From b2bcc10d5a3df5732fb872e5958fcfba24b181de Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Martin=20Andr=C3=A9?= <m.andre@redhat.com>
Date: Mon, 10 Sep 2018 10:57:15 +0200
Subject: [PATCH] Configure haproxy for openshift infra
Openshift Routers are located on the infra node and need to be highly
available on ports 80 and 443.
Depends-On: I5de14152904d06c49e9d5b2df6e3f09a35f23d92
Change-Id: Iee088e1279bff2cdb7a3601288804f626bff29a3
---
environments/no-tls-endpoints-public-ip.yaml | 3 +
environments/openshift.yaml | 1 +
environments/ssl/no-tls-endpoints-public.yaml | 3 +
.../ssl/tls-endpoints-public-dns.yaml | 3 +
environments/ssl/tls-endpoints-public-ip.yaml | 3 +
.../ssl/tls-everywhere-endpoints-dns.yaml | 3 +
environments/tls-endpoints-public-dns.yaml | 3 +
environments/tls-endpoints-public-ip.yaml | 3 +
.../tls-everywhere-endpoints-dns.yaml | 3 +
extraconfig/services/openshift-infra.yaml | 82 ++++++
network/endpoints/endpoint_data.yaml | 13 +-
network/endpoints/endpoint_map.yaml | 246 ++++++++++++++++++
network/service_net_map.j2.yaml | 1 +
overcloud-resource-registry-puppet.j2.yaml | 1 +
roles/OpenShiftAllInOne.yaml | 1 +
roles/OpenShiftInfra.yaml | 2 +-
sample-env-generator/ssl.yaml | 12 +
17 files changed, 380 insertions(+), 3 deletions(-)
create mode 100644 extraconfig/services/openshift-infra.yaml
diff --git a/environments/no-tls-endpoints-public-ip.yaml b/environments/no-tls-endpoints-public-ip.yaml
index dea839f274..1bca0197e2 100644
--- a/environments/no-tls-endpoints-public-ip.yaml
+++ b/environments/no-tls-endpoints-public-ip.yaml
@@ -94,6 +94,9 @@ parameter_defaults:
OpenshiftAdmin: {protocol: http, port: '8443', host: IP_ADDRESS}
OpenshiftInternal: {protocol: http, port: '8443', host: IP_ADDRESS}
OpenshiftPublic: {protocol: http, port: '8443', host: IP_ADDRESS}
+ OpenshiftRouterAdmin: {protocol: http, port: '80', host: IP_ADDRESS}
+ OpenshiftRouterInternal: {protocol: http, port: '80', host: IP_ADDRESS}
+ OpenshiftRouterPublic: {protocol: http, port: '80', host: IP_ADDRESS}
PankoAdmin: {protocol: http, port: '8977', host: IP_ADDRESS}
PankoInternal: {protocol: http, port: '8977', host: IP_ADDRESS}
PankoPublic: {protocol: http, port: '8977', host: IP_ADDRESS}
diff --git a/environments/openshift.yaml b/environments/openshift.yaml
index da63cbb0b1..d92dc9747e 100644
--- a/environments/openshift.yaml
+++ b/environments/openshift.yaml
@@ -2,3 +2,4 @@ resource_registry:
OS::TripleO::Services::Docker: ../puppet/services/docker.yaml
OS::TripleO::Services::OpenShift::Worker: ../extraconfig/services/openshift-worker.yaml
OS::TripleO::Services::OpenShift::Master: ../extraconfig/services/openshift-master.yaml
+ OS::TripleO::Services::OpenShift::Infra: ../extraconfig/services/openshift-infra.yaml
diff --git a/environments/ssl/no-tls-endpoints-public.yaml b/environments/ssl/no-tls-endpoints-public.yaml
index c2ce10590a..62b3c6646d 100644
--- a/environments/ssl/no-tls-endpoints-public.yaml
+++ b/environments/ssl/no-tls-endpoints-public.yaml
@@ -97,6 +97,9 @@ parameter_defaults:
OpenshiftAdmin: {protocol: http, port: '8443', host: IP_ADDRESS}
