diff options
| author |   Alexandru Avadanii <Alexandru.Avadanii@enea.com> | 2018-03-08 00:49:03 +0100 |
|---|---|---|
| committer | Alexandru Avadanii <Alexandru.Avadanii@enea.com> | 2018-03-08 00:51:29 +0100 |
| commit | 21f34dab9380f98622c0075fa8f4b5868916a27f (patch) | |
| tree | e5661d50904d979d637a5f9f208db90eefae488c | |
| parent | cf6cd9cd0e00ab1c1165f826a261476b3155268d (diff) | |
Revert "[baremetal] Retire mas01 NAT"
Bring back public internet access to all cluster nodes via NAT
on mas01 node, required for NTP syncing.
NOTE: Both mcpcontrol and PXE/admin networks are currently
hard wired to using /24 netmask, so we leverage that in pxe_nat.sls.
JIRA: FUEL-348
This reverts commit 9a6e655e0b851ff6e449027c01ac1a66188b0064.
Change-Id: I7bab385f95f8c6d92cadc4e2149c2cd56e10c506
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
| -rwxr-xr-x | mcp/config/states/maas | 1 | ||||
| -rw-r--r-- | mcp/salt-formulas/maas/pxe_nat.sls | 37 |
2 files changed, 38 insertions, 0 deletions
diff --git a/mcp/config/states/maas b/mcp/config/states/maas index f6c9f833c..10cfd01bf 100755 --- a/mcp/config/states/maas +++ b/mcp/config/states/maas @@ -88,6 +88,7 @@ fi # MaaS rack/region controller, node commissioning salt -C 'mas01*' state.apply linux,salt,openssh,ntp +salt -C 'mas01*' state.apply maas.pxe_nat salt -C 'mas01*' state.apply maas.cluster wait_for 10 "salt -C 'mas01*' state.apply maas.region" diff --git a/mcp/salt-formulas/maas/pxe_nat.sls b/mcp/salt-formulas/maas/pxe_nat.sls new file mode 100644 index 000000000..701bae07a --- /dev/null +++ b/mcp/salt-formulas/maas/pxe_nat.sls @@ -0,0 +1,37 @@ +############################################################################## +# Copyright (c) 2017 Mirantis Inc., Enea AB and others. +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +net.ipv4.ip_forward: + sysctl.present: + - value: 1 + +iptables_pxe_nat: + iptables.append: + - table: nat + - chain: POSTROUTING + - jump: MASQUERADE + - destination: 0/0 + - source: {{ salt['pillar.get']('_param:single_address') }}/24 + - save: True + +iptables_pxe_source: + iptables.append: + - table: filter + - chain: INPUT + - jump: ACCEPT + - destination: 0/0 + - source: {{ salt['pillar.get']('_param:single_address') }}/24 + - save: True + +iptables_pxe_destination: + iptables.append: + - table: filter + - chain: INPUT + - jump: ACCEPT + - destination: {{ salt['pillar.get']('_param:single_address') }}/24 + - source: 0/0 + - save: True |