summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTomas Sedovic <tomas@sedovic.cz>2017-09-06 10:24:16 +0200
committerGitHub <noreply@github.com>2017-09-06 10:24:16 +0200
commitdaa0b91119d2c16860a19b4ead2d0d128f8bc5ce (patch)
treec6b8f333cb16048e68983a0b885eb74830577cfc
parent06abd17792fafc3adec3916f56c69800690b1431 (diff)
downloadopenshift-daa0b91119d2c16860a19b4ead2d0d128f8bc5ce.tar.gz
openshift-daa0b91119d2c16860a19b4ead2d0d128f8bc5ce.tar.bz2
openshift-daa0b91119d2c16860a19b4ead2d0d128f8bc5ce.tar.xz
openshift-daa0b91119d2c16860a19b4ead2d0d128f8bc5ce.zip
Allow using a provider network (#701)
* Allow using a provider network This adds a new option `openstack_provider_network_name` which will take a name of an existing network and put the servers there. It will also prevent creating floating IP addresses as the provider network's IPs should already be accessible without any additional routing required. Fixes #622 * Requested changes Don't fail on external/private networks and use role defaults for the provider network. * Add missing endif
-rw-r--r--playbooks/provisioning/openstack/README.md18
-rw-r--r--playbooks/provisioning/openstack/prerequisites.yml2
-rw-r--r--playbooks/provisioning/openstack/sample-inventory/group_vars/all.yml6
-rw-r--r--playbooks/provisioning/openstack/stack_params.yaml10
-rw-r--r--roles/openstack-stack/defaults/main.yml1
-rw-r--r--roles/openstack-stack/tasks/subnet_update_dns_servers.yaml1
-rw-r--r--roles/openstack-stack/templates/heat_stack.yaml.j2113
-rw-r--r--roles/openstack-stack/templates/heat_stack_server.yaml.j212
-rw-r--r--roles/static_inventory/tasks/openstack.yml25
9 files changed, 153 insertions, 35 deletions
diff --git a/playbooks/provisioning/openstack/README.md b/playbooks/provisioning/openstack/README.md
index b898351e6..4e74627dc 100644
--- a/playbooks/provisioning/openstack/README.md
+++ b/playbooks/provisioning/openstack/README.md
@@ -229,6 +229,24 @@ under the ansible group named `ext_lb`:
openshift_master_cluster_hostname: "{{ groups.ext_lb.0 }}"
openshift_master_cluster_public_hostname: "{{ groups.ext_lb.0 }}"
+#### Provider Network
+
+Normally, the playbooks create a new Neutron network and subnet and attach
+floating IP addresses to each node. If you have a provider network set up, this
+is all unnecessary as you can just access servers that are placed in the
+provider network directly.
+
+To use a provider network, set its name in `openstack_provider_network_name` in
+`inventory/group_vars/all.yml`.
+
+If you set the provider network name, the `openstack_external_network_name` and
+`openstack_private_network_name` fields will be ignored.
+
+**NOTE**: this will not update the nodes' DNS, so running openshift-ansible
+right after provisioning will fail (unless you're using an external DNS server
+your provider network knows about). You must make sure your nodes are able to
+resolve each other by name.
+
#### Security notes
Configure required `*_ingress_cidr` variables to restrict public access
diff --git a/playbooks/provisioning/openstack/prerequisites.yml b/playbooks/provisioning/openstack/prerequisites.yml
index a87c06705..f2f720f8b 100644
--- a/playbooks/provisioning/openstack/prerequisites.yml
+++ b/playbooks/provisioning/openstack/prerequisites.yml
@@ -65,10 +65,12 @@
os_networks_facts:
name: "{{ openstack_external_network_name }}"
register: network_result
+ when: not openstack_provider_network_name|default(None)
- name: Check that network is available
assert:
that: "network_result.ansible_facts.openstack_networks"
msg: "Network {{ openstack_external_network_name }} is not available"
+ when: not openstack_provider_network_name|default(None)
# Check keypair
# TODO kpilatov: there is no Ansible module for getting OS keypairs
diff --git a/playbooks/provisioning/openstack/sample-inventory/group_vars/all.yml b/playbooks/provisioning/openstack/sample-inventory/group_vars/all.yml
index 5028141d2..0e198342c 100644
--- a/playbooks/provisioning/openstack/sample-inventory/group_vars/all.yml
+++ b/playbooks/provisioning/openstack/sample-inventory/group_vars/all.yml
@@ -16,6 +16,12 @@ openstack_ssh_public_key: "openshift"
openstack_external_network_name: "public"
#openstack_private_network_name: "openshift-ansible-{{ stack_name }}-net"
+## If you want to use a provider network, set its name here.
+## NOTE: the `openstack_external_network_name` and
+## `openstack_private_network_name` options will be ignored when using a
+## provider network.