OpenshiftInternal: {protocol: http, port: '8443', host: IP_ADDRESS}
OpenshiftPublic: {protocol: http, port: '8443', host: IP_ADDRESS}
+ OpenshiftRouterAdmin: {protocol: http, port: '80', host: IP_ADDRESS}
+ OpenshiftRouterInternal: {protocol: http, port: '80', host: IP_ADDRESS}
+ OpenshiftRouterPublic: {protocol: http, port: '80', host: IP_ADDRESS}
PankoAdmin: {protocol: http, port: '8977', host: IP_ADDRESS}
PankoInternal: {protocol: http, port: '8977', host: IP_ADDRESS}
PankoPublic: {protocol: http, port: '8977', host: IP_ADDRESS}
diff --git a/environments/ssl/tls-endpoints-public-dns.yaml b/environments/ssl/tls-endpoints-public-dns.yaml
index fba55e7f36..33f6f7fa36 100644
--- a/environments/ssl/tls-endpoints-public-dns.yaml
+++ b/environments/ssl/tls-endpoints-public-dns.yaml
@@ -90,6 +90,9 @@ parameter_defaults:
OpenshiftAdmin: {protocol: 'http', port: '8443', host: 'IP_ADDRESS'}
OpenshiftInternal: {protocol: 'http', port: '8443', host: 'IP_ADDRESS'}
OpenshiftPublic: {protocol: 'http', port: '8443', host: 'IP_ADDRESS'}
+ OpenshiftRouterAdmin: {protocol: 'http', port: '80', host: 'IP_ADDRESS'}
+ OpenshiftRouterInternal: {protocol: 'http', port: '80', host: 'IP_ADDRESS'}
+ OpenshiftRouterPublic: {protocol: 'http', port: '80', host: 'IP_ADDRESS'}
PankoAdmin: {protocol: 'http', port: '8977', host: 'IP_ADDRESS'}
PankoInternal: {protocol: 'http', port: '8977', host: 'IP_ADDRESS'}
PankoPublic: {protocol: 'https', port: '13977', host: 'CLOUDNAME'}
diff --git a/environments/ssl/tls-endpoints-public-ip.yaml b/environments/ssl/tls-endpoints-public-ip.yaml
index 7a39eb1cc3..5ef340a07c 100644
--- a/environments/ssl/tls-endpoints-public-ip.yaml
+++ b/environments/ssl/tls-endpoints-public-ip.yaml
@@ -90,6 +90,9 @@ parameter_defaults:
OpenshiftAdmin: {protocol: 'http', port: '8443', host: 'IP_ADDRESS'}
OpenshiftInternal: {protocol: 'http', port: '8443', host: 'IP_ADDRESS'}
OpenshiftPublic: {protocol: 'http', port: '8443', host: 'IP_ADDRESS'}
+ OpenshiftRouterAdmin: {protocol: 'http', port: '80', host: 'IP_ADDRESS'}
+ OpenshiftRouterInternal: {protocol: 'http', port: '80', host: 'IP_ADDRESS'}
+ OpenshiftRouterPublic: {protocol: 'http', port: '80', host: 'IP_ADDRESS'}
PankoAdmin: {protocol: 'http', port: '8977', host: 'IP_ADDRESS'}
PankoInternal: {protocol: 'http', port: '8977', host: 'IP_ADDRESS'}
PankoPublic: {protocol: 'https', port: '13977', host: 'IP_ADDRESS'}
diff --git a/environments/ssl/tls-everywhere-endpoints-dns.yaml b/environments/ssl/tls-everywhere-endpoints-dns.yaml
index be148229f3..6d3c3d3fd0 100644
--- a/environments/ssl/tls-everywhere-endpoints-dns.yaml
+++ b/environments/ssl/tls-everywhere-endpoints-dns.yaml
@@ -90,6 +90,9 @@ parameter_defaults:
OpenshiftAdmin: {protocol: 'https', port: '8443', host: 'CLOUDNAME'}
OpenshiftInternal: {protocol: 'https', port: '8443', host: 'CLOUDNAME'}
OpenshiftPublic: {protocol: 'https', port: '8443', host: 'CLOUDNAME'}
+ OpenshiftRouterAdmin: {protocol: 'https', port: '443', host: 'CLOUDNAME'}
+ OpenshiftRouterInternal: {protocol: 'https', port: '443', host: 'CLOUDNAME'}
