Use FQDN for MGMT network

The management network is used extensively for all internal communication. Since the original use of the network was a private network before it was exposed for external communication in a distributed cloud configuration, it was never designed to be reconfigured. To support MGMT network reconfiguration the idea is to configure the applications to use the hostname/FQDN instead of a static MGMT IP address. In this way the MGMT network can be changed and the services and applications will still work since they are using the hostname/FQDN and the DNS will be responsible to translate to the current MGMT IP address. The use of FQDN will be applied for all installation modes: AIO-SX, AIO-DX, Standard, AIO-PLUS and DC subclouds. But given the complexities of supporting the multi-host reconfiguration, the MGMT network reconfiguration will focus on support for AIO-SX only. The DNSMASQ service must start as soon as possible to translate the FQDN to IP address. Test plan ( Debian only ) - AIO-SX and AIO-DX virtualbox installation IPv4/IPv6 - Standard virtualbox installation IPv6 - DC virtualbox installation IPv4 ( AIO-SX/DX subclouds ) - AIO-SX and AIO-DX installation IPv4/IPv6 - AIO-DX plus installation IPv6 - DC IPv6 and subcloud AIO-SX - AIO-DX host-swact - DC IPv4 virtualbox with subcloud AIO-DX and AIO-DX - AIO-SX to AIO-DX migration - netstat -tupl ( no services are using the MGMT IP address ) - Ran sanity/regression tests - Backup and Restore for AIO-SX/AIO-DX Story: 2010722 Task: 48447 Depends-On: https://review.opendev.org/c/starlingx/config/+/886208 Depends-On: https://review.opendev.org/c/starlingx/integ/+/887534 Change-Id: I3e24f275cf4cbdeb022742853324540e48adaac4 Signed-off-by: Fabiano Correa Mercer <fabiano.correamercer@windriver.com>
2023-06-15 15:54:43 -03:00 · 2023-06-15 15:54:43 -03:00 · 29a86fe563
commit 29a86fe563
parent 42d1114648
14 changed files with 175 additions and 42 deletions
--- a/puppet-manifests/debian/deb_folder/control
+++ b/puppet-manifests/debian/deb_folder/control
@ -26,7 +26,6 @@ Depends: ${misc:Depends}, puppet,
 puppet-module-keystone,
 puppet-module-openstacklib,
 puppet-module-vswitch,
- puppet-module-saz-memcached,
 puppet-module-puppetlabs-concat,
 puppet-module-puppetlabs-haproxy,
 puppet-module-puppetlabs-inifile,
@ -44,6 +43,7 @@ Depends: ${misc:Depends}, puppet,
 puppet-module-adrienthebo-filemapper,
 puppet-module-camptocamp-kmod,
 puppet-ldap,
+ puppet-memcached,
 puppet-network,
 puppet-module-voxpupuli-collectd,
 python3-ruamel.yaml
--- a/puppet-manifests/src/modules/openstack/manifests/barbican.pp
+++ b/puppet-manifests/src/modules/openstack/manifests/barbican.pp
@ -68,27 +68,49 @@ class openstack::barbican::service (
  $service_enabled = false,
 ) inherits ::openstack::barbican::params {

-  $api_fqdn = $::platform::params::controller_hostname
-  $url_host = "http://${api_fqdn}:${api_port}"
+  include ::platform::params
+  include ::platform::network::mgmt::params
+
+  $system_mode = $::platform::params::system_mode
+  $controller_fqdn = $::platform::params::controller_fqdn
+
+  # gunicorn-config.py doesn't support FQDN in IPv6 scenario,
+  # for IPv4 it works well, for this reason the gunicorn-config.py
+  # will always use the IP address
  if $service_enabled {
-      $enabled = true
-      $api_host = '[::]'
+      $gunicorn_bind = '[::]'
  } else {
-      $enabled = false
-      include ::platform::network::mgmt::params
-      $api_host = $::platform::network::mgmt::params::subnet_version ? {
+      $gunicorn_bind = $::platform::network::mgmt::params::subnet_version ? {
        6       => "[${::platform::network::mgmt::params::controller_address}]",
        default => $::platform::network::mgmt::params::controller_address,
      }
  }

