From caee7aeaf41581c9ff1e5dbba8562a82f0626ac0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Harald=20Jens=C3=A5s?= Date: Mon, 22 Oct 2018 17:48:06 +0200 Subject: [PATCH 1/3] Add router on the public network to provide external access TripleO CI currently configures an interface on the undercloud connected to the public network and uses the undercloud as the router for the public network. This deviates from what a non CI deployment would. This change adds an optional undercloud-network-public-router template with a router on the public_net which can provide NAT'ed external access for overcloud nodes that use External network interface as the default route. The undercloud-networks-routed template have the public-router added as well. This removes the need for undercloud to provide masqueraded routing for the external network when these templates are used. --- templates/quintupleo.yaml | 1 + .../undercloud-networks-public-router.yaml | 105 ++++++++++++++++++ templates/undercloud-networks-routed.yaml | 33 ++++++ templates/undercloud-networks.yaml | 6 +- 4 files changed, 143 insertions(+), 2 deletions(-) create mode 100644 templates/undercloud-networks-public-router.yaml diff --git a/templates/quintupleo.yaml b/templates/quintupleo.yaml index b7e665c..340d8ad 100644 --- a/templates/quintupleo.yaml +++ b/templates/quintupleo.yaml @@ -212,3 +212,4 @@ outputs: map_merge: - get_attr: [undercloud_networks, provision_network_routers] - get_attr: [baremetal_env, baremetal_networks_routers_addresses] + - get_attr: [undercloud_networks, public_network_router] diff --git a/templates/undercloud-networks-public-router.yaml b/templates/undercloud-networks-public-router.yaml new file mode 100644 index 0000000..9626bee --- /dev/null +++ b/templates/undercloud-networks-public-router.yaml @@ -0,0 +1,105 @@ +heat_template_version: 2015-04-30 + +parameters: + provision_net: + type: string + default: provision + description: Name of a network that will be used for provisioning traffic + + provision_net_cidr: + type: string + description: CIDR for provision network subnet + default: 192.168.24.0/24 + + provision_net_shared: + type: boolean + description: Whether this network should be shared across all tenants + default: false + + public_net: + type: string + description: Name of the overcloud external network + default: public + + public_net_cidr: + type: string + description: CIDR for external network subnet + default: 10.0.0.0/24 + + public_net_router_address: + type: string + description: Router address for the public network subnet + default: 10.0.0.254 + + public_net_shared: + type: boolean + description: Whether this network should be shared across all tenants + default: false + + external_net: + type: string + description: An external network for the networks to route to + +resources: + provision_network: + type: OS::Neutron::Net + properties: + name: {get_param: provision_net} + shared: {get_param: provision_net_shared} + + provision_subnet: + type: OS::Neutron::Subnet + properties: + network: {get_resource: provision_network} + name: {get_param: provision_net} + cidr: {get_param: provision_net_cidr} + gateway_ip: null + enable_dhcp: false + + public_network: + type: OS::Neutron::Net + properties: + name: {get_param: public_net} + shared: {get_param: public_net_shared} + + public_subnet: + type: OS::Neutron::Subnet + properties: + network: {get_resource: public_network} + name: {get_param: public_net} + cidr: {get_param: public_net_cidr} + gateway_ip: null + enable_dhcp: false + + public_router: + type: OS::Neutron::Router + properties: + name: public-router + external_gateway_info: + network: {get_param: external_net} + + public_router_port: + type: OS::Neutron::Port + properties: + network: {get_resource: public_network} + port_security_enabled: false + fixed_ips: + - ip_address: {get_param: public_net_router_address} + + public_router_interface: + type: OS::Neutron::RouterInterface + properties: + router: {get_resource: public_router} + port: {get_resource: public_router_port} + +outputs: + networks: + value: + provision: {get_resource: provision_network} + public: {get_resource: public_network} + # The provision_network_routers is here for compatibility only + provision_network_routers: + value: {} + public_network_router: + value: + public_router: {get_attr: [public_router_port, fixed_ips, 0, ip_address]} diff --git a/templates/undercloud-networks-routed.yaml b/templates/undercloud-networks-routed.yaml index b66aecb..fea204e 100644 --- a/templates/undercloud-networks-routed.yaml +++ b/templates/undercloud-networks-routed.yaml @@ -71,11 +71,20 @@ parameters: description: CIDR for external network subnet default: 10.0.0.0/24 + public_net_router_address: + type: string + description: Router address for the public network subnet + default: 10.0.0.254 + public_net_shared: type: boolean description: Whether this network should be shared across all tenants default: false + external_net: + type: string + description: An