+ OpenshiftRouterPublic: {protocol: 'https', port: '443', host: 'CLOUDNAME'}
PankoAdmin: {protocol: 'https', port: '8977', host: 'CLOUDNAME'}
PankoInternal: {protocol: 'https', port: '8977', host: 'CLOUDNAME'}
PankoPublic: {protocol: 'https', port: '13977', host: 'CLOUDNAME'}
diff --git a/environments/tls-endpoints-public-dns.yaml b/environments/tls-endpoints-public-dns.yaml
index 444c92c46f..e68a45a041 100644
--- a/environments/tls-endpoints-public-dns.yaml
+++ b/environments/tls-endpoints-public-dns.yaml
@@ -84,6 +84,9 @@ parameter_defaults:
OpenshiftAdmin: {protocol: 'http', port: '8443', host: 'IP_ADDRESS'}
OpenshiftInternal: {protocol: 'http', port: '8443', host: 'IP_ADDRESS'}
OpenshiftPublic: {protocol: 'http', port: '8443', host: 'IP_ADDRESS'}
+ OpenshiftRouterAdmin: {protocol: 'http', port: '80', host: 'IP_ADDRESS'}
+ OpenshiftRouterInternal: {protocol: 'http', port: '80', host: 'IP_ADDRESS'}
+ OpenshiftRouterPublic: {protocol: 'http', port: '80', host: 'IP_ADDRESS'}
PankoAdmin: {protocol: 'http', port: '8977', host: 'IP_ADDRESS'}
PankoInternal: {protocol: 'http', port: '8977', host: 'IP_ADDRESS'}
PankoPublic: {protocol: 'https', port: '13977', host: 'CLOUDNAME'}
diff --git a/environments/tls-endpoints-public-ip.yaml b/environments/tls-endpoints-public-ip.yaml
index a7dc298cea..fb853cd619 100644
--- a/environments/tls-endpoints-public-ip.yaml
+++ b/environments/tls-endpoints-public-ip.yaml
@@ -84,6 +84,9 @@ parameter_defaults:
OpenshiftAdmin: {protocol: 'http', port: '8443', host: 'IP_ADDRESS'}
OpenshiftInternal: {protocol: 'http', port: '8443', host: 'IP_ADDRESS'}
OpenshiftPublic: {protocol: 'http', port: '8443', host: 'IP_ADDRESS'}
+ OpenshiftRouterAdmin: {protocol: 'http', port: '80', host: 'IP_ADDRESS'}
+ OpenshiftRouterInternal: {protocol: 'http', port: '80', host: 'IP_ADDRESS'}
+ OpenshiftRouterPublic: {protocol: 'http', port: '80', host: 'IP_ADDRESS'}
PankoAdmin: {protocol: 'http', port: '8977', host: 'IP_ADDRESS'}
PankoInternal: {protocol: 'http', port: '8977', host: 'IP_ADDRESS'}
PankoPublic: {protocol: 'https', port: '13977', host: 'IP_ADDRESS'}
diff --git a/environments/tls-everywhere-endpoints-dns.yaml b/environments/tls-everywhere-endpoints-dns.yaml
index 96a7fa69e3..b50586afaa 100644
--- a/environments/tls-everywhere-endpoints-dns.yaml
+++ b/environments/tls-everywhere-endpoints-dns.yaml
@@ -80,6 +80,9 @@ parameter_defaults:
OpenshiftAdmin: {protocol: 'https', port: '8443', host: 'CLOUDNAME'}
OpenshiftInternal: {protocol: 'https', port: '8443', host: 'CLOUDNAME'}
OpenshiftPublic: {protocol: 'https', port: '8443', host: 'CLOUDNAME'}
+ OpenshiftRouterAdmin: {protocol: 'https', port: '443', host: 'CLOUDNAME'}
+ OpenshiftRouterInternal: {protocol: 'https', port: '443', host: 'CLOUDNAME'}
+ OpenshiftRouterPublic: {protocol: 'https', port: '443', host: 'CLOUDNAME'}
PankoAdmin: {protocol: 'https', port: '8977', host: 'CLOUDNAME'}
PankoInternal: {protocol: 'https', port: '8977', host: 'CLOUDNAME'}
PankoPublic: {protocol: 'https', port: '13977', host: 'CLOUDNAME'}
diff --git a/extraconfig/services/openshift-infra.yaml b/extraconfig/services/openshift-infra.yaml
