templates for dualstack (ipv4/ipv6) control plane

scripts/jenkins/ardana/ansible/roles/input_model_generator/templates/input_model/cloudConfig.yml

@@ -1,5 +1,5 @@
 #
-# (c) Copyright 2018 SUSE LLC
+# (c) Copyright 2018-2019 SUSE LLC
 #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may
 # not use this file except in compliance with the License. You may obtain
@@ -32,7 +32,7 @@
 {% endfor %}
 
     firewall-settings:
-        enable: true
+        enable: {{ firewall_enabled|default('true') }}
         # log dropped packets
         logging: true
 

scripts/jenkins/ardana/ansible/roles/input_model_generator/templates/input_model/data/network_groups.yml

@@ -1,5 +1,5 @@
 #
-# (c) Copyright 2018 SUSE LLC
+# (c) Copyright 2018-2019 SUSE LLC
 #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may
 # not use this file except in compliance with the License. You may obtain
@@ -24,7 +24,19 @@
 
     - name: {{ network_group.name|upper }}
       hostname-suffix: {{ network_group['hostname_suffix'] }}
-{%   if 'MANAGEMENT' in network_group['component_endpoints'] %}
+{%   if ('MANAGEMENT' and 'IPV4')  in network_group['component_endpoints'] %}
+
+      tls-component-endpoints:
+      # The following service endpoints are behind TLS in ipv4
+      - mysql
+      - rabbitmq
+{%   elif ('MANAGEMENT' and 'IPV6') in network_group['component_endpoints'] %}
+      # We use the IPV6-MANAGEMENT network to derive server hostnames
+      hostname: true
+      tls-component-endpoints:
+        # The following service endpoints are behind TLS
+        - barbican-api
+{%   elif 'MANAGEMENT' in network_group['component_endpoints'] %}
       # We use the MANAGEMENT network to derive server hostnames
       hostname: true
       tls-component-endpoints:
@@ -34,7 +46,8 @@
         - rabbitmq
 {%   endif %}
       component-endpoints:
-{%   if 'MANAGEMENT' in network_group['component_endpoints'] %}
+{%   if ('MANAGEMENT'  in network_group['component_endpoints'] 
+          and 'IPV4' not in network_group['component_endpoints']) %}
 
         #
         # Management
@@ -75,7 +88,8 @@
 {%   endif %}
 
 {%   set ns.routes=network_group.routes|default([]) %}
-{%   if 'MANAGEMENT' in network_group.component_endpoints %}
+{%   if ('MANAGEMENT' in network_group.component_endpoints
+          and 'IPV4' not in network_group['component_endpoints']) %}
 {%     if bm_info is defined %}
 {%       set _ = ns.routes.append('OCTAVIA-MGMT-NET') %}
 {%       set _ = ns.routes.append('ILO') %}
@@ -105,17 +119,26 @@
         #
 
         - provider: ip-cluster
+{%     if ('MANAGEMENT' and 'IPV4')  in network_group['component_endpoints'] %}
+          name: internal-lb-ipv4
+          tls-components:
+            - mysql
+            - rabbitmq
+          cert-file: ardana-internal-ipv4-cert
+{%     else %}
           name: internal-lb
           tls-components:
             - default
           components:
           # These services do not currently support TLS
             - nova-metadata
+          cert-file: ardana-internal-cert
+{%     endif %}
           roles:
             - internal
             - admin
-          cert-file: ardana-internal-cert
-          # The ardana-internal-cert is a reserved name and
+
+          # The ardana-internal-cert-x file is a reserved name and
           # this certificate will be autogenerated. Customer
           # can bring in their own cert with a different name
           # and follow the process described for the external

scripts/jenkins/ardana/ansible/roles/input_model_generator/vars/dualstack.yml

@@ -0,0 +1,39 @@
+#
+# (c) Copyright 2019 SUSE LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+---
+
+# Scenario parameters and default values
+controllers: 3
+sles_computes: 1
+rhel_computes: 0
+swobj_devices: 0
+
+scenario:
+  name: dualstack
+  cloud_name: dualstack
+  description: >
+    Dual stack scenario with rabbitmq and mysql on ipv4 and all other services on ipv6.
+    {{ clm_model }} CLM node, {{ controllers }} controller nodes,
+    {{ sles_computes }} SLES compute nodes and {{ rhel_computes }} RHEL compute nodes.
+  audit_enabled: False
+  use_cinder_volume_disk: False
+  use_glance_cache_disk: False
+  availability_zones: "{{ availability_zones }}"
+
+  service_template: dualstack
+  network_template: dualstack
+  disk_template: compact
+  interface_template: dualstack

scripts/jenkins/ardana/ansible/roles/input_model_generator/vars/templates/interface/dualstack.yml

