Add support for isolating swift storage nets

This patch updates the Puppet Swift storage role
so that it supports network isolation. By default
all traffic still flows on the ctlplane network
but if network isolation is enabled then network
traffic will flow over the configured storage_mgmt
network interface.

This patch also fixes a few critical issues with
the swift storage role that prevented it from
working:
 - oac_data for the swift devices was overriding the
   data provided in the swift_devices_and_proxy
   hieradata file.
 - the role was missing declarations to load hieradata
   files for swift_devices_and_proxy and all_nodes
 - The required snmpd settings were not getting set
   correctly in the 'object' hiera data file.

With all of these changes the Swift storage role
works correctly with and without network isolation.

Change-Id: I541abb2604380f603bba91ad88e54783ee450a8f

diff --git a/overcloud-without-mergepy.yaml b/overcloud-without-mergepy.yaml
index 661497c..224c416 100644 (file)
--- a/overcloud-without-mergepy.yaml
+++ b/overcloud-without-mergepy.yaml
@@ -787,6 +787,7 @@ resources:
           Replicas: { get_param: SwiftReplicas}
           NtpServer: {get_param: NtpServer}
           UpdateIdentifier: {get_param: UpdateIdentifier}
+          ServiceNetMap: {get_param: ServiceNetMap}
 
   CephStorage:
     type: OS::Heat::ResourceGroup

diff --git a/puppet/swift-storage-puppet.yaml b/puppet/swift-storage-puppet.yaml
index 2268f41..e7ac613 100644 (file)
--- a/puppet/swift-storage-puppet.yaml
+++ b/puppet/swift-storage-puppet.yaml
@@ -57,6 +57,11 @@ parameters:
     description: >
       Setting to a previously unused value during stack-update will trigger
       package update on all nodes
+  ServiceNetMap:
+    default: {}
+    description: Mapping of service_name -> network name. Typically set
+                 via parameter_defaults in the resource registry.
+    type: json
 
 resources:
 
@@ -96,6 +101,13 @@ resources:
       StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]}
       StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]}
 
+  NetIpMap:
+    type: OS::TripleO::Network::Ports::NetIpMap
+    properties:
+      InternalApiIp: {get_attr: [InternalApiPort, ip_address]}
+      StorageIp: {get_attr: [StoragePort, ip_address]}
+      StorageMgmtIp: {get_attr: [StorageMgmtPort, ip_address]}
+
   NetworkDeployment:
     type: OS::TripleO::SoftwareDeployment
     properties:
@@ -111,6 +123,8 @@ resources:
           hierarchy:
             - heat_config_%{::deploy_config_name}
             - object
+            - swift_devices_and_proxy # provided by SwiftDevicesAndProxyConfig
+            - all_nodes # provided by allNodesConfig
             - '"%{::osfamily}"'
             - common
           datafiles:
@@ -118,20 +132,20 @@ resources:
               raw_data: {get_file: hieradata/common.yaml}
             object:
               raw_data: {get_file: hieradata/object.yaml}
-              oac_data: # data we map in from other OAC configurations
-                tripleo::ringbuilder::devices: swift.devices
               mapped_data: # data supplied directly to this deployment configuration, etc
                 swift::swift_hash_suffix: { get_input: swift_hash_suffix }
                 tripleo::ringbuilder::part_power: { get_input: swift_part_power }
                 tripleo::ringbuilder::replicas: {get_input: swift_replicas }
                 # Swift
-                swift::storage::all::storage_local_net_ip: {get_input: local_ip}
+                swift::storage::all::storage_local_net_ip: {get_input: swift_management_network}
                 swift_mount_check: {get_input: swift_mount_check }
                 tripleo::ringbuilder::min_part_hours: { get_input: swift_min_part_hours }
                 ntp::servers: {get_input: ntp_servers}
                 # NOTE(dprince): build_ring support is currently not wired in.
                 # See: https://review.openstack.org/#/c/109225/
                 tripleo::ringbuilder::build_ring: True
+                snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name}
+                snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password}
                 enable_package_install: {get_input: enable_package_install}
 
 
@@ -156,6 +170,7 @@ resources:
             params:
               server: {get_param: NtpServer}
         enable_package_install: {get_param: EnablePackageInstall}
+        swift_management_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]}
 
   UpdateConfig:
     type: OS::TripleO::Tasks::PackageUpdate
@@ -187,7 +202,7 @@ outputs:
       str_replace:
         template: 'r1z1-IP:%PORT%/d1'
         params:
-          IP: {get_attr: [SwiftStorage, networks, ctlplane, 0]}
+          IP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]}
   internal_api_ip_address:
     description: IP address of the server in the internal_api network
     value: {get_attr: [InternalApiPort, ip_address]}