Manage masquerade via Ansible instead of Puppet
This last step should allow to get rid of the puppet-firewall module. Change-Id: I8fbe512a8fd2f281e0e74c5db061a1d03b085527
This commit is contained in:
parent
560619f941
commit
b1b989471d
|
@ -0,0 +1,48 @@
|
||||||
|
heat_template_version: wallaby
|
||||||
|
|
||||||
|
description: >
|
||||||
|
Configure TripleO Masquerade networks with Ansible.
|
||||||
|
|
||||||
|
parameters:
|
||||||
|
ServiceData:
|
||||||
|
default: {}
|
||||||
|
description: Dictionary packing service data
|
||||||
|
type: json
|
||||||
|
ServiceNetMap:
|
||||||
|
default: {}
|
||||||
|
description: Mapping of service_name -> network name. Typically set
|
||||||
|
via parameter_defaults in the resource registry. Use
|
||||||
|
parameter_merge_strategies to merge it with the defaults.
|
||||||
|
type: json
|
||||||
|
RoleName:
|
||||||
|
default: ''
|
||||||
|
description: Role name on which the service is applied
|
||||||
|
type: string
|
||||||
|
RoleParameters:
|
||||||
|
default: {}
|
||||||
|
description: Parameters specific to the role
|
||||||
|
type: json
|
||||||
|
EndpointMap:
|
||||||
|
default: {}
|
||||||
|
description: Mapping of service endpoint -> protocol. Typically set
|
||||||
|
via parameter_defaults in the resource registry.
|
||||||
|
type: json
|
||||||
|
# Notes: we keep this as-is in this role, and don't push it anywhere else.
|
||||||
|
# This allows to keep things separated, and ensure we'll avoid pushing those
|
||||||
|
# rules onto the overcloud by mistake.
|
||||||
|
MasqueradeNetworks:
|
||||||
|
default: {'192.168.24.0/24': ['192.168.24.0/24', '192.168.25.0/24']}
|
||||||
|
description: Hash of masquerade networks to manage.
|
||||||
|
type: json
|
||||||
|
|
||||||
|
outputs:
|
||||||
|
role_data:
|
||||||
|
description: Role data for the TripleO Masquerade Networks service.
|
||||||
|
# Notes: This value is there aggregated with other firewall_rules and
|
||||||
|
# used in the firewall service, where it's passed to the
|
||||||
|
# tripleo-ansible/tripleo_firewall role. This present service is therefore
|
||||||
|
# just a way to pass over values for proper masquerade.
|
||||||
|
value:
|
||||||
|
service_name: masquerade_networks
|
||||||
|
ansible_group_vars:
|
||||||
|
tripleo_masquerade_networks: {get_param: MasqueradeNetworks }
|
|
@ -1,4 +1,4 @@
|
||||||
# A Heat environment file that can be used to configure masquerade networks
|
# A Heat environment file that can be used to configure masquerade networks
|
||||||
|
|
||||||
resource_registry:
|
resource_registry:
|
||||||
OS::TripleO::Services::MasqueradeNetworks: ../../deployment/masquerade-networks/masquerade-networks-baremetal-puppet.yaml
|
OS::TripleO::Services::MasqueradeNetworks: ../../deployment/masquerade-networks/masquerade-networks-baremetal-ansible.yaml
|
||||||
|
|
Loading…
Reference in New Issue