undercloud masquerade_networks is now silently ignored
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
tripleo |
Fix Released
|
High
|
Harald Jensås |
Bug Description
The masquerade_networks option for undercloud.conf was deprecated some time ago:
https:/
However in the switch to containerized undercloud we lost that deprecation (and all support for interpreting the value), so anyone using the old undercloud.conf syntax will get surprised as the nat rules for nodes to access the external network will be missing when using the containerized undercloud.
https:/
[stack@undercloud ~]$ grep -R Masquerade ./*
./tripleo-
[stack@undercloud ~]$ cat undercloud.conf | grep masquerade
# Network that will be masqueraded for external access, if required.
masquerade_network = 192.168.24.0/24
[stack@undercloud ~]$ sudo hiera -c /etc/puppet/
nil
Related to this, we're using the old format in quickstart, so by default now the masquerade rules are missing, so overcloud nodes can't reach the external network anymore:
This has now become a hard failure though, since we landed this:
https:/
Which means a default quickstart setup will fail to deploy when doing the ntpdate sync:
TASK [Ensure system is NTP time synced] *******
Monday 24 September 2018 08:41:10 +0000 (0:00:00.104) 0:04:45.759 ******
skipping: [overcloud-
fatal: [overcloud-
Having discussed with hjensas on IRC, I think we need two fixes:
1. Some pre-flight validation so that the old/deprecated masquerade_networks option fails with a helpful message to show the new syntax
2. Rebase the quickstart undercloud.conf template to reflect the new/supported syntax
Having this covered in CI would be good too, since it seems we somehow don't fail in any of the CI jobs despite the now-bad quickstart generated undercloud.conf?
Changed in tripleo: | |
status: | New → Triaged |
importance: | Undecided → High |
milestone: | none → stein-2 |
tags: | added: quickstart undercloud |
Related fix proposed to branch: master /review. openstack. org/604922
Review: https:/