Route private floating and storage frontend network through router
In case with manila we need access from vms floating networks
to storage frontend network. To simplify networks setup it was decided
to remove floating network ips from nodes and route floating network
through neutron router.
In case of tungstenfabric private floating interface is not added
to router, and extra routes are used as before.
Also added restart for systemd-resolved in frr (looks like
bug not related to this patch)
Change-Id: I6b7750be221bf6e8ab681fff57b150405881331b
Related-Prod: https://mirantis.jira.com/browse/PRODX-47207
diff --git a/de/heat-templates/env/k0s-aio.yaml b/de/heat-templates/env/k0s-aio.yaml
index 056b0ab..23f314a 100644
--- a/de/heat-templates/env/k0s-aio.yaml
+++ b/de/heat-templates/env/k0s-aio.yaml
@@ -21,6 +21,7 @@
ucp_boot_timeout: 3600
cluster_public_key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCp0evjOaK8c8SKYK4r2+0BN7g+8YSvQ2n8nFgOURCyvkJqOHi1qPGZmuN0CclYVdVuZiXbWw3VxRbSW3EH736VzgY1U0JmoTiSamzLHaWsXvEIW8VCi7boli539QJP0ikJiBaNAgZILyCrVPN+A6mfqtacs1KXdZ0zlMq1BPtFciR1JTCRcVs5vP2Wwz5QtY2jMIh3aiwkePjMTQPcfmh1TkOlxYu5IbQyZ3G1ahA0mNKI9a0dtF282av/F6pwB/N1R1nEZ/9VtcN2I1mf1NW/tTHEEcTzXYo1R/8K9vlqAN8QvvGLZtZduGviNVNoNWvoxaXxDt8CPv2B2NCdQFZp
private_floating_network_cidr: '10.11.12.0/24'
+ private_floating_network_gateway: '10.11.12.1'
private_floating_interface: 'ens4'
tunnel_interface: 'ens3'
ucp_metadata: {"labels": {"openstack-control-plane":"enabled","openstack-compute-node":"enabled","openvswitch":"enabled", "openstack-gateway":"enabled","role":"ceph-osd-node","local-volume-provisioner": "enabled", "openstack-compute-node":"enabled","openvswitch":"enabled", "role":"ceph-osd-node"}}
@@ -33,6 +34,7 @@
workers_flavor: 'system.compact.openstack.control.ephemeral'
cmps_flavor: 'mosk.s.compute.ephemeral'
storage_frontend_network_cidr: '10.12.1.0/24'
+ storage_frontend_network_gateway: '10.12.1.1'
storage_backend_network_cidr: '10.12.0.0/24'
kubernetes_installer: k0s
single_node: 'true'
diff --git a/de/heat-templates/env/mstr1-wrkr3-cmp0-gtw0-vbmc2.yaml b/de/heat-templates/env/mstr1-wrkr3-cmp0-gtw0-vbmc2.yaml
index 29c32c3..ac1a280 100644
--- a/de/heat-templates/env/mstr1-wrkr3-cmp0-gtw0-vbmc2.yaml
+++ b/de/heat-templates/env/mstr1-wrkr3-cmp0-gtw0-vbmc2.yaml
@@ -21,6 +21,7 @@
ucp_boot_timeout: 3600
cluster_public_key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCp0evjOaK8c8SKYK4r2+0BN7g+8YSvQ2n8nFgOURCyvkJqOHi1qPGZmuN0CclYVdVuZiXbWw3VxRbSW3EH736VzgY1U0JmoTiSamzLHaWsXvEIW8VCi7boli539QJP0ikJiBaNAgZILyCrVPN+A6mfqtacs1KXdZ0zlMq1BPtFciR1JTCRcVs5vP2Wwz5QtY2jMIh3aiwkePjMTQPcfmh1TkOlxYu5IbQyZ3G1ahA0mNKI9a0dtF282av/F6pwB/N1R1nEZ/9VtcN2I1mf1NW/tTHEEcTzXYo1R/8K9vlqAN8QvvGLZtZduGviNVNoNWvoxaXxDt8CPv2B2NCdQFZp
private_floating_network_cidr: '10.11.12.0/24'
+ private_floating_network_gateway: '10.11.12.1'
private_floating_interface: 'ens4'
tunnel_interface: 'ens8'
worker_metadata: {"labels": {"openstack-control-plane":"enabled","openvswitch":"enabled","openstack-gateway": "enabled","role":"ceph-osd-node","local-volume-provisioner": "enabled"}}
@@ -39,6 +40,7 @@
cmps_flavor: 'mosk.s.compute.ephemeral'
vbmcs_flavor: 'system.compact.openstack.control'
storage_frontend_network_cidr: '10.12.1.0/24'
+ storage_frontend_network_gateway: '10.12.1.1'
storage_backend_network_cidr: '10.12.0.0/24'
hardware_metadata: |
'00:00:00:00:00:00':
diff --git a/de/heat-templates/env/mstr1-wrkr3-cmp0-gtw0.yaml b/de/heat-templates/env/mstr1-wrkr3-cmp0-gtw0.yaml
index 623f130..1258c19 100644
--- a/de/heat-templates/env/mstr1-wrkr3-cmp0-gtw0.yaml
+++ b/de/heat-templates/env/mstr1-wrkr3-cmp0-gtw0.yaml
@@ -20,6 +20,7 @@
ucp_boot_timeout: 3600