new file mode 100644
index 0000000000..6dbce97354
--- /dev/null
+++ b/extraconfig/services/openshift-infra.yaml
@@ -0,0 +1,82 @@
+heat_template_version: rocky
+
+description: External tasks definition for OpenShift
+
+parameters:
+ RoleNetIpMap:
+ default: {}
+ type: json
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ # TODO(mandre) This is unused. Remove it or make it OpenShiftNodeVars
+ OpenShiftWorkerNodeVars:
+ default: {}
+ description: OpenShift node vars specific for the worker nodes
+ type: json
+
+resources:
+
+ OpenShiftWorker:
+ type: ./openshift-worker.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ RoleName: {get_param: RoleName}
+ RoleParameters: {get_param: RoleParameters}
+
+outputs:
+ role_data:
+ description: Role data for the Openshift Service
+ value:
+ service_name: openshift_infra
+ config_settings: {get_attr: [OpenShiftWorker, role_data, config_settings]}
+ service_config_settings:
+ haproxy:
+ tripleo::openshift_infra::haproxy_endpoints:
+ openshift-router-http:
+ base_service_name: openshift_infra
+ public_virtual_ip: "%{hiera('public_virtual_ip')}"
+ internal_ip: "%{hiera('openshift_infra_vip')}"
+ service_port: 80
+ listen_options:
+ balance: 'roundrobin'
+ member_options: [ 'check', 'inter 2000', 'rise 2', 'fall 5' ]
+ haproxy_listen_bind_param: ['transparent']
+ openshift-router-https:
+ base_service_name: openshift_infra
+ public_virtual_ip: "%{hiera('public_virtual_ip')}"
+ internal_ip: "%{hiera('openshift_infra_vip')}"
+ service_port: 443
+ listen_options:
+ balance: 'roundrobin'
+ member_options: [ 'check', 'inter 2000', 'rise 2', 'fall 5' ]
+ haproxy_listen_bind_param: ['transparent']
+ upgrade_tasks: []
+ step_config: ''
+ external_deploy_tasks:
+ - get_attr: [OpenShiftWorker, role_data, external_deploy_tasks]
diff --git a/network/endpoints/endpoint_data.yaml b/network/endpoints/endpoint_data.yaml
index 0babfe4ab2..2a92ec229b 100644
--- a/network/endpoints/endpoint_data.yaml
+++ b/network/endpoints/endpoint_data.yaml
@@ -265,11 +265,20 @@ Openshift:
Internal:
net_param: OpenshiftMaster
Public:
- net_param: Public
+ net_param: Public
Admin:
- net_param: OpenshiftMaster
+ net_param: OpenshiftMaster
port: 8443
+OpenshiftRouter:
+ Internal:
+ net_param: OpenshiftInfra
+ Public:
+ net_param: Public
+ Admin:
+ net_param: OpenshiftInfra
+ port: 80
+
Swift:
Internal:
net_param: SwiftProxy
diff --git a/network/endpoints/endpoint_map.yaml b/network/endpoints/endpoint_map.yaml
index 336fb549a0..0970d229c5 100644
--- a/network/endpoints/endpoint_map.yaml
+++ b/network/endpoints/endpoint_map.yaml
@@ -97,6 +97,9 @@ parameters:
OpenshiftAdmin: {protocol: http, port: '8443', host: IP_ADDRESS}
OpenshiftInternal: {protocol: http, port: '8443', host: IP_ADDRESS}
OpenshiftPublic: {protocol: http, port: '8443', host: IP_ADDRESS}
+ OpenshiftRouterAdmin: {protocol: http, port: '80', host: IP_ADDRESS}
+ OpenshiftRouterInternal: {protocol: http, port: '80', host: IP_ADDRESS}
+ OpenshiftRouterPublic: {protocol: http, port: '80', host: IP_ADDRESS}
PankoAdmin: {protocol: http, port: '8977', host: IP_ADDRESS}
