From 0c2a35ed6a87db31c75b250311bb13c3f7bda9c4 Mon Sep 17 00:00:00 2001 From: Maksim Malchuk Date: Wed, 6 Oct 2021 16:45:18 +0300 Subject: [PATCH] Set correct gateway for the bifrost provision network In the production sometimes the provision and other networks should be separated and all have each own different gateways, so this change adds the correct way to configure bifrost with gateway used only to configure dnsmasq and solves the issue with several default routes on the bifrost host when kolla_bifrost_dnsmasq_router needs to configure. Change-Id: I2078da3ab3898c847b3c17054f429d74eb79aa37 Signed-off-by: Maksim Malchuk --- ansible/kolla-bifrost.yml | 2 +- .../bifrost-inspection-gateway-316ab384430ef8df.yaml | 9 +++++++++ 2 files changed, 10 insertions(+), 1 deletion(-) create mode 100644 releasenotes/notes/bifrost-inspection-gateway-316ab384430ef8df.yaml diff --git a/ansible/kolla-bifrost.yml b/ansible/kolla-bifrost.yml index 63e8dca0c..4a29eeb25 100644 --- a/ansible/kolla-bifrost.yml +++ b/ansible/kolla-bifrost.yml @@ -26,7 +26,7 @@ # Network configuration. kolla_bifrost_dhcp_pool_start: "{{ provision_oc_net_name | net_inspection_allocation_pool_start }}" kolla_bifrost_dhcp_pool_end: "{{ provision_oc_net_name | net_inspection_allocation_pool_end }}" - kolla_bifrost_dnsmasq_router: "{{ provision_oc_net_name | net_gateway }}" + kolla_bifrost_dnsmasq_router: "{{ provision_oc_net_name | net_inspection_gateway or provision_oc_net_name | net_gateway }}" kolla_bifrost_dnsmasq_dns_servers: "{{ resolv_nameservers | default([]) }}" kolla_bifrost_domain: "{{ resolv_domain | default }}" kolla_bifrost_download_ipa: "{{ not ipa_build_images | bool }}" diff --git a/releasenotes/notes/bifrost-inspection-gateway-316ab384430ef8df.yaml b/releasenotes/notes/bifrost-inspection-gateway-316ab384430ef8df.yaml new file mode 100644 index 000000000..bc778497c --- /dev/null +++ b/releasenotes/notes/bifrost-inspection-gateway-316ab384430ef8df.yaml @@ -0,0 +1,9 @@ +--- +fixes: + - | + In production environments, the provision network may be separated from the + other networks, so in this case, if you want Bifrost's DHCP service provides + the correct gateway for the clients the ``inspection_gateway`` should be + used instead of the ``gateway`` attribute for the provision network. This + also avoids configuring the multiple IP gateways on a single host which + leads to unpredictable results.