+#openstack_provider_network_name: "provider"
+
# # Used Images
# # - set specific images for roles by uncommenting corresponding lines
# # - note: do not remove openstack_default_image_name definition
diff --git a/playbooks/provisioning/openstack/stack_params.yaml b/playbooks/provisioning/openstack/stack_params.yaml
index 60e9bcf45..484c06889 100644
--- a/playbooks/provisioning/openstack/stack_params.yaml
+++ b/playbooks/provisioning/openstack/stack_params.yaml
@@ -23,8 +23,14 @@ openstack_node_image: "{{ openstack_node_image_name | default(openstack_default_
openstack_lb_image: "{{ openstack_lb_image_name | default(openstack_default_image_name) }}"
openstack_etcd_image: "{{ openstack_etcd_image_name | default(openstack_default_image_name) }}"
openstack_dns_image: "{{ openstack_dns_image_name | default(openstack_default_image_name) }}"
-openstack_private_network: "{{ openstack_private_network_name | default ('openshift-ansible-' + stack_name + '-net') }}"
-external_network: "{{ openstack_external_network_name }}"
+openstack_private_network: >-
+ {% if openstack_provider_network_name | default(None) -%}
+ {{ openstack_provider_network_name }}
+ {%- else -%}
+ {{ openstack_private_network_name | default ('openshift-ansible-' + stack_name + '-net') }}
+ {%- endif -%}
+provider_network: "{{ openstack_provider_network_name | default(None) }}"
+external_network: "{{ openstack_external_network_name | default(None) }}"
num_etcd: "{{ openstack_num_etcd | default(0) }}"
num_masters: "{{ openstack_num_masters }}"
num_nodes: "{{ openstack_num_nodes }}"
diff --git a/roles/openstack-stack/defaults/main.yml b/roles/openstack-stack/defaults/main.yml
index fbca0bdf6..c16b5dc00 100644
--- a/roles/openstack-stack/defaults/main.yml
+++ b/roles/openstack-stack/defaults/main.yml
@@ -15,3 +15,4 @@ dns_volume_size: 1
lb_volume_size: 5
use_bastion: False
ui_ssh_tunnel: False
+provider_network: None
diff --git a/roles/openstack-stack/tasks/subnet_update_dns_servers.yaml b/roles/openstack-stack/tasks/subnet_update_dns_servers.yaml
index be4f07b97..af28fc98f 100644
--- a/roles/openstack-stack/tasks/subnet_update_dns_servers.yaml
+++ b/roles/openstack-stack/tasks/subnet_update_dns_servers.yaml
@@ -6,3 +6,4 @@
state: present
use_default_subnetpool: yes
dns_nameservers: "{{ [private_dns_server|default(public_dns_nameservers[0])]|union(public_dns_nameservers)|unique }}"
+ when: not provider_network
diff --git a/roles/openstack-stack/templates/heat_stack.yaml.j2 b/roles/openstack-stack/templates/heat_stack.yaml.j2
index ea2742a2c..b6b5e3613 100644
--- a/roles/openstack-stack/templates/heat_stack.yaml.j2
+++ b/roles/openstack-stack/templates/heat_stack.yaml.j2
@@ -73,6 +73,7 @@ outputs:
resources:
+{% if not provider_network %}
net:
type: OS::Neutron::Net
properties:
@@ -129,6 +130,8 @@ resources:
router_id: { get_resource: router }
subnet_id: { get_resource: subnet }
+{% endif %}
+
# keypair:
# type: OS::Nova::KeyPair
# properties:
@@ -501,22 +504,29 @@ resources:
image: {{ openstack_etcd_image }}
flavor: {{ etcd_flavor }}
key_name: {{ ssh_public_key }}
+{% if provider_network %}
+ net: {{ provider_network }}
+ net_name: {{ provider_network }}
+{% else %}
net: { get_resource: net }
subnet: { get_resource: subnet }
- secgrp:
- - { get_resource: {% if openstack_flat_secgrp|default(False)|bool %}flat-secgrp{% else %}etcd-secgrp{% endif %} }
- - { get_resource: common-secgrp }
-{% if not use_bastion|bool %}
- floating_network: {{ external_network }}
-{% endif %}
net_name:
str_replace:
template: openshift-ansible-cluster_id-net
params:
cluster_id: {{ stack_name }}
+{% endif %}
+ secgrp:
+ - { get_resource: {% if openstack_flat_secgrp|default(False)|bool %}flat-secgrp{% else %}etcd-secgrp{% endif %} }
+ - { get_resource: common-secgrp }
+{% if not use_bastion|bool and not provider_network %}
+ floating_network: {{ external_network }}
+{% endif %}
volume_size: {{ etcd_volume_size }}
