Add missing features to multi-node-aio

The multi-node-aio update that moved the provisioning from bash to
ansible dropped a few features that we use for gating purposes.  This
commit re-adds the following:

1. The ability to drop iptables rules to do port redirection from the
   host to private IPs.  This is controlled by CONFIG_PREROUTING and
   the ansible variable mnaio_host_iptables_prerouting_ports.
2. /etc/hosts on the physical node is now updated w/ the hostname and
   IP of each VM so we can access VMs by name.

NOTE: With #1, we redirect to the VM's DHCP address, and not it's
      management address.  The latter seemed to the desired address
      but didn't work, which is why we've resorted to DHCP.  If using
      this address is incorrect please note so we can investigate
      further.

Change-Id: Ib194c314280f2474a2e4dac6d0feba44b1ee696f

multi-node-aio/README.rst

@@ -136,6 +136,10 @@ Instruct the system to configure the completed OpenStack deployment with some
 example flavors, images, networks, etc.:
   ``CONFIGURE_OPENSTACK=${CONFIGURE_OPENSTACK:-true}``
 
+Instruct the system to configure iptables prerouting rules for connecting to
+VMs from outside the host:
+  ``CONFIG_PREROUTING=${CONFIG_PREROUTING:-true}``
+
 
 Re-kicking VM(s)
 ----------------

multi-node-aio/build.sh

@@ -39,5 +39,6 @@ ansible-playbook -vv \
                  -e run_osa=${RUN_OSA:-"true"} \
                  -e pre_config_osa=${PRE_CONFIG_OSA:-"true"} \
                  -e configure_openstack=${CONFIGURE_OPENSTACK:-"true"} \
+                 -e config_prerouting=${CONFIG_PREROUTING:-"false"} \
                  --force-handlers \
                  playbooks/site.yml

multi-node-aio/playbooks/deploy-vms.yml

@@ -80,6 +80,14 @@
         - hostvars[item]['server_vm'] | default(false) | bool
       with_items: "{{ groups['pxe_servers'] }}"
 
+    - name: Add VM to /etc/hosts file
+      lineinfile:
+        path: "/etc/hosts"
+        line: "{{ hostvars[item]['ansible_host'] }} {{ hostvars[item]['server_hostname'] }}"
+      when:
+        - hostvars[item]['server_vm'] | default(false) | bool
+      with_items: "{{ groups['pxe_servers'] }}"
+
   environment: "{{ deployment_environment_variables | default({}) }}"
 
   tags:

multi-node-aio/playbooks/group_vars/mnaio_hosts.yml

@@ -48,3 +48,20 @@ mnaio_host_iptables_rules:
     chain: POSTROUTING
     out_interface: "{{ masquerade_interface | default(default_interface) }}"
     jump: MASQUERADE
+
+mnaio_host_iptables_prerouting_ports:
+  - host_port: 80
+    vm_port: 80
+    vm_ip: "{{ hostvars[groups['loadbalancer_hosts'][0]]['server_vm_fixed_addr'] }}"
+  - host_port: 443
+    vm_port: 443
+    vm_ip: "{{ hostvars[groups['loadbalancer_hosts'][0]]['server_vm_fixed_addr'] }}"
+  - host_port: 2222
+    vm_port: 22
+    vm_ip: "{{ hostvars[groups['deploy_hosts'][0]]['server_vm_fixed_addr'] }}"
+  - host_port: 6080
+    vm_port: 6080
+    vm_ip: "{{ hostvars[groups['loadbalancer_hosts'][0]]['server_vm_fixed_addr'] }}"
+  - host_port: 6082
+    vm_port: 6082
+    vm_ip: "{{ hostvars[groups['loadbalancer_hosts'][0]]['server_vm_fixed_addr'] }}"

multi-node-aio/playbooks/setup-host.yml

@@ -111,6 +111,14 @@
         - table: 'mangle'
           rule: 'POSTROUTING -s 10.0.2.0/22 -o vm-br-dhcp -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill'
 
+    - name: Add IPtables pre-routing rules to allow external access to VMs
+      shell: |
+        if ! iptables -w -t nat -C PREROUTING -p tcp -d {{ ansible_default_ipv4.address }} --dport {{ item.host_port }} -j DNAT --to {{ item.vm_ip }}:{{ item.vm_port }};then
+          iptables -w -t nat -I PREROUTING -p tcp -d {{ ansible_default_ipv4.address }} --dport {{ item.host_port }} -j DNAT --to {{ item.vm_ip }}:{{ item.vm_port }}
+        fi
+      with_items: "{{ mnaio_host_iptables_prerouting_ports }}"
+      when: config_prerouting | default(false) | bool
+
     - name: Start netfilter persistent
       service:
         name: "{{ mnaio_host_iptables_service }}"