Adds configuration option for separate cleaning network

To improve network isolation it is desirable to perform
cleaning on a separate network. A new network, `cleaning_net`
was added. If cleaning_net_name is not overriden cleaning
will still be performed on the workload provisioning network
to maintain backwards compatability.

Story: 2002097
Task: 19775
Change-Id: I7dd246ca830820f9c2468b281f6ac8f0db2e9cbe
This commit is contained in:
Will Szumski 2018-05-26 12:32:51 +01:00
parent 4bd25a8d20
commit 0511f67eb2
8 changed files with 89 additions and 17 deletions

View File

@ -24,7 +24,8 @@ controller_default_network_interfaces: >
inspection_net_name, inspection_net_name,
internal_net_name, internal_net_name,
storage_net_name, storage_net_name,
storage_mgmt_net_name] | unique | list }} storage_mgmt_net_name,
cleaning_net_name] | unique | list }}
# List of extra networks to which controller nodes are attached. # List of extra networks to which controller nodes are attached.
controller_extra_network_interfaces: [] controller_extra_network_interfaces: []

View File

@ -112,7 +112,7 @@ kolla_ironic_default_vendor_interface: no-vendor
kolla_ironic_default_boot_option: local kolla_ironic_default_boot_option: local
# Name of the Neutron network to use for cleaning. # Name of the Neutron network to use for cleaning.
kolla_ironic_cleaning_network: 'provision-net' kolla_ironic_cleaning_network: "{{ kolla_ironic_provisioning_network if cleaning_net_name == provision_wl_net_name else 'cleaning-net' }}"
# Name of the Neutron network to use for provisioning. # Name of the Neutron network to use for provisioning.
kolla_ironic_provisioning_network: 'provision-net' kolla_ironic_provisioning_network: 'provision-net'

View File

@ -47,6 +47,10 @@ storage_mgmt_net_name: 'storage_mgmt_net'
# workload hosts. # workload hosts.
inspection_net_name: 'inspection_net' inspection_net_name: 'inspection_net'
# Name of the network used to perform cleaning on the bare metal workload
# hosts
cleaning_net_name: "{{ provision_wl_net_name }}"
############################################################################### ###############################################################################
# Network interface naming conventions. # Network interface naming conventions.

View File

@ -126,7 +126,7 @@
{{ kolla_neutron_bridge_interfaces | {{ kolla_neutron_bridge_interfaces |
union([item | net_interface(network_host) | replace('.' ~ item | net_vlan(network_host) | default('!nomatch!'), '')]) | union([item | net_interface(network_host) | replace('.' ~ item | net_vlan(network_host) | default('!nomatch!'), '')]) |
list }} list }}
with_items: "{{ [provision_wl_net_name] + external_net_names }}" with_items: "{{ [provision_wl_net_name, cleaning_net_name] + external_net_names | unique | list }}"
when: item in hostvars[network_host].network_interfaces when: item in hostvars[network_host].network_interfaces
- name: Set facts containing the Neutron bridge and interface names - name: Set facts containing the Neutron bridge and interface names

View File

@ -88,7 +88,7 @@
set_fact: set_fact:
veth_bridge_mtu_map: > veth_bridge_mtu_map: >
{{ veth_bridge_mtu_map | combine({interface: mtu}) }} {{ veth_bridge_mtu_map | combine({interface: mtu}) }}
with_items: "{{ [provision_wl_net_name] + external_net_names }}" with_items: "{{ [provision_wl_net_name, cleaning_net_name] + external_net_names | unique | list }}"
when: item in network_interfaces when: item in network_interfaces
vars: vars:
interface: "{{ item | net_interface | replace('.' ~ item | net_vlan | default('!nomatch!'), '') }}" interface: "{{ item | net_interface | replace('.' ~ item | net_vlan | default('!nomatch!'), '') }}"

