Make it possible to override ServiceNetMap per-role

In spine-and-leaf TLS-e deployments as done in OSP13,
services are filter based on role networks when adding
metadata for nova-join. This filtering removes valid
services due to the fact that the roles network does'nt
match the global ServiceNetMap.

Add a role based parameter {{}}ServiceNetMap
that can be used to override the ServiceNetMap per-role
when it's being passed to {{}}ServiceChain and
the {{}} resource group.

Related: RHBZ#1875508
Closes-Bug: #1904482
Change-Id: I56b6dfe8a0e95385e469d9eac97a0ec24e147450
(cherry picked from commit be6a844a79)
This commit is contained in:
Harald Jensås 2020-11-17 01:34:36 +01:00
parent 1e4dbc5eb2
commit 6b4d841d91
2 changed files with 40 additions and 2 deletions

View File

@ -326,6 +326,17 @@ parameters:
description: |
Name of the subnet on ctlplane network for this role.
type: string
default: {}
description: |
Role specific ServiceNetMap overrides, the map provided will be merged
with the global ServiceNetMap when passing the ServiceNetMap to the
{{}}ServiceChain resource and the {{}} resource group.
For example:
NovaLibvirtNetwork: internal_api_leaf2
type: json
{% endfor %}
# Identifiers to trigger tasks on nodes
@ -647,7 +658,10 @@ resources:
get_param: {{}}Services
ServiceNetMap: {get_attr: [ServiceNetMap, service_net_map]}
- {get_attr: [ServiceNetMap, service_net_map]}
- {get_param: {{}}ServiceNetMap}
net_cidr_map: {get_attr: [NetCidrMapValue, value]}
net_vip_map: {get_attr: [VipMap, net_ip_map]}
@ -828,7 +842,10 @@ resources:
type: OS::TripleO::{{}}
CloudDomain: {get_param: CloudDomain}
ServiceNetMap: {get_attr: [ServiceNetMap, service_net_map]}
- {get_attr: [ServiceNetMap, service_net_map]}
- {get_param: {{}}ServiceNetMap}
EndpointMap: {get_attr: [EndpointMapData, value]}

View File

@ -0,0 +1,21 @@
- |
When deploying a spine-and-leaf (L3 routed architecture) with TLS enabled
for internal endpoints the deployment would fail because some roles are
not connected to the network mapped to the service in ServiceNetMap. To
fix this issue a role specific parameter ``{{}}ServiceNetMap`` is
introduced (defaults to: ``{}``). The role specific ServiceNetMap parameter
allow the operator to override one or more service network mappings
per-role. For example::
NovaLibvirtNetwork: internal_api_leaf2
The role specific ``{{}}ServiceNetMap`` override is merged with
the global ``ServiceNetMap`` when it's passed as a value to the
``{{}}ServiceChain`` resources, and the ``{{}}``
resource groups so that the correct network for this role is mapped to
the service.
Closes bug: `1904482 <>`_.