Make network-isolation environment rendered for all roles
Currently there's some hard-coded references to roles here, rendering from the roles_data.yaml is a step towards making the use of isolated networks for custom roles easier. Partial-Bug: #1633090 Depends-On: Ib681729cc2728ca4b0486c14166b6b702edfcaab Change-Id: If3989f24f077738845d2edbee405bd9198e7b7db
This commit is contained in:
parent
571778f2f0
commit
cba5288867
37
environments/network-isolation.j2.yaml
Normal file
37
environments/network-isolation.j2.yaml
Normal file
@ -0,0 +1,37 @@
|
|||||||
|
{%- set primary_role = [roles[0]] -%}
|
||||||
|
{%- for role in roles -%}
|
||||||
|
{%- if 'primary' in role.tags and 'controller' in role.tags -%}
|
||||||
|
{%- set _ = primary_role.pop() -%}
|
||||||
|
{%- set _ = primary_role.append(role) -%}
|
||||||
|
{%- endif -%}
|
||||||
|
{%- endfor -%}
|
||||||
|
{%- set primary_role_name = primary_role[0].name -%}
|
||||||
|
# Enable the creation of Neutron networks for isolated Overcloud
|
||||||
|
# traffic and configure each role to assign ports (related
|
||||||
|
# to that role) on these networks.
|
||||||
|
# primary role is: {{primary_role_name}}
|
||||||
|
resource_registry:
|
||||||
|
# networks as defined in network_data.yaml
|
||||||
|
{%- for network in networks if network.enabled|default(true) %}
|
||||||
|
OS::TripleO::Network::{{network.name}}: ../network/{{network.name.lower()}}.yaml
|
||||||
|
{%- endfor %}
|
||||||
|
|
||||||
|
# Port assignments for the VIPs
|
||||||
|
{%- for network in networks if network.vip %}
|
||||||
|
OS::TripleO::Network::Ports::{{network.name}}VipPort: ../network/ports/{{network.name_lower|default(network.name.lower())}}.yaml
|
||||||
|
{%- endfor %}
|
||||||
|
OS::TripleO::Network::Ports::RedisVipPort: ../network/ports/vip.yaml
|
||||||
|
|
||||||
|
|
||||||
|
OS::TripleO::{{primary_role_name}}::Ports::RedisVipPort: ../network/ports/vip.yaml
|
||||||
|
|
||||||
|
{%- for role in roles %}
|
||||||
|
# Port assignments for the {{role.name}}
|
||||||
|
{%- for network in networks %}
|
||||||
|
{%- if network.name in role.networks|default([]) and network.enabled|default(true) %}
|
||||||
|
OS::TripleO::{{role.name}}::Ports::{{network.name}}Port: ../network/ports/{{network.name_lower|default(network.name.lower())}}.yaml
|
||||||
|
{%- else %}
|
||||||
|
OS::TripleO::{{role.name}}::Ports::{{network.name}}Port: ../network/ports/noop.yaml
|
||||||
|
{%- endif %}
|
||||||
|
{%- endfor %}
|
||||||
|
{%- endfor %}
|
@ -1,59 +0,0 @@
|
|||||||
# Enable the creation of Neutron networks for isolated Overcloud
|
|
||||||
# traffic and configure each role to assign ports (related
|
|
||||||
# to that role) on these networks.
|
|
||||||
resource_registry:
|
|
||||||
OS::TripleO::Network::External: ../network/external.yaml
|
|
||||||
OS::TripleO::Network::InternalApi: ../network/internal_api.yaml
|
|
||||||
OS::TripleO::Network::StorageMgmt: ../network/storage_mgmt.yaml
|
|
||||||
OS::TripleO::Network::Storage: ../network/storage.yaml
|
|
||||||
OS::TripleO::Network::Tenant: ../network/tenant.yaml
|
|
||||||
# Management network is optional and disabled by default.
|
|
||||||
# To enable it, include environments/network-management.yaml
|
|
||||||
#OS::TripleO::Network::Management: ../network/management.yaml
|
|
||||||
|
|
||||||
# Port assignments for the VIPs
|
|
||||||
OS::TripleO::Network::Ports::ExternalVipPort: ../network/ports/external.yaml
|
|
||||||
OS::TripleO::Network::Ports::InternalApiVipPort: ../network/ports/internal_api.yaml
|
|
||||||
OS::TripleO::Network::Ports::StorageVipPort: ../network/ports/storage.yaml
|
|
||||||
OS::TripleO::Network::Ports::StorageMgmtVipPort: ../network/ports/storage_mgmt.yaml
|
|
||||||
OS::TripleO::Network::Ports::RedisVipPort: ../network/ports/vip.yaml
|
|
||||||
|
|
||||||
# Port assignments for the controller role
|
|
||||||
OS::TripleO::Controller::Ports::ExternalPort: ../network/ports/external.yaml
|
|
||||||
OS::TripleO::Controller::Ports::InternalApiPort: ../network/ports/internal_api.yaml
|
|
||||||
OS::TripleO::Controller::Ports::StoragePort: ../network/ports/storage.yaml
|
|
||||||
OS::TripleO::Controller::Ports::StorageMgmtPort: ../network/ports/storage_mgmt.yaml
|
|
||||||
OS::TripleO::Controller::Ports::TenantPort: ../network/ports/tenant.yaml
|
|
||||||
#OS::TripleO::Controller::Ports::ManagementPort: ../network/ports/management.yaml
|
|
||||||
|
|
||||||
# Port assignments for the compute role
|
|
||||||
OS::TripleO::Compute::Ports::ExternalPort: ../network/ports/noop.yaml
|
|
||||||
OS::TripleO::Compute::Ports::InternalApiPort: ../network/ports/internal_api.yaml
|
|
||||||
OS::TripleO::Compute::Ports::StoragePort: ../network/ports/storage.yaml
|
|
||||||
OS::TripleO::Compute::Ports::StorageMgmtPort: ../network/ports/noop.yaml
|
|
||||||
OS::TripleO::Compute::Ports::TenantPort: ../network/ports/tenant.yaml
|
|
||||||
#OS::TripleO::Compute::Ports::ManagementPort: ../network/ports/management.yaml
|
|
||||||
|
|
||||||
# Port assignments for the ceph storage role
|
|
||||||
OS::TripleO::CephStorage::Ports::ExternalPort: ../network/ports/noop.yaml
|
|
||||||
OS::TripleO::CephStorage::Ports::InternalApiPort: ../network/ports/noop.yaml
|
|
||||||
OS::TripleO::CephStorage::Ports::StoragePort: ../network/ports/storage.yaml
|
|
||||||
OS::TripleO::CephStorage::Ports::StorageMgmtPort: ../network/ports/storage_mgmt.yaml
|
|
||||||
OS::TripleO::CephStorage::Ports::TenantPort: ../network/ports/noop.yaml
|
|
||||||
#OS::TripleO::CephStorage::Ports::ManagementPort: ../network/ports/management.yaml
|
|
||||||
|
|
||||||
# Port assignments for the swift storage role
|
|
||||||
OS::TripleO::SwiftStorage::Ports::ExternalPort: ../network/ports/noop.yaml
|
|
||||||
OS::TripleO::SwiftStorage::Ports::InternalApiPort: ../network/ports/internal_api.yaml
|
|
||||||
OS::TripleO::SwiftStorage::Ports::StoragePort: ../network/ports/storage.yaml
|
|
||||||
