diff --git a/elements/puppet-stack-config/puppet-stack-config.yaml.template b/elements/puppet-stack-config/puppet-stack-config.yaml.template index cdd8fed08..5196f67e8 100644 --- a/elements/puppet-stack-config/puppet-stack-config.yaml.template +++ b/elements/puppet-stack-config/puppet-stack-config.yaml.template @@ -1017,9 +1017,8 @@ tripleo::firewall::firewall_rules: - 13787 '139 apache vhost': dport: "%{hiera('ironic_ipxe_port')}" - '140 network cidr nat': - chain: FORWARD - destination: {{NETWORK_CIDR}} + # 140 network cidr nat rules + {{SUBNETS_CIDR_NAT_RULES}} '142 tripleo-ui': dport: - 3000 diff --git a/instack_undercloud/tests/test_undercloud.py b/instack_undercloud/tests/test_undercloud.py index a73c9a75c..7229bc57f 100644 --- a/instack_undercloud/tests/test_undercloud.py +++ b/instack_undercloud/tests/test_undercloud.py @@ -714,6 +714,33 @@ class TestGenerateEnvironment(BaseTestCase): actual = json.loads(env['SUBNETS_STATIC_ROUTES']) self.assertEqual(reference, actual) + def test_subnets_subnets_cidr_nat_rules(self): + self.conf.config(subnets=['ctlplane-subnet', 'subnet1', 'subnet2']) + self.conf.register_opts(self.opts, group=self.grp1) + self.conf.register_opts(self.opts, group=self.gtp2) + self.conf.config(cidr='192.168.24.0/24', + dhcp_start='192.168.24.5', dhcp_end='192.168.24.24', + inspection_iprange='192.168.24.100,192.168.24.120', + gateway='192.168.24.1', group='ctlplane-subnet') + self.conf.config(cidr='192.168.10.0/24', dhcp_start='192.168.10.10', + dhcp_end='192.168.10.99', + inspection_iprange='192.168.10.100,192.168.10.189', + gateway='192.168.10.254', group='subnet1') + self.conf.config(cidr='192.168.20.0/24', dhcp_start='192.168.20.10', + dhcp_end='192.168.20.99', + inspection_iprange='192.168.20.100,192.168.20.189', + gateway='192.168.20.254', group='subnet2') + + env = undercloud._generate_environment('.') + reference = ('"140 ctlplane-subnet cidr nat": ' + '{"chain": "FORWARD", "destination": "192.168.24.0/24"}' + '\n "140 subnet1 cidr nat": ' + '{"chain": "FORWARD", "destination": "192.168.10.0/24"}' + '\n "140 subnet2 cidr nat": ' + '{"chain": "FORWARD", "destination": "192.168.20.0/24"}') + actual = env['SUBNETS_CIDR_NAT_RULES'] + self.assertEqual(reference, actual) + class TestWritePasswordFile(BaseTestCase): def test_normal(self): diff --git a/instack_undercloud/undercloud.py b/instack_undercloud/undercloud.py index 01a13efd8..370120e9d 100644 --- a/instack_undercloud/undercloud.py +++ b/instack_undercloud/undercloud.py @@ -1157,8 +1157,8 @@ class InstackEnvironment(dict): 'ENABLED_RAID_INTERFACES', 'ENABLED_VENDOR_INTERFACES', 'ENABLED_MANAGEMENT_INTERFACES', 'SYSCTL_SETTINGS', 'LOCAL_IP_WRAPPED', 'ENABLE_ARCHITECTURE_PPC64LE', - 'INSPECTION_SUBNETS', 'SUBNETS_STATIC_ROUTES', - } + 'INSPECTION_SUBNETS', 'SUBNETS_CIDR_NAT_RULES', + 'SUBNETS_STATIC_ROUTES'} """The variables we calculate in _generate_environment call.""" PUPPET_KEYS = DYNAMIC_KEYS | {opt.name.upper() for _, group in list_opts() @@ -1286,6 +1286,21 @@ def _generate_subnets_static_routes(): return json.dumps(env_list) +def _generate_subnets_cidr_nat_rules(): + env_list = [] + for subnet in CONF.subnets: + env_dict = {} + s = CONF.get(subnet) + env_dict['140 ' + subnet + ' cidr nat'] = { + 'chain': 'FORWARD', + 'destination': s.cidr + } + # NOTE(hjensas): sort_keys=True because unit test reference is static + env_list.append(json.dumps(env_dict, sort_keys=True)[1:-1]) + # Whitespace after newline required for indentation in templated yaml + return '\n '.join(env_list) + + def _generate_environment(instack_root): """Generate an environment dict for instack @@ -1375,6 +1390,7 @@ def _generate_environment(instack_root): _process_drivers_and_hardware_types(instack_env) instack_env['INSPECTION_SUBNETS'] = _generate_inspection_subnets() + instack_env['SUBNETS_CIDR_NAT_RULES'] = _generate_subnets_cidr_nat_rules() instack_env['SUBNETS_STATIC_ROUTES'] = _generate_subnets_static_routes() instack_env['SYSCTL_SETTINGS'] = _generate_sysctl_settings()