From f2bddf8acd6f2d702209b1dda74e93afd6b78ff3 Mon Sep 17 00:00:00 2001 From: Dan Radez Date: Wed, 4 Nov 2015 16:13:02 -0500 Subject: adding basic network isolation - separating external traffic from internal traffic JIRA: APEX-41 Change-Id: Idcd01a514083c53a3133a75d3bcabf824a7a4377 --- build/network-environment.yaml | 39 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) create mode 100644 build/network-environment.yaml (limited to 'build/network-environment.yaml') diff --git a/build/network-environment.yaml b/build/network-environment.yaml new file mode 100644 index 00000000..a3d56025 --- /dev/null +++ b/build/network-environment.yaml @@ -0,0 +1,39 @@ +# Enable the creation of Neutron networks for isolated Overcloud +# traffic and configure each role to assign ports (related +# to that role) on these networks. +resource_registry: + OS::TripleO::Network::External: /usr/share/openstack-tripleo-heat-templates/network/external.yaml + OS::TripleO::Network::InternalApi: /usr/share/openstack-tripleo-heat-templates/network/noop.yaml + OS::TripleO::Network::StorageMgmt: /usr/share/openstack-tripleo-heat-templates/network/noop.yaml + OS::TripleO::Network::Storage: /usr/share/openstack-tripleo-heat-templates/network/noop.yaml + OS::TripleO::Network::Tenant: /usr/share/openstack-tripleo-heat-templates/network/noop.yaml + + # Port assignments for the controller role + OS::TripleO::Controller::Ports::ExternalPort: /usr/share/openstack-tripleo-heat-templates/network/ports/external.yaml + OS::TripleO::Controller::Ports::InternalApiPort: /usr/share/openstack-tripleo-heat-templates/network/ports/noop.yaml + OS::TripleO::Controller::Ports::StoragePort: /usr/share/openstack-tripleo-heat-templates/network/ports/noop.yaml + OS::TripleO::Controller::Ports::StorageMgmtPort: /usr/share/openstack-tripleo-heat-templates/network/ports/noop.yaml + OS::TripleO::Controller::Ports::TenantPort: /usr/share/openstack-tripleo-heat-templates/network/ports/noop.yaml + + # Port assignments for the compute role + OS::TripleO::Compute::Ports::InternalApiPort: /usr/share/openstack-tripleo-heat-templates/network/ports/noop.yaml + OS::TripleO::Compute::Ports::StoragePort: /usr/share/openstack-tripleo-heat-templates/network/ports/noop.yaml + OS::TripleO::Compute::Ports::TenantPort: /usr/share/openstack-tripleo-heat-templates/network/ports/noop.yaml + + # Port assignments for service virtual IPs for the controller role + OS::TripleO::Controller::Ports::RedisVipPort: /usr/share/openstack-tripleo-heat-templates/network/ports/noop.yaml + + # NIC assignments + OS::TripleO::Compute::Net::SoftwareConfig: nics/compute.yaml + OS::TripleO::Controller::Net::SoftwareConfig: nics/controller.yaml + + +parameter_defaults: + NeutronExternalNetworkBridge: "''" + ControlPlaneSubnetCidr: "24" + ControlPlaneDefaultRoute: 192.0.2.1 + ExternalNetCidr: 192.168.37.0/24 + ExternalAllocationPools: [{'start': '192.168.37.50', 'end': '192.168.37.99'}] + ExternalInterfaceDefaultRoute: 192.168.37.1 + EC2MetadataIp: 192.0.2.1 + DnsServers: ["8.8.8.8","8.8.4.4"] -- cgit 1.2.3-korg