OS::TripleO::SwiftStorage::Ports::StorageMgmtPort: ../network/ports/storage_mgmt.yaml
|
|
||||||
OS::TripleO::SwiftStorage::Ports::TenantPort: ../network/ports/noop.yaml
|
|
||||||
#OS::TripleO::SwiftStorage::Ports::ManagementPort: ../network/ports/management.yaml
|
|
||||||
|
|
||||||
# Port assignments for the block storage role
|
|
||||||
OS::TripleO::BlockStorage::Ports::ExternalPort: ../network/ports/noop.yaml
|
|
||||||
OS::TripleO::BlockStorage::Ports::InternalApiPort: ../network/ports/internal_api.yaml
|
|
||||||
OS::TripleO::BlockStorage::Ports::StoragePort: ../network/ports/storage.yaml
|
|
||||||
OS::TripleO::BlockStorage::Ports::StorageMgmtPort: ../network/ports/storage_mgmt.yaml
|
|
||||||
OS::TripleO::BlockStorage::Ports::TenantPort: ../network/ports/noop.yaml
|
|
||||||
#OS::TripleO::BlockStorage::Ports::ManagementPort: ../network/ports/management.yaml
|
|
@ -4,6 +4,10 @@
|
|||||||
- name: BlockStorage
|
- name: BlockStorage
|
||||||
description: |
|
description: |
|
||||||
Cinder Block Storage node role
|
Cinder Block Storage node role
|
||||||
|
networks:
|
||||||
|
- InternalApi
|
||||||
|
- Storage
|
||||||
|
- StorageMgmt
|
||||||
ServicesDefault:
|
ServicesDefault:
|
||||||
- OS::TripleO::Services::AuditD
|
- OS::TripleO::Services::AuditD
|
||||||
- OS::TripleO::Services::BlockStorageCinderVolume
|
- OS::TripleO::Services::BlockStorageCinderVolume
|
||||||
|
@ -4,6 +4,9 @@
|
|||||||
- name: CephStorage
|
- name: CephStorage
|
||||||
description: |
|
description: |
|
||||||
Ceph OSD Storage node role
|
Ceph OSD Storage node role
|
||||||
|
networks:
|
||||||
|
- Storage
|
||||||
|
- StorageMgmt
|
||||||
ServicesDefault:
|
ServicesDefault:
|
||||||
- OS::TripleO::Services::AuditD
|
- OS::TripleO::Services::AuditD
|
||||||
- OS::TripleO::Services::CACerts
|
- OS::TripleO::Services::CACerts
|
||||||
|
@ -5,6 +5,10 @@
|
|||||||
description: |
|
description: |
|
||||||
Basic Compute Node role
|
Basic Compute Node role
|
||||||
CountDefault: 1
|
CountDefault: 1
|
||||||
|
networks:
|
||||||
|
- InternalApi
|
||||||
|
- Tenant
|
||||||
|
- Storage
|
||||||
HostnameFormatDefault: '%stackname%-novacompute-%index%'
|
HostnameFormatDefault: '%stackname%-novacompute-%index%'
|
||||||
disable_upgrade_deployment: True
|
disable_upgrade_deployment: True
|
||||||
ServicesDefault:
|
ServicesDefault:
|
||||||
|
@ -9,6 +9,12 @@
|
|||||||
tags:
|
tags:
|
||||||
- primary
|
- primary
|
||||||
- controller
|
- controller
|
||||||
|
networks:
|
||||||
|
- External
|
||||||
|
- InternalApi
|
||||||
|
- Storage
|
||||||
|
- StorageMgmt
|
||||||
|
- Tenant
|
||||||
HostnameFormatDefault: '%stackname%-controller-%index%'
|
HostnameFormatDefault: '%stackname%-controller-%index%'
|
||||||
ServicesDefault:
|
ServicesDefault:
|
||||||
- OS::TripleO::Services::AodhApi
|
- OS::TripleO::Services::AodhApi
|
||||||
|
@ -9,6 +9,12 @@
|
|||||||
tags:
|
tags:
|
||||||
- primary
|
- primary
|
||||||
- controller
|
- controller
|
||||||
|
networks:
|
||||||
|
- External
|
||||||
|
- InternalApi
|
||||||
|
- Storage
|
||||||
|
- StorageMgmt
|
||||||
|
- Tenant
|
||||||
HostnameFormatDefault: '%stackname%-controller-%index%'
|
HostnameFormatDefault: '%stackname%-controller-%index%'
|
||||||
ServicesDefault:
|
ServicesDefault:
