openstack/tripleo-heat-templates
Code Issues Proposed changes
Files
04b898d0c1c6871d7e1b9ac159182b469b74634e
tripleo-heat-templates/puppet/services/masquerade-networks.yaml
Emilien Macchi 04b898d0c1 Implement MasqueradeNetworks services 
To port what has been done in instack-undercloud, we need a new service
to manage IPtables rules when we need to redirect network through the
undercloud via masquerading.
It was done in instack-undercloud via bash, it'll now be done in THT via
a service, disabled by default and that will be activated in CI when
deploying with a containerized undercloud.

Co-Authored-By: Thomas Herve <therve@redhat.com>
Depends-On: Ic9a2626e73d132c3be7ff14a1f4cdba0c16c5b53
Change-Id: I93ff9a3bebcec1bc7ee188f9ec00feafca2c5117
2018-03-27 17:22:02 +02:00

69 lines
2.1 KiB
YAML
Raw Blame History

heat_template_version: queens
description: >
Configure TripleO Masquerade networks with Puppet.
parameters:
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
MasqueradeNetworks:
default: {'192.168.24.0/24': ['192.168.24.0/24', '192.168.25.0/24']}
description: Hash of masquerade networks to manage.
type: json
outputs:
role_data:
description: Role data for the TripleO Masquerade Networks service.
value:
service_name: masquerade_networks
config_settings:
tripleo.masquerade_networks.firewall_rules:
repeat:
for_each:
NETWORK: {get_param: MasqueradeNetworks}
INDEX:
yaql:
expression: range(len($.data)).select(str($))
data: {get_param: MasqueradeNetworks}
DESTINATIONS:
yaql:
expression: $.data.values().select(' - ' + $.join('\n - '))
data: {get_param: MasqueradeNetworks}
template: >
'137 routed_network return_INDEX':
table: 'nat'
source: 'NETWORK'
destination:
DESTINATIONS
jump: 'RETURN'
'138 routed_network masquerade_INDEX':
table: 'nat'
source: 'NETWORK'
jump: 'MASQUERADE'
step_config: ''
upgrade_tasks: []
View Git Blame Copy Permalink