tripleo-heat-templates/environments/network-isolation-v6.j2.yaml

# NOTE: This template is now deprecated, and is only included for compatibility
# when upgrading a deployment where this template was originally used. For new
# deployments, set "ipv6: true" on desired networks in network_data.yaml, and
# include network-isolation.yaml.
#
# Enable the creation of Neutron networks for isolated Overcloud
# traffic and configure each role to assign ports (related
# to that role) on these networks.
resource_registry:
  # networks as defined in network_data.yaml
  {%- for network in networks if network.enabled|default(true) %}
    {%- if network.name != 'Tenant' %}
  OS::TripleO::Network::{{network.name}}: ../network/{{network.name_lower|default(network.name.lower())}}_v6.yaml
    {%- else %}
    # IPv4 until OVS and Neutron support IPv6 tunnel endpoints
  OS::TripleO::Network::{{network.name}}: ../network/{{network.name_lower|default(network.name.lower())}}.yaml
    {%- endif %}
  {%- endfor %}

  # Port assignments for the VIPs
  {%- for network in networks if network.vip and network.enabled|default(true) %}
  OS::TripleO::Network::Ports::{{network.name}}VipPort: ../network/ports/{{network.name_lower|default(network.name.lower())}}_v6.yaml
  {%- endfor %}

  OS::TripleO::Network::Ports::RedisVipPort: ../network/ports/vip_v6.yaml

  # Port assignments by role, edit role definition to assign networks to roles.
{%- for role in roles %}
{#-     Convert net map or net list to internal list of networks #}
{#-     NOTE(hjensas): For backward compatibility support role data with both #}
{#-                    networks map (new schema) and network list (old schema). #}
{%-     set _role_networks = [] %}
{%-     if role.networks is mapping %}
{%-         for key,val in role.networks.items() %}
{%-             set _role_networks = _role_networks.append(key) %}
{%-         endfor %}
{%-     else %}
{%-         set _role_networks = role.networks %}
{%-     endif %}
  # Port assignments for the {{role.name}}
{%-     for network in networks %}
{%-         if network.name in _role_networks and network.enabled|default(true) and network.name != 'Tenant' %}
  OS::TripleO::{{role.name}}::Ports::{{network.name}}Port: ../network/ports/{{network.name_lower|default(network.name.lower())}}_v6.yaml
{%-         elif network.name in _role_networks and network.enabled|default(true) and network.name == 'Tenant' %}
  # IPv4 until OVS and Neutron support IPv6 tunnel endpoints
  OS::TripleO::{{role.name}}::Ports::{{network.name}}Port: ../network/ports/{{network.name_lower|default(network.name.lower())}}.yaml
{%-         endif %}
{%-     endfor %}
{%- endfor %}