|
||||||
- OS::TripleO::Services::AodhApi
|
- OS::TripleO::Services::AodhApi
|
||||||
|
@ -4,6 +4,8 @@
|
|||||||
- name: Database
|
- name: Database
|
||||||
description: |
|
description: |
|
||||||
Standalone database role with the database being managed via Pacemaker
|
Standalone database role with the database being managed via Pacemaker
|
||||||
|
networks:
|
||||||
|
- InternalApi
|
||||||
HostnameFormatDefault: '%stackname%-database-%index%'
|
HostnameFormatDefault: '%stackname%-database-%index%'
|
||||||
ServicesDefault:
|
ServicesDefault:
|
||||||
- OS::TripleO::Services::AuditD
|
- OS::TripleO::Services::AuditD
|
||||||
|
@ -4,6 +4,8 @@
|
|||||||
- name: Messaging
|
- name: Messaging
|
||||||
description: |
|
description: |
|
||||||
Standalone messaging role with RabbitMQ being managed via Pacemaker
|
Standalone messaging role with RabbitMQ being managed via Pacemaker
|
||||||
|
networks:
|
||||||
|
- InternalApi
|
||||||
HostnameFormatDefault: '%stackname%-messaging-%index%'
|
HostnameFormatDefault: '%stackname%-messaging-%index%'
|
||||||
ServicesDefault:
|
ServicesDefault:
|
||||||
- OS::TripleO::Services::AuditD
|
- OS::TripleO::Services::AuditD
|
||||||
|
@ -5,6 +5,8 @@
|
|||||||
description: |
|
description: |
|
||||||
Standalone networking role to run Neutron services their own. Includes
|
Standalone networking role to run Neutron services their own. Includes
|
||||||
Pacemaker integration via PacemakerRemote
|
Pacemaker integration via PacemakerRemote
|
||||||
|
networks:
|
||||||
|
- InternalApi
|
||||||
HostnameFormatDefault: '%stackname%-networker-%index%'
|
HostnameFormatDefault: '%stackname%-networker-%index%'
|
||||||
ServicesDefault:
|
ServicesDefault:
|
||||||
- OS::TripleO::Services::AuditD
|
- OS::TripleO::Services::AuditD
|
||||||
|
@ -4,6 +4,10 @@
|
|||||||
- name: ObjectStorage
|
- name: ObjectStorage
|
||||||
description: |
|
description: |
|
||||||
Swift Object Storage node role
|
Swift Object Storage node role
|
||||||
|
networks:
|
||||||
|
- InternalApi
|
||||||
|
- Storage
|
||||||
|
- StorageMgmt
|
||||||
disable_upgrade_deployment: True
|
disable_upgrade_deployment: True
|
||||||
ServicesDefault:
|
ServicesDefault:
|
||||||
- OS::TripleO::Services::AuditD
|
- OS::TripleO::Services::AuditD
|
||||||
|
@ -58,6 +58,10 @@ Role Options
|
|||||||
* description: (string) as few sentences describing the role and information
|
* description: (string) as few sentences describing the role and information
|
||||||
pertaining to the usage of the role.
|
pertaining to the usage of the role.
|
||||||
|
|
||||||
|
* networks: (list), optional list of networks which the role will have
|
||||||
|
access to when network isolation is enabled. The names should match
|
||||||
|
those defined in network_data.yaml.
|
||||||
|
|
||||||
Working with Roles
|
Working with Roles
|
||||||
==================
|
==================
|
||||||
The tripleoclient provides a series of commands that can be used to view
|
The tripleoclient provides a series of commands that can be used to view
|
||||||
|
@ -4,6 +4,8 @@
|
|||||||
- name: Telemetry
|
- name: Telemetry
|
||||||
description: |
|
description: |
|
||||||
Telemetry role that has all the telemetry services.
