Add masquerade rule for undercloud

2014-10-08 10:00:54 -04:00 · 2014-10-08 10:00:54 -04:00 · 5ec8532bbf
commit 5ec8532bbf
parent badeb15ca5
3 changed files with 28 additions and 1 deletions
--- a/.gitignore
+++ b/.gitignore
@ -12,7 +12,6 @@ build
 eggs
 parts
 bin
-var
 sdist
 develop-eggs
 .installed.cfg
--- a/elements/undercloud-stack-config/os-apply-config/var/opt/undercloud-stack/masquerade
+++ b/elements/undercloud-stack-config/os-apply-config/var/opt/undercloud-stack/masquerade
@ -0,0 +1,22 @@
+# In case this script crashed or was interrupted earlier, flush, unlink and
+# delete the temp chain.
+iptables -t nat -F BOOTSTACK_MASQ_NEW || true
+iptables -t nat -D POSTROUTING -j BOOTSTACK_MASQ_NEW || true
+iptables -t nat -X BOOTSTACK_MASQ_NEW || true
+iptables -t nat -N BOOTSTACK_MASQ_NEW
+# Build the chain we want.
+{{#bootstack.masquerade_networks}}
+NETWORK={{.}}
+# Workaround iptables not permitting two -d parameters in one call.
+iptables -t nat -A BOOTSTACK_MASQ_NEW -s $NETWORK -d 192.168.122.1 -j RETURN
+iptables -t nat -A BOOTSTACK_MASQ_NEW -s $NETWORK ! -d $NETWORK -j MASQUERADE
+{{/bootstack.masquerade_networks}}
+# Link it in.
+iptables -t nat -I POSTROUTING -j BOOTSTACK_MASQ_NEW
+# Delete the old chain if present.
+iptables -t nat -F BOOTSTACK_MASQ || true
+iptables -t nat -D POSTROUTING -j BOOTSTACK_MASQ || true
+iptables -t nat -X BOOTSTACK_MASQ || true
+# Rename the new chain into permanence.
+iptables -t nat -E BOOTSTACK_MASQ_NEW BOOTSTACK_MASQ
+
--- a/elements/undercloud-stack-config/os-refresh-config/post-configure.d/80-seedstack-masquerade
+++ b/elements/undercloud-stack-config/os-refresh-config/post-configure.d/80-seedstack-masquerade
@ -0,0 +1,6 @@
+#!/bin/bash
+set -eux
+
+RULES_SCRIPT=/var/opt/undercloud-stack/masquerade
+
+. $RULES_SCRIPT