Enable kolla k8s to override bind api bind address in genconfig

It's good if k8s reuses ansible templates, but we need to abstract all ansible specific variables to achieve that. - Implements ansible override variable api_interface_address. - Adds api_interface_address setting and comments to globals.yml - Makes changes to mariadb templates to accept this new setting. - Disabled Galera when api_interface_address==0.0.0.0 in the case of Kubernetes. Otherwise, mariadb fails to start. - Tested with and without setting to ensure kolla genconfig output does not change when setting is disabled or undefined. Change-Id: Ia0e4951c327be01b717aebb86ef4c3a4e7ed170e Partially-implements: blueprint api-interface-bind-address-override Co-authored-by: David Wang <dcwangmit01@gmail.com> Co-authored-by: Ryan Hallisey <rhallise@redhat.com> Co-authored-by: Kevin Fox <kevin@efox.cc>
openstack · Jul 28, 2016 · 5838bd0 · 5838bd0
1 parent be77c38
commit 5838bd0
Show file tree

Hide file tree

Showing 3 changed files with 28 additions and 6 deletions.
diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml
@@ -19,6 +19,10 @@ node_config_directory: "/etc/kolla/{{ project }}"
 ###################
 # Kolla options
 ###################
+
+# Which orchestration engine to use. Valid options are [ ANSIBLE, KUBERNETES ]
+orchestration_engine: "ANSIBLE"
+
 # Valid options are [ COPY_ONCE, COPY_ALWAYS ]
 config_strategy: "COPY_ALWAYS"
 
@@ -39,6 +43,19 @@ kolla_enable_sanity_glance: "{{ kolla_enable_sanity_checks }}"
 kolla_enable_sanity_cinder: "{{ kolla_enable_sanity_checks }}"
 kolla_enable_sanity_swift: "{{ kolla_enable_sanity_checks }}"
 
+
+####################
+# kolla-kubernetes
+####################
+# By default, Kolla API services bind to the network address assigned
+# to the api_interface.  Allow the bind address to be an override.  In
+# some cases (Kubernetes), the api_interface address is not known
+# until container runtime, and thus it is necessary to bind to all
+# interfaces "0.0.0.0".  When used outside of Kubernetes, binding to
+# all interfaces may present a security issue, and thus is not
+# recommended.
+api_interface_address:  "{{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] if orchestration_engine == 'ANSIBLE' else '0.0.0.0' }}"
+
 ####################
 # Database options
 ####################

diff --git a/ansible/roles/mariadb/templates/galera.cnf.j2 b/ansible/roles/mariadb/templates/galera.cnf.j2
@@ -1,6 +1,11 @@
-{% set wsrep_driver = '/usr/lib/galera/libgalera_smm.so' if kolla_base_distro == 'ubuntu' else '/usr/lib64/galera/libgalera_smm.so' %}
+{%- set wsrep_driver = '/usr/lib/galera/libgalera_smm.so' if kolla_base_distro == 'ubuntu' else '/usr/lib64/galera/libgalera_smm.so' %}
+
+{#- Disable Galera in the case of of Kubernetes as its not supported yet.  Otherwise, #}
+{#- mariadb will fail to start #}
+{%- set wsrep_driver = 'none' if orchestration_engine == 'KUBERNETES' else wsrep_driver %}
+
 [mysqld]
-bind-address={{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}
+bind-address={{ api_interface_address }}
 port={{ mariadb_port }}
 
 log-error=/var/log/kolla/mariadb/mariadb.log
@@ -13,10 +18,10 @@ datadir=/var/lib/mysql/
 
 wsrep_cluster_address=gcomm://{% if (groups['mariadb'] | length) > 1 %}{% for host in groups['mariadb'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ mariadb_wsrep_port }}{% if not loop.last %},{% endif %}{% endfor %}{% endif %}
 
-wsrep_provider_options=gmcast.listen_addr=tcp://{{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}:{{ mariadb_wsrep_port }};ist.recv_addr={{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}:{{ mariadb_ist_port }}
+wsrep_provider_options=gmcast.listen_addr=tcp://{{ api_interface_address }}:{{ mariadb_wsrep_port }};ist.recv_addr={{ api_interface_address }}:{{ mariadb_ist_port }}
 
-wsrep_node_address={{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}:{{ mariadb_wsrep_port }}
-wsrep_sst_receive_address={{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}:{{ mariadb_sst_port }}
+wsrep_node_address={{ api_interface_address }}:{{ mariadb_wsrep_port }}
+wsrep_sst_receive_address={{ api_interface_address }}:{{ mariadb_sst_port }}
 
 wsrep_provider={{ wsrep_driver }}
 wsrep_cluster_name="{{ database_cluster_name }}"

diff --git a/ansible/roles/mariadb/templates/wsrep-notify.sh.j2 b/ansible/roles/mariadb/templates/wsrep-notify.sh.j2
@@ -3,7 +3,7 @@
 # Edit parameters below to specify the address and login to server.
 USER={{ database_user }}
 PSWD={{ database_password }}
-HOST={{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}
+HOST={{ api_interface_address }}
 PORT={{ mariadb_port }}
 LB_USER=haproxy