Use internal API endpoints in overcloud API interaction

Connections default to 'public' interface when attempting to run
openstack commands.  This breaks setups where the network hosts are
separate from the controllers.

This change adds an ``openstack_interface`` variable to select the
correct endpoint to use, which defaults to ``internal``.

Co-Authored-By: Michael Senizaiz <michael@r-hpc.com>

Change-Id: Ifa766d2cc3ed7077f03c571398072ad5117701c6
Story: 2006814
Task: 37374
This commit is contained in:
Kayobe deployment user 2019-11-05 22:25:56 +00:00 committed by Mark Goddard
parent a02c65832c
commit 84d17b055e
16 changed files with 33 additions and 2 deletions

View File

@ -37,6 +37,7 @@
auth_type: "{{ openstack_auth_type }}" auth_type: "{{ openstack_auth_type }}"
auth: "{{ openstack_auth }}" auth: "{{ openstack_auth }}"
cacert: "{{ openstack_cacert | default(omit, true) }}" cacert: "{{ openstack_cacert | default(omit, true) }}"
interface: "{{ openstack_interface | default(omit, true) }}"
name: "{{ inventory_hostname }}" name: "{{ inventory_hostname }}"
timeout: "{{ baremetal_compute_timeout }}" timeout: "{{ baremetal_compute_timeout }}"
wait: "{{ baremetal_compute_wait }}" wait: "{{ baremetal_compute_wait }}"

View File

@ -35,6 +35,7 @@
os_ironic_state_auth_type: "{{ openstack_auth_type }}" os_ironic_state_auth_type: "{{ openstack_auth_type }}"
os_ironic_state_auth: "{{ openstack_auth }}" os_ironic_state_auth: "{{ openstack_auth }}"
os_ironic_state_cacert: "{{ openstack_cacert }}" os_ironic_state_cacert: "{{ openstack_cacert }}"
os_ironic_state_interface: "{{ openstack_interface }}"
os_ironic_state_name: "{{ inventory_hostname }}" os_ironic_state_name: "{{ inventory_hostname }}"
os_ironic_state_provision_state: "manage" os_ironic_state_provision_state: "manage"
os_ironic_state_wait: "{{ baremetal_compute_wait }}" os_ironic_state_wait: "{{ baremetal_compute_wait }}"

View File

@ -35,6 +35,7 @@
os_ironic_state_auth_type: "{{ openstack_auth_type }}" os_ironic_state_auth_type: "{{ openstack_auth_type }}"
os_ironic_state_auth: "{{ openstack_auth }}" os_ironic_state_auth: "{{ openstack_auth }}"
os_ironic_state_cacert: "{{ openstack_cacert }}" os_ironic_state_cacert: "{{ openstack_cacert }}"
os_ironic_state_interface: "{{ openstack_interface }}"
os_ironic_state_name: "{{ inventory_hostname }}" os_ironic_state_name: "{{ inventory_hostname }}"
os_ironic_state_provision_state: "provide" os_ironic_state_provision_state: "provide"
os_ironic_state_wait: "{{ baremetal_compute_wait }}" os_ironic_state_wait: "{{ baremetal_compute_wait }}"

View File

@ -30,6 +30,9 @@ openstack_auth:
# Overcloud CA certificate path. # Overcloud CA certificate path.
openstack_cacert: "{{ lookup('env', 'OS_CACERT') }}" openstack_cacert: "{{ lookup('env', 'OS_CACERT') }}"
# Overcloud interface (public, internal, admin).
openstack_interface: internal
# Overcloud authentication environment variables. These should be compatible # Overcloud authentication environment variables. These should be compatible
# with the openstack client. # with the openstack client.
# By default we pull these from the environment of the shell executing Ansible. # By default we pull these from the environment of the shell executing Ansible.

View File

@ -130,3 +130,4 @@
ironic_inspector_auth_type: "{{ openstack_auth_type }}" ironic_inspector_auth_type: "{{ openstack_auth_type }}"
ironic_inspector_auth: "{{ openstack_auth }}" ironic_inspector_auth: "{{ openstack_auth }}"
ironic_inspector_cacert: "{{ openstack_cacert }}" ironic_inspector_cacert: "{{ openstack_cacert }}"
ironic_inspector_interface: "{{ openstack_interface }}"

