From 95343d26c8d2cc9789b87a77748b3e7becd548ca Mon Sep 17 00:00:00 2001 From: "carey.xu" Date: Fri, 18 Sep 2015 14:55:04 +0800 Subject: separate the mgmt vip from public vip, remove HA_VIP Change-Id: Iaa877b7ce93ba9c12bc9be6f3bd101779f07ae9c JIRA: COMPASS-51 --- .../openstack_juno/templates/neutron-network.conf | 8 ++-- .../ansible/openstack_juno/templates/neutron.conf | 8 ++-- .../ansible/openstack_juno/templates/nova.conf | 12 ++--- .../cinder-controller/templates/api-paste.ini | 4 +- .../roles/cinder-controller/templates/cinder.conf | 6 +-- .../cinder-controller/templates/cinder_init.sh | 8 ++-- .../roles/cinder-volume/templates/cinder.conf | 6 +-- .../roles/dashboard/templates/local_settings.py | 2 +- .../ansible/roles/database/templates/my.cnf | 3 +- .../ansible/roles/database/templates/server.cnf | 2 +- .../ansible/roles/database/templates/wsrep.cnf | 5 +- .../ansible/roles/ext-network/tasks/main.yml | 8 ++-- .../ansible/roles/glance/templates/glance-api.conf | 4 +- .../roles/glance/templates/glance-registry.conf | 4 +- .../ansible/roles/glance/templates/image_upload.sh | 2 +- .../ansible/roles/ha/templates/failover.j2 | 2 +- .../ansible/roles/ha/templates/haproxy.cfg | 20 ++++---- .../ansible/roles/ha/templates/keepalived.conf | 53 ++++++++++++---------- .../roles/keystone/templates/admin-openrc.sh | 2 +- .../roles/keystone/templates/demo-openrc.sh | 2 +- .../ansible/roles/keystone/templates/keystone_init | 44 +++++++++--------- .../ansible/roles/mq/templates/rabbitmq-env.conf | 2 +- .../neutron-compute/templates/metadata_agent.ini | 4 +- .../neutron-controller/tasks/neutron_install.yml | 2 +- .../templates/metadata_agent.ini | 4 +- .../ansible/roles/neutron-network/tasks/main.yml | 4 +- .../neutron-network/templates/etc/xorp/config.boot | 6 +-- .../neutron-network/templates/metadata_agent.ini | 4 +- .../ansible/roles/neutron-network/vars/RedHat.yml | 2 +- .../nova-controller/templates/metadata_agent.ini | 4 +- .../roles/odl_cluster/tasks/openvswitch.yml | 2 +- .../ansible/roles/odl_cluster/templates/akka.conf | 14 +++--- .../roles/odl_cluster/templates/ml2_conf.sh | 2 +- .../ansible/roles/setup-network/tasks/main.yml | 24 +++++----- .../setup-network/templates/my_configs.debian | 14 +++--- deploy/conf/network_cfg.yaml | 13 ++++++ 36 files changed, 161 insertions(+), 145 deletions(-) (limited to 'deploy') diff --git a/deploy/adapters/ansible/openstack_juno/templates/neutron-network.conf b/deploy/adapters/ansible/openstack_juno/templates/neutron-network.conf index df27cd47..63ac27ee 100644 --- a/deploy/adapters/ansible/openstack_juno/templates/neutron-network.conf +++ b/deploy/adapters/ansible/openstack_juno/templates/neutron-network.conf @@ -304,7 +304,7 @@ notify_nova_on_port_status_changes = True notify_nova_on_port_data_changes = True # URL for connection to nova (Only supports one nova region currently). -nova_url = http://{{ HA_VIP }}:8774/v2 +nova_url = http://{{ internal_vip.ip }}:8774/v2 # Name of nova region to use. Useful if keystone manages more than one region nova_region_name = regionOne @@ -318,7 +318,7 @@ nova_admin_username = nova nova_admin_password = {{ NOVA_PASS }} # Authorization URL for connection to nova in admin context. -nova_admin_auth_url = http://{{ HA_VIP }}:35357/v2.0 +nova_admin_auth_url = http://{{ internal_vip.ip }}:35357/v2.0 # Number of seconds between sending events to nova if there are any events to send send_events_interval = 2 @@ -392,8 +392,8 @@ report_interval = 30 # =========== end of items for agent management extension ===== [keystone_authtoken] -auth_uri = http://{{ HA_VIP }}:5000/v2.0 -identity_uri = http://{{ HA_VIP }}:35357 +auth_uri = http://{{ internal_vip.ip }}:5000/v2.0 +identity_uri = http://{{ internal_vip.ip }}:35357 admin_tenant_name = service admin_user = neutron admin_password = {{ NEUTRON_PASS }} diff --git a/deploy/adapters/ansible/openstack_juno/templates/neutron.conf b/deploy/adapters/ansible/openstack_juno/templates/neutron.conf index 73128488..8a5e76ee 100644 --- a/deploy/adapters/ansible/openstack_juno/templates/neutron.conf +++ b/deploy/adapters/ansible/openstack_juno/templates/neutron.conf @@ -304,7 +304,7 @@ notify_nova_on_port_status_changes = True notify_nova_on_port_data_changes = True # URL for connection to nova (Only supports one nova region currently). -nova_url = http://{{ HA_VIP }}:8774/v2 +nova_url = http://{{ internal_vip.ip }}:8774/v2 # Name of nova region to use. Useful if keystone manages more than one region nova_region_name = regionOne @@ -319,7 +319,7 @@ nova_admin_tenant_id = {{ NOVA_ADMIN_TENANT_ID.stdout_lines[0] }} nova_admin_password = {{ NOVA_PASS }} # Authorization URL for connection to nova in admin context. -nova_admin_auth_url = http://{{ HA_VIP }}:35357/v2.0 +nova_admin_auth_url = http://{{ internal_vip.ip }}:35357/v2.0 # Number of seconds between sending events to nova if there are any events to send send_events_interval = 2 @@ -393,8 +393,8 @@ report_interval = 30 # =========== end of items for agent management extension ===== [keystone_authtoken] -auth_uri = http://{{ HA_VIP }}:5000/v2.0 -identity_uri = http://{{ HA_VIP }}:35357 +auth_uri = http://{{ internal_vip.ip }}:5000/v2.0 +identity_uri = http://{{ internal_vip.ip }}:35357 admin_tenant_name = service admin_user = neutron admin_password = {{ NEUTRON_PASS }} diff --git a/deploy/adapters/ansible/openstack_juno/templates/nova.conf b/deploy/adapters/ansible/openstack_juno/templates/nova.conf index 9b4280c1..559a6d82 100644 --- a/deploy/adapters/ansible/openstack_juno/templates/nova.conf +++ b/deploy/adapters/ansible/openstack_juno/templates/nova.conf @@ -33,7 +33,7 @@ my_ip = {{ internal_ip }} vnc_enabled = True vncserver_listen = {{ internal_ip }} vncserver_proxyclient_address = {{ internal_ip }} -novncproxy_base_url = http://{{ HA_VIP }}:6080/vnc_auto.html +novncproxy_base_url = http://{{ internal_vip.ip }}:6080/vnc_auto.html novncproxy_host = {{ internal_ip }} novncproxy_port = 6080 @@ -54,21 +54,21 @@ notification_driver = ceilometer.compute.nova_notifier