Merge "Fix bootstrap NAT" into stable/newton
This commit is contained in:
commit
2046b2eab1
|
@ -19,6 +19,17 @@ class { '::tripleo::network::os_net_config':
|
||||||
stage => 'setup',
|
stage => 'setup',
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# enable ip forwarding for the overcloud nodes to access the outside internet
|
||||||
|
# in cases where they are on an isolated network
|
||||||
|
ensure_resource('sysctl::value', 'net.ipv4.ip_forward', { 'value' => 1 })
|
||||||
|
# NOTE(aschultz): clear up old file as this used to be managed via DIB
|
||||||
|
file { '/etc/sysctl.d/ip-forward.conf':
|
||||||
|
ensure => absent
|
||||||
|
}
|
||||||
|
# NOTE(aschultz): LP#1750194 - docker will switch FORWARD to DROP if ip_forward
|
||||||
|
# is not enabled first.
|
||||||
|
Sysctl::Value['net.ipv4.ip_forward'] -> Package<| title == 'docker' |>
|
||||||
|
|
||||||
# Run OpenStack db-sync at every puppet run, in any case.
|
# Run OpenStack db-sync at every puppet run, in any case.
|
||||||
Exec<| title == 'neutron-db-sync' |> { refreshonly => false }
|
Exec<| title == 'neutron-db-sync' |> { refreshonly => false }
|
||||||
Exec<| title == 'keystone-manage db_sync' |> { refreshonly => false }
|
Exec<| title == 'keystone-manage db_sync' |> { refreshonly => false }
|
||||||
|
|
|
@ -735,9 +735,16 @@ tripleo::firewall::firewall_rules:
|
||||||
dport: 8787
|
dport: 8787
|
||||||
'139 apache vhost':
|
'139 apache vhost':
|
||||||
dport: "%{hiera('ironic_ipxe_port')}"
|
dport: "%{hiera('ironic_ipxe_port')}"
|
||||||
'140 network cidr nat':
|
'140 destination network cidr nat':
|
||||||
chain: FORWARD
|
chain: FORWARD
|
||||||
destination: {{NETWORK_CIDR}}
|
destination: {{NETWORK_CIDR}}
|
||||||
|
proto: all
|
||||||
|
action: accept
|
||||||
|
'140 source network cidr nat':
|
||||||
|
chain: FORWARD
|
||||||
|
source: {{NETWORK_CIDR}}
|
||||||
|
proto: all
|
||||||
|
action: accept
|
||||||
# TODO: Do we still want this?
|
# TODO: Do we still want this?
|
||||||
'141 libvirt network nat':
|
'141 libvirt network nat':
|
||||||
chain: FORWARD
|
chain: FORWARD
|
||||||
|
|
|
@ -111,9 +111,3 @@ if [ "$(hiera enable_mistral)" = "true" ]; then
|
||||||
mistral workbook-create $workbook
|
mistral workbook-create $workbook
|
||||||
done
|
done
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# IP forwarding is needed to allow the overcloud nodes access to the outside
|
|
||||||
# internet in cases where they are on an isolated network.
|
|
||||||
sysctl -w net.ipv4.ip_forward=1
|
|
||||||
# Make it persistent
|
|
||||||
echo "net.ipv4.ip_forward=1" > /etc/sysctl.d/ip-forward.conf
|
|
||||||
|
|
Loading…
Reference in New Issue