+  if ($::platform::network::mgmt::params::fqdn_ready != undef) {
+    $fqdn_ready = $::platform::network::mgmt::params::fqdn_ready
+  }
+  else {
+    $fqdn_ready = false
+  }
+
+  #use FQDN after bootstrap completed
+  if (str2bool($::is_bootstrap_completed) or
+      $fqdn_ready) {
+    $api_fqdn = $controller_fqdn
+    $api_host = $controller_fqdn
+  } else {
+    $api_fqdn = $::platform::params::controller_hostname
+    $api_host = $gunicorn_bind
+  }
+  $api_href = "http://${api_fqdn}:${api_port}"
+
  # On Debian barbican is set to run by UWSGI by default so
  # it doesn't update gunicorn-config.py. Update it in order
  # to run by gunicorn.
  if $::osfamily == 'Debian' {
    file_line { 'Modify bind_port in gunicorn-config.py':
      path  => '/etc/barbican/gunicorn-config.py',
-      line  => "bind = '${api_host}:${api_port}'",
+      line  => "bind = '${gunicorn_bind}:${api_port}'",
      match => '.*bind = .*',
      tag   => 'modify-bind-port',
    }
@ -97,10 +119,10 @@ class openstack::barbican::service (
  include ::platform::amqp::params

  class { '::barbican::api':
-    enabled                      => $enabled,
+    enabled                      => $service_enabled,
    bind_host                    => $api_host,
    bind_port                    => $api_port,
-    host_href                    => $url_host,
+    host_href                    => $api_href,
    sync_db                      => !$::openstack::barbican::params::service_create,
    enable_proxy_headers_parsing => true,
    rabbit_use_ssl               => $::platform::amqp::params::ssl_enabled,
--- a/puppet-manifests/src/modules/platform/lib/facter/is_bootstrap_completed.rb
+++ b/puppet-manifests/src/modules/platform/lib/facter/is_bootstrap_completed.rb
@ -0,0 +1,7 @@
+# Returns true is this is the initial config for this node
+
+Facter.add("is_bootstrap_completed") do
+  setcode do
+    File.exist?('/etc/platform/.bootstrap_completed')
+  end
+end
--- a/puppet-manifests/src/modules/platform/manifests/amqp.pp
+++ b/puppet-manifests/src/modules/platform/manifests/amqp.pp
@ -9,9 +9,24 @@ class platform::amqp::params (
  $protocol = 'tcp',
  $ssl_enabled = false,
 ) {
-  $transport_url = "rabbit://${auth_user}:${auth_password}@${host_url}:${port}"
-}
+  include ::platform::params
+  include ::platform::network::mgmt::params

+  $system_mode = $::platform::params::system_mode
+
+  if ($::platform::network::mgmt::params::fqdn_ready != undef) {
+    $fqdn_ready = $::platform::network::mgmt::params::fqdn_ready
+  }
+  else {
+    $fqdn_ready = false
+  }
+
+  if (str2bool($::is_bootstrap_completed) or $fqdn_ready) {
+    $transport_url = "rabbit://${auth_user}:${auth_password}@${host}:${port}"
+  } else {
+    $transport_url = "rabbit://${auth_user}:${auth_password}@${host_url}:${port}"
+  }
+}

 class platform::amqp::rabbitmq (
  $service_enabled = false,
--- a/puppet-manifests/src/modules/platform/manifests/config.pp
+++ b/puppet-manifests/src/modules/platform/manifests/config.pp
@ -594,6 +594,10 @@ class platform::config::controller::post
    }
  }

+  file { '/etc/platform/.bootstrap_completed':
+    ensure => present,
+  }
+
  file { '/etc/platform/.initial_controller_config_complete':
    ensure => present,
  }
@ -622,6 +626,10 @@ class platform::config::worker::post
    }
  }

+  file { '/etc/platform/.bootstrap_completed':
+    ensure => present,
+  }
+
  file { '/etc/platform/.initial_worker_config_complete':
    ensure => present,
  }
@ -650,6 +658,10 @@ class platform::config::storage::post
  file { '/var/run/.storage_config_complete':
    ensure => present,
  }
+
+  file { '/etc/platform/.bootstrap_completed':
+    ensure => present,
+  }
 }

 class platform::config::aio::post
@ -661,6 +673,7 @@ class platform::config::aio::post
  file { '/var/run/.controller_config_complete':
    ensure => present,
  }
+
  include ::platform::config::worker::post
 }

