From 8b9e2b3c6ca5221249b8aa7dc792e756ee92209a Mon Sep 17 00:00:00 2001 From: Michael Henkel Date: Fri, 16 Jun 2017 10:49:57 -0700 Subject: Contrail: Fix controlplane/dataplane network asignments & enable optional dpdk This patch will move the Contrail roles communication towards OpenStack APIs from the public/external network to the internal_api network. I will also add the option to enable dpdk for Contrail. Change-Id: Ia835df656031cdf28de20f41ec6ab1c028dced23 Closes-Bug: 1698422 --- lib/puppet/parser/functions/netmask_to_cidr.rb | 14 ++++ manifests/haproxy.pp | 20 +++-- manifests/network/contrail/analytics.pp | 33 ++++---- manifests/network/contrail/analyticsdatabase.pp | 30 +++---- manifests/network/contrail/config.pp | 36 ++++---- manifests/network/contrail/control.pp | 27 ++++-- manifests/network/contrail/database.pp | 24 +++--- manifests/network/contrail/heat.pp | 24 ++++-- manifests/network/contrail/neutron_plugin.pp | 77 ++++++++++------- manifests/network/contrail/provision.pp | 6 +- manifests/network/contrail/vrouter.pp | 96 +++++++++++++++++----- manifests/network/contrail/webui.pp | 34 ++------ ...e-traffic-to-internal_api-ddc96d24c7018b81.yaml | 10 +++ spec/functions/netmask_to_cidr_spec.rb | 6 ++ 14 files changed, 280 insertions(+), 157 deletions(-) create mode 100644 lib/puppet/parser/functions/netmask_to_cidr.rb create mode 100644 releasenotes/notes/contrail-move-traffic-to-internal_api-ddc96d24c7018b81.yaml create mode 100644 spec/functions/netmask_to_cidr_spec.rb diff --git a/lib/puppet/parser/functions/netmask_to_cidr.rb b/lib/puppet/parser/functions/netmask_to_cidr.rb new file mode 100644 index 0000000..68ee4cf --- /dev/null +++ b/lib/puppet/parser/functions/netmask_to_cidr.rb @@ -0,0 +1,14 @@ +# Custom function to transform netmask from IP notation to +# CIDR format. Input is an IP address, output a CIDR: +# 255.255.255.0 = 24 +# The CIDR formated netmask is needed for some +# Contrail configuration files +require 'ipaddr' +module Puppet::Parser::Functions + newfunction(:netmask_to_cidr, :type => :rvalue) do |args| + if args[0].class != String + raise Puppet::ParseError, "Syntax error: #{args[0]} must be a String" + end + IPAddr.new(args[0]).to_i.to_s(2).count("1") + end +end diff --git a/manifests/haproxy.pp b/manifests/haproxy.pp index 2f29674..3f1fcfb 100644 --- a/manifests/haproxy.pp +++ b/manifests/haproxy.pp @@ -678,6 +678,8 @@ class tripleo::haproxy ( contrail_discovery_ssl_port => 15998, contrail_analytics_port => 8090, contrail_analytics_ssl_port => 18090, + contrail_analytics_rest_port => 8081, + contrail_analytics_ssl_rest_port => 18081, contrail_webui_http_port => 8080, contrail_webui_https_port => 8143, docker_registry_port => 8787, @@ -1589,7 +1591,7 @@ class tripleo::haproxy ( if $contrail_config { ::tripleo::haproxy::endpoint { 'contrail_config': public_virtual_ip => $public_virtual_ip, - internal_ip => hiera('contrail_config_vip', $controller_virtual_ip), + internal_ip => hiera('contrail_config_vip', hiera('internal_api_virtual_ip')), service_port => $ports[contrail_config_port], ip_addresses => hiera('contrail_config_node_ips'), server_names => hiera('contrail_config_node_ips'), @@ -1597,7 +1599,7 @@ class tripleo::haproxy ( } ::tripleo::haproxy::endpoint { 'contrail_discovery': public_virtual_ip => $public_virtual_ip, - internal_ip => hiera('contrail_config_vip', $controller_virtual_ip), + internal_ip => hiera('contrail_config_vip', hiera('internal_api_virtual_ip')), service_port => $ports[contrail_discovery_port], ip_addresses => hiera('contrail_config_node_ips'), server_names => hiera('contrail_config_node_ips'), @@ -1607,17 +1609,25 @@ class tripleo::haproxy ( if $contrail_analytics { ::tripleo::haproxy::endpoint { 'contrail_analytics': public_virtual_ip => $public_virtual_ip, - internal_ip => hiera('contrail_analytics_vip', $controller_virtual_ip), + internal_ip => hiera('contrail_analytics_vip', hiera('internal_api_virtual_ip')), service_port => $ports[contrail_analytics_port], ip_addresses => hiera('contrail_config_node_ips'), server_names => hiera('contrail_config_node_ips'), public_ssl_port => $ports[contrail_analytics_ssl_port], } + ::tripleo::haproxy::endpoint { 'contrail_analytics_rest': + public_virtual_ip => $public_virtual_ip, + internal_ip => hiera('contrail_analytics_vip', hiera('internal_api_virtual_ip')), + service_port => $ports[contrail_analytics_rest_port], + ip_addresses => hiera('contrail_analytics_node_ips', $::contrail_analytics_node_ips), + server_names => hiera('contrail_analytics_node_ips', $::contrail_analytics_node_ips), + public_ssl_port => $ports[contrail_analytics_ssl_rest_port], + } } if $contrail_webui { ::tripleo::haproxy::endpoint { 'contrail_webui_http': public_virtual_ip => $public_virtual_ip, - internal_ip => hiera('contrail_webui_vip', $controller_virtual_ip), + internal_ip => hiera('contrail_webui_vip', hiera('internal_api_virtual_ip')), service_port => $ports[contrail_webui_http_port], ip_addresses => hiera('contrail_config_node_ips'), server_names => hiera('contrail_config_node_ips'), @@ -1625,7 +1635,7 @@ class tripleo::haproxy ( } ::tripleo::haproxy::endpoint { 'contrail_webui_https': public_virtual_ip => $public_virtual_ip, - internal_ip => hiera('contrail_webui_vip', $controller_virtual_ip), + internal_ip => hiera('contrail_webui_vip', hiera('internal_api_virtual_ip')), service_port => $ports[contrail_webui_https_port], ip_addresses => hiera('contrail_config_node_ips'), server_names => hiera('contrail_config_node_ips'), diff --git a/manifests/network/contrail/analytics.pp b/manifests/network/contrail/analytics.pp index 296fa19..6cfb60e 100644 --- a/manifests/network/contrail/analytics.pp +++ b/manifests/network/contrail/analytics.pp @@ -46,7 +46,7 @@ # [*api_server*] # (optional) IP address of api server # String value. -# Defaults to hiera('contrail_config_vip') +# Defaults to hiera('contrail_config_vip',hiera('internal_api_virtual_ip')) # # [*api_port*] # (optional) port of api server @@ -68,11 +68,6 @@ # Integer value. # Defaults to hiera('contrail::auth_port') # -# [*auth_port_ssl*] -# (optional) keystone ssl port. -# Integer value. -# Defaults to hiera('contrail::auth_port_ssl') -# # [*auth_protocol*] # (optional) authentication protocol. # String value. @@ -106,7 +101,7 @@ # [*disc_server_ip*] # (optional) IPv4 address of discovery server. # String (IPv4) value. -# Defaults to hiera('contrail_config_vip') +# Defaults to hiera('contrail::disc_server_ip') # # [*disc_server_port*] # (optional) port Discovery server listens on. @@ -133,10 +128,10 @@ # String (IPv4) value + port # Defaults to hiera('contrail::memcached_server') # -# [*public_vip*] +# [*internal_vip*] # (optional) Public virtual IP address # String (IPv4) value -# Defaults to hiera('public_virtual_ip') +# Defaults to hiera('internal_api_virtual_ip') # # [*rabbit_server*] # (optional) IPv4 addresses of rabbit server. @@ -194,26 +189,25 @@ class tripleo::network::contrail::analytics( $admin_tenant_name = hiera('contrail::admin_tenant_name'), $admin_token = hiera('contrail::admin_token'), $admin_user = hiera('contrail::admin_user'), - $api_server = hiera('contrail_config_vip'), + $api_server = hiera('contrail_config_vip',hiera('internal_api_virtual_ip')), $api_port = hiera('contrail::api_port'), $auth_host = hiera('contrail::auth_host'), $auth_port = hiera('contrail::auth_port'), $auth_protocol = hiera('contrail::auth_protocol'), - $auth_port_ssl = hiera('contrail::auth_port_ssl'), $analytics_aaa_mode = hiera('contrail::analytics_aaa_mode'), $cassandra_server_list = hiera('contrail_analytics_database_node_ips'), $ca_file = hiera('contrail::service_certificate',false), $cert_file = hiera('contrail::service_certificate',false), $collector_http_server_port = hiera('contrail::analytics::collector_http_server_port'), $collector_sandesh_port = hiera('contrail::analytics::collector_sandesh_port'), - $disc_server_ip = hiera('contrail_config_vip'), + $disc_server_ip = hiera('contrail_config_vip',hiera('internal_api_virtual_ip')), $disc_server_port = hiera('contrail::disc_server_port'), $http_server_port = hiera('contrail::analytics::http_server_port'), $host_ip = hiera('contrail::analytics::host_ip'), $insecure = hiera('contrail::insecure'), $kafka_broker_list = hiera('contrail_analytics_database_node_ips'), $memcached_servers = hiera('contrail::memcached_server'), - $public_vip = hiera('public_virtual_ip'), + $internal_vip = hiera('internal_api_virtual_ip'), $rabbit_server = hiera('rabbitmq_node_ips'), $rabbit_user = hiera('contrail::rabbit_user'), $rabbit_password = hiera('contrail::rabbit_password'), @@ -227,7 +221,7 @@ class tripleo::network::contrail::analytics( { $cassandra_server_list_9042 = join([join($cassandra_server_list, ':9042 '),':9042'],'') $kafka_broker_list_9092 = join([join($kafka_broker_list, ':9092 '),':9092'],'') - $rabbit_server_list_5672 = join([join($rabbit_server, ":${rabbit_port},"),":${rabbit_port}"],'') + $rabbit_server_list_5672 = join([join($rabbit_server, ':5672,'),':5672'],'') $redis_config = "bind ${host_ip} 127.0.0.1" $zk_server_ip_2181 = join([join($zk_server_ip, ':2181 '),':2181'],'') $zk_server_ip_2181_comma = join([join($zk_server_ip, ':2181,'),':2181'],'') @@ -238,7 +232,7 @@ class tripleo::network::contrail::analytics( 'admin_tenant_name' => $admin_tenant_name, 'admin_user' => $admin_user, 'auth_host' => $auth_host, - 'auth_port' => $auth_port_ssl, + 'auth_port' => $auth_port, 'auth_protocol' => $auth_protocol, 'insecure' => $insecure, 'certfile' => $cert_file, @@ -246,8 +240,8 @@ class tripleo::network::contrail::analytics( } $vnc_api_lib_config = { 'auth' => { - 'AUTHN_SERVER' => $public_vip, - 'AUTHN_PORT' => $auth_port_ssl, + 'AUTHN_SERVER' => $auth_host, + 'AUTHN_PORT' => $auth_port, 'AUTHN_PROTOCOL' => $auth_protocol, 'certfile' => $cert_file, 'cafile' => $ca_file, @@ -265,7 +259,7 @@ class tripleo::network::contrail::analytics( } $vnc_api_lib_config = { 'auth' => { - 'AUTHN_SERVER' => $public_vip, + 'AUTHN_SERVER' => $auth_host, }, } } @@ -354,6 +348,7 @@ class tripleo::network::contrail::analytics( 'disc_server_ip' => $disc_server_ip, 'disc_server_port' => $disc_server_port, }, + 'KEYSTONE' => $keystone_config, }, redis_config => $redis_config, topology_config => { @@ -380,7 +375,7 @@ class tripleo::network::contrail::analytics( keystone_admin_user => $admin_user, keystone_admin_password => $admin_password, keystone_admin_tenant_name => $admin_tenant_name, - openstack_vip => $public_vip, + openstack_vip => $auth_host, } } } diff --git a/manifests/network/contrail/analyticsdatabase.pp b/manifests/network/contrail/analyticsdatabase.pp index cf3016a..1cffaf2 100644 --- a/manifests/network/contrail/analyticsdatabase.pp +++ b/manifests/network/contrail/analyticsdatabase.pp @@ -24,10 +24,10 @@ # String (IPv4) value # Defaults to hiera('contrail::auth_host') # -# [*auth_port_ssl*] -# (optional) keystone ssl port. +# [*auth_port*] +# (optional) keystone port. # Integer value. -# Defaults to hiera('contrail::auth_port_ssl') +# Defaults to hiera('contrail::auth_port') # # [*auth_protocol*] # (optional) authentication protocol. @@ -37,7 +37,7 @@ # [*api_server*] # (optional) IPv4 VIP of Contrail Config API # String (IPv4) value -# Defaults to hiera('contrail_config_vip') +# Defaults to hiera('contrail_config_vip',hiera('internal_api_virtual_ip')) # # [*api_port*] # (optional) Port of Contrail Config API @@ -82,7 +82,7 @@ # [*disc_server_ip*] # (optional) IPv4 VIP of Contrail Discovery # String (IPv4) value -# Defaults to hiera('contrail_config_vip') +# Defaults to hiera('contrail_config_vip',hiera('internal_api_virtual_ip')) # # [*disc_server_port*] # (optional) port Discovery server listens on. @@ -104,10 +104,10 @@ # List value # Defaults to hiera('contrail_analytics_database_short_node_names', '') # -# [*public_vip*] +# [*internal_vip*] # (optional) Public VIP # String (IPv4) value -# Defaults to hiera('public_virtual_ip') +# Defaults to hiera('internal_api_virtual_ip') # # [*step*] # (optional) step in the stack @@ -122,31 +122,31 @@ class tripleo::network::contrail::analyticsdatabase( $step = Integer(hiera('step')), $auth_host = hiera('contrail::auth_host'), - $api_server = hiera('contrail_config_vip'), + $api_server = hiera('contrail_config_vip',hiera('internal_api_virtual_ip')), $api_port = hiera('contrail::api_port'), $admin_password = hiera('contrail::admin_password'), $admin_tenant_name = hiera('contrail::admin_tenant_name'), $admin_token = hiera('contrail::admin_token'), $admin_user = hiera('contrail::admin_user'), - $auth_port_ssl = hiera('contrail::auth_port_ssl'), $auth_protocol = hiera('contrail::auth_protocol'), + $auth_port = hiera('contrail::auth_port'), $cassandra_servers = hiera('contrail_analytics_database_node_ips'), $ca_file = hiera('contrail::service_certificate',false), $cert_file = hiera('contrail::service_certificate',false), - $disc_server_ip = hiera('contrail_config_vip'), + $disc_server_ip = hiera('contrail_config_vip',hiera('internal_api_virtual_ip')), $disc_server_port = hiera('contrail::disc_server_port'), $host_ip = hiera('contrail::analytics::database::host_ip'), $host_name = $::hostname, $kafka_hostnames = hiera('contrail_analytics_database_short_node_names', ''), - $public_vip = hiera('public_virtual_ip'), + $internal_vip = hiera('internal_api_virtual_ip'), $zookeeper_server_ips = hiera('contrail_database_node_ips'), ) { if $auth_protocol == 'https' { $vnc_api_lib_config = { 'auth' => { - 'AUTHN_SERVER' => $public_vip, - 'AUTHN_PORT' => $auth_port_ssl, + 'AUTHN_SERVER' => $auth_host, + 'AUTHN_PORT' => $auth_port, 'AUTHN_PROTOCOL' => $auth_protocol, 'certfile' => $cert_file, 'cafile' => $ca_file, @@ -155,7 +155,7 @@ class tripleo::network::contrail::analyticsdatabase( } else { $vnc_api_lib_config = { 'auth' => { - 'AUTHN_SERVER' => $public_vip, + 'AUTHN_SERVER' => $auth_host, }, } } @@ -196,7 +196,7 @@ class tripleo::network::contrail::analyticsdatabase( keystone_admin_user => $admin_user, keystone_admin_password => $admin_password, keystone_admin_tenant_name => $admin_tenant_name, - openstack_vip => $public_vip, + openstack_vip => $auth_host, } } } diff --git a/manifests/network/contrail/config.pp b/manifests/network/contrail/config.pp index 3fc4fd8..2cd1613 100644 --- a/manifests/network/contrail/config.pp +++ b/manifests/network/contrail/config.pp @@ -48,7 +48,7 @@ # [*api_server*] # (optional) VIP of Config API # String (IPv4) value. -# Defaults to hiera('contrail_config_vip') +# Defaults to hiera('contrail_config_vip',hiera('internal_api_virtual_ip')) # # [*api_port*] # (optional) Port of Config API @@ -68,11 +68,6 @@ # (optional) keystone port. # Defaults to hiera('contrail::auth_port') # -# [*auth_port_ssl*] -# (optional) keystone ssl port. -# Integer value. -# Defaults to hiera('contrail::auth_port_ssl') -# # [*auth_protocol*] # (optional) authentication protocol. # Defaults to hiera('contrail::auth_protocol') @@ -105,7 +100,7 @@ # [*disc_server_ip*] # (optional) IPv4 address of discovery server. # String (IPv4) value. -# Defaults to hiera('contrail_config_vip'), +# Defaults to hiera('contrail::disc_server_ip') # # [*disc_server_port*] # (optional) port of discovery server @@ -175,10 +170,10 @@ # String (IPv4) value + port # Defaults to hiera('contrail::memcached_server') # -# [*public_vip*] +# [*internal_vip*] # (optional) Public virtual ip # String value. -# Defaults to hiera('public_virtual_ip') +# Defaults to hiera('internal_api_virtual_ip') # # [*step*] # (optional) Step stack is in @@ -222,19 +217,18 @@ class tripleo::network::contrail::config( $admin_tenant_name = hiera('contrail::admin_tenant_name'), $admin_token = hiera('contrail::admin_token'), $admin_user = hiera('contrail::admin_user'), - $api_server = hiera('contrail_config_vip'), + $api_server = hiera('contrail_config_vip',hiera('internal_api_virtual_ip')), $api_port = hiera('contrail::api_port'), $auth = hiera('contrail::auth'), $auth_host = hiera('contrail::auth_host'), $auth_port = hiera('contrail::auth_port'), - $auth_port_ssl = hiera('contrail::auth_port_ssl'), $auth_protocol = hiera('contrail::auth_protocol'), $cassandra_server_list = hiera('contrail_database_node_ips'), $ca_file = hiera('contrail::service_certificate',false), $cert_file = hiera('contrail::service_certificate',false), $config_hostnames = hiera('contrail_config_short_node_names'), $control_server_list = hiera('contrail_control_node_ips'), - $disc_server_ip = hiera('contrail_config_vip'), + $disc_server_ip = hiera('contrail_config_vip',hiera('internal_api_virtual_ip')), $disc_server_port = hiera('contrail::disc_server_port'), $host_ip = hiera('contrail::config::host_ip'), $ifmap_password = hiera('contrail::config::ifmap_password'), @@ -248,7 +242,7 @@ class tripleo::network::contrail::config( $linklocal_service_name = 'metadata', $linklocal_service_ip = '169.254.169.254', $memcached_servers = hiera('contrail::memcached_server'), - $public_vip = hiera('public_virtual_ip'), + $internal_vip = hiera('internal_api_virtual_ip'), $rabbit_server = hiera('rabbitmq_node_ips'), $rabbit_user = hiera('contrail::rabbit_user'), $rabbit_password = hiera('contrail::rabbit_password'), @@ -275,7 +269,7 @@ class tripleo::network::contrail::config( 'admin_token' => $admin_token, 'admin_user' => $admin_user, 'auth_host' => $auth_host, - 'auth_port' => $auth_port_ssl, + 'auth_port' => $auth_port, 'auth_protocol' => $auth_protocol, 'insecure' => $insecure, 'memcached_servers' => $memcached_servers, @@ -285,8 +279,8 @@ class tripleo::network::contrail::config( } $vnc_api_lib_config = { 'auth' => { - 'AUTHN_SERVER' => $public_vip, - 'AUTHN_PORT' => $auth_port_ssl, + 'AUTHN_SERVER' => $auth_host, + 'AUTHN_PORT' => $auth_port, 'AUTHN_PROTOCOL' => $auth_protocol, 'certfile' => $cert_file, 'cafile' => $ca_file, @@ -308,7 +302,7 @@ class tripleo::network::contrail::config( } $vnc_api_lib_config = { 'auth' => { - 'AUTHN_SERVER' => $public_vip, + 'AUTHN_SERVER' => $auth_host, }, } } @@ -341,6 +335,8 @@ class tripleo::network::contrail::config( }, device_manager_config => { 'DEFAULTS' => { + 'api_server_ip' => $api_server, + 'api_server_port' => $api_port, 'cassandra_server_list' => $cassandra_server_list_9160, 'disc_server_ip' => $disc_server_ip, 'disc_server_port' => $disc_server_port, @@ -360,6 +356,8 @@ class tripleo::network::contrail::config( keystone_config => $keystone_config, schema_config => { 'DEFAULTS' => { + 'api_server_ip' => $api_server, + 'api_server_port' => $api_port, 'cassandra_server_list' => $cassandra_server_list_9160, 'disc_server_ip' => $disc_server_ip, 'disc_server_port' => $disc_server_port, @@ -375,6 +373,8 @@ class tripleo::network::contrail::config( }, svc_monitor_config => { 'DEFAULTS' => { + 'api_server_ip' => $api_server, + 'api_server_port' => $api_port, 'cassandra_server_list' => $cassandra_server_list_9160, 'disc_server_ip' => $disc_server_ip, 'disc_server_port' => $disc_server_port, @@ -400,7 +400,7 @@ class tripleo::network::contrail::config( keystone_admin_user => $admin_user, keystone_admin_password => $admin_password, keystone_admin_tenant_name => $admin_tenant_name, - openstack_vip => $public_vip, + openstack_vip => $auth_host, } if $config_hostnames[0] == $::hostname { class {'::contrail::config::provision_linklocal': diff --git a/manifests/network/contrail/control.pp b/manifests/network/contrail/control.pp index 530d607..bad533e 100644 --- a/manifests/network/contrail/control.pp +++ b/manifests/network/contrail/control.pp @@ -29,6 +29,11 @@ # String value. # Defaults to hiera('contrail::admin_tenant_name'), # +# [*admin_token*] +# (optional) admin token +# String value. +# Defaults to hiera('contrail::admin_token'), +# # [*admin_user*] # (optional) admin user name. # String value. @@ -37,7 +42,7 @@ # [*api_server*] # (optional) IP address of api server # String value. -# Defaults to hiera('contrail_config_vip') +# Defaults to hiera('contrail_config_vip',hiera('internal_api_virtual_ip')) # # [*api_port*] # (optional) port of api server @@ -60,7 +65,7 @@ # [*disc_server_ip*] # (optional) IPv4 address of discovery server. # String (IPv4) value. -# Defaults to hiera('contrail_config_vip') +# Defaults to hiera('contrail::disc_server_ip'), # # [*disc_server_port*] # (optional) port Discovery server listens on. @@ -96,10 +101,15 @@ # String (IPv4) value + port # Defaults to hiera('contrail::memcached_servers'), # -# [*public_vip*] +# [*manage_named*] +# (optional) switch for managing named +# String +# Defaults to hiera('contrail::manage_named'), +# +# [*internal_vip*] # (optional) Public Virtual IP address # String (IPv4) value -# Defaults to hiera('public_virtual_ip') +# Defaults to hiera('internal_api_virtual_ip') # # [*router_asn*] # (optional) Autonomus System Number @@ -120,13 +130,14 @@ class tripleo::network::contrail::control( $step = Integer(hiera('step')), $admin_password = hiera('contrail::admin_password'), $admin_tenant_name = hiera('contrail::admin_tenant_name'), + $admin_token = hiera('contrail::admin_token'), $admin_user = hiera('contrail::admin_user'), - $api_server = hiera('contrail_config_vip'), + $api_server = hiera('contrail_config_vip',hiera('internal_api_virtual_ip')), $api_port = hiera('contrail::api_port'), $auth_host = hiera('contrail::auth_host'), $auth_port = hiera('contrail::auth_port'), $auth_protocol = hiera('contrail::auth_protocol'), - $disc_server_ip = hiera('contrail_config_vip'), + $disc_server_ip = hiera('contrail_config_vip',hiera('internal_api_virtual_ip')), $disc_server_port = hiera('contrail::disc_server_port'), $host_ip = hiera('contrail::control::host_ip'), $ibgp_auto_mesh = true, @@ -134,9 +145,10 @@ class tripleo::network::contrail::control( $ifmap_username = hiera('contrail::control::host_ip'), $insecure = hiera('contrail::insecure'), $memcached_servers = hiera('contrail::memcached_server'), - $public_vip = hiera('public_virtual_ip'), + $internal_vip = hiera('internal_api_virtual_ip'), $router_asn = hiera('contrail::control::asn'), $secret = hiera('contrail::control::rndc_secret'), + $manage_named = hiera('contrail::control::manage_named'), ) { $control_ifmap_user = "${ifmap_username}.control" @@ -147,6 +159,7 @@ class tripleo::network::contrail::control( if $step >= 3 { class {'::contrail::control': secret => $secret, + manage_named => $manage_named, control_config => { 'DEFAULT' => { 'hostip' => $host_ip, diff --git a/manifests/network/contrail/database.pp b/manifests/network/contrail/database.pp index 3d6b40b..35ac9cd 100644 --- a/manifests/network/contrail/database.pp +++ b/manifests/network/contrail/database.pp @@ -39,16 +39,16 @@ # String value. # Defaults to hiera('contrail::admin_user') # +# [*api_server*] +# (optional) VIP of Config API +# String (IPv4) value. +# Defaults to hiera('contrail_config_vip',hiera('internal_api_virtual_ip')) +# # [*api_port*] # (optional) Port of Config API # String value. # Defaults to hiera('contrail::api_port') # -# [*api_server*] -# (optional) VIP of Config API -# String (IPv4) value. -# Defaults to hiera('contrail_config_vip') -# # [*auth_host*] # (optional) keystone server ip address # String (IPv4) value. @@ -62,7 +62,7 @@ # [*disc_server_ip*] # (optional) IPv4 address of discovery server. # String (IPv4) value. -# Defaults to hiera('contrail_config_vip'), +# Defaults to hiera('contrail::disc_server_ip') # # [*disc_server_port*] # (optional) port Discovery server listens on. @@ -78,10 +78,10 @@ # String value. # Defaults to $::hostname # -# [*public_vip*] +# [*internal_vip*] # (optional) Public virtual ip # String value. -# Defaults to hiera('public_virtual_ip') +# Defaults to hiera('internal_api_virtual_ip') # # [*step*] # (optional) Step stack is in @@ -108,15 +108,15 @@ class tripleo::network::contrail::database( $admin_tenant_name = hiera('contrail::admin_tenant_name'), $admin_token = hiera('contrail::admin_token'), $admin_user = hiera('contrail::admin_user'), + $api_server = hiera('contrail_config_vip',hiera('internal_api_virtual_ip')), $api_port = hiera('contrail::api_port'), - $api_server = hiera('contrail_config_vip'), $auth_host = hiera('contrail::auth_host'), $cassandra_servers = hiera('contrail_database_node_ips'), - $disc_server_ip = hiera('contrail_config_vip'), + $disc_server_ip = hiera('contrail_config_vip',hiera('internal_api_virtual_ip')), $disc_server_port = hiera('contrail::disc_server_port'), $host_ip = hiera('contrail::database::host_ip'), $host_name = $::hostname, - $public_vip = hiera('public_virtual_ip'), + $internal_vip = hiera('internal_api_virtual_ip'), $step = Integer(hiera('step')), $zookeeper_client_ip = hiera('contrail::database::host_ip'), $zookeeper_hostnames = hiera('contrail_database_short_node_names'), @@ -160,7 +160,7 @@ class tripleo::network::contrail::database( keystone_admin_user => $admin_user, keystone_admin_password => $admin_password, keystone_admin_tenant_name => $admin_tenant_name, - openstack_vip => $public_vip, + openstack_vip => $auth_host, } } } diff --git a/manifests/network/contrail/heat.pp b/manifests/network/contrail/heat.pp index 4ef2a31..cc4b5ec 100644 --- a/manifests/network/contrail/heat.pp +++ b/manifests/network/contrail/heat.pp @@ -24,21 +24,31 @@ # String value. # Defaults to hiera('contrail::admin_password') # +# [*admin_tenant_name*] +# (optional) admin tenant name. +# String value. +# Defaults to hiera('contrail::admin_tenant_name') +# +# [*admin_token*] +# (optional) admin token +# String value. +# Defaults to hiera('contrail::admin_token') +# # [*admin_user*] # (optional) admin user name. # String value. # Defaults to hiera('contrail::admin_user') # +# [*api_server*] +# (optional) IP address of api server +# String value. +# Defaults to hiera('contrail_config_vip',hiera('internal_api_virtual_ip')) +# # [*api_port*] # (optional) port of api server # String value. # Defaults to hiera('contrail::api_port') # -# [*api_server*] -# (optional) IP address of api server -# String value. -# Defaults to hiera('contrail_config_vip') -# # [*auth_host*] # (optional) keystone server ip address # String (IPv4) value. @@ -56,14 +66,16 @@ # class tripleo::network::contrail::heat( $admin_password = hiera('contrail::admin_password'), + $admin_token = hiera('contrail::admin_token'), $admin_user = hiera('contrail::admin_user'), + $api_server = hiera('contrail_config_vip',hiera('internal_api_virtual_ip')), $api_port = 8082, - $api_server = hiera('contrail_config_vip'), $auth_host = hiera('contrail::auth_host'), $step = Integer(hiera('step')), $use_ssl = 'False', ) { + class {'::contrail::heat': heat_config => { 'clients_contrail' => { diff --git a/manifests/network/contrail/neutron_plugin.pp b/manifests/network/contrail/neutron_plugin.pp index d9aa587..52cdc62 100644 --- a/manifests/network/contrail/neutron_plugin.pp +++ b/manifests/network/contrail/neutron_plugin.pp @@ -22,16 +22,16 @@ # String value. # Defaults to hiera('contrail::admin_user') # +# [*api_server*] +# (optional) IP address of api server +# String value. +# Defaults