View File

@ -64,6 +64,7 @@
ironic_inspector_auth_type: "{{ openstack_auth_type }}" ironic_inspector_auth_type: "{{ openstack_auth_type }}"
ironic_inspector_auth: "{{ openstack_auth }}" ironic_inspector_auth: "{{ openstack_auth }}"
ironic_inspector_cacert: "{{ openstack_cacert }}" ironic_inspector_cacert: "{{ openstack_cacert }}"
ironic_inspector_interface: "{{ openstack_interface }}"
ironic_inspector_rules: "{{ inspector_rules }}" ironic_inspector_rules: "{{ inspector_rules }}"
# These variables may be referenced in the introspection rules. # These variables may be referenced in the introspection rules.
inspector_rule_var_ipmi_username: "{{ inspector_ipmi_username }}" inspector_rule_var_ipmi_username: "{{ inspector_ipmi_username }}"

View File

@ -107,4 +107,5 @@
ipa_images_openstack_auth: "{{ openstack_auth }}" ipa_images_openstack_auth: "{{ openstack_auth }}"
ipa_images_openstack_auth_env: "{{ openstack_auth_env }}" ipa_images_openstack_auth_env: "{{ openstack_auth_env }}"
ipa_images_openstack_cacert: "{{ openstack_cacert }}" ipa_images_openstack_cacert: "{{ openstack_cacert }}"
ipa_images_openstack_interface: "{{ openstack_interface }}"
ipa_images_cache_path: "{{ image_cache_path }}/{{ ipa_image_name }}" ipa_images_cache_path: "{{ image_cache_path }}/{{ ipa_image_name }}"

View File

@ -68,6 +68,7 @@
os_networks_auth_type: "{{ openstack_auth_type }}" os_networks_auth_type: "{{ openstack_auth_type }}"
os_networks_auth: "{{ openstack_auth }}" os_networks_auth: "{{ openstack_auth }}"
os_networks_cacert: "{{ openstack_cacert | default(omit, true) }}" os_networks_cacert: "{{ openstack_cacert | default(omit, true) }}"
os_networks_interface: "{{ openstack_interface | default(omit, true) }}"
# Network configuration. # Network configuration.
os_networks: "{{ network_registrations }}" os_networks: "{{ network_registrations }}"
tasks: tasks:
@ -96,6 +97,7 @@
auth: "{{ openstack_auth }}" auth: "{{ openstack_auth }}"
auth_type: "{{ openstack_auth_type }}" auth_type: "{{ openstack_auth_type }}"
cacert: "{{ openstack_cacert | default(omit, true) }}" cacert: "{{ openstack_cacert | default(omit, true) }}"
interface: "{{ openstack_interface | default(omit, true) }}"
name: "{{ provision_net.name }}" name: "{{ provision_net.name }}"
register: provisioning_network_facts register: provisioning_network_facts
@ -112,6 +114,7 @@
auth: "{{ openstack_auth }}" auth: "{{ openstack_auth }}"
auth_type: "{{ openstack_auth_type }}" auth_type: "{{ openstack_auth_type }}"
cacert: "{{ openstack_cacert | default(omit, true) }}" cacert: "{{ openstack_cacert | default(omit, true) }}"
interface: "{{ openstack_interface | default(omit, true) }}"
name: "{{ cleaning_net.name }}" name: "{{ cleaning_net.name }}"
register: cleaning_network_facts register: cleaning_network_facts

View File

@ -20,6 +20,9 @@ ipa_images_openstack_auth_env: {}
# CA certificate path. # CA certificate path.
ipa_images_openstack_caert: ipa_images_openstack_caert:
# Interface (public, internal, admin).
ipa_images_openstack_interface:
# Path to directory in which to store downloaded images. # Path to directory in which to store downloaded images.
ipa_images_cache_path: ipa_images_cache_path:

View File

@ -71,6 +71,7 @@
auth_type: "{{ ipa_images_openstack_auth_type }}" auth_type: "{{ ipa_images_openstack_auth_type }}"
auth: "{{ ipa_images_openstack_auth }}" auth: "{{ ipa_images_openstack_auth }}"
cacert: "{{ ipa_images_openstack_cacert | default(omit, true) }}" cacert: "{{ ipa_images_openstack_cacert | default(omit, true) }}"
interface: "{{ ipa_images_openstack_interface | default(omit, true) }}"
image: "{{ ipa_images_kernel_name }}" image: "{{ ipa_images_kernel_name }}"
- name: Set a fact containing the Ironic Python Agent (IPA) kernel image - name: Set a fact containing the Ironic Python Agent (IPA) kernel image
@ -82,6 +83,7 @@
auth_type: "{{ ipa_images_openstack_auth_type }}" auth_type: "{{ ipa_images_openstack_auth_type }}"
auth: "{{ ipa_images_openstack_auth }}" auth: "{{ ipa_images_openstack_auth }}"
cacert: "{{ ipa_images_openstack_cacert | default(omit, true) }}" cacert: "{{ ipa_images_openstack_cacert | default(omit, true) }}"
interface: "{{ ipa_images_openstack_interface | default(omit, true) }}"
image: "{{ ipa_images_ramdisk_name }}" image: "{{ ipa_images_ramdisk_name }}"
- name: Set a fact containing the Ironic Python Agent (IPA) ramdisk image - name: Set a fact containing the Ironic Python Agent (IPA) ramdisk image
@ -114,6 +116,7 @@
auth_type: "{{ ipa_images_openstack_auth_type }}" auth_type: "{{ ipa_images_openstack_auth_type }}"
auth: "{{ ipa_images_openstack_auth }}" auth: "{{ ipa_images_openstack_auth }}"
cacert: "{{ ipa_images_openstack_cacert | default(omit, true) }}" cacert: "{{ ipa_images_openstack_cacert | default(omit, true) }}"
interface: "{{ ipa_images_openstack_interface | default(omit, true) }}"
name: "{{ item.name }}" name: "{{ item.name }}"
container_format: "{{ item.format }}" container_format: "{{ item.format }}"
disk_format: "{{ item.format }}" disk_format: "{{ item.format }}"

View File

@ -5,6 +5,7 @@
auth_type: "{{ ipa_images_openstack_auth_type }}" auth_type: "{{ ipa_images_openstack_auth_type }}"
auth: "{{ ipa_images_openstack_auth }}" auth: "{{ ipa_images_openstack_auth }}"
cacert: "{{ ipa_images_openstack_cacert | default(omit, true) }}" cacert: "{{ ipa_images_openstack_cacert | default(omit, true) }}"
interface: "{{ ipa_images_openstack_interface | default(omit, true) }}"
image: "{{ item.name }}" image: "{{ item.name }}"
with_items: with_items:
- name: "{{ ipa_images_kernel_name }}" - name: "{{ ipa_images_kernel_name }}"

View File

@ -14,6 +14,9 @@ ironic_inspector_auth: {}
# CA certificate path. # CA certificate path.
ironic_inspector_cacert: ironic_inspector_cacert:
# Interface (public, internal, admin).
ironic_inspector_interface:
# URL of Ironic Inspector API endpoint. # URL of Ironic Inspector API endpoint.
ironic_inspector_url: ironic_inspector_url:

View File

@ -85,6 +85,7 @@ def _build_client(module):
api_version = (1, 14) api_version = (1, 14)
client = ironic_inspector_client.v1.ClientV1( client = ironic_inspector_client.v1.ClientV1(
inspector_url=module.params['inspector_url'], inspector_url=module.params['inspector_url'],
interface=module.params['interface'],
session=session, region_name=module.params['region_name'], session=session, region_name=module.params['region_name'],
api_version=api_version) api_version=api_version)
return client return client

View File

@ -20,6 +20,7 @@
auth_type: "{{ ironic_inspector_auth_type }}" auth_type: "{{ ironic_inspector_auth_type }}"
auth: "{{ ironic_inspector_auth }}" auth: "{{ ironic_inspector_auth }}"
cacert: "{{ ironic_inspector_cacert | default(omit, true) }}" cacert: "{{ ironic_inspector_cacert | default(omit, true) }}"
interface: "{{ ironic_inspector_interface | default(omit, true) }}"
conditions: "{{ item.conditions }}" conditions: "{{ item.conditions }}"
actions: "{{ item.actions }}" actions: "{{ item.actions }}"
description: "{{ item.description | default(omit) }}" description: "{{ item.description | default(omit) }}"

View File

@ -0,0 +1,7 @@
---
fixes:
- |
Fixes an issue where ``kayobe overcloud post configure`` would use the
public OpenStack API interface, which might not be accessible from the
control hosts. See `story 2006814
<https://storyboard.openstack.org/#!/story/2006814>`__ for details.

View File

@ -32,9 +32,9 @@
- src: stackhpc.os-images - src: stackhpc.os-images
version: v1.4.0 version: v1.4.0
- src: stackhpc.os-ironic-state - src: stackhpc.os-ironic-state
version: v1.1.0 version: v1.2.0
- src: stackhpc.os-networks - src: stackhpc.os-networks
version: v1.1.0 version: v1.2.0
- src: stackhpc.os-openstackclient - src: stackhpc.os-openstackclient
version: v1.3.0 version: v1.3.0
- src: stackhpc.os-shade - src: stackhpc.os-shade