From 1862e24bb5062be181e3462a773b96b214cd8be8 Mon Sep 17 00:00:00 2001
From: Mark Goddard <mark@stackhpc.com>
Date: Tue, 22 Sep 2020 10:39:31 +0000
Subject: [PATCH] Add variables for API VIP address and FQDN
Kayobe currently supports definition of various different networks -
public, internal, tunnel, etc. These typically map to a VLAN or flat
network, with an IP subnet. When a cloud exceeds the size of a single
VLAN/subnet, this approach no longer works.
One way to resolve this is to have multiple subnets that map to a single
logical network, and provide routing between them. This is a similar
concept to neutron's routed networks, but for the control plane.
An issue arising from this is that if different hosts can have different
network definitions for the internal and public networks, it is no
longer trivial to use a network attribute [1] to specify the VIP address
and FQDN. Furthermore, the play that generates Kolla Ansible's
globals.yml containing the VIP and FQDN variables runs as localhost,
which does not necessarily have the internal and public networks
defined.
To resolve this, we add global variables for the VIPs and FQDNs. The
default values are as before, except in the case where HAProxy is
disabled, which we no longer provide a useful default for. That
configuration is very rarely used in practice, and the need to reference
the IP address of a host in the network group makes it difficult to
define safely.
[1] https://docs.openstack.org/kayobe/latest/configuration/reference/network.html#global-network-configuration
Story: 2008180
Task: 40937
Change-Id: I2c428ffc2b285aee03d8f59ae7cd3fb7230ce4ae
---
ansible/group_vars/all/kolla | 21 ++++++
ansible/kolla-ansible.yml | 69 +++++++------------
ansible/overcloud-grafana-configure.yml | 10 ---
ansible/public-openrc.yml | 2 +-
.../configuration/reference/kolla-ansible.rst | 26 +++++++
.../configuration/reference/network.rst | 12 ++++
etc/kayobe/kolla.yml | 21 ++++++
...d-vip-fqdn-variables-a6202664c2b6eb01.yaml | 22 ++++++
8 files changed, 126 insertions(+), 57 deletions(-)
create mode 100644 releasenotes/notes/add-vip-fqdn-variables-a6202664c2b6eb01.yaml
diff --git a/ansible/group_vars/all/kolla b/ansible/group_vars/all/kolla
index 88bf93c3..14104c96 100644
--- a/ansible/group_vars/all/kolla
+++ b/ansible/group_vars/all/kolla
@@ -559,6 +559,27 @@ kolla_ansible_default_custom_passwords:
# passwords file.
kolla_ansible_custom_passwords: "{{ kolla_ansible_default_custom_passwords }}"
+###############################################################################
+# OpenStack API addresses.
+
+# Virtual IP address of OpenStack internal API. Default is the vip_address
+# attribute of the internal network.
+kolla_internal_vip_address: "{{ internal_net_name | net_vip_address }}"
+
+# Fully Qualified Domain Name (FQDN) of OpenStack internal API. Default is the
+# fqdn attribute of the internal network if set, otherwise
+# kolla_internal_vip_address.
+kolla_internal_fqdn: "{{ internal_net_name | net_fqdn or kolla_internal_vip_address }}"
+
+# Virtual IP address of OpenStack external API. Default is the vip_address
+# attribute of the external network.
+kolla_external_vip_address: "{{ public_net_name | net_vip_address }}"
+
+# Fully Qualified Domain Name (FQDN) of OpenStack external API. Default is the
+# fqdn attribute of the external network if set, otherwise
+# kolla_external_vip_address.
+kolla_external_fqdn: "{{ public_net_name | net_fqdn or kolla_external_vip_address }}"
+
###############################################################################
# TLS certificate bundle management
diff --git a/ansible/kolla-ansible.yml b/ansible/kolla-ansible.yml
index ae04fcf8..fa182b5a 100644
--- a/ansible/kolla-ansible.yml
+++ b/ansible/kolla-ansible.yml
@@ -27,12 +27,6 @@
tags:
- kolla-ansible
gather_facts: false
- vars:
- # We need to reference configuration for the network node.
- # We pick the first host from the group for this. It is possible that at
- # this point these groups have no hosts in, and we should handle that case
- # gracefully.