parameter_defaults:
  # Enable IPv6 for Ceph.
  CephIPv6: True
  # Enable IPv6 for Corosync. This is required when Corosync is using an IPv6 IP in the cluster.
  CorosyncIPv6: True
  # Enable various IPv6 features in Nova.
  NovaIPv6: True
  # Enable IPv6 environment for RabbitMQ.
  RabbitIPv6: True
  # Enable IPv6 environment for Memcached.
  MemcachedIPv6: True
  # Enable IPv6 environment for MySQL.
  MysqlIPv6: True
  # Enable IPv6 environment for Manila
  ManilaIPv6: True
  # Enable IPv6 environment for Redis.
  RedisIPv6: True
  # Enable IPv6 environment for OpenDaylight
  OpenDaylightEnableIPv6Deployment: True
Render NIC config templates with jinja2 This change converts the existing NIC templates to jinja2 in order to dynamically render the ports and networks according to the network_data.yaml. If networks are added to the network_data.yaml file, parameters will be added to all NIC templates. The YAML files (as output from jinja with the default network_data.yaml) are present as an example. The roles in roles_data.yaml are used to produce NIC configs for the standard and custom composable roles. In order to keep the ordering of NICs the same in the multiple-nics templates, the order of networks was changed in the network_data.yaml file. This is reflected in the network templates, and in some of the files that is the only change. The roles and roles_data.yaml were modified to include a legacy name for the NIC config templates for the built-in roles Controller, Compute, Object Storage, Block Storage, Ceph Storage, Compute-DPDK, and Networker roles. There will now be a file produced with the legacy name, but also one produced with the <role>-role.j2.yaml format (along with environment files to help use the new filenames). Note this change also fixes some typos as well as a number of templates that had VLANs with device: entries which were ignored. Closes-Bug: 1737041 Depends-On: I49c0245c36de3103671080fd1c8cfb3432856f35 Change-Id: I3bdb7d00dab5a023dd8b9c94c0f89f84357ae7a4 2017-11-28 17:00:59 -08:00			`# NOTE: This template is now deprecated, and is only included for compatibility`
			`# when upgrading a deployment where this template was originally used. For new`
			`# deployments, set "ipv6: true" on desired networks in network_data.yaml, and`
			`# include network-isolation.yaml.`
			`#`
Make network-isolation-v6 environment rendered for all roles In change If3989f24f077738845d2edbee405bd9198e7b7db we moved to jinja2 templating to render the networks. This change aims at doing so for the IPv6 network isolation environment. Change-Id: Ieebcff3db3f5756a5d23080ea3d09ce78de69e21 2017-06-15 10:22:21 +02:00			`# Enable the creation of Neutron networks for isolated Overcloud`
			`# traffic and configure each role to assign ports (related`
			`# to that role) on these networks.`
			`resource_registry:`
			`# networks as defined in network_data.yaml`
			`{%- for network in networks if network.enabled\|default(true) %}`
			`{%- if network.name != 'Tenant' %}`
			`OS::TripleO::Network::{{network.name}}: ../network/{{network.name_lower\|default(network.name.lower())}}_v6.yaml`
			`{%- else %}`
			`# IPv4 until OVS and Neutron support IPv6 tunnel endpoints`
			`OS::TripleO::Network::{{network.name}}: ../network/{{network.name_lower\|default(network.name.lower())}}.yaml`
			`{%- endif %}`
			`{%- endfor %}`

			`# Port assignments for the VIPs`
			`{%- for network in networks if network.vip and network.enabled\|default(true) %}`
			`OS::TripleO::Network::Ports::{{network.name}}VipPort: ../network/ports/{{network.name_lower\|default(network.name.lower())}}_v6.yaml`
			`{%- endfor %}`

			`OS::TripleO::Network::Ports::RedisVipPort: ../network/ports/vip_v6.yaml`

Remove extra noop.yaml ports from network-isolation files. The environments/network-isolation[-v6].yaml files have an unneeded reference to network/ports/noop.yaml for unused networks. This introduces a regression where environment files that define the networks and ports on a per-role basis can cancel out other environment files. See bug # 1717322. The overcloud-resource-registry.j2.yaml already uses noop.yaml for every network on every role (whether or not the networks are enabled, or whether the particular network is supposed to be on a role. So having noop.yaml specified for every role in network-isolation[-v6].yaml is not needed and can cause issues with upgrades if the environments are not included in a specific order. Change-Id: If06407e5235587af090ede44674bf9c7e08e340e Closes-bug: 1717322 2017-09-14 13:26:53 -06:00			`# Port assignments by role, edit role definition to assign networks to roles.`
Make network-isolation-v6 environment rendered for all roles In change If3989f24f077738845d2edbee405bd9198e7b7db we moved to jinja2 templating to render the networks. This change aims at doing so for the IPv6 network isolation environment. Change-Id: Ieebcff3db3f5756a5d23080ea3d09ce78de69e21 2017-06-15 10:22:21 +02:00			`{%- for role in roles %}`
L3 routed networks - subnet fixed_ips (3/3) When using neutron routed networks we need to specify either the subnet or a ip address in the fixed-ips-request when creating neutron ports. a) For the Vip's: Adds VipSubnetMap and VipSubnetMapDefaults parameters in service_net_map.yaml. The two maps are merged, so that the operator can override the subnet where VIP port should be hosted. For example: parameter_defaults: VipSubnetMap: ctlplane: ctlplane-leaf1 InternalApi: internal_api_leaf1 Storage: storage_leaf1 redis: internal_api_leaf1 b) For overcloud node ports: Enrich 'networks' in roles defenition to include both network and subnet data. Changes the list to a map instead of a list of strings. New schema: - name: <role_name> networks: <network_name> subnet: <subnet_name> For backward compatibility a conditional is used to check if the data is a map or not. In either case the internal list of role networks is created as '_role_networks' in the jinja2 templates. When the data is a map, and the map contains the 'subnet' key the subnet specified in roles_data.yaml is used as the subnet in the fixed-ips-reqest when ports are created. If subnet is not set (or role.networks is not a map) the default will be {{network.name_lower}}_subnet. Also, since the fixed_ips request passed to Vip ports are no longer [] by default, the conditinal has been updated to test for 'ip_address' entries in the request. Partial: blueprint tripleo-routed-networks-templates Depends-On: I773a38fd903fe287132151a4d178326a46890969 Change-Id: I77edc82723d00bfece6752b5dd2c79137db93443 2018-07-12 18:27:08 +02:00			`{#- Convert net map or net list to internal list of networks #}`
			`{#- NOTE(hjensas): For backward compatibility support role data with both #}`
			`{#- networks map (new schema) and network list (old schema). #}`
			`{%- set _role_networks = [] %}`
			`{%- if role.networks is mapping %}`
			`{%- for key,val in role.networks.items() %}`
			`{%- set _role_networks = _role_networks.append(key) %}`
			`{%- endfor %}`
			`{%- else %}`
			`{%- set _role_networks = role.networks %}`
			`{%- endif %}`
Make network-isolation-v6 environment rendered for all roles In change If3989f24f077738845d2edbee405bd9198e7b7db we moved to jinja2 templating to render the networks. This change aims at doing so for the IPv6 network isolation environment. Change-Id: Ieebcff3db3f5756a5d23080ea3d09ce78de69e21 2017-06-15 10:22:21 +02:00			`# Port assignments for the {{role.name}}`
L3 routed networks - subnet fixed_ips (3/3) When using neutron routed networks we need to specify either the subnet or a ip address in the fixed-ips-request when creating neutron ports. a) For the Vip's: Adds VipSubnetMap and VipSubnetMapDefaults parameters in service_net_map.yaml. The two maps are merged, so that the operator can override the subnet where VIP port should be hosted. For example: parameter_defaults: VipSubnetMap: ctlplane: ctlplane-leaf1 InternalApi: internal_api_leaf1 Storage: storage_leaf1 redis: internal_api_leaf1 b) For overcloud node ports: Enrich 'networks' in roles defenition to include both network and subnet data. Changes the list to a map instead of a list of strings. New schema: - name: <role_name> networks: <network_name> subnet: <subnet_name> For backward compatibility a conditional is used to check if the data is a map or not. In either case the internal list of role networks is created as '_role_networks' in the jinja2 templates. When the data is a map, and the map contains the 'subnet' key the subnet specified in roles_data.yaml is used as the subnet in the fixed-ips-reqest when ports are created. If subnet is not set (or role.networks is not a map) the default will be {{network.name_lower}}_subnet. Also, since the fixed_ips request passed to Vip ports are no longer [] by default, the conditinal has been updated to test for 'ip_address' entries in the request. Partial: blueprint tripleo-routed-networks-templates Depends-On: I773a38fd903fe287132151a4d178326a46890969 Change-Id: I77edc82723d00bfece6752b5dd2c79137db93443 2018-07-12 18:27:08 +02:00			`{%- for network in networks %}`
