Add router on the public network to provide external access

TripleO CI currently configures an interface on the
undercloud connected to the public network and uses the
undercloud as the router for the public network. This
deviates from what a non CI deployment would.

This change adds an optional undercloud-network-public-router
template with a router on the public_net which can provide
NAT'ed external access for overcloud nodes that use External
network interface as the default route.

The undercloud-networks-routed template have the public-router
added as well.

This removes the need for undercloud to provide masqueraded
routing for the external network when these templates are
used.
This commit is contained in:
Harald Jensås 2018-10-22 17:48:06 +02:00
parent 0911913371
commit caee7aeaf4
4 changed files with 143 additions and 2 deletions

View File

@ -212,3 +212,4 @@ outputs:
map_merge:
- get_attr: [undercloud_networks, provision_network_routers]
- get_attr: [baremetal_env, baremetal_networks_routers_addresses]
- get_attr: [undercloud_networks, public_network_router]

View File

@ -0,0 +1,105 @@
heat_template_version: 2015-04-30
parameters:
provision_net:
type: string
default: provision
description: Name of a network that will be used for provisioning traffic
provision_net_cidr:
type: string
description: CIDR for provision network subnet
default: 192.168.24.0/24
provision_net_shared:
type: boolean
description: Whether this network should be shared across all tenants
default: false
public_net:
type: string
description: Name of the overcloud external network
default: public
public_net_cidr:
type: string
description: CIDR for external network subnet
default: 10.0.0.0/24
public_net_router_address:
type: string
description: Router address for the public network subnet
default: 10.0.0.254
public_net_shared:
type: boolean
description: Whether this network should be shared across all tenants
default: false
external_net:
type: string
description: An external network for the networks to route to
resources:
provision_network:
type: OS::Neutron::Net
properties:
name: {get_param: provision_net}
shared: {get_param: provision_net_shared}
provision_subnet:
type: OS::Neutron::Subnet
properties:
network: {get_resource: provision_network}
name: {get_param: provision_net}
cidr: {get_param: provision_net_cidr}
gateway_ip: null
enable_dhcp: false
public_network:
type: OS::Neutron::Net
properties:
name: {get_param: public_net}
shared: {get_param: public_net_shared}
public_subnet:
type: OS::Neutron::Subnet
properties:
network: {get_resource: public_network}
name: {get_param: public_net}
cidr: {get_param: public_net_cidr}
gateway_ip: null
enable_dhcp: false
public_router:
type: OS::Neutron::Router
properties:
name: public-router
external_gateway_info:
network: {get_param: external_net}
public_router_port:
type: OS::Neutron::Port
properties:
network: {get_resource: public_network}
port_security_enabled: false
fixed_ips:
- ip_address: {get_param: public_net_router_address}
public_router_interface:
type: OS::Neutron::RouterInterface
properties:
router: {get_resource: public_router}
port: {get_resource: public_router_port}
outputs:
networks:
value:
provision: {get_resource: provision_network}
public: {get_resource: public_network}
# The provision_network_routers is here for compatibility only
provision_network_routers:
value: {}
public_network_router:
value:
public_router: {get_attr: [public_router_port, fixed_ips, 0, ip_address]}

View File

@ -71,11 +71,20 @@ parameters:
description: CIDR for external network subnet
default: 10.0.0.0/24
public_net_router_address:
type: string
description: Router address for the public network subnet
default: 10.0.0.254
public_net_shared:
type: boolean
description: Whether this network should be shared across all tenants
default: false
external_net:
type: string
description: An external network for the networks to route to
resources:
provision_router:
type: OS::Neutron::Router
@ -184,6 +193,27 @@ resources:
gateway_ip: null
enable_dhcp: false
public_router:
type: OS::Neutron::Router
properties:
name: public-router
external_gateway_info:
network: {get_param: external_net}
public_router_port:
type: OS::Neutron::Port
properties:
network: {get_resource: public_network}
port_security_enabled: false
fixed_ips:
- ip_address: {get_param: public_net_router_address}
public_router_interface:
type: OS::Neutron::RouterInterface
properties:
router: {get_resource: public_router}
port: {get_resource: public_router_port}
outputs:
networks:
value:
@ -196,3 +226,6 @@ outputs:
provision_router: {get_attr: [provision_router_port, fixed_ips, 0, ip_address]}
provision2_router: {get_attr: [provision_router_port2, fixed_ips, 0, ip_address]}
provision3_router: {get_attr: [provision_router_port3, fixed_ips, 0, ip_address]}
public_network_router:
value:
public_router: {get_attr: [public_router_port, fixed_ips, 0, ip_address]}

View File

@ -67,6 +67,8 @@ outputs:
value:
provision: {get_resource: provision_network}
public: {get_resource: public_network}
# The provision_network_routers is here for compatibility only
# The provision and public network routers is here for compatibility only
provision_network_routers:
value: {}
value: null
public_network_router:
value: null