tripleo

masquerading rules format isn't correct for hiera

Bug #1760211 reported by Emilien Macchi
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
tripleo
Fix Released
Medium
Emilien Macchi
tripleo rocky-1

Bug Description

When configuring Masquerading rules with the new service in THT https://github.com/openstack/tripleo-heat-templates/blob/master/puppet/services/masquerade-networks.yaml

The generated hieradata isn't good:

tripleo.masquerade_networks.firewall_rules:
- "'137 routed_network return_0':\n table: 'nat'\n source: '192.168.24.0/24'\n \
\ destination:\n - 192.168.24.0/24\n jump: 'RETURN'\n'138 routed_network masquerade_0':\n\
\ table: 'nat'\n source: '192.168.24.0/24'\n jump: 'MASQUERADE'\n"

I should be something an hash like:

tripleo.masquerade_networks.firewall_rules:
  '137 routed_network return_0':
    table: 'nat'
    source: '192.168.24.0/24'
    destination:
      - 192.168.24.0/24
    jump: 'RETURN'
  '138 routed_network masquerade_0':
    table: 'nat'
    source: '192.168.24.0/24'
    jump: 'MASQUERADE'

Logs:
https://logs.rdoproject.org/72/557972/3/openstack-check/gate-tripleo-ci-centos-7-ovb-3ctlr_1comp-featureset001-master/Zd136a14ca48047be87c75fb408366aae/undercloud/home/jenkins/undercloud_install.log.txt.gz#_2018-03-30_19_54_04
https://logs.rdoproject.org/72/557972/3/openstack-check/gate-tripleo-ci-centos-7-ovb-3ctlr_1comp-featureset001-master/Zd136a14ca48047be87c75fb408366aae/undercloud/home/jenkins/tripleo-dBylha-config/Undercloud/merged_config_settings.yaml.txt.gz

See original description
Emilien Macchi (emilienm)
description: updated
description: updated
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to tripleo-heat-templates (master)

Fix proposed to branch: master
Review: https://review.openstack.org/558000

Changed in tripleo:
assignee: nobody → Harald Jensås (harald-jensas)
status: Triaged → In Progress
Revision history for this message
Harald Jensås (harald-jensas) wrote :
Download full text (17.8 KiB)

The generated data get's worse when we pass a more data ...

  MasqueradeNetworks:
    172.20.0.128/26:
    - 172.20.0.192/26
    - 172.20.0.64/26
    - 172.20.0.128/26
    172.20.0.192/26:
    - 172.20.0.192/26
    - 172.20.0.64/26
    - 172.20.0.128/26
    172.20.0.64/26:
    - 172.20.0.192/26
    - 172.20.0.64/26
    - 172.20.0.128/26

