commit 34fae762aab364559bfcc29510b1c69957dd21f4 Author: Harald Jensås Date: Fri Oct 2 09:18:35 2020 +0200 Concatenate host_routes and default route in overcloud.yaml Previoously the default route was concatenated with the host_routes in the NetworkConfig. This change moves that concatenation to overcloud.yaml. GroupVars {{network.name_lower}}_host_routes and ctlplane_host_routes will have the default route appended based on role.default_route_networks setting. For heat base NetworkConfig the parameters ControlPlaneStaticRoutes and {{network.name}}InterfaceRoutes will have the default route appropriately appended. Doing the concatenation in overcloud.yaml enable simplified user-facing NetworkConfig templates. For standalone and undercloud define the default_route_networks with an empty list. Cannot leave it undefined as this will default the default route to the ctlplane's gateway. Undercloud and Standalone uses the management interface as the gateway by default, so we should not set a default gateway for these roles. Change-Id: I3a35c4b46536fa2916d9fa387278077884adaf68 diff --git a/network/config/2-linux-bonds-vlans/role.role.j2.yaml b/network/config/2-linux-bonds-vlans/role.role.j2.yaml index bd32ad3..0208359 100644 --- a/network/config/2-linux-bonds-vlans/role.role.j2.yaml +++ b/network/config/2-linux-bonds-vlans/role.role.j2.yaml @@ -156,13 +156,7 @@ resources: - - get_param: ControlPlaneIp - get_param: ControlPlaneSubnetCidr routes: - list_concat_unique: - - get_param: ControlPlaneStaticRoutes -{%- if role.default_route_networks is not defined or 'ControlPlane' in role.default_route_networks %} - - - default: true - next_hop: - get_param: ControlPlaneDefaultRoute -{%- endif %} + get_param: ControlPlaneStaticRoutes - type: linux_bond name: bond_api mtu: @@ -195,13 +189,7 @@ resources: - ip_netmask: get_param: {{network.name}}IpSubnet routes: - list_concat_unique: - - get_param: {{network.name}}InterfaceRoutes -{%- if network.name in role.default_route_networks %} - - - default: true - next_hop: - get_param: {{network.name}}InterfaceDefaultRoute -{%- endif %} + get_param: {{network.name}}InterfaceRoutes {%- endfor %} {%- if not role.name.startswith('ComputeOvsDpdk') %} - type: ovs_bridge @@ -236,13 +224,7 @@ resources: - ip_netmask: get_param: {{network.name}}IpSubnet routes: - list_concat_unique: - - get_param: {{network.name}}InterfaceRoutes -{%- if network.name in role.default_route_networks %} - - - default: true - next_hop: - get_param: {{network.name}}InterfaceDefaultRoute -{%- endif %} + get_param: {{network.name}}InterfaceRoutes {%- endfor %} {%- else %} - type: ovs_user_bridge @@ -257,13 +239,7 @@ resources: addresses: - ip_netmask: {get_param: {{network.name}}IpSubnet} routes: - list_concat_unique: - - get_param: {{network.name}}InterfaceRoutes - {%- if network.name in role.default_route_networks %} - - - default: true - next_hop: - get_param: {{network.name}}InterfaceDefaultRoute - {%- endif %} + get_param: {{network.name}}InterfaceRoutes {%- endfor %} members: - type: ovs_dpdk_bond diff --git a/network/config/bond-with-vlans/controller-no-external.j2.yaml b/network/config/bond-with-vlans/controller-no-external.j2.yaml index 813eb61..4557f1f 100644 --- a/network/config/bond-with-vlans/controller-no-external.j2.yaml +++ b/network/config/bond-with-vlans/controller-no-external.j2.yaml @@ -105,11 +105,7 @@ resources: - - get_param: ControlPlaneIp - get_param: ControlPlaneSubnetCidr routes: - list_concat_unique: - - get_param: ControlPlaneStaticRoutes - - - default: true # NOTE(hjensas): This is the IPv4 default route - next_hop: - get_param: ControlPlaneDefaultRoute + get_param: ControlPlaneStaticRoutes - type: ovs_bridge name: {get_param: NeutronPhysicalBridge} use_dhcp: true diff --git a/network/config/bond-with-vlans/role.role.j2.yaml