+{% if not provider_network %}
depends_on:
- interface
+{% endif %}
{% if num_masters|int > 1 %}
loadbalancer:
@@ -544,20 +554,29 @@ resources:
image: {{ openstack_lb_image }}
flavor: {{ lb_flavor }}
key_name: {{ ssh_public_key }}
+{% if provider_network %}
+ net: {{ provider_network }}
+ net_name: {{ provider_network }}
+{% else %}
net: { get_resource: net }
subnet: { get_resource: subnet }
- secgrp:
- - { get_resource: lb-secgrp }
- - { get_resource: common-secgrp }
- floating_network: {{ external_network }}
net_name:
str_replace:
template: openshift-ansible-cluster_id-net
params:
cluster_id: {{ stack_name }}
+{% endif %}
+ secgrp:
+ - { get_resource: lb-secgrp }
+ - { get_resource: common-secgrp }
+ {% if not provider_network %}
+ floating_network: {{ external_network }}
+ {% endif %}
volume_size: {{ lb_volume_size }}
+ {% if not provider_network %}
depends_on:
- interface
+ {% endif %}
{% endif %}
masters:
@@ -589,8 +608,18 @@ resources:
image: {{ openstack_master_image }}
flavor: {{ master_flavor }}
key_name: {{ ssh_public_key }}
+{% if provider_network %}
+ net: {{ provider_network }}
+ net_name: {{ provider_network }}
+{% else %}
net: { get_resource: net }
subnet: { get_resource: subnet }
+ net_name:
+ str_replace:
+ template: openshift-ansible-cluster_id-net
+ params:
+ cluster_id: {{ stack_name }}
+{% endif %}
secgrp:
{% if openstack_flat_secgrp|default(False)|bool %}
- { get_resource: flat-secgrp }
@@ -602,17 +631,14 @@ resources:
{% endif %}
{% endif %}
- { get_resource: common-secgrp }
-{% if not use_bastion|bool %}
+{% if not use_bastion|bool and not provider_network %}
floating_network: {{ external_network }}
{% endif %}
- net_name:
- str_replace:
- template: openshift-ansible-cluster_id-net
- params:
- cluster_id: {{ stack_name }}
volume_size: {{ master_volume_size }}
+{% if not provider_network %}
depends_on:
- interface
+{% endif %}
compute_nodes:
type: OS::Heat::ResourceGroup
@@ -650,22 +676,29 @@ resources:
image: {{ openstack_node_image }}
flavor: {{ node_flavor }}
key_name: {{ ssh_public_key }}
+{% if provider_network %}
+ net: {{ provider_network }}
+ net_name: {{ provider_network }}
+{% else %}
net: { get_resource: net }
subnet: { get_resource: subnet }
- secgrp:
- - { get_resource: {% if openstack_flat_secgrp|default(False)|bool %}flat-secgrp{% else %}node-secgrp{% endif %} }
- - { get_resource: common-secgrp }
-{% if not use_bastion|bool %}
- floating_network: {{ external_network }}
-{% endif %}
net_name:
str_replace:
template: openshift-ansible-cluster_id-net
params:
cluster_id: {{ stack_name }}
+{% endif %}
+ secgrp:
+ - { get_resource: {% if openstack_flat_secgrp|default(False)|bool %}flat-secgrp{% else %}node-secgrp{% endif %} }
+ - { get_resource: common-secgrp }
+{% if not use_bastion|bool and not provider_network %}
+ floating_network: {{ external_network }}
+{% endif %}
volume_size: {{ node_volume_size }}
+{% if not provider_network %}
depends_on:
- interface
+{% endif %}
infra_nodes:
type: OS::Heat::ResourceGroup
@@ -697,8 +730,18 @@ resources:
image: {{ openstack_infra_image }}
flavor: {{ infra_flavor }}
key_name: {{ ssh_public_key }}
+{% if provider_network %}
+ net: {{ provider_network }}
+ net_name: {{ provider_network }}
+{% else %}
net: { get_resource: net }
subnet: { get_resource: subnet }
+ net_name:
+ str_replace:
+ template: openshift-ansible-cluster_id-net
+ params:
+ cluster_id: {{ stack_name }}
+{% endif %}
secgrp:
# TODO(bogdando) filter only required node rules into infra-secgrp
{% if openstack_flat_secgrp|default(False)|bool %}
@@ -711,15 +754,14 @@ resources:
{% endif %}
- { get_resource: infra-secgrp }
- { get_resource: common-secgrp }
+{% if not provider_network %}
floating_network: {{ external_network }}
- net_name:
- str_replace:
- template: openshift-ansible-cluster_id-net
- params:
- cluster_id: {{ stack_name }}
+{% endif %}
volume_size: {{ infra_volume_size }}
+{% if not provider_network %}
depends_on:
- interface
+{% endif %}
{% if num_dns|int > 0 %}
dns:
@@ -747,18 +789,27 @@ resources:
image: {{ openstack_dns_image }}
flavor: {{ dns_flavor }}
key_name: {{ ssh_public_key }}
+{% if provider_network %}
+ net: {{ provider_network }}
+ net_name: {{ provider_network }}
+{% else %}
net: { get_resource: net }
subnet: { get_resource: subnet }
- secgrp:
- - { get_resource: dns-secgrp }
- - { get_resource: common-secgrp }
- floating_network: {{ external_network }}
net_name:
str_replace:
template: openshift-ansible-cluster_id-net
params:
cluster_id: {{ stack_name }}
+{% endif %}
+ secgrp:
+ - { get_resource: dns-secgrp }
+ - { get_resource: common-secgrp }
+{% if not provider_network %}
+ floating_network: {{ external_network }}
+{% endif %}
volume_size: {{ dns_volume_size }}
+{% if not provider_network %}
depends_on:
- interface
{% endif %}
+{% endif %}
diff --git a/roles/openstack-stack/templates/heat_stack_server.yaml.j2 b/roles/openstack-stack/templates/heat_stack_server.yaml.j2
index 32fb166f6..a520a8fe2 100644
--- a/roles/openstack-stack/templates/heat_stack_server.yaml.j2
+++ b/roles/openstack-stack/templates/heat_stack_server.yaml.j2
@@ -61,20 +61,24 @@ parameters:
label: Net name
description: Net name
+{% if not provider_network %}
subnet:
type: string
label: Subnet ID
description: Subnet resource
+{% endif %}
secgrp:
type: comma_delimited_list
label: Security groups
description: Security group resources
+{% if not provider_network %}
floating_network:
type: string
label: Floating network
description: Network to allocate floating IP from
+{% endif %}
availability_zone:
type: string
@@ -117,7 +121,11 @@ outputs:
- server
- addresses
- { get_param: net_name }
+{% if provider_network %}
+ - 0
+{% else %}
- 1
+{% endif %}
- addr
resources:
@@ -147,15 +155,19 @@ resources:
type: OS::Neutron::Port
properties:
network: { get_param: net }
+{% if not provider_network %}
fixed_ips:
- subnet: { get_param: subnet }
+{% endif %}
security_groups: { get_param: secgrp }
+{% if not provider_network %}
floating-ip:
type: OS::Neutron::FloatingIP
properties:
floating_network: { get_param: floating_network }
port_id: { get_resource: port }
+{% endif %}
{% if not ephemeral_volumes|default(false)|bool %}
cinder_volume:
diff --git a/roles/static_inventory/tasks/openstack.yml b/roles/static_inventory/tasks/openstack.yml
index 75d0ee6d5..e36974d93 100644
--- a/roles/static_inventory/tasks/openstack.yml
+++ b/roles/static_inventory/tasks/openstack.yml
@@ -24,6 +24,15 @@
when:
- refresh_inventory|bool
+ - name: set_fact for openstack inventory nodes with provider network
+ set_fact:
+ registered_nodes_floating: "{{ (registered_nodes_output.stdout | from_json) | json_query(q) }}"
+ vars:
+ q: "[] | [?metadata.clusterid=='{{stack_name}}'] | [?public_v4=='']"
+ when:
+ - refresh_inventory|bool
+ - openstack_provider_network_name|default(None)
+
- name: Add cluster nodes w/o floating IPs to inventory
with_items: "{{ registered_nodes|difference(registered_nodes_floating) }}"
add_host:
@@ -49,7 +58,14 @@
add_host:
name: '{{ item.name }}'
groups: '{{ item.metadata.group }}'
- ansible_host: "{% if use_bastion|bool %}{{ item.name }}{% else %}{{ item.public_v4 }}{% endif %}"
+ ansible_host: >-
+ {% if use_bastion|bool -%}
+ {{ item.name }}
+ {%- elif openstack_provider_network_name|default(None) -%}
+ {{ item.private_v4 }}
+ {%- else -%}
+ {{ item.public_v4 }}
+ {%- endif %}
ansible_fqdn: '{{ item.name }}'
ansible_user: '{{ ssh_user }}'
ansible_private_key_file: '{{ private_ssh_key }}'
@@ -57,7 +73,12 @@
private_v4: >-
{% set node = registered_nodes | json_query("[?name=='" + item.name + "']") -%}
{{ node[0].addresses[openstack_private_network|quote][0].addr }}
- public_v4: '{{ item.public_v4 }}'
+ public_v4: >-
+ {% if openstack_provider_network_name|default(None) -%}
+ {{ item.private_v4 }}
+ {%- else -%}
+ {{ item.public_v4 }}
+ {%- endif %}
- name: Add bastion node to inventory
add_host: