Octavia will create the network + upload image upon request itself

This is needed to simplify an intgrated AIO deploy

Change-Id: I7b8a2314a23281a4369d431aba280e0c0dc66f22

defaults/main.yml

@@ -37,6 +37,10 @@ octavia_fatal_deprecations: False
 
 octavia_clients_endpoint: internalURL
 
+# Workaround for https://bugs.launchpad.net/octavia/+bug/1704468
+# API haproxy needs "/" to return 200 for healthcheck
+octavia_auth_strategy: noauth
+
 ## DB
 octavia_galera_user: octavia
 octavia_galera_database: octavia
@@ -143,6 +147,7 @@ octavia_requires_pip_packages:
   - shade
   - virtualenv
   - virtualenv-tools
+  - python-openstackclient
 
 # Common pip packages
 octavia_pip_packages:
@@ -212,6 +217,14 @@ octavia_loadbalancer_topology: SINGLE
 octavia_glance_image_tag: octavia-amphora-image
 # add here the id of the image owner to avoid faked images being used
 octavia_amp_image_owner_id:
+# add here the glance image id if tagging is not used (not recommended for prod)
+octavia_amp_image_id:
+# add here the file name of the image if it should be uplaoded automatically
+# Note: This does not support image tags so don't use for prod
+octavia_amp_image_file_name:
+# enable uploading image to glance automatically
+# Note: This does not support image tags so don't use for prod
+octavia_amp_image_upload_enabled: False
 # Name of the Octavia security group
 octavia_security_group_name: octavia_sec_grp
 # Restrict access to only authorized hosts
@@ -279,6 +292,14 @@ octavia_user_haproxy_templates: {}
 octavia_neutron_management_network_name: lbaas-mgmt
 # Name of the provider net in the system
 octavia_provider_network_name: lbaas
+# Network type
+octavia_provider_network_type: flat
+# Network CIDR
+octavia_management_net_subnet_cidr: 172.29.232.0/22
+# Do we require the Neutron DHCP server
+octavia_management_net_dhcp: "True"
+# Should Octavia set up the network and subnet?
+octavia_service_net_setup: True
 # This sets it to the container managment network based on how you setup
 # the provider net
 octavia_container_network_name: "{{ octavia_provider_network_name }}_address"

doc/source/configure-octavia.rst

@@ -57,24 +57,14 @@ name. Furthermore, the system tries to infer certain values based on the
 inventory which might not always work and hence might need to be explicitly
 declared. Review the file ``defaults\main.yml`` for more information.
 
-The following is an example how to set up a provider network in neutron:
+Octavia can create the required neutron networks itself. Please review the
-
+corresponding settings - especially ``octavia_service_net_subnet_cidr``
-
+needs to be adjusted. Alternatively, they can be created elsewhere and
-.. code-block:: bash
+consumed by Octavia.
-
-    neutron net-create lbaas-mgmt --shared \
-                                    --provider:network_type flat \
-                                    --provider:physical_network lbaas
-
-    neutron subnet-create mgmt-net 172.19.0.0/22 --name lbaas-subnet
-                          --ip-version=4 \
-                          --allocation-pool start=172.19.1.100,end=172.19.1.200 \
-                          --enable-dhcp \
-                          --dns-nameservers list=true 8.8.4.4 8.8.8.8
 
 Special attention needs to be applied to the ``--allocation-pool`` to not have
-ips which overlap with ips assigned to hosts or containers (see the ``used_ips``
+ips which overlap with ips assigned to hosts or containers (see the
-variable in ``openstack_user_config.yml``)
+``used_ips`` variable in ``openstack_user_config.yml``)
 
 .. note::
     The system will deploy an iptables firewall if ``octavia_ip_tables_fw`` is set

releasenotes/notes/add_image_upload_and_network_preparation-a414d45b624652a3.yaml

@@ -0,0 +1,11 @@
+---
+features:
+  - Adds a way for the system to automatically create the Octavia management
+    network if octavia_service_net_setup is enabled (DEFAULT). Additional
+    parameters can control the setup.
+  - Adds support for glance-image-id and automatic uploading of the image
+    if octavia_amp_image_upload_enabled is True (Default is False). This is
+    mostly tp work around the limitations of Ansible's OpenStack support
+    and should not be used in prodcution settings. Instead refer to the
+    documentation to upload images yourself.
+

tasks/octavia_mgmt_network.yml

@@ -13,6 +13,45 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+- name: Create mgmt network
+  os_network:
+    auth:
+      auth_url: "{{ keystone_service_adminurl }}"
+      username: "{{ octavia_service_user_name }}"
+      password: "{{ octavia_service_password }}"
+      project_name: "{{ octavia_service_project_name }}"
+      user_domain_name: "{{ octavia_service_user_domain_id }}"
+      project_domain_name: "{{ octavia_service_project_domain_id }}"
+    endpoint_type: "{{ octavia_ansible_endpoint_type }}"
+    region_name: "{{ octavia_service_region }}"
+    validate_certs: "{{ keystone_service_adminuri_insecure }}"
+    auth_type: "{{ octavia_keystone_auth_plugin }}"
+    state: present
+    name: "{{ octavia_neutron_management_network_name }}"
+    provider_network_type: "{{ octavia_provider_network_type }}"
+    provider_physical_network: "{{ octavia_provider_network_name }}"
+  when: octavia_service_net_setup
+
+- name: Ensure mgmt subnet exists
+  os_subnet:
+    auth:
+      auth_url: "{{ keystone_service_adminurl }}"
+      username: "{{ octavia_service_user_name }}"
+      password: "{{ octavia_service_password }}"
+      project_name: "{{ octavia_service_project_name }}"
+      user_domain_name: "{{ octavia_service_user_domain_id }}"
+      project_domain_name: "{{ octavia_service_project_domain_id }}"
+    endpoint_type: "{{ octavia_ansible_endpoint_type }}"
+    region_name: "{{ octavia_service_region }}"
+    validate_certs: "{{ keystone_service_adminuri_insecure }}"
+    auth_type: "{{ octavia_keystone_auth_plugin }}"
+    state: present
+    network_name: "{{ octavia_neutron_management_network_name }}"
+    name: "{{ octavia_neutron_management_network_name }}-subnet"
+    cidr: "{{ octavia_management_net_subnet_cidr }}"
+    enable_dhcp: "{{ octavia_management_net_dhcp }}"
+  when: octavia_service_net_setup
+
 - name: Get neutron network
   os_networks_facts:
     auth:

tasks/octavia_post_install.yml

@@ -56,6 +56,54 @@
     - src: "{{ octavia_ca_private_key }}"
       dest: "/etc/octavia/certs/ca_key.pem"
 
+- name: Copy image
+  copy:
+    src: "{{ octavia_amp_image_file_name}}"
+    dest: "{{ octavia_amp_image_file_name}}"
+  when: octavia_amp_image_upload_enabled
+
+- name: Upload image to glance
+  os_image:
+    auth:
+      auth_url: "{{ keystone_service_adminurl }}"
+      username: "{{ octavia_service_user_name }}"
+      password: "{{ octavia_service_password }}"
+      project_name: "{{ octavia_service_project_name }}"
+      user_domain_name: "{{ octavia_service_user_domain_id }}"
+      project_domain_name: "{{ octavia_service_project_domain_id }}"
+    endpoint_type: "{{ octavia_ansible_endpoint_type }}"
+    region_name: "{{ octavia_service_region }}"
+    validate_certs: "{{ keystone_service_adminuri_insecure }}"
+    auth_type: "{{ octavia_keystone_auth_plugin }}"
+    name: amphora-x64-haproxy
+    container_format: bare
+    disk_format: qcow2
+    state: present
+    filename: "{{ octavia_amp_image_file_name}}"
+    is_public:
+  when: octavia_amp_image_upload_enabled
+
+- name: Get image uuid
+  os_image_facts:
+    auth:
+      auth_url: "{{ keystone_service_adminurl }}"
+      username: "{{ octavia_service_user_name }}"
+      password: "{{ octavia_service_password }}"
+      project_name: "{{ octavia_service_project_name }}"
+      user_domain_name: "{{ octavia_service_user_domain_id }}"
+      project_domain_name: "{{ octavia_service_project_domain_id }}"
+    endpoint_type: "{{ octavia_ansible_endpoint_type }}"
+    region_name: "{{ octavia_service_region }}"
+    validate_certs: "{{ keystone_service_adminuri_insecure }}"
+    auth_type: "{{ octavia_keystone_auth_plugin }}"
+    image: amphora-x64-haproxy
+  when: octavia_amp_image_upload_enabled
+
+- name: Set image UUID fact
+  set_fact:
+     octavia_amp_image_id: "{{ openstack_image.id }}"
+  when: octavia_amp_image_upload_enabled
+
 - name: Copy user provided HAProxy templates
   copy:
     src: "{{ item.src }}"

templates/octavia.conf.j2

@@ -24,6 +24,8 @@ bind_port = {{ octavia_service_port }}
 
 transport_url = rabbit://{% for host in octavia_rabbitmq_servers.split(',') %}{{ octavia_rabbitmq_userid }}:{{ octavia_rabbitmq_password }}@{{ host }}:{{ octavia_rabbitmq_port }}{% if not loop.last %},{% else %}/{{ octavia_rabbitmq_vhost }}{% endif %}{% endfor %}
 
+# for pre Pike
+auth_strategy = {{ octavia_auth_strategy }}
 # pre Ocata
 [oslo_messaging_rabbit]
 ssl = {{ octavia_rabbitmq_use_ssl }}
@@ -156,7 +158,7 @@ server_ca = /etc/octavia/certs/server_ca.pem
 # amp_active_wait_sec = 10
 # Glance parameters to extract image ID to use for amphora. Only one of
 # parameters is needed. Using tags is the recommended way to refer to images.
-# amp_image_id =
+amp_image_id = {{ octavia_amp_image_id }}
 amp_image_tag = {{ octavia_glance_image_tag }}
 # Optional owner ID used to restrict glance images to one owner ID.
 # This is a recommended security setting.

tests/os_octavia-overrides.yml

@@ -84,6 +84,7 @@ neutron_metadata: True
 octavia_pip_package_state: latest
 octavia_package_state: latest
 octavia_neutron_management_network_name: lbaas-mgmt
+octavia_management_net_subnet_cidr: 10.1.7.0/24
 
 octavia_git_install_branch: stable/ocata
 

tests/test-configure-octavia.yml

@@ -81,34 +81,5 @@
       until: install_packages|success
       retries: 5
       delay: 2
-    - name: Create mgmt network
-      os_network:
-        auth:
-          auth_url: "http://{{ test_keystone_host }}:5000/v3"
-          username: "{{ keystone_admin_user_name }}"
-          password: "{{ keystone_auth_admin_password }}"
-          project_name: "admin"
-          user_domain_name: "Default"
-          project_domain_name: "Default"
-        endpoint_type: "internal"
-        state: present
-        name: "{{ octavia_neutron_management_network_name }}"
-        provider_network_type: "flat"
-        provider_physical_network: "lbaas"
-    - name: Ensure mgmt subnet exists
-      os_subnet:
-        auth:
-          auth_url: "http://{{ test_keystone_host }}:5000/v3"
-          username: "{{ keystone_admin_user_name }}"
-          password: "{{ keystone_auth_admin_password }}"
-          project_name: "admin"
-          user_domain_name: "Default"
-          project_domain_name: "Default"
-        endpoint_type: "internal"
-        state: present
-        network_name: "{{ octavia_neutron_management_network_name }}"
-        name: "lbaas-mgmt-subnet"
-        cidr: "10.1.7.0/24"
-
   vars_files:
     - common/test-vars.yml