From b1b989471d21f74df582ce48846c7c07257df9ce Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Jeanneret?= Date: Wed, 25 May 2022 13:07:31 +0200 Subject: [PATCH] Manage masquerade via Ansible instead of Puppet This last step should allow to get rid of the puppet-firewall module. Change-Id: I8fbe512a8fd2f281e0e74c5db061a1d03b085527 --- .../masquerade-networks-baremetal-puppet.yaml | 0 ...masquerade-networks-baremetal-ansible.yaml | 48 +++++++++++++++++++ .../services/masquerade-networks.yaml | 2 +- 3 files changed, 49 insertions(+), 1 deletion(-) rename deployment/{ => deprecated}/masquerade-networks/masquerade-networks-baremetal-puppet.yaml (100%) create mode 100644 deployment/masquerade-networks/masquerade-networks-baremetal-ansible.yaml diff --git a/deployment/masquerade-networks/masquerade-networks-baremetal-puppet.yaml b/deployment/deprecated/masquerade-networks/masquerade-networks-baremetal-puppet.yaml similarity index 100% rename from deployment/masquerade-networks/masquerade-networks-baremetal-puppet.yaml rename to deployment/deprecated/masquerade-networks/masquerade-networks-baremetal-puppet.yaml diff --git a/deployment/masquerade-networks/masquerade-networks-baremetal-ansible.yaml b/deployment/masquerade-networks/masquerade-networks-baremetal-ansible.yaml new file mode 100644 index 0000000000..ce088eacf7 --- /dev/null +++ b/deployment/masquerade-networks/masquerade-networks-baremetal-ansible.yaml @@ -0,0 +1,48 @@ +heat_template_version: wallaby + +description: > + Configure TripleO Masquerade networks with Ansible. + +parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. Use + parameter_merge_strategies to merge it with the defaults. + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + # Notes: we keep this as-is in this role, and don't push it anywhere else. + # This allows to keep things separated, and ensure we'll avoid pushing those + # rules onto the overcloud by mistake. + MasqueradeNetworks: + default: {'192.168.24.0/24': ['192.168.24.0/24', '192.168.25.0/24']} + description: Hash of masquerade networks to manage. + type: json + +outputs: + role_data: + description: Role data for the TripleO Masquerade Networks service. + # Notes: This value is there aggregated with other firewall_rules and + # used in the firewall service, where it's passed to the + # tripleo-ansible/tripleo_firewall role. This present service is therefore + # just a way to pass over values for proper masquerade. + value: + service_name: masquerade_networks + ansible_group_vars: + tripleo_masquerade_networks: {get_param: MasqueradeNetworks } diff --git a/environments/services/masquerade-networks.yaml b/environments/services/masquerade-networks.yaml index 2f545c485f..390b90eb9c 100644 --- a/environments/services/masquerade-networks.yaml +++ b/environments/services/masquerade-networks.yaml @@ -1,4 +1,4 @@ # A Heat environment file that can be used to configure masquerade networks resource_registry: - OS::TripleO::Services::MasqueradeNetworks: ../../deployment/masquerade-networks/masquerade-networks-baremetal-puppet.yaml + OS::TripleO::Services::MasqueradeNetworks: ../../deployment/masquerade-networks/masquerade-networks-baremetal-ansible.yaml