From 1d9e8fc976b1a9cf4c78226e25c768d90df2bb1f Mon Sep 17 00:00:00 2001
From: Mark Goddard <mark@stackhpc.com>
Date: Wed, 23 Aug 2017 18:12:41 +0000
Subject: [PATCH] Separate the external network into external and public

Previously, the external network carried both public API traffic and
neutron external network traffic. In some cases is it useful to separate
these networks. The public network now carries the public API traffic,
leaving the external network to carry neutron external network traffic
alone. For backwards compatibility, the public network defaults to the
external network.
---
 ansible/docker.yml                 |  2 +-
 ansible/group_vars/all/controllers |  1 +
 ansible/group_vars/all/monitoring  |  2 +-
 ansible/group_vars/all/network     |  3 +++
 ansible/kolla-ansible.yml          | 10 +++++-----
 ansible/public-openrc.yml          |  8 ++++----
 dev/dev-vagrant.yml                |  1 +
 doc/source/architecture.rst        |  6 ++++--
 doc/source/configuration.rst       |  6 ++++--
 etc/kayobe/networks.yml            |  3 +++
 tools/configure-kayobe.sh          |  1 +
 11 files changed, 28 insertions(+), 15 deletions(-)

diff --git a/ansible/docker.yml b/ansible/docker.yml
index 567c788f7..e01fb8f64 100644
--- a/ansible/docker.yml
+++ b/ansible/docker.yml
@@ -3,4 +3,4 @@
   hosts: docker
   roles:
     - role: docker
-      docker_daemon_mtu: "{{ external_net_name | net_mtu | default }}"
+      docker_daemon_mtu: "{{ public_net_name | net_mtu | default }}"
diff --git a/ansible/group_vars/all/controllers b/ansible/group_vars/all/controllers
index 4cb87c28b..d9400e67a 100644
--- a/ansible/group_vars/all/controllers
+++ b/ansible/group_vars/all/controllers
@@ -15,6 +15,7 @@ controller_default_network_interfaces: >
       oob_wl_net_name,
       provision_wl_net_name,
       internal_net_name,
+      public_net_name,
       external_net_name,
       storage_net_name,
       storage_mgmt_net_name] | unique | list }}
diff --git a/ansible/group_vars/all/monitoring b/ansible/group_vars/all/monitoring
index 447259249..5a830c0ec 100644
--- a/ansible/group_vars/all/monitoring
+++ b/ansible/group_vars/all/monitoring
@@ -13,7 +13,7 @@ monitoring_bootstrap_user: "{{ controller_bootstrap_user }}"
 monitoring_default_network_interfaces: >
   {{ [provision_oc_net_name,
       internal_net_name,
-      external_net_name] | unique | list }}
+      public_net_name] | unique | list }}
 
 # List of extra networks to which monitoring nodes are attached.
 monitoring_extra_network_interfaces: []
diff --git a/ansible/group_vars/all/network b/ansible/group_vars/all/network
index ef2783540..c90bf29e4 100644
--- a/ansible/group_vars/all/network
+++ b/ansible/group_vars/all/network
@@ -25,6 +25,9 @@ internal_net_name: 'internal_net'
 # to provide external network access via Neutron.
 external_net_name: 'external_net'
 
+# Name of the network used to expose the public OpenStack API endpoints.
+public_net_name: "{{ external_net_name }}"
+
 # Name of the network used to carry storage data traffic.
 storage_net_name: 'storage_net'
 
diff --git a/ansible/kolla-ansible.yml b/ansible/kolla-ansible.yml
index f7d0cc51e..51895c2cb 100644
--- a/ansible/kolla-ansible.yml
+++ b/ansible/kolla-ansible.yml
@@ -33,23 +33,23 @@
           set_fact:
             kolla_internal_vip_address: "{{ internal_net_name | net_vip_address }}"
             kolla_internal_fqdn: "{{ internal_net_name | net_fqdn or internal_net_name | net_vip_address }}"
-            kolla_external_vip_address: "{{ external_net_name | net_vip_address }}"
-            kolla_external_fqdn: "{{ external_net_name | net_fqdn or external_net_name | net_vip_address }}"
+            kolla_external_vip_address: "{{ public_net_name | net_vip_address }}"
+            kolla_external_fqdn: "{{ public_net_name | net_fqdn or public_net_name | net_vip_address }}"
           when: "{{ kolla_enable_haproxy | bool }}"
 
         - name: Set facts containing the VIP addresses and FQDNs
           set_fact:
             kolla_internal_vip_address: "{{ internal_net_name | net_ip(controller_host) }}"
             kolla_internal_fqdn: "{{ internal_net_name | net_ip(controller_host) }}"
-            kolla_external_vip_address: "{{ external_net_name | net_ip(controller_host) }}"
-            kolla_external_fqdn: "{{ external_net_name | net_ip(controller_host) }}"
+            kolla_external_vip_address: "{{ public_net_name | net_ip(controller_host) }}"
+            kolla_external_fqdn: "{{ public_net_name | net_ip(controller_host) }}"
           when:
             - "{{ not kolla_enable_haproxy | bool }}"
 