cluster_public_key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCp0evjOaK8c8SKYK4r2+0BN7g+8YSvQ2n8nFgOURCyvkJqOHi1qPGZmuN0CclYVdVuZiXbWw3VxRbSW3EH736VzgY1U0JmoTiSamzLHaWsXvEIW8VCi7boli539QJP0ikJiBaNAgZILyCrVPN+A6mfqtacs1KXdZ0zlMq1BPtFciR1JTCRcVs5vP2Wwz5QtY2jMIh3aiwkePjMTQPcfmh1TkOlxYu5IbQyZ3G1ahA0mNKI9a0dtF282av/F6pwB/N1R1nEZ/9VtcN2I1mf1NW/tTHEEcTzXYo1R/8K9vlqAN8QvvGLZtZduGviNVNoNWvoxaXxDt8CPv2B2NCdQFZp
private_floating_network_cidr: '10.11.12.0/24'
+ private_floating_network_gateway: '10.11.12.1'
private_floating_interface: 'ens4'
tunnel_interface: 'ens8'
worker_metadata: {"labels": {"openstack-control-plane":"enabled","openstack-compute-node":"enabled","openvswitch":"enabled", "openstack-gateway":"enabled","role":"ceph-osd-node","local-volume-provisioner": "enabled"}}
@@ -30,6 +31,7 @@
workers_flavor: 'system.compact.openstack.control.ephemeral'
cmps_flavor: 'mosk.s.compute.ephemeral'
storage_frontend_network_cidr: '10.12.1.0/24'
+ storage_frontend_network_gateway: '10.12.1.1'
storage_backend_network_cidr: '10.12.0.0/24'
hardware_metadata: |
'00:00:00:00:00:00':
diff --git a/de/heat-templates/env/mstr1-wrkr3-cmp2-acmp2-gtw0.yaml b/de/heat-templates/env/mstr1-wrkr3-cmp2-acmp2-gtw0.yaml
index 1f5ac99..aea2c2c 100644
--- a/de/heat-templates/env/mstr1-wrkr3-cmp2-acmp2-gtw0.yaml
+++ b/de/heat-templates/env/mstr1-wrkr3-cmp2-acmp2-gtw0.yaml
@@ -22,6 +22,7 @@
ucp_boot_timeout: 3600
cluster_public_key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCp0evjOaK8c8SKYK4r2+0BN7g+8YSvQ2n8nFgOURCyvkJqOHi1qPGZmuN0CclYVdVuZiXbWw3VxRbSW3EH736VzgY1U0JmoTiSamzLHaWsXvEIW8VCi7boli539QJP0ikJiBaNAgZILyCrVPN+A6mfqtacs1KXdZ0zlMq1BPtFciR1JTCRcVs5vP2Wwz5QtY2jMIh3aiwkePjMTQPcfmh1TkOlxYu5IbQyZ3G1ahA0mNKI9a0dtF282av/F6pwB/N1R1nEZ/9VtcN2I1mf1NW/tTHEEcTzXYo1R/8K9vlqAN8QvvGLZtZduGviNVNoNWvoxaXxDt8CPv2B2NCdQFZp
private_floating_network_cidr: '10.11.12.0/24'
+ private_floating_network_gateway: '10.11.12.1'
private_floating_interface: 'ens4'
tunnel_interface: 'ens8'
worker_metadata: {"labels": {"openstack-control-plane":"enabled","openvswitch":"enabled","openstack-gateway":"enabled","local-volume-provisioner": "enabled"}}
@@ -34,6 +35,7 @@
cmps_flavor: 'mosk.s.compute.ephemeral'
acmps_flavor: 'mosk.s.compute.ephemeral.numa'
storage_frontend_network_cidr: '10.12.1.0/24'
+ storage_frontend_network_gateway: '10.12.1.1'
storage_backend_network_cidr: '10.12.0.0/24'
# Enable only 1 size of huge pages because of https://mirantis.jira.com/browse/PRODX-8809
huge_pages: '0,5000'
diff --git a/de/heat-templates/env/mstr1-wrkr3-cmp2-acmp2-ntw3.yaml b/de/heat-templates/env/mstr1-wrkr3-cmp2-acmp2-ntw3.yaml
index 01dfb94..01ed318 100644
--- a/de/heat-templates/env/mstr1-wrkr3-cmp2-acmp2-ntw3.yaml
+++ b/de/heat-templates/env/mstr1-wrkr3-cmp2-acmp2-ntw3.yaml
@@ -43,6 +43,7 @@
cmps_flavor: 'mosk.s.compute.ephemeral'
acmps_flavor: 'mosk.s.compute.ephemeral.numa'
storage_frontend_network_cidr: '10.12.1.0/24'
+ storage_frontend_network_gateway: '10.12.1.1'
storage_backend_network_cidr: '10.12.0.0/24'
# Enable only 1 size of huge pages because of https://mirantis.jira.com/browse/PRODX-8809
huge_pages: '0,5000'
diff --git a/de/heat-templates/env/mstr1-wrkr3-cmp2-gtw0-lma3.yaml b/de/heat-templates/env/mstr1-wrkr3-cmp2-gtw0-lma3.yaml
index 06ca333..8862e04 100644
--- a/de/heat-templates/env/mstr1-wrkr3-cmp2-gtw0-lma3.yaml
+++ b/de/heat-templates/env/mstr1-wrkr3-cmp2-gtw0-lma3.yaml
@@ -21,6 +21,7 @@
ucp_boot_timeout: 3600
cluster_public_key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCp0evjOaK8c8SKYK4r2+0BN7g+8YSvQ2n8nFgOURCyvkJqOHi1qPGZmuN0CclYVdVuZiXbWw3VxRbSW3EH736VzgY1U0JmoTiSamzLHaWsXvEIW8VCi7boli539QJP0ikJiBaNAgZILyCrVPN+A6mfqtacs1KXdZ0zlMq1BPtFciR1JTCRcVs5vP2Wwz5QtY2jMIh3aiwkePjMTQPcfmh1TkOlxYu5IbQyZ3G1ahA0mNKI9a0dtF282av/F6pwB/N1R1nEZ/9VtcN2I1mf1NW/tTHEEcTzXYo1R/8K9vlqAN8QvvGLZtZduGviNVNoNWvoxaXxDt8CPv2B2NCdQFZp
