Code Review / fuel.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: cf6cd9c)
Revert "[baremetal] Retire mas01 NAT" 67/53267/1
authorAlexandru Avadanii <Alexandru.Avadanii@enea.com>
Wed, 7 Mar 2018 23:49:03 +0000 (00:49 +0100)
committerAlexandru Avadanii <Alexandru.Avadanii@enea.com>
Wed, 7 Mar 2018 23:51:29 +0000 (00:51 +0100)
Bring back public internet access to all cluster nodes via NAT
on mas01 node, required for NTP syncing.

NOTE: Both mcpcontrol and PXE/admin networks are currently
hard wired to using /24 netmask, so we leverage that in pxe_nat.sls.

JIRA: FUEL-348

This reverts commit 9a6e655e0b851ff6e449027c01ac1a66188b0064.

Change-Id: I7bab385f95f8c6d92cadc4e2149c2cd56e10c506
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
mcp/config/states/maas patch | blob | history
mcp/salt-formulas/maas/pxe_nat.sls [new file with mode: 0644] patch | blob

diff --git a/mcp/config/states/maas b/mcp/config/states/maas
index f6c9f83..10cfd01 100755 (executable)
--- a/mcp/config/states/maas
+++ b/mcp/config/states/maas
@@ -88,6 +88,7 @@ fi
 
 # MaaS rack/region controller, node commissioning
 salt -C 'mas01*' state.apply linux,salt,openssh,ntp
+salt -C 'mas01*' state.apply maas.pxe_nat
 salt -C 'mas01*' state.apply maas.cluster
 
 wait_for 10 "salt -C 'mas01*' state.apply maas.region"
diff --git a/mcp/salt-formulas/maas/pxe_nat.sls b/mcp/salt-formulas/maas/pxe_nat.sls
new file mode 100644 (file)
index 0000000..701bae0
--- /dev/null
+++ b/mcp/salt-formulas/maas/pxe_nat.sls
@@ -0,0 +1,37 @@
+##############################################################################
+# Copyright (c) 2017 Mirantis Inc., Enea AB and others.
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+net.ipv4.ip_forward:
+  sysctl.present:
+    - value: 1
+
+iptables_pxe_nat:
+  iptables.append:
+    - table: nat
+    - chain: POSTROUTING
+    - jump: MASQUERADE
+    - destination: 0/0
+    - source: {{ salt['pillar.get']('_param:single_address') }}/24
+    - save: True
+
+iptables_pxe_source:
+  iptables.append:
+    - table: filter
+    - chain: INPUT
+    - jump: ACCEPT
+    - destination: 0/0
+    - source: {{ salt['pillar.get']('_param:single_address') }}/24
+    - save: True
+
+iptables_pxe_destination:
+  iptables.append:
+    - table: filter
+    - chain: INPUT
+    - jump: ACCEPT
+    - destination: {{ salt['pillar.get']('_param:single_address') }}/24
+    - source: 0/0
+    - save: True