From e10b52c588a6bbfe2dfe01d903e6080b3d50d693 Mon Sep 17 00:00:00 2001 From: Maksim Malchuk Date: Sun, 5 Dec 2021 02:01:07 +0300 Subject: [PATCH] Allow enable SNAT service on the seed hypervisor Adds an ability to enable SNAT service on the seed hypervisor. Depends-On: Ie42ab7a0dc9dd1ed1925b3a17134b3770ae8ba98 Change-Id: I0a2ff5caa01d54b1532d30d501b55ef23a6deff8 Signed-off-by: Maksim Malchuk --- ansible/group_vars/all/seed-hypervisor | 3 +++ ansible/group_vars/seed-hypervisor/snat | 3 +++ ansible/group_vars/seed/snat | 3 +++ ansible/ip-routing.yml | 4 ++-- ansible/snat.yml | 4 ++-- doc/source/configuration/reference/hosts.rst | 5 +++++ etc/kayobe/seed-hypervisor.yml | 3 +++ kayobe/cli/commands.py | 3 ++- kayobe/tests/unit/cli/test_commands.py | 2 ++ .../notes/seed-hypervisor-snat-3f4844bd1156bce9.yaml | 5 +++++ 10 files changed, 30 insertions(+), 5 deletions(-) create mode 100644 ansible/group_vars/seed-hypervisor/snat create mode 100644 ansible/group_vars/seed/snat create mode 100644 releasenotes/notes/seed-hypervisor-snat-3f4844bd1156bce9.yaml diff --git a/ansible/group_vars/all/seed-hypervisor b/ansible/group_vars/all/seed-hypervisor index 1c1662f32..dc3c652fa 100644 --- a/ansible/group_vars/all/seed-hypervisor +++ b/ansible/group_vars/all/seed-hypervisor @@ -20,6 +20,9 @@ seed_hypervisor_default_network_interfaces: "{{ seed_default_network_interfaces # List of extra networks to which seed hypervisor nodes are attached. seed_hypervisor_extra_network_interfaces: "{{ seed_extra_network_interfaces }}" +# Whether to enable SNAT on seed hypervisor node. Default is false. +seed_hypervisor_enable_snat: false + ############################################################################### # Seed hypervisor node software RAID configuration. diff --git a/ansible/group_vars/seed-hypervisor/snat b/ansible/group_vars/seed-hypervisor/snat new file mode 100644 index 000000000..1e5368b2c --- /dev/null +++ b/ansible/group_vars/seed-hypervisor/snat @@ -0,0 +1,3 @@ +--- +# Whether to enable SNAT on seed hypervisor node. +enable_snat: "{{ seed_hypervisor_enable_snat }}" diff --git a/ansible/group_vars/seed/snat b/ansible/group_vars/seed/snat new file mode 100644 index 000000000..179bbf97e --- /dev/null +++ b/ansible/group_vars/seed/snat @@ -0,0 +1,3 @@ +--- +# Whether to enable SNAT on seed node. +enable_snat: "{{ seed_enable_snat }}" diff --git a/ansible/ip-routing.yml b/ansible/ip-routing.yml index 6d643187d..452914cc5 100644 --- a/ansible/ip-routing.yml +++ b/ansible/ip-routing.yml @@ -2,9 +2,9 @@ # Enable IP routing in the kernel. - name: Ensure IP routing is enabled - hosts: seed + hosts: seed-hypervisor:seed tags: - ip-routing roles: - role: ip-routing - when: seed_enable_snat | bool + when: enable_snat | bool diff --git a/ansible/snat.yml b/ansible/snat.yml index 23cdd0c22..11d04a3ee 100644 --- a/ansible/snat.yml +++ b/ansible/snat.yml @@ -2,7 +2,7 @@ # Enable SNAT using iptables. - name: Ensure SNAT is configured - hosts: seed + hosts: seed-hypervisor:seed tags: - snat vars: @@ -11,4 +11,4 @@ source_ip: "{{ ansible_facts.default_ipv4.address }}" roles: - role: snat - when: seed_enable_snat | bool + when: enable_snat | bool diff --git a/doc/source/configuration/reference/hosts.rst b/doc/source/configuration/reference/hosts.rst index 9f42e12c9..e0844fee7 100644 --- a/doc/source/configuration/reference/hosts.rst +++ b/doc/source/configuration/reference/hosts.rst @@ -507,6 +507,11 @@ allows it to be used as a default gateway for overcloud hosts. This is disabled by default since the Xena 11.0.0 release, and may be enabled by setting ``seed_enable_snat`` to ``true`` in ``${KAYOBE_CONFIG_PATH}/seed.yml``. +The seed-hypervisor host also can be configured the same way to be used as a +default gateway. This is disabled by default too, and may be enabled by setting +``seed_hypervisor_enable_snat`` to ``true`` +in ``${KAYOBE_CONFIG_PATH}/seed-hypervisor.yml``. + Disable cloud-init ================== *tags:* diff --git a/etc/kayobe/seed-hypervisor.yml b/etc/kayobe/seed-hypervisor.yml index 26cfbe594..ac72fcd3d 100644 --- a/etc/kayobe/seed-hypervisor.yml +++ b/etc/kayobe/seed-hypervisor.yml @@ -18,6 +18,9 @@ # List of extra networks to which seed hypervisor nodes are attached. #seed_hypervisor_extra_network_interfaces: +# Whether to enable SNAT on seed hypervisor node. Default is false. +#seed_hypervisor_enable_snat: + ############################################################################### # Seed hypervisor node software RAID configuration. diff --git a/kayobe/cli/commands.py b/kayobe/cli/commands.py index b992bc6e3..de4e3aecf 100644 --- a/kayobe/cli/commands.py +++ b/kayobe/cli/commands.py @@ -448,7 +448,8 @@ class SeedHypervisorHostConfigure(KollaAnsibleMixin, KayobeAnsibleMixin, playbooks += _build_playbook_list("wipe-disks") playbooks += _build_playbook_list( "users", "dev-tools", "network", "firewall", "tuned", "sysctl", - "time", "mdadm", "luks", "lvm", "seed-hypervisor-libvirt-host") + "ip-routing", "snat", "time", "mdadm", "luks", "lvm", + "seed-hypervisor-libvirt-host") self.run_kayobe_playbooks(parsed_args, playbooks, limit="seed-hypervisor") diff --git a/kayobe/tests/unit/cli/test_commands.py b/kayobe/tests/unit/cli/test_commands.py index 73bb7656a..cf0b53d28 100644 --- a/kayobe/tests/unit/cli/test_commands.py +++ b/kayobe/tests/unit/cli/test_commands.py @@ -330,6 +330,8 @@ class TestCase(unittest.TestCase): utils.get_data_files_path("ansible", "firewall.yml"), utils.get_data_files_path("ansible", "tuned.yml"), utils.get_data_files_path("ansible", "sysctl.yml"), + utils.get_data_files_path("ansible", "ip-routing.yml"), + utils.get_data_files_path("ansible", "snat.yml"), utils.get_data_files_path("ansible", "time.yml"), utils.get_data_files_path("ansible", "mdadm.yml"), utils.get_data_files_path("ansible", "luks.yml"), diff --git a/releasenotes/notes/seed-hypervisor-snat-3f4844bd1156bce9.yaml b/releasenotes/notes/seed-hypervisor-snat-3f4844bd1156bce9.yaml new file mode 100644 index 000000000..4b3c6452b --- /dev/null +++ b/releasenotes/notes/seed-hypervisor-snat-3f4844bd1156bce9.yaml @@ -0,0 +1,5 @@ +--- +features: + - | + Adds a new variable ``seed_hypervisor_enable_snat`` that allows users to + enable SNAT service on the seed hypervisor. The default value is ``false``.