private_floating_network_cidr: '10.11.12.0/24'
+ private_floating_network_gateway: '10.11.12.1'
private_floating_interface: 'ens4'
tunnel_interface: 'ens8'
worker_metadata: {"labels": {"openstack-control-plane":"enabled","openvswitch":"enabled","openstack-gateway":"enabled","local-volume-provisioner": "enabled"}}
@@ -32,6 +33,7 @@
workers_flavor: 'mosk.l.control.ephemeral'
cmps_flavor: 'mosk.s.compute.ephemeral'
storage_frontend_network_cidr: '10.12.1.0/24'
+ storage_frontend_network_gateway: '10.12.1.1'
storage_backend_network_cidr: '10.12.0.0/24'
hardware_metadata: |
'00:00:00:00:00:00':
diff --git a/de/heat-templates/env/mstr1-wrkr3-cmp2-gtw0-vbmc5.yaml b/de/heat-templates/env/mstr1-wrkr3-cmp2-gtw0-vbmc5.yaml
index c18536c..657a9d3 100644
--- a/de/heat-templates/env/mstr1-wrkr3-cmp2-gtw0-vbmc5.yaml
+++ b/de/heat-templates/env/mstr1-wrkr3-cmp2-gtw0-vbmc5.yaml
@@ -21,6 +21,7 @@
ucp_boot_timeout: 3600
cluster_public_key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCp0evjOaK8c8SKYK4r2+0BN7g+8YSvQ2n8nFgOURCyvkJqOHi1qPGZmuN0CclYVdVuZiXbWw3VxRbSW3EH736VzgY1U0JmoTiSamzLHaWsXvEIW8VCi7boli539QJP0ikJiBaNAgZILyCrVPN+A6mfqtacs1KXdZ0zlMq1BPtFciR1JTCRcVs5vP2Wwz5QtY2jMIh3aiwkePjMTQPcfmh1TkOlxYu5IbQyZ3G1ahA0mNKI9a0dtF282av/F6pwB/N1R1nEZ/9VtcN2I1mf1NW/tTHEEcTzXYo1R/8K9vlqAN8QvvGLZtZduGviNVNoNWvoxaXxDt8CPv2B2NCdQFZp
private_floating_network_cidr: '10.11.12.0/24'
+ private_floating_network_gateway: '10.11.12.1'
private_floating_interface: 'ens4'
tunnel_interface: 'ens8'
worker_metadata: {"labels": {"openstack-control-plane":"enabled","openvswitch":"enabled","openstack-gateway": "enabled","local-volume-provisioner": "enabled"}}
@@ -42,6 +43,7 @@
cmps_flavor: 'mosk.s.compute.ephemeral'
vbmcs_flavor: 'system.compact.openstack.control'
storage_frontend_network_cidr: '10.12.1.0/24'
+ storage_frontend_network_gateway: '10.12.1.1'
storage_backend_network_cidr: '10.12.0.0/24'
hardware_metadata: |
'00:00:00:00:00:00':
diff --git a/de/heat-templates/env/mstr1-wrkr3-cmp2-gtw0-vsrx1.yaml b/de/heat-templates/env/mstr1-wrkr3-cmp2-gtw0-vsrx1.yaml
index 48852fe..7091df4 100644
--- a/de/heat-templates/env/mstr1-wrkr3-cmp2-gtw0-vsrx1.yaml
+++ b/de/heat-templates/env/mstr1-wrkr3-cmp2-gtw0-vsrx1.yaml
@@ -37,6 +37,7 @@
workers_flavor: 'system.compact.openstack.control.ephemeral'
cmps_flavor: 'mosk.s.compute.ephemeral'
storage_frontend_network_cidr: '10.12.1.0/24'
+ storage_frontend_network_gateway: '10.12.1.1'
storage_backend_network_cidr: '10.12.0.0/24'
# Simulate changed default port for docker overlay vxlan
# https://mirantis.jira.com/browse/PRODX-11679
diff --git a/de/heat-templates/env/mstr1-wrkr3-cmp2-gtw0.yaml b/de/heat-templates/env/mstr1-wrkr3-cmp2-gtw0.yaml
index 612d399..351a4e6 100644
--- a/de/heat-templates/env/mstr1-wrkr3-cmp2-gtw0.yaml
+++ b/de/heat-templates/env/mstr1-wrkr3-cmp2-gtw0.yaml
@@ -20,6 +20,7 @@
ucp_boot_timeout: 3600
cluster_public_key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCp0evjOaK8c8SKYK4r2+0BN7g+8YSvQ2n8nFgOURCyvkJqOHi1qPGZmuN0CclYVdVuZiXbWw3VxRbSW3EH736VzgY1U0JmoTiSamzLHaWsXvEIW8VCi7boli539QJP0ikJiBaNAgZILyCrVPN+A6mfqtacs1KXdZ0zlMq1BPtFciR1JTCRcVs5vP2Wwz5QtY2jMIh3aiwkePjMTQPcfmh1TkOlxYu5IbQyZ3G1ahA0mNKI9a0dtF282av/F6pwB/N1R1nEZ/9VtcN2I1mf1NW/tTHEEcTzXYo1R/8K9vlqAN8QvvGLZtZduGviNVNoNWvoxaXxDt8CPv2B2NCdQFZp
private_floating_network_cidr: '10.11.12.0/24'
+ private_floating_network_gateway: '10.11.12.1'
private_floating_interface: 'ens4'
tunnel_interface: 'ens8'
worker_metadata: {"labels": {"openstack-control-plane":"enabled","openvswitch":"enabled","openstack-gateway": "enabled","local-volume-provisioner": "enabled"}}
