Copy Foreman deploy logic from bgs_vagrant repo

This code was developed in a scratch space GitHub
repo, mostly by Tim. As part of the clean-up process
for Arno, it should be migrated to Genesis and all
future work should be done via Genesis.

This is trozet/bgs_vagrant as of f27548.

I didn't copy the clean.sh, deploy.sh and build.sh scripts
from bgs_vagrant in this commit. They differ from those
in Genesis and need more attention for a proper migration.

See: https://github.com/trozet/bgs_vagrant

JIRA: BGS-53

Change-Id: I512e0ea0d02f8d99048db771221abc88aa60e2d5
Signed-off-by: Daniel Farrell <dfarrell@redhat.com>

1 files changed, 43 insertions, 0 deletions

diff --git a/foreman/ci/nat_setup.sh b/foreman/ci/nat_setup.sh
new file mode 100755
index 0000000..398a826
--- /dev/null
+++ b/foreman/ci/nat_setup.sh
@@ -0,0 +1,43 @@
+#!/usr/bin/env bash
+
+#NAT setup script to setup NAT from Admin -> Public interface
+#on a Vagrant VM
+#Called by Vagrantfile in conjunction with deploy.sh
+#author: Tim Rozet (trozet@redhat.com)
+#
+#Uses Vagrant and VirtualBox
+#VagrantFile uses nat_setup.sh which sets up NAT
+#
+
+##make sure firewalld is stopped and disabled
+if ! systemctl stop firewalld; then
+  printf '%s\n' 'nat_setup.sh: Unable to stop firewalld' >&2
+  exit 1
+fi
+
+systemctl disable firewalld
+
+##install iptables
+if ! yum -y install iptables-services; then
+  printf '%s\n' 'nat_setup.sh: Unable to install iptables-services' >&2
+  exit 1
+fi
+
+##start and enable iptables service
+if ! systemctl start iptables; then
+  printf '%s\n' 'nat_setup.sh: Unable to start iptables-services' >&2
+  exit 1
+fi
+
+systemctl enable iptables
+
+##enable IP forwarding
+echo 1 > /proc/sys/net/ipv4/ip_forward
+
+##Configure iptables
+/sbin/iptables -t nat -I POSTROUTING -o enp0s10 -j MASQUERADE
+/sbin/iptables -I FORWARD 1 -i enp0s10 -o enp0s8 -m state --state RELATED,ESTABLISHED -j ACCEPT
+/sbin/iptables -I FORWARD 1 -i enp0s8 -o enp0s10 -j ACCEPT
+/sbin/iptables -I INPUT 1 -j ACCEPT
+/sbin/iptables -I OUTPUT 1 -j ACCEPT
+