From 0c2a35ed6a87db31c75b250311bb13c3f7bda9c4 Mon Sep 17 00:00:00 2001
From: Maksim Malchuk <maksim.malchuk@gmail.com>
Date: Wed, 6 Oct 2021 16:45:18 +0300
Subject: [PATCH] Set correct gateway for the bifrost provision network

In the production sometimes the provision and other networks should be
separated and all have each own different gateways, so this change adds
the correct way to configure bifrost with gateway used only to configure
dnsmasq and solves the issue with several default routes on the bifrost
host when kolla_bifrost_dnsmasq_router needs to configure.

Change-Id: I2078da3ab3898c847b3c17054f429d74eb79aa37
Signed-off-by: Maksim Malchuk <maksim.malchuk@gmail.com>
---
 ansible/kolla-bifrost.yml                                | 2 +-
 .../bifrost-inspection-gateway-316ab384430ef8df.yaml     | 9 +++++++++
 2 files changed, 10 insertions(+), 1 deletion(-)
 create mode 100644 releasenotes/notes/bifrost-inspection-gateway-316ab384430ef8df.yaml

diff --git a/ansible/kolla-bifrost.yml b/ansible/kolla-bifrost.yml
index 63e8dca0..4a29eeb2 100644
--- a/ansible/kolla-bifrost.yml
+++ b/ansible/kolla-bifrost.yml
@@ -26,7 +26,7 @@
       # Network configuration.
       kolla_bifrost_dhcp_pool_start: "{{ provision_oc_net_name | net_inspection_allocation_pool_start }}"
       kolla_bifrost_dhcp_pool_end: "{{ provision_oc_net_name | net_inspection_allocation_pool_end }}"
-      kolla_bifrost_dnsmasq_router: "{{ provision_oc_net_name | net_gateway }}"
+      kolla_bifrost_dnsmasq_router: "{{ provision_oc_net_name | net_inspection_gateway or provision_oc_net_name | net_gateway }}"
       kolla_bifrost_dnsmasq_dns_servers: "{{ resolv_nameservers | default([]) }}"
       kolla_bifrost_domain: "{{ resolv_domain | default }}"
       kolla_bifrost_download_ipa: "{{ not ipa_build_images | bool }}"
diff --git a/releasenotes/notes/bifrost-inspection-gateway-316ab384430ef8df.yaml b/releasenotes/notes/bifrost-inspection-gateway-316ab384430ef8df.yaml
new file mode 100644
index 00000000..bc778497
--- /dev/null
+++ b/releasenotes/notes/bifrost-inspection-gateway-316ab384430ef8df.yaml
@@ -0,0 +1,9 @@
+---
+fixes:
+  - |
+    In production environments, the provision network may be separated from the
+    other networks, so in this case, if you want Bifrost's DHCP service provides
+    the correct gateway for the clients the ``inspection_gateway`` should be
+    used instead of the ``gateway`` attribute for the provision network. This
+    also avoids configuring the multiple IP gateways on a single host which
+    leads to unpredictable results.
-- 
GitLab