Factor out port creation on OVB networks
To enable backwards-compatible use of the neutron port-security extension, we need to split out all security-disabled ports into their own resources so they can be overridden. This change just does the refactoring, additional resources that take advantage of port-security will be coming in a follow-up.
This commit is contained in:
parent
7959ffd743
commit
f2ce82b894
|
@ -0,0 +1,28 @@
|
|||
heat_template_version: 2014-10-16
|
||||
|
||||
parameters:
|
||||
|
||||
bmc_prefix:
|
||||
type: string
|
||||
|
||||
private_net:
|
||||
type: string
|
||||
|
||||
resources:
|
||||
|
||||
private_bmc_port:
|
||||
type: OS::Neutron::Port
|
||||
properties:
|
||||
name:
|
||||
list_join:
|
||||
- '_'
|
||||
- - 'utility'
|
||||
- {get_param: bmc_prefix}
|
||||
network: {get_param: private_net}
|
||||
|
||||
outputs:
|
||||
port:
|
||||
value:
|
||||
- {port: {get_resource: private_bmc_port}}
|
||||
ip_address:
|
||||
value: {get_attr: [private_bmc_port, fixed_ips, 0, ip_address]}
|
|
@ -6,3 +6,5 @@ resource_registry:
|
|||
OS::OVB::PrivateNetwork: private-net-existing.yaml
|
||||
OS::OVB::BaremetalNetworks: baremetal-networks-none.yaml
|
||||
OS::OVB::BaremetalPorts: baremetal-ports-default.yaml
|
||||
OS::OVB::BMCPort: bmc-port.yaml
|
||||
OS::OVB::UndercloudPorts: undercloud-ports.yaml
|
||||
|
|
|
@ -0,0 +1,66 @@
|
|||
heat_template_version: 2014-10-16
|
||||
|
||||
parameters:
|
||||
|
||||
undercloud_name:
|
||||
type: string
|
||||
|
||||
private_net:
|
||||
type: string
|
||||
|
||||
provision_net:
|
||||
type: string
|
||||
|
||||
public_net:
|
||||
type: string
|
||||
|
||||
resources:
|
||||
undercloud_sg:
|
||||
type: OS::Neutron::SecurityGroup
|
||||
properties:
|
||||
name: undercloud_sg
|
||||
description: Ping and SSH
|
||||
rules:
|
||||
- protocol: icmp
|
||||
- protocol: tcp
|
||||
port_range_min: 22
|
||||
port_range_max: 22
|
||||
|
||||
private_undercloud_port:
|
||||
type: OS::Neutron::Port
|
||||
properties:
|
||||
name:
|
||||
list_join:
|
||||
- '_'
|
||||
- - {get_param: undercloud_name}
|
||||
- 'private'
|
||||
network: {get_param: private_net}
|
||||
security_groups:
|
||||
- {get_resource: undercloud_sg}
|
||||
|
||||
provision_undercloud_port:
|
||||
type: OS::Neutron::Port
|
||||
properties:
|
||||
name:
|
||||
list_join:
|
||||
- '_'
|
||||
- - {get_param: undercloud_name}
|
||||
- 'provision'
|
||||
network: {get_param: provision_net}
|
||||
|
||||
public_undercloud_port:
|
||||
type: OS::Neutron::Port
|
||||
properties:
|
||||
name:
|
||||
list_join:
|
||||
- '_'
|
||||
- - {get_param: undercloud_name}
|
||||
- 'public'
|
||||
network: {get_param: public_net}
|
||||
|
||||
outputs:
|
||||
ports:
|
||||
value:
|
||||
- {port: {get_resource: private_undercloud_port}}
|
||||
- {port: {get_resource: provision_undercloud_port}}
|
||||
- {port: {get_resource: public_undercloud_port}}
|
|
@ -23,16 +23,13 @@ parameters:
|
|||
type: string
|
||||
|
||||
resources:
|
||||
undercloud_sg:
|
||||
type: OS::Neutron::SecurityGroup
|
||||
undercloud_ports:
|
||||
type: OS::OVB::UndercloudPorts
|
||||
properties:
|
||||
name: undercloud_sg
|
||||
description: Ping and SSH
|
||||
rules:
|
||||
- protocol: icmp
|
||||
- protocol: tcp
|
||||
port_range_min: 22
|
||||
port_range_max: 22
|
||||
undercloud_name: {get_param: undercloud_name}
|
||||
private_net: {get_param: private_net}
|
||||
provision_net: {get_param: provision_net}
|
||||
public_net: {get_param: public_net}
|
||||
|
||||
undercloud_server:
|
||||
type: OS::Nova::Server
|
||||
|
@ -40,12 +37,7 @@ resources:
|
|||
flavor: {get_param: undercloud_flavor}
|
||||
image: {get_param: undercloud_image}
|
||||
key_name: {get_param: key_name}
|
||||
security_groups:
|
||||
- {get_resource: undercloud_sg}
|
||||
networks:
|
||||
- network: {get_param: private_net}
|
||||
- network: {get_param: provision_net}
|
||||
- network: {get_param: public_net}
|
||||
networks: {get_attr: [undercloud_ports, ports]}
|
||||
name: {get_param: undercloud_name}
|
||||
user_data_format: {get_param: undercloud_user_data_format}
|
||||
user_data: {get_param: undercloud_user_data}
|
||||
|
|
|
@ -134,14 +134,10 @@ parameters:
|
|||
|
||||
resources:
|
||||
bmc_port:
|
||||
type: OS::Neutron::Port
|
||||
type: OS::OVB::BMCPort
|
||||
properties:
|
||||
name:
|
||||
list_join:
|
||||
- '_'
|
||||
- - 'utility'
|
||||
- {get_param: bmc_prefix}
|
||||
network: {get_param: private_net}
|
||||
bmc_prefix: {get_param: bmc_prefix}
|
||||
private_net: {get_param: private_net}
|
||||
|
||||
bmc_other_ports:
|
||||
type: OS::Heat::ResourceGroup
|
||||
|
@ -159,13 +155,12 @@ resources:
|
|||
|
||||
bmc_server:
|
||||
type: OS::Nova::Server
|
||||
depends_on: openstack_baremetal_servers
|
||||
depends_on: [openstack_baremetal_servers, bmc_other_ports, bmc_port]
|
||||
properties:
|
||||
flavor: {get_param: bmc_flavor}
|
||||
image: {get_param: bmc_image}
|
||||
key_name: {get_param: key_name}
|
||||
networks:
|
||||
- port: {get_resource: bmc_port}
|
||||
networks: {get_attr: [bmc_port, port]}
|
||||
name: {get_param: bmc_prefix}
|
||||
user_data_format: RAW
|
||||
user_data:
|
||||
|
@ -180,7 +175,7 @@ resources:
|
|||
$os__project_domain: {get_param: os_project_domain}
|
||||
$bm_node_count: {get_param: node_count}
|
||||
$bmc_prefix: {get_param: bmc_prefix}
|
||||
$bmc_utility: {get_attr: [bmc_port, fixed_ips, 0, ip_address]}
|
||||
$bmc_utility: {get_attr: [bmc_port, ip_address]}
|
||||
$bm_prefix: {get_param: baremetal_prefix}
|
||||
$private_net: {get_param: private_net}
|
||||
$openstackbmc_script: {get_file: ../bin/openstackbmc}
|
||||
|
|
Loading…
Reference in New Issue