openstack/kayobe
Code Issues Proposed changes

Enable IP routing and SNAT in seed for use during provisioning

Browse Source 
Without this there may not be a gateway configured after the control plane nodes
are provisioned, meaning they cannot access the outside world.
This commit is contained in:
Mark Goddard 2017-03-30 11:04:27 +01:00
parent df20c90e2e
commit b2a60340c2
6 changed files with 48 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
ansible/ip-routing.yml Normal file
View File

@ -0,0 +1,7 @@
---
# Enable IP routing in the kernel.
- name: Ensure IP routing is enabled
hosts: seed:controllers
roles:
- role: ip-routing

7
ansible/kolla-bifrost-hostvars.yml
View File

@ -31,7 +31,10 @@
ipv4_interface_mac: "{% raw %}{{ extra.pxe_interface_mac | default }}{% endraw %}" ipv4_interface_mac: "{% raw %}{{ extra.pxe_interface_mac | default }}{% endraw %}"
ipv4_address: "{{ provision_oc_net_name | net_ip }}" ipv4_address: "{{ provision_oc_net_name | net_ip }}"
ipv4_subnet_mask: "{{ provision_oc_net_name | net_cidr | ipaddr('netmask') }}" ipv4_subnet_mask: "{{ provision_oc_net_name | net_cidr | ipaddr('netmask') }}"
ipv4_gateway: "{{ provision_oc_net_name | net_gateway }}" # If the provisioning network does not have a gateway defined, use the
# seed as a gateway to allow external access until other networks have
# been configured.
ipv4_gateway: "{{ provision_oc_net_name | net_gateway or provision_oc_net_name | net_ip(seed_host) }}"
ipv4_nameserver: "{{ resolv_nameservers[0] }}" ipv4_nameserver: "{{ resolv_nameservers[0] }}"
tasks: tasks:
- name: Ensure the Bifrost host variable files exist - name: Ensure the Bifrost host variable files exist
@ -44,5 +47,5 @@
dest: "/etc/kolla/bifrost/inventory/host_vars/{{ inventory_hostname }}" dest: "/etc/kolla/bifrost/inventory/host_vars/{{ inventory_hostname }}"
delegate_to: "{{ item }}" delegate_to: "{{ item }}"
with_items: with_items:
- "{{ hostvars[groups['seed'][0]].ansible_host }}" - "{{ hostvars[seed_host].ansible_host }}"
become: True become: True

11
ansible/roles/ip-routing/tasks/main.yml Normal file
View File

@ -0,0 +1,11 @@
---
- name: Ensure IP routing sysctls are set
sysctl:
name: "{{ item.name }}"
value: "{{ item.value }}"
sysctl_set: "yes"
with_items:
- { name: "net.ipv4.ip_forward", value: 1}
- { name: "net.ipv4.conf.all.rp_filter", value: 0}
- { name: "net.ipv4.conf.default.rp_filter", value: 0}
become: True

12
ansible/roles/snat/tasks/main.yml Normal file
View File

@ -0,0 +1,12 @@
---
# iptables -t nat -A POSTROUTING -o {{ interface }} -j SNAT --to-source {{ source_ip }}
- name: Ensure SNAT iptables rules exist
iptables:
action: append
table: nat
chain: POSTROUTING
out_interface: "{{ item.interface }}"
jump: SNAT
to_source: "{{ item.source_ip }}"
with_items: "{{ snat_rules }}"
become: True

11
ansible/snat.yml Normal file
View File

@ -0,0 +1,11 @@
---
# Enable SNAT using iptables.
- name: Ensure SNAT is configured
hosts: seed:controllers
vars:
snat_rules:
- interface: "{{ ansible_default_ipv4.interface }}"
source_ip: "{{ ansible_default_ipv4.address }}"
roles:
- role: snat

3
kayobe/cli/commands.py
View File

@ -178,7 +178,8 @@ class SeedHostConfigure(KollaAnsibleMixin, KayobeAnsibleMixin, Command):
if parsed_args.wipe_disks: if parsed_args.wipe_disks:
playbooks += _build_playbook_list("wipe-disks") playbooks += _build_playbook_list("wipe-disks")
playbooks += _build_playbook_list( playbooks += _build_playbook_list(
"dev-tools", "disable-selinux", "network", "ntp", "lvm") "dev-tools", "disable-selinux", "network", "ip-routing", "snat",
"ntp", "lvm")
ansible.run_playbooks(parsed_args, playbooks, limit="seed") ansible.run_playbooks(parsed_args, playbooks, limit="seed")
kolla_ansible.run_seed(parsed_args, "bootstrap-servers", kolla_ansible.run_seed(parsed_args, "bootstrap-servers",
extra_vars={"ansible_user": ansible_user}) extra_vars={"ansible_user": ansible_user})