@@ -30,6 +31,7 @@
workers_flavor: 'mosk.l.control.ephemeral'
cmps_flavor: 'mosk.s.compute.ephemeral'
storage_frontend_network_cidr: '10.12.1.0/24'
+ storage_frontend_network_gateway: '10.12.1.1'
storage_backend_network_cidr: '10.12.0.0/24'
cmp_lvm_loop_device_size: 50
cmp_cinder_lvm_loop_device_size: 50
diff --git a/de/heat-templates/env/mstr1-wrkr3-cmp2-ntw3-lma3.yaml b/de/heat-templates/env/mstr1-wrkr3-cmp2-ntw3-lma3.yaml
index b917c7d..35c9ac9 100644
--- a/de/heat-templates/env/mstr1-wrkr3-cmp2-ntw3-lma3.yaml
+++ b/de/heat-templates/env/mstr1-wrkr3-cmp2-ntw3-lma3.yaml
@@ -42,6 +42,7 @@
workers_flavor: 'mosk.l.control.ephemeral'
cmps_flavor: 'mosk.s.compute.ephemeral'
storage_frontend_network_cidr: '10.12.1.0/24'
+ storage_frontend_network_gateway: '10.12.1.1'
storage_backend_network_cidr: '10.12.0.0/24'
hardware_metadata: |
'00:00:00:00:00:00':
diff --git a/de/heat-templates/env/mstr1-wrkr3-cmp2-ntw3-vbmc2.yaml b/de/heat-templates/env/mstr1-wrkr3-cmp2-ntw3-vbmc2.yaml
index f036e43..97549cf 100644
--- a/de/heat-templates/env/mstr1-wrkr3-cmp2-ntw3-vbmc2.yaml
+++ b/de/heat-templates/env/mstr1-wrkr3-cmp2-ntw3-vbmc2.yaml
@@ -49,6 +49,7 @@
cmps_flavor: 'mosk.s.compute.ephemeral'
vbmcs_flavor: 'system.compact.openstack.control'
storage_frontend_network_cidr: '10.12.1.0/24'
+ storage_frontend_network_gateway: '10.12.1.1'
storage_backend_network_cidr: '10.12.0.0/24'
hardware_metadata: |
'00:00:00:00:00:00':
diff --git a/de/heat-templates/env/mstr1-wrkr3-cmp2-ntw3-vmx.yaml b/de/heat-templates/env/mstr1-wrkr3-cmp2-ntw3-vmx.yaml
index b160edc..a922dc2 100644
--- a/de/heat-templates/env/mstr1-wrkr3-cmp2-ntw3-vmx.yaml
+++ b/de/heat-templates/env/mstr1-wrkr3-cmp2-ntw3-vmx.yaml
@@ -54,6 +54,7 @@
workers_flavor: 'system.compact.openstack.control.ephemeral'
cmps_flavor: 'mosk.s.compute.ephemeral'
storage_frontend_network_cidr: '10.12.1.0/24'
+ storage_frontend_network_gateway: '10.12.1.1'
storage_backend_network_cidr: '10.12.0.0/24'
hardware_metadata: |
'00:00:00:00:00:00':
diff --git a/de/heat-templates/env/mstr1-wrkr3-cmp2-ntw3.yaml b/de/heat-templates/env/mstr1-wrkr3-cmp2-ntw3.yaml
index c4a29b1..d3d00fe 100644
--- a/de/heat-templates/env/mstr1-wrkr3-cmp2-ntw3.yaml
+++ b/de/heat-templates/env/mstr1-wrkr3-cmp2-ntw3.yaml
@@ -40,6 +40,7 @@
workers_flavor: 'system.compact.openstack.control.ephemeral'
cmps_flavor: 'mosk.s.compute.ephemeral'
storage_frontend_network_cidr: '10.12.1.0/24'
+ storage_frontend_network_gateway: '10.12.1.1'
storage_backend_network_cidr: '10.12.0.0/24'
hardware_metadata: |
'00:00:00:00:00:00':
diff --git a/de/heat-templates/env/mstr1-wrkr3-cmp3-gtw0.yaml b/de/heat-templates/env/mstr1-wrkr3-cmp3-gtw0.yaml
index ffb67ac..a3b9803 100644
--- a/de/heat-templates/env/mstr1-wrkr3-cmp3-gtw0.yaml
+++ b/de/heat-templates/env/mstr1-wrkr3-cmp3-gtw0.yaml
@@ -20,6 +20,7 @@
ucp_boot_timeout: 3600
cluster_public_key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCp0evjOaK8c8SKYK4r2+0BN7g+8YSvQ2n8nFgOURCyvkJqOHi1qPGZmuN0CclYVdVuZiXbWw3VxRbSW3EH736VzgY1U0JmoTiSamzLHaWsXvEIW8VCi7boli539QJP0ikJiBaNAgZILyCrVPN+A6mfqtacs1KXdZ0zlMq1BPtFciR1JTCRcVs5vP2Wwz5QtY2jMIh3aiwkePjMTQPcfmh1TkOlxYu5IbQyZ3G1ahA0mNKI9a0dtF282av/F6pwB/N1R1nEZ/9VtcN2I1mf1NW/tTHEEcTzXYo1R/8K9vlqAN8QvvGLZtZduGviNVNoNWvoxaXxDt8CPv2B2NCdQFZp
private_floating_network_cidr: '10.11.12.0/24'
+ private_floating_network_gateway: '10.11.12.1'
private_floating_interface: 'ens4'
tunnel_interface: 'ens8'
worker_metadata: {"labels": {"openstack-control-plane":"enabled","openvswitch":"enabled","openstack-gateway":"enabled","local-volume-provisioner": "enabled"}}
@@ -30,6 +31,7 @@
workers_flavor: 'mosk.l.control.ephemeral'
cmps_flavor: 'mosk.s.compute.ephemeral'
storage_frontend_network_cidr: '10.12.1.0/24'
+ storage_frontend_network_gateway: '10.12.1.1'
storage_backend_network_cidr: '10.12.0.0/24'
cmp_lvm_loop_device_size: 50
cmp_cinder_lvm_loop_device_size: 50
diff --git a/de/heat-templates/env/mstr1-wrkr3-cmp3-ntw3.yaml b/de/heat-templates/env/mstr1-wrkr3-cmp3-ntw3.yaml
index 671bd4e..3b7c9fa 100644
--- a/de/heat-templates/env/mstr1-wrkr3-cmp3-ntw3.yaml
+++ b/de/heat-templates/env/mstr1-wrkr3-cmp3-ntw3.yaml
@@ -40,6 +40,7 @@
workers_flavor: 'system.compact.openstack.control.ephemeral'
cmps_flavor: 'mosk.s.compute.ephemeral'
storage_frontend_network_cidr: '10.12.1.0/24'
+ storage_frontend_network_gateway: '10.12.1.1'
storage_backend_network_cidr: '10.12.0.0/24'
hardware_metadata: |
'00:00:00:00:00:00':
diff --git a/de/heat-templates/env/mstr1-wrkr3-cmp5-gtw0.yaml b/de/heat-templates/env/mstr1-wrkr3-cmp5-gtw0.yaml
index 51e676e..fea361c 100644
--- a/de/heat-templates/env/mstr1-wrkr3-cmp5-gtw0.yaml
+++ b/de/heat-templates/env/mstr1-wrkr3-cmp5-gtw0.yaml
@@ -20,6 +20,7 @@
ucp_boot_timeout: 3600
cluster_public_key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCp0evjOaK8c8SKYK4r2+0BN7g+8YSvQ2n8nFgOURCyvkJqOHi1qPGZmuN0CclYVdVuZiXbWw3VxRbSW3EH736VzgY1U0JmoTiSamzLHaWsXvEIW8VCi7boli539QJP0ikJiBaNAgZILyCrVPN+A6mfqtacs1KXdZ0zlMq1BPtFciR1JTCRcVs5vP2Wwz5QtY2jMIh3aiwkePjMTQPcfmh1TkOlxYu5IbQyZ3G1ahA0mNKI9a0dtF282av/F6pwB/N1R1nEZ/9VtcN2I1mf1NW/tTHEEcTzXYo1R/8K9vlqAN8QvvGLZtZduGviNVNoNWvoxaXxDt8CPv2B2NCdQFZp
private_floating_network_cidr: '10.11.12.0/24'
+ private_floating_network_gateway: '10.11.12.1'
private_floating_interface: 'ens4'
tunnel_interface: 'ens8'
worker_metadata: {"labels": {"openstack-control-plane":"enabled","openvswitch":"enabled","openstack-gateway":"enabled","local-volume-provisioner": "enabled"}}
@@ -30,6 +31,7 @@
workers_flavor: 'mosk.l.control.ephemeral'
cmps_flavor: 'mosk.s.compute.ephemeral'
storage_frontend_network_cidr: '10.12.1.0/24'
+ storage_frontend_network_gateway: '10.12.1.1'
storage_backend_network_cidr: '10.12.0.0/24'
cmp_lvm_loop_device_size: 50
cmp_cinder_lvm_loop_device_size: 50
diff --git a/de/heat-templates/env/mstr1-wrkr5-cmp2-gtw0-vsrx1.yaml b/de/heat-templates/env/mstr1-wrkr5-cmp2-gtw0-vsrx1.yaml
index e8f89c2..16ccafc 100644
--- a/de/heat-templates/env/mstr1-wrkr5-cmp2-gtw0-vsrx1.yaml
+++ b/de/heat-templates/env/mstr1-wrkr5-cmp2-gtw0-vsrx1.yaml
@@ -37,6 +37,7 @@
workers_flavor: 'system.compact.openstack.control.ephemeral'
cmps_flavor: 'mosk.s.compute.ephemeral'
storage_frontend_network_cidr: '10.12.1.0/24'
+ storage_frontend_network_gateway: '10.12.1.1'
storage_backend_network_cidr: '10.12.0.0/24'
# Simulate changed default port for docker overlay vxlan
# https://mirantis.jira.com/browse/PRODX-11679
diff --git a/de/heat-templates/env/mstr1-wrkr5-cmp2-ntw3.yaml b/de/heat-templates/env/mstr1-wrkr5-cmp2-ntw3.yaml
index 73c9439..8d66762 100644
--- a/de/heat-templates/env/mstr1-wrkr5-cmp2-ntw3.yaml
+++ b/de/heat-templates/env/mstr1-wrkr5-cmp2-ntw3.yaml
@@ -40,6 +40,7 @@
workers_flavor: 'system.compact.openstack.control.ephemeral'
cmps_flavor: 'mosk.s.compute.ephemeral.numa'
storage_frontend_network_cidr: '10.12.1.0/24'
+ storage_frontend_network_gateway: '10.12.1.1'
storage_backend_network_cidr: '10.12.0.0/24'
hardware_metadata: |
'00:00:00:00:00:00':
diff --git a/de/heat-templates/env/mstr1-wrkr5-cmp3-cmpgw2-ntw3.yaml b/de/heat-templates/env/mstr1-wrkr5-cmp3-cmpgw2-ntw3.yaml
index a763cae..173d5be 100644
--- a/de/heat-templates/env/mstr1-wrkr5-cmp3-cmpgw2-ntw3.yaml
+++ b/de/heat-templates/env/mstr1-wrkr5-cmp3-cmpgw2-ntw3.yaml
@@ -42,6 +42,7 @@
workers_flavor: 'system.compact.openstack.control.ephemeral'
cmps_flavor: 'mosk.s.compute.ephemeral'
storage_frontend_network_cidr: '10.12.1.0/24'
+ storage_frontend_network_gateway: '10.12.1.1'
storage_backend_network_cidr: '10.12.0.0/24'
hardware_metadata: |
'00:00:00:00:00:00':
diff --git a/de/heat-templates/env/mstr1-wrkr5-cmp3-gtw0.yaml b/de/heat-templates/env/mstr1-wrkr5-cmp3-gtw0.yaml
index 58f9717..2d19203 100644
--- a/de/heat-templates/env/mstr1-wrkr5-cmp3-gtw0.yaml
+++ b/de/heat-templates/env/mstr1-wrkr5-cmp3-gtw0.yaml
@@ -20,6 +20,7 @@
ucp_boot_timeout: 3600
cluster_public_key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCp0evjOaK8c8SKYK4r2+0BN7g+8YSvQ2n8nFgOURCyvkJqOHi1qPGZmuN0CclYVdVuZiXbWw3VxRbSW3EH736VzgY1U0JmoTiSamzLHaWsXvEIW8VCi7boli539QJP0ikJiBaNAgZILyCrVPN+A6mfqtacs1KXdZ0zlMq1BPtFciR1JTCRcVs5vP2Wwz5QtY2jMIh3aiwkePjMTQPcfmh1TkOlxYu5IbQyZ3G1ahA0mNKI9a0dtF282av/F6pwB/N1R1nEZ/9VtcN2I1mf1NW/tTHEEcTzXYo1R/8K9vlqAN8QvvGLZtZduGviNVNoNWvoxaXxDt8CPv2B2NCdQFZp
private_floating_network_cidr: '10.11.12.0/24'
+ private_floating_network_gateway: '10.11.12.1'
private_floating_interface: 'ens4'
tunnel_interface: 'ens8'
worker_metadata: {"labels": {"openstack-control-plane":"enabled","openvswitch":"enabled","openstack-gateway":"enabled","local-volume-provisioner": "enabled"}}
@@ -28,6 +29,7 @@
workers_flavor: 'mosk.s.control.ephemeral'
cmps_flavor: 'mosk.s.compute.ephemeral'
storage_frontend_network_cidr: '10.12.1.0/24'
+ storage_frontend_network_gateway: '10.12.1.1'
storage_backend_network_cidr: '10.12.0.0/24'
cmp_lvm_loop_device_size: 50
cmp_cinder_lvm_loop_device_size: 50
diff --git a/de/heat-templates/fragments/NetworkAccVM.yaml b/de/heat-templates/fragments/NetworkAccVM.yaml
index 2e1b3f2..cee4951 100644
--- a/de/heat-templates/fragments/NetworkAccVM.yaml
+++ b/de/heat-templates/fragments/NetworkAccVM.yaml
@@ -21,6 +21,24 @@
private_floating_network_cidr:
type: string
default: ''
+ private_floating_network:
+ type: string
+ default: ''
+ private_floating_subnet:
+ type: string
+ default: ''
+ private_floating_network_gateway:
+ type: string
+ default: ''
+ storage_frontend_network:
+ type: string
+ default: ''
+ storage_frontend_subnet:
+ type: string
+ default: ''
+ storage_frontend_network_gateway:
+ type: string
+ default: ''
conditions:
tf:
@@ -48,6 +66,26 @@
cidr: { get_param: control_network_cidr }
dns_nameservers: { get_param: dns_nameservers }
host_routes: { get_param: control_network_host_routes }
+
+ private_floating_router_port:
+ type: OS::Neutron::Port
+ condition: {not: cond_extra_routes}
+ properties:
+ network_id: { get_param: private_floating_network }
+ port_security_enabled: false
+ fixed_ips:
+ - subnet: { get_param: private_floating_subnet }
+ ip_address: { get_param: private_floating_network_gateway }
+
+ public_storage_router_port:
+ type: OS::Neutron::Port
+ properties:
+ network_id: { get_param: storage_frontend_network }
+ port_security_enabled: false
+ fixed_ips:
+ - subnet: { get_param: storage_frontend_subnet }
+ ip_address: { get_param: storage_frontend_network_gateway }
+
router:
type: OS::Neutron::Router
properties:
@@ -58,6 +96,18 @@
properties:
router: { get_resource: router }
subnet: { get_resource: subnet }
+ private_floating_router_iface:
+ type: OS::Neutron::RouterInterface
+ condition: {not: cond_extra_routes}
+ properties:
+ router: { get_resource: router }
+ port: { get_resource: private_floating_router_port }
+ public_storage_iface:
+ type: OS::Neutron::RouterInterface
+ properties:
+ router: { get_resource: router }
+ port: { get_resource: public_storage_router_port }
+
extra_routes:
type: OS::Neutron::ExtraRoute
condition: cond_extra_routes
diff --git a/de/heat-templates/scripts/functions.sh b/de/heat-templates/scripts/functions.sh