external network for the networks to route to + resources: provision_router: type: OS::Neutron::Router @@ -184,6 +193,27 @@ resources: gateway_ip: null enable_dhcp: false + public_router: + type: OS::Neutron::Router + properties: + name: public-router + external_gateway_info: + network: {get_param: external_net} + + public_router_port: + type: OS::Neutron::Port + properties: + network: {get_resource: public_network} + port_security_enabled: false + fixed_ips: + - ip_address: {get_param: public_net_router_address} + + public_router_interface: + type: OS::Neutron::RouterInterface + properties: + router: {get_resource: public_router} + port: {get_resource: public_router_port} + outputs: networks: value: @@ -196,3 +226,6 @@ outputs: provision_router: {get_attr: [provision_router_port, fixed_ips, 0, ip_address]} provision2_router: {get_attr: [provision_router_port2, fixed_ips, 0, ip_address]} provision3_router: {get_attr: [provision_router_port3, fixed_ips, 0, ip_address]} + public_network_router: + value: + public_router: {get_attr: [public_router_port, fixed_ips, 0, ip_address]} diff --git a/templates/undercloud-networks.yaml b/templates/undercloud-networks.yaml index 4f9bc34..a25e1a9 100644 --- a/templates/undercloud-networks.yaml +++ b/templates/undercloud-networks.yaml @@ -67,6 +67,8 @@ outputs: value: provision: {get_resource: provision_network} public: {get_resource: public_network} - # The provision_network_routers is here for compatibility only + # The provision and public network routers is here for compatibility only provision_network_routers: - value: {} + value: null + public_network_router: + value: null From 6f5481816ffc4c5560557ec380374945a282afc2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Harald=20Jens=C3=A5s?= Date: Tue, 23 Oct 2018 10:07:37 +0200 Subject: [PATCH 2/3] Add external interface to routed networks provision router When deploying TripleO overcloud nodes using the ctlplane network as the default gateway need to reach the internet (ntp servers etc.). Previously this was done using the undercloud as a masquerading router, doing so when nodes are not on the same L2 network as the undercloud is not as straight forward. (I.e we would have to set up routes on the provision router in ovb with a default route via the ip-address of the undercloud.) Hooking up the router for the provision networks to the external_net and let the ovb infra router do the NAT'ing makes more sense. --- templates/undercloud-networks-routed.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/templates/undercloud-networks-routed.yaml b/templates/undercloud-networks-routed.yaml index fea204e..b533cb3 100644 --- a/templates/undercloud-networks-routed.yaml +++ b/templates/undercloud-networks-routed.yaml @@ -90,6 +90,8 @@ resources: type: OS::Neutron::Router properties: name: provision-router + external_gateway_info: + network: {get_param: external_net} provision_network: type: OS::Neutron::Net From 96a75821430dd0fb623df8735d8e3a83368bf156 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Harald=20Jens=C3=A5s?= Date: Fri, 26 Oct 2018 02:15:02 +0200 Subject: [PATCH 3/3] Fixed ip's for dhcp-relay provision interfaces The IP addresses for the dhcp-relay service on the provision networks need to be fixed. If we end up using an address on the dhcp-relay instance that overlaps the address range in the Undercloud's provisioning networks we end up with conflicts. --- templates/dhcp-relay.yaml | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/templates/dhcp-relay.yaml b/templates/dhcp-relay.yaml index b54e17f..f4e5acc 100644 --- a/templates/dhcp-relay.yaml +++ b/templates/dhcp-relay.yaml @@ -19,6 +19,21 @@ parameters: The base image for the dhcrelay instance. A CentOS 7 image is currently the only one supported. + dhcp_relay_provision_address: + type: string + description: DHCP relay address on the provision network subnet + default: 192.168.24.253 + + dhcp_relay_provision2_address: + type: string + description: DHCP relay address on the provision2 network subnet + default: 192.168.25.253 + + dhcp_relay_provision3_address: + type: string + description: DHCP relay address on the provision3 network subnet + default: 192.168.26.253 + dhcp_ips: type: json description: | @@ -44,6 +59,8 @@ resources: name: dhcp_relay_port_provision network: {get_param: [networks, provision]} port_security_enabled: False + fixed_ips: + - ip_address: {get_param: dhcp_relay_provision_address} dhcp_relay_port_provision2: type: OS::Neutron::Port @@ -51,6 +68,8 @@ resources: name: dhcp_relay_port_provision2 network: {get_param: [networks, provision2]} port_security_enabled: False + fixed_ips: + - ip_address: {get_param: dhcp_relay_provision2_address} dhcp_relay_port_provision3: type: OS::Neutron::Port @@ -58,6 +77,8 @@ resources: name: dhcp_relay_port_provision3 network: {get_param: [networks, provision3]} port_security_enabled: False + fixed_ips: + - ip_address: {get_param: dhcp_relay_provision3_address} init_networks: type: OS::Heat::CloudConfig