Browse Source

Make it possible to override ServiceNetMap per-role

In spine-and-leaf TLS-e deployments as done in OSP13,
services are filter based on role networks when adding
metadata for nova-join. This filtering removes valid
services due to the fact that the roles network does'nt
match the global ServiceNetMap.

Add a role based parameter {{role.name}}ServiceNetMap
that can be used to override the ServiceNetMap per-role
when it's being passed to {{role.name}}ServiceChain and
the {{role.name}} resource group.

Related: RHBZ#1875508
Closes-Bug: #1904482
Change-Id: I56b6dfe8a0e95385e469d9eac97a0ec24e147450
(cherry picked from commit be6a844a79)
changes/43/771543/1
Harald Jensås 9 months ago
parent
commit
5d40a724bc
  1. 21
      overcloud.j2.yaml
  2. 21
      releasenotes/notes/bug-1904482-dbc5162c8245a9b3.yaml

21
overcloud.j2.yaml

@ -221,6 +221,17 @@ parameters:
type: json
description: Optional Role Specific parameters to be provided to service
default: {}
{{role.name}}ServiceNetMap:
default: {}
description: |
Role specific ServiceNetMap overrides, the map provided will be merged
with the global ServiceNetMap when passing the ServiceNetMap to the
{{role.name}}ServiceChain resource and the {{role.name}} resource group.
For example:
{{role.name}}ServiceNetMap:
NovaLibvirtNetwork: internal_api_leaf2
type: json
{% endfor %}
# Identifiers to trigger tasks on nodes
@ -404,7 +415,10 @@ resources:
properties:
Services:
get_param: {{role.name}}Services
ServiceNetMap: {get_attr: [ServiceNetMap, service_net_map]}
ServiceNetMap:
map_merge:
- {get_attr: [ServiceNetMap, service_net_map]}
- {get_param: {{role.name}}ServiceNetMap}
ServiceData:
net_cidr_map: {get_attr: [NetCidrMapValue, value]}
net_vip_map: {get_attr: [VipMap, net_ip_map]}
@ -571,7 +585,10 @@ resources:
type: OS::TripleO::{{role.name}}
properties:
CloudDomain: {get_param: CloudDomain}
ServiceNetMap: {get_attr: [ServiceNetMap, service_net_map]}
ServiceNetMap:
map_merge:
- {get_attr: [ServiceNetMap, service_net_map]}
- {get_param: {{role.name}}ServiceNetMap}
EndpointMap: {get_attr: [EndpointMapData, value]}
Hostname:
str_replace:

21
releasenotes/notes/bug-1904482-dbc5162c8245a9b3.yaml

@ -0,0 +1,21 @@
---
fixes:
- |
When deploying a spine-and-leaf (L3 routed architecture) with TLS enabled
for internal endpoints the deployment would fail because some roles are
not connected to the network mapped to the service in ServiceNetMap. To
fix this issue a role specific parameter ``{{role.name}}ServiceNetMap`` is
introduced (defaults to: ``{}``). The role specific ServiceNetMap parameter
allow the operator to override one or more service network mappings
per-role. For example::
ComputeLeaf2ServiceNetMap:
NovaLibvirtNetwork: internal_api_leaf2
The role specific ``{{role.name}}ServiceNetMap`` override is merged with
the global ``ServiceNetMap`` when it's passed as a value to the
``{{role.name}}ServiceChain`` resources, and the ``{{role.name}}``
resource groups so that the correct network for this role is mapped to
the service.
Closes bug: `1904482 <https://bugs.launchpad.net/tripleo/+bug/1904482>`_.
Loading…
Cancel
Save