@@ -0,0 +1,75 @@
+#
+# (c) Copyright 2019 SUSE LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+---
+
+interface_models:
+  - name: CLM
+    service_groups:
+      - clm
+    network_interfaces:
+      - network_groups:
+          - MANAGEMENT
+      - network_groups:
+          - IPV4-MANAGEMENT
+      - forced_network_groups:
+          - EXTERNAL-API
+
+  - name: CONTROLLER
+    service_groups:
+      - controller
+      - core
+      - lmm
+      - dbmq
+      - neutron
+      - swpac
+      - swobj
+    network_interfaces:
+      - network_groups:
+          - IPV4-MANAGEMENT
+      - bond:
+          mode: "active-backup"
+          num_interfaces: 2
+        network_groups:
+          - MANAGEMENT
+      - network_groups:
+          - EXTERNAL-API
+          - EXTERNAL-VM
+      - network_groups:
+          - GUEST
+      - network_groups:
+          - SWIFT
+      - forced_network_groups:
+          - STORAGE
+      - network_groups:
+          - TENANT-VLAN
+
+  - name: COMPUTE
+    service_groups:
+      - sles-compute
+      - rhel-compute
+    network_interfaces:
+      - network_groups:
+          - MANAGEMENT
+      - network_groups:
+          - IPV4-MANAGEMENT
+      - network_groups:
+          - EXTERNAL-VM
+      - network_groups:
+          - GUEST
+      - forced_network_groups:
+          - STORAGE
+      - network_groups:
+          - TENANT-VLAN

scripts/jenkins/ardana/ansible/roles/input_model_generator/vars/templates/network/dualstack.yml

@@ -0,0 +1,72 @@
+#
+# (c) Copyright 2019 SUSE LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+---
+
+network_groups:
+  - name: IPV4-MANAGEMENT
+    hostname_suffix: ipv4-mgmt
+    tagged_vlan: false
+    component_endpoints:
+      - IPV4
+      - CLM
+      - MANAGEMENT
+      - INTERNAL-API
+    routes:
+      - default
+
+  - name: MANAGEMENT
+    hostname_suffix: ipv6-mgmt
+    tagged_vlan: false
+    component_endpoints:
+      - IPV6
+      - MANAGEMENT
+      - INTERNAL-API
+      - NEUTRON-VLAN
+
+  - name: EXTERNAL-API
+    hostname_suffix: extapi
+    tagged_vlan: true
+    component_endpoints:
+      - EXTERNAL-API
+
+  - name: EXTERNAL-VM
+    hostname_suffix: extvm
+    tagged_vlan: false
+    component_endpoints:
+      - NEUTRON-EXT
+
+  - name: TENANT-VLAN
+    hostname_suffix: tvlan
+    tagged_vlan: false
+    component_endpoints:
+      - NEUTRON-VLAN
+
+  - name: GUEST
+    hostname_suffix: guest
+    tagged_vlan: true
+    component_endpoints:
+      - NEUTRON-VXLAN
+
+  - name: SWIFT
+    hostname_suffix: swift
+    tagged_vlan: true
+    component_endpoints:
+      - SWIFT
+
+  - name: STORAGE
+    hostname_suffix: storage
+    tagged_vlan: true
+    component_endpoints: []

scripts/jenkins/ardana/ansible/roles/input_model_generator/vars/templates/service/dualstack.yml

@@ -0,0 +1,64 @@
+#
+# (c) Copyright 2019 SUSE LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+#
+# Standard scenario service template with standalone CLM node: all services enabled
+# and variable number of controller, SLES compute and RHEL compute nodes.
+#
+# Template parameters:
+#   controllers: number of controller nodes (default: 3)
+#   sles_computes: number of SLES compute nodes (default: 1)
+#   rhel_computes: number of RHEL compute nodes (default: 1)
+#
+---
+
+service_groups:
+  - name: clm
+    type: cluster
+    prefix: c0
+    heat_flavor_id: "{{ vcloud_flavor_name_prefix }}-compute"
+    member_count: '{{ (clm_model == "standalone") | ternary(1, 0) }}'
+    service_components:
+      - CLM
+  - name: controller
+    type: cluster
+    prefix: c1
+    heat_flavor_id: "{{ vcloud_flavor_name_prefix }}-controller"
+    member_count: '{{ controllers|default(3) }}'
+    service_components:
+      - '{{ (clm_model == "integrated") | ternary("CLM", '') }}'
+      - CORE
+      - LMM
+      - DBMQ
+      - SWPAC
+      - NEUTRON
+      - SWOBJ
+  - name: sles-compute
+    type: resource
+    prefix: sles-comp
+    heat_flavor_id: "{{ vcloud_flavor_name_prefix }}-compute"
+    member_count: '{{ sles_computes|default(1) }}'
+    min_count: 0
+    service_components:
+      - COMPUTE
+  - name: rhel-compute
+    type: resource
+    prefix: rhel-comp
+    distro_id: "{{ rhel_distro_id }}"
+    heat_flavor_id: "{{ vcloud_flavor_name_prefix }}-compute"
+    member_count: '{{ rhel_computes|default(1) }}'
+    min_count: 0
+    service_components:
+      - RHEL_COMPUTE

scripts/jenkins/ardana/manual/generate-input-model.sh

@@ -0,0 +1,24 @@
+#!/bin/bash
+
+# (c) Copyright 2019 SUSE LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+set -e
+
+source lib.sh
+
+validate_input
+setup_ansible_venv
+mitogen_enable
+prepare_input_model

scripts/jenkins/ardana/manual/input.yml.example

@@ -155,6 +155,9 @@ swift_nodes: ''
 # disabled_services: 'monasca|logging|ceilometer|cassandra|kafka|spark|storm|freezer|octavia'
 disabled_services: ''
 
+# Enable (true) or disable (false) firewall rules on control plane. Default is enable: true
+firewall_enabled: 'true'
+
 # Use ipv6 networks in the cloud input model.
 ipv6: false