Remove non-port-security templates
OVB 2.0 won't support clouds that lack the port-security extension, so these are no longer needed.
This commit is contained in:
parent
4fd992b155
commit
247c2d02d2
@ -49,9 +49,9 @@ then
|
||||
fi
|
||||
echo 'resource_registry:' >> env.yaml
|
||||
echo ' OS::OVB::UndercloudFloating: templates/undercloud-floating.yaml' >> env.yaml
|
||||
echo ' OS::OVB::BaremetalPorts: templates/baremetal-ports-default-port-security.yaml' >> env.yaml
|
||||
echo ' OS::OVB::BMCPort: templates/bmc-port-port-security.yaml' >> env.yaml
|
||||
echo ' OS::OVB::UndercloudPorts: templates/undercloud-ports-port-security.yaml' >> env.yaml
|
||||
echo ' OS::OVB::BaremetalPorts: templates/baremetal-ports-default.yaml' >> env.yaml
|
||||
echo ' OS::OVB::BMCPort: templates/bmc-port.yaml' >> env.yaml
|
||||
echo ' OS::OVB::UndercloudPorts: templates/undercloud-ports.yaml' >> env.yaml
|
||||
echo ' OS::OVB::PrivateNetwork: templates/private-net-create.yaml' >> env.yaml
|
||||
|
||||
cp -r $BIN_DIR ./bin
|
||||
|
@ -52,7 +52,7 @@ fi
|
||||
cp -r $BIN_DIR ./bin
|
||||
cp -r $BIN_DIR/../openstack_virtual_baremetal .
|
||||
STACK_NAME=$MY_ID
|
||||
$BIN_DIR/deploy.py --quintupleo --id $MY_ID --name $STACK_NAME --poll -e env.yaml -e environments/create-private-network.yaml -e environments/all-networks-port-security.yaml
|
||||
$BIN_DIR/deploy.py --quintupleo --id $MY_ID --name $STACK_NAME --poll -e env.yaml -e environments/create-private-network.yaml -e environments/all-networks.yaml
|
||||
UNDERCLOUD_IP=$(heat output-show $STACK_NAME undercloud_host_floating_ip | sed -e 's/"//g')
|
||||
bin/build-nodes-json --env env-$MY_ID.yaml --driver ipmi
|
||||
SSH_OPTS="-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o LogLevel=Verbose -o PasswordAuthentication=no -o ConnectionAttempts=32 "
|
||||
|
@ -94,8 +94,7 @@ method, which creates most of the resources needed automatically.
|
||||
neutron port-list
|
||||
neutron floatingip-associate [floatingip uuid] [undercloud instance port id]
|
||||
|
||||
#. (Optional) If not using the Noop firewall driver, turn off port-security on
|
||||
the undercloud provisioning port::
|
||||
#. Turn off port-security on the undercloud provisioning port::
|
||||
|
||||
neutron port-update [UUID of undercloud port on the provision network] --no-security-groups --port-security-enabled=False
|
||||
|
||||
|
@ -1,30 +1,6 @@
|
||||
Sample Environment Index
|
||||
========================
|
||||
|
||||
Deploy with All Networks Enabled
|
||||
--------------------------------
|
||||
|
||||
**File:** environments/all-networks-port-security.yaml
|
||||
|
||||
**Description:** Deploy an OVB stack that adds interfaces for all the standard TripleO
|
||||
network isolation networks. This version uses the port-security
|
||||
Neutron extension to allow OVB to be run on clouds with security
|
||||
groups enabled.
|
||||
|
||||
|
||||
Deploy with All Networks Enabled and Two Public Interfaces
|
||||
----------------------------------------------------------
|
||||
|
||||
**File:** environments/all-networks-public-bond-port-security.yaml
|
||||
|
||||
**Description:** Deploy an OVB stack that adds interfaces for all the standard TripleO
|
||||
network isolation networks. This version will deploy duplicate
|
||||
public network interfaces on the baremetal instances so that the
|
||||
public network can be configured as a bond. It will also use the
|
||||
port-security Neutron extension to allow OVB to be run on clouds with
|
||||
security groups enabled.
|
||||
|
||||
|
||||
Deploy with All Networks Enabled and Two Public Interfaces
|
||||
----------------------------------------------------------
|
||||
|
||||
@ -118,15 +94,6 @@ Create a Private Network
|
||||
existing one.
|
||||
|
||||
|
||||
Deploy a Basic OVB Environment Using Neutron port-security
|
||||
----------------------------------------------------------
|
||||
|
||||
**File:** environments/port-security.yaml
|
||||
|
||||
**Description:** Deploy an OVB stack that uses the Neutron port-security extension to
|
||||
allow OVB functionality in clouds with security groups enabled.
|
||||
|
||||
|
||||
Public Network External Router
|
||||
------------------------------
|
||||
|
||||
|
@ -19,7 +19,7 @@ however.
|
||||
with some older clouds. See below for details on customizing an OVB
|
||||
deployment for your particular situation::
|
||||
|
||||
bin/deploy.py --quintupleo -e env.yaml -e environments/all-networks-port-security.yaml -e environments/create-private-network.yaml
|
||||
bin/deploy.py --quintupleo -e env.yaml -e environments/all-networks.yaml -e environments/create-private-network.yaml
|
||||
|
||||
.. note:: There is a quintupleo-specific option ``--id`` in deploy.py.
