# # Copyright (c) 2016, PLUMgrid Inc, http://plumgrid.com # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. notice('MODULAR: plumgrid/gateway.pp') # PLUMgrid settings $plumgrid_hash = hiera_hash('plumgrid', {}) $plumgrid_gw_devs = pick($plumgrid_hash['gateway_devs']) # PLUMgrid Zone settings $network_metadata = hiera_hash('network_metadata') $controller_nodes = get_nodes_hash_by_roles($network_metadata, ['primary-controller', 'controller']) $controller_address_map = get_node_to_ipaddr_map_by_network_role($controller_nodes, 'mgmt/vip') $controller_ipaddresses = join(hiera_array('controller_ipaddresses', values($controller_address_map)), ',') $mgmt_net = hiera('management_network_range') $fabric_dev = hiera('fabric_dev') $plumgrid_zone = pick($plumgrid_hash['plumgrid_zone']) class { 'plumgrid': plumgrid_ip => $controller_ipaddresses, mgmt_dev => 'br-mgmt', fabric_dev => $fabric_dev, gateway_devs => split($plumgrid_gw_devs, ','), lvm_keypath => "/var/lib/plumgrid/zones/$plumgrid_zone/id_rsa.pub", } class { plumgrid::firewall: source_net => $mgmt_net, dest_net => $mgmt_net, } package { 'iptables-persistent': ensure => present, name => 'iptables-persistent' } # Enable packet forwarding for IPv4 exec { 'sysctl -w net.ipv4.ip_forward=1': command => '/sbin/sysctl -w net.ipv4.ip_forward=1' } file { '/etc/sysctl.conf': ensure => present } file_line { 'Enable IP4 packet forwarding': path => '/etc/sysctl.conf', line => 'net.ipv4.ip_forward=1', match => '^#net.ipv4.ip_forward=1', require => File['/etc/sysctl.conf'] }