WIP: some tweaks relating to getting NAT going on the head node.

cfe-lab · Oct 14, 2023 · 244e129 · 244e129
1 parent 018d1dc
commit 244e129
Show file tree

Hide file tree

Showing 5 changed files with 32 additions and 20 deletions.
diff --git a/cluster-setup/deployment/group_vars/all.yml b/cluster-setup/deployment/group_vars/all.yml
@@ -16,24 +16,26 @@ nfs_export_to_hosts: 192.168.64.0/255.255.255.0
 kive_db_host: 192.168.64.9
 kive_db_subnet: 192.168.64.0/24
 
-# DHCP configuration.
-dhcp_subnet: 192.168.1.0
-dhcp_netmask: 255.255.255.0
-dhcp_broadcast: 192.168.1.255
-dhcp_router: 192.168.1.1
-dhcp_range: [192.168.1.100, 192.168.1.200]
-dhcpd_interface: eth1
+# Internal network (i.e. the network that connects the head node and compute nodes)
+# configuration.
+internal_subnet: 192.168.1.0
+internal_netmask: 255.255.255.0
+internal_mask_bits: 24
+internal_broadcast: 192.168.1.255
+internal_dhcp_range: [192.168.1.100, 192.168.1.200]
+
+head_internal_interface: eth1
+head_internal_interface_mac: "52:54:00:b9:01:14"
+head_external_interface: eth0
+head_internal_address: 192.168.1.1
+head_internal_mask_bits: 24
+
 # This creates DHCP reservations for the compute nodes.
 compute_nodes:
   - name: worker
     ip: 192.168.1.2
     mac: "ab:cd:ef:01:23:45"
 
-# NAT settings for the compute nodes.
-nat_external_interface: eth0
-nat_internal_interface: eth1
-nat_internal_subnet: 192.168.1.0/24
-
 # The following are sensitive, and should be kept secret for a production system.
 kive_db_password: fixme-14mPdzu5vTOQG2DgtDG1inghQpMX0TBdUqEK6nVNHVo
 kive_server_secret_key: fixme-kpXk1iKLbHn6-T7zieLHgADFA8ZSh5itd8k_Sp932fM

diff --git a/cluster-setup/deployment/roles/head_node_networking/tasks/main.yml b/cluster-setup/deployment/roles/head_node_networking/tasks/main.yml
@@ -39,7 +39,7 @@
     block: |
        *nat
        :POSTROUTING ACCEPT [0:0]
-       -A POSTROUTING -s {{ nat_internal_subnet }} --protocol ! 41 -o {{ nat_external_interface }} -j MASQUERADE
+       -A POSTROUTING -s {{ internal_subnet }}/{{ internal_mask_bits }} -o {{ head_external_interface }} -j MASQUERADE
        COMMIT
 
 - name: restart ufw to allow the new rules to take effect

diff --git a/cluster-setup/deployment/roles/head_node_networking/templates/60-internal-interface.yaml.j2 b/cluster-setup/deployment/roles/head_node_networking/templates/60-internal-interface.yaml.j2
@@ -0,0 +1,10 @@
+network:
+    ethernets:
+        internal0:
+            dhcp4: false
+            addresses:
+              - "{{ head_internal_address }}/{{ head_internal_mask_bits }}"
+            match:
+                macaddress: "{{ head_internal_interface_mac }}"
+            set-name: {{ head_internal_interface }}
+    version: 2
diff --git a/cluster-setup/deployment/roles/head_node_networking/templates/dhcpd.conf.j2 b/cluster-setup/deployment/roles/head_node_networking/templates/dhcpd.conf.j2
@@ -4,15 +4,15 @@
 default-lease-time 600;
 max-lease-time 7200;
 
-subnet {{ dhcp_subnet }} netmask {{ dhcp_netmask }} {
-  range {{ dhcp_range[0] }} {{ dhcp_range [1] }};
-  option routers {{ dhcp_router }};
-  option broadcast-address {{ dhcp_broadcast }};
+subnet {{ internal_subnet }} netmask {{ internal_netmask }} {
+  range {{ internal_dhcp_range[0] }} {{ internal_dhcp_range [1] }};
+  option routers {{ head_internal_address }};
+  option broadcast-address {{ internal_broadcast }};
 }
 
 {% for node in compute_nodes %}
 host {{ node.name }} {
-  hardware ethernet {{ node.mac }}
-  fixed-address {{ node.ip }}
+  hardware ethernet {{ node.mac }};
+  fixed-address {{ node.ip }};
 }
 {% endfor %}
diff --git a/cluster-setup/deployment/roles/head_node_networking/templates/isc-dhcp-server.j2 b/cluster-setup/deployment/roles/head_node_networking/templates/isc-dhcp-server.j2
@@ -2,5 +2,5 @@
 # Changes to this file will not be persisted if the Ansible playbooks
 # used to set up this machine are rerun!
 
-INTERFACESv4="{{ dhcpd_interface }}"
+INTERFACESv4="{{ head_internal_interface }}"
 INTERFACESv6=""