summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPau Espin Pedrol <pespin@sysmocom.de>2019-11-26 14:07:01 +0100
committerpespin <pespin@sysmocom.de>2019-12-02 11:15:14 +0000
commit2d8903c363e4a8ed36ecd0929289cd5b9a05bdea (patch)
tree510b19c58f5e39637e42834a705856227d79a70e
parent13eaaa36443c7daacae09d11815243b318557ad0 (diff)
ansible: gsm-tester: Enable ip forwarding and masquerading on boot
Some nodes in the internal network, such as LimeNetMicro, will need Internet access to upgrade osmo-trx-lms from OBS repos. It also makes it easier to update manually other nodes inside the internal network. Change-Id: I2c89cf9cfcb55b3153e7be212c68ffa8db0f6927
-rw-r--r--ansible/roles/gsm-tester-network/README.md3
-rw-r--r--ansible/roles/gsm-tester-network/defaults/main.yml3
-rw-r--r--ansible/roles/gsm-tester-network/files/ogt-sysctl.conf1
-rw-r--r--ansible/roles/gsm-tester-network/tasks/main.yml12
-rw-r--r--ansible/roles/gsm-tester-network/templates/etc/iptables-ogt17
5 files changed, 34 insertions, 2 deletions
diff --git a/ansible/roles/gsm-tester-network/README.md b/ansible/roles/gsm-tester-network/README.md
index e324929..689a127 100644
--- a/ansible/roles/gsm-tester-network/README.md
+++ b/ansible/roles/gsm-tester-network/README.md
@@ -4,4 +4,5 @@ The network configuration is not set by default.
# variables
-- `bts_interface` (eth1): on which network interface the bts is configured.
+- `bts_interface` (enp2s0): on which network interface the bts is configured.
+- `gw_interface` (enp1s0): on which network interface the traffic is routed towards default gateway.
diff --git a/ansible/roles/gsm-tester-network/defaults/main.yml b/ansible/roles/gsm-tester-network/defaults/main.yml
index 3e506da..5bfdf63 100644
--- a/ansible/roles/gsm-tester-network/defaults/main.yml
+++ b/ansible/roles/gsm-tester-network/defaults/main.yml
@@ -1,3 +1,4 @@
---
-bts_interface: eth1
+bts_interface: enp2s0
+gw_interface: enp1s0
diff --git a/ansible/roles/gsm-tester-network/files/ogt-sysctl.conf b/ansible/roles/gsm-tester-network/files/ogt-sysctl.conf
new file mode 100644
index 0000000..119d730
--- /dev/null
+++ b/ansible/roles/gsm-tester-network/files/ogt-sysctl.conf
@@ -0,0 +1 @@
+net.ipv4.ip_forward=1
diff --git a/ansible/roles/gsm-tester-network/tasks/main.yml b/ansible/roles/gsm-tester-network/tasks/main.yml
index 210bf1e..b77fc0e 100644
--- a/ansible/roles/gsm-tester-network/tasks/main.yml
+++ b/ansible/roles/gsm-tester-network/tasks/main.yml
@@ -9,3 +9,15 @@
- name: start all network interface
command: ifup -a
when: gsm_tester_network_interface is changed
+
+- name: allow ip forwarding and masquerading traffic from internal network (iptables)
+ template:
+ src: etc/iptables-ogt
+ dest: /etc/network/if-up.d/iptables-ogt
+ mode: 0755
+
+- name: allow ip forwarding from internal network (sysctl)
+ copy:
+ src: ogt-sysctl.conf
+ dest: /etc/sysctl.d
+ notify: restart udev
diff --git a/ansible/roles/gsm-tester-network/templates/etc/iptables-ogt b/ansible/roles/gsm-tester-network/templates/etc/iptables-ogt
new file mode 100644
index 0000000..5a781c5
--- /dev/null
+++ b/ansible/roles/gsm-tester-network/templates/etc/iptables-ogt
@@ -0,0 +1,17 @@
+#!/bin/sh
+
+IPT="/sbin/iptables"
+
+if [ "$IFACE" = "{{ gw_interface }}" ]; then
+ # Apply masquerading if not yet applied:
+ if [ "x$($IPT -t nat -S | grep "\-A POSTROUTING -o {{ gw_interface }} -j MASQUERADE" -c)" = "x0" ]; then
+ $IPT -t nat -A POSTROUTING -o {{ gw_interface }} -j MASQUERADE
+ fi
+
+ # Allow IP forwarding if not yet enabled:
+ if [ "x$($IPT -t filter -S | grep "\-A FORWARD -j ACCEPT" -c)" = "x0" ]; then
+ $IPT -t filter -A FORWARD -j ACCEPT
+ fi
+
+ echo "osmo-gsm-tester iptables rules loaded."
+fi