d9a4ea36e1
The networking setup was inappropriate for non-seed clouds - it depended on two network interfaces, forced NAT that we don't need and could not be turned off. Additionally there wasn't much clarity between idempotent machine config and non-idempotent service config. Key changes in this patch: * No longer write persistent device files, instead update idempotently. * NAT rules are now setup idempotently on each o-r-c run. * New definitions for the meaning of various config keys to suit working with different cloud layers. Change-Id: Ie86be0fc884b4c4f655d73da345bdee45fcde473
23 lines
963 B
Plaintext
23 lines
963 B
Plaintext
# In case this script crashed or was interrupted earlier, flush, unlink and
|
|
# delete the temp chain.
|
|
iptables -t nat -F BOOTSTACK_MASQ_NEW || true
|
|
iptables -t nat -D POSTROUTING -j BOOTSTACK_MASQ_NEW || true
|
|
iptables -t nat -X BOOTSTACK_MASQ_NEW || true
|
|
iptables -t nat -N BOOTSTACK_MASQ_NEW
|
|
# Build the chain we want.
|
|
{{#bootstack.masquerade_networks}}
|
|
NETWORK={{.}}
|
|
# Workaround iptables not permitting two -d parameters in one call.
|
|
iptables -t nat -A BOOTSTACK_MASQ_NEW -s $NETWORK -d 192.168.122.1 -j RETURN
|
|
iptables -t nat -A BOOTSTACK_MASQ_NEW -s $NETWORK ! -d $NETWORK -j MASQUERADE
|
|
{{/bootstack.masquerade_networks}}
|
|
# Link it in.
|
|
iptables -t nat -I POSTROUTING -j BOOTSTACK_MASQ_NEW
|
|
# Delete the old chain if present.
|
|
iptables -t nat -F BOOTSTACK_MASQ || true
|
|
iptables -t nat -D POSTROUTING -j BOOTSTACK_MASQ || true
|
|
iptables -t nat -X BOOTSTACK_MASQ || true
|
|
# Rename the new chain into permanence.
|
|
iptables -t nat -E BOOTSTACK_MASQ_NEW BOOTSTACK_MASQ
|
|
|