Ensure we get at least one ctlplane subnet
This will prevent situations where firewall rules are applied to the overcloud nodes without any tagged ctlplane subnet, leading to a lockout from the nodes, making the whole deploy failing (and node unreachable). This is especially important for the deployed-server case. Related-Bug: #1839324 Change-Id: Ib3eca07050474930bfe60d6db24ef1c683079a24
This commit is contained in:
parent
add486cfec
commit
34f3cbde64
|
@ -39,6 +39,12 @@ parameters:
|
|||
description: Whether IPtables rules should be purged before setting up the new ones.
|
||||
type: boolean
|
||||
|
||||
conditions:
|
||||
no_ctlplane:
|
||||
equals:
|
||||
- get_params: [ServiceData, net_cidr_map, ctlplane]
|
||||
- Null
|
||||
|
||||
outputs:
|
||||
role_data:
|
||||
description: Role data for the TripleO firewall settings
|
||||
|
@ -60,6 +66,19 @@ outputs:
|
|||
|
||||
step_config: |
|
||||
include ::tripleo::firewall
|
||||
|
||||
host_prep_tasks:
|
||||
if:
|
||||
- no_ctlplane
|
||||
-
|
||||
name: Ensure ctlplane subnet is set
|
||||
fail:
|
||||
msg: |
|
||||
No CIDRs found in the ctlplane network tags.
|
||||
Please refer to the documentation in order to
|
||||
set the correct network tags in DeployedServerPortMap.
|
||||
- null
|
||||
|
||||
deploy_steps_tasks:
|
||||
- when: step|int == 0
|
||||
block:
|
||||
|
|
Loading…
Reference in New Issue