index f3d5e39..4073b15 100644
--- a/de/heat-templates/scripts/functions.sh
+++ b/de/heat-templates/scripts/functions.sh
@@ -18,7 +18,6 @@
TUNNEL_INTERFACE=$(ip -o addr show |grep -w ${TUNNEL_INTERFACE_IP}/${TUNNEL_INTERFACE_NETWORK_NETMASK} | awk '{print $2}')
IRONIC_BAREMETAL_NETWORK_PREFIX=$(sed 's/[0-9]*\/[0-9]*$//' <<< $IRONIC_BAREMETAL_NETWORK)
IRONIC_BAREMETAL_TUNNEL_NETWORK_PREFIX=$(sed 's/[0-9]*\/[0-9]*$//' <<< $IRONIC_BAREMETAL_TUNNEL_NETWORK)
-STORAGE_FRONTEND_NETWORK_NETMASK=$(echo ${STORAGE_FRONTEND_NETWORK} | cut -d'/' -f2)
DOCKER_DEFAULT_ADDRESS_POOL=${DOCKER_DEFAULT_ADDRESS_POOL:-10.10.1.0/16}
# DOCKER_DEFAULT_ADDRESS_SIZE have to be less then netmask in DOCKER_DEFAULT_ADDRESS_POOL because
# to the fact that actual netmask for docker_gwbridge is given from it
@@ -56,7 +55,6 @@
OS_CODENAME=$(lsb_release -c -s)
NODE_DEPLOYMENT_RETRIES=${NODE_DEPLOYMENT_RETRIES:-15}
FLOATING_NETWORK_PREFIXES=${FLOATING_NETWORK_PREFIXES:-10.11.12.0/24}
-PUBLIC_INTERFACE=${PUBLIC_INTERFACE:-ens4}
UCP_MASTER_HOST=${UCP_MASTER_HOST:-${CONTROL_IP_ADDRESS}}
UCP_IP_ADDRESS=${UCP_IP_ADDRESS:-$CONTROL_IP_ADDRESS}
UCP_AUDIT_LOG_LEVEL=${UCP_AUDIT_LOG_LEVEL:-''}
@@ -729,10 +727,10 @@
fi
fi
- public_address_match_ip_line=$(grep -nm1 "${PUBLIC_NODE_IP_ADDRESS}/${PUBLIC_NODE_IP_NETMASK}" ${cloud_netplan_cfg} | cut -d: -f1)
- if [ -n "${public_address_match_ip_line}" ] ; then
- sed -i "$((${public_address_match_ip_line}-1)),$((${public_address_match_ip_line}))d" ${cloud_netplan_cfg}
- fi
+public_address_match_ip_line=$(grep -nm1 "${PUBLIC_NODE_IP_ADDRESS}/${PUBLIC_NODE_IP_NETMASK}" ${cloud_netplan_cfg} | cut -d: -f1)
+if [ -n "${public_address_match_ip_line}" ] ; then
+ sed -i "$((${public_address_match_ip_line}-1)),$((${public_address_match_ip_line}))d" ${cloud_netplan_cfg}
+fi
cat << EOF >> ${cloud_netplan_cfg}
bridges:
@@ -741,11 +739,13 @@
interfaces:
- ${PUBLIC_INTERFACE}
- veth-br
+EOF
+if [[ ${NODE_METADATA} == *"tempest"* ]]; then
+cat << EOF >> ${cloud_netplan_cfg}
addresses:
- ${PUBLIC_NODE_IP_ADDRESS}/${PUBLIC_NODE_IP_NETMASK}
EOF
# Assign more ips for neutron dynamic routing PRODX-31417
-if [[ ${NODE_METADATA} == *"tempest"* ]]; then
for i in {71..76}; do
cat << EOF >> ${cloud_netplan_cfg}
- ${PUBLIC_NODE_IP_ADDRESS%.*}.${i}/${PUBLIC_NODE_IP_NETMASK}
@@ -973,6 +973,8 @@
netplan --debug apply
# NOTE(vsaienko): give some time to apply changes
sleep 15
+ # workaround for https://github.com/systemd/systemd/issues/13432
+ systemctl restart systemd-resolved
}
function install_frr {
diff --git a/de/heat-templates/scripts/launch.sh b/de/heat-templates/scripts/launch.sh
index 21bd205..0b859c9 100644
--- a/de/heat-templates/scripts/launch.sh
+++ b/de/heat-templates/scripts/launch.sh
@@ -140,7 +140,6 @@
install_kubectl
configure_ntp
configure_atop
- workaround_default_forward_policy
if [[ "${KUBERNETES_INSTALLER}" == "ucp" ]]; then
install_docker
swarm_init
@@ -187,7 +186,6 @@
install_kubectl
configure_ntp
configure_atop
- workaround_default_forward_policy
if [[ "${KUBERNETES_INSTALLER}" == "ucp" ]]; then
install_docker
cache_images
@@ -227,7 +225,6 @@
enable_iscsi
configure_ntp
configure_atop
- workaround_default_forward_policy
if [[ "${KUBERNETES_INSTALLER}" == "ucp" ]]; then
install_docker
cache_images
@@ -269,7 +266,6 @@
cache_images
download_bundles
fi
- workaround_default_forward_policy
configure_contrack
disable_iptables_for_bridges
install_frr
diff --git a/de/heat-templates/top.yaml b/de/heat-templates/top.yaml
index 78159b5..bd628e2 100644
--- a/de/heat-templates/top.yaml
+++ b/de/heat-templates/top.yaml
@@ -112,6 +112,9 @@
storage_frontend_network_cidr:
type: string
default: '10.12.0.0/24'
+ storage_frontend_network_gateway:
+ type: string
