openstack/openstack-ansible
Code Issues Proposed changes

Merge "Add iptables rule to neutron agents containers"

Browse Source
This commit is contained in:
Jenkins 2015-08-15 08:29:55 +00:00 committed by Gerrit Code Review
commit 2c4ea74f95
2 changed files with 18 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
scripts/bootstrap-aio.sh
View File

@ -20,6 +20,7 @@ set -e -u -x
## Vars ---------------------------------------------------------------------- ## Vars ----------------------------------------------------------------------
DEFAULT_PASSWORD=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | head -c 32) DEFAULT_PASSWORD=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | head -c 32)
export BOOTSTRAP_AIO="yes"
export ADMIN_PASSWORD=${ADMIN_PASSWORD:-$DEFAULT_PASSWORD} export ADMIN_PASSWORD=${ADMIN_PASSWORD:-$DEFAULT_PASSWORD}
export SERVICE_REGION=${SERVICE_REGION:-"RegionOne"} export SERVICE_REGION=${SERVICE_REGION:-"RegionOne"}
export DEPLOY_SWIFT=${DEPLOY_SWIFT:-"yes"} export DEPLOY_SWIFT=${DEPLOY_SWIFT:-"yes"}

17
scripts/run-playbooks.sh
View File

@ -27,6 +27,7 @@ DEPLOY_SWIFT=${DEPLOY_SWIFT:-"yes"}
DEPLOY_CEILOMETER=${DEPLOY_CEILOMETER:-"yes"} DEPLOY_CEILOMETER=${DEPLOY_CEILOMETER:-"yes"}
DEPLOY_TEMPEST=${DEPLOY_TEMPEST:-"no"} DEPLOY_TEMPEST=${DEPLOY_TEMPEST:-"no"}
COMMAND_LOGS=${COMMAND_LOGS:-"/openstack/log/ansible_cmd_logs/"} COMMAND_LOGS=${COMMAND_LOGS:-"/openstack/log/ansible_cmd_logs/"}
ADD_NEUTRON_AGENT_CHECKSUM_RULE=${BOOTSTRAP_AIO:-"no"}
## Functions ----------------------------------------------------------------- ## Functions -----------------------------------------------------------------
@ -109,6 +110,22 @@ pushd "playbooks"
--forks ${FORKS} \ --forks ${FORKS} \
-t "${COMMAND_LOGS}/force_apt_update" \ -t "${COMMAND_LOGS}/force_apt_update" \
&> ${COMMAND_LOGS}/force_apt_update.log &> ${COMMAND_LOGS}/force_apt_update.log
# When running in an AIO, we need to drop the following iptables rule in any neutron_agent containers
# to that ensure instances can communicate with the neutron metadata service.
# This is necessary because in an AIO environment there are no physical interfaces involved in
# instance -> metadata requests, and this results in the checksums being incorrect.
if [ "${ADD_NEUTRON_AGENT_CHECKSUM_RULE}" == "yes" ]; then
mkdir -p "${COMMAND_LOGS}/add_neutron_agent_checksum_rule"
ansible neutron_agent -m command \
-a '/sbin/iptables -t mangle -A POSTROUTING -p tcp --sport 80 -j CHECKSUM --checksum-fill' \
-t "${COMMAND_LOGS}/add_neutron_agent_checksum_rule" \
&> ${COMMAND_LOGS}/add_neutron_agent_checksum_rule.log
ansible neutron_agent -m shell \
-a 'DEBIAN_FRONTEND=noninteractive apt-get install iptables-persistent' \
-t "${COMMAND_LOGS}/add_neutron_agent_checksum_rule" \
&> ${COMMAND_LOGS}/add_neutron_agent_checksum_rule.log
fi
fi fi
if [ "${DEPLOY_LB}" == "yes" ]; then if [ "${DEPLOY_LB}" == "yes" ]; then