From 28684e6c6ef63a2e7d2368371c29dd3328ae2c58 Mon Sep 17 00:00:00 2001
From: Matt Thompson <mattt@defunct.ca>
Date: Thu, 7 Sep 2017 10:25:23 -0400
Subject: [PATCH] Add missing features to multi-node-aio

The multi-node-aio update that moved the provisioning from bash to
ansible dropped a few features that we use for gating purposes.  This
commit re-adds the following:

1. The ability to drop iptables rules to do port redirection from the
   host to private IPs.  This is controlled by CONFIG_PREROUTING and
   the ansible variable mnaio_host_iptables_prerouting_ports.
2. /etc/hosts on the physical node is now updated w/ the hostname and
   IP of each VM so we can access VMs by name.

NOTE: With #1, we redirect to the VM's DHCP address, and not it's
      management address.  The latter seemed to the desired address
      but didn't work, which is why we've resorted to DHCP.  If using
      this address is incorrect please note so we can investigate
      further.

Change-Id: Ib194c314280f2474a2e4dac6d0feba44b1ee696f
---
 multi-node-aio/README.rst                       |  4 ++++
 multi-node-aio/build.sh                         |  1 +
 multi-node-aio/playbooks/deploy-vms.yml         |  8 ++++++++
 .../playbooks/group_vars/mnaio_hosts.yml        | 17 +++++++++++++++++
 multi-node-aio/playbooks/setup-host.yml         |  8 ++++++++
 5 files changed, 38 insertions(+)

diff --git a/multi-node-aio/README.rst b/multi-node-aio/README.rst
index 9863b29a..33935618 100644
--- a/multi-node-aio/README.rst
+++ b/multi-node-aio/README.rst
@@ -136,6 +136,10 @@ Instruct the system to configure the completed OpenStack deployment with some
 example flavors, images, networks, etc.:
   ``CONFIGURE_OPENSTACK=${CONFIGURE_OPENSTACK:-true}``
 
+Instruct the system to configure iptables prerouting rules for connecting to
+VMs from outside the host:
+  ``CONFIG_PREROUTING=${CONFIG_PREROUTING:-true}``
+
 
 Re-kicking VM(s)
 ----------------
diff --git a/multi-node-aio/build.sh b/multi-node-aio/build.sh
index d1dea36d..fd678a6b 100755
--- a/multi-node-aio/build.sh
+++ b/multi-node-aio/build.sh
@@ -39,5 +39,6 @@ ansible-playbook -vv \
                  -e run_osa=${RUN_OSA:-"true"} \
                  -e pre_config_osa=${PRE_CONFIG_OSA:-"true"} \
                  -e configure_openstack=${CONFIGURE_OPENSTACK:-"true"} \
+                 -e config_prerouting=${CONFIG_PREROUTING:-"false"} \
                  --force-handlers \
                  playbooks/site.yml
diff --git a/multi-node-aio/playbooks/deploy-vms.yml b/multi-node-aio/playbooks/deploy-vms.yml
index 291115ab..289a0d3b 100644
--- a/multi-node-aio/playbooks/deploy-vms.yml
+++ b/multi-node-aio/playbooks/deploy-vms.yml
@@ -80,6 +80,14 @@
         - hostvars[item]['server_vm'] | default(false) | bool
       with_items: "{{ groups['pxe_servers'] }}"
 
+    - name: Add VM to /etc/hosts file
+      lineinfile:
+        path: "/etc/hosts"
+        line: "{{ hostvars[item]['ansible_host'] }} {{ hostvars[item]['server_hostname'] }}"
+      when:
+        - hostvars[item]['server_vm'] | default(false) | bool
+      with_items: "{{ groups['pxe_servers'] }}"
+
   environment: "{{ deployment_environment_variables | default({}) }}"
 
   tags:
diff --git a/multi-node-aio/playbooks/group_vars/mnaio_hosts.yml b/multi-node-aio/playbooks/group_vars/mnaio_hosts.yml
index 6ce96282..d84e2da3 100644
--- a/multi-node-aio/playbooks/group_vars/mnaio_hosts.yml
+++ b/multi-node-aio/playbooks/group_vars/mnaio_hosts.yml
@@ -48,3 +48,20 @@ mnaio_host_iptables_rules:
     chain: POSTROUTING
     out_interface: "{{ masquerade_interface | default(default_interface) }}"
     jump: MASQUERADE
+
+mnaio_host_iptables_prerouting_ports:
+  - host_port: 80
+    vm_port: 80
+    vm_ip: "{{ hostvars[groups['loadbalancer_hosts'][0]]['server_vm_fixed_addr'] }}"
+  - host_port: 443
+    vm_port: 443
+    vm_ip: "{{ hostvars[groups['loadbalancer_hosts'][0]]['server_vm_fixed_addr'] }}"
+  - host_port: 2222
+    vm_port: 22
+    vm_ip: "{{ hostvars[groups['deploy_hosts'][0]]['server_vm_fixed_addr'] }}"
+  - host_port: 6080
+    vm_port: 6080
+    vm_ip: "{{ hostvars[groups['loadbalancer_hosts'][0]]['server_vm_fixed_addr'] }}"
+  - host_port: 6082
+    vm_port: 6082
+    vm_ip: "{{ hostvars[groups['loadbalancer_hosts'][0]]['server_vm_fixed_addr'] }}"
diff --git a/multi-node-aio/playbooks/setup-host.yml b/multi-node-aio/playbooks/setup-host.yml
index 45635ab4..7fa3b980 100644
--- a/multi-node-aio/playbooks/setup-host.yml
+++ b/multi-node-aio/playbooks/setup-host.yml
@@ -111,6 +111,14 @@
         - table: 'mangle'
           rule: 'POSTROUTING -s 10.0.2.0/22 -o vm-br-dhcp -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill'
 
+    - name: Add IPtables pre-routing rules to allow external access to VMs
+      shell: |
+        if ! iptables -w -t nat -C PREROUTING -p tcp -d {{ ansible_default_ipv4.address }} --dport {{ item.host_port }} -j DNAT --to {{ item.vm_ip }}:{{ item.vm_port }};then
+          iptables -w -t nat -I PREROUTING -p tcp -d {{ ansible_default_ipv4.address }} --dport {{ item.host_port }} -j DNAT --to {{ item.vm_ip }}:{{ item.vm_port }}
+        fi
+      with_items: "{{ mnaio_host_iptables_prerouting_ports }}"
+      when: config_prerouting | default(false) | bool
+
     - name: Start netfilter persistent
       service:
         name: "{{ mnaio_host_iptables_service }}"