openstack
/
tripleo-quickstart-extras
Code Issues Proposed changes

undercloud: workaround for masquerading network in CI/OVB 

Full context: https://bugs.launchpad.net/tripleo/+bug/1756183

This code aims to:
- configure basic masquerade network iptables rules
- be temporary until routed networks is properly ported in
  tripleoclient.
- be technical debt and will be cleanup as soon as possible.

Co-authored-by: Bogdan Dobrelya <bdobreli@redhat.com>
Change-Id: Ic8c9c6d3f30d9a37a0b3e0904c1bc7a6b35b32a3
Related-Bug: #1756183
This commit is contained in:
Emilien Macchi 2018-03-15 22:43:21 +01:00
parent 910de183de
commit e47d68eb11
1 changed files with 19 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
roles/overcloud-prep-network/templates/overcloud-prep-network.sh.j2
View File

@ -28,14 +28,31 @@ fi
## Setup Networking
## ----------------
## * Enable Masquerading for undercloud network.
## This is technical debt, please look for full context:
## https://bugs.launchpad.net/tripleo/+bug/1756183
## ::
sudo iptables -w -t nat -D POSTROUTING -j BOOTSTACK_MASQ_OVB || true
sudo iptables -w -t nat -X BOOTSTACK_MASQ_OVB || true
sudo iptables -w -t nat -N BOOTSTACK_MASQ_OVB
sudo iptables -w -t nat -A BOOTSTACK_MASQ_OVB -s {{ undercloud_network_cidr }} -d {{ undercloud_network_cidr }} -j RETURN
sudo iptables -w -t nat -A BOOTSTACK_MASQ_OVB -s {{ undercloud_network_cidr }} -j MASQUERADE
sudo iptables -w -t nat -I POSTROUTING -j BOOTSTACK_MASQ_OVB
sudo iptables -w -t nat -F BOOTSTACK_MASQ || true
sudo iptables -w -t nat -D POSTROUTING -j BOOTSTACK_MASQ || true
sudo iptables -w -t nat -X BOOTSTACK_MASQ || true
sudo iptables -w -t nat -E BOOTSTACK_MASQ_OVB BOOTSTACK_MASQ
## * Enable NAT for "external" network.
## ::
RULE="-s {{undercloud_external_network_cidr}} ! -d {{undercloud_external_network_cidr}} -j MASQUERADE"
RULE="-s {{undercloud_external_network_cidr}} ! -d {{undercloud_external_network_cidr}} -j MASQUERADE"
if ! sudo iptables -t nat -C BOOTSTACK_MASQ $RULE; then
sudo iptables -t nat -A BOOTSTACK_MASQ $RULE
sudo sh -c 'iptables-save > /etc/sysconfig/iptables'
fi
sudo sh -c 'iptables-save > /etc/sysconfig/iptables'
{% endif %}
{% if network_isolation|bool and network_isolation_type in ['single-nic-vlans', 'single_nic_vlans', 'bond-with-vlans', 'bond_with_vlans'] %}