From 6b4d841d91ea7e3787c3e57b7af09f943b5e6d66 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Harald=20Jens=C3=A5s?= Date: Tue, 17 Nov 2020 01:34:36 +0100 Subject: [PATCH] Make it possible to override ServiceNetMap per-role In spine-and-leaf TLS-e deployments as done in OSP13, services are filter based on role networks when adding metadata for nova-join. This filtering removes valid services due to the fact that the roles network does'nt match the global ServiceNetMap. Add a role based parameter {{role.name}}ServiceNetMap that can be used to override the ServiceNetMap per-role when it's being passed to {{role.name}}ServiceChain and the {{role.name}} resource group. Related: RHBZ#1875508 Closes-Bug: #1904482 Change-Id: I56b6dfe8a0e95385e469d9eac97a0ec24e147450 (cherry picked from commit be6a844a79d659525e0feecd5a784e4eb55cb021) --- overcloud.j2.yaml | 21 +++++++++++++++++-- .../notes/bug-1904482-dbc5162c8245a9b3.yaml | 21 +++++++++++++++++++ 2 files changed, 40 insertions(+), 2 deletions(-) create mode 100644 releasenotes/notes/bug-1904482-dbc5162c8245a9b3.yaml diff --git a/overcloud.j2.yaml b/overcloud.j2.yaml index 8d7d3a1524..2f75de35bb 100644 --- a/overcloud.j2.yaml +++ b/overcloud.j2.yaml @@ -326,6 +326,17 @@ parameters: description: | Name of the subnet on ctlplane network for this role. type: string + + {{role.name}}ServiceNetMap: + default: {} + description: | + Role specific ServiceNetMap overrides, the map provided will be merged + with the global ServiceNetMap when passing the ServiceNetMap to the + {{role.name}}ServiceChain resource and the {{role.name}} resource group. + For example: + {{role.name}}ServiceNetMap: + NovaLibvirtNetwork: internal_api_leaf2 + type: json {% endfor %} # Identifiers to trigger tasks on nodes @@ -647,7 +658,10 @@ resources: properties: Services: get_param: {{role.name}}Services - ServiceNetMap: {get_attr: [ServiceNetMap, service_net_map]} + ServiceNetMap: + map_merge: + - {get_attr: [ServiceNetMap, service_net_map]} + - {get_param: {{role.name}}ServiceNetMap} ServiceData: net_cidr_map: {get_attr: [NetCidrMapValue, value]} net_vip_map: {get_attr: [VipMap, net_ip_map]} @@ -828,7 +842,10 @@ resources: type: OS::TripleO::{{role.name}} properties: CloudDomain: {get_param: CloudDomain} - ServiceNetMap: {get_attr: [ServiceNetMap, service_net_map]} + ServiceNetMap: + map_merge: + - {get_attr: [ServiceNetMap, service_net_map]} + - {get_param: {{role.name}}ServiceNetMap} EndpointMap: {get_attr: [EndpointMapData, value]} Hostname: str_replace: diff --git a/releasenotes/notes/bug-1904482-dbc5162c8245a9b3.yaml b/releasenotes/notes/bug-1904482-dbc5162c8245a9b3.yaml new file mode 100644 index 0000000000..c7628695ff --- /dev/null +++ b/releasenotes/notes/bug-1904482-dbc5162c8245a9b3.yaml @@ -0,0 +1,21 @@ +--- +fixes: + - | + When deploying a spine-and-leaf (L3 routed architecture) with TLS enabled + for internal endpoints the deployment would fail because some roles are + not connected to the network mapped to the service in ServiceNetMap. To + fix this issue a role specific parameter ``{{role.name}}ServiceNetMap`` is + introduced (defaults to: ``{}``). The role specific ServiceNetMap parameter + allow the operator to override one or more service network mappings + per-role. For example:: + + ComputeLeaf2ServiceNetMap: + NovaLibvirtNetwork: internal_api_leaf2 + + The role specific ``{{role.name}}ServiceNetMap`` override is merged with + the global ``ServiceNetMap`` when it's passed as a value to the + ``{{role.name}}ServiceChain`` resources, and the ``{{role.name}}`` + resource groups so that the correct network for this role is mapped to + the service. + + Closes bug: `1904482 `_.