Support network isolation without external nets
This patch adds extra heat environments that can be used to enable network isolation without using the external network. Instead of a separate external network the ctlplane will be used for all of the external/public traffic. Change-Id: Ia542cee02121771d7d57ac701b62d7608e8d1855
This commit is contained in:
Dan Prince
parent
e3cd6284fb
commit
5834964154
|
|
@ -0,0 +1,26 @@
|
|||
# This template configures each role to use a pair of bonded nics (nic2 and
|
||||
# nic3) and configures an IP address on each relevant isolated network
|
||||
# for each role.
|
||||
|
||||
# This template assumes use of network-isolation.yaml and should be specified
|
||||
# last on the CLI as a Heat environment so as to override specific
|
||||
# registry settings in the network-isolation registry.
|
||||
#
|
||||
# FIXME: if/when we add functionality to heatclient to include heat
|
||||
# environment files we should think about using it here to automatically
|
||||
# include network-isolation.yaml.
|
||||
resource_registry:
|
||||
|
||||
# Set external ports to noop
|
||||
OS::TripleO::Network::External: ../network/noop.yaml
|
||||
OS::TripleO::Controller::Ports::ExternalPort: ../network/ports/noop.yaml
|
||||
|
||||
OS::TripleO::BlockStorage::Net::SoftwareConfig: ../network/config/bond-with-vlans/cinder-storage.yaml
|
||||
OS::TripleO::Compute::Net::SoftwareConfig: ../network/config/bond-with-vlans/compute.yaml
|
||||
OS::TripleO::Controller::Net::SoftwareConfig: ../network/config/bond-with-vlans/controller-no-external.yaml
|
||||
OS::TripleO::ObjectStorage::Net::SoftwareConfig: ../network/config/bond-with-vlans/swift-storage.yaml
|
||||
OS::TripleO::CephStorage::Net::SoftwareConfig: ../network/config/bond-with-vlans/ceph-storage.yaml
|
||||
|
||||
# NOTE: with no external interface we should be able to use the
|
||||
# default Neutron l3_agent.ini setting for the external bridge (br-ex)
|
||||
# i.e. No need to set: NeutronExternalNetworkBridge: "''"
|
||||
|
|
@ -0,0 +1,25 @@
|
|||
# This template configures each role to use Vlans on a single nic for
|
||||
# each isolated network.
|
||||
# This template assumes use of network-isolation.yaml and should be specified
|
||||
# last on the CLI as a Heat environment so as to override specific
|
||||
# registry settings in the network-isolation registry.
|
||||
#
|
||||
# FIXME: if/when we add functionality to heatclient to include heat
|
||||
# environment files we should think about using it here to automatically
|
||||
# include network-isolation.yaml.
|
||||
resource_registry:
|
||||
|
||||
# Set external ports to noop
|
||||
OS::TripleO::Network::External: ../network/noop.yaml
|
||||
OS::TripleO::Controller::Ports::ExternalPort: ../network/ports/noop.yaml
|
||||
|
||||
# Configure other ports as normal
|
||||
OS::TripleO::BlockStorage::Net::SoftwareConfig: ../network/config/single-nic-vlans/cinder-storage.yaml
|
||||
OS::TripleO::Compute::Net::SoftwareConfig: ../network/config/single-nic-vlans/compute.yaml
|
||||
OS::TripleO::Controller::Net::SoftwareConfig: ../network/config/single-nic-vlans/controller-no-external.yaml
|
||||
OS::TripleO::ObjectStorage::Net::SoftwareConfig: ../network/config/single-nic-vlans/swift-storage.yaml
|
||||
OS::TripleO::CephStorage::Net::SoftwareConfig: ../network/config/single-nic-vlans/ceph-storage.yaml
|
||||
|
||||
# NOTE: with no external interface we should be able to use the
|
||||
# default Neutron l3_agent.ini setting for the external bridge (br-ex)
|
||||
# i.e. No need to set: NeutronExternalNetworkBridge: "''"
|
||||
|
|
@ -1,6 +1,12 @@
|
|||
This directory contains Heat templates to help configure
|
||||
Vlans on a bonded pair of NICs for each Overcloud role.
|
||||
|
||||
There are two versions of the controller role template, one with
|
||||
an external network interface, and another without. If the
|
||||
external network interface is not configured the ctlplane address
|
||||
ranges will be used for external (public) network traffic.
