Browse Source

Make it possible to override ServiceNetMap per-role

In spine-and-leaf TLS-e deployments as done in OSP13,
services are filter based on role networks when adding
metadata for nova-join. This filtering removes valid
services due to the fact that the roles network does'nt
match the global ServiceNetMap.

Add a role based parameter {{role.name}}ServiceNetMap
that can be used to override the ServiceNetMap per-role
when it's being passed to {{role.name}}ServiceChain and
the {{role.name}} resource group.

Related: RHBZ#1875508
Closes-Bug: #1904482
Change-Id: I56b6dfe8a0e95385e469d9eac97a0ec24e147450
changes/34/762934/5
Harald Jensås 9 months ago
parent
commit
be6a844a79
  1. 21
      overcloud.j2.yaml
  2. 21
      releasenotes/notes/bug-1904482-dbc5162c8245a9b3.yaml

21
overcloud.j2.yaml

@ -322,6 +322,17 @@ parameters:
description: |
Name of the subnet on ctlplane network for this role.
type: string
{{role.name}}ServiceNetMap:
default: {}
description: |
Role specific ServiceNetMap overrides, the map provided will be merged
with the global ServiceNetMap when passing the ServiceNetMap to the
{{role.name}}ServiceChain resource and the {{role.name}} resource group.
For example:
{{role.name}}ServiceNetMap:
NovaLibvirtNetwork: internal_api_leaf2
type: json
{% endfor %}
# Identifiers to trigger tasks on nodes
@ -643,7 +654,10 @@ resources:
properties:
Services:
get_param: {{role.name}}Services
ServiceNetMap: {get_attr: [ServiceNetMap, service_net_map]}
ServiceNetMap:
map_merge:
- {get_attr: [ServiceNetMap, service_net_map]}
- {get_param: {{role.name}}ServiceNetMap}
ServiceData:
net_cidr_map: {get_attr: [NetCidrMapValue, value]}
net_vip_map: {get_attr: [VipMap, net_ip_map]}
@ -825,7 +839,10 @@ resources:
properties:
StackName: {get_param: 'OS::stack_name'}
CloudDomain: {get_param: CloudDomain}
ServiceNetMap: {get_attr: [ServiceNetMap, service_net_map]}
ServiceNetMap:
map_merge:
- {get_attr: [ServiceNetMap, service_net_map]}
- {get_param: {{role.name}}ServiceNetMap}
EndpointMap: {get_attr: [EndpointMapData, value]}
Hostname:
str_replace:

21
releasenotes/notes/bug-1904482-dbc5162c8245a9b3.yaml

@ -0,0 +1,21 @@
---
fixes:
- |
When deploying a spine-and-leaf (L3 routed architecture) with TLS enabled
for internal endpoints the deployment would fail because some roles are
not connected to the network mapped to the service in ServiceNetMap. To
fix this issue a role specific parameter ``{{role.name}}ServiceNetMap`` is
introduced (defaults to: ``{}``). The role specific ServiceNetMap parameter
allow the operator to override one or more service network mappings
per-role. For example::
ComputeLeaf2ServiceNetMap:
NovaLibvirtNetwork: internal_api_leaf2
The role specific ``{{role.name}}ServiceNetMap`` override is merged with
the global ``ServiceNetMap`` when it's passed as a value to the
``{{role.name}}ServiceChain`` resources, and the ``{{role.name}}``
resource groups so that the correct network for this role is mapped to
the service.
Closes bug: `1904482 <https://bugs.launchpad.net/tripleo/+bug/1904482>`_.
Loading…
Cancel
Save