PankoInternal: {protocol: http, port: '8977', host: IP_ADDRESS}
PankoPublic: {protocol: http, port: '8977', host: IP_ADDRESS}
@@ -7523,6 +7526,249 @@ outputs:
template: NETWORK_uri
port:
get_param: [EndpointMap, OpenshiftPublic, port]
+ OpenshiftRouterAdmin:
+ host:
+ str_replace:
+ template:
+ get_param: [EndpointMap, OpenshiftRouterAdmin, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, OpenshiftInfraNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, OpenshiftInfraNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, OpenshiftRouterAdmin, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, OpenshiftInfraNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, OpenshiftInfraNetwork]
+ port:
+ get_param: [EndpointMap, OpenshiftRouterAdmin, port]
+ protocol:
+ get_param: [EndpointMap, OpenshiftRouterAdmin, protocol]
+ uri:
+ make_url:
+ scheme:
+ get_param: [EndpointMap, OpenshiftRouterAdmin, protocol]
+ host:
+ str_replace:
+ template:
+ get_param: [EndpointMap, OpenshiftRouterAdmin, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, OpenshiftInfraNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, OpenshiftInfraNetwork]
+ template: NETWORK_uri
+ port:
+ get_param: [EndpointMap, OpenshiftRouterAdmin, port]
+ uri_no_suffix:
+ make_url:
+ scheme:
+ get_param: [EndpointMap, OpenshiftRouterAdmin, protocol]
+ host:
+ str_replace:
+ template:
+ get_param: [EndpointMap, OpenshiftRouterAdmin, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, OpenshiftInfraNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, OpenshiftInfraNetwork]
+ template: NETWORK_uri
+ port:
+ get_param: [EndpointMap, OpenshiftRouterAdmin, port]
+ OpenshiftRouterInternal:
+ host:
+ str_replace:
+ template:
+ get_param: [EndpointMap, OpenshiftRouterInternal, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, OpenshiftInfraNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, OpenshiftInfraNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, OpenshiftRouterInternal, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, OpenshiftInfraNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, OpenshiftInfraNetwork]
+ port:
+ get_param: [EndpointMap, OpenshiftRouterInternal, port]
+ protocol:
+ get_param: [EndpointMap, OpenshiftRouterInternal, protocol]
+ uri:
+ make_url:
+ scheme:
+ get_param: [EndpointMap, OpenshiftRouterInternal, protocol]
+ host:
+ str_replace:
+ template:
+ get_param: [EndpointMap, OpenshiftRouterInternal, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, OpenshiftInfraNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, OpenshiftInfraNetwork]
+ template: NETWORK_uri
+ port:
+ get_param: [EndpointMap, OpenshiftRouterInternal, port]
+ uri_no_suffix:
+ make_url:
+ scheme:
+ get_param: [EndpointMap, OpenshiftRouterInternal, protocol]
+ host:
+ str_replace:
+ template:
+ get_param: [EndpointMap, OpenshiftRouterInternal, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, OpenshiftInfraNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, OpenshiftInfraNetwork]
+ template: NETWORK_uri
+ port:
+ get_param: [EndpointMap, OpenshiftRouterInternal, port]
+ OpenshiftRouterPublic:
+ host:
+ str_replace:
+ template:
+ get_param: [EndpointMap, OpenshiftRouterPublic, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
+ host_nobrackets:
+ str_replace:
+ template:
+ get_param: [EndpointMap, OpenshiftRouterPublic, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - get_param: [ServiceNetMap, PublicNetwork]
+ port:
+ get_param: [EndpointMap, OpenshiftRouterPublic, port]
+ protocol:
+ get_param: [EndpointMap, OpenshiftRouterPublic, protocol]
+ uri:
+ make_url:
+ scheme:
+ get_param: [EndpointMap, OpenshiftRouterPublic, protocol]
+ host:
+ str_replace:
+ template:
+ get_param: [EndpointMap, OpenshiftRouterPublic, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
+ port:
+ get_param: [EndpointMap, OpenshiftRouterPublic, port]
+ uri_no_suffix:
+ make_url:
+ scheme:
+ get_param: [EndpointMap, OpenshiftRouterPublic, protocol]
+ host:
+ str_replace:
+ template:
+ get_param: [EndpointMap, OpenshiftRouterPublic, host]
+ params:
+ CLOUDNAME:
+ get_param:
+ - CloudEndpoints
+ - get_param: [ServiceNetMap, PublicNetwork]
+ IP_ADDRESS:
+ get_param:
+ - NetIpMap
+ - str_replace:
+ params:
+ NETWORK:
+ get_param: [ServiceNetMap, PublicNetwork]
+ template: NETWORK_uri
+ port:
+ get_param: [EndpointMap, OpenshiftRouterPublic, port]
PankoAdmin:
host:
str_replace:
diff --git a/network/service_net_map.j2.yaml b/network/service_net_map.j2.yaml
index 2f09dded64..c5f9c490c0 100644
--- a/network/service_net_map.j2.yaml
+++ b/network/service_net_map.j2.yaml
@@ -87,6 +87,7 @@ parameters:
CephStorageHostnameResolveNetwork: storage
EtcdNetwork: internal_api
OpenshiftMasterNetwork: internal_api
+ OpenshiftInfraNetwork: internal_api
{% for role in roles if role.name != 'CephStorage' %}
{{role.name}}HostnameResolveNetwork: internal_api
{% endfor %}
diff --git a/overcloud-resource-registry-puppet.j2.yaml b/overcloud-resource-registry-puppet.j2.yaml
index 7ad478f48e..1d5367295c 100644
--- a/overcloud-resource-registry-puppet.j2.yaml
+++ b/overcloud-resource-registry-puppet.j2.yaml
@@ -207,6 +207,7 @@ resource_registry:
OS::TripleO::Services::ContainersLogrotateCrond: docker/services/logrotate-crond.yaml
OS::TripleO::Services::OpenShift::Master: OS::Heat::None
OS::TripleO::Services::OpenShift::Worker: OS::Heat::None
+ OS::TripleO::Services::OpenShift::Infra: OS::Heat::None
OS::TripleO::Services::OpenShift::GlusterFS: OS::Heat::None
OS::TripleO::Services::SwiftProxy: docker/services/swift-proxy.yaml
OS::TripleO::Services::SwiftDispersion: OS::Heat::None
diff --git a/roles/OpenShiftAllInOne.yaml b/roles/OpenShiftAllInOne.yaml
index 9374d96772..c509b29851 100644
--- a/roles/OpenShiftAllInOne.yaml
+++ b/roles/OpenShiftAllInOne.yaml
@@ -30,4 +30,5 @@
- OS::TripleO::Services::Keepalived
- OS::TripleO::Services::OpenShift::Master
- OS::TripleO::Services::OpenShift::Worker
+ - OS::TripleO::Services::OpenShift::Infra
- OS::TripleO::Services::OpenShift::GlusterFS
diff --git a/roles/OpenShiftInfra.yaml b/roles/OpenShiftInfra.yaml
index 215a5ce255..00fd387651 100644
--- a/roles/OpenShiftInfra.yaml
