aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAlexandru Avadanii <Alexandru.Avadanii@enea.com>2018-01-02 05:36:07 +0100
committerAlexandru Avadanii <Alexandru.Avadanii@enea.com>2018-01-03 01:16:02 +0100
commit9a6e655e0b851ff6e449027c01ac1a66188b0064 (patch)
tree96c24dd1bd1894411267651ded0c561046d41ad2
parent68859c38817fcf5993054796e75d8231f98ed3bb (diff)
[baremetal] Retire mas01 NAT
Isolate networks by retiring NAT on mas01; also cutting direct internet access from cluster nodes that are not facing the public network (prx, cmp). NOTE: Since we are removing mas01 NAT, VCP VMs (except prx which have public IPs) and kvm nodes (cmp also have public IPs) will no longer have direct internet connectivity. Cluster deployment and operations will work without it, but if it is required for different reasons, the MaaS proxy could be enabled by uncommenting the /etc/enviroment section in: - cluster.baremetal-mcp-pike-common-ha.include.proxy.yml JIRA: FUEL-317 Change-Id: I5ed8b420296b27df34a54ec1ebd7b7cf58041425 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
-rwxr-xr-xmcp/config/states/maas1
-rw-r--r--mcp/salt-formulas/maas/pxe_nat.sls37
2 files changed, 0 insertions, 38 deletions
diff --git a/mcp/config/states/maas b/mcp/config/states/maas
index 2062cbabb..02afd2c6a 100755
--- a/mcp/config/states/maas
+++ b/mcp/config/states/maas
@@ -68,7 +68,6 @@ fi
# MaaS rack/region controller, node commissioning
salt -C 'mas01*' state.apply linux,salt,openssh,ntp
-salt -C 'mas01*' state.apply maas.pxe_nat
salt -C 'mas01*' state.apply maas.cluster
wait_for 10 "salt -C 'mas01*' state.apply maas.region"
diff --git a/mcp/salt-formulas/maas/pxe_nat.sls b/mcp/salt-formulas/maas/pxe_nat.sls
deleted file mode 100644
index 701bae07a..000000000
--- a/mcp/salt-formulas/maas/pxe_nat.sls
+++ /dev/null
@@ -1,37 +0,0 @@
-##############################################################################
-# Copyright (c) 2017 Mirantis Inc., Enea AB and others.
-# All rights reserved. This program and the accompanying materials
-# are made available under the terms of the Apache License, Version 2.0
-# which accompanies this distribution, and is available at
-# http://www.apache.org/licenses/LICENSE-2.0
-##############################################################################
-net.ipv4.ip_forward:
- sysctl.present:
- - value: 1
-
-iptables_pxe_nat:
- iptables.append:
- - table: nat
- - chain: POSTROUTING
- - jump: MASQUERADE
- - destination: 0/0
- - source: {{ salt['pillar.get']('_param:single_address') }}/24
- - save: True
-
-iptables_pxe_source:
- iptables.append:
- - table: filter
- - chain: INPUT
- - jump: ACCEPT
- - destination: 0/0
- - source: {{ salt['pillar.get']('_param:single_address') }}/24
- - save: True
-
-iptables_pxe_destination:
- iptables.append:
- - table: filter
- - chain: INPUT
- - jump: ACCEPT
- - destination: {{ salt['pillar.get']('_param:single_address') }}/24
- - source: 0/0
- - save: True