From 6f3e70313ec33d515cb47eea1a1b0da5e473b9aa Mon Sep 17 00:00:00 2001
From: Emilien Macchi <emilien@redhat.com>
Date: Mon, 2 Apr 2018 09:07:53 -0700
Subject: [PATCH] masquerade: stop using YAQL for iptables data
See https://bugs.launchpad.net/tripleo/+bug/1760211 but the YAQL + Heat
format hasn't helped us to build the data needed by Puppet to create
IPtables rules for masquerading.
We'll solve it in puppet-tripleo with native hash iterations, so for
that we just export MasqueradeNetworks to Hiera and we'll use this data
from the puppet module directly.
Depends-On: I8dda3c164de90954855979529de4f1100a858b45
Related-Bug: #1760211
Change-Id: I81379cf93f505fb65c1ad7e6a2adcc6942b04bc0
---
puppet/services/masquerade-networks.yaml | 27 +++---------------------
1 file changed, 3 insertions(+), 24 deletions(-)
diff --git a/puppet/services/masquerade-networks.yaml b/puppet/services/masquerade-networks.yaml
index f152374db3..2f748f8ca6 100644
--- a/puppet/services/masquerade-networks.yaml
+++ b/puppet/services/masquerade-networks.yaml
@@ -41,28 +41,7 @@ outputs:
value:
service_name: masquerade_networks
config_settings:
- tripleo.masquerade_networks.firewall_rules:
- repeat:
- for_each:
- NETWORK: {get_param: MasqueradeNetworks}
- INDEX:
- yaql:
- expression: range(len($.data)).select(str($))
- data: {get_param: MasqueradeNetworks}
- DESTINATIONS:
- yaql:
- expression: $.data.values().select(' - ' + $.join('\n - '))
- data: {get_param: MasqueradeNetworks}
- template: >
- '137 routed_network return_INDEX':
- table: 'nat'
- source: 'NETWORK'
- destination:
- DESTINATIONS
- jump: 'RETURN'
- '138 routed_network masquerade_INDEX':
- table: 'nat'
- source: 'NETWORK'
- jump: 'MASQUERADE'
- step_config: ''
+ masquerade_networks: {get_param: MasqueradeNetworks}
+ step_config: |
+ include tripleo::masquerade_networks
upgrade_tasks: []