Remove default routes via hapr-p/hapr-m in haproxy ns

We no longer need those default routes and iptables marking/nat, since we have 'hapr-ns' interface and default route via it, which provides connectivity to other networks from haproxy namespace. Change-Id: I67dbbbb1dcd61a201b697029d84a54679cc61018 Closes-bug: #1433150
2015-03-17 17:55:20 +02:00 · 2015-03-17 17:55:20 +02:00 · 084b843909
commit 084b843909
parent 296050759a
1 changed files with 4 additions and 10 deletions
--- a/deployment/puppet/osnailyfacter/modular/virtual_ips/virtual_ips.pp
+++ b/deployment/puppet/osnailyfacter/modular/virtual_ips/virtual_ips.pp
@ -22,13 +22,10 @@ $vips = { # Do not convert to ARRAY, It can't work in 2.7
      ns_veth              => "hapr-m",
      ip                   => hiera('management_vip'),
      cidr_netmask         => $vip_management_cidr_netmask,
-      gateway              => 'link',
-      gateway_metric       => '20',
+      gateway              => 'none',
+      gateway_metric       => '0',
      bridge               => $network_scheme['roles']['management'],
      other_networks       => $vip_mgmt_other_nets,
-      iptables_start_rules => "iptables -t mangle -I PREROUTING -i ${internal_int}-hapr -j MARK --set-mark 0x2b ; iptables -t nat -I POSTROUTING -m mark --mark 0x2b ! -o ${network_scheme['roles']['management']} -j MASQUERADE",
-      iptables_stop_rules  => "iptables -t mangle -D PREROUTING -i ${internal_int}-hapr -j MARK --set-mark 0x2b ; iptables -t nat -D POSTROUTING -m mark --mark 0x2b ! -o ${network_scheme['roles']['management']} -j MASQUERADE",
-      iptables_comment     => "masquerade-for-management-net",
      with_ping            => false,
      ping_host_list       => "",
    },
@ -62,13 +59,10 @@ if $public_int {
      ns_veth              => 'hapr-p',
      ip                   => hiera('public_vip'),
      cidr_netmask         => $vip_public_cidr_netmask,
-      gateway              => 'link',
-      gateway_metric       => '10',
+      gateway              => 'none',
+      gateway_metric       => '0',
      bridge               => $network_scheme['roles']['ex'],
      other_networks       => $vip_publ_other_nets,
-      iptables_start_rules => "iptables -t mangle -I PREROUTING -i ${public_int}-hapr -j MARK --set-mark 0x2a ; iptables -t nat -I POSTROUTING -m mark --mark 0x2a ! -o ${network_scheme['roles']['ex']} -j MASQUERADE",
-      iptables_stop_rules  => "iptables -t mangle -D PREROUTING -i ${public_int}-hapr -j MARK --set-mark 0x2a ; iptables -t nat -D POSTROUTING -m mark --mark 0x2a ! -o ${network_scheme['roles']['ex']} -j MASQUERADE",
-      iptables_comment     => "masquerade-for-public-net",      
      tie_with_ping        => hiera('run_ping_checker', true),
      ping_host_list       => $network_scheme['endpoints']['br-ex']['gateway'],
    }