    "tripleo.masquerade_networks.firewall_rules": [
        "'137 routed_network return_0':\n table: 'nat'\n source: '172.20.0.192/26'\n destination:\n - 172.20.0.192/26\n - 172.20.0.64/26\n - 172.20.0.128/26\n jump: 'RETURN'\n'138 routed_network masquerade_0':\n table: 'nat'\n source: '172.20.0.192/26'\n jump: 'MASQUERADE'\n",
        "'137 routed_network return_0':\n table: 'nat'\n source: '172.20.0.192/26'\n destination:\n - 172.20.0.192/26\n - 172.20.0.64/26\n - 172.20.0.128/26\n jump: 'RETURN'\n'138 routed_network masquerade_0':\n table: 'nat'\n source: '172.20.0.192/26'\n jump: 'MASQUERADE'\n",
        "'137 routed_network return_0':\n table: 'nat'\n source: '172.20.0.192/26'\n destination:\n - 192.168.24.0/24\n jump: 'RETURN'\n'138 routed_network masquerade_0':\n table: 'nat'\n source: '172.20.0.192/26'\n jump: 'MASQUERADE'\n",
        "'137 routed_network return_0':\n table: 'nat'\n source: '172.20.0.192/26'\n destination:\n - 172.20.0.192/26\n - 172.20.0.64/26\n - 172.20.0.128/26\n jump: 'RETURN'\n'138 routed_network masquerade_0':\n table: 'nat'\n source: '172.20.0.192/26'\n jump: 'MASQUERADE'\n",
        "'137 routed_network return_0':\n table: 'nat'\n source: '172.20.0.128/26'\n destination:\n - 172.20.0.192/26\n - 172.20.0.64/26\n - 172.20.0.128/26\n jump: 'RETURN'\n'138 routed_network masquerade_0':\n table: 'nat'\n source: '172.20.0.128/26'\n jump: 'MASQUERADE'\n",
        "'137 routed_network return_0':\n table: 'nat'\n source: '172.20.0.128/26'\n destination:\n - 172.20.0.192/26\n - 172.20.0.64/26\n - 172.20.0.128/26\n jump: 'RETURN'\n'138 routed_network masquerade_0':\n table: 'nat'\n source: '172.20.0.128/26'\n jump: 'MASQUERADE'\n",
        "'137 routed_network return_0':\n table: 'nat'\n source: '172.20.0.128/26'\n destination:\n - 192.168.24.0/24\n jump: 'RETURN'\n'138 routed_network masquerade_0':\n table: 'nat'\n source: '172.20.0.128/26'\n jump: 'MASQUERADE'\n",
        "'137 routed_network return_0':\n table: 'nat'\n source: '172.20.0.128/26'\n destination:\n - 172.20.0.192/26\n - 172.20.0.64/26\n - 172.20.0.128/26\n jump: 'RETURN'\n'138 routed_network masquerade_0':\n table: 'nat'\n source: '172.20.0.128/26'\n jump: 'MASQUERADE'\n",
        "'137 routed_network return_0':\n table: 'nat'\n source: '192.168.24.0/24'\n destination:\n - 172.20.0.192/26\n - 172.20.0.64/26\n - 172.20.0.128/26\n jump: 'RETURN'\n'138 routed_network masquerade_0':\n table: 'nat'\n source: '192.168.24.0/24'\n jump: 'MASQUERADE'\n",
        "'137 routed_network return_0':\n table: 'nat'\n source: '192.168.24.0/24'\n destination:\n - 172.20.0.192/26\n - 172.20.0.64/26\n - 172.20.0.128/26\n jump: 'RETURN'\n'138 routed_network masquerade_0':\n table: 'nat'\n source: '192.168.24.0/24'\n jump: 'MASQUERADE...

Harald Jensås (harald-jensas)
Changed in tripleo:
assignee: Harald Jensås (harald-jensas) → nobody
status: In Progress → Triaged
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on tripleo-heat-templates (master)

Change abandoned by Harald Jensås (<email address hidden>) on branch: master
Review: https://review.openstack.org/558000

Emilien Macchi (emilienm)
Changed in tripleo:
assignee: nobody → Emilien Macchi (emilienm)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix proposed to puppet-tripleo (master)

Related fix proposed to branch: master
Review: https://review.openstack.org/558235

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix proposed to tripleo-heat-templates (master)

Related fix proposed to branch: master
Review: https://review.openstack.org/558236

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix merged to puppet-tripleo (master)

Reviewed: https://review.openstack.org/558235
Committed: https://git.openstack.org/cgit/openstack/puppet-tripleo/commit/?id=03402f207baa0a061f9c230a4d7c83eaf7a73be2
Submitter: Zuul
Branch: master

commit 03402f207baa0a061f9c230a4d7c83eaf7a73be2
Author: Emilien Macchi <email address hidden>
Date: Mon Apr 2 09:15:59 2018 -0700

    Implement tripleo::masquerade_networks

    It'll be used in the OS::TripleO::Services::MasqueradeNetworks service
    to configure masquerade IPtables rules when needed for PoC or CI
    environments.

    Change-Id: I8dda3c164de90954855979529de4f1100a858b45
    Related-Bug: #1760211

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix merged to tripleo-heat-templates (master)

Reviewed: https://review.openstack.org/558236
Committed: https://git.openstack.org/cgit/openstack/tripleo-heat-templates/commit/?id=6f3e70313ec33d515cb47eea1a1b0da5e473b9aa
Submitter: Zuul
Branch: master

commit 6f3e70313ec33d515cb47eea1a1b0da5e473b9aa
Author: Emilien Macchi <email address hidden>
Date: Mon Apr 2 09:07:53 2018 -0700

    masquerade: stop using YAQL for iptables data

    See https://bugs.launchpad.net/tripleo/+bug/1760211 but the YAQL + Heat
    format hasn't helped us to build the data needed by Puppet to create
    IPtables rules for masquerading.

    We'll solve it in puppet-tripleo with native hash iterations, so for
    that we just export MasqueradeNetworks to Hiera and we'll use this data
    from the puppet module directly.

    Depends-On: I8dda3c164de90954855979529de4f1100a858b45

    Related-Bug: #1760211
    Change-Id: I81379cf93f505fb65c1ad7e6a2adcc6942b04bc0

Emilien Macchi (emilienm)
Changed in tripleo:
status: Triaged → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.