+++ b/roles/OpenShiftInfra.yaml
@@ -21,4 +21,4 @@
- OS::TripleO::Services::Docker
- OS::TripleO::Services::Sshd
- OS::TripleO::Services::Ntp
- - OS::TripleO::Services::OpenShift::Worker
+ - OS::TripleO::Services::OpenShift::Infra
diff --git a/sample-env-generator/ssl.yaml b/sample-env-generator/ssl.yaml
index 29fa4fadce..84088a85bf 100644
--- a/sample-env-generator/ssl.yaml
+++ b/sample-env-generator/ssl.yaml
@@ -185,6 +185,9 @@ environments:
OpenshiftAdmin: {protocol: 'http', port: '8443', host: 'IP_ADDRESS'}
OpenshiftInternal: {protocol: 'http', port: '8443', host: 'IP_ADDRESS'}
OpenshiftPublic: {protocol: 'http', port: '8443', host: 'IP_ADDRESS'}
+ OpenshiftRouterAdmin: {protocol: 'http', port: '80', host: 'IP_ADDRESS'}
+ OpenshiftRouterInternal: {protocol: 'http', port: '80', host: 'IP_ADDRESS'}
+ OpenshiftRouterPublic: {protocol: 'http', port: '80', host: 'IP_ADDRESS'}
PankoAdmin: {protocol: 'http', port: '8977', host: 'IP_ADDRESS'}
PankoInternal: {protocol: 'http', port: '8977', host: 'IP_ADDRESS'}
PankoPublic: {protocol: 'https', port: '13977', host: 'IP_ADDRESS'}
@@ -301,6 +304,9 @@ environments:
OpenshiftAdmin: {protocol: 'http', port: '8443', host: 'IP_ADDRESS'}
OpenshiftInternal: {protocol: 'http', port: '8443', host: 'IP_ADDRESS'}
OpenshiftPublic: {protocol: 'http', port: '8443', host: 'IP_ADDRESS'}
+ OpenshiftRouterAdmin: {protocol: 'http', port: '80', host: 'IP_ADDRESS'}
+ OpenshiftRouterInternal: {protocol: 'http', port: '80', host: 'IP_ADDRESS'}
+ OpenshiftRouterPublic: {protocol: 'http', port: '80', host: 'IP_ADDRESS'}
PankoAdmin: {protocol: 'http', port: '8977', host: 'IP_ADDRESS'}
PankoInternal: {protocol: 'http', port: '8977', host: 'IP_ADDRESS'}
PankoPublic: {protocol: 'https', port: '13977', host: 'CLOUDNAME'}
@@ -417,6 +423,9 @@ environments:
OpenshiftAdmin: {protocol: 'https', port: '8443', host: 'CLOUDNAME'}
OpenshiftInternal: {protocol: 'https', port: '8443', host: 'CLOUDNAME'}
OpenshiftPublic: {protocol: 'https', port: '8443', host: 'CLOUDNAME'}
+ OpenshiftRouterAdmin: {protocol: 'https', port: '443', host: 'CLOUDNAME'}
+ OpenshiftRouterInternal: {protocol: 'https', port: '443', host: 'CLOUDNAME'}
+ OpenshiftRouterPublic: {protocol: 'https', port: '443', host: 'CLOUDNAME'}
PankoAdmin: {protocol: 'https', port: '8977', host: 'CLOUDNAME'}
PankoInternal: {protocol: 'https', port: '8977', host: 'CLOUDNAME'}
PankoPublic: {protocol: 'https', port: '13977', host: 'CLOUDNAME'}
@@ -546,6 +555,9 @@ environments:
OpenshiftAdmin: {protocol: http, port: '8443', host: IP_ADDRESS}
OpenshiftInternal: {protocol: http, port: '8443', host: IP_ADDRESS}
OpenshiftPublic: {protocol: http, port: '8443', host: IP_ADDRESS}
+ OpenshiftRouterAdmin: {protocol: http, port: '80', host: IP_ADDRESS}
+ OpenshiftRouterInternal: {protocol: http, port: '80', host: IP_ADDRESS}
+ OpenshiftRouterPublic: {protocol: http, port: '80', host: IP_ADDRESS}
PankoAdmin: {protocol: http, port: '8977', host: IP_ADDRESS}
PankoInternal: {protocol: http, port: '8977', host: IP_ADDRESS}
PankoPublic: {protocol: http, port: '8977', host: IP_ADDRESS}