- network_host: "{{ groups['network'][0] }}"
pre_tasks:
# Configuration of extra user-provided Kolla globals.
- block:
@@ -52,46 +46,29 @@
- config
# Configuration and validation of network host networking.
- - block:
- - name: Set facts containing the VIP addresses and FQDNs
- set_fact:
- kolla_internal_vip_address: "{{ internal_net_name | net_vip_address }}"
- kolla_internal_fqdn: "{{ internal_net_name | net_fqdn or internal_net_name | net_vip_address }}"
- kolla_external_vip_address: "{{ public_net_name | net_vip_address }}"
- kolla_external_fqdn: "{{ public_net_name | net_fqdn or public_net_name | net_vip_address }}"
- when: kolla_enable_haproxy | bool
-
- - name: Set facts containing the VIP addresses and FQDNs
- set_fact:
- kolla_internal_vip_address: "{{ internal_net_name | net_ip(network_host) }}"
- kolla_internal_fqdn: "{{ internal_net_name | net_ip(network_host) }}"
- kolla_external_vip_address: "{{ public_net_name | net_ip(network_host) }}"
- kolla_external_fqdn: "{{ public_net_name | net_ip(network_host) }}"
- when: not kolla_enable_haproxy | bool
-
- - name: Validate Kolla Ansible API address configuration
- fail:
- msg: >
- The Kolla Ansible variable {{ item.var_name }}
- ({{ item.description }}) is invalid. Value:
- "{{ hostvars[inventory_hostname][item.var_name] | default('<undefined>') }}".
- when:
- - item.required | bool
- - hostvars[inventory_hostname][item.var_name] is not defined or not hostvars[inventory_hostname][item.var_name]
- with_items:
- - var_name: "kolla_internal_vip_address"
- description: "Internal API VIP address"
- required: True
- - var_name: "kolla_internal_fqdn"
- description: "Internal API Fully Qualified Domain Name (FQDN)"
- required: True
- - var_name: "kolla_external_vip_address"
- description: "external API VIP address"
- required: True
- - var_name: "kolla_external_fqdn"
- description: "External API Fully Qualified Domain Name (FQDN)"
- required: True
- when: groups['network'] | length > 0
+ - name: Validate Kolla Ansible API address configuration
+ fail:
+ msg: >
+ The Kolla Ansible variable {{ item.var_name }}
+ ({{ item.description }}) is invalid. Value:
+ "{{ hostvars[inventory_hostname][item.var_name] | default('<undefined>') }}".
+ when:
+ - groups['network'] | length > 0
+ - item.required | bool
+ - hostvars[inventory_hostname][item.var_name] is not defined or not hostvars[inventory_hostname][item.var_name]
+ with_items:
+ - var_name: "kolla_internal_vip_address"
+ description: "Internal API VIP address"
+ required: True
+ - var_name: "kolla_internal_fqdn"
+ description: "Internal API Fully Qualified Domain Name (FQDN)"
+ required: True
+ - var_name: "kolla_external_vip_address"
+ description: "external API VIP address"
+ required: True
+ - var_name: "kolla_external_fqdn"
+ description: "External API Fully Qualified Domain Name (FQDN)"
+ required: True
tags:
- config
- config-validation
diff --git a/ansible/overcloud-grafana-configure.yml b/ansible/overcloud-grafana-configure.yml
index 53c44e2f..2da5c959 100644
--- a/ansible/overcloud-grafana-configure.yml
+++ b/ansible/overcloud-grafana-configure.yml
@@ -59,16 +59,6 @@
tags:
- grafana
pre_tasks:
- - name: Set fact for the VIP address
- set_fact:
- kolla_internal_vip_address: "{{ internal_net_name | net_vip_address }}"
- when: kolla_enable_haproxy | bool
-
- - name: Set fact for the VIP address
- set_fact:
- kolla_internal_vip_address: "{{ internal_net_name | net_ip }}"
- when: not kolla_enable_haproxy | bool
-
- name: Include Kolla passwords for Grafana local admin account credentials
include_vars: "{{ kayobe_config_path }}/kolla/passwords.yml"
roles:
diff --git a/ansible/public-openrc.yml b/ansible/public-openrc.yml
index 4367773a..d81d1300 100644
--- a/ansible/public-openrc.yml
+++ b/ansible/public-openrc.yml
@@ -8,7 +8,7 @@
- public-openrc
vars:
public_api_proto: "{% if kolla_enable_tls_external | bool %}https{% else %}http{% endif %}"
- public_api_host: "{{ public_net_name | net_fqdn or public_net_name | net_vip_address }}"
+ public_api_host: "{{ kolla_external_fqdn }}"
public_api_keystone_port: 5000
roles:
- role: public-openrc
diff --git a/doc/source/configuration/reference/kolla-ansible.rst b/doc/source/configuration/reference/kolla-ansible.rst
index a5d11a93..17251ada 100644
--- a/doc/source/configuration/reference/kolla-ansible.rst
+++ b/doc/source/configuration/reference/kolla-ansible.rst
@@ -225,6 +225,32 @@ OpenStack services. This is not usually advisable in production.
