[mas01] Fix iptables pillar compatibility format

[fuel.git] / mcp / reclass / classes / cluster / all-mcp-arch-common / infra / maas.yml.j2

diff --git a/mcp/reclass/classes/cluster/all-mcp-arch-common/infra/maas.yml.j2 b/mcp/reclass/classes/cluster/all-mcp-arch-common/infra/maas.yml.j2
index e16453e..4b11478 100644 (file)
--- a/mcp/reclass/classes/cluster/all-mcp-arch-common/infra/maas.yml.j2
+++ b/mcp/reclass/classes/cluster/all-mcp-arch-common/infra/maas.yml.j2
@@ -10,7 +10,6 @@
 # NOTE: pod_config is generated and transferred into its final location on
 # cfg01 only during deployment to prevent leaking sensitive data
 classes:
-  - system.linux.system.single.simple
   - system.maas.region.single
   - service.maas.cluster.single
   - cluster.all-mcp-arch-common.opnfv.lab_proxy_pdf
@@ -20,9 +19,6 @@ parameters:
     mcpcontrol_interface: ${_param:opnfv_fn_vm_primary_interface}
     primary_interface: ${_param:opnfv_fn_vm_secondary_interface}
     pxe_admin_interface: ${_param:opnfv_fn_vm_tertiary_interface}
-    interface_mtu: 1500
-    # MaaS has issues using MTU > 1500 for PXE interface
-    pxe_admin_interface_mtu: 1500
     linux_system_codename: xenial
     maas_admin_username: opnfv
     dns_server01: '{{ nm.dns_public[0] }}'
@@ -33,6 +29,11 @@ parameters:
     opnfv_maas_timeout_deploying: {{ nm.maas_timeout_deploying }}
   maas:
     region:
+      timeout:
+        # Set maas.wait_for_<state> timeouts to ~2.5x of MaaS <state> timeout
+        ready: {{ nm.maas_timeout_comissioning * 150 }}
+        deployed: {{ nm.maas_timeout_deploying * 150 }}
+        attempts: 3
       boot_sources_delete_all_others: true
       boot_sources:
         resources_mirror:
@@ -109,8 +110,8 @@ parameters:
   linux:
     system:
       kernel:
-        ~boot_options:
-          - ipv6.disable=0
+        sysctl:
+          net.ipv4.ip_forward: 1
     network:
       interface:
         mcpcontrol_interface:
@@ -118,6 +119,7 @@ parameters:
           name: ${_param:mcpcontrol_interface}
           type: eth
           proto: dhcp
+          mtu: ${_param:interface_mtu}
         primary_interface:
           enabled: true
           name: ${_param:primary_interface}
@@ -139,8 +141,36 @@ parameters:
         pxe_admin_interface:
           enabled: true
           name: ${_param:pxe_admin_interface}
-          mtu: ${_param:pxe_admin_interface_mtu}
+          # MaaS has issues using MTU > 1500 for PXE interface
+          mtu: 1500
           proto: static
           address: ${_param:single_address}
           netmask: ${_param:opnfv_net_admin_mask}
           type: eth
+  iptables:
+    schema:
+      epoch: 1
+    service:
+      v4:
+        enabled: true
+        persistent_config: /etc/iptables/rules.v4
+      v6:
+        enabled: false
+    tables:
+      v4:
+        filter:
+          chains:
+            INPUT:
+              ruleset:
+                10:
+                  rule: -s ${_param:single_address}/${_param:opnfv_net_admin_mask}
+                11:
+                  rule: -d ${_param:single_address}/${_param:opnfv_net_admin_mask}
+        nat:
+          chains:
+            POSTROUTING:
+              policy: ACCEPT
+              ruleset:
+                10:
+                  rule: -s ${_param:single_address}/${_param:opnfv_net_admin_mask}
+                  action: MASQUERADE