openstack/openstack-ansible-ops
Code Issues Proposed changes

Add the public ip to iptables rules

Browse Source 
Adding the ip to the filter to make the DNAT request rightly.

Change-Id: I5e229444bd873cad59f5d038b82294c1f6acd853
This commit is contained in:
Weezer Su
2017-04-26 08:59:45 -05:00
committed by weezer su
parent 5af3089f6a
commit eb5349bc78
1 changed files with 4 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
multi-node-aio/config-deploy-node.sh
View File

@@ -19,12 +19,13 @@ if [[ "${DEPLOY_OSA}" = true ]]; then
fi fi
if [[ "${CONFIG_PREROUTING}" = true ]]; then if [[ "${CONFIG_PREROUTING}" = true ]]; then
EXTERNAL_IP="$(ip route get 1 | awk '{print $NF;exit}')"
# Add 2222 rules to iptables for ssh directly into deployment node. # Add 2222 rules to iptables for ssh directly into deployment node.
iptables_filter_rule_add nat 'PREROUTING -p tcp --dport 2222 -j DNAT --to 10.0.0.150:22' iptables_filter_rule_add nat "PREROUTING -p tcp -d ${EXTERNAL_IP} --dport 2222 -j DNAT --to 10.0.0.150:22"
scp -o StrictHostKeyChecking=no deploy1:/opt/openstack-ansible/playbooks/vars/configs/haproxy_config.yml . scp -o StrictHostKeyChecking=no deploy1:/opt/openstack-ansible/playbooks/vars/configs/haproxy_config.yml .
PORTS="$(get_osad_ports) $OSA_PORTS" PORTS="$(get_osad_ports) $OSA_PORTS"
for port in $PORTS ; do for port in $PORTS ; do
iptables_filter_rule_add nat "PREROUTING -p tcp --dport ${port} -j DNAT --to 10.0.0.150:${port}" iptables_filter_rule_add nat "PREROUTING -p tcp -d ${EXTERNAL_IP} --dport ${port} -j DNAT --to 10.0.0.150:${port}"
done done
fi fi