|
||||
|
||||
|
||||
Configuration
|
||||
-------------
|
||||
|
||||
|
|
@ -13,3 +19,9 @@ something like this:
|
|||
OS::TripleO::Controller::Net::SoftwareConfig: network/config/bond-with-vlans/controller.yaml
|
||||
OS::TripleO::ObjectStorage::Net::SoftwareConfig: network/config/bond-with-vlans/swift-storage.yaml
|
||||
OS::TripleO::CephStorage::Net::SoftwareConfig: network/config/bond-with-vlans/ceph-storage.yaml
|
||||
|
||||
Configuration with no External Network
|
||||
--------------------------------------
|
||||
Same as above except set the following value for the controller role:
|
||||
|
||||
OS::TripleO::Controller::Net::SoftwareConfig: network/config/bond-with-vlans/controller-no-external.yaml
|
||||
|
|
|
|||
|
|
@ -0,0 +1,114 @@
|
|||
heat_template_version: 2015-04-30
|
||||
|
||||
description: >
|
||||
Software Config to drive os-net-config with 2 bonded nics on a bridge
|
||||
with VLANs attached for the controller role.
|
||||
|
||||
parameters:
|
||||
ExternalIpSubnet:
|
||||
default: ''
|
||||
description: IP address/subnet on the external network
|
||||
type: string
|
||||
InternalApiIpSubnet:
|
||||
default: ''
|
||||
description: IP address/subnet on the internal API network
|
||||
type: string
|
||||
StorageIpSubnet:
|
||||
default: ''
|
||||
description: IP address/subnet on the storage network
|
||||
type: string
|
||||
StorageMgmtIpSubnet:
|
||||
default: ''
|
||||
description: IP address/subnet on the storage mgmt network
|
||||
type: string
|
||||
TenantIpSubnet:
|
||||
default: ''
|
||||
description: IP address/subnet on the tenant network
|
||||
type: string
|
||||
BondInterfaceOvsOptions:
|
||||
default: ''
|
||||
description: The ovs_options string for the bond interface. Set things like
|
||||
lacp=active and/or bond_mode=balance-slb using this option.
|
||||
type: string
|
||||
ExternalNetworkVlanID:
|
||||
default: 10
|
||||
description: Vlan ID for the external network traffic.
|
||||
type: number
|
||||
InternalApiNetworkVlanID:
|
||||
default: 20
|
||||
description: Vlan ID for the internal_api network traffic.
|
||||
type: number
|
||||
StorageNetworkVlanID:
|
||||
default: 30
|
||||
description: Vlan ID for the storage network traffic.
|
||||
type: number
|
||||
StorageMgmtNetworkVlanID:
|
||||
default: 40
|
||||
description: Vlan ID for the storage mgmt network traffic.
|
||||
type: number
|
||||
TenantNetworkVlanID:
|
||||
default: 50
|
||||
description: Vlan ID for the tenant network traffic.
|
||||
type: number
|
||||
ExternalInterfaceDefaultRoute:
|
||||
default: '10.0.0.1'
|
||||
description: default route for the external network
|
||||
type: string
|
||||
|
||||
resources:
|
||||
OsNetConfigImpl:
|
||||
type: OS::Heat::StructuredConfig
|
||||
properties:
|
||||
group: os-apply-config
|
||||
config:
|
||||
os_net_config:
|
||||
network_config:
|
||||
-
|
||||
type: ovs_bridge
|
||||
name: {get_input: bridge_name}
|
||||
members:
|
||||
-
|
||||
type: ovs_bond
|
||||
name: bond1
|
||||
ovs_options: {get_param: BondInterfaceOvsOptions}
|
||||
members:
|
||||
-
|
||||
type: interface
|
||||
name: nic2
|
||||
primary: true
|
||||
-
|
||||
type: interface
|
||||
name: nic3
|
||||
-
|
||||
type: vlan
|
||||
device: bond1
|
||||
vlan_id: {get_param: InternalApiNetworkVlanID}
|
||||
addresses:
|
||||
-
|
||||
ip_netmask: {get_param: InternalApiIpSubnet}
|
||||
-
|
||||
type: vlan
|
||||
device: bond1
|
||||
vlan_id: {get_param: StorageNetworkVlanID}
|
||||
addresses:
|
||||
-
|
||||
ip_netmask: {get_param: StorageIpSubnet}
|
||||
-
|
||||
type: vlan
|
||||
device: bond1
|
||||
vlan_id: {get_param: StorageMgmtNetworkVlanID}
|
||||
addresses:
|
||||
-
|
||||
ip_netmask: {get_param: StorageMgmtIpSubnet}
|
||||
-
|
||||
type: vlan
|
||||
device: bond1
|
||||
vlan_id: {get_param: TenantNetworkVlanID}
|
||||
addresses:
|
||||
-
|
||||
ip_netmask: {get_param: TenantIpSubnet}
|
||||
|
||||
outputs:
|
||||
OS::stack_id:
|
||||
description: The OsNetConfigImpl resource.
