From 75ee85b1e45b09ac3093d3ace1112d5c3be18074 Mon Sep 17 00:00:00 2001 From: Alex Schultz Date: Tue, 27 Feb 2018 12:52:55 -0700 Subject: [PATCH] Add KernelIpForward configuration Expose the configuration of net.ipv4.ip_forward via the kernel service. Depends-On: I6ea6fb8ed300d284c961e7474ff84d104f326255 Change-Id: I557e4a41c4e5be3a2f50e5d5ddc86e17c1eb44e1 Related-Bug: #1750194 --- environments/undercloud.yaml | 2 ++ extraconfig/post_deploy/undercloud_post.sh | 6 ------ puppet/services/kernel.yaml | 7 +++++++ .../notes/configure-ip-forward-268c165708cbd203.yaml | 5 +++++ 4 files changed, 14 insertions(+), 6 deletions(-) create mode 100644 releasenotes/notes/configure-ip-forward-268c165708cbd203.yaml diff --git a/environments/undercloud.yaml b/environments/undercloud.yaml index 80a7df7bc1..fb8b1aa8ad 100644 --- a/environments/undercloud.yaml +++ b/environments/undercloud.yaml @@ -8,6 +8,8 @@ resource_registry: OS::TripleO::Network::Ports::ExternalVipPort: ../network/ports/external_from_pool.yaml parameter_defaults: + # ensure we enable ip_forward before docker gets run + KernelIpForward: 1 EnablePackageInstall: true StackAction: CREATE SoftwareConfigTransport: POLL_SERVER_HEAT diff --git a/extraconfig/post_deploy/undercloud_post.sh b/extraconfig/post_deploy/undercloud_post.sh index 8b575095e2..e77145931e 100755 --- a/extraconfig/post_deploy/undercloud_post.sh +++ b/extraconfig/post_deploy/undercloud_post.sh @@ -178,9 +178,3 @@ if [ "$(hiera mistral_api_enabled)" = "true" ]; then fi fi - -# IP forwarding is needed to allow the overcloud nodes access to the outside -# internet in cases where they are on an isolated network. -sysctl -w net.ipv4.ip_forward=1 -# Make it persistent -echo "net.ipv4.ip_forward=1" > /etc/sysctl.d/ip-forward.conf diff --git a/puppet/services/kernel.yaml b/puppet/services/kernel.yaml index e34ae75167..821106cd53 100644 --- a/puppet/services/kernel.yaml +++ b/puppet/services/kernel.yaml @@ -38,6 +38,10 @@ parameters: default: 0 description: Configures sysctl net.ipv6.{default/all}.disable_ipv6 keys type: number + KernelIpForward: + default: 1 + description: Configures net.ipv4.ip_forward key + type: number NeighbourGcThreshold1: default: 1024 description: Configures sysctl net.ipv4.neigh.default.gc_thresh1 value. @@ -117,6 +121,9 @@ outputs: value: {get_param: KernelDisableIPv6} net.ipv6.conf.all.disable_ipv6: value: {get_param: KernelDisableIPv6} + # enable/disable ip forward for undercloud/docker + net.ipv4.ip_forward: + value: {get_param: KernelIpForward} # prevent neutron bridges from autoconfiguring ipv6 addresses net.ipv6.conf.all.accept_ra: value: 0 diff --git a/releasenotes/notes/configure-ip-forward-268c165708cbd203.yaml b/releasenotes/notes/configure-ip-forward-268c165708cbd203.yaml new file mode 100644 index 0000000000..938cb3f0ea --- /dev/null +++ b/releasenotes/notes/configure-ip-forward-268c165708cbd203.yaml @@ -0,0 +1,5 @@ +--- +features: + - | + Add KernelIpForward configuration to enable/disable the net.ipv4.ip_forward + configuration.