--- a/puppet-manifests/src/modules/platform/manifests/dcdbsync.pp
+++ b/puppet-manifests/src/modules/platform/manifests/dcdbsync.pp
@ -30,9 +30,19 @@ class platform::dcdbsync::api
    if $service_create {
      include ::platform::network::mgmt::params

-      $api_host = $::platform::network::mgmt::params::controller_address
-      $api_fqdn = $::platform::params::controller_hostname
-      $url_host = "http://${api_fqdn}:${api_port}"
+      if ($::platform::network::mgmt::params::fqdn_ready != undef) {
+        $fqdn_ready = $::platform::network::mgmt::params::fqdn_ready
+      }
+      else {
+        $fqdn_ready = false
+      }
+
+      if (str2bool($::is_bootstrap_completed) or
+          $fqdn_ready) {
+          $api_host = $::platform::params::controller_fqdn
+      } else {
+          $api_host = $::platform::network::mgmt::params::controller_address
+      }

      class { '::dcdbsync::api':
        bind_host => $api_host,
@ -72,9 +82,19 @@ class platform::dcdbsync::stx_openstack::runtime

      include ::platform::network::mgmt::params

-      $api_host = $::platform::network::mgmt::params::controller_address
-      $api_fqdn = $::platform::params::controller_hostname
-      $url_host = "http://${api_fqdn}:${api_openstack_port}"
+      if ($::platform::network::mgmt::params::fqdn_ready != undef) {
+        $fqdn_ready = $::platform::network::mgmt::params::fqdn_ready
+      }
+      else {
+        $fqdn_ready = false
+      }
+
+      if (str2bool($::is_bootstrap_completed) or
+          $fqdn_ready) {
+            $api_host = $::platform::params::controller_fqdn
+      } else {
+            $api_host = $::platform::network::mgmt::params::controller_address
+      }

      class { '::dcdbsync::openstack_init': }
      class { '::dcdbsync::openstack_api':
--- a/puppet-manifests/src/modules/platform/manifests/dcmanager.pp
+++ b/puppet-manifests/src/modules/platform/manifests/dcmanager.pp
@ -14,7 +14,20 @@ class platform::dcmanager::params (
  include ::platform::params

  include ::platform::network::mgmt::params
-  $api_host = $::platform::network::mgmt::params::controller_address
+
+  if ($::platform::network::mgmt::params::fqdn_ready != undef) {
+    $fqdn_ready = $::platform::network::mgmt::params::fqdn_ready
+  }
+  else {
+    $fqdn_ready = false
+  }
+
+  if (str2bool($::is_bootstrap_completed) or
+      $fqdn_ready) {
+    $api_host = $::platform::params::controller_fqdn
+  } else {
+    $api_host = $::platform::network::mgmt::params::controller_address
+  }
 }


@ -23,13 +36,24 @@ class platform::dcmanager
  if $::platform::params::distributed_cloud_role =='systemcontroller' {
    include ::platform::params
    include ::platform::amqp::params
+    include ::platform::network::mgmt::params

    if $::platform::params::init_database {
      include ::dcmanager::db::postgresql
    }

+    if ($::platform::network::mgmt::params::fqdn_ready != undef) {
+      $fqdn_ready = $::platform::network::mgmt::params::fqdn_ready
+    }
+    else {
+      $fqdn_ready = false
+    }
+
    class { '::dcmanager':
-      rabbit_host     => $::platform::amqp::params::host_url,
+      rabbit_host     => (str2bool($::is_bootstrap_completed) or $fqdn_ready) ? {
+                            true    => $::platform::amqp::params::host,
+                            default => $::platform::amqp::params::host_url,
+                          },
      rabbit_port     => $::platform::amqp::params::port,
      rabbit_userid   => $::platform::amqp::params::auth_user,
      rabbit_password => $::platform::amqp::params::auth_password,
--- a/puppet-manifests/src/modules/platform/manifests/dcorch.pp
+++ b/puppet-manifests/src/modules/platform/manifests/dcorch.pp
@ -21,7 +21,20 @@ class platform::dcorch::params (
  include ::platform::params

  include ::platform::network::mgmt::params
-  $api_host = $::platform::network::mgmt::params::controller_address
+
+  if ($::platform::network::mgmt::params::fqdn_ready != undef) {
+    $fqdn_ready = $::platform::network::mgmt::params::fqdn_ready
+  }
+  else {
+    $fqdn_ready = false
+  }
+
+  if (str2bool($::is_bootstrap_completed) or
+      $fqdn_ready) {
+    $api_host = $::platform::params::controller_fqdn
+  } else {
+    $api_host = $::platform::network::mgmt::params::controller_address
+  }
 }


