From 603224d34772cb79d5d3f04fca50805c29f76d35 Mon Sep 17 00:00:00 2001 From: Asma Syed Hameed Date: Tue, 12 Jan 2021 13:50:17 +0530 Subject: [PATCH] Add support for ipv6 deployment --- README.md | 8 +++ ci/all_osp13.yml | 6 ++ composable_prepare_nic_configs.yml | 10 ++- external.yml | 45 +++++++++---- group_vars/all.yml | 4 ++ overcloud.yml | 2 +- prepare_nic_configs.yml | 8 +++ templates/network-environment-v6.yaml.j2 | 83 ++++++++++++++++++++++++ 8 files changed, 150 insertions(+), 16 deletions(-) create mode 100644 templates/network-environment-v6.yaml.j2 diff --git a/README.md b/README.md index a65b46fa..7d4b6181 100644 --- a/README.md +++ b/README.md @@ -163,3 +163,11 @@ Requirements Example: controller_count = 3, then it will consider the first node in instackenv.json as undercloud and the next three nodes as controllers 2) set composable_roles: true true in group_vars/all.yml + +## IPV6 based deployment +Requirements: Set the below params in group_vars/all.yml +#Enable ipv6 deployment +network_protocol: ipv6 +ipv6_external_gateway: '2620:52:0:13b8::fe/64' +ipv6_external_network_vlan_id: 10 + diff --git a/ci/all_osp13.yml b/ci/all_osp13.yml index 1f130426..0c269bce 100644 --- a/ci/all_osp13.yml +++ b/ci/all_osp13.yml @@ -172,3 +172,9 @@ composable_roles: false #controller_machine_type: "1029p" new_nodes_instack: "{{ playbook_dir }}/newnodes.json" + +#Enable ipv6 deployment +network_protocol: ipv4 +##ipv6_external_gateway: '2620:52:0:13b8::fe/64' +##ipv6_external_network_vlan_id: 10 +# diff --git a/composable_prepare_nic_configs.yml b/composable_prepare_nic_configs.yml index a67973be..454d0f43 100644 --- a/composable_prepare_nic_configs.yml +++ b/composable_prepare_nic_configs.yml @@ -116,13 +116,19 @@ - name: set nic-config path set_fact: nic_config_path: "{{ ansible_user_dir }}/virt/network/vlans{{ ((osp_release|int > 10) | ternary('', '/legacy')) }}" - - - name: prepare network-environment.yaml.j2 template: src: "network-environment.yaml.j2" dest: "{{ ansible_user_dir }}/virt/network/network-environment.yaml.j2" force: yes + when: network_protocol == "ipv4" + + - name: prepare network-environment-v6.yaml.j2 + template: + src: "network-environment-v6.yaml.j2" + dest: "{{ ansible_user_dir }}/virt/network/network-environment-v6.yaml.j2" + force: yes + when: network_protocol == "ipv6" - name: set fact controller machine type set_fact: diff --git a/external.yml b/external.yml index 86e4c822..cac4c714 100644 --- a/external.yml +++ b/external.yml @@ -49,40 +49,59 @@ # public_external_interface i.e 4th interface - name: disable rp_filter shell: | - for f in $(find /proc/sys/net/ipv4 -name rp_filter) ; do echo 0 > $f ; done + for f in $(find /proc/sys/net/ipv4 -name rp_filter) ; do echo 0 > $f ; done become: true ignore_errors: true when: public_external_interface is defined - - name: create vlan interface on external interface + - name: create vlan interface on external interface (ipv4) vars: vlan_interface: "{{ ext_iface }}.{{ external_network_vlan_id }}" shell: | - ip link add link {{ ext_iface }} name {{ vlan_interface }} type vlan id {{ external_network_vlan_id }} - ip link set dev {{ ext_iface }} up - ip link set dev {{ vlan_interface }} up - ip a a {{ external_gateway }} dev {{ vlan_interface }} + ip link add link {{ ext_iface }} name {{ vlan_interface }} type vlan id {{ external_network_vlan_id }} + ip link set dev {{ ext_iface }} up + ip link set dev {{ vlan_interface }} up + ip a a {{ external_gateway }} dev {{ vlan_interface }} become: true ignore_errors: true - when: external_network_vlan_id is defined + when: external_network_vlan_id is defined and network_protocol == "ipv4" - name: add ip on when external interface is real public interface shell: | - ip a a {{ external_gateway }} dev {{ ext_iface }} + ip a a {{ external_gateway }} dev {{ ext_iface }} become: true ignore_errors: true - when: external_network_vlan_id is not defined + when: external_network_vlan_id is not defined and network_protocol == "ipv4" + + - name: create vlan interface on external interface (ipv6) + vars: + vlan_interface: "{{ ext_iface }}.