Manage masquerade via Ansible instead of Puppet

This last step should allow to get rid of the puppet-firewall module. Change-Id: I8fbe512a8fd2f281e0e74c5db061a1d03b085527
2022-05-25 13:07:31 +02:00 · 2022-05-25 13:07:31 +02:00 · b1b989471d
parent 560619f941
commit b1b989471d
3 changed files with 49 additions and 1 deletions
--- a/deployment/deprecated/masquerade-networks/masquerade-networks-baremetal-puppet.yaml
+++ b/deployment/deprecated/masquerade-networks/masquerade-networks-baremetal-puppet.yaml
--- a/deployment/masquerade-networks/masquerade-networks-baremetal-ansible.yaml
+++ b/deployment/masquerade-networks/masquerade-networks-baremetal-ansible.yaml
@ -0,0 +1,48 @@
+heat_template_version: wallaby
+
+description: >
+  Configure TripleO Masquerade networks with Ansible.
+
+parameters:
+  ServiceData:
+    default: {}
+    description: Dictionary packing service data
+    type: json
+  ServiceNetMap:
+    default: {}
+    description: Mapping of service_name -> network name. Typically set
+                 via parameter_defaults in the resource registry. Use
+                 parameter_merge_strategies to merge it with the defaults.
+    type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
+  EndpointMap:
+    default: {}
+    description: Mapping of service endpoint -> protocol. Typically set
+                 via parameter_defaults in the resource registry.
+    type: json
+  # Notes: we keep this as-is in this role, and don't push it anywhere else.
+  # This allows to keep things separated, and ensure we'll avoid pushing those
+  # rules onto the overcloud by mistake.
+  MasqueradeNetworks:
+    default: {'192.168.24.0/24': ['192.168.24.0/24', '192.168.25.0/24']}
+    description: Hash of masquerade networks to manage.
+    type: json
+
+outputs:
+  role_data:
+    description: Role data for the TripleO Masquerade Networks service.
+    # Notes: This value is there aggregated with other firewall_rules and
+    # used in the firewall service, where it's passed to the
+    # tripleo-ansible/tripleo_firewall role. This present service is therefore
+    # just a way to pass over values for proper masquerade.
+    value:
+      service_name: masquerade_networks
+      ansible_group_vars:
+        tripleo_masquerade_networks: {get_param: MasqueradeNetworks }
--- a/environments/services/masquerade-networks.yaml
+++ b/environments/services/masquerade-networks.yaml
@ -1,4 +1,4 @@
 # A Heat environment file that can be used to configure masquerade networks

 resource_registry:
-  OS::TripleO::Services::MasqueradeNetworks: ../../deployment/masquerade-networks/masquerade-networks-baremetal-puppet.yaml
+  OS::TripleO::Services::MasqueradeNetworks: ../../deployment/masquerade-networks/masquerade-networks-baremetal-ansible.yaml