@ -30,13 +43,24 @@ class platform::dcorch
  if $::platform::params::distributed_cloud_role =='systemcontroller' {
    include ::platform::params
    include ::platform::amqp::params
+    include ::platform::network::mgmt::params

    if $::platform::params::init_database {
      include ::dcorch::db::postgresql
    }

+    if ($::platform::network::mgmt::params::fqdn_ready != undef) {
+      $fqdn_ready = $::platform::network::mgmt::params::fqdn_ready
+    }
+    else {
+      $fqdn_ready = false
+    }
+
    class { '::dcorch':
-      rabbit_host       => $::platform::amqp::params::host_url,
+      rabbit_host       => (str2bool($::is_bootstrap_completed) or $fqdn_ready) ? {
+                              true    => $::platform::amqp::params::host,
+                              default => $::platform::amqp::params::host_url,
+                            },
      rabbit_port       => $::platform::amqp::params::port,
      rabbit_userid     => $::platform::amqp::params::auth_user,
      rabbit_password   => $::platform::amqp::params::auth_password,
--- a/puppet-manifests/src/modules/platform/manifests/dockerdistribution.pp
+++ b/puppet-manifests/src/modules/platform/manifests/dockerdistribution.pp
@ -7,7 +7,6 @@ class platform::dockerdistribution::params (
 define platform::dockerdistribution::write_config (
  $registry_readonly = false,
  $file_path = '/etc/docker-distribution/registry/runtime_config.yml',
-  $docker_registry_ip = undef,
  $docker_registry_host = undef,
  $docker_realm_host = undef,
 ){
@ -71,8 +70,21 @@ class platform::dockerdistribution::config
  include ::platform::haproxy::params
  include ::platform::dockerdistribution::registries

-  $docker_registry_ip = $::platform::network::mgmt::params::controller_address
-  $docker_registry_host = $::platform::network::mgmt::params::controller_address_url
+  $system_mode = $::platform::params::system_mode
+  if ($::platform::network::mgmt::params::fqdn_ready != undef) {
+    $fqdn_ready = $::platform::network::mgmt::params::fqdn_ready
+  }
+  else {
+    $fqdn_ready = false
+  }
+
+  if (str2bool($::is_bootstrap_completed) or
+      $fqdn_ready == true) {
+    $docker_registry_host = $::platform::params::controller_fqdn
+  } else {
+    $docker_registry_host = $::platform::network::mgmt::params::controller_address_url
+  }
+
  $insecure_registries = $::platform::dockerdistribution::registries::insecure_registries

  if $::platform::params::distributed_cloud_role == 'subcloud' {
@ -106,7 +118,6 @@ class platform::dockerdistribution::config
  }

  platform::dockerdistribution::write_config { 'runtime_config':
-    docker_registry_ip   => $docker_registry_ip,
    docker_registry_host => $docker_registry_host,
    docker_realm_host    => $docker_realm_host,
  }
@ -118,7 +129,6 @@ class platform::dockerdistribution::config
  platform::dockerdistribution::write_config { 'readonly_config':
    registry_readonly    => true,
    file_path            => '/etc/docker-distribution/registry/readonly_config.yml',
-    docker_registry_ip   => $docker_registry_ip,
    docker_registry_host => $docker_registry_host,
    docker_realm_host    => $docker_realm_host,
  }
@ -200,8 +210,6 @@ class platform::dockerdistribution::compute
  inherits ::platform::dockerdistribution::params {
  include ::platform::kubernetes::params

-  include ::platform::network::mgmt::params
-
  include ::platform::dockerdistribution::registries
  $insecure_registries = $::platform::dockerdistribution::registries::insecure_registries

