Add KernelIpForward configuration

Expose the configuration of net.ipv4.ip_forward via the kernel service. Depends-On: I6ea6fb8ed300d284c961e7474ff84d104f326255 Change-Id: I557e4a41c4e5be3a2f50e5d5ddc86e17c1eb44e1 Related-Bug: #1750194
2018-02-27 12:52:55 -07:00 · 2018-02-27 12:52:55 -07:00 · 75ee85b1e4
commit 75ee85b1e4
parent 3004c31d72
4 changed files with 14 additions and 6 deletions
--- a/environments/undercloud.yaml
+++ b/environments/undercloud.yaml
@ -8,6 +8,8 @@ resource_registry:
  OS::TripleO::Network::Ports::ExternalVipPort: ../network/ports/external_from_pool.yaml

 parameter_defaults:
+  # ensure we enable ip_forward before docker gets run
+  KernelIpForward: 1
  EnablePackageInstall: true
  StackAction: CREATE
  SoftwareConfigTransport: POLL_SERVER_HEAT
--- a/extraconfig/post_deploy/undercloud_post.sh
+++ b/extraconfig/post_deploy/undercloud_post.sh
@ -178,9 +178,3 @@ if [ "$(hiera mistral_api_enabled)" = "true" ]; then
   fi

 fi
-
-# IP forwarding is needed to allow the overcloud nodes access to the outside
-# internet in cases where they are on an isolated network.
-sysctl -w net.ipv4.ip_forward=1
-# Make it persistent
-echo "net.ipv4.ip_forward=1" > /etc/sysctl.d/ip-forward.conf
--- a/puppet/services/kernel.yaml
+++ b/puppet/services/kernel.yaml
@ -38,6 +38,10 @@ parameters:
    default: 0
    description: Configures sysctl net.ipv6.{default/all}.disable_ipv6 keys
    type: number
+  KernelIpForward:
+    default: 1
+    description: Configures net.ipv4.ip_forward key
+    type: number
  NeighbourGcThreshold1:
    default: 1024
    description: Configures sysctl net.ipv4.neigh.default.gc_thresh1 value.
@ -117,6 +121,9 @@ outputs:
                value: {get_param: KernelDisableIPv6}
              net.ipv6.conf.all.disable_ipv6:
                value: {get_param: KernelDisableIPv6}
+              # enable/disable ip forward for undercloud/docker
+              net.ipv4.ip_forward:
+                value: {get_param: KernelIpForward}
              # prevent neutron bridges from autoconfiguring ipv6 addresses
              net.ipv6.conf.all.accept_ra:
                value: 0
--- a/releasenotes/notes/configure-ip-forward-268c165708cbd203.yaml
+++ b/releasenotes/notes/configure-ip-forward-268c165708cbd203.yaml
@ -0,0 +1,5 @@
+---
+features:
+  - |
+    Add KernelIpForward configuration to enable/disable the net.ipv4.ip_forward
+    configuration.