Merge "Add nat rules for floating networks"

commit: ddefa085c5ec0ec44d33a094182311c3a01c3927 [log] [tgz]
author: Vasyl Saienko <vsaienko@mirantis.com> Thu May 21 07:34:01 2020 +0000
committer: Gerrit Code Review <mail@domain.com> Thu May 21 07:34:01 2020 +0000
tree: 8b7bb907911cd0fc9f674eeae322fc21f2dc060f
parent: 6ee4a9cd2947712b5ac8d5e9bd73a9722a283d2d [diff]
parent: 02df39aa112aff966ce1dff3a0c3a68cd897c54c [diff]
diff --git a/de/heat-templates/scripts/instance_boot.sh b/de/heat-templates/scripts/instance_boot.sh
index 82ef911..24b4dad 100644
--- a/de/heat-templates/scripts/instance_boot.sh
+++ b/de/heat-templates/scripts/instance_boot.sh

@@ -59,6 +59,7 @@
 UCP_MASTER_HOST=${UCP_MASTER_HOST:-${CONTROL_IP_ADDRESS}}
 UCP_IP_ADDRESS=${UCP_IP_ADDRESS:-$CONTROL_IP_ADDRESS}
 NTP_SERVERS=${NTP_SERVERS:-"ldap.scc.mirantis.net ldap.bud.mirantis.net"}
+DEFAULT_INTERFACE=$(ip route show default | awk '{print $5}')
 
 
 function retry {
@@ -295,6 +296,21 @@
 -A DOCKER-USER -j RETURN
 COMMIT
 EOF
+
+#Allow access to Internet from VMs for virtualized environment.
+cat << EOF >> /etc/iptables/rules.v4
+*nat
+:POSTROUTING ACCEPT - [0:0]
+EOF
+    for net in $FLOATING_NETWORK_PREFIXES; do
+cat << EOF >> /etc/iptables/rules.v4
+-A POSTROUTING -s ${net} -o ${DEFAULT_INTERFACE} -j MASQUERADE
+EOF
+    done
+
+cat << EOF >> /etc/iptables/rules.v4
+COMMIT
+EOF
     sudo netfilter-persistent reload
 }
commit	ddefa085c5ec0ec44d33a094182311c3a01c3927	[log] [tgz]
author	Vasyl Saienko <vsaienko@mirantis.com>	Thu May 21 07:34:01 2020 +0000
committer	Gerrit Code Review <mail@domain.com>	Thu May 21 07:34:01 2020 +0000
tree	8b7bb907911cd0fc9f674eeae322fc21f2dc060f
parent	6ee4a9cd2947712b5ac8d5e9bd73a9722a283d2d [diff]
parent	02df39aa112aff966ce1dff3a0c3a68cd897c54c [diff]