From 36924068a623596c22dd4eadd8c8ae8eac1e8691 Mon Sep 17 00:00:00 2001
From: Florian Fuchs <flfuchs@redhat.com>
Date: Wed, 11 Jul 2018 09:28:05 +0000
Subject: [PATCH] Add a networking check for OpenShift on OpenStack

This patch adds a validation to check if there is an external overcloud network
which can be used for an OpenShift on OpenStack deployment.

Change-Id: I0d490067fd79fcd6bdc5dbfcabb2f3fac8dc9daa
---
 ...nshift-network-check-d495367316c83147.yaml |  5 ++
 validations/openshift-nw-requirements.yaml    | 69 +++++++++++++++++++
 2 files changed, 74 insertions(+)
 create mode 100644 releasenotes/notes/openshift-network-check-d495367316c83147.yaml
 create mode 100644 validations/openshift-nw-requirements.yaml

diff --git a/releasenotes/notes/openshift-network-check-d495367316c83147.yaml b/releasenotes/notes/openshift-network-check-d495367316c83147.yaml
new file mode 100644
index 000000000..6437d4e22
--- /dev/null
+++ b/releasenotes/notes/openshift-network-check-d495367316c83147.yaml
@@ -0,0 +1,5 @@
+---
+features:
+  - |
+    Adds a network requirements validation for OpenShift which checks if there
+    is an external network set on the overcloud.
diff --git a/validations/openshift-nw-requirements.yaml b/validations/openshift-nw-requirements.yaml
new file mode 100644
index 000000000..53c32d87b
--- /dev/null
+++ b/validations/openshift-nw-requirements.yaml
@@ -0,0 +1,69 @@
+---
+- hosts: undercloud
+  vars:
+    metadata:
+      name: Check network requirements for an OpenShift on OpenStack deployment
+      description: |
+        Checks if an external network has been configured on the overcloud as
+        required for an OpenShift deployment on top of OpenStack.
+      groups:
+      - openshift-on-openstack
+
+  tasks:
+
+  # Get auth token and service catalog from Keystone and extract service urls.
+  - name: Get token and catalog from Keystone
+    uri:
+      url: "{{ overcloud_keystone_url
+               | urlsplit('scheme') }}://{{ overcloud_keystone_url
+               | urlsplit('netloc')}}/v3/auth/tokens"
+      method: POST
+      body_format: json
+      body:
+        auth:
+          scope:
+            project:
+              name: admin
+              domain:
+                id: default
+          identity:
+            methods:
+              - password
+            password:
+              user:
+                name: admin
+                domain:
+                  id: default
+                password: "{{ overcloud_admin_password }}"
+      return_content: yes
+      status_code: 201
+    register: keystone_result
+    when: overcloud_keystone_url|default('')
+  - name: Set auth token
+    set_fact: token="{{ keystone_result.x_subject_token }}"
+  - name: Get Neutron URL from catalog
+    set_fact: neutron_url="{{ keystone_result.json.token
+                              | json_query("catalog[?name=='neutron'].endpoints")
+                              | first
+                              | selectattr('interface', 'equalto', 'public')
+                              | map(attribute='url') | first }}"
+
+  # Get overcloud networks from Neutron and check if there is
+  # a network with a common name for external networks.
+  - name: Get networks from Neutron
+    uri:
+      url: "{{ neutron_url }}/v2.0/networks?router:external=true"
+      method: GET
+      headers:
+        X-Auth-Token: "{{ token }}"
+      return_content: yes
+      follow_redirects: all
+    register: networks_result
+
+  - name: Warn if there are no matching networks
+    warn:
+      msg: |
+           No external network found. It is strongly recommended that you
+           configure an external Neutron network with a floating IP address
+           pool.
+    when: networks_result.json.networks | length == 0