|
||||
value: {get_resource: OsNetConfigImpl}
|
||||
|
|
@ -1,6 +1,11 @@
|
|||
This directory contains Heat templates to help configure
|
||||
Vlans on a single NICs for each Overcloud role.
|
||||
|
||||
There are two versions of the controller role template, one with
|
||||
an external network interface, and another without. If the
|
||||
external network interface is not configured the ctlplane address
|
||||
ranges will be used for external (public) network traffic.
|
||||
|
||||
Configuration
|
||||
-------------
|
||||
|
||||
|
|
@ -17,3 +22,10 @@ something like this:
|
|||
Or use this Heat environment file:
|
||||
|
||||
environments/net-single-nic-with-vlans.yaml
|
||||
|
||||
|
||||
Configuration with no External Network
|
||||
--------------------------------------
|
||||
Same as above except set the following value for the controller role:
|
||||
|
||||
OS::TripleO::Controller::Net::SoftwareConfig: network/config/single-nic-vlans/controller-no-external.yaml
|
||||
|
|
|
|||
|
|
@ -0,0 +1,99 @@
|
|||
heat_template_version: 2015-04-30
|
||||
|
||||
description: >
|
||||
Software Config to drive os-net-config to configure VLANs for the
|
||||
controller role. No external IP is configured.
|
||||
|
||||
parameters:
|
||||
ExternalIpSubnet:
|
||||
default: ''
|
||||
description: IP address/subnet on the external network
|
||||
type: string
|
||||
InternalApiIpSubnet:
|
||||
default: ''
|
||||
description: IP address/subnet on the internal API network
|
||||
type: string
|
||||
StorageIpSubnet:
|
||||
default: ''
|
||||
description: IP address/subnet on the storage network
|
||||
type: string
|
||||
StorageMgmtIpSubnet:
|
||||
default: ''
|
||||
description: IP address/subnet on the storage mgmt network
|
||||
type: string
|
||||
TenantIpSubnet:
|
||||
default: ''
|
||||
description: IP address/subnet on the tenant network
|
||||
type: string
|
||||
ExternalNetworkVlanID:
|
||||
default: 10
|
||||
description: Vlan ID for the external network traffic.
|
||||
type: number
|
||||
InternalApiNetworkVlanID:
|
||||
default: 20
|
||||
description: Vlan ID for the internal_api network traffic.
|
||||
type: number
|
||||
StorageNetworkVlanID:
|
||||
default: 30
|
||||
description: Vlan ID for the storage network traffic.
|
||||
type: number
|
||||
StorageMgmtNetworkVlanID:
|
||||
default: 40
|
||||
description: Vlan ID for the storage mgmt network traffic.
|
||||
type: number
|
||||
TenantNetworkVlanID:
|
||||
default: 50
|
||||
description: Vlan ID for the tenant network traffic.
|
||||
type: number
|
||||
ExternalInterfaceDefaultRoute:
|
||||
default: '10.0.0.1'
|
||||
description: default route for the external network
|
||||
type: string
|
||||
|
||||
resources:
|
||||
OsNetConfigImpl:
|
||||
type: OS::Heat::StructuredConfig
|
||||
properties:
|
||||
group: os-apply-config
|
||||
config:
|
||||
os_net_config:
|
||||
network_config:
|
||||
-
|
||||
type: ovs_bridge
|
||||
name: {get_input: bridge_name}
|
||||
use_dhcp: true
|
||||
members:
|
||||
-
|
||||
type: interface
|
||||
name: nic1
|
||||
# force the MAC address of the bridge to this interface
|
||||
primary: true
|
||||
-
|
||||
type: vlan
|
||||
vlan_id: {get_param: InternalApiNetworkVlanID}
|
||||
addresses:
|
||||
-
|
||||
ip_netmask: {get_param: InternalApiIpSubnet}
|
||||
-
|
||||
type: vlan
|
||||
vlan_id: {get_param: StorageNetworkVlanID}
|
||||
addresses:
|
||||
-
|
||||
ip_netmask: {get_param: StorageIpSubnet}
|
||||
-
|
||||
type: vlan
|
||||
vlan_id: {get_param: StorageMgmtNetworkVlanID}
|
||||
addresses:
|
||||
-
|
||||
ip_netmask: {get_param: StorageMgmtIpSubnet}
|
||||
-
|
||||
type: vlan
|
||||
vlan_id: {get_param: TenantNetworkVlanID}
|
||||
addresses:
|
||||
-
|
||||
ip_netmask: {get_param: TenantIpSubnet}
|
||||
|
||||
outputs:
|
||||
OS::stack_id:
|
||||
description: The OsNetConfigImpl resource.
|
||||
value: {get_resource: OsNetConfigImpl}
|
||||
Loading…
Reference in New Issue