View File

@ -3,17 +3,46 @@
hosts: controllers hosts: controllers
tags: tags:
- provision-net - provision-net
- cleaning-net
tasks: tasks:
- name: Create controllers group with ironic enabled - name: Create controllers group with ironic enabled
group_by: group_by:
key: "controllers_for_provision_net_{{ kolla_enable_ironic | bool }}" key: "controllers_for_provision_net_{{ kolla_enable_ironic | bool }}"
- name: Ensure provisioning network and subnet are registered in neutron - name: Ensure provisioning and cleaning networks and subnets are registered in neutron
# Only required to run on a single host. # Only required to run on a single host.
hosts: controllers_for_provision_net_True[0] hosts: controllers_for_provision_net_True[0]
gather_facts: False gather_facts: False
vars:
provision_net:
name: "{{ kolla_ironic_provisioning_network }}"
provider_network_type: "{% if provision_wl_net_name | net_vlan %}vlan{% else %}flat{% endif %}"
provider_physical_network: "{{ provision_wl_net_name | net_physical_network | default('physnet1', True) }}"
provider_segmentation_id: "{{ provision_wl_net_name | net_vlan }}"
shared: True
subnets:
- name: "{{ kolla_ironic_provisioning_network }}"
cidr: "{{ provision_wl_net_name | net_cidr }}"
gateway_ip: "{{ provision_wl_net_name | net_neutron_gateway or provision_wl_net_name | net_gateway }}"
allocation_pool_start: "{{ provision_wl_net_name | net_neutron_allocation_pool_start }}"
allocation_pool_end: "{{ provision_wl_net_name | net_neutron_allocation_pool_end }}"
cleaning_net:
name: "{{ kolla_ironic_cleaning_network }}"
provider_network_type: "{% if cleaning_net_name | net_vlan %}vlan{% else %}flat{% endif %}"
provider_physical_network: "{{ cleaning_net_name | net_physical_network | default('physnet1', True) }}"
provider_segmentation_id: "{{ cleaning_net_name | net_vlan }}"
shared: True
subnets:
- name: "{{ kolla_ironic_cleaning_network }}"
cidr: "{{ cleaning_net_name | net_cidr }}"
gateway_ip: "{{ cleaning_net_name | net_neutron_gateway or cleaning_net_name | net_gateway }}"
allocation_pool_start: "{{ cleaning_net_name | net_neutron_allocation_pool_start }}"
allocation_pool_end: "{{ cleaning_net_name | net_neutron_allocation_pool_end }}"
network_registrations:
- "{{ provision_net }}"
tags: tags:
- provision-net - provision-net
- cleaning-net
pre_tasks: pre_tasks:
- name: Validate OpenStack password authentication parameters - name: Validate OpenStack password authentication parameters
fail: fail:
@ -34,15 +63,4 @@
os_networks_auth_type: "{{ openstack_auth_type }}" os_networks_auth_type: "{{ openstack_auth_type }}"
os_networks_auth: "{{ openstack_auth }}" os_networks_auth: "{{ openstack_auth }}"
# Network configuration. # Network configuration.
os_networks: os_networks: "{{ network_registrations + ([] if cleaning_net_name == provision_wl_net_name else [cleaning_net]) }}"
- name: "{{ kolla_ironic_provisioning_network }}"
provider_network_type: "{% if provision_wl_net_name | net_vlan %}vlan{% else %}flat{% endif %}"
provider_physical_network: "{{ provision_wl_net_name | net_physical_network | default('physnet1', True) }}"
provider_segmentation_id: "{{ provision_wl_net_name | net_vlan }}"
shared: True
subnets:
- name: "{{ kolla_ironic_provisioning_network }}"
cidr: "{{ provision_wl_net_name | net_cidr }}"
gateway_ip: "{{ provision_wl_net_name | net_neutron_gateway or provision_wl_net_name | net_gateway }}"
allocation_pool_start: "{{ provision_wl_net_name | net_neutron_allocation_pool_start }}"
allocation_pool_end: "{{ provision_wl_net_name | net_neutron_allocation_pool_end }}"

View File

@ -410,6 +410,9 @@ Workload out-of-band network (``oob_wl_net_name``)
Workload provisioning network (``provision_wl_net_name``) Workload provisioning network (``provision_wl_net_name``)
Name of the network used by the overcloud hosts to provision the bare metal Name of the network used by the overcloud hosts to provision the bare metal
workload hosts. workload hosts.
Workload cleaning network (``cleaning_net_name``)
Name of the network used by the overcloud hosts to clean the baremetal
workload hosts.
Internal network (``internal_net_name``) Internal network (``internal_net_name``)
Name of the network used to expose the internal OpenStack API endpoints. Name of the network used to expose the internal OpenStack API endpoints.
Public network (``public_net_name``) Public network (``public_net_name``)
@ -447,6 +450,7 @@ To configure network roles in a system with two networks, ``example1`` and
storage_net_name: example2 storage_net_name: example2
storage_mgmt_net_name: example2 storage_mgmt_net_name: example2
inspection_net_name: example2 inspection_net_name: example2
cleaning_net_name: example2
Overcloud Provisioning Network Overcloud Provisioning Network
------------------------------ ------------------------------
@ -473,6 +477,35 @@ To configure a network called ``example`` with an inspection allocation pool:
This pool should not overlap with a kayobe allocation pool on the same This pool should not overlap with a kayobe allocation pool on the same
network. network.
Workload Cleaning Network
-------------------------
A separate cleaning network, which is used by the overcloud to clean baremetal
workload (compute) hosts, may optionally be specified. Otherwise,
the Workload Provisoning network is used. It is necessary to define an IP
allocation pool for neutron using the
``neutron_allocation_pool_start`` and ``neutron_allocation_pool_end``
attributes of the cleaning network. This controls the IP addresses that are
assigned to workload hosts during cleaning.
.. note::
This example assumes that the ``example`` network is mapped to
``cleaning_net_name``.
To configure a network called ``example`` with a neutron provisioning
allocation pool:
.. code-block:: yaml
example_neutron_allocation_pool_start: 10.0.1.128
example_neutron_allocation_pool_end: 10.0.1.195
.. note::
This pool should not overlap with a kayobe or inspection allocation pool on
the same network.
Workload Provisioning Network Workload Provisioning Network
----------------------------- -----------------------------
@ -588,6 +621,7 @@ By default, controllers are attached to the following networks:
* workload (compute) out-of-band network * workload (compute) out-of-band network
* workload (compute) provisioning network * workload (compute) provisioning network
* workload (compute) inspection network * workload (compute) inspection network
* workload (compute) cleaning network
* internal network * internal network
* storage network * storage network
* storage management network * storage management network

View File

@ -43,6 +43,10 @@
# workload hosts. # workload hosts.
#inspection_net_name: #inspection_net_name:
# Name of the network used to perform cleaning on the bare metal workload
# hosts
#cleaning_net_name:
############################################################################### ###############################################################################
# Network definitions. # Network definitions.
@ -136,6 +140,17 @@
# storage_mgmt_net_mtu: # storage_mgmt_net_mtu:
# storage_mgmt_net_routes: # storage_mgmt_net_routes:
# Cleaning network IP information.
# cleaning_net_cidr:
# cleaning_net_allocation_pool_start:
# cleaning_net_allocation_pool_end:
# cleaning_net_neutron_allocation_pool_start:
# cleaning_net_neutron_allocation_pool_end:
# cleaning_net_gateway:
# cleaning_net_vlan:
# cleaning_net_mtu:
# cleaning_net_routes:
############################################################################### ###############################################################################
# Network virtual patch link configuration. # Network virtual patch link configuration.