Undercloud - masquerades the defaults 192.168.24.0/24 and 10.0.0.0/24 always.
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
tripleo |
Fix Released
|
High
|
Harald Jensås |
Bug Description
MasqueradeNetworks: parameter only container 172.20.x.x networks. But masquerading is still enabled for 10.0.0.0/24 and 192.168.24.0/24. The latter are the defaults in THT/environment
We should'nt always masquerade the defaults.
Chain POSTROUTING (policy ACCEPT 3006K packets, 180M bytes)
pkts bytes target prot opt in out source destination
0 0 RETURN all -- any any 10.0.0.0/24 10.0.0.0/24 state NEW,RELATED,
2985K 179M RETURN all -- any any 172.20.0.0/26 172.20.0.0/26 state NEW,RELATED,
0 0 RETURN all -- any any 172.20.0.128/26 172.20.0.0/26 state NEW,RELATED,
0 0 RETURN all -- any any 172.20.0.64/26 172.20.0.0/26 state NEW,RELATED,
0 0 RETURN all -- any any 192.168.24.0/24 192.168.24.0/24 state NEW,RELATED,
0 0 MASQUERADE all -- any any 10.0.0.0/24 anywhere state NEW,RELATED,
49 2860 MASQUERADE all -- any any 172.20.0.0/26 anywhere state NEW,RELATED,
0 0 MASQUERADE all -- any any 172.20.0.128/26 anywhere state NEW,RELATED,
0 0 MASQUERADE all -- any any 172.20.0.64/26 anywhere state NEW,RELATED,
0 0 MASQUERADE all -- any any 192.168.24.0/24 anywhere state NEW,RELATED,
(undercloud) [stack@leafs ~]$ cat tripleo-
parameter_defaults:
CertmongerCA: local
CloudName: 172.20.0.3
ContainerImag
- set:
ceph_image: daemon
ceph_
ceph_tag: v3.0.3-
name_prefix: centos-binary-
name_suffix: ''
namespace: docker.
neutron_
openshift
openshift
openshift
openshift
openshift
openshift
openshift
openshift
openshift
openshift
openshift
openshift
openshift
openshift
openshift
openshift
tag: current-tripleo
tag_from_label: rdo_version
ControlPlaneS
- ip_netmask: 172.20.0.64/26
next_hop: 172.20.0.62
- ip_netmask: 172.20.0.128/26
next_hop: 172.20.0.62
Debug: true
DeploymentUser: stack
DnsServers: 172.20.0.254
DockerInsecur
- 172.20.0.1:8787
- 172.20.0.2:8787
EnableValidat
IronicAutomat
IronicEnabled
- ilo-pxe
- pxe
IronicEnabled
- idrac
- ilo
- ipmi
- redfish
IronicEnabled
- fake
- idrac
- ilo
- ipmitool
- noop
- redfish
IronicEnabled
- fake
- idrac
- ilo
- ipmitool
- redfish
IronicEnabled
- idrac
- no-raid
IronicEnabled
- idrac
- ipmitool
- no-vendor
IronicIPXEEna
IronicInspect
IronicInspect
IronicInspect
IronicInspect
IronicInspect
IronicInspect
IronicInspect
- gateway: 172.20.0.62
ip_range: 172.20.
netmask: 255.255.255.192
tag: ctlplane-subnet
- gateway: 172.20.0.126
ip_range: 172.20.
netmask: 255.255.255.192
tag: leaf1
- gateway: 172.20.0.190
ip_range: 172.20.
netmask: 255.255.255.192
tag: leaf2
LocalContaine
MasqueradeNet
172.20.0.0/26:
- 172.20.0.0/26
- 172.20.0.64/26
- 172.20.0.128/26
172.
- 172.20.0.0/26
- 172.20.0.64/26
- 172.20.0.128/26
172.20.0.64/26:
- 172.20.0.0/26
- 172.20.0.64/26
- 172.20.0.128/26
NeutronDnsDomain: localdomain
NeutronPublic
NovaScheduler
NtpServer: 0.se.pool.ntp.org
SELinuxMode: enforcing
UndercloudCtl
UndercloudCtl
ctlplane-
DhcpRangeEnd: 172.20.0.19
DhcpRange
NetworkCidr: 172.20.0.0/26
NetworkGa
leaf1:
DhcpRangeEnd: 172.20.0.99
DhcpRange
NetworkCidr: 172.20.0.64/26
NetworkGa
leaf2:
DhcpRangeEnd: 172.20.0.159
DhcpRange
NetworkCidr: 172.20.0.128/26
NetworkGa
UndercloudEna
UndercloudHom
UndercloudLoc
UpgradeRemove
summary: |
- Undercloud - masquerades the defauls 192.168.24.0/24 and 10.0.0.0/24 + Undercloud - masquerades the defaults 192.168.24.0/24 and 10.0.0.0/24 always. |
Changed in tripleo: | |
milestone: | stein-1 → stein-2 |
Related fix proposed to branch: master /review. openstack. org/609830
Review: https:/