Factor out port creation on OVB networks

To enable backwards-compatible use of the neutron port-security extension, we need to split out all security-disabled ports into their own resources so they can be overridden. This change just does the refactoring, additional resources that take advantage of port-security will be coming in a follow-up.
2017-03-13 14:06:25 -05:00 · 2017-03-13 14:06:25 -05:00 · f2ce82b894
parent 7959ffd743
commit f2ce82b894
5 changed files with 109 additions and 26 deletions
--- a/templates/bmc-port.yaml
+++ b/templates/bmc-port.yaml
@ -0,0 +1,28 @@
+heat_template_version: 2014-10-16
+
+parameters:
+
+  bmc_prefix:
+    type: string
+
+  private_net:
+    type: string
+
+resources:
+
+  private_bmc_port:
+    type: OS::Neutron::Port
+    properties:
+      name:
+        list_join:
+        - '_'
+        - - 'utility'
+          - {get_param: bmc_prefix}
+      network: {get_param: private_net}
+
+outputs:
+  port:
+    value:
+    - {port: {get_resource: private_bmc_port}}
+  ip_address:
+    value: {get_attr: [private_bmc_port, fixed_ips, 0, ip_address]}
--- a/templates/resource-registry.yaml
+++ b/templates/resource-registry.yaml
@ -6,3 +6,5 @@ resource_registry:
  OS::OVB::PrivateNetwork: private-net-existing.yaml
  OS::OVB::BaremetalNetworks: baremetal-networks-none.yaml
  OS::OVB::BaremetalPorts: baremetal-ports-default.yaml
+  OS::OVB::BMCPort: bmc-port.yaml
+  OS::OVB::UndercloudPorts: undercloud-ports.yaml
--- a/templates/undercloud-ports.yaml
+++ b/templates/undercloud-ports.yaml
@ -0,0 +1,66 @@
+heat_template_version: 2014-10-16
+
+parameters:
+
+  undercloud_name:
+    type: string
+
+  private_net:
+    type: string
+
+  provision_net:
+    type: string
+
+  public_net:
+    type: string
+
+resources:
+  undercloud_sg:
+    type: OS::Neutron::SecurityGroup
+    properties:
+      name: undercloud_sg
+      description: Ping and SSH
+      rules:
+      - protocol: icmp
+      - protocol: tcp
+        port_range_min: 22
+        port_range_max: 22
+
+  private_undercloud_port:
+    type: OS::Neutron::Port
+    properties:
+      name:
+        list_join:
+        - '_'
+        - - {get_param: undercloud_name}
+          - 'private'
+      network: {get_param: private_net}
+      security_groups:
+      - {get_resource: undercloud_sg}
+
+  provision_undercloud_port:
+    type: OS::Neutron::Port
+    properties:
+      name:
+        list_join:
+        - '_'
+        - - {get_param: undercloud_name}
+          - 'provision'
+      network: {get_param: provision_net}
+
+  public_undercloud_port:
+    type: OS::Neutron::Port
+    properties:
+      name:
+        list_join:
+        - '_'
+        - - {get_param: undercloud_name}
+          - 'public'
+      network: {get_param: public_net}
+
+outputs:
+  ports:
+    value:
+    - {port: {get_resource: private_undercloud_port}}
+    - {port: {get_resource: provision_undercloud_port}}
+    - {port: {get_resource: public_undercloud_port}}
--- a/templates/undercloud.yaml
+++ b/templates/undercloud.yaml
@ -23,16 +23,13 @@ parameters:
    type: string

 resources:
-  undercloud_sg:
-    type: OS::Neutron::SecurityGroup
+  undercloud_ports:
+    type: OS::OVB::UndercloudPorts
    properties:
-      name: undercloud_sg
-      description: Ping and SSH
-      rules:
-      - protocol: icmp
-      - protocol: tcp
-        port_range_min: 22
-        port_range_max: 22
+      undercloud_name: {get_param: undercloud_name}
+      private_net: {get_param: private_net}
+      provision_net: {get_param: provision_net}
+      public_net: {get_param: public_net}

  undercloud_server:
    type: OS::Nova::Server
@ -40,12 +37,7 @@ resources:
      flavor: {get_param: undercloud_flavor}
      image: {get_param: undercloud_image}
      key_name: {get_param: key_name}
-      security_groups:
-      - {get_resource: undercloud_sg}
-      networks:
-      - network: {get_param: private_net}
-      - network: {get_param: provision_net}
-      - network: {get_param: public_net}
+      networks: {get_attr: [undercloud_ports, ports]}
      name: {get_param: undercloud_name}
      user_data_format: {get_param: undercloud_user_data_format}
      user_data: {get_param: undercloud_user_data}
--- a/templates/virtual-baremetal.yaml
+++ b/templates/virtual-baremetal.yaml
@ -134,14 +134,10 @@ parameters:

 resources:
  bmc_port:
-    type: OS::Neutron::Port
+    type: OS::OVB::BMCPort
    properties:
-      name:
-        list_join:
-        - '_'
-        - - 'utility'
-          - {get_param: bmc_prefix}
-      network: {get_param: private_net}
+      bmc_prefix: {get_param: bmc_prefix}
+      private_net: {get_param: private_net}

  bmc_other_ports:
    type: OS::Heat::ResourceGroup
@ -159,13 +155,12 @@ resources:

  bmc_server:
    type: OS::Nova::Server
-    depends_on: openstack_baremetal_servers
+    depends_on: [openstack_baremetal_servers, bmc_other_ports, bmc_port]
    properties:
      flavor: {get_param: bmc_flavor}
      image: {get_param: bmc_image}
      key_name: {get_param: key_name}
-      networks:
-        - port: {get_resource: bmc_port}
+      networks: {get_attr: [bmc_port, port]}
      name: {get_param: bmc_prefix}
      user_data_format: RAW
      user_data:
@ -180,7 +175,7 @@ resources:
            $os__project_domain: {get_param: os_project_domain}
            $bm_node_count: {get_param: node_count}
            $bmc_prefix: {get_param: bmc_prefix}
-            $bmc_utility: {get_attr: [bmc_port, fixed_ips, 0, ip_address]}
+            $bmc_utility: {get_attr: [bmc_port, ip_address]}
            $bm_prefix: {get_param: baremetal_prefix}
            $private_net: {get_param: private_net}
            $openstackbmc_script: {get_file: ../bin/openstackbmc}