Separate the external network into external and public

Previously, the external network carried both public API traffic and neutron external network traffic. In some cases is it useful to separate these networks. The public network now carries the public API traffic, leaving the external network to carry neutron external network traffic alone. For backwards compatibility, the public network defaults to the external network.
2017-08-23 18:12:41 +00:00 · 2017-08-23 18:12:41 +00:00 · 1d9e8fc976
commit 1d9e8fc976
parent e5cec6aed3
11 changed files with 28 additions and 15 deletions
--- a/ansible/docker.yml
+++ b/ansible/docker.yml
@ -3,4 +3,4 @@
  hosts: docker
  roles:
    - role: docker
-      docker_daemon_mtu: "{{ external_net_name | net_mtu | default }}"
+      docker_daemon_mtu: "{{ public_net_name | net_mtu | default }}"
--- a/ansible/group_vars/all/controllers
+++ b/ansible/group_vars/all/controllers
@ -15,6 +15,7 @@ controller_default_network_interfaces: >
      oob_wl_net_name,
      provision_wl_net_name,
      internal_net_name,
+      public_net_name,
      external_net_name,
      storage_net_name,
      storage_mgmt_net_name] | unique | list }}
--- a/ansible/group_vars/all/monitoring
+++ b/ansible/group_vars/all/monitoring
@ -13,7 +13,7 @@ monitoring_bootstrap_user: "{{ controller_bootstrap_user }}"
 monitoring_default_network_interfaces: >
  {{ [provision_oc_net_name,
      internal_net_name,
-      external_net_name] | unique | list }}
+      public_net_name] | unique | list }}

 # List of extra networks to which monitoring nodes are attached.
 monitoring_extra_network_interfaces: []
--- a/ansible/group_vars/all/network
+++ b/ansible/group_vars/all/network
@ -25,6 +25,9 @@ internal_net_name: 'internal_net'
 # to provide external network access via Neutron.
 external_net_name: 'external_net'

+# Name of the network used to expose the public OpenStack API endpoints.
+public_net_name: "{{ external_net_name }}"
+
 # Name of the network used to carry storage data traffic.
 storage_net_name: 'storage_net'

--- a/ansible/kolla-ansible.yml
+++ b/ansible/kolla-ansible.yml
@ -33,23 +33,23 @@
          set_fact:
            kolla_internal_vip_address: "{{ internal_net_name | net_vip_address }}"
            kolla_internal_fqdn: "{{ internal_net_name | net_fqdn or internal_net_name | net_vip_address }}"
-            kolla_external_vip_address: "{{ external_net_name | net_vip_address }}"
-            kolla_external_fqdn: "{{ external_net_name | net_fqdn or external_net_name | net_vip_address }}"
+            kolla_external_vip_address: "{{ public_net_name | net_vip_address }}"
+            kolla_external_fqdn: "{{ public_net_name | net_fqdn or public_net_name | net_vip_address }}"
          when: "{{ kolla_enable_haproxy | bool }}"

        - name: Set facts containing the VIP addresses and FQDNs
          set_fact:
            kolla_internal_vip_address: "{{ internal_net_name | net_ip(controller_host) }}"
            kolla_internal_fqdn: "{{ internal_net_name | net_ip(controller_host) }}"
-            kolla_external_vip_address: "{{ external_net_name | net_ip(controller_host) }}"
-            kolla_external_fqdn: "{{ external_net_name | net_ip(controller_host) }}"
+            kolla_external_vip_address: "{{ public_net_name | net_ip(controller_host) }}"
+            kolla_external_fqdn: "{{ public_net_name | net_ip(controller_host) }}"
          when:
            - "{{ not kolla_enable_haproxy | bool }}"

        - name: Set facts containing the controller network interfaces
          set_fact:
            kolla_network_interface: "{{ internal_net_name | net_interface(controller_host) | replace('-', '_') }}"
-            kolla_external_vip_interface: "{{ external_net_name | net_interface(controller_host) | replace('-', '_') }}"
+            kolla_external_vip_interface: "{{ public_net_name | net_interface(controller_host) | replace('-', '_') }}"
            kolla_api_interface: "{{ internal_net_name | net_interface(controller_host) | replace('-', '_') }}"
            kolla_storage_interface: "{{ storage_net_name | net_interface(controller_host) | replace('-', '_') }}"
            kolla_cluster_interface: "{{ storage_mgmt_net_name | net_interface(controller_host) | replace('-', '_') }}"
--- a/ansible/public-openrc.yml
+++ b/ansible/public-openrc.yml
@ -5,10 +5,10 @@
 - name: Ensure a public OpenStack API environment file exists
  hosts: config-mgmt
  vars:
-    external_api_proto: "{% if kolla_enable_tls_external | bool %}https{% else %}http{% endif %}"
-    external_api_vip_address: "{{ external_net_name | net_vip_address }}"
-    external_api_keystone_port: 5000
+    public_api_proto: "{% if kolla_enable_tls_external | bool %}https{% else %}http{% endif %}"
+    public_api_vip_address: "{{ public_net_name | net_vip_address }}"
+    public_api_keystone_port: 5000
  roles:
    - role: public-openrc
      public_openrc_kolla_config_path: "{{ kolla_config_path }}"
-      public_openrc_auth_url: "{{ external_api_proto }}://{{ external_api_vip_address }}:{{ external_api_keystone_port }}"
+      public_openrc_auth_url: "{{ public_api_proto }}://{{ public_api_vip_address }}:{{ public_api_keystone_port }}"
--- a/dev/dev-vagrant.yml
+++ b/dev/dev-vagrant.yml
@ -44,6 +44,7 @@ provision_oc_net_name: aio
 oob_wl_net_name: aio
 provision_wl_net_name: aio
 internal_net_name: aio
+public_net_name: aio
 external_net_name: aio
 storage_net_name: aio
 storage_mgmt_net_name: aio
--- a/doc/source/architecture.rst
+++ b/doc/source/architecture.rst
@ -49,6 +49,8 @@ Workload provisioning network
    the bare metal compute hosts.
 Internal network
    The internal network hosts the internal and admin OpenStack API endpoints.
+Public network
+    The public network hosts the public OpenStack API endpoints.
 External network
-    The external network hosts the public OpenStack API endpoints and provides
-    external network access for the hosts in the system.
+    The external network provides external network access for the hosts in the
+    system.
--- a/doc/source/configuration.rst
+++ b/doc/source/configuration.rst
@ -197,9 +197,10 @@ perform multiple roles, or even none at all.  The available roles are:
    workload hosts.
 ``internal_net_name``
    Name of the network used to expose the internal OpenStack API endpoints.
+``public_net_name``
+    Name of the network used to expose the public OpenStack API endpoints.
 ``external_net_name``
-    Name of the network used to expose the external OpenStack API endpoints and
-    to provide external network access via Neutron.
+    Name of the network used to provide external network access via Neutron.
 ``storage_net_name``
    Name of the network used to carry storage data traffic.
 ``storage_mgmt_net_name``
@ -262,6 +263,7 @@ We could describe such a network as follows:
   provision_oc_net_name: management
   provision_wl_net_name: cloud
   internal_net_name: cloud
+   public_net_name: external
   external_net_name: external
   storage_net_name: cloud
   storage_mgmt_net_name: cloud
--- a/etc/kayobe/networks.yml
+++ b/etc/kayobe/networks.yml
@ -27,6 +27,9 @@
 # to provide external network access via Neutron.
 #external_net_name:

+# Name of the network used to expose the public OpenStack API endpoints.
+#public_net_name:
+
 # Name of the network used to carry storage data traffic.
 #storage_net_name:

--- a/tools/configure-kayobe.sh
+++ b/tools/configure-kayobe.sh
@ -28,6 +28,7 @@ EOF
 provision_oc_net_name: 'the_net'
 provision_wl_net_name: 'the_net'
 internal_net_name: 'the_net'
+public_net_name: 'the_net'
 external_net_name: 'the_net'
 storage_net_name: 'the_net'
 storage_mgmt_net_name: 'the_net'