diff --git a/sysinv/sysinv/sysinv/sysinv/api/controllers/v1/address_pool.py b/sysinv/sysinv/sysinv/sysinv/api/controllers/v1/address_pool.py index d60e8f03aa..e4bf245f78 100644 --- a/sysinv/sysinv/sysinv/sysinv/api/controllers/v1/address_pool.py +++ b/sysinv/sysinv/sysinv/sysinv/api/controllers/v1/address_pool.py @@ -716,13 +716,6 @@ class AddressPoolController(rest.RestController): # The admin address pool can be deleted at runtime admin_network_reconfig = True - if (admin_network_reconfig): - # At runtime, remove the NAT rule that enables worker, storage - # nodes to communicate with the system controller. We must do - # this before deleting the address pool and addresses to obtain - # information about the current admin floating IP and interface. - pecan.request.rpcapi.remove_admin_firewall_config(pecan.request.context) - addresses = pecan.request.dbapi.addresses_get_by_pool( addrpool.id) if addresses: diff --git a/sysinv/sysinv/sysinv/sysinv/api/controllers/v1/interface_network.py b/sysinv/sysinv/sysinv/sysinv/api/controllers/v1/interface_network.py index ba504cbb3c..846d015512 100644 --- a/sysinv/sysinv/sysinv/sysinv/api/controllers/v1/interface_network.py +++ b/sysinv/sysinv/sysinv/sysinv/api/controllers/v1/interface_network.py @@ -206,11 +206,11 @@ class InterfaceNetworkController(rest.RestController): ethernet_port_mac = tmp_interface['imac'] _update_host_mgmt_mac(host, ethernet_port_mac) cutils.perform_distributed_cloud_config(pecan.request.dbapi, - interface_id) + interface_id, host) elif network_type == constants.NETWORK_TYPE_ADMIN: pecan.request.rpcapi.update_admin_config(pecan.request.context, host) cutils.perform_distributed_cloud_config(pecan.request.dbapi, - interface_id) + interface_id, host) elif network_type == constants.NETWORK_TYPE_OAM: pecan.request.rpcapi.initialize_oam_config(pecan.request.context, host) diff --git a/sysinv/sysinv/sysinv/sysinv/api/controllers/v1/network.py b/sysinv/sysinv/sysinv/sysinv/api/controllers/v1/network.py index 758be558c8..b4571bfab3 100644 --- a/sysinv/sysinv/sysinv/sysinv/api/controllers/v1/network.py +++ b/sysinv/sysinv/sysinv/sysinv/api/controllers/v1/network.py @@ -298,6 +298,8 @@ class NetworkController(rest.RestController): if type == constants.NETWORK_TYPE_SYSTEM_CONTROLLER: pecan.request.rpcapi.update_ldap_client_config( pecan.request.context) + pecan.request.rpcapi.update_ldap_nat_config( + pecan.request.context) elif type == constants.NETWORK_TYPE_SYSTEM_CONTROLLER_OAM: pecan.request.rpcapi.update_dnsmasq_config( pecan.request.context) diff --git a/sysinv/sysinv/sysinv/sysinv/common/utils.py b/sysinv/sysinv/sysinv/sysinv/common/utils.py index 873f4192f7..2816bda12f 100644 --- a/sysinv/sysinv/sysinv/sysinv/common/utils.py +++ b/sysinv/sysinv/sysinv/sysinv/common/utils.py @@ -1739,7 +1739,7 @@ def is_partition_the_last(dbapi, partition): return True -def perform_distributed_cloud_config(dbapi, mgmt_iface_id): +def perform_distributed_cloud_config(dbapi, mgmt_iface_id, host): """ Check if we are running in distributed cloud mode and perform any necessary configuration. @@ -1796,8 +1796,9 @@ def perform_distributed_cloud_config(dbapi, mgmt_iface_id): (new_route['network'], new_route['prefix'], new_route['gateway'], mgmt_iface_id)) - elif system.distributed_cloud_role == \ - constants.DISTRIBUTED_CLOUD_ROLE_SUBCLOUD: + elif (system.distributed_cloud_role == + constants.DISTRIBUTED_CLOUD_ROLE_SUBCLOUD and + host['personality'] == constants.CONTROLLER): # Add the route back to the system controller. # Assumption is we do not have to do any error checking # for local & reachable gateway etc, as config_subcloud diff --git a/sysinv/sysinv/sysinv/sysinv/conductor/manager.py b/sysinv/sysinv/sysinv/sysinv/conductor/manager.py index 17d6994b43..9b4833b0ff 100644 --- a/sysinv/sysinv/sysinv/sysinv/conductor/manager.py +++ b/sysinv/sysinv/sysinv/sysinv/conductor/manager.py @@ -3686,7 +3686,8 @@ class ConductorManager(service.PeriodicService): # Do any potential distributed cloud config # We do this here where the interface is created. cutils.perform_distributed_cloud_config(self.dbapi, - new_interface['id']) + new_interface['id'], + ihost) if port: values = {'interface_id': port.interface_id} try: @@ -9639,17 +9640,6 @@ class ConductorManager(service.PeriodicService): config_uuid, config_dict) - def remove_admin_firewall_config(self, context): - """ Remove the platform firewall rules associated with the admin network """ - personalities = [constants.CONTROLLER] - config_uuid = self._config_update_hosts(context, - personalities) - config_dict = { - "personalities": personalities, - "classes": ['platform::firewall::nat::admin::remove'] - } - self._config_apply_runtime_manifest(context, config_uuid, config_dict) - def update_admin_config(self, context, host, disable=False): """Update the admin network configuration""" @@ -9680,8 +9670,7 @@ class ConductorManager(service.PeriodicService): 'platform::sm::enable_admin_config::runtime', 'platform::haproxy::runtime', 'openstack::keystone::endpoint::runtime', - 'platform::firewall::runtime', - 'platform::firewall::nat::admin::runtime'] + 'platform::firewall::runtime'] } self._config_apply_runtime_manifest(context, config_uuid, config_dict) @@ -14737,7 +14726,9 @@ class ConductorManager(service.PeriodicService): def update_ldap_client_config(self, context): """Update the LDAP client configuration""" - personalities = [constants.CONTROLLER] + personalities = [constants.CONTROLLER, + constants.WORKER, + constants.STORAGE] config_uuid = self._config_update_hosts(context, personalities) config_dict = { "personalities": personalities, @@ -14746,6 +14737,16 @@ class ConductorManager(service.PeriodicService): } self._config_apply_runtime_manifest(context, config_uuid, config_dict) + def update_ldap_nat_config(self, context): + """Update the LDAP NAT configuration""" + personalities = [constants.CONTROLLER] + config_uuid = self._config_update_hosts(context, personalities) + config_dict = { + "personalities": personalities, + "classes": ['platform::firewall::dc::nat::ldap::runtime'] + } + self._config_apply_runtime_manifest(context, config_uuid, config_dict) + def get_controllerfs_lv_sizes(self, context): system = self.dbapi.isystem_get_one() system_dc_role = system.get('distributed_cloud_role', None) diff --git a/sysinv/sysinv/sysinv/sysinv/conductor/rpcapi.py b/sysinv/sysinv/sysinv/sysinv/conductor/rpcapi.py index 9c737d3a5a..853af46176 100644 --- a/sysinv/sysinv/sysinv/sysinv/conductor/rpcapi.py +++ b/sysinv/sysinv/sysinv/sysinv/conductor/rpcapi.py @@ -828,15 +828,6 @@ class ConductorAPI(sysinv.openstack.common.rpc.proxy.RpcProxy): host=host, disable=disable)) - def remove_admin_firewall_config(self, context): - """Synchronously, have