--- a/puppet-manifests/src/modules/platform/manifests/exports.pp
+++ b/puppet-manifests/src/modules/platform/manifests/exports.pp
@ -10,8 +10,7 @@ class platform::exports {
  }
  -> file_line { '/etc/exports /etc/platform':
    path  => '/etc/exports',
-    line  => ($::platform::params::system_mode == 'simplex' and
-              $::platform::params::system_type == 'All-in-one') ? {
+    line  => (str2bool($::is_bootstrap_completed)) ? {
                true    => "/etc/platform\t\t (no_root_squash,no_subtree_check,rw)",
                default => "/etc/platform\t\t ${::platform::params::mate_hostname}(no_root_squash,no_subtree_check,rw)",
              },
--- a/puppet-manifests/src/modules/platform/manifests/memcached.pp
+++ b/puppet-manifests/src/modules/platform/manifests/memcached.pp
@ -13,8 +13,9 @@ class platform::memcached::params(
  $controller_0_hostname = $::platform::params::controller_0_hostname
  $controller_1_hostname = $::platform::params::controller_1_hostname
  $system_mode           = $::platform::params::system_mode
+  $system_type           = $::platform::params::system_type

-  if $::platform::params::system_type == 'All-in-one' and
+  if $system_type == 'All-in-one' and
    $::platform::params::distributed_cloud_role != 'systemcontroller' {
    $processorcount = $::platform::params::eng_workers
  } else {
@ -22,22 +23,20 @@ class platform::memcached::params(
  }

  if $system_mode == 'simplex' {
-    $listen_ip = $::platform::network::mgmt::params::controller0_address
+    $listen = $controller_0_hostname
  } else {
    case $::hostname {
      $controller_0_hostname: {
-        $listen_ip = $::platform::network::mgmt::params::controller0_address
+        $listen = $controller_0_hostname
      }
      $controller_1_hostname: {
-        $listen_ip = $::platform::network::mgmt::params::controller1_address
+        $listen = $controller_1_hostname
      }
      default: {
        fail("Hostname must be either ${controller_0_hostname} or ${controller_1_hostname}")
      }
    }
  }
-
-  $listen_ip_version = $::platform::network::mgmt::params::subnet_version
 }


@ -49,7 +48,7 @@ class platform::memcached
  -> class { '::memcached':
    package_ensure  => $package_ensure,
    logfile         => $logfile,
-    listen_ip       => $listen_ip,
+    listen          => $listen,
    tcp_port        => $tcp_port,
    udp_port        => $udp_port,
    max_connections => $max_connections,
--- a/puppet-manifests/src/modules/platform/manifests/network.pp
+++ b/puppet-manifests/src/modules/platform/manifests/network.pp
@ -40,6 +40,7 @@ class platform::network::mgmt::params(
  # network type specific parameters
  # TODO: remove platform_nfs_address when StarlingX rel 6 and 7 are not being used anymore
  $platform_nfs_address = undef,
+  $fqdn_ready = undef,
 ) { }

 class platform::network::oam::params(
--- a/puppet-manifests/src/modules/platform/manifests/params.pp
+++ b/puppet-manifests/src/modules/platform/manifests/params.pp
@ -5,9 +5,11 @@ class platform::params (
  $config_path = undef,
  $controller_0_hostname = undef,
  $controller_1_hostname = undef,
+  $controller_fqdn = undef,
+  $controller_0_fqdn = undef,
+  $controller_1_fqdn = undef,
  $controller_upgrade = false,
  $mate_hostname = undef,
-  $mate_ipaddress = undef,
  $nfs_proto = 'udp',
  $nfs_rw_size = 1024,
  $region_1_name = undef,
--- a/puppet-manifests/src/modules/platform/templates/dnsmasq.conf.erb
+++ b/puppet-manifests/src/modules/platform/templates/dnsmasq.conf.erb
@ -106,6 +106,7 @@ max-cache-ttl=5
 # is not forwarded in all cases, regardless of record type being
 # requested.
 local=/local/
+local=/internal/
 port=53
 bogus-priv
 clear-on-reload
@ -130,11 +131,9 @@ server=/<%= @service_domain %>/<%= @dns_service_ip %>
 cname=registry.local,controller
 cname=registry-token-server.local,controller

-<%- if @system_mode == 'simplex' -%>
 cname=controller,controller.internal
 cname=controller-0,controller-0.internal
 cname=controller-1,controller-1.internal
-<%- end -%>

 <%- if @distributed_cloud_role == 'systemcontroller' -%>
 cname=registry.central,controller