			`{%- if network.name in _role_networks and network.enabled\|default(true) and network.name != 'Tenant' %}`
Make network-isolation-v6 environment rendered for all roles In change If3989f24f077738845d2edbee405bd9198e7b7db we moved to jinja2 templating to render the networks. This change aims at doing so for the IPv6 network isolation environment. Change-Id: Ieebcff3db3f5756a5d23080ea3d09ce78de69e21 2017-06-15 10:22:21 +02:00			`OS::TripleO::{{role.name}}::Ports::{{network.name}}Port: ../network/ports/{{network.name_lower\|default(network.name.lower())}}_v6.yaml`
L3 routed networks - subnet fixed_ips (3/3) When using neutron routed networks we need to specify either the subnet or a ip address in the fixed-ips-request when creating neutron ports. a) For the Vip's: Adds VipSubnetMap and VipSubnetMapDefaults parameters in service_net_map.yaml. The two maps are merged, so that the operator can override the subnet where VIP port should be hosted. For example: parameter_defaults: VipSubnetMap: ctlplane: ctlplane-leaf1 InternalApi: internal_api_leaf1 Storage: storage_leaf1 redis: internal_api_leaf1 b) For overcloud node ports: Enrich 'networks' in roles defenition to include both network and subnet data. Changes the list to a map instead of a list of strings. New schema: - name: <role_name> networks: <network_name> subnet: <subnet_name> For backward compatibility a conditional is used to check if the data is a map or not. In either case the internal list of role networks is created as '_role_networks' in the jinja2 templates. When the data is a map, and the map contains the 'subnet' key the subnet specified in roles_data.yaml is used as the subnet in the fixed-ips-reqest when ports are created. If subnet is not set (or role.networks is not a map) the default will be {{network.name_lower}}_subnet. Also, since the fixed_ips request passed to Vip ports are no longer [] by default, the conditinal has been updated to test for 'ip_address' entries in the request. Partial: blueprint tripleo-routed-networks-templates Depends-On: I773a38fd903fe287132151a4d178326a46890969 Change-Id: I77edc82723d00bfece6752b5dd2c79137db93443 2018-07-12 18:27:08 +02:00			`{%- elif network.name in _role_networks and network.enabled\|default(true) and network.name == 'Tenant' %}`
			`# IPv4 until OVS and Neutron support IPv6 tunnel endpoints`
Make network-isolation-v6 environment rendered for all roles In change If3989f24f077738845d2edbee405bd9198e7b7db we moved to jinja2 templating to render the networks. This change aims at doing so for the IPv6 network isolation environment. Change-Id: Ieebcff3db3f5756a5d23080ea3d09ce78de69e21 2017-06-15 10:22:21 +02:00			`OS::TripleO::{{role.name}}::Ports::{{network.name}}Port: ../network/ports/{{network.name_lower\|default(network.name.lower())}}.yaml`
L3 routed networks - subnet fixed_ips (3/3) When using neutron routed networks we need to specify either the subnet or a ip address in the fixed-ips-request when creating neutron ports. a) For the Vip's: Adds VipSubnetMap and VipSubnetMapDefaults parameters in service_net_map.yaml. The two maps are merged, so that the operator can override the subnet where VIP port should be hosted. For example: parameter_defaults: VipSubnetMap: ctlplane: ctlplane-leaf1 InternalApi: internal_api_leaf1 Storage: storage_leaf1 redis: internal_api_leaf1 b) For overcloud node ports: Enrich 'networks' in roles defenition to include both network and subnet data. Changes the list to a map instead of a list of strings. New schema: - name: <role_name> networks: <network_name> subnet: <subnet_name> For backward compatibility a conditional is used to check if the data is a map or not. In either case the internal list of role networks is created as '_role_networks' in the jinja2 templates. When the data is a map, and the map contains the 'subnet' key the subnet specified in roles_data.yaml is used as the subnet in the fixed-ips-reqest when ports are created. If subnet is not set (or role.networks is not a map) the default will be {{network.name_lower}}_subnet. Also, since the fixed_ips request passed to Vip ports are no longer [] by default, the conditinal has been updated to test for 'ip_address' entries in the request. Partial: blueprint tripleo-routed-networks-templates Depends-On: I773a38fd903fe287132151a4d178326a46890969 Change-Id: I77edc82723d00bfece6752b5dd2c79137db93443 2018-07-12 18:27:08 +02:00			`{%- endif %}`
			`{%- endfor %}`
			`{%- endfor %}`
Make network-isolation-v6 environment rendered for all roles In change If3989f24f077738845d2edbee405bd9198e7b7db we moved to jinja2 templating to render the networks. This change aims at doing so for the IPv6 network isolation environment. Change-Id: Ieebcff3db3f5756a5d23080ea3d09ce78de69e21 2017-06-15 10:22:21 +02:00

