From 4ed8366f07de87435e1d5d4744bf9ff75a4de6f8 Mon Sep 17 00:00:00 2001 From: Emilien Macchi Date: Wed, 2 Mar 2016 19:09:05 -0500 Subject: [PATCH] scenario002/centos7: switch RabbitMQ and OpenStack to IPv6 This is a first iteration of testing IPv6 deployment. This patch will deploy scenario002 on centos7 by using IPv6 network. To make it work on Ubuntu, it will require more work, that will be done in future iterations. During my testing, I found some bugs and did not investigate because I wanted a first scenario working on v6. Same for scenario001 and scenario003, they'll be tested later. Change-Id: Ib28b379645b5a3d351438e0408a9de62b9f48302 --- fixtures/scenario002.pp | 5 ++++- manifests/cinder.pp | 14 +++++++++++--- manifests/config.pp | 16 ++++++++++------ manifests/glance.pp | 13 ++++++++----- manifests/ironic.pp | 19 ++++++++++--------- manifests/keystone.pp | 12 ++++++++---- manifests/neutron.pp | 8 ++++++-- manifests/nova.pp | 28 ++++++++++++++++------------ 8 files changed, 73 insertions(+), 42 deletions(-) diff --git a/fixtures/scenario002.pp b/fixtures/scenario002.pp index e36e6a06e..b97ee7c17 100644 --- a/fixtures/scenario002.pp +++ b/fixtures/scenario002.pp @@ -16,11 +16,13 @@ case $::osfamily { 'Debian': { + $ipv6 = false # ironic-conductor is broken for Ubuntu Trusty # https://bugs.launchpad.net/cloud-archive/+bug/1530869 $ironic_enabled = false } 'RedHat': { + $ipv6 = true $ironic_enabled = true } default: { @@ -30,7 +32,8 @@ case $::osfamily { include ::openstack_integration class { '::openstack_integration::config': - ssl => true, + ssl => true, + ipv6 => $ipv6, } include ::openstack_integration::cacert include ::openstack_integration::rabbitmq diff --git a/manifests/cinder.pp b/manifests/cinder.pp index 85aa34631..cda9ae3c5 100644 --- a/manifests/cinder.pp +++ b/manifests/cinder.pp @@ -29,11 +29,17 @@ class openstack_integration::cinder ( password => 'cinder', } class { '::cinder::keystone::auth': - password => 'a_big_secret', + public_url => "http://${::openstack_integration::config::ip_for_url}:8776/v1/%(tenant_id)s", + internal_url => "http://${::openstack_integration::config::ip_for_url}:8776/v1/%(tenant_id)s", + admin_url => "http://${::openstack_integration::config::ip_for_url}:8776/v1/%(tenant_id)s", + public_url_v2 => "http://${::openstack_integration::config::ip_for_url}:8776/v2/%(tenant_id)s", + internal_url_v2 => "http://${::openstack_integration::config::ip_for_url}:8776/v2/%(tenant_id)s", + admin_url_v2 => "http://${::openstack_integration::config::ip_for_url}:8776/v2/%(tenant_id)s", + password => 'a_big_secret', } class { '::cinder': database_connection => 'mysql+pymysql://cinder:cinder@127.0.0.1/cinder?charset=utf8', - rabbit_host => $::openstack_integration::config::rabbit_host, + rabbit_host => $::openstack_integration::config::ip_for_url, rabbit_port => $::openstack_integration::config::rabbit_port, rabbit_userid => 'cinder', rabbit_password => 'an_even_bigger_secret', @@ -47,6 +53,8 @@ class openstack_integration::cinder ( identity_uri => $::openstack_integration::config::keystone_admin_uri, default_volume_type => 'BACKEND_1', service_workers => 2, + public_endpoint => "http://${::openstack_integration::config::ip_for_url}:8776", + bind_host => $::openstack_integration::config::host, } class { '::cinder::quota': } class { '::cinder::scheduler': } @@ -56,7 +64,7 @@ class openstack_integration::cinder ( } class { '::cinder::cron::db_purge': } class { '::cinder::glance': - glance_api_servers => "${::openstack_integration::config::proto}://127.0.0.1:9292", + glance_api_servers => "${::openstack_integration::config::base_url}:9292", } case $backend { 'iscsi': { diff --git a/manifests/config.pp b/manifests/config.pp index