# NOTE: pod_config is generated and transferred into its final location on
# cfg01 only during deployment to prevent leaking sensitive data
classes:
- - system.linux.system.single.simple
- system.maas.region.single
- service.maas.cluster.single
- cluster.all-mcp-arch-common.opnfv.lab_proxy_pdf
mcpcontrol_interface: ${_param:opnfv_fn_vm_primary_interface}
primary_interface: ${_param:opnfv_fn_vm_secondary_interface}
pxe_admin_interface: ${_param:opnfv_fn_vm_tertiary_interface}
- interface_mtu: 1500
- # MaaS has issues using MTU > 1500 for PXE interface
- pxe_admin_interface_mtu: 1500
linux_system_codename: xenial
maas_admin_username: opnfv
dns_server01: '{{ nm.dns_public[0] }}'
opnfv_maas_timeout_deploying: {{ nm.maas_timeout_deploying }}
maas:
region:
+ timeout:
+ # Set maas.wait_for_<state> timeouts to ~2.5x of MaaS <state> timeout
+ ready: {{ nm.maas_timeout_comissioning * 150 }}
+ deployed: {{ nm.maas_timeout_deploying * 150 }}
+ attempts: 3
boot_sources_delete_all_others: true
boot_sources:
resources_mirror:
linux:
system:
kernel:
- ~boot_options:
- - ipv6.disable=0
+ sysctl:
+ net.ipv4.ip_forward: 1
network:
interface:
mcpcontrol_interface:
name: ${_param:mcpcontrol_interface}
type: eth
proto: dhcp
+ mtu: ${_param:interface_mtu}
primary_interface:
enabled: true
name: ${_param:primary_interface}
pxe_admin_interface:
enabled: true
name: ${_param:pxe_admin_interface}
- mtu: ${_param:pxe_admin_interface_mtu}
+ # MaaS has issues using MTU > 1500 for PXE interface
+ mtu: 1500
proto: static
address: ${_param:single_address}
netmask: ${_param:opnfv_net_admin_mask}
type: eth
+ iptables:
+ schema:
+ epoch: 1
+ service:
+ v4:
+ enabled: true
+ persistent_config: /etc/iptables/rules.v4
+ v6:
+ enabled: false
+ tables:
+ v4:
+ filter:
+ chains:
+ INPUT:
+ ruleset:
+ 10:
+ rule: -s ${_param:single_address}/${_param:opnfv_net_admin_mask}
+ 11:
+ rule: -d ${_param:single_address}/${_param:opnfv_net_admin_mask}
+ nat:
+ chains:
+ POSTROUTING:
+ policy: ACCEPT
+ ruleset:
+ 10:
+ rule: -s ${_param:single_address}/${_param:opnfv_net_admin_mask}
+ action: MASQUERADE