to hiera('contrail_config_vip',hiera('internal_api_virtual_ip')) +# # [*api_port*] # (optional) port of api server # String value. # Defaults to hiera('contrail::api_port') # -# [*api_server*] -# (optional) IP address of api server -# String value. -# Defaults to hiera('contrail_config_vip') -# # [*auth_host*] # (optional) keystone server ip address # String (IPv4) value. @@ -42,11 +42,6 @@ # Integer value. # Defaults to hiera('contrail::auth_port') # -# [*auth_port_ssl*] -# (optional) keystone ssl port. -# Integer value. -# Defaults to hiera('contrail::auth_port_ssl') -# # [*auth_protocol*] # (optional) authentication protocol. # String value. @@ -62,6 +57,14 @@ # String value. # Defaults to hiera('contrail::service_certificate',false) # +# [*api_server_ip*] +# IP address of the API Server +# Defaults to $::os_service_default +# +# [*api_server_port*] +# Port of the API Server. +# Defaults to $::os_service_default +# # [*contrail_extensions*] # Array of OpenContrail extensions to be supported # Defaults to $::os_service_default @@ -71,6 +74,26 @@ # contrail_extensions => ['ipam:neutron_plugin_contrail.plugins.opencontrail.contrail_plugin_ipam.NeutronPluginContrailIpam'] # } # +# [*keystone_auth_url*] +# Url of the keystone auth server +# Defaults to $::os_service_default +# +# [*keystone_admin_user*] +# Admin user name +# Defaults to $::os_service_default +# +# [*keystone_admin_tenant_name*] +# Admin_tenant_name +# Defaults to $::os_service_default +# +# [*keystone_admin_password*] +# Admin password +# Defaults to $::os_service_default +# +# [*keystone_admin_token*] +# Admin token +# Defaults to $::os_service_default +# # [*package_ensure*] # (optional) Ensure state for package. # Defaults to 'present'. @@ -81,21 +104,20 @@ # Defaults to false. # class tripleo::network::contrail::neutron_plugin ( - $admin_password = hiera('contrail::admin_password'), - $admin_tenant_name = hiera('contrail::admin_tenant_name'), - $admin_token = hiera('contrail::admin_token'), - $admin_user = hiera('contrail::admin_user'), - $api_port = hiera('contrail::api_port'), - $api_server = hiera('contrail_config_vip'), - $auth_host = hiera('contrail::auth_host'), - $auth_port = hiera('contrail::auth_port'), - $auth_port_ssl = hiera('contrail::auth_port_ssl'), - $auth_protocol = hiera('contrail::auth_protocol'), - $ca_file = hiera('tripleo::haproxy::service_certificate',false), - $cert_file = hiera('tripleo::haproxy::service_certificate',false), - $contrail_extensions = hiera('contrail::vrouter::contrail_extensions'), - $package_ensure = 'present', - $purge_config = false, + $contrail_extensions = hiera('contrail::vrouter::contrail_extensions'), + $admin_password = hiera('contrail::admin_password'), + $admin_tenant_name = hiera('contrail::admin_tenant_name'), + $admin_token = hiera('contrail::admin_token'), + $admin_user = hiera('contrail::admin_user'), + $api_server = hiera('contrail_config_vip',hiera('internal_api_virtual_ip')), + $api_port = hiera('contrail::api_port'), + $auth_host = hiera('contrail::auth_host'), + $auth_port = hiera('contrail::auth_port'), + $auth_protocol = hiera('contrail::auth_protocol'), + $ca_file = hiera('tripleo::haproxy::service_certificate',false), + $cert_file = hiera('tripleo::haproxy::service_certificate',false), + $purge_config = false, + $package_ensure = 'present', ) { include ::neutron::deps @@ -159,8 +181,8 @@ class tripleo::network::contrail::neutron_plugin ( command => '/usr/sbin/usermod -a -G haproxy neutron', } + $auth_url = join([$auth_protocol,'://',$auth_host,':',$auth_port,'/v2.0']) if $auth_protocol == 'https' { - $auth_url = join([$auth_protocol,'://',$auth_host,':',$auth_port_ssl,'/v2.0']) neutron_plugin_opencontrail { 'APISERVER/api_server_ip': value => $api_server; 'APISERVER/api_server_port': value => $api_port; @@ -177,12 +199,11 @@ class tripleo::network::contrail::neutron_plugin ( 'keystone_authtoken/admin_password': value => $admin_password, secret =>true; 'keystone_authtoken/auth_host': value => $auth_host; 'keystone_authtoken/auth_protocol': value => $auth_protocol; - 'keystone_authtoken/auth_port': value => $auth_port_ssl; + 'keystone_authtoken/auth_port': value => $auth_port; 'keystone_authtoken/cafile': value => $ca_file; 'keystone_authtoken/certfile': value => $cert_file; } } else { - $auth_url = join([$auth_protocol,'://',$auth_host,':',$auth_port,'/v2.0']) neutron_plugin_opencontrail { 'APISERVER/api_server_ip': value => $api_server; 'APISERVER/api_server_port': value => $api_port; diff --git a/manifests/network/contrail/provision.pp b/manifests/network/contrail/provision.pp index 742c4a2..393e3b1 100644 --- a/manifests/network/contrail/provision.pp +++ b/manifests/network/contrail/provision.pp @@ -19,6 +19,10 @@ # # == Parameters: # +# [*host_ip*] +# (required) host IP address of Control +# String (IPv4) value. +# # [*admin_password*] # (optional) admin password # String value. @@ -42,7 +46,7 @@ # [*api_server*] # (optional) IP address of api server # String value. -# Defaults to hiera('contrail_config_vip') +# Defaults to hiera('contrail_config_vip',hiera('internal_api_virtual_ip')) # # [*auth_host*] # (optional) keystone server ip address diff --git a/manifests/network/contrail/vrouter.pp b/manifests/network/contrail/vrouter.pp index 678a77d..37c7a7b 100644 --- a/manifests/network/contrail/vrouter.pp +++ b/manifests/network/contrail/vrouter.pp @@ -45,7 +45,7 @@ # [*api_server*] # (optional) IP address of api server # String value. -# Defaults to hiera('contrail_config_vip') +# Defaults to hiera('contrail_config_vip',hiera('internal_api_virtual_ip')) # # [*api_port*] # (optional) port of api server @@ -62,11 +62,6 @@ # Integer value. # Defaults to hiera('contrail::auth_port') # -# [*auth_port_ssl*] -# (optional) keystone ssl port. -# Integer value. -# Defaults to hiera('contrail::auth_port_ssl') -# # [*auth_protocol*] # (optional) authentication protocol. # String value. @@ -90,7 +85,7 @@ # [*disc_server_ip*] # (optional) IPv4 address of discovery server. # String (IPv4) value. -# Defaults to hiera('contrail_config_vip'), +# Defaults to hiera('contrail::disc_server_ip') # # [*disc_server_port*] # (optional) port Discovery server listens on. @@ -132,16 +127,21 @@ # String value. # Defaults to hiera('contrail::vrouter::physical_interface') # -# [*public_vip*] +# [*internal_vip*] # (optional) Public VIP to Keystone # String (IPv4) value. -# Defaults to hiera('public_virtual_ip') +# Defaults to hiera('internal_api_virtual_ip') # # [*is_tsn*] # (optional) Turns vrouter into TSN # String value. # Defaults to hiera('contrail::vrouter::is_tsn',false) # +# [*is_dpdk*] +# (optional) Turns vrouter into DPDK Compute Node +# String value. +# Defaults to hiera('contrail::vrouter::is_dpdk',false) +# class tripleo::network::contrail::vrouter ( $step = Integer(hiera('step')), $admin_password = hiera('contrail::admin_password'), @@ -149,15 +149,14 @@ class tripleo::network::contrail::vrouter ( $admin_token = hiera('contrail::admin_token'), $admin_user = hiera('contrail::admin_user'), $api_port = hiera('contrail::api_port'), - $api_server = hiera('contrail_config_vip'), + $api_server = hiera('contrail_config_vip',hiera('internal_api_virtual_ip')), $auth_host = hiera('contrail::auth_host'), $auth_port = hiera('contrail::auth_port'), - $auth_port_ssl = hiera('contrail::auth_port_ssl'), $auth_protocol = hiera('contrail::auth_protocol'), $ca_file = hiera('contrail::service_certificate',false), $cert_file = hiera('contrail::service_certificate',false), - $control_server = hiera('contrail_control_node_ips'), - $disc_server_ip = hiera('contrail_config_vip'), + $control_server = hiera('contrail::vrouter::control_node_ips'), + $disc_server_ip = hiera('contrail_config_vip',hiera('internal_api_virtual_ip')), $disc_server_port = hiera('contrail::disc_server_port'), $gateway = hiera('contrail::vrouter::gateway'), $host_ip = hiera('contrail::vrouter::host_ip'), @@ -166,18 +165,23 @@ class tripleo::network::contrail::vrouter ( $metadata_secret = hiera('contrail::vrouter::metadata_proxy_shared_secret'), $netmask = hiera('contrail::vrouter::netmask'), $physical_interface = hiera('contrail::vrouter::physical_interface'), - $public_vip = hiera('public_virtual_ip'), + $internal_vip = hiera('internal_api_virtual_ip'), $is_tsn = hiera('contrail::vrouter::is_tsn',false), + $is_dpdk = hiera('contrail::vrouter::is_dpdk',false), ) { $cidr = netmask_to_cidr($netmask) notify { 'cidr': message => $cidr, } - $macaddress = inline_template("<%= scope.lookupvar('::macaddress_${physical_interface}') -%>") #include ::contrail::vrouter # NOTE: it's not possible to use this class without a functional # contrail controller up and running - $control_server_list = join($control_server, ' ') + if size($control_server) == 0 { + #$control_server_list = join(hiera('contrail_control_node_ips'), ' ') + $control_server_list = '' + } else { + $control_server_list = join($control_server, ' ') + } if $auth_protocol == 'https' { $keystone_config = { 'KEYSTONE' => { @@ -186,7 +190,7 @@ class tripleo::network::contrail::vrouter ( 'admin_token' => $admin_token, 'admin_user' => $admin_user, 'auth_host' => $auth_host, - 'auth_port' => $auth_port_ssl, + 'auth_port' => $auth_port, 'auth_protocol' => $auth_protocol, 'insecure' => $insecure, 'memcached_servers' => $memcached_servers, @@ -196,8 +200,8 @@ class tripleo::network::contrail::vrouter ( } $vnc_api_lib_config = { 'auth' => { - 'AUTHN_SERVER' => $public_vip, - 'AUTHN_PORT' => $auth_port_ssl, + 'AUTHN_SERVER' => $auth_host, + 'AUTHN_PORT' => $auth_port, 'AUTHN_PROTOCOL' => $auth_protocol, 'certfile' => $cert_file, 'cafile' => $ca_file, @@ -219,18 +223,59 @@ class tripleo::network::contrail::vrouter ( } $vnc_api_lib_config = { 'auth' => { - 'AUTHN_SERVER' => $public_vip, + 'AUTHN_SERVER' => $auth_host, }, } } if $is_tsn { + $macaddress = inline_template("<%= scope.lookupvar('::macaddress_${physical_interface}') -%>") $vrouter_agent_config = { - 'DEBUG' => { + 'DEFAULT' => { 'agent_mode' => 'tsn', }, + 'DNS' => { + 'server' => $control_server_list, + }, + 'CONTROL-NODE' => { + 'server' => $control_server_list, + }, + 'NETWORKS' => { + 'control_network_ip' => $host_ip, + }, + 'VIRTUAL-HOST-INTERFACE' => { + 'compute_node_address' => $host_ip, + 'gateway' => $gateway, + 'ip' => "${host_ip}/${cidr}", + 'name' => 'vhost0', + 'physical_interface' => $physical_interface, + }, + 'METADATA' => { + 'metadata_proxy_secret' => $metadata_secret, + }, + 'DISCOVERY' => { + 'server' => $disc_server_ip, + 'port' => $disc_server_port, + }, + } + } elsif $is_dpdk { + $pciaddress = generate('/bin/cat','/etc/contrail/dpdk_pci') + $macaddress = generate('/bin/cat','/etc/contrail/dpdk_mac') + $vrouter_agent_config = { + 'DEFAULT' => { + 'platform' => 'dpdk', + 