Fix Ironic service bind IPs
This patch removes the get_input's in the service templates and instead uses our new bind IP string replacement mechanism to correctly set the local bind IPs for the Ironic API. It also avoids using MysqlNetwork to set Ironic my_ip. This patch adds a new IronicNetwork setting which is used to control which network Ironic will use for its PXE network traffic. Change-Id: Ic848ec77b0106279c5d963504798c05110aa1440
This commit is contained in:
Dan Prince
parent
4c6a101511
commit
cb2570c237
@ -22,7 +22,8 @@ parameters:
|
||||
CinderIscsiNetwork: storage
|
||||
GlanceApiNetwork: storage
|
||||
GlanceRegistryNetwork: internal_api
|
||||
IronicApiNetwork: internal_api
|
||||
IronicApiNetwork: ctlplane
|
||||
IronicNetwork: ctlplane
|
||||
KeystoneAdminApiNetwork: ctlplane # allows undercloud to config endpoints
|
||||
KeystonePublicApiNetwork: internal_api
|
||||
ManilaApiNetwork: internal_api
|
||||
|
||||
@ -39,18 +39,18 @@ outputs:
|
||||
config_settings:
|
||||
map_merge:
|
||||
- get_attr: [IronicBase, role_data, config_settings]
|
||||
# NOTE(dtantsur): the my_ip parameter is heavily overloaded in
|
||||
# ironic. It's used as a default value for e.g. TFTP server IP,
|
||||
# glance and neutron endpoints, virtual console IP. We override
|
||||
# the TFTP server IP in ironic-conductor.yaml as it should not be
|
||||
# the VIP, but rather a real IP of the controller.
|
||||
- ironic::my_ip: {get_param: [EndpointMap, MysqlInternal, host]}
|
||||
ironic::api::authtoken::password: {get_param: IronicPassword}
|
||||
- ironic::api::authtoken::password: {get_param: IronicPassword}
|
||||
ironic::api::authtoken::project_name: 'service'
|
||||
ironic::api::authtoken::username: 'ironic'
|
||||
ironic::api::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
|
||||
ironic::api::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
|
||||
ironic::api::host_ip: {get_input: ironic_api_network}
|
||||
# NOTE: bind IP is found in Heat replacing the network name with the
|
||||
# local node IP for the given network; replacement examples
|
||||
# (eg. for internal_api):
|
||||
# internal_api -> IP
|
||||
# internal_api_uri -> [IP]
|
||||
# internal_api_subnet - > IP/CIDR
|
||||
ironic::api::host_ip: {get_param: [ServiceNetMap, IronicApiNetwork]}
|
||||
ironic::api::port: {get_param: [EndpointMap, IronicInternal, port]}
|
||||
# This is used to build links in responses
|
||||
ironic::api::public_endpoint: {get_param: [EndpointMap, IronicPublic, uri_no_suffix]}
|
||||
|
||||
@ -44,12 +44,23 @@ outputs:
|
||||
ironic::conductor::api_url: {get_param: [EndpointMap, IronicInternal, uri_no_suffix]}
|
||||
ironic::glance_api_servers: {get_param: [EndpointMap, GlanceInternal, uri]}
|
||||
ironic::enabled_drivers: {get_param: IronicEnabledDrivers}
|
||||
# Prevent tftp_server from defaulting to my_ip setting, which is
|
||||
# controller VIP, not a real IP.
|
||||
ironic::drivers::pxe::tftp_server: {get_input: ironic_api_network}
|
||||
# NOTE: bind IP is found in Heat replacing the network name with the
|
||||
# local node IP for the given network; replacement examples
|
||||
# (eg. for internal_api):
|
||||
# internal_api -> IP
|
||||
# internal_api_uri -> [IP]
|
||||
# internal_api_subnet - > IP/CIDR
|
||||
ironic::drivers::pxe::tftp_server: {get_param: [ServiceNetMap, IronicNetwork]}
|
||||
tripleo.ironic_conductor.firewall_rules:
|
||||
'134 ironic conductor TFTP':
|
||||
dport: 69
|
||||
proto: udp
|
||||
# NOTE(dtantsur): the my_ip parameter is heavily overloaded in
|
||||
# ironic. It's used as a default value for e.g. TFTP server IP,
|
||||
# glance and neutron endpoints, virtual console IP. We override
|
||||
# the TFTP server IP in ironic-conductor.yaml as it should not be
|
||||
# the VIP, but rather a real IP of the host.
|
||||
ironic::my_ip: {get_param: [ServiceNetMap, IronicNetwork]}
|
||||
|
||||
step_config: |
|
||||
include ::tripleo::profile::base::ironic::conductor
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user