|
Telemetry role that has all the telemetry services.
|
||||||
|
networks:
|
||||||
|
- InternalApi
|
||||||
HostnameFormatDefault: '%stackname%-telemetry-%index%'
|
HostnameFormatDefault: '%stackname%-telemetry-%index%'
|
||||||
ServicesDefault:
|
ServicesDefault:
|
||||||
- OS::TripleO::Services::AodhApi
|
- OS::TripleO::Services::AodhApi
|
||||||
|
@ -12,6 +12,12 @@
|
|||||||
tags:
|
tags:
|
||||||
- primary
|
- primary
|
||||||
- controller
|
- controller
|
||||||
|
networks:
|
||||||
|
- External
|
||||||
|
- InternalApi
|
||||||
|
- Storage
|
||||||
|
- StorageMgmt
|
||||||
|
- Tenant
|
||||||
HostnameFormatDefault: '%stackname%-controller-%index%'
|
HostnameFormatDefault: '%stackname%-controller-%index%'
|
||||||
ServicesDefault:
|
ServicesDefault:
|
||||||
- OS::TripleO::Services::AodhApi
|
- OS::TripleO::Services::AodhApi
|
||||||
@ -128,6 +134,10 @@
|
|||||||
description: |
|
description: |
|
||||||
Basic Compute Node role
|
Basic Compute Node role
|
||||||
CountDefault: 1
|
CountDefault: 1
|
||||||
|
networks:
|
||||||
|
- InternalApi
|
||||||
|
- Tenant
|
||||||
|
- Storage
|
||||||
HostnameFormatDefault: '%stackname%-novacompute-%index%'
|
HostnameFormatDefault: '%stackname%-novacompute-%index%'
|
||||||
disable_upgrade_deployment: True
|
disable_upgrade_deployment: True
|
||||||
ServicesDefault:
|
ServicesDefault:
|
||||||
@ -167,6 +177,10 @@
|
|||||||
- name: BlockStorage
|
- name: BlockStorage
|
||||||
description: |
|
description: |
|
||||||
Cinder Block Storage node role
|
Cinder Block Storage node role
|
||||||
|
networks:
|
||||||
|
- InternalApi
|
||||||
|
- Storage
|
||||||
|
- StorageMgmt
|
||||||
ServicesDefault:
|
ServicesDefault:
|
||||||
- OS::TripleO::Services::AuditD
|
- OS::TripleO::Services::AuditD
|
||||||
- OS::TripleO::Services::BlockStorageCinderVolume
|
- OS::TripleO::Services::BlockStorageCinderVolume
|
||||||
@ -191,6 +205,10 @@
|
|||||||
- name: ObjectStorage
|
- name: ObjectStorage
|
||||||
description: |
|
description: |
|
||||||
Swift Object Storage node role
|
Swift Object Storage node role
|
||||||
|
networks:
|
||||||
|
- InternalApi
|
||||||
|
- Storage
|
||||||
|
- StorageMgmt
|
||||||
disable_upgrade_deployment: True
|
disable_upgrade_deployment: True
|
||||||
ServicesDefault:
|
ServicesDefault:
|
||||||
- OS::TripleO::Services::AuditD
|
- OS::TripleO::Services::AuditD
|
||||||
@ -217,6 +235,9 @@
|
|||||||
- name: CephStorage
|
- name: CephStorage
|
||||||
description: |
|
description: |
|
||||||
Ceph OSD Storage node role
|
Ceph OSD Storage node role
|
||||||
|
networks:
|
||||||
|
- Storage
|
||||||
|
- StorageMgmt
|
||||||
ServicesDefault:
|
ServicesDefault:
|
||||||
- OS::TripleO::Services::AuditD
|
- OS::TripleO::Services::AuditD
|
||||||
- OS::TripleO::Services::CACerts
|
- OS::TripleO::Services::CACerts
|
||||||
|
Loading…
Reference in New Issue
Block a user