From 21f34dab9380f98622c0075fa8f4b5868916a27f Mon Sep 17 00:00:00 2001 From: Alexandru Avadanii Date: Thu, 8 Mar 2018 00:49:03 +0100 Subject: [PATCH] Revert "[baremetal] Retire mas01 NAT" Bring back public internet access to all cluster nodes via NAT on mas01 node, required for NTP syncing. NOTE: Both mcpcontrol and PXE/admin networks are currently hard wired to using /24 netmask, so we leverage that in pxe_nat.sls. JIRA: FUEL-348 This reverts commit 9a6e655e0b851ff6e449027c01ac1a66188b0064. Change-Id: I7bab385f95f8c6d92cadc4e2149c2cd56e10c506 Signed-off-by: Alexandru Avadanii --- mcp/config/states/maas | 1 + mcp/salt-formulas/maas/pxe_nat.sls | 37 +++++++++++++++++++++++++++++++++++++ 2 files changed, 38 insertions(+) create mode 100644 mcp/salt-formulas/maas/pxe_nat.sls diff --git a/mcp/config/states/maas b/mcp/config/states/maas index f6c9f833c..10cfd01bf 100755 --- a/mcp/config/states/maas +++ b/mcp/config/states/maas @@ -88,6 +88,7 @@ fi # MaaS rack/region controller, node commissioning salt -C 'mas01*' state.apply linux,salt,openssh,ntp +salt -C 'mas01*' state.apply maas.pxe_nat salt -C 'mas01*' state.apply maas.cluster wait_for 10 "salt -C 'mas01*' state.apply maas.region" diff --git a/mcp/salt-formulas/maas/pxe_nat.sls b/mcp/salt-formulas/maas/pxe_nat.sls new file mode 100644 index 000000000..701bae07a --- /dev/null +++ b/mcp/salt-formulas/maas/pxe_nat.sls @@ -0,0 +1,37 @@ +############################################################################## +# Copyright (c) 2017 Mirantis Inc., Enea AB and others. +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +net.ipv4.ip_forward: + sysctl.present: + - value: 1 + +iptables_pxe_nat: + iptables.append: + - table: nat + - chain: POSTROUTING + - jump: MASQUERADE + - destination: 0/0 + - source: {{ salt['pillar.get']('_param:single_address') }}/24 + - save: True + +iptables_pxe_source: + iptables.append: + - table: filter + - chain: INPUT + - jump: ACCEPT + - destination: 0/0 + - source: {{ salt['pillar.get']('_param:single_address') }}/24 + - save: True + +iptables_pxe_destination: + iptables.append: + - table: filter + - chain: INPUT + - jump: ACCEPT + - destination: {{ salt['pillar.get']('_param:single_address') }}/24 + - source: 0/0 + - save: True -- 2.16.6