connection = mysql://nova:{{ NOVA_DBPASS }}@{{ db_host }}/nova [keystone_authtoken] -auth_uri = http://{{ HA_VIP }}:5000/2.0 -identity_uri = http://{{ HA_VIP }}:35357 +auth_uri = http://{{ internal_vip.ip }}:5000/2.0 +identity_uri = http://{{ internal_vip.ip }}:35357 admin_tenant_name = service admin_user = nova admin_password = {{ NOVA_PASS }} [glance] -host = {{ HA_VIP }} +host = {{ internal_vip.ip }} [neutron] -url = http://{{ HA_VIP }}:9696 +url = http://{{ internal_vip.ip }}:9696 auth_strategy = keystone admin_tenant_name = service admin_username = neutron admin_password = {{ NEUTRON_PASS }} -admin_auth_url = http://{{ HA_VIP }}:35357/v2.0 +admin_auth_url = http://{{ internal_vip.ip }}:35357/v2.0 service_metadata_proxy = True metadata_proxy_shared_secret = {{ METADATA_SECRET }} diff --git a/deploy/adapters/ansible/roles/cinder-controller/templates/api-paste.ini b/deploy/adapters/ansible/roles/cinder-controller/templates/api-paste.ini index b568a179..0eb04e29 100644 --- a/deploy/adapters/ansible/roles/cinder-controller/templates/api-paste.ini +++ b/deploy/adapters/ansible/roles/cinder-controller/templates/api-paste.ini @@ -54,8 +54,8 @@ paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory # auth_host = 127.0.0.1 # auth_port = 35357 # auth_protocol = http -auth_uri = http://{{ HA_VIP }}:5000/v2.0 -identity_uri = http://{{ HA_VIP }}:35357 +auth_uri = http://{{ internal_vip.ip }}:5000/v2.0 +identity_uri = http://{{ internal_vip.ip }}:35357 admin_tenant_name = service admin_user = cinder admin_password = {{ CINDER_PASS }} diff --git a/deploy/adapters/ansible/roles/cinder-controller/templates/cinder.conf b/deploy/adapters/ansible/roles/cinder-controller/templates/cinder.conf index e34fd2fa..cf41817b 100644 --- a/deploy/adapters/ansible/roles/cinder-controller/templates/cinder.conf +++ b/deploy/adapters/ansible/roles/cinder-controller/templates/cinder.conf @@ -22,7 +22,7 @@ rabbit_userid = {{ RABBIT_USER }} rabbit_password = {{ RABBIT_PASS }} my_ip = {{ storage_controller_host }} -glance_host = {{ HA_VIP }} +glance_host = {{ internal_vip.ip }} glance_port = 9292 api_rate_limit = False storage_availability_zone = nova @@ -53,8 +53,8 @@ volumes_dir=/var/lib/cinder/volumes volume_driver=cinder.volume.drivers.lvm.LVMISCSIDriver [keystone_authtoken] -auth_uri = http://{{ HA_VIP }}:5000/v2.0 -identity_uri = http://{{ HA_VIP }}:35357 +auth_uri = http://{{ internal_vip.ip }}:5000/v2.0 +identity_uri = http://{{ internal_vip.ip }}:35357 admin_tenant_name = service admin_user = cinder admin_password = {{ CINDER_PASS }} diff --git a/deploy/adapters/ansible/roles/cinder-controller/templates/cinder_init.sh b/deploy/adapters/ansible/roles/cinder-controller/templates/cinder_init.sh index 0ec61b64..abe4d06a 100644 --- a/deploy/adapters/ansible/roles/cinder-controller/templates/cinder_init.sh +++ b/deploy/adapters/ansible/roles/cinder-controller/templates/cinder_init.sh @@ -1,6 +1,6 @@ -keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ HA_VIP }}:35357/v2.0 user-create --name=cinder --pass={{ CINDER_PASS }} --email=cinder@example.com -keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ HA_VIP }}:35357/v2.0 user-role-add --user=cinder --tenant=service --role=admin +keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ internal_vip.ip }}:35357/v2.0 user-create --name=cinder --pass={{ CINDER_PASS }} --email=cinder@example.com +keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ internal_vip.ip }}:35357/v2.0 user-role-add --user=cinder --tenant=service --role=admin -keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ HA_VIP }}:35357/v2.0 service-create --name=cinder --type=volume --description="OpenStack Block Storage" -keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ HA_VIP }}:35357/v2.0 endpoint-create --service-id=$(keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ HA_VIP }}:35357/v2.0 service-list | awk '/ volume / {print $2}') --publicurl=http://{{ HA_VIP }}:8776/v1/%\(tenant_id\)s --internalurl=http://{{ HA_VIP }}:8776/v1/%\(tenant_id\)s --adminurl=http://{{ HA_VIP }}:8776/v1/%\(tenant_id\)s +keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ internal_vip.ip }}:35357/v2.0 service-create --name=cinder --type=volume --description="OpenStack Block Storage" +keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ internal_vip.ip }}:35357/v2.0 endpoint-create --service-id=$(keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ internal_vip.ip }}:35357/v2.0 service-list | awk '/ volume / {print $2}') --publicurl=http://{{ internal_vip.ip }}:8776/v1/%\(tenant_id\)s --internalurl=http://{{ internal_vip.ip }}:8776/v1/%\(tenant_id\)s --adminurl=http://{{ internal_vip.ip }}:8776/v1/%\(tenant_id\)s diff --git a/deploy/adapters/ansible/roles/cinder-volume/templates/cinder.conf b/deploy/adapters/ansible/roles/cinder-volume/templates/cinder.conf index aa3b8ccd..86422e93 100644 --- a/deploy/adapters/ansible/roles/cinder-volume/templates/cinder.conf +++ b/deploy/adapters/ansible/roles/cinder-volume/templates/cinder.conf @@ -21,7 +21,7 @@ rabbit_userid = {{ RABBIT_USER }} rabbit_password = {{ RABBIT_PASS }} my_ip = {{ storage_controller_host }} -glance_host = {{ HA_VIP }} +glance_host = {{ internal_vip.ip }} glance_port = 9292 api_rate_limit = False storage_availability_zone = nova @@ -52,8 +52,8 @@ volumes_dir=/var/lib/cinder/volumes volume_driver=cinder.volume.drivers.lvm.LVMISCSIDriver [keystone_authtoken] -auth_uri = http://{{ HA_VIP }}:5000/v2.0 -identity_uri = http://{{ HA_VIP }}:35357 +auth_uri = http://{{ internal_vip.ip }}:5000/v2.0 +identity_uri = http://{{ internal_vip.ip }}:35357 admin_tenant_name = service admin_user = cinder admin_password = {{ CINDER_PASS }} diff --git a/deploy/adapters/ansible/roles/dashboard/templates/local_settings.py b/deploy/adapters/ansible/roles/dashboard/templates/local_settings.py index 92c61f3e..62854e05 100644 --- a/deploy/adapters/ansible/roles/dashboard/templates/local_settings.py +++ b/deploy/adapters/ansible/roles/dashboard/templates/local_settings.py @@ -146,7 +146,7 @@ EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend' # ('http://cluster2.example.com:5000/v2.0', 'cluster2'), # ] -OPENSTACK_HOST = "{{ HA_VIP }}" +OPENSTACK_HOST = "{{ internal_vip.ip }}" OPENSTACK_KEYSTONE_URL = "http://%s:5000/v2.0" % OPENSTACK_HOST OPENSTACK_KEYSTONE_DEFAULT_ROLE = "_member_" diff --git a/deploy/adapters/ansible/roles/database/templates/my.cnf b/deploy/adapters/ansible/roles/database/templates/my.cnf index f88f4772..2023185d 100644 --- a/deploy/adapters/ansible/roles/database/templates/my.cnf +++ b/deploy/adapters/ansible/roles/database/templates/my.cnf @@ -45,8 +45,7 @@ skip-name-resolve # # Instead of skip-networking the default is now to listen only on # localhost which is more compatible and is not less secure. -#bind-address = {{ hostvars[inventory_hostname]['ansible_' + INTERNAL_INTERFACE].ipv4.address }} -bind-address = {{ HA_VIP }} +bind-address = {{ internal_vip.ip }} # # * Fine Tuning # diff --git a/deploy/adapters/ansible/roles/database/templates/server.cnf b/deploy/adapters/ansible/roles/database/templates/server.cnf index e0893c0f..57441ddf 100644 --- a/deploy/adapters/ansible/roles/database/templates/server.cnf +++ b/deploy/adapters/ansible/roles/database/templates/server.cnf @@ -15,7 +15,7 @@ max_connections = 2000 max_connect_errors = 8000 skip-host-cache skip-name-resolve -bind-address = {{ HA_VIP }} +bind-address = {{ internal_vip.ip }} # # * Galera-related settings # diff --git a/deploy/adapters/ansible/roles/database/templates/wsrep.cnf b/deploy/adapters/ansible/roles/database/templates/wsrep.cnf index 6c14b155..197640c9 100644 --- a/deploy/adapters/ansible/roles/database/templates/wsrep.cnf +++ b/deploy/adapters/ansible/roles/database/templates/wsrep.cnf @@ -31,8 +31,7 @@ query_cache_type=0 # Override bind-address # In some systems bind-address defaults to 127.0.0.1, and with mysqldump SST # it will have (most likely) disastrous consequences on donor node -#bind-address={{ hostvars[inventory_hostname]['ansible_' + INTERNAL_INTERFACE].ipv4.address }} -bind-address={{ HA_VIP }} +bind-address={{ internal_vip.ip }} ## ## WSREP options @@ -56,7 +55,7 @@ wsrep_cluster_address=gcomm://{{ haproxy_hosts.values()|join(",") }} # Base replication [:port] of the node. # The values supplied will be used as defaults for state transfer receiving, # listening ports and so on. Default: address of the first network interface. -wsrep_node_address={{ internal_ips[inventory_hostname] }} +wsrep_node_address={{ internal_ip }} # Address for incoming client connections. Autodetect by default. #wsrep_node_incoming_address= diff --git a/deploy/adapters/ansible/roles/ext-network/tasks/main.yml b/deploy/adapters/ansible/roles/ext-network/tasks/main.yml index bffb995f..57ef875e 100644 --- a/deploy/adapters/ansible/roles/ext-network/tasks/main.yml +++ b/deploy/adapters/ansible/roles/ext-network/tasks/main.yml @@ -4,7 +4,7 @@ login_username: ADMIN login_password: "{{ ADMIN_PASS }}" login_tenant_name: admin - auth_url: "http://{{ HA_VIP }}:35357/v2.0" + auth_url: "http://{{ internal_vip.ip }}:35357/v2.0" name: "{{ public_net_info.network }}" provider_network_type: "{{ public_net_info.type }}" provider_physical_network: "{{ public_net_info.provider_network }}" @@ -20,7 +20,7 @@ login_username: ADMIN login_password: "{{ ADMIN_PASS }}" login_tenant_name: admin - auth_url: "http://{{ HA_VIP }}:35357/v2.0" + auth_url: "http://{{ internal_vip.ip }}:35357/v2.0" name: "{{ public_net_info.subnet }}" network_name: "{{ public_net_info.network }}" cidr: "{{ public_net_info.floating_ip_cidr }}" @@ -38,7 +38,7 @@ login_username: ADMIN login_password: "{{ ADMIN_PASS }}" login_tenant_name: admin - auth_url: "http://{{ HA_VIP }}:35357/v2.0" + auth_url: "http://{{ internal_vip.ip }}:35357/v2.0" name: "{{ public_net_info.router }}" state: present run_once: true @@ -49,7 +49,7 @@ login_username: ADMIN login_password: "{{ ADMIN_PASS }}" login_tenant_name: admin - auth_url: "http://{{ HA_VIP }}:35357/v2.0" + auth_url: "http://{{ internal_vip.ip }}:35357/v2.0" router_name: "{{ public_net_info.router }}" network_name: "{{ public_net_info.network }}" state: present diff --git a/deploy/adapters/ansible/roles/glance/templates/glance-api.conf b/deploy/adapters/ansible/roles/glance/templates/glance-api.conf index 3046ab37..737b9a3a 100644 --- a/deploy/adapters/ansible/roles/glance/templates/glance-api.conf +++ b/deploy/adapters/ansible/roles/glance/templates/glance-api.conf @@ -653,8 +653,8 @@ connection = mysql://glance:{{ GLANCE_DBPASS }}@{{ db_host }}/glance #db_max_retries = 20 [keystone_authtoken] -auth_uri = http://{{ HA_VIP }}:5000/v2.0 -identity_uri = http://{{ HA_VIP }}:35357 +auth_uri = http://{{ internal_vip.ip }}:5000/v2.0 +identity_uri = http://{{ internal_vip.ip }}:35357 admin_tenant_name = service admin_user = glance admin_password = {{ GLANCE_PASS }} diff --git a/deploy/adapters/ansible/roles/glance/templates/glance-registry.conf b/deploy/adapters/ansible/roles/glance/templates/glance-registry.conf index 8d731a24..1fedb0b5 100644 --- a/deploy/adapters/ansible/roles/glance/templates/glance-registry.conf +++ b/deploy/adapters/ansible/roles/glance/templates/glance-registry.conf @@ -173,8 +173,8 @@ connection = mysql://glance:{{ GLANCE_DBPASS }}@{{ db_host }}/glance #db_max_retries = 20 [keystone_authtoken] -auth_uri = http://{{ HA_VIP }}:5000/v2.0 -identity_uri = http://{{ HA_VIP }}:35357 +auth_uri = http://{{ internal_vip.ip }}:5000/v2.0 +identity_uri = http://{{ internal_vip.ip }}:35357 admin_tenant_name = service admin_user = glance admin_password = {{ GLANCE_PASS }} diff --git a/deploy/adapters/ansible/roles/glance/templates/image_upload.sh b/deploy/adapters/ansible/roles/glance/templates/image_upload.sh index 9dd1fa8d..985707a4 100644 --- a/deploy/adapters/ansible/roles/glance/templates/image_upload.sh +++ b/deploy/adapters/ansible/roles/glance/templates/image_upload.sh @@ -1,2 +1,2 @@ sleep 10 -glance --os-username=admin --os-password={{ ADMIN_PASS }} --os-tenant-name=admin --os-auth-url=http://{{ HA_VIP }}:35357/v2.0 image-create --name="cirros" --disk-format=qcow2 --container-format=bare --is-public=true < /opt/{{ build_in_image_name }} && touch glance.import.completed +glance --os-username=admin --os-password={{ ADMIN_PASS }} --os-tenant-name=admin --os-auth-url=http://{{ internal_vip.ip }}:35357/v2.0 image-create --name="cirros" --disk-format=qcow2 --container-format=bare --is-public=true < /opt/{{ build_in_image_name }} && touch glance.import.completed diff --git a/deploy/adapters/ansible/roles/ha/templates/failover.j2 b/deploy/adapters/ansible/roles/ha/templates/failover.j2 index ebfa65f8..3b08cf2d 100644 --- a/deploy/adapters/ansible/roles/ha/templates/failover.j2 +++ b/deploy/adapters/ansible/roles/ha/templates/failover.j2 @@ -11,7 +11,7 @@ except: pass LOG.basicConfig(format='%(asctime)s %(message)s', datefmt='%m/%d/%Y %I:%M:%S %p', filename=LOG_FILE,level=LOG.DEBUG) -ha_vip = {{ HA_VIP }} +ha_vip = {{ internal_vip.ip }} LOG.info("ha_vip: %s" % ha_vip) #ha_vip = "10.1.0.50" diff --git a/deploy/adapters/ansible/roles/ha/templates/haproxy.cfg b/deploy/adapters/ansible/roles/ha/templates/haproxy.cfg index 169182da..3c18d362 100644 --- a/deploy/adapters/ansible/roles/ha/templates/haproxy.cfg +++ b/deploy/adapters/ansible/roles/ha/templates/haproxy.cfg @@ -26,7 +26,7 @@ defaults retries 5 listen proxy-glance_registry_cluster - bind {{ HA_VIP }}:9191 + bind {{ internal_vip.ip }}:9191 option tcpka option tcplog balance source @@ -35,7 +35,7 @@ listen proxy-glance_registry_cluster {% endfor %} listen proxy-glance_api_cluster - bind {{ HA_VIP }}:9292 + bind {{ internal_vip.ip }}:9292 option tcpka option httpchk option tcplog @@ -45,7 +45,7 @@ listen proxy-glance_api_cluster {% endfor %} listen proxy-nova-novncproxy - bind {{ HA_VIP }}:6080 + bind {{ internal_vip.ip }}:6080 option tcpka option tcplog balance source @@ -54,7 +54,7 @@ listen proxy-nova-novncproxy {% endfor %} listen proxy-network - bind {{ HA_VIP }}:9696 + bind {{ internal_vip.ip }}:9696 option tcpka option tcplog balance source @@ -63,7 +63,7 @@ listen proxy-network {% endfor %} listen proxy-volume - bind {{ HA_VIP }}:8776 + bind {{ internal_vip.ip }}:8776 option tcpka option httpchk option tcplog @@ -73,7 +73,7 @@ listen proxy-volume {% endfor %} listen proxy-keystone_admin_cluster - bind {{ HA_VIP }}:35357 + bind {{ internal_vip.ip }}:35357 option tcpka option httpchk option tcplog @@ -83,7 +83,7 @@ listen proxy-keystone_admin_cluster {% endfor %} listen proxy-keystone_public_internal_cluster - bind {{ HA_VIP }}:5000 + bind {{ internal_vip.ip }}:5000 option tcpka option httpchk option tcplog @@ -93,7 +93,7 @@ listen proxy-keystone_public_internal_cluster {% endfor %} listen proxy-nova_compute_api_cluster - bind {{ HA_VIP }}:8774 + bind {{ internal_vip.ip }}:8774 mode tcp option httpchk option tcplog @@ -103,7 +103,7 @@ listen proxy-nova_compute_api_cluster {% endfor %} listen proxy-nova_metadata_api_cluster - bind {{ HA_VIP }}:8775 + bind {{ internal_vip.ip }}:8775 option tcpka option tcplog balance source @@ -112,7 +112,7 @@ listen proxy-nova_metadata_api_cluster {% endfor %} listen proxy-cinder_api_cluster - bind {{ HA_VIP }}:8776 + bind {{ internal_vip.ip }}:8776 mode tcp option httpchk option tcplog diff --git a/deploy/adapters/ansible/roles/ha/templates/keepalived.conf b/deploy/adapters/ansible/roles/ha/templates/keepalived.conf index f9f91915..f1e6db5d 100644 --- a/deploy/adapters/ansible/roles/ha/templates/keepalived.conf +++ b/deploy/adapters/ansible/roles/ha/templates/keepalived.conf @@ -1,41 +1,48 @@ global_defs { - - notification_email{ - root@huawei.com - } - - notification_email_from keepalived@huawei.com - - smtp_server localhost - - smtp_connect_timeout 30 - - router_id NodeA - + router_id {{ inventory_hostname }} } -vrrp_instance VI_1 { - interface {{ INTERNAL_INTERFACE }} - virtual_router_id 51 +vrrp_instance internal_vip { + interface {{ internal_vip.interface }} + virtual_router_id {{ vrouter_id_internal }} state BACKUP nopreempt + preempt_delay 30 advert_int 1 -{% for host in groups['controller'] %} -{% if host == inventory_hostname %} - priority {{ 100 - loop.index0 * 5 }} -{% endif %} -{% endfor %} + priority 100 authentication { auth_type PASS - auth_pass 1111 + auth_pass 1234 } virtual_ipaddress { - {{ HA_VIP }} dev {{ INTERNAL_INTERFACE }} + {{ internal_vip.ip }}/{{ internal_vip.netmask }} dev {{ internal_vip.interface }} } notify_master "/usr/local/bin/notify.sh master" notify_backup "/usr/local/bin/notify.sh backup" + } +#vrrp_instance public_vip { +# interface {{ network_cfg.public_vip.interface }} +# virtual_router_id {{ vrouter_id_public }} +# state BACKUP +# nopreempt +# preempt_delay 30 +# advert_int 1 +# priority 100 +# +# authentication { +# auth_type PASS +# auth_pass 4321 +# } +# +# virtual_ipaddress { +# {{ network_cfg.public_vip.ip }}/{{ network_cfg.public_vip.netmask }} dev {{ network_cfg.public_vip.interface }} +# } +# +#} +# +# notify_backup "/usr/local/bin/notify.sh backup" diff --git a/deploy/adapters/ansible/roles/keystone/templates/admin-openrc.sh b/deploy/adapters/ansible/roles/keystone/templates/admin-openrc.sh index f2e0d615..544fe31d 100644 --- a/deploy/adapters/ansible/roles/keystone/templates/admin-openrc.sh +++ b/deploy/adapters/ansible/roles/keystone/templates/admin-openrc.sh @@ -1,6 +1,6 @@ # Verify the Identity Service installation export OS_PASSWORD={{ ADMIN_PASS }} export OS_TENANT_NAME=admin -export OS_AUTH_URL=http://{{ HA_VIP }}:35357/v2.0 +export OS_AUTH_URL=http://{{ internal_vip.ip }}:35357/v2.0 export OS_USERNAME=ADMIN diff --git a/deploy/adapters/ansible/roles/keystone/templates/demo-openrc.sh b/deploy/adapters/ansible/roles/keystone/templates/demo-openrc.sh index 8bdc51ba..73909629 100644 --- a/deploy/adapters/ansible/roles/keystone/templates/demo-openrc.sh +++ b/deploy/adapters/ansible/roles/keystone/templates/demo-openrc.sh @@ -1,5 +1,5 @@ export OS_USERNAME=demo export OS_PASSWORD={{ DEMO_PASS }} export OS_TENANT_NAME=demo -export