From a10322497f3e122a0fbd22f171dba88d131b1ae4 Mon Sep 17 00:00:00 2001 From: Pawel Wieczorek Date: Fri, 30 Apr 2021 07:43:07 +0200 Subject: Set up network for in-cluster deployment stage This patch adds new network traffic exceptions to the infrastructure setup step. This change has to be done during the infrastructure setup step because OpenStack client is not available from within the cluster. Issue-ID: INT-1601 Change-Id: I5adbce6197d8de6ab2bf7f54c73d6003442674da Signed-off-by: Pawel Wieczorek --- .../ansible/roles/create_bastion/tasks/main.yml | 35 ++++++++++++++++++++++ 1 file changed, 35 insertions(+) create mode 100644 deployment/noheat/cluster-rke/ansible/roles/create_bastion/tasks/main.yml (limited to 'deployment/noheat/cluster-rke/ansible/roles/create_bastion') diff --git a/deployment/noheat/cluster-rke/ansible/roles/create_bastion/tasks/main.yml b/deployment/noheat/cluster-rke/ansible/roles/create_bastion/tasks/main.yml new file mode 100644 index 000000000..8189968c4 --- /dev/null +++ b/deployment/noheat/cluster-rke/ansible/roles/create_bastion/tasks/main.yml @@ -0,0 +1,35 @@ +- name: Add cluster hostnames to /etc/hosts file + lineinfile: + path: /etc/hosts + line: "{{ ansible_default_ipv4.address + ' ' + ansible_hostname }}" + +- name: Enable IP forwarding + ansible.posix.sysctl: + name: net.ipv4.ip_forward + value: '1' + sysctl_set: yes + +- name: Create PREROUTING rule + ansible.builtin.iptables: + table: nat + chain: PREROUTING + protocol: tcp + destination_port: "{{ destination.port }}" + jump: DNAT + to_destination: "{{ destination.address }}:{{ destination.port }}" + +- name: Create OUTPUT rule + ansible.builtin.iptables: + table: nat + chain: OUTPUT + protocol: tcp + destination: "{{ ansible_default_ipv4.address }}" + destination_port: "{{ destination.port }}" + jump: DNAT + to_destination: "{{ destination.address }}" + +- name: Enable masquerading + ansible.builtin.iptables: + table: nat + chain: POSTROUTING + jump: MASQUERADE -- cgit 1.2.3-korg