Configure IP tables in devstack plugin

Currently, we instruct users to manually configure IP tables for IP masquerading. We should take a step forward to automatically configure IP tables in Magnum's devstack plugin. Note: The functional gate test needs this patch to allow internet access inside the provisioned bay. Change-Id: Ia2ca494f85bfed76a80027bc3310494494d704cd Closes-Bug: #1478106
2015-07-24 13:46:28 -04:00 · 2015-07-24 13:46:28 -04:00 · 5f4a0ca6a7
parent 657136ec22
commit 5f4a0ca6a7
3 changed files with 17 additions and 12 deletions
--- a/devstack/lib/magnum
+++ b/devstack/lib/magnum
@ -17,6 +17,7 @@
 # - init_magnum
 # - magnum_register_image
 # - start_magnum
+# - configure_iptables
 # - stop_magnum
 # - cleanup_magnum

@ -61,6 +62,10 @@ else
    MAGNUM_BIN_DIR=$(get_python_exec_prefix)
 fi

+if is_service_enabled ir-api; then
+    MAGNUM_CONFIGURE_IPTABLES=${MAGNUM_CONFIGURE_IPTABLES:-False}
+fi
+
 # Functions
 # ---------

@ -255,6 +260,16 @@ function start_magnum_api {
 }


+# configure_iptables() - Configure the IP table rules for Magnum
+function configure_iptables {
+    if [ "$MAGNUM_CONFIGURE_IPTABLES" != "False" ]; then
+        ROUTE_TO_INTERNET=$(ip route get 8.8.8.8)
+        OBOUND_DEV=$(echo ${ROUTE_TO_INTERNET#*dev} | awk '{print $1}')
+        sudo iptables -t nat -A POSTROUTING -o $OBOUND_DEV -j MASQUERADE
+    fi
+}
+
+
 # start_magnum() - Start running processes, including screen
 function start_magnum {

--- a/devstack/plugin.sh
+++ b/devstack/plugin.sh
@ -45,6 +45,8 @@ if is_service_enabled m-api m-cond; then
        # Start the magnum API and magnum taskmgr components
        echo_summary "Starting magnum"
        start_magnum
+
+        configure_iptables
    fi

    if [[ "$1" == "unstack" ]]; then
--- a/doc/source/dev/dev-quickstart.rst
+++ b/doc/source/dev/dev-quickstart.rst
@ -141,18 +141,6 @@ http://docs.openstack.org/developer/devstack/configuration.html
 More neutron configuration information can be found at
 http://docs.openstack.org/developer/devstack/guides/neutron.html

-Create a local.sh to automatically make necessary networking changes during
-the devstack deployment process. This will allow bays spawned by magnum to
-access the internet through PUBLIC_INTERFACE::
-
-    cat > /opt/stack/devstack/local.sh << 'END_LOCAL_SH'
-    #!/bin/sh
-    ROUTE_TO_INTERNET=$(ip route get 8.8.8.8)
-    OBOUND_DEV=$(echo ${ROUTE_TO_INTERNET#*dev} | awk '{print $1}')
-    sudo iptables -t nat -A POSTROUTING -o $OBOUND_DEV -j MASQUERADE
-    END_LOCAL_SH
-    chmod 755 /opt/stack/devstack/local.sh
-
 Run devstack::

    cd /opt/stack/devstack