Authorize the multi-node-bridge network in iptables if there's one
This allows packets to flow freely between things that bind IPs on the network bridge. Change-Id: Iaacdca31b27b7033ec08499bcea7061b9d3ec279
This commit is contained in:
parent
180fa799be
commit
efd90dd2f9
@ -48,6 +48,13 @@ inventory in order to work:
|
||||
|
||||
Whether or not to configure an IP address on the bridge interface.
|
||||
|
||||
.. zuul:rolevar:: bridge_authorize_internal_traffic
|
||||
:default: false
|
||||
|
||||
When ``bridge_configure_address`` is ``true``, whether or not to set up
|
||||
firewall rules in order to allow traffic to flow freely within the bridge
|
||||
subnet (``bridge_address_prefix``.0/``bridge_address_subnet``).
|
||||
|
||||
.. zuul:rolevar:: bridge_address_prefix
|
||||
:default: 172.24.4
|
||||
|
||||
|
@ -2,6 +2,7 @@ bridge_vni_offset: 1000000
|
||||
bridge_mtu: 1450
|
||||
bridge_name: br-infra
|
||||
|
||||
bridge_authorize_internal_traffic: false
|
||||
bridge_configure_address: true
|
||||
bridge_address_prefix: 172.24.4
|
||||
bridge_address_offset: 1
|
||||
|
@ -38,3 +38,17 @@
|
||||
name: "rdo-release"
|
||||
state: absent
|
||||
when: rdo_repos | changed
|
||||
|
||||
- name: Authorize the multi-node-bridge network
|
||||
become: yes
|
||||
iptables:
|
||||
state: present
|
||||
action: insert
|
||||
chain: INPUT
|
||||
ip_version: ipv4
|
||||
source: "{{ bridge_address_prefix }}.0/{{ bridge_address_subnet }}"
|
||||
destination: "{{ bridge_address_prefix }}.0/{{ bridge_address_subnet }}"
|
||||
jump: ACCEPT
|
||||
when:
|
||||
- bridge_configure_address | bool
|
||||
- bridge_authorize_internal_traffic | bool
|
||||
|
Loading…
Reference in New Issue
Block a user