Add management_ip option for metal hosts

In cases when SSH and mgmt networks are different, it might be important to have valid management_address that services are relying on when listening on interfaces. At the moment for bare metal hosts management_address will be equal to ansible_host which leads to unpredictable behaviour under some scenarios. With management_ip we allow to define another IP address that will be used as container/management address for bare metal host, while `ip` will still represent ansible_host. Related-Bug: #2002645 Change-Id: I3152ae7985319e85b9ea520021f9eea6f5850341
2023-01-13 18:27:52 +01:00 · 2023-01-13 18:27:52 +01:00 · c8ecc9fa10
commit c8ecc9fa10
parent 86d1bdff55
4 changed files with 57 additions and 4 deletions
--- a/doc/source/reference/inventory/configure-inventory.rst
+++ b/doc/source/reference/inventory/configure-inventory.rst
@ -340,3 +340,25 @@ To omit a component from a deployment, you can use one of several options:
  you specify the component to run directly on a host by using the ``is_metal``
  property, a container is created for this component.

+
+Having SSH network different from OpenStack Management network
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+In some environments SSH network that is used to access nodes from deploy
+host and management network are different. In this case it's important that
+services were listening on correct network while ensure that Ansible use SSH
+network for accessing managed hosts. In these cases you can define
+``management_ip`` key while defining hosts in your ``openstack_user_config.yml``
+file.
+
+``management_ip`` will be used as ``management_address`` for the node, while
+``ip`` will be used as ``ansible_host`` for accessing node by SSH.
+
+Example:
+
+.. code-block:: yaml
+
+    shared-infra_hosts:
+      infra1:
+        ip: 192.168.0.101
+        management_ip: 172.29.236.101
--- a/osa_toolkit/generate.py
+++ b/osa_toolkit/generate.py
@ -443,7 +443,8 @@ def user_defined_setup(config, inventory):

                hvs[_key].update({
                    'ansible_host': _value['ip'],
-                    'management_address': _value['ip'],
+                    'management_address': _value.get(
+                        'management_ip', _value['ip']),
                    'is_metal': True,
                    'physical_host_group': key
                })
@ -657,6 +658,7 @@ def _add_additional_networks(key, inventory, ip_q, q_name, netmask, interface,
                if address:
                    network['address'] = address

+            ansible_host_address = networks[old_address]['address']
            network['netmask'] = netmask

        elif is_metal:
@ -671,10 +673,14 @@ def _add_additional_networks(key, inventory, ip_q, q_name, netmask, interface,
                    phg = user_config[cphg][container_host]
                else:
                    phg = user_config[cphg][physical_host]
-                network['address'] = phg['ip']
+                ansible_host_address = phg['ip']
+                network['address'] = phg.get(
+                    'management_ip', ansible_host_address)
+        else:
+            ansible_host_address = networks[old_address]['address']

        if is_management_address is True:
-            container['ansible_host'] = networks[old_address]['address']
+            container['ansible_host'] = ansible_host_address

        if is_management_address is True:
            container['management_address'] = networks[old_address]['address']
--- a/releasenotes/notes/inventory_container_ip-18cd67e8476eba30.yaml
+++ b/releasenotes/notes/inventory_container_ip-18cd67e8476eba30.yaml
@ -0,0 +1,9 @@
+---
+features:
+  - |
+    Added new ``management_ip`` option, that can be defined in conf.d or
+    openstack_user_config.yml files for hosts. It might be useful if SSH
+    network for accessing hosts differs from OpenStack management network.
+    Option ``management_ip`` should be set to an IP address that represents
+    management network on the host, while ``ip`` option remains to represent
+    SSH address that will be used to access host by Ansible.
--- a/tests/test_inventory.py
+++ b/tests/test_inventory.py
@ -717,8 +717,11 @@ class TestConfigCheckBase(unittest.TestCase):
        user_defined_config[group][hostname]['ip'] = ip
        self.write_config()

-    def add_host(self, group, host_name, ip):
+    def add_host(self, group, host_name, ip, management_ip=None):
        self.user_defined_config[group][host_name] = {'ip': ip}
+        if management_ip:
+            self.user_defined_config[group][host_name].update(
+                {'management_ip': management_ip})
        self.write_config()

    def tearDown(self):
@ -1387,6 +1390,19 @@ class TestLxcHosts(TestConfigCheckBase):

        self.assertEqual(set(original_lxc_hosts['hosts']), set(new_inventory['lxc_hosts']['hosts']))

+    def test_lxc_host_management_ip(self):
+        """
+        If ssh network != mgmt network, management_ip should appear in
+        management_network, while ansible_host leave for SSH connection as is
+        """
+        ansible_host_address = '172.20.0.101'
+        management_address = '172.29.236.101'
+        self.add_host('shared-infra_hosts', 'aio2', ansible_host_address, management_address)
+        inventory = get_inventory()
+        hostvars = inventory['_meta']['hostvars']['aio2']
+        self.assertEqual(ansible_host_address, hostvars['ansible_host'])
+        self.assertEqual(management_address, hostvars['management_address'])
+

 class TestConfigMatchesEnvironment(unittest.TestCase):
    def setUp(self):