Browse Source

Configure IP tables in devstack plugin

Currently, we instruct users to manually configure IP tables for IP
masquerading. We should take a step forward to automatically configure
IP tables in Magnum's devstack plugin.

Note: The functional gate test needs this patch to allow internet access
inside the provisioned bay.

Change-Id: Ia2ca494f85bfed76a80027bc3310494494d704cd
Closes-Bug: #1478106
changes/39/205639/4
Hongbin Lu 6 years ago
parent
commit
5f4a0ca6a7
3 changed files with 17 additions and 12 deletions
  1. +15
    -0
      devstack/lib/magnum
  2. +2
    -0
      devstack/plugin.sh
  3. +0
    -12
      doc/source/dev/dev-quickstart.rst

+ 15
- 0
devstack/lib/magnum View File

@ -17,6 +17,7 @@
# - init_magnum
# - magnum_register_image
# - start_magnum
# - configure_iptables
# - stop_magnum
# - cleanup_magnum
@ -61,6 +62,10 @@ else
MAGNUM_BIN_DIR=$(get_python_exec_prefix)
fi
if is_service_enabled ir-api; then
MAGNUM_CONFIGURE_IPTABLES=${MAGNUM_CONFIGURE_IPTABLES:-False}
fi
# Functions
# ---------
@ -255,6 +260,16 @@ function start_magnum_api {
}
# configure_iptables() - Configure the IP table rules for Magnum
function configure_iptables {
if [ "$MAGNUM_CONFIGURE_IPTABLES" != "False" ]; then
ROUTE_TO_INTERNET=$(ip route get 8.8.8.8)
OBOUND_DEV=$(echo ${ROUTE_TO_INTERNET#*dev} | awk '{print $1}')
sudo iptables -t nat -A POSTROUTING -o $OBOUND_DEV -j MASQUERADE
fi
}
# start_magnum() - Start running processes, including screen
function start_magnum {


+ 2
- 0
devstack/plugin.sh View File

@ -45,6 +45,8 @@ if is_service_enabled m-api m-cond; then
# Start the magnum API and magnum taskmgr components
echo_summary "Starting magnum"
start_magnum
configure_iptables
fi
if [[ "$1" == "unstack" ]]; then


+ 0
- 12
doc/source/dev/dev-quickstart.rst View File

@ -141,18 +141,6 @@ http://docs.openstack.org/developer/devstack/configuration.html
More neutron configuration information can be found at
http://docs.openstack.org/developer/devstack/guides/neutron.html
Create a local.sh to automatically make necessary networking changes during
the devstack deployment process. This will allow bays spawned by magnum to
access the internet through PUBLIC_INTERFACE::
cat > /opt/stack/devstack/local.sh << 'END_LOCAL_SH'
#!/bin/sh
ROUTE_TO_INTERNET=$(ip route get 8.8.8.8)
OBOUND_DEV=$(echo ${ROUTE_TO_INTERNET#*dev} | awk '{print $1}')
sudo iptables -t nat -A POSTROUTING -o $OBOUND_DEV -j MASQUERADE
END_LOCAL_SH
chmod 755 /opt/stack/devstack/local.sh
Run devstack::
cd /opt/stack/devstack


Loading…
Cancel
Save