Add router on the public network to provide external access

TripleO CI currently configures an interface on the
undercloud connected to the public network and uses the
undercloud as the router for the public network. This
deviates from what a non CI deployment would.

This change adds an optional undercloud-network-public-router
template with a router on the public_net which can provide
NAT'ed external access for overcloud nodes that use External
network interface as the default route.

The undercloud-networks-routed template have the public-router
added as well.

This removes the need for undercloud to provide masqueraded
routing for the external network when these templates are
used.

templates/quintupleo.yaml

@@ -212,3 +212,4 @@ outputs:
       map_merge:
       - get_attr: [undercloud_networks, provision_network_routers]
       - get_attr: [baremetal_env, baremetal_networks_routers_addresses]
+      - get_attr: [undercloud_networks, public_network_router]

templates/undercloud-networks-public-router.yaml

@@ -0,0 +1,105 @@
+heat_template_version: 2015-04-30
+
+parameters:
+  provision_net:
+    type: string
+    default: provision
+    description: Name of a network that will be used for provisioning traffic
+
+  provision_net_cidr:
+    type: string
+    description: CIDR for provision network subnet
+    default: 192.168.24.0/24
+
+  provision_net_shared:
+    type: boolean
+    description: Whether this network should be shared across all tenants
+    default: false
+
+  public_net:
+    type: string
+    description: Name of the overcloud external network
+    default: public
+
+  public_net_cidr:
+    type: string
+    description: CIDR for external network subnet
+    default: 10.0.0.0/24
+
+  public_net_router_address:
+    type: string
+    description: Router address for the public network subnet
+    default: 10.0.0.254
+
+  public_net_shared:
+    type: boolean
+    description: Whether this network should be shared across all tenants
+    default: false
+
+  external_net:
+    type: string
+    description: An external network for the networks to route to
+
+resources:
+  provision_network:
+    type: OS::Neutron::Net
+    properties:
+        name: {get_param: provision_net}
+        shared: {get_param: provision_net_shared}
+
+  provision_subnet:
+    type: OS::Neutron::Subnet
+    properties:
+      network: {get_resource: provision_network}
+      name: {get_param: provision_net}
+      cidr: {get_param: provision_net_cidr}
+      gateway_ip: null
+      enable_dhcp: false
+
+  public_network:
+    type: OS::Neutron::Net
+    properties:
+      name: {get_param: public_net}
+      shared: {get_param: public_net_shared}
+
+  public_subnet:
+    type: OS::Neutron::Subnet
+    properties:
+      network: {get_resource: public_network}
+      name: {get_param: public_net}
+      cidr: {get_param: public_net_cidr}
+      gateway_ip: null
+      enable_dhcp: false
+
+  public_router:
+    type: OS::Neutron::Router
+    properties:
+      name: public-router
+      external_gateway_info:
+        network: {get_param: external_net}
+
+  public_router_port:
+    type: OS::Neutron::Port
+    properties:
+      network: {get_resource: public_network}
+      port_security_enabled: false
+      fixed_ips:
+       - ip_address: {get_param: public_net_router_address}
+
+  public_router_interface:
+    type: OS::Neutron::RouterInterface
+    properties:
+      router: {get_resource: public_router}
+      port: {get_resource: public_router_port}
+
+outputs:
+  networks:
+    value:
+      provision: {get_resource: provision_network}
+      public: {get_resource: public_network}
+  # The provision_network_routers is here for compatibility only
+  provision_network_routers:
+    value: {}
+  public_network_router:
+    value:
+      public_router: {get_attr: [public_router_port,  fixed_ips, 0, ip_address]}

templates/undercloud-networks-routed.yaml

@@ -71,11 +71,20 @@ parameters:
     description: CIDR for external network subnet
     default: 10.0.0.0/24
 
+  public_net_router_address:
+    type: string
+    description: Router address for the public network subnet
+    default: 10.0.0.254
+
   public_net_shared:
     type: boolean
     description: Whether this network should be shared across all tenants
     default: false
 
+  external_net:
+    type: string
+    description: An external network for the networks to route to
+
 resources:
   provision_router:
     type: OS::Neutron::Router
@@ -184,6 +193,27 @@ resources:
       gateway_ip: null
       enable_dhcp: false
 
+  public_router:
+    type: OS::Neutron::Router
+    properties:
+      name: public-router
+      external_gateway_info:
+        network: {get_param: external_net}
+
+  public_router_port:
+    type: OS::Neutron::Port
+    properties:
+      network: {get_resource: public_network}
+      port_security_enabled: false
+      fixed_ips:
+       - ip_address: {get_param: public_net_router_address}
+
+  public_router_interface:
+    type: OS::Neutron::RouterInterface
+    properties:
+      router: {get_resource: public_router}
+      port: {get_resource: public_router_port}
+
 outputs:
   networks:
     value:
@@ -196,3 +226,6 @@ outputs:
       provision_router: {get_attr: [provision_router_port, fixed_ips, 0, ip_address]}
       provision2_router: {get_attr: [provision_router_port2, fixed_ips, 0, ip_address]}
       provision3_router: {get_attr: [provision_router_port3, fixed_ips, 0, ip_address]}
+  public_network_router:
+    value:
+      public_router: {get_attr: [public_router_port,  fixed_ips, 0, ip_address]}

templates/undercloud-networks.yaml

@@ -67,6 +67,8 @@ outputs:
     value:
       provision: {get_resource: provision_network}
       public: {get_resource: public_network}
-  # The provision_network_routers is here for compatibility only
+  # The provision and public network routers is here for compatibility only
   provision_network_routers:
-    value: {}
+    value: null
+  public_network_router:
+    value: null