---
kolla_openstack_logging_debug: true
+API Addresses
+-------------
+
+.. note::
+
+ These variables should be used over the deprecated ``vip_address`` and
+ ``fqdn`` `network attributes <configuration-network-global>`
+
+The following variables affect the addresses used for the external and internal
+API.
+
+``kolla_internal_vip_address``
+ Virtual IP address of OpenStack internal API. Default is the
+ ``vip_address`` attribute of the internal network.
+``kolla_internal_fqdn``
+ Fully Qualified Domain Name (FQDN) of OpenStack internal API. Default is
+ the ``fqdn`` attribute of the internal network if set, otherwise
+ ``kolla_internal_vip_address``.
+``kolla_external_vip_address``
+ Virtual IP address of OpenStack external API. Default is the
+ ``vip_address`` attribute of the external network.
+``kolla_external_fqdn``
+ Fully Qualified Domain Name (FQDN) of OpenStack external API. Default is
+ the ``fqdn`` attribute of the external network if set, otherwise
+ ``kolla_external_vip_address``.
+
TLS Encryption of APIs
----------------------
diff --git a/doc/source/configuration/reference/network.rst b/doc/source/configuration/reference/network.rst
index f99242f5..d53a75cf 100644
--- a/doc/source/configuration/reference/network.rst
+++ b/doc/source/configuration/reference/network.rst
@@ -10,6 +10,8 @@ that define the network's attributes. For example, to configure the ``cidr``
attribute of a network named ``arpanet``, we would use a variable named
``arpanet_cidr``.
+.. _configuration-network-global:
+
Global Network Configuration
============================
@@ -42,8 +44,18 @@ supported:
``mtu``
Maximum Transmission Unit (MTU).
``vip_address``
+ .. note::
+
+ Use of the ``vip_address`` attribute is deprecated. Instead use
+ ``kolla_internal_vip_address`` and ``kolla_external_vip_address``.
+
Virtual IP address (VIP) used by API services on this network.
``fqdn``
+ .. note::
+
+ Use of the ``fqdn`` attribute is deprecated. Instead use
+ ``kolla_internal_fqdn`` and ``kolla_external_fqdn``.
+
Fully Qualified Domain Name (FQDN) used by API services on this network.
``routes``
List of static IP routes. Each item should be a dict containing the
diff --git a/etc/kayobe/kolla.yml b/etc/kayobe/kolla.yml
index ae7a4a96..115404bd 100644
--- a/etc/kayobe/kolla.yml
+++ b/etc/kayobe/kolla.yml
@@ -351,6 +351,27 @@
# passwords file.
#kolla_ansible_custom_passwords:
+###############################################################################
+# OpenStack API addresses.
+
+# Virtual IP address of OpenStack internal API. Default is the vip_address
+# attribute of the internal network.
+#kolla_internal_vip_address:
+
+# Fully Qualified Domain Name (FQDN) of OpenStack internal API. Default is the
+# fqdn attribute of the internal network if set, otherwise
+# kolla_internal_vip_address.
+#kolla_internal_fqdn:
+
+# Virtual IP address of OpenStack external API. Default is the vip_address
+# attribute of the external network.
+#kolla_external_vip_address:
+
+# Fully Qualified Domain Name (FQDN) of OpenStack external API. Default is the
+# fqdn attribute of the external network if set, otherwise
+# kolla_external_vip_address.
+#kolla_external_fqdn:
+
###############################################################################
# TLS certificate bundle management
diff --git a/releasenotes/notes/add-vip-fqdn-variables-a6202664c2b6eb01.yaml b/releasenotes/notes/add-vip-fqdn-variables-a6202664c2b6eb01.yaml
new file mode 100644
index 00000000..a172f8ab
--- /dev/null
+++ b/releasenotes/notes/add-vip-fqdn-variables-a6202664c2b6eb01.yaml
@@ -0,0 +1,22 @@
+---
+features:
+ - |
+ Adds the following new variables for the Kolla Ansible API VIP address and
+ FQDNs:
+
+ * ``kolla_internal_vip_address``
+ * ``kolla_internal_fqdn``
+ * ``kolla_external_vip_address``
+ * ``kolla_external_fqdn``
+
+ These variables should be used in preference to the ``vip_address`` and
+ ``fqdn`` network attributes which are deprecated.
+deprecations:
+ - |
+ The ``vip_address`` and ``fqdn`` network attributes are deprecated in
+ favour of the following variables:
+
+ * ``kolla_internal_vip_address``
+ * ``kolla_internal_fqdn``
+ * ``kolla_external_vip_address``
+ * ``kolla_external_fqdn``
--
GitLab