openstack/tripleo-quickstart-extras
Code Issues Proposed changes

Merge "Fix SSL certs creation for ipv6"

Browse Source
This commit is contained in:
Zuul 2017-12-04 23:09:43 +00:00 committed by Gerrit Code Review
commit 812170e915
3 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
roles/overcloud-prep-config/defaults/main.yml
View File

@ -5,7 +5,8 @@ network_isolation_type: single-nic-vlans # multiple-nics, bond-with-vlans, publi
network_environment_file: network-environment.yaml.j2 network_environment_file: network-environment.yaml.j2
external_network_cidr: 192.168.23.0/24 external_network_cidr: 192.168.23.0/24
undercloud_external_network_cidr: 10.0.0.1/24 undercloud_external_network_cidr: >-
{%- if overcloud_ipv6|bool %}2001:db8:fd00:1000::/64{% else %}10.0.0.1/24{% endif -%}
overcloud_dns_servers: [ '{{ external_network_cidr|nthhost(1) }}' ] overcloud_dns_servers: [ '{{ external_network_cidr|nthhost(1) }}' ]
overcloud_public_vip: "{{ undercloud_external_network_cidr|nthhost(5) }}" overcloud_public_vip: "{{ undercloud_external_network_cidr|nthhost(5) }}"

4
roles/overcloud-prep-network/templates/overcloud-prep-network.sh.j2
View File

@ -14,7 +14,7 @@ set -eux
source {{ working_dir }}/stackrc source {{ working_dir }}/stackrc
{% if overcloud_nodes is defined and overcloud_nodes %} {% if overcloud_nodes is defined and overcloud_nodes and not overcloud_ipv6|bool %}
FENCING_RULE="-m udp -p udp -m multiport --dports {% for node in overcloud_nodes %}{{ node.virtualbmc_port }}{% if not loop.last %},{% endif %}{% endfor %} -m state --state NEW" FENCING_RULE="-m udp -p udp -m multiport --dports {% for node in overcloud_nodes %}{{ node.virtualbmc_port }}{% if not loop.last %},{% endif %}{% endfor %} -m state --state NEW"
COMMENT="fencing_access_from_overcloud" COMMENT="fencing_access_from_overcloud"
if ! sudo iptables -nvL INPUT | grep "$COMMENT"; then if ! sudo iptables -nvL INPUT | grep "$COMMENT"; then
@ -23,7 +23,7 @@ if ! sudo iptables -nvL INPUT | grep "$COMMENT"; then
fi fi
{% endif %} {% endif %}
{% if network_isolation|bool %} {% if network_isolation|bool and not overcloud_ipv6|bool %}
## Setup Networking ## Setup Networking
## ---------------- ## ----------------

2
roles/overcloud-ssl/templates/overcloud-create-ssl-cert.sh.j2
View File

@ -29,7 +29,7 @@ sudo update-ca-trust extract
## public VIP ## public VIP
## :: ## ::
{% set _vip = overcloud_public_vip if not overcloud_ipv6|bool else overcloud_public_vip6 %} {% set _vip = overcloud_public_vip %}
openssl req -newkey rsa:2048 -days 365 \ openssl req -newkey rsa:2048 -days 365 \
-nodes -keyout {{ working_dir }}/server-key.pem \ -nodes -keyout {{ working_dir }}/server-key.pem \