b/network/config/bond-with-vlans/role.role.j2.yaml index 06657b4..ed73379 100644 --- a/network/config/bond-with-vlans/role.role.j2.yaml +++ b/network/config/bond-with-vlans/role.role.j2.yaml @@ -136,13 +136,7 @@ resources: - - get_param: ControlPlaneIp - get_param: ControlPlaneSubnetCidr routes: - list_concat_unique: - - get_param: ControlPlaneStaticRoutes -{%- if role.default_route_networks is not defined or 'ControlPlane' in role.default_route_networks %} - - - default: true - next_hop: - get_param: ControlPlaneDefaultRoute -{%- endif %} + get_param: ControlPlaneStaticRoutes {%- if not role.name.startswith('ComputeOvsDpdk') %} - type: ovs_bridge {%- if role.name.startswith('CephStorage') or role.name.startswith('ObjectStorage') or role.name.startswith('BlockStorage') %} @@ -181,13 +175,7 @@ resources: - ip_netmask: get_param: {{network.name}}IpSubnet routes: - list_concat_unique: - - get_param: {{network.name}}InterfaceRoutes -{%- if network.name in role.default_route_networks %} - - - default: true - next_hop: - get_param: {{network.name}}InterfaceDefaultRoute -{%- endif %} + get_param: {{network.name}}InterfaceRoutes {%- endfor %} {%- else %} # Linux bond for non-DPDK traffic required when using DPDK @@ -221,13 +209,7 @@ resources: - ip_netmask: get_param: {{network.name}}IpSubnet routes: - list_concat_unique: - - get_param: {{network.name}}InterfaceRoutes -{%- if network.name in role.default_route_networks %} - - - default: true - next_hop: - get_param: {{network.name}}InterfaceDefaultRoute -{%- endif %} + get_param: {{network.name}}InterfaceRoutes {%- endfor %} # Used as a provider network with external DHCP - type: ovs_user_bridge diff --git a/network/config/multiple-nics-vlans/compute-dvr.j2.yaml b/network/config/multiple-nics-vlans/compute-dvr.j2.yaml index 44f0e2e..6b417d6 100644 --- a/network/config/multiple-nics-vlans/compute-dvr.j2.yaml +++ b/network/config/multiple-nics-vlans/compute-dvr.j2.yaml @@ -103,11 +103,7 @@ resources: - - get_param: ControlPlaneIp - get_param: ControlPlaneSubnetCidr routes: - list_concat_unique: - - get_param: ControlPlaneStaticRoutes - - - default: true - next_hop: - get_param: ControlPlaneDefaultRoute + get_param: ControlPlaneStaticRoutes - type: interface name: nic2 mtu: diff --git a/network/config/multiple-nics-vlans/role.role.j2.yaml b/network/config/multiple-nics-vlans/role.role.j2.yaml index 3e33d0e..05bbb5d 100644 --- a/network/config/multiple-nics-vlans/role.role.j2.yaml +++ b/network/config/multiple-nics-vlans/role.role.j2.yaml @@ -126,13 +126,7 @@ resources: - - get_param: ControlPlaneIp - get_param: ControlPlaneSubnetCidr routes: - list_concat_unique: - - get_param: ControlPlaneStaticRoutes -{%- if role.default_route_networks is not defined or 'ControlPlane' in role.default_route_networks %} - - - default: true - next_hop: - get_param: ControlPlaneDefaultRoute -{%- endif %} + get_param: ControlPlaneStaticRoutes {%- set nics_used = [1] %} {%- for network in networks if network.enabled|default(true) and network.name not in role.networks_skip_config|default([]) %} {%- if network.name not in ["External", "Tenant"] %} @@ -152,13 +146,7 @@ resources: - ip_netmask: get_param: {{network.name}}IpSubnet routes: - list_concat_unique: - - get_param: {{network.name}}InterfaceRoutes -{%- if network.name in role.default_route_networks %} - - - default: true - next_hop: - get_param: {{network.name}}InterfaceDefaultRoute -{%- endif %} + get_param: {{network.name}}InterfaceRoutes {%- endif %} {#- We need bridge also for ComputeDVR and Computes with OVN #} {%- elif network.name in role.networks or 'external_bridge' in role.tags %} @@ -190,13 +178,7 @@ resources: - ip_netmask: get_param: {{network.name}}IpSubnet routes: - list_concat_unique: - - get_param: {{network.name}}InterfaceRoutes -{%- if network.name in role.default_route_networks %} - - - default: true - next_hop: - get_param: {{network.name}}InterfaceDefaultRoute -{%- endif %} + get_param: {{network.name}}InterfaceRoutes {%- endif %} {%- endif %} {#- This hack gets around Jinja scope limitations to update nics_used within loop. #} diff --git a/network/config/multiple-nics/compute-dvr.j2.yaml b/network/config/multiple-nics/compute-dvr.j2.yaml index 5b04229..c924e8a 100644 --- a/network/config/multiple-nics/compute-dvr.j2.yaml +++ b/network/config/multiple-nics/compute-dvr.j2.yaml @@ -103,11 +103,7 @@ resources: - - get_param: ControlPlaneIp - get_param: ControlPlaneSubnetCidr routes: - list_concat_unique: - - get_param: ControlPlaneStaticRoutes - - - default: true - next_hop: - get_param: ControlPlaneDefaultRoute + get_param: ControlPlaneStaticRoutes - type: interface name: nic2 mtu: diff --git a/network/config/multiple-nics/role.role.j2.yaml b/network/config/multiple-nics/role.role.j2.yaml index 5b012a4..a0b9a81 100644 --- a/network/config/multiple-nics/role.role.j2.yaml +++ b/network/config/multiple-nics/role.role.j2.yaml @@ -126,13 +126,7 @@ resources: - - get_param: ControlPlaneIp - get_param: ControlPlaneSubnetCidr routes: - list_concat_unique: - - get_param: ControlPlaneStaticRoutes -{%- if role.default_route_networks is not defined or 'ControlPlane' in role.default_route_networks %} - - - default: true - next_hop: - get_param: ControlPlaneDefaultRoute -{%- endif %} + get_param: ControlPlaneStaticRoutes {%- set nics_used = [1] %} {%- for network in networks if network.enabled|default(true) and network.name not in role.networks_skip_config|default([]) %} {%- if network.name not in ["External", "Tenant"] %} @@ -146,13 +140,7 @@ resources: - ip_netmask: get_param: {{network.name}}IpSubnet routes: - list_concat_unique: - - get_param: {{network.name}}InterfaceRoutes -{%- if network.name in role.default_route_networks %} - - - default: true - next_hop: - get_param: {{network.name}}InterfaceDefaultRoute -{%- endif %} + get_param: {{network.name}}InterfaceRoutes {%- endif %} {#- We need bridge also for ComputeDVR and Computes with OVN #} {%- elif network.name in _role_networks or 'external_bridge' in role.tags %} @@ -172,13 +160,7 @@ resources: - ip_netmask: get_param: {{network.name}}IpSubnet routes: - list_concat_unique: - - get_param: {{network.name}}InterfaceRoutes -{%- if network.name in role.default_route_networks %} - - - default: true - next_hop: - get_param: {{network.name}}InterfaceDefaultRoute -{%- endif %} + get_param: {{network.name}}InterfaceRoutes {%- endif %} members: - type: interface diff --git a/network/config/single-nic-linux-bridge-vlans/role.role.j2.yaml b/network/config/single-nic-linux-bridge-vlans/role.role.j2.yaml index f46d9f7..1c13140 100644 --- a/network/config/single-nic-linux-bridge-vlans/role.role.j2.yaml +++ b/network/config/single-nic-linux-bridge-vlans/role.role.j2.yaml @@ -136,13 +136,7 @@ resources: - - get_param: ControlPlaneIp - get_param: ControlPlaneSubnetCidr routes: - list_concat_unique: - - get_param: ControlPlaneStaticRoutes -{%- if role.default_route_networks is not defined or 'ControlPlane' in role.default_route_networks %} - - - default: true - next_hop: - get_param: ControlPlaneDefaultRoute -{%- endif %} + get_param: ControlPlaneStaticRoutes members: - type: interface name: {get_param: NeutronPublicInterface} @@ -165,13 +159,7 @@ and network.name not in role.networks_skip_config|default([]) %} - ip_netmask: get_param: {{network.name}}IpSubnet routes: - list_concat_unique: - - get_param: {{network.name}}InterfaceRoutes -{%- if network.name in role.default_route_networks %} - - - default: true - next_hop: - get_param: {{network.name}}InterfaceDefaultRoute -{%- endif %} + get_param: {{network.name}}InterfaceRoutes {%- endfor %} outputs: config: diff --git