+ default: '10.12.0.1/24'
storage_frontend_interface:
type: string
default: 'ens5'
@@ -413,6 +416,9 @@
k0s_version:
type: string
default: ''
+ external_k8s_service_network_cidr:
+ type: string
+ default: '10.172.1.0/24'
conditions:
aio_deploy:
@@ -453,17 +459,6 @@
name: { get_attr: [keypair_name, value] }
public_key: { get_param: cluster_public_key }
save_private_key: false
- accessible_network:
- type: MCP2::NetworkAcc
- properties:
- public_net_id: { get_param: public_net_id }
- control_network_cidr: { get_param: control_network_cidr }
- dns_nameservers: { get_param: dns_nameservers }
- control_network_host_routes: { get_param: control_network_host_routes }
- tungstenfabric_enabled: { get_param: tungstenfabric_enabled }
- vsrx_enabled: { get_param: vsrx_enabled }
- control_network_ext_router_ip: { get_param: control_network_ext_router_ip }
- private_floating_network_cidr: { get_param: private_floating_network_cidr }
tun_network:
type: MCP2::NetworkTun
@@ -480,6 +475,33 @@
private_floating_network_ipam_pool_start: { get_param: private_floating_network_ipam_pool_start }
private_floating_network_ipam_pool_end: { get_param: private_floating_network_ipam_pool_end }
+ storage_network:
+ type: MCP2::NetworkAccStorage
+ properties:
+ storage_frontend_network_cidr: { get_param: storage_frontend_network_cidr }
+ storage_backend_network_cidr: { get_param: storage_backend_network_cidr }
+
+ accessible_network:
+ depends_on:
+ - private_floating_network
+ - storage_network
+ type: MCP2::NetworkAcc
+ properties:
+ public_net_id: { get_param: public_net_id }
+ control_network_cidr: { get_param: control_network_cidr }
+ dns_nameservers: { get_param: dns_nameservers }
+ control_network_host_routes: { get_param: control_network_host_routes }
+ tungstenfabric_enabled: { get_param: tungstenfabric_enabled }
+ vsrx_enabled: { get_param: vsrx_enabled }
+ control_network_ext_router_ip: { get_param: control_network_ext_router_ip }
+ private_floating_network: {get_attr: [private_floating_network, private_floating_network_id]}
+ private_floating_network_cidr: { get_param: private_floating_network_cidr }
+ private_floating_network_gateway: { get_param: private_floating_network_gateway }
+ private_floating_subnet: {get_attr: [private_floating_network, private_floating_subnet_id]}
+ storage_frontend_network: {get_attr: [storage_network, storage_frontend_network_id]}
+ storage_frontend_network_gateway: { get_param: storage_frontend_network_gateway }
+ storage_frontend_subnet: {get_attr: [storage_network, storage_frontend_subnet_id]}
+
vmx:
depends_on:
- private_floating_network
@@ -527,12 +549,6 @@
vsrx_flavor: { get_param: vsrx_flavor }
public_net_id: { get_param: public_net_id }
- storage_network:
- type: MCP2::NetworkAccStorage
- properties:
- storage_frontend_network_cidr: { get_param: storage_frontend_network_cidr }
- storage_backend_network_cidr: { get_param: storage_backend_network_cidr }
-
ironic_baremetal_network:
type: MCP2::NetworkIronicFlat
properties:
@@ -544,7 +560,6 @@
ucp:
depends_on:
- accessible_network
- - storage_network
type: MCP2::SrvInstances
properties:
metadata: { get_param: ucp_metadata}
@@ -1126,6 +1141,16 @@
kubectl_version: { get_param: kubectl_version }
devops_utils_refspec: { get_param: devops_utils_refspec }
+ k8s_external_service_route:
+ type: OS::Neutron::ExtraRoute
+ depends_on:
+ - tsrvs
+ condition: { not: aio_deploy }
+ properties:
+ destination: { get_param: external_k8s_service_network_cidr }
+ nexthop: { get_attr: [tsrvs, resource.0, server_private_ip ] }
+ router_id: { get_attr: [accessible_network, accessible_router] }
+
outputs:
ucp_ips:
description: Private IP addresses of the deployed ucp instances