			`parameter_defaults:`
			`# Enable IPv6 for Ceph.`
			`CephIPv6: True`
			`# Enable IPv6 for Corosync. This is required when Corosync is using an IPv6 IP in the cluster.`
			`CorosyncIPv6: True`
			`# Enable various IPv6 features in Nova.`
			`NovaIPv6: True`
			`# Enable IPv6 environment for RabbitMQ.`
			`RabbitIPv6: True`
			`# Enable IPv6 environment for Memcached.`
			`MemcachedIPv6: True`
mysql: expose IPv6 configuration to mysql puppet modules When deploying on IPv6 networks, set a hiera key that can be consumed by puppet modules to configure MySQL or Galera appropriately. Currently, this is required for configuring SST encryption in Galera when Internal TLS is enabled [1]. [1] I1d6ee8febb596b3ab9dcde3a85a028ee99b2798c Change-Id: Ia857350ac451fc1bda6659d85019962d3a9d5617 Partial-Bug: #1719885 2017-09-29 22:32:07 +02:00			`# Enable IPv6 environment for MySQL.`
			`MysqlIPv6: True`
Manila network plugin address family support Set NetworkPluginIpv6Enabled if IPv6 networks have been enabled. Currently this parameter and NetworkPluginIPv4Enabled are mutually exclusive so set the latter false as well. Default is IPv4 with NetworkPluginIPv4Enabled. Depends-On: Ic7e5b5351e429755ba48613ab89d1b7e7d6e2d34 Change-Id: Ia895d7190f0fb8e97c87b3178461d9fc26393b9b 2017-12-18 19:47:29 -05:00			`# Enable IPv6 environment for Manila`
			`ManilaIPv6: True`
Fix Redis TLS setup and its HA deployment This patch reverts the revert of Redis TLS [1,2], and update the pacemaker redis template to configure Redis to encrypt the replication traffic between Redis nodes. [1] a3769c03175cb36f0066c173477749a26f767566 [2] ebc8414cd0c18426ff80d9d65c964e91a7fe447f Depends-On: I6cc818973fab25b4cd6f7a0d040aaa05a35c5bb1 Change-Id: I7f7be4bba6d41c04385f074857c82507cc8c2617 Closes-Bug: #1737707 2017-12-13 13:44:09 +00:00			`# Enable IPv6 environment for Redis.`
			`RedisIPv6: True`
Add config option for ODL IPv6 deployment Add a flag to specify which IP version to deploy ODL on via Puppet-ODL. Change-Id: Idd257cf4666b853eb4c52861f9f400b6dbdeeadb Closes-Bug: #1783196 2018-07-24 01:08:12 +05:30			`# Enable IPv6 environment for OpenDaylight`
			`OpenDaylightEnableIPv6Deployment: True`