'physical_uio_driver' => 'uio_pci_generic', + 'physical_interface_mac' => $macaddress, + 'physical_interface_address' => $pciaddress, + }, + 'DNS' => { + 'server' => $control_server_list, + }, 'CONTROL-NODE' => { 'server' => $control_server_list, }, + 'NETWORKS' => { + 'control_network_ip' => $host_ip, + }, 'VIRTUAL-HOST-INTERFACE' => { 'compute_node_address' => $host_ip, 'gateway' => $gateway, @@ -247,10 +292,17 @@ class tripleo::network::contrail::vrouter ( }, } } else { + $macaddress = inline_template("<%= scope.lookupvar('::macaddress_${physical_interface}') -%>") $vrouter_agent_config = { + 'DNS' => { + 'server' => $control_server_list, + }, 'CONTROL-NODE' => { 'server' => $control_server_list, }, + 'NETWORKS' => { + 'control_network_ip' => $host_ip, + }, 'VIRTUAL-HOST-INTERFACE' => { 'compute_node_address' => $host_ip, 'gateway' => $gateway, @@ -272,6 +324,7 @@ class tripleo::network::contrail::vrouter ( gateway => $gateway, host_ip => $host_ip, is_tsn => $is_tsn, + is_dpdk => $is_dpdk, macaddr => $macaddress, mask => $cidr, netmask => $netmask, @@ -297,6 +350,7 @@ class tripleo::network::contrail::vrouter ( keystone_admin_password => $admin_password, keystone_admin_tenant_name => $admin_tenant_name, is_tsn => $is_tsn, + is_dpdk => $is_dpdk, } } } diff --git a/manifests/network/contrail/webui.pp b/manifests/network/contrail/webui.pp index b621811..f0b1af6 100644 --- a/manifests/network/contrail/webui.pp +++ b/manifests/network/contrail/webui.pp @@ -49,16 +49,6 @@ # Integer value. # Defaults to hiera('contrail::auth_port_public') # -# [*auth_port_ssl*] -# (optional) keystone ssl port. -# Integer value. -# Defaults to hiera('contrail::auth_port_ssl') -# -# [*auth_port_ssl_public*] -# (optional) keystone public ssl port. -# Integer value. -# Defaults to hiera('contrail::auth_port_ssl_public') -# # [*auth_protocol*] # (optional) authentication protocol. # String value. @@ -77,12 +67,12 @@ # [*contrail_analytics_vip*] # (optional) VIP of Contrail Analytics # String (IPv4) value. -# Defaults to hiera('contrail_analytics_vip') +# Defaults to hiera('contrail_analytics_vip',hiera('internal_api_virtual_ip')) # # [*contrail_config_vip*] # (optional) VIP of Contrail Config # String (IPv4) value. -# Defaults to hiera('contrail_config_vip') +# Defaults to hiera('contrail_config_vip',hiera('internal_api_virtual_ip')) # # [*contrail_webui_http_port*] # (optional) Webui HTTP Port @@ -97,7 +87,7 @@ # [*neutron_vip*] # (optional) VIP of Neutron # String (IPv4) value. -# Defaults to hiera('neutron_api_vip') +# Defaults to hiera('internal_api_virtual_ip') # # [*redis_ip*] # (optional) IP of Redis @@ -109,31 +99,25 @@ class tripleo::network::contrail::webui( $admin_tenant_name = hiera('contrail::admin_tenant_name'), $admin_token = hiera('contrail::admin_token'), $admin_user = hiera('contrail::admin_user'), - $auth_host = hiera('contrail::auth_host'), + $auth_host = hiera('internal_api_virtual_ip'), $auth_protocol = hiera('contrail::auth_protocol'), $auth_port_public = hiera('contrail::auth_port_public'), - $auth_port_ssl_public = hiera('contrail::auth_port_ssl_public'), $cassandra_server_list = hiera('contrail_database_node_ips'), - $cert_file = hiera('contrail::cert_file'), - $contrail_analytics_vip = hiera('contrail_analytics_vip'), - $contrail_config_vip = hiera('contrail_config_vip'), + $cert_file = hiera('contrail::service_certificate',false), + $contrail_analytics_vip = hiera('contrail_analytics_vip',hiera('internal_api_virtual_ip')), + $contrail_config_vip = hiera('contrail_config_vip',hiera('internal_api_virtual_ip')), $contrail_webui_http_port = hiera('contrail::webui::http_port'), $contrail_webui_https_port = hiera('contrail::webui::https_port'), - $neutron_vip = hiera('neutron_api_vip'), + $neutron_vip = hiera('internal_api_virtual_ip'), $redis_ip = hiera('contrail::webui::redis_ip'), ) { - if $auth_protocol == 'https' { - $auth_port = $auth_port_ssl_public - } else { - $auth_port = $auth_port_public - } class {'::contrail::webui': admin_user => $admin_user, admin_password => $admin_password, admin_token => $admin_token, admin_tenant_name => $admin_tenant_name, - auth_port => $auth_port, + auth_port => $auth_port_public, auth_protocol => $auth_protocol, cassandra_ip => $cassandra_server_list, cert_file => $cert_file, diff --git a/releasenotes/notes/contrail-move-traffic-to-internal_api-ddc96d24c7018b81.yaml b/releasenotes/notes/contrail-move-traffic-to-internal_api-ddc96d24c7018b81.yaml new file mode 100644 index 0000000..2505c54 --- /dev/null +++ b/releasenotes/notes/contrail-move-traffic-to-internal_api-ddc96d24c7018b81.yaml @@ -0,0 +1,10 @@ +--- +fixes: + - | + Traffic between Contrail nodes used the public network. This release will + move the traffic to the internal_api network per default and also allows + to optionally use the storage_mgmt network. This is in preparation for + for composable networks, where Contrail will have its own network. +features: + - | + This release allows to enable Contrail DPDK on the compute nodes. diff --git a/spec/functions/netmask_to_cidr_spec.rb b/spec/functions/netmask_to_cidr_spec.rb new file mode 100644 index 0000000..e076456 --- /dev/null +++ b/spec/functions/netmask_to_cidr_spec.rb @@ -0,0 +1,6 @@ +require 'spec_helper' +require 'puppet' + +describe 'netmask_to_cidr' do + it { should run.with_params('255.255.255.0').and_return(24) } +end -- cgit 1.2.3-korg