|
||||
It appends the value passed in to the name of all resources
|
||||
@ -97,10 +97,10 @@ There are also a number of advanced options that can be enabled for a
|
||||
QuintupleO deployment. For each such option there is a sample environment
|
||||
to be passed to the deploy command.
|
||||
|
||||
For example, to deploy using the Neutron port-security extension to allow
|
||||
DHCP and PXE booting, the following command could be used::
|
||||
For example, to deploy all networks needed for TripleO network isolation, the
|
||||
following command could be used::
|
||||
|
||||
bin/deploy.py --quintupleo -e env.yaml -e environments/port-security.yaml
|
||||
bin/deploy.py --quintupleo -e env.yaml -e environments/all-networks.yaml
|
||||
|
||||
.. important:: When deploying with multiple environment files, ``env.yaml``
|
||||
*must* be explicitly passed to the deploy command.
|
||||
@ -110,7 +110,7 @@ DHCP and PXE booting, the following command could be used::
|
||||
Some options may have additional configuration parameters. These parameters
|
||||
will be listed in the environment file.
|
||||
|
||||
A full list of the option environments available can be found at
|
||||
A full list of the environments available can be found at
|
||||
:doc:`environment-index`.
|
||||
|
||||
Network Isolation
|
||||
@ -144,19 +144,6 @@ Three primary networking layouts are included:
|
||||
OVB environment. The ``bond-*`` overcloud templates must be used with this
|
||||
type of environment.
|
||||
|
||||
Each of the networking layouts has two variations: with and without the use of
|
||||
Neutron's port-security extension. The reason for this is that older releases
|
||||
of OpenStack did not support port-security, so those templates cannot be used.
|
||||
However, use of the port-security extension allows OVB to work on a much larger
|
||||
number of clouds because it does not require insecure Neutron settings.
|
||||
|
||||
While the port-security extension existed as far back as the Liberty release,
|
||||
it has only been successfully tested with OVB on Newton and above.
|
||||
|
||||
The port-security environments can be recognized by the presence of
|
||||
`port-security` somewhere in the filename. Network environments without that
|
||||
substring are the standard ones that require the noop Neutron firewall driver.
|
||||
|
||||
QuintupleO and routed networks
|
||||
------------------------------
|
||||
|
||||
@ -195,7 +182,7 @@ OVB as well.
|
||||
|
||||
./bin/deploy.py --env env.yaml \
|
||||
--quintupleo \
|
||||
--env environments/all-networks-port-security.yaml \
|
||||
--env environments/all-networks.yaml \
|
||||
--env environments/routed-networks.yaml \
|
||||
--env env-routed-networks.yaml \
|
||||
--role env-leaf1.yaml
|
||||
|
@ -7,19 +7,8 @@ all of it will provide the optimal experience.
|
||||
The changes described in this document apply to compute nodes in the
|
||||
host cloud.
|
||||
|
||||
#. Neutron must be configured to use the NoopFirewallDriver. Edit
|
||||
``/etc/neutron/plugins/ml2/ml2_conf.ini`` and set the option
|
||||
``firewall_driver`` in the ``[securitygroup]`` section as follows::
|
||||
|
||||
firewall_driver = neutron.agent.firewall.NoopFirewallDriver
|
||||
|
||||
#. In Liberty and later versions, arp spoofing must be disabled. Edit
|
||||
``/etc/neutron/plugins/ml2/ml2_conf.ini`` and set the option
|
||||
``prevent_arp_spoofing`` in the ``[agent]`` section as follows::
|
||||
|
||||
prevent_arp_spoofing = False
|
||||
|
||||
#. The Nova option ``force_config_drive`` must _not_ be set.
|
||||
#. The Nova option ``force_config_drive`` must _not_ be set. If you have to
|
||||
change this option, restart ``nova-compute`` to apply it.
|
||||
|
||||
#. Ideally, jumbo frames should be enabled on the host cloud. This
|
||||
avoids MTU problems when deploying to instances over tunneled
|
||||
@ -33,6 +22,3 @@ host cloud.
|
||||
such a change on the host cloud), it will likely be necessary to
|
||||
configure a smaller MTU on the deployed virtual instances. Details
|
||||
on doing so can be found on the :doc:`../usage/usage` page.
|
||||
|
||||
#. Restart ``nova-compute`` and ``neutron-openvswitch-agent`` to apply the
|
||||
changes above.
|
||||
|
@ -6,9 +6,6 @@ Instructions for setting up the host cloud[1].
|
||||
1: The host cloud is any OpenStack cloud providing the necessary functionality
|
||||
to run OVB. The host cloud must be running on real baremetal.
|
||||
|
||||
.. warning:: This process requires patches and configuration settings that
|
||||
may not be appropriate for production clouds.
|
||||
|
||||
.. toctree::
|
||||
|
||||
patches
|
||||
|
@ -49,10 +49,8 @@ VM, but responses never get to the baremetal instances.
|
||||
|
||||
**Cause**: Neutron port security blocking DHCP from the undercloud.
|
||||
|
||||
**Solution**: Neutron either needs to be configured to use the Noop firewall
|
||||
driver, or the port-security extension must be used to disable
|
||||
port-security on the appropriate ports. As of this writing that
|
||||
requires use of the port-security branch of OVB.
|
||||
**Solution**: Ensure that the Neutron port-security extension is present in
|
||||
the host cloud. It is required for OVB to function properly.
|
||||
|
||||
The BMC does not respond to IPMI requests
|
||||
-----------------------------------------
|
||||
@ -62,11 +60,10 @@ on arbitrary addresses. The BMC deployment may have failed for some
|
||||
reason.
