Add per subnet network cidr nat rules
Change-Id: I904bbbac383f5fddbe6a88177ef65981d009d28c Implements: blueprint tripleo-routed-networks-deployment
This commit is contained in:
parent
5353915e2c
commit
1b83386162
@ -1017,9 +1017,8 @@ tripleo::firewall::firewall_rules:
|
||||
- 13787
|
||||
'139 apache vhost':
|
||||
dport: "%{hiera('ironic_ipxe_port')}"
|
||||
'140 network cidr nat':
|
||||
chain: FORWARD
|
||||
destination: {{NETWORK_CIDR}}
|
||||
# 140 network cidr nat rules
|
||||
{{SUBNETS_CIDR_NAT_RULES}}
|
||||
'142 tripleo-ui':
|
||||
dport:
|
||||
- 3000
|
||||
|
@ -714,6 +714,33 @@ class TestGenerateEnvironment(BaseTestCase):
|
||||
actual = json.loads(env['SUBNETS_STATIC_ROUTES'])
|
||||
self.assertEqual(reference, actual)
|
||||
|
||||
def test_subnets_subnets_cidr_nat_rules(self):
|
||||
self.conf.config(subnets=['ctlplane-subnet', 'subnet1', 'subnet2'])
|
||||
self.conf.register_opts(self.opts, group=self.grp1)
|
||||
self.conf.register_opts(self.opts, group=self.gtp2)
|
||||
self.conf.config(cidr='192.168.24.0/24',
|
||||
dhcp_start='192.168.24.5', dhcp_end='192.168.24.24',
|
||||
inspection_iprange='192.168.24.100,192.168.24.120',
|
||||
gateway='192.168.24.1', group='ctlplane-subnet')
|
||||
self.conf.config(cidr='192.168.10.0/24', dhcp_start='192.168.10.10',
|
||||
dhcp_end='192.168.10.99',
|
||||
inspection_iprange='192.168.10.100,192.168.10.189',
|
||||
gateway='192.168.10.254', group='subnet1')
|
||||
self.conf.config(cidr='192.168.20.0/24', dhcp_start='192.168.20.10',
|
||||
dhcp_end='192.168.20.99',
|
||||
inspection_iprange='192.168.20.100,192.168.20.189',
|
||||
gateway='192.168.20.254', group='subnet2')
|
||||
|
||||
env = undercloud._generate_environment('.')
|
||||
reference = ('"140 ctlplane-subnet cidr nat": '
|
||||
'{"chain": "FORWARD", "destination": "192.168.24.0/24"}'
|
||||
'\n "140 subnet1 cidr nat": '
|
||||
'{"chain": "FORWARD", "destination": "192.168.10.0/24"}'
|
||||
'\n "140 subnet2 cidr nat": '
|
||||
'{"chain": "FORWARD", "destination": "192.168.20.0/24"}')
|
||||
actual = env['SUBNETS_CIDR_NAT_RULES']
|
||||
self.assertEqual(reference, actual)
|
||||
|
||||
|
||||
class TestWritePasswordFile(BaseTestCase):
|
||||
def test_normal(self):
|
||||
|
@ -1157,8 +1157,8 @@ class InstackEnvironment(dict):
|
||||
'ENABLED_RAID_INTERFACES', 'ENABLED_VENDOR_INTERFACES',
|
||||
'ENABLED_MANAGEMENT_INTERFACES', 'SYSCTL_SETTINGS',
|
||||
'LOCAL_IP_WRAPPED', 'ENABLE_ARCHITECTURE_PPC64LE',
|
||||
'INSPECTION_SUBNETS', 'SUBNETS_STATIC_ROUTES',
|
||||
}
|
||||
'INSPECTION_SUBNETS', 'SUBNETS_CIDR_NAT_RULES',
|
||||
'SUBNETS_STATIC_ROUTES'}
|
||||
"""The variables we calculate in _generate_environment call."""
|
||||
|
||||
PUPPET_KEYS = DYNAMIC_KEYS | {opt.name.upper() for _, group in list_opts()
|
||||
@ -1286,6 +1286,21 @@ def _generate_subnets_static_routes():
|
||||
return json.dumps(env_list)
|
||||
|
||||
|
||||
def _generate_subnets_cidr_nat_rules():
|
||||
env_list = []
|
||||
for subnet in CONF.subnets:
|
||||
env_dict = {}
|
||||
s = CONF.get(subnet)
|
||||
env_dict['140 ' + subnet + ' cidr nat'] = {
|
||||
'chain': 'FORWARD',
|
||||
'destination': s.cidr
|
||||
}
|
||||
# NOTE(hjensas): sort_keys=True because unit test reference is static
|
||||
env_list.append(json.dumps(env_dict, sort_keys=True)[1:-1])
|
||||
# Whitespace after newline required for indentation in templated yaml
|
||||
return '\n '.join(env_list)
|
||||
|
||||
|
||||
def _generate_environment(instack_root):
|
||||
"""Generate an environment dict for instack
|
||||
|
||||
@ -1375,6 +1390,7 @@ def _generate_environment(instack_root):
|
||||
|
||||
_process_drivers_and_hardware_types(instack_env)
|
||||
instack_env['INSPECTION_SUBNETS'] = _generate_inspection_subnets()
|
||||
instack_env['SUBNETS_CIDR_NAT_RULES'] = _generate_subnets_cidr_nat_rules()
|
||||
instack_env['SUBNETS_STATIC_ROUTES'] = _generate_subnets_static_routes()
|
||||
|
||||
instack_env['SYSCTL_SETTINGS'] = _generate_sysctl_settings()
|
||||
|
Loading…
Reference in New Issue
Block a user