,13 +1,13 @@ {% set log_dir = '/var/log/kolla/nova' %} {% set python_path = '/usr/lib/python2.7/site-packages' if nova_install_type == 'binary' else '/var/lib/kolla/venv/lib/python2.7/site-packages' %} {% set wsgi_directory = '/usr/bin' if nova_install_type == 'binary' else '/var/lib/kolla/venv/bin' %} -Listen {{ api_interface_address }}:{{ placement_api_port }} +Listen {{ api_interface_address }}:{{ placement_api_listen_port }} ServerSignature Off ServerTokens Prod TraceEnable off - + WSGIDaemonProcess placement-api processes={{ openstack_service_workers }} threads=1 user=nova group=nova display-name=%{GROUP} python-path={{ python_path }} WSGIProcessGroup placement-api WSGIScriptAlias / {{ wsgi_directory }}/nova-placement-api