Move the metadata NAT rule to nova-baremetal.
It was part of the openvswitch agent rules, which is entirely inappropriate for overclouds. Change-Id: I43faa086f5625434f9abdea68a3bb88413688d4c
This commit is contained in:
parent
23d943cb57
commit
30801a252b
@ -97,5 +97,3 @@ if [ -n "$PHYSICAL_INTERFACE" ] ; then
|
||||
ip addr del $IP dev $PHYSICAL_INTERFACE
|
||||
done
|
||||
fi
|
||||
|
||||
iptables -t nat -C PREROUTING -d 169.254.169.254/32 -i $EXTERNAL_BRIDGE -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8775 || iptables -t nat -I PREROUTING -d 169.254.169.254/32 -i $EXTERNAL_BRIDGE -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8775
|
||||
|
@ -1,3 +1,4 @@
|
||||
#!/bin/bash
|
||||
set -eux
|
||||
|
||||
init-neutron-ovs
|
||||
|
@ -9,3 +9,15 @@ br-ctlplane bridge interface, ensuring that only bootps requests from nodes
|
||||
registered with nova baremetal are received by services running in the image.
|
||||
This prevents the seed node from trying to PXE boot overcloud nodes (rather
|
||||
than the undercloud node doing so).
|
||||
|
||||
An iptables rule to capture incoming EC2 metadata API requests and redirect
|
||||
them to the nova API is automatically added to the neutron.ovs.physical\_bridge
|
||||
interface. See the neutron-openvswitch-agent for the full set of ovs parameters.
|
||||
For example:
|
||||
|
||||
neutron:
|
||||
ovs:
|
||||
physical_bridge: br-ctlplane
|
||||
|
||||
In the future we may create a dedicated parameter to permit nova-baremetal to
|
||||
run separately from the neutron agents in the undercloud.
|
||||
|
6
elements/nova-baremetal/os-refresh-config/configure.d/81-nat-metadata
Executable file
6
elements/nova-baremetal/os-refresh-config/configure.d/81-nat-metadata
Executable file
@ -0,0 +1,6 @@
|
||||
#!/bin/bash
|
||||
set -eux
|
||||
|
||||
EXTERNAL_BRIDGE=$(os-config-applier --key neutron.ovs.physical_bridge --type raw --key-default '')
|
||||
|
||||
iptables -t nat -C PREROUTING -d 169.254.169.254/32 -i $EXTERNAL_BRIDGE -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8775 || iptables -t nat -I PREROUTING -d 169.254.169.254/32 -i $EXTERNAL_BRIDGE -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8775
|
Loading…
Reference in New Issue
Block a user