Code Review / fuel.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: 2eeb096)
[baremetal] Retire mas01 NAT 93/49893/1
authorAlexandru Avadanii <Alexandru.Avadanii@enea.com>
Tue, 2 Jan 2018 04:36:07 +0000 (05:36 +0100)
committerAlexandru Avadanii <Alexandru.Avadanii@enea.com>
Wed, 3 Jan 2018 02:27:10 +0000 (03:27 +0100)
Isolate networks by retiring NAT on mas01; also cutting direct
internet access from cluster nodes that are not facing the public
network (prx, cmp).

NOTE: Since we are removing mas01 NAT, VCP VMs (except prx which have
public IPs) and kvm nodes (cmp also have public IPs) will no longer
have direct internet connectivity.
Cluster deployment and operations will work without it, but if it is
required for different reasons, the MaaS proxy could be enabled by
uncommenting the /etc/enviroment section in:
- cluster.baremetal-mcp-pike-common-ha.include.proxy.yml

JIRA: FUEL-317

Change-Id: I5ed8b420296b27df34a54ec1ebd7b7cf58041425
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
(cherry picked from commit 9a6e655e0b851ff6e449027c01ac1a66188b0064)

mcp/config/states/maas patch | blob | history
mcp/salt-formulas/maas/pxe_nat.sls [deleted file] patch | blob | history

diff --git a/mcp/config/states/maas b/mcp/config/states/maas
index 2062cba..02afd2c 100755 (executable)
--- a/mcp/config/states/maas
+++ b/mcp/config/states/maas
@@ -68,7 +68,6 @@ fi
 
 # MaaS rack/region controller, node commissioning
 salt -C 'mas01*' state.apply linux,salt,openssh,ntp
-salt -C 'mas01*' state.apply maas.pxe_nat
 salt -C 'mas01*' state.apply maas.cluster
 
 wait_for 10 "salt -C 'mas01*' state.apply maas.region"
diff --git a/mcp/salt-formulas/maas/pxe_nat.sls b/mcp/salt-formulas/maas/pxe_nat.sls
deleted file mode 100644 (file)
index 701bae0..0000000
--- a/mcp/salt-formulas/maas/pxe_nat.sls
+++ /dev/null
@@ -1,37 +0,0 @@
-##############################################################################
-# Copyright (c) 2017 Mirantis Inc., Enea AB and others.
-# All rights reserved. This program and the accompanying materials
-# are made available under the terms of the Apache License, Version 2.0
-# which accompanies this distribution, and is available at
-# http://www.apache.org/licenses/LICENSE-2.0
-##############################################################################
-net.ipv4.ip_forward:
-  sysctl.present:
-    - value: 1
-
-iptables_pxe_nat:
-  iptables.append:
-    - table: nat
-    - chain: POSTROUTING
-    - jump: MASQUERADE
-    - destination: 0/0
-    - source: {{ salt['pillar.get']('_param:single_address') }}/24
-    - save: True
-
-iptables_pxe_source:
-  iptables.append:
-    - table: filter
-    - chain: INPUT
-    - jump: ACCEPT
-    - destination: 0/0
-    - source: {{ salt['pillar.get']('_param:single_address') }}/24
-    - save: True
-
-iptables_pxe_destination:
-  iptables.append:
-    - table: filter
-    - chain: INPUT
-    - jump: ACCEPT
-    - destination: {{ salt['pillar.get']('_param:single_address') }}/24
-    - source: 0/0
-    - save: True