b7ec589e9..915189194 100644 --- a/manifests/config.pp +++ b/manifests/config.pp @@ -22,19 +22,23 @@ class openstack_integration::config ( } if $ipv6 { - $rabbit_host = '[::1]' - $rabbit_env = { - 'RABBITMQ_NODE_IP_ADDRESS' => '::1', + $host = '::1' + $rabbit_env = { + 'RABBITMQ_NODE_IP_ADDRESS' => $host, 'RABBITMQ_SERVER_START_ARGS' => '"-proto_dist inet6_tcp"', } $ip_version = '6' } else { - $rabbit_host = '127.0.0.1' + $host = '127.0.0.1' $rabbit_env = {} $ip_version = '4' } - $keystone_auth_uri = "${proto}://127.0.0.1:5000" - $keystone_admin_uri = "${proto}://127.0.0.1:35357" + # in URL, brackets are needed + $ip_for_url = normalize_ip_for_uri($host) + + $base_url = "${proto}://${ip_for_url}" + $keystone_auth_uri = "${base_url}:5000" + $keystone_admin_uri = "${base_url}:35357" } diff --git a/manifests/glance.pp b/manifests/glance.pp index fcbd7a814..baf3ca5da 100644 --- a/manifests/glance.pp +++ b/manifests/glance.pp @@ -46,9 +46,9 @@ class openstack_integration::glance ( include ::glance include ::glance::client class { '::glance::keystone::auth': - public_url => "${::openstack_integration::config::proto}://127.0.0.1:9292", - internal_url => "${::openstack_integration::config::proto}://127.0.0.1:9292", - admin_url => "${::openstack_integration::config::proto}://127.0.0.1:9292", + public_url => "${::openstack_integration::config::base_url}:9292", + internal_url => "${::openstack_integration::config::base_url}:9292", + admin_url => "${::openstack_integration::config::base_url}:9292", password => 'a_big_secret', } case $backend { @@ -72,7 +72,7 @@ class openstack_integration::glance ( swift_store_user => 'services:glance', swift_store_key => 'a_big_secret', swift_store_create_container_on_put => 'True', - swift_store_auth_address => "${::openstack_integration::config::proto}://127.0.0.1:5000/v2.0", + swift_store_auth_address => "${::openstack_integration::config::base_url}:5000/v2.0", } } default: { @@ -89,11 +89,13 @@ class openstack_integration::glance ( workers => 2, stores => $glance_stores, default_store => $backend, + bind_host => $::openstack_integration::config::host, auth_uri => $::openstack_integration::config::keystone_auth_uri, identity_uri => $::openstack_integration::config::keystone_admin_uri, registry_client_protocol => $::openstack_integration::config::proto, registry_client_cert_file => $crt_file, registry_client_key_file => $key_file, + registry_host => $::openstack_integration::config::host, cert_file => $crt_file, key_file => $key_file, } @@ -102,6 +104,7 @@ class openstack_integration::glance ( verbose => true, database_connection => 'mysql+pymysql://glance:glance@127.0.0.1/glance?charset=utf8', keystone_password => 'a_big_secret', + bind_host => $::openstack_integration::config::host, workers => 2, auth_uri => $::openstack_integration::config::keystone_auth_uri, identity_uri => $::openstack_integration::config::keystone_admin_uri, @@ -111,7 +114,7 @@ class openstack_integration::glance ( class { '::glance::notify::rabbitmq': rabbit_userid => 'glance', rabbit_password => 'an_even_bigger_secret', - rabbit_host => $::openstack_integration::config::rabbit_host, + rabbit_host => $::openstack_integration::config::ip_for_url, rabbit_port => $::openstack_integration::config::rabbit_port, notification_driver => 'messagingv2', rabbit_use_ssl => $::openstack_integration::config::ssl, diff --git a/manifests/ironic.pp b/manifests/ironic.pp index 31bb10515..901a62723 100644 --- a/manifests/ironic.pp +++ b/manifests/ironic.pp @@ -28,7 +28,7 @@ class openstack_integration::ironic { class { '::ironic': rabbit_userid => 'ironic', rabbit_password => 'an_even_bigger_secret', - rabbit_host => $::openstack_integration::config::rabbit_host, + rabbit_host => $::openstack_integration::config::ip_for_url, rabbit_port => $::openstack_integration::config::rabbit_port, rabbit_use_ssl => $::openstack_integration::config::ssl, database_connection => 'mysql+pymysql://ironic:ironic@127.0.0.1/ironic?charset=utf8', @@ -40,25 +40,26 @@ class openstack_integration::ironic { password => 'ironic', } class { '::ironic::keystone::auth': - public_url => "${::openstack_integration::config::proto}://127.0.0.1:6385", - internal_url => "${::openstack_integration::config::proto}://127.0.0.1:6385", - admin_url => "${::openstack_integration::config::proto}://127.0.0.1:6385", + public_url => "${::openstack_integration::config::base_url}:6385", + internal_url => "${::openstack_integration::config::base_url}:6385", + admin_url => "${::openstack_integration::config::base_url}:6385", password => 'a_big_secret', } class { '::ironic::client': } class { '::ironic::api': auth_uri => $::openstack_integration::config::keystone_auth_uri, identity_uri => $::openstack_integration::config::keystone_admin_uri, - neutron_url => 'http://127.0.0.1:9696', + neutron_url => "http://${::openstack_integration::config::ip_for_url}:9696", admin_password => 'a_big_secret', service_name => 'httpd', } include ::apache class { '::ironic::wsgi::apache': - ssl => $::openstack_integration::config::ssl, - ssl_key => "/etc/ironic/ssl/private/${::fqdn}.pem", - ssl_cert => $::openstack_integration::params::cert_path, - workers => 2, + bind_host => $::openstack_integration::config::ip_for_url, + ssl => $::openstack_integration::config::ssl, + ssl_key => "/etc/ironic/ssl/private/${::fqdn}.pem", + ssl_cert => $::openstack_integration::params::cert_path, + workers => 2, } class { '::ironic::conductor': } Rabbitmq_user_permissions['ironic@/'] -> Service<| tag == 'ironic-service' |> diff --git a/manifests/keystone.pp b/manifests/keystone.pp index aec807f6a..4f653a80b 100644 --- a/manifests/keystone.pp +++ b/manifests/keystone.pp @@ -42,13 +42,17 @@ class openstack_integration::keystone ( default_domain => $default_domain, using_domain_config => $using_domain_config, enable_ssl => $::openstack_integration::config::ssl, + public_bind_host => $::openstack_integration::config::host, + admin_bind_host => $::openstack_integration::config::host, } include ::apache class { '::keystone::wsgi::apache': - ssl => $::openstack_integration::config::ssl, - ssl_key => "/etc/keystone/ssl/private/${::fqdn}.pem", - ssl_cert => $::openstack_integration::params::cert_path, - workers => 2, + bind_host => $::openstack_integration::config::ip_for_url, + admin_bind_host => $::openstack_integration::config::ip_for_url, + ssl => $::openstack_integration::config::ssl, + ssl_key => "/etc/keystone/ssl/private/${::fqdn}.pem", + ssl_cert => $::openstack_integration::params::cert_path, + workers => 2, } class { '::keystone::roles::admin': email => 'test@example.tld', diff --git a/manifests/neutron.pp b/manifests/neutron.pp index 1ee7f613c..49bee89c7 100644 --- a/manifests/neutron.pp +++ b/manifests/neutron.pp @@ -20,12 +20,15 @@ class openstack_integration::neutron { password => 'neutron', } class { '::neutron::keystone::auth': - password => 'a_big_secret', + public_url => "http://${::openstack_integration::config::ip_for_url}:9696", + internal_url => "http://${::openstack_integration::config::ip_for_url}:9696", + admin_url => "http://${::openstack_integration::config::ip_for_url}:9696", + password => 'a_big_secret', } class { '::neutron': rabbit_user => 'neutron', rabbit_password => 'an_even_bigger_secret', - rabbit_host => $::openstack_integration::config::rabbit_host, + rabbit_host => $::openstack_integration::config::ip_for_url, rabbit_port => $::openstack_integration::config::rabbit_port, rabbit_use_ssl => $::openstack_integration::config::ssl, allow_overlapping_ips => true, @@ -33,6 +36,7 @@ class openstack_integration::neutron { service_plugins => ['router', 'metering', 'firewall'], debug => true, verbose => true, + bind_host => $::openstack_integration::config::host, } class { '::neutron::client': } class { '::neutron::server': diff --git a/manifests/nova.pp b/manifests/nova.pp index a65ff06f7..bbced3aef 100644 --- a/manifests/nova.pp +++ b/manifests/nova.pp @@ -41,23 +41,24 @@ class openstack_integration::nova ( password => 'nova', } class { '::nova::keystone::auth': - public_url => "${::openstack_integration::config::proto}://127.0.0.1:8774/v2/%(tenant_id)s", - public_url_v3 => "${::openstack_integration::config::proto}://127.0.0.1:8774/v3/%(tenant_id)s", - internal_url => "${::openstack_integration::config::proto}://127.0.0.1:8774/v2/%(tenant_id)s", - internal_url_v3 => "${::openstack_integration::config::proto}://127.0.0.1:8774/v3/%(tenant_id)s", - admin_url => "${::openstack_integration::config::proto}://127.0.0.1:8774/v2/%(tenant_id)s", - admin_url_v3 => "${::openstack_integration::config::proto}://127.0.0.1:8774/v3/%(tenant_id)s", + public_url => "${::openstack_integration::config::base_url}:8774/v2/%(tenant_id)s", + internal_url => "${::openstack_integration::config::base_url}:8774/v2/%(tenant_id)s", + admin_url => "${::openstack_integration::config::base_url}:8774/v2/%(tenant_id)s", + public_url_v3 => "${::openstack_integration::config::base_url}:8774/v3", + internal_url_v3 => "${::openstack_integration::config::base_url}:8774/v3", + admin_url_v3 => "${::openstack_integration::config::base_url}:8774/v3", password => 'a_big_secret', } class { '::nova': database_connection => 'mysql+pymysql://nova:nova@127.0.0.1/nova?charset=utf8', api_database_connection => 'mysql+pymysql://nova_api:nova@127.0.0.1/nova_api?charset=utf8', - rabbit_host => $::openstack_integration::config::rabbit_host, + rabbit_host => $::openstack_integration::config::ip_for_url, rabbit_port => $::openstack_integration::config::rabbit_port, rabbit_userid => 'nova', rabbit_password => 'an_even_bigger_secret', rabbit_use_ssl => $::openstack_integration::config::ssl, - glance_api_servers => "${::openstack_integration::config::proto}://127.0.0.1:9292", + use_ipv6 => $::openstack_integration::config::ipv6, + glance_api_servers => "${::openstack_integration::config::base_url}:9292", verbose => true, debug => true, notification_driver => 'messagingv2', @@ -67,6 +68,7 @@ class openstack_integration::nova ( admin_password => 'a_big_secret', auth_uri => $::openstack_integration::config::keystone_auth_uri, identity_uri => $::openstack_integration::config::keystone_admin_uri, + api_bind_address => $::openstack_integration::config::host, osapi_v3 => true, neutron_metadata_proxy_shared_secret => 'a_big_secret', metadata_workers => 2, @@ -76,10 +78,11 @@ class openstack_integration::nova ( } include ::apache class { '::nova::wsgi::apache': - ssl_key => "/etc/nova/ssl/private/${::fqdn}.pem", - ssl_cert => $::openstack_integration::params::cert_path, - ssl => $::openstack_integration::config::ssl, - workers => '2', + bind_host => $::openstack_integration::config::ip_for_url, + ssl_key => "/etc/nova/ssl/private/${::fqdn}.pem", + ssl_cert => $::openstack_integration::params::cert_path, + ssl => $::openstack_integration::config::ssl, + workers => '2', } class { '::nova::client': } class { '::nova::conductor': } @@ -114,6 +117,7 @@ class openstack_integration::nova ( class { '::nova::network::neutron': neutron_auth_url => "${::openstack_integration::config::keystone_admin_uri}/v3", + neutron_url => "http://${::openstack_integration::config::ip_for_url}:9696", neutron_password => 'a_big_secret', }