a/network/config/single-nic-vlans/controller-no-external.j2.yaml b/network/config/single-nic-vlans/controller-no-external.j2.yaml index 5326111..c17e74b 100644 --- a/network/config/single-nic-vlans/controller-no-external.j2.yaml +++ b/network/config/single-nic-vlans/controller-no-external.j2.yaml @@ -99,11 +99,7 @@ resources: - - get_param: ControlPlaneIp - get_param: ControlPlaneSubnetCidr routes: - list_concat_unique: - get_param: ControlPlaneStaticRoutes - - - default: true - next_hop: - get_param: ControlPlaneDefaultRoute members: - type: interface name: nic1 diff --git a/network/config/single-nic-vlans/role.role.j2.yaml b/network/config/single-nic-vlans/role.role.j2.yaml index 0cf3068..4e99bba 100644 --- a/network/config/single-nic-vlans/role.role.j2.yaml +++ b/network/config/single-nic-vlans/role.role.j2.yaml @@ -132,13 +132,7 @@ resources: - - get_param: ControlPlaneIp - get_param: ControlPlaneSubnetCidr routes: - list_concat_unique: - - get_param: ControlPlaneStaticRoutes -{%- if role.default_route_networks is not defined or 'ControlPlane' in role.default_route_networks %} - - - default: true - next_hop: - get_param: ControlPlaneDefaultRoute -{%- endif %} + get_param: ControlPlaneStaticRoutes members: - type: interface name: nic1 @@ -156,13 +150,7 @@ resources: - ip_netmask: get_param: {{network.name}}IpSubnet routes: - list_concat_unique: - - get_param: {{network.name}}InterfaceRoutes -{%- if network.name in role.default_route_networks %} - - - default: true - next_hop: - get_param: {{network.name}}InterfaceDefaultRoute -{%- endif %} + get_param: {{network.name}}InterfaceRoutes {%- endfor %} outputs: config: diff --git a/overcloud.j2.yaml b/overcloud.j2.yaml index e690260..97759a5 100644 --- a/overcloud.j2.yaml +++ b/overcloud.j2.yaml @@ -969,7 +969,13 @@ resources: - {get_param: DnsServers} - {get_attr: [Networks, net_attributes_map, ctlplane, subnets, {get_param: {{role.name}}ControlPlaneSubnet}, dns_nameservers]} ctlplane_subnet_cidr: {str_split: ['/', {get_attr: [Networks, net_attributes_map, ctlplane, subnets, {get_param: {{role.name}}ControlPlaneSubnet}, cidr]}, 1]} - ctlplane_host_routes: {get_attr: [Networks, net_attributes_map, ctlplane, subnets, {get_param: {{role.name}}ControlPlaneSubnet}, host_routes]} + ctlplane_host_routes: + list_concat_unique: + - {get_attr: [Networks, net_attributes_map, ctlplane, subnets, {get_param: {{role.name}}ControlPlaneSubnet}, host_routes]} + {%- if role.default_route_networks is not defined or 'ControlPlane' in role.default_route_networks %} + - - default: true + next_hop: {get_attr: [Networks, net_attributes_map, ctlplane, subnets, {get_param: {{role.name}}ControlPlaneSubnet}, gateway_ip]} + {%- endif %} {%- for network in networks if network.enabled|default(true) and network.name in role.networks|default([]) %} {%- if role.networks is mapping %} {%- set _role_net_subnet = role.networks[network.name]['subnet'] %} @@ -978,7 +984,13 @@ resources: {%- endif %} {{network.name_lower}}_mtu: {get_attr: [Networks, net_attributes_map, {{network.name_lower}}, network, mtu]} {{network.name_lower}}_gateway_ip: {get_attr: [Networks, net_attributes_map, {{network.name_lower}}, subnets, {{_role_net_subnet}}, gateway_ip]} - {{network.name_lower}}_host_routes: {get_attr: [Networks, net_attributes_map, {{network.name_lower}}, subnets, {{_role_net_subnet}}, host_routes]} + {{network.name_lower}}_host_routes: + list_concat_unique: + - {get_attr: [Networks, net_attributes_map, {{network.name_lower}}, subnets, {{_role_net_subnet}}, host_routes]} + {%- if network.name in role.default_route_networks %} + - - default: true + next_hop: {get_attr: [Networks, net_attributes_map, {{network.name_lower}}, subnets, {{_role_net_subnet}}, gateway_ip]} + {%- endif %} {{network.name_lower}}_cidr: {str_split: ['/', {get_attr: [Networks, net_attributes_map, {{network.name_lower}}, subnets, {{_role_net_subnet}}, cidr]}, 1]} {{network.name_lower}}_vlan_id: yaql: @@ -1020,7 +1032,13 @@ resources: ControlPlaneIp: "{{ '{{' }} ctlplane_ip {{ '}}' }}" ControlPlaneSubnetCidr: {str_split: ['/', {get_attr: [Networks, net_attributes_map, ctlplane, subnets, {get_param: {{role.name}}ControlPlaneSubnet}, cidr]}, 1]} ControlPlaneDefaultRoute: {get_attr: [Networks, net_attributes_map, ctlplane, subnets, {get_param: {{role.name}}ControlPlaneSubnet}, gateway_ip]} - ControlPlaneStaticRoutes: {get_attr: [Networks, net_attributes_map, ctlplane, subnets, {get_param: {{role.name}}ControlPlaneSubnet}, host_routes]} + ControlPlaneStaticRoutes: + list_concat_unique: + - {get_attr: [Networks, net_attributes_map, ctlplane, subnets, {get_param: {{role.name}}ControlPlaneSubnet}, host_routes]} + {%- if role.default_route_networks is not defined or 'ControlPlane' in role.default_route_networks %} + - - default: true + next_hop: {get_attr: [Networks, net_attributes_map, ctlplane, subnets, {get_param: {{role.name}}ControlPlaneSubnet}, gateway_ip]} + {%- endif %} ControlPlaneMtu: {get_attr: [Networks, net_attributes_map, ctlplane, network, mtu]} DnsServers: if: @@ -1034,7 +1052,13 @@ resources: {%- set _role_net_subnet = network.name_lower + '_subnet' %} {%- endif %} {{network.name}}IpSubnet: "{{ '{{' }} {{network.name_lower}}_ip ~ '/' ~ {{network.name_lower}}_cidr {{ '}}' }}" - {{network.name}}InterfaceRoutes: {get_attr: [Networks, net_attributes_map, {{network.name_lower}}, subnets, {{_role_net_subnet}}, host_routes]} + {{network.name}}InterfaceRoutes: + list_concat_unique: + - {get_attr: [Networks, net_attributes_map, {{network.name_lower}}, subnets, {{_role_net_subnet}}, host_routes]} + {%- if network.name in role.default_route_networks %} + - - default: true + next_hop: {get_attr: [Networks, net_attributes_map, {{network.name_lower}}, subnets, {{_role_net_subnet}}, gateway_ip]} + {%- endif %} {{network.name}}Mtu: {get_attr: [Networks, net_attributes_map, {{network.name_lower}}, network, mtu]} {{network.name}}NetworkVlanID: yaql: diff --git a/roles/Standalone.yaml b/roles/Standalone.yaml index dede67c..c7730fd 100644 --- a/roles/Standalone.yaml +++ b/roles/Standalone.yaml @@ -12,6 +12,10 @@ - primary - controller - standalone + # Define default_route_networks as empty for standalone where management + # interface is used. On single nic systems ControlPlaneStaticRoutes must + # be set in standalone_parameters.yaml. + default_route_networks: [] networks: External: subnet: external_subnet diff --git a/roles/Undercloud.yaml b/roles/Undercloud.yaml index 66a0e74..daa51d9 100644 --- a/roles/Undercloud.yaml +++ b/roles/Undercloud.yaml @@ -9,6 +9,10 @@ tags: - primary - controller + # Define default_route_networks as empty for undercloud where management + # interface is used. On single nic a default route must configured in the + # local subnet definition in undercloud.conf + default_route_networks: [] networks: External: subnet: external_subnet diff --git a/roles/UndercloudMinion.yaml b/roles/UndercloudMinion.yaml index f4c8688..6980c70 100644 --- a/roles/UndercloudMinion.yaml +++ b/roles/UndercloudMinion.yaml @@ -7,6 +7,7 @@ and ironic-conductor via heat using the 'openstack undercloud minion deploy' command. CountDefault: 1 + default_route_networks: [] tags: - primary ServicesDefault: diff --git a/roles_data_undercloud.yaml b/roles_data_undercloud.yaml index beb41b7..b56c27a 100644 --- a/roles_data_undercloud.yaml +++ b/roles_data_undercloud.yaml @@ -12,6 +12,10 @@ tags: - primary - controller + # Define default_route_networks as empty for undercloud where management + # interface is used. On single nic a default route must configured in the + # local subnet definition in undercloud.conf + default_route_networks: [] networks: External: subnet: external_subnet