Allow enable SNAT service on the seed hypervisor

Adds an ability to enable SNAT service on the seed hypervisor.

Depends-On: Ie42ab7a0dc9dd1ed1925b3a17134b3770ae8ba98
Change-Id: I0a2ff5caa01d54b1532d30d501b55ef23a6deff8
Signed-off-by: Maksim Malchuk <maksim.malchuk@gmail.com>

ansible/group_vars/all/seed-hypervisor

@@ -20,6 +20,9 @@ seed_hypervisor_default_network_interfaces: "{{ seed_default_network_interfaces
 # List of extra networks to which seed hypervisor nodes are attached.
 seed_hypervisor_extra_network_interfaces: "{{ seed_extra_network_interfaces }}"
 
+# Whether to enable SNAT on seed hypervisor node. Default is false.
+seed_hypervisor_enable_snat: false
+
 ###############################################################################
 # Seed hypervisor node software RAID configuration.
 

ansible/group_vars/seed-hypervisor/snat

@@ -0,0 +1,3 @@
+---
+# Whether to enable SNAT on seed hypervisor node.
+enable_snat: "{{ seed_hypervisor_enable_snat }}"

ansible/group_vars/seed/snat

@@ -0,0 +1,3 @@
+---
+# Whether to enable SNAT on seed node.
+enable_snat: "{{ seed_enable_snat }}"

ansible/ip-routing.yml

@@ -2,9 +2,9 @@
 # Enable IP routing in the kernel.
 
 - name: Ensure IP routing is enabled
-  hosts: seed
+  hosts: seed-hypervisor:seed
   tags:
     - ip-routing
   roles:
     - role: ip-routing
-      when: seed_enable_snat | bool
+      when: enable_snat | bool

ansible/snat.yml

@@ -2,7 +2,7 @@
 # Enable SNAT using iptables.
 
 - name: Ensure SNAT is configured
-  hosts: seed
+  hosts: seed-hypervisor:seed
   tags:
     - snat
   vars:
@@ -11,4 +11,4 @@
         source_ip: "{{ ansible_facts.default_ipv4.address }}"
   roles:
     - role: snat
-      when: seed_enable_snat | bool
+      when: enable_snat | bool

doc/source/configuration/reference/hosts.rst

@@ -507,6 +507,11 @@ allows it to be used as a default gateway for overcloud hosts. This is disabled
 by default since the Xena 11.0.0 release, and may be enabled by setting
 ``seed_enable_snat`` to ``true`` in ``${KAYOBE_CONFIG_PATH}/seed.yml``.
 
+The seed-hypervisor host also can be configured the same way to be used as a
+default gateway. This is disabled by default too, and may be enabled by setting
+``seed_hypervisor_enable_snat`` to ``true``
+in ``${KAYOBE_CONFIG_PATH}/seed-hypervisor.yml``.
+
 Disable cloud-init
 ==================
 *tags:*

etc/kayobe/seed-hypervisor.yml

@@ -18,6 +18,9 @@
 # List of extra networks to which seed hypervisor nodes are attached.
 #seed_hypervisor_extra_network_interfaces:
 
+# Whether to enable SNAT on seed hypervisor node. Default is false.
+#seed_hypervisor_enable_snat:
+
 ###############################################################################
 # Seed hypervisor node software RAID configuration.
 

kayobe/cli/commands.py

@@ -448,7 +448,8 @@ class SeedHypervisorHostConfigure(KollaAnsibleMixin, KayobeAnsibleMixin,
             playbooks += _build_playbook_list("wipe-disks")
         playbooks += _build_playbook_list(
             "users", "dev-tools", "network", "firewall", "tuned", "sysctl",
-            "time", "mdadm", "luks", "lvm", "seed-hypervisor-libvirt-host")
+            "ip-routing", "snat", "time", "mdadm", "luks", "lvm",
+            "seed-hypervisor-libvirt-host")
         self.run_kayobe_playbooks(parsed_args, playbooks,
                                   limit="seed-hypervisor")
 

kayobe/tests/unit/cli/test_commands.py

@@ -330,6 +330,8 @@ class TestCase(unittest.TestCase):
                     utils.get_data_files_path("ansible", "firewall.yml"),
                     utils.get_data_files_path("ansible", "tuned.yml"),
                     utils.get_data_files_path("ansible", "sysctl.yml"),
+                    utils.get_data_files_path("ansible", "ip-routing.yml"),
+                    utils.get_data_files_path("ansible", "snat.yml"),
                     utils.get_data_files_path("ansible", "time.yml"),
                     utils.get_data_files_path("ansible", "mdadm.yml"),
                     utils.get_data_files_path("ansible", "luks.yml"),

releasenotes/notes/seed-hypervisor-snat-3f4844bd1156bce9.yaml

@@ -0,0 +1,5 @@
+---
+features:
+  - |
+    Adds a new variable ``seed_hypervisor_enable_snat`` that allows users to
+    enable SNAT service on the seed hypervisor. The default value is ``false``.