From 072bf2c64d5cecc840e03e4dc1618c5d2adfe7e4 Mon Sep 17 00:00:00 2001 From: German Eichberger Date: Mon, 17 Jul 2017 14:04:51 -0400 Subject: [PATCH] Enable V2 Octavia API (Experimental) For Pike Octavia gains a way to run independent of Neutron with the new V2 API. This adds an (experiemntal) switch to enable this which defaults to False. Change-Id: I009ea4feb7aecda861701af277122001c9bf4500 --- defaults/main.yml | 25 ++++++++++-------- doc/source/configure-octavia.rst | 26 +++++++++++++++++++ ...-V2-(standalone)-API-d644b92ad374f2cf.yaml | 7 +++++ tasks/octavia_service_add.yml | 19 +++++++------- templates/octavia.conf.j2 | 19 ++++++++++++-- 5 files changed, 74 insertions(+), 22 deletions(-) create mode 100644 releasenotes/notes/Adds-flags-to-enable--Octavia-V2-(standalone)-API-d644b92ad374f2cf.yaml diff --git a/defaults/main.yml b/defaults/main.yml index 18b26898..5c5c6b66 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -16,6 +16,15 @@ ## Verbosity Options debug: False +## Octavia stnadalone (v2) experimental +octavia_v2: false + +## Activate Octavia V1 API +octavia_v1: True + +## Allow TLS listener +octavia_tls_listener_enabled: True + # Set the package install state for distribution and pip packages # Options are 'present' and 'latest' octavia_package_state: "latest" @@ -37,9 +46,7 @@ octavia_fatal_deprecations: False octavia_clients_endpoint: internalURL -# Workaround for https://bugs.launchpad.net/octavia/+bug/1704468 -# API haproxy needs "/" to return 200 for healthcheck -octavia_auth_strategy: noauth +octavia_auth_strategy: keystone ## DB octavia_galera_user: octavia @@ -121,11 +128,11 @@ octavia_service_adminuri_proto: "{{ openstack_service_adminuri_proto | default(o octavia_service_internaluri_proto: "{{ openstack_service_internaluri_proto | default(octavia_service_proto) }}" octavia_service_type: load-balancer octavia_service_publicuri: "{{ octavia_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ octavia_service_port }}" -octavia_service_publicurl: "{{ octavia_service_publicuri }}/v1/%(tenant_id)s" +octavia_service_publicurl_v2: "{{ octavia_service_publicuri }}/" octavia_service_adminuri: "{{ octavia_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ octavia_service_port }}" -octavia_service_adminurl: "{{ octavia_service_adminuri }}/v1/%(tenant_id)s" +octavia_service_adminurl_v2: "{{ octavia_service_adminuri }}" octavia_service_internaluri: "{{ octavia_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ octavia_service_port }}" -octavia_service_internalurl: "{{ octavia_service_internaluri }}/v1/%(tenant_id)s" +octavia_service_internalurl_v2: "{{ octavia_service_internaluri }}" octavia_service_in_ldap: false @@ -154,17 +161,13 @@ octavia_pip_packages: - cryptography - keystonemiddleware - PyMySQL - - python-ceilometerclient - - python-cinderclient - python-glanceclient - - python-heatclient - python-keystoneclient - python-memcached - python-neutronclient - python-novaclient - python-openstackclient - - python-swiftclient - - python-troveclient + - python-octaviaclient - octavia - uwsgi diff --git a/doc/source/configure-octavia.rst b/doc/source/configure-octavia.rst index 4653399a..a315d188 100644 --- a/doc/source/configure-octavia.rst +++ b/doc/source/configure-octavia.rst @@ -192,6 +192,32 @@ enable access. /etc/openstack-deploy +Optional: Enable Octavia V2 API +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Beginning with the Pike release, Octavia can be deployed in a stand-alone +version thus avoiding the Neutron integration. Currently, the following +configuration should be added to ``openstack_user_config.yml``: + +.. code-block:: yaml + + # Disable Octavia support in Neutron + neutron_lbaas_octavia: False + # Disable LBaaS V2 + neutron_lbaasv2: False + # Enable Octavia V2 API/standalone + octavia_v2: True + # Disable Octavia V1 API + octavia_v1: False + +Please note that in some settings the LBaaS plugin is directly enabled in the +``neutron_plugin_base`` so adjust this as necessary. + +Please be aware that if you enable only the Octavia endpoint, only +Octavia load balancers can be created because the integration with 3rd party +load balancer vendors nor with the haproxy namespace driver is available +in the Pike release. + Optional: Tuning Octavia for production use ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/releasenotes/notes/Adds-flags-to-enable--Octavia-V2-(standalone)-API-d644b92ad374f2cf.yaml b/releasenotes/notes/Adds-flags-to-enable--Octavia-V2-(standalone)-API-d644b92ad374f2cf.yaml new file mode 100644 index 00000000..a3575513 --- /dev/null +++ b/releasenotes/notes/Adds-flags-to-enable--Octavia-V2-(standalone)-API-d644b92ad374f2cf.yaml @@ -0,0 +1,7 @@ +--- +features: + - Adds a new flag to enable Octavia V2 API (disabled by default) to facilitate to run Octavia + stand alone (without Neutron) + - Adds a new flag to toggle Octavia V1 API (the API needed to run in conjunction with Neutron) + and enables it by default. + diff --git a/tasks/octavia_service_add.yml b/tasks/octavia_service_add.yml index 6eac6924..2eaf16c9 100644 --- a/tasks/octavia_service_add.yml +++ b/tasks/octavia_service_add.yml @@ -66,7 +66,8 @@ retries: 5 delay: 10 -# Create an endpoint +# Create an endpoint (v2 only) +# V1 uses a direct URL in the neutron conf - name: Ensure octavia endpoint keystone: command: "ensure_endpoint" @@ -79,14 +80,14 @@ service_type: "{{ octavia_service_type }}" insecure: "{{ keystone_service_adminuri_insecure }}" endpoint_list: -# Versions pre Pike only have an internal endpoint -# - url: "{{ service_publicurl }}" -# interface: "public" - - url: "{{ octavia_service_internalurl }}" + - url: "{{ octavia_service_publicurl_v2 }}" + interface: "public" + - url: "{{ octavia_service_internalurl_v2 }}" interface: "internal" -# - url: "{{ service_adminurl }}" -# interface: "admin" - register: add_service - until: add_service|success + - url: "{{ octavia_service_adminurl_v2 }}" + interface: "admin" + register: add_service_v2 + until: add_service_v2|success retries: 5 delay: 10 + when: octavia_v2 | bool diff --git a/templates/octavia.conf.j2 b/templates/octavia.conf.j2 index a8b203b9..da84fa6c 100644 --- a/templates/octavia.conf.j2 +++ b/templates/octavia.conf.j2 @@ -1,13 +1,16 @@ [DEFAULT] # Print debugging output (set logging level to DEBUG instead of default WARNING level). debug = {{ debug }} + +{% if not octavia_v2|bool %} bind_host = 0.0.0.0 bind_port = {{ octavia_service_port }} # api_handler = queue_producer # # How should authentication be handled (keystone, noauth) -# auth_strategy = noauth +auth_strategy = {{ octavia_auth_strategy }} # +{% endif %} # Plugin options are hot_plug_plugin (Hot-pluggable controller plugin) # # octavia_plugins = hot_plug_plugin @@ -24,8 +27,20 @@ bind_port = {{ octavia_service_port }} transport_url = rabbit://{% for host in octavia_rabbitmq_servers.split(',') %}{{ octavia_rabbitmq_userid }}:{{ octavia_rabbitmq_password }}@{{ host }}:{{ octavia_rabbitmq_port }}{% if not loop.last %},{% else %}/{{ octavia_rabbitmq_vhost }}{% endif %}{% endfor %} -# for pre Pike +[api_settings] +bind_host = 0.0.0.0 +bind_port = {{ octavia_service_port }} +# api_handler = queue_producer +# +# How should authentication be handled (keystone, noauth) +# Note: remove "noauth" once LP bug is fixed auth_strategy = {{ octavia_auth_strategy }} +# +api_v1_enabled = {{ octavia_v1 }} +api_v2_enabled = {{ octavia_v2 }} +# Allow users to create TLS Terminated listeners? +allow_tls_terminated_listeners = {{ octavia_tls_listener_enabled }} + # pre Ocata [oslo_messaging_rabbit] ssl = {{ octavia_rabbitmq_use_ssl }}