28684e6c6e
The multi-node-aio update that moved the provisioning from bash to ansible dropped a few features that we use for gating purposes. This commit re-adds the following: 1. The ability to drop iptables rules to do port redirection from the host to private IPs. This is controlled by CONFIG_PREROUTING and the ansible variable mnaio_host_iptables_prerouting_ports. 2. /etc/hosts on the physical node is now updated w/ the hostname and IP of each VM so we can access VMs by name. NOTE: With #1, we redirect to the VM's DHCP address, and not it's management address. The latter seemed to the desired address but didn't work, which is why we've resorted to DHCP. If using this address is incorrect please note so we can investigate further. Change-Id: Ib194c314280f2474a2e4dac6d0feba44b1ee696f
68 lines
1.9 KiB
YAML
68 lines
1.9 KiB
YAML
---
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
mnaio_host_iptables_rules:
|
|
- table: filter
|
|
chain: INPUT
|
|
protocol: tcp
|
|
match: tcp
|
|
destination_port: 67
|
|
jump: ACCEPT
|
|
- table: filter
|
|
chain: INPUT
|
|
protocol: udp
|
|
match: udp
|
|
destination_port: 67
|
|
jump: ACCEPT
|
|
- table: filter
|
|
chain: INPUT
|
|
protocol: udp
|
|
match: udp
|
|
destination_port: 53
|
|
jump: ACCEPT
|
|
- table: filter
|
|
chain: INPUT
|
|
protocol: udp
|
|
match: udp
|
|
destination_port: 53
|
|
jump: ACCEPT
|
|
- table: filter
|
|
chain: FORWARD
|
|
in_interface: vm-br-dhcp
|
|
jump: ACCEPT
|
|
- table: filter
|
|
chain: FORWARD
|
|
out_interface: vm-br-dhcp
|
|
jump: ACCEPT
|
|
- table: nat
|
|
chain: POSTROUTING
|
|
out_interface: "{{ masquerade_interface | default(default_interface) }}"
|
|
jump: MASQUERADE
|
|
|
|
mnaio_host_iptables_prerouting_ports:
|
|
- host_port: 80
|
|
vm_port: 80
|
|
vm_ip: "{{ hostvars[groups['loadbalancer_hosts'][0]]['server_vm_fixed_addr'] }}"
|
|
- host_port: 443
|
|
vm_port: 443
|
|
vm_ip: "{{ hostvars[groups['loadbalancer_hosts'][0]]['server_vm_fixed_addr'] }}"
|
|
- host_port: 2222
|
|
vm_port: 22
|
|
vm_ip: "{{ hostvars[groups['deploy_hosts'][0]]['server_vm_fixed_addr'] }}"
|
|
- host_port: 6080
|
|
vm_port: 6080
|
|
vm_ip: "{{ hostvars[groups['loadbalancer_hosts'][0]]['server_vm_fixed_addr'] }}"
|
|
- host_port: 6082
|
|
vm_port: 6082
|
|
vm_ip: "{{ hostvars[groups['loadbalancer_hosts'][0]]['server_vm_fixed_addr'] }}"
|