OS_AUTH_URL=http://{{ HA_VIP }}:35357/v2.0 +export OS_AUTH_URL=http://{{ internal_vip.ip }}:35357/v2.0 diff --git a/deploy/adapters/ansible/roles/keystone/templates/keystone_init b/deploy/adapters/ansible/roles/keystone/templates/keystone_init index 0f2aec40..d9cc65a9 100644 --- a/deploy/adapters/ansible/roles/keystone/templates/keystone_init +++ b/deploy/adapters/ansible/roles/keystone/templates/keystone_init @@ -1,5 +1,5 @@ set -e -while ! keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ HA_VIP }}:35357/v2.0 user-list; do +while ! keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ internal_vip.ip }}:35357/v2.0 user-list; do echo "not ready" sleep 1 done @@ -7,41 +7,41 @@ echo "keystone is ready" # create an administrative user -keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ HA_VIP }}:35357/v2.0 role-create --name=admin -keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ HA_VIP }}:35357/v2.0 tenant-create --name=admin --description="Admin Tenant" -keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ HA_VIP }}:35357/v2.0 user-create --name=admin --pass={{ ADMIN_PASS }} --tenant=admin --email=admin@admin.com -keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ HA_VIP }}:35357/v2.0 user-role-add --user=admin --tenant=admin --role=admin +keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ internal_vip.ip }}:35357/v2.0 role-create --name=admin +keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ internal_vip.ip }}:35357/v2.0 tenant-create --name=admin --description="Admin Tenant" +keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ internal_vip.ip }}:35357/v2.0 user-create --name=admin --pass={{ ADMIN_PASS }} --tenant=admin --email=admin@admin.com +keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ internal_vip.ip }}:35357/v2.0 user-role-add --user=admin --tenant=admin --role=admin # create a normal user -keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ HA_VIP }}:35357/v2.0 tenant-create --name=demo --description="Demo Tenant" -keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ HA_VIP }}:35357/v2.0 user-create --name=demo --pass={{ DEMO_PASS }} --tenant=demo --email=DEMO_EMAIL +keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ internal_vip.ip }}:35357/v2.0 tenant-create --name=demo --description="Demo Tenant" +keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ internal_vip.ip }}:35357/v2.0 user-create --name=demo --pass={{ DEMO_PASS }} --tenant=demo --email=DEMO_EMAIL # create a service tenant -keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ HA_VIP }}:35357/v2.0 tenant-create --name=service --description="Service Tenant" +keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ internal_vip.ip }}:35357/v2.0 tenant-create --name=service --description="Service Tenant" # regist keystone -keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ HA_VIP }}:35357/v2.0 service-create --name=keystone --type=identity --description="OpenStack Identity" -keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ HA_VIP }}:35357/v2.0 endpoint-create --service_id=$(keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ HA_VIP }}:35357/v2.0 service-list | awk '/ identity / {print $2}') --publicurl=http://{{ HA_VIP }}:5000/v2.0 --internalurl=http://{{ HA_VIP }}:5000/v2.0 --adminurl=http://{{ HA_VIP }}:35357/v2.0 +keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ internal_vip.ip }}:35357/v2.0 service-create --name=keystone --type=identity --description="OpenStack Identity" +keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ internal_vip.ip }}:35357/v2.0 endpoint-create --service_id=$(keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ internal_vip.ip }}:35357/v2.0 service-list | awk '/ identity / {print $2}') --publicurl=http://{{ internal_vip.ip }}:5000/v2.0 --internalurl=http://{{ internal_vip.ip }}:5000/v2.0 --adminurl=http://{{ internal_vip.ip }}:35357/v2.0 # Create a glance user that the Image Service can use to authenticate with the Identity service -keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ HA_VIP }}:35357/v2.0 user-create --name=glance --pass={{ GLANCE_PASS }} --email=glance@example.com -keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ HA_VIP }}:35357/v2.0 user-role-add --user=glance --tenant=service --role=admin +keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ internal_vip.ip }}:35357/v2.0 user-create --name=glance --pass={{ GLANCE_PASS }} --email=glance@example.com +keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ internal_vip.ip }}:35357/v2.0 user-role-add --user=glance --tenant=service --role=admin #Register the Image Service with the Identity service so that other OpenStack services can locate it -keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ HA_VIP }}:35357/v2.0 service-create --name=glance --type=image --description="OpenStack Image Service" -keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ HA_VIP }}:35357/v2.0 endpoint-create --service-id=$(keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ HA_VIP }}:35357/v2.0 service-list | awk '/ image / {print $2}') --publicurl=http://{{ HA_VIP }}:9292 --internalurl=http://{{ HA_VIP }}:9292 --adminurl=http://{{ HA_VIP }}:9292 +keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ internal_vip.ip }}:35357/v2.0 service-create --name=glance --type=image --description="OpenStack Image Service" +keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ internal_vip.ip }}:35357/v2.0 endpoint-create --service-id=$(keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ internal_vip.ip }}:35357/v2.0 service-list | awk '/ image / {print $2}') --publicurl=http://{{ internal_vip.ip }}:9292 --internalurl=http://{{ internal_vip.ip }}:9292 --adminurl=http://{{ internal_vip.ip }}:9292 #Create a nova user that Compute uses to authenticate with the Identity Service -keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ HA_VIP }}:35357/v2.0 user-create --name=nova --pass={{ NOVA_PASS }} --email=nova@example.com -keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ HA_VIP }}:35357/v2.0 user-role-add --user=nova --tenant=service --role=admin +keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ internal_vip.ip }}:35357/v2.0 user-create --name=nova --pass={{ NOVA_PASS }} --email=nova@example.com +keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ internal_vip.ip }}:35357/v2.0 user-role-add --user=nova --tenant=service --role=admin # register Compute with the Identity Service so that other OpenStack services can locate it -keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ HA_VIP }}:35357/v2.0 service-create --name=nova --type=compute --description="OpenStack Compute" -keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ HA_VIP }}:35357/v2.0 endpoint-create --service-id=$(keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ HA_VIP }}:35357/v2.0 service-list | awk '/ compute / {print $2}') --publicurl=http://{{ HA_VIP }}:8774/v2/%\(tenant_id\)s --internalurl=http://{{ HA_VIP }}:8774/v2/%\(tenant_id\)s --adminurl=http://{{ HA_VIP }}:8774/v2/%\(tenant_id\)s +keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ internal_vip.ip }}:35357/v2.0 service-create --name=nova --type=compute --description="OpenStack Compute" +keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ internal_vip.ip }}:35357/v2.0 endpoint-create --service-id=$(keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ internal_vip.ip }}:35357/v2.0 service-list | awk '/ compute / {print $2}') --publicurl=http://{{ internal_vip.ip }}:8774/v2/%\(tenant_id\)s --internalurl=http://{{ internal_vip.ip }}:8774/v2/%\(tenant_id\)s --adminurl=http://{{ internal_vip.ip }}:8774/v2/%\(tenant_id\)s # register netron user, role and service -keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ HA_VIP }}:35357/v2.0 user-create --name neutron --pass {{ NEUTRON_PASS }} --email neutron@example.com -keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ HA_VIP }}:35357/v2.0 user-role-add --user neutron --tenant service --role admin -keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ HA_VIP }}:35357/v2.0 service-create --name neutron --type network --description "OpenStack Networking" -keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ HA_VIP }}:35357/v2.0 endpoint-create --service-id $(keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ HA_VIP }}:35357/v2.0 service-list | awk '/ network / {print $2}') --publicurl http://{{ HA_VIP }}:9696 --adminurl http://{{ HA_VIP }}:9696 --internalurl http://{{ HA_VIP }}:9696 +keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ internal_vip.ip }}:35357/v2.0 user-create --name neutron --pass {{ NEUTRON_PASS }} --email neutron@example.com +keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ internal_vip.ip }}:35357/v2.0 user-role-add --user neutron --tenant service --role admin +keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ internal_vip.ip }}:35357/v2.0 service-create --name neutron --type network --description "OpenStack Networking" +keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ internal_vip.ip }}:35357/v2.0 endpoint-create --service-id $(keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ internal_vip.ip }}:35357/v2.0 service-list | awk '/ network / {print $2}') --publicurl http://{{ internal_vip.ip }}:9696 --adminurl http://{{ internal_vip.ip }}:9696 --internalurl http://{{ internal_vip.ip }}:9696 diff --git a/deploy/adapters/ansible/roles/mq/templates/rabbitmq-env.conf b/deploy/adapters/ansible/roles/mq/templates/rabbitmq-env.conf index 6dd7349c..377c89d7 100644 --- a/deploy/adapters/ansible/roles/mq/templates/rabbitmq-env.conf +++ b/deploy/adapters/ansible/roles/mq/templates/rabbitmq-env.conf @@ -1 +1 @@ -RABBITMQ_NODE_IP_ADDRESS={{ HA_VIP }} +RABBITMQ_NODE_IP_ADDRESS={{ internal_vip.ip }} diff --git a/deploy/adapters/ansible/roles/neutron-compute/templates/metadata_agent.ini b/deploy/adapters/ansible/roles/neutron-compute/templates/metadata_agent.ini index 375f46c2..87937cc7 100644 --- a/deploy/adapters/ansible/roles/neutron-compute/templates/metadata_agent.ini +++ b/deploy/adapters/ansible/roles/neutron-compute/templates/metadata_agent.ini @@ -3,7 +3,7 @@ debug = True # The Neutron user information for accessing the Neutron API. -auth_url = http://{{ HA_VIP }}:5000/v2.0 +auth_url = http://{{ internal_vip.ip }}:5000/v2.0 auth_region = regionOne # Turn off verification of the certificate for ssl # auth_insecure = False @@ -17,7 +17,7 @@ admin_password = {{ NEUTRON_PASS }} # endpoint_type = adminURL # IP address used by Nova metadata server -nova_metadata_ip = {{ HA_VIP }} +nova_metadata_ip = {{ internal_vip.ip }} # TCP Port used by Nova metadata server nova_metadata_port = 8775 diff --git a/deploy/adapters/ansible/roles/neutron-controller/tasks/neutron_install.yml b/deploy/adapters/ansible/roles/neutron-controller/tasks/neutron_install.yml index 9655c0b3..fce12722 100644 --- a/deploy/adapters/ansible/roles/neutron-controller/tasks/neutron_install.yml +++ b/deploy/adapters/ansible/roles/neutron-controller/tasks/neutron_install.yml @@ -10,7 +10,7 @@ with_items: services | union(services_noarch) - name: get tenant id to fill neutron.conf - shell: keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ HA_VIP }}:35357/v2.0 tenant-get service | grep id | awk '{print $4}' + shell: keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ internal_vip.ip }}:35357/v2.0 tenant-get service | grep id | awk '{print $4}' register: NOVA_ADMIN_TENANT_ID - name: update neutron conf diff --git a/deploy/adapters/ansible/roles/neutron-controller/templates/metadata_agent.ini b/deploy/adapters/ansible/roles/neutron-controller/templates/metadata_agent.ini index 375f46c2..87937cc7 100644 --- a/deploy/adapters/ansible/roles/neutron-controller/templates/metadata_agent.ini +++ b/deploy/adapters/ansible/roles/neutron-controller/templates/metadata_agent.ini @@ -3,7 +3,7 @@ debug = True # The Neutron user information for accessing the Neutron API. -auth_url = http://{{ HA_VIP }}:5000/v2.0 +auth_url = http://{{ internal_vip.ip }}:5000/v2.0 auth_region = regionOne # Turn off verification of the certificate for ssl # auth_insecure = False @@ -17,7 +17,7 @@ admin_password = {{ NEUTRON_PASS }} # endpoint_type = adminURL # IP address used by Nova metadata server -nova_metadata_ip = {{ HA_VIP }} +nova_metadata_ip = {{ internal_vip.ip }} # TCP Port used by Nova metadata server nova_metadata_port = 8775 diff --git a/deploy/adapters/ansible/roles/neutron-network/tasks/main.yml b/deploy/adapters/ansible/roles/neutron-network/tasks/main.yml index d1052897..7d643d5a 100644 --- a/deploy/adapters/ansible/roles/neutron-network/tasks/main.yml +++ b/deploy/adapters/ansible/roles/neutron-network/tasks/main.yml @@ -66,8 +66,8 @@ - meta: flush_handlers -- include: igmp-router.yml - when: "'vxlan' in {{ NEUTRON_TUNNEL_TYPES }} and ansible_os_family == 'Debian'" +#- include: igmp-router.yml +# when: "'vxlan' in {{ NEUTRON_TUNNEL_TYPES }} and ansible_os_family == 'Debian'" - name: assert kernel support for vxlan command: modinfo -F version vxlan diff --git a/deploy/adapters/ansible/roles/neutron-network/templates/etc/xorp/config.boot b/deploy/adapters/ansible/roles/neutron-network/templates/etc/xorp/config.boot index 32caf96d..426a8fd1 100644 --- a/deploy/adapters/ansible/roles/neutron-network/templates/etc/xorp/config.boot +++ b/deploy/adapters/ansible/roles/neutron-network/templates/etc/xorp/config.boot @@ -1,6 +1,6 @@ interfaces { restore-original-config-on-shutdown: false - interface {{ hostvars[inventory_hostname][neutron_vxlan_interface|default(internal_interface)]['device'] }} { + interface {{ internal_nic }} { description: "Internal pNodes interface" disable: false default-system-config @@ -10,8 +10,8 @@ interfaces { protocols { igmp { disable: false - interface {{ hostvars[inventory_hostname][neutron_vxlan_interface|default(internal_interface)]['device'] }} { - vif {{ hostvars[inventory_hostname][neutron_vxlan_interface|default(internal_interface)]['device'] }} { + interface {{ internal_nic }} { + vif {{ internal_nic }} { disable: false version: 3 } diff --git a/deploy/adapters/ansible/roles/neutron-network/templates/metadata_agent.ini b/deploy/adapters/ansible/roles/neutron-network/templates/metadata_agent.ini index 375f46c2..87937cc7 100644 --- a/deploy/adapters/ansible/roles/neutron-network/templates/metadata_agent.ini +++ b/deploy/adapters/ansible/roles/neutron-network/templates/metadata_agent.ini @@ -3,7 +3,7 @@ debug = True # The Neutron user information for accessing the Neutron API. -auth_url = http://{{ HA_VIP }}:5000/v2.0 +auth_url = http://{{ internal_vip.ip }}:5000/v2.0 auth_region = regionOne # Turn off verification of the certificate for ssl # auth_insecure = False @@ -17,7 +17,7 @@ admin_password = {{ NEUTRON_PASS }} # endpoint_type = adminURL # IP address used by Nova metadata server -nova_metadata_ip = {{ HA_VIP }} +nova_metadata_ip = {{ internal_vip.ip }} # TCP Port used by Nova metadata server nova_metadata_port = 8775 diff --git a/deploy/adapters/ansible/roles/neutron-network/vars/RedHat.yml b/deploy/adapters/ansible/roles/neutron-network/vars/RedHat.yml index c6c9bd85..14fd7731 100644 --- a/deploy/adapters/ansible/roles/neutron-network/vars/RedHat.yml +++ b/deploy/adapters/ansible/roles/neutron-network/vars/RedHat.yml @@ -11,4 +11,4 @@ openvswitch_agent: neutron-openvswitch-agent xorp_packages: - openssl098e -# - xorp + #- xorp diff --git a/deploy/adapters/ansible/roles/nova-controller/templates/metadata_agent.ini b/deploy/adapters/ansible/roles/nova-controller/templates/metadata_agent.ini index 375f46c2..87937cc7 100644 --- a/deploy/adapters/ansible/roles/nova-controller/templates/metadata_agent.ini +++ b/deploy/adapters/ansible/roles/nova-controller/templates/metadata_agent.ini @@ -3,7 +3,7 @@ debug = True # The Neutron user information for accessing the Neutron API. -auth_url = http://{{ HA_VIP }}:5000/v2.0 +auth_url = http://{{ internal_vip.ip }}:5000/v2.0 auth_region = regionOne # Turn off verification of the certificate for ssl # auth_insecure = False @@ -17,7 +17,7 @@ admin_password = {{ NEUTRON_PASS }} # endpoint_type = adminURL # IP address used by Nova metadata server -nova_metadata_ip = {{ HA_VIP }} +nova_metadata_ip = {{ internal_vip.ip }} # TCP Port used by Nova metadata server nova_metadata_port = 8775 diff --git a/deploy/adapters/ansible/roles/odl_cluster/tasks/openvswitch.yml b/deploy/adapters/ansible/roles/odl_cluster/tasks/openvswitch.yml index 33ab6841..f301cba2 100755 --- a/deploy/adapters/ansible/roles/odl_cluster/tasks/openvswitch.yml +++ b/deploy/adapters/ansible/roles/odl_cluster/tasks/openvswitch.yml @@ -29,7 +29,7 @@ # service openvswitch-switch start ; - name: Set OpenDaylight as the manager - command: su -s /bin/sh -c "ovs-vsctl set-manager tcp:{{ HA_VIP }}:6640;" + command: su -s /bin/sh -c "ovs-vsctl set-manager tcp:{{ internal_vip.ip }}:6640;" #- name: start and disable Neutron's agent services # service: name=neutron-plugin-openvswitch-agent state=started diff --git a/deploy/adapters/ansible/roles/odl_cluster/templates/akka.conf b/deploy/adapters/ansible/roles/odl_cluster/templates/akka.conf index 318a8729..77798498 100755 --- a/deploy/adapters/ansible/roles/odl_cluster/templates/akka.conf +++ b/deploy/adapters/ansible/roles/odl_cluster/templates/akka.conf @@ -28,7 +28,7 @@ odl-cluster-data { remote { log-remote-lifecycle-events = off netty.tcp { - hostname = "{{ hostvars[inventory_hostname]['ansible_' + INTERNAL_INTERFACE].ipv4.address }}" + hostname = "{{ hostvars[inventory_hostname]['ansible_' + internal_nic].ipv4.address }}" port = 2550 maximum-frame-size = 419430400 send-buffer-size = 52428800 @@ -40,9 +40,9 @@ odl-cluster-data { seed-nodes = [ {% for host in groups['odl'] %} {% if loop.last %} - "akka.tcp://opendaylight-cluster-data@{{ hostvars[host]['ansible_' + INTERNAL_INTERFACE].ipv4.address }}:2550" + "akka.tcp://opendaylight-cluster-data@{{ hostvars[host]['ansible_' + internal_nic].ipv4.address }}:2550" {% else %} - "akka.tcp://opendaylight-cluster-data@{{ hostvars[host]['ansible_' + INTERNAL_INTERFACE].ipv4.address }}:2550", + "akka.tcp://opendaylight-cluster-data@{{ hostvars[host]['ansible_' + internal_nic].ipv4.address }}:2550", {% endif %} {% endfor %} ] @@ -53,7 +53,7 @@ odl-cluster-data { {% set key = 0 %} {% for host in groups['odl'] %} {% set key = key + 1 %} - {% if hostvars[host]['ansible_' + INTERNAL_INTERFACE].ipv4.address == hostvars[inventory_hostname]['ansible_' + INTERNAL_INTERFACE].ipv4.address %} + {% if hostvars[host]['ansible_' + internal_nic].ipv4.address == hostvars[inventory_hostname]['ansible_' + internal_nic].ipv4.address %} "member-{{ key }}" {% endif %} {% endfor %} @@ -83,7 +83,7 @@ odl-cluster-rpc { remote { log-remote-lifecycle-events = off netty.tcp { - hostname = "{{ hostvars[inventory_hostname]['ansible_' + INTERNAL_INTERFACE].ipv4.address }}" + hostname = "{{ hostvars[inventory_hostname]['ansible_' + internal_nic].ipv4.address }}" port = 2551 } } @@ -92,9 +92,9 @@ odl-cluster-rpc { seed-nodes = [ {% for host in groups['odl'] %} {% if loop.last %} - "akka.tcp://odl-cluster-rpc@{{ hostvars[host]['ansible_' + INTERNAL_INTERFACE].ipv4.address }}:2551" + "akka.tcp://odl-cluster-rpc@{{ hostvars[host]['ansible_' + internal_nic].ipv4.address }}:2551" {% else %} - "akka.tcp://odl-cluster-rpc@{{ hostvars[host]['ansible_' + INTERNAL_INTERFACE].ipv4.address }}:2551", + "akka.tcp://odl-cluster-rpc@{{ hostvars[host]['ansible_' + internal_nic].ipv4.address }}:2551", {% endif %} {% endfor %} ] diff --git a/deploy/adapters/ansible/roles/odl_cluster/templates/ml2_conf.sh b/deploy/adapters/ansible/roles/odl_cluster/templates/ml2_conf.sh index 7f61d367..77c55656 100755 --- a/deploy/adapters/ansible/roles/odl_cluster/templates/ml2_conf.sh +++ b/deploy/adapters/ansible/roles/odl_cluster/templates/ml2_conf.sh @@ -2,5 +2,5 @@ cat <> /etc/neutron/plugins/ml2/ml2_conf.ini [ml2_odl] password = admin username = admin -url = http://{{ HA_VIP }}:8080/controller/nb/v2/neutron +url = http://{{ internal_vip.ip }}:8080/controller/nb/v2/neutron EOT diff --git a/deploy/adapters/ansible/roles/setup-network/tasks/main.yml b/deploy/adapters/ansible/roles/setup-network/tasks/main.yml index 94816044..8df1ac3a 100644 --- a/deploy/adapters/ansible/roles/setup-network/tasks/main.yml +++ b/deploy/adapters/ansible/roles/setup-network/tasks/main.yml @@ -15,24 +15,24 @@ when: 'item["type"] == "ovs"' - name: setup sys intf - shell: ip link del {{ item["name"] }}; \ - ip link add link {{ item["interface"] }} name {{ item["name"] }} type vlan id {{ item["vlan_tag"] }}; \ - ip link set {{ item["interface"] }} up - when: '"vlan_tag" in item' - with_items: "{{ network_cfg['sys_intf_mappings'] }}" + shell: ip link del {{ item.key }}; \ + ip link add link {{ item.value["interface"] }} name {{ item.key }} type vlan id {{ item.value["vlan_tag"] }}; \ + ip link set {{ item.value["interface"] }} up + when: '"vlan_tag" in item.value and item.value["type"] == "vlan"' + with_dict: "{{ sys_intf_mappings }}" - name: set sys intf ip - shell: ip addr del {{ item["ip"] }}/{{ item["netmask"] }} dev {{ item["alias"] }}; \ - ip addr add {{ item["ip"] }}/{{ item["netmask"] }} dev {{ item["alias"] }}; \ - ip link set {{ item["alias"] }} up - with_items: "{{ host_ip_settings }}" + shell: ip addr del {{ item.value["ip"] }}/{{ item.value["netmask"] }} dev {{ item.value["alias"] }}; \ + ip addr add {{ item.value["ip"] }}/{{ item.value["netmask"] }} dev {{ item.value["alias"] }}; \ + ip link set {{ item.value["alias"] }} up + with_dict: "{{ host_ip_settings }}" - name: set gateway shell: ip route del default; \ - ip route add default via {{ item["gw"] }} dev {{ item["alias"] }} - when: '"gw" in item' - with_items: "{{ host_ip_settings }}" + ip route add default via {{ item.value["gw"] }} dev {{ item.key }} + when: '"gw" in item.value' + with_dict: "{{ host_ip_settings }}" - name: copy net config template: src=my_configs.debian dest=/etc/network/interfaces.d/my_configs.cfg diff --git a/deploy/adapters/ansible/roles/setup-network/templates/my_configs.debian b/deploy/adapters/ansible/roles/setup-network/templates/my_configs.debian index 54031ed4..5ab1519b 100644 --- a/deploy/adapters/ansible/roles/setup-network/templates/my_configs.debian +++ b/deploy/adapters/ansible/roles/setup-network/templates/my_configs.debian @@ -1,16 +1,14 @@ -{%- for intf in host_ip_settings %} +{%- for alias, intf in host_ip_settings.items() %} -auto {{ intf["alias"] }} -iface {{ intf["alias"] }} inet static +auto {{ alias }} +iface {{ alias }} inet static address {{ intf["ip"] }} netmask {{ intf["netmask"] }} {% if "gw" in intf %} gateway {{ intf["gw"] }} {% endif %} -{% for sys_intf in network_cfg["sys_intf_mappings"] %} -{% if "vlan_tag" in sys_intf and sys_intf["name"] == intf["alias"] %} - pre-up ip link set {{ sys_intf["interface"] }} up - pre-up ip link add link {{ sys_intf["interface"] }} name {{ sys_intf["name"] }} type vlan id {{ sys_intf["vlan_tag"] }} +{% if intf["name"] == alias %} + pre-up ip link set {{ sys_intf_mappings[alias]["interface"] }} up + pre-up ip link add link {{ sys_intf_mappings[alias]["interface"] }} name {{ alias }} type vlan id {{ sys_intf_mappings[alias]["vlan_tag"] }} {% endif %} {% endfor %} -{% endfor %} diff --git a/deploy/conf/network_cfg.yaml b/deploy/conf/network_cfg.yaml index 8d8d3216..a5f2c791 100644 --- a/deploy/conf/network_cfg.yaml +++ b/deploy/conf/network_cfg.yaml @@ -14,6 +14,7 @@ sys_intf_mappings: - name: mgmt interface: eth1 vlan_tag: 2 + type: vlan role: - controller - compute @@ -21,6 +22,7 @@ sys_intf_mappings: - name: storage interface: eth1 vlan_tag: 3 + type: vlan role: - controller - compute @@ -28,6 +30,7 @@ sys_intf_mappings: - name: external interface: br-prv vlan_tag: 4 + type: vlan role: - controller - compute @@ -61,6 +64,16 @@ ip_settings: - controller - compute +internal_vip: + ip: 172.16.1.222 + netmask: "24" + interface: mgmt + +public_vip: + ip: 172.16.3.222 + netmask: "24" + interface: external + public_net_info: enable: False network: ext-net -- cgit 1.2.3-korg