add step to execute gw_mac_update.sh after apex deployed

Change-Id: I47c316e26ff8e597c781562645397335e8c5bd70 Signed-off-by: bob zhou <bob.zh@huawei.com> Signed-off-by: Tim Rozet <trozet@redhat.com>
author: bob <bob.zh@huawei.com> 2016-01-14 17:42:49 +0800
committer: Tim Rozet <trozet@redhat.com> 2016-01-16 13:54:33 +0000
commit: 2a937932642f3e8288d338c6fa4a2b6a7a5defc2 (patch)
tree: 282315deee2f3c6e4281c95cdbf7375fa7b46873 /lib/common-functions.sh
parent: 8ef0ef042523f16c169dbd63a3a5f24d10f836f3 (diff)
1 files changed, 20 insertions, 0 deletions
diff --git a/lib/common-functions.sh b/lib/common-functions.sh
index edf06cff..1e55aa18 100644
--- a/lib/common-functions.sh
+++ b/lib/common-functions.sh
@@ -504,3 +504,23 @@ PEERDNS=no" > ${net_path}/ifcfg-${line}
 
   sudo systemctl restart network
 }
+
+# Update iptables rule for external network reach internet
+# for virtual deployments
+# params: external_cidr
+function configure_undercloud_nat {
+  local external_cidr
+  if [[ -z "$1" ]]; then
+    return 1
+  else
+    external_cidr=$1
+  fi
+
+  ssh -T ${SSH_OPTIONS[@]} "root@$UNDERCLOUD" <<EOI
+iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
+iptables -t nat -A POSTROUTING -s ${external_cidr} -o eth0 -j MASQUERADE
+iptables -A FORWARD -i eth2 -j ACCEPT
+iptables -A FORWARD -s ${external_cidr} -m state --state ESTABLISHED,RELATED -j ACCEPT
+service iptables save
+EOI
+}
author	bob <bob.zh@huawei.com>	2016-01-14 17:42:49 +0800
committer	Tim Rozet <trozet@redhat.com>	2016-01-16 13:54:33 +0000
commit	2a937932642f3e8288d338c6fa4a2b6a7a5defc2 (patch)
tree	282315deee2f3c6e4281c95cdbf7375fa7b46873 /lib/common-functions.sh
parent	8ef0ef042523f16c169dbd63a3a5f24d10f836f3 (diff)