Ensure we get at least one ctlplane subnet
This will prevent situations where firewall rules are applied to the
overcloud nodes without any tagged ctlplane subnet, leading to a lockout
from the nodes, making the whole deploy failing (and node unreachable).
This is especially important for the deployed-server case.
Related-Bug: #1839324
Change-Id: Ib3eca07050474930bfe60d6db24ef1c683079a24
(cherry picked from commit 34f3cbde64
)
This commit is contained in:
parent
e018bab3ba
commit
8b8b6dc182
|
@ -39,6 +39,12 @@ parameters:
|
||||||
description: Whether IPtables rules should be purged before setting up the new ones.
|
description: Whether IPtables rules should be purged before setting up the new ones.
|
||||||
type: boolean
|
type: boolean
|
||||||
|
|
||||||
|
conditions:
|
||||||
|
no_ctlplane:
|
||||||
|
equals:
|
||||||
|
- get_params: [ServiceData, net_cidr_map, ctlplane]
|
||||||
|
- Null
|
||||||
|
|
||||||
outputs:
|
outputs:
|
||||||
role_data:
|
role_data:
|
||||||
description: Role data for the TripleO firewall settings
|
description: Role data for the TripleO firewall settings
|
||||||
|
@ -60,6 +66,19 @@ outputs:
|
||||||
|
|
||||||
step_config: |
|
step_config: |
|
||||||
include ::tripleo::firewall
|
include ::tripleo::firewall
|
||||||
|
|
||||||
|
host_prep_tasks:
|
||||||
|
if:
|
||||||
|
- no_ctlplane
|
||||||
|
-
|
||||||
|
name: Ensure ctlplane subnet is set
|
||||||
|
fail:
|
||||||
|
msg: |
|
||||||
|
No CIDRs found in the ctlplane network tags.
|
||||||
|
Please refer to the documentation in order to
|
||||||
|
set the correct network tags in DeployedServerPortMap.
|
||||||
|
- null
|
||||||
|
|
||||||
deploy_steps_tasks:
|
deploy_steps_tasks:
|
||||||
- when: step|int == 0
|
- when: step|int == 0
|
||||||
block:
|
block:
|
||||||
|
|
Loading…
Reference in New Issue