|
||||
|
||||
**Solution**: Neutron must be configured to allow the BMC to listen on
|
||||
arbitrary addresses. This requires use of the Noop firewall driver
|
||||
or port-security extension as in the previous solution. If this
|
||||
is already configured correctly, then the BMC may have failed to
|
||||
deploy properly. This can usually be determined by looking at the
|
||||
nova console-log of the BMC instance. A correctly working BMC will
|
||||
arbitrary addresses. This requires the port-security extension as in the
|
||||
previous solution. If this is already configured correctly, then the BMC may
|
||||
have failed to deploy properly. This can usually be determined by looking at
|
||||
the nova console-log of the BMC instance. A correctly working BMC will
|
||||
display 'Managing instance [uuid]' for each baremetal node in the
|
||||
environment. If those messages are not found, then the BMC has
|
||||
failed to start properly. The relevant error messages should be
|
||||
|
@ -43,15 +43,12 @@ After an OVB environment has been deployed, there are a few things to know.
|
||||
this is a brief explanation of each:
|
||||
|
||||
- **network-templates:** IPv4 multi-nic. Usable with the network layout
|
||||
deployed by the ``all-networks.yaml`` and
|
||||
``all-networks-port-security.yaml`` environments.
|
||||
deployed by the ``all-networks.yaml`` environment.
|
||||
- **ipv6-network-templates:** IPv6 multi-nic. Usable with the network layout
|
||||
deployed by the ``all-networks.yaml`` and
|
||||
``all-networks-port-security.yaml`` environments.
|
||||
deployed by the ``all-networks.yaml`` environment.
|
||||
- **bond-network-templates:** IPv4 multi-nic, with duplicate `public`
|
||||
interfaces for testing bonded nics. Usable with the network layout
|
||||
deployed by the ``all-networks-public-bond.yaml`` and
|
||||
``all-networks-public-bond-port-security.yaml`` environments.
|
||||
deployed by the ``all-networks-public-bond.yaml`` environment.
|
||||
|
||||
The undercloud's ``public`` interface should be configured with the address
|
||||
of the default route from the templates in use. Firewall rules for
|
||||
|
@ -1,54 +0,0 @@
|
||||
# *******************************************************************
|
||||
# This file was created automatically by the sample environment
|
||||
# generator. Developers should use `tox -e genconfig` to update it.
|
||||
# Users are recommended to make changes to a copy of the file instead
|
||||
# of the original, if any customizations are needed.
|
||||
# *******************************************************************
|
||||
# title: Deploy with All Networks Enabled
|
||||
# description: |
|
||||
# Deploy an OVB stack that adds interfaces for all the standard TripleO
|
||||
# network isolation networks. This version uses the port-security
|
||||
# Neutron extension to allow OVB to be run on clouds with security
|
||||
# groups enabled.
|
||||
parameter_defaults:
|
||||
# Name of internal API network
|
||||
# Type: string
|
||||
overcloud_internal_net: overcloud_internal
|
||||
|
||||
# CIDR for internal API network subnet. This is typically irrelevant and
|
||||
# does not need to be changed.
|
||||
# Type: string
|
||||
overcloud_internal_net_cidr: 172.17.0.0/24
|
||||
|
||||
# Name of storage management network
|
||||
# Type: string
|
||||
overcloud_storage_mgmt_net: overcloud_storage_mgmt
|
||||
|
||||
# CIDR for storage management network subnet. This is typically irrelevant
|
||||
# and does not need to be changed.
|
||||
# Type: string
|
||||
overcloud_storage_mgmt_net_cidr: 172.19.0.0/24
|
||||
|
||||
# Name of storage network
|
||||
# Type: string
|
||||
overcloud_storage_net: overcloud_storage
|
||||
|
||||
# CIDR for storage network subnet. This is typically irrelevant and
|
||||
# does not need to be changed.
|
||||
# Type: string
|
||||
overcloud_storage_net_cidr: 172.18.0.0/24
|
||||
|
||||
# Name of tenant network
|
||||
# Type: string
|
||||
overcloud_tenant_net: overcloud_tenant
|
||||
|
||||
# CIDR for tenant network subnet. This is typically irrelevant and
|
||||
# does not need to be changed.
|
||||
# Type: string
|
||||
overcloud_tenant_net_cidr: 172.16.0.0/24
|
||||
|
||||
resource_registry:
|
||||
OS::OVB::BMCPort: ../templates/bmc-port-port-security.yaml
|
||||
OS::OVB::BaremetalNetworks: ../templates/baremetal-networks-all.yaml
|
||||
OS::OVB::BaremetalPorts: ../templates/baremetal-ports-all-port-security.yaml
|
||||
OS::OVB::UndercloudPorts: ../templates/undercloud-ports-port-security.yaml
|
@ -1,56 +0,0 @@
|
||||
# *******************************************************************
|
||||
# This file was created automatically by the sample environment
|
||||
# generator. Developers should use `tox -e genconfig` to update it.
|
||||
# Users are recommended to make changes to a copy of the file instead
|
||||
# of the original, if any customizations are needed.
|
||||
# *******************************************************************
|
||||
# title: Deploy with All Networks Enabled and Two Public Interfaces
|
||||
# description: |
|
||||
# Deploy an OVB stack that adds interfaces for all the standard TripleO
|
||||
# network isolation networks. This version will deploy duplicate
|
||||
# public network interfaces on the baremetal instances so that the
|
||||
# public network can be configured as a bond. It will also use the
|
||||
# port-security Neutron extension to allow OVB to be run on clouds with
|
||||
# security groups enabled.
|
||||
parameter_defaults:
|
||||
# Name of internal API network
|
||||
# Type: string
|
||||
overcloud_internal_net: overcloud_internal
|
||||
|
||||
# CIDR for internal API network subnet. This is typically irrelevant and
|
||||
# does not need to be changed.
|
||||
# Type: string
|
||||
overcloud_internal_net_cidr: 172.17.0.0/24
|
||||
|
||||
# Name of storage management network
|
||||
# Type: string
|
||||
overcloud_storage_mgmt_net: overcloud_storage_mgmt
|
||||
|
||||
# CIDR for storage management network subnet. This is typically irrelevant
|
||||
# and does not need to be changed.
|
||||
# Type: string
|
||||
overcloud_storage_mgmt_net_cidr: 172.19.0.0/24
|
||||
|
||||
# Name of storage network
|
||||
# Type: string
|
||||
overcloud_storage_net: overcloud_storage
|
||||
|
||||
# CIDR for storage network subnet. This is typically irrelevant and
|
||||
# does not need to be changed.
|
||||
# Type: string
|
||||
overcloud_storage_net_cidr: 172.18.0.0/24
|
||||
|
||||
# Name of tenant network
|
||||
# Type: string
|
||||
overcloud_tenant_net: overcloud_tenant
|
||||
|
||||
# CIDR for tenant network subnet. This is typically irrelevant and
|
||||
# does not need to be changed.
|
||||
# Type: string
|
||||
overcloud_tenant_net_cidr: 172.16.0.0/24
|
||||
|
||||
resource_registry:
|
||||
OS::OVB::BMCPort: ../templates/bmc-port-port-security.yaml
|
||||
OS::OVB::BaremetalNetworks: ../templates/baremetal-networks-all.yaml
|
||||
OS::OVB::BaremetalPorts: ../templates/baremetal-ports-public-bond-port-security.yaml
|
||||
OS::OVB::UndercloudPorts: ../templates/undercloud-ports-port-security.yaml
|
@ -33,4 +33,4 @@ parameter_defaults:
|
||||
role: extra
|
||||
|
||||
resource_registry:
|
||||
OS::OVB::BaremetalPorts: ../templates/baremetal-ports-extra-node-port-security.yaml
|
||||
OS::OVB::BaremetalPorts: ../templates/baremetal-ports-extra-node.yaml
|
||||
|
@ -1,14 +0,0 @@
|
||||
# *******************************************************************
|
||||
# This file was created automatically by the sample environment
|
||||
# generator. Developers should use `tox -e genconfig` to update it.
|
||||
# Users are recommended to make changes to a copy of the file instead
|
||||
# of the original, if any customizations are needed.
|
||||
# *******************************************************************
|
||||
# title: Deploy a Basic OVB Environment Using Neutron port-security
|
||||
# description: |
|
||||
# Deploy an OVB stack that uses the Neutron port-security extension to
|
||||
# allow OVB functionality in clouds with security groups enabled.
|
||||
resource_registry:
|
||||
OS::OVB::BMCPort: ../templates/bmc-port-port-security.yaml
|
||||
OS::OVB::BaremetalPorts: ../templates/baremetal-ports-default-port-security.yaml
|
||||
OS::OVB::UndercloudPorts: ../templates/undercloud-ports-port-security.yaml
|
@ -205,7 +205,7 @@ role_base_data = {
|
||||
'OS::OVB::BaremetalNetworks': 'templates/baremetal-networks-all.yaml',
|
||||
'OS::OVB::BaremetalPorts':
|
||||
'templates/baremetal-ports-public-bond.yaml',
|
||||
'OS::OVB::BMCPort': 'templates/bmc-port-port-security.yaml'
|
||||
'OS::OVB::BMCPort': 'templates/bmc-port.yaml'
|
||||
}
|
||||
}
|
||||
role_specific_data = {
|
||||
@ -251,7 +251,7 @@ role_original_data = {
|
||||
'OS::OVB::BaremetalNetworks': 'templates/baremetal-networks-all.yaml',
|
||||
'OS::OVB::BaremetalPorts':
|
||||
'templates/baremetal-ports-public-bond.yaml',
|
||||
'OS::OVB::BMCPort': 'templates/bmc-port-port-security.yaml'
|
||||
'OS::OVB::BMCPort': 'templates/bmc-port.yaml'
|
||||
}
|
||||
}
|
||||
# end _process_role test data
|
||||
@ -397,7 +397,7 @@ class TestDeploy(testtools.TestCase):
|
||||
'templates/baremetal-ports-all.yaml',
|
||||
output['resource_registry']['OS::OVB::BaremetalPorts'])
|
||||
# This should be inherited from the base env
|
||||
self.assertEqual('templates/bmc-port-port-security.yaml',
|
||||
self.assertEqual('templates/bmc-port.yaml',
|
||||
output['resource_registry']['OS::OVB::BMCPort'])
|
||||
|
||||
@mock.patch('openstack_virtual_baremetal.deploy._load_role_data')
|
||||
|
@ -63,7 +63,7 @@ environments:
|
||||
baremetal_image: CentOS-7-x86_64-GenericCloud
|
||||
node_count: 1
|
||||
resource_registry:
|
||||
OS::OVB::BaremetalPorts: ../templates/baremetal-ports-extra-node-port-security.yaml
|
||||
OS::OVB::BaremetalPorts: ../templates/baremetal-ports-extra-node.yaml
|
||||
-
|
||||
name: all-networks
|
||||
title: Deploy with All Networks Enabled
|
||||
@ -77,18 +77,6 @@ environments:
|
||||
OS::OVB::BaremetalNetworks: ../templates/baremetal-networks-all.yaml
|
||||
OS::OVB::BaremetalPorts: ../templates/baremetal-ports-all.yaml
|
||||
children:
|
||||
-
|
||||
name: all-networks-port-security
|
||||
description: |
|
||||
Deploy an OVB stack that adds interfaces for all the standard TripleO
|
||||
network isolation networks. This version uses the port-security
|
||||
Neutron extension to allow OVB to be run on clouds with security
|
||||
groups enabled.
