Make it possible to override ServiceNetMap per-role
In spine-and-leaf TLS-e deployments as done in OSP13,
services are filter based on role networks when adding
metadata for nova-join. This filtering removes valid
services due to the fact that the roles network does'nt
match the global ServiceNetMap.
Add a role based parameter {{role.name}}ServiceNetMap
that can be used to override the ServiceNetMap per-role
when it's being passed to {{role.name}}ServiceChain and
the {{role.name}} resource group.
Related: RHBZ#1875508
Closes-Bug: #1904482
Change-Id: I56b6dfe8a0e95385e469d9eac97a0ec24e147450
(cherry picked from commit be6a844a79
)
This commit is contained in:
parent
410f1af3c1
commit
5d40a724bc
@ -221,6 +221,17 @@ parameters:
|
|||||||
type: json
|
type: json
|
||||||
description: Optional Role Specific parameters to be provided to service
|
description: Optional Role Specific parameters to be provided to service
|
||||||
default: {}
|
default: {}
|
||||||
|
|
||||||
|
{{role.name}}ServiceNetMap:
|
||||||
|
default: {}
|
||||||
|
description: |
|
||||||
|
Role specific ServiceNetMap overrides, the map provided will be merged
|
||||||
|
with the global ServiceNetMap when passing the ServiceNetMap to the
|
||||||
|
{{role.name}}ServiceChain resource and the {{role.name}} resource group.
|
||||||
|
For example:
|
||||||
|
{{role.name}}ServiceNetMap:
|
||||||
|
NovaLibvirtNetwork: internal_api_leaf2
|
||||||
|
type: json
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
|
||||||
# Identifiers to trigger tasks on nodes
|
# Identifiers to trigger tasks on nodes
|
||||||
@ -404,7 +415,10 @@ resources:
|
|||||||
properties:
|
properties:
|
||||||
Services:
|
Services:
|
||||||
get_param: {{role.name}}Services
|
get_param: {{role.name}}Services
|
||||||
ServiceNetMap: {get_attr: [ServiceNetMap, service_net_map]}
|
ServiceNetMap:
|
||||||
|
map_merge:
|
||||||
|
- {get_attr: [ServiceNetMap, service_net_map]}
|
||||||
|
- {get_param: {{role.name}}ServiceNetMap}
|
||||||
ServiceData:
|
ServiceData:
|
||||||
net_cidr_map: {get_attr: [NetCidrMapValue, value]}
|
net_cidr_map: {get_attr: [NetCidrMapValue, value]}
|
||||||
net_vip_map: {get_attr: [VipMap, net_ip_map]}
|
net_vip_map: {get_attr: [VipMap, net_ip_map]}
|
||||||
@ -571,7 +585,10 @@ resources:
|
|||||||
type: OS::TripleO::{{role.name}}
|
type: OS::TripleO::{{role.name}}
|
||||||
properties:
|
properties:
|
||||||
CloudDomain: {get_param: CloudDomain}
|
CloudDomain: {get_param: CloudDomain}
|
||||||
ServiceNetMap: {get_attr: [ServiceNetMap, service_net_map]}
|
ServiceNetMap:
|
||||||
|
map_merge:
|
||||||
|
- {get_attr: [ServiceNetMap, service_net_map]}
|
||||||
|
- {get_param: {{role.name}}ServiceNetMap}
|
||||||
EndpointMap: {get_attr: [EndpointMapData, value]}
|
EndpointMap: {get_attr: [EndpointMapData, value]}
|
||||||
Hostname:
|
Hostname:
|
||||||
str_replace:
|
str_replace:
|
||||||
|
21
releasenotes/notes/bug-1904482-dbc5162c8245a9b3.yaml
Normal file
21
releasenotes/notes/bug-1904482-dbc5162c8245a9b3.yaml
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
---
|
||||||
|
fixes:
|
||||||
|
- |
|
||||||
|
When deploying a spine-and-leaf (L3 routed architecture) with TLS enabled
|
||||||
|
for internal endpoints the deployment would fail because some roles are
|
||||||
|
not connected to the network mapped to the service in ServiceNetMap. To
|
||||||
|
fix this issue a role specific parameter ``{{role.name}}ServiceNetMap`` is
|
||||||
|
introduced (defaults to: ``{}``). The role specific ServiceNetMap parameter
|
||||||
|
allow the operator to override one or more service network mappings
|
||||||
|
per-role. For example::
|
||||||
|
|
||||||
|
ComputeLeaf2ServiceNetMap:
|
||||||
|
NovaLibvirtNetwork: internal_api_leaf2
|
||||||
|
|
||||||
|
The role specific ``{{role.name}}ServiceNetMap`` override is merged with
|
||||||
|
the global ``ServiceNetMap`` when it's passed as a value to the
|
||||||
|
``{{role.name}}ServiceChain`` resources, and the ``{{role.name}}``
|
||||||
|
resource groups so that the correct network for this role is mapped to
|
||||||
|
the service.
|
||||||
|
|
||||||
|
Closes bug: `1904482 <https://bugs.launchpad.net/tripleo/+bug/1904482>`_.
|
Loading…
Reference in New Issue
Block a user