         - name: Set facts containing the controller network interfaces
           set_fact:
             kolla_network_interface: "{{ internal_net_name | net_interface(controller_host) | replace('-', '_') }}"
-            kolla_external_vip_interface: "{{ external_net_name | net_interface(controller_host) | replace('-', '_') }}"
+            kolla_external_vip_interface: "{{ public_net_name | net_interface(controller_host) | replace('-', '_') }}"
             kolla_api_interface: "{{ internal_net_name | net_interface(controller_host) | replace('-', '_') }}"
             kolla_storage_interface: "{{ storage_net_name | net_interface(controller_host) | replace('-', '_') }}"
             kolla_cluster_interface: "{{ storage_mgmt_net_name | net_interface(controller_host) | replace('-', '_') }}"
diff --git a/ansible/public-openrc.yml b/ansible/public-openrc.yml
index 41285da88..6934a1810 100644
--- a/ansible/public-openrc.yml
+++ b/ansible/public-openrc.yml
@@ -5,10 +5,10 @@
 - name: Ensure a public OpenStack API environment file exists
   hosts: config-mgmt
   vars:
-    external_api_proto: "{% if kolla_enable_tls_external | bool %}https{% else %}http{% endif %}"
-    external_api_vip_address: "{{ external_net_name | net_vip_address }}"
-    external_api_keystone_port: 5000
+    public_api_proto: "{% if kolla_enable_tls_external | bool %}https{% else %}http{% endif %}"
+    public_api_vip_address: "{{ public_net_name | net_vip_address }}"
+    public_api_keystone_port: 5000
   roles:
     - role: public-openrc
       public_openrc_kolla_config_path: "{{ kolla_config_path }}"
-      public_openrc_auth_url: "{{ external_api_proto }}://{{ external_api_vip_address }}:{{ external_api_keystone_port }}"
+      public_openrc_auth_url: "{{ public_api_proto }}://{{ public_api_vip_address }}:{{ public_api_keystone_port }}"
diff --git a/dev/dev-vagrant.yml b/dev/dev-vagrant.yml
index 5db95335d..95b9783ec 100644
--- a/dev/dev-vagrant.yml
+++ b/dev/dev-vagrant.yml
@@ -44,6 +44,7 @@ provision_oc_net_name: aio
 oob_wl_net_name: aio
 provision_wl_net_name: aio
 internal_net_name: aio
+public_net_name: aio
 external_net_name: aio
 storage_net_name: aio
 storage_mgmt_net_name: aio
diff --git a/doc/source/architecture.rst b/doc/source/architecture.rst
index 3f33b430a..817ab434e 100644
--- a/doc/source/architecture.rst
+++ b/doc/source/architecture.rst
@@ -49,6 +49,8 @@ Workload provisioning network
     the bare metal compute hosts.
 Internal network
     The internal network hosts the internal and admin OpenStack API endpoints.
+Public network
+    The public network hosts the public OpenStack API endpoints.
 External network
-    The external network hosts the public OpenStack API endpoints and provides
-    external network access for the hosts in the system.
+    The external network provides external network access for the hosts in the
+    system.
diff --git a/doc/source/configuration.rst b/doc/source/configuration.rst
index 246bfddcb..7db44316d 100644
--- a/doc/source/configuration.rst
+++ b/doc/source/configuration.rst
@@ -197,9 +197,10 @@ perform multiple roles, or even none at all.  The available roles are:
     workload hosts.
 ``internal_net_name``
     Name of the network used to expose the internal OpenStack API endpoints.
+``public_net_name``
+    Name of the network used to expose the public OpenStack API endpoints.
 ``external_net_name``
-    Name of the network used to expose the external OpenStack API endpoints and
-    to provide external network access via Neutron.
+    Name of the network used to provide external network access via Neutron.
 ``storage_net_name``
     Name of the network used to carry storage data traffic.
 ``storage_mgmt_net_name``
@@ -262,6 +263,7 @@ We could describe such a network as follows:
    provision_oc_net_name: management
    provision_wl_net_name: cloud
    internal_net_name: cloud
+   public_net_name: external
    external_net_name: external
    storage_net_name: cloud
    storage_mgmt_net_name: cloud
diff --git a/etc/kayobe/networks.yml b/etc/kayobe/networks.yml
index 4a03e6354..0d43d5ec0 100644
--- a/etc/kayobe/networks.yml
+++ b/etc/kayobe/networks.yml
@@ -27,6 +27,9 @@
 # to provide external network access via Neutron.
 #external_net_name:
 
+# Name of the network used to expose the public OpenStack API endpoints.
+#public_net_name:
+
 # Name of the network used to carry storage data traffic.
 #storage_net_name:
 
diff --git a/tools/configure-kayobe.sh b/tools/configure-kayobe.sh
index c11090943..4ba068f91 100755
--- a/tools/configure-kayobe.sh
+++ b/tools/configure-kayobe.sh
@@ -28,6 +28,7 @@ EOF
 provision_oc_net_name: 'the_net'
 provision_wl_net_name: 'the_net'
 internal_net_name: 'the_net'
+public_net_name: 'the_net'
 external_net_name: 'the_net'
 storage_net_name: 'the_net'
 storage_mgmt_net_name: 'the_net'