From cba52888670d2f19a104960ed9be9bd24b97b9c0 Mon Sep 17 00:00:00 2001 From: Steven Hardy Date: Thu, 8 Dec 2016 17:15:46 +0000 Subject: Make network-isolation environment rendered for all roles Currently there's some hard-coded references to roles here, rendering from the roles_data.yaml is a step towards making the use of isolated networks for custom roles easier. Partial-Bug: #1633090 Depends-On: Ib681729cc2728ca4b0486c14166b6b702edfcaab Change-Id: If3989f24f077738845d2edbee405bd9198e7b7db --- environments/network-isolation.j2.yaml | 37 +++++++++++++++++++++ environments/network-isolation.yaml | 59 ---------------------------------- roles/BlockStorage.yaml | 4 +++ roles/CephStorage.yaml | 3 ++ roles/Compute.yaml | 4 +++ roles/Controller.yaml | 6 ++++ roles/ControllerOpenstack.yaml | 6 ++++ roles/Database.yaml | 2 ++ roles/Messaging.yaml | 2 ++ roles/Networker.yaml | 2 ++ roles/ObjectStorage.yaml | 4 +++ roles/README.rst | 4 +++ roles/Telemetry.yaml | 2 ++ roles_data.yaml | 21 ++++++++++++ 14 files changed, 97 insertions(+), 59 deletions(-) create mode 100644 environments/network-isolation.j2.yaml delete mode 100644 environments/network-isolation.yaml diff --git a/environments/network-isolation.j2.yaml b/environments/network-isolation.j2.yaml new file mode 100644 index 00000000..3ef9b275 --- /dev/null +++ b/environments/network-isolation.j2.yaml @@ -0,0 +1,37 @@ +{%- set primary_role = [roles[0]] -%} +{%- for role in roles -%} + {%- if 'primary' in role.tags and 'controller' in role.tags -%} + {%- set _ = primary_role.pop() -%} + {%- set _ = primary_role.append(role) -%} + {%- endif -%} +{%- endfor -%} +{%- set primary_role_name = primary_role[0].name -%} +# Enable the creation of Neutron networks for isolated Overcloud +# traffic and configure each role to assign ports (related +# to that role) on these networks. +# primary role is: {{primary_role_name}} +resource_registry: + # networks as defined in network_data.yaml + {%- for network in networks if network.enabled|default(true) %} + OS::TripleO::Network::{{network.name}}: ../network/{{network.name.lower()}}.yaml + {%- endfor %} + + # Port assignments for the VIPs + {%- for network in networks if network.vip %} + OS::TripleO::Network::Ports::{{network.name}}VipPort: ../network/ports/{{network.name_lower|default(network.name.lower())}}.yaml + {%- endfor %} + OS::TripleO::Network::Ports::RedisVipPort: ../network/ports/vip.yaml + + + OS::TripleO::{{primary_role_name}}::Ports::RedisVipPort: ../network/ports/vip.yaml + +{%- for role in roles %} + # Port assignments for the {{role.name}} + {%- for network in networks %} + {%- if network.name in role.networks|default([]) and network.enabled|default(true) %} + OS::TripleO::{{role.name}}::Ports::{{network.name}}Port: ../network/ports/{{network.name_lower|default(network.name.lower())}}.yaml + {%- else %} + OS::TripleO::{{role.name}}::Ports::{{network.name}}Port: ../network/ports/noop.yaml + {%- endif %} + {%- endfor %} +{%- endfor %} diff --git a/environments/network-isolation.yaml b/environments/network-isolation.yaml deleted file mode 100644 index a6b4b8ae..00000000 --- a/environments/network-isolation.yaml +++ /dev/null @@ -1,59 +0,0 @@ -# Enable the creation of Neutron networks for isolated Overcloud -# traffic and configure each role to assign ports (related -# to that role) on these networks. -resource_registry: - OS::TripleO::Network::External: ../network/external.yaml - OS::TripleO::Network::InternalApi: ../network/internal_api.yaml - OS::TripleO::Network::StorageMgmt: ../network/storage_mgmt.yaml - OS::TripleO::Network::Storage: ../network/storage.yaml - OS::TripleO::Network::Tenant: ../network/tenant.yaml - # Management network is optional and disabled by default. - # To enable it, include environments/network-management.yaml - #OS::TripleO::Network::Management: ../network/management.yaml - - # Port assignments for the VIPs - OS::TripleO::Network::Ports::ExternalVipPort: ../network/ports/external.yaml - OS::TripleO::Network::Ports::InternalApiVipPort: ../network/ports/internal_api.yaml - OS::TripleO::Network::Ports::StorageVipPort: ../network/ports/storage.yaml - OS::TripleO::Network::Ports::StorageMgmtVipPort: ../network/ports/storage_mgmt.yaml - OS::TripleO::Network::Ports::RedisVipPort: ../network/ports/vip.yaml - - # Port assignments for the controller role - OS::TripleO::Controller::Ports::ExternalPort: ../network/ports/external.yaml - OS::TripleO::Controller::Ports::InternalApiPort: ../network/ports/internal_api.yaml - OS::TripleO::Controller::Ports::StoragePort: ../network/ports/storage.yaml - OS::TripleO::Controller::Ports::StorageMgmtPort: ../network/ports/storage_mgmt.yaml - OS::TripleO::Controller::Ports::TenantPort: ../network/ports/tenant.yaml - #OS::TripleO::Controller::Ports::ManagementPort: ../network/ports/management.yaml - - # Port assignments for the compute role - OS::TripleO::Compute::Ports::ExternalPort: ../network/ports/noop.yaml - OS::TripleO::Compute::Ports::InternalApiPort: ../network/ports/internal_api.yaml - OS::TripleO::Compute::Ports::StoragePort: ../network/ports/storage.yaml - OS::TripleO::Compute::Ports::StorageMgmtPort: ../network/ports/noop.yaml - OS::TripleO::Compute::Ports::TenantPort: ../network/ports/tenant.yaml - #OS::TripleO::Compute::Ports::ManagementPort: ../network/ports/management.yaml - - # Port assignments for the ceph storage role - OS::TripleO::CephStorage::Ports::ExternalPort: ../network/ports/noop.yaml - OS::TripleO::CephStorage::Ports::InternalApiPort: ../network/ports/noop.yaml - OS::TripleO::CephStorage::Ports::StoragePort: ../network/ports/storage.yaml - OS::TripleO::CephStorage::Ports::StorageMgmtPort: ../network/ports/storage_mgmt.yaml - OS::TripleO::CephStorage::Ports::TenantPort: ../network/ports/noop.yaml - #OS::TripleO::CephStorage::Ports::ManagementPort: ../network/ports/management.yaml - - # Port assignments for the swift storage role - OS::TripleO::SwiftStorage::Ports::ExternalPort: ../network/ports/noop.yaml - OS::TripleO::SwiftStorage::Ports::InternalApiPort: ../network/ports/internal_api.yaml - OS::TripleO::SwiftStorage::Ports::StoragePort: ../network/ports/storage.yaml - OS::TripleO::SwiftStorage::Ports::StorageMgmtPort: ../network/ports/storage_mgmt.yaml - OS::TripleO::SwiftStorage::Ports::TenantPort: ../network/ports/noop.yaml - #OS::TripleO::SwiftStorage::Ports::ManagementPort: ../network/ports/management.yaml - - # Port assignments for the block storage role - OS::TripleO::BlockStorage::Ports::ExternalPort: ../network/ports/noop.yaml - OS::TripleO::BlockStorage::Ports::InternalApiPort: ../network/ports/internal_api.yaml - OS::TripleO::BlockStorage::Ports::StoragePort: ../network/ports/storage.yaml - OS::TripleO::BlockStorage::Ports::StorageMgmtPort: ../network/ports/storage_mgmt.yaml - OS::TripleO::BlockStorage::Ports::TenantPort: ../network/ports/noop.yaml - #OS::TripleO::BlockStorage::Ports::ManagementPort: ../network/ports/management.yaml diff --git a/roles/BlockStorage.yaml b/roles/BlockStorage.yaml index d242a5bb..16873fd1 100644 --- a/roles/BlockStorage.yaml +++ b/roles/BlockStorage.yaml @@ -4,6 +4,10 @@ - name: BlockStorage description: | Cinder Block Storage node role + networks: + - InternalApi + - Storage + - StorageMgmt ServicesDefault: - OS::TripleO::Services::AuditD - OS::TripleO::Services::BlockStorageCinderVolume diff --git a/roles/CephStorage.yaml b/roles/CephStorage.yaml index d3de6bae..647c4d5a 100644 --- a/roles/CephStorage.yaml +++ b/roles/CephStorage.yaml @@ -4,6 +4,9 @@ - name: CephStorage description: | Ceph OSD Storage node role + networks: + - Storage + - StorageMgmt ServicesDefault: - OS::TripleO::Services::AuditD - OS::TripleO::Services::CACerts diff --git a/roles/Compute.yaml b/roles/Compute.yaml index 73ec6595..d6bd1f3c 100644 --- a/roles/Compute.yaml +++ b/roles/Compute.yaml @@ -5,6 +5,10 @@ description: | Basic Compute Node role CountDefault: 1 + networks: + - InternalApi + - Tenant + - Storage HostnameFormatDefault: '%stackname%-novacompute-%index%' disable_upgrade_deployment: True ServicesDefault: diff --git a/roles/Controller.yaml b/roles/Controller.yaml index 7511d4c0..cccb75af 100644 --- a/roles/Controller.yaml +++ b/roles/Controller.yaml @@ -9,6 +9,12 @@ tags: - primary - controller + networks: + - External + - InternalApi + - Storage + - StorageMgmt + - Tenant HostnameFormatDefault: '%stackname%-controller-%index%' ServicesDefault: - OS::TripleO::Services::AodhApi diff --git a/roles/ControllerOpenstack.yaml b/roles/ControllerOpenstack.yaml index 2d1702e8..6cf2120e 100644 --- a/roles/ControllerOpenstack.yaml +++ b/roles/ControllerOpenstack.yaml @@ -9,6 +9,12 @@ tags: - primary - controller + networks: + - External + - InternalApi + - Storage + - StorageMgmt + - Tenant HostnameFormatDefault: '%stackname%-controller-%index%' ServicesDefault: - OS::TripleO::Services::AodhApi diff --git a/roles/Database.yaml b/roles/Database.yaml index 3ef751a7..75b26a8c 100644 --- a/roles/Database.yaml +++ b/roles/Database.yaml @@ -4,6 +4,8 @@ - name: Database description: | Standalone database role with the database being managed via Pacemaker + networks: + - InternalApi HostnameFormatDefault: '%stackname%-database-%index%' ServicesDefault: - OS::TripleO::Services::AuditD diff --git a/roles/Messaging.yaml b/roles/Messaging.yaml index cbef61ab..5b06063f 100644 --- a/roles/Messaging.yaml +++ b/roles/Messaging.yaml @@ -4,6 +4,8 @@ - name: Messaging description: | Standalone messaging role with RabbitMQ being managed via Pacemaker + networks: + - InternalApi HostnameFormatDefault: '%stackname%-messaging-%index%' ServicesDefault: - OS::TripleO::Services::AuditD diff --git a/roles/Networker.yaml b/roles/Networker.yaml index b393fa7b..a28eaa63 100644 --- a/roles/Networker.yaml +++ b/roles/Networker.yaml @@ -5,6 +5,8 @@ description: | Standalone networking role to run Neutron services their own. Includes Pacemaker integration via PacemakerRemote + networks: + - InternalApi HostnameFormatDefault: '%stackname%-networker-%index%' ServicesDefault: - OS::TripleO::Services::AuditD diff --git a/roles/ObjectStorage.yaml b/roles/ObjectStorage.yaml index 3741ca66..27dc1233 100644 --- a/roles/ObjectStorage.yaml +++ b/roles/ObjectStorage.yaml @@ -4,6 +4,10 @@ - name: ObjectStorage description: | Swift Object Storage node role + networks: + - InternalApi + - Storage + - StorageMgmt disable_upgrade_deployment: True ServicesDefault: - OS::TripleO::Services::AuditD diff --git a/roles/README.rst b/roles/README.rst index 6c742332..cd1fcb47 100644 --- a/roles/README.rst +++ b/roles/README.rst @@ -58,6 +58,10 @@ Role Options * description: (string) as few sentences describing the role and information pertaining to the usage of the role. + * networks: (list), optional list of networks which the role will have + access to when network isolation is enabled. The names should match + those defined in network_data.yaml. + Working with Roles ================== The tripleoclient provides a series of commands that can be used to view diff --git a/roles/Telemetry.yaml b/roles/Telemetry.yaml index 0f60364b..d23ab6e3 100644 --- a/roles/Telemetry.yaml +++ b/roles/Telemetry.yaml @@ -4,6 +4,8 @@ - name: Telemetry description: | Telemetry role that has all the telemetry services. + networks: + - InternalApi HostnameFormatDefault: '%stackname%-telemetry-%index%' ServicesDefault: - OS::TripleO::Services::AodhApi diff --git a/roles_data.yaml b/roles_data.yaml index c536e834..23f8d19a 100644 --- a/roles_data.yaml +++ b/roles_data.yaml @@ -12,6 +12,12 @@ tags: - primary - controller + networks: + - External + - InternalApi + - Storage + - StorageMgmt + - Tenant HostnameFormatDefault: '%stackname%-controller-%index%' ServicesDefault: - OS::TripleO::Services::AodhApi @@ -128,6 +134,10 @@ description: | Basic Compute Node role CountDefault: 1 + networks: + - InternalApi + - Tenant + - Storage HostnameFormatDefault: '%stackname%-novacompute-%index%' disable_upgrade_deployment: True ServicesDefault: @@ -167,6 +177,10 @@ - name: BlockStorage description: | Cinder Block Storage node role + networks: + - InternalApi + - Storage + - StorageMgmt ServicesDefault: - OS::TripleO::Services::AuditD - OS::TripleO::Services::BlockStorageCinderVolume @@ -191,6 +205,10 @@ - name: ObjectStorage description: | Swift Object Storage node role + networks: + - InternalApi + - Storage + - StorageMgmt disable_upgrade_deployment: True ServicesDefault: - OS::TripleO::Services::AuditD @@ -217,6 +235,9 @@ - name: CephStorage description: | Ceph OSD Storage node role + networks: + - Storage + - StorageMgmt ServicesDefault: - OS::TripleO::Services::AuditD - OS::TripleO::Services::CACerts -- cgit 1.2.3-korg