1 files changed, 51 insertions, 3 deletions

diff --git a/network/ports/net_ip_list_map.yaml b/network/ports/net_ip_list_map.yaml
index 07e2de4c..d7863e02 100644
--- a/network/ports/net_ip_list_map.yaml
+++ b/network/ports/net_ip_list_map.yaml
@@ -31,6 +31,32 @@ parameters:
   ServiceHostnameList:
     default: []
     type: comma_delimited_list
+  NetworkHostnameMap:
+    default: []
+    type: json
+
+resources:
+   # This adds the extra "services" on for keystone
+   # so that keystone_admin_api_network and
+   # keystone_public_api_network point to the correct
+   # network on the nodes running the "keystone" service
+  EnabledServicesValue:
+    type: OS::Heat::Value
+    properties:
+      type: comma_delimited_list
+      value:
+        yaql:
+          expression: let(root => $) -> $.data.extra_services.items().where($[0] in $root.data.enabled_services).select($[1]).flatten() + $root.data.enabled_services
+          data:
+            enabled_services: {get_param: EnabledServices}
+            extra_services:
+              # If anything other than keystone needs this
+              # then we should add an extra_networks interface
+              # to the service templates role_data but for
+              # now we hard-code the keystone special case
+              keystone:
+                - keystone_admin_api
+                - keystone_public_api
 
 outputs:
   net_ip_map:
@@ -64,7 +90,7 @@ outputs:
                         template:
                           SERVICE_node_ips: SERVICE_network
                         for_each:
-                          SERVICE: {get_param: EnabledServices}
+                          SERVICE: {get_attr: [EnabledServicesValue, value]}
                   - values: {get_param: ServiceNetMap}
               - values:
                   ctlplane: {get_param: ControlPlaneIpList}
@@ -78,6 +104,28 @@ outputs:
     description: >
       Map of enabled services to a list of hostnames where they're running
     value:
+      map_replace:
+        - yaql:
+            # This filters any entries where the value hasn't been substituted for
+            # a list, e.g it's still $service_network.  This happens when there is
+            # no network defined for the service in the ServiceNetMap, which is OK
+            # as not all services have to be bound to a network, so we filter them
+            expression: dict($.data.map.items().where(not $[1].endsWith("_network")))
+            data:
+              map:
+                map_replace:
+                  - map_merge:
+                      repeat:
+                        template:
+                          SERVICE_node_names: SERVICE_network
+                        for_each:
+                          SERVICE: {get_attr: [EnabledServicesValue, value]}
+                  - values: {get_param: ServiceNetMap}
+        - values: {get_param: NetworkHostnameMap}
+  short_service_hostnames:
+    description: >
+      Map of enabled services to a list of hostnames where they're running regardless of the network
+    value:
       yaql:
         # If ServiceHostnameList is empty the role is deployed with zero nodes
         # therefore we don't want to add any *_node_names to the map
@@ -87,6 +135,6 @@ outputs:
             map_merge:
               repeat:
                 template:
-                  SERVICE_node_names: {get_param: ServiceHostnameList}
+                  SERVICE_short_node_names: {get_param: ServiceHostnameList}
                 for_each:
-                    SERVICE: {get_param: EnabledServices}
+                    SERVICE: {get_attr: [EnabledServicesValue, value]}