{{ ipv6_external_network_vlan_id }}" + shell: | + ip link add link {{ ext_iface }} name {{ vlan_interface }} type vlan id {{ ipv6_external_network_vlan_id }} + ip link set dev {{ ext_iface }} up + ip link set dev {{ vlan_interface }} up + ip a a {{ ipv6_external_gateway }} dev {{ vlan_interface }} + become: true + ignore_errors: true + when: ipv6_external_network_vlan_id is defined and network_protocol == "ipv6" + + - name: iptables rule to allow icmp + shell: | + iptables --ipv6 -I INPUT -p icmp -j ACCEPT + become: true + ignore_errors: true + when: network_protocol == "ipv6" - name: get default route shell: | - ip r | grep default | cut -d ' ' -f5 + ip r | grep default | cut -d ' ' -f5 register: default_route become: true - when: external_network_vlan_id is defined + when: external_network_vlan_id is defined or ipv6_external_network_vlan_id is defined - name: masquerade on public interface shell: | - iptables -t nat -A POSTROUTING -o {{ default_route.stdout }} -j MASQUERADE + iptables -t nat -A POSTROUTING -o {{ default_route.stdout }} -j MASQUERADE become: true - when: external_network_vlan_id is defined + when: external_network_vlan_id is defined or ipv6_external_network_vlan_id is defined diff --git a/group_vars/all.yml b/group_vars/all.yml index 8e74ad78..c2940836 100644 --- a/group_vars/all.yml +++ b/group_vars/all.yml @@ -211,3 +211,7 @@ composable_roles: false # controller_ifaces: [] #controller_machine_type: "1029p" +#Enable ipv6 deployment +network_protocol: ipv4 +#ipv6_external_gateway: '2620:52:0:13b8::fe/64' +#ipv6_external_network_vlan_id: 10 diff --git a/overcloud.yml b/overcloud.yml index 8e0f9643..8fca8ab9 100644 --- a/overcloud.yml +++ b/overcloud.yml @@ -234,6 +234,6 @@ - name: run tripleo-overcloud deploy shell: | source .venv/bin/activate - infrared tripleo-overcloud -vvv --version {{ osp_release }} --deployment-timeout {{ deployment_timeout | default(240) }} --build {{ osp_puddle }} --deployment-files {{ nic_configs }} --introspect no --tagging no --deploy yes --controller-nodes {{ controller_count }} --compute-nodes {{ compute_count }} {{ oc_extra_templates | default('') }} --network-protocol ipv4 --network-backend {{ network_backend }} {{ network_type }} true --public-network false {{ oc_heat_configs | default('') }} {{ oc_config_resource | default('') }} > {{ log_directory }}/overcloud_deploy.log 2>&1 + infrared tripleo-overcloud -vvv --version {{ osp_release }} --deployment-timeout {{ deployment_timeout | default(240) }} --build {{ osp_puddle }} --deployment-files {{ nic_configs }} --introspect no --tagging no --deploy yes --controller-nodes {{ controller_count }} --compute-nodes {{ compute_count }} {{ oc_extra_templates | default('') }} --network-protocol {{ network_protocol | default('ipv4') }} --network-backend {{ network_backend }} {{ network_type }} true --public-network false {{ oc_heat_configs | default('') }} {{ oc_config_resource | default('') }} > {{ log_directory }}/overcloud_deploy.log 2>&1 args: chdir: "{{ infrared_dir }}" diff --git a/prepare_nic_configs.yml b/prepare_nic_configs.yml index 0cd9a89d..ade98a22 100644 --- a/prepare_nic_configs.yml +++ b/prepare_nic_configs.yml @@ -93,6 +93,14 @@ src: "network-environment.yaml.j2" dest: "{{ ansible_user_dir }}/virt/network/network-environment.yaml.j2" force: yes + when: network_protocol == "ipv4" + + - name: prepare network-environment-v6.yaml.j2 + template: + src: "network-environment-v6.yaml.j2" + dest: "{{ ansible_user_dir }}/virt/network/network-environment-v6.yaml.j2" + force: yes + when: network_protocol == "ipv6" - name: prepare controller.yaml.j2 template: diff --git a/templates/network-environment-v6.yaml.j2 b/templates/network-environment-v6.yaml.j2 new file mode 100644 index 00000000..73269a9b --- /dev/null +++ b/templates/network-environment-v6.yaml.j2 @@ -0,0 +1,83 @@ +--- +# This template configures each role to use Vlans on a single nic for +# each isolated network, but uses multiple nic's on each node: +# +# nic1 = pxe/management/ctlplane +# nic2 = VLAN trunk for network isolation +# nic3 = public/external access +# +# This template assumes use of network-isolation.yaml. +# +# FIXME: if/when we add functionality to heatclient to include heat +# environment files we should think about using it here to automatically +# include network-isolation.yaml. +resource_registry: +{% if composable_roles == true %} +{% for machine_type in machine_types %} + OS::TripleO::Compute{{ machine_type }}::Net::SoftwareConfig: vlans/{%raw%}{{ nics_subfolder }}{%endraw%}/compute_{{ machine_type }}.yaml +{% endfor %} +{% else %} + OS::TripleO::Compute::Net::SoftwareConfig: vlans/{%raw%}{{ nics_subfolder }}{%endraw%}/compute.yaml +{% endif %} + OS::TripleO::Controller::Net::SoftwareConfig: vlans/{%raw%}{{ nics_subfolder }}{%endraw%}/controller.yaml + +parameter_defaults: +{%raw%}{% if not use_network_data|bool %} + + ExternalNetCidr: '2620:52:0:13b8::/64' + ExternalAllocationPools: [{'start': '2620:52:0:13b8:5054:ff:fe3e:1', 'end': '2620:52:0:13b8:5054:ff:fe3e:aa'}] + ExternalInterfaceDefaultRoute: 2620:52:0:13b8::fe + ExternalNetworkVlanID: 10 + InternalApiNetCidr: 'fd00:fd00:fd00:2000::/64' + InternalApiAllocationPools: [{'start': 'fd00:fd00:fd00:2000::10', 'end': 'fd00:fd00:fd00:2000:aaaa:aaaa:ffff:fffe'}] + StorageNetCidr: 'fd00:fd00:fd00:3000::/64' + StorageAllocationPools: [{'start': 'fd00:fd00:fd00:3000::10', 'end': 'fd00:fd00:fd00:3000:aaaa:aaaa:ffff:fffe'}] + StorageMgmtNetCidr: 'fd00:fd00:fd00:4000::/64' + StorageMgmtAllocationPools: [{'start': 'fd00:fd00:fd00:4000::10', 'end': 'fd00:fd00:fd00:4000:aaaa:aaaa:ffff:fffe'}] + TenantNetCidr: '172.17.2.0/24' + TenantAllocationPools: [{'start': '172.17.2.10', 'end': '172.17.2.149'}] + TenantNetworkVlanID: 50 +{% else %}{%endraw%} +# when using only network data, we use network-isolation (not +# network-isolation-v6) as per recommendation. But then those +# parameters are missing. Set it there. + # Enable IPv6 for Ceph. + CephIPv6: True + # Enable IPv6 for Corosync. This is required when Corosync is using an IPv6 IP in the cluster. + CorosyncIPv6: True + # Enable various IPv6 features in Nova. + NovaIPv6: True + # Enable IPv6 environment for RabbitMQ. + RabbitIPv6: True + # Enable IPv6 environment for Memcached. + MemcachedIPv6: True + # Enable IPv6 environment for MySQL. + MysqlIPv6: True + # Enable IPv6 environment for Manila + ManilaIPv6: True + # Enable IPv6 environment for Redis. + RedisIPv6: True +{%raw%}{% endif %}{%endraw%} + +# DnsServers: ["2620:52:0:13b8::fe"] + DnsServers: ["10.0.0.1"] + EC2MetadataIp: 192.168.24.1 +{%raw%}{% if install.splitstack|default(False) %} + + ControlPlaneDefaultRoute: {{ ansible_host|default(ansible_ssh_host) }} +{% else %}{%endraw%} + + ControlPlaneDefaultRoute: 192.168.24.1 +{%raw%}{% endif %}{%endraw%} + +{%raw%}{% if install.version|default(undercloud_version) | openstack_release == 14 %}{%endraw%} + ControlPlaneSubnetCidr: "24" +{%raw%}{% endif %}{%endraw%} + +{%raw%}{% if install.network.dvr %} + NeutronExternalNetworkBridge: "br-ex" +{% else %}{%endraw%} + NeutronExternalNetworkBridge: "" +{%raw%}{% endif %}{%endraw%} + NeutronBridgeMappings: "datacentre:br-ex,tenant:br-isolated" + NeutronNetworkVLANRanges: "tenant:1000:2000"