the conductor remove the admin firewall - configuration. - - :param context: request context. - """ - return self.call(context, self.make_msg( - 'remove_admin_firewall_config')) - def set_mgmt_network_reconfig_flag(self, context): """Synchronously, have the conductor update the mgmt network reconfig flag. :param context: request context. @@ -2170,6 +2161,17 @@ class ConductorAPI(sysinv.openstack.common.rpc.proxy.RpcProxy): return self.call(context, self.make_msg('update_ldap_client_config')) + def update_ldap_nat_config(self, context): + """Synchronously, have a conductor configure LDAP NAT configureation + + Does the following tasks: + - Update puppet hiera configuration file and apply run time manifest. + + :param context: request context. + """ + return self.call(context, + self.make_msg('update_ldap_nat_config')) + def update_dnsmasq_config(self, context): """Synchronously, have a conductor configure the DNS configuration diff --git a/sysinv/sysinv/sysinv/sysinv/tests/api/test_network.py b/sysinv/sysinv/sysinv/sysinv/tests/api/test_network.py index 21ddbefb75..ee73f0a5d6 100644 --- a/sysinv/sysinv/sysinv/sysinv/tests/api/test_network.py +++ b/sysinv/sysinv/sysinv/sysinv/tests/api/test_network.py @@ -223,15 +223,21 @@ class TestPostMixin(NetworkTestCase): update_ldap_client_config = "sysinv.conductor.rpcapi." \ "ConductorAPI." \ "update_ldap_client_config" + update_ldap_nat_config = "sysinv.conductor.rpcapi." \ + "ConductorAPI." \ + "update_ldap_nat_config" with mock.patch('sysinv.common.utils.is_initial_config_complete', lambda: True), \ mock.patch(update_ldap_client_config, - m.update_ldap_client_config): + m.update_ldap_client_config), \ + mock.patch(update_ldap_nat_config, + m.update_ldap_nat_config): self._test_create_network_success( 'system-controller', constants.NETWORK_TYPE_SYSTEM_CONTROLLER, self.system_controller_subnet) m.update_ldap_client_config.assert_called_once() + m.update_ldap_nat_config.assert_called_once() def test_create_success_pxeboot(self): self._test_create_network_success( diff --git a/sysinv/sysinv/sysinv/sysinv/tests/conductor/test_manager.py b/sysinv/sysinv/sysinv/sysinv/tests/conductor/test_manager.py index 6bf7b6971e..cbe8ded963 100644 --- a/sysinv/sysinv/sysinv/sysinv/tests/conductor/test_manager.py +++ b/sysinv/sysinv/sysinv/sysinv/tests/conductor/test_manager.py @@ -5122,7 +5122,9 @@ class ManagerTestCase(base.DbTestCase): p2.start() self.addCleanup(p2.stop) self.service.update_ldap_client_config(self.context) - personalities = [constants.CONTROLLER] + personalities = [constants.CONTROLLER, + constants.WORKER, + constants.STORAGE] config_dict = { "personalities": personalities, "classes": ['platform::ldap::client::runtime', diff --git a/sysinv/sysinv/sysinv/sysinv/tests/conductor/test_rpcapi.py b/sysinv/sysinv/sysinv/sysinv/tests/conductor/test_rpcapi.py index ced9e1888f..ac71780ae4 100644 --- a/sysinv/sysinv/sysinv/sysinv/tests/conductor/test_rpcapi.py +++ b/sysinv/sysinv/sysinv/sysinv/tests/conductor/test_rpcapi.py @@ -100,6 +100,9 @@ class RPCAPITestCase(base.DbTestCase): def test_update_ldap_client_config(self): self._test_rpcapi('update_ldap_client_config', 'call') + def test_update_ldap_nat_config(self): + self._test_rpcapi('update_ldap_nat_config', 'call') + def test_update_dnsmasq_config(self): self._test_rpcapi('update_dnsmasq_config', 'call')