|
||||
resource_registry:
|
||||
OS::OVB::BaremetalNetworks: ../templates/baremetal-networks-all.yaml
|
||||
OS::OVB::BaremetalPorts: ../templates/baremetal-ports-all-port-security.yaml
|
||||
OS::OVB::BMCPort: ../templates/bmc-port-port-security.yaml
|
||||
OS::OVB::UndercloudPorts: ../templates/undercloud-ports-port-security.yaml
|
||||
-
|
||||
name: all-networks-public-bond
|
||||
title: Deploy with All Networks Enabled and Two Public Interfaces
|
||||
@ -100,32 +88,6 @@ environments:
|
||||
resource_registry:
|
||||
OS::OVB::BaremetalNetworks: ../templates/baremetal-networks-all.yaml
|
||||
OS::OVB::BaremetalPorts: ../templates/baremetal-ports-public-bond.yaml
|
||||
-
|
||||
name: all-networks-public-bond-port-security
|
||||
title: Deploy with All Networks Enabled and Two Public Interfaces
|
||||
description: |
|
||||
Deploy an OVB stack that adds interfaces for all the standard TripleO
|
||||
network isolation networks. This version will deploy duplicate
|
||||
public network interfaces on the baremetal instances so that the
|
||||
public network can be configured as a bond. It will also use the
|
||||
port-security Neutron extension to allow OVB to be run on clouds with
|
||||
security groups enabled.
|
||||
resource_registry:
|
||||
OS::OVB::BaremetalNetworks: ../templates/baremetal-networks-all.yaml
|
||||
OS::OVB::BaremetalPorts: ../templates/baremetal-ports-public-bond-port-security.yaml
|
||||
OS::OVB::BMCPort: ../templates/bmc-port-port-security.yaml
|
||||
OS::OVB::UndercloudPorts: ../templates/undercloud-ports-port-security.yaml
|
||||
-
|
||||
name: port-security
|
||||
title: Deploy a Basic OVB Environment Using Neutron port-security
|
||||
description: |
|
||||
Deploy an OVB stack that uses the Neutron port-security extension to
|
||||
allow OVB functionality in clouds with security groups enabled.
|
||||
files: {}
|
||||
resource_registry:
|
||||
OS::OVB::BaremetalPorts: ../templates/baremetal-ports-default-port-security.yaml
|
||||
OS::OVB::BMCPort: ../templates/bmc-port-port-security.yaml
|
||||
OS::OVB::UndercloudPorts: ../templates/undercloud-ports-port-security.yaml
|
||||
-
|
||||
name: create-private-network
|
||||
title: Create a Private Network
|
||||
|
@ -1,115 +0,0 @@
|
||||
heat_template_version: 2015-10-15
|
||||
|
||||
parameters:
|
||||
|
||||
baremetal_prefix:
|
||||
type: string
|
||||
|
||||
networks:
|
||||
type: json
|
||||
|
||||
suffix:
|
||||
type: string
|
||||
|
||||
overcloud_internal_net:
|
||||
type: string
|
||||
description: Name of internal API network
|
||||
default: overcloud_internal
|
||||
|
||||
overcloud_storage_net:
|
||||
type: string
|
||||
description: Name of storage network
|
||||
default: overcloud_storage
|
||||
|
||||
overcloud_storage_mgmt_net:
|
||||
type: string
|
||||
description: Name of storage management network
|
||||
default: overcloud_storage_mgmt
|
||||
|
||||
overcloud_tenant_net:
|
||||
type: string
|
||||
description: Name of tenant network
|
||||
default: overcloud_tenant
|
||||
|
||||
resources:
|
||||
|
||||
provision_port:
|
||||
type: OS::Neutron::Port
|
||||
properties:
|
||||
name:
|
||||
list_join:
|
||||
- ''
|
||||
- - {get_param: baremetal_prefix}
|
||||
- {get_param: suffix}
|
||||
network: {get_param: [networks, provision]}
|
||||
port_security_enabled: False
|
||||
|
||||
internal_port:
|
||||
type: OS::Neutron::Port
|
||||
properties:
|
||||
name:
|
||||
list_join:
|
||||
- ''
|
||||
- - internal_
|
||||
- {get_param: baremetal_prefix}
|
||||
- {get_param: suffix}
|
||||
network: {get_param: overcloud_internal_net}
|
||||
port_security_enabled: False
|
||||
|
||||
storage_port:
|
||||
type: OS::Neutron::Port
|
||||
properties:
|
||||
name:
|
||||
list_join:
|
||||
- ''
|
||||
- - storage_
|
||||
- {get_param: baremetal_prefix}
|
||||
- {get_param: suffix}
|
||||
network: {get_param: overcloud_storage_net}
|
||||
port_security_enabled: False
|
||||
|
||||
storage_mgmt_port:
|
||||
type: OS::Neutron::Port
|
||||
properties:
|
||||
name:
|
||||
list_join:
|
||||
- ''
|
||||
- - storage_mgmt_
|
||||
- {get_param: baremetal_prefix}
|
||||
- {get_param: suffix}
|
||||
network: {get_param: overcloud_storage_mgmt_net}
|
||||
port_security_enabled: False
|
||||
|
||||
tenant_port:
|
||||
type: OS::Neutron::Port
|
||||
properties:
|
||||
name:
|
||||
list_join:
|
||||
- ''
|
||||
- - tenant_
|
||||
- {get_param: baremetal_prefix}
|
||||
- {get_param: suffix}
|
||||
network: {get_param: overcloud_tenant_net}
|
||||
port_security_enabled: False
|
||||
|
||||
public_port:
|
||||
type: OS::Neutron::Port
|
||||
properties:
|
||||
name:
|
||||
list_join:
|
||||
- ''
|
||||
- - public_
|
||||
- {get_param: baremetal_prefix}
|
||||
- {get_param: suffix}
|
||||
network: {get_param: [networks, public]}
|
||||
port_security_enabled: False
|
||||
|
||||
outputs:
|
||||
ports:
|
||||
value:
|
||||
- {port: {get_resource: provision_port}}
|
||||
- {port: {get_resource: public_port}}
|
||||
- {port: {get_resource: internal_port}}
|
||||
- {port: {get_resource: storage_port}}
|
||||
- {port: {get_resource: storage_mgmt_port}}
|
||||
- {port: {get_resource: tenant_port}}
|
@ -1,4 +1,4 @@
|
||||
heat_template_version: 2014-10-16
|
||||
heat_template_version: 2015-10-15
|
||||
|
||||
parameters:
|
||||
|
||||
@ -42,6 +42,7 @@ resources:
|
||||
- - {get_param: baremetal_prefix}
|
||||
- {get_param: suffix}
|
||||
network: {get_param: [networks, provision]}
|
||||
port_security_enabled: False
|
||||
|
||||
internal_port:
|
||||
type: OS::Neutron::Port
|
||||
@ -53,6 +54,7 @@ resources:
|
||||
- {get_param: baremetal_prefix}
|
||||
- {get_param: suffix}
|
||||
network: {get_param: overcloud_internal_net}
|
||||
port_security_enabled: False
|
||||
|
||||
storage_port:
|
||||
type: OS::Neutron::Port
|
||||
@ -64,6 +66,7 @@ resources:
|
||||
- {get_param: baremetal_prefix}
|
||||
- {get_param: suffix}
|
||||
network: {get_param: overcloud_storage_net}
|
||||
port_security_enabled: False
|
||||
|
||||
storage_mgmt_port:
|
||||
type: OS::Neutron::Port
|
||||
@ -75,6 +78,7 @@ resources:
|
||||
- {get_param: baremetal_prefix}
|
||||
- {get_param: suffix}
|
||||
network: {get_param: overcloud_storage_mgmt_net}
|
||||
port_security_enabled: False
|
||||
|
||||
tenant_port:
|
||||
type: OS::Neutron::Port
|
||||
@ -86,6 +90,7 @@ resources:
|
||||
- {get_param: baremetal_prefix}
|
||||
- {get_param: suffix}
|
||||
network: {get_param: overcloud_tenant_net}
|
||||
port_security_enabled: False
|
||||
|
||||
public_port:
|
||||
type: OS::Neutron::Port
|
||||
@ -97,6 +102,7 @@ resources:
|
||||
- {get_param: baremetal_prefix}
|
||||
- {get_param: suffix}
|
||||
network: {get_param: [networks, public]}
|
||||
port_security_enabled: False
|
||||
|
||||
outputs:
|
||||
ports:
|
||||
|
@ -1,30 +0,0 @@
|
||||
heat_template_version: 2015-10-15
|
||||
|
||||
parameters:
|
||||
|
||||
baremetal_prefix:
|
||||
type: string
|
||||
|
||||
networks:
|
||||
type: json
|
||||
|
||||
suffix:
|
||||
type: string
|
||||
|
||||
resources:
|
||||
|
||||
provision_port:
|
||||
type: OS::Neutron::Port
|
||||
properties:
|
||||
name:
|
||||
list_join:
|
||||
- ''
|
||||
- - {get_param: baremetal_prefix}
|
||||
- {get_param: suffix}
|
||||
network: {get_param: [networks, provision]}
|
||||
port_security_enabled: False
|
||||
|
||||
outputs:
|
||||
ports:
|
||||
value:
|
||||
- {port: {get_resource: provision_port}}
|
@ -1,4 +1,4 @@
|
||||
heat_template_version: 2014-10-16
|
||||
heat_template_version: 2015-10-15
|
||||
|
||||
parameters:
|
||||
|
||||
@ -22,6 +22,7 @@ resources:
|
||||
- - {get_param: baremetal_prefix}
|
||||
- {get_param: suffix}
|
||||
network: {get_param: [networks, provision]}
|
||||
port_security_enabled: False
|
||||
|
||||
outputs:
|
||||
ports:
|
||||
|
@ -1,128 +0,0 @@
|
||||
heat_template_version: 2015-10-15
|
||||
|
||||
parameters:
|
||||
|
||||
baremetal_prefix:
|
||||
type: string
|
||||
|
||||
networks:
|
||||
type: json
|
||||
|
||||
suffix:
|
||||
type: string
|
||||
|
||||
overcloud_internal_net:
|
||||
type: string
|
||||
description: Name of internal API network
|
||||
default: overcloud_internal
|
||||
|
||||
overcloud_storage_net:
|
||||
type: string
|
||||
description: Name of storage network
|
||||
default: overcloud_storage
|
||||
|
||||
overcloud_storage_mgmt_net:
|
||||
type: string
|
||||
description: Name of storage management network
|
||||
default: overcloud_storage_mgmt
|
||||
|
||||
overcloud_tenant_net:
|
||||
type: string
|
||||
description: Name of tenant network
|
||||
default: overcloud_tenant
|
||||
|
||||
resources:
|
||||
|
||||
provision_port:
|
||||
type: OS::Neutron::Port
|
||||
properties:
|
||||
name:
|
||||
list_join:
|
||||
- ''
|
||||
- - {get_param: baremetal_prefix}
|
||||
- {get_param: suffix}
|
||||
network: {get_param: [networks, provision]}
|
||||
port_security_enabled: False
|
||||
|
||||
internal_port:
|
||||
type: OS::Neutron::Port
|
||||
properties:
|
||||
name:
|
||||
list_join:
|
||||
- ''
|
||||
- - internal_
|
||||
- {get_param: baremetal_prefix}
|
||||
- {get_param: suffix}
|
||||
network: {get_param: overcloud_internal_net}
|
||||
port_security_enabled: False
|
||||
|
||||
storage_port:
|
||||
type: OS::Neutron::Port
|
||||
properties:
|
||||
name:
|
||||
list_join:
|
||||
- ''
|
||||
- - storage_
|
||||
- {get_param: baremetal_prefix}
|
||||
- {get_param: suffix}
|
||||
network: {get_param: overcloud_storage_net}
|
||||
port_security_enabled: False
|
||||
|
||||
storage_mgmt_port:
|
||||
type: OS::Neutron::Port
|
||||
properties:
|
||||
name:
|
||||
list_join:
|
||||
- ''
|
||||
- - storage_mgmt_
|
||||
- {get_param: baremetal_prefix}
|
||||
- {get_param: suffix}
|
||||
network: {get_param: overcloud_storage_mgmt_net}
|
||||
port_security_enabled: False
|
||||
|
||||
tenant_port:
|
||||
type: OS::Neutron::Port
|
||||
properties:
|
||||
name:
|
||||
list_join:
|
||||
- ''
|
||||
- - tenant_
|
||||
- {get_param: baremetal_prefix}
|
||||
- {get_param: suffix}
|
||||
network: {get_param: overcloud_tenant_net}
|
||||
port_security_enabled: False
|
||||
|
||||
public_port:
|
||||
type: OS::Neutron::Port
|
||||
properties:
|
||||
name:
|
||||
list_join:
|
||||
- ''
|
||||
- - public_
|
||||
- {get_param: baremetal_prefix}
|
||||
- {get_param: suffix}
|
||||
network: {get_param: [networks, public]}
|
||||
port_security_enabled: False
|
||||
|
||||
public_bond_port:
|
||||
type: OS::Neutron::Port
|
||||
properties:
|
||||
name:
|
||||
list_join:
|
||||
- ''
|
||||
- - public_
|
||||
- {get_param: baremetal_prefix}
|
||||
- {get_param: suffix}
|
||||
network: {get_param: [networks, public]}
|
||||
port_security_enabled: False
|
||||
|
||||
outputs:
|
||||
ports:
|
||||
value:
|
||||
- {port: {get_resource: provision_port}}
|
||||
- {port: {get_resource: public_port}}
|
||||
- {port: {get_resource: public_bond_port}}
|
||||
- {port: {get_resource: internal_port}}
|
||||
- {port: {get_resource: storage_port}}
|
||||
- {port: {get_resource: storage_mgmt_port}}
|
||||
- {port: {get_resource: tenant_port}}
|
@ -1,4 +1,4 @@
|
||||
heat_template_version: 2014-10-16
|
||||
heat_template_version: 2015-10-15
|
||||
|
||||
parameters:
|
||||
|
||||
@ -42,6 +42,7 @@ resources:
|
||||
- - {get_param: baremetal_prefix}
|
||||
- {get_param: suffix}
|
||||
network: {get_param: [networks, provision]}
|
||||
port_security_enabled: False
|
||||
|
||||
internal_port:
|
||||
type: OS::Neutron::Port
|
||||
@ -53,6 +54,7 @@ resources:
|
||||
- {get_param: baremetal_prefix}
|
||||
- {get_param: suffix}
|
||||
network: {get_param: overcloud_internal_net}
|
||||
port_security_enabled: False
|
||||
|
||||
storage_port:
|
||||
type: OS::Neutron::Port
|
||||
@ -64,6 +66,7 @@ resources:
|
||||
- {get_param: baremetal_prefix}
|
||||
- {get_param: suffix}
|
||||
network: {get_param: overcloud_storage_net}
|
||||
port_security_enabled: False
|
||||
|
||||
storage_mgmt_port:
|
||||
type: OS::Neutron::Port
|
||||
@ -75,6 +78,7 @@ resources:
|
||||
- {get_param: baremetal_prefix}
|
||||
- {get_param: suffix}
|
||||
network: {get_param: overcloud_storage_mgmt_net}
|
||||
port_security_enabled: False
|
||||
|
||||
tenant_port:
|
||||
type: OS::Neutron::Port
|
||||
@ -86,6 +90,7 @@ resources:
|
||||
- {get_param: baremetal_prefix}
|
||||
- {get_param: suffix}
|
||||
network: {get_param: overcloud_tenant_net}
|
||||
port_security_enabled: False
|
||||
|
||||
public_port:
|
||||
type: OS::Neutron::Port
|
||||
@ -97,6 +102,7 @@ resources:
|
||||
- {get_param: baremetal_prefix}
|
||||
- {get_param: suffix}
|
||||
network: {get_param: [networks, public]}
|
||||
port_security_enabled: False
|
||||
|
||||
public_bond_port:
|
||||
type: OS::Neutron::Port
|
||||
@ -108,6 +114,7 @@ resources:
|
||||
- {get_param: baremetal_prefix}
|
||||
- {get_param: suffix}
|
||||
network: {get_param: [networks, public]}
|
||||
port_security_enabled: False
|
||||
|
||||
outputs:
|
||||
ports:
|
||||
|
@ -1,29 +0,0 @@
|
||||
heat_template_version: 2015-10-15
|
||||
|
||||
parameters:
|
||||
|
||||
bmc_prefix:
|
||||
type: string
|
||||
|
||||
private_net:
|
||||
type: string
|
||||
|
||||
resources:
|
||||
|
||||
private_bmc_port:
|
||||
type: OS::Neutron::Port
|
||||
properties:
|
||||
name:
|
||||
list_join:
|
||||
- '_'
|
||||
- - 'utility'
|
||||
- {get_param: bmc_prefix}
|
||||
network: {get_param: private_net}
|
||||
port_security_enabled: False
|
||||
|
||||
outputs:
|
||||
port:
|
||||
value:
|
||||
- {port: {get_resource: private_bmc_port}}
|
||||
ip_address:
|
||||
value: {get_attr: [private_bmc_port, fixed_ips, 0, ip_address]}
|
@ -1,4 +1,4 @@
|
||||
heat_template_version: 2014-10-16
|
||||
heat_template_version: 2015-10-15
|
||||
|
||||
parameters:
|
||||
|
||||
@ -19,6 +19,7 @@ resources:
|
||||
- - 'utility'
|
||||
- {get_param: bmc_prefix}
|
||||
network: {get_param: private_net}
|
||||
port_security_enabled: False
|
||||
|
||||
outputs:
|
||||
port:
|
||||
|
@ -1,72 +0,0 @@
|
||||
heat_template_version: 2015-10-15
|
||||
|
||||
parameters:
|
||||
|
||||
undercloud_name:
|
||||
type: string
|
||||
|
||||
private_net:
|
||||
type: string
|
||||
|
||||
networks:
|
||||
type: json
|
||||
|
||||
resources:
|
||||
undercloud_sg:
|
||||
type: OS::Neutron::SecurityGroup
|
||||
properties:
|
||||
name:
|
||||
list_join:
|
||||
- '_'
|
||||
- - {get_param: undercloud_name}
|
||||
- 'sg'
|
||||
description: Ping, SSH, and TripleO UI
|
||||
rules:
|
||||
- protocol: icmp
|
||||
- protocol: tcp
|
||||
port_range_min: 22
|
||||
port_range_max: 22
|
||||
- protocol: tcp
|
||||
port_range_min: 3000
|
||||
port_range_max: 3000
|
||||
|
||||
private_undercloud_port:
|
||||
type: OS::Neutron::Port
|
||||
properties:
|
||||
name:
|
||||
list_join:
|
||||
- '_'
|
||||
- - {get_param: undercloud_name}
|
||||
- 'private'
|
||||
network: {get_param: private_net}
|
||||
security_groups:
|
||||
- {get_resource: undercloud_sg}
|
||||
|
||||
provision_undercloud_port:
|
||||
type: OS::Neutron::Port
|
||||
properties:
|
||||
name:
|
||||
list_join:
|
||||
- '_'
|
||||
- - {get_param: undercloud_name}
|
||||
- 'provision'
|
||||
network: {get_param: [networks, provision]}
|
||||
port_security_enabled: False
|
||||
|
||||
public_undercloud_port:
|
||||
type: OS::Neutron::Port
|
||||
properties:
|
||||
name:
|
||||
list_join:
|
||||
- '_'
|
||||
- - {get_param: undercloud_name}
|
||||
- 'public'
|
||||
network: {get_param: [networks, public]}
|
||||
port_security_enabled: False
|
||||
|
||||
outputs:
|
||||
ports:
|
||||
value:
|
||||
- {port: {get_resource: private_undercloud_port}}
|
||||
- {port: {get_resource: provision_undercloud_port}}
|
||||
- {port: {get_resource: public_undercloud_port}}
|
@ -1,4 +1,4 @@
|
||||
heat_template_version: 2014-10-16
|
||||
heat_template_version: 2015-10-15
|
||||
|
||||
parameters:
|
||||
|
||||
@ -51,6 +51,7 @@ resources:
|
||||
- - {get_param: undercloud_name}
|
||||
- 'provision'
|
||||
network: {get_param: [networks, provision]}
|
||||
port_security_enabled: False
|
||||
|
||||
public_undercloud_port:
|
||||
type: OS::Neutron::Port
|
||||
@ -61,6 +62,7 @@ resources:
|
||||
- - {get_param: undercloud_name}
|
||||
- 'public'
|
||||
network: {get_param: [networks, public]}
|
||||
port_security_enabled: False
|
||||
|
||||
outputs